Java Code Examples for sun.security.util.DerInputStream#getSequence()
The following examples show how to use
sun.security.util.DerInputStream#getSequence() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: CipherHelper.java From flow-platform-x with Apache License 2.0 | 7 votes |
|
private static PrivateKey toPrivateKey(String key)
throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
String content = key.replaceAll("\\n", "").replace(RsaPrivateKeyStart, "").replace(RsaPrivateKeyEnd, "");
byte[] bytes = Base64.getDecoder().decode(content);
DerInputStream derReader = new DerInputStream(bytes);
DerValue[] seq = derReader.getSequence(0);
// skip version seq[0];
BigInteger modulus = seq[1].getBigInteger();
BigInteger publicExp = seq[2].getBigInteger();
BigInteger privateExp = seq[3].getBigInteger();
BigInteger prime1 = seq[4].getBigInteger();
BigInteger prime2 = seq[5].getBigInteger();
BigInteger exp1 = seq[6].getBigInteger();
BigInteger exp2 = seq[7].getBigInteger();
BigInteger crtCoef = seq[8].getBigInteger();
RSAPrivateCrtKeySpec keySpec =
new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp, prime1, prime2, exp1, exp2, crtCoef);
return keyFactory.generatePrivate(keySpec);
}
Example 2
| Source File: EncryptedPrivateKeyInfo.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 6 votes |
|
@SuppressWarnings("fallthrough")
private static void checkPKCS8Encoding(byte[] encodedKey)
throws IOException {
DerInputStream in = new DerInputStream(encodedKey);
DerValue[] values = in.getSequence(3);
switch (values.length) {
case 4:
checkTag(values[3], DerValue.TAG_CONTEXT, "attributes");
/* fall through */
case 3:
checkTag(values[0], DerValue.tag_Integer, "version");
DerInputStream algid = values[1].toDerInputStream();
algid.getOID();
if (algid.available() != 0) {
algid.getDerValue();
}
checkTag(values[2], DerValue.tag_OctetString, "privateKey");
break;
default:
throw new IOException("invalid key encoding");
}
}
Example 3
| Source File: EncryptedPrivateKeyInfo.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
@SuppressWarnings("fallthrough")
private void checkPKCS8Encoding(byte[] encodedKey)
throws IOException {
DerInputStream in = new DerInputStream(encodedKey);
DerValue[] values = in.getSequence(3);
switch (values.length) {
case 4:
checkTag(values[3], DerValue.TAG_CONTEXT, "attributes");
/* fall through */
case 3:
checkTag(values[0], DerValue.tag_Integer, "version");
keyAlg = AlgorithmId.parse(values[1]).getName();
checkTag(values[2], DerValue.tag_OctetString, "privateKey");
break;
default:
throw new IOException("invalid key encoding");
}
}
Example 4
| Source File: EncryptedPrivateKeyInfo.java From hottub with GNU General Public License v2.0 | 6 votes |
|
@SuppressWarnings("fallthrough")
private static void checkPKCS8Encoding(byte[] encodedKey)
throws IOException {
DerInputStream in = new DerInputStream(encodedKey);
DerValue[] values = in.getSequence(3);
switch (values.length) {
case 4:
checkTag(values[3], DerValue.TAG_CONTEXT, "attributes");
/* fall through */
case 3:
checkTag(values[0], DerValue.tag_Integer, "version");
DerInputStream algid = values[1].toDerInputStream();
algid.getOID();
if (algid.available() != 0) {
algid.getDerValue();
}
checkTag(values[2], DerValue.tag_OctetString, "privateKey");
break;
default:
throw new IOException("invalid key encoding");
}
}
Example 5
| Source File: SimpleOCSPServer.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
/**
* Construct a {@code LocalOcspRequest} from its DER encoding.
*
* @param requestBytes the DER-encoded bytes
*
* @throws IOException if decoding errors occur
* @throws CertificateException if certificates are found in the
* OCSP request and they do not parse correctly.
*/
private LocalOcspRequest(byte[] requestBytes) throws IOException,
CertificateException {
Objects.requireNonNull(requestBytes, "Received null input");
DerInputStream dis = new DerInputStream(requestBytes);
// Parse the top-level structure, it should have no more than
// two elements.
