Example 31 with X509CertImpl
use of sun.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.
the class PKCS7 method parseNetscapeCertChain.
private void parseNetscapeCertChain(DerValue val) throws ParsingException, IOException {
DerInputStream dis = new DerInputStream(val.toByteArray());
DerValue[] contents = dis.getSequence(2);
certificates = new X509Certificate[contents.length];
CertificateFactory certfac = null;
try {
certfac = CertificateFactory.getInstance("X.509");
} catch (CertificateException ce) {
// do nothing
}
for (int i = 0; i < contents.length; i++) {
ByteArrayInputStream bais = null;
try {
if (certfac == null)
certificates[i] = new X509CertImpl(contents[i]);
else {
byte[] encoded = contents[i].toByteArray();
bais = new ByteArrayInputStream(encoded);
certificates[i] = (X509Certificate) certfac.generateCertificate(bais);
bais.close();
bais = null;
}
} catch (CertificateException ce) {
ParsingException pe = new ParsingException(ce.getMessage());
pe.initCause(ce);
throw pe;
} catch (IOException ioe) {
ParsingException pe = new ParsingException(ioe.getMessage());
pe.initCause(ioe);
throw pe;
} finally {
if (bais != null)
bais.close();
}
}
}
Also used :
X509CertImpl(sun.security.x509.X509CertImpl)
CertificateException(java.security.cert.CertificateException)
CertificateFactory(java.security.cert.CertificateFactory)
Example 32 with X509CertImpl
use of sun.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.
the class PKCS7 method parseSignedData.
private void parseSignedData(DerValue val) throws ParsingException, IOException {
DerInputStream dis = val.toDerInputStream();
// Version
version = dis.getBigInteger();
// digestAlgorithmIds
DerValue[] digestAlgorithmIdVals = dis.getSet(1);
int len = digestAlgorithmIdVals.length;
digestAlgorithmIds = new AlgorithmId[len];
try {
for (int i = 0; i < len; i++) {
DerValue oid = digestAlgorithmIdVals[i];
digestAlgorithmIds[i] = AlgorithmId.parse(oid);
}
} catch (IOException e) {
ParsingException pe = new ParsingException("Error parsing digest AlgorithmId IDs: " + e.getMessage());
pe.initCause(e);
throw pe;
}
// contentInfo
contentInfo = new ContentInfo(dis);
CertificateFactory certfac = null;
try {
certfac = CertificateFactory.getInstance("X.509");
} catch (CertificateException ce) {
// do nothing
}
/*
* check if certificates (implicit tag) are provided
* (certificates are OPTIONAL)
*/
if ((byte) (dis.peekByte()) == (byte) 0xA0) {
DerValue[] certVals = dis.getSet(2, true);
len = certVals.length;
certificates = new X509Certificate[len];
int count = 0;
for (int i = 0; i < len; i++) {
ByteArrayInputStream bais = null;
try {
byte tag = certVals[i].getTag();
// CertificateChoices ignored.
if (tag == DerValue.tag_Sequence) {
if (certfac == null) {
certificates[count] = new X509CertImpl(certVals[i]);
} else {
byte[] encoded = certVals[i].toByteArray();
bais = new ByteArrayInputStream(encoded);
certificates[count] = (X509Certificate) certfac.generateCertificate(bais);
bais.close();
bais = null;
}
count++;
}
} catch (CertificateException ce) {
ParsingException pe = new ParsingException(ce.getMessage());
pe.initCause(ce);
throw pe;
} catch (IOException ioe) {
ParsingException pe = new ParsingException(ioe.getMessage());
pe.initCause(ioe);
throw pe;
} finally {
if (bais != null)
bais.close();
}
}
if (count != len) {
certificates = Arrays.copyOf(certificates, count);
}
}
// check if crls (implicit tag) are provided (crls are OPTIONAL)
if ((byte) (dis.peekByte()) == (byte) 0xA1) {
DerValue[] crlVals = dis.getSet(1, true);
len = crlVals.length;
crls = new X509CRL[len];
for (int i = 0; i < len; i++) {
ByteArrayInputStream bais = null;
try {
if (certfac == null)
crls[i] = new X509CRLImpl(crlVals[i]);
else {
byte[] encoded = crlVals[i].toByteArray();
bais = new ByteArrayInputStream(encoded);
crls[i] = (X509CRL) certfac.generateCRL(bais);
bais.close();
bais = null;
}
} catch (CRLException e) {
ParsingException pe = new ParsingException(e.getMessage());
pe.initCause(e);
throw pe;
} finally {
if (bais != null)
bais.close();
}
}
}
// signerInfos
DerValue[] signerInfoVals = dis.getSet(1);
len = signerInfoVals.length;
signerInfos = new SignerInfo[len];
for (int i = 0; i < len; i++) {
DerInputStream in = signerInfoVals[i].toDerInputStream();
signerInfos[i] = new SignerInfo(in);
}
}
Also used :
CertificateException(java.security.cert.CertificateException)
CertificateFactory(java.security.cert.CertificateFactory)
X509CertImpl(sun.security.x509.X509CertImpl)
X509CRLImpl(sun.security.x509.X509CRLImpl)
CRLException(java.security.cert.CRLException)
Example 33 with X509CertImpl
use of sun.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.
the class X509Factory method engineGenerateCertificate.
