Search in sources :

Example 11 with SignedData

use of org.apache.harmony.security.pkcs7.SignedData in project XobotOS by xamarin.

the class X509CertFactoryImpl method engineGenerateCertificates.

/**
     * Generates the collection of the certificates on the base of provided
     * via input stream encodings.
     * @see java.security.cert.CertificateFactorySpi#engineGenerateCertificates(InputStream)
     * method documentation for more info
     */
public Collection<? extends Certificate> engineGenerateCertificates(InputStream inStream) throws CertificateException {
    if (inStream == null) {
        throw new CertificateException("inStream == null");
    }
    ArrayList<Certificate> result = new ArrayList<Certificate>();
    try {
        if (!inStream.markSupported()) {
            // create the mark supporting wrapper
            inStream = new RestoringInputStream(inStream);
        }
        // if it is PEM encoded form this array will contain the encoding
        // so ((it is PEM) <-> (encoding != null))
        byte[] encoding = null;
        // The following by SEQUENCE ASN.1 tag, used for
        // recognizing the data format
        // (is it PKCS7 ContentInfo structure, X.509 Certificate, or
        // unsupported encoding)
        int second_asn1_tag = -1;
        inStream.mark(1);
        int ch;
        while ((ch = inStream.read()) != -1) {
            // check if it is PEM encoded form
            if (ch == '-') {
                // beginning of PEM encoding ('-' char)
                // decode PEM chunk and store its content (ASN.1 encoding)
                encoding = decodePEM(inStream, FREE_BOUND_SUFFIX);
            } else if (ch == 0x30) {
                // beginning of ASN.1 sequence (0x30)
                encoding = null;
                inStream.reset();
                // prepare for data format determination
                inStream.mark(CERT_CACHE_SEED_LENGTH);
            } else {
                // unsupported data
                if (result.size() == 0) {
                    throw new CertificateException("Unsupported encoding");
                } else {
                    // it can be trailing user data,
                    // so keep it in the stream
                    inStream.reset();
                    return result;
                }
            }
            // Check the data format
            BerInputStream in = (encoding == null) ? new BerInputStream(inStream) : new BerInputStream(encoding);
            // read the next ASN.1 tag
            // inStream position changed
            second_asn1_tag = in.next();
            if (encoding == null) {
                // keep whole structure in the stream
                inStream.reset();
            }
            // check if it is a TBSCertificate structure
            if (second_asn1_tag != ASN1Constants.TAG_C_SEQUENCE) {
                if (result.size() == 0) {
                    // whether it is PKCS7 structure
                    break;
                } else {
                    // so return what we already read
                    return result;
                }
            } else {
                if (encoding == null) {
                    result.add(getCertificate(inStream));
                } else {
                    result.add(getCertificate(encoding));
                }
            }
            // mark for the next iteration
            inStream.mark(1);
        }
        if (result.size() != 0) {
            // some Certificates have been read
            return result;
        } else if (ch == -1) {
            throw new CertificateException("There is no data in the stream");
        }
        // else: check if it is PKCS7
        if (second_asn1_tag == ASN1Constants.TAG_OID) {
            // it is PKCS7 ContentInfo structure, so decode it
            ContentInfo info = (ContentInfo) ((encoding != null) ? ContentInfo.ASN1.decode(encoding) : ContentInfo.ASN1.decode(inStream));
            // retrieve SignedData
            SignedData data = info.getSignedData();
            if (data == null) {
                throw new CertificateException("Invalid PKCS7 data provided");
            }
            List<org.apache.harmony.security.x509.Certificate> certs = data.getCertificates();
            if (certs != null) {
                for (org.apache.harmony.security.x509.Certificate cert : certs) {
                    result.add(new X509CertImpl(cert));
                }
            }
            return result;
        }
        // else: Unknown data format
        throw new CertificateException("Unsupported encoding");
    } catch (IOException e) {
        throw new CertificateException(e);
    }
}
Also used : SignedData(org.apache.harmony.security.pkcs7.SignedData) ArrayList(java.util.ArrayList) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) ContentInfo(org.apache.harmony.security.pkcs7.ContentInfo) BerInputStream(org.apache.harmony.security.asn1.BerInputStream) Certificate(java.security.cert.Certificate)

Example 12 with SignedData

use of org.apache.harmony.security.pkcs7.SignedData in project XobotOS by xamarin.

the class X509CertFactoryImpl method engineGenerateCRLs.

