本文整理汇总了Java中sun.security.util.DerInputStream.getOctetString方法的典型用法代码示例。如果您正苦于以下问题:Java DerInputStream.getOctetString方法的具体用法?Java DerInputStream.getOctetString怎么用?Java DerInputStream.getOctetString使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类sun.security.util.DerInputStream的用法示例。
在下文中一共展示了DerInputStream.getOctetString方法的13个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: testPrivateKeyValid
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
private void testPrivateKeyValid() throws IOException, CertificateException {
System.out.println("X.509 Certificate Match on privateKeyValid");
// bad match
X509CertSelector selector = new X509CertSelector();
Calendar cal = Calendar.getInstance();
cal.set(1968, 12, 31);
selector.setPrivateKeyValid(cal.getTime());
checkMatch(selector, cert, false);
// good match
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16"));
byte[] encoded = in.getOctetString();
PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded);
Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
selector.setPrivateKeyValid(validDate);
checkMatch(selector, cert, true);
}
示例2: createPath
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
public static void createPath(String[] certs) throws Exception {
X509Certificate anchorCert = getCertFromFile(certs[0]);
byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30");
if (nameConstraints != null) {
DerInputStream in = new DerInputStream(nameConstraints);
nameConstraints = in.getOctetString();
}
TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
}
示例3: testPolicy
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
private void testPolicy() throws IOException {
System.out.println("X.509 Certificate Match on certificatePolicies");
// test encoding of CertificatePoliciesExtension because we wrote the
// code
// bad match
X509CertSelector selector = new X509CertSelector();
Set<String> s = new HashSet<>();
s.add(new String("1.2.5.7.68"));
selector.setPolicy(s);
checkMatch(selector, cert, false);
// good match
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
// match on the first policy id
PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
s.clear();
s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
selector.setPolicy(s);
checkMatch(selector, cert, true);
}
示例4: matchSubjectKeyID
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
private boolean matchSubjectKeyID(X509Certificate xcert) {
if (ski == null) {
return true;
}
try {
byte[] extVal = xcert.getExtensionValue("2.5.29.14");
if (extVal == null) {
if (debug != null && Debug.isVerbose()) {
debug.println("AdaptableX509CertSelector.match: "
+ "no subject key ID extension. Subject: "
+ xcert.getSubjectX500Principal());
}
return true;
}
DerInputStream in = new DerInputStream(extVal);
byte[] certSubjectKeyID = in.getOctetString();
if (certSubjectKeyID == null ||
!Arrays.equals(ski, certSubjectKeyID)) {
if (debug != null && Debug.isVerbose()) {
debug.println("AdaptableX509CertSelector.match: "
+ "subject key IDs don't match. "
+ "Expected: " + Arrays.toString(ski) + " "
+ "Cert's: " + Arrays.toString(certSubjectKeyID));
}
return false;
}
} catch (IOException ex) {
if (debug != null && Debug.isVerbose()) {
debug.println("AdaptableX509CertSelector.match: "
+ "exception in subject key ID check");
}
return false;
}
return true;
}
示例5: testSubjectAltName
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
private void testSubjectAltName() throws IOException {
System.out.println("X.509 Certificate Match on subjectAltName");
// bad match
X509CertSelector selector = new X509CertSelector();
GeneralNameInterface dnsName = new DNSName("foo.com");
DerOutputStream tmp = new DerOutputStream();
dnsName.encode(tmp);
selector.addSubjectAlternativeName(2, tmp.toByteArray());
checkMatch(selector, cert, false);
// good match
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17"));
byte[] encoded = in.getOctetString();
SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded);
GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
GeneralName name = (GeneralName) names.get(0);
selector.setSubjectAlternativeNames(null);
DerOutputStream tmp2 = new DerOutputStream();
name.getName().encode(tmp2);
selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray());
checkMatch(selector, cert, true);
// good match 2 (matches at least one)
selector.setMatchAllSubjectAltNames(false);
selector.addSubjectAlternativeName(2, "foo.com");
checkMatch(selector, cert, true);
}
示例6: matchSubjectKeyID
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
private boolean matchSubjectKeyID(X509Certificate xcert) {
if (ski == null) {
return true;
}
try {
byte[] extVal = xcert.getExtensionValue("2.5.29.14");
if (extVal == null) {
if (debug != null) {
debug.println("AdaptableX509CertSelector.match: "
+ "no subject key ID extension");
}
return true;
}
DerInputStream in = new DerInputStream(extVal);
byte[] certSubjectKeyID = in.getOctetString();
if (certSubjectKeyID == null ||
!Arrays.equals(ski, certSubjectKeyID)) {
if (debug != null) {
debug.println("AdaptableX509CertSelector.match: "
+ "subject key IDs don't match");
}
return false;
}
} catch (IOException ex) {
if (debug != null) {
debug.println("AdaptableX509CertSelector.match: "
+ "exception in subject key ID check");
}
return false;
}
return true;
}
示例7: generateSelector
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
private static X509CertSelector generateSelector(String name)
throws Exception {
X509CertSelector selector = new X509CertSelector();
// generate certificate from certificate string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is = null;
if (name.equals("subca")) {
is = new ByteArrayInputStream(subCaCertStr.getBytes());
} else if (name.equals("subci")) {
is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
} else {
is = new ByteArrayInputStream(targetCertStr.getBytes());
}
X509Certificate target = (X509Certificate)cf.generateCertificate(is);
byte[] extVal = target.getExtensionValue("2.5.29.14");
if (extVal != null) {
DerInputStream in = new DerInputStream(extVal);
byte[] subjectKID = in.getOctetString();
selector.setSubjectKeyIdentifier(subjectKID);
} else {
// unlikely to happen.
