8242151: Improve OID mapping and reuse among JDK security providers for aliases registration

Use sun.security.util.KnownOIDs enum instead of hardcoding oid strings everywhere Reviewed-by: weijun
2025-09-20 11:04:34 +02:00 · 2020-05-19 04:05:03 +00:00 · 2020-05-19 04:05:03 +00:00 · 080b3b83eb
commit 080b3b83eb
parent a97932d8fc
79 changed files with 2016 additions and 2080 deletions
--- a/src/java.base/share/classes/sun/security/validator/EndEntityChecker.java
+++ b/src/java.base/share/classes/sun/security/validator/EndEntityChecker.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@ package sun.security.validator;
 import java.util.*;

 import java.security.cert.*;
-
+import sun.security.util.KnownOIDs;
 import sun.security.x509.NetscapeCertTypeExtension;

 /**
@ -71,24 +71,32 @@ class EndEntityChecker {
    private static final String OID_EXTENDED_KEY_USAGE =
                                SimpleValidator.OID_EXTENDED_KEY_USAGE;

-    private static final String OID_EKU_TLS_SERVER = "1.3.6.1.5.5.7.3.1";
+    private static final String OID_EKU_TLS_SERVER =
+            KnownOIDs.serverAuth.value();

-    private static final String OID_EKU_TLS_CLIENT = "1.3.6.1.5.5.7.3.2";
+    private static final String OID_EKU_TLS_CLIENT =
+            KnownOIDs.clientAuth.value();

-    private static final String OID_EKU_CODE_SIGNING = "1.3.6.1.5.5.7.3.3";
+    private static final String OID_EKU_CODE_SIGNING =
+            KnownOIDs.codeSigning.value();

-    private static final String OID_EKU_TIME_STAMPING = "1.3.6.1.5.5.7.3.8";
+    private static final String OID_EKU_TIME_STAMPING =
+            KnownOIDs.KP_TimeStamping.value();

-    private static final String OID_EKU_ANY_USAGE = "2.5.29.37.0";
+    private static final String OID_EKU_ANY_USAGE =
+            KnownOIDs.anyExtendedKeyUsage.value();

    // the Netscape Server-Gated-Cryptography EKU extension OID
-    private static final String OID_EKU_NS_SGC = "2.16.840.1.113730.4.1";
+    private static final String OID_EKU_NS_SGC =
+            KnownOIDs.NETSCAPE_ExportApproved.value();

    // the Microsoft Server-Gated-Cryptography EKU extension OID
-    private static final String OID_EKU_MS_SGC = "1.3.6.1.4.1.311.10.3.3";
+    private static final String OID_EKU_MS_SGC =
+            KnownOIDs.MICROSOFT_ExportApproved.value();

    // the recognized extension OIDs
-    private static final String OID_SUBJECT_ALT_NAME = "2.5.29.17";
+    private static final String OID_SUBJECT_ALT_NAME =
+            KnownOIDs.SubjectAlternativeName.value();

    private static final String NSCT_SSL_CLIENT =
                                NetscapeCertTypeExtension.SSL_CLIENT;
--- a/src/java.base/share/classes/sun/security/validator/SimpleValidator.java
+++ b/src/java.base/share/classes/sun/security/validator/SimpleValidator.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -39,6 +39,7 @@ import sun.security.x509.NetscapeCertTypeExtension;
 import sun.security.util.DerValue;
 import sun.security.util.DerInputStream;
 import sun.security.util.ObjectIdentifier;
+import sun.security.util.KnownOIDs;

 import sun.security.provider.certpath.AlgorithmChecker;
 import sun.security.provider.certpath.UntrustedChecker;
@ -60,24 +61,28 @@ public final class SimpleValidator extends Validator {

    // Constants for the OIDs we need

-    static final String OID_BASIC_CONSTRAINTS = "2.5.29.19";
+    static final String OID_BASIC_CONSTRAINTS =
+            KnownOIDs.BasicConstraints.value();

-    static final String OID_NETSCAPE_CERT_TYPE = "2.16.840.1.113730.1.1";
+    static final String OID_NETSCAPE_CERT_TYPE =
+            KnownOIDs.NETSCAPE_CertType.value();

-    static final String OID_KEY_USAGE = "2.5.29.15";
+    static final String OID_KEY_USAGE = KnownOIDs.KeyUsage.value();

-    static final String OID_EXTENDED_KEY_USAGE = "2.5.29.37";
+    static final String OID_EXTENDED_KEY_USAGE =
+            KnownOIDs.extendedKeyUsage.value();

-    static final String OID_EKU_ANY_USAGE = "2.5.29.37.0";
+    static final String OID_EKU_ANY_USAGE =
+            KnownOIDs.anyExtendedKeyUsage.value();

    static final ObjectIdentifier OBJID_NETSCAPE_CERT_TYPE =
-        NetscapeCertTypeExtension.NetscapeCertType_Id;
+            NetscapeCertTypeExtension.NetscapeCertType_Id;

    private static final String NSCT_SSL_CA =
-                                NetscapeCertTypeExtension.SSL_CA;
+            NetscapeCertTypeExtension.SSL_CA;

    private static final String NSCT_CODE_SIGNING_CA =
-                                NetscapeCertTypeExtension.OBJECT_SIGNING_CA;
+            NetscapeCertTypeExtension.OBJECT_SIGNING_CA;

    /**
     * The trusted certificates as: