Example 61 with DerValue
use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.
the class X509Key method decode.
/**
* Initialize an X509Key object from an input stream. The data on that
* input stream must be encoded using DER, obeying the X.509 <code>SubjectPublicKeyInfo</code> format. That is, the
* data is a
* sequence consisting of an algorithm ID and a bit string which holds
* the key. (That bit string is often used to encapsulate another DER
* encoded sequence.)
*
* <P>
* Subclasses should not normally redefine this method; they should instead provide a <code>parseKeyBits</code>
* method to parse any fields inside the <code>key</code> member.
*
* <P>
* The exception to this rule is that since private keys need not be encoded using the X.509
* <code>SubjectPublicKeyInfo</code> format, private keys may override this method, <code>encode</code>, and of
* course <code>getFormat</code>.
*
* @param in an input stream with a DER-encoded X.509
* SubjectPublicKeyInfo value
* @exception InvalidKeyException on parsing errors.
*/
public void decode(InputStream in) throws InvalidKeyException {
DerValue val;
try {
val = new DerValue(in);
if (val.tag != DerValue.tag_Sequence)
throw new InvalidKeyException("invalid key format");
algid = AlgorithmId.parse(val.data.getDerValue());
key = val.data.getBitString();
parseKeyBits();
if (val.data.available() != 0)
throw new InvalidKeyException("excess key data");
} catch (IOException e) {
// e.printStackTrace ();
throw new InvalidKeyException("IOException : " + e.getMessage());
}
}
Also used :
DerValue(org.mozilla.jss.netscape.security.util.DerValue)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
Example 62 with DerValue
use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.
the class X500Name method findAttribute.
/**
* Find the first instance of this attribute in a "top down"
* search of all the attributes in the name.
*/
private DerValue findAttribute(ObjectIdentifier attribute) {
int i;
DerValue retval = null;
for (i = 0; i < names.length; i++) {
retval = names[i].findAttribute(attribute);
if (retval != null)
break;
}
return retval;
}
Also used :
DerValue(org.mozilla.jss.netscape.security.util.DerValue)
Example 63 with DerValue
use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.
the class X509CRLImpl method parse.
private void parse(DerValue val, boolean includeEntries) throws CRLException, IOException, X509ExtensionException {
// check if can over write the certificate
if (readOnly)
throw new CRLException("cannot over-write existing CRL");
readOnly = true;
DerValue[] seq = new DerValue[3];
seq[0] = val.data.getDerValue();
seq[1] = val.data.getDerValue();
seq[2] = val.data.getDerValue();
if (val.data.available() != 0)
throw new CRLException("signed overrun, bytes = " + val.data.available());
if (seq[0].tag != DerValue.tag_Sequence)
throw new CRLException("signed CRL fields invalid");
sigAlgId = AlgorithmId.parse(seq[1]);
signature = seq[2].getBitString();
if (seq[1].data.available() != 0)
throw new CRLException("AlgorithmId field overrun");
if (seq[2].data.available() != 0)
throw new CRLException("Signature field overrun");
// the tbsCertsList
tbsCertList = seq[0].toByteArray();
// parse the information
DerInputStream derStrm = seq[0].data;
DerValue tmp;
byte nextByte;
// version (optional if v1)
// by default, version = v1 == 0
version = 0;
nextByte = (byte) derStrm.peekByte();
if (nextByte == DerValue.tag_Integer) {
version = derStrm.getInteger().toInt();
if (// i.e. v2
version != 1)
throw new CRLException("Invalid version");
}
tmp = derStrm.getDerValue();
// signature
{
AlgorithmId tmpId = AlgorithmId.parse(tmp);
if (!tmpId.equals(sigAlgId))
throw new CRLException("Signature algorithm mismatch");
infoSigAlgId = tmpId;
}
// issuer
issuer = new X500Name(derStrm);
// thisUpdate
// check if UTCTime encoded or GeneralizedTime
nextByte = (byte) derStrm.peekByte();
if (nextByte == DerValue.tag_UtcTime) {
thisUpdate = derStrm.getUTCTime();
} else if (nextByte == DerValue.tag_GeneralizedTime) {
