Example 36 with DerInputStream
use of sun.security.util.DerInputStream in project jdk8u_jdk by JetBrains.
the class DisableRevocation method generateSelector.
private static X509CertSelector generateSelector(String name) throws Exception {
X509CertSelector selector = new X509CertSelector();
// generate certificate from certificate string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is = null;
if (name.equals("subca")) {
is = new ByteArrayInputStream(subCaCertStr.getBytes());
} else if (name.equals("subci")) {
is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
} else {
is = new ByteArrayInputStream(targetCertStr.getBytes());
}
X509Certificate target = (X509Certificate) cf.generateCertificate(is);
byte[] extVal = target.getExtensionValue("2.5.29.14");
if (extVal != null) {
DerInputStream in = new DerInputStream(extVal);
byte[] subjectKID = in.getOctetString();
selector.setSubjectKeyIdentifier(subjectKID);
} else {
// unlikely to happen.
throw new Exception("unexpected certificate: no SKID extension");
}
return selector;
}
Also used :
DerInputStream(sun.security.util.DerInputStream)
SocketException(java.net.SocketException)
Example 37 with DerInputStream
use of sun.security.util.DerInputStream in project jdk8u_jdk by JetBrains.
the class KeyUsageMatters method generateSelector.
private static X509CertSelector generateSelector(String name) throws Exception {
X509CertSelector selector = new X509CertSelector();
// generate certificate from certificate string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is = null;
if (name.equals("subca")) {
is = new ByteArrayInputStream(subCaCertStr.getBytes());
} else if (name.equals("subci")) {
is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
} else {
is = new ByteArrayInputStream(targetCertStr.getBytes());
}
X509Certificate target = (X509Certificate) cf.generateCertificate(is);
byte[] extVal = target.getExtensionValue("2.5.29.14");
if (extVal != null) {
DerInputStream in = new DerInputStream(extVal);
byte[] subjectKID = in.getOctetString();
selector.setSubjectKeyIdentifier(subjectKID);
} else {
// unlikely to happen.
throw new Exception("unexpected certificate: no SKID extension");
}
return selector;
}
Also used :
DerInputStream(sun.security.util.DerInputStream)
SocketException(java.net.SocketException)
Example 38 with DerInputStream
use of sun.security.util.DerInputStream in project jdk8u_jdk by JetBrains.
the class X509CertSelector method matchAuthorityKeyID.
/* match on authority key identifier extension value */
private boolean matchAuthorityKeyID(X509Certificate xcert) {
if (authorityKeyID == null) {
return true;
}
try {
byte[] extVal = xcert.getExtensionValue("2.5.29.35");
if (extVal == null) {
if (debug != null) {
debug.println("X509CertSelector.match: " + "no authority key ID extension");
}
return false;
}
DerInputStream in = new DerInputStream(extVal);
byte[] certAuthKeyID = in.getOctetString();
if (certAuthKeyID == null || !Arrays.equals(authorityKeyID, certAuthKeyID)) {
if (debug != null) {
debug.println("X509CertSelector.match: " + "authority key IDs don't match");
}
return false;
}
} catch (IOException ex) {
if (debug != null) {
debug.println("X509CertSelector.match: " + "exception in authority key ID check");
}
return false;
}
return true;
}
Also used :
DerInputStream(sun.security.util.DerInputStream)
IOException(java.io.IOException)
Example 39 with DerInputStream
use of sun.security.util.DerInputStream in project Payara by payara.
the class GSSUtils method getOID.
/*
* Return the OID corresponding to an OID represented in DER format as follows: 0x06 -- Tag for
* OBJECT IDENTIFIER derOID.length -- length in octets of OID DER value of OID -- written as
* specified byte the DER representation for an ObjectIdentifier.
*/
public static ObjectIdentifier getOID(byte[] derOID) throws IOException {
DerInputStream dis = new DerInputStream(derOID);
ObjectIdentifier oid = dis.getOID();
/*
* Note: getOID() method call generates an IOException if derOID contains any malformed data
*/
return oid;
}
Also used :
DerInputStream(sun.security.util.DerInputStream)
ObjectIdentifier(sun.security.util.ObjectIdentifier)
Example 40 with DerInputStream
use of sun.security.util.DerInputStream in project Payara by payara.
the class Counter method createIdCred.
/**
* Create an identity from an Identity Token and stores it as a public credential in the JAAS
* subject in a security context.
*
* Set the identcls field in the security context.
