archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 22:34:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8242151: Improve OID mapping and reuse among JDK security providers for aliases registration

Browse source 
Use sun.security.util.KnownOIDs enum instead of hardcoding oid strings everywhere

Reviewed-by: weijun
This commit is contained in:
Valerie Peng 2020-05-19 04:05:03 +00:00
parent a97932d8fc
commit 080b3b83eb
79 changed files with 2016 additions and 2080 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/java.base/macosx/classes/apple/security/KeychainStore.java
View file

@ -93,9 +93,9 @@ public final class KeychainStore extends KeyStoreSpi {
* PKCS12 bag we get from the Keychain. * PKCS12 bag we get from the Keychain.
*/ */
private static ObjectIdentifier PKCS8ShroudedKeyBag_OID = private static ObjectIdentifier PKCS8ShroudedKeyBag_OID =
ObjectIdentifier.of("1.2.840.113549.1.12.10.1.2"); ObjectIdentifier.of(KnownOIDs.PKCS8ShroudedKeyBag);
private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID = private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID =
ObjectIdentifier.of("1.2.840.113549.1.12.1.3"); ObjectIdentifier.of(KnownOIDs.PBEWithSHA1AndDESede);
/** /**
* Constnats used in PBE decryption. * Constnats used in PBE decryption.

2
src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java
View file

@ -71,7 +71,7 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
// Note: this OID is used by DHPrivateKey as well. // Note: this OID is used by DHPrivateKey as well.
static ObjectIdentifier DH_OID = static ObjectIdentifier DH_OID =
ObjectIdentifier.of("1.2.840.113549.1.3.1"); ObjectIdentifier.of(KnownOIDs.DiffieHellman);
/** /**
* Make a DH public key out of a public value <code>y</code>, a prime * Make a DH public key out of a public value <code>y</code>, a prime

18
src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java
View file

@ -48,6 +48,7 @@ import javax.security.auth.DestroyFailedException;
import sun.security.x509.AlgorithmId; import sun.security.x509.AlgorithmId;
import sun.security.util.ObjectIdentifier; import sun.security.util.ObjectIdentifier;
import sun.security.util.KnownOIDs;
import sun.security.util.SecurityProperties; import sun.security.util.SecurityProperties;
/** /**
@ -67,14 +68,6 @@ import sun.security.util.SecurityProperties;
final class KeyProtector { final class KeyProtector {
// defined by SunSoft (SKI project)
private static final String PBE_WITH_MD5_AND_DES3_CBC_OID
= "1.3.6.1.4.1.42.2.19.1";
// JavaSoft proprietary key-protection algorithm (used to protect private
// keys in the keystore implementation that comes with JDK 1.2)
private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1";
private static final int MAX_ITERATION_COUNT = 5000000; private static final int MAX_ITERATION_COUNT = 5000000;
private static final int MIN_ITERATION_COUNT = 10000; private static final int MIN_ITERATION_COUNT = 10000;
private static final int DEFAULT_ITERATION_COUNT = 200000; private static final int DEFAULT_ITERATION_COUNT = 200000;
@ -154,7 +147,8 @@ final class KeyProtector {
pbeParams.init(pbeSpec); pbeParams.init(pbeSpec);
AlgorithmId encrAlg = new AlgorithmId AlgorithmId encrAlg = new AlgorithmId
(new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), pbeParams); (ObjectIdentifier.of(KnownOIDs.JAVASOFT_JCEKeyProtector),
pbeParams);
return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded(); return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
} }
@ -169,13 +163,13 @@ final class KeyProtector {
SecretKey sKey = null; SecretKey sKey = null;
try { try {
String encrAlg = encrInfo.getAlgorithm().getOID().toString(); String encrAlg = encrInfo.getAlgorithm().getOID().toString();
if (!encrAlg.equals(PBE_WITH_MD5_AND_DES3_CBC_OID) if (!encrAlg.equals(KnownOIDs.JAVASOFT_JCEKeyProtector.value())
&& !encrAlg.equals(KEY_PROTECTOR_OID)) { && !encrAlg.equals(KnownOIDs.JAVASOFT_JDKKeyProtector.value())) {
throw new UnrecoverableKeyException("Unsupported encryption " throw new UnrecoverableKeyException("Unsupported encryption "
+ "algorithm"); + "algorithm");
} }
if (encrAlg.equals(KEY_PROTECTOR_OID)) { if (encrAlg.equals(KnownOIDs.JAVASOFT_JDKKeyProtector.value())) {
// JDK 1.2 style recovery // JDK 1.2 style recovery
plain = recover(encrInfo.getEncryptedData()); plain = recover(encrInfo.getEncryptedData());
} else { } else {

4
src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java
View file

@ -56,9 +56,9 @@ public final class OAEPParameters extends AlgorithmParametersSpi {
private MGF1ParameterSpec mgfSpec; private MGF1ParameterSpec mgfSpec;
private byte[] p; private byte[] p;
private static ObjectIdentifier OID_MGF1 = private static ObjectIdentifier OID_MGF1 =
ObjectIdentifier.of("1.2.840.113549.1.1.8"); ObjectIdentifier.of(KnownOIDs.MGF1);
private static ObjectIdentifier OID_PSpecified = private static ObjectIdentifier OID_PSpecified =
ObjectIdentifier.of("1.2.840.113549.1.1.9"); ObjectIdentifier.of(KnownOIDs.PSpecified);
public OAEPParameters() { public OAEPParameters() {
} }

54
src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java
View file

@ -93,25 +93,15 @@ import sun.security.util.*;
abstract class PBES2Parameters extends AlgorithmParametersSpi { abstract class PBES2Parameters extends AlgorithmParametersSpi {
private static ObjectIdentifier pkcs5PBKDF2_OID = private static ObjectIdentifier pkcs5PBKDF2_OID =
ObjectIdentifier.of("1.2.840.113549.1.5.12"); ObjectIdentifier.of(KnownOIDs.PBKDF2WithHmacSHA1);
private static ObjectIdentifier pkcs5PBES2_OID = private static ObjectIdentifier pkcs5PBES2_OID =
ObjectIdentifier.of("1.2.840.113549.1.5.13"); ObjectIdentifier.of(KnownOIDs.PBES2);
private static ObjectIdentifier hmacWithSHA1_OID =
ObjectIdentifier.of("1.2.840.113549.2.7");
private static ObjectIdentifier hmacWithSHA224_OID =
ObjectIdentifier.of("1.2.840.113549.2.8");
private static ObjectIdentifier hmacWithSHA256_OID =
ObjectIdentifier.of("1.2.840.113549.2.9");
private static ObjectIdentifier hmacWithSHA384_OID =
ObjectIdentifier.of("1.2.840.113549.2.10");
private static ObjectIdentifier hmacWithSHA512_OID =
ObjectIdentifier.of("1.2.840.113549.2.11");
private static ObjectIdentifier aes128CBC_OID = private static ObjectIdentifier aes128CBC_OID =
ObjectIdentifier.of("2.16.840.1.101.3.4.1.2"); ObjectIdentifier.of(KnownOIDs.AES_128$CBC$NoPadding);
private static ObjectIdentifier aes192CBC_OID = private static ObjectIdentifier aes192CBC_OID =
ObjectIdentifier.of("2.16.840.1.101.3.4.1.22"); ObjectIdentifier.of(KnownOIDs.AES_192$CBC$NoPadding);
private static ObjectIdentifier aes256CBC_OID = private static ObjectIdentifier aes256CBC_OID =
ObjectIdentifier.of("2.16.840.1.101.3.4.1.42"); ObjectIdentifier.of(KnownOIDs.AES_256$CBC$NoPadding);
// the PBES2 algorithm name // the PBES2 algorithm name
private String pbes2AlgorithmName = null; private String pbes2AlgorithmName = null;
@ -126,7 +116,8 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
private AlgorithmParameterSpec cipherParam = null; private AlgorithmParameterSpec cipherParam = null;
// the key derivation function (default is HmacSHA1) // the key derivation function (default is HmacSHA1)
private ObjectIdentifier kdfAlgo_OID = hmacWithSHA1_OID; private ObjectIdentifier kdfAlgo_OID =
ObjectIdentifier.of(KnownOIDs.HmacSHA1);
// the encryption function // the encryption function
private ObjectIdentifier cipherAlgo_OID = null; private ObjectIdentifier cipherAlgo_OID = null;
@ -171,19 +162,11 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
switch (kdfAlgo) { switch (kdfAlgo) {
case "HmacSHA1": case "HmacSHA1":
kdfAlgo_OID = hmacWithSHA1_OID;
break;
case "HmacSHA224": case "HmacSHA224":
kdfAlgo_OID = hmacWithSHA224_OID;
break;
case "HmacSHA256": case "HmacSHA256":
kdfAlgo_OID = hmacWithSHA256_OID;
break;
case "HmacSHA384": case "HmacSHA384":
kdfAlgo_OID = hmacWithSHA384_OID;
break;
case "HmacSHA512": case "HmacSHA512":
kdfAlgo_OID = hmacWithSHA512_OID; kdfAlgo_OID = ObjectIdentifier.of(KnownOIDs.findMatch(kdfAlgo));
break; break;
default: default:
throw new NoSuchAlgorithmException( throw new NoSuchAlgorithmException(
@ -255,7 +238,7 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
} }
cipherAlgo = parseES(pBES2_params.data.getDerValue()); cipherAlgo = parseES(pBES2_params.data.getDerValue());
pbes2AlgorithmName = new StringBuilder().append("PBEWith") this.pbes2AlgorithmName = new StringBuilder().append("PBEWith")
.append(kdfAlgo).append("And").append(cipherAlgo).toString(); .append(kdfAlgo).append("And").append(cipherAlgo).toString();
} }
@ -306,21 +289,18 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
} }
if (prf != null) { if (prf != null) {
kdfAlgo_OID = prf.data.getOID(); kdfAlgo_OID = prf.data.getOID();
if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) { KnownOIDs o = KnownOIDs.findMatch(kdfAlgo_OID.toString());
kdfAlgo = "HmacSHA1"; if (o == null || (!o.stdName().equals("HmacSHA1") &&
} else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) { !o.stdName().equals("HmacSHA224") &&
kdfAlgo = "HmacSHA224"; !o.stdName().equals("HmacSHA256") &&
} else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) { !o.stdName().equals("HmacSHA384") &&
kdfAlgo = "HmacSHA256"; !o.stdName().equals("HmacSHA512"))) {
} else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA384";
} else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA512";
} else {
throw new IOException("PBE parameter parsing error: " throw new IOException("PBE parameter parsing error: "
+ "expecting the object identifier for a HmacSHA key " + "expecting the object identifier for a HmacSHA key "
+ "derivation function"); + "derivation function");
} }
kdfAlgo = o.stdName();
if (prf.data.available() != 0) { if (prf.data.available() != 0) {
// parameter is 'NULL' for all HmacSHA KDFs // parameter is 'NULL' for all HmacSHA KDFs
DerValue parameter = prf.data.getDerValue(); DerValue parameter = prf.data.getDerValue();

563
src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
View file

@ -32,8 +32,7 @@ import java.security.PrivilegedAction;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import static sun.security.util.SecurityConstants.PROVIDER_VER; import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.provider.SunEntries.createAliases; import static sun.security.util.SecurityProviderConstants.*;
import static sun.security.provider.SunEntries.createAliasesWithOid;
/** /**
* The "SunJCE" Cryptographic Service Provider. * The "SunJCE" Cryptographic Service Provider.
@ -100,9 +99,22 @@ public final class SunJCE extends Provider {
} }
static SecureRandom getRandom() { return SecureRandomHolder.RANDOM; } static SecureRandom getRandom() { return SecureRandomHolder.RANDOM; }
private void ps(String type, String algo, String cn, // ps: putService
List<String> aliases, HashMap<String, String> attrs) { private void ps(String type, String algo, String cn) {
putService(new Provider.Service(this, type, algo, cn, aliases, attrs)); putService(new Provider.Service(this, type, algo, cn, null, null));
}
private void ps(String type, String algo, String cn, List<String> als,
HashMap<String, String> attrs) {
putService(new Provider.Service(this, type, algo, cn, als,
attrs));
}
// psA: putService with default aliases
private void psA(String type, String algo, String cn,
HashMap<String, String> attrs) {
putService(new Provider.Service(this, type, algo, cn, getAliases(algo),
attrs));
} }
public SunJCE() { public SunJCE() {
@ -128,69 +140,6 @@ public final class SunJCE extends Provider {
} }
void putEntries() { void putEntries() {
// common aliases and oids
List<String> aesAliases = createAliases("Rijndael");
List<String> desEdeAliases = createAliases("TripleDES");
List<String> arcFourAliases = createAliases("RC4");
List<String> sunTlsMSAliases = createAliases(
"SunTls12MasterSecret", "SunTlsExtendedMasterSecret"
);
List<String> sunTlsKMAliases = createAliases("SunTls12KeyMaterial");
List<String> sunTlsRsaPMSAliases = createAliases("SunTls12RsaPremasterSecret");
String aes128Oid = "2.16.840.1.101.3.4.1.";
String aes192Oid = "2.16.840.1.101.3.4.1.2";
String aes256Oid = "2.16.840.1.101.3.4.1.4";
List<String> pkcs12RC4_128Aliases =
createAliasesWithOid("1.2.840.113549.1.12.1.1");
List<String> pkcs12RC4_40Aliases =
createAliasesWithOid("1.2.840.113549.1.12.1.2");
List<String> pkcs12DESedeAliases =
createAliasesWithOid("1.2.840.113549.1.12.1.3");
List<String> pkcs12RC2_128Aliases =
createAliasesWithOid("1.2.840.113549.1.12.1.5");
List<String> pkcs12RC2_40Aliases =
createAliasesWithOid("1.2.840.113549.1.12.1.6");
List<String> pkcs5MD5_DESAliases =
createAliasesWithOid("1.2.840.113549.1.5.3", "PBE");
List<String> pkcs5PBKDF2Aliases =
createAliasesWithOid("1.2.840.113549.1.5.12");
List<String> pkcs5PBES2Aliases =
createAliasesWithOid("1.2.840.113549.1.5.13");
List<String> diffieHellmanAliases =
createAliasesWithOid("1.2.840.113549.1.3.1", "DH");
List<String> chachaPolyAliases =
createAliasesWithOid("1.2.840.113549.1.9.16.3.18");
String macOidBase = "1.2.840.113549.2.";
List<String> macSHA1Aliases = createAliasesWithOid(macOidBase + "7");
List<String> macSHA224Aliases = createAliasesWithOid(macOidBase + "8");
List<String> macSHA256Aliases = createAliasesWithOid(macOidBase + "9");
List<String> macSHA384Aliases = createAliasesWithOid(macOidBase + "10");
List<String> macSHA512Aliases = createAliasesWithOid(macOidBase + "11");
List<String> macSHA512_224Aliases = createAliasesWithOid(macOidBase + "12");
List<String> macSHA512_256Aliases = createAliasesWithOid(macOidBase + "13");
String nistHashAlgsOidBase = "2.16.840.1.101.3.4.2.";
List<String> macSHA3_224Aliases =
createAliasesWithOid(nistHashAlgsOidBase + "13");
List<String> macSHA3_256Aliases =
createAliasesWithOid(nistHashAlgsOidBase + "14");
List<String> macSHA3_384Aliases =
createAliasesWithOid(nistHashAlgsOidBase + "15");
List<String> macSHA3_512Aliases =
createAliasesWithOid(nistHashAlgsOidBase + "16");
// reuse attribute map and reset before each reuse // reuse attribute map and reset before each reuse
HashMap<String, String> attrs = new HashMap<>(3); HashMap<String, String> attrs = new HashMap<>(3);
attrs.put("SupportedModes", "ECB"); attrs.put("SupportedModes", "ECB");
@ -225,8 +174,8 @@ public final class SunJCE extends Provider {
attrs.put("SupportedKeyFormats", "RAW"); attrs.put("SupportedKeyFormats", "RAW");
ps("Cipher", "DES", ps("Cipher", "DES",
"com.sun.crypto.provider.DESCipher", null, attrs); "com.sun.crypto.provider.DESCipher", null, attrs);
ps("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher", psA("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
desEdeAliases, attrs); attrs);
ps("Cipher", "Blowfish", ps("Cipher", "Blowfish",
"com.sun.crypto.provider.BlowfishCipher", null, attrs); "com.sun.crypto.provider.BlowfishCipher", null, attrs);
@ -237,58 +186,58 @@ public final class SunJCE extends Provider {
attrs.put("SupportedModes", BLOCK_MODES128); attrs.put("SupportedModes", BLOCK_MODES128);
attrs.put("SupportedPaddings", BLOCK_PADS); attrs.put("SupportedPaddings", BLOCK_PADS);
attrs.put("SupportedKeyFormats", "RAW"); attrs.put("SupportedKeyFormats", "RAW");
ps("Cipher", "AES", "com.sun.crypto.provider.AESCipher$General", psA("Cipher", "AES",
aesAliases, attrs); "com.sun.crypto.provider.AESCipher$General", attrs);
attrs.clear(); attrs.clear();
attrs.put("SupportedKeyFormats", "RAW"); attrs.put("SupportedKeyFormats", "RAW");
ps("Cipher", "AES_128/ECB/NoPadding", psA("Cipher", "AES_128/ECB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding", "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding",
createAliasesWithOid(aes128Oid+"1"), attrs); attrs);
ps("Cipher", "AES_128/CBC/NoPadding", psA("Cipher", "AES_128/CBC/NoPadding",
"com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding",
createAliasesWithOid(aes128Oid+"2"), attrs); attrs);
ps("Cipher", "AES_128/OFB/NoPadding", psA("Cipher", "AES_128/OFB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding", "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding",
createAliasesWithOid(aes128Oid+"3"), attrs); attrs);
ps("Cipher", "AES_128/CFB/NoPadding", psA("Cipher", "AES_128/CFB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding",
createAliasesWithOid(aes128Oid+"4"), attrs); attrs);
ps("Cipher", "AES_128/GCM/NoPadding", psA("Cipher", "AES_128/GCM/NoPadding",
"com.sun.crypto.provider.AESCipher$AES128_GCM_NoPadding", "com.sun.crypto.provider.AESCipher$AES128_GCM_NoPadding",
createAliasesWithOid(aes128Oid+"6"), attrs); attrs);
ps("Cipher", "AES_192/ECB/NoPadding", psA("Cipher", "AES_192/ECB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding", "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding",
createAliasesWithOid(aes192Oid+"1"), attrs); attrs);
ps("Cipher", "AES_192/CBC/NoPadding", psA("Cipher", "AES_192/CBC/NoPadding",
"com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding",
createAliasesWithOid(aes192Oid+"2"), attrs); attrs);
ps("Cipher", "AES_192/OFB/NoPadding", psA("Cipher", "AES_192/OFB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding", "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding",
createAliasesWithOid(aes192Oid+"3"), attrs); attrs);
ps("Cipher", "AES_192/CFB/NoPadding", psA("Cipher", "AES_192/CFB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding",
createAliasesWithOid(aes192Oid+"4"), attrs); attrs);
ps("Cipher", "AES_192/GCM/NoPadding", psA("Cipher", "AES_192/GCM/NoPadding",
"com.sun.crypto.provider.AESCipher$AES192_GCM_NoPadding", "com.sun.crypto.provider.AESCipher$AES192_GCM_NoPadding",
createAliasesWithOid(aes192Oid+"6"), attrs); attrs);
ps("Cipher", "AES_256/ECB/NoPadding", psA("Cipher", "AES_256/ECB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding", "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding",
createAliasesWithOid(aes256Oid+"1"), attrs); attrs);
ps("Cipher", "AES_256/CBC/NoPadding", psA("Cipher", "AES_256/CBC/NoPadding",
"com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding",
createAliasesWithOid(aes256Oid+"2"), attrs); attrs);
ps("Cipher", "AES_256/OFB/NoPadding", psA("Cipher", "AES_256/OFB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding", "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding",
createAliasesWithOid(aes256Oid+"3"), attrs); attrs);
ps("Cipher", "AES_256/CFB/NoPadding", psA("Cipher", "AES_256/CFB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding",
createAliasesWithOid(aes256Oid+"4"), attrs); attrs);
ps("Cipher", "AES_256/GCM/NoPadding", psA("Cipher", "AES_256/GCM/NoPadding",
"com.sun.crypto.provider.AESCipher$AES256_GCM_NoPadding", "com.sun.crypto.provider.AESCipher$AES256_GCM_NoPadding",
createAliasesWithOid(aes256Oid+"6"), attrs); attrs);
attrs.clear(); attrs.clear();
attrs.put("SupportedModes", "CBC"); attrs.put("SupportedModes", "CBC");
@ -301,167 +250,150 @@ public final class SunJCE extends Provider {
attrs.put("SupportedModes", "ECB"); attrs.put("SupportedModes", "ECB");
attrs.put("SupportedPaddings", "NOPADDING"); attrs.put("SupportedPaddings", "NOPADDING");
attrs.put("SupportedKeyFormats", "RAW"); attrs.put("SupportedKeyFormats", "RAW");
ps("Cipher", "ARCFOUR", "com.sun.crypto.provider.ARCFOURCipher", psA("Cipher", "ARCFOUR",
arcFourAliases, attrs); "com.sun.crypto.provider.ARCFOURCipher", attrs);
ps("Cipher", "AESWrap", "com.sun.crypto.provider.AESWrapCipher$General", ps("Cipher", "AESWrap", "com.sun.crypto.provider.AESWrapCipher$General",
null, attrs); null, attrs);
ps("Cipher", "AESWrap_128", psA("Cipher", "AESWrap_128",
"com.sun.crypto.provider.AESWrapCipher$AES128", "com.sun.crypto.provider.AESWrapCipher$AES128",
createAliasesWithOid(aes128Oid+"5"), attrs); attrs);
ps("Cipher", "AESWrap_192", psA("Cipher", "AESWrap_192",
"com.sun.crypto.provider.AESWrapCipher$AES192", "com.sun.crypto.provider.AESWrapCipher$AES192",
createAliasesWithOid(aes192Oid+"5"), attrs); attrs);
ps("Cipher", "AESWrap_256", psA("Cipher", "AESWrap_256",
"com.sun.crypto.provider.AESWrapCipher$AES256", "com.sun.crypto.provider.AESWrapCipher$AES256",
createAliasesWithOid(aes256Oid+"5"), attrs); attrs);
attrs.clear(); attrs.clear();
attrs.put("SupportedKeyFormats", "RAW"); attrs.put("SupportedKeyFormats", "RAW");
ps("Cipher", "ChaCha20", ps("Cipher", "ChaCha20",
"com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only", "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only",
null, attrs); null, attrs);
ps("Cipher", "ChaCha20-Poly1305", psA("Cipher", "ChaCha20-Poly1305",
"com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305", "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305",
chachaPolyAliases, attrs); attrs);
// PBES1 // PBES1
ps("Cipher", "PBEWithMD5AndDES", psA("Cipher", "PBEWithMD5AndDES",
"com.sun.crypto.provider.PBEWithMD5AndDESCipher", "com.sun.crypto.provider.PBEWithMD5AndDESCipher",
pkcs5MD5_DESAliases, null); null);
ps("Cipher", "PBEWithMD5AndTripleDES", ps("Cipher", "PBEWithMD5AndTripleDES",
"com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher", "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
null, null); psA("Cipher", "PBEWithSHA1AndDESede",
ps("Cipher", "PBEWithSHA1AndDESede",
"com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede", "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede",
pkcs12DESedeAliases, null); null);
ps("Cipher", "PBEWithSHA1AndRC2_40", psA("Cipher", "PBEWithSHA1AndRC2_40",
"com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40", "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40",
pkcs12RC2_40Aliases, null); null);
ps("Cipher", "PBEWithSHA1AndRC2_128", psA("Cipher", "PBEWithSHA1AndRC2_128",
"com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128", "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128",
pkcs12RC2_128Aliases, null); null);
ps("Cipher", "PBEWithSHA1AndRC4_40", psA("Cipher", "PBEWithSHA1AndRC4_40",
"com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40", "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40",
pkcs12RC4_40Aliases, null); null);
ps("Cipher", "PBEWithSHA1AndRC4_128", psA("Cipher", "PBEWithSHA1AndRC4_128",
"com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128", "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128",
pkcs12RC4_128Aliases, null); null);
// PBES2 // PBES2
ps("Cipher", "PBEWithHmacSHA1AndAES_128", ps("Cipher", "PBEWithHmacSHA1AndAES_128",
"com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128", "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
null, null);
ps("Cipher", "PBEWithHmacSHA224AndAES_128", ps("Cipher", "PBEWithHmacSHA224AndAES_128",
"com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128", "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128");
null, null);
ps("Cipher", "PBEWithHmacSHA256AndAES_128", ps("Cipher", "PBEWithHmacSHA256AndAES_128",
"com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128", "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128");
null, null);
ps("Cipher", "PBEWithHmacSHA384AndAES_128", ps("Cipher", "PBEWithHmacSHA384AndAES_128",
"com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128", "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128");
null, null);
ps("Cipher", "PBEWithHmacSHA512AndAES_128", ps("Cipher", "PBEWithHmacSHA512AndAES_128",
"com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128", "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128");
null, null);
ps("Cipher", "PBEWithHmacSHA1AndAES_256", ps("Cipher", "PBEWithHmacSHA1AndAES_256",
"com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256", "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
null, null);
ps("Cipher", "PBEWithHmacSHA224AndAES_256", ps("Cipher", "PBEWithHmacSHA224AndAES_256",
"com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256", "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256");
null, null);
ps("Cipher", "PBEWithHmacSHA256AndAES_256", ps("Cipher", "PBEWithHmacSHA256AndAES_256",
"com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256", "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256");
null, null);
ps("Cipher", "PBEWithHmacSHA384AndAES_256", ps("Cipher", "PBEWithHmacSHA384AndAES_256",
"com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256", "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256");
null, null);
ps("Cipher", "PBEWithHmacSHA512AndAES_256", ps("Cipher", "PBEWithHmacSHA512AndAES_256",
"com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256", "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256");
null, null);
/* /*
* Key(pair) Generator engines * Key(pair) Generator engines
*/ */
ps("KeyGenerator", "DES", ps("KeyGenerator", "DES",
"com.sun.crypto.provider.DESKeyGenerator", "com.sun.crypto.provider.DESKeyGenerator");
null, null); psA("KeyGenerator", "DESede",
ps("KeyGenerator", "DESede",
"com.sun.crypto.provider.DESedeKeyGenerator", "com.sun.crypto.provider.DESedeKeyGenerator",
desEdeAliases, null); null);
ps("KeyGenerator", "Blowfish", ps("KeyGenerator", "Blowfish",
"com.sun.crypto.provider.BlowfishKeyGenerator", "com.sun.crypto.provider.BlowfishKeyGenerator");
null, null); psA("KeyGenerator", "AES",
ps("KeyGenerator", "AES",
"com.sun.crypto.provider.AESKeyGenerator", "com.sun.crypto.provider.AESKeyGenerator",
aesAliases, null); null);
ps("KeyGenerator", "RC2", ps("KeyGenerator", "RC2",
"com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator", "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator");
null, null); psA("KeyGenerator", "ARCFOUR",
ps("KeyGenerator", "ARCFOUR",
"com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator", "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator",
arcFourAliases, null); null);
ps("KeyGenerator", "ChaCha20", ps("KeyGenerator", "ChaCha20",
"com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator", "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator");
null, null);
ps("KeyGenerator", "HmacMD5", ps("KeyGenerator", "HmacMD5",
"com.sun.crypto.provider.HmacMD5KeyGenerator", "com.sun.crypto.provider.HmacMD5KeyGenerator");
null, null);
ps("KeyGenerator", "HmacSHA1", psA("KeyGenerator", "HmacSHA1",
"com.sun.crypto.provider.HmacSHA1KeyGenerator", "com.sun.crypto.provider.HmacSHA1KeyGenerator", null);
macSHA1Aliases, null); psA("KeyGenerator", "HmacSHA224",
ps("KeyGenerator", "HmacSHA224",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA224", "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA224",
macSHA224Aliases, null); null);
ps("KeyGenerator", "HmacSHA256", psA("KeyGenerator", "HmacSHA256",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA256", "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA256",
macSHA256Aliases, null); null);
ps("KeyGenerator", "HmacSHA384", psA("KeyGenerator", "HmacSHA384",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA384", "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA384",
macSHA384Aliases, null); null);
ps("KeyGenerator", "HmacSHA512", psA("KeyGenerator", "HmacSHA512",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512", "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512",
macSHA512Aliases, null); null);
ps("KeyGenerator", "HmacSHA512/224", psA("KeyGenerator", "HmacSHA512/224",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_224", "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_224",
macSHA512_224Aliases, null); null);
ps("KeyGenerator", "HmacSHA512/256", psA("KeyGenerator", "HmacSHA512/256",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_256", "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_256",
macSHA512_256Aliases, null); null);
ps("KeyGenerator", "HmacSHA3-224", psA("KeyGenerator", "HmacSHA3-224",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_224", "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_224",
macSHA3_224Aliases, null); null);
ps("KeyGenerator", "HmacSHA3-256", psA("KeyGenerator", "HmacSHA3-256",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_256", "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_256",
macSHA3_256Aliases, null); null);
ps("KeyGenerator", "HmacSHA3-384", psA("KeyGenerator", "HmacSHA3-384",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_384", "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_384",
macSHA3_384Aliases, null); null);
ps("KeyGenerator", "HmacSHA3-512", psA("KeyGenerator", "HmacSHA3-512",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_512", "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_512",
macSHA3_512Aliases, null); null);
ps("KeyPairGenerator", "DiffieHellman", psA("KeyPairGenerator", "DiffieHellman",
"com.sun.crypto.provider.DHKeyPairGenerator", "com.sun.crypto.provider.DHKeyPairGenerator",
diffieHellmanAliases, null); null);
/* /*
* Algorithm parameter generation engines * Algorithm parameter generation engines
*/ */
ps("AlgorithmParameterGenerator", psA("AlgorithmParameterGenerator",
"DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator", "DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator",
diffieHellmanAliases, null); null);
/* /*
* Key Agreement engines * Key Agreement engines
@ -469,142 +401,120 @@ public final class SunJCE extends Provider {
attrs.clear(); attrs.clear();
attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" + attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" +
"|javax.crypto.interfaces.DHPrivateKey"); "|javax.crypto.interfaces.DHPrivateKey");
ps("KeyAgreement", "DiffieHellman", psA("KeyAgreement", "DiffieHellman",
"com.sun.crypto.provider.DHKeyAgreement", "com.sun.crypto.provider.DHKeyAgreement",
diffieHellmanAliases, attrs); attrs);
/* /*
* Algorithm Parameter engines * Algorithm Parameter engines
*/ */
ps("AlgorithmParameters", "DiffieHellman", psA("AlgorithmParameters", "DiffieHellman",
"com.sun.crypto.provider.DHParameters", "com.sun.crypto.provider.DHParameters", null);
diffieHellmanAliases, null);
ps("AlgorithmParameters", "DES", ps("AlgorithmParameters", "DES",
"com.sun.crypto.provider.DESParameters", "com.sun.crypto.provider.DESParameters");
null, null);
ps("AlgorithmParameters", "DESede", psA("AlgorithmParameters", "DESede",
"com.sun.crypto.provider.DESedeParameters", "com.sun.crypto.provider.DESedeParameters", null);
desEdeAliases, null);
ps("AlgorithmParameters", "PBEWithMD5AndDES", psA("AlgorithmParameters", "PBEWithMD5AndDES",
"com.sun.crypto.provider.PBEParameters", "com.sun.crypto.provider.PBEParameters",
pkcs5MD5_DESAliases, null); null);
ps("AlgorithmParameters", "PBEWithMD5AndTripleDES", ps("AlgorithmParameters", "PBEWithMD5AndTripleDES",
"com.sun.crypto.provider.PBEParameters", "com.sun.crypto.provider.PBEParameters");
null, null);
ps("AlgorithmParameters", "PBEWithSHA1AndDESede", psA("AlgorithmParameters", "PBEWithSHA1AndDESede",
"com.sun.crypto.provider.PBEParameters", "com.sun.crypto.provider.PBEParameters",
pkcs12DESedeAliases, null); null);
ps("AlgorithmParameters", "PBEWithSHA1AndRC2_40", psA("AlgorithmParameters", "PBEWithSHA1AndRC2_40",
"com.sun.crypto.provider.PBEParameters", "com.sun.crypto.provider.PBEParameters",
pkcs12RC2_40Aliases, null); null);
ps("AlgorithmParameters", "PBEWithSHA1AndRC2_128", psA("AlgorithmParameters", "PBEWithSHA1AndRC2_128",
"com.sun.crypto.provider.PBEParameters", "com.sun.crypto.provider.PBEParameters",
pkcs12RC2_128Aliases, null); null);
ps("AlgorithmParameters", "PBEWithSHA1AndRC4_40", psA("AlgorithmParameters", "PBEWithSHA1AndRC4_40",
"com.sun.crypto.provider.PBEParameters", "com.sun.crypto.provider.PBEParameters",
pkcs12RC4_40Aliases, null); null);
ps("AlgorithmParameters", "PBEWithSHA1AndRC4_128", psA("AlgorithmParameters", "PBEWithSHA1AndRC4_128",
"com.sun.crypto.provider.PBEParameters", "com.sun.crypto.provider.PBEParameters",
pkcs12RC4_128Aliases, null); null);
ps("AlgorithmParameters", "PBES2", psA("AlgorithmParameters", "PBES2",
"com.sun.crypto.provider.PBES2Parameters$General", "com.sun.crypto.provider.PBES2Parameters$General",
pkcs5PBES2Aliases, null); null);
ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_128", ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128", "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128");
null, null);
ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_128", ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128", "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128");
null, null);
ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_128", ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128", "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128");
null, null);
ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_128", ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128", "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128");
null, null);
ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_128", ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128", "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128");
null, null);
ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_256", ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256", "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256");
null, null);
ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_256", ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256", "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256");
null, null);
ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_256", ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256", "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256");
null, null);
ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_256", ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256", "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256");
null, null);
ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_256", ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256", "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256");
null, null);
ps("AlgorithmParameters", "Blowfish", ps("AlgorithmParameters", "Blowfish",
"com.sun.crypto.provider.BlowfishParameters", "com.sun.crypto.provider.BlowfishParameters");
null, null);
ps("AlgorithmParameters", "AES", psA("AlgorithmParameters", "AES",
"com.sun.crypto.provider.AESParameters", "com.sun.crypto.provider.AESParameters", null);
aesAliases, null);
ps("AlgorithmParameters", "GCM", ps("AlgorithmParameters", "GCM",
"com.sun.crypto.provider.GCMParameters", "com.sun.crypto.provider.GCMParameters");
null, null);
ps("AlgorithmParameters", "RC2", ps("AlgorithmParameters", "RC2",
"com.sun.crypto.provider.RC2Parameters", "com.sun.crypto.provider.RC2Parameters");
null, null);
ps("AlgorithmParameters", "OAEP", ps("AlgorithmParameters", "OAEP",
"com.sun.crypto.provider.OAEPParameters", "com.sun.crypto.provider.OAEPParameters");
null, null);
ps("AlgorithmParameters", "ChaCha20-Poly1305", psA("AlgorithmParameters", "ChaCha20-Poly1305",
"com.sun.crypto.provider.ChaCha20Poly1305Parameters", "com.sun.crypto.provider.ChaCha20Poly1305Parameters", null);
chachaPolyAliases, null);
/* /*
* Key factories * Key factories
*/ */
ps("KeyFactory", "DiffieHellman", psA("KeyFactory", "DiffieHellman",
"com.sun.crypto.provider.DHKeyFactory", "com.sun.crypto.provider.DHKeyFactory",
diffieHellmanAliases, null); null);
/* /*
* Secret-key factories * Secret-key factories
*/ */
ps("SecretKeyFactory", "DES", ps("SecretKeyFactory", "DES",
"com.sun.crypto.provider.DESKeyFactory", "com.sun.crypto.provider.DESKeyFactory");
null, null);
ps("SecretKeyFactory", "DESede", psA("SecretKeyFactory", "DESede",
"com.sun.crypto.provider.DESedeKeyFactory", "com.sun.crypto.provider.DESedeKeyFactory", null);
desEdeAliases, null);
ps("SecretKeyFactory", "PBEWithMD5AndDES", psA("SecretKeyFactory", "PBEWithMD5AndDES",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES", "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
pkcs5MD5_DESAliases, null); null);
/* /*
* Internal in-house crypto algorithm used for * Internal in-house crypto algorithm used for
@ -613,85 +523,70 @@ public final class SunJCE extends Provider {
* algorithm. * algorithm.
*/ */
ps("SecretKeyFactory", "PBEWithMD5AndTripleDES", ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES", "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES");
null, null);
ps("SecretKeyFactory", "PBEWithSHA1AndDESede", psA("SecretKeyFactory", "PBEWithSHA1AndDESede",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede", "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
pkcs12DESedeAliases, null); null);
ps("SecretKeyFactory", "PBEWithSHA1AndRC2_40", psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40", "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
pkcs12RC2_40Aliases, null); null);
ps("SecretKeyFactory", "PBEWithSHA1AndRC2_128", psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128", "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
pkcs12RC2_128Aliases, null); null);
ps("SecretKeyFactory", "PBEWithSHA1AndRC4_40", psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40", "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
pkcs12RC4_40Aliases,null); null);
ps("SecretKeyFactory", "PBEWithSHA1AndRC4_128", psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128", "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
pkcs12RC4_128Aliases, null); null);
ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128", ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128", "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128");
null, null);
ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128", ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128", "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128");
null, null);
ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128", ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128", "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128");
null, null);
ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128", ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128", "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128");
null, null);
ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128", ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128", "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
null, null);
ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256", ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256", "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
null, null);
ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256", ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256", "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256");
null, null);
ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256", ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256", "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256");
null, null);
ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256", ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256", "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256");
null, null);
ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256", ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256", "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
null, null);
// PBKDF2 // PBKDF2
ps("SecretKeyFactory", "PBKDF2WithHmacSHA1", psA("SecretKeyFactory", "PBKDF2WithHmacSHA1",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA1", "com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
pkcs5PBKDF2Aliases, null); null);
ps("SecretKeyFactory", "PBKDF2WithHmacSHA224", ps("SecretKeyFactory", "PBKDF2WithHmacSHA224",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA224", "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
null, null);
ps("SecretKeyFactory", "PBKDF2WithHmacSHA256", ps("SecretKeyFactory", "PBKDF2WithHmacSHA256",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA256", "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
null, null);
ps("SecretKeyFactory", "PBKDF2WithHmacSHA384", ps("SecretKeyFactory", "PBKDF2WithHmacSHA384",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA384", "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
null, null);
ps("SecretKeyFactory", "PBKDF2WithHmacSHA512", ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA512", "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
null, null);
/* /*
* MAC * MAC
@ -699,35 +594,28 @@ public final class SunJCE extends Provider {
attrs.clear(); attrs.clear();
attrs.put("SupportedKeyFormats", "RAW"); attrs.put("SupportedKeyFormats", "RAW");
ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs); ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs);
ps("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1", psA("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
macSHA1Aliases, attrs); attrs);
ps("Mac", "HmacSHA224", "com.sun.crypto.provider.HmacCore$HmacSHA224", psA("Mac", "HmacSHA224",
macSHA224Aliases, attrs); "com.sun.crypto.provider.HmacCore$HmacSHA224", attrs);
ps("Mac", "HmacSHA256", "com.sun.crypto.provider.HmacCore$HmacSHA256", psA("Mac", "HmacSHA256",
macSHA256Aliases, attrs); "com.sun.crypto.provider.HmacCore$HmacSHA256", attrs);
ps("Mac", "HmacSHA384", "com.sun.crypto.provider.HmacCore$HmacSHA384", psA("Mac", "HmacSHA384",
macSHA384Aliases, attrs); "com.sun.crypto.provider.HmacCore$HmacSHA384", attrs);
ps("Mac", "HmacSHA512", "com.sun.crypto.provider.HmacCore$HmacSHA512", psA("Mac", "HmacSHA512",
macSHA512Aliases, attrs); "com.sun.crypto.provider.HmacCore$HmacSHA512", attrs);
ps("Mac", "HmacSHA512/224", psA("Mac", "HmacSHA512/224",
"com.sun.crypto.provider.HmacCore$HmacSHA512_224", "com.sun.crypto.provider.HmacCore$HmacSHA512_224", attrs);
macSHA512_224Aliases, attrs); psA("Mac", "HmacSHA512/256",
ps("Mac", "HmacSHA512/256", "com.sun.crypto.provider.HmacCore$HmacSHA512_256", attrs);
"com.sun.crypto.provider.HmacCore$HmacSHA512_256", psA("Mac", "HmacSHA3-224",
macSHA512_256Aliases, attrs); "com.sun.crypto.provider.HmacCore$HmacSHA3_224", attrs);
psA("Mac", "HmacSHA3-256",
ps("Mac", "HmacSHA3-224", "com.sun.crypto.provider.HmacCore$HmacSHA3_256", attrs);
"com.sun.crypto.provider.HmacCore$HmacSHA3_224", psA("Mac", "HmacSHA3-384",
macSHA3_224Aliases, attrs); "com.sun.crypto.provider.HmacCore$HmacSHA3_384", attrs);
ps("Mac", "HmacSHA3-256", psA("Mac", "HmacSHA3-512",
"com.sun.crypto.provider.HmacCore$HmacSHA3_256", "com.sun.crypto.provider.HmacCore$HmacSHA3_512", attrs);
macSHA3_256Aliases, attrs);
ps("Mac", "HmacSHA3-384",
"com.sun.crypto.provider.HmacCore$HmacSHA3_384",
macSHA3_384Aliases, attrs);
ps("Mac", "HmacSHA3-512",
"com.sun.crypto.provider.HmacCore$HmacSHA3_512",
macSHA3_512Aliases, attrs);
ps("Mac", "HmacPBESHA1", ps("Mac", "HmacPBESHA1",
"com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1",
@ -772,8 +660,7 @@ public final class SunJCE extends Provider {
* KeyStore * KeyStore
*/ */
ps("KeyStore", "JCEKS", ps("KeyStore", "JCEKS",
"com.sun.crypto.provider.JceKeyStore", "com.sun.crypto.provider.JceKeyStore");
null, null);
/* /*
* SSL/TLS mechanisms * SSL/TLS mechanisms
@ -784,24 +671,22 @@ public final class SunJCE extends Provider {
* mechanisms, and it will cause calls to come here. * mechanisms, and it will cause calls to come here.
*/ */
ps("KeyGenerator", "SunTlsPrf", ps("KeyGenerator", "SunTlsPrf",
"com.sun.crypto.provider.TlsPrfGenerator$V10", "com.sun.crypto.provider.TlsPrfGenerator$V10");
null, null);
ps("KeyGenerator", "SunTls12Prf", ps("KeyGenerator", "SunTls12Prf",
"com.sun.crypto.provider.TlsPrfGenerator$V12", "com.sun.crypto.provider.TlsPrfGenerator$V12");
null, null);
ps("KeyGenerator", "SunTlsMasterSecret", ps("KeyGenerator", "SunTlsMasterSecret",
"com.sun.crypto.provider.TlsMasterSecretGenerator", "com.sun.crypto.provider.TlsMasterSecretGenerator",
createAliases("SunTls12MasterSecret", List.of("SunTls12MasterSecret", "SunTlsExtendedMasterSecret"),
"SunTlsExtendedMasterSecret"), null); null);
ps("KeyGenerator", "SunTlsKeyMaterial", ps("KeyGenerator", "SunTlsKeyMaterial",
"com.sun.crypto.provider.TlsKeyMaterialGenerator", "com.sun.crypto.provider.TlsKeyMaterialGenerator",
createAliases("SunTls12KeyMaterial"), null); List.of("SunTls12KeyMaterial"), null);
ps("KeyGenerator", "SunTlsRsaPremasterSecret", ps("KeyGenerator", "SunTlsRsaPremasterSecret",
"com.sun.crypto.provider.TlsRsaPremasterSecretGenerator", "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
createAliases("SunTls12RsaPremasterSecret"), null); List.of("SunTls12RsaPremasterSecret"), null);
} }
// Return the instance of this class or create one if needed. // Return the instance of this class or create one if needed.

