Search in sources :

Example 16 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project j2objc by google.

the class PKCS7 method encodeSignedData.

/**
 * Encodes the signed data to a DerOutputStream.
 *
 * @param out the DerOutputStream to write the encoded data to.
 * @exception IOException on encoding errors.
 */
public void encodeSignedData(DerOutputStream out) throws IOException {
    DerOutputStream signedData = new DerOutputStream();
    // version
    signedData.putInteger(version);
    // digestAlgorithmIds
    signedData.putOrderedSetOf(DerValue.tag_Set, digestAlgorithmIds);
    // contentInfo
    contentInfo.encode(signedData);
    // certificates (optional)
    if (certificates != null && certificates.length != 0) {
        // cast to X509CertImpl[] since X509CertImpl implements DerEncoder
        X509CertImpl[] implCerts = new X509CertImpl[certificates.length];
        for (int i = 0; i < certificates.length; i++) {
            if (certificates[i] instanceof X509CertImpl)
                implCerts[i] = (X509CertImpl) certificates[i];
            else {
                try {
                    byte[] encoded = certificates[i].getEncoded();
                    implCerts[i] = new X509CertImpl(encoded);
                } catch (CertificateException ce) {
                    throw new IOException(ce);
                }
            }
        }
        // Add the certificate set (tagged with [0] IMPLICIT)
        // to the signed data
        signedData.putOrderedSetOf((byte) 0xA0, implCerts);
    }
    // CRLs (optional)
    if (crls != null && crls.length != 0) {
        // cast to X509CRLImpl[] since X509CRLImpl implements DerEncoder
        Set<X509CRLImpl> implCRLs = new HashSet<X509CRLImpl>(crls.length);
        for (X509CRL crl : crls) {
            if (crl instanceof X509CRLImpl)
                implCRLs.add((X509CRLImpl) crl);
            else {
                try {
                    byte[] encoded = crl.getEncoded();
                    implCRLs.add(new X509CRLImpl(encoded));
                } catch (CRLException ce) {
                    throw new IOException(ce);
                }
            }
        }
        // Add the CRL set (tagged with [1] IMPLICIT)
        // to the signed data
        signedData.putOrderedSetOf((byte) 0xA1, implCRLs.toArray(new X509CRLImpl[implCRLs.size()]));
    }
    // signerInfos
    signedData.putOrderedSetOf(DerValue.tag_Set, signerInfos);
    // making it a signed data block
    DerValue signedDataSeq = new DerValue(DerValue.tag_Sequence, signedData.toByteArray());
    // making it a content info sequence
    ContentInfo block = new ContentInfo(ContentInfo.SIGNED_DATA_OID, signedDataSeq);
    // writing out the contentInfo sequence
    block.encode(out);
}
Also used : X509CRL(java.security.cert.X509CRL) CertificateException(java.security.cert.CertificateException) X509CertImpl(sun.security.x509.X509CertImpl) X509CRLImpl(sun.security.x509.X509CRLImpl) CRLException(java.security.cert.CRLException)

Example 17 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project j2objc by google.

the class PKCS7 method parseOldSignedData.

/*
     * Parses an old-style SignedData encoding (for backwards
     * compatibility with JDK1.1.x).
     */
private void parseOldSignedData(DerValue val) throws ParsingException, IOException {
    DerInputStream dis = val.toDerInputStream();
    // Version
    version = dis.getBigInteger();
    // digestAlgorithmIds
    DerValue[] digestAlgorithmIdVals = dis.getSet(1);
    int len = digestAlgorithmIdVals.length;
    digestAlgorithmIds = new AlgorithmId[len];
    try {
        for (int i = 0; i < len; i++) {
            DerValue oid = digestAlgorithmIdVals[i];
            digestAlgorithmIds[i] = AlgorithmId.parse(oid);
        }
    } catch (IOException e) {
        throw new ParsingException("Error parsing digest AlgorithmId IDs");
    }
    // contentInfo
    contentInfo = new ContentInfo(dis, true);
    // certificates
    CertificateFactory certfac = null;
    try {
        certfac = CertificateFactory.getInstance("X.509");
    } catch (CertificateException ce) {
    // do nothing
    }
    DerValue[] certVals = dis.getSet(2, false, true);
    len = certVals.length;
    certificates = new X509Certificate[len];
    for (int i = 0; i < len; i++) {
        ByteArrayInputStream bais = null;
        try {
            byte[] original = certVals[i].getOriginalEncodedForm();
            if (certfac == null)
                certificates[i] = new X509CertImpl(certVals[i], original);
            else {
                bais = new ByteArrayInputStream(original);
                certificates[i] = new VerbatimX509Certificate((X509Certificate) certfac.generateCertificate(bais), original);
                bais.close();
                bais = null;
            }
        } catch (CertificateException ce) {
            ParsingException pe = new ParsingException(ce.getMessage());
            pe.initCause(ce);
            throw pe;
        } catch (IOException ioe) {
            ParsingException pe = new ParsingException(ioe.getMessage());
            pe.initCause(ioe);
            throw pe;
        } finally {
            if (bais != null)
                bais.close();
        }
    }
    // crls are ignored.
    dis.getSet(0);
    // signerInfos
    DerValue[] signerInfoVals = dis.getSet(1);
    len = signerInfoVals.length;
    signerInfos = new SignerInfo[len];
    for (int i = 0; i < len; i++) {
        DerInputStream in = signerInfoVals[i].toDerInputStream();
        signerInfos[i] = new SignerInfo(in, true);
    }
}
Also used : CertificateException(java.security.cert.CertificateException) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) CertificateParsingException(java.security.cert.CertificateParsingException) X509CertImpl(sun.security.x509.X509CertImpl)

