Java Code Examples for sun.security.util.DerValue#isContextSpecific()
The following examples show how to use
sun.security.util.DerValue#isContextSpecific() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: DistributionPointName.java From Bytecoder with Apache License 2.0 | 6 votes |
|
/**
* Creates a distribution point name from its DER-encoded form.
*
* @param encoding the DER-encoded value.
* @throws IOException on decoding error.
*/
public DistributionPointName(DerValue encoding) throws IOException {
if (encoding.isContextSpecific(TAG_FULL_NAME) &&
encoding.isConstructed()) {
encoding.resetTag(DerValue.tag_Sequence);
fullName = new GeneralNames(encoding);
} else if (encoding.isContextSpecific(TAG_RELATIVE_NAME) &&
encoding.isConstructed()) {
encoding.resetTag(DerValue.tag_Set);
relativeName = new RDN(encoding);
} else {
throw new IOException("Invalid encoding for DistributionPointName");
}
}
Example 2
| Source File: ResponderId.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructs a {@code ResponderId} object from its DER-encoding.
*
* @param encodedData the DER-encoded bytes
*
* @throws IOException if the encodedData is not properly DER encoded
*/
public ResponderId(byte[] encodedData) throws IOException {
DerValue outer = new DerValue(encodedData);
if (outer.isContextSpecific((byte)Type.BY_NAME.value())
&& outer.isConstructed()) {
// Use the X500Principal constructor as a way to sanity
// check the incoming data.
responderName = new X500Principal(outer.getDataBytes());
encodedRid = principalToBytes();
type = Type.BY_NAME;
} else if (outer.isContextSpecific((byte)Type.BY_KEY.value())
&& outer.isConstructed()) {
// Use the KeyIdentifier constructor as a way to sanity
// check the incoming data.
responderKeyId =
new KeyIdentifier(new DerValue(outer.getDataBytes()));
encodedRid = keyIdToBytes();
type = Type.BY_KEY;
} else {
throw new IOException("Invalid ResponderId content");
}
}
Example 3
| Source File: SimpleOCSPServer.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
/**
* Construct a {@code LocalOcspRequest} from its DER encoding.
*
* @param requestBytes the DER-encoded bytes
*
* @throws IOException if decoding errors occur
* @throws CertificateException if certificates are found in the
* OCSP request and they do not parse correctly.
*/
private LocalOcspRequest(byte[] requestBytes) throws IOException,
CertificateException {
Objects.requireNonNull(requestBytes, "Received null input");
DerInputStream dis = new DerInputStream(requestBytes);
// Parse the top-level structure, it should have no more than
// two elements.
DerValue[] topStructs = dis.getSequence(2);
for (DerValue dv : topStructs) {
if (dv.tag == DerValue.tag_Sequence) {
parseTbsRequest(dv);
} else if (dv.isContextSpecific((byte)0)) {
parseSignature(dv);
} else {
throw new IOException("Unknown tag at top level: " +
dv.tag);
}
}
}
Example 4
| Source File: DistributionPointName.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Creates a distribution point name from its DER-encoded form.
*
* @param encoding the DER-encoded value.
* @throws IOException on decoding error.
*/
public DistributionPointName(DerValue encoding) throws IOException {
if (encoding.isContextSpecific(TAG_FULL_NAME) &&
encoding.isConstructed()) {
encoding.resetTag(DerValue.tag_Sequence);
fullName = new GeneralNames(encoding);
} else if (encoding.isContextSpecific(TAG_RELATIVE_NAME) &&
encoding.isConstructed()) {
encoding.resetTag(DerValue.tag_Set);
relativeName = new RDN(encoding);
} else {
throw new IOException("Invalid encoding for DistributionPointName");
}
}
Example 5
| Source File: DistributionPointName.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
/**
* Creates a distribution point name from its DER-encoded form.
*
* @param encoding the DER-encoded value.
* @throws IOException on decoding error.
*/
public DistributionPointName(DerValue encoding) throws IOException {
if (encoding.isContextSpecific(TAG_FULL_NAME) &&
encoding.isConstructed()) {
encoding.resetTag(DerValue.tag_Sequence);
fullName = new GeneralNames(encoding);
} else if (encoding.isContextSpecific(TAG_RELATIVE_NAME) &&
encoding.isConstructed()) {
encoding.resetTag(DerValue.tag_Set);
relativeName = new RDN(encoding);
} else {
throw new IOException("Invalid encoding for DistributionPointName");
}
}
Example 6
| Source File: ResponderId.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructs a {@code ResponderId} object from its DER-encoding.
