use of sun.security.util.DerValue in project jdk8u_jdk by JetBrains.
the class X509CertSelectorTest method getCertPubKeyAlgOID.
private ObjectIdentifier getCertPubKeyAlgOID(X509Certificate xcert) throws IOException {
byte[] encodedKey = xcert.getPublicKey().getEncoded();
DerValue val = new DerValue(encodedKey);
if (val.tag != DerValue.tag_Sequence) {
throw new RuntimeException("invalid key format");
}
return AlgorithmId.parse(val.data.getDerValue()).getOID();
}
use of sun.security.util.DerValue in project jdk8u_jdk by JetBrains.
the class PKCS9Attributes method decode.
/**
* Decode this set of PKCS9 attributes from the contents of its
* DER encoding. Ignores unsupported attributes when directed.
*
* @param in
* the contents of the DER encoding of the attribute set.
*
* @exception IOException
* on i/o error, encoding syntax error, unacceptable or
* unsupported attribute, or duplicate attribute.
*/
private byte[] decode(DerInputStream in) throws IOException {
DerValue val = in.getDerValue();
// save the DER encoding with its proper tag byte.
byte[] derEncoding = val.toByteArray();
derEncoding[0] = DerValue.tag_SetOf;
DerInputStream derIn = new DerInputStream(derEncoding);
DerValue[] derVals = derIn.getSet(3, true);
PKCS9Attribute attrib;
ObjectIdentifier oid;
boolean reuseEncoding = true;
for (int i = 0; i < derVals.length; i++) {
try {
attrib = new PKCS9Attribute(derVals[i]);
} catch (ParsingException e) {
if (ignoreUnsupportedAttributes) {
// cannot reuse supplied DER encoding
reuseEncoding = false;
// skip
continue;
} else {
throw e;
}
}
oid = attrib.getOID();
if (attributes.get(oid) != null)
throw new IOException("Duplicate PKCS9 attribute: " + oid);
if (permittedAttributes != null && !permittedAttributes.containsKey(oid))
throw new IOException("Attribute " + oid + " not permitted in this attribute set");
attributes.put(oid, attrib);
}
return reuseEncoding ? derEncoding : generateDerEncoding();
}
use of sun.security.util.DerValue in project jdk8u_jdk by JetBrains.
the class KeyProtector method recover.
/*
* Recovers the plaintext version of the given key (in protected format),
* using the password provided at construction time.
*/
public Key recover(EncryptedPrivateKeyInfo encrInfo) throws UnrecoverableKeyException {
int i;
byte[] digest;
int numRounds;
// offset in xorKey where next digest will be stored
int xorOffset;
// the length of the encrpyted key
int encrKeyLen;
// do we support the algorithm?
AlgorithmId encrAlg = encrInfo.getAlgorithm();
if (!(encrAlg.getOID().toString().equals(KEY_PROTECTOR_OID))) {
throw new UnrecoverableKeyException("Unsupported key protection " + "algorithm");
}
byte[] protectedKey = encrInfo.getEncryptedData();
/*
* Get the salt associated with this key (the first SALT_LEN bytes of
* <code>protectedKey</code>)
*/
byte[] salt = new byte[SALT_LEN];
System.arraycopy(protectedKey, 0, salt, 0, SALT_LEN);
// Determine the number of digest rounds
encrKeyLen = protectedKey.length - SALT_LEN - DIGEST_LEN;
numRounds = encrKeyLen / DIGEST_LEN;
if ((encrKeyLen % DIGEST_LEN) != 0)
numRounds++;
// Get the encrypted key portion and store it in "encrKey"
byte[] encrKey = new byte[encrKeyLen];
System.arraycopy(protectedKey, SALT_LEN, encrKey, 0, encrKeyLen);
// Set up the byte array which will be XORed with "encrKey"
byte[] xorKey = new byte[encrKey.length];
// Compute the digests, and store them in "xorKey"
for (i = 0, xorOffset = 0, digest = salt; i < numRounds; i++, xorOffset += DIGEST_LEN) {
md.update(passwdBytes);
md.update(digest);
digest = md.digest();
md.reset();
// Copy the digest into "xorKey"
if (i < numRounds - 1) {
System.arraycopy(digest, 0, xorKey, xorOffset, digest.length);
} else {
System.arraycopy(digest, 0, xorKey, xorOffset, xorKey.length - xorOffset);
}
}
// XOR "encrKey" with "xorKey", and store the result in "plainKey"
byte[] plainKey = new byte[encrKey.length];
for (i = 0; i < plainKey.length; i++) {
plainKey[i] = (byte) (encrKey[i] ^ xorKey[i]);
}
/*
* Check the integrity of the recovered key by concatenating it with
* the password, digesting the concatenation, and comparing the
* result of the digest operation with the digest provided at the end
* of <code>protectedKey</code>. If the two digest values are
* different, throw an exception.
*/
md.update(passwdBytes);
Arrays.fill(passwdBytes, (byte) 0x00);
passwdBytes = null;
md.update(plainKey);
digest = md.digest();
md.reset();
for (i = 0; i < digest.length; i++) {
if (digest[i] != protectedKey[SALT_LEN + encrKeyLen + i]) {
throw new UnrecoverableKeyException("Cannot recover key");
}
}
// which in turn parses the key material.
try {
return PKCS8Key.parseKey(new DerValue(plainKey));
} catch (IOException ioe) {
throw new UnrecoverableKeyException(ioe.getMessage());
}
}
use of sun.security.util.DerValue in project jdk8u_jdk by JetBrains.
the class DSAParameters method engineInit.
protected void engineInit(byte[] params) throws IOException {
DerValue encodedParams = new DerValue(params);
if (encodedParams.tag != DerValue.tag_Sequence) {
throw new IOException("DSA params parsing error");
}
encodedParams.data.reset();
this.p = encodedParams.data.getBigInteger();
this.q = encodedParams.data.getBigInteger();
this.g = encodedParams.data.getBigInteger();
if (encodedParams.data.available() != 0) {
throw new IOException("encoded params have " + encodedParams.data.available() + " extra bytes");
}
}
use of sun.security.util.DerValue in project jdk8u_jdk by JetBrains.
the class X509CertificatePair method emit.
/* Translate to encoded bytes */
private void emit(DerOutputStream out) throws IOException, CertificateEncodingException {
DerOutputStream tagged = new DerOutputStream();
if (forward != null) {
DerOutputStream tmp = new DerOutputStream();
tmp.putDerValue(new DerValue(forward.getEncoded()));
tagged.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, TAG_FORWARD), tmp);
}
if (reverse != null) {
DerOutputStream tmp = new DerOutputStream();
tmp.putDerValue(new DerValue(reverse.getEncoded()));
tagged.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, TAG_REVERSE), tmp);
}
out.write(DerValue.tag_Sequence, tagged);
}
Aggregations