Java Code Examples for sun.security.util.DerInputStream#getSet()

The following examples show how to use sun.security.util.DerInputStream#getSet() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: PKCS9Attributes.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Decode this set of PKCS9 attributes from the contents of its
 * DER encoding. Ignores unsupported attributes when directed.
 *
 * @param in
 * the contents of the DER encoding of the attribute set.
 *
 * @exception IOException
 * on i/o error, encoding syntax error, unacceptable or
 * unsupported attribute, or duplicate attribute.
 */
private byte[] decode(DerInputStream in) throws IOException {

    DerValue val = in.getDerValue();

    // save the DER encoding with its proper tag byte.
    byte[] derEncoding = val.toByteArray();
    derEncoding[0] = DerValue.tag_SetOf;

    DerInputStream derIn = new DerInputStream(derEncoding);
    DerValue[] derVals = derIn.getSet(3,true);

    PKCS9Attribute attrib;
    ObjectIdentifier oid;
    boolean reuseEncoding = true;

    for (int i=0; i < derVals.length; i++) {

        try {
            attrib = new PKCS9Attribute(derVals[i]);

        } catch (ParsingException e) {
            if (ignoreUnsupportedAttributes) {
                reuseEncoding = false; // cannot reuse supplied DER encoding
                continue; // skip
            } else {
                throw e;
            }
        }
        oid = attrib.getOID();

        if (attributes.get(oid) != null)
            throw new IOException("Duplicate PKCS9 attribute: " + oid);

        if (permittedAttributes != null &&
            !permittedAttributes.containsKey(oid))
            throw new IOException("Attribute " + oid +
                                  " not permitted in this attribute set");

        attributes.put(oid, attrib);
    }
    return reuseEncoding ? derEncoding : generateDerEncoding();
}
 
Example 2
Source File: SignerInfo.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Parses a PKCS#7 signer info.
 *
 * <p>This constructor is used only for backwards compatibility with
 * PKCS#7 blocks that were generated using JDK1.1.x.
 *
 * @param derin the ASN.1 encoding of the signer info.
 * @param oldStyle flag indicating whether or not the given signer info
 * is encoded according to JDK1.1.x.
 */
public SignerInfo(DerInputStream derin, boolean oldStyle)
    throws IOException, ParsingException
{
    // version
    version = derin.getBigInteger();

    // issuerAndSerialNumber
    DerValue[] issuerAndSerialNumber = derin.getSequence(2);
    byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray();
    issuerName = new X500Name(new DerValue(DerValue.tag_Sequence,
                                           issuerBytes));
    certificateSerialNumber = issuerAndSerialNumber[1].getBigInteger();

    // digestAlgorithmId
    DerValue tmp = derin.getDerValue();

    digestAlgorithmId = AlgorithmId.parse(tmp);

    // authenticatedAttributes
    if (oldStyle) {
        // In JDK1.1.x, the authenticatedAttributes are always present,
        // encoded as an empty Set (Set of length zero)
        derin.getSet(0);
    } else {
        // check if set of auth attributes (implicit tag) is provided
        // (auth attributes are OPTIONAL)
        if ((byte)(derin.peekByte()) == (byte)0xA0) {
            authenticatedAttributes = new PKCS9Attributes(derin);
        }
    }

    // digestEncryptionAlgorithmId - little RSA naming scheme -
    // signature == encryption...
    tmp = derin.getDerValue();

    digestEncryptionAlgorithmId = AlgorithmId.parse(tmp);

    // encryptedDigest
    encryptedDigest = derin.getOctetString();

    // unauthenticatedAttributes
    if (oldStyle) {
        // In JDK1.1.x, the unauthenticatedAttributes are always present,
        // encoded as an empty Set (Set of length zero)
        derin.getSet(0);
    } else {
        // check if set of unauth attributes (implicit tag) is provided
        // (unauth attributes are OPTIONAL)
        if (derin.available() != 0
            && (byte)(derin.peekByte()) == (byte)0xA1) {
            unauthenticatedAttributes =
                new PKCS9Attributes(derin, true);// ignore unsupported attrs
        }
    }

    // all done
    if (derin.available() != 0) {
        throw new ParsingException("extra data at the end");
    }
}
 
Example 3
Source File: DomainComponentEncoding.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
private static void testDN(String dn) throws Exception {
    X500Principal p = new X500Principal(dn);
    byte[] encoded = p.getEncoded();

