pseconfigadv.java

jxta_src_2.41b jxta 2.41b 最新版源码 from www.jxta.org

            }

            IllegalArgumentException failure = new IllegalArgumentException("Failed to process seed cert");
            failure.initCause(failed);

            throw failure;
        }
    }

    /**
     *  Sets the seed certificate for this peer. If {@code null} then the 
     *  Private Key is also cleared.
     *
     *  @param newCert The seed certificate for this PSE instance or {@code null}
     *  to clear the seed certificates and private key.
     */
    public void setCertificate(X509Certificate newCert) {
        if (LOG.isEnabledFor(Level.DEBUG)) {
            LOG.debug("setCert : " + newCert);
        }

        certs.clear();

        if(null == newCert) {
            encryptedPrivateKey = null;
        } else {
            certs.add(newCert);
        }
    }

    /**
     *  Sets the seed Certificate chain for this peer. If {@code null} then the  
     *  Private Key is also cleared.
     *
     *  @param newCerts The seed certificate chain  or {@code null}
     *  to clear the seed certificates and private key.
     */
    public void setCertificateChain(X509Certificate[] newCerts) {
        if (LOG.isEnabledFor(Level.DEBUG)) {
            LOG.debug("setCert : " + newCerts);
        }

        certs.clear();

        if(null == newCerts) {
            encryptedPrivateKey = null;
        } else {
            certs.addAll(Arrays.asList(newCerts));
        }
    }

    /**
     *  Get the seed private key from this advertisement. The private key is
     *  retrieved from the advertisement using the provided password.
     *
     *  @param password the password to use in attempting to decrypt the private
     *  key.
     *  @return the decrypted private key.
     */
    public PrivateKey getPrivateKey(char [] password) {

        return PSEUtils.pkcs5_Decrypt_pbePrivateKey(password, privAlgorithm, encryptedPrivateKey);
    }

    /**
     *  Get the encrypted seed private key from this advertisement.
     *
     *  @return the encrypted seed private key.
     */
    public EncryptedPrivateKeyInfo getEncryptedPrivateKey() {

        return encryptedPrivateKey;
    }

    /**
     *  Get the encrypted seed private key algorithm from this advertisement.
     *
     *  @return the decrypted seed private key algorithm.
     */
    public String getEncryptedPrivateKeyAlgo() {

        return privAlgorithm;
    }

    /**
     *  Get the encrypted seed private key from this advertisement.
     *
     *  @return the encoded encrypted private key, a BASE64 String of a DER
     *  encoded PKCS8 EncrpytePrivateKeyInfo.
     */
    public String getEncryptedPrivKey() {
        try {
            if(null == encryptedPrivateKey) {
                return null;
            }

            return PSEUtils.base64Encode(encryptedPrivateKey.getEncoded());
        } catch(Exception failed) {
            if (LOG.isEnabledFor(Level.ERROR)) {
                LOG.error("Failed to process private key", failed);
            }

            IllegalStateException failure = new IllegalStateException("Failed to process private key");
            failure.initCause(failed);
            throw failure;
        }
    }

    /**
     *  Return the JCE Keystore type which the PSE Membership Service should use.
     *  This value should be the name of valid JCE Keystore or {@code null} if
     *  the default Keystore type should be used. The PSE Membership Service
     *  will create the keystore via 
     *  {@code KeyStore.getInstance(keystore_type)}.
     *  
     *  @return The name of the Keystore type which the PSE Membership Service
     *  will use or {@code null} if the default keystore type should be used.
     */
    public String getKeyStoreType() {
        return keyStoreType;
    }

    /**
     *  Set the JCE Keystore type which the PSE Membership Service 
     *  should use. This value should be the name of valid JCE Keystore or 
     *  {@code null} if the default Keystore type should be used. The PSE 
     *  Membership Service will create the keystore via 
     *  {@code KeyStore.getInstance(keystore_type)}.
     *
     *  @param type The JCE Keystore type which the PSE Membership Service 
     *  should use. This value should be the name of valid JCE Keystore or 
     *  {@code null} if the default Keystore type should be used.
     */
    public void setKeyStoreType(String type) {
        keyStoreType = type;
    }

