diff options
author | Ade Lee <alee@redhat.com> | 2013-03-08 09:29:02 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2013-03-08 21:26:30 -0500 |
commit | ddc391f574fff16f84cfa485c09ebc495f654340 (patch) | |
tree | 11400da443e222716cb68d22b74ba108347e2fed /base/util | |
parent | b953c172bf274352c628ffef7d3ef0ef4c9ce59d (diff) | |
download | pki-ddc391f574fff16f84cfa485c09ebc495f654340.tar.gz pki-ddc391f574fff16f84cfa485c09ebc495f654340.tar.xz pki-ddc391f574fff16f84cfa485c09ebc495f654340.zip |
Plug resource leaks
Diffstat (limited to 'base/util')
48 files changed, 583 insertions, 557 deletions
diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index 81378ac1a..8db017369 100644 --- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -379,16 +379,16 @@ public class CryptoUtil { // All this streaming is lame, but Base64OutputStream needs a // PrintStream ByteArrayOutputStream output = new ByteArrayOutputStream(); - Base64OutputStream b64 = new Base64OutputStream(new - PrintStream(new - FilterOutputStream(output))); + try (Base64OutputStream b64 = new Base64OutputStream( + new PrintStream(new FilterOutputStream(output)))) { - b64.write(bytes); - b64.flush(); + b64.write(bytes); + b64.flush(); - // This is internationally safe because Base64 chars are - // contained within 8859_1 - return output.toString("8859_1"); + // This is internationally safe because Base64 chars are + // contained within 8859_1 + return output.toString("8859_1"); + } } public static byte[] base64Decode(String s) throws IOException { @@ -824,7 +824,6 @@ public class CryptoUtil { CryptoToken token = priKey.getOwningToken(); DerOutputStream tmp = new DerOutputStream(); - DerOutputStream out = new DerOutputStream(); certInfo.encode(tmp); Signature signer = token.getSignatureContext(sigAlg); @@ -835,10 +834,11 @@ public class CryptoUtil { aid.encode(tmp); tmp.putBitString(signed); - out.write(DerValue.tag_Sequence, tmp); - X509CertImpl signedCert = new X509CertImpl(out.toByteArray()); - - return signedCert; + try (DerOutputStream out = new DerOutputStream()) { + out.write(DerValue.tag_Sequence, tmp); + X509CertImpl signedCert = new X509CertImpl(out.toByteArray()); + return signedCert; + } } /** diff --git a/base/util/src/netscape/security/extensions/AccessDescription.java b/base/util/src/netscape/security/extensions/AccessDescription.java index f13c937e7..cce103997 100644 --- a/base/util/src/netscape/security/extensions/AccessDescription.java +++ b/base/util/src/netscape/security/extensions/AccessDescription.java @@ -49,13 +49,14 @@ public class AccessDescription implements Serializable { */ private void writeObject(java.io.ObjectOutputStream out) throws IOException { - DerOutputStream seq = new DerOutputStream(); - DerOutputStream tmp = new DerOutputStream(); + try (DerOutputStream seq = new DerOutputStream(); + DerOutputStream tmp = new DerOutputStream()) { - tmp.putOID(mOID); - mLocation.encode(tmp); - seq.write(DerValue.tag_Sequence, tmp); - out.write(seq.toByteArray()); + tmp.putOID(mOID); + mLocation.encode(tmp); + seq.write(DerValue.tag_Sequence, tmp); + out.write(seq.toByteArray()); + } } /** diff --git a/base/util/src/netscape/security/extensions/AuthInfoAccessExtension.java b/base/util/src/netscape/security/extensions/AuthInfoAccessExtension.java index 15c56a04c..726026b45 100644 --- a/base/util/src/netscape/security/extensions/AuthInfoAccessExtension.java +++ b/base/util/src/netscape/security/extensions/AuthInfoAccessExtension.java @@ -184,19 +184,20 @@ public class AuthInfoAccessExtension extends Extension implements CertAttrSet { } private void encodeThis() throws IOException { - DerOutputStream seq = new DerOutputStream(); - DerOutputStream tmp = new DerOutputStream(); - - for (int i = 0; i < mDesc.size(); i++) { - DerOutputStream tmp0 = new DerOutputStream(); - AccessDescription ad = mDesc.elementAt(i); - - tmp0.putOID(ad.getMethod()); - ad.getLocation().encode(tmp0); - tmp.write(DerValue.tag_Sequence, tmp0); + try (DerOutputStream seq = new DerOutputStream(); + DerOutputStream tmp = new DerOutputStream()) { + + for (int i = 0; i < mDesc.size(); i++) { + DerOutputStream tmp0 = new DerOutputStream(); + AccessDescription ad = mDesc.elementAt(i); + + tmp0.putOID(ad.getMethod()); + ad.getLocation().encode(tmp0); + tmp.write(DerValue.tag_Sequence, tmp0); + } + seq.write(DerValue.tag_Sequence, tmp); + this.extensionValue = seq.toByteArray(); } - seq.write(DerValue.tag_Sequence, tmp); - this.extensionValue = seq.toByteArray(); } /** diff --git a/base/util/src/netscape/security/extensions/CertificateRenewalWindowExtension.java b/base/util/src/netscape/security/extensions/CertificateRenewalWindowExtension.java index 141959451..28a300d59 100644 --- a/base/util/src/netscape/security/extensions/CertificateRenewalWindowExtension.java +++ b/base/util/src/netscape/security/extensions/CertificateRenewalWindowExtension.java @@ -148,15 +148,16 @@ public class CertificateRenewalWindowExtension extends Extension } private void encodeThis() throws IOException { - DerOutputStream seq = new DerOutputStream(); - DerOutputStream tmp = new DerOutputStream(); + try (DerOutputStream seq = new DerOutputStream(); + DerOutputStream tmp = new DerOutputStream()) { - tmp.putGeneralizedTime(mBeginTime); - if (mEndTime != null) { - tmp.putGeneralizedTime(mEndTime); + tmp.putGeneralizedTime(mBeginTime); + if (mEndTime != null) { + tmp.putGeneralizedTime(mEndTime); + } + seq.write(DerValue.tag_Sequence, tmp); + this.extensionValue = seq.toByteArray(); } - seq.write(DerValue.tag_Sequence, tmp); - this.extensionValue = seq.toByteArray(); } /** diff --git a/base/util/src/netscape/security/extensions/CertificateScopeOfUseExtension.java b/base/util/src/netscape/security/extensions/CertificateScopeOfUseExtension.java index 0f93c2b78..47305ed69 100644 --- a/base/util/src/netscape/security/extensions/CertificateScopeOfUseExtension.java +++ b/base/util/src/netscape/security/extensions/CertificateScopeOfUseExtension.java @@ -147,20 +147,21 @@ public class CertificateScopeOfUseExtension extends Extension } private void encodeThis() throws IOException { - DerOutputStream seq = new DerOutputStream(); - DerOutputStream tmp = new DerOutputStream(); + try (DerOutputStream seq = new DerOutputStream(); + DerOutputStream tmp = new DerOutputStream()) { + + if (mEntries == null) + throw new IOException("Invalid Scope Entries"); - if (mEntries == null) - throw new IOException("Invalid Scope Entries"); + for (int i = 0; i < mEntries.size(); i++) { + CertificateScopeEntry se = mEntries.elementAt(i); - for (int i = 0; i < mEntries.size(); i++) { - CertificateScopeEntry se = mEntries.elementAt(i); + se.encode(tmp); + } - se.encode(tmp); + seq.write(DerValue.tag_Sequence, tmp); + this.extensionValue = seq.toByteArray(); } - - seq.write(DerValue.tag_Sequence, tmp); - this.extensionValue = seq.toByteArray(); } /** diff --git a/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java b/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java index 2ccc53ffd..40b824fa4 100644 --- a/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java +++ b/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java @@ -152,21 +152,22 @@ public class InhibitAnyPolicyExtension } public void encode(OutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); - - if (this.extensionValue == null) { - try { - extensionId = ObjectIdentifier.getObjectIdentifier(OID); - } catch (IOException e) { - // never here + try (DerOutputStream os = new DerOutputStream()) { + DerOutputStream tmp = new DerOutputStream(); + + if (this.extensionValue == null) { + try { + extensionId = ObjectIdentifier.getObjectIdentifier(OID); + } catch (IOException e) { + // never here + } + os.putInteger(mSkipCerts); + this.extensionValue = os.toByteArray(); } - DerOutputStream os = new DerOutputStream(); - os.putInteger(mSkipCerts); - this.extensionValue = os.toByteArray(); - } - super.encode(tmp); - out.write(tmp.toByteArray()); + super.encode(tmp); + out.write(tmp.toByteArray()); + } } private void encodeExtValue() { diff --git a/base/util/src/netscape/security/extensions/KerberosName.java b/base/util/src/netscape/security/extensions/KerberosName.java index a10d70b40..21d329ff7 100644 --- a/base/util/src/netscape/security/extensions/KerberosName.java +++ b/base/util/src/netscape/security/extensions/KerberosName.java @@ -69,34 +69,35 @@ public class KerberosName { */ public void encode(OutputStream out) throws IOException { - DerOutputStream seq = new DerOutputStream(); - DerOutputStream tmp = new DerOutputStream(); - DerOutputStream realm = new DerOutputStream(); - realm.putGeneralString(m_realm); - tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte) 0), realm); + try (DerOutputStream seq = new DerOutputStream()) { + DerOutputStream tmp = new DerOutputStream(); + DerOutputStream realm = new DerOutputStream(); + realm.putGeneralString(m_realm); + tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0), realm); - DerOutputStream seq1 = new DerOutputStream(); - DerOutputStream tmp1 = new DerOutputStream(); - DerOutputStream name_type = new DerOutputStream(); - name_type.putInteger(new BigInt(m_name_type)); - tmp1.write(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte) 0), name_type); + DerOutputStream seq1 = new DerOutputStream(); + DerOutputStream tmp1 = new DerOutputStream(); + DerOutputStream name_type = new DerOutputStream(); + name_type.putInteger(new BigInt(m_name_type)); + tmp1.