/*
* Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* $Id: DOMPGPData.java,v 1.18 2005/05/12 19:28:31 mullan Exp $
*/
package org.jcp.xml.dsig.internal.dom;
import java.util.*;
import javax.xml.crypto.*;
import javax.xml.crypto.dom.DOMCryptoContext;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.keyinfo.PGPData;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
import com.sun.org.apache.xml.internal.security.utils.Base64;
/**
* DOM-based implementation of PGPData.
*
* @author Sean Mullan
*/
public final class DOMPGPData extends DOMStructure implements PGPData {
private final byte[] keyId;
private final byte[] keyPacket;
private final List externalElements;
/**
* Creates a <code>DOMPGPData</code> containing the specified key packet.
* and optional list of external elements.
*
* @param keyPacket a PGP Key Material Packet as defined in section 5.5 of
* <a href="http://www.ietf.org/rfc/rfc2440.txt"/>RFC 2440</a>. The
* array is cloned to prevent subsequent modification.
* @param other a list of {@link XMLStructure}s representing elements from
* an external namespace. The list is defensively copied to prevent
* subsequent modification. May be <code>null</code> or empty.
* @throws NullPointerException if <code>keyPacket</code> is
* <code>null</code>
* @throws IllegalArgumentException if the key packet is not in the
* correct format
* @throws ClassCastException if <code>other</code> contains any
* entries that are not of type {@link XMLStructure}
*/
public DOMPGPData(byte[] keyPacket, List other) {
if (keyPacket == null) {
throw new NullPointerException("keyPacket cannot be null");
}
if (other == null || other.isEmpty()) {
this.externalElements = Collections.EMPTY_LIST;
} else {
List otherCopy = new ArrayList(other);
for (int i = 0, size = otherCopy.size(); i < size; i++) {
if (!(otherCopy.get(i) instanceof XMLStructure)) {
throw new ClassCastException
("other["+i+"] is not a valid PGPData type");
}
}
this.externalElements = Collections.unmodifiableList(otherCopy);
}
this.keyPacket = (byte []) keyPacket.clone();
checkKeyPacket(keyPacket);
this.keyId = null;
}
/**
* Creates a <code>DOMPGPData</code> containing the specified key id and
* optional key packet and list of external elements.
*
* @param keyId a PGP public key id as defined in section 11.2 of
* <a href="http://www.ietf.org/rfc/rfc2440.txt"/>RFC 2440</a>. The
* array is cloned to prevent subsequent modification.
* @param keyPacket a PGP Key Material Packet as defined in section 5.5 of
* <a href="http://www.ietf.org/rfc/rfc2440.txt"/>RFC 2440</a> (may
* be <code>null</code>). The array is cloned to prevent subsequent
* modification.
* @param other a list of {@link XMLStructure}s representing elements from
* an external namespace. The list is defensively copied to prevent
* subsequent modification. May be <code>null</code> or empty.
* @throws NullPointerException if <code>keyId</code> is <code>null</code>
* @throws IllegalArgumentException if the key id or packet is not in the
* correct format
* @throws ClassCastException if <code>other</code> contains any
* entries that are not of type {@link XMLStructure}
*/
public DOMPGPData(byte[] keyId, byte[] keyPacket, List other) {
if (keyId == null) {
throw new NullPointerException("keyId cannot be null");
}
// key ids must be 8 bytes
if (keyId.length != 8) {
throw new IllegalArgumentException("keyId must be 8 bytes long");
}
if (other == null || other.isEmpty()) {
this.externalElements = Collections.EMPTY_LIST;
} else {
List otherCopy = new ArrayList(other);
for (int i = 0, size = otherCopy.size(); i < size; i++) {
if (!(otherCopy.get(i) instanceof XMLStructure)) {
throw new ClassCastException
("other["+i+"] is not a valid PGPData type");
}
}
this.externalElements = Collections.unmodifiableList(otherCopy);
}
this.keyId = (byte []) keyId.clone();
this.keyPacket = keyPacket == null ? null : (byte []) keyPacket.clone();
if (keyPacket != null) {
checkKeyPacket(keyPacket);
}
}
/**
* Creates a <code>DOMPGPData</code> from an element.
