Example 16 with DerInputStream
use of org.mozilla.jss.netscape.security.util.DerInputStream in project jss by dogtagpki.
the class DSAPublicKey method parseKeyBits.
@Override
protected void parseKeyBits() throws InvalidKeyException {
try {
DerInputStream in = new DerInputStream(key);
y = in.getInteger().toBigInteger();
} catch (IOException e) {
throw new InvalidKeyException("Invalid key: y value\n" + e.getMessage());
}
}
Also used :
DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
Example 17 with DerInputStream
use of org.mozilla.jss.netscape.security.util.DerInputStream in project jss by dogtagpki.
the class EnumerationZeroTest method buildAuthorityKeyIdentifier.
/**
* Calculate the KeyIdentifier for an RSAPublicKey and place it in an AuthorityKeyIdentifier extension.
*
* Java encodes RSA public keys using the SubjectPublicKeyInfo type described in RFC 5280.
* <pre>
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
* </pre>
*
* A KeyIdentifier is a SHA-1 digest of the subjectPublicKey bit string from the ASN.1 above.
*
* @param key the RSAPublicKey to use
* @return an AuthorityKeyIdentifierExtension based on the key
* @throws IOException if we can't construct a MessageDigest object.
*/
public static AuthorityKeyIdentifierExtension buildAuthorityKeyIdentifier(RSAPublicKey key) throws IOException {
try {
MessageDigest d = MessageDigest.getInstance("SHA-1");
byte[] encodedKey = key.getEncoded();
DerInputStream s = new DerValue(encodedKey).toDerInputStream();
// Skip the first item in the sequence, AlgorithmIdentifier.
// The parameter, startLen, is required for skipSequence although it's unused.
s.skipSequence(0);
// Get the subjectPublicKey bit string
BitArray b = s.getUnalignedBitString();
byte[] digest = d.digest(b.toByteArray());
KeyIdentifier ki = new KeyIdentifier(digest);
return new AuthorityKeyIdentifierExtension(ki, null, null);
} catch (NoSuchAlgorithmException e) {
throw new IOException("Could not find SHA1 implementation", e);
}
}
Also used :
KeyIdentifier(org.mozilla.jss.netscape.security.x509.KeyIdentifier)
DerValue(org.mozilla.jss.netscape.security.util.DerValue)
AuthorityKeyIdentifierExtension(org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)
DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream)
BitArray(org.mozilla.jss.netscape.security.util.BitArray)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
MessageDigest(java.security.MessageDigest)
Example 18 with DerInputStream
use of org.mozilla.jss.netscape.security.util.DerInputStream in project jss by dogtagpki.
the class X509CertInfo method parse.
/*
* This routine unmarshals the certificate information.
*/
private void parse(DerValue val) throws CertificateParsingException, IOException {
DerInputStream in;
DerValue tmp;
if (val.tag != DerValue.tag_Sequence) {
throw new CertificateParsingException("signed fields invalid");
}
rawCertInfo = val.toByteArray();
in = val.data;
// Version
tmp = in.getDerValue();
if (tmp.isContextSpecific((byte) 0)) {
version = new CertificateVersion(tmp);
tmp = in.getDerValue();
}
// Serial number ... an integer
serialNum = new CertificateSerialNumber(tmp);
// Algorithm Identifier
algId = new CertificateAlgorithmId(in);
// Issuer name
issuer = new CertificateIssuerName(in);
// validity: SEQUENCE { start date, end date }
interval = new CertificateValidity(in);
// subject name
subject = new CertificateSubjectName(in);
// public key
pubKey = new CertificateX509Key(in);
// If more data available, make sure version is not v1.
if (in.available() != 0) {
if (version.compare(CertificateVersion.V1) == 0) {
throw new CertificateParsingException("excess cert data");
}
} else {
return;
}
// Get the issuerUniqueId if present
tmp = in.getDerValue();
if (tmp.isContextSpecific((byte) 1)) {
issuerUniqueId = new CertificateIssuerUniqueIdentity(tmp);
if (in.available() == 0) {
return;
}
tmp = in.getDerValue();
}
// Get the subjectUniqueId if present.
