Examples with DerInputStream org.mozilla.jss.netscape.security.util.DerInputStream used on opensource projects

Example 6 with DerInputStream

use of org.mozilla.jss.netscape.security.util.DerInputStream in project jss by dogtagpki.

the class CertificateExtensions method decodeEx.

/**
 * Decode the extensions from the InputStream.
 *
 * @param in the InputStream to unmarshal the contents from.
 * @exception IOException on decoding or validity errors.
 */
public void decodeEx(InputStream in) throws IOException {
    DerValue val = new DerValue(in);
    DerInputStream str = null;
    if (val.isConstructed() && val.isContextSpecific((byte) 3)) {
        str = val.data;
    } else {
        str = val.toDerInputStream();
    }
    map = new LinkedHashMap<>();
    DerValue[] exts = str.getSequence(5);
    for (int i = 0; i < exts.length; i++) {
        Extension ext = new Extension(exts[i]);
        parseExtension(ext);
    }
}

Example 7 with DerInputStream

use of org.mozilla.jss.netscape.security.util.DerInputStream in project jss by dogtagpki.

the class CertificateExtensions method decode.

/**
 * Decode the extensions from the InputStream.
 *
 * @param in the InputStream to unmarshal the contents from.
 * @exception IOException on decoding or validity errors.
 */
@Override
public void decode(InputStream in) throws IOException {
    DerValue val = new DerValue(in);
    DerInputStream str = val.toDerInputStream();
    map = new LinkedHashMap<>();
    DerValue[] exts = str.getSequence(5);
    for (int i = 0; i < exts.length; i++) {
        Extension ext = new Extension(exts[i]);
        parseExtension(ext);
    }
}

Example 8 with DerInputStream

use of org.mozilla.jss.netscape.security.util.DerInputStream in project candlepin by candlepin.

the class JSSPKIUtility method buildAuthorityKeyIdentifier.

/**
 * Calculate the KeyIdentifier for a public key and place it in an AuthorityKeyIdentifier extension.
 *
 * Java encodes RSA public keys using the SubjectPublicKeyInfo type described in RFC 5280.
 * <pre>
 * SubjectPublicKeyInfo  ::=  SEQUENCE  {
 *   algorithm            AlgorithmIdentifier,
 *   subjectPublicKey     BIT STRING  }
 *
 * AlgorithmIdentifier  ::=  SEQUENCE  {
 *   algorithm               OBJECT IDENTIFIER,
 *   parameters              ANY DEFINED BY algorithm OPTIONAL  }
 * </pre>
 *
 * A KeyIdentifier is a SHA-1 digest of the subjectPublicKey bit string from the ASN.1 above.
 *
 * @param key the public key to use
 * @return an AuthorityKeyIdentifierExtension based on the key
 * @throws IOException if we can't construct a MessageDigest object.
 */
public static AuthorityKeyIdentifierExtension buildAuthorityKeyIdentifier(PublicKey key) throws IOException {
    try {
        Provider provider = JSSProviderLoader.getProvider(true);
        MessageDigest d = MessageDigest.getInstance("SHA-1", provider);
        byte[] encodedKey = key.getEncoded();
        DerInputStream s = new DerValue(encodedKey).toDerInputStream();
        // Skip the first item in the sequence, AlgorithmIdentifier.
        // The parameter, startLen, is required for skipSequence although it's unused.
        s.skipSequence(0);
        // Get the key's bit string
        BitArray b = s.getUnalignedBitString();
        byte[] digest = d.digest(b.toByteArray());
        KeyIdentifier ki = new KeyIdentifier(digest);
        return new AuthorityKeyIdentifierExtension(ki, null, null);
    } catch (NoSuchAlgorithmException e) {
        throw new IOException("Could not find SHA1 implementation", e);
    }
}

Example 9 with DerInputStream

use of org.mozilla.jss.netscape.security.util.DerInputStream in project candlepin by candlepin.

the class JSSPKIUtility method buildAuthorityKeyIdentifier.

/**
 * Calculate the KeyIdentifier for an RSAPublicKey and place it in an AuthorityKeyIdentifier extension.
 *
 * Java encodes RSA public keys using the SubjectPublicKeyInfo type described in RFC 5280.
 * <pre>
 * SubjectPublicKeyInfo  ::=  SEQUENCE  {
 *   algorithm            AlgorithmIdentifier,
 *   subjectPublicKey     BIT STRING  }
 *
 * AlgorithmIdentifier  ::=  SEQUENCE  {
 *   algorithm               OBJECT IDENTIFIER,
 *   parameters              ANY DEFINED BY algorithm OPTIONAL  }
 * </pre>
 *
 * A KeyIdentifier is a SHA-1 digest of the subjectPublicKey bit string from the ASN.1 above.
 *
 * @param key the RSAPublicKey to use
 * @return an AuthorityKeyIdentifierExtension based on the key
 * @throws IOException if we can't construct a MessageDigest object.
 */
public static AuthorityKeyIdentifierExtension buildAuthorityKeyIdentifier(RSAPublicKey key) throws IOException {
    try {
        MessageDigest d = MessageDigest.getInstance("SHA-1");
        byte[] encodedKey = key.getEncoded();
        DerInputStream s = new DerValue(encodedKey).toDerInputStream();
        // Skip the first item in the sequence, AlgorithmIdentifier.
        // The parameter, startLen, is required for skipSequence although it's unused.
        s.skipSequence(0);
        // Get the key's bit string
        BitArray b = s.getUnalignedBitString();
        byte[] digest = d.digest(b.toByteArray());
        KeyIdentifier ki = new KeyIdentifier(digest);
        return new AuthorityKeyIdentifierExtension(ki, null, null);
    } catch (NoSuchAlgorithmException e) {
        throw new IOException("Could not find SHA1 implementation", e);
    }
}

Example 10 with DerInputStream

use of org.mozilla.jss.netscape.security.util.DerInputStream in project candlepin by candlepin.

the class DefaultSubjectKeyIdentifierWriter method getSubjectKeyIdentifier.

@Override
public byte[] getSubjectKeyIdentifier(KeyPair clientKeyPair, Set<X509ExtensionWrapper> extensions) throws IOException {
    try {
        MessageDigest d = MessageDigest.getInstance("SHA-1");
        byte[] encodedKey = clientKeyPair.getPublic().getEncoded();
        DerInputStream s = new DerValue(encodedKey).toDerInputStream();
        // Skip the first item in the sequence, AlgorithmIdentifier.
        // The parameter, startLen, is required for skipSequence although it's unused.
        s.skipSequence(0);
        // Get the key's bit string
        BitArray b = s.getUnalignedBitString();
        byte[] digest = d.digest(b.toByteArray());
        KeyIdentifier ki = new KeyIdentifier(digest);
        return ASN1Util.encode(new OCTET_STRING(ki.getIdentifier()));
    } catch (NoSuchAlgorithmException e) {
        throw new IOException("Could not create KeyIdentifier", e);
    }
}