提交 fc28d3fd 编写于 作者: M mullan

8234042: Better factory production of certificates

Reviewed-by: weijun, rhalade, mschoene
上级 39d6fef1
/*
* Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2011, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -226,6 +226,9 @@ public final class KeychainStore extends KeyStoreSpi {
// Get the Algorithm ID next
DerValue[] value = in.getSequence(2);
if (value.length < 1 || value.length > 2) {
throw new IOException("Invalid length for AlgorithmIdentifier");
}
AlgorithmId algId = new AlgorithmId(value[0].getOID());
String algName = algId.getName();
......
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -252,6 +252,9 @@ public final class PKCS12Attribute implements KeyStore.Entry.Attribute {
private void parse(byte[] encoded) throws IOException {
DerInputStream attributeValue = new DerInputStream(encoded);
DerValue[] attrSeq = attributeValue.getSequence(2);
if (attrSeq.length != 2) {
throw new IOException("Invalid length for PKCS12Attribute");
}
ObjectIdentifier type = attrSeq[0].getOID();
DerInputStream attrContent =
new DerInputStream(attrSeq[1].toByteArray());
......
/*
* Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -130,6 +130,9 @@ public class ContentInfo {
DerValue[] contents;
typeAndContent = derin.getSequence(2);
if (typeAndContent.length < 1 || typeAndContent.length > 2) {
throw new ParsingException("Invalid length for ContentInfo");
}
// Parse the content type
type = typeAndContent[0];
......@@ -149,6 +152,9 @@ public class ContentInfo {
disTaggedContent
= new DerInputStream(taggedContent.toByteArray());
contents = disTaggedContent.getSet(1, true);
if (contents.length != 1) {
throw new ParsingException("ContentInfo encoding error");
}
content = contents[0];
}
}
......
......@@ -144,6 +144,9 @@ public class SignerInfo implements DerEncoder {
// issuerAndSerialNumber
DerValue[] issuerAndSerialNumber = derin.getSequence(2);
if (issuerAndSerialNumber.length != 2) {
throw new ParsingException("Invalid length for IssuerAndSerialNumber");
}
byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray();
issuerName = new X500Name(new DerValue(DerValue.tag_Sequence,
issuerBytes));
......
/*
* Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -59,10 +59,16 @@ class MacData {
throws IOException, ParsingException
{
DerValue[] macData = derin.getSequence(2);
if (macData.length < 2 || macData.length > 3) {
throw new ParsingException("Invalid length for MacData");
}
// Parse the digest info
DerInputStream digestIn = new DerInputStream(macData[0].toByteArray());
DerValue[] digestInfo = digestIn.getSequence(2);
if (digestInfo.length != 2) {
throw new ParsingException("Invalid length for DigestInfo");
}
// Parse the DigestAlgorithmIdentifier.
AlgorithmId digestAlgorithmId = AlgorithmId.parse(digestInfo[0]);
......
/*
* Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -389,6 +389,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
DerInputStream in = val.toDerInputStream();
int i = in.getInteger();
DerValue[] value = in.getSequence(2);
if (value.length < 1 || value.length > 2) {
throw new IOException("Invalid length for AlgorithmIdentifier");
}
AlgorithmId algId = new AlgorithmId(value[0].getOID());
String keyAlgo = algId.getName();
......@@ -2000,11 +2003,17 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
DerInputStream edi =
safeContents.getContent().toDerInputStream();
int edVersion = edi.getInteger();
DerValue[] seq = edi.getSequence(2);
DerValue[] seq = edi.getSequence(3);
if (seq.length != 3) {
// We require the encryptedContent field, even though
// it is optional
throw new IOException("Invalid length for EncryptedContentInfo");
}
ObjectIdentifier edContentType = seq[0].getOID();
eAlgId = seq[1].toByteArray();
if (!seq[2].isContextSpecific((byte)0)) {
throw new IOException("encrypted content not present!");
throw new IOException("unsupported encrypted content type "
+ seq[2].tag);
}
byte newTag = DerValue.tag_OctetString;
if (seq[2].isConstructed())
......@@ -2218,6 +2227,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
} else if (bagId.equals((Object)CertBag_OID)) {
DerInputStream cs = new DerInputStream(bagValue.toByteArray());
DerValue[] certValues = cs.getSequence(2);
if (certValues.length != 2) {
throw new IOException("Invalid length for CertBag");
}
ObjectIdentifier certId = certValues[0].getOID();
if (!certValues[1].isContextSpecific((byte)0)) {
throw new IOException("unsupported PKCS12 cert value type "
......@@ -2233,6 +2245,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
} else if (bagId.equals((Object)SecretBag_OID)) {
DerInputStream ss = new DerInputStream(bagValue.toByteArray());
DerValue[] secretValues = ss.getSequence(2);
if (secretValues.length != 2) {
throw new IOException("Invalid length for SecretBag");
}
ObjectIdentifier secretId = secretValues[0].getOID();
if (!secretValues[1].isContextSpecific((byte)0)) {
throw new IOException(
......@@ -2271,6 +2286,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
byte[] encoded = attrSet[j].toByteArray();
DerInputStream as = new DerInputStream(encoded);
DerValue[] attrSeq = as.getSequence(2);
if (attrSeq.length != 2) {
throw new IOException("Invalid length for Attribute");
}
ObjectIdentifier attrId = attrSeq[0].getOID();
DerInputStream vs =
new DerInputStream(attrSeq[1].toByteArray());
......
/*
* Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -261,7 +261,7 @@ public final class OCSPResponse {
DerInputStream basicOCSPResponse =
new DerInputStream(derIn.getOctetString());
DerValue[] seqTmp = basicOCSPResponse.getSequence(2);
DerValue[] seqTmp = basicOCSPResponse.getSequence(3);
if (seqTmp.length < 3) {
throw new IOException("Unexpected BasicOCSPResponse value");
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册