Search in sources :

Example 6 with ObjectIdentifier

use of org.mozilla.jss.netscape.security.util.ObjectIdentifier in project jss by dogtagpki.

the class PKCS9Attribute method derEncode.

/**
 * Write the DER encoding of this attribute to an output stream.
 *
 * <P>
 * N.B.: This method always encodes values of ChallengePassword and UnstructuredAddress attributes as ASN.1
 * <code>PrintableString</code>s, without checking whether they should be encoded as <code>T61String</code>s.
 */
@Override
public void derEncode(OutputStream out) throws IOException {
    try (DerOutputStream temp = new DerOutputStream();
        DerOutputStream temp2 = new DerOutputStream();
        DerOutputStream derOut = new DerOutputStream()) {
        temp.putOID(getOID());
        switch(index) {
            // email address
            case 1:
            case // unstructured name
            2:
                {
                    // open scope
                    String[] values = (String[]) value;
                    DerOutputStream[] temps = new DerOutputStream[values.length];
                    for (int i = 0; i < values.length; i++) {
                        temps[i] = new DerOutputStream();
                        temps[i].putIA5String(values[i]);
                    }
                    temp.putOrderedSetOf(DerValue.tag_Set, temps);
                }
                // close scope
                break;
            case // content type
            3:
                {
                    temp2.putOID((ObjectIdentifier) value);
                    temp.write(DerValue.tag_Set, temp2.toByteArray());
                }
                break;
            case // message digest
            4:
                {
                    temp2.putOctetString((byte[]) value);
                    temp.write(DerValue.tag_Set, temp2.toByteArray());
                }
                break;
            case // signing time
            5:
                {
                    temp2.putUTCTime((Date) value);
                    temp.write(DerValue.tag_Set, temp2.toByteArray());
                }
                break;
            case // countersignature
            6:
                temp.putOrderedSetOf(DerValue.tag_Set, (DerEncoder[]) value);
                break;
            case // challenge password
            7:
                {
                    temp2.putPrintableString((String) value);
                    temp.write(DerValue.tag_Set, temp2.toByteArray());
                }
                break;
            case // unstructured address
            8:
                {
                    // open scope
                    String[] values = (String[]) value;
                    DerOutputStream[] temps = new DerOutputStream[values.length];
                    for (int i = 0; i < values.length; i++) {
                        temps[i] = new DerOutputStream();
                        temps[i].putPrintableString(values[i]);
                    }
                    temp.putOrderedSetOf(DerValue.tag_Set, temps);
                }
                // close scope
                break;
            case // extended-certificate attribute -- not
            9:
                // supported
                throw new IOException("PKCS9 extended-certificate " + "attribute not supported.");
            case // IssuerAndSerialNumber attribute -- not
            10:
                // supported
                throw new IOException("PKCS9 IssuerAndSerialNumber " + "attribute not supported.");
            case // passwordCheck attribute -- not
            11:
                // supported
                throw new IOException("PKCS9 passwordCheck " + "attribute not supported.");
            case // PublicKey attribute -- not
            12:
                // supported
                throw new IOException("PKCS9 PublicKey " + "attribute not supported.");
            case // SigningDescription attribute -- not
            13:
                // supported
                throw new IOException("PKCS9 SigningDescription " + "attribute not supported.");
            case // ExtensionRequest attribute
            14:
                try {
                    // temp2.putSequence((CertificateExtensions) value);
                    ((CertificateExtensions) value).encode(temp2);
                    temp.write(DerValue.tag_Sequence, temp2.toByteArray());
                } catch (CertificateException e) {
                    throw new IOException("PKCS9 extension attributes not encoded");
                }
            // can't happen
            default:
        }
        derOut.write(DerValue.tag_Sequence, temp.toByteArray());
        out.write(derOut.toByteArray());
    }
}
Also used : DerOutputStream(org.mozilla.jss.netscape.security.util.DerOutputStream) DerEncoder(org.mozilla.jss.netscape.security.util.DerEncoder) CertificateExtensions(org.mozilla.jss.netscape.security.x509.CertificateExtensions) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) Date(java.util.Date) ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)

Example 7 with ObjectIdentifier

use of org.mozilla.jss.netscape.security.util.ObjectIdentifier in project jss by dogtagpki.

the class PKCS9Attribute method decode.

