archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 22:34:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8296143: CertAttrSet's set/get mechanism is not type-safe

Browse source 
Reviewed-by: mullan
This commit is contained in:
Weijun Wang 2022-11-08 22:35:29 +00:00
parent d04d6566b0
commit 671f84bd86
66 changed files with 643 additions and 2902 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/java.base/share/classes/java/security/cert/CertificateRevokedException.java
View file

@ -155,7 +155,7 @@ public class CertificateRevokedException extends CertificateException {
return null; return null;
} else { } else {
try { try {
Date invalidity = InvalidityDateExtension.toImpl(ext).get("DATE"); Date invalidity = InvalidityDateExtension.toImpl(ext).getDate();
return new Date(invalidity.getTime()); return new Date(invalidity.getTime());
} catch (IOException ioe) { } catch (IOException ioe) {
return null; return null;

6
src/java.base/share/classes/java/security/cert/X509CRLSelector.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -323,7 +323,7 @@ public class X509CRLSelector implements CRLSelector {
else else
namesCopy.add(nameObject); namesCopy.add(nameObject);
} }
return(namesCopy); return namesCopy;
} }
/** /**
@ -630,7 +630,7 @@ public class X509CRLSelector implements CRLSelector {
byte[] encoded = in.getOctetString(); byte[] encoded = in.getOctetString();
CRLNumberExtension crlNumExt = CRLNumberExtension crlNumExt =
new CRLNumberExtension(Boolean.FALSE, encoded); new CRLNumberExtension(Boolean.FALSE, encoded);
crlNum = crlNumExt.get(CRLNumberExtension.NUMBER); crlNum = crlNumExt.getCrlNumber();
} catch (IOException ex) { } catch (IOException ex) {
if (debug != null) { if (debug != null) {
debug.println("X509CRLSelector.match: exception in " debug.println("X509CRLSelector.match: exception in "

46
src/java.base/share/classes/java/security/cert/X509CertSelector.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -1288,7 +1288,7 @@ public class X509CertSelector implements CertSelector {
*/ */
@Deprecated(since="16") @Deprecated(since="16")
public String getIssuerAsString() { public String getIssuerAsString() {
return (issuer == null ? null : issuer.getName()); return issuer == null ? null : issuer.getName();
} }
/** /**
@ -1310,7 +1310,7 @@ public class X509CertSelector implements CertSelector {
* @throws IOException if an encoding error occurs * @throws IOException if an encoding error occurs
*/ */
public byte[] getIssuerAsBytes() throws IOException { public byte[] getIssuerAsBytes() throws IOException {
return (issuer == null ? null: issuer.getEncoded()); return issuer == null ? null : issuer.getEncoded();
} }
/** /**
@ -1347,7 +1347,7 @@ public class X509CertSelector implements CertSelector {
*/ */
@Deprecated(since="16") @Deprecated(since="16")
public String getSubjectAsString() { public String getSubjectAsString() {
return (subject == null ? null : subject.getName()); return subject == null ? null : subject.getName();
} }
/** /**
@ -1369,7 +1369,7 @@ public class X509CertSelector implements CertSelector {
* @throws IOException if an encoding error occurs * @throws IOException if an encoding error occurs
*/ */
public byte[] getSubjectAsBytes() throws IOException { public byte[] getSubjectAsBytes() throws IOException {
return (subject == null ? null : subject.getEncoded()); return subject == null ? null : subject.getEncoded();
} }
/** /**
@ -1868,7 +1868,7 @@ public class X509CertSelector implements CertSelector {
s += "]\n"; s += "]\n";
return (s); return s;
} }
/** /**
@ -2120,12 +2120,8 @@ public class X509CertSelector implements CertSelector {
} catch (CertificateExpiredException e1) { } catch (CertificateExpiredException e1) {
if (debug != null) { if (debug != null) {
String time = "n/a"; String time = "n/a";
try { Date notAfter = ext.getNotAfter();
Date notAfter = ext.get(PrivateKeyUsageExtension.NOT_AFTER); time = notAfter.toString();
time = notAfter.toString();
} catch (CertificateException ex) {
// not able to retrieve notAfter value
}
debug.println("X509CertSelector.match: private key usage not " debug.println("X509CertSelector.match: private key usage not "
+ "within validity date; ext.NOT_After: " + "within validity date; ext.NOT_After: "
+ time + "; X509CertSelector: " + time + "; X509CertSelector: "
@ -2136,12 +2132,8 @@ public class X509CertSelector implements CertSelector {
} catch (CertificateNotYetValidException e2) { } catch (CertificateNotYetValidException e2) {
if (debug != null) { if (debug != null) {
String time = "n/a"; String time = "n/a";
try { Date notBefore = ext.getNotBefore();
Date notBefore = ext.get(PrivateKeyUsageExtension.NOT_BEFORE); time = notBefore.toString();
time = notBefore.toString();
} catch (CertificateException ex) {
// not able to retrieve notBefore value
}
debug.println("X509CertSelector.match: private key usage not " debug.println("X509CertSelector.match: private key usage not "
+ "within validity date; ext.NOT_BEFORE: " + "within validity date; ext.NOT_BEFORE: "
+ time + "; X509CertSelector: " + time + "; X509CertSelector: "
@ -2227,8 +2219,7 @@ public class X509CertSelector implements CertSelector {
(ExtendedKeyUsageExtension)getExtensionObject(xcert, (ExtendedKeyUsageExtension)getExtensionObject(xcert,
KnownOIDs.extendedKeyUsage); KnownOIDs.extendedKeyUsage);
if (ext != null) { if (ext != null) {
Vector<ObjectIdentifier> certKeyPurposeVector = Vector<ObjectIdentifier> certKeyPurposeVector = ext.getUsages();
ext.get(ExtendedKeyUsageExtension.USAGES);
if (!certKeyPurposeVector.contains(ANY_EXTENDED_KEY_USAGE) if (!certKeyPurposeVector.contains(ANY_EXTENDED_KEY_USAGE)
&& !certKeyPurposeVector.containsAll(keyPurposeOIDSet)) { && !certKeyPurposeVector.containsAll(keyPurposeOIDSet)) {
if (debug != null) { if (debug != null) {
@ -2264,8 +2255,7 @@ public class X509CertSelector implements CertSelector {
} }
return false; return false;
} }
GeneralNames certNames = GeneralNames certNames = sanExt.getNames();
sanExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
Iterator<GeneralNameInterface> i = Iterator<GeneralNameInterface> i =
subjectAlternativeGeneralNames.iterator(); subjectAlternativeGeneralNames.iterator();
while (i.hasNext()) { while (i.hasNext()) {
@ -2333,7 +2323,7 @@ public class X509CertSelector implements CertSelector {
} }
return false; return false;
} }
List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES); List<PolicyInformation> policies = ext.getCertPolicies();
/* /*
* Convert the Vector of PolicyInformation to a Vector * Convert the Vector of PolicyInformation to a Vector
* of CertificatePolicyIds for easier comparison. * of CertificatePolicyIds for easier comparison.
@ -2401,17 +2391,15 @@ public class X509CertSelector implements CertSelector {
} }
} }
GeneralSubtrees permitted = GeneralSubtrees permitted = ext.getPermittedSubtrees();
ext.get(NameConstraintsExtension.PERMITTED_SUBTREES); GeneralSubtrees excluded = ext.getExcludedSubtrees();
GeneralSubtrees excluded =
ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
if (excluded != null) { if (excluded != null) {
if (matchExcluded(excluded) == false) { if (!matchExcluded(excluded)) {
return false; return false;
} }
} }
if (permitted != null) { if (permitted != null) {
if (matchPermitted(permitted) == false) { if (!matchPermitted(permitted)) {
return false; return false;
} }
} }

4
src/java.base/share/classes/sun/security/pkcs/PKCS7.java
View file

@ -684,9 +684,7 @@ public class PKCS7 {
try { try {
X509CertInfo tbsCert = X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate()); new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal) certIssuerName = tbsCert.getIssuer();
tbsCert.get(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME);
} catch (Exception e) { } catch (Exception e) {
// error generating X500Name object from the cert's // error generating X500Name object from the cert's
// issuer DN, leave name as is. // issuer DN, leave name as is.

8
src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java
View file

@ -617,11 +617,7 @@ public class PKCS9Attribute implements DerEncoder {
{ {
DerOutputStream temp2 = new DerOutputStream(); DerOutputStream temp2 = new DerOutputStream();
CertificateExtensions exts = (CertificateExtensions)value; CertificateExtensions exts = (CertificateExtensions)value;
try { exts.encode(temp2, true);
exts.encode(temp2, true);
} catch (CertificateException ex) {
throw new IOException(ex.toString());
}
temp.write(DerValue.tag_Set, temp2.toByteArray()); temp.write(DerValue.tag_Set, temp2.toByteArray());
} }
break; break;
@ -687,7 +683,7 @@ public class PKCS9Attribute implements DerEncoder {
public String getName() { public String getName() {
String n = oid.toString(); String n = oid.toString();
KnownOIDs os = KnownOIDs.findMatch(n); KnownOIDs os = KnownOIDs.findMatch(n);
return (os == null? n : os.stdName()); return os == null ? n : os.stdName();
} }
/** /**

3
src/java.base/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java
View file

@ -131,8 +131,7 @@ class AdaptableX509CertSelector extends X509CertSelector {
if (ext != null) { if (ext != null) {
ski = ext.getEncodedKeyIdentifier(); ski = ext.getEncodedKeyIdentifier();
SerialNumber asn = (SerialNumber)ext.get( SerialNumber asn = ext.getSerialNumber();
AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
if (asn != null) { if (asn != null) {
serial = asn.getNumber(); serial = asn.getNumber();
} }

2
src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
View file

@ -190,7 +190,7 @@ public final class AlgorithmChecker extends PKIXCertPathChecker {
AlgorithmId algorithmId; AlgorithmId algorithmId;
try { try {
x509Cert = X509CertImpl.toImpl((X509Certificate)cert); x509Cert = X509CertImpl.toImpl((X509Certificate)cert);
algorithmId = (AlgorithmId)x509Cert.get(X509CertImpl.SIG_ALG); algorithmId = x509Cert.getSigAlg();
} catch (CertificateException ce) { } catch (CertificateException ce) {
throw new CertPathValidatorException(ce); throw new CertPathValidatorException(ce);
} }

15
src/java.base/share/classes/sun/security/provider/certpath/Builder.java
View file

@ -204,7 +204,7 @@ abstract class Builder {
/* base is ancestor of test */ /* base is ancestor of test */
case GeneralNameInterface.NAME_NARROWS: case GeneralNameInterface.NAME_NARROWS:
/* base is descendant of test */ /* base is descendant of test */
return (test.subtreeDepth()-base.subtreeDepth()); return test.subtreeDepth() - base.subtreeDepth();
default: // should never occur default: // should never occur
return incomparable; return incomparable;
} }
@ -230,7 +230,7 @@ abstract class Builder {
int commonDistance = commonName.subtreeDepth(); int commonDistance = commonName.subtreeDepth();
int baseDistance = baseName.subtreeDepth(); int baseDistance = baseName.subtreeDepth();
int testDistance = testName.subtreeDepth(); int testDistance = testName.subtreeDepth();
return (baseDistance + testDistance - (2 * commonDistance)); return baseDistance + testDistance - (2 * commonDistance);
} }
} }
@ -300,8 +300,7 @@ abstract class Builder {
SubjectAlternativeNameExtension altNameExt = SubjectAlternativeNameExtension altNameExt =
certImpl.getSubjectAlternativeNameExtension(); certImpl.getSubjectAlternativeNameExtension();
if (altNameExt != null) { if (altNameExt != null) {
GeneralNames altNames = altNameExt.get( GeneralNames altNames = altNameExt.getNames();
SubjectAlternativeNameExtension.SUBJECT_NAME);
/* see if any alternative name matches target */ /* see if any alternative name matches target */
if (altNames != null) { if (altNames != null) {
for (int j = 0, n = altNames.size(); j < n; j++) { for (int j = 0, n = altNames.size(); j < n; j++) {
@ -337,10 +336,8 @@ abstract class Builder {
+ constraints); + constraints);
} }
/* reduce permitted by excluded */ /* reduce permitted by excluded */
GeneralSubtrees permitted = GeneralSubtrees permitted = constraints.getPermittedSubtrees();
constraints.get(NameConstraintsExtension.PERMITTED_SUBTREES); GeneralSubtrees excluded = constraints.getExcludedSubtrees();
GeneralSubtrees excluded =
constraints.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
if (permitted != null) { if (permitted != null) {
permitted.reduce(excluded); permitted.reduce(excluded);
} }
@ -362,7 +359,7 @@ abstract class Builder {
GeneralNameInterface perName = permitted.get(i).getName().getName(); GeneralNameInterface perName = permitted.get(i).getName().getName();
int distance = distance(perName, target, -1); int distance = distance(perName, target, -1);
if (distance >= 0) { if (distance >= 0) {
return (distance + 1); return distance + 1;
} }
} }
/* no matching type in permitted; cert holder could certify target */ /* no matching type in permitted; cert holder could certify target */

32
src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java
View file

@ -102,7 +102,7 @@ public class DistributionPointFetcher {
return Collections.emptySet(); return Collections.emptySet();
} }
List<DistributionPoint> points = List<DistributionPoint> points =
ext.get(CRLDistributionPointsExtension.POINTS); ext.getDistributionPoints();
Set<X509CRL> results = new HashSet<>(); Set<X509CRL> results = new HashSet<>();
for (Iterator<DistributionPoint> t = points.iterator(); for (Iterator<DistributionPoint> t = points.iterator();
t.hasNext() && !Arrays.equals(reasonsMask, ALL_REASONS); ) { t.hasNext() && !Arrays.equals(reasonsMask, ALL_REASONS); ) {
@ -116,7 +116,7 @@ public class DistributionPointFetcher {
debug.println("Returning " + results.size() + " CRLs"); debug.println("Returning " + results.size() + " CRLs");
} }
return results; return results;
} catch (CertificateException | IOException e) { } catch (CertificateException e) {
return Collections.emptySet(); return Collections.emptySet();
} }
} }
@ -333,9 +333,7 @@ public class DistributionPointFetcher {
GeneralNames pointCrlIssuers = point.getCRLIssuer(); GeneralNames pointCrlIssuers = point.getCRLIssuer();
X500Name pointCrlIssuer = null; X500Name pointCrlIssuer = null;
if (pointCrlIssuers != null) { if (pointCrlIssuers != null) {
if (idpExt == null || if (idpExt == null || !idpExt.isIndirectCRL()) {
idpExt.get(IssuingDistributionPointExtension.INDIRECT_CRL)
== Boolean.FALSE) {
return false; return false;
} }
boolean match = false; boolean match = false;
@ -398,8 +396,7 @@ public class DistributionPointFetcher {
} }
if (idpExt != null) { if (idpExt != null) {
DistributionPointName idpPoint = (DistributionPointName) DistributionPointName idpPoint = idpExt.getDistributionPoint();
idpExt.get(IssuingDistributionPointExtension.POINT);
if (idpPoint != null) { if (idpPoint != null) {
GeneralNames idpNames = idpPoint.getFullName(); GeneralNames idpNames = idpPoint.getFullName();
if (idpNames == null) { if (idpNames == null) {
@ -495,9 +492,8 @@ public class DistributionPointFetcher {
// if the onlyContainsUserCerts boolean is asserted, verify that the // if the onlyContainsUserCerts boolean is asserted, verify that the
// cert is not a CA cert // cert is not a CA cert
Boolean b = (Boolean) boolean b = idpExt.hasOnlyUserCerts();
idpExt.get(IssuingDistributionPointExtension.ONLY_USER_CERTS); if (b && certImpl.getBasicConstraints() != -1) {
if (b.equals(Boolean.TRUE) && certImpl.getBasicConstraints() != -1) {
if (debug != null) { if (debug != null) {
debug.println("cert must be a EE cert"); debug.println("cert must be a EE cert");
} }
@ -506,9 +502,8 @@ public class DistributionPointFetcher {
// if the onlyContainsCACerts boolean is asserted, verify that the // if the onlyContainsCACerts boolean is asserted, verify that the
// cert is a CA cert // cert is a CA cert
b = (Boolean) b = idpExt.hasOnlyCACerts();
idpExt.get(IssuingDistributionPointExtension.ONLY_CA_CERTS); if (b && certImpl.getBasicConstraints() == -1) {
if (b.equals(Boolean.TRUE) && certImpl.getBasicConstraints() == -1) {
if (debug != null) { if (debug != null) {
debug.println("cert must be a CA cert"); debug.println("cert must be a CA cert");
} }
@ -517,9 +512,8 @@ public class DistributionPointFetcher {
// verify that the onlyContainsAttributeCerts boolean is not // verify that the onlyContainsAttributeCerts boolean is not
// asserted // asserted
b = (Boolean) idpExt.get b = idpExt.hasOnlyAttributeCerts();
(IssuingDistributionPointExtension.ONLY_ATTRIBUTE_CERTS); if (b) {
if (b.equals(Boolean.TRUE)) {
if (debug != null) { if (debug != null) {
debug.println("cert must not be an AA cert"); debug.println("cert must not be an AA cert");
} }
@ -531,8 +525,7 @@ public class DistributionPointFetcher {
boolean[] interimReasonsMask = new boolean[9]; boolean[] interimReasonsMask = new boolean[9];
ReasonFlags reasons = null; ReasonFlags reasons = null;
if (idpExt != null) { if (idpExt != null) {
reasons = (ReasonFlags) reasons = idpExt.getRevocationReasons();
idpExt.get(IssuingDistributionPointExtension.REASONS);
} }
boolean[] pointReasonFlags = point.getReasonFlags(); boolean[] pointReasonFlags = point.getReasonFlags();
@ -603,8 +596,7 @@ public class DistributionPointFetcher {
certSel.setSubjectKeyIdentifier(kid); certSel.setSubjectKeyIdentifier(kid);
} }
SerialNumber asn = (SerialNumber)akidext.get( SerialNumber asn = akidext.getSerialNumber();
AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
if (asn != null) { if (asn != null) {
certSel.setSerialNumber(asn.getNumber()); certSel.setSerialNumber(asn.getNumber());
} }

22
src/java.base/share/classes/sun/security/provider/certpath/ForwardState.java
View file

@ -187,27 +187,17 @@ class ForwardState implements State {
/* update subjectNamesTraversed only if this is the EE cert or if /* update subjectNamesTraversed only if this is the EE cert or if
this cert is not self-issued */ this cert is not self-issued */
if (init || !X509CertImpl.isSelfIssued(cert)){ if (init || !X509CertImpl.isSelfIssued(cert)) {
X500Principal subjName = cert.getSubjectX500Principal(); X500Principal subjName = cert.getSubjectX500Principal();
subjectNamesTraversed.add(X500Name.asX500Name(subjName)); subjectNamesTraversed.add(X500Name.asX500Name(subjName));
try { SubjectAlternativeNameExtension subjAltNameExt
SubjectAlternativeNameExtension subjAltNameExt
= icert.getSubjectAlternativeNameExtension(); = icert.getSubjectAlternativeNameExtension();
if (subjAltNameExt != null) { if (subjAltNameExt != null) {
GeneralNames gNames = subjAltNameExt.get( GeneralNames gNames = subjAltNameExt.getNames();
SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) {
for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName());
subjectNamesTraversed.add(gName.getName());
}
} }
} catch (IOException e) {
if (debug != null) {
debug.println("ForwardState.updateState() unexpected "
+ "exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
} }
} }

