Search in sources :

Example 21 with DerOutputStream

use of sun.security.util.DerOutputStream in project jdk8u_jdk by JetBrains.

the class PKCS9Attribute method derEncode.

/**
     * Write the DER encoding of this attribute to an output stream.
     *
     * <P> N.B.: This method always encodes values of
     * ChallengePassword and UnstructuredAddress attributes as ASN.1
     * <code>PrintableString</code>s, without checking whether they
     * should be encoded as <code>T61String</code>s.
     */
public void derEncode(OutputStream out) throws IOException {
    DerOutputStream temp = new DerOutputStream();
    temp.putOID(oid);
    switch(index) {
        case // Unknown
        -1:
            temp.write((byte[]) value);
            break;
        // email address
        case 1:
        case // unstructured name
        2:
            {
                // open scope
                String[] values = (String[]) value;
                DerOutputStream[] temps = new DerOutputStream[values.length];
                for (int i = 0; i < values.length; i++) {
                    temps[i] = new DerOutputStream();
                    temps[i].putIA5String(values[i]);
                }
                temp.putOrderedSetOf(DerValue.tag_Set, temps);
            }
            // close scope
            break;
        case // content type
        3:
            {
                DerOutputStream temp2 = new DerOutputStream();
                temp2.putOID((ObjectIdentifier) value);
                temp.write(DerValue.tag_Set, temp2.toByteArray());
            }
            break;
        case // message digest
        4:
            {
                DerOutputStream temp2 = new DerOutputStream();
                temp2.putOctetString((byte[]) value);
                temp.write(DerValue.tag_Set, temp2.toByteArray());
            }
            break;
        case // signing time
        5:
            {
                DerOutputStream temp2 = new DerOutputStream();
                temp2.putUTCTime((Date) value);
                temp.write(DerValue.tag_Set, temp2.toByteArray());
            }
            break;
        case // countersignature
        6:
            temp.putOrderedSetOf(DerValue.tag_Set, (DerEncoder[]) value);
            break;
        case // challenge password
        7:
            {
                DerOutputStream temp2 = new DerOutputStream();
                temp2.putPrintableString((String) value);
                temp.write(DerValue.tag_Set, temp2.toByteArray());
            }
            break;
        case // unstructured address
        8:
            {
                // open scope
                String[] values = (String[]) value;
                DerOutputStream[] temps = new DerOutputStream[values.length];
                for (int i = 0; i < values.length; i++) {
                    temps[i] = new DerOutputStream();
                    temps[i].putPrintableString(values[i]);
                }
                temp.putOrderedSetOf(DerValue.tag_Set, temps);
            }
            // close scope
            break;
        case // extended-certificate attribute -- not supported
        9:
            throw new IOException("PKCS9 extended-certificate " + "attribute not supported.");
        // break unnecessary
        case // issuerAndserialNumber attribute -- not supported
        10:
            throw new IOException("PKCS9 IssuerAndSerialNumber" + "attribute not supported.");
        // RSA DSI proprietary
        case 11:
        case // RSA DSI proprietary
        12:
            throw new IOException("PKCS9 RSA DSI attributes" + "11 and 12, not supported.");
        // break unnecessary
        case // S/MIME unused attribute
        13:
            throw new IOException("PKCS9 attribute #13 not supported.");
        case // ExtensionRequest
        14:
            {
                DerOutputStream temp2 = new DerOutputStream();
                CertificateExtensions exts = (CertificateExtensions) value;
                try {
                    exts.encode(temp2, true);
                } catch (CertificateException ex) {
                    throw new IOException(ex.toString());
                }
                temp.write(DerValue.tag_Set, temp2.toByteArray());
            }
            break;
        case // SMIMECapability
        15:
            throw new IOException("PKCS9 attribute #15 not supported.");
        case // SigningCertificate
        16:
            throw new IOException("PKCS9 SigningCertificate attribute not supported.");
        case // SignatureTimestampToken
        17:
            temp.write(DerValue.tag_Set, (byte[]) value);
            break;
        // can't happen
        default:
    }
    DerOutputStream derOut = new DerOutputStream();
    derOut.write(DerValue.tag_Sequence, temp.toByteArray());
    out.write(derOut.toByteArray());
}
Also used : DerOutputStream(sun.security.util.DerOutputStream) DerEncoder(sun.security.util.DerEncoder) CertificateExtensions(sun.security.x509.CertificateExtensions) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) Date(java.util.Date) ObjectIdentifier(sun.security.util.ObjectIdentifier)

Example 22 with DerOutputStream

use of sun.security.util.DerOutputStream in project jdk8u_jdk by JetBrains.

the class KerberosFlags method asn1Encode.