*/
private void createIdCred(SecurityContext securityContext, IdentityToken identityToken) throws Exception {
// used to hold DER encodings
byte[] derEncoding;
// Any object returned from codec.decode_value()
Any any;
switch(identityToken.discriminator()) {
case ITTAbsent.value:
if (logger.isLoggable(FINE)) {
logger.log(FINE, "Identity token type is Absent");
}
securityContext.identcls = null;
break;
case ITTAnonymous.value:
if (logger.isLoggable(FINE)) {
logger.log(FINE, "Identity token type is Anonymous");
logger.log(FINE, "Adding AnonyCredential to subject's PublicCredentials");
}
securityContext.subject.getPublicCredentials().add(new AnonCredential());
securityContext.identcls = AnonCredential.class;
break;
case ITTDistinguishedName.value:
// Construct a X500Name
derEncoding = identityToken.dn();
// Issue 5766: Decode CDR encoding if necessary
if (isCDR(derEncoding)) {
any = codec.decode_value(derEncoding, X501DistinguishedNameHelper.type());
// Extract CDR encoding
derEncoding = X501DistinguishedNameHelper.extract(any);
}
if (logger.isLoggable(FINE)) {
logger.log(FINE, "Create an X500Name object from identity token");
}
X500Name xname = new X500Name(derEncoding);
if (logger.isLoggable(FINE)) {
logger.log(FINE, "Identity to be asserted is " + xname.toString());
logger.log(FINE, "Adding X500Name to subject's PublicCredentials");
}
securityContext.subject.getPublicCredentials().add(xname);
securityContext.identcls = X500Name.class;
break;
case ITTX509CertChain.value:
// Construct a X509CertificateChain
if (logger.isLoggable(FINE)) {
logger.log(FINE, "Identity token type is a X509 Certificate Chain");
}
derEncoding = identityToken.certificate_chain();
// Issue 5766: Decode CDR encoding if necessary
if (isCDR(derEncoding)) {
// Decode CDR encoding
any = codec.decode_value(derEncoding, X509CertificateChainHelper.type());
// Extract DER encoding
derEncoding = X509CertificateChainHelper.extract(any);
}
DerInputStream din = new DerInputStream(derEncoding);
/**
* Size specified for getSequence() is 1 and is just used as a guess by the method getSequence().
*/
DerValue[] derval = din.getSequence(1);
X509Certificate[] certchain = new X509CertImpl[derval.length];
/**
* X509Certificate does not have a constructor which can be used to instantiate objects from DER
* encodings. So use X509CertImpl extends X509Cerificate and also implements DerEncoder interface.
*/
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "Contents of X509 Certificate chain:");
}
for (int i = 0; i < certchain.length; i++) {
certchain[i] = new X509CertImpl(derval[i]);
if (logger.isLoggable(FINE)) {
logger.log(FINE, " " + certchain[i].getSubjectDN().getName());
}
}
if (logger.isLoggable(FINE)) {
logger.log(FINE, "Creating a X509CertificateCredential object from certchain");
}
/**
* The alias field in the X509CertificateCredential is currently ignored by the RI. So it is set to
* "dummy".
*/
X509CertificateCredential cred = new X509CertificateCredential(certchain, certchain[0].getSubjectDN().getName(), "default");
if (logger.isLoggable(FINE)) {
logger.log(FINE, "Adding X509CertificateCredential to subject's PublicCredentials");
}
securityContext.subject.getPublicCredentials().add(cred);
securityContext.identcls = X509CertificateCredential.class;
break;
case ITTPrincipalName.value:
if (logger.isLoggable(FINE)) {
logger.log(FINE, "Identity token type is GSS Exported Name");
}
byte[] expname = identityToken.principal_name();
// Issue 5766: Decode CDR encoding if necessary
if (isCDR(expname)) {
// Decode CDR encoding
any = codec.decode_value(expname, GSS_NT_ExportedNameHelper.type());
expname = GSS_NT_ExportedNameHelper.extract(any);
}
if (!verifyMechOID(GSSUP_MECH_OID, expname)) {
throw new SecurityException(localStrings.getLocalString("secserverreqinterceptor.err_unknown_idassert_type", "Unknown identity assertion type."));
}
GSSUPName gssname = new GSSUPName(expname);
securityContext.subject.getPublicCredentials().add(gssname);
securityContext.identcls = GSSUPName.class;
logger.log(FINE, "Adding GSSUPName credential to subject");
break;
default:
logger.log(SEVERE, "iiop.unknown_identity");
throw new SecurityException(localStrings.getLocalString("secserverreqinterceptor.err_unknown_idassert_type", "Unknown identity assertion type."));
}
}
Also used :
X500Name(sun.security.x509.X500Name)
Any(org.omg.CORBA.Any)
X509Certificate(java.security.cert.X509Certificate)
GSSUPName(com.sun.enterprise.common.iiop.security.GSSUPName)
X509CertificateCredential(com.sun.enterprise.security.auth.login.common.X509CertificateCredential)
DerValue(sun.security.util.DerValue)
X509CertImpl(sun.security.x509.X509CertImpl)
DerInputStream(sun.security.util.DerInputStream)
AnonCredential(com.sun.enterprise.common.iiop.security.AnonCredential)
Aggregations
DerInputStream (sun.security.util.DerInputStream)40
DerValue (sun.security.util.DerValue)17
IOException (java.io.IOException)12
ObjectIdentifier (sun.security.util.ObjectIdentifier)11
X509CertSelector (java.security.cert.X509CertSelector)6
BigInteger (java.math.BigInteger)5
X509Certificate (java.security.cert.X509Certificate)5
CertificateException (java.security.cert.CertificateException)4
CertificateFactory (java.security.cert.CertificateFactory)4
X500Principal (javax.security.auth.x500.X500Principal)4
SocketException (java.net.SocketException)3
KeyStoreException (java.security.KeyStoreException)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
UnrecoverableEntryException (java.security.UnrecoverableEntryException)3
UnrecoverableKeyException (java.security.UnrecoverableKeyException)3
DestroyFailedException (javax.security.auth.DestroyFailedException)3
AlgorithmParameters (java.security.AlgorithmParameters)2
InvalidKeyException (java.security.InvalidKeyException)2
KeyFactory (java.security.KeyFactory)2
Date (java.util.Date)2
