Java Code Examples for sun.security.util.DerValue

private static PrivateKey toPrivateKey(String key)
        throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");

    String content = key.replaceAll("\\n", "").replace(RsaPrivateKeyStart, "").replace(RsaPrivateKeyEnd, "");
    byte[] bytes = Base64.getDecoder().decode(content);

    DerInputStream derReader = new DerInputStream(bytes);
    DerValue[] seq = derReader.getSequence(0);

    // skip version seq[0];
    BigInteger modulus = seq[1].getBigInteger();
    BigInteger publicExp = seq[2].getBigInteger();
    BigInteger privateExp = seq[3].getBigInteger();
    BigInteger prime1 = seq[4].getBigInteger();
    BigInteger prime2 = seq[5].getBigInteger();
    BigInteger exp1 = seq[6].getBigInteger();
    BigInteger exp2 = seq[7].getBigInteger();
    BigInteger crtCoef = seq[8].getBigInteger();

    RSAPrivateCrtKeySpec keySpec =
            new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp, prime1, prime2, exp1, exp2, crtCoef);

    return keyFactory.generatePrivate(keySpec);
}
 

/**
 * Create the extension from its DER encoded value and criticality.
 *
 * @param critical true if the extension is to be treated as critical.
 * @param value an array of DER encoded bytes of the actual value.
 * @exception ClassCastException if value is not an array of bytes
 * @exception IOException on error.
 */
public CertificatePoliciesExtension(Boolean critical, Object value)
throws IOException {
    this.extensionId = PKIXExtensions.CertificatePolicies_Id;
    this.critical = critical.booleanValue();
    this.extensionValue = (byte[]) value;
    DerValue val = new DerValue(this.extensionValue);
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding for " +
                               "CertificatePoliciesExtension.");
    }
    certPolicies = new ArrayList<PolicyInformation>();
    while (val.data.available() != 0) {
        DerValue seq = val.data.getDerValue();
        PolicyInformation policy = new PolicyInformation(seq);
        certPolicies.add(policy);
    }
}
 

/**
 * Create an instance of PolicyInformation, decoding from
 * the passed DerValue.
 *
 * @param val the DerValue to construct the PolicyInformation from.
 * @exception IOException on decoding errors.
 */
public PolicyInformation(DerValue val) throws IOException {
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding of PolicyInformation");
    }
    policyIdentifier = new CertificatePolicyId(val.data.getDerValue());
    if (val.data.available() != 0) {
        policyQualifiers = new LinkedHashSet<PolicyQualifierInfo>();
        DerValue opt = val.data.getDerValue();
        if (opt.tag != DerValue.tag_Sequence)
            throw new IOException("Invalid encoding of PolicyInformation");
        if (opt.data.available() == 0)
            throw new IOException("No data available in policyQualifiers");
        while (opt.data.available() != 0)
            policyQualifiers.add(new PolicyQualifierInfo
                    (opt.data.getDerValue().toByteArray()));
    } else {
        policyQualifiers = Collections.emptySet();
    }
}
 

/**
 * Creates an instance of {@code PolicyQualifierInfo} from the
 * encoded bytes. The encoded byte array is copied on construction.
 *
 * @param encoded a byte array containing the qualifier in DER encoding
 * @exception IOException thrown if the byte array does not represent a
 * valid and parsable policy qualifier
 */
public PolicyQualifierInfo(byte[] encoded) throws IOException {
    mEncoded = encoded.clone();

    DerValue val = new DerValue(mEncoded);
    if (val.tag != DerValue.tag_Sequence)
        throw new IOException("Invalid encoding for PolicyQualifierInfo");

    mId = (val.data.getDerValue()).getOID().toString();
    byte [] tmp = val.data.toByteArray();
    if (tmp == null) {
        mData = null;
    } else {
        mData = new byte[tmp.length];
        System.arraycopy(tmp, 0, mData, 0, tmp.length);
    }
}
 

protected void engineInit(byte[] params) throws IOException {
    DerValue encodedParams = new DerValue(params);

    if (encodedParams.tag != DerValue.tag_Sequence) {
        throw new IOException("DSA params parsing error");
    }

    encodedParams.data.reset();

    this.p = encodedParams.data.getBigInteger();
    this.q = encodedParams.data.getBigInteger();
    this.g = encodedParams.data.getBigInteger();

    if (encodedParams.data.available() != 0) {
        throw new IOException("encoded params have " +
                              encodedParams.data.available() +
                              " extra bytes");
    }
}
 

