archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 22:34:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8239264: Clearup the legacy ObjectIdentifier constructor from int array

Browse source 
Reviewed-by: jnimeh
This commit is contained in:
Xue-Lei Andrew Fan 2020-02-17 18:52:50 -08:00
parent 8aff5bda80
commit 4e430ffbb6
26 changed files with 412 additions and 692 deletions
Download patch file Download diff file Expand all files Collapse all files

23
src/java.base/macosx/classes/apple/security/KeychainStore.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2011, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -89,12 +89,13 @@ public final class KeychainStore extends KeyStoreSpi {
private Hashtable<String, Object> entries = new Hashtable<>(); private Hashtable<String, Object> entries = new Hashtable<>();
/** /**
* Algorithm identifiers and corresponding OIDs for the contents of the PKCS12 bag we get from the Keychain. * Algorithm identifiers and corresponding OIDs for the contents of the
* PKCS12 bag we get from the Keychain.
*/ */
private static final int keyBag[] = {1, 2, 840, 113549, 1, 12, 10, 1, 2}; private static ObjectIdentifier PKCS8ShroudedKeyBag_OID =
private static final int pbeWithSHAAnd3KeyTripleDESCBC[] = {1, 2, 840, 113549, 1, 12, 1, 3}; ObjectIdentifier.of("1.2.840.113549.1.12.10.1.2");
private static ObjectIdentifier PKCS8ShroudedKeyBag_OID; private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID =
private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID; ObjectIdentifier.of("1.2.840.113549.1.12.1.3");
/** /**
* Constnats used in PBE decryption. * Constnats used in PBE decryption.
@ -104,16 +105,6 @@ public final class KeychainStore extends KeyStoreSpi {
private static final Debug debug = Debug.getInstance("keystore"); private static final Debug debug = Debug.getInstance("keystore");
static {
jdk.internal.loader.BootLoader.loadLibrary("osxsecurity");
try {
PKCS8ShroudedKeyBag_OID = new ObjectIdentifier(keyBag);
pbeWithSHAAnd3KeyTripleDESCBC_OID = new ObjectIdentifier(pbeWithSHAAnd3KeyTripleDESCBC);
} catch (IOException ioe) {
// should not happen
}
}
private static void permissionCheck() { private static void permissionCheck() {
SecurityManager sec = System.getSecurityManager(); SecurityManager sec = System.getSecurityManager();

6
src/java.base/share/classes/com/sun/crypto/provider/DHPrivateKey.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -72,8 +72,6 @@ javax.crypto.interfaces.DHPrivateKey, Serializable {
// the private-value length (optional) // the private-value length (optional)
private int l; private int l;
private int DH_data[] = { 1, 2, 840, 113549, 1, 3, 1 };
/** /**
* Make a DH private key out of a private value <code>x</code>, a prime * Make a DH private key out of a private value <code>x</code>, a prime
* modulus <code>p</code>, and a base generator <code>g</code>. * modulus <code>p</code>, and a base generator <code>g</code>.
@ -220,7 +218,7 @@ javax.crypto.interfaces.DHPrivateKey, Serializable {
DerOutputStream algid = new DerOutputStream(); DerOutputStream algid = new DerOutputStream();
// store OID // store OID
algid.putOID(new ObjectIdentifier(DH_data)); algid.putOID(DHPublicKey.DH_OID);
// encode parameters // encode parameters
DerOutputStream params = new DerOutputStream(); DerOutputStream params = new DerOutputStream();
params.putInteger(this.p); params.putInteger(this.p);

8
src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -69,7 +69,9 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
// the private-value length (optional) // the private-value length (optional)
private int l; private int l;
private int DH_data[] = { 1, 2, 840, 113549, 1, 3, 1 }; // Note: this OID is used by DHPrivateKey as well.
static ObjectIdentifier DH_OID =
ObjectIdentifier.of("1.2.840.113549.1.3.1");
/** /**
* Make a DH public key out of a public value <code>y</code>, a prime * Make a DH public key out of a public value <code>y</code>, a prime
@ -203,7 +205,7 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
DerOutputStream algid = new DerOutputStream(); DerOutputStream algid = new DerOutputStream();
// store oid in algid // store oid in algid
algid.putOID(new ObjectIdentifier(DH_data)); algid.putOID(DH_OID);
// encode parameters // encode parameters
DerOutputStream params = new DerOutputStream(); DerOutputStream params = new DerOutputStream();

24
src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -55,24 +55,10 @@ public final class OAEPParameters extends AlgorithmParametersSpi {
private String mdName; private String mdName;
private MGF1ParameterSpec mgfSpec; private MGF1ParameterSpec mgfSpec;
private byte[] p; private byte[] p;
private static ObjectIdentifier OID_MGF1; private static ObjectIdentifier OID_MGF1 =
private static ObjectIdentifier OID_PSpecified; ObjectIdentifier.of("1.2.840.113549.1.1.8");
private static ObjectIdentifier OID_PSpecified =
static { ObjectIdentifier.of("1.2.840.113549.1.1.9");
try {
OID_MGF1 = new ObjectIdentifier(new int[] {1,2,840,113549,1,1,8});
} catch (IOException ioe) {
// should not happen
OID_MGF1 = null;
}
try {
OID_PSpecified =
new ObjectIdentifier(new int[] {1,2,840,113549,1,1,9});
} catch (IOException ioe) {
// should not happen
OID_PSpecified = null;
}
}
public OAEPParameters() { public OAEPParameters() {
} }

71
src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2012, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -90,57 +90,28 @@ import sun.security.util.*;
* *
* </pre> * </pre>
*/ */
abstract class PBES2Parameters extends AlgorithmParametersSpi { abstract class PBES2Parameters extends AlgorithmParametersSpi {
private static final int pkcs5PBKDF2[] = private static ObjectIdentifier pkcs5PBKDF2_OID =
{1, 2, 840, 113549, 1, 5, 12}; ObjectIdentifier.of("1.2.840.113549.1.5.12");
private static final int pkcs5PBES2[] = private static ObjectIdentifier pkcs5PBES2_OID =
{1, 2, 840, 113549, 1, 5, 13}; ObjectIdentifier.of("1.2.840.113549.1.5.13");
private static final int hmacWithSHA1[] = private static ObjectIdentifier hmacWithSHA1_OID =
{1, 2, 840, 113549, 2, 7}; ObjectIdentifier.of("1.2.840.113549.2.7");
private static final int hmacWithSHA224[] = private static ObjectIdentifier hmacWithSHA224_OID =
{1, 2, 840, 113549, 2, 8}; ObjectIdentifier.of("1.2.840.113549.2.8");
private static final int hmacWithSHA256[] = private static ObjectIdentifier hmacWithSHA256_OID =
{1, 2, 840, 113549, 2, 9}; ObjectIdentifier.of("1.2.840.113549.2.9");
private static final int hmacWithSHA384[] = private static ObjectIdentifier hmacWithSHA384_OID =
{1, 2, 840, 113549, 2, 10}; ObjectIdentifier.of("1.2.840.113549.2.10");
private static final int hmacWithSHA512[] = private static ObjectIdentifier hmacWithSHA512_OID =
{1, 2, 840, 113549, 2, 11}; ObjectIdentifier.of("1.2.840.113549.2.11");
private static final int aes128CBC[] = private static ObjectIdentifier aes128CBC_OID =
{2, 16, 840, 1, 101, 3, 4, 1, 2}; ObjectIdentifier.of("2.16.840.1.101.3.4.1.2");
private static final int aes192CBC[] = private static ObjectIdentifier aes192CBC_OID =
{2, 16, 840, 1, 101, 3, 4, 1, 22}; ObjectIdentifier.of("2.16.840.1.101.3.4.1.22");
private static final int aes256CBC[] = private static ObjectIdentifier aes256CBC_OID =
{2, 16, 840, 1, 101, 3, 4, 1, 42}; ObjectIdentifier.of("2.16.840.1.101.3.4.1.42");
private static ObjectIdentifier pkcs5PBKDF2_OID;
private static ObjectIdentifier pkcs5PBES2_OID;
private static ObjectIdentifier hmacWithSHA1_OID;
private static ObjectIdentifier hmacWithSHA224_OID;
private static ObjectIdentifier hmacWithSHA256_OID;
private static ObjectIdentifier hmacWithSHA384_OID;
private static ObjectIdentifier hmacWithSHA512_OID;
private static ObjectIdentifier aes128CBC_OID;
private static ObjectIdentifier aes192CBC_OID;
private static ObjectIdentifier aes256CBC_OID;
static {
try {
pkcs5PBKDF2_OID = new ObjectIdentifier(pkcs5PBKDF2);
pkcs5PBES2_OID = new ObjectIdentifier(pkcs5PBES2);
hmacWithSHA1_OID = new ObjectIdentifier(hmacWithSHA1);
hmacWithSHA224_OID = new ObjectIdentifier(hmacWithSHA224);
hmacWithSHA256_OID = new ObjectIdentifier(hmacWithSHA256);
hmacWithSHA384_OID = new ObjectIdentifier(hmacWithSHA384);
hmacWithSHA512_OID = new ObjectIdentifier(hmacWithSHA512);
aes128CBC_OID = new ObjectIdentifier(aes128CBC);
aes192CBC_OID = new ObjectIdentifier(aes192CBC);
aes256CBC_OID = new ObjectIdentifier(aes256CBC);
} catch (IOException ioe) {
// should not happen
}
}
// the PBES2 algorithm name // the PBES2 algorithm name
private String pbes2AlgorithmName = null; private String pbes2AlgorithmName = null;

4
src/java.base/share/classes/java/security/cert/X509CertSelector.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -88,7 +88,7 @@ public class X509CertSelector implements CertSelector {
private static final Debug debug = Debug.getInstance("certpath"); private static final Debug debug = Debug.getInstance("certpath");
private static final ObjectIdentifier ANY_EXTENDED_KEY_USAGE = private static final ObjectIdentifier ANY_EXTENDED_KEY_USAGE =
ObjectIdentifier.newInternal(new int[] {2, 5, 29, 37, 0}); ObjectIdentifier.of("2.5.29.37.0");
static { static {
CertPathHelperImpl.initialize(); CertPathHelperImpl.initialize();

