Examples with InvalidBERException org.mozilla.jss.asn1.InvalidBERException used on opensource projects

Example 11 with InvalidBERException

use of org.mozilla.jss.asn1.InvalidBERException in project jss by dogtagpki.

the class SafeBag method createCertBag.

/**
 * Creates a SafeBag that contains an X.509 Certificate.
 * The SafeBag will have the given <i>localKeyID</i> attribute,
 *  and a <i>friendlyName</i>
 *  attribute equal to the supplied string.  This is the way Communicator
 *  makes a CertBag.  The same <i>localKeyID</i> attribute should be stored
 *  in the matching private key bag.
 *
 * @param cert A DER-encoded X.509 certificate.
 * @param friendlyName Will be stored in the <i>friendlyName</i>
 *      attribute of the SafeBag.  Should be the nickname of the cert.
 * @param localKeyID The bytes to used for the localKeyID.  These should
 *      be obtained from the <code>getLocalKeyIDFromCert</code> method.
 * @exception InvalidBERException If the cert is not a valid DER encoding.
 * @see #getLocalKeyIDFromCert
 */
public static SafeBag createCertBag(byte[] cert, String friendlyName, byte[] localKeyID) throws InvalidBERException {
    try {
        // create CertBag
        CertBag cb = new CertBag(CertBag.X509_CERT_TYPE, new ANY(cert));
        // setup attributes
        SET attributes = new SET();
        // friendly name should be cert nickname
        attributes.addElement(new Attribute(FRIENDLY_NAME, new BMPString(friendlyName)));
        attributes.addElement(new Attribute(LOCAL_KEY_ID, new OCTET_STRING(localKeyID)));
        return new SafeBag(CERT_BAG, cb, attributes);
    } catch (CharConversionException e) {
        throw new AssertionException("CharConversionException converting" + " Unicode to BMPString");
    }
}

Example 12 with InvalidBERException

use of org.mozilla.jss.asn1.InvalidBERException in project jss by dogtagpki.

the class EncryptedContentInfo method decrypt.

/**
 * Decrypts the content of an EncryptedContentInfo encrypted with a
 * PBE key.
 *
 * @param pass The password to use in generating the PBE decryption key.
 * @param charToByteConverter The converter for converting the password
 *      characters into bytes.  May be null to use the default.
 * @return The decrypted contents of the EncryptedContentInfo. The contents
 *      are first unpadded using the PKCS padding mechanism.
 */
public byte[] decrypt(Password pass, KeyGenerator.CharToByteConverter charToByteConverter) throws IllegalStateException, NotInitializedException, NoSuchAlgorithmException, InvalidBERException, IOException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, IllegalBlockSizeException, BadPaddingException {
    if (encryptedContent == null) {
        return null;
    }
    // get the key gen parameters
    AlgorithmIdentifier algid = contentEncryptionAlgorithm;
    KeyGenAlgorithm kgAlg = KeyGenAlgorithm.fromOID(algid.getOID());
    if (!(kgAlg instanceof PBEAlgorithm)) {
        throw new NoSuchAlgorithmException("KeyGenAlgorithm is not a" + " PBE algorithm");
    }
    ASN1Value params = algid.getParameters();
    if (params == null) {
        throw new InvalidAlgorithmParameterException("PBE algorithms require parameters");
    }
    PBEParameter pbeParams;
    if (params instanceof PBEParameter) {
        pbeParams = (PBEParameter) params;
    } else {
        byte[] encodedParams = ASN1Util.encode(params);
        pbeParams = (PBEParameter) ASN1Util.decode(PBEParameter.getTemplate(), encodedParams);
    }
    PBEKeyGenParams kgp = new PBEKeyGenParams(pass, pbeParams.getSalt(), pbeParams.getIterations());
    try {
        // compute the key and IV
        CryptoToken token = CryptoManager.getInstance().getInternalCryptoToken();
        KeyGenerator kg = token.getKeyGenerator(kgAlg);
        if (charToByteConverter != null) {
            kg.setCharToByteConverter(charToByteConverter);
        }
        kg.initialize(kgp);
        SymmetricKey key = kg.generate();
        // compute algorithm parameters
        EncryptionAlgorithm encAlg = ((PBEAlgorithm) kgAlg).getEncryptionAlg();
        AlgorithmParameterSpec algParams = null;
        Class<?>[] paramClasses = encAlg.getParameterClasses();
        for (int i = 0; i < paramClasses.length; i++) {
            if (paramClasses[i].equals(javax.crypto.spec.IvParameterSpec.class)) {
                algParams = new IVParameterSpec(kg.generatePBE_IV());
                break;
            } else if (paramClasses[i].equals(RC2ParameterSpec.class)) {
                algParams = new RC2ParameterSpec(key.getStrength(), kg.generatePBE_IV());
                break;
            }
        }
        // perform the decryption
        Cipher cipher = token.getCipherContext(encAlg);
        cipher.initDecrypt(key, algParams);
        return Cipher.unPad(cipher.doFinal(encryptedContent.toByteArray()));
    } finally {
        kgp.clear();
    }
}

