archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 14:24:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8296143: CertAttrSet's set/get mechanism is not type-safe

Browse source 
Reviewed-by: mullan
This commit is contained in:
Weijun Wang 2022-11-08 22:35:29 +00:00
parent d04d6566b0
commit 671f84bd86
66 changed files with 643 additions and 2902 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/java.base/share/classes/java/security/cert/CertificateRevokedException.java
View file

@ -155,7 +155,7 @@ public class CertificateRevokedException extends CertificateException {
return null;
} else {
try {
Date invalidity = InvalidityDateExtension.toImpl(ext).get("DATE");
Date invalidity = InvalidityDateExtension.toImpl(ext).getDate();
return new Date(invalidity.getTime());
} catch (IOException ioe) {
return null;

6
src/java.base/share/classes/java/security/cert/X509CRLSelector.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -323,7 +323,7 @@ public class X509CRLSelector implements CRLSelector {
else
namesCopy.add(nameObject);
}
return(namesCopy);
return namesCopy;
}
/**
@ -630,7 +630,7 @@ public class X509CRLSelector implements CRLSelector {
byte[] encoded = in.getOctetString();
CRLNumberExtension crlNumExt =
new CRLNumberExtension(Boolean.FALSE, encoded);
crlNum = crlNumExt.get(CRLNumberExtension.NUMBER);
crlNum = crlNumExt.getCrlNumber();
} catch (IOException ex) {
if (debug != null) {
debug.println("X509CRLSelector.match: exception in "

42
src/java.base/share/classes/java/security/cert/X509CertSelector.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -1288,7 +1288,7 @@ public class X509CertSelector implements CertSelector {
*/
@Deprecated(since="16")
public String getIssuerAsString() {
return (issuer == null ? null : issuer.getName());
return issuer == null ? null : issuer.getName();
}
/**
@ -1310,7 +1310,7 @@ public class X509CertSelector implements CertSelector {
* @throws IOException if an encoding error occurs
*/
public byte[] getIssuerAsBytes() throws IOException {
return (issuer == null ? null: issuer.getEncoded());
return issuer == null ? null : issuer.getEncoded();
}
/**
@ -1347,7 +1347,7 @@ public class X509CertSelector implements CertSelector {
*/
@Deprecated(since="16")
public String getSubjectAsString() {
return (subject == null ? null : subject.getName());
return subject == null ? null : subject.getName();
}
/**
@ -1369,7 +1369,7 @@ public class X509CertSelector implements CertSelector {
* @throws IOException if an encoding error occurs
*/
public byte[] getSubjectAsBytes() throws IOException {
return (subject == null ? null : subject.getEncoded());
return subject == null ? null : subject.getEncoded();
}
/**
@ -1868,7 +1868,7 @@ public class X509CertSelector implements CertSelector {
s += "]\n";
return (s);
return s;
}
/**
@ -2120,12 +2120,8 @@ public class X509CertSelector implements CertSelector {
} catch (CertificateExpiredException e1) {
if (debug != null) {
String time = "n/a";
try {
Date notAfter = ext.get(PrivateKeyUsageExtension.NOT_AFTER);
Date notAfter = ext.getNotAfter();
time = notAfter.toString();
} catch (CertificateException ex) {
// not able to retrieve notAfter value
}
debug.println("X509CertSelector.match: private key usage not "
+ "within validity date; ext.NOT_After: "
+ time + "; X509CertSelector: "
@ -2136,12 +2132,8 @@ public class X509CertSelector implements CertSelector {
} catch (CertificateNotYetValidException e2) {
if (debug != null) {
String time = "n/a";
try {
Date notBefore = ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
Date notBefore = ext.getNotBefore();
time = notBefore.toString();
} catch (CertificateException ex) {
// not able to retrieve notBefore value
}
debug.println("X509CertSelector.match: private key usage not "
+ "within validity date; ext.NOT_BEFORE: "
+ time + "; X509CertSelector: "
@ -2227,8 +2219,7 @@ public class X509CertSelector implements CertSelector {
(ExtendedKeyUsageExtension)getExtensionObject(xcert,
KnownOIDs.extendedKeyUsage);
if (ext != null) {
Vector<ObjectIdentifier> certKeyPurposeVector =
ext.get(ExtendedKeyUsageExtension.USAGES);
Vector<ObjectIdentifier> certKeyPurposeVector = ext.getUsages();
if (!certKeyPurposeVector.contains(ANY_EXTENDED_KEY_USAGE)
&& !certKeyPurposeVector.containsAll(keyPurposeOIDSet)) {
if (debug != null) {
@ -2264,8 +2255,7 @@ public class X509CertSelector implements CertSelector {
}
return false;
}
GeneralNames certNames =
sanExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
GeneralNames certNames = sanExt.getNames();
Iterator<GeneralNameInterface> i =
subjectAlternativeGeneralNames.iterator();
while (i.hasNext()) {
@ -2333,7 +2323,7 @@ public class X509CertSelector implements CertSelector {
}
return false;
}
List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
List<PolicyInformation> policies = ext.getCertPolicies();
/*
* Convert the Vector of PolicyInformation to a Vector
* of CertificatePolicyIds for easier comparison.
@ -2401,17 +2391,15 @@ public class X509CertSelector implements CertSelector {
}
}
GeneralSubtrees permitted =
ext.get(NameConstraintsExtension.PERMITTED_SUBTREES);
GeneralSubtrees excluded =
ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
GeneralSubtrees permitted = ext.getPermittedSubtrees();
GeneralSubtrees excluded = ext.getExcludedSubtrees();
if (excluded != null) {
if (matchExcluded(excluded) == false) {
if (!matchExcluded(excluded)) {
return false;
}
}
if (permitted != null) {
if (matchPermitted(permitted) == false) {
if (!matchPermitted(permitted)) {
return false;
}
}

4
src/java.base/share/classes/sun/security/pkcs/PKCS7.java
View file

@ -684,9 +684,7 @@ public class PKCS7 {
try {
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
tbsCert.get(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME);
certIssuerName = tbsCert.getIssuer();
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.

6
src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java
View file

@ -617,11 +617,7 @@ public class PKCS9Attribute implements DerEncoder {
{
DerOutputStream temp2 = new DerOutputStream();
CertificateExtensions exts = (CertificateExtensions)value;
try {
exts.encode(temp2, true);
} catch (CertificateException ex) {
throw new IOException(ex.toString());
}
temp.write(DerValue.tag_Set, temp2.toByteArray());
}
break;
@ -687,7 +683,7 @@ public class PKCS9Attribute implements DerEncoder {
public String getName() {
String n = oid.toString();
KnownOIDs os = KnownOIDs.findMatch(n);
return (os == null? n : os.stdName());
return os == null ? n : os.stdName();
}
/**

3
src/java.base/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java
View file

@ -131,8 +131,7 @@ class AdaptableX509CertSelector extends X509CertSelector {
if (ext != null) {
ski = ext.getEncodedKeyIdentifier();
SerialNumber asn = (SerialNumber)ext.get(
AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
SerialNumber asn = ext.getSerialNumber();
if (asn != null) {
serial = asn.getNumber();
}

2
src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
View file

@ -190,7 +190,7 @@ public final class AlgorithmChecker extends PKIXCertPathChecker {
AlgorithmId algorithmId;
try {
x509Cert = X509CertImpl.toImpl((X509Certificate)cert);
algorithmId = (AlgorithmId)x509Cert.get(X509CertImpl.SIG_ALG);
algorithmId = x509Cert.getSigAlg();
} catch (CertificateException ce) {
throw new CertPathValidatorException(ce);
}

15
src/java.base/share/classes/sun/security/provider/certpath/Builder.java
View file

@ -204,7 +204,7 @@ abstract class Builder {
/* base is ancestor of test */
case GeneralNameInterface.NAME_NARROWS:
/* base is descendant of test */
return (test.subtreeDepth()-base.subtreeDepth());
return test.subtreeDepth() - base.subtreeDepth();
default: // should never occur
return incomparable;
}
@ -230,7 +230,7 @@ abstract class Builder {
int commonDistance = commonName.subtreeDepth();
int baseDistance = baseName.subtreeDepth();
int testDistance = testName.subtreeDepth();
return (baseDistance + testDistance - (2 * commonDistance));
return baseDistance + testDistance - (2 * commonDistance);
}
}
@ -300,8 +300,7 @@ abstract class Builder {
SubjectAlternativeNameExtension altNameExt =
certImpl.getSubjectAlternativeNameExtension();
if (altNameExt != null) {
GeneralNames altNames = altNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
GeneralNames altNames = altNameExt.getNames();
/* see if any alternative name matches target */
if (altNames != null) {
for (int j = 0, n = altNames.size(); j < n; j++) {
@ -337,10 +336,8 @@ abstract class Builder {
+ constraints);
}
/* reduce permitted by excluded */
GeneralSubtrees permitted =
constraints.get(NameConstraintsExtension.PERMITTED_SUBTREES);
GeneralSubtrees excluded =
constraints.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
GeneralSubtrees permitted = constraints.getPermittedSubtrees();
GeneralSubtrees excluded = constraints.getExcludedSubtrees();
if (permitted != null) {
permitted.reduce(excluded);
}
@ -362,7 +359,7 @@ abstract class Builder {
GeneralNameInterface perName = permitted.get(i).getName().getName();
int distance = distance(perName, target, -1);
if (distance >= 0) {
return (distance + 1);
return distance + 1;
}
}
/* no matching type in permitted; cert holder could certify target */

32
src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java
View file

@ -102,7 +102,7 @@ public class DistributionPointFetcher {
return Collections.emptySet();
}
List<DistributionPoint> points =
ext.get(CRLDistributionPointsExtension.POINTS);
ext.getDistributionPoints();
Set<X509CRL> results = new HashSet<>();
for (Iterator<DistributionPoint> t = points.iterator();
t.hasNext() && !Arrays.equals(reasonsMask, ALL_REASONS); ) {
@ -116,7 +116,7 @@ public class DistributionPointFetcher {
debug.println("Returning " + results.size() + " CRLs");
}
return results;
} catch (CertificateException | IOException e) {
} catch (CertificateException e) {
return Collections.emptySet();
}
}
@ -333,9 +333,7 @@ public class DistributionPointFetcher {
GeneralNames pointCrlIssuers = point.getCRLIssuer();
X500Name pointCrlIssuer = null;
if (pointCrlIssuers != null) {
if (idpExt == null ||
idpExt.get(IssuingDistributionPointExtension.INDIRECT_CRL)
== Boolean.FALSE) {
if (idpExt == null || !idpExt.isIndirectCRL()) {
return false;
}
boolean match = false;
@ -398,8 +396,7 @@ public class DistributionPointFetcher {
}
if (idpExt != null) {
DistributionPointName idpPoint = (DistributionPointName)
idpExt.get(IssuingDistributionPointExtension.POINT);
DistributionPointName idpPoint = idpExt.getDistributionPoint();
if (idpPoint != null) {
GeneralNames idpNames = idpPoint.getFullName();
if (idpNames == null) {
@ -495,9 +492,8 @@ public class DistributionPointFetcher {
// if the onlyContainsUserCerts boolean is asserted, verify that the
// cert is not a CA cert
Boolean b = (Boolean)
idpExt.get(IssuingDistributionPointExtension.ONLY_USER_CERTS);
if (b.equals(Boolean.TRUE) && certImpl.getBasicConstraints() != -1) {
boolean b = idpExt.hasOnlyUserCerts();
if (b && certImpl.getBasicConstraints() != -1) {
if (debug != null) {
debug.println("cert must be a EE cert");
}
@ -506,9 +502,8 @@ public class DistributionPointFetcher {
// if the onlyContainsCACerts boolean is asserted, verify that the
// cert is a CA cert
b = (Boolean)
idpExt.get(IssuingDistributionPointExtension.ONLY_CA_CERTS);
if (b.equals(Boolean.TRUE) && certImpl.getBasicConstraints() == -1) {
b = idpExt.hasOnlyCACerts();
if (b && certImpl.getBasicConstraints() == -1) {
if (debug != null) {
debug.println("cert must be a CA cert");
}
@ -517,9 +512,8 @@ public class DistributionPointFetcher {
// verify that the onlyContainsAttributeCerts boolean is not
// asserted
b = (Boolean) idpExt.get
(IssuingDistributionPointExtension.ONLY_ATTRIBUTE_CERTS);
if (b.equals(Boolean.TRUE)) {
b = idpExt.hasOnlyAttributeCerts();
if (b) {
if (debug != null) {
debug.println("cert must not be an AA cert");
}
@ -531,8 +525,7 @@ public class DistributionPointFetcher {
boolean[] interimReasonsMask = new boolean[9];
ReasonFlags reasons = null;
if (idpExt != null) {
reasons = (ReasonFlags)
idpExt.get(IssuingDistributionPointExtension.REASONS);
reasons = idpExt.getRevocationReasons();
}
boolean[] pointReasonFlags = point.getReasonFlags();
@ -603,8 +596,7 @@ public class DistributionPointFetcher {
certSel.setSubjectKeyIdentifier(kid);
}
SerialNumber asn = (SerialNumber)akidext.get(
AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
SerialNumber asn = akidext.getSerialNumber();
if (asn != null) {
certSel.setSerialNumber(asn.getNumber());
}

12
src/java.base/share/classes/sun/security/provider/certpath/ForwardState.java
View file

@ -191,24 +191,14 @@ class ForwardState implements State {
X500Principal subjName = cert.getSubjectX500Principal();
subjectNamesTraversed.add(X500Name.asX500Name(subjName));
try {
SubjectAlternativeNameExtension subjAltNameExt
= icert.getSubjectAlternativeNameExtension();
if (subjAltNameExt != null) {
GeneralNames gNames = subjAltNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
GeneralNames gNames = subjAltNameExt.getNames();
for (GeneralName gName : gNames.names()) {
subjectNamesTraversed.add(gName.getName());
}
}
} catch (IOException e) {
if (debug != null) {
debug.println("ForwardState.updateState() unexpected "
+ "exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
}
}
init = false;

84
src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java
View file

@ -25,7 +25,6 @@
package sun.security.provider.certpath;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertPathValidatorException;
@ -265,19 +264,16 @@ class PolicyChecker extends PKIXCertPathChecker {
* occurs
*/
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
boolean finalCert) throws CertPathValidatorException
{
boolean finalCert) throws CertPathValidatorException {
if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
explicitPolicy--;
}
try {
PolicyConstraintsExtension polConstExt
= currCert.getPolicyConstraintsExtension();
if (polConstExt == null)
return explicitPolicy;
int require =
polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
int require = polConstExt.getRequire();
if (debug != null) {
debug.println("PolicyChecker.mergeExplicitPolicy() "
+ "require Index from cert = " + require);
@ -292,15 +288,6 @@ class PolicyChecker extends PKIXCertPathChecker {
if (require == 0)
explicitPolicy = require;
}
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.mergeExplicitPolicy "
+ "unexpected exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
}
return explicitPolicy;
}
@ -318,20 +305,17 @@ class PolicyChecker extends PKIXCertPathChecker {
* occurs
*/
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
throws CertPathValidatorException
{
throws CertPathValidatorException {
if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
policyMapping--;
}
try {
PolicyConstraintsExtension polConstExt
= currCert.getPolicyConstraintsExtension();
if (polConstExt == null)
return policyMapping;
int inhibit =
polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
int inhibit = polConstExt.getInhibit();
if (debug != null)
debug.println("PolicyChecker.mergePolicyMapping() "
+ "inhibit Index from cert = " + inhibit);
@ -341,14 +325,6 @@ class PolicyChecker extends PKIXCertPathChecker {
policyMapping = inhibit;
}
}
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.mergePolicyMapping "
+ "unexpected exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
}
return policyMapping;
}
@ -366,20 +342,17 @@ class PolicyChecker extends PKIXCertPathChecker {
* occurs
*/
static int mergeInhibitAnyPolicy(int inhibitAnyPolicy,
X509CertImpl currCert) throws CertPathValidatorException
{
X509CertImpl currCert) throws CertPathValidatorException {
if ((inhibitAnyPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
inhibitAnyPolicy--;
}
try {
InhibitAnyPolicyExtension inhAnyPolExt = (InhibitAnyPolicyExtension)
currCert.getExtension(InhibitAnyPolicy_Id);
if (inhAnyPolExt == null)
return inhibitAnyPolicy;
int skipCerts =
inhAnyPolExt.get(InhibitAnyPolicyExtension.SKIP_CERTS).intValue();
int skipCerts = inhAnyPolExt.getSkipCerts();
if (debug != null)
debug.println("PolicyChecker.mergeInhibitAnyPolicy() "
+ "skipCerts Index from cert = " + skipCerts);
@ -389,15 +362,6 @@ class PolicyChecker extends PKIXCertPathChecker {
inhibitAnyPolicy = skipCerts;
}
}
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.mergeInhibitAnyPolicy "
+ "unexpected exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
}
return inhibitAnyPolicy;
}
@ -449,12 +413,7 @@ class PolicyChecker extends PKIXCertPathChecker {
debug.println("PolicyChecker.processPolicies() "
+ "policiesCritical = " + policiesCritical);
try {
policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
} catch (IOException ioe) {
throw new CertPathValidatorException("Exception while "
+ "retrieving policyOIDs", ioe);
}
policyInfo = currCertPolicies.getCertPolicies();
if (debug != null)
debug.println("PolicyChecker.processPolicies() "
@ -618,7 +577,7 @@ class PolicyChecker extends PKIXCertPathChecker {
anyNode.getPolicyQualifiers();
for (String policy : initial) {
Set<String> expectedPolicies = Collections.singleton(policy);
PolicyNodeImpl node = new PolicyNodeImpl(parentNode, policy,
new PolicyNodeImpl(parentNode, policy,
anyQualifiers, anyCritical, expectedPolicies, false);
}
}
@ -672,7 +631,6 @@ class PolicyChecker extends PKIXCertPathChecker {
foundMatch = true;
PolicyNodeImpl curNode = null;
Set<String> curExpPols;
if (curPolicy.equals(ANY_POLICY)) {
@ -698,7 +656,7 @@ class PolicyChecker extends PKIXCertPathChecker {
Set<String> expPols = new HashSet<>();
expPols.add(curParExpPol);
curNode = new PolicyNodeImpl
new PolicyNodeImpl
(curParent, curParExpPol, pQuals,
policiesCritical, expPols, false);
}
@ -706,7 +664,7 @@ class PolicyChecker extends PKIXCertPathChecker {
curExpPols = new HashSet<>();
curExpPols.add(curPolicy);
curNode = new PolicyNodeImpl
new PolicyNodeImpl
(curParent, curPolicy, pQuals,
policiesCritical, curExpPols, false);
}
@ -747,17 +705,7 @@ class PolicyChecker extends PKIXCertPathChecker {
+ "inside policyMapping check");
List<CertificatePolicyMap> maps;
try {
maps = polMappingsExt.get(PolicyMappingsExtension.MAP);
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() "
+ "mapping exception");
e.printStackTrace();
}
throw new CertPathValidatorException("Exception while checking "
+ "mapping", e);
}
maps = polMappingsExt.getMaps();
boolean childDeleted = false;
for (CertificatePolicyMap polMap : maps) {
@ -816,7 +764,7 @@ class PolicyChecker extends PKIXCertPathChecker {
Set<String> expPols = new HashSet<>();
expPols.add(subjectDomain);
PolicyNodeImpl curNode = new PolicyNodeImpl
new PolicyNodeImpl
(curAnyNodeParent, issuerDomain, anyQuals,
policiesCritical, expPols, true);
}
@ -853,13 +801,7 @@ class PolicyChecker extends PKIXCertPathChecker {
CertificatePoliciesExtension currCertPolicies)
throws CertPathValidatorException
{
List<PolicyInformation> policyInfo;
try {
policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
} catch (IOException ioe) {
throw new CertPathValidatorException("Exception while "
+ "retrieving policyOIDs", ioe);
}
List<PolicyInformation> policyInfo = currCertPolicies.getCertPolicies();
boolean childDeleted = false;
for (PolicyInformation curPolInfo : policyInfo) {

