[multiple changes]
2005-02-16 Mark Wielaard <mark@klomp.org> * Makefile.am (ordinary_java_source_files): Add new files gnu/java/security/ber/BER.java, gnu/java/security/ber/BEREncodingException.java, gnu/java/security/ber/BERReader.java, gnu/java/security/ber/BERValue.java, gnu/java/security/pkcs/PKCS7SignedData.java and gnu/java/security/pkcs/SignerInfo.java. * Makefile.in: Regenerated. 2005-02-16 Casey Marshall <csm@gnu.org> * gnu/java/security/provider/GnuDSAPrivateKey.java (encodedKey): new field. (getFormat): return "PKCS#8". (getEncoded): implemented. (toString): check for 'null' values. * gnu/java/security/provider/GnuDSAPublicKey.java (encodedKey): new field. (getFormat): return "X.509". (getEncoded): implemented. (toString): check for 'null' values. 2005-02-16 Michael Koch <konqueror@gmx.de> * java/util/jar/JarFile.java: Imports reworked. 2005-02-16 Mark Wielaard <mark@klomp.org> * java/util/jar/JarFile.java (verify): Make package private. (signaturesRead): Likewise. (verified): Likewise. (entryCerts): Likewise. (DEBUG): Likewise. (debug): Likewise. (entries): Construct new JarEnumeration with reference to this. (JarEnumeration): Make static. (JarEnumeration.jarfile): New field. (JarEnumeration.nextElement): Use and synchronize on jarfile. Compare verified value to Boolean.TRUE or Boolean.False only when verify is true. (getEntry): Make synchronized. Compare value of verified to Boolean.TRUE. (getInputStream): Construct EntryInputStream with reference to this. (getManifest): Make synchronized. (EntryInputStream): Make static. (EntryInputStream.jarfile): New field. (EntryInputStream.EntryInputStream): Check if manifest exists, before getting attributes. (eof): Synchronize on jarfile. 2005-02-16 Casey Marshall <csm@gnu.org> * java/util/jar/JarFile.java (verify): return if the jar is signed with an unsupported algorithm. 2005-02-16 Mark Wielaard <mark@klomp.org> * java/util/jar/JarFile.java (EntryInputStream): Add actual InputStream as argument. (getInputStream): Construct a new EntryInputStream with the result of super.getInputStream(entry). 2005-02-16 Casey Marshall <csm@gnu.org> Signed JAR file support. * java/net/URLClassLoader.java (JarURLResource.getCertificates): re-read jar entry to ensure certificates are picked up. (findClass): fill in class `signers' field, too. * java/util/jar/JarFile.java (META_INF): new constant. (PKCS7_DSA_SUFFIX): new constant. (PKCS7_RSA_SUFFIX): new constant. (DIGEST_KEY_SUFFIX): new constant. (SF_SUFFIX): new constant. (MD2_OID): new constant. (MD4_OID): new constant. (MD5_OID): new constant. (SHA1_OID): new constant. (DSA_ENCRYPTION_OID): new constant. (RSA_ENCRYPTION_OID): new constant. (signaturesRead): new field. (verified): new field. (entryCerts): new field. (DEBUG): new constant. (debug): new method. (JarEnumeration.nextElement): fill in entry certificates, read signatures if they haven't been read. (getEntry): likewise. (getInputStream): verify stream if it hasn't been verified yet. (readSignatures): new method. (verify): new method. (verifyHashes): new method. (readManifestEntry): new method. (EntryInputStream): new class. * gnu/java/io/Base64InputStream.java (decode): new class method. * gnu/java/security/der/DERReader.java don't make class final. (in): made protected. (encBuf): likewise. (readLength): likewise. * gnu/java/security/ber/BER.java, * gnu/java/security/ber/BEREncodingException.java, * gnu/java/security/ber/BERReader.java, * gnu/java/security/ber/BERValue.java, * gnu/java/security/pkcs/PKCS7SignedData.java, * gnu/java/security/pkcs/SignerInfo.java: new files. From-SVN: r95124
This commit is contained in:
@@ -0,0 +1,363 @@
|
||||
/* PKCS7SignedData.java -- reader for PKCS#7 signedData objects.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
||||
02111-1307 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.pkcs;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.ber.BER;
|
||||
import gnu.java.security.ber.BEREncodingException;
|
||||
import gnu.java.security.ber.BERReader;
|
||||
import gnu.java.security.ber.BERValue;
|
||||
import gnu.java.security.der.DERValue;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
||||
import java.math.BigInteger;
|
||||
|
||||
import java.security.cert.CRL;
|
||||
import java.security.cert.CRLException;
|
||||
import java.security.cert.Certificate;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.CertificateFactory;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* The SignedData object in PKCS #7. This is a read-only implementation of
|
||||
* this format, and is used to provide signed Jar file support.
