Example 16 with DerValue
use of sun.security.util.DerValue in project jdk8u_jdk by JetBrains.
the class ResponderId method keyIdToBytes.
/**
* Convert the responderKeyId data member into its DER-encoded form
*
* @return the DER encoding for a responder ID byKey option, including
* explicit context-specific tagging.
*
* @throws IOException if any encoding error occurs
*/
private byte[] keyIdToBytes() throws IOException {
// Place the KeyIdentifier bytes into an OCTET STRING
DerValue inner = new DerValue(DerValue.tag_OctetString, responderKeyId.getIdentifier());
// Mark the OCTET STRING-wrapped KeyIdentifier bytes
// as EXPLICIT CONTEXT 2
DerValue outer = new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) Type.BY_KEY.value()), inner.toByteArray());
return outer.toByteArray();
}
Also used :
DerValue(sun.security.util.DerValue)
Example 17 with DerValue
use of sun.security.util.DerValue in project jdk8u_jdk by JetBrains.
the class TimestampToken method parse.
/*
* Parses the timestamp token info.
*
* @param timestampTokenInfo A buffer containing an ASN.1 BER encoded
* TSTInfo.
* @throws IOException The exception is thrown if a problem is encountered
* while parsing.
*/
private void parse(byte[] timestampTokenInfo) throws IOException {
DerValue tstInfo = new DerValue(timestampTokenInfo);
if (tstInfo.tag != DerValue.tag_Sequence) {
throw new IOException("Bad encoding for timestamp token info");
}
// Parse version
version = tstInfo.data.getInteger();
// Parse policy
policy = tstInfo.data.getOID();
// Parse messageImprint
DerValue messageImprint = tstInfo.data.getDerValue();
hashAlgorithm = AlgorithmId.parse(messageImprint.data.getDerValue());
hashedMessage = messageImprint.data.getOctetString();
// Parse serialNumber
serialNumber = tstInfo.data.getBigInteger();
// Parse genTime
genTime = tstInfo.data.getGeneralizedTime();
// Parse optional elements, if present
while (tstInfo.data.available() > 0) {
DerValue d = tstInfo.data.getDerValue();
if (d.tag == DerValue.tag_Integer) {
// must be the nonce
nonce = d.getBigInteger();
break;
}
// Additional fields:
// Parse accuracy
// Parse ordering
// Parse tsa
// Parse extensions
}
}
Also used :
DerValue(sun.security.util.DerValue)
IOException(java.io.IOException)
Example 18 with DerValue
use of sun.security.util.DerValue in project jdk8u_jdk by JetBrains.
the class Pair method createV3Extensions.
/**
* Create X509v3 extensions from a string representation. Note that the
* SubjectKeyIdentifierExtension will always be created non-critical besides
* the extension requested in the <code>extstr</code> argument.
*
* @param reqex the requested extensions, can be null, used for -gencert
* @param ext the original extensions, can be null, used for -selfcert
* @param extstrs -ext values, Read keytool doc
* @param pkey the public key for the certificate
* @param akey the public key for the authority (issuer)
* @return the created CertificateExtensions
*/
private CertificateExtensions createV3Extensions(CertificateExtensions reqex, CertificateExtensions ext, List<String> extstrs, PublicKey pkey, PublicKey akey) throws Exception {
if (ext != null && reqex != null) {
// This should not happen