16
src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java
View file

@ -839,6 +839,9 @@ class RevocationChecker extends PKIXRevocationChecker {
return false;
}
private static final boolean[] ALL_REASONS =
{true, true, true, true, true, true, true, true, true};
/**
* Internal method that verifies a set of possible_crls,
* and sees if each is approved, based on the cert.
@ -848,11 +851,9 @@ class RevocationChecker extends PKIXRevocationChecker {
* @param signFlag <code>true</code> if prevKey was trusted to sign CRLs
* @param prevKey the public key of the issuer of cert
* @param reasonsMask the reason code mask
* @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s>
* @param anchors a <code>Set</code> of <code>TrustAnchor</code>s>
* @return a collection of approved crls (or an empty collection)
*/
private static final boolean[] ALL_REASONS =
{true, true, true, true, true, true, true, true, true};
private Collection<X509CRL> verifyPossibleCRLs(Set<X509CRL> crls,
X509Certificate cert,
PublicKey prevKey,
@ -879,7 +880,7 @@ class RevocationChecker extends PKIXRevocationChecker {
null, null);
points = Collections.singletonList(point);
} else {
points = ext.get(CRLDistributionPointsExtension.POINTS);
points = ext.getDistributionPoints();
}
Set<X509CRL> results = new HashSet<>();
for (DistributionPoint point : points) {
@ -965,6 +966,9 @@ class RevocationChecker extends PKIXRevocationChecker {
}
}
private static final boolean [] CRL_SIGN_USAGE =
{ false, false, false, false, false, false, true };
/**
* Tries to find a CertPath that establishes a key that can be
* used to verify the revocation status of a given certificate.
@ -979,8 +983,6 @@ class RevocationChecker extends PKIXRevocationChecker {
* establishment of this path.
* @throws CertPathValidatorException on failure
*/
private static final boolean [] CRL_SIGN_USAGE =
{ false, false, false, false, false, false, true };
private void buildToNewKey(X509Certificate currCert,
PublicKey prevKey,
Set<X509Certificate> stackedCerts)
@ -1179,7 +1181,7 @@ class RevocationChecker extends PKIXRevocationChecker {
@Override
public boolean match(Certificate cert) {
if (!super.match(cert))
return(false);
return false;
if (badKeySet.contains(cert.getPublicKey())) {
if (debug != null)

14
src/java.base/share/classes/sun/security/provider/certpath/Vertex.java
View file

@ -25,7 +25,6 @@
package sun.security.provider.certpath;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@ -169,27 +168,18 @@ final class Vertex {
}
sb.append("\n");
}
try {
SubjectKeyIdentifierExtension sKeyID =
x509Cert.getSubjectKeyIdentifierExtension();
if (sKeyID != null) {
KeyIdentifier keyID = sKeyID.get(
SubjectKeyIdentifierExtension.KEY_ID);
KeyIdentifier keyID = sKeyID.getKeyIdentifier();
sb.append("SubjKeyID: ").append(keyID.toString());
}
AuthorityKeyIdentifierExtension aKeyID =
x509Cert.getAuthorityKeyIdentifierExtension();
if (aKeyID != null) {
KeyIdentifier keyID = (KeyIdentifier)aKeyID.get(
AuthorityKeyIdentifierExtension.KEY_ID);
KeyIdentifier keyID = aKeyID.getKeyIdentifier();
sb.append("AuthKeyID: ").append(keyID.toString());
}
} catch (IOException e) {
if (debug != null) {
debug.println("Vertex.certToString() unexpected exception");
e.printStackTrace();
}
}
return sb.toString();
}

9
src/java.base/share/classes/sun/security/ssl/SSLLogger.java
View file

@ -230,7 +230,7 @@ public final class SSLLogger {
@Override
public boolean isLoggable(Level level) {
return (level != Level.OFF);
return level != Level.OFF;
}
@Override
@ -480,11 +480,8 @@ public final class SSLLogger {
try {
X509CertImpl x509 =
X509CertImpl.toImpl((X509Certificate)certificate);
X509CertInfo certInfo =
(X509CertInfo)x509.get(X509CertImpl.NAME + "." +
X509CertImpl.INFO);
CertificateExtensions certExts = (CertificateExtensions)
certInfo.get(X509CertInfo.EXTENSIONS);
X509CertInfo certInfo = x509.getInfo();
CertificateExtensions certExts = certInfo.getExtensions();
if (certExts == null) {
Object[] certFields = {
x509.getVersion(),

18
src/java.base/share/classes/sun/security/tools/keytool/CertAndKeyGen.java
View file

@ -319,23 +319,21 @@ public final class CertAndKeyGen {
X509CertInfo info = new X509CertInfo();
// Add all mandatory attributes
info.set(X509CertInfo.VERSION,
new CertificateVersion(CertificateVersion.V3));
info.setVersion(new CertificateVersion(CertificateVersion.V3));
if (prng == null) {
prng = new SecureRandom();
}
info.set(X509CertInfo.SERIAL_NUMBER,
CertificateSerialNumber.newRandom64bit(prng));
info.set(X509CertInfo.SUBJECT, myname);
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
info.set(X509CertInfo.VALIDITY, interval);
info.setSerialNumber(CertificateSerialNumber.newRandom64bit(prng));
info.setSubject(myname);
info.setKey(new CertificateX509Key(publicKey));
info.setValidity(interval);
if (signerFlag) {
// use signer's subject name to set the issuer name
info.set(X509CertInfo.ISSUER, signerSubjectName);
info.setIssuer(signerSubjectName);
} else {
info.set(X509CertInfo.ISSUER, myname);
info.setIssuer(myname);
}
if (ext != null) info.set(X509CertInfo.EXTENSIONS, ext);
if (ext != null) info.setExtensions(ext);
cert = new X509CertImpl(info);
if (signerFlag) {

84
src/java.base/share/classes/sun/security/tools/keytool/Main.java
View file

@ -1451,10 +1451,8 @@ public final class Main {
Certificate signerCert = keyStore.getCertificate(alias);
byte[] encoded = signerCert.getEncoded();
X509CertImpl signerCertImpl = new X509CertImpl(encoded);
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
X509CertInfo.DN_NAME);
X509CertInfo signerCertInfo = signerCertImpl.getInfo();
X500Name issuer = signerCertInfo.getSubject();
Date firstDate = getStartDate(startDate);
Date lastDate = getLastDate(firstDate, validity);
@ -1467,12 +1465,10 @@ public final class Main {
sigAlgName = getCompatibleSigAlgName(privateKey);
}
X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER,
CertificateSerialNumber.newRandom64bit(new SecureRandom()));
info.set(X509CertInfo.VERSION,
new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.ISSUER, issuer);
info.setValidity(interval);
info.setSerialNumber(CertificateSerialNumber.newRandom64bit(new SecureRandom()));
info.setVersion(new CertificateVersion(CertificateVersion.V3));
info.setIssuer(issuer);
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
boolean canRead = false;
@ -1498,9 +1494,8 @@ public final class Main {
req.getSubjectPublicKeyInfo(), null, null, null);
checkWeakConstraint(rb.getString("the.certificate.request"), req, cpcp);
info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
info.set(X509CertInfo.SUBJECT,
dname==null?req.getSubjectName():new X500Name(dname));
info.setKey(new CertificateX509Key(req.getSubjectPublicKeyInfo()));
info.setSubject(dname==null ? req.getSubjectName() : new X500Name(dname));
CertificateExtensions reqex = null;
for (PKCS10Attribute attr : req.getAttributes().getAttributes()) {
if (attr.getAttributeId().equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) {
@ -1540,7 +1535,7 @@ public final class Main {
v3ext,
subjectPubKey,
signerSubjectKeyId);
info.set(X509CertInfo.EXTENSIONS, ext);
info.setExtensions(ext);
X509CertImpl cert = new X509CertImpl(info);
cert.sign(privateKey, sigAlgName);
dumpCert(cert, out);
@ -1567,10 +1562,8 @@ public final class Main {
Certificate signerCert = keyStore.getCertificate(alias);
byte[] encoded = signerCert.getEncoded();
X509CertImpl signerCertImpl = new X509CertImpl(encoded);
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
X509CertInfo.DN_NAME);
X509CertInfo signerCertInfo = signerCertImpl.getInfo();
X500Name owner = signerCertInfo.getSubject();
Date firstDate = getStartDate(startDate);
Date lastDate = getLastDate(firstDate, validity);
@ -1589,7 +1582,7 @@ public final class Main {
int d = id.indexOf(':');
if (d >= 0) {
CRLExtensions ext = new CRLExtensions();
ext.set("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1))));
ext.setExtension("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1))));
badCerts[i] = new X509CRLEntryImpl(new BigInteger(id.substring(0, d)),
firstDate, ext);
} else {
@ -1970,10 +1963,8 @@ public final class Main {
signerCertImpl = new X509CertImpl(signerCert.getEncoded());
}
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name signerSubjectName = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
X509CertInfo.DN_NAME);
X509CertInfo signerCertInfo = signerCertImpl.getInfo();
X500Name signerSubjectName = signerCertInfo.getSubject();
keypair = new CertAndKeyGen(keyAlgName, sigAlgName, providerName,
signerPrivateKey, signerSubjectName);
@ -2066,7 +2057,7 @@ public final class Main {
* Clones an entry
* @param orig original alias
* @param dest destination alias
* @changePassword if the password can be changed
* @param changePassword if the password can be changed
*/
private void doCloneEntry(String orig, String dest, boolean changePassword)
throws Exception
@ -2666,8 +2657,7 @@ public final class Main {
CRLDistributionPointsExtension ext =
X509CertImpl.toImpl(cert).getCRLDistributionPointsExtension();
if (ext == null) return crls;
List<DistributionPoint> distPoints =
ext.get(CRLDistributionPointsExtension.POINTS);
List<DistributionPoint> distPoints = ext.getDistributionPoints();
for (DistributionPoint o: distPoints) {
GeneralNames names = o.getFullName();
if (names != null) {
@ -3202,47 +3192,41 @@ public final class Main {
// (no public APIs available yet)
byte[] encoded = oldCert.getEncoded();
X509CertImpl certImpl = new X509CertImpl(encoded);
X509CertInfo certInfo = (X509CertInfo)certImpl.get(X509CertImpl.NAME
+ "." +
X509CertImpl.INFO);
X509CertInfo certInfo = certImpl.getInfo();
// Extend its validity
Date firstDate = getStartDate(startDate);
Date lastDate = getLastDate(firstDate, validity);
CertificateValidity interval = new CertificateValidity(firstDate,
lastDate);
certInfo.set(X509CertInfo.VALIDITY, interval);
certInfo.setValidity(interval);
// Make new serial number
certInfo.set(X509CertInfo.SERIAL_NUMBER,
certInfo.setSerialNumber(
CertificateSerialNumber.newRandom64bit(new SecureRandom()));
// Set owner and issuer fields
X500Name owner;
if (dname == null) {
// Get the owner name from the certificate
owner = (X500Name)certInfo.get(X509CertInfo.SUBJECT + "." +
X509CertInfo.DN_NAME);
owner = certInfo.getSubject();
} else {
// Use the owner name specified at the command line
owner = new X500Name(dname);
certInfo.set(X509CertInfo.SUBJECT + "." +
X509CertInfo.DN_NAME, owner);
certInfo.setSubject(owner);
}
// Make issuer same as owner (self-signed!)
certInfo.set(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME, owner);
certInfo.setIssuer(owner);
certInfo.set(X509CertInfo.VERSION,
new CertificateVersion(CertificateVersion.V3));
certInfo.setVersion(new CertificateVersion(CertificateVersion.V3));
CertificateExtensions ext = createV3Extensions(
null,
(CertificateExtensions)certInfo.get(X509CertInfo.EXTENSIONS),
certInfo.getExtensions(),
v3ext,
oldCert.getPublicKey(),
null);
certInfo.set(X509CertInfo.EXTENSIONS, ext);
certInfo.setExtensions(ext);
// Sign the new certificate
X509CertImpl newCert = new X509CertImpl(certInfo);
newCert.sign(privKey, sigAlgName);
@ -3505,7 +3489,7 @@ public final class Main {
/**
* Prompts user for an input string from the command line (System.in)
* @prompt the prompt string printed
* @param prompt the prompt string printed
* @return the string entered by the user, without the \n at the end
*/
private String inputStringFromStdin(String prompt) throws Exception {
@ -3634,11 +3618,8 @@ public final class Main {
out.println(form.format(source));
if (cert instanceof X509CertImpl impl) {
X509CertInfo certInfo = (X509CertInfo)impl.get(X509CertImpl.NAME
+ "." +
X509CertImpl.INFO);
CertificateExtensions exts = (CertificateExtensions)
certInfo.get(X509CertInfo.EXTENSIONS);
X509CertInfo certInfo = impl.getInfo();
CertificateExtensions exts = certInfo.getExtensions();
if (exts != null) {
printExtensions(rb.getString("Extensions."), exts, out);
}
@ -4506,9 +4487,8 @@ public final class Main {
}
// Add an extension into a CertificateExtensions, always using OID as key
private static void setExt(CertificateExtensions result, Extension ex)
throws IOException {
result.set(ex.getId(), ex);
private static void setExt(CertificateExtensions result, Extension ex) {
result.setExtension(ex.getId(), ex);
}
/**
@ -4568,7 +4548,7 @@ public final class Main {
// translate to all-OID first.
CertificateExtensions request2 = new CertificateExtensions();
for (sun.security.x509.Extension ex: requestedEx.getAllExtensions()) {
request2.set(ex.getId(), ex);
request2.setExtension(ex.getId(), ex);
}
for(String extstr: extstrs) {
if (extstr.toLowerCase(Locale.ENGLISH).startsWith("honored=")) {
@ -4609,7 +4589,7 @@ public final class Main {
}
String n = findOidForExtName(type).toString();
if (add) {
Extension e = request2.get(n);
Extension e = request2.getExtension(n);
if (!e.isCritical() && action == 0
|| e.isCritical() && action == 1) {
e = Extension.newExtension(

3
src/java.base/share/classes/sun/security/validator/SimpleValidator.java
View file

@ -308,8 +308,7 @@ public final class SimpleValidator extends Validator {
.toByteArray();
ext = new NetscapeCertTypeExtension(encoded);
}
Boolean val = ext.get(type);
return val.booleanValue();
return ext.get(type);
} catch (IOException e) {
return false;
}

49
src/java.base/share/classes/sun/security/x509/AttributeNameEnumeration.java
View file

@ -1,49 +0,0 @@
/*
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.x509;
import java.util.Vector;
/**
* <p>This class provides the Enumeration implementation used
* by all the X509 certificate attributes to return the attribute
* names contained within them.
*
* @author Amit Kapoor
* @author Hemma Prafullchandra
*/
public class AttributeNameEnumeration extends Vector<String> {
@java.io.Serial
private static final long serialVersionUID = -6067440240757099134L;
/**
* The default constructor for this class.
*/
public AttributeNameEnumeration() {
super(4,2);
}
}

48
src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java
View file

@ -63,20 +63,9 @@ import sun.security.util.DerValue;
*/
public class AuthorityInfoAccessExtension extends Extension
implements CertAttrSet<String> {
implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.AuthorityInfoAccess";
/**
* Attribute name.
*/
public static final String NAME = "AuthorityInfoAccess";
public static final String DESCRIPTIONS = "descriptions";
/**
* The List of AccessDescription objects.
@ -136,7 +125,7 @@ public class AuthorityInfoAccessExtension extends Extension
}
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
@ -159,39 +148,6 @@ public class AuthorityInfoAccessExtension extends Extension
super.encode(out);
}
/**
* Set the attribute value.
*/
@SuppressWarnings("unchecked") // Checked with an instanceof check
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(DESCRIPTIONS)) {
if (!(obj instanceof List)) {
throw new IOException("Attribute value should be of type List.");
}
accessDescriptions = (List<AccessDescription>)obj;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:AuthorityInfoAccessExtension.");
}
encodeThis();
}
/**
* Get the attribute value.
*/
public List<AccessDescription> get(String name) throws IOException {
if (name.equalsIgnoreCase(DESCRIPTIONS)) {
return accessDescriptions;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:AuthorityInfoAccessExtension.");
}
}
// Encode this extension value
private void encodeThis() throws IOException {
if (accessDescriptions.isEmpty()) {

67
src/java.base/share/classes/sun/security/x509/AuthorityKeyIdentifierExtension.java
View file

@ -53,20 +53,9 @@ import sun.security.util.*;
* @see CertAttrSet
*/
public class AuthorityKeyIdentifierExtension extends Extension
implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.AuthorityKeyIdentifier";
/**
* Attribute names.
*/
implements CertAttrSet {
public static final String NAME = "AuthorityKeyIdentifier";
public static final String KEY_ID = "key_id";
public static final String AUTH_NAME = "auth_name";
public static final String SERIAL_NUMBER = "serial_number";
// Private data members
private static final byte TAG_ID = 0;
@ -226,59 +215,25 @@ implements CertAttrSet<String> {
super.encode(out);
}
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(KEY_ID)) {
if (!(obj instanceof KeyIdentifier)) {
throw new IOException("Attribute value should be of " +
"type KeyIdentifier.");
}
id = (KeyIdentifier)obj;
} else if (name.equalsIgnoreCase(AUTH_NAME)) {
if (!(obj instanceof GeneralNames)) {
throw new IOException("Attribute value should be of " +
"type GeneralNames.");
}
names = (GeneralNames)obj;
} else if (name.equalsIgnoreCase(SERIAL_NUMBER)) {
if (!(obj instanceof SerialNumber)) {
throw new IOException("Attribute value should be of " +
"type SerialNumber.");
}
serialNum = (SerialNumber)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:AuthorityKeyIdentifier.");
}
encodeThis();
public KeyIdentifier getKeyIdentifier() {
return id;
}
/**
* Get the attribute value.
*/
public Object get(String name) throws IOException {
if (name.equalsIgnoreCase(KEY_ID)) {
return (id);
} else if (name.equalsIgnoreCase(AUTH_NAME)) {
return (names);
} else if (name.equalsIgnoreCase(SERIAL_NUMBER)) {
return (serialNum);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:AuthorityKeyIdentifier.");
}
public GeneralNames getAuthName() {
return names;
}
public SerialNumber getSerialNumber() {
return serialNum;
}
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
return (NAME);
return NAME;
}
/**

56
src/java.base/share/classes/sun/security/x509/BasicConstraintsExtension.java
View file

@ -49,18 +49,9 @@ import sun.security.util.*;
* @see Extension
*/
public class BasicConstraintsExtension extends Extension
implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.BasicConstraints";
/**
* Attribute names.
*/
implements CertAttrSet {
public static final String NAME = "BasicConstraints";
public static final String IS_CA = "is_ca";
public static final String PATH_LEN = "path_len";
// Private data members
private boolean ca = false;
@ -198,48 +189,19 @@ implements CertAttrSet<String> {
super.encode(out);
}
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(IS_CA)) {
if (!(obj instanceof Boolean)) {
throw new IOException("Attribute value should be of type Boolean.");
public boolean isCa() {
return ca;
}
ca = ((Boolean)obj).booleanValue();
} else if (name.equalsIgnoreCase(PATH_LEN)) {
if (!(obj instanceof Integer)) {
throw new IOException("Attribute value should be of type Integer.");
}
pathLen = ((Integer)obj).intValue();
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:BasicConstraints.");
}
encodeThis();
public int getPathLen() {
return pathLen;
}
/**
* Get the attribute value.
*/
public Object get(String name) throws IOException {
if (name.equalsIgnoreCase(IS_CA)) {
return (Boolean.valueOf(ca));
} else if (name.equalsIgnoreCase(PATH_LEN)) {
return (Integer.valueOf(pathLen));
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:BasicConstraints.");
}
}
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
return (NAME);
return NAME;
}
}

43
src/java.base/share/classes/sun/security/x509/CRLDistributionPointsExtension.java
View file

@ -79,20 +79,9 @@ import sun.security.util.ObjectIdentifier;
* @see CertAttrSet
*/
public class CRLDistributionPointsExtension extends Extension
implements CertAttrSet<String> {
implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.CRLDistributionPoints";
/**
* Attribute name.
*/
public static final String NAME = "CRLDistributionPoints";
public static final String POINTS = "points";
/**
* The List of DistributionPoint objects.
@ -185,7 +174,7 @@ public class CRLDistributionPointsExtension extends Extension
}
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
@ -219,34 +208,10 @@ public class CRLDistributionPointsExtension extends Extension
}
/**
* Set the attribute value.
* Get the DistributionPoint value.
*/
@SuppressWarnings("unchecked") // Checked with instanceof
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(POINTS)) {
if (!(obj instanceof List)) {
throw new IOException("Attribute value should be of type List.");
}
distributionPoints = (List<DistributionPoint>)obj;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:" + extensionName + '.');
}
encodeThis();
}
/**
* Get the attribute value.
*/
public List<DistributionPoint> get(String name) throws IOException {
if (name.equalsIgnoreCase(POINTS)) {
public List<DistributionPoint> getDistributionPoints() {
return distributionPoints;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:" + extensionName + '.');
}
}

25
src/java.base/share/classes/sun/security/x509/CRLExtensions.java
View file

@ -32,7 +32,6 @@ import java.lang.reflect.InvocationTargetException;
import java.security.cert.CRLException;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Map;
import java.util.TreeMap;
@ -169,15 +168,14 @@ public class CRLExtensions {
*
* @param alias the identifier string for the extension to retrieve.
*/
public Extension get(String alias) {
X509AttributeName attr = new X509AttributeName(alias);
public Extension getExtension(String alias) {
String name;
String id = attr.getPrefix();
if (id.equalsIgnoreCase(X509CertImpl.NAME)) { // fully qualified
if (alias.startsWith(X509CertImpl.NAME)) {
int index = alias.lastIndexOf('.');
name = alias.substring(index + 1);
} else
} else {
name = alias;
}
return map.get(name);
}
@ -185,11 +183,10 @@ public class CRLExtensions {
* Set the extension value with this alias.
*
* @param alias the identifier string for the extension to set.
* @param obj the Object to set the extension identified by the
* alias.
* @param ext the extension identified by the alias.
*/
public void set(String alias, Object obj) {
map.put(alias, (Extension)obj);
public void setExtension(String alias, Extension ext) {
map.put(alias, ext);
}
/**
@ -201,14 +198,6 @@ public class CRLExtensions {
map.remove(alias);
}
/**
* Return an enumeration of the extensions.
* @return an enumeration of the extensions in this CRL.
*/
public Enumeration<Extension> getElements() {
return Collections.enumeration(map.values());
}
/**
* Return a collection view of the extensions.
* @return a collection view of the extensions in this CRL.

35
src/java.base/share/classes/sun/security/x509/CRLNumberExtension.java
View file

@ -44,13 +44,9 @@ import sun.security.util.*;
* @see CertAttrSet
*/
public class CRLNumberExtension extends Extension
implements CertAttrSet<String> {
implements CertAttrSet {
/**
* Attribute name.
*/
public static final String NAME = "CRLNumber";
public static final String NUMBER = "value";
private static final String LABEL = "CRL Number";
@ -135,31 +131,10 @@ implements CertAttrSet<String> {
}
/**
* Set the attribute value.
* Get the crlNumber value.
*/
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(NUMBER)) {
if (!(obj instanceof BigInteger)) {
throw new IOException("Attribute must be of type BigInteger.");
}
crlNumber = (BigInteger)obj;
} else {
throw new IOException("Attribute name not recognized by" +
" CertAttrSet:" + extensionName + '.');
}
encodeThis();
}
/**
* Get the attribute value.
*/
public BigInteger get(String name) throws IOException {
if (name.equalsIgnoreCase(NUMBER)) {
public BigInteger getCrlNumber() {
return crlNumber;
} else {
throw new IOException("Attribute name not recognized by" +
" CertAttrSet:" + extensionName + '.');
}
}
@ -206,10 +181,10 @@ implements CertAttrSet<String> {
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
return (extensionName);
return extensionName;
}
}

41
src/java.base/share/classes/sun/security/x509/CRLReasonCodeExtension.java
View file

@ -39,13 +39,9 @@ import sun.security.util.*;
* @see CertAttrSet
*/
public class CRLReasonCodeExtension extends Extension
implements CertAttrSet<String> {
implements CertAttrSet {
/**
* Attribute name
*/
public static final String NAME = "CRLReasonCode";
public static final String REASON = "reason";
private static final CRLReason[] values = CRLReason.values();
@ -102,35 +98,6 @@ public class CRLReasonCodeExtension extends Extension
this.reasonCode = val.getEnumerated();
}
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof Integer)) {
throw new IOException("Attribute must be of type Integer.");
}
if (name.equalsIgnoreCase(REASON)) {
reasonCode = ((Integer)obj).intValue();
} else {
throw new IOException
("Name not supported by CRLReasonCodeExtension");
}
encodeThis();
}
/**
* Get the attribute value.
*/
public Integer get(String name) throws IOException {
if (name.equalsIgnoreCase(REASON)) {
return reasonCode;
} else {
throw new IOException
("Name not supported by CRLReasonCodeExtension");
}
}
/**
* Returns a printable representation of the Reason code.
*/
@ -156,7 +123,7 @@ public class CRLReasonCodeExtension extends Extension
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
@ -174,4 +141,8 @@ public class CRLReasonCodeExtension extends Extension
return CRLReason.UNSPECIFIED;
}
}
public int getReason() {
return reasonCode;
}
}

50
src/java.base/share/classes/sun/security/x509/CertAttrSet.java
View file

@ -28,57 +28,17 @@ package sun.security.x509;
import sun.security.util.DerOutputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
/**
* This interface defines the methods required of a certificate attribute.
* Examples of X.509 certificate attributes are Validity, Issuer_Name, and
* Subject Name. A CertAttrSet may comprise one attribute or many
* attributes.
* <p>
* A CertAttrSet itself can also be comprised of other sub-sets.
* In the case of X.509 V3 certificates, for example, the "extensions"
* attribute has subattributes, such as those for KeyUsage and
* AuthorityKeyIdentifier.
*
* @author Amit Kapoor
* @author Hemma Prafullchandra
* @see CertificateException
* This interface defines a certificate attribute that can be DER-encoded.
*/
public interface CertAttrSet<T> {
public interface CertAttrSet {
/**
* Encodes the attribute to the output stream in a format
* that can be parsed by the <code>decode</code> method.
* Encodes the attribute to the output stream.
*
* @param out the DerOutputStream to encode the attribute to.
*
* @exception CertificateException on encoding or validity errors.
* @exception IOException on other errors.
* @exception IOException on write errors.
*/
void encode(DerOutputStream out)
throws CertificateException, IOException;
/**
* Sets an attribute value within this CertAttrSet.
*
* @param name the name of the attribute (e.g. "x509.info.key")
* @param obj the attribute object.
*
* @exception CertificateException on attribute handling errors.
* @exception IOException on other errors.
*/
void set(String name, Object obj)
throws CertificateException, IOException;
/**
* Gets an attribute value for this CertAttrSet.
*
* @param name the name of the attribute to return.
*
* @exception CertificateException on attribute handling errors.
* @exception IOException on other errors.
*/
Object get(String name)
throws CertificateException, IOException;
void encode(DerOutputStream out) throws IOException;
}

45
src/java.base/share/classes/sun/security/x509/CertificateAlgorithmId.java
View file

@ -36,27 +36,11 @@ import sun.security.util.*;
* @author Amit Kapoor
* @author Hemma Prafullchandra
*/
public class CertificateAlgorithmId implements CertAttrSet<String> {
public class CertificateAlgorithmId implements CertAttrSet {
private AlgorithmId algId;
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.algorithmID";
/**
* Sub attributes name for this CertAttrSet.
*/
public static final String NAME = "algorithmID";
/**
* Identifier to be used with get, set, and delete methods. When
* using this identifier the associated object being passed in or
* returned is an instance of AlgorithmId.
* @see sun.security.x509.AlgorithmId
*/
public static final String ALGORITHM = "algorithm";
/**
* Default constructor for the certificate attribute.
*
@ -109,30 +93,9 @@ public class CertificateAlgorithmId implements CertAttrSet<String> {
}
/**
* Set the attribute value.
* Get the AlgorithmId value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof AlgorithmId)) {
throw new IOException("Attribute must be of type AlgorithmId.");
}
if (name.equalsIgnoreCase(ALGORITHM)) {
algId = (AlgorithmId)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateAlgorithmId.");
public AlgorithmId getAlgId() throws IOException {
return algId;
}
}
/**
* Get the attribute value.
*/
public AlgorithmId get(String name) throws IOException {
if (name.equalsIgnoreCase(ALGORITHM)) {
return (algId);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateAlgorithmId.");
}
}
}

57
src/java.base/share/classes/sun/security/x509/CertificateExtensions.java
View file

@ -40,15 +40,8 @@ import sun.security.util.*;
* @author Hemma Prafullchandra
* @see CertAttrSet
*/
public class CertificateExtensions implements CertAttrSet<Extension> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions";
/**
* name
*/
public class CertificateExtensions implements CertAttrSet {
public static final String NAME = "extensions";
private static final Debug debug = Debug.getInstance("x509");
@ -148,8 +141,7 @@ public class CertificateExtensions implements CertAttrSet<Extension> {
* @exception IOException on errors.
*/
@Override
public void encode(DerOutputStream out)
throws CertificateException, IOException {
public void encode(DerOutputStream out) throws IOException {
encode(out, false);
}
@ -162,7 +154,7 @@ public class CertificateExtensions implements CertAttrSet<Extension> {
* @exception IOException on errors.
*/
public void encode(DerOutputStream out, boolean isCertReq)
throws CertificateException, IOException {
throws IOException {
DerOutputStream extOut = new DerOutputStream();
for (Extension ext : map.values()) {
ext.encode(extOut);
@ -179,40 +171,34 @@ public class CertificateExtensions implements CertAttrSet<Extension> {
}
/**
* Set the attribute value.
* Set the extension value.
* @param name the extension name used in the cache.
* @param obj the object to set.
* @exception IOException if the object could not be cached.
* @param ext the extension to set.
*/
public void set(String name, Object obj) throws IOException {
if (obj instanceof Extension) {
map.put(name, (Extension)obj);
} else {
throw new IOException("Unknown extension type.");
}
public void setExtension(String name, Extension ext) {
map.put(name, ext);
}
/**
* Get the attribute value.
* @param name the extension name used in the lookup.
* @exception IOException if named extension is not found.
* Get the extension with this alias.
*
* @param alias the identifier string for the extension to retrieve.
* Could be one of "x509.info.extensions.ExtensionName",
* "ExtensionName", "2.3.4.5".
*/
public Extension get(String name) throws IOException {
Extension obj = map.get(name);
if (obj == null) {
throw new IOException("No extension found with name " + name);
public Extension getExtension(String alias) {
String name;
if (alias.startsWith(X509CertImpl.NAME)) {
int index = alias.lastIndexOf('.');
name = alias.substring(index + 1);
} else {
name = alias;
}
return (obj);
}
// Similar to get(String), but throw no exception, might return null.
// Used in X509CertImpl::getExtension(OID).
Extension getExtension(String name) {
return map.get(name);
}
/**
* Delete the attribute value.
* Delete the extension value.
* @param name the extension name used in the lookup.
* @exception IOException if named extension is not found.
*/
@ -310,5 +296,4 @@ public class CertificateExtensions implements CertAttrSet<Extension> {
public String toString() {
return map.toString();
}
}

40
src/java.base/share/classes/sun/security/x509/CertificateIssuerExtension.java
View file

@ -59,13 +59,9 @@ import sun.security.util.DerOutputStream;
* @see CertAttrSet
*/
public class CertificateIssuerExtension extends Extension
implements CertAttrSet<String> {
implements CertAttrSet {
/**
* Attribute names.
*/
public static final String NAME = "CertificateIssuer";
public static final String ISSUER = "issuer";
private GeneralNames names;
@ -115,39 +111,9 @@ public class CertificateIssuerExtension extends Extension
this.names = new GeneralNames(val);
}
/**
* Set the attribute value.
*
* @throws IOException on error
*/
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(ISSUER)) {
if (!(obj instanceof GeneralNames)) {
throw new IOException("Attribute value must be of type " +
"GeneralNames");
}
this.names = (GeneralNames)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateIssuer");
}
encodeThis();
}
/**
* Gets the attribute value.
*
* @throws IOException on error
*/
public GeneralNames get(String name) throws IOException {
if (name.equalsIgnoreCase(ISSUER)) {
public GeneralNames getNames() {
return names;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateIssuer");
}
}
/**
* Returns a printable representation of the certificate issuer.
@ -175,7 +141,7 @@ public class CertificateIssuerExtension extends Extension
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {

146
src/java.base/share/classes/sun/security/x509/CertificateIssuerName.java
View file

@ -1,146 +0,0 @@
/*
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.x509;
import java.io.IOException;
import java.io.InputStream;
import javax.security.auth.x500.X500Principal;
import sun.security.util.*;
/**
* This class defines the X500Name attribute for the Certificate.
*
* @author Amit Kapoor
* @author Hemma Prafullchandra
* @see CertAttrSet
*/
public class CertificateIssuerName implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.issuer";
/**
* Sub attributes name for this CertAttrSet.
*/
public static final String NAME = "issuer";
public static final String DN_NAME = "dname";
// accessor name for cached X500Principal only
// do not allow a set() of this value
public static final String DN_PRINCIPAL = "x500principal";
// Private data member
private X500Name dnName;
// cached X500Principal version of the name
private X500Principal dnPrincipal;
/**
* Default constructor for the certificate attribute.
*
* @param name the X500Name
*/
public CertificateIssuerName(X500Name name) {
this.dnName = name;
}
/**
* Create the object, decoding the values from the passed DER stream.
*
* @param in the DerInputStream to read the X500Name from.
* @exception IOException on decoding errors.
*/
public CertificateIssuerName(DerInputStream in) throws IOException {
dnName = new X500Name(in);
}
/**
* Create the object, decoding the values from the passed stream.
*
* @param in the InputStream to read the X500Name from.
* @exception IOException on decoding errors.
*/
public CertificateIssuerName(InputStream in) throws IOException {
DerValue derVal = new DerValue(in);
dnName = new X500Name(derVal);
}
/**
* Return the name as user readable string.
*/
public String toString() {
if (dnName == null) return "";
return(dnName.toString());
}
/**
* Encode the name in DER form to the stream.
*
* @param out the DerOutputStream to marshal the contents to.
* @exception IOException on errors.
*/
@Override
public void encode(DerOutputStream out) throws IOException {
dnName.encode(out);
}
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof X500Name)) {
throw new IOException("Attribute must be of type X500Name.");
}
if (name.equalsIgnoreCase(DN_NAME)) {
this.dnName = (X500Name)obj;
this.dnPrincipal = null;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateIssuerName.");
}
}
/**
* Get the attribute value.
*/
public Object get(String name) throws IOException {
if (name.equalsIgnoreCase(DN_NAME)) {
return(dnName);
} else if (name.equalsIgnoreCase(DN_PRINCIPAL)) {
if ((dnPrincipal == null) && (dnName != null)) {
dnPrincipal = dnName.asX500Principal();
}
return dnPrincipal;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateIssuerName.");
}
}
}

