/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
/*
* Copyright 2005 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
/*
* Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved.
*/
/*
* $Id: DOMPGPData.java,v 1.2 2008/07/24 15:20:32 mullan Exp $
*/
package org.jcp.xml.dsig.internal.dom;
import java.util.*;
import javax.xml.crypto.*;
import javax.xml.crypto.dom.DOMCryptoContext;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.keyinfo.PGPData;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
import com.sun.org.apache.xml.internal.security.utils.Base64;
DOM-based implementation of PGPData.
Author: Sean Mullan
/**
* DOM-based implementation of PGPData.
*
* @author Sean Mullan
*/
public final class DOMPGPData extends DOMStructure implements PGPData {
private final byte[] keyId;
private final byte[] keyPacket;
private final List externalElements;
Creates a DOMPGPData containing the specified key packet.
and optional list of external elements.
Params: - keyPacket – a PGP Key Material Packet as defined in section 5.5 of
RFC 2440. The
array is cloned to prevent subsequent modification.
- other – a list of
XMLStructures representing elements from an external namespace. The list is defensively copied to prevent subsequent modification. May be null or empty.
Throws: - NullPointerException – if
keyPacket is
null - IllegalArgumentException – if the key packet is not in the
correct format
- ClassCastException – if
other contains any entries that are not of type XMLStructure
/**
* Creates a <code>DOMPGPData</code> containing the specified key packet.
* and optional list of external elements.
*
* @param keyPacket a PGP Key Material Packet as defined in section 5.5 of
* <a href="http://www.ietf.org/rfc/rfc2440.txt"/>RFC 2440</a>. The
* array is cloned to prevent subsequent modification.
* @param other a list of {@link XMLStructure}s representing elements from
* an external namespace. The list is defensively copied to prevent
* subsequent modification. May be <code>null</code> or empty.
* @throws NullPointerException if <code>keyPacket</code> is
* <code>null</code>
* @throws IllegalArgumentException if the key packet is not in the
* correct format
* @throws ClassCastException if <code>other</code> contains any
* entries that are not of type {@link XMLStructure}
*/
public DOMPGPData(byte[] keyPacket, List other) {
if (keyPacket == null) {
throw new NullPointerException("keyPacket cannot be null");
}
if (other == null || other.isEmpty()) {
this.externalElements = Collections.EMPTY_LIST;
} else {
List otherCopy = new ArrayList(other);
for (int i = 0, size = otherCopy.size(); i < size; i++) {
if (!(otherCopy.get(i) instanceof XMLStructure)) {
throw new ClassCastException
("other["+i+"] is not a valid PGPData type");
}
}
this.externalElements = Collections.unmodifiableList(otherCopy);
}
this.keyPacket = (byte []) keyPacket.clone();
checkKeyPacket(keyPacket);
this.keyId = null;
}
Creates a DOMPGPData containing the specified key id and
optional key packet and list of external elements.
Params: - keyId – a PGP public key id as defined in section 11.2 of
RFC 2440. The
array is cloned to prevent subsequent modification.
- keyPacket – a PGP Key Material Packet as defined in section 5.5 of
RFC 2440 (may
be
null). The array is cloned to prevent subsequent
modification. - other – a list of
XMLStructures representing elements from an external namespace. The list is defensively copied to prevent subsequent modification. May be null or empty.
Throws: - NullPointerException – if
keyId is null - IllegalArgumentException – if the key id or packet is not in the
correct format
- ClassCastException – if
other contains any entries that are not of type XMLStructure
/**
* Creates a <code>DOMPGPData</code> containing the specified key id and
* optional key packet and list of external elements.
*
* @param keyId a PGP public key id as defined in section 11.2 of
* <a href="http://www.ietf.org/rfc/rfc2440.txt"/>RFC 2440</a>. The
* array is cloned to prevent subsequent modification.
* @param keyPacket a PGP Key Material Packet as defined in section 5.5 of
* <a href="http://www.ietf.org/rfc/rfc2440.txt"/>RFC 2440</a> (may
* be <code>null</code>). The array is cloned to prevent subsequent
* modification.
* @param other a list of {@link XMLStructure}s representing elements from
* an external namespace. The list is defensively copied to prevent
* subsequent modification. May be <code>null</code> or empty.
