Search in sources :

Example 21 with DerInputStream

use of org.mozilla.jss.netscape.security.util.DerInputStream in project jss by dogtagpki.

the class ExtensionsRequested method construct.

/**
 * construct - expects this in the inputstream (from the router):
 *
 * 211 30 31: SEQUENCE {
 * 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8'
 * 225 31 17: SET {
 * 227 04 15: OCTET STRING, encapsulates {
 * 229 30 13: SEQUENCE {
 * 231 30 11: SEQUENCE {
 * 233 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
 * 238 04 4: OCTET STRING
 * : 03 02 05 A0
 * : }
 * : }
 * : }
 *
 * or this (from IRE client):
 *
 * 262 30 51: SEQUENCE {
 * 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14)
 * 275 31 38: SET {
 * 277 30 36: SEQUENCE {
 * 279 30 34: SEQUENCE {
 * 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
 * 286 04 27: OCTET STRING
 * : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61
 * : 61 61 2E 6D 63 6F 6D 2E 63 6F 6D
 * : }
 * : }
 * : }
 * : }
 */
private void construct(DerValue dv) throws IOException {
    DerInputStream stream = null;
    try {
        // try decoding as sequence first
        stream = dv.toDerInputStream();
        // consume stream
        stream.getDerValue();
        stream.reset();
        // consume stream
        stream.getSequence(2);
    } catch (IOException ioe) {
        // if it failed, the outer sequence may be
        // encapsulated in an octet string, as in the first
        // example above
        byte[] octet_string = dv.getOctetString();
        // Make a new input stream from the byte array,
        // and re-parse it as a sequence.
        dv = new DerValue(octet_string);
        stream = dv.toDerInputStream();
        // consume stream
        stream.getSequence(2);
    }
    // now, the stream will be in the correct format
    stream.reset();
    while (true) {
        DerValue ext_dv = null;
        try {
            ext_dv = stream.getDerValue();
        } catch (IOException ex) {
            break;
        }
        Extension ext = new Extension(ext_dv);
        exts.addElement(ext);
    }
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) IOException(java.io.IOException)

Example 22 with DerInputStream

use of org.mozilla.jss.netscape.security.util.DerInputStream in project jss by dogtagpki.

the class RSAPSSAlgorithmParameters method decode.

private void decode(DerInputStream in, byte[] encoded) throws IOException {
    if (in == null) {
        throw new IOException("Invalid input: got null DerInputStream");
    }
    // Sequence has 3 members, trailer field ignored
    DerValue[] seq = in.getSequence(3);
    if (seq.length < 3 || seq.length > 4) {
        throw new IOException("Invalid data! Expected a sequence with either 3 or 4 members; got " + seq.length);
    }
    if (seq[0].isContextSpecific((byte) 0)) {
        seq[0] = seq[0].data.getDerValue();
    } else {
        throw new IOException("Invalid encoded data! Expecting OAEP-PSSDigestAlgorithms (hashAlgorithm).");
    }
    AlgorithmId algid = AlgorithmId.parse(seq[0]);
    String specAlgName = getSpecAlgName(algid.getName());
    String specMGF1Name = "";
    // Now the MFG1 parameter hash fun is the same as the main hash func.
    MGF1ParameterSpec specMFG1ParamSpec = new MGF1ParameterSpec(specAlgName);
    if (seq[1].isContextSpecific((byte) 1)) {
        seq[1] = seq[1].data.getDerValue();
    } else {
        throw new IOException("Invalid encoded data! Expecting OAEP-PSSDigestAlgorithms (maskGenAlgorithm).");
    }
    DerInputStream mgf1Str = new DerInputStream(seq[1].toByteArray());
    DerValue[] seqMgf1 = mgf1Str.getSequence(2);
    ObjectIdentifier mgf1OID = seqMgf1[0].getOID();
    if (!mgf1OID.equals(AlgorithmId.MGF1_oid)) {
        throw new IOException("Invalid encoded data: expected MGF1 OID but got: " + mgf1OID.toString());
    } else {
        specMGF1Name = "MGF1";
    }
    if (seq[2].isContextSpecific((byte) 2)) {
        seq[2] = seq[2].data.getDerValue();
    } else {
        throw new IOException("Invalid encoded data! Expected INTEGER (saltLength).");
    }
    BigInt sLength = seq[2].getInteger();
    this.spec = new PSSParameterSpec(specAlgName, specMGF1Name, specMFG1ParamSpec, sLength.toInt(), 1);
    populateFromSpec();
}
Also used : AlgorithmId(org.mozilla.jss.netscape.security.x509.AlgorithmId) PSSParameterSpec(java.security.spec.PSSParameterSpec) DerValue(org.mozilla.jss.netscape.security.util.DerValue) BigInt(org.mozilla.jss.netscape.security.util.BigInt) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) IOException(java.io.IOException) MGF1ParameterSpec(java.security.spec.MGF1ParameterSpec) ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)

Aggregations

DerInputStream (org.mozilla.jss.netscape.security.util.DerInputStream)22 DerValue (org.mozilla.jss.netscape.security.util.DerValue)20 IOException (java.io.IOException)15 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5 ObjectIdentifier (org.mozilla.jss.netscape.security.util.ObjectIdentifier)5 MessageDigest (java.security.MessageDigest)4 BitArray (org.mozilla.jss.netscape.security.util.BitArray)4 KeyIdentifier (org.mozilla.jss.netscape.security.x509.KeyIdentifier)4 CRLException (java.security.cert.CRLException)3 AuthorityKeyIdentifierExtension (org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)3 InvalidKeyException (java.security.InvalidKeyException)2 BigInteger (java.math.BigInteger)1 NoSuchProviderException (java.security.NoSuchProviderException)1 Provider (java.security.Provider)1 CertificateException (java.security.cert.CertificateException)1 CertificateParsingException (java.security.cert.CertificateParsingException)1 X509Certificate (java.security.cert.X509Certificate)1 InvalidParameterSpecException (java.security.spec.InvalidParameterSpecException)1 MGF1ParameterSpec (java.security.spec.MGF1ParameterSpec)1 PSSParameterSpec (java.security.spec.PSSParameterSpec)1