    // name is a sequence of RDN's
    DerInputStream dis = new DerInputStream(encoded);
    DerValue[] nameseq = dis.getSequence(3);

    boolean passed = false;
    for (int i = 0; i < nameseq.length; i++) {

        // each RDN is a set of AttributeTypeAndValue
        DerInputStream is = new DerInputStream(nameseq[i].toByteArray());
        DerValue[] ava = is.getSet(3);

        for (int j = 0; j < ava.length; j++) {

            ObjectIdentifier oid = ava[j].data.getOID();

            if (oid.equals(X500Name.DOMAIN_COMPONENT_OID)) {
                DerValue value = ava[j].data.getDerValue();
                if (value.getTag() == DerValue.tag_IA5String) {
                    passed = true;
                    break;
                } else {
                    throw new SecurityException
                            ("Test failed, expected DOMAIN_COMPONENT tag '" +
                            DerValue.tag_IA5String +
                            "', got '" +
                            value.getTag() + "'");
                }
            }
        }

        if (passed) {
            break;
        }
    }

    if (passed) {
        System.out.println("Test passed");
    } else {
        throw new SecurityException("Test failed");
    }
}
 
Example 4
Source File: PKCS9Attributes.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Decode this set of PKCS9 attributes from the contents of its
 * DER encoding. Ignores unsupported attributes when directed.
 *
 * @param in
 * the contents of the DER encoding of the attribute set.
 *
 * @exception IOException
 * on i/o error, encoding syntax error, unacceptable or
 * unsupported attribute, or duplicate attribute.
 */
private byte[] decode(DerInputStream in) throws IOException {

    DerValue val = in.getDerValue();

    // save the DER encoding with its proper tag byte.
    byte[] derEncoding = val.toByteArray();
    derEncoding[0] = DerValue.tag_SetOf;

    DerInputStream derIn = new DerInputStream(derEncoding);
    DerValue[] derVals = derIn.getSet(3,true);

    PKCS9Attribute attrib;
    ObjectIdentifier oid;
    boolean reuseEncoding = true;

    for (int i=0; i < derVals.length; i++) {

        try {
            attrib = new PKCS9Attribute(derVals[i]);

        } catch (ParsingException e) {
            if (ignoreUnsupportedAttributes) {
                reuseEncoding = false; // cannot reuse supplied DER encoding
                continue; // skip
            } else {
                throw e;
            }
        }
        oid = attrib.getOID();

        if (attributes.get(oid) != null)
            throw new IOException("Duplicate PKCS9 attribute: " + oid);

        if (permittedAttributes != null &&
            !permittedAttributes.containsKey(oid))
            throw new IOException("Attribute " + oid +
                                  " not permitted in this attribute set");

        attributes.put(oid, attrib);
    }
    return reuseEncoding ? derEncoding : generateDerEncoding();
}
 
Example 5
Source File: SignerInfo.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Parses a PKCS#7 signer info.
 *
 * <p>This constructor is used only for backwards compatibility with
 * PKCS#7 blocks that were generated using JDK1.1.x.
 *
 * @param derin the ASN.1 encoding of the signer info.
 * @param oldStyle flag indicating whether or not the given signer info
 * is encoded according to JDK1.1.x.
 */
public SignerInfo(DerInputStream derin, boolean oldStyle)
    throws IOException, ParsingException
{
    // version
    version = derin.getBigInteger();

    // issuerAndSerialNumber
    DerValue[] issuerAndSerialNumber = derin.getSequence(2);
    byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray();
    issuerName = new X500Name(new DerValue(DerValue.tag_Sequence,
                                           issuerBytes));
    certificateSerialNumber = issuerAndSerialNumber[1].getBigInteger();

    // digestAlgorithmId
    DerValue tmp = derin.getDerValue();

    digestAlgorithmId = AlgorithmId.parse(tmp);

    // authenticatedAttributes
    if (oldStyle) {
        // In JDK1.1.x, the authenticatedAttributes are always present,
        // encoded as an empty Set (Set of length zero)
        derin.getSet(0);
    } else {
        // check if set of auth attributes (implicit tag) is provided
        // (auth attributes are OPTIONAL)
        if ((byte)(derin.peekByte()) == (byte)0xA0) {
            authenticatedAttributes = new PKCS9Attributes(derin);
        }
    }

    // digestEncryptionAlgorithmId - little RSA naming scheme -
    // signature == encryption...
    tmp = derin.getDerValue();

    digestEncryptionAlgorithmId = AlgorithmId.parse(tmp);

    // encryptedDigest
    encryptedDigest = derin.getOctetString();

