/*
 * reserved comment block
 * DO NOT REMOVE OR ALTER!
 */
/*
 * Copyright 2005 The Apache Software Foundation.
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 */
/*
 * Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved.
 */
/*
 * $Id: DOMX509Data.java,v 1.2 2008/07/24 15:20:32 mullan Exp $
 */
package org.jcp.xml.dsig.internal.dom;

import java.io.ByteArrayInputStream;
import java.security.cert.*;
import java.util.*;
import javax.xml.crypto.*;
import javax.xml.crypto.dom.DOMCryptoContext;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.security.auth.x500.X500Principal;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
import com.sun.org.apache.xml.internal.security.utils.Base64;

DOM-based implementation of X509Data.
Author:Sean Mullan
/** * DOM-based implementation of X509Data. * * @author Sean Mullan */
//@@@ check for illegal combinations of data violating MUSTs in W3c spec public final class DOMX509Data extends DOMStructure implements X509Data { private final List content; private CertificateFactory cf;
Creates a DOMX509Data.
Params:
  • content – a list of one or more X.509 data types. Valid types are String (subject names), byte[] (subject key ids), X509Certificate, X509CRL, or XMLStructure (X509IssuerSerial objects or elements from an external namespace). The list is defensively copied to protect against subsequent modification.
Throws:
Returns:a X509Data
/** * Creates a DOMX509Data. * * @param content a list of one or more X.509 data types. Valid types are * {@link String} (subject names), <code>byte[]</code> (subject key ids), * {@link java.security.cert.X509Certificate}, {@link X509CRL}, * or {@link javax.xml.dsig.XMLStructure} ({@link X509IssuerSerial} * objects or elements from an external namespace). The list is * defensively copied to protect against subsequent modification. * @return a <code>X509Data</code> * @throws NullPointerException if <code>content</code> is <code>null</code> * @throws IllegalArgumentException if <code>content</code> is empty * @throws ClassCastException if <code>content</code> contains any entries * that are not of one of the valid types mentioned above */
public DOMX509Data(List content) { if (content == null) { throw new NullPointerException("content cannot be null"); } List contentCopy = new ArrayList(content); if (contentCopy.isEmpty()) { throw new IllegalArgumentException("content cannot be empty"); } for (int i = 0, size = contentCopy.size(); i < size; i++) { Object x509Type = contentCopy.get(i); if (x509Type instanceof String) { new X500Principal((String) x509Type); } else if (!(x509Type instanceof byte[]) && !(x509Type instanceof X509Certificate) && !(x509Type instanceof X509CRL) && !(x509Type instanceof XMLStructure)) { throw new ClassCastException ("content["+i+"] is not a valid X509Data type"); } } this.content = Collections.unmodifiableList(contentCopy); }
Creates a DOMX509Data from an element.
Params:
  • xdElem – an X509Data element
Throws:
/** * Creates a <code>DOMX509Data</code> from an element. * * @param xdElem an X509Data element * @throws MarshalException if there is an error while unmarshalling */
public DOMX509Data(Element xdElem) throws MarshalException { // get all children nodes NodeList nl = xdElem.getChildNodes(); int length = nl.getLength(); List content = new ArrayList(length); for (int i = 0; i < length; i++) { Node child = nl.item(i); // ignore all non-Element nodes if (child.getNodeType() != Node.ELEMENT_NODE) { continue; } Element childElem = (Element) child; String localName = childElem.getLocalName(); if (localName.equals("X509Certificate")) { content.add(unmarshalX509Certificate(childElem)); } else if (localName.equals("X509IssuerSerial")) { content.add(new DOMX509IssuerSerial(childElem)); } else if (localName.equals("X509SubjectName")) { content.add(childElem.getFirstChild().getNodeValue()); } else if (localName.equals("X509SKI")) { try { content.add(Base64.decode(childElem)); } catch (Base64DecodingException bde) { throw new MarshalException("cannot decode X509SKI", bde); } } else if (localName.equals("X509CRL")) { content.add(unmarshalX509CRL(childElem)); } else { content.add(new