*
* @param encodedData the DER-encoded bytes
*
* @throws IOException if the encodedData is not properly DER encoded
*/
public ResponderId(byte[] encodedData) throws IOException {
DerValue outer = new DerValue(encodedData);
if (outer.isContextSpecific((byte)Type.BY_NAME.value())
&& outer.isConstructed()) {
// Use the X500Principal constructor as a way to sanity
// check the incoming data.
responderName = new X500Principal(outer.getDataBytes());
encodedRid = principalToBytes();
type = Type.BY_NAME;
} else if (outer.isContextSpecific((byte)Type.BY_KEY.value())
&& outer.isConstructed()) {
// Use the KeyIdentifier constructor as a way to sanity
// check the incoming data.
responderKeyId =
new KeyIdentifier(new DerValue(outer.getDataBytes()));
encodedRid = keyIdToBytes();
type = Type.BY_KEY;
} else {
throw new IOException("Invalid ResponderId content");
}
}
Example 7
| Source File: DistributionPoint.java From jdk8u60 with GNU General Public License v2.0 | 4 votes |
|
/**
* Create the object from the passed DER encoded form.
*
* @param val the DER encoded form of the DistributionPoint
* @throws IOException on error
*/
public DistributionPoint(DerValue val) throws IOException {
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding of DistributionPoint.");
}
// Note that all the fields in DistributionPoint are defined as
// being OPTIONAL, i.e., there could be an empty SEQUENCE, resulting
// in val.data being null.
while ((val.data != null) && (val.data.available() != 0)) {
DerValue opt = val.data.getDerValue();
if (opt.isContextSpecific(TAG_DIST_PT) && opt.isConstructed()) {
if ((fullName != null) || (relativeName != null)) {
throw new IOException("Duplicate DistributionPointName in "
+ "DistributionPoint.");
}
DerValue distPnt = opt.data.getDerValue();
if (distPnt.isContextSpecific(TAG_FULL_NAME)
&& distPnt.isConstructed()) {
distPnt.resetTag(DerValue.tag_Sequence);
fullName = new GeneralNames(distPnt);
} else if (distPnt.isContextSpecific(TAG_REL_NAME)
&& distPnt.isConstructed()) {
distPnt.resetTag(DerValue.tag_Set);
relativeName = new RDN(distPnt);
} else {
throw new IOException("Invalid DistributionPointName in "
+ "DistributionPoint");
}
} else if (opt.isContextSpecific(TAG_REASONS)
&& !opt.isConstructed()) {
if (reasonFlags != null) {
throw new IOException("Duplicate Reasons in " +
"DistributionPoint.");
}
opt.resetTag(DerValue.tag_BitString);
reasonFlags = (opt.getUnalignedBitString()).toBooleanArray();
} else if (opt.isContextSpecific(TAG_ISSUER)
&& opt.isConstructed()) {
if (crlIssuer != null) {
throw new IOException("Duplicate CRLIssuer in " +
"DistributionPoint.");
}
opt.resetTag(DerValue.tag_Sequence);
crlIssuer = new GeneralNames(opt);
} else {
throw new IOException("Invalid encoding of " +
"DistributionPoint.");
}
}
if ((crlIssuer == null) && (fullName == null) && (relativeName == null)) {
throw new IOException("One of fullName, relativeName, "
+ " and crlIssuer has to be set");
}
}
Example 8
| Source File: DistributionPoint.java From Bytecoder with Apache License 2.0 | 4 votes |
|
/**
* Create the object from the passed DER encoded form.
*
* @param val the DER encoded form of the DistributionPoint
* @throws IOException on error
*/
public DistributionPoint(DerValue val) throws IOException {
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding of DistributionPoint.");
}
// Note that all the fields in DistributionPoint are defined as
// being OPTIONAL, i.e., there could be an empty SEQUENCE, resulting
// in val.data being null.