thisUpdate = derStrm.getGeneralizedTime();
} else {
throw new CRLException("Invalid encoding for thisUpdate" + " (tag=" + nextByte + ")");
}
if (derStrm.available() == 0)
// done parsing no more optional fields present
return;
// nextUpdate (optional)
nextByte = (byte) derStrm.peekByte();
if (nextByte == DerValue.tag_UtcTime) {
nextUpdate = derStrm.getUTCTime();
} else if (nextByte == DerValue.tag_GeneralizedTime) {
nextUpdate = derStrm.getGeneralizedTime();
}
if (derStrm.available() == 0)
// done parsing no more optional fields present
return;
// revokedCertificates (optional)
nextByte = (byte) derStrm.peekByte();
if ((nextByte == DerValue.tag_SequenceOf) && (!((nextByte & 0x0c0) == 0x080))) {
if (includeEntries) {
DerValue[] badCerts = derStrm.getSequence(4);
for (int i = 0; i < badCerts.length; i++) {
RevokedCertImpl entry = new RevokedCertImpl(badCerts[i]);
if (entry.hasExtensions() && (version == 0))
throw new CRLException("Invalid encoding, extensions" + " not supported in CRL v1 entries.");
revokedCerts.put(entry.getSerialNumber(), entry);
}
} else {
derStrm.skipSequence(4);
}
}
if (derStrm.available() == 0)
// done parsing no extensions
return;
// crlExtensions (optional)
tmp = derStrm.getDerValue();
if (tmp.isConstructed() && tmp.isContextSpecific((byte) 0)) {
if (version == 0)
throw new CRLException("Invalid encoding, extensions not" + " supported in CRL v1.");
extensions = new CRLExtensions(tmp.data);
}
}
Also used :
DerValue(org.mozilla.jss.netscape.security.util.DerValue)
DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream)
CRLException(java.security.cert.CRLException)
Example 64 with DerValue
use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.
the class LdapV3DNStrConverter method parseAVA.
/**
* Like parseAVA(PushbackReader) with a DER encoding order given as
* argument for Directory Strings.
*/
public AVA parseAVA(PushbackReader in, byte[] encodingOrder) throws IOException {
int c;
ObjectIdentifier oid;
DerValue value;
StringBuffer keywordBuf;
StringBuffer valueBuf;
ByteArrayOutputStream berStream;
char hexChar1, hexChar2;
CharArrayWriter hexCharsBuf;
String endChars;
/* First get the keyword indicating the attribute's type,
* and map it to the appropriate OID.
*/
keywordBuf = new StringBuffer();
for (; ; ) {
c = in.read();
if (c == '=')
break;
if (c == -1) {
throw new IOException("Bad AVA format: Missing '='");
}
keywordBuf.append((char) c);
}
oid = parseAVAKeyword(keywordBuf.toString());
/* Now parse the value. "#hex", a quoted string, or a string
* terminated by "+", ",", ";", ">". Whitespace before or after
* the value is stripped.
*/
for (c = in.read(); c == ' '; c = in.read()) continue;
if (c == -1)
throw new IOException("Bad AVA format: Missing attribute value");
if (c == '#') {
/*
* NOTE per LDAPv3 dn string ietf standard the value represented
* by this form is a BER value. But we only support DER value here
* which is only a form of BER.
*/
berStream = new ByteArrayOutputStream();
int b;
for (; ; ) {
hexChar1 = (char) (c = in.read());
if (// end of value
c == -1 || octoEndChars.indexOf(c) > 0)
break;
hexChar2 = (char) (c = in.read());
if (hexDigits.indexOf(hexChar1) == -1 || hexDigits.indexOf(hexChar2) == -1)
throw new IOException("Bad AVA value: bad hex value.");
b = (Character.digit(hexChar1, 16) << 4) + Character.digit(hexChar2, 16);
berStream.write(b);
}
if (berStream.size() == 0)
throw new IOException("bad AVA format: invalid hex value");
value = parseAVAValue(berStream.toByteArray(), oid);
while (c == ' ' && c != -1) c = in.read();
} else {
valueBuf = new StringBuffer();
boolean quoted = false;
if (c == '"') {
quoted = true;
endChars = quotedEndChars;
if ((c = in.read()) == -1)
throw new IOException("Bad AVA format: Missing attrValue");
} else {
endChars = valueEndChars;
}
// pair = '\' ( special | '\' | QUOTATION | hexpair )
while (c != -1 && endChars.indexOf(c) == -1) {
if (c == '\\') {
if ((c = in.read()) == -1)
throw new IOException("Bad AVA format: expecting " + "escaped char.");
// expect escaping of special chars, space and CR.
