use of org.mozilla.jss.netscape.security.util.ObjectIdentifier in project jss by dogtagpki.
the class LdapV3DNStrConverter method parseAVA.
/**
* Like parseAVA(PushbackReader) with a DER encoding order given as
* argument for Directory Strings.
*/
public AVA parseAVA(PushbackReader in, byte[] encodingOrder) throws IOException {
int c;
ObjectIdentifier oid;
DerValue value;
StringBuffer keywordBuf;
StringBuffer valueBuf;
ByteArrayOutputStream berStream;
char hexChar1, hexChar2;
CharArrayWriter hexCharsBuf;
String endChars;
/* First get the keyword indicating the attribute's type,
* and map it to the appropriate OID.
*/
keywordBuf = new StringBuffer();
for (; ; ) {
c = in.read();
if (c == '=')
break;
if (c == -1) {
throw new IOException("Bad AVA format: Missing '='");
}
keywordBuf.append((char) c);
}
oid = parseAVAKeyword(keywordBuf.toString());
/* Now parse the value. "#hex", a quoted string, or a string
* terminated by "+", ",", ";", ">". Whitespace before or after
* the value is stripped.
*/
for (c = in.read(); c == ' '; c = in.read()) continue;
if (c == -1)
throw new IOException("Bad AVA format: Missing attribute value");
if (c == '#') {
/*
* NOTE per LDAPv3 dn string ietf standard the value represented
* by this form is a BER value. But we only support DER value here
* which is only a form of BER.
*/
berStream = new ByteArrayOutputStream();
int b;
for (; ; ) {
hexChar1 = (char) (c = in.read());
if (// end of value
c == -1 || octoEndChars.indexOf(c) > 0)
break;
hexChar2 = (char) (c = in.read());
if (hexDigits.indexOf(hexChar1) == -1 || hexDigits.indexOf(hexChar2) == -1)
throw new IOException("Bad AVA value: bad hex value.");
b = (Character.digit(hexChar1, 16) << 4) + Character.digit(hexChar2, 16);
berStream.write(b);
}
if (berStream.size() == 0)
throw new IOException("bad AVA format: invalid hex value");
value = parseAVAValue(berStream.toByteArray(), oid);
while (c == ' ' && c != -1) c = in.read();
} else {
valueBuf = new StringBuffer();
boolean quoted = false;
if (c == '"') {
quoted = true;
endChars = quotedEndChars;
if ((c = in.read()) == -1)
throw new IOException("Bad AVA format: Missing attrValue");
} else {
endChars = valueEndChars;
}
// pair = '\' ( special | '\' | QUOTATION | hexpair )
while (c != -1 && endChars.indexOf(c) == -1) {
if (c == '\\') {
if ((c = in.read()) == -1)
throw new IOException("Bad AVA format: expecting " + "escaped char.");
// expect escaping of special chars, space and CR.
if (specialChars.indexOf((char) c) != -1 || c == '\n' || c == '\\' || c == '"' || c == ' ') {
valueBuf.append((char) c);
} else if (hexDigits.indexOf(c) != -1) {
hexCharsBuf = new CharArrayWriter();
// handle sequence of '\' hexpair
do {
hexChar1 = (char) c;
hexChar2 = (char) (c = in.read());
if (hexDigits.indexOf((char) c) == -1)
throw new IOException("Bad AVA format: " + "invalid escaped hex pair");
hexCharsBuf.write(hexChar1);
hexCharsBuf.write(hexChar2);
// read ahead to next '\' hex-char if any.
if ((c = in.read()) == -1)
break;
if (c != '\\') {
in.unread(c);
break;
}
if ((c = in.read()) == -1)
throw new IOException("Bad AVA format: " + "expecting escaped char.");
if (hexDigits.indexOf((char) c) == -1) {
in.unread(c);
in.unread('\\');
break;
}
} while (true);
valueBuf.append(getStringFromHexpairs(hexCharsBuf.toCharArray()));
} else {
throw new IOException("Bad AVA format: " + "invalid escaping");
}
} else
valueBuf.append((char) c);
c = in.read();
}
value = parseAVAValue(valueBuf.toString().trim(), oid, encodingOrder);
if (quoted) {
// move to next non-white space
do {
c = in.read();
} while (c == ' ');
if (c != -1 && valueEndChars.indexOf(c) == -1)
throw new IOException("Bad AVA format: separator expected at end of ava.");
}
}
if (c != -1)
in.unread(c);
return new AVA(oid, value);
}
use of org.mozilla.jss.netscape.security.util.ObjectIdentifier in project jss by dogtagpki.
the class X509CertImpl method getBasicConstraints.
