Search in sources :

Example 21 with ObjectIdentifier

use of org.mozilla.jss.netscape.security.util.ObjectIdentifier in project jss by dogtagpki.

the class LdapV3DNStrConverter method parseAVA.

/**
 * Like parseAVA(PushbackReader) with a DER encoding order given as
 * argument for Directory Strings.
 */
public AVA parseAVA(PushbackReader in, byte[] encodingOrder) throws IOException {
    int c;
    ObjectIdentifier oid;
    DerValue value;
    StringBuffer keywordBuf;
    StringBuffer valueBuf;
    ByteArrayOutputStream berStream;
    char hexChar1, hexChar2;
    CharArrayWriter hexCharsBuf;
    String endChars;
    /* First get the keyword indicating the attribute's type,
         * and map it to the appropriate OID.
         */
    keywordBuf = new StringBuffer();
    for (; ; ) {
        c = in.read();
        if (c == '=')
            break;
        if (c == -1) {
            throw new IOException("Bad AVA format: Missing '='");
        }
        keywordBuf.append((char) c);
    }
    oid = parseAVAKeyword(keywordBuf.toString());
    /* Now parse the value.  "#hex", a quoted string, or a string
             * terminated by "+", ",", ";", ">".  Whitespace before or after
             * the value is stripped.
             */
    for (c = in.read(); c == ' '; c = in.read()) continue;
    if (c == -1)
        throw new IOException("Bad AVA format: Missing attribute value");
    if (c == '#') {
        /*
             * NOTE per LDAPv3 dn string ietf standard the value represented
             * by this form is a BER value. But we only support DER value here
             * which is only a form of BER.
             */
        berStream = new ByteArrayOutputStream();
        int b;
        for (; ; ) {
            hexChar1 = (char) (c = in.read());
            if (// end of value
            c == -1 || octoEndChars.indexOf(c) > 0)
                break;
            hexChar2 = (char) (c = in.read());
            if (hexDigits.indexOf(hexChar1) == -1 || hexDigits.indexOf(hexChar2) == -1)
                throw new IOException("Bad AVA value: bad hex value.");
            b = (Character.digit(hexChar1, 16) << 4) + Character.digit(hexChar2, 16);
            berStream.write(b);
        }
        if (berStream.size() == 0)
            throw new IOException("bad AVA format: invalid hex value");
        value = parseAVAValue(berStream.toByteArray(), oid);
        while (c == ' ' && c != -1) c = in.read();
    } else {
        valueBuf = new StringBuffer();
        boolean quoted = false;
        if (c == '"') {
            quoted = true;
            endChars = quotedEndChars;
            if ((c = in.read()) == -1)
                throw new IOException("Bad AVA format: Missing attrValue");
        } else {
            endChars = valueEndChars;
        }
        // pair = '\' ( special | '\' | QUOTATION | hexpair )
        while (c != -1 && endChars.indexOf(c) == -1) {
            if (c == '\\') {
                if ((c = in.read()) == -1)
                    throw new IOException("Bad AVA format: expecting " + "escaped char.");
                // expect escaping of special chars, space and CR.
                if (specialChars.indexOf((char) c) != -1 || c == '\n' || c == '\\' || c == '"' || c == ' ') {
                    valueBuf.append((char) c);
                } else if (hexDigits.indexOf(c) != -1) {
                    hexCharsBuf = new CharArrayWriter();
                    // handle sequence of '\' hexpair
                    do {
                        hexChar1 = (char) c;
                        hexChar2 = (char) (c = in.read());
                        if (hexDigits.indexOf((char) c) == -1)
                            throw new IOException("Bad AVA format: " + "invalid escaped hex pair");
                        hexCharsBuf.write(hexChar1);
                        hexCharsBuf.write(hexChar2);
                        // read ahead to next '\' hex-char if any.
                        if ((c = in.read()) == -1)
                            break;
                        if (c != '\\') {
                            in.unread(c);
                            break;
                        }
                        if ((c = in.read()) == -1)
                            throw new IOException("Bad AVA format: " + "expecting escaped char.");
                        if (hexDigits.indexOf((char) c) == -1) {
                            in.unread(c);
                            in.unread('\\');
                            break;
                        }
                    } while (true);
                    valueBuf.append(getStringFromHexpairs(hexCharsBuf.toCharArray()));
                } else {
                    throw new IOException("Bad AVA format: " + "invalid escaping");
                }
            } else
                valueBuf.append((char) c);
            c = in.read();
        }
        value = parseAVAValue(valueBuf.toString().trim(), oid, encodingOrder);
        if (quoted) {
            // move to next non-white space
            do {
                c = in.read();
            } while (c == ' ');
            if (c != -1 && valueEndChars.indexOf(c) == -1)
                throw new IOException("Bad AVA format: separator expected at end of ava.");
        }
    }
    if (c != -1)
        in.unread(c);
    return new AVA(oid, value);
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) CharArrayWriter(java.io.CharArrayWriter) ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)