*
* @param pdElem a PGPData element
*/
public DOMPGPData(Element pdElem) throws MarshalException {
// get all children nodes
byte[] keyId = null;
byte[] keyPacket = null;
NodeList nl = pdElem.getChildNodes();
int length = nl.getLength();
List other = new ArrayList(length);
for (int x = 0; x < length; x++) {
Node n = nl.item(x);
if (n.getNodeType() == Node.ELEMENT_NODE) {
Element childElem = (Element) n;
String localName = childElem.getLocalName();
try {
if (localName.equals("PGPKeyID")) {
keyId = Base64.decode(childElem);
} else if (localName.equals("PGPKeyPacket")){
keyPacket = Base64.decode(childElem);
} else {
other.add
(new javax.xml.crypto.dom.DOMStructure(childElem));
}
} catch (Base64DecodingException bde) {
throw new MarshalException(bde);
}
}
}
this.keyId = keyId;
this.keyPacket = keyPacket;
this.externalElements = Collections.unmodifiableList(other);
}
public byte[] getKeyId() {
return (keyId == null ? null : (byte []) keyId.clone());
}
public byte[] getKeyPacket() {
return (keyPacket == null ? null : (byte []) keyPacket.clone());
}
public List getExternalElements() {
return externalElements;
}
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
throws MarshalException {
Document ownerDoc = DOMUtils.getOwnerDocument(parent);
Element pdElem = DOMUtils.createElement
(ownerDoc, "PGPData", XMLSignature.XMLNS, dsPrefix);
// create and append PGPKeyID element
if (keyId != null) {
Element keyIdElem = DOMUtils.createElement
(ownerDoc, "PGPKeyID", XMLSignature.XMLNS, dsPrefix);
keyIdElem.appendChild
(ownerDoc.createTextNode(Base64.encode(keyId)));
pdElem.appendChild(keyIdElem);
}
// create and append PGPKeyPacket element
if (keyPacket != null) {
Element keyPktElem = DOMUtils.createElement
(ownerDoc, "PGPKeyPacket", XMLSignature.XMLNS, dsPrefix);
keyPktElem.appendChild
(ownerDoc.createTextNode(Base64.encode(keyPacket)));
pdElem.appendChild(keyPktElem);
}
// create and append any elements
for (int i = 0, size = externalElements.size(); i < size; i++) {
DOMUtils.appendChild(pdElem, ((javax.xml.crypto.dom.DOMStructure)
externalElements.get(i)).getNode());
}
parent.appendChild(pdElem);
}
/**
* We assume packets use the new format packet syntax, as specified in
* section 4 of RFC 2440.
*
* This method only checks if the packet contains a valid tag. The
* contents of the packet should be checked by the application.
*/
private void checkKeyPacket(byte[] keyPacket) {
// length must be at least 3 (one byte for tag, one byte for length,
// and minimally one byte of content
if (keyPacket.length < 3) {
throw new IllegalArgumentException("keypacket must be at least " +
"3 bytes long");
}
int tag = keyPacket[0];
// first bit must be set
if ((tag & 128) != 128) {
throw new IllegalArgumentException("keypacket tag is invalid: " +
"bit 7 is not set");
}
// make sure using new format
if ((tag & 64) != 64) {
throw new IllegalArgumentException("old keypacket tag format is " +
"unsupported");
}
// tag value must be 6, 14, 5 or 7
if (((tag & 6) != 6) && ((tag & 14) != 14) &&
((tag & 5) != 5) && ((tag & 7) != 7)) {
throw new IllegalArgumentException("keypacket tag is invalid: " +
"must be 6, 14, 5, or 7");
}
}
}