while ((val.data != null) && (val.data.available() != 0)) {
DerValue opt = val.data.getDerValue();
if (opt.isContextSpecific(TAG_DIST_PT) && opt.isConstructed()) {
if ((fullName != null) || (relativeName != null)) {
throw new IOException("Duplicate DistributionPointName in "
+ "DistributionPoint.");
}
DerValue distPnt = opt.data.getDerValue();
if (distPnt.isContextSpecific(TAG_FULL_NAME)
&& distPnt.isConstructed()) {
distPnt.resetTag(DerValue.tag_Sequence);
fullName = new GeneralNames(distPnt);
} else if (distPnt.isContextSpecific(TAG_REL_NAME)
&& distPnt.isConstructed()) {
distPnt.resetTag(DerValue.tag_Set);
relativeName = new RDN(distPnt);
} else {
throw new IOException("Invalid DistributionPointName in "
+ "DistributionPoint");
}
} else if (opt.isContextSpecific(TAG_REASONS)
&& !opt.isConstructed()) {
if (reasonFlags != null) {
throw new IOException("Duplicate Reasons in " +
"DistributionPoint.");
}
opt.resetTag(DerValue.tag_BitString);
reasonFlags = (opt.getUnalignedBitString()).toBooleanArray();
} else if (opt.isContextSpecific(TAG_ISSUER)
&& opt.isConstructed()) {
if (crlIssuer != null) {
throw new IOException("Duplicate CRLIssuer in " +
"DistributionPoint.");
}
opt.resetTag(DerValue.tag_Sequence);
crlIssuer = new GeneralNames(opt);
} else {
throw new IOException("Invalid encoding of " +
"DistributionPoint.");
}
}
if ((crlIssuer == null) && (fullName == null) && (relativeName == null)) {
throw new IOException("One of fullName, relativeName, "
+ " and crlIssuer has to be set");
}
}
Example 9
| Source File: SpnegoReqFlags.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
|
void go() throws Exception {
Context c = Context.fromJAAS("client");
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID);
byte[] token = c.doAs(new Action() {
@Override
public byte[] run(Context me, byte[] input) throws Exception {
me.x().requestCredDeleg(true);
me.x().requestReplayDet(false);
me.x().requestSequenceDet(false);
return me.x().initSecContext(new byte[0], 0, 0);
}
}, null);
DerValue d = new DerValue(token); // GSSToken
DerInputStream ins = d.data; // OID + mech token
d.data.getDerValue(); // skip OID
d = d.data.getDerValue(); // NegTokenInit
d = d.data.getDerValue(); // The SEQUENCE inside
boolean found = false;
// Go through all fields inside NegTokenInit. The reqFlags field
// is optional. It's even not recommended in RFC 4178.
while (d.data.available() > 0) {
DerValue d2 = d.data.getDerValue();
if (d2.isContextSpecific((byte)1)) {
found = true;
System.out.println("regFlags field located.");
BitArray ba = d2.data.getUnalignedBitString();
if (ba.length() != 7) {
throw new Exception("reqFlags should contain 7 bits");
}
if (!ba.get(0)) {
throw new Exception("delegFlag should be true");
}
if (ba.get(2) || ba.get(3)) {
throw new Exception("replay/sequenceFlag should be false");
}
}
}
if (!found) {
System.out.println("Warning: regFlags field not found, too new?");
}
c.dispose();
}
Example 10
| Source File: DistributionPoint.java From hottub with GNU General Public License v2.0 | 4 votes |
|
/**
* Create the object from the passed DER encoded form.
*
* @param val the DER encoded form of the DistributionPoint
* @throws IOException on error
*/
public DistributionPoint(DerValue val) throws IOException {
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding of DistributionPoint.");
}
// Note that all the fields in DistributionPoint are defined as
// being OPTIONAL, i.e., there could be an empty SEQUENCE, resulting
// in val.data being null.
while ((val.data != null) && (val.data.available() != 0)) {
DerValue opt = val.data.getDerValue();
if (opt.isContextSpecific(TAG_DIST_PT) && opt.isConstructed()) {
if ((fullName != null) || (relativeName != null)) {
throw new IOException("Duplicate DistributionPointName in "
+ "DistributionPoint.");
}
DerValue distPnt = opt.data.getDerValue();
if (distPnt.isContextSpecific(TAG_FULL_NAME)
&& distPnt.isConstructed()) {
distPnt.resetTag(DerValue.tag_Sequence);
fullName = new GeneralNames(distPnt);
} else if (distPnt.isContextSpecific(TAG_REL_NAME)
&& distPnt.isConstructed()) {
distPnt.resetTag(DerValue.tag_Set);
relativeName = new RDN(distPnt);
} else {
throw new IOException("Invalid DistributionPointName in "
+ "DistributionPoint");
}
} else if (opt.isContextSpecific(TAG_REASONS)
&& !opt.isConstructed()) {
if (reasonFlags != null) {
throw new IOException("Duplicate Reasons in " +
"DistributionPoint.");
}
opt.resetTag(DerValue.tag_BitString);
reasonFlags = (opt.getUnalignedBitString()).toBooleanArray();
} else if (opt.isContextSpecific(TAG_ISSUER)
&& opt.isConstructed()) {
if (crlIssuer != null) {
throw new IOException("Duplicate CRLIssuer in " +
"DistributionPoint.");
}
opt.resetTag(DerValue.tag_Sequence);
crlIssuer = new GeneralNames(opt);
} else {
throw new IOException("Invalid encoding of " +
"DistributionPoint.");
}
}
if ((crlIssuer == null) && (fullName == null) && (relativeName == null)) {
throw new IOException("One of fullName, relativeName, "
+ " and crlIssuer has to be set");
}
}
Example 11
| Source File: DistributionPoint.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
|
/**
* Create the object from the passed DER encoded form.