    // unauthenticatedAttributes
    if (oldStyle) {
        // In JDK1.1.x, the unauthenticatedAttributes are always present,
        // encoded as an empty Set (Set of length zero)
        derin.getSet(0);
    } else {
        // check if set of unauth attributes (implicit tag) is provided
        // (unauth attributes are OPTIONAL)
        if (derin.available() != 0
            && (byte)(derin.peekByte()) == (byte)0xA1) {
            unauthenticatedAttributes =
                new PKCS9Attributes(derin, true);// ignore unsupported attrs
        }
    }

    // all done
    if (derin.available() != 0) {
        throw new ParsingException("extra data at the end");
    }
}
 
Example 6
Source File: PKCS9Attributes.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Decode this set of PKCS9 attributes from the contents of its
 * DER encoding. Ignores unsupported attributes when directed.
 *
 * @param in
 * the contents of the DER encoding of the attribute set.
 *
 * @exception IOException
 * on i/o error, encoding syntax error, unacceptable or
 * unsupported attribute, or duplicate attribute.
 */
private byte[] decode(DerInputStream in) throws IOException {

    DerValue val = in.getDerValue();

    // save the DER encoding with its proper tag byte.
    byte[] derEncoding = val.toByteArray();
    derEncoding[0] = DerValue.tag_SetOf;

    DerInputStream derIn = new DerInputStream(derEncoding);
    DerValue[] derVals = derIn.getSet(3,true);

    PKCS9Attribute attrib;
    ObjectIdentifier oid;
    boolean reuseEncoding = true;

    for (int i=0; i < derVals.length; i++) {

        try {
            attrib = new PKCS9Attribute(derVals[i]);

        } catch (ParsingException e) {
            if (ignoreUnsupportedAttributes) {
                reuseEncoding = false; // cannot reuse supplied DER encoding
                continue; // skip
            } else {
                throw e;
            }
        }
        oid = attrib.getOID();

        if (attributes.get(oid) != null)
            throw new IOException("Duplicate PKCS9 attribute: " + oid);

        if (permittedAttributes != null &&
            !permittedAttributes.containsKey(oid))
            throw new IOException("Attribute " + oid +
                                  " not permitted in this attribute set");

        attributes.put(oid, attrib);
    }
    return reuseEncoding ? derEncoding : generateDerEncoding();
}
 
Example 7
Source File: SignerInfo.java    From Bytecoder with Apache License 2.0 4 votes vote down vote up
/**
 * Parses a PKCS#7 signer info.
 *
 * <p>This constructor is used only for backwards compatibility with
 * PKCS#7 blocks that were generated using JDK1.1.x.
 *
 * @param derin the ASN.1 encoding of the signer info.
 * @param oldStyle flag indicating whether or not the given signer info
 * is encoded according to JDK1.1.x.
 */
public SignerInfo(DerInputStream derin, boolean oldStyle)
    throws IOException, ParsingException
{
    // version
    version = derin.getBigInteger();

    // issuerAndSerialNumber
    DerValue[] issuerAndSerialNumber = derin.getSequence(2);
    byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray();
    issuerName = new X500Name(new DerValue(DerValue.tag_Sequence,
                                           issuerBytes));
    certificateSerialNumber = issuerAndSerialNumber[1].getBigInteger();

    // digestAlgorithmId
    DerValue tmp = derin.getDerValue();

    digestAlgorithmId = AlgorithmId.parse(tmp);

    // authenticatedAttributes
    if (oldStyle) {
        // In JDK1.1.x, the authenticatedAttributes are always present,
        // encoded as an empty Set (Set of length zero)
        derin.getSet(0);
    } else {
        // check if set of auth attributes (implicit tag) is provided
        // (auth attributes are OPTIONAL)
        if ((byte)(derin.peekByte()) == (byte)0xA0) {
            authenticatedAttributes = new PKCS9Attributes(derin);
        }
    }

    // digestEncryptionAlgorithmId - little RSA naming scheme -
    // signature == encryption...
    tmp = derin.getDerValue();

    digestEncryptionAlgorithmId = AlgorithmId.parse(tmp);

    // encryptedDigest
    encryptedDigest = derin.getOctetString();

    // unauthenticatedAttributes
    if (oldStyle) {
        // In JDK1.1.x, the unauthenticatedAttributes are always present,
        // encoded as an empty Set (Set of length zero)
        derin.getSet(0);
    } else {
        // check if set of unauth attributes (implicit tag) is provided
        // (unauth attributes are OPTIONAL)
        if (derin.available() != 0
            && (byte)(derin.peekByte()) == (byte)0xA1) {
            unauthenticatedAttributes =
                new PKCS9Attributes(derin, true);// ignore unsupported attrs
        }
    }

