本文整理汇总了Java中sun.security.util.DerInputStream.getSequence方法的典型用法代码示例。如果您正苦于以下问题:Java DerInputStream.getSequence方法的具体用法?Java DerInputStream.getSequence怎么用?Java DerInputStream.getSequence使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类sun.security.util.DerInputStream的用法示例。
在下文中一共展示了DerInputStream.getSequence方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: setSigningKey
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
public void setSigningKey(String key) throws Exception {
this.signingKey = key;
key = key.trim();
key = key.replace("-----BEGIN RSA PRIVATE KEY-----\n", "")
.replace("-----END RSA PRIVATE KEY-----", "").trim().replace("\n", "");
byte[] encoded = Base64Utils.decodeFromString(key);
DerInputStream derInputStream = new DerInputStream(encoded);
DerValue[] seq = derInputStream.getSequence(0);
BigInteger modulus = seq[1].getBigInteger();
BigInteger publicExp = seq[2].getBigInteger();
BigInteger privateExp = seq[3].getBigInteger();
BigInteger prime1 = seq[4].getBigInteger();
BigInteger prime2 = seq[5].getBigInteger();
BigInteger exp1 = seq[6].getBigInteger();
BigInteger exp2 = seq[7].getBigInteger();
BigInteger crtCoef = seq[8].getBigInteger();
RSAPrivateCrtKeySpec keySpec = new RSAPrivateCrtKeySpec(modulus, publicExp,
privateExp, prime1, prime2, exp1, exp2, crtCoef);
KeyFactory kf = KeyFactory.getInstance("RSA");
this.signer = new RSASSASigner(kf.generatePrivate(keySpec));
}
示例2: checkPKCS8Encoding
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
@SuppressWarnings("fallthrough")
private static void checkPKCS8Encoding(byte[] encodedKey)
throws IOException {
DerInputStream in = new DerInputStream(encodedKey);
DerValue[] values = in.getSequence(3);
switch (values.length) {
case 4:
checkTag(values[3], DerValue.TAG_CONTEXT, "attributes");
/* fall through */
case 3:
checkTag(values[0], DerValue.tag_Integer, "version");
DerInputStream algid = values[1].toDerInputStream();
algid.getOID();
if (algid.available() != 0) {
algid.getDerValue();
}
checkTag(values[2], DerValue.tag_OctetString, "privateKey");
break;
default:
throw new IOException("invalid key encoding");
}
}
示例3: getPrivateKey
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
static PrivateKey getPrivateKey() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
byte[] pkcs1Key = DatatypeConverter.parseBase64Binary(PRIVATE_KEY.replaceAll("(-+BEGIN RSA PRIVATE KEY-+\\r?\\n|-+END RSA PRIVATE KEY-+\\r?\\n?)", ""));
DerInputStream dis = new DerInputStream(pkcs1Key);
DerValue[] disSequence = dis.getSequence(0);
BigInteger modulus = disSequence[1].getBigInteger();
BigInteger publicExp = disSequence[2].getBigInteger();
BigInteger privateExp = disSequence[3].getBigInteger();
BigInteger prime1 = disSequence[4].getBigInteger();
BigInteger prime2 = disSequence[5].getBigInteger();
BigInteger exp1 = disSequence[6].getBigInteger();
BigInteger exp2 = disSequence[7].getBigInteger();
BigInteger crtCoef = disSequence[8].getBigInteger();
RSAPrivateCrtKeySpec keySpec = new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp, prime1, prime2, exp1, exp2, crtCoef);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePrivate(keySpec);
}
示例4: checkPKCS8Encoding
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
@SuppressWarnings("fallthrough")
private void checkPKCS8Encoding(byte[] encodedKey)
throws IOException {
DerInputStream in = new DerInputStream(encodedKey);
DerValue[] values = in.getSequence(3);
switch (values.length) {
case 4:
checkTag(values[3], DerValue.TAG_CONTEXT, "attributes");
/* fall through */
case 3:
checkTag(values[0], DerValue.tag_Integer, "version");
keyAlg = AlgorithmId.parse(values[1]).getName();
checkTag(values[2], DerValue.tag_OctetString, "privateKey");
break;
default:
throw new IOException("invalid key encoding");
}
}
示例5: LocalOcspRequest
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
/**
* Construct a {@code LocalOcspRequest} from its DER encoding.