74
src/java.base/share/classes/sun/security/pkcs/ContentInfo.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -38,50 +38,36 @@ import sun.security.util.*;
public class ContentInfo { public class ContentInfo {
// pkcs7 pre-defined content types // pkcs7 pre-defined content types
private static int[] pkcs7 = {1, 2, 840, 113549, 1, 7}; public static ObjectIdentifier PKCS7_OID =
private static int[] data = {1, 2, 840, 113549, 1, 7, 1}; ObjectIdentifier.of("1.2.840.113549.1.7");
private static int[] sdata = {1, 2, 840, 113549, 1, 7, 2}; public static ObjectIdentifier DATA_OID =
private static int[] edata = {1, 2, 840, 113549, 1, 7, 3}; ObjectIdentifier.of("1.2.840.113549.1.7.1");
private static int[] sedata = {1, 2, 840, 113549, 1, 7, 4}; public static ObjectIdentifier SIGNED_DATA_OID =
private static int[] ddata = {1, 2, 840, 113549, 1, 7, 5}; ObjectIdentifier.of("1.2.840.113549.1.7.2");
private static int[] crdata = {1, 2, 840, 113549, 1, 7, 6}; public static ObjectIdentifier ENVELOPED_DATA_OID =
private static int[] nsdata = {2, 16, 840, 1, 113730, 2, 5}; ObjectIdentifier.of("1.2.840.113549.1.7.3");
// timestamp token (id-ct-TSTInfo) from RFC 3161 public static ObjectIdentifier SIGNED_AND_ENVELOPED_DATA_OID =
private static int[] tstInfo = {1, 2, 840, 113549, 1, 9, 16, 1, 4}; ObjectIdentifier.of("1.2.840.113549.1.7.4");
// this is for backwards-compatibility with JDK 1.1.x public static ObjectIdentifier DIGESTED_DATA_OID =
private static final int[] OLD_SDATA = {1, 2, 840, 1113549, 1, 7, 2}; ObjectIdentifier.of("1.2.840.113549.1.7.5");
private static final int[] OLD_DATA = {1, 2, 840, 1113549, 1, 7, 1}; public static ObjectIdentifier ENCRYPTED_DATA_OID =
public static ObjectIdentifier PKCS7_OID; ObjectIdentifier.of("1.2.840.113549.1.7.6");
public static ObjectIdentifier DATA_OID;
public static ObjectIdentifier SIGNED_DATA_OID;
public static ObjectIdentifier ENVELOPED_DATA_OID;
public static ObjectIdentifier SIGNED_AND_ENVELOPED_DATA_OID;
public static ObjectIdentifier DIGESTED_DATA_OID;
public static ObjectIdentifier ENCRYPTED_DATA_OID;
public static ObjectIdentifier OLD_SIGNED_DATA_OID;
public static ObjectIdentifier OLD_DATA_OID;
public static ObjectIdentifier NETSCAPE_CERT_SEQUENCE_OID;
public static ObjectIdentifier TIMESTAMP_TOKEN_INFO_OID;
static { // this is for backwards-compatibility with JDK 1.1.x
PKCS7_OID = ObjectIdentifier.newInternal(pkcs7); public static ObjectIdentifier OLD_SIGNED_DATA_OID =
DATA_OID = ObjectIdentifier.newInternal(data); ObjectIdentifier.of("1.2.840.1113549.1.7.2");
SIGNED_DATA_OID = ObjectIdentifier.newInternal(sdata); public static ObjectIdentifier OLD_DATA_OID =
ENVELOPED_DATA_OID = ObjectIdentifier.newInternal(edata); ObjectIdentifier.of("1.2.840.1113549.1.7.1");
SIGNED_AND_ENVELOPED_DATA_OID = ObjectIdentifier.newInternal(sedata);
DIGESTED_DATA_OID = ObjectIdentifier.newInternal(ddata); // The ASN.1 systax for the Netscape Certificate Sequence data type is
ENCRYPTED_DATA_OID = ObjectIdentifier.newInternal(crdata); // defined at:
OLD_SIGNED_DATA_OID = ObjectIdentifier.newInternal(OLD_SDATA); // http://wp.netscape.com/eng/security/comm4-cert-download.html
OLD_DATA_OID = ObjectIdentifier.newInternal(OLD_DATA); public static ObjectIdentifier NETSCAPE_CERT_SEQUENCE_OID =
/** ObjectIdentifier.of("2.16.840.1.113730.2.5");
* The ASN.1 systax for the Netscape Certificate Sequence
* data type is defined // timestamp token (id-ct-TSTInfo) from RFC 3161
* <a href=http://wp.netscape.com/eng/security/comm4-cert-download.html> public static ObjectIdentifier TIMESTAMP_TOKEN_INFO_OID =
* here.</a> ObjectIdentifier.of("1.2.840.113549.1.9.16.1.4");
*/
NETSCAPE_CERT_SEQUENCE_OID = ObjectIdentifier.newInternal(nsdata);
TIMESTAMP_TOKEN_INFO_OID = ObjectIdentifier.newInternal(tstInfo);
}
ObjectIdentifier contentType; ObjectIdentifier contentType;
DerValue content; // OPTIONAL DerValue content; // OPTIONAL

13
src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -190,15 +190,14 @@ public class PKCS9Attribute implements DerEncoder {
static { // static initializer for PKCS9_OIDS static { // static initializer for PKCS9_OIDS
for (int i = 1; i < PKCS9_OIDS.length - 2; i++) { for (int i = 1; i < PKCS9_OIDS.length - 2; i++) {
PKCS9_OIDS[i] = PKCS9_OIDS[i] = ObjectIdentifier.of("1.2.840.113549.1.9." + i);
ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,i});
} }
// Initialize SigningCertificate and SignatureTimestampToken // Initialize SigningCertificate and SignatureTimestampToken
// separately (because their values are out of sequence) // separately (because their values are out of sequence)
PKCS9_OIDS[PKCS9_OIDS.length - 2] = PKCS9_OIDS[PKCS9_OIDS.length - 2] =
ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,16,2,12}); ObjectIdentifier.of("1.2.840.113549.1.9.16.2.12");
PKCS9_OIDS[PKCS9_OIDS.length - 1] = PKCS9_OIDS[PKCS9_OIDS.length - 1] =
ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,16,2,14}); ObjectIdentifier.of("1.2.840.113549.1.9.16.2.14");
try { try {
BYTE_ARRAY_CLASS = Class.forName("[B"); BYTE_ARRAY_CLASS = Class.forName("[B");
@ -253,7 +252,7 @@ public class PKCS9Attribute implements DerEncoder {
* that occur in PKCS9, in lower case. * that occur in PKCS9, in lower case.
*/ */
private static final Hashtable<String, ObjectIdentifier> NAME_OID_TABLE = private static final Hashtable<String, ObjectIdentifier> NAME_OID_TABLE =
new Hashtable<String, ObjectIdentifier>(18); new Hashtable<String, ObjectIdentifier>(17);
static { // static initializer for PCKS9_NAMES static { // static initializer for PCKS9_NAMES
NAME_OID_TABLE.put("emailaddress", PKCS9_OIDS[1]); NAME_OID_TABLE.put("emailaddress", PKCS9_OIDS[1]);
@ -280,7 +279,7 @@ public class PKCS9Attribute implements DerEncoder {
* corresponding attribute value type. * corresponding attribute value type.
*/ */
private static final Hashtable<ObjectIdentifier, String> OID_NAME_TABLE = private static final Hashtable<ObjectIdentifier, String> OID_NAME_TABLE =
new Hashtable<ObjectIdentifier, String>(16); new Hashtable<ObjectIdentifier, String>(17);
static { static {
OID_NAME_TABLE.put(PKCS9_OIDS[1], EMAIL_ADDRESS_STR); OID_NAME_TABLE.put(PKCS9_OIDS[1], EMAIL_ADDRESS_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[2], UNSTRUCTURED_NAME_STR); OID_NAME_TABLE.put(PKCS9_OIDS[2], UNSTRUCTURED_NAME_STR);

67
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -157,34 +157,34 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
private static final Debug debug = Debug.getInstance("pkcs12"); private static final Debug debug = Debug.getInstance("pkcs12");
private static final int[] keyBag = {1, 2, 840, 113549, 1, 12, 10, 1, 2}; private static final ObjectIdentifier PKCS8ShroudedKeyBag_OID =
private static final int[] certBag = {1, 2, 840, 113549, 1, 12, 10, 1, 3}; ObjectIdentifier.of("1.2.840.113549.1.12.10.1.2");
private static final int[] secretBag = {1, 2, 840, 113549, 1, 12, 10, 1, 5}; private static final ObjectIdentifier CertBag_OID =
ObjectIdentifier.of("1.2.840.113549.1.12.10.1.3");
private static final ObjectIdentifier SecretBag_OID =
ObjectIdentifier.of("1.2.840.113549.1.12.10.1.5");
private static final ObjectIdentifier PKCS9FriendlyName_OID =
ObjectIdentifier.of("1.2.840.113549.1.9.20");
private static final ObjectIdentifier PKCS9LocalKeyId_OID =
ObjectIdentifier.of("1.2.840.113549.1.9.21");
private static final ObjectIdentifier PKCS9CertType_OID =
ObjectIdentifier.of("1.2.840.113549.1.9.22.1");
private static final ObjectIdentifier pbes2_OID =
ObjectIdentifier.of("1.2.840.113549.1.5.13");
private static final int[] pkcs9Name = {1, 2, 840, 113549, 1, 9, 20};
private static final int[] pkcs9KeyId = {1, 2, 840, 113549, 1, 9, 21};
private static final int[] pkcs9certType = {1, 2, 840, 113549, 1, 9, 22, 1};
private static final int[] pbes2 = {1, 2, 840, 113549, 1, 5, 13};
// TODO: temporary Oracle OID
/* /*
* { joint-iso-itu-t(2) country(16) us(840) organization(1) oracle(113894) * Temporary Oracle OID
* jdk(746875) crypto(1) id-at-trustedKeyUsage(1) } *
* {joint-iso-itu-t(2) country(16) us(840) organization(1)
* oracle(113894) jdk(746875) crypto(1) id-at-trustedKeyUsage(1)}
*/ */
private static final int[] TrustedKeyUsage = private static final ObjectIdentifier TrustedKeyUsage_OID =
{2, 16, 840, 1, 113894, 746875, 1, 1}; ObjectIdentifier.of("2.16.840.1.113894.746875.1.1");
private static final int[] AnyExtendedKeyUsage = {2, 5, 29, 37, 0};
private static final ObjectIdentifier PKCS8ShroudedKeyBag_OID; private static final ObjectIdentifier[] AnyUsage = new ObjectIdentifier[] {
private static final ObjectIdentifier CertBag_OID; // AnyExtendedKeyUsage
private static final ObjectIdentifier SecretBag_OID; ObjectIdentifier.of("2.5.29.37.0")
private static final ObjectIdentifier PKCS9FriendlyName_OID; };
private static final ObjectIdentifier PKCS9LocalKeyId_OID;
private static final ObjectIdentifier PKCS9CertType_OID;
private static final ObjectIdentifier pbes2_OID;
private static final ObjectIdentifier TrustedKeyUsage_OID;
private static final ObjectIdentifier[] AnyUsage;
private int counter = 0; private int counter = 0;
@ -213,23 +213,6 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
// the source of randomness // the source of randomness
private SecureRandom random; private SecureRandom random;
static {
try {
PKCS8ShroudedKeyBag_OID = new ObjectIdentifier(keyBag);
CertBag_OID = new ObjectIdentifier(certBag);
SecretBag_OID = new ObjectIdentifier(secretBag);
PKCS9FriendlyName_OID = new ObjectIdentifier(pkcs9Name);
PKCS9LocalKeyId_OID = new ObjectIdentifier(pkcs9KeyId);
PKCS9CertType_OID = new ObjectIdentifier(pkcs9certType);
pbes2_OID = new ObjectIdentifier(pbes2);
TrustedKeyUsage_OID = new ObjectIdentifier(TrustedKeyUsage);
AnyUsage = new ObjectIdentifier[]{
new ObjectIdentifier(AnyExtendedKeyUsage)};
} catch (IOException ioe) {
throw new AssertionError("OID not initialized", ioe);
}
}
// A keystore entry and associated attributes // A keystore entry and associated attributes
private static class Entry { private static class Entry {
Date date; // the creation date of this entry Date date; // the creation date of this entry

2
src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java
View file

@ -135,7 +135,7 @@ public final class OCSPResponse {
private static final Debug debug = Debug.getInstance("certpath"); private static final Debug debug = Debug.getInstance("certpath");
private static final boolean dump = debug != null && Debug.isOn("ocsp"); private static final boolean dump = debug != null && Debug.isOn("ocsp");
private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID = private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID =
ObjectIdentifier.newInternal(new int[] { 1, 3, 6, 1, 5, 5, 7, 48, 1, 1}); ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.1");
private static final int CERT_STATUS_GOOD = 0; private static final int CERT_STATUS_GOOD = 0;
private static final int CERT_STATUS_REVOKED = 1; private static final int CERT_STATUS_REVOKED = 1;
private static final int CERT_STATUS_UNKNOWN = 2; private static final int CERT_STATUS_UNKNOWN = 2;

