stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8242151: Improve OID mapping and reuse among JDK security providers for aliases registration

Browse Source 
Use sun.security.util.KnownOIDs enum instead of hardcoding oid strings everywhere

Reviewed-by: weijun
This commit is contained in:
Valerie Peng 2020-05-19 04:05:03 +00:00
parent a97932d8fc
commit 080b3b83eb
79 changed files with 2016 additions and 2080 deletions
src
java.base
macosx/classes/apple/security
KeychainStore.java
share/classes
com/sun/crypto/provider
DHPublicKey.javaKeyProtector.javaOAEPParameters.javaPBES2Parameters.javaSunJCE.java
java/security
PKCS12Attribute.java
cert
CertificateRevokedException.javaX509CertSelector.java
sun/security
pkcs
ContentInfo.javaPKCS7.javaPKCS9Attribute.java
pkcs12
PKCS12KeyStore.java
provider
KeyProtector.javaSunEntries.java
certpath
OCSPResponse.javaRevocationChecker.java
rsa
PSSParameters.javaSunRsaSignEntries.java
ssl
SunJSSE.javaX509KeyManagerImpl.java
timestamp
TSRequest.java
tools/keytool
Main.java
util
ConstraintsParameters.javaCurveDB.javaKnownOIDs.javaNamedCurve.javaObjectIdentifier.javaSecurityProviderConstants.java
validator
EndEntityChecker.javaSimpleValidator.java
x509
AVA.javaAccessDescription.javaAlgorithmId.javaExtendedKeyUsageExtension.javaInhibitAnyPolicyExtension.javaNetscapeCertTypeExtension.javaOIDMap.javaOIDName.javaPKIXExtensions.javaX500Name.javaX509CRLEntryImpl.javaX509CRLImpl.javaX509CertImpl.java
java.security.jgss/share/classes
org/ietf/jgss
Oid.java
sun/security/jgss
GSSContextImpl.javaGSSNameImpl.java
krb5
Krb5Token.java
spnego
SpNegoToken.java
wrapper
GSSNameElement.javaNativeGSSContext.java
jdk.crypto.cryptoki/share/classes/sun/security/pkcs11
SunPKCS11.java
jdk.crypto.ec/share/classes/sun/security/ec
SunEC.javaXECParameters.java
ed
EdDSAParameters.java
jdk.crypto.mscapi/windows/classes/sun/security/mscapi
SunMSCAPI.java
jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto
LibMDMech.javaServiceDesc.javaUcryptoMech.javaUcryptoProvider.java
jdk.jartool/share/classes/sun/security/tools/jarsigner
TimestampedSigner.java
test/jdk
java/security/testlibrary
CertificateBuilder.javaSimpleOCSPServer.java
sun/security
jgss/spnego
NotPreferredMech.java
pkcs
pkcs10
PKCS10AttrEncoding.javaPKCS10AttributeReader.java
pkcs9
UnknownAttribute.java
pkcs12
PKCS12SameKeyId.javaParamsPreferences.javaParamsTest.java
tools
jarsigner
TimestampCheck.java
keytool
KeyToolTest.java
util/Oid
OidEquals.javaOidFormat.javaS11N.java
x509
AVA
AVAEqualsHashCode.java
AlgorithmId
ExtensibleAlgorithmId.java
X509CertImpl
V3Certificate.java
equalNames
AltNamesEqualsTest.java

4
src/java.base/macosx/classes/apple/security/KeychainStore.java

@ -93,9 +93,9 @@ public final class KeychainStore extends KeyStoreSpi {
* PKCS12 bag we get from the Keychain.
*/
private static ObjectIdentifier PKCS8ShroudedKeyBag_OID =
ObjectIdentifier.of("1.2.840.113549.1.12.10.1.2");
ObjectIdentifier.of(KnownOIDs.PKCS8ShroudedKeyBag);
private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID =
ObjectIdentifier.of("1.2.840.113549.1.12.1.3");
ObjectIdentifier.of(KnownOIDs.PBEWithSHA1AndDESede);
/**
* Constnats used in PBE decryption.

2
src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java

@ -71,7 +71,7 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
// Note: this OID is used by DHPrivateKey as well.
static ObjectIdentifier DH_OID =
ObjectIdentifier.of("1.2.840.113549.1.3.1");
ObjectIdentifier.of(KnownOIDs.DiffieHellman);
/**
* Make a DH public key out of a public value <code>y</code>, a prime

18
src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java

@ -48,6 +48,7 @@ import javax.security.auth.DestroyFailedException;
import sun.security.x509.AlgorithmId;
import sun.security.util.ObjectIdentifier;
import sun.security.util.KnownOIDs;
import sun.security.util.SecurityProperties;
/**
@ -67,14 +68,6 @@ import sun.security.util.SecurityProperties;
final class KeyProtector {
// defined by SunSoft (SKI project)
private static final String PBE_WITH_MD5_AND_DES3_CBC_OID
= "1.3.6.1.4.1.42.2.19.1";
// JavaSoft proprietary key-protection algorithm (used to protect private
// keys in the keystore implementation that comes with JDK 1.2)
private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1";
private static final int MAX_ITERATION_COUNT = 5000000;
private static final int MIN_ITERATION_COUNT = 10000;
private static final int DEFAULT_ITERATION_COUNT = 200000;
@ -154,7 +147,8 @@ final class KeyProtector {
pbeParams.init(pbeSpec);
AlgorithmId encrAlg = new AlgorithmId
(new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), pbeParams);
(ObjectIdentifier.of(KnownOIDs.JAVASOFT_JCEKeyProtector),
pbeParams);
return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
}
@ -169,13 +163,13 @@ final class KeyProtector {
SecretKey sKey = null;
try {
String encrAlg = encrInfo.getAlgorithm().getOID().toString();
if (!encrAlg.equals(PBE_WITH_MD5_AND_DES3_CBC_OID)
&& !encrAlg.equals(KEY_PROTECTOR_OID)) {
if (!encrAlg.equals(KnownOIDs.JAVASOFT_JCEKeyProtector.value())
&& !encrAlg.equals(KnownOIDs.JAVASOFT_JDKKeyProtector.value())) {
throw new UnrecoverableKeyException("Unsupported encryption "
+ "algorithm");
}
if (encrAlg.equals(KEY_PROTECTOR_OID)) {
if (encrAlg.equals(KnownOIDs.JAVASOFT_JDKKeyProtector.value())) {
// JDK 1.2 style recovery
plain = recover(encrInfo.getEncryptedData());
} else {

4
src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java

@ -56,9 +56,9 @@ public final class OAEPParameters extends AlgorithmParametersSpi {
private MGF1ParameterSpec mgfSpec;
private byte[] p;
private static ObjectIdentifier OID_MGF1 =
ObjectIdentifier.of("1.2.840.113549.1.1.8");
ObjectIdentifier.of(KnownOIDs.MGF1);
private static ObjectIdentifier OID_PSpecified =
ObjectIdentifier.of("1.2.840.113549.1.1.9");
ObjectIdentifier.of(KnownOIDs.PSpecified);
public OAEPParameters() {
}

54
src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java

@ -93,25 +93,15 @@ import sun.security.util.*;
abstract class PBES2Parameters extends AlgorithmParametersSpi {
private static ObjectIdentifier pkcs5PBKDF2_OID =
ObjectIdentifier.of("1.2.840.113549.1.5.12");
ObjectIdentifier.of(KnownOIDs.PBKDF2WithHmacSHA1);
private static ObjectIdentifier pkcs5PBES2_OID =
ObjectIdentifier.of("1.2.840.113549.1.5.13");
private static ObjectIdentifier hmacWithSHA1_OID =
ObjectIdentifier.of("1.2.840.113549.2.7");
private static ObjectIdentifier hmacWithSHA224_OID =
ObjectIdentifier.of("1.2.840.113549.2.8");
private static ObjectIdentifier hmacWithSHA256_OID =
ObjectIdentifier.of("1.2.840.113549.2.9");
private static ObjectIdentifier hmacWithSHA384_OID =
ObjectIdentifier.of("1.2.840.113549.2.10");
private static ObjectIdentifier hmacWithSHA512_OID =
ObjectIdentifier.of("1.2.840.113549.2.11");
ObjectIdentifier.of(KnownOIDs.PBES2);
private static ObjectIdentifier aes128CBC_OID =
ObjectIdentifier.of("2.16.840.1.101.3.4.1.2");
ObjectIdentifier.of(KnownOIDs.AES_128$CBC$NoPadding);
private static ObjectIdentifier aes192CBC_OID =
ObjectIdentifier.of("2.16.840.1.101.3.4.1.22");
ObjectIdentifier.of(KnownOIDs.AES_192$CBC$NoPadding);
private static ObjectIdentifier aes256CBC_OID =
ObjectIdentifier.of("2.16.840.1.101.3.4.1.42");
ObjectIdentifier.of(KnownOIDs.AES_256$CBC$NoPadding);
// the PBES2 algorithm name
private String pbes2AlgorithmName = null;
@ -126,7 +116,8 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
private AlgorithmParameterSpec cipherParam = null;
// the key derivation function (default is HmacSHA1)
private ObjectIdentifier kdfAlgo_OID = hmacWithSHA1_OID;
private ObjectIdentifier kdfAlgo_OID =
ObjectIdentifier.of(KnownOIDs.HmacSHA1);
// the encryption function
private ObjectIdentifier cipherAlgo_OID = null;
@ -171,19 +162,11 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
switch (kdfAlgo) {
case "HmacSHA1":
kdfAlgo_OID = hmacWithSHA1_OID;
break;
case "HmacSHA224":
kdfAlgo_OID = hmacWithSHA224_OID;
break;
case "HmacSHA256":
kdfAlgo_OID = hmacWithSHA256_OID;
break;
case "HmacSHA384":
kdfAlgo_OID = hmacWithSHA384_OID;
break;
case "HmacSHA512":
kdfAlgo_OID = hmacWithSHA512_OID;
kdfAlgo_OID = ObjectIdentifier.of(KnownOIDs.findMatch(kdfAlgo));
break;
default:
throw new NoSuchAlgorithmException(
@ -255,7 +238,7 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
}
cipherAlgo = parseES(pBES2_params.data.getDerValue());
pbes2AlgorithmName = new StringBuilder().append("PBEWith")
this.pbes2AlgorithmName = new StringBuilder().append("PBEWith")
.append(kdfAlgo).append("And").append(cipherAlgo).toString();
}
@ -306,21 +289,18 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
}
if (prf != null) {
kdfAlgo_OID = prf.data.getOID();
if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA1";
} else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA224";
} else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA256";
} else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA384";
} else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA512";
} else {
KnownOIDs o = KnownOIDs.findMatch(kdfAlgo_OID.toString());
if (o == null || (!o.stdName().equals("HmacSHA1") &&
!o.stdName().equals("HmacSHA224") &&
!o.stdName().equals("HmacSHA256") &&
!o.stdName().equals("HmacSHA384") &&
!o.stdName().equals("HmacSHA512"))) {
throw new IOException("PBE parameter parsing error: "
+ "expecting the object identifier for a HmacSHA key "
+ "derivation function");
}
kdfAlgo = o.stdName();
if (prf.data.available() != 0) {
// parameter is 'NULL' for all HmacSHA KDFs
DerValue parameter = prf.data.getDerValue();

563
src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java

@ -32,8 +32,7 @@ import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.List;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.provider.SunEntries.createAliases;
import static sun.security.provider.SunEntries.createAliasesWithOid;
import static sun.security.util.SecurityProviderConstants.*;
/**
* The "SunJCE" Cryptographic Service Provider.
@ -100,9 +99,22 @@ public final class SunJCE extends Provider {
}
static SecureRandom getRandom() { return SecureRandomHolder.RANDOM; }
private void ps(String type, String algo, String cn,
List<String> aliases, HashMap<String, String> attrs) {
putService(new Provider.Service(this, type, algo, cn, aliases, attrs));
// ps: putService
private void ps(String type, String algo, String cn) {
putService(new Provider.Service(this, type, algo, cn, null, null));
}
private void ps(String type, String algo, String cn, List<String> als,
HashMap<String, String> attrs) {
putService(new Provider.Service(this, type, algo, cn, als,
attrs));
}
// psA: putService with default aliases
private void psA(String type, String algo, String cn,
HashMap<String, String> attrs) {
putService(new Provider.Service(this, type, algo, cn, getAliases(algo),
attrs));
}
public SunJCE() {
@ -128,69 +140,6 @@ public final class SunJCE extends Provider {
}
void putEntries() {
// common aliases and oids
List<String> aesAliases = createAliases("Rijndael");
List<String> desEdeAliases = createAliases("TripleDES");
List<String> arcFourAliases = createAliases("RC4");
List<String> sunTlsMSAliases = createAliases(
"SunTls12MasterSecret", "SunTlsExtendedMasterSecret"
);
List<String> sunTlsKMAliases = createAliases("SunTls12KeyMaterial");
List<String> sunTlsRsaPMSAliases = createAliases("SunTls12RsaPremasterSecret");
String aes128Oid = "2.16.840.1.101.3.4.1.";
String aes192Oid = "2.16.840.1.101.3.4.1.2";
String aes256Oid = "2.16.840.1.101.3.4.1.4";
List<String> pkcs12RC4_128Aliases =
createAliasesWithOid("1.2.840.113549.1.12.1.1");
List<String> pkcs12RC4_40Aliases =
createAliasesWithOid("1.2.840.113549.1.12.1.2");
List<String> pkcs12DESedeAliases =
createAliasesWithOid("1.2.840.113549.1.12.1.3");
List<String> pkcs12RC2_128Aliases =
createAliasesWithOid("1.2.840.113549.1.12.1.5");
List<String> pkcs12RC2_40Aliases =
createAliasesWithOid("1.2.840.113549.1.12.1.6");
List<String> pkcs5MD5_DESAliases =
createAliasesWithOid("1.2.840.113549.1.5.3", "PBE");
List<String> pkcs5PBKDF2Aliases =
createAliasesWithOid("1.2.840.113549.1.5.12");
List<String> pkcs5PBES2Aliases =
createAliasesWithOid("1.2.840.113549.1.5.13");
List<String> diffieHellmanAliases =
createAliasesWithOid("1.2.840.113549.1.3.1", "DH");
List<String> chachaPolyAliases =
createAliasesWithOid("1.2.840.113549.1.9.16.3.18");
String macOidBase = "1.2.840.113549.2.";
List<String> macSHA1Aliases = createAliasesWithOid(macOidBase + "7");
List<String> macSHA224Aliases = createAliasesWithOid(macOidBase + "8");
List<String> macSHA256Aliases = createAliasesWithOid(macOidBase + "9");
List<String> macSHA384Aliases = createAliasesWithOid(macOidBase + "10");
List<String> macSHA512Aliases = createAliasesWithOid(macOidBase + "11");
List<String> macSHA512_224Aliases = createAliasesWithOid(macOidBase + "12");
List<String> macSHA512_256Aliases = createAliasesWithOid(macOidBase + "13");
String nistHashAlgsOidBase = "2.16.840.1.101.3.4.2.";
List<String> macSHA3_224Aliases =
createAliasesWithOid(nistHashAlgsOidBase + "13");
List<String> macSHA3_256Aliases =
createAliasesWithOid(nistHashAlgsOidBase + "14");
List<String> macSHA3_384Aliases =
createAliasesWithOid(nistHashAlgsOidBase + "15");
List<String> macSHA3_512Aliases =
createAliasesWithOid(nistHashAlgsOidBase + "16");
// reuse attribute map and reset before each reuse
HashMap<String, String> attrs = new HashMap<>(3);
attrs.put("SupportedModes", "ECB");
@ -225,8 +174,8 @@ public final class SunJCE extends Provider {
attrs.put("SupportedKeyFormats", "RAW");
ps("Cipher", "DES",
"com.sun.crypto.provider.DESCipher", null, attrs);
ps("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
desEdeAliases, attrs);
psA("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
attrs);
ps("Cipher", "Blowfish",
"com.sun.crypto.provider.BlowfishCipher", null, attrs);
@ -237,58 +186,58 @@ public final class SunJCE extends Provider {
attrs.put("SupportedModes", BLOCK_MODES128);
attrs.put("SupportedPaddings", BLOCK_PADS);
attrs.put("SupportedKeyFormats", "RAW");
ps("Cipher", "AES", "com.sun.crypto.provider.AESCipher$General",
aesAliases, attrs);
psA("Cipher", "AES",
"com.sun.crypto.provider.AESCipher$General", attrs);
attrs.clear();
attrs.put("SupportedKeyFormats", "RAW");
ps("Cipher", "AES_128/ECB/NoPadding",
psA("Cipher", "AES_128/ECB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding",
createAliasesWithOid(aes128Oid+"1"), attrs);
ps("Cipher", "AES_128/CBC/NoPadding",
attrs);
psA("Cipher", "AES_128/CBC/NoPadding",
"com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding",
createAliasesWithOid(aes128Oid+"2"), attrs);
ps("Cipher", "AES_128/OFB/NoPadding",
attrs);
psA("Cipher", "AES_128/OFB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding",
createAliasesWithOid(aes128Oid+"3"), attrs);
ps("Cipher", "AES_128/CFB/NoPadding",
attrs);
psA("Cipher", "AES_128/CFB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding",
createAliasesWithOid(aes128Oid+"4"), attrs);
ps("Cipher", "AES_128/GCM/NoPadding",
attrs);
psA("Cipher", "AES_128/GCM/NoPadding",
"com.sun.crypto.provider.AESCipher$AES128_GCM_NoPadding",
createAliasesWithOid(aes128Oid+"6"), attrs);
attrs);
ps("Cipher", "AES_192/ECB/NoPadding",
psA("Cipher", "AES_192/ECB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding",
createAliasesWithOid(aes192Oid+"1"), attrs);
ps("Cipher", "AES_192/CBC/NoPadding",
attrs);
psA("Cipher", "AES_192/CBC/NoPadding",
"com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding",
createAliasesWithOid(aes192Oid+"2"), attrs);
ps("Cipher", "AES_192/OFB/NoPadding",
attrs);
psA("Cipher", "AES_192/OFB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding",
createAliasesWithOid(aes192Oid+"3"), attrs);
ps("Cipher", "AES_192/CFB/NoPadding",
attrs);
psA("Cipher", "AES_192/CFB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding",
createAliasesWithOid(aes192Oid+"4"), attrs);
ps("Cipher", "AES_192/GCM/NoPadding",
attrs);
psA("Cipher", "AES_192/GCM/NoPadding",
"com.sun.crypto.provider.AESCipher$AES192_GCM_NoPadding",
createAliasesWithOid(aes192Oid+"6"), attrs);
attrs);
ps("Cipher", "AES_256/ECB/NoPadding",
psA("Cipher", "AES_256/ECB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding",
createAliasesWithOid(aes256Oid+"1"), attrs);
ps("Cipher", "AES_256/CBC/NoPadding",
attrs);
psA("Cipher", "AES_256/CBC/NoPadding",
"com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding",
createAliasesWithOid(aes256Oid+"2"), attrs);
ps("Cipher", "AES_256/OFB/NoPadding",
attrs);
psA("Cipher", "AES_256/OFB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding",
createAliasesWithOid(aes256Oid+"3"), attrs);
ps("Cipher", "AES_256/CFB/NoPadding",
attrs);
psA("Cipher", "AES_256/CFB/NoPadding",
"com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding",
createAliasesWithOid(aes256Oid+"4"), attrs);
ps("Cipher", "AES_256/GCM/NoPadding",
attrs);
psA("Cipher", "AES_256/GCM/NoPadding",
"com.sun.crypto.provider.AESCipher$AES256_GCM_NoPadding",
createAliasesWithOid(aes256Oid+"6"), attrs);
attrs);
attrs.clear();
attrs.put("SupportedModes", "CBC");
@ -301,167 +250,150 @@ public final class SunJCE extends Provider {
attrs.put("SupportedModes", "ECB");
attrs.put("SupportedPaddings", "NOPADDING");
attrs.put("SupportedKeyFormats", "RAW");
ps("Cipher", "ARCFOUR", "com.sun.crypto.provider.ARCFOURCipher",
arcFourAliases, attrs);
psA("Cipher", "ARCFOUR",
"com.sun.crypto.provider.ARCFOURCipher", attrs);
ps("Cipher", "AESWrap", "com.sun.crypto.provider.AESWrapCipher$General",
null, attrs);
ps("Cipher", "AESWrap_128",
psA("Cipher", "AESWrap_128",
"com.sun.crypto.provider.AESWrapCipher$AES128",
createAliasesWithOid(aes128Oid+"5"), attrs);
ps("Cipher", "AESWrap_192",
attrs);
psA("Cipher", "AESWrap_192",
"com.sun.crypto.provider.AESWrapCipher$AES192",
createAliasesWithOid(aes192Oid+"5"), attrs);
ps("Cipher", "AESWrap_256",
attrs);
psA("Cipher", "AESWrap_256",
"com.sun.crypto.provider.AESWrapCipher$AES256",
createAliasesWithOid(aes256Oid+"5"), attrs);
attrs);
attrs.clear();
attrs.put("SupportedKeyFormats", "RAW");
ps("Cipher", "ChaCha20",
"com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only",
null, attrs);
ps("Cipher", "ChaCha20-Poly1305",
psA("Cipher", "ChaCha20-Poly1305",
"com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305",
chachaPolyAliases, attrs);
attrs);
// PBES1
ps("Cipher", "PBEWithMD5AndDES",
psA("Cipher", "PBEWithMD5AndDES",
"com.sun.crypto.provider.PBEWithMD5AndDESCipher",
pkcs5MD5_DESAliases, null);
null);
ps("Cipher", "PBEWithMD5AndTripleDES",
"com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher",
null, null);
ps("Cipher", "PBEWithSHA1AndDESede",
"com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
psA("Cipher", "PBEWithSHA1AndDESede",
"com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede",
pkcs12DESedeAliases, null);
ps("Cipher", "PBEWithSHA1AndRC2_40",
null);
psA("Cipher", "PBEWithSHA1AndRC2_40",
"com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40",
pkcs12RC2_40Aliases, null);
ps("Cipher", "PBEWithSHA1AndRC2_128",
null);
psA("Cipher", "PBEWithSHA1AndRC2_128",
"com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128",
pkcs12RC2_128Aliases, null);
ps("Cipher", "PBEWithSHA1AndRC4_40",
null);
psA("Cipher", "PBEWithSHA1AndRC4_40",
"com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40",
pkcs12RC4_40Aliases, null);
null);
ps("Cipher", "PBEWithSHA1AndRC4_128",
psA("Cipher", "PBEWithSHA1AndRC4_128",
"com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128",
pkcs12RC4_128Aliases, null);
null);
// PBES2
ps("Cipher", "PBEWithHmacSHA1AndAES_128",
"com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128",
null, null);
"com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
ps("Cipher", "PBEWithHmacSHA224AndAES_128",
"com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128",
null, null);
"com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128");
ps("Cipher", "PBEWithHmacSHA256AndAES_128",
"com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128",
null, null);
"com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128");
ps("Cipher", "PBEWithHmacSHA384AndAES_128",
"com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128",
null, null);
"com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128");
ps("Cipher", "PBEWithHmacSHA512AndAES_128",
"com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128",
null, null);
"com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128");
ps("Cipher", "PBEWithHmacSHA1AndAES_256",
"com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256",
null, null);
"com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
ps("Cipher", "PBEWithHmacSHA224AndAES_256",
"com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256",
null, null);
"com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256");
ps("Cipher", "PBEWithHmacSHA256AndAES_256",
"com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256",
null, null);
"com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256");
ps("Cipher", "PBEWithHmacSHA384AndAES_256",
"com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256",
null, null);
"com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256");
ps("Cipher", "PBEWithHmacSHA512AndAES_256",
"com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256",
null, null);
"com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256");
/*
* Key(pair) Generator engines
*/
ps("KeyGenerator", "DES",
"com.sun.crypto.provider.DESKeyGenerator",
null, null);
ps("KeyGenerator", "DESede",
"com.sun.crypto.provider.DESKeyGenerator");
psA("KeyGenerator", "DESede",
"com.sun.crypto.provider.DESedeKeyGenerator",
desEdeAliases, null);
null);
ps("KeyGenerator", "Blowfish",
"com.sun.crypto.provider.BlowfishKeyGenerator",
null, null);
ps("KeyGenerator", "AES",
"com.sun.crypto.provider.BlowfishKeyGenerator");
psA("KeyGenerator", "AES",
"com.sun.crypto.provider.AESKeyGenerator",
aesAliases, null);
null);
ps("KeyGenerator", "RC2",
"com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator",
null, null);
ps("KeyGenerator", "ARCFOUR",
"com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator");
psA("KeyGenerator", "ARCFOUR",
"com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator",
arcFourAliases, null);
null);
ps("KeyGenerator", "ChaCha20",
"com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator",
null, null);
"com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator");
ps("KeyGenerator", "HmacMD5",
"com.sun.crypto.provider.HmacMD5KeyGenerator",
null, null);
"com.sun.crypto.provider.HmacMD5KeyGenerator");
ps("KeyGenerator", "HmacSHA1",
"com.sun.crypto.provider.HmacSHA1KeyGenerator",
macSHA1Aliases, null);
ps("KeyGenerator", "HmacSHA224",
psA("KeyGenerator", "HmacSHA1",
"com.sun.crypto.provider.HmacSHA1KeyGenerator", null);
psA("KeyGenerator", "HmacSHA224",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA224",
macSHA224Aliases, null);
ps("KeyGenerator", "HmacSHA256",
null);
psA("KeyGenerator", "HmacSHA256",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA256",
macSHA256Aliases, null);
ps("KeyGenerator", "HmacSHA384",
null);
psA("KeyGenerator", "HmacSHA384",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA384",
macSHA384Aliases, null);
ps("KeyGenerator", "HmacSHA512",
null);
psA("KeyGenerator", "HmacSHA512",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512",
macSHA512Aliases, null);
ps("KeyGenerator", "HmacSHA512/224",
null);
psA("KeyGenerator", "HmacSHA512/224",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_224",
macSHA512_224Aliases, null);
ps("KeyGenerator", "HmacSHA512/256",
null);
psA("KeyGenerator", "HmacSHA512/256",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_256",
macSHA512_256Aliases, null);
null);
ps("KeyGenerator", "HmacSHA3-224",
psA("KeyGenerator", "HmacSHA3-224",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_224",
macSHA3_224Aliases, null);
ps("KeyGenerator", "HmacSHA3-256",
null);
psA("KeyGenerator", "HmacSHA3-256",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_256",
macSHA3_256Aliases, null);
ps("KeyGenerator", "HmacSHA3-384",
null);
psA("KeyGenerator", "HmacSHA3-384",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_384",
macSHA3_384Aliases, null);
ps("KeyGenerator", "HmacSHA3-512",
null);
psA("KeyGenerator", "HmacSHA3-512",
"com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_512",
macSHA3_512Aliases, null);
null);
ps("KeyPairGenerator", "DiffieHellman",
psA("KeyPairGenerator", "DiffieHellman",
"com.sun.crypto.provider.DHKeyPairGenerator",
diffieHellmanAliases, null);
null);
/*
* Algorithm parameter generation engines
*/
ps("AlgorithmParameterGenerator",
psA("AlgorithmParameterGenerator",
"DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator",
diffieHellmanAliases, null);
null);
/*
* Key Agreement engines
@ -469,142 +401,120 @@ public final class SunJCE extends Provider {
attrs.clear();
attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" +
"|javax.crypto.interfaces.DHPrivateKey");
ps("KeyAgreement", "DiffieHellman",
psA("KeyAgreement", "DiffieHellman",
"com.sun.crypto.provider.DHKeyAgreement",
diffieHellmanAliases, attrs);
attrs);
/*
* Algorithm Parameter engines
*/
ps("AlgorithmParameters", "DiffieHellman",
"com.sun.crypto.provider.DHParameters",
diffieHellmanAliases, null);
psA("AlgorithmParameters", "DiffieHellman",
"com.sun.crypto.provider.DHParameters", null);
ps("AlgorithmParameters", "DES",
"com.sun.crypto.provider.DESParameters",
null, null);
"com.sun.crypto.provider.DESParameters");
ps("AlgorithmParameters", "DESede",
"com.sun.crypto.provider.DESedeParameters",
desEdeAliases, null);
psA("AlgorithmParameters", "DESede",
"com.sun.crypto.provider.DESedeParameters", null);
ps("AlgorithmParameters", "PBEWithMD5AndDES",
psA("AlgorithmParameters", "PBEWithMD5AndDES",
"com.sun.crypto.provider.PBEParameters",
pkcs5MD5_DESAliases, null);
null);
ps("AlgorithmParameters", "PBEWithMD5AndTripleDES",
"com.sun.crypto.provider.PBEParameters",
null, null);
"com.sun.crypto.provider.PBEParameters");
ps("AlgorithmParameters", "PBEWithSHA1AndDESede",
psA("AlgorithmParameters", "PBEWithSHA1AndDESede",
"com.sun.crypto.provider.PBEParameters",
pkcs12DESedeAliases, null);
null);
ps("AlgorithmParameters", "PBEWithSHA1AndRC2_40",
psA("AlgorithmParameters", "PBEWithSHA1AndRC2_40",
"com.sun.crypto.provider.PBEParameters",
pkcs12RC2_40Aliases, null);
null);
ps("AlgorithmParameters", "PBEWithSHA1AndRC2_128",
psA("AlgorithmParameters", "PBEWithSHA1AndRC2_128",
"com.sun.crypto.provider.PBEParameters",
pkcs12RC2_128Aliases, null);
null);
ps("AlgorithmParameters", "PBEWithSHA1AndRC4_40",
psA("AlgorithmParameters", "PBEWithSHA1AndRC4_40",
"com.sun.crypto.provider.PBEParameters",
pkcs12RC4_40Aliases, null);
null);
ps("AlgorithmParameters", "PBEWithSHA1AndRC4_128",
psA("AlgorithmParameters", "PBEWithSHA1AndRC4_128",
"com.sun.crypto.provider.PBEParameters",
pkcs12RC4_128Aliases, null);
null);
ps("AlgorithmParameters", "PBES2",
psA("AlgorithmParameters", "PBES2",
"com.sun.crypto.provider.PBES2Parameters$General",
pkcs5PBES2Aliases, null);
null);
ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128",
null, null);
"com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128");
ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128",
null, null);
"com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128");
ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128",
null, null);
"com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128");
ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128",
null, null);
"com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128");
ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128",
null, null);
"com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128");
ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256",
null, null);
"com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256");
ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256",
null, null);
"com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256");
ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256",
null, null);
"com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256");
ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256",
null, null);
"com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256");
ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256",
null, null);
"com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256");
ps("AlgorithmParameters", "Blowfish",
"com.sun.crypto.provider.BlowfishParameters",
null, null);
"com.sun.crypto.provider.BlowfishParameters");
ps("AlgorithmParameters", "AES",
"com.sun.crypto.provider.AESParameters",
aesAliases, null);
psA("AlgorithmParameters", "AES",
"com.sun.crypto.provider.AESParameters", null);
ps("AlgorithmParameters", "GCM",
"com.sun.crypto.provider.GCMParameters",
null, null);
"com.sun.crypto.provider.GCMParameters");
ps("AlgorithmParameters", "RC2",
"com.sun.crypto.provider.RC2Parameters",
null, null);
"com.sun.crypto.provider.RC2Parameters");
ps("AlgorithmParameters", "OAEP",
"com.sun.crypto.provider.OAEPParameters",
null, null);
"com.sun.crypto.provider.OAEPParameters");
ps("AlgorithmParameters", "ChaCha20-Poly1305",
"com.sun.crypto.provider.ChaCha20Poly1305Parameters",
chachaPolyAliases, null);
psA("AlgorithmParameters", "ChaCha20-Poly1305",
"com.sun.crypto.provider.ChaCha20Poly1305Parameters", null);
/*
* Key factories
*/
ps("KeyFactory", "DiffieHellman",
psA("KeyFactory", "DiffieHellman",
"com.sun.crypto.provider.DHKeyFactory",
diffieHellmanAliases, null);
null);
/*
* Secret-key factories
*/
ps("SecretKeyFactory", "DES",
"com.sun.crypto.provider.DESKeyFactory",
null, null);
"com.sun.crypto.provider.DESKeyFactory");
ps("SecretKeyFactory", "DESede",
"com.sun.crypto.provider.DESedeKeyFactory",
desEdeAliases, null);
psA("SecretKeyFactory", "DESede",
"com.sun.crypto.provider.DESedeKeyFactory", null);
ps("SecretKeyFactory", "PBEWithMD5AndDES",
psA("SecretKeyFactory", "PBEWithMD5AndDES",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
pkcs5MD5_DESAliases, null);
null);
/*
* Internal in-house crypto algorithm used for
@ -613,85 +523,70 @@ public final class SunJCE extends Provider {
* algorithm.
*/
ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES",
null, null);
"com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES");
ps("SecretKeyFactory", "PBEWithSHA1AndDESede",
psA("SecretKeyFactory", "PBEWithSHA1AndDESede",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
pkcs12DESedeAliases, null);
null);
ps("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
pkcs12RC2_40Aliases, null);
null);
ps("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
pkcs12RC2_128Aliases, null);
null);
ps("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
pkcs12RC4_40Aliases,null);
null);
ps("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
pkcs12RC4_128Aliases, null);
null);
ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128",
null, null);
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128");
ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128",
null, null);
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128");
ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128",
null, null);
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128");
ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128",
null, null);
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128");
ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128",
null, null);
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256",
null, null);
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256",
null, null);
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256");
ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256",
null, null);
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256");
ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256",
null, null);
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256");
ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256",
null, null);
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
// PBKDF2
ps("SecretKeyFactory", "PBKDF2WithHmacSHA1",
psA("SecretKeyFactory", "PBKDF2WithHmacSHA1",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
pkcs5PBKDF2Aliases, null);
null);
ps("SecretKeyFactory", "PBKDF2WithHmacSHA224",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA224",
null, null);
"com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
ps("SecretKeyFactory", "PBKDF2WithHmacSHA256",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA256",
null, null);
"com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
ps("SecretKeyFactory", "PBKDF2WithHmacSHA384",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA384",
null, null);
"com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA512",
null, null);
"com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
/*
* MAC
@ -699,35 +594,28 @@ public final class SunJCE extends Provider {
attrs.clear();
attrs.put("SupportedKeyFormats", "RAW");
ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs);
ps("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
macSHA1Aliases, attrs);
ps("Mac", "HmacSHA224", "com.sun.crypto.provider.HmacCore$HmacSHA224",
macSHA224Aliases, attrs);
ps("Mac", "HmacSHA256", "com.sun.crypto.provider.HmacCore$HmacSHA256",
macSHA256Aliases, attrs);
ps("Mac", "HmacSHA384", "com.sun.crypto.provider.HmacCore$HmacSHA384",
macSHA384Aliases, attrs);
ps("Mac", "HmacSHA512", "com.sun.crypto.provider.HmacCore$HmacSHA512",
macSHA512Aliases, attrs);
ps("Mac", "HmacSHA512/224",
"com.sun.crypto.provider.HmacCore$HmacSHA512_224",
macSHA512_224Aliases, attrs);
ps("Mac", "HmacSHA512/256",
"com.sun.crypto.provider.HmacCore$HmacSHA512_256",
macSHA512_256Aliases, attrs);
ps("Mac", "HmacSHA3-224",
"com.sun.crypto.provider.HmacCore$HmacSHA3_224",
macSHA3_224Aliases, attrs);
ps("Mac", "HmacSHA3-256",
"com.sun.crypto.provider.HmacCore$HmacSHA3_256",
macSHA3_256Aliases, attrs);
ps("Mac", "HmacSHA3-384",
"com.sun.crypto.provider.HmacCore$HmacSHA3_384",
macSHA3_384Aliases, attrs);
ps("Mac", "HmacSHA3-512",
"com.sun.crypto.provider.HmacCore$HmacSHA3_512",
macSHA3_512Aliases, attrs);
psA("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
attrs);
psA("Mac", "HmacSHA224",
"com.sun.crypto.provider.HmacCore$HmacSHA224", attrs);
psA("Mac", "HmacSHA256",
"com.sun.crypto.provider.HmacCore$HmacSHA256", attrs);
psA("Mac", "HmacSHA384",
"com.sun.crypto.provider.HmacCore$HmacSHA384", attrs);
psA("Mac", "HmacSHA512",
"com.sun.crypto.provider.HmacCore$HmacSHA512", attrs);
psA("Mac", "HmacSHA512/224",
"com.sun.crypto.provider.HmacCore$HmacSHA512_224", attrs);
psA("Mac", "HmacSHA512/256",
"com.sun.crypto.provider.HmacCore$HmacSHA512_256", attrs);
psA("Mac", "HmacSHA3-224",
"com.sun.crypto.provider.HmacCore$HmacSHA3_224", attrs);
psA("Mac", "HmacSHA3-256",
"com.sun.crypto.provider.HmacCore$HmacSHA3_256", attrs);
psA("Mac", "HmacSHA3-384",
"com.sun.crypto.provider.HmacCore$HmacSHA3_384", attrs);
psA("Mac", "HmacSHA3-512",
"com.sun.crypto.provider.HmacCore$HmacSHA3_512", attrs);
ps("Mac", "HmacPBESHA1",
"com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1",
@ -772,8 +660,7 @@ public final class SunJCE extends Provider {
* KeyStore
*/
ps("KeyStore", "JCEKS",
"com.sun.crypto.provider.JceKeyStore",
null, null);
"com.sun.crypto.provider.JceKeyStore");
/*
* SSL/TLS mechanisms
@ -784,24 +671,22 @@ public final class SunJCE extends Provider {
* mechanisms, and it will cause calls to come here.
*/
ps("KeyGenerator", "SunTlsPrf",
"com.sun.crypto.provider.TlsPrfGenerator$V10",
null, null);
"com.sun.crypto.provider.TlsPrfGenerator$V10");
ps("KeyGenerator", "SunTls12Prf",
"com.sun.crypto.provider.TlsPrfGenerator$V12",
null, null);
"com.sun.crypto.provider.TlsPrfGenerator$V12");
ps("KeyGenerator", "SunTlsMasterSecret",
"com.sun.crypto.provider.TlsMasterSecretGenerator",
createAliases("SunTls12MasterSecret",
"SunTlsExtendedMasterSecret"), null);
List.of("SunTls12MasterSecret", "SunTlsExtendedMasterSecret"),
null);
ps("KeyGenerator", "SunTlsKeyMaterial",
"com.sun.crypto.provider.TlsKeyMaterialGenerator",
createAliases("SunTls12KeyMaterial"), null);
List.of("SunTls12KeyMaterial"), null);
ps("KeyGenerator", "SunTlsRsaPremasterSecret",
"com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
createAliases("SunTls12RsaPremasterSecret"), null);
List.of("SunTls12RsaPremasterSecret"), null);
}
// Return the instance of this class or create one if needed.