|
||||
*
|
||||
* @author Casey Marshall (csm@gnu.org)
|
||||
*/
|
||||
public class PKCS7SignedData
|
||||
{
|
||||
|
||||
public static final OID PKCS7_DATA = new OID("1.2.840.113549.1.7.1");
|
||||
public static final OID PKCS7_SIGNED_DATA = new OID("1.2.840.113549.1.7.2");
|
||||
|
||||
private BigInteger version;
|
||||
private Set digestAlgorithms;
|
||||
private OID contentType;
|
||||
private byte[] content;
|
||||
private Certificate[] certificates;
|
||||
private CRL[] crls;
|
||||
private Set signerInfos;
|
||||
|
||||
private static final boolean DEBUG = false;
|
||||
private static void debug(String msg)
|
||||
{
|
||||
System.err.print("PKCS7SignedData >> ");
|
||||
System.err.println(msg);
|
||||
}
|
||||
|
||||
public PKCS7SignedData(InputStream in)
|
||||
throws CRLException, CertificateException, IOException
|
||||
{
|
||||
this(new BERReader(in));
|
||||
}
|
||||
|
||||
/**
|
||||
* Parse an encoded PKCS#7 SignedData object. The ASN.1 format of this
|
||||
* object is:
|
||||
*
|
||||
* <pre>
|
||||
* SignedData ::= SEQUENCE {
|
||||
* version Version,
|
||||
* digestAlgorithms DigestAlgorithmIdentifiers,
|
||||
* contentInfo ContentInfo,
|
||||
* certificates
|
||||
* [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL,
|
||||
* crls
|
||||
* [1] IMPLICIT CertificateRevocationLists OPTIONAL,
|
||||
* signerInfos SignerInfos }
|
||||
*
|
||||
* Version ::= INTEGER
|
||||
*
|
||||
* DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
|
||||
*
|
||||
* DigestAlgorithmIdentifier ::= AlgorithmIdentifier
|
||||
*
|
||||
* ContentInfo ::= SEQUENCE {
|
||||
* contentType ContentType,
|
||||
* content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
|
||||
*
|
||||
* ContentType ::= OBJECT IDENTIFIER
|
||||
*
|
||||
* ExtendedCertificatesAndCertificates ::=
|
||||
* SET OF ExtendedCertificatesAndCertificate
|
||||
*
|
||||
* ExtendedCertificatesAndCertificate ::= CHOICE {
|
||||
* certificate Certificate, -- from X.509
|
||||
* extendedCertificate [0] IMPLICIT ExtendedCertificate }
|
||||
*
|
||||
* CertificateRevocationLists ::= SET OF CertificateRevocationList
|
||||
* -- from X.509
|
||||
*
|
||||
* SignerInfos ::= SET OF SignerInfo
|
||||
*
|
||||
* SignerInfo ::= SEQUENCE {
|
||||
* version Version,
|
||||
* issuerAndSerialNumber IssuerAndSerialNumber,
|
||||
* digestAlgorithm DigestAlgorithmIdentifier,
|
||||
* authenticatedAttributes
|
||||
* [0] IMPLICIT Attributes OPTIONAL,
|
||||
* digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
|
||||
* encryptedDigest EncryptedDigest,
|
||||
* unauthenticatedAttributes
|
||||
* [1] IMPLICIT Attributes OPTIONAL }
|
||||
*
|
||||
* EncryptedDigest ::= OCTET STRING
|
||||
* </pre>
|
||||
*
|
||||
* <p>(Readers who are confused as to why it takes 40 levels of indirection
|
||||
