XMLX509SKIpublic class XMLX509SKI extends SignatureElementProxy implements XMLX509DataContent| Handles SubjectKeyIdentifier (SKI) for X.509v3. |
| Fields Summary |
|---|
| static Logger | log{@link java.util.logging} logging facility | | public static final String | SKI_OIDSubjectKeyIdentifier (id-ce-subjectKeyIdentifier) (2.5.29.14):
This extension identifies the public key being certified. It enables
distinct keys used by the same subject to be differentiated
(e.g., as key updating occurs).
A key identifer shall be unique with respect to all key identifiers
for the subject with which it is used. This extension is always non-critical. |
| Constructors Summary |
|---|
public XMLX509SKI(Document doc, byte[] skiBytes)Constructor X509SKI
super(doc);
this.addBase64Text(skiBytes);
| public XMLX509SKI(Document doc, X509Certificate x509certificate)Constructor XMLX509SKI
super(doc);
this.addBase64Text(XMLX509SKI.getSKIBytesFromCert(x509certificate));
| public XMLX509SKI(Element element, String BaseURI)Constructor XMLX509SKI
super(element, BaseURI);
|
| Methods Summary |
|---|
| public boolean | equals(java.lang.Object obj)
if (!obj.getClass().getName().equals(this.getClass().getName())) {
return false;
}
XMLX509SKI other = (XMLX509SKI) obj;
try {
return java.security.MessageDigest.isEqual(other.getSKIBytes(),
this.getSKIBytes());
} catch (XMLSecurityException ex) {
return false;
}
| | public java.lang.String | getBaseLocalName()
return Constants._TAG_X509SKI;
| | public byte[] | getSKIBytes()Method getSKIBytes
return this.getBytesFromTextChild();
| | public static byte[] | getSKIBytesFromCert(java.security.cert.X509Certificate cert)Method getSKIBytesFromCert
try {
/*
* Gets the DER-encoded OCTET string for the extension value (extnValue)
* identified by the passed-in oid String. The oid string is
* represented by a set of positive whole numbers separated by periods.
*/
byte[] derEncodedValue = cert.getExtensionValue(XMLX509SKI.SKI_OID);
if (cert.getVersion() < 3) {
Object exArgs[] = { new Integer(cert.getVersion()) };
throw new XMLSecurityException("certificate.noSki.lowVersion",
exArgs);
}
byte[] extensionValue = null;
/**
* Use sun.security.util.DerValue if it is present.
*/
try {
DerValue dervalue = new DerValue(derEncodedValue);
if (dervalue == null) {
throw new XMLSecurityException("certificate.noSki.null");
}
if (dervalue.tag != DerValue.tag_OctetString) {
throw new XMLSecurityException("certificate.noSki.notOctetString");
}
extensionValue = dervalue.getOctetString();
} catch (NoClassDefFoundError e) {
}
/**
* Fall back to org.bouncycastle.asn1.DERInputStream
*/
if (extensionValue == null) {
try {
Class clazz = Class.forName("org.bouncycastle.asn1.DERInputStream");
if (clazz != null) {
Constructor constructor = clazz.getConstructor(new Class[]{InputStream.class});
InputStream is = (InputStream) constructor.newInstance(new Object[]{new ByteArrayInputStream(derEncodedValue)});
Method method = clazz.getMethod("readObject", new Class[]{});
Object obj = method.invoke(is, new Object[]{});
if (obj == null) {
throw new XMLSecurityException("certificate.noSki.null");
}
Class clazz2 = Class.forName("org.bouncycastle.asn1.ASN1OctetString");
if (!clazz2.isInstance(obj)) {
throw new XMLSecurityException("certificate.noSki.notOctetString");
}
Method method2 = clazz2.getMethod("getOctets", new Class[]{});
extensionValue = (byte[]) method2.invoke(obj, new Object[]{});
}
} catch (Throwable t) {
}
}
/**
* Strip away first two bytes from the DerValue (tag and length)
*/
byte abyte0[] = new byte[extensionValue.length - 2];
System.arraycopy(extensionValue, 2, abyte0, 0, abyte0.length);
/*
byte abyte0[] = new byte[derEncodedValue.length - 4];
System.arraycopy(derEncodedValue, 4, abyte0, 0, abyte0.length);
*/
if (true)
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Base64 of SKI is " + Base64.encode(abyte0));
return abyte0;
} catch (IOException ex) {
throw new XMLSecurityException("generic.EmptyMessage", ex);
}
|
|