112
src/java.base/share/classes/sun/security/util/ObjectIdentifier.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -50,9 +50,7 @@ import java.util.Arrays;
* @author Hemma Prafullchandra * @author Hemma Prafullchandra
*/ */
public final public final class ObjectIdentifier implements Serializable {
class ObjectIdentifier implements Serializable
{
/** /**
* We use the DER value (no tag, no length) as the internal format * We use the DER value (no tag, no length) as the internal format
* @serial * @serial
@ -100,6 +98,7 @@ class ObjectIdentifier implements Serializable
*/ */
@SuppressWarnings("serial") // Not statically typed as Serializable @SuppressWarnings("serial") // Not statically typed as Serializable
private Object components = null; // path from root private Object components = null; // path from root
/** /**
* @serial * @serial
*/ */
@ -141,15 +140,15 @@ class ObjectIdentifier implements Serializable
static class HugeOidNotSupportedByOldJDK implements Serializable { static class HugeOidNotSupportedByOldJDK implements Serializable {
@java.io.Serial @java.io.Serial
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
static HugeOidNotSupportedByOldJDK theOne = new HugeOidNotSupportedByOldJDK(); static HugeOidNotSupportedByOldJDK theOne =
new HugeOidNotSupportedByOldJDK();
} }
/** /**
* Constructs, from a string. This string should be of the form 1.23.56. * Constructs, from a string. This string should be of the form 1.23.56.
* Validity check included. * Validity check included.
*/ */
public ObjectIdentifier (String oid) throws IOException public ObjectIdentifier(String oid) throws IOException {
{
int ch = '.'; int ch = '.';
int start = 0; int start = 0;
int end = 0; int end = 0;
@ -217,20 +216,6 @@ class ObjectIdentifier implements Serializable
} }
} }
/**
* Constructor, from an array of integers.
* Validity check included.
*/
public ObjectIdentifier(int[] values) throws IOException
{
checkCount(values.length);
checkFirstComponent(values[0]);
checkSecondComponent(values[0], values[1]);
for (int i=2; i<values.length; i++)
checkOtherComponent(i, values[i]);
init(values, values.length);
}
/** /**
* Constructor, from an ASN.1 encoded input stream. * Constructor, from an ASN.1 encoded input stream.
* Validity check NOT included. * Validity check NOT included.
@ -243,8 +228,7 @@ class ObjectIdentifier implements Serializable
* @param in DER-encoded data holding an object ID * @param in DER-encoded data holding an object ID
* @exception IOException indicates a decoding error * @exception IOException indicates a decoding error
*/ */
public ObjectIdentifier (DerInputStream in) throws IOException public ObjectIdentifier(DerInputStream in) throws IOException {
{
byte type_id; byte type_id;
int bufferEnd; int bufferEnd;
@ -257,7 +241,7 @@ class ObjectIdentifier implements Serializable
* up so that we can use in.available() to check for the end of * up so that we can use in.available() to check for the end of
* this value in the data stream. * this value in the data stream.
*/ */
type_id = (byte) in.getByte (); type_id = (byte)in.getByte();
if (type_id != DerValue.tag_ObjectId) if (type_id != DerValue.tag_ObjectId)
throw new IOException ( throw new IOException (
"ObjectIdentifier() -- data isn't an object ID" "ObjectIdentifier() -- data isn't an object ID"
@ -280,8 +264,7 @@ class ObjectIdentifier implements Serializable
* the tag and length have been removed/verified * the tag and length have been removed/verified
* Validity check NOT included. * Validity check NOT included.
*/ */
ObjectIdentifier (DerInputBuffer buf) throws IOException ObjectIdentifier(DerInputBuffer buf) throws IOException {
{
DerInputStream in = new DerInputStream(buf); DerInputStream in = new DerInputStream(buf);
encoding = new byte[in.available()]; encoding = new byte[in.available()];
in.getBytes(encoding); in.getBytes(encoding);
@ -308,28 +291,23 @@ class ObjectIdentifier implements Serializable
} }
/** /**
* This method is kept for compatibility reasons. The new implementation * Returns an ObjectIdentifier instance for the specific string OID.
* does the check and conversion. All around the JDK, the method is called
* in static blocks to initialize pre-defined ObjectIdentifieies. No
* obvious performance hurt will be made after this change.
* *
* Old doc: Create a new ObjectIdentifier for internal use. The values are * Note: Please use legal string OID only. Otherwise, a RuntimeException
* neither checked nor cloned. * is thrown.
*/ */
public static ObjectIdentifier newInternal(int[] values) { public static ObjectIdentifier of(String oid) {
try { try {
return new ObjectIdentifier(values); return new ObjectIdentifier(oid);
} catch (IOException ex) { } catch (IOException ioe) {
throw new RuntimeException(ex); throw new RuntimeException(ioe);
// Should not happen, internal calls always uses legal values.
} }
} }
/* /*
* n.b. the only public interface is DerOutputStream.putOID() * n.b. the only public interface is DerOutputStream.putOID()
*/ */
void encode (DerOutputStream out) throws IOException void encode(DerOutputStream out) throws IOException {
{
out.write (DerValue.tag_ObjectId, encoding); out.write (DerValue.tag_ObjectId, encoding);
} }
@ -370,17 +348,21 @@ class ObjectIdentifier implements Serializable
if ((encoding[i] & 0x80) == 0) { if ((encoding[i] & 0x80) == 0) {
// one section [fromPos..i] // one section [fromPos..i]
if (i - fromPos + 1 > 4) { if (i - fromPos + 1 > 4) {
BigInteger big = new BigInteger(pack(encoding, fromPos, i-fromPos+1, 7, 8)); BigInteger big = new BigInteger(pack(encoding,
fromPos, i-fromPos+1, 7, 8));
if (fromPos == 0) { if (fromPos == 0) {
result[which++] = 2; result[which++] = 2;
BigInteger second = big.subtract(BigInteger.valueOf(80)); BigInteger second =
if (second.compareTo(BigInteger.valueOf(Integer.MAX_VALUE)) == 1) { big.subtract(BigInteger.valueOf(80));
if (second.compareTo(
BigInteger.valueOf(Integer.MAX_VALUE)) == 1) {
return null; return null;
} else { } else {
result[which++] = second.intValue(); result[which++] = second.intValue();
} }
} else { } else {
if (big.compareTo(BigInteger.valueOf(Integer.MAX_VALUE)) == 1) { if (big.compareTo(
BigInteger.valueOf(Integer.MAX_VALUE)) == 1) {
return null; return null;
} else { } else {
result[which++] = big.intValue(); result[which++] = big.intValue();
@ -435,7 +417,8 @@ class ObjectIdentifier implements Serializable
sb.append('.'); sb.append('.');
} }
if (i - fromPos + 1 > 4) { // maybe big integer if (i - fromPos + 1 > 4) { // maybe big integer
BigInteger big = new BigInteger(pack(encoding, fromPos, i-fromPos+1, 7, 8)); BigInteger big = new BigInteger(
pack(encoding, fromPos, i-fromPos+1, 7, 8));
if (fromPos == 0) { if (fromPos == 0) {
// first section encoded with more than 4 bytes, // first section encoded with more than 4 bytes,
// must be 2.something // must be 2.something
@ -476,7 +459,7 @@ class ObjectIdentifier implements Serializable
/** /**
* Repack all bits from input to output. On the both sides, only a portion * Repack all bits from input to output. On the both sides, only a portion
* (from the least significant bit) of the 8 bits in a byte is used. This * (from the least significant bit) of the 8 bits in a byte is used. This
* number is defined as the number of useful bits (NUB) for the array. All the * number is defined as the number of useful bits (NUB) for the array. All
* used bits from the input byte array and repacked into the output in the * used bits from the input byte array and repacked into the output in the
* exactly same order. The output bits are aligned so that the final bit of * exactly same order. The output bits are aligned so that the final bit of
* the input (the least significant bit in the last byte), when repacked as * the input (the least significant bit in the last byte), when repacked as
@ -498,7 +481,8 @@ class ObjectIdentifier implements Serializable
* @param ow NUB for output * @param ow NUB for output
* @return the repacked bytes * @return the repacked bytes
*/ */
private static byte[] pack(byte[] in, int ioffset, int ilength, int iw, int ow) { private static byte[] pack(byte[] in,
int ioffset, int ilength, int iw, int ow) {
assert (iw > 0 && iw <= 8): "input NUB must be between 1 and 8"; assert (iw > 0 && iw <= 8): "input NUB must be between 1 and 8";
assert (ow > 0 && ow <= 8): "output NUB must be between 1 and 8"; assert (ow > 0 && ow <= 8): "output NUB must be between 1 and 8";
@ -520,11 +504,12 @@ class ObjectIdentifier implements Serializable
if (count > ow - opos%ow) { // free space available in output byte if (count > ow - opos%ow) { // free space available in output byte
count = ow - opos%ow; // choose the smaller number count = ow - opos%ow; // choose the smaller number
} }
// and move them! // and move them!
out[opos/ow] |= // paste! out[opos/ow] |= // paste!
(((in[ioffset+ipos/iw]+256) // locate the byte (+256 so that it's never negative) (((in[ioffset+ipos/iw]+256) // locate the byte (+256 so that it's never negative)
>> (iw-ipos%iw-count)) // move to the end of a byte >> (iw-ipos%iw-count)) & // move to the end of a byte
& ((1 << (count))-1)) // zero out all other bits ((1 << (count))-1)) // zero out all other bits
<< (ow-opos%ow-count); // move to the output position << (ow-opos%ow-count); // move to the output position
ipos += count; // advance ipos += count; // advance
opos += count; // advance opos += count; // advance
@ -541,7 +526,8 @@ class ObjectIdentifier implements Serializable
* @param ooffset the starting position to paste * @param ooffset the starting position to paste
* @return the number of bytes pasted * @return the number of bytes pasted
*/ */
private static int pack7Oid(byte[] in, int ioffset, int ilength, byte[] out, int ooffset) { private static int pack7Oid(byte[] in,
int ioffset, int ilength, byte[] out, int ooffset) {
byte[] pack = pack(in, ioffset, ilength, 8, 7); byte[] pack = pack(in, ioffset, ilength, 8, 7);
int firstNonZero = pack.length-1; // paste at least one byte int firstNonZero = pack.length-1; // paste at least one byte
for (int i=pack.length-2; i>=0; i--) { for (int i=pack.length-2; i>=0; i--) {
@ -550,7 +536,8 @@ class ObjectIdentifier implements Serializable
} }
pack[i] |= 0x80; pack[i] |= 0x80;
} }
System.arraycopy(pack, firstNonZero, out, ooffset, pack.length-firstNonZero); System.arraycopy(pack, firstNonZero,
out, ooffset, pack.length-firstNonZero);
return pack.length-firstNonZero; return pack.length-firstNonZero;
} }
@ -561,7 +548,8 @@ class ObjectIdentifier implements Serializable
* @param ooffset the starting position to paste * @param ooffset the starting position to paste
* @return the number of bytes pasted * @return the number of bytes pasted
*/ */
private static int pack8(byte[] in, int ioffset, int ilength, byte[] out, int ooffset) { private static int pack8(byte[] in,
int ioffset, int ilength, byte[] out, int ooffset) {
byte[] pack = pack(in, ioffset, ilength, 7, 8); byte[] pack = pack(in, ioffset, ilength, 7, 8);
int firstNonZero = pack.length-1; // paste at least one byte int firstNonZero = pack.length-1; // paste at least one byte
for (int i=pack.length-2; i>=0; i--) { for (int i=pack.length-2; i>=0; i--) {
@ -569,7 +557,8 @@ class ObjectIdentifier implements Serializable
firstNonZero = i; firstNonZero = i;
} }
} }
System.arraycopy(pack, firstNonZero, out, ooffset, pack.length-firstNonZero); System.arraycopy(pack, firstNonZero,
out, ooffset, pack.length-firstNonZero);
return pack.length-firstNonZero; return pack.length-firstNonZero;
} }
@ -621,31 +610,39 @@ class ObjectIdentifier implements Serializable
} }
} }
} }
private static void checkCount(int count) throws IOException { private static void checkCount(int count) throws IOException {
if (count < 2) { if (count < 2) {
throw new IOException("ObjectIdentifier() -- " + throw new IOException("ObjectIdentifier() -- " +
"Must be at least two oid components "); "Must be at least two oid components ");
} }
} }
private static void checkFirstComponent(int first) throws IOException { private static void checkFirstComponent(int first) throws IOException {
if (first < 0 || first > 2) { if (first < 0 || first > 2) {
throw new IOException("ObjectIdentifier() -- " + throw new IOException("ObjectIdentifier() -- " +
"First oid component is invalid "); "First oid component is invalid ");
} }
} }
private static void checkFirstComponent(BigInteger first) throws IOException {
private static void checkFirstComponent(
BigInteger first) throws IOException {
if (first.signum() == -1 || first.compareTo(BigInteger.TWO) > 0) { if (first.signum() == -1 || first.compareTo(BigInteger.TWO) > 0) {
throw new IOException("ObjectIdentifier() -- " + throw new IOException("ObjectIdentifier() -- " +
"First oid component is invalid "); "First oid component is invalid ");
} }
} }
private static void checkSecondComponent(int first, int second) throws IOException {
private static void checkSecondComponent(
int first, int second) throws IOException {
if (second < 0 || first != 2 && second > 39) { if (second < 0 || first != 2 && second > 39) {
throw new IOException("ObjectIdentifier() -- " + throw new IOException("ObjectIdentifier() -- " +
"Second oid component is invalid "); "Second oid component is invalid ");
} }
} }
private static void checkSecondComponent(int first, BigInteger second) throws IOException {
private static void checkSecondComponent(
int first, BigInteger second) throws IOException {
if (second.signum() == -1 || if (second.signum() == -1 ||
first != 2 && first != 2 &&
second.compareTo(BigInteger.valueOf(39)) == 1) { second.compareTo(BigInteger.valueOf(39)) == 1) {
@ -653,13 +650,16 @@ class ObjectIdentifier implements Serializable
"Second oid component is invalid "); "Second oid component is invalid ");
} }
} }
private static void checkOtherComponent(int i, int num) throws IOException { private static void checkOtherComponent(int i, int num) throws IOException {
if (num < 0) { if (num < 0) {
throw new IOException("ObjectIdentifier() -- " + throw new IOException("ObjectIdentifier() -- " +
"oid component #" + (i+1) + " must be non-negative "); "oid component #" + (i+1) + " must be non-negative ");
} }
} }
private static void checkOtherComponent(int i, BigInteger num) throws IOException {
private static void checkOtherComponent(
int i, BigInteger num) throws IOException {
if (num.signum() == -1) { if (num.signum() == -1) {
throw new IOException("ObjectIdentifier() -- " + throw new IOException("ObjectIdentifier() -- " +
"oid component #" + (i+1) + " must be non-negative "); "oid component #" + (i+1) + " must be non-negative ");

10
src/java.base/share/classes/sun/security/x509/AccessDescription.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -42,16 +42,16 @@ public final class AccessDescription {
private GeneralName accessLocation; private GeneralName accessLocation;
public static final ObjectIdentifier Ad_OCSP_Id = public static final ObjectIdentifier Ad_OCSP_Id =
ObjectIdentifier.newInternal(new int[] {1, 3, 6, 1, 5, 5, 7, 48, 1}); ObjectIdentifier.of("1.3.6.1.5.5.7.48.1");
public static final ObjectIdentifier Ad_CAISSUERS_Id = public static final ObjectIdentifier Ad_CAISSUERS_Id =
ObjectIdentifier.newInternal(new int[] {1, 3, 6, 1, 5, 5, 7, 48, 2}); ObjectIdentifier.of("1.3.6.1.5.5.7.48.2");
public static final ObjectIdentifier Ad_TIMESTAMPING_Id = public static final ObjectIdentifier Ad_TIMESTAMPING_Id =
ObjectIdentifier.newInternal(new int[] {1, 3, 6, 1, 5, 5, 7, 48, 3}); ObjectIdentifier.of("1.3.6.1.5.5.7.48.3");
public static final ObjectIdentifier Ad_CAREPOSITORY_Id = public static final ObjectIdentifier Ad_CAREPOSITORY_Id =
ObjectIdentifier.newInternal(new int[] {1, 3, 6, 1, 5, 5, 7, 48, 5}); ObjectIdentifier.of("1.3.6.1.5.5.7.48.5");
public AccessDescription(ObjectIdentifier accessMethod, GeneralName accessLocation) { public AccessDescription(ObjectIdentifier accessMethod, GeneralName accessLocation) {
this.accessMethod = accessMethod; this.accessMethod = accessMethod;

262
src/java.base/share/classes/sun/security/x509/AlgorithmId.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -591,10 +591,6 @@ public class AlgorithmId implements Serializable, DerEncoder {
return oidTable().get(name.toUpperCase(Locale.ENGLISH)); return oidTable().get(name.toUpperCase(Locale.ENGLISH));
} }
private static ObjectIdentifier oid(int ... values) {
return ObjectIdentifier.newInternal(values);
}
private static volatile Map<String,ObjectIdentifier> oidTable; private static volatile Map<String,ObjectIdentifier> oidTable;
private static final Map<ObjectIdentifier,String> nameTable; private static final Map<ObjectIdentifier,String> nameTable;
@ -654,14 +650,14 @@ public class AlgorithmId implements Serializable, DerEncoder {
* OID = 1.2.840.113549.2.2 * OID = 1.2.840.113549.2.2
*/ */
public static final ObjectIdentifier MD2_oid = public static final ObjectIdentifier MD2_oid =
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 2}); ObjectIdentifier.of("1.2.840.113549.2.2");
/** /**
* Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321. * Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321.
* OID = 1.2.840.113549.2.5 * OID = 1.2.840.113549.2.5
*/ */
public static final ObjectIdentifier MD5_oid = public static final ObjectIdentifier MD5_oid =
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 5}); ObjectIdentifier.of("1.2.840.113549.2.5");
/** /**
* Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1. * Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1.
@ -670,142 +666,29 @@ public class AlgorithmId implements Serializable, DerEncoder {
* OID = 1.3.14.3.2.26. Old SHA-0 OID: 1.3.14.3.2.18. * OID = 1.3.14.3.2.26. Old SHA-0 OID: 1.3.14.3.2.18.
*/ */
public static final ObjectIdentifier SHA_oid = public static final ObjectIdentifier SHA_oid =
ObjectIdentifier.newInternal(new int[] {1, 3, 14, 3, 2, 26}); ObjectIdentifier.of("1.3.14.3.2.26");
public static final ObjectIdentifier SHA224_oid = public static final ObjectIdentifier SHA224_oid =
ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 4}); ObjectIdentifier.of("2.16.840.1.101.3.4.2.4");
public static final ObjectIdentifier SHA256_oid = public static final ObjectIdentifier SHA256_oid =
ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 1}); ObjectIdentifier.of("2.16.840.1.101.3.4.2.1");
public static final ObjectIdentifier SHA384_oid = public static final ObjectIdentifier SHA384_oid =
ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 2}); ObjectIdentifier.of("2.16.840.1.101.3.4.2.2");
public static final ObjectIdentifier SHA512_oid = public static final ObjectIdentifier SHA512_oid =
ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 3}); ObjectIdentifier.of("2.16.840.1.101.3.4.2.3");
public static final ObjectIdentifier SHA512_224_oid = public static final ObjectIdentifier SHA512_224_oid =
ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 5}); ObjectIdentifier.of("2.16.840.1.101.3.4.2.5");
public static final ObjectIdentifier SHA512_256_oid = public static final ObjectIdentifier SHA512_256_oid =
ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 6}); ObjectIdentifier.of("2.16.840.1.101.3.4.2.6");
/* /*
* COMMON PUBLIC KEY TYPES * COMMON PUBLIC KEY TYPES
*/ */
private static final int[] DH_data = { 1, 2, 840, 113549, 1, 3, 1 };
private static final int[] DH_PKIX_data = { 1, 2, 840, 10046, 2, 1 };
private static final int[] DSA_OIW_data = { 1, 3, 14, 3, 2, 12 };
private static final int[] DSA_PKIX_data = { 1, 2, 840, 10040, 4, 1 };
private static final int[] RSA_data = { 2, 5, 8, 1, 1 };
public static final ObjectIdentifier DH_oid;
public static final ObjectIdentifier DH_PKIX_oid;
public static final ObjectIdentifier DSA_oid;
public static final ObjectIdentifier DSA_OIW_oid;
public static final ObjectIdentifier EC_oid = oid(1, 2, 840, 10045, 2, 1);
public static final ObjectIdentifier ECDH_oid = oid(1, 3, 132, 1, 12);
public static final ObjectIdentifier RSA_oid;
public static final ObjectIdentifier RSAEncryption_oid =
oid(1, 2, 840, 113549, 1, 1, 1);
public static final ObjectIdentifier RSAES_OAEP_oid =
oid(1, 2, 840, 113549, 1, 1, 7);
public static final ObjectIdentifier mgf1_oid =
oid(1, 2, 840, 113549, 1, 1, 8);
public static final ObjectIdentifier RSASSA_PSS_oid =
oid(1, 2, 840, 113549, 1, 1, 10);
/*
* COMMON SECRET KEY TYPES
*/
public static final ObjectIdentifier AES_oid =
oid(2, 16, 840, 1, 101, 3, 4, 1);
/*
* COMMON SIGNATURE ALGORITHMS
*/
private static final int[] md2WithRSAEncryption_data =
{ 1, 2, 840, 113549, 1, 1, 2 };
private static final int[] md5WithRSAEncryption_data =
{ 1, 2, 840, 113549, 1, 1, 4 };
private static final int[] sha1WithRSAEncryption_data =
{ 1, 2, 840, 113549, 1, 1, 5 };
private static final int[] sha1WithRSAEncryption_OIW_data =
{ 1, 3, 14, 3, 2, 29 };
private static final int[] sha224WithRSAEncryption_data =
{ 1, 2, 840, 113549, 1, 1, 14 };
private static final int[] sha256WithRSAEncryption_data =
{ 1, 2, 840, 113549, 1, 1, 11 };
private static final int[] sha384WithRSAEncryption_data =
{ 1, 2, 840, 113549, 1, 1, 12 };
private static final int[] sha512WithRSAEncryption_data =
{ 1, 2, 840, 113549, 1, 1, 13 };
private static final int[] shaWithDSA_OIW_data =
{ 1, 3, 14, 3, 2, 13 };
private static final int[] sha1WithDSA_OIW_data =
{ 1, 3, 14, 3, 2, 27 };
private static final int[] dsaWithSHA1_PKIX_data =
{ 1, 2, 840, 10040, 4, 3 };
public static final ObjectIdentifier md2WithRSAEncryption_oid;
public static final ObjectIdentifier md5WithRSAEncryption_oid;
public static final ObjectIdentifier sha1WithRSAEncryption_oid;
public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid;
public static final ObjectIdentifier sha224WithRSAEncryption_oid;
public static final ObjectIdentifier sha256WithRSAEncryption_oid;
public static final ObjectIdentifier sha384WithRSAEncryption_oid;
public static final ObjectIdentifier sha512WithRSAEncryption_oid;
public static final ObjectIdentifier sha512_224WithRSAEncryption_oid =
oid(1, 2, 840, 113549, 1, 1, 15);
public static final ObjectIdentifier sha512_256WithRSAEncryption_oid =
oid(1, 2, 840, 113549, 1, 1, 16);;
public static final ObjectIdentifier shaWithDSA_OIW_oid;
public static final ObjectIdentifier sha1WithDSA_OIW_oid;
public static final ObjectIdentifier sha1WithDSA_oid;
public static final ObjectIdentifier sha224WithDSA_oid =
oid(2, 16, 840, 1, 101, 3, 4, 3, 1);
public static final ObjectIdentifier sha256WithDSA_oid =
oid(2, 16, 840, 1, 101, 3, 4, 3, 2);
public static final ObjectIdentifier sha1WithECDSA_oid =
oid(1, 2, 840, 10045, 4, 1);
public static final ObjectIdentifier sha224WithECDSA_oid =
oid(1, 2, 840, 10045, 4, 3, 1);
public static final ObjectIdentifier sha256WithECDSA_oid =
oid(1, 2, 840, 10045, 4, 3, 2);
public static final ObjectIdentifier sha384WithECDSA_oid =
oid(1, 2, 840, 10045, 4, 3, 3);
public static final ObjectIdentifier sha512WithECDSA_oid =
oid(1, 2, 840, 10045, 4, 3, 4);
public static final ObjectIdentifier specifiedWithECDSA_oid =
oid(1, 2, 840, 10045, 4, 3);
/**
* Algorithm ID for the PBE encryption algorithms from PKCS#5 and
* PKCS#12.
*/
public static final ObjectIdentifier pbeWithMD5AndDES_oid =
ObjectIdentifier.newInternal(new int[]{1, 2, 840, 113549, 1, 5, 3});
public static final ObjectIdentifier pbeWithMD5AndRC2_oid =
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 6});
public static final ObjectIdentifier pbeWithSHA1AndDES_oid =
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 10});
public static final ObjectIdentifier pbeWithSHA1AndRC2_oid =
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 11});
public static ObjectIdentifier pbeWithSHA1AndRC4_128_oid =
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 1});
public static ObjectIdentifier pbeWithSHA1AndRC4_40_oid =
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 2});
public static ObjectIdentifier pbeWithSHA1AndDESede_oid =
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 3});
public static ObjectIdentifier pbeWithSHA1AndRC2_128_oid =
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 5});
public static ObjectIdentifier pbeWithSHA1AndRC2_40_oid =
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 6});
static {
/* /*
* Note the preferred OIDs are named simply with no "OIW" or * Note the preferred OIDs are named simply with no "OIW" or
* "PKIX" in them, even though they may point to data from these * "PKIX" in them, even though they may point to data from these
@ -819,14 +702,16 @@ public class AlgorithmId implements Serializable, DerEncoder {
* certificate. * certificate.
* OID = 1.2.840.113549.1.3.1 * OID = 1.2.840.113549.1.3.1
*/ */
DH_oid = ObjectIdentifier.newInternal(DH_data); public static final ObjectIdentifier DH_oid =
ObjectIdentifier.of("1.2.840.113549.1.3.1");
/** /**
* Algorithm ID for the Diffie Hellman Key Agreement (DH), from RFC 3279. * Algorithm ID for the Diffie Hellman Key Agreement (DH), from RFC 3279.
* Parameters may include public values P and G. * Parameters may include public values P and G.
* OID = 1.2.840.10046.2.1 * OID = 1.2.840.10046.2.1
*/ */
DH_PKIX_oid = ObjectIdentifier.newInternal(DH_PKIX_data); public static final ObjectIdentifier DH_PKIX_oid =
ObjectIdentifier.of("1.2.840.10046.2.1");
/** /**
* Algorithm ID for the Digital Signing Algorithm (DSA), from the * Algorithm ID for the Digital Signing Algorithm (DSA), from the
@ -836,7 +721,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
* another source such as a Certificate Authority's certificate. * another source such as a Certificate Authority's certificate.
* OID = 1.3.14.3.2.12 * OID = 1.3.14.3.2.12
*/ */
DSA_OIW_oid = ObjectIdentifier.newInternal(DSA_OIW_data); public static final ObjectIdentifier DSA_OIW_oid =
ObjectIdentifier.of("1.3.14.3.2.12");
/** /**
* Algorithm ID for the Digital Signing Algorithm (DSA), from RFC 3279. * Algorithm ID for the Digital Signing Algorithm (DSA), from RFC 3279.
@ -845,7 +731,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
* certificate. * certificate.
* OID = 1.2.840.10040.4.1 * OID = 1.2.840.10040.4.1
*/ */
DSA_oid = ObjectIdentifier.newInternal(DSA_PKIX_data); public static final ObjectIdentifier DSA_oid =
ObjectIdentifier.of("1.2.840.10040.4.1");
/** /**
* Algorithm ID for RSA keys used for any purpose, as defined in X.509. * Algorithm ID for RSA keys used for any purpose, as defined in X.509.
@ -853,72 +740,95 @@ public class AlgorithmId implements Serializable, DerEncoder {
* public modulus. * public modulus.
* OID = 2.5.8.1.1 * OID = 2.5.8.1.1
*/ */
RSA_oid = ObjectIdentifier.newInternal(RSA_data); public static final ObjectIdentifier RSA_oid =
ObjectIdentifier.of("2.5.8.1.1");
public static final ObjectIdentifier EC_oid =
ObjectIdentifier.of("1.2.840.10045.2.1");
public static final ObjectIdentifier ECDH_oid =
ObjectIdentifier.of("1.3.132.1.12");
public static final ObjectIdentifier RSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.1");
public static final ObjectIdentifier RSAES_OAEP_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.7");
public static final ObjectIdentifier mgf1_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.8");
public static final ObjectIdentifier RSASSA_PSS_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.10");
/*
* COMMON SECRET KEY TYPES
*/
public static final ObjectIdentifier AES_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.1");
/*
* COMMON SIGNATURE ALGORITHMS
*/
/** /**
* Identifies a signing algorithm where an MD2 digest is encrypted * Identifies a signing algorithm where an MD2 digest is encrypted
* using an RSA private key; defined in PKCS #1. Use of this * using an RSA private key; defined in PKCS #1. Use of this
* signing algorithm is discouraged due to MD2 vulnerabilities. * signing algorithm is discouraged due to MD2 vulnerabilities.
* OID = 1.2.840.113549.1.1.2 * OID = 1.2.840.113549.1.1.2
*/ */
md2WithRSAEncryption_oid = public static final ObjectIdentifier md2WithRSAEncryption_oid =
ObjectIdentifier.newInternal(md2WithRSAEncryption_data); ObjectIdentifier.of("1.2.840.113549.1.1.2");
/** /**
* Identifies a signing algorithm where an MD5 digest is * Identifies a signing algorithm where an MD5 digest is
* encrypted using an RSA private key; defined in PKCS #1. * encrypted using an RSA private key; defined in PKCS #1.
* OID = 1.2.840.113549.1.1.4 * OID = 1.2.840.113549.1.1.4
*/ */
md5WithRSAEncryption_oid = public static final ObjectIdentifier md5WithRSAEncryption_oid =
ObjectIdentifier.newInternal(md5WithRSAEncryption_data); ObjectIdentifier.of("1.2.840.113549.1.1.4");
/** /**
* Identifies a signing algorithm where a SHA1 digest is * Identifies a signing algorithm where a SHA1 digest is
* encrypted using an RSA private key; defined by RSA DSI. * encrypted using an RSA private key; defined by RSA DSI.
* OID = 1.2.840.113549.1.1.5 * OID = 1.2.840.113549.1.1.5
*/ */
sha1WithRSAEncryption_oid = public static final ObjectIdentifier sha1WithRSAEncryption_oid =
ObjectIdentifier.newInternal(sha1WithRSAEncryption_data); ObjectIdentifier.of("1.2.840.113549.1.1.5");
/** /**
* Identifies a signing algorithm where a SHA1 digest is * Identifies a signing algorithm where a SHA1 digest is
* encrypted using an RSA private key; defined in NIST OIW. * encrypted using an RSA private key; defined in NIST OIW.
* OID = 1.3.14.3.2.29 * OID = 1.3.14.3.2.29
*/ */
sha1WithRSAEncryption_OIW_oid = public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid =
ObjectIdentifier.newInternal(sha1WithRSAEncryption_OIW_data); ObjectIdentifier.of("1.3.14.3.2.29");
/** /**
* Identifies a signing algorithm where a SHA224 digest is * Identifies a signing algorithm where a SHA224 digest is
* encrypted using an RSA private key; defined by PKCS #1. * encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.14 * OID = 1.2.840.113549.1.1.14
*/ */
sha224WithRSAEncryption_oid = public static final ObjectIdentifier sha224WithRSAEncryption_oid =
ObjectIdentifier.newInternal(sha224WithRSAEncryption_data); ObjectIdentifier.of("1.2.840.113549.1.1.14");
/** /**
* Identifies a signing algorithm where a SHA256 digest is * Identifies a signing algorithm where a SHA256 digest is
* encrypted using an RSA private key; defined by PKCS #1. * encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.11 * OID = 1.2.840.113549.1.1.11
*/ */
sha256WithRSAEncryption_oid = public static final ObjectIdentifier sha256WithRSAEncryption_oid =
ObjectIdentifier.newInternal(sha256WithRSAEncryption_data); ObjectIdentifier.of("1.2.840.113549.1.1.11");
/** /**
* Identifies a signing algorithm where a SHA384 digest is * Identifies a signing algorithm where a SHA384 digest is
* encrypted using an RSA private key; defined by PKCS #1. * encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.12 * OID = 1.2.840.113549.1.1.12
*/ */
sha384WithRSAEncryption_oid = public static final ObjectIdentifier sha384WithRSAEncryption_oid =
ObjectIdentifier.newInternal(sha384WithRSAEncryption_data); ObjectIdentifier.of("1.2.840.113549.1.1.12");
/** /**
* Identifies a signing algorithm where a SHA512 digest is * Identifies a signing algorithm where a SHA512 digest is
* encrypted using an RSA private key; defined by PKCS #1. * encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.13 * OID = 1.2.840.113549.1.1.13
*/ */
sha512WithRSAEncryption_oid = public static final ObjectIdentifier sha512WithRSAEncryption_oid =
ObjectIdentifier.newInternal(sha512WithRSAEncryption_data); ObjectIdentifier.of("1.2.840.113549.1.1.13");
/** /**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
@ -926,22 +836,72 @@ public class AlgorithmId implements Serializable, DerEncoder {
* This should not be used. * This should not be used.
* OID = 1.3.14.3.2.13 * OID = 1.3.14.3.2.13
*/ */
shaWithDSA_OIW_oid = ObjectIdentifier.newInternal(shaWithDSA_OIW_data); public static final ObjectIdentifier shaWithDSA_OIW_oid =
ObjectIdentifier.of("1.3.14.3.2.13");
/** /**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
* SHA1 digest is signed using the Digital Signing Algorithm (DSA). * SHA1 digest is signed using the Digital Signing Algorithm (DSA).
* OID = 1.3.14.3.2.27 * OID = 1.3.14.3.2.27
*/ */
sha1WithDSA_OIW_oid = ObjectIdentifier.newInternal(sha1WithDSA_OIW_data); public static final ObjectIdentifier sha1WithDSA_OIW_oid =
ObjectIdentifier.of("1.3.14.3.2.27");
/** /**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
* SHA1 digest is signed using the Digital Signing Algorithm (DSA). * SHA1 digest is signed using the Digital Signing Algorithm (DSA).
* OID = 1.2.840.10040.4.3 * OID = 1.2.840.10040.4.3
*/ */
sha1WithDSA_oid = ObjectIdentifier.newInternal(dsaWithSHA1_PKIX_data); public static final ObjectIdentifier sha1WithDSA_oid =
ObjectIdentifier.of("1.2.840.10040.4.3");
public static final ObjectIdentifier sha512_224WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.15");
public static final ObjectIdentifier sha512_256WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.16");
public static final ObjectIdentifier sha224WithDSA_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.3.1");
public static final ObjectIdentifier sha256WithDSA_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.3.2");
public static final ObjectIdentifier sha1WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.1");
public static final ObjectIdentifier sha224WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3.1");
public static final ObjectIdentifier sha256WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3.2");
public static final ObjectIdentifier sha384WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3.3");
public static final ObjectIdentifier sha512WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3.4");
public static final ObjectIdentifier specifiedWithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3");
/**
* Algorithm ID for the PBE encryption algorithms from PKCS#5 and
* PKCS#12.
*/
public static final ObjectIdentifier pbeWithMD5AndDES_oid =
ObjectIdentifier.of("1.2.840.113549.1.5.3");
public static final ObjectIdentifier pbeWithMD5AndRC2_oid =
ObjectIdentifier.of("1.2.840.113549.1.5.6");
public static final ObjectIdentifier pbeWithSHA1AndDES_oid =
ObjectIdentifier.of("1.2.840.113549.1.5.10");
public static final ObjectIdentifier pbeWithSHA1AndRC2_oid =
ObjectIdentifier.of("1.2.840.113549.1.5.11");
public static final ObjectIdentifier pbeWithSHA1AndRC4_128_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.1");
public static final ObjectIdentifier pbeWithSHA1AndRC4_40_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.2");
public static final ObjectIdentifier pbeWithSHA1AndDESede_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.3");
public static final ObjectIdentifier pbeWithSHA1AndRC2_128_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.5");
public static final ObjectIdentifier pbeWithSHA1AndRC2_40_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.6");
static {
nameTable = new HashMap<>(); nameTable = new HashMap<>();
nameTable.put(MD5_oid, "MD5"); nameTable.put(MD5_oid, "MD5");
nameTable.put(MD2_oid, "MD2"); nameTable.put(MD2_oid, "MD2");

35
src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -97,30 +97,19 @@ implements CertAttrSet<String> {
// OID defined in RFC 5280 Sections 4.2.1.12 // OID defined in RFC 5280 Sections 4.2.1.12
// more from http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.html // more from http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.html
private static final Map <ObjectIdentifier, String> map = private static final Map <ObjectIdentifier, String> map =
new HashMap <ObjectIdentifier, String> (); new HashMap<ObjectIdentifier, String>();
private static final int[] anyExtendedKeyUsageOidData = {2, 5, 29, 37, 0};
private static final int[] serverAuthOidData = {1, 3, 6, 1, 5, 5, 7, 3, 1};
private static final int[] clientAuthOidData = {1, 3, 6, 1, 5, 5, 7, 3, 2};
private static final int[] codeSigningOidData = {1, 3, 6, 1, 5, 5, 7, 3, 3};
private static final int[] emailProtectionOidData = {1, 3, 6, 1, 5, 5, 7, 3, 4};
private static final int[] ipsecEndSystemOidData = {1, 3, 6, 1, 5, 5, 7, 3, 5};
private static final int[] ipsecTunnelOidData = {1, 3, 6, 1, 5, 5, 7, 3, 6};
private static final int[] ipsecUserOidData = {1, 3, 6, 1, 5, 5, 7, 3, 7};
private static final int[] timeStampingOidData = {1, 3, 6, 1, 5, 5, 7, 3, 8};
private static final int[] OCSPSigningOidData = {1, 3, 6, 1, 5, 5, 7, 3, 9};
static { static {
map.put(ObjectIdentifier.newInternal(anyExtendedKeyUsageOidData), "anyExtendedKeyUsage"); map.put(ObjectIdentifier.of("2.5.29.37.0"), "anyExtendedKeyUsage");
map.put(ObjectIdentifier.newInternal(serverAuthOidData), "serverAuth"); map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.1"), "serverAuth");
map.put(ObjectIdentifier.newInternal(clientAuthOidData), "clientAuth"); map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.2"), "clientAuth");
map.put(ObjectIdentifier.newInternal(codeSigningOidData), "codeSigning"); map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.3"), "codeSigning");
map.put(ObjectIdentifier.newInternal(emailProtectionOidData), "emailProtection"); map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.4"), "emailProtection");
map.put(ObjectIdentifier.newInternal(ipsecEndSystemOidData), "ipsecEndSystem"); map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.5"), "ipsecEndSystem");
map.put(ObjectIdentifier.newInternal(ipsecTunnelOidData), "ipsecTunnel"); map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.6"), "ipsecTunnel");
map.put(ObjectIdentifier.newInternal(ipsecUserOidData), "ipsecUser"); map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.7"), "ipsecUser");
map.put(ObjectIdentifier.newInternal(timeStampingOidData), "timeStamping"); map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.8"), "timeStamping");
map.put(ObjectIdentifier.newInternal(OCSPSigningOidData), "OCSPSigning"); map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.9"), "OCSPSigning");
}; };
/** /**

5
src/java.base/share/classes/sun/security/x509/GeneralSubtrees.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -270,8 +270,7 @@ public class GeneralSubtrees implements Cloneable {
newName = new GeneralName(new IPAddressName((byte[])null)); newName = new GeneralName(new IPAddressName((byte[])null));
break; break;
case GeneralNameInterface.NAME_OID: case GeneralNameInterface.NAME_OID:
newName = new GeneralName newName = new GeneralName(new OIDName(""));
(new OIDName(new ObjectIdentifier((int[])null)));
break; break;
default: default:
throw new IOException throw new IOException

12
src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -75,14 +75,8 @@ implements CertAttrSet<String> {
/** /**
* Object identifier for "any-policy" * Object identifier for "any-policy"
*/ */
public static ObjectIdentifier AnyPolicy_Id; public static ObjectIdentifier AnyPolicy_Id =
static { ObjectIdentifier.of("2.5.29.32.0");
try {
AnyPolicy_Id = new ObjectIdentifier("2.5.29.32.0");
} catch (IOException ioe) {
// Should not happen
}
}
/** /**
* Attribute names. * Attribute names.

15
src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -69,20 +69,11 @@ implements CertAttrSet<String> {
public static final String S_MIME_CA = "s_mime_ca"; public static final String S_MIME_CA = "s_mime_ca";
public static final String OBJECT_SIGNING_CA = "object_signing_ca"; public static final String OBJECT_SIGNING_CA = "object_signing_ca";
private static final int[] CertType_data = { 2, 16, 840, 1, 113730, 1, 1 };
/** /**
* Object identifier for the Netscape-Cert-Type extension. * Object identifier for the Netscape-Cert-Type extension.
*/ */
public static ObjectIdentifier NetscapeCertType_Id; public static ObjectIdentifier NetscapeCertType_Id =
ObjectIdentifier.of("2.16.840.1.113730.1.1");
static {
try {
NetscapeCertType_Id = new ObjectIdentifier(CertType_data);
} catch (IOException ioe) {
// should not happen
}
}
private boolean[] bitString; private boolean[] bitString;

9
src/java.base/share/classes/sun/security/x509/OIDMap.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -102,9 +102,6 @@ public class OIDMap {
private static final String OCSPNOCHECK = ROOT + "." + private static final String OCSPNOCHECK = ROOT + "." +
OCSPNoCheckExtension.NAME; OCSPNoCheckExtension.NAME;
private static final int[] NetscapeCertType_data =
{ 2, 16, 840, 1, 113730, 1, 1 };
/** Map ObjectIdentifier(oid) -> OIDInfo(info) */ /** Map ObjectIdentifier(oid) -> OIDInfo(info) */
private static final Map<ObjectIdentifier,OIDInfo> oidMap; private static final Map<ObjectIdentifier,OIDInfo> oidMap;
@ -138,8 +135,8 @@ public class OIDMap {
"sun.security.x509.AuthorityKeyIdentifierExtension"); "sun.security.x509.AuthorityKeyIdentifierExtension");
addInternal(POLICY_CONSTRAINTS, PKIXExtensions.PolicyConstraints_Id, addInternal(POLICY_CONSTRAINTS, PKIXExtensions.PolicyConstraints_Id,
"sun.security.x509.PolicyConstraintsExtension"); "sun.security.x509.PolicyConstraintsExtension");
addInternal(NETSCAPE_CERT, ObjectIdentifier.newInternal addInternal(NETSCAPE_CERT,
(new int[] {2,16,840,1,113730,1,1}), ObjectIdentifier.of("2.16.840.1.113730.1.1"),
"sun.security.x509.NetscapeCertTypeExtension"); "sun.security.x509.NetscapeCertTypeExtension");
addInternal(CERT_POLICIES, PKIXExtensions.CertificatePolicies_Id, addInternal(CERT_POLICIES, PKIXExtensions.CertificatePolicies_Id,
"sun.security.x509.CertificatePoliciesExtension"); "sun.security.x509.CertificatePoliciesExtension");

163
src/java.base/share/classes/sun/security/x509/PKIXExtensions.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -25,7 +25,6 @@
package sun.security.x509; package sun.security.x509;
import java.io.*;
import sun.security.util.*; import sun.security.util.*;
@ -48,163 +47,151 @@ import sun.security.util.*;
* @author Hemma Prafullchandra * @author Hemma Prafullchandra
*/ */
public class PKIXExtensions { public class PKIXExtensions {
// The object identifiers
private static final int[] AuthorityKey_data = { 2, 5, 29, 35 };
private static final int[] SubjectKey_data = { 2, 5, 29, 14 };
private static final int[] KeyUsage_data = { 2, 5, 29, 15 };
private static final int[] PrivateKeyUsage_data = { 2, 5, 29, 16 };
private static final int[] CertificatePolicies_data = { 2, 5, 29, 32 };
private static final int[] PolicyMappings_data = { 2, 5, 29, 33 };
private static final int[] SubjectAlternativeName_data = { 2, 5, 29, 17 };
private static final int[] IssuerAlternativeName_data = { 2, 5, 29, 18 };
private static final int[] SubjectDirectoryAttributes_data = { 2, 5, 29, 9 };
private static final int[] BasicConstraints_data = { 2, 5, 29, 19 };
private static final int[] NameConstraints_data = { 2, 5, 29, 30 };
private static final int[] PolicyConstraints_data = { 2, 5, 29, 36 };
private static final int[] CRLDistributionPoints_data = { 2, 5, 29, 31 };
private static final int[] CRLNumber_data = { 2, 5, 29, 20 };
private static final int[] IssuingDistributionPoint_data = { 2, 5, 29, 28 };
private static final int[] DeltaCRLIndicator_data = { 2, 5, 29, 27 };
private static final int[] ReasonCode_data = { 2, 5, 29, 21 };
private static final int[] HoldInstructionCode_data = { 2, 5, 29, 23 };
private static final int[] InvalidityDate_data = { 2, 5, 29, 24 };
private static final int[] ExtendedKeyUsage_data = { 2, 5, 29, 37 };
private static final int[] InhibitAnyPolicy_data = { 2, 5, 29, 54 };
private static final int[] CertificateIssuer_data = { 2, 5, 29, 29 };
private static final int[] AuthInfoAccess_data = { 1, 3, 6, 1, 5, 5, 7, 1, 1};
private static final int[] SubjectInfoAccess_data = { 1, 3, 6, 1, 5, 5, 7, 1, 11};
private static final int[] FreshestCRL_data = { 2, 5, 29, 46 };
private static final int[] OCSPNoCheck_data = { 1, 3, 6, 1, 5, 5, 7,
48, 1, 5};
// Additional extensions under the PKIX arc that are not necessarily
// used in X.509 Certificates or CRLs.
private static final int OCSPNonce_data [] = { 1, 3, 6, 1, 5, 5, 7,
48, 1, 2};
/** /**
* Identifies the particular public key used to sign the certificate. * Identifies the particular public key used to sign the certificate.
*/ */
public static final ObjectIdentifier AuthorityKey_Id; public static final ObjectIdentifier AuthorityKey_Id =
ObjectIdentifier.of("2.5.29.35");
/** /**
* Identifies the particular public key used in an application. * Identifies the particular public key used in an application.
*/ */
public static final ObjectIdentifier SubjectKey_Id; public static final ObjectIdentifier SubjectKey_Id =
ObjectIdentifier.of("2.5.29.14");
/** /**
* Defines the purpose of the key contained in the certificate. * Defines the purpose of the key contained in the certificate.
*/ */
public static final ObjectIdentifier KeyUsage_Id; public static final ObjectIdentifier KeyUsage_Id =
ObjectIdentifier.of("2.5.29.15");
/** /**
* Allows the certificate issuer to specify a different validity period * Allows the certificate issuer to specify a different validity period
* for the private key than the certificate. * for the private key than the certificate.
*/ */
public static final ObjectIdentifier PrivateKeyUsage_Id; public static final ObjectIdentifier PrivateKeyUsage_Id =
ObjectIdentifier.of("2.5.29.16");
/** /**
* Contains the sequence of policy information terms. * Contains the sequence of policy information terms.
*/ */
public static final ObjectIdentifier CertificatePolicies_Id; public static final ObjectIdentifier CertificatePolicies_Id =
ObjectIdentifier.of("2.5.29.32");
/** /**
* Lists pairs of object identifiers of policies considered equivalent by * Lists pairs of object identifiers of policies considered equivalent by
* the issuing CA to the subject CA. * the issuing CA to the subject CA.
*/ */
public static final ObjectIdentifier PolicyMappings_Id; public static final ObjectIdentifier PolicyMappings_Id =
ObjectIdentifier.of("2.5.29.33");
/** /**
* Allows additional identities to be bound to the subject of the * Allows additional identities to be bound to the subject of the
* certificate. * certificate.
*/ */
public static final ObjectIdentifier SubjectAlternativeName_Id; public static final ObjectIdentifier SubjectAlternativeName_Id =
ObjectIdentifier.of("2.5.29.17");
/** /**
* Allows additional identities to be associated with the certificate * Allows additional identities to be associated with the certificate
* issuer. * issuer.
*/ */
public static final ObjectIdentifier IssuerAlternativeName_Id; public static final ObjectIdentifier IssuerAlternativeName_Id =
ObjectIdentifier.of("2.5.29.18");
/** /**
* Identifies additional directory attributes. * Identifies additional directory attributes.
* This extension is always non-critical. * This extension is always non-critical.
*/ */
public static final ObjectIdentifier SubjectDirectoryAttributes_Id; public static final ObjectIdentifier SubjectDirectoryAttributes_Id =
ObjectIdentifier.of("2.5.29.9");
/** /**
* Identifies whether the subject of the certificate is a CA and how deep * Identifies whether the subject of the certificate is a CA and how deep
* a certification path may exist through that CA. * a certification path may exist through that CA.
*/ */
public static final ObjectIdentifier BasicConstraints_Id; public static final ObjectIdentifier BasicConstraints_Id =
ObjectIdentifier.of("2.5.29.19");
/** /**
* Provides for permitted and excluded subtrees that place restrictions * Provides for permitted and excluded subtrees that place restrictions
* on names that may be included within a certificate issued by a given CA. * on names that may be included within a certificate issued by a given CA.
*/ */
public static final ObjectIdentifier NameConstraints_Id; public static final ObjectIdentifier NameConstraints_Id =
ObjectIdentifier.of("2.5.29.30");
/** /**
* Used to either prohibit policy mapping or limit the set of policies * Used to either prohibit policy mapping or limit the set of policies
* that can be in subsequent certificates. * that can be in subsequent certificates.
*/ */
public static final ObjectIdentifier PolicyConstraints_Id; public static final ObjectIdentifier PolicyConstraints_Id =
ObjectIdentifier.of("2.5.29.36");
/** /**
* Identifies how CRL information is obtained. * Identifies how CRL information is obtained.
*/ */
public static final ObjectIdentifier CRLDistributionPoints_Id; public static final ObjectIdentifier CRLDistributionPoints_Id =
ObjectIdentifier.of("2.5.29.31");
/** /**
* Conveys a monotonically increasing sequence number for each CRL * Conveys a monotonically increasing sequence number for each CRL
* issued by a given CA. * issued by a given CA.
*/ */
public static final ObjectIdentifier CRLNumber_Id; public static final ObjectIdentifier CRLNumber_Id =
ObjectIdentifier.of("2.5.29.20");
/** /**
* Identifies the CRL distribution point for a particular CRL. * Identifies the CRL distribution point for a particular CRL.
*/ */
public static final ObjectIdentifier IssuingDistributionPoint_Id; public static final ObjectIdentifier IssuingDistributionPoint_Id =
ObjectIdentifier.of("2.5.29.28");
/** /**
* Identifies the delta CRL. * Identifies the delta CRL.
*/ */
public static final ObjectIdentifier DeltaCRLIndicator_Id; public static final ObjectIdentifier DeltaCRLIndicator_Id =
ObjectIdentifier.of("2.5.29.27");
/** /**
* Identifies the reason for the certificate revocation. * Identifies the reason for the certificate revocation.
*/ */
public static final ObjectIdentifier ReasonCode_Id; public static final ObjectIdentifier ReasonCode_Id =
ObjectIdentifier.of("2.5.29.21");
/** /**
* This extension provides a registered instruction identifier indicating * This extension provides a registered instruction identifier indicating
* the action to be taken, after encountering a certificate that has been * the action to be taken, after encountering a certificate that has been
* placed on hold. * placed on hold.
*/ */
public static final ObjectIdentifier HoldInstructionCode_Id; public static final ObjectIdentifier HoldInstructionCode_Id =
ObjectIdentifier.of("2.5.29.23");
/** /**
* Identifies the date on which it is known or suspected that the private * Identifies the date on which it is known or suspected that the private
* key was compromised or that the certificate otherwise became invalid. * key was compromised or that the certificate otherwise became invalid.
*/ */
public static final ObjectIdentifier InvalidityDate_Id; public static final ObjectIdentifier InvalidityDate_Id =
ObjectIdentifier.of("2.5.29.24");
/** /**
* Identifies one or more purposes for which the certified public key * Identifies one or more purposes for which the certified public key
* may be used, in addition to or in place of the basic purposes * may be used, in addition to or in place of the basic purposes
* indicated in the key usage extension field. * indicated in the key usage extension field.
*/ */
public static final ObjectIdentifier ExtendedKeyUsage_Id; public static final ObjectIdentifier ExtendedKeyUsage_Id =
ObjectIdentifier.of("2.5.29.37");
/** /**
* Specifies whether any-policy policy OID is permitted * Specifies whether any-policy policy OID is permitted
*/ */
public static final ObjectIdentifier InhibitAnyPolicy_Id; public static final ObjectIdentifier InhibitAnyPolicy_Id =
ObjectIdentifier.of("2.5.29.54");
/** /**
* Identifies the certificate issuer associated with an entry in an * Identifies the certificate issuer associated with an entry in an
* indirect CRL. * indirect CRL.
*/ */
public static final ObjectIdentifier CertificateIssuer_Id; public static final ObjectIdentifier CertificateIssuer_Id =
ObjectIdentifier.of("2.5.29.29");
/** /**
* This extension indicates how to access CA information and services for * This extension indicates how to access CA information and services for
@ -212,73 +199,33 @@ public class PKIXExtensions {
* This information may be used for on-line certification validation * This information may be used for on-line certification validation
* services. * services.
*/ */
public static final ObjectIdentifier AuthInfoAccess_Id; public static final ObjectIdentifier AuthInfoAccess_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.1.1");
/** /**
* This extension indicates how to access CA information and services for * This extension indicates how to access CA information and services for
* the subject of the certificate in which the extension appears. * the subject of the certificate in which the extension appears.
*/ */
public static final ObjectIdentifier SubjectInfoAccess_Id; public static final ObjectIdentifier SubjectInfoAccess_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.1.11");
/** /**
* Identifies how delta CRL information is obtained. * Identifies how delta CRL information is obtained.
*/ */
public static final ObjectIdentifier FreshestCRL_Id; public static final ObjectIdentifier FreshestCRL_Id =
ObjectIdentifier.of("2.5.29.46");
/** /**
* Identifies the OCSP client can trust the responder for the * Identifies the OCSP client can trust the responder for the
* lifetime of the responder's certificate. * lifetime of the responder's certificate.
*/ */
public static final ObjectIdentifier OCSPNoCheck_Id; public static final ObjectIdentifier OCSPNoCheck_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.5");
/** /**
* This extension is used to provide nonce data for OCSP requests * This extension is used to provide nonce data for OCSP requests
* or responses. * or responses.
*/ */
public static final ObjectIdentifier OCSPNonce_Id; public static final ObjectIdentifier OCSPNonce_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.2");
static {
AuthorityKey_Id = ObjectIdentifier.newInternal(AuthorityKey_data);
SubjectKey_Id = ObjectIdentifier.newInternal(SubjectKey_data);
KeyUsage_Id = ObjectIdentifier.newInternal(KeyUsage_data);
PrivateKeyUsage_Id = ObjectIdentifier.newInternal(PrivateKeyUsage_data);
CertificatePolicies_Id =
ObjectIdentifier.newInternal(CertificatePolicies_data);
PolicyMappings_Id = ObjectIdentifier.newInternal(PolicyMappings_data);
SubjectAlternativeName_Id =
ObjectIdentifier.newInternal(SubjectAlternativeName_data);
IssuerAlternativeName_Id =
ObjectIdentifier.newInternal(IssuerAlternativeName_data);
ExtendedKeyUsage_Id = ObjectIdentifier.newInternal(ExtendedKeyUsage_data);
InhibitAnyPolicy_Id = ObjectIdentifier.newInternal(InhibitAnyPolicy_data);
SubjectDirectoryAttributes_Id =
ObjectIdentifier.newInternal(SubjectDirectoryAttributes_data);
BasicConstraints_Id =
ObjectIdentifier.newInternal(BasicConstraints_data);
ReasonCode_Id = ObjectIdentifier.newInternal(ReasonCode_data);
HoldInstructionCode_Id =
ObjectIdentifier.newInternal(HoldInstructionCode_data);
InvalidityDate_Id = ObjectIdentifier.newInternal(InvalidityDate_data);
NameConstraints_Id = ObjectIdentifier.newInternal(NameConstraints_data);
PolicyConstraints_Id =
ObjectIdentifier.newInternal(PolicyConstraints_data);
CRLDistributionPoints_Id =
ObjectIdentifier.newInternal(CRLDistributionPoints_data);
CRLNumber_Id =
ObjectIdentifier.newInternal(CRLNumber_data);
IssuingDistributionPoint_Id =
ObjectIdentifier.newInternal(IssuingDistributionPoint_data);
DeltaCRLIndicator_Id =
ObjectIdentifier.newInternal(DeltaCRLIndicator_data);
CertificateIssuer_Id =
ObjectIdentifier.newInternal(CertificateIssuer_data);
AuthInfoAccess_Id =
ObjectIdentifier.newInternal(AuthInfoAccess_data);
SubjectInfoAccess_Id =
ObjectIdentifier.newInternal(SubjectInfoAccess_data);
FreshestCRL_Id = ObjectIdentifier.newInternal(FreshestCRL_data);
OCSPNoCheck_Id = ObjectIdentifier.newInternal(OCSPNoCheck_data);
OCSPNonce_Id = ObjectIdentifier.newInternal(OCSPNonce_data);
}
} }

