Java Code Examples for sun.security.x509.AlgorithmId#parse()
The following examples show how to use
sun.security.x509.AlgorithmId#parse() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: RSASignature.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Decode the signature data. Verify that the object identifier matches
* and return the message digest.
*/
public static byte[] decodeSignature(ObjectIdentifier oid, byte[] sig)
throws IOException {
// Enforce strict DER checking for signatures
DerInputStream in = new DerInputStream(sig, 0, sig.length, false);
DerValue[] values = in.getSequence(2);
if ((values.length != 2) || (in.available() != 0)) {
throw new IOException("SEQUENCE length error");
}
AlgorithmId algId = AlgorithmId.parse(values[0]);
if (algId.getOID().equals((Object)oid) == false) {
throw new IOException("ObjectIdentifier mismatch: "
+ algId.getOID());
}
if (algId.getEncodedParams() != null) {
throw new IOException("Unexpected AlgorithmId parameters");
}
byte[] digest = values[1].getOctetString();
return digest;
}
Example 2
| Source File: PrivateKeyInfo.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructs a PKCS#8 PrivateKeyInfo from its ASN.1 encoding.
*/
PrivateKeyInfo(byte[] encoded) throws IOException {
DerValue val = new DerValue(encoded);
if (val.tag != DerValue.tag_Sequence)
throw new IOException("private key parse error: not a sequence");
// version
BigInteger parsedVersion = val.data.getBigInteger();
if (!parsedVersion.equals(VERSION)) {
throw new IOException("version mismatch: (supported: " +
VERSION + ", parsed: " + parsedVersion);
}
// privateKeyAlgorithm
this.algid = AlgorithmId.parse(val.data.getDerValue());
// privateKey
this.privkey = val.data.getOctetString();
// OPTIONAL attributes not supported yet
}
Example 3
| Source File: RSASignature.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Decode the signature data. Verify that the object identifier matches
* and return the message digest.
*/
public static byte[] decodeSignature(ObjectIdentifier oid, byte[] signature)
throws IOException {
DerInputStream in = new DerInputStream(signature);
DerValue[] values = in.getSequence(2);
if ((values.length != 2) || (in.available() != 0)) {
throw new IOException("SEQUENCE length error");
}
AlgorithmId algId = AlgorithmId.parse(values[0]);
if (algId.getOID().equals((Object)oid) == false) {
throw new IOException("ObjectIdentifier mismatch: "
+ algId.getOID());
}
if (algId.getEncodedParams() != null) {
throw new IOException("Unexpected AlgorithmId parameters");
}
byte[] digest = values[1].getOctetString();
return digest;
}
Example 4
| Source File: EncryptedPrivateKeyInfo.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructs (i.e., parses) an <code>EncryptedPrivateKeyInfo</code> from
* its encoding.
*/
EncryptedPrivateKeyInfo(byte[] encoded) throws IOException {
DerValue val = new DerValue(encoded);
DerValue[] seq = new DerValue[2];
seq[0] = val.data.getDerValue();
seq[1] = val.data.getDerValue();
if (val.data.available() != 0) {
throw new IOException("overrun, bytes = " + val.data.available());
}
this.algid = AlgorithmId.parse(seq[0]);
if (seq[0].data.available() != 0) {
throw new IOException("encryptionAlgorithm field overrun");
}
this.encryptedData = seq[1].getOctetString();
if (seq[1].data.available() != 0)
throw new IOException("encryptedData field overrun");
this.encoded = encoded.clone();
}
Example 5
| Source File: EncryptedPrivateKeyInfo.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructs (i.e., parses) an <code>EncryptedPrivateKeyInfo</code> from
* its encoding.