throw new Exception("unexpected certificate: no SKID extension");
}
return selector;
}
示例8: testSubjectKeyIdentifier
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
private void testSubjectKeyIdentifier() throws IOException {
System.out.println("X.509 Certificate Match on subjectKeyIdentifier");
// bad match
X509CertSelector selector = new X509CertSelector();
byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
selector.setSubjectKeyIdentifier(b);
checkMatch(selector, cert, false);
// good match
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.14"));
byte[] encoded = in.getOctetString();
selector.setSubjectKeyIdentifier(encoded);
checkMatch(selector, cert, true);
}
示例9: matchSubjectKeyID
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
private boolean matchSubjectKeyID(X509Certificate xcert) {
if (subjectKeyID == null) {
return true;
}
try {
byte[] extVal = xcert.getExtensionValue("2.5.29.14");
if (extVal == null) {
if (debug != null) {
debug.println("X509CertSelector.match: "
+ "no subject key ID extension");
}
return false;
}
DerInputStream in = new DerInputStream(extVal);
byte[] certSubjectKeyID = in.getOctetString();
if (certSubjectKeyID == null ||
!Arrays.equals(subjectKeyID, certSubjectKeyID)) {
if (debug != null) {
debug.println("X509CertSelector.match: "
+ "subject key IDs don't match");
}
return false;
}
} catch (IOException ex) {
if (debug != null) {
debug.println("X509CertSelector.match: "
+ "exception in subject key ID check");
}
return false;
}
return true;
}
示例10: matchAuthorityKeyID
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
private boolean matchAuthorityKeyID(X509Certificate xcert) {
if (authorityKeyID == null) {
return true;
}
try {
byte[] extVal = xcert.getExtensionValue("2.5.29.35");
if (extVal == null) {
if (debug != null) {
debug.println("X509CertSelector.match: "
+ "no authority key ID extension");
}
return false;
}
DerInputStream in = new DerInputStream(extVal);
byte[] certAuthKeyID = in.getOctetString();
if (certAuthKeyID == null ||
!Arrays.equals(authorityKeyID, certAuthKeyID)) {
if (debug != null) {
debug.println("X509CertSelector.match: "
+ "authority key IDs don't match");
}
return false;
}
} catch (IOException ex) {
if (debug != null) {
debug.println("X509CertSelector.match: "
+ "exception in authority key ID check");
}
return false;
}
return true;
}
示例11: testAuthorityKeyIdentifier
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
private void testAuthorityKeyIdentifier() throws IOException {
System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
// bad match
X509CertSelector selector = new X509CertSelector();
byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
selector.setAuthorityKeyIdentifier(a.getExtensionValue());
checkMatch(selector, cert, false);
// good match
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
byte[] encoded = in.getOctetString();
selector.setAuthorityKeyIdentifier(encoded);
checkMatch(selector, cert, true);
}
示例12: getExtensionObject
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
/**
* Returns an Extension object given any X509Certificate and extension oid.
* Throw an {@code IOException} if the extension byte value is
* malformed.
*
* @param cert a {@code X509Certificate}
* @param extId an {@code integer} which specifies the extension index.
