Example 76 with DerOutputStream
use of sun.security.util.DerOutputStream in project jdk8u_jdk by JetBrains.
the class InhibitAnyPolicyExtension method encode.
/**
* Encode this extension value to the output stream.
*
* @param out the DerOutputStream to encode the extension to.
*/
public void encode(OutputStream out) throws IOException {
DerOutputStream tmp = new DerOutputStream();
if (extensionValue == null) {
this.extensionId = PKIXExtensions.InhibitAnyPolicy_Id;
critical = true;
encodeThis();
}
super.encode(tmp);
out.write(tmp.toByteArray());
}
Also used :
DerOutputStream(sun.security.util.DerOutputStream)
Example 77 with DerOutputStream
use of sun.security.util.DerOutputStream in project jdk8u_jdk by JetBrains.
the class InhibitAnyPolicyExtension method encodeThis.
// Encode this extension value
private void encodeThis() throws IOException {
DerOutputStream out = new DerOutputStream();
out.putInteger(skipCerts);
this.extensionValue = out.toByteArray();
}
Also used :
DerOutputStream(sun.security.util.DerOutputStream)
Example 78 with DerOutputStream
use of sun.security.util.DerOutputStream in project jdk8u_jdk by JetBrains.
the class IssuingDistributionPointExtension method encodeThis.
// Encodes this extension value
private void encodeThis() throws IOException {
if (distributionPoint == null && revocationReasons == null && !hasOnlyUserCerts && !hasOnlyCACerts && !hasOnlyAttributeCerts && !isIndirectCRL) {
this.extensionValue = null;
return;
}
DerOutputStream tagged = new DerOutputStream();
if (distributionPoint != null) {
DerOutputStream tmp = new DerOutputStream();
distributionPoint.encode(tmp);
tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, true, TAG_DISTRIBUTION_POINT), tmp);
}
if (hasOnlyUserCerts) {
DerOutputStream tmp = new DerOutputStream();
tmp.putBoolean(hasOnlyUserCerts);
tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_ONLY_USER_CERTS), tmp);
}
if (hasOnlyCACerts) {
DerOutputStream tmp = new DerOutputStream();
tmp.putBoolean(hasOnlyCACerts);
tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_ONLY_CA_CERTS), tmp);
}
if (revocationReasons != null) {
DerOutputStream tmp = new DerOutputStream();
revocationReasons.encode(tmp);
tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_ONLY_SOME_REASONS), tmp);
}
if (isIndirectCRL) {
DerOutputStream tmp = new DerOutputStream();
tmp.putBoolean(isIndirectCRL);
tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_INDIRECT_CRL), tmp);
}
if (hasOnlyAttributeCerts) {
DerOutputStream tmp = new DerOutputStream();
tmp.putBoolean(hasOnlyAttributeCerts);
tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_ONLY_ATTRIBUTE_CERTS), tmp);
}
DerOutputStream seq = new DerOutputStream();
seq.write(DerValue.tag_Sequence, tagged);
this.extensionValue = seq.toByteArray();
}
Also used :
DerOutputStream(sun.security.util.DerOutputStream)
Example 79 with DerOutputStream
use of sun.security.util.DerOutputStream in project jdk8u_jdk by JetBrains.
the class X509CertSelectorTest method testPathToName.
/*
* Tests matching on the name constraints extension contained in the
* certificate.
*/
private void testPathToName() throws IOException {
System.out.println("X.509 Certificate Match on pathToName");
X509CertSelector selector = null;
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.30"));
byte[] encoded = in.getOctetString();
NameConstraintsExtension ext = new NameConstraintsExtension(false, encoded);
GeneralSubtrees permitted = (GeneralSubtrees) ext.get(PERMITTED_SUBTREES);
GeneralSubtrees excluded = (GeneralSubtrees) ext.get(EXCLUDED_SUBTREES);
// bad matches on pathToName within excluded subtrees
if (excluded != null) {
Iterator<GeneralSubtree> e = excluded.iterator();
while (e.hasNext()) {
GeneralSubtree tree = e.next();
if (tree.getName().getType() == NAME_DIRECTORY) {
X500Name excludedDN1 = new X500Name(tree.getName().toString());
X500Name excludedDN2 = new X500Name("CN=Bogus, " + tree.getName().toString());
DerOutputStream derDN1 = new DerOutputStream();
DerOutputStream derDN2 = new DerOutputStream();
excludedDN1.encode(derDN1);
excludedDN2.encode(derDN2);
selector = new X509CertSelector();
selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray());
checkMatch(selector, cert, false);
selector.setPathToNames(null);
selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray());
checkMatch(selector, cert, false);
}
}
}
// good matches on pathToName within permitted subtrees
if (permitted != null) {
Iterator<GeneralSubtree> e = permitted.iterator();
while (e.hasNext()) {
GeneralSubtree tree = e.next();
if (tree.getName().getType() == NAME_DIRECTORY) {
X500Name permittedDN1 = new X500Name(tree.getName().toString());
X500Name permittedDN2 = new X500Name("CN=good, " + tree.getName().toString());
DerOutputStream derDN1 = new DerOutputStream();
DerOutputStream derDN2 = new DerOutputStream();
permittedDN1.encode(derDN1);
permittedDN2.encode(derDN2);
selector = new X509CertSelector();
selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray());
checkMatch(selector, cert, true);
selector.setPathToNames(null);
selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray());
checkMatch(selector, cert, true);
}
}
}
}
Also used :
DerOutputStream(sun.security.util.DerOutputStream)
GeneralSubtrees(sun.security.x509.GeneralSubtrees)
X509CertSelector(java.security.cert.X509CertSelector)
DerInputStream(sun.security.util.DerInputStream)
NameConstraintsExtension(sun.security.x509.NameConstraintsExtension)
GeneralSubtree(sun.security.x509.GeneralSubtree)
X500Name(sun.security.x509.X500Name)
Example 80 with DerOutputStream
use of sun.security.util.DerOutputStream in project jdk8u_jdk by JetBrains.
