KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > sun > org > apache > xml > internal > security > keys > content > x509 > XMLX509SKI


1 /*
2  * Copyright 1999-2004 The Apache Software Foundation.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  *
16  */

17 package com.sun.org.apache.xml.internal.security.keys.content.x509;
18
19
20
21 import java.io.IOException JavaDoc;
22 import java.io.ByteArrayInputStream JavaDoc;
23 import java.io.InputStream JavaDoc;
24 import java.security.cert.X509Certificate JavaDoc;
25 import java.lang.reflect.Constructor JavaDoc;
26 import java.lang.reflect.Method JavaDoc;
27
28 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
29 import com.sun.org.apache.xml.internal.security.utils.Base64;
30 import com.sun.org.apache.xml.internal.security.utils.Constants;
31 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
32 import org.w3c.dom.Document JavaDoc;
33 import org.w3c.dom.Element JavaDoc;
34
35 import sun.security.util.DerValue;
36
37
38 /**
39  * Handles SubjectKeyIdentifier (SKI) for X.509v3.
40  *
41  * @author $Author: raul $
42  * @see <A HREF="http://java.sun.com/products/jdk/1.2/docs/api/java/security/cert/X509Extension.html">Interface X509Extension</A>
43  */

44 public class XMLX509SKI extends SignatureElementProxy
45         implements XMLX509DataContent {
46
47    /** {@link java.util.logging} logging facility */
48     static java.util.logging.Logger JavaDoc log =
49         java.util.logging.Logger.getLogger(XMLX509SKI.class.getName());
50
51    /**
52     * <CODE>SubjectKeyIdentifier (id-ce-subjectKeyIdentifier) (2.5.29.14)</CODE>:
53     * This extension identifies the public key being certified. It enables
54     * distinct keys used by the same subject to be differentiated
55     * (e.g., as key updating occurs).
56     * <BR />
57     * A key identifer shall be unique with respect to all key identifiers
58     * for the subject with which it is used. This extension is always non-critical.
59     */

60    public static final String JavaDoc SKI_OID = "2.5.29.14";
61
62    /**
63     * Constructor X509SKI
64     *
65     * @param doc
66     * @param skiBytes
67     */

68    public XMLX509SKI(Document JavaDoc doc, byte[] skiBytes) {
69
70       super(doc);
71
72       this.addBase64Text(skiBytes);
73    }
74
75    /**
76     * Constructor XMLX509SKI
77     *
78     * @param doc
79     * @param x509certificate
80     * @throws XMLSecurityException
81     */

82    public XMLX509SKI(Document JavaDoc doc, X509Certificate JavaDoc x509certificate)
83            throws XMLSecurityException {
84
85       super(doc);
86
87       this.addBase64Text(XMLX509SKI.getSKIBytesFromCert(x509certificate));
88    }
89
90    /**
91     * Constructor XMLX509SKI
92     *
93     * @param element
94     * @param BaseURI
95     * @throws XMLSecurityException
96     */

97    public XMLX509SKI(Element JavaDoc element, String JavaDoc BaseURI)
98            throws XMLSecurityException {
99       super(element, BaseURI);
100    }
101
102    /**
103     * Method getSKIBytes
104     *
105     * @return the skibytes
106     * @throws XMLSecurityException
107     */

108    public byte[] getSKIBytes() throws XMLSecurityException {
109       return this.getBytesFromTextChild();
110    }
111
112    /**
113     * Method getSKIBytesFromCert
114     *
115     * @param cert
116     * @return sky bytes from the given certificate
117     *
118     * @throws XMLSecurityException
119     * @see java.security.cert.X509Extension#getExtensionValue(java.lang.String)
120     */

121    public static byte[] getSKIBytesFromCert(X509Certificate JavaDoc cert)
122            throws XMLSecurityException {
123
124       try {
125
126          /*
127           * Gets the DER-encoded OCTET string for the extension value (extnValue)
128           * identified by the passed-in oid String. The oid string is
129           * represented by a set of positive whole numbers separated by periods.
130           */