*/
EncryptedPrivateKeyInfo(byte[] encoded) throws IOException {
DerValue val = new DerValue(encoded);
DerValue[] seq = new DerValue[2];
seq[0] = val.data.getDerValue();
seq[1] = val.data.getDerValue();
if (val.data.available() != 0) {
throw new IOException("overrun, bytes = " + val.data.available());
}
this.algid = AlgorithmId.parse(seq[0]);
if (seq[0].data.available() != 0) {
throw new IOException("encryptionAlgorithm field overrun");
}
this.encryptedData = seq[1].getOctetString();
if (seq[1].data.available() != 0)
throw new IOException("encryptedData field overrun");
this.encoded = encoded.clone();
}
Example 6
| Source File: PrivateKeyInfo.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructs a PKCS#8 PrivateKeyInfo from its ASN.1 encoding.
*/
PrivateKeyInfo(byte[] encoded) throws IOException {
DerValue val = new DerValue(encoded);
if (val.tag != DerValue.tag_Sequence)
throw new IOException("private key parse error: not a sequence");
// version
BigInteger parsedVersion = val.data.getBigInteger();
if (!parsedVersion.equals(VERSION)) {
throw new IOException("version mismatch: (supported: " +
VERSION + ", parsed: " + parsedVersion);
}
// privateKeyAlgorithm
this.algid = AlgorithmId.parse(val.data.getDerValue());
// privateKey
this.privkey = val.data.getOctetString();
// OPTIONAL attributes not supported yet
}
Example 7
| Source File: RSASignature.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Decode the signature data. Verify that the object identifier matches
* and return the message digest.
*/
public static byte[] decodeSignature(ObjectIdentifier oid, byte[] sig)
throws IOException {
// Enforce strict DER checking for signatures
DerInputStream in = new DerInputStream(sig, 0, sig.length, false);
DerValue[] values = in.getSequence(2);
if ((values.length != 2) || (in.available() != 0)) {
throw new IOException("SEQUENCE length error");
}
AlgorithmId algId = AlgorithmId.parse(values[0]);
if (algId.getOID().equals((Object)oid) == false) {
throw new IOException("ObjectIdentifier mismatch: "
+ algId.getOID());
}
if (algId.getEncodedParams() != null) {
throw new IOException("Unexpected AlgorithmId parameters");
}
byte[] digest = values[1].getOctetString();
return digest;
}
Example 8
| Source File: RSASignature.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Decode the signature data. Verify that the object identifier matches
* and return the message digest.
*/
public static byte[] decodeSignature(ObjectIdentifier oid, byte[] sig)
throws IOException {
// Enforce strict DER checking for signatures
DerInputStream in = new DerInputStream(sig, 0, sig.length, false);
DerValue[] values = in.getSequence(2);
if ((values.length != 2) || (in.available() != 0)) {
throw new IOException("SEQUENCE length error");
}
AlgorithmId algId = AlgorithmId.parse(values[0]);
if (algId.getOID().equals((Object)oid) == false) {
throw new IOException("ObjectIdentifier mismatch: "
+ algId.getOID());
}
if (algId.getEncodedParams() != null) {
throw new IOException("Unexpected AlgorithmId parameters");
}
byte[] digest = values[1].getOctetString();
return digest;
}
Example 9
| Source File: PrivateKeyInfo.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructs a PKCS#8 PrivateKeyInfo from its ASN.1 encoding.
