0N/A/*
661N/A * reserved comment block
661N/A * DO NOT REMOVE OR ALTER!
0N/A */
0N/A/*
661N/A * Copyright 2005 The Apache Software Foundation.
661N/A *
661N/A * Licensed under the Apache License, Version 2.0 (the "License");
661N/A * you may not use this file except in compliance with the License.
661N/A * You may obtain a copy of the License at
661N/A *
661N/A * http://www.apache.org/licenses/LICENSE-2.0
661N/A *
661N/A * Unless required by applicable law or agreed to in writing, software
661N/A * distributed under the License is distributed on an "AS IS" BASIS,
661N/A * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
661N/A * See the License for the specific language governing permissions and
661N/A * limitations under the License.
661N/A *
661N/A */
661N/A/*
2362N/A * Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved.
661N/A */
661N/A/*
661N/A * $Id: DOMX509Data.java,v 1.2 2008/07/24 15:20:32 mullan Exp $
0N/A */
0N/Apackage org.jcp.xml.dsig.internal.dom;
0N/A
0N/Aimport java.io.ByteArrayInputStream;
0N/Aimport java.security.cert.*;
0N/Aimport java.util.*;
0N/Aimport javax.xml.crypto.*;
0N/Aimport javax.xml.crypto.dom.DOMCryptoContext;
0N/Aimport javax.xml.crypto.dsig.*;
0N/Aimport javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
0N/Aimport javax.xml.crypto.dsig.keyinfo.X509Data;
0N/Aimport javax.security.auth.x500.X500Principal;
0N/Aimport org.w3c.dom.Document;
0N/Aimport org.w3c.dom.Element;
0N/Aimport org.w3c.dom.Node;
0N/Aimport org.w3c.dom.NodeList;
0N/A
0N/Aimport com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
0N/Aimport com.sun.org.apache.xml.internal.security.utils.Base64;
0N/A
0N/A/**
0N/A * DOM-based implementation of X509Data.
0N/A *
0N/A * @author Sean Mullan
0N/A */
0N/A//@@@ check for illegal combinations of data violating MUSTs in W3c spec
0N/Apublic final class DOMX509Data extends DOMStructure implements X509Data {
0N/A
0N/A private final List content;
661N/A private CertificateFactory cf;
0N/A
0N/A /**
0N/A * Creates a DOMX509Data.
0N/A *
0N/A * @param content a list of one or more X.509 data types. Valid types are
0N/A * {@link String} (subject names), <code>byte[]</code> (subject key ids),
0N/A * {@link java.security.cert.X509Certificate}, {@link X509CRL},
0N/A * or {@link javax.xml.dsig.XMLStructure} ({@link X509IssuerSerial}
0N/A * objects or elements from an external namespace). The list is
0N/A * defensively copied to protect against subsequent modification.
0N/A * @return a <code>X509Data</code>
0N/A * @throws NullPointerException if <code>content</code> is <code>null</code>
0N/A * @throws IllegalArgumentException if <code>content</code> is empty
0N/A * @throws ClassCastException if <code>content</code> contains any entries
0N/A * that are not of one of the valid types mentioned above
0N/A */
0N/A public DOMX509Data(List content) {
0N/A if (content == null) {
0N/A throw new NullPointerException("content cannot be null");
0N/A }
0N/A List contentCopy = new ArrayList(content);
0N/A if (contentCopy.isEmpty()) {
0N/A throw new IllegalArgumentException("content cannot be empty");
0N/A }
0N/A for (int i = 0, size = contentCopy.size(); i < size; i++) {
0N/A Object x509Type = contentCopy.get(i);
0N/A if (x509Type instanceof String) {
0N/A new X500Principal((String) x509Type);
0N/A } else if (!(x509Type instanceof byte[]) &&
0N/A !(x509Type instanceof X509Certificate) &&
0N/A !(x509Type instanceof X509CRL) &&
0N/A !(x509Type instanceof XMLStructure)) {
0N/A throw new ClassCastException
0N/A ("content["+i+"] is not a valid X509Data type");
0N/A }
0N/A }
0N/A this.content = Collections.unmodifiableList(contentCopy);
0N/A }
0N/A
0N/A /**
0N/A * Creates a <code>DOMX509Data</code> from an element.
