8242151: Improve OID mapping and reuse among JDK security providers for aliases registration

Use sun.security.util.KnownOIDs enum instead of hardcoding oid strings everywhere Reviewed-by: weijun
2025-08-28 07:14:30 +02:00 · 2020-05-19 04:05:03 +00:00 · 2020-05-19 04:05:03 +00:00 · 080b3b83eb
commit 080b3b83eb
parent a97932d8fc
79 changed files with 2016 additions and 2080 deletions
--- a/src/java.base/share/classes/sun/security/rsa/PSSParameters.java
+++ b/src/java.base/share/classes/sun/security/rsa/PSSParameters.java
@ -99,7 +99,7 @@ public final class PSSParameters extends AlgorithmParametersSpi {
            } else if (d.isContextSpecific((byte) 0x01)) {
                // mgf algid
                AlgorithmId val = AlgorithmId.parse(d.data.getDerValue());
-                if (!val.getOID().equals(AlgorithmId.mgf1_oid)) {
+                if (!val.getOID().equals(AlgorithmId.MGF1_oid)) {
                    throw new IOException("Only MGF1 mgf is supported");
                }
                AlgorithmId params = AlgorithmId.parse(
@ -242,7 +242,7 @@ public final class PSSParameters extends AlgorithmParametersSpi {

        if (!mgfDigestId.getOID().equals(AlgorithmId.SHA_oid)) {
            tmp2 = new DerOutputStream();
-            tmp2.putOID(AlgorithmId.mgf1_oid);
+            tmp2.putOID(AlgorithmId.MGF1_oid);
            mgfDigestId.encode(tmp2);
            tmp3 = new DerOutputStream();
            tmp3.write(DerValue.tag_Sequence, tmp2);
--- a/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
+++ b/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -27,7 +27,7 @@ package sun.security.rsa;

 import java.util.*;
 import java.security.Provider;
-import static sun.security.provider.SunEntries.createAliasesWithOid;
+import static sun.security.util.SecurityProviderConstants.getAliases;

 /**
 * Defines the entries of the SunRsaSign provider.
@ -38,7 +38,14 @@ public final class SunRsaSignEntries {

    private void add(Provider p, String type, String algo, String cn,
             List<String> aliases, HashMap<String, String> attrs) {
-         services.add(new Provider.Service(p, type, algo, cn, aliases, attrs));
+         services.add(new Provider.Service(p, type, algo, cn,
+             aliases, attrs));
+    }
+
+    private void addA(Provider p, String type, String algo, String cn,
+             HashMap<String, String> attrs) {
+         services.add(new Provider.Service(p, type, algo, cn,
+             getAliases(algo), attrs));
    }

    // extend LinkedHashSet for consistency with SunEntries
@ -47,13 +54,6 @@ public final class SunRsaSignEntries {
        services = new LinkedHashSet<>(20, 0.9f);

        // start populating content using the specified provider
-
-        // common oids
-        String rsaOid = "1.2.840.113549.1.1";
-        List<String> rsaAliases = createAliasesWithOid(rsaOid);
-        List<String> rsapssAliases = createAliasesWithOid(rsaOid + ".10");
-        String sha1withRSAOid2 = "1.3.14.3.2.29";
-
        // common attribute map
        HashMap<String, String> attrs = new HashMap<>(3);
        attrs.put("SupportedKeyClasses",
@ -62,50 +62,37 @@ public final class SunRsaSignEntries {

