sun.security.util.DerValue Java Examples

private static PrivateKey toPrivateKey(String key)
        throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");

    String content = key.replaceAll("\\n", "").replace(RsaPrivateKeyStart, "").replace(RsaPrivateKeyEnd, "");
    byte[] bytes = Base64.getDecoder().decode(content);

    DerInputStream derReader = new DerInputStream(bytes);
    DerValue[] seq = derReader.getSequence(0);

    // skip version seq[0];
    BigInteger modulus = seq[1].getBigInteger();
    BigInteger publicExp = seq[2].getBigInteger();
    BigInteger privateExp = seq[3].getBigInteger();
    BigInteger prime1 = seq[4].getBigInteger();
    BigInteger prime2 = seq[5].getBigInteger();
    BigInteger exp1 = seq[6].getBigInteger();
    BigInteger exp2 = seq[7].getBigInteger();
    BigInteger crtCoef = seq[8].getBigInteger();

    RSAPrivateCrtKeySpec keySpec =
            new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp, prime1, prime2, exp1, exp2, crtCoef);

    return keyFactory.generatePrivate(keySpec);
}
 

@Override
protected void decodeParameters() {
  byte[] bytes = getEncoded();
  if (bytes == null) {
    return;
  }
  try {
    DerInputStream in = new DerInputStream(bytes);
    if (in.peekByte() == DerValue.tag_BitString) {
      // Strip headers.
      in.getBitString(); // Ignore: bitstring of mod + exp.
      in.getBitString();
      modulus = new BigInteger(in.getBitString());
      in.getBitString();
      publicExponent = new BigInteger(in.getBitString());
    } else {
      DerValue[] values = in.getSequence(2);
      publicExponent = values[0].getBigInteger();
      modulus = values[1].getBigInteger();
    }
  } catch (IOException e) {
    throw new ProviderException("failed decoding public key parameters: " + e);
  }
}
 

protected void engineInit(byte[] params) throws IOException {
    DerValue encodedParams = new DerValue(params);

    if (encodedParams.tag != DerValue.tag_Sequence) {
        throw new IOException("DSA params parsing error");
    }

    encodedParams.data.reset();

    this.p = encodedParams.data.getBigInteger();
    this.q = encodedParams.data.getBigInteger();
    this.g = encodedParams.data.getBigInteger();

    if (encodedParams.data.available() != 0) {
        throw new IOException("encoded params have " +
                              encodedParams.data.available() +
                              " extra bytes");
    }
}
 

/**
 * Sign all the data thus far updated. The signature is formatted
 * according to the Canonical Encoding Rules, returned as a DER
 * sequence of Integer, r and s.
 *
 * @return a signature block formatted according to the Canonical
 * Encoding Rules.
 *
 * @exception SignatureException if the signature object was not
 * properly initialized, or if another exception occurs.
 *
 * @see sun.security.DSA#engineUpdate
 * @see sun.security.DSA#engineVerify
 */
protected byte[] engineSign() throws SignatureException {
    BigInteger k = generateK(presetQ);
    BigInteger r = generateR(presetP, presetQ, presetG, k);
    BigInteger s = generateS(presetX, presetQ, r, k);

    try {
        DerOutputStream outseq = new DerOutputStream(100);
        outseq.putInteger(r);
        outseq.putInteger(s);
        DerValue result = new DerValue(DerValue.tag_Sequence,
                                       outseq.toByteArray());

        return result.toByteArray();

    } catch (IOException e) {
        throw new SignatureException("error encoding signature");
    }
}
 

/**
 * Create the extension from its DER encoded value and criticality.
 *
 * @param critical true if the extension is to be treated as critical.
 * @param value an array of DER encoded bytes of the actual value.
 * @exception ClassCastException if value is not an array of bytes
 * @exception IOException on error.
 */
public CertificatePoliciesExtension(Boolean critical, Object value)
throws IOException {
    this.extensionId = PKIXExtensions.CertificatePolicies_Id;
    this.critical = critical.booleanValue();
    this.extensionValue = (byte[]) value;
    DerValue val = new DerValue(this.extensionValue);
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding for " +
                               "CertificatePoliciesExtension.");
    }
    certPolicies = new ArrayList<PolicyInformation>();
    while (val.data.available() != 0) {
        DerValue seq = val.data.getDerValue();
        PolicyInformation policy = new PolicyInformation(seq);
        certPolicies.add(policy);
    }
}
 

