Search in sources :

Example 61 with DerValue

use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.

the class X509Key method decode.

/**
 * Initialize an X509Key object from an input stream. The data on that
 * input stream must be encoded using DER, obeying the X.509 <code>SubjectPublicKeyInfo</code> format. That is, the
 * data is a
 * sequence consisting of an algorithm ID and a bit string which holds
 * the key. (That bit string is often used to encapsulate another DER
 * encoded sequence.)
 *
 * <P>
 * Subclasses should not normally redefine this method; they should instead provide a <code>parseKeyBits</code>
 * method to parse any fields inside the <code>key</code> member.
 *
 * <P>
 * The exception to this rule is that since private keys need not be encoded using the X.509
 * <code>SubjectPublicKeyInfo</code> format, private keys may override this method, <code>encode</code>, and of
 * course <code>getFormat</code>.
 *
 * @param in an input stream with a DER-encoded X.509
 *            SubjectPublicKeyInfo value
 * @exception InvalidKeyException on parsing errors.
 */
public void decode(InputStream in) throws InvalidKeyException {
    DerValue val;
    try {
        val = new DerValue(in);
        if (val.tag != DerValue.tag_Sequence)
            throw new InvalidKeyException("invalid key format");
        algid = AlgorithmId.parse(val.data.getDerValue());
        key = val.data.getBitString();
        parseKeyBits();
        if (val.data.available() != 0)
            throw new InvalidKeyException("excess key data");
    } catch (IOException e) {
        // e.printStackTrace ();
        throw new InvalidKeyException("IOException : " + e.getMessage());
    }
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) IOException(java.io.IOException) InvalidKeyException(java.security.InvalidKeyException)

Example 62 with DerValue

use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.

the class X500Name method findAttribute.

/**
 * Find the first instance of this attribute in a "top down"
 * search of all the attributes in the name.
 */
private DerValue findAttribute(ObjectIdentifier attribute) {
    int i;
    DerValue retval = null;
    for (i = 0; i < names.length; i++) {
        retval = names[i].findAttribute(attribute);
        if (retval != null)
            break;
    }
    return retval;
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue)

Example 63 with DerValue

use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.

the class X509CRLImpl method parse.

private void parse(DerValue val, boolean includeEntries) throws CRLException, IOException, X509ExtensionException {
    // check if can over write the certificate
    if (readOnly)
        throw new CRLException("cannot over-write existing CRL");
    readOnly = true;
    DerValue[] seq = new DerValue[3];
    seq[0] = val.data.getDerValue();
    seq[1] = val.data.getDerValue();
    seq[2] = val.data.getDerValue();
    if (val.data.available() != 0)
        throw new CRLException("signed overrun, bytes = " + val.data.available());
    if (seq[0].tag != DerValue.tag_Sequence)
        throw new CRLException("signed CRL fields invalid");
    sigAlgId = AlgorithmId.parse(seq[1]);
    signature = seq[2].getBitString();
    if (seq[1].data.available() != 0)
        throw new CRLException("AlgorithmId field overrun");
    if (seq[2].data.available() != 0)
        throw new CRLException("Signature field overrun");
    // the tbsCertsList
    tbsCertList = seq[0].toByteArray();
    // parse the information
    DerInputStream derStrm = seq[0].data;
    DerValue tmp;
    byte nextByte;
    // version (optional if v1)
    // by default, version = v1 == 0
    version = 0;
    nextByte = (byte) derStrm.peekByte();
    if (nextByte == DerValue.tag_Integer) {
        version = derStrm.getInteger().toInt();
        if (// i.e. v2
        version != 1)
            throw new CRLException("Invalid version");
    }
    tmp = derStrm.getDerValue();
    // signature
    {
        AlgorithmId tmpId = AlgorithmId.parse(tmp);
        if (!tmpId.equals(sigAlgId))
            throw new CRLException("Signature algorithm mismatch");
        infoSigAlgId = tmpId;
    }
    // issuer
    issuer = new X500Name(derStrm);
    // thisUpdate
    // check if UTCTime encoded or GeneralizedTime
    nextByte = (byte) derStrm.peekByte();
    if (nextByte == DerValue.tag_UtcTime) {
        thisUpdate = derStrm.getUTCTime();
    } else if (nextByte == DerValue.tag_GeneralizedTime) {
        thisUpdate = derStrm.getGeneralizedTime();
    } else {
        throw new CRLException("Invalid encoding for thisUpdate" + " (tag=" + nextByte + ")");
    }
    if (derStrm.available() == 0)
        // done parsing no more optional fields present
        return;
    // nextUpdate (optional)
    nextByte = (byte) derStrm.peekByte();
    if (nextByte == DerValue.tag_UtcTime) {
        nextUpdate = derStrm.getUTCTime();
    } else if (nextByte == DerValue.tag_GeneralizedTime) {
        nextUpdate = derStrm.getGeneralizedTime();
    }
    if (derStrm.available() == 0)
        // done parsing no more optional fields present
        return;
    // revokedCertificates (optional)
    nextByte = (byte) derStrm.peekByte();
    if ((nextByte == DerValue.tag_SequenceOf) && (!((nextByte & 0x0c0) == 0x080))) {
        if (includeEntries) {
            DerValue[] badCerts = derStrm.getSequence(4);
            for (int i = 0; i < badCerts.length; i++) {
                RevokedCertImpl entry = new RevokedCertImpl(badCerts[i]);
                if (entry.hasExtensions() && (version == 0))
                    throw new CRLException("Invalid encoding, extensions" + " not supported in CRL v1 entries.");
                revokedCerts.put(entry.getSerialNumber(), entry);
            }
        } else {
            derStrm.skipSequence(4);
        }
    }
    if (derStrm.available() == 0)
        // done parsing no extensions
        return;
    // crlExtensions (optional)
    tmp = derStrm.getDerValue();
    if (tmp.isConstructed() && tmp.isContextSpecific((byte) 0)) {
        if (version == 0)
            throw new CRLException("Invalid encoding, extensions not" + " supported in CRL v1.");
        extensions = new CRLExtensions(tmp.data);
    }
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) CRLException(java.security.cert.CRLException)

