/** * Encode an {@code ExtensionRequest} using the given DER encoder. The ASN.1 definition of {@code ExtensionRequest} is: * * <pre> * ExtensionRequest ::= Extensions * Extensions ::= SEQUENCE OF Extension * </pre> * * @param encoder the DER encoder */ private void encodeExtensionRequest(final DEREncoder encoder) { encoder.startSequence(); for (X509CertificateExtension extension : extensionsByOid.values()) { encodeExtension(encoder, extension); } encoder.endSequence(); }
/** * Encode an ASN.1 sequence of trusted authorities using the given DER encoder. * * @param encoder the DER encoder * @param trustedAuthorities the trusted authorities as a {@code List} where each entry must * be a {@link NameTrustedAuthority}, a {@link CertificateTrustedAuthority}, or a {@link HashTrustedAuthority} * @throws ASN1Exception if any of the trusted authorities are invalid */ public static void encodeTrustedAuthorities(final DEREncoder encoder, List<TrustedAuthority> trustedAuthorities) throws ASN1Exception { encoder.startSequence(); for (TrustedAuthority trustedAuthority : trustedAuthorities) { trustedAuthority.encodeTo(encoder); } encoder.endSequence(); }
/** * Encode an {@code AlgorithmIdentifier} using the given DER encoder. The ASN.1 definition of {@code AlgorithmIdentifier} is: * * <pre> * AlgorithmIdentifier {ALGORITHM:IOSet } ::= SEQUENCE { * algorithm ALGORITHM.&id({IOSet}), * parameters ALGORITHM.&Type({IOSet}{{@literal @}algorithm}) OPTIONAL * } * </pre> * * @param encoder the DER encoder */ private void encodeAlgorithmIdentifier(final DEREncoder encoder) { encoder.startSequence(); encoder.encodeObjectIdentifier(signatureAlgorithmOid); if (signingKey.getAlgorithm().equals("RSA")) { // Include the NULL parameter for RSA based signature algorithms only, as per RFC 3279 (http://www.ietf.org/rfc/rfc3279) encoder.encodeNull(); } encoder.endSequence(); }
/** * <p> * Encode a {@code GeneralNames} element using the given DER encoder, where * {@code GeneralNames} is defined as: * * <pre> * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName * </pre> * </p> * * @param encoder the DER encoder * @param generalNames the general names, as a {@code List} where each entry is a {@link GeneralName} * @throws ASN1Exception if any of the general names are invalid */ public static void encodeGeneralNames(final DEREncoder encoder, List<GeneralName> generalNames) throws ASN1Exception { encoder.startSequence(); for (GeneralName generalName : generalNames) { generalName.encodeTo(encoder); } encoder.endSequence(); }
@Override public void flush() { while (states.size() != 0) { EncoderState lastState = states.peekLast(); if (lastState.getTag() == SEQUENCE_TYPE) { endSequence(); } else if (lastState.getTag() == SET_TYPE) { endSet(); } } }
public static void encodeGeneralNames(final DEREncoder encoder, String subjectName, Collection<List<?>> subjectAltNames) throws ASN1Exception { encoder.startSequence(); if (! subjectName.isEmpty()) { new DirectoryName(subjectName).encodeTo(encoder); } if (subjectAltNames != null) { for (List<?> altName : subjectAltNames) { convertToGeneralName(altName).encodeTo(encoder); } } encoder.endSequence(); }
derEncoder.endSequence(); // AlgorithmIdentifier try { final Signature signature = Signature.getInstance(signatureAlgorithmName); throw log.certSigningFailed(e); derEncoder.endSequence(); // Certificate
/** * <p> * Encode an {@code AlgorithmIdentifier} without any parameters using the given * DER encoder and object identifier, where {@code AlgorithmIdentifier} is defined as: * * <pre> * AlgorithmIdentifier ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL * } * </pre> * </p> * * @param encoder the DER encoder * @param objectIdentifier the object identifier for the algorithm * @param omitParametersField {@code true} if the parameters field should be ommitted in * the encoding and {@code false} otherwise * @throws ASN1Exception if the given object identifier is invalid */ public static void encodeAlgorithmIdentifier(final DEREncoder encoder, String objectIdentifier, boolean omitParametersField) throws ASN1Exception { encoder.startSequence(); encoder.encodeObjectIdentifier(objectIdentifier); if (!omitParametersField) { encoder.encodeNull(); } encoder.endSequence(); }