2
src/java.base/share/classes/java/security/PKCS12Attribute.java

@ -76,7 +76,7 @@ public final class PKCS12Attribute implements KeyStore.Entry.Attribute {
// Validate name
ObjectIdentifier type;
try {
type = new ObjectIdentifier(name);
type = ObjectIdentifier.of(name);
} catch (IOException e) {
throw new IllegalArgumentException("Incorrect format: name", e);
}

4
src/java.base/share/classes/java/security/cert/CertificateRevokedException.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -246,7 +246,7 @@ public class CertificateRevokedException extends CertificateException {
boolean critical = ois.readBoolean();
byte[] extVal = IOUtils.readExactlyNBytes(ois, ois.readInt());
Extension ext = sun.security.x509.Extension.newExtension
(new ObjectIdentifier(oid), critical, extVal);
(ObjectIdentifier.of(oid), critical, extVal);
extensions.put(oid, ext);
}
}

16
src/java.base/share/classes/java/security/cert/X509CertSelector.java

@ -31,11 +31,7 @@ import java.security.PublicKey;
import java.util.*;
import javax.security.auth.x500.X500Principal;
import sun.security.util.HexDumpEncoder;
import sun.security.util.Debug;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import sun.security.util.*;
import sun.security.x509.*;
/**
@ -88,7 +84,7 @@ public class X509CertSelector implements CertSelector {
private static final Debug debug = Debug.getInstance("certpath");
private static final ObjectIdentifier ANY_EXTENDED_KEY_USAGE =
ObjectIdentifier.of("2.5.29.37.0");
ObjectIdentifier.of(KnownOIDs.anyExtendedKeyUsage);
static {
CertPathHelperImpl.initialize();
@ -506,7 +502,7 @@ public class X509CertSelector implements CertSelector {
if (oid == null) {
subjectPublicKeyAlgID = null;
} else {
subjectPublicKeyAlgID = new ObjectIdentifier(oid);
subjectPublicKeyAlgID = ObjectIdentifier.of(oid);
}
}
@ -622,7 +618,7 @@ public class X509CertSelector implements CertSelector {
Collections.unmodifiableSet(new HashSet<>(keyPurposeSet));
keyPurposeOIDSet = new HashSet<>();
for (String s : this.keyPurposeSet) {
keyPurposeOIDSet.add(new ObjectIdentifier(s));
keyPurposeOIDSet.add(ObjectIdentifier.of(s));
}
}
}
@ -1105,8 +1101,8 @@ public class X509CertSelector implements CertSelector {
if (!(o instanceof String)) {
throw new IOException("non String in certPolicySet");
}
polIdVector.add(new CertificatePolicyId(new ObjectIdentifier(
(String)o)));
polIdVector.add(new CertificatePolicyId
(ObjectIdentifier.of((String)o)));
}
// If everything went OK, make the changes
policySet = tempSet;

22
src/java.base/share/classes/sun/security/pkcs/ContentInfo.java

@ -39,35 +39,35 @@ public class ContentInfo {
// pkcs7 pre-defined content types
public static ObjectIdentifier PKCS7_OID =
ObjectIdentifier.of("1.2.840.113549.1.7");
ObjectIdentifier.of(KnownOIDs.PKCS7);
public static ObjectIdentifier DATA_OID =
ObjectIdentifier.of("1.2.840.113549.1.7.1");
ObjectIdentifier.of(KnownOIDs.Data);
public static ObjectIdentifier SIGNED_DATA_OID =
ObjectIdentifier.of("1.2.840.113549.1.7.2");
ObjectIdentifier.of(KnownOIDs.SignedData);
public static ObjectIdentifier ENVELOPED_DATA_OID =
ObjectIdentifier.of("1.2.840.113549.1.7.3");
ObjectIdentifier.of(KnownOIDs.EnvelopedData);
public static ObjectIdentifier SIGNED_AND_ENVELOPED_DATA_OID =
ObjectIdentifier.of("1.2.840.113549.1.7.4");
ObjectIdentifier.of(KnownOIDs.SignedAndEnvelopedData);
public static ObjectIdentifier DIGESTED_DATA_OID =
ObjectIdentifier.of("1.2.840.113549.1.7.5");
ObjectIdentifier.of(KnownOIDs.DigestedData);
public static ObjectIdentifier ENCRYPTED_DATA_OID =
ObjectIdentifier.of("1.2.840.113549.1.7.6");
ObjectIdentifier.of(KnownOIDs.EncryptedData);
// this is for backwards-compatibility with JDK 1.1.x
public static ObjectIdentifier OLD_SIGNED_DATA_OID =
ObjectIdentifier.of("1.2.840.1113549.1.7.2");
ObjectIdentifier.of(KnownOIDs.JDK_OLD_SignedData);
public static ObjectIdentifier OLD_DATA_OID =
ObjectIdentifier.of("1.2.840.1113549.1.7.1");
ObjectIdentifier.of(KnownOIDs.JDK_OLD_Data);
// The ASN.1 systax for the Netscape Certificate Sequence data type is
// defined at:
// http://wp.netscape.com/eng/security/comm4-cert-download.html
public static ObjectIdentifier NETSCAPE_CERT_SEQUENCE_OID =
ObjectIdentifier.of("2.16.840.1.113730.2.5");
ObjectIdentifier.of(KnownOIDs.NETSCAPE_CertSequence);
// timestamp token (id-ct-TSTInfo) from RFC 3161
public static ObjectIdentifier TIMESTAMP_TOKEN_INFO_OID =
ObjectIdentifier.of("1.2.840.113549.1.9.16.1.4");
ObjectIdentifier.of(KnownOIDs.TimeStampTokenInfo);
ObjectIdentifier contentType;
DerValue content; // OPTIONAL

2
src/java.base/share/classes/sun/security/pkcs/PKCS7.java

@ -819,7 +819,7 @@ public class PKCS7 {
unauthAttrs =
new PKCS9Attributes(new PKCS9Attribute[]{
new PKCS9Attribute(
PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR,
PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID,
tsToken)});
}

187
src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java

@ -32,13 +32,7 @@ import java.util.Locale;
import java.util.Date;
import java.util.HashMap;
import sun.security.x509.CertificateExtensions;
import sun.security.util.Debug;
import sun.security.util.DerEncoder;
import sun.security.util.DerValue;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.ObjectIdentifier;
import sun.security.util.HexDumpEncoder;
import sun.security.util.*;
/**
* Class supporting any PKCS9 attributes.
@ -188,17 +182,11 @@ public class PKCS9Attribute implements DerEncoder {
private static final Class<?> BYTE_ARRAY_CLASS;
static { // static initializer for PKCS9_OIDS
for (int i = 1; i < PKCS9_OIDS.length - 2; i++) {
PKCS9_OIDS[i] = ObjectIdentifier.of("1.2.840.113549.1.9." + i);
}
// Initialize SigningCertificate and SignatureTimestampToken
// separately (because their values are out of sequence)
PKCS9_OIDS[PKCS9_OIDS.length - 2] =
ObjectIdentifier.of("1.2.840.113549.1.9.16.2.12");
PKCS9_OIDS[PKCS9_OIDS.length - 1] =
ObjectIdentifier.of("1.2.840.113549.1.9.16.2.14");
static {
// set unused PKCS9_OIDS entries to null
// rest are initialized with public constants
PKCS9_OIDS[0] = PKCS9_OIDS[11] = PKCS9_OIDS[12] = PKCS9_OIDS[13] =
PKCS9_OIDS[15] = null;
try {
BYTE_ARRAY_CLASS = Class.forName("[B");
} catch (ClassNotFoundException e) {
@ -206,99 +194,37 @@ public class PKCS9Attribute implements DerEncoder {
}
}
// first element [0] not used
public static final ObjectIdentifier EMAIL_ADDRESS_OID = PKCS9_OIDS[1];
public static final ObjectIdentifier UNSTRUCTURED_NAME_OID = PKCS9_OIDS[2];
public static final ObjectIdentifier CONTENT_TYPE_OID = PKCS9_OIDS[3];
public static final ObjectIdentifier MESSAGE_DIGEST_OID = PKCS9_OIDS[4];
public static final ObjectIdentifier SIGNING_TIME_OID = PKCS9_OIDS[5];
public static final ObjectIdentifier COUNTERSIGNATURE_OID = PKCS9_OIDS[6];
public static final ObjectIdentifier CHALLENGE_PASSWORD_OID = PKCS9_OIDS[7];
public static final ObjectIdentifier UNSTRUCTURED_ADDRESS_OID = PKCS9_OIDS[8];
public static final ObjectIdentifier EXTENDED_CERTIFICATE_ATTRIBUTES_OID
= PKCS9_OIDS[9];
public static final ObjectIdentifier ISSUER_SERIALNUMBER_OID = PKCS9_OIDS[10];
public static final ObjectIdentifier EMAIL_ADDRESS_OID = PKCS9_OIDS[1] =
ObjectIdentifier.of(KnownOIDs.EmailAddress);
public static final ObjectIdentifier UNSTRUCTURED_NAME_OID = PKCS9_OIDS[2] =
ObjectIdentifier.of(KnownOIDs.UnstructuredName);
public static final ObjectIdentifier CONTENT_TYPE_OID = PKCS9_OIDS[3] =
ObjectIdentifier.of(KnownOIDs.ContentType);
public static final ObjectIdentifier MESSAGE_DIGEST_OID = PKCS9_OIDS[4] =
ObjectIdentifier.of(KnownOIDs.MessageDigest);
public static final ObjectIdentifier SIGNING_TIME_OID = PKCS9_OIDS[5] =
ObjectIdentifier.of(KnownOIDs.SigningTime);
public static final ObjectIdentifier COUNTERSIGNATURE_OID = PKCS9_OIDS[6] =
ObjectIdentifier.of(KnownOIDs.CounterSignature);
public static final ObjectIdentifier CHALLENGE_PASSWORD_OID =
PKCS9_OIDS[7] = ObjectIdentifier.of(KnownOIDs.ChallengePassword);
public static final ObjectIdentifier UNSTRUCTURED_ADDRESS_OID =
PKCS9_OIDS[8] = ObjectIdentifier.of(KnownOIDs.UnstructuredAddress);
public static final ObjectIdentifier EXTENDED_CERTIFICATE_ATTRIBUTES_OID =
PKCS9_OIDS[9] =
ObjectIdentifier.of(KnownOIDs.ExtendedCertificateAttributes);
public static final ObjectIdentifier ISSUER_SERIALNUMBER_OID =
PKCS9_OIDS[10] =
ObjectIdentifier.of(KnownOIDs.IssuerAndSerialNumber);
// [11], [12] are RSA DSI proprietary
// [13] ==> signingDescription, S/MIME, not used anymore
public static final ObjectIdentifier EXTENSION_REQUEST_OID = PKCS9_OIDS[14];
public static final ObjectIdentifier SMIME_CAPABILITY_OID = PKCS9_OIDS[15];
public static final ObjectIdentifier SIGNING_CERTIFICATE_OID = PKCS9_OIDS[16];
public static final ObjectIdentifier EXTENSION_REQUEST_OID =
PKCS9_OIDS[14] = ObjectIdentifier.of(KnownOIDs.ExtensionRequest);
public static final ObjectIdentifier SIGNING_CERTIFICATE_OID =
PKCS9_OIDS[16] = ObjectIdentifier.of(KnownOIDs.SigningCertificate);
public static final ObjectIdentifier SIGNATURE_TIMESTAMP_TOKEN_OID =
PKCS9_OIDS[17];
public static final String EMAIL_ADDRESS_STR = "EmailAddress";
public static final String UNSTRUCTURED_NAME_STR = "UnstructuredName";
public static final String CONTENT_TYPE_STR = "ContentType";
public static final String MESSAGE_DIGEST_STR = "MessageDigest";
public static final String SIGNING_TIME_STR = "SigningTime";
public static final String COUNTERSIGNATURE_STR = "Countersignature";
public static final String CHALLENGE_PASSWORD_STR = "ChallengePassword";
public static final String UNSTRUCTURED_ADDRESS_STR = "UnstructuredAddress";
public static final String EXTENDED_CERTIFICATE_ATTRIBUTES_STR =
"ExtendedCertificateAttributes";
public static final String ISSUER_SERIALNUMBER_STR = "IssuerAndSerialNumber";
// [11], [12] are RSA DSI proprietary
private static final String RSA_PROPRIETARY_STR = "RSAProprietary";
// [13] ==> signingDescription, S/MIME, not used anymore
private static final String SMIME_SIGNING_DESC_STR = "SMIMESigningDesc";
public static final String EXTENSION_REQUEST_STR = "ExtensionRequest";
public static final String SMIME_CAPABILITY_STR = "SMIMECapability";
public static final String SIGNING_CERTIFICATE_STR = "SigningCertificate";
public static final String SIGNATURE_TIMESTAMP_TOKEN_STR =
"SignatureTimestampToken";
/**
* HashMap mapping names and variant names of supported
* attributes to their OIDs. This table contains all name forms
* that occur in PKCS9, in lower case.
*/
private static final HashMap<String, ObjectIdentifier> NAME_OID_TABLE =
new HashMap<String, ObjectIdentifier>(17);
static { // static initializer for PCKS9_NAMES
NAME_OID_TABLE.put("emailaddress", PKCS9_OIDS[1]);
NAME_OID_TABLE.put("unstructuredname", PKCS9_OIDS[2]);
NAME_OID_TABLE.put("contenttype", PKCS9_OIDS[3]);
NAME_OID_TABLE.put("messagedigest", PKCS9_OIDS[4]);
NAME_OID_TABLE.put("signingtime", PKCS9_OIDS[5]);
NAME_OID_TABLE.put("countersignature", PKCS9_OIDS[6]);
NAME_OID_TABLE.put("challengepassword", PKCS9_OIDS[7]);
NAME_OID_TABLE.put("unstructuredaddress", PKCS9_OIDS[8]);
NAME_OID_TABLE.put("extendedcertificateattributes", PKCS9_OIDS[9]);
NAME_OID_TABLE.put("issuerandserialnumber", PKCS9_OIDS[10]);
NAME_OID_TABLE.put("rsaproprietary", PKCS9_OIDS[11]);
NAME_OID_TABLE.put("rsaproprietary", PKCS9_OIDS[12]);
NAME_OID_TABLE.put("signingdescription", PKCS9_OIDS[13]);
NAME_OID_TABLE.put("extensionrequest", PKCS9_OIDS[14]);
NAME_OID_TABLE.put("smimecapability", PKCS9_OIDS[15]);
NAME_OID_TABLE.put("signingcertificate", PKCS9_OIDS[16]);
NAME_OID_TABLE.put("signaturetimestamptoken", PKCS9_OIDS[17]);
};
/**
* HashMap mapping attribute OIDs defined in PKCS9 to the
* corresponding attribute value type.
*/
private static final HashMap<ObjectIdentifier, String> OID_NAME_TABLE =
new HashMap<ObjectIdentifier, String>(17);
static {
OID_NAME_TABLE.put(PKCS9_OIDS[1], EMAIL_ADDRESS_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[2], UNSTRUCTURED_NAME_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[3], CONTENT_TYPE_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[4], MESSAGE_DIGEST_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[5], SIGNING_TIME_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[6], COUNTERSIGNATURE_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[7], CHALLENGE_PASSWORD_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[8], UNSTRUCTURED_ADDRESS_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[9], EXTENDED_CERTIFICATE_ATTRIBUTES_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[10], ISSUER_SERIALNUMBER_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[11], RSA_PROPRIETARY_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[12], RSA_PROPRIETARY_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[13], SMIME_SIGNING_DESC_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[14], EXTENSION_REQUEST_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[15], SMIME_CAPABILITY_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[16], SIGNING_CERTIFICATE_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[17], SIGNATURE_TIMESTAMP_TOKEN_STR);
}
PKCS9_OIDS[17] =
ObjectIdentifier.of(KnownOIDs.SignatureTimestampToken);
/**
* Acceptable ASN.1 tags for DER encodings of values of PKCS9
@ -427,34 +353,6 @@ public class PKCS9Attribute implements DerEncoder {
init(oid, value);
}
/**
* Construct an attribute object from the attribute's name and
* value. If the attribute is single-valued, provide only one
* value. If the attribute is multi-valued, provide an array
* containing all the values.
* Arrays of length zero are accepted, though probably useless.
*
* <P> The
* <a href=#classTable>table</a> gives the class that <code>value</code>
* must have for a given attribute. Reasonable variants of these
* attributes are accepted; in particular, case does not matter.
*
* @exception IllegalArgumentException
* if the <code>name</code> is not recognized or the
* <code>value</code> has the wrong type.
*/
public PKCS9Attribute(String name, Object value)
throws IllegalArgumentException {
ObjectIdentifier oid = getOID(name);
if (oid == null)
throw new IllegalArgumentException(
"Unrecognized attribute name " + name +
" constructing PKCS9Attribute.");
init(oid, value);
}
private void init(ObjectIdentifier oid, Object value)
throws IllegalArgumentException {
@ -766,9 +664,9 @@ public class PKCS9Attribute implements DerEncoder {
* Return the name of this attribute.
*/
public String getName() {
return index == -1 ?
oid.toString() :
OID_NAME_TABLE.get(PKCS9_OIDS[index]);
String n = oid.toString();
KnownOIDs os = KnownOIDs.findMatch(n);
return (os == null? n : os.stdName());
}
/**
@ -776,7 +674,12 @@ public class PKCS9Attribute implements DerEncoder {
* the name.
*/
public static ObjectIdentifier getOID(String name) {
return NAME_OID_TABLE.get(name.toLowerCase(Locale.ENGLISH));
KnownOIDs o = KnownOIDs.findMatch(name);
if (o != null) {
return ObjectIdentifier.of(o);
} else {
return null;
}
}
/**
@ -784,7 +687,7 @@ public class PKCS9Attribute implements DerEncoder {
* the oid.
*/
public static String getName(ObjectIdentifier oid) {
return OID_NAME_TABLE.get(oid);
return KnownOIDs.findMatch(oid.toString()).stdName();
}
/**
@ -799,7 +702,7 @@ public class PKCS9Attribute implements DerEncoder {
if (index == -1) {
sb.append(oid.toString());
} else {
sb.append(OID_NAME_TABLE.get(PKCS9_OIDS[index]));
sb.append(getName(oid));
}
sb.append(": ");

