archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8242151: Improve OID mapping and reuse among JDK security providers for aliases registration

Browse source 
Use sun.security.util.KnownOIDs enum instead of hardcoding oid strings everywhere

Reviewed-by: weijun
This commit is contained in:
Valerie Peng 2020-05-19 04:05:03 +00:00
parent a97932d8fc
commit 080b3b83eb
79 changed files with 2016 additions and 2080 deletions
Download patch file Download diff file Expand all files Collapse all files

187
src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java
View file

@ -32,13 +32,7 @@ import java.util.Locale;
import java.util.Date;
import java.util.HashMap;
import sun.security.x509.CertificateExtensions;
import sun.security.util.Debug;
import sun.security.util.DerEncoder;
import sun.security.util.DerValue;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.ObjectIdentifier;
import sun.security.util.HexDumpEncoder;
import sun.security.util.*;
/**
* Class supporting any PKCS9 attributes.
@ -188,17 +182,11 @@ public class PKCS9Attribute implements DerEncoder {
private static final Class<?> BYTE_ARRAY_CLASS;
static { // static initializer for PKCS9_OIDS
for (int i = 1; i < PKCS9_OIDS.length - 2; i++) {
PKCS9_OIDS[i] = ObjectIdentifier.of("1.2.840.113549.1.9." + i);
}
// Initialize SigningCertificate and SignatureTimestampToken
// separately (because their values are out of sequence)
PKCS9_OIDS[PKCS9_OIDS.length - 2] =
ObjectIdentifier.of("1.2.840.113549.1.9.16.2.12");
PKCS9_OIDS[PKCS9_OIDS.length - 1] =
ObjectIdentifier.of("1.2.840.113549.1.9.16.2.14");
static {
// set unused PKCS9_OIDS entries to null
// rest are initialized with public constants
PKCS9_OIDS[0] = PKCS9_OIDS[11] = PKCS9_OIDS[12] = PKCS9_OIDS[13] =
PKCS9_OIDS[15] = null;
try {
BYTE_ARRAY_CLASS = Class.forName("[B");
} catch (ClassNotFoundException e) {
@ -206,99 +194,37 @@ public class PKCS9Attribute implements DerEncoder {
}
}
// first element [0] not used
public static final ObjectIdentifier EMAIL_ADDRESS_OID = PKCS9_OIDS[1];
public static final ObjectIdentifier UNSTRUCTURED_NAME_OID = PKCS9_OIDS[2];
public static final ObjectIdentifier CONTENT_TYPE_OID = PKCS9_OIDS[3];
public static final ObjectIdentifier MESSAGE_DIGEST_OID = PKCS9_OIDS[4];
public static final ObjectIdentifier SIGNING_TIME_OID = PKCS9_OIDS[5];
public static final ObjectIdentifier COUNTERSIGNATURE_OID = PKCS9_OIDS[6];
public static final ObjectIdentifier CHALLENGE_PASSWORD_OID = PKCS9_OIDS[7];
public static final ObjectIdentifier UNSTRUCTURED_ADDRESS_OID = PKCS9_OIDS[8];
public static final ObjectIdentifier EXTENDED_CERTIFICATE_ATTRIBUTES_OID
= PKCS9_OIDS[9];
public static final ObjectIdentifier ISSUER_SERIALNUMBER_OID = PKCS9_OIDS[10];
public static final ObjectIdentifier EMAIL_ADDRESS_OID = PKCS9_OIDS[1] =
ObjectIdentifier.of(KnownOIDs.EmailAddress);
public static final ObjectIdentifier UNSTRUCTURED_NAME_OID = PKCS9_OIDS[2] =
ObjectIdentifier.of(KnownOIDs.UnstructuredName);
public static final ObjectIdentifier CONTENT_TYPE_OID = PKCS9_OIDS[3] =
ObjectIdentifier.of(KnownOIDs.ContentType);
public static final ObjectIdentifier MESSAGE_DIGEST_OID = PKCS9_OIDS[4] =
ObjectIdentifier.of(KnownOIDs.MessageDigest);
public static final ObjectIdentifier SIGNING_TIME_OID = PKCS9_OIDS[5] =
ObjectIdentifier.of(KnownOIDs.SigningTime);
public static final ObjectIdentifier COUNTERSIGNATURE_OID = PKCS9_OIDS[6] =
ObjectIdentifier.of(KnownOIDs.CounterSignature);
public static final ObjectIdentifier CHALLENGE_PASSWORD_OID =
PKCS9_OIDS[7] = ObjectIdentifier.of(KnownOIDs.ChallengePassword);
public static final ObjectIdentifier UNSTRUCTURED_ADDRESS_OID =
