Examples with DerInputStream sun.security.util.DerInputStream used on opensource projects

Example 6 with DerInputStream

use of sun.security.util.DerInputStream in project jdk8u_jdk by JetBrains.

the class X509CertSelectorTest method testAuthorityKeyIdentifier.

/*
     * Tests matching on the authority key identifier contained in the
     * certificate.
     */
private void testAuthorityKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
    selector.setAuthorityKeyIdentifier(a.getExtensionValue());
    checkMatch(selector, cert, false);
    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
    byte[] encoded = in.getOctetString();
    selector.setAuthorityKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}

Example 7 with DerInputStream

use of sun.security.util.DerInputStream in project jdk8u_jdk by JetBrains.

the class X509CertSelectorTest method testSubjectAltName.

/*
     * Tests matching on the subject alternative name extension contained in the
     * certificate.
     */
private void testSubjectAltName() throws IOException {
    System.out.println("X.509 Certificate Match on subjectAltName");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    GeneralNameInterface dnsName = new DNSName("foo.com");
    DerOutputStream tmp = new DerOutputStream();
    dnsName.encode(tmp);
    selector.addSubjectAlternativeName(2, tmp.toByteArray());
    checkMatch(selector, cert, false);
    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17"));
    byte[] encoded = in.getOctetString();
    SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded);
    GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
    GeneralName name = (GeneralName) names.get(0);
    selector.setSubjectAlternativeNames(null);
    DerOutputStream tmp2 = new DerOutputStream();
    name.getName().encode(tmp2);
    selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray());
    checkMatch(selector, cert, true);
    // good match 2 (matches at least one)
    selector.setMatchAllSubjectAltNames(false);
    selector.addSubjectAlternativeName(2, "foo.com");
    checkMatch(selector, cert, true);
}

Example 8 with DerInputStream

use of sun.security.util.DerInputStream in project jdk8u_jdk by JetBrains.

the class SpnegoReqFlags method go.

void go() throws Exception {
    Context c = Context.fromJAAS("client");
    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID);
    byte[] token = c.doAs(new Action() {

        @Override
        public byte[] run(Context me, byte[] input) throws Exception {
            me.x().requestCredDeleg(true);
            me.x().requestReplayDet(false);
            me.x().requestSequenceDet(false);
            return me.x().initSecContext(new byte[0], 0, 0);
        }
    }, null);
    // GSSToken
    DerValue d = new DerValue(token);
    // OID + mech token
    DerInputStream ins = d.data;
    // skip OID
    d.data.getDerValue();
    // NegTokenInit
    d = d.data.getDerValue();
    // The SEQUENCE inside
    d = d.data.getDerValue();
    boolean found = false;
    // is optional. It's even not recommended in RFC 4178.
    while (d.data.available() > 0) {
        DerValue d2 = d.data.getDerValue();
        if (d2.isContextSpecific((byte) 1)) {
            found = true;
            System.out.println("regFlags field located.");
            BitArray ba = d2.data.getUnalignedBitString();
            if (ba.length() != 7) {
                throw new Exception("reqFlags should contain 7 bits");
            }
            if (!ba.get(0)) {
                throw new Exception("delegFlag should be true");
            }
            if (ba.get(2) || ba.get(3)) {
                throw new Exception("replay/sequenceFlag should be false");
            }
        }
    }
    if (!found) {
        System.out.println("Warning: regFlags field not found, too new?");
    }
    c.dispose();
}

Example 9 with DerInputStream

use of sun.security.util.DerInputStream in project OpenAM by OpenRock.

the class IssuingDistributionPointExtension method derValueToAVAs.

private static AVA[] derValueToAVAs(DerValue derValue) throws IOException {
    DerInputStream dis = new DerInputStream(derValue.toByteArray());
    DerValue[] avaset = dis.getSet(5);
    AVA[] avas = new AVA[avaset.length];
    for (int i = 0; i < avaset.length; i++) {
        DerValue derval = avaset[i];
        avas[i] = new AVA(derval.data.getOID(), derval.data.getDerValue());
    }
    return avas;
}

Example 10 with DerInputStream

use of sun.security.util.DerInputStream in project jdk8u_jdk by JetBrains.

the class EncryptedPrivateKeyInfo method checkPKCS8Encoding.

@SuppressWarnings("fallthrough")
private static void checkPKCS8Encoding(byte[] encodedKey) throws IOException {
    DerInputStream in = new DerInputStream(encodedKey);
    DerValue[] values = in.getSequence(3);
    switch(values.length) {
        case 4:
            checkTag(values[3], DerValue.TAG_CONTEXT, "attributes");
        /* fall through */
        case 3:
            checkTag(values[0], DerValue.tag_Integer, "version");
            DerInputStream algid = values[1].toDerInputStream();
            algid.getOID();
            if (algid.available() != 0) {
                algid.getDerValue();
            }
            checkTag(values[2], DerValue.tag_OctetString, "privateKey");
            break;
        default:
            throw new IOException("invalid key encoding");
    }
}