📄 psecredential.java
字号:
} } /** * {@inheritDoc} */ public Object getSubject() { return ((X509Certificate) certs.getCertificates().get(0)).getSubjectDN(); } /** * {@inheritDoc} */ public Service getSourceService() { return source; } /** * {@inheritDoc} */ public StructuredDocument getDocument(MimeMediaType encodeAs) throws Exception { if (!isValid()) { throw new javax.security.cert.CertificateException("Credential is not valid. Cannot generate document."); } if (!local) { throw new IllegalStateException("This credential is not a local credential and document cannot be created."); } StructuredDocument doc = StructuredDocumentFactory.newStructuredDocument(encodeAs, "jxta:Cred"); if (doc instanceof XMLDocument) { ((XMLDocument) doc).addAttribute("xmlns:jxta", "http://jxta.org"); ((XMLDocument) doc).addAttribute("xml:space", "preserve"); } if (doc instanceof Attributable) { ((Attributable) doc).addAttribute("type", "jxta:PSECred"); } Element e; e = doc.createElement("PeerGroupID", getPeerGroupID().toString()); doc.appendChild(e); e = doc.createElement("PeerID", getPeerID().toString()); doc.appendChild(e); // add the Certificate element net.jxta.impl.protocol.Certificate certChain = new net.jxta.impl.protocol.Certificate(); List certsList = certs.getCertificates(); certChain.setCertificates(certsList); StructuredDocument certsDoc = (StructuredDocument) certChain.getDocument(encodeAs); if (certsDoc instanceof Attributable) { ((Attributable) certsDoc).addAttribute("type", certsDoc.getKey().toString()); } StructuredDocumentUtils.copyElements(doc, doc, certsDoc, "Certificate"); // Add the signature. List someStreams = new ArrayList(3); try { someStreams.add(new ByteArrayInputStream(getPeerGroupID().toString().getBytes("UTF-8"))); someStreams.add(new ByteArrayInputStream(getPeerID().toString().getBytes("UTF-8"))); for (Object aCertsList : certsList) { X509Certificate aCert = (X509Certificate) aCertsList; someStreams.add(new ByteArrayInputStream(aCert.getEncoded())); } InputStream signStream = new SequenceInputStream(Collections.enumeration(someStreams)); byte[] sig = source.peerSecurityEngine.sign(source.peerSecurityEngine.getSignatureAlgorithm(), this, signStream); e = doc.createElement("Signature", PSEUtils.base64Encode(sig)); doc.appendChild(e); } catch (java.io.UnsupportedEncodingException never) {// UTF-8 is always available } if (doc instanceof Attributable) { ((Attributable) doc).addAttribute("algorithm", source.peerSecurityEngine.getSignatureAlgorithm()); } return doc; } /** * Returns the certificate associated with this credential. * * @return the certificate associated with this credential. */ public X509Certificate getCertificate() { return (X509Certificate) certs.getCertificates().get(0); } /** * Returns the certificate chain associated with this credential. * * @return the certificate chain associated with this credential. */ public X509Certificate[] getCertificateChain() { List certList = certs.getCertificates(); return (X509Certificate[]) certList.toArray(new X509Certificate[certList.size()]); } /** * Set the certificate associated with this credential * * @param certChain the certificate chain associated with this credential. */ private void setCertificateChain(CertPath certChain) { certs = certChain; Date now = new Date(); Date becomesValid = ((X509Certificate) certs.getCertificates().get(0)).getNotBefore(); Date expires = ((X509Certificate) certs.getCertificates().get(0)).getNotAfter(); if (becomesValid.compareTo(now) > 0) { if (null != becomesValidTask) { becomesValidTask.cancel(); } becomesValidTask = new TimerTask() { @Override public void run() { support.firePropertyChange("expired", false, true); if (valid) { support.firePropertyChange("valid", false, true); } } }; expirationTimer.schedule(becomesValidTask, becomesValid); } if (null != expiresTask) { expiresTask.cancel(); } if (expires.compareTo(now) > 0) { expiresTask = new TimerTask() { @Override public void run() { support.firePropertyChange("expired", true, false); if (valid) { support.firePropertyChange("valid", true, false); } } }; expirationTimer.schedule(expiresTask, expires); } boolean nowGood = (null == becomesValidTask) && (null != expiresTask); support.firePropertyChange("expired", true, nowGood); setValid(nowGood); } /** * Returns the private key associated with this credential. Only valid for * locally generated credentials. * * @return the private key associated with this credential. * @deprecated Use <@link #getSigner(String)> or <@link #getSignatureVerifier(String)> instead. */ @Deprecated public PrivateKey getPrivateKey() { if (!local) { throw new IllegalStateException("This credential is not a local credential and cannot be used for signing."); } if (null == privateKey) { throw new IllegalStateException("This local credential is engine based and cannot provide the private key."); } return privateKey; } /** * Sets the private key associated with this credential. * * @param privateKey the private key associated with this credential. */ private void setPrivateKey(PrivateKey privateKey) { this.privateKey = privateKey; } /** * Returns the key id associated with this credential, if any. Only locally * generated credentials have a key ID. * * @return Returns the key id associated with this credential, if any. */ public ID getKeyID() { return keyID; } /** * Sets the key id associated with this credential. */ private void setKeyID(ID keyID) { this.keyID = keyID; } /** * Get a Signature object based upon the private key associated with this * credential. * * @param algorithm the signing algorithm to use. * @return Signature. */ public Signature getSigner(String algorithm) throws NoSuchAlgorithmException { if (!local) { throw new IllegalStateException("This credential is not a local credential and cannot be used for