author | chegar |
Thu, 17 Oct 2019 20:54:25 +0100 | |
branch | datagramsocketimpl-branch |
changeset 58679 | 9c3209ff7550 |
parent 58678 | 9cf78a70fa4f |
parent 55714 | e17ec6bc670a |
permissions | -rw-r--r-- |
2 | 1 |
/* |
54372
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
2 |
* Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.security.util; |
|
27 |
||
28 |
import java.io.IOException; |
|
54372
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
29 |
import java.io.InputStream; |
2 | 30 |
import java.util.ArrayList; |
54372
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
31 |
import java.util.Arrays; |
2 | 32 |
|
33 |
/** |
|
34 |
* A package private utility class to convert indefinite length DER |
|
35 |
* encoded byte arrays to definite length DER encoded byte arrays. |
|
36 |
* |
|
37 |
* This assumes that the basic data structure is "tag, length, value" |
|
38 |
* triplet. In the case where the length is "indefinite", terminating |
|
39 |
* end-of-contents bytes are expected. |
|
40 |
* |
|
41 |
* @author Hemma Prafullchandra |
|
42 |
*/ |
|
43 |
class DerIndefLenConverter { |
|
44 |
||
45 |
private static final int TAG_MASK = 0x1f; // bits 5-1 |
|
46 |
private static final int FORM_MASK = 0x20; // bits 6 |
|
47 |
private static final int CLASS_MASK = 0xC0; // bits 8 and 7 |
|
48 |
||
49 |
private static final int LEN_LONG = 0x80; // bit 8 set |
|
50 |
private static final int LEN_MASK = 0x7f; // bits 7 - 1 |
|
51 |
private static final int SKIP_EOC_BYTES = 2; |
|
52 |
||
53 |
private byte[] data, newData; |
|
54 |
private int newDataPos, dataPos, dataSize, index; |
|
1093
b7d502a05abf
6731685: CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain
weijun
parents:
2
diff
changeset
|
55 |
private int unresolved = 0; |
2 | 56 |
|
57 |
private ArrayList<Object> ndefsList = new ArrayList<Object>(); |
|
58 |
||
59 |
private int numOfTotalLenBytes = 0; |
|
60 |
||
61 |
private boolean isEOC(int tag) { |
|
62 |
return (((tag & TAG_MASK) == 0x00) && // EOC |
|
63 |
((tag & FORM_MASK) == 0x00) && // primitive |
|
64 |
((tag & CLASS_MASK) == 0x00)); // universal |
|
65 |
} |
|
66 |
||
67 |
// if bit 8 is set then it implies either indefinite length or long form |
|
68 |
static boolean isLongForm(int lengthByte) { |
|
69 |
return ((lengthByte & LEN_LONG) == LEN_LONG); |
|
70 |
} |
|
71 |
||
72 |
/* |
|
73 |
* Default package private constructor |
|
74 |
*/ |
|
75 |
DerIndefLenConverter() { } |
|
76 |
||
77 |
/** |
|
78 |
* Checks whether the given length byte is of the form |
|
79 |
* <em>Indefinite</em>. |
|
80 |
* |
|
81 |
* @param lengthByte the length byte from a DER encoded |
|
82 |
* object. |
|
83 |
* @return true if the byte is of Indefinite form otherwise |
|
84 |
* returns false. |
|
85 |
*/ |
|
86 |
static boolean isIndefinite(int lengthByte) { |
|
87 |
return (isLongForm(lengthByte) && ((lengthByte & LEN_MASK) == 0)); |
|
88 |
} |
|
89 |
||
90 |
/** |
|
91 |
* Parse the tag and if it is an end-of-contents tag then |
|
92 |
* add the current position to the <code>eocList</code> vector. |
|
93 |
*/ |
|
94 |
private void parseTag() throws IOException { |
|
55714
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
95 |
if (isEOC(data[dataPos]) && (data[dataPos + 1] == 0)) { |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
96 |
int numOfEncapsulatedLenBytes = 0; |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
97 |
Object elem = null; |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
98 |
int index; |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
99 |
for (index = ndefsList.size()-1; index >= 0; index--) { |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
100 |
// Determine the first element in the vector that does not |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
101 |
// have a matching EOC |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
102 |
elem = ndefsList.get(index); |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
103 |
if (elem instanceof Integer) { |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
