Examples with DerInputStream sun.security.util.DerInputStream used on opensource projects

Example 26 with DerInputStream

use of sun.security.util.DerInputStream in project jdk8u_jdk by JetBrains.

the class X509CertSelectorTest method testPrivateKeyValid.

/*
     * Tests matching on the private key validity component contained in the
     * certificate.
     */
private void testPrivateKeyValid() throws IOException, CertificateException {
    System.out.println("X.509 Certificate Match on privateKeyValid");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Calendar cal = Calendar.getInstance();
    cal.set(1968, 12, 31);
    selector.setPrivateKeyValid(cal.getTime());
    checkMatch(selector, cert, false);
    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16"));
    byte[] encoded = in.getOctetString();
    PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded);
    Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
    selector.setPrivateKeyValid(validDate);
    checkMatch(selector, cert, true);
}

Example 27 with DerInputStream

use of sun.security.util.DerInputStream in project jdk8u_jdk by JetBrains.

the class X509CertSelectorTest method testSubjectKeyIdentifier.

/*
     * Tests matching on the subject key identifier contained in the
     * certificate.
     */
private void testSubjectKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on subjectKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    selector.setSubjectKeyIdentifier(b);
    checkMatch(selector, cert, false);
    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.14"));
    byte[] encoded = in.getOctetString();
    selector.setSubjectKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}

Example 28 with DerInputStream

use of sun.security.util.DerInputStream in project jdk8u_jdk by JetBrains.

the class X509CertSelectorTest method testPolicy.

/*
     * Tests matching on the policy constraints extension contained in the
     * certificate.
     */
private void testPolicy() throws IOException {
    System.out.println("X.509 Certificate Match on certificatePolicies");
    // test encoding of CertificatePoliciesExtension because we wrote the
    // code
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Set<String> s = new HashSet<>();
    s.add(new String("1.2.5.7.68"));
    selector.setPolicy(s);
    checkMatch(selector, cert, false);
    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
    CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
    List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
    // match on the first policy id
    PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
    s.clear();
    s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
    selector.setPolicy(s);
    checkMatch(selector, cert, true);
}

Example 29 with DerInputStream

use of sun.security.util.DerInputStream in project jdk8u_jdk by JetBrains.

the class X509CertSelectorTest method testPathToName.

/*
     * Tests matching on the name constraints extension contained in the
     * certificate.
     */
private void testPathToName() throws IOException {
    System.out.println("X.509 Certificate Match on pathToName");
    X509CertSelector selector = null;
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.30"));
    byte[] encoded = in.getOctetString();
    NameConstraintsExtension ext = new NameConstraintsExtension(false, encoded);
    GeneralSubtrees permitted = (GeneralSubtrees) ext.get(PERMITTED_SUBTREES);
    GeneralSubtrees excluded = (GeneralSubtrees) ext.get(EXCLUDED_SUBTREES);
    // bad matches on pathToName within excluded subtrees
    if (excluded != null) {
        Iterator<GeneralSubtree> e = excluded.iterator();
        while (e.hasNext()) {
            GeneralSubtree tree = e.next();
            if (tree.getName().getType() == NAME_DIRECTORY) {
                X500Name excludedDN1 = new X500Name(tree.getName().toString());
                X500Name excludedDN2 = new X500Name("CN=Bogus, " + tree.getName().toString());
                DerOutputStream derDN1 = new DerOutputStream();
                DerOutputStream derDN2 = new DerOutputStream();
                excludedDN1.encode(derDN1);
                excludedDN2.encode(derDN2);
                selector = new X509CertSelector();
                selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray());
                checkMatch(selector, cert, false);
                selector.setPathToNames(null);
                selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray());
                checkMatch(selector, cert, false);
            }
        }
    }
    // good matches on pathToName within permitted subtrees
    if (permitted != null) {
        Iterator<GeneralSubtree> e = permitted.iterator();
        while (e.hasNext()) {
            GeneralSubtree tree = e.next();
            if (tree.getName().getType() == NAME_DIRECTORY) {
                X500Name permittedDN1 = new X500Name(tree.getName().toString());
                X500Name permittedDN2 = new X500Name("CN=good, " + tree.getName().toString());
                DerOutputStream derDN1 = new DerOutputStream();
                DerOutputStream derDN2 = new DerOutputStream();
                permittedDN1.encode(derDN1);
                permittedDN2.encode(derDN2);
                selector = new X509CertSelector();
                selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray());
                checkMatch(selector, cert, true);
                selector.setPathToNames(null);
                selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray());
                checkMatch(selector, cert, true);
            }
        }
    }
}

Example 30 with DerInputStream

use of sun.security.util.DerInputStream in project jdk8u_jdk by JetBrains.

the class PKCS9Attributes method decode.

/**
     * Decode this set of PKCS9 attributes from the contents of its
     * DER encoding. Ignores unsupported attributes when directed.
     *
     * @param in
     * the contents of the DER encoding of the attribute set.
     *
     * @exception IOException
     * on i/o error, encoding syntax error, unacceptable or
     * unsupported attribute, or duplicate attribute.
     */
private byte[] decode(DerInputStream in) throws IOException {
    DerValue val = in.getDerValue();
    // save the DER encoding with its proper tag byte.
    byte[] derEncoding = val.toByteArray();
    derEncoding[0] = DerValue.tag_SetOf;
    DerInputStream derIn = new DerInputStream(derEncoding);
    DerValue[] derVals = derIn.getSet(3, true);
    PKCS9Attribute attrib;
    ObjectIdentifier oid;
    boolean reuseEncoding = true;
    for (int i = 0; i < derVals.length; i++) {
        try {
            attrib = new PKCS9Attribute(derVals[i]);
        } catch (ParsingException e) {
            if (ignoreUnsupportedAttributes) {
                // cannot reuse supplied DER encoding
                reuseEncoding = false;
                // skip
                continue;
            } else {
                throw e;
            }
        }
        oid = attrib.getOID();
        if (attributes.get(oid) != null)
            throw new IOException("Duplicate PKCS9 attribute: " + oid);
        if (permittedAttributes != null && !permittedAttributes.containsKey(oid))
            throw new IOException("Attribute " + oid + " not permitted in this attribute set");
        attributes.put(oid, attrib);
    }
    return reuseEncoding ? derEncoding : generateDerEncoding();
}