*
* @param requestBytes the DER-encoded bytes
*
* @throws IOException if decoding errors occur
* @throws CertificateException if certificates are found in the
* OCSP request and they do not parse correctly.
*/
private LocalOcspRequest(byte[] requestBytes) throws IOException,
CertificateException {
Objects.requireNonNull(requestBytes, "Received null input");
DerInputStream dis = new DerInputStream(requestBytes);
// Parse the top-level structure, it should have no more than
// two elements.
DerValue[] topStructs = dis.getSequence(2);
for (DerValue dv : topStructs) {
if (dv.tag == DerValue.tag_Sequence) {
parseTbsRequest(dv);
} else if (dv.isContextSpecific((byte)0)) {
parseSignature(dv);
} else {
throw new IOException("Unknown tag at top level: " +
dv.tag);
}
}
}
示例6: LocalSingleRequest
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
private LocalSingleRequest(DerInputStream dis)
throws IOException {
DerValue[] srItems = dis.getSequence(2);
// There should be 1, possibly 2 DerValue items
if (srItems.length == 1 || srItems.length == 2) {
// The first parsable item should be the mandatory CertId
cid = new CertId(srItems[0].data);
if (srItems.length == 2) {
if (srItems[1].isContextSpecific((byte)0)) {
DerValue[] extDerItems = srItems[1].data.getSequence(2);
extensions = parseExtensions(extDerItems);
} else {
throw new IOException("Illegal tag in Request " +
"extensions: " + srItems[1].tag);
}
}
} else {
throw new IOException("Invalid number of items in " +
"Request (" + srItems.length + ")");
}
}
示例7: getPrivateKey
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
/**
* Extracts private key (predictive_services.pem) contents
*/
private static PrivateKey getPrivateKey(String privateKeyBase64) {
String privKeyPEM = privateKeyBase64.replace("-----BEGIN RSA PRIVATE KEY-----\n", "");
privKeyPEM = privKeyPEM.replace("\n-----END RSA PRIVATE KEY-----", "");
// Base64 decode the data
byte[] encoded = Base64.decodeBase64(privKeyPEM);
try {
DerInputStream derReader = new DerInputStream(encoded);
DerValue[] seq = derReader.getSequence(0);
if (seq.length < 9) {
throw new GeneralSecurityException("Could not read private key");
}
// skip version seq[0];
BigInteger modulus = seq[1].getBigInteger();
BigInteger publicExp = seq[2].getBigInteger();
BigInteger privateExp = seq[3].getBigInteger();
BigInteger primeP = seq[4].getBigInteger();
BigInteger primeQ = seq[5].getBigInteger();
BigInteger expP = seq[6].getBigInteger();
BigInteger expQ = seq[7].getBigInteger();
BigInteger crtCoeff = seq[8].getBigInteger();
RSAPrivateCrtKeySpec keySpec = new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp,
primeP, primeQ, expP, expQ, crtCoeff);
KeyFactory factory = KeyFactory.getInstance("RSA");
return factory.generatePrivate(keySpec);
} catch (IOException | GeneralSecurityException e) {
Throwables.propagate(e);
}
return null;
}
示例8: verifyExtStructure
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
public static void verifyExtStructure(byte[] derData) throws IOException {
debuglog("verifyASN1Extension() received " + derData.length + " bytes");
DerInputStream dis = new DerInputStream(derData);
// The sequenceItems array should be either two or three elements
// long. If three, then the criticality bit setting has been asserted.