/**
 * Create the extension from its DER encoded value and criticality.
 *
 * @param critical true if the extension is to be treated as critical.
 * @param value an array of DER encoded bytes of the actual value.
 * @exception ClassCastException if value is not an array of bytes
 * @exception IOException on error.
 */
public CertificatePoliciesExtension(Boolean critical, Object value)
throws IOException {
    this.extensionId = PKIXExtensions.CertificatePolicies_Id;
    this.critical = critical.booleanValue();
    this.extensionValue = (byte[]) value;
    DerValue val = new DerValue(this.extensionValue);
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding for " +
                               "CertificatePoliciesExtension.");
    }
    certPolicies = new ArrayList<PolicyInformation>();
    while (val.data.available() != 0) {
        DerValue seq = val.data.getDerValue();
        PolicyInformation policy = new PolicyInformation(seq);
        certPolicies.add(policy);
    }
}
 

/**
 * Creates the extension (also called by the subclass).
 */
protected CRLDistributionPointsExtension(ObjectIdentifier extensionId,
    Boolean critical, Object value, String extensionName)
        throws IOException {

    this.extensionId = extensionId;
    this.critical = critical.booleanValue();

    if (!(value instanceof byte[])) {
        throw new IOException("Illegal argument type");
    }

    extensionValue = (byte[])value;
    DerValue val = new DerValue(extensionValue);
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding for " + extensionName +
                              " extension.");
    }
    distributionPoints = new ArrayList<DistributionPoint>();
    while (val.data.available() != 0) {
        DerValue seq = val.data.getDerValue();
        DistributionPoint point = new DistributionPoint(seq);
        distributionPoints.add(point);
    }
    this.extensionName = extensionName;
}
 

/**
 * Create the extension from its DER encoded value and criticality.
 *
 * @param critical true if the extension is to be treated as critical.
 * @param value an array of DER encoded bytes of the actual value.
 * @exception ClassCastException if value is not an array of bytes
 * @exception IOException on error.
 */
public ExtendedKeyUsageExtension(Boolean critical, Object value)
throws IOException {
    this.extensionId = PKIXExtensions.ExtendedKeyUsage_Id;
    this.critical = critical.booleanValue();
    this.extensionValue = (byte[]) value;
    DerValue val = new DerValue(this.extensionValue);
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding for " +
                               "ExtendedKeyUsageExtension.");
    }
    keyUsages = new Vector<ObjectIdentifier>();
    while (val.data.available() != 0) {
        DerValue seq = val.data.getDerValue();
        ObjectIdentifier usage = seq.getOID();
        keyUsages.addElement(usage);
    }
}
 

/**
 * Create the extension from the passed DER encoded value of the same.
 *
 * @param critical true if the extension is to be treated as critical.
 * @param value Array of DER encoded bytes of the actual value.
 * @exception IOException on error.
 */
public AuthorityInfoAccessExtension(Boolean critical, Object value)
        throws IOException {
    this.extensionId = PKIXExtensions.AuthInfoAccess_Id;
    this.critical = critical.booleanValue();

    if (!(value instanceof byte[])) {
        throw new IOException("Illegal argument type");
    }

    extensionValue = (byte[])value;
    DerValue val = new DerValue(extensionValue);
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding for " +
                              "AuthorityInfoAccessExtension.");
    }
    accessDescriptions = new ArrayList<AccessDescription>();
    while (val.data.available() != 0) {
        DerValue seq = val.data.getDerValue();
        AccessDescription accessDescription = new AccessDescription(seq);
        accessDescriptions.add(accessDescription);
    }
}
 

/**
 * Sign all the data thus far updated. The signature is formatted
 * according to the Canonical Encoding Rules, returned as a DER
 * sequence of Integer, r and s.
 *
 * @return a signature block formatted according to the Canonical
 * Encoding Rules.
 *
 * @exception SignatureException if the signature object was not
 * properly initialized, or if another exception occurs.
 *
 * @see sun.security.DSA#engineUpdate
 * @see sun.security.DSA#engineVerify
 */
protected byte[] engineSign() throws SignatureException {
    BigInteger k = generateK(presetQ);
    BigInteger r = generateR(presetP, presetQ, presetG, k);
    BigInteger s = generateS(presetX, presetQ, r, k);

    try {
        DerOutputStream outseq = new DerOutputStream(100);
        outseq.putInteger(r);
        outseq.putInteger(s);
        DerValue result = new DerValue(DerValue.tag_Sequence,
                                       outseq.toByteArray());

        return result.toByteArray();

