final DERDecoder decoder = new DERDecoder(encoded); decoder.startSequence(); final byte[] publicBytes = decoder.drainElement(); final byte[] privateBytes = decoder.drainElement(); decoder.endSequence(); final KeyFactory keyFactory = KeyFactory.getInstance(matchedAlgorithm); final PublicKey publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(publicBytes)); final String matchedAlgorithm = bottomEntry.getAlgorithm(); assert matchedAlgorithm != null; // because it is an AlgorithmCredential final DERDecoder decoder = new DERDecoder(encoded); final CertificateFactory certificateFactory = CertificateFactory.getInstance(X_509); final int count = decoder.decodeInteger().intValueExact(); final X509Certificate[] array = new X509Certificate[count]; decoder.startSequence(); int i = 0; while (decoder.hasNextElement()) { final byte[] certBytes = decoder.drainElement(); array[i ++] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certBytes)); decoder.endSequence(); return credentialType.cast(new X509CertificateChainPublicCredential(array)); } catch (ASN1Exception | CertificateException | ArrayIndexOutOfBoundsException e) { final String matchedAlgorithm = bottomEntry.getAlgorithm(); assert matchedAlgorithm != null; // because it is an AlgorithmCredential final DERDecoder decoder = new DERDecoder(encoded); case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_256:
List<GeneralName> generalNames = new ArrayList<GeneralName>(); GeneralName generalName = null; decoder.startSequence(); while (decoder.hasNextElement()) { out: { for (int generalNameType = 0; generalNameType <= 8; generalNameType++) { switch (generalNameType) { case OTHER_NAME: if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, generalNameType, true)) { decoder.decodeImplicit(generalNameType); decoder.startSequence(); String typeId = decoder.decodeObjectIdentifier(); byte[] encodedValue = decoder.drainElement(); decoder.endSequence(); generalName = new OtherName(typeId, encodedValue); break out; if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, generalNameType, false)) { decoder.decodeImplicit(generalNameType); generalName = new RFC822Name(decoder.decodeIA5String()); break out; if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, generalNameType, false)) { decoder.decodeImplicit(generalNameType); generalName = new DNSName(decoder.decodeIA5String()); break out; if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, generalNameType, true)) { decoder.decodeImplicit(generalNameType);
/** * Get the key identifier, which is composed of the 160-bit SHA-1 hash of the value of the BIT STRING * {@code subjectPublicKey} (excluding the tag, length, and number of unused bits), as per * <a href="https://tools.ietf.org/html/rfc3280">RFC 3280</a>. * * @param publicKey the public key * @return the key identifier */ public static byte[] getKeyIdentifier(final PublicKey publicKey) { DERDecoder decoder = new DERDecoder(publicKey.getEncoded()); decoder.startSequence(); decoder.skipElement(); // skip the algorithm byte[] subjectPublicKey = decoder.decodeBitString(); decoder.endSequence(); final MessageDigest messageDigest; try { messageDigest = MessageDigest.getInstance("SHA-1"); messageDigest.update(subjectPublicKey); return messageDigest.digest(); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException(e); } } }
@Override public BigInteger decodeBitStringAsInteger() { DERDecoder decoder = new DERDecoder(decodeBitString()); if (decoder.peekType() != INTEGER_TYPE) { throw log.asnUnexpectedTag(); } return decoder.decodeInteger(); }
/** * <p> * Create an {@code OtherName} that is defined as: * * <pre> * OtherName ::= SEQUENCE { * type-id OBJECT IDENTIFIER, * value [0] EXPLICIT ANY DEFINED BY type-id } * </pre> * </p> * * @param encodedName the DER encoded form of the name, as a byte array * @throws ASN1Exception if {@code encodedName} is not DER encoded */ public OtherName(final byte[] encodedName) throws ASN1Exception { super(OTHER_NAME); this.encodedName = encodedName; final DERDecoder decoder = new DERDecoder(encodedName); decoder.startSequence(); typeId = decoder.decodeObjectIdentifier(); encodedValue = decoder.drainElement(); decoder.endSequence(); }