2
src/java.base/share/classes/java/security/PKCS12Attribute.java
View file

@ -76,7 +76,7 @@ public final class PKCS12Attribute implements KeyStore.Entry.Attribute {
// Validate name // Validate name
ObjectIdentifier type; ObjectIdentifier type;
try { try {
type = new ObjectIdentifier(name); type = ObjectIdentifier.of(name);
} catch (IOException e) { } catch (IOException e) {
throw new IllegalArgumentException("Incorrect format: name", e); throw new IllegalArgumentException("Incorrect format: name", e);
} }

4
src/java.base/share/classes/java/security/cert/CertificateRevokedException.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2007, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -246,7 +246,7 @@ public class CertificateRevokedException extends CertificateException {
boolean critical = ois.readBoolean(); boolean critical = ois.readBoolean();
byte[] extVal = IOUtils.readExactlyNBytes(ois, ois.readInt()); byte[] extVal = IOUtils.readExactlyNBytes(ois, ois.readInt());
Extension ext = sun.security.x509.Extension.newExtension Extension ext = sun.security.x509.Extension.newExtension
(new ObjectIdentifier(oid), critical, extVal); (ObjectIdentifier.of(oid), critical, extVal);
extensions.put(oid, ext); extensions.put(oid, ext);
} }
} }

16
src/java.base/share/classes/java/security/cert/X509CertSelector.java
View file

@ -31,11 +31,7 @@ import java.security.PublicKey;
import java.util.*; import java.util.*;
import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal;
import sun.security.util.HexDumpEncoder; import sun.security.util.*;
import sun.security.util.Debug;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.*; import sun.security.x509.*;
/** /**
@ -88,7 +84,7 @@ public class X509CertSelector implements CertSelector {
private static final Debug debug = Debug.getInstance("certpath"); private static final Debug debug = Debug.getInstance("certpath");
private static final ObjectIdentifier ANY_EXTENDED_KEY_USAGE = private static final ObjectIdentifier ANY_EXTENDED_KEY_USAGE =
ObjectIdentifier.of("2.5.29.37.0"); ObjectIdentifier.of(KnownOIDs.anyExtendedKeyUsage);
static { static {
CertPathHelperImpl.initialize(); CertPathHelperImpl.initialize();
@ -506,7 +502,7 @@ public class X509CertSelector implements CertSelector {
if (oid == null) { if (oid == null) {
subjectPublicKeyAlgID = null; subjectPublicKeyAlgID = null;
} else { } else {
subjectPublicKeyAlgID = new ObjectIdentifier(oid); subjectPublicKeyAlgID = ObjectIdentifier.of(oid);
} }
} }
@ -622,7 +618,7 @@ public class X509CertSelector implements CertSelector {
Collections.unmodifiableSet(new HashSet<>(keyPurposeSet)); Collections.unmodifiableSet(new HashSet<>(keyPurposeSet));
keyPurposeOIDSet = new HashSet<>(); keyPurposeOIDSet = new HashSet<>();
for (String s : this.keyPurposeSet) { for (String s : this.keyPurposeSet) {
keyPurposeOIDSet.add(new ObjectIdentifier(s)); keyPurposeOIDSet.add(ObjectIdentifier.of(s));
} }
} }
} }
@ -1105,8 +1101,8 @@ public class X509CertSelector implements CertSelector {
if (!(o instanceof String)) { if (!(o instanceof String)) {
throw new IOException("non String in certPolicySet"); throw new IOException("non String in certPolicySet");
} }
polIdVector.add(new CertificatePolicyId(new ObjectIdentifier( polIdVector.add(new CertificatePolicyId
(String)o))); (ObjectIdentifier.of((String)o)));
} }
// If everything went OK, make the changes // If everything went OK, make the changes
policySet = tempSet; policySet = tempSet;

22
src/java.base/share/classes/sun/security/pkcs/ContentInfo.java
View file

@ -39,35 +39,35 @@ public class ContentInfo {
// pkcs7 pre-defined content types // pkcs7 pre-defined content types
public static ObjectIdentifier PKCS7_OID = public static ObjectIdentifier PKCS7_OID =
ObjectIdentifier.of("1.2.840.113549.1.7"); ObjectIdentifier.of(KnownOIDs.PKCS7);
public static ObjectIdentifier DATA_OID = public static ObjectIdentifier DATA_OID =
ObjectIdentifier.of("1.2.840.113549.1.7.1"); ObjectIdentifier.of(KnownOIDs.Data);
public static ObjectIdentifier SIGNED_DATA_OID = public static ObjectIdentifier SIGNED_DATA_OID =
ObjectIdentifier.of("1.2.840.113549.1.7.2"); ObjectIdentifier.of(KnownOIDs.SignedData);
public static ObjectIdentifier ENVELOPED_DATA_OID = public static ObjectIdentifier ENVELOPED_DATA_OID =
ObjectIdentifier.of("1.2.840.113549.1.7.3"); ObjectIdentifier.of(KnownOIDs.EnvelopedData);
public static ObjectIdentifier SIGNED_AND_ENVELOPED_DATA_OID = public static ObjectIdentifier SIGNED_AND_ENVELOPED_DATA_OID =
ObjectIdentifier.of("1.2.840.113549.1.7.4"); ObjectIdentifier.of(KnownOIDs.SignedAndEnvelopedData);
public static ObjectIdentifier DIGESTED_DATA_OID = public static ObjectIdentifier DIGESTED_DATA_OID =
ObjectIdentifier.of("1.2.840.113549.1.7.5"); ObjectIdentifier.of(KnownOIDs.DigestedData);
public static ObjectIdentifier ENCRYPTED_DATA_OID = public static ObjectIdentifier ENCRYPTED_DATA_OID =
ObjectIdentifier.of("1.2.840.113549.1.7.6"); ObjectIdentifier.of(KnownOIDs.EncryptedData);
// this is for backwards-compatibility with JDK 1.1.x // this is for backwards-compatibility with JDK 1.1.x
public static ObjectIdentifier OLD_SIGNED_DATA_OID = public static ObjectIdentifier OLD_SIGNED_DATA_OID =
ObjectIdentifier.of("1.2.840.1113549.1.7.2"); ObjectIdentifier.of(KnownOIDs.JDK_OLD_SignedData);
public static ObjectIdentifier OLD_DATA_OID = public static ObjectIdentifier OLD_DATA_OID =
ObjectIdentifier.of("1.2.840.1113549.1.7.1"); ObjectIdentifier.of(KnownOIDs.JDK_OLD_Data);
// The ASN.1 systax for the Netscape Certificate Sequence data type is // The ASN.1 systax for the Netscape Certificate Sequence data type is
// defined at: // defined at:
// http://wp.netscape.com/eng/security/comm4-cert-download.html // http://wp.netscape.com/eng/security/comm4-cert-download.html
public static ObjectIdentifier NETSCAPE_CERT_SEQUENCE_OID = public static ObjectIdentifier NETSCAPE_CERT_SEQUENCE_OID =
ObjectIdentifier.of("2.16.840.1.113730.2.5"); ObjectIdentifier.of(KnownOIDs.NETSCAPE_CertSequence);
// timestamp token (id-ct-TSTInfo) from RFC 3161 // timestamp token (id-ct-TSTInfo) from RFC 3161
public static ObjectIdentifier TIMESTAMP_TOKEN_INFO_OID = public static ObjectIdentifier TIMESTAMP_TOKEN_INFO_OID =
ObjectIdentifier.of("1.2.840.113549.1.9.16.1.4"); ObjectIdentifier.of(KnownOIDs.TimeStampTokenInfo);
ObjectIdentifier contentType; ObjectIdentifier contentType;
DerValue content; // OPTIONAL DerValue content; // OPTIONAL

2
src/java.base/share/classes/sun/security/pkcs/PKCS7.java
View file

@ -819,7 +819,7 @@ public class PKCS7 {
unauthAttrs = unauthAttrs =
new PKCS9Attributes(new PKCS9Attribute[]{ new PKCS9Attributes(new PKCS9Attribute[]{
new PKCS9Attribute( new PKCS9Attribute(
PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR, PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID,
tsToken)}); tsToken)});
} }

187
src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java
View file

@ -32,13 +32,7 @@ import java.util.Locale;
import java.util.Date; import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import sun.security.x509.CertificateExtensions; import sun.security.x509.CertificateExtensions;
import sun.security.util.Debug; import sun.security.util.*;
import sun.security.util.DerEncoder;
import sun.security.util.DerValue;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.ObjectIdentifier;
import sun.security.util.HexDumpEncoder;
/** /**
* Class supporting any PKCS9 attributes. * Class supporting any PKCS9 attributes.
@ -188,17 +182,11 @@ public class PKCS9Attribute implements DerEncoder {
private static final Class<?> BYTE_ARRAY_CLASS; private static final Class<?> BYTE_ARRAY_CLASS;
static { // static initializer for PKCS9_OIDS static {
for (int i = 1; i < PKCS9_OIDS.length - 2; i++) { // set unused PKCS9_OIDS entries to null
PKCS9_OIDS[i] = ObjectIdentifier.of("1.2.840.113549.1.9." + i); // rest are initialized with public constants
} PKCS9_OIDS[0] = PKCS9_OIDS[11] = PKCS9_OIDS[12] = PKCS9_OIDS[13] =
// Initialize SigningCertificate and SignatureTimestampToken PKCS9_OIDS[15] = null;
// separately (because their values are out of sequence)
PKCS9_OIDS[PKCS9_OIDS.length - 2] =
ObjectIdentifier.of("1.2.840.113549.1.9.16.2.12");
PKCS9_OIDS[PKCS9_OIDS.length - 1] =
ObjectIdentifier.of("1.2.840.113549.1.9.16.2.14");
try { try {
BYTE_ARRAY_CLASS = Class.forName("[B"); BYTE_ARRAY_CLASS = Class.forName("[B");
} catch (ClassNotFoundException e) { } catch (ClassNotFoundException e) {
@ -206,99 +194,37 @@ public class PKCS9Attribute implements DerEncoder {
} }
} }
// first element [0] not used public static final ObjectIdentifier EMAIL_ADDRESS_OID = PKCS9_OIDS[1] =
public static final ObjectIdentifier EMAIL_ADDRESS_OID = PKCS9_OIDS[1]; ObjectIdentifier.of(KnownOIDs.EmailAddress);
public static final ObjectIdentifier UNSTRUCTURED_NAME_OID = PKCS9_OIDS[2]; public static final ObjectIdentifier UNSTRUCTURED_NAME_OID = PKCS9_OIDS[2] =
public static final ObjectIdentifier CONTENT_TYPE_OID = PKCS9_OIDS[3]; ObjectIdentifier.of(KnownOIDs.UnstructuredName);
public static final ObjectIdentifier MESSAGE_DIGEST_OID = PKCS9_OIDS[4]; public static final ObjectIdentifier CONTENT_TYPE_OID = PKCS9_OIDS[3] =
public static final ObjectIdentifier SIGNING_TIME_OID = PKCS9_OIDS[5]; ObjectIdentifier.of(KnownOIDs.ContentType);
public static final ObjectIdentifier COUNTERSIGNATURE_OID = PKCS9_OIDS[6]; public static final ObjectIdentifier MESSAGE_DIGEST_OID = PKCS9_OIDS[4] =
public static final ObjectIdentifier CHALLENGE_PASSWORD_OID = PKCS9_OIDS[7]; ObjectIdentifier.of(KnownOIDs.MessageDigest);
public static final ObjectIdentifier UNSTRUCTURED_ADDRESS_OID = PKCS9_OIDS[8]; public static final ObjectIdentifier SIGNING_TIME_OID = PKCS9_OIDS[5] =
public static final ObjectIdentifier EXTENDED_CERTIFICATE_ATTRIBUTES_OID ObjectIdentifier.of(KnownOIDs.SigningTime);
= PKCS9_OIDS[9]; public static final ObjectIdentifier COUNTERSIGNATURE_OID = PKCS9_OIDS[6] =
public static final ObjectIdentifier ISSUER_SERIALNUMBER_OID = PKCS9_OIDS[10]; ObjectIdentifier.of(KnownOIDs.CounterSignature);
public static final ObjectIdentifier CHALLENGE_PASSWORD_OID =
PKCS9_OIDS[7] = ObjectIdentifier.of(KnownOIDs.ChallengePassword);
public static final ObjectIdentifier UNSTRUCTURED_ADDRESS_OID =
PKCS9_OIDS[8] = ObjectIdentifier.of(KnownOIDs.UnstructuredAddress);
public static final ObjectIdentifier EXTENDED_CERTIFICATE_ATTRIBUTES_OID =
PKCS9_OIDS[9] =
ObjectIdentifier.of(KnownOIDs.ExtendedCertificateAttributes);
public static final ObjectIdentifier ISSUER_SERIALNUMBER_OID =
PKCS9_OIDS[10] =
ObjectIdentifier.of(KnownOIDs.IssuerAndSerialNumber);
// [11], [12] are RSA DSI proprietary // [11], [12] are RSA DSI proprietary
// [13] ==> signingDescription, S/MIME, not used anymore // [13] ==> signingDescription, S/MIME, not used anymore
public static final ObjectIdentifier EXTENSION_REQUEST_OID = PKCS9_OIDS[14]; public static final ObjectIdentifier EXTENSION_REQUEST_OID =
public static final ObjectIdentifier SMIME_CAPABILITY_OID = PKCS9_OIDS[15]; PKCS9_OIDS[14] = ObjectIdentifier.of(KnownOIDs.ExtensionRequest);
public static final ObjectIdentifier SIGNING_CERTIFICATE_OID = PKCS9_OIDS[16]; public static final ObjectIdentifier SIGNING_CERTIFICATE_OID =
PKCS9_OIDS[16] = ObjectIdentifier.of(KnownOIDs.SigningCertificate);
public static final ObjectIdentifier SIGNATURE_TIMESTAMP_TOKEN_OID = public static final ObjectIdentifier SIGNATURE_TIMESTAMP_TOKEN_OID =
PKCS9_OIDS[17]; PKCS9_OIDS[17] =
public static final String EMAIL_ADDRESS_STR = "EmailAddress"; ObjectIdentifier.of(KnownOIDs.SignatureTimestampToken);
public static final String UNSTRUCTURED_NAME_STR = "UnstructuredName";
public static final String CONTENT_TYPE_STR = "ContentType";
public static final String MESSAGE_DIGEST_STR = "MessageDigest";
public static final String SIGNING_TIME_STR = "SigningTime";
public static final String COUNTERSIGNATURE_STR = "Countersignature";
public static final String CHALLENGE_PASSWORD_STR = "ChallengePassword";
public static final String UNSTRUCTURED_ADDRESS_STR = "UnstructuredAddress";
public static final String EXTENDED_CERTIFICATE_ATTRIBUTES_STR =
"ExtendedCertificateAttributes";
public static final String ISSUER_SERIALNUMBER_STR = "IssuerAndSerialNumber";
// [11], [12] are RSA DSI proprietary
private static final String RSA_PROPRIETARY_STR = "RSAProprietary";
// [13] ==> signingDescription, S/MIME, not used anymore
private static final String SMIME_SIGNING_DESC_STR = "SMIMESigningDesc";
public static final String EXTENSION_REQUEST_STR = "ExtensionRequest";
public static final String SMIME_CAPABILITY_STR = "SMIMECapability";
public static final String SIGNING_CERTIFICATE_STR = "SigningCertificate";
public static final String SIGNATURE_TIMESTAMP_TOKEN_STR =
"SignatureTimestampToken";
/**
* HashMap mapping names and variant names of supported
* attributes to their OIDs. This table contains all name forms
* that occur in PKCS9, in lower case.
*/
private static final HashMap<String, ObjectIdentifier> NAME_OID_TABLE =
new HashMap<String, ObjectIdentifier>(17);
static { // static initializer for PCKS9_NAMES
NAME_OID_TABLE.put("emailaddress", PKCS9_OIDS[1]);
NAME_OID_TABLE.put("unstructuredname", PKCS9_OIDS[2]);
NAME_OID_TABLE.put("contenttype", PKCS9_OIDS[3]);
NAME_OID_TABLE.put("messagedigest", PKCS9_OIDS[4]);
NAME_OID_TABLE.put("signingtime", PKCS9_OIDS[5]);
NAME_OID_TABLE.put("countersignature", PKCS9_OIDS[6]);
NAME_OID_TABLE.put("challengepassword", PKCS9_OIDS[7]);
NAME_OID_TABLE.put("unstructuredaddress", PKCS9_OIDS[8]);
NAME_OID_TABLE.put("extendedcertificateattributes", PKCS9_OIDS[9]);
NAME_OID_TABLE.put("issuerandserialnumber", PKCS9_OIDS[10]);
NAME_OID_TABLE.put("rsaproprietary", PKCS9_OIDS[11]);
NAME_OID_TABLE.put("rsaproprietary", PKCS9_OIDS[12]);
NAME_OID_TABLE.put("signingdescription", PKCS9_OIDS[13]);
NAME_OID_TABLE.put("extensionrequest", PKCS9_OIDS[14]);
NAME_OID_TABLE.put("smimecapability", PKCS9_OIDS[15]);
NAME_OID_TABLE.put("signingcertificate", PKCS9_OIDS[16]);
NAME_OID_TABLE.put("signaturetimestamptoken", PKCS9_OIDS[17]);
};
/**
* HashMap mapping attribute OIDs defined in PKCS9 to the
* corresponding attribute value type.
*/
private static final HashMap<ObjectIdentifier, String> OID_NAME_TABLE =
new HashMap<ObjectIdentifier, String>(17);
static {
OID_NAME_TABLE.put(PKCS9_OIDS[1], EMAIL_ADDRESS_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[2], UNSTRUCTURED_NAME_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[3], CONTENT_TYPE_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[4], MESSAGE_DIGEST_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[5], SIGNING_TIME_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[6], COUNTERSIGNATURE_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[7], CHALLENGE_PASSWORD_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[8], UNSTRUCTURED_ADDRESS_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[9], EXTENDED_CERTIFICATE_ATTRIBUTES_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[10], ISSUER_SERIALNUMBER_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[11], RSA_PROPRIETARY_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[12], RSA_PROPRIETARY_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[13], SMIME_SIGNING_DESC_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[14], EXTENSION_REQUEST_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[15], SMIME_CAPABILITY_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[16], SIGNING_CERTIFICATE_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[17], SIGNATURE_TIMESTAMP_TOKEN_STR);
}
/** /**
* Acceptable ASN.1 tags for DER encodings of values of PKCS9 * Acceptable ASN.1 tags for DER encodings of values of PKCS9
@ -427,34 +353,6 @@ public class PKCS9Attribute implements DerEncoder {
init(oid, value); init(oid, value);
} }
/**
* Construct an attribute object from the attribute's name and
* value. If the attribute is single-valued, provide only one
* value. If the attribute is multi-valued, provide an array
* containing all the values.
* Arrays of length zero are accepted, though probably useless.
*
* <P> The
* <a href=#classTable>table</a> gives the class that <code>value</code>
* must have for a given attribute. Reasonable variants of these
* attributes are accepted; in particular, case does not matter.
*
* @exception IllegalArgumentException
* if the <code>name</code> is not recognized or the
* <code>value</code> has the wrong type.
*/
public PKCS9Attribute(String name, Object value)
throws IllegalArgumentException {
ObjectIdentifier oid = getOID(name);
if (oid == null)
throw new IllegalArgumentException(
"Unrecognized attribute name " + name +
" constructing PKCS9Attribute.");
init(oid, value);
}
private void init(ObjectIdentifier oid, Object value) private void init(ObjectIdentifier oid, Object value)
throws IllegalArgumentException { throws IllegalArgumentException {
@ -766,9 +664,9 @@ public class PKCS9Attribute implements DerEncoder {
* Return the name of this attribute. * Return the name of this attribute.
*/ */
public String getName() { public String getName() {
return index == -1 ? String n = oid.toString();
oid.toString() : KnownOIDs os = KnownOIDs.findMatch(n);
OID_NAME_TABLE.get(PKCS9_OIDS[index]); return (os == null? n : os.stdName());
} }
/** /**
@ -776,7 +674,12 @@ public class PKCS9Attribute implements DerEncoder {
* the name. * the name.
*/ */
public static ObjectIdentifier getOID(String name) { public static ObjectIdentifier getOID(String name) {
return NAME_OID_TABLE.get(name.toLowerCase(Locale.ENGLISH)); KnownOIDs o = KnownOIDs.findMatch(name);
if (o != null) {
return ObjectIdentifier.of(o);
} else {
return null;
}
} }
/** /**
@ -784,7 +687,7 @@ public class PKCS9Attribute implements DerEncoder {
* the oid. * the oid.
*/ */
public static String getName(ObjectIdentifier oid) { public static String getName(ObjectIdentifier oid) {
return OID_NAME_TABLE.get(oid); return KnownOIDs.findMatch(oid.toString()).stdName();
} }
/** /**
@ -799,7 +702,7 @@ public class PKCS9Attribute implements DerEncoder {
if (index == -1) { if (index == -1) {
sb.append(oid.toString()); sb.append(oid.toString());
} else { } else {
sb.append(OID_NAME_TABLE.get(PKCS9_OIDS[index])); sb.append(getName(oid));
} }
sb.append(": "); sb.append(": ");

43
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
View file

@ -66,17 +66,11 @@ import javax.security.auth.DestroyFailedException;
import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal;
import sun.security.tools.KeyStoreUtil; import sun.security.tools.KeyStoreUtil;
import sun.security.util.Debug; import sun.security.util.*;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import sun.security.pkcs.ContentInfo; import sun.security.pkcs.ContentInfo;
import sun.security.util.SecurityProperties;
import sun.security.x509.AlgorithmId; import sun.security.x509.AlgorithmId;
import sun.security.pkcs.EncryptedPrivateKeyInfo; import sun.security.pkcs.EncryptedPrivateKeyInfo;
import sun.security.provider.JavaKeyStore.JKS; import sun.security.provider.JavaKeyStore.JKS;
import sun.security.util.KeyStoreDelegator;
import sun.security.x509.AuthorityKeyIdentifierExtension; import sun.security.x509.AuthorityKeyIdentifierExtension;
@ -148,29 +142,29 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
private static final int MAX_ITERATION_COUNT = 5000000; private static final int MAX_ITERATION_COUNT = 5000000;
private static final int SALT_LEN = 20; private static final int SALT_LEN = 20;
// friendlyName, localKeyId, trustedKeyUsage private static final KnownOIDs[] CORE_ATTRIBUTES = {
private static final String[] CORE_ATTRIBUTES = { KnownOIDs.FriendlyName,
"1.2.840.113549.1.9.20", KnownOIDs.LocalKeyID,
"1.2.840.113549.1.9.21", KnownOIDs.ORACLE_TrustedKeyUsage
"2.16.840.1.113894.746875.1.1"
}; };
private static final Debug debug = Debug.getInstance("pkcs12"); private static final Debug debug = Debug.getInstance("pkcs12");
private static final ObjectIdentifier PKCS8ShroudedKeyBag_OID = private static final ObjectIdentifier PKCS8ShroudedKeyBag_OID =
ObjectIdentifier.of("1.2.840.113549.1.12.10.1.2"); ObjectIdentifier.of(KnownOIDs.PKCS8ShroudedKeyBag);
private static final ObjectIdentifier CertBag_OID = private static final ObjectIdentifier CertBag_OID =
ObjectIdentifier.of("1.2.840.113549.1.12.10.1.3"); ObjectIdentifier.of(KnownOIDs.CertBag);
private static final ObjectIdentifier SecretBag_OID = private static final ObjectIdentifier SecretBag_OID =
ObjectIdentifier.of("1.2.840.113549.1.12.10.1.5"); ObjectIdentifier.of(KnownOIDs.SecretBag);
private static final ObjectIdentifier PKCS9FriendlyName_OID = private static final ObjectIdentifier PKCS9FriendlyName_OID =
ObjectIdentifier.of("1.2.840.113549.1.9.20"); ObjectIdentifier.of(KnownOIDs.FriendlyName);
private static final ObjectIdentifier PKCS9LocalKeyId_OID = private static final ObjectIdentifier PKCS9LocalKeyId_OID =
ObjectIdentifier.of("1.2.840.113549.1.9.21"); ObjectIdentifier.of(KnownOIDs.LocalKeyID);
private static final ObjectIdentifier PKCS9CertType_OID = private static final ObjectIdentifier PKCS9CertType_OID =
ObjectIdentifier.of("1.2.840.113549.1.9.22.1"); ObjectIdentifier.of(KnownOIDs.CertTypeX509);
private static final ObjectIdentifier pbes2_OID = private static final ObjectIdentifier pbes2_OID =
ObjectIdentifier.of("1.2.840.113549.1.5.13"); ObjectIdentifier.of(KnownOIDs.PBES2);
/* /*
* Temporary Oracle OID * Temporary Oracle OID
@ -179,11 +173,10 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
* oracle(113894) jdk(746875) crypto(1) id-at-trustedKeyUsage(1)} * oracle(113894) jdk(746875) crypto(1) id-at-trustedKeyUsage(1)}
*/ */
private static final ObjectIdentifier TrustedKeyUsage_OID = private static final ObjectIdentifier TrustedKeyUsage_OID =
ObjectIdentifier.of("2.16.840.1.113894.746875.1.1"); ObjectIdentifier.of(KnownOIDs.ORACLE_TrustedKeyUsage);
private static final ObjectIdentifier[] AnyUsage = new ObjectIdentifier[] { private static final ObjectIdentifier[] AnyUsage = new ObjectIdentifier[] {
// AnyExtendedKeyUsage ObjectIdentifier.of(KnownOIDs.anyExtendedKeyUsage)
ObjectIdentifier.of("2.5.29.37.0")
}; };
private int counter = 0; private int counter = 0;
@ -1643,9 +1636,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
for (KeyStore.Entry.Attribute attribute : attributes) { for (KeyStore.Entry.Attribute attribute : attributes) {
String attributeName = attribute.getName(); String attributeName = attribute.getName();
// skip friendlyName, localKeyId and trustedKeyUsage // skip friendlyName, localKeyId and trustedKeyUsage
if (CORE_ATTRIBUTES[0].equals(attributeName) || if (CORE_ATTRIBUTES[0].value().equals(attributeName) ||
CORE_ATTRIBUTES[1].equals(attributeName) || CORE_ATTRIBUTES[1].value().equals(attributeName) ||
CORE_ATTRIBUTES[2].equals(attributeName)) { CORE_ATTRIBUTES[2].value().equals(attributeName)) {
continue; continue;
} }
attrs.write(((PKCS12Attribute) attribute).getEncoded()); attrs.write(((PKCS12Attribute) attribute).getEncoded());

12
src/java.base/share/classes/sun/security/provider/KeyProtector.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -38,6 +38,7 @@ import sun.security.pkcs.PKCS8Key;
import sun.security.pkcs.EncryptedPrivateKeyInfo; import sun.security.pkcs.EncryptedPrivateKeyInfo;
import sun.security.x509.AlgorithmId; import sun.security.x509.AlgorithmId;
import sun.security.util.ObjectIdentifier; import sun.security.util.ObjectIdentifier;
import sun.security.util.KnownOIDs;
import sun.security.util.DerValue; import sun.security.util.DerValue;
/** /**
@ -105,9 +106,6 @@ final class KeyProtector {
private static final String DIGEST_ALG = "SHA"; private static final String DIGEST_ALG = "SHA";
private static final int DIGEST_LEN = 20; private static final int DIGEST_LEN = 20;
// defined by JavaSoft
private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1";
// The password used for protecting/recovering keys passed through this // The password used for protecting/recovering keys passed through this
// key protector. We store it as a byte array, so that we can digest it. // key protector. We store it as a byte array, so that we can digest it.
private byte[] passwdBytes; private byte[] passwdBytes;
@ -213,7 +211,8 @@ final class KeyProtector {
// EncryptedPrivateKeyInfo, and returns its encoding // EncryptedPrivateKeyInfo, and returns its encoding
AlgorithmId encrAlg; AlgorithmId encrAlg;
try { try {
encrAlg = new AlgorithmId(new ObjectIdentifier(KEY_PROTECTOR_OID)); encrAlg = new AlgorithmId(ObjectIdentifier.of
(KnownOIDs.JAVASOFT_JDKKeyProtector));
return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded(); return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
} catch (IOException ioe) { } catch (IOException ioe) {
throw new KeyStoreException(ioe.getMessage()); throw new KeyStoreException(ioe.getMessage());
@ -235,7 +234,8 @@ final class KeyProtector {
// do we support the algorithm? // do we support the algorithm?
AlgorithmId encrAlg = encrInfo.getAlgorithm(); AlgorithmId encrAlg = encrInfo.getAlgorithm();
if (!(encrAlg.getOID().toString().equals(KEY_PROTECTOR_OID))) { if (!(encrAlg.getOID().toString().equals
(KnownOIDs.JAVASOFT_JDKKeyProtector.value()))) {
throw new UnrecoverableKeyException("Unsupported key protection " throw new UnrecoverableKeyException("Unsupported key protection "
+ "algorithm"); + "algorithm");
} }

170
src/java.base/share/classes/sun/security/provider/SunEntries.java
View file

@ -32,6 +32,8 @@ import java.security.*;
import jdk.internal.util.StaticProperty; import jdk.internal.util.StaticProperty;
import sun.security.action.GetPropertyAction; import sun.security.action.GetPropertyAction;
import sun.security.util.SecurityProviderConstants;
import static sun.security.util.SecurityProviderConstants.getAliases;
/** /**
* Defines the entries of the SUN provider. * Defines the entries of the SUN provider.
@ -80,18 +82,6 @@ public final class SunEntries {
// the default algo used by SecureRandom class for new SecureRandom() calls // the default algo used by SecureRandom class for new SecureRandom() calls
public static final String DEF_SECURE_RANDOM_ALGO; public static final String DEF_SECURE_RANDOM_ALGO;
// create an aliases List from the specified aliases
public static List<String> createAliases(String ... aliases) {
return Arrays.asList(aliases);
}
// create an aliases List from the specified oid followed by other aliases
public static List<String> createAliasesWithOid(String ... oids) {
String[] result = Arrays.copyOf(oids, oids.length + 1);
result[result.length - 1] = "OID." + oids[0];
return Arrays.asList(result);
}
SunEntries(Provider p) { SunEntries(Provider p) {
services = new LinkedHashSet<>(50, 0.9f); services = new LinkedHashSet<>(50, 0.9f);
@ -106,22 +96,20 @@ public final class SunEntries {
attrs.put("ThreadSafe", "true"); attrs.put("ThreadSafe", "true");
if (NativePRNG.isAvailable()) { if (NativePRNG.isAvailable()) {
add(p, "SecureRandom", "NativePRNG", add(p, "SecureRandom", "NativePRNG",
"sun.security.provider.NativePRNG", "sun.security.provider.NativePRNG", attrs);
null, attrs);
} }
if (NativePRNG.Blocking.isAvailable()) { if (NativePRNG.Blocking.isAvailable()) {
add(p, "SecureRandom", "NativePRNGBlocking", add(p, "SecureRandom", "NativePRNGBlocking",
"sun.security.provider.NativePRNG$Blocking", null, attrs); "sun.security.provider.NativePRNG$Blocking", attrs);
} }
if (NativePRNG.NonBlocking.isAvailable()) { if (NativePRNG.NonBlocking.isAvailable()) {
add(p, "SecureRandom", "NativePRNGNonBlocking", add(p, "SecureRandom", "NativePRNGNonBlocking",
"sun.security.provider.NativePRNG$NonBlocking", null, attrs); "sun.security.provider.NativePRNG$NonBlocking", attrs);
} }
attrs.put("ImplementedIn", "Software"); attrs.put("ImplementedIn", "Software");
add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs);
null, attrs);
add(p, "SecureRandom", "SHA1PRNG", add(p, "SecureRandom", "SHA1PRNG",
"sun.security.provider.SecureRandom", null, attrs); "sun.security.provider.SecureRandom", attrs);
/* /*
* Signature engines * Signature engines
@ -134,37 +122,28 @@ public final class SunEntries {
attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures
add(p, "Signature", "SHA1withDSA", addWithAlias(p, "Signature", "SHA1withDSA",
"sun.security.provider.DSA$SHA1withDSA", "sun.security.provider.DSA$SHA1withDSA", attrs);
createAliasesWithOid("1.2.840.10040.4.3", "DSA", "DSS", addWithAlias(p, "Signature", "NONEwithDSA",
"SHA/DSA", "SHA-1/DSA", "SHA1/DSA", "SHAwithDSA", "sun.security.provider.DSA$RawDSA", attrs);
"DSAWithSHA1", "1.3.14.3.2.13", "1.3.14.3.2.27"), attrs);
add(p, "Signature", "NONEwithDSA", "sun.security.provider.DSA$RawDSA",
createAliases("RawDSA"), attrs);
attrs.put("KeySize", "2048"); // for SHA224 and SHA256 DSA signatures attrs.put("KeySize", "2048"); // for SHA224 and SHA256 DSA signatures
add(p, "Signature", "SHA224withDSA", addWithAlias(p, "Signature", "SHA224withDSA",
"sun.security.provider.DSA$SHA224withDSA", "sun.security.provider.DSA$SHA224withDSA", attrs);
createAliasesWithOid("2.16.840.1.101.3.4.3.1"), attrs); addWithAlias(p, "Signature", "SHA256withDSA",
add(p, "Signature", "SHA256withDSA", "sun.security.provider.DSA$SHA256withDSA", attrs);
"sun.security.provider.DSA$SHA256withDSA",
createAliasesWithOid("2.16.840.1.101.3.4.3.2"), attrs);
attrs.remove("KeySize"); attrs.remove("KeySize");
add(p, "Signature", "SHA1withDSAinP1363Format", add(p, "Signature", "SHA1withDSAinP1363Format",
"sun.security.provider.DSA$SHA1withDSAinP1363Format", "sun.security.provider.DSA$SHA1withDSAinP1363Format");
null, null);
add(p, "Signature", "NONEwithDSAinP1363Format", add(p, "Signature", "NONEwithDSAinP1363Format",
"sun.security.provider.DSA$RawDSAinP1363Format", "sun.security.provider.DSA$RawDSAinP1363Format");
null, null);
add(p, "Signature", "SHA224withDSAinP1363Format", add(p, "Signature", "SHA224withDSAinP1363Format",
"sun.security.provider.DSA$SHA224withDSAinP1363Format", "sun.security.provider.DSA$SHA224withDSAinP1363Format");
null, null);
add(p, "Signature", "SHA256withDSAinP1363Format", add(p, "Signature", "SHA256withDSAinP1363Format",
"sun.security.provider.DSA$SHA256withDSAinP1363Format", "sun.security.provider.DSA$SHA256withDSAinP1363Format");
null, null);
/* /*
* Key Pair Generator engines * Key Pair Generator engines
@ -173,85 +152,75 @@ public final class SunEntries {
attrs.put("ImplementedIn", "Software"); attrs.put("ImplementedIn", "Software");
attrs.put("KeySize", "2048"); // for DSA KPG and APG only attrs.put("KeySize", "2048"); // for DSA KPG and APG only
String dsaOid = "1.2.840.10040.4.1";
List<String> dsaAliases = createAliasesWithOid(dsaOid, "1.3.14.3.2.12");
String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$"; String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current"); dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
add(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, dsaAliases, attrs); addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
/* /*
* Algorithm Parameter Generator engines * Algorithm Parameter Generator engines
*/ */
add(p, "AlgorithmParameterGenerator", "DSA", addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
"sun.security.provider.DSAParameterGenerator", dsaAliases, "sun.security.provider.DSAParameterGenerator", attrs);
attrs);
attrs.remove("KeySize"); attrs.remove("KeySize");
/* /*
* Algorithm Parameter engines * Algorithm Parameter engines
*/ */
add(p, "AlgorithmParameters", "DSA", addWithAlias(p, "AlgorithmParameters", "DSA",
"sun.security.provider.DSAParameters", dsaAliases, attrs); "sun.security.provider.DSAParameters", attrs);
/* /*
* Key factories * Key factories
*/ */
add(p, "KeyFactory", "DSA", "sun.security.provider.DSAKeyFactory", addWithAlias(p, "KeyFactory", "DSA",
dsaAliases, attrs); "sun.security.provider.DSAKeyFactory", attrs);
/* /*
* Digest engines * Digest engines
*/ */
add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", null, attrs); add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs);
add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", null, attrs); add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs);
add(p, "MessageDigest", "SHA", "sun.security.provider.SHA", addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA",
createAliasesWithOid("1.3.14.3.2.26", "SHA-1", "SHA1"), attrs); attrs);
String sha2BaseOid = "2.16.840.1.101.3.4.2"; addWithAlias(p, "MessageDigest", "SHA-224",
add(p, "MessageDigest", "SHA-224", "sun.security.provider.SHA2$SHA224", "sun.security.provider.SHA2$SHA224", attrs);
createAliasesWithOid(sha2BaseOid + ".4"), attrs); addWithAlias(p, "MessageDigest", "SHA-256",
add(p, "MessageDigest", "SHA-256", "sun.security.provider.SHA2$SHA256", "sun.security.provider.SHA2$SHA256", attrs);
createAliasesWithOid(sha2BaseOid + ".1"), attrs); addWithAlias(p, "MessageDigest", "SHA-384",
add(p, "MessageDigest", "SHA-384", "sun.security.provider.SHA5$SHA384", "sun.security.provider.SHA5$SHA384", attrs);
createAliasesWithOid(sha2BaseOid + ".2"), attrs); addWithAlias(p, "MessageDigest", "SHA-512",
add(p, "MessageDigest", "SHA-512", "sun.security.provider.SHA5$SHA512", "sun.security.provider.SHA5$SHA512", attrs);
createAliasesWithOid(sha2BaseOid + ".3"), attrs); addWithAlias(p, "MessageDigest", "SHA-512/224",
add(p, "MessageDigest", "SHA-512/224", "sun.security.provider.SHA5$SHA512_224", attrs);
"sun.security.provider.SHA5$SHA512_224", addWithAlias(p, "MessageDigest", "SHA-512/256",
createAliasesWithOid(sha2BaseOid + ".5"), attrs); "sun.security.provider.SHA5$SHA512_256", attrs);
add(p, "MessageDigest", "SHA-512/256", addWithAlias(p, "MessageDigest", "SHA3-224",
"sun.security.provider.SHA5$SHA512_256", "sun.security.provider.SHA3$SHA224", attrs);
createAliasesWithOid(sha2BaseOid + ".6"), attrs); addWithAlias(p, "MessageDigest", "SHA3-256",
add(p, "MessageDigest", "SHA3-224", "sun.security.provider.SHA3$SHA224", "sun.security.provider.SHA3$SHA256", attrs);
createAliasesWithOid(sha2BaseOid + ".7"), attrs); addWithAlias(p, "MessageDigest", "SHA3-384",
add(p, "MessageDigest", "SHA3-256", "sun.security.provider.SHA3$SHA256", "sun.security.provider.SHA3$SHA384", attrs);
createAliasesWithOid(sha2BaseOid + ".8"), attrs); addWithAlias(p, "MessageDigest", "SHA3-512",
add(p, "MessageDigest", "SHA3-384", "sun.security.provider.SHA3$SHA384", "sun.security.provider.SHA3$SHA512", attrs);
createAliasesWithOid(sha2BaseOid + ".9"), attrs);
add(p, "MessageDigest", "SHA3-512", "sun.security.provider.SHA3$SHA512",
createAliasesWithOid(sha2BaseOid + ".10"), attrs);
/* /*
* Certificates * Certificates
*/ */
add(p, "CertificateFactory", "X.509", addWithAlias(p, "CertificateFactory", "X.509",
"sun.security.provider.X509Factory", "sun.security.provider.X509Factory", attrs);
createAliases("X509"), attrs);
/* /*
* KeyStore * KeyStore
*/ */
add(p, "KeyStore", "PKCS12", add(p, "KeyStore", "PKCS12",
"sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12", "sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12");
null, null);
add(p, "KeyStore", "JKS", add(p, "KeyStore", "JKS",
"sun.security.provider.JavaKeyStore$DualFormatJKS", "sun.security.provider.JavaKeyStore$DualFormatJKS", attrs);
null, attrs);
add(p, "KeyStore", "CaseExactJKS", add(p, "KeyStore", "CaseExactJKS",
"sun.security.provider.JavaKeyStore$CaseExactJKS", "sun.security.provider.JavaKeyStore$CaseExactJKS", attrs);
null, attrs);
add(p, "KeyStore", "DKS", "sun.security.provider.DomainKeyStore$DKS", add(p, "KeyStore", "DKS", "sun.security.provider.DomainKeyStore$DKS",
null, attrs); attrs);
/* /*
@ -259,22 +228,21 @@ public final class SunEntries {
*/ */
add(p, "CertStore", "Collection", add(p, "CertStore", "Collection",
"sun.security.provider.certpath.CollectionCertStore", "sun.security.provider.certpath.CollectionCertStore",
null, attrs); attrs);
add(p, "CertStore", "com.sun.security.IndexedCollection", add(p, "CertStore", "com.sun.security.IndexedCollection",
"sun.security.provider.certpath.IndexedCollectionCertStore", "sun.security.provider.certpath.IndexedCollectionCertStore",
null, attrs); attrs);
/* /*
* Policy * Policy
*/ */
add(p, "Policy", "JavaPolicy", "sun.security.provider.PolicySpiFile", add(p, "Policy", "JavaPolicy", "sun.security.provider.PolicySpiFile");
null, null);
/* /*
* Configuration * Configuration
*/ */
add(p, "Configuration", "JavaLoginConfig", add(p, "Configuration", "JavaLoginConfig",
"sun.security.provider.ConfigFile$Spi", null, null); "sun.security.provider.ConfigFile$Spi");
/* /*
* CertPathBuilder and CertPathValidator * CertPathBuilder and CertPathValidator
@ -285,19 +253,29 @@ public final class SunEntries {
add(p, "CertPathBuilder", "PKIX", add(p, "CertPathBuilder", "PKIX",
"sun.security.provider.certpath.SunCertPathBuilder", "sun.security.provider.certpath.SunCertPathBuilder",
null, attrs); attrs);
add(p, "CertPathValidator", "PKIX", add(p, "CertPathValidator", "PKIX",
"sun.security.provider.certpath.PKIXCertPathValidator", "sun.security.provider.certpath.PKIXCertPathValidator",
null, attrs); attrs);
} }
Iterator<Provider.Service> iterator() { Iterator<Provider.Service> iterator() {
return services.iterator(); return services.iterator();
} }
private void add(Provider p, String type, String algo, String cn) {
services.add(new Provider.Service(p, type, algo, cn, null, null));
}
private void add(Provider p, String type, String algo, String cn, private void add(Provider p, String type, String algo, String cn,
List<String> aliases, HashMap<String, String> attrs) { HashMap<String, String> attrs) {
services.add(new Provider.Service(p, type, algo, cn, aliases, attrs)); services.add(new Provider.Service(p, type, algo, cn, null, attrs));
}
private void addWithAlias(Provider p, String type, String algo, String cn,
HashMap<String, String> attrs) {
services.add(new Provider.Service(p, type, algo, cn,
getAliases(algo), attrs));
} }
private LinkedHashSet<Provider.Service> services; private LinkedHashSet<Provider.Service> services;

