/** Get the "issuer" from the TBSCertificate bytes that are passed in */ private DERObject getIssuer(byte[] enc) { try { ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc)); ASN1Sequence seq = (ASN1Sequence) in.readObject(); return (DERObject) seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2); } catch (IOException e) { throw new Error("IOException reading from ByteArray: " + e); } }
/** Constructor from ASN1Sequence */ public IssuingDistributionPoint(ASN1Sequence seq) { this.seq = seq; for (int i = 0; i != seq.size(); i++) { ASN1TaggedObject o = ASN1TaggedObject.getInstance(seq.getObjectAt(i)); switch (o.getTagNo()) { case 0: // CHOICE so explicit distributionPoint = DistributionPointName.getInstance(o, true); break; case 1: onlyContainsUserCerts = DERBoolean.getInstance(o, false).isTrue(); break; case 2: onlyContainsCACerts = DERBoolean.getInstance(o, false).isTrue(); break; case 3: onlySomeReasons = new ReasonFlags(ReasonFlags.getInstance(o, false)); break; case 4: indirectCRL = DERBoolean.getInstance(o, false).isTrue(); break; case 5: onlyContainsAttributeCerts = DERBoolean.getInstance(o, false).isTrue(); break; default: throw new IllegalArgumentException("unknown tag in IssuingDistributionPoint"); } } }
/** Read an existing PKCS#7 object from a DER encoded byte array */ public PKCS7SignedData(byte[] in, String provider) throws SecurityException, CRLException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException { ASN1InputStream din = new ASN1InputStream(new ByteArrayInputStream(in)); // // Basic checks to make sure it's a PKCS#7 SignedData Object // DERObject pkcs; try { pkcs = din.readObject(); } catch (IOException e) { throw new SecurityException("can't decode PKCS7SignedData object"); } if (!(pkcs instanceof ASN1Sequence)) { throw new SecurityException("Not a valid PKCS#7 object - not a sequence"); } ContentInfo content = ContentInfo.getInstance(pkcs); if (!content.getContentType().equals(signedData)) { throw new SecurityException( "Not a valid PKCS#7 signed-data object - wrong header " + content.getContentType().getId()); } SignedData data = SignedData.getInstance(content.getContent()); certs = new ArrayList(); if (data.getCertificates() != null) { Enumeration ec = ASN1Set.getInstance(data.getCertificates()).getObjects(); while (ec.hasMoreElements()) { try { certs.add( new X509CertificateObject(X509CertificateStructure.getInstance(ec.nextElement()))); } catch (CertificateParsingException e) { throw new SecurityException(e.toString()); } } } crls = new ArrayList(); if (data.getCRLs() != null) { Enumeration ec = ASN1Set.getInstance(data.getCRLs()).getObjects(); while (ec.hasMoreElements()) { crls.add(new X509CRLObject(CertificateList.getInstance(ec.nextElement()))); } } version = data.getVersion().getValue().intValue(); // // Get the digest algorithm // digestalgos = new HashSet(); Enumeration e = data.getDigestAlgorithms().getObjects(); while (e.hasMoreElements()) { ASN1Sequence s = (ASN1Sequence) e.nextElement(); DERObjectIdentifier o = (DERObjectIdentifier) s.getObjectAt(0); digestalgos.add(o.getId()); } // // Get the SignerInfo // ASN1Set signerinfos = data.getSignerInfos(); if (signerinfos.size() != 1) { throw new SecurityException( "This PKCS#7 object has multiple SignerInfos - only one is supported at this time"); } SignerInfo signerInfo = SignerInfo.getInstance(signerinfos.getObjectAt(0)); signerversion = signerInfo.getVersion().getValue().intValue(); IssuerAndSerialNumber isAnds = signerInfo.getIssuerAndSerialNumber(); // // Get the signing certificate // BigInteger serialNumber = isAnds.getCertificateSerialNumber().getValue(); X509Principal issuer = new X509Principal(isAnds.getName()); for (Iterator i = certs.iterator(); i.hasNext(); ) { X509Certificate cert = (X509Certificate) i.next(); if (serialNumber.equals(cert.getSerialNumber()) && issuer.equals(cert.getIssuerDN())) { signCert = cert; break; } } if (signCert == null) { throw new SecurityException( "Can't find signing certificate with serial " + serialNumber.toString(16)); } digestAlgorithm = signerInfo.getDigestAlgorithm().getObjectId().getId(); digest = signerInfo.getEncryptedDigest().getOctets(); digestEncryptionAlgorithm = signerInfo.getDigestEncryptionAlgorithm().getObjectId().getId(); sig = Signature.getInstance(getDigestAlgorithm(), provider); sig.initVerify(signCert.getPublicKey()); }