45
src/java.base/share/classes/sun/security/x509/CertificatePoliciesExtension.java
View file

@ -66,17 +66,9 @@ import sun.security.util.DerOutputStream;
* @see CertAttrSet
*/
public class CertificatePoliciesExtension extends Extension
implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.CertificatePolicies";
/**
* Attribute names.
*/
implements CertAttrSet {
public static final String NAME = "CertificatePolicies";
public static final String POLICIES = "policies";
/**
* List of PolicyInformation for this object.
@ -187,44 +179,19 @@ implements CertAttrSet<String> {
}
/**
* Set the attribute value.
* Get the PolicyInformation value.
*/
@SuppressWarnings("unchecked") // Checked with an instanceof check
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(POLICIES)) {
if (!(obj instanceof List)) {
throw new IOException("Attribute value should be of type List.");
}
certPolicies = (List<PolicyInformation>)obj;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:CertificatePoliciesExtension.");
}
encodeThis();
}
/**
* Get the attribute value.
*/
public List<PolicyInformation> get(String name) throws IOException {
if (name.equalsIgnoreCase(POLICIES)) {
//XXXX May want to consider cloning this
public List<PolicyInformation> getCertPolicies() {
return certPolicies;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:CertificatePoliciesExtension.");
}
}
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
return (NAME);
return NAME;
}
}

40
src/java.base/share/classes/sun/security/x509/CertificateSerialNumber.java
View file

@ -38,18 +38,9 @@ import sun.security.util.*;
* @author Hemma Prafullchandra
* @see CertAttrSet
*/
public class CertificateSerialNumber implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.serialNumber";
public class CertificateSerialNumber implements CertAttrSet {
/**
* Sub attributes name for this CertAttrSet.
*/
public static final String NAME = "serialNumber";
public static final String NUMBER = "number";
private SerialNumber serial;
@ -106,7 +97,7 @@ public class CertificateSerialNumber implements CertAttrSet<String> {
*/
public String toString() {
if (serial == null) return "";
return (serial.toString());
return serial.toString();
}
/**
@ -120,31 +111,8 @@ public class CertificateSerialNumber implements CertAttrSet<String> {
serial.encode(out);
}
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof SerialNumber)) {
throw new IOException("Attribute must be of type SerialNumber.");
}
if (name.equalsIgnoreCase(NUMBER)) {
serial = (SerialNumber)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateSerialNumber.");
}
}
/**
* Get the attribute value.
*/
public SerialNumber get(String name) throws IOException {
if (name.equalsIgnoreCase(NUMBER)) {
return (serial);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateSerialNumber.");
}
public SerialNumber getSerial() {
return serial;
}
/**

51
src/java.base/share/classes/sun/security/x509/CertificateSubjectName.java
View file

@ -39,21 +39,9 @@ import sun.security.util.*;
* @author Hemma Prafullchandra
* @see CertAttrSet
*/
public class CertificateSubjectName implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.subject";
/**
* Sub attributes name for this CertAttrSet.
*/
public static final String NAME = "subject";
public static final String DN_NAME = "dname";
public class CertificateSubjectName implements CertAttrSet {
// accessor name for cached X500Principal only
// do not allow a set() of this value
public static final String DN_PRINCIPAL = "x500principal";
public static final String NAME = "subject";
// Private data member
private X500Name dnName;
@ -96,7 +84,7 @@ public class CertificateSubjectName implements CertAttrSet<String> {
*/
public String toString() {
if (dnName == null) return "";
return(dnName.toString());
return dnName.toString();
}
/**
@ -109,37 +97,4 @@ public class CertificateSubjectName implements CertAttrSet<String> {
public void encode(DerOutputStream out) throws IOException {
dnName.encode(out);
}
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof X500Name)) {
throw new IOException("Attribute must be of type X500Name.");
}
if (name.equalsIgnoreCase(DN_NAME)) {
this.dnName = (X500Name)obj;
this.dnPrincipal = null;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateSubjectName.");
}
}
/**
* Get the attribute value.
*/
public Object get(String name) throws IOException {
if (name.equalsIgnoreCase(DN_NAME)) {
return(dnName);
} else if (name.equalsIgnoreCase(DN_PRINCIPAL)) {
if ((dnPrincipal == null) && (dnName != null)) {
dnPrincipal = dnName.asX500Principal();
}
return dnPrincipal;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:CertificateSubjectName.");
}
}
}

52
src/java.base/share/classes/sun/security/x509/CertificateValidity.java
View file

@ -37,18 +37,9 @@ import sun.security.util.*;
* @author Hemma Prafullchandra
* @see CertAttrSet
*/
public class CertificateValidity implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.validity";
/**
* Sub attributes name for this CertAttrSet.
*/
public class CertificateValidity implements CertAttrSet {
public static final String NAME = "validity";
public static final String NOT_BEFORE = "notBefore";
public static final String NOT_AFTER = "notAfter";
/**
* YR_2050 date and time set to Jan01 00:00 2050 GMT
*/
@ -59,13 +50,13 @@ public class CertificateValidity implements CertAttrSet<String> {
private Date notAfter;
// Returns the first time the certificate is valid.
private Date getNotBefore() {
return (new Date(notBefore.getTime()));
public Date getNotBefore() {
return new Date(notBefore.getTime());
}
// Returns the last time the certificate is valid.
private Date getNotAfter() {
return (new Date(notAfter.getTime()));
public Date getNotAfter() {
return new Date(notAfter.getTime());
}
// Construct the class from the DerValue
@ -169,37 +160,6 @@ public class CertificateValidity implements CertAttrSet<String> {
out.write(DerValue.tag_Sequence, pair);
}
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof Date)) {
throw new IOException("Attribute must be of type Date.");
}
if (name.equalsIgnoreCase(NOT_BEFORE)) {
notBefore = (Date)obj;
} else if (name.equalsIgnoreCase(NOT_AFTER)) {
notAfter = (Date)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet: CertificateValidity.");
}
}
/**
* Get the attribute value.
*/
public Date get(String name) throws IOException {
if (name.equalsIgnoreCase(NOT_BEFORE)) {
return (getNotBefore());
} else if (name.equalsIgnoreCase(NOT_AFTER)) {
return (getNotAfter());
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet: CertificateValidity.");
}
}
/**
* Verify that the current time is within the validity period.
*

47
src/java.base/share/classes/sun/security/x509/CertificateVersion.java
View file

@ -37,7 +37,7 @@ import sun.security.util.*;
* @author Hemma Prafullchandra
* @see CertAttrSet
*/
public class CertificateVersion implements CertAttrSet<String> {
public class CertificateVersion implements CertAttrSet {
/**
* X509Certificate Version 1
*/
@ -50,23 +50,15 @@ public class CertificateVersion implements CertAttrSet<String> {
* X509Certificate Version 3
*/
public static final int V3 = 2;
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.version";
/**
* Sub attributes name for this CertAttrSet.
*/
public static final String NAME = "version";
public static final String VERSION = "number";
// Private data members
int version = V1;
// Returns the version number.
private int getVersion() {
return(version);
public int getVersion() {
return version;
}
// Construct the class from the passed DerValue
@ -147,7 +139,7 @@ public class CertificateVersion implements CertAttrSet<String> {
* Return the version number of the certificate.
*/
public String toString() {
return("Version: V" + (version+1));
return "Version: V" + (version+1);
}
/**
@ -169,37 +161,10 @@ public class CertificateVersion implements CertAttrSet<String> {
tmp);
}
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof Integer)) {
throw new IOException("Attribute must be of type Integer.");
}
if (name.equalsIgnoreCase(VERSION)) {
version = ((Integer)obj).intValue();
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet: CertificateVersion.");
}
}
/**
* Get the attribute value.
*/
public Integer get(String name) throws IOException {
if (name.equalsIgnoreCase(VERSION)) {
return(getVersion());
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet: CertificateVersion.");
}
}
/**
* Compare versions.
*/
public int compare(int vers) {
return(version - vers);
return version - vers;
}
}

37
src/java.base/share/classes/sun/security/x509/CertificateX509Key.java
View file

@ -38,17 +38,9 @@ import sun.security.util.*;
* @author Hemma Prafullchandra
* @see CertAttrSet
*/
public class CertificateX509Key implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.key";
/**
* Sub attributes name for this CertAttrSet.
*/
public class CertificateX509Key implements CertAttrSet {
public static final String NAME = "key";
public static final String KEY = "value";
// Private data member
private PublicKey key;
@ -89,7 +81,7 @@ public class CertificateX509Key implements CertAttrSet<String> {
*/
public String toString() {
if (key == null) return "";
return(key.toString());
return key.toString();
}
/**
@ -104,27 +96,10 @@ public class CertificateX509Key implements CertAttrSet<String> {
}
/**
* Set the attribute value.
* Get the PublicKey value.
*/
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(KEY)) {
this.key = (PublicKey)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet: CertificateX509Key.");
}
}
/**
* Get the attribute value.
*/
public PublicKey get(String name) throws IOException {
if (name.equalsIgnoreCase(KEY)) {
return(key);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet: CertificateX509Key.");
}
public PublicKey getKey() {
return key;
}
}

3
src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java
View file

@ -59,9 +59,6 @@ import java.math.BigInteger;
*/
public class DeltaCRLIndicatorExtension extends CRLNumberExtension {
/**
* Attribute name.
*/
public static final String NAME = "DeltaCRLIndicator";
private static final String LABEL = "Base CRL Number";

45
src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java
View file

@ -77,19 +77,9 @@ import sun.security.util.ObjectIdentifier;
* @since 1.4
*/
public class ExtendedKeyUsageExtension extends Extension
implements CertAttrSet<String> {
implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.ExtendedKeyUsage";
/**
* Attribute names.
*/
public static final String NAME = "ExtendedKeyUsage";
public static final String USAGES = "usages";
/**
* Vector of KeyUsages for this object.
@ -207,45 +197,20 @@ implements CertAttrSet<String> {
}
/**
* Set the attribute value.
* Get the keyUsages value.
*/
@SuppressWarnings("unchecked") // Checked with instanceof
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(USAGES)) {
if (!(obj instanceof Vector)) {
throw new IOException("Attribute value should be of type Vector.");
}
this.keyUsages = (Vector<ObjectIdentifier>)obj;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:ExtendedKeyUsageExtension.");
}
encodeThis();
}
/**
* Get the attribute value.
*/
public Vector<ObjectIdentifier> get(String name) throws IOException {
if (name.equalsIgnoreCase(USAGES)) {
//XXXX May want to consider cloning this
public Vector<ObjectIdentifier> getUsages() {
return keyUsages;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:ExtendedKeyUsageExtension.");
}
}
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
return (NAME);
return NAME;
}
public List<String> getExtendedKeyUsage() {

64
src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java
View file

@ -57,15 +57,7 @@ import sun.security.util.*;
* @see Extension
*/
public class InhibitAnyPolicyExtension extends Extension
implements CertAttrSet<String> {
private static final Debug debug = Debug.getInstance("certpath");
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.InhibitAnyPolicy";
implements CertAttrSet {
/**
* Object identifier for "any-policy"
@ -73,11 +65,7 @@ implements CertAttrSet<String> {
public static ObjectIdentifier AnyPolicy_Id =
ObjectIdentifier.of(KnownOIDs.CE_CERT_POLICIES_ANY);
/**
* Attribute names.
*/
public static final String NAME = "InhibitAnyPolicy";
public static final String SKIP_CERTS = "skip_certs";
// Private data members
private int skipCerts = Integer.MAX_VALUE;
@ -167,57 +155,17 @@ implements CertAttrSet<String> {
super.encode(out);
}
/**
* Set the attribute value.
*
* @param name name of attribute to set. Must be SKIP_CERTS.
* @param obj value to which attribute is to be set. Must be Integer
* type.
* @throws IOException on error
*/
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(SKIP_CERTS)) {
if (!(obj instanceof Integer))
throw new IOException("Attribute value should be of type Integer.");
int skipCertsValue = ((Integer)obj).intValue();
if (skipCertsValue < -1)
throw new IOException("Invalid value for skipCerts");
if (skipCertsValue == -1) {
skipCerts = Integer.MAX_VALUE;
} else {
skipCerts = skipCertsValue;
}
} else
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:InhibitAnyPolicy.");
encodeThis();
public int getSkipCerts() {
return skipCerts;
}
/**
* Get the attribute value.
* Return the name of this extension.
*
* @param name name of attribute to get. Must be SKIP_CERTS.
* @return value of the attribute. In this case it will be of type
* Integer.
* @throws IOException on error
*/
public Integer get(String name) throws IOException {
if (name.equalsIgnoreCase(SKIP_CERTS))
return (skipCerts);
else
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:InhibitAnyPolicy.");
}
/**
* Return the name of this attribute.
*
* @return name of attribute.
* @return name of extension.
*/
@Override
public String getName() {
return (NAME);
return NAME;
}
}

32
src/java.base/share/classes/sun/security/x509/InvalidityDateExtension.java
View file

@ -56,13 +56,12 @@ import sun.security.util.*;
* @author Sean Mullan
*/
public class InvalidityDateExtension extends Extension
implements CertAttrSet<String> {
implements CertAttrSet {
/**
* Attribute name and Reason codes
*/
public static final String NAME = "InvalidityDate";
public static final String DATE = "date";
private Date date;
@ -118,34 +117,13 @@ public class InvalidityDateExtension extends Extension
}
/**
* Set the attribute value.
* Get the Date value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof Date)) {
throw new IOException("Attribute must be of type Date.");
}
if (name.equalsIgnoreCase(DATE)) {
date = (Date) obj;
} else {
throw new IOException
("Name not supported by InvalidityDateExtension");
}
encodeThis();
}
/**
* Get the attribute value.
*/
public Date get(String name) throws IOException {
if (name.equalsIgnoreCase(DATE)) {
public Date getDate() throws IOException {
if (date == null) {
return null;
} else {
return (new Date(date.getTime())); // clone
}
} else {
throw new IOException
("Name not supported by InvalidityDateExtension");
return new Date(date.getTime()); // clone
}
}
@ -175,7 +153,7 @@ public class InvalidityDateExtension extends Extension
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {

48
src/java.base/share/classes/sun/security/x509/IssuerAlternativeNameExtension.java
View file

@ -46,18 +46,9 @@ import sun.security.util.*;
* @see CertAttrSet
*/
public class IssuerAlternativeNameExtension
extends Extension implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.IssuerAlternativeName";
/**
* Attribute names.
*/
extends Extension implements CertAttrSet {
public static final String NAME = "IssuerAlternativeName";
public static final String ISSUER_NAME = "issuer_name";
// private data members
GeneralNames names;
@ -170,42 +161,15 @@ extends Extension implements CertAttrSet<String> {
super.encode(out);
}
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(ISSUER_NAME)) {
if (!(obj instanceof GeneralNames)) {
throw new IOException("Attribute value should be of" +
" type GeneralNames.");
}
names = (GeneralNames)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:IssuerAlternativeName.");
}
encodeThis();
public GeneralNames getNames() {
return names;
}
/**
* Get the attribute value.
*/
public GeneralNames get(String name) throws IOException {
if (name.equalsIgnoreCase(ISSUER_NAME)) {
return (names);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:IssuerAlternativeName.");
}
}
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
return (NAME);
return NAME;
}
}

114
src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java
View file

@ -64,25 +64,9 @@ import sun.security.util.DerValue;
* @since 1.6
*/
public class IssuingDistributionPointExtension extends Extension
implements CertAttrSet<String> {
implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.IssuingDistributionPoint";
/**
* Attribute names.
*/
public static final String NAME = "IssuingDistributionPoint";
public static final String POINT = "point";
public static final String REASONS = "reasons";
public static final String ONLY_USER_CERTS = "only_user_certs";
public static final String ONLY_CA_CERTS = "only_ca_certs";
public static final String ONLY_ATTRIBUTE_CERTS = "only_attribute_certs";
public static final String INDIRECT_CRL = "indirect_crl";
/*
* The distribution point name for the CRL.
@ -218,7 +202,7 @@ public class IssuingDistributionPointExtension extends Extension
}
/**
* Returns the name of this attribute.
* Returns the name of this extension.
*/
@Override
public String getName() {
@ -242,90 +226,34 @@ public class IssuingDistributionPointExtension extends Extension
super.encode(out);
}
/**
* Sets the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(POINT)) {
if (!(obj instanceof DistributionPointName)) {
throw new IOException(
"Attribute value should be of type DistributionPointName.");
}
distributionPoint = (DistributionPointName)obj;
} else if (name.equalsIgnoreCase(REASONS)) {
if (!(obj instanceof ReasonFlags)) {
throw new IOException(
"Attribute value should be of type ReasonFlags.");
}
revocationReasons = (ReasonFlags)obj;
} else if (name.equalsIgnoreCase(INDIRECT_CRL)) {
if (!(obj instanceof Boolean)) {
throw new IOException(
"Attribute value should be of type Boolean.");
}
isIndirectCRL = ((Boolean)obj).booleanValue();
} else if (name.equalsIgnoreCase(ONLY_USER_CERTS)) {
if (!(obj instanceof Boolean)) {
throw new IOException(
"Attribute value should be of type Boolean.");
}
hasOnlyUserCerts = ((Boolean)obj).booleanValue();
} else if (name.equalsIgnoreCase(ONLY_CA_CERTS)) {
if (!(obj instanceof Boolean)) {
throw new IOException(
"Attribute value should be of type Boolean.");
}
hasOnlyCACerts = ((Boolean)obj).booleanValue();
} else if (name.equalsIgnoreCase(ONLY_ATTRIBUTE_CERTS)) {
if (!(obj instanceof Boolean)) {
throw new IOException(
"Attribute value should be of type Boolean.");
}
hasOnlyAttributeCerts = ((Boolean)obj).booleanValue();
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:IssuingDistributionPointExtension.");
}
public void setRevocationReasons(ReasonFlags val) throws IOException {
revocationReasons = val;
encodeThis();
}
/**
* Gets the attribute value.
*/
public Object get(String name) throws IOException {
if (name.equalsIgnoreCase(POINT)) {
public DistributionPointName getDistributionPoint() {
return distributionPoint;
}
} else if (name.equalsIgnoreCase(INDIRECT_CRL)) {
return Boolean.valueOf(isIndirectCRL);
} else if (name.equalsIgnoreCase(REASONS)) {
public ReasonFlags getRevocationReasons() {
return revocationReasons;
} else if (name.equalsIgnoreCase(ONLY_USER_CERTS)) {
return Boolean.valueOf(hasOnlyUserCerts);
} else if (name.equalsIgnoreCase(ONLY_CA_CERTS)) {
return Boolean.valueOf(hasOnlyCACerts);
} else if (name.equalsIgnoreCase(ONLY_ATTRIBUTE_CERTS)) {
return Boolean.valueOf(hasOnlyAttributeCerts);
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:IssuingDistributionPointExtension.");
}
}
public boolean hasOnlyUserCerts() {
return hasOnlyUserCerts;
}
public boolean hasOnlyCACerts() {
return hasOnlyCACerts;
}
public boolean hasOnlyAttributeCerts() {
return hasOnlyAttributeCerts;
}
public boolean isIndirectCRL() {
return isIndirectCRL;
}
// Encodes this extension value
private void encodeThis() throws IOException {

