Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
 package edu.uiuc.ncsa.security.util.pkcs;
 
 

Created by Jeff Gaynor
on 6/10/14 at 2:37 PM

public class MySunPKCS_CR extends MyPKCS10CertRequest {
       public MySunPKCS_CR(byte[] derEncoded) {
           try {
               checkVersion(derEncoded);
                = new PKCS10(derEncoded);
           } catch (RuntimeException re) {
               throw re;
           } catch (Exception e) {
               e.printStackTrace();
               throw new InvalidCertRequestException("Error creating cert request from byte array"e);
           }
       }



       
Fix for OAUTH-96, sort of. Some python clients send and invalid cert request because the programmer does not set the version (to zero). Python then sends a zero-length integer. Now, as this violates the PKCS10 spec., and should be rejected. Bouncy Castle will ignore it but the Sun libraries will throw an extremely unhelpful IOException. The method does the check and throws a much better exception.

Parameters:
derEncoded
       protected void checkVersion(byte[] derEncoded) {
           try {
               DerInputStream derInputStream = new DerInputStream(derEncoded);
               DerValue[] seq = derInputStream.getSequence(3); //try and get the first three elements.
               seq[0]..getBigInteger();
           } catch (IOException iox) {
               throw new InvalidCertRequestException("Invalid Certification Request. Be sure that the version number " +
                       "of the (PCKS10) request is set to zero."iox);
           }
       }
       @Override
       public String toString() {
           if ( == nullreturn "null";
           return .toString();
       }
       PKCS10 pkcs10;
       public MySunPKCS_CR(PKCS10 pkcs10) {
           this. = pkcs10;
       }
       @Override
       public PublicKey getPublicKey() {
           return .getSubjectPublicKeyInfo();
       }
       @Override
       public byte[] getEncoded() {
           return .getEncoded();
       }
   }
New to GrepCode? Check out our FAQ X