signing."); } Signature sign = Signature.getInstance(algorithm); try { sign.initSign(privateKey); } catch (java.security.InvalidKeyException failed) { IllegalStateException failure = new IllegalStateException("Invalid private key"); failure.initCause(failed); throw failure; } return sign; } /** * /** * Get a Signature verifier object based upon the certificate associated * with this credential. * * @param algorithm the signing algorithm to use. * @return Signature. */ public Signature getSignatureVerifier(String algorithm) throws NoSuchAlgorithmException { Signature verify = Signature.getInstance(algorithm); try { verify.initVerify((X509Certificate) certs.getCertificates().get(0)); } catch (java.security.InvalidKeyException failed) { IllegalStateException failure = new IllegalStateException("Invalid certificate"); failure.initCause(failed); throw failure; } return verify; } /** * Process an individual element from the document. * * @param elem the element to be processed. * @return true if the element was recognized, otherwise false. */ protected boolean handleElement(XMLElement elem) { if (elem.getName().equals("PeerGroupID")) { try { ID pid = IDFactory.fromURI(new URI(elem.getTextValue())); setPeerGroupID((PeerGroupID) pid); } catch (URISyntaxException badID) { throw new IllegalArgumentException("Bad PeerGroupID in advertisement: " + elem.getTextValue()); } catch (ClassCastException badID) { throw new IllegalArgumentException("Id is not a group id: " + elem.getTextValue()); } return true; } if (elem.getName().equals("PeerID")) { try { ID pid = IDFactory.fromURI(new URI(elem.getTextValue())); setPeerID((PeerID) pid); } catch (URISyntaxException badID) { throw new IllegalArgumentException("Bad Peer ID in advertisement: " + elem.getTextValue()); } catch (ClassCastException badID) { throw new IllegalArgumentException("Id is not a peer id: " + elem.getTextValue()); } return true; } if (elem.getName().equals("Certificate")) { // XXX Compatibility hack so that net.jxta.impl.protocol.Certificate will recognize element // as a certificate. if (null == elem.getAttribute("type")) { elem.addAttribute("type", net.jxta.impl.protocol.Certificate.getMessageType()); } net.jxta.impl.protocol.Certificate certChain = new net.jxta.impl.protocol.Certificate(elem); try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); certs = cf.generateCertPath(Arrays.asList(certChain.getCertificates())); } catch (java.security.cert.CertificateException failure) { throw new IllegalArgumentException("bad certificates in chain."); } return true; } if (elem.getName().equals("Signature")) { if (null == certs) { throw new IllegalArgumentException("Signature out of order in Credential."); } List<InputStream> someStreams = new ArrayList<InputStream>(3); try { byte[] signatureToCompare = PSEUtils.base64Decode(new StringReader(elem.getTextValue())); someStreams.add(new ByteArrayInputStream(getPeerGroupID().toString().getBytes("UTF-8"))); someStreams.add(new ByteArrayInputStream(getPeerID().toString().getBytes("UTF-8"))); Iterator eachCert = certs.getCertificates().iterator(); for (Certificate certificate : certs.getCertificates()) { X509Certificate aCert = (X509Certificate) certificate; someStreams.add(new ByteArrayInputStream(aCert.getEncoded())); } InputStream signStream = new SequenceInputStream(Collections.enumeration(someStreams)); // FIXME 20051007 bondolo Fix handling of signature type. if (!PSEUtils.verifySignature("SHA1WITHRSA", getCertificate(), signatureToCompare, signStream)) { throw new IllegalArgumentException("Certificated did not match"); } } catch (Throwable failed) { if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) { LOG.log(Level.WARNING, "Failed to validate signature ", failed); } throw new IllegalArgumentException("Failed to validate signature " + failed.getMessage()); } return true; } // element was not handled return false; } /** * Intialize from a portion of a structured document. */ protected void initialize(Element root) { if (!XMLElement.class.isInstance(root)) { throw new IllegalArgumentException(getClass().getName() + " only supports XMLElement"); } XMLElement doc = (XMLElement) root; String typedoctype = ""; Attribute itsType = doc.getAttribute("type"); if (null != itsType) { typedoctype = itsType.getValue(); } String doctype = doc.getName(); if (!doctype.equals("jxta:PSECred") && !typedoctype.equals("jxta:PSECred")) { throw new IllegalArgumentException( "Could not construct : " + getClass().getName() + "from doc containing a " + doctype); } Enumeration elements = doc.getChildren(); while (elements.hasMoreElements()) { XMLElement elem = (XMLElement) elements.nextElement(); if (!handleElement(elem)) { if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) { LOG.warning("Unhandled element \'" + elem.getName() + "\' in " + doc.getName()); } } } // sanity check time! if (null == getSubject()) { throw new IllegalArgumentException("subject was never initialized."); } if (null == getPeerGroupID()) { throw new IllegalArgumentException("peer group was never initialized."); } if (null == getPeerID()) { throw new IllegalArgumentException("peer id was never initialized."); } if (null == certs) { throw new IllegalArgumentException("certificates were never initialized."); } // FIXME bondolo@jxta.org 20030409 should check for duplicate elements and for peergroup element } public X509Certificate[] generateServiceCertificate(ID assignedID) throws IOException, KeyStoreException, InvalidKeyException, SignatureException { return source.generateServiceCertificate(assignedID, this); } public PSECredential getServiceCredential(ID assignedID) throws IOException, PeerGroupException, InvalidKeyException, SignatureException { return source.getServiceCredential(assignedID, this); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -