/*
 * reserved comment block
 * DO NOT REMOVE OR ALTER!
 */
/*
 * Copyright  1999-2004 The Apache Software Foundation.
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 */
package com.sun.org.apache.xml.internal.security.keys.content.x509;

import java.io.IOException;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;

import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.utils.Base64;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

Handles SubjectKeyIdentifier (SKI) for X.509v3.
Author:$Author: mullan $
See Also:
/** * Handles SubjectKeyIdentifier (SKI) for X.509v3. * * @author $Author: mullan $ * @see <A HREF="http://java.sun.com/j2se/1.5.0/docs/api/java/security/cert/X509Extension.html">Interface X509Extension</A> */
public class XMLX509SKI extends SignatureElementProxy implements XMLX509DataContent {
logging logging facility
/** {@link java.util.logging} logging facility */
static java.util.logging.Logger log = java.util.logging.Logger.getLogger(XMLX509SKI.class.getName());
SubjectKeyIdentifier (id-ce-subjectKeyIdentifier) (2.5.29.14): This extension identifies the public key being certified. It enables distinct keys used by the same subject to be differentiated (e.g., as key updating occurs).
A key identifer shall be unique with respect to all key identifiers for the subject with which it is used. This extension is always non-critical.
/** * <CODE>SubjectKeyIdentifier (id-ce-subjectKeyIdentifier) (2.5.29.14)</CODE>: * This extension identifies the public key being certified. It enables * distinct keys used by the same subject to be differentiated * (e.g., as key updating occurs). * <BR /> * A key identifer shall be unique with respect to all key identifiers * for the subject with which it is used. This extension is always non-critical. */
public static final String SKI_OID = "2.5.29.14";
Constructor X509SKI
Params:
  • doc –
  • skiBytes –
/** * Constructor X509SKI * * @param doc * @param skiBytes */
public XMLX509SKI(Document doc, byte[] skiBytes) { super(doc); this.addBase64Text(skiBytes); }
Constructor XMLX509SKI
Params:
  • doc –
  • x509certificate –
Throws:
/** * Constructor XMLX509SKI * * @param doc * @param x509certificate * @throws XMLSecurityException */
public XMLX509SKI(Document doc, X509Certificate x509certificate) throws XMLSecurityException { super(doc); this.addBase64Text(XMLX509SKI.getSKIBytesFromCert(x509certificate)); }
Constructor XMLX509SKI
Params:
  • element –
  • BaseURI –
Throws:
/** * Constructor XMLX509SKI * * @param element * @param BaseURI * @throws XMLSecurityException */
public XMLX509SKI(Element element, String BaseURI) throws XMLSecurityException { super(element, BaseURI); }
Method getSKIBytes
Throws:
Returns:the skibytes
/** * Method getSKIBytes * * @return the skibytes * @throws XMLSecurityException */
public byte[] getSKIBytes() throws XMLSecurityException { return this.getBytesFromTextChild(); }
Method getSKIBytesFromCert
Params:
  • cert –
Throws:
See Also:
Returns:ski bytes from the given certificate
/** * Method getSKIBytesFromCert * * @param cert * @return ski bytes from the given certificate * * @throws XMLSecurityException * @see java.security.cert.X509Extension#getExtensionValue(java.lang.String) */
public static byte[] getSKIBytesFromCert(X509Certificate cert) throws XMLSecurityException { if (cert.getVersion() < 3) { Object exArgs[] = { new Integer(cert.getVersion()) }; throw new XMLSecurityException("certificate.noSki.lowVersion", exArgs); } /* * Gets the DER-encoded OCTET string for the extension value * (extnValue) identified by the passed-in oid String. The oid * string is represented by a set of positive whole numbers * separated by periods. */ byte[] extensionValue = cert.getExtensionValue(XMLX509SKI.SKI_OID); if (extensionValue == null) { throw new XMLSecurityException("certificate.noSki.null"); } /** * Strip away first four bytes from the extensionValue * The first two bytes are the tag and length of the extensionValue * OCTET STRING, and the next two bytes are the tag and length of * the skid OCTET STRING. */ byte skidValue[] = new byte[extensionValue.length - 4]; System.arraycopy(extensionValue, 4, skidValue, 0, skidValue.length); if (log.isLoggable(java.util.logging.Level.FINE)) { log.log(java.util.logging.Level.FINE, "Base64 of SKI is " + Base64.encode(skidValue)); } return skidValue; }
@inheritDoc
/** @inheritDoc */
public boolean equals(Object obj) { if (obj == null) { return false; } if (!this.getClass().getName().equals(obj.getClass().getName())) { return false; } XMLX509SKI other = (XMLX509SKI) obj; try { return java.security.MessageDigest.isEqual(other.getSKIBytes(), this.getSKIBytes()); } catch (XMLSecurityException ex) { return false; } }
@inheritDoc
/** @inheritDoc */
public String getBaseLocalName() { return Constants._TAG_X509SKI; } }