PKCS9_OIDS[8] = ObjectIdentifier.of(KnownOIDs.UnstructuredAddress);
public static final ObjectIdentifier EXTENDED_CERTIFICATE_ATTRIBUTES_OID =
PKCS9_OIDS[9] =
ObjectIdentifier.of(KnownOIDs.ExtendedCertificateAttributes);
public static final ObjectIdentifier ISSUER_SERIALNUMBER_OID =
PKCS9_OIDS[10] =
ObjectIdentifier.of(KnownOIDs.IssuerAndSerialNumber);
// [11], [12] are RSA DSI proprietary
// [13] ==> signingDescription, S/MIME, not used anymore
public static final ObjectIdentifier EXTENSION_REQUEST_OID = PKCS9_OIDS[14];
public static final ObjectIdentifier SMIME_CAPABILITY_OID = PKCS9_OIDS[15];
public static final ObjectIdentifier SIGNING_CERTIFICATE_OID = PKCS9_OIDS[16];
public static final ObjectIdentifier EXTENSION_REQUEST_OID =
PKCS9_OIDS[14] = ObjectIdentifier.of(KnownOIDs.ExtensionRequest);
public static final ObjectIdentifier SIGNING_CERTIFICATE_OID =
PKCS9_OIDS[16] = ObjectIdentifier.of(KnownOIDs.SigningCertificate);
public static final ObjectIdentifier SIGNATURE_TIMESTAMP_TOKEN_OID =
PKCS9_OIDS[17];
public static final String EMAIL_ADDRESS_STR = "EmailAddress";
public static final String UNSTRUCTURED_NAME_STR = "UnstructuredName";
public static final String CONTENT_TYPE_STR = "ContentType";
public static final String MESSAGE_DIGEST_STR = "MessageDigest";
public static final String SIGNING_TIME_STR = "SigningTime";
public static final String COUNTERSIGNATURE_STR = "Countersignature";
public static final String CHALLENGE_PASSWORD_STR = "ChallengePassword";
public static final String UNSTRUCTURED_ADDRESS_STR = "UnstructuredAddress";
public static final String EXTENDED_CERTIFICATE_ATTRIBUTES_STR =
"ExtendedCertificateAttributes";
public static final String ISSUER_SERIALNUMBER_STR = "IssuerAndSerialNumber";
// [11], [12] are RSA DSI proprietary
private static final String RSA_PROPRIETARY_STR = "RSAProprietary";
// [13] ==> signingDescription, S/MIME, not used anymore
private static final String SMIME_SIGNING_DESC_STR = "SMIMESigningDesc";
public static final String EXTENSION_REQUEST_STR = "ExtensionRequest";
public static final String SMIME_CAPABILITY_STR = "SMIMECapability";
public static final String SIGNING_CERTIFICATE_STR = "SigningCertificate";
public static final String SIGNATURE_TIMESTAMP_TOKEN_STR =
"SignatureTimestampToken";
/**
* HashMap mapping names and variant names of supported
* attributes to their OIDs. This table contains all name forms
* that occur in PKCS9, in lower case.
*/
private static final HashMap<String, ObjectIdentifier> NAME_OID_TABLE =
new HashMap<String, ObjectIdentifier>(17);
static { // static initializer for PCKS9_NAMES
NAME_OID_TABLE.put("emailaddress", PKCS9_OIDS[1]);
NAME_OID_TABLE.put("unstructuredname", PKCS9_OIDS[2]);
NAME_OID_TABLE.put("contenttype", PKCS9_OIDS[3]);
NAME_OID_TABLE.put("messagedigest", PKCS9_OIDS[4]);
NAME_OID_TABLE.put("signingtime", PKCS9_OIDS[5]);
NAME_OID_TABLE.put("countersignature", PKCS9_OIDS[6]);
NAME_OID_TABLE.put("challengepassword", PKCS9_OIDS[7]);
NAME_OID_TABLE.put("unstructuredaddress", PKCS9_OIDS[8]);
NAME_OID_TABLE.put("extendedcertificateattributes", PKCS9_OIDS[9]);
NAME_OID_TABLE.put("issuerandserialnumber", PKCS9_OIDS[10]);
NAME_OID_TABLE.put("rsaproprietary", PKCS9_OIDS[11]);
NAME_OID_TABLE.put("rsaproprietary", PKCS9_OIDS[12]);
NAME_OID_TABLE.put("signingdescription", PKCS9_OIDS[13]);
NAME_OID_TABLE.put("extensionrequest", PKCS9_OIDS[14]);
NAME_OID_TABLE.put("smimecapability", PKCS9_OIDS[15]);
NAME_OID_TABLE.put("signingcertificate", PKCS9_OIDS[16]);
NAME_OID_TABLE.put("signaturetimestamptoken", PKCS9_OIDS[17]);
};
/**
* HashMap mapping attribute OIDs defined in PKCS9 to the
* corresponding attribute value type.