Example 22 with ObjectIdentifier

use of org.mozilla.jss.netscape.security.util.ObjectIdentifier in project jss by dogtagpki.

the class X509CertImpl method getBasicConstraints.

/**
 * Get the certificate constraints path length from the
 * the critical BasicConstraints extension, (oid = 2.5.29.19).
 *
 * @return the length of the constraint.
 */
@Override
public int getBasicConstraints() {
    try {
        String extAlias = OIDMap.getName(new ObjectIdentifier(BASIC_CONSTRAINT_OID));
        if (extAlias == null)
            return -1;
        BasicConstraintsExtension certExt = (BasicConstraintsExtension) this.get(extAlias);
        if (certExt == null)
            return -1;
        if (((Boolean) certExt.get(BasicConstraintsExtension.IS_CA)).booleanValue() == true)
            return ((Integer) certExt.get(BasicConstraintsExtension.PATH_LEN)).intValue();
        else
            return -1;
    } catch (Exception e) {
        return -1;
    }
}
Also used : CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateParsingException(java.security.cert.CertificateParsingException) CertificateExpiredException(java.security.cert.CertificateExpiredException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) NoSuchProviderException(java.security.NoSuchProviderException) CertificateEncodingException(java.security.cert.CertificateEncodingException) ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)

Example 23 with ObjectIdentifier

use of org.mozilla.jss.netscape.security.util.ObjectIdentifier in project jss by dogtagpki.

the class X509CertImpl method getExtensionValue.

/**
 * Gets the DER encoded extension identified by the passed
 * in oid String.
 *
 * @param oid the Object Identifier value for the extension.
 */
@Override
public byte[] getExtensionValue(String oid) {
    DerOutputStream out = null;
    try {
        String extAlias = OIDMap.getName(new ObjectIdentifier(oid));
        Extension certExt = null;
        if (extAlias == null) {
            // may be unknown
            // get the extensions, search thru' for this oid
            CertificateExtensions exts = (CertificateExtensions) info.get(CertificateExtensions.NAME);
            if (exts == null)
                return null;
            ObjectIdentifier findOID = new ObjectIdentifier(oid);
            Extension ex = null;
            ;
            ObjectIdentifier inCertOID;
            for (Enumeration<Extension> e = exts.getAttributes(); e.hasMoreElements(); ) {
                ex = e.nextElement();
                inCertOID = ex.getExtensionId();
                if (inCertOID.equals(findOID)) {
                    certExt = ex;
                    break;
                }
            }
        } else {
            // there's sub-class that can handle this extension
            certExt = (Extension) this.get(extAlias);
        }
        if (certExt == null)
            return null;
        byte[] extData = certExt.getExtensionValue();
        if (extData == null)
            return null;
        out = new DerOutputStream();
        out.putOctetString(extData);
        return out.toByteArray();
    } catch (Exception e) {
        return null;
    } finally {
        if (out != null) {
            try {
                out.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
}
Also used : DerOutputStream(org.mozilla.jss.netscape.security.util.DerOutputStream) IOException(java.io.IOException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateParsingException(java.security.cert.CertificateParsingException) CertificateExpiredException(java.security.cert.CertificateExpiredException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) NoSuchProviderException(java.security.NoSuchProviderException) CertificateEncodingException(java.security.cert.CertificateEncodingException) ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)