    /**
     *  Return the JCE provider which the PSE Membership Service 
     *  should use for Keystores. This value should be the name of valid JCE 
     *  provider or {@code null} if the default provider should be used. The PSE 
     *  Membership Service will create the keystore via 
     *  {@code KeyStore.getInstance(keystore_type, provider)}.
     *
     *  @return The JCE provider which the PSE Membership Service 
     *  should use for Keystores. This value should be the name of valid JCE 
     *  provider or {@code null} if the default provider should be used.
     */
    public String getKeyStoreProvider() {
        return keyStoreProvider;
    }

    /**
     *  Set the JCE provider which the PSE Membership Service 
     *  should use for Keystores. This value should be the name of valid JCE 
     *  provider or {@code null} if the default provider should be used. The PSE 
     *  Membership Service will create the keystore via 
     *  {@code KeyStore.getInstance(keystore_type, provider)}.
     *
     *  @param provider The JCE provider which the PSE Membership Service 
     *  should use for Keystores. This value should be the name of valid JCE 
     *  provider or {@code null} if the default provider should be used.
     */
    public void setKeyStoreProvider(String provider) {
        keyStoreProvider = provider;
    }

    /**
     *  Return the location of the Keystore or {@code null} if the PSE 
     *  Membership Service should use the default location. The actual default
     *  location may vary depending upon they Keystore type and provider and not
     *  all location values may be valid for all Keystore types and providers.
     *  
     *  @return The location of the Keystore or {@code null} if the PSE 
     *  Membership Service should use the default location.
     */
    public URI getKeyStoreLocation() {
        return keyStoreLocation;
    }

    /**
     *  Set the location of the Keystore or {@code null} if the PSE 
     *  Membership Service should use the default location. The actual default
     *  location may vary depending upon they Keystore type and provider and not
     *  all location values may be valid for all Keystore types and providers.
     *  
     *  @param location The location of the Keystore or {@code null} if the PSE 
     *  Membership Service should use the default location.
     */
    public void setKeyStoreLocation(URI location) {
        keyStoreLocation = location;
    }

    /**
     *  Set the encrypted private key for this advertisement. The private key
     *  is provided as a BASE64 String of a DER encoded PKCS8
     *  EncrpytePrivateKeyInfo.
     *
     *  @param newPriv a BASE64 String of a DER encoded PKCS8
     *  EncrpytePrivateKeyInfo.
     *  @param algorithm The public key algorithm used by this private key.
     *  Currently only "RSA" is supported.
     */
    public void setEncryptedPrivateKey(String newPriv, String algorithm) {
        try {
            byte [] key_der = PSEUtils.base64Decode(new StringReader(newPriv));

            EncryptedPrivateKeyInfo newEncryptedPriv = new EncryptedPrivateKeyInfo(key_der);

            setEncryptedPrivateKey(newEncryptedPriv, algorithm);
        } catch(Exception failed) {
            if (LOG.isEnabledFor(Level.ERROR)) {
                LOG.error("Failed to process private key", failed);
            }

            IllegalArgumentException failure = new IllegalArgumentException("Failed to process private key");
            failure.initCause(failed);

            throw failure;
        }
    }

    /**
     *  Set the encrypted seed private key for this advertisement.
     *
     *  @param newPriv The encrypted seed private key.
     *  @param algorithm The public key algorithm used by this private key.
     *  Currently only "RSA" is supported.
     */
    public void setEncryptedPrivateKey(EncryptedPrivateKeyInfo newPriv, String algorithm) {
        if (LOG.isEnabledFor(Level.DEBUG)) {
            LOG.debug("setPrivateKey : " + newPriv);
        }

        encryptedPrivateKey = newPriv;
        privAlgorithm = algorithm;
    }

    /**
     *  Set the encrypted seed private key for this advertisement.
     *
     *  @param password The password to be used in encrypting the private key
     *  @param newPriv  The private key to be stored in encrypted form.
     */
    public void setPrivateKey(PrivateKey newPriv, char [] password) {
        if (LOG.isEnabledFor(Level.DEBUG)) {
            LOG.debug("setPrivateKey : " + newPriv);
        }

