Java Code Examples for sun.security.util.DerValue#getOctetString()

private static void CRLDistributionPointsExtensionTest(String certStr)
        throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
    X509Certificate cert = (X509Certificate) cf.generateCertificate(is);

    // oid for CRL Distribution Points = 2.5.29.31
    byte[] CDPExtBytes = cert.getExtensionValue("2.5.29.31");
    DerValue val = new DerValue(CDPExtBytes);
    byte[] data = val.getOctetString();
    CRLDistributionPointsExtension CDPExt
            = new CRLDistributionPointsExtension(false, data);
}
 

private static void CRLDistributionPointsExtensionTest(String certStr)
        throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
    X509Certificate cert = (X509Certificate) cf.generateCertificate(is);

    // oid for CRL Distribution Points = 2.5.29.31
    byte[] CDPExtBytes = cert.getExtensionValue("2.5.29.31");
    DerValue val = new DerValue(CDPExtBytes);
    byte[] data = val.getOctetString();
    CRLDistributionPointsExtension CDPExt
            = new CRLDistributionPointsExtension(false, data);
}
 

private static void CRLDistributionPointsExtensionTest(String certStr)
        throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
    X509Certificate cert = (X509Certificate) cf.generateCertificate(is);

    // oid for CRL Distribution Points = 2.5.29.31
    byte[] CDPExtBytes = cert.getExtensionValue("2.5.29.31");
    DerValue val = new DerValue(CDPExtBytes);
    byte[] data = val.getOctetString();
    CRLDistributionPointsExtension CDPExt
            = new CRLDistributionPointsExtension(false, data);
}
 

private static void CRLDistributionPointsExtensionTest(String certStr)
        throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
    X509Certificate cert = (X509Certificate) cf.generateCertificate(is);

    // oid for CRL Distribution Points = 2.5.29.31
    byte[] CDPExtBytes = cert.getExtensionValue("2.5.29.31");
    DerValue val = new DerValue(CDPExtBytes);
    byte[] data = val.getOctetString();
    CRLDistributionPointsExtension CDPExt
            = new CRLDistributionPointsExtension(false, data);
}
 

private static void CRLDistributionPointsExtensionTest(String certStr)
        throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
    X509Certificate cert = (X509Certificate) cf.generateCertificate(is);

    // oid for CRL Distribution Points = 2.5.29.31
    byte[] CDPExtBytes = cert.getExtensionValue("2.5.29.31");
    DerValue val = new DerValue(CDPExtBytes);
    byte[] data = val.getOctetString();
    CRLDistributionPointsExtension CDPExt
            = new CRLDistributionPointsExtension(false, data);
}
 

public static void verifyExtStructure(byte[] derData) throws IOException {
    debuglog("verifyASN1Extension() received " + derData.length + " bytes");
    DerInputStream dis = new DerInputStream(derData);

    // The sequenceItems array should be either two or three elements
    // long.  If three, then the criticality bit setting has been asserted.
    DerValue[] sequenceItems = dis.getSequence(3);
    debuglog("Found sequence containing " + sequenceItems.length +
            " elements");
    if (sequenceItems.length != 2 && sequenceItems.length != 3) {
        throw new RuntimeException("Incorrect number of items found in " +
                "the SEQUENCE (Got " + sequenceItems.length +
                ", expected 2 or 3 items)");
    }

    int seqIndex = 0;
    ObjectIdentifier extOid = sequenceItems[seqIndex++].getOID();
    debuglog("Found OID: " + extOid.toString());
    if (!extOid.equals((Object)PKIXExtensions.OCSPNonce_Id)) {
        throw new RuntimeException("Incorrect OID (Got " +
                extOid.toString() + ", expected " +
                PKIXExtensions.OCSPNonce_Id.toString() + ")");
    }

    if (sequenceItems.length == 3) {
        // Non-default criticality bit setting should be at index 1
        boolean isCrit = sequenceItems[seqIndex++].getBoolean();
        debuglog("Found BOOLEAN (critical): " + isCrit);
    }