104 |
break; |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
105 |
} else { |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
106 |
numOfEncapsulatedLenBytes += ((byte[])elem).length - 3; |
2 | 107 |
} |
55714
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
108 |
} |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
109 |
if (index < 0) { |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
110 |
throw new IOException("EOC does not have matching " + |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
111 |
"indefinite-length tag"); |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
112 |
} |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
113 |
int sectionLen = dataPos - ((Integer)elem).intValue() + |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
114 |
numOfEncapsulatedLenBytes; |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
115 |
byte[] sectionLenBytes = getLengthBytes(sectionLen); |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
116 |
ndefsList.set(index, sectionLenBytes); |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
117 |
unresolved--; |
55707 | 118 |
|
55714
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
119 |
// Add the number of bytes required to represent this section |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
120 |
// to the total number of length bytes, |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
121 |
// and subtract the indefinite-length tag (1 byte) and |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
122 |
// EOC bytes (2 bytes) for this section |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
123 |
numOfTotalLenBytes += (sectionLenBytes.length - 3); |
2 | 124 |
} |
55714
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
125 |
dataPos++; |
2 | 126 |
} |
127 |
||
128 |
/** |
|
129 |
* Write the tag and if it is an end-of-contents tag |
|
130 |
* then skip the tag and its 1 byte length of zero. |
|
131 |
*/ |
|
132 |
private void writeTag() { |
|
133 |
if (dataPos == dataSize) |
|
134 |
return; |
|
135 |
int tag = data[dataPos++]; |
|
136 |
if (isEOC(tag) && (data[dataPos] == 0)) { |
|
137 |
dataPos++; // skip length |
|
138 |
writeTag(); |
|
139 |
} else |
|
140 |
newData[newDataPos++] = (byte)tag; |
|
141 |
} |
|
142 |
||
143 |
/** |
|
144 |
* Parse the length and if it is an indefinite length then add |
|
145 |
* the current position to the <code>ndefsList</code> vector. |
|
54372
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
146 |
* |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
147 |
* @return the length of definite length data next, or -1 if there is |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
148 |
* not enough bytes to determine it |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
149 |
* @throws IOException if invalid data is read |
2 | 150 |
*/ |
151 |
private int parseLength() throws IOException { |
|
152 |
int curLen = 0; |
|
153 |
if (dataPos == dataSize) |
|
154 |
return curLen; |
|
155 |
int lenByte = data[dataPos++] & 0xff; |
|
156 |
if (isIndefinite(lenByte)) { |
|
25522
10d789df41bb
8049892: Replace uses of 'new Integer()' with appropriate alternative across core classes
prr
parents:
23010
diff
changeset
|
157 |
ndefsList.add(dataPos); |
1093
b7d502a05abf
6731685: CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain
weijun
parents:
2
diff
changeset
|
158 |
unresolved++; |
2 | 159 |
return curLen; |
160 |
} |
|
161 |
if (isLongForm(lenByte)) { |
|
162 |
lenByte &= LEN_MASK; |
|
28551 | 163 |
if (lenByte > 4) { |
2 | 164 |
throw new IOException("Too much data"); |
28551 | 165 |
} |
166 |
if ((dataSize - dataPos) < (lenByte + 1)) { |
|
54372
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
167 |
return -1; |
28551 | 168 |
} |
169 |
for (int i = 0; i < lenByte; i++) { |
|
2 | 170 |
curLen = (curLen << 8) + (data[dataPos++] & 0xff); |
28551 | 171 |
} |
172 |
if (curLen < 0) { |
|
173 |
throw new IOException("Invalid length bytes"); |
|
174 |
} |
|
2 | 175 |
} else { |
176 |