131          byte[] derEncodedValue = cert.getExtensionValue(XMLX509SKI.SKI_OID);
132
133          if (cert.getVersion() < 3) {
134             Object JavaDoc exArgs[] = { new Integer JavaDoc(cert.getVersion()) };
135
136             throw new XMLSecurityException("certificate.noSki.lowVersion",
137                                            exArgs);
138          }
139
140           byte[] extensionValue = null;
141           
142           /**
143            * Use sun.security.util.DerValue if it is present.
144            */

145           try {
146                   DerValue dervalue = new DerValue(derEncodedValue);
147                   if (dervalue == null) {
148                       throw new XMLSecurityException("certificate.noSki.null");
149                   }
150                   if (dervalue.tag != DerValue.tag_OctetString) {
151                       throw new XMLSecurityException("certificate.noSki.notOctetString");
152                   }
153                   extensionValue = dervalue.getOctetString();
154           } catch (NoClassDefFoundError JavaDoc e) {
155           }
156           
157           /**
158            * Fall back to org.bouncycastle.asn1.DERInputStream
159            */

160           if (extensionValue == null) {
161               try {
162                   Class JavaDoc clazz = Class.forName("org.bouncycastle.asn1.DERInputStream");
163                   if (clazz != null) {
164                       Constructor JavaDoc constructor = clazz.getConstructor(new Class JavaDoc[]{InputStream JavaDoc.class});
165                       InputStream JavaDoc is = (InputStream JavaDoc) constructor.newInstance(new Object JavaDoc[]{new ByteArrayInputStream JavaDoc(derEncodedValue)});
166                       Method JavaDoc method = clazz.getMethod("readObject", new Class JavaDoc[]{});
167                       Object JavaDoc obj = method.invoke(is, new Object JavaDoc[]{});
168                       if (obj == null) {
169                           throw new XMLSecurityException("certificate.noSki.null");
170                       }
171                       Class JavaDoc clazz2 = Class.forName("org.bouncycastle.asn1.ASN1OctetString");
172                       if (!clazz2.isInstance(obj)) {
173                           throw new XMLSecurityException("certificate.noSki.notOctetString");
174                       }
175                       Method JavaDoc method2 = clazz2.getMethod("getOctets", new Class JavaDoc[]{});
176                       extensionValue = (byte[]) method2.invoke(obj, new Object JavaDoc[]{});
177                   }
178               } catch (Throwable JavaDoc t) {
179               }
180           }
181
182          /**
183           * Strip away first two bytes from the DerValue (tag and length)
184           */

185          byte abyte0[] = new byte[extensionValue.length - 2];
186
187          System.arraycopy(extensionValue, 2, abyte0, 0, abyte0.length);
188
189          /*
190          byte abyte0[] = new byte[derEncodedValue.length - 4];
191          System.arraycopy(derEncodedValue, 4, abyte0, 0, abyte0.length);
192          */

193          if (true)
194             if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Base64 of SKI is " + Base64.encode(abyte0));
195
196          return abyte0;
197       } catch (IOException JavaDoc ex) {
198          throw new XMLSecurityException("generic.EmptyMessage", ex);
199       }
200    }
201
202    /** @inheritDoc */
203    public boolean equals(Object JavaDoc obj) {
204
205       if (!obj.getClass().getName().equals(this.getClass().getName())) {
206          return false;
207       }
208
209       XMLX509SKI other = (XMLX509SKI) obj;
210
211       try {
212          return java.security.MessageDigest.isEqual(other.getSKIBytes(),
213                                         this.getSKIBytes());
214       } catch (XMLSecurityException ex) {
215          return false;
216       }
217    }
218
219    /** @inheritDoc */
220    public String JavaDoc getBaseLocalName() {
221       return Constants._TAG_X509SKI;
222    }
223 }
224
Popular Tags