Examples with NULL org.mozilla.jss.asn1.NULL used on opensource projects

Example 51 with NULL

use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.

the class CMCStatusInfoV2 method encode.

@Override
public void encode(Tag implicitTag, OutputStream ostream) throws IOException {
    SEQUENCE seq = new SEQUENCE();
    seq.addElement(status);
    seq.addElement(bodyList);
    if (statusString != null) {
        seq.addElement(statusString);
    }
    if (otherInfo != null) {
        seq.addElement(otherInfo);
    }
    seq.encode(implicitTag, ostream);
}

Example 52 with NULL

use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.

the class AuthenticatedSafes method getSafeContentsAt.

/**
 * Returns the SafeContents at the given index in the AuthenticatedSafes,
 * decrypting it if necessary.
 *
 * <p>The algorithm used to extract encrypted SafeContents does not
 *  conform to version 1.0 of the spec. Instead, it conforms to the
 *  draft 1.0 spec, because this is what Communicator and MSIE seem
 *  to conform to.  This looks like an implementation error that has
 *  become firmly entrenched to preserve interoperability. The draft
 *  spec dictates that the encrypted content in the EncryptedContentInfo
 *  is the DER encoding of a SafeContents.  This is simple enough.  The
 *  1.0 final spec says that the SafeContents is wrapped in a ContentInfo,
 *  then the ContentInfo is BER encoded, then the value octets (not the
 *  tag or length) are encrypted. No wonder people stayed with the old way.
 *
 * @param password The password to use to decrypt the SafeContents if
 *  it is encrypted.  If the SafeContents is known to not be encrypted,
 *  this parameter can be null. If the password is incorrect, the
 *  decoding will fail somehow, probably with an InvalidBERException,
 *  BadPaddingException, or IllegalBlockSizeException.
 * @param index The index of the SafeContents to extract.
 * @return A SafeContents object, which is merely a
 *      SEQUENCE of SafeBags.
 * @exception IllegalArgumentException If no password was provided,
 *      but the SafeContents is encrypted.
 */
public SEQUENCE getSafeContentsAt(Password password, int index) throws IllegalStateException, NotInitializedException, NoSuchAlgorithmException, InvalidBERException, IOException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, IllegalBlockSizeException, BadPaddingException {
    ContentInfo ci = (ContentInfo) sequence.elementAt(index);
    if (ci.getContentType().equals(ContentInfo.ENCRYPTED_DATA)) {
        if (password == null) {
            // can't decrypt if we don't have a password
            throw new IllegalStateException("No password to decode " + "encrypted SafeContents");
        }
        EncryptedContentInfo encCI = ((EncryptedData) ci.getInterpretedContent()).getEncryptedContentInfo();
        // this should be a BER-encoded SafeContents
        byte[] decrypted = encCI.decrypt(password, new PasswordConverter());
        try {
            SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(SafeBag.getTemplate());
            return (SEQUENCE) ASN1Util.decode(seqt, decrypted);
        } catch (InvalidBERException e) {
            if (ACCEPT_SECURITY_DYNAMICS) {
                // try the security dynamics approach
                ContentInfo.Template cit = ContentInfo.getTemplate();
                ci = (ContentInfo) ASN1Util.decode(cit, decrypted);
                if (!ci.getContentType().equals(ContentInfo.DATA)) {
                    throw new InvalidBERException("");
                }
                OCTET_STRING os = (OCTET_STRING) ci.getInterpretedContent();
                SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(SafeBag.getTemplate());
                return (SEQUENCE) ASN1Util.decode(seqt, os.toByteArray());
            } else {
                throw e;
            }
        }
    } else if (ci.getContentType().equals(ContentInfo.DATA)) {
        // This SafeContents is not encrypted
        SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(SafeBag.getTemplate());
        return (SEQUENCE) ASN1Util.decode(seqt, ((OCTET_STRING) ci.getInterpretedContent()).toByteArray());
    } else {
        throw new InvalidBERException("AuthenticatedSafes element is" + " neither a Data or an EncryptedData");
    }
}

Example 53 with NULL

use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.

the class SSLClientAuth method generateCerts.

private void generateCerts(CryptoManager cm, int serialNum) {
    // RSA Key with default exponent
    int keyLength = 4096;
    try {
        java.security.KeyPairGenerator kpg = java.security.KeyPairGenerator.getInstance("RSA", "Mozilla-JSS");
        kpg.initialize(keyLength);
        KeyPair caPair = kpg.genKeyPair();
        // Generate CA cert
        SEQUENCE extensions = new SEQUENCE();
        extensions.addElement(makeBasicConstraintsExtension());
        Certificate caCert = makeCert("CACert", "CACert", serialNum, caPair.getPrivate(), caPair.getPublic(), serialNum, extensions);
        X509Certificate nssCaCert = cm.importUserCACertPackage(ASN1Util.encode(caCert), "SSLCA-" + serialNum);
        InternalCertificate intern = (InternalCertificate) nssCaCert;
        intern.setSSLTrust(PK11Cert.TRUSTED_CA | PK11Cert.TRUSTED_CLIENT_CA | PK11Cert.VALID_CA);
        // generate server cert
        kpg.initialize(keyLength);
        KeyPair serverPair = kpg.genKeyPair();
        Certificate serverCert = makeCert("CACert", "localhost", serialNum + 1, caPair.getPrivate(), serverPair.getPublic(), serialNum, null);
        nssServerCert = cm.importCertPackage(ASN1Util.encode(serverCert), serverCertNick);
        // generate client auth cert
        kpg.initialize(keyLength);
        KeyPair clientPair = kpg.genKeyPair();
        Certificate clientCert = makeCert("CACert", "ClientCert", serialNum + 2, caPair.getPrivate(), clientPair.getPublic(), serialNum, null);
        nssClientCert = cm.importCertPackage(ASN1Util.encode(clientCert), clientCertNick);
    } catch (CertificateEncodingException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (NoSuchAlgorithmException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (NoSuchProviderException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (NicknameConflictException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (UserCertConflictException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (TokenException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (NoSuchItemOnTokenException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (Exception ex) {
        ex.printStackTrace();
        System.exit(1);
    }
}