    // all done
    if (derin.available() != 0) {
        throw new ParsingException("extra data at the end");
    }
}
 
Example 8
Source File: DomainComponentEncoding.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up
private static void testDN(String dn) throws Exception {
    X500Principal p = new X500Principal(dn);
    byte[] encoded = p.getEncoded();

    // name is a sequence of RDN's
    DerInputStream dis = new DerInputStream(encoded);
    DerValue[] nameseq = dis.getSequence(3);

    boolean passed = false;
    for (int i = 0; i < nameseq.length; i++) {

        // each RDN is a set of AttributeTypeAndValue
        DerInputStream is = new DerInputStream(nameseq[i].toByteArray());
        DerValue[] ava = is.getSet(3);

        for (int j = 0; j < ava.length; j++) {

            ObjectIdentifier oid = ava[j].data.getOID();

            if (oid.equals(X500Name.DOMAIN_COMPONENT_OID)) {
                DerValue value = ava[j].data.getDerValue();
                if (value.getTag() == DerValue.tag_IA5String) {
                    passed = true;
                    break;
                } else {
                    throw new SecurityException
                            ("Test failed, expected DOMAIN_COMPONENT tag '" +
                            DerValue.tag_IA5String +
                            "', got '" +
                            value.getTag() + "'");
                }
            }
        }

        if (passed) {
            break;
        }
    }

    if (passed) {
        System.out.println("Test passed");
    } else {
        throw new SecurityException("Test failed");
    }
}
 
Example 9
Source File: PKCS9Attributes.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Decode this set of PKCS9 attributes from the contents of its
 * DER encoding. Ignores unsupported attributes when directed.
 *
 * @param in
 * the contents of the DER encoding of the attribute set.
 *
 * @exception IOException
 * on i/o error, encoding syntax error, unacceptable or
 * unsupported attribute, or duplicate attribute.
 */
private byte[] decode(DerInputStream in) throws IOException {

    DerValue val = in.getDerValue();

    // save the DER encoding with its proper tag byte.
    byte[] derEncoding = val.toByteArray();
    derEncoding[0] = DerValue.tag_SetOf;

    DerInputStream derIn = new DerInputStream(derEncoding);
    DerValue[] derVals = derIn.getSet(3,true);

    PKCS9Attribute attrib;
    ObjectIdentifier oid;
    boolean reuseEncoding = true;

    for (int i=0; i < derVals.length; i++) {

        try {
            attrib = new PKCS9Attribute(derVals[i]);

        } catch (ParsingException e) {
            if (ignoreUnsupportedAttributes) {
                reuseEncoding = false; // cannot reuse supplied DER encoding
                continue; // skip
            } else {
                throw e;
            }
        }
        oid = attrib.getOID();

        if (attributes.get(oid) != null)
            throw new IOException("Duplicate PKCS9 attribute: " + oid);

        if (permittedAttributes != null &&
            !permittedAttributes.containsKey(oid))
            throw new IOException("Attribute " + oid +
                                  " not permitted in this attribute set");

        attributes.put(oid, attrib);
    }
    return reuseEncoding ? derEncoding : generateDerEncoding();
}
 
Example 10
Source File: SignerInfo.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Parses a PKCS#7 signer info.
 *
 * <p>This constructor is used only for backwards compatibility with
 * PKCS#7 blocks that were generated using JDK1.1.x.
 *
 * @param derin the ASN.1 encoding of the signer info.
 * @param oldStyle flag indicating whether or not the given signer info
 * is encoded according to JDK1.1.x.
 */
public SignerInfo(DerInputStream derin, boolean oldStyle)
    throws IOException, ParsingException
{
    // version
    version = derin.getBigInteger();

    // issuerAndSerialNumber
    DerValue[] issuerAndSerialNumber = derin.getSequence(2);
    byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray();
    issuerName = new X500Name(new DerValue(DerValue.tag_Sequence,
                                           issuerBytes));
    certificateSerialNumber = issuerAndSerialNumber[1].getBigInteger();

    // digestAlgorithmId
    DerValue tmp = derin.getDerValue();

    digestAlgorithmId = AlgorithmId.parse(tmp);

