/*

 * reserved comment block

 * DO NOT REMOVE OR ALTER!

 */

/**

 * Licensed to the Apache Software Foundation (ASF) under one

 * or more contributor license agreements. See the NOTICE file

 * distributed with this work for additional information

 * regarding copyright ownership. The ASF licenses this file

 * to you under the Apache License, Version 2.0 (the

 * "License"); you may not use this file except in compliance

 * with the License. You may obtain a copy of the License at

 *

 * http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing,

 * software distributed under the License is distributed on an

 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

 * KIND, either express or implied. See the License for the

 * specific language governing permissions and limitations

 * under the License.

 */

/*

 * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.

 */

/*

 * $Id: DOMX509Data.java 1854026 2019-02-21 09:30:01Z coheigea $

 */

package org.jcp.xml.dsig.internal.dom;

import java.io.ByteArrayInputStream;

import java.io.IOException;

import java.security.cert.*;

import java.util.*;

import javax.security.auth.x500.X500Principal;

import javax.xml.crypto.MarshalException;

import javax.xml.crypto.XMLStructure;

import javax.xml.crypto.dom.DOMCryptoContext;

import javax.xml.crypto.dsig.XMLSignature;

import javax.xml.crypto.dsig.keyinfo.X509Data;

import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;

import org.w3c.dom.Document;

import org.w3c.dom.Element;

import org.w3c.dom.Node;

import com.sun.org.apache.xml.internal.security.utils.XMLUtils;

/**

 * DOM-based implementation of X509Data.

 *

 */

//@@@ check for illegal combinations of data violating MUSTs in W3c spec

public final class DOMX509Data extends DOMStructure implements X509Data {

    private final List<Object> content;

    private CertificateFactory cf;

    /**

     * Creates a DOMX509Data.

     *

     * @param content a list of one or more X.509 data types. Valid types are

     *    {@link String} (subject names), {@code byte[]} (subject key ids),

     *    {@link java.security.cert.X509Certificate}, {@link X509CRL},

     *    or {@link javax.xml.dsig.XMLStructure}

     *    objects or elements from an external namespace). The list is

     *    defensively copied to protect against subsequent modification.

     * @throws NullPointerException if {@code content} is {@code null}

     * @throws IllegalArgumentException if {@code content} is empty

     * @throws ClassCastException if {@code content} contains any entries

     *    that are not of one of the valid types mentioned above

     */

    public DOMX509Data(List<?> content) {

        if (content == null) {

            throw new NullPointerException("content cannot be null");

        }

        List<Object> contentCopy = new ArrayList<>(content);

        if (contentCopy.isEmpty()) {

            throw new IllegalArgumentException("content cannot be empty");

        }

        for (int i = 0, size = contentCopy.size(); i < size; i++) {

            Object x509Type = contentCopy.get(i);

            if (x509Type instanceof String) {

                new X500Principal((String)x509Type);

            } else if (!(x509Type instanceof byte[]) &&

                !(x509Type instanceof X509Certificate) &&

                !(x509Type instanceof X509CRL) &&

                !(x509Type instanceof XMLStructure)) {

                throw new ClassCastException

                    ("content["+i+"] is not a valid X509Data type");

            }

        }

        this.content = Collections.unmodifiableList(contentCopy);

    }

    /**

     * Creates a {@code DOMX509Data} from an element.

     *

     * @param xdElem an X509Data element

     * @throws MarshalException if there is an error while unmarshalling

     */

    public DOMX509Data(Element xdElem) throws MarshalException {

        // get all children nodes

        List<Object> newContent = new ArrayList<>();

        Node firstChild = xdElem.getFirstChild();

        while (firstChild != null) {

            if (firstChild.getNodeType() == Node.ELEMENT_NODE) {

                Element childElem = (Element)firstChild;

                String localName = childElem.getLocalName();

                String namespace = childElem.getNamespaceURI();

                if ("X509Certificate".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {

                    newContent.add(unmarshalX509Certificate(childElem));

                } else if ("X509IssuerSerial".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {

                    newContent.add(new DOMX509IssuerSerial(childElem));

                } else if ("X509SubjectName".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {

                    newContent.add(childElem.getFirstChild().getNodeValue());

                } else if ("X509SKI".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {

                    String content = XMLUtils.getFullTextChildrenFromNode(childElem);

                    newContent.add(XMLUtils.decode(content));

                } else if ("X509CRL".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {

                    newContent.add(unmarshalX509CRL(childElem));

                } else {

                    newContent.add(new javax.xml.crypto.dom.DOMStructure(childElem));

                }

            }

            firstChild = firstChild.getNextSibling();

        }

        this.content = Collections.unmodifiableList(newContent);

    }

    public List<Object> getContent() {

        return content;

    }

    @Override

    public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)

        throws MarshalException

    {

        Document ownerDoc = DOMUtils.getOwnerDocument(parent);

        Element xdElem = DOMUtils.createElement(ownerDoc, "X509Data",

                                                XMLSignature.XMLNS, dsPrefix);