Example 18 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project j2objc by google.

the class PKCS7 method parseSignedData.

private void parseSignedData(DerValue val) throws ParsingException, IOException {
    DerInputStream dis = val.toDerInputStream();
    // Version
    version = dis.getBigInteger();
    // digestAlgorithmIds
    DerValue[] digestAlgorithmIdVals = dis.getSet(1);
    int len = digestAlgorithmIdVals.length;
    digestAlgorithmIds = new AlgorithmId[len];
    try {
        for (int i = 0; i < len; i++) {
            DerValue oid = digestAlgorithmIdVals[i];
            digestAlgorithmIds[i] = AlgorithmId.parse(oid);
        }
    } catch (IOException e) {
        ParsingException pe = new ParsingException("Error parsing digest AlgorithmId IDs: " + e.getMessage());
        pe.initCause(e);
        throw pe;
    }
    // contentInfo
    contentInfo = new ContentInfo(dis);
    CertificateFactory certfac = null;
    try {
        certfac = CertificateFactory.getInstance("X.509");
    } catch (CertificateException ce) {
    // do nothing
    }
    /*
         * check if certificates (implicit tag) are provided
         * (certificates are OPTIONAL)
         */
    if ((byte) (dis.peekByte()) == (byte) 0xA0) {
        DerValue[] certVals = dis.getSet(2, true, true);
        len = certVals.length;
        certificates = new X509Certificate[len];
        int count = 0;
        for (int i = 0; i < len; i++) {
            ByteArrayInputStream bais = null;
            try {
                byte tag = certVals[i].getTag();
                // CertificateChoices ignored.
                if (tag == DerValue.tag_Sequence) {
                    byte[] original = certVals[i].getOriginalEncodedForm();
                    if (certfac == null) {
                        certificates[count] = new X509CertImpl(certVals[i], original);
                    } else {
                        bais = new ByteArrayInputStream(original);
                        certificates[count] = new VerbatimX509Certificate((X509Certificate) certfac.generateCertificate(bais), original);
                        bais.close();
                        bais = null;
                    }
                    count++;
                }
            } catch (CertificateException ce) {
                ParsingException pe = new ParsingException(ce.getMessage());
                pe.initCause(ce);
                throw pe;
            } catch (IOException ioe) {
                ParsingException pe = new ParsingException(ioe.getMessage());
                pe.initCause(ioe);
                throw pe;
            } finally {
                if (bais != null)
                    bais.close();
            }
        }
        if (count != len) {
            certificates = Arrays.copyOf(certificates, count);
        }
    }
    // check if crls (implicit tag) are provided (crls are OPTIONAL)
    if ((byte) (dis.peekByte()) == (byte) 0xA1) {
        DerValue[] crlVals = dis.getSet(1, true);
        len = crlVals.length;
        crls = new X509CRL[len];
        for (int i = 0; i < len; i++) {
            ByteArrayInputStream bais = null;
            try {
                if (certfac == null)
                    crls[i] = new X509CRLImpl(crlVals[i]);
                else {
                    byte[] encoded = crlVals[i].toByteArray();
                    bais = new ByteArrayInputStream(encoded);
                    crls[i] = (X509CRL) certfac.generateCRL(bais);
                    bais.close();
                    bais = null;
                }
            } catch (CRLException e) {
                ParsingException pe = new ParsingException(e.getMessage());
                pe.initCause(e);
                throw pe;
            } finally {
                if (bais != null)
                    bais.close();
            }
        }
    }
    // signerInfos
    DerValue[] signerInfoVals = dis.getSet(1);
    len = signerInfoVals.length;
    signerInfos = new SignerInfo[len];
    for (int i = 0; i < len; i++) {
        DerInputStream in = signerInfoVals[i].toDerInputStream();
        signerInfos[i] = new SignerInfo(in);
    }
}
Also used : CertificateException(java.security.cert.CertificateException) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) CertificateParsingException(java.security.cert.CertificateParsingException) X509CertImpl(sun.security.x509.X509CertImpl) X509CRLImpl(sun.security.x509.X509CRLImpl) CRLException(java.security.cert.CRLException)

Example 19 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project j2objc by google.

the class PolicyChecker method checkPolicy.