40
src/java.base/share/classes/sun/security/x509/KeyUsageExtension.java
View file

@ -44,16 +44,8 @@ import sun.security.util.*;
* @see CertAttrSet
*/
public class KeyUsageExtension extends Extension
implements CertAttrSet<String> {
implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.KeyUsage";
/**
* Attribute names.
*/
public static final String NAME = "KeyUsage";
public static final String DIGITAL_SIGNATURE = "digital_signature";
public static final String NON_REPUDIATION = "non_repudiation";
@ -183,11 +175,7 @@ implements CertAttrSet<String> {
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof Boolean)) {
throw new IOException("Attribute must be of type Boolean.");
}
boolean val = ((Boolean)obj).booleanValue();
public void set(String name, boolean val) throws IOException {
if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) {
set(0,val);
} else if (name.equalsIgnoreCase(NON_REPUDIATION)) {
@ -216,25 +204,25 @@ implements CertAttrSet<String> {
/**
* Get the attribute value.
*/
public Boolean get(String name) throws IOException {
public boolean get(String name) throws IOException {
if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) {
return Boolean.valueOf(isSet(0));
return isSet(0);
} else if (name.equalsIgnoreCase(NON_REPUDIATION)) {
return Boolean.valueOf(isSet(1));
return isSet(1);
} else if (name.equalsIgnoreCase(KEY_ENCIPHERMENT)) {
return Boolean.valueOf(isSet(2));
return isSet(2);
} else if (name.equalsIgnoreCase(DATA_ENCIPHERMENT)) {
return Boolean.valueOf(isSet(3));
return isSet(3);
} else if (name.equalsIgnoreCase(KEY_AGREEMENT)) {
return Boolean.valueOf(isSet(4));
return isSet(4);
} else if (name.equalsIgnoreCase(KEY_CERTSIGN)) {
return Boolean.valueOf(isSet(5));
return isSet(5);
} else if (name.equalsIgnoreCase(CRL_SIGN)) {
return Boolean.valueOf(isSet(6));
return isSet(6);
} else if (name.equalsIgnoreCase(ENCIPHER_ONLY)) {
return Boolean.valueOf(isSet(7));
return isSet(7);
} else if (name.equalsIgnoreCase(DECIPHER_ONLY)) {
return Boolean.valueOf(isSet(8));
return isSet(8);
} else {
throw new IOException("Attribute name not recognized by"
+ " CertAttrSet:KeyUsage.");
@ -305,10 +293,10 @@ implements CertAttrSet<String> {
}
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
return (NAME);
return NAME;
}
}

65
src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java
View file

@ -60,18 +60,9 @@ import sun.security.pkcs.PKCS9Attribute;
* @see CertAttrSet
*/
public class NameConstraintsExtension extends Extension
implements CertAttrSet<String>, Cloneable {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.NameConstraints";
/**
* Attribute names.
*/
implements CertAttrSet, Cloneable {
public static final String NAME = "NameConstraints";
public static final String PERMITTED_SUBTREES = "permitted_subtrees";
public static final String EXCLUDED_SUBTREES = "excluded_subtrees";
// Private data members
private static final byte TAG_PERMITTED = 0;
@ -244,51 +235,20 @@ implements CertAttrSet<String>, Cloneable {
super.encode(out);
}
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) {
if (!(obj instanceof GeneralSubtrees)) {
throw new IOException("Attribute value should be"
+ " of type GeneralSubtrees.");
public GeneralSubtrees getPermittedSubtrees() {
return permitted;
}
permitted = (GeneralSubtrees)obj;
} else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) {
if (!(obj instanceof GeneralSubtrees)) {
throw new IOException("Attribute value should be "
+ "of type GeneralSubtrees.");
}
excluded = (GeneralSubtrees)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:NameConstraintsExtension.");
}
encodeThis();
public GeneralSubtrees getExcludedSubtrees() {
return excluded;
}
/**
* Get the attribute value.
*/
public GeneralSubtrees get(String name) throws IOException {
if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) {
return (permitted);
} else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) {
return (excluded);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:NameConstraintsExtension.");
}
}
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
return (NAME);
return NAME;
}
/**
@ -327,7 +287,7 @@ implements CertAttrSet<String>, Cloneable {
* value and the value indicated in the extension field.
*/
GeneralSubtrees newExcluded = newConstraints.get(EXCLUDED_SUBTREES);
GeneralSubtrees newExcluded = newConstraints.getExcludedSubtrees();
if (excluded == null) {
excluded = (newExcluded != null) ?
(GeneralSubtrees)newExcluded.clone() : null;
@ -344,7 +304,7 @@ implements CertAttrSet<String>, Cloneable {
* previous value and the value indicated in the extension field.
*/
GeneralSubtrees newPermitted = newConstraints.get(PERMITTED_SUBTREES);
GeneralSubtrees newPermitted = newConstraints.getPermittedSubtrees();
if (permitted == null) {
permitted = (newPermitted != null) ?
(GeneralSubtrees)newPermitted.clone() : null;
@ -432,8 +392,7 @@ implements CertAttrSet<String>, Cloneable {
if (altNameExt != null) {
// extract altNames from extension; this call does not
// return an IOException on null altnames
altNames = altNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
altNames = altNameExt.getNames();
}
} catch (CertificateException ce) {
throw new IOException("Unable to extract extensions from " +

26
src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java
View file

@ -48,17 +48,8 @@ import sun.security.util.*;
*/
public class NetscapeCertTypeExtension extends Extension
implements CertAttrSet<String> {
implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.NetscapeCertType";
/**
* Attribute names.
*/
public static final String NAME = "NetscapeCertType";
public static final String SSL_CLIENT = "ssl_client";
public static final String SSL_SERVER = "ssl_server";
@ -199,11 +190,7 @@ implements CertAttrSet<String> {
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof Boolean))
throw new IOException("Attribute must be of type Boolean.");
boolean val = ((Boolean)obj).booleanValue();
public void set(String name, Boolean val) throws IOException {
set(getPosition(name), val);
encodeThis();
}
@ -211,11 +198,10 @@ implements CertAttrSet<String> {
/**
* Get the attribute value.
*/
public Boolean get(String name) throws IOException {
return Boolean.valueOf(isSet(getPosition(name)));
public boolean get(String name) throws IOException {
return isSet(getPosition(name));
}
/**
* Returns a printable representation of the NetscapeCertType.
*/
@ -268,11 +254,11 @@ implements CertAttrSet<String> {
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
return (NAME);
return NAME;
}
/**

31
src/java.base/share/classes/sun/security/x509/OCSPNoCheckExtension.java
View file

@ -48,17 +48,8 @@ import java.io.IOException;
* @see CertAttrSet
*/
public class OCSPNoCheckExtension extends Extension
implements CertAttrSet<String> {
implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.OCSPNoCheck";
/**
* Attribute names.
*/
public static final String NAME = "OCSPNoCheck";
/**
@ -88,25 +79,7 @@ public class OCSPNoCheckExtension extends Extension
}
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
throw new IOException("No attribute is allowed by " +
"CertAttrSet:OCSPNoCheckExtension.");
}
/**
* Get the attribute value.
*/
public Object get(String name) throws IOException {
throw new IOException("No attribute is allowed by " +
"CertAttrSet:OCSPNoCheckExtension.");
}
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {

52
src/java.base/share/classes/sun/security/x509/PolicyConstraintsExtension.java
View file

@ -53,18 +53,9 @@ import sun.security.util.*;
* @see CertAttrSet
*/
public class PolicyConstraintsExtension extends Extension
implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.PolicyConstraints";
/**
* Attribute names.
*/
implements CertAttrSet {
public static final String NAME = "PolicyConstraints";
public static final String REQUIRE = "require";
public static final String INHIBIT = "inhibit";
private static final byte TAG_REQUIRE = 0;
private static final byte TAG_INHIBIT = 1;
@ -209,46 +200,19 @@ implements CertAttrSet<String> {
super.encode(out);
}
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof Integer)) {
throw new IOException("Attribute value should be of type Integer.");
}
if (name.equalsIgnoreCase(REQUIRE)) {
require = ((Integer)obj).intValue();
} else if (name.equalsIgnoreCase(INHIBIT)) {
inhibit = ((Integer)obj).intValue();
} else {
throw new IOException("Attribute name " + "[" + name + "]" +
" not recognized by " +
"CertAttrSet:PolicyConstraints.");
}
encodeThis();
}
/**
* Get the attribute value.
*/
public Integer get(String name) throws IOException {
if (name.equalsIgnoreCase(REQUIRE)) {
public int getRequire() {
return require;
} else if (name.equalsIgnoreCase(INHIBIT)) {
}
public int getInhibit() {
return inhibit;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:PolicyConstraints.");
}
}
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
return (NAME);
return NAME;
}
}

48
src/java.base/share/classes/sun/security/x509/PolicyInformation.java
View file

@ -166,54 +166,6 @@ public class PolicyInformation {
return policyQualifiers;
}
/**
* Get the attribute value.
*/
public Object get(String name) throws IOException {
if (name.equalsIgnoreCase(ID)) {
return policyIdentifier;
} else if (name.equalsIgnoreCase(QUALIFIERS)) {
return policyQualifiers;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by PolicyInformation.");
}
}
/**
* Set the attribute value.
*/
@SuppressWarnings("unchecked") // Checked with instanceof
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(ID)) {
if (obj instanceof CertificatePolicyId)
policyIdentifier = (CertificatePolicyId)obj;
else
throw new IOException("Attribute value must be instance " +
"of CertificatePolicyId.");
} else if (name.equalsIgnoreCase(QUALIFIERS)) {
if (policyIdentifier == null) {
throw new IOException("Attribute must have a " +
"CertificatePolicyIdentifier value before " +
"PolicyQualifierInfo can be set.");
}
if (obj instanceof Set) {
for (Object obj1 : (Set<?>) obj) {
if (!(obj1 instanceof PolicyQualifierInfo)) {
throw new IOException("Attribute value must be a " +
"Set of PolicyQualifierInfo objects.");
}
}
policyQualifiers = (Set<PolicyQualifierInfo>) obj;
} else {
throw new IOException("Attribute value must be of type Set.");
}
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by PolicyInformation");
}
}
/**
* Return a printable representation of the PolicyInformation.
*/

46
src/java.base/share/classes/sun/security/x509/PolicyMappingsExtension.java
View file

@ -50,17 +50,9 @@ import sun.security.util.*;
* @see CertAttrSet
*/
public class PolicyMappingsExtension extends Extension
implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.PolicyMappings";
/**
* Attribute names.
*/
implements CertAttrSet {
public static final String NAME = "PolicyMappings";
public static final String MAP = "map";
// Private data members
private List<CertificatePolicyMap> maps;
@ -157,41 +149,15 @@ implements CertAttrSet<String> {
super.encode(out);
}
/**
* Set the attribute value.
*/
@SuppressWarnings("unchecked") // Checked with instanceof
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(MAP)) {
if (!(obj instanceof List)) {
throw new IOException("Attribute value should be of" +
" type List.");
}
maps = (List<CertificatePolicyMap>)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:PolicyMappingsExtension.");
}
encodeThis();
public List<CertificatePolicyMap> getMaps() {
return maps;
}
/**
* Get the attribute value.
*/
public List<CertificatePolicyMap> get(String name) throws IOException {
if (name.equalsIgnoreCase(MAP)) {
return (maps);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:PolicyMappingsExtension.");
}
}
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName () {
return (NAME);
return NAME;
}
}

56
src/java.base/share/classes/sun/security/x509/PrivateKeyUsageExtension.java
View file

@ -58,18 +58,9 @@ import sun.security.util.*;
* @see CertAttrSet
*/
public class PrivateKeyUsageExtension extends Extension
implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.PrivateKeyUsage";
/**
* Sub attributes name for this CertAttrSet.
*/
implements CertAttrSet {
public static final String NAME = "PrivateKeyUsage";
public static final String NOT_BEFORE = "not_before";
public static final String NOT_AFTER = "not_after";
// Private data members
private static final byte TAG_BEFORE = 0;
@ -248,48 +239,19 @@ implements CertAttrSet<String> {
super.encode(out);
}
/**
* Set the attribute value.
* @exception CertificateException on attribute handling errors.
*/
public void set(String name, Object obj)
throws CertificateException, IOException {
if (!(obj instanceof Date)) {
throw new CertificateException("Attribute must be of type Date.");
public Date getNotBefore() {
return new Date(notBefore.getTime());
}
if (name.equalsIgnoreCase(NOT_BEFORE)) {
notBefore = (Date)obj;
} else if (name.equalsIgnoreCase(NOT_AFTER)) {
notAfter = (Date)obj;
} else {
throw new CertificateException("Attribute name not recognized by"
+ " CertAttrSet:PrivateKeyUsage.");
}
encodeThis();
public Date getNotAfter() {
return new Date(notAfter.getTime());
}
/**
* Get the attribute value.
* @exception CertificateException on attribute handling errors.
*/
public Date get(String name) throws CertificateException {
if (name.equalsIgnoreCase(NOT_BEFORE)) {
return (new Date(notBefore.getTime()));
} else if (name.equalsIgnoreCase(NOT_AFTER)) {
return (new Date(notAfter.getTime()));
} else {
throw new CertificateException("Attribute name not recognized by"
+ " CertAttrSet:PrivateKeyUsage.");
}
}
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
return(NAME);
return NAME;
}
}

45
src/java.base/share/classes/sun/security/x509/SubjectAlternativeNameExtension.java
View file

@ -51,18 +51,9 @@ import sun.security.util.*;
* @see CertAttrSet
*/
public class SubjectAlternativeNameExtension extends Extension
implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.SubjectAlternativeName";
/**
* Attribute names.
*/
implements CertAttrSet {
public static final String NAME = "SubjectAlternativeName";
public static final String SUBJECT_NAME = "subject_name";
// private data members
GeneralNames names;
@ -173,41 +164,19 @@ implements CertAttrSet<String> {
}
/**
* Set the attribute value.
* Get the GeneralNames value.
*/
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(SUBJECT_NAME)) {
if (!(obj instanceof GeneralNames)) {
throw new IOException("Attribute value should be of " +
"type GeneralNames.");
}
names = (GeneralNames)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:SubjectAlternativeName.");
}
encodeThis();
}
/**
* Get the attribute value.
*/
public GeneralNames get(String name) throws IOException {
if (name.equalsIgnoreCase(SUBJECT_NAME)) {
return (names);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:SubjectAlternativeName.");
}
public GeneralNames getNames() {
return names;
}
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
return (NAME);
return NAME;
}
}

49
src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java
View file

@ -67,20 +67,9 @@ import sun.security.util.DerValue;
*/
public class SubjectInfoAccessExtension extends Extension
implements CertAttrSet<String> {
implements CertAttrSet {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.SubjectInfoAccess";
/**
* Attribute name.
*/
public static final String NAME = "SubjectInfoAccess";
public static final String DESCRIPTIONS = "descriptions";
/**
* The List of AccessDescription objects.
@ -140,7 +129,7 @@ public class SubjectInfoAccessExtension extends Extension
}
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
@ -163,39 +152,6 @@ public class SubjectInfoAccessExtension extends Extension
super.encode(out);
}
/**
* Set the attribute value.
*/
@SuppressWarnings("unchecked") // Checked with instanceof
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(DESCRIPTIONS)) {
if (!(obj instanceof List)) {
throw new IOException("Attribute value should be of type List.");
}
accessDescriptions = (List<AccessDescription>)obj;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:SubjectInfoAccessExtension.");
}
encodeThis();
}
/**
* Get the attribute value.
*/
public List<AccessDescription> get(String name) throws IOException {
if (name.equalsIgnoreCase(DESCRIPTIONS)) {
return accessDescriptions;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:SubjectInfoAccessExtension.");
}
}
// Encode this extension value
private void encodeThis() throws IOException {
if (accessDescriptions.isEmpty()) {
@ -218,5 +174,4 @@ public class SubjectInfoAccessExtension extends Extension
return super.toString() +
"SubjectInfoAccess [\n " + accessDescriptions + "\n]\n";
}
}

48
src/java.base/share/classes/sun/security/x509/SubjectKeyIdentifierExtension.java
View file

@ -51,18 +51,9 @@ import sun.security.util.*;
* @see CertAttrSet
*/
public class SubjectKeyIdentifierExtension extends Extension
implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.SubjectKeyIdentifier";
/**
* Attribute names.
*/
implements CertAttrSet {
public static final String NAME = "SubjectKeyIdentifier";
public static final String KEY_ID = "key_id";
// Private data member
private KeyIdentifier id;
@ -133,42 +124,15 @@ implements CertAttrSet<String> {
super.encode(out);
}
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(KEY_ID)) {
if (!(obj instanceof KeyIdentifier)) {
throw new IOException("Attribute value should be of" +
" type KeyIdentifier.");
}
id = (KeyIdentifier)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:SubjectKeyIdentifierExtension.");
}
encodeThis();
public KeyIdentifier getKeyIdentifier() {
return id;
}
/**
* Get the attribute value.
*/
public KeyIdentifier get(String name) throws IOException {
if (name.equalsIgnoreCase(KEY_ID)) {
return (id);
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:SubjectKeyIdentifierExtension.");
}
}
/**
* Return the name of this attribute.
* Return the name of this extension.
*/
@Override
public String getName() {
return (NAME);
return NAME;
}
}

72
src/java.base/share/classes/sun/security/x509/X509AttributeName.java
View file