* to specify "data with a signature", rest assured that the present author
|
||||
* is as confused as you are).</p>
|
||||
*/
|
||||
public PKCS7SignedData(BERReader ber)
|
||||
throws CRLException, CertificateException, IOException
|
||||
{
|
||||
CertificateFactory x509 = CertificateFactory.getInstance("X509");
|
||||
DERValue val = ber.read();
|
||||
if (!val.isConstructed())
|
||||
throw new BEREncodingException("malformed ContentInfo");
|
||||
|
||||
val = ber.read();
|
||||
if (val.getTag() != BER.OBJECT_IDENTIFIER)
|
||||
throw new BEREncodingException("malformed ContentType");
|
||||
|
||||
if (!PKCS7_SIGNED_DATA.equals(val.getValue()))
|
||||
throw new BEREncodingException("content is not SignedData");
|
||||
|
||||
val = ber.read();
|
||||
if (val.getTag() != 0)
|
||||
throw new BEREncodingException("malformed Content");
|
||||
|
||||
val = ber.read();
|
||||
if (!val.isConstructed())
|
||||
throw new BEREncodingException("malformed SignedData");
|
||||
|
||||
if (DEBUG)
|
||||
debug("SignedData: " + val);
|
||||
|
||||
val = ber.read();
|
||||
if (val.getTag() != BER.INTEGER)
|
||||
throw new BEREncodingException("expecting Version");
|
||||
version = (BigInteger) val.getValue();
|
||||
|
||||
if (DEBUG)
|
||||
debug(" Version: " + version);
|
||||
|
||||
digestAlgorithms = new HashSet();
|
||||
val = ber.read();
|
||||
if (!val.isConstructed())
|
||||
throw new BEREncodingException("malformed DigestAlgorithmIdentifiers");
|
||||
if (DEBUG)
|
||||
debug(" DigestAlgorithmIdentifiers: " + val);
|
||||
int count = 0;
|
||||
DERValue val2 = ber.read();
|
||||
while (val2 != BER.END_OF_SEQUENCE &&
|
||||
(val.getLength() > 0 && val.getLength() > count))
|
||||
{
|
||||
if (!val2.isConstructed())
|
||||
throw new BEREncodingException("malformed AlgorithmIdentifier");
|
||||
if (DEBUG)
|
||||
debug(" AlgorithmIdentifier: " + val2);
|
||||
count += val2.getEncodedLength();
|
||||
val2 = ber.read();
|
||||
if (val2.getTag() != BER.OBJECT_IDENTIFIER)
|
||||
throw new BEREncodingException("malformed AlgorithmIdentifier");
|
||||
if (DEBUG)
|
||||
debug(" ID: " + val2.getValue());
|
||||
List algId = new ArrayList(2);
|
||||
algId.add(val2.getValue());
|
||||
val2 = ber.read();
|
||||
if (val2 != BER.END_OF_SEQUENCE)
|
||||
{
|
||||
count += val2.getEncodedLength();
|
||||
if (val2.getTag() == BER.NULL)
|
||||
algId.add(null);
|
||||
else
|
||||
algId.add(val2.getEncoded());
|
||||
if (DEBUG)
|
||||
debug(" params: " + new BigInteger(1, val2.getEncoded()).toString(16));
|
||||
if (val2.isConstructed())
|
||||
ber.skip(val2.getLength());
|
||||
if (BERValue.isIndefinite(val))
|
||||
val2 = ber.read();
|
||||
}
|
||||
else
|
||||
algId.add(null);
|
||||
digestAlgorithms.add(algId);
|
||||
}
|
||||
|
||||
val = ber.read();
|
||||
if (!val.isConstructed())
|
||||
throw new BEREncodingException("malformed ContentInfo");
|
||||
if (DEBUG)
|
||||
debug(" ContentInfo: " + val);
|
||||
val2 = ber.read();
|
||||
if (val2.getTag() != BER.OBJECT_IDENTIFIER)
|
||||
throw new BEREncodingException("malformed ContentType");
|
||||
contentType = (OID) val2.getValue();
|
||||
if (DEBUG)
|
||||
debug(" ContentType: " + contentType);
|
||||
if (BERValue.isIndefinite(val)
|
||||
|| (val.getLength() > 0 && val.getLength() > val2.getEncodedLength()))
|
||||
{
|
||||
val2 = ber.read();
|
||||
if (val2 != BER.END_OF_SEQUENCE)
|
||||
{
|
||||
content = val2.getEncoded();
|
||||
if (BERValue.isIndefinite(val))
|
||||
val2 = ber.read();
|
||||
if (DEBUG)
|
||||
debug(" Content: " + new BigInteger(1, content).toString(16));
|
||||
}
|
||||
}
|
||||
|
||||
val = ber.read();
|
||||
if (val.getTag() == 0)
|
||||
{
|
||||
if (!val.isConstructed())
|
||||
throw new BEREncodingException("malformed ExtendedCertificatesAndCertificates");
|
||||
if (DEBUG)
|
||||
debug(" ExtendedCertificatesAndCertificates: " + val);
|
||||
count = 0;
|
||||
val2 = ber.read();
|
||||
List certs = new LinkedList();
|
||||
while (val2 != BER.END_OF_SEQUENCE &&
|
||||
(val.getLength() > 0 && val.getLength() > count))
|
||||
{
|
||||
Certificate cert =
|
||||
x509.generateCertificate(new ByteArrayInputStream(val2.getEncoded()));
|
||||
if (DEBUG)
|
||||
debug(" Certificate: " + cert);
|
||||
certs.add(cert);
|
||||
count += val2.getEncodedLength();
|
||||
ber.skip(val2.getLength());
|
||||
if (BERValue.isIndefinite(val) || val.getLength() > count)
|
||||
val2 = ber.read();
|
||||
}
|
||||
certificates = (Certificate[]) certs.toArray(new Certificate[certs.size()]);
|
||||
val = ber.read();
|
||||
}
|
||||
|
||||
if (val.getTag() == 1)
|
||||
{
|
||||
if (!val.isConstructed())
|
||||
throw new BEREncodingException("malformed CertificateRevocationLists");
|
||||
if (DEBUG)
|
||||
debug(" CertificateRevocationLists: " + val);
|
||||
count = 0;
|
||||
val2 = ber.read();
|
||||
List crls = new LinkedList();
|
||||
while (val2 != BER.END_OF_SEQUENCE &&
|
||||
(val.getLength() > 0 && val.getLength() > count))
|
||||
{
|
||||
CRL crl = x509.generateCRL(new ByteArrayInputStream(val2.getEncoded()));
|
||||
if (DEBUG)
|
||||
debug (" CRL: " + crl);
|
||||
crls.add(crl);
|
||||
count += val2.getEncodedLength();
|
||||
ber.skip(val2.getLength());
|
||||
if (BERValue.isIndefinite(val) || val.getLength() > count)
|
||||
val2 = ber.read();
|
||||
}
|
||||
this.crls = (CRL[]) crls.toArray(new CRL[crls.size()]);
|
||||
val = ber.read();
|
||||
}
|
||||
|
||||
signerInfos = new HashSet();
|
||||
if (!val.isConstructed())
|
||||
throw new BEREncodingException("malformed SignerInfos");
|
||||
|
||||
if (DEBUG)
|
||||
debug(" SignerInfos: " + val);
|
||||
|
||||
// FIXME read this more carefully.
