author | mullan |
Fri, 21 Nov 2014 15:23:36 -0500 | |
changeset 27747 | 3a271dc8b758 |
parent 25859 | 3317bb8137f4 |
child 32003 | acb12269398a |
permissions | -rw-r--r-- |
2 | 1 |
/* |
1337 | 2 |
* reserved comment block |
3 |
* DO NOT REMOVE OR ALTER! |
|
2 | 4 |
*/ |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
5 |
/** |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
6 |
* Licensed to the Apache Software Foundation (ASF) under one |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
7 |
* or more contributor license agreements. See the NOTICE file |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
8 |
* distributed with this work for additional information |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
9 |
* regarding copyright ownership. The ASF licenses this file |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
10 |
* to you under the Apache License, Version 2.0 (the |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
11 |
* "License"); you may not use this file except in compliance |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
12 |
* with the License. You may obtain a copy of the License at |
1337 | 13 |
* |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
14 |
* http://www.apache.org/licenses/LICENSE-2.0 |
1337 | 15 |
* |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
16 |
* Unless required by applicable law or agreed to in writing, |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
17 |
* software distributed under the License is distributed on an |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
18 |
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
19 |
* KIND, either express or implied. See the License for the |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
20 |
* specific language governing permissions and limitations |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
21 |
* under the License. |
1337 | 22 |
*/ |
23 |
/* |
|
24970
094bfaa699c3
8046044: Fix raw and unchecked lint warnings in XML Signature Impl
mullan
parents:
23010
diff
changeset
|
24 |
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. |
1337 | 25 |
*/ |
26 |
/* |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
27 |
* $Id: DOMPGPData.java 1203846 2011-11-18 21:18:17Z mullan $ |
2 | 28 |
*/ |
29 |
package org.jcp.xml.dsig.internal.dom; |
|
30 |
||
31 |
import java.util.*; |
|
32 |
import javax.xml.crypto.*; |
|
33 |
import javax.xml.crypto.dom.DOMCryptoContext; |
|
34 |
import javax.xml.crypto.dsig.*; |
|
35 |
import javax.xml.crypto.dsig.keyinfo.PGPData; |
|
36 |
import org.w3c.dom.Document; |
|
37 |
import org.w3c.dom.Element; |
|
38 |
import org.w3c.dom.Node; |
|
39 |
import org.w3c.dom.NodeList; |
|
40 |
||
41 |
import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException; |
|
42 |
import com.sun.org.apache.xml.internal.security.utils.Base64; |
|
43 |
||
44 |
/** |
|
45 |
* DOM-based implementation of PGPData. |
|
46 |
* |
|
47 |
* @author Sean Mullan |
|
48 |
*/ |
|
49 |
public final class DOMPGPData extends DOMStructure implements PGPData { |
|
50 |
||
51 |
private final byte[] keyId; |
|
52 |
private final byte[] keyPacket; |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
53 |
private final List<XMLStructure> externalElements; |
2 | 54 |
|
55 |
/** |
|
56 |
* Creates a <code>DOMPGPData</code> containing the specified key packet. |
|
57 |
* and optional list of external elements. |
|
58 |
* |
|
59 |
* @param keyPacket a PGP Key Material Packet as defined in section 5.5 of |
|
60 |
* <a href="http://www.ietf.org/rfc/rfc2440.txt"/>RFC 2440</a>. The |
|
61 |
* array is cloned to prevent subsequent modification. |
|
62 |
* @param other a list of {@link XMLStructure}s representing elements from |
|
63 |
* an external namespace. The list is defensively copied to prevent |
|
64 |
* subsequent modification. May be <code>null</code> or empty. |
|
65 |
* @throws NullPointerException if <code>keyPacket</code> is |
|
66 |
* <code>null</code> |
|
67 |
* @throws IllegalArgumentException if the key packet is not in the |
|
68 |
* correct format |
|
69 |
* @throws ClassCastException if <code>other</code> contains any |
|
70 |
* entries that are not of type {@link XMLStructure} |
|
71 |
*/ |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
72 |
public DOMPGPData(byte[] keyPacket, List<? extends XMLStructure> other) { |
2 | 73 |
if (keyPacket == null) { |