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0), name_type); - DerOutputStream name_strings = new DerOutputStream(); - DerOutputStream name_string = new DerOutputStream(); - for (int i = 0; i < m_name_strings.size(); i++) { - name_string.putGeneralString(m_name_strings.elementAt(i)); - } - name_strings.write(DerValue.tag_SequenceOf, name_string); - tmp1.write(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte) 1), name_strings); - seq1.write(DerValue.tag_Sequence, tmp1); - tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte) 1), seq1); + DerOutputStream name_strings = new DerOutputStream(); + DerOutputStream name_string = new DerOutputStream(); + for (int i = 0; i < m_name_strings.size(); i++) { + name_string.putGeneralString(m_name_strings.elementAt(i)); + } + name_strings.write(DerValue.tag_SequenceOf, name_string); + tmp1.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 1), name_strings); + seq1.write(DerValue.tag_Sequence, tmp1); + tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 1), seq1); - seq.write(DerValue.tag_Sequence, tmp); - out.write(seq.toByteArray()); + seq.write(DerValue.tag_Sequence, tmp); + out.write(seq.toByteArray()); + } } public byte[] toByteArray() throws IOException { diff --git a/base/util/src/netscape/security/extensions/NSCertTypeExtension.java b/base/util/src/netscape/security/extensions/NSCertTypeExtension.java index 1a240f1ce..50a2faedf 100644 --- a/base/util/src/netscape/security/extensions/NSCertTypeExtension.java +++ b/base/util/src/netscape/security/extensions/NSCertTypeExtension.java @@ -135,10 +135,11 @@ public class NSCertTypeExtension extends Extension implements CertAttrSet { // Encode this extension value private void encodeThis() throws IOException { - DerOutputStream os = new DerOutputStream(); + try (DerOutputStream os = new DerOutputStream()) { - os.putUnalignedBitString(mBitString); - this.extensionValue = os.toByteArray(); + os.putUnalignedBitString(mBitString); + this.extensionValue = os.toByteArray(); + } } /** diff --git a/base/util/src/netscape/security/extensions/PresenceServerExtension.java b/base/util/src/netscape/security/extensions/PresenceServerExtension.java index 5ee802468..794799baa 100644 --- a/base/util/src/netscape/security/extensions/PresenceServerExtension.java +++ b/base/util/src/netscape/security/extensions/PresenceServerExtension.java @@ -130,19 +130,20 @@ public class PresenceServerExtension extends Extension implements CertAttrSet { } public void encodeThis() throws IOException { - DerOutputStream out = new DerOutputStream(); - DerOutputStream temp = new DerOutputStream(); - temp.putInteger(new BigInt(mVersion)); - temp.putOctetString(mStreetAddress.getBytes()); - temp.putOctetString(mTelephoneNumber.getBytes()); - temp.putOctetString(mRFC822Name.getBytes()); - temp.putOctetString(mID.getBytes()); - temp.putOctetString(mHostName.getBytes()); - temp.putInteger(new BigInt(mPortNumber)); - temp.putInteger(new BigInt(mMaxUsers)); - temp.putInteger(new BigInt(mServiceLevel)); - out.write(DerValue.tag_Sequence, temp); - this.extensionValue = out.toByteArray(); + try (DerOutputStream out = new DerOutputStream()) { + DerOutputStream temp = new DerOutputStream(); + temp.putInteger(new BigInt(mVersion)); + temp.putOctetString(mStreetAddress.getBytes()); + temp.putOctetString(mTelephoneNumber.getBytes()); + temp.putOctetString(mRFC822Name.getBytes()); + temp.putOctetString(mID.getBytes()); + temp.putOctetString(mHostName.getBytes()); + temp.putInteger(new BigInt(mPortNumber)); + temp.putInteger(new BigInt(mMaxUsers)); + temp.putInteger(new BigInt(mServiceLevel)); + out.write(DerValue.tag_Sequence, temp); + this.extensionValue = out.toByteArray(); + } } public void decodeThis() throws IOException { diff --git a/base/util/src/netscape/security/extensions/SubjectInfoAccessExtension.java b/base/util/src/netscape/security/extensions/SubjectInfoAccessExtension.java index 72407d62e..7c9e328e3 100644 --- a/base/util/src/netscape/security/extensions/SubjectInfoAccessExtension.java +++ b/base/util/src/netscape/security/extensions/SubjectInfoAccessExtension.java @@ -166,19 +166,20 @@ public class SubjectInfoAccessExtension extends Extension implements CertAttrSet } private void encodeThis() throws IOException { - DerOutputStream seq = new DerOutputStream(); - DerOutputStream tmp = new DerOutputStream(); - - for (int i = 0; i < mDesc.size(); i++) { - DerOutputStream tmp0 = new DerOutputStream(); - AccessDescription ad = mDesc.elementAt(i); - - tmp0.putOID(ad.getMethod()); - ad.getLocation().encode(tmp0); - tmp.write(DerValue.tag_Sequence, tmp0); + try (DerOutputStream seq = new DerOutputStream(); + DerOutputStream tmp = new DerOutputStream()) { + + for (int i = 0; i < mDesc.size(); i++) { + DerOutputStream tmp0 = new DerOutputStream(); + AccessDescription ad = mDesc.elementAt(i); + + tmp0.putOID(ad.getMethod()); + ad.getLocation().encode(tmp0); + tmp.write(DerValue.tag_Sequence, tmp0); + } + seq.write(DerValue.tag_Sequence, tmp); + this.extensionValue = seq.toByteArray(); } - seq.write(DerValue.tag_Sequence, tmp); - this.extensionValue = seq.toByteArray(); } /** diff --git a/base/util/src/netscape/security/pkcs/PKCS10Attribute.java b/base/util/src/netscape/security/pkcs/PKCS10Attribute.java index c84df2a37..16c563b9e 100644 --- a/base/util/src/netscape/security/pkcs/PKCS10Attribute.java +++ b/base/util/src/netscape/security/pkcs/PKCS10Attribute.java @@ -168,25 +168,26 @@ public class PKCS10Attribute implements DerEncoder, Serializable { */ public void encode(OutputStream out) throws CertificateException, IOException { - // Encode the attribute value - DerOutputStream outAttrValue = new DerOutputStream(); - attributeValue.encode(outAttrValue); + try (DerOutputStream tmp = new DerOutputStream()) { + // Encode the attribute value + DerOutputStream outAttrValue = new DerOutputStream(); + attributeValue.encode(outAttrValue); - // Wrap the encoded attribute value into a SET - DerValue outAttrValueSet = new DerValue(DerValue.tag_Set, - outAttrValue.toByteArray()); + // Wrap the encoded attribute value into a SET + DerValue outAttrValueSet = new DerValue(DerValue.tag_Set, + outAttrValue.toByteArray()); - // Create the attribute - DerOutputStream outAttr = new DerOutputStream(); - outAttr.putOID(attributeId); - outAttr.putDerValue(outAttrValueSet); + // Create the attribute + DerOutputStream outAttr = new DerOutputStream(); + outAttr.putOID(attributeId); + outAttr.putDerValue(outAttrValueSet); - // Wrap the OID and the set of attribute values into a SEQUENCE - DerOutputStream tmp = new DerOutputStream(); - tmp.write(DerValue.tag_Sequence, outAttr); + // Wrap the OID and the set of attribute values into a SEQUENCE + tmp.write(DerValue.tag_Sequence, outAttr); - // write the results to out - out.write(tmp.toByteArray()); + // write the results to out + out.write(tmp.toByteArray()); + } } /** diff --git a/base/util/src/netscape/security/pkcs/PKCS10Attributes.java b/base/util/src/netscape/security/pkcs/PKCS10Attributes.java index 22a0dce21..4c972187f 100644 --- a/base/util/src/netscape/security/pkcs/PKCS10Attributes.java +++ b/base/util/src/netscape/security/pkcs/PKCS10Attributes.java @@ -92,16 +92,18 @@ public class PKCS10Attributes extends Vector<PKCS10Attribute> implements DerEnco */ public void derEncode(OutputStream out) throws IOException { + try (DerOutputStream attrOut = new DerOutputStream()) { + // first copy the elements into an array + PKCS10Attribute[] attribs = new PKCS10Attribute[size()]; + copyInto(attribs); - // first copy the elements into an array - PKCS10Attribute[] attribs = new PKCS10Attribute[size()]; - copyInto(attribs); + attrOut.putOrderedSetOf(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0), + attribs); - DerOutputStream attrOut = new DerOutputStream(); - attrOut.putOrderedSetOf(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0), - attribs); - - out.write(attrOut.toByteArray()); + out.write(attrOut.toByteArray()); + } catch (IOException e) { + throw e; + } } /** diff --git a/base/util/src/netscape/security/pkcs/PKCS9Attribute.java b/base/util/src/netscape/security/pkcs/PKCS9Attribute.java index 398fc0174..aa82c66ce 100644 --- a/base/util/src/netscape/security/pkcs/PKCS9Attribute.java +++ b/base/util/src/netscape/security/pkcs/PKCS9Attribute.java @@ -758,117 +758,113 @@ public class PKCS9Attribute implements DerEncoder { * <code>PrintableString</code>s, without checking whether they should be encoded as <code>T61String</code>s. */ public void derEncode(OutputStream out) throws IOException { - DerOutputStream temp = new DerOutputStream(); - temp.putOID(getOID()); - switch (index) { - case 1: // email address - case 2: // unstructured name - { // open scope - String[] values = (String[]) value; - DerOutputStream[] temps = new - DerOutputStream[values.length]; - - for (int i = 0; i < values.length; i++) { - temps[i] = new DerOutputStream(); - - temps[i].putIA5String(values[i]); + try (DerOutputStream temp = new DerOutputStream(); + DerOutputStream temp2 = new DerOutputStream(); + DerOutputStream derOut = new DerOutputStream()) { + temp.putOID(getOID()); + switch (index) { + case 1: // email address + case 2: // unstructured name + { // open scope + String[] values = (String[]) value; + DerOutputStream[] temps = new + DerOutputStream[values.length]; + + for (int i = 0; i < values.length; i++) { + temps[i] = new DerOutputStream(); + + temps[i].putIA5String(values[i]); + } + temp.putOrderedSetOf(DerValue.tag_Set, temps); + } // close scope + break; + + case 3: // content type + { + temp2.putOID((ObjectIdentifier) value); + temp.write(DerValue.tag_Set, temp2.toByteArray()); } - temp.putOrderedSetOf(DerValue.tag_Set, temps); - } // close scope - break; - - case 3: // content type - { - DerOutputStream temp2 = new DerOutputStream(); - temp2.putOID((ObjectIdentifier) value); - temp.write(DerValue.tag_Set, temp2.toByteArray()); - } - break; - - case 4: // message digest - { - DerOutputStream temp2 = new DerOutputStream(); - temp2.putOctetString((byte[]) value); - temp.write(DerValue.tag_Set, temp2.toByteArray()); - } - break; - - case 5: // signing time - { - DerOutputStream temp2 = new DerOutputStream(); - temp2.putUTCTime((Date) value); - temp.write(DerValue.tag_Set, temp2.toByteArray()); - } - break; - - case 6: // countersignature - temp.putOrderedSetOf(DerValue.tag_Set, (DerEncoder[]) value); - break; - - case 7: // challenge password - { - DerOutputStream temp2 = new DerOutputStream(); - temp2.putPrintableString((String) value); - temp.write(DerValue.tag_Set, temp2.toByteArray()); - } - break; - - case 8: // unstructured address - { // open scope - String[] values = (String[]) value; - DerOutputStream[] temps = new - DerOutputStream[values.length]; - - for (int i = 0; i < values.length; i++) { - temps[i] = new DerOutputStream(); + break; - temps[i].putPrintableString(values[i]); + case 4: // message digest + { + temp2.putOctetString((byte[]) value); + temp.write(DerValue.tag_Set, temp2.toByteArray()); } - temp.putOrderedSetOf(DerValue.tag_Set, temps); - } // close scope - break; - - case 9: // extended-certificate attribute -- not - // supported - throw new IOException("PKCS9 extended-certificate " + - "attribute not supported."); - - case 10: // IssuerAndSerialNumber attribute -- not - // supported - throw new IOException("PKCS9 IssuerAndSerialNumber " + - "attribute not supported."); + break; - case 11: // passwordCheck attribute -- not - // supported - throw new IOException("PKCS9 passwordCheck " + - "attribute not supported."); - case 12: // PublicKey attribute -- not - // supported - throw new IOException("PKCS9 PublicKey " + - "attribute not supported."); - case 13: // SigningDescription attribute -- not - // supported - throw new IOException("PKCS9 SigningDescription " + - "attribute not supported."); - case 14: // ExtensionRequest attribute - try { - DerOutputStream temp2 = new DerOutputStream(); - //temp2.putSequence((CertificateExtensions) value); - ((CertificateExtensions) value).encode(temp2); - temp.write(DerValue.tag_Sequence, temp2.toByteArray()); - } catch (CertificateException e) { - throw new IOException("PKCS9 extension attributes not encoded"); + case 5: // signing time + { + temp2.putUTCTime((Date) value); + temp.write(DerValue.tag_Set, temp2.toByteArray()); } + break; - // break unnecessary - default: // can't happen - } + case 6: // countersignature + temp.putOrderedSetOf(DerValue.tag_Set, (DerEncoder[]) value); + break; - DerOutputStream derOut = new DerOutputStream(); - derOut.write(DerValue.tag_Sequence, temp.toByteArray()); + case 7: // challenge password + { + temp2.putPrintableString((String) value); + temp.write(DerValue.tag_Set, temp2.toByteArray()); + } + break; + + case 8: // unstructured address + { // open scope + String[] values = (String[]) value; + DerOutputStream[] temps = new + DerOutputStream[values.length]; + + for (int i = 0; i < values.length; i++) { + temps[i] = new DerOutputStream(); + + temps[i].putPrintableString(values[i]); + } + temp.putOrderedSetOf(DerValue.tag_Set, temps); + } // close scope + break; + + case 9: // extended-certificate attribute -- not + // supported + throw new IOException("PKCS9 extended-certificate " + + "attribute not supported."); + + case 10: // IssuerAndSerialNumber attribute -- not + // supported + throw new IOException("PKCS9 IssuerAndSerialNumber " + + "attribute not supported."); + + case 11: // passwordCheck attribute -- not + // supported + throw new IOException("PKCS9 passwordCheck " + + "attribute not supported."); + case 12: // PublicKey attribute -- not + // supported + throw new IOException("PKCS9 PublicKey " + + "attribute not supported."); + case 13: // SigningDescription attribute -- not + // supported + throw new IOException("PKCS9 SigningDescription " + + "attribute not supported."); + case 14: // ExtensionRequest attribute + try { + //temp2.putSequence((CertificateExtensions) value); + ((CertificateExtensions) value).encode(temp2); + temp.write(DerValue.tag_Sequence, temp2.toByteArray()); + } catch (CertificateException e) { + throw new IOException("PKCS9 extension attributes not encoded"); + } + + // break unnecessary + default: // can't happen + } - out.write(derOut.toByteArray()); + derOut.write(DerValue.tag_Sequence, temp.toByteArray()); + out.write(derOut.toByteArray()); + } } /** diff --git a/base/util/src/netscape/security/pkcs/PKCS9Attributes.java b/base/util/src/netscape/security/pkcs/PKCS9Attributes.java index 35996b4b6..208fc01ad 100644 --- a/base/util/src/netscape/security/pkcs/PKCS9Attributes.java +++ b/base/util/src/netscape/security/pkcs/PKCS9Attributes.java @@ -191,12 +191,13 @@ public class PKCS9Attributes { } private byte[] generateDerEncoding() throws IOException { - DerOutputStream out = new DerOutputStream(); - Object[] attribVals = attributes.values().toArray(); + try (DerOutputStream out = new DerOutputStream()) { + Object[] attribVals = attributes.values().toArray(); - out.putOrderedSetOf(DerValue.tag_SetOf, - castToDerEncoder(attribVals)); - return out.toByteArray(); + out.putOrderedSetOf(DerValue.tag_SetOf, + castToDerEncoder(attribVals)); + return out.toByteArray(); + } } /** diff --git a/base/util/src/netscape/security/pkcs/SignerInfo.java b/base/util/src/netscape/security/pkcs/SignerInfo.java index 794033c87..7ac9db84c 100644 --- a/base/util/src/netscape/security/pkcs/SignerInfo.java +++ b/base/util/src/netscape/security/pkcs/SignerInfo.java @@ -148,31 +148,32 @@ public class SignerInfo implements DerEncoder { * @exception IOException on encoding error. */ public void derEncode(OutputStream out) throws IOException { - DerOutputStream seq = new DerOutputStream(); - seq.putInteger(version); - DerOutputStream issuerAndSerialNumber = new DerOutputStream(); - issuerName.encode(issuerAndSerialNumber); - issuerAndSerialNumber.putInteger(certificateSerialNumber); - seq.write(DerValue.tag_Sequence, issuerAndSerialNumber); + try (DerOutputStream tmp = new DerOutputStream()) { + DerOutputStream seq = new DerOutputStream(); + seq.putInteger(version); + DerOutputStream issuerAndSerialNumber = new DerOutputStream(); + issuerName.encode(issuerAndSerialNumber); + issuerAndSerialNumber.putInteger(certificateSerialNumber); + seq.write(DerValue.tag_Sequence, issuerAndSerialNumber); - digestAlgorithmId.encode(seq); + digestAlgorithmId.encode(seq); - // encode authenticated attributes if there are any - if (authenticatedAttributes != null) - authenticatedAttributes.encode((byte) 0xA0, seq); + // encode authenticated attributes if there are any + if (authenticatedAttributes != null) + authenticatedAttributes.encode((byte) 0xA0, seq); - digestEncryptionAlgorithmId.encode(seq); + digestEncryptionAlgorithmId.encode(seq); - seq.putOctetString(encryptedDigest); + seq.putOctetString(encryptedDigest); - // encode unauthenticated attributes if there are any - if (unauthenticatedAttributes != null) - unauthenticatedAttributes.encode((byte) 0xA1, seq); + // encode unauthenticated attributes if there are any + if (unauthenticatedAttributes != null) + unauthenticatedAttributes.encode((byte) 0xA1, seq); - DerOutputStream tmp = new DerOutputStream(); - tmp.write(DerValue.tag_Sequence, seq); + tmp.write(DerValue.tag_Sequence, seq); - out.write(tmp.toByteArray()); + out.write(tmp.toByteArray()); + } } public X509Certificate getCertificate(PKCS7 block) diff --git a/base/util/src/netscape/security/provider/DSA.java b/base/util/src/netscape/security/provider/DSA.java index 9403475e0..5599ae33b 100644 --- a/base/util/src/netscape/security/provider/DSA.java +++ b/base/util/src/netscape/security/provider/DSA.java @@ -163,8 +163,7 @@ public final class DSA extends Signature { BigInt rAsBigInt = new BigInt(r.toByteArray()); BigInt sAsBigInt = new BigInt(s.toByteArray()); - try { - DerOutputStream outseq = new DerOutputStream(100); + try (DerOutputStream outseq = new DerOutputStream(100)) { outseq.putInteger(rAsBigInt); outseq.putInteger(sAsBigInt); DerValue result = new DerValue(DerValue.tag_Sequence, diff --git a/base/util/src/netscape/security/provider/DSAParameters.java b/base/util/src/netscape/security/provider/DSAParameters.java index d22ab10fc..36c58bc44 100755 --- a/base/util/src/netscape/security/provider/DSAParameters.java +++ b/base/util/src/netscape/security/provider/DSAParameters.java @@ -103,14 +103,15 @@ public class DSAParameters extends AlgorithmParametersSpi { } protected byte[] engineGetEncoded() throws IOException { - DerOutputStream out = new DerOutputStream(); - DerOutputStream bytes = new DerOutputStream(); - - bytes.putInteger(new BigInt(p.toByteArray())); - bytes.putInteger(new BigInt(q.toByteArray())); - bytes.putInteger(new BigInt(g.toByteArray())); - out.write(DerValue.tag_Sequence, bytes); - return out.toByteArray(); + try (DerOutputStream out = new DerOutputStream()) { + DerOutputStream bytes = new DerOutputStream(); + + bytes.putInteger(new BigInt(p.toByteArray())); + bytes.putInteger(new BigInt(q.toByteArray())); + bytes.putInteger(new BigInt(g.toByteArray())); + out.write(DerValue.tag_Sequence, bytes); + return out.toByteArray(); + } } protected byte[] engineGetEncoded(String encodingMethod) diff --git a/base/util/src/netscape/security/provider/RSAPublicKey.java b/base/util/src/netscape/security/provider/RSAPublicKey.java index bd5aa2fe4..b3c10f562 100644 --- a/base/util/src/netscape/security/provider/RSAPublicKey.java +++ b/base/util/src/netscape/security/provider/RSAPublicKey.java @@ -73,9 +73,7 @@ public final class RSAPublicKey extends X509Key implements Serializable { this.publicExponent = publicExponent; this.algid = new AlgorithmId(ALGORITHM_OID); - try { - DerOutputStream out = new DerOutputStream(); - + try (DerOutputStream out = new DerOutputStream()) { out.putInteger(modulus); out.putInteger(publicExponent); key = (new DerValue(DerValue.tag_Sequence, diff --git a/base/util/src/netscape/security/x509/AVA.java b/base/util/src/netscape/security/x509/AVA.java index 534f7c212..0c67492c4 100644 --- a/base/util/src/netscape/security/x509/AVA.java +++ b/base/util/src/netscape/security/x509/AVA.java @@ -232,13 +232,14 @@ public final class AVA implements DerEncoder { * @exception IOException on encoding error. */ public void derEncode(OutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); - DerOutputStream tmp2 = new DerOutputStream(); + try (DerOutputStream tmp2 = new DerOutputStream()) { + DerOutputStream tmp = new DerOutputStream(); - tmp.putOID(oid); - value.encode(tmp); - tmp2.write(DerValue.tag_Sequence, tmp); - out.write(tmp2.toByteArray()); + tmp.putOID(oid); + value.encode(tmp); + tmp2.write(DerValue.tag_Sequence, tmp); + out.write(tmp2.toByteArray()); + } } /** diff --git a/base/util/src/netscape/security/x509/AlgIdDSA.java b/base/util/src/netscape/security/x509/AlgIdDSA.java index ed2a73de0..3c071cea7 100644 --- a/base/util/src/netscape/security/x509/AlgIdDSA.java +++ b/base/util/src/netscape/security/x509/AlgIdDSA.java @@ -130,12 +130,12 @@ public final class AlgIdDSA extends AlgorithmId implements DSAParams { */ private void initializeParams() throws IOException { - DerOutputStream out = new DerOutputStream(); - - out.putInteger(new BigInt(p.toByteArray())); - out.putInteger(new BigInt(q.toByteArray())); - out.putInteger(new BigInt(g.toByteArray())); - params = new DerValue(DerValue.tag_Sequence, out.toByteArray()); + try (DerOutputStream out = new DerOutputStream()) { + out.putInteger(new BigInt(p.toByteArray())); + out.putInteger(new BigInt(q.toByteArray())); + out.putInteger(new BigInt(g.toByteArray())); + params = new DerValue(DerValue.tag_Sequence, out.toByteArray()); + } } /** diff --git a/base/util/src/netscape/security/x509/AlgorithmId.java b/base/util/src/netscape/security/x509/AlgorithmId.java index a027c19cc..fa69f77f1 100644 --- a/base/util/src/netscape/security/x509/AlgorithmId.java +++ b/base/util/src/netscape/security/x509/AlgorithmId.java @@ -227,16 +227,16 @@ public class AlgorithmId implements Serializable, DerEncoder { * @exception IOException on encoding error. */ public void derEncode(OutputStream out) throws IOException { - DerOutputStream bytes = new DerOutputStream(); - DerOutputStream tmp = new DerOutputStream(); - - bytes.putOID(algid); - if (params == null) - bytes.putNull(); - else - bytes.putDerValue(params); - tmp.write(DerValue.tag_Sequence, bytes); - out.write(tmp.toByteArray()); + try (DerOutputStream tmp = new DerOutputStream()) { + DerOutputStream bytes = new DerOutputStream(); + bytes.putOID(algid); + if (params == null) + bytes.putNull(); + else + bytes.putDerValue(params); + tmp.write(DerValue.tag_Sequence, bytes); + out.write(tmp.toByteArray()); + } } // XXXX cleaning required @@ -244,16 +244,17 @@ public class AlgorithmId implements Serializable, DerEncoder { * Returns the DER-encoded X.509 AlgorithmId as a byte array. */ public final byte[] encode() throws IOException { - DerOutputStream out = new DerOutputStream(); - DerOutputStream bytes = new DerOutputStream(); - - bytes.putOID(algid); - if (params == null) - bytes.putNull(); - else - bytes.putDerValue(params); - out.write(DerValue.tag_Sequence, bytes); - return out.toByteArray(); + try (DerOutputStream out = new DerOutputStream()) { + DerOutputStream bytes = new DerOutputStream(); + + bytes.putOID(algid); + if (params == null) + bytes.putNull(); + else + bytes.putDerValue(params); + out.write(DerValue.tag_Sequence, bytes); + return out.toByteArray(); + } } /** diff --git a/base/util/src/netscape/security/x509/Attribute.java b/base/util/src/netscape/security/x509/Attribute.java index 760d0a805..d11d6f3d2 100644 --- a/base/util/src/netscape/security/x509/Attribute.java +++ b/base/util/src/netscape/security/x509/Attribute.java @@ -229,38 +229,40 @@ public final class Attribute implements Serializable, DerEncoder { //encode the attribute object private void encodeThis(OutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); - DerOutputStream tmp2 = new DerOutputStream(); + try (DerOutputStream tmp2 = new DerOutputStream()) { + DerOutputStream tmp = new DerOutputStream(); - tmp.putOID(oid); - encodeValueSet(tmp); - tmp2.write(DerValue.tag_Sequence, tmp); - out.write(tmp2.toByteArray()); + tmp.putOID(oid); + encodeValueSet(tmp); + tmp2.write(DerValue.tag_Sequence, tmp); + out.write(tmp2.toByteArray()); + } } //encode the attribute object private void encodeValueSet(OutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); - DerOutputStream tmp2 = new DerOutputStream(); - - //get the attribute converter - AVAValueConverter converter = attrMap.getValueConverter(oid); - if (converter == null) { - converter = new GenericValueConverter(); - //throw new IOException("Converter not found: unsupported attribute type"); + try (DerOutputStream tmp2 = new DerOutputStream()) { + DerOutputStream tmp = new DerOutputStream(); + + //get the attribute converter + AVAValueConverter converter = attrMap.getValueConverter(oid); + if (converter == null) { + converter = new GenericValueConverter(); + //throw new IOException("Converter not found: unsupported attribute type"); + } + + //loop through all the values and encode + Enumeration<String> vals = valueSet.elements(); + while (vals.hasMoreElements()) { + String val = vals.nextElement(); + DerValue derobj = converter.getValue(val); + derobj.encode(tmp); + } + + tmp2.write(DerValue.tag_SetOf, tmp); + out.write(tmp2.toByteArray()); } - - //loop through all the values and encode - Enumeration<String> vals = valueSet.elements(); - while (vals.hasMoreElements()) { - String val = vals.nextElement(); - DerValue derobj = converter.getValue(val); - derobj.encode(tmp); - } - - tmp2.write(DerValue.tag_SetOf, tmp); - out.write(tmp2.toByteArray()); } //decode the attribute object diff --git a/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java b/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java index a8df9d132..ec15be4a0 100644 --- a/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java +++ b/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java @@ -83,32 +83,34 @@ public class AuthorityKeyIdentifierExtension extends Extension // Encode only the extension value private void encodeThis() throws IOException { - DerOutputStream seq = new DerOutputStream(); - DerOutputStream tmp = new DerOutputStream(); - if (id != null) { - DerOutputStream tmp1 = new DerOutputStream(); - id.encode(tmp1); - tmp.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, - false, TAG_ID), tmp1); - } - try { - if (names != null) { + try (DerOutputStream tmp = new DerOutputStream(); + DerOutputStream seq = new DerOutputStream()) { + + if (id != null) { DerOutputStream tmp1 = new DerOutputStream(); - names.encode(tmp1); + id.encode(tmp1); tmp.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, - true, TAG_NAMES), tmp1); + false, TAG_ID), tmp1); } - } catch (Exception e) { - throw new IOException(e.toString()); - } - if (serialNum != null) { - DerOutputStream tmp1 = new DerOutputStream(); - serialNum.encode(tmp1); - tmp.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, - false, TAG_SERIAL_NUM), tmp1); + try { + if (names != null) { + DerOutputStream tmp1 = new DerOutputStream(); + names.encode(tmp1); + tmp.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + true, TAG_NAMES), tmp1); + } + } catch (Exception e) { + throw new IOException(e.toString()); + } + if (serialNum != null) { + DerOutputStream tmp1 = new DerOutputStream(); + serialNum.encode(tmp1); + tmp.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + false, TAG_SERIAL_NUM), tmp1); + } + seq.write(DerValue.tag_Sequence, tmp); + this.extensionValue = seq.toByteArray(); } - seq.write(DerValue.tag_Sequence, tmp); - this.extensionValue = seq.toByteArray(); } /** diff --git a/base/util/src/netscape/security/x509/BasicConstraintsExtension.java b/base/util/src/netscape/security/x509/BasicConstraintsExtension.java index 8f3a3c634..38e34223d 100644 --- a/base/util/src/netscape/security/x509/BasicConstraintsExtension.java +++ b/base/util/src/netscape/security/x509/BasicConstraintsExtension.java @@ -73,17 +73,18 @@ public class BasicConstraintsExtension extends Extension // Encode this extension value private void encodeThis() throws IOException { - DerOutputStream out = new DerOutputStream(); - DerOutputStream tmp = new DerOutputStream(); + try (DerOutputStream out = new DerOutputStream()) { + DerOutputStream tmp = new DerOutputStream(); - if (ca) { - tmp.putBoolean(ca); - } - if (pathLen >= 0) { - tmp.putInteger(new BigInt(pathLen)); + if (ca) { + tmp.putBoolean(ca); + } + if (pathLen >= 0) { + tmp.putInteger(new BigInt(pathLen)); + } + out.write(DerValue.tag_Sequence, tmp); + this.extensionValue = out.toByteArray(); } - out.write(DerValue.tag_Sequence, tmp); - this.extensionValue = out.toByteArray(); } /** diff --git a/base/util/src/netscape/security/x509/CRLNumberExtension.java b/base/util/src/netscape/security/x509/CRLNumberExtension.java index 4cacde942..f62a4f386 100755 --- a/base/util/src/netscape/security/x509/CRLNumberExtension.java +++ b/base/util/src/netscape/security/x509/CRLNumberExtension.java @@ -61,9 +61,10 @@ public class CRLNumberExtension extends Extension private void encodeThis() throws IOException { if (crlNumber == null) throw new IOException("Unintialized CRL number extension"); - DerOutputStream os = new DerOutputStream(); - os.putInteger(this.crlNumber); - this.extensionValue = os.toByteArray(); + try (DerOutputStream os = new DerOutputStream()) { + os.putInteger(this.crlNumber); + this.extensionValue = os.toByteArray(); + } } /** diff --git a/base/util/src/netscape/security/x509/CRLReasonExtension.java b/base/util/src/netscape/security/x509/CRLReasonExtension.java index 77339528e..b49dfa1db 100644 --- a/base/util/src/netscape/security/x509/CRLReasonExtension.java +++ b/base/util/src/netscape/security/x509/CRLReasonExtension.java @@ -181,9 +181,10 @@ public final class CRLReasonExtension extends Extension implements CertAttrSet { private void encodeThis() throws IOException { if (mReason == null) throw new IOException("Unintialized CRLReason extension"); - DerOutputStream os = new DerOutputStream(); - os.putEnumerated(mReason.toInt()); - this.extensionValue = os.toByteArray(); + try (DerOutputStream os = new DerOutputStream()) { + os.putEnumerated(mReason.toInt()); + this.extensionValue = os.toByteArray(); + } } /** diff --git a/base/util/src/netscape/security/x509/CertificateExtensions.java b/base/util/src/netscape/security/x509/CertificateExtensions.java index 5fdac2824..31d1e21b4 100644 --- a/base/util/src/netscape/security/x509/CertificateExtensions.java +++ b/base/util/src/netscape/security/x509/CertificateExtensions.java @@ -187,25 +187,26 @@ public class CertificateExtensions extends Vector<Extension> */ public void encode(OutputStream out) throws CertificateException, IOException { - DerOutputStream extOut = new DerOutputStream(); - for (int i = 0; i < size(); i++) { - Object thisOne = elementAt(i); - if (thisOne instanceof CertAttrSet) - ((CertAttrSet) thisOne).encode(extOut); - else if (thisOne instanceof Extension) - ((Extension) thisOne).encode(extOut); - else - throw new CertificateException("Invalid extension object"); - } + try (DerOutputStream tmp = new DerOutputStream()) { + DerOutputStream extOut = new DerOutputStream(); + for (int i = 0; i < size(); i++) { + Object thisOne = elementAt(i); + if (thisOne instanceof CertAttrSet) + ((CertAttrSet) thisOne).encode(extOut); + else if (thisOne instanceof Extension) + ((Extension) thisOne).encode(extOut); + else + throw new CertificateException("Invalid extension object"); + } - DerOutputStream seq = new DerOutputStream(); - seq.write(DerValue.tag_Sequence, extOut); + DerOutputStream seq = new DerOutputStream(); + seq.write(DerValue.tag_Sequence, extOut); - DerOutputStream tmp = new DerOutputStream(); - tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 3), - seq); + tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 3), + seq); - out.write(tmp.toByteArray()); + out.write(tmp.toByteArray()); + } } /** diff --git a/base/util/src/netscape/security/x509/CertificatePoliciesExtension.java