*
* @param val the DER encoded form of the DistributionPoint
* @throws IOException on error
*/
public DistributionPoint(DerValue val) throws IOException {
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding of DistributionPoint.");
}
// Note that all the fields in DistributionPoint are defined as
// being OPTIONAL, i.e., there could be an empty SEQUENCE, resulting
// in val.data being null.
while ((val.data != null) && (val.data.available() != 0)) {
DerValue opt = val.data.getDerValue();
if (opt.isContextSpecific(TAG_DIST_PT) && opt.isConstructed()) {
if ((fullName != null) || (relativeName != null)) {
throw new IOException("Duplicate DistributionPointName in "
+ "DistributionPoint.");
}
DerValue distPnt = opt.data.getDerValue();
if (distPnt.isContextSpecific(TAG_FULL_NAME)
&& distPnt.isConstructed()) {
distPnt.resetTag(DerValue.tag_Sequence);
fullName = new GeneralNames(distPnt);
} else if (distPnt.isContextSpecific(TAG_REL_NAME)
&& distPnt.isConstructed()) {
distPnt.resetTag(DerValue.tag_Set);
relativeName = new RDN(distPnt);
} else {
throw new IOException("Invalid DistributionPointName in "
+ "DistributionPoint");
}
} else if (opt.isContextSpecific(TAG_REASONS)
&& !opt.isConstructed()) {
if (reasonFlags != null) {
throw new IOException("Duplicate Reasons in " +
"DistributionPoint.");
}
opt.resetTag(DerValue.tag_BitString);
reasonFlags = (opt.getUnalignedBitString()).toBooleanArray();
} else if (opt.isContextSpecific(TAG_ISSUER)
&& opt.isConstructed()) {
if (crlIssuer != null) {
throw new IOException("Duplicate CRLIssuer in " +
"DistributionPoint.");
}
opt.resetTag(DerValue.tag_Sequence);
crlIssuer = new GeneralNames(opt);
} else {
throw new IOException("Invalid encoding of " +
"DistributionPoint.");
}
}
if ((crlIssuer == null) && (fullName == null) && (relativeName == null)) {
throw new IOException("One of fullName, relativeName, "
+ " and crlIssuer has to be set");
}
}
Example 12
| Source File: DistributionPoint.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Create the object from the passed DER encoded form.
*
* @param val the DER encoded form of the DistributionPoint
* @throws IOException on error
*/
public DistributionPoint(DerValue val) throws IOException {
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding of DistributionPoint.");
}
// Note that all the fields in DistributionPoint are defined as
// being OPTIONAL, i.e., there could be an empty SEQUENCE, resulting
// in val.data being null.
while ((val.data != null) && (val.data.available() != 0)) {
DerValue opt = val.data.getDerValue();
if (opt.isContextSpecific(TAG_DIST_PT) && opt.isConstructed()) {
if ((fullName != null) || (relativeName != null)) {
throw new IOException("Duplicate DistributionPointName in "
+ "DistributionPoint.");
}
DerValue distPnt = opt.data.getDerValue();
if (distPnt.isContextSpecific(TAG_FULL_NAME)
&& distPnt.isConstructed()) {
distPnt.resetTag(DerValue.tag_Sequence);
fullName = new GeneralNames(distPnt);
} else if (distPnt.isContextSpecific(TAG_REL_NAME)
&& distPnt.isConstructed()) {
distPnt.resetTag(DerValue.tag_Set);
relativeName = new RDN(distPnt);
} else {
throw new IOException("Invalid DistributionPointName in "
+ "DistributionPoint");
}
} else if (opt.isContextSpecific(TAG_REASONS)
&& !opt.isConstructed()) {
if (reasonFlags != null) {
throw new IOException("Duplicate Reasons in " +
"DistributionPoint.");
}
opt.resetTag(DerValue.tag_BitString);
reasonFlags = (opt.getUnalignedBitString()).toBooleanArray();
} else if (opt.isContextSpecific(TAG_ISSUER)
&& opt.isConstructed()) {
if (crlIssuer != null) {
throw new IOException("Duplicate CRLIssuer in " +
"DistributionPoint.");
}
opt.resetTag(DerValue.tag_Sequence);
crlIssuer = new GeneralNames(opt);
} else {
throw new IOException("Invalid encoding of " +
"DistributionPoint.");
}
}
if ((crlIssuer == null) && (fullName == null) && (relativeName == null)) {
throw new IOException("One of fullName, relativeName, "
+ " and crlIssuer has to be set");
}
}
Example 13
| Source File: IssuingDistributionPointExtension.java From jdk8u60 with GNU General Public License v2.0 | 4 votes |
|
/**
* Creates a critical IssuingDistributionPointExtension from its
* DER-encoding.