Example 54 with NULL

use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.

the class ListCerts method main.

public static void main(String[] args) {
    try {
        if (args.length != 2) {
            System.out.println("Usage: ListCerts <dbdir> <nickname>");
            return;
        }
        String nickname = args[1];
        CryptoManager cm = CryptoManager.getInstance();
        X509Certificate[] certs = cm.findCertsByNickname(nickname);
        System.out.println(certs.length + " certs found with this nickname.");
        for (int i = 0; i < certs.length; i++) {
            System.out.println("\nSubject: " + certs[i].getSubjectDN());
            Certificate cert = (Certificate) ASN1Util.decode(Certificate.getTemplate(), certs[i].getEncoded());
            CertificateInfo info = cert.getInfo();
            OBJECT_IDENTIFIER sigalg = info.getSignatureAlgId().getOID();
            System.out.println("Signature oid " + info.getSignatureAlgId().getOID());
            SEQUENCE extensions = info.getExtensions();
            for (int j = 0; j < extensions.size(); j++) {
                Extension ext = (Extension) extensions.elementAt(i);
                OBJECT_IDENTIFIER oid = ext.getExtnId();
                OCTET_STRING value = ext.getExtnValue();
                System.out.println("Extension " + oid.toString());
                if (ext.getCritical()) {
                    System.out.println("Critical extension: " + oid.toString());
                } else {
                    System.out.println("NON Critical extension: " + oid.toString());
                }
            }
            System.out.println("Convert to JDK cert");
            // Convert to JDK certificate
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            ByteArrayInputStream bais = new ByteArrayInputStream(certs[i].getEncoded());
            java.security.cert.X509Certificate jdkCert = (java.security.cert.X509Certificate) cf.generateCertificate(bais);
            bais.close();
            System.out.println("Subject " + jdkCert.getSubjectX500Principal());
            System.out.println("Signature oid " + jdkCert.getSigAlgName());
            /* non critical extensions */
            Set<String> nonCritSet = jdkCert.getNonCriticalExtensionOIDs();
            if (nonCritSet != null && !nonCritSet.isEmpty()) {
                for (Iterator<String> j = nonCritSet.iterator(); j.hasNext(); ) {
                    String oid = j.next();
                    System.out.println(oid);
                }
            } else {
                System.out.println("no NON Critical Extensions");
            }
            /* critical extensions */
            Set<String> critSet = jdkCert.getCriticalExtensionOIDs();
            if (critSet != null && !critSet.isEmpty()) {
                System.out.println("Set of critical extensions:");
                for (Iterator<String> j = critSet.iterator(); j.hasNext(); ) {
                    String oid = j.next();
                    System.out.println(oid);
                }
            } else {
                System.out.println("no Critical Extensions");
            }
        }
        System.out.println("END");
    } catch (Exception e) {
        e.printStackTrace();
        System.exit(1);
    }
    System.exit(0);
}

Example 55 with NULL

use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.

the class IssuingDistributionPoint method main.

public static void main(String[] args) {
    BufferedOutputStream bos = null;
    try {
        if (args.length != 1) {
            System.out.println("Usage: IssuingDistributionPoint <outfile>");
            System.exit(-1);
        }
        bos = new BufferedOutputStream(new FileOutputStream(args[0]));
        SEQUENCE idps = new SEQUENCE();
        IssuingDistributionPoint idp = new IssuingDistributionPoint();
        X500Name dn = new X500Name("CN=Skovw Wjasldk,E=nicolson@netscape.com" + ",OU=Certificate Server,O=Netscape,C=US");
        GeneralNames generalNames = new GeneralNames();
        generalNames.addElement(dn);
        idp.setFullName(generalNames);
        idps.addElement(idp);
        idp = new IssuingDistributionPoint();
        URIName uri = new URIName("http://www.mycrl.com/go/here");
        generalNames = new GeneralNames();
        generalNames.addElement(uri);
        idp.setFullName(generalNames);
        idp.setOnlyContainsUserCerts(true);
        idp.setOnlyContainsCACerts(true);
        idp.setIndirectCRL(true);
        BitArray ba = new BitArray(5, new byte[] { (byte) 0x28 });
        idp.setOnlySomeReasons(ba);
        idps.addElement(idp);
        idps.encode(bos);
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (bos != null) {
            try {
                bos.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
}