|
||||
// Since we are just reading a file (probably) we just read until we
|
||||
// reach the end.
|
||||
while (true)
|
||||
{
|
||||
int i = ber.peek();
|
||||
if (i == 0 || i == -1)
|
||||
break;
|
||||
signerInfos.add(new SignerInfo(ber));
|
||||
}
|
||||
}
|
||||
|
||||
public BigInteger getVersion()
|
||||
{
|
||||
return version;
|
||||
}
|
||||
|
||||
public Certificate[] getCertificates()
|
||||
{
|
||||
return (certificates != null ? (Certificate[]) certificates.clone()
|
||||
: null);
|
||||
}
|
||||
|
||||
public OID getContentType()
|
||||
{
|
||||
return contentType;
|
||||
}
|
||||
|
||||
public byte[] getContent()
|
||||
{
|
||||
return (content != null ? (byte[]) content.clone() : null);
|
||||
}
|
||||
|
||||
public Set getDigestAlgorithms()
|
||||
{
|
||||
// FIXME copy contents too, they are mutable!!!
|
||||
return Collections.unmodifiableSet(digestAlgorithms);
|
||||
}
|
||||
|
||||
public Set getSignerInfos()
|
||||
{
|
||||
Set copy = new HashSet();
|
||||
for (Iterator it = signerInfos.iterator(); it.hasNext(); )
|
||||
copy.add(it.next());
|
||||
return Collections.unmodifiableSet(copy);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,280 @@
|
||||
/* SignerInfo.java -- a SignerInfo object, from PKCS #7.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
||||
02111-1307 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.pkcs;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.ber.BER;
|
||||
import gnu.java.security.ber.BEREncodingException;
|
||||
import gnu.java.security.ber.BERReader;
|
||||
import gnu.java.security.ber.BERValue;
|
||||
import gnu.java.security.der.BitString;
|
||||
import gnu.java.security.der.DERValue;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
||||
import java.math.BigInteger;
|
||||
|
||||
import javax.security.auth.x500.X500Principal;
|
||||
|
||||
public class SignerInfo
|
||||
{
|
||||
private final BigInteger version;
|
||||
private final BigInteger serialNumber;
|
||||
private final X500Principal issuer;
|
||||
private final OID digestAlgorithmId;
|
||||
private final byte[] digestAlgorithmParams;
|
||||
private final byte[] authenticatedAttributes;
|
||||
private final OID digestEncryptionAlgorithmId;
|
||||
private final byte[] digestEncryptionAlgorithmParams;
|
||||
private final byte[] encryptedDigest;
|
||||
private final byte[] unauthenticatedAttributes;
|
||||
|
||||
private static final boolean DEBUG = false;
|
||||
private static void debug(String msg)
|
||||
{
|
||||
System.err.print("SignerInfo >> ");
|
||||
System.err.println(msg);
|
||||
}
|
||||
|
||||
/**
|
||||
* Parse a SignerInfo object.