@Override public BigInteger decodeInteger() throws ASN1Exception { if (INTEGER_TYPE != peekType()) { throw log.asnUnexpectedTag(); } return new BigInteger(drainElementValue()); }
switch (state) { case ST_CHALLENGE_RESPONSE: { final DERDecoder decoder = new DERDecoder(challenge); List<TrustedAuthority> trustedAuthorities = null; List<GeneralName> entityB = null; try { decoder.startSequence(); randomB = decoder.decodeOctetString(); if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, 0, true)) { decoder.decodeImplicit(0); List<GeneralName> decodedEntityB = EntityUtil.decodeGeneralNames(decoder); if ((entityB != null) && (! EntityUtil.matchGeneralNames(decodedEntityB, entityB))) { if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, 1, true)) { decoder.decodeImplicit(1); trustedAuthorities = EntityUtil.decodeTrustedAuthorities(decoder); decoder.endSequence(); } catch (ASN1Exception e) { throw saslEntity.mechInvalidServerMessageWithCause(e).toSaslException(); final DERDecoder decoder = new DERDecoder(challenge); List<GeneralName> entityA = null; try { decoder.startSequence(); byte[] randomC = decoder.decodeOctetString();
private static PrivateKey parsePemPrivateKey(String type, ByteIterator byteIterator) throws IllegalArgumentException { if (! type.equals(PRIVATE_KEY_FORMAT)) { throw log.invalidPemType(PRIVATE_KEY_FORMAT, type); } try { byte[] der = byteIterator.drain(); DERDecoder derDecoder = new DERDecoder(der); derDecoder.startSequence(); // Version if (derDecoder.peekType() != ASN1.INTEGER_TYPE) throw log.asnUnexpectedTag(); derDecoder.skipElement(); // AlgorithmIdentifier derDecoder.startSequence(); String algorithm = derDecoder.decodeObjectIdentifierAsKeyAlgorithm(); if (algorithm != null) { return KeyFactory.getInstance(algorithm).generatePrivate(new PKCS8EncodedKeySpec(der)); } throw log.asnUnrecognisedAlgorithm(algorithm); } catch (Exception cause) { throw log.privateKeyParseError(cause); } }
final DERDecoder decoder = new DERDecoder(token); decoder.decodeImplicit(APPLICATION_SPECIFIC_MASK, 0); decoder.startSequence(); String decodedOid = decoder.decodeObjectIdentifier(); if (! mechanism.equals(new Oid(decodedOid))) { throw new GSSException(GSSException.DEFECTIVE_TOKEN); token = decoder.drain(); } else {
if (privateKey instanceof ECPrivateKey) { DERDecoder derDecoder = new DERDecoder(signatureBytes); derDecoder.startSequence(); byte[] r = derDecoder.drainElementValue(); byte[] s = derDecoder.drainElementValue(); derDecoder.endSequence(); int rLength = r.length; int sLength = s.length;
/** * Implementation of the {@code engineInit} method. * * @param params the encoded parameter specification * @throws IOException if decoding failed */ protected final void engineInit(final byte[] params) throws IOException { final DERDecoder decoder = new DERDecoder(params); try { parameterSpec = engineDecode(decoder); encoded = params; } catch (ASN1Exception e) { throw log.failedToDecode(e); } }
/** * Decode the next element from the given DER decoder as an X.509 certificate chain. * * @param decoder the DER decoder * @return the X.509 certificate chain * @throws ASN1Exception if the next element from the given decoder is not an X.509 * certificate chain or if an error occurs while decoding the X.509 certificate chain */ public static X509Certificate[] decodeX509CertificateChain(final DERDecoder decoder) throws ASN1Exception { if (decoder.peekType() != SET_TYPE) { throw saslEntity.asnUnexpectedTag(); } byte[] certChain = decoder.drainElement(); try { CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); certChain[0] = SEQUENCE_TYPE; // CertificateFactory#generateCertPath requires a DER SEQUE CertPath certPath = certFactory.generateCertPath(new ByteArrayInputStream(certChain)); List<? extends Certificate> certs = certPath.getCertificates(); return certs.toArray(new X509Certificate[certs.size()]); } catch (CertificateException e) { throw new ASN1Exception(e); } }