curLen = (lenByte & LEN_MASK); |
|
177 |
} |
|
178 |
return curLen; |
|
179 |
} |
|
180 |
||
181 |
/** |
|
182 |
* Write the length and if it is an indefinite length |
|
183 |
* then calculate the definite length from the positions |
|
184 |
* of the indefinite length and its matching EOC terminator. |
|
185 |
* Then, write the value. |
|
186 |
*/ |
|
187 |
private void writeLengthAndValue() throws IOException { |
|
188 |
if (dataPos == dataSize) |
|
189 |
return; |
|
190 |
int curLen = 0; |
|
191 |
int lenByte = data[dataPos++] & 0xff; |
|
192 |
if (isIndefinite(lenByte)) { |
|
193 |
byte[] lenBytes = (byte[])ndefsList.get(index++); |
|
194 |
System.arraycopy(lenBytes, 0, newData, newDataPos, |
|
195 |
lenBytes.length); |
|
196 |
newDataPos += lenBytes.length; |
|
197 |
return; |
|
198 |
} |
|
199 |
if (isLongForm(lenByte)) { |
|
200 |
lenByte &= LEN_MASK; |
|
28551 | 201 |
for (int i = 0; i < lenByte; i++) { |
2 | 202 |
curLen = (curLen << 8) + (data[dataPos++] & 0xff); |
28551 | 203 |
} |
204 |
if (curLen < 0) { |
|
205 |
throw new IOException("Invalid length bytes"); |
|
206 |
} |
|
207 |
} else { |
|
2 | 208 |
curLen = (lenByte & LEN_MASK); |
28551 | 209 |
} |
2 | 210 |
writeLength(curLen); |
211 |
writeValue(curLen); |
|
212 |
} |
|
213 |
||
214 |
private void writeLength(int curLen) { |
|
215 |
if (curLen < 128) { |
|
216 |
newData[newDataPos++] = (byte)curLen; |
|
217 |
||
218 |
} else if (curLen < (1 << 8)) { |
|
219 |
newData[newDataPos++] = (byte)0x81; |
|
220 |
newData[newDataPos++] = (byte)curLen; |
|
221 |
||
222 |
} else if (curLen < (1 << 16)) { |
|
223 |
newData[newDataPos++] = (byte)0x82; |
|
224 |
newData[newDataPos++] = (byte)(curLen >> 8); |
|
225 |
newData[newDataPos++] = (byte)curLen; |
|
226 |
||
227 |
} else if (curLen < (1 << 24)) { |
|
228 |
newData[newDataPos++] = (byte)0x83; |
|
229 |
newData[newDataPos++] = (byte)(curLen >> 16); |
|
230 |
newData[newDataPos++] = (byte)(curLen >> 8); |
|
231 |
newData[newDataPos++] = (byte)curLen; |
|
232 |
||
233 |
} else { |
|
234 |
newData[newDataPos++] = (byte)0x84; |
|
235 |
newData[newDataPos++] = (byte)(curLen >> 24); |
|
236 |
newData[newDataPos++] = (byte)(curLen >> 16); |
|
237 |
newData[newDataPos++] = (byte)(curLen >> 8); |
|
238 |
newData[newDataPos++] = (byte)curLen; |
|
239 |
} |
|
240 |
} |
|
241 |
||
242 |
private byte[] getLengthBytes(int curLen) { |
|
243 |
byte[] lenBytes; |
|
244 |
int index = 0; |
|
245 |
||
246 |
if (curLen < 128) { |
|
247 |
lenBytes = new byte[1]; |
|
248 |
lenBytes[index++] = (byte)curLen; |
|
249 |
||
250 |
} else if (curLen < (1 << 8)) { |
|
251 |
lenBytes = new byte[2]; |
|
252 |
lenBytes[index++] = (byte)0x81; |
|
253 |
lenBytes[index++] = (byte)curLen; |
|
254 |
||
255 |
} else if (curLen < (1 << 16)) { |
|
256 |
lenBytes = new byte[3]; |
|
257 |
lenBytes[index++] = (byte)0x82; |
|
258 |
lenBytes[index++] = (byte)(curLen >> 8); |
|
259 |
lenBytes[index++] = (byte)curLen; |
|
260 |
||
261 |
} else if (curLen < (1 << 24)) { |
|
262 |
lenBytes = new byte[4]; |
|
263 |
lenBytes[index++] = (byte)0x83; |
|
264 |
lenBytes[index++] = (byte)(curLen >> 16); |
|
265 |
lenBytes[index++] = (byte)(curLen >> 8); |
|
266 |
lenBytes[index++] = (byte)curLen; |
|
267 |
||
268 |
} else { |
|
269 |
lenBytes = new byte[5]; |
|
270 |
lenBytes[index++] = (byte)0x84; |
|
271 |
lenBytes[index++] = (byte)(curLen >> 24); |
|
272 |
lenBytes[index++] = (byte)(curLen >> 16); |
|
273 |
lenBytes[index++] = (byte)(curLen >> 8); |
|
274 |
lenBytes[index++] = (byte)curLen; |
|
275 |
} |
|
276 |
||
277 |
return lenBytes; |
|
278 |
} |
|
279 |
||
280 |
// Returns the number of bytes needed to represent the given length |
|
281 |
// in ASN.1 notation |
|
282 |
private int getNumOfLenBytes(int len) { |
|
283 |
int numOfLenBytes = 0; |
|
284 |
||
285 |
if (len < 128) { |
|
286 |
numOfLenBytes = 1; |
|
287 |
} else if (len < (1 << 8)) { |
|
288 |
numOfLenBytes = 2; |
|
289 |
} else if (len < (1 << 16)) { |
|
290 |
numOfLenBytes = 3; |
|
291 |
} else if (len < (1 << 24)) { |
|
292 |
numOfLenBytes = 4; |
