use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.
the class RevokedCertImpl method decode.
/**
* Decode a revoked certificate from an input stream.
*
* @param inStrm
* an input stream holding at least one revoked certificate
* @exception CRLException
* on parsing errors.
* @exception X509ExtensionException
* on extension handling errors.
*/
public void decode(InputStream inStrm) throws CRLException, X509ExtensionException {
try {
DerValue derValue = new DerValue(inStrm);
parse(derValue);
} catch (IOException e) {
throw new CRLException("Parsing error: " + e.toString());
}
}
use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.
the class RevokedCertImpl method parse.
private void parse(DerValue derVal) throws CRLException, X509ExtensionException {
if (derVal.tag != DerValue.tag_Sequence) {
throw new CRLException("Invalid encoded RevokedCertificate, " + "starting sequence tag missing.");
}
if (derVal.data.available() == 0)
throw new CRLException("No data encoded for RevokedCertificates");
// serial number
try {
DerInputStream in = derVal.toDerInputStream();
DerValue val = in.getDerValue();
this.serialNumber = new SerialNumber(val);
} catch (IOException e) {
throw new CRLException("Parsing Serial Number error: " + e.toString());
}
// revocationDate
try {
int nextByte = derVal.data.peekByte();
if ((byte) nextByte == DerValue.tag_UtcTime) {
this.revocationDate = derVal.data.getUTCTime();
} else if ((byte) nextByte == DerValue.tag_GeneralizedTime) {
this.revocationDate = derVal.data.getGeneralizedTime();
} else {
throw new CRLException("Invalid encoding for RevokedCertificates");
}
} catch (IOException e) {
throw new CRLException("Parsing Revocation Date error: " + e.toString());
}
if (derVal.data.available() == 0)
// no extensions
return;
// crlEntryExtensions
try {
this.extensions = new CRLExtensions(derVal.toDerInputStream());
} catch (IOException e) {
throw new CRLException("Parsing CRL Entry Extensions error: " + e.toString());
}
}
use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.
the class OtherName method decode.
public void decode(InputStream in) throws IOException {
DerValue val = new DerValue(in);
decodeThis(val);
}
use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.
the class ExtensionsRequested method construct.
/**
* construct - expects this in the inputstream (from the router):
*
* 211 30 31: SEQUENCE {
* 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8'
* 225 31 17: SET {
* 227 04 15: OCTET STRING, encapsulates {
* 229 30 13: SEQUENCE {
* 231 30 11: SEQUENCE {
* 233 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
* 238 04 4: OCTET STRING
* : 03 02 05 A0
* : }
* : }
* : }
*
* or this (from IRE client):
*
* 262 30 51: SEQUENCE {
* 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14)
* 275 31 38: SET {
* 277 30 36: SEQUENCE {
* 279 30 34: SEQUENCE {
* 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
* 286 04 27: OCTET STRING
* : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61
* : 61 61 2E 6D 63 6F 6D 2E 63 6F 6D
* : }
* : }
* : }
* : }
*/
private void construct(DerValue dv) throws IOException {
DerInputStream stream = null;
try {
// try decoding as sequence first
stream = dv.toDerInputStream();
// consume stream
stream.getDerValue();
stream.reset();
// consume stream
stream.getSequence(2);
} catch (IOException ioe) {
// if it failed, the outer sequence may be
// encapsulated in an octet string, as in the first
// example above
byte[] octet_string = dv.getOctetString();
// Make a new input stream from the byte array,
// and re-parse it as a sequence.
dv = new DerValue(octet_string);
stream = dv.toDerInputStream();
// consume stream
stream.getSequence(2);
}
// now, the stream will be in the correct format
stream.reset();
while (true) {
DerValue ext_dv = null;
try {
ext_dv = stream.getDerValue();
} catch (IOException ex) {
break;
}
Extension ext = new Extension(ext_dv);
exts.addElement(ext);
}
}
use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.
the class RSAPSSAlgorithmParameters method decode.
private void decode(DerInputStream in, byte[] encoded) throws IOException {
if (in == null) {
throw new IOException("Invalid input: got null DerInputStream");
}
// Sequence has 3 members, trailer field ignored
DerValue[] seq = in.getSequence(3);
if (seq.length < 3 || seq.length > 4) {
throw new IOException("Invalid data! Expected a sequence with either 3 or 4 members; got " + seq.length);
}
if (seq[0].isContextSpecific((byte) 0)) {
seq[0] = seq[0].data.getDerValue();
} else {
throw new IOException("Invalid encoded data! Expecting OAEP-PSSDigestAlgorithms (hashAlgorithm).");
}
AlgorithmId algid = AlgorithmId.parse(seq[0]);
String specAlgName = getSpecAlgName(algid.getName());
String specMGF1Name = "";
// Now the MFG1 parameter hash fun is the same as the main hash func.
MGF1ParameterSpec specMFG1ParamSpec = new MGF1ParameterSpec(specAlgName);
if (seq[1].isContextSpecific((byte) 1)) {
seq[1] = seq[1].data.getDerValue();
} else {
throw new IOException("Invalid encoded data! Expecting OAEP-PSSDigestAlgorithms (maskGenAlgorithm).");
}
DerInputStream mgf1Str = new DerInputStream(seq[1].toByteArray());
DerValue[] seqMgf1 = mgf1Str.getSequence(2);
ObjectIdentifier mgf1OID = seqMgf1[0].getOID();
if (!mgf1OID.equals(AlgorithmId.MGF1_oid)) {
throw new IOException("Invalid encoded data: expected MGF1 OID but got: " + mgf1OID.toString());
} else {
specMGF1Name = "MGF1";
}
if (seq[2].isContextSpecific((byte) 2)) {
seq[2] = seq[2].data.getDerValue();
} else {
throw new IOException("Invalid encoded data! Expected INTEGER (saltLength).");
}
BigInt sLength = seq[2].getInteger();
this.spec = new PSSParameterSpec(specAlgName, specMGF1Name, specMFG1ParamSpec, sLength.toInt(), 1);
populateFromSpec();
}
Aggregations