Example 24 with ObjectIdentifier

use of org.mozilla.jss.netscape.security.util.ObjectIdentifier in project jss by dogtagpki.

the class X509CertImpl method getBasicConstraintsIsCA.

public boolean getBasicConstraintsIsCA() {
    boolean isCA = false;
    try {
        String extAlias = OIDMap.getName(new ObjectIdentifier(BASIC_CONSTRAINT_OID));
        if (extAlias == null)
            return false;
        BasicConstraintsExtension certExt = (BasicConstraintsExtension) this.get(extAlias);
        if (certExt == null)
            return false;
        isCA = ((Boolean) certExt.get(BasicConstraintsExtension.IS_CA)).booleanValue();
    } catch (Exception e) {
        return false;
    }
    return isCA;
}
Also used : CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateParsingException(java.security.cert.CertificateParsingException) CertificateExpiredException(java.security.cert.CertificateExpiredException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) NoSuchProviderException(java.security.NoSuchProviderException) CertificateEncodingException(java.security.cert.CertificateEncodingException) ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)

Example 25 with ObjectIdentifier

use of org.mozilla.jss.netscape.security.util.ObjectIdentifier in project jss by dogtagpki.

the class RevokedCertImpl method getExtensionValue.

/**
 * Gets the DER encoded OCTET string for the extension value
 * (<em>extnValue</em>) identified by the passed in oid String.
 * The <code>oid</code> string is
 * represented by a set of positive whole number separated
 * by ".", that means,<br>
 * &lt;positive whole number&gt;.&lt;positive whole number&gt;.&lt;positive
 * whole number&gt;.&lt;...&gt;
 *
 * @param oid the Object Identifier value for the extension.
 * @return the DER encoded octet string of the extension value.
 */
@Override
public byte[] getExtensionValue(String oid) {
    if (extensions == null)
        return null;
    try (DerOutputStream out = new DerOutputStream()) {
        String extAlias = OIDMap.getName(new ObjectIdentifier(oid));
        Extension crlExt = null;
        if (extAlias == null) {
            // may be unknown
            ObjectIdentifier findOID = new ObjectIdentifier(oid);
            Extension ex = null;
            ObjectIdentifier inCertOID;
            for (Enumeration<Extension> e = extensions.getElements(); e.hasMoreElements(); ) {
                ex = e.nextElement();
                inCertOID = ex.getExtensionId();
                if (inCertOID.equals(findOID)) {
                    crlExt = ex;
                    break;
                }
            }
        } else
            crlExt = extensions.get(extAlias);
        if (crlExt == null)
            return null;
        byte[] extData = crlExt.getExtensionValue();
        if (extData == null)
            return null;
        out.putOctetString(extData);
        return out.toByteArray();
    } catch (Exception e) {
        return null;
    }
}
Also used : DerOutputStream(org.mozilla.jss.netscape.security.util.DerOutputStream) IOException(java.io.IOException) CRLException(java.security.cert.CRLException) ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)

Aggregations

ObjectIdentifier (org.mozilla.jss.netscape.security.util.ObjectIdentifier)27 IOException (java.io.IOException)21 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8 CertificateException (java.security.cert.CertificateException)8 DerOutputStream (org.mozilla.jss.netscape.security.util.DerOutputStream)8 DerValue (org.mozilla.jss.netscape.security.util.DerValue)8 InvalidKeyException (java.security.InvalidKeyException)7 NoSuchProviderException (java.security.NoSuchProviderException)7 SignatureException (java.security.SignatureException)7 CertificateEncodingException (java.security.cert.CertificateEncodingException)5 CertificateExpiredException (java.security.cert.CertificateExpiredException)5 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)5 CertificateParsingException (java.security.cert.CertificateParsingException)5 DerInputStream (org.mozilla.jss.netscape.security.util.DerInputStream)5 GeneralName (org.mozilla.jss.netscape.security.x509.GeneralName)3 CRLException (java.security.cert.CRLException)2 CertificateExtensions (org.mozilla.jss.netscape.security.x509.CertificateExtensions)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 CharArrayWriter (java.io.CharArrayWriter)1 File (java.io.File)1