    // The extnValue is an encapsulating OCTET STRING that contains the
    // extension's value.  For the OCSP Nonce, that value itself is also
    // an OCTET STRING consisting of the random bytes.
    DerValue extnValue =
            new DerValue(sequenceItems[seqIndex++].getOctetString());
    byte[] nonceData = extnValue.getOctetString();
    debuglog("Found " + nonceData.length + " bytes of nonce data");
}
 

private static void CRLDistributionPointsExtensionTest(String certStr)
        throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
    X509Certificate cert = (X509Certificate) cf.generateCertificate(is);

    // oid for CRL Distribution Points = 2.5.29.31
    byte[] CDPExtBytes = cert.getExtensionValue("2.5.29.31");
    DerValue val = new DerValue(CDPExtBytes);
    byte[] data = val.getOctetString();
    CRLDistributionPointsExtension CDPExt
            = new CRLDistributionPointsExtension(false, data);
}
 

private static void CRLDistributionPointsExtensionTest(String certStr)
        throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
    X509Certificate cert = (X509Certificate) cf.generateCertificate(is);

    // oid for CRL Distribution Points = 2.5.29.31
    byte[] CDPExtBytes = cert.getExtensionValue("2.5.29.31");
    DerValue val = new DerValue(CDPExtBytes);
    byte[] data = val.getOctetString();
    CRLDistributionPointsExtension CDPExt
            = new CRLDistributionPointsExtension(false, data);
}
 

/**
 * Initialize the engine using the {@code AlgorithmParameter} initialization
 * format.  This cipher does supports initialization with
 * {@code AlgorithmParameter} objects for ChaCha20-Poly1305 but not for
 * ChaCha20 as a simple stream cipher.  In the latter case, it will throw
 * an {@code InvalidAlgorithmParameterException} if the value is non-null.
 * If a null value is supplied for the {@code params} field
 * the cipher will be initialized with the counter value set to 1 and
 * a random nonce.  If {@code null} is used for the random object,
 * then an internal secure random source will be used to create the
 * nonce.
 *
 * @param opmode the type of operation to do.  This value must be either
 *      {@code Cipher.ENCRYPT_MODE} or {@code Cipher.DECRYPT_MODE}
 * @param key a 256-bit key suitable for ChaCha20
 * @param params a {@code null} value if the algorithm is ChaCha20, or
 *      the appropriate {@code AlgorithmParameters} object containing the
 *      nonce information if the algorithm is ChaCha20-Poly1305.
 * @param random a {@code SecureRandom} implementation, may be {@code null}.
 *
 * @throws UnsupportedOperationException if the mode of operation
 *      is {@code Cipher.WRAP_MODE} or {@code Cipher.UNWRAP_MODE}
 *      (currently unsupported).
 * @throws InvalidKeyException if the key is of the wrong type or is
 *      not 256-bits in length.  This will also be thrown if the opmode
 *      parameter is not {@code Cipher.ENCRYPT_MODE} or
 *      {@code Cipher.DECRYPT_MODE} (excepting the UOE case above).
 * @throws InvalidAlgorithmParameterException if {@code params} is
 *      non-null and the algorithm is ChaCha20.  This exception will be
 *      also thrown if the algorithm is ChaCha20-Poly1305 and an incorrect
 *      {@code AlgorithmParameters} object is supplied.
 */
@Override
protected void engineInit(int opmode, Key key,
        AlgorithmParameters params, SecureRandom random)
        throws InvalidKeyException, InvalidAlgorithmParameterException {

    // If AlgorithmParameters is null, then treat this like an init
    // of the form (int, Key, SecureRandom)
    if (params == null) {
        engineInit(opmode, key, random);
        return;
    }

    byte[] newNonce = null;
    switch (mode) {
        case MODE_NONE:
            throw new InvalidAlgorithmParameterException(
                    "AlgorithmParameters not supported");
        case MODE_AEAD:
            String paramAlg = params.getAlgorithm();
            if (!paramAlg.equalsIgnoreCase("ChaCha20-Poly1305")) {
                throw new InvalidAlgorithmParameterException(
                        "Invalid parameter type: " + paramAlg);
            }
            try {
                DerValue dv = new DerValue(params.getEncoded());
                newNonce = dv.getOctetString();
                if (newNonce.length != 12) {
                    throw new InvalidAlgorithmParameterException(
                            "ChaCha20-Poly1305 nonce must be " +
                            "12 bytes in length");
                }
            } catch (IOException ioe) {
                throw new InvalidAlgorithmParameterException(ioe);
            }
            break;
        default:
            throw new RuntimeException("Invalid mode: " + mode);
    }