if (specialChars.indexOf((char) c) != -1 || c == '\n' || c == '\\' || c == '"' || c == ' ') {
valueBuf.append((char) c);
} else if (hexDigits.indexOf(c) != -1) {
hexCharsBuf = new CharArrayWriter();
// handle sequence of '\' hexpair
do {
hexChar1 = (char) c;
hexChar2 = (char) (c = in.read());
if (hexDigits.indexOf((char) c) == -1)
throw new IOException("Bad AVA format: " + "invalid escaped hex pair");
hexCharsBuf.write(hexChar1);
hexCharsBuf.write(hexChar2);
// read ahead to next '\' hex-char if any.
if ((c = in.read()) == -1)
break;
if (c != '\\') {
in.unread(c);
break;
}
if ((c = in.read()) == -1)
throw new IOException("Bad AVA format: " + "expecting escaped char.");
if (hexDigits.indexOf((char) c) == -1) {
in.unread(c);
in.unread('\\');
break;
}
} while (true);
valueBuf.append(getStringFromHexpairs(hexCharsBuf.toCharArray()));
} else {
throw new IOException("Bad AVA format: " + "invalid escaping");
}
} else
valueBuf.append((char) c);
c = in.read();
}
value = parseAVAValue(valueBuf.toString().trim(), oid, encodingOrder);
if (quoted) {
// move to next non-white space
do {
c = in.read();
} while (c == ' ');
if (c != -1 && valueEndChars.indexOf(c) == -1)
throw new IOException("Bad AVA format: separator expected at end of ava.");
}
}
if (c != -1)
in.unread(c);
return new AVA(oid, value);
}
Also used :
DerValue(org.mozilla.jss.netscape.security.util.DerValue)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
CharArrayWriter(java.io.CharArrayWriter)
ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)
Example 65 with DerValue
use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.
the class IA5StringConverter method getValue.
@Override
public DerValue getValue(String valueString, byte[] tags) throws IOException {
try {
CharsetEncoder encoder = ASN1CharStrConvMap.getDefault().getEncoder(DerValue.tag_IA5String);
if (encoder == null)
throw new IOException("No encoder for IA5String");
CharBuffer charBuffer = CharBuffer.wrap(valueString.toCharArray());
ByteBuffer byteBuffer = encoder.encode(charBuffer);
return new DerValue(DerValue.tag_IA5String, byteBuffer.array(), byteBuffer.arrayOffset(), byteBuffer.limit());
} catch (CharacterCodingException e) {
throw new IllegalArgumentException("Invalid IA5String AVA Value string");
}
}
Also used :
DerValue(org.mozilla.jss.netscape.security.util.DerValue)
CharBuffer(java.nio.CharBuffer)
IOException(java.io.IOException)
CharacterCodingException(java.nio.charset.CharacterCodingException)
CharsetEncoder(java.nio.charset.CharsetEncoder)
ByteBuffer(java.nio.ByteBuffer)
Aggregations
DerValue (org.mozilla.jss.netscape.security.util.DerValue)70
IOException (java.io.IOException)31
DerInputStream (org.mozilla.jss.netscape.security.util.DerInputStream)20
DerOutputStream (org.mozilla.jss.netscape.security.util.DerOutputStream)8
ObjectIdentifier (org.mozilla.jss.netscape.security.util.ObjectIdentifier)8
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5
ByteBuffer (java.nio.ByteBuffer)4
CharBuffer (java.nio.CharBuffer)4
CharacterCodingException (java.nio.charset.CharacterCodingException)4
CharsetEncoder (java.nio.charset.CharsetEncoder)4
MessageDigest (java.security.MessageDigest)4
CRLException (java.security.cert.CRLException)4
BitArray (org.mozilla.jss.netscape.security.util.BitArray)4
AuthorityKeyIdentifierExtension (org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)4
KeyIdentifier (org.mozilla.jss.netscape.security.x509.KeyIdentifier)4
ByteArrayOutputStream (java.io.ByteArrayOutputStream)3
InvalidKeyException (java.security.InvalidKeyException)3
BigInt (org.mozilla.jss.netscape.security.util.BigInt)3
GeneralName (org.mozilla.jss.netscape.security.x509.GeneralName)3
CertificateException (java.security.cert.CertificateException)2