throw new Exception("One of request and original should be null.");
}
if (ext == null)
ext = new CertificateExtensions();
try {
// Honoring requested extensions
if (reqex != null) {
for (String extstr : extstrs) {
if (extstr.toLowerCase(Locale.ENGLISH).startsWith("honored=")) {
List<String> list = Arrays.asList(extstr.toLowerCase(Locale.ENGLISH).substring(8).split(","));
// First check existence of "all"
if (list.contains("all")) {
// we know ext was null
ext = reqex;
}
// one by one for others
for (String item : list) {
if (item.equals("all"))
continue;
// add or remove
boolean add = true;
// -1, unchanged, 0 crtical, 1 non-critical
int action = -1;
String type = null;
if (item.startsWith("-")) {
add = false;
type = item.substring(1);
} else {
int colonpos = item.indexOf(':');
if (colonpos >= 0) {
type = item.substring(0, colonpos);
action = oneOf(item.substring(colonpos + 1), "critical", "non-critical");
if (action == -1) {
throw new Exception(rb.getString("Illegal.value.") + item);
}
}
}
String n = reqex.getNameByOid(findOidForExtName(type));
if (add) {
Extension e = reqex.get(n);
if (!e.isCritical() && action == 0 || e.isCritical() && action == 1) {
e = Extension.newExtension(e.getExtensionId(), !e.isCritical(), e.getExtensionValue());
ext.set(n, e);
}
} else {
ext.delete(n);
}
}
break;
}
}
}
for (String extstr : extstrs) {
String name, value;
boolean isCritical = false;
int eqpos = extstr.indexOf('=');
if (eqpos >= 0) {
name = extstr.substring(0, eqpos);
value = extstr.substring(eqpos + 1);
} else {
name = extstr;
value = null;
}
int colonpos = name.indexOf(':');
if (colonpos >= 0) {
if (oneOf(name.substring(colonpos + 1), "critical") == 0) {
isCritical = true;
}
name = name.substring(0, colonpos);
}
if (name.equalsIgnoreCase("honored")) {
continue;
}
int exttype = oneOf(name, extSupported);
switch(exttype) {
case // BC
0:
int pathLen = -1;
boolean isCA = false;
if (value == null) {
isCA = true;
} else {
try {
// the abbr format
pathLen = Integer.parseInt(value);
isCA = true;
} catch (NumberFormatException ufe) {
// ca:true,pathlen:1
for (String part : value.split(",")) {
String[] nv = part.split(":");
if (nv.length != 2) {
throw new Exception(rb.getString("Illegal.value.") + extstr);
} else {
if (nv[0].equalsIgnoreCase("ca")) {
isCA = Boolean.parseBoolean(nv[1]);
} else if (nv[0].equalsIgnoreCase("pathlen")) {
pathLen = Integer.parseInt(nv[1]);
} else {
throw new Exception(rb.getString("Illegal.value.") + extstr);
}
}
}
}
}
ext.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(isCritical, isCA, pathLen));
break;
case // KU
1:
if (value != null) {
boolean[] ok = new boolean[9];
for (String s : value.split(",")) {
int p = oneOf(s, // (0),
"digitalSignature", // (1)
"nonRepudiation", // (2),
"keyEncipherment", // (3),
"dataEncipherment", // (4),
"keyAgreement", // (5),
"keyCertSign", // (6),
"cRLSign", // (7),
"encipherOnly", // (8)
"decipherOnly", // also (1)
"contentCommitment");
if (p < 0) {
throw new Exception(rb.getString("Unknown.keyUsage.type.") + s);
}
if (p == 9)
p = 1;
ok[p] = true;
}
KeyUsageExtension kue = new KeyUsageExtension(ok);
// The above KeyUsageExtension constructor does not
// allow isCritical value, so...