43
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java

@ -66,17 +66,11 @@ import javax.security.auth.DestroyFailedException;
import javax.security.auth.x500.X500Principal;
import sun.security.tools.KeyStoreUtil;
import sun.security.util.Debug;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import sun.security.util.*;
import sun.security.pkcs.ContentInfo;
import sun.security.util.SecurityProperties;
import sun.security.x509.AlgorithmId;
import sun.security.pkcs.EncryptedPrivateKeyInfo;
import sun.security.provider.JavaKeyStore.JKS;
import sun.security.util.KeyStoreDelegator;
import sun.security.x509.AuthorityKeyIdentifierExtension;
@ -148,29 +142,29 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
private static final int MAX_ITERATION_COUNT = 5000000;
private static final int SALT_LEN = 20;
// friendlyName, localKeyId, trustedKeyUsage
private static final String[] CORE_ATTRIBUTES = {
"1.2.840.113549.1.9.20",
"1.2.840.113549.1.9.21",
"2.16.840.1.113894.746875.1.1"
private static final KnownOIDs[] CORE_ATTRIBUTES = {
KnownOIDs.FriendlyName,
KnownOIDs.LocalKeyID,
KnownOIDs.ORACLE_TrustedKeyUsage
};
private static final Debug debug = Debug.getInstance("pkcs12");
private static final ObjectIdentifier PKCS8ShroudedKeyBag_OID =
ObjectIdentifier.of("1.2.840.113549.1.12.10.1.2");
ObjectIdentifier.of(KnownOIDs.PKCS8ShroudedKeyBag);
private static final ObjectIdentifier CertBag_OID =
ObjectIdentifier.of("1.2.840.113549.1.12.10.1.3");
ObjectIdentifier.of(KnownOIDs.CertBag);
private static final ObjectIdentifier SecretBag_OID =
ObjectIdentifier.of("1.2.840.113549.1.12.10.1.5");
ObjectIdentifier.of(KnownOIDs.SecretBag);
private static final ObjectIdentifier PKCS9FriendlyName_OID =
ObjectIdentifier.of("1.2.840.113549.1.9.20");
ObjectIdentifier.of(KnownOIDs.FriendlyName);
private static final ObjectIdentifier PKCS9LocalKeyId_OID =
ObjectIdentifier.of("1.2.840.113549.1.9.21");
ObjectIdentifier.of(KnownOIDs.LocalKeyID);
private static final ObjectIdentifier PKCS9CertType_OID =
ObjectIdentifier.of("1.2.840.113549.1.9.22.1");
ObjectIdentifier.of(KnownOIDs.CertTypeX509);
private static final ObjectIdentifier pbes2_OID =
ObjectIdentifier.of("1.2.840.113549.1.5.13");
ObjectIdentifier.of(KnownOIDs.PBES2);
/*
* Temporary Oracle OID
@ -179,11 +173,10 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
* oracle(113894) jdk(746875) crypto(1) id-at-trustedKeyUsage(1)}
*/
private static final ObjectIdentifier TrustedKeyUsage_OID =
ObjectIdentifier.of("2.16.840.1.113894.746875.1.1");
ObjectIdentifier.of(KnownOIDs.ORACLE_TrustedKeyUsage);
private static final ObjectIdentifier[] AnyUsage = new ObjectIdentifier[] {
// AnyExtendedKeyUsage
ObjectIdentifier.of("2.5.29.37.0")
ObjectIdentifier.of(KnownOIDs.anyExtendedKeyUsage)
};
private int counter = 0;
@ -1643,9 +1636,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
for (KeyStore.Entry.Attribute attribute : attributes) {
String attributeName = attribute.getName();
// skip friendlyName, localKeyId and trustedKeyUsage
if (CORE_ATTRIBUTES[0].equals(attributeName) ||
CORE_ATTRIBUTES[1].equals(attributeName) ||
CORE_ATTRIBUTES[2].equals(attributeName)) {
if (CORE_ATTRIBUTES[0].value().equals(attributeName) ||
CORE_ATTRIBUTES[1].value().equals(attributeName) ||
CORE_ATTRIBUTES[2].value().equals(attributeName)) {
continue;
}
attrs.write(((PKCS12Attribute) attribute).getEncoded());

12
src/java.base/share/classes/sun/security/provider/KeyProtector.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -38,6 +38,7 @@ import sun.security.pkcs.PKCS8Key;
import sun.security.pkcs.EncryptedPrivateKeyInfo;
import sun.security.x509.AlgorithmId;
import sun.security.util.ObjectIdentifier;
import sun.security.util.KnownOIDs;
import sun.security.util.DerValue;
/**
@ -105,9 +106,6 @@ final class KeyProtector {
private static final String DIGEST_ALG = "SHA";
private static final int DIGEST_LEN = 20;
// defined by JavaSoft
private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1";
// The password used for protecting/recovering keys passed through this
// key protector. We store it as a byte array, so that we can digest it.
private byte[] passwdBytes;
@ -213,7 +211,8 @@ final class KeyProtector {
// EncryptedPrivateKeyInfo, and returns its encoding
AlgorithmId encrAlg;
try {
encrAlg = new AlgorithmId(new ObjectIdentifier(KEY_PROTECTOR_OID));
encrAlg = new AlgorithmId(ObjectIdentifier.of
(KnownOIDs.JAVASOFT_JDKKeyProtector));
return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
} catch (IOException ioe) {
throw new KeyStoreException(ioe.getMessage());
@ -235,7 +234,8 @@ final class KeyProtector {
// do we support the algorithm?
AlgorithmId encrAlg = encrInfo.getAlgorithm();
if (!(encrAlg.getOID().toString().equals(KEY_PROTECTOR_OID))) {
if (!(encrAlg.getOID().toString().equals
(KnownOIDs.JAVASOFT_JDKKeyProtector.value()))) {
throw new UnrecoverableKeyException("Unsupported key protection "
+ "algorithm");
}

170
src/java.base/share/classes/sun/security/provider/SunEntries.java

@ -32,6 +32,8 @@ import java.security.*;
import jdk.internal.util.StaticProperty;
import sun.security.action.GetPropertyAction;
import sun.security.util.SecurityProviderConstants;
import static sun.security.util.SecurityProviderConstants.getAliases;
/**
* Defines the entries of the SUN provider.
@ -80,18 +82,6 @@ public final class SunEntries {
// the default algo used by SecureRandom class for new SecureRandom() calls
public static final String DEF_SECURE_RANDOM_ALGO;
// create an aliases List from the specified aliases
public static List<String> createAliases(String ... aliases) {
return Arrays.asList(aliases);
}
// create an aliases List from the specified oid followed by other aliases
public static List<String> createAliasesWithOid(String ... oids) {
String[] result = Arrays.copyOf(oids, oids.length + 1);
result[result.length - 1] = "OID." + oids[0];
return Arrays.asList(result);
}
SunEntries(Provider p) {
services = new LinkedHashSet<>(50, 0.9f);
@ -106,22 +96,20 @@ public final class SunEntries {
attrs.put("ThreadSafe", "true");
if (NativePRNG.isAvailable()) {
add(p, "SecureRandom", "NativePRNG",
"sun.security.provider.NativePRNG",
null, attrs);
"sun.security.provider.NativePRNG", attrs);
}
if (NativePRNG.Blocking.isAvailable()) {
add(p, "SecureRandom", "NativePRNGBlocking",
"sun.security.provider.NativePRNG$Blocking", null, attrs);
"sun.security.provider.NativePRNG$Blocking", attrs);
}
if (NativePRNG.NonBlocking.isAvailable()) {
add(p, "SecureRandom", "NativePRNGNonBlocking",
"sun.security.provider.NativePRNG$NonBlocking", null, attrs);
"sun.security.provider.NativePRNG$NonBlocking", attrs);
}
attrs.put("ImplementedIn", "Software");
add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG",
null, attrs);
add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs);
add(p, "SecureRandom", "SHA1PRNG",
"sun.security.provider.SecureRandom", null, attrs);
"sun.security.provider.SecureRandom", attrs);
/*
* Signature engines
@ -134,37 +122,28 @@ public final class SunEntries {
attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures
add(p, "Signature", "SHA1withDSA",
"sun.security.provider.DSA$SHA1withDSA",
createAliasesWithOid("1.2.840.10040.4.3", "DSA", "DSS",
"SHA/DSA", "SHA-1/DSA", "SHA1/DSA", "SHAwithDSA",
"DSAWithSHA1", "1.3.14.3.2.13", "1.3.14.3.2.27"), attrs);
add(p, "Signature", "NONEwithDSA", "sun.security.provider.DSA$RawDSA",
createAliases("RawDSA"), attrs);
addWithAlias(p, "Signature", "SHA1withDSA",
"sun.security.provider.DSA$SHA1withDSA", attrs);
addWithAlias(p, "Signature", "NONEwithDSA",
"sun.security.provider.DSA$RawDSA", attrs);
attrs.put("KeySize", "2048"); // for SHA224 and SHA256 DSA signatures
add(p, "Signature", "SHA224withDSA",
"sun.security.provider.DSA$SHA224withDSA",
createAliasesWithOid("2.16.840.1.101.3.4.3.1"), attrs);
add(p, "Signature", "SHA256withDSA",
"sun.security.provider.DSA$SHA256withDSA",
createAliasesWithOid("2.16.840.1.101.3.4.3.2"), attrs);
addWithAlias(p, "Signature", "SHA224withDSA",
"sun.security.provider.DSA$SHA224withDSA", attrs);
addWithAlias(p, "Signature", "SHA256withDSA",
"sun.security.provider.DSA$SHA256withDSA", attrs);
attrs.remove("KeySize");
add(p, "Signature", "SHA1withDSAinP1363Format",
"sun.security.provider.DSA$SHA1withDSAinP1363Format",
null, null);
"sun.security.provider.DSA$SHA1withDSAinP1363Format");
add(p, "Signature", "NONEwithDSAinP1363Format",
"sun.security.provider.DSA$RawDSAinP1363Format",
null, null);
"sun.security.provider.DSA$RawDSAinP1363Format");
add(p, "Signature", "SHA224withDSAinP1363Format",
"sun.security.provider.DSA$SHA224withDSAinP1363Format",
null, null);
"sun.security.provider.DSA$SHA224withDSAinP1363Format");
add(p, "Signature", "SHA256withDSAinP1363Format",
"sun.security.provider.DSA$SHA256withDSAinP1363Format",
null, null);
"sun.security.provider.DSA$SHA256withDSAinP1363Format");
/*
* Key Pair Generator engines
@ -173,85 +152,75 @@ public final class SunEntries {
attrs.put("ImplementedIn", "Software");
attrs.put("KeySize", "2048"); // for DSA KPG and APG only
String dsaOid = "1.2.840.10040.4.1";
List<String> dsaAliases = createAliasesWithOid(dsaOid, "1.3.14.3.2.12");
String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
add(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, dsaAliases, attrs);
addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
/*
* Algorithm Parameter Generator engines
*/
add(p, "AlgorithmParameterGenerator", "DSA",
"sun.security.provider.DSAParameterGenerator", dsaAliases,
attrs);
addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
"sun.security.provider.DSAParameterGenerator", attrs);
attrs.remove("KeySize");
/*
* Algorithm Parameter engines
*/
add(p, "AlgorithmParameters", "DSA",
"sun.security.provider.DSAParameters", dsaAliases, attrs);
addWithAlias(p, "AlgorithmParameters", "DSA",
"sun.security.provider.DSAParameters", attrs);
/*
* Key factories
*/
add(p, "KeyFactory", "DSA", "sun.security.provider.DSAKeyFactory",
dsaAliases, attrs);
addWithAlias(p, "KeyFactory", "DSA",
"sun.security.provider.DSAKeyFactory", attrs);
/*
* Digest engines
*/
add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", null, attrs);
add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", null, attrs);
add(p, "MessageDigest", "SHA", "sun.security.provider.SHA",
createAliasesWithOid("1.3.14.3.2.26", "SHA-1", "SHA1"), attrs);
add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs);
add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs);
addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA",
attrs);
String sha2BaseOid = "2.16.840.1.101.3.4.2";
add(p, "MessageDigest", "SHA-224", "sun.security.provider.SHA2$SHA224",
createAliasesWithOid(sha2BaseOid + ".4"), attrs);
add(p, "MessageDigest", "SHA-256", "sun.security.provider.SHA2$SHA256",
createAliasesWithOid(sha2BaseOid + ".1"), attrs);
add(p, "MessageDigest", "SHA-384", "sun.security.provider.SHA5$SHA384",
createAliasesWithOid(sha2BaseOid + ".2"), attrs);
add(p, "MessageDigest", "SHA-512", "sun.security.provider.SHA5$SHA512",
createAliasesWithOid(sha2BaseOid + ".3"), attrs);
add(p, "MessageDigest", "SHA-512/224",
"sun.security.provider.SHA5$SHA512_224",
createAliasesWithOid(sha2BaseOid + ".5"), attrs);
add(p, "MessageDigest", "SHA-512/256",
"sun.security.provider.SHA5$SHA512_256",
createAliasesWithOid(sha2BaseOid + ".6"), attrs);
add(p, "MessageDigest", "SHA3-224", "sun.security.provider.SHA3$SHA224",
createAliasesWithOid(sha2BaseOid + ".7"), attrs);
add(p, "MessageDigest", "SHA3-256", "sun.security.provider.SHA3$SHA256",
createAliasesWithOid(sha2BaseOid + ".8"), attrs);
add(p, "MessageDigest", "SHA3-384", "sun.security.provider.SHA3$SHA384",
createAliasesWithOid(sha2BaseOid + ".9"), attrs);
add(p, "MessageDigest", "SHA3-512", "sun.security.provider.SHA3$SHA512",
createAliasesWithOid(sha2BaseOid + ".10"), attrs);
addWithAlias(p, "MessageDigest", "SHA-224",
"sun.security.provider.SHA2$SHA224", attrs);
addWithAlias(p, "MessageDigest", "SHA-256",
"sun.security.provider.SHA2$SHA256", attrs);
addWithAlias(p, "MessageDigest", "SHA-384",
"sun.security.provider.SHA5$SHA384", attrs);
addWithAlias(p, "MessageDigest", "SHA-512",
"sun.security.provider.SHA5$SHA512", attrs);
addWithAlias(p, "MessageDigest", "SHA-512/224",
"sun.security.provider.SHA5$SHA512_224", attrs);
addWithAlias(p, "MessageDigest", "SHA-512/256",
"sun.security.provider.SHA5$SHA512_256", attrs);
addWithAlias(p, "MessageDigest", "SHA3-224",
"sun.security.provider.SHA3$SHA224", attrs);
addWithAlias(p, "MessageDigest", "SHA3-256",
"sun.security.provider.SHA3$SHA256", attrs);
addWithAlias(p, "MessageDigest", "SHA3-384",
"sun.security.provider.SHA3$SHA384", attrs);
addWithAlias(p, "MessageDigest", "SHA3-512",
"sun.security.provider.SHA3$SHA512", attrs);
/*
* Certificates
*/
add(p, "CertificateFactory", "X.509",
"sun.security.provider.X509Factory",
createAliases("X509"), attrs);
addWithAlias(p, "CertificateFactory", "X.509",
"sun.security.provider.X509Factory", attrs);
/*
* KeyStore
*/
add(p, "KeyStore", "PKCS12",
"sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12",
null, null);
"sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12");
add(p, "KeyStore", "JKS",
"sun.security.provider.JavaKeyStore$DualFormatJKS",
null, attrs);
"sun.security.provider.JavaKeyStore$DualFormatJKS", attrs);
add(p, "KeyStore", "CaseExactJKS",
"sun.security.provider.JavaKeyStore$CaseExactJKS",
null, attrs);
"sun.security.provider.JavaKeyStore$CaseExactJKS", attrs);
add(p, "KeyStore", "DKS", "sun.security.provider.DomainKeyStore$DKS",
null, attrs);
attrs);
/*
@ -259,22 +228,21 @@ public final class SunEntries {
*/
add(p, "CertStore", "Collection",
"sun.security.provider.certpath.CollectionCertStore",
null, attrs);
attrs);
add(p, "CertStore", "com.sun.security.IndexedCollection",
"sun.security.provider.certpath.IndexedCollectionCertStore",
null, attrs);
attrs);
/*
* Policy
*/
add(p, "Policy", "JavaPolicy", "sun.security.provider.PolicySpiFile",
null, null);
add(p, "Policy", "JavaPolicy", "sun.security.provider.PolicySpiFile");
/*
* Configuration
*/
add(p, "Configuration", "JavaLoginConfig",
"sun.security.provider.ConfigFile$Spi", null, null);
"sun.security.provider.ConfigFile$Spi");
/*
* CertPathBuilder and CertPathValidator
@ -285,19 +253,29 @@ public final class SunEntries {
add(p, "CertPathBuilder", "PKIX",
"sun.security.provider.certpath.SunCertPathBuilder",
null, attrs);
attrs);
add(p, "CertPathValidator", "PKIX",
"sun.security.provider.certpath.PKIXCertPathValidator",
null, attrs);
attrs);
}
Iterator<Provider.Service> iterator() {
return services.iterator();
}
private void add(Provider p, String type, String algo, String cn) {
services.add(new Provider.Service(p, type, algo, cn, null, null));
}
private void add(Provider p, String type, String algo, String cn,
List<String> aliases, HashMap<String, String> attrs) {
services.add(new Provider.Service(p, type, algo, cn, aliases, attrs));
HashMap<String, String> attrs) {
services.add(new Provider.Service(p, type, algo, cn, null, attrs));
}
private void addWithAlias(Provider p, String type, String algo, String cn,
HashMap<String, String> attrs) {
services.add(new Provider.Service(p, type, algo, cn,
getAliases(algo), attrs));
}
private LinkedHashSet<Provider.Service> services;

7
src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java

@ -135,7 +135,7 @@ public final class OCSPResponse {
private static final Debug debug = Debug.getInstance("certpath");
private static final boolean dump = debug != null && Debug.isOn("ocsp");
private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.1");
ObjectIdentifier.of(KnownOIDs.OCSPBasicResponse);
private static final int CERT_STATUS_GOOD = 0;
private static final int CERT_STATUS_REVOKED = 1;
private static final int CERT_STATUS_UNKNOWN = 2;
@ -144,9 +144,6 @@ public final class OCSPResponse {
private static final int NAME_TAG = 1;
private static final int KEY_TAG = 2;
// Object identifier for the OCSPSigning key purpose
private static final String KP_OCSP_SIGNING_OID = "1.3.6.1.5.5.7.3.9";
// Default maximum clock skew in milliseconds (15 minutes)
// allowed when checking validity of OCSP responses
private static final int DEFAULT_MAX_CLOCK_SKEW = 900000;
@ -493,7 +490,7 @@ public final class OCSPResponse {
try {
List<String> keyPurposes = signerCert.getExtendedKeyUsage();
if (keyPurposes == null ||
!keyPurposes.contains(KP_OCSP_SIGNING_OID)) {
!keyPurposes.contains(KnownOIDs.OCSPSigning.value())) {
throw new CertPathValidatorException(
"Responder's certificate not valid for signing " +
"OCSP responses");

3
src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java

@ -46,6 +46,7 @@ import static sun.security.provider.certpath.PKIX.*;
import sun.security.x509.*;
import static sun.security.x509.PKIXExtensions.*;
import sun.security.util.Debug;
import sun.security.util.KnownOIDs;
class RevocationChecker extends PKIXRevocationChecker {
@ -722,7 +723,7 @@ class RevocationChecker extends PKIXRevocationChecker {
// verify the response
byte[] nonce = null;
for (Extension ext : ocspExtensions) {
if (ext.getId().equals("1.3.6.1.5.5.7.48.1.2")) {
if (ext.getId().equals(KnownOIDs.OCSPNonceExt.value())) {
nonce = ext.getValue();
}
}

4
src/java.base/share/classes/sun/security/rsa/PSSParameters.java

@ -99,7 +99,7 @@ public final class PSSParameters extends AlgorithmParametersSpi {
} else if (d.isContextSpecific((byte) 0x01)) {
// mgf algid
AlgorithmId val = AlgorithmId.parse(d.data.getDerValue());
if (!val.getOID().equals(AlgorithmId.mgf1_oid)) {
if (!val.getOID().equals(AlgorithmId.MGF1_oid)) {
throw new IOException("Only MGF1 mgf is supported");
}
AlgorithmId params = AlgorithmId.parse(
@ -242,7 +242,7 @@ public final class PSSParameters extends AlgorithmParametersSpi {
if (!mgfDigestId.getOID().equals(AlgorithmId.SHA_oid)) {
tmp2 = new DerOutputStream();
tmp2.putOID(AlgorithmId.mgf1_oid);
tmp2.putOID(AlgorithmId.MGF1_oid);
mgfDigestId.encode(tmp2);
tmp3 = new DerOutputStream();
tmp3.write(DerValue.tag_Sequence, tmp2);