*
* @param critical true if the extension is to be treated as critical.
* @param value the DER-encoded value. It must be a <code>byte[]</code>.
* @exception IOException on decoding error.
*/
public IssuingDistributionPointExtension(Boolean critical, Object value)
throws IOException {
this.extensionId = PKIXExtensions.IssuingDistributionPoint_Id;
this.critical = critical.booleanValue();
if (!(value instanceof byte[])) {
throw new IOException("Illegal argument type");
}
extensionValue = (byte[])value;
DerValue val = new DerValue(extensionValue);
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding for " +
"IssuingDistributionPointExtension.");
}
// All the elements in issuingDistributionPoint are optional
if ((val.data == null) || (val.data.available() == 0)) {
return;
}
DerInputStream in = val.data;
while (in != null && in.available() != 0) {
DerValue opt = in.getDerValue();
if (opt.isContextSpecific(TAG_DISTRIBUTION_POINT) &&
opt.isConstructed()) {
distributionPoint =
new DistributionPointName(opt.data.getDerValue());
} else if (opt.isContextSpecific(TAG_ONLY_USER_CERTS) &&
!opt.isConstructed()) {
opt.resetTag(DerValue.tag_Boolean);
hasOnlyUserCerts = opt.getBoolean();
} else if (opt.isContextSpecific(TAG_ONLY_CA_CERTS) &&
!opt.isConstructed()) {
opt.resetTag(DerValue.tag_Boolean);
hasOnlyCACerts = opt.getBoolean();
} else if (opt.isContextSpecific(TAG_ONLY_SOME_REASONS) &&
!opt.isConstructed()) {
revocationReasons = new ReasonFlags(opt); // expects tag implicit
} else if (opt.isContextSpecific(TAG_INDIRECT_CRL) &&
!opt.isConstructed()) {
opt.resetTag(DerValue.tag_Boolean);
isIndirectCRL = opt.getBoolean();
} else if (opt.isContextSpecific(TAG_ONLY_ATTRIBUTE_CERTS) &&
!opt.isConstructed()) {
opt.resetTag(DerValue.tag_Boolean);
hasOnlyAttributeCerts = opt.getBoolean();
} else {
throw new IOException
("Invalid encoding of IssuingDistributionPoint");
}
}
}
Example 14
| Source File: IssuingDistributionPointExtension.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
/**
* Creates a critical IssuingDistributionPointExtension from its
* DER-encoding.
*
* @param critical true if the extension is to be treated as critical.
* @param value the DER-encoded value. It must be a <code>byte[]</code>.
* @exception IOException on decoding error.