7
src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java
View file

@ -135,7 +135,7 @@ public final class OCSPResponse {
private static final Debug debug = Debug.getInstance("certpath"); private static final Debug debug = Debug.getInstance("certpath");
private static final boolean dump = debug != null && Debug.isOn("ocsp"); private static final boolean dump = debug != null && Debug.isOn("ocsp");
private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID = private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.1"); ObjectIdentifier.of(KnownOIDs.OCSPBasicResponse);
private static final int CERT_STATUS_GOOD = 0; private static final int CERT_STATUS_GOOD = 0;
private static final int CERT_STATUS_REVOKED = 1; private static final int CERT_STATUS_REVOKED = 1;
private static final int CERT_STATUS_UNKNOWN = 2; private static final int CERT_STATUS_UNKNOWN = 2;
@ -144,9 +144,6 @@ public final class OCSPResponse {
private static final int NAME_TAG = 1; private static final int NAME_TAG = 1;
private static final int KEY_TAG = 2; private static final int KEY_TAG = 2;
// Object identifier for the OCSPSigning key purpose
private static final String KP_OCSP_SIGNING_OID = "1.3.6.1.5.5.7.3.9";
// Default maximum clock skew in milliseconds (15 minutes) // Default maximum clock skew in milliseconds (15 minutes)
// allowed when checking validity of OCSP responses // allowed when checking validity of OCSP responses
private static final int DEFAULT_MAX_CLOCK_SKEW = 900000; private static final int DEFAULT_MAX_CLOCK_SKEW = 900000;
@ -493,7 +490,7 @@ public final class OCSPResponse {
try { try {
List<String> keyPurposes = signerCert.getExtendedKeyUsage(); List<String> keyPurposes = signerCert.getExtendedKeyUsage();
if (keyPurposes == null || if (keyPurposes == null ||
!keyPurposes.contains(KP_OCSP_SIGNING_OID)) { !keyPurposes.contains(KnownOIDs.OCSPSigning.value())) {
throw new CertPathValidatorException( throw new CertPathValidatorException(
"Responder's certificate not valid for signing " + "Responder's certificate not valid for signing " +
"OCSP responses"); "OCSP responses");

3
src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java
View file

@ -46,6 +46,7 @@ import static sun.security.provider.certpath.PKIX.*;
import sun.security.x509.*; import sun.security.x509.*;
import static sun.security.x509.PKIXExtensions.*; import static sun.security.x509.PKIXExtensions.*;
import sun.security.util.Debug; import sun.security.util.Debug;
import sun.security.util.KnownOIDs;
class RevocationChecker extends PKIXRevocationChecker { class RevocationChecker extends PKIXRevocationChecker {
@ -722,7 +723,7 @@ class RevocationChecker extends PKIXRevocationChecker {
// verify the response // verify the response
byte[] nonce = null; byte[] nonce = null;
for (Extension ext : ocspExtensions) { for (Extension ext : ocspExtensions) {
if (ext.getId().equals("1.3.6.1.5.5.7.48.1.2")) { if (ext.getId().equals(KnownOIDs.OCSPNonceExt.value())) {
nonce = ext.getValue(); nonce = ext.getValue();
} }
} }

4
src/java.base/share/classes/sun/security/rsa/PSSParameters.java
View file

@ -99,7 +99,7 @@ public final class PSSParameters extends AlgorithmParametersSpi {
} else if (d.isContextSpecific((byte) 0x01)) { } else if (d.isContextSpecific((byte) 0x01)) {
// mgf algid // mgf algid
AlgorithmId val = AlgorithmId.parse(d.data.getDerValue()); AlgorithmId val = AlgorithmId.parse(d.data.getDerValue());
if (!val.getOID().equals(AlgorithmId.mgf1_oid)) { if (!val.getOID().equals(AlgorithmId.MGF1_oid)) {
throw new IOException("Only MGF1 mgf is supported"); throw new IOException("Only MGF1 mgf is supported");
} }
AlgorithmId params = AlgorithmId.parse( AlgorithmId params = AlgorithmId.parse(
@ -242,7 +242,7 @@ public final class PSSParameters extends AlgorithmParametersSpi {
if (!mgfDigestId.getOID().equals(AlgorithmId.SHA_oid)) { if (!mgfDigestId.getOID().equals(AlgorithmId.SHA_oid)) {
tmp2 = new DerOutputStream(); tmp2 = new DerOutputStream();
tmp2.putOID(AlgorithmId.mgf1_oid); tmp2.putOID(AlgorithmId.MGF1_oid);
mgfDigestId.encode(tmp2); mgfDigestId.encode(tmp2);
tmp3 = new DerOutputStream(); tmp3 = new DerOutputStream();
tmp3.write(DerValue.tag_Sequence, tmp2); tmp3.write(DerValue.tag_Sequence, tmp2);

89
src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -27,7 +27,7 @@ package sun.security.rsa;
import java.util.*; import java.util.*;
import java.security.Provider; import java.security.Provider;
import static sun.security.provider.SunEntries.createAliasesWithOid; import static sun.security.util.SecurityProviderConstants.getAliases;
/** /**
* Defines the entries of the SunRsaSign provider. * Defines the entries of the SunRsaSign provider.
@ -38,7 +38,14 @@ public final class SunRsaSignEntries {
private void add(Provider p, String type, String algo, String cn, private void add(Provider p, String type, String algo, String cn,
List<String> aliases, HashMap<String, String> attrs) { List<String> aliases, HashMap<String, String> attrs) {
services.add(new Provider.Service(p, type, algo, cn, aliases, attrs)); services.add(new Provider.Service(p, type, algo, cn,
aliases, attrs));
}
private void addA(Provider p, String type, String algo, String cn,
HashMap<String, String> attrs) {
services.add(new Provider.Service(p, type, algo, cn,
getAliases(algo), attrs));
} }
// extend LinkedHashSet for consistency with SunEntries // extend LinkedHashSet for consistency with SunEntries
@ -47,13 +54,6 @@ public final class SunRsaSignEntries {
services = new LinkedHashSet<>(20, 0.9f); services = new LinkedHashSet<>(20, 0.9f);
// start populating content using the specified provider // start populating content using the specified provider
// common oids
String rsaOid = "1.2.840.113549.1.1";
List<String> rsaAliases = createAliasesWithOid(rsaOid);
List<String> rsapssAliases = createAliasesWithOid(rsaOid + ".10");
String sha1withRSAOid2 = "1.3.14.3.2.29";
// common attribute map // common attribute map
HashMap<String, String> attrs = new HashMap<>(3); HashMap<String, String> attrs = new HashMap<>(3);
attrs.put("SupportedKeyClasses", attrs.put("SupportedKeyClasses",
@ -62,50 +62,37 @@ public final class SunRsaSignEntries {
add(p, "KeyFactory", "RSA", add(p, "KeyFactory", "RSA",
"sun.security.rsa.RSAKeyFactory$Legacy", "sun.security.rsa.RSAKeyFactory$Legacy",
rsaAliases, null); getAliases("PKCS1"), null);
add(p, "KeyPairGenerator", "RSA", add(p, "KeyPairGenerator", "RSA",
"sun.security.rsa.RSAKeyPairGenerator$Legacy", "sun.security.rsa.RSAKeyPairGenerator$Legacy",
rsaAliases, null); getAliases("PKCS1"), null);
add(p, "Signature", "MD2withRSA", addA(p, "Signature", "MD2withRSA",
"sun.security.rsa.RSASignature$MD2withRSA", "sun.security.rsa.RSASignature$MD2withRSA", attrs);
createAliasesWithOid(rsaOid + ".2"), attrs); addA(p, "Signature", "MD5withRSA",
add(p, "Signature", "MD5withRSA", "sun.security.rsa.RSASignature$MD5withRSA", attrs);
"sun.security.rsa.RSASignature$MD5withRSA", addA(p, "Signature", "SHA1withRSA",
createAliasesWithOid(rsaOid + ".4"), attrs); "sun.security.rsa.RSASignature$SHA1withRSA", attrs);
add(p, "Signature", "SHA1withRSA", addA(p, "Signature", "SHA224withRSA",
"sun.security.rsa.RSASignature$SHA1withRSA", "sun.security.rsa.RSASignature$SHA224withRSA", attrs);
createAliasesWithOid(rsaOid + ".5", sha1withRSAOid2), attrs); addA(p, "Signature", "SHA256withRSA",
add(p, "Signature", "SHA224withRSA", "sun.security.rsa.RSASignature$SHA256withRSA", attrs);
"sun.security.rsa.RSASignature$SHA224withRSA", addA(p, "Signature", "SHA384withRSA",
createAliasesWithOid(rsaOid + ".14"), attrs); "sun.security.rsa.RSASignature$SHA384withRSA", attrs);
add(p, "Signature", "SHA256withRSA", addA(p, "Signature", "SHA512withRSA",
"sun.security.rsa.RSASignature$SHA256withRSA", "sun.security.rsa.RSASignature$SHA512withRSA", attrs);
createAliasesWithOid(rsaOid + ".11"), attrs); addA(p, "Signature", "SHA512/224withRSA",
add(p, "Signature", "SHA384withRSA", "sun.security.rsa.RSASignature$SHA512_224withRSA", attrs);
"sun.security.rsa.RSASignature$SHA384withRSA", addA(p, "Signature", "SHA512/256withRSA",
createAliasesWithOid(rsaOid + ".12"), attrs); "sun.security.rsa.RSASignature$SHA512_256withRSA", attrs);
add(p, "Signature", "SHA512withRSA",
"sun.security.rsa.RSASignature$SHA512withRSA",
createAliasesWithOid(rsaOid + ".13"), attrs);
add(p, "Signature", "SHA512/224withRSA",
"sun.security.rsa.RSASignature$SHA512_224withRSA",
createAliasesWithOid(rsaOid + ".15"), attrs);
add(p, "Signature", "SHA512/256withRSA",
"sun.security.rsa.RSASignature$SHA512_256withRSA",
createAliasesWithOid(rsaOid + ".16"), attrs);
add(p, "KeyFactory", "RSASSA-PSS", addA(p, "KeyFactory", "RSASSA-PSS",
"sun.security.rsa.RSAKeyFactory$PSS", "sun.security.rsa.RSAKeyFactory$PSS", attrs);
rsapssAliases, null); addA(p, "KeyPairGenerator", "RSASSA-PSS",
add(p, "KeyPairGenerator", "RSASSA-PSS", "sun.security.rsa.RSAKeyPairGenerator$PSS", attrs);
"sun.security.rsa.RSAKeyPairGenerator$PSS", addA(p, "Signature", "RSASSA-PSS",
rsapssAliases, null); "sun.security.rsa.RSAPSSSignature", attrs);
add(p, "Signature", "RSASSA-PSS", addA(p, "AlgorithmParameters", "RSASSA-PSS",
"sun.security.rsa.RSAPSSSignature", "sun.security.rsa.PSSParameters", attrs);
rsapssAliases, attrs);
add(p, "AlgorithmParameters", "RSASSA-PSS",
"sun.security.rsa.PSSParameters",
rsapssAliases, null);
} }
public Iterator<Provider.Service> iterator() { public Iterator<Provider.Service> iterator() {

16
src/java.base/share/classes/sun/security/ssl/SunJSSE.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@ package sun.security.ssl;
import java.security.*; import java.security.*;
import java.util.*; import java.util.*;
import static sun.security.util.SecurityConstants.PROVIDER_VER; import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.provider.SunEntries.createAliases; import static sun.security.util.SecurityProviderConstants.*;
/** /**
* The JSSE provider. * The JSSE provider.
@ -74,8 +74,8 @@ public class SunJSSE extends java.security.Provider {
} }
private void ps(String type, String algo, String cn, private void ps(String type, String algo, String cn,
List<String> aliases, HashMap<String, String> attrs) { List<String> a, HashMap<String, String> attrs) {
putService(new Provider.Service(this, type, algo, cn, aliases, attrs)); putService(new Provider.Service(this, type, algo, cn, a, attrs));
} }
private void doRegister() { private void doRegister() {
@ -86,18 +86,18 @@ public class SunJSSE extends java.security.Provider {
"sun.security.ssl.KeyManagerFactoryImpl$SunX509", null, null); "sun.security.ssl.KeyManagerFactoryImpl$SunX509", null, null);
ps("KeyManagerFactory", "NewSunX509", ps("KeyManagerFactory", "NewSunX509",
"sun.security.ssl.KeyManagerFactoryImpl$X509", "sun.security.ssl.KeyManagerFactoryImpl$X509",
createAliases("PKIX"), null); List.of("PKIX"), null);
ps("TrustManagerFactory", "SunX509", ps("TrustManagerFactory", "SunX509",
"sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory", "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory",
null, null); null, null);
ps("TrustManagerFactory", "PKIX", ps("TrustManagerFactory", "PKIX",
"sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory", "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory",
createAliases("SunPKIX", "X509", "X.509"), null); List.of("SunPKIX", "X509", "X.509"), null);
ps("SSLContext", "TLSv1", ps("SSLContext", "TLSv1",
"sun.security.ssl.SSLContextImpl$TLS10Context", "sun.security.ssl.SSLContextImpl$TLS10Context",
createAliases("SSLv3"), null); List.of("SSLv3"), null);
ps("SSLContext", "TLSv1.1", ps("SSLContext", "TLSv1.1",
"sun.security.ssl.SSLContextImpl$TLS11Context", null, null); "sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
ps("SSLContext", "TLSv1.2", ps("SSLContext", "TLSv1.2",
@ -106,7 +106,7 @@ public class SunJSSE extends java.security.Provider {
"sun.security.ssl.SSLContextImpl$TLS13Context", null, null); "sun.security.ssl.SSLContextImpl$TLS13Context", null, null);
ps("SSLContext", "TLS", ps("SSLContext", "TLS",
"sun.security.ssl.SSLContextImpl$TLSContext", "sun.security.ssl.SSLContextImpl$TLSContext",
createAliases("SSL"), null); List.of("SSL"), null);
ps("SSLContext", "DTLSv1.0", ps("SSLContext", "DTLSv1.0",
"sun.security.ssl.SSLContextImpl$DTLS10Context", null, null); "sun.security.ssl.SSLContextImpl$DTLS10Context", null, null);

18
src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -43,6 +43,7 @@ import java.util.concurrent.atomic.AtomicLong;
import javax.net.ssl.*; import javax.net.ssl.*;
import sun.security.provider.certpath.AlgorithmChecker; import sun.security.provider.certpath.AlgorithmChecker;
import sun.security.validator.Validator; import sun.security.validator.Validator;
import sun.security.util.KnownOIDs;
/** /**
* The new X509 key manager implementation. The main differences to the * The new X509 key manager implementation. The main differences to the
@ -522,14 +523,19 @@ final class X509KeyManagerImpl extends X509ExtendedKeyManager
// enum constant for "tls client" check // enum constant for "tls client" check
// valid EKU for TLS client: any, tls_client // valid EKU for TLS client: any, tls_client
CLIENT(new HashSet<String>(Arrays.asList(new String[] { CLIENT(new HashSet<String>(List.of(
"2.5.29.37.0", "1.3.6.1.5.5.7.3.2" }))), KnownOIDs.anyExtendedKeyUsage.value(),
KnownOIDs.clientAuth.value()
))),
// enum constant for "tls server" check // enum constant for "tls server" check
// valid EKU for TLS server: any, tls_server, ns_sgc, ms_sgc // valid EKU for TLS server: any, tls_server, ns_sgc, ms_sgc
SERVER(new HashSet<String>(Arrays.asList(new String[] { SERVER(new HashSet<String>(List.of(
"2.5.29.37.0", "1.3.6.1.5.5.7.3.1", "2.16.840.1.113730.4.1", KnownOIDs.anyExtendedKeyUsage.value(),
"1.3.6.1.4.1.311.10.3.3" }))); KnownOIDs.serverAuth.value(),
KnownOIDs.NETSCAPE_ExportApproved.value(),
KnownOIDs.MICROSOFT_ExportApproved.value()
)));
// set of valid EKU values for this type // set of valid EKU values for this type
final Set<String> validEku; final Set<String> validEku;

4
src/java.base/share/classes/sun/security/timestamp/TSRequest.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -163,7 +163,7 @@ public class TSRequest {
// encode optional elements // encode optional elements
if (policyId != null) { if (policyId != null) {
request.putOID(new ObjectIdentifier(policyId)); request.putOID(ObjectIdentifier.of(policyId));
} }
if (nonce != null) { if (nonce != null) {
request.putInteger(nonce); request.putInteger(nonce);

79
src/java.base/share/classes/sun/security/tools/keytool/Main.java
View file

@ -82,6 +82,7 @@ import sun.security.pkcs10.PKCS10;
import sun.security.pkcs10.PKCS10Attribute; import sun.security.pkcs10.PKCS10Attribute;
import sun.security.provider.X509Factory; import sun.security.provider.X509Factory;
import sun.security.provider.certpath.ssl.SSLServerCertStore; import sun.security.provider.certpath.ssl.SSLServerCertStore;
import sun.security.util.KnownOIDs;
import sun.security.util.Password; import sun.security.util.Password;
import sun.security.util.SecurityProperties; import sun.security.util.SecurityProperties;
import sun.security.util.SecurityProviderConstants; import sun.security.util.SecurityProviderConstants;
@ -4125,6 +4126,23 @@ public final class Main {
return c.getTime(); return c.getTime();
} }
/**
* Match a command with a command set. The match can be exact, or
* partial, or case-insensitive.
*
* @param s the command provided by user
* @param list the legal command set represented by KnownOIDs enums.
* @return the position of a single match, or -1 if none matched
* @throws Exception if s is ambiguous
*/
private static int oneOf(String s, KnownOIDs... list) throws Exception {
String[] convertedList = new String[list.length];
for (int i = 0; i < list.length; i++) {
convertedList[i] = list[i].stdName();
}
return oneOf(s, convertedList);
}
/** /**
* Match a command with a command set. The match can be exact, or * Match a command with a command set. The match can be exact, or
* partial, or case-insensitive. * partial, or case-insensitive.
@ -4262,7 +4280,7 @@ public final class Main {
case 5: return PKIXExtensions.SubjectInfoAccess_Id; case 5: return PKIXExtensions.SubjectInfoAccess_Id;
case 6: return PKIXExtensions.AuthInfoAccess_Id; case 6: return PKIXExtensions.AuthInfoAccess_Id;
case 8: return PKIXExtensions.CRLDistributionPoints_Id; case 8: return PKIXExtensions.CRLDistributionPoints_Id;
default: return new ObjectIdentifier(type); default: return ObjectIdentifier.of(type);
} }
} }
@ -4474,31 +4492,27 @@ public final class Main {
case 2: // EKU case 2: // EKU
if(value != null) { if(value != null) {
Vector<ObjectIdentifier> v = new Vector<>(); Vector<ObjectIdentifier> v = new Vector<>();
KnownOIDs[] choices = {
KnownOIDs.anyExtendedKeyUsage,
KnownOIDs.serverAuth,
KnownOIDs.clientAuth,
KnownOIDs.codeSigning,
KnownOIDs.emailProtection,
KnownOIDs.KP_TimeStamping,
KnownOIDs.OCSPSigning
};
for (String s: value.split(",")) { for (String s: value.split(",")) {
int p = oneOf(s, int p = oneOf(s, choices);
"anyExtendedKeyUsage", String o = s;
"serverAuth", //1 if (p >= 0) {
"clientAuth", //2 o = choices[p].value();
"codeSigning", //3 }
"emailProtection", //4
"", //5
"", //6
"", //7
"timeStamping", //8
"OCSPSigning" //9
);
if (p < 0) {
try { try {
v.add(new ObjectIdentifier(s)); v.add(ObjectIdentifier.of(o));
} catch (Exception e) { } catch (Exception e) {
throw new Exception(rb.getString( throw new Exception(rb.getString(
"Unknown.extendedkeyUsage.type.") + s); "Unknown.extendedkeyUsage.type.") + s);
} }
} else if (p == 0) {
v.add(new ObjectIdentifier("2.5.29.37.0"));
} else {
v.add(new ObjectIdentifier("1.3.6.1.5.5.7.3." + p));
}
} }
setExt(result, new ExtendedKeyUsageExtension(isCritical, v)); setExt(result, new ExtendedKeyUsageExtension(isCritical, v));
} else { } else {
@ -4552,24 +4566,23 @@ public final class Main {
String m = item.substring(0, colonpos); String m = item.substring(0, colonpos);
String t = item.substring(colonpos+1, colonpos2); String t = item.substring(colonpos+1, colonpos2);
String v = item.substring(colonpos2+1); String v = item.substring(colonpos2+1);
int p = oneOf(m, KnownOIDs[] choices = {
"", KnownOIDs.OCSP,
"ocsp", //1 KnownOIDs.caIssuers,
"caIssuers", //2 KnownOIDs.AD_TimeStamping,
"timeStamping", //3 KnownOIDs.caRepository
"", };
"caRepository" //5 int p = oneOf(m, choices);
);
ObjectIdentifier oid; ObjectIdentifier oid;
if (p < 0) { if (p >= 0) {
oid = ObjectIdentifier.of(choices[p]);
} else {
try { try {
oid = new ObjectIdentifier(m); oid = ObjectIdentifier.of(m);
} catch (Exception e) { } catch (Exception e) {
throw new Exception(rb.getString( throw new Exception(rb.getString(
"Unknown.AccessDescription.type.") + m); "Unknown.AccessDescription.type.") + m);
} }
} else {
oid = new ObjectIdentifier("1.3.6.1.5.5.7.48." + p);
} }
accessDescriptions.add(new AccessDescription( accessDescriptions.add(new AccessDescription(
oid, createGeneralName(t, v, exttype))); oid, createGeneralName(t, v, exttype)));
@ -4606,7 +4619,7 @@ public final class Main {
} }
break; break;
case -1: case -1:
ObjectIdentifier oid = new ObjectIdentifier(name); ObjectIdentifier oid = ObjectIdentifier.of(name);
byte[] data = null; byte[] data = null;
if (value != null) { if (value != null) {
data = new byte[value.length() / 2 + 1]; data = new byte[value.length() / 2 + 1];

4
src/java.base/share/classes/sun/security/util/ConstraintsParameters.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -153,7 +153,7 @@ public class ConstraintsParameters {
public static String[] getNamedCurveFromKey(Key key) { public static String[] getNamedCurveFromKey(Key key) {
if (key instanceof ECKey) { if (key instanceof ECKey) {
NamedCurve nc = CurveDB.lookup(((ECKey)key).getParams()); NamedCurve nc = CurveDB.lookup(((ECKey)key).getParams());
return (nc == null ? EMPTYLIST : CurveDB.getNamesByOID(nc.getObjectId())); return (nc == null ? EMPTYLIST : nc.getNameAndAliases());
} else if (key instanceof XECKey) { } else if (key instanceof XECKey) {
String[] s = { String[] s = {
((NamedParameterSpec)((XECKey)key).getParams()).getName() ((NamedParameterSpec)((XECKey)key).getParams()).getName()

289
src/java.base/share/classes/sun/security/util/CurveDB.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2006, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -30,7 +30,6 @@ import java.math.BigInteger;
import java.security.spec.*; import java.security.spec.*;
import java.util.*; import java.util.*;
import java.util.regex.Pattern;
/** /**
* Repository for well-known Elliptic Curve parameters. It is used by both * Repository for well-known Elliptic Curve parameters. It is used by both
@ -54,8 +53,6 @@ public class CurveDB {
private static Collection<? extends NamedCurve> specCollection; private static Collection<? extends NamedCurve> specCollection;
public static final String SPLIT_PATTERN = ",|\\[|\\]";
// Used by SunECEntries // Used by SunECEntries
public static Collection<? extends NamedCurve>getSupportedCurves() { public static Collection<? extends NamedCurve>getSupportedCurves() {
return specCollection; return specCollection;
@ -117,9 +114,8 @@ public class CurveDB {
return new BigInteger(s, 16); return new BigInteger(s, 16);
} }
private static void add(String name, String soid, int type, String sfield, private static void add(KnownOIDs o, int type, String sfield,
String a, String b, String x, String y, String n, int h, String a, String b, String x, String y, String n, int h) {
Pattern nameSplitPattern) {
BigInteger p = bi(sfield); BigInteger p = bi(sfield);
ECField field; ECField field;
if ((type == P) || (type == PD)) { if ((type == P) || (type == PD)) {
@ -133,16 +129,16 @@ public class CurveDB {
EllipticCurve curve = new EllipticCurve(field, bi(a), bi(b)); EllipticCurve curve = new EllipticCurve(field, bi(a), bi(b));
ECPoint g = new ECPoint(bi(x), bi(y)); ECPoint g = new ECPoint(bi(x), bi(y));
NamedCurve params = new NamedCurve(name, soid, curve, g, bi(n), h); String oid = o.value();
if (oidMap.put(soid, params) != null) { NamedCurve params = new NamedCurve(o, curve, g, bi(n), h);
throw new RuntimeException("Duplication oid: " + soid); if (oidMap.put(oid, params) != null) {
throw new RuntimeException("Duplication oid: " + oid);
} }
String[] commonNames = nameSplitPattern.split(name); for (String cn : params.getNameAndAliases()) {
for (String commonName : commonNames) { if (nameMap.put(cn.toLowerCase(Locale.ENGLISH),
if (nameMap.put(commonName.trim().toLowerCase(Locale.ENGLISH),
params) != null) { params) != null) {
throw new RuntimeException("Duplication name: " + commonName); throw new RuntimeException("Duplication name: " + cn);
} }
} }
@ -154,445 +150,424 @@ public class CurveDB {
} }
} }
private static class Holder {
private static final Pattern nameSplitPattern = Pattern.compile(
SPLIT_PATTERN);
}
// Return all the names the EC curve could be using.
static String[] getNamesByOID(String oid) {
NamedCurve nc = oidMap.get(oid);
if (nc == null) {
return new String[0];
}
String[] list = Holder.nameSplitPattern.split(nc.getName());
int i = 0;
do {
list[i] = list[i].trim();
} while (++i < list.length);
return list;
}
static { static {
Pattern nameSplitPattern = Holder.nameSplitPattern;
/* SEC2 prime curves */ /* SEC2 prime curves */
add("secp112r1", "1.3.132.0.6", P, add(KnownOIDs.secp112r1, P,
"DB7C2ABF62E35E668076BEAD208B", "DB7C2ABF62E35E668076BEAD208B",
"DB7C2ABF62E35E668076BEAD2088", "DB7C2ABF62E35E668076BEAD2088",
"659EF8BA043916EEDE8911702B22", "659EF8BA043916EEDE8911702B22",
"09487239995A5EE76B55F9C2F098", "09487239995A5EE76B55F9C2F098",
"A89CE5AF8724C0A23E0E0FF77500", "A89CE5AF8724C0A23E0E0FF77500",
"DB7C2ABF62E35E7628DFAC6561C5", "DB7C2ABF62E35E7628DFAC6561C5",
1, nameSplitPattern); 1);
add("secp112r2", "1.3.132.0.7", P, add(KnownOIDs.secp112r2, P,
"DB7C2ABF62E35E668076BEAD208B", "DB7C2ABF62E35E668076BEAD208B",
"6127C24C05F38A0AAAF65C0EF02C", "6127C24C05F38A0AAAF65C0EF02C",
"51DEF1815DB5ED74FCC34C85D709", "51DEF1815DB5ED74FCC34C85D709",
"4BA30AB5E892B4E1649DD0928643", "4BA30AB5E892B4E1649DD0928643",
"adcd46f5882e3747def36e956e97", "adcd46f5882e3747def36e956e97",
"36DF0AAFD8B8D7597CA10520D04B", "36DF0AAFD8B8D7597CA10520D04B",
4, nameSplitPattern); 4);
add("secp128r1", "1.3.132.0.28", P, add(KnownOIDs.secp128r1, P,
"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
"E87579C11079F43DD824993C2CEE5ED3", "E87579C11079F43DD824993C2CEE5ED3",
"161FF7528B899B2D0C28607CA52C5B86", "161FF7528B899B2D0C28607CA52C5B86",
"CF5AC8395BAFEB13C02DA292DDED7A83", "CF5AC8395BAFEB13C02DA292DDED7A83",
"FFFFFFFE0000000075A30D1B9038A115", "FFFFFFFE0000000075A30D1B9038A115",
1, nameSplitPattern); 1);
add("secp128r2", "1.3.132.0.29", P, add(KnownOIDs.secp128r2, P,
"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
"D6031998D1B3BBFEBF59CC9BBFF9AEE1", "D6031998D1B3BBFEBF59CC9BBFF9AEE1",
"5EEEFCA380D02919DC2C6558BB6D8A5D", "5EEEFCA380D02919DC2C6558BB6D8A5D",
"7B6AA5D85E572983E6FB32A7CDEBC140", "7B6AA5D85E572983E6FB32A7CDEBC140",
"27B6916A894D3AEE7106FE805FC34B44", "27B6916A894D3AEE7106FE805FC34B44",
"3FFFFFFF7FFFFFFFBE0024720613B5A3", "3FFFFFFF7FFFFFFFBE0024720613B5A3",
4, nameSplitPattern); 4);
add("secp160k1", "1.3.132.0.9", P, add(KnownOIDs.secp160k1, P,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
"0000000000000000000000000000000000000000", "0000000000000000000000000000000000000000",
"0000000000000000000000000000000000000007", "0000000000000000000000000000000000000007",
"3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
"938CF935318FDCED6BC28286531733C3F03C4FEE", "938CF935318FDCED6BC28286531733C3F03C4FEE",
"0100000000000000000001B8FA16DFAB9ACA16B6B3", "0100000000000000000001B8FA16DFAB9ACA16B6B3",
1, nameSplitPattern); 1);
add("secp160r1", "1.3.132.0.8", P, add(KnownOIDs.secp160r1, P,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
"1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
"4A96B5688EF573284664698968C38BB913CBFC82", "4A96B5688EF573284664698968C38BB913CBFC82",
"23A628553168947D59DCC912042351377AC5FB32", "23A628553168947D59DCC912042351377AC5FB32",
"0100000000000000000001F4C8F927AED3CA752257", "0100000000000000000001F4C8F927AED3CA752257",
1, nameSplitPattern); 1);
add("secp160r2", "1.3.132.0.30", P, add(KnownOIDs.secp160r2, P,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
"B4E134D3FB59EB8BAB57274904664D5AF50388BA", "B4E134D3FB59EB8BAB57274904664D5AF50388BA",
"52DCB034293A117E1F4FF11B30F7199D3144CE6D", "52DCB034293A117E1F4FF11B30F7199D3144CE6D",
"FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
"0100000000000000000000351EE786A818F3A1A16B", "0100000000000000000000351EE786A818F3A1A16B",
1, nameSplitPattern); 1);
add("secp192k1", "1.3.132.0.31", P, add(KnownOIDs.secp192k1, P,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
"000000000000000000000000000000000000000000000000", "000000000000000000000000000000000000000000000000",
"000000000000000000000000000000000000000000000003", "000000000000000000000000000000000000000000000003",
"DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
"9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
"FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
1, nameSplitPattern); 1);
add("secp192r1 [NIST P-192, X9.62 prime192v1]", "1.2.840.10045.3.1.1", PD, add(KnownOIDs.secp192r1, PD,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
"64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
"188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
"07192B95FFC8DA78631011ED6B24CDD573F977A11E794811", "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
1, nameSplitPattern); 1);
add("secp224k1", "1.3.132.0.32", P, add(KnownOIDs.secp224k1, P,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
"00000000000000000000000000000000000000000000000000000000", "00000000000000000000000000000000000000000000000000000000",
"00000000000000000000000000000000000000000000000000000005", "00000000000000000000000000000000000000000000000000000005",
"A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
"7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
"010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
1, nameSplitPattern); 1);
add("secp224r1 [NIST P-224]", "1.3.132.0.33", PD, add(KnownOIDs.secp224r1, PD,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
"B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
"B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
"BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
1, nameSplitPattern); 1);
add("secp256k1", "1.3.132.0.10", P, add(KnownOIDs.secp256k1, P,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
"0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000007", "0000000000000000000000000000000000000000000000000000000000000007",
"79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
"483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
1, nameSplitPattern); 1);
add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD, add(KnownOIDs.secp256r1, PD,
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
"5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
"6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
"4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
1, nameSplitPattern); 1);
add("secp384r1 [NIST P-384]", "1.3.132.0.34", PD, add(KnownOIDs.secp384r1, PD,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
"B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
"AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
"3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
1, nameSplitPattern); 1);
add("secp521r1 [NIST P-521]", "1.3.132.0.35", PD, add(KnownOIDs.secp521r1, PD,
"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
"0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
"00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
"011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
1, nameSplitPattern); 1);
/* ANSI X9.62 prime curves */ /* ANSI X9.62 prime curves */
add("X9.62 prime192v2", "1.2.840.10045.3.1.2", P, add(KnownOIDs.prime192v2, P,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
"CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
"EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
"6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15", "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
"FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31", "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
1, nameSplitPattern); 1);
add("X9.62 prime192v3", "1.2.840.10045.3.1.3", P, add(KnownOIDs.prime192v3, P,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
"22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
"7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
"38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0", "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
"FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13", "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
1, nameSplitPattern); 1);
add("X9.62 prime239v1", "1.2.840.10045.3.1.4", P, add(KnownOIDs.prime239v1, P,
"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
"6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
"0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
"7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE", "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B", "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
1, nameSplitPattern); 1);
add("X9.62 prime239v2", "1.2.840.10045.3.1.5", P, add(KnownOIDs.prime239v2, P,
"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
"617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
"38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
"5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA", "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
"7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063", "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
1, nameSplitPattern); 1);
add("X9.62 prime239v3", "1.2.840.10045.3.1.6", P, add(KnownOIDs.prime239v3, P,
"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
"255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
"6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
"1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3", "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551", "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
1, nameSplitPattern); 1);
/* SEC2 binary curves */ /* SEC2 binary curves */
add("sect113r1", "1.3.132.0.4", B, add(KnownOIDs.sect113r1, B,
"020000000000000000000000000201", "020000000000000000000000000201",
"003088250CA6E7C7FE649CE85820F7", "003088250CA6E7C7FE649CE85820F7",
"00E8BEE4D3E2260744188BE0E9C723", "00E8BEE4D3E2260744188BE0E9C723",
"009D73616F35F4AB1407D73562C10F", "009D73616F35F4AB1407D73562C10F",
"00A52830277958EE84D1315ED31886", "00A52830277958EE84D1315ED31886",
"0100000000000000D9CCEC8A39E56F", "0100000000000000D9CCEC8A39E56F",
2, nameSplitPattern); 2);
add("sect113r2", "1.3.132.0.5", B, add(KnownOIDs.sect113r2, B,
"020000000000000000000000000201", "020000000000000000000000000201",
"00689918DBEC7E5A0DD6DFC0AA55C7", "00689918DBEC7E5A0DD6DFC0AA55C7",
"0095E9A9EC9B297BD4BF36E059184F", "0095E9A9EC9B297BD4BF36E059184F",
"01A57A6A7B26CA5EF52FCDB8164797", "01A57A6A7B26CA5EF52FCDB8164797",
"00B3ADC94ED1FE674C06E695BABA1D", "00B3ADC94ED1FE674C06E695BABA1D",
"010000000000000108789B2496AF93", "010000000000000108789B2496AF93",
2, nameSplitPattern); 2);
add("sect131r1", "1.3.132.0.22", B, add(KnownOIDs.sect131r1, B,
"080000000000000000000000000000010D", "080000000000000000000000000000010D",
"07A11B09A76B562144418FF3FF8C2570B8", "07A11B09A76B562144418FF3FF8C2570B8",
"0217C05610884B63B9C6C7291678F9D341", "0217C05610884B63B9C6C7291678F9D341",
"0081BAF91FDF9833C40F9C181343638399", "0081BAF91FDF9833C40F9C181343638399",
"078C6E7EA38C001F73C8134B1B4EF9E150", "078C6E7EA38C001F73C8134B1B4EF9E150",
"0400000000000000023123953A9464B54D", "0400000000000000023123953A9464B54D",
2, nameSplitPattern); 2);
add("sect131r2", "1.3.132.0.23", B, add(KnownOIDs.sect131r2, B,
"080000000000000000000000000000010D", "080000000000000000000000000000010D",
"03E5A88919D7CAFCBF415F07C2176573B2", "03E5A88919D7CAFCBF415F07C2176573B2",
"04B8266A46C55657AC734CE38F018F2192", "04B8266A46C55657AC734CE38F018F2192",
"0356DCD8F2F95031AD652D23951BB366A8", "0356DCD8F2F95031AD652D23951BB366A8",
"0648F06D867940A5366D9E265DE9EB240F", "0648F06D867940A5366D9E265DE9EB240F",
"0400000000000000016954A233049BA98F", "0400000000000000016954A233049BA98F",
2, nameSplitPattern); 2);
add("sect163k1 [NIST K-163]", "1.3.132.0.1", BD, add(KnownOIDs.sect163k1, BD,
"0800000000000000000000000000000000000000C9", "0800000000000000000000000000000000000000C9",
"000000000000000000000000000000000000000001", "000000000000000000000000000000000000000001",
"000000000000000000000000000000000000000001", "000000000000000000000000000000000000000001",
"02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
"0289070FB05D38FF58321F2E800536D538CCDAA3D9", "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
"04000000000000000000020108A2E0CC0D99F8A5EF", "04000000000000000000020108A2E0CC0D99F8A5EF",
2, nameSplitPattern); 2);
add("sect163r1", "1.3.132.0.2", B, add(KnownOIDs.sect163r1, B,
"0800000000000000000000000000000000000000C9", "0800000000000000000000000000000000000000C9",
"07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
"0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
"0369979697AB43897789566789567F787A7876A654", "0369979697AB43897789566789567F787A7876A654",
"00435EDB42EFAFB2989D51FEFCE3C80988F41FF883", "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
"03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B",
2, nameSplitPattern); 2);
add("sect163r2 [NIST B-163]", "1.3.132.0.15", BD, add(KnownOIDs.sect163r2, BD,
"0800000000000000000000000000000000000000C9", "0800000000000000000000000000000000000000C9",
"000000000000000000000000000000000000000001", "000000000000000000000000000000000000000001",
"020A601907B8C953CA1481EB10512F78744A3205FD", "020A601907B8C953CA1481EB10512F78744A3205FD",
"03F0EBA16286A2D57EA0991168D4994637E8343E36", "03F0EBA16286A2D57EA0991168D4994637E8343E36",
"00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
"040000000000000000000292FE77E70C12A4234C33", "040000000000000000000292FE77E70C12A4234C33",
2, nameSplitPattern); 2);
add("sect193r1", "1.3.132.0.24", B, add(KnownOIDs.sect193r1, B,
"02000000000000000000000000000000000000000000008001", "02000000000000000000000000000000000000000000008001",
"0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
"00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
"01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1", "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
"0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
"01000000000000000000000000C7F34A778F443ACC920EBA49", "01000000000000000000000000C7F34A778F443ACC920EBA49",
2, nameSplitPattern); 2);
add("sect193r2", "1.3.132.0.25", B, add(KnownOIDs.sect193r2, B,
"02000000000000000000000000000000000000000000008001", "02000000000000000000000000000000000000000000008001",
"0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
"00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
"00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F", "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
"01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
"010000000000000000000000015AAB561B005413CCD4EE99D5", "010000000000000000000000015AAB561B005413CCD4EE99D5",
2, nameSplitPattern); 2);
add("sect233k1 [NIST K-233]", "1.3.132.0.26", BD, add(KnownOIDs.sect233k1, BD,
"020000000000000000000000000000000000000004000000000000000001", "020000000000000000000000000000000000000004000000000000000001",
"000000000000000000000000000000000000000000000000000000000000", "000000000000000000000000000000000000000000000000000000000000",
"000000000000000000000000000000000000000000000000000000000001", "000000000000000000000000000000000000000000000000000000000001",
"017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
"01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
"008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
4, nameSplitPattern); 4);
add("sect233r1 [NIST B-233]", "1.3.132.0.27", B, add(KnownOIDs.sect233r1, B,
"020000000000000000000000000000000000000004000000000000000001", "020000000000000000000000000000000000000004000000000000000001",
"000000000000000000000000000000000000000000000000000000000001", "000000000000000000000000000000000000000000000000000000000001",
"0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
"00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
"01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
"01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
2, nameSplitPattern); 2);
add("sect239k1", "1.3.132.0.3", B, add(KnownOIDs.sect239k1, B,
"800000000000000000004000000000000000000000000000000000000001", "800000000000000000004000000000000000000000000000000000000001",
"000000000000000000000000000000000000000000000000000000000000", "000000000000000000000000000000000000000000000000000000000000",
"000000000000000000000000000000000000000000000000000000000001", "000000000000000000000000000000000000000000000000000000000001",
"29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC", "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
"76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
"2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5",
4, nameSplitPattern); 4);
add("sect283k1 [NIST K-283]", "1.3.132.0.16", BD, add(KnownOIDs.sect283k1, BD,
"0800000000000000000000000000000000000000000000000000000000000000000010A1", "0800000000000000000000000000000000000000000000000000000000000000000010A1",
"000000000000000000000000000000000000000000000000000000000000000000000000", "000000000000000000000000000000000000000000000000000000000000000000000000",
"000000000000000000000000000000000000000000000000000000000000000000000001", "000000000000000000000000000000000000000000000000000000000000000000000001",
"0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836", "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
"01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
4, nameSplitPattern); 4);
add("sect283r1 [NIST B-283]", "1.3.132.0.17", B, add(KnownOIDs.sect283r1, B,
"0800000000000000000000000000000000000000000000000000000000000000000010A1", "0800000000000000000000000000000000000000000000000000000000000000000010A1",
"000000000000000000000000000000000000000000000000000000000000000000000001", "000000000000000000000000000000000000000000000000000000000000000000000001",
"027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
"05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053", "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
"03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
2, nameSplitPattern); 2);
add("sect409k1 [NIST K-409]", "1.3.132.0.36", BD, add(KnownOIDs.sect409k1, BD,
"02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
"0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746", "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
"01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
"007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
4, nameSplitPattern); 4);
add("sect409r1 [NIST B-409]", "1.3.132.0.37", B, add(KnownOIDs.sect409r1, B,
"02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
"0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
"015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7", "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
"0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
"010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
2, nameSplitPattern); 2);
add("sect571k1 [NIST K-571]", "1.3.132.0.38", BD, add(KnownOIDs.sect571k1, BD,
"080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
"026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972", "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
"0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
"020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
4, nameSplitPattern); 4);
add("sect571r1 [NIST B-571]", "1.3.132.0.39", B, add(KnownOIDs.sect571r1, B,
"080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
"02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
"0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19", "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
"037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
2, nameSplitPattern); 2);
/* ANSI X9.62 binary curves */ /* ANSI X9.62 binary curves */
add("X9.62 c2tnb191v1", "1.2.840.10045.3.0.5", B, add(KnownOIDs.c2tnb191v1, B,
"800000000000000000000000000000000000000000000201", "800000000000000000000000000000000000000000000201",
"2866537B676752636A68F56554E12640276B649EF7526267", "2866537B676752636A68F56554E12640276B649EF7526267",
"2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
"36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D", "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
"765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
"40000000000000000000000004A20E90C39067C893BBB9A5", "40000000000000000000000004A20E90C39067C893BBB9A5",
2, nameSplitPattern); 2);
add("X9.62 c2tnb191v2", "1.2.840.10045.3.0.6", B, add(KnownOIDs.c2tnb191v2, B,
"800000000000000000000000000000000000000000000201", "800000000000000000000000000000000000000000000201",
"401028774D7777C7B7666D1366EA432071274F89FF01E718", "401028774D7777C7B7666D1366EA432071274F89FF01E718",
"0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
"3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10", "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
"17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
"20000000000000000000000050508CB89F652824E06B8173", "20000000000000000000000050508CB89F652824E06B8173",
4, nameSplitPattern); 4);
add("X9.62 c2tnb191v3", "1.2.840.10045.3.0.7", B, add(KnownOIDs.c2tnb191v3, B,
"800000000000000000000000000000000000000000000201", "800000000000000000000000000000000000000000000201",
"6C01074756099122221056911C77D77E77A777E7E7E77FCB", "6C01074756099122221056911C77D77E77A777E7E7E77FCB",
"71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
"375D4CE24FDE434489DE8746E71786015009E66E38A926DD", "375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
"545A39176196575D985999366E6AD34CE0A77CD7127B06BE", "545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
"155555555555555555555555610C0B196812BFB6288A3EA3", "155555555555555555555555610C0B196812BFB6288A3EA3",
6, nameSplitPattern); 6);
add("X9.62 c2tnb239v1", "1.2.840.10045.3.0.11", B, add(KnownOIDs.c2tnb239v1, B,
"800000000000000000000000000000000000000000000000001000000001", "800000000000000000000000000000000000000000000000001000000001",
"32010857077C5431123A46B808906756F543423E8D27877578125778AC76", "32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
"790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
"57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D", "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
"61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
"2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447",
4, nameSplitPattern); 4);
add("X9.62 c2tnb239v2", "1.2.840.10045.3.0.12", B, add(KnownOIDs.c2tnb239v2, B,
"800000000000000000000000000000000000000000000000001000000001", "800000000000000000000000000000000000000000000000001000000001",
"4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
"5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
"28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205", "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
"5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
"1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D",
6, nameSplitPattern); 6);
add("X9.62 c2tnb239v3", "1.2.840.10045.3.0.13", B, add(KnownOIDs.c2tnb239v3, B,
"800000000000000000000000000000000000000000000000001000000001", "800000000000000000000000000000000000000000000000001000000001",
"01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
"6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
"70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92", "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
"2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
"0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF",
0xA, nameSplitPattern); 0xA);
add("X9.62 c2tnb359v1", "1.2.840.10045.3.0.18", B, add(KnownOIDs.c2tnb359v1, B,
"800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001", "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001",
"5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557", "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557",
"2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988", "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988",
"3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097", "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097",
"53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD", "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD",
"01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B", "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B",
0x4C, nameSplitPattern); 0x4C);
add("X9.62 c2tnb431r1", "1.2.840.10045.3.0.20", B, add(KnownOIDs.c2tnb431r1, B,
"800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001", "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001",
"1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F", "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F",
"10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618", "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618",
"120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7", "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
"20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760", "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
"0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91", "0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91",
0x2760, nameSplitPattern); 0x2760);
/* ANSI X9.62 binary curves from the 1998 standard but forbidden /* ANSI X9.62 binary curves from the 1998 standard but forbidden
* in the 2005 version of the standard. * in the 2005 version of the standard.
@ -600,77 +575,77 @@ public class CurveDB {
* case we need to support them after all. * case we need to support them after all.
*/ */
/* /*
add("X9.62 c2pnb163v1", "1.2.840.10045.3.0.1", B, add(KnownOIDs.c2pnb163v1, B,
"080000000000000000000000000000000000000107", "080000000000000000000000000000000000000107",
"072546B5435234A422E0789675F432C89435DE5242", "072546B5435234A422E0789675F432C89435DE5242",
"00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
"07AF69989546103D79329FCC3D74880F33BBE803CB", "07AF69989546103D79329FCC3D74880F33BBE803CB",
"01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
"0400000000000000000001E60FC8821CC74DAEAFC1", "0400000000000000000001E60FC8821CC74DAEAFC1",
2, nameSplitPattern); 2);
add("X9.62 c2pnb163v2", "1.2.840.10045.3.0.2", B, add(KnownOIDs.c2pnb163v2, B,
"080000000000000000000000000000000000000107", "080000000000000000000000000000000000000107",
"0108B39E77C4B108BED981ED0E890E117C511CF072", "0108B39E77C4B108BED981ED0E890E117C511CF072",
"0667ACEB38AF4E488C407433FFAE4F1C811638DF20", "0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
"0024266E4EB5106D0A964D92C4860E2671DB9B6CC5", "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
"079F684DDF6684C5CD258B3890021B2386DFD19FC5", "079F684DDF6684C5CD258B3890021B2386DFD19FC5",
"03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7",
2, nameSplitPattern); 2);
add("X9.62 c2pnb163v3", "1.2.840.10045.3.0.3", B, add(KnownOIDs.c2pnb163v3, B,
"080000000000000000000000000000000000000107", "080000000000000000000000000000000000000107",
"07A526C63D3E25A256A007699F5447E32AE456B50E", "07A526C63D3E25A256A007699F5447E32AE456B50E",
"03F7061798EB99E238FD6F1BF95B48FEEB4854252B", "03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
"02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB", "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
"05B935590C155E17EA48EB3FF3718B893DF59A05D0", "05B935590C155E17EA48EB3FF3718B893DF59A05D0",
"03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309",
2, nameSplitPattern); 2);
add("X9.62 c2pnb176w1", "1.2.840.10045.3.0.4", B, add(KnownOIDs.c2pnb176w1, B,
"0100000000000000000000000000000000080000000007", "0100000000000000000000000000000000080000000007",
"E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
"5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
"8D16C2866798B600F9F08BB4A8E860F3298CE04A5798", "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
"6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
"00010092537397ECA4F6145799D62B0A19CE06FE26AD", "00010092537397ECA4F6145799D62B0A19CE06FE26AD",
0xFF6E, nameSplitPattern); 0xFF6E);
add("X9.62 c2pnb208w1", "1.2.840.10045.3.0.10", B, add(KnownOIDs.c2pnb208w1, B,
"010000000000000000000000000000000800000000000000000007", "010000000000000000000000000000000800000000000000000007",
"0000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000",
"C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
"89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A", "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
"0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
"000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D",
0xFE48, nameSplitPattern); 0xFE48);
add("X9.62 c2pnb272w1", "1.2.840.10045.3.0.16", B, add(KnownOIDs.c2pnb272w1, B,
"010000000000000000000000000000000000000000000000000000010000000000000B", "010000000000000000000000000000000000000000000000000000010000000000000B",
"91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
"7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
"6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D", "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
"10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23", "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
"000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
0xFF06, nameSplitPattern); 0xFF06);
add("X9.62 c2pnb304w1", "1.2.840.10045.3.0.17", B, add(KnownOIDs.c2pnb304w1, B,
"010000000000000000000000000000000000000000000000000000000000000000000000000807", "010000000000000000000000000000000000000000000000000000000000000000000000000807",
"FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681", "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681",
"BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE", "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE",
"197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614", "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614",
"E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B", "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B",
"000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D", "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D",
0xFE2E, nameSplitPattern); 0xFE2E);
add("X9.62 c2pnb368w1", "1.2.840.10045.3.0.19", B, add(KnownOIDs.c2pnb368w1, B,
"0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007", "0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007",
"E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D", "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D",
"FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A", "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A",
"1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F", "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F",
"7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310", "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310",
"00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967", "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967",
0xFF70, nameSplitPattern); 0xFF70);
*/ */
/* /*
@ -678,68 +653,68 @@ public class CurveDB {
* (Twisted curves are not included) * (Twisted curves are not included)
*/ */
add("brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1", P, add(KnownOIDs.brainpoolP160r1, P,
"E95E4A5F737059DC60DFC7AD95B3D8139515620F", "E95E4A5F737059DC60DFC7AD95B3D8139515620F",
"340E7BE2A280EB74E2BE61BADA745D97E8F7C300", "340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
"1E589A8595423412134FAA2DBDEC95C8D8675E58", "1E589A8595423412134FAA2DBDEC95C8D8675E58",
"BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3", "BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
"1667CB477A1A8EC338F94741669C976316DA6321", "1667CB477A1A8EC338F94741669C976316DA6321",
"E95E4A5F737059DC60DF5991D45029409E60FC09", "E95E4A5F737059DC60DF5991D45029409E60FC09",
1, nameSplitPattern); 1);
add("brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3", P, add(KnownOIDs.brainpoolP192r1, P,
"C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
"6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF", "6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
"469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9", "469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
"C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6", "C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
"14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F", "14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
"C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", "C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
1, nameSplitPattern); 1);
add("brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5", P, add(KnownOIDs.brainpoolP224r1, P,
"D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
"68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43", "68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
"2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B", "2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
"0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D", "0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
"58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD", "58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
"D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", "D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
1, nameSplitPattern); 1);
add("brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", P, add(KnownOIDs.brainpoolP256r1, P,
"A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
"7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
"26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
"8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
"547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
"A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
1, nameSplitPattern); 1);
add("brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9", P, add(KnownOIDs.brainpoolP320r1, P,
"D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
"3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4", "3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
"520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6", "520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
"43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611", "43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
"14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1", "14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
"D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", "D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
1, nameSplitPattern); 1);
add("brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", P, add(KnownOIDs.brainpoolP384r1, P,
"8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
"7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
"04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
"1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
"8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
"8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
1, nameSplitPattern); 1);
add("brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", P, add(KnownOIDs.brainpoolP512r1, P,
"AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
"7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
"3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
"81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
"7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
"AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
1, nameSplitPattern); 1);
specCollection = Collections.unmodifiableCollection(oidMap.values()); specCollection = Collections.unmodifiableCollection(oidMap.values());
} }