148
src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java
View file

@ -25,7 +25,6 @@
package sun.security.provider.certpath; package sun.security.provider.certpath;
import java.io.IOException;
import java.security.cert.Certificate; import java.security.cert.Certificate;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.CertPathValidatorException; import java.security.cert.CertPathValidatorException;
@ -265,42 +264,30 @@ class PolicyChecker extends PKIXCertPathChecker {
* occurs * occurs
*/ */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert, static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
boolean finalCert) throws CertPathValidatorException boolean finalCert) throws CertPathValidatorException {
{
if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) { if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
explicitPolicy--; explicitPolicy--;
} }
try { PolicyConstraintsExtension polConstExt
PolicyConstraintsExtension polConstExt
= currCert.getPolicyConstraintsExtension(); = currCert.getPolicyConstraintsExtension();
if (polConstExt == null) if (polConstExt == null)
return explicitPolicy; return explicitPolicy;
int require = int require = polConstExt.getRequire();
polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue(); if (debug != null) {
if (debug != null) { debug.println("PolicyChecker.mergeExplicitPolicy() "
debug.println("PolicyChecker.mergeExplicitPolicy() " + "require Index from cert = " + require);
+ "require Index from cert = " + require); }
} if (!finalCert) {
if (!finalCert) { if (require != -1) {
if (require != -1) { if ((explicitPolicy == -1) || (require < explicitPolicy)) {
if ((explicitPolicy == -1) || (require < explicitPolicy)) { explicitPolicy = require;
explicitPolicy = require; }
} }
} } else {
} else { if (require == 0)
if (require == 0) explicitPolicy = require;
explicitPolicy = require;
}
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.mergeExplicitPolicy "
+ "unexpected exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
} }
return explicitPolicy; return explicitPolicy;
} }
@ -318,36 +305,25 @@ class PolicyChecker extends PKIXCertPathChecker {
* occurs * occurs
*/ */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert) static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
throws CertPathValidatorException throws CertPathValidatorException {
{
if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) { if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
policyMapping--; policyMapping--;
} }
try { PolicyConstraintsExtension polConstExt
PolicyConstraintsExtension polConstExt
= currCert.getPolicyConstraintsExtension(); = currCert.getPolicyConstraintsExtension();
if (polConstExt == null) if (polConstExt == null)
return policyMapping; return policyMapping;
int inhibit = int inhibit = polConstExt.getInhibit();
polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue(); if (debug != null)
if (debug != null) debug.println("PolicyChecker.mergePolicyMapping() "
debug.println("PolicyChecker.mergePolicyMapping() "
+ "inhibit Index from cert = " + inhibit); + "inhibit Index from cert = " + inhibit);
if (inhibit != -1) { if (inhibit != -1) {
if ((policyMapping == -1) || (inhibit < policyMapping)) { if ((policyMapping == -1) || (inhibit < policyMapping)) {
policyMapping = inhibit; policyMapping = inhibit;
}
} }
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.mergePolicyMapping "
+ "unexpected exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
} }
return policyMapping; return policyMapping;
@ -366,38 +342,26 @@ class PolicyChecker extends PKIXCertPathChecker {
* occurs * occurs
*/ */
static int mergeInhibitAnyPolicy(int inhibitAnyPolicy, static int mergeInhibitAnyPolicy(int inhibitAnyPolicy,
X509CertImpl currCert) throws CertPathValidatorException X509CertImpl currCert) throws CertPathValidatorException {
{
if ((inhibitAnyPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) { if ((inhibitAnyPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
inhibitAnyPolicy--; inhibitAnyPolicy--;
} }
try { InhibitAnyPolicyExtension inhAnyPolExt = (InhibitAnyPolicyExtension)
InhibitAnyPolicyExtension inhAnyPolExt = (InhibitAnyPolicyExtension)
currCert.getExtension(InhibitAnyPolicy_Id); currCert.getExtension(InhibitAnyPolicy_Id);
if (inhAnyPolExt == null) if (inhAnyPolExt == null)
return inhibitAnyPolicy; return inhibitAnyPolicy;
int skipCerts = int skipCerts = inhAnyPolExt.getSkipCerts();
inhAnyPolExt.get(InhibitAnyPolicyExtension.SKIP_CERTS).intValue(); if (debug != null)
if (debug != null) debug.println("PolicyChecker.mergeInhibitAnyPolicy() "
debug.println("PolicyChecker.mergeInhibitAnyPolicy() "
+ "skipCerts Index from cert = " + skipCerts); + "skipCerts Index from cert = " + skipCerts);
if (skipCerts != -1) { if (skipCerts != -1) {
if (skipCerts < inhibitAnyPolicy) { if (skipCerts < inhibitAnyPolicy) {
inhibitAnyPolicy = skipCerts; inhibitAnyPolicy = skipCerts;
}
} }
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.mergeInhibitAnyPolicy "
+ "unexpected exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
} }
return inhibitAnyPolicy; return inhibitAnyPolicy;
} }
@ -449,12 +413,7 @@ class PolicyChecker extends PKIXCertPathChecker {
debug.println("PolicyChecker.processPolicies() " debug.println("PolicyChecker.processPolicies() "
+ "policiesCritical = " + policiesCritical); + "policiesCritical = " + policiesCritical);
try { policyInfo = currCertPolicies.getCertPolicies();
policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
} catch (IOException ioe) {
throw new CertPathValidatorException("Exception while "
+ "retrieving policyOIDs", ioe);
}
if (debug != null) if (debug != null)
debug.println("PolicyChecker.processPolicies() " debug.println("PolicyChecker.processPolicies() "
@ -618,7 +577,7 @@ class PolicyChecker extends PKIXCertPathChecker {
anyNode.getPolicyQualifiers(); anyNode.getPolicyQualifiers();
for (String policy : initial) { for (String policy : initial) {
Set<String> expectedPolicies = Collections.singleton(policy); Set<String> expectedPolicies = Collections.singleton(policy);
PolicyNodeImpl node = new PolicyNodeImpl(parentNode, policy, new PolicyNodeImpl(parentNode, policy,
anyQualifiers, anyCritical, expectedPolicies, false); anyQualifiers, anyCritical, expectedPolicies, false);
} }
} }
@ -672,7 +631,6 @@ class PolicyChecker extends PKIXCertPathChecker {
foundMatch = true; foundMatch = true;
PolicyNodeImpl curNode = null;
Set<String> curExpPols; Set<String> curExpPols;
if (curPolicy.equals(ANY_POLICY)) { if (curPolicy.equals(ANY_POLICY)) {
@ -698,7 +656,7 @@ class PolicyChecker extends PKIXCertPathChecker {
Set<String> expPols = new HashSet<>(); Set<String> expPols = new HashSet<>();
expPols.add(curParExpPol); expPols.add(curParExpPol);
curNode = new PolicyNodeImpl new PolicyNodeImpl
(curParent, curParExpPol, pQuals, (curParent, curParExpPol, pQuals,
policiesCritical, expPols, false); policiesCritical, expPols, false);
} }
@ -706,7 +664,7 @@ class PolicyChecker extends PKIXCertPathChecker {
curExpPols = new HashSet<>(); curExpPols = new HashSet<>();
curExpPols.add(curPolicy); curExpPols.add(curPolicy);
curNode = new PolicyNodeImpl new PolicyNodeImpl
(curParent, curPolicy, pQuals, (curParent, curPolicy, pQuals,
policiesCritical, curExpPols, false); policiesCritical, curExpPols, false);
} }
@ -747,17 +705,7 @@ class PolicyChecker extends PKIXCertPathChecker {
+ "inside policyMapping check"); + "inside policyMapping check");
List<CertificatePolicyMap> maps; List<CertificatePolicyMap> maps;
try { maps = polMappingsExt.getMaps();
maps = polMappingsExt.get(PolicyMappingsExtension.MAP);
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() "
+ "mapping exception");
e.printStackTrace();
}
throw new CertPathValidatorException("Exception while checking "
+ "mapping", e);
}
boolean childDeleted = false; boolean childDeleted = false;
for (CertificatePolicyMap polMap : maps) { for (CertificatePolicyMap polMap : maps) {
@ -816,7 +764,7 @@ class PolicyChecker extends PKIXCertPathChecker {
Set<String> expPols = new HashSet<>(); Set<String> expPols = new HashSet<>();
expPols.add(subjectDomain); expPols.add(subjectDomain);
PolicyNodeImpl curNode = new PolicyNodeImpl new PolicyNodeImpl
(curAnyNodeParent, issuerDomain, anyQuals, (curAnyNodeParent, issuerDomain, anyQuals,
policiesCritical, expPols, true); policiesCritical, expPols, true);
} }
@ -853,13 +801,7 @@ class PolicyChecker extends PKIXCertPathChecker {
CertificatePoliciesExtension currCertPolicies) CertificatePoliciesExtension currCertPolicies)
throws CertPathValidatorException throws CertPathValidatorException
{ {
List<PolicyInformation> policyInfo; List<PolicyInformation> policyInfo = currCertPolicies.getCertPolicies();
try {
policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
} catch (IOException ioe) {
throw new CertPathValidatorException("Exception while "
+ "retrieving policyOIDs", ioe);
}
boolean childDeleted = false; boolean childDeleted = false;
for (PolicyInformation curPolInfo : policyInfo) { for (PolicyInformation curPolInfo : policyInfo) {

16
src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java
View file

@ -839,6 +839,9 @@ class RevocationChecker extends PKIXRevocationChecker {
return false; return false;
} }
private static final boolean[] ALL_REASONS =
{true, true, true, true, true, true, true, true, true};
/** /**
* Internal method that verifies a set of possible_crls, * Internal method that verifies a set of possible_crls,
* and sees if each is approved, based on the cert. * and sees if each is approved, based on the cert.
@ -848,11 +851,9 @@ class RevocationChecker extends PKIXRevocationChecker {
* @param signFlag <code>true</code> if prevKey was trusted to sign CRLs * @param signFlag <code>true</code> if prevKey was trusted to sign CRLs
* @param prevKey the public key of the issuer of cert * @param prevKey the public key of the issuer of cert
* @param reasonsMask the reason code mask * @param reasonsMask the reason code mask
* @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s> * @param anchors a <code>Set</code> of <code>TrustAnchor</code>s>
* @return a collection of approved crls (or an empty collection) * @return a collection of approved crls (or an empty collection)
*/ */
private static final boolean[] ALL_REASONS =
{true, true, true, true, true, true, true, true, true};
private Collection<X509CRL> verifyPossibleCRLs(Set<X509CRL> crls, private Collection<X509CRL> verifyPossibleCRLs(Set<X509CRL> crls,
X509Certificate cert, X509Certificate cert,
PublicKey prevKey, PublicKey prevKey,
@ -879,7 +880,7 @@ class RevocationChecker extends PKIXRevocationChecker {
null, null); null, null);
points = Collections.singletonList(point); points = Collections.singletonList(point);
} else { } else {
points = ext.get(CRLDistributionPointsExtension.POINTS); points = ext.getDistributionPoints();
} }
Set<X509CRL> results = new HashSet<>(); Set<X509CRL> results = new HashSet<>();
for (DistributionPoint point : points) { for (DistributionPoint point : points) {
@ -965,6 +966,9 @@ class RevocationChecker extends PKIXRevocationChecker {
} }
} }
private static final boolean [] CRL_SIGN_USAGE =
{ false, false, false, false, false, false, true };
/** /**
* Tries to find a CertPath that establishes a key that can be * Tries to find a CertPath that establishes a key that can be
* used to verify the revocation status of a given certificate. * used to verify the revocation status of a given certificate.
@ -979,8 +983,6 @@ class RevocationChecker extends PKIXRevocationChecker {
* establishment of this path. * establishment of this path.
* @throws CertPathValidatorException on failure * @throws CertPathValidatorException on failure
*/ */
private static final boolean [] CRL_SIGN_USAGE =
{ false, false, false, false, false, false, true };
private void buildToNewKey(X509Certificate currCert, private void buildToNewKey(X509Certificate currCert,
PublicKey prevKey, PublicKey prevKey,
Set<X509Certificate> stackedCerts) Set<X509Certificate> stackedCerts)
@ -1179,7 +1181,7 @@ class RevocationChecker extends PKIXRevocationChecker {
@Override @Override
public boolean match(Certificate cert) { public boolean match(Certificate cert) {
if (!super.match(cert)) if (!super.match(cert))
return(false); return false;
if (badKeySet.contains(cert.getPublicKey())) { if (badKeySet.contains(cert.getPublicKey())) {
if (debug != null) if (debug != null)

36
src/java.base/share/classes/sun/security/provider/certpath/Vertex.java
View file

@ -25,7 +25,6 @@
package sun.security.provider.certpath; package sun.security.provider.certpath;
import java.io.IOException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
@ -146,13 +145,13 @@ final class Vertex {
} }
sb.append("Issuer: ").append sb.append("Issuer: ").append
(x509Cert.getIssuerX500Principal()).append("\n"); (x509Cert.getIssuerX500Principal()).append("\n");
sb.append("Subject: ").append sb.append("Subject: ").append
(x509Cert.getSubjectX500Principal()).append("\n"); (x509Cert.getSubjectX500Principal()).append("\n");
sb.append("SerialNum: ").append sb.append("SerialNum: ").append
(x509Cert.getSerialNumber().toString(16)).append("\n"); (x509Cert.getSerialNumber().toString(16)).append("\n");
sb.append("Expires: ").append sb.append("Expires: ").append
(x509Cert.getNotAfter().toString()).append("\n"); (x509Cert.getNotAfter().toString()).append("\n");
boolean[] iUID = x509Cert.getIssuerUniqueID(); boolean[] iUID = x509Cert.getIssuerUniqueID();
if (iUID != null) { if (iUID != null) {
sb.append("IssuerUID: "); sb.append("IssuerUID: ");
@ -169,26 +168,17 @@ final class Vertex {
} }
sb.append("\n"); sb.append("\n");
} }
try { SubjectKeyIdentifierExtension sKeyID =
SubjectKeyIdentifierExtension sKeyID =
x509Cert.getSubjectKeyIdentifierExtension(); x509Cert.getSubjectKeyIdentifierExtension();
if (sKeyID != null) { if (sKeyID != null) {
KeyIdentifier keyID = sKeyID.get( KeyIdentifier keyID = sKeyID.getKeyIdentifier();
SubjectKeyIdentifierExtension.KEY_ID); sb.append("SubjKeyID: ").append(keyID.toString());
sb.append("SubjKeyID: ").append(keyID.toString()); }
} AuthorityKeyIdentifierExtension aKeyID =
AuthorityKeyIdentifierExtension aKeyID =
x509Cert.getAuthorityKeyIdentifierExtension(); x509Cert.getAuthorityKeyIdentifierExtension();
if (aKeyID != null) { if (aKeyID != null) {
KeyIdentifier keyID = (KeyIdentifier)aKeyID.get( KeyIdentifier keyID = aKeyID.getKeyIdentifier();
AuthorityKeyIdentifierExtension.KEY_ID); sb.append("AuthKeyID: ").append(keyID.toString());
sb.append("AuthKeyID: ").append(keyID.toString());
}
} catch (IOException e) {
if (debug != null) {
debug.println("Vertex.certToString() unexpected exception");
e.printStackTrace();
}
} }
return sb.toString(); return sb.toString();
} }

9
src/java.base/share/classes/sun/security/ssl/SSLLogger.java
View file

@ -230,7 +230,7 @@ public final class SSLLogger {
@Override @Override
public boolean isLoggable(Level level) { public boolean isLoggable(Level level) {
return (level != Level.OFF); return level != Level.OFF;
} }
@Override @Override
@ -480,11 +480,8 @@ public final class SSLLogger {
try { try {
X509CertImpl x509 = X509CertImpl x509 =
X509CertImpl.toImpl((X509Certificate)certificate); X509CertImpl.toImpl((X509Certificate)certificate);
X509CertInfo certInfo = X509CertInfo certInfo = x509.getInfo();
(X509CertInfo)x509.get(X509CertImpl.NAME + "." + CertificateExtensions certExts = certInfo.getExtensions();
X509CertImpl.INFO);
CertificateExtensions certExts = (CertificateExtensions)
certInfo.get(X509CertInfo.EXTENSIONS);
if (certExts == null) { if (certExts == null) {
Object[] certFields = { Object[] certFields = {
x509.getVersion(), x509.getVersion(),

18
src/java.base/share/classes/sun/security/tools/keytool/CertAndKeyGen.java
View file

@ -319,23 +319,21 @@ public final class CertAndKeyGen {
X509CertInfo info = new X509CertInfo(); X509CertInfo info = new X509CertInfo();
// Add all mandatory attributes // Add all mandatory attributes
info.set(X509CertInfo.VERSION, info.setVersion(new CertificateVersion(CertificateVersion.V3));
new CertificateVersion(CertificateVersion.V3));
if (prng == null) { if (prng == null) {
prng = new SecureRandom(); prng = new SecureRandom();
} }
info.set(X509CertInfo.SERIAL_NUMBER, info.setSerialNumber(CertificateSerialNumber.newRandom64bit(prng));
CertificateSerialNumber.newRandom64bit(prng)); info.setSubject(myname);
info.set(X509CertInfo.SUBJECT, myname); info.setKey(new CertificateX509Key(publicKey));
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey)); info.setValidity(interval);
info.set(X509CertInfo.VALIDITY, interval);
if (signerFlag) { if (signerFlag) {
// use signer's subject name to set the issuer name // use signer's subject name to set the issuer name
info.set(X509CertInfo.ISSUER, signerSubjectName); info.setIssuer(signerSubjectName);
} else { } else {
info.set(X509CertInfo.ISSUER, myname); info.setIssuer(myname);
} }
if (ext != null) info.set(X509CertInfo.EXTENSIONS, ext); if (ext != null) info.setExtensions(ext);
cert = new X509CertImpl(info); cert = new X509CertImpl(info);
if (signerFlag) { if (signerFlag) {

84
src/java.base/share/classes/sun/security/tools/keytool/Main.java
View file

@ -1451,10 +1451,8 @@ public final class Main {
Certificate signerCert = keyStore.getCertificate(alias); Certificate signerCert = keyStore.getCertificate(alias);
byte[] encoded = signerCert.getEncoded(); byte[] encoded = signerCert.getEncoded();
X509CertImpl signerCertImpl = new X509CertImpl(encoded); X509CertImpl signerCertImpl = new X509CertImpl(encoded);
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( X509CertInfo signerCertInfo = signerCertImpl.getInfo();
X509CertImpl.NAME + "." + X509CertImpl.INFO); X500Name issuer = signerCertInfo.getSubject();
X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
X509CertInfo.DN_NAME);
Date firstDate = getStartDate(startDate); Date firstDate = getStartDate(startDate);
Date lastDate = getLastDate(firstDate, validity); Date lastDate = getLastDate(firstDate, validity);
@ -1467,12 +1465,10 @@ public final class Main {
sigAlgName = getCompatibleSigAlgName(privateKey); sigAlgName = getCompatibleSigAlgName(privateKey);
} }
X509CertInfo info = new X509CertInfo(); X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VALIDITY, interval); info.setValidity(interval);
info.set(X509CertInfo.SERIAL_NUMBER, info.setSerialNumber(CertificateSerialNumber.newRandom64bit(new SecureRandom()));
CertificateSerialNumber.newRandom64bit(new SecureRandom())); info.setVersion(new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.VERSION, info.setIssuer(issuer);
new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.ISSUER, issuer);
BufferedReader reader = new BufferedReader(new InputStreamReader(in)); BufferedReader reader = new BufferedReader(new InputStreamReader(in));
boolean canRead = false; boolean canRead = false;
@ -1498,9 +1494,8 @@ public final class Main {
req.getSubjectPublicKeyInfo(), null, null, null); req.getSubjectPublicKeyInfo(), null, null, null);
checkWeakConstraint(rb.getString("the.certificate.request"), req, cpcp); checkWeakConstraint(rb.getString("the.certificate.request"), req, cpcp);
info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo())); info.setKey(new CertificateX509Key(req.getSubjectPublicKeyInfo()));
info.set(X509CertInfo.SUBJECT, info.setSubject(dname==null ? req.getSubjectName() : new X500Name(dname));
dname==null?req.getSubjectName():new X500Name(dname));
CertificateExtensions reqex = null; CertificateExtensions reqex = null;
for (PKCS10Attribute attr : req.getAttributes().getAttributes()) { for (PKCS10Attribute attr : req.getAttributes().getAttributes()) {
if (attr.getAttributeId().equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) { if (attr.getAttributeId().equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) {
@ -1540,7 +1535,7 @@ public final class Main {
v3ext, v3ext,
subjectPubKey, subjectPubKey,
signerSubjectKeyId); signerSubjectKeyId);
info.set(X509CertInfo.EXTENSIONS, ext); info.setExtensions(ext);
X509CertImpl cert = new X509CertImpl(info); X509CertImpl cert = new X509CertImpl(info);
cert.sign(privateKey, sigAlgName); cert.sign(privateKey, sigAlgName);
dumpCert(cert, out); dumpCert(cert, out);
@ -1567,10 +1562,8 @@ public final class Main {
Certificate signerCert = keyStore.getCertificate(alias); Certificate signerCert = keyStore.getCertificate(alias);
byte[] encoded = signerCert.getEncoded(); byte[] encoded = signerCert.getEncoded();
X509CertImpl signerCertImpl = new X509CertImpl(encoded); X509CertImpl signerCertImpl = new X509CertImpl(encoded);
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( X509CertInfo signerCertInfo = signerCertImpl.getInfo();
X509CertImpl.NAME + "." + X509CertImpl.INFO); X500Name owner = signerCertInfo.getSubject();
X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
X509CertInfo.DN_NAME);
Date firstDate = getStartDate(startDate); Date firstDate = getStartDate(startDate);
Date lastDate = getLastDate(firstDate, validity); Date lastDate = getLastDate(firstDate, validity);
@ -1589,7 +1582,7 @@ public final class Main {
int d = id.indexOf(':'); int d = id.indexOf(':');
if (d >= 0) { if (d >= 0) {
CRLExtensions ext = new CRLExtensions(); CRLExtensions ext = new CRLExtensions();
ext.set("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1)))); ext.setExtension("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1))));
badCerts[i] = new X509CRLEntryImpl(new BigInteger(id.substring(0, d)), badCerts[i] = new X509CRLEntryImpl(new BigInteger(id.substring(0, d)),
firstDate, ext); firstDate, ext);
} else { } else {
@ -1970,10 +1963,8 @@ public final class Main {
signerCertImpl = new X509CertImpl(signerCert.getEncoded()); signerCertImpl = new X509CertImpl(signerCert.getEncoded());
} }
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( X509CertInfo signerCertInfo = signerCertImpl.getInfo();
X509CertImpl.NAME + "." + X509CertImpl.INFO); X500Name signerSubjectName = signerCertInfo.getSubject();
X500Name signerSubjectName = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
X509CertInfo.DN_NAME);
keypair = new CertAndKeyGen(keyAlgName, sigAlgName, providerName, keypair = new CertAndKeyGen(keyAlgName, sigAlgName, providerName,
signerPrivateKey, signerSubjectName); signerPrivateKey, signerSubjectName);
@ -2066,7 +2057,7 @@ public final class Main {
* Clones an entry * Clones an entry
* @param orig original alias * @param orig original alias
* @param dest destination alias * @param dest destination alias
* @changePassword if the password can be changed * @param changePassword if the password can be changed
*/ */
private void doCloneEntry(String orig, String dest, boolean changePassword) private void doCloneEntry(String orig, String dest, boolean changePassword)
throws Exception throws Exception
@ -2666,8 +2657,7 @@ public final class Main {
CRLDistributionPointsExtension ext = CRLDistributionPointsExtension ext =
X509CertImpl.toImpl(cert).getCRLDistributionPointsExtension(); X509CertImpl.toImpl(cert).getCRLDistributionPointsExtension();
if (ext == null) return crls; if (ext == null) return crls;
List<DistributionPoint> distPoints = List<DistributionPoint> distPoints = ext.getDistributionPoints();
ext.get(CRLDistributionPointsExtension.POINTS);
for (DistributionPoint o: distPoints) { for (DistributionPoint o: distPoints) {
GeneralNames names = o.getFullName(); GeneralNames names = o.getFullName();
if (names != null) { if (names != null) {
@ -3202,47 +3192,41 @@ public final class Main {
// (no public APIs available yet) // (no public APIs available yet)
byte[] encoded = oldCert.getEncoded(); byte[] encoded = oldCert.getEncoded();
X509CertImpl certImpl = new X509CertImpl(encoded); X509CertImpl certImpl = new X509CertImpl(encoded);
X509CertInfo certInfo = (X509CertInfo)certImpl.get(X509CertImpl.NAME X509CertInfo certInfo = certImpl.getInfo();
+ "." +
X509CertImpl.INFO);
// Extend its validity // Extend its validity
Date firstDate = getStartDate(startDate); Date firstDate = getStartDate(startDate);
Date lastDate = getLastDate(firstDate, validity); Date lastDate = getLastDate(firstDate, validity);
CertificateValidity interval = new CertificateValidity(firstDate, CertificateValidity interval = new CertificateValidity(firstDate,
lastDate); lastDate);
certInfo.set(X509CertInfo.VALIDITY, interval); certInfo.setValidity(interval);
// Make new serial number // Make new serial number
certInfo.set(X509CertInfo.SERIAL_NUMBER, certInfo.setSerialNumber(
CertificateSerialNumber.newRandom64bit(new SecureRandom())); CertificateSerialNumber.newRandom64bit(new SecureRandom()));
// Set owner and issuer fields // Set owner and issuer fields
X500Name owner; X500Name owner;
if (dname == null) { if (dname == null) {
// Get the owner name from the certificate // Get the owner name from the certificate
owner = (X500Name)certInfo.get(X509CertInfo.SUBJECT + "." + owner = certInfo.getSubject();
X509CertInfo.DN_NAME);
} else { } else {
// Use the owner name specified at the command line // Use the owner name specified at the command line
owner = new X500Name(dname); owner = new X500Name(dname);
certInfo.set(X509CertInfo.SUBJECT + "." + certInfo.setSubject(owner);
X509CertInfo.DN_NAME, owner);
} }
// Make issuer same as owner (self-signed!) // Make issuer same as owner (self-signed!)
certInfo.set(X509CertInfo.ISSUER + "." + certInfo.setIssuer(owner);
X509CertInfo.DN_NAME, owner);
certInfo.set(X509CertInfo.VERSION, certInfo.setVersion(new CertificateVersion(CertificateVersion.V3));
new CertificateVersion(CertificateVersion.V3));
CertificateExtensions ext = createV3Extensions( CertificateExtensions ext = createV3Extensions(
null, null,
(CertificateExtensions)certInfo.get(X509CertInfo.EXTENSIONS), certInfo.getExtensions(),
v3ext, v3ext,
oldCert.getPublicKey(), oldCert.getPublicKey(),
null); null);
certInfo.set(X509CertInfo.EXTENSIONS, ext); certInfo.setExtensions(ext);
// Sign the new certificate // Sign the new certificate
X509CertImpl newCert = new X509CertImpl(certInfo); X509CertImpl newCert = new X509CertImpl(certInfo);
newCert.sign(privKey, sigAlgName); newCert.sign(privKey, sigAlgName);
@ -3505,7 +3489,7 @@ public final class Main {
/** /**
* Prompts user for an input string from the command line (System.in) * Prompts user for an input string from the command line (System.in)
* @prompt the prompt string printed * @param prompt the prompt string printed
* @return the string entered by the user, without the \n at the end * @return the string entered by the user, without the \n at the end
*/ */
private String inputStringFromStdin(String prompt) throws Exception { private String inputStringFromStdin(String prompt) throws Exception {
@ -3634,11 +3618,8 @@ public final class Main {
out.println(form.format(source)); out.println(form.format(source));
if (cert instanceof X509CertImpl impl) { if (cert instanceof X509CertImpl impl) {
X509CertInfo certInfo = (X509CertInfo)impl.get(X509CertImpl.NAME X509CertInfo certInfo = impl.getInfo();
+ "." + CertificateExtensions exts = certInfo.getExtensions();
X509CertImpl.INFO);
CertificateExtensions exts = (CertificateExtensions)
certInfo.get(X509CertInfo.EXTENSIONS);
if (exts != null) { if (exts != null) {
printExtensions(rb.getString("Extensions."), exts, out); printExtensions(rb.getString("Extensions."), exts, out);
} }
@ -4506,9 +4487,8 @@ public final class Main {
} }
// Add an extension into a CertificateExtensions, always using OID as key // Add an extension into a CertificateExtensions, always using OID as key
private static void setExt(CertificateExtensions result, Extension ex) private static void setExt(CertificateExtensions result, Extension ex) {
throws IOException { result.setExtension(ex.getId(), ex);
result.set(ex.getId(), ex);
} }
/** /**
@ -4568,7 +4548,7 @@ public final class Main {
// translate to all-OID first. // translate to all-OID first.
CertificateExtensions request2 = new CertificateExtensions(); CertificateExtensions request2 = new CertificateExtensions();
for (sun.security.x509.Extension ex: requestedEx.getAllExtensions()) { for (sun.security.x509.Extension ex: requestedEx.getAllExtensions()) {
request2.set(ex.getId(), ex); request2.setExtension(ex.getId(), ex);
} }
for(String extstr: extstrs) { for(String extstr: extstrs) {
if (extstr.toLowerCase(Locale.ENGLISH).startsWith("honored=")) { if (extstr.toLowerCase(Locale.ENGLISH).startsWith("honored=")) {
@ -4609,7 +4589,7 @@ public final class Main {
} }
String n = findOidForExtName(type).toString(); String n = findOidForExtName(type).toString();
if (add) { if (add) {
Extension e = request2.get(n); Extension e = request2.getExtension(n);
if (!e.isCritical() && action == 0 if (!e.isCritical() && action == 0
|| e.isCritical() && action == 1) { || e.isCritical() && action == 1) {
e = Extension.newExtension( e = Extension.newExtension(