74 |
throw new NullPointerException("keyPacket cannot be null"); |
|
75 |
} |
|
27747 | 76 |
List<XMLStructure> tempList = |
77 |
Collections.checkedList(new ArrayList<XMLStructure>(), |
|
78 |
XMLStructure.class); |
|
79 |
if (other != null) { |
|
80 |
tempList.addAll(other); |
|
2 | 81 |
} |
27747 | 82 |
this.externalElements = Collections.unmodifiableList(tempList); |
22584
eed64ee05369
8032733: Fix cast lint warnings in client libraries
darcy
parents:
18780
diff
changeset
|
83 |
this.keyPacket = keyPacket.clone(); |
2 | 84 |
checkKeyPacket(keyPacket); |
85 |
this.keyId = null; |
|
86 |
} |
|
87 |
||
88 |
/** |
|
89 |
* Creates a <code>DOMPGPData</code> containing the specified key id and |
|
90 |
* optional key packet and list of external elements. |
|
91 |
* |
|
92 |
* @param keyId a PGP public key id as defined in section 11.2 of |
|
93 |
* <a href="http://www.ietf.org/rfc/rfc2440.txt"/>RFC 2440</a>. The |
|
94 |
* array is cloned to prevent subsequent modification. |
|
95 |
* @param keyPacket a PGP Key Material Packet as defined in section 5.5 of |
|
96 |
* <a href="http://www.ietf.org/rfc/rfc2440.txt"/>RFC 2440</a> (may |
|
97 |
* be <code>null</code>). The array is cloned to prevent subsequent |
|
98 |
* modification. |
|
99 |
* @param other a list of {@link XMLStructure}s representing elements from |
|
100 |
* an external namespace. The list is defensively copied to prevent |
|
101 |
* subsequent modification. May be <code>null</code> or empty. |
|
102 |
* @throws NullPointerException if <code>keyId</code> is <code>null</code> |
|
103 |
* @throws IllegalArgumentException if the key id or packet is not in the |
|
104 |
* correct format |
|
105 |
* @throws ClassCastException if <code>other</code> contains any |
|
106 |
* entries that are not of type {@link XMLStructure} |
|
107 |
*/ |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
108 |
public DOMPGPData(byte[] keyId, byte[] keyPacket, |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
109 |
List<? extends XMLStructure> other) |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
110 |
{ |
2 | 111 |
if (keyId == null) { |
112 |
throw new NullPointerException("keyId cannot be null"); |
|
113 |
} |
|
114 |
// key ids must be 8 bytes |
|
115 |
if (keyId.length != 8) { |
|
116 |
throw new IllegalArgumentException("keyId must be 8 bytes long"); |
|
117 |
} |
|
27747 | 118 |
List<XMLStructure> tempList = |
119 |
Collections.checkedList(new ArrayList<XMLStructure>(), |
|
120 |
XMLStructure.class); |
|
121 |
if (other != null) { |
|
122 |
tempList.addAll(other); |
|
2 | 123 |
} |
27747 | 124 |
this.externalElements = Collections.unmodifiableList(tempList); |
22584
eed64ee05369
8032733: Fix cast lint warnings in client libraries
darcy
parents:
18780
diff
changeset
|
125 |
this.keyId = keyId.clone(); |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
126 |
this.keyPacket = keyPacket == null ? null |
22584
eed64ee05369
8032733: Fix cast lint warnings in client libraries
darcy
parents:
18780
diff
changeset
|
127 |
: keyPacket.clone(); |
2 | 128 |
if (keyPacket != null) { |
129 |
checkKeyPacket(keyPacket); |
|
130 |
} |
|
131 |
} |
|
132 |
||
133 |
/** |
|
134 |
* Creates a <code>DOMPGPData</code> from an element. |
|
135 |
* |
|
136 |
* @param pdElem a PGPData element |
|
137 |
*/ |
|
138 |
public DOMPGPData(Element pdElem) throws MarshalException { |
|
139 |
// get all children nodes |
|
140 |
byte[] keyId = null; |
|
141 |
byte[] keyPacket = null; |
|
142 |
NodeList nl = pdElem.getChildNodes(); |
|
143 |
int length = nl.getLength(); |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
144 |
List<XMLStructure> other = new ArrayList<XMLStructure>(length); |
2 | 145 |
for (int x = 0; x < length; x++) { |
146 |
Node n = nl.item(x); |
|
147 |
if (n.getNodeType() == Node.ELEMENT_NODE) { |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
148 |
Element childElem = (Element)n; |
2 | 149 |
String localName = childElem.getLocalName(); |
150 |
try { |
|
151 |
if (localName.equals("PGPKeyID")) { |
|
152 |
keyId = Base64.decode(childElem); |
|
153 |
} else if (localName.equals("PGPKeyPacket")){ |
|
154 |
keyPacket = Base64.decode(childElem); |
|
155 |
} else { |
|
156 |
other.add |
|
157 |
(new javax.xml.crypto.dom.DOMStructure(childElem)); |
|
158 |
} |
|
159 |
} catch (Base64DecodingException bde) { |
|
160 |
throw new MarshalException(bde); |
|
161 |
} |