Example 64 with DerValue

use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.

the class LdapV3DNStrConverter method parseAVA.

/**
 * Like parseAVA(PushbackReader) with a DER encoding order given as
 * argument for Directory Strings.
 */
public AVA parseAVA(PushbackReader in, byte[] encodingOrder) throws IOException {
    int c;
    ObjectIdentifier oid;
    DerValue value;
    StringBuffer keywordBuf;
    StringBuffer valueBuf;
    ByteArrayOutputStream berStream;
    char hexChar1, hexChar2;
    CharArrayWriter hexCharsBuf;
    String endChars;
    /* First get the keyword indicating the attribute's type,
         * and map it to the appropriate OID.
         */
    keywordBuf = new StringBuffer();
    for (; ; ) {
        c = in.read();
        if (c == '=')
            break;
        if (c == -1) {
            throw new IOException("Bad AVA format: Missing '='");
        }
        keywordBuf.append((char) c);
    }
    oid = parseAVAKeyword(keywordBuf.toString());
    /* Now parse the value.  "#hex", a quoted string, or a string
             * terminated by "+", ",", ";", ">".  Whitespace before or after
             * the value is stripped.
             */
    for (c = in.read(); c == ' '; c = in.read()) continue;
    if (c == -1)
        throw new IOException("Bad AVA format: Missing attribute value");
    if (c == '#') {
        /*
             * NOTE per LDAPv3 dn string ietf standard the value represented
             * by this form is a BER value. But we only support DER value here
             * which is only a form of BER.
             */
        berStream = new ByteArrayOutputStream();
        int b;
        for (; ; ) {
            hexChar1 = (char) (c = in.read());
            if (// end of value
            c == -1 || octoEndChars.indexOf(c) > 0)
                break;
            hexChar2 = (char) (c = in.read());
            if (hexDigits.indexOf(hexChar1) == -1 || hexDigits.indexOf(hexChar2) == -1)
                throw new IOException("Bad AVA value: bad hex value.");
            b = (Character.digit(hexChar1, 16) << 4) + Character.digit(hexChar2, 16);
            berStream.write(b);
        }
        if (berStream.size() == 0)
            throw new IOException("bad AVA format: invalid hex value");
        value = parseAVAValue(berStream.toByteArray(), oid);
        while (c == ' ' && c != -1) c = in.read();
    } else {
        valueBuf = new StringBuffer();
        boolean quoted = false;
        if (c == '"') {
            quoted = true;
            endChars = quotedEndChars;
            if ((c = in.read()) == -1)
                throw new IOException("Bad AVA format: Missing attrValue");
        } else {
            endChars = valueEndChars;
        }
        // pair = '\' ( special | '\' | QUOTATION | hexpair )
        while (c != -1 && endChars.indexOf(c) == -1) {
            if (c == '\\') {
                if ((c = in.read()) == -1)
                    throw new IOException("Bad AVA format: expecting " + "escaped char.");
                // expect escaping of special chars, space and CR.
                if (specialChars.indexOf((char) c) != -1 || c == '\n' || c == '\\' || c == '"' || c == ' ') {
                    valueBuf.append((char) c);
                } else if (hexDigits.indexOf(c) != -1) {
                    hexCharsBuf = new CharArrayWriter();
                    // handle sequence of '\' hexpair
                    do {
                        hexChar1 = (char) c;
                        hexChar2 = (char) (c = in.read());
                        if (hexDigits.indexOf((char) c) == -1)
                            throw new IOException("Bad AVA format: " + "invalid escaped hex pair");
                        hexCharsBuf.write(hexChar1);
                        hexCharsBuf.write(hexChar2);
                        // read ahead to next '\' hex-char if any.
                        if ((c = in.read()) == -1)
                            break;
                        if (c != '\\') {
                            in.unread(c);
                            break;
                        }
                        if ((c = in.read()) == -1)
                            throw new IOException("Bad AVA format: " + "expecting escaped char.");
                        if (hexDigits.indexOf((char) c) == -1) {
                            in.unread(c);
                            in.unread('\\');
                            break;
                        }
                    } while (true);
                    valueBuf.append(getStringFromHexpairs(hexCharsBuf.toCharArray()));
                } else {
                    throw new IOException("Bad AVA format: " + "invalid escaping");
                }
            } else
                valueBuf.append((char) c);
            c = in.read();
        }
        value = parseAVAValue(valueBuf.toString().trim(), oid, encodingOrder);
        if (quoted) {
            // move to next non-white space
            do {
                c = in.read();
            } while (c == ' ');
            if (c != -1 && valueEndChars.indexOf(c) == -1)
                throw new IOException("Bad AVA format: separator expected at end of ava.");
        }
    }
    if (c != -1)
        in.unread(c);
    return new AVA(oid, value);
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) CharArrayWriter(java.io.CharArrayWriter) ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)