* Currently, the supported extensions are as follows:
* index 0 - PrivateKeyUsageExtension
* index 1 - SubjectAlternativeNameExtension
* index 2 - NameConstraintsExtension
* index 3 - CertificatePoliciesExtension
* index 4 - ExtendedKeyUsageExtension
* @return an {@code Extension} object whose real type is as specified
* by the extension oid.
* @throws IOException if cannot construct the {@code Extension}
* object with the extension encoding retrieved from the passed in
* {@code X509Certificate}.
*/
private static Extension getExtensionObject(X509Certificate cert, int extId)
throws IOException {
if (cert instanceof X509CertImpl) {
X509CertImpl impl = (X509CertImpl)cert;
switch (extId) {
case PRIVATE_KEY_USAGE_ID:
return impl.getPrivateKeyUsageExtension();
case SUBJECT_ALT_NAME_ID:
return impl.getSubjectAlternativeNameExtension();
case NAME_CONSTRAINTS_ID:
return impl.getNameConstraintsExtension();
case CERT_POLICIES_ID:
return impl.getCertificatePoliciesExtension();
case EXTENDED_KEY_USAGE_ID:
return impl.getExtendedKeyUsageExtension();
default:
return null;
}
}
byte[] rawExtVal = cert.getExtensionValue(EXTENSION_OIDS[extId]);
if (rawExtVal == null) {
return null;
}
DerInputStream in = new DerInputStream(rawExtVal);
byte[] encoded = in.getOctetString();
switch (extId) {
case PRIVATE_KEY_USAGE_ID:
try {
return new PrivateKeyUsageExtension(FALSE, encoded);
} catch (CertificateException ex) {
throw new IOException(ex.getMessage());
}
case SUBJECT_ALT_NAME_ID:
return new SubjectAlternativeNameExtension(FALSE, encoded);
case NAME_CONSTRAINTS_ID:
return new NameConstraintsExtension(FALSE, encoded);
case CERT_POLICIES_ID:
return new CertificatePoliciesExtension(FALSE, encoded);
case EXTENDED_KEY_USAGE_ID:
return new ExtendedKeyUsageExtension(FALSE, encoded);
default:
return null;
}
}
示例13: SignerInfo
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
/**
* Parses a PKCS#7 signer info.
*
* <p>This constructor is used only for backwards compatibility with
* PKCS#7 blocks that were generated using JDK1.1.x.
*
* @param derin the ASN.1 encoding of the signer info.
* @param oldStyle flag indicating whether or not the given signer info
* is encoded according to JDK1.1.x.
*/
public SignerInfo(DerInputStream derin, boolean oldStyle)
throws IOException, ParsingException
{
// version
version = derin.getBigInteger();
// issuerAndSerialNumber
DerValue[] issuerAndSerialNumber = derin.getSequence(2);
byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray();
issuerName = new X500Name(new DerValue(DerValue.tag_Sequence,
issuerBytes));
certificateSerialNumber = issuerAndSerialNumber[1].getBigInteger();
// digestAlgorithmId
DerValue tmp = derin.getDerValue();
digestAlgorithmId = AlgorithmId.parse(tmp);
// authenticatedAttributes
if (oldStyle) {
// In JDK1.1.x, the authenticatedAttributes are always present,
// encoded as an empty Set (Set of length zero)
derin.getSet(0);
} else {
// check if set of auth attributes (implicit tag) is provided
// (auth attributes are OPTIONAL)
if ((byte)(derin.peekByte()) == (byte)0xA0) {
authenticatedAttributes = new PKCS9Attributes(derin);
}
}
// digestEncryptionAlgorithmId - little RSA naming scheme -
// signature == encryption...
tmp = derin.getDerValue();
digestEncryptionAlgorithmId = AlgorithmId.parse(tmp);
// encryptedDigest
encryptedDigest = derin.getOctetString();
// unauthenticatedAttributes
if (oldStyle) {
// In JDK1.1.x, the unauthenticatedAttributes are always present,
// encoded as an empty Set (Set of length zero)
derin.getSet(0);
} else {
// check if set of unauth attributes (implicit tag) is provided
// (unauth attributes are OPTIONAL)
if (derin.available() != 0
&& (byte)(derin.peekByte()) == (byte)0xA1) {
unauthenticatedAttributes =
new PKCS9Attributes(derin, true);// ignore unsupported attrs
}
}
// all done
if (derin.available() != 0) {
throw new ParsingException("extra data at the end");
}
}