DerValue[] sequenceItems = dis.getSequence(3);
debuglog("Found sequence containing " + sequenceItems.length +
" elements");
if (sequenceItems.length != 2 && sequenceItems.length != 3) {
throw new RuntimeException("Incorrect number of items found in " +
"the SEQUENCE (Got " + sequenceItems.length +
", expected 2 or 3 items)");
}
int seqIndex = 0;
ObjectIdentifier extOid = sequenceItems[seqIndex++].getOID();
debuglog("Found OID: " + extOid.toString());
if (!extOid.equals((Object)PKIXExtensions.OCSPNonce_Id)) {
throw new RuntimeException("Incorrect OID (Got " +
extOid.toString() + ", expected " +
PKIXExtensions.OCSPNonce_Id.toString() + ")");
}
if (sequenceItems.length == 3) {
// Non-default criticality bit setting should be at index 1
boolean isCrit = sequenceItems[seqIndex++].getBoolean();
debuglog("Found BOOLEAN (critical): " + isCrit);
}
// The extnValue is an encapsulating OCTET STRING that contains the
// extension's value. For the OCSP Nonce, that value itself is also
// an OCTET STRING consisting of the random bytes.
DerValue extnValue =
new DerValue(sequenceItems[seqIndex++].getOctetString());
byte[] nonceData = extnValue.getOctetString();
debuglog("Found " + nonceData.length + " bytes of nonce data");
}
示例9: parsePKIPATH
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
/**
* Parse a PKIPATH format CertPath from an InputStream. Return an
* unmodifiable List of the certificates.
*
* @param is the <code>InputStream</code> to read the data from
* @return an unmodifiable List of the certificates
* @exception CertificateException if an exception occurs
*/
private static List<X509Certificate> parsePKIPATH(InputStream is)
throws CertificateException {
List<X509Certificate> certList = null;
CertificateFactory certFac = null;
if (is == null) {
throw new CertificateException("input stream is null");
}
try {
DerInputStream dis = new DerInputStream(readAllBytes(is));
DerValue[] seq = dis.getSequence(3);
if (seq.length == 0) {
return Collections.<X509Certificate>emptyList();
}
certFac = CertificateFactory.getInstance("X.509");
certList = new ArrayList<X509Certificate>(seq.length);
// append certs in reverse order (target to trust anchor)
for (int i = seq.length-1; i >= 0; i--) {
certList.add((X509Certificate)certFac.generateCertificate
(new ByteArrayInputStream(seq[i].toByteArray())));
}
return Collections.unmodifiableList(certList);
} catch (IOException ioe) {
throw new CertificateException("IOException parsing PkiPath data: "
+ ioe, ioe);
}
}
示例10: MacData
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
/**
* Parses a PKCS#12 MAC data.
*/
MacData(DerInputStream derin)
throws IOException, ParsingException
{
DerValue[] macData = derin.getSequence(2);
// Parse the digest info
DerInputStream digestIn = new DerInputStream(macData[0].toByteArray());
DerValue[] digestInfo = digestIn.getSequence(2);
// Parse the DigestAlgorithmIdentifier.
AlgorithmId digestAlgorithmId = AlgorithmId.parse(digestInfo[0]);
this.digestAlgorithmName = digestAlgorithmId.getName();
this.digestAlgorithmParams = digestAlgorithmId.getParameters();
// Get the digest.
this.digest = digestInfo[1].getOctetString();
// Get the salt.
this.macSalt = macData[1].getOctetString();
// Iterations is optional. The default value is 1.
if (macData.length > 2) {
this.iterations = macData[2].getInteger();
} else {
this.iterations = 1;
}
}
示例11: OCSPStatusRequest
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
/**
* Construct an {@code OCSPStatusRequest} object from data read from
* a {@code HandshakeInputStream}
*
* @param s the {@code HandshakeInputStream} providing the encoded data
*
* @throws IOException if any decoding errors happen during object
* construction.