    } catch (IOException e) {
        throw new SignatureException("error encoding signature");
    }
}
 

/**
 * Creates an instance of {@code PolicyQualifierInfo} from the
 * encoded bytes. The encoded byte array is copied on construction.
 *
 * @param encoded a byte array containing the qualifier in DER encoding
 * @exception IOException thrown if the byte array does not represent a
 * valid and parsable policy qualifier
 */
public PolicyQualifierInfo(byte[] encoded) throws IOException {
    mEncoded = encoded.clone();

    DerValue val = new DerValue(mEncoded);
    if (val.tag != DerValue.tag_Sequence)
        throw new IOException("Invalid encoding for PolicyQualifierInfo");

    mId = (val.data.getDerValue()).getOID().toString();
    byte [] tmp = val.data.toByteArray();
    if (tmp == null) {
        mData = null;
    } else {
        mData = new byte[tmp.length];
        System.arraycopy(tmp, 0, mData, 0, tmp.length);
    }
}
 

@Override
protected void decodeParameters() {
  byte[] bytes = getEncoded();
  if (bytes == null) {
    return;
  }
  try {
    DerInputStream in = new DerInputStream(bytes);
    if (in.peekByte() == DerValue.tag_BitString) {
      // Strip headers.
      in.getBitString(); // Ignore: bitstring of mod + exp.
      in.getBitString();
      modulus = new BigInteger(in.getBitString());
      in.getBitString();
      publicExponent = new BigInteger(in.getBitString());
    } else {
      DerValue[] values = in.getSequence(2);
      publicExponent = values[0].getBigInteger();
      modulus = values[1].getBigInteger();
    }
  } catch (IOException e) {
    throw new ProviderException("failed decoding public key parameters: " + e);
  }
}
 

/**
 * Make a DSA public key out of a public key and three parameters.
 * The p, q, and g parameters may be null, but if so, parameters will need
 * to be supplied from some other source before this key can be used in
 * cryptographic operations.  PKIX RFC2459bis explicitly allows DSA public
 * keys without parameters, where the parameters are provided in the
 * issuer's DSA public key.
 *
 * @param y the actual key bits
 * @param p DSA parameter p, may be null if all of p, q, and g are null.
 * @param q DSA parameter q, may be null if all of p, q, and g are null.
 * @param g DSA parameter g, may be null if all of p, q, and g are null.
 */
public DSAPublicKey(BigInteger y, BigInteger p, BigInteger q,
                    BigInteger g)
throws InvalidKeyException {
    this.y = y;
    algid = new AlgIdDSA(p, q, g);

    try {
        byte[] keyArray = new DerValue(DerValue.tag_Integer,
                           y.toByteArray()).toByteArray();
        setKey(new BitArray(keyArray.length*8, keyArray));
        encode();
    } catch (IOException e) {
        throw new InvalidKeyException("could not DER encode y: " +
                                      e.getMessage());
    }
}
 

/**
 * Create an instance of PolicyInformation, decoding from
 * the passed DerValue.
 *
 * @param val the DerValue to construct the PolicyInformation from.
 * @exception IOException on decoding errors.
 */
public PolicyInformation(DerValue val) throws IOException {
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding of PolicyInformation");
    }
    policyIdentifier = new CertificatePolicyId(val.data.getDerValue());
    if (val.data.available() != 0) {
        policyQualifiers = new LinkedHashSet<PolicyQualifierInfo>();
        DerValue opt = val.data.getDerValue();
        if (opt.tag != DerValue.tag_Sequence)
            throw new IOException("Invalid encoding of PolicyInformation");
        if (opt.data.available() == 0)
            throw new IOException("No data available in policyQualifiers");
        while (opt.data.available() != 0)
            policyQualifiers.add(new PolicyQualifierInfo
                    (opt.data.getDerValue().toByteArray()));
    } else {
        policyQualifiers = Collections.emptySet();
    }
}
 