*/
PrivateKeyInfo(byte[] encoded) throws IOException {
DerValue val = new DerValue(encoded);
if (val.tag != DerValue.tag_Sequence)
throw new IOException("private key parse error: not a sequence");
// version
BigInteger parsedVersion = val.data.getBigInteger();
if (!parsedVersion.equals(VERSION)) {
throw new IOException("version mismatch: (supported: " +
VERSION + ", parsed: " + parsedVersion);
}
// privateKeyAlgorithm
this.algid = AlgorithmId.parse(val.data.getDerValue());
// privateKey
this.privkey = val.data.getOctetString();
// OPTIONAL attributes not supported yet
}
Example 10
| Source File: CspHelper.java From julongchain with Apache License 2.0 | 6 votes |
|
private static List<Object> decodePrivateKeyPKCS8(byte[] encodedData) throws JulongChainException {
try {
DerValue derValue = new DerValue(new ByteArrayInputStream(encodedData));
if (derValue.tag != ASN1_SEQUENCE) {
throw new JulongChainException("invalid key format");
} else {
BigInteger version = derValue.data.getBigInteger();
if (!version.equals(BigInteger.ZERO)) {
throw new JulongChainException("version mismatch: (supported: " + Debug.toHexString(BigInteger.ZERO) + ", parsed: " + Debug.toHexString(version));
} else {
AlgorithmId algId = AlgorithmId.parse(derValue.data.getDerValue());
byte[] rawPrivateKey = derValue.data.getOctetString();
List<Object> list = new ArrayList<>();
list.add(algId);
list.add(rawPrivateKey);
return list;
}
}
} catch (IOException e) {
throw new JulongChainException("IOException : " + e.getMessage());
}
}
Example 11
| Source File: EncryptedPrivateKeyInfo.java From openjdk-8-source with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructs (i.e., parses) an <code>EncryptedPrivateKeyInfo</code> from
* its encoding.
*/
EncryptedPrivateKeyInfo(byte[] encoded) throws IOException {
DerValue val = new DerValue(encoded);
DerValue[] seq = new DerValue[2];
seq[0] = val.data.getDerValue();
seq[1] = val.data.getDerValue();
if (val.data.available() != 0) {
throw new IOException("overrun, bytes = " + val.data.available());
}
this.algid = AlgorithmId.parse(seq[0]);
if (seq[0].data.available() != 0) {
throw new IOException("encryptionAlgorithm field overrun");
}
this.encryptedData = seq[1].getOctetString();
if (seq[1].data.available() != 0)
throw new IOException("encryptedData field overrun");
this.encoded = encoded.clone();
}
Example 12
| Source File: TimestampToken.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
private void parse(byte[] timestampTokenInfo) throws IOException {
DerValue tstInfo = new DerValue(timestampTokenInfo);
if (tstInfo.tag != DerValue.tag_Sequence) {
throw new IOException("Bad encoding for timestamp token info");
}
// Parse version
version = tstInfo.data.getInteger();
// Parse policy
policy = tstInfo.data.getOID();
// Parse messageImprint
DerValue messageImprint = tstInfo.data.getDerValue();
hashAlgorithm = AlgorithmId.parse(messageImprint.data.getDerValue());
hashedMessage = messageImprint.data.getOctetString();
// Parse serialNumber
serialNumber = tstInfo.data.getBigInteger();
// Parse genTime
genTime = tstInfo.data.getGeneralizedTime();
// Parse optional elements, if present
while (tstInfo.data.available() > 0) {
DerValue d = tstInfo.data.getDerValue();
if (d.tag == DerValue.tag_Integer) { // must be the nonce
nonce = d.getBigInteger();
break;
}
// Additional fields:
// Parse accuracy
// Parse ordering
// Parse tsa
// Parse extensions
}
}
Example 13
| Source File: MacData.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
/**
* Parses a PKCS#12 MAC data.
*/
MacData(DerInputStream derin)
throws IOException, ParsingException
{
DerValue[] macData = derin.getSequence(2);
// Parse the digest info
DerInputStream digestIn = new DerInputStream(macData[0].toByteArray());
DerValue[] digestInfo = digestIn.getSequence(2);
// Parse the DigestAlgorithmIdentifier.
AlgorithmId digestAlgorithmId = AlgorithmId.parse(digestInfo[0]);
this.digestAlgorithmName = digestAlgorithmId.getName();
this.digestAlgorithmParams = digestAlgorithmId.getParameters();
// Get the digest.
this.digest = digestInfo[1].getOctetString();
// Get the salt.
this.macSalt = macData[1].getOctetString();
// Iterations is optional. The default value is 1.
if (macData.length > 2) {
this.iterations = macData[2].getInteger();
} else {
this.iterations = 1;
}
}
Example 14
| Source File: MacData.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Parses a PKCS#12 MAC data.