    // If after all the above processing we still don't have a nonce value
    // then supply a random one provided a random source has been given.
    if (newNonce == null) {
        newNonce = createRandomNonce(random);
    }

    // Continue with initialization
    init(opmode, key, newNonce);
}
 

@Override
public Map.Entry<Boolean, String> runTest() {
    Boolean pass = Boolean.FALSE;
    String message = null;
    try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
        Extension nonceByDer = new sun.security.x509.Extension(
                new DerValue(OCSP_NONCE_DER));

        // Verify overall encoded extension structure
        nonceByDer.encode(baos);
        verifyExtStructure(baos.toByteArray());

        // Verify the name, elements, and data conform to
        // expected values for this specific object.
        boolean crit = nonceByDer.isCritical();
        String oid = nonceByDer.getId();
        DerValue nonceData = new DerValue(nonceByDer.getValue());

        if (!crit) {
            message = "Extension lacks expected criticality setting";
        } else if (!oid.equals(OCSP_NONCE_OID)) {
            message = "Incorrect OID (Got " + oid + ", Expected " +
                    OCSP_NONCE_OID + ")";
        } else if (nonceData.getTag() != DerValue.tag_OctetString) {
            message = "Incorrect nonce data tag type (Got " +
                    String.format("0x%02X", nonceData.getTag()) +
                    ", Expected 0x04)";
        } else if (nonceData.getOctetString().length != 48) {
            message = "Incorrect nonce byte length (Got " +
                    nonceData.getOctetString().length +
                    ", Expected 48)";
        } else {
            pass = Boolean.TRUE;
        }
    } catch (Exception e) {
        e.printStackTrace(System.out);
        message = e.getClass().getName();
    }

    return new AbstractMap.SimpleEntry<>(pass, message);
}
 

/**
 * Initialize the engine using the {@code AlgorithmParameter} initialization
 * format.  This cipher does supports initialization with
 * {@code AlgorithmParameter} objects for ChaCha20-Poly1305 but not for
 * ChaCha20 as a simple stream cipher.  In the latter case, it will throw
 * an {@code InvalidAlgorithmParameterException} if the value is non-null.
 * If a null value is supplied for the {@code params} field
 * the cipher will be initialized with the counter value set to 1 and
 * a random nonce.  If {@code null} is used for the random object,
 * then an internal secure random source will be used to create the
 * nonce.
 *
 * @param opmode the type of operation to do.  This value must be either
 *      {@code Cipher.ENCRYPT_MODE} or {@code Cipher.DECRYPT_MODE}
 * @param key a 256-bit key suitable for ChaCha20
 * @param params a {@code null} value if the algorithm is ChaCha20, or
 *      the appropriate {@code AlgorithmParameters} object containing the
 *      nonce information if the algorithm is ChaCha20-Poly1305.
 * @param random a {@code SecureRandom} implementation, may be {@code null}.
 *
 * @throws UnsupportedOperationException if the mode of operation
 *      is {@code Cipher.WRAP_MODE} or {@code Cipher.UNWRAP_MODE}
 *      (currently unsupported).
 * @throws InvalidKeyException if the key is of the wrong type or is
 *      not 256-bits in length.  This will also be thrown if the opmode
 *      parameter is not {@code Cipher.ENCRYPT_MODE} or
 *      {@code Cipher.DECRYPT_MODE} (excepting the UOE case above).
 * @throws InvalidAlgorithmParameterException if {@code params} is
 *      non-null and the algorithm is ChaCha20.  This exception will be
 *      also thrown if the algorithm is ChaCha20-Poly1305 and an incorrect
 *      {@code AlgorithmParameters} object is supplied.
 */
@Override
protected void engineInit(int opmode, Key key,
        AlgorithmParameters params, SecureRandom random)
        throws InvalidKeyException, InvalidAlgorithmParameterException {