if (tmp.isContextSpecific((byte) 2)) {
subjectUniqueId = new CertificateSubjectUniqueIdentity(tmp);
if (in.available() == 0) {
return;
}
tmp = in.getDerValue();
}
// Get the extensions.
if (version.compare(CertificateVersion.V3) != 0) {
throw new CertificateParsingException("excess cert data");
}
if (tmp.isConstructed() && tmp.isContextSpecific((byte) 3)) {
extensions = new CertificateExtensions(tmp.data);
}
}
Also used :
CertificateParsingException(java.security.cert.CertificateParsingException)
DerValue(org.mozilla.jss.netscape.security.util.DerValue)
DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream)
Example 19 with DerInputStream
use of org.mozilla.jss.netscape.security.util.DerInputStream in project jss by dogtagpki.
the class X509CRLImpl method parse.
private void parse(DerValue val, boolean includeEntries) throws CRLException, IOException, X509ExtensionException {
// check if can over write the certificate
if (readOnly)
throw new CRLException("cannot over-write existing CRL");
readOnly = true;
DerValue[] seq = new DerValue[3];
seq[0] = val.data.getDerValue();
seq[1] = val.data.getDerValue();
seq[2] = val.data.getDerValue();
if (val.data.available() != 0)
throw new CRLException("signed overrun, bytes = " + val.data.available());
if (seq[0].tag != DerValue.tag_Sequence)
throw new CRLException("signed CRL fields invalid");
sigAlgId = AlgorithmId.parse(seq[1]);
signature = seq[2].getBitString();
if (seq[1].data.available() != 0)
throw new CRLException("AlgorithmId field overrun");
if (seq[2].data.available() != 0)
throw new CRLException("Signature field overrun");
// the tbsCertsList
tbsCertList = seq[0].toByteArray();
// parse the information
DerInputStream derStrm = seq[0].data;
DerValue tmp;
byte nextByte;
// version (optional if v1)
// by default, version = v1 == 0
version = 0;
nextByte = (byte) derStrm.peekByte();
if (nextByte == DerValue.tag_Integer) {
version = derStrm.getInteger().toInt();
if (// i.e. v2
version != 1)
throw new CRLException("Invalid version");
}
tmp = derStrm.getDerValue();
// signature
{
AlgorithmId tmpId = AlgorithmId.parse(tmp);
if (!tmpId.equals(sigAlgId))
throw new CRLException("Signature algorithm mismatch");
infoSigAlgId = tmpId;
}
// issuer
issuer = new X500Name(derStrm);
// thisUpdate
// check if UTCTime encoded or GeneralizedTime
nextByte = (byte) derStrm.peekByte();
if (nextByte == DerValue.tag_UtcTime) {
thisUpdate = derStrm.getUTCTime();
} else if (nextByte == DerValue.tag_GeneralizedTime) {
thisUpdate = derStrm.getGeneralizedTime();
} else {
throw new CRLException("Invalid encoding for thisUpdate" + " (tag=" + nextByte + ")");
}
if (derStrm.available() == 0)
// done parsing no more optional fields present
return;
// nextUpdate (optional)
nextByte = (byte) derStrm.peekByte();
if (nextByte == DerValue.tag_UtcTime) {
nextUpdate = derStrm.getUTCTime();
} else if (nextByte == DerValue.tag_GeneralizedTime) {
nextUpdate = derStrm.getGeneralizedTime();
}
if (derStrm.available() == 0)
// done parsing no more optional fields present
return;
// revokedCertificates (optional)
nextByte = (byte) derStrm.peekByte();
if ((nextByte == DerValue.tag_SequenceOf) && (!((nextByte & 0x0c0) == 0x080))) {
if (includeEntries) {
DerValue[] badCerts = derStrm.getSequence(4);
for (int i = 0; i < badCerts.length; i++) {
RevokedCertImpl entry = new RevokedCertImpl(badCerts[i]);
if (entry.hasExtensions() && (version == 0))
throw new CRLException("Invalid encoding, extensions" + " not supported in CRL v1 entries.");
revokedCerts.put(entry.getSerialNumber(), entry);
}
} else {
derStrm.skipSequence(4);
}
}
if (derStrm.available() == 0)
// done parsing no extensions
return;
// crlExtensions (optional)
tmp = derStrm.getDerValue();
if (tmp.isConstructed() && tmp.isContextSpecific((byte) 0)) {
if (version == 0)
throw new CRLException("Invalid encoding, extensions not" + " supported in CRL v1.");
extensions = new CRLExtensions(tmp.data);
}
}
Also used :
DerValue(org.mozilla.jss.netscape.security.util.DerValue)
DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream)
CRLException(java.security.cert.CRLException)
Example 20 with DerInputStream
use of org.mozilla.jss.netscape.security.util.DerInputStream in project jss by dogtagpki.
the class RevokedCertImpl method parse.
private void parse(DerValue derVal) throws CRLException, X509ExtensionException {
if (derVal.tag != DerValue.tag_Sequence) {
throw new CRLException("Invalid encoded RevokedCertificate, " + "starting sequence tag missing.");
}
if (derVal.data.available() == 0)
throw new CRLException("No data encoded for RevokedCertificates");
// serial number
try {
DerInputStream in = derVal.toDerInputStream();
DerValue val = in.getDerValue();
this.serialNumber = new SerialNumber(val);
} catch (IOException e) {
throw new CRLException("Parsing Serial Number error: " + e.toString());
}
// revocationDate
try {
int nextByte = derVal.data.peekByte();
if ((byte) nextByte == DerValue.tag_UtcTime) {
this.revocationDate = derVal.data.getUTCTime();
} else if ((byte) nextByte == DerValue.tag_GeneralizedTime) {
this.revocationDate = derVal.data.getGeneralizedTime();
} else {
throw new CRLException("Invalid encoding for RevokedCertificates");
}
} catch (IOException e) {
throw new CRLException("Parsing Revocation Date error: " + e.toString());
}
if (derVal.data.available() == 0)
// no extensions
return;
// crlEntryExtensions
try {
this.extensions = new CRLExtensions(derVal.toDerInputStream());
} catch (IOException e) {
throw new CRLException("Parsing CRL Entry Extensions error: " + e.toString());
}
}
Also used :
DerValue(org.mozilla.jss.netscape.security.util.DerValue)
DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream)
IOException(java.io.IOException)
CRLException(java.security.cert.CRLException)
Aggregations
DerInputStream (org.mozilla.jss.netscape.security.util.DerInputStream)22
DerValue (org.mozilla.jss.netscape.security.util.DerValue)20
IOException (java.io.IOException)15
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5
ObjectIdentifier (org.mozilla.jss.netscape.security.util.ObjectIdentifier)5
MessageDigest (java.security.MessageDigest)4
BitArray (org.mozilla.jss.netscape.security.util.BitArray)4
KeyIdentifier (org.mozilla.jss.netscape.security.x509.KeyIdentifier)4
CRLException (java.security.cert.CRLException)3
AuthorityKeyIdentifierExtension (org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)3
InvalidKeyException (java.security.InvalidKeyException)2
BigInteger (java.math.BigInteger)1
NoSuchProviderException (java.security.NoSuchProviderException)1
Provider (java.security.Provider)1
CertificateException (java.security.cert.CertificateException)1
CertificateParsingException (java.security.cert.CertificateParsingException)1
X509Certificate (java.security.cert.X509Certificate)1
InvalidParameterSpecException (java.security.spec.InvalidParameterSpecException)1
MGF1ParameterSpec (java.security.spec.MGF1ParameterSpec)1
PSSParameterSpec (java.security.spec.PSSParameterSpec)1