DerValue[] topStructs = dis.getSequence(2);
for (DerValue dv : topStructs) {
if (dv.tag == DerValue.tag_Sequence) {
parseTbsRequest(dv);
} else if (dv.isContextSpecific((byte)0)) {
parseSignature(dv);
} else {
throw new IOException("Unknown tag at top level: " +
dv.tag);
}
}
}
Example 6
| Source File: MacData.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
/**
* Parses a PKCS#12 MAC data.
*/
MacData(DerInputStream derin)
throws IOException, ParsingException
{
DerValue[] macData = derin.getSequence(2);
// Parse the digest info
DerInputStream digestIn = new DerInputStream(macData[0].toByteArray());
DerValue[] digestInfo = digestIn.getSequence(2);
// Parse the DigestAlgorithmIdentifier.
AlgorithmId digestAlgorithmId = AlgorithmId.parse(digestInfo[0]);
this.digestAlgorithmName = digestAlgorithmId.getName();
this.digestAlgorithmParams = digestAlgorithmId.getParameters();
// Get the digest.
this.digest = digestInfo[1].getOctetString();
// Get the salt.
this.macSalt = macData[1].getOctetString();
// Iterations is optional. The default value is 1.
if (macData.length > 2) {
this.iterations = macData[2].getInteger();
} else {
this.iterations = 1;
}
}
Example 7
| Source File: X509CertPath.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Parse a PKIPATH format CertPath from an InputStream. Return an
* unmodifiable List of the certificates.
*
* @param is the <code>InputStream</code> to read the data from
* @return an unmodifiable List of the certificates
* @exception CertificateException if an exception occurs
*/
private static List<X509Certificate> parsePKIPATH(InputStream is)
throws CertificateException {
List<X509Certificate> certList = null;
CertificateFactory certFac = null;
if (is == null) {
throw new CertificateException("input stream is null");
}
try {
DerInputStream dis = new DerInputStream(readAllBytes(is));
DerValue[] seq = dis.getSequence(3);
if (seq.length == 0) {
return Collections.<X509Certificate>emptyList();
}
certFac = CertificateFactory.getInstance("X.509");
certList = new ArrayList<X509Certificate>(seq.length);
// append certs in reverse order (target to trust anchor)
for (int i = seq.length-1; i >= 0; i--) {
certList.add((X509Certificate)certFac.generateCertificate
(new ByteArrayInputStream(seq[i].toByteArray())));
}
return Collections.unmodifiableList(certList);
} catch (IOException ioe) {
throw new CertificateException("IOException parsing PkiPath data: "
+ ioe, ioe);
}
}
Example 8
| Source File: MacData.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Parses a PKCS#12 MAC data.
*/
MacData(DerInputStream derin)
throws IOException, ParsingException
{
DerValue[] macData = derin.getSequence(2);
// Parse the digest info
DerInputStream digestIn = new DerInputStream(macData[0].toByteArray());
DerValue[] digestInfo = digestIn.getSequence(2);
// Parse the DigestAlgorithmIdentifier.
AlgorithmId digestAlgorithmId = AlgorithmId.parse(digestInfo[0]);
this.digestAlgorithmName = digestAlgorithmId.getName();
this.digestAlgorithmParams = digestAlgorithmId.getParameters();
// Get the digest.
this.digest = digestInfo[1].getOctetString();
// Get the salt.
this.macSalt = macData[1].getOctetString();
// Iterations is optional. The default value is 1.
if (macData.length > 2) {
this.iterations = macData[2].getInteger();
} else {
this.iterations = 1;
}
}
Example 9
| Source File: OCSPNonceExtensionTests.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
public static void verifyExtStructure(byte[] derData) throws IOException {
debuglog("verifyASN1Extension() received " + derData.length + " bytes");
DerInputStream dis = new DerInputStream(derData);
// The sequenceItems array should be either two or three elements
// long. If three, then the criticality bit setting has been asserted.