/**
 * Decode a PKCS9 attribute.
 *
 * @param val
 *            the DerValue representing the DER encoding of the attribute.
 */
private void decode(DerValue derVal) throws IOException {
    DerInputStream derIn = new DerInputStream(derVal.toByteArray());
    DerValue[] val = derIn.getSequence(2);
    if (derIn.available() != 0)
        throw new IOException("Excess data parsing PKCS9Attribute");
    if (val.length != 2)
        throw new IOException("PKCS9Attribute doesn't have two components");
    DerValue[] elems;
    // get the oid
    ObjectIdentifier oid = val[0].getOID();
    index = indexOf(oid, PKCS9_OIDS, 1);
    Byte tag;
    if (index == -1)
        throw new IOException("Invalid OID for PKCS9 attribute: " + oid);
    elems = new DerInputStream(val[1].toByteArray()).getSet(1);
    // check single valued have only one value
    if (SINGLE_VALUED[index] && elems.length > 1)
        throwSingleValuedException();
    // check for illegal element tags
    for (int i = 0; i < elems.length; i++) {
        tag = Byte.valueOf(elems[i].tag);
        if (indexOf(tag, PKCS9_VALUE_TAGS[index], 0) == -1)
            throwTagException(tag);
    }
    switch(index) {
        // email address
        case 1:
        // unstructured name
        case 2:
        case // unstructured address
        8:
            {
                // open scope
                String[] values = new String[elems.length];
                for (int i = 0; i < elems.length; i++) values[i] = elems[i].getAsString();
                value = values;
            }
            // close scope
            break;
        case // content type
        3:
            value = elems[0].getOID();
            break;
        case // message digest
        4:
            value = elems[0].getOctetString();
            break;
        case // signing time
        5:
            value = (new DerInputStream(elems[0].toByteArray())).getUTCTime();
            break;
        case // countersignature
        6:
            {
                // open scope
                SignerInfo[] values = new SignerInfo[elems.length];
                for (int i = 0; i < elems.length; i++) values[i] = new SignerInfo(elems[i].toDerInputStream());
                value = values;
            }
            // close scope
            break;
        case // challenge password
        7:
            value = elems[0].getAsString();
            break;
        case // extended-certificate attribute -- not
        9:
            // supported
            throw new IOException("PKCS9 extended-certificate " + "attribute not supported.");
        case // IssuerAndSerialNumber attribute -- not
        10:
            // supported
            throw new IOException("PKCS9 IssuerAndSerialNumber " + "attribute not supported.");
        case // passwordCheck attribute -- not
        11:
            // supported
            throw new IOException("PKCS9 passwordCheck " + "attribute not supported.");
        case // PublicKey attribute -- not
        12:
            // supported
            throw new IOException("PKCS9 PublicKey " + "attribute not supported.");
        case // SigningDescription attribute -- not
        13:
            // supported
            throw new IOException("PKCS9 SigningDescription " + "attribute not supported.");
        case // ExtensionRequest attribute
        14:
            value = new CertificateExtensions(elems[0].toDerInputStream());
        // can't happen
        default:
    }
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) CertificateExtensions(org.mozilla.jss.netscape.security.x509.CertificateExtensions) IOException(java.io.IOException) ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)

Example 8 with ObjectIdentifier

use of org.mozilla.jss.netscape.security.util.ObjectIdentifier in project jss by dogtagpki.

the class ExtendedKeyUsageExtension method encodeExtValue.