|
293 |
} else { |
|
294 |
numOfLenBytes = 5; |
|
295 |
} |
|
296 |
return numOfLenBytes; |
|
297 |
} |
|
298 |
||
299 |
/** |
|
300 |
* Parse the value; |
|
301 |
*/ |
|
302 |
private void parseValue(int curLen) { |
|
303 |
dataPos += curLen; |
|
304 |
} |
|
305 |
||
306 |
/** |
|
307 |
* Write the value; |
|
308 |
*/ |
|
309 |
private void writeValue(int curLen) { |
|
310 |
for (int i=0; i < curLen; i++) |
|
311 |
newData[newDataPos++] = data[dataPos++]; |
|
312 |
} |
|
313 |
||
314 |
/** |
|
315 |
* Converts a indefinite length DER encoded byte array to |
|
316 |
* a definte length DER encoding. |
|
317 |
* |
|
318 |
* @param indefData the byte array holding the indefinite |
|
319 |
* length encoding. |
|
320 |
* @return the byte array containing the definite length |
|
54372
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
321 |
* DER encoding, or null if there is not enough data. |
2 | 322 |
* @exception IOException on parsing or re-writing errors. |
323 |
*/ |
|
54372
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
324 |
byte[] convertBytes(byte[] indefData) throws IOException { |
2 | 325 |
data = indefData; |
326 |
dataPos=0; index=0; |
|
327 |
dataSize = data.length; |
|
328 |
int len=0; |
|
1093
b7d502a05abf
6731685: CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain
weijun
parents:
2
diff
changeset
|
329 |
int unused = 0; |
2 | 330 |
|
331 |
// parse and set up the vectors of all the indefinite-lengths |
|
332 |
while (dataPos < dataSize) { |
|
55714
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
333 |
if (dataPos + 2 > dataSize) { |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
334 |
// There should be at least one tag and one length |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
335 |
return null; |
e17ec6bc670a
8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
weijun
parents:
55707
diff
changeset
|
336 |
} |
2 | 337 |
parseTag(); |
338 |
len = parseLength(); |
|
54372
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
339 |
if (len < 0) { |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
340 |
return null; |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
341 |
} |
2 | 342 |
parseValue(len); |
1093
b7d502a05abf
6731685: CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain
weijun
parents:
2
diff
changeset
|
343 |
if (unresolved == 0) { |
b7d502a05abf
6731685: CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain
weijun
parents:
2
diff
changeset
|
344 |
unused = dataSize - dataPos; |
b7d502a05abf
6731685: CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain
weijun
parents:
2
diff
changeset
|
345 |
dataSize = dataPos; |
b7d502a05abf
6731685: CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain
weijun
parents:
2
diff
changeset
|
346 |
break; |
b7d502a05abf
6731685: CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain
weijun
parents:
2
diff
changeset
|
347 |
} |
2 | 348 |
} |
349 |
||
16082 | 350 |
if (unresolved != 0) { |
54372
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
351 |
return null; |
16082 | 352 |
} |
353 |
||
1093
b7d502a05abf
6731685: CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain
weijun
parents:
2
diff
changeset
|
354 |
newData = new byte[dataSize + numOfTotalLenBytes + unused]; |
2 | 355 |
dataPos=0; newDataPos=0; index=0; |
356 |
||
357 |
// write out the new byte array replacing all the indefinite-lengths |
|
358 |
// and EOCs |
|
359 |
while (dataPos < dataSize) { |
|
360 |
writeTag(); |
|
361 |
writeLengthAndValue(); |
|
362 |
} |
|
1093
b7d502a05abf
6731685: CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain
weijun
parents:
2
diff
changeset
|
363 |
System.arraycopy(indefData, dataSize, |
b7d502a05abf
6731685: CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain
weijun
parents:
2
diff
changeset
|
364 |
newData, dataSize + numOfTotalLenBytes, unused); |
2 | 365 |
|
366 |
return newData; |
|
367 |
} |
|
54372
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
368 |
|
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
369 |