DerValue[] sequenceItems = dis.getSequence(3);
debuglog("Found sequence containing " + sequenceItems.length +
" elements");
if (sequenceItems.length != 2 && sequenceItems.length != 3) {
throw new RuntimeException("Incorrect number of items found in " +
"the SEQUENCE (Got " + sequenceItems.length +
", expected 2 or 3 items)");
}
int seqIndex = 0;
ObjectIdentifier extOid = sequenceItems[seqIndex++].getOID();
debuglog("Found OID: " + extOid.toString());
if (!extOid.equals((Object)PKIXExtensions.OCSPNonce_Id)) {
throw new RuntimeException("Incorrect OID (Got " +
extOid.toString() + ", expected " +
PKIXExtensions.OCSPNonce_Id.toString() + ")");
}
if (sequenceItems.length == 3) {
// Non-default criticality bit setting should be at index 1
boolean isCrit = sequenceItems[seqIndex++].getBoolean();
debuglog("Found BOOLEAN (critical): " + isCrit);
}
// The extnValue is an encapsulating OCTET STRING that contains the
// extension's value. For the OCSP Nonce, that value itself is also
// an OCTET STRING consisting of the random bytes.
DerValue extnValue =
new DerValue(sequenceItems[seqIndex++].getOctetString());
byte[] nonceData = extnValue.getOctetString();
debuglog("Found " + nonceData.length + " bytes of nonce data");
}
Example 10
| Source File: X509CertPath.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
/**
* Parse a PKIPATH format CertPath from an InputStream. Return an
* unmodifiable List of the certificates.
*
* @param is the <code>InputStream</code> to read the data from
* @return an unmodifiable List of the certificates
* @exception CertificateException if an exception occurs
*/
private static List<X509Certificate> parsePKIPATH(InputStream is)
throws CertificateException {
List<X509Certificate> certList = null;
CertificateFactory certFac = null;
if (is == null) {
throw new CertificateException("input stream is null");
}
try {
DerInputStream dis = new DerInputStream(readAllBytes(is));
DerValue[] seq = dis.getSequence(3);
if (seq.length == 0) {
return Collections.<X509Certificate>emptyList();
}
certFac = CertificateFactory.getInstance("X.509");
certList = new ArrayList<X509Certificate>(seq.length);
// append certs in reverse order (target to trust anchor)
for (int i = seq.length-1; i >= 0; i--) {
certList.add((X509Certificate)certFac.generateCertificate
(new ByteArrayInputStream(seq[i].toByteArray())));
}
return Collections.unmodifiableList(certList);
} catch (IOException ioe) {
throw new CertificateException("IOException parsing PkiPath data: "
+ ioe, ioe);
}
}
Example 11
| Source File: MacData.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Parses a PKCS#12 MAC data.
*/
MacData(DerInputStream derin)
throws IOException, ParsingException
{
DerValue[] macData = derin.getSequence(2);
// Parse the digest info
DerInputStream digestIn = new DerInputStream(macData[0].toByteArray());
DerValue[] digestInfo = digestIn.getSequence(2);
// Parse the DigestAlgorithmIdentifier.
AlgorithmId digestAlgorithmId = AlgorithmId.parse(digestInfo[0]);
this.digestAlgorithmName = digestAlgorithmId.getName();
this.digestAlgorithmParams = digestAlgorithmId.getParameters();
// Get the digest.
this.digest = digestInfo[1].getOctetString();
// Get the salt.
this.macSalt = macData[1].getOctetString();
// Iterations is optional. The default value is 1.
if (macData.length > 2) {
this.iterations = macData[2].getInteger();
} else {
this.iterations = 1;
}
}
Example 12
| Source File: X509CertPath.java From j2objc with Apache License 2.0 | 5 votes |
|
/**
* Parse a PKIPATH format CertPath from an InputStream. Return an
* unmodifiable List of the certificates.