*/
OCSPStatusRequest(HandshakeInStream in) throws IOException {
responderIds = new ArrayList<>();
extensions = new ArrayList<>();
int ridListBytesRemaining = in.getInt16();
while (ridListBytesRemaining != 0) {
byte[] ridBytes = in.getBytes16();
responderIds.add(new ResponderId(ridBytes));
ridListBytesRemaining -= (ridBytes.length + 2);
// Make sure that no individual responder ID's length caused an
// overrun relative to the outer responder ID list length
if (ridListBytesRemaining < 0) {
throw new SSLException("Responder ID length overflow: " +
"current rid = " + ridBytes.length + ", remaining = " +
ridListBytesRemaining);
}
}
int extensionLength = in.getInt16();
if (extensionLength > 0) {
byte[] extensionData = new byte[extensionLength];
in.read(extensionData);
DerInputStream dis = new DerInputStream(extensionData);
DerValue[] extSeqContents = dis.getSequence(extensionData.length);
for (DerValue extDerVal : extSeqContents) {
extensions.add(new sun.security.x509.Extension(extDerVal));
}
}
}
示例12: SignerInfo
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
/**
* Parses a PKCS#7 signer info.
*
* <p>This constructor is used only for backwards compatibility with
* PKCS#7 blocks that were generated using JDK1.1.x.
*
* @param derin the ASN.1 encoding of the signer info.
* @param oldStyle flag indicating whether or not the given signer info
* is encoded according to JDK1.1.x.
*/
public SignerInfo(DerInputStream derin, boolean oldStyle)
throws IOException, ParsingException
{
// version
version = derin.getBigInteger();
// issuerAndSerialNumber
DerValue[] issuerAndSerialNumber = derin.getSequence(2);
byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray();
issuerName = new X500Name(new DerValue(DerValue.tag_Sequence,
issuerBytes));
certificateSerialNumber = issuerAndSerialNumber[1].getBigInteger();
// digestAlgorithmId
DerValue tmp = derin.getDerValue();
digestAlgorithmId = AlgorithmId.parse(tmp);
// authenticatedAttributes
if (oldStyle) {
// In JDK1.1.x, the authenticatedAttributes are always present,
// encoded as an empty Set (Set of length zero)
derin.getSet(0);
} else {
// check if set of auth attributes (implicit tag) is provided
// (auth attributes are OPTIONAL)
if ((byte)(derin.peekByte()) == (byte)0xA0) {
authenticatedAttributes = new PKCS9Attributes(derin);
}
}
// digestEncryptionAlgorithmId - little RSA naming scheme -
// signature == encryption...
tmp = derin.getDerValue();
digestEncryptionAlgorithmId = AlgorithmId.parse(tmp);
// encryptedDigest
encryptedDigest = derin.getOctetString();
// unauthenticatedAttributes
if (oldStyle) {
// In JDK1.1.x, the unauthenticatedAttributes are always present,
// encoded as an empty Set (Set of length zero)
derin.getSet(0);
} else {
// check if set of unauth attributes (implicit tag) is provided
// (unauth attributes are OPTIONAL)
if (derin.available() != 0
&& (byte)(derin.peekByte()) == (byte)0xA1) {
unauthenticatedAttributes =
new PKCS9Attributes(derin, true);// ignore unsupported attrs
}
}
// all done
if (derin.available() != 0) {
throw new ParsingException("extra data at the end");
}
}
示例13: testDN
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
private static void testDN(String dn) throws Exception {
X500Principal p = new X500Principal(dn);
byte[] encoded = p.getEncoded();
// name is a sequence of RDN's
DerInputStream dis = new DerInputStream(encoded);
DerValue[] nameseq = dis.getSequence(3);
boolean passed = false;
for (int i = 0; i < nameseq.length; i++) {
// each RDN is a set of AttributeTypeAndValue
DerInputStream is = new DerInputStream(nameseq[i].toByteArray());
DerValue[] ava = is.getSet(3);
for (int j = 0; j < ava.length; j++) {
ObjectIdentifier oid = ava[j].data.getOID();
if (oid.equals(X500Name.DOMAIN_COMPONENT_OID)) {
DerValue value = ava[j].data.getDerValue();
if (value.getTag() == DerValue.tag_IA5String) {
passed = true;
break;
} else {
throw new SecurityException
("Test failed, expected DOMAIN_COMPONENT tag '" +
DerValue.tag_IA5String +
"', got '" +
value.getTag() + "'");
}
}
}
if (passed) {
break;
}
}
if (passed) {
System.out.println("Test passed");
} else {
throw new SecurityException("Test failed");
}
}
示例14: engineVerify
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
/**
* Verify all the data thus far updated.
