/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package com.sun.org.apache.xml.internal.security.keys.content.x509;
import java.io.IOException;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.utils.Base64;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
Handles SubjectKeyIdentifier (SKI) for X.509v3.
Author: $Author: mullan $ See Also:
/**
* Handles SubjectKeyIdentifier (SKI) for X.509v3.
*
* @author $Author: mullan $
* @see <A HREF="http://java.sun.com/j2se/1.5.0/docs/api/java/security/cert/X509Extension.html">Interface X509Extension</A>
*/
public class XMLX509SKI extends SignatureElementProxy
implements XMLX509DataContent {
logging
logging facility /** {@link java.util.logging} logging facility */
static java.util.logging.Logger log =
java.util.logging.Logger.getLogger(XMLX509SKI.class.getName());
SubjectKeyIdentifier (id-ce-subjectKeyIdentifier) (2.5.29.14)
:
This extension identifies the public key being certified. It enables
distinct keys used by the same subject to be differentiated
(e.g., as key updating occurs).
A key identifer shall be unique with respect to all key identifiers
for the subject with which it is used. This extension is always non-critical.
/**
* <CODE>SubjectKeyIdentifier (id-ce-subjectKeyIdentifier) (2.5.29.14)</CODE>:
* This extension identifies the public key being certified. It enables
* distinct keys used by the same subject to be differentiated
* (e.g., as key updating occurs).
* <BR />
* A key identifer shall be unique with respect to all key identifiers
* for the subject with which it is used. This extension is always non-critical.
*/
public static final String SKI_OID = "2.5.29.14";
Constructor X509SKI
Params: - doc –
- skiBytes –
/**
* Constructor X509SKI
*
* @param doc
* @param skiBytes
*/
public XMLX509SKI(Document doc, byte[] skiBytes) {
super(doc);
this.addBase64Text(skiBytes);
}
Constructor XMLX509SKI
Params: - doc –
- x509certificate –
Throws:
/**
* Constructor XMLX509SKI
*
* @param doc
* @param x509certificate
* @throws XMLSecurityException
*/
public XMLX509SKI(Document doc, X509Certificate x509certificate)
throws XMLSecurityException {
super(doc);
this.addBase64Text(XMLX509SKI.getSKIBytesFromCert(x509certificate));
}
Constructor XMLX509SKI
Params: - element –
- BaseURI –
Throws:
/**
* Constructor XMLX509SKI
*
* @param element
* @param BaseURI
* @throws XMLSecurityException
*/
public XMLX509SKI(Element element, String BaseURI)
throws XMLSecurityException {
super(element, BaseURI);
}
Method getSKIBytes
Throws: Returns: the skibytes
/**
* Method getSKIBytes
*
* @return the skibytes
* @throws XMLSecurityException
*/
public byte[] getSKIBytes() throws XMLSecurityException {
return this.getBytesFromTextChild();
}
Method getSKIBytesFromCert
Params: - cert –
Throws: See Also: Returns: ski bytes from the given certificate
/**
* Method getSKIBytesFromCert
*
* @param cert
* @return ski bytes from the given certificate
*
* @throws XMLSecurityException
* @see java.security.cert.X509Extension#getExtensionValue(java.lang.String)
*/
public static byte[] getSKIBytesFromCert(X509Certificate cert)
throws XMLSecurityException {
if (cert.getVersion() < 3) {
Object exArgs[] = { new Integer(cert.getVersion()) };
throw new XMLSecurityException("certificate.noSki.lowVersion",
exArgs);
}
/*
* Gets the DER-encoded OCTET string for the extension value
* (extnValue) identified by the passed-in oid String. The oid
* string is represented by a set of positive whole numbers
* separated by periods.
*/
byte[] extensionValue = cert.getExtensionValue(XMLX509SKI.SKI_OID);
if (extensionValue == null) {
throw new XMLSecurityException("certificate.noSki.null");
}
/**
* Strip away first four bytes from the extensionValue
* The first two bytes are the tag and length of the extensionValue
* OCTET STRING, and the next two bytes are the tag and length of
* the skid OCTET STRING.
*/
byte skidValue[] = new byte[extensionValue.length - 4];
System.arraycopy(extensionValue, 4, skidValue, 0, skidValue.length);
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Base64 of SKI is " + Base64.encode(skidValue));
}
return skidValue;
}
@inheritDoc
/** @inheritDoc */
public boolean equals(Object obj) {
if (obj == null) {
return false;
}
if (!this.getClass().getName().equals(obj.getClass().getName())) {
return false;
}
XMLX509SKI other = (XMLX509SKI) obj;
try {
return java.security.MessageDigest.isEqual(other.getSKIBytes(),
this.getSKIBytes());
} catch (XMLSecurityException ex) {
return false;
}
}
@inheritDoc
/** @inheritDoc */
public String getBaseLocalName() {
return Constants._TAG_X509SKI;
}
}