    // authenticatedAttributes
    if (oldStyle) {
        // In JDK1.1.x, the authenticatedAttributes are always present,
        // encoded as an empty Set (Set of length zero)
        derin.getSet(0);
    } else {
        // check if set of auth attributes (implicit tag) is provided
        // (auth attributes are OPTIONAL)
        if ((byte)(derin.peekByte()) == (byte)0xA0) {
            authenticatedAttributes = new PKCS9Attributes(derin);
        }
    }

    // digestEncryptionAlgorithmId - little RSA naming scheme -
    // signature == encryption...
    tmp = derin.getDerValue();

    digestEncryptionAlgorithmId = AlgorithmId.parse(tmp);

    // encryptedDigest
    encryptedDigest = derin.getOctetString();

    // unauthenticatedAttributes
    if (oldStyle) {
        // In JDK1.1.x, the unauthenticatedAttributes are always present,
        // encoded as an empty Set (Set of length zero)
        derin.getSet(0);
    } else {
        // check if set of unauth attributes (implicit tag) is provided
        // (unauth attributes are OPTIONAL)
        if (derin.available() != 0
            && (byte)(derin.peekByte()) == (byte)0xA1) {
            unauthenticatedAttributes =
                new PKCS9Attributes(derin, true);// ignore unsupported attrs
        }
    }

    // all done
    if (derin.available() != 0) {
        throw new ParsingException("extra data at the end");
    }
}
 
Example 11
Source File: SignerInfo.java    From dragonwell8_jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Parses a PKCS#7 signer info.
 *
 * <p>This constructor is used only for backwards compatibility with
 * PKCS#7 blocks that were generated using JDK1.1.x.
 *
 * @param derin the ASN.1 encoding of the signer info.
 * @param oldStyle flag indicating whether or not the given signer info
 * is encoded according to JDK1.1.x.
 */
public SignerInfo(DerInputStream derin, boolean oldStyle)
    throws IOException, ParsingException
{
    // version
    version = derin.getBigInteger();

    // issuerAndSerialNumber
    DerValue[] issuerAndSerialNumber = derin.getSequence(2);
    byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray();
    issuerName = new X500Name(new DerValue(DerValue.tag_Sequence,
                                           issuerBytes));
    certificateSerialNumber = issuerAndSerialNumber[1].getBigInteger();

    // digestAlgorithmId
    DerValue tmp = derin.getDerValue();

    digestAlgorithmId = AlgorithmId.parse(tmp);

    // authenticatedAttributes
    if (oldStyle) {
        // In JDK1.1.x, the authenticatedAttributes are always present,
        // encoded as an empty Set (Set of length zero)
        derin.getSet(0);
    } else {
        // check if set of auth attributes (implicit tag) is provided
        // (auth attributes are OPTIONAL)
        if ((byte)(derin.peekByte()) == (byte)0xA0) {
            authenticatedAttributes = new PKCS9Attributes(derin);
        }
    }

    // digestEncryptionAlgorithmId - little RSA naming scheme -
    // signature == encryption...
    tmp = derin.getDerValue();

    digestEncryptionAlgorithmId = AlgorithmId.parse(tmp);

    // encryptedDigest
    encryptedDigest = derin.getOctetString();

    // unauthenticatedAttributes
    if (oldStyle) {
        // In JDK1.1.x, the unauthenticatedAttributes are always present,
        // encoded as an empty Set (Set of length zero)
        derin.getSet(0);
    } else {
        // check if set of unauth attributes (implicit tag) is provided
        // (unauth attributes are OPTIONAL)
        if (derin.available() != 0
            && (byte)(derin.peekByte()) == (byte)0xA1) {
            unauthenticatedAttributes =
                new PKCS9Attributes(derin, true);// ignore unsupported attrs
        }
    }

    // all done
    if (derin.available() != 0) {
        throw new ParsingException("extra data at the end");
    }
}
 
Example 12
Source File: PKCS9Attributes.java    From j2objc with Apache License 2.0 4 votes vote down vote up
/**
 * Decode this set of PKCS9 attributes from the contents of its
 * DER encoding. Ignores unsupported attributes when directed.
 *
 * @param in
 * the contents of the DER encoding of the attribute set.
 *
 * @exception IOException
 * on i/o error, encoding syntax error, unacceptable or
 * unsupported attribute, or duplicate attribute.
 */
private byte[] decode(DerInputStream in) throws IOException {

    DerValue val = in.getDerValue();

    // save the DER encoding with its proper tag byte.
    byte[] derEncoding = val.toByteArray();
    derEncoding[0] = DerValue.tag_SetOf;