        EncryptedPrivateKeyInfo encypted = PSEUtils.pkcs5_Encrypt_pbePrivateKey(password, newPriv, 500);

        setEncryptedPrivateKey(encypted, newPriv.getAlgorithm());
    }

    /**
     *  {@inheritDoc}
     */
    protected boolean handleElement(Element raw) {

        if (super.handleElement(raw))
            return true;

        XMLElement elem = (XMLElement) raw;

        if (ROOT_CERT_TAG.equals(elem.getName())) {

            Enumeration elements = elem.getChildren();

            while (elements.hasMoreElements()) {
                XMLElement eachcertelem = (XMLElement) elements.nextElement();

                if (CERT_TAG.equals(eachcertelem.getName())) {
                    // XXX bondolo 20040415 backwards compatibility
                    eachcertelem.addAttribute("type", net.jxta.impl.protocol.Certificate.getMessageType());

                    net.jxta.impl.protocol.Certificate certChain = new net.jxta.impl.protocol.Certificate(eachcertelem);

                    setCertificateChain(certChain.getCertificates());

                    continue;
                }

                if (ENCRYPTED_PRIVATE_KEY_TAG.equals(eachcertelem.getName())) {
                    String value = eachcertelem.getTextValue();
                    if(null == value) {
                        throw new IllegalArgumentException("Empty Private Key element");
                    }

                    value = value.trim();

                    Attribute algo = eachcertelem.getAttribute("algorithm");

                    if(null == algo) {
                        throw new IllegalArgumentException("Private Key element must include algorithm attribute");
                    }

                    setEncryptedPrivateKey(value, algo.getValue());
                    continue;
                }

                if (LOG.isEnabledFor(Level.DEBUG))
                    LOG.debug("Unhandled Element: " + eachcertelem.getName());

            }

            return true;
        }

        if (KEY_STORE_LOCATION_TAG.equals(elem.getName())) {
            try {
                keyStoreLocation = new URI(elem.getTextValue());
            } catch (URISyntaxException badURI) {
                IllegalArgumentException iae = new IllegalArgumentException("Bad key store location URI");
                iae.initCause(badURI);

                throw iae;
            }
        }

        return false;
    }

    /**
     *  {@inheritDoc}
     */
    public Document getDocument(MimeMediaType encodeAs) {
        StructuredDocument adv = (StructuredDocument) super.getDocument(encodeAs);

        if(adv instanceof Attributable) {
            Attributable attrDoc = (Attributable) adv;

            if(null != keyStoreType) {
                attrDoc.addAttribute(KEY_STORE_TYPE_ATTR, keyStoreType);

                if(null != keyStoreProvider) {
                    attrDoc.addAttribute(KEY_STORE_PROVIDER_ATTR, keyStoreProvider);
                }
            }
        }

        if(null != keyStoreLocation) {
            Element keyStoreLocationURI = adv.createElement(KEY_STORE_LOCATION_TAG, keyStoreLocation.toString());
            adv.appendChild(keyStoreLocationURI);
        }

        String encodedRoot = getCert();
        String encodedPrivateKey = getEncryptedPrivKey();

        if((null != encodedRoot) && (null != encodedPrivateKey)) {
            Element rootcert = adv.createElement(ROOT_CERT_TAG, null);
            adv.appendChild(rootcert);

            // FIXME bondolo 20040501 needs to write certificate chain.

            Element cert = adv.createElement(CERT_TAG, encodedRoot);
            rootcert.appendChild(cert);


            Element privatekey = adv.createElement(ENCRYPTED_PRIVATE_KEY_TAG, encodedPrivateKey);
            rootcert.appendChild(privatekey);

            if(privatekey instanceof Attributable) {
                ((Attributable)privatekey).addAttribute("algorithm", privAlgorithm);
            }
        }

        return adv;
    }

    /**
     *  {@inheritDoc}
     */
    public String [] getIndexFields() {
        return INDEX_FIELDS;
    }
}