Search in sources :

Example 1 with DerInputStream

use of org.mozilla.jss.netscape.security.util.DerInputStream in project jss by dogtagpki.

the class BigObjectIdentifier method main.

public static void main(String[] args) throws Exception {
    long[] oid_components_long = { 1L, 3L, 6L, 1L, 4L, 1L, 5000L, 9L, 1L, 1L, 1526913300628L, 1L };
    int[] oid_components_int = { 1, 3, 6, 1, 4, 1, 2312, 9, 1, 1, 15269, 1, 1 };
    BigInteger[] oid_components_big_int = { new BigInteger("1"), new BigInteger("3"), new BigInteger("6"), new BigInteger("1"), new BigInteger("4"), new BigInteger("1"), new BigInteger("2312"), new BigInteger("9"), new BigInteger("1"), new BigInteger("152691330062899999999999997777788888888888888889999999999999999"), new BigInteger("1") };
    String oidIn = "1.3.6.1.4.1.2312.9.1.152691330062899999999999997777788888888888888889999999999999999.1";
    ObjectIdentifier oid = new ObjectIdentifier(oidIn);
    ObjectIdentifier fromDer = null;
    ObjectIdentifier fromStaticMethod = null;
    ObjectIdentifier fromComponentList = null;
    ObjectIdentifier fromComponentListInt = null;
    ObjectIdentifier fromComponentListBigInt = null;
    System.out.println("oid: " + oid.toString());
    DerOutputStream out = new DerOutputStream();
    oid.encode(out);
    DerInputStream in = new DerInputStream(out.toByteArray());
    fromDer = new ObjectIdentifier(in);
    System.out.println("fromDer: " + fromDer.toString());
    fromStaticMethod = ObjectIdentifier.getObjectIdentifier(oidIn);
    System.out.println("fromStaticMethod: " + fromStaticMethod.toString());
    fromComponentList = new ObjectIdentifier(oid_components_long);
    System.out.println("fromComponentList: " + fromComponentList.toString());
    fromComponentListInt = new ObjectIdentifier(oid_components_int);
    System.out.println("fromComponentListInt: " + fromComponentListInt);
    fromComponentListBigInt = new ObjectIdentifier(oid_components_big_int);
    System.out.println("fromComponentListBigInt: " + fromComponentListBigInt);
}
Also used : DerOutputStream(org.mozilla.jss.netscape.security.util.DerOutputStream) BigInteger(java.math.BigInteger) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)

Example 2 with DerInputStream

use of org.mozilla.jss.netscape.security.util.DerInputStream in project jss by dogtagpki.

the class PKCS7 method parseSignedData.

private void parseSignedData(DerValue val) throws ParsingException, IOException {
    DerInputStream dis = val.toDerInputStream();
    // Version
    version = dis.getInteger();
    // digestAlgorithmIds
    DerValue[] digestAlgorithmIdVals = dis.getSet(1);
    int len = digestAlgorithmIdVals.length;
    digestAlgorithmIds = new AlgorithmId[len];
    try {
        for (int i = 0; i < len; i++) {
            DerValue oid = digestAlgorithmIdVals[i];
            digestAlgorithmIds[i] = AlgorithmId.parse(oid);
        }
    } catch (IOException e) {
        ParsingException pe = new ParsingException("Error parsing digest AlgorithmId IDs: " + e.getMessage());
        pe.fillInStackTrace();
        throw pe;
    }
    // contentInfo
    contentInfo = new ContentInfo(dis);
    /*
         * check if certificates (implicit tag) are provided
         * (certificates are OPTIONAL)
         */
    if ((byte) (dis.peekByte()) == (byte) 0xA0) {
        DerValue[] certificateVals = dis.getSet(2, true);
        len = certificateVals.length;
        certificates = new X509Certificate[len];
        for (int i = 0; i < len; i++) {
            try {
                X509Certificate cert = new X509CertImpl(certificateVals[i]);
                certificates[i] = cert;
            } catch (CertificateException e) {
                ParsingException pe = new ParsingException("CertificateException: " + e.getMessage());
                pe.fillInStackTrace();
                throw pe;
            }
        }
    }
    // check if crls (implicit tag) are provided (crls are OPTIONAL)
    if ((byte) (dis.peekByte()) == (byte) 0xA1) {
        dis.getSet(0, true);
    }
    // signerInfos
    DerValue[] signerInfoVals = dis.getSet(1);
    len = signerInfoVals.length;
    signerInfos = new SignerInfo[len];
    for (int i = 0; i < len; i++) {
        DerInputStream in = signerInfoVals[i].toDerInputStream();
        signerInfos[i] = new SignerInfo(in);
    }
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate)

Example 3 with DerInputStream

use of org.mozilla.jss.netscape.security.util.DerInputStream in project jss by dogtagpki.

the class PKCS9Attribute method decode.