/**
     * Writes the encoded data.
     *
     * @exception IOException if an I/O error occurs while reading encoded data.
     * @return an byte array of encoded KDCOptions.
     */
public byte[] asn1Encode() throws IOException {
    DerOutputStream out = new DerOutputStream();
    out.putUnalignedBitString(bits);
    return out.toByteArray();
}
Also used : DerOutputStream(sun.security.util.DerOutputStream)

Example 23 with DerOutputStream

use of sun.security.util.DerOutputStream in project jdk8u_jdk by JetBrains.

the class EncryptedPrivateKeyInfo method getEncoded.

/**
     * Returns the ASN.1 encoding of this class.
     */
public byte[] getEncoded() throws IOException {
    if (this.encoded != null)
        return this.encoded.clone();
    DerOutputStream out = new DerOutputStream();
    DerOutputStream tmp = new DerOutputStream();
    // encode encryption algorithm
    algid.encode(tmp);
    // encode encrypted data
    tmp.putOctetString(encryptedData);
    // wrap everything into a SEQUENCE
    out.write(DerValue.tag_Sequence, tmp);
    this.encoded = out.toByteArray();
    return this.encoded.clone();
}
Also used : DerOutputStream(sun.security.util.DerOutputStream)

Example 24 with DerOutputStream

use of sun.security.util.DerOutputStream in project jdk8u_jdk by JetBrains.

the class PKCS12KeyStore method createEncryptedData.

/*
     * Create EncryptedData content type, that contains EncryptedContentInfo.
     * Includes certificates in individual SafeBags of type CertBag.
     * Each CertBag may include pkcs12 attributes
     * (see comments in getBagAttributes)
     */
private byte[] createEncryptedData(char[] password) throws CertificateException, IOException {
    DerOutputStream out = new DerOutputStream();
    for (Enumeration<String> e = engineAliases(); e.hasMoreElements(); ) {
        String alias = e.nextElement();
        Entry entry = entries.get(alias);
        // certificate chain
        Certificate[] certs;
        if (entry instanceof PrivateKeyEntry) {
            PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry;
            if (keyEntry.chain != null) {
                certs = keyEntry.chain;
            } else {
                certs = new Certificate[0];
            }
        } else if (entry instanceof CertEntry) {
            certs = new Certificate[] { ((CertEntry) entry).cert };
        } else {
            certs = new Certificate[0];
        }
        for (int i = 0; i < certs.length; i++) {
            // create SafeBag of Type CertBag
            DerOutputStream safeBag = new DerOutputStream();
            safeBag.putOID(CertBag_OID);
            // create a CertBag
            DerOutputStream certBag = new DerOutputStream();
            certBag.putOID(PKCS9CertType_OID);
            // write encoded certs in a context-specific tag
            DerOutputStream certValue = new DerOutputStream();
            X509Certificate cert = (X509Certificate) certs[i];
            certValue.putOctetString(cert.getEncoded());
            certBag.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0), certValue);
            // wrap CertBag in a Sequence
            DerOutputStream certout = new DerOutputStream();
            certout.write(DerValue.tag_Sequence, certBag);
            byte[] certBagValue = certout.toByteArray();
            // Wrap the CertBag encoding in a context-specific tag.
            DerOutputStream bagValue = new DerOutputStream();
            bagValue.write(certBagValue);
            // write SafeBag Value
            safeBag.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0), bagValue);
            // write SafeBag Attributes
            // All Certs should have a unique friendlyName.
            // This change is made to meet NSS requirements.
            byte[] bagAttrs = null;
            if (i == 0) {
                // Only End-Entity Cert should have a localKeyId.
                if (entry instanceof KeyEntry) {
                    KeyEntry keyEntry = (KeyEntry) entry;
                    bagAttrs = getBagAttributes(keyEntry.alias, keyEntry.keyId, keyEntry.attributes);
                } else {
                    CertEntry certEntry = (CertEntry) entry;
                    bagAttrs = getBagAttributes(certEntry.alias, certEntry.keyId, certEntry.trustedKeyUsage, certEntry.attributes);
                }
            } else {
                // Trusted root CA certs and Intermediate CA certs do not
                // need to have a localKeyId, and hence localKeyId is null
                // This change is made to meet NSS/Netscape requirements.
                // NSS pkcs12 library requires trusted CA certs in the
                // certificate chain to have unique or null localKeyID.
                // However, IE/OpenSSL do not impose this restriction.
                bagAttrs = getBagAttributes(cert.getSubjectX500Principal().getName(), null, entry.attributes);
            }
            if (bagAttrs != null) {
                safeBag.write(bagAttrs);
            }
            // wrap as Sequence
            out.write(DerValue.tag_Sequence, safeBag);
        }
    // for cert-chain
    }
    // wrap as SequenceOf SafeBag
    DerOutputStream safeBagValue = new DerOutputStream();
    safeBagValue.write(DerValue.tag_SequenceOf, out);
    byte[] safeBagData = safeBagValue.toByteArray();
    // encrypt the content (EncryptedContentInfo)
    byte[] encrContentInfo = encryptContent(safeBagData, password);
    // -- SEQUENCE of EncryptedData
    DerOutputStream encrData = new DerOutputStream();
    DerOutputStream encrDataContent = new DerOutputStream();
    encrData.putInteger(0);
    encrData.write(encrContentInfo);
    encrDataContent.write(DerValue.tag_Sequence, encrData);
    return encrDataContent.toByteArray();
}
Also used : DerOutputStream(sun.security.util.DerOutputStream) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 25 with DerOutputStream

use of sun.security.util.DerOutputStream in project jdk8u_jdk by JetBrains.

the class PKCS12KeyStore method engineStore.

