archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 07:14:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8246397: Use KnownOIDs for known OIDs

Browse source 
Reviewed-by: xuelei
This commit is contained in:
Weijun Wang 2020-06-04 10:04:32 +08:00
parent 2bfc64ad1f
commit bcbe46b0b3
10 changed files with 67 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

90
src/java.base/share/classes/java/security/cert/X509CertSelector.java
View file

@ -117,22 +117,6 @@ public class X509CertSelector implements CertSelector {
private static final Boolean FALSE = Boolean.FALSE;
private static final int PRIVATE_KEY_USAGE_ID = 0;
private static final int SUBJECT_ALT_NAME_ID = 1;
private static final int NAME_CONSTRAINTS_ID = 2;
private static final int CERT_POLICIES_ID = 3;
private static final int EXTENDED_KEY_USAGE_ID = 4;
private static final int NUM_OF_EXTENSIONS = 5;
private static final String[] EXTENSION_OIDS = new String[NUM_OF_EXTENSIONS];
static {
EXTENSION_OIDS[PRIVATE_KEY_USAGE_ID] = "2.5.29.16";
EXTENSION_OIDS[SUBJECT_ALT_NAME_ID] = "2.5.29.17";
EXTENSION_OIDS[NAME_CONSTRAINTS_ID] = "2.5.29.30";
EXTENSION_OIDS[CERT_POLICIES_ID] = "2.5.29.32";
EXTENSION_OIDS[EXTENDED_KEY_USAGE_ID] = "2.5.29.37";
};
/* Constants representing the GeneralName types */
static final int NAME_ANY = 0;
static final int NAME_RFC822 = 1;
@ -1940,48 +1924,48 @@ public class X509CertSelector implements CertSelector {
* object with the extension encoding retrieved from the passed in
* {@code X509Certificate}.
*/
private static Extension getExtensionObject(X509Certificate cert, int extId)
private static Extension getExtensionObject(X509Certificate cert, KnownOIDs extId)
throws IOException {
if (cert instanceof X509CertImpl) {
X509CertImpl impl = (X509CertImpl)cert;
X509CertImpl impl = (X509CertImpl) cert;
switch (extId) {
case PRIVATE_KEY_USAGE_ID:
return impl.getPrivateKeyUsageExtension();
case SUBJECT_ALT_NAME_ID:
return impl.getSubjectAlternativeNameExtension();
case NAME_CONSTRAINTS_ID:
return impl.getNameConstraintsExtension();
case CERT_POLICIES_ID:
return impl.getCertificatePoliciesExtension();
case EXTENDED_KEY_USAGE_ID:
return impl.getExtendedKeyUsageExtension();
default:
return null;
case PrivateKeyUsage:
return impl.getPrivateKeyUsageExtension();
case SubjectAlternativeName:
return impl.getSubjectAlternativeNameExtension();
case NameConstraints:
return impl.getNameConstraintsExtension();
case CertificatePolicies:
return impl.getCertificatePoliciesExtension();
case extendedKeyUsage:
return impl.getExtendedKeyUsageExtension();
default:
return null;
}
}
byte[] rawExtVal = cert.getExtensionValue(EXTENSION_OIDS[extId]);
byte[] rawExtVal = cert.getExtensionValue(extId.value());
if (rawExtVal == null) {
return null;
}
DerInputStream in = new DerInputStream(rawExtVal);
byte[] encoded = in.getOctetString();
switch (extId) {
case PRIVATE_KEY_USAGE_ID:
try {
return new PrivateKeyUsageExtension(FALSE, encoded);
} catch (CertificateException ex) {
throw new IOException(ex.getMessage());
}
case SUBJECT_ALT_NAME_ID:
return new SubjectAlternativeNameExtension(FALSE, encoded);
case NAME_CONSTRAINTS_ID:
return new NameConstraintsExtension(FALSE, encoded);
case CERT_POLICIES_ID:
return new CertificatePoliciesExtension(FALSE, encoded);
case EXTENDED_KEY_USAGE_ID:
return new ExtendedKeyUsageExtension(FALSE, encoded);
default:
return null;
case PrivateKeyUsage:
try {
return new PrivateKeyUsageExtension(FALSE, encoded);
} catch (CertificateException ex) {
throw new IOException(ex.getMessage());
}
case SubjectAlternativeName:
return new SubjectAlternativeNameExtension(FALSE, encoded);
case NameConstraints:
return new NameConstraintsExtension(FALSE, encoded);
case CertificatePolicies:
return new CertificatePoliciesExtension(FALSE, encoded);
case extendedKeyUsage:
return new ExtendedKeyUsageExtension(FALSE, encoded);
default:
return null;
}
}
@ -2171,7 +2155,7 @@ public class X509CertSelector implements CertSelector {
PrivateKeyUsageExtension ext = null;
try {
ext = (PrivateKeyUsageExtension)
getExtensionObject(xcert, PRIVATE_KEY_USAGE_ID);
getExtensionObject(xcert, KnownOIDs.PrivateKeyUsage);
if (ext != null) {
ext.valid(privateKeyValid);
}
@ -2283,7 +2267,7 @@ public class X509CertSelector implements CertSelector {
try {
ExtendedKeyUsageExtension ext =
(ExtendedKeyUsageExtension)getExtensionObject(xcert,
EXTENDED_KEY_USAGE_ID);
KnownOIDs.extendedKeyUsage);
if (ext != null) {
Vector<ObjectIdentifier> certKeyPurposeVector =
ext.get(ExtendedKeyUsageExtension.USAGES);
@ -2313,8 +2297,8 @@ public class X509CertSelector implements CertSelector {
}
try {
SubjectAlternativeNameExtension sanExt =
(SubjectAlternativeNameExtension) getExtensionObject(xcert,
SUBJECT_ALT_NAME_ID);
(SubjectAlternativeNameExtension) getExtensionObject(
xcert, KnownOIDs.SubjectAlternativeName);
if (sanExt == null) {
if (debug != null) {
debug.println("X509CertSelector.match: "
@ -2383,7 +2367,7 @@ public class X509CertSelector implements CertSelector {
}
try {
CertificatePoliciesExtension ext = (CertificatePoliciesExtension)
getExtensionObject(xcert, CERT_POLICIES_ID);
getExtensionObject(xcert, KnownOIDs.CertificatePolicies);
if (ext == null) {
if (debug != null) {
debug.println("X509CertSelector.match: "
@ -2448,7 +2432,7 @@ public class X509CertSelector implements CertSelector {
}
try {
NameConstraintsExtension ext = (NameConstraintsExtension)
getExtensionObject(xcert, NAME_CONSTRAINTS_ID);
getExtensionObject(xcert, KnownOIDs.NameConstraints);
if (ext == null) {
return true;
}