use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.
the class X509CertImpl method parse.
/**
*********************************************************
*/
/*
* Cert is a SIGNED ASN.1 macro, a three elment sequence:
*
* - Data to be signed (ToBeSigned) -- the "raw" cert
* - Signature algorithm (SigAlgId)
* - The signature bits
*
* This routine unmarshals the certificate, saving the signature
* parts away for later verification.
*/
private void parse(DerValue val) throws CertificateException, IOException {
// check if can over write the certificate
if (readOnly)
throw new CertificateParsingException("Cannot overwrite existing certificate");
readOnly = true;
DerValue[] seq = new DerValue[3];
seq[0] = val.data.getDerValue();
seq[1] = val.data.getDerValue();
seq[2] = val.data.getDerValue();
if (val.data.available() != 0) {
throw new CertificateParsingException("signed overrun, bytes = " + val.data.available());
}
if (seq[0].tag != DerValue.tag_Sequence) {
throw new CertificateParsingException("signed fields invalid");
}
algId = AlgorithmId.parse(seq[1]);
signature = seq[2].getBitString();
if (seq[1].data.available() != 0) {
throw new CertificateParsingException("algid field overrun");
}
if (seq[2].data.available() != 0)
throw new CertificateParsingException("signed fields overrun");
// The CertificateInfo
if (info == null) {
info = new X509CertInfo(seq[0]);
}
}
use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.
the class SubjectDirAttributesExtension method decodeThis.
// Decode this extension value
private void decodeThis(DerValue derVal) throws IOException {
if (derVal.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding for " + "Subject Directory Attribute extension.");
}
if (derVal.data.available() == 0) {
throw new IOException(NAME + " No data available in " + "passed DER encoded value.");
}
// Decode all the Attributes
while (derVal.data.available() != 0) {
DerValue encAttr = derVal.data.getDerValue();
Attribute attr = new Attribute(encAttr);
attrList.addElement(attr);
}
}
use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.
the class SubjectDirAttributesExtension method decode.
/**
* Decode the extension from the InputStream.
*
* @param in the InputStream to unmarshal the contents from.
* @exception IOException on decoding or validity errors.
*/
@Override
public void decode(InputStream in) throws IOException {
DerValue val = new DerValue(in);
decodeThis(val);
}
use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.
the class PKCS8Key method decode.
/**
* Initialize an PKCS8Key object from an input stream. The data
* on that input stream must be encoded using DER, obeying the
* PKCS#8 format: a sequence consisting of a version, an algorithm
* ID and a bit string which holds the key. (That bit string is
* often used to encapsulate another DER encoded sequence.)
*
* <P>
* Subclasses should not normally redefine this method; they should instead provide a <code>parseKeyBits</code>
* method to parse any fields inside the <code>key</code> member.
*
* @param in an input stream with a DER-encoded PKCS#8
* SubjectPublicKeyInfo value
*
* @exception InvalidKeyException if a parsing error occurs.
*/
public void decode(InputStream in) throws InvalidKeyException {
DerValue val;
try {
val = new DerValue(in);
if (val.tag != DerValue.tag_Sequence)
throw new InvalidKeyException("invalid key format");
BigInteger version = val.data.getInteger().toBigInteger();
if (!version.equals(PKCS8Key.VERSION)) {
throw new IOException("version mismatch: (supported: " + PKCS8Key.VERSION + ", parsed: " + version);
}
algid = AlgorithmId.parse(val.data.getDerValue());
key = val.data.getOctetString();
parseKeyBits();
if (val.data.available() != 0)
throw new InvalidKeyException("excess key data");
} catch (IOException e) {
// e.printStackTrace ();
throw new InvalidKeyException("IOException : " + e.getMessage());
}
}
use of org.mozilla.jss.netscape.security.util.DerValue in project jss by dogtagpki.
the class PKCS7 method encodeSignedData.
/**
* Encodes the signed data to a DerOutputStream.
*
* @param out the DerOutputStream to write the encoded data to.
* @exception IOException on encoding errors.
*/
public void encodeSignedData(DerOutputStream out, boolean sort) throws IOException {
DerOutputStream signedData = new DerOutputStream();
// version
signedData.putInteger(version);
// digestAlgorithmIds
signedData.putOrderedSetOf(DerValue.tag_Set, digestAlgorithmIds);
// contentInfo
contentInfo.encode(signedData);
// cast to X509CertImpl[] since X509CertImpl implements DerEncoder
X509CertImpl[] implCerts = new X509CertImpl[certificates.length];
try {
for (int i = 0; i < certificates.length; i++) {
implCerts[i] = (X509CertImpl) certificates[i];
}
} catch (ClassCastException e) {
throw new IOException("Certificates in PKCS7 must be of class " + "org.mozilla.jss.netscape.security.X509CertImpl: " + e.getMessage(), e);
}
// to the signed data
if (sort) {
signedData.putOrderedSetOf((byte) 0xA0, implCerts);
} else {
signedData.putSet((byte) 0xA0, implCerts);
}
// no crls (OPTIONAL field)
// signerInfos
signedData.putOrderedSetOf(DerValue.tag_Set, signerInfos);
// making it a signed data block
DerValue signedDataSeq = new DerValue(DerValue.tag_Sequence, signedData.toByteArray());
// making it a content info sequence
ContentInfo block = new ContentInfo(ContentInfo.SIGNED_DATA_OID, signedDataSeq);
// writing out the contentInfo sequence
block.encode(out);
}
Aggregations