*/
public IssuingDistributionPointExtension(Boolean critical, Object value)
throws IOException {
this.extensionId = PKIXExtensions.IssuingDistributionPoint_Id;
this.critical = critical.booleanValue();
if (!(value instanceof byte[])) {
throw new IOException("Illegal argument type");
}
extensionValue = (byte[])value;
DerValue val = new DerValue(extensionValue);
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding for " +
"IssuingDistributionPointExtension.");
}
// All the elements in issuingDistributionPoint are optional
if ((val.data == null) || (val.data.available() == 0)) {
return;
}
DerInputStream in = val.data;
while (in != null && in.available() != 0) {
DerValue opt = in.getDerValue();
if (opt.isContextSpecific(TAG_DISTRIBUTION_POINT) &&
opt.isConstructed()) {
distributionPoint =
new DistributionPointName(opt.data.getDerValue());
} else if (opt.isContextSpecific(TAG_ONLY_USER_CERTS) &&
!opt.isConstructed()) {
opt.resetTag(DerValue.tag_Boolean);
hasOnlyUserCerts = opt.getBoolean();
} else if (opt.isContextSpecific(TAG_ONLY_CA_CERTS) &&
!opt.isConstructed()) {
opt.resetTag(DerValue.tag_Boolean);
hasOnlyCACerts = opt.getBoolean();
} else if (opt.isContextSpecific(TAG_ONLY_SOME_REASONS) &&
!opt.isConstructed()) {
revocationReasons = new ReasonFlags(opt); // expects tag implicit
} else if (opt.isContextSpecific(TAG_INDIRECT_CRL) &&
!opt.isConstructed()) {
opt.resetTag(DerValue.tag_Boolean);
isIndirectCRL = opt.getBoolean();
} else if (opt.isContextSpecific(TAG_ONLY_ATTRIBUTE_CERTS) &&
!opt.isConstructed()) {
opt.resetTag(DerValue.tag_Boolean);
hasOnlyAttributeCerts = opt.getBoolean();
} else {
throw new IOException
("Invalid encoding of IssuingDistributionPoint");
}
}
}
Example 15
| Source File: DistributionPoint.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Create the object from the passed DER encoded form.
*
* @param val the DER encoded form of the DistributionPoint
* @throws IOException on error
*/
public DistributionPoint(DerValue val) throws IOException {
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding of DistributionPoint.");
}
// Note that all the fields in DistributionPoint are defined as
// being OPTIONAL, i.e., there could be an empty SEQUENCE, resulting
// in val.data being null.
while ((val.data != null) && (val.data.available() != 0)) {
DerValue opt = val.data.getDerValue();
if (opt.isContextSpecific(TAG_DIST_PT) && opt.isConstructed()) {
if ((fullName != null) || (relativeName != null)) {
throw new IOException("Duplicate DistributionPointName in "
+ "DistributionPoint.");
}
DerValue distPnt = opt.data.getDerValue();
if (distPnt.isContextSpecific(TAG_FULL_NAME)
&& distPnt.isConstructed()) {
distPnt.resetTag(DerValue.tag_Sequence);
fullName = new GeneralNames(distPnt);
} else if (distPnt.isContextSpecific(TAG_REL_NAME)
&& distPnt.isConstructed()) {
distPnt.resetTag(DerValue.tag_Set);
relativeName = new RDN(distPnt);
} else {
throw new IOException("Invalid DistributionPointName in "
+ "DistributionPoint");
}
} else if (opt.isContextSpecific(TAG_REASONS)
&& !opt.isConstructed()) {
if (reasonFlags != null) {
throw new IOException("Duplicate Reasons in " +
"DistributionPoint.");
}
opt.resetTag(DerValue.tag_BitString);
reasonFlags = (opt.getUnalignedBitString()).toBooleanArray();
} else if (opt.isContextSpecific(TAG_ISSUER)
&& opt.isConstructed()) {
if (crlIssuer != null) {
throw new IOException("Duplicate CRLIssuer in " +
"DistributionPoint.");
}
opt.resetTag(DerValue.tag_Sequence);
crlIssuer = new GeneralNames(opt);
} else {
throw new IOException("Invalid encoding of " +
"DistributionPoint.");
}
}
if ((crlIssuer == null) && (fullName == null) && (relativeName == null)) {
throw new IOException("One of fullName, relativeName, "
+ " and crlIssuer has to be set");
}
}
Example 16
| Source File: SpnegoReqFlags.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
|
void go() throws Exception {
Context c = Context.fromJAAS("client");
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID);
byte[] token = c.doAs(new Action() {
@Override
public byte[] run(Context me, byte[] input) throws Exception {
me.x().requestCredDeleg(true);
me.x().requestReplayDet(false);
me.x().requestSequenceDet(false);
return me.x().initSecContext(new byte[0], 0, 0);
}
}, null);
DerValue d = new DerValue(token); // GSSToken
DerInputStream ins = d.data; // OID + mech token
d.data.getDerValue(); // skip OID
d = d.data.getDerValue(); // NegTokenInit
d = d.data.getDerValue(); // The SEQUENCE inside
boolean found = false;
// Go through all fields inside NegTokenInit. The reqFlags field
// is optional. It's even not recommended in RFC 4178.
while (d.data.available() > 0) {
DerValue d2 = d.data.getDerValue();
if (d2.isContextSpecific((byte)1)) {
found = true;
System.out.println("regFlags field located.");
BitArray ba = d2.data.getUnalignedBitString();
if (ba.length() != 7) {
throw new Exception("reqFlags should contain 7 bits");
}
if (!ba.get(0)) {
throw new Exception("delegFlag should be true");
}
if (ba.get(2) || ba.get(3)) {
throw new Exception("replay/sequenceFlag should be false");
}
}
}
if (!found) {
System.out.println("Warning: regFlags field not found, too new?");
}
c.dispose();
}
Example 17
| Source File: IssuingDistributionPointExtension.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
/**
* Creates a critical IssuingDistributionPointExtension from its
* DER-encoding.