        // append children and preserve order

        for (int i = 0, size = content.size(); i < size; i++) {

            Object object = content.get(i);

            if (object instanceof X509Certificate) {

                marshalCert((X509Certificate)object,xdElem,ownerDoc,dsPrefix);

            } else if (object instanceof XMLStructure) {

                if (object instanceof X509IssuerSerial) {

                    ((DOMX509IssuerSerial)object).marshal

                        (xdElem, dsPrefix, context);

                } else {

                    javax.xml.crypto.dom.DOMStructure domContent =

                        (javax.xml.crypto.dom.DOMStructure)object;

                    DOMUtils.appendChild(xdElem, domContent.getNode());

                }

            } else if (object instanceof byte[]) {

                marshalSKI((byte[])object, xdElem, ownerDoc, dsPrefix);

            } else if (object instanceof String) {

                marshalSubjectName((String)object, xdElem, ownerDoc,dsPrefix);

            } else if (object instanceof X509CRL) {

                marshalCRL((X509CRL)object, xdElem, ownerDoc, dsPrefix);

            }

        }

        parent.appendChild(xdElem);

    }

    private void marshalSKI(byte[] skid, Node parent, Document doc,

                            String dsPrefix)

    {

        Element skidElem = DOMUtils.createElement(doc, "X509SKI",

                                                  XMLSignature.XMLNS, dsPrefix);

        skidElem.appendChild(doc.createTextNode(XMLUtils.encodeToString(skid)));

        parent.appendChild(skidElem);

    }

    private void marshalSubjectName(String name, Node parent, Document doc,

                                    String dsPrefix)

    {

        Element snElem = DOMUtils.createElement(doc, "X509SubjectName",

                                                XMLSignature.XMLNS, dsPrefix);

        snElem.appendChild(doc.createTextNode(name));

        parent.appendChild(snElem);

    }

    private void marshalCert(X509Certificate cert, Node parent, Document doc,

                             String dsPrefix)

        throws MarshalException

    {

        Element certElem = DOMUtils.createElement(doc, "X509Certificate",

                                                  XMLSignature.XMLNS, dsPrefix);

        try {

            certElem.appendChild(doc.createTextNode

                                 (XMLUtils.encodeToString(cert.getEncoded())));

        } catch (CertificateEncodingException e) {

            throw new MarshalException("Error encoding X509Certificate", e);

        }

        parent.appendChild(certElem);

    }

    private void marshalCRL(X509CRL crl, Node parent, Document doc,

                            String dsPrefix)

        throws MarshalException

    {

        Element crlElem = DOMUtils.createElement(doc, "X509CRL",

                                                 XMLSignature.XMLNS, dsPrefix);

        try {

            crlElem.appendChild(doc.createTextNode

                                (XMLUtils.encodeToString(crl.getEncoded())));

        } catch (CRLException e) {

            throw new MarshalException("Error encoding X509CRL", e);

        }

        parent.appendChild(crlElem);

    }

    private X509Certificate unmarshalX509Certificate(Element elem)

        throws MarshalException

    {

        try (ByteArrayInputStream bs = unmarshalBase64Binary(elem)) {

            return (X509Certificate)cf.generateCertificate(bs);

        } catch (CertificateException e) {

            throw new MarshalException("Cannot create X509Certificate", e);

        } catch (IOException e) {

            throw new MarshalException("Error closing stream", e);

        }

    }

    private X509CRL unmarshalX509CRL(Element elem) throws MarshalException {

        try (ByteArrayInputStream bs = unmarshalBase64Binary(elem)) {

            return (X509CRL)cf.generateCRL(bs);

        } catch (CRLException e) {

            throw new MarshalException("Cannot create X509CRL", e);

        } catch (IOException e) {

            throw new MarshalException("Error closing stream", e);

        }

    }

    private ByteArrayInputStream unmarshalBase64Binary(Element elem)

        throws MarshalException {

        try {

            if (cf == null) {

                cf = CertificateFactory.getInstance("X.509");

            }

            String content = XMLUtils.getFullTextChildrenFromNode(elem);

            return new ByteArrayInputStream(XMLUtils.decode(content));

        } catch (CertificateException e) {

            throw new MarshalException("Cannot create CertificateFactory", e);

        }

    }

    @Override

    public boolean equals(Object o) {

        if (this == o) {

            return true;

        }

        if (!(o instanceof X509Data)) {

            return false;

        }

        X509Data oxd = (X509Data)o;

        List<?> ocontent = oxd.getContent();

        int size = content.size();

        if (size != ocontent.size()) {

            return false;

        }

        for (int i = 0; i < size; i++) {

            Object x = content.get(i);

            Object ox = ocontent.get(i);

            if (x instanceof byte[]) {

                if (!(ox instanceof byte[]) ||

                    !Arrays.equals((byte[])x, (byte[])ox)) {

                    return false;

                }

            } else {

                if (!(x.equals(ox))) {

                    return false;

                }

            }

        }

        return true;

    }

    @Override

    public int hashCode() {

        int result = 17;

        result = 31 * result + content.hashCode();

        return result;

    }

}