Example 1 with BitArray
use of sun.security.util.BitArray in project OpenAM by OpenRock.
the class IssuingDistributionPointExtension method encodeThis.
// Encode this extension value
private void encodeThis() throws IOException {
if (onlyContainsUserCerts && onlyContainsCACerts) {
throw new IOException("onlyContainsUserCerts and " + "onlyContainsCACerts can't both be true");
}
DerOutputStream tagged = new DerOutputStream();
// NOTE: only one of pointNames and pointRDN can be set
if ((fullName != null) || (relativeName != null)) {
DerOutputStream distributionPoint = new DerOutputStream();
if (fullName != null) {
DerOutputStream derOut = new DerOutputStream();
fullName.encode(derOut);
distributionPoint.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, true, TAG_FULL_NAME), derOut);
} else if (relativeName != null) {
DerOutputStream derOut = new DerOutputStream();
encodeRDN(relativeName, derOut);
distributionPoint.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, true, TAG_REL_NAME), derOut);
}
tagged.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, TAG_DIST_PT), distributionPoint);
}
if (onlyContainsUserCerts) {
DerOutputStream doOnlyContainsUserCerts = new DerOutputStream();
doOnlyContainsUserCerts.putBoolean(onlyContainsUserCerts);
tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_ONLY_USER_CERTS), doOnlyContainsUserCerts);
}
if (onlyContainsCACerts) {
DerOutputStream doOnlyContainsCACerts = new DerOutputStream();
doOnlyContainsCACerts.putBoolean(onlyContainsCACerts);
tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_ONLY_CA_CERTS), doOnlyContainsCACerts);
}
if (reasonFlags != null) {
DerOutputStream reasons = new DerOutputStream();
BitArray rf = new BitArray(reasonFlags);
reasons.putUnalignedBitString(rf);
tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_REASONS), reasons);
}
if (indirectCRL) {
DerOutputStream doIndirectCRL = new DerOutputStream();
doIndirectCRL.putBoolean(indirectCRL);
tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_INDIRECT_CRL), doIndirectCRL);
}
this.extensionValue = tagged.toByteArray();
}
Also used :
DerOutputStream(sun.security.util.DerOutputStream)
IOException(java.io.IOException)
BitArray(sun.security.util.BitArray)
Example 2 with BitArray
use of sun.security.util.BitArray in project jdk8u_jdk by JetBrains.
the class NotPreferredMech method main.
public static void main(String[] argv) throws Exception {
// Generates a NegTokenInit mechTypes field, with an
// unsupported mech as the preferred.
DerOutputStream mech = new DerOutputStream();
mech.write(new Oid("1.2.3.4").getDER());
mech.write(GSSUtil.GSS_KRB5_MECH_OID.getDER());
DerOutputStream mechTypeList = new DerOutputStream();
mechTypeList.write(DerValue.tag_Sequence, mech);
// Generates a NegTokenInit mechToken field for 1.2.3.4 mech
GSSHeader h1 = new GSSHeader(new ObjectIdentifier("1.2.3.4"), 1);
ByteArrayOutputStream bout = new ByteArrayOutputStream();
h1.encode(bout);
bout.write(new byte[1]);
// Generates the NegTokenInit token
Constructor<NegTokenInit> ctor = NegTokenInit.class.getDeclaredConstructor(byte[].class, BitArray.class, byte[].class, byte[].class);
ctor.setAccessible(true);
NegTokenInit initToken = ctor.newInstance(mechTypeList.toByteArray(), new BitArray(0), bout.toByteArray(), null);
Method m = Class.forName("sun.security.jgss.spnego.SpNegoToken").getDeclaredMethod("getEncoded");
m.setAccessible(true);
byte[] spnegoToken = (byte[]) m.invoke(initToken);
// and wraps it into a GSSToken
GSSHeader h = new GSSHeader(new ObjectIdentifier(GSSUtil.GSS_SPNEGO_MECH_OID.toString()), spnegoToken.length);
bout = new ByteArrayOutputStream();
h.encode(bout);
bout.write(spnegoToken);
byte[] token = bout.toByteArray();
// and feeds it to a GSS acceptor
GSSManager man = GSSManager.getInstance();
GSSContext ctxt = man.createContext((GSSCredential) null);
token = ctxt.acceptSecContext(token, 0, token.length);
NegTokenTarg targ = new NegTokenTarg(token);
// Make sure it's a GO-ON message
Method m2 = NegTokenTarg.class.getDeclaredMethod("getNegotiatedResult");
m2.setAccessible(true);
int negResult = (int) m2.invoke(targ);
if (negResult != 1) /* ACCEPT_INCOMPLETE */
{
throw new Exception("Not a continue");
}
}
Also used :
NegTokenTarg(sun.security.jgss.spnego.NegTokenTarg)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Method(java.lang.reflect.Method)
DerOutputStream(sun.security.util.DerOutputStream)
NegTokenInit(sun.security.jgss.spnego.NegTokenInit)
BitArray(sun.security.util.BitArray)
ObjectIdentifier(sun.security.util.ObjectIdentifier)
Example 3 with BitArray
use of sun.security.util.BitArray in project jdk8u_jdk by JetBrains.
the class IPAddressName method getName.
/**
* Return a standard String representation of IPAddress.
* See IPAddressName(String) for the formats used for IPv4
* and IPv6 addresses.