3
src/java.base/share/classes/sun/security/validator/SimpleValidator.java
View file

@ -308,8 +308,7 @@ public final class SimpleValidator extends Validator {
.toByteArray(); .toByteArray();
ext = new NetscapeCertTypeExtension(encoded); ext = new NetscapeCertTypeExtension(encoded);
} }
Boolean val = ext.get(type); return ext.get(type);
return val.booleanValue();
} catch (IOException e) { } catch (IOException e) {
return false; return false;
} }

49
src/java.base/share/classes/sun/security/x509/AttributeNameEnumeration.java
View file

@ -1,49 +0,0 @@
/*
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.x509;
import java.util.Vector;
/**
* <p>This class provides the Enumeration implementation used
* by all the X509 certificate attributes to return the attribute
* names contained within them.
*
* @author Amit Kapoor
* @author Hemma Prafullchandra
*/
public class AttributeNameEnumeration extends Vector<String> {
@java.io.Serial
private static final long serialVersionUID = -6067440240757099134L;
/**
* The default constructor for this class.
*/
public AttributeNameEnumeration() {
super(4,2);
}
}

50
src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java
View file

@ -63,20 +63,9 @@ import sun.security.util.DerValue;
*/ */
public class AuthorityInfoAccessExtension extends Extension public class AuthorityInfoAccessExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.AuthorityInfoAccess";
/**
* Attribute name.
*/
public static final String NAME = "AuthorityInfoAccess"; public static final String NAME = "AuthorityInfoAccess";
public static final String DESCRIPTIONS = "descriptions";
/** /**
* The List of AccessDescription objects. * The List of AccessDescription objects.
@ -136,7 +125,7 @@ public class AuthorityInfoAccessExtension extends Extension
} }
/** /**
* Return the name of this attribute. * Return the name of this extension.
*/ */
@Override @Override
public String getName() { public String getName() {
@ -159,40 +148,7 @@ public class AuthorityInfoAccessExtension extends Extension
super.encode(out); super.encode(out);
} }
/** // Encode this extension value
* Set the attribute value.
*/
@SuppressWarnings("unchecked") // Checked with an instanceof check
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(DESCRIPTIONS)) {
if (!(obj instanceof List)) {
throw new IOException("Attribute value should be of type List.");
}
accessDescriptions = (List<AccessDescription>)obj;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:AuthorityInfoAccessExtension.");
}
encodeThis();
}
/**
* Get the attribute value.
*/
public List<AccessDescription> get(String name) throws IOException {
if (name.equalsIgnoreCase(DESCRIPTIONS)) {
return accessDescriptions;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:AuthorityInfoAccessExtension.");
}
}
// Encode this extension value
private void encodeThis() throws IOException { private void encodeThis() throws IOException {
if (accessDescriptions.isEmpty()) { if (accessDescriptions.isEmpty()) {
this.extensionValue = null; this.extensionValue = null;

69
src/java.base/share/classes/sun/security/x509/AuthorityKeyIdentifierExtension.java
View file

@ -53,20 +53,9 @@ import sun.security.util.*;
* @see CertAttrSet * @see CertAttrSet
*/ */
public class AuthorityKeyIdentifierExtension extends Extension public class AuthorityKeyIdentifierExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.AuthorityKeyIdentifier";
/**
* Attribute names.
*/
public static final String NAME = "AuthorityKeyIdentifier"; public static final String NAME = "AuthorityKeyIdentifier";
public static final String KEY_ID = "key_id";
public static final String AUTH_NAME = "auth_name";
public static final String SERIAL_NUMBER = "serial_number";
// Private data members // Private data members
private static final byte TAG_ID = 0; private static final byte TAG_ID = 0;
@ -226,59 +215,25 @@ implements CertAttrSet<String> {
super.encode(out); super.encode(out);
} }
/** public KeyIdentifier getKeyIdentifier() {
* Set the attribute value. return id;
*/
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(KEY_ID)) {
if (!(obj instanceof KeyIdentifier)) {
throw new IOException("Attribute value should be of " +
"type KeyIdentifier.");
}
id = (KeyIdentifier)obj;
} else if (name.equalsIgnoreCase(AUTH_NAME)) {
if (!(obj instanceof GeneralNames)) {
throw new IOException("Attribute value should be of " +
"type GeneralNames.");
}
names = (GeneralNames)obj;
} else if (name.equalsIgnoreCase(SERIAL_NUMBER)) {
if (!(obj instanceof SerialNumber)) {
throw new IOException("Attribute value should be of " +
"type SerialNumber.");
}
serialNum = (SerialNumber)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:AuthorityKeyIdentifier.");
}
encodeThis();
} }
/** public GeneralNames getAuthName() {
* Get the attribute value. return names;
*/ }
public Object get(String name) throws IOException {
if (name.equalsIgnoreCase(KEY_ID)) { public SerialNumber getSerialNumber() {
return (id); return serialNum;
} else if (name.equalsIgnoreCase(AUTH_NAME)) {
return (names);
} else if (name.equalsIgnoreCase(SERIAL_NUMBER)) {
return (serialNum);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:AuthorityKeyIdentifier.");
}
} }
/** /**
* Return the name of this attribute. * Return the name of this extension.
*/ */
@Override @Override
public String getName() { public String getName() {
return (NAME); return NAME;
} }
/** /**

58
src/java.base/share/classes/sun/security/x509/BasicConstraintsExtension.java
View file

@ -49,18 +49,9 @@ import sun.security.util.*;
* @see Extension * @see Extension
*/ */
public class BasicConstraintsExtension extends Extension public class BasicConstraintsExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.BasicConstraints";
/**
* Attribute names.
*/
public static final String NAME = "BasicConstraints"; public static final String NAME = "BasicConstraints";
public static final String IS_CA = "is_ca";
public static final String PATH_LEN = "path_len";
// Private data members // Private data members
private boolean ca = false; private boolean ca = false;
@ -198,48 +189,19 @@ implements CertAttrSet<String> {
super.encode(out); super.encode(out);
} }
/** public boolean isCa() {
* Set the attribute value. return ca;
*/ }
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(IS_CA)) { public int getPathLen() {
if (!(obj instanceof Boolean)) { return pathLen;
throw new IOException("Attribute value should be of type Boolean.");
}
ca = ((Boolean)obj).booleanValue();
} else if (name.equalsIgnoreCase(PATH_LEN)) {
if (!(obj instanceof Integer)) {
throw new IOException("Attribute value should be of type Integer.");
}
pathLen = ((Integer)obj).intValue();
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:BasicConstraints.");
}
encodeThis();
} }
/** /**
* Get the attribute value. * Return the name of this extension.
*/
public Object get(String name) throws IOException {
if (name.equalsIgnoreCase(IS_CA)) {
return (Boolean.valueOf(ca));
} else if (name.equalsIgnoreCase(PATH_LEN)) {
return (Integer.valueOf(pathLen));
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:BasicConstraints.");
}
}
/**
* Return the name of this attribute.
*/ */
@Override @Override
public String getName() { public String getName() {
return (NAME); return NAME;
} }
} }

47
src/java.base/share/classes/sun/security/x509/CRLDistributionPointsExtension.java
View file

@ -79,20 +79,9 @@ import sun.security.util.ObjectIdentifier;
* @see CertAttrSet * @see CertAttrSet
*/ */
public class CRLDistributionPointsExtension extends Extension public class CRLDistributionPointsExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.CRLDistributionPoints";
/**
* Attribute name.
*/
public static final String NAME = "CRLDistributionPoints"; public static final String NAME = "CRLDistributionPoints";
public static final String POINTS = "points";
/** /**
* The List of DistributionPoint objects. * The List of DistributionPoint objects.
@ -185,7 +174,7 @@ public class CRLDistributionPointsExtension extends Extension
} }
/** /**
* Return the name of this attribute. * Return the name of this extension.
*/ */
@Override @Override
public String getName() { public String getName() {
@ -218,35 +207,11 @@ public class CRLDistributionPointsExtension extends Extension
super.encode(out); super.encode(out);
} }
/** /**
* Set the attribute value. * Get the DistributionPoint value.
*/ */
@SuppressWarnings("unchecked") // Checked with instanceof public List<DistributionPoint> getDistributionPoints() {
public void set(String name, Object obj) throws IOException { return distributionPoints;
if (name.equalsIgnoreCase(POINTS)) {
if (!(obj instanceof List)) {
throw new IOException("Attribute value should be of type List.");
}
distributionPoints = (List<DistributionPoint>)obj;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:" + extensionName + '.');
}
encodeThis();
}
/**
* Get the attribute value.
*/
public List<DistributionPoint> get(String name) throws IOException {
if (name.equalsIgnoreCase(POINTS)) {
return distributionPoints;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:" + extensionName + '.');
}
} }

25
src/java.base/share/classes/sun/security/x509/CRLExtensions.java
View file

@ -32,7 +32,6 @@ import java.lang.reflect.InvocationTargetException;
import java.security.cert.CRLException; import java.security.cert.CRLException;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.Enumeration;
import java.util.Map; import java.util.Map;
import java.util.TreeMap; import java.util.TreeMap;
@ -169,15 +168,14 @@ public class CRLExtensions {
* *
* @param alias the identifier string for the extension to retrieve. * @param alias the identifier string for the extension to retrieve.
*/ */
public Extension get(String alias) { public Extension getExtension(String alias) {
X509AttributeName attr = new X509AttributeName(alias);
String name; String name;
String id = attr.getPrefix(); if (alias.startsWith(X509CertImpl.NAME)) {
if (id.equalsIgnoreCase(X509CertImpl.NAME)) { // fully qualified
int index = alias.lastIndexOf('.'); int index = alias.lastIndexOf('.');
name = alias.substring(index + 1); name = alias.substring(index + 1);
} else } else {
name = alias; name = alias;
}
return map.get(name); return map.get(name);
} }
@ -185,11 +183,10 @@ public class CRLExtensions {
* Set the extension value with this alias. * Set the extension value with this alias.
* *
* @param alias the identifier string for the extension to set. * @param alias the identifier string for the extension to set.
* @param obj the Object to set the extension identified by the * @param ext the extension identified by the alias.
* alias.
*/ */
public void set(String alias, Object obj) { public void setExtension(String alias, Extension ext) {
map.put(alias, (Extension)obj); map.put(alias, ext);
} }
/** /**
@ -201,14 +198,6 @@ public class CRLExtensions {
map.remove(alias); map.remove(alias);
} }
/**
* Return an enumeration of the extensions.
* @return an enumeration of the extensions in this CRL.
*/
public Enumeration<Extension> getElements() {
return Collections.enumeration(map.values());
}
/** /**
* Return a collection view of the extensions. * Return a collection view of the extensions.
* @return a collection view of the extensions in this CRL. * @return a collection view of the extensions in this CRL.

37
src/java.base/share/classes/sun/security/x509/CRLNumberExtension.java
View file

@ -44,13 +44,9 @@ import sun.security.util.*;
* @see CertAttrSet * @see CertAttrSet
*/ */
public class CRLNumberExtension extends Extension public class CRLNumberExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Attribute name.
*/
public static final String NAME = "CRLNumber"; public static final String NAME = "CRLNumber";
public static final String NUMBER = "value";
private static final String LABEL = "CRL Number"; private static final String LABEL = "CRL Number";
@ -135,31 +131,10 @@ implements CertAttrSet<String> {
} }
/** /**
* Set the attribute value. * Get the crlNumber value.
*/ */
public void set(String name, Object obj) throws IOException { public BigInteger getCrlNumber() {
if (name.equalsIgnoreCase(NUMBER)) { return crlNumber;
if (!(obj instanceof BigInteger)) {
throw new IOException("Attribute must be of type BigInteger.");
}
crlNumber = (BigInteger)obj;
} else {
throw new IOException("Attribute name not recognized by" +
" CertAttrSet:" + extensionName + '.');
}
encodeThis();
}
/**
* Get the attribute value.
*/
public BigInteger get(String name) throws IOException {
if (name.equalsIgnoreCase(NUMBER)) {
return crlNumber;
} else {
throw new IOException("Attribute name not recognized by" +
" CertAttrSet:" + extensionName + '.');
}
} }
@ -206,10 +181,10 @@ implements CertAttrSet<String> {
/** /**
* Return the name of this attribute. * Return the name of this extension.
*/ */
@Override @Override
public String getName() { public String getName() {
return (extensionName); return extensionName;
} }
} }

41
src/java.base/share/classes/sun/security/x509/CRLReasonCodeExtension.java
View file

@ -39,13 +39,9 @@ import sun.security.util.*;
* @see CertAttrSet * @see CertAttrSet
*/ */
public class CRLReasonCodeExtension extends Extension public class CRLReasonCodeExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Attribute name
*/
public static final String NAME = "CRLReasonCode"; public static final String NAME = "CRLReasonCode";
public static final String REASON = "reason";
private static final CRLReason[] values = CRLReason.values(); private static final CRLReason[] values = CRLReason.values();
@ -102,35 +98,6 @@ public class CRLReasonCodeExtension extends Extension
this.reasonCode = val.getEnumerated(); this.reasonCode = val.getEnumerated();
} }
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof Integer)) {
throw new IOException("Attribute must be of type Integer.");
}
if (name.equalsIgnoreCase(REASON)) {
reasonCode = ((Integer)obj).intValue();
} else {
throw new IOException
("Name not supported by CRLReasonCodeExtension");
}
encodeThis();
}
/**
* Get the attribute value.
*/
public Integer get(String name) throws IOException {
if (name.equalsIgnoreCase(REASON)) {
return reasonCode;
} else {
throw new IOException
("Name not supported by CRLReasonCodeExtension");
}
}
/** /**
* Returns a printable representation of the Reason code. * Returns a printable representation of the Reason code.
*/ */
@ -156,7 +123,7 @@ public class CRLReasonCodeExtension extends Extension
/** /**
* Return the name of this attribute. * Return the name of this extension.
*/ */
@Override @Override
public String getName() { public String getName() {
@ -174,4 +141,8 @@ public class CRLReasonCodeExtension extends Extension
return CRLReason.UNSPECIFIED; return CRLReason.UNSPECIFIED;
} }
} }
public int getReason() {
return reasonCode;
}
} }

50
src/java.base/share/classes/sun/security/x509/CertAttrSet.java
View file

@ -28,57 +28,17 @@ package sun.security.x509;
import sun.security.util.DerOutputStream; import sun.security.util.DerOutputStream;
import java.io.IOException; import java.io.IOException;
import java.security.cert.CertificateException;
/** /**
* This interface defines the methods required of a certificate attribute. * This interface defines a certificate attribute that can be DER-encoded.
* Examples of X.509 certificate attributes are Validity, Issuer_Name, and
* Subject Name. A CertAttrSet may comprise one attribute or many
* attributes.
* <p>
* A CertAttrSet itself can also be comprised of other sub-sets.
* In the case of X.509 V3 certificates, for example, the "extensions"
* attribute has subattributes, such as those for KeyUsage and
* AuthorityKeyIdentifier.
*
* @author Amit Kapoor
* @author Hemma Prafullchandra
* @see CertificateException
*/ */
public interface CertAttrSet<T> { public interface CertAttrSet {
/** /**
* Encodes the attribute to the output stream in a format * Encodes the attribute to the output stream.
* that can be parsed by the <code>decode</code> method.
* *
* @param out the DerOutputStream to encode the attribute to. * @param out the DerOutputStream to encode the attribute to.
* * @exception IOException on write errors.
* @exception CertificateException on encoding or validity errors.
* @exception IOException on other errors.
*/ */
void encode(DerOutputStream out) void encode(DerOutputStream out) throws IOException;
throws CertificateException, IOException;
/**
* Sets an attribute value within this CertAttrSet.
*
* @param name the name of the attribute (e.g. "x509.info.key")
* @param obj the attribute object.
*
* @exception CertificateException on attribute handling errors.
* @exception IOException on other errors.
*/
void set(String name, Object obj)
throws CertificateException, IOException;
/**
* Gets an attribute value for this CertAttrSet.
*
* @param name the name of the attribute to return.
*
* @exception CertificateException on attribute handling errors.
* @exception IOException on other errors.
*/
Object get(String name)
throws CertificateException, IOException;
} }

45
src/java.base/share/classes/sun/security/x509/CertificateAlgorithmId.java
View file

@ -36,27 +36,11 @@ import sun.security.util.*;
* @author Amit Kapoor * @author Amit Kapoor
* @author Hemma Prafullchandra * @author Hemma Prafullchandra
*/ */
public class CertificateAlgorithmId implements CertAttrSet<String> { public class CertificateAlgorithmId implements CertAttrSet {
private AlgorithmId algId; private AlgorithmId algId;
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.algorithmID";
/**
* Sub attributes name for this CertAttrSet.
*/
public static final String NAME = "algorithmID"; public static final String NAME = "algorithmID";
/**
* Identifier to be used with get, set, and delete methods. When
* using this identifier the associated object being passed in or
* returned is an instance of AlgorithmId.
* @see sun.security.x509.AlgorithmId
*/
public static final String ALGORITHM = "algorithm";
/** /**
* Default constructor for the certificate attribute. * Default constructor for the certificate attribute.
* *
@ -109,30 +93,9 @@ public class CertificateAlgorithmId implements CertAttrSet<String> {
} }
/** /**
* Set the attribute value. * Get the AlgorithmId value.
*/ */
public void set(String name, Object obj) throws IOException { public AlgorithmId getAlgId() throws IOException {
if (!(obj instanceof AlgorithmId)) { return algId;
throw new IOException("Attribute must be of type AlgorithmId.");
}
if (name.equalsIgnoreCase(ALGORITHM)) {
algId = (AlgorithmId)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateAlgorithmId.");
}
} }
/**
* Get the attribute value.
*/
public AlgorithmId get(String name) throws IOException {
if (name.equalsIgnoreCase(ALGORITHM)) {
return (algId);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateAlgorithmId.");
}
}
} }

57
src/java.base/share/classes/sun/security/x509/CertificateExtensions.java
View file

@ -40,15 +40,8 @@ import sun.security.util.*;
* @author Hemma Prafullchandra * @author Hemma Prafullchandra
* @see CertAttrSet * @see CertAttrSet
*/ */
public class CertificateExtensions implements CertAttrSet<Extension> { public class CertificateExtensions implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions";
/**
* name
*/
public static final String NAME = "extensions"; public static final String NAME = "extensions";
private static final Debug debug = Debug.getInstance("x509"); private static final Debug debug = Debug.getInstance("x509");
@ -148,8 +141,7 @@ public class CertificateExtensions implements CertAttrSet<Extension> {
* @exception IOException on errors. * @exception IOException on errors.
*/ */
@Override @Override
public void encode(DerOutputStream out) public void encode(DerOutputStream out) throws IOException {
throws CertificateException, IOException {
encode(out, false); encode(out, false);
} }
@ -162,7 +154,7 @@ public class CertificateExtensions implements CertAttrSet<Extension> {
* @exception IOException on errors. * @exception IOException on errors.
*/ */
public void encode(DerOutputStream out, boolean isCertReq) public void encode(DerOutputStream out, boolean isCertReq)
throws CertificateException, IOException { throws IOException {
DerOutputStream extOut = new DerOutputStream(); DerOutputStream extOut = new DerOutputStream();
for (Extension ext : map.values()) { for (Extension ext : map.values()) {
ext.encode(extOut); ext.encode(extOut);
@ -179,40 +171,34 @@ public class CertificateExtensions implements CertAttrSet<Extension> {
} }
/** /**
* Set the attribute value. * Set the extension value.
* @param name the extension name used in the cache. * @param name the extension name used in the cache.
* @param obj the object to set. * @param ext the extension to set.
* @exception IOException if the object could not be cached.
*/ */
public void set(String name, Object obj) throws IOException { public void setExtension(String name, Extension ext) {
if (obj instanceof Extension) { map.put(name, ext);
map.put(name, (Extension)obj);
} else {
throw new IOException("Unknown extension type.");
}
} }
/** /**
* Get the attribute value. * Get the extension with this alias.
* @param name the extension name used in the lookup. *
* @exception IOException if named extension is not found. * @param alias the identifier string for the extension to retrieve.
* Could be one of "x509.info.extensions.ExtensionName",
* "ExtensionName", "2.3.4.5".
*/ */
public Extension get(String name) throws IOException { public Extension getExtension(String alias) {
Extension obj = map.get(name); String name;
if (obj == null) { if (alias.startsWith(X509CertImpl.NAME)) {
throw new IOException("No extension found with name " + name); int index = alias.lastIndexOf('.');
name = alias.substring(index + 1);
} else {
name = alias;
} }
return (obj);
}
// Similar to get(String), but throw no exception, might return null.
// Used in X509CertImpl::getExtension(OID).
Extension getExtension(String name) {
return map.get(name); return map.get(name);
} }
/** /**
* Delete the attribute value. * Delete the extension value.
* @param name the extension name used in the lookup. * @param name the extension name used in the lookup.
* @exception IOException if named extension is not found. * @exception IOException if named extension is not found.
*/ */
@ -310,5 +296,4 @@ public class CertificateExtensions implements CertAttrSet<Extension> {
public String toString() { public String toString() {
return map.toString(); return map.toString();
} }
} }

