/** * Constructs a LastReqEntry object. * * @param encoding a Der-encoded data. * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. * @exception IOException if an I/O error occurs while reading encoded data. */ public LastReqEntry(DerValue encoding) throws Asn1Exception, IOException { if (encoding.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } DerValue der; der = encoding.getData().getDerValue(); if ((der.getTag() & 0x1F) == 0x00) { lrType = der.getData().getBigInteger().intValue(); } else throw new Asn1Exception(Krb5.ASN1_BAD_ID); lrValue = KerberosTime.parse(encoding.getData(), (byte) 0x01, false); if (encoding.getData().available() > 0) throw new Asn1Exception(Krb5.ASN1_BAD_ID); }
/** * Constructs an instance of Checksum from an ASN.1 encoded representation. * * @param encoding a single DER-encoded value. * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. * @exception IOException if an I/O error occurs while reading encoded data. */ private Checksum(DerValue encoding) throws Asn1Exception, IOException { DerValue der; if (encoding.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } der = encoding.getData().getDerValue(); if ((der.getTag() & (byte) 0x1F) == (byte) 0x00) { cksumType = der.getData().getBigInteger().intValue(); } else throw new Asn1Exception(Krb5.ASN1_BAD_ID); der = encoding.getData().getDerValue(); if ((der.getTag() & (byte) 0x1F) == (byte) 0x01) { checksum = der.getData().getOctetString(); } else throw new Asn1Exception(Krb5.ASN1_BAD_ID); if (encoding.getData().available() > 0) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } }
/** * Initializes an APRep object. * * @param encoding a single DER-encoded value. * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. * @exception IOException if an I/O error occurs while reading encoded data. * @exception KrbApErrException if the value read from the DER-encoded data stream does not match * the pre-defined value. */ private void init(DerValue encoding) throws Asn1Exception, KrbApErrException, IOException { if (((encoding.getTag() & (byte) (0x1F)) != Krb5.KRB_AP_REP) || (encoding.isApplication() != true) || (encoding.isConstructed() != true)) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } DerValue der = encoding.getData().getDerValue(); if (der.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } DerValue subDer = der.getData().getDerValue(); if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } pvno = subDer.getData().getBigInteger().intValue(); if (pvno != Krb5.PVNO) { throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); } subDer = der.getData().getDerValue(); if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x01) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } msgType = subDer.getData().getBigInteger().intValue(); if (msgType != Krb5.KRB_AP_REP) { throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); } encPart = EncryptedData.parse(der.getData(), (byte) 0x02, false); if (der.getData().available() > 0) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } }
/** * Parse (unmarshal) a realm from a DER input stream. This form parsing might be used when * expanding a value which is part of a constructed sequence and uses explicitly tagged type. * * @exception Asn1Exception on error. * @param data the Der input stream value, which contains one or more marshaled value. * @param explicitTag tag number. * @param optional indicate if this data field is optional * @return an instance of Realm. */ public static Realm parse(DerInputStream data, byte explicitTag, boolean optional) throws Asn1Exception, IOException, RealmException { if ((optional) && (((byte) data.peekByte() & (byte) 0x1F) != explicitTag)) { return null; } DerValue der = data.getDerValue(); if (explicitTag != (der.getTag() & (byte) 0x1F)) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } else { DerValue subDer = der.getData().getDerValue(); return new Realm(subDer); } }
/** * Parse (unmarshal) a <code>PrincipalName</code> from a DER input stream. This form parsing might * be used when expanding a value which is part of a constructed sequence and uses explicitly * tagged type. * * @exception Asn1Exception on error. * @param data the Der input stream value, which contains one or more marshaled value. * @param explicitTag tag number. * @param optional indicate if this data field is optional * @param realm the realm for the name * @return an instance of <code>PrincipalName</code>, or null if the field is optional and * missing. */ public static PrincipalName parse( DerInputStream data, byte explicitTag, boolean optional, Realm realm) throws Asn1Exception, IOException, RealmException { if ((optional) && (((byte) data.peekByte() & (byte) 0x1F) != explicitTag)) return null; DerValue der = data.getDerValue(); if (explicitTag != (der.getTag() & (byte) 0x1F)) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } else { DerValue subDer = der.getData().getDerValue(); if (realm == null) { realm = Realm.getDefault(); } return new PrincipalName(subDer, realm); } }