/**
 * Create an instance of PolicyInformation, decoding from
 * the passed DerValue.
 *
 * @param val the DerValue to construct the PolicyInformation from.
 * @exception IOException on decoding errors.
 */
public PolicyInformation(DerValue val) throws IOException {
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding of PolicyInformation");
    }
    policyIdentifier = new CertificatePolicyId(val.data.getDerValue());
    if (val.data.available() != 0) {
        policyQualifiers = new LinkedHashSet<PolicyQualifierInfo>();
        DerValue opt = val.data.getDerValue();
        if (opt.tag != DerValue.tag_Sequence)
            throw new IOException("Invalid encoding of PolicyInformation");
        if (opt.data.available() == 0)
            throw new IOException("No data available in policyQualifiers");
        while (opt.data.available() != 0)
            policyQualifiers.add(new PolicyQualifierInfo
                    (opt.data.getDerValue().toByteArray()));
    } else {
        policyQualifiers = Collections.emptySet();
    }
}
 

/**
 * Creates an instance of {@code PolicyQualifierInfo} from the
 * encoded bytes. The encoded byte array is copied on construction.
 *
 * @param encoded a byte array containing the qualifier in DER encoding
 * @exception IOException thrown if the byte array does not represent a
 * valid and parsable policy qualifier
 */
public PolicyQualifierInfo(byte[] encoded) throws IOException {
    mEncoded = encoded.clone();

    DerValue val = new DerValue(mEncoded);
    if (val.tag != DerValue.tag_Sequence)
        throw new IOException("Invalid encoding for PolicyQualifierInfo");

    mId = (val.data.getDerValue()).getOID().toString();
    byte [] tmp = val.data.toByteArray();
    if (tmp == null) {
        mData = null;
    } else {
        mData = new byte[tmp.length];
        System.arraycopy(tmp, 0, mData, 0, tmp.length);
    }
}
 

/**
 * Parse (unmarshal) a kerberostime from a DER input stream.  This form
 * parsing might be used when expanding a value which is part of
 * a constructed sequence and uses explicitly tagged type.
 *
 * @exception Asn1Exception on error.
 * @param data the Der input stream value, which contains
 *             one or more marshaled value.
 * @param explicitTag tag number.
 * @param optional indicates if this data field is optional
 * @return an instance of KerberosTime.
 *
 */
public static KerberosTime parse(
        DerInputStream data, byte explicitTag, boolean optional)
        throws Asn1Exception, IOException {
    if ((optional) && (((byte)data.peekByte() & (byte)0x1F)!= explicitTag))
        return null;
    DerValue der = data.getDerValue();
    if (explicitTag != (der.getTag() & (byte)0x1F))  {
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
    else {
        DerValue subDer = der.getData().getDerValue();
        Date temp = subDer.getGeneralizedTime();
        return new KerberosTime(temp.getTime(), 0);
    }
}
 

static void checkData(X509CRLImpl c, byte[] data, BigInteger[] expected)
        throws Exception {
    if (c.getRevokedCertificates().size() != expected.length) {
        throw new Exception("Wrong count in CRL object, now " +
                c.getRevokedCertificates().size());
    }
    DerValue d1 = new DerValue(data);
    // revokedCertificates at 5th place of TBSCertList
    DerValue[] d2 = new DerInputStream(
            d1.data.getSequence(0)[4].toByteArray())
            .getSequence(0);
    if (d2.length != expected.length) {
        throw new Exception("Wrong count in raw data, now " + d2.length);
    }
    for (int i=0; i<d2.length; i++) {
        // Serial is first in revokedCertificates entry
        BigInteger bi = d2[i].data.getBigInteger();
        if (!bi.equals(expected[i])) {
            throw new Exception("Entry at #" + i + " is " + bi
                    + ", should be " + expected[i]);
        }
    }
}
 

/**
 * Create the extension from its DER encoded value and criticality.
 *
 * @param critical true if the extension is to be treated as critical.
 * @param value an array of DER encoded bytes of the actual value.
 * @exception ClassCastException if value is not an array of bytes
 * @exception IOException on error.
 */
public CertificatePoliciesExtension(Boolean critical, Object value)
throws IOException {
    this.extensionId = PKIXExtensions.CertificatePolicies_Id;
    this.critical = critical.booleanValue();
    this.extensionValue = (byte[]) value;
    DerValue val = new DerValue(this.extensionValue);
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding for " +
                               "CertificatePoliciesExtension.");
    }
    certPolicies = new ArrayList<PolicyInformation>();
    while (val.data.available() != 0) {
        DerValue seq = val.data.getDerValue();
        PolicyInformation policy = new PolicyInformation(seq);
        certPolicies.add(policy);
    }
}
 

public void parse(byte[] bytes) throws IOException {

        // Parse signingCertificate
        DerValue derValue = new DerValue(bytes);
        if (derValue.tag != DerValue.tag_Sequence) {
            throw new IOException("Bad encoding for signingCertificate");
        }