encodeAlgorithmIdentifier(encoder); encoder.encodeBitString(signatureBytes); encoder.endSequence();
/** * Build the principal. On return (with any outcome), this builder is re-set for building a new principal. * * @return the constructed principal (not {@code null}) * @throws IllegalArgumentException if the principal is somehow invalid */ public X500Principal build() throws IllegalArgumentException { final DEREncoder derEncoder = new DEREncoder(); derEncoder.startSequence(); for (Collection<X500AttributeTypeAndValue> itemSet : items) { derEncoder.startSet(); for (X500AttributeTypeAndValue item : itemSet) { item.encodeTo(derEncoder); } derEncoder.endSet(); } derEncoder.endSequence(); return new X500Principal(derEncoder.getEncoded()); } }
/** * <p> * Create an {@code EDIPartyName} that is defined as: * * <pre> * EDIPartyName ::= SEQUENCE { * nameAssigner [0] DirectoryString OPTIONAL, * partyName [1] DirectoryString } * </pre> * </p> * * @param encoded the DER encoded form of the name or the value bytes from the DER encoded form of the name, as a byte array * @param valueBytesOnly whether or not {@code encoded} contains only the value bytes from the DER encoded form of the name * @throws ASN1Exception if {@code encoded} is not DER encoded */ public EDIPartyName(final byte[] encoded, final boolean valueBytesOnly) throws ASN1Exception { super(EDI_PARTY_NAME); if (valueBytesOnly) { final DEREncoder encoder = new DEREncoder(); encoder.startSequence(); encoder.writeEncoded(encoded); encoder.endSequence(); encodedName = encoder.getEncoded(); } else { encodedName = encoded; } }
/** * <p> * Create an {@code X400Address} that is defined as: * * <pre> * X400Address ::= SEQUENCE { * built-in-standard-attributes BuiltInStandardAttributes, * built-in-domain-defined-attributes BuiltInDomainDefinedAttributes OPTIONAL, * -- see also teletex-domain-defined-attributes * extension-attributes ExtensionAttributes OPTIONAL } * </pre> * </p> * * @param encoded the DER encoded form of the name or the value bytes from the DER encoded form of the name, as a byte array * @param valueBytesOnly whether or not {@code encoded} contains only the value bytes from the DER encoded form of the name * @throws ASN1Exception if {@code encoded} is not DER encoded */ public X400Address(final byte[] encoded, final boolean valueBytesOnly) throws ASN1Exception { super(X400_ADDRESS); if (valueBytesOnly) { final DEREncoder encoder = new DEREncoder(); encoder.startSequence(); encoder.writeEncoded(encoded); encoder.endSequence(); encodedName = encoder.getEncoded(); } else { encodedName = encoded; } }
/** * Encode a {@code CertificationRequestInfo} using the given DER encoder. The ASN.1 definition of {@code CertificationRequestInfo} is: * * <pre> * CertificationRequestInfo ::= SEQUENCE { * version INTEGER { v1(0) } (v1,...), * subject Name, * subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, * attributes [0] Attributes{{ CRIAttributes }} * } * </pre> * * @param encoder the DER encoder */ private void encodeCertificationRequestInfo(final DEREncoder encoder) { encoder.startSequence(); encoder.encodeInteger(VERSION); encoder.writeEncoded(subjectDn.getEncoded()); encoder.writeEncoded(publicKey.getEncoded()); // subjectPKInfo encoder.encodeImplicit(0); encodeAttributes(encoder); encoder.endSequence(); }
/** * <p> * Create an {@code OtherName} that is defined as: * * <pre> * OtherName ::= SEQUENCE { * type-id OBJECT IDENTIFIER, * value [0] EXPLICIT ANY DEFINED BY type-id } * </pre> * </p> * * @param typeId the object identifier for this name * @param encodedValue the DER encoded value for this name * @throws ASN1Exception if {@code encodedValue} is not DER encoded */ public OtherName(final String typeId, final byte[] encodedValue) throws ASN1Exception { super(OTHER_NAME); this.typeId = typeId; this.encodedValue = encodedValue; final DEREncoder encoder = new DEREncoder(); encoder.startSequence(); encoder.encodeObjectIdentifier(typeId); encoder.writeEncoded(encodedValue); encoder.endSequence(); encodedName = encoder.getEncoded(); }
/** * Encode {@code Attributes} using the given DER encoder. The ASN.1 definition of {@code Attributes} is: * * <pre> * Attributes ::= SET OF Attribute * * Attribute :: SEQUENCE { * type AttributeType, * values SET OF AttributeValue * } * * AttributeType ::= OBJECT IDENTIFIER * AttributeValue ::= ANY defined by type * </pre> * * @param encoder the DER encoder */ private void encodeAttributes(final DEREncoder encoder) { encoder.startSetOf(); encoder.startSequence(); // extensionRequest attribute encoder.encodeObjectIdentifier(ASN1.OID_EXTENSION_REQUEST); encoder.startSetOf(); encodeExtensionRequest(encoder); encoder.endSetOf(); encoder.endSequence(); encoder.endSetOf(); }
/** * Recompute and restore the initial context token header for the given token. * * @param token the initial context token without the token header * @return the initial context token with the token header restored * @throws ASN1Exception if the mechanism OID cannot be DER encoded */ private byte[] restoreTokenHeader(byte[] token) throws ASN1Exception { final DEREncoder encoder = new DEREncoder(); encoder.encodeImplicit(APPLICATION_SPECIFIC_MASK, 0); encoder.startSequence(); try { encoder.writeEncoded(mechanism.getDER()); } catch (GSSException e) { throw new ASN1Exception(e); } encoder.writeEncoded(token); encoder.endSequence(); return encoder.getEncoded(); }
derEncoder.endSequence(); // AlgorithmIdentifier derEncoder.endSequence(); // Validity if (subjectDn != null) derEncoder.writeEncoded(subjectDn.getEncoded()); // already a SEQUENCE of SET of SEQUENCE of { OBJECT IDENTIFIER, ANY } extension.encodeTo(subEncoder); derEncoder.encodeOctetString(subEncoder.getEncoded()); derEncoder.endSequence(); derEncoder.endSequence(); derEncoder.endExplicit(); derEncoder.endSequence(); // TBSCertificate
/** * Encode an {@code Extension} using the given DER encoder. The ASN.1 definition of {@code Extension} is: * * <pre> * Extension ::= SEQUENCE { * extensionId OBJECT IDENTIFIER, * critical BOOLEAN DEFAULT FALSE, * extensionValue OCTET STRING * } * </pre> * * @param encoder the DER encoder * @param extension the X.509 certificate extension */ private static void encodeExtension(final DEREncoder encoder, final X509CertificateExtension extension) { encoder.startSequence(); encoder.encodeObjectIdentifier(extension.getId()); if (extension.isCritical()) { encoder.encodeBoolean(true); } DEREncoder extensionEncoder = new DEREncoder(); extension.encodeTo(extensionEncoder); encoder.encodeOctetString(extensionEncoder.getEncoded()); encoder.endSequence(); }
encoder.writeEncoded(publicSpec.getEncoded()); encoder.writeEncoded(privateSpec.getEncoded()); encoder.endSequence(); entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID)); } else if (credentialClass == X509CertificateChainPublicCredential.class) { encoder.endSequence(); entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID)); } else if (credentialClass == X509CertificateChainPrivateCredential.class) { encoder.encodeOctetString(passwordSpec.getSalt()); encoder.encodeInteger(passwordSpec.getIterationCount()); encoder.endSequence(); break; encoder.encodeOctetString(passwordSpec.getRealm()); encoder.encodeOctetString(passwordSpec.getDigest()); encoder.endSequence(); break; encoder.encodeIA5String(passwordSpec.getSeed()); encoder.encodeInteger(passwordSpec.getSequenceNumber()); encoder.endSequence(); break; encoder.encodeOctetString(passwordSpec.getHash()); encoder.encodeOctetString(passwordSpec.getSalt()); encoder.endSequence(); break;
EntityUtil.encodeGeneralNames(tbsEncoder, authId); tbsEncoder.endSequence(); EntityUtil.encodeAlgorithmIdentifier(encoder, signature.getAlgorithm()); encoder.encodeBitString(signatureBytes); encoder.endSequence(); encoder.endSequence(); } catch (ASN1Exception e) { throw saslEntity.mechUnableToCreateResponseToken(e).toSaslException(); EntityUtil.encodeGeneralNames(tbsEncoder, entityA); tbsEncoder.endSequence();