    // If AlgorithmParameters is null, then treat this like an init
    // of the form (int, Key, SecureRandom)
    if (params == null) {
        engineInit(opmode, key, random);
        return;
    }

    byte[] newNonce = null;
    switch (mode) {
        case MODE_NONE:
            throw new InvalidAlgorithmParameterException(
                    "AlgorithmParameters not supported");
        case MODE_AEAD:
            String paramAlg = params.getAlgorithm();
            if (!paramAlg.equalsIgnoreCase("ChaCha20-Poly1305")) {
                throw new InvalidAlgorithmParameterException(
                        "Invalid parameter type: " + paramAlg);
            }
            try {
                DerValue dv = new DerValue(params.getEncoded());
                newNonce = dv.getOctetString();
                if (newNonce.length != 12) {
                    throw new InvalidAlgorithmParameterException(
                            "ChaCha20-Poly1305 nonce must be " +
                            "12 bytes in length");
                }
            } catch (IOException ioe) {
                throw new InvalidAlgorithmParameterException(ioe);
            }
            break;
        default:
            throw new RuntimeException("Invalid mode: " + mode);
    }

    // If after all the above processing we still don't have a nonce value
    // then supply a random one provided a random source has been given.
    if (newNonce == null) {
        newNonce = createRandomNonce(random);
    }

    // Continue with initialization
    init(opmode, key, newNonce);
}
 

/**
 * Create the IPAddressName object from the passed encoded Der value.
 *
 * @params derValue the encoded DER IPAddressName.
 * @exception IOException on error.
 */
public IPAddressName(DerValue derValue) throws IOException {
    this(derValue.getOctetString());
}
 

/**
 * Create the IPAddressName object from the passed encoded Der value.
 *
 * @params derValue the encoded DER IPAddressName.
 * @exception IOException on error.
 */
public IPAddressName(DerValue derValue) throws IOException {
    this(derValue.getOctetString());
}
 

/**
 * Create the IPAddressName object from the passed encoded Der value.
 *
 * @params derValue the encoded DER IPAddressName.
 * @exception IOException on error.
 */
public IPAddressName(DerValue derValue) throws IOException {
    this(derValue.getOctetString());
}
 

/**
 * Create the IPAddressName object from the passed encoded Der value.
 *
 * @param derValue the encoded DER IPAddressName.
 * @exception IOException on error.
 */
public IPAddressName(DerValue derValue) throws IOException {
    this(derValue.getOctetString());
}
 

/**
 * Create the IPAddressName object from the passed encoded Der value.
 *
 * @params derValue the encoded DER IPAddressName.
 * @exception IOException on error.
 */
public IPAddressName(DerValue derValue) throws IOException {
    this(derValue.getOctetString());
}
 

/**
 * Create the IPAddressName object from the passed encoded Der value.
 *
 * @params derValue the encoded DER IPAddressName.
 * @exception IOException on error.
 */
public IPAddressName(DerValue derValue) throws IOException {
    this(derValue.getOctetString());
}
 

/**
 * Create the IPAddressName object from the passed encoded Der value.
 *
 * @params derValue the encoded DER IPAddressName.
 * @exception IOException on error.
 */
public IPAddressName(DerValue derValue) throws IOException {
    this(derValue.getOctetString());
}
 

/**
 * Create the IPAddressName object from the passed encoded Der value.
 *
 * @params derValue the encoded DER IPAddressName.
 * @exception IOException on error.
 */
public IPAddressName(DerValue derValue) throws IOException {
    this(derValue.getOctetString());
}
 

/**
 * Create the IPAddressName object from the passed encoded Der value.
 *
 * @params derValue the encoded DER IPAddressName.
 * @exception IOException on error.
 */
public IPAddressName(DerValue derValue) throws IOException {
    this(derValue.getOctetString());
}