/**
     * Stores this keystore to the given output stream, and protects its
     * integrity with the given password.
     *
     * @param stream the output stream to which this keystore is written.
     * @param password the password to generate the keystore integrity check
     *
     * @exception IOException if there was an I/O problem with data
     * @exception NoSuchAlgorithmException if the appropriate data integrity
     * algorithm could not be found
     * @exception CertificateException if any of the certificates included in
     * the keystore data could not be stored
     */
public synchronized void engineStore(OutputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException {
    // password is mandatory when storing
    if (password == null) {
        throw new IllegalArgumentException("password can't be null");
    }
    // -- Create PFX
    DerOutputStream pfx = new DerOutputStream();
    // PFX version (always write the latest version)
    DerOutputStream version = new DerOutputStream();
    version.putInteger(VERSION_3);
    byte[] pfxVersion = version.toByteArray();
    pfx.write(pfxVersion);
    // -- Create AuthSafe
    DerOutputStream authSafe = new DerOutputStream();
    // -- Create ContentInfos
    DerOutputStream authSafeContentInfo = new DerOutputStream();
    // -- create safeContent Data ContentInfo
    if (privateKeyCount > 0 || secretKeyCount > 0) {
        if (debug != null) {
            debug.println("Storing " + (privateKeyCount + secretKeyCount) + " protected key(s) in a PKCS#7 data content-type");
        }
        byte[] safeContentData = createSafeContent();
        ContentInfo dataContentInfo = new ContentInfo(safeContentData);
        dataContentInfo.encode(authSafeContentInfo);
    }
    // -- create EncryptedContentInfo
    if (certificateCount > 0) {
        if (debug != null) {
            debug.println("Storing " + certificateCount + " certificate(s) in a PKCS#7 encryptedData content-type");
        }
        byte[] encrData = createEncryptedData(password);
        ContentInfo encrContentInfo = new ContentInfo(ContentInfo.ENCRYPTED_DATA_OID, new DerValue(encrData));
        encrContentInfo.encode(authSafeContentInfo);
    }
    // wrap as SequenceOf ContentInfos
    DerOutputStream cInfo = new DerOutputStream();
    cInfo.write(DerValue.tag_SequenceOf, authSafeContentInfo);
    byte[] authenticatedSafe = cInfo.toByteArray();
    // Create Encapsulated ContentInfo
    ContentInfo contentInfo = new ContentInfo(authenticatedSafe);
    contentInfo.encode(authSafe);
    byte[] authSafeData = authSafe.toByteArray();
    pfx.write(authSafeData);
    // -- MAC
    byte[] macData = calculateMac(password, authenticatedSafe);
    pfx.write(macData);
    // write PFX to output stream
    DerOutputStream pfxout = new DerOutputStream();
    pfxout.write(DerValue.tag_Sequence, pfx);
    byte[] pfxData = pfxout.toByteArray();
    stream.write(pfxData);
    stream.flush();
}
Also used : DerOutputStream(sun.security.util.DerOutputStream) ContentInfo(sun.security.pkcs.ContentInfo) DerValue(sun.security.util.DerValue)

Aggregations

DerOutputStream (sun.security.util.DerOutputStream)79 IOException (java.io.IOException)9 DerValue (sun.security.util.DerValue)8 ObjectIdentifier (sun.security.util.ObjectIdentifier)6 CertificateException (java.security.cert.CertificateException)5 BitArray (sun.security.util.BitArray)5 X509Certificate (java.security.cert.X509Certificate)4 AlgorithmId (sun.security.x509.AlgorithmId)4 KeyStoreException (java.security.KeyStoreException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 UnrecoverableEntryException (java.security.UnrecoverableEntryException)3 UnrecoverableKeyException (java.security.UnrecoverableKeyException)3 CertificateEncodingException (java.security.cert.CertificateEncodingException)3 Date (java.util.Date)3 SecretKey (javax.crypto.SecretKey)3 DestroyFailedException (javax.security.auth.DestroyFailedException)3 ContentInfo (sun.security.pkcs.ContentInfo)3 DerInputStream (sun.security.util.DerInputStream)3 PolicyQualifierInfo (java.security.cert.PolicyQualifierInfo)2 X509CertSelector (java.security.cert.X509CertSelector)2