final byte[] clientToken = StringUtils.decodeBase64String(authorization); try { DerInputStream ticketStream = new DerInputStream(clientToken); DerValue[] values = ticketStream.getSet(clientToken.length, true);
privateKeyPem = privateKeyPem.replaceAll("\\s", ""); DerInputStream derReader = new DerInputStream(Base64.getDecoder().decode(privateKeyPem)); DerValue[] seq = derReader.getSequence(0);
/** * Fix for OAUTH-96, sort of. Some python clients send and invalid cert request * because the programmer does not set the version (to zero). Python then sends a * zero-length integer. Now, as this violates the PKCS10 spec., and should be rejected. * Bouncy Castle will ignore it but the Sun libraries will throw an extremely * unhelpful IOException. The method does the check and throws a much better exception. * * @param derEncoded */ protected void checkVersion(byte[] derEncoded) { try { DerInputStream derInputStream = new DerInputStream(derEncoded); DerValue[] seq = derInputStream.getSequence(3); //try and get the first three elements. seq[0].data.getBigInteger(); } catch (IOException iox) { throw new InvalidCertRequestException("Invalid Certification Request. Be sure that the version number " + "of the (PCKS10) request is set to zero.", iox); } }
public static ObjectIdentifier getOID(byte[] derOID) throws IOException { DerInputStream dis = new DerInputStream(derOID); ObjectIdentifier oid = dis.getOID(); /* Note: getOID() method call generates an IOException * if derOID contains any malformed data */ return oid; }
public byte[] getSubjectKeyIdentifier(X509Certificate cert) throws KeyIdentifierSPIException { byte[] subjectKeyIdentifier = cert.getExtensionValue(SUBJECT_KEY_IDENTIFIER_OID); if (subjectKeyIdentifier == null) return null; try { sun.security.x509.KeyIdentifier keyId = null; sun.security.util.DerValue derVal = new sun.security.util.DerValue( new sun.security.util.DerInputStream(subjectKeyIdentifier).getOctetString()); keyId = new sun.security.x509.KeyIdentifier(derVal.getOctetString()); return keyId.getIdentifier(); } catch (NoClassDefFoundError ncde) { // TODO X509 Token profile states that only the contents of the // OCTET STRING should be returned, excluding the "prefix" byte[] dest = new byte[subjectKeyIdentifier.length-4]; System.arraycopy( subjectKeyIdentifier, 4, dest, 0, subjectKeyIdentifier.length-4); return dest; } catch (IOException e) { //log exception throw new KeyIdentifierSPIException(e); } }
@Override public RSAPrivateKeySpec readPrivateKey(byte[] privateKeyDerBytes) throws IOException { sun.security.util.DerInputStream derStream = new sun.security.util.DerInputStream(privateKeyDerBytes); sun.security.util.DerValue[] derValues = derStream.getSequence(0); BigInteger modulus = derValues[1].getBigInteger(); BigInteger privateExponent = derValues[3].getBigInteger(); return new RSAPrivateKeySpec(modulus, privateExponent); }
public static ObjectIdentifier getOID(byte[] derOID) throws IOException { DerInputStream dis = new DerInputStream(derOID); ObjectIdentifier oid = dis.getOID(); /* Note: getOID() method call generates an IOException * if derOID contains any malformed data */ return oid; }
keyPem = keyPem.replaceAll("\\s", ""); DerInputStream derReader = new DerInputStream(Base64.getDecoder().decode(keyPem)); DerValue[] seq = derReader.getSequence(0);
public static PrivateKey generatePrivateKeyWithPKCS1(byte[] privateKeyBytes) { try { DerInputStream derReader = new DerInputStream(privateKeyBytes); DerValue[] seq = derReader.getSequence(0); if (seq.length < 9) { System.out.println("Could not parse a PKCS1 private key.");
DerInputStream din = new DerInputStream(derenc); DerValue[] derval = din.getSequence(1); X509Certificate[] certchain = new X509CertImpl[derval.length];