javax.xml.crypto.dom.DOMStructure(childElem)); } } this.content = Collections.unmodifiableList(content); } public List getContent() { return content; } public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) throws MarshalException { Document ownerDoc = DOMUtils.getOwnerDocument(parent); Element xdElem = DOMUtils.createElement (ownerDoc, "X509Data", XMLSignature.XMLNS, dsPrefix); // append children and preserve order for (int i = 0, size = content.size(); i < size; i++) { Object object = content.get(i); if (object instanceof X509Certificate) { marshalCert((X509Certificate) object,xdElem,ownerDoc,dsPrefix); } else if (object instanceof XMLStructure) { if (object instanceof X509IssuerSerial) { ((DOMX509IssuerSerial) object).marshal (xdElem, dsPrefix, context); } else { javax.xml.crypto.dom.DOMStructure domContent = (javax.xml.crypto.dom.DOMStructure) object; DOMUtils.appendChild(xdElem, domContent.getNode()); } } else if (object instanceof byte[]) { marshalSKI((byte[]) object, xdElem, ownerDoc, dsPrefix); } else if (object instanceof String) { marshalSubjectName((String) object, xdElem, ownerDoc,dsPrefix); } else if (object instanceof X509CRL) { marshalCRL((X509CRL) object, xdElem, ownerDoc, dsPrefix); } } parent.appendChild(xdElem); } private void marshalSKI(byte[] skid, Node parent, Document doc, String dsPrefix) { Element skidElem = DOMUtils.createElement (doc, "X509SKI", XMLSignature.XMLNS, dsPrefix); skidElem.appendChild(doc.createTextNode(Base64.encode(skid))); parent.appendChild(skidElem); } private void marshalSubjectName(String name, Node parent, Document doc, String dsPrefix) { Element snElem = DOMUtils.createElement (doc, "X509SubjectName", XMLSignature.XMLNS, dsPrefix); snElem.appendChild(doc.createTextNode(name)); parent.appendChild(snElem); } private void marshalCert(X509Certificate cert, Node parent, Document doc, String dsPrefix) throws MarshalException { Element certElem = DOMUtils.createElement (doc, "X509Certificate", XMLSignature.XMLNS, dsPrefix); try { certElem.appendChild(doc.createTextNode (Base64.encode(cert.getEncoded()))); } catch (CertificateEncodingException e) { throw new MarshalException("Error encoding X509Certificate", e); } parent.appendChild(certElem); } private void marshalCRL(X509CRL crl, Node parent, Document doc, String dsPrefix) throws MarshalException { Element crlElem = DOMUtils.createElement (doc, "X509CRL", XMLSignature.XMLNS, dsPrefix); try { crlElem.appendChild(doc.createTextNode (Base64.encode(crl.getEncoded()))); } catch (CRLException e) { throw new MarshalException("Error encoding X509CRL", e); } parent.appendChild(crlElem); } private X509Certificate unmarshalX509Certificate(Element elem) throws MarshalException { try { ByteArrayInputStream bs = unmarshalBase64Binary(elem); return (X509Certificate) cf.generateCertificate(bs); } catch (CertificateException e) { throw new MarshalException("Cannot create X509Certificate", e); } } private X509CRL unmarshalX509CRL(Element elem) throws MarshalException { try { ByteArrayInputStream bs = unmarshalBase64Binary(elem); return (X509CRL) cf.generateCRL(bs); } catch (CRLException e) { throw new MarshalException("Cannot create X509CRL", e); } } private ByteArrayInputStream unmarshalBase64Binary(Element elem) throws MarshalException { try { if (cf == null) { cf = CertificateFactory.getInstance("X.509"); } return new ByteArrayInputStream(Base64.decode(elem)); } catch (CertificateException e) { throw new MarshalException("Cannot create CertificateFactory", e); } catch (Base64DecodingException bde) { throw new MarshalException("Cannot decode Base64-encoded val", bde); } } public boolean equals(Object o) { if (this == o) { return true; } if (!(o instanceof X509Data)) { return false; } X509Data oxd = (X509Data) o; List ocontent = oxd.getContent(); int size = content.size(); if (size != ocontent.size()) { return false; } for (int i = 0; i < size; i++) { Object x = content.get(i); Object ox = ocontent.get(i); if (x instanceof byte[]) { if (!(ox instanceof byte[]) || !Arrays.equals((byte[]) x, (byte[]) ox)) { return false; } } else { if (!(x.equals(ox))) { return false; } } } return true; } }