1 /* 2 * reserved comment block 3 * DO NOT REMOVE OR ALTER! 4 */ 5 /* 6 * Copyright 2005 The Apache Software Foundation. 7 * 8 * Licensed under the Apache License, Version 2.0 (the "License"); 9 * you may not use this file except in compliance with the License. 10 * You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, 16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 * See the License for the specific language governing permissions and 18 * limitations under the License. 19 * 20 */ 21 /* 22 * Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved. 23 */ 24 /* 25 * $Id: DOMX509Data.java,v 1.2 2008/07/24 15:20:32 mullan Exp $ 26 */ 27 package org.jcp.xml.dsig.internal.dom; 28 29 import java.io.ByteArrayInputStream; 30 import java.security.cert.*; 31 import java.util.*; 32 import javax.xml.crypto.*; 33 import javax.xml.crypto.dom.DOMCryptoContext; 34 import javax.xml.crypto.dsig.*; 35 import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial; 36 import javax.xml.crypto.dsig.keyinfo.X509Data; 37 import javax.security.auth.x500.X500Principal; 38 import org.w3c.dom.Document; 39 import org.w3c.dom.Element; 40 import org.w3c.dom.Node; 41 import org.w3c.dom.NodeList; 42 43 import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException; 44 import com.sun.org.apache.xml.internal.security.utils.Base64; 45 46 /** 47 * DOM-based implementation of X509Data. 48 * 49 * @author Sean Mullan 50 */ 51 //@@@ check for illegal combinations of data violating MUSTs in W3c spec 52 public final class DOMX509Data extends DOMStructure implements X509Data { 53 54 private final List content; 55 private CertificateFactory cf; 56 57 /** 58 * Creates a DOMX509Data. 59 * 60 * @param content a list of one or more X.509 data types. Valid types are 61 * {@link String} (subject names), <code>byte[]</code> (subject key ids), 62 * {@link java.security.cert.X509Certificate}, {@link X509CRL}, 63 * or {@link javax.xml.dsig.XMLStructure} ({@link X509IssuerSerial} 64 * objects or elements from an external namespace). The list is 65 * defensively copied to protect against subsequent modification. 66 * @return a <code>X509Data</code> 67 * @throws NullPointerException if <code>content</code> is <code>null</code> 68 * @throws IllegalArgumentException if <code>content</code> is empty 69 * @throws ClassCastException if <code>content</code> contains any entries 70 * that are not of one of the valid types mentioned above 71 */ 72 public DOMX509Data(List content) { 73 if (content == null) { 74 throw new NullPointerException("content cannot be null"); 75 } 76 List contentCopy = new ArrayList(content); 77 if (contentCopy.isEmpty()) { 78 throw new IllegalArgumentException("content cannot be empty"); 79 } 80 for (int i = 0, size = contentCopy.size(); i < size; i++) { 81 Object x509Type = contentCopy.get(i); 82 if (x509Type instanceof String) { 83 new X500Principal((String) x509Type); 84 } else if (!(x509Type instanceof byte[]) && 85 !(x509Type instanceof X509Certificate) && 86 !(x509Type instanceof X509CRL) && 87 !(x509Type instanceof XMLStructure)) { 88 throw new ClassCastException 89 ("content["+i+"] is not a valid X509Data type"); 90 } 91 } 92 this.content = Collections.unmodifiableList(contentCopy); 93 } 94 95 /** 96 * Creates a <code>DOMX509Data</code> from an element. 