Example 13 with InvalidBERException

use of org.mozilla.jss.asn1.InvalidBERException in project jss by dogtagpki.

the class AuthenticatedSafes method getSafeContentsAt.

/**
 * Returns the SafeContents at the given index in the AuthenticatedSafes,
 * decrypting it if necessary.
 *
 * <p>The algorithm used to extract encrypted SafeContents does not
 *  conform to version 1.0 of the spec. Instead, it conforms to the
 *  draft 1.0 spec, because this is what Communicator and MSIE seem
 *  to conform to.  This looks like an implementation error that has
 *  become firmly entrenched to preserve interoperability. The draft
 *  spec dictates that the encrypted content in the EncryptedContentInfo
 *  is the DER encoding of a SafeContents.  This is simple enough.  The
 *  1.0 final spec says that the SafeContents is wrapped in a ContentInfo,
 *  then the ContentInfo is BER encoded, then the value octets (not the
 *  tag or length) are encrypted. No wonder people stayed with the old way.
 *
 * @param password The password to use to decrypt the SafeContents if
 *  it is encrypted.  If the SafeContents is known to not be encrypted,
 *  this parameter can be null. If the password is incorrect, the
 *  decoding will fail somehow, probably with an InvalidBERException,
 *  BadPaddingException, or IllegalBlockSizeException.
 * @param index The index of the SafeContents to extract.
 * @return A SafeContents object, which is merely a
 *      SEQUENCE of SafeBags.
 * @exception IllegalArgumentException If no password was provided,
 *      but the SafeContents is encrypted.
 */
public SEQUENCE getSafeContentsAt(Password password, int index) throws IllegalStateException, NotInitializedException, NoSuchAlgorithmException, InvalidBERException, IOException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, IllegalBlockSizeException, BadPaddingException {
    ContentInfo ci = (ContentInfo) sequence.elementAt(index);
    if (ci.getContentType().equals(ContentInfo.ENCRYPTED_DATA)) {
        if (password == null) {
            // can't decrypt if we don't have a password
            throw new IllegalStateException("No password to decode " + "encrypted SafeContents");
        }
        EncryptedContentInfo encCI = ((EncryptedData) ci.getInterpretedContent()).getEncryptedContentInfo();
        // this should be a BER-encoded SafeContents
        byte[] decrypted = encCI.decrypt(password, new PasswordConverter());
        try {
            SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(SafeBag.getTemplate());
            return (SEQUENCE) ASN1Util.decode(seqt, decrypted);
        } catch (InvalidBERException e) {
            if (ACCEPT_SECURITY_DYNAMICS) {
                // try the security dynamics approach
                ContentInfo.Template cit = ContentInfo.getTemplate();
                ci = (ContentInfo) ASN1Util.decode(cit, decrypted);
                if (!ci.getContentType().equals(ContentInfo.DATA)) {
                    throw new InvalidBERException("");
                }
                OCTET_STRING os = (OCTET_STRING) ci.getInterpretedContent();
                SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(SafeBag.getTemplate());
                return (SEQUENCE) ASN1Util.decode(seqt, os.toByteArray());
            } else {
                throw e;
            }
        }
    } else if (ci.getContentType().equals(ContentInfo.DATA)) {
        // This SafeContents is not encrypted
        SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(SafeBag.getTemplate());
        return (SEQUENCE) ASN1Util.decode(seqt, ((OCTET_STRING) ci.getInterpretedContent()).toByteArray());
    } else {
        throw new InvalidBERException("AuthenticatedSafes element is" + " neither a Data or an EncryptedData");
    }
}

