8239950: Update PKCS9 Attributes to PKCS#9 v2.0 Encodings

Reviewed-by: weijun
2025-09-19 18:44:38 +02:00 · 2020-06-23 07:48:39 -07:00 · 2020-06-23 07:48:39 -07:00 · c0b348f3ef
commit c0b348f3ef
parent d8219d0a78
3 changed files with 245 additions and 13 deletions
--- a/src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java
+++ b/src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java
@ -28,9 +28,7 @@ package sun.security.pkcs;
 import java.io.IOException;
 import java.io.OutputStream;
 import java.security.cert.CertificateException;
-import java.util.Locale;
 import java.util.Date;
-import java.util.HashMap;
 import sun.security.x509.CertificateExtensions;
 import sun.security.util.*;

@ -234,11 +232,16 @@ public class PKCS9Attribute implements DerEncoder {
    private static final Byte[][] PKCS9_VALUE_TAGS = {
        null,
        {DerValue.tag_IA5String},   // EMailAddress
-        {DerValue.tag_IA5String,   // UnstructuredName
-         DerValue.tag_PrintableString},
+        {DerValue.tag_IA5String,
+         DerValue.tag_PrintableString,
+         DerValue.tag_T61String,
+         DerValue.tag_BMPString,
+         DerValue.tag_UniversalString,
+         DerValue.tag_UTF8String},  // UnstructuredName
        {DerValue.tag_ObjectId},    // ContentType
        {DerValue.tag_OctetString}, // MessageDigest
-        {DerValue.tag_UtcTime},     // SigningTime
+        {DerValue.tag_UtcTime,
+         DerValue.tag_GeneralizedTime}, // SigningTime
        {DerValue.tag_Sequence},    // Countersignature
        {DerValue.tag_PrintableString,
         DerValue.tag_T61String,
@ -246,7 +249,10 @@ public class PKCS9Attribute implements DerEncoder {
         DerValue.tag_UniversalString,
         DerValue.tag_UTF8String},   // ChallengePassword
        {DerValue.tag_PrintableString,
-         DerValue.tag_T61String},   // UnstructuredAddress
+         DerValue.tag_T61String,
+         DerValue.tag_BMPString,
+         DerValue.tag_UniversalString,
+         DerValue.tag_UTF8String},   // UnstructuredAddress
        {DerValue.tag_SetOf},       // ExtendedCertificateAttributes
        {DerValue.tag_Sequence},    // issuerAndSerialNumber
        null,
@ -437,7 +443,10 @@ public class PKCS9Attribute implements DerEncoder {
            break;

        case 5:     // signing time
-            value = (new DerInputStream(elems[0].toByteArray())).getUTCTime();
+            byte elemTag = elems[0].getTag();
+            DerInputStream dis = new DerInputStream(elems[0].toByteArray());
+            value = (elemTag == DerValue.tag_GeneralizedTime) ?
+                    dis.getGeneralizedTime() : dis.getUTCTime();
            break;

        case 6:     // countersignature
--- a/src/java.base/share/classes/sun/security/util/DerValue.java
+++ b/src/java.base/share/classes/sun/security/util/DerValue.java
@ -1,5 +1,5 @@
 /**
- * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -28,6 +28,8 @@ package sun.security.util;
 import java.io.*;
 import java.math.BigInteger;
 import java.nio.charset.Charset;
+import java.nio.charset.IllegalCharsetNameException;
+import java.nio.charset.UnsupportedCharsetException;
 import java.util.Date;

 import static java.nio.charset.StandardCharsets.*;
@ -360,8 +362,9 @@ public class DerValue {
        case tag_UTF8String:
            charset = UTF_8;
            break;
-            // TBD: Need encoder for UniversalString before it can
-            // be handled.
+        case tag_UniversalString:
+            charset = Charset.forName("UTF_32BE");
+            break;
        default:
            throw new IllegalArgumentException("Unsupported DER string type");
        }
@ -598,10 +601,8 @@ public class DerValue {
            return getT61String();
        else if (tag == tag_IA5String)
            return getIA5String();
-        /*
-          else if (tag == tag_UniversalString)
+        else if (tag == tag_UniversalString)
          return getUniversalString();
-        */
        else if (tag == tag_BMPString)
            return getBMPString();
        else if (tag == tag_GeneralString)
@ -740,6 +741,25 @@ public class DerValue {
        return new String(getDataBytes(), US_ASCII);
    }

+    /**
+     * Returns the ASN.1 UNIVERSAL (UTF-32) STRING value as a Java String.
+     *
+     * @return a string corresponding to the encoded UniversalString held in
+     * this value or an empty string if UTF_32BE is not a supported character
+     * set.
+     */
+    public String getUniversalString() throws IOException {
+        if (tag != tag_UniversalString)
+            throw new IOException(
+                "DerValue.getUniversalString, not UniversalString " + tag);
+        try {
+            Charset cset = Charset.forName("UTF_32BE");
+            return new String(getDataBytes(), cset);
+        } catch (IllegalCharsetNameException | UnsupportedCharsetException e) {
+            return "";
+        }
+    }
+
    /**
     * Returns a Date if the DerValue is UtcTime.
     *