/**
 * Make a DSA public key out of a public key and three parameters.
 * The p, q, and g parameters may be null, but if so, parameters will need
 * to be supplied from some other source before this key can be used in
 * cryptographic operations.  PKIX RFC2459bis explicitly allows DSA public
 * keys without parameters, where the parameters are provided in the
 * issuer's DSA public key.
 *
 * @param y the actual key bits
 * @param p DSA parameter p, may be null if all of p, q, and g are null.
 * @param q DSA parameter q, may be null if all of p, q, and g are null.
 * @param g DSA parameter g, may be null if all of p, q, and g are null.
 */
public DSAPublicKey(BigInteger y, BigInteger p, BigInteger q,
                    BigInteger g)
throws InvalidKeyException {
    this.y = y;
    algid = new AlgIdDSA(p, q, g);

    try {
        byte[] keyArray = new DerValue(DerValue.tag_Integer,
                           y.toByteArray()).toByteArray();
        setKey(new BitArray(keyArray.length*8, keyArray));
        encode();
    } catch (IOException e) {
        throw new InvalidKeyException("could not DER encode y: " +
                                      e.getMessage());
    }
}
 

/**
 * Make a DSA public key out of a public key and three parameters.
 * The p, q, and g parameters may be null, but if so, parameters will need
 * to be supplied from some other source before this key can be used in
 * cryptographic operations.  PKIX RFC2459bis explicitly allows DSA public
 * keys without parameters, where the parameters are provided in the
 * issuer's DSA public key.
 *
 * @param y the actual key bits
 * @param p DSA parameter p, may be null if all of p, q, and g are null.
 * @param q DSA parameter q, may be null if all of p, q, and g are null.
 * @param g DSA parameter g, may be null if all of p, q, and g are null.
 */
public DSAPublicKey(BigInteger y, BigInteger p, BigInteger q,
                    BigInteger g)
throws InvalidKeyException {
    this.y = y;
    algid = new AlgIdDSA(p, q, g);

    try {
        byte[] keyArray = new DerValue(DerValue.tag_Integer,
                           y.toByteArray()).toByteArray();
        setKey(new BitArray(keyArray.length*8, keyArray));
        encode();
    } catch (IOException e) {
        throw new InvalidKeyException("could not DER encode y: " +
                                      e.getMessage());
    }
}
 

/**
 * Sign all the data thus far updated. The signature is formatted
 * according to the Canonical Encoding Rules, returned as a DER
 * sequence of Integer, r and s.
 *
 * @return a signature block formatted according to the Canonical
 * Encoding Rules.
 *
 * @exception SignatureException if the signature object was not
 * properly initialized, or if another exception occurs.
 *
 * @see sun.security.DSA#engineUpdate
 * @see sun.security.DSA#engineVerify
 */
protected byte[] engineSign() throws SignatureException {
    BigInteger k = generateK(presetQ);
    BigInteger r = generateR(presetP, presetQ, presetG, k);
    BigInteger s = generateS(presetX, presetQ, r, k);

    try {
        DerOutputStream outseq = new DerOutputStream(100);
        outseq.putInteger(r);
        outseq.putInteger(s);
        DerValue result = new DerValue(DerValue.tag_Sequence,
                                       outseq.toByteArray());

        return result.toByteArray();

    } catch (IOException e) {
        throw new SignatureException("error encoding signature");
    }
}
 

/**
 * Parse (unmarshal) a kerberostime from a DER input stream.  This form
 * parsing might be used when expanding a value which is part of
 * a constructed sequence and uses explicitly tagged type.
 *
 * @exception Asn1Exception on error.
 * @param data the Der input stream value, which contains
 *             one or more marshaled value.
 * @param explicitTag tag number.
 * @param optional indicates if this data field is optional
 * @return an instance of KerberosTime.
 *
 */
public static KerberosTime parse(
        DerInputStream data, byte explicitTag, boolean optional)
        throws Asn1Exception, IOException {
    if ((optional) && (((byte)data.peekByte() & (byte)0x1F)!= explicitTag))
        return null;
    DerValue der = data.getDerValue();
    if (explicitTag != (der.getTag() & (byte)0x1F))  {
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
    else {
        DerValue subDer = der.getData().getDerValue();
        Date temp = subDer.getGeneralizedTime();
        return new KerberosTime(temp.getTime(), 0);
    }
}
 