ext.set(KeyUsageExtension.NAME, Extension.newExtension(kue.getExtensionId(), isCritical, kue.getExtensionValue()));
} else {
throw new Exception(rb.getString("Illegal.value.") + extstr);
}
break;
case // EKU
2:
if (value != null) {
Vector<ObjectIdentifier> v = new Vector<>();
for (String s : value.split(",")) {
int p = oneOf(s, "anyExtendedKeyUsage", //1
"serverAuth", //2
"clientAuth", //3
"codeSigning", //4
"emailProtection", //5
"", //6
"", //7
"", //8
"timeStamping", //9
"OCSPSigning");
if (p < 0) {
try {
v.add(new ObjectIdentifier(s));
} catch (Exception e) {
throw new Exception(rb.getString("Unknown.extendedkeyUsage.type.") + s);
}
} else if (p == 0) {
v.add(new ObjectIdentifier("2.5.29.37.0"));
} else {
v.add(new ObjectIdentifier("1.3.6.1.5.5.7.3." + p));
}
}
ext.set(ExtendedKeyUsageExtension.NAME, new ExtendedKeyUsageExtension(isCritical, v));
} else {
throw new Exception(rb.getString("Illegal.value.") + extstr);
}
break;
// SAN
case 3:
case // IAN
4:
if (value != null) {
String[] ps = value.split(",");
GeneralNames gnames = new GeneralNames();
for (String item : ps) {
colonpos = item.indexOf(':');
if (colonpos < 0) {
throw new Exception("Illegal item " + item + " in " + extstr);
}
String t = item.substring(0, colonpos);
String v = item.substring(colonpos + 1);
gnames.add(createGeneralName(t, v));
}
if (exttype == 3) {
ext.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(isCritical, gnames));
} else {
ext.set(IssuerAlternativeNameExtension.NAME, new IssuerAlternativeNameExtension(isCritical, gnames));
}
} else {
throw new Exception(rb.getString("Illegal.value.") + extstr);
}
break;
// SIA, always non-critical
case 5:
case // AIA, always non-critical
6:
if (isCritical) {
throw new Exception(rb.getString("This.extension.cannot.be.marked.as.critical.") + extstr);
}
if (value != null) {
List<AccessDescription> accessDescriptions = new ArrayList<>();
String[] ps = value.split(",");
for (String item : ps) {
colonpos = item.indexOf(':');
int colonpos2 = item.indexOf(':', colonpos + 1);
if (colonpos < 0 || colonpos2 < 0) {
throw new Exception(rb.getString("Illegal.value.") + extstr);
}
String m = item.substring(0, colonpos);
String t = item.substring(colonpos + 1, colonpos2);
String v = item.substring(colonpos2 + 1);
int p = oneOf(m, "", //1
"ocsp", //2
"caIssuers", //3
"timeStamping", "", //5
"caRepository");
ObjectIdentifier oid;
if (p < 0) {
try {
oid = new ObjectIdentifier(m);
} catch (Exception e) {
throw new Exception(rb.getString("Unknown.AccessDescription.type.") + m);
}
} else {
oid = new ObjectIdentifier("1.3.6.1.5.5.7.48." + p);
}
accessDescriptions.add(new AccessDescription(oid, createGeneralName(t, v)));
}
if (exttype == 5) {
ext.set(SubjectInfoAccessExtension.NAME, new SubjectInfoAccessExtension(accessDescriptions));
} else {
ext.set(AuthorityInfoAccessExtension.NAME, new AuthorityInfoAccessExtension(accessDescriptions));
}
} else {
throw new Exception(rb.getString("Illegal.value.") + extstr);
}
break;
case // CRL, experimental, only support 1 distributionpoint
8:
if (value != null) {
String[] ps = value.split(",");
GeneralNames gnames = new GeneralNames();
for (String item : ps) {
colonpos = item.indexOf(':');
if (colonpos < 0) {
throw new Exception("Illegal item " + item + " in " + extstr);
}
String t = item.substring(0, colonpos);
String v = item.substring(colonpos + 1);
gnames.add(createGeneralName(t, v));
}
ext.set(CRLDistributionPointsExtension.NAME, new CRLDistributionPointsExtension(isCritical, Collections.singletonList(new DistributionPoint(gnames, null, null))));
} else {
throw new Exception(rb.getString("Illegal.value.") + extstr);
}
break;
case -1:
ObjectIdentifier oid = new ObjectIdentifier(name);
byte[] data = null;
if (value != null) {
data = new byte[value.length() / 2 + 1];
int pos = 0;
for (char c : value.toCharArray()) {
int hex;
if (c >= '0' && c <= '9') {
hex = c - '0';
} else if (c >= 'A' && c <= 'F') {
hex = c - 'A' + 10;
} else if (c >= 'a' && c <= 'f') {
hex = c - 'a' + 10;
} else {
continue;
}
if (pos % 2 == 0) {
data[pos / 2] = (byte) (hex << 4);
} else {
data[pos / 2] += hex;
}
pos++;
}
if (pos % 2 != 0) {
throw new Exception(rb.getString("Odd.number.of.hex.digits.found.") + extstr);
}
data = Arrays.copyOf(data, pos / 2);
} else {
data = new byte[0];
}
ext.set(oid.toString(), new Extension(oid, isCritical, new DerValue(DerValue.tag_OctetString, data).toByteArray()));
break;
default:
throw new Exception(rb.getString("Unknown.extension.type.") + extstr);
}
}
// always non-critical
ext.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(pkey).getIdentifier()));
if (akey != null && !pkey.equals(akey)) {
ext.set(AuthorityKeyIdentifierExtension.NAME, new AuthorityKeyIdentifierExtension(new KeyIdentifier(akey), null, null));
}
} catch (IOException e) {
throw new RuntimeException(e);
}
return ext;
}
Also used :
DerValue(sun.security.util.DerValue)
ObjectIdentifier(sun.security.util.ObjectIdentifier)
KeyStoreException(java.security.KeyStoreException)
UnrecoverableEntryException(java.security.UnrecoverableEntryException)
CertStoreException(java.security.cert.CertStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
CertificateException(java.security.cert.CertificateException)
Example 19 with DerValue
use of sun.security.util.DerValue in project jdk8u_jdk by JetBrains.