*/
MacData(DerInputStream derin)
throws IOException, ParsingException
{
DerValue[] macData = derin.getSequence(2);
// Parse the digest info
DerInputStream digestIn = new DerInputStream(macData[0].toByteArray());
DerValue[] digestInfo = digestIn.getSequence(2);
// Parse the DigestAlgorithmIdentifier.
AlgorithmId digestAlgorithmId = AlgorithmId.parse(digestInfo[0]);
this.digestAlgorithmName = digestAlgorithmId.getName();
this.digestAlgorithmParams = digestAlgorithmId.getParameters();
// Get the digest.
this.digest = digestInfo[1].getOctetString();
// Get the salt.
this.macSalt = macData[1].getOctetString();
// Iterations is optional. The default value is 1.
if (macData.length > 2) {
this.iterations = macData[2].getInteger();
} else {
this.iterations = 1;
}
}
Example 15
| Source File: TimestampToken.java From j2objc with Apache License 2.0 | 5 votes |
|
private void parse(byte[] timestampTokenInfo) throws IOException {
DerValue tstInfo = new DerValue(timestampTokenInfo);
if (tstInfo.tag != DerValue.tag_Sequence) {
throw new IOException("Bad encoding for timestamp token info");
}
// Parse version
version = tstInfo.data.getInteger();
// Parse policy
policy = tstInfo.data.getOID();
// Parse messageImprint
DerValue messageImprint = tstInfo.data.getDerValue();
hashAlgorithm = AlgorithmId.parse(messageImprint.data.getDerValue());
hashedMessage = messageImprint.data.getOctetString();
// Parse serialNumber
serialNumber = tstInfo.data.getBigInteger();
// Parse genTime
genTime = tstInfo.data.getGeneralizedTime();
// Parse optional elements, if present
while (tstInfo.data.available() > 0) {
DerValue d = tstInfo.data.getDerValue();
if (d.tag == DerValue.tag_Integer) { // must be the nonce
nonce = d.getBigInteger();
break;
}
// Additional fields:
// Parse accuracy
// Parse ordering
// Parse tsa
// Parse extensions
}
}
Example 16
| Source File: EncryptedPrivateKeyInfo.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Constructs (i.e., parses) an <code>EncryptedPrivateKeyInfo</code> from
* its ASN.1 encoding.
* @param encoded the ASN.1 encoding of this object. The contents of
* the array are copied to protect against subsequent modification.
* @exception NullPointerException if the <code>encoded</code> is null.
* @exception IOException if error occurs when parsing the ASN.1 encoding.
*/
public EncryptedPrivateKeyInfo(byte[] encoded)
throws IOException {
if (encoded == null) {
throw new NullPointerException("the encoded parameter " +
"must be non-null");
}
this.encoded = encoded.clone();
DerValue val = new DerValue(this.encoded);
DerValue[] seq = new DerValue[2];
seq[0] = val.data.getDerValue();
seq[1] = val.data.getDerValue();
if (val.data.available() != 0) {
throw new IOException("overrun, bytes = " + val.data.available());
}
this.algid = AlgorithmId.parse(seq[0]);
if (seq[0].data.available() != 0) {
throw new IOException("encryptionAlgorithm field overrun");
}
this.encryptedData = seq[1].getOctetString();
if (seq[1].data.available() != 0) {
throw new IOException("encryptedData field overrun");
}
}
Example 17
| Source File: EncryptedPrivateKeyInfo.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Constructs (i.e., parses) an <code>EncryptedPrivateKeyInfo</code> from
* its ASN.1 encoding.
* @param encoded the ASN.1 encoding of this object. The contents of
* the array are copied to protect against subsequent modification.