*
* @param is the <code>InputStream</code> to read the data from
* @return an unmodifiable List of the certificates
* @exception CertificateException if an exception occurs
*/
private static List<X509Certificate> parsePKIPATH(InputStream is)
throws CertificateException {
List<X509Certificate> certList = null;
CertificateFactory certFac = null;
if (is == null) {
throw new CertificateException("input stream is null");
}
try {
DerInputStream dis = new DerInputStream(readAllBytes(is));
DerValue[] seq = dis.getSequence(3);
if (seq.length == 0) {
return Collections.<X509Certificate>emptyList();
}
certFac = CertificateFactory.getInstance("X.509");
certList = new ArrayList<X509Certificate>(seq.length);
// append certs in reverse order (target to trust anchor)
for (int i = seq.length-1; i >= 0; i--) {
certList.add((X509Certificate)certFac.generateCertificate
(new ByteArrayInputStream(seq[i].toByteArray())));
}
return Collections.unmodifiableList(certList);
} catch (IOException ioe) {
throw new CertificateException("IOException parsing PkiPath data: "
+ ioe, ioe);
}
}
Example 13
| Source File: MacData.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
|
/**
* Parses a PKCS#12 MAC data.
*/
MacData(DerInputStream derin)
throws IOException, ParsingException
{
DerValue[] macData = derin.getSequence(2);
// Parse the digest info
DerInputStream digestIn = new DerInputStream(macData[0].toByteArray());
DerValue[] digestInfo = digestIn.getSequence(2);
// Parse the DigestAlgorithmIdentifier.
AlgorithmId digestAlgorithmId = AlgorithmId.parse(digestInfo[0]);
this.digestAlgorithmName = digestAlgorithmId.getName();
this.digestAlgorithmParams = digestAlgorithmId.getParameters();
// Get the digest.
this.digest = digestInfo[1].getOctetString();
// Get the salt.
this.macSalt = macData[1].getOctetString();
// Iterations is optional. The default value is 1.
if (macData.length > 2) {
this.iterations = macData[2].getInteger();
} else {
this.iterations = 1;
}
}
Example 14
| Source File: PKCS12KeyStore.java From Bytecoder with Apache License 2.0 | 5 votes |
|
/**
* Returns if a pkcs12 file is password-less. This means no cert is
* encrypted and there is no Mac. Please note that the private key
* can be encrypted.
*
* This is a simplified version of {@link #engineLoad} that only looks
* at the ContentInfo types.
*
* @param f the pkcs12 file
* @return if it's password-less
* @throws IOException
*/
public static boolean isPasswordless(File f) throws IOException {
try (FileInputStream stream = new FileInputStream(f)) {
DerValue val = new DerValue(stream);
DerInputStream s = val.toDerInputStream();
s.getInteger(); // skip version
ContentInfo authSafe = new ContentInfo(s);
DerInputStream as = new DerInputStream(authSafe.getData());
for (DerValue seq : as.getSequence(2)) {
DerInputStream sci = new DerInputStream(seq.toByteArray());
ContentInfo safeContents = new ContentInfo(sci);
if (safeContents.getContentType()
.equals(ContentInfo.ENCRYPTED_DATA_OID)) {
// Certificate encrypted
return false;
}
}
if (s.available() > 0) {
// The MacData exists.
return false;
}
}
return true;
}
Example 15
| Source File: DomainComponentEncoding.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
|
private static void testDN(String dn) throws Exception {
X500Principal p = new X500Principal(dn);
byte[] encoded = p.getEncoded();
// name is a sequence of RDN's
DerInputStream dis = new DerInputStream(encoded);
DerValue[] nameseq = dis.getSequence(3);
boolean passed = false;
for (int i = 0; i < nameseq.length; i++) {
// each RDN is a set of AttributeTypeAndValue
DerInputStream is = new DerInputStream(nameseq[i].toByteArray());
DerValue[] ava = is.getSet(3);
for (int j = 0; j < ava.length; j++) {
ObjectIdentifier oid = ava[j].data.getOID();
if (oid.equals(X500Name.DOMAIN_COMPONENT_OID)) {
DerValue value = ava[j].data.getDerValue();
if (value.getTag() == DerValue.tag_IA5String) {
passed = true;
break;