/**
 * Decode a PKCS9 attribute.
 *
 * @param val
 *            the DerValue representing the DER encoding of the attribute.
 */
private void decode(DerValue derVal) throws IOException {
    DerInputStream derIn = new DerInputStream(derVal.toByteArray());
    DerValue[] val = derIn.getSequence(2);
    if (derIn.available() != 0)
        throw new IOException("Excess data parsing PKCS9Attribute");
    if (val.length != 2)
        throw new IOException("PKCS9Attribute doesn't have two components");
    DerValue[] elems;
    // get the oid
    ObjectIdentifier oid = val[0].getOID();
    index = indexOf(oid, PKCS9_OIDS, 1);
    Byte tag;
    if (index == -1)
        throw new IOException("Invalid OID for PKCS9 attribute: " + oid);
    elems = new DerInputStream(val[1].toByteArray()).getSet(1);
    // check single valued have only one value
    if (SINGLE_VALUED[index] && elems.length > 1)
        throwSingleValuedException();
    // check for illegal element tags
    for (int i = 0; i < elems.length; i++) {
        tag = Byte.valueOf(elems[i].tag);
        if (indexOf(tag, PKCS9_VALUE_TAGS[index], 0) == -1)
            throwTagException(tag);
    }
    switch(index) {
        // email address
        case 1:
        // unstructured name
        case 2:
        case // unstructured address
        8:
            {
                // open scope
                String[] values = new String[elems.length];
                for (int i = 0; i < elems.length; i++) values[i] = elems[i].getAsString();
                value = values;
            }
            // close scope
            break;
        case // content type
        3:
            value = elems[0].getOID();
            break;
        case // message digest
        4:
            value = elems[0].getOctetString();
            break;
        case // signing time
        5:
            value = (new DerInputStream(elems[0].toByteArray())).getUTCTime();
            break;
        case // countersignature
        6:
            {
                // open scope
                SignerInfo[] values = new SignerInfo[elems.length];
                for (int i = 0; i < elems.length; i++) values[i] = new SignerInfo(elems[i].toDerInputStream());
                value = values;
            }
            // close scope
            break;
        case // challenge password
        7:
            value = elems[0].getAsString();
            break;
        case // extended-certificate attribute -- not
        9:
            // supported
            throw new IOException("PKCS9 extended-certificate " + "attribute not supported.");
        case // IssuerAndSerialNumber attribute -- not
        10:
            // supported
            throw new IOException("PKCS9 IssuerAndSerialNumber " + "attribute not supported.");
        case // passwordCheck attribute -- not
        11:
            // supported
            throw new IOException("PKCS9 passwordCheck " + "attribute not supported.");
        case // PublicKey attribute -- not
        12:
            // supported
            throw new IOException("PKCS9 PublicKey " + "attribute not supported.");
        case // SigningDescription attribute -- not
        13:
            // supported
            throw new IOException("PKCS9 SigningDescription " + "attribute not supported.");
        case // ExtensionRequest attribute
        14:
            value = new CertificateExtensions(elems[0].toDerInputStream());
        // can't happen
        default:
    }
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) CertificateExtensions(org.mozilla.jss.netscape.security.x509.CertificateExtensions) IOException(java.io.IOException) ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)

Example 4 with DerInputStream

use of org.mozilla.jss.netscape.security.util.DerInputStream in project jss by dogtagpki.

the class RSAPublicKey method parseKeyBits.

@Override
protected void parseKeyBits() throws InvalidKeyException {
    if (!this.algid.getOID().equals(ALGORITHM_OID) && !this.algid.getOID().equals(AlgorithmId.RSA_oid)) {
        throw new InvalidKeyException("Key algorithm OID is not RSA");
    }
    try {
        DerValue val = new DerValue(key);
        if (val.tag != DerValue.tag_Sequence) {
            throw new InvalidKeyException("Invalid RSA public key format:" + " must be a SEQUENCE");
        }
        DerInputStream in = val.data;
        this.modulus = in.getInteger();
        this.publicExponent = in.getInteger();
    } catch (IOException e) {
        throw new InvalidKeyException("Invalid RSA public key: " + e.getMessage());
    }
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) IOException(java.io.IOException) InvalidKeyException(java.security.InvalidKeyException)

Example 5 with DerInputStream

use of org.mozilla.jss.netscape.security.util.DerInputStream in project jss by dogtagpki.

the class CRLExtensions method decode.

/**
 * Decode the extensions from the InputStream.
 *
 * @param in the InputStream to unmarshal the contents from.
 * @exception CRLException on decoding or validity errors.
 * @exception X509ExtensionException on extension handling errors.
 */
public void decode(InputStream in) throws CRLException, X509ExtensionException {
    try {
        DerValue val = new DerValue(in);
        DerInputStream str = val.toDerInputStream();
        map = new Hashtable<>();
        DerValue[] exts = str.getSequence(5);
        for (int i = 0; i < exts.length; i++) {
            Extension ext = new Extension(exts[i]);
            parseExtension(ext);
        }
    } catch (IOException e) {
        throw new CRLException("Parsing error: " + e.toString());
    }
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) IOException(java.io.IOException) CRLException(java.security.cert.CRLException)

Aggregations

DerInputStream (org.mozilla.jss.netscape.security.util.DerInputStream)22 DerValue (org.mozilla.jss.netscape.security.util.DerValue)20 IOException (java.io.IOException)15 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5 ObjectIdentifier (org.mozilla.jss.netscape.security.util.ObjectIdentifier)5 MessageDigest (java.security.MessageDigest)4 BitArray (org.mozilla.jss.netscape.security.util.BitArray)4 KeyIdentifier (org.mozilla.jss.netscape.security.x509.KeyIdentifier)4 CRLException (java.security.cert.CRLException)3 AuthorityKeyIdentifierExtension (org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)3 InvalidKeyException (java.security.InvalidKeyException)2 BigInteger (java.math.BigInteger)1 NoSuchProviderException (java.security.NoSuchProviderException)1 Provider (java.security.Provider)1 CertificateException (java.security.cert.CertificateException)1 CertificateParsingException (java.security.cert.CertificateParsingException)1 X509Certificate (java.security.cert.X509Certificate)1 InvalidParameterSpecException (java.security.spec.InvalidParameterSpecException)1 MGF1ParameterSpec (java.security.spec.MGF1ParameterSpec)1 PSSParameterSpec (java.security.spec.PSSParameterSpec)1