89
src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,7 +27,7 @@ package sun.security.rsa;
import java.util.*;
import java.security.Provider;
import static sun.security.provider.SunEntries.createAliasesWithOid;
import static sun.security.util.SecurityProviderConstants.getAliases;
/**
* Defines the entries of the SunRsaSign provider.
@ -38,7 +38,14 @@ public final class SunRsaSignEntries {
private void add(Provider p, String type, String algo, String cn,
List<String> aliases, HashMap<String, String> attrs) {
services.add(new Provider.Service(p, type, algo, cn, aliases, attrs));
services.add(new Provider.Service(p, type, algo, cn,
aliases, attrs));
}
private void addA(Provider p, String type, String algo, String cn,
HashMap<String, String> attrs) {
services.add(new Provider.Service(p, type, algo, cn,
getAliases(algo), attrs));
}
// extend LinkedHashSet for consistency with SunEntries
@ -47,13 +54,6 @@ public final class SunRsaSignEntries {
services = new LinkedHashSet<>(20, 0.9f);
// start populating content using the specified provider
// common oids
String rsaOid = "1.2.840.113549.1.1";
List<String> rsaAliases = createAliasesWithOid(rsaOid);
List<String> rsapssAliases = createAliasesWithOid(rsaOid + ".10");
String sha1withRSAOid2 = "1.3.14.3.2.29";
// common attribute map
HashMap<String, String> attrs = new HashMap<>(3);
attrs.put("SupportedKeyClasses",
@ -62,50 +62,37 @@ public final class SunRsaSignEntries {
add(p, "KeyFactory", "RSA",
"sun.security.rsa.RSAKeyFactory$Legacy",
rsaAliases, null);
getAliases("PKCS1"), null);
add(p, "KeyPairGenerator", "RSA",
"sun.security.rsa.RSAKeyPairGenerator$Legacy",
rsaAliases, null);
add(p, "Signature", "MD2withRSA",
"sun.security.rsa.RSASignature$MD2withRSA",
createAliasesWithOid(rsaOid + ".2"), attrs);
add(p, "Signature", "MD5withRSA",
"sun.security.rsa.RSASignature$MD5withRSA",
createAliasesWithOid(rsaOid + ".4"), attrs);
add(p, "Signature", "SHA1withRSA",
"sun.security.rsa.RSASignature$SHA1withRSA",
createAliasesWithOid(rsaOid + ".5", sha1withRSAOid2), attrs);
add(p, "Signature", "SHA224withRSA",
"sun.security.rsa.RSASignature$SHA224withRSA",
createAliasesWithOid(rsaOid + ".14"), attrs);
add(p, "Signature", "SHA256withRSA",
"sun.security.rsa.RSASignature$SHA256withRSA",
createAliasesWithOid(rsaOid + ".11"), attrs);
add(p, "Signature", "SHA384withRSA",
"sun.security.rsa.RSASignature$SHA384withRSA",
createAliasesWithOid(rsaOid + ".12"), attrs);
add(p, "Signature", "SHA512withRSA",
"sun.security.rsa.RSASignature$SHA512withRSA",
createAliasesWithOid(rsaOid + ".13"), attrs);
add(p, "Signature", "SHA512/224withRSA",
"sun.security.rsa.RSASignature$SHA512_224withRSA",
createAliasesWithOid(rsaOid + ".15"), attrs);
add(p, "Signature", "SHA512/256withRSA",
"sun.security.rsa.RSASignature$SHA512_256withRSA",
createAliasesWithOid(rsaOid + ".16"), attrs);
getAliases("PKCS1"), null);
addA(p, "Signature", "MD2withRSA",
"sun.security.rsa.RSASignature$MD2withRSA", attrs);
addA(p, "Signature", "MD5withRSA",
"sun.security.rsa.RSASignature$MD5withRSA", attrs);
addA(p, "Signature", "SHA1withRSA",
"sun.security.rsa.RSASignature$SHA1withRSA", attrs);
addA(p, "Signature", "SHA224withRSA",
"sun.security.rsa.RSASignature$SHA224withRSA", attrs);
addA(p, "Signature", "SHA256withRSA",
"sun.security.rsa.RSASignature$SHA256withRSA", attrs);
addA(p, "Signature", "SHA384withRSA",
"sun.security.rsa.RSASignature$SHA384withRSA", attrs);
addA(p, "Signature", "SHA512withRSA",
"sun.security.rsa.RSASignature$SHA512withRSA", attrs);
addA(p, "Signature", "SHA512/224withRSA",
"sun.security.rsa.RSASignature$SHA512_224withRSA", attrs);
addA(p, "Signature", "SHA512/256withRSA",
"sun.security.rsa.RSASignature$SHA512_256withRSA", attrs);
add(p, "KeyFactory", "RSASSA-PSS",
"sun.security.rsa.RSAKeyFactory$PSS",
rsapssAliases, null);
add(p, "KeyPairGenerator", "RSASSA-PSS",
"sun.security.rsa.RSAKeyPairGenerator$PSS",
rsapssAliases, null);
add(p, "Signature", "RSASSA-PSS",
"sun.security.rsa.RSAPSSSignature",
rsapssAliases, attrs);
add(p, "AlgorithmParameters", "RSASSA-PSS",
"sun.security.rsa.PSSParameters",
rsapssAliases, null);
addA(p, "KeyFactory", "RSASSA-PSS",
"sun.security.rsa.RSAKeyFactory$PSS", attrs);
addA(p, "KeyPairGenerator", "RSASSA-PSS",
"sun.security.rsa.RSAKeyPairGenerator$PSS", attrs);
addA(p, "Signature", "RSASSA-PSS",
"sun.security.rsa.RSAPSSSignature", attrs);
addA(p, "AlgorithmParameters", "RSASSA-PSS",
"sun.security.rsa.PSSParameters", attrs);
}
public Iterator<Provider.Service> iterator() {

16
src/java.base/share/classes/sun/security/ssl/SunJSSE.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@ package sun.security.ssl;
import java.security.*;
import java.util.*;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.provider.SunEntries.createAliases;
import static sun.security.util.SecurityProviderConstants.*;
/**
* The JSSE provider.
@ -74,8 +74,8 @@ public class SunJSSE extends java.security.Provider {
}
private void ps(String type, String algo, String cn,
List<String> aliases, HashMap<String, String> attrs) {
putService(new Provider.Service(this, type, algo, cn, aliases, attrs));
List<String> a, HashMap<String, String> attrs) {
putService(new Provider.Service(this, type, algo, cn, a, attrs));
}
private void doRegister() {
@ -86,18 +86,18 @@ public class SunJSSE extends java.security.Provider {
"sun.security.ssl.KeyManagerFactoryImpl$SunX509", null, null);
ps("KeyManagerFactory", "NewSunX509",
"sun.security.ssl.KeyManagerFactoryImpl$X509",
createAliases("PKIX"), null);
List.of("PKIX"), null);
ps("TrustManagerFactory", "SunX509",
"sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory",
null, null);
ps("TrustManagerFactory", "PKIX",
"sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory",
createAliases("SunPKIX", "X509", "X.509"), null);
List.of("SunPKIX", "X509", "X.509"), null);
ps("SSLContext", "TLSv1",
"sun.security.ssl.SSLContextImpl$TLS10Context",
createAliases("SSLv3"), null);
List.of("SSLv3"), null);
ps("SSLContext", "TLSv1.1",
"sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
ps("SSLContext", "TLSv1.2",
@ -106,7 +106,7 @@ public class SunJSSE extends java.security.Provider {
"sun.security.ssl.SSLContextImpl$TLS13Context", null, null);
ps("SSLContext", "TLS",
"sun.security.ssl.SSLContextImpl$TLSContext",
createAliases("SSL"), null);
List.of("SSL"), null);
ps("SSLContext", "DTLSv1.0",
"sun.security.ssl.SSLContextImpl$DTLS10Context", null, null);

18
src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -43,6 +43,7 @@ import java.util.concurrent.atomic.AtomicLong;
import javax.net.ssl.*;
import sun.security.provider.certpath.AlgorithmChecker;
import sun.security.validator.Validator;
import sun.security.util.KnownOIDs;
/**
* The new X509 key manager implementation. The main differences to the
@ -522,14 +523,19 @@ final class X509KeyManagerImpl extends X509ExtendedKeyManager
// enum constant for "tls client" check
// valid EKU for TLS client: any, tls_client
CLIENT(new HashSet<String>(Arrays.asList(new String[] {
"2.5.29.37.0", "1.3.6.1.5.5.7.3.2" }))),
CLIENT(new HashSet<String>(List.of(
KnownOIDs.anyExtendedKeyUsage.value(),
KnownOIDs.clientAuth.value()
))),
// enum constant for "tls server" check
// valid EKU for TLS server: any, tls_server, ns_sgc, ms_sgc
SERVER(new HashSet<String>(Arrays.asList(new String[] {
"2.5.29.37.0", "1.3.6.1.5.5.7.3.1", "2.16.840.1.113730.4.1",
"1.3.6.1.4.1.311.10.3.3" })));
SERVER(new HashSet<String>(List.of(
KnownOIDs.anyExtendedKeyUsage.value(),
KnownOIDs.serverAuth.value(),
KnownOIDs.NETSCAPE_ExportApproved.value(),
KnownOIDs.MICROSOFT_ExportApproved.value()
)));
// set of valid EKU values for this type
final Set<String> validEku;

4
src/java.base/share/classes/sun/security/timestamp/TSRequest.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -163,7 +163,7 @@ public class TSRequest {
// encode optional elements
if (policyId != null) {
request.putOID(new ObjectIdentifier(policyId));
request.putOID(ObjectIdentifier.of(policyId));
}
if (nonce != null) {
request.putInteger(nonce);

87
src/java.base/share/classes/sun/security/tools/keytool/Main.java

@ -82,6 +82,7 @@ import sun.security.pkcs10.PKCS10;
import sun.security.pkcs10.PKCS10Attribute;
import sun.security.provider.X509Factory;
import sun.security.provider.certpath.ssl.SSLServerCertStore;
import sun.security.util.KnownOIDs;
import sun.security.util.Password;
import sun.security.util.SecurityProperties;
import sun.security.util.SecurityProviderConstants;
@ -4125,6 +4126,23 @@ public final class Main {
return c.getTime();
}
/**
* Match a command with a command set. The match can be exact, or
* partial, or case-insensitive.
*
* @param s the command provided by user
* @param list the legal command set represented by KnownOIDs enums.
* @return the position of a single match, or -1 if none matched
* @throws Exception if s is ambiguous
*/
private static int oneOf(String s, KnownOIDs... list) throws Exception {
String[] convertedList = new String[list.length];
for (int i = 0; i < list.length; i++) {
convertedList[i] = list[i].stdName();
}
return oneOf(s, convertedList);
}
/**
* Match a command with a command set. The match can be exact, or
* partial, or case-insensitive.
@ -4262,7 +4280,7 @@ public final class Main {
case 5: return PKIXExtensions.SubjectInfoAccess_Id;
case 6: return PKIXExtensions.AuthInfoAccess_Id;
case 8: return PKIXExtensions.CRLDistributionPoints_Id;
default: return new ObjectIdentifier(type);
default: return ObjectIdentifier.of(type);
}
}
@ -4474,30 +4492,26 @@ public final class Main {
case 2: // EKU
if(value != null) {
Vector<ObjectIdentifier> v = new Vector<>();
KnownOIDs[] choices = {
KnownOIDs.anyExtendedKeyUsage,
KnownOIDs.serverAuth,
KnownOIDs.clientAuth,
KnownOIDs.codeSigning,
KnownOIDs.emailProtection,
KnownOIDs.KP_TimeStamping,
KnownOIDs.OCSPSigning
};
for (String s: value.split(",")) {
int p = oneOf(s,
"anyExtendedKeyUsage",
"serverAuth", //1
"clientAuth", //2
"codeSigning", //3
"emailProtection", //4
"", //5
"", //6
"", //7
"timeStamping", //8
"OCSPSigning" //9
);
if (p < 0) {
try {
v.add(new ObjectIdentifier(s));
} catch (Exception e) {
throw new Exception(rb.getString(
"Unknown.extendedkeyUsage.type.") + s);
}
} else if (p == 0) {
v.add(new ObjectIdentifier("2.5.29.37.0"));
} else {
v.add(new ObjectIdentifier("1.3.6.1.5.5.7.3." + p));
int p = oneOf(s, choices);
String o = s;
if (p >= 0) {
o = choices[p].value();
}
try {
v.add(ObjectIdentifier.of(o));
} catch (Exception e) {
throw new Exception(rb.getString(
"Unknown.extendedkeyUsage.type.") + s);
}
}
setExt(result, new ExtendedKeyUsageExtension(isCritical, v));
@ -4552,24 +4566,23 @@ public final class Main {
String m = item.substring(0, colonpos);
String t = item.substring(colonpos+1, colonpos2);
String v = item.substring(colonpos2+1);
int p = oneOf(m,
"",
"ocsp", //1
"caIssuers", //2
"timeStamping", //3
"",
"caRepository" //5
);
KnownOIDs[] choices = {
KnownOIDs.OCSP,
KnownOIDs.caIssuers,
KnownOIDs.AD_TimeStamping,
KnownOIDs.caRepository
};
int p = oneOf(m, choices);
ObjectIdentifier oid;
if (p < 0) {
if (p >= 0) {
oid = ObjectIdentifier.of(choices[p]);
} else {
try {
oid = new ObjectIdentifier(m);
oid = ObjectIdentifier.of(m);
} catch (Exception e) {
throw new Exception(rb.getString(
"Unknown.AccessDescription.type.") + m);
}
} else {
oid = new ObjectIdentifier("1.3.6.1.5.5.7.48." + p);
}
accessDescriptions.add(new AccessDescription(
oid, createGeneralName(t, v, exttype)));
@ -4606,7 +4619,7 @@ public final class Main {
}
break;
case -1:
ObjectIdentifier oid = new ObjectIdentifier(name);
ObjectIdentifier oid = ObjectIdentifier.of(name);
byte[] data = null;
if (value != null) {
data = new byte[value.length() / 2 + 1];

4
src/java.base/share/classes/sun/security/util/ConstraintsParameters.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -153,7 +153,7 @@ public class ConstraintsParameters {
public static String[] getNamedCurveFromKey(Key key) {
if (key instanceof ECKey) {
NamedCurve nc = CurveDB.lookup(((ECKey)key).getParams());
return (nc == null ? EMPTYLIST : CurveDB.getNamesByOID(nc.getObjectId()));
return (nc == null ? EMPTYLIST : nc.getNameAndAliases());
} else if (key instanceof XECKey) {
String[] s = {
((NamedParameterSpec)((XECKey)key).getParams()).getName()

291
src/java.base/share/classes/sun/security/util/CurveDB.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,7 +30,6 @@ import java.math.BigInteger;
import java.security.spec.*;
import java.util.*;
import java.util.regex.Pattern;
/**
* Repository for well-known Elliptic Curve parameters. It is used by both
@ -54,8 +53,6 @@ public class CurveDB {
private static Collection<? extends NamedCurve> specCollection;
public static final String SPLIT_PATTERN = ",|\\[|\\]";
// Used by SunECEntries
public static Collection<? extends NamedCurve>getSupportedCurves() {
return specCollection;
@ -117,9 +114,8 @@ public class CurveDB {
return new BigInteger(s, 16);
}
private static void add(String name, String soid, int type, String sfield,
String a, String b, String x, String y, String n, int h,
Pattern nameSplitPattern) {
private static void add(KnownOIDs o, int type, String sfield,
String a, String b, String x, String y, String n, int h) {
BigInteger p = bi(sfield);
ECField field;
if ((type == P) || (type == PD)) {
@ -133,16 +129,16 @@ public class CurveDB {
EllipticCurve curve = new EllipticCurve(field, bi(a), bi(b));
ECPoint g = new ECPoint(bi(x), bi(y));
NamedCurve params = new NamedCurve(name, soid, curve, g, bi(n), h);
if (oidMap.put(soid, params) != null) {
throw new RuntimeException("Duplication oid: " + soid);
String oid = o.value();
NamedCurve params = new NamedCurve(o, curve, g, bi(n), h);
if (oidMap.put(oid, params) != null) {
throw new RuntimeException("Duplication oid: " + oid);
}
String[] commonNames = nameSplitPattern.split(name);
for (String commonName : commonNames) {
if (nameMap.put(commonName.trim().toLowerCase(Locale.ENGLISH),
params) != null) {
throw new RuntimeException("Duplication name: " + commonName);
for (String cn : params.getNameAndAliases()) {
if (nameMap.put(cn.toLowerCase(Locale.ENGLISH),
params) != null) {
throw new RuntimeException("Duplication name: " + cn);
}
}
@ -154,445 +150,424 @@ public class CurveDB {
}
}
private static class Holder {
private static final Pattern nameSplitPattern = Pattern.compile(
SPLIT_PATTERN);
}
// Return all the names the EC curve could be using.
static String[] getNamesByOID(String oid) {
NamedCurve nc = oidMap.get(oid);
if (nc == null) {
return new String[0];
}
String[] list = Holder.nameSplitPattern.split(nc.getName());
int i = 0;
do {
list[i] = list[i].trim();
} while (++i < list.length);
return list;
}
static {
Pattern nameSplitPattern = Holder.nameSplitPattern;
/* SEC2 prime curves */
add("secp112r1", "1.3.132.0.6", P,
add(KnownOIDs.secp112r1, P,
"DB7C2ABF62E35E668076BEAD208B",
"DB7C2ABF62E35E668076BEAD2088",
"659EF8BA043916EEDE8911702B22",
"09487239995A5EE76B55F9C2F098",
"A89CE5AF8724C0A23E0E0FF77500",
"DB7C2ABF62E35E7628DFAC6561C5",
1, nameSplitPattern);
1);
add("secp112r2", "1.3.132.0.7", P,
add(KnownOIDs.secp112r2, P,
"DB7C2ABF62E35E668076BEAD208B",
"6127C24C05F38A0AAAF65C0EF02C",
"51DEF1815DB5ED74FCC34C85D709",
"4BA30AB5E892B4E1649DD0928643",
"adcd46f5882e3747def36e956e97",
"36DF0AAFD8B8D7597CA10520D04B",
4, nameSplitPattern);
4);
add("secp128r1", "1.3.132.0.28", P,
add(KnownOIDs.secp128r1, P,
"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
"E87579C11079F43DD824993C2CEE5ED3",
"161FF7528B899B2D0C28607CA52C5B86",
"CF5AC8395BAFEB13C02DA292DDED7A83",
"FFFFFFFE0000000075A30D1B9038A115",
1, nameSplitPattern);
1);
add("secp128r2", "1.3.132.0.29", P,
add(KnownOIDs.secp128r2, P,
"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
"D6031998D1B3BBFEBF59CC9BBFF9AEE1",
"5EEEFCA380D02919DC2C6558BB6D8A5D",
"7B6AA5D85E572983E6FB32A7CDEBC140",
"27B6916A894D3AEE7106FE805FC34B44",
"3FFFFFFF7FFFFFFFBE0024720613B5A3",
4, nameSplitPattern);
4);
add("secp160k1", "1.3.132.0.9", P,
add(KnownOIDs.secp160k1, P,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
"0000000000000000000000000000000000000000",
"0000000000000000000000000000000000000007",
"3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
"938CF935318FDCED6BC28286531733C3F03C4FEE",
"0100000000000000000001B8FA16DFAB9ACA16B6B3",
1, nameSplitPattern);
1);
add("secp160r1", "1.3.132.0.8", P,
add(KnownOIDs.secp160r1, P,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
"1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
"4A96B5688EF573284664698968C38BB913CBFC82",
"23A628553168947D59DCC912042351377AC5FB32",
"0100000000000000000001F4C8F927AED3CA752257",
1, nameSplitPattern);
1);
add("secp160r2", "1.3.132.0.30", P,
add(KnownOIDs.secp160r2, P,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
"B4E134D3FB59EB8BAB57274904664D5AF50388BA",
"52DCB034293A117E1F4FF11B30F7199D3144CE6D",
"FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
"0100000000000000000000351EE786A818F3A1A16B",
1, nameSplitPattern);
1);
add("secp192k1", "1.3.132.0.31", P,
add(KnownOIDs.secp192k1, P,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
"000000000000000000000000000000000000000000000000",
"000000000000000000000000000000000000000000000003",
"DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
"9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
"FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
1, nameSplitPattern);
1);
add("secp192r1 [NIST P-192, X9.62 prime192v1]", "1.2.840.10045.3.1.1", PD,
add(KnownOIDs.secp192r1, PD,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
"64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
"188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
"07192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
1, nameSplitPattern);
1);
add("secp224k1", "1.3.132.0.32", P,
add(KnownOIDs.secp224k1, P,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
"00000000000000000000000000000000000000000000000000000000",
"00000000000000000000000000000000000000000000000000000005",
"A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
"7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
"010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
1, nameSplitPattern);
1);
add("secp224r1 [NIST P-224]", "1.3.132.0.33", PD,
add(KnownOIDs.secp224r1, PD,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
"B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
"B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
"BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
1, nameSplitPattern);
1);
add("secp256k1", "1.3.132.0.10", P,
add(KnownOIDs.secp256k1, P,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
"0000000000000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000007",
"79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
"483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
1, nameSplitPattern);
1);
add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD,
add(KnownOIDs.secp256r1, PD,
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
"5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
"6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
"4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
1, nameSplitPattern);
1);
add("secp384r1 [NIST P-384]", "1.3.132.0.34", PD,
add(KnownOIDs.secp384r1, PD,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
"B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
"AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
"3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
1, nameSplitPattern);
1);
add("secp521r1 [NIST P-521]", "1.3.132.0.35", PD,
add(KnownOIDs.secp521r1, PD,
"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
"0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
"00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
"011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
1, nameSplitPattern);
1);
/* ANSI X9.62 prime curves */
add("X9.62 prime192v2", "1.2.840.10045.3.1.2", P,
add(KnownOIDs.prime192v2, P,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
"CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
"EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
"6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
"FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
1, nameSplitPattern);
1);
add("X9.62 prime192v3", "1.2.840.10045.3.1.3", P,
add(KnownOIDs.prime192v3, P,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
"22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
"7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
"38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
"FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
1, nameSplitPattern);
1);
add("X9.62 prime239v1", "1.2.840.10045.3.1.4", P,
add(KnownOIDs.prime239v1, P,
"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
"6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
"0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
"7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
1, nameSplitPattern);
1);
add("X9.62 prime239v2", "1.2.840.10045.3.1.5", P,
add(KnownOIDs.prime239v2, P,
"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
"617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
"38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
"5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
"7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
1, nameSplitPattern);
1);
add("X9.62 prime239v3", "1.2.840.10045.3.1.6", P,
add(KnownOIDs.prime239v3, P,
"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
"255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
"6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
"1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
1, nameSplitPattern);
1);
/* SEC2 binary curves */
add("sect113r1", "1.3.132.0.4", B,
add(KnownOIDs.sect113r1, B,
"020000000000000000000000000201",
"003088250CA6E7C7FE649CE85820F7",
"00E8BEE4D3E2260744188BE0E9C723",
"009D73616F35F4AB1407D73562C10F",
"00A52830277958EE84D1315ED31886",
"0100000000000000D9CCEC8A39E56F",
2, nameSplitPattern);
2);
add("sect113r2", "1.3.132.0.5", B,
add(KnownOIDs.sect113r2, B,
"020000000000000000000000000201",
"00689918DBEC7E5A0DD6DFC0AA55C7",
"0095E9A9EC9B297BD4BF36E059184F",
"01A57A6A7B26CA5EF52FCDB8164797",
"00B3ADC94ED1FE674C06E695BABA1D",
"010000000000000108789B2496AF93",
2, nameSplitPattern);
2);
add("sect131r1", "1.3.132.0.22", B,
add(KnownOIDs.sect131r1, B,
"080000000000000000000000000000010D",
"07A11B09A76B562144418FF3FF8C2570B8",
"0217C05610884B63B9C6C7291678F9D341",
"0081BAF91FDF9833C40F9C181343638399",
"078C6E7EA38C001F73C8134B1B4EF9E150",
"0400000000000000023123953A9464B54D",
2, nameSplitPattern);
2);
add("sect131r2", "1.3.132.0.23", B,
add(KnownOIDs.sect131r2, B,
"080000000000000000000000000000010D",
"03E5A88919D7CAFCBF415F07C2176573B2",
"04B8266A46C55657AC734CE38F018F2192",
"0356DCD8F2F95031AD652D23951BB366A8",
"0648F06D867940A5366D9E265DE9EB240F",
"0400000000000000016954A233049BA98F",
2, nameSplitPattern);
2);
add("sect163k1 [NIST K-163]", "1.3.132.0.1", BD,
add(KnownOIDs.sect163k1, BD,
"0800000000000000000000000000000000000000C9",
"000000000000000000000000000000000000000001",
"000000000000000000000000000000000000000001",
"02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
"0289070FB05D38FF58321F2E800536D538CCDAA3D9",
"04000000000000000000020108A2E0CC0D99F8A5EF",
2, nameSplitPattern);
2);
add("sect163r1", "1.3.132.0.2", B,
add(KnownOIDs.sect163r1, B,
"0800000000000000000000000000000000000000C9",
"07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
"0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
"0369979697AB43897789566789567F787A7876A654",
"00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
"03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B",
2, nameSplitPattern);
2);
add("sect163r2 [NIST B-163]", "1.3.132.0.15", BD,
add(KnownOIDs.sect163r2, BD,
"0800000000000000000000000000000000000000C9",
"000000000000000000000000000000000000000001",
"020A601907B8C953CA1481EB10512F78744A3205FD",
"03F0EBA16286A2D57EA0991168D4994637E8343E36",
"00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
"040000000000000000000292FE77E70C12A4234C33",
2, nameSplitPattern);
2);
add("sect193r1", "1.3.132.0.24", B,
add(KnownOIDs.sect193r1, B,
"02000000000000000000000000000000000000000000008001",
"0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
"00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
"01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
"0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
"01000000000000000000000000C7F34A778F443ACC920EBA49",
2, nameSplitPattern);
2);
add("sect193r2", "1.3.132.0.25", B,
add(KnownOIDs.sect193r2, B,
"02000000000000000000000000000000000000000000008001",
"0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
"00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
"00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
"01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
"010000000000000000000000015AAB561B005413CCD4EE99D5",
2, nameSplitPattern);
2);
add("sect233k1 [NIST K-233]", "1.3.132.0.26", BD,
add(KnownOIDs.sect233k1, BD,
"020000000000000000000000000000000000000004000000000000000001",
"000000000000000000000000000000000000000000000000000000000000",
"000000000000000000000000000000000000000000000000000000000001",
"017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
"01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
"008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
4, nameSplitPattern);
4);
add("sect233r1 [NIST B-233]", "1.3.132.0.27", B,
add(KnownOIDs.sect233r1, B,
"020000000000000000000000000000000000000004000000000000000001",
"000000000000000000000000000000000000000000000000000000000001",
"0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
"00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
"01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
"01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
2, nameSplitPattern);
2);
add("sect239k1", "1.3.132.0.3", B,
add(KnownOIDs.sect239k1, B,
"800000000000000000004000000000000000000000000000000000000001",
"000000000000000000000000000000000000000000000000000000000000",
"000000000000000000000000000000000000000000000000000000000001",
"29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
"76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
"2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5",
4, nameSplitPattern);
4);
add("sect283k1 [NIST K-283]", "1.3.132.0.16", BD,
add(KnownOIDs.sect283k1, BD,
"0800000000000000000000000000000000000000000000000000000000000000000010A1",
"000000000000000000000000000000000000000000000000000000000000000000000000",
"000000000000000000000000000000000000000000000000000000000000000000000001",
"0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
"01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
4, nameSplitPattern);
4);
add("sect283r1 [NIST B-283]", "1.3.132.0.17", B,
add(KnownOIDs.sect283r1, B,
"0800000000000000000000000000000000000000000000000000000000000000000010A1",
"000000000000000000000000000000000000000000000000000000000000000000000001",
"027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
"05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
"03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
2, nameSplitPattern);
2);
add("sect409k1 [NIST K-409]", "1.3.132.0.36", BD,
add(KnownOIDs.sect409k1, BD,
"02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
"0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
"01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
"007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
4, nameSplitPattern);
4);
add("sect409r1 [NIST B-409]", "1.3.132.0.37", B,
add(KnownOIDs.sect409r1, B,
"02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
"0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
"015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
"0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
"010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
2, nameSplitPattern);
2);
add("sect571k1 [NIST K-571]", "1.3.132.0.38", BD,
add(KnownOIDs.sect571k1, BD,
"080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
"026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
"0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
"020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
4, nameSplitPattern);
4);
add("sect571r1 [NIST B-571]", "1.3.132.0.39", B,
add(KnownOIDs.sect571r1, B,
"080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
"02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
"0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
"037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
2, nameSplitPattern);
2);
/* ANSI X9.62 binary curves */
add("X9.62 c2tnb191v1", "1.2.840.10045.3.0.5", B,
add(KnownOIDs.c2tnb191v1, B,
"800000000000000000000000000000000000000000000201",
"2866537B676752636A68F56554E12640276B649EF7526267",
"2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
"36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
"765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
"40000000000000000000000004A20E90C39067C893BBB9A5",
2, nameSplitPattern);
2);
add("X9.62 c2tnb191v2", "1.2.840.10045.3.0.6", B,
add(KnownOIDs.c2tnb191v2, B,
"800000000000000000000000000000000000000000000201",
"401028774D7777C7B7666D1366EA432071274F89FF01E718",
"0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
"3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
"17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
"20000000000000000000000050508CB89F652824E06B8173",
4, nameSplitPattern);
4);
add("X9.62 c2tnb191v3", "1.2.840.10045.3.0.7", B,
add(KnownOIDs.c2tnb191v3, B,
"800000000000000000000000000000000000000000000201",
"6C01074756099122221056911C77D77E77A777E7E7E77FCB",
"71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
"375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
"545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
"155555555555555555555555610C0B196812BFB6288A3EA3",
6, nameSplitPattern);
6);
add("X9.62 c2tnb239v1", "1.2.840.10045.3.0.11", B,
add(KnownOIDs.c2tnb239v1, B,
"800000000000000000000000000000000000000000000000001000000001",
"32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
"790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
"57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
"61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
"2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447",
4, nameSplitPattern);
4);
add("X9.62 c2tnb239v2", "1.2.840.10045.3.0.12", B,
add(KnownOIDs.c2tnb239v2, B,
"800000000000000000000000000000000000000000000000001000000001",
"4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
"5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
"28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
"5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
"1555555555555555555555555555553C6F2885259C31E3FCDF154624522D",
6, nameSplitPattern);
6);
add("X9.62 c2tnb239v3", "1.2.840.10045.3.0.13", B,
add(KnownOIDs.c2tnb239v3, B,
"800000000000000000000000000000000000000000000000001000000001",
"01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
"6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
"70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
"2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
"0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF",
0xA, nameSplitPattern);
0xA);
add("X9.62 c2tnb359v1", "1.2.840.10045.3.0.18", B,
add(KnownOIDs.c2tnb359v1, B,
"800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001",
"5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557",
"2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988",
"3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097",
"53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD",
"01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B",
0x4C, nameSplitPattern);
0x4C);
add("X9.62 c2tnb431r1", "1.2.840.10045.3.0.20", B,
add(KnownOIDs.c2tnb431r1, B,
"800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001",
"1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F",
"10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618",
"120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
"20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
"0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91",
0x2760, nameSplitPattern);
0x2760);
/* ANSI X9.62 binary curves from the 1998 standard but forbidden
* in the 2005 version of the standard.
@ -600,77 +575,77 @@ public class CurveDB {
* case we need to support them after all.
*/
/*
add("X9.62 c2pnb163v1", "1.2.840.10045.3.0.1", B,
add(KnownOIDs.c2pnb163v1, B,
"080000000000000000000000000000000000000107",
"072546B5435234A422E0789675F432C89435DE5242",
"00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
"07AF69989546103D79329FCC3D74880F33BBE803CB",
"01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
"0400000000000000000001E60FC8821CC74DAEAFC1",
2, nameSplitPattern);
2);
add("X9.62 c2pnb163v2", "1.2.840.10045.3.0.2", B,
add(KnownOIDs.c2pnb163v2, B,
"080000000000000000000000000000000000000107",
"0108B39E77C4B108BED981ED0E890E117C511CF072",
"0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
"0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
"079F684DDF6684C5CD258B3890021B2386DFD19FC5",
"03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7",
2, nameSplitPattern);
2);
add("X9.62 c2pnb163v3", "1.2.840.10045.3.0.3", B,
add(KnownOIDs.c2pnb163v3, B,
"080000000000000000000000000000000000000107",
"07A526C63D3E25A256A007699F5447E32AE456B50E",
"03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
"02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
"05B935590C155E17EA48EB3FF3718B893DF59A05D0",
"03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309",
2, nameSplitPattern);
2);
add("X9.62 c2pnb176w1", "1.2.840.10045.3.0.4", B,
add(KnownOIDs.c2pnb176w1, B,
"0100000000000000000000000000000000080000000007",
"E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
"5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
"8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
"6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
"00010092537397ECA4F6145799D62B0A19CE06FE26AD",
0xFF6E, nameSplitPattern);
0xFF6E);
add("X9.62 c2pnb208w1", "1.2.840.10045.3.0.10", B,
add(KnownOIDs.c2pnb208w1, B,
"010000000000000000000000000000000800000000000000000007",
"0000000000000000000000000000000000000000000000000000",
"C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
"89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
"0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
"000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D",
0xFE48, nameSplitPattern);
0xFE48);
add("X9.62 c2pnb272w1", "1.2.840.10045.3.0.16", B,
add(KnownOIDs.c2pnb272w1, B,
"010000000000000000000000000000000000000000000000000000010000000000000B",
"91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
"7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
"6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
"10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
"000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
0xFF06, nameSplitPattern);
0xFF06);
add("X9.62 c2pnb304w1", "1.2.840.10045.3.0.17", B,
add(KnownOIDs.c2pnb304w1, B,
"010000000000000000000000000000000000000000000000000000000000000000000000000807",
"FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681",
"BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE",
"197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614",
"E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B",
"000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D",
0xFE2E, nameSplitPattern);
0xFE2E);
add("X9.62 c2pnb368w1", "1.2.840.10045.3.0.19", B,
add(KnownOIDs.c2pnb368w1, B,
"0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007",
"E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D",
"FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A",
"1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F",
"7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310",
"00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967",
0xFF70, nameSplitPattern);
0xFF70);
*/
/*
@ -678,68 +653,68 @@ public class CurveDB {
* (Twisted curves are not included)
*/
add("brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1", P,
add(KnownOIDs.brainpoolP160r1, P,
"E95E4A5F737059DC60DFC7AD95B3D8139515620F",
"340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
"1E589A8595423412134FAA2DBDEC95C8D8675E58",
"BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
"1667CB477A1A8EC338F94741669C976316DA6321",
"E95E4A5F737059DC60DF5991D45029409E60FC09",
1, nameSplitPattern);
1);
add("brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3", P,
add(KnownOIDs.brainpoolP192r1, P,
"C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
"6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
"469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
"C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
"14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
"C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
1, nameSplitPattern);
1);
add("brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5", P,
add(KnownOIDs.brainpoolP224r1, P,
"D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
"68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
"2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
"0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
"58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
"D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
1, nameSplitPattern);
1);
add("brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", P,
add(KnownOIDs.brainpoolP256r1, P,
"A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
"7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
"26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
"8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
"547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
"A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
1, nameSplitPattern);
1);
add("brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9", P,
add(KnownOIDs.brainpoolP320r1, P,
"D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
"3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
"520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
"43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
"14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
"D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
1, nameSplitPattern);
1);
add("brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", P,
add(KnownOIDs.brainpoolP384r1, P,
"8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
"7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
"04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
"1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
"8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
"8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
1, nameSplitPattern);
1);
add("brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", P,
add(KnownOIDs.brainpoolP512r1, P,
"AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
"7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
"3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
"81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
"7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
"AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
1, nameSplitPattern);
1);
specCollection = Collections.unmodifiableCollection(oidMap.values());
}