/**
* Get the certificate constraints path length from the
* the critical BasicConstraints extension, (oid = 2.5.29.19).
*
* @return the length of the constraint.
*/
@Override
public int getBasicConstraints() {
try {
String extAlias = OIDMap.getName(new ObjectIdentifier(BASIC_CONSTRAINT_OID));
if (extAlias == null)
return -1;
BasicConstraintsExtension certExt = (BasicConstraintsExtension) this.get(extAlias);
if (certExt == null)
return -1;
if (((Boolean) certExt.get(BasicConstraintsExtension.IS_CA)).booleanValue() == true)
return ((Integer) certExt.get(BasicConstraintsExtension.PATH_LEN)).intValue();
else
return -1;
} catch (Exception e) {
return -1;
}
}
use of org.mozilla.jss.netscape.security.util.ObjectIdentifier in project jss by dogtagpki.
the class X509CertImpl method getExtensionValue.
/**
* Gets the DER encoded extension identified by the passed
* in oid String.
*
* @param oid the Object Identifier value for the extension.
*/
@Override
public byte[] getExtensionValue(String oid) {
DerOutputStream out = null;
try {
String extAlias = OIDMap.getName(new ObjectIdentifier(oid));
Extension certExt = null;
if (extAlias == null) {
// may be unknown
// get the extensions, search thru' for this oid
CertificateExtensions exts = (CertificateExtensions) info.get(CertificateExtensions.NAME);
if (exts == null)
return null;
ObjectIdentifier findOID = new ObjectIdentifier(oid);
Extension ex = null;
;
ObjectIdentifier inCertOID;
for (Enumeration<Extension> e = exts.getAttributes(); e.hasMoreElements(); ) {
ex = e.nextElement();
inCertOID = ex.getExtensionId();
if (inCertOID.equals(findOID)) {
certExt = ex;
break;
}
}
} else {
// there's sub-class that can handle this extension
certExt = (Extension) this.get(extAlias);
}
if (certExt == null)
return null;
byte[] extData = certExt.getExtensionValue();
if (extData == null)
return null;
out = new DerOutputStream();
out.putOctetString(extData);
return out.toByteArray();
} catch (Exception e) {
return null;
} finally {
if (out != null) {
try {
out.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
use of org.mozilla.jss.netscape.security.util.ObjectIdentifier in project jss by dogtagpki.
the class X509CertImpl method getBasicConstraintsIsCA.
public boolean getBasicConstraintsIsCA() {
boolean isCA = false;
try {
String extAlias = OIDMap.getName(new ObjectIdentifier(BASIC_CONSTRAINT_OID));
if (extAlias == null)
return false;
BasicConstraintsExtension certExt = (BasicConstraintsExtension) this.get(extAlias);
if (certExt == null)
return false;
isCA = ((Boolean) certExt.get(BasicConstraintsExtension.IS_CA)).booleanValue();
} catch (Exception e) {
return false;
}
return isCA;
}
use of org.mozilla.jss.netscape.security.util.ObjectIdentifier in project jss by dogtagpki.
the class RevokedCertImpl method getExtensionValue.
/**
* Gets the DER encoded OCTET string for the extension value
* (<em>extnValue</em>) identified by the passed in oid String.
* The <code>oid</code> string is
* represented by a set of positive whole number separated
* by ".", that means,<br>
* <positive whole number>.<positive whole number>.<positive
* whole number>.<...>
*
* @param oid the Object Identifier value for the extension.
* @return the DER encoded octet string of the extension value.
*/
@Override
public byte[] getExtensionValue(String oid) {
if (extensions == null)
return null;
try (DerOutputStream out = new DerOutputStream()) {
String extAlias = OIDMap.getName(new ObjectIdentifier(oid));
Extension crlExt = null;
if (extAlias == null) {
// may be unknown
ObjectIdentifier findOID = new ObjectIdentifier(oid);
Extension ex = null;
ObjectIdentifier inCertOID;
for (Enumeration<Extension> e = extensions.getElements(); e.hasMoreElements(); ) {
ex = e.nextElement();
inCertOID = ex.getExtensionId();
if (inCertOID.equals(findOID)) {
crlExt = ex;
break;
}
}
} else
crlExt = extensions.get(extAlias);
if (crlExt == null)
return null;
byte[] extData = crlExt.getExtensionValue();
if (extData == null)
return null;
out.putOctetString(extData);
return out.toByteArray();
} catch (Exception e) {
return null;
}
}
Aggregations