Example 65 with DerValue

use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.

the class IA5StringConverter method getValue.

@Override
public DerValue getValue(String valueString, byte[] tags) throws IOException {
    try {
        CharsetEncoder encoder = ASN1CharStrConvMap.getDefault().getEncoder(DerValue.tag_IA5String);
        if (encoder == null)
            throw new IOException("No encoder for IA5String");
        CharBuffer charBuffer = CharBuffer.wrap(valueString.toCharArray());
        ByteBuffer byteBuffer = encoder.encode(charBuffer);
        return new DerValue(DerValue.tag_IA5String, byteBuffer.array(), byteBuffer.arrayOffset(), byteBuffer.limit());
    } catch (CharacterCodingException e) {
        throw new IllegalArgumentException("Invalid IA5String AVA Value string");
    }
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) CharBuffer(java.nio.CharBuffer) IOException(java.io.IOException) CharacterCodingException(java.nio.charset.CharacterCodingException) CharsetEncoder(java.nio.charset.CharsetEncoder) ByteBuffer(java.nio.ByteBuffer)

Aggregations

DerValue (org.mozilla.jss.netscape.security.util.DerValue)70 IOException (java.io.IOException)31 DerInputStream (org.mozilla.jss.netscape.security.util.DerInputStream)20 DerOutputStream (org.mozilla.jss.netscape.security.util.DerOutputStream)8 ObjectIdentifier (org.mozilla.jss.netscape.security.util.ObjectIdentifier)8 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5 ByteBuffer (java.nio.ByteBuffer)4 CharBuffer (java.nio.CharBuffer)4 CharacterCodingException (java.nio.charset.CharacterCodingException)4 CharsetEncoder (java.nio.charset.CharsetEncoder)4 MessageDigest (java.security.MessageDigest)4 CRLException (java.security.cert.CRLException)4 BitArray (org.mozilla.jss.netscape.security.util.BitArray)4 AuthorityKeyIdentifierExtension (org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)4 KeyIdentifier (org.mozilla.jss.netscape.security.x509.KeyIdentifier)4 ByteArrayOutputStream (java.io.ByteArrayOutputStream)3 InvalidKeyException (java.security.InvalidKeyException)3 BigInt (org.mozilla.jss.netscape.security.util.BigInt)3 GeneralName (org.mozilla.jss.netscape.security.x509.GeneralName)3 CertificateException (java.security.cert.CertificateException)2