* @throws NullPointerException if <code>keyId</code> is <code>null</code>
* @throws IllegalArgumentException if the key id or packet is not in the
* correct format
* @throws ClassCastException if <code>other</code> contains any
* entries that are not of type {@link XMLStructure}
*/
public DOMPGPData(byte[] keyId, byte[] keyPacket, List other) {
if (keyId == null) {
throw new NullPointerException("keyId cannot be null");
}
// key ids must be 8 bytes
if (keyId.length != 8) {
throw new IllegalArgumentException("keyId must be 8 bytes long");
}
if (other == null || other.isEmpty()) {
this.externalElements = Collections.EMPTY_LIST;
} else {
List otherCopy = new ArrayList(other);
for (int i = 0, size = otherCopy.size(); i < size; i++) {
if (!(otherCopy.get(i) instanceof XMLStructure)) {
throw new ClassCastException
("other["+i+"] is not a valid PGPData type");
}
}
this.externalElements = Collections.unmodifiableList(otherCopy);
}
this.keyId = (byte []) keyId.clone();
this.keyPacket = keyPacket == null ? null : (byte []) keyPacket.clone();
if (keyPacket != null) {
checkKeyPacket(keyPacket);
}
}
Creates a DOMPGPData from an element.
Params: - pdElem – a PGPData element
/**
* Creates a <code>DOMPGPData</code> from an element.
*
* @param pdElem a PGPData element
*/
public DOMPGPData(Element pdElem) throws MarshalException {
// get all children nodes
byte[] keyId = null;
byte[] keyPacket = null;
NodeList nl = pdElem.getChildNodes();
int length = nl.getLength();
List other = new ArrayList(length);
for (int x = 0; x < length; x++) {
Node n = nl.item(x);
if (n.getNodeType() == Node.ELEMENT_NODE) {
Element childElem = (Element) n;
String localName = childElem.getLocalName();
try {
if (localName.equals("PGPKeyID")) {
keyId = Base64.decode(childElem);
} else if (localName.equals("PGPKeyPacket")){
keyPacket = Base64.decode(childElem);
} else {
other.add
(new javax.xml.crypto.dom.DOMStructure(childElem));
}
} catch (Base64DecodingException bde) {
throw new MarshalException(bde);
}
}
}
this.keyId = keyId;
this.keyPacket = keyPacket;
this.externalElements = Collections.unmodifiableList(other);
}
public byte[] getKeyId() {
return (keyId == null ? null : (byte []) keyId.clone());
}
public byte[] getKeyPacket() {
return (keyPacket == null ? null : (byte []) keyPacket.clone());
}
public List getExternalElements() {
return externalElements;
}
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
throws MarshalException {
Document ownerDoc = DOMUtils.getOwnerDocument(parent);
Element pdElem = DOMUtils.createElement
(ownerDoc, "PGPData", XMLSignature.XMLNS, dsPrefix);
// create and append PGPKeyID element
if (keyId != null) {
Element keyIdElem = DOMUtils.createElement
(ownerDoc, "PGPKeyID", XMLSignature.XMLNS, dsPrefix);
keyIdElem.appendChild
(ownerDoc.createTextNode(Base64.encode(keyId)));
pdElem.appendChild(keyIdElem);
}
// create and append PGPKeyPacket element
if (keyPacket != null) {
Element keyPktElem = DOMUtils.createElement
(ownerDoc, "PGPKeyPacket", XMLSignature.XMLNS, dsPrefix);
keyPktElem.appendChild
(ownerDoc.createTextNode(Base64.encode(keyPacket)));
pdElem.appendChild(keyPktElem);
}
// create and append any elements
for (int i = 0, size = externalElements.size(); i < size; i++) {
DOMUtils.appendChild(pdElem, ((javax.xml.crypto.dom.DOMStructure)
externalElements.get(i)).getNode());
}
parent.appendChild(pdElem);
}
We assume packets use the new format packet syntax, as specified in
section 4 of RFC 2440.
This method only checks if the packet contains a valid tag. The
contents of the packet should be checked by the application.
/**
* We assume packets use the new format packet syntax, as specified in
* section 4 of RFC 2440.
*
* This method only checks if the packet contains a valid tag. The
* contents of the packet should be checked by the application.
*/
private void checkKeyPacket(byte[] keyPacket) {
// length must be at least 3 (one byte for tag, one byte for length,
// and minimally one byte of content
if (keyPacket.length < 3) {
throw new IllegalArgumentException("keypacket must be at least " +
"3 bytes long");
}
int tag = keyPacket[0];
// first bit must be set
if ((tag & 128) != 128) {
throw new IllegalArgumentException("keypacket tag is invalid: " +
"bit 7 is not set");
}
// make sure using new format
if ((tag & 64) != 64) {
throw new IllegalArgumentException("old keypacket tag format is " +
"unsupported");
}
// tag value must be 6, 14, 5 or 7
if (((tag & 6) != 6) && ((tag & 14) != 14) &&
((tag & 5) != 5) && ((tag & 7) != 7)) {
throw new IllegalArgumentException("keypacket tag is invalid: " +
"must be 6, 14, 5, or 7");
}
}
}