/**
 * Internal method to run through all the checks.
 *
 * @param currCert the certificate to be processed
 * @exception CertPathValidatorException Exception thrown if
 * the certificate does not verify
 */
private void checkPolicy(X509Certificate currCert) throws CertPathValidatorException {
    String msg = "certificate policies";
    if (debug != null) {
        debug.println("PolicyChecker.checkPolicy() ---checking " + msg + "...");
        debug.println("PolicyChecker.checkPolicy() certIndex = " + certIndex);
        debug.println("PolicyChecker.checkPolicy() BEFORE PROCESSING: " + "explicitPolicy = " + explicitPolicy);
        debug.println("PolicyChecker.checkPolicy() BEFORE PROCESSING: " + "policyMapping = " + policyMapping);
        debug.println("PolicyChecker.checkPolicy() BEFORE PROCESSING: " + "inhibitAnyPolicy = " + inhibitAnyPolicy);
        debug.println("PolicyChecker.checkPolicy() BEFORE PROCESSING: " + "policyTree = " + rootNode);
    }
    X509CertImpl currCertImpl = null;
    try {
        currCertImpl = X509CertImpl.toImpl(currCert);
    } catch (CertificateException ce) {
        throw new CertPathValidatorException(ce);
    }
    boolean finalCert = (certIndex == certPathLen);
    rootNode = processPolicies(certIndex, initPolicies, explicitPolicy, policyMapping, inhibitAnyPolicy, rejectPolicyQualifiers, rootNode, currCertImpl, finalCert);
    if (!finalCert) {
        explicitPolicy = mergeExplicitPolicy(explicitPolicy, currCertImpl, finalCert);
        policyMapping = mergePolicyMapping(policyMapping, currCertImpl);
        inhibitAnyPolicy = mergeInhibitAnyPolicy(inhibitAnyPolicy, currCertImpl);
    }
    certIndex++;
    if (debug != null) {
        debug.println("PolicyChecker.checkPolicy() AFTER PROCESSING: " + "explicitPolicy = " + explicitPolicy);
        debug.println("PolicyChecker.checkPolicy() AFTER PROCESSING: " + "policyMapping = " + policyMapping);
        debug.println("PolicyChecker.checkPolicy() AFTER PROCESSING: " + "inhibitAnyPolicy = " + inhibitAnyPolicy);
        debug.println("PolicyChecker.checkPolicy() AFTER PROCESSING: " + "policyTree = " + rootNode);
        debug.println("PolicyChecker.checkPolicy() " + msg + " verified");
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) X509CertImpl(sun.security.x509.X509CertImpl) CertificateException(java.security.cert.CertificateException)

Example 20 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project j2objc by google.

the class ConstraintsChecker method mergeNameConstraints.

/**
 * Helper to fold sets of name constraints together
 */
static NameConstraintsExtension mergeNameConstraints(X509Certificate currCert, NameConstraintsExtension prevNC) throws CertPathValidatorException {
    X509CertImpl currCertImpl;
    try {
        currCertImpl = X509CertImpl.toImpl(currCert);
    } catch (CertificateException ce) {
        throw new CertPathValidatorException(ce);
    }
    NameConstraintsExtension newConstraints = currCertImpl.getNameConstraintsExtension();
    if (debug != null) {
        debug.println("prevNC = " + prevNC + ", newNC = " + String.valueOf(newConstraints));
    }
    // new name constraints.
    if (prevNC == null) {
        if (debug != null) {
            debug.println("mergedNC = " + String.valueOf(newConstraints));
        }
        if (newConstraints == null) {
            return newConstraints;
        } else {
            // be sharing it with a Certificate object!
            return (NameConstraintsExtension) newConstraints.clone();
        }
    } else {
        try {
            // after merge, prevNC should contain the merged constraints
            prevNC.merge(newConstraints);
        } catch (IOException ioe) {
            throw new CertPathValidatorException(ioe);
        }
        if (debug != null) {
            debug.println("mergedNC = " + prevNC);
        }
        return prevNC;
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) X509CertImpl(sun.security.x509.X509CertImpl) CertificateException(java.security.cert.CertificateException) NameConstraintsExtension(sun.security.x509.NameConstraintsExtension) IOException(java.io.IOException)

Aggregations

X509CertImpl (sun.security.x509.X509CertImpl)92 CertificateException (java.security.cert.CertificateException)41 IOException (java.io.IOException)31 X509Certificate (java.security.cert.X509Certificate)23 CertPathValidatorException (java.security.cert.CertPathValidatorException)17 BigInteger (java.math.BigInteger)16 PublicKey (java.security.PublicKey)15 X500Name (sun.security.x509.X500Name)14 X509CertInfo (sun.security.x509.X509CertInfo)14 AlgorithmId (sun.security.x509.AlgorithmId)13 CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)13 X509CertImpl (org.mozilla.jss.netscape.security.x509.X509CertImpl)12 CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)11 CertificateValidity (sun.security.x509.CertificateValidity)11 CertificateX509Key (sun.security.x509.CertificateX509Key)11 CertificateFactory (java.security.cert.CertificateFactory)10 CertificateVersion (sun.security.x509.CertificateVersion)10 SubjectAlternativeNameExtension (sun.security.x509.SubjectAlternativeNameExtension)9 CertificateIssuerName (sun.security.x509.CertificateIssuerName)8 CertificateSubjectName (sun.security.x509.CertificateSubjectName)8