the class KeyImpl method readObject.
private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
try {
EncryptionKey encKey = new EncryptionKey(new DerValue((byte[]) ois.readObject()));
keyType = encKey.getEType();
keyBytes = encKey.getBytes();
} catch (Asn1Exception ae) {
throw new IOException(ae.getMessage());
}
}
Also used :
DerValue(sun.security.util.DerValue)
EncryptionKey(sun.security.krb5.EncryptionKey)
Asn1Exception(sun.security.krb5.Asn1Exception)
Example 20 with DerValue
use of sun.security.util.DerValue in project jdk8u_jdk by JetBrains.
the class VerifierWrapper method getServername.
/*
* Extract the name of the SSL server from the certificate.
*
* Note this code is essentially a subset of the hostname extraction
* code in HostnameChecker.
*/
private static String getServername(X509Certificate peerCert) {
try {
// compare to subjectAltNames if dnsName is present
Collection<List<?>> subjAltNames = peerCert.getSubjectAlternativeNames();
if (subjAltNames != null) {
for (Iterator<List<?>> itr = subjAltNames.iterator(); itr.hasNext(); ) {
List<?> next = itr.next();
if (((Integer) next.get(0)).intValue() == 2) {
// compare dNSName with host in url
String dnsName = ((String) next.get(1));
return dnsName;
}
}
}
// else check against common name in the subject field
X500Name subject = HostnameChecker.getSubjectX500Name(peerCert);
DerValue derValue = subject.findMostSpecificAttribute(X500Name.commonName_oid);
if (derValue != null) {
try {
String name = derValue.getAsString();
return name;
} catch (IOException e) {
// ignore
}
}
} catch (java.security.cert.CertificateException e) {
// ignore
}
return null;
}
Also used :
DerValue(sun.security.util.DerValue)
List(java.util.List)
java.security.cert(java.security.cert)
X500Name(sun.security.x509.X500Name)
IOException(java.io.IOException)
Aggregations
DerValue (sun.security.util.DerValue)72
DerInputStream (sun.security.util.DerInputStream)26
IOException (java.io.IOException)25
ObjectIdentifier (sun.security.util.ObjectIdentifier)17
CertificateException (java.security.cert.CertificateException)12
DerOutputStream (sun.security.util.DerOutputStream)11
UnrecoverableKeyException (java.security.UnrecoverableKeyException)10
BigInteger (java.math.BigInteger)9
KeyStoreException (java.security.KeyStoreException)9
X509Certificate (java.security.cert.X509Certificate)9
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8
UnrecoverableEntryException (java.security.UnrecoverableEntryException)8
CertificateFactory (java.security.cert.CertificateFactory)7
DestroyFailedException (javax.security.auth.DestroyFailedException)6
X500Principal (javax.security.auth.x500.X500Principal)6
X509CertImpl (sun.security.x509.X509CertImpl)6
AlgorithmId (sun.security.x509.AlgorithmId)5
AlgorithmParameters (java.security.AlgorithmParameters)4
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)4
KeyFactory (java.security.KeyFactory)4