    DerInputStream derIn = new DerInputStream(derEncoding);
    DerValue[] derVals = derIn.getSet(3,true);

    PKCS9Attribute attrib;
    ObjectIdentifier oid;
    boolean reuseEncoding = true;

    for (int i=0; i < derVals.length; i++) {

        try {
            attrib = new PKCS9Attribute(derVals[i]);

        } catch (ParsingException e) {
            if (ignoreUnsupportedAttributes) {
                reuseEncoding = false; // cannot reuse supplied DER encoding
                continue; // skip
            } else {
                throw e;
            }
        }
        oid = attrib.getOID();

        if (attributes.get(oid) != null)
            throw new IOException("Duplicate PKCS9 attribute: " + oid);

        if (permittedAttributes != null &&
            !permittedAttributes.containsKey(oid))
            throw new IOException("Attribute " + oid +
                                  " not permitted in this attribute set");

        attributes.put(oid, attrib);
    }
    return reuseEncoding ? derEncoding : generateDerEncoding();
}
 
Example 13
Source File: SignerInfo.java    From openjdk-jdk8u with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Parses a PKCS#7 signer info.
 *
 * <p>This constructor is used only for backwards compatibility with
 * PKCS#7 blocks that were generated using JDK1.1.x.
 *
 * @param derin the ASN.1 encoding of the signer info.
 * @param oldStyle flag indicating whether or not the given signer info
 * is encoded according to JDK1.1.x.
 */
public SignerInfo(DerInputStream derin, boolean oldStyle)
    throws IOException, ParsingException
{
    // version
    version = derin.getBigInteger();

    // issuerAndSerialNumber
    DerValue[] issuerAndSerialNumber = derin.getSequence(2);
    byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray();
    issuerName = new X500Name(new DerValue(DerValue.tag_Sequence,
                                           issuerBytes));
    certificateSerialNumber = issuerAndSerialNumber[1].getBigInteger();

    // digestAlgorithmId
    DerValue tmp = derin.getDerValue();

    digestAlgorithmId = AlgorithmId.parse(tmp);

    // authenticatedAttributes
    if (oldStyle) {
        // In JDK1.1.x, the authenticatedAttributes are always present,
        // encoded as an empty Set (Set of length zero)
        derin.getSet(0);
    } else {
        // check if set of auth attributes (implicit tag) is provided
        // (auth attributes are OPTIONAL)
        if ((byte)(derin.peekByte()) == (byte)0xA0) {
            authenticatedAttributes = new PKCS9Attributes(derin);
        }
    }

    // digestEncryptionAlgorithmId - little RSA naming scheme -
    // signature == encryption...
    tmp = derin.getDerValue();

    digestEncryptionAlgorithmId = AlgorithmId.parse(tmp);

    // encryptedDigest
    encryptedDigest = derin.getOctetString();

    // unauthenticatedAttributes
    if (oldStyle) {
        // In JDK1.1.x, the unauthenticatedAttributes are always present,
        // encoded as an empty Set (Set of length zero)
        derin.getSet(0);
    } else {
        // check if set of unauth attributes (implicit tag) is provided
        // (unauth attributes are OPTIONAL)
        if (derin.available() != 0
            && (byte)(derin.peekByte()) == (byte)0xA1) {
            unauthenticatedAttributes =
                new PKCS9Attributes(derin, true);// ignore unsupported attrs
        }
    }

    // all done
    if (derin.available() != 0) {
        throw new ParsingException("extra data at the end");
    }
}
 
Example 14
Source File: DomainComponentEncoding.java    From jdk8u60 with GNU General Public License v2.0 4 votes vote down vote up
private static void testDN(String dn) throws Exception {
    X500Principal p = new X500Principal(dn);
    byte[] encoded = p.getEncoded();

    // name is a sequence of RDN's
    DerInputStream dis = new DerInputStream(encoded);
    DerValue[] nameseq = dis.getSequence(3);

    boolean passed = false;
    for (int i = 0; i < nameseq.length; i++) {

        // each RDN is a set of AttributeTypeAndValue
        DerInputStream is = new DerInputStream(nameseq[i].toByteArray());
        DerValue[] ava = is.getSet(3);

        for (int j = 0; j < ava.length; j++) {

            ObjectIdentifier oid = ava[j].data.getOID();

            if (oid.equals(X500Name.DOMAIN_COMPONENT_OID)) {
                DerValue value = ava[j].data.getDerValue();
                if (value.getTag() == DerValue.tag_IA5String) {
                    passed = true;
                    break;
                } else {
                    throw new SecurityException
                            ("Test failed, expected DOMAIN_COMPONENT tag '" +
                            DerValue.tag_IA5String +
                            "', got '" +
                            value.getTag() + "'");
                }
            }
        }

        if (passed) {
            break;
        }
    }

    if (passed) {
        System.out.println("Test passed");
    } else {
        throw new SecurityException("Test failed");
    }
}
 