@ -1,72 +0,0 @@
/*
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.x509;
/**
* This class is used to parse attribute names like "x509.info.extensions".
*
* @author Amit Kapoor
* @author Hemma Prafullchandra
*/
public class X509AttributeName {
// Public members
private static final char SEPARATOR = '.';
// Private data members
private final String prefix;
private final String suffix;
/**
* Default constructor for the class. Name is of the form
* "x509.info.extensions".
*
* @param name the attribute name.
*/
public X509AttributeName(String name) {
int i = name.indexOf(SEPARATOR);
if (i < 0) {
prefix = name;
suffix = null;
} else {
prefix = name.substring(0, i);
suffix = name.substring(i + 1);
}
}
/**
* Return the prefix of the name.
*/
public String getPrefix() {
return (prefix);
}
/**
* Return the suffix of the name.
*/
public String getSuffix() {
return (suffix);
}
}

11
src/java.base/share/classes/sun/security/x509/X509CRLEntryImpl.java
View file

@ -144,7 +144,7 @@ public class X509CRLEntryImpl extends X509CRLEntry
* false.
*/
public boolean hasExtensions() {
return (extensions != null);
return extensions != null;
}
/**
@ -272,14 +272,13 @@ public class X509CRLEntryImpl extends X509CRLEntry
* get Reason Code from CRL entry.
*
* @return Integer or null, if no such extension
* @throws IOException on error
*/
public Integer getReasonCode() throws IOException {
public Integer getReasonCode() {
Object obj = getExtension(PKIXExtensions.ReasonCode_Id);
if (obj == null)
return null;
CRLReasonCodeExtension reasonCode = (CRLReasonCodeExtension)obj;
return reasonCode.get(CRLReasonCodeExtension.REASON);
return reasonCode.getReason();
}
/**
@ -416,7 +415,7 @@ public class X509CRLEntryImpl extends X509CRLEntry
}
}
} else
crlExt = extensions.get(extAlias);
crlExt = extensions.getExtension(extAlias);
if (crlExt == null)
return null;
byte[] extData = crlExt.getExtensionValue();
@ -443,7 +442,7 @@ public class X509CRLEntryImpl extends X509CRLEntry
// following returns null if no such OID in map
//XXX consider cloning this
return extensions.get(OIDMap.getName(oid));
return extensions.getExtension(OIDMap.getName(oid));
}
private void parse(DerValue derVal)

72
src/java.base/share/classes/sun/security/x509/X509CRLImpl.java
View file

@ -207,11 +207,7 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
X500Principal badCertIssuer = crlIssuer;
for (int i = 0; i < badCerts.length; i++) {
X509CRLEntryImpl badCert = (X509CRLEntryImpl)badCerts[i];
try {
badCertIssuer = getCertIssuer(badCert, badCertIssuer);
} catch (IOException ioe) {
throw new CRLException(ioe);
}
badCert.setCertificateIssuer(crlIssuer, badCertIssuer);
X509IssuerSerial issuerSerial = new X509IssuerSerial
(badCertIssuer, badCert.getSerialNumber());
@ -686,7 +682,7 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
* @return the thisUpdate date from the CRL.
*/
public Date getThisUpdate() {
return (new Date(thisUpdate.getTime()));
return new Date(thisUpdate.getTime());
}
/**
@ -698,7 +694,7 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
public Date getNextUpdate() {
if (nextUpdate == null)
return null;
return (new Date(nextUpdate.getTime()));
return new Date(nextUpdate.getTime());
}
/**
@ -838,13 +834,11 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
*
* @return AuthorityKeyIdentifier or null
* (if no AuthorityKeyIdentifierExtension)
* @throws IOException on error
*/
public KeyIdentifier getAuthKeyId() throws IOException {
public KeyIdentifier getAuthKeyId() {
AuthorityKeyIdentifierExtension aki = getAuthKeyIdExtension();
if (aki != null) {
return (KeyIdentifier)aki.get(
AuthorityKeyIdentifierExtension.KEY_ID);
return aki.getKeyIdentifier();
} else {
return null;
}
@ -854,35 +848,31 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
* return the AuthorityKeyIdentifierExtension, if any.
*
* @return AuthorityKeyIdentifierExtension or null (if no such extension)
* @throws IOException on error
*/
public AuthorityKeyIdentifierExtension getAuthKeyIdExtension()
throws IOException {
Object obj = getExtension(PKIXExtensions.AuthorityKey_Id);
return (AuthorityKeyIdentifierExtension)obj;
public AuthorityKeyIdentifierExtension getAuthKeyIdExtension() {
return (AuthorityKeyIdentifierExtension)
getExtension(PKIXExtensions.AuthorityKey_Id);
}
/**
* return the CRLNumberExtension, if any.
*
* @return CRLNumberExtension or null (if no such extension)
* @throws IOException on error
*/
public CRLNumberExtension getCRLNumberExtension() throws IOException {
Object obj = getExtension(PKIXExtensions.CRLNumber_Id);
return (CRLNumberExtension)obj;
public CRLNumberExtension getCRLNumberExtension() {
return (CRLNumberExtension)
getExtension(PKIXExtensions.CRLNumber_Id);
}
/**
* return the CRL number from the CRLNumberExtension, if any.
*
* @return number or null (if no such extension)
* @throws IOException on error
*/
public BigInteger getCRLNumber() throws IOException {
public BigInteger getCRLNumber() {
CRLNumberExtension numExt = getCRLNumberExtension();
if (numExt != null) {
return numExt.get(CRLNumberExtension.NUMBER);
return numExt.getCrlNumber();
} else {
return null;
}
@ -892,25 +882,21 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
* return the DeltaCRLIndicatorExtension, if any.
*
* @return DeltaCRLIndicatorExtension or null (if no such extension)
* @throws IOException on error
*/
public DeltaCRLIndicatorExtension getDeltaCRLIndicatorExtension()
throws IOException {
Object obj = getExtension(PKIXExtensions.DeltaCRLIndicator_Id);
return (DeltaCRLIndicatorExtension)obj;
public DeltaCRLIndicatorExtension getDeltaCRLIndicatorExtension() {
return (DeltaCRLIndicatorExtension)
getExtension(PKIXExtensions.DeltaCRLIndicator_Id);
}
/**
* return the base CRL number from the DeltaCRLIndicatorExtension, if any.
*
* @return number or null (if no such extension)
* @throws IOException on error
*/
public BigInteger getBaseCRLNumber() throws IOException {
public BigInteger getBaseCRLNumber() {
DeltaCRLIndicatorExtension dciExt = getDeltaCRLIndicatorExtension();
if (dciExt != null) {
return dciExt.get(DeltaCRLIndicatorExtension.NUMBER);
return dciExt.getCrlNumber();
} else {
return null;
}
@ -920,12 +906,10 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
* return the IssuerAlternativeNameExtension, if any.
*
* @return IssuerAlternativeNameExtension or null (if no such extension)
* @throws IOException on error
*/
public IssuerAlternativeNameExtension getIssuerAltNameExtension()
throws IOException {
Object obj = getExtension(PKIXExtensions.IssuerAlternativeName_Id);
return (IssuerAlternativeNameExtension)obj;
public IssuerAlternativeNameExtension getIssuerAltNameExtension() {
return (IssuerAlternativeNameExtension)
getExtension(PKIXExtensions.IssuerAlternativeName_Id);
}
/**
@ -933,13 +917,11 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
*
* @return IssuingDistributionPointExtension or null
* (if no such extension)
* @throws IOException on error
*/
public IssuingDistributionPointExtension
getIssuingDistributionPointExtension() throws IOException {
Object obj = getExtension(PKIXExtensions.IssuingDistributionPoint_Id);
return (IssuingDistributionPointExtension) obj;
getIssuingDistributionPointExtension() {
return (IssuingDistributionPointExtension)
getExtension(PKIXExtensions.IssuingDistributionPoint_Id);
}
/**
@ -1022,7 +1004,7 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
}
}
} else
crlExt = extensions.get(extAlias);
crlExt = extensions.getExtension(extAlias);
if (crlExt == null)
return null;
byte[] extData = crlExt.getExtensionValue();
@ -1047,7 +1029,7 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
return null;
// XXX Consider cloning this
return extensions.get(OIDMap.getName(oid));
return extensions.getExtension(OIDMap.getName(oid));
}
/*
@ -1239,12 +1221,12 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
* prevCertIssuer if it does not exist
*/
private X500Principal getCertIssuer(X509CRLEntryImpl entry,
X500Principal prevCertIssuer) throws IOException {
X500Principal prevCertIssuer) {
CertificateIssuerExtension ciExt =
entry.getCertificateIssuerExtension();
if (ciExt != null) {
GeneralNames names = ciExt.get(CertificateIssuerExtension.ISSUER);
GeneralNames names = ciExt.getNames();
X500Name issuerDN = (X500Name) names.get(0).getName();
return issuerDN.asX500Principal();
} else {

320
src/java.base/share/classes/sun/security/x509/X509CertImpl.java
View file

@ -77,45 +77,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
@java.io.Serial
private static final long serialVersionUID = -3457612960190864406L;
private static final char DOT = '.';
/**
* Public attribute names.
*/
public static final String NAME = "x509";
public static final String INFO = X509CertInfo.NAME;
public static final String ALG_ID = "algorithm";
public static final String SIGNATURE = "signature";
public static final String SIGNED_CERT = "signed_cert";
/**
* The following are defined for ease-of-use. These
* are the most frequently retrieved attributes.
*/
// x509.info.subject.dname
public static final String SUBJECT_DN = NAME + DOT + INFO + DOT +
X509CertInfo.SUBJECT + DOT + X509CertInfo.DN_NAME;
// x509.info.issuer.dname
public static final String ISSUER_DN = NAME + DOT + INFO + DOT +
X509CertInfo.ISSUER + DOT + X509CertInfo.DN_NAME;
// x509.info.serialNumber.number
public static final String SERIAL_ID = NAME + DOT + INFO + DOT +
X509CertInfo.SERIAL_NUMBER + DOT +
CertificateSerialNumber.NUMBER;
// x509.info.key.value
public static final String PUBLIC_KEY = NAME + DOT + INFO + DOT +
X509CertInfo.KEY + DOT +
CertificateX509Key.KEY;
// x509.info.version.value
public static final String VERSION = NAME + DOT + INFO + DOT +
X509CertInfo.VERSION + DOT +
CertificateVersion.VERSION;
// x509.algorithm
public static final String SIG_ALG = NAME + DOT + ALG_ID;
// x509.signature
public static final String SIG = NAME + DOT + SIGNATURE;
// when we sign and decode we set this to true
// this is our means to make certificates immutable
@ -555,8 +517,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
DerOutputStream tmp = new DerOutputStream();
// encode certificate info
info.set(X509CertInfo.ALGORITHM_ID,
new CertificateAlgorithmId(algId));
info.setAlgorithmId(new CertificateAlgorithmId(algId));
info.encode(tmp);
byte[] rawCert = tmp.toByteArray();
@ -610,7 +571,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
CertificateValidity interval;
try {
interval = (CertificateValidity)info.get(CertificateValidity.NAME);
interval = info.getValidity();
} catch (Exception e) {
throw new CertificateNotYetValidException("Incorrect validity period");
}
@ -625,93 +586,11 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* Note that the X509CertInfo is not cloned for performance reasons.
* Callers must ensure that they do not modify it. All other
* attributes are cloned.
*
* @param name the name of the attribute.
* @exception CertificateParsingException on invalid attribute identifier.
*/
public Object get(String name)
throws CertificateParsingException {
X509AttributeName attr = new X509AttributeName(name);
String id = attr.getPrefix();
if (!(id.equalsIgnoreCase(NAME))) {
throw new CertificateParsingException("Invalid root of "
+ "attribute name, expected [" + NAME +
"], received " + "[" + id + "]");
}
attr = new X509AttributeName(attr.getSuffix());
id = attr.getPrefix();
if (id.equalsIgnoreCase(INFO)) {
if (info == null) {
return null;
}
if (attr.getSuffix() != null) {
try {
return info.get(attr.getSuffix());
} catch (IOException | CertificateException e) {
throw new CertificateParsingException(e.toString());
}
} else {
public X509CertInfo getInfo() {
return info;
}
} else if (id.equalsIgnoreCase(ALG_ID)) {
return(algId);
} else if (id.equalsIgnoreCase(SIGNATURE)) {
if (signature != null)
return signature.clone();
else
return null;
} else if (id.equalsIgnoreCase(SIGNED_CERT)) {
if (signedCert != null)
return signedCert.clone();
else
return null;
} else {
throw new CertificateParsingException("Attribute name not "
+ "recognized or get() not allowed for the same: " + id);
}
}
/**
* Set the requested attribute in the certificate.
*
* @param name the name of the attribute.
* @param obj the value of the attribute.
* @exception CertificateException on invalid attribute identifier.
* @exception IOException on encoding error of attribute.
*/
public void set(String name, Object obj)
throws CertificateException, IOException {
// check if immutable
if (readOnly)
throw new CertificateException("cannot over-write existing"
+ " certificate");
X509AttributeName attr = new X509AttributeName(name);
String id = attr.getPrefix();
if (!(id.equalsIgnoreCase(NAME))) {
throw new CertificateException("Invalid root of attribute name,"
+ " expected [" + NAME + "], received " + id);
}
attr = new X509AttributeName(attr.getSuffix());
id = attr.getPrefix();
if (id.equalsIgnoreCase(INFO)) {
if (attr.getSuffix() == null) {
if (!(obj instanceof X509CertInfo)) {
throw new CertificateException("Attribute value should"
+ " be of type X509CertInfo.");
}
info = (X509CertInfo)obj;
} else {
info.set(attr.getSuffix(), obj);
}
signedCert = null; //reset this as certificate data has changed
} else {
throw new CertificateException("Attribute name not recognized or " +
"set() not allowed for the same: " + id);
}
}
/**
* Returns a printable representation of the certificate. This does not
@ -739,12 +618,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public PublicKey getPublicKey() {
if (info == null)
return null;
try {
return (PublicKey)info.get(CertificateX509Key.NAME
+ DOT + CertificateX509Key.KEY);
} catch (Exception e) {
return null;
}
return info.getKey().getKey();
}
/**
@ -756,8 +630,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
if (info == null)
return -1;
try {
int vers = ((Integer)info.get(CertificateVersion.NAME
+ DOT + CertificateVersion.VERSION)).intValue();
int vers = info.getVersion().getVersion();
return vers + 1;
} catch (Exception e) {
return -1;
@ -784,13 +657,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public SerialNumber getSerialNumberObject() {
if (info == null)
return null;
try {
return (SerialNumber)info.get(
CertificateSerialNumber.NAME + DOT +
CertificateSerialNumber.NUMBER);
} catch (Exception e) {
return null;
}
return info.getSerialNumber().getSerial();
}
@ -803,12 +670,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public Principal getSubjectDN() {
if (info == null)
return null;
try {
return (Principal)info.get(X509CertInfo.SUBJECT + DOT +
X509CertInfo.DN_NAME);
} catch (Exception e) {
return null;
}
return info.getSubject();
}
/**
@ -821,9 +683,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
return null;
}
try {
return (X500Principal)info.get(
X509CertInfo.SUBJECT + DOT +
"x500principal");
return info.getSubject().asX500Principal();
} catch (Exception e) {
return null;
}
@ -838,12 +698,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public Principal getIssuerDN() {
if (info == null)
return null;
try {
return (Principal)info.get(X509CertInfo.ISSUER + DOT +
X509CertInfo.DN_NAME);
} catch (Exception e) {
return null;
}
return info.getIssuer();
}
/**
@ -856,9 +711,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
return null;
}
try {
return (X500Principal)info.get(
X509CertInfo.ISSUER + DOT +
"x500principal");
return info.getIssuer().asX500Principal();
} catch (Exception e) {
return null;
}
@ -872,12 +725,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public Date getNotBefore() {
if (info == null)
return null;
try {
return (Date) info.get(CertificateValidity.NAME + DOT +
CertificateValidity.NOT_BEFORE);
} catch (Exception e) {
return null;
}
return info.getValidity().getNotBefore();
}
/**
@ -888,12 +736,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public Date getNotAfter() {
if (info == null)
return null;
try {
return (Date) info.get(CertificateValidity.NAME + DOT +
CertificateValidity.NOT_AFTER);
} catch (Exception e) {
return null;
}
return info.getValidity().getNotAfter();
}
/**
@ -932,7 +775,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public String getSigAlgName() {
if (algId == null)
return null;
return (algId.getName());
return algId.getName();
}
/**
@ -945,7 +788,11 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
if (algId == null)
return null;
ObjectIdentifier oid = algId.getOID();
return (oid.toString());
return oid.toString();
}
public AlgorithmId getSigAlg() {
return algId;
}
/**
@ -967,16 +814,11 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public boolean[] getIssuerUniqueID() {
if (info == null)
return null;
try {
UniqueIdentity id = (UniqueIdentity)info.get(
X509CertInfo.ISSUER_ID);
UniqueIdentity id = info.getIssuerUniqueId();
if (id == null)
return null;
else
return (id.getId());
} catch (Exception e) {
return null;
}
return id.getId();
}
/**
@ -987,26 +829,18 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public boolean[] getSubjectUniqueID() {
if (info == null)
return null;
try {
UniqueIdentity id = (UniqueIdentity)info.get(
X509CertInfo.SUBJECT_ID);
UniqueIdentity id = info.getSubjectUniqueId();
if (id == null)
return null;
else
return (id.getId());
} catch (Exception e) {
return null;
}
return id.getId();
}
public KeyIdentifier getAuthKeyId() {
AuthorityKeyIdentifierExtension aki
= getAuthorityKeyIdentifierExtension();
if (aki != null) {
try {
return (KeyIdentifier)aki.get(
AuthorityKeyIdentifierExtension.KEY_ID);
} catch (IOException ioe) {} // not possible
return aki.getKeyIdentifier();
}
return null;
}
@ -1017,9 +851,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public KeyIdentifier getSubjectKeyId() {
SubjectKeyIdentifierExtension ski = getSubjectKeyIdentifierExtension();
if (ski != null) {
try {
return ski.get(SubjectKeyIdentifierExtension.KEY_ID);
} catch (IOException ioe) {} // not possible
return ski.getKeyIdentifier();
}
return null;
}
@ -1151,15 +983,10 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public boolean hasUnsupportedCriticalExtension() {
if (info == null)
return false;
try {
CertificateExtensions exts = (CertificateExtensions)info.get(
CertificateExtensions.NAME);
CertificateExtensions exts = info.getExtensions();
if (exts == null)
return false;
return exts.hasUnsupportedCriticalExtension();
} catch (Exception e) {
return false;
}
}
/**
@ -1175,8 +1002,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
return null;
}
try {
CertificateExtensions exts = (CertificateExtensions)info.get(
CertificateExtensions.NAME);
CertificateExtensions exts = info.getExtensions();
if (exts == null) {
return null;
}
@ -1205,8 +1031,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
return null;
}
try {
CertificateExtensions exts = (CertificateExtensions)info.get(
CertificateExtensions.NAME);
CertificateExtensions exts = info.getExtensions();
if (exts == null) {
return null;
}
@ -1234,13 +1059,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
if (info == null) {
return null;
}
try {
CertificateExtensions extensions;
try {
extensions = (CertificateExtensions)info.get(CertificateExtensions.NAME);
} catch (CertificateException ce) {
return null;
}
CertificateExtensions extensions = info.getExtensions();
if (extensions != null) {
Extension ex = extensions.getExtension(oid.toString());
if (ex != null) {
@ -1255,30 +1074,18 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
/* no such extension in this certificate */
}
return null;
} catch (IOException ioe) {
return null;
}
}
public Extension getUnparseableExtension(ObjectIdentifier oid) {
if (info == null) {
return null;
}
try {
CertificateExtensions extensions;
try {
extensions = (CertificateExtensions)info.get(CertificateExtensions.NAME);
} catch (CertificateException ce) {
return null;
}
CertificateExtensions extensions = info.getExtensions();
if (extensions == null) {
return null;
} else {
return extensions.getUnparseableExtensions().get(oid.toString());
}
} catch (IOException ioe) {
return null;
}
}
/**
@ -1292,8 +1099,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
ObjectIdentifier findOID = ObjectIdentifier.of(oid);
String extAlias = OIDMap.getName(findOID);
Extension certExt = null;
CertificateExtensions exts = (CertificateExtensions)info.get(
CertificateExtensions.NAME);
CertificateExtensions exts = info.getExtensions();
if (extAlias == null) { // may be unknown
// get the extensions, search through' for this oid
@ -1309,11 +1115,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
}
}
} else { // there's subclass that can handle this extension
try {
certExt = (Extension)this.get(extAlias);
} catch (CertificateException e) {
// get() throws an Exception instead of returning null, ignore
}
certExt = getInfo().getExtensions().getExtension(extAlias);
}
if (certExt == null) {
if (exts != null) {
@ -1342,11 +1144,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
*/
public boolean[] getKeyUsage() {
try {
String extAlias = OIDMap.getName(PKIXExtensions.KeyUsage_Id);
if (extAlias == null)
return null;
KeyUsageExtension certExt = (KeyUsageExtension)this.get(extAlias);
KeyUsageExtension certExt = (KeyUsageExtension)
getInfo().getExtensions().getExtension(KeyUsageExtension.NAME);
if (certExt == null)
return null;
@ -1435,18 +1234,12 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
*/
public int getBasicConstraints() {
try {
String extAlias = OIDMap.getName(PKIXExtensions.BasicConstraints_Id);
if (extAlias == null)
return -1;
BasicConstraintsExtension certExt =
(BasicConstraintsExtension)this.get(extAlias);
BasicConstraintsExtension certExt = getBasicConstraintsExtension();
if (certExt == null)
return -1;
if (((Boolean) certExt.get(BasicConstraintsExtension.IS_CA)).
booleanValue())
return ((Integer)certExt.get(
BasicConstraintsExtension.PATH_LEN)).intValue();
if (certExt.isCa())
return certExt.getPathLen();
else
return -1;
} catch (Exception e) {
@ -1577,14 +1370,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
if (subjectAltNameExt == null) {
return null;
}
GeneralNames names;
try {
names = subjectAltNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
} catch (IOException ioe) {
// should not occur
return Collections.emptySet();
}
GeneralNames names = subjectAltNameExt.getNames();
subjectAlternativeNames = makeAltNames(names);
return subjectAlternativeNames;
}
@ -1610,14 +1396,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
new SubjectAlternativeNameExtension(Boolean.FALSE,
data);
GeneralNames names;
try {
names = subjectAltNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
} catch (IOException ioe) {
// should not occur
return Collections.emptySet();
}
GeneralNames names = subjectAltNameExt.getNames();
return makeAltNames(names);
} catch (IOException ioe) {
throw new CertificateParsingException(ioe);
@ -1643,14 +1422,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
if (issuerAltNameExt == null) {
return null;
}
GeneralNames names;
try {
names = issuerAltNameExt.get(
IssuerAlternativeNameExtension.ISSUER_NAME);
} catch (IOException ioe) {
// should not occur
return Collections.emptySet();
}
GeneralNames names = issuerAltNameExt.getNames();
issuerAlternativeNames = makeAltNames(names);
return issuerAlternativeNames;
}
@ -1676,14 +1448,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
IssuerAlternativeNameExtension issuerAltNameExt =
new IssuerAlternativeNameExtension(Boolean.FALSE,
data);
GeneralNames names;
try {
names = issuerAltNameExt.get(
IssuerAlternativeNameExtension.ISSUER_NAME);
} catch (IOException ioe) {
// should not occur
return Collections.emptySet();
}
GeneralNames names = issuerAltNameExt.getNames();
return makeAltNames(names);
} catch (IOException ioe) {
throw new CertificateParsingException(ioe);
@ -1746,10 +1511,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
info = new X509CertInfo(seq[0]);
// the "inner" and "outer" signature algorithms must match
AlgorithmId infoSigAlg = (AlgorithmId)info.get(
CertificateAlgorithmId.NAME
+ DOT +
CertificateAlgorithmId.ALGORITHM);
AlgorithmId infoSigAlg = info.getAlgorithmId().getAlgId();
if (! algId.equals(infoSigAlg))
throw new CertificateException("Signature algorithm mismatch");
readOnly = true;