        // Parse certs
        DerValue[] certs = derValue.data.getSequence(1);
        certId = new ESSCertId[certs.length];
        for (int i = 0; i < certs.length; i++) {
            certId[i] = new ESSCertId(certs[i]);
        }

        // Parse policies, if present
        if (derValue.data.available() > 0) {
            DerValue[] policies = derValue.data.getSequence(1);
            for (int i = 0; i < policies.length; i++) {
                // parse PolicyInformation
            }
        }
    }
 

/**
 * Create the extension from its DER encoded value and criticality.
 *
 * @param critical true if the extension is to be treated as critical.
 * @param value an array of DER encoded bytes of the actual value.
 * @exception ClassCastException if value is not an array of bytes
 * @exception IOException on error.
 */
public ExtendedKeyUsageExtension(Boolean critical, Object value)
throws IOException {
    this.extensionId = PKIXExtensions.ExtendedKeyUsage_Id;
    this.critical = critical.booleanValue();
    this.extensionValue = (byte[]) value;
    DerValue val = new DerValue(this.extensionValue);
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding for " +
                               "ExtendedKeyUsageExtension.");
    }
    keyUsages = new Vector<ObjectIdentifier>();
    while (val.data.available() != 0) {
        DerValue seq = val.data.getDerValue();
        ObjectIdentifier usage = seq.getOID();
        keyUsages.addElement(usage);
    }
}
 

/**
 * Make a DSA public key out of a public key and three parameters.
 * The p, q, and g parameters may be null, but if so, parameters will need
 * to be supplied from some other source before this key can be used in
 * cryptographic operations.  PKIX RFC2459bis explicitly allows DSA public
 * keys without parameters, where the parameters are provided in the
 * issuer's DSA public key.
 *
 * @param y the actual key bits
 * @param p DSA parameter p, may be null if all of p, q, and g are null.
 * @param q DSA parameter q, may be null if all of p, q, and g are null.
 * @param g DSA parameter g, may be null if all of p, q, and g are null.
 */
public DSAPublicKey(BigInteger y, BigInteger p, BigInteger q,
                    BigInteger g)
throws InvalidKeyException {
    this.y = y;
    algid = new AlgIdDSA(p, q, g);

    try {
        byte[] keyArray = new DerValue(DerValue.tag_Integer,
                           y.toByteArray()).toByteArray();
        setKey(new BitArray(keyArray.length*8, keyArray));
        encode();
    } catch (IOException e) {
        throw new InvalidKeyException("could not DER encode y: " +
                                      e.getMessage());
    }
}
 

/**
 * Creates the extension (also called by the subclass).
 */
protected CRLDistributionPointsExtension(ObjectIdentifier extensionId,
    Boolean critical, Object value, String extensionName)
        throws IOException {

    this.extensionId = extensionId;
    this.critical = critical.booleanValue();

    if (!(value instanceof byte[])) {
        throw new IOException("Illegal argument type");
    }

    extensionValue = (byte[])value;
    DerValue val = new DerValue(extensionValue);
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding for " + extensionName +
                              " extension.");
    }
    distributionPoints = new ArrayList<DistributionPoint>();
    while (val.data.available() != 0) {
        DerValue seq = val.data.getDerValue();
        DistributionPoint point = new DistributionPoint(seq);
        distributionPoints.add(point);
    }
    this.extensionName = extensionName;
}
 

/**
 * Create the extension from the passed DER encoded value of the same.
 *
 * @param critical true if the extension is to be treated as critical.
 * @param value Array of DER encoded bytes of the actual value.
 * @exception IOException on error.
 */
public AuthorityInfoAccessExtension(Boolean critical, Object value)
        throws IOException {
    this.extensionId = PKIXExtensions.AuthInfoAccess_Id;
    this.critical = critical.booleanValue();

    if (!(value instanceof byte[])) {
        throw new IOException("Illegal argument type");
    }

    extensionValue = (byte[])value;
    DerValue val = new DerValue(extensionValue);
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding for " +
                              "AuthorityInfoAccessExtension.");
    }
    accessDescriptions = new ArrayList<AccessDescription>();
    while (val.data.available() != 0) {
        DerValue seq = val.data.getDerValue();
        AccessDescription accessDescription = new AccessDescription(seq);
        accessDescriptions.add(accessDescription);
    }
}
 