/**
     * @see java.security.cert.CertificateFactorySpi#engineGenerateCRLs(InputStream)
     * method documentation for more info
     */
public Collection<? extends CRL> engineGenerateCRLs(InputStream inStream) throws CRLException {
    if (inStream == null) {
        throw new CRLException("inStream == null");
    }
    ArrayList<CRL> result = new ArrayList<CRL>();
    try {
        if (!inStream.markSupported()) {
            inStream = new RestoringInputStream(inStream);
        }
        // if it is PEM encoded form this array will contain the encoding
        // so ((it is PEM) <-> (encoding != null))
        byte[] encoding = null;
        // The following by SEQUENCE ASN.1 tag, used for
        // recognizing the data format
        // (is it PKCS7 ContentInfo structure, X.509 CRL, or
        // unsupported encoding)
        int second_asn1_tag = -1;
        inStream.mark(1);
        int ch;
        while ((ch = inStream.read()) != -1) {
            // check if it is PEM encoded form
            if (ch == '-') {
                // beginning of PEM encoding ('-' char)
                // decode PEM chunk and store its content (ASN.1 encoding)
                encoding = decodePEM(inStream, FREE_BOUND_SUFFIX);
            } else if (ch == 0x30) {
                // beginning of ASN.1 sequence (0x30)
                encoding = null;
                inStream.reset();
                // prepare for data format determination
                inStream.mark(CRL_CACHE_SEED_LENGTH);
            } else {
                // unsupported data
                if (result.size() == 0) {
                    throw new CRLException("Unsupported encoding");
                } else {
                    // it can be trailing user data,
                    // so keep it in the stream
                    inStream.reset();
                    return result;
                }
            }
            // Check the data format
            BerInputStream in = (encoding == null) ? new BerInputStream(inStream) : new BerInputStream(encoding);
            // read the next ASN.1 tag
            second_asn1_tag = in.next();
            if (encoding == null) {
                // keep whole structure in the stream
                inStream.reset();
            }
            // check if it is a TBSCertList structure
            if (second_asn1_tag != ASN1Constants.TAG_C_SEQUENCE) {
                if (result.size() == 0) {
                    // whether it is PKCS7 structure
                    break;
                } else {
                    // so return what we already read
                    return result;
                }
            } else {
                if (encoding == null) {
                    result.add(getCRL(inStream));
                } else {
                    result.add(getCRL(encoding));
                }
            }
            inStream.mark(1);
        }
        if (result.size() != 0) {
            // the stream was read out
            return result;
        } else if (ch == -1) {
            throw new CRLException("There is no data in the stream");
        }
        // else: check if it is PKCS7
        if (second_asn1_tag == ASN1Constants.TAG_OID) {
            // it is PKCS7 ContentInfo structure, so decode it
            ContentInfo info = (ContentInfo) ((encoding != null) ? ContentInfo.ASN1.decode(encoding) : ContentInfo.ASN1.decode(inStream));
            // retrieve SignedData
            SignedData data = info.getSignedData();
            if (data == null) {
                throw new CRLException("Invalid PKCS7 data provided");
            }
            List<CertificateList> crls = data.getCRLs();
            if (crls != null) {
                for (CertificateList crl : crls) {
                    result.add(new X509CRLImpl(crl));
                }
            }
            return result;
        }
        // else: Unknown data format
        throw new CRLException("Unsupported encoding");
    } catch (IOException e) {
        throw new CRLException(e);
    }
}
Also used : SignedData(org.apache.harmony.security.pkcs7.SignedData) ArrayList(java.util.ArrayList) CertificateList(org.apache.harmony.security.x509.CertificateList) IOException(java.io.IOException) ContentInfo(org.apache.harmony.security.pkcs7.ContentInfo) X509CRL(java.security.cert.X509CRL) CRL(java.security.cert.CRL) BerInputStream(org.apache.harmony.security.asn1.BerInputStream) CRLException(java.security.cert.CRLException)

Aggregations

SignedData (org.apache.harmony.security.pkcs7.SignedData)12 IOException (java.io.IOException)11 ContentInfo (org.apache.harmony.security.pkcs7.ContentInfo)11 BerInputStream (org.apache.harmony.security.asn1.BerInputStream)9 X509Certificate (java.security.cert.X509Certificate)8 Certificate (java.security.cert.Certificate)7 ArrayList (java.util.ArrayList)7 Signature (java.security.Signature)5 CertificateException (java.security.cert.CertificateException)5 SignerInfo (org.apache.harmony.security.pkcs7.SignerInfo)5 X509CertImpl (org.apache.harmony.security.provider.cert.X509CertImpl)4 ByteArrayInputStream (java.io.ByteArrayInputStream)3 BigInteger (java.math.BigInteger)3 GeneralSecurityException (java.security.GeneralSecurityException)3 MessageDigest (java.security.MessageDigest)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 X500Principal (javax.security.auth.x500.X500Principal)3 AttributeTypeAndValue (org.apache.harmony.security.x501.AttributeTypeAndValue)3 Certificate (org.apache.harmony.security.x509.Certificate)3 RandomAccessFile (java.io.RandomAccessFile)2