355
src/java.base/share/classes/sun/security/x509/X509CertInfo.java
View file

@ -61,12 +61,8 @@ import sun.security.util.HexDumpEncoder;
* @see CertAttrSet
* @see X509CertImpl
*/
public class X509CertInfo implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info";
public class X509CertInfo {
// Certificate attribute names
public static final String NAME = "info";
public static final String DN_NAME = "dname";
@ -97,36 +93,9 @@ public class X509CertInfo implements CertAttrSet<String> {
// X509.v3 extensions
protected CertificateExtensions extensions = null;
// Attribute numbers for internal manipulation
private static final int ATTR_VERSION = 1;
private static final int ATTR_SERIAL = 2;
private static final int ATTR_ALGORITHM = 3;
private static final int ATTR_ISSUER = 4;
private static final int ATTR_VALIDITY = 5;
private static final int ATTR_SUBJECT = 6;
private static final int ATTR_KEY = 7;
private static final int ATTR_ISSUER_ID = 8;
private static final int ATTR_SUBJECT_ID = 9;
private static final int ATTR_EXTENSIONS = 10;
// DER encoded CertificateInfo data
private byte[] rawCertInfo = null;
// The certificate attribute name to integer mapping stored here
private static final Map<String,Integer> map = new HashMap<>();
static {
map.put(VERSION, Integer.valueOf(ATTR_VERSION));
map.put(SERIAL_NUMBER, Integer.valueOf(ATTR_SERIAL));
map.put(ALGORITHM_ID, Integer.valueOf(ATTR_ALGORITHM));
map.put(ISSUER, Integer.valueOf(ATTR_ISSUER));
map.put(VALIDITY, Integer.valueOf(ATTR_VALIDITY));
map.put(SUBJECT, Integer.valueOf(ATTR_SUBJECT));
map.put(KEY, Integer.valueOf(ATTR_KEY));
map.put(ISSUER_ID, Integer.valueOf(ATTR_ISSUER_ID));
map.put(SUBJECT_ID, Integer.valueOf(ATTR_SUBJECT_ID));
map.put(EXTENSIONS, Integer.valueOf(ATTR_EXTENSIONS));
}
/**
* Construct an uninitialized X509CertInfo on which <a href="#decode">
* decode</a> must later be called (or which may be deserialized).
@ -178,7 +147,6 @@ public class X509CertInfo implements CertAttrSet<String> {
* @exception CertificateException on encoding errors.
* @exception IOException on other errors.
*/
@Override
public void encode(DerOutputStream out)
throws CertificateException, IOException {
if (rawCertInfo == null) {
@ -232,18 +200,18 @@ public class X509CertInfo implements CertAttrSet<String> {
*/
public boolean equals(X509CertInfo other) {
if (this == other) {
return(true);
return true;
} else if (rawCertInfo == null || other.rawCertInfo == null) {
return(false);
return false;
} else if (rawCertInfo.length != other.rawCertInfo.length) {
return(false);
return false;
}
for (int i = 0; i < rawCertInfo.length; i++) {
if (rawCertInfo[i] != other.rawCertInfo[i]) {
return(false);
return false;
}
}
return(true);
return true;
}
/**
@ -256,7 +224,7 @@ public class X509CertInfo implements CertAttrSet<String> {
for (int i = 1; i < rawCertInfo.length; i++) {
retval += rawCertInfo[i] * i;
}
return(retval);
return retval;
}
/**
@ -331,175 +299,24 @@ public class X509CertInfo implements CertAttrSet<String> {
return sb.toString();
}
/**
* Set the certificate attribute.
*
* @param name the name of the Certificate attribute.
* @param val the value of the Certificate attribute.
* @exception CertificateException on invalid attributes.
* @exception IOException on other errors.
*/
public void set(String name, Object val)
throws CertificateException, IOException {
X509AttributeName attrName = new X509AttributeName(name);
int attr = attributeMap(attrName.getPrefix());
if (attr == 0) {
throw new CertificateException("Attribute name not recognized: "
+ name);
}
// set rawCertInfo to null, so that we are forced to re-encode
rawCertInfo = null;
String suffix = attrName.getSuffix();
switch (attr) {
case ATTR_VERSION:
if (suffix == null) {
setVersion(val);
} else {
version.set(suffix, val);
}
break;
case ATTR_SERIAL:
if (suffix == null) {
setSerialNumber(val);
} else {
serialNum.set(suffix, val);
}
break;
case ATTR_ALGORITHM:
if (suffix == null) {
setAlgorithmId(val);
} else {
algId.set(suffix, val);
}
break;
case ATTR_ISSUER:
setIssuer(val);
break;
case ATTR_VALIDITY:
if (suffix == null) {
setValidity(val);
} else {
interval.set(suffix, val);
}
break;
case ATTR_SUBJECT:
setSubject(val);
break;
case ATTR_KEY:
if (suffix == null) {
setKey(val);
} else {
pubKey.set(suffix, val);
}
break;
case ATTR_ISSUER_ID:
setIssuerUniqueId(val);
break;
case ATTR_SUBJECT_ID:
setSubjectUniqueId(val);
break;
case ATTR_EXTENSIONS:
if (suffix == null) {
setExtensions(val);
} else {
if (extensions == null)
extensions = new CertificateExtensions();
extensions.set(suffix, val);
}
break;
}
public CertificateExtensions getExtensions() {
return extensions;
}
public UniqueIdentity getIssuerUniqueId() {
return issuerUniqueId;
}
/**
* Get the certificate attribute.
*
* @param name the name of the Certificate attribute.
*
* @exception CertificateException on invalid attributes.
* @exception IOException on other errors.
*/
public Object get(String name)
throws CertificateException, IOException {
X509AttributeName attrName = new X509AttributeName(name);
public UniqueIdentity getSubjectUniqueId() {
return subjectUniqueId;
}
int attr = attributeMap(attrName.getPrefix());
if (attr == 0) {
throw new CertificateParsingException(
"Attribute name not recognized: " + name);
public X500Name getIssuer() {
return issuer;
}
String suffix = attrName.getSuffix();
switch (attr) { // frequently used attributes first
case (ATTR_EXTENSIONS):
if (suffix == null) {
return(extensions);
} else {
if (extensions == null) {
return null;
} else {
return(extensions.get(suffix));
}
}
case (ATTR_SUBJECT):
if (suffix == null) {
return(subject);
} else {
return(getX500Name(suffix, false));
}
case (ATTR_ISSUER):
if (suffix == null) {
return(issuer);
} else {
return(getX500Name(suffix, true));
}
case (ATTR_KEY):
if (suffix == null) {
return(pubKey);
} else {
return(pubKey.get(suffix));
}
case (ATTR_ALGORITHM):
if (suffix == null) {
return(algId);
} else {
return(algId.get(suffix));
}
case (ATTR_VALIDITY):
if (suffix == null) {
return(interval);
} else {
return(interval.get(suffix));
}
case (ATTR_VERSION):
if (suffix == null) {
return(version);
} else {
return(version.get(suffix));
}
case (ATTR_SERIAL):
if (suffix == null) {
return(serialNum);
} else {
return(serialNum.get(suffix));
}
case (ATTR_ISSUER_ID):
return(issuerUniqueId);
case (ATTR_SUBJECT_ID):
return(subjectUniqueId);
}
return null;
public X500Name getSubject() {
return subject;
}
/*
@ -621,18 +438,15 @@ public class X509CertInfo implements CertAttrSet<String> {
"incomplete: subject field is empty, and certificate " +
"has no extensions");
}
SubjectAlternativeNameExtension subjectAltNameExt;
GeneralNames names;
try {
subjectAltNameExt = (SubjectAlternativeNameExtension)
extensions.get(SubjectAlternativeNameExtension.NAME);
names = subjectAltNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
} catch (IOException e) {
SubjectAlternativeNameExtension subjectAltNameExt =
(SubjectAlternativeNameExtension)
extensions.getExtension(SubjectAlternativeNameExtension.NAME);
if (subjectAltNameExt == null) {
throw new CertificateParsingException("X.509 Certificate is " +
"incomplete: subject field is empty, and " +
"SubjectAlternativeName extension is absent");
}
GeneralNames names = subjectAltNameExt.getNames();
// SubjectAlternativeName extension is empty or not marked critical
if (names == null || names.isEmpty()) {
@ -697,28 +511,20 @@ public class X509CertInfo implements CertAttrSet<String> {
out.write(DerValue.tag_Sequence, tmp);
}
/**
* Returns the integer attribute number for the passed attribute name.
*/
private int attributeMap(String name) {
Integer num = map.get(name);
if (num == null) {
return 0;
}
return num.intValue();
}
/**
* Set the version number of the certificate.
*
* @param val the Object class value for the Extensions
* @exception CertificateException on invalid data.
*/
private void setVersion(Object val) throws CertificateException {
if (!(val instanceof CertificateVersion)) {
throw new CertificateException("Version class type invalid.");
public void setVersion(CertificateVersion val) {
// set rawCertInfo to null, so that we are forced to re-encode
rawCertInfo = null;
version = val;
}
version = (CertificateVersion)val;
public CertificateVersion getVersion() {
return version;
}
/**
@ -727,11 +533,14 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the CertificateSerialNumber
* @exception CertificateException on invalid data.
*/
private void setSerialNumber(Object val) throws CertificateException {
if (!(val instanceof CertificateSerialNumber)) {
throw new CertificateException("SerialNumber class type invalid.");
public void setSerialNumber(CertificateSerialNumber val) {
// set rawCertInfo to null, so that we are forced to re-encode
rawCertInfo = null;
serialNum = val;
}
serialNum = (CertificateSerialNumber)val;
public CertificateSerialNumber getSerialNumber() {
return serialNum;
}
/**
@ -740,12 +549,14 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the AlgorithmId
* @exception CertificateException on invalid data.
*/
private void setAlgorithmId(Object val) throws CertificateException {
if (!(val instanceof CertificateAlgorithmId)) {
throw new CertificateException(
"AlgorithmId class type invalid.");
public void setAlgorithmId(CertificateAlgorithmId val) {
// set rawCertInfo to null, so that we are forced to re-encode
rawCertInfo = null;
algId = val;
}
algId = (CertificateAlgorithmId)val;
public CertificateAlgorithmId getAlgorithmId() {
return algId;
}
/**
@ -754,12 +565,10 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the issuer
* @exception CertificateException on invalid data.
*/
private void setIssuer(Object val) throws CertificateException {
if (!(val instanceof X500Name)) {
throw new CertificateException(
"Issuer class type invalid.");
}
issuer = (X500Name)val;
public void setIssuer(X500Name val) {
// set rawCertInfo to null, so that we are forced to re-encode
rawCertInfo = null;
issuer = val;
}
/**
@ -768,12 +577,14 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the CertificateValidity
* @exception CertificateException on invalid data.
*/
private void setValidity(Object val) throws CertificateException {
if (!(val instanceof CertificateValidity)) {
throw new CertificateException(
"CertificateValidity class type invalid.");
public void setValidity(CertificateValidity val) {
// set rawCertInfo to null, so that we are forced to re-encode
rawCertInfo = null;
interval = val;
}
interval = (CertificateValidity)val;
public CertificateValidity getValidity() {
return interval;
}
/**
@ -782,12 +593,10 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the Subject
* @exception CertificateException on invalid data.
*/
private void setSubject(Object val) throws CertificateException {
if (!(val instanceof X500Name)) {
throw new CertificateException(
"Subject class type invalid.");
}
subject = (X500Name)val;
public void setSubject(X500Name val) throws CertificateException {
// set rawCertInfo to null, so that we are forced to re-encode
rawCertInfo = null;
subject = val;
}
/**
@ -796,12 +605,14 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the PublicKey
* @exception CertificateException on invalid data.
*/
private void setKey(Object val) throws CertificateException {
if (!(val instanceof CertificateX509Key)) {
throw new CertificateException(
"Key class type invalid.");
public void setKey(CertificateX509Key val) {
// set rawCertInfo to null, so that we are forced to re-encode
rawCertInfo = null;
pubKey = val;
}
pubKey = (CertificateX509Key)val;
public CertificateX509Key getKey() {
return pubKey;
}
/**
@ -810,15 +621,13 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the IssuerUniqueId
* @exception CertificateException
*/
private void setIssuerUniqueId(Object val) throws CertificateException {
public void setIssuerUniqueId(UniqueIdentity val) throws CertificateException {
// set rawCertInfo to null, so that we are forced to re-encode
rawCertInfo = null;
if (version.compare(CertificateVersion.V2) < 0) {
throw new CertificateException("Invalid version");
}
if (!(val instanceof UniqueIdentity)) {
throw new CertificateException(
"IssuerUniqueId class type invalid.");
}
issuerUniqueId = (UniqueIdentity)val;
issuerUniqueId = val;
}
/**
@ -827,15 +636,13 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the SubjectUniqueId
* @exception CertificateException
*/
private void setSubjectUniqueId(Object val) throws CertificateException {
public void setSubjectUniqueId(UniqueIdentity val) throws CertificateException {
// set rawCertInfo to null, so that we are forced to re-encode
rawCertInfo = null;
if (version.compare(CertificateVersion.V2) < 0) {
throw new CertificateException("Invalid version");
}
if (!(val instanceof UniqueIdentity)) {
throw new CertificateException(
"SubjectUniqueId class type invalid.");
}
subjectUniqueId = (UniqueIdentity)val;
subjectUniqueId = val;
}
/**
@ -844,14 +651,12 @@ public class X509CertInfo implements CertAttrSet<String> {
* @param val the Object class value for the Extensions
* @exception CertificateException
*/
private void setExtensions(Object val) throws CertificateException {
public void setExtensions(CertificateExtensions val) throws CertificateException {
// set rawCertInfo to null, so that we are forced to re-encode
rawCertInfo = null;
if (version.compare(CertificateVersion.V3) < 0) {
throw new CertificateException("Invalid version");
}
if (!(val instanceof CertificateExtensions)) {
throw new CertificateException(
"Extensions class type invalid.");
}
extensions = (CertificateExtensions)val;
extensions = val;
}
}