495
src/java.base/share/classes/sun/security/util/KnownOIDs.java Normal file

@ -0,0 +1,495 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.util;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
/**
* This utility class maps algorithm name to the corresponding oid strings.
* NOTE: for 100% backward compatibility, the standard name for the enum
* is determined by existing usage and may be in lowercase/uppercase in
* order to match existing output.
*/
public enum KnownOIDs {
// X.500 Attributes 2.5.4.*
CommonName("2.5.4.3"),
Surname("2.5.4.4"),
SerialNumber("2.5.4.5"),
CountryName("2.5.4.6"),
LocalityName("2.5.4.7"),
StateName("2.5.4.8"),
StreetAddress("2.5.4.9"),
OrgName("2.5.4.10"),
OrgUnitName("2.5.4.11"),
Title("2.5.4.12"),
GivenName("2.5.4.42"),
Initials("2.5.4.43"),
GenerationQualifier("2.5.4.44"),
DNQualifier("2.5.4.46"),
// Certificate Extension 2.5.29.*
SubjectDirectoryAttributes("2.5.29.9"),
SubjectKeyID("2.5.29.14"),
KeyUsage("2.5.29.15"),
PrivateKeyUsage("2.5.29.16"),
SubjectAlternativeName("2.5.29.17"),
IssuerAlternativeName("2.5.29.18"),
BasicConstraints("2.5.29.19"),
CRLNumber("2.5.29.20"),
ReasonCode("2.5.29.21"),
HoldInstructionCode("2.5.29.23"),
InvalidityDate("2.5.29.24"),
DeltaCRLIndicator("2.5.29.27"),
IssuingDistributionPoint("2.5.29.28"),
CertificateIssuer("2.5.29.29"),
NameConstraints("2.5.29.30"),
CRLDistributionPoints("2.5.29.31"),
CertificatePolicies("2.5.29.32"),
CE_CERT_POLICIES_ANY("2.5.29.32.0"),
PolicyMappings("2.5.29.33"),
AuthorityKeyID("2.5.29.35"),
PolicyConstraints("2.5.29.36"),
extendedKeyUsage("2.5.29.37"),
anyExtendedKeyUsage("2.5.29.37.0"),
FreshestCRL("2.5.29.46"),
InhibitAnyPolicy("2.5.29.54"),
// PKIX 1.3.6.1.5.5.7.
AuthInfoAccess("1.3.6.1.5.5.7.1.1"),
SubjectInfoAccess("1.3.6.1.5.5.7.1.11"),
// key usage purposes - PKIX.3.*
serverAuth("1.3.6.1.5.5.7.3.1"),
clientAuth("1.3.6.1.5.5.7.3.2"),
codeSigning("1.3.6.1.5.5.7.3.3"),
emailProtection("1.3.6.1.5.5.7.3.4"),
ipsecEndSystem("1.3.6.1.5.5.7.3.5"),
ipsecTunnel("1.3.6.1.5.5.7.3.6"),
ipsecUser("1.3.6.1.5.5.7.3.7"),
KP_TimeStamping("1.3.6.1.5.5.7.3.8", "timeStamping") {
@Override
boolean registerNames() { return false; }
},
OCSPSigning("1.3.6.1.5.5.7.3.9"),
// access descriptors - PKIX.48.*
OCSP("1.3.6.1.5.5.7.48.1"),
OCSPBasicResponse("1.3.6.1.5.5.7.48.1.1"),
OCSPNonceExt("1.3.6.1.5.5.7.48.1.2"),
OCSPNoCheck("1.3.6.1.5.5.7.48.1.5"),
caIssuers("1.3.6.1.5.5.7.48.2"),
AD_TimeStamping("1.3.6.1.5.5.7.48.3", "timeStamping") {
@Override
boolean registerNames() { return false; }
},
caRepository("1.3.6.1.5.5.7.48.5", "caRepository"),
// NIST --
// AES 2.16.840.1.101.3.4.1.*
AES("2.16.840.1.101.3.4.1"),
AES_128$ECB$NoPadding("2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"),
AES_128$CBC$NoPadding("2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"),
AES_128$OFB$NoPadding("2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"),
AES_128$CFB$NoPadding("2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"),
AESWRAP_128("2.16.840.1.101.3.4.1.5"),
AES_128$GCM$NoPadding("2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding"),
AES_192$ECB$NoPadding("2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"),
AES_192$CBC$NoPadding("2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"),
AES_192$OFB$NoPadding("2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"),
AES_192$CFB$NoPadding("2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"),
AESWRAP_192("2.16.840.1.101.3.4.1.25"),
AES_192$GCM$NoPadding("2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding"),
AES_256$ECB$NoPadding("2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"),
AES_256$CBC$NoPadding("2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"),
AES_256$OFB$NoPadding("2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"),
AES_256$CFB$NoPadding("2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"),
AESWRAP_256("2.16.840.1.101.3.4.1.45"),
AES_256$GCM$NoPadding("2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding"),
// hashAlgs 2.16.840.1.101.3.4.2.*
SHA_256("2.16.840.1.101.3.4.2.1", "SHA-256", "SHA256"),
SHA_384("2.16.840.1.101.3.4.2.2", "SHA-384", "SHA384"),
SHA_512("2.16.840.1.101.3.4.2.3", "SHA-512", "SHA512"),
SHA_224("2.16.840.1.101.3.4.2.4", "SHA-224", "SHA224"),
SHA_512$224("2.16.840.1.101.3.4.2.5", "SHA-512/224", "SHA512/224"),
SHA_512$256("2.16.840.1.101.3.4.2.6", "SHA-512/256", "SHA512/256"),
SHA3_224("2.16.840.1.101.3.4.2.7", "SHA3-224"),
SHA3_256("2.16.840.1.101.3.4.2.8", "SHA3-256"),
SHA3_384("2.16.840.1.101.3.4.2.9", "SHA3-384"),
SHA3_512("2.16.840.1.101.3.4.2.10", "SHA3-512"),
SHAKE128("2.16.840.1.101.3.4.2.11"),
SHAKE256("2.16.840.1.101.3.4.2.12"),
HmacSHA3_224("2.16.840.1.101.3.4.2.13", "HmacSHA3-224"),
HmacSHA3_256("2.16.840.1.101.3.4.2.14", "HmacSHA3-256"),
HmacSHA3_384("2.16.840.1.101.3.4.2.15", "HmacSHA3-384"),
HmacSHA3_512("2.16.840.1.101.3.4.2.16", "HmacSHA3-512"),
// sigAlgs 2.16.840.1.101.3.4.3.*
SHA224withDSA("2.16.840.1.101.3.4.3.1"),
SHA256withDSA("2.16.840.1.101.3.4.3.2"),
SHA384withDSA("2.16.840.1.101.3.4.3.3"),
SHA512withDSA("2.16.840.1.101.3.4.3.4"),
SHA3_224withRSA("2.16.840.1.101.3.4.3.13", "SHA3-224withRSA"),
SHA3_256withRSA("2.16.840.1.101.3.4.3.14", "SHA3-256withRSA"),
SHA3_384withRSA("2.16.840.1.101.3.4.3.15", "SHA3-384withRSA"),
SHA3_512withRSA("2.16.840.1.101.3.4.3.16", "SHA3-512withRSA"),
// RSASecurity
// PKCS1 1.2.840.113549.1.1.*
PKCS1("1.2.840.113549.1.1", "RSA") { // RSA KeyPairGenerator and KeyFactory
@Override
boolean registerNames() { return false; }
},
RSA("1.2.840.113549.1.1.1"), // RSA encryption
MD2withRSA("1.2.840.113549.1.1.2"),
MD5withRSA("1.2.840.113549.1.1.4"),
SHA1withRSA("1.2.840.113549.1.1.5"),
OAEP("1.2.840.113549.1.1.7"),
MGF1("1.2.840.113549.1.1.8"),
PSpecified("1.2.840.113549.1.1.9"),
RSASSA_PSS("1.2.840.113549.1.1.10", "RSASSA-PSS"),
SHA256withRSA("1.2.840.113549.1.1.11"),
SHA384withRSA("1.2.840.113549.1.1.12"),
SHA512withRSA("1.2.840.113549.1.1.13"),
SHA224withRSA("1.2.840.113549.1.1.14"),
SHA512$224withRSA("1.2.840.113549.1.1.15", "SHA512/224withRSA"),
SHA512$256withRSA("1.2.840.113549.1.1.16", "SHA512/256withRSA"),
// PKCS3 1.2.840.113549.1.3.*
DiffieHellman("1.2.840.113549.1.3.1", "DiffieHellman", "DH"),
// PKCS5 1.2.840.113549.1.5.*
PBEWithMD5AndDES("1.2.840.113549.1.5.3"),
PBEWithMD5AndRC2("1.2.840.113549.1.5.6"),
PBEWithSHA1AndDES("1.2.840.113549.1.5.10"),
PBEWithSHA1AndRC2("1.2.840.113549.1.5.11"),
PBKDF2WithHmacSHA1("1.2.840.113549.1.5.12"),
PBES2("1.2.840.113549.1.5.13"),
// PKCS7 1.2.840.113549.1.7.*
PKCS7("1.2.840.113549.1.7"),
Data("1.2.840.113549.1.7.1"),
SignedData("1.2.840.113549.1.7.2"),
JDK_OLD_Data("1.2.840.1113549.1.7.1"), // extra 1 in 4th component
JDK_OLD_SignedData("1.2.840.1113549.1.7.2"),
EnvelopedData("1.2.840.113549.1.7.3"),
SignedAndEnvelopedData("1.2.840.113549.1.7.4"),
DigestedData("1.2.840.113549.1.7.5"),
EncryptedData("1.2.840.113549.1.7.6"),
// PKCS9 1.2.840.113549.1.9.*
EmailAddress("1.2.840.113549.1.9.1"),
UnstructuredName("1.2.840.113549.1.9.2"),
ContentType("1.2.840.113549.1.9.3"),
MessageDigest("1.2.840.113549.1.9.4"),
SigningTime("1.2.840.113549.1.9.5"),
CounterSignature("1.2.840.113549.1.9.6"),
ChallengePassword("1.2.840.113549.1.9.7"),
UnstructuredAddress("1.2.840.113549.1.9.8"),
ExtendedCertificateAttributes("1.2.840.113549.1.9.9"),
IssuerAndSerialNumber("1.2.840.113549.1.9.10"),
ExtensionRequest("1.2.840.113549.1.9.14"),
SMIMECapability("1.2.840.113549.1.9.15"),
TimeStampTokenInfo("1.2.840.113549.1.9.16.1.4"),
SigningCertificate("1.2.840.113549.1.9.16.2.12"),
SignatureTimestampToken("1.2.840.113549.1.9.16.2.14"),
CHACHA20_POLY1305("1.2.840.113549.1.9.16.3.18", "CHACHA20-POLY1305"),
FriendlyName("1.2.840.113549.1.9.20"),
LocalKeyID("1.2.840.113549.1.9.21"),
CertTypeX509("1.2.840.113549.1.9.22.1"),
// PKCS12 1.2.840.113549.1.12.*
PBEWithSHA1AndRC4_128("1.2.840.113549.1.12.1.1"),
PBEWithSHA1AndRC4_40("1.2.840.113549.1.12.1.2"),
PBEWithSHA1AndDESede("1.2.840.113549.1.12.1.3"),
PBEWithSHA1AndRC2_128("1.2.840.113549.1.12.1.5"),
PBEWithSHA1AndRC2_40("1.2.840.113549.1.12.1.6"),
PKCS8ShroudedKeyBag("1.2.840.113549.1.12.10.1.2"),
CertBag("1.2.840.113549.1.12.10.1.3"),
SecretBag("1.2.840.113549.1.12.10.1.5"),
// digestAlgs 1.2.840.113549.2.*
MD2("1.2.840.113549.2.2"),
MD5("1.2.840.113549.2.5"),
HmacSHA1("1.2.840.113549.2.7"),
HmacSHA224("1.2.840.113549.2.8"),
HmacSHA256("1.2.840.113549.2.9"),
HmacSHA384("1.2.840.113549.2.10"),
HmacSHA512("1.2.840.113549.2.11"),
HmacSHA512$224("1.2.840.113549.2.12", "HmacSHA512/224"),
HmacSHA512$256("1.2.840.113549.2.13", "HmacSHA512/256"),
// encryptionAlgs 1.2.840.113549.3.*
RC2$CBC$PKCS5Padding("1.2.840.113549.3.2", "RC2/CBC/PKCS5Padding"),
ARCFOUR("1.2.840.113549.3.4", "ARCFOUR", "RC4"),
DESede$CBC$NoPadding("1.2.840.113549.3.7", "DESede/CBC/NoPadding"),
RC5$CBC$PKCS5Padding("1.2.840.113549.3.9", "RC5/CBC/PKCS5Padding"),
// ANSI --
// X9 1.2.840.10040.4.*
DSA("1.2.840.10040.4.1"),
SHA1withDSA("1.2.840.10040.4.3", "SHA1withDSA", "DSS"),
// X9.62 1.2.840.10045.*
EC("1.2.840.10045.2.1"),
//c2pnb163v1("1.2.840.10045.3.0.1", "X9.62 c2pnb163v1"),
//c2pnb163v2("1.2.840.10045.3.0.2", "X9.62 c2pnb163v2"),
//c2pnb163v3("1.2.840.10045.3.0.3", "X9.62 c2pnb163v3"),
//c2pnb176w1("1.2.840.10045.3.0.4", "X9.62 c2pnb176w1"),
c2tnb191v1("1.2.840.10045.3.0.5", "X9.62 c2tnb191v1"),
c2tnb191v2("1.2.840.10045.3.0.6", "X9.62 c2tnb191v2"),
c2tnb191v3("1.2.840.10045.3.0.7", "X9.62 c2tnb191v3"),
//c2pnb208w1("1.2.840.10045.3.0.10", "X9.62 c2pnb208w1"),
c2tnb239v1("1.2.840.10045.3.0.11", "X9.62 c2tnb239v1"),
c2tnb239v2("1.2.840.10045.3.0.12", "X9.62 c2tnb239v2"),
c2tnb239v3("1.2.840.10045.3.0.13", "X9.62 c2tnb239v3"),
//c2pnb272w1("1.2.840.10045.3.0.16", "X9.62 c2pnb272w1"),
//c2pnb304w1("1.2.840.10045.3.0.17", "X9.62 c2pnb304w1"),
c2tnb359v1("1.2.840.10045.3.0.18", "X9.62 c2tnb359v1"),
//c2pnb368w1("1.2.840.10045.3.0.19", "X9.62 c2pnb368w1"),
c2tnb431r1("1.2.840.10045.3.0.20", "X9.62 c2tnb431r1"),
secp192r1("1.2.840.10045.3.1.1",
"secp192r1", "NIST P-192", "X9.62 prime192v1"),
prime192v2("1.2.840.10045.3.1.2", "X9.62 prime192v2"),
prime192v3("1.2.840.10045.3.1.3", "X9.62 prime192v3"),
prime239v1("1.2.840.10045.3.1.4", "X9.62 prime239v1"),
prime239v2("1.2.840.10045.3.1.5", "X9.62 prime239v2"),
prime239v3("1.2.840.10045.3.1.6", "X9.62 prime239v3"),
secp256r1("1.2.840.10045.3.1.7",
"secp256r1", "NIST P-256", "X9.62 prime256v1"),
SHA1withECDSA("1.2.840.10045.4.1"),
SHA224withECDSA("1.2.840.10045.4.3.1"),
SHA256withECDSA("1.2.840.10045.4.3.2"),
SHA384withECDSA("1.2.840.10045.4.3.3"),
SHA512withECDSA("1.2.840.10045.4.3.4"),
SpecifiedSHA2withECDSA("1.2.840.10045.4.3"),
// X9.42 1.2.840.10046.2.*
X942_DH("1.2.840.10046.2.1", "DiffieHellman") { // unused by JDK providers
@Override
boolean registerNames() { return false; }
},
// Teletrust 1.3.36.*
brainpoolP160r1("1.3.36.3.3.2.8.1.1.1"),
brainpoolP192r1("1.3.36.3.3.2.8.1.1.3"),
brainpoolP224r1("1.3.36.3.3.2.8.1.1.5"),
brainpoolP256r1("1.3.36.3.3.2.8.1.1.7"),
brainpoolP320r1("1.3.36.3.3.2.8.1.1.9"),
brainpoolP384r1("1.3.36.3.3.2.8.1.1.11"),
brainpoolP512r1("1.3.36.3.3.2.8.1.1.13"),
// Certicom 1.3.132.*
sect163k1("1.3.132.0.1", "sect163k1", "NIST K-163"),
sect163r1("1.3.132.0.2"),
sect239k1("1.3.132.0.3"),
sect113r1("1.3.132.0.4"),
sect113r2("1.3.132.0.5"),
secp112r1("1.3.132.0.6"),
secp112r2("1.3.132.0.7"),
secp160r1("1.3.132.0.8"),
secp160k1("1.3.132.0.9"),
secp256k1("1.3.132.0.10"),
sect163r2("1.3.132.0.15", "sect163r2", "NIST B-163"),
sect283k1("1.3.132.0.16", "sect283k1", "NIST K-283"),
sect283r1("1.3.132.0.17", "sect283r1", "NIST B-283"),
sect131r1("1.3.132.0.22"),
sect131r2("1.3.132.0.23"),
sect193r1("1.3.132.0.24"),
sect193r2("1.3.132.0.25"),
sect233k1("1.3.132.0.26", "sect233k1", "NIST K-233"),
sect233r1("1.3.132.0.27", "sect233r1", "NIST B-233"),
secp128r1("1.3.132.0.28"),
secp128r2("1.3.132.0.29"),
secp160r2("1.3.132.0.30"),
secp192k1("1.3.132.0.31"),
secp224k1("1.3.132.0.32"),
secp224r1("1.3.132.0.33", "secp224r1", "NIST P-224"),
secp384r1("1.3.132.0.34", "secp384r1", "NIST P-384"),
secp521r1("1.3.132.0.35", "secp521r1", "NIST P-521"),
sect409k1("1.3.132.0.36", "sect409k1", "NIST K-409"),
sect409r1("1.3.132.0.37", "sect409r1", "NIST B-409"),
sect571k1("1.3.132.0.38", "sect571k1", "NIST K-571"),
sect571r1("1.3.132.0.39", "sect571r1", "NIST B-571"),
ECDH("1.3.132.1.12"),
// OIW secsig 1.3.14.3.*
OIW_DES_CBC("1.3.14.3.2.7", "DES/CBC"),
OIW_DSA("1.3.14.3.2.12", "DSA") {
@Override
boolean registerNames() { return false; }
},
OIW_JDK_SHA1withDSA("1.3.14.3.2.13", "SHA1withDSA") {
@Override
boolean registerNames() { return false; }
},
SHA_1("1.3.14.3.2.26", "SHA-1", "SHA", "SHA1"),
OIW_SHA1withDSA("1.3.14.3.2.27", "SHA1withDSA") {
@Override
boolean registerNames() { return false; }
},
OIW_SHA1withRSA("1.3.14.3.2.29", "SHA1withRSA") {
@Override
boolean registerNames() { return false; }
},
// Thawte 1.3.101.*
X25519("1.3.101.110"),
X448("1.3.101.111"),
Ed25519("1.3.101.112"),
Ed448("1.3.101.113"),
// University College London (UCL) 0.9.2342.19200300.*
UCL_UserID("0.9.2342.19200300.100.1.1"),
UCL_DomainComponent("0.9.2342.19200300.100.1.25"),
// Netscape 2.16.840.1.113730.*
NETSCAPE_CertType("2.16.840.1.113730.1.1"),
NETSCAPE_CertSequence("2.16.840.1.113730.2.5"),
NETSCAPE_ExportApproved("2.16.840.1.113730.4.1"),
// Oracle 2.16.840.1.113894.*
ORACLE_TrustedKeyUsage("2.16.840.1.113894.746875.1.1"),
// Miscellaneous oids below which are legacy, and not well known
// Consider removing them in future releases when their usage
// have died out
ITUX509_RSA("2.5.8.1.1", "RSA") { // unused by JDK providers
// defined in X.509 for RSA keys
@Override // with modulus length as its parameter
boolean registerNames() { return false; }
},
SkipIPAddress("1.3.6.1.4.1.42.2.11.2.1"),
JAVASOFT_JDKKeyProtector("1.3.6.1.4.1.42.2.17.1.1"),
JAVASOFT_JCEKeyProtector("1.3.6.1.4.1.42.2.19.1"),
MICROSOFT_ExportApproved("1.3.6.1.4.1.311.10.3.3");
private String stdName;
private String oid;
private String[] aliases;
// find the matching enum using either name or oid string
// return null if no match found
public static KnownOIDs findMatch(String s) {
s = s.toUpperCase(Locale.ENGLISH);
KnownOIDs res = name2enum.get(s);
if (res == null && debug != null) {
debug.println("No KnownOIDs enum found for " + s);
}
return res;
}
private static final Debug debug = Debug.getInstance("jca");
//private static final java.io.PrintStream debug = System.out;
private static final ConcurrentHashMap<String, KnownOIDs> name2enum =
new ConcurrentHashMap<>();
static {
if (debug != null) {
debug.println("Setting up name2enum:");
}
List.of(KnownOIDs.values()).forEach(o -> {
register(o);
});
}
private static void register(KnownOIDs o) {
KnownOIDs ov = name2enum.put(o.oid, o);
if (ov != null) {
throw new RuntimeException("ERROR: Duplicate " + o.oid +
" between " + o + " and " + ov);
} else if (debug != null) {
debug.println(o.oid + " => " + o.name());
}
// only register the stdName and aliases if o.registerNames()
// returns true
if (o.registerNames()) {
String stdNameUpper = o.stdName.toUpperCase(Locale.ENGLISH);
if (Objects.nonNull(name2enum.put(stdNameUpper, o))) {
throw new RuntimeException("ERROR: Duplicate " +
stdNameUpper + " exists already");
}
if (debug != null) {
debug.println(stdNameUpper + " => " + o.name());
}
for (String a : o.aliases) {
String aliasUpper = a.toUpperCase(Locale.ENGLISH);
if (Objects.nonNull(name2enum.put(aliasUpper, o))) {
throw new RuntimeException("ERROR: Duplicate " +
aliasUpper + " exists already");
}
if (debug != null) {
debug.println(aliasUpper + " => " + o.name());
}
}
}
}
private KnownOIDs(String oid) {
this.oid = oid;
this.stdName = name(); // defaults to enum name
this.aliases = new String[0];
}
private KnownOIDs(String oid, String stdName, String ... aliases) {
this.oid = oid;
this.stdName = stdName;
this.aliases = aliases;
}
// returns the oid string associated with this enum
public String value() {
return oid;
}
// returns the user-friendly standard algorithm name
public String stdName() {
return stdName;
}
// return the internal aliases
public String[] aliases() {
return aliases;
}
boolean registerNames() {
return true;
}
}