0N/A *
0N/A * @param xdElem an X509Data element
0N/A * @throws MarshalException if there is an error while unmarshalling
0N/A */
0N/A public DOMX509Data(Element xdElem) throws MarshalException {
0N/A // get all children nodes
0N/A NodeList nl = xdElem.getChildNodes();
0N/A int length = nl.getLength();
0N/A List content = new ArrayList(length);
0N/A for (int i = 0; i < length; i++) {
0N/A Node child = nl.item(i);
0N/A // ignore all non-Element nodes
0N/A if (child.getNodeType() != Node.ELEMENT_NODE) {
0N/A continue;
0N/A }
0N/A
0N/A Element childElem = (Element) child;
0N/A String localName = childElem.getLocalName();
0N/A if (localName.equals("X509Certificate")) {
0N/A content.add(unmarshalX509Certificate(childElem));
0N/A } else if (localName.equals("X509IssuerSerial")) {
0N/A content.add(new DOMX509IssuerSerial(childElem));
0N/A } else if (localName.equals("X509SubjectName")) {
0N/A content.add(childElem.getFirstChild().getNodeValue());
0N/A } else if (localName.equals("X509SKI")) {
0N/A try {
0N/A content.add(Base64.decode(childElem));
0N/A } catch (Base64DecodingException bde) {
0N/A throw new MarshalException("cannot decode X509SKI", bde);
0N/A }
0N/A } else if (localName.equals("X509CRL")) {
0N/A content.add(unmarshalX509CRL(childElem));
0N/A } else {
0N/A content.add(new javax.xml.crypto.dom.DOMStructure(childElem));
0N/A }
0N/A }
0N/A this.content = Collections.unmodifiableList(content);
0N/A }
0N/A
0N/A public List getContent() {
0N/A return content;
0N/A }
0N/A
0N/A public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
0N/A throws MarshalException {
0N/A Document ownerDoc = DOMUtils.getOwnerDocument(parent);
0N/A
0N/A Element xdElem = DOMUtils.createElement
0N/A (ownerDoc, "X509Data", XMLSignature.XMLNS, dsPrefix);
0N/A
0N/A // append children and preserve order
0N/A for (int i = 0, size = content.size(); i < size; i++) {
0N/A Object object = content.get(i);
0N/A if (object instanceof X509Certificate) {
0N/A marshalCert((X509Certificate) object,xdElem,ownerDoc,dsPrefix);
0N/A } else if (object instanceof XMLStructure) {
0N/A if (object instanceof X509IssuerSerial) {
0N/A ((DOMX509IssuerSerial) object).marshal
0N/A (xdElem, dsPrefix, context);
0N/A } else {
0N/A javax.xml.crypto.dom.DOMStructure domContent =
0N/A (javax.xml.crypto.dom.DOMStructure) object;
0N/A DOMUtils.appendChild(xdElem, domContent.getNode());
0N/A }
0N/A } else if (object instanceof byte[]) {
0N/A marshalSKI((byte[]) object, xdElem, ownerDoc, dsPrefix);
0N/A } else if (object instanceof String) {
0N/A marshalSubjectName((String) object, xdElem, ownerDoc,dsPrefix);
0N/A } else if (object instanceof X509CRL) {
0N/A marshalCRL((X509CRL) object, xdElem, ownerDoc, dsPrefix);
0N/A }
0N/A }
0N/A
0N/A parent.appendChild(xdElem);
0N/A }
0N/A
0N/A private void marshalSKI(byte[] skid, Node parent, Document doc,
0N/A String dsPrefix) {
0N/A
0N/A Element skidElem = DOMUtils.createElement
0N/A (doc, "X509SKI", XMLSignature.XMLNS, dsPrefix);
0N/A skidElem.appendChild(doc.createTextNode(Base64.encode(skid)));
0N/A parent.appendChild(skidElem);
0N/A }
0N/A
