Examples with DerInputStream sun.security.util.DerInputStream used on opensource projects

Example 16 with DerInputStream

use of sun.security.util.DerInputStream in project jdk8u_jdk by JetBrains.

the class X509CertSelectorTest method testSubjectAltName.

/*
     * Tests matching on the subject alternative name extension contained in the
     * certificate.
     */
private void testSubjectAltName() throws IOException {
    System.out.println("X.509 Certificate Match on subjectAltName");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    GeneralNameInterface dnsName = new DNSName("foo.com");
    DerOutputStream tmp = new DerOutputStream();
    dnsName.encode(tmp);
    selector.addSubjectAlternativeName(2, tmp.toByteArray());
    checkMatch(selector, cert, false);
    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17"));
    byte[] encoded = in.getOctetString();
    SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded);
    GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
    GeneralName name = (GeneralName) names.get(0);
    selector.setSubjectAlternativeNames(null);
    DerOutputStream tmp2 = new DerOutputStream();
    name.getName().encode(tmp2);
    selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray());
    checkMatch(selector, cert, true);
    // good match 2 (matches at least one)
    selector.setMatchAllSubjectAltNames(false);
    selector.addSubjectAlternativeName(2, "foo.com");
    checkMatch(selector, cert, true);
}

Example 17 with DerInputStream

use of sun.security.util.DerInputStream in project jdk8u_jdk by JetBrains.

the class SpnegoReqFlags method go.

void go() throws Exception {
    Context c = Context.fromJAAS("client");
    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID);
    byte[] token = c.doAs(new Action() {

        @Override
        public byte[] run(Context me, byte[] input) throws Exception {
            me.x().requestCredDeleg(true);
            me.x().requestReplayDet(false);
            me.x().requestSequenceDet(false);
            return me.x().initSecContext(new byte[0], 0, 0);
        }
    }, null);
    // GSSToken
    DerValue d = new DerValue(token);
    // OID + mech token
    DerInputStream ins = d.data;
    // skip OID
    d.data.getDerValue();
    // NegTokenInit
    d = d.data.getDerValue();
    // The SEQUENCE inside
    d = d.data.getDerValue();
    boolean found = false;
    // is optional. It's even not recommended in RFC 4178.
    while (d.data.available() > 0) {
        DerValue d2 = d.data.getDerValue();
        if (d2.isContextSpecific((byte) 1)) {
            found = true;
            System.out.println("regFlags field located.");
            BitArray ba = d2.data.getUnalignedBitString();
            if (ba.length() != 7) {
                throw new Exception("reqFlags should contain 7 bits");
            }
            if (!ba.get(0)) {
                throw new Exception("delegFlag should be true");
            }
            if (ba.get(2) || ba.get(3)) {
                throw new Exception("replay/sequenceFlag should be false");
            }
        }
    }
    if (!found) {
        System.out.println("Warning: regFlags field not found, too new?");
    }
    c.dispose();
}

Example 18 with DerInputStream

use of sun.security.util.DerInputStream in project jdk8u_jdk by JetBrains.

the class OrderAndDup method checkData.

// Check the raw data's ASN.1 structure to see if the revoked certs
// have the same number and correct order as inserted
static void checkData(X509CRLImpl c, byte[] data, BigInteger[] expected) throws Exception {
    if (c.getRevokedCertificates().size() != expected.length) {
        throw new Exception("Wrong count in CRL object, now " + c.getRevokedCertificates().size());
    }
    DerValue d1 = new DerValue(data);
    // revokedCertificates at 5th place of TBSCertList
    DerValue[] d2 = new DerInputStream(d1.data.getSequence(0)[4].toByteArray()).getSequence(0);
    if (d2.length != expected.length) {
        throw new Exception("Wrong count in raw data, now " + d2.length);
    }
    for (int i = 0; i < d2.length; i++) {
        // Serial is first in revokedCertificates entry
        BigInteger bi = d2[i].data.getBigInteger();
        if (!bi.equals(expected[i])) {
            throw new Exception("Entry at #" + i + " is " + bi + ", should be " + expected[i]);
        }
    }
}

Example 19 with DerInputStream

use of sun.security.util.DerInputStream in project j2objc by google.

the class PKCS9Attributes method decode.

/**
     * Decode this set of PKCS9 attributes from the contents of its
     * DER encoding. Ignores unsupported attributes when directed.
     *
     * @param in
     * the contents of the DER encoding of the attribute set.
     *
     * @exception IOException
     * on i/o error, encoding syntax error, unacceptable or
     * unsupported attribute, or duplicate attribute.
     */
private byte[] decode(DerInputStream in) throws IOException {
    DerValue val = in.getDerValue();
    // save the DER encoding with its proper tag byte.
    byte[] derEncoding = val.toByteArray();
    derEncoding[0] = DerValue.tag_SetOf;
    DerInputStream derIn = new DerInputStream(derEncoding);
    DerValue[] derVals = derIn.getSet(3, true);
    PKCS9Attribute attrib;
    ObjectIdentifier oid;
    boolean reuseEncoding = true;
    for (int i = 0; i < derVals.length; i++) {
        try {
            attrib = new PKCS9Attribute(derVals[i]);
        } catch (ParsingException e) {
            if (ignoreUnsupportedAttributes) {
                // cannot reuse supplied DER encoding
                reuseEncoding = false;
                // skip
                continue;
            } else {
                throw e;
            }
        }
        oid = attrib.getOID();
        if (attributes.get(oid) != null)
            throw new IOException("Duplicate PKCS9 attribute: " + oid);
        if (permittedAttributes != null && !permittedAttributes.containsKey(oid))
            throw new IOException("Attribute " + oid + " not permitted in this attribute set");
        attributes.put(oid, attrib);
    }
    return reuseEncoding ? derEncoding : generateDerEncoding();
}

Example 20 with DerInputStream

use of sun.security.util.DerInputStream in project dbeaver by serge-rider.

the class PKCS1Util method loadPrivateKeyFromPKCS1.

public static PrivateKey loadPrivateKeyFromPKCS1(String privateKeyPem) throws GeneralSecurityException, IOException {
    DerInputStream derReader = new DerInputStream(Base64.decode(privateKeyPem));
    DerValue[] seq = derReader.getSequence(0);
    if (seq.length < 9) {
        throw new GeneralSecurityException("Could not parse a PKCS1 private key.");
    }
    // skip version seq[0];
    BigInteger modulus = seq[1].getBigInteger();
    BigInteger publicExp = seq[2].getBigInteger();
    BigInteger privateExp = seq[3].getBigInteger();
    BigInteger prime1 = seq[4].getBigInteger();
    BigInteger prime2 = seq[5].getBigInteger();
    BigInteger exp1 = seq[6].getBigInteger();
    BigInteger exp2 = seq[7].getBigInteger();
    BigInteger crtCoef = seq[8].getBigInteger();
    RSAPrivateCrtKeySpec keySpec = new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp, prime1, prime2, exp1, exp2, crtCoef);
    KeyFactory factory = KeyFactory.getInstance("RSA");
    return factory.generatePrivate(keySpec);
}