*
* @param critical true if the extension is to be treated as critical.
* @param value the DER-encoded value. It must be a <code>byte[]</code>.
* @exception IOException on decoding error.
*/
public IssuingDistributionPointExtension(Boolean critical, Object value)
throws IOException {
this.extensionId = PKIXExtensions.IssuingDistributionPoint_Id;
this.critical = critical.booleanValue();
if (!(value instanceof byte[])) {
throw new IOException("Illegal argument type");
}
extensionValue = (byte[])value;
DerValue val = new DerValue(extensionValue);
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding for " +
"IssuingDistributionPointExtension.");
}
// All the elements in issuingDistributionPoint are optional
if ((val.data == null) || (val.data.available() == 0)) {
return;
}
DerInputStream in = val.data;
while (in != null && in.available() != 0) {
DerValue opt = in.getDerValue();
if (opt.isContextSpecific(TAG_DISTRIBUTION_POINT) &&
opt.isConstructed()) {
distributionPoint =
new DistributionPointName(opt.data.getDerValue());
} else if (opt.isContextSpecific(TAG_ONLY_USER_CERTS) &&
!opt.isConstructed()) {
opt.resetTag(DerValue.tag_Boolean);
hasOnlyUserCerts = opt.getBoolean();
} else if (opt.isContextSpecific(TAG_ONLY_CA_CERTS) &&
!opt.isConstructed()) {
opt.resetTag(DerValue.tag_Boolean);
hasOnlyCACerts = opt.getBoolean();
} else if (opt.isContextSpecific(TAG_ONLY_SOME_REASONS) &&
!opt.isConstructed()) {
revocationReasons = new ReasonFlags(opt); // expects tag implicit
} else if (opt.isContextSpecific(TAG_INDIRECT_CRL) &&
!opt.isConstructed()) {
opt.resetTag(DerValue.tag_Boolean);
isIndirectCRL = opt.getBoolean();
} else if (opt.isContextSpecific(TAG_ONLY_ATTRIBUTE_CERTS) &&
!opt.isConstructed()) {
opt.resetTag(DerValue.tag_Boolean);
hasOnlyAttributeCerts = opt.getBoolean();
} else {
throw new IOException
("Invalid encoding of IssuingDistributionPoint");
}
}
}
Example 18
| Source File: DistributionPoint.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
|
/**
* Create the object from the passed DER encoded form.
*
* @param val the DER encoded form of the DistributionPoint
* @throws IOException on error
*/
public DistributionPoint(DerValue val) throws IOException {
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding of DistributionPoint.");
}
// Note that all the fields in DistributionPoint are defined as
// being OPTIONAL, i.e., there could be an empty SEQUENCE, resulting
// in val.data being null.