static void checkData(X509CRLImpl c, byte[] data, BigInteger[] expected)
        throws Exception {
    if (c.getRevokedCertificates().size() != expected.length) {
        throw new Exception("Wrong count in CRL object, now " +
                c.getRevokedCertificates().size());
    }
    DerValue d1 = new DerValue(data);
    // revokedCertificates at 5th place of TBSCertList
    DerValue[] d2 = new DerInputStream(
            d1.data.getSequence(0)[4].toByteArray())
            .getSequence(0);
    if (d2.length != expected.length) {
        throw new Exception("Wrong count in raw data, now " + d2.length);
    }
    for (int i=0; i<d2.length; i++) {
        // Serial is first in revokedCertificates entry
        BigInteger bi = d2[i].data.getBigInteger();
        if (!bi.equals(expected[i])) {
            throw new Exception("Entry at #" + i + " is " + bi
                    + ", should be " + expected[i]);
        }
    }
}
 

public void parse(byte[] bytes) throws IOException {

        // Parse signingCertificate
        DerValue derValue = new DerValue(bytes);
        if (derValue.tag != DerValue.tag_Sequence) {
            throw new IOException("Bad encoding for signingCertificate");
        }

        // Parse certs
        DerValue[] certs = derValue.data.getSequence(1);
        certId = new ESSCertId[certs.length];
        for (int i = 0; i < certs.length; i++) {
            certId[i] = new ESSCertId(certs[i]);
        }

        // Parse policies, if present
        if (derValue.data.available() > 0) {
            DerValue[] policies = derValue.data.getSequence(1);
            for (int i = 0; i < policies.length; i++) {
                // parse PolicyInformation
            }
        }
    }
 

/**
 * Encodes the distribution point name and writes it to the DerOutputStream.
 *
 * @param out the output stream.
 * @exception IOException on encoding error.
 */
public void encode(DerOutputStream out) throws IOException {

    DerOutputStream theChoice = new DerOutputStream();

    if (fullName != null) {
        fullName.encode(theChoice);
        out.writeImplicit(
            DerValue.createTag(DerValue.TAG_CONTEXT, true, TAG_FULL_NAME),
            theChoice);

    } else {
        relativeName.encode(theChoice);
        out.writeImplicit(
            DerValue.createTag(DerValue.TAG_CONTEXT, true,
                TAG_RELATIVE_NAME),
            theChoice);
    }
}
 

/**
 * Creates an Oid object from its ASN.1 DER encoding.  This refers to
 * the full encoding including tag and length.  The structure and
 * encoding of Oids is defined in ISOIEC-8824 and ISOIEC-8825.  This
 * method is identical in functionality to its InputStream conterpart.
 *
 * @param data byte array containing the DER encoded oid
 * @exception GSSException may be thrown when the DER encoding does not
 *     follow the prescribed format.
 */
public Oid(byte [] data) throws GSSException {
    try {
        DerValue derVal = new DerValue(data);
        derEncoding = derVal.toByteArray();
        oid = derVal.getOID();
    } catch (IOException e) {
        throw new GSSException(GSSException.FAILURE,
                      "Improperly formatted ASN.1 DER encoding for Oid");
    }
}
 

/**
 * Create the extension from the passed DER encoded value of the same.
 *
 * @param critical criticality flag to use.  Must be true for this
 *                 extension.
 * @param value a byte array holding the DER-encoded extension value.
 * @exception ClassCastException if value is not an array of bytes
 * @exception IOException on error.
 */
public InhibitAnyPolicyExtension(Boolean critical, Object value)
    throws IOException {

    this.extensionId = PKIXExtensions.InhibitAnyPolicy_Id;

    if (!critical.booleanValue())
        throw new IOException("Criticality cannot be false for " +
                              "InhibitAnyPolicy");
    this.critical = critical.booleanValue();

    this.extensionValue = (byte[]) value;
    DerValue val = new DerValue(this.extensionValue);
    if (val.tag != DerValue.tag_Integer)
        throw new IOException("Invalid encoding of InhibitAnyPolicy: "
                              + "data not integer");

    if (val.data == null)
        throw new IOException("Invalid encoding of InhibitAnyPolicy: "
                              + "null data");
    int skipCertsValue = val.getInteger();
    if (skipCertsValue < -1)
        throw new IOException("Invalid value for skipCerts");
    if (skipCertsValue == -1) {
        this.skipCerts = Integer.MAX_VALUE;
    } else {
        this.skipCerts = skipCertsValue;
    }
}
 

private PublicKey generatePublic(ECPoint point, ECParameterSpec params)
        throws PKCS11Exception {
    byte[] encodedParams =
        ECUtil.encodeECParameterSpec(getSunECProvider(), params);
    byte[] encodedPoint =
        ECUtil.encodePoint(point, params.getCurve());

