edu.uiuc.ncsa.security.util.pkcs.MySunPKCS_CR Maven / Gradle / Ivy
package edu.uiuc.ncsa.security.util.pkcs;
import edu.uiuc.ncsa.security.core.exceptions.InvalidCertRequestException;
import sun.security.pkcs.PKCS10;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;
import java.io.IOException;
import java.security.PublicKey;
/**
* Created by Jeff Gaynor
* on 6/10/14 at 2:37 PM
*/
public class MySunPKCS_CR extends MyPKCS10CertRequest {
public MySunPKCS_CR(byte[] derEncoded) {
try {
checkVersion(derEncoded);
pkcs10 = new PKCS10(derEncoded);
} catch (RuntimeException re) {
throw re;
} catch (Exception e) {
e.printStackTrace();
throw new InvalidCertRequestException("Error creating cert request from byte array", e);
}
}
/**
* Fix for OAUTH-96, sort of. Some python clients send and invalid cert request
* because the programmer does not set the version (to zero). Python then sends a
* zero-length integer. Now, as this violates the PKCS10 spec., and should be rejected.
* Bouncy Castle will ignore it but the Sun libraries will throw an extremely
* unhelpful IOException. The method does the check and throws a much better exception.
* @param derEncoded
*/
protected void checkVersion(byte[] derEncoded) {
try {
DerInputStream derInputStream = new DerInputStream(derEncoded);
DerValue[] seq = derInputStream.getSequence(3); //try and get the first three elements.
seq[0].data.getBigInteger();
} catch (IOException iox) {
throw new InvalidCertRequestException("Invalid Certification Request. Be sure that the version number " +
"of the (PCKS10) request is set to zero.", iox);
}
}
@Override
public String toString() {
if (pkcs10 == null) return "null";
return pkcs10.toString();
}
PKCS10 pkcs10;
public MySunPKCS_CR(PKCS10 pkcs10) {
this.pkcs10 = pkcs10;
}
@Override
public PublicKey getPublicKey() {
return pkcs10.getSubjectPublicKeyInfo();
}
@Override
public byte[] getEncoded() {
return pkcs10.getEncoded();
}
}