42
src/java.base/share/classes/sun/security/x509/CertificateIssuerExtension.java
View file

@ -59,13 +59,9 @@ import sun.security.util.DerOutputStream;
* @see CertAttrSet * @see CertAttrSet
*/ */
public class CertificateIssuerExtension extends Extension public class CertificateIssuerExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Attribute names.
*/
public static final String NAME = "CertificateIssuer"; public static final String NAME = "CertificateIssuer";
public static final String ISSUER = "issuer";
private GeneralNames names; private GeneralNames names;
@ -115,40 +111,10 @@ public class CertificateIssuerExtension extends Extension
this.names = new GeneralNames(val); this.names = new GeneralNames(val);
} }
/** public GeneralNames getNames() {
* Set the attribute value. return names;
*
* @throws IOException on error
*/
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(ISSUER)) {
if (!(obj instanceof GeneralNames)) {
throw new IOException("Attribute value must be of type " +
"GeneralNames");
}
this.names = (GeneralNames)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateIssuer");
}
encodeThis();
} }
/**
* Gets the attribute value.
*
* @throws IOException on error
*/
public GeneralNames get(String name) throws IOException {
if (name.equalsIgnoreCase(ISSUER)) {
return names;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateIssuer");
}
}
/** /**
* Returns a printable representation of the certificate issuer. * Returns a printable representation of the certificate issuer.
*/ */
@ -175,7 +141,7 @@ public class CertificateIssuerExtension extends Extension
/** /**
* Return the name of this attribute. * Return the name of this extension.
*/ */
@Override @Override
public String getName() { public String getName() {

146
src/java.base/share/classes/sun/security/x509/CertificateIssuerName.java
View file

@ -1,146 +0,0 @@
/*
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.x509;
import java.io.IOException;
import java.io.InputStream;
import javax.security.auth.x500.X500Principal;
import sun.security.util.*;
/**
* This class defines the X500Name attribute for the Certificate.
*
* @author Amit Kapoor
* @author Hemma Prafullchandra
* @see CertAttrSet
*/
public class CertificateIssuerName implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.issuer";
/**
* Sub attributes name for this CertAttrSet.
*/
public static final String NAME = "issuer";
public static final String DN_NAME = "dname";
// accessor name for cached X500Principal only
// do not allow a set() of this value
public static final String DN_PRINCIPAL = "x500principal";
// Private data member
private X500Name dnName;
// cached X500Principal version of the name
private X500Principal dnPrincipal;
/**
* Default constructor for the certificate attribute.
*
* @param name the X500Name
*/
public CertificateIssuerName(X500Name name) {
this.dnName = name;
}
/**
* Create the object, decoding the values from the passed DER stream.
*
* @param in the DerInputStream to read the X500Name from.
* @exception IOException on decoding errors.
*/
public CertificateIssuerName(DerInputStream in) throws IOException {
dnName = new X500Name(in);
}
/**
* Create the object, decoding the values from the passed stream.
*
* @param in the InputStream to read the X500Name from.
* @exception IOException on decoding errors.
*/
public CertificateIssuerName(InputStream in) throws IOException {
DerValue derVal = new DerValue(in);
dnName = new X500Name(derVal);
}
/**
* Return the name as user readable string.
*/
public String toString() {
if (dnName == null) return "";
return(dnName.toString());
}
/**
* Encode the name in DER form to the stream.
*
* @param out the DerOutputStream to marshal the contents to.
* @exception IOException on errors.
*/
@Override
public void encode(DerOutputStream out) throws IOException {
dnName.encode(out);
}
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof X500Name)) {
throw new IOException("Attribute must be of type X500Name.");
}
if (name.equalsIgnoreCase(DN_NAME)) {
this.dnName = (X500Name)obj;
this.dnPrincipal = null;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateIssuerName.");
}
}
/**
* Get the attribute value.
*/
public Object get(String name) throws IOException {
if (name.equalsIgnoreCase(DN_NAME)) {
return(dnName);
} else if (name.equalsIgnoreCase(DN_PRINCIPAL)) {
if ((dnPrincipal == null) && (dnName != null)) {
dnPrincipal = dnName.asX500Principal();
}
return dnPrincipal;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateIssuerName.");
}
}
}

47
src/java.base/share/classes/sun/security/x509/CertificatePoliciesExtension.java
View file

@ -66,17 +66,9 @@ import sun.security.util.DerOutputStream;
* @see CertAttrSet * @see CertAttrSet
*/ */
public class CertificatePoliciesExtension extends Extension public class CertificatePoliciesExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.CertificatePolicies";
/**
* Attribute names.
*/
public static final String NAME = "CertificatePolicies"; public static final String NAME = "CertificatePolicies";
public static final String POLICIES = "policies";
/** /**
* List of PolicyInformation for this object. * List of PolicyInformation for this object.
@ -187,44 +179,19 @@ implements CertAttrSet<String> {
} }
/** /**
* Set the attribute value. * Get the PolicyInformation value.
*/ */
@SuppressWarnings("unchecked") // Checked with an instanceof check public List<PolicyInformation> getCertPolicies() {
public void set(String name, Object obj) throws IOException { return certPolicies;
if (name.equalsIgnoreCase(POLICIES)) {
if (!(obj instanceof List)) {
throw new IOException("Attribute value should be of type List.");
}
certPolicies = (List<PolicyInformation>)obj;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:CertificatePoliciesExtension.");
}
encodeThis();
}
/**
* Get the attribute value.
*/
public List<PolicyInformation> get(String name) throws IOException {
if (name.equalsIgnoreCase(POLICIES)) {
//XXXX May want to consider cloning this
return certPolicies;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:CertificatePoliciesExtension.");
}
} }
/** /**
* Return the name of this attribute. * Return the name of this extension.
*/ */
@Override @Override
public String getName() { public String getName() {
return (NAME); return NAME;
} }
} }

40
src/java.base/share/classes/sun/security/x509/CertificateSerialNumber.java
View file

@ -38,18 +38,9 @@ import sun.security.util.*;
* @author Hemma Prafullchandra * @author Hemma Prafullchandra
* @see CertAttrSet * @see CertAttrSet
*/ */
public class CertificateSerialNumber implements CertAttrSet<String> { public class CertificateSerialNumber implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.serialNumber";
/**
* Sub attributes name for this CertAttrSet.
*/
public static final String NAME = "serialNumber"; public static final String NAME = "serialNumber";
public static final String NUMBER = "number";
private SerialNumber serial; private SerialNumber serial;
@ -106,7 +97,7 @@ public class CertificateSerialNumber implements CertAttrSet<String> {
*/ */
public String toString() { public String toString() {
if (serial == null) return ""; if (serial == null) return "";
return (serial.toString()); return serial.toString();
} }
/** /**
@ -120,31 +111,8 @@ public class CertificateSerialNumber implements CertAttrSet<String> {
serial.encode(out); serial.encode(out);
} }
/** public SerialNumber getSerial() {
* Set the attribute value. return serial;
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof SerialNumber)) {
throw new IOException("Attribute must be of type SerialNumber.");
}
if (name.equalsIgnoreCase(NUMBER)) {
serial = (SerialNumber)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateSerialNumber.");
}
}
/**
* Get the attribute value.
*/
public SerialNumber get(String name) throws IOException {
if (name.equalsIgnoreCase(NUMBER)) {
return (serial);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateSerialNumber.");
}
} }
/** /**

51
src/java.base/share/classes/sun/security/x509/CertificateSubjectName.java
View file

@ -39,21 +39,9 @@ import sun.security.util.*;
* @author Hemma Prafullchandra * @author Hemma Prafullchandra
* @see CertAttrSet * @see CertAttrSet
*/ */
public class CertificateSubjectName implements CertAttrSet<String> { public class CertificateSubjectName implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.subject";
/**
* Sub attributes name for this CertAttrSet.
*/
public static final String NAME = "subject";
public static final String DN_NAME = "dname";
// accessor name for cached X500Principal only public static final String NAME = "subject";
// do not allow a set() of this value
public static final String DN_PRINCIPAL = "x500principal";
// Private data member // Private data member
private X500Name dnName; private X500Name dnName;
@ -96,7 +84,7 @@ public class CertificateSubjectName implements CertAttrSet<String> {
*/ */
public String toString() { public String toString() {
if (dnName == null) return ""; if (dnName == null) return "";
return(dnName.toString()); return dnName.toString();
} }
/** /**
@ -109,37 +97,4 @@ public class CertificateSubjectName implements CertAttrSet<String> {
public void encode(DerOutputStream out) throws IOException { public void encode(DerOutputStream out) throws IOException {
dnName.encode(out); dnName.encode(out);
} }
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof X500Name)) {
throw new IOException("Attribute must be of type X500Name.");
}
if (name.equalsIgnoreCase(DN_NAME)) {
this.dnName = (X500Name)obj;
this.dnPrincipal = null;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateSubjectName.");
}
}
/**
* Get the attribute value.
*/
public Object get(String name) throws IOException {
if (name.equalsIgnoreCase(DN_NAME)) {
return(dnName);
} else if (name.equalsIgnoreCase(DN_PRINCIPAL)) {
if ((dnPrincipal == null) && (dnName != null)) {
dnPrincipal = dnName.asX500Principal();
}
return dnPrincipal;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateSubjectName.");
}
}
} }

52
src/java.base/share/classes/sun/security/x509/CertificateValidity.java
View file

@ -37,18 +37,9 @@ import sun.security.util.*;
* @author Hemma Prafullchandra * @author Hemma Prafullchandra
* @see CertAttrSet * @see CertAttrSet
*/ */
public class CertificateValidity implements CertAttrSet<String> { public class CertificateValidity implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.validity";
/**
* Sub attributes name for this CertAttrSet.
*/
public static final String NAME = "validity"; public static final String NAME = "validity";
public static final String NOT_BEFORE = "notBefore";
public static final String NOT_AFTER = "notAfter";
/** /**
* YR_2050 date and time set to Jan01 00:00 2050 GMT * YR_2050 date and time set to Jan01 00:00 2050 GMT
*/ */
@ -59,13 +50,13 @@ public class CertificateValidity implements CertAttrSet<String> {
private Date notAfter; private Date notAfter;
// Returns the first time the certificate is valid. // Returns the first time the certificate is valid.
private Date getNotBefore() { public Date getNotBefore() {
return (new Date(notBefore.getTime())); return new Date(notBefore.getTime());
} }
// Returns the last time the certificate is valid. // Returns the last time the certificate is valid.
private Date getNotAfter() { public Date getNotAfter() {
return (new Date(notAfter.getTime())); return new Date(notAfter.getTime());
} }
// Construct the class from the DerValue // Construct the class from the DerValue
@ -169,37 +160,6 @@ public class CertificateValidity implements CertAttrSet<String> {
out.write(DerValue.tag_Sequence, pair); out.write(DerValue.tag_Sequence, pair);
} }
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof Date)) {
throw new IOException("Attribute must be of type Date.");
}
if (name.equalsIgnoreCase(NOT_BEFORE)) {
notBefore = (Date)obj;
} else if (name.equalsIgnoreCase(NOT_AFTER)) {
notAfter = (Date)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet: CertificateValidity.");
}
}
/**
* Get the attribute value.
*/
public Date get(String name) throws IOException {
if (name.equalsIgnoreCase(NOT_BEFORE)) {
return (getNotBefore());
} else if (name.equalsIgnoreCase(NOT_AFTER)) {
return (getNotAfter());
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet: CertificateValidity.");
}
}
/** /**
* Verify that the current time is within the validity period. * Verify that the current time is within the validity period.
* *

49
src/java.base/share/classes/sun/security/x509/CertificateVersion.java
View file

@ -37,7 +37,7 @@ import sun.security.util.*;
* @author Hemma Prafullchandra * @author Hemma Prafullchandra
* @see CertAttrSet * @see CertAttrSet
*/ */
public class CertificateVersion implements CertAttrSet<String> { public class CertificateVersion implements CertAttrSet {
/** /**
* X509Certificate Version 1 * X509Certificate Version 1
*/ */
@ -50,23 +50,15 @@ public class CertificateVersion implements CertAttrSet<String> {
* X509Certificate Version 3 * X509Certificate Version 3
*/ */
public static final int V3 = 2; public static final int V3 = 2;
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.version";
/**
* Sub attributes name for this CertAttrSet.
*/
public static final String NAME = "version"; public static final String NAME = "version";
public static final String VERSION = "number";
// Private data members // Private data members
int version = V1; int version = V1;
// Returns the version number. // Returns the version number.
private int getVersion() { public int getVersion() {
return(version); return version;
} }
// Construct the class from the passed DerValue // Construct the class from the passed DerValue
@ -147,7 +139,7 @@ public class CertificateVersion implements CertAttrSet<String> {
* Return the version number of the certificate. * Return the version number of the certificate.
*/ */
public String toString() { public String toString() {
return("Version: V" + (version+1)); return "Version: V" + (version+1);
} }
/** /**
@ -169,37 +161,10 @@ public class CertificateVersion implements CertAttrSet<String> {
tmp); tmp);
} }
/** /**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof Integer)) {
throw new IOException("Attribute must be of type Integer.");
}
if (name.equalsIgnoreCase(VERSION)) {
version = ((Integer)obj).intValue();
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet: CertificateVersion.");
}
}
/**
* Get the attribute value.
*/
public Integer get(String name) throws IOException {
if (name.equalsIgnoreCase(VERSION)) {
return(getVersion());
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet: CertificateVersion.");
}
}
/**
* Compare versions. * Compare versions.
*/ */
public int compare(int vers) { public int compare(int vers) {
return(version - vers); return version - vers;
} }
} }

39
src/java.base/share/classes/sun/security/x509/CertificateX509Key.java
View file

@ -38,17 +38,9 @@ import sun.security.util.*;
* @author Hemma Prafullchandra * @author Hemma Prafullchandra
* @see CertAttrSet * @see CertAttrSet
*/ */
public class CertificateX509Key implements CertAttrSet<String> { public class CertificateX509Key implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.key";
/**
* Sub attributes name for this CertAttrSet.
*/
public static final String NAME = "key"; public static final String NAME = "key";
public static final String KEY = "value";
// Private data member // Private data member
private PublicKey key; private PublicKey key;
@ -89,7 +81,7 @@ public class CertificateX509Key implements CertAttrSet<String> {
*/ */
public String toString() { public String toString() {
if (key == null) return ""; if (key == null) return "";
return(key.toString()); return key.toString();
} }
/** /**
@ -103,28 +95,11 @@ public class CertificateX509Key implements CertAttrSet<String> {
out.write(key.getEncoded()); out.write(key.getEncoded());
} }
/** /**
* Set the attribute value. * Get the PublicKey value.
*/ */
public void set(String name, Object obj) throws IOException { public PublicKey getKey() {
if (name.equalsIgnoreCase(KEY)) { return key;
this.key = (PublicKey)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet: CertificateX509Key.");
}
}
/**
* Get the attribute value.
*/
public PublicKey get(String name) throws IOException {
if (name.equalsIgnoreCase(KEY)) {
return(key);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet: CertificateX509Key.");
}
} }
} }

3
src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java
View file

@ -59,9 +59,6 @@ import java.math.BigInteger;
*/ */
public class DeltaCRLIndicatorExtension extends CRLNumberExtension { public class DeltaCRLIndicatorExtension extends CRLNumberExtension {
/**
* Attribute name.
*/
public static final String NAME = "DeltaCRLIndicator"; public static final String NAME = "DeltaCRLIndicator";
private static final String LABEL = "Base CRL Number"; private static final String LABEL = "Base CRL Number";

47
src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java
View file

@ -77,19 +77,9 @@ import sun.security.util.ObjectIdentifier;
* @since 1.4 * @since 1.4
*/ */
public class ExtendedKeyUsageExtension extends Extension public class ExtendedKeyUsageExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.ExtendedKeyUsage";
/**
* Attribute names.
*/
public static final String NAME = "ExtendedKeyUsage"; public static final String NAME = "ExtendedKeyUsage";
public static final String USAGES = "usages";
/** /**
* Vector of KeyUsages for this object. * Vector of KeyUsages for this object.
@ -207,45 +197,20 @@ implements CertAttrSet<String> {
} }
/** /**
* Set the attribute value. * Get the keyUsages value.
*/ */
@SuppressWarnings("unchecked") // Checked with instanceof public Vector<ObjectIdentifier> getUsages() {
public void set(String name, Object obj) throws IOException { return keyUsages;
if (name.equalsIgnoreCase(USAGES)) {
if (!(obj instanceof Vector)) {
throw new IOException("Attribute value should be of type Vector.");
}
this.keyUsages = (Vector<ObjectIdentifier>)obj;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:ExtendedKeyUsageExtension.");
}
encodeThis();
}
/**
* Get the attribute value.
*/
public Vector<ObjectIdentifier> get(String name) throws IOException {
if (name.equalsIgnoreCase(USAGES)) {
//XXXX May want to consider cloning this
return keyUsages;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:ExtendedKeyUsageExtension.");
}
} }
/** /**
* Return the name of this attribute. * Return the name of this extension.
*/ */
@Override @Override
public String getName() { public String getName() {
return (NAME); return NAME;
} }
public List<String> getExtendedKeyUsage() { public List<String> getExtendedKeyUsage() {

92
src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java
View file

@ -57,15 +57,7 @@ import sun.security.util.*;
* @see Extension * @see Extension
*/ */
public class InhibitAnyPolicyExtension extends Extension public class InhibitAnyPolicyExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
private static final Debug debug = Debug.getInstance("certpath");
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.InhibitAnyPolicy";
/** /**
* Object identifier for "any-policy" * Object identifier for "any-policy"
@ -73,11 +65,7 @@ implements CertAttrSet<String> {
public static ObjectIdentifier AnyPolicy_Id = public static ObjectIdentifier AnyPolicy_Id =
ObjectIdentifier.of(KnownOIDs.CE_CERT_POLICIES_ANY); ObjectIdentifier.of(KnownOIDs.CE_CERT_POLICIES_ANY);
/**
* Attribute names.
*/
public static final String NAME = "InhibitAnyPolicy"; public static final String NAME = "InhibitAnyPolicy";
public static final String SKIP_CERTS = "skip_certs";
// Private data members // Private data members
private int skipCerts = Integer.MAX_VALUE; private int skipCerts = Integer.MAX_VALUE;
@ -145,79 +133,39 @@ implements CertAttrSet<String> {
} }
} }
/**
* Return user readable form of extension.
*/
public String toString() {
return super.toString() + "InhibitAnyPolicy: " + skipCerts + "\n";
}
/**
* Encode this extension value to the output stream.
*
* @param out the DerOutputStream to encode the extension to.
*/
@Override
public void encode(DerOutputStream out) throws IOException {
if (extensionValue == null) {
this.extensionId = PKIXExtensions.InhibitAnyPolicy_Id;
critical = true;
encodeThis();
}
super.encode(out);
}
/** /**
* Set the attribute value. * Return user readable form of extension.
*
* @param name name of attribute to set. Must be SKIP_CERTS.
* @param obj value to which attribute is to be set. Must be Integer
* type.
* @throws IOException on error
*/ */
public void set(String name, Object obj) throws IOException { public String toString() {
if (name.equalsIgnoreCase(SKIP_CERTS)) { return super.toString() + "InhibitAnyPolicy: " + skipCerts + "\n";
if (!(obj instanceof Integer))
throw new IOException("Attribute value should be of type Integer.");
int skipCertsValue = ((Integer)obj).intValue();
if (skipCertsValue < -1)
throw new IOException("Invalid value for skipCerts");
if (skipCertsValue == -1) {
skipCerts = Integer.MAX_VALUE;
} else {
skipCerts = skipCertsValue;
}
} else
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:InhibitAnyPolicy.");
encodeThis();
} }
/** /**
* Get the attribute value. * Encode this extension value to the output stream.
* *
* @param name name of attribute to get. Must be SKIP_CERTS. * @param out the DerOutputStream to encode the extension to.
* @return value of the attribute. In this case it will be of type
* Integer.
* @throws IOException on error
*/ */
public Integer get(String name) throws IOException { @Override
if (name.equalsIgnoreCase(SKIP_CERTS)) public void encode(DerOutputStream out) throws IOException {
return (skipCerts); if (extensionValue == null) {
else this.extensionId = PKIXExtensions.InhibitAnyPolicy_Id;
throw new IOException("Attribute name not recognized by " + critical = true;
"CertAttrSet:InhibitAnyPolicy."); encodeThis();
}
super.encode(out);
} }
public int getSkipCerts() {
return skipCerts;
}
/** /**
* Return the name of this attribute. * Return the name of this extension.
* *
* @return name of attribute. * @return name of extension.
*/ */
@Override @Override
public String getName() { public String getName() {
return (NAME); return NAME;
} }
} }

36
src/java.base/share/classes/sun/security/x509/InvalidityDateExtension.java
View file

@ -56,13 +56,12 @@ import sun.security.util.*;
* @author Sean Mullan * @author Sean Mullan
*/ */
public class InvalidityDateExtension extends Extension public class InvalidityDateExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/** /**
* Attribute name and Reason codes * Attribute name and Reason codes
*/ */
public static final String NAME = "InvalidityDate"; public static final String NAME = "InvalidityDate";
public static final String DATE = "date";
private Date date; private Date date;
@ -118,34 +117,13 @@ public class InvalidityDateExtension extends Extension
} }
/** /**
* Set the attribute value. * Get the Date value.
*/ */
public void set(String name, Object obj) throws IOException { public Date getDate() throws IOException {
if (!(obj instanceof Date)) { if (date == null) {
throw new IOException("Attribute must be of type Date."); return null;
}
if (name.equalsIgnoreCase(DATE)) {
date = (Date) obj;
} else { } else {
throw new IOException return new Date(date.getTime()); // clone
("Name not supported by InvalidityDateExtension");
}
encodeThis();
}
/**
* Get the attribute value.
*/
public Date get(String name) throws IOException {
if (name.equalsIgnoreCase(DATE)) {
if (date == null) {
return null;
} else {
return (new Date(date.getTime())); // clone
}
} else {
throw new IOException
("Name not supported by InvalidityDateExtension");
} }
} }
@ -175,7 +153,7 @@ public class InvalidityDateExtension extends Extension
/** /**
* Return the name of this attribute. * Return the name of this extension.
*/ */
@Override @Override
public String getName() { public String getName() {

48
src/java.base/share/classes/sun/security/x509/IssuerAlternativeNameExtension.java
View file

@ -46,18 +46,9 @@ import sun.security.util.*;
* @see CertAttrSet * @see CertAttrSet
*/ */
public class IssuerAlternativeNameExtension public class IssuerAlternativeNameExtension
extends Extension implements CertAttrSet<String> { extends Extension implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.IssuerAlternativeName";
/**
* Attribute names.
*/
public static final String NAME = "IssuerAlternativeName"; public static final String NAME = "IssuerAlternativeName";
public static final String ISSUER_NAME = "issuer_name";
// private data members // private data members
GeneralNames names; GeneralNames names;
@ -170,42 +161,15 @@ extends Extension implements CertAttrSet<String> {
super.encode(out); super.encode(out);
} }
/** public GeneralNames getNames() {
* Set the attribute value. return names;
*/
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(ISSUER_NAME)) {
if (!(obj instanceof GeneralNames)) {
throw new IOException("Attribute value should be of" +
" type GeneralNames.");
}
names = (GeneralNames)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:IssuerAlternativeName.");
}
encodeThis();
} }
/** /**
* Get the attribute value. * Return the name of this extension.
*/
public GeneralNames get(String name) throws IOException {
if (name.equalsIgnoreCase(ISSUER_NAME)) {
return (names);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:IssuerAlternativeName.");
}
}
/**
* Return the name of this attribute.
*/ */
@Override @Override
public String getName() { public String getName() {
return (NAME); return NAME;
} }
} }