    // Check whether the X9.63 encoding of an EC point shall be wrapped
    // in an ASN.1 OCTET STRING
    if (!token.config.getUseEcX963Encoding()) {
        try {
            encodedPoint =
                new DerValue(DerValue.tag_OctetString, encodedPoint)
                    .toByteArray();
        } catch (IOException e) {
            throw new
                IllegalArgumentException("Could not DER encode point", e);
        }
    }

    CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
        new CK_ATTRIBUTE(CKA_CLASS, CKO_PUBLIC_KEY),
        new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_EC),
        new CK_ATTRIBUTE(CKA_EC_POINT, encodedPoint),
        new CK_ATTRIBUTE(CKA_EC_PARAMS, encodedParams),
    };
    attributes = token.getAttributes
            (O_IMPORT, CKO_PUBLIC_KEY, CKK_EC, attributes);
    Session session = null;
    try {
        session = token.getObjSession();
        long keyID = token.p11.C_CreateObject(session.id(), attributes);
        return P11Key.publicKey
            (session, keyID, "EC", params.getCurve().getField().getFieldSize(), attributes);
    } finally {
        token.releaseSession(session);
    }
}
 

public KerberosString(DerValue der) throws IOException {
    if (der.tag != DerValue.tag_GeneralString) {
        throw new IOException(
            "KerberosString's tag is incorrect: " + der.tag);
    }
    s = new String(der.getDataBytes(), MSNAME?"UTF8":"ASCII");
}
 

private void readObject(ObjectInputStream ois)
            throws IOException, ClassNotFoundException {
    try {
        EncryptionKey encKey = new EncryptionKey(new
                                 DerValue((byte[])ois.readObject()));
        keyType = encKey.getEType();
        keyBytes = encKey.getBytes();
    } catch (Asn1Exception ae) {
        throw new IOException(ae.getMessage());
    }
}
 

protected byte[] engineGetEncoded() throws IOException {
    DerOutputStream out = new DerOutputStream();
    DerOutputStream bytes = new DerOutputStream();

    bytes.putInteger(p);
    bytes.putInteger(q);
    bytes.putInteger(g);
    out.write(DerValue.tag_Sequence, bytes);
    return out.toByteArray();
}
 

public byte[] encode() throws IOException {

        DerOutputStream request = new DerOutputStream();

        // encode version
        request.putInteger(version);

        // encode messageImprint
        DerOutputStream messageImprint = new DerOutputStream();
        hashAlgorithmId.encode(messageImprint);
        messageImprint.putOctetString(hashValue);
        request.write(DerValue.tag_Sequence, messageImprint);

        // encode optional elements

        if (policyId != null) {
            request.putOID(new ObjectIdentifier(policyId));
        }
        if (nonce != null) {
            request.putInteger(nonce);
        }
        if (returnCertificate) {
            request.putBoolean(true);
        }

        DerOutputStream out = new DerOutputStream();
        out.write(DerValue.tag_Sequence, request);
        return out.toByteArray();
    }
 

ESSCertId(DerValue certId) throws IOException {
    // Parse certHash
    certHash = certId.data.getDerValue().toByteArray();

    // Parse issuerSerial, if present
    if (certId.data.available() > 0) {
        DerValue issuerSerial = certId.data.getDerValue();
        // Parse issuer
        issuer = new GeneralNames(issuerSerial.data.getDerValue());
        // Parse serialNumber
        serialNumber = new SerialNumber(issuerSerial.data.getDerValue());
    }
}
 

/**
 * Parses a PKCS#12 MAC data.
 */
MacData(DerInputStream derin)
    throws IOException, ParsingException
{
    DerValue[] macData = derin.getSequence(2);

    // Parse the digest info
    DerInputStream digestIn = new DerInputStream(macData[0].toByteArray());
    DerValue[] digestInfo = digestIn.getSequence(2);

    // Parse the DigestAlgorithmIdentifier.
    AlgorithmId digestAlgorithmId = AlgorithmId.parse(digestInfo[0]);
    this.digestAlgorithmName = digestAlgorithmId.getName();
    this.digestAlgorithmParams = digestAlgorithmId.getParameters();
    // Get the digest.
    this.digest = digestInfo[1].getOctetString();

    // Get the salt.
    this.macSalt = macData[1].getOctetString();

    // Iterations is optional. The default value is 1.
    if (macData.length > 2) {
        this.iterations = macData[2].getInteger();
    } else {
        this.iterations = 1;
    }
}