/**
 * Create an instance of PolicyInformation, decoding from
 * the passed DerValue.
 *
 * @param val the DerValue to construct the PolicyInformation from.
 * @exception IOException on decoding errors.
 */
public PolicyInformation(DerValue val) throws IOException {
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding of PolicyInformation");
    }
    policyIdentifier = new CertificatePolicyId(val.data.getDerValue());
    if (val.data.available() != 0) {
        policyQualifiers = new LinkedHashSet<PolicyQualifierInfo>();
        DerValue opt = val.data.getDerValue();
        if (opt.tag != DerValue.tag_Sequence)
            throw new IOException("Invalid encoding of PolicyInformation");
        if (opt.data.available() == 0)
            throw new IOException("No data available in policyQualifiers");
        while (opt.data.available() != 0)
            policyQualifiers.add(new PolicyQualifierInfo
                    (opt.data.getDerValue().toByteArray()));
    } else {
        policyQualifiers = Collections.emptySet();
    }
}
 

/**
 * Encodes the distribution point name and writes it to the DerOutputStream.
 *
 * @param out the output stream.
 * @exception IOException on encoding error.
 */
public void encode(DerOutputStream out) throws IOException {

    DerOutputStream theChoice = new DerOutputStream();

    if (fullName != null) {
        fullName.encode(theChoice);
        out.writeImplicit(
            DerValue.createTag(DerValue.TAG_CONTEXT, true, TAG_FULL_NAME),
            theChoice);

    } else {
        relativeName.encode(theChoice);
        out.writeImplicit(
            DerValue.createTag(DerValue.TAG_CONTEXT, true,
                TAG_RELATIVE_NAME),
            theChoice);
    }
}
 

/**
 * Make a DSA public key out of a public key and three parameters.
 * The p, q, and g parameters may be null, but if so, parameters will need
 * to be supplied from some other source before this key can be used in
 * cryptographic operations.  PKIX RFC2459bis explicitly allows DSA public
 * keys without parameters, where the parameters are provided in the
 * issuer's DSA public key.
 *
 * @param y the actual key bits
 * @param p DSA parameter p, may be null if all of p, q, and g are null.
 * @param q DSA parameter q, may be null if all of p, q, and g are null.
 * @param g DSA parameter g, may be null if all of p, q, and g are null.
 */
public DSAPublicKey(BigInteger y, BigInteger p, BigInteger q,
                    BigInteger g)
throws InvalidKeyException {
    this.y = y;
    algid = new AlgIdDSA(p, q, g);

    try {
        byte[] keyArray = new DerValue(DerValue.tag_Integer,
                           y.toByteArray()).toByteArray();
        setKey(new BitArray(keyArray.length*8, keyArray));
        encode();
    } catch (IOException e) {
        throw new InvalidKeyException("could not DER encode y: " +
                                      e.getMessage());
    }
}
 

/**
 * Make a DSA public key out of a public key and three parameters.
 * The p, q, and g parameters may be null, but if so, parameters will need
 * to be supplied from some other source before this key can be used in
 * cryptographic operations.  PKIX RFC2459bis explicitly allows DSA public
 * keys without parameters, where the parameters are provided in the
 * issuer's DSA public key.
 *
 * @param y the actual key bits
 * @param p DSA parameter p, may be null if all of p, q, and g are null.
 * @param q DSA parameter q, may be null if all of p, q, and g are null.
 * @param g DSA parameter g, may be null if all of p, q, and g are null.
 */
public DSAPublicKey(BigInteger y, BigInteger p, BigInteger q,
                    BigInteger g)
throws InvalidKeyException {
    this.y = y;
    algid = new AlgIdDSA(p, q, g);

    try {
        byte[] keyArray = new DerValue(DerValue.tag_Integer,
                           y.toByteArray()).toByteArray();
        setKey(new BitArray(keyArray.length*8, keyArray));
        encode();
    } catch (IOException e) {
        throw new InvalidKeyException("could not DER encode y: " +
                                      e.getMessage());
    }
}
 