120
src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java
View file

@ -64,25 +64,9 @@ import sun.security.util.DerValue;
* @since 1.6 * @since 1.6
*/ */
public class IssuingDistributionPointExtension extends Extension public class IssuingDistributionPointExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.IssuingDistributionPoint";
/**
* Attribute names.
*/
public static final String NAME = "IssuingDistributionPoint"; public static final String NAME = "IssuingDistributionPoint";
public static final String POINT = "point";
public static final String REASONS = "reasons";
public static final String ONLY_USER_CERTS = "only_user_certs";
public static final String ONLY_CA_CERTS = "only_ca_certs";
public static final String ONLY_ATTRIBUTE_CERTS = "only_attribute_certs";
public static final String INDIRECT_CRL = "indirect_crl";
/* /*
* The distribution point name for the CRL. * The distribution point name for the CRL.
@ -218,7 +202,7 @@ public class IssuingDistributionPointExtension extends Extension
} }
/** /**
* Returns the name of this attribute. * Returns the name of this extension.
*/ */
@Override @Override
public String getName() { public String getName() {
@ -242,90 +226,34 @@ public class IssuingDistributionPointExtension extends Extension
super.encode(out); super.encode(out);
} }
/** public void setRevocationReasons(ReasonFlags val) throws IOException {
* Sets the attribute value. revocationReasons = val;
*/
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(POINT)) {
if (!(obj instanceof DistributionPointName)) {
throw new IOException(
"Attribute value should be of type DistributionPointName.");
}
distributionPoint = (DistributionPointName)obj;
} else if (name.equalsIgnoreCase(REASONS)) {
if (!(obj instanceof ReasonFlags)) {
throw new IOException(
"Attribute value should be of type ReasonFlags.");
}
revocationReasons = (ReasonFlags)obj;
} else if (name.equalsIgnoreCase(INDIRECT_CRL)) {
if (!(obj instanceof Boolean)) {
throw new IOException(
"Attribute value should be of type Boolean.");
}
isIndirectCRL = ((Boolean)obj).booleanValue();
} else if (name.equalsIgnoreCase(ONLY_USER_CERTS)) {
if (!(obj instanceof Boolean)) {
throw new IOException(
"Attribute value should be of type Boolean.");
}
hasOnlyUserCerts = ((Boolean)obj).booleanValue();
} else if (name.equalsIgnoreCase(ONLY_CA_CERTS)) {
if (!(obj instanceof Boolean)) {
throw new IOException(
"Attribute value should be of type Boolean.");
}
hasOnlyCACerts = ((Boolean)obj).booleanValue();
} else if (name.equalsIgnoreCase(ONLY_ATTRIBUTE_CERTS)) {
if (!(obj instanceof Boolean)) {
throw new IOException(
"Attribute value should be of type Boolean.");
}
hasOnlyAttributeCerts = ((Boolean)obj).booleanValue();
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:IssuingDistributionPointExtension.");
}
encodeThis(); encodeThis();
} }
/** public DistributionPointName getDistributionPoint() {
* Gets the attribute value. return distributionPoint;
*/
public Object get(String name) throws IOException {
if (name.equalsIgnoreCase(POINT)) {
return distributionPoint;
} else if (name.equalsIgnoreCase(INDIRECT_CRL)) {
return Boolean.valueOf(isIndirectCRL);
} else if (name.equalsIgnoreCase(REASONS)) {
return revocationReasons;
} else if (name.equalsIgnoreCase(ONLY_USER_CERTS)) {
return Boolean.valueOf(hasOnlyUserCerts);
} else if (name.equalsIgnoreCase(ONLY_CA_CERTS)) {
return Boolean.valueOf(hasOnlyCACerts);
} else if (name.equalsIgnoreCase(ONLY_ATTRIBUTE_CERTS)) {
return Boolean.valueOf(hasOnlyAttributeCerts);
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:IssuingDistributionPointExtension.");
}
} }
public ReasonFlags getRevocationReasons() {
return revocationReasons;
}
public boolean hasOnlyUserCerts() {
return hasOnlyUserCerts;
}
public boolean hasOnlyCACerts() {
return hasOnlyCACerts;
}
public boolean hasOnlyAttributeCerts() {
return hasOnlyAttributeCerts;
}
public boolean isIndirectCRL() {
return isIndirectCRL;
}
// Encodes this extension value // Encodes this extension value
private void encodeThis() throws IOException { private void encodeThis() throws IOException {

40
src/java.base/share/classes/sun/security/x509/KeyUsageExtension.java
View file

@ -44,16 +44,8 @@ import sun.security.util.*;
* @see CertAttrSet * @see CertAttrSet
*/ */
public class KeyUsageExtension extends Extension public class KeyUsageExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.KeyUsage";
/**
* Attribute names.
*/
public static final String NAME = "KeyUsage"; public static final String NAME = "KeyUsage";
public static final String DIGITAL_SIGNATURE = "digital_signature"; public static final String DIGITAL_SIGNATURE = "digital_signature";
public static final String NON_REPUDIATION = "non_repudiation"; public static final String NON_REPUDIATION = "non_repudiation";
@ -183,11 +175,7 @@ implements CertAttrSet<String> {
/** /**
* Set the attribute value. * Set the attribute value.
*/ */
public void set(String name, Object obj) throws IOException { public void set(String name, boolean val) throws IOException {
if (!(obj instanceof Boolean)) {
throw new IOException("Attribute must be of type Boolean.");
}
boolean val = ((Boolean)obj).booleanValue();
if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) { if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) {
set(0,val); set(0,val);
} else if (name.equalsIgnoreCase(NON_REPUDIATION)) { } else if (name.equalsIgnoreCase(NON_REPUDIATION)) {
@ -216,25 +204,25 @@ implements CertAttrSet<String> {
/** /**
* Get the attribute value. * Get the attribute value.
*/ */
public Boolean get(String name) throws IOException { public boolean get(String name) throws IOException {
if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) { if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) {
return Boolean.valueOf(isSet(0)); return isSet(0);
} else if (name.equalsIgnoreCase(NON_REPUDIATION)) { } else if (name.equalsIgnoreCase(NON_REPUDIATION)) {
return Boolean.valueOf(isSet(1)); return isSet(1);
} else if (name.equalsIgnoreCase(KEY_ENCIPHERMENT)) { } else if (name.equalsIgnoreCase(KEY_ENCIPHERMENT)) {
return Boolean.valueOf(isSet(2)); return isSet(2);
} else if (name.equalsIgnoreCase(DATA_ENCIPHERMENT)) { } else if (name.equalsIgnoreCase(DATA_ENCIPHERMENT)) {
return Boolean.valueOf(isSet(3)); return isSet(3);
} else if (name.equalsIgnoreCase(KEY_AGREEMENT)) { } else if (name.equalsIgnoreCase(KEY_AGREEMENT)) {
return Boolean.valueOf(isSet(4)); return isSet(4);
} else if (name.equalsIgnoreCase(KEY_CERTSIGN)) { } else if (name.equalsIgnoreCase(KEY_CERTSIGN)) {
return Boolean.valueOf(isSet(5)); return isSet(5);
} else if (name.equalsIgnoreCase(CRL_SIGN)) { } else if (name.equalsIgnoreCase(CRL_SIGN)) {
return Boolean.valueOf(isSet(6)); return isSet(6);
} else if (name.equalsIgnoreCase(ENCIPHER_ONLY)) { } else if (name.equalsIgnoreCase(ENCIPHER_ONLY)) {
return Boolean.valueOf(isSet(7)); return isSet(7);
} else if (name.equalsIgnoreCase(DECIPHER_ONLY)) { } else if (name.equalsIgnoreCase(DECIPHER_ONLY)) {
return Boolean.valueOf(isSet(8)); return isSet(8);
} else { } else {
throw new IOException("Attribute name not recognized by" throw new IOException("Attribute name not recognized by"
+ " CertAttrSet:KeyUsage."); + " CertAttrSet:KeyUsage.");
@ -305,10 +293,10 @@ implements CertAttrSet<String> {
} }
/** /**
* Return the name of this attribute. * Return the name of this extension.
*/ */
@Override @Override
public String getName() { public String getName() {
return (NAME); return NAME;
} }
} }

67
src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java
View file

@ -60,18 +60,9 @@ import sun.security.pkcs.PKCS9Attribute;
* @see CertAttrSet * @see CertAttrSet
*/ */
public class NameConstraintsExtension extends Extension public class NameConstraintsExtension extends Extension
implements CertAttrSet<String>, Cloneable { implements CertAttrSet, Cloneable {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.NameConstraints";
/**
* Attribute names.
*/
public static final String NAME = "NameConstraints"; public static final String NAME = "NameConstraints";
public static final String PERMITTED_SUBTREES = "permitted_subtrees";
public static final String EXCLUDED_SUBTREES = "excluded_subtrees";
// Private data members // Private data members
private static final byte TAG_PERMITTED = 0; private static final byte TAG_PERMITTED = 0;
@ -244,51 +235,20 @@ implements CertAttrSet<String>, Cloneable {
super.encode(out); super.encode(out);
} }
/** public GeneralSubtrees getPermittedSubtrees() {
* Set the attribute value. return permitted;
*/ }
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { public GeneralSubtrees getExcludedSubtrees() {
if (!(obj instanceof GeneralSubtrees)) { return excluded;
throw new IOException("Attribute value should be"
+ " of type GeneralSubtrees.");
}
permitted = (GeneralSubtrees)obj;
} else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) {
if (!(obj instanceof GeneralSubtrees)) {
throw new IOException("Attribute value should be "
+ "of type GeneralSubtrees.");
}
excluded = (GeneralSubtrees)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:NameConstraintsExtension.");
}
encodeThis();
} }
/** /**
* Get the attribute value. * Return the name of this extension.
*/
public GeneralSubtrees get(String name) throws IOException {
if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) {
return (permitted);
} else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) {
return (excluded);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:NameConstraintsExtension.");
}
}
/**
* Return the name of this attribute.
*/ */
@Override @Override
public String getName() { public String getName() {
return (NAME); return NAME;
} }
/** /**
@ -327,7 +287,7 @@ implements CertAttrSet<String>, Cloneable {
* value and the value indicated in the extension field. * value and the value indicated in the extension field.
*/ */
GeneralSubtrees newExcluded = newConstraints.get(EXCLUDED_SUBTREES); GeneralSubtrees newExcluded = newConstraints.getExcludedSubtrees();
if (excluded == null) { if (excluded == null) {
excluded = (newExcluded != null) ? excluded = (newExcluded != null) ?
(GeneralSubtrees)newExcluded.clone() : null; (GeneralSubtrees)newExcluded.clone() : null;
@ -344,7 +304,7 @@ implements CertAttrSet<String>, Cloneable {
* previous value and the value indicated in the extension field. * previous value and the value indicated in the extension field.
*/ */
GeneralSubtrees newPermitted = newConstraints.get(PERMITTED_SUBTREES); GeneralSubtrees newPermitted = newConstraints.getPermittedSubtrees();
if (permitted == null) { if (permitted == null) {
permitted = (newPermitted != null) ? permitted = (newPermitted != null) ?
(GeneralSubtrees)newPermitted.clone() : null; (GeneralSubtrees)newPermitted.clone() : null;
@ -432,8 +392,7 @@ implements CertAttrSet<String>, Cloneable {
if (altNameExt != null) { if (altNameExt != null) {
// extract altNames from extension; this call does not // extract altNames from extension; this call does not
// return an IOException on null altnames // return an IOException on null altnames
altNames = altNameExt.get( altNames = altNameExt.getNames();
SubjectAlternativeNameExtension.SUBJECT_NAME);
} }
} catch (CertificateException ce) { } catch (CertificateException ce) {
throw new IOException("Unable to extract extensions from " + throw new IOException("Unable to extract extensions from " +

26
src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java
View file

@ -48,17 +48,8 @@ import sun.security.util.*;
*/ */
public class NetscapeCertTypeExtension extends Extension public class NetscapeCertTypeExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.NetscapeCertType";
/**
* Attribute names.
*/
public static final String NAME = "NetscapeCertType"; public static final String NAME = "NetscapeCertType";
public static final String SSL_CLIENT = "ssl_client"; public static final String SSL_CLIENT = "ssl_client";
public static final String SSL_SERVER = "ssl_server"; public static final String SSL_SERVER = "ssl_server";
@ -199,11 +190,7 @@ implements CertAttrSet<String> {
/** /**
* Set the attribute value. * Set the attribute value.
*/ */
public void set(String name, Object obj) throws IOException { public void set(String name, Boolean val) throws IOException {
if (!(obj instanceof Boolean))
throw new IOException("Attribute must be of type Boolean.");
boolean val = ((Boolean)obj).booleanValue();
set(getPosition(name), val); set(getPosition(name), val);
encodeThis(); encodeThis();
} }
@ -211,11 +198,10 @@ implements CertAttrSet<String> {
/** /**
* Get the attribute value. * Get the attribute value.
*/ */
public Boolean get(String name) throws IOException { public boolean get(String name) throws IOException {
return Boolean.valueOf(isSet(getPosition(name))); return isSet(getPosition(name));
} }
/** /**
* Returns a printable representation of the NetscapeCertType. * Returns a printable representation of the NetscapeCertType.
*/ */
@ -268,11 +254,11 @@ implements CertAttrSet<String> {
/** /**
* Return the name of this attribute. * Return the name of this extension.
*/ */
@Override @Override
public String getName() { public String getName() {
return (NAME); return NAME;
} }
/** /**

31
src/java.base/share/classes/sun/security/x509/OCSPNoCheckExtension.java
View file

@ -48,17 +48,8 @@ import java.io.IOException;
* @see CertAttrSet * @see CertAttrSet
*/ */
public class OCSPNoCheckExtension extends Extension public class OCSPNoCheckExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.OCSPNoCheck";
/**
* Attribute names.
*/
public static final String NAME = "OCSPNoCheck"; public static final String NAME = "OCSPNoCheck";
/** /**
@ -88,25 +79,7 @@ public class OCSPNoCheckExtension extends Extension
} }
/** /**
* Set the attribute value. * Return the name of this extension.
*/
public void set(String name, Object obj) throws IOException {
throw new IOException("No attribute is allowed by " +
"CertAttrSet:OCSPNoCheckExtension.");
}
/**
* Get the attribute value.
*/
public Object get(String name) throws IOException {
throw new IOException("No attribute is allowed by " +
"CertAttrSet:OCSPNoCheckExtension.");
}
/**
* Return the name of this attribute.
*/ */
@Override @Override
public String getName() { public String getName() {

56
src/java.base/share/classes/sun/security/x509/PolicyConstraintsExtension.java
View file

@ -53,18 +53,9 @@ import sun.security.util.*;
* @see CertAttrSet * @see CertAttrSet
*/ */
public class PolicyConstraintsExtension extends Extension public class PolicyConstraintsExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.PolicyConstraints";
/**
* Attribute names.
*/
public static final String NAME = "PolicyConstraints"; public static final String NAME = "PolicyConstraints";
public static final String REQUIRE = "require";
public static final String INHIBIT = "inhibit";
private static final byte TAG_REQUIRE = 0; private static final byte TAG_REQUIRE = 0;
private static final byte TAG_INHIBIT = 1; private static final byte TAG_INHIBIT = 1;
@ -209,46 +200,19 @@ implements CertAttrSet<String> {
super.encode(out); super.encode(out);
} }
/** public int getRequire() {
* Set the attribute value. return require;
*/ }
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof Integer)) { public int getInhibit() {
throw new IOException("Attribute value should be of type Integer."); return inhibit;
}
if (name.equalsIgnoreCase(REQUIRE)) {
require = ((Integer)obj).intValue();
} else if (name.equalsIgnoreCase(INHIBIT)) {
inhibit = ((Integer)obj).intValue();
} else {
throw new IOException("Attribute name " + "[" + name + "]" +
" not recognized by " +
"CertAttrSet:PolicyConstraints.");
}
encodeThis();
} }
/** /**
* Get the attribute value. * Return the name of this extension.
*/
public Integer get(String name) throws IOException {
if (name.equalsIgnoreCase(REQUIRE)) {
return require;
} else if (name.equalsIgnoreCase(INHIBIT)) {
return inhibit;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:PolicyConstraints.");
}
}
/**
* Return the name of this attribute.
*/ */
@Override @Override
public String getName() { public String getName() {
return (NAME); return NAME;
} }
} }

48
src/java.base/share/classes/sun/security/x509/PolicyInformation.java
View file

@ -166,54 +166,6 @@ public class PolicyInformation {
return policyQualifiers; return policyQualifiers;
} }
/**
* Get the attribute value.
*/
public Object get(String name) throws IOException {
if (name.equalsIgnoreCase(ID)) {
return policyIdentifier;
} else if (name.equalsIgnoreCase(QUALIFIERS)) {
return policyQualifiers;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by PolicyInformation.");
}
}
/**
* Set the attribute value.
*/
@SuppressWarnings("unchecked") // Checked with instanceof
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(ID)) {
if (obj instanceof CertificatePolicyId)
policyIdentifier = (CertificatePolicyId)obj;
else
throw new IOException("Attribute value must be instance " +
"of CertificatePolicyId.");
} else if (name.equalsIgnoreCase(QUALIFIERS)) {
if (policyIdentifier == null) {
throw new IOException("Attribute must have a " +
"CertificatePolicyIdentifier value before " +
"PolicyQualifierInfo can be set.");
}
if (obj instanceof Set) {
for (Object obj1 : (Set<?>) obj) {
if (!(obj1 instanceof PolicyQualifierInfo)) {
throw new IOException("Attribute value must be a " +
"Set of PolicyQualifierInfo objects.");
}
}
policyQualifiers = (Set<PolicyQualifierInfo>) obj;
} else {
throw new IOException("Attribute value must be of type Set.");
}
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by PolicyInformation");
}
}
/** /**
* Return a printable representation of the PolicyInformation. * Return a printable representation of the PolicyInformation.
*/ */

46
src/java.base/share/classes/sun/security/x509/PolicyMappingsExtension.java
View file

@ -50,17 +50,9 @@ import sun.security.util.*;
* @see CertAttrSet * @see CertAttrSet
*/ */
public class PolicyMappingsExtension extends Extension public class PolicyMappingsExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.PolicyMappings";
/**
* Attribute names.
*/
public static final String NAME = "PolicyMappings"; public static final String NAME = "PolicyMappings";
public static final String MAP = "map";
// Private data members // Private data members
private List<CertificatePolicyMap> maps; private List<CertificatePolicyMap> maps;
@ -157,41 +149,15 @@ implements CertAttrSet<String> {
super.encode(out); super.encode(out);
} }
/** public List<CertificatePolicyMap> getMaps() {
* Set the attribute value. return maps;
*/
@SuppressWarnings("unchecked") // Checked with instanceof
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(MAP)) {
if (!(obj instanceof List)) {
throw new IOException("Attribute value should be of" +
" type List.");
}
maps = (List<CertificatePolicyMap>)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:PolicyMappingsExtension.");
}
encodeThis();
} }
/** /**
* Get the attribute value. * Return the name of this extension.
*/
public List<CertificatePolicyMap> get(String name) throws IOException {
if (name.equalsIgnoreCase(MAP)) {
return (maps);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:PolicyMappingsExtension.");
}
}
/**
* Return the name of this attribute.
*/ */
@Override @Override
public String getName () { public String getName () {
return (NAME); return NAME;
} }
} }

58
src/java.base/share/classes/sun/security/x509/PrivateKeyUsageExtension.java
View file

@ -58,18 +58,9 @@ import sun.security.util.*;
* @see CertAttrSet * @see CertAttrSet
*/ */
public class PrivateKeyUsageExtension extends Extension public class PrivateKeyUsageExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.PrivateKeyUsage";
/**
* Sub attributes name for this CertAttrSet.
*/
public static final String NAME = "PrivateKeyUsage"; public static final String NAME = "PrivateKeyUsage";
public static final String NOT_BEFORE = "not_before";
public static final String NOT_AFTER = "not_after";
// Private data members // Private data members
private static final byte TAG_BEFORE = 0; private static final byte TAG_BEFORE = 0;
@ -248,48 +239,19 @@ implements CertAttrSet<String> {
super.encode(out); super.encode(out);
} }
/** public Date getNotBefore() {
* Set the attribute value. return new Date(notBefore.getTime());
* @exception CertificateException on attribute handling errors. }
*/
public void set(String name, Object obj) public Date getNotAfter() {
throws CertificateException, IOException { return new Date(notAfter.getTime());
if (!(obj instanceof Date)) {
throw new CertificateException("Attribute must be of type Date.");
}
if (name.equalsIgnoreCase(NOT_BEFORE)) {
notBefore = (Date)obj;
} else if (name.equalsIgnoreCase(NOT_AFTER)) {
notAfter = (Date)obj;
} else {
throw new CertificateException("Attribute name not recognized by"
+ " CertAttrSet:PrivateKeyUsage.");
}
encodeThis();
} }
/** /**
* Get the attribute value. * Return the name of this extension.
* @exception CertificateException on attribute handling errors.
*/
public Date get(String name) throws CertificateException {
if (name.equalsIgnoreCase(NOT_BEFORE)) {
return (new Date(notBefore.getTime()));
} else if (name.equalsIgnoreCase(NOT_AFTER)) {
return (new Date(notAfter.getTime()));
} else {
throw new CertificateException("Attribute name not recognized by"
+ " CertAttrSet:PrivateKeyUsage.");
}
}
/**
* Return the name of this attribute.
*/ */
@Override @Override
public String getName() { public String getName() {
return(NAME); return NAME;
} }
} }

45
src/java.base/share/classes/sun/security/x509/SubjectAlternativeNameExtension.java
View file

@ -51,18 +51,9 @@ import sun.security.util.*;
* @see CertAttrSet * @see CertAttrSet
*/ */
public class SubjectAlternativeNameExtension extends Extension public class SubjectAlternativeNameExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.SubjectAlternativeName";
/**
* Attribute names.
*/
public static final String NAME = "SubjectAlternativeName"; public static final String NAME = "SubjectAlternativeName";
public static final String SUBJECT_NAME = "subject_name";
// private data members // private data members
GeneralNames names; GeneralNames names;
@ -173,41 +164,19 @@ implements CertAttrSet<String> {
} }
/** /**
* Set the attribute value. * Get the GeneralNames value.
*/ */
public void set(String name, Object obj) throws IOException { public GeneralNames getNames() {
if (name.equalsIgnoreCase(SUBJECT_NAME)) { return names;
if (!(obj instanceof GeneralNames)) {
throw new IOException("Attribute value should be of " +
"type GeneralNames.");
}
names = (GeneralNames)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:SubjectAlternativeName.");
}
encodeThis();
}
/**
* Get the attribute value.
*/
public GeneralNames get(String name) throws IOException {
if (name.equalsIgnoreCase(SUBJECT_NAME)) {
return (names);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:SubjectAlternativeName.");
}
} }
/** /**
* Return the name of this attribute. * Return the name of this extension.
*/ */
@Override @Override
public String getName() { public String getName() {
return (NAME); return NAME;
} }
} }

51
src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java
View file

@ -67,20 +67,9 @@ import sun.security.util.DerValue;
*/ */
public class SubjectInfoAccessExtension extends Extension public class SubjectInfoAccessExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.SubjectInfoAccess";
/**
* Attribute name.
*/
public static final String NAME = "SubjectInfoAccess"; public static final String NAME = "SubjectInfoAccess";
public static final String DESCRIPTIONS = "descriptions";
/** /**
* The List of AccessDescription objects. * The List of AccessDescription objects.
@ -140,7 +129,7 @@ public class SubjectInfoAccessExtension extends Extension
} }
/** /**
* Return the name of this attribute. * Return the name of this extension.
*/ */
@Override @Override
public String getName() { public String getName() {
@ -163,40 +152,7 @@ public class SubjectInfoAccessExtension extends Extension
super.encode(out); super.encode(out);
} }
/** // Encode this extension value
* Set the attribute value.
*/
@SuppressWarnings("unchecked") // Checked with instanceof
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(DESCRIPTIONS)) {
if (!(obj instanceof List)) {
throw new IOException("Attribute value should be of type List.");
}
accessDescriptions = (List<AccessDescription>)obj;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:SubjectInfoAccessExtension.");
}
encodeThis();
}
/**
* Get the attribute value.
*/
public List<AccessDescription> get(String name) throws IOException {
if (name.equalsIgnoreCase(DESCRIPTIONS)) {
return accessDescriptions;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:SubjectInfoAccessExtension.");
}
}
// Encode this extension value
private void encodeThis() throws IOException { private void encodeThis() throws IOException {
if (accessDescriptions.isEmpty()) { if (accessDescriptions.isEmpty()) {
this.extensionValue = null; this.extensionValue = null;
@ -218,5 +174,4 @@ public class SubjectInfoAccessExtension extends Extension
return super.toString() + return super.toString() +
"SubjectInfoAccess [\n " + accessDescriptions + "\n]\n"; "SubjectInfoAccess [\n " + accessDescriptions + "\n]\n";
} }
} }

48
src/java.base/share/classes/sun/security/x509/SubjectKeyIdentifierExtension.java
View file

@ -51,18 +51,9 @@ import sun.security.util.*;
* @see CertAttrSet * @see CertAttrSet
*/ */
public class SubjectKeyIdentifierExtension extends Extension public class SubjectKeyIdentifierExtension extends Extension
implements CertAttrSet<String> { implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.SubjectKeyIdentifier";
/**
* Attribute names.
*/
public static final String NAME = "SubjectKeyIdentifier"; public static final String NAME = "SubjectKeyIdentifier";
public static final String KEY_ID = "key_id";
// Private data member // Private data member
private KeyIdentifier id; private KeyIdentifier id;
@ -133,42 +124,15 @@ implements CertAttrSet<String> {
super.encode(out); super.encode(out);
} }
/** public KeyIdentifier getKeyIdentifier() {
* Set the attribute value. return id;
*/
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(KEY_ID)) {
if (!(obj instanceof KeyIdentifier)) {
throw new IOException("Attribute value should be of" +
" type KeyIdentifier.");
}
id = (KeyIdentifier)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:SubjectKeyIdentifierExtension.");
}
encodeThis();
} }
/** /**
* Get the attribute value. * Return the name of this extension.
*/
public KeyIdentifier get(String name) throws IOException {
if (name.equalsIgnoreCase(KEY_ID)) {
return (id);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:SubjectKeyIdentifierExtension.");
}
}
/**
* Return the name of this attribute.
*/ */
@Override @Override
public String getName() { public String getName() {
return (NAME); return NAME;
} }
} }

72
src/java.base/share/classes/sun/security/x509/X509AttributeName.java
View file

@ -1,72 +0,0 @@
/*
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.x509;
/**
* This class is used to parse attribute names like "x509.info.extensions".
*
* @author Amit Kapoor
* @author Hemma Prafullchandra
*/
public class X509AttributeName {
// Public members
private static final char SEPARATOR = '.';
// Private data members
private final String prefix;
private final String suffix;
/**
* Default constructor for the class. Name is of the form
* "x509.info.extensions".
*
* @param name the attribute name.
*/
public X509AttributeName(String name) {
int i = name.indexOf(SEPARATOR);
if (i < 0) {
prefix = name;
suffix = null;
} else {
prefix = name.substring(0, i);
suffix = name.substring(i + 1);
}
}
/**
* Return the prefix of the name.
*/
public String getPrefix() {
return (prefix);
}
/**
* Return the suffix of the name.
*/
public String getSuffix() {
return (suffix);
}
}

11
src/java.base/share/classes/sun/security/x509/X509CRLEntryImpl.java
View file

@ -144,7 +144,7 @@ public class X509CRLEntryImpl extends X509CRLEntry
* false. * false.
*/ */
public boolean hasExtensions() { public boolean hasExtensions() {
return (extensions != null); return extensions != null;
} }
/** /**
@ -272,14 +272,13 @@ public class X509CRLEntryImpl extends X509CRLEntry
* get Reason Code from CRL entry. * get Reason Code from CRL entry.
* *
* @return Integer or null, if no such extension * @return Integer or null, if no such extension
* @throws IOException on error
*/ */
public Integer getReasonCode() throws IOException { public Integer getReasonCode() {
Object obj = getExtension(PKIXExtensions.ReasonCode_Id); Object obj = getExtension(PKIXExtensions.ReasonCode_Id);
if (obj == null) if (obj == null)
return null; return null;
CRLReasonCodeExtension reasonCode = (CRLReasonCodeExtension)obj; CRLReasonCodeExtension reasonCode = (CRLReasonCodeExtension)obj;
return reasonCode.get(CRLReasonCodeExtension.REASON); return reasonCode.getReason();
} }
/** /**
@ -416,7 +415,7 @@ public class X509CRLEntryImpl extends X509CRLEntry
} }
} }
} else } else
crlExt = extensions.get(extAlias); crlExt = extensions.getExtension(extAlias);
if (crlExt == null) if (crlExt == null)
return null; return null;
byte[] extData = crlExt.getExtensionValue(); byte[] extData = crlExt.getExtensionValue();
@ -443,7 +442,7 @@ public class X509CRLEntryImpl extends X509CRLEntry
// following returns null if no such OID in map // following returns null if no such OID in map
//XXX consider cloning this //XXX consider cloning this
return extensions.get(OIDMap.getName(oid)); return extensions.getExtension(OIDMap.getName(oid));
} }
private void parse(DerValue derVal) private void parse(DerValue derVal)

74
src/java.base/share/classes/sun/security/x509/X509CRLImpl.java
View file

@ -207,11 +207,7 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
X500Principal badCertIssuer = crlIssuer; X500Principal badCertIssuer = crlIssuer;
for (int i = 0; i < badCerts.length; i++) { for (int i = 0; i < badCerts.length; i++) {
X509CRLEntryImpl badCert = (X509CRLEntryImpl)badCerts[i]; X509CRLEntryImpl badCert = (X509CRLEntryImpl)badCerts[i];
try { badCertIssuer = getCertIssuer(badCert, badCertIssuer);
badCertIssuer = getCertIssuer(badCert, badCertIssuer);
} catch (IOException ioe) {
throw new CRLException(ioe);
}
badCert.setCertificateIssuer(crlIssuer, badCertIssuer); badCert.setCertificateIssuer(crlIssuer, badCertIssuer);
X509IssuerSerial issuerSerial = new X509IssuerSerial X509IssuerSerial issuerSerial = new X509IssuerSerial
(badCertIssuer, badCert.getSerialNumber()); (badCertIssuer, badCert.getSerialNumber());
@ -686,7 +682,7 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
* @return the thisUpdate date from the CRL. * @return the thisUpdate date from the CRL.
*/ */
public Date getThisUpdate() { public Date getThisUpdate() {
return (new Date(thisUpdate.getTime())); return new Date(thisUpdate.getTime());
} }
/** /**
@ -698,7 +694,7 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
public Date getNextUpdate() { public Date getNextUpdate() {
if (nextUpdate == null) if (nextUpdate == null)
return null; return null;
return (new Date(nextUpdate.getTime())); return new Date(nextUpdate.getTime());
} }
/** /**
@ -838,13 +834,11 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
* *
* @return AuthorityKeyIdentifier or null * @return AuthorityKeyIdentifier or null
* (if no AuthorityKeyIdentifierExtension) * (if no AuthorityKeyIdentifierExtension)
* @throws IOException on error
*/ */
public KeyIdentifier getAuthKeyId() throws IOException { public KeyIdentifier getAuthKeyId() {
AuthorityKeyIdentifierExtension aki = getAuthKeyIdExtension(); AuthorityKeyIdentifierExtension aki = getAuthKeyIdExtension();
if (aki != null) { if (aki != null) {
return (KeyIdentifier)aki.get( return aki.getKeyIdentifier();
AuthorityKeyIdentifierExtension.KEY_ID);
} else { } else {
return null; return null;
} }
@ -854,35 +848,31 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
* return the AuthorityKeyIdentifierExtension, if any. * return the AuthorityKeyIdentifierExtension, if any.
* *
* @return AuthorityKeyIdentifierExtension or null (if no such extension) * @return AuthorityKeyIdentifierExtension or null (if no such extension)
* @throws IOException on error
*/ */
public AuthorityKeyIdentifierExtension getAuthKeyIdExtension() public AuthorityKeyIdentifierExtension getAuthKeyIdExtension() {
throws IOException { return (AuthorityKeyIdentifierExtension)
Object obj = getExtension(PKIXExtensions.AuthorityKey_Id); getExtension(PKIXExtensions.AuthorityKey_Id);
return (AuthorityKeyIdentifierExtension)obj;
} }
/** /**
* return the CRLNumberExtension, if any. * return the CRLNumberExtension, if any.
* *
* @return CRLNumberExtension or null (if no such extension) * @return CRLNumberExtension or null (if no such extension)
* @throws IOException on error
*/ */
public CRLNumberExtension getCRLNumberExtension() throws IOException { public CRLNumberExtension getCRLNumberExtension() {
Object obj = getExtension(PKIXExtensions.CRLNumber_Id); return (CRLNumberExtension)
return (CRLNumberExtension)obj; getExtension(PKIXExtensions.CRLNumber_Id);
} }
/** /**
* return the CRL number from the CRLNumberExtension, if any. * return the CRL number from the CRLNumberExtension, if any.
* *
* @return number or null (if no such extension) * @return number or null (if no such extension)
* @throws IOException on error
*/ */
public BigInteger getCRLNumber() throws IOException { public BigInteger getCRLNumber() {
CRLNumberExtension numExt = getCRLNumberExtension(); CRLNumberExtension numExt = getCRLNumberExtension();
if (numExt != null) { if (numExt != null) {
return numExt.get(CRLNumberExtension.NUMBER); return numExt.getCrlNumber();
} else { } else {
return null; return null;
} }
@ -892,25 +882,21 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
* return the DeltaCRLIndicatorExtension, if any. * return the DeltaCRLIndicatorExtension, if any.
* *
* @return DeltaCRLIndicatorExtension or null (if no such extension) * @return DeltaCRLIndicatorExtension or null (if no such extension)
* @throws IOException on error
*/ */
public DeltaCRLIndicatorExtension getDeltaCRLIndicatorExtension() public DeltaCRLIndicatorExtension getDeltaCRLIndicatorExtension() {
throws IOException { return (DeltaCRLIndicatorExtension)
getExtension(PKIXExtensions.DeltaCRLIndicator_Id);
Object obj = getExtension(PKIXExtensions.DeltaCRLIndicator_Id);
return (DeltaCRLIndicatorExtension)obj;
} }
/** /**
* return the base CRL number from the DeltaCRLIndicatorExtension, if any. * return the base CRL number from the DeltaCRLIndicatorExtension, if any.
* *
* @return number or null (if no such extension) * @return number or null (if no such extension)
* @throws IOException on error
*/ */
public BigInteger getBaseCRLNumber() throws IOException { public BigInteger getBaseCRLNumber() {
DeltaCRLIndicatorExtension dciExt = getDeltaCRLIndicatorExtension(); DeltaCRLIndicatorExtension dciExt = getDeltaCRLIndicatorExtension();
if (dciExt != null) { if (dciExt != null) {
return dciExt.get(DeltaCRLIndicatorExtension.NUMBER); return dciExt.getCrlNumber();
} else { } else {
return null; return null;
} }
@ -920,12 +906,10 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
* return the IssuerAlternativeNameExtension, if any. * return the IssuerAlternativeNameExtension, if any.
* *
* @return IssuerAlternativeNameExtension or null (if no such extension) * @return IssuerAlternativeNameExtension or null (if no such extension)
* @throws IOException on error
*/ */
public IssuerAlternativeNameExtension getIssuerAltNameExtension() public IssuerAlternativeNameExtension getIssuerAltNameExtension() {
throws IOException { return (IssuerAlternativeNameExtension)
Object obj = getExtension(PKIXExtensions.IssuerAlternativeName_Id); getExtension(PKIXExtensions.IssuerAlternativeName_Id);
return (IssuerAlternativeNameExtension)obj;
} }
/** /**
@ -933,13 +917,11 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
* *
* @return IssuingDistributionPointExtension or null * @return IssuingDistributionPointExtension or null
* (if no such extension) * (if no such extension)
* @throws IOException on error
*/ */
public IssuingDistributionPointExtension public IssuingDistributionPointExtension
getIssuingDistributionPointExtension() throws IOException { getIssuingDistributionPointExtension() {
return (IssuingDistributionPointExtension)
Object obj = getExtension(PKIXExtensions.IssuingDistributionPoint_Id); getExtension(PKIXExtensions.IssuingDistributionPoint_Id);
return (IssuingDistributionPointExtension) obj;
} }
/** /**
@ -1022,7 +1004,7 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
} }
} }
} else } else
crlExt = extensions.get(extAlias); crlExt = extensions.getExtension(extAlias);
if (crlExt == null) if (crlExt == null)
return null; return null;
byte[] extData = crlExt.getExtensionValue(); byte[] extData = crlExt.getExtensionValue();
@ -1047,7 +1029,7 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
return null; return null;
// XXX Consider cloning this // XXX Consider cloning this
return extensions.get(OIDMap.getName(oid)); return extensions.getExtension(OIDMap.getName(oid));
} }
/* /*
@ -1239,12 +1221,12 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
* prevCertIssuer if it does not exist * prevCertIssuer if it does not exist
*/ */
private X500Principal getCertIssuer(X509CRLEntryImpl entry, private X500Principal getCertIssuer(X509CRLEntryImpl entry,
X500Principal prevCertIssuer) throws IOException { X500Principal prevCertIssuer) {
CertificateIssuerExtension ciExt = CertificateIssuerExtension ciExt =
entry.getCertificateIssuerExtension(); entry.getCertificateIssuerExtension();
if (ciExt != null) { if (ciExt != null) {
GeneralNames names = ciExt.get(CertificateIssuerExtension.ISSUER); GeneralNames names = ciExt.getNames();
X500Name issuerDN = (X500Name) names.get(0).getName(); X500Name issuerDN = (X500Name) names.get(0).getName();
return issuerDN.asX500Principal(); return issuerDN.asX500Principal();
} else { } else {