while ((val.data != null) && (val.data.available() != 0)) {
DerValue opt = val.data.getDerValue();
if (opt.isContextSpecific(TAG_DIST_PT) && opt.isConstructed()) {
if ((fullName != null) || (relativeName != null)) {
throw new IOException("Duplicate DistributionPointName in "
+ "DistributionPoint.");
}
DerValue distPnt = opt.data.getDerValue();
if (distPnt.isContextSpecific(TAG_FULL_NAME)
&& distPnt.isConstructed()) {
distPnt.resetTag(DerValue.tag_Sequence);
fullName = new GeneralNames(distPnt);
} else if (distPnt.isContextSpecific(TAG_REL_NAME)
&& distPnt.isConstructed()) {
distPnt.resetTag(DerValue.tag_Set);
relativeName = new RDN(distPnt);
} else {
throw new IOException("Invalid DistributionPointName in "
+ "DistributionPoint");
}
} else if (opt.isContextSpecific(TAG_REASONS)
&& !opt.isConstructed()) {
if (reasonFlags != null) {
throw new IOException("Duplicate Reasons in " +
"DistributionPoint.");
}
opt.resetTag(DerValue.tag_BitString);
reasonFlags = (opt.getUnalignedBitString()).toBooleanArray();
} else if (opt.isContextSpecific(TAG_ISSUER)
&& opt.isConstructed()) {
if (crlIssuer != null) {
throw new IOException("Duplicate CRLIssuer in " +
"DistributionPoint.");
}
opt.resetTag(DerValue.tag_Sequence);
crlIssuer = new GeneralNames(opt);
} else {
throw new IOException("Invalid encoding of " +
"DistributionPoint.");
}
}
if ((crlIssuer == null) && (fullName == null) && (relativeName == null)) {
throw new IOException("One of fullName, relativeName, "
+ " and crlIssuer has to be set");
}
}
Example 19
| Source File: SpnegoReqFlags.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
|
void go() throws Exception {
Context c = Context.fromJAAS("client");
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID);
byte[] token = c.doAs(new Action() {
@Override
public byte[] run(Context me, byte[] input) throws Exception {
me.x().requestCredDeleg(true);
me.x().requestReplayDet(false);
me.x().requestSequenceDet(false);
return me.x().initSecContext(new byte[0], 0, 0);
}
}, null);
DerValue d = new DerValue(token); // GSSToken
DerInputStream ins = d.data; // OID + mech token
d.data.getDerValue(); // skip OID
d = d.data.getDerValue(); // NegTokenInit
d = d.data.getDerValue(); // The SEQUENCE inside
boolean found = false;
// Go through all fields inside NegTokenInit. The reqFlags field
// is optional. It's even not recommended in RFC 4178.
while (d.data.available() > 0) {
DerValue d2 = d.data.getDerValue();
if (d2.isContextSpecific((byte)1)) {
found = true;
System.out.println("regFlags field located.");
BitArray ba = d2.data.getUnalignedBitString();
if (ba.length() != 7) {
throw new Exception("reqFlags should contain 7 bits");
}
if (!ba.get(0)) {
throw new Exception("delegFlag should be true");
}
if (ba.get(2) || ba.get(3)) {
throw new Exception("replay/sequenceFlag should be false");
}
}
}
if (!found) {
System.out.println("Warning: regFlags field not found, too new?");
}
c.dispose();
}
Example 20
| Source File: IssuingDistributionPointExtension.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Creates a critical IssuingDistributionPointExtension from its
* DER-encoding.
*
* @param critical true if the extension is to be treated as critical.
* @param value the DER-encoded value. It must be a <code>byte[]</code>.
* @exception IOException on decoding error.
*/
public IssuingDistributionPointExtension(Boolean critical, Object value)
throws IOException {
this.extensionId = PKIXExtensions.IssuingDistributionPoint_Id;
this.critical = critical.booleanValue();
if (!(value instanceof byte[])) {
throw new IOException("Illegal argument type");
}
extensionValue = (byte[])value;
DerValue val = new DerValue(extensionValue);
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding for " +
"IssuingDistributionPointExtension.");
}
// All the elements in issuingDistributionPoint are optional
if ((val.data == null) || (val.data.available() == 0)) {
return;
}
DerInputStream in = val.data;
while (in != null && in.available() != 0) {
DerValue opt = in.getDerValue();
if (opt.isContextSpecific(TAG_DISTRIBUTION_POINT) &&
opt.isConstructed()) {
distributionPoint =
new DistributionPointName(opt.data.getDerValue());
} else if (opt.isContextSpecific(TAG_ONLY_USER_CERTS) &&
!opt.isConstructed()) {
opt.resetTag(DerValue.tag_Boolean);
hasOnlyUserCerts = opt.getBoolean();
} else if (opt.isContextSpecific(TAG_ONLY_CA_CERTS) &&
!opt.isConstructed()) {
opt.resetTag(DerValue.tag_Boolean);
hasOnlyCACerts = opt.getBoolean();
} else if (opt.isContextSpecific(TAG_ONLY_SOME_REASONS) &&
!opt.isConstructed()) {
revocationReasons = new ReasonFlags(opt); // expects tag implicit
} else if (opt.isContextSpecific(TAG_INDIRECT_CRL) &&
!opt.isConstructed()) {
opt.resetTag(DerValue.tag_Boolean);
isIndirectCRL = opt.getBoolean();
} else if (opt.isContextSpecific(TAG_ONLY_ATTRIBUTE_CERTS) &&
!opt.isConstructed()) {
opt.resetTag(DerValue.tag_Boolean);
hasOnlyAttributeCerts = opt.getBoolean();
} else {
throw new IOException
("Invalid encoding of IssuingDistributionPoint");
}
}
}
