8242151: Improve OID mapping and reuse among JDK security providers for aliases registration

Use sun.security.util.KnownOIDs enum instead of hardcoding oid strings everywhere Reviewed-by: weijun
2025-08-26 14:24:46 +02:00 · 2020-05-19 04:05:03 +00:00 · 2020-05-19 04:05:03 +00:00 · 080b3b83eb
commit 080b3b83eb
parent a97932d8fc
79 changed files with 2016 additions and 2080 deletions
--- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java
+++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java
@ -82,6 +82,7 @@ import sun.security.pkcs10.PKCS10;
 import sun.security.pkcs10.PKCS10Attribute;
 import sun.security.provider.X509Factory;
 import sun.security.provider.certpath.ssl.SSLServerCertStore;
+import sun.security.util.KnownOIDs;
 import sun.security.util.Password;
 import sun.security.util.SecurityProperties;
 import sun.security.util.SecurityProviderConstants;
@ -4125,6 +4126,23 @@ public final class Main {
        return c.getTime();
    }

+    /**
+     * Match a command with a command set. The match can be exact, or
+     * partial, or case-insensitive.
+     *
+     * @param s the command provided by user
+     * @param list the legal command set represented by KnownOIDs enums.
+     * @return the position of a single match, or -1 if none matched
+     * @throws Exception if s is ambiguous
+     */
+    private static int oneOf(String s, KnownOIDs... list) throws Exception {
+        String[] convertedList = new String[list.length];
+        for (int i = 0; i < list.length; i++) {
+            convertedList[i] = list[i].stdName();
+        }
+        return oneOf(s, convertedList);
+    }
+
    /**
     * Match a command with a command set. The match can be exact, or
     * partial, or case-insensitive.
@ -4262,7 +4280,7 @@ public final class Main {
            case 5: return PKIXExtensions.SubjectInfoAccess_Id;
            case 6: return PKIXExtensions.AuthInfoAccess_Id;
            case 8: return PKIXExtensions.CRLDistributionPoints_Id;
-            default: return new ObjectIdentifier(type);
+            default: return ObjectIdentifier.of(type);
        }
    }

@ -4474,30 +4492,26 @@ public final class Main {
                    case 2:     // EKU
                        if(value != null) {
                            Vector<ObjectIdentifier> v = new Vector<>();
+                            KnownOIDs[] choices = {
+                                    KnownOIDs.anyExtendedKeyUsage,
+                                    KnownOIDs.serverAuth,
+                                    KnownOIDs.clientAuth,
+                                    KnownOIDs.codeSigning,
+                                    KnownOIDs.emailProtection,
+                                    KnownOIDs.KP_TimeStamping,
+                                    KnownOIDs.OCSPSigning
+                            };
                            for (String s: value.split(",")) {
-                                int p = oneOf(s,
-                                        "anyExtendedKeyUsage",
-                                        "serverAuth",       //1
-                                        "clientAuth",       //2
-                                        "codeSigning",      //3
-                                        "emailProtection",  //4
-                                        "",                 //5
-                                        "",                 //6
-                                        "",                 //7
-                                        "timeStamping",     //8
-                                        "OCSPSigning"       //9
-                                       );
-                                if (p < 0) {
-                                    try {
-                                        v.add(new ObjectIdentifier(s));
-                                    } catch (Exception e) {
-                                        throw new Exception(rb.getString(
-                                                "Unknown.extendedkeyUsage.type.") + s);
-                                    }
-                                } else if (p == 0) {
-                                    v.add(new ObjectIdentifier("2.5.29.37.0"));
-                                } else {
-                                    v.add(new ObjectIdentifier("1.3.6.1.5.5.7.3." + p));
+                                int p = oneOf(s, choices);
+                                String o = s;
+                                if (p >= 0) {
+                                    o = choices[p].value();
+                                }
+                                try {
+                                    v.add(ObjectIdentifier.of(o));
+                                } catch (Exception e) {
+                                    throw new Exception(rb.getString(
+                                            "Unknown.extendedkeyUsage.type.") + s);
                                }
                            }
                            setExt(result, new ExtendedKeyUsageExtension(isCritical, v));
@ -4552,24 +4566,23 @@ public final class Main {
                                String m = item.substring(0, colonpos);
                                String t = item.substring(colonpos+1, colonpos2);
                                String v = item.substring(colonpos2+1);
-                                int p = oneOf(m,
-                                        "",
-                                        "ocsp",         //1
-                                        "caIssuers",    //2
-                                        "timeStamping", //3
-                                        "",
-                                        "caRepository"  //5
-                                        );
+                                KnownOIDs[] choices = {
+                                    KnownOIDs.OCSP,
+                                    KnownOIDs.caIssuers,
+                                    KnownOIDs.AD_TimeStamping,
+                                    KnownOIDs.caRepository
+                                };
+                                int p = oneOf(m, choices);
                                ObjectIdentifier oid;
-                                if (p < 0) {
+                                if (p >= 0) {
+                                    oid = ObjectIdentifier.of(choices[p]);
+                                } else {
                                    try {
-                                        oid = new ObjectIdentifier(m);
+                                        oid = ObjectIdentifier.of(m);
                                    } catch (Exception e) {
                                        throw new Exception(rb.getString(
                                                "Unknown.AccessDescription.type.") + m);
                                    }
-                                } else {
-                                    oid = new ObjectIdentifier("1.3.6.1.5.5.7.48." + p);
                                }
                                accessDescriptions.add(new AccessDescription(
                                        oid, createGeneralName(t, v, exttype)));
@ -4606,7 +4619,7 @@ public final class Main {
                        }
                        break;
                    case -1:
-                        ObjectIdentifier oid = new ObjectIdentifier(name);
+                        ObjectIdentifier oid = ObjectIdentifier.of(name);
                        byte[] data = null;
                        if (value != null) {
                            data = new byte[value.length() / 2 + 1];