40
src/java.base/share/classes/sun/security/util/NamedCurve.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,7 +29,7 @@ import java.io.IOException;
import java.math.BigInteger;
import java.security.spec.*;
import java.util.Arrays;
/**
* Contains Elliptic Curve parameters.
@ -39,8 +39,8 @@ import java.security.spec.*;
*/
public final class NamedCurve extends ECParameterSpec {
// friendly name for toString() output
private final String name;
// friendly names with stdName followed by aliases
private final String[] nameAndAliases;
// well known OID
private final String oid;
@ -48,25 +48,28 @@ public final class NamedCurve extends ECParameterSpec {
// encoded form (as NamedCurve identified via OID)
private final byte[] encoded;
NamedCurve(String name, String oid, EllipticCurve curve,
NamedCurve(KnownOIDs ko, EllipticCurve curve,
ECPoint g, BigInteger n, int h) {
super(curve, g, n, h);
this.name = name;
this.oid = oid;
String[] aliases = ko.aliases();
this.nameAndAliases = new String[aliases.length + 1];
nameAndAliases[0] = ko.stdName();
System.arraycopy(aliases, 0, nameAndAliases, 1, aliases.length);
this.oid = ko.value();
DerOutputStream out = new DerOutputStream();
try {
out.putOID(new ObjectIdentifier(oid));
out.putOID(ObjectIdentifier.of(ko));
} catch (IOException e) {
throw new RuntimeException("Internal error", e);
}
encoded = out.toByteArray();
}
public String getName() {
return name;
// returns the curve's standard name followed by its aliases
public String[] getNameAndAliases() {
return nameAndAliases;
}
public byte[] getEncoded() {
@ -78,6 +81,17 @@ public final class NamedCurve extends ECParameterSpec {
}
public String toString() {
return name + " (" + oid + ")";
StringBuilder sb = new StringBuilder(nameAndAliases[0]);
if (nameAndAliases.length > 1) {
sb.append(" [");
int j = 1;
while (j < nameAndAliases.length - 1) {
sb.append(nameAndAliases[j++]);
sb.append(',');
}
sb.append(nameAndAliases[j] + "]");
}
sb.append(" (" + oid + ")");
return sb.toString();
}
}

43
src/java.base/share/classes/sun/security/util/ObjectIdentifier.java

@ -28,6 +28,7 @@ package sun.security.util;
import java.io.*;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.concurrent.ConcurrentHashMap;
/**
* Represent an ISO Object Identifier.
@ -148,7 +149,7 @@ public final class ObjectIdentifier implements Serializable {
* Constructs, from a string. This string should be of the form 1.23.56.
* Validity check included.
*/
public ObjectIdentifier(String oid) throws IOException {
private ObjectIdentifier(String oid) throws IOException {
int ch = '.';
int start = 0;
int end = 0;
@ -290,18 +291,42 @@ public final class ObjectIdentifier implements Serializable {
System.arraycopy(tmp, 0, encoding, 0, pos);
}
// oid cache index'ed by the oid string
private static ConcurrentHashMap<String,ObjectIdentifier> oidTable =
new ConcurrentHashMap<>();
/**
* Returns an ObjectIdentifier instance for the specific string OID.
* Returns an ObjectIdentifier instance for the specific String.
*
* Note: Please use legal string OID only. Otherwise, a RuntimeException
* is thrown.
* If the String is not a valid OID string, an IOException is thrown.
*/
public static ObjectIdentifier of(String oid) {
try {
return new ObjectIdentifier(oid);
} catch (IOException ioe) {
throw new RuntimeException(ioe);
public static ObjectIdentifier of(String oidStr) throws IOException {
// check cache first
ObjectIdentifier oid = oidTable.get(oidStr);
if (oid == null) {
oid = new ObjectIdentifier(oidStr);
oidTable.put(oidStr, oid);
}
return oid;
}
/**
* Returns an ObjectIdentifier instance for the specific KnownOIDs.
*/
public static ObjectIdentifier of(KnownOIDs o) {
// check cache first
String oidStr = o.value();
ObjectIdentifier oid = oidTable.get(oidStr);
if (oid == null) {
try {
oid = new ObjectIdentifier(oidStr);
} catch (IOException ioe) {
// should not happen as oid string for KnownOIDs is internal
throw new RuntimeException(ioe);
}
oidTable.put(oidStr, oid);
}
return oid;
}
/*

90
src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java

@ -25,8 +25,11 @@
package sun.security.util;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.PatternSyntaxException;
import java.security.InvalidParameterException;
import java.security.ProviderException;
import sun.security.action.GetPropertyAction;
/**
@ -34,11 +37,59 @@ import sun.security.action.GetPropertyAction;
* the JDK security/crypto providers.
*/
public final class SecurityProviderConstants {
// Cannot create one of these
private SecurityProviderConstants () {}
private static final Debug debug =
Debug.getInstance("jca", "ProviderConfig");
// Cannot create one of these
private SecurityProviderConstants () {
// cache for provider aliases; key is the standard algorithm name
// value is the associated aliases List
private static final ConcurrentHashMap<String, List<String>> aliasesMap;
// utility method for generating aliases list using the supplied
// 'oid' and 'extraAliases', then store into "aliasesMap" cache under the
// key 'stdName'
private static List<String> store(String stdName, KnownOIDs oid,
String ... extraAliases) {
List<String> value;
if (oid == null && extraAliases.length != 0) {
value = List.of(extraAliases);
} else {
value = new ArrayList<>();
if (oid != null) {
value.add("OID." + oid.value());
value.add(oid.value());
String[] knownAliases = oid.aliases();
if (knownAliases != null) {
for (String ka : knownAliases) {
value.add(ka);
}
}
}
for (String ea : extraAliases) {
value.add(ea);
}
}
aliasesMap.put(stdName, value);
return value;
}
// returns an aliases List for the specified algorithm name o
// NOTE: exception is thrown if no aliases nor oid found, so
// only call this method if aliases are expected
public static List<String> getAliases(String o) {
List<String> res = aliasesMap.get(o);
if (res == null) {
KnownOIDs e = KnownOIDs.findMatch(o);
if (e != null) {
return store(o, e);
}
ProviderException pe =
new ProviderException("Cannot find aliases for " + o);
throw pe;
}
return res;
}
public static final int getDefDSASubprimeSize(int primeSize) {
@ -63,6 +114,7 @@ public final class SecurityProviderConstants {
private static final String KEY_LENGTH_PROP =
"jdk.security.defaultKeySize";
static {
String keyLengthStr = GetPropertyAction.privilegedGetProperty
(KEY_LENGTH_PROP);
@ -137,5 +189,39 @@ public final class SecurityProviderConstants {
DEF_DH_KEY_SIZE = dhKeySize;
DEF_EC_KEY_SIZE = ecKeySize;
DEF_ED_KEY_SIZE = edKeySize;
// Set up aliases with default mappings
// This is needed when the mapping contains non-oid
// aliases
aliasesMap = new ConcurrentHashMap<>();
store("SHA1withDSA", KnownOIDs.SHA1withDSA,
KnownOIDs.OIW_JDK_SHA1withDSA.value(),
KnownOIDs.OIW_SHA1withDSA.value(),
"DSA", "SHA/DSA", "SHA-1/DSA",
"SHA1/DSA", "SHAwithDSA", "DSAWithSHA1");
store("DSA", KnownOIDs.DSA, KnownOIDs.OIW_DSA.value());
store("SHA1withRSA", KnownOIDs.SHA1withRSA,
KnownOIDs.OIW_SHA1withRSA.value());
store("SHA-1", KnownOIDs.SHA_1);
store("PBEWithMD5AndDES", KnownOIDs.PBEWithMD5AndDES, "PBE");
store("DiffieHellman", KnownOIDs.DiffieHellman);
store("AES", KnownOIDs.AES, "Rijndael");
store("EC", KnownOIDs.EC, "EllipticCurve");
store("X.509", null, "X509");
store("NONEwithDSA", null, "RawDSA");
store("DESede", null, "TripleDES");
store("ARCFOUR", KnownOIDs.ARCFOUR);
// For backward compatility, refer to PKCS1 mapping for RSA
// KeyPairGenerator and KeyFactory
store("PKCS1", KnownOIDs.PKCS1, KnownOIDs.RSA.value());
}
}

28
src/java.base/share/classes/sun/security/validator/EndEntityChecker.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@ package sun.security.validator;
import java.util.*;
import java.security.cert.*;
import sun.security.util.KnownOIDs;
import sun.security.x509.NetscapeCertTypeExtension;
/**
@ -71,24 +71,32 @@ class EndEntityChecker {
private static final String OID_EXTENDED_KEY_USAGE =
SimpleValidator.OID_EXTENDED_KEY_USAGE;
private static final String OID_EKU_TLS_SERVER = "1.3.6.1.5.5.7.3.1";
private static final String OID_EKU_TLS_SERVER =
KnownOIDs.serverAuth.value();
private static final String OID_EKU_TLS_CLIENT = "1.3.6.1.5.5.7.3.2";
private static final String OID_EKU_TLS_CLIENT =
KnownOIDs.clientAuth.value();
private static final String OID_EKU_CODE_SIGNING = "1.3.6.1.5.5.7.3.3";
private static final String OID_EKU_CODE_SIGNING =
KnownOIDs.codeSigning.value();
private static final String OID_EKU_TIME_STAMPING = "1.3.6.1.5.5.7.3.8";
private static final String OID_EKU_TIME_STAMPING =
KnownOIDs.KP_TimeStamping.value();
private static final String OID_EKU_ANY_USAGE = "2.5.29.37.0";
private static final String OID_EKU_ANY_USAGE =
KnownOIDs.anyExtendedKeyUsage.value();
// the Netscape Server-Gated-Cryptography EKU extension OID
private static final String OID_EKU_NS_SGC = "2.16.840.1.113730.4.1";
private static final String OID_EKU_NS_SGC =
KnownOIDs.NETSCAPE_ExportApproved.value();
// the Microsoft Server-Gated-Cryptography EKU extension OID
private static final String OID_EKU_MS_SGC = "1.3.6.1.4.1.311.10.3.3";
private static final String OID_EKU_MS_SGC =
KnownOIDs.MICROSOFT_ExportApproved.value();
// the recognized extension OIDs
private static final String OID_SUBJECT_ALT_NAME = "2.5.29.17";
private static final String OID_SUBJECT_ALT_NAME =
KnownOIDs.SubjectAlternativeName.value();
private static final String NSCT_SSL_CLIENT =
NetscapeCertTypeExtension.SSL_CLIENT;

23
src/java.base/share/classes/sun/security/validator/SimpleValidator.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -39,6 +39,7 @@ import sun.security.x509.NetscapeCertTypeExtension;
import sun.security.util.DerValue;
import sun.security.util.DerInputStream;
import sun.security.util.ObjectIdentifier;
import sun.security.util.KnownOIDs;
import sun.security.provider.certpath.AlgorithmChecker;
import sun.security.provider.certpath.UntrustedChecker;
@ -60,24 +61,28 @@ public final class SimpleValidator extends Validator {
// Constants for the OIDs we need
static final String OID_BASIC_CONSTRAINTS = "2.5.29.19";
static final String OID_BASIC_CONSTRAINTS =
KnownOIDs.BasicConstraints.value();
static final String OID_NETSCAPE_CERT_TYPE = "2.16.840.1.113730.1.1";
static final String OID_NETSCAPE_CERT_TYPE =
KnownOIDs.NETSCAPE_CertType.value();
static final String OID_KEY_USAGE = "2.5.29.15";
static final String OID_KEY_USAGE = KnownOIDs.KeyUsage.value();
static final String OID_EXTENDED_KEY_USAGE = "2.5.29.37";
static final String OID_EXTENDED_KEY_USAGE =
KnownOIDs.extendedKeyUsage.value();
static final String OID_EKU_ANY_USAGE = "2.5.29.37.0";
static final String OID_EKU_ANY_USAGE =
KnownOIDs.anyExtendedKeyUsage.value();
static final ObjectIdentifier OBJID_NETSCAPE_CERT_TYPE =
NetscapeCertTypeExtension.NetscapeCertType_Id;
NetscapeCertTypeExtension.NetscapeCertType_Id;
private static final String NSCT_SSL_CA =
NetscapeCertTypeExtension.SSL_CA;
NetscapeCertTypeExtension.SSL_CA;
private static final String NSCT_CODE_SIGNING_CA =
NetscapeCertTypeExtension.OBJECT_SIGNING_CA;
NetscapeCertTypeExtension.OBJECT_SIGNING_CA;
/**
* The trusted certificates as:

6
src/java.base/share/classes/sun/security/x509/AVA.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -1225,7 +1225,7 @@ class AVAKeyword {
return ak.oid;
}
} else {
return new ObjectIdentifier(oidString);
return ObjectIdentifier.of(oidString);
}
// no keyword found, check if OID string
@ -1243,7 +1243,7 @@ class AVAKeyword {
if (number == false) {
throw new IOException("Invalid keyword \"" + keyword + "\"");
}
return new ObjectIdentifier(keyword);
return ObjectIdentifier.of(keyword);
}
/**

8
src/java.base/share/classes/sun/security/x509/AccessDescription.java

@ -42,16 +42,16 @@ public final class AccessDescription {
private GeneralName accessLocation;
public static final ObjectIdentifier Ad_OCSP_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.1");
ObjectIdentifier.of(KnownOIDs.OCSP);
public static final ObjectIdentifier Ad_CAISSUERS_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.2");
ObjectIdentifier.of(KnownOIDs.caIssuers);
public static final ObjectIdentifier Ad_TIMESTAMPING_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.3");
ObjectIdentifier.of(KnownOIDs.AD_TimeStamping);
public static final ObjectIdentifier Ad_CAREPOSITORY_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.5");
ObjectIdentifier.of(KnownOIDs.caRepository);
public AccessDescription(ObjectIdentifier accessMethod, GeneralName accessLocation) {
this.accessMethod = accessMethod;

590
src/java.base/share/classes/sun/security/x509/AlgorithmId.java

@ -33,6 +33,7 @@ import java.security.spec.InvalidParameterSpecException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.security.*;
import java.security.interfaces.*;
@ -248,21 +249,31 @@ public class AlgorithmId implements Serializable, DerEncoder {
* returns the "full" signature algorithm (Ex: SHA256withECDSA) directly.
*/
public String getName() {
String algName = nameTable.get(algid);
if (algName != null) {
return algName;
}
if ((params != null) && algid.equals((Object)specifiedWithECDSA_oid)) {
try {
AlgorithmId paramsId =
String oidStr = algid.toString();
// first check the list of support oids
KnownOIDs o = KnownOIDs.findMatch(oidStr);
if (o == KnownOIDs.SpecifiedSHA2withECDSA) {
if (params != null) {
try {
AlgorithmId paramsId =
AlgorithmId.parse(new DerValue(params.toByteArray()));
String paramsName = paramsId.getName();
algName = makeSigAlg(paramsName, "EC");
} catch (IOException e) {
// ignore
String paramsName = paramsId.getName();
return makeSigAlg(paramsName, "EC");
} catch (IOException e) {
// ignore
}
}
}
if (o != null) {
return o.stdName();
} else {
String n = aliasOidsTable().get(oidStr);
if (n != null) {
return n;
} else {
return algid.toString();
}
}
return (algName == null) ? algid.toString() : algName;
}
public AlgorithmParameters getParameters() {
@ -280,7 +291,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
* @return DER encoded parameters, or null not present.
*/
public byte[] getEncodedParams() throws IOException {
return (params == null || algid.equals(specifiedWithECDSA_oid))
return (params == null ||
algid.toString().equals(KnownOIDs.SpecifiedSHA2withECDSA.value()))
? null
: params.toByteArray();
}
@ -474,505 +486,147 @@ public class AlgorithmId implements Serializable, DerEncoder {
* used as a "KeyPairGenerator" algorithm.
*/
private static ObjectIdentifier algOID(String name) throws IOException {
// See if algname is in printable OID ("dot-dot") notation
if (name.indexOf('.') != -1) {
if (name.startsWith("OID.")) {
return new ObjectIdentifier(name.substring("OID.".length()));
} else {
return new ObjectIdentifier(name);
}
if (name.startsWith("OID.")) {
name = name.substring("OID.".length());
}
// Digesting algorithms
if (name.equalsIgnoreCase("MD5")) {
return AlgorithmId.MD5_oid;
}
if (name.equalsIgnoreCase("MD2")) {
return AlgorithmId.MD2_oid;
}
if (name.equalsIgnoreCase("SHA") || name.equalsIgnoreCase("SHA1")
|| name.equalsIgnoreCase("SHA-1")) {
return AlgorithmId.SHA_oid;
}
if (name.equalsIgnoreCase("SHA-256") ||
name.equalsIgnoreCase("SHA256")) {
return AlgorithmId.SHA256_oid;
}
if (name.equalsIgnoreCase("SHA-384") ||
name.equalsIgnoreCase("SHA384")) {
return AlgorithmId.SHA384_oid;
}
if (name.equalsIgnoreCase("SHA-512") ||
name.equalsIgnoreCase("SHA512")) {
return AlgorithmId.SHA512_oid;
}
if (name.equalsIgnoreCase("SHA-224") ||
name.equalsIgnoreCase("SHA224")) {
return AlgorithmId.SHA224_oid;
}
if (name.equalsIgnoreCase("SHA-512/224") ||
name.equalsIgnoreCase("SHA512/224")) {
return AlgorithmId.SHA512_224_oid;
}
if (name.equalsIgnoreCase("SHA-512/256") ||
name.equalsIgnoreCase("SHA512/256")) {
return AlgorithmId.SHA512_256_oid;
}
// Various public key algorithms
if (name.equalsIgnoreCase("RSA")) {
return AlgorithmId.RSAEncryption_oid;
}
if (name.equalsIgnoreCase("RSASSA-PSS")) {
return AlgorithmId.RSASSA_PSS_oid;
}
if (name.equalsIgnoreCase("RSAES-OAEP")) {
return AlgorithmId.RSAES_OAEP_oid;
}
if (name.equalsIgnoreCase("Diffie-Hellman")
|| name.equalsIgnoreCase("DH")) {
return AlgorithmId.DH_oid;
}
if (name.equalsIgnoreCase("DSA")) {
return AlgorithmId.DSA_oid;
}
if (name.equalsIgnoreCase("EC")) {
return EC_oid;
}
if (name.equalsIgnoreCase("ECDH")) {
return AlgorithmId.ECDH_oid;
KnownOIDs k = KnownOIDs.findMatch(name);
if (k != null) {
return ObjectIdentifier.of(k);
}
// Secret key algorithms
if (name.equalsIgnoreCase("AES")) {
return AlgorithmId.AES_oid;
// unknown algorithm oids
if (name.indexOf(".") == -1) {
// see if there is a matching oid string alias mapping from
// 3rd party providers
name = name.toUpperCase(Locale.ENGLISH);
String oidStr = aliasOidsTable().get(name);
if (oidStr != null) {
return ObjectIdentifier.of(oidStr);
} return null;
} else {
return ObjectIdentifier.of(name);
}
// Common signature types
if (name.equalsIgnoreCase("MD5withRSA")
|| name.equalsIgnoreCase("MD5/RSA")) {
return AlgorithmId.md5WithRSAEncryption_oid;
}
if (name.equalsIgnoreCase("MD2withRSA")
|| name.equalsIgnoreCase("MD2/RSA")) {
return AlgorithmId.md2WithRSAEncryption_oid;
}
if (name.equalsIgnoreCase("SHAwithDSA")
|| name.equalsIgnoreCase("SHA1withDSA")
|| name.equalsIgnoreCase("SHA/DSA")
|| name.equalsIgnoreCase("SHA1/DSA")
|| name.equalsIgnoreCase("DSAWithSHA1")
|| name.equalsIgnoreCase("DSS")
|| name.equalsIgnoreCase("SHA-1/DSA")) {
return AlgorithmId.sha1WithDSA_oid;
}
if (name.equalsIgnoreCase("SHA224WithDSA")) {
return AlgorithmId.sha224WithDSA_oid;
}
if (name.equalsIgnoreCase("SHA256WithDSA")) {
return AlgorithmId.sha256WithDSA_oid;
}
if (name.equalsIgnoreCase("SHA1WithRSA")
|| name.equalsIgnoreCase("SHA1/RSA")) {
return AlgorithmId.sha1WithRSAEncryption_oid;
}
if (name.equalsIgnoreCase("SHA1withECDSA")
|| name.equalsIgnoreCase("ECDSA")) {
return AlgorithmId.sha1WithECDSA_oid;
}
if (name.equalsIgnoreCase("SHA224withECDSA")) {
return AlgorithmId.sha224WithECDSA_oid;
}
if (name.equalsIgnoreCase("SHA256withECDSA")) {
return AlgorithmId.sha256WithECDSA_oid;
}
if (name.equalsIgnoreCase("SHA384withECDSA")) {
return AlgorithmId.sha384WithECDSA_oid;
}
if (name.equalsIgnoreCase("SHA512withECDSA")) {
return AlgorithmId.sha512WithECDSA_oid;
}
if (name.equalsIgnoreCase("ED25519")) {
return AlgorithmId.ed25519_oid;
}
if (name.equalsIgnoreCase("ED448")) {
return AlgorithmId.ed448_oid;
}
return oidTable().get(name.toUpperCase(Locale.ENGLISH));
}
private static volatile Map<String,ObjectIdentifier> oidTable;
private static final Map<ObjectIdentifier,String> nameTable;
// oid string cache index'ed by algorithm name and oid strings
private static volatile Map<String,String> aliasOidsTable;
/** Returns the oidTable, lazily initializing it on first access. */
private static Map<String,ObjectIdentifier> oidTable()
throws IOException {
// Double checked locking; safe because oidTable is volatile
Map<String,ObjectIdentifier> tab;
if ((tab = oidTable) == null) {
// returns the aliasOidsTable, lazily initializing it on first access.
private static Map<String,String> aliasOidsTable() {
// Double checked locking; safe because aliasOidsTable is volatile
Map<String,String> tab = aliasOidsTable;
if (tab == null) {
synchronized (AlgorithmId.class) {
if ((tab = oidTable) == null)
oidTable = tab = computeOidTable();
}
}
return tab;
}
/** Collects the algorithm names from the installed providers. */
private static HashMap<String,ObjectIdentifier> computeOidTable()
throws IOException {
HashMap<String,ObjectIdentifier> tab = new HashMap<>();
for (Provider provider : Security.getProviders()) {
for (Object key : provider.keySet()) {
String alias = (String)key;
String upperCaseAlias = alias.toUpperCase(Locale.ENGLISH);
int index;
if (upperCaseAlias.startsWith("ALG.ALIAS") &&
(index=upperCaseAlias.indexOf("OID.", 0)) != -1) {
index += "OID.".length();
if (index == alias.length()) {
// invalid alias entry
break;
}
String oidString = alias.substring(index);
String stdAlgName = provider.getProperty(alias);
if (stdAlgName != null) {
stdAlgName = stdAlgName.toUpperCase(Locale.ENGLISH);
}
if (stdAlgName != null &&
tab.get(stdAlgName) == null) {
tab.put(stdAlgName, new ObjectIdentifier(oidString));
}
if ((tab = aliasOidsTable) == null) {
aliasOidsTable = tab = collectOIDAliases();
}
}
}
return tab;
}
/*****************************************************************/
private static boolean isKnownProvider(Provider p) {
String pn = p.getName();
String mn = p.getClass().getModule().getName();
if (pn != null && mn != null) {
return ((mn.equals("java.base") &&
(pn.equals("SUN") || pn.equals("SunRsaSign") ||
pn.equals("SunJCE") || pn.equals("SunJSSE"))) ||
(mn.equals("jdk.crypto.ec") && pn.equals("SunEC")) ||
(mn.equals("jdk.crypto.mscapi") && pn.equals("SunMSCAPI")) ||
(mn.equals("jdk.crypto.cryptoki") &&
pn.startsWith("SunPKCS11")));
} else {
return false;
}
}
/*
* HASHING ALGORITHMS
*/
private static ConcurrentHashMap<String, String> collectOIDAliases() {
ConcurrentHashMap<String, String> t = new ConcurrentHashMap<>();
for (Provider provider : Security.getProviders()) {
// skip providers which are already using SecurityProviderConstants
// and KnownOIDs
if (isKnownProvider(provider)) {
continue;
}
for (Object key : provider.keySet()) {
String alias = (String)key;
String upperCaseAlias = alias.toUpperCase(Locale.ENGLISH);
int index;
if (upperCaseAlias.startsWith("ALG.ALIAS") &&
(index = upperCaseAlias.indexOf("OID.", 0)) != -1) {
index += "OID.".length();
if (index == alias.length()) {
// invalid alias entry
break;
}
String ostr = alias.substring(index);
String stdAlgName = provider.getProperty(alias);
if (stdAlgName != null) {
stdAlgName = stdAlgName.toUpperCase(Locale.ENGLISH);
}
// add the name->oid and oid->name mappings if none exists
if (KnownOIDs.findMatch(stdAlgName) == null) {
// not override earlier entries if it exists
t.putIfAbsent(stdAlgName, ostr);
}
if (KnownOIDs.findMatch(ostr) == null) {
// not override earlier entries if it exists
t.putIfAbsent(ostr, stdAlgName);
}
}
}
}
return t;
}
/**
* Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319.
* OID = 1.2.840.113549.2.2
*/
public static final ObjectIdentifier MD2_oid =
ObjectIdentifier.of("1.2.840.113549.2.2");
ObjectIdentifier.of(KnownOIDs.MD2);
/**
* Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321.
* OID = 1.2.840.113549.2.5
*/
public static final ObjectIdentifier MD5_oid =
ObjectIdentifier.of("1.2.840.113549.2.5");
ObjectIdentifier.of(KnownOIDs.MD5);
/**
* Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1.
* This is sometimes called "SHA", though that is often confusing since
* many people refer to FIPS 180 (which has an error) as defining SHA.
* OID = 1.3.14.3.2.26. Old SHA-0 OID: 1.3.14.3.2.18.
*/
public static final ObjectIdentifier SHA_oid =
ObjectIdentifier.of("1.3.14.3.2.26");
ObjectIdentifier.of(KnownOIDs.SHA_1);
public static final ObjectIdentifier SHA224_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.4");
ObjectIdentifier.of(KnownOIDs.SHA_224);
public static final ObjectIdentifier SHA256_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.1");
ObjectIdentifier.of(KnownOIDs.SHA_256);
public static final ObjectIdentifier SHA384_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.2");
ObjectIdentifier.of(KnownOIDs.SHA_384);
public static final ObjectIdentifier SHA512_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.3");
ObjectIdentifier.of(KnownOIDs.SHA_512);
public static final ObjectIdentifier SHA512_224_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.5");
ObjectIdentifier.of(KnownOIDs.SHA_512$224);
public static final ObjectIdentifier SHA512_256_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.6");
ObjectIdentifier.of(KnownOIDs.SHA_512$256);
/*
* COMMON PUBLIC KEY TYPES
*/
/*
* Note the preferred OIDs are named simply with no "OIW" or
* "PKIX" in them, even though they may point to data from these
* specs; e.g. SHA_oid, DH_oid, DSA_oid, SHA1WithDSA_oid...
*/
/**
* Algorithm ID for Diffie Hellman Key agreement, from PKCS #3.
* Parameters include public values P and G, and may optionally specify
* the length of the private key X. Alternatively, algorithm parameters
* may be derived from another source such as a Certificate Authority's
* certificate.
* OID = 1.2.840.113549.1.3.1
*/
public static final ObjectIdentifier DH_oid =
ObjectIdentifier.of("1.2.840.113549.1.3.1");
/**
* Algorithm ID for the Diffie Hellman Key Agreement (DH), from RFC 3279.
* Parameters may include public values P and G.
* OID = 1.2.840.10046.2.1
*/
public static final ObjectIdentifier DH_PKIX_oid =
ObjectIdentifier.of("1.2.840.10046.2.1");
/**
* Algorithm ID for the Digital Signing Algorithm (DSA), from the
* NIST OIW Stable Agreements part 12.
* Parameters may include public values P, Q, and G; or these may be
* derived from
* another source such as a Certificate Authority's certificate.
* OID = 1.3.14.3.2.12
*/
public static final ObjectIdentifier DSA_OIW_oid =
ObjectIdentifier.of("1.3.14.3.2.12");
/**
* Algorithm ID for the Digital Signing Algorithm (DSA), from RFC 3279.
* Parameters may include public values P, Q, and G; or these may be
* derived from another source such as a Certificate Authority's
* certificate.
* OID = 1.2.840.10040.4.1
*/
public static final ObjectIdentifier DSA_oid =
ObjectIdentifier.of("1.2.840.10040.4.1");
/**
* Algorithm ID for RSA keys used for any purpose, as defined in X.509.
* The algorithm parameter is a single value, the number of bits in the
* public modulus.
* OID = 2.5.8.1.1
*/
public static final ObjectIdentifier RSA_oid =
ObjectIdentifier.of("2.5.8.1.1");
ObjectIdentifier.of(KnownOIDs.DSA);
public static final ObjectIdentifier EC_oid =
ObjectIdentifier.of("1.2.840.10045.2.1");
public static final ObjectIdentifier ECDH_oid =
ObjectIdentifier.of("1.3.132.1.12");
ObjectIdentifier.of(KnownOIDs.EC);
public static final ObjectIdentifier RSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.1");
public static final ObjectIdentifier RSAES_OAEP_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.7");
public static final ObjectIdentifier mgf1_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.8");
ObjectIdentifier.of(KnownOIDs.RSA);
public static final ObjectIdentifier RSASSA_PSS_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.10");
ObjectIdentifier.of(KnownOIDs.RSASSA_PSS);
/*
* COMMON SECRET KEY TYPES
*/
public static final ObjectIdentifier AES_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.1");
/*
* COMMON SIGNATURE ALGORITHMS
*/
/**
* Identifies a signing algorithm where an MD2 digest is encrypted
* using an RSA private key; defined in PKCS #1. Use of this
* signing algorithm is discouraged due to MD2 vulnerabilities.
* OID = 1.2.840.113549.1.1.2
*/
public static final ObjectIdentifier md2WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.2");
/**
* Identifies a signing algorithm where an MD5 digest is
* encrypted using an RSA private key; defined in PKCS #1.
* OID = 1.2.840.113549.1.1.4
*/
public static final ObjectIdentifier md5WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.4");
/**
* Identifies a signing algorithm where a SHA1 digest is
* encrypted using an RSA private key; defined by RSA DSI.
* OID = 1.2.840.113549.1.1.5
*/
public static final ObjectIdentifier sha1WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.5");
/**
* Identifies a signing algorithm where a SHA1 digest is
* encrypted using an RSA private key; defined in NIST OIW.
* OID = 1.3.14.3.2.29
*/
public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid =
ObjectIdentifier.of("1.3.14.3.2.29");
/**
* Identifies a signing algorithm where a SHA224 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.14
*/
public static final ObjectIdentifier sha224WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.14");
/**
* Identifies a signing algorithm where a SHA256 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.11
*/
public static final ObjectIdentifier sha256WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.11");
/**
* Identifies a signing algorithm where a SHA384 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.12
*/
public static final ObjectIdentifier sha384WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.12");
/**
* Identifies a signing algorithm where a SHA512 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.13
*/
public static final ObjectIdentifier sha512WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.13");
/**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
* SHA digest is signed using the Digital Signing Algorithm (DSA).
* This should not be used.
* OID = 1.3.14.3.2.13
*/
public static final ObjectIdentifier shaWithDSA_OIW_oid =
ObjectIdentifier.of("1.3.14.3.2.13");
/**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
* SHA1 digest is signed using the Digital Signing Algorithm (DSA).
* OID = 1.3.14.3.2.27
*/
public static final ObjectIdentifier sha1WithDSA_OIW_oid =
ObjectIdentifier.of("1.3.14.3.2.27");
/**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
* SHA1 digest is signed using the Digital Signing Algorithm (DSA).
* OID = 1.2.840.10040.4.3
*/
public static final ObjectIdentifier sha1WithDSA_oid =
ObjectIdentifier.of("1.2.840.10040.4.3");
public static final ObjectIdentifier sha512_224WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.15");
public static final ObjectIdentifier sha512_256WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.16");
public static final ObjectIdentifier sha224WithDSA_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.3.1");
public static final ObjectIdentifier sha256WithDSA_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.3.2");
public static final ObjectIdentifier sha1WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.1");
public static final ObjectIdentifier sha224WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3.1");
public static final ObjectIdentifier sha256WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3.2");
public static final ObjectIdentifier sha384WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3.3");
public static final ObjectIdentifier sha512WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3.4");
public static final ObjectIdentifier specifiedWithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3");
/**
* Algorithm ID for the PBE encryption algorithms from PKCS#5 and
* PKCS#12.
*/
public static final ObjectIdentifier pbeWithMD5AndDES_oid =
ObjectIdentifier.of("1.2.840.113549.1.5.3");
public static final ObjectIdentifier pbeWithMD5AndRC2_oid =
ObjectIdentifier.of("1.2.840.113549.1.5.6");
public static final ObjectIdentifier pbeWithSHA1AndDES_oid =
ObjectIdentifier.of("1.2.840.113549.1.5.10");
public static final ObjectIdentifier pbeWithSHA1AndRC2_oid =
ObjectIdentifier.of("1.2.840.113549.1.5.11");
public static final ObjectIdentifier pbeWithSHA1AndRC4_128_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.1");
public static final ObjectIdentifier pbeWithSHA1AndRC4_40_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.2");
public static final ObjectIdentifier pbeWithSHA1AndDESede_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.3");
public static final ObjectIdentifier pbeWithSHA1AndRC2_128_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.5");
public static final ObjectIdentifier pbeWithSHA1AndRC2_40_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.6");
public static final ObjectIdentifier MGF1_oid =
ObjectIdentifier.of(KnownOIDs.MGF1);
public static final ObjectIdentifier ed25519_oid =
ObjectIdentifier.of("1.3.101.112");
ObjectIdentifier.of(KnownOIDs.Ed25519);
public static final ObjectIdentifier ed448_oid =
ObjectIdentifier.of("1.3.101.113");
static {
nameTable = new HashMap<>();
nameTable.put(MD5_oid, "MD5");
nameTable.put(MD2_oid, "MD2");
nameTable.put(SHA_oid, "SHA-1");
nameTable.put(SHA224_oid, "SHA-224");
nameTable.put(SHA256_oid, "SHA-256");
nameTable.put(SHA384_oid, "SHA-384");
nameTable.put(SHA512_oid, "SHA-512");
nameTable.put(SHA512_224_oid, "SHA-512/224");
nameTable.put(SHA512_256_oid, "SHA-512/256");
nameTable.put(RSAEncryption_oid, "RSA");
nameTable.put(RSA_oid, "RSA");
nameTable.put(DH_oid, "Diffie-Hellman");
nameTable.put(DH_PKIX_oid, "Diffie-Hellman");
nameTable.put(DSA_oid, "DSA");
nameTable.put(DSA_OIW_oid, "DSA");
nameTable.put(EC_oid, "EC");
nameTable.put(ECDH_oid, "ECDH");
nameTable.put(ed25519_oid, "ED25519");
nameTable.put(ed448_oid, "ED448");
nameTable.put(AES_oid, "AES");
nameTable.put(sha1WithECDSA_oid, "SHA1withECDSA");
nameTable.put(sha224WithECDSA_oid, "SHA224withECDSA");
nameTable.put(sha256WithECDSA_oid, "SHA256withECDSA");
nameTable.put(sha384WithECDSA_oid, "SHA384withECDSA");
nameTable.put(sha512WithECDSA_oid, "SHA512withECDSA");
nameTable.put(md5WithRSAEncryption_oid, "MD5withRSA");
nameTable.put(md2WithRSAEncryption_oid, "MD2withRSA");
nameTable.put(sha1WithDSA_oid, "SHA1withDSA");
nameTable.put(sha1WithDSA_OIW_oid, "SHA1withDSA");
nameTable.put(shaWithDSA_OIW_oid, "SHA1withDSA");
nameTable.put(sha224WithDSA_oid, "SHA224withDSA");
nameTable.put(sha256WithDSA_oid, "SHA256withDSA");
nameTable.put(sha1WithRSAEncryption_oid, "SHA1withRSA");
nameTable.put(sha1WithRSAEncryption_OIW_oid, "SHA1withRSA");
nameTable.put(sha224WithRSAEncryption_oid, "SHA224withRSA");
nameTable.put(sha256WithRSAEncryption_oid, "SHA256withRSA");
nameTable.put(sha384WithRSAEncryption_oid, "SHA384withRSA");
nameTable.put(sha512WithRSAEncryption_oid, "SHA512withRSA");
nameTable.put(sha512_224WithRSAEncryption_oid, "SHA512/224withRSA");
nameTable.put(sha512_256WithRSAEncryption_oid, "SHA512/256withRSA");
nameTable.put(RSASSA_PSS_oid, "RSASSA-PSS");
nameTable.put(RSAES_OAEP_oid, "RSAES-OAEP");
nameTable.put(pbeWithMD5AndDES_oid, "PBEWithMD5AndDES");
nameTable.put(pbeWithMD5AndRC2_oid, "PBEWithMD5AndRC2");
nameTable.put(pbeWithSHA1AndDES_oid, "PBEWithSHA1AndDES");
nameTable.put(pbeWithSHA1AndRC2_oid, "PBEWithSHA1AndRC2");
nameTable.put(pbeWithSHA1AndRC4_128_oid, "PBEWithSHA1AndRC4_128");
nameTable.put(pbeWithSHA1AndRC4_40_oid, "PBEWithSHA1AndRC4_40");
nameTable.put(pbeWithSHA1AndDESede_oid, "PBEWithSHA1AndDESede");
nameTable.put(pbeWithSHA1AndRC2_128_oid, "PBEWithSHA1AndRC2_128");
nameTable.put(pbeWithSHA1AndRC2_40_oid, "PBEWithSHA1AndRC2_40");
}
ObjectIdentifier.of(KnownOIDs.Ed448);
/**
* Creates a signature algorithm name from a digest algorithm

31
src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java

@ -34,9 +34,7 @@ import java.util.List;
import java.util.Map;
import java.util.Vector;
import sun.security.util.DerValue;
import sun.security.util.DerOutputStream;
import sun.security.util.ObjectIdentifier;
import sun.security.util.*;
/**
* This class defines the Extended Key Usage Extension, which
@ -94,24 +92,6 @@ implements CertAttrSet<String> {
public static final String NAME = "ExtendedKeyUsage";
public static final String USAGES = "usages";
// OID defined in RFC 5280 Sections 4.2.1.12
// more from http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.html
private static final Map <ObjectIdentifier, String> map =
new HashMap<ObjectIdentifier, String>();
static {
map.put(ObjectIdentifier.of("2.5.29.37.0"), "anyExtendedKeyUsage");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.1"), "serverAuth");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.2"), "clientAuth");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.3"), "codeSigning");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.4"), "emailProtection");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.5"), "ipsecEndSystem");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.6"), "ipsecTunnel");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.7"), "ipsecUser");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.8"), "timeStamping");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.9"), "OCSPSigning");
};
/**
* Vector of KeyUsages for this object.
*/
@ -198,11 +178,12 @@ implements CertAttrSet<String> {
usage += "\n ";
}
String result = map.get(oid);
if (result != null) {
usage += result;
String res = oid.toString();
KnownOIDs os = KnownOIDs.findMatch(res);
if (os != null) {
usage += os.stdName();
} else {
usage += oid.toString();
usage += res;
}
first = false;
}

7
src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java

@ -29,10 +29,7 @@ import java.io.IOException;
import java.io.OutputStream;
import java.util.Enumeration;
import sun.security.util.Debug;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import sun.security.util.*;
/**
* This class represents the Inhibit Any-Policy Extension.
@ -76,7 +73,7 @@ implements CertAttrSet<String> {
* Object identifier for "any-policy"
*/
public static ObjectIdentifier AnyPolicy_Id =
ObjectIdentifier.of("2.5.29.32.0");
ObjectIdentifier.of(KnownOIDs.CE_CERT_POLICIES_ANY);
/**
* Attribute names.

2
src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java

@ -73,7 +73,7 @@ implements CertAttrSet<String> {
* Object identifier for the Netscape-Cert-Type extension.
*/
public static ObjectIdentifier NetscapeCertType_Id =
ObjectIdentifier.of("2.16.840.1.113730.1.1");
ObjectIdentifier.of(KnownOIDs.NETSCAPE_CertType);
private boolean[] bitString;

4
src/java.base/share/classes/sun/security/x509/OIDMap.java

@ -136,7 +136,7 @@ public class OIDMap {
addInternal(POLICY_CONSTRAINTS, PKIXExtensions.PolicyConstraints_Id,
"sun.security.x509.PolicyConstraintsExtension");
addInternal(NETSCAPE_CERT,
ObjectIdentifier.of("2.16.840.1.113730.1.1"),
ObjectIdentifier.of(KnownOIDs.NETSCAPE_CertType),
"sun.security.x509.NetscapeCertTypeExtension");
addInternal(CERT_POLICIES, PKIXExtensions.CertificatePolicies_Id,
"sun.security.x509.CertificatePoliciesExtension");
@ -227,7 +227,7 @@ public class OIDMap {
throws CertificateException {
ObjectIdentifier objId;
try {
objId = new ObjectIdentifier(oid);
objId = ObjectIdentifier.of(oid);
} catch (IOException ioe) {
throw new CertificateException
("Invalid Object identifier: " + oid);

4
src/java.base/share/classes/sun/security/x509/OIDName.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -69,7 +69,7 @@ public class OIDName implements GeneralNameInterface {
*/
public OIDName(String name) throws IOException {
try {
oid = new ObjectIdentifier(name);
oid = ObjectIdentifier.of(name);
} catch (Exception e) {
throw new IOException("Unable to create OIDName: " + e);
}

54
src/java.base/share/classes/sun/security/x509/PKIXExtensions.java

@ -51,112 +51,112 @@ public class PKIXExtensions {
* Identifies the particular public key used to sign the certificate.
*/
public static final ObjectIdentifier AuthorityKey_Id =
ObjectIdentifier.of("2.5.29.35");
ObjectIdentifier.of(KnownOIDs.AuthorityKeyID);
/**
* Identifies the particular public key used in an application.
*/
public static final ObjectIdentifier SubjectKey_Id =
ObjectIdentifier.of("2.5.29.14");
ObjectIdentifier.of(KnownOIDs.SubjectKeyID);
/**
* Defines the purpose of the key contained in the certificate.
*/
public static final ObjectIdentifier KeyUsage_Id =
ObjectIdentifier.of("2.5.29.15");
ObjectIdentifier.of(KnownOIDs.KeyUsage);
/**
* Allows the certificate issuer to specify a different validity period
* for the private key than the certificate.
*/
public static final ObjectIdentifier PrivateKeyUsage_Id =
ObjectIdentifier.of("2.5.29.16");
ObjectIdentifier.of(KnownOIDs.PrivateKeyUsage);
/**
* Contains the sequence of policy information terms.
*/
public static final ObjectIdentifier CertificatePolicies_Id =
ObjectIdentifier.of("2.5.29.32");
ObjectIdentifier.of(KnownOIDs.CertificatePolicies);
/**
* Lists pairs of object identifiers of policies considered equivalent by
* the issuing CA to the subject CA.
*/
public static final ObjectIdentifier PolicyMappings_Id =
ObjectIdentifier.of("2.5.29.33");
ObjectIdentifier.of(KnownOIDs.PolicyMappings);
/**
* Allows additional identities to be bound to the subject of the
* certificate.
*/
public static final ObjectIdentifier SubjectAlternativeName_Id =
ObjectIdentifier.of("2.5.29.17");
ObjectIdentifier.of(KnownOIDs.SubjectAlternativeName);
/**
* Allows additional identities to be associated with the certificate
* issuer.
*/
public static final ObjectIdentifier IssuerAlternativeName_Id =
ObjectIdentifier.of("2.5.29.18");
ObjectIdentifier.of(KnownOIDs.IssuerAlternativeName);
/**
* Identifies additional directory attributes.
* This extension is always non-critical.
*/
public static final ObjectIdentifier SubjectDirectoryAttributes_Id =
ObjectIdentifier.of("2.5.29.9");
ObjectIdentifier.of(KnownOIDs.SubjectDirectoryAttributes);
/**
* Identifies whether the subject of the certificate is a CA and how deep
* a certification path may exist through that CA.
*/
public static final ObjectIdentifier BasicConstraints_Id =
ObjectIdentifier.of("2.5.29.19");
ObjectIdentifier.of(KnownOIDs.BasicConstraints);
/**
* Provides for permitted and excluded subtrees that place restrictions
* on names that may be included within a certificate issued by a given CA.
*/
public static final ObjectIdentifier NameConstraints_Id =
ObjectIdentifier.of("2.5.29.30");
ObjectIdentifier.of(KnownOIDs.NameConstraints);
/**
* Used to either prohibit policy mapping or limit the set of policies
* that can be in subsequent certificates.
*/
public static final ObjectIdentifier PolicyConstraints_Id =
ObjectIdentifier.of("2.5.29.36");
ObjectIdentifier.of(KnownOIDs.PolicyConstraints);
/**
* Identifies how CRL information is obtained.
*/
public static final ObjectIdentifier CRLDistributionPoints_Id =
ObjectIdentifier.of("2.5.29.31");
ObjectIdentifier.of(KnownOIDs.CRLDistributionPoints);
/**
* Conveys a monotonically increasing sequence number for each CRL
* issued by a given CA.
*/
public static final ObjectIdentifier CRLNumber_Id =
ObjectIdentifier.of("2.5.29.20");
ObjectIdentifier.of(KnownOIDs.CRLNumber);
/**
* Identifies the CRL distribution point for a particular CRL.
*/
public static final ObjectIdentifier IssuingDistributionPoint_Id =
ObjectIdentifier.of("2.5.29.28");
ObjectIdentifier.of(KnownOIDs.IssuingDistributionPoint);
/**
* Identifies the delta CRL.
*/
public static final ObjectIdentifier DeltaCRLIndicator_Id =
ObjectIdentifier.of("2.5.29.27");
ObjectIdentifier.of(KnownOIDs.DeltaCRLIndicator);
/**
* Identifies the reason for the certificate revocation.
*/
public static final ObjectIdentifier ReasonCode_Id =
ObjectIdentifier.of("2.5.29.21");
ObjectIdentifier.of(KnownOIDs.ReasonCode);
/**
* This extension provides a registered instruction identifier indicating
@ -164,34 +164,34 @@ public class PKIXExtensions {
* placed on hold.
*/
public static final ObjectIdentifier HoldInstructionCode_Id =
ObjectIdentifier.of("2.5.29.23");
ObjectIdentifier.of(KnownOIDs.HoldInstructionCode);
/**
* Identifies the date on which it is known or suspected that the private
* key was compromised or that the certificate otherwise became invalid.
*/
public static final ObjectIdentifier InvalidityDate_Id =
ObjectIdentifier.of("2.5.29.24");
ObjectIdentifier.of(KnownOIDs.InvalidityDate);
/**
* Identifies one or more purposes for which the certified public key
* may be used, in addition to or in place of the basic purposes
* indicated in the key usage extension field.
*/
public static final ObjectIdentifier ExtendedKeyUsage_Id =
ObjectIdentifier.of("2.5.29.37");
ObjectIdentifier.of(KnownOIDs.extendedKeyUsage);
/**
* Specifies whether any-policy policy OID is permitted
*/
public static final ObjectIdentifier InhibitAnyPolicy_Id =
ObjectIdentifier.of("2.5.29.54");
ObjectIdentifier.of(KnownOIDs.InhibitAnyPolicy);
/**
* Identifies the certificate issuer associated with an entry in an
* indirect CRL.
*/
public static final ObjectIdentifier CertificateIssuer_Id =
ObjectIdentifier.of("2.5.29.29");
ObjectIdentifier.of(KnownOIDs.CertificateIssuer);
/**
* This extension indicates how to access CA information and services for
@ -200,32 +200,32 @@ public class PKIXExtensions {
* services.
*/
public static final ObjectIdentifier AuthInfoAccess_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.1.1");
ObjectIdentifier.of(KnownOIDs.AuthInfoAccess);
/**
* This extension indicates how to access CA information and services for
* the subject of the certificate in which the extension appears.
*/
public static final ObjectIdentifier SubjectInfoAccess_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.1.11");
ObjectIdentifier.of(KnownOIDs.SubjectInfoAccess);
/**
* Identifies how delta CRL information is obtained.
*/
public static final ObjectIdentifier FreshestCRL_Id =
ObjectIdentifier.of("2.5.29.46");
ObjectIdentifier.of(KnownOIDs.FreshestCRL);
/**
* Identifies the OCSP client can trust the responder for the
* lifetime of the responder's certificate.
*/
public static final ObjectIdentifier OCSPNoCheck_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.5");
ObjectIdentifier.of(KnownOIDs.OCSPNoCheck);
/**
* This extension is used to provide nonce data for OCSP requests
* or responses.
*/
public static final ObjectIdentifier OCSPNonce_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.2");
ObjectIdentifier.of(KnownOIDs.OCSPNonceExt);
}