245
src/java.base/share/classes/sun/security/x509/certAttributes.html
View file

@ -1,245 +0,0 @@
<HTML>
<BODY>
<HEAD>
<TITLE>Certificate Attributes</TITLE>
</HEAD>
<h2><center>Certificate Attributes</center></h2>
<font size=3><center>July 1998</font></center>
<p>
In JDK1.2 we provide an implementation of X.509 (version 3).
The X509CertImpl class supports the following methods to
manipulate the various attributes of a certificate:
<pre>
Object get(String name), and
void set(String name, Object value)
</pre>
A list of all the X.509 v3 Certificate attributes that can be manipulated
is provided in the following table.
For example, if you want to get the signature component of
the certificate:
<pre>
X509CertImpl cert;
// get the certificate object
byte[] sig = (byte[])cert.get("x509.signature");
// using the fully-qualified identifier
OR
byte[] sig = (byte[])cert.get(X509CertImpl.SIG);
// using defined constants
</pre>
<p>
<table border=1>
<caption>sun.security.x509.X509CertImpl</caption>
<tr>
<td><strong>Attribute</strong></td>
<td><strong>Fully-qualified identifier</strong></td>
<td><strong>Defined constants</strong></td>
<td><strong>Type of Object returned</strong><br>
(in sun.security.x509 unless fully-qualified)</td>
</tr>
<tr>
<td>signatureAlgorithm</td>
<td>x509.algorithm</td>
<td>X509CertImpl.SIG_ALG</td>
<td>AlgorithmId</td>
</tr>
<tr>
<td>signature</td>
<td>x509.signature</td>
<td>X509CertImpl.SIG</td>
<td>byte[]</td>
</tr>
<tr>
<td>tbsCertificate</td>
<td>x509.info</td>
<td>X509CertInfo.IDENT</td>
<td>X509CertInfo</td>
</tr>
<tr>
<td>version</td>
<td>x509.info.version<br>
x509.info.version.number</td>
<td>CertificateVersion.IDENT<br>
none</td>
<td>CertificateVersion<br>
java.lang.Integer</td>
</tr>
<tr>
<td>serialNumber</td>
<td>x509.info.serialNumber<br>
x509.info.serialNumber.number</td>
<td>CertificateSerialNumber.IDENT<br>
X509CertImpl.SERIAL_ID</td>
<td>CertificateSerialNumber<br>
SerialNumber</td>
</tr>
<tr>
<td>signature</td>
<td>x509.info.algorithmID<br>
x509.info.algorithmID.algorithm</td>
<td>CertificateAlgorithmId.IDENT<br>
none</td>
<td>CertificateAlgorithmId<br>
AlgorithmId</td>
</tr>
<tr>
<td>issuer</td>
<td>x509.info.issuer<br>
x509.info.issuer.dname</td>
<td>none<br>
X509CertImpl.ISSUER_DN</td>
<td>X500Name<br>
X500Name</td>
</tr>
<tr>
<td>validity<br>
validity.notAfter<br>
validity.notBefore</td>
<td>x509.info.validity<br>
x509.info.validity.notAfter<br>
x509.info.validity.notBefore</td>
<td>CertificateValidity.IDENT<br>
none<br>
none</td>
<td>CertificateValidity<br>
java.util.Date<br>
java.util.Date</td>
</tr>
<tr>
<td>subject</td>
<td>x509.info.subject<br>
x509.info.subject.dname</td>
<td>none<br>
X509CertImpl.SUBJECT_DN</td>
<td>X500Name<br>
X500Name</td>
</tr>
<tr>
<td>subjectPublicKeyInfo</td>
<td>x509.info.key<br>
x509.info.key.value</td>
<td>CertificateX509Key.IDENT<br>
X509CertImpl.PUBLIC_KEY</td>
<td>CertificateX509Key<br>
X509Key</td>
</tr>
<tr>
<td>issuerUniqueID</td>
<td>x509.info.issuerID<br>
x509.info.issuerID.id</td>
<td>none<br>
none</td>
<td>UniqueIdentity<br>
UniqueIdentity</td>
</tr>
<tr>
<td>subjectUniqueID</td>
<td>x509.info.subjectID<br>
x509.info.subjectID.id</td>
<td>none<br>
none</td>
<td>UniqueIdentity<br>
UniqueIdentity</td>
</tr>
<tr>
<td>extensions</td>
<td>x509.info.extensions</td>
<td>CertificateExtensions.IDENT</td>
<td>CertificateExtensions</td>
</tr>
</table>
<br>
<br>
<table border=1>
<caption>X.509 V3 certificate extensions</caption>
<tr>
<td><strong>Extension</strong></td>
<td><strong>Extension attribute identifier</strong></td>
<td><strong>Short form</strong></td>
<td><strong>Type of Object returned</strong></td>
</tr>
<tr>
<td>Authority Key Identifier</td>
<td>x509.info.extensions.AuthorityKeyIdentifier</td>
<td>AuthorityKeyIdentifierExtension.IDENT</td>
<td>AuthorityKeyIdentifierExtension</td>
</tr>
<tr>
<td>Subject Key Identifier</td>
<td>x509.info.extensions.SubjectKeyIdentifier</td>
<td>SubjectKeyIdentifierExtension.IDENT</td>
<td>SubjectKeyIdentifierExtension</td>
</tr>
<tr>
<td>Key Usage</td>
<td>x509.info.extensions.KeyUsage</td>
<td>KeyUsageExtension.IDENT</td>
<td>KeyUsageExtension</td>
</tr>
<tr>
<td>Private Key Usage Period</td>
<td>x509.info.extensions.PrivateKeyUsage</td>
<td>PrivateKeyUsageExtension.IDENT</td>
<td>PrivateKeyUsageExtension</td>
</tr>
<tr>
<td>Policy Mappings</td>
<td>x509.info.extensions.PolicyMappings</td>
<td>PolicyMappingsExtension.IDENT</td>
<td>PolicyMappingsExtension</td>
</tr>
<tr>
<td>Subject Alternative Name</td>
<td>x509.info.extensions.SubjectAlternativeName</td>
<td>SubjectAlternativeNameExtension.IDENT</td>
<td>SubjectAlternativeNameExtension</td>
</tr>
<tr>
<td>Issuer Alternative Name</td>
<td>x509.info.extensions.IssuerAlternativeName</td>
<td>IssuerAlternativeNameExtension.IDENT</td>
<td>IssuerAlternativeNameExtension</td>
</tr>
<tr>
<td>Basic Constraints</td>
<td>x509.info.extensions.BasicConstraints</td>
<td>BasicConstraintsExtension.IDENT</td>
<td>BasicConstraintsExtension</td>
</tr>
<tr>
<td>Name Constraints</td>
<td>x509.info.extensions.NameConstraints</td>
<td>NameConstraintsExtension.IDENT</td>
<td>NameConstraintsExtension</td>
</tr>
<tr>
<td>Policy Constraints</td>
<td>x509.info.extensions.PolicyConstraints</td>
<td>PolicyConstraintsExtension.IDENT</td>
<td>PolicyConstraintsExtension</td>
</tr>
<tr>
<td>Netscape Certificate Type</td>
<td>x509.info.extensions.NetscapeCertType</td>
<td>NetscapeCertTypeExtension.IDENT</td>
<td>NetscapeCertTypeExtension</td>
</tr>
</table>
<p>
Extensions can be added by implementing the
<code>sun.security.x509.CertAttrSet</code> interface and
subclassing <code>sun.security.x509.Extension</code> class.
Register the new extension using the OIDMap class.
The following extensions are not currently supported from the
PKIX profile:
<table>
<tr>
<td>Name</td>
<td>ObjectIdentifier</td>
</tr>
<tr>
<td>CertificatePolicies</td>
<td>2.5.29.32</td>
</tr>
</table>
</BODY>
</HTML>

2
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
View file

@ -2400,7 +2400,7 @@ public class Main {
NetscapeCertTypeExtension extn =
new NetscapeCertTypeExtension(encoded);
Boolean val = extn.get(NetscapeCertTypeExtension.OBJECT_SIGNING);
boolean val = extn.get(NetscapeCertTypeExtension.OBJECT_SIGNING);
if (!val) {
if (bad != null) {
bad[2] = true;

18
test/jdk/java/security/cert/X509CertSelectorTest.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,13 +21,9 @@
* questions.
*/
import static sun.security.x509.GeneralNameInterface.NAME_DIRECTORY;
import static sun.security.x509.NameConstraintsExtension.EXCLUDED_SUBTREES;
import static sun.security.x509.NameConstraintsExtension.PERMITTED_SUBTREES;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
@ -284,7 +280,7 @@ public class X509CertSelectorTest {
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16"));
byte[] encoded = in.getOctetString();
PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded);
Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
Date validDate = ext.getNotBefore();
selector.setPrivateKeyValid(validDate);
checkMatch(selector, cert, true);
@ -351,8 +347,8 @@ public class X509CertSelectorTest {
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17"));
byte[] encoded = in.getOctetString();
SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded);
GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
GeneralName name = (GeneralName) names.get(0);
GeneralNames names = ext.getNames();
GeneralName name = names.get(0);
selector.setSubjectAlternativeNames(null);
DerOutputStream tmp2 = new DerOutputStream();
name.getName().encode(tmp2);
@ -383,7 +379,7 @@ public class X509CertSelectorTest {
// good match
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
List<PolicyInformation> policies = ext.getCertPolicies();
// match on the first policy id
PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
s.clear();
@ -403,8 +399,8 @@ public class X509CertSelectorTest {
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.30"));
byte[] encoded = in.getOctetString();
NameConstraintsExtension ext = new NameConstraintsExtension(false, encoded);
GeneralSubtrees permitted = (GeneralSubtrees) ext.get(PERMITTED_SUBTREES);
GeneralSubtrees excluded = (GeneralSubtrees) ext.get(EXCLUDED_SUBTREES);
GeneralSubtrees permitted = ext.getPermittedSubtrees();
GeneralSubtrees excluded = ext.getExcludedSubtrees();
// bad matches on pathToName within excluded subtrees
if (excluded != null) {

17
test/jdk/sun/security/pkcs/pkcs7/SignerOrder.java
View file

@ -245,17 +245,14 @@ class SimpleSigner {
X509CertInfo info = new X509CertInfo();
// Add all mandatory attributes
info.set(X509CertInfo.VERSION,
new CertificateVersion(CertificateVersion.V1));
info.set(X509CertInfo.SERIAL_NUMBER,
new CertificateSerialNumber(
info.setVersion(new CertificateVersion(CertificateVersion.V1));
info.setSerialNumber(new CertificateSerialNumber(
(int) (firstDate.getTime() / 1000)));
info.set(X509CertInfo.ALGORITHM_ID,
new CertificateAlgorithmId(algId));
info.set(X509CertInfo.SUBJECT, agent);
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.ISSUER, agent);
info.setAlgorithmId(new CertificateAlgorithmId(algId));
info.setSubject(agent);
info.setKey(new CertificateX509Key(publicKey));
info.setValidity(interval);
info.setIssuer(agent);
certLocal = new X509CertImpl(info);
certLocal.sign(privateKey, algId.getName());

11
test/jdk/sun/security/provider/X509Factory/BigCRL.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2011, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -35,7 +35,6 @@ import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.PrivateKey;
import java.security.cert.X509CRLEntry;
import java.util.Arrays;
import java.util.Date;
import sun.security.x509.*;
import java.security.cert.CertificateFactory;
@ -55,10 +54,8 @@ public class BigCRL {
Certificate signerCert = keyStore.getCertificate(alias);
byte[] encoded = signerCert.getEncoded();
X509CertImpl signerCertImpl = new X509CertImpl(encoded);
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
+ X509CertInfo.DN_NAME);
X509CertInfo signerCertInfo = signerCertImpl.getInfo();
X500Name owner = signerCertInfo.getSubject();
Date date = new Date();
PrivateKey privateKey = (PrivateKey)
@ -67,7 +64,7 @@ public class BigCRL {
X509CRLEntry[] badCerts = new X509CRLEntry[n];
CRLExtensions ext = new CRLExtensions();
ext.set("Reason", new CRLReasonCodeExtension(1));
ext.setExtension("Reason", new CRLReasonCodeExtension(1));
for (int i = 0; i < n; i++) {
badCerts[i] = new X509CRLEntryImpl(
BigInteger.valueOf(i), date, ext);

4
test/jdk/sun/security/ssl/X509KeyManager/NoGoodKey.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2021, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -55,7 +55,7 @@ public class NoGoodKey {
Vector<ObjectIdentifier> xku = new Vector<>(1);
xku.add(ObjectIdentifier.of(KnownOIDs.KP_TimeStamping));
var ext = new ExtendedKeyUsageExtension(xku);
exts.set(ext.getId(), ext);
exts.setExtension(ext.getId(), ext);
KeyStore ks = KeyStore.getInstance("pkcs12");
char[] pass = "password".toCharArray();

2
test/jdk/sun/security/x509/OtherName/Parse.java
View file

@ -76,7 +76,7 @@ public class Parse {
names.add(new GeneralName(
new OtherName(ObjectIdentifier.of("1.2.3.6"), d2)));
exts.set("x", new SubjectAlternativeNameExtension(names));
exts.setExtension("x", new SubjectAlternativeNameExtension(names));
CertAndKeyGen g = new CertAndKeyGen("Ed25519", "Ed25519");
g.generate(-1);
X509Certificate x = g.getSelfCertificate(new X500Name("CN=ME"),

50
test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -122,21 +122,17 @@ public class V3Certificate {
// Certificate Info
X509CertInfo cert = new X509CertInfo();
cert.set(X509CertInfo.VERSION,
new CertificateVersion(CertificateVersion.V3));
cert.set(X509CertInfo.SERIAL_NUMBER,
new CertificateSerialNumber((int) (firstDate.getTime() / 1000)));
cert.set(X509CertInfo.ALGORITHM_ID,
new CertificateAlgorithmId(AlgorithmId.get(sigAlg)));
cert.set(X509CertInfo.SUBJECT, subject);
cert.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
cert.set(X509CertInfo.VALIDITY, interval);
cert.set(X509CertInfo.ISSUER, issuer);
cert.setVersion(new CertificateVersion(CertificateVersion.V3));
cert.setSerialNumber(new CertificateSerialNumber((int) (firstDate.getTime() / 1000)));
cert.setAlgorithmId(new CertificateAlgorithmId(AlgorithmId.get(sigAlg)));
cert.setSubject(subject);
cert.setKey(new CertificateX509Key(publicKey));
cert.setValidity(interval);
cert.setIssuer(issuer);
cert.set(X509CertInfo.ISSUER_ID,
new UniqueIdentity(
cert.setIssuerUniqueId(new UniqueIdentity(
new BitArray(issuerId.length * 8 - 2, issuerId)));
cert.set(X509CertInfo.SUBJECT_ID, new UniqueIdentity(subjectId));
cert.setSubjectUniqueId(new UniqueIdentity(subjectId));
// Create Extensions
CertificateExtensions exts = new CertificateExtensions();
@ -163,13 +159,9 @@ public class V3Certificate {
IssuerAlternativeNameExtension issuerName
= new IssuerAlternativeNameExtension();
GeneralNames subjectNames
= (GeneralNames) subjectName.
get(SubjectAlternativeNameExtension.SUBJECT_NAME);
GeneralNames subjectNames = subjectName.getNames();
GeneralNames issuerNames
= (GeneralNames) issuerName.
get(IssuerAlternativeNameExtension.ISSUER_NAME);
GeneralNames issuerNames = issuerName.getNames();
subjectNames.add(mail);
subjectNames.add(dns);
@ -201,15 +193,15 @@ public class V3Certificate {
PolicyConstraintsExtension pce = new PolicyConstraintsExtension(2, 4);
exts.set(SubjectAlternativeNameExtension.NAME, subjectName);
exts.set(IssuerAlternativeNameExtension.NAME, issuerName);
exts.set(PrivateKeyUsageExtension.NAME, pkusage);
exts.set(KeyUsageExtension.NAME, usage);
exts.set(AuthorityKeyIdentifierExtension.NAME, aki);
exts.set(SubjectKeyIdentifierExtension.NAME, ski);
exts.set(BasicConstraintsExtension.NAME, cons);
exts.set(PolicyConstraintsExtension.NAME, pce);
cert.set(X509CertInfo.EXTENSIONS, exts);
exts.setExtension(SubjectAlternativeNameExtension.NAME, subjectName);
exts.setExtension(IssuerAlternativeNameExtension.NAME, issuerName);
exts.setExtension(PrivateKeyUsageExtension.NAME, pkusage);
exts.setExtension(KeyUsageExtension.NAME, usage);
exts.setExtension(AuthorityKeyIdentifierExtension.NAME, aki);
exts.setExtension(SubjectKeyIdentifierExtension.NAME, ski);
exts.setExtension(BasicConstraintsExtension.NAME, cons);
exts.setExtension(PolicyConstraintsExtension.NAME, pce);
cert.setExtensions(exts);
// Generate and sign X509CertImpl
X509CertImpl crt = new X509CertImpl(cert);