Search in sources :

Example 66 with DerValue

use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.

the class RevokedCertImpl method decode.

/**
 * Decode a revoked certificate from an input stream.
 *
 * @param inStrm
 *            an input stream holding at least one revoked certificate
 * @exception CRLException
 *                on parsing errors.
 * @exception X509ExtensionException
 *                on extension handling errors.
 */
public void decode(InputStream inStrm) throws CRLException, X509ExtensionException {
    try {
        DerValue derValue = new DerValue(inStrm);
        parse(derValue);
    } catch (IOException e) {
        throw new CRLException("Parsing error: " + e.toString());
    }
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) IOException(java.io.IOException) CRLException(java.security.cert.CRLException)

Example 67 with DerValue

use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.

the class RevokedCertImpl method parse.

private void parse(DerValue derVal) throws CRLException, X509ExtensionException {
    if (derVal.tag != DerValue.tag_Sequence) {
        throw new CRLException("Invalid encoded RevokedCertificate, " + "starting sequence tag missing.");
    }
    if (derVal.data.available() == 0)
        throw new CRLException("No data encoded for RevokedCertificates");
    // serial number
    try {
        DerInputStream in = derVal.toDerInputStream();
        DerValue val = in.getDerValue();
        this.serialNumber = new SerialNumber(val);
    } catch (IOException e) {
        throw new CRLException("Parsing Serial Number error: " + e.toString());
    }
    // revocationDate
    try {
        int nextByte = derVal.data.peekByte();
        if ((byte) nextByte == DerValue.tag_UtcTime) {
            this.revocationDate = derVal.data.getUTCTime();
        } else if ((byte) nextByte == DerValue.tag_GeneralizedTime) {
            this.revocationDate = derVal.data.getGeneralizedTime();
        } else {
            throw new CRLException("Invalid encoding for RevokedCertificates");
        }
    } catch (IOException e) {
        throw new CRLException("Parsing Revocation Date error: " + e.toString());
    }
    if (derVal.data.available() == 0)
        // no extensions
        return;
    // crlEntryExtensions
    try {
        this.extensions = new CRLExtensions(derVal.toDerInputStream());
    } catch (IOException e) {
        throw new CRLException("Parsing CRL Entry Extensions error: " + e.toString());
    }
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) IOException(java.io.IOException) CRLException(java.security.cert.CRLException)

Example 68 with DerValue

use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.

the class OtherName method decode.

public void decode(InputStream in) throws IOException {
    DerValue val = new DerValue(in);
    decodeThis(val);
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue)

Example 69 with DerValue

use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.

the class ExtensionsRequested method construct.

/**
 * construct - expects this in the inputstream (from the router):
 *
 * 211 30 31: SEQUENCE {
 * 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8'
 * 225 31 17: SET {
 * 227 04 15: OCTET STRING, encapsulates {
 * 229 30 13: SEQUENCE {
 * 231 30 11: SEQUENCE {
 * 233 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
 * 238 04 4: OCTET STRING
 * : 03 02 05 A0
 * : }
 * : }
 * : }
 *
 * or this (from IRE client):
 *
 * 262 30 51: SEQUENCE {
 * 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14)
 * 275 31 38: SET {
 * 277 30 36: SEQUENCE {
 * 279 30 34: SEQUENCE {
 * 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
 * 286 04 27: OCTET STRING
 * : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61
 * : 61 61 2E 6D 63 6F 6D 2E 63 6F 6D
 * : }
 * : }
 * : }
 * : }
 */
private void construct(DerValue dv) throws IOException {
    DerInputStream stream = null;
    try {
        // try decoding as sequence first
        stream = dv.toDerInputStream();
        // consume stream
        stream.getDerValue();
        stream.reset();
        // consume stream
        stream.getSequence(2);
    } catch (IOException ioe) {
        // if it failed, the outer sequence may be
        // encapsulated in an octet string, as in the first
        // example above
        byte[] octet_string = dv.getOctetString();
        // Make a new input stream from the byte array,
        // and re-parse it as a sequence.
        dv = new DerValue(octet_string);
        stream = dv.toDerInputStream();
        // consume stream
        stream.getSequence(2);
    }
    // now, the stream will be in the correct format
    stream.reset();
    while (true) {
        DerValue ext_dv = null;
        try {
            ext_dv = stream.getDerValue();
        } catch (IOException ex) {
            break;
        }
        Extension ext = new Extension(ext_dv);
        exts.addElement(ext);
    }
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) IOException(java.io.IOException)