495
src/java.base/share/classes/sun/security/util/KnownOIDs.java Normal file
View file

@ -0,0 +1,495 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.util;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
/**
* This utility class maps algorithm name to the corresponding oid strings.
* NOTE: for 100% backward compatibility, the standard name for the enum
* is determined by existing usage and may be in lowercase/uppercase in
* order to match existing output.
*/
public enum KnownOIDs {
// X.500 Attributes 2.5.4.*
CommonName("2.5.4.3"),
Surname("2.5.4.4"),
SerialNumber("2.5.4.5"),
CountryName("2.5.4.6"),
LocalityName("2.5.4.7"),
StateName("2.5.4.8"),
StreetAddress("2.5.4.9"),
OrgName("2.5.4.10"),
OrgUnitName("2.5.4.11"),
Title("2.5.4.12"),
GivenName("2.5.4.42"),
Initials("2.5.4.43"),
GenerationQualifier("2.5.4.44"),
DNQualifier("2.5.4.46"),
// Certificate Extension 2.5.29.*
SubjectDirectoryAttributes("2.5.29.9"),
SubjectKeyID("2.5.29.14"),
KeyUsage("2.5.29.15"),
PrivateKeyUsage("2.5.29.16"),
SubjectAlternativeName("2.5.29.17"),
IssuerAlternativeName("2.5.29.18"),
BasicConstraints("2.5.29.19"),
CRLNumber("2.5.29.20"),
ReasonCode("2.5.29.21"),
HoldInstructionCode("2.5.29.23"),
InvalidityDate("2.5.29.24"),
DeltaCRLIndicator("2.5.29.27"),
IssuingDistributionPoint("2.5.29.28"),
CertificateIssuer("2.5.29.29"),
NameConstraints("2.5.29.30"),
CRLDistributionPoints("2.5.29.31"),
CertificatePolicies("2.5.29.32"),
CE_CERT_POLICIES_ANY("2.5.29.32.0"),
PolicyMappings("2.5.29.33"),
AuthorityKeyID("2.5.29.35"),
PolicyConstraints("2.5.29.36"),
extendedKeyUsage("2.5.29.37"),
anyExtendedKeyUsage("2.5.29.37.0"),
FreshestCRL("2.5.29.46"),
InhibitAnyPolicy("2.5.29.54"),
// PKIX 1.3.6.1.5.5.7.
AuthInfoAccess("1.3.6.1.5.5.7.1.1"),
SubjectInfoAccess("1.3.6.1.5.5.7.1.11"),
// key usage purposes - PKIX.3.*
serverAuth("1.3.6.1.5.5.7.3.1"),
clientAuth("1.3.6.1.5.5.7.3.2"),
codeSigning("1.3.6.1.5.5.7.3.3"),
emailProtection("1.3.6.1.5.5.7.3.4"),
ipsecEndSystem("1.3.6.1.5.5.7.3.5"),
ipsecTunnel("1.3.6.1.5.5.7.3.6"),
ipsecUser("1.3.6.1.5.5.7.3.7"),
KP_TimeStamping("1.3.6.1.5.5.7.3.8", "timeStamping") {
@Override
boolean registerNames() { return false; }
},
OCSPSigning("1.3.6.1.5.5.7.3.9"),
// access descriptors - PKIX.48.*
OCSP("1.3.6.1.5.5.7.48.1"),
OCSPBasicResponse("1.3.6.1.5.5.7.48.1.1"),
OCSPNonceExt("1.3.6.1.5.5.7.48.1.2"),
OCSPNoCheck("1.3.6.1.5.5.7.48.1.5"),
caIssuers("1.3.6.1.5.5.7.48.2"),
AD_TimeStamping("1.3.6.1.5.5.7.48.3", "timeStamping") {
@Override
boolean registerNames() { return false; }
},
caRepository("1.3.6.1.5.5.7.48.5", "caRepository"),
// NIST --
// AES 2.16.840.1.101.3.4.1.*
AES("2.16.840.1.101.3.4.1"),
AES_128$ECB$NoPadding("2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"),
AES_128$CBC$NoPadding("2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"),
AES_128$OFB$NoPadding("2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"),
AES_128$CFB$NoPadding("2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"),
AESWRAP_128("2.16.840.1.101.3.4.1.5"),
AES_128$GCM$NoPadding("2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding"),
AES_192$ECB$NoPadding("2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"),
AES_192$CBC$NoPadding("2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"),
AES_192$OFB$NoPadding("2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"),
AES_192$CFB$NoPadding("2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"),
AESWRAP_192("2.16.840.1.101.3.4.1.25"),
AES_192$GCM$NoPadding("2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding"),
AES_256$ECB$NoPadding("2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"),
AES_256$CBC$NoPadding("2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"),
AES_256$OFB$NoPadding("2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"),
AES_256$CFB$NoPadding("2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"),
AESWRAP_256("2.16.840.1.101.3.4.1.45"),
AES_256$GCM$NoPadding("2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding"),
// hashAlgs 2.16.840.1.101.3.4.2.*
SHA_256("2.16.840.1.101.3.4.2.1", "SHA-256", "SHA256"),
SHA_384("2.16.840.1.101.3.4.2.2", "SHA-384", "SHA384"),
SHA_512("2.16.840.1.101.3.4.2.3", "SHA-512", "SHA512"),
SHA_224("2.16.840.1.101.3.4.2.4", "SHA-224", "SHA224"),
SHA_512$224("2.16.840.1.101.3.4.2.5", "SHA-512/224", "SHA512/224"),
SHA_512$256("2.16.840.1.101.3.4.2.6", "SHA-512/256", "SHA512/256"),
SHA3_224("2.16.840.1.101.3.4.2.7", "SHA3-224"),
SHA3_256("2.16.840.1.101.3.4.2.8", "SHA3-256"),
SHA3_384("2.16.840.1.101.3.4.2.9", "SHA3-384"),
SHA3_512("2.16.840.1.101.3.4.2.10", "SHA3-512"),
SHAKE128("2.16.840.1.101.3.4.2.11"),
SHAKE256("2.16.840.1.101.3.4.2.12"),
HmacSHA3_224("2.16.840.1.101.3.4.2.13", "HmacSHA3-224"),
HmacSHA3_256("2.16.840.1.101.3.4.2.14", "HmacSHA3-256"),
HmacSHA3_384("2.16.840.1.101.3.4.2.15", "HmacSHA3-384"),
HmacSHA3_512("2.16.840.1.101.3.4.2.16", "HmacSHA3-512"),
// sigAlgs 2.16.840.1.101.3.4.3.*
SHA224withDSA("2.16.840.1.101.3.4.3.1"),
SHA256withDSA("2.16.840.1.101.3.4.3.2"),
SHA384withDSA("2.16.840.1.101.3.4.3.3"),
SHA512withDSA("2.16.840.1.101.3.4.3.4"),
SHA3_224withRSA("2.16.840.1.101.3.4.3.13", "SHA3-224withRSA"),
SHA3_256withRSA("2.16.840.1.101.3.4.3.14", "SHA3-256withRSA"),
SHA3_384withRSA("2.16.840.1.101.3.4.3.15", "SHA3-384withRSA"),
SHA3_512withRSA("2.16.840.1.101.3.4.3.16", "SHA3-512withRSA"),
// RSASecurity
// PKCS1 1.2.840.113549.1.1.*
PKCS1("1.2.840.113549.1.1", "RSA") { // RSA KeyPairGenerator and KeyFactory
@Override
boolean registerNames() { return false; }
},
RSA("1.2.840.113549.1.1.1"), // RSA encryption
MD2withRSA("1.2.840.113549.1.1.2"),
MD5withRSA("1.2.840.113549.1.1.4"),
SHA1withRSA("1.2.840.113549.1.1.5"),
OAEP("1.2.840.113549.1.1.7"),
MGF1("1.2.840.113549.1.1.8"),
PSpecified("1.2.840.113549.1.1.9"),
RSASSA_PSS("1.2.840.113549.1.1.10", "RSASSA-PSS"),
SHA256withRSA("1.2.840.113549.1.1.11"),
SHA384withRSA("1.2.840.113549.1.1.12"),
SHA512withRSA("1.2.840.113549.1.1.13"),
SHA224withRSA("1.2.840.113549.1.1.14"),
SHA512$224withRSA("1.2.840.113549.1.1.15", "SHA512/224withRSA"),
SHA512$256withRSA("1.2.840.113549.1.1.16", "SHA512/256withRSA"),
// PKCS3 1.2.840.113549.1.3.*
DiffieHellman("1.2.840.113549.1.3.1", "DiffieHellman", "DH"),
// PKCS5 1.2.840.113549.1.5.*
PBEWithMD5AndDES("1.2.840.113549.1.5.3"),
PBEWithMD5AndRC2("1.2.840.113549.1.5.6"),
PBEWithSHA1AndDES("1.2.840.113549.1.5.10"),
PBEWithSHA1AndRC2("1.2.840.113549.1.5.11"),
PBKDF2WithHmacSHA1("1.2.840.113549.1.5.12"),
PBES2("1.2.840.113549.1.5.13"),
// PKCS7 1.2.840.113549.1.7.*
PKCS7("1.2.840.113549.1.7"),
Data("1.2.840.113549.1.7.1"),
SignedData("1.2.840.113549.1.7.2"),
JDK_OLD_Data("1.2.840.1113549.1.7.1"), // extra 1 in 4th component
JDK_OLD_SignedData("1.2.840.1113549.1.7.2"),
EnvelopedData("1.2.840.113549.1.7.3"),
SignedAndEnvelopedData("1.2.840.113549.1.7.4"),
DigestedData("1.2.840.113549.1.7.5"),
EncryptedData("1.2.840.113549.1.7.6"),
// PKCS9 1.2.840.113549.1.9.*
EmailAddress("1.2.840.113549.1.9.1"),
UnstructuredName("1.2.840.113549.1.9.2"),
ContentType("1.2.840.113549.1.9.3"),
MessageDigest("1.2.840.113549.1.9.4"),
SigningTime("1.2.840.113549.1.9.5"),
CounterSignature("1.2.840.113549.1.9.6"),
ChallengePassword("1.2.840.113549.1.9.7"),
UnstructuredAddress("1.2.840.113549.1.9.8"),
ExtendedCertificateAttributes("1.2.840.113549.1.9.9"),
IssuerAndSerialNumber("1.2.840.113549.1.9.10"),
ExtensionRequest("1.2.840.113549.1.9.14"),
SMIMECapability("1.2.840.113549.1.9.15"),
TimeStampTokenInfo("1.2.840.113549.1.9.16.1.4"),
SigningCertificate("1.2.840.113549.1.9.16.2.12"),
SignatureTimestampToken("1.2.840.113549.1.9.16.2.14"),
CHACHA20_POLY1305("1.2.840.113549.1.9.16.3.18", "CHACHA20-POLY1305"),
FriendlyName("1.2.840.113549.1.9.20"),
LocalKeyID("1.2.840.113549.1.9.21"),
CertTypeX509("1.2.840.113549.1.9.22.1"),
// PKCS12 1.2.840.113549.1.12.*
PBEWithSHA1AndRC4_128("1.2.840.113549.1.12.1.1"),
PBEWithSHA1AndRC4_40("1.2.840.113549.1.12.1.2"),
PBEWithSHA1AndDESede("1.2.840.113549.1.12.1.3"),
PBEWithSHA1AndRC2_128("1.2.840.113549.1.12.1.5"),
PBEWithSHA1AndRC2_40("1.2.840.113549.1.12.1.6"),
PKCS8ShroudedKeyBag("1.2.840.113549.1.12.10.1.2"),
CertBag("1.2.840.113549.1.12.10.1.3"),
SecretBag("1.2.840.113549.1.12.10.1.5"),
// digestAlgs 1.2.840.113549.2.*
MD2("1.2.840.113549.2.2"),
MD5("1.2.840.113549.2.5"),
HmacSHA1("1.2.840.113549.2.7"),
HmacSHA224("1.2.840.113549.2.8"),
HmacSHA256("1.2.840.113549.2.9"),
HmacSHA384("1.2.840.113549.2.10"),
HmacSHA512("1.2.840.113549.2.11"),
HmacSHA512$224("1.2.840.113549.2.12", "HmacSHA512/224"),
HmacSHA512$256("1.2.840.113549.2.13", "HmacSHA512/256"),
// encryptionAlgs 1.2.840.113549.3.*
RC2$CBC$PKCS5Padding("1.2.840.113549.3.2", "RC2/CBC/PKCS5Padding"),
ARCFOUR("1.2.840.113549.3.4", "ARCFOUR", "RC4"),
DESede$CBC$NoPadding("1.2.840.113549.3.7", "DESede/CBC/NoPadding"),
RC5$CBC$PKCS5Padding("1.2.840.113549.3.9", "RC5/CBC/PKCS5Padding"),
// ANSI --
// X9 1.2.840.10040.4.*
DSA("1.2.840.10040.4.1"),
SHA1withDSA("1.2.840.10040.4.3", "SHA1withDSA", "DSS"),
// X9.62 1.2.840.10045.*
EC("1.2.840.10045.2.1"),
//c2pnb163v1("1.2.840.10045.3.0.1", "X9.62 c2pnb163v1"),
//c2pnb163v2("1.2.840.10045.3.0.2", "X9.62 c2pnb163v2"),
//c2pnb163v3("1.2.840.10045.3.0.3", "X9.62 c2pnb163v3"),
//c2pnb176w1("1.2.840.10045.3.0.4", "X9.62 c2pnb176w1"),
c2tnb191v1("1.2.840.10045.3.0.5", "X9.62 c2tnb191v1"),
c2tnb191v2("1.2.840.10045.3.0.6", "X9.62 c2tnb191v2"),
c2tnb191v3("1.2.840.10045.3.0.7", "X9.62 c2tnb191v3"),
//c2pnb208w1("1.2.840.10045.3.0.10", "X9.62 c2pnb208w1"),
c2tnb239v1("1.2.840.10045.3.0.11", "X9.62 c2tnb239v1"),
c2tnb239v2("1.2.840.10045.3.0.12", "X9.62 c2tnb239v2"),
c2tnb239v3("1.2.840.10045.3.0.13", "X9.62 c2tnb239v3"),
//c2pnb272w1("1.2.840.10045.3.0.16", "X9.62 c2pnb272w1"),
//c2pnb304w1("1.2.840.10045.3.0.17", "X9.62 c2pnb304w1"),
c2tnb359v1("1.2.840.10045.3.0.18", "X9.62 c2tnb359v1"),
//c2pnb368w1("1.2.840.10045.3.0.19", "X9.62 c2pnb368w1"),
c2tnb431r1("1.2.840.10045.3.0.20", "X9.62 c2tnb431r1"),
secp192r1("1.2.840.10045.3.1.1",
"secp192r1", "NIST P-192", "X9.62 prime192v1"),
prime192v2("1.2.840.10045.3.1.2", "X9.62 prime192v2"),
prime192v3("1.2.840.10045.3.1.3", "X9.62 prime192v3"),
prime239v1("1.2.840.10045.3.1.4", "X9.62 prime239v1"),
prime239v2("1.2.840.10045.3.1.5", "X9.62 prime239v2"),
prime239v3("1.2.840.10045.3.1.6", "X9.62 prime239v3"),
secp256r1("1.2.840.10045.3.1.7",
"secp256r1", "NIST P-256", "X9.62 prime256v1"),
SHA1withECDSA("1.2.840.10045.4.1"),
SHA224withECDSA("1.2.840.10045.4.3.1"),
SHA256withECDSA("1.2.840.10045.4.3.2"),
SHA384withECDSA("1.2.840.10045.4.3.3"),
SHA512withECDSA("1.2.840.10045.4.3.4"),
SpecifiedSHA2withECDSA("1.2.840.10045.4.3"),
// X9.42 1.2.840.10046.2.*
X942_DH("1.2.840.10046.2.1", "DiffieHellman") { // unused by JDK providers
@Override
boolean registerNames() { return false; }
},
// Teletrust 1.3.36.*
brainpoolP160r1("1.3.36.3.3.2.8.1.1.1"),
brainpoolP192r1("1.3.36.3.3.2.8.1.1.3"),
brainpoolP224r1("1.3.36.3.3.2.8.1.1.5"),
brainpoolP256r1("1.3.36.3.3.2.8.1.1.7"),
brainpoolP320r1("1.3.36.3.3.2.8.1.1.9"),
brainpoolP384r1("1.3.36.3.3.2.8.1.1.11"),
brainpoolP512r1("1.3.36.3.3.2.8.1.1.13"),
// Certicom 1.3.132.*
sect163k1("1.3.132.0.1", "sect163k1", "NIST K-163"),
sect163r1("1.3.132.0.2"),
sect239k1("1.3.132.0.3"),
sect113r1("1.3.132.0.4"),
sect113r2("1.3.132.0.5"),
secp112r1("1.3.132.0.6"),
secp112r2("1.3.132.0.7"),
secp160r1("1.3.132.0.8"),
secp160k1("1.3.132.0.9"),
secp256k1("1.3.132.0.10"),
sect163r2("1.3.132.0.15", "sect163r2", "NIST B-163"),
sect283k1("1.3.132.0.16", "sect283k1", "NIST K-283"),
sect283r1("1.3.132.0.17", "sect283r1", "NIST B-283"),
sect131r1("1.3.132.0.22"),
sect131r2("1.3.132.0.23"),
sect193r1("1.3.132.0.24"),
sect193r2("1.3.132.0.25"),
sect233k1("1.3.132.0.26", "sect233k1", "NIST K-233"),
sect233r1("1.3.132.0.27", "sect233r1", "NIST B-233"),
secp128r1("1.3.132.0.28"),
secp128r2("1.3.132.0.29"),
secp160r2("1.3.132.0.30"),
secp192k1("1.3.132.0.31"),
secp224k1("1.3.132.0.32"),
secp224r1("1.3.132.0.33", "secp224r1", "NIST P-224"),
secp384r1("1.3.132.0.34", "secp384r1", "NIST P-384"),
secp521r1("1.3.132.0.35", "secp521r1", "NIST P-521"),
sect409k1("1.3.132.0.36", "sect409k1", "NIST K-409"),
sect409r1("1.3.132.0.37", "sect409r1", "NIST B-409"),
sect571k1("1.3.132.0.38", "sect571k1", "NIST K-571"),
sect571r1("1.3.132.0.39", "sect571r1", "NIST B-571"),
ECDH("1.3.132.1.12"),
// OIW secsig 1.3.14.3.*
OIW_DES_CBC("1.3.14.3.2.7", "DES/CBC"),
OIW_DSA("1.3.14.3.2.12", "DSA") {
@Override
boolean registerNames() { return false; }
},
OIW_JDK_SHA1withDSA("1.3.14.3.2.13", "SHA1withDSA") {
@Override
boolean registerNames() { return false; }
},
SHA_1("1.3.14.3.2.26", "SHA-1", "SHA", "SHA1"),
OIW_SHA1withDSA("1.3.14.3.2.27", "SHA1withDSA") {
@Override
boolean registerNames() { return false; }
},
OIW_SHA1withRSA("1.3.14.3.2.29", "SHA1withRSA") {
@Override
boolean registerNames() { return false; }
},
// Thawte 1.3.101.*
X25519("1.3.101.110"),
X448("1.3.101.111"),
Ed25519("1.3.101.112"),
Ed448("1.3.101.113"),
// University College London (UCL) 0.9.2342.19200300.*
UCL_UserID("0.9.2342.19200300.100.1.1"),
UCL_DomainComponent("0.9.2342.19200300.100.1.25"),
// Netscape 2.16.840.1.113730.*
NETSCAPE_CertType("2.16.840.1.113730.1.1"),
NETSCAPE_CertSequence("2.16.840.1.113730.2.5"),
NETSCAPE_ExportApproved("2.16.840.1.113730.4.1"),
// Oracle 2.16.840.1.113894.*
ORACLE_TrustedKeyUsage("2.16.840.1.113894.746875.1.1"),
// Miscellaneous oids below which are legacy, and not well known
// Consider removing them in future releases when their usage
// have died out
ITUX509_RSA("2.5.8.1.1", "RSA") { // unused by JDK providers
// defined in X.509 for RSA keys
@Override // with modulus length as its parameter
boolean registerNames() { return false; }
},
SkipIPAddress("1.3.6.1.4.1.42.2.11.2.1"),
JAVASOFT_JDKKeyProtector("1.3.6.1.4.1.42.2.17.1.1"),
JAVASOFT_JCEKeyProtector("1.3.6.1.4.1.42.2.19.1"),
MICROSOFT_ExportApproved("1.3.6.1.4.1.311.10.3.3");
private String stdName;
private String oid;
private String[] aliases;
// find the matching enum using either name or oid string
// return null if no match found
public static KnownOIDs findMatch(String s) {
s = s.toUpperCase(Locale.ENGLISH);
KnownOIDs res = name2enum.get(s);
if (res == null && debug != null) {
debug.println("No KnownOIDs enum found for " + s);
}
return res;
}
private static final Debug debug = Debug.getInstance("jca");
//private static final java.io.PrintStream debug = System.out;
private static final ConcurrentHashMap<String, KnownOIDs> name2enum =
new ConcurrentHashMap<>();
static {
if (debug != null) {
debug.println("Setting up name2enum:");
}
List.of(KnownOIDs.values()).forEach(o -> {
register(o);
});
}
private static void register(KnownOIDs o) {
KnownOIDs ov = name2enum.put(o.oid, o);
if (ov != null) {
throw new RuntimeException("ERROR: Duplicate " + o.oid +
" between " + o + " and " + ov);
} else if (debug != null) {
debug.println(o.oid + " => " + o.name());
}
// only register the stdName and aliases if o.registerNames()
// returns true
if (o.registerNames()) {
String stdNameUpper = o.stdName.toUpperCase(Locale.ENGLISH);
if (Objects.nonNull(name2enum.put(stdNameUpper, o))) {
throw new RuntimeException("ERROR: Duplicate " +
stdNameUpper + " exists already");
}
if (debug != null) {
debug.println(stdNameUpper + " => " + o.name());
}
for (String a : o.aliases) {
String aliasUpper = a.toUpperCase(Locale.ENGLISH);
if (Objects.nonNull(name2enum.put(aliasUpper, o))) {
throw new RuntimeException("ERROR: Duplicate " +
aliasUpper + " exists already");
}
if (debug != null) {
debug.println(aliasUpper + " => " + o.name());
}
}
}
}
private KnownOIDs(String oid) {
this.oid = oid;
this.stdName = name(); // defaults to enum name
this.aliases = new String[0];
}
private KnownOIDs(String oid, String stdName, String ... aliases) {
this.oid = oid;
this.stdName = stdName;
this.aliases = aliases;
}
// returns the oid string associated with this enum
public String value() {
return oid;
}
// returns the user-friendly standard algorithm name
public String stdName() {
return stdName;
}
// return the internal aliases
public String[] aliases() {
return aliases;
}
boolean registerNames() {
return true;
}
}

40
src/java.base/share/classes/sun/security/util/NamedCurve.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -29,7 +29,7 @@ import java.io.IOException;
import java.math.BigInteger; import java.math.BigInteger;
import java.security.spec.*; import java.security.spec.*;
import java.util.Arrays;
/** /**
* Contains Elliptic Curve parameters. * Contains Elliptic Curve parameters.
@ -39,8 +39,8 @@ import java.security.spec.*;
*/ */
public final class NamedCurve extends ECParameterSpec { public final class NamedCurve extends ECParameterSpec {
// friendly name for toString() output // friendly names with stdName followed by aliases
private final String name; private final String[] nameAndAliases;
// well known OID // well known OID
private final String oid; private final String oid;
@ -48,25 +48,28 @@ public final class NamedCurve extends ECParameterSpec {
// encoded form (as NamedCurve identified via OID) // encoded form (as NamedCurve identified via OID)
private final byte[] encoded; private final byte[] encoded;
NamedCurve(String name, String oid, EllipticCurve curve, NamedCurve(KnownOIDs ko, EllipticCurve curve,
ECPoint g, BigInteger n, int h) { ECPoint g, BigInteger n, int h) {
super(curve, g, n, h); super(curve, g, n, h);
this.name = name; String[] aliases = ko.aliases();
this.oid = oid; this.nameAndAliases = new String[aliases.length + 1];
nameAndAliases[0] = ko.stdName();
System.arraycopy(aliases, 0, nameAndAliases, 1, aliases.length);
this.oid = ko.value();
DerOutputStream out = new DerOutputStream(); DerOutputStream out = new DerOutputStream();
try { try {
out.putOID(new ObjectIdentifier(oid)); out.putOID(ObjectIdentifier.of(ko));
} catch (IOException e) { } catch (IOException e) {
throw new RuntimeException("Internal error", e); throw new RuntimeException("Internal error", e);
} }
encoded = out.toByteArray(); encoded = out.toByteArray();
} }
public String getName() { // returns the curve's standard name followed by its aliases
return name; public String[] getNameAndAliases() {
return nameAndAliases;
} }
public byte[] getEncoded() { public byte[] getEncoded() {
@ -78,6 +81,17 @@ public final class NamedCurve extends ECParameterSpec {
} }
public String toString() { public String toString() {
return name + " (" + oid + ")"; StringBuilder sb = new StringBuilder(nameAndAliases[0]);
if (nameAndAliases.length > 1) {
sb.append(" [");
int j = 1;
while (j < nameAndAliases.length - 1) {
sb.append(nameAndAliases[j++]);
sb.append(',');
}
sb.append(nameAndAliases[j] + "]");
}
sb.append(" (" + oid + ")");
return sb.toString();
} }
} }

37
src/java.base/share/classes/sun/security/util/ObjectIdentifier.java
View file

@ -28,6 +28,7 @@ package sun.security.util;
import java.io.*; import java.io.*;
import java.math.BigInteger; import java.math.BigInteger;
import java.util.Arrays; import java.util.Arrays;
import java.util.concurrent.ConcurrentHashMap;
/** /**
* Represent an ISO Object Identifier. * Represent an ISO Object Identifier.
@ -148,7 +149,7 @@ public final class ObjectIdentifier implements Serializable {
* Constructs, from a string. This string should be of the form 1.23.56. * Constructs, from a string. This string should be of the form 1.23.56.
* Validity check included. * Validity check included.
*/ */
public ObjectIdentifier(String oid) throws IOException { private ObjectIdentifier(String oid) throws IOException {
int ch = '.'; int ch = '.';
int start = 0; int start = 0;
int end = 0; int end = 0;
@ -290,18 +291,42 @@ public final class ObjectIdentifier implements Serializable {
System.arraycopy(tmp, 0, encoding, 0, pos); System.arraycopy(tmp, 0, encoding, 0, pos);
} }
// oid cache index'ed by the oid string
private static ConcurrentHashMap<String,ObjectIdentifier> oidTable =
new ConcurrentHashMap<>();
/** /**
* Returns an ObjectIdentifier instance for the specific string OID. * Returns an ObjectIdentifier instance for the specific String.
* *
* Note: Please use legal string OID only. Otherwise, a RuntimeException * If the String is not a valid OID string, an IOException is thrown.
* is thrown.
*/ */
public static ObjectIdentifier of(String oid) { public static ObjectIdentifier of(String oidStr) throws IOException {
// check cache first
ObjectIdentifier oid = oidTable.get(oidStr);
if (oid == null) {
oid = new ObjectIdentifier(oidStr);
oidTable.put(oidStr, oid);
}
return oid;
}
/**
* Returns an ObjectIdentifier instance for the specific KnownOIDs.
*/
public static ObjectIdentifier of(KnownOIDs o) {
// check cache first
String oidStr = o.value();
ObjectIdentifier oid = oidTable.get(oidStr);
if (oid == null) {
try { try {
return new ObjectIdentifier(oid); oid = new ObjectIdentifier(oidStr);
} catch (IOException ioe) { } catch (IOException ioe) {
// should not happen as oid string for KnownOIDs is internal
throw new RuntimeException(ioe); throw new RuntimeException(ioe);
} }
oidTable.put(oidStr, oid);
}
return oid;
} }
/* /*

90
src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java
View file

@ -25,8 +25,11 @@
package sun.security.util; package sun.security.util;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.PatternSyntaxException; import java.util.regex.PatternSyntaxException;
import java.security.InvalidParameterException; import java.security.InvalidParameterException;
import java.security.ProviderException;
import sun.security.action.GetPropertyAction; import sun.security.action.GetPropertyAction;
/** /**
@ -34,11 +37,59 @@ import sun.security.action.GetPropertyAction;
* the JDK security/crypto providers. * the JDK security/crypto providers.
*/ */
public final class SecurityProviderConstants { public final class SecurityProviderConstants {
// Cannot create one of these
private SecurityProviderConstants () {}
private static final Debug debug = private static final Debug debug =
Debug.getInstance("jca", "ProviderConfig"); Debug.getInstance("jca", "ProviderConfig");
// Cannot create one of these // cache for provider aliases; key is the standard algorithm name
private SecurityProviderConstants () { // value is the associated aliases List
private static final ConcurrentHashMap<String, List<String>> aliasesMap;
// utility method for generating aliases list using the supplied
// 'oid' and 'extraAliases', then store into "aliasesMap" cache under the
// key 'stdName'
private static List<String> store(String stdName, KnownOIDs oid,
String ... extraAliases) {
List<String> value;
if (oid == null && extraAliases.length != 0) {
value = List.of(extraAliases);
} else {
value = new ArrayList<>();
if (oid != null) {
value.add("OID." + oid.value());
value.add(oid.value());
String[] knownAliases = oid.aliases();
if (knownAliases != null) {
for (String ka : knownAliases) {
value.add(ka);
}
}
}
for (String ea : extraAliases) {
value.add(ea);
}
}
aliasesMap.put(stdName, value);
return value;
}
// returns an aliases List for the specified algorithm name o
// NOTE: exception is thrown if no aliases nor oid found, so
// only call this method if aliases are expected
public static List<String> getAliases(String o) {
List<String> res = aliasesMap.get(o);
if (res == null) {
KnownOIDs e = KnownOIDs.findMatch(o);
if (e != null) {
return store(o, e);
}
ProviderException pe =
new ProviderException("Cannot find aliases for " + o);
throw pe;
}
return res;
} }
public static final int getDefDSASubprimeSize(int primeSize) { public static final int getDefDSASubprimeSize(int primeSize) {
@ -63,6 +114,7 @@ public final class SecurityProviderConstants {
private static final String KEY_LENGTH_PROP = private static final String KEY_LENGTH_PROP =
"jdk.security.defaultKeySize"; "jdk.security.defaultKeySize";
static { static {
String keyLengthStr = GetPropertyAction.privilegedGetProperty String keyLengthStr = GetPropertyAction.privilegedGetProperty
(KEY_LENGTH_PROP); (KEY_LENGTH_PROP);
@ -137,5 +189,39 @@ public final class SecurityProviderConstants {
DEF_DH_KEY_SIZE = dhKeySize; DEF_DH_KEY_SIZE = dhKeySize;
DEF_EC_KEY_SIZE = ecKeySize; DEF_EC_KEY_SIZE = ecKeySize;
DEF_ED_KEY_SIZE = edKeySize; DEF_ED_KEY_SIZE = edKeySize;
// Set up aliases with default mappings
// This is needed when the mapping contains non-oid
// aliases
aliasesMap = new ConcurrentHashMap<>();
store("SHA1withDSA", KnownOIDs.SHA1withDSA,
KnownOIDs.OIW_JDK_SHA1withDSA.value(),
KnownOIDs.OIW_SHA1withDSA.value(),
"DSA", "SHA/DSA", "SHA-1/DSA",
"SHA1/DSA", "SHAwithDSA", "DSAWithSHA1");
store("DSA", KnownOIDs.DSA, KnownOIDs.OIW_DSA.value());
store("SHA1withRSA", KnownOIDs.SHA1withRSA,
KnownOIDs.OIW_SHA1withRSA.value());
store("SHA-1", KnownOIDs.SHA_1);
store("PBEWithMD5AndDES", KnownOIDs.PBEWithMD5AndDES, "PBE");
store("DiffieHellman", KnownOIDs.DiffieHellman);
store("AES", KnownOIDs.AES, "Rijndael");
store("EC", KnownOIDs.EC, "EllipticCurve");
store("X.509", null, "X509");
store("NONEwithDSA", null, "RawDSA");
store("DESede", null, "TripleDES");
store("ARCFOUR", KnownOIDs.ARCFOUR);
// For backward compatility, refer to PKCS1 mapping for RSA
// KeyPairGenerator and KeyFactory
store("PKCS1", KnownOIDs.PKCS1, KnownOIDs.RSA.value());
} }
} }

28
src/java.base/share/classes/sun/security/validator/EndEntityChecker.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@ package sun.security.validator;
import java.util.*; import java.util.*;
import java.security.cert.*; import java.security.cert.*;
import sun.security.util.KnownOIDs;
import sun.security.x509.NetscapeCertTypeExtension; import sun.security.x509.NetscapeCertTypeExtension;
/** /**
@ -71,24 +71,32 @@ class EndEntityChecker {
private static final String OID_EXTENDED_KEY_USAGE = private static final String OID_EXTENDED_KEY_USAGE =
SimpleValidator.OID_EXTENDED_KEY_USAGE; SimpleValidator.OID_EXTENDED_KEY_USAGE;
private static final String OID_EKU_TLS_SERVER = "1.3.6.1.5.5.7.3.1"; private static final String OID_EKU_TLS_SERVER =
KnownOIDs.serverAuth.value();
private static final String OID_EKU_TLS_CLIENT = "1.3.6.1.5.5.7.3.2"; private static final String OID_EKU_TLS_CLIENT =
KnownOIDs.clientAuth.value();
private static final String OID_EKU_CODE_SIGNING = "1.3.6.1.5.5.7.3.3"; private static final String OID_EKU_CODE_SIGNING =
KnownOIDs.codeSigning.value();
private static final String OID_EKU_TIME_STAMPING = "1.3.6.1.5.5.7.3.8"; private static final String OID_EKU_TIME_STAMPING =
KnownOIDs.KP_TimeStamping.value();
private static final String OID_EKU_ANY_USAGE = "2.5.29.37.0"; private static final String OID_EKU_ANY_USAGE =
KnownOIDs.anyExtendedKeyUsage.value();
// the Netscape Server-Gated-Cryptography EKU extension OID // the Netscape Server-Gated-Cryptography EKU extension OID
private static final String OID_EKU_NS_SGC = "2.16.840.1.113730.4.1"; private static final String OID_EKU_NS_SGC =
KnownOIDs.NETSCAPE_ExportApproved.value();
// the Microsoft Server-Gated-Cryptography EKU extension OID // the Microsoft Server-Gated-Cryptography EKU extension OID
private static final String OID_EKU_MS_SGC = "1.3.6.1.4.1.311.10.3.3"; private static final String OID_EKU_MS_SGC =
KnownOIDs.MICROSOFT_ExportApproved.value();
// the recognized extension OIDs // the recognized extension OIDs
private static final String OID_SUBJECT_ALT_NAME = "2.5.29.17"; private static final String OID_SUBJECT_ALT_NAME =
KnownOIDs.SubjectAlternativeName.value();
private static final String NSCT_SSL_CLIENT = private static final String NSCT_SSL_CLIENT =
NetscapeCertTypeExtension.SSL_CLIENT; NetscapeCertTypeExtension.SSL_CLIENT;

17
src/java.base/share/classes/sun/security/validator/SimpleValidator.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -39,6 +39,7 @@ import sun.security.x509.NetscapeCertTypeExtension;
import sun.security.util.DerValue; import sun.security.util.DerValue;
import sun.security.util.DerInputStream; import sun.security.util.DerInputStream;
import sun.security.util.ObjectIdentifier; import sun.security.util.ObjectIdentifier;
import sun.security.util.KnownOIDs;
import sun.security.provider.certpath.AlgorithmChecker; import sun.security.provider.certpath.AlgorithmChecker;
import sun.security.provider.certpath.UntrustedChecker; import sun.security.provider.certpath.UntrustedChecker;
@ -60,15 +61,19 @@ public final class SimpleValidator extends Validator {
// Constants for the OIDs we need // Constants for the OIDs we need
static final String OID_BASIC_CONSTRAINTS = "2.5.29.19"; static final String OID_BASIC_CONSTRAINTS =
KnownOIDs.BasicConstraints.value();
static final String OID_NETSCAPE_CERT_TYPE = "2.16.840.1.113730.1.1"; static final String OID_NETSCAPE_CERT_TYPE =
KnownOIDs.NETSCAPE_CertType.value();
static final String OID_KEY_USAGE = "2.5.29.15"; static final String OID_KEY_USAGE = KnownOIDs.KeyUsage.value();
static final String OID_EXTENDED_KEY_USAGE = "2.5.29.37"; static final String OID_EXTENDED_KEY_USAGE =
KnownOIDs.extendedKeyUsage.value();
static final String OID_EKU_ANY_USAGE = "2.5.29.37.0"; static final String OID_EKU_ANY_USAGE =
KnownOIDs.anyExtendedKeyUsage.value();
static final ObjectIdentifier OBJID_NETSCAPE_CERT_TYPE = static final ObjectIdentifier OBJID_NETSCAPE_CERT_TYPE =
NetscapeCertTypeExtension.NetscapeCertType_Id; NetscapeCertTypeExtension.NetscapeCertType_Id;

6
src/java.base/share/classes/sun/security/x509/AVA.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -1225,7 +1225,7 @@ class AVAKeyword {
return ak.oid; return ak.oid;
} }
} else { } else {
return new ObjectIdentifier(oidString); return ObjectIdentifier.of(oidString);
} }
// no keyword found, check if OID string // no keyword found, check if OID string
@ -1243,7 +1243,7 @@ class AVAKeyword {
if (number == false) { if (number == false) {
throw new IOException("Invalid keyword \"" + keyword + "\""); throw new IOException("Invalid keyword \"" + keyword + "\"");
} }
return new ObjectIdentifier(keyword); return ObjectIdentifier.of(keyword);
} }
/** /**

8
src/java.base/share/classes/sun/security/x509/AccessDescription.java
View file

@ -42,16 +42,16 @@ public final class AccessDescription {
private GeneralName accessLocation; private GeneralName accessLocation;
public static final ObjectIdentifier Ad_OCSP_Id = public static final ObjectIdentifier Ad_OCSP_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.1"); ObjectIdentifier.of(KnownOIDs.OCSP);
public static final ObjectIdentifier Ad_CAISSUERS_Id = public static final ObjectIdentifier Ad_CAISSUERS_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.2"); ObjectIdentifier.of(KnownOIDs.caIssuers);
public static final ObjectIdentifier Ad_TIMESTAMPING_Id = public static final ObjectIdentifier Ad_TIMESTAMPING_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.3"); ObjectIdentifier.of(KnownOIDs.AD_TimeStamping);
public static final ObjectIdentifier Ad_CAREPOSITORY_Id = public static final ObjectIdentifier Ad_CAREPOSITORY_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.5"); ObjectIdentifier.of(KnownOIDs.caRepository);
public AccessDescription(ObjectIdentifier accessMethod, GeneralName accessLocation) { public AccessDescription(ObjectIdentifier accessMethod, GeneralName accessLocation) {
this.accessMethod = accessMethod; this.accessMethod = accessMethod;

546
src/java.base/share/classes/sun/security/x509/AlgorithmId.java
View file

@ -33,6 +33,7 @@ import java.security.spec.InvalidParameterSpecException;
import java.security.spec.MGF1ParameterSpec; import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec; import java.security.spec.PSSParameterSpec;
import java.util.*; import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.security.*; import java.security.*;
import java.security.interfaces.*; import java.security.interfaces.*;
@ -248,21 +249,31 @@ public class AlgorithmId implements Serializable, DerEncoder {
* returns the "full" signature algorithm (Ex: SHA256withECDSA) directly. * returns the "full" signature algorithm (Ex: SHA256withECDSA) directly.
*/ */
public String getName() { public String getName() {
String algName = nameTable.get(algid); String oidStr = algid.toString();
if (algName != null) { // first check the list of support oids
return algName; KnownOIDs o = KnownOIDs.findMatch(oidStr);
} if (o == KnownOIDs.SpecifiedSHA2withECDSA) {
if ((params != null) && algid.equals((Object)specifiedWithECDSA_oid)) { if (params != null) {
try { try {
AlgorithmId paramsId = AlgorithmId paramsId =
AlgorithmId.parse(new DerValue(params.toByteArray())); AlgorithmId.parse(new DerValue(params.toByteArray()));
String paramsName = paramsId.getName(); String paramsName = paramsId.getName();
algName = makeSigAlg(paramsName, "EC"); return makeSigAlg(paramsName, "EC");
} catch (IOException e) { } catch (IOException e) {
// ignore // ignore
} }
} }
return (algName == null) ? algid.toString() : algName; }
if (o != null) {
return o.stdName();
} else {
String n = aliasOidsTable().get(oidStr);
if (n != null) {
return n;
} else {
return algid.toString();
}
}
} }
public AlgorithmParameters getParameters() { public AlgorithmParameters getParameters() {
@ -280,7 +291,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
* @return DER encoded parameters, or null not present. * @return DER encoded parameters, or null not present.
*/ */
public byte[] getEncodedParams() throws IOException { public byte[] getEncodedParams() throws IOException {
return (params == null || algid.equals(specifiedWithECDSA_oid)) return (params == null ||
algid.toString().equals(KnownOIDs.SpecifiedSHA2withECDSA.value()))
? null ? null
: params.toByteArray(); : params.toByteArray();
} }
@ -474,155 +486,70 @@ public class AlgorithmId implements Serializable, DerEncoder {
* used as a "KeyPairGenerator" algorithm. * used as a "KeyPairGenerator" algorithm.
*/ */
private static ObjectIdentifier algOID(String name) throws IOException { private static ObjectIdentifier algOID(String name) throws IOException {
// See if algname is in printable OID ("dot-dot") notation
if (name.indexOf('.') != -1) {
if (name.startsWith("OID.")) { if (name.startsWith("OID.")) {
return new ObjectIdentifier(name.substring("OID.".length())); name = name.substring("OID.".length());
}
KnownOIDs k = KnownOIDs.findMatch(name);
if (k != null) {
return ObjectIdentifier.of(k);
}
// unknown algorithm oids
if (name.indexOf(".") == -1) {
// see if there is a matching oid string alias mapping from
// 3rd party providers
name = name.toUpperCase(Locale.ENGLISH);
String oidStr = aliasOidsTable().get(name);
if (oidStr != null) {
return ObjectIdentifier.of(oidStr);
} return null;
} else { } else {
return new ObjectIdentifier(name); return ObjectIdentifier.of(name);
} }
} }
// Digesting algorithms // oid string cache index'ed by algorithm name and oid strings
if (name.equalsIgnoreCase("MD5")) { private static volatile Map<String,String> aliasOidsTable;
return AlgorithmId.MD5_oid;
}
if (name.equalsIgnoreCase("MD2")) {
return AlgorithmId.MD2_oid;
}
if (name.equalsIgnoreCase("SHA") || name.equalsIgnoreCase("SHA1")
|| name.equalsIgnoreCase("SHA-1")) {
return AlgorithmId.SHA_oid;
}
if (name.equalsIgnoreCase("SHA-256") ||
name.equalsIgnoreCase("SHA256")) {
return AlgorithmId.SHA256_oid;
}
if (name.equalsIgnoreCase("SHA-384") ||
name.equalsIgnoreCase("SHA384")) {
return AlgorithmId.SHA384_oid;
}
if (name.equalsIgnoreCase("SHA-512") ||
name.equalsIgnoreCase("SHA512")) {
return AlgorithmId.SHA512_oid;
}
if (name.equalsIgnoreCase("SHA-224") ||
name.equalsIgnoreCase("SHA224")) {
return AlgorithmId.SHA224_oid;
}
if (name.equalsIgnoreCase("SHA-512/224") ||
name.equalsIgnoreCase("SHA512/224")) {
return AlgorithmId.SHA512_224_oid;
}
if (name.equalsIgnoreCase("SHA-512/256") ||
name.equalsIgnoreCase("SHA512/256")) {
return AlgorithmId.SHA512_256_oid;
}
// Various public key algorithms
if (name.equalsIgnoreCase("RSA")) {
return AlgorithmId.RSAEncryption_oid;
}
if (name.equalsIgnoreCase("RSASSA-PSS")) {
return AlgorithmId.RSASSA_PSS_oid;
}
if (name.equalsIgnoreCase("RSAES-OAEP")) {
return AlgorithmId.RSAES_OAEP_oid;
}
if (name.equalsIgnoreCase("Diffie-Hellman")
|| name.equalsIgnoreCase("DH")) {
return AlgorithmId.DH_oid;
}
if (name.equalsIgnoreCase("DSA")) {
return AlgorithmId.DSA_oid;
}
if (name.equalsIgnoreCase("EC")) {
return EC_oid;
}
if (name.equalsIgnoreCase("ECDH")) {
return AlgorithmId.ECDH_oid;
}
// Secret key algorithms // returns the aliasOidsTable, lazily initializing it on first access.
if (name.equalsIgnoreCase("AES")) { private static Map<String,String> aliasOidsTable() {
return AlgorithmId.AES_oid; // Double checked locking; safe because aliasOidsTable is volatile
} Map<String,String> tab = aliasOidsTable;
if (tab == null) {
// Common signature types
if (name.equalsIgnoreCase("MD5withRSA")
|| name.equalsIgnoreCase("MD5/RSA")) {
return AlgorithmId.md5WithRSAEncryption_oid;
}
if (name.equalsIgnoreCase("MD2withRSA")
|| name.equalsIgnoreCase("MD2/RSA")) {
return AlgorithmId.md2WithRSAEncryption_oid;
}
if (name.equalsIgnoreCase("SHAwithDSA")
|| name.equalsIgnoreCase("SHA1withDSA")
|| name.equalsIgnoreCase("SHA/DSA")
|| name.equalsIgnoreCase("SHA1/DSA")
|| name.equalsIgnoreCase("DSAWithSHA1")
|| name.equalsIgnoreCase("DSS")
|| name.equalsIgnoreCase("SHA-1/DSA")) {
return AlgorithmId.sha1WithDSA_oid;
}
if (name.equalsIgnoreCase("SHA224WithDSA")) {
return AlgorithmId.sha224WithDSA_oid;
}
if (name.equalsIgnoreCase("SHA256WithDSA")) {
return AlgorithmId.sha256WithDSA_oid;
}
if (name.equalsIgnoreCase("SHA1WithRSA")
|| name.equalsIgnoreCase("SHA1/RSA")) {
return AlgorithmId.sha1WithRSAEncryption_oid;
}
if (name.equalsIgnoreCase("SHA1withECDSA")
|| name.equalsIgnoreCase("ECDSA")) {
return AlgorithmId.sha1WithECDSA_oid;
}
if (name.equalsIgnoreCase("SHA224withECDSA")) {
return AlgorithmId.sha224WithECDSA_oid;
}
if (name.equalsIgnoreCase("SHA256withECDSA")) {
return AlgorithmId.sha256WithECDSA_oid;
}
if (name.equalsIgnoreCase("SHA384withECDSA")) {
return AlgorithmId.sha384WithECDSA_oid;
}
if (name.equalsIgnoreCase("SHA512withECDSA")) {
return AlgorithmId.sha512WithECDSA_oid;
}
if (name.equalsIgnoreCase("ED25519")) {
return AlgorithmId.ed25519_oid;
}
if (name.equalsIgnoreCase("ED448")) {
return AlgorithmId.ed448_oid;
}
return oidTable().get(name.toUpperCase(Locale.ENGLISH));
}
private static volatile Map<String,ObjectIdentifier> oidTable;
private static final Map<ObjectIdentifier,String> nameTable;
/** Returns the oidTable, lazily initializing it on first access. */
private static Map<String,ObjectIdentifier> oidTable()
throws IOException {
// Double checked locking; safe because oidTable is volatile
Map<String,ObjectIdentifier> tab;
if ((tab = oidTable) == null) {
synchronized (AlgorithmId.class) { synchronized (AlgorithmId.class) {
if ((tab = oidTable) == null) if ((tab = aliasOidsTable) == null) {
oidTable = tab = computeOidTable(); aliasOidsTable = tab = collectOIDAliases();
}
} }
} }
return tab; return tab;
} }
/** Collects the algorithm names from the installed providers. */ private static boolean isKnownProvider(Provider p) {
private static HashMap<String,ObjectIdentifier> computeOidTable() String pn = p.getName();
throws IOException { String mn = p.getClass().getModule().getName();
HashMap<String,ObjectIdentifier> tab = new HashMap<>(); if (pn != null && mn != null) {
return ((mn.equals("java.base") &&
(pn.equals("SUN") || pn.equals("SunRsaSign") ||
pn.equals("SunJCE") || pn.equals("SunJSSE"))) ||
(mn.equals("jdk.crypto.ec") && pn.equals("SunEC")) ||
(mn.equals("jdk.crypto.mscapi") && pn.equals("SunMSCAPI")) ||
(mn.equals("jdk.crypto.cryptoki") &&
pn.startsWith("SunPKCS11")));
} else {
return false;
}
}
private static ConcurrentHashMap<String, String> collectOIDAliases() {
ConcurrentHashMap<String, String> t = new ConcurrentHashMap<>();
for (Provider provider : Security.getProviders()) { for (Provider provider : Security.getProviders()) {
// skip providers which are already using SecurityProviderConstants
// and KnownOIDs
if (isKnownProvider(provider)) {
continue;
}
for (Object key : provider.keySet()) { for (Object key : provider.keySet()) {
String alias = (String)key; String alias = (String)key;
String upperCaseAlias = alias.toUpperCase(Locale.ENGLISH); String upperCaseAlias = alias.toUpperCase(Locale.ENGLISH);
@ -634,345 +561,72 @@ public class AlgorithmId implements Serializable, DerEncoder {
// invalid alias entry // invalid alias entry
break; break;
} }
String oidString = alias.substring(index); String ostr = alias.substring(index);
String stdAlgName = provider.getProperty(alias); String stdAlgName = provider.getProperty(alias);
if (stdAlgName != null) { if (stdAlgName != null) {
stdAlgName = stdAlgName.toUpperCase(Locale.ENGLISH); stdAlgName = stdAlgName.toUpperCase(Locale.ENGLISH);
} }
if (stdAlgName != null && // add the name->oid and oid->name mappings if none exists
tab.get(stdAlgName) == null) { if (KnownOIDs.findMatch(stdAlgName) == null) {
tab.put(stdAlgName, new ObjectIdentifier(oidString)); // not override earlier entries if it exists
t.putIfAbsent(stdAlgName, ostr);
}
if (KnownOIDs.findMatch(ostr) == null) {
// not override earlier entries if it exists
t.putIfAbsent(ostr, stdAlgName);
} }
} }
} }
} }
return tab; return t;
} }
/*****************************************************************/
/*
* HASHING ALGORITHMS
*/
/**
* Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319.
* OID = 1.2.840.113549.2.2
*/
public static final ObjectIdentifier MD2_oid = public static final ObjectIdentifier MD2_oid =
ObjectIdentifier.of("1.2.840.113549.2.2"); ObjectIdentifier.of(KnownOIDs.MD2);
/**
* Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321.
* OID = 1.2.840.113549.2.5
*/
public static final ObjectIdentifier MD5_oid = public static final ObjectIdentifier MD5_oid =
ObjectIdentifier.of("1.2.840.113549.2.5"); ObjectIdentifier.of(KnownOIDs.MD5);
/**
* Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1.
* This is sometimes called "SHA", though that is often confusing since
* many people refer to FIPS 180 (which has an error) as defining SHA.
* OID = 1.3.14.3.2.26. Old SHA-0 OID: 1.3.14.3.2.18.
*/
public static final ObjectIdentifier SHA_oid = public static final ObjectIdentifier SHA_oid =
ObjectIdentifier.of("1.3.14.3.2.26"); ObjectIdentifier.of(KnownOIDs.SHA_1);
public static final ObjectIdentifier SHA224_oid = public static final ObjectIdentifier SHA224_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.4"); ObjectIdentifier.of(KnownOIDs.SHA_224);
public static final ObjectIdentifier SHA256_oid = public static final ObjectIdentifier SHA256_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.1"); ObjectIdentifier.of(KnownOIDs.SHA_256);
public static final ObjectIdentifier SHA384_oid = public static final ObjectIdentifier SHA384_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.2"); ObjectIdentifier.of(KnownOIDs.SHA_384);
public static final ObjectIdentifier SHA512_oid = public static final ObjectIdentifier SHA512_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.3"); ObjectIdentifier.of(KnownOIDs.SHA_512);
public static final ObjectIdentifier SHA512_224_oid = public static final ObjectIdentifier SHA512_224_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.5"); ObjectIdentifier.of(KnownOIDs.SHA_512$224);
public static final ObjectIdentifier SHA512_256_oid = public static final ObjectIdentifier SHA512_256_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.6"); ObjectIdentifier.of(KnownOIDs.SHA_512$256);
/*
* COMMON PUBLIC KEY TYPES
*/
/*
* Note the preferred OIDs are named simply with no "OIW" or
* "PKIX" in them, even though they may point to data from these
* specs; e.g. SHA_oid, DH_oid, DSA_oid, SHA1WithDSA_oid...
*/
/**
* Algorithm ID for Diffie Hellman Key agreement, from PKCS #3.
* Parameters include public values P and G, and may optionally specify
* the length of the private key X. Alternatively, algorithm parameters
* may be derived from another source such as a Certificate Authority's
* certificate.
* OID = 1.2.840.113549.1.3.1
*/
public static final ObjectIdentifier DH_oid =
ObjectIdentifier.of("1.2.840.113549.1.3.1");
/**
* Algorithm ID for the Diffie Hellman Key Agreement (DH), from RFC 3279.
* Parameters may include public values P and G.
* OID = 1.2.840.10046.2.1
*/
public static final ObjectIdentifier DH_PKIX_oid =
ObjectIdentifier.of("1.2.840.10046.2.1");
/**
* Algorithm ID for the Digital Signing Algorithm (DSA), from the
* NIST OIW Stable Agreements part 12.
* Parameters may include public values P, Q, and G; or these may be
* derived from
* another source such as a Certificate Authority's certificate.
* OID = 1.3.14.3.2.12
*/
public static final ObjectIdentifier DSA_OIW_oid =
ObjectIdentifier.of("1.3.14.3.2.12");
/**
* Algorithm ID for the Digital Signing Algorithm (DSA), from RFC 3279.
* Parameters may include public values P, Q, and G; or these may be
* derived from another source such as a Certificate Authority's
* certificate.
* OID = 1.2.840.10040.4.1
*/
public static final ObjectIdentifier DSA_oid = public static final ObjectIdentifier DSA_oid =
ObjectIdentifier.of("1.2.840.10040.4.1"); ObjectIdentifier.of(KnownOIDs.DSA);
/**
* Algorithm ID for RSA keys used for any purpose, as defined in X.509.
* The algorithm parameter is a single value, the number of bits in the
* public modulus.
* OID = 2.5.8.1.1
*/
public static final ObjectIdentifier RSA_oid =
ObjectIdentifier.of("2.5.8.1.1");
public static final ObjectIdentifier EC_oid = public static final ObjectIdentifier EC_oid =
ObjectIdentifier.of("1.2.840.10045.2.1"); ObjectIdentifier.of(KnownOIDs.EC);
public static final ObjectIdentifier ECDH_oid =
ObjectIdentifier.of("1.3.132.1.12");
public static final ObjectIdentifier RSAEncryption_oid = public static final ObjectIdentifier RSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.1"); ObjectIdentifier.of(KnownOIDs.RSA);
public static final ObjectIdentifier RSAES_OAEP_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.7");
public static final ObjectIdentifier mgf1_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.8");
public static final ObjectIdentifier RSASSA_PSS_oid = public static final ObjectIdentifier RSASSA_PSS_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.10"); ObjectIdentifier.of(KnownOIDs.RSASSA_PSS);
/* public static final ObjectIdentifier MGF1_oid =
* COMMON SECRET KEY TYPES ObjectIdentifier.of(KnownOIDs.MGF1);
*/
public static final ObjectIdentifier AES_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.1");
/*
* COMMON SIGNATURE ALGORITHMS
*/
/**
* Identifies a signing algorithm where an MD2 digest is encrypted
* using an RSA private key; defined in PKCS #1. Use of this
* signing algorithm is discouraged due to MD2 vulnerabilities.
* OID = 1.2.840.113549.1.1.2
*/
public static final ObjectIdentifier md2WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.2");
/**
* Identifies a signing algorithm where an MD5 digest is
* encrypted using an RSA private key; defined in PKCS #1.
* OID = 1.2.840.113549.1.1.4
*/
public static final ObjectIdentifier md5WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.4");
/**
* Identifies a signing algorithm where a SHA1 digest is
* encrypted using an RSA private key; defined by RSA DSI.
* OID = 1.2.840.113549.1.1.5
*/
public static final ObjectIdentifier sha1WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.5");
/**
* Identifies a signing algorithm where a SHA1 digest is
* encrypted using an RSA private key; defined in NIST OIW.
* OID = 1.3.14.3.2.29
*/
public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid =
ObjectIdentifier.of("1.3.14.3.2.29");
/**
* Identifies a signing algorithm where a SHA224 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.14
*/
public static final ObjectIdentifier sha224WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.14");
/**
* Identifies a signing algorithm where a SHA256 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.11
*/
public static final ObjectIdentifier sha256WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.11");
/**
* Identifies a signing algorithm where a SHA384 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.12
*/
public static final ObjectIdentifier sha384WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.12");
/**
* Identifies a signing algorithm where a SHA512 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.13
*/
public static final ObjectIdentifier sha512WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.13");
/**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
* SHA digest is signed using the Digital Signing Algorithm (DSA).
* This should not be used.
* OID = 1.3.14.3.2.13
*/
public static final ObjectIdentifier shaWithDSA_OIW_oid =
ObjectIdentifier.of("1.3.14.3.2.13");
/**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
* SHA1 digest is signed using the Digital Signing Algorithm (DSA).
* OID = 1.3.14.3.2.27
*/
public static final ObjectIdentifier sha1WithDSA_OIW_oid =
ObjectIdentifier.of("1.3.14.3.2.27");
/**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
* SHA1 digest is signed using the Digital Signing Algorithm (DSA).
* OID = 1.2.840.10040.4.3
*/
public static final ObjectIdentifier sha1WithDSA_oid =
ObjectIdentifier.of("1.2.840.10040.4.3");
public static final ObjectIdentifier sha512_224WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.15");
public static final ObjectIdentifier sha512_256WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.16");
public static final ObjectIdentifier sha224WithDSA_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.3.1");
public static final ObjectIdentifier sha256WithDSA_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.3.2");
public static final ObjectIdentifier sha1WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.1");
public static final ObjectIdentifier sha224WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3.1");
public static final ObjectIdentifier sha256WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3.2");
public static final ObjectIdentifier sha384WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3.3");
public static final ObjectIdentifier sha512WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3.4");
public static final ObjectIdentifier specifiedWithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3");
/**
* Algorithm ID for the PBE encryption algorithms from PKCS#5 and
* PKCS#12.
*/
public static final ObjectIdentifier pbeWithMD5AndDES_oid =
ObjectIdentifier.of("1.2.840.113549.1.5.3");
public static final ObjectIdentifier pbeWithMD5AndRC2_oid =
ObjectIdentifier.of("1.2.840.113549.1.5.6");
public static final ObjectIdentifier pbeWithSHA1AndDES_oid =
ObjectIdentifier.of("1.2.840.113549.1.5.10");
public static final ObjectIdentifier pbeWithSHA1AndRC2_oid =
ObjectIdentifier.of("1.2.840.113549.1.5.11");
public static final ObjectIdentifier pbeWithSHA1AndRC4_128_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.1");
public static final ObjectIdentifier pbeWithSHA1AndRC4_40_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.2");
public static final ObjectIdentifier pbeWithSHA1AndDESede_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.3");
public static final ObjectIdentifier pbeWithSHA1AndRC2_128_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.5");
public static final ObjectIdentifier pbeWithSHA1AndRC2_40_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.6");
public static final ObjectIdentifier ed25519_oid = public static final ObjectIdentifier ed25519_oid =
ObjectIdentifier.of("1.3.101.112"); ObjectIdentifier.of(KnownOIDs.Ed25519);
public static final ObjectIdentifier ed448_oid = public static final ObjectIdentifier ed448_oid =
ObjectIdentifier.of("1.3.101.113"); ObjectIdentifier.of(KnownOIDs.Ed448);
static {
nameTable = new HashMap<>();
nameTable.put(MD5_oid, "MD5");
nameTable.put(MD2_oid, "MD2");
nameTable.put(SHA_oid, "SHA-1");
nameTable.put(SHA224_oid, "SHA-224");
nameTable.put(SHA256_oid, "SHA-256");
nameTable.put(SHA384_oid, "SHA-384");
nameTable.put(SHA512_oid, "SHA-512");
nameTable.put(SHA512_224_oid, "SHA-512/224");
nameTable.put(SHA512_256_oid, "SHA-512/256");
nameTable.put(RSAEncryption_oid, "RSA");
nameTable.put(RSA_oid, "RSA");
nameTable.put(DH_oid, "Diffie-Hellman");
nameTable.put(DH_PKIX_oid, "Diffie-Hellman");
nameTable.put(DSA_oid, "DSA");
nameTable.put(DSA_OIW_oid, "DSA");
nameTable.put(EC_oid, "EC");
nameTable.put(ECDH_oid, "ECDH");
nameTable.put(ed25519_oid, "ED25519");
nameTable.put(ed448_oid, "ED448");
nameTable.put(AES_oid, "AES");
nameTable.put(sha1WithECDSA_oid, "SHA1withECDSA");
nameTable.put(sha224WithECDSA_oid, "SHA224withECDSA");
nameTable.put(sha256WithECDSA_oid, "SHA256withECDSA");
nameTable.put(sha384WithECDSA_oid, "SHA384withECDSA");
nameTable.put(sha512WithECDSA_oid, "SHA512withECDSA");
nameTable.put(md5WithRSAEncryption_oid, "MD5withRSA");
nameTable.put(md2WithRSAEncryption_oid, "MD2withRSA");
nameTable.put(sha1WithDSA_oid, "SHA1withDSA");
nameTable.put(sha1WithDSA_OIW_oid, "SHA1withDSA");
nameTable.put(shaWithDSA_OIW_oid, "SHA1withDSA");
nameTable.put(sha224WithDSA_oid, "SHA224withDSA");
nameTable.put(sha256WithDSA_oid, "SHA256withDSA");
nameTable.put(sha1WithRSAEncryption_oid, "SHA1withRSA");
nameTable.put(sha1WithRSAEncryption_OIW_oid, "SHA1withRSA");
nameTable.put(sha224WithRSAEncryption_oid, "SHA224withRSA");
nameTable.put(sha256WithRSAEncryption_oid, "SHA256withRSA");
nameTable.put(sha384WithRSAEncryption_oid, "SHA384withRSA");
nameTable.put(sha512WithRSAEncryption_oid, "SHA512withRSA");
nameTable.put(sha512_224WithRSAEncryption_oid, "SHA512/224withRSA");
nameTable.put(sha512_256WithRSAEncryption_oid, "SHA512/256withRSA");
nameTable.put(RSASSA_PSS_oid, "RSASSA-PSS");
nameTable.put(RSAES_OAEP_oid, "RSAES-OAEP");
nameTable.put(pbeWithMD5AndDES_oid, "PBEWithMD5AndDES");
nameTable.put(pbeWithMD5AndRC2_oid, "PBEWithMD5AndRC2");
nameTable.put(pbeWithSHA1AndDES_oid, "PBEWithSHA1AndDES");
nameTable.put(pbeWithSHA1AndRC2_oid, "PBEWithSHA1AndRC2");
nameTable.put(pbeWithSHA1AndRC4_128_oid, "PBEWithSHA1AndRC4_128");
nameTable.put(pbeWithSHA1AndRC4_40_oid, "PBEWithSHA1AndRC4_40");
nameTable.put(pbeWithSHA1AndDESede_oid, "PBEWithSHA1AndDESede");
nameTable.put(pbeWithSHA1AndRC2_128_oid, "PBEWithSHA1AndRC2_128");
nameTable.put(pbeWithSHA1AndRC2_40_oid, "PBEWithSHA1AndRC2_40");
}
/** /**
* Creates a signature algorithm name from a digest algorithm * Creates a signature algorithm name from a digest algorithm

31
src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java
View file

@ -34,9 +34,7 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Vector; import java.util.Vector;
import sun.security.util.DerValue; import sun.security.util.*;
import sun.security.util.DerOutputStream;
import sun.security.util.ObjectIdentifier;
/** /**
* This class defines the Extended Key Usage Extension, which * This class defines the Extended Key Usage Extension, which
@ -94,24 +92,6 @@ implements CertAttrSet<String> {
public static final String NAME = "ExtendedKeyUsage"; public static final String NAME = "ExtendedKeyUsage";
public static final String USAGES = "usages"; public static final String USAGES = "usages";
// OID defined in RFC 5280 Sections 4.2.1.12
// more from http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.html
private static final Map <ObjectIdentifier, String> map =
new HashMap<ObjectIdentifier, String>();
static {
map.put(ObjectIdentifier.of("2.5.29.37.0"), "anyExtendedKeyUsage");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.1"), "serverAuth");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.2"), "clientAuth");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.3"), "codeSigning");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.4"), "emailProtection");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.5"), "ipsecEndSystem");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.6"), "ipsecTunnel");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.7"), "ipsecUser");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.8"), "timeStamping");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.9"), "OCSPSigning");
};
/** /**
* Vector of KeyUsages for this object. * Vector of KeyUsages for this object.
*/ */
@ -198,11 +178,12 @@ implements CertAttrSet<String> {
usage += "\n "; usage += "\n ";
} }
String result = map.get(oid); String res = oid.toString();
if (result != null) { KnownOIDs os = KnownOIDs.findMatch(res);
usage += result; if (os != null) {
usage += os.stdName();
} else { } else {
usage += oid.toString(); usage += res;
} }
first = false; first = false;
} }

7
src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java
View file

@ -29,10 +29,7 @@ import java.io.IOException;
import java.io.OutputStream; import java.io.OutputStream;
import java.util.Enumeration; import java.util.Enumeration;
import sun.security.util.Debug; import sun.security.util.*;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
/** /**
* This class represents the Inhibit Any-Policy Extension. * This class represents the Inhibit Any-Policy Extension.
@ -76,7 +73,7 @@ implements CertAttrSet<String> {
* Object identifier for "any-policy" * Object identifier for "any-policy"
*/ */
public static ObjectIdentifier AnyPolicy_Id = public static ObjectIdentifier AnyPolicy_Id =
ObjectIdentifier.of("2.5.29.32.0"); ObjectIdentifier.of(KnownOIDs.CE_CERT_POLICIES_ANY);
/** /**
* Attribute names. * Attribute names.

2
src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java
View file

@ -73,7 +73,7 @@ implements CertAttrSet<String> {
* Object identifier for the Netscape-Cert-Type extension. * Object identifier for the Netscape-Cert-Type extension.
*/ */
public static ObjectIdentifier NetscapeCertType_Id = public static ObjectIdentifier NetscapeCertType_Id =
ObjectIdentifier.of("2.16.840.1.113730.1.1"); ObjectIdentifier.of(KnownOIDs.NETSCAPE_CertType);
private boolean[] bitString; private boolean[] bitString;

4
src/java.base/share/classes/sun/security/x509/OIDMap.java
View file

@ -136,7 +136,7 @@ public class OIDMap {
addInternal(POLICY_CONSTRAINTS, PKIXExtensions.PolicyConstraints_Id, addInternal(POLICY_CONSTRAINTS, PKIXExtensions.PolicyConstraints_Id,
"sun.security.x509.PolicyConstraintsExtension"); "sun.security.x509.PolicyConstraintsExtension");
addInternal(NETSCAPE_CERT, addInternal(NETSCAPE_CERT,
ObjectIdentifier.of("2.16.840.1.113730.1.1"), ObjectIdentifier.of(KnownOIDs.NETSCAPE_CertType),
"sun.security.x509.NetscapeCertTypeExtension"); "sun.security.x509.NetscapeCertTypeExtension");
addInternal(CERT_POLICIES, PKIXExtensions.CertificatePolicies_Id, addInternal(CERT_POLICIES, PKIXExtensions.CertificatePolicies_Id,
"sun.security.x509.CertificatePoliciesExtension"); "sun.security.x509.CertificatePoliciesExtension");
@ -227,7 +227,7 @@ public class OIDMap {
throws CertificateException { throws CertificateException {
ObjectIdentifier objId; ObjectIdentifier objId;
try { try {
objId = new ObjectIdentifier(oid); objId = ObjectIdentifier.of(oid);
} catch (IOException ioe) { } catch (IOException ioe) {
throw new CertificateException throw new CertificateException
("Invalid Object identifier: " + oid); ("Invalid Object identifier: " + oid);

4
src/java.base/share/classes/sun/security/x509/OIDName.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -69,7 +69,7 @@ public class OIDName implements GeneralNameInterface {
*/ */
public OIDName(String name) throws IOException { public OIDName(String name) throws IOException {
try { try {
oid = new ObjectIdentifier(name); oid = ObjectIdentifier.of(name);
} catch (Exception e) { } catch (Exception e) {
throw new IOException("Unable to create OIDName: " + e); throw new IOException("Unable to create OIDName: " + e);
} }

54
src/java.base/share/classes/sun/security/x509/PKIXExtensions.java
View file

@ -51,112 +51,112 @@ public class PKIXExtensions {
* Identifies the particular public key used to sign the certificate. * Identifies the particular public key used to sign the certificate.
*/ */
public static final ObjectIdentifier AuthorityKey_Id = public static final ObjectIdentifier AuthorityKey_Id =
ObjectIdentifier.of("2.5.29.35"); ObjectIdentifier.of(KnownOIDs.AuthorityKeyID);
/** /**
* Identifies the particular public key used in an application. * Identifies the particular public key used in an application.
*/ */
public static final ObjectIdentifier SubjectKey_Id = public static final ObjectIdentifier SubjectKey_Id =
ObjectIdentifier.of("2.5.29.14"); ObjectIdentifier.of(KnownOIDs.SubjectKeyID);
/** /**
* Defines the purpose of the key contained in the certificate. * Defines the purpose of the key contained in the certificate.
*/ */
public static final ObjectIdentifier KeyUsage_Id = public static final ObjectIdentifier KeyUsage_Id =
ObjectIdentifier.of("2.5.29.15"); ObjectIdentifier.of(KnownOIDs.KeyUsage);
/** /**
* Allows the certificate issuer to specify a different validity period * Allows the certificate issuer to specify a different validity period
* for the private key than the certificate. * for the private key than the certificate.
*/ */
public static final ObjectIdentifier PrivateKeyUsage_Id = public static final ObjectIdentifier PrivateKeyUsage_Id =
ObjectIdentifier.of("2.5.29.16"); ObjectIdentifier.of(KnownOIDs.PrivateKeyUsage);
/** /**
* Contains the sequence of policy information terms. * Contains the sequence of policy information terms.
*/ */
public static final ObjectIdentifier CertificatePolicies_Id = public static final ObjectIdentifier CertificatePolicies_Id =
ObjectIdentifier.of("2.5.29.32"); ObjectIdentifier.of(KnownOIDs.CertificatePolicies);
/** /**
* Lists pairs of object identifiers of policies considered equivalent by * Lists pairs of object identifiers of policies considered equivalent by
* the issuing CA to the subject CA. * the issuing CA to the subject CA.
*/ */
public static final ObjectIdentifier PolicyMappings_Id = public static final ObjectIdentifier PolicyMappings_Id =
ObjectIdentifier.of("2.5.29.33"); ObjectIdentifier.of(KnownOIDs.PolicyMappings);
/** /**
* Allows additional identities to be bound to the subject of the * Allows additional identities to be bound to the subject of the
* certificate. * certificate.
*/ */
public static final ObjectIdentifier SubjectAlternativeName_Id = public static final ObjectIdentifier SubjectAlternativeName_Id =
ObjectIdentifier.of("2.5.29.17"); ObjectIdentifier.of(KnownOIDs.SubjectAlternativeName);
/** /**
* Allows additional identities to be associated with the certificate * Allows additional identities to be associated with the certificate
* issuer. * issuer.
*/ */
public static final ObjectIdentifier IssuerAlternativeName_Id = public static final ObjectIdentifier IssuerAlternativeName_Id =
ObjectIdentifier.of("2.5.29.18"); ObjectIdentifier.of(KnownOIDs.IssuerAlternativeName);
/** /**
* Identifies additional directory attributes. * Identifies additional directory attributes.
* This extension is always non-critical. * This extension is always non-critical.
*/ */
public static final ObjectIdentifier SubjectDirectoryAttributes_Id = public static final ObjectIdentifier SubjectDirectoryAttributes_Id =
ObjectIdentifier.of("2.5.29.9"); ObjectIdentifier.of(KnownOIDs.SubjectDirectoryAttributes);
/** /**
* Identifies whether the subject of the certificate is a CA and how deep * Identifies whether the subject of the certificate is a CA and how deep
* a certification path may exist through that CA. * a certification path may exist through that CA.
*/ */
public static final ObjectIdentifier BasicConstraints_Id = public static final ObjectIdentifier BasicConstraints_Id =
ObjectIdentifier.of("2.5.29.19"); ObjectIdentifier.of(KnownOIDs.BasicConstraints);
/** /**
* Provides for permitted and excluded subtrees that place restrictions * Provides for permitted and excluded subtrees that place restrictions
* on names that may be included within a certificate issued by a given CA. * on names that may be included within a certificate issued by a given CA.
*/ */
public static final ObjectIdentifier NameConstraints_Id = public static final ObjectIdentifier NameConstraints_Id =
ObjectIdentifier.of("2.5.29.30"); ObjectIdentifier.of(KnownOIDs.NameConstraints);
/** /**
* Used to either prohibit policy mapping or limit the set of policies * Used to either prohibit policy mapping or limit the set of policies
* that can be in subsequent certificates. * that can be in subsequent certificates.
*/ */
public static final ObjectIdentifier PolicyConstraints_Id = public static final ObjectIdentifier PolicyConstraints_Id =
ObjectIdentifier.of("2.5.29.36"); ObjectIdentifier.of(KnownOIDs.PolicyConstraints);
/** /**
* Identifies how CRL information is obtained. * Identifies how CRL information is obtained.
*/ */
public static final ObjectIdentifier CRLDistributionPoints_Id = public static final ObjectIdentifier CRLDistributionPoints_Id =
ObjectIdentifier.of("2.5.29.31"); ObjectIdentifier.of(KnownOIDs.CRLDistributionPoints);
/** /**
* Conveys a monotonically increasing sequence number for each CRL * Conveys a monotonically increasing sequence number for each CRL
* issued by a given CA. * issued by a given CA.
*/ */
public static final ObjectIdentifier CRLNumber_Id = public static final ObjectIdentifier CRLNumber_Id =
ObjectIdentifier.of("2.5.29.20"); ObjectIdentifier.of(KnownOIDs.CRLNumber);
/** /**
* Identifies the CRL distribution point for a particular CRL. * Identifies the CRL distribution point for a particular CRL.
*/ */
public static final ObjectIdentifier IssuingDistributionPoint_Id = public static final ObjectIdentifier IssuingDistributionPoint_Id =
ObjectIdentifier.of("2.5.29.28"); ObjectIdentifier.of(KnownOIDs.IssuingDistributionPoint);
/** /**
* Identifies the delta CRL. * Identifies the delta CRL.
*/ */
public static final ObjectIdentifier DeltaCRLIndicator_Id = public static final ObjectIdentifier DeltaCRLIndicator_Id =
ObjectIdentifier.of("2.5.29.27"); ObjectIdentifier.of(KnownOIDs.DeltaCRLIndicator);
/** /**
* Identifies the reason for the certificate revocation. * Identifies the reason for the certificate revocation.
*/ */
public static final ObjectIdentifier ReasonCode_Id = public static final ObjectIdentifier ReasonCode_Id =
ObjectIdentifier.of("2.5.29.21"); ObjectIdentifier.of(KnownOIDs.ReasonCode);
/** /**
* This extension provides a registered instruction identifier indicating * This extension provides a registered instruction identifier indicating
@ -164,34 +164,34 @@ public class PKIXExtensions {
* placed on hold. * placed on hold.
*/ */
public static final ObjectIdentifier HoldInstructionCode_Id = public static final ObjectIdentifier HoldInstructionCode_Id =
ObjectIdentifier.of("2.5.29.23"); ObjectIdentifier.of(KnownOIDs.HoldInstructionCode);
/** /**
* Identifies the date on which it is known or suspected that the private * Identifies the date on which it is known or suspected that the private
* key was compromised or that the certificate otherwise became invalid. * key was compromised or that the certificate otherwise became invalid.
*/ */
public static final ObjectIdentifier InvalidityDate_Id = public static final ObjectIdentifier InvalidityDate_Id =
ObjectIdentifier.of("2.5.29.24"); ObjectIdentifier.of(KnownOIDs.InvalidityDate);
/** /**
* Identifies one or more purposes for which the certified public key * Identifies one or more purposes for which the certified public key
* may be used, in addition to or in place of the basic purposes * may be used, in addition to or in place of the basic purposes
* indicated in the key usage extension field. * indicated in the key usage extension field.
*/ */
public static final ObjectIdentifier ExtendedKeyUsage_Id = public static final ObjectIdentifier ExtendedKeyUsage_Id =
ObjectIdentifier.of("2.5.29.37"); ObjectIdentifier.of(KnownOIDs.extendedKeyUsage);
/** /**
* Specifies whether any-policy policy OID is permitted * Specifies whether any-policy policy OID is permitted
*/ */
public static final ObjectIdentifier InhibitAnyPolicy_Id = public static final ObjectIdentifier InhibitAnyPolicy_Id =
ObjectIdentifier.of("2.5.29.54"); ObjectIdentifier.of(KnownOIDs.InhibitAnyPolicy);
/** /**
* Identifies the certificate issuer associated with an entry in an * Identifies the certificate issuer associated with an entry in an
* indirect CRL. * indirect CRL.
*/ */
public static final ObjectIdentifier CertificateIssuer_Id = public static final ObjectIdentifier CertificateIssuer_Id =
ObjectIdentifier.of("2.5.29.29"); ObjectIdentifier.of(KnownOIDs.CertificateIssuer);
/** /**
* This extension indicates how to access CA information and services for * This extension indicates how to access CA information and services for
@ -200,32 +200,32 @@ public class PKIXExtensions {
* services. * services.
*/ */
public static final ObjectIdentifier AuthInfoAccess_Id = public static final ObjectIdentifier AuthInfoAccess_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.1.1"); ObjectIdentifier.of(KnownOIDs.AuthInfoAccess);
/** /**
* This extension indicates how to access CA information and services for * This extension indicates how to access CA information and services for
* the subject of the certificate in which the extension appears. * the subject of the certificate in which the extension appears.
*/ */
public static final ObjectIdentifier SubjectInfoAccess_Id = public static final ObjectIdentifier SubjectInfoAccess_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.1.11"); ObjectIdentifier.of(KnownOIDs.SubjectInfoAccess);
/** /**
* Identifies how delta CRL information is obtained. * Identifies how delta CRL information is obtained.
*/ */
public static final ObjectIdentifier FreshestCRL_Id = public static final ObjectIdentifier FreshestCRL_Id =
ObjectIdentifier.of("2.5.29.46"); ObjectIdentifier.of(KnownOIDs.FreshestCRL);
/** /**
* Identifies the OCSP client can trust the responder for the * Identifies the OCSP client can trust the responder for the
* lifetime of the responder's certificate. * lifetime of the responder's certificate.
*/ */
public static final ObjectIdentifier OCSPNoCheck_Id = public static final ObjectIdentifier OCSPNoCheck_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.5"); ObjectIdentifier.of(KnownOIDs.OCSPNoCheck);
/** /**
* This extension is used to provide nonce data for OCSP requests * This extension is used to provide nonce data for OCSP requests
* or responses. * or responses.
*/ */
public static final ObjectIdentifier OCSPNonce_Id = public static final ObjectIdentifier OCSPNonce_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.2"); ObjectIdentifier.of(KnownOIDs.OCSPNonceExt);
} }

34
src/java.base/share/classes/sun/security/x509/X500Name.java
View file

@ -1105,80 +1105,80 @@ public class X500Name implements GeneralNameInterface, Principal {
// OID for the "CN=" attribute, denoting a person's common name. // OID for the "CN=" attribute, denoting a person's common name.
public static final ObjectIdentifier commonName_oid = public static final ObjectIdentifier commonName_oid =
ObjectIdentifier.of("2.5.4.3"); ObjectIdentifier.of(KnownOIDs.CommonName);
// OID for the "SURNAME=" attribute, denoting a person's surname. // OID for the "SURNAME=" attribute, denoting a person's surname.
public static final ObjectIdentifier SURNAME_OID = public static final ObjectIdentifier SURNAME_OID =
ObjectIdentifier.of("2.5.4.4"); ObjectIdentifier.of(KnownOIDs.Surname);
// OID for the "SERIALNUMBER=" attribute, denoting a serial number for. // OID for the "SERIALNUMBER=" attribute, denoting a serial number for.
// a name. Do not confuse with PKCS#9 issuerAndSerialNumber or the // a name. Do not confuse with PKCS#9 issuerAndSerialNumber or the
// certificate serial number. // certificate serial number.
public static final ObjectIdentifier SERIALNUMBER_OID = public static final ObjectIdentifier SERIALNUMBER_OID =
ObjectIdentifier.of("2.5.4.5"); ObjectIdentifier.of(KnownOIDs.SerialNumber);
// OID for the "C=" attribute, denoting a country. // OID for the "C=" attribute, denoting a country.
public static final ObjectIdentifier countryName_oid = public static final ObjectIdentifier countryName_oid =
ObjectIdentifier.of("2.5.4.6"); ObjectIdentifier.of(KnownOIDs.CountryName);
// OID for the "L=" attribute, denoting a locality (such as a city). // OID for the "L=" attribute, denoting a locality (such as a city).
public static final ObjectIdentifier localityName_oid = public static final ObjectIdentifier localityName_oid =
ObjectIdentifier.of("2.5.4.7"); ObjectIdentifier.of(KnownOIDs.LocalityName);
// OID for the "S=" attribute, denoting a state (such as Delaware). // OID for the "S=" attribute, denoting a state (such as Delaware).
public static final ObjectIdentifier stateName_oid = public static final ObjectIdentifier stateName_oid =
ObjectIdentifier.of("2.5.4.8"); ObjectIdentifier.of(KnownOIDs.StateName);
// OID for the "STREET=" attribute, denoting a street address. // OID for the "STREET=" attribute, denoting a street address.
public static final ObjectIdentifier streetAddress_oid = public static final ObjectIdentifier streetAddress_oid =
ObjectIdentifier.of("2.5.4.9"); ObjectIdentifier.of(KnownOIDs.StreetAddress);
// OID for the "O=" attribute, denoting an organization name. // OID for the "O=" attribute, denoting an organization name.
public static final ObjectIdentifier orgName_oid = public static final ObjectIdentifier orgName_oid =
ObjectIdentifier.of("2.5.4.10"); ObjectIdentifier.of(KnownOIDs.OrgName);
// OID for the "OU=" attribute, denoting an organizational unit name. // OID for the "OU=" attribute, denoting an organizational unit name.
public static final ObjectIdentifier orgUnitName_oid = public static final ObjectIdentifier orgUnitName_oid =
ObjectIdentifier.of("2.5.4.11"); ObjectIdentifier.of(KnownOIDs.OrgUnitName);
// OID for the "T=" attribute, denoting a person's title. // OID for the "T=" attribute, denoting a person's title.
public static final ObjectIdentifier title_oid = public static final ObjectIdentifier title_oid =
ObjectIdentifier.of("2.5.4.12"); ObjectIdentifier.of(KnownOIDs.Title);
// OID for the "GIVENNAME=" attribute, denoting a person's given name. // OID for the "GIVENNAME=" attribute, denoting a person's given name.
public static final ObjectIdentifier GIVENNAME_OID = public static final ObjectIdentifier GIVENNAME_OID =
ObjectIdentifier.of("2.5.4.42"); ObjectIdentifier.of(KnownOIDs.GivenName);
// OID for the "INITIALS=" attribute, denoting a person's initials. // OID for the "INITIALS=" attribute, denoting a person's initials.
public static final ObjectIdentifier INITIALS_OID = public static final ObjectIdentifier INITIALS_OID =
ObjectIdentifier.of("2.5.4.43"); ObjectIdentifier.of(KnownOIDs.Initials);
// OID for the "GENERATION=" attribute, denoting Jr., II, etc. // OID for the "GENERATION=" attribute, denoting Jr., II, etc.
public static final ObjectIdentifier GENERATIONQUALIFIER_OID = public static final ObjectIdentifier GENERATIONQUALIFIER_OID =
ObjectIdentifier.of("2.5.4.44"); ObjectIdentifier.of(KnownOIDs.GenerationQualifier);
// OID for the "DNQUALIFIER=" or "DNQ=" attribute, denoting DN // OID for the "DNQUALIFIER=" or "DNQ=" attribute, denoting DN
// disambiguating information. // disambiguating information.
public static final ObjectIdentifier DNQUALIFIER_OID = public static final ObjectIdentifier DNQUALIFIER_OID =
ObjectIdentifier.of("2.5.4.46"); ObjectIdentifier.of(KnownOIDs.DNQualifier);
// OIDs from other sources which show up in X.500 names we // OIDs from other sources which show up in X.500 names we
// expect to deal with often. // expect to deal with often.
// //
// OID for "IP=" IP address attributes, used with SKIP. // OID for "IP=" IP address attributes, used with SKIP.
public static final ObjectIdentifier ipAddress_oid = public static final ObjectIdentifier ipAddress_oid =
ObjectIdentifier.of("1.3.6.1.4.1.42.2.11.2.1"); ObjectIdentifier.of(KnownOIDs.SkipIPAddress);
// Domain component OID from RFC 1274, RFC 2247, RFC 5280. // Domain component OID from RFC 1274, RFC 2247, RFC 5280.
// //
// OID for "DC=" domain component attributes.used with DNSNames in DN // OID for "DC=" domain component attributes.used with DNSNames in DN
// format. // format.
public static final ObjectIdentifier DOMAIN_COMPONENT_OID = public static final ObjectIdentifier DOMAIN_COMPONENT_OID =
ObjectIdentifier.of("0.9.2342.19200300.100.1.25"); ObjectIdentifier.of(KnownOIDs.UCL_DomainComponent);
// OID for "UID=" denoting a user id, defined in RFCs 1274 & 2798. // OID for "UID=" denoting a user id, defined in RFCs 1274 & 2798.
public static final ObjectIdentifier userid_oid = public static final ObjectIdentifier userid_oid =
ObjectIdentifier.of("0.9.2342.19200300.100.1.1"); ObjectIdentifier.of(KnownOIDs.UCL_UserID);
/** /**
* Return constraint type:<ul> * Return constraint type:<ul>

7
src/java.base/share/classes/sun/security/x509/X509CRLEntryImpl.java
View file

@ -252,7 +252,8 @@ public class X509CRLEntryImpl extends X509CRLEntry
*/ */
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) { public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try { try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21"); byte[] ext = crlEntry.getExtensionValue
(KnownOIDs.ReasonCode.value());
if (ext == null) { if (ext == null) {
return null; return null;
} }
@ -402,11 +403,11 @@ public class X509CRLEntryImpl extends X509CRLEntry
if (extensions == null) if (extensions == null)
return null; return null;
try { try {
String extAlias = OIDMap.getName(new ObjectIdentifier(oid)); String extAlias = OIDMap.getName(ObjectIdentifier.of(oid));
Extension crlExt = null; Extension crlExt = null;
if (extAlias == null) { // may be unknown if (extAlias == null) { // may be unknown
ObjectIdentifier findOID = new ObjectIdentifier(oid); ObjectIdentifier findOID = ObjectIdentifier.of(oid);
Extension ex = null; Extension ex = null;
ObjectIdentifier inCertOID; ObjectIdentifier inCertOID;
for (Enumeration<Extension> e = extensions.getElements(); for (Enumeration<Extension> e = extensions.getElements();

4
src/java.base/share/classes/sun/security/x509/X509CRLImpl.java
View file

@ -1036,11 +1036,11 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
if (extensions == null) if (extensions == null)
return null; return null;
try { try {
String extAlias = OIDMap.getName(new ObjectIdentifier(oid)); String extAlias = OIDMap.getName(ObjectIdentifier.of(oid));
Extension crlExt = null; Extension crlExt = null;
if (extAlias == null) { // may be unknown if (extAlias == null) { // may be unknown
ObjectIdentifier findOID = new ObjectIdentifier(oid); ObjectIdentifier findOID = ObjectIdentifier.of(oid);
Extension ex = null; Extension ex = null;
ObjectIdentifier inCertOID; ObjectIdentifier inCertOID;
for (Enumeration<Extension> e = extensions.getElements(); for (Enumeration<Extension> e = extensions.getElements();

19
src/java.base/share/classes/sun/security/x509/X509CertImpl.java
View file

@ -128,14 +128,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
protected AlgorithmId algId = null; protected AlgorithmId algId = null;
protected byte[] signature = null; protected byte[] signature = null;
// recognized extension OIDS
private static final String KEY_USAGE_OID = "2.5.29.15";
private static final String EXTENDED_KEY_USAGE_OID = "2.5.29.37";
private static final String BASIC_CONSTRAINT_OID = "2.5.29.19";
private static final String SUBJECT_ALT_NAME_OID = "2.5.29.17";
private static final String ISSUER_ALT_NAME_OID = "2.5.29.18";
private static final String AUTH_INFO_ACCESS_OID = "1.3.6.1.5.5.7.1.1";
// number of standard key usage bits. // number of standard key usage bits.
private static final int NUM_STANDARD_KEY_USAGE = 9; private static final int NUM_STANDARD_KEY_USAGE = 9;
@ -1423,7 +1415,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
*/ */
public byte[] getExtensionValue(String oid) { public byte[] getExtensionValue(String oid) {
try { try {
ObjectIdentifier findOID = new ObjectIdentifier(oid); ObjectIdentifier findOID = ObjectIdentifier.of(oid);
String extAlias = OIDMap.getName(findOID); String extAlias = OIDMap.getName(findOID);
Extension certExt = null; Extension certExt = null;
CertificateExtensions exts = (CertificateExtensions)info.get( CertificateExtensions exts = (CertificateExtensions)info.get(
@ -1526,7 +1518,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public static List<String> getExtendedKeyUsage(X509Certificate cert) public static List<String> getExtendedKeyUsage(X509Certificate cert)
throws CertificateParsingException { throws CertificateParsingException {
try { try {
byte[] ext = cert.getExtensionValue(EXTENDED_KEY_USAGE_OID); byte[] ext = cert.getExtensionValue
(KnownOIDs.extendedKeyUsage.value());
if (ext == null) if (ext == null)
return null; return null;
DerValue val = new DerValue(ext); DerValue val = new DerValue(ext);
@ -1696,7 +1689,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public static Collection<List<?>> getSubjectAlternativeNames(X509Certificate cert) public static Collection<List<?>> getSubjectAlternativeNames(X509Certificate cert)
throws CertificateParsingException { throws CertificateParsingException {
try { try {
byte[] ext = cert.getExtensionValue(SUBJECT_ALT_NAME_OID); byte[] ext = cert.getExtensionValue
(KnownOIDs.SubjectAlternativeName.value());
if (ext == null) { if (ext == null) {
return null; return null;
} }
@ -1759,7 +1753,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public static Collection<List<?>> getIssuerAlternativeNames(X509Certificate cert) public static Collection<List<?>> getIssuerAlternativeNames(X509Certificate cert)
throws CertificateParsingException { throws CertificateParsingException {
try { try {
byte[] ext = cert.getExtensionValue(ISSUER_ALT_NAME_OID); byte[] ext = cert.getExtensionValue
(KnownOIDs.IssuerAlternativeName.value());
if (ext == null) { if (ext == null) {
return null; return null;
} }

4
src/java.security.jgss/share/classes/org/ietf/jgss/Oid.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -65,7 +65,7 @@ public class Oid {
public Oid(String strOid) throws GSSException { public Oid(String strOid) throws GSSException {
try { try {
oid = new ObjectIdentifier(strOid); oid = ObjectIdentifier.of(strOid);
derEncoding = null; derEncoding = null;
} catch (Exception e) { } catch (Exception e) {
throw new GSSException(GSSException.FAILURE, throw new GSSException(GSSException.FAILURE,

4
src/java.security.jgss/share/classes/sun/security/jgss/GSSContextImpl.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -241,7 +241,7 @@ public class GSSContextImpl implements GSSContext {
mechCtxt.setChannelBinding(channelBindings); mechCtxt.setChannelBinding(channelBindings);
mechCtxt.requestDelegPolicy(reqDelegPolicyState); mechCtxt.requestDelegPolicy(reqDelegPolicyState);
objId = new ObjectIdentifier(mechOid.toString()); objId = ObjectIdentifier.of(mechOid.toString());
currentState = IN_PROGRESS; currentState = IN_PROGRESS;
firstToken = true; firstToken = true;

4
src/java.security.jgss/share/classes/sun/security/jgss/GSSNameImpl.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -403,7 +403,7 @@ public class GSSNameImpl implements GSSName {
ObjectIdentifier oid = null; ObjectIdentifier oid = null;
try { try {
oid = new ObjectIdentifier oid = ObjectIdentifier.of
(mechElement.getMechanism().toString()); (mechElement.getMechanism().toString());
} catch (IOException e) { } catch (IOException e) {
throw new GSSExceptionImpl(GSSException.FAILURE, throw new GSSExceptionImpl(GSSException.FAILURE,

4
src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Token.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -77,7 +77,7 @@ abstract class Krb5Token extends GSSToken {
static { static {
try { try {
OID = new ObjectIdentifier(Krb5MechFactory. OID = ObjectIdentifier.of(Krb5MechFactory.
GSS_KRB5_MECH_OID.toString()); GSS_KRB5_MECH_OID.toString());
} catch (IOException ioe) { } catch (IOException ioe) {
// should not happen // should not happen

4
src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoToken.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -68,7 +68,7 @@ abstract class SpNegoToken extends GSSToken {
static { static {
try { try {
OID = new ObjectIdentifier(SpNegoMechFactory. OID = ObjectIdentifier.of(SpNegoMechFactory.
GSS_SPNEGO_MECH_OID.toString()); GSS_SPNEGO_MECH_OID.toString());
} catch (IOException ioe) { } catch (IOException ioe) {
// should not happen // should not happen

4
src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -130,7 +130,7 @@ public class GSSNameElement implements GSSNameSpi {
DerOutputStream dout = new DerOutputStream(); DerOutputStream dout = new DerOutputStream();
Oid mech = cStub.getMech(); Oid mech = cStub.getMech();
try { try {
dout.putOID(new ObjectIdentifier(mech.toString())); dout.putOID(ObjectIdentifier.of(mech.toString()));
} catch (IOException e) { } catch (IOException e) {
throw new GSSExceptionImpl(GSSException.FAILURE, e); throw new GSSExceptionImpl(GSSException.FAILURE, e);
} }

4
src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -164,7 +164,7 @@ class NativeGSSContext implements GSSContextSpi {
SunNativeProvider.debug("Precomputed mechToken length: " + SunNativeProvider.debug("Precomputed mechToken length: " +
mechTokenLen); mechTokenLen);
GSSHeader gssHeader = new GSSHeader GSSHeader gssHeader = new GSSHeader
(new ObjectIdentifier(cStub.getMech().toString()), (ObjectIdentifier.of(cStub.getMech().toString()),
mechTokenLen); mechTokenLen);
ByteArrayOutputStream baos = new ByteArrayOutputStream(600); ByteArrayOutputStream baos = new ByteArrayOutputStream(600);

208
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -45,6 +45,7 @@ import javax.security.auth.callback.TextOutputCallback;
import sun.security.util.Debug; import sun.security.util.Debug;
import sun.security.util.ResourcesMgr; import sun.security.util.ResourcesMgr;
import static sun.security.util.SecurityConstants.PROVIDER_VER; import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.util.SecurityProviderConstants.getAliases;
import sun.security.pkcs11.Secmod.*; import sun.security.pkcs11.Secmod.*;
@ -405,19 +406,15 @@ public final class SunPKCS11 extends AuthProvider {
return System.identityHashCode(this); return System.identityHashCode(this);
} }
private static String[] s(String ...aliases) {
return aliases;
}
private static final class Descriptor { private static final class Descriptor {
final String type; final String type;
final String algorithm; final String algorithm;
final String className; final String className;
final String[] aliases; final List<String> aliases;
final int[] mechanisms; final int[] mechanisms;
private Descriptor(String type, String algorithm, String className, private Descriptor(String type, String algorithm, String className,
String[] aliases, int[] mechanisms) { List<String> aliases, int[] mechanisms) {
this.type = type; this.type = type;
this.algorithm = algorithm; this.algorithm = algorithm;
this.className = className; this.className = className;
@ -460,10 +457,16 @@ public final class SunPKCS11 extends AuthProvider {
} }
private static void d(String type, String algorithm, String className, private static void d(String type, String algorithm, String className,
String[] aliases, int[] m) { List<String> aliases, int[] m) {
register(new Descriptor(type, algorithm, className, aliases, m)); register(new Descriptor(type, algorithm, className, aliases, m));
} }
private static void dA(String type, String algorithm, String className,
int[] m) {
register(new Descriptor(type, algorithm, className,
getAliases(algorithm), m));
}
private static void register(Descriptor d) { private static void register(Descriptor d) {
for (int i = 0; i < d.mechanisms.length; i++) { for (int i = 0; i < d.mechanisms.length; i++) {
int m = d.mechanisms[i]; int m = d.mechanisms[i];
@ -525,51 +528,37 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_MD2)); m(CKM_MD2));
d(MD, "MD5", P11Digest, d(MD, "MD5", P11Digest,
m(CKM_MD5)); m(CKM_MD5));
d(MD, "SHA1", P11Digest, dA(MD, "SHA-1", P11Digest,
s("SHA", "SHA-1", "1.3.14.3.2.26", "OID.1.3.14.3.2.26"),
m(CKM_SHA_1)); m(CKM_SHA_1));
d(MD, "SHA-224", P11Digest, dA(MD, "SHA-224", P11Digest,
s("2.16.840.1.101.3.4.2.4", "OID.2.16.840.1.101.3.4.2.4"),
m(CKM_SHA224)); m(CKM_SHA224));
d(MD, "SHA-256", P11Digest, dA(MD, "SHA-256", P11Digest,
s("2.16.840.1.101.3.4.2.1", "OID.2.16.840.1.101.3.4.2.1"),
m(CKM_SHA256)); m(CKM_SHA256));
d(MD, "SHA-384", P11Digest, dA(MD, "SHA-384", P11Digest,
s("2.16.840.1.101.3.4.2.2", "OID.2.16.840.1.101.3.4.2.2"),
m(CKM_SHA384)); m(CKM_SHA384));
d(MD, "SHA-512", P11Digest, dA(MD, "SHA-512", P11Digest,
s("2.16.840.1.101.3.4.2.3", "OID.2.16.840.1.101.3.4.2.3"),
m(CKM_SHA512)); m(CKM_SHA512));
d(MD, "SHA-512/224", P11Digest, dA(MD, "SHA-512/224", P11Digest,
s("2.16.840.1.101.3.4.2.5", "OID.2.16.840.1.101.3.4.2.5"),
m(CKM_SHA512_224)); m(CKM_SHA512_224));
d(MD, "SHA-512/256", P11Digest, dA(MD, "SHA-512/256", P11Digest,
s("2.16.840.1.101.3.4.2.6", "OID.2.16.840.1.101.3.4.2.6"),
m(CKM_SHA512_256)); m(CKM_SHA512_256));
d(MAC, "HmacMD5", P11MAC, d(MAC, "HmacMD5", P11MAC,
m(CKM_MD5_HMAC)); m(CKM_MD5_HMAC));
d(MAC, "HmacSHA1", P11MAC, dA(MAC, "HmacSHA1", P11MAC,
s("1.2.840.113549.2.7", "OID.1.2.840.113549.2.7"),
m(CKM_SHA_1_HMAC)); m(CKM_SHA_1_HMAC));
d(MAC, "HmacSHA224", P11MAC, dA(MAC, "HmacSHA224", P11MAC,
s("1.2.840.113549.2.8", "OID.1.2.840.113549.2.8"),
m(CKM_SHA224_HMAC)); m(CKM_SHA224_HMAC));
d(MAC, "HmacSHA256", P11MAC, dA(MAC, "HmacSHA256", P11MAC,
s("1.2.840.113549.2.9", "OID.1.2.840.113549.2.9"),
m(CKM_SHA256_HMAC)); m(CKM_SHA256_HMAC));
d(MAC, "HmacSHA384", P11MAC, dA(MAC, "HmacSHA384", P11MAC,
s("1.2.840.113549.2.10", "OID.1.2.840.113549.2.10"),
m(CKM_SHA384_HMAC)); m(CKM_SHA384_HMAC));
d(MAC, "HmacSHA512", P11MAC, dA(MAC, "HmacSHA512", P11MAC,
s("1.2.840.113549.2.11", "OID.1.2.840.113549.2.11"),
m(CKM_SHA512_HMAC)); m(CKM_SHA512_HMAC));
d(MAC, "HmacSHA512/224", P11MAC, dA(MAC, "HmacSHA512/224", P11MAC,
s("1.2.840.113549.2.12", "OID.1.2.840.113549.2.12"),
m(CKM_SHA512_224_HMAC)); m(CKM_SHA512_224_HMAC));
d(MAC, "HmacSHA512/256", P11MAC, dA(MAC, "HmacSHA512/256", P11MAC,
s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"),
m(CKM_SHA512_256_HMAC)); m(CKM_SHA512_256_HMAC));
d(MAC, "SslMacMD5", P11MAC, d(MAC, "SslMacMD5", P11MAC,
@ -578,18 +567,20 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_SSL3_SHA1_MAC)); m(CKM_SSL3_SHA1_MAC));
d(KPG, "RSA", P11KeyPairGenerator, d(KPG, "RSA", P11KeyPairGenerator,
s("1.2.840.113549.1.1", "OID.1.2.840.113549.1.1"), getAliases("PKCS1"),
m(CKM_RSA_PKCS_KEY_PAIR_GEN)); m(CKM_RSA_PKCS_KEY_PAIR_GEN));
d(KPG, "DSA", P11KeyPairGenerator, List<String> dhAlias = List.of("DiffieHellman");
s("1.3.14.3.2.12", "1.2.840.10040.4.1", "OID.1.2.840.10040.4.1"),
dA(KPG, "DSA", P11KeyPairGenerator,
m(CKM_DSA_KEY_PAIR_GEN)); m(CKM_DSA_KEY_PAIR_GEN));
d(KPG, "DH", P11KeyPairGenerator, s("DiffieHellman"), d(KPG, "DH", P11KeyPairGenerator,
dhAlias,
m(CKM_DH_PKCS_KEY_PAIR_GEN)); m(CKM_DH_PKCS_KEY_PAIR_GEN));
d(KPG, "EC", P11KeyPairGenerator, d(KPG, "EC", P11KeyPairGenerator,
m(CKM_EC_KEY_PAIR_GEN)); m(CKM_EC_KEY_PAIR_GEN));
d(KG, "ARCFOUR", P11KeyGenerator, s("RC4"), dA(KG, "ARCFOUR", P11KeyGenerator,
m(CKM_RC4_KEY_GEN)); m(CKM_RC4_KEY_GEN));
d(KG, "DES", P11KeyGenerator, d(KG, "DES", P11KeyGenerator,
m(CKM_DES_KEY_GEN)); m(CKM_DES_KEY_GEN));
@ -603,12 +594,12 @@ public final class SunPKCS11 extends AuthProvider {
// register (Secret)KeyFactories if there are any mechanisms // register (Secret)KeyFactories if there are any mechanisms
// for a particular algorithm that we support // for a particular algorithm that we support
d(KF, "RSA", P11RSAKeyFactory, d(KF, "RSA", P11RSAKeyFactory,
s("1.2.840.113549.1.1", "OID.1.2.840.113549.1.1"), getAliases("PKCS1"),
m(CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_RSA_PKCS, CKM_RSA_X_509)); m(CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_RSA_PKCS, CKM_RSA_X_509));
d(KF, "DSA", P11DSAKeyFactory, dA(KF, "DSA", P11DSAKeyFactory,
s("1.3.14.3.2.12", "1.2.840.10040.4.1", "OID.1.2.840.10040.4.1"),
m(CKM_DSA_KEY_PAIR_GEN, CKM_DSA, CKM_DSA_SHA1)); m(CKM_DSA_KEY_PAIR_GEN, CKM_DSA, CKM_DSA_SHA1));
d(KF, "DH", P11DHKeyFactory, s("DiffieHellman"), d(KF, "DH", P11DHKeyFactory,
dhAlias,
m(CKM_DH_PKCS_KEY_PAIR_GEN, CKM_DH_PKCS_DERIVE)); m(CKM_DH_PKCS_KEY_PAIR_GEN, CKM_DH_PKCS_DERIVE));
d(KF, "EC", P11DHKeyFactory, d(KF, "EC", P11DHKeyFactory,
m(CKM_EC_KEY_PAIR_GEN, CKM_ECDH1_DERIVE, m(CKM_EC_KEY_PAIR_GEN, CKM_ECDH1_DERIVE,
@ -616,8 +607,7 @@ public final class SunPKCS11 extends AuthProvider {
// AlgorithmParameters for EC. // AlgorithmParameters for EC.
// Only needed until we have an EC implementation in the SUN provider. // Only needed until we have an EC implementation in the SUN provider.
d(AGP, "EC", "sun.security.util.ECParameters", dA(AGP, "EC", "sun.security.util.ECParameters",
s("1.2.840.10045.2.1"),
m(CKM_EC_KEY_PAIR_GEN, CKM_ECDH1_DERIVE, m(CKM_EC_KEY_PAIR_GEN, CKM_ECDH1_DERIVE,
CKM_ECDSA, CKM_ECDSA_SHA1)); CKM_ECDSA, CKM_ECDSA_SHA1));
@ -625,25 +615,25 @@ public final class SunPKCS11 extends AuthProvider {
d(AGP, "GCM", "sun.security.util.GCMParameters", d(AGP, "GCM", "sun.security.util.GCMParameters",
m(CKM_AES_GCM)); m(CKM_AES_GCM));
d(KA, "DH", P11KeyAgreement, s("DiffieHellman"), d(KA, "DH", P11KeyAgreement,
dhAlias,
m(CKM_DH_PKCS_DERIVE)); m(CKM_DH_PKCS_DERIVE));
d(KA, "ECDH", "sun.security.pkcs11.P11ECDHKeyAgreement", d(KA, "ECDH", "sun.security.pkcs11.P11ECDHKeyAgreement",
m(CKM_ECDH1_DERIVE)); m(CKM_ECDH1_DERIVE));
d(SKF, "ARCFOUR", P11SecretKeyFactory, s("RC4"), dA(SKF, "ARCFOUR", P11SecretKeyFactory,
m(CKM_RC4)); m(CKM_RC4));
d(SKF, "DES", P11SecretKeyFactory, d(SKF, "DES", P11SecretKeyFactory,
m(CKM_DES_CBC)); m(CKM_DES_CBC));
d(SKF, "DESede", P11SecretKeyFactory, d(SKF, "DESede", P11SecretKeyFactory,
m(CKM_DES3_CBC)); m(CKM_DES3_CBC));
d(SKF, "AES", P11SecretKeyFactory, dA(SKF, "AES", P11SecretKeyFactory,
s("2.16.840.1.101.3.4.1", "OID.2.16.840.1.101.3.4.1"),
m(CKM_AES_CBC)); m(CKM_AES_CBC));
d(SKF, "Blowfish", P11SecretKeyFactory, d(SKF, "Blowfish", P11SecretKeyFactory,
m(CKM_BLOWFISH_CBC)); m(CKM_BLOWFISH_CBC));
// XXX attributes for Ciphers (supported modes, padding) // XXX attributes for Ciphers (supported modes, padding)
d(CIP, "ARCFOUR", P11Cipher, s("RC4"), dA(CIP, "ARCFOUR", P11Cipher,
m(CKM_RC4)); m(CKM_RC4));
d(CIP, "DES/CBC/NoPadding", P11Cipher, d(CIP, "DES/CBC/NoPadding", P11Cipher,
m(CKM_DES_CBC)); m(CKM_DES_CBC));
@ -651,7 +641,8 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_DES_CBC_PAD, CKM_DES_CBC)); m(CKM_DES_CBC_PAD, CKM_DES_CBC));
d(CIP, "DES/ECB/NoPadding", P11Cipher, d(CIP, "DES/ECB/NoPadding", P11Cipher,
m(CKM_DES_ECB)); m(CKM_DES_ECB));
d(CIP, "DES/ECB/PKCS5Padding", P11Cipher, s("DES"), d(CIP, "DES/ECB/PKCS5Padding", P11Cipher,
List.of("DES"),
m(CKM_DES_ECB)); m(CKM_DES_ECB));
d(CIP, "DESede/CBC/NoPadding", P11Cipher, d(CIP, "DESede/CBC/NoPadding", P11Cipher,
@ -660,47 +651,40 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_DES3_CBC_PAD, CKM_DES3_CBC)); m(CKM_DES3_CBC_PAD, CKM_DES3_CBC));
d(CIP, "DESede/ECB/NoPadding", P11Cipher, d(CIP, "DESede/ECB/NoPadding", P11Cipher,
m(CKM_DES3_ECB)); m(CKM_DES3_ECB));
d(CIP, "DESede/ECB/PKCS5Padding", P11Cipher, s("DESede"), d(CIP, "DESede/ECB/PKCS5Padding", P11Cipher,
List.of("DESede"),
m(CKM_DES3_ECB)); m(CKM_DES3_ECB));
d(CIP, "AES/CBC/NoPadding", P11Cipher, d(CIP, "AES/CBC/NoPadding", P11Cipher,
m(CKM_AES_CBC)); m(CKM_AES_CBC));
d(CIP, "AES_128/CBC/NoPadding", P11Cipher, dA(CIP, "AES_128/CBC/NoPadding", P11Cipher,
s("2.16.840.1.101.3.4.1.2", "OID.2.16.840.1.101.3.4.1.2"),
m(CKM_AES_CBC)); m(CKM_AES_CBC));
d(CIP, "AES_192/CBC/NoPadding", P11Cipher, dA(CIP, "AES_192/CBC/NoPadding", P11Cipher,
s("2.16.840.1.101.3.4.1.22", "OID.2.16.840.1.101.3.4.1.22"),
m(CKM_AES_CBC)); m(CKM_AES_CBC));
d(CIP, "AES_256/CBC/NoPadding", P11Cipher, dA(CIP, "AES_256/CBC/NoPadding", P11Cipher,
s("2.16.840.1.101.3.4.1.42", "OID.2.16.840.1.101.3.4.1.42"),
m(CKM_AES_CBC)); m(CKM_AES_CBC));
d(CIP, "AES/CBC/PKCS5Padding", P11Cipher, d(CIP, "AES/CBC/PKCS5Padding", P11Cipher,
m(CKM_AES_CBC_PAD, CKM_AES_CBC)); m(CKM_AES_CBC_PAD, CKM_AES_CBC));
d(CIP, "AES/ECB/NoPadding", P11Cipher, d(CIP, "AES/ECB/NoPadding", P11Cipher,
m(CKM_AES_ECB)); m(CKM_AES_ECB));
d(CIP, "AES_128/ECB/NoPadding", P11Cipher, dA(CIP, "AES_128/ECB/NoPadding", P11Cipher,
s("2.16.840.1.101.3.4.1.1", "OID.2.16.840.1.101.3.4.1.1"),
m(CKM_AES_ECB)); m(CKM_AES_ECB));
d(CIP, "AES_192/ECB/NoPadding", P11Cipher, dA(CIP, "AES_192/ECB/NoPadding", P11Cipher,
s("2.16.840.1.101.3.4.1.21", "OID.2.16.840.1.101.3.4.1.21"),
m(CKM_AES_ECB)); m(CKM_AES_ECB));
d(CIP, "AES_256/ECB/NoPadding", P11Cipher, dA(CIP, "AES_256/ECB/NoPadding", P11Cipher,
s("2.16.840.1.101.3.4.1.41", "OID.2.16.840.1.101.3.4.1.41"),
m(CKM_AES_ECB)); m(CKM_AES_ECB));
d(CIP, "AES/ECB/PKCS5Padding", P11Cipher, s("AES"), d(CIP, "AES/ECB/PKCS5Padding", P11Cipher,
List.of("AES"),
m(CKM_AES_ECB)); m(CKM_AES_ECB));
d(CIP, "AES/CTR/NoPadding", P11Cipher, d(CIP, "AES/CTR/NoPadding", P11Cipher,
m(CKM_AES_CTR)); m(CKM_AES_CTR));
d(CIP, "AES/GCM/NoPadding", P11AEADCipher, d(CIP, "AES/GCM/NoPadding", P11AEADCipher,
m(CKM_AES_GCM)); m(CKM_AES_GCM));
d(CIP, "AES_128/GCM/NoPadding", P11AEADCipher, dA(CIP, "AES_128/GCM/NoPadding", P11AEADCipher,
s("2.16.840.1.101.3.4.1.6", "OID.2.16.840.1.101.3.4.1.6"),
m(CKM_AES_GCM)); m(CKM_AES_GCM));
d(CIP, "AES_192/GCM/NoPadding", P11AEADCipher, dA(CIP, "AES_192/GCM/NoPadding", P11AEADCipher,
s("2.16.840.1.101.3.4.1.26", "OID.2.16.840.1.101.3.4.1.26"),
m(CKM_AES_GCM)); m(CKM_AES_GCM));
d(CIP, "AES_256/GCM/NoPadding", P11AEADCipher, dA(CIP, "AES_256/GCM/NoPadding", P11AEADCipher,
s("2.16.840.1.101.3.4.1.46", "OID.2.16.840.1.101.3.4.1.46"),
m(CKM_AES_GCM)); m(CKM_AES_GCM));
d(CIP, "Blowfish/CBC/NoPadding", P11Cipher, d(CIP, "Blowfish/CBC/NoPadding", P11Cipher,
@ -708,52 +692,43 @@ public final class SunPKCS11 extends AuthProvider {
d(CIP, "Blowfish/CBC/PKCS5Padding", P11Cipher, d(CIP, "Blowfish/CBC/PKCS5Padding", P11Cipher,
m(CKM_BLOWFISH_CBC)); m(CKM_BLOWFISH_CBC));
d(CIP, "RSA/ECB/PKCS1Padding", P11RSACipher, s("RSA"), d(CIP, "RSA/ECB/PKCS1Padding", P11RSACipher,
List.of("RSA"),
m(CKM_RSA_PKCS)); m(CKM_RSA_PKCS));
d(CIP, "RSA/ECB/NoPadding", P11RSACipher, d(CIP, "RSA/ECB/NoPadding", P11RSACipher,
m(CKM_RSA_X_509)); m(CKM_RSA_X_509));
d(SIG, "RawDSA", P11Signature, s("NONEwithDSA"), d(SIG, "RawDSA", P11Signature,
List.of("NONEwithDSA"),
m(CKM_DSA)); m(CKM_DSA));
d(SIG, "DSA", P11Signature, dA(SIG, "SHA1withDSA", P11Signature,
s("SHA1withDSA", "1.3.14.3.2.13", "1.3.14.3.2.27",
"1.2.840.10040.4.3", "OID.1.2.840.10040.4.3"),
m(CKM_DSA_SHA1, CKM_DSA)); m(CKM_DSA_SHA1, CKM_DSA));
d(SIG, "SHA224withDSA", P11Signature, dA(SIG, "SHA224withDSA", P11Signature,
s("2.16.840.1.101.3.4.3.1", "OID.2.16.840.1.101.3.4.3.1"),
m(CKM_DSA_SHA224)); m(CKM_DSA_SHA224));
d(SIG, "SHA256withDSA", P11Signature, dA(SIG, "SHA256withDSA", P11Signature,
s("2.16.840.1.101.3.4.3.2", "OID.2.16.840.1.101.3.4.3.2"),
m(CKM_DSA_SHA256)); m(CKM_DSA_SHA256));
d(SIG, "SHA384withDSA", P11Signature, dA(SIG, "SHA384withDSA", P11Signature,
s("2.16.840.1.101.3.4.3.3", "OID.2.16.840.1.101.3.4.3.3"),
m(CKM_DSA_SHA384)); m(CKM_DSA_SHA384));
d(SIG, "SHA512withDSA", P11Signature, dA(SIG, "SHA512withDSA", P11Signature,
s("2.16.840.1.101.3.4.3.4", "OID.2.16.840.1.101.3.4.3.4"),
m(CKM_DSA_SHA512)); m(CKM_DSA_SHA512));
d(SIG, "RawDSAinP1363Format", P11Signature, d(SIG, "RawDSAinP1363Format", P11Signature,
s("NONEwithDSAinP1363Format"), List.of("NONEwithDSAinP1363Format"),
m(CKM_DSA)); m(CKM_DSA));
d(SIG, "DSAinP1363Format", P11Signature, d(SIG, "DSAinP1363Format", P11Signature,
s("SHA1withDSAinP1363Format"), List.of("SHA1withDSAinP1363Format"),
m(CKM_DSA_SHA1, CKM_DSA)); m(CKM_DSA_SHA1, CKM_DSA));
d(SIG, "NONEwithECDSA", P11Signature, d(SIG, "NONEwithECDSA", P11Signature,
m(CKM_ECDSA)); m(CKM_ECDSA));
d(SIG, "SHA1withECDSA", P11Signature, dA(SIG, "SHA1withECDSA", P11Signature,
s("ECDSA", "1.2.840.10045.4.1", "OID.1.2.840.10045.4.1"),
m(CKM_ECDSA_SHA1, CKM_ECDSA)); m(CKM_ECDSA_SHA1, CKM_ECDSA));
d(SIG, "SHA224withECDSA", P11Signature, dA(SIG, "SHA224withECDSA", P11Signature,
s("1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"),
m(CKM_ECDSA)); m(CKM_ECDSA));
d(SIG, "SHA256withECDSA", P11Signature, dA(SIG, "SHA256withECDSA", P11Signature,
s("1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"),
m(CKM_ECDSA)); m(CKM_ECDSA));
d(SIG, "SHA384withECDSA", P11Signature, dA(SIG, "SHA384withECDSA", P11Signature,
s("1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3"),
m(CKM_ECDSA)); m(CKM_ECDSA));
d(SIG, "SHA512withECDSA", P11Signature, dA(SIG, "SHA512withECDSA", P11Signature,
s("1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4"),
m(CKM_ECDSA)); m(CKM_ECDSA));
d(SIG, "NONEwithECDSAinP1363Format", P11Signature, d(SIG, "NONEwithECDSAinP1363Format", P11Signature,
m(CKM_ECDSA)); m(CKM_ECDSA));
@ -767,30 +742,21 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_ECDSA)); m(CKM_ECDSA));
d(SIG, "SHA512withECDSAinP1363Format", P11Signature, d(SIG, "SHA512withECDSAinP1363Format", P11Signature,
m(CKM_ECDSA)); m(CKM_ECDSA));
d(SIG, "MD2withRSA", P11Signature, dA(SIG, "MD2withRSA", P11Signature,
s("1.2.840.113549.1.1.2", "OID.1.2.840.113549.1.1.2"),
m(CKM_MD2_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); m(CKM_MD2_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "MD5withRSA", P11Signature, dA(SIG, "MD5withRSA", P11Signature,
s("1.2.840.113549.1.1.4", "OID.1.2.840.113549.1.1.4"),
m(CKM_MD5_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); m(CKM_MD5_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "SHA1withRSA", P11Signature, dA(SIG, "SHA1withRSA", P11Signature,
s("1.2.840.113549.1.1.5", "OID.1.2.840.113549.1.1.5",
"1.3.14.3.2.29"),
m(CKM_SHA1_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); m(CKM_SHA1_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "SHA224withRSA", P11Signature, dA(SIG, "SHA224withRSA", P11Signature,
s("1.2.840.113549.1.1.14", "OID.1.2.840.113549.1.1.14"),
m(CKM_SHA224_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); m(CKM_SHA224_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "SHA256withRSA", P11Signature, dA(SIG, "SHA256withRSA", P11Signature,
s("1.2.840.113549.1.1.11", "OID.1.2.840.113549.1.1.11"),
m(CKM_SHA256_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); m(CKM_SHA256_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "SHA384withRSA", P11Signature, dA(SIG, "SHA384withRSA", P11Signature,
s("1.2.840.113549.1.1.12", "OID.1.2.840.113549.1.1.12"),
m(CKM_SHA384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); m(CKM_SHA384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "SHA512withRSA", P11Signature, dA(SIG, "SHA512withRSA", P11Signature,
s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"),
m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "RSASSA-PSS", P11PSSSignature, dA(SIG, "RSASSA-PSS", P11PSSSignature,
s("1.2.840.113549.1.1.10", "OID.1.2.840.113549.1.1.10"),
m(CKM_RSA_PKCS_PSS)); m(CKM_RSA_PKCS_PSS));
d(SIG, "SHA1withRSASSA-PSS", P11PSSSignature, d(SIG, "SHA1withRSASSA-PSS", P11PSSSignature,
m(CKM_SHA1_RSA_PKCS_PSS)); m(CKM_SHA1_RSA_PKCS_PSS));
@ -805,7 +771,7 @@ public final class SunPKCS11 extends AuthProvider {
d(KG, "SunTlsRsaPremasterSecret", d(KG, "SunTlsRsaPremasterSecret",
"sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator", "sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator",
s("SunTls12RsaPremasterSecret"), List.of("SunTls12RsaPremasterSecret"),
m(CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_PRE_MASTER_KEY_GEN)); m(CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_PRE_MASTER_KEY_GEN));
d(KG, "SunTlsMasterSecret", d(KG, "SunTlsMasterSecret",
"sun.security.pkcs11.P11TlsMasterSecretGenerator", "sun.security.pkcs11.P11TlsMasterSecretGenerator",
@ -1048,7 +1014,7 @@ public final class SunPKCS11 extends AuthProvider {
if (config.isEnabled(PCKM_KEYSTORE)) { if (config.isEnabled(PCKM_KEYSTORE)) {
putService(new P11Service(token, KS, "PKCS11", putService(new P11Service(token, KS, "PKCS11",
"sun.security.pkcs11.P11KeyStore", "sun.security.pkcs11.P11KeyStore",
s("PKCS11-" + config.getName()), List.of("PKCS11-" + config.getName()),
PCKM_KEYSTORE)); PCKM_KEYSTORE));
} }
return null; return null;
@ -1065,17 +1031,13 @@ public final class SunPKCS11 extends AuthProvider {
private final long mechanism; private final long mechanism;
P11Service(Token token, String type, String algorithm, P11Service(Token token, String type, String algorithm,
String className, String[] al, long mechanism) { String className, List<String> al, long mechanism) {
super(token.provider, type, algorithm, className, toList(al), super(token.provider, type, algorithm, className, al,
type.equals(SR) ? Map.of("ThreadSafe", "true") : null); type.equals(SR) ? Map.of("ThreadSafe", "true") : null);
this.token = token; this.token = token;
this.mechanism = mechanism & 0xFFFFFFFFL; this.mechanism = mechanism & 0xFFFFFFFFL;
} }
private static List<String> toList(String[] aliases) {
return (aliases == null) ? null : Arrays.asList(aliases);
}
public Object newInstance(Object param) public Object newInstance(Object param)
throws NoSuchAlgorithmException { throws NoSuchAlgorithmException {
if (token.isValid() == false) { if (token.isValid() == false) {

