/* * Copyright (c) 2001 Sun Microsystems, Inc.  All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright *    notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright *    notice, this list of conditions and the following disclaimer in *    the documentation and/or other materials provided with the *    distribution. * * 3. The end-user documentation included with the redistribution, *    if any, must include the following acknowledgment: *       "This product includes software developed by the *       Sun Microsystems, Inc. for Project JXTA." *    Alternately, this acknowledgment may appear in the software itself, *    if and wherever such third-party acknowledgments normally appear. * * 4. The names "Sun", "Sun Microsystems, Inc.", "JXTA" and "Project JXTA" must *    not be used to endorse or promote products derived from this *    software without prior written permission. For written *    permission, please contact Project JXTA at http://www.jxta.org. * * 5. Products derived from this software may not be called "JXTA", *    nor may "JXTA" appear in their name, without prior written *    permission of Sun. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED.  IN NO EVENT SHALL SUN MICROSYSTEMS OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of Project JXTA.  For more * information on Project JXTA, please see * <http://www.jxta.org/>. * * This license is based on the BSD license adopted by the Apache Foundation. * * $Id: PSEConfigAdv.java,v 1.9 2006/05/30 20:53:51 hamada Exp $ */package net.jxta.impl.protocol;import java.io.ByteArrayInputStream;import java.io.InputStream;import java.io.StringReader;import java.net.URI;import java.net.URL;import java.security.PrivateKey;import java.security.AlgorithmParameters;import java.security.cert.X509Certificate;import java.security.cert.CertificateFactory;import java.util.Collections;import java.util.Enumeration;import java.util.Arrays;import java.util.ArrayList;import java.util.List;import java.util.Map;import java.util.Iterator;import javax.crypto.EncryptedPrivateKeyInfo;import java.security.KeyFactory;import java.security.spec.PKCS8EncodedKeySpec;import java.security.spec.KeySpec;import java.io.IOException;import java.lang.reflect.UndeclaredThrowableException;import java.net.MalformedURLException;import java.net.UnknownServiceException;import java.net.URISyntaxException;import org.apache.log4j.Level;import org.apache.log4j.Logger;import net.jxta.document.Advertisement;import net.jxta.document.ExtendableAdvertisement;import net.jxta.document.AdvertisementFactory;import net.jxta.document.Attributable;import net.jxta.document.Attribute;import net.jxta.document.Document;import net.jxta.document.Element;import net.jxta.document.MimeMediaType;import net.jxta.document.StructuredDocument;import net.jxta.document.StructuredDocumentFactory;import net.jxta.document.StructuredDocumentUtils;import net.jxta.document.StructuredTextDocument;import net.jxta.document.TextElement;import net.jxta.document.XMLElement;import net.jxta.document.AdvertisementFactory.Instantiator;import net.jxta.id.ID;import net.jxta.id.IDFactory;import net.jxta.impl.membership.pse.PSEUtils;import net.jxta.peer.PeerID;import net.jxta.peergroup.PeerGroupID;import net.jxta.platform.ModuleClassID;import net.jxta.protocol.ConfigParams;/** *  Contains parameters for configuration of the PSE Membership Service. * *  <p/>The configuration advertisement can include an optional seed certificate *  chain and encrypted private key. If this seed information is present the PSE  *  Membership Service will require an initial authentication to unlock the  *  encrypted prviate key before creating the PSE keystore. The newly created  *  PSE keystore will be "seeded" with the certificate chain and the private key. * *  <p/>This mechanism allows for out-of-band distribution of JXTA identity *  information and avoids the need for remote authentication. * *  <p/>Note: This implementation contemplates multiple root certs in its *  schema, but the API has not yet been extended to include this functionality. */public final class PSEConfigAdv extends ExtendableAdvertisement {    /**    *   Log4J Logger    */    private final static transient Logger LOG = Logger.getLogger(PSEConfigAdv.class.getName());    /**     *  Our DOCTYPE     */    private final static String advType =  "jxta:PSEConfig";    /**     *  Instantiator for PSEConfigAdv     */    public static class Instantiator implements AdvertisementFactory.Instantiator {        /**         * {@inheritDoc}         */        public String getAdvertisementType() {            return advType;        }        /**         * {@inheritDoc}         */        public Advertisement newInstance() {            return new PSEConfigAdv();        }        /**         * {@inheritDoc}         */        public Advertisement newInstance(Element root) {            return new PSEConfigAdv(root);        }    };    private final static String ROOT_CERT_TAG = "RootCert" ;    private final static String CERT_TAG = "Certificate" ;    private final static String ENCRYPTED_PRIVATE_KEY_TAG = "EncryptedPrivateKey";    private final static String KEY_STORE_TYPE_ATTR = "KeyStoreType" ;    private final static String KEY_STORE_PROVIDER_ATTR = "KeyStoreProvider";    private final static String KEY_STORE_LOCATION_TAG = "KeyStoreLocation";    private final static String [] INDEX_FIELDS = { };    private final List<X509Certificate> certs = new ArrayList<X509Certificate>();    private EncryptedPrivateKeyInfo encryptedPrivateKey = null;    private String privAlgorithm = null;    private String keyStoreType = null;    private String keyStoreProvider = null;    private URI keyStoreLocation = null;    /**     *  Returns the identifying type of this Advertisement.     *     *  <p/><b>Note:</b> This is a static method. It cannot be used to determine     *  the runtime type of an advertisment. ie.     *  </p><code><pre>     *      Advertisement adv = module.getSomeAdv();     *      String advType = adv.getAdvertisementType();     *  </pre></code>     *     *  <p/><b>This is wrong and does not work the way you might expect.</b>     *  This call is not polymorphic and calls     *  {@code Advertisement.getAdvertisementType()} no matter what the real      *  type of the advertisment.     *     * @return String the type of advertisement     */    public static String getAdvertisementType() {        return advType ;    }    /**     *  Use the Instantiator through the factory     */    private PSEConfigAdv() {}    /**     *  Use the Instantiator through the factory     *     *  @param root The XMLElement which is the root element of the PSEConfigAdv.     */    private PSEConfigAdv(Element root) {        if(!XMLElement.class.isInstance(root))            throw new IllegalArgumentException(getClass().getName() + " only supports XLMElement");        XMLElement doc = (XMLElement) root;        String doctype = doc.getName();        String typedoctype = "";        Attribute itsType = doc.getAttribute("type");        if(null != itsType)            typedoctype = itsType.getValue();        if(!doctype.equals(getAdvertisementType()) && !getAdvertisementType().equals(typedoctype)) {            throw new IllegalArgumentException("Could not construct : "                                               + getClass().getName() + "from doc containing a " + doc.getName());        }        Enumeration eachAttr = doc.getAttributes();        while (eachAttr.hasMoreElements()) {            Attribute anAttr = (Attribute) eachAttr.nextElement();            if(KEY_STORE_TYPE_ATTR.equals(anAttr.getName())) {                keyStoreType = anAttr.getValue().trim();            } else if(KEY_STORE_PROVIDER_ATTR.equals(anAttr.getName())) {                keyStoreProvider = anAttr.getValue().trim();            } else if ("type".equals(anAttr.getName())) {                ;            } else if ("xmlns:jxta".equals(anAttr.getName())) {                ;            } else {                if (LOG.isEnabledFor(Level.WARN)) {                    LOG.warn("Unhandled Attribute: " + anAttr.getName());                }            }        }        certs.clear();        Enumeration elements = doc.getChildren();        while (elements.hasMoreElements()) {            XMLElement elem = (XMLElement) elements.nextElement();            if(!handleElement(elem)) {                if (LOG.isEnabledFor(Level.DEBUG))                    LOG.debug("Unhandled Element: " + elem.toString());            }        }        // Sanity Check!!!    }    /**     * Make a safe clone of this PSEConfigAdv.     *     * @return Object A copy of this PSEConfigAdv     */    public Object clone() {        PSEConfigAdv result = new PSEConfigAdv();        result.setKeyStoreLocation(getKeyStoreLocation());        result.setKeyStoreType(getKeyStoreType());        result.setKeyStoreProvider(getKeyStoreProvider());        result.setEncryptedPrivateKey(getEncryptedPrivateKey(), getEncryptedPrivateKeyAlgo());        result.setCertificateChain(getCertificateChain());        return result;    }    /**     * {@inheritDoc}     */    public String getAdvType() {        return getAdvertisementType();    }    /**     * {@inheritDoc}     */    public final String getBaseAdvType() {        return getAdvertisementType();    }    /**     *  {@inheritDoc}     */    public ID getID() {        InputStream data = new ByteArrayInputStream(getCert().getBytes());        try {            return IDFactory.newCodatID(PeerGroupID.worldPeerGroupID, new byte [16], data);        } catch (IOException failed) {            throw new UndeclaredThrowableException(failed, "Could not generate id");        }    }    /**     *  Returns the seed certificate. If present, this certificate will be used     *  to initialize the PSE keystore and will be stored using the peer id of     *  the authenticating peer.     *     *  @return The seed certificate or {@code null} if there is no seed     *  certificate defined.     */    public X509Certificate getCertificate() {        if(certs.isEmpty()) {            return null;        } else {            return (X509Certificate) certs.get(0);        }    }    /**     *  Returns the seed certificate chain. If present, this certificate chain      *  will be used to initialize the PSE keystore and will be stored using the      *  peer id of the authenticating peer.     *     *  @return the seed certificate chain for this peer or {@code null} if      *  there is no seed certificate chain defined.     */    public X509Certificate[] getCertificateChain() {        return (X509Certificate[]) certs.toArray(new X509Certificate[certs.size()]);    }    /**     *  Returns the seed ceritficate encoded as a BASE64 String.     *     *  @return the seed certificate encoded as a BASE64 String.     */    public String getCert() {        X509Certificate rootCert = getCertificate();        if(null != rootCert) {            try {                return PSEUtils.base64Encode(getCertificate().getEncoded());            } catch(Throwable failed) {                throw new IllegalStateException("Failed to process seed cert");            }        } else {            return null;        }    }    /**     *  Sets the seed certificate for this peer from a BASE64 String.     *     *  @param newCert The seed certificate for this peer as a BASE64 String.     */    public void setCert(String newCert) {        try {            byte [] cert_der = PSEUtils.base64Decode(new StringReader(newCert));            CertificateFactory cf = CertificateFactory.getInstance("X509");            setCertificate((X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert_der)));        } catch(Exception failed) {            if (LOG.isEnabledFor(Level.ERROR)) {                LOG.error("Failed to process seed cert", failed);