/** * Constructs a MethodData object. * * @param encoding a Der-encoded data. * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. * @exception IOException if an I/O error occurs while reading encoded data. */ public MethodData(DerValue encoding) throws Asn1Exception, IOException { DerValue der; if (encoding.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } der = encoding.getData().getDerValue(); if ((der.getTag() & 0x1F) == 0x00) { BigInteger bint = der.getData().getBigInteger(); methodType = bint.intValue(); } else throw new Asn1Exception(Krb5.ASN1_BAD_ID); if (encoding.getData().available() > 0) { der = encoding.getData().getDerValue(); if ((der.getTag() & 0x1F) == 0x01) { methodData = der.getData().getOctetString(); } else throw new Asn1Exception(Krb5.ASN1_BAD_ID); } if (encoding.getData().available() > 0) throw new Asn1Exception(Krb5.ASN1_BAD_ID); }
/** * Returns the ASN.1 encoding of the <xmp> PrincipalName ::= SEQUENCE { name-type [0] Int32, * name-string [1] SEQUENCE OF KerberosString } * * <p>KerberosString ::= GeneralString (IA5String) </xmp> * * <p>This definition reflects the Network Working Group RFC 4120 specification available at <a * href="http://www.ietf.org/rfc/rfc4120.txt">http://www.ietf.org/rfc/rfc4120.txt</a>. * * @param encoding a Der-encoded data. * @param realm the realm for this name * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. * @exception Asn1Exception if there is an ASN1 encoding error * @exception IOException if an I/O error occurs * @exception IllegalArgumentException if encoding is null reading encoded data. */ public PrincipalName(DerValue encoding, Realm realm) throws Asn1Exception, IOException { if (realm == null) { throw new IllegalArgumentException("Null realm not allowed"); } nameRealm = realm; DerValue der; if (encoding == null) { throw new IllegalArgumentException("Null encoding not allowed"); } if (encoding.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } der = encoding.getData().getDerValue(); if ((der.getTag() & 0x1F) == 0x00) { BigInteger bint = der.getData().getBigInteger(); nameType = bint.intValue(); } else { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } der = encoding.getData().getDerValue(); if ((der.getTag() & 0x01F) == 0x01) { DerValue subDer = der.getData().getDerValue(); if (subDer.getTag() != DerValue.tag_SequenceOf) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } Vector<String> v = new Vector<>(); DerValue subSubDer; while (subDer.getData().available() > 0) { subSubDer = subDer.getData().getDerValue(); String namePart = new KerberosString(subSubDer).toString(); v.addElement(namePart); } nameStrings = new String[v.size()]; v.copyInto(nameStrings); validateNameStrings(nameStrings); } else { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } }
private void init(DerValue encoding) throws Asn1Exception, IOException, RealmException { DerValue der, subDer; renewTill = null; caddr = null; authorizationData = null; if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x03) || (encoding.isApplication() != true) || (encoding.isConstructed() != true)) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } der = encoding.getData().getDerValue(); if (der.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } flags = TicketFlags.parse(der.getData(), (byte) 0x00, false); key = EncryptionKey.parse(der.getData(), (byte) 0x01, false); Realm crealm = Realm.parse(der.getData(), (byte) 0x02, false); cname = PrincipalName.parse(der.getData(), (byte) 0x03, false, crealm); transited = TransitedEncoding.parse(der.getData(), (byte) 0x04, false); authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false); starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true); endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false); if (der.getData().available() > 0) { renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true); } if (der.getData().available() > 0) { caddr = HostAddresses.parse(der.getData(), (byte) 0x09, true); } if (der.getData().available() > 0) { authorizationData = AuthorizationData.parse(der.getData(), (byte) 0x0A, true); } if (der.getData().available() > 0) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } }
/* * Create an OCSP response from its ASN.1 DER encoding. */ OCSPResponse(byte[] bytes) throws IOException { if (dump) { HexDumpEncoder hexEnc = new HexDumpEncoder(); System.out.println("OCSPResponse bytes are..."); System.out.println(hexEnc.encode(bytes)); } DerValue der = new DerValue(bytes); if (der.tag != DerValue.tag_Sequence) { throw new IOException("Bad encoding in OCSP response: " + "expected ASN.1 SEQUENCE tag."); } DerInputStream derIn = der.getData(); // responseStatus int status = derIn.getEnumerated(); if (status >= 0 && status < rsvalues.length) { responseStatus = rsvalues[status]; } else { // unspecified responseStatus throw new IOException("Unknown OCSPResponse status: " + status); } if (debug != null) { debug.println("OCSP response status: " + responseStatus); } if (responseStatus != ResponseStatus.SUCCESSFUL) { // no need to continue, responseBytes are not set. singleResponseMap = Collections.emptyMap(); certs = Collections.<X509CertImpl>emptyList(); sigAlgId = null; signature = null; tbsResponseData = null; responseNonce = null; return; } // responseBytes der = derIn.getDerValue(); if (!der.isContextSpecific((byte) 0)) { throw new IOException( "Bad encoding in responseBytes element " + "of OCSP response: expected ASN.1 context specific tag 0."); } DerValue tmp = der.data.getDerValue(); if (tmp.tag != DerValue.tag_Sequence) { throw new IOException( "Bad encoding in responseBytes element " + "of OCSP response: expected ASN.1 SEQUENCE tag."); } // responseType derIn = tmp.data; ObjectIdentifier responseType = derIn.getOID(); if (responseType.equals((Object) OCSP_BASIC_RESPONSE_OID)) { if (debug != null) { debug.println("OCSP response type: basic"); } } else { if (debug != null) { debug.println("OCSP response type: " + responseType); } throw new IOException("Unsupported OCSP response type: " + responseType); } // BasicOCSPResponse DerInputStream basicOCSPResponse = new DerInputStream(derIn.getOctetString()); DerValue[] seqTmp = basicOCSPResponse.getSequence(2); if (seqTmp.length < 3) { throw new IOException("Unexpected BasicOCSPResponse value"); } DerValue responseData = seqTmp[0]; // Need the DER encoded ResponseData to verify the signature later tbsResponseData = seqTmp[0].toByteArray(); // tbsResponseData if (responseData.tag != DerValue.tag_Sequence) { throw new IOException( "Bad encoding in tbsResponseData " + "element of OCSP response: expected ASN.1 SEQUENCE tag."); } DerInputStream seqDerIn = responseData.data; DerValue seq = seqDerIn.getDerValue(); // version if (seq.isContextSpecific((byte) 0)) { // seq[0] is version if (seq.isConstructed() && seq.isContextSpecific()) { // System.out.println ("version is available"); seq = seq.data.getDerValue(); int version = seq.getInteger(); if (seq.data.available() != 0) { throw new IOException( "Bad encoding in version " + " element of OCSP response: bad format"); } seq = seqDerIn.getDerValue(); } } // responderID short tag = (byte) (seq.tag & 0x1f); if (tag == NAME_TAG) { if (debug != null) { X500Principal responderName = new X500Principal(seq.getData().toByteArray()); debug.println("OCSP Responder name: " + responderName); } } else if (tag == KEY_TAG) { if (debug != null) { byte[] responderKey = seq.getData().getOctetString(); debug.println("OCSP Responder key: " + Debug.toString(responderKey)); } } else { throw new IOException( "Bad encoding in responderID element of " + "OCSP response: expected ASN.1 context specific tag 0 or 1"); } // producedAt seq = seqDerIn.getDerValue(); if (debug != null) { Date producedAtDate = seq.getGeneralizedTime(); debug.println("OCSP response produced at: " + producedAtDate); } // responses DerValue[] singleResponseDer = seqDerIn.getSequence(1); singleResponseMap = new HashMap<>(singleResponseDer.length); if (debug != null) { debug.println("OCSP number of SingleResponses: " + singleResponseDer.length); } for (int i = 0; i < singleResponseDer.length; i++) { SingleResponse singleResponse = new SingleResponse(singleResponseDer[i]); singleResponseMap.put(singleResponse.getCertId(), singleResponse); } // responseExtensions byte[] nonce = null; if (seqDerIn.available() > 0) { seq = seqDerIn.getDerValue(); if (seq.isContextSpecific((byte) 1)) { DerValue[] responseExtDer = seq.data.getSequence(3); for (int i = 0; i < responseExtDer.length; i++) { Extension ext = new Extension(responseExtDer[i]); if (debug != null) { debug.println("OCSP extension: " + ext); } // Only the NONCE extension is recognized if (ext.getExtensionId().equals((Object) OCSP.NONCE_EXTENSION_OID)) { nonce = ext.getExtensionValue(); } else if (ext.isCritical()) { throw new IOException("Unsupported OCSP critical extension: " + ext.getExtensionId()); } } } } responseNonce = nonce; // signatureAlgorithmId sigAlgId = AlgorithmId.parse(seqTmp[1]); // signature signature = seqTmp[2].getBitString(); // if seq[3] is available , then it is a sequence of certificates if (seqTmp.length > 3) { // certs are available DerValue seqCert = seqTmp[3]; if (!seqCert.isContextSpecific((byte) 0)) { throw new IOException( "Bad encoding in certs element of " + "OCSP response: expected ASN.1 context specific tag 0."); } DerValue[] derCerts = seqCert.getData().getSequence(3); certs = new ArrayList<X509CertImpl>(derCerts.length); try { for (int i = 0; i < derCerts.length; i++) { certs.add(new X509CertImpl(derCerts[i].toByteArray())); } } catch (CertificateException ce) { throw new IOException("Bad encoding in X509 Certificate", ce); } } else { certs = Collections.<X509CertImpl>emptyList(); } }