diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java | 187 |
1 files changed, 187 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java new file mode 100644 index 000000000..616eab27b --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java @@ -0,0 +1,187 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.cert.scep; + +import java.io.*; +import java.security.*; +import java.util.Properties; +import java.util.*; + +import netscape.security.util.*; +import netscape.security.x509.*; +import java.security.cert.CertificateException; +import com.netscape.cmsutil.scep.*; + + +public class ExtensionsRequested implements CertAttrSet { + + + public static final String NAME = "EXTENSIONS_REQUESTED"; + + public static final String KUE_DIGITAL_SIGNATURE = "kue_digital_signature"; + public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment"; + + private String kue_digital_signature = "false"; + private String kue_key_encipherment = "false"; + + private Vector exts = new Vector(); + + public ExtensionsRequested(Object stuff) throws IOException { + ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff); + + try { + decode(is); + } + catch (Exception e) { + e.printStackTrace(); + throw new IOException(e.getMessage()); + } + } + + public void encode(OutputStream out) + throws CertificateException, IOException + { } + + public void decode(InputStream in) + throws CertificateException, IOException + { + DerValue derVal = new DerValue(in); + + construct(derVal); + } + + public void set(String name, Object obj) + throws CertificateException, IOException + { } + + public Object get(String name) + throws CertificateException, IOException + { + if (name.equalsIgnoreCase(KUE_DIGITAL_SIGNATURE)) { + return kue_digital_signature; + } + if (name.equalsIgnoreCase(KUE_KEY_ENCIPHERMENT)) { + return kue_key_encipherment; + } + + throw new IOException("Unsupported attribute queried"); + } + + public void delete(String name) + throws CertificateException, IOException + { + } + + public Enumeration getElements() + { return (new Hashtable()).elements();} + + public String getName() + { return NAME;} + + + +/** + construct - expects this in the inputstream (from the router): + + 211 30 31: SEQUENCE { + 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8' + 225 31 17: SET { + 227 04 15: OCTET STRING, encapsulates { + 229 30 13: SEQUENCE { + 231 30 11: SEQUENCE { + 233 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) + 238 04 4: OCTET STRING + : 03 02 05 A0 + : } + : } + : } + + or this (from IRE client): + + 262 30 51: SEQUENCE { + 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14) + 275 31 38: SET { + 277 30 36: SEQUENCE { + 279 30 34: SEQUENCE { + 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) + 286 04 27: OCTET STRING + : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61 + : 61 61 2E 6D 63 6F 6D 2E 63 6F 6D + : } + : } + : } + : } + + + */ + private void construct(DerValue dv) throws IOException { + + DerInputStream stream = null; + DerValue[] dvs; + + try { // try decoding as sequence first + + stream = dv.toDerInputStream(); + + DerValue stream_dv = stream.getDerValue(); + stream.reset(); + + + dvs = stream.getSequence(2); + } + catch (IOException ioe) { + // if it failed, the outer sequence may be + // encapsulated in an octet string, as in the first + // example above + + byte[] octet_string = dv.getOctetString(); + + // Make a new input stream from the byte array, + // and re-parse it as a sequence. + + dv = new DerValue(octet_string); + + stream = dv.toDerInputStream(); + dvs = stream.getSequence(2); + } + + // now, the stream will be in the correct format + stream.reset(); + + while (true) { + DerValue ext_dv=null; + try { + ext_dv = stream.getDerValue(); + } + catch (IOException ex) { + break; + } + + Extension ext = new Extension(ext_dv); + exts.addElement(ext); + } + + } + + public Vector getExtensions() { + return exts; + } + +} + + |