Example 14 with InvalidBERException

use of org.mozilla.jss.asn1.InvalidBERException in project jss by dogtagpki.

the class IssuingDistributionPoint method encode.

@Override
public void encode(Tag implicitTag, OutputStream ostream) throws IOException {
    SEQUENCE seq = new SEQUENCE();
    DerOutputStream derOut;
    try {
        // is a CHOICE, the [0] tag is forced to be EXPLICIT.
        if (fullName != null) {
            EXPLICIT distPoint = new EXPLICIT(Tag.get(0), fullNameEncoding);
            seq.addElement(distPoint);
        } else if (relativeName != null) {
            derOut = new DerOutputStream();
            relativeName.encode(derOut);
            ANY raw = new ANY(derOut.toByteArray());
            ByteArrayOutputStream bos = new ByteArrayOutputStream();
            raw.encodeWithAlternateTag(Tag.get(1), bos);
            ANY distPointName = new ANY(bos.toByteArray());
            EXPLICIT distPoint = new EXPLICIT(Tag.get(0), distPointName);
            seq.addElement(distPoint);
        }
        if (onlyContainsUserCerts != false) {
            seq.addElement(Tag.get(1), new BOOLEAN(true));
        }
        if (onlyContainsCACerts != false) {
            seq.addElement(Tag.get(2), new BOOLEAN(true));
        }
        // Encodes the ReasonFlags.
        if (onlySomeReasons != null) {
            derOut = new DerOutputStream();
            derOut.putUnalignedBitString(onlySomeReasons);
            ANY raw = new ANY(derOut.toByteArray());
            ByteArrayOutputStream bos = new ByteArrayOutputStream();
            raw.encodeWithAlternateTag(Tag.get(3), bos);
            ANY reasonEncoding = new ANY(bos.toByteArray());
            seq.addElement(reasonEncoding);
        }
        if (indirectCRL != false) {
            seq.addElement(Tag.get(4), new BOOLEAN(true));
        }
        seq.encode(implicitTag, ostream);
    } catch (InvalidBERException e) {
        // the Sun encoding classes
        throw new IOException(e.toString());
    }
}

Example 15 with InvalidBERException

use of org.mozilla.jss.asn1.InvalidBERException in project jss by dogtagpki.

the class JSSCipherSpi method engineGetKeySize.

@Override
public int engineGetKeySize(Key key) throws InvalidKeyException {
    if (key instanceof PK11PrivKey) {
        return ((PK11PrivKey) key).getStrength();
    } else if (key instanceof PK11PubKey) {
        try {
            byte[] encoded = ((PK11PubKey) key).getEncoded();
            SubjectPublicKeyInfo.Template spkiTemp = new SubjectPublicKeyInfo.Template();
            SubjectPublicKeyInfo spki = (SubjectPublicKeyInfo) ASN1Util.decode(spkiTemp, encoded);
            BIT_STRING pk = spki.getSubjectPublicKey();
            return pk.getBits().length - pk.getPadCount();
        } catch (InvalidBERException e) {
            throw new InvalidKeyException("Exception while decoding " + "public key: " + e.getMessage());
        }
    } else if (key instanceof SecretKeyFacade) {
        SymmetricKey symkey = ((SecretKeyFacade) key).key;
        return symkey.getLength();
    } else {
        key = importKey(key);
        SymmetricKey symkey = ((SecretKeyFacade) key).key;
        return symkey.getLength();
    }
}