99
src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
View file

@ -31,12 +31,10 @@ import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction; import java.security.PrivilegedAction;
import java.security.Provider; import java.security.Provider;
import java.security.ProviderException; import java.security.ProviderException;
import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.regex.Pattern;
import sun.security.ec.ed.EdDSAAlgorithmParameters; import sun.security.ec.ed.EdDSAAlgorithmParameters;
import sun.security.ec.ed.EdDSAKeyFactory; import sun.security.ec.ed.EdDSAKeyFactory;
@ -46,6 +44,7 @@ import sun.security.util.CurveDB;
import sun.security.util.NamedCurve; import sun.security.util.NamedCurve;
import static sun.security.util.SecurityConstants.PROVIDER_VER; import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.util.SecurityProviderConstants.*;
/** /**
* Provider class for the Elliptic Curve provider. * Provider class for the Elliptic Curve provider.
@ -97,6 +96,13 @@ public final class SunEC extends Provider {
return SunEC.disableNative; return SunEC.disableNative;
} }
private static class ProviderServiceA extends ProviderService {
ProviderServiceA(Provider p, String type, String algo, String cn,
HashMap<String, String> attrs) {
super(p, type, algo, cn, getAliases(algo), attrs);
}
}
private static class ProviderService extends Provider.Service { private static class ProviderService extends Provider.Service {
ProviderService(Provider p, String type, String algo, String cn) { ProviderService(Provider p, String type, String algo, String cn) {
@ -104,9 +110,8 @@ public final class SunEC extends Provider {
} }
ProviderService(Provider p, String type, String algo, String cn, ProviderService(Provider p, String type, String algo, String cn,
String[] aliases, HashMap<String, String> attrs) { List<String> aliases, HashMap<String, String> attrs) {
super(p, type, algo, cn, super(p, type, algo, cn, aliases, attrs);
(aliases == null? null : Arrays.asList(aliases)), attrs);
} }
@Override @Override
@ -232,7 +237,7 @@ public final class SunEC extends Provider {
*/ */
putService(new ProviderService(this, "KeyFactory", putService(new ProviderService(this, "KeyFactory",
"EC", "sun.security.ec.ECKeyFactory", "EC", "sun.security.ec.ECKeyFactory",
new String[] { "EllipticCurve" }, ATTRS)); List.of("EllipticCurve"), ATTRS));
/* /*
* Algorithm Parameter engine * Algorithm Parameter engine
@ -240,7 +245,6 @@ public final class SunEC extends Provider {
// "AlgorithmParameters.EC SupportedCurves" prop used by unit test // "AlgorithmParameters.EC SupportedCurves" prop used by unit test
boolean firstCurve = true; boolean firstCurve = true;
StringBuilder names = new StringBuilder(); StringBuilder names = new StringBuilder();
Pattern nameSplitPattern = Pattern.compile(CurveDB.SPLIT_PATTERN);
Collection<? extends NamedCurve> supportedCurves; Collection<? extends NamedCurve> supportedCurves;
if (SunEC.isNativeDisabled()) { if (SunEC.isNativeDisabled()) {
@ -260,10 +264,9 @@ public final class SunEC extends Provider {
} }
names.append("["); names.append("[");
String[] commonNames = namedCurve.getNameAndAliases();
String[] commonNames = nameSplitPattern.split(namedCurve.getName());
for (String commonName : commonNames) { for (String commonName : commonNames) {
names.append(commonName.trim()); names.append(commonName);
names.append(","); names.append(",");
} }
@ -274,10 +277,8 @@ public final class SunEC extends Provider {
HashMap<String, String> apAttrs = new HashMap<>(ATTRS); HashMap<String, String> apAttrs = new HashMap<>(ATTRS);
apAttrs.put("SupportedCurves", names.toString()); apAttrs.put("SupportedCurves", names.toString());
putService(new ProviderService(this, "AlgorithmParameters", putService(new ProviderServiceA(this, "AlgorithmParameters",
"EC", "sun.security.util.ECParameters", "EC", "sun.security.util.ECParameters", apAttrs));
new String[] { "EllipticCurve", "1.2.840.10045.2.1", "OID.1.2.840.10045.2.1" },
apAttrs));
putXDHEntries(); putXDHEntries();
putEdDSAEntries(); putEdDSAEntries();
@ -288,25 +289,20 @@ public final class SunEC extends Provider {
putService(new ProviderService(this, "Signature", putService(new ProviderService(this, "Signature",
"NONEwithECDSA", "sun.security.ec.ECDSASignature$Raw", "NONEwithECDSA", "sun.security.ec.ECDSASignature$Raw",
null, ATTRS)); null, ATTRS));
putService(new ProviderService(this, "Signature", putService(new ProviderServiceA(this, "Signature",
"SHA1withECDSA", "sun.security.ec.ECDSASignature$SHA1", "SHA1withECDSA", "sun.security.ec.ECDSASignature$SHA1",
new String[] { "1.2.840.10045.4.1", "OID.1.2.840.10045.4.1" },
ATTRS)); ATTRS));
putService(new ProviderService(this, "Signature", putService(new ProviderServiceA(this, "Signature",
"SHA224withECDSA", "sun.security.ec.ECDSASignature$SHA224", "SHA224withECDSA", "sun.security.ec.ECDSASignature$SHA224",
new String[] { "1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"},
ATTRS)); ATTRS));
putService(new ProviderService(this, "Signature", putService(new ProviderServiceA(this, "Signature",
"SHA256withECDSA", "sun.security.ec.ECDSASignature$SHA256", "SHA256withECDSA", "sun.security.ec.ECDSASignature$SHA256",
new String[] { "1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"},
ATTRS)); ATTRS));
putService(new ProviderService(this, "Signature", putService(new ProviderServiceA(this, "Signature",
"SHA384withECDSA", "sun.security.ec.ECDSASignature$SHA384", "SHA384withECDSA", "sun.security.ec.ECDSASignature$SHA384",
new String[] { "1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3" },
ATTRS)); ATTRS));
putService(new ProviderService(this, "Signature", putService(new ProviderServiceA(this, "Signature",
"SHA512withECDSA", "sun.security.ec.ECDSASignature$SHA512", "SHA512withECDSA", "sun.security.ec.ECDSASignature$SHA512",
new String[] { "1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4" },
ATTRS)); ATTRS));
putService(new ProviderService(this, "Signature", putService(new ProviderService(this, "Signature",
@ -333,7 +329,7 @@ public final class SunEC extends Provider {
*/ */
putService(new ProviderService(this, "KeyPairGenerator", putService(new ProviderService(this, "KeyPairGenerator",
"EC", "sun.security.ec.ECKeyPairGenerator", "EC", "sun.security.ec.ECKeyPairGenerator",
new String[] { "EllipticCurve" }, ATTRS)); List.of("EllipticCurve"), ATTRS));
/* /*
* Key Agreement engine * Key Agreement engine
@ -350,31 +346,30 @@ public final class SunEC extends Provider {
/* XDH does not require native implementation */ /* XDH does not require native implementation */
putService(new ProviderService(this, "KeyFactory", putService(new ProviderService(this, "KeyFactory",
"XDH", "sun.security.ec.XDHKeyFactory", null, ATTRS)); "XDH", "sun.security.ec.XDHKeyFactory", null, ATTRS));
putService(new ProviderService(this, "KeyFactory", putService(new ProviderServiceA(this, "KeyFactory",
"X25519", "sun.security.ec.XDHKeyFactory.X25519", "X25519", "sun.security.ec.XDHKeyFactory.X25519",
new String[]{"1.3.101.110", "OID.1.3.101.110"}, ATTRS)); ATTRS));
putService(new ProviderService(this, "KeyFactory", putService(new ProviderServiceA(this, "KeyFactory",
"X448", "sun.security.ec.XDHKeyFactory.X448", "X448", "sun.security.ec.XDHKeyFactory.X448",
new String[]{"1.3.101.111", "OID.1.3.101.111"}, ATTRS)); ATTRS));
putService(new ProviderService(this, "KeyPairGenerator", putService(new ProviderService(this, "KeyPairGenerator",
"XDH", "sun.security.ec.XDHKeyPairGenerator", null, ATTRS)); "XDH", "sun.security.ec.XDHKeyPairGenerator", null, ATTRS));
putService(new ProviderService(this, "KeyPairGenerator", putService(new ProviderServiceA(this, "KeyPairGenerator",
"X25519", "sun.security.ec.XDHKeyPairGenerator.X25519", "X25519", "sun.security.ec.XDHKeyPairGenerator.X25519",
new String[]{"1.3.101.110", "OID.1.3.101.110"}, ATTRS)); ATTRS));
putService(new ProviderService(this, "KeyPairGenerator", putService(new ProviderServiceA(this, "KeyPairGenerator",
"X448", "sun.security.ec.XDHKeyPairGenerator.X448", "X448", "sun.security.ec.XDHKeyPairGenerator.X448",
new String[]{"1.3.101.111", "OID.1.3.101.111"}, ATTRS)); ATTRS));
putService(new ProviderService(this, "KeyAgreement", putService(new ProviderService(this, "KeyAgreement",
"XDH", "sun.security.ec.XDHKeyAgreement", null, ATTRS)); "XDH", "sun.security.ec.XDHKeyAgreement", null, ATTRS));
putService(new ProviderService(this, "KeyAgreement", putService(new ProviderServiceA(this, "KeyAgreement",
"X25519", "sun.security.ec.XDHKeyAgreement.X25519", "X25519", "sun.security.ec.XDHKeyAgreement.X25519",
new String[]{"1.3.101.110", "OID.1.3.101.110"}, ATTRS)); ATTRS));
putService(new ProviderService(this, "KeyAgreement", putService(new ProviderServiceA(this, "KeyAgreement",
"X448", "sun.security.ec.XDHKeyAgreement.X448", "X448", "sun.security.ec.XDHKeyAgreement.X448",
new String[]{"1.3.101.111", "OID.1.3.101.111"}, ATTRS)); ATTRS));
} }
private void putEdDSAEntries() { private void putEdDSAEntries() {
@ -385,30 +380,26 @@ public final class SunEC extends Provider {
/* EdDSA does not require native implementation */ /* EdDSA does not require native implementation */
putService(new ProviderService(this, "KeyFactory", putService(new ProviderService(this, "KeyFactory",
"EdDSA", "sun.security.ec.ed.EdDSAKeyFactory", null, ATTRS)); "EdDSA", "sun.security.ec.ed.EdDSAKeyFactory", null, ATTRS));
putService(new ProviderService(this, "KeyFactory", putService(new ProviderServiceA(this, "KeyFactory",
"Ed25519", "sun.security.ec.ed.EdDSAKeyFactory.Ed25519", "Ed25519", "sun.security.ec.ed.EdDSAKeyFactory.Ed25519", ATTRS));
new String[]{"1.3.101.112", "OID.1.3.101.112"}, ATTRS)); putService(new ProviderServiceA(this, "KeyFactory",
putService(new ProviderService(this, "KeyFactory", "Ed448", "sun.security.ec.ed.EdDSAKeyFactory.Ed448", ATTRS));
"Ed448", "sun.security.ec.ed.EdDSAKeyFactory.Ed448",
new String[]{"1.3.101.113", "OID.1.3.101.113"}, ATTRS));
putService(new ProviderService(this, "KeyPairGenerator", putService(new ProviderService(this, "KeyPairGenerator",
"EdDSA", "sun.security.ec.ed.EdDSAKeyPairGenerator", null, ATTRS)); "EdDSA", "sun.security.ec.ed.EdDSAKeyPairGenerator", null, ATTRS));
putService(new ProviderService(this, "KeyPairGenerator", putService(new ProviderServiceA(this, "KeyPairGenerator",
"Ed25519", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed25519", "Ed25519", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed25519",
new String[]{"1.3.101.112", "OID.1.3.101.112"}, ATTRS)); ATTRS));
putService(new ProviderService(this, "KeyPairGenerator", putService(new ProviderServiceA(this, "KeyPairGenerator",
"Ed448", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed448", "Ed448", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed448",
new String[]{"1.3.101.113", "OID.1.3.101.113"}, ATTRS)); ATTRS));
putService(new ProviderService(this, "Signature", putService(new ProviderService(this, "Signature",
"EdDSA", "sun.security.ec.ed.EdDSASignature", null, ATTRS)); "EdDSA", "sun.security.ec.ed.EdDSASignature", null, ATTRS));
putService(new ProviderService(this, "Signature", putService(new ProviderServiceA(this, "Signature",
"Ed25519", "sun.security.ec.ed.EdDSASignature.Ed25519", "Ed25519", "sun.security.ec.ed.EdDSASignature.Ed25519", ATTRS));
new String[]{"1.3.101.112", "OID.1.3.101.112"}, ATTRS)); putService(new ProviderServiceA(this, "Signature",
putService(new ProviderService(this, "Signature", "Ed448", "sun.security.ec.ed.EdDSASignature.Ed448", ATTRS));
"Ed448", "sun.security.ec.ed.EdDSASignature.Ed448",
new String[]{"1.3.101.113", "OID.1.3.101.113"}, ATTRS));
} }
} }

2
src/jdk.crypto.ec/share/classes/sun/security/ec/XECParameters.java
View file

@ -144,7 +144,7 @@ public class XECParameters {
Map<ObjectIdentifier, XECParameters> byOid, Map<ObjectIdentifier, XECParameters> byOid,
Map<String, XECParameters> byName) throws IOException { Map<String, XECParameters> byName) throws IOException {
ObjectIdentifier oid = new ObjectIdentifier(objectId); ObjectIdentifier oid = ObjectIdentifier.of(objectId);
XECParameters params = XECParameters params =
new XECParameters(bits, p, a24, basePoint, logCofactor, oid, name); new XECParameters(bits, p, a24, basePoint, logCofactor, oid, name);
namedParams.put(name.toLowerCase(), oid, bits, params); namedParams.put(name.toLowerCase(), oid, bits, params);

34
src/jdk.crypto.ec/share/classes/sun/security/ec/ed/EdDSAParameters.java
View file

@ -27,6 +27,7 @@ package sun.security.ec.ed;
import sun.security.ec.ParametersMap; import sun.security.ec.ParametersMap;
import sun.security.provider.SHAKE256; import sun.security.provider.SHAKE256;
import sun.security.util.ObjectIdentifier; import sun.security.util.ObjectIdentifier;
import sun.security.util.KnownOIDs;
import sun.security.util.math.*; import sun.security.util.math.*;
import sun.security.util.math.intpoly.*; import sun.security.util.math.intpoly.*;
import sun.security.x509.AlgorithmId; import sun.security.x509.AlgorithmId;
@ -250,7 +251,6 @@ public class EdDSAParameters {
static { static {
// set up Ed25519 // set up Ed25519
try {
IntegerFieldModuloP ed25519Field = new IntegerPolynomial25519(); IntegerFieldModuloP ed25519Field = new IntegerPolynomial25519();
IntegerFieldModuloP ed25519OrderField = new Curve25519OrderField(); IntegerFieldModuloP ed25519OrderField = new Curve25519OrderField();
BigInteger biD = new BigInteger("3709570593466943934313808350875" + BigInteger biD = new BigInteger("3709570593466943934313808350875" +
@ -262,7 +262,7 @@ public class EdDSAParameters {
"475163141307993866256225615783033603165251855960"); "475163141307993866256225615783033603165251855960");
EdECOperations edOps = new Ed25519Operations(d, baseX, baseY); EdECOperations edOps = new Ed25519Operations(d, baseX, baseY);
String name = NamedParameterSpec.ED25519.getName(); String name = NamedParameterSpec.ED25519.getName();
ObjectIdentifier oid = new ObjectIdentifier("1.3.101.112"); ObjectIdentifier oid = ObjectIdentifier.of(KnownOIDs.Ed25519);
int bits = 255; int bits = 255;
DigesterFactory digester = new SHA512DigesterFactory(); DigesterFactory digester = new SHA512DigesterFactory();
EdDSAParameters params = new EdDSAParameters(name, oid, EdDSAParameters params = new EdDSAParameters(name, oid,
@ -271,38 +271,28 @@ public class EdDSAParameters {
namedParams.put(name, oid, bits, params); namedParams.put(name, oid, bits, params);
} catch (IOException ex) {
// Unable to set Ed25519 parameters---it will be disabled
}
// set up Ed448 // set up Ed448
try {
IntegerFieldModuloP ed448Field = new IntegerPolynomial448(); IntegerFieldModuloP ed448Field = new IntegerPolynomial448();
IntegerFieldModuloP ed448OrderField = new Curve448OrderField(); IntegerFieldModuloP ed448OrderField = new Curve448OrderField();
BigInteger biD = ed448Field.getSize().subtract( biD = ed448Field.getSize().subtract(new BigInteger("39081"));
new BigInteger("39081")); d = ed448Field.getElement(biD);
ImmutableIntegerModuloP d = ed448Field.getElement(biD); baseX = new BigInteger("224580040295924300187604334" +
BigInteger baseX = new BigInteger("224580040295924300187604334" +
"099896036246789641632564134246125461686950415467406032909" + "099896036246789641632564134246125461686950415467406032909" +
"029192869357953282578032075146446173674602635247710"); "029192869357953282578032075146446173674602635247710");
BigInteger baseY = new BigInteger("298819210078481492676017930" + baseY = new BigInteger("298819210078481492676017930" +
"443930673437544040154080242095928241372331506189835876003" + "443930673437544040154080242095928241372331506189835876003" +
"536878655418784733982303233503462500531545062832660"); "536878655418784733982303233503462500531545062832660");
EdECOperations edOps = new Ed448Operations(d, baseX, baseY); edOps = new Ed448Operations(d, baseX, baseY);
String name = NamedParameterSpec.ED448.getName(); name = NamedParameterSpec.ED448.getName();
ObjectIdentifier oid = new ObjectIdentifier("1.3.101.113"); oid = ObjectIdentifier.of(KnownOIDs.Ed448);
int bits = 448; bits = 448;
DigesterFactory digester = new SHAKE256DigesterFactory(); digester = new SHAKE256DigesterFactory();
EdDSAParameters params = new EdDSAParameters(name, oid, params = new EdDSAParameters(name, oid,
ed448Field, ed448OrderField, d, edOps, ed448Field, ed448OrderField, d, edOps,
digester, EdDSAParameters::dom4, 57, bits, 2); digester, EdDSAParameters::dom4, 57, bits, 2);
namedParams.put(name, oid, bits, params); namedParams.put(name, oid, bits, params);
} catch (IOException ex) {
// Unable to set Ed448 parameters---it will be disabled
}
namedParams.fix(); namedParams.fix();
} }

69
src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/SunMSCAPI.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -32,9 +32,10 @@ import java.security.NoSuchAlgorithmException;
import java.security.InvalidParameterException; import java.security.InvalidParameterException;
import java.security.ProviderException; import java.security.ProviderException;
import java.util.HashMap; import java.util.HashMap;
import java.util.Arrays; import java.util.List;
import static sun.security.util.SecurityConstants.PROVIDER_VER; import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.util.SecurityProviderConstants.getAliases;
/** /**
* A Cryptographic Service Provider for the Microsoft Crypto API. * A Cryptographic Service Provider for the Microsoft Crypto API.
@ -56,16 +57,21 @@ public final class SunMSCAPI extends Provider {
} }
}); });
} }
private static class ProviderServiceA extends ProviderService {
ProviderServiceA(Provider p, String type, String algo, String cn,
HashMap<String, String> attrs) {
super(p, type, algo, cn, getAliases(algo), attrs);
}
}
private static final class ProviderService extends Provider.Service { private static class ProviderService extends Provider.Service {
ProviderService(Provider p, String type, String algo, String cn) { ProviderService(Provider p, String type, String algo, String cn) {
super(p, type, algo, cn, null, null); super(p, type, algo, cn, null, null);
} }
ProviderService(Provider p, String type, String algo, String cn, ProviderService(Provider p, String type, String algo, String cn,
String[] aliases, HashMap<String, String> attrs) { List<String> aliases, HashMap<String, String> attrs) {
super(p, type, algo, cn, super(p, type, algo, cn, aliases, attrs);
(aliases == null? null : Arrays.asList(aliases)), attrs);
} }
@Override @Override
@ -176,21 +182,20 @@ public final class SunMSCAPI extends Provider {
putService(new ProviderService(p, "Signature", putService(new ProviderService(p, "Signature",
"SHA1withRSA", "sun.security.mscapi.CSignature$SHA1withRSA", "SHA1withRSA", "sun.security.mscapi.CSignature$SHA1withRSA",
null, attrs)); null, attrs));
putService(new ProviderService(p, "Signature", putService(new ProviderServiceA(p, "Signature",
"SHA256withRSA", "sun.security.mscapi.CSignature$SHA256withRSA", "SHA256withRSA",
new String[] { "1.2.840.113549.1.1.11", "OID.1.2.840.113549.1.1.11" }, "sun.security.mscapi.CSignature$SHA256withRSA",
attrs)); attrs));
putService(new ProviderService(p, "Signature", putService(new ProviderServiceA(p, "Signature",
"SHA384withRSA", "sun.security.mscapi.CSignature$SHA384withRSA", "SHA384withRSA",
new String[] { "1.2.840.113549.1.1.12", "OID.1.2.840.113549.1.1.12" }, "sun.security.mscapi.CSignature$SHA384withRSA",
attrs)); attrs));
putService(new ProviderService(p, "Signature", putService(new ProviderServiceA(p, "Signature",
"SHA512withRSA", "sun.security.mscapi.CSignature$SHA512withRSA", "SHA512withRSA",
new String[] { "1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13" }, "sun.security.mscapi.CSignature$SHA512withRSA",
attrs)); attrs));
putService(new ProviderService(p, "Signature", putService(new ProviderServiceA(p, "Signature",
"RSASSA-PSS", "sun.security.mscapi.CSignature$PSS", "RSASSA-PSS", "sun.security.mscapi.CSignature$PSS",
new String[] { "1.2.840.113549.1.1.10", "OID.1.2.840.113549.1.1.10" },
attrs)); attrs));
putService(new ProviderService(p, "Signature", putService(new ProviderService(p, "Signature",
"MD5withRSA", "sun.security.mscapi.CSignature$MD5withRSA", "MD5withRSA", "sun.security.mscapi.CSignature$MD5withRSA",
@ -198,25 +203,25 @@ public final class SunMSCAPI extends Provider {
putService(new ProviderService(p, "Signature", putService(new ProviderService(p, "Signature",
"MD2withRSA", "sun.security.mscapi.CSignature$MD2withRSA", "MD2withRSA", "sun.security.mscapi.CSignature$MD2withRSA",
null, attrs)); null, attrs));
putService(new ProviderService(p, "Signature", putService(new ProviderServiceA(p, "Signature",
"SHA1withECDSA", "sun.security.mscapi.CSignature$SHA1withECDSA", "SHA1withECDSA",
new String[] { "1.2.840.10045.4.1", "OID.1.2.840.10045.4.1" }, "sun.security.mscapi.CSignature$SHA1withECDSA",
attrs)); attrs));
putService(new ProviderService(p, "Signature", putService(new ProviderServiceA(p, "Signature",
"SHA224withECDSA", "sun.security.mscapi.CSignature$SHA224withECDSA", "SHA224withECDSA",
new String[] { "1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"}, "sun.security.mscapi.CSignature$SHA224withECDSA",
attrs)); attrs));
putService(new ProviderService(p, "Signature", putService(new ProviderServiceA(p, "Signature",
"SHA256withECDSA", "sun.security.mscapi.CSignature$SHA256withECDSA", "SHA256withECDSA",
new String[] { "1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"}, "sun.security.mscapi.CSignature$SHA256withECDSA",
attrs)); attrs));
putService(new ProviderService(p, "Signature", putService(new ProviderServiceA(p, "Signature",
"SHA384withECDSA", "sun.security.mscapi.CSignature$SHA384withECDSA", "SHA384withECDSA",
new String[] { "1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3"}, "sun.security.mscapi.CSignature$SHA384withECDSA",
attrs)); attrs));
putService(new ProviderService(p, "Signature", putService(new ProviderServiceA(p, "Signature",
"SHA512withECDSA", "sun.security.mscapi.CSignature$SHA512withECDSA", "SHA512withECDSA",
new String[] { "1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4"}, "sun.security.mscapi.CSignature$SHA512withECDSA",
attrs)); attrs));
/* /*
* Key Pair Generator engines * Key Pair Generator engines

22
src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/LibMDMech.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package com.oracle.security.ucrypto; package com.oracle.security.ucrypto;
import java.util.List;
import static sun.security.util.SecurityProviderConstants.getAliases;
/** /**
* Enum for representing the ucrypto mechanisms. * Enum for representing the ucrypto mechanisms.
* *
@ -36,25 +39,30 @@ public enum LibMDMech {
{ sd("MessageDigest", "MD5", "com.oracle.security.ucrypto.NativeDigestMD$MD5") { sd("MessageDigest", "MD5", "com.oracle.security.ucrypto.NativeDigestMD$MD5")
}), }),
SHA_1(new ServiceDesc[] SHA_1(new ServiceDesc[]
{ sd("MessageDigest", "SHA", "com.oracle.security.ucrypto.NativeDigestMD$SHA1", { sd("MessageDigest", "SHA-1", "com.oracle.security.ucrypto.NativeDigestMD$SHA1",
"SHA-1", "SHA1") getAliases("SHA-1"))
}), }),
SHA_256(new ServiceDesc[] SHA_256(new ServiceDesc[]
{ sd("MessageDigest", "SHA-256", "com.oracle.security.ucrypto.NativeDigestMD$SHA256", { sd("MessageDigest", "SHA-256", "com.oracle.security.ucrypto.NativeDigestMD$SHA256",
"2.16.840.1.101.3.4.2.1", "OID.2.16.840.1.101.3.4.2.1") getAliases("SHA-256"))
}), }),
SHA_384(new ServiceDesc[] SHA_384(new ServiceDesc[]
{ sd("MessageDigest", "SHA-384", "com.oracle.security.ucrypto.NativeDigestMD$SHA384", { sd("MessageDigest", "SHA-384", "com.oracle.security.ucrypto.NativeDigestMD$SHA384",
"2.16.840.1.101.3.4.2.2", "OID.2.16.840.1.101.3.4.2.2") getAliases("SHA-384"))
}), }),
SHA_512(new ServiceDesc[] SHA_512(new ServiceDesc[]
{ sd("MessageDigest", "SHA-512", "com.oracle.security.ucrypto.NativeDigestMD$SHA512", { sd("MessageDigest", "SHA-512", "com.oracle.security.ucrypto.NativeDigestMD$SHA512",
"2.16.840.1.101.3.4.2.3", "OID.2.16.840.1.101.3.4.2.3") getAliases("SHA-512"))
}); });
ServiceDesc[] serviceDescs; ServiceDesc[] serviceDescs;
private static ServiceDesc sd(String type, String algo, String cn, String... aliases) { private static ServiceDesc sd(String type, String algo, String cn) {
return new ServiceDesc(type, algo, cn, null);
}
private static ServiceDesc sd(String type, String algo, String cn,
List<String> aliases) {
return new ServiceDesc(type, algo, cn, aliases); return new ServiceDesc(type, algo, cn, aliases);
} }

10
src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/ServiceDesc.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -42,15 +42,11 @@ final class ServiceDesc {
this(type, algo, cn, null); this(type, algo, cn, null);
} }
ServiceDesc(String type, String algo, String cn, String[] aliases) { ServiceDesc(String type, String algo, String cn, List<String> aliases) {
this.type = type; this.type = type;
this.algo = algo; this.algo = algo;
this.cn = cn; this.cn = cn;
if (aliases != null) { this.aliases = aliases;
this.aliases = Arrays.asList(aliases);
} else {
this.aliases = null;
}
} }
String getType() { String getType() {
return type; return type;

116
src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoMech.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package com.oracle.security.ucrypto; package com.oracle.security.ucrypto;
import java.util.List;
import static sun.security.util.SecurityProviderConstants.getAliases;
/** /**
* Enum for representing the ucrypto mechanisms. * Enum for representing the ucrypto mechanisms.
* *
@ -36,23 +39,23 @@ public enum UcryptoMech {
CRYPTO_AES_ECB(new ServiceDesc[] CRYPTO_AES_ECB(new ServiceDesc[]
{ sd("Cipher", "AES/ECB/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding"), { sd("Cipher", "AES/ECB/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding"),
sd("Cipher", "AES/ECB/PKCS5Padding", "com.oracle.security.ucrypto.NativeCipherWithJavaPadding$AesEcbPKCS5", sd("Cipher", "AES/ECB/PKCS5Padding", "com.oracle.security.ucrypto.NativeCipherWithJavaPadding$AesEcbPKCS5",
"AES"), List.of("AES")),
sd("Cipher", "AES_128/ECB/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding", sdA("Cipher", "AES_128/ECB/NoPadding",
"2.16.840.1.101.3.4.1.1", "OID.2.16.840.1.101.3.4.1.1"), "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding"),
sd("Cipher", "AES_192/ECB/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding", sdA("Cipher", "AES_192/ECB/NoPadding",
"2.16.840.1.101.3.4.1.21", "OID.2.16.840.1.101.3.4.1.21"), "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding"),
sd("Cipher", "AES_256/ECB/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding", sdA("Cipher", "AES_256/ECB/NoPadding",
"2.16.840.1.101.3.4.1.41", "OID.2.16.840.1.101.3.4.1.41") "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding")
}), }),
CRYPTO_AES_CBC(new ServiceDesc[] CRYPTO_AES_CBC(new ServiceDesc[]
{ sd("Cipher", "AES/CBC/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding"), { sd("Cipher", "AES/CBC/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding"),
sd("Cipher", "AES/CBC/PKCS5Padding", "com.oracle.security.ucrypto.NativeCipherWithJavaPadding$AesCbcPKCS5"), sd("Cipher", "AES/CBC/PKCS5Padding", "com.oracle.security.ucrypto.NativeCipherWithJavaPadding$AesCbcPKCS5"),
sd("Cipher", "AES_128/CBC/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding", sdA("Cipher", "AES_128/CBC/NoPadding",
"2.16.840.1.101.3.4.1.2", "OID.2.16.840.1.101.3.4.1.2"), "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding"),
sd("Cipher", "AES_192/CBC/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding", sdA("Cipher", "AES_192/CBC/NoPadding",
"2.16.840.1.101.3.4.1.22", "OID.2.16.840.1.101.3.4.1.22"), "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding"),
sd("Cipher", "AES_256/CBC/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding", sdA("Cipher", "AES_256/CBC/NoPadding",
"2.16.840.1.101.3.4.1.42", "OID.2.16.840.1.101.3.4.1.42") "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding")
}), }),
// CRYPTO_AES_CBC_PAD(null), // Support added since S11.1; however we still use CRYPTO_AES_CBC due to known bug // CRYPTO_AES_CBC_PAD(null), // Support added since S11.1; however we still use CRYPTO_AES_CBC due to known bug
CRYPTO_AES_CTR(new ServiceDesc[] CRYPTO_AES_CTR(new ServiceDesc[]
@ -60,12 +63,12 @@ public enum UcryptoMech {
// CRYPTO_AES_CCM(null), // Need Java API for CK_AES_CCM_PARAMS // CRYPTO_AES_CCM(null), // Need Java API for CK_AES_CCM_PARAMS
CRYPTO_AES_GCM(new ServiceDesc[] CRYPTO_AES_GCM(new ServiceDesc[]
{ sd("Cipher", "AES/GCM/NoPadding", "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding"), { sd("Cipher", "AES/GCM/NoPadding", "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding"),
sd("Cipher", "AES_128/GCM/NoPadding", "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding", sdA("Cipher", "AES_128/GCM/NoPadding",
"2.16.840.1.101.3.4.1.6", "OID.2.16.840.1.101.3.4.1.6"), "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding"),
sd("Cipher", "AES_192/GCM/NoPadding", "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding", sdA("Cipher", "AES_192/GCM/NoPadding",
"2.16.840.1.101.3.4.1.26", "OID.2.16.840.1.101.3.4.1.26"), "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding"),
sd("Cipher", "AES_256/GCM/NoPadding", "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding", sdA("Cipher", "AES_256/GCM/NoPadding",
"2.16.840.1.101.3.4.1.46", "OID.2.16.840.1.101.3.4.1.46") "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding")
}), }),
// CRYPTO_AES_GMAC(null), // No support from Solaris // CRYPTO_AES_GMAC(null), // No support from Solaris
CRYPTO_AES_CFB128(new ServiceDesc[] CRYPTO_AES_CFB128(new ServiceDesc[]
@ -75,76 +78,87 @@ public enum UcryptoMech {
CRYPTO_RSA_PKCS(new ServiceDesc[] CRYPTO_RSA_PKCS(new ServiceDesc[]
{ sd("Cipher", "RSA/ECB/PKCS1Padding", "com.oracle.security.ucrypto.NativeRSACipher$PKCS1Padding", { sd("Cipher", "RSA/ECB/PKCS1Padding", "com.oracle.security.ucrypto.NativeRSACipher$PKCS1Padding",
"RSA") List.of("RSA"))
}), }),
CRYPTO_RSA_X_509(new ServiceDesc[] CRYPTO_RSA_X_509(new ServiceDesc[]
{ sd("Cipher", "RSA/ECB/NoPadding", "com.oracle.security.ucrypto.NativeRSACipher$NoPadding") }), { sd("Cipher", "RSA/ECB/NoPadding", "com.oracle.security.ucrypto.NativeRSACipher$NoPadding") }),
CRYPTO_MD5_RSA_PKCS(new ServiceDesc[] CRYPTO_MD5_RSA_PKCS(new ServiceDesc[]
{ sd("Signature", "MD5withRSA", "com.oracle.security.ucrypto.NativeRSASignature$MD5", { sdA("Signature", "MD5withRSA",
"1.2.840.113549.1.1.4", "OID.1.2.840.113549.1.1.4") "com.oracle.security.ucrypto.NativeRSASignature$MD5")
}), }),
CRYPTO_SHA1_RSA_PKCS(new ServiceDesc[] CRYPTO_SHA1_RSA_PKCS(new ServiceDesc[]
{ sd("Signature", "SHA1withRSA", "com.oracle.security.ucrypto.NativeRSASignature$SHA1", { sdA("Signature", "SHA1withRSA",
"1.2.840.113549.1.1.5", "OID.1.2.840.113549.1.1.5", "com.oracle.security.ucrypto.NativeRSASignature$SHA1")
"1.3.14.3.2.29")
}), }),
CRYPTO_SHA256_RSA_PKCS(new ServiceDesc[] CRYPTO_SHA256_RSA_PKCS(new ServiceDesc[]
{ sd("Signature", "SHA256withRSA", "com.oracle.security.ucrypto.NativeRSASignature$SHA256", { sdA("Signature", "SHA256withRSA",
"1.2.840.113549.1.1.11", "OID.1.2.840.113549.1.1.11") "com.oracle.security.ucrypto.NativeRSASignature$SHA256")
}), }),
CRYPTO_SHA384_RSA_PKCS(new ServiceDesc[] CRYPTO_SHA384_RSA_PKCS(new ServiceDesc[]
{ sd("Signature", "SHA384withRSA", "com.oracle.security.ucrypto.NativeRSASignature$SHA384", { sdA("Signature", "SHA384withRSA",
"1.2.840.113549.1.1.12", "OID.1.2.840.113549.1.1.12") "com.oracle.security.ucrypto.NativeRSASignature$SHA384")
}), }),
CRYPTO_SHA512_RSA_PKCS(new ServiceDesc[] CRYPTO_SHA512_RSA_PKCS(new ServiceDesc[]
{ sd("Signature", "SHA512withRSA", "com.oracle.security.ucrypto.NativeRSASignature$SHA512", { sdA("Signature", "SHA512withRSA",
"1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13") "com.oracle.security.ucrypto.NativeRSASignature$SHA512")
}), }),
CRYPTO_MD5(new ServiceDesc[] CRYPTO_MD5(new ServiceDesc[]
{ sd("MessageDigest", "MD5", "com.oracle.security.ucrypto.NativeDigest$MD5") }), { sd("MessageDigest", "MD5", "com.oracle.security.ucrypto.NativeDigest$MD5")
}),
CRYPTO_SHA1(new ServiceDesc[] CRYPTO_SHA1(new ServiceDesc[]
{ sd("MessageDigest", "SHA", "com.oracle.security.ucrypto.NativeDigest$SHA1", "SHA-1", "SHA1") }), { sdA("MessageDigest", "SHA-1",
"com.oracle.security.ucrypto.NativeDigest$SHA1")
}),
CRYPTO_SHA224(new ServiceDesc[] CRYPTO_SHA224(new ServiceDesc[]
{ sd("MessageDigest", "SHA-224", "com.oracle.security.ucrypto.NativeDigest$SHA224", { sdA("MessageDigest", "SHA-224",
"2.16.840.1.101.3.4.2.4", "OID.2.16.840.1.101.3.4.2.4") "com.oracle.security.ucrypto.NativeDigest$SHA224")
}), }),
CRYPTO_SHA256(new ServiceDesc[] CRYPTO_SHA256(new ServiceDesc[]
{ sd("MessageDigest", "SHA-256", "com.oracle.security.ucrypto.NativeDigest$SHA256", { sdA("MessageDigest", "SHA-256",
"2.16.840.1.101.3.4.2.1", "OID.2.16.840.1.101.3.4.2.1") "com.oracle.security.ucrypto.NativeDigest$SHA256")
}), }),
CRYPTO_SHA384(new ServiceDesc[] CRYPTO_SHA384(new ServiceDesc[]
{ sd("MessageDigest", "SHA-384", "com.oracle.security.ucrypto.NativeDigest$SHA384", { sdA("MessageDigest", "SHA-384",
"2.16.840.1.101.3.4.2.2", "OID.2.16.840.1.101.3.4.2.2") "com.oracle.security.ucrypto.NativeDigest$SHA384")
}), }),
CRYPTO_SHA512(new ServiceDesc[] CRYPTO_SHA512(new ServiceDesc[]
{ sd("MessageDigest", "SHA-512", "com.oracle.security.ucrypto.NativeDigest$SHA512", { sdA("MessageDigest", "SHA-512",
"2.16.840.1.101.3.4.2.3", "OID.2.16.840.1.101.3.4.2.3") "com.oracle.security.ucrypto.NativeDigest$SHA512")
}), }),
CRYPTO_SHA3_224(new ServiceDesc[] CRYPTO_SHA3_224(new ServiceDesc[]
{ sd("MessageDigest", "SHA3-224", "com.oracle.security.ucrypto.NativeDigest$SHA3_224", { sdA("MessageDigest", "SHA3-224",
"2.16.840.1.101.3.4.2.7", "OID.2.16.840.1.101.3.4.2.7") "com.oracle.security.ucrypto.NativeDigest$SHA3_224")
}), }),
CRYPTO_SHA3_256(new ServiceDesc[] CRYPTO_SHA3_256(new ServiceDesc[]
{ sd("MessageDigest", "SHA3-256", "com.oracle.security.ucrypto.NativeDigest$SHA3_256", { sdA("MessageDigest", "SHA3-256",
"2.16.840.1.101.3.4.2.8", "OID.2.16.840.1.101.3.4.2.8") "com.oracle.security.ucrypto.NativeDigest$SHA3_256")
}), }),
CRYPTO_SHA3_384(new ServiceDesc[] CRYPTO_SHA3_384(new ServiceDesc[]
{ sd("MessageDigest", "SHA3-384", "com.oracle.security.ucrypto.NativeDigest$SHA3_384", { sdA("MessageDigest", "SHA3-384",
"2.16.840.1.101.3.4.2.9", "OID.2.16.840.1.101.3.4.2.9") "com.oracle.security.ucrypto.NativeDigest$SHA3_384")
}), }),
CRYPTO_SHA3_512(new ServiceDesc[] CRYPTO_SHA3_512(new ServiceDesc[]
{ sd("MessageDigest", "SHA3-512", "com.oracle.security.ucrypto.NativeDigest$SHA3_512", { sdA("MessageDigest", "SHA3-512",
"2.16.840.1.101.3.4.2.10", "OID.2.16.840.1.101.3.4.2.10") "com.oracle.security.ucrypto.NativeDigest$SHA3_512")
}); });
private int mech = 0; private int mech = 0;
private final ServiceDesc[] serviceDescs; private final ServiceDesc[] serviceDescs;
private static ServiceDesc sd(String type, String algo, String cn, String... aliases) { private static ServiceDesc sd(String type, String algo, String cn) {
return new ServiceDesc(type, algo, cn, null);
}
private static ServiceDesc sd(String type, String algo, String cn,
List<String> aliases) {
return new ServiceDesc(type, algo, cn, aliases); return new ServiceDesc(type, algo, cn, aliases);
} }
private static ServiceDesc sdA(String type, String algo, String cn) {
return new ServiceDesc(type, algo, cn, getAliases(algo));
}
UcryptoMech(ServiceDesc[] serviceDescs) { UcryptoMech(ServiceDesc[] serviceDescs) {
this.serviceDescs = serviceDescs; this.serviceDescs = serviceDescs;
} }

8
src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoProvider.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -32,7 +32,6 @@ import java.util.*;
import java.security.*; import java.security.*;
import static sun.security.util.SecurityConstants.PROVIDER_VER; import static sun.security.util.SecurityConstants.PROVIDER_VER;
/** /**
* OracleUcrypto provider main class. * OracleUcrypto provider main class.
* *
@ -134,9 +133,8 @@ public final class UcryptoProvider extends Provider {
} }
} }
private static ServiceDesc sd(String type, String algo, String cn, private static ServiceDesc sd(String type, String algo, String cn) {
String... aliases) { return new ServiceDesc(type, algo, cn, null);
return new ServiceDesc(type, algo, cn, aliases);
} }
private static final class ProviderService extends Provider.Service { private static final class ProviderService extends Provider.Service {

22
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java
View file

@ -48,25 +48,11 @@ import sun.security.x509.*;
@SuppressWarnings("removal") @SuppressWarnings("removal")
public final class TimestampedSigner extends ContentSigner { public final class TimestampedSigner extends ContentSigner {
/*
* Object identifier for the subject information access X.509 certificate
* extension.
*/
private static final String SUBJECT_INFO_ACCESS_OID = "1.3.6.1.5.5.7.1.11";
/* /*
* Object identifier for the timestamping access descriptors. * Object identifier for the timestamping access descriptors.
*/ */
private static final ObjectIdentifier AD_TIMESTAMPING_Id; private static final ObjectIdentifier AD_TIMESTAMPING_Id =
static { ObjectIdentifier.of(KnownOIDs.AD_TimeStamping);
ObjectIdentifier tmp = null;
try {
tmp = new ObjectIdentifier("1.3.6.1.5.5.7.48.3");
} catch (IOException e) {
// ignore
}
AD_TIMESTAMPING_Id = tmp;
}
/** /**
* Instantiates a content signer that supports timestamped signatures. * Instantiates a content signer that supports timestamped signatures.
@ -155,8 +141,8 @@ public final class TimestampedSigner extends ContentSigner {
} }
// Parse the extensions // Parse the extensions
try { try {
byte[] extensionValue = byte[] extensionValue = tsaCertificate.getExtensionValue
tsaCertificate.getExtensionValue(SUBJECT_INFO_ACCESS_OID); (KnownOIDs.SubjectInfoAccess.value());
if (extensionValue == null) { if (extensionValue == null) {
return null; return null;
} }

