use of org.mozilla.jss.asn1.Tag in project jss by dogtagpki.
the class AuthenticatedSafes method getSafeContentsAt.
/**
* Returns the SafeContents at the given index in the AuthenticatedSafes,
* decrypting it if necessary.
*
* <p>The algorithm used to extract encrypted SafeContents does not
* conform to version 1.0 of the spec. Instead, it conforms to the
* draft 1.0 spec, because this is what Communicator and MSIE seem
* to conform to. This looks like an implementation error that has
* become firmly entrenched to preserve interoperability. The draft
* spec dictates that the encrypted content in the EncryptedContentInfo
* is the DER encoding of a SafeContents. This is simple enough. The
* 1.0 final spec says that the SafeContents is wrapped in a ContentInfo,
* then the ContentInfo is BER encoded, then the value octets (not the
* tag or length) are encrypted. No wonder people stayed with the old way.
*
* @param password The password to use to decrypt the SafeContents if
* it is encrypted. If the SafeContents is known to not be encrypted,
* this parameter can be null. If the password is incorrect, the
* decoding will fail somehow, probably with an InvalidBERException,
* BadPaddingException, or IllegalBlockSizeException.
* @param index The index of the SafeContents to extract.
* @return A SafeContents object, which is merely a
* SEQUENCE of SafeBags.
* @exception IllegalArgumentException If no password was provided,
* but the SafeContents is encrypted.
*/
public SEQUENCE getSafeContentsAt(Password password, int index) throws IllegalStateException, NotInitializedException, NoSuchAlgorithmException, InvalidBERException, IOException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, IllegalBlockSizeException, BadPaddingException {
ContentInfo ci = (ContentInfo) sequence.elementAt(index);
if (ci.getContentType().equals(ContentInfo.ENCRYPTED_DATA)) {
if (password == null) {
// can't decrypt if we don't have a password
throw new IllegalStateException("No password to decode " + "encrypted SafeContents");
}
EncryptedContentInfo encCI = ((EncryptedData) ci.getInterpretedContent()).getEncryptedContentInfo();
// this should be a BER-encoded SafeContents
byte[] decrypted = encCI.decrypt(password, new PasswordConverter());
try {
SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(SafeBag.getTemplate());
return (SEQUENCE) ASN1Util.decode(seqt, decrypted);
} catch (InvalidBERException e) {
if (ACCEPT_SECURITY_DYNAMICS) {
// try the security dynamics approach
ContentInfo.Template cit = ContentInfo.getTemplate();
ci = (ContentInfo) ASN1Util.decode(cit, decrypted);
if (!ci.getContentType().equals(ContentInfo.DATA)) {
throw new InvalidBERException("");
}
OCTET_STRING os = (OCTET_STRING) ci.getInterpretedContent();
SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(SafeBag.getTemplate());
return (SEQUENCE) ASN1Util.decode(seqt, os.toByteArray());
} else {
throw e;
}
}
} else if (ci.getContentType().equals(ContentInfo.DATA)) {
// This SafeContents is not encrypted
SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(SafeBag.getTemplate());
return (SEQUENCE) ASN1Util.decode(seqt, ((OCTET_STRING) ci.getInterpretedContent()).toByteArray());
} else {
throw new InvalidBERException("AuthenticatedSafes element is" + " neither a Data or an EncryptedData");
}
}
use of org.mozilla.jss.asn1.Tag in project jss by dogtagpki.
the class IssuingDistributionPoint method encode.
@Override
public void encode(Tag implicitTag, OutputStream ostream) throws IOException {
SEQUENCE seq = new SEQUENCE();
DerOutputStream derOut;
try {
// is a CHOICE, the [0] tag is forced to be EXPLICIT.
if (fullName != null) {
EXPLICIT distPoint = new EXPLICIT(Tag.get(0), fullNameEncoding);
seq.addElement(distPoint);
} else if (relativeName != null) {
derOut = new DerOutputStream();
relativeName.encode(derOut);
ANY raw = new ANY(derOut.toByteArray());
ByteArrayOutputStream bos = new ByteArrayOutputStream();
raw.encodeWithAlternateTag(Tag.get(1), bos);
ANY distPointName = new ANY(bos.toByteArray());
EXPLICIT distPoint = new EXPLICIT(Tag.get(0), distPointName);
seq.addElement(distPoint);
}
if (onlyContainsUserCerts != false) {
seq.addElement(Tag.get(1), new BOOLEAN(true));
}
if (onlyContainsCACerts != false) {
seq.addElement(Tag.get(2), new BOOLEAN(true));
}
// Encodes the ReasonFlags.
if (onlySomeReasons != null) {
derOut = new DerOutputStream();
derOut.putUnalignedBitString(onlySomeReasons);
ANY raw = new ANY(derOut.toByteArray());
ByteArrayOutputStream bos = new ByteArrayOutputStream();
raw.encodeWithAlternateTag(Tag.get(3), bos);
ANY reasonEncoding = new ANY(bos.toByteArray());
seq.addElement(reasonEncoding);
}
if (indirectCRL != false) {
seq.addElement(Tag.get(4), new BOOLEAN(true));
}
seq.encode(implicitTag, ostream);
} catch (InvalidBERException e) {
// the Sun encoding classes
throw new IOException(e.toString());
}
}
use of org.mozilla.jss.asn1.Tag in project jss by dogtagpki.
the class PKIPublicationInfo method encode.
@Override
public void encode(Tag implicitTag, OutputStream ostream) throws IOException {
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(action));
seq.addElement(pubInfos);
seq.encode(implicitTag, ostream);
}
use of org.mozilla.jss.asn1.Tag in project jss by dogtagpki.
the class CertRequest method encode.
/**
* This method is not yet supported.
*/
@Override
public void encode(Tag implicit, OutputStream ostream) throws IOException {
// Assert.notYetImplemented("CertRequest encoding");
SEQUENCE sequence = new SEQUENCE();
sequence.addElement(certReqId);
sequence.addElement(certTemplate);
if (controls != null)
sequence.addElement(controls);
sequence.encode(implicit, ostream);
}
use of org.mozilla.jss.asn1.Tag in project jss by dogtagpki.
the class PKIArchiveOptions method encode.
/**
* DER-encodes a PKIArchiveOptions.
* @param implicitTag <b>This parameter is ignored.</b> A CHOICE cannot
* have an implicit tag.
*/
@Override
public void encode(Tag implicitTag, OutputStream ostream) throws IOException {
// no implicit tags on a CHOICE
assert (implicitTag.equals(tag));
if (type == ENCRYPTED_PRIV_KEY) {
// CHOICEs are always EXPLICITly tagged
EXPLICIT explicit = new EXPLICIT(new Tag(0), encryptedPrivKey);
explicit.encode(tag, ostream);
} else if (type == KEY_GEN_PARAMETERS) {
keyGenParameters.encode(tag, ostream);
} else {
assert (type == ARCHIVE_REM_GEN_PRIV_KEY);
(new BOOLEAN(archiveRemGenPrivKey)).encode(tag, ostream);
}
}
Aggregations