/**
 * Sign all the data thus far updated. The signature is formatted
 * according to the Canonical Encoding Rules, returned as a DER
 * sequence of Integer, r and s.
 *
 * @return a signature block formatted according to the Canonical
 * Encoding Rules.
 *
 * @exception SignatureException if the signature object was not
 * properly initialized, or if another exception occurs.
 *
 * @see sun.security.DSA#engineUpdate
 * @see sun.security.DSA#engineVerify
 */
protected byte[] engineSign() throws SignatureException {
    BigInteger k = generateK(presetQ);
    BigInteger r = generateR(presetP, presetQ, presetG, k);
    BigInteger s = generateS(presetX, presetQ, r, k);

    try {
        DerOutputStream outseq = new DerOutputStream(100);
        outseq.putInteger(r);
        outseq.putInteger(s);
        DerValue result = new DerValue(DerValue.tag_Sequence,
                                       outseq.toByteArray());

        return result.toByteArray();

    } catch (IOException e) {
        throw new SignatureException("error encoding signature");
    }
}
 

/**
 * Creates an instance of {@code PolicyQualifierInfo} from the
 * encoded bytes. The encoded byte array is copied on construction.
 *
 * @param encoded a byte array containing the qualifier in DER encoding
 * @exception IOException thrown if the byte array does not represent a
 * valid and parsable policy qualifier
 */
public PolicyQualifierInfo(byte[] encoded) throws IOException {
    mEncoded = encoded.clone();

    DerValue val = new DerValue(mEncoded);
    if (val.tag != DerValue.tag_Sequence)
        throw new IOException("Invalid encoding for PolicyQualifierInfo");

    mId = (val.data.getDerValue()).getOID().toString();
    byte [] tmp = val.data.toByteArray();
    if (tmp == null) {
        mData = null;
    } else {
        mData = new byte[tmp.length];
        System.arraycopy(tmp, 0, mData, 0, tmp.length);
    }
}
 

/**
 * Returns the ASN.1 encoding of this object.
 * @return the ASN.1 encoding.
 * @exception IOException if error occurs when constructing its
 * ASN.1 encoding.
 */
public byte[] getEncoded() throws NoSuchAlgorithmException, IOException
{
    if (this.encoded != null)
        return this.encoded.clone();

    DerOutputStream out = new DerOutputStream();
    DerOutputStream tmp = new DerOutputStream();

    DerOutputStream tmp2 = new DerOutputStream();
    // encode encryption algorithm
    AlgorithmId algid = AlgorithmId.get(digestAlgorithmName);
    algid.encode(tmp2);

    // encode digest data
    tmp2.putOctetString(digest);

    tmp.write(DerValue.tag_Sequence, tmp2);

    // encode salt
    tmp.putOctetString(macSalt);

    // encode iterations
    tmp.putInteger(iterations);

    // wrap everything into a SEQUENCE
    out.write(DerValue.tag_Sequence, tmp);
    this.encoded = out.toByteArray();

    return this.encoded.clone();
}
 

/**
 * Parse a PKIPATH format CertPath from an InputStream. Return an
 * unmodifiable List of the certificates.
 *
 * @param is the <code>InputStream</code> to read the data from
 * @return an unmodifiable List of the certificates
 * @exception CertificateException if an exception occurs
 */
private static List<X509Certificate> parsePKIPATH(InputStream is)
        throws CertificateException {
    List<X509Certificate> certList = null;
    CertificateFactory certFac = null;

    if (is == null) {
        throw new CertificateException("input stream is null");
    }

    try {
        DerInputStream dis = new DerInputStream(readAllBytes(is));
        DerValue[] seq = dis.getSequence(3);
        if (seq.length == 0) {
            return Collections.<X509Certificate>emptyList();
        }

        certFac = CertificateFactory.getInstance("X.509");
        certList = new ArrayList<X509Certificate>(seq.length);

        // append certs in reverse order (target to trust anchor)
        for (int i = seq.length-1; i >= 0; i--) {
            certList.add((X509Certificate)certFac.generateCertificate
                (new ByteArrayInputStream(seq[i].toByteArray())));
        }

        return Collections.unmodifiableList(certList);

    } catch (IOException ioe) {
        throw new CertificateException("IOException parsing PkiPath data: "
                + ioe, ioe);
    }
}
 

private void readObject(ObjectInputStream ois)
            throws IOException, ClassNotFoundException {
    try {
        EncryptionKey encKey = new EncryptionKey(new
                                 DerValue((byte[])ois.readObject()));
        keyType = encKey.getEType();
        keyBytes = encKey.getBytes();
    } catch (Asn1Exception ae) {
        throw new IOException(ae.getMessage());
    }
}
 

private static void CRLDistributionPointsExtensionTest(String certStr)
        throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
    X509Certificate cert = (X509Certificate) cf.generateCertificate(is);