@Override public boolean isNextType(int clazz, int number, boolean isConstructed) { try { return peekType() == (clazz | (isConstructed ? CONSTRUCTED_MASK : 0x00) | number); } catch (ASN1Exception e) { return false; } }
/** * Decodes an OID and resolve its corresponding key algorithm. * * @return the key algorithm associated with the OID or null if no algorithm could be resolved */ public String decodeObjectIdentifierAsKeyAlgorithm() { return keyAlgorithmFromOid(decodeObjectIdentifier()); }
@Override public void decodeImplicit(int number) { decodeImplicit(CONTEXT_SPECIFIC_MASK, number); }
final DERDecoder decoder = new DERDecoder(response); byte[] randomA; X509Certificate clientCert; List<GeneralName> authID = null; try { decoder.startSequence(); randomA = decoder.decodeOctetString(); if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, 0, true)) { decoder.decodeImplicit(0); entityB = EntityUtil.decodeGeneralNames(decoder); decoder.startExplicit(1); final X509PeerCertificateChainEvidence evidence = new X509PeerCertificateChainEvidence(EntityUtil.decodeCertificateData(decoder)); decoder.endExplicit(); clientCert = evidence.getFirstCertificate(); if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, 2, true)) { decoder.decodeImplicit(2); authID = EntityUtil.decodeGeneralNames(decoder); authorizationID = EntityUtil.getDistinguishedNameFromGeneralNames(authID); decoder.startSequence(); decoder.skipElement(); byte[] clientSignature = decoder.decodeBitString(); decoder.endSequence(); decoder.endSequence();
private static PublicKey parsePemPublicKey(String type, ByteIterator byteIterator) throws IllegalArgumentException { if (! type.equals(PUBLIC_KEY_FORMAT)) { throw log.invalidPemType(PUBLIC_KEY_FORMAT, type); } try { byte[] der = byteIterator.drain(); DERDecoder derDecoder = new DERDecoder(der); derDecoder.startSequence(); switch (derDecoder.peekType()) { case ASN1.SEQUENCE_TYPE: derDecoder.startSequence(); String algorithm = derDecoder.decodeObjectIdentifierAsKeyAlgorithm(); if (algorithm != null) { return KeyFactory.getInstance(algorithm).generatePublic(new X509EncodedKeySpec(der)); } throw log.asnUnrecognisedAlgorithm(algorithm); default: throw log.asnUnexpectedTag(); } } catch (Exception cause) { throw log.publicKeyParseError(cause); } }
/** * <p> * Create an {@code OtherName} that is defined as: * * <pre> * OtherName ::= SEQUENCE { * type-id OBJECT IDENTIFIER, * value [0] EXPLICIT ANY DEFINED BY type-id } * </pre> * </p> * * @param encodedName the DER encoded form of the name, as a byte array * @throws ASN1Exception if {@code encodedName} is not DER encoded */ public OtherName(final byte[] encodedName) throws ASN1Exception { super(OTHER_NAME); this.encodedName = encodedName; final DERDecoder decoder = new DERDecoder(encodedName); decoder.startSequence(); typeId = decoder.decodeObjectIdentifier(); encodedValue = decoder.drainElement(); decoder.endSequence(); }
final DERDecoder decoder = new DERDecoder(token); decoder.decodeImplicit(APPLICATION_SPECIFIC_MASK, 0); decoder.startSequence(); String decodedOid = decoder.decodeObjectIdentifier(); if (! mechanism.equals(new Oid(decodedOid))) { throw new GSSException(GSSException.DEFECTIVE_TOKEN); token = decoder.drain(); } else {
if (privateKey instanceof ECPrivateKey) { DERDecoder derDecoder = new DERDecoder(signatureBytes); derDecoder.startSequence(); byte[] r = derDecoder.drainElementValue(); byte[] s = derDecoder.drainElementValue(); derDecoder.endSequence(); int rLength = r.length; int sLength = s.length;