} else {
throw new SecurityException
("Test failed, expected DOMAIN_COMPONENT tag '" +
DerValue.tag_IA5String +
"', got '" +
value.getTag() + "'");
}
}
}
if (passed) {
break;
}
}
if (passed) {
System.out.println("Test passed");
} else {
throw new SecurityException("Test failed");
}
}
Example 16
| Source File: DomainComponentEncoding.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
|
private static void testDN(String dn) throws Exception {
X500Principal p = new X500Principal(dn);
byte[] encoded = p.getEncoded();
// name is a sequence of RDN's
DerInputStream dis = new DerInputStream(encoded);
DerValue[] nameseq = dis.getSequence(3);
boolean passed = false;
for (int i = 0; i < nameseq.length; i++) {
// each RDN is a set of AttributeTypeAndValue
DerInputStream is = new DerInputStream(nameseq[i].toByteArray());
DerValue[] ava = is.getSet(3);
for (int j = 0; j < ava.length; j++) {
ObjectIdentifier oid = ava[j].data.getOID();
if (oid.equals(X500Name.DOMAIN_COMPONENT_OID)) {
DerValue value = ava[j].data.getDerValue();
if (value.getTag() == DerValue.tag_IA5String) {
passed = true;
break;
} else {
throw new SecurityException
("Test failed, expected DOMAIN_COMPONENT tag '" +
DerValue.tag_IA5String +
"', got '" +
value.getTag() + "'");
}
}
}
if (passed) {
break;
}
}
if (passed) {
System.out.println("Test passed");
} else {
throw new SecurityException("Test failed");
}
}
Example 17
| Source File: DomainComponentEncoding.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
|
private static void testDN(String dn) throws Exception {
X500Principal p = new X500Principal(dn);
byte[] encoded = p.getEncoded();
// name is a sequence of RDN's
DerInputStream dis = new DerInputStream(encoded);
DerValue[] nameseq = dis.getSequence(3);
boolean passed = false;
for (int i = 0; i < nameseq.length; i++) {
// each RDN is a set of AttributeTypeAndValue
DerInputStream is = new DerInputStream(nameseq[i].toByteArray());
DerValue[] ava = is.getSet(3);
for (int j = 0; j < ava.length; j++) {
ObjectIdentifier oid = ava[j].data.getOID();
if (oid.equals(X500Name.DOMAIN_COMPONENT_OID)) {
DerValue value = ava[j].data.getDerValue();
if (value.getTag() == DerValue.tag_IA5String) {
passed = true;
break;
} else {
throw new SecurityException
("Test failed, expected DOMAIN_COMPONENT tag '" +
DerValue.tag_IA5String +
"', got '" +
value.getTag() + "'");
}
}
}
if (passed) {
break;
}
}
if (passed) {
System.out.println("Test passed");
} else {
throw new SecurityException("Test failed");
}
}
Example 18
| Source File: SignerInfo.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
|
/**
* Parses a PKCS#7 signer info.
*
* <p>This constructor is used only for backwards compatibility with
* PKCS#7 blocks that were generated using JDK1.1.x.
*
* @param derin the ASN.1 encoding of the signer info.
* @param oldStyle flag indicating whether or not the given signer info
* is encoded according to JDK1.1.x.
*/
public SignerInfo(DerInputStream derin, boolean oldStyle)
throws IOException, ParsingException
{
// version
version = derin.getBigInteger();
// issuerAndSerialNumber
DerValue[] issuerAndSerialNumber = derin.getSequence(2);
byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray();
issuerName = new X500Name(new DerValue(DerValue.tag_Sequence,
issuerBytes));
certificateSerialNumber = issuerAndSerialNumber[1].getBigInteger();
// digestAlgorithmId
DerValue tmp = derin.getDerValue();
digestAlgorithmId = AlgorithmId.parse(tmp);
// authenticatedAttributes
if (oldStyle) {
// In JDK1.1.x, the authenticatedAttributes are always present,
// encoded as an empty Set (Set of length zero)
derin.getSet(0);
} else {
// check if set of auth attributes (implicit tag) is provided
// (auth attributes are OPTIONAL)
if ((byte)(derin.peekByte()) == (byte)0xA0) {
authenticatedAttributes = new PKCS9Attributes(derin);
}
}
// digestEncryptionAlgorithmId - little RSA naming scheme -
// signature == encryption...