|
162 |
} |
|
163 |
} |
|
164 |
this.keyId = keyId; |
|
165 |
this.keyPacket = keyPacket; |
|
166 |
this.externalElements = Collections.unmodifiableList(other); |
|
167 |
} |
|
168 |
||
169 |
public byte[] getKeyId() { |
|
22584
eed64ee05369
8032733: Fix cast lint warnings in client libraries
darcy
parents:
18780
diff
changeset
|
170 |
return (keyId == null ? null : keyId.clone()); |
2 | 171 |
} |
172 |
||
173 |
public byte[] getKeyPacket() { |
|
22584
eed64ee05369
8032733: Fix cast lint warnings in client libraries
darcy
parents:
18780
diff
changeset
|
174 |
return (keyPacket == null ? null : keyPacket.clone()); |
2 | 175 |
} |
176 |
||
24970
094bfaa699c3
8046044: Fix raw and unchecked lint warnings in XML Signature Impl
mullan
parents:
23010
diff
changeset
|
177 |
public List<XMLStructure> getExternalElements() { |
2 | 178 |
return externalElements; |
179 |
} |
|
180 |
||
181 |
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
182 |
throws MarshalException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
183 |
{ |
2 | 184 |
Document ownerDoc = DOMUtils.getOwnerDocument(parent); |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
185 |
Element pdElem = DOMUtils.createElement(ownerDoc, "PGPData", |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
186 |
XMLSignature.XMLNS, dsPrefix); |
2 | 187 |
|
188 |
// create and append PGPKeyID element |
|
189 |
if (keyId != null) { |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
190 |
Element keyIdElem = DOMUtils.createElement(ownerDoc, "PGPKeyID", |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
191 |
XMLSignature.XMLNS, |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
192 |
dsPrefix); |
2 | 193 |
keyIdElem.appendChild |
194 |
(ownerDoc.createTextNode(Base64.encode(keyId))); |
|
195 |
pdElem.appendChild(keyIdElem); |
|
196 |
} |
|
197 |
||
198 |
// create and append PGPKeyPacket element |
|
199 |
if (keyPacket != null) { |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
200 |
Element keyPktElem = DOMUtils.createElement(ownerDoc, |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
201 |
"PGPKeyPacket", |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
202 |
XMLSignature.XMLNS, |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
203 |
dsPrefix); |
2 | 204 |
keyPktElem.appendChild |
205 |
(ownerDoc.createTextNode(Base64.encode(keyPacket))); |
|
206 |
pdElem.appendChild(keyPktElem); |
|
207 |
} |
|
208 |
||
209 |
// create and append any elements |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
210 |
for (XMLStructure extElem : externalElements) { |
2 | 211 |
DOMUtils.appendChild(pdElem, ((javax.xml.crypto.dom.DOMStructure) |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
212 |
extElem).getNode()); |
2 | 213 |
} |
214 |
||
215 |
parent.appendChild(pdElem); |
|
216 |
} |
|
217 |
||
218 |
/** |
|
219 |
* We assume packets use the new format packet syntax, as specified in |
|
220 |
* section 4 of RFC 2440. |
|
221 |
* |
|
222 |
* This method only checks if the packet contains a valid tag. The |
|
223 |
* contents of the packet should be checked by the application. |
|
224 |
*/ |
|
225 |
private void checkKeyPacket(byte[] keyPacket) { |
|
226 |
// length must be at least 3 (one byte for tag, one byte for length, |
|
227 |
// and minimally one byte of content |
|
228 |
if (keyPacket.length < 3) { |
|
229 |
throw new IllegalArgumentException("keypacket must be at least " + |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
230 |
"3 bytes long"); |
2 | 231 |
} |
232 |
||
233 |
int tag = keyPacket[0]; |
|
234 |
// first bit must be set |
|
235 |
if ((tag & 128) != 128) { |
|
236 |
throw new IllegalArgumentException("keypacket tag is invalid: " + |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
237 |
"bit 7 is not set"); |
2 | 238 |
} |
239 |
// make sure using new format |
|
240 |
if ((tag & 64) != 64) { |
|
241 |
throw new IllegalArgumentException("old keypacket tag format is " + |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
242 |
"unsupported"); |
2 | 243 |
} |
244 |
||
245 |
// tag value must be 6, 14, 5 or 7 |
|
246 |
if (((tag & 6) != 6) && ((tag & 14) != 14) && |
|
247 |
((tag & 5) != 5) && ((tag & 7) != 7)) { |
|
248 |
throw new IllegalArgumentException("keypacket tag is invalid: " + |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
249 |
"must be 6, 14, 5, or 7"); |
2 | 250 |
} |
251 |
} |
|
252 |
} |