97 * 98 * @param xdElem an X509Data element 99 * @throws MarshalException if there is an error while unmarshalling 100 */ 101 public DOMX509Data(Element xdElem) throws MarshalException { 102 // get all children nodes 103 NodeList nl = xdElem.getChildNodes(); 104 int length = nl.getLength(); 105 List content = new ArrayList(length); 106 for (int i = 0; i < length; i++) { 107 Node child = nl.item(i); 108 // ignore all non-Element nodes 109 if (child.getNodeType() != Node.ELEMENT_NODE) { 110 continue; 111 } 112 113 Element childElem = (Element) child; 114 String localName = childElem.getLocalName(); 115 if (localName.equals("X509Certificate")) { 116 content.add(unmarshalX509Certificate(childElem)); 117 } else if (localName.equals("X509IssuerSerial")) { 118 content.add(new DOMX509IssuerSerial(childElem)); 119 } else if (localName.equals("X509SubjectName")) { 120 content.add(childElem.getFirstChild().getNodeValue()); 121 } else if (localName.equals("X509SKI")) { 122 try { 123 content.add(Base64.decode(childElem)); 124 } catch (Base64DecodingException bde) { 125 throw new MarshalException("cannot decode X509SKI", bde); 126 } 127 } else if (localName.equals("X509CRL")) { 128 content.add(unmarshalX509CRL(childElem)); 129 } else { 130 content.add(new javax.xml.crypto.dom.DOMStructure(childElem)); 131 } 132 } 133 this.content = Collections.unmodifiableList(content); 134 } 135 136 public List getContent() { 137 return content; 138 } 139 140 public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) 141 throws MarshalException { 142 Document ownerDoc = DOMUtils.getOwnerDocument(parent); 143 144 Element xdElem = DOMUtils.createElement 145 (ownerDoc, "X509Data", XMLSignature.XMLNS, dsPrefix); 146 147 // append children and preserve order 148 for (int i = 0, size = content.size(); i < size; i++) { 149 Object object = content.get(i); 150 if (object instanceof X509Certificate) { 151 marshalCert((X509Certificate) object,xdElem,ownerDoc,dsPrefix); 152 } else if (object instanceof XMLStructure) { 153 if (object instanceof X509IssuerSerial) { 154 ((DOMX509IssuerSerial) object).marshal 155 (xdElem, dsPrefix, context); 156 } else { 157 javax.xml.crypto.dom.DOMStructure domContent = 158 (javax.xml.crypto.dom.DOMStructure) object; 159 DOMUtils.appendChild(xdElem, domContent.getNode()); 160 } 161 } else if (object instanceof byte[]) { 162 marshalSKI((byte[]) object, xdElem, ownerDoc, dsPrefix); 163 } else if (object instanceof String) { 164 marshalSubjectName((String) object, xdElem, ownerDoc,dsPrefix); 165 } else if (object instanceof X509CRL) { 166 marshalCRL((X509CRL) object, xdElem, ownerDoc, dsPrefix); 167 } 168 } 169 170 parent.appendChild(xdElem); 171 } 172 173 private void marshalSKI(byte[] skid, Node parent, Document doc, 174 String dsPrefix) { 175 176 Element skidElem = DOMUtils.createElement 177 (doc, "X509SKI", XMLSignature.XMLNS, dsPrefix); 178 skidElem.appendChild(doc.createTextNode(Base64.encode(skid))); 179 parent.appendChild(skidElem); 180 } 181 182 private void marshalSubjectName(String name, Node parent, Document doc, 183 String dsPrefix) { 184 185 Element snElem = DOMUtils.createElement 186 (doc, "X509SubjectName", XMLSignature.XMLNS, dsPrefix); 187 snElem.appendChild(doc.createTextNode(name)); 188 parent.appendChild(snElem); 189 } 190 191 private void marshalCert(X509Certificate cert, Node parent, Document doc, 192 String dsPrefix) throws MarshalException { 193 194 Element certElem = DOMUtils.createElement 195 (doc, "X509Certificate", XMLSignature.XMLNS, dsPrefix); 196 try { 197 certElem.appendChild(doc.createTextNode 198 (Base64.encode(cert.getEncoded()))); 199 } catch (CertificateEncodingException e) { 200 throw new MarshalException("Error encoding X509Certificate", e); 201 } 202 parent.appendChild(certElem); 203 } 204 205 private void marshalCRL(X509CRL crl, Node parent, Document doc, 206 String dsPrefix) throws MarshalException { 207 208 Element crlElem = DOMUtils.createElement 209 (doc, "X509CRL", XMLSignature.XMLNS, dsPrefix); 210 try { 211 crlElem.appendChild(doc.createTextNode 212 (Base64.encode(crl.getEncoded()))); 213 } catch (CRLException e) { 214 throw new MarshalException("Error encoding X509CRL", e); 215 } 216 parent.appendChild(crlElem); 217 } 218 219 private X509Certificate unmarshalX509Certificate(Element elem) 220 throws MarshalException { 221 try { 222 ByteArrayInputStream bs = unmarshalBase64Binary(elem); 223 return (X509Certificate) cf.generateCertificate(bs); 224 } catch (CertificateException e) { 225 throw new MarshalException("Cannot create X509Certificate", e); 226 } 227 } 228 229 private X509CRL unmarshalX509CRL(Element elem) throws MarshalException { 230 try { 231 ByteArrayInputStream bs = unmarshalBase64Binary(elem); 232 return (X509CRL) cf.generateCRL(bs); 233 } catch (CRLException e) { 234 throw new MarshalException("Cannot create X509CRL", e); 235 } 236 } 237 238 private ByteArrayInputStream unmarshalBase64Binary(Element elem) 239 throws MarshalException { 240 try { 241 if (cf == null) { 242 cf = CertificateFactory.getInstance("X.509"); 243 } 244 return new ByteArrayInputStream(Base64.decode(elem)); 245 } catch (CertificateException e) { 246 throw new MarshalException("Cannot create CertificateFactory", e); 247 } catch (Base64DecodingException bde) { 248 throw new MarshalException("Cannot decode Base64-encoded val", bde); 249 } 250 } 251 252 public boolean equals(Object o) { 253 if (this == o) { 254 return true; 255 } 256 257 if (!(o instanceof X509Data)) { 258 return false; 259 } 260 X509Data oxd = (X509Data) o; 261 262 List ocontent = oxd.getContent(); 263 int size = content.size(); 264 if (size != ocontent.size()) { 265 return false; 266 } 267 268 for (int i = 0; i < size; i++) { 269 Object x = content.get(i); 270 Object ox = ocontent.get(i); 271 if (x instanceof byte[]) { 272 if (!(ox instanceof byte[]) || 273 !Arrays.equals((byte[]) x, (byte[]) ox)) { 274 return false; 275 } 276 } else { 277 if (!(x.equals(ox))) { 278 return false; 279 } 280 } 281 } 282 283 return true; 284 } 285 } | 1 /* 2 * reserved comment block 3 * DO NOT REMOVE OR ALTER! 4 */ 5 /** 6 * Licensed to the Apache Software Foundation (ASF) under one 7 * or more contributor license agreements. See the NOTICE file 8 * distributed with this work for additional information 9 * regarding copyright ownership. The ASF licenses this file 10 * to you under the Apache License, Version 2.0 (the 11 * "License"); you may not use this file except in compliance 12 * with the License. You may obtain a copy of the License at 13 * 14 * http://www.apache.org/licenses/LICENSE-2.0 15 * 16 * Unless required by applicable law or agreed to in writing, 17 * software distributed under the License is distributed on an 18 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 19 * KIND, either express or implied. See the License for the 20 * specific language governing permissions and limitations 21 * under the License. 22 */ 23 /* 24 * Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved. 25 */ 26 /* 27 * $Id: DOMX509Data.java 1333415 2012-05-03 12:03:51Z coheigea $ 28 */ 29 package org.jcp.xml.dsig.internal.dom; 30 31 import java.io.ByteArrayInputStream; 32 import java.security.cert.*; 33 import java.util.*; 34 import javax.xml.crypto.*; 35 import javax.xml.crypto.dom.DOMCryptoContext; 36 import javax.xml.crypto.dsig.*; 37 import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial; 38 import javax.xml.crypto.dsig.keyinfo.X509Data; 39 import javax.security.auth.x500.X500Principal; 40 import org.w3c.dom.Document; 41 import org.w3c.dom.Element; 42 import org.w3c.dom.Node; 43 import org.w3c.dom.NodeList; 44 45 import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException; 46 import com.sun.org.apache.xml.internal.security.utils.Base64; 47 48 /** 49 * DOM-based implementation of X509Data. 50 * 51 * @author Sean Mullan 52 */ 53 //@@@ check for illegal combinations of data violating MUSTs in W3c spec 54 public final class DOMX509Data extends DOMStructure implements X509Data { 55 56 private final List<Object> content; 57 private CertificateFactory cf; 58 59 /** 60 * Creates a DOMX509Data. 61 * 62 * @param content a list of one or more X.509 data types. Valid types are 63 * {@link String} (subject names), <code>byte[]</code> (subject key ids), 64 * {@link java.security.cert.X509Certificate}, {@link X509CRL}, 65 * or {@link javax.xml.dsig.XMLStructure} ({@link X509IssuerSerial} 66 * objects or elements from an external namespace). The list is 67 * defensively copied to protect against subsequent modification. 