tmp = derin.getDerValue();
digestEncryptionAlgorithmId = AlgorithmId.parse(tmp);
// encryptedDigest
encryptedDigest = derin.getOctetString();
// unauthenticatedAttributes
if (oldStyle) {
// In JDK1.1.x, the unauthenticatedAttributes are always present,
// encoded as an empty Set (Set of length zero)
derin.getSet(0);
} else {
// check if set of unauth attributes (implicit tag) is provided
// (unauth attributes are OPTIONAL)
if (derin.available() != 0
&& (byte)(derin.peekByte()) == (byte)0xA1) {
unauthenticatedAttributes =
new PKCS9Attributes(derin, true);// ignore unsupported attrs
}
}
// all done
if (derin.available() != 0) {
throw new ParsingException("extra data at the end");
}
}
Example 19
| Source File: DomainComponentEncoding.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
|
private static void testDN(String dn) throws Exception {
X500Principal p = new X500Principal(dn);
byte[] encoded = p.getEncoded();
// name is a sequence of RDN's
DerInputStream dis = new DerInputStream(encoded);
DerValue[] nameseq = dis.getSequence(3);
boolean passed = false;
for (int i = 0; i < nameseq.length; i++) {
// each RDN is a set of AttributeTypeAndValue
DerInputStream is = new DerInputStream(nameseq[i].toByteArray());
DerValue[] ava = is.getSet(3);
for (int j = 0; j < ava.length; j++) {
ObjectIdentifier oid = ava[j].data.getOID();
if (oid.equals(X500Name.DOMAIN_COMPONENT_OID)) {
DerValue value = ava[j].data.getDerValue();
if (value.getTag() == DerValue.tag_IA5String) {
passed = true;
break;
} else {
throw new SecurityException
("Test failed, expected DOMAIN_COMPONENT tag '" +
DerValue.tag_IA5String +
"', got '" +
value.getTag() + "'");
}
}
}
if (passed) {
break;
}
}
if (passed) {
System.out.println("Test passed");
} else {
throw new SecurityException("Test failed");
}
}
Example 20
| Source File: SignerInfo.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Parses a PKCS#7 signer info.
*
* <p>This constructor is used only for backwards compatibility with
* PKCS#7 blocks that were generated using JDK1.1.x.
*
* @param derin the ASN.1 encoding of the signer info.
* @param oldStyle flag indicating whether or not the given signer info
* is encoded according to JDK1.1.x.
*/
public SignerInfo(DerInputStream derin, boolean oldStyle)
throws IOException, ParsingException
{
// version
version = derin.getBigInteger();
// issuerAndSerialNumber
DerValue[] issuerAndSerialNumber = derin.getSequence(2);
byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray();
issuerName = new X500Name(new DerValue(DerValue.tag_Sequence,
issuerBytes));
certificateSerialNumber = issuerAndSerialNumber[1].getBigInteger();
// digestAlgorithmId
DerValue tmp = derin.getDerValue();
digestAlgorithmId = AlgorithmId.parse(tmp);
// authenticatedAttributes
if (oldStyle) {
// In JDK1.1.x, the authenticatedAttributes are always present,
// encoded as an empty Set (Set of length zero)
derin.getSet(0);
} else {
// check if set of auth attributes (implicit tag) is provided
// (auth attributes are OPTIONAL)
if ((byte)(derin.peekByte()) == (byte)0xA0) {
authenticatedAttributes = new PKCS9Attributes(derin);
}
}
// digestEncryptionAlgorithmId - little RSA naming scheme -
// signature == encryption...
tmp = derin.getDerValue();
digestEncryptionAlgorithmId = AlgorithmId.parse(tmp);
// encryptedDigest
encryptedDigest = derin.getOctetString();
// unauthenticatedAttributes
if (oldStyle) {
// In JDK1.1.x, the unauthenticatedAttributes are always present,
// encoded as an empty Set (Set of length zero)
derin.getSet(0);
} else {
// check if set of unauth attributes (implicit tag) is provided
// (unauth attributes are OPTIONAL)
if (derin.available() != 0
&& (byte)(derin.peekByte()) == (byte)0xA1) {
unauthenticatedAttributes =
new PKCS9Attributes(derin, true);// ignore unsupported attrs
}
}
// all done
if (derin.available() != 0) {
throw new ParsingException("extra data at the end");
}
}