/**
* Generates an X.509 certificate object and initializes it with
* the data read from the input stream <code>is</code>.
*
* @param is an input stream with the certificate data.
*
* @return an X.509 certificate object initialized with the data
* from the input stream.
*
* @exception CertificateException on parsing errors.
*/
@Override
public Certificate engineGenerateCertificate(InputStream is) throws CertificateException {
if (is == null) {
// clear the caches (for debugging)
certCache.clear();
X509CertificatePair.clearCache();
throw new CertificateException("Missing input stream");
}
try {
byte[] encoding = readOneBlock(is);
if (encoding != null) {
X509CertImpl cert = getFromCache(certCache, encoding);
if (cert != null) {
return cert;
}
cert = new X509CertImpl(encoding);
addToCache(certCache, cert.getEncodedInternal(), cert);
return cert;
} else {
throw new IOException("Empty input");
}
} catch (IOException ioe) {
throw new CertificateException("Could not parse certificate: " + ioe.toString(), ioe);
}
}
Also used :
X509CertImpl(sun.security.x509.X509CertImpl)
Example 34 with X509CertImpl
use of sun.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.
the class X509Factory method parseX509orPKCS7Cert.
/*
* Parses the data in the given input stream as a sequence of DER
* encoded X.509 certificates (in binary or base 64 encoded format) OR
* as a single PKCS#7 encoded blob (in binary or base64 encoded format).
*/
private Collection<? extends java.security.cert.Certificate> parseX509orPKCS7Cert(InputStream is) throws CertificateException, IOException {
int peekByte;
byte[] data;
PushbackInputStream pbis = new PushbackInputStream(is);
Collection<X509CertImpl> coll = new ArrayList<>();
// Test the InputStream for end-of-stream. If the stream's
// initial state is already at end-of-stream then return
// an empty collection. Otherwise, push the byte back into the
// stream and let readOneBlock look for the first certificate.
peekByte = pbis.read();
if (peekByte == -1) {
return new ArrayList<>(0);
} else {
pbis.unread(peekByte);
data = readOneBlock(pbis);
}
// data has been found.
if (data == null) {
throw new CertificateException("No certificate data found");
}
try {
PKCS7 pkcs7 = new PKCS7(data);
X509Certificate[] certs = pkcs7.getCertificates();
// certs are optional in PKCS #7
if (certs != null) {
return Arrays.asList(certs);
} else {
// no certificates provided
return new ArrayList<>(0);
}
} catch (ParsingException e) {
while (data != null) {
coll.add(new X509CertImpl(data));
data = readOneBlock(pbis);
}
}
return coll;
}
Also used :
PKCS7(sun.security.pkcs.PKCS7)
X509CertImpl(sun.security.x509.X509CertImpl)
ParsingException(sun.security.pkcs.ParsingException)
Example 35 with X509CertImpl
use of sun.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.
the class PolicyChecker method mergePolicyMapping.
/**
* Merges the specified policyMapping value with the
* inhibitPolicyMapping field of the <code>PolicyConstraints</code>
* extension obtained from the certificate. A policyMapping
* value of -1 implies no constraint.
*
* @param policyMapping an integer which indicates if policy mapping
* is inhibited
* @param currCert the Certificate to be processed
* @return returns the new policyMapping value
* @exception CertPathValidatorException Exception thrown if an error
* occurs
*/
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert) throws CertPathValidatorException {
if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
policyMapping--;
}
try {
PolicyConstraintsExtension polConstExt = currCert.getPolicyConstraintsExtension();
if (polConstExt == null)
return policyMapping;
int inhibit = polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
if (debug != null)
debug.println("PolicyChecker.mergePolicyMapping() " + "inhibit Index from cert = " + inhibit);
if (inhibit != -1) {
if ((policyMapping == -1) || (inhibit < policyMapping)) {
policyMapping = inhibit;
}
}
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.mergePolicyMapping " + "unexpected exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
}
return policyMapping;
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
PolicyConstraintsExtension(sun.security.x509.PolicyConstraintsExtension)
IOException(java.io.IOException)
Aggregations
X509CertImpl (sun.security.x509.X509CertImpl)38
CertificateException (java.security.cert.CertificateException)16
IOException (java.io.IOException)15
CertPathValidatorException (java.security.cert.CertPathValidatorException)10
X500Name (sun.security.x509.X500Name)8
X509CertInfo (sun.security.x509.X509CertInfo)8
CertificateFactory (java.security.cert.CertificateFactory)7
X509Certificate (java.security.cert.X509Certificate)7
BigInteger (java.math.BigInteger)6
AlgorithmId (sun.security.x509.AlgorithmId)6
CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)6
CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)5
CertificateValidity (sun.security.x509.CertificateValidity)5
CertificateVersion (sun.security.x509.CertificateVersion)5
CertificateX509Key (sun.security.x509.CertificateX509Key)5
CRLException (java.security.cert.CRLException)4
DerValue (sun.security.util.DerValue)4
CertificateIssuerName (sun.security.x509.CertificateIssuerName)4
CertificateSubjectName (sun.security.x509.CertificateSubjectName)4
GeneralName (sun.security.x509.GeneralName)4