|
||||
*/
|
||||
public SignerInfo(BERReader ber) throws IOException
|
||||
{
|
||||
DERValue val = ber.read();
|
||||
if (DEBUG)
|
||||
debug("SignerInfo: " + val);
|
||||
if (!val.isConstructed())
|
||||
throw new BEREncodingException("malformed SignerInfo");
|
||||
|
||||
val = ber.read();
|
||||
if (val.getTag() != BER.INTEGER)
|
||||
throw new BEREncodingException("malformed Version");
|
||||
version = (BigInteger) val.getValue();
|
||||
|
||||
if (DEBUG)
|
||||
debug(" Version: " + version);
|
||||
|
||||
val = ber.read();
|
||||
if (!val.isConstructed())
|
||||
throw new BEREncodingException("malformed IssuerAndSerialNumber");
|
||||
|
||||
if (DEBUG)
|
||||
debug(" IssuerAndSerialNumber: " + val);
|
||||
|
||||
val = ber.read();
|
||||
if (!val.isConstructed())
|
||||
throw new BEREncodingException("malformed Issuer");
|
||||
issuer = new X500Principal(val.getEncoded());
|
||||
ber.skip(val.getLength());
|
||||
if (DEBUG)
|
||||
debug(" Issuer: " + issuer);
|
||||
|
||||
val = ber.read();
|
||||
if (val.getTag() != BER.INTEGER)
|
||||
throw new BEREncodingException("malformed SerialNumber");
|
||||
serialNumber = (BigInteger) val.getValue();
|
||||
if (DEBUG)
|
||||
debug(" SerialNumber: " + serialNumber);
|
||||
|
||||
val = ber.read();
|
||||
if (!val.isConstructed())
|
||||
throw new BEREncodingException("malformed DigestAlgorithmIdentifier");
|
||||
if (DEBUG)
|
||||
debug(" DigestAlgorithmIdentifier: " + val);
|
||||
|
||||
int count = 0;
|
||||
DERValue val2 = ber.read();
|
||||
if (val2.getTag() != BER.OBJECT_IDENTIFIER)
|
||||
throw new BEREncodingException("malformed AlgorithmIdentifier");
|
||||
digestAlgorithmId = (OID) val2.getValue();
|
||||
if (DEBUG)
|
||||
debug(" OID: " + digestAlgorithmId);
|
||||
|
||||
if (BERValue.isIndefinite(val))
|
||||
{
|
||||
val2 = ber.read();
|
||||
if (val2 != BER.END_OF_SEQUENCE)
|
||||
{
|
||||
digestAlgorithmParams = val2.getEncoded();
|
||||
val2 = ber.read();
|
||||
if (val2 != BER.END_OF_SEQUENCE)
|
||||
throw new BEREncodingException("expecting BER end-of-sequence");
|
||||
}
|
||||
else
|
||||
digestAlgorithmParams = null;
|
||||
}
|
||||
else if (val2.getEncodedLength() < val.getLength())
|
||||
{
|
||||
val2 = ber.read();
|
||||
digestAlgorithmParams = val2.getEncoded();
|
||||
if (val2.isConstructed())
|
||||
ber.skip(val2.getLength());
|
||||
}
|
||||
else
|
||||
digestAlgorithmParams = null;
|
||||
if(DEBUG)
|
||||
debug(" params: " + (digestAlgorithmParams == null ? null
|
||||
: new BigInteger(digestAlgorithmParams).toString(16)));
|
||||
|
||||
val = ber.read();
|
||||
if (val.getTag() == 0)
|
||||
{
|
||||
authenticatedAttributes = val.getEncoded();
|
||||
val = ber.read();
|
||||
if (val.isConstructed())
|
||||
ber.skip(val.getLength());
|
||||
if (DEBUG)
|
||||
debug(" AuthenticatedAttributes: " + val);
|
||||
val = ber.read();
|
||||
}
|
||||
else
|
||||
authenticatedAttributes = null;
|
||||
|
||||
if (!val.isConstructed())
|
||||
throw new BEREncodingException("malformed DigestEncryptionAlgorithmIdentifier");
|
||||
if (DEBUG)
|
||||
debug(" DigestEncryptionAlgorithmIdentifier: " + val);
|