95
src/java.base/share/classes/sun/security/x509/X500Name.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -1102,104 +1102,83 @@ public class X500Name implements GeneralNameInterface, Principal {
* Includes all those specified in RFC 5280 as MUST or SHOULD * Includes all those specified in RFC 5280 as MUST or SHOULD
* be recognized * be recognized
*/ */
private static final int[] commonName_data = { 2, 5, 4, 3 };
private static final int[] SURNAME_DATA = { 2, 5, 4, 4 };
private static final int[] SERIALNUMBER_DATA = { 2, 5, 4, 5 };
private static final int[] countryName_data = { 2, 5, 4, 6 };
private static final int[] localityName_data = { 2, 5, 4, 7 };
private static final int[] stateName_data = { 2, 5, 4, 8 };
private static final int[] streetAddress_data = { 2, 5, 4, 9 };
private static final int[] orgName_data = { 2, 5, 4, 10 };
private static final int[] orgUnitName_data = { 2, 5, 4, 11 };
private static final int[] title_data = { 2, 5, 4, 12 };
private static final int[] GIVENNAME_DATA = { 2, 5, 4, 42 };
private static final int[] INITIALS_DATA = { 2, 5, 4, 43 };
private static final int[] GENERATIONQUALIFIER_DATA = { 2, 5, 4, 44 };
private static final int[] DNQUALIFIER_DATA = { 2, 5, 4, 46 };
private static final int[] ipAddress_data = { 1, 3, 6, 1, 4, 1, 42, 2, 11, 2, 1 };
private static final int[] DOMAIN_COMPONENT_DATA =
{ 0, 9, 2342, 19200300, 100, 1, 25 };
private static final int[] userid_data =
{ 0, 9, 2342, 19200300, 100, 1, 1 };
// OID for the "CN=" attribute, denoting a person's common name. // OID for the "CN=" attribute, denoting a person's common name.
public static final ObjectIdentifier commonName_oid = public static final ObjectIdentifier commonName_oid =
ObjectIdentifier.newInternal(commonName_data); ObjectIdentifier.of("2.5.4.3");
// OID for the "SURNAME=" attribute, denoting a person's surname.
public static final ObjectIdentifier SURNAME_OID =
ObjectIdentifier.of("2.5.4.4");
// OID for the "SERIALNUMBER=" attribute, denoting a serial number for. // OID for the "SERIALNUMBER=" attribute, denoting a serial number for.
// a name. Do not confuse with PKCS#9 issuerAndSerialNumber or the // a name. Do not confuse with PKCS#9 issuerAndSerialNumber or the
// certificate serial number. // certificate serial number.
public static final ObjectIdentifier SERIALNUMBER_OID = public static final ObjectIdentifier SERIALNUMBER_OID =
ObjectIdentifier.newInternal(SERIALNUMBER_DATA); ObjectIdentifier.of("2.5.4.5");
// OID for the "C=" attribute, denoting a country. // OID for the "C=" attribute, denoting a country.
public static final ObjectIdentifier countryName_oid = public static final ObjectIdentifier countryName_oid =
ObjectIdentifier.newInternal(countryName_data); ObjectIdentifier.of("2.5.4.6");
// OID for the "L=" attribute, denoting a locality (such as a city). // OID for the "L=" attribute, denoting a locality (such as a city).
public static final ObjectIdentifier localityName_oid = public static final ObjectIdentifier localityName_oid =
ObjectIdentifier.newInternal(localityName_data); ObjectIdentifier.of("2.5.4.7");
// OID for the "O=" attribute, denoting an organization name.
public static final ObjectIdentifier orgName_oid =
ObjectIdentifier.newInternal(orgName_data);
// OID for the "OU=" attribute, denoting an organizational unit name.
public static final ObjectIdentifier orgUnitName_oid =
ObjectIdentifier.newInternal(orgUnitName_data);
// OID for the "S=" attribute, denoting a state (such as Delaware). // OID for the "S=" attribute, denoting a state (such as Delaware).
public static final ObjectIdentifier stateName_oid = public static final ObjectIdentifier stateName_oid =
ObjectIdentifier.newInternal(stateName_data); ObjectIdentifier.of("2.5.4.8");
// OID for the "STREET=" attribute, denoting a street address. // OID for the "STREET=" attribute, denoting a street address.
public static final ObjectIdentifier streetAddress_oid = public static final ObjectIdentifier streetAddress_oid =
ObjectIdentifier.newInternal(streetAddress_data); ObjectIdentifier.of("2.5.4.9");
// OID for the "O=" attribute, denoting an organization name.
public static final ObjectIdentifier orgName_oid =
ObjectIdentifier.of("2.5.4.10");
// OID for the "OU=" attribute, denoting an organizational unit name.
public static final ObjectIdentifier orgUnitName_oid =
ObjectIdentifier.of("2.5.4.11");
// OID for the "T=" attribute, denoting a person's title. // OID for the "T=" attribute, denoting a person's title.
public static final ObjectIdentifier title_oid = public static final ObjectIdentifier title_oid =
ObjectIdentifier.newInternal(title_data); ObjectIdentifier.of("2.5.4.12");
// OID for the "GIVENNAME=" attribute, denoting a person's given name.
public static final ObjectIdentifier GIVENNAME_OID =
ObjectIdentifier.of("2.5.4.42");
// OID for the "INITIALS=" attribute, denoting a person's initials.
public static final ObjectIdentifier INITIALS_OID =
ObjectIdentifier.of("2.5.4.43");
// OID for the "GENERATION=" attribute, denoting Jr., II, etc.
public static final ObjectIdentifier GENERATIONQUALIFIER_OID =
ObjectIdentifier.of("2.5.4.44");
// OID for the "DNQUALIFIER=" or "DNQ=" attribute, denoting DN // OID for the "DNQUALIFIER=" or "DNQ=" attribute, denoting DN
// disambiguating information. // disambiguating information.
public static final ObjectIdentifier DNQUALIFIER_OID = public static final ObjectIdentifier DNQUALIFIER_OID =
ObjectIdentifier.newInternal(DNQUALIFIER_DATA); ObjectIdentifier.of("2.5.4.46");
// OID for the "SURNAME=" attribute, denoting a person's surname.
public static final ObjectIdentifier SURNAME_OID =
ObjectIdentifier.newInternal(SURNAME_DATA);
// OID for the "GIVENNAME=" attribute, denoting a person's given name.
public static final ObjectIdentifier GIVENNAME_OID =
ObjectIdentifier.newInternal(GIVENNAME_DATA);
// OID for the "INITIALS=" attribute, denoting a person's initials.
public static final ObjectIdentifier INITIALS_OID =
ObjectIdentifier.newInternal(INITIALS_DATA);
// OID for the "GENERATION=" attribute, denoting Jr., II, etc.
public static final ObjectIdentifier GENERATIONQUALIFIER_OID =
ObjectIdentifier.newInternal(GENERATIONQUALIFIER_DATA);
// OIDs from other sources which show up in X.500 names we // OIDs from other sources which show up in X.500 names we
// expect to deal with often. // expect to deal with often.
// //
// OID for "IP=" IP address attributes, used with SKIP. // OID for "IP=" IP address attributes, used with SKIP.
public static final ObjectIdentifier ipAddress_oid = public static final ObjectIdentifier ipAddress_oid =
ObjectIdentifier.newInternal(ipAddress_data); ObjectIdentifier.of("1.3.6.1.4.1.42.2.11.2.1");
// Domain component OID from RFC 1274, RFC 2247, RFC 5280. // Domain component OID from RFC 1274, RFC 2247, RFC 5280.
// //
// OID for "DC=" domain component attributes, used with DNSNames in DN // OID for "DC=" domain component attributes.used with DNSNames in DN
// format. // format.
public static final ObjectIdentifier DOMAIN_COMPONENT_OID = public static final ObjectIdentifier DOMAIN_COMPONENT_OID =
ObjectIdentifier.newInternal(DOMAIN_COMPONENT_DATA); ObjectIdentifier.of("0.9.2342.19200300.100.1.25");
// OID for "UID=" denoting a user id, defined in RFCs 1274 & 2798. // OID for "UID=" denoting a user id, defined in RFCs 1274 & 2798.
public static final ObjectIdentifier userid_oid = public static final ObjectIdentifier userid_oid =
ObjectIdentifier.newInternal(userid_data); ObjectIdentifier.of("0.9.2342.19200300.100.1.1");
/** /**
* Return constraint type:<ul> * Return constraint type:<ul>

14
src/jdk.crypto.ec/share/classes/sun/security/ec/XECParameters.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -120,8 +120,8 @@ public class XECParameters {
// set up X25519 // set up X25519
try { try {
BigInteger p = TWO.pow(255).subtract(BigInteger.valueOf(19)); BigInteger p = TWO.pow(255).subtract(BigInteger.valueOf(19));
addParameters(255, p, 121665, (byte) 0x09, 3, addParameters(255, p, 121665, (byte)0x09, 3,
new int[]{1, 3, 101, 110}, NamedParameterSpec.X25519.getName(), "1.3.101.110", NamedParameterSpec.X25519.getName(),
bySize, byOid, byName); bySize, byOid, byName);
} catch (IOException ex) { } catch (IOException ex) {
@ -132,8 +132,8 @@ public class XECParameters {
try { try {
BigInteger p = TWO.pow(448).subtract(TWO.pow(224)) BigInteger p = TWO.pow(448).subtract(TWO.pow(224))
.subtract(BigInteger.ONE); .subtract(BigInteger.ONE);
addParameters(448, p, 39081, (byte) 0x05, 2, addParameters(448, p, 39081, (byte)0x05, 2,
new int[]{1, 3, 101, 111}, NamedParameterSpec.X448.getName(), "1.3.101.111", NamedParameterSpec.X448.getName(),
bySize, byOid, byName); bySize, byOid, byName);
} catch (IOException ex) { } catch (IOException ex) {
@ -146,12 +146,12 @@ public class XECParameters {
} }
private static void addParameters(int bits, BigInteger p, int a24, private static void addParameters(int bits, BigInteger p, int a24,
byte basePoint, int logCofactor, int[] oidBytes, String name, byte basePoint, int logCofactor, String objectId, String name,
Map<Integer, XECParameters> bySize, Map<Integer, XECParameters> bySize,
Map<ObjectIdentifier, XECParameters> byOid, Map<ObjectIdentifier, XECParameters> byOid,
Map<String, XECParameters> byName) throws IOException { Map<String, XECParameters> byName) throws IOException {
ObjectIdentifier oid = new ObjectIdentifier(oidBytes); ObjectIdentifier oid = new ObjectIdentifier(objectId);
XECParameters params = XECParameters params =
new XECParameters(bits, p, a24, basePoint, logCofactor, oid, name); new XECParameters(bits, p, a24, basePoint, logCofactor, oid, name);
bySize.put(bits, params); bySize.put(bits, params);

5
test/jdk/java/security/testlibrary/SimpleOCSPServer.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -59,8 +59,7 @@ import sun.security.util.ObjectIdentifier;
public class SimpleOCSPServer { public class SimpleOCSPServer {
private final Debug debug = Debug.getInstance("oserv"); private final Debug debug = Debug.getInstance("oserv");
private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID = private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID =
ObjectIdentifier.newInternal( ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.1");
new int[] { 1, 3, 6, 1, 5, 5, 7, 48, 1, 1});
private static final SimpleDateFormat utcDateFmt = private static final SimpleDateFormat utcDateFmt =
new SimpleDateFormat("MMM dd yyyy, HH:mm:ss z"); new SimpleDateFormat("MMM dd yyyy, HH:mm:ss z");

9
test/jdk/sun/security/util/Oid/OidEquals.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -33,13 +33,10 @@ import sun.security.util.ObjectIdentifier;
public class OidEquals { public class OidEquals {
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
ObjectIdentifier oid1 = new ObjectIdentifier("1.3.6.1.4.1.42.2.17"); ObjectIdentifier oid1 = new ObjectIdentifier("1.3.6.1.4.1.42.2.17");
ObjectIdentifier oid2 = ObjectIdentifier oid2 = new ObjectIdentifier("1.2.3.4");
new ObjectIdentifier(new int[]{1, 3, 6, 1, 4, 1, 42, 2, 17});
ObjectIdentifier oid3 = new ObjectIdentifier("1.2.3.4");
assertEquals(oid1, oid1); assertEquals(oid1, oid1);
assertEquals(oid1, oid2); assertNotEquals(oid1, oid2);
assertNotEquals(oid1, oid3);
assertNotEquals(oid1, "1.3.6.1.4.1.42.2.17"); assertNotEquals(oid1, "1.3.6.1.4.1.42.2.17");
System.out.println("Tests passed."); System.out.println("Tests passed.");

48
test/jdk/sun/security/util/Oid/OidFormat.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -86,52 +86,6 @@ public class OidFormat {
for (String s: goodOids) { for (String s: goodOids) {
testGood(s); testGood(s);
} }
int[][] goodInts = {
{0,0}, {0,1}, {1,0}, {1,2},
{0,39}, {1,39}, {2,47}, {2,40,3,6}, {2,100,3}, {2,123456,3},
{1,2,3}, {1,2,3445},
{1,3,6,1,4,1,42,2,17},
};
for (int[] is: goodInts) {
testGood(is);
}
int[][] badInts = new int[][] {
{0}, {1}, {2},
{3,1,1}, {3}, {4},
{1,40}, {1,111,1},
{-1,2}, {0,-2}, {1,-2}, {2,-2},
{1,2,-3,4}, {1,2,3,-4},
};
for (int[] is: badInts) {
testBad(is);
}
}
static void testBad(int[] ints) throws Exception {
System.err.println("Trying " + Arrays.toString(ints));
try {
new ObjectIdentifier(ints);
throw new Exception("should be invalid ObjectIdentifier");
} catch (IOException ioe) {
System.err.println(ioe);
}
}
static void testGood(int[] ints) throws Exception {
System.err.println("Trying " + Arrays.toString(ints));
ObjectIdentifier oid = new ObjectIdentifier(ints);
DerOutputStream os = new DerOutputStream();
os.putOID(oid);
DerInputStream is = new DerInputStream(os.toByteArray());
ObjectIdentifier oid2 = is.getOID();
if (!oid.equals(oid2)) {
throw new Exception("Test DER I/O fails: " + oid + " and " + oid2);
}
} }
static void testGood(String s) throws Exception { static void testGood(String s) throws Exception {

6
test/jdk/sun/security/x509/AVA/AVAEqualsHashCode.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1999, 2001, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -40,13 +40,11 @@ public class AVAEqualsHashCode {
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
int data[] = { 1, 2, 840, 113549, 2, 5 };
// encode // encode
String name = "CN=eve s. dropper"; String name = "CN=eve s. dropper";
X500Name dn = new X500Name(name); X500Name dn = new X500Name(name);
DerOutputStream deros = new DerOutputStream(); DerOutputStream deros = new DerOutputStream();
ObjectIdentifier oid = new ObjectIdentifier(data); ObjectIdentifier oid = new ObjectIdentifier("1.2.840.113549.2.5");
dn.encode(deros); dn.encode(deros);
byte[] ba = deros.toByteArray(); byte[] ba = deros.toByteArray();

6
test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -153,9 +153,9 @@ public class V3Certificate {
GeneralNameInterface ipInf = new IPAddressName(address); GeneralNameInterface ipInf = new IPAddressName(address);
GeneralName ip = new GeneralName(ipInf); GeneralName ip = new GeneralName(ipInf);
int[] oidData = new int[]{1, 2, 3, 4};
GeneralNameInterface oidInf = new OIDName(new ObjectIdentifier(oidData)); GeneralNameInterface oidInf =
new OIDName(new ObjectIdentifier("1.2.3.4"));
GeneralName oid = new GeneralName(oidInf); GeneralName oid = new GeneralName(oidInf);
SubjectAlternativeNameExtension subjectName SubjectAlternativeNameExtension subjectName