* @exception NullPointerException if the <code>encoded</code> is null.
* @exception IOException if error occurs when parsing the ASN.1 encoding.
*/
public EncryptedPrivateKeyInfo(byte[] encoded)
throws IOException {
if (encoded == null) {
throw new NullPointerException("the encoded parameter " +
"must be non-null");
}
this.encoded = encoded.clone();
DerValue val = new DerValue(this.encoded);
DerValue[] seq = new DerValue[2];
seq[0] = val.data.getDerValue();
seq[1] = val.data.getDerValue();
if (val.data.available() != 0) {
throw new IOException("overrun, bytes = " + val.data.available());
}
this.algid = AlgorithmId.parse(seq[0]);
if (seq[0].data.available() != 0) {
throw new IOException("encryptionAlgorithm field overrun");
}
this.encryptedData = seq[1].getOctetString();
if (seq[1].data.available() != 0) {
throw new IOException("encryptedData field overrun");
}
}
Example 18
| Source File: SignerInfo.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
|
/**
* Parses a PKCS#7 signer info.
*
* <p>This constructor is used only for backwards compatibility with
* PKCS#7 blocks that were generated using JDK1.1.x.
*
* @param derin the ASN.1 encoding of the signer info.
* @param oldStyle flag indicating whether or not the given signer info
* is encoded according to JDK1.1.x.
*/
public SignerInfo(DerInputStream derin, boolean oldStyle)
throws IOException, ParsingException
{
// version
version = derin.getBigInteger();
// issuerAndSerialNumber
DerValue[] issuerAndSerialNumber = derin.getSequence(2);
byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray();
issuerName = new X500Name(new DerValue(DerValue.tag_Sequence,
issuerBytes));
certificateSerialNumber = issuerAndSerialNumber[1].getBigInteger();
// digestAlgorithmId
DerValue tmp = derin.getDerValue();
digestAlgorithmId = AlgorithmId.parse(tmp);
// authenticatedAttributes
if (oldStyle) {
// In JDK1.1.x, the authenticatedAttributes are always present,
// encoded as an empty Set (Set of length zero)
derin.getSet(0);
} else {
// check if set of auth attributes (implicit tag) is provided
// (auth attributes are OPTIONAL)
if ((byte)(derin.peekByte()) == (byte)0xA0) {
authenticatedAttributes = new PKCS9Attributes(derin);
}
}
// digestEncryptionAlgorithmId - little RSA naming scheme -
// signature == encryption...
tmp = derin.getDerValue();
digestEncryptionAlgorithmId = AlgorithmId.parse(tmp);
// encryptedDigest
encryptedDigest = derin.getOctetString();
// unauthenticatedAttributes
if (oldStyle) {
// In JDK1.1.x, the unauthenticatedAttributes are always present,
// encoded as an empty Set (Set of length zero)
derin.getSet(0);
} else {
// check if set of unauth attributes (implicit tag) is provided
// (unauth attributes are OPTIONAL)
if (derin.available() != 0
&& (byte)(derin.peekByte()) == (byte)0xA1) {
unauthenticatedAttributes =
new PKCS9Attributes(derin, true);// ignore unsupported attrs
}
}
// all done
if (derin.available() != 0) {
throw new ParsingException("extra data at the end");
}
}
Example 19
| Source File: SignerInfo.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Parses a PKCS#7 signer info.
*
* <p>This constructor is used only for backwards compatibility with
* PKCS#7 blocks that were generated using JDK1.1.x.
*
* @param derin the ASN.1 encoding of the signer info.
* @param oldStyle flag indicating whether or not the given signer info
* is encoded according to JDK1.1.x.