        add(p, "KeyFactory", "RSA",
                "sun.security.rsa.RSAKeyFactory$Legacy",
-                rsaAliases, null);
+                getAliases("PKCS1"), null);
        add(p, "KeyPairGenerator", "RSA",
                "sun.security.rsa.RSAKeyPairGenerator$Legacy",
-                rsaAliases, null);
-        add(p, "Signature", "MD2withRSA",
-                "sun.security.rsa.RSASignature$MD2withRSA",
-                createAliasesWithOid(rsaOid + ".2"), attrs);
-        add(p, "Signature", "MD5withRSA",
-                "sun.security.rsa.RSASignature$MD5withRSA",
-                createAliasesWithOid(rsaOid + ".4"), attrs);
-        add(p, "Signature", "SHA1withRSA",
-                "sun.security.rsa.RSASignature$SHA1withRSA",
-                createAliasesWithOid(rsaOid + ".5", sha1withRSAOid2), attrs);
-        add(p, "Signature", "SHA224withRSA",
-                "sun.security.rsa.RSASignature$SHA224withRSA",
-                createAliasesWithOid(rsaOid + ".14"), attrs);
-        add(p, "Signature", "SHA256withRSA",
-                "sun.security.rsa.RSASignature$SHA256withRSA",
-                createAliasesWithOid(rsaOid + ".11"), attrs);
-        add(p, "Signature", "SHA384withRSA",
-                "sun.security.rsa.RSASignature$SHA384withRSA",
-                createAliasesWithOid(rsaOid + ".12"), attrs);
-        add(p, "Signature", "SHA512withRSA",
-                "sun.security.rsa.RSASignature$SHA512withRSA",
-                createAliasesWithOid(rsaOid + ".13"), attrs);
-        add(p, "Signature", "SHA512/224withRSA",
-                "sun.security.rsa.RSASignature$SHA512_224withRSA",
-                createAliasesWithOid(rsaOid + ".15"), attrs);
-        add(p, "Signature", "SHA512/256withRSA",
-                "sun.security.rsa.RSASignature$SHA512_256withRSA",
-                createAliasesWithOid(rsaOid + ".16"), attrs);
+                getAliases("PKCS1"), null);
+        addA(p, "Signature", "MD2withRSA",
+                "sun.security.rsa.RSASignature$MD2withRSA", attrs);
+        addA(p, "Signature", "MD5withRSA",
+                "sun.security.rsa.RSASignature$MD5withRSA", attrs);
+        addA(p, "Signature", "SHA1withRSA",
+                "sun.security.rsa.RSASignature$SHA1withRSA", attrs);
+        addA(p, "Signature", "SHA224withRSA",
+                "sun.security.rsa.RSASignature$SHA224withRSA", attrs);
+        addA(p, "Signature", "SHA256withRSA",
+                "sun.security.rsa.RSASignature$SHA256withRSA", attrs);
+        addA(p, "Signature", "SHA384withRSA",
+                "sun.security.rsa.RSASignature$SHA384withRSA", attrs);
+        addA(p, "Signature", "SHA512withRSA",
+                "sun.security.rsa.RSASignature$SHA512withRSA", attrs);
+        addA(p, "Signature", "SHA512/224withRSA",
+                "sun.security.rsa.RSASignature$SHA512_224withRSA", attrs);
+        addA(p, "Signature", "SHA512/256withRSA",
+                "sun.security.rsa.RSASignature$SHA512_256withRSA", attrs);

-        add(p, "KeyFactory", "RSASSA-PSS",
-                "sun.security.rsa.RSAKeyFactory$PSS",
-                rsapssAliases, null);
-        add(p, "KeyPairGenerator", "RSASSA-PSS",
-                "sun.security.rsa.RSAKeyPairGenerator$PSS",
-                rsapssAliases, null);
-        add(p, "Signature", "RSASSA-PSS",
-                "sun.security.rsa.RSAPSSSignature",
-                rsapssAliases, attrs);
-        add(p, "AlgorithmParameters", "RSASSA-PSS",
-                "sun.security.rsa.PSSParameters",
-                rsapssAliases, null);
+        addA(p, "KeyFactory", "RSASSA-PSS",
+                "sun.security.rsa.RSAKeyFactory$PSS", attrs);
+        addA(p, "KeyPairGenerator", "RSASSA-PSS",
+                "sun.security.rsa.RSAKeyPairGenerator$PSS", attrs);
+        addA(p, "Signature", "RSASSA-PSS",
+                "sun.security.rsa.RSAPSSSignature", attrs);
+        addA(p, "AlgorithmParameters", "RSASSA-PSS",
+                "sun.security.rsa.PSSParameters", attrs);
    }

    public Iterator<Provider.Service> iterator() {