||||
count = 0;
|
||||
val2 = ber.read();
|
||||
if (val2.getTag() != BER.OBJECT_IDENTIFIER)
|
||||
throw new BEREncodingException("malformed AlgorithmIdentifier");
|
||||
digestEncryptionAlgorithmId = (OID) val2.getValue();
|
||||
if (DEBUG)
|
||||
debug(" OID: " + digestEncryptionAlgorithmId);
|
||||
|
||||
if (BERValue.isIndefinite(val))
|
||||
{
|
||||
val2 = ber.read();
|
||||
if (val2 != BER.END_OF_SEQUENCE)
|
||||
{
|
||||
digestEncryptionAlgorithmParams = val2.getEncoded();
|
||||
val2 = ber.read();
|
||||
if (val2 != BER.END_OF_SEQUENCE)
|
||||
throw new BEREncodingException("expecting BER end-of-sequence");
|
||||
}
|
||||
else
|
||||
digestEncryptionAlgorithmParams = null;
|
||||
}
|
||||
else if (val2.getEncodedLength() < val.getLength())
|
||||
{
|
||||
val2 = ber.read();
|
||||
digestEncryptionAlgorithmParams = val2.getEncoded();
|
||||
if (val2.isConstructed())
|
||||
ber.skip(val2.getLength());
|
||||
}
|
||||
else
|
||||
digestEncryptionAlgorithmParams = null;
|
||||
if(DEBUG)
|
||||
debug(" params: " + (digestEncryptionAlgorithmParams == null ? null
|
||||
: new BigInteger(digestEncryptionAlgorithmParams).toString(16)));
|
||||
|
||||
val = ber.read();
|
||||
if (val.getTag() != BER.OCTET_STRING)
|
||||
throw new BEREncodingException("malformed EncryptedDigest");
|
||||
encryptedDigest = (byte[]) val.getValue();
|
||||
if (DEBUG)
|
||||
debug(" EncryptedDigest: " + new BigInteger(1, encryptedDigest).toString(16));
|
||||
|
||||
if (ber.peek() == 1)
|
||||
unauthenticatedAttributes = ber.read().getEncoded();
|
||||
else
|
||||
unauthenticatedAttributes = null;
|
||||
|
||||
if (ber.peek() == 0)
|
||||
ber.read();
|
||||
}
|
||||
|
||||
public BigInteger getVersion()
|
||||
{
|
||||
return version;
|
||||
}
|
||||
|
||||
public BigInteger getSerialNumber()
|
||||
{
|
||||
return serialNumber;
|
||||
}
|
||||
|
||||
public X500Principal getIssuer()
|
||||
{
|
||||
return issuer;
|
||||
}
|
||||
|
||||
public OID getDigestAlgorithmId()
|
||||
{
|
||||
return digestAlgorithmId;
|
||||
}
|
||||
|
||||
public byte[] getDigestAlgorithmParams()
|
||||
{
|
||||
return (digestAlgorithmParams != null
|
||||
? (byte[]) digestAlgorithmParams.clone()
|
||||
: null);
|
||||
}
|
||||
|
||||
public byte[] getAuthenticatedAttributes()
|
||||
{
|
||||
return (authenticatedAttributes != null
|
||||
? (byte[]) authenticatedAttributes.clone()
|
||||
: null);
|
||||
}
|
||||
|
||||
public OID getDigestEncryptionAlgorithmId()
|
||||
{
|
||||
return digestEncryptionAlgorithmId;
|
||||
}
|
||||
|
||||
public byte[] getDigestEncryptionAlgorithmParams()
|
||||
{
|
||||
return (digestEncryptionAlgorithmParams != null
|
||||
? (byte[]) digestEncryptionAlgorithmParams.clone()
|
||||
: null);
|
||||
}
|
||||
|
||||
public byte[] getEncryptedDigest()
|
||||
{
|
||||
return (encryptedDigest != null ? (byte[]) encryptedDigest.clone() : null);
|
||||
}
|
||||
|
||||
public byte[] getUnauthenticatedAttributes()
|
||||
{
|
||||
return (unauthenticatedAttributes != null
|
||||
? (byte[]) unauthenticatedAttributes.clone()
|
||||
: null);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user