Example 15
Source File: DomainComponentEncoding.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
private static void testDN(String dn) throws Exception {
    X500Principal p = new X500Principal(dn);
    byte[] encoded = p.getEncoded();

    // name is a sequence of RDN's
    DerInputStream dis = new DerInputStream(encoded);
    DerValue[] nameseq = dis.getSequence(3);

    boolean passed = false;
    for (int i = 0; i < nameseq.length; i++) {

        // each RDN is a set of AttributeTypeAndValue
        DerInputStream is = new DerInputStream(nameseq[i].toByteArray());
        DerValue[] ava = is.getSet(3);

        for (int j = 0; j < ava.length; j++) {

            ObjectIdentifier oid = ava[j].data.getOID();

            if (oid.equals(X500Name.DOMAIN_COMPONENT_OID)) {
                DerValue value = ava[j].data.getDerValue();
                if (value.getTag() == DerValue.tag_IA5String) {
                    passed = true;
                    break;
                } else {
                    throw new SecurityException
                            ("Test failed, expected DOMAIN_COMPONENT tag '" +
                            DerValue.tag_IA5String +
                            "', got '" +
                            value.getTag() + "'");
                }
            }
        }

        if (passed) {
            break;
        }
    }

    if (passed) {
        System.out.println("Test passed");
    } else {
        throw new SecurityException("Test failed");
    }
}
 
Example 16
Source File: DomainComponentEncoding.java    From TencentKona-8 with GNU General Public License v2.0 4 votes vote down vote up
private static void testDN(String dn) throws Exception {
    X500Principal p = new X500Principal(dn);
    byte[] encoded = p.getEncoded();

    // name is a sequence of RDN's
    DerInputStream dis = new DerInputStream(encoded);
    DerValue[] nameseq = dis.getSequence(3);

    boolean passed = false;
    for (int i = 0; i < nameseq.length; i++) {

        // each RDN is a set of AttributeTypeAndValue
        DerInputStream is = new DerInputStream(nameseq[i].toByteArray());
        DerValue[] ava = is.getSet(3);

        for (int j = 0; j < ava.length; j++) {

            ObjectIdentifier oid = ava[j].data.getOID();

            if (oid.equals(X500Name.DOMAIN_COMPONENT_OID)) {
                DerValue value = ava[j].data.getDerValue();
                if (value.getTag() == DerValue.tag_IA5String) {
                    passed = true;
                    break;
                } else {
                    throw new SecurityException
                            ("Test failed, expected DOMAIN_COMPONENT tag '" +
                            DerValue.tag_IA5String +
                            "', got '" +
                            value.getTag() + "'");
                }
            }
        }

        if (passed) {
            break;
        }
    }

    if (passed) {
        System.out.println("Test passed");
    } else {
        throw new SecurityException("Test failed");
    }
}
 
Example 17
Source File: DomainComponentEncoding.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
private static void testDN(String dn) throws Exception {
    X500Principal p = new X500Principal(dn);
    byte[] encoded = p.getEncoded();

    // name is a sequence of RDN's
    DerInputStream dis = new DerInputStream(encoded);
    DerValue[] nameseq = dis.getSequence(3);

    boolean passed = false;
    for (int i = 0; i < nameseq.length; i++) {

        // each RDN is a set of AttributeTypeAndValue
        DerInputStream is = new DerInputStream(nameseq[i].toByteArray());
        DerValue[] ava = is.getSet(3);

        for (int j = 0; j < ava.length; j++) {

            ObjectIdentifier oid = ava[j].data.getOID();

            if (oid.equals(X500Name.DOMAIN_COMPONENT_OID)) {
                DerValue value = ava[j].data.getDerValue();
                if (value.getTag() == DerValue.tag_IA5String) {
                    passed = true;
                    break;
                } else {
                    throw new SecurityException
                            ("Test failed, expected DOMAIN_COMPONENT tag '" +
                            DerValue.tag_IA5String +
                            "', got '" +
                            value.getTag() + "'");
                }
            }
        }

        if (passed) {
            break;
        }
    }

    if (passed) {
        System.out.println("Test passed");
    } else {
        throw new SecurityException("Test failed");
    }
}
 