362
src/java.base/share/classes/sun/security/x509/X509CertImpl.java
View file

@ -77,45 +77,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
@java.io.Serial @java.io.Serial
private static final long serialVersionUID = -3457612960190864406L; private static final long serialVersionUID = -3457612960190864406L;
private static final char DOT = '.';
/**
* Public attribute names.
*/
public static final String NAME = "x509"; public static final String NAME = "x509";
public static final String INFO = X509CertInfo.NAME;
public static final String ALG_ID = "algorithm";
public static final String SIGNATURE = "signature";
public static final String SIGNED_CERT = "signed_cert";
/**
* The following are defined for ease-of-use. These
* are the most frequently retrieved attributes.
*/
// x509.info.subject.dname
public static final String SUBJECT_DN = NAME + DOT + INFO + DOT +
X509CertInfo.SUBJECT + DOT + X509CertInfo.DN_NAME;
// x509.info.issuer.dname
public static final String ISSUER_DN = NAME + DOT + INFO + DOT +
X509CertInfo.ISSUER + DOT + X509CertInfo.DN_NAME;
// x509.info.serialNumber.number
public static final String SERIAL_ID = NAME + DOT + INFO + DOT +
X509CertInfo.SERIAL_NUMBER + DOT +
CertificateSerialNumber.NUMBER;
// x509.info.key.value
public static final String PUBLIC_KEY = NAME + DOT + INFO + DOT +
X509CertInfo.KEY + DOT +
CertificateX509Key.KEY;
// x509.info.version.value
public static final String VERSION = NAME + DOT + INFO + DOT +
X509CertInfo.VERSION + DOT +
CertificateVersion.VERSION;
// x509.algorithm
public static final String SIG_ALG = NAME + DOT + ALG_ID;
// x509.signature
public static final String SIG = NAME + DOT + SIGNATURE;
// when we sign and decode we set this to true // when we sign and decode we set this to true
// this is our means to make certificates immutable // this is our means to make certificates immutable
@ -555,8 +517,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
DerOutputStream tmp = new DerOutputStream(); DerOutputStream tmp = new DerOutputStream();
// encode certificate info // encode certificate info
info.set(X509CertInfo.ALGORITHM_ID, info.setAlgorithmId(new CertificateAlgorithmId(algId));
new CertificateAlgorithmId(algId));
info.encode(tmp); info.encode(tmp);
byte[] rawCert = tmp.toByteArray(); byte[] rawCert = tmp.toByteArray();
@ -610,7 +571,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
CertificateValidity interval; CertificateValidity interval;
try { try {
interval = (CertificateValidity)info.get(CertificateValidity.NAME); interval = info.getValidity();
} catch (Exception e) { } catch (Exception e) {
throw new CertificateNotYetValidException("Incorrect validity period"); throw new CertificateNotYetValidException("Incorrect validity period");
} }
@ -625,92 +586,10 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* Note that the X509CertInfo is not cloned for performance reasons. * Note that the X509CertInfo is not cloned for performance reasons.
* Callers must ensure that they do not modify it. All other * Callers must ensure that they do not modify it. All other
* attributes are cloned. * attributes are cloned.
*
* @param name the name of the attribute.
* @exception CertificateParsingException on invalid attribute identifier.
*/ */
public Object get(String name)
throws CertificateParsingException {
X509AttributeName attr = new X509AttributeName(name);
String id = attr.getPrefix();
if (!(id.equalsIgnoreCase(NAME))) {
throw new CertificateParsingException("Invalid root of "
+ "attribute name, expected [" + NAME +
"], received " + "[" + id + "]");
}
attr = new X509AttributeName(attr.getSuffix());
id = attr.getPrefix();
if (id.equalsIgnoreCase(INFO)) { public X509CertInfo getInfo() {
if (info == null) { return info;
return null;
}
if (attr.getSuffix() != null) {
try {
return info.get(attr.getSuffix());
} catch (IOException | CertificateException e) {
throw new CertificateParsingException(e.toString());
}
} else {
return info;
}
} else if (id.equalsIgnoreCase(ALG_ID)) {
return(algId);
} else if (id.equalsIgnoreCase(SIGNATURE)) {
if (signature != null)
return signature.clone();
else
return null;
} else if (id.equalsIgnoreCase(SIGNED_CERT)) {
if (signedCert != null)
return signedCert.clone();
else
return null;
} else {
throw new CertificateParsingException("Attribute name not "
+ "recognized or get() not allowed for the same: " + id);
}
}
/**
* Set the requested attribute in the certificate.
*
* @param name the name of the attribute.
* @param obj the value of the attribute.
* @exception CertificateException on invalid attribute identifier.
* @exception IOException on encoding error of attribute.
*/
public void set(String name, Object obj)
throws CertificateException, IOException {
// check if immutable
if (readOnly)
throw new CertificateException("cannot over-write existing"
+ " certificate");
X509AttributeName attr = new X509AttributeName(name);
String id = attr.getPrefix();
if (!(id.equalsIgnoreCase(NAME))) {
throw new CertificateException("Invalid root of attribute name,"
+ " expected [" + NAME + "], received " + id);
}
attr = new X509AttributeName(attr.getSuffix());
id = attr.getPrefix();
if (id.equalsIgnoreCase(INFO)) {
if (attr.getSuffix() == null) {
if (!(obj instanceof X509CertInfo)) {
throw new CertificateException("Attribute value should"
+ " be of type X509CertInfo.");
}
info = (X509CertInfo)obj;
} else {
info.set(attr.getSuffix(), obj);
}
signedCert = null; //reset this as certificate data has changed
} else {
throw new CertificateException("Attribute name not recognized or " +
"set() not allowed for the same: " + id);
}
} }
/** /**
@ -739,12 +618,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public PublicKey getPublicKey() { public PublicKey getPublicKey() {
if (info == null) if (info == null)
return null; return null;
try { return info.getKey().getKey();
return (PublicKey)info.get(CertificateX509Key.NAME
+ DOT + CertificateX509Key.KEY);
} catch (Exception e) {
return null;
}
} }
/** /**
@ -756,9 +630,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
if (info == null) if (info == null)
return -1; return -1;
try { try {
int vers = ((Integer)info.get(CertificateVersion.NAME int vers = info.getVersion().getVersion();
+ DOT + CertificateVersion.VERSION)).intValue(); return vers + 1;
return vers+1;
} catch (Exception e) { } catch (Exception e) {
return -1; return -1;
} }
@ -784,13 +657,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public SerialNumber getSerialNumberObject() { public SerialNumber getSerialNumberObject() {
if (info == null) if (info == null)
return null; return null;
try { return info.getSerialNumber().getSerial();
return (SerialNumber)info.get(
CertificateSerialNumber.NAME + DOT +
CertificateSerialNumber.NUMBER);
} catch (Exception e) {
return null;
}
} }
@ -803,12 +670,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public Principal getSubjectDN() { public Principal getSubjectDN() {
if (info == null) if (info == null)
return null; return null;
try { return info.getSubject();
return (Principal)info.get(X509CertInfo.SUBJECT + DOT +
X509CertInfo.DN_NAME);
} catch (Exception e) {
return null;
}
} }
/** /**
@ -821,9 +683,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
return null; return null;
} }
try { try {
return (X500Principal)info.get( return info.getSubject().asX500Principal();
X509CertInfo.SUBJECT + DOT +
"x500principal");
} catch (Exception e) { } catch (Exception e) {
return null; return null;
} }
@ -838,12 +698,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public Principal getIssuerDN() { public Principal getIssuerDN() {
if (info == null) if (info == null)
return null; return null;
try { return info.getIssuer();
return (Principal)info.get(X509CertInfo.ISSUER + DOT +
X509CertInfo.DN_NAME);
} catch (Exception e) {
return null;
}
} }
/** /**
@ -856,9 +711,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
return null; return null;
} }
try { try {
return (X500Principal)info.get( return info.getIssuer().asX500Principal();
X509CertInfo.ISSUER + DOT +
"x500principal");
} catch (Exception e) { } catch (Exception e) {
return null; return null;
} }
@ -872,12 +725,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public Date getNotBefore() { public Date getNotBefore() {
if (info == null) if (info == null)
return null; return null;
try { return info.getValidity().getNotBefore();
return (Date) info.get(CertificateValidity.NAME + DOT +
CertificateValidity.NOT_BEFORE);
} catch (Exception e) {
return null;
}
} }
/** /**
@ -888,12 +736,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public Date getNotAfter() { public Date getNotAfter() {
if (info == null) if (info == null)
return null; return null;
try { return info.getValidity().getNotAfter();
return (Date) info.get(CertificateValidity.NAME + DOT +
CertificateValidity.NOT_AFTER);
} catch (Exception e) {
return null;
}
} }
/** /**
@ -932,7 +775,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public String getSigAlgName() { public String getSigAlgName() {
if (algId == null) if (algId == null)
return null; return null;
return (algId.getName()); return algId.getName();
} }
/** /**
@ -945,7 +788,11 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
if (algId == null) if (algId == null)
return null; return null;
ObjectIdentifier oid = algId.getOID(); ObjectIdentifier oid = algId.getOID();
return (oid.toString()); return oid.toString();
}
public AlgorithmId getSigAlg() {
return algId;
} }
/** /**
@ -967,16 +814,11 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public boolean[] getIssuerUniqueID() { public boolean[] getIssuerUniqueID() {
if (info == null) if (info == null)
return null; return null;
try { UniqueIdentity id = info.getIssuerUniqueId();
UniqueIdentity id = (UniqueIdentity)info.get( if (id == null)
X509CertInfo.ISSUER_ID);
if (id == null)
return null;
else
return (id.getId());
} catch (Exception e) {
return null; return null;
} else
return id.getId();
} }
/** /**
@ -987,26 +829,18 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public boolean[] getSubjectUniqueID() { public boolean[] getSubjectUniqueID() {
if (info == null) if (info == null)
return null; return null;
try { UniqueIdentity id = info.getSubjectUniqueId();
UniqueIdentity id = (UniqueIdentity)info.get( if (id == null)
X509CertInfo.SUBJECT_ID);
if (id == null)
return null;
else
return (id.getId());
} catch (Exception e) {
return null; return null;
} else
return id.getId();
} }
public KeyIdentifier getAuthKeyId() { public KeyIdentifier getAuthKeyId() {
AuthorityKeyIdentifierExtension aki AuthorityKeyIdentifierExtension aki
= getAuthorityKeyIdentifierExtension(); = getAuthorityKeyIdentifierExtension();
if (aki != null) { if (aki != null) {
try { return aki.getKeyIdentifier();
return (KeyIdentifier)aki.get(
AuthorityKeyIdentifierExtension.KEY_ID);
} catch (IOException ioe) {} // not possible
} }
return null; return null;
} }
@ -1017,9 +851,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public KeyIdentifier getSubjectKeyId() { public KeyIdentifier getSubjectKeyId() {
SubjectKeyIdentifierExtension ski = getSubjectKeyIdentifierExtension(); SubjectKeyIdentifierExtension ski = getSubjectKeyIdentifierExtension();
if (ski != null) { if (ski != null) {
try { return ski.getKeyIdentifier();
return ski.get(SubjectKeyIdentifierExtension.KEY_ID);
} catch (IOException ioe) {} // not possible
} }
return null; return null;
} }
@ -1151,15 +983,10 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public boolean hasUnsupportedCriticalExtension() { public boolean hasUnsupportedCriticalExtension() {
if (info == null) if (info == null)
return false; return false;
try { CertificateExtensions exts = info.getExtensions();
CertificateExtensions exts = (CertificateExtensions)info.get( if (exts == null)
CertificateExtensions.NAME);
if (exts == null)
return false;
return exts.hasUnsupportedCriticalExtension();
} catch (Exception e) {
return false; return false;
} return exts.hasUnsupportedCriticalExtension();
} }
/** /**
@ -1175,8 +1002,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
return null; return null;
} }
try { try {
CertificateExtensions exts = (CertificateExtensions)info.get( CertificateExtensions exts = info.getExtensions();
CertificateExtensions.NAME);
if (exts == null) { if (exts == null) {
return null; return null;
} }
@ -1205,8 +1031,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
return null; return null;
} }
try { try {
CertificateExtensions exts = (CertificateExtensions)info.get( CertificateExtensions exts = info.getExtensions();
CertificateExtensions.NAME);
if (exts == null) { if (exts == null) {
return null; return null;
} }
@ -1234,50 +1059,32 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
if (info == null) { if (info == null) {
return null; return null;
} }
try { CertificateExtensions extensions = info.getExtensions();
CertificateExtensions extensions; if (extensions != null) {
try { Extension ex = extensions.getExtension(oid.toString());
extensions = (CertificateExtensions)info.get(CertificateExtensions.NAME); if (ex != null) {
} catch (CertificateException ce) { return ex;
return null;
} }
if (extensions != null) { for (Extension ex2 : extensions.getAllExtensions()) {
Extension ex = extensions.getExtension(oid.toString()); if (ex2.getExtensionId().equals(oid)) {
if (ex != null) { //XXXX May want to consider cloning this
return ex; return ex2;
} }
for (Extension ex2 : extensions.getAllExtensions()) {
if (ex2.getExtensionId().equals(oid)) {
//XXXX May want to consider cloning this
return ex2;
}
}
/* no such extension in this certificate */
} }
return null; /* no such extension in this certificate */
} catch (IOException ioe) {
return null;
} }
return null;
} }
public Extension getUnparseableExtension(ObjectIdentifier oid) { public Extension getUnparseableExtension(ObjectIdentifier oid) {
if (info == null) { if (info == null) {
return null; return null;
} }
try { CertificateExtensions extensions = info.getExtensions();
CertificateExtensions extensions; if (extensions == null) {
try {
extensions = (CertificateExtensions)info.get(CertificateExtensions.NAME);
} catch (CertificateException ce) {
return null;
}
if (extensions == null) {
return null;
} else {
return extensions.getUnparseableExtensions().get(oid.toString());
}
} catch (IOException ioe) {
return null; return null;
} else {
return extensions.getUnparseableExtensions().get(oid.toString());
} }
} }
@ -1292,8 +1099,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
ObjectIdentifier findOID = ObjectIdentifier.of(oid); ObjectIdentifier findOID = ObjectIdentifier.of(oid);
String extAlias = OIDMap.getName(findOID); String extAlias = OIDMap.getName(findOID);
Extension certExt = null; Extension certExt = null;
CertificateExtensions exts = (CertificateExtensions)info.get( CertificateExtensions exts = info.getExtensions();
CertificateExtensions.NAME);
if (extAlias == null) { // may be unknown if (extAlias == null) { // may be unknown
// get the extensions, search through' for this oid // get the extensions, search through' for this oid
@ -1309,11 +1115,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
} }
} }
} else { // there's subclass that can handle this extension } else { // there's subclass that can handle this extension
try { certExt = getInfo().getExtensions().getExtension(extAlias);
certExt = (Extension)this.get(extAlias);
} catch (CertificateException e) {
// get() throws an Exception instead of returning null, ignore
}
} }
if (certExt == null) { if (certExt == null) {
if (exts != null) { if (exts != null) {
@ -1342,11 +1144,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
*/ */
public boolean[] getKeyUsage() { public boolean[] getKeyUsage() {
try { try {
String extAlias = OIDMap.getName(PKIXExtensions.KeyUsage_Id); KeyUsageExtension certExt = (KeyUsageExtension)
if (extAlias == null) getInfo().getExtensions().getExtension(KeyUsageExtension.NAME);
return null;
KeyUsageExtension certExt = (KeyUsageExtension)this.get(extAlias);
if (certExt == null) if (certExt == null)
return null; return null;
@ -1435,18 +1234,12 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
*/ */
public int getBasicConstraints() { public int getBasicConstraints() {
try { try {
String extAlias = OIDMap.getName(PKIXExtensions.BasicConstraints_Id); BasicConstraintsExtension certExt = getBasicConstraintsExtension();
if (extAlias == null)
return -1;
BasicConstraintsExtension certExt =
(BasicConstraintsExtension)this.get(extAlias);
if (certExt == null) if (certExt == null)
return -1; return -1;
if (((Boolean) certExt.get(BasicConstraintsExtension.IS_CA)). if (certExt.isCa())
booleanValue()) return certExt.getPathLen();
return ((Integer)certExt.get(
BasicConstraintsExtension.PATH_LEN)).intValue();
else else
return -1; return -1;
} catch (Exception e) { } catch (Exception e) {
@ -1577,14 +1370,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
if (subjectAltNameExt == null) { if (subjectAltNameExt == null) {
return null; return null;
} }
GeneralNames names; GeneralNames names = subjectAltNameExt.getNames();
try {
names = subjectAltNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
} catch (IOException ioe) {
// should not occur
return Collections.emptySet();
}
subjectAlternativeNames = makeAltNames(names); subjectAlternativeNames = makeAltNames(names);
return subjectAlternativeNames; return subjectAlternativeNames;
} }
@ -1610,14 +1396,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
new SubjectAlternativeNameExtension(Boolean.FALSE, new SubjectAlternativeNameExtension(Boolean.FALSE,
data); data);
GeneralNames names; GeneralNames names = subjectAltNameExt.getNames();
try {
names = subjectAltNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
} catch (IOException ioe) {
// should not occur
return Collections.emptySet();
}
return makeAltNames(names); return makeAltNames(names);
} catch (IOException ioe) { } catch (IOException ioe) {
throw new CertificateParsingException(ioe); throw new CertificateParsingException(ioe);
@ -1643,14 +1422,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
if (issuerAltNameExt == null) { if (issuerAltNameExt == null) {
return null; return null;
} }
GeneralNames names; GeneralNames names = issuerAltNameExt.getNames();
try {
names = issuerAltNameExt.get(
IssuerAlternativeNameExtension.ISSUER_NAME);
} catch (IOException ioe) {
// should not occur
return Collections.emptySet();
}
issuerAlternativeNames = makeAltNames(names); issuerAlternativeNames = makeAltNames(names);
return issuerAlternativeNames; return issuerAlternativeNames;
} }
@ -1676,14 +1448,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
IssuerAlternativeNameExtension issuerAltNameExt = IssuerAlternativeNameExtension issuerAltNameExt =
new IssuerAlternativeNameExtension(Boolean.FALSE, new IssuerAlternativeNameExtension(Boolean.FALSE,
data); data);
GeneralNames names; GeneralNames names = issuerAltNameExt.getNames();
try {
names = issuerAltNameExt.get(
IssuerAlternativeNameExtension.ISSUER_NAME);
} catch (IOException ioe) {
// should not occur
return Collections.emptySet();
}
return makeAltNames(names); return makeAltNames(names);
} catch (IOException ioe) { } catch (IOException ioe) {
throw new CertificateParsingException(ioe); throw new CertificateParsingException(ioe);
@ -1746,10 +1511,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
info = new X509CertInfo(seq[0]); info = new X509CertInfo(seq[0]);
// the "inner" and "outer" signature algorithms must match // the "inner" and "outer" signature algorithms must match
AlgorithmId infoSigAlg = (AlgorithmId)info.get( AlgorithmId infoSigAlg = info.getAlgorithmId().getAlgId();
CertificateAlgorithmId.NAME
+ DOT +
CertificateAlgorithmId.ALGORITHM);
if (! algId.equals(infoSigAlg)) if (! algId.equals(infoSigAlg))
throw new CertificateException("Signature algorithm mismatch"); throw new CertificateException("Signature algorithm mismatch");
readOnly = true; readOnly = true;

367
src/java.base/share/classes/sun/security/x509/X509CertInfo.java
View file

@ -61,12 +61,8 @@ import sun.security.util.HexDumpEncoder;
* @see CertAttrSet * @see CertAttrSet
* @see X509CertImpl * @see X509CertImpl
*/ */
public class X509CertInfo implements CertAttrSet<String> { public class X509CertInfo {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info";
// Certificate attribute names // Certificate attribute names
public static final String NAME = "info"; public static final String NAME = "info";
public static final String DN_NAME = "dname"; public static final String DN_NAME = "dname";
@ -97,36 +93,9 @@ public class X509CertInfo implements CertAttrSet<String> {
// X509.v3 extensions // X509.v3 extensions
protected CertificateExtensions extensions = null; protected CertificateExtensions extensions = null;
// Attribute numbers for internal manipulation
private static final int ATTR_VERSION = 1;
private static final int ATTR_SERIAL = 2;
private static final int ATTR_ALGORITHM = 3;
private static final int ATTR_ISSUER = 4;
private static final int ATTR_VALIDITY = 5;
private static final int ATTR_SUBJECT = 6;
private static final int ATTR_KEY = 7;
private static final int ATTR_ISSUER_ID = 8;
private static final int ATTR_SUBJECT_ID = 9;
private static final int ATTR_EXTENSIONS = 10;
// DER encoded CertificateInfo data // DER encoded CertificateInfo data
private byte[] rawCertInfo = null; private byte[] rawCertInfo = null;
// The certificate attribute name to integer mapping stored here
private static final Map<String,Integer> map = new HashMap<>();
static {
map.put(VERSION, Integer.valueOf(ATTR_VERSION));
map.put(SERIAL_NUMBER, Integer.valueOf(ATTR_SERIAL));
map.put(ALGORITHM_ID, Integer.valueOf(ATTR_ALGORITHM));
map.put(ISSUER, Integer.valueOf(ATTR_ISSUER));
map.put(VALIDITY, Integer.valueOf(ATTR_VALIDITY));
map.put(SUBJECT, Integer.valueOf(ATTR_SUBJECT));
map.put(KEY, Integer.valueOf(ATTR_KEY));
map.put(ISSUER_ID, Integer.valueOf(ATTR_ISSUER_ID));
map.put(SUBJECT_ID, Integer.valueOf(ATTR_SUBJECT_ID));
map.put(EXTENSIONS, Integer.valueOf(ATTR_EXTENSIONS));
}
/** /**
* Construct an uninitialized X509CertInfo on which <a href="#decode"> * Construct an uninitialized X509CertInfo on which <a href="#decode">
* decode</a> must later be called (or which may be deserialized). * decode</a> must later be called (or which may be deserialized).
@ -178,7 +147,6 @@ public class X509CertInfo implements CertAttrSet<String> {
* @exception CertificateException on encoding errors. * @exception CertificateException on encoding errors.
* @exception IOException on other errors. * @exception IOException on other errors.
*/ */
@Override
public void encode(DerOutputStream out) public void encode(DerOutputStream out)
throws CertificateException, IOException { throws CertificateException, IOException {
if (rawCertInfo == null) { if (rawCertInfo == null) {
@ -232,18 +200,18 @@ public class X509CertInfo implements CertAttrSet<String> {
*/ */
public boolean equals(X509CertInfo other) { public boolean equals(X509CertInfo other) {
if (this == other) { if (this == other) {
return(true); return true;
} else if (rawCertInfo == null || other.rawCertInfo == null) { } else if (rawCertInfo == null || other.rawCertInfo == null) {
return(false); return false;
} else if (rawCertInfo.length != other.rawCertInfo.length) { } else if (rawCertInfo.length != other.rawCertInfo.length) {
return(false); return false;
} }
for (int i = 0; i < rawCertInfo.length; i++) { for (int i = 0; i < rawCertInfo.length; i++) {
if (rawCertInfo[i] != other.rawCertInfo[i]) { if (rawCertInfo[i] != other.rawCertInfo[i]) {
return(false); return false;
} }
} }
return(true); return true;
} }
/** /**
@ -256,7 +224,7 @@ public class X509CertInfo implements CertAttrSet<String> {
for (int i = 1; i < rawCertInfo.length; i++) { for (int i = 1; i < rawCertInfo.length; i++) {
retval += rawCertInfo[i] * i; retval += rawCertInfo[i] * i;
} }
return(retval); return retval;
} }
/** /**
@ -331,175 +299,24 @@ public class X509CertInfo implements CertAttrSet<String> {
return sb.toString(); return sb.toString();
} }
/** public CertificateExtensions getExtensions() {
* Set the certificate attribute. return extensions;
*
* @param name the name of the Certificate attribute.
* @param val the value of the Certificate attribute.
* @exception CertificateException on invalid attributes.
* @exception IOException on other errors.
*/
public void set(String name, Object val)
throws CertificateException, IOException {
X509AttributeName attrName = new X509AttributeName(name);
int attr = attributeMap(attrName.getPrefix());
if (attr == 0) {
throw new CertificateException("Attribute name not recognized: "
+ name);
}
// set rawCertInfo to null, so that we are forced to re-encode
rawCertInfo = null;
String suffix = attrName.getSuffix();
switch (attr) {
case ATTR_VERSION:
if (suffix == null) {
setVersion(val);
} else {
version.set(suffix, val);
}
break;
case ATTR_SERIAL:
if (suffix == null) {
setSerialNumber(val);
} else {
serialNum.set(suffix, val);
}
break;
case ATTR_ALGORITHM:
if (suffix == null) {
setAlgorithmId(val);
} else {
algId.set(suffix, val);
}
break;
case ATTR_ISSUER:
setIssuer(val);
break;
case ATTR_VALIDITY:
if (suffix == null) {
setValidity(val);
} else {
interval.set(suffix, val);
}
break;
case ATTR_SUBJECT:
setSubject(val);
break;
case ATTR_KEY:
if (suffix == null) {
setKey(val);
} else {
pubKey.set(suffix, val);
}
break;
case ATTR_ISSUER_ID:
setIssuerUniqueId(val);
break;
case ATTR_SUBJECT_ID:
setSubjectUniqueId(val);
break;
case ATTR_EXTENSIONS:
if (suffix == null) {
setExtensions(val);
} else {
if (extensions == null)
extensions = new CertificateExtensions();
extensions.set(suffix, val);
}
break;
}
} }
public UniqueIdentity getIssuerUniqueId() {
return issuerUniqueId;
}
/** public UniqueIdentity getSubjectUniqueId() {
* Get the certificate attribute. return subjectUniqueId;
* }
* @param name the name of the Certificate attribute.
*
* @exception CertificateException on invalid attributes.
* @exception IOException on other errors.
*/
public Object get(String name)
throws CertificateException, IOException {
X509AttributeName attrName = new X509AttributeName(name);
int attr = attributeMap(attrName.getPrefix()); public X500Name getIssuer() {
if (attr == 0) { return issuer;
throw new CertificateParsingException( }
"Attribute name not recognized: " + name);
}
String suffix = attrName.getSuffix();
switch (attr) { // frequently used attributes first public X500Name getSubject() {
case (ATTR_EXTENSIONS): return subject;
if (suffix == null) {
return(extensions);
} else {
if (extensions == null) {
return null;
} else {
return(extensions.get(suffix));
}
}
case (ATTR_SUBJECT):
if (suffix == null) {
return(subject);
} else {
return(getX500Name(suffix, false));
}
case (ATTR_ISSUER):
if (suffix == null) {
return(issuer);
} else {
return(getX500Name(suffix, true));
}
case (ATTR_KEY):
if (suffix == null) {
return(pubKey);
} else {
return(pubKey.get(suffix));
}
case (ATTR_ALGORITHM):
if (suffix == null) {
return(algId);
} else {
return(algId.get(suffix));
}
case (ATTR_VALIDITY):
if (suffix == null) {
return(interval);
} else {
return(interval.get(suffix));
}
case (ATTR_VERSION):
if (suffix == null) {
return(version);
} else {
return(version.get(suffix));
}
case (ATTR_SERIAL):
if (suffix == null) {
return(serialNum);
} else {
return(serialNum.get(suffix));
}
case (ATTR_ISSUER_ID):
return(issuerUniqueId);
case (ATTR_SUBJECT_ID):
return(subjectUniqueId);
}
return null;
} }
/* /*
@ -621,18 +438,15 @@ public class X509CertInfo implements CertAttrSet<String> {
"incomplete: subject field is empty, and certificate " + "incomplete: subject field is empty, and certificate " +
"has no extensions"); "has no extensions");
} }
SubjectAlternativeNameExtension subjectAltNameExt; SubjectAlternativeNameExtension subjectAltNameExt =
GeneralNames names; (SubjectAlternativeNameExtension)
try { extensions.getExtension(SubjectAlternativeNameExtension.NAME);
subjectAltNameExt = (SubjectAlternativeNameExtension) if (subjectAltNameExt == null) {
extensions.get(SubjectAlternativeNameExtension.NAME);
names = subjectAltNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
} catch (IOException e) {
throw new CertificateParsingException("X.509 Certificate is " + throw new CertificateParsingException("X.509 Certificate is " +
"incomplete: subject field is empty, and " + "incomplete: subject field is empty, and " +
"SubjectAlternativeName extension is absent"); "SubjectAlternativeName extension is absent");
} }
GeneralNames names = subjectAltNameExt.getNames();
// SubjectAlternativeName extension is empty or not marked critical // SubjectAlternativeName extension is empty or not marked critical
if (names == null || names.isEmpty()) { if (names == null || names.isEmpty()) {
@ -697,28 +511,20 @@ public class X509CertInfo implements CertAttrSet<String> {
out.write(DerValue.tag_Sequence, tmp); out.write(DerValue.tag_Sequence, tmp);
} }
/**
* Returns the integer attribute number for the passed attribute name.
*/
private int attributeMap(String name) {
Integer num = map.get(name);
if (num == null) {
return 0;
}
return num.intValue();
}
/** /**
* Set the version number of the certificate. * Set the version number of the certificate.
* *
* @param val the Object class value for the Extensions * @param val the Object class value for the Extensions
* @exception CertificateException on invalid data. * @exception CertificateException on invalid data.
*/ */
private void setVersion(Object val) throws CertificateException { public void setVersion(CertificateVersion val) {
if (!(val instanceof CertificateVersion)) { // set rawCertInfo to null, so that we are forced to re-encode
throw new CertificateException("Version class type invalid."); rawCertInfo = null;
} version = val;
version = (CertificateVersion)val; }
public CertificateVersion getVersion() {
return version;
} }
/** /**
@ -727,11 +533,14 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the CertificateSerialNumber * @param val the Object class value for the CertificateSerialNumber
* @exception CertificateException on invalid data. * @exception CertificateException on invalid data.
*/ */
private void setSerialNumber(Object val) throws CertificateException { public void setSerialNumber(CertificateSerialNumber val) {
if (!(val instanceof CertificateSerialNumber)) { // set rawCertInfo to null, so that we are forced to re-encode
throw new CertificateException("SerialNumber class type invalid."); rawCertInfo = null;
} serialNum = val;
serialNum = (CertificateSerialNumber)val; }
public CertificateSerialNumber getSerialNumber() {
return serialNum;
} }
/** /**
@ -740,12 +549,14 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the AlgorithmId * @param val the Object class value for the AlgorithmId
* @exception CertificateException on invalid data. * @exception CertificateException on invalid data.
*/ */
private void setAlgorithmId(Object val) throws CertificateException { public void setAlgorithmId(CertificateAlgorithmId val) {
if (!(val instanceof CertificateAlgorithmId)) { // set rawCertInfo to null, so that we are forced to re-encode
throw new CertificateException( rawCertInfo = null;
"AlgorithmId class type invalid."); algId = val;
} }
algId = (CertificateAlgorithmId)val;
public CertificateAlgorithmId getAlgorithmId() {
return algId;
} }
/** /**
@ -754,12 +565,10 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the issuer * @param val the Object class value for the issuer
* @exception CertificateException on invalid data. * @exception CertificateException on invalid data.
*/ */
private void setIssuer(Object val) throws CertificateException { public void setIssuer(X500Name val) {
if (!(val instanceof X500Name)) { // set rawCertInfo to null, so that we are forced to re-encode
throw new CertificateException( rawCertInfo = null;
"Issuer class type invalid."); issuer = val;
}
issuer = (X500Name)val;
} }
/** /**
@ -768,12 +577,14 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the CertificateValidity * @param val the Object class value for the CertificateValidity
* @exception CertificateException on invalid data. * @exception CertificateException on invalid data.
*/ */
private void setValidity(Object val) throws CertificateException { public void setValidity(CertificateValidity val) {
if (!(val instanceof CertificateValidity)) { // set rawCertInfo to null, so that we are forced to re-encode
throw new CertificateException( rawCertInfo = null;
"CertificateValidity class type invalid."); interval = val;
} }
interval = (CertificateValidity)val;
public CertificateValidity getValidity() {
return interval;
} }
/** /**
@ -782,12 +593,10 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the Subject * @param val the Object class value for the Subject
* @exception CertificateException on invalid data. * @exception CertificateException on invalid data.
*/ */
private void setSubject(Object val) throws CertificateException { public void setSubject(X500Name val) throws CertificateException {
if (!(val instanceof X500Name)) { // set rawCertInfo to null, so that we are forced to re-encode
throw new CertificateException( rawCertInfo = null;
"Subject class type invalid."); subject = val;
}
subject = (X500Name)val;
} }
/** /**
@ -796,12 +605,14 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the PublicKey * @param val the Object class value for the PublicKey
* @exception CertificateException on invalid data. * @exception CertificateException on invalid data.
*/ */
private void setKey(Object val) throws CertificateException { public void setKey(CertificateX509Key val) {
if (!(val instanceof CertificateX509Key)) { // set rawCertInfo to null, so that we are forced to re-encode
throw new CertificateException( rawCertInfo = null;
"Key class type invalid."); pubKey = val;
} }
pubKey = (CertificateX509Key)val;
public CertificateX509Key getKey() {
return pubKey;
} }
/** /**
@ -810,15 +621,13 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the IssuerUniqueId * @param val the Object class value for the IssuerUniqueId
* @exception CertificateException * @exception CertificateException
*/ */
private void setIssuerUniqueId(Object val) throws CertificateException { public void setIssuerUniqueId(UniqueIdentity val) throws CertificateException {
// set rawCertInfo to null, so that we are forced to re-encode
rawCertInfo = null;
if (version.compare(CertificateVersion.V2) < 0) { if (version.compare(CertificateVersion.V2) < 0) {
throw new CertificateException("Invalid version"); throw new CertificateException("Invalid version");
} }
if (!(val instanceof UniqueIdentity)) { issuerUniqueId = val;
throw new CertificateException(
"IssuerUniqueId class type invalid.");
}
issuerUniqueId = (UniqueIdentity)val;
} }
/** /**
@ -827,15 +636,13 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the SubjectUniqueId * @param val the Object class value for the SubjectUniqueId
* @exception CertificateException * @exception CertificateException
*/ */
private void setSubjectUniqueId(Object val) throws CertificateException { public void setSubjectUniqueId(UniqueIdentity val) throws CertificateException {
// set rawCertInfo to null, so that we are forced to re-encode
rawCertInfo = null;
if (version.compare(CertificateVersion.V2) < 0) { if (version.compare(CertificateVersion.V2) < 0) {
throw new CertificateException("Invalid version"); throw new CertificateException("Invalid version");
} }
if (!(val instanceof UniqueIdentity)) { subjectUniqueId = val;
throw new CertificateException(
"SubjectUniqueId class type invalid.");
}
subjectUniqueId = (UniqueIdentity)val;
} }
/** /**
@ -844,14 +651,12 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the Extensions * @param val the Object class value for the Extensions
* @exception CertificateException * @exception CertificateException
*/ */
private void setExtensions(Object val) throws CertificateException { public void setExtensions(CertificateExtensions val) throws CertificateException {
// set rawCertInfo to null, so that we are forced to re-encode
rawCertInfo = null;
if (version.compare(CertificateVersion.V3) < 0) { if (version.compare(CertificateVersion.V3) < 0) {
throw new CertificateException("Invalid version"); throw new CertificateException("Invalid version");
} }
if (!(val instanceof CertificateExtensions)) { extensions = val;
throw new CertificateException(
"Extensions class type invalid.");
}
extensions = (CertificateExtensions)val;
} }
} }

245
src/java.base/share/classes/sun/security/x509/certAttributes.html
View file

@ -1,245 +0,0 @@
<HTML>
<BODY>
<HEAD>
<TITLE>Certificate Attributes</TITLE>
</HEAD>
<h2><center>Certificate Attributes</center></h2>
<font size=3><center>July 1998</font></center>
<p>
In JDK1.2 we provide an implementation of X.509 (version 3).
The X509CertImpl class supports the following methods to
manipulate the various attributes of a certificate:
<pre>
Object get(String name), and
void set(String name, Object value)
</pre>
A list of all the X.509 v3 Certificate attributes that can be manipulated
is provided in the following table.
For example, if you want to get the signature component of
the certificate:
<pre>
X509CertImpl cert;
// get the certificate object
byte[] sig = (byte[])cert.get("x509.signature");
// using the fully-qualified identifier
OR
byte[] sig = (byte[])cert.get(X509CertImpl.SIG);
// using defined constants
</pre>
<p>
<table border=1>
<caption>sun.security.x509.X509CertImpl</caption>
<tr>
<td><strong>Attribute</strong></td>
<td><strong>Fully-qualified identifier</strong></td>
<td><strong>Defined constants</strong></td>
<td><strong>Type of Object returned</strong><br>
(in sun.security.x509 unless fully-qualified)</td>
</tr>
<tr>
<td>signatureAlgorithm</td>
<td>x509.algorithm</td>
<td>X509CertImpl.SIG_ALG</td>
<td>AlgorithmId</td>
</tr>
<tr>
<td>signature</td>
<td>x509.signature</td>
<td>X509CertImpl.SIG</td>
<td>byte[]</td>
</tr>
<tr>
<td>tbsCertificate</td>
<td>x509.info</td>
<td>X509CertInfo.IDENT</td>
<td>X509CertInfo</td>
</tr>
<tr>
<td>version</td>
<td>x509.info.version<br>
x509.info.version.number</td>
<td>CertificateVersion.IDENT<br>
none</td>
<td>CertificateVersion<br>
java.lang.Integer</td>
</tr>
<tr>
<td>serialNumber</td>
<td>x509.info.serialNumber<br>
x509.info.serialNumber.number</td>
<td>CertificateSerialNumber.IDENT<br>
X509CertImpl.SERIAL_ID</td>
<td>CertificateSerialNumber<br>
SerialNumber</td>
</tr>
<tr>
<td>signature</td>
<td>x509.info.algorithmID<br>
x509.info.algorithmID.algorithm</td>
<td>CertificateAlgorithmId.IDENT<br>
none</td>
<td>CertificateAlgorithmId<br>
AlgorithmId</td>
</tr>
<tr>
<td>issuer</td>
<td>x509.info.issuer<br>
x509.info.issuer.dname</td>
<td>none<br>
X509CertImpl.ISSUER_DN</td>
<td>X500Name<br>
X500Name</td>
</tr>
<tr>
<td>validity<br>
validity.notAfter<br>
validity.notBefore</td>
<td>x509.info.validity<br>
x509.info.validity.notAfter<br>
x509.info.validity.notBefore</td>
<td>CertificateValidity.IDENT<br>
none<br>
none</td>
<td>CertificateValidity<br>
java.util.Date<br>
java.util.Date</td>
</tr>
<tr>
<td>subject</td>
<td>x509.info.subject<br>
x509.info.subject.dname</td>
<td>none<br>
X509CertImpl.SUBJECT_DN</td>
<td>X500Name<br>
X500Name</td>
</tr>
<tr>
<td>subjectPublicKeyInfo</td>
<td>x509.info.key<br>
x509.info.key.value</td>
<td>CertificateX509Key.IDENT<br>
X509CertImpl.PUBLIC_KEY</td>
<td>CertificateX509Key<br>
X509Key</td>
</tr>
<tr>
<td>issuerUniqueID</td>
<td>x509.info.issuerID<br>
x509.info.issuerID.id</td>
<td>none<br>
none</td>
<td>UniqueIdentity<br>
UniqueIdentity</td>
</tr>
<tr>
<td>subjectUniqueID</td>
<td>x509.info.subjectID<br>
x509.info.subjectID.id</td>
<td>none<br>
none</td>
<td>UniqueIdentity<br>
UniqueIdentity</td>
</tr>
<tr>
<td>extensions</td>
<td>x509.info.extensions</td>
<td>CertificateExtensions.IDENT</td>
<td>CertificateExtensions</td>
</tr>
</table>
<br>
<br>
<table border=1>
<caption>X.509 V3 certificate extensions</caption>
<tr>
<td><strong>Extension</strong></td>
<td><strong>Extension attribute identifier</strong></td>
<td><strong>Short form</strong></td>
<td><strong>Type of Object returned</strong></td>
</tr>
<tr>
<td>Authority Key Identifier</td>
<td>x509.info.extensions.AuthorityKeyIdentifier</td>
<td>AuthorityKeyIdentifierExtension.IDENT</td>
<td>AuthorityKeyIdentifierExtension</td>
</tr>
<tr>
<td>Subject Key Identifier</td>
<td>x509.info.extensions.SubjectKeyIdentifier</td>
<td>SubjectKeyIdentifierExtension.IDENT</td>
<td>SubjectKeyIdentifierExtension</td>
</tr>
<tr>
<td>Key Usage</td>
<td>x509.info.extensions.KeyUsage</td>
<td>KeyUsageExtension.IDENT</td>
<td>KeyUsageExtension</td>
</tr>
<tr>
<td>Private Key Usage Period</td>
<td>x509.info.extensions.PrivateKeyUsage</td>
<td>PrivateKeyUsageExtension.IDENT</td>
<td>PrivateKeyUsageExtension</td>
</tr>
<tr>
<td>Policy Mappings</td>
<td>x509.info.extensions.PolicyMappings</td>
<td>PolicyMappingsExtension.IDENT</td>
<td>PolicyMappingsExtension</td>
</tr>
<tr>
<td>Subject Alternative Name</td>
<td>x509.info.extensions.SubjectAlternativeName</td>
<td>SubjectAlternativeNameExtension.IDENT</td>
<td>SubjectAlternativeNameExtension</td>
</tr>
<tr>
<td>Issuer Alternative Name</td>
<td>x509.info.extensions.IssuerAlternativeName</td>
<td>IssuerAlternativeNameExtension.IDENT</td>
<td>IssuerAlternativeNameExtension</td>
</tr>
<tr>
<td>Basic Constraints</td>
<td>x509.info.extensions.BasicConstraints</td>
<td>BasicConstraintsExtension.IDENT</td>
<td>BasicConstraintsExtension</td>
</tr>
<tr>
<td>Name Constraints</td>
<td>x509.info.extensions.NameConstraints</td>
<td>NameConstraintsExtension.IDENT</td>
<td>NameConstraintsExtension</td>
</tr>
<tr>
<td>Policy Constraints</td>
<td>x509.info.extensions.PolicyConstraints</td>
<td>PolicyConstraintsExtension.IDENT</td>
<td>PolicyConstraintsExtension</td>
</tr>
<tr>
<td>Netscape Certificate Type</td>
<td>x509.info.extensions.NetscapeCertType</td>
<td>NetscapeCertTypeExtension.IDENT</td>
<td>NetscapeCertTypeExtension</td>
</tr>
</table>
<p>
Extensions can be added by implementing the
<code>sun.security.x509.CertAttrSet</code> interface and
subclassing <code>sun.security.x509.Extension</code> class.
Register the new extension using the OIDMap class.
The following extensions are not currently supported from the
PKIX profile:
<table>
<tr>
<td>Name</td>
<td>ObjectIdentifier</td>
</tr>
<tr>
<td>CertificatePolicies</td>
<td>2.5.29.32</td>
</tr>
</table>
</BODY>
</HTML>

2
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
View file

@ -2400,7 +2400,7 @@ public class Main {
NetscapeCertTypeExtension extn = NetscapeCertTypeExtension extn =
new NetscapeCertTypeExtension(encoded); new NetscapeCertTypeExtension(encoded);
Boolean val = extn.get(NetscapeCertTypeExtension.OBJECT_SIGNING); boolean val = extn.get(NetscapeCertTypeExtension.OBJECT_SIGNING);
if (!val) { if (!val) {
if (bad != null) { if (bad != null) {
bad[2] = true; bad[2] = true;

18
test/jdk/java/security/cert/X509CertSelectorTest.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -21,13 +21,9 @@
* questions. * questions.
*/ */
import static sun.security.x509.GeneralNameInterface.NAME_DIRECTORY; import static sun.security.x509.GeneralNameInterface.NAME_DIRECTORY;
import static sun.security.x509.NameConstraintsExtension.EXCLUDED_SUBTREES;
import static sun.security.x509.NameConstraintsExtension.PERMITTED_SUBTREES;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger; import java.math.BigInteger;
import java.security.GeneralSecurityException; import java.security.GeneralSecurityException;
import java.security.KeyFactory; import java.security.KeyFactory;
@ -284,7 +280,7 @@ public class X509CertSelectorTest {
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16")); DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16"));
byte[] encoded = in.getOctetString(); byte[] encoded = in.getOctetString();
PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded); PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded);
Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE); Date validDate = ext.getNotBefore();
selector.setPrivateKeyValid(validDate); selector.setPrivateKeyValid(validDate);
checkMatch(selector, cert, true); checkMatch(selector, cert, true);
@ -351,8 +347,8 @@ public class X509CertSelectorTest {
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17")); DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17"));
byte[] encoded = in.getOctetString(); byte[] encoded = in.getOctetString();
SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded); SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded);
GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); GeneralNames names = ext.getNames();
GeneralName name = (GeneralName) names.get(0); GeneralName name = names.get(0);
selector.setSubjectAlternativeNames(null); selector.setSubjectAlternativeNames(null);
DerOutputStream tmp2 = new DerOutputStream(); DerOutputStream tmp2 = new DerOutputStream();
name.getName().encode(tmp2); name.getName().encode(tmp2);
@ -383,7 +379,7 @@ public class X509CertSelectorTest {
// good match // good match
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32")); DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString()); CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES); List<PolicyInformation> policies = ext.getCertPolicies();
// match on the first policy id // match on the first policy id
PolicyInformation policyInfo = (PolicyInformation) policies.get(0); PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
s.clear(); s.clear();
@ -403,8 +399,8 @@ public class X509CertSelectorTest {
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.30")); DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.30"));
byte[] encoded = in.getOctetString(); byte[] encoded = in.getOctetString();
NameConstraintsExtension ext = new NameConstraintsExtension(false, encoded); NameConstraintsExtension ext = new NameConstraintsExtension(false, encoded);
GeneralSubtrees permitted = (GeneralSubtrees) ext.get(PERMITTED_SUBTREES); GeneralSubtrees permitted = ext.getPermittedSubtrees();
GeneralSubtrees excluded = (GeneralSubtrees) ext.get(EXCLUDED_SUBTREES); GeneralSubtrees excluded = ext.getExcludedSubtrees();
// bad matches on pathToName within excluded subtrees // bad matches on pathToName within excluded subtrees
if (excluded != null) { if (excluded != null) {

17
test/jdk/sun/security/pkcs/pkcs7/SignerOrder.java
View file

@ -245,17 +245,14 @@ class SimpleSigner {
X509CertInfo info = new X509CertInfo(); X509CertInfo info = new X509CertInfo();
// Add all mandatory attributes // Add all mandatory attributes
info.set(X509CertInfo.VERSION, info.setVersion(new CertificateVersion(CertificateVersion.V1));
new CertificateVersion(CertificateVersion.V1)); info.setSerialNumber(new CertificateSerialNumber(
info.set(X509CertInfo.SERIAL_NUMBER,
new CertificateSerialNumber(
(int) (firstDate.getTime() / 1000))); (int) (firstDate.getTime() / 1000)));
info.set(X509CertInfo.ALGORITHM_ID, info.setAlgorithmId(new CertificateAlgorithmId(algId));
new CertificateAlgorithmId(algId)); info.setSubject(agent);
info.set(X509CertInfo.SUBJECT, agent); info.setKey(new CertificateX509Key(publicKey));
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey)); info.setValidity(interval);
info.set(X509CertInfo.VALIDITY, interval); info.setIssuer(agent);
info.set(X509CertInfo.ISSUER, agent);
certLocal = new X509CertImpl(info); certLocal = new X509CertImpl(info);
certLocal.sign(privateKey, algId.getName()); certLocal.sign(privateKey, algId.getName());

11
test/jdk/sun/security/provider/X509Factory/BigCRL.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2011, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -35,7 +35,6 @@ import java.security.KeyStore;
import java.security.cert.Certificate; import java.security.cert.Certificate;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.cert.X509CRLEntry; import java.security.cert.X509CRLEntry;
import java.util.Arrays;
import java.util.Date; import java.util.Date;
import sun.security.x509.*; import sun.security.x509.*;
import java.security.cert.CertificateFactory; import java.security.cert.CertificateFactory;
@ -55,10 +54,8 @@ public class BigCRL {
Certificate signerCert = keyStore.getCertificate(alias); Certificate signerCert = keyStore.getCertificate(alias);
byte[] encoded = signerCert.getEncoded(); byte[] encoded = signerCert.getEncoded();
X509CertImpl signerCertImpl = new X509CertImpl(encoded); X509CertImpl signerCertImpl = new X509CertImpl(encoded);
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( X509CertInfo signerCertInfo = signerCertImpl.getInfo();
X509CertImpl.NAME + "." + X509CertImpl.INFO); X500Name owner = signerCertInfo.getSubject();
X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
+ X509CertInfo.DN_NAME);
Date date = new Date(); Date date = new Date();
PrivateKey privateKey = (PrivateKey) PrivateKey privateKey = (PrivateKey)
@ -67,7 +64,7 @@ public class BigCRL {
X509CRLEntry[] badCerts = new X509CRLEntry[n]; X509CRLEntry[] badCerts = new X509CRLEntry[n];
CRLExtensions ext = new CRLExtensions(); CRLExtensions ext = new CRLExtensions();
ext.set("Reason", new CRLReasonCodeExtension(1)); ext.setExtension("Reason", new CRLReasonCodeExtension(1));
for (int i = 0; i < n; i++) { for (int i = 0; i < n; i++) {
badCerts[i] = new X509CRLEntryImpl( badCerts[i] = new X509CRLEntryImpl(
BigInteger.valueOf(i), date, ext); BigInteger.valueOf(i), date, ext);

4
test/jdk/sun/security/ssl/X509KeyManager/NoGoodKey.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2021, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -55,7 +55,7 @@ public class NoGoodKey {
Vector<ObjectIdentifier> xku = new Vector<>(1); Vector<ObjectIdentifier> xku = new Vector<>(1);
xku.add(ObjectIdentifier.of(KnownOIDs.KP_TimeStamping)); xku.add(ObjectIdentifier.of(KnownOIDs.KP_TimeStamping));
var ext = new ExtendedKeyUsageExtension(xku); var ext = new ExtendedKeyUsageExtension(xku);
exts.set(ext.getId(), ext); exts.setExtension(ext.getId(), ext);
KeyStore ks = KeyStore.getInstance("pkcs12"); KeyStore ks = KeyStore.getInstance("pkcs12");
char[] pass = "password".toCharArray(); char[] pass = "password".toCharArray();

2
test/jdk/sun/security/x509/OtherName/Parse.java
View file

@ -76,7 +76,7 @@ public class Parse {
names.add(new GeneralName( names.add(new GeneralName(
new OtherName(ObjectIdentifier.of("1.2.3.6"), d2))); new OtherName(ObjectIdentifier.of("1.2.3.6"), d2)));
exts.set("x", new SubjectAlternativeNameExtension(names)); exts.setExtension("x", new SubjectAlternativeNameExtension(names));
CertAndKeyGen g = new CertAndKeyGen("Ed25519", "Ed25519"); CertAndKeyGen g = new CertAndKeyGen("Ed25519", "Ed25519");
g.generate(-1); g.generate(-1);
X509Certificate x = g.getSelfCertificate(new X500Name("CN=ME"), X509Certificate x = g.getSelfCertificate(new X500Name("CN=ME"),

50
test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -122,21 +122,17 @@ public class V3Certificate {
// Certificate Info // Certificate Info
X509CertInfo cert = new X509CertInfo(); X509CertInfo cert = new X509CertInfo();
cert.set(X509CertInfo.VERSION, cert.setVersion(new CertificateVersion(CertificateVersion.V3));
new CertificateVersion(CertificateVersion.V3)); cert.setSerialNumber(new CertificateSerialNumber((int) (firstDate.getTime() / 1000)));
cert.set(X509CertInfo.SERIAL_NUMBER, cert.setAlgorithmId(new CertificateAlgorithmId(AlgorithmId.get(sigAlg)));
new CertificateSerialNumber((int) (firstDate.getTime() / 1000))); cert.setSubject(subject);
cert.set(X509CertInfo.ALGORITHM_ID, cert.setKey(new CertificateX509Key(publicKey));
new CertificateAlgorithmId(AlgorithmId.get(sigAlg))); cert.setValidity(interval);
cert.set(X509CertInfo.SUBJECT, subject); cert.setIssuer(issuer);
cert.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
cert.set(X509CertInfo.VALIDITY, interval);
cert.set(X509CertInfo.ISSUER, issuer);
cert.set(X509CertInfo.ISSUER_ID, cert.setIssuerUniqueId(new UniqueIdentity(
new UniqueIdentity(
new BitArray(issuerId.length * 8 - 2, issuerId))); new BitArray(issuerId.length * 8 - 2, issuerId)));
cert.set(X509CertInfo.SUBJECT_ID, new UniqueIdentity(subjectId)); cert.setSubjectUniqueId(new UniqueIdentity(subjectId));
// Create Extensions // Create Extensions
CertificateExtensions exts = new CertificateExtensions(); CertificateExtensions exts = new CertificateExtensions();
@ -163,13 +159,9 @@ public class V3Certificate {
IssuerAlternativeNameExtension issuerName IssuerAlternativeNameExtension issuerName
= new IssuerAlternativeNameExtension(); = new IssuerAlternativeNameExtension();
GeneralNames subjectNames GeneralNames subjectNames = subjectName.getNames();
= (GeneralNames) subjectName.
get(SubjectAlternativeNameExtension.SUBJECT_NAME);
GeneralNames issuerNames GeneralNames issuerNames = issuerName.getNames();
= (GeneralNames) issuerName.
get(IssuerAlternativeNameExtension.ISSUER_NAME);
subjectNames.add(mail); subjectNames.add(mail);
subjectNames.add(dns); subjectNames.add(dns);
@ -201,15 +193,15 @@ public class V3Certificate {
PolicyConstraintsExtension pce = new PolicyConstraintsExtension(2, 4); PolicyConstraintsExtension pce = new PolicyConstraintsExtension(2, 4);
exts.set(SubjectAlternativeNameExtension.NAME, subjectName); exts.setExtension(SubjectAlternativeNameExtension.NAME, subjectName);
exts.set(IssuerAlternativeNameExtension.NAME, issuerName); exts.setExtension(IssuerAlternativeNameExtension.NAME, issuerName);
exts.set(PrivateKeyUsageExtension.NAME, pkusage); exts.setExtension(PrivateKeyUsageExtension.NAME, pkusage);
exts.set(KeyUsageExtension.NAME, usage); exts.setExtension(KeyUsageExtension.NAME, usage);
exts.set(AuthorityKeyIdentifierExtension.NAME, aki); exts.setExtension(AuthorityKeyIdentifierExtension.NAME, aki);
exts.set(SubjectKeyIdentifierExtension.NAME, ski); exts.setExtension(SubjectKeyIdentifierExtension.NAME, ski);
exts.set(BasicConstraintsExtension.NAME, cons); exts.setExtension(BasicConstraintsExtension.NAME, cons);
exts.set(PolicyConstraintsExtension.NAME, pce); exts.setExtension(PolicyConstraintsExtension.NAME, pce);
cert.set(X509CertInfo.EXTENSIONS, exts); cert.setExtensions(exts);
// Generate and sign X509CertImpl // Generate and sign X509CertImpl
X509CertImpl crt = new X509CertImpl(cert); X509CertImpl crt = new X509CertImpl(cert);