*/
private static final HashMap<ObjectIdentifier, String> OID_NAME_TABLE =
new HashMap<ObjectIdentifier, String>(17);
static {
OID_NAME_TABLE.put(PKCS9_OIDS[1], EMAIL_ADDRESS_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[2], UNSTRUCTURED_NAME_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[3], CONTENT_TYPE_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[4], MESSAGE_DIGEST_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[5], SIGNING_TIME_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[6], COUNTERSIGNATURE_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[7], CHALLENGE_PASSWORD_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[8], UNSTRUCTURED_ADDRESS_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[9], EXTENDED_CERTIFICATE_ATTRIBUTES_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[10], ISSUER_SERIALNUMBER_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[11], RSA_PROPRIETARY_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[12], RSA_PROPRIETARY_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[13], SMIME_SIGNING_DESC_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[14], EXTENSION_REQUEST_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[15], SMIME_CAPABILITY_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[16], SIGNING_CERTIFICATE_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[17], SIGNATURE_TIMESTAMP_TOKEN_STR);
}
PKCS9_OIDS[17] =
ObjectIdentifier.of(KnownOIDs.SignatureTimestampToken);
/**
* Acceptable ASN.1 tags for DER encodings of values of PKCS9
@ -427,34 +353,6 @@ public class PKCS9Attribute implements DerEncoder {
init(oid, value);
}
/**
* Construct an attribute object from the attribute's name and
* value. If the attribute is single-valued, provide only one
* value. If the attribute is multi-valued, provide an array
* containing all the values.
* Arrays of length zero are accepted, though probably useless.
*
* <P> The
* <a href=#classTable>table</a> gives the class that <code>value</code>
* must have for a given attribute. Reasonable variants of these
* attributes are accepted; in particular, case does not matter.
*
* @exception IllegalArgumentException
* if the <code>name</code> is not recognized or the
* <code>value</code> has the wrong type.
*/
public PKCS9Attribute(String name, Object value)
throws IllegalArgumentException {
ObjectIdentifier oid = getOID(name);
if (oid == null)
throw new IllegalArgumentException(
"Unrecognized attribute name " + name +
" constructing PKCS9Attribute.");
init(oid, value);
}
private void init(ObjectIdentifier oid, Object value)
throws IllegalArgumentException {
@ -766,9 +664,9 @@ public class PKCS9Attribute implements DerEncoder {
* Return the name of this attribute.
*/
public String getName() {
return index == -1 ?
oid.toString() :
OID_NAME_TABLE.get(PKCS9_OIDS[index]);
String n = oid.toString();
KnownOIDs os = KnownOIDs.findMatch(n);
return (os == null? n : os.stdName());
}
/**
@ -776,7 +674,12 @@ public class PKCS9Attribute implements DerEncoder {
* the name.
*/
public static ObjectIdentifier getOID(String name) {
return NAME_OID_TABLE.get(name.toLowerCase(Locale.ENGLISH));
KnownOIDs o = KnownOIDs.findMatch(name);
if (o != null) {
return ObjectIdentifier.of(o);
} else {
return null;
}
}
/**
@ -784,7 +687,7 @@ public class PKCS9Attribute implements DerEncoder {
* the oid.
*/
public static String getName(ObjectIdentifier oid) {
return OID_NAME_TABLE.get(oid);
return KnownOIDs.findMatch(oid.toString()).stdName();
}
/**
@ -799,7 +702,7 @@ public class PKCS9Attribute implements DerEncoder {
if (index == -1) {
sb.append(oid.toString());
} else {
sb.append(OID_NAME_TABLE.get(PKCS9_OIDS[index]));
sb.append(getName(oid));
}
sb.append(": ");