b/base/util/src/netscape/security/x509/CertificatePoliciesExtension.java index 8d45fd110..5bab03933 100644 --- a/base/util/src/netscape/security/x509/CertificatePoliciesExtension.java +++ b/base/util/src/netscape/security/x509/CertificatePoliciesExtension.java @@ -74,14 +74,15 @@ public class CertificatePoliciesExtension extends Extension // Encode this extension value private void encodeThis() throws IOException { - DerOutputStream os = new DerOutputStream(); - DerOutputStream tmp = new DerOutputStream(); + try (DerOutputStream os = new DerOutputStream();) { + DerOutputStream tmp = new DerOutputStream(); - for (int i = 0; i < mInfos.size(); i++) { - mInfos.elementAt(i).encode(tmp); + for (int i = 0; i < mInfos.size(); i++) { + mInfos.elementAt(i).encode(tmp); + } + os.write(DerValue.tag_Sequence, tmp); + extensionValue = os.toByteArray(); } - os.write(DerValue.tag_Sequence, tmp); - extensionValue = os.toByteArray(); } public CertificatePoliciesExtension(boolean critical, Vector<CertificatePolicyInfo> infos) throws IOException { diff --git a/base/util/src/netscape/security/x509/CertificateValidity.java b/base/util/src/netscape/security/x509/CertificateValidity.java index ae24979c5..292dab769 100644 --- a/base/util/src/netscape/security/x509/CertificateValidity.java +++ b/base/util/src/netscape/security/x509/CertificateValidity.java @@ -169,29 +169,28 @@ public class CertificateValidity implements CertAttrSet, Serializable { * @exception IOException on errors. */ public void encode(OutputStream out) throws IOException { - // in cases where default constructor is used check for // null values if (notBefore == null || notAfter == null) { throw new IOException("CertAttrSet:CertificateValidity:" + - " null values to encode.\n"); + " null values to encode.\n"); } - DerOutputStream pair = new DerOutputStream(); + try (DerOutputStream pair = new DerOutputStream(); + DerOutputStream seq = new DerOutputStream()) { + if (notBefore.getTime() < YR_2050) { + pair.putUTCTime(notBefore); + } else + pair.putGeneralizedTime(notBefore); - if (notBefore.getTime() < YR_2050) { - pair.putUTCTime(notBefore); - } else - pair.putGeneralizedTime(notBefore); + if (notAfter.getTime() < YR_2050) { + pair.putUTCTime(notAfter); + } else { + pair.putGeneralizedTime(notAfter); + } + seq.write(DerValue.tag_Sequence, pair); - if (notAfter.getTime() < YR_2050) { - pair.putUTCTime(notAfter); - } else { - pair.putGeneralizedTime(notAfter); + out.write(seq.toByteArray()); } - DerOutputStream seq = new DerOutputStream(); - seq.write(DerValue.tag_Sequence, pair); - - out.write(seq.toByteArray()); } /** diff --git a/base/util/src/netscape/security/x509/CertificateVersion.java b/base/util/src/netscape/security/x509/CertificateVersion.java index 5cc260d77..a59542eb6 100644 --- a/base/util/src/netscape/security/x509/CertificateVersion.java +++ b/base/util/src/netscape/security/x509/CertificateVersion.java @@ -160,14 +160,15 @@ public class CertificateVersion implements CertAttrSet { if (version == V1) { return; } - DerOutputStream tmp = new DerOutputStream(); - tmp.putInteger(new BigInt(version)); + try (DerOutputStream tmp = new DerOutputStream(); + DerOutputStream seq = new DerOutputStream()) { + tmp.putInteger(new BigInt(version)); - DerOutputStream seq = new DerOutputStream(); - seq.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0), - tmp); + seq.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0), + tmp); - out.write(seq.toByteArray()); + out.write(seq.toByteArray()); + } } /** diff --git a/base/util/src/netscape/security/x509/DeltaCRLIndicatorExtension.java b/base/util/src/netscape/security/x509/DeltaCRLIndicatorExtension.java index 4b64d59a9..09400ef8e 100755 --- a/base/util/src/netscape/security/x509/DeltaCRLIndicatorExtension.java +++ b/base/util/src/netscape/security/x509/DeltaCRLIndicatorExtension.java @@ -73,9 +73,10 @@ public class DeltaCRLIndicatorExtension extends Extension private void encodeThis() throws IOException { if (baseCRLNumber == null) throw new IOException("Unintialized delta CRL indicator extension"); - DerOutputStream os = new DerOutputStream(); - os.putInteger(this.baseCRLNumber); - this.extensionValue = os.toByteArray(); + try (DerOutputStream os = new DerOutputStream()) { + os.putInteger(this.baseCRLNumber); + this.extensionValue = os.toByteArray(); + } } /** diff --git a/base/util/src/netscape/security/x509/Extension.java b/base/util/src/netscape/security/x509/Extension.java index c7b0aa887..43bbafe81 100644 --- a/base/util/src/netscape/security/x509/Extension.java +++ b/base/util/src/netscape/security/x509/Extension.java @@ -123,11 +123,10 @@ public class Extension implements Serializable { * @exception IOException on encoding errors */ public void encode(DerOutputStream out) throws IOException { - DerOutputStream bytes = new DerOutputStream(); - if (extensionId == null) throw new IOException("Null OID to encode for the extension!"); + DerOutputStream bytes = new DerOutputStream(); bytes.putOID(extensionId); if (critical) bytes.putBoolean(critical); diff --git a/base/util/src/netscape/security/x509/Extensions.java b/base/util/src/netscape/security/x509/Extensions.java index 109f795e9..9047f59c9 100644 --- a/base/util/src/netscape/security/x509/Extensions.java +++ b/base/util/src/netscape/security/x509/Extensions.java @@ -162,10 +162,10 @@ public class Extensions extends Vector<Extension> throw new CertificateException("Invalid extension object"); } - DerOutputStream seq = new DerOutputStream(); - seq.write(DerValue.tag_Sequence, extOut); - - out.write(seq.toByteArray()); + try (DerOutputStream seq = new DerOutputStream()) { + seq.write(DerValue.tag_Sequence, extOut); + out.write(seq.toByteArray()); + } } /** diff --git a/base/util/src/netscape/security/x509/HoldInstructionExtension.java b/base/util/src/netscape/security/x509/HoldInstructionExtension.java index 82e8475af..2a7c4af12 100644 --- a/base/util/src/netscape/security/x509/HoldInstructionExtension.java +++ b/base/util/src/netscape/security/x509/HoldInstructionExtension.java @@ -113,9 +113,11 @@ public class HoldInstructionExtension extends Extension private void encodeThis() throws IOException { if (holdInstructionCodeOID == null) throw new IOException("Unintialized hold instruction extension"); - DerOutputStream os = new DerOutputStream(); - os.putOID(holdInstructionCodeOID); - this.extensionValue = os.toByteArray(); + + try (DerOutputStream os = new DerOutputStream()) { + os.putOID(holdInstructionCodeOID); + this.extensionValue = os.toByteArray(); + } } /** diff --git a/base/util/src/netscape/security/x509/InvalidityDateExtension.java b/base/util/src/netscape/security/x509/InvalidityDateExtension.java index 8a9730385..a0cf7e45b 100755 --- a/base/util/src/netscape/security/x509/InvalidityDateExtension.java +++ b/base/util/src/netscape/security/x509/InvalidityDateExtension.java @@ -74,9 +74,10 @@ public class InvalidityDateExtension extends Extension private void encodeThis() throws IOException { if (invalidityDate == null) throw new IOException("Unintialized invalidity date extension"); - DerOutputStream os = new DerOutputStream(); - os.putGeneralizedTime(this.invalidityDate); - this.extensionValue = os.toByteArray(); + try (DerOutputStream os = new DerOutputStream()) { + os.putGeneralizedTime(this.invalidityDate); + this.extensionValue = os.toByteArray(); + } } /** diff --git a/base/util/src/netscape/security/x509/KeyUsageExtension.java b/base/util/src/netscape/security/x509/KeyUsageExtension.java index 8cbfc880a..a21aa8fa3 100644 --- a/base/util/src/netscape/security/x509/KeyUsageExtension.java +++ b/base/util/src/netscape/security/x509/KeyUsageExtension.java @@ -99,9 +99,10 @@ public class KeyUsageExtension extends Extension // Encode this extension value private void encodeThis() throws IOException { - DerOutputStream os = new DerOutputStream(); - os.putUnalignedBitString(this.bitString); - this.extensionValue = os.toByteArray(); + try (DerOutputStream os = new DerOutputStream()) { + os.putUnalignedBitString(this.bitString); + this.extensionValue = os.toByteArray(); + } } /** diff --git a/base/util/src/netscape/security/x509/NSCCommentExtension.java b/base/util/src/netscape/security/x509/NSCCommentExtension.java index 6ba477504..285fe6114 100644 --- a/base/util/src/netscape/security/x509/NSCCommentExtension.java +++ b/base/util/src/netscape/security/x509/NSCCommentExtension.java @@ -63,12 +63,12 @@ public class NSCCommentExtension extends Extension implements CertAttrSet { // Encode this extension value private void encodeThis() throws IOException { - DerOutputStream os = new DerOutputStream(); - - os.putIA5String(mComment); - // DerOutputStream tmp = new DerOutputStream(); - // os.write(DerValue.tag_Sequence,tmp); - extensionValue = os.toByteArray(); + try (DerOutputStream os = new DerOutputStream()) { + os.putIA5String(mComment); + // DerOutputStream tmp = new DerOutputStream(); + // os.write(DerValue.tag_Sequence,tmp); + extensionValue = os.toByteArray(); + } } /** diff --git a/base/util/src/netscape/security/x509/NameConstraintsExtension.java b/base/util/src/netscape/security/x509/NameConstraintsExtension.java index 87309080b..29cd94f40 100644 --- a/base/util/src/netscape/security/x509/NameConstraintsExtension.java +++ b/base/util/src/netscape/security/x509/NameConstraintsExtension.java @@ -85,26 +85,27 @@ public class NameConstraintsExtension extends Extension implements CertAttrSet { // Encode this extension value. private void encodeThis() throws IOException { - DerOutputStream seq = new DerOutputStream(); + try (DerOutputStream seq = new DerOutputStream()) { - DerOutputStream tagged = new DerOutputStream(); - if ((permitted != null) && (permitted.getSubtrees().size() > 0)) { - DerOutputStream tmp = new DerOutputStream(); - permitted.encode(tmp); - tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, - true, TAG_PERMITTED), tmp); - } - if ((excluded != null) && (excluded.getSubtrees().size() > 0)) { - DerOutputStream tmp = new DerOutputStream(); - excluded.encode(tmp); - tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, - true, TAG_EXCLUDED), tmp); - } - if (permitted == null && excluded == null) { - extensionValue = null; // no need to encode this extension - } else { - seq.write(DerValue.tag_Sequence, tagged); - this.extensionValue = seq.toByteArray(); + DerOutputStream tagged = new DerOutputStream(); + if ((permitted != null) && (permitted.getSubtrees().size() > 0)) { + DerOutputStream tmp = new DerOutputStream(); + permitted.encode(tmp); + tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + true, TAG_PERMITTED), tmp); + } + if ((excluded != null) && (excluded.getSubtrees().size() > 0)) { + DerOutputStream tmp = new DerOutputStream(); + excluded.encode(tmp); + tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + true, TAG_EXCLUDED), tmp); + } + if (permitted == null && excluded == null) { + extensionValue = null; // no need to encode this extension + } else { + seq.write(DerValue.tag_Sequence, tagged); + this.extensionValue = seq.toByteArray(); + } } } diff --git a/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java b/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java index abf46e428..1aec75e43 100644 --- a/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java +++ b/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java @@ -79,23 +79,24 @@ public class PolicyConstraintsExtension extends Extension // Encode this extension value. private void encodeThis() throws IOException { - DerOutputStream tagged = new DerOutputStream(); - DerOutputStream seq = new DerOutputStream(); + try (DerOutputStream seq = new DerOutputStream()) { + DerOutputStream tagged = new DerOutputStream(); - if (require != -1) { - DerOutputStream tmp = new DerOutputStream(); - tmp.putInteger(new BigInt(require)); - tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, - false, TAG_REQUIRE), tmp); + if (require != -1) { + DerOutputStream tmp = new DerOutputStream(); + tmp.putInteger(new BigInt(require)); + tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + false, TAG_REQUIRE), tmp); + } + if (inhibit != -1) { + DerOutputStream tmp = new DerOutputStream(); + tmp.putInteger(new BigInt(inhibit)); + tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + false, TAG_INHIBIT), tmp); + } + seq.write(DerValue.tag_Sequence, tagged); + extensionValue = seq.toByteArray(); } - if (inhibit != -1) { - DerOutputStream tmp = new DerOutputStream(); - tmp.putInteger(new BigInt(inhibit)); - tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, - false, TAG_INHIBIT), tmp); - } - seq.write(DerValue.tag_Sequence, tagged); - extensionValue = seq.toByteArray(); } /** diff --git a/base/util/src/netscape/security/x509/PolicyMappingsExtension.java b/base/util/src/netscape/security/x509/PolicyMappingsExtension.java index 458e32d4a..f5205e31e 100644 --- a/base/util/src/netscape/security/x509/PolicyMappingsExtension.java +++ b/base/util/src/netscape/security/x509/PolicyMappingsExtension.java @@ -69,14 +69,15 @@ public class PolicyMappingsExtension extends Extension // Encode this extension value private void encodeThis() throws IOException { - DerOutputStream os = new DerOutputStream(); - DerOutputStream tmp = new DerOutputStream(); + try (DerOutputStream os = new DerOutputStream()) { + DerOutputStream tmp = new DerOutputStream(); - for (int i = 0; i < maps.size(); i++) { - maps.elementAt(i).encode(tmp); + for (int i = 0; i < maps.size(); i++) { + maps.elementAt(i).encode(tmp); + } + os.write(DerValue.tag_Sequence, tmp); + extensionValue = os.toByteArray(); } - os.write(DerValue.tag_Sequence, tmp); - extensionValue = os.toByteArray(); } /** diff --git a/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java b/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java index 80af3d1c4..9b100bfe2 100644 --- a/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java +++ b/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java @@ -81,23 +81,24 @@ public class PrivateKeyUsageExtension extends Extension // Encode this extension value. private void encodeThis() throws IOException { - DerOutputStream seq = new DerOutputStream(); + try (DerOutputStream seq = new DerOutputStream()) { - DerOutputStream tagged = new DerOutputStream(); - if (notBefore != null) { - DerOutputStream tmp = new DerOutputStream(); - tmp.putGeneralizedTime(notBefore); - tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, - false, TAG_BEFORE), tmp); + DerOutputStream tagged = new DerOutputStream(); + if (notBefore != null) { + DerOutputStream tmp = new DerOutputStream(); + tmp.putGeneralizedTime(notBefore); + tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + false, TAG_BEFORE), tmp); + } + if (notAfter != null) { + DerOutputStream tmp = new DerOutputStream(); + tmp.putGeneralizedTime(notAfter); + tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + false, TAG_AFTER), tmp); + } + seq.write(DerValue.tag_Sequence, tagged); + extensionValue = seq.toByteArray(); } - if (notAfter != null) { - DerOutputStream tmp = new DerOutputStream(); - tmp.putGeneralizedTime(notAfter); - tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, - false, TAG_AFTER), tmp); - } - seq.write(DerValue.tag_Sequence, tagged); - extensionValue = seq.toByteArray(); } /** diff --git a/base/util/src/netscape/security/x509/RevokedCertImpl.java b/base/util/src/netscape/security/x509/RevokedCertImpl.java index eac11f8e3..a54c4471a 100755 --- a/base/util/src/netscape/security/x509/RevokedCertImpl.java +++ b/base/util/src/netscape/security/x509/RevokedCertImpl.java @@ -225,7 +225,7 @@ public class RevokedCertImpl extends RevokedCertificate implements Serializable */ public void encode(DerOutputStream outStrm) throws CRLException, X509ExtensionException { - try { + try (DerOutputStream seq = new DerOutputStream()) { if (revokedCert == null) { DerOutputStream tmp = new DerOutputStream(); // sequence { serialNumber, revocationDate, extensions } @@ -237,7 +237,6 @@ public class RevokedCertImpl extends RevokedCertificate implements Serializable if (extensions != null) extensions.encode(tmp, isExplicit); - DerOutputStream seq = new DerOutputStream(); seq.write(DerValue.tag_Sequence, tmp); revokedCert = seq.toByteArray(); @@ -348,7 +347,7 @@ public class RevokedCertImpl extends RevokedCertificate implements Serializable public byte[] getExtensionValue(String oid) { if (extensions == null) return null; - try { + try (DerOutputStream out = new DerOutputStream()) { String extAlias = OIDMap.getName(new ObjectIdentifier(oid)); Extension crlExt = null; @@ -372,7 +371,6 @@ public class RevokedCertImpl extends RevokedCertificate