Example 18
Source File: DomainComponentEncoding.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up
private static void testDN(String dn) throws Exception {
    X500Principal p = new X500Principal(dn);
    byte[] encoded = p.getEncoded();

    // name is a sequence of RDN's
    DerInputStream dis = new DerInputStream(encoded);
    DerValue[] nameseq = dis.getSequence(3);

    boolean passed = false;
    for (int i = 0; i < nameseq.length; i++) {

        // each RDN is a set of AttributeTypeAndValue
        DerInputStream is = new DerInputStream(nameseq[i].toByteArray());
        DerValue[] ava = is.getSet(3);

        for (int j = 0; j < ava.length; j++) {

            ObjectIdentifier oid = ava[j].data.getOID();

            if (oid.equals(X500Name.DOMAIN_COMPONENT_OID)) {
                DerValue value = ava[j].data.getDerValue();
                if (value.getTag() == DerValue.tag_IA5String) {
                    passed = true;
                    break;
                } else {
                    throw new SecurityException
                            ("Test failed, expected DOMAIN_COMPONENT tag '" +
                            DerValue.tag_IA5String +
                            "', got '" +
                            value.getTag() + "'");
                }
            }
        }

        if (passed) {
            break;
        }
    }

    if (passed) {
        System.out.println("Test passed");
    } else {
        throw new SecurityException("Test failed");
    }
}
 
Example 19
Source File: DomainComponentEncoding.java    From jdk8u-dev-jdk with GNU General Public License v2.0 4 votes vote down vote up
private static void testDN(String dn) throws Exception {
    X500Principal p = new X500Principal(dn);
    byte[] encoded = p.getEncoded();

    // name is a sequence of RDN's
    DerInputStream dis = new DerInputStream(encoded);
    DerValue[] nameseq = dis.getSequence(3);

    boolean passed = false;
    for (int i = 0; i < nameseq.length; i++) {

        // each RDN is a set of AttributeTypeAndValue
        DerInputStream is = new DerInputStream(nameseq[i].toByteArray());
        DerValue[] ava = is.getSet(3);

        for (int j = 0; j < ava.length; j++) {

            ObjectIdentifier oid = ava[j].data.getOID();

            if (oid.equals(X500Name.DOMAIN_COMPONENT_OID)) {
                DerValue value = ava[j].data.getDerValue();
                if (value.getTag() == DerValue.tag_IA5String) {
                    passed = true;
                    break;
                } else {
                    throw new SecurityException
                            ("Test failed, expected DOMAIN_COMPONENT tag '" +
                            DerValue.tag_IA5String +
                            "', got '" +
                            value.getTag() + "'");
                }
            }
        }

        if (passed) {
            break;
        }
    }

    if (passed) {
        System.out.println("Test passed");
    } else {
        throw new SecurityException("Test failed");
    }
}
 
Example 20
Source File: PKCS9Attributes.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Decode this set of PKCS9 attributes from the contents of its
 * DER encoding. Ignores unsupported attributes when directed.
 *
 * @param in
 * the contents of the DER encoding of the attribute set.
 *
 * @exception IOException
 * on i/o error, encoding syntax error, unacceptable or
 * unsupported attribute, or duplicate attribute.
 */
private byte[] decode(DerInputStream in) throws IOException {

    DerValue val = in.getDerValue();

    // save the DER encoding with its proper tag byte.
    byte[] derEncoding = val.toByteArray();
    derEncoding[0] = DerValue.tag_SetOf;

    DerInputStream derIn = new DerInputStream(derEncoding);
    DerValue[] derVals = derIn.getSet(3,true);

    PKCS9Attribute attrib;
    ObjectIdentifier oid;
    boolean reuseEncoding = true;

    for (int i=0; i < derVals.length; i++) {

        try {
            attrib = new PKCS9Attribute(derVals[i]);

        } catch (ParsingException e) {
            if (ignoreUnsupportedAttributes) {
                reuseEncoding = false; // cannot reuse supplied DER encoding
                continue; // skip
            } else {
                throw e;
            }
        }
        oid = attrib.getOID();

        if (attributes.get(oid) != null)
            throw new IOException("Duplicate PKCS9 attribute: " + oid);

        if (permittedAttributes != null &&
            !permittedAttributes.containsKey(oid))
            throw new IOException("Attribute " + oid +
                                  " not permitted in this attribute set");

        attributes.put(oid, attrib);
    }
    return reuseEncoding ? derEncoding : generateDerEncoding();
}