/** |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
370 |
* Read the input stream into a DER byte array. If an indef len BER is |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
371 |
* not resolved this method will try to read more data until EOF is reached. |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
372 |
* This may block. |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
373 |
* |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
374 |
* @param in the input stream with tag and lenByte already read |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
375 |
* @param lenByte the length of the length field to remember |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
376 |
* @param tag the tag to remember |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
377 |
* @return a DER byte array |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
378 |
* @throws IOException if not all indef len BER |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
379 |
* can be resolved or another I/O error happens |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
380 |
*/ |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
381 |
public static byte[] convertStream(InputStream in, byte lenByte, byte tag) |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
382 |
throws IOException { |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
383 |
int offset = 2; // for tag and length bytes |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
384 |
int readLen = in.available(); |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
385 |
byte[] indefData = new byte[readLen + offset]; |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
386 |
indefData[0] = tag; |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
387 |
indefData[1] = lenByte; |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
388 |
while (true) { |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
389 |
int bytesRead = in.readNBytes(indefData, offset, readLen); |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
390 |
if (bytesRead != readLen) { |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
391 |
readLen = bytesRead; |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
392 |
indefData = Arrays.copyOf(indefData, offset + bytesRead); |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
393 |
} |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
394 |
DerIndefLenConverter derIn = new DerIndefLenConverter(); |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
395 |
byte[] result = derIn.convertBytes(indefData); |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
396 |
if (result == null) { |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
397 |
int next = in.read(); // This could block, but we need more |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
398 |
if (next == -1) { |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
399 |
throw new IOException("not all indef len BER resolved"); |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
400 |
} |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
401 |
int more = in.available(); |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
402 |
// expand array to include next and more |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
403 |
indefData = Arrays.copyOf(indefData, offset + readLen + 1 + more); |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
404 |
indefData[offset + readLen] = (byte)next; |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
405 |
offset = offset + readLen + 1; |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
406 |
readLen = more; |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
407 |
} else { |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
408 |
return result; |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
409 |
} |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
410 |
} |
9ac5d41abf68
8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
weijun
parents:
47216
diff
changeset
|
411 |
} |
2 | 412 |
} |