Examples of sun.security.util.DerInputStream

• sun.security.util.DerInputStream
  A DER input stream, used for parsing ASN.1 DER-encoded data such as that found in X.509 certificates. DER is a subset of BER/1, which has the advantage that it allows only a single encoding of primitive data. (High level data such as dates still support many encodings.) That is, it uses the "Definite" Encoding Rules (DER) not the "Basic" ones (BER).

  Note that, like BER/1, DER streams are streams of explicitly tagged data values. Accordingly, this programming interface does not expose any variant of the java.io.InputStream interface, since that kind of input stream holds untagged data values and using that I/O model could prevent correct parsing of the DER data.

  At this time, this class supports only a subset of the types of DER data encodings which are defined. That subset is sufficient for parsing most X.509 certificates. @author David Brownell @author Amit Kapoor @author Hemma Prafullchandra

    return (SecretKey) keySpec;
  }

  // Parses the service ticket (GSS AP-REQ token)
  private EncryptionKey parseServiceTicket(byte[] ticket) throws Exception {
    DerInputStream ticketStream = new DerInputStream(ticket);
    DerValue[] values = ticketStream.getSet(ticket.length, true);

    // Look for the AP_REQ.
    // AP-REQ ::= [APPLICATION 14] SEQUENCE
    for (int i = 0; i < values.length; i++) {
      DerValue value = values[i];

                    debug.println("X509CRLSelector.match: no CRLNumber");
                }
            }
            BigInteger crlNum;
            try {
                DerInputStream in = new DerInputStream(crlNumExtVal);
                byte[] encoded = in.getOctetString();
                CRLNumberExtension crlNumExt =
                    new CRLNumberExtension(Boolean.FALSE, encoded);
                crlNum = crlNumExt.get(CRLNumberExtension.NUMBER);
            } catch (IOException ex) {
                if (debug != null) {

        }
        byte[] rawExtVal = cert.getExtensionValue(EXTENSION_OIDS[extId]);
        if (rawExtVal == null) {
            return null;
        }
        DerInputStream in = new DerInputStream(rawExtVal);
        byte[] encoded = in.getOctetString();
        switch (extId) {
        case PRIVATE_KEY_USAGE_ID:
            try {
                return new PrivateKeyUsageExtension(FALSE, encoded);
            } catch (CertificateException ex) {

                    debug.println("X509CertSelector.match: "
                        + "no subject key ID extension");
                }
                return false;
            }
            DerInputStream in = new DerInputStream(extVal);
            byte[] certSubjectKeyID = in.getOctetString();
            if (certSubjectKeyID == null ||
                    !Arrays.equals(subjectKeyID, certSubjectKeyID)) {
                if (debug != null) {
                    debug.println("X509CertSelector.match: "
                        + "subject key IDs don't match");

                    debug.println("X509CertSelector.match: "
                        + "no authority key ID extension");
                }
                return false;
            }
            DerInputStream in = new DerInputStream(extVal);
            byte[] certAuthKeyID = in.getOctetString();
            if (certAuthKeyID == null ||
                    !Arrays.equals(authorityKeyID, certAuthKeyID)) {
                if (debug != null) {
                    debug.println("X509CertSelector.match: "
                        + "authority key IDs don't match");

  }
  byte[] rawExtVal = cert.getExtensionValue(EXTENSION_OIDS[extId]);
  if (rawExtVal == null) {
      return null;
  }
  DerInputStream in = new DerInputStream(rawExtVal);
  byte[] encoded = in.getOctetString();
  switch (extId) {
  case PRIVATE_KEY_USAGE_ID:
      try {
    return new PrivateKeyUsageExtension(FALSE, encoded);
      } catch (CertificateException ex) {

        debug.println("X509CertSelector.match: "
          + "no subject key ID extension");
    }
    return false;
      }
      DerInputStream in = new DerInputStream(extVal);
      byte[] certSubjectKeyID = in.getOctetString();
      if (certSubjectKeyID == null ||
              !Arrays.equals(subjectKeyID, certSubjectKeyID)) {
    if (debug != null) {
        debug.println("X509CertSelector.match: "
          + "subject key IDs don't match");

        debug.println("X509CertSelector.match: "
          + "no authority key ID extension");
    }
    return false;
      }
      DerInputStream in = new DerInputStream(extVal);
      byte[] certAuthKeyID = in.getOctetString();
      if (certAuthKeyID == null ||
            !Arrays.equals(authorityKeyID, certAuthKeyID)) {
    if (debug != null) {
        debug.println("X509CertSelector.match: "
          + "authority key IDs don't match");

        debug.println("X509CRLSelector.match: no CRLNumber");
    }
      }
      BigInteger crlNum;
      try {
    DerInputStream in = new DerInputStream(crlNumExtVal);
    byte[] encoded = in.getOctetString();
    CRLNumberExtension crlNumExt =
        new CRLNumberExtension(Boolean.FALSE, encoded);
    crlNum = (BigInteger)crlNumExt.get(CRLNumberExtension.NUMBER);
      } catch (IOException ex) {
    if (debug != null) {

                /* Extract DER encoding */
                derenc = X509CertificateChainHelper.extract(any);
            }

            DerInputStream din = new DerInputStream(derenc);

            /**
             * Size specified for getSequence() is 1 and is just
             * used as a guess by the method getSequence().
             */
            DerValue[] derval = din.getSequence(1);
            X509Certificate[] certchain =
                        new X509CertImpl[derval.length];
            /**
             * X509Certificate does not have a constructor which can
             * be used to instantiate objects from DER encodings. So