0N/A private void marshalSubjectName(String name, Node parent, Document doc,
0N/A String dsPrefix) {
0N/A
0N/A Element snElem = DOMUtils.createElement
0N/A (doc, "X509SubjectName", XMLSignature.XMLNS, dsPrefix);
0N/A snElem.appendChild(doc.createTextNode(name));
0N/A parent.appendChild(snElem);
0N/A }
0N/A
0N/A private void marshalCert(X509Certificate cert, Node parent, Document doc,
0N/A String dsPrefix) throws MarshalException {
0N/A
0N/A Element certElem = DOMUtils.createElement
0N/A (doc, "X509Certificate", XMLSignature.XMLNS, dsPrefix);
0N/A try {
0N/A certElem.appendChild(doc.createTextNode
0N/A (Base64.encode(cert.getEncoded())));
0N/A } catch (CertificateEncodingException e) {
0N/A throw new MarshalException("Error encoding X509Certificate", e);
0N/A }
0N/A parent.appendChild(certElem);
0N/A }
0N/A
0N/A private void marshalCRL(X509CRL crl, Node parent, Document doc,
0N/A String dsPrefix) throws MarshalException {
0N/A
0N/A Element crlElem = DOMUtils.createElement
0N/A (doc, "X509CRL", XMLSignature.XMLNS, dsPrefix);
0N/A try {
0N/A crlElem.appendChild(doc.createTextNode
0N/A (Base64.encode(crl.getEncoded())));
0N/A } catch (CRLException e) {
0N/A throw new MarshalException("Error encoding X509CRL", e);
0N/A }
0N/A parent.appendChild(crlElem);
0N/A }
0N/A
0N/A private X509Certificate unmarshalX509Certificate(Element elem)
0N/A throws MarshalException {
0N/A try {
0N/A ByteArrayInputStream bs = unmarshalBase64Binary(elem);
0N/A return (X509Certificate) cf.generateCertificate(bs);
0N/A } catch (CertificateException e) {
0N/A throw new MarshalException("Cannot create X509Certificate", e);
0N/A }
0N/A }
0N/A
0N/A private X509CRL unmarshalX509CRL(Element elem) throws MarshalException {
0N/A try {
0N/A ByteArrayInputStream bs = unmarshalBase64Binary(elem);
0N/A return (X509CRL) cf.generateCRL(bs);
0N/A } catch (CRLException e) {
0N/A throw new MarshalException("Cannot create X509CRL", e);
0N/A }
0N/A }
0N/A
0N/A private ByteArrayInputStream unmarshalBase64Binary(Element elem)
0N/A throws MarshalException {
0N/A try {
0N/A if (cf == null) {
0N/A cf = CertificateFactory.getInstance("X.509");
0N/A }
0N/A return new ByteArrayInputStream(Base64.decode(elem));
0N/A } catch (CertificateException e) {
0N/A throw new MarshalException("Cannot create CertificateFactory", e);
0N/A } catch (Base64DecodingException bde) {
0N/A throw new MarshalException("Cannot decode Base64-encoded val", bde);
0N/A }
0N/A }
0N/A
0N/A public boolean equals(Object o) {
0N/A if (this == o) {
0N/A return true;
0N/A }
0N/A
0N/A if (!(o instanceof X509Data)) {
0N/A return false;
0N/A }
0N/A X509Data oxd = (X509Data) o;
0N/A
0N/A List ocontent = oxd.getContent();
0N/A int size = content.size();
0N/A if (size != ocontent.size()) {
0N/A return false;
0N/A }
0N/A
0N/A for (int i = 0; i < size; i++) {
0N/A Object x = content.get(i);
0N/A Object ox = ocontent.get(i);
0N/A if (x instanceof byte[]) {
0N/A if (!(ox instanceof byte[]) ||
0N/A !Arrays.equals((byte[]) x, (byte[]) ox)) {
0N/A return false;
0N/A }
0N/A } else {
0N/A if (!(x.equals(ox))) {
0N/A return false;
0N/A }
0N/A }
0N/A }
0N/A
0N/A return true;
0N/A }
0N/A}