    // oid for CRL Distribution Points = 2.5.29.31
    byte[] CDPExtBytes = cert.getExtensionValue("2.5.29.31");
    DerValue val = new DerValue(CDPExtBytes);
    byte[] data = val.getOctetString();
    CRLDistributionPointsExtension CDPExt
            = new CRLDistributionPointsExtension(false, data);
}
 

private AlgorithmParameters parseAlgParameters(ObjectIdentifier algorithm,
    DerInputStream in) throws IOException
{
    AlgorithmParameters algParams = null;
    try {
        DerValue params;
        if (in.available() == 0) {
            params = null;
        } else {
            params = in.getDerValue();
            if (params.tag == DerValue.tag_Null) {
               params = null;
            }
        }
        if (params != null) {
            if (algorithm.equals((Object)pbes2_OID)) {
                algParams = AlgorithmParameters.getInstance("PBES2");
            } else {
                algParams = AlgorithmParameters.getInstance("PBE");
            }
            algParams.init(params.toByteArray());
        }
    } catch (Exception e) {
       throw new IOException("parseAlgParameters failed: " +
                             e.getMessage(), e);
    }
    return algParams;
}
 

/**
 * Creates an Oid object from its ASN.1 DER encoding.  This refers to
 * the full encoding including tag and length.  The structure and
 * encoding of Oids is defined in ISOIEC-8824 and ISOIEC-8825.  This
 * method is identical in functionality to its byte array counterpart.
 *
 * @param derOid stream containing the DER encoded oid
 * @exception GSSException may be thrown when the DER encoding does not
 *  follow the prescribed format.
 */
public Oid(InputStream derOid) throws GSSException {
    try {
        DerValue derVal = new DerValue(derOid);
        derEncoding = derVal.toByteArray();
        oid = derVal.getOID();
    } catch (IOException e) {
        throw new GSSException(GSSException.FAILURE,
                      "Improperly formatted ASN.1 DER encoding for Oid");
    }
}
 

private PublicKey generatePublic(ECPoint point, ECParameterSpec params)
        throws PKCS11Exception {
    byte[] encodedParams =
        ECUtil.encodeECParameterSpec(getSunECProvider(), params);
    byte[] encodedPoint =
        ECUtil.encodePoint(point, params.getCurve());

    // Check whether the X9.63 encoding of an EC point shall be wrapped
    // in an ASN.1 OCTET STRING
    if (!token.config.getUseEcX963Encoding()) {
        try {
            encodedPoint =
                new DerValue(DerValue.tag_OctetString, encodedPoint)
                    .toByteArray();
        } catch (IOException e) {
            throw new
                IllegalArgumentException("Could not DER encode point", e);
        }
    }

    CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
        new CK_ATTRIBUTE(CKA_CLASS, CKO_PUBLIC_KEY),
        new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_EC),
        new CK_ATTRIBUTE(CKA_EC_POINT, encodedPoint),
        new CK_ATTRIBUTE(CKA_EC_PARAMS, encodedParams),
    };
    attributes = token.getAttributes
            (O_IMPORT, CKO_PUBLIC_KEY, CKK_EC, attributes);
    Session session = null;
    try {
        session = token.getObjSession();
        long keyID = token.p11.C_CreateObject(session.id(), attributes);
        return P11Key.publicKey
            (session, keyID, "EC", params.getCurve().getField().getFieldSize(), attributes);
    } finally {
        token.releaseSession(session);
    }
}
 

private void readObject(ObjectInputStream ois)
            throws IOException, ClassNotFoundException {
    try {
        EncryptionKey encKey = new EncryptionKey(new
                                 DerValue((byte[])ois.readObject()));
        keyType = encKey.getEType();
        keyBytes = encKey.getBytes();
    } catch (Asn1Exception ae) {
        throw new IOException(ae.getMessage());
    }
}
 

private void encodeThis() throws IOException {
    if (accessDescriptions.isEmpty()) {
        this.extensionValue = null;
    } else {
        DerOutputStream ads = new DerOutputStream();
        for (AccessDescription accessDescription : accessDescriptions) {
            accessDescription.encode(ads);
        }
        DerOutputStream seq = new DerOutputStream();
        seq.write(DerValue.tag_Sequence, ads);
        this.extensionValue = seq.toByteArray();
    }
}