Examples with ASN1BitString - org.apache.harmony.security.asn1.ASN1BitString

Example 1 with ASN1BitString

use of org.apache.harmony.security.asn1.ASN1BitString in project candlepin by candlepin.

the class X509CRLStreamWriter method write.

/**
 * Write a modified CRL to the given output stream.  This method will add each entry provided
 * via the add() method.
 *
 * @param out OutputStream to write to
 * @throws IOException if something goes wrong
 */
public void write(OutputStream out) throws IOException {
    if (!locked || !preScanned) {
        throw new IllegalStateException("The instance must be preScanned and locked before writing.");
    }
    if (emptyCrl) {
        /* An empty CRL is going to be missing the revokedCertificates sequence
             * and would require a lot of special casing during the streaming process.
             * Instead, it is easier to construct the CRL in the normal fashion using
             * BouncyCastle.  Performance should be acceptable as long as the number of
             * CRL entries being added are reasonable in number.  Something less than a
             * thousand or so should yield adequate performance.
             */
        writeToEmptyCrl(out);
        return;
    }
    originalLength = handleHeader(out);
    int tag;
    int tagNo;
    int length;
    while (originalLength > count.get()) {
        tag = readTag(crlIn, count);
        tagNo = readTagNumber(crlIn, tag, count);
        length = readLength(crlIn, count);
        byte[] entryBytes = new byte[length];
        readFullyAndTrack(crlIn, entryBytes, count);
        // We only need the serial number and not the rest of the stuff in the entry
        ASN1Integer serial = (ASN1Integer) new ASN1InputStream(entryBytes).readObject();
        if (deletedEntriesLength == 0 || !deletedEntries.contains(serial.getValue())) {
            writeTag(out, tag, tagNo, signer);
            writeLength(out, length, signer);
            writeValue(out, entryBytes, signer);
        }
    }
    // Write the new entries into the new CRL
    for (ASN1Sequence entry : newEntries) {
        writeBytes(out, entry.getEncoded(), signer);
    }
    // Copy the old extensions over
    if (newExtensions != null) {
        out.write(newExtensions);
        signer.getOutputStream().write(newExtensions, 0, newExtensions.length);
    }
    out.write(signingAlg.getEncoded());
    try {
        byte[] signature = signer.getSignature();
        ASN1BitString signatureBits = new DERBitString(signature);
        out.write(signatureBits.getEncoded());
    } catch (DataLengthException e) {
        throw new IOException("Could not sign", e);
    }
}

Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DataLengthException(org.bouncycastle.crypto.DataLengthException) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) ASN1BitString(org.bouncycastle.asn1.ASN1BitString)

Example 2 with ASN1BitString

use of org.apache.harmony.security.asn1.ASN1BitString in project candlepin by candlepin.

the class X509CRLStreamWriter method preScan.

public synchronized X509CRLStreamWriter preScan(InputStream crlToChange, CRLEntryValidator validator) throws IOException {
    if (locked) {
        throw new IllegalStateException("Cannot modify a locked stream.");
    }
    if (preScanned) {
        throw new IllegalStateException("preScan has already been run.");
    }
    X509CRLEntryStream reaperStream = null;
    ASN1InputStream asn1In = null;
    try {
        reaperStream = new X509CRLEntryStream(crlToChange);
        if (!reaperStream.hasNext()) {
            emptyCrl = true;
            preScanned = true;
            return this;
        }
        while (reaperStream.hasNext()) {
            CRLEntry entry = reaperStream.next();
            if (validator != null && validator.shouldDelete(entry)) {
                // Get the serial number
                deletedEntries.add(entry.getUserCertificate().getValue());
                deletedEntriesLength += entry.getEncoded().length;
            }
        }
        /* At this point, crlToChange is at the point where the crlExtensions would
             * be.  RFC 5280 says that "Conforming CRL issuers are REQUIRED to include
             * the authority key identifier (Section 5.2.1) and the CRL number (Section 5.2.3)
             * extensions in all CRLs issued.
             */
        byte[] oldExtensions = null;
        ASN1Primitive o;
        asn1In = new ASN1InputStream(crlToChange);
        while ((o = asn1In.readObject()) != null) {
            if (o instanceof ASN1Sequence) {
                // Now we are at the signatureAlgorithm
                ASN1Sequence seq = (ASN1Sequence) o;
                if (seq.getObjectAt(0) instanceof ASN1ObjectIdentifier) {
                    // It's possible an algorithm has already been set using setSigningAlgorithm()
                    if (signingAlg == null) {
                        signingAlg = AlgorithmIdentifier.getInstance(seq);
                    }
                    try {
                        // Build the signer
                        this.signer = createContentSigner(signingAlg, key);
                    } catch (OperatorCreationException e) {
                        throw new IOException("Could not create ContentSigner for " + signingAlg.getAlgorithm());
                    }
                }
            } else if (o instanceof ASN1BitString) {
                oldSigLength = o.getEncoded().length;
            } else {
                if (oldExtensions != null) {
                    throw new IllegalStateException("Already read in CRL extensions.");
                }
                oldExtensions = o.getEncoded();
            }
        }
        if (oldExtensions == null) {
            /* v1 CRLs (defined in RFC 1422) don't require extensions but all new
                 * CRLs should be v2 (defined in RFC 5280).  In the extremely unlikely
                 * event that someone is working with a v1 CRL, we handle it here although
                 * we print a warning.
                 */
            preScanned = true;
            newExtensions = null;
            extensionsDelta = 0;
            log.warn("The CRL you are modifying is a version 1 CRL." + " Please investigate moving to a version 2 CRL by adding the CRL Number" + " and Authority Key Identifier extensions.");
            return this;
        }
        newExtensions = updateExtensions(oldExtensions);
        // newExtension and oldExtensions have already been converted to DER so any difference
        // in the length of the L bytes will be accounted for in the overall difference between
        // the length of the two byte arrays.
        extensionsDelta = newExtensions.length - oldExtensions.length;
    } finally {
        if (reaperStream != null) {
            reaperStream.close();
        }
        IOUtils.closeQuietly(asn1In);
    }
    preScanned = true;
    return this;
}

Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) CRLEntry(org.bouncycastle.asn1.x509.TBSCertList.CRLEntry) IOException(java.io.IOException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ASN1BitString(org.bouncycastle.asn1.ASN1BitString)

Aggregations

IOException (java.io.IOException)2 ASN1BitString (org.bouncycastle.asn1.ASN1BitString)2 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)2 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)2 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)1 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)1 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)1 DERBitString (org.bouncycastle.asn1.DERBitString)1 CRLEntry (org.bouncycastle.asn1.x509.TBSCertList.CRLEntry)1 DataLengthException (org.bouncycastle.crypto.DataLengthException)1 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)1