4
test/jdk/java/security/testlibrary/CertificateBuilder.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -322,7 +322,7 @@ public class CertificateBuilder {
if (!ekuOids.isEmpty()) { if (!ekuOids.isEmpty()) {
Vector<ObjectIdentifier> oidVector = new Vector<>(); Vector<ObjectIdentifier> oidVector = new Vector<>();
for (String oid : ekuOids) { for (String oid : ekuOids) {
oidVector.add(new ObjectIdentifier(oid)); oidVector.add(ObjectIdentifier.of(oid));
} }
addExtension(new ExtendedKeyUsageExtension(oidVector)); addExtension(new ExtendedKeyUsageExtension(oidVector));
} }

9
test/jdk/java/security/testlibrary/SimpleOCSPServer.java
View file

@ -45,11 +45,7 @@ import sun.security.provider.certpath.ResponderId;
import sun.security.provider.certpath.CertId; import sun.security.provider.certpath.CertId;
import sun.security.provider.certpath.OCSPResponse; import sun.security.provider.certpath.OCSPResponse;
import sun.security.provider.certpath.OCSPResponse.ResponseStatus; import sun.security.provider.certpath.OCSPResponse.ResponseStatus;
import sun.security.util.Debug; import sun.security.util.*;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
/** /**
@ -59,7 +55,8 @@ import sun.security.util.ObjectIdentifier;
public class SimpleOCSPServer { public class SimpleOCSPServer {
private final Debug debug = Debug.getInstance("oserv"); private final Debug debug = Debug.getInstance("oserv");
private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID = private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.1"); ObjectIdentifier.of(KnownOIDs.OCSPBasicResponse);
private static final SimpleDateFormat utcDateFmt = private static final SimpleDateFormat utcDateFmt =
new SimpleDateFormat("MMM dd yyyy, HH:mm:ss z"); new SimpleDateFormat("MMM dd yyyy, HH:mm:ss z");

8
test/jdk/sun/security/jgss/spnego/NotPreferredMech.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/* /*
* @test * @test
* @bug 8048194 * @bug 8048194 8242151
* @modules java.base/sun.security.util * @modules java.base/sun.security.util
* java.security.jgss/sun.security.jgss * java.security.jgss/sun.security.jgss
* java.security.jgss/sun.security.jgss.spnego:+open * java.security.jgss/sun.security.jgss.spnego:+open
@ -57,7 +57,7 @@ public class NotPreferredMech {
mechTypeList.write(DerValue.tag_Sequence, mech); mechTypeList.write(DerValue.tag_Sequence, mech);
// Generates a NegTokenInit mechToken field for 1.2.3.4 mech // Generates a NegTokenInit mechToken field for 1.2.3.4 mech
GSSHeader h1 = new GSSHeader(new ObjectIdentifier("1.2.3.4"), 1); GSSHeader h1 = new GSSHeader(ObjectIdentifier.of("1.2.3.4"), 1);
ByteArrayOutputStream bout = new ByteArrayOutputStream(); ByteArrayOutputStream bout = new ByteArrayOutputStream();
h1.encode(bout); h1.encode(bout);
bout.write(new byte[1]); bout.write(new byte[1]);
@ -78,7 +78,7 @@ public class NotPreferredMech {
// and wraps it into a GSSToken // and wraps it into a GSSToken
GSSHeader h = new GSSHeader( GSSHeader h = new GSSHeader(
new ObjectIdentifier(GSSUtil.GSS_SPNEGO_MECH_OID.toString()), ObjectIdentifier.of(GSSUtil.GSS_SPNEGO_MECH_OID.toString()),
spnegoToken.length); spnegoToken.length);
bout = new ByteArrayOutputStream(); bout = new ByteArrayOutputStream();
h.encode(bout); h.encode(bout);

6
test/jdk/sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/* /*
* @test * @test
* @bug 8048357 * @bug 8048357 8242151
* @summary test DER encoding of PKCS10 attributes * @summary test DER encoding of PKCS10 attributes
* @modules java.base/sun.security.pkcs * @modules java.base/sun.security.pkcs
* java.base/sun.security.pkcs10 * java.base/sun.security.pkcs10
@ -62,7 +62,7 @@ public class PKCS10AttrEncoding {
// initializations // initializations
int len = ids.length; int len = ids.length;
Object[] values = { Object[] values = {
new ObjectIdentifier("1.2.3.4"), ObjectIdentifier.of("1.2.3.4"),
new GregorianCalendar(1970, 1, 25, 8, 56, 7).getTime(), new GregorianCalendar(1970, 1, 25, 8, 56, 7).getTime(),
"challenging" "challenging"
}; };

6
test/jdk/sun/security/pkcs/pkcs10/PKCS10AttributeReader.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/* /*
* @test * @test
* @bug 8048357 * @bug 8048357 8242151
* @summary Read in a file containing a DER encoded PKCS10 certificate request, * @summary Read in a file containing a DER encoded PKCS10 certificate request,
* flanked with "begin" and "end" lines. * flanked with "begin" and "end" lines.
* @modules java.base/sun.security.pkcs * @modules java.base/sun.security.pkcs
@ -86,7 +86,7 @@ public class PKCS10AttributeReader {
put(PKCS9Attribute.CHALLENGE_PASSWORD_OID, "GuessWhoAmI"); put(PKCS9Attribute.CHALLENGE_PASSWORD_OID, "GuessWhoAmI");
put(PKCS9Attribute.SIGNING_TIME_OID, new Date(861720610000L)); put(PKCS9Attribute.SIGNING_TIME_OID, new Date(861720610000L));
put(PKCS9Attribute.CONTENT_TYPE_OID, put(PKCS9Attribute.CONTENT_TYPE_OID,
new ObjectIdentifier("1.9.50.51.52")); ObjectIdentifier.of("1.9.50.51.52"));
} }
}; };

8
test/jdk/sun/security/pkcs/pkcs9/UnknownAttribute.java
View file

@ -23,7 +23,7 @@
/* /*
* @test * @test
* @bug 8011867 * @bug 8011867 8242151
* @summary Accept unknown PKCS #9 attributes * @summary Accept unknown PKCS #9 attributes
* @library /test/lib * @library /test/lib
* @modules java.base/sun.security.pkcs * @modules java.base/sun.security.pkcs
@ -43,7 +43,7 @@ public class UnknownAttribute {
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
// Unknown attr // Unknown attr
PKCS9Attribute p1 = new PKCS9Attribute( PKCS9Attribute p1 = new PKCS9Attribute(
PKCS9Attribute.CHALLENGE_PASSWORD_STR, "t0p5ecr3t"); PKCS9Attribute.CHALLENGE_PASSWORD_OID, "t0p5ecr3t");
if (!p1.isKnown()) { if (!p1.isKnown()) {
throw new Exception(); throw new Exception();
} }
@ -65,13 +65,13 @@ public class UnknownAttribute {
} }
// Unknown attr from value // Unknown attr from value
try { try {
new PKCS9Attribute(new ObjectIdentifier("1.2.3"), "hello"); new PKCS9Attribute(ObjectIdentifier.of("1.2.3"), "hello");
throw new Exception(); throw new Exception();
} catch (IllegalArgumentException iae) { } catch (IllegalArgumentException iae) {
// Good. Unknown attr must have byte[] value type // Good. Unknown attr must have byte[] value type
} }
PKCS9Attribute p3 = new PKCS9Attribute( PKCS9Attribute p3 = new PKCS9Attribute(
new ObjectIdentifier("1.2.3"), new byte[]{0x31,0x02,0x05,0x00}); ObjectIdentifier.of("1.2.3"), new byte[]{0x31,0x02,0x05,0x00});
if (p3.isKnown()) { if (p3.isKnown()) {
throw new Exception(); throw new Exception();
} }

6
test/jdk/sun/security/pkcs12/PKCS12SameKeyId.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/* /*
* @test * @test
* @bug 6958026 * @bug 6958026 8242151
* @summary Problem with PKCS12 keystore * @summary Problem with PKCS12 keystore
* @modules java.base/sun.security.pkcs * @modules java.base/sun.security.pkcs
* java.base/sun.security.tools.keytool * java.base/sun.security.tools.keytool
@ -75,7 +75,7 @@ public class PKCS12SameKeyId {
AlgorithmParameters.getInstance("PBEWithSHA1AndDESede"); AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024)); algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
AlgorithmId algid = new AlgorithmId( AlgorithmId algid = new AlgorithmId(
new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams); ObjectIdentifier.of("1.2.840.113549.1.12.1.3"), algParams);
PBEKeySpec keySpec = new PBEKeySpec(PASSWORD); PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE"); SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");

76
test/jdk/sun/security/pkcs12/ParamsPreferences.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -32,14 +32,14 @@ import java.util.List;
import static jdk.test.lib.security.DerUtils.*; import static jdk.test.lib.security.DerUtils.*;
import static sun.security.pkcs.ContentInfo.DATA_OID; import static sun.security.pkcs.ContentInfo.DATA_OID;
import static sun.security.pkcs.ContentInfo.ENCRYPTED_DATA_OID; import static sun.security.pkcs.ContentInfo.ENCRYPTED_DATA_OID;
import static sun.security.x509.AlgorithmId.*; import sun.security.util.ObjectIdentifier;
import sun.security.util.KnownOIDs;
/* /*
* @test * @test
* @bug 8076190 * @bug 8076190 8242151
* @library /test/lib * @library /test/lib
* @modules java.base/sun.security.pkcs * @modules java.base/sun.security.pkcs
* java.base/sun.security.x509
* java.base/sun.security.util * java.base/sun.security.util
* @summary Checks the preferences order of pkcs12 params * @summary Checks the preferences order of pkcs12 params
*/ */
@ -50,16 +50,16 @@ public class ParamsPreferences {
// with storepass // with storepass
test(c++, "-", "-", test(c++, "-", "-",
pbeWithSHA1AndRC2_40_oid, 50000, oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
pbeWithSHA1AndDESede_oid, 50000, oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
SHA_oid, 100000); oid(KnownOIDs.SHA_1), 100000);
// password-less with system property // password-less with system property
test(c++, "keystore.pkcs12.certProtectionAlgorithm", "NONE", test(c++, "keystore.pkcs12.certProtectionAlgorithm", "NONE",
"keystore.pkcs12.macAlgorithm", "NONE", "keystore.pkcs12.macAlgorithm", "NONE",
"-", "-", "-", "-",
null, 0, null, 0,
pbeWithSHA1AndDESede_oid, 50000, oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
null, 0); null, 0);
// password-less with security property // password-less with security property
@ -68,7 +68,7 @@ public class ParamsPreferences {
"keystore.pkcs12.macAlgorithm", "NONE", "keystore.pkcs12.macAlgorithm", "NONE",
"-", "-",
null, 0, null, 0,
pbeWithSHA1AndDESede_oid, 50000, oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
null, 0); null, 0);
// back to with storepass by overriding security property with system property // back to with storepass by overriding security property with system property
@ -78,9 +78,9 @@ public class ParamsPreferences {
"keystore.pkcs12.certProtectionAlgorithm", "NONE", "keystore.pkcs12.certProtectionAlgorithm", "NONE",
"keystore.pkcs12.macAlgorithm", "NONE", "keystore.pkcs12.macAlgorithm", "NONE",
"-", "-",
pbeWithSHA1AndDESede_oid, 50000, oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
pbeWithSHA1AndDESede_oid, 50000, oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
SHA256_oid, 100000); oid(KnownOIDs.SHA_256), 100000);
// back to with storepass by using "" to force hardcoded default // back to with storepass by using "" to force hardcoded default
test(c++, "keystore.pkcs12.certProtectionAlgorithm", "", test(c++, "keystore.pkcs12.certProtectionAlgorithm", "",
@ -91,9 +91,9 @@ public class ParamsPreferences {
"keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40", "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40",
"keystore.pkcs12.macAlgorithm", "NONE", "keystore.pkcs12.macAlgorithm", "NONE",
"-", "-",
pbeWithSHA1AndRC2_40_oid, 50000, oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
pbeWithSHA1AndDESede_oid, 50000, oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
SHA_oid, 100000); oid(KnownOIDs.SHA_1), 100000);
// change everything with system property // change everything with system property
test(c++, "keystore.pkcs12.certProtectionAlgorithm", "PBEWithSHA1AndDESede", test(c++, "keystore.pkcs12.certProtectionAlgorithm", "PBEWithSHA1AndDESede",
@ -103,9 +103,9 @@ public class ParamsPreferences {
"keystore.pkcs12.macAlgorithm", "HmacPBESHA256", "keystore.pkcs12.macAlgorithm", "HmacPBESHA256",
"keystore.pkcs12.macIterationCount", 2000, "keystore.pkcs12.macIterationCount", 2000,
"-", "-", "-", "-",
pbeWithSHA1AndDESede_oid, 3000, oid(KnownOIDs.PBEWithSHA1AndDESede), 3000,
pbeWithSHA1AndRC2_40_oid, 4000, oid(KnownOIDs.PBEWithSHA1AndRC2_40), 4000,
SHA256_oid, 2000); oid(KnownOIDs.SHA_256), 2000);
// change everything with security property // change everything with security property
test(c++, "-", test(c++, "-",
@ -116,9 +116,9 @@ public class ParamsPreferences {
"keystore.pkcs12.macAlgorithm", "HmacPBESHA256", "keystore.pkcs12.macAlgorithm", "HmacPBESHA256",
"keystore.pkcs12.macIterationCount", 2000, "keystore.pkcs12.macIterationCount", 2000,
"-", "-",
pbeWithSHA1AndDESede_oid, 3000, oid(KnownOIDs.PBEWithSHA1AndDESede), 3000,
pbeWithSHA1AndRC2_40_oid, 4000, oid(KnownOIDs.PBEWithSHA1AndRC2_40), 4000,
SHA256_oid, 2000); oid(KnownOIDs.SHA_256), 2000);
// override security property with system property // override security property with system property
test(c++, "keystore.pkcs12.certProtectionAlgorithm", "PBEWithSHA1AndDESede", test(c++, "keystore.pkcs12.certProtectionAlgorithm", "PBEWithSHA1AndDESede",
@ -135,9 +135,9 @@ public class ParamsPreferences {
"keystore.pkcs12.macAlgorithm", "HmacPBESHA1", "keystore.pkcs12.macAlgorithm", "HmacPBESHA1",
"keystore.pkcs12.macIterationCount", 2000, "keystore.pkcs12.macIterationCount", 2000,
"-", "-",
pbeWithSHA1AndDESede_oid, 13000, oid(KnownOIDs.PBEWithSHA1AndDESede), 13000,
pbeWithSHA1AndRC2_40_oid, 14000, oid(KnownOIDs.PBEWithSHA1AndRC2_40), 14000,
SHA256_oid, 12000); oid(KnownOIDs.SHA_256), 12000);
// check keyProtectionAlgorithm old behavior. Preferences of // check keyProtectionAlgorithm old behavior. Preferences of
// 4 different settings. // 4 different settings.
@ -145,25 +145,25 @@ public class ParamsPreferences {
test(c++, "-", test(c++, "-",
"keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128", "keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128",
"-", "-",
pbeWithSHA1AndRC2_40_oid, 50000, oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
pbeWithSHA1AndRC2_128_oid, 50000, oid(KnownOIDs.PBEWithSHA1AndRC2_128), 50000,
SHA_oid, 100000); oid(KnownOIDs.SHA_1), 100000);
test(c++, "-", test(c++, "-",
"keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128", "keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128",
"keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40", "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40",
"-", "-",
pbeWithSHA1AndRC2_40_oid, 50000, oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
pbeWithSHA1AndRC2_40_oid, 50000, oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
SHA_oid, 100000); oid(KnownOIDs.SHA_1), 100000);
test(c++, test(c++,
"keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC4_128", "keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC4_128",
"-", "-",
"keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128", "keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128",
"keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40", "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40",
"-", "-",
pbeWithSHA1AndRC2_40_oid, 50000, oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
pbeWithSHA1AndRC4_128_oid, 50000, oid(KnownOIDs.PBEWithSHA1AndRC4_128), 50000,
SHA_oid, 100000); oid(KnownOIDs.SHA_1), 100000);
test(c++, test(c++,
"keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC4_128", "keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC4_128",
"keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC4_40", "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC4_40",
@ -171,9 +171,13 @@ public class ParamsPreferences {
"keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128", "keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128",
"keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40", "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40",
"-", "-",
pbeWithSHA1AndRC2_40_oid, 50000, oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
pbeWithSHA1AndRC4_40_oid, 50000, oid(KnownOIDs.PBEWithSHA1AndRC4_40), 50000,
SHA_oid, 100000); oid(KnownOIDs.SHA_1), 100000);
}
private static ObjectIdentifier oid(KnownOIDs o) {
return ObjectIdentifier.of(o);
} }
/** /**

66
test/jdk/sun/security/pkcs12/ParamsTest.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -23,10 +23,9 @@
/* /*
* @test * @test
* @bug 8076190 * @bug 8076190 8242151
* @library /test/lib * @library /test/lib
* @modules java.base/sun.security.pkcs * @modules java.base/sun.security.pkcs
* java.base/sun.security.x509
* java.base/sun.security.util * java.base/sun.security.util
* @summary Customizing the generation of a PKCS12 keystore * @summary Customizing the generation of a PKCS12 keystore
*/ */
@ -49,7 +48,8 @@ import java.util.Base64;
import java.util.Objects; import java.util.Objects;
import static jdk.test.lib.security.DerUtils.*; import static jdk.test.lib.security.DerUtils.*;
import static sun.security.x509.AlgorithmId.*; import sun.security.util.ObjectIdentifier;
import sun.security.util.KnownOIDs;
import static sun.security.pkcs.ContentInfo.*; import static sun.security.pkcs.ContentInfo.*;
public class ParamsTest { public class ParamsTest {
@ -102,11 +102,11 @@ public class ParamsTest {
+ "-destkeystore ksnormal -deststorepass changeit"); + "-destkeystore ksnormal -deststorepass changeit");
data = Files.readAllBytes(Path.of("ksnormal")); data = Files.readAllBytes(Path.of("ksnormal"));
checkInt(data, "22", 100000); // Mac ic checkInt(data, "22", 100000); // Mac ic
checkAlg(data, "2000", SHA_oid); // Mac alg checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
checkInt(data, "110c010c010011", 50000); // key ic checkInt(data, "110c010c010011", 50000); // key ic
checkAlg(data, "110c10", ENCRYPTED_DATA_OID); checkAlg(data, "110c10", ENCRYPTED_DATA_OID);
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
checkInt(data, "110c1101111", 50000); // cert ic checkInt(data, "110c1101111", 50000); // cert ic
check("ksnormal", "a", "changeit", "changeit", true, true, true); check("ksnormal", "a", "changeit", "changeit", true, true, true);
@ -120,13 +120,13 @@ public class ParamsTest {
+ "-J-Dkeystore.pkcs12.macAlgorithm=NONE"); + "-J-Dkeystore.pkcs12.macAlgorithm=NONE");
data = Files.readAllBytes(Path.of("ksnormal")); data = Files.readAllBytes(Path.of("ksnormal"));
checkInt(data, "22", 100000); // Mac ic checkInt(data, "22", 100000); // Mac ic
checkAlg(data, "2000", SHA_oid); // Mac alg checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
checkInt(data, "110c010c010011", 50000); // key ic checkInt(data, "110c010c010011", 50000); // key ic
checkAlg(data, "110c010c11000", pbeWithSHA1AndDESede_oid); // new key alg checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // new key alg
checkInt(data, "110c010c110011", 50000); // new key ic checkInt(data, "110c010c110011", 50000); // new key ic
checkAlg(data, "110c10", ENCRYPTED_DATA_OID); checkAlg(data, "110c10", ENCRYPTED_DATA_OID);
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
checkInt(data, "110c1101111", 50000); // cert ic checkInt(data, "110c1101111", 50000); // cert ic
check("ksnormal", "b", null, "changeit", true, false, true); check("ksnormal", "b", null, "changeit", true, false, true);
check("ksnormal", "b", "changeit", "changeit", true, true, true); check("ksnormal", "b", "changeit", "changeit", true, true, true);
@ -139,7 +139,7 @@ public class ParamsTest {
+ "-J-Dkeystore.pkcs12.macAlgorithm=NONE"); + "-J-Dkeystore.pkcs12.macAlgorithm=NONE");
data = Files.readAllBytes(Path.of("ksnopass")); data = Files.readAllBytes(Path.of("ksnopass"));
shouldNotExist(data, "2"); // no Mac shouldNotExist(data, "2"); // no Mac
checkAlg(data, "110c010c01000", pbeWithSHA1AndRC4_128_oid); checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndRC4_128));
checkInt(data, "110c010c010011", 50000); checkInt(data, "110c010c010011", 50000);
checkAlg(data, "110c10", DATA_OID); checkAlg(data, "110c10", DATA_OID);
check("ksnopass", "a", null, "changeit", true, true, true); check("ksnopass", "a", null, "changeit", true, true, true);
@ -151,9 +151,9 @@ public class ParamsTest {
+ "-storepass changeit -alias b -dname CN=B"); + "-storepass changeit -alias b -dname CN=B");
data = Files.readAllBytes(Path.of("ksnopass")); data = Files.readAllBytes(Path.of("ksnopass"));
shouldNotExist(data, "2"); // no Mac shouldNotExist(data, "2"); // no Mac
checkAlg(data, "110c010c01000", pbeWithSHA1AndRC4_128_oid); checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndRC4_128));
checkInt(data, "110c010c010011", 50000); checkInt(data, "110c010c010011", 50000);
checkAlg(data, "110c010c11000", pbeWithSHA1AndDESede_oid); checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndDESede));
checkInt(data, "110c010c110011", 50000); checkInt(data, "110c010c110011", 50000);
checkAlg(data, "110c10", DATA_OID); checkAlg(data, "110c10", DATA_OID);
check("ksnopass", "a", null, "changeit", true, true, true); check("ksnopass", "a", null, "changeit", true, true, true);
@ -166,10 +166,10 @@ public class ParamsTest {
+ "-J-Dkeystore.pkcs12.keyPbeIterationCount=7777"); + "-J-Dkeystore.pkcs12.keyPbeIterationCount=7777");
data = Files.readAllBytes(Path.of("ksnewic")); data = Files.readAllBytes(Path.of("ksnewic"));
checkInt(data, "22", 5555); // Mac ic checkInt(data, "22", 5555); // Mac ic
checkAlg(data, "2000", SHA_oid); // Mac alg checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
checkInt(data, "110c010c010011", 7777); // key ic checkInt(data, "110c010c010011", 7777); // key ic
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
checkInt(data, "110c1101111", 6666); // cert ic checkInt(data, "110c1101111", 6666); // cert ic
// keypbe alg cannot be NONE // keypbe alg cannot be NONE
@ -185,12 +185,12 @@ public class ParamsTest {
+ "-J-Dkeystore.pkcs12.keyProtectionAlgorithm=PBEWithSHA1AndRC4_128"); + "-J-Dkeystore.pkcs12.keyProtectionAlgorithm=PBEWithSHA1AndRC4_128");
data = Files.readAllBytes(Path.of("ksnewic")); data = Files.readAllBytes(Path.of("ksnewic"));
checkInt(data, "22", 5555); // Mac ic checkInt(data, "22", 5555); // Mac ic
checkAlg(data, "2000", SHA_oid); // Mac alg checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
checkInt(data, "110c010c010011", 7777); // key ic checkInt(data, "110c010c010011", 7777); // key ic
checkAlg(data, "110c010c11000", pbeWithSHA1AndRC4_128_oid); // new key alg checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndRC4_128)); // new key alg
checkInt(data, "110c010c110011", 50000); // new key ic checkInt(data, "110c010c110011", 50000); // new key ic
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
checkInt(data, "110c1101111", 6666); // cert ic checkInt(data, "110c1101111", 6666); // cert ic
// Check KeyStore loading multiple keystores // Check KeyStore loading multiple keystores
@ -202,13 +202,13 @@ public class ParamsTest {
} }
data = Files.readAllBytes(Path.of("ksnormaldup")); data = Files.readAllBytes(Path.of("ksnormaldup"));
checkInt(data, "22", 100000); // Mac ic checkInt(data, "22", 100000); // Mac ic
checkAlg(data, "2000", SHA_oid); // Mac alg checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
checkInt(data, "110c010c010011", 50000); // key ic checkInt(data, "110c010c010011", 50000); // key ic
checkAlg(data, "110c010c11000", pbeWithSHA1AndDESede_oid); // new key alg checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // new key alg
checkInt(data, "110c010c110011", 50000); // new key ic checkInt(data, "110c010c110011", 50000); // new key ic
checkAlg(data, "110c10", ENCRYPTED_DATA_OID); checkAlg(data, "110c10", ENCRYPTED_DATA_OID);
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
checkInt(data, "110c1101111", 50000); // cert ic checkInt(data, "110c1101111", 50000); // cert ic
try (FileInputStream fis = new FileInputStream("ksnopass"); try (FileInputStream fis = new FileInputStream("ksnopass");
@ -218,9 +218,9 @@ public class ParamsTest {
} }
data = Files.readAllBytes(Path.of("ksnopassdup")); data = Files.readAllBytes(Path.of("ksnopassdup"));
shouldNotExist(data, "2"); // no Mac shouldNotExist(data, "2"); // no Mac
checkAlg(data, "110c010c01000", pbeWithSHA1AndRC4_128_oid); checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndRC4_128));
checkInt(data, "110c010c010011", 50000); checkInt(data, "110c010c010011", 50000);
checkAlg(data, "110c010c11000", pbeWithSHA1AndDESede_oid); checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndDESede));
checkInt(data, "110c010c110011", 50000); checkInt(data, "110c010c110011", 50000);
checkAlg(data, "110c10", DATA_OID); checkAlg(data, "110c10", DATA_OID);
@ -231,12 +231,12 @@ public class ParamsTest {
} }
data = Files.readAllBytes(Path.of("ksnewicdup")); data = Files.readAllBytes(Path.of("ksnewicdup"));
checkInt(data, "22", 5555); // Mac ic checkInt(data, "22", 5555); // Mac ic
checkAlg(data, "2000", SHA_oid); // Mac alg checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
checkInt(data, "110c010c010011", 7777); // key ic checkInt(data, "110c010c010011", 7777); // key ic
checkAlg(data, "110c010c11000", pbeWithSHA1AndRC4_128_oid); // new key alg checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndRC4_128)); // new key alg
checkInt(data, "110c010c110011", 50000); // new key ic checkInt(data, "110c010c110011", 50000); // new key ic
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
checkInt(data, "110c1101111", 6666); // cert ic checkInt(data, "110c1101111", 6666); // cert ic
// Check keytool behavior // Check keytool behavior
@ -434,6 +434,10 @@ public class ParamsTest {
Asserts.assertEQ(expectedKey, actualKey, label + "-key"); Asserts.assertEQ(expectedKey, actualKey, label + "-key");
} }
private static ObjectIdentifier oid(KnownOIDs o) {
return ObjectIdentifier.of(o);
}
static OutputAnalyzer keytool(String s) throws Throwable { static OutputAnalyzer keytool(String s) throws Throwable {
return SecurityTools.keytool(s); return SecurityTools.keytool(s);
} }

7
test/jdk/sun/security/tools/jarsigner/TimestampCheck.java
View file

@ -63,6 +63,7 @@ import sun.security.x509.X500Name;
/* /*
* @test * @test
* @bug 6543842 6543440 6939248 8009636 8024302 8163304 8169911 8180289 8172404 * @bug 6543842 6543440 6939248 8009636 8024302 8163304 8169911 8180289 8172404
* 8242151
* @summary checking response of timestamp * @summary checking response of timestamp
* @modules java.base/sun.security.pkcs * @modules java.base/sun.security.pkcs
* java.base/sun.security.timestamp * java.base/sun.security.timestamp
@ -134,7 +135,7 @@ public class TimestampCheck {
messageImprint.data.getDerValue()); messageImprint.data.getDerValue());
System.out.println("# AlgorithmId: " + aid); System.out.println("# AlgorithmId: " + aid);
ObjectIdentifier policyId = new ObjectIdentifier(defaultPolicyId); ObjectIdentifier policyId = ObjectIdentifier.of(defaultPolicyId);
BigInteger nonce = null; BigInteger nonce = null;
while (value.data.available() > 0) { while (value.data.available() > 0) {
DerValue v = value.data.getDerValue(); DerValue v = value.data.getDerValue();
@ -158,7 +159,7 @@ public class TimestampCheck {
String alias = path.startsWith("ts") ? path : "ts"; String alias = path.startsWith("ts") ? path : "ts";
if (path.equals("diffpolicy")) { if (path.equals("diffpolicy")) {
policyId = new ObjectIdentifier(defaultPolicyId); policyId = ObjectIdentifier.of(defaultPolicyId);
} }
DerOutputStream statusInfo = new DerOutputStream(); DerOutputStream statusInfo = new DerOutputStream();
@ -230,7 +231,7 @@ public class TimestampCheck {
alias, "changeit".toCharArray()))); alias, "changeit".toCharArray())));
sig.update(tstInfo.toByteArray()); sig.update(tstInfo.toByteArray());
ContentInfo contentInfo = new ContentInfo(new ObjectIdentifier( ContentInfo contentInfo = new ContentInfo(ObjectIdentifier.of(
"1.2.840.113549.1.9.16.1.4"), "1.2.840.113549.1.9.16.1.4"),
new DerValue(tstInfo2.toByteArray())); new DerValue(tstInfo2.toByteArray()));

22
test/jdk/sun/security/tools/keytool/KeyToolTest.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/* /*
* @test * @test
* @bug 6251120 8231950 * @bug 6251120 8231950 8242151
* @summary Testing keytool * @summary Testing keytool
* *
* Run through autotest.sh and manualtest.sh * Run through autotest.sh and manualtest.sh
@ -1602,7 +1602,7 @@ public class KeyToolTest {
int pos = 0; int pos = 0;
System.err.print("x"); System.err.print("x");
Extension ex = ((X509CertImpl)ks.getCertificate(alias)) Extension ex = ((X509CertImpl)ks.getCertificate(alias))
.getExtension(new ObjectIdentifier(oid)); .getExtension(ObjectIdentifier.of(oid));
if (!Arrays.equals(value, ex.getValue())) { if (!Arrays.equals(value, ex.getValue())) {
throw new RuntimeException("Not same content in " + throw new RuntimeException("Not same content in " +
alias + " for " + oid); alias + " for " + oid);
@ -1611,9 +1611,9 @@ public class KeyToolTest {
} }
CheckOid coid = new CheckOid(); CheckOid coid = new CheckOid();
assertTrue(((X509CertImpl)ks.getCertificate("oid1")) assertTrue(((X509CertImpl)ks.getCertificate("oid1"))
.getExtension(new ObjectIdentifier("1.2.3")).isCritical()); .getExtension(ObjectIdentifier.of("1.2.3")).isCritical());
assertTrue(!((X509CertImpl)ks.getCertificate("oid2")) assertTrue(!((X509CertImpl)ks.getCertificate("oid2"))
.getExtension(new ObjectIdentifier("1.2.3")).isCritical()); .getExtension(ObjectIdentifier.of("1.2.3")).isCritical());
coid.check(ks, "oid1", "1.2.3", new byte[]{1,2}); coid.check(ks, "oid1", "1.2.3", new byte[]{1,2});
coid.check(ks, "oid2", "1.2.3", new byte[]{}); coid.check(ks, "oid2", "1.2.3", new byte[]{});
coid.check(ks, "oid12", "1.2.3", new byte[]{}); coid.check(ks, "oid12", "1.2.3", new byte[]{});
@ -1643,14 +1643,14 @@ public class KeyToolTest {
assertTrue(a.getAuthorityKeyIdentifierExtension() != null); assertTrue(a.getAuthorityKeyIdentifierExtension() != null);
assertTrue(a.getSubjectKeyIdentifierExtension() != null); assertTrue(a.getSubjectKeyIdentifierExtension() != null);
assertTrue(a.getKeyUsage() == null); assertTrue(a.getKeyUsage() == null);
assertTrue(a.getExtension(new ObjectIdentifier("1.2.3")).isCritical()); assertTrue(a.getExtension(ObjectIdentifier.of("1.2.3")).isCritical());
assertTrue(!a.getExtension(new ObjectIdentifier("1.2.4")).isCritical()); assertTrue(!a.getExtension(ObjectIdentifier.of("1.2.4")).isCritical());
assertTrue(!a.getExtension(new ObjectIdentifier("1.2.5")).isCritical()); assertTrue(!a.getExtension(ObjectIdentifier.of("1.2.5")).isCritical());
assertTrue(a.getExtensionValue("1.2.3").length == 3); assertTrue(a.getExtensionValue("1.2.3").length == 3);
assertTrue(a.getExtensionValue("1.2.4").length == 4); assertTrue(a.getExtensionValue("1.2.4").length == 4);
assertTrue(a.getExtensionValue("1.2.5").length == 5); assertTrue(a.getExtensionValue("1.2.5").length == 5);
assertTrue(a.getBasicConstraints() == 2); assertTrue(a.getBasicConstraints() == 2);
assertTrue(!a.getExtension(new ObjectIdentifier("2.3.4")).isCritical()); assertTrue(!a.getExtension(ObjectIdentifier.of("2.3.4")).isCritical());
assertTrue(a.getExtensionValue("2.3.4").length == 6); assertTrue(a.getExtensionValue("2.3.4").length == 6);
// 8073181: keytool -ext honored not working correctly // 8073181: keytool -ext honored not working correctly
@ -1660,8 +1660,8 @@ public class KeyToolTest {
testOK("", simple+"-importcert -file test2.cert -alias b"); testOK("", simple+"-importcert -file test2.cert -alias b");
ks = loadStore("x.jks", "changeit", "JKS"); ks = loadStore("x.jks", "changeit", "JKS");
X509CertImpl b = (X509CertImpl)ks.getCertificate("b"); X509CertImpl b = (X509CertImpl)ks.getCertificate("b");
assertTrue(!b.getExtension(new ObjectIdentifier("1.2.3")).isCritical()); assertTrue(!b.getExtension(ObjectIdentifier.of("1.2.3")).isCritical());
assertTrue(b.getExtension(new ObjectIdentifier("1.2.4")).isCritical()); assertTrue(b.getExtension(ObjectIdentifier.of("1.2.4")).isCritical());
// 8073182: keytool may generate duplicate extensions // 8073182: keytool may generate duplicate extensions
testOK("", pre+"dup -ext bc=2 -ext 2.5.29.19=30030101FF -ext bc=3"); testOK("", pre+"dup -ext bc=2 -ext 2.5.29.19=30030101FF -ext bc=3");

6
test/jdk/sun/security/util/Oid/OidEquals.java
View file

@ -23,7 +23,7 @@
/* /*
* @test * @test
* @bug 8022444 * @bug 8022444 8242151
* @summary Test ObjectIdentifier.equals(Object obj) * @summary Test ObjectIdentifier.equals(Object obj)
* @modules java.base/sun.security.util * @modules java.base/sun.security.util
*/ */
@ -32,8 +32,8 @@ import sun.security.util.ObjectIdentifier;
public class OidEquals { public class OidEquals {
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
ObjectIdentifier oid1 = new ObjectIdentifier("1.3.6.1.4.1.42.2.17"); ObjectIdentifier oid1 = ObjectIdentifier.of("1.3.6.1.4.1.42.2.17");
ObjectIdentifier oid2 = new ObjectIdentifier("1.2.3.4"); ObjectIdentifier oid2 = ObjectIdentifier.of("1.2.3.4");
assertEquals(oid1, oid1); assertEquals(oid1, oid1);
assertNotEquals(oid1, oid2); assertNotEquals(oid1, oid2);

8
test/jdk/sun/security/util/Oid/OidFormat.java
View file

@ -24,9 +24,7 @@
/* /*
* @test * @test
* @author Weijun Wang * @author Weijun Wang
* @bug 6418422 * @bug 6418422 6418425 6418433 8242151
* @bug 6418425
* @bug 6418433
* @summary ObjectIdentifier should reject 1.2.3.-4 and throw IOException on all format errors * @summary ObjectIdentifier should reject 1.2.3.-4 and throw IOException on all format errors
* @modules java.base/sun.security.util * @modules java.base/sun.security.util
* java.security.jgss * java.security.jgss
@ -90,7 +88,7 @@ public class OidFormat {
static void testGood(String s) throws Exception { static void testGood(String s) throws Exception {
System.err.println("Trying " + s); System.err.println("Trying " + s);
ObjectIdentifier oid = new ObjectIdentifier(s); ObjectIdentifier oid = ObjectIdentifier.of(s);
if (!oid.toString().equals(s)) { if (!oid.toString().equals(s)) {
throw new Exception("equal test fail"); throw new Exception("equal test fail");
} }
@ -106,7 +104,7 @@ public class OidFormat {
static void testBad(String s) throws Exception { static void testBad(String s) throws Exception {
System.err.println("Trying " + s); System.err.println("Trying " + s);
try { try {
new ObjectIdentifier(s); ObjectIdentifier.of(s);
throw new Exception("should be invalid ObjectIdentifier"); throw new Exception("should be invalid ObjectIdentifier");
} catch (IOException ioe) { } catch (IOException ioe) {
System.err.println(ioe); System.err.println(ioe);

6
test/jdk/sun/security/util/Oid/S11N.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2013, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/* /*
* @test * @test
* @bug 4811968 6908628 8006564 8130696 * @bug 4811968 6908628 8006564 8130696 8242151
* @modules java.base/sun.security.util * @modules java.base/sun.security.util
* @run main S11N check * @run main S11N check
* @summary Serialization compatibility with old versions (and fixes) * @summary Serialization compatibility with old versions (and fixes)
@ -118,7 +118,7 @@ public class S11N {
// Gets the serialized form for this java // Gets the serialized form for this java
private static byte[] out(String oid) throws Exception { private static byte[] out(String oid) throws Exception {
ByteArrayOutputStream bout = new ByteArrayOutputStream(); ByteArrayOutputStream bout = new ByteArrayOutputStream();
new ObjectOutputStream(bout).writeObject(new ObjectIdentifier(oid)); new ObjectOutputStream(bout).writeObject(ObjectIdentifier.of(oid));
return bout.toByteArray(); return bout.toByteArray();
} }

4
test/jdk/sun/security/x509/AVA/AVAEqualsHashCode.java
View file

@ -24,7 +24,7 @@
/* /*
* @test * @test
* @author Gary Ellison * @author Gary Ellison
* @bug 4170635 * @bug 4170635 8242151
* @summary Verify equals()/hashCode() contract honored * @summary Verify equals()/hashCode() contract honored
* @modules java.base/sun.security.util * @modules java.base/sun.security.util
* java.base/sun.security.x509 * java.base/sun.security.x509
@ -44,7 +44,7 @@ public class AVAEqualsHashCode {
String name = "CN=eve s. dropper"; String name = "CN=eve s. dropper";
X500Name dn = new X500Name(name); X500Name dn = new X500Name(name);
DerOutputStream deros = new DerOutputStream(); DerOutputStream deros = new DerOutputStream();
ObjectIdentifier oid = new ObjectIdentifier("1.2.840.113549.2.5"); ObjectIdentifier oid = ObjectIdentifier.of("1.2.840.113549.2.5");
dn.encode(deros); dn.encode(deros);
byte[] ba = deros.toByteArray(); byte[] ba = deros.toByteArray();

35
test/jdk/sun/security/x509/AlgorithmId/ExtensibleAlgorithmId.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -23,8 +23,9 @@
/* /*
* @test * @test
* @bug 4162868 8130181 * @bug 4162868 8130181 8242151
* @modules java.base/sun.security.x509 * @modules java.base/sun.security.x509
* @modules java.base/sun.security.util
* @run main/othervm ExtensibleAlgorithmId * @run main/othervm ExtensibleAlgorithmId
* @summary Algorithm Name-to-OID mapping needs to be made extensible. * @summary Algorithm Name-to-OID mapping needs to be made extensible.
*/ */
@ -39,16 +40,27 @@ public class ExtensibleAlgorithmId {
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
TestProvider p = new TestProvider(); TestProvider p = new TestProvider();
Security.addProvider(p); Security.addProvider(p);
AlgorithmId algid = AlgorithmId.getAlgorithmId("XYZ"); AlgorithmId algid = AlgorithmId.getAlgorithmId(TestProvider.ALG_NAME);
String alias = "Alg.Alias.Signature.OID." + algid.toString(); String oid = algid.getOID().toString();
if (!oid.equals(TestProvider.ALG_OID)) {
throw new Exception("Provider alias oid not used, found " + oid);
}
String name = algid.getName();
if (!name.equalsIgnoreCase(TestProvider.ALG_NAME)) {
throw new Exception("provider alias name not used, found " + name);
}
String alias = "Alg.Alias.Signature.OID." + oid;
String stdAlgName = p.getProperty(alias); String stdAlgName = p.getProperty(alias);
if (stdAlgName == null || !stdAlgName.equalsIgnoreCase("XYZ")) { if (stdAlgName == null ||
!stdAlgName.equalsIgnoreCase(TestProvider.ALG_NAME)) {
throw new Exception("Wrong OID"); throw new Exception("Wrong OID");
} }
} }
}
class TestProvider extends Provider { static class TestProvider extends Provider {
static String ALG_OID = "1.2.3.4.5.6.7.8.9.0";
static String ALG_NAME = "XYZ";
public TestProvider() { public TestProvider() {
super("Dummy", "1.0", "XYZ algorithm"); super("Dummy", "1.0", "XYZ algorithm");
@ -56,14 +68,15 @@ class TestProvider extends Provider {
AccessController.doPrivileged(new PrivilegedAction() { AccessController.doPrivileged(new PrivilegedAction() {
public Object run() { public Object run() {
put("Signature.XYZ", "test.xyz"); put("Signature." + ALG_NAME, "test.xyz");
// preferred OID // preferred OID
put("Alg.Alias.Signature.OID.1.2.3.4.5.6.7.8.9.0", put("Alg.Alias.Signature.OID." + ALG_OID,
"XYZ"); ALG_NAME);
put("Alg.Alias.Signature.9.8.7.6.5.4.3.2.1.0", put("Alg.Alias.Signature.9.8.7.6.5.4.3.2.1.0",
"XYZ"); ALG_NAME);
return null; return null;
} }
}); });
} }
} }
}

4
test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java
View file

@ -23,7 +23,7 @@
/* /*
* @test * @test
* @bug 8049237 * @bug 8049237 8242151
* @modules java.base/sun.security.x509 * @modules java.base/sun.security.x509
* java.base/sun.security.util * java.base/sun.security.util
* jdk.crypto.ec * jdk.crypto.ec
@ -155,7 +155,7 @@ public class V3Certificate {
GeneralName ip = new GeneralName(ipInf); GeneralName ip = new GeneralName(ipInf);
GeneralNameInterface oidInf = GeneralNameInterface oidInf =
new OIDName(new ObjectIdentifier("1.2.3.4")); new OIDName(ObjectIdentifier.of("1.2.3.4"));
GeneralName oid = new GeneralName(oidInf); GeneralName oid = new GeneralName(oidInf);
SubjectAlternativeNameExtension subjectName SubjectAlternativeNameExtension subjectName

6
test/jdk/sun/security/x509/equalNames/AltNamesEqualsTest.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -24,7 +24,7 @@
/* /*
* @test * @test
* @summary Make sure names that are equal are treated as such. * @summary Make sure names that are equal are treated as such.
* @bug 4273559 * @bug 4273559 8242151
* @author Yassir Elley * @author Yassir Elley
* @modules java.base/sun.security.util * @modules java.base/sun.security.util
* java.base/sun.security.x509 * java.base/sun.security.x509
@ -114,7 +114,7 @@ public class AltNamesEqualsTest{
throws Exception throws Exception
{ {
OIDName oidName = null; OIDName oidName = null;
ObjectIdentifier oid = new ObjectIdentifier(name); ObjectIdentifier oid = ObjectIdentifier.of(name);
oidName = new OIDName(oid); oidName = new OIDName(oid);
return oidName; return oidName;
} }