Example 70 with DerValue

use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.

the class RSAPSSAlgorithmParameters method decode.

private void decode(DerInputStream in, byte[] encoded) throws IOException {
    if (in == null) {
        throw new IOException("Invalid input: got null DerInputStream");
    }
    // Sequence has 3 members, trailer field ignored
    DerValue[] seq = in.getSequence(3);
    if (seq.length < 3 || seq.length > 4) {
        throw new IOException("Invalid data! Expected a sequence with either 3 or 4 members; got " + seq.length);
    }
    if (seq[0].isContextSpecific((byte) 0)) {
        seq[0] = seq[0].data.getDerValue();
    } else {
        throw new IOException("Invalid encoded data! Expecting OAEP-PSSDigestAlgorithms (hashAlgorithm).");
    }
    AlgorithmId algid = AlgorithmId.parse(seq[0]);
    String specAlgName = getSpecAlgName(algid.getName());
    String specMGF1Name = "";
    // Now the MFG1 parameter hash fun is the same as the main hash func.
    MGF1ParameterSpec specMFG1ParamSpec = new MGF1ParameterSpec(specAlgName);
    if (seq[1].isContextSpecific((byte) 1)) {
        seq[1] = seq[1].data.getDerValue();
    } else {
        throw new IOException("Invalid encoded data! Expecting OAEP-PSSDigestAlgorithms (maskGenAlgorithm).");
    }
    DerInputStream mgf1Str = new DerInputStream(seq[1].toByteArray());
    DerValue[] seqMgf1 = mgf1Str.getSequence(2);
    ObjectIdentifier mgf1OID = seqMgf1[0].getOID();
    if (!mgf1OID.equals(AlgorithmId.MGF1_oid)) {
        throw new IOException("Invalid encoded data: expected MGF1 OID but got: " + mgf1OID.toString());
    } else {
        specMGF1Name = "MGF1";
    }
    if (seq[2].isContextSpecific((byte) 2)) {
        seq[2] = seq[2].data.getDerValue();
    } else {
        throw new IOException("Invalid encoded data! Expected INTEGER (saltLength).");
    }
    BigInt sLength = seq[2].getInteger();
    this.spec = new PSSParameterSpec(specAlgName, specMGF1Name, specMFG1ParamSpec, sLength.toInt(), 1);
    populateFromSpec();
}
Also used : AlgorithmId(org.mozilla.jss.netscape.security.x509.AlgorithmId) PSSParameterSpec(java.security.spec.PSSParameterSpec) DerValue(org.mozilla.jss.netscape.security.util.DerValue) BigInt(org.mozilla.jss.netscape.security.util.BigInt) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) IOException(java.io.IOException) MGF1ParameterSpec(java.security.spec.MGF1ParameterSpec) ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)

Aggregations

DerValue (org.mozilla.jss.netscape.security.util.DerValue)70 IOException (java.io.IOException)31 DerInputStream (org.mozilla.jss.netscape.security.util.DerInputStream)20 DerOutputStream (org.mozilla.jss.netscape.security.util.DerOutputStream)8 ObjectIdentifier (org.mozilla.jss.netscape.security.util.ObjectIdentifier)8 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5 ByteBuffer (java.nio.ByteBuffer)4 CharBuffer (java.nio.CharBuffer)4 CharacterCodingException (java.nio.charset.CharacterCodingException)4 CharsetEncoder (java.nio.charset.CharsetEncoder)4 MessageDigest (java.security.MessageDigest)4 CRLException (java.security.cert.CRLException)4 BitArray (org.mozilla.jss.netscape.security.util.BitArray)4 AuthorityKeyIdentifierExtension (org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)4 KeyIdentifier (org.mozilla.jss.netscape.security.x509.KeyIdentifier)4 ByteArrayOutputStream (java.io.ByteArrayOutputStream)3 InvalidKeyException (java.security.InvalidKeyException)3 BigInt (org.mozilla.jss.netscape.security.util.BigInt)3 GeneralName (org.mozilla.jss.netscape.security.x509.GeneralName)3 CertificateException (java.security.cert.CertificateException)2