implements Serializable if (extData == null) return null; - DerOutputStream out = new DerOutputStream(); out.putOctetString(extData); return out.toByteArray(); } catch (Exception e) { diff --git a/base/util/src/netscape/security/x509/SubjectDirAttributesExtension.java b/base/util/src/netscape/security/x509/SubjectDirAttributesExtension.java index 42ef26aa9..11b199671 100644 --- a/base/util/src/netscape/security/x509/SubjectDirAttributesExtension.java +++ b/base/util/src/netscape/security/x509/SubjectDirAttributesExtension.java @@ -81,18 +81,19 @@ public class SubjectDirAttributesExtension extends Extension // Encode this extension value private void encodeThis() throws IOException { - DerOutputStream out = new DerOutputStream(); - DerOutputStream tmp = new DerOutputStream(); - - //encoding the attributes - Enumeration<Attribute> attrs = attrList.elements(); - while (attrs.hasMoreElements()) { - Attribute attr = attrs.nextElement(); - attr.encode(tmp); + try (DerOutputStream out = new DerOutputStream()) { + DerOutputStream tmp = new DerOutputStream(); + + //encoding the attributes + Enumeration<Attribute> attrs = attrList.elements(); + while (attrs.hasMoreElements()) { + Attribute attr = attrs.nextElement(); + attr.encode(tmp); + } + + out.write(DerValue.tag_SequenceOf, tmp); + this.extensionValue = out.toByteArray(); } - - out.write(DerValue.tag_SequenceOf, tmp); - this.extensionValue = out.toByteArray(); } // Decode this extension value diff --git a/base/util/src/netscape/security/x509/X500Name.java b/base/util/src/netscape/security/x509/X500Name.java index d0111a27e..0f75f481c 100644 --- a/base/util/src/netscape/security/x509/X500Name.java +++ b/base/util/src/netscape/security/x509/X500Name.java @@ -591,23 +591,23 @@ public class X500Name implements Principal, GeneralNameInterface { * null if no names are present. */ public byte[] getEncoded() throws IOException { + try (DerOutputStream out = new DerOutputStream()) { + DerOutputStream tmp = new DerOutputStream(); - DerOutputStream out = new DerOutputStream(); - DerOutputStream tmp = new DerOutputStream(); + int len = 0; - int len = 0; + if (names == null) { + len = 0; + } else { + len = names.length; + } - if (names == null) { - len = 0; - } else { - len = names.length; - } - - for (int i = 0; i < len; i++) - names[i].encode(tmp); + for (int i = 0; i < len; i++) + names[i].encode(tmp); - out.write(DerValue.tag_Sequence, tmp); - return out.toByteArray(); + out.write(DerValue.tag_Sequence, tmp); + return out.toByteArray(); + } } /* diff --git a/base/util/src/netscape/security/x509/X509CRLImpl.java b/base/util/src/netscape/security/x509/X509CRLImpl.java index 843cba8e2..dfc1017bc 100755 --- a/base/util/src/netscape/security/x509/X509CRLImpl.java +++ b/base/util/src/netscape/security/x509/X509CRLImpl.java @@ -326,10 +326,9 @@ public class X509CRLImpl extends X509CRL { */ public void encodeInfo(OutputStream out) throws CRLException, X509ExtensionException { - try { + try (DerOutputStream seq = new DerOutputStream()) { DerOutputStream tmp = new DerOutputStream(); DerOutputStream rCerts = new DerOutputStream(); - DerOutputStream seq = new DerOutputStream(); if (version != 0) // v2 crl encode version tmp.putInteger(new BigInt(version)); @@ -476,7 +475,7 @@ public class X509CRLImpl extends X509CRL { public void sign(PrivateKey key, String algorithm, String provider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException, X509ExtensionException { - try { + try (DerOutputStream out = new DerOutputStream()){ if (readOnly) throw new CRLException("cannot over-write existing CRL"); Signature sigEngine = null; @@ -491,7 +490,6 @@ public class X509CRLImpl extends X509CRL { sigAlgId = AlgorithmId.get(sigEngine.getAlgorithm()); infoSigAlgId = sigAlgId; - DerOutputStream out = new DerOutputStream(); DerOutputStream tmp = new DerOutputStream(); // encode crl info @@ -848,7 +846,7 @@ public class X509CRLImpl extends X509CRL { public byte[] getExtensionValue(String oid) { if (extensions == null) return null; - try { + try (DerOutputStream out = new DerOutputStream()) { String extAlias = OIDMap.getName(new ObjectIdentifier(oid)); Extension crlExt = null; @@ -871,7 +869,7 @@ public class X509CRLImpl extends X509CRL { byte[] extData = crlExt.getExtensionValue(); if (extData == null) return null; - DerOutputStream out = new DerOutputStream(); + out.putOctetString(extData); return out.toByteArray(); } catch (Exception e) { diff --git a/base/util/src/netscape/security/x509/X509Cert.java b/base/util/src/netscape/security/x509/X509Cert.java index 021cae207..51aff172c 100644 --- a/base/util/src/netscape/security/x509/X509Cert.java +++ b/base/util/src/netscape/security/x509/X509Cert.java @@ -805,24 +805,25 @@ public class X509Cert implements Certificate, Serializable { * Encode the to-be-signed data, then the algorithm used * to create the signature. */ - DerOutputStream out = new DerOutputStream(); - DerOutputStream tmp = new DerOutputStream(); + try (DerOutputStream out = new DerOutputStream()) { + DerOutputStream tmp = new DerOutputStream(); - tmp.write(data); - issuer.getAlgorithmId().encode(tmp); + tmp.write(data); + issuer.getAlgorithmId().encode(tmp); - /* - * Create and encode the signature itself. - */ - issuer.update(data, 0, data.length); - signature = issuer.sign(); - tmp.putBitString(signature); + /* + * Create and encode the signature itself. + */ + issuer.update(data, 0, data.length); + signature = issuer.sign(); + tmp.putBitString(signature); - /* - * Wrap the signed data in a SEQUENCE { data, algorithm, sig } - */ - out.write(DerValue.tag_Sequence, tmp); - return out.toByteArray(); + /* + * Wrap the signed data in a SEQUENCE { data, algorithm, sig } + */ + out.write(DerValue.tag_Sequence, tmp); + return out.toByteArray(); + } } /** diff --git a/base/util/src/netscape/security/x509/X509CertImpl.java b/base/util/src/netscape/security/x509/X509CertImpl.java index 2d24b6659..111cd3b6d 100755 --- a/base/util/src/netscape/security/x509/X509CertImpl.java +++ b/base/util/src/netscape/security/x509/X509CertImpl.java @@ -405,7 +405,7 @@ public class X509CertImpl extends X509Certificate public void sign(PrivateKey key, String algorithm, String provider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException { - try { + try (DerOutputStream out = new DerOutputStream()){ if (readOnly) throw new CertificateEncodingException( "cannot over-write existing certificate"); @@ -420,7 +420,6 @@ public class X509CertImpl extends X509Certificate // in case the name is reset algId = AlgorithmId.get(sigEngine.getAlgorithm()); - DerOutputStream out = new DerOutputStream(); DerOutputStream tmp = new DerOutputStream(); // encode certificate info diff --git a/base/util/test/com/netscape/security/util/StringTestUtil.java b/base/util/test/com/netscape/security/util/StringTestUtil.java index 16810581c..b25ea5981 100644 --- a/base/util/test/com/netscape/security/util/StringTestUtil.java +++ b/base/util/test/com/netscape/security/util/StringTestUtil.java @@ -31,29 +31,31 @@ public class StringTestUtil { public static byte[] normalizeUnicode(byte[] data) throws Exception { - DerValue value = new DerValue(data); - byte[] tmp = value.data.toByteArray(); + try (DerOutputStream os = new DerOutputStream()) { + DerValue value = new DerValue(data); + byte[] tmp = value.data.toByteArray(); - if (tmp[0] == -2 && tmp[1] == -1) { // remove optional big-endian byte-order mark + if (tmp[0] == -2 && tmp[1] == -1) { // remove optional big-endian byte-order mark - byte tag = value.tag; - int length = value.length() - 2; + byte tag = value.tag; + int length = value.length() - 2; - DerOutputStream os = new DerOutputStream(); - os.putTag((byte) 0, false, tag); - os.putLength(length); - os.write(tmp, 2, length); + os.putTag((byte) 0, false, tag); + os.putLength(length); + os.write(tmp, 2, length); - return os.toByteArray(); - } + return os.toByteArray(); + } - return data; + return data; + } } public static byte[] encode(byte tag, String string) throws Exception { - DerOutputStream os = new DerOutputStream(); - os.putStringType(tag, string); - return os.toByteArray(); + try (DerOutputStream os = new DerOutputStream()) { + os.putStringType(tag, string); + return os.toByteArray(); + } } public static String decode(byte tag, byte[] bytes) throws Exception { |