68 * @return a <code>X509Data</code> 69 * @throws NullPointerException if <code>content</code> is <code>null</code> 70 * @throws IllegalArgumentException if <code>content</code> is empty 71 * @throws ClassCastException if <code>content</code> contains any entries 72 * that are not of one of the valid types mentioned above 73 */ 74 public DOMX509Data(List<?> content) { 75 if (content == null) { 76 throw new NullPointerException("content cannot be null"); 77 } 78 List<Object> contentCopy = new ArrayList<Object>(content); 79 if (contentCopy.isEmpty()) { 80 throw new IllegalArgumentException("content cannot be empty"); 81 } 82 for (int i = 0, size = contentCopy.size(); i < size; i++) { 83 Object x509Type = contentCopy.get(i); 84 if (x509Type instanceof String) { 85 new X500Principal((String)x509Type); 86 } else if (!(x509Type instanceof byte[]) && 87 !(x509Type instanceof X509Certificate) && 88 !(x509Type instanceof X509CRL) && 89 !(x509Type instanceof XMLStructure)) { 90 throw new ClassCastException 91 ("content["+i+"] is not a valid X509Data type"); 92 } 93 } 94 this.content = Collections.unmodifiableList(contentCopy); 95 } 96 97 /** 98 * Creates a <code>DOMX509Data</code> from an element. 99 * 100 * @param xdElem an X509Data element 101 * @throws MarshalException if there is an error while unmarshalling 102 */ 103 public DOMX509Data(Element xdElem) throws MarshalException { 104 // get all children nodes 105 NodeList nl = xdElem.getChildNodes(); 106 int length = nl.getLength(); 107 List<Object> content = new ArrayList<Object>(length); 108 for (int i = 0; i < length; i++) { 109 Node child = nl.item(i); 110 // ignore all non-Element nodes 111 if (child.getNodeType() != Node.ELEMENT_NODE) { 112 continue; 113 } 114 115 Element childElem = (Element)child; 116 String localName = childElem.getLocalName(); 117 if (localName.equals("X509Certificate")) { 118 content.add(unmarshalX509Certificate(childElem)); 119 } else if (localName.equals("X509IssuerSerial")) { 120 content.add(new DOMX509IssuerSerial(childElem)); 121 } else if (localName.equals("X509SubjectName")) { 122 content.add(childElem.getFirstChild().getNodeValue()); 123 } else if (localName.equals("X509SKI")) { 124 try { 125 content.add(Base64.decode(childElem)); 126 } catch (Base64DecodingException bde) { 127 throw new MarshalException("cannot decode X509SKI", bde); 128 } 129 } else if (localName.equals("X509CRL")) { 130 content.add(unmarshalX509CRL(childElem)); 131 } else { 132 content.add(new javax.xml.crypto.dom.DOMStructure(childElem)); 133 } 134 } 135 this.content = Collections.unmodifiableList(content); 136 } 137 138 public List getContent() { 139 return content; 140 } 141 142 public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) 143 throws MarshalException 144 { 145 Document ownerDoc = DOMUtils.getOwnerDocument(parent); 146 Element xdElem = DOMUtils.createElement(ownerDoc, "X509Data", 147 XMLSignature.XMLNS, dsPrefix); 148 149 // append children and preserve order 150 for (int i = 0, size = content.size(); i < size; i++) { 151 Object object = content.get(i); 152 if (object instanceof X509Certificate) { 153 marshalCert((X509Certificate)object,xdElem,ownerDoc,dsPrefix); 154 } else if (object instanceof XMLStructure) { 155 if (object instanceof X509IssuerSerial) { 156 ((DOMX509IssuerSerial)object).marshal 157 (xdElem, dsPrefix, context); 158 } else { 159 javax.xml.crypto.dom.DOMStructure domContent = 160 (javax.xml.crypto.dom.DOMStructure)object; 161 DOMUtils.appendChild(xdElem, domContent.getNode()); 162 } 163 } else if (object instanceof byte[]) { 164 