*
* @throws IOException if the IPAddress cannot be converted to a String
*/
public String getName() throws IOException {
if (name != null)
return name;
if (isIPv4) {
//IPv4 address or subdomain
byte[] host = new byte[4];
System.arraycopy(address, 0, host, 0, 4);
name = InetAddress.getByAddress(host).getHostAddress();
if (address.length == 8) {
byte[] mask = new byte[4];
System.arraycopy(address, 4, mask, 0, 4);
name = name + "/" + InetAddress.getByAddress(mask).getHostAddress();
}
} else {
//IPv6 address or subdomain
byte[] host = new byte[16];
System.arraycopy(address, 0, host, 0, 16);
name = InetAddress.getByAddress(host).getHostAddress();
if (address.length == 32) {
// IPv6 subdomain: display prefix length
// copy subdomain into new array and convert to BitArray
byte[] maskBytes = new byte[16];
for (int i = 16; i < 32; i++) maskBytes[i - 16] = address[i];
BitArray ba = new BitArray(16 * 8, maskBytes);
// Find first zero bit
int i = 0;
for (; i < 16 * 8; i++) {
if (!ba.get(i))
break;
}
name = name + "/" + i;
// Verify remaining bits 0
for (; i < 16 * 8; i++) {
if (ba.get(i)) {
throw new IOException("Invalid IPv6 subdomain - set " + "bit " + i + " not contiguous");
}
}
}
}
return name;
}
Also used :
BitArray(sun.security.util.BitArray)
IOException(java.io.IOException)
Example 4 with BitArray
use of sun.security.util.BitArray in project jdk8u_jdk by JetBrains.
the class SpnegoReqFlags method go.
void go() throws Exception {
Context c = Context.fromJAAS("client");
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID);
byte[] token = c.doAs(new Action() {
@Override
public byte[] run(Context me, byte[] input) throws Exception {
me.x().requestCredDeleg(true);
me.x().requestReplayDet(false);
me.x().requestSequenceDet(false);
return me.x().initSecContext(new byte[0], 0, 0);
}
}, null);
// GSSToken
DerValue d = new DerValue(token);
// OID + mech token
DerInputStream ins = d.data;
// skip OID
d.data.getDerValue();
// NegTokenInit
d = d.data.getDerValue();
// The SEQUENCE inside
d = d.data.getDerValue();
boolean found = false;
// is optional. It's even not recommended in RFC 4178.
while (d.data.available() > 0) {
DerValue d2 = d.data.getDerValue();
if (d2.isContextSpecific((byte) 1)) {
found = true;
System.out.println("regFlags field located.");
BitArray ba = d2.data.getUnalignedBitString();
if (ba.length() != 7) {
throw new Exception("reqFlags should contain 7 bits");
}
if (!ba.get(0)) {
throw new Exception("delegFlag should be true");
}
if (ba.get(2) || ba.get(3)) {
throw new Exception("replay/sequenceFlag should be false");
}
}
}
if (!found) {
System.out.println("Warning: regFlags field not found, too new?");
}
c.dispose();
}
Also used :
DerValue(sun.security.util.DerValue)
DerInputStream(sun.security.util.DerInputStream)
BitArray(sun.security.util.BitArray)
Example 5 with BitArray
use of sun.security.util.BitArray in project Bytecoder by mirkosertic.
the class IPAddressName method getName.
/**
* Return a standard String representation of IPAddress.
* See IPAddressName(String) for the formats used for IPv4
* and IPv6 addresses.
*
* @throws IOException if the IPAddress cannot be converted to a String
*/
public String getName() throws IOException {
if (name != null)
return name;
if (isIPv4) {
// IPv4 address or subdomain
byte[] host = new byte[4];
System.arraycopy(address, 0, host, 0, 4);
name = InetAddress.getByAddress(host).getHostAddress();
if (address.length == 8) {
byte[] mask = new byte[4];
System.arraycopy(address, 4, mask, 0, 4);
name = name + '/' + InetAddress.getByAddress(mask).getHostAddress();
}
} else {
// IPv6 address or subdomain
byte[] host = new byte[16];
System.arraycopy(address, 0, host, 0, 16);
name = InetAddress.getByAddress(host).getHostAddress();
if (address.length == 32) {
// IPv6 subdomain: display prefix length
// copy subdomain into new array and convert to BitArray
byte[] maskBytes = new byte[16];
for (int i = 16; i < 32; i++) maskBytes[i - 16] = address[i];
BitArray ba = new BitArray(16 * 8, maskBytes);
// Find first zero bit
int i = 0;
for (; i < 16 * 8; i++) {
if (!ba.get(i))
break;
}
name = name + '/' + i;
// Verify remaining bits 0
for (; i < 16 * 8; i++) {
if (ba.get(i)) {
throw new IOException("Invalid IPv6 subdomain - set " + "bit " + i + " not contiguous");
}
}
}
}
return name;
}
Also used :
BitArray(sun.security.util.BitArray)
IOException(java.io.IOException)
Aggregations
BitArray (sun.security.util.BitArray)15
IOException (java.io.IOException)7
DerOutputStream (sun.security.util.DerOutputStream)6
DerValue (sun.security.util.DerValue)2
ObjectIdentifier (sun.security.util.ObjectIdentifier)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
File (java.io.File)1
FileOutputStream (java.io.FileOutputStream)1
PrintWriter (java.io.PrintWriter)1
Method (java.lang.reflect.Method)1
KeyPair (java.security.KeyPair)1
KeyPairGenerator (java.security.KeyPairGenerator)1
MessageDigest (java.security.MessageDigest)1
PrivateKey (java.security.PrivateKey)1
PublicKey (java.security.PublicKey)1
Signature (java.security.Signature)1
X509Certificate (java.security.cert.X509Certificate)1
Calendar (java.util.Calendar)1
Date (java.util.Date)1
BASE64Encoder (sun.misc.BASE64Encoder)1