*/
public SignerInfo(DerInputStream derin, boolean oldStyle)
throws IOException, ParsingException
{
// version
version = derin.getBigInteger();
// issuerAndSerialNumber
DerValue[] issuerAndSerialNumber = derin.getSequence(2);
byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray();
issuerName = new X500Name(new DerValue(DerValue.tag_Sequence,
issuerBytes));
certificateSerialNumber = issuerAndSerialNumber[1].getBigInteger();
// digestAlgorithmId
DerValue tmp = derin.getDerValue();
digestAlgorithmId = AlgorithmId.parse(tmp);
// authenticatedAttributes
if (oldStyle) {
// In JDK1.1.x, the authenticatedAttributes are always present,
// encoded as an empty Set (Set of length zero)
derin.getSet(0);
} else {
// check if set of auth attributes (implicit tag) is provided
// (auth attributes are OPTIONAL)
if ((byte)(derin.peekByte()) == (byte)0xA0) {
authenticatedAttributes = new PKCS9Attributes(derin);
}
}
// digestEncryptionAlgorithmId - little RSA naming scheme -
// signature == encryption...
tmp = derin.getDerValue();
digestEncryptionAlgorithmId = AlgorithmId.parse(tmp);
// encryptedDigest
encryptedDigest = derin.getOctetString();
// unauthenticatedAttributes
if (oldStyle) {
// In JDK1.1.x, the unauthenticatedAttributes are always present,
// encoded as an empty Set (Set of length zero)
derin.getSet(0);
} else {
// check if set of unauth attributes (implicit tag) is provided
// (unauth attributes are OPTIONAL)
if (derin.available() != 0
&& (byte)(derin.peekByte()) == (byte)0xA1) {
unauthenticatedAttributes =
new PKCS9Attributes(derin, true);// ignore unsupported attrs
}
}
// all done
if (derin.available() != 0) {
throw new ParsingException("extra data at the end");
}
}
Example 20
| Source File: PKCS10.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Parses an encoded, signed PKCS #10 certificate request, verifying
* the request's signature as it does so. This constructor would
* typically be used by a Certificate Authority, from which a new
* certificate would then be constructed.
*
* @param data the DER-encoded PKCS #10 request.
* @exception IOException for low level errors reading the data
* @exception SignatureException when the signature is invalid
* @exception NoSuchAlgorithmException when the signature
* algorithm is not supported in this environment
*/
public PKCS10(byte[] data)
throws IOException, SignatureException, NoSuchAlgorithmException {
DerInputStream in;
DerValue[] seq;
AlgorithmId id;
byte[] sigData;
Signature sig;
encoded = data;
//
// Outer sequence: request, signature algorithm, signature.
// Parse, and prepare to verify later.
//
in = new DerInputStream(data);
seq = in.getSequence(3);
if (seq.length != 3)
throw new IllegalArgumentException("not a PKCS #10 request");
data = seq[0].toByteArray(); // reusing this variable
id = AlgorithmId.parse(seq[1]);
sigData = seq[2].getBitString();
//
// Inner sequence: version, name, key, attributes
//
BigInteger serial;
DerValue val;
serial = seq[0].data.getBigInteger();
if (!serial.equals(BigInteger.ZERO))
throw new IllegalArgumentException("not PKCS #10 v1");
subject = new X500Name(seq[0].data);
subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue());
// Cope with a somewhat common illegal PKCS #10 format
if (seq[0].data.available() != 0)
attributeSet = new PKCS10Attributes(seq[0].data);
else
attributeSet = new PKCS10Attributes();
if (seq[0].data.available() != 0)
throw new IllegalArgumentException("illegal PKCS #10 data");
//
// OK, we parsed it all ... validate the signature using the
// key and signature algorithm we found.
//
try {
sig = Signature.getInstance(id.getName());
sig.initVerify(subjectPublicKeyInfo);
sig.update(data);
if (!sig.verify(sigData))
throw new SignatureException("Invalid PKCS #10 signature");
} catch (InvalidKeyException e) {
throw new SignatureException("invalid key");
}
}