marshalSKI((byte[])object, xdElem, ownerDoc, dsPrefix); 165 } else if (object instanceof String) { 166 marshalSubjectName((String)object, xdElem, ownerDoc,dsPrefix); 167 } else if (object instanceof X509CRL) { 168 marshalCRL((X509CRL)object, xdElem, ownerDoc, dsPrefix); 169 } 170 } 171 172 parent.appendChild(xdElem); 173 } 174 175 private void marshalSKI(byte[] skid, Node parent, Document doc, 176 String dsPrefix) 177 { 178 Element skidElem = DOMUtils.createElement(doc, "X509SKI", 179 XMLSignature.XMLNS, dsPrefix); 180 skidElem.appendChild(doc.createTextNode(Base64.encode(skid))); 181 parent.appendChild(skidElem); 182 } 183 184 private void marshalSubjectName(String name, Node parent, Document doc, 185 String dsPrefix) 186 { 187 Element snElem = DOMUtils.createElement(doc, "X509SubjectName", 188 XMLSignature.XMLNS, dsPrefix); 189 snElem.appendChild(doc.createTextNode(name)); 190 parent.appendChild(snElem); 191 } 192 193 private void marshalCert(X509Certificate cert, Node parent, Document doc, 194 String dsPrefix) 195 throws MarshalException 196 { 197 Element certElem = DOMUtils.createElement(doc, "X509Certificate", 198 XMLSignature.XMLNS, dsPrefix); 199 try { 200 certElem.appendChild(doc.createTextNode 201 (Base64.encode(cert.getEncoded()))); 202 } catch (CertificateEncodingException e) { 203 throw new MarshalException("Error encoding X509Certificate", e); 204 } 205 parent.appendChild(certElem); 206 } 207 208 private void marshalCRL(X509CRL crl, Node parent, Document doc, 209 String dsPrefix) 210 throws MarshalException 211 { 212 Element crlElem = DOMUtils.createElement(doc, "X509CRL", 213 XMLSignature.XMLNS, dsPrefix); 214 try { 215 crlElem.appendChild(doc.createTextNode 216 (Base64.encode(crl.getEncoded()))); 217 } catch (CRLException e) { 218 throw new MarshalException("Error encoding X509CRL", e); 219 } 220 parent.appendChild(crlElem); 221 } 222 223 private X509Certificate unmarshalX509Certificate(Element elem) 224 throws MarshalException 225 { 226 try { 227 ByteArrayInputStream bs = unmarshalBase64Binary(elem); 228 return (X509Certificate)cf.generateCertificate(bs); 229 } catch (CertificateException e) { 230 throw new MarshalException("Cannot create X509Certificate", e); 231 } 232 } 233 234 private X509CRL unmarshalX509CRL(Element elem) throws MarshalException { 235 try { 236 ByteArrayInputStream bs = unmarshalBase64Binary(elem); 237 return (X509CRL)cf.generateCRL(bs); 238 } catch (CRLException e) { 239 throw new MarshalException("Cannot create X509CRL", e); 240 } 241 } 242 243 private ByteArrayInputStream unmarshalBase64Binary(Element elem) 244 throws MarshalException { 245 try { 246 if (cf == null) { 247 cf = CertificateFactory.getInstance("X.509"); 248 } 249 return new ByteArrayInputStream(Base64.decode(elem)); 250 } catch (CertificateException e) { 251 throw new MarshalException("Cannot create CertificateFactory", e); 252 } catch (Base64DecodingException bde) { 253 throw new MarshalException("Cannot decode Base64-encoded val", bde); 254 } 255 } 256 257 @Override 258 public boolean equals(Object o) { 259 if (this == o) { 260 return true; 261 } 262 263 if (!(o instanceof X509Data)) { 264 return false; 265 } 266 X509Data oxd = (X509Data)o; 267 268 @SuppressWarnings("unchecked") List<Object> ocontent = oxd.getContent(); 269 int size = content.size(); 270 if (size != ocontent.size()) { 271 return false; 272 } 273 274 for (int i = 0; i < size; i++) { 275 Object x = content.get(i); 276 Object ox = ocontent.get(i); 277 if (x instanceof byte[]) { 278 if (!(ox instanceof byte[]) || 279 !Arrays.equals((byte[])x, (byte[])ox)) { 280 return false; 281 } 282 } else { 283 if (!(x.equals(ox))) { 284 return false; 285 } 286 } 287 } 288 289 return true; 290 } 291 292 @Override 293 public int hashCode() { 294 int result = 17; 295 result = 31 * result + content.hashCode(); 296 297 return result; 298 } 299 } |