*
* @param signature the alleged signature, encoded using the
* format indicated by {@code p1363Format}. If {@code p1363Format}
* is {@code false} (the default), then the signature is formatted
* according to the Canonical Encoding Rules, as a DER sequence of
* Integers, r and s. If {@code p1363Format} is {@code false},
* the signature is in the IEEE P1363 format, which is the
* concatenation or r and s.
*
* @param offset the offset to start from in the array of bytes.
*
* @param length the number of bytes to use, starting at offset.
*
* @exception SignatureException if the signature object was not
* properly initialized, or if another exception occurs.
*
* @see sun.security.DSA#engineUpdate
* @see sun.security.DSA#engineSign
*/
protected boolean engineVerify(byte[] signature, int offset, int length)
throws SignatureException {
BigInteger r = null;
BigInteger s = null;
if (p1363Format) {
if ((length & 1) == 1) {
// length of signature byte array should be even
throw new SignatureException("invalid signature format");
}
int mid = length/2;
r = new BigInteger(Arrays.copyOfRange(signature, 0, mid));
s = new BigInteger(Arrays.copyOfRange(signature, mid, length));
} else {
// first decode the signature.
try {
DerInputStream in = new DerInputStream(signature, offset,
length);
DerValue[] values = in.getSequence(2);
r = values[0].getBigInteger();
s = values[1].getBigInteger();
} catch (IOException e) {
throw new SignatureException("invalid encoding for signature");
}
}
// some implementations do not correctly encode values in the ASN.1
// 2's complement format. force r and s to be positive in order to
// to validate those signatures
if (r.signum() < 0) {
r = new BigInteger(1, r.toByteArray());
}
if (s.signum() < 0) {
s = new BigInteger(1, s.toByteArray());
}
if ((r.compareTo(presetQ) == -1) && (s.compareTo(presetQ) == -1)) {
BigInteger w = generateW(presetP, presetQ, presetG, s);
BigInteger v = generateV(presetY, presetP, presetQ, presetG, w, r);
return v.equals(r);
} else {
throw new SignatureException("invalid signature: out of range values");
}
}
示例15: engineVerify
import sun.security.util.DerInputStream; //导入方法依赖的package包/类
/**
* Verify all the data thus far updated.
*
* @param signature the alledged signature, encoded using the
* Canonical Encoding Rules, as a sequence of integers, r and s.
*
* @param offset the offset to start from in the array of bytes.
*
* @param length the number of bytes to use, starting at offset.
*
* @exception SignatureException if the signature object was not
* properly initialized, or if another exception occurs.
*
* @see sun.security.DSA#engineUpdate
* @see sun.security.DSA#engineSign
*/
protected boolean engineVerify(byte[] signature, int offset, int length)
throws SignatureException {
BigInteger r = null;
BigInteger s = null;
// first decode the signature.
try {
// Enforce strict DER checking for signatures
DerInputStream in =
new DerInputStream(signature, offset, length, false);
DerValue[] values = in.getSequence(2);
// check number of components in the read sequence
// and trailing data
if ((values.length != 2) || (in.available() != 0)) {
throw new IOException("Invalid encoding for signature");
}
r = values[0].getBigInteger();
s = values[1].getBigInteger();
} catch (IOException e) {
throw new SignatureException("Invalid encoding for signature", e);
}
// some implementations do not correctly encode values in the ASN.1
// 2's complement format. force r and s to be positive in order to
// to validate those signatures
if (r.signum() < 0) {
r = new BigInteger(1, r.toByteArray());
}
if (s.signum() < 0) {
s = new BigInteger(1, s.toByteArray());
}
if ((r.compareTo(presetQ) == -1) && (s.compareTo(presetQ) == -1)) {
BigInteger w = generateW(presetP, presetQ, presetG, s);
BigInteger v = generateV(presetY, presetP, presetQ, presetG, w, r);
return v.equals(r);
} else {
throw new SignatureException("invalid signature: out of range values");
}
}