private void encodeExtValue() throws IOException {
    DerOutputStream out = new DerOutputStream();
    DerOutputStream temp = new DerOutputStream();
    if (!oidSet.isEmpty()) {
        Enumeration<ObjectIdentifier> oidList = oidSet.elements();
        try {
            while (oidList.hasMoreElements()) {
                temp.putOID(oidList.nextElement());
            }
        } catch (IOException ex) {
            ex.printStackTrace();
        }
    }
    try {
        out.write(DerValue.tag_Sequence, temp);
    } catch (IOException ex) {
    } finally {
        out.close();
    }
    extensionValue = out.toByteArray();
}
Also used : DerOutputStream(org.mozilla.jss.netscape.security.util.DerOutputStream) IOException(java.io.IOException) ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)

Example 9 with ObjectIdentifier

use of org.mozilla.jss.netscape.security.util.ObjectIdentifier in project jss by dogtagpki.

the class LdapV3DNStrConverter method encodeAVA.

/**
 * Converts a AVA to a Ldap v3 DN String (except in unicode).
 *
 * @param ava an AVA
 *
 * @return a Ldap v3 DN string (except in unicode).
 *
 * @exception IOException If an error is encountered during exception.
 */
@Override
public String encodeAVA(AVA ava) throws IOException {
    if (ava == null) {
        return "";
    }
    ObjectIdentifier oid = ava.getOid();
    DerValue value = ava.getValue();
    String keyword, valueStr;
    // get attribute name
    keyword = encodeOID(oid);
    valueStr = encodeValue(value, oid);
    return keyword + "=" + valueStr;
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)

Example 10 with ObjectIdentifier

use of org.mozilla.jss.netscape.security.util.ObjectIdentifier in project jss by dogtagpki.

the class OIDMap method loadNames.

// Load the names to oid map
private static void loadNames() {
    Properties props = new Properties();
    File namesMap = certificatePropFile(EXTENSIONS_OIDS);
    if (!namesMap.exists()) {
        loadNamesDefault(props);
    } else {
        FileInputStream fis = null;
        try {
            fis = new FileInputStream(namesMap);
            props.load(fis);
        } catch (IOException e) {
            loadNamesDefault(props);
        } finally {
            if (fis != null) {
                try {
                    fis.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }
    }
    Iterator<String> names = props.stringPropertyNames().iterator();
    while (names.hasNext()) {
        String name = names.next();
        String oidName = props.getProperty(name);
        ObjectIdentifier oid = new ObjectIdentifier(oidName);
        name2OID.put(name, oid);
        oid2Name.put(oid, name);
    }
}
Also used : IOException(java.io.IOException) Properties(java.util.Properties) File(java.io.File) FileInputStream(java.io.FileInputStream) ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)

Aggregations

ObjectIdentifier (org.mozilla.jss.netscape.security.util.ObjectIdentifier)27 IOException (java.io.IOException)21 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8 CertificateException (java.security.cert.CertificateException)8 DerOutputStream (org.mozilla.jss.netscape.security.util.DerOutputStream)8 DerValue (org.mozilla.jss.netscape.security.util.DerValue)8 InvalidKeyException (java.security.InvalidKeyException)7 NoSuchProviderException (java.security.NoSuchProviderException)7 SignatureException (java.security.SignatureException)7 CertificateEncodingException (java.security.cert.CertificateEncodingException)5 CertificateExpiredException (java.security.cert.CertificateExpiredException)5 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)5 CertificateParsingException (java.security.cert.CertificateParsingException)5 DerInputStream (org.mozilla.jss.netscape.security.util.DerInputStream)5 GeneralName (org.mozilla.jss.netscape.security.x509.GeneralName)3 CRLException (java.security.cert.CRLException)2 CertificateExtensions (org.mozilla.jss.netscape.security.x509.CertificateExtensions)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 CharArrayWriter (java.io.CharArrayWriter)1 File (java.io.File)1