the class GSSNameImpl method export.
/**
* Returns a flat name representation for this object. The name
* format is defined in RFC 2743:
*<pre>
* Length Name Description
* 2 TOK_ID Token Identifier
* For exported name objects, this
* must be hex 04 01.
* 2 MECH_OID_LEN Length of the Mechanism OID
* MECH_OID_LEN MECH_OID Mechanism OID, in DER
* 4 NAME_LEN Length of name
* NAME_LEN NAME Exported name; format defined in
* applicable mechanism draft.
*</pre>
*
* Note that it is not required to canonicalize a name before
* calling export(). i.e., the name need not be an MN. If it is
* not an MN, an implementation defined algorithm can be used for
* choosing the mechanism which should export this name.
*
* @return the flat name representation for this object
* @exception GSSException with major codes NAME_NOT_MN, BAD_NAME,
* BAD_NAME, FAILURE.
*/
public byte[] export() throws GSSException {
if (mechElement == null) {
/* Use default mech */
mechElement = getElement(ProviderList.DEFAULT_MECH_OID);
}
byte[] mechPortion = mechElement.export();
byte[] oidBytes = null;
ObjectIdentifier oid = null;
try {
oid = new ObjectIdentifier(mechElement.getMechanism().toString());
} catch (IOException e) {
throw new GSSExceptionImpl(GSSException.FAILURE, "Invalid OID String ");
}
DerOutputStream dout = new DerOutputStream();
try {
dout.putOID(oid);
} catch (IOException e) {
throw new GSSExceptionImpl(GSSException.FAILURE, "Could not ASN.1 Encode " + oid.toString());
}
oidBytes = dout.toByteArray();
byte[] retVal = new byte[2 + 2 + oidBytes.length + 4 + mechPortion.length];
int pos = 0;
retVal[pos++] = 0x04;
retVal[pos++] = 0x01;
retVal[pos++] = (byte) (oidBytes.length >>> 8);
retVal[pos++] = (byte) oidBytes.length;
System.arraycopy(oidBytes, 0, retVal, pos, oidBytes.length);
pos += oidBytes.length;
retVal[pos++] = (byte) (mechPortion.length >>> 24);
retVal[pos++] = (byte) (mechPortion.length >>> 16);
retVal[pos++] = (byte) (mechPortion.length >>> 8);
retVal[pos++] = (byte) mechPortion.length;
System.arraycopy(mechPortion, 0, retVal, pos, mechPortion.length);
return retVal;
}
Also used :
DerOutputStream(sun.security.util.DerOutputStream)
IOException(java.io.IOException)
ObjectIdentifier(sun.security.util.ObjectIdentifier)
Aggregations
DerOutputStream (sun.security.util.DerOutputStream)125
IOException (java.io.IOException)17
DerValue (sun.security.util.DerValue)11
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
CertificateException (java.security.cert.CertificateException)9
X509Certificate (java.security.cert.X509Certificate)9
ObjectIdentifier (sun.security.util.ObjectIdentifier)9
AlgorithmId (sun.security.x509.AlgorithmId)7
KeyStoreException (java.security.KeyStoreException)6
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6
UnrecoverableEntryException (java.security.UnrecoverableEntryException)6
UnrecoverableKeyException (java.security.UnrecoverableKeyException)6
SecretKey (javax.crypto.SecretKey)6
DestroyFailedException (javax.security.auth.DestroyFailedException)6
ContentInfo (sun.security.pkcs.ContentInfo)6
BitArray (sun.security.util.BitArray)6
Date (java.util.Date)4
PKCS7 (sun.security.pkcs.PKCS7)4
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3
InvalidKeyException (java.security.InvalidKeyException)3