34
src/java.base/share/classes/sun/security/x509/X500Name.java

@ -1105,80 +1105,80 @@ public class X500Name implements GeneralNameInterface, Principal {
// OID for the "CN=" attribute, denoting a person's common name.
public static final ObjectIdentifier commonName_oid =
ObjectIdentifier.of("2.5.4.3");
ObjectIdentifier.of(KnownOIDs.CommonName);
// OID for the "SURNAME=" attribute, denoting a person's surname.
public static final ObjectIdentifier SURNAME_OID =
ObjectIdentifier.of("2.5.4.4");
ObjectIdentifier.of(KnownOIDs.Surname);
// OID for the "SERIALNUMBER=" attribute, denoting a serial number for.
// a name. Do not confuse with PKCS#9 issuerAndSerialNumber or the
// certificate serial number.
public static final ObjectIdentifier SERIALNUMBER_OID =
ObjectIdentifier.of("2.5.4.5");
ObjectIdentifier.of(KnownOIDs.SerialNumber);
// OID for the "C=" attribute, denoting a country.
public static final ObjectIdentifier countryName_oid =
ObjectIdentifier.of("2.5.4.6");
ObjectIdentifier.of(KnownOIDs.CountryName);
// OID for the "L=" attribute, denoting a locality (such as a city).
public static final ObjectIdentifier localityName_oid =
ObjectIdentifier.of("2.5.4.7");
ObjectIdentifier.of(KnownOIDs.LocalityName);
// OID for the "S=" attribute, denoting a state (such as Delaware).
public static final ObjectIdentifier stateName_oid =
ObjectIdentifier.of("2.5.4.8");
ObjectIdentifier.of(KnownOIDs.StateName);
// OID for the "STREET=" attribute, denoting a street address.
public static final ObjectIdentifier streetAddress_oid =
ObjectIdentifier.of("2.5.4.9");
ObjectIdentifier.of(KnownOIDs.StreetAddress);
// OID for the "O=" attribute, denoting an organization name.
public static final ObjectIdentifier orgName_oid =
ObjectIdentifier.of("2.5.4.10");
ObjectIdentifier.of(KnownOIDs.OrgName);
// OID for the "OU=" attribute, denoting an organizational unit name.
public static final ObjectIdentifier orgUnitName_oid =
ObjectIdentifier.of("2.5.4.11");
ObjectIdentifier.of(KnownOIDs.OrgUnitName);
// OID for the "T=" attribute, denoting a person's title.
public static final ObjectIdentifier title_oid =
ObjectIdentifier.of("2.5.4.12");
ObjectIdentifier.of(KnownOIDs.Title);
// OID for the "GIVENNAME=" attribute, denoting a person's given name.
public static final ObjectIdentifier GIVENNAME_OID =
ObjectIdentifier.of("2.5.4.42");
ObjectIdentifier.of(KnownOIDs.GivenName);
// OID for the "INITIALS=" attribute, denoting a person's initials.
public static final ObjectIdentifier INITIALS_OID =
ObjectIdentifier.of("2.5.4.43");
ObjectIdentifier.of(KnownOIDs.Initials);
// OID for the "GENERATION=" attribute, denoting Jr., II, etc.
public static final ObjectIdentifier GENERATIONQUALIFIER_OID =
ObjectIdentifier.of("2.5.4.44");
ObjectIdentifier.of(KnownOIDs.GenerationQualifier);
// OID for the "DNQUALIFIER=" or "DNQ=" attribute, denoting DN
// disambiguating information.
public static final ObjectIdentifier DNQUALIFIER_OID =
ObjectIdentifier.of("2.5.4.46");
ObjectIdentifier.of(KnownOIDs.DNQualifier);
// OIDs from other sources which show up in X.500 names we
// expect to deal with often.
//
// OID for "IP=" IP address attributes, used with SKIP.
public static final ObjectIdentifier ipAddress_oid =
ObjectIdentifier.of("1.3.6.1.4.1.42.2.11.2.1");
ObjectIdentifier.of(KnownOIDs.SkipIPAddress);
// Domain component OID from RFC 1274, RFC 2247, RFC 5280.
//
// OID for "DC=" domain component attributes.used with DNSNames in DN
// format.
public static final ObjectIdentifier DOMAIN_COMPONENT_OID =
ObjectIdentifier.of("0.9.2342.19200300.100.1.25");
ObjectIdentifier.of(KnownOIDs.UCL_DomainComponent);
// OID for "UID=" denoting a user id, defined in RFCs 1274 & 2798.
public static final ObjectIdentifier userid_oid =
ObjectIdentifier.of("0.9.2342.19200300.100.1.1");
ObjectIdentifier.of(KnownOIDs.UCL_UserID);
/**
* Return constraint type:<ul>

7
src/java.base/share/classes/sun/security/x509/X509CRLEntryImpl.java

@ -252,7 +252,8 @@ public class X509CRLEntryImpl extends X509CRLEntry
*/
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
byte[] ext = crlEntry.getExtensionValue
(KnownOIDs.ReasonCode.value());
if (ext == null) {
return null;
}
@ -402,11 +403,11 @@ public class X509CRLEntryImpl extends X509CRLEntry
if (extensions == null)
return null;
try {
String extAlias = OIDMap.getName(new ObjectIdentifier(oid));
String extAlias = OIDMap.getName(ObjectIdentifier.of(oid));
Extension crlExt = null;
if (extAlias == null) { // may be unknown
ObjectIdentifier findOID = new ObjectIdentifier(oid);
ObjectIdentifier findOID = ObjectIdentifier.of(oid);
Extension ex = null;
ObjectIdentifier inCertOID;
for (Enumeration<Extension> e = extensions.getElements();

4
src/java.base/share/classes/sun/security/x509/X509CRLImpl.java

@ -1036,11 +1036,11 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
if (extensions == null)
return null;
try {
String extAlias = OIDMap.getName(new ObjectIdentifier(oid));
String extAlias = OIDMap.getName(ObjectIdentifier.of(oid));
Extension crlExt = null;
if (extAlias == null) { // may be unknown
ObjectIdentifier findOID = new ObjectIdentifier(oid);
ObjectIdentifier findOID = ObjectIdentifier.of(oid);
Extension ex = null;
ObjectIdentifier inCertOID;
for (Enumeration<Extension> e = extensions.getElements();

19
src/java.base/share/classes/sun/security/x509/X509CertImpl.java

@ -128,14 +128,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
protected AlgorithmId algId = null;
protected byte[] signature = null;
// recognized extension OIDS
private static final String KEY_USAGE_OID = "2.5.29.15";
private static final String EXTENDED_KEY_USAGE_OID = "2.5.29.37";
private static final String BASIC_CONSTRAINT_OID = "2.5.29.19";
private static final String SUBJECT_ALT_NAME_OID = "2.5.29.17";
private static final String ISSUER_ALT_NAME_OID = "2.5.29.18";
private static final String AUTH_INFO_ACCESS_OID = "1.3.6.1.5.5.7.1.1";
// number of standard key usage bits.
private static final int NUM_STANDARD_KEY_USAGE = 9;
@ -1423,7 +1415,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
*/
public byte[] getExtensionValue(String oid) {
try {
ObjectIdentifier findOID = new ObjectIdentifier(oid);
ObjectIdentifier findOID = ObjectIdentifier.of(oid);
String extAlias = OIDMap.getName(findOID);
Extension certExt = null;
CertificateExtensions exts = (CertificateExtensions)info.get(
@ -1526,7 +1518,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public static List<String> getExtendedKeyUsage(X509Certificate cert)
throws CertificateParsingException {
try {
byte[] ext = cert.getExtensionValue(EXTENDED_KEY_USAGE_OID);
byte[] ext = cert.getExtensionValue
(KnownOIDs.extendedKeyUsage.value());
if (ext == null)
return null;
DerValue val = new DerValue(ext);
@ -1696,7 +1689,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public static Collection<List<?>> getSubjectAlternativeNames(X509Certificate cert)
throws CertificateParsingException {
try {
byte[] ext = cert.getExtensionValue(SUBJECT_ALT_NAME_OID);
byte[] ext = cert.getExtensionValue
(KnownOIDs.SubjectAlternativeName.value());
if (ext == null) {
return null;
}
@ -1759,7 +1753,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public static Collection<List<?>> getIssuerAlternativeNames(X509Certificate cert)
throws CertificateParsingException {
try {
byte[] ext = cert.getExtensionValue(ISSUER_ALT_NAME_OID);
byte[] ext = cert.getExtensionValue
(KnownOIDs.IssuerAlternativeName.value());
if (ext == null) {
return null;
}

4
src/java.security.jgss/share/classes/org/ietf/jgss/Oid.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -65,7 +65,7 @@ public class Oid {
public Oid(String strOid) throws GSSException {
try {
oid = new ObjectIdentifier(strOid);
oid = ObjectIdentifier.of(strOid);
derEncoding = null;
} catch (Exception e) {
throw new GSSException(GSSException.FAILURE,

4
src/java.security.jgss/share/classes/sun/security/jgss/GSSContextImpl.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -241,7 +241,7 @@ public class GSSContextImpl implements GSSContext {
mechCtxt.setChannelBinding(channelBindings);
mechCtxt.requestDelegPolicy(reqDelegPolicyState);
objId = new ObjectIdentifier(mechOid.toString());
objId = ObjectIdentifier.of(mechOid.toString());
currentState = IN_PROGRESS;
firstToken = true;

4
src/java.security.jgss/share/classes/sun/security/jgss/GSSNameImpl.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -403,7 +403,7 @@ public class GSSNameImpl implements GSSName {
ObjectIdentifier oid = null;
try {
oid = new ObjectIdentifier
oid = ObjectIdentifier.of
(mechElement.getMechanism().toString());
} catch (IOException e) {
throw new GSSExceptionImpl(GSSException.FAILURE,

4
src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Token.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -77,7 +77,7 @@ abstract class Krb5Token extends GSSToken {
static {
try {
OID = new ObjectIdentifier(Krb5MechFactory.
OID = ObjectIdentifier.of(Krb5MechFactory.
GSS_KRB5_MECH_OID.toString());
} catch (IOException ioe) {
// should not happen

4
src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoToken.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -68,7 +68,7 @@ abstract class SpNegoToken extends GSSToken {
static {
try {
OID = new ObjectIdentifier(SpNegoMechFactory.
OID = ObjectIdentifier.of(SpNegoMechFactory.
GSS_SPNEGO_MECH_OID.toString());
} catch (IOException ioe) {
// should not happen

4
src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -130,7 +130,7 @@ public class GSSNameElement implements GSSNameSpi {
DerOutputStream dout = new DerOutputStream();
Oid mech = cStub.getMech();
try {
dout.putOID(new ObjectIdentifier(mech.toString()));
dout.putOID(ObjectIdentifier.of(mech.toString()));
} catch (IOException e) {
throw new GSSExceptionImpl(GSSException.FAILURE, e);
}

4
src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -164,7 +164,7 @@ class NativeGSSContext implements GSSContextSpi {
SunNativeProvider.debug("Precomputed mechToken length: " +
mechTokenLen);
GSSHeader gssHeader = new GSSHeader
(new ObjectIdentifier(cStub.getMech().toString()),
(ObjectIdentifier.of(cStub.getMech().toString()),
mechTokenLen);
ByteArrayOutputStream baos = new ByteArrayOutputStream(600);

208
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -45,6 +45,7 @@ import javax.security.auth.callback.TextOutputCallback;
import sun.security.util.Debug;
import sun.security.util.ResourcesMgr;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.util.SecurityProviderConstants.getAliases;
import sun.security.pkcs11.Secmod.*;
@ -405,19 +406,15 @@ public final class SunPKCS11 extends AuthProvider {
return System.identityHashCode(this);
}
private static String[] s(String ...aliases) {
return aliases;
}
private static final class Descriptor {
final String type;
final String algorithm;
final String className;
final String[] aliases;
final List<String> aliases;
final int[] mechanisms;
private Descriptor(String type, String algorithm, String className,
String[] aliases, int[] mechanisms) {
List<String> aliases, int[] mechanisms) {
this.type = type;
this.algorithm = algorithm;
this.className = className;
@ -460,10 +457,16 @@ public final class SunPKCS11 extends AuthProvider {
}
private static void d(String type, String algorithm, String className,
String[] aliases, int[] m) {
List<String> aliases, int[] m) {
register(new Descriptor(type, algorithm, className, aliases, m));
}
private static void dA(String type, String algorithm, String className,
int[] m) {
register(new Descriptor(type, algorithm, className,
getAliases(algorithm), m));
}
private static void register(Descriptor d) {
for (int i = 0; i < d.mechanisms.length; i++) {
int m = d.mechanisms[i];
@ -525,51 +528,37 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_MD2));
d(MD, "MD5", P11Digest,
m(CKM_MD5));
d(MD, "SHA1", P11Digest,
s("SHA", "SHA-1", "1.3.14.3.2.26", "OID.1.3.14.3.2.26"),
dA(MD, "SHA-1", P11Digest,
m(CKM_SHA_1));
d(MD, "SHA-224", P11Digest,
s("2.16.840.1.101.3.4.2.4", "OID.2.16.840.1.101.3.4.2.4"),
dA(MD, "SHA-224", P11Digest,
m(CKM_SHA224));
d(MD, "SHA-256", P11Digest,
s("2.16.840.1.101.3.4.2.1", "OID.2.16.840.1.101.3.4.2.1"),
dA(MD, "SHA-256", P11Digest,
m(CKM_SHA256));
d(MD, "SHA-384", P11Digest,
s("2.16.840.1.101.3.4.2.2", "OID.2.16.840.1.101.3.4.2.2"),
dA(MD, "SHA-384", P11Digest,
m(CKM_SHA384));
d(MD, "SHA-512", P11Digest,
s("2.16.840.1.101.3.4.2.3", "OID.2.16.840.1.101.3.4.2.3"),
dA(MD, "SHA-512", P11Digest,
m(CKM_SHA512));
d(MD, "SHA-512/224", P11Digest,
s("2.16.840.1.101.3.4.2.5", "OID.2.16.840.1.101.3.4.2.5"),
dA(MD, "SHA-512/224", P11Digest,
m(CKM_SHA512_224));
d(MD, "SHA-512/256", P11Digest,
s("2.16.840.1.101.3.4.2.6", "OID.2.16.840.1.101.3.4.2.6"),
dA(MD, "SHA-512/256", P11Digest,
m(CKM_SHA512_256));
d(MAC, "HmacMD5", P11MAC,
m(CKM_MD5_HMAC));
d(MAC, "HmacSHA1", P11MAC,
s("1.2.840.113549.2.7", "OID.1.2.840.113549.2.7"),
dA(MAC, "HmacSHA1", P11MAC,
m(CKM_SHA_1_HMAC));
d(MAC, "HmacSHA224", P11MAC,
s("1.2.840.113549.2.8", "OID.1.2.840.113549.2.8"),
dA(MAC, "HmacSHA224", P11MAC,
m(CKM_SHA224_HMAC));
d(MAC, "HmacSHA256", P11MAC,
s("1.2.840.113549.2.9", "OID.1.2.840.113549.2.9"),
dA(MAC, "HmacSHA256", P11MAC,
m(CKM_SHA256_HMAC));
d(MAC, "HmacSHA384", P11MAC,
s("1.2.840.113549.2.10", "OID.1.2.840.113549.2.10"),
dA(MAC, "HmacSHA384", P11MAC,
m(CKM_SHA384_HMAC));
d(MAC, "HmacSHA512", P11MAC,
s("1.2.840.113549.2.11", "OID.1.2.840.113549.2.11"),
dA(MAC, "HmacSHA512", P11MAC,
m(CKM_SHA512_HMAC));
d(MAC, "HmacSHA512/224", P11MAC,
s("1.2.840.113549.2.12", "OID.1.2.840.113549.2.12"),
dA(MAC, "HmacSHA512/224", P11MAC,
m(CKM_SHA512_224_HMAC));
d(MAC, "HmacSHA512/256", P11MAC,
s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"),
dA(MAC, "HmacSHA512/256", P11MAC,
m(CKM_SHA512_256_HMAC));
d(MAC, "SslMacMD5", P11MAC,
@ -578,18 +567,20 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_SSL3_SHA1_MAC));
d(KPG, "RSA", P11KeyPairGenerator,
s("1.2.840.113549.1.1", "OID.1.2.840.113549.1.1"),
getAliases("PKCS1"),
m(CKM_RSA_PKCS_KEY_PAIR_GEN));
d(KPG, "DSA", P11KeyPairGenerator,
s("1.3.14.3.2.12", "1.2.840.10040.4.1", "OID.1.2.840.10040.4.1"),
List<String> dhAlias = List.of("DiffieHellman");
dA(KPG, "DSA", P11KeyPairGenerator,
m(CKM_DSA_KEY_PAIR_GEN));
d(KPG, "DH", P11KeyPairGenerator, s("DiffieHellman"),
d(KPG, "DH", P11KeyPairGenerator,
dhAlias,
m(CKM_DH_PKCS_KEY_PAIR_GEN));
d(KPG, "EC", P11KeyPairGenerator,
m(CKM_EC_KEY_PAIR_GEN));
d(KG, "ARCFOUR", P11KeyGenerator, s("RC4"),
dA(KG, "ARCFOUR", P11KeyGenerator,
m(CKM_RC4_KEY_GEN));
d(KG, "DES", P11KeyGenerator,
m(CKM_DES_KEY_GEN));
@ -603,12 +594,12 @@ public final class SunPKCS11 extends AuthProvider {
// register (Secret)KeyFactories if there are any mechanisms
// for a particular algorithm that we support
d(KF, "RSA", P11RSAKeyFactory,
s("1.2.840.113549.1.1", "OID.1.2.840.113549.1.1"),
getAliases("PKCS1"),
m(CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_RSA_PKCS, CKM_RSA_X_509));
d(KF, "DSA", P11DSAKeyFactory,
s("1.3.14.3.2.12", "1.2.840.10040.4.1", "OID.1.2.840.10040.4.1"),
dA(KF, "DSA", P11DSAKeyFactory,
m(CKM_DSA_KEY_PAIR_GEN, CKM_DSA, CKM_DSA_SHA1));
d(KF, "DH", P11DHKeyFactory, s("DiffieHellman"),
d(KF, "DH", P11DHKeyFactory,
dhAlias,
m(CKM_DH_PKCS_KEY_PAIR_GEN, CKM_DH_PKCS_DERIVE));
d(KF, "EC", P11DHKeyFactory,
m(CKM_EC_KEY_PAIR_GEN, CKM_ECDH1_DERIVE,
@ -616,8 +607,7 @@ public final class SunPKCS11 extends AuthProvider {
// AlgorithmParameters for EC.
// Only needed until we have an EC implementation in the SUN provider.
d(AGP, "EC", "sun.security.util.ECParameters",
s("1.2.840.10045.2.1"),
dA(AGP, "EC", "sun.security.util.ECParameters",
m(CKM_EC_KEY_PAIR_GEN, CKM_ECDH1_DERIVE,
CKM_ECDSA, CKM_ECDSA_SHA1));
@ -625,25 +615,25 @@ public final class SunPKCS11 extends AuthProvider {
d(AGP, "GCM", "sun.security.util.GCMParameters",
m(CKM_AES_GCM));
d(KA, "DH", P11KeyAgreement, s("DiffieHellman"),
d(KA, "DH", P11KeyAgreement,
dhAlias,
m(CKM_DH_PKCS_DERIVE));
d(KA, "ECDH", "sun.security.pkcs11.P11ECDHKeyAgreement",
m(CKM_ECDH1_DERIVE));
d(SKF, "ARCFOUR", P11SecretKeyFactory, s("RC4"),
dA(SKF, "ARCFOUR", P11SecretKeyFactory,
m(CKM_RC4));
d(SKF, "DES", P11SecretKeyFactory,
m(CKM_DES_CBC));
d(SKF, "DESede", P11SecretKeyFactory,
m(CKM_DES3_CBC));
d(SKF, "AES", P11SecretKeyFactory,
s("2.16.840.1.101.3.4.1", "OID.2.16.840.1.101.3.4.1"),
dA(SKF, "AES", P11SecretKeyFactory,
m(CKM_AES_CBC));
d(SKF, "Blowfish", P11SecretKeyFactory,
m(CKM_BLOWFISH_CBC));
// XXX attributes for Ciphers (supported modes, padding)
d(CIP, "ARCFOUR", P11Cipher, s("RC4"),
dA(CIP, "ARCFOUR", P11Cipher,
m(CKM_RC4));
d(CIP, "DES/CBC/NoPadding", P11Cipher,
m(CKM_DES_CBC));
@ -651,7 +641,8 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_DES_CBC_PAD, CKM_DES_CBC));
d(CIP, "DES/ECB/NoPadding", P11Cipher,
m(CKM_DES_ECB));
d(CIP, "DES/ECB/PKCS5Padding", P11Cipher, s("DES"),
d(CIP, "DES/ECB/PKCS5Padding", P11Cipher,
List.of("DES"),
m(CKM_DES_ECB));
d(CIP, "DESede/CBC/NoPadding", P11Cipher,
@ -660,47 +651,40 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_DES3_CBC_PAD, CKM_DES3_CBC));
d(CIP, "DESede/ECB/NoPadding", P11Cipher,
m(CKM_DES3_ECB));
d(CIP, "DESede/ECB/PKCS5Padding", P11Cipher, s("DESede"),
d(CIP, "DESede/ECB/PKCS5Padding", P11Cipher,
List.of("DESede"),
m(CKM_DES3_ECB));
d(CIP, "AES/CBC/NoPadding", P11Cipher,
m(CKM_AES_CBC));
d(CIP, "AES_128/CBC/NoPadding", P11Cipher,
s("2.16.840.1.101.3.4.1.2", "OID.2.16.840.1.101.3.4.1.2"),
dA(CIP, "AES_128/CBC/NoPadding", P11Cipher,
m(CKM_AES_CBC));
d(CIP, "AES_192/CBC/NoPadding", P11Cipher,
s("2.16.840.1.101.3.4.1.22", "OID.2.16.840.1.101.3.4.1.22"),
dA(CIP, "AES_192/CBC/NoPadding", P11Cipher,
m(CKM_AES_CBC));
d(CIP, "AES_256/CBC/NoPadding", P11Cipher,
s("2.16.840.1.101.3.4.1.42", "OID.2.16.840.1.101.3.4.1.42"),
dA(CIP, "AES_256/CBC/NoPadding", P11Cipher,
m(CKM_AES_CBC));
d(CIP, "AES/CBC/PKCS5Padding", P11Cipher,
m(CKM_AES_CBC_PAD, CKM_AES_CBC));
d(CIP, "AES/ECB/NoPadding", P11Cipher,
m(CKM_AES_ECB));
d(CIP, "AES_128/ECB/NoPadding", P11Cipher,
s("2.16.840.1.101.3.4.1.1", "OID.2.16.840.1.101.3.4.1.1"),
dA(CIP, "AES_128/ECB/NoPadding", P11Cipher,
m(CKM_AES_ECB));
d(CIP, "AES_192/ECB/NoPadding", P11Cipher,
s("2.16.840.1.101.3.4.1.21", "OID.2.16.840.1.101.3.4.1.21"),
dA(CIP, "AES_192/ECB/NoPadding", P11Cipher,
m(CKM_AES_ECB));
d(CIP, "AES_256/ECB/NoPadding", P11Cipher,
s("2.16.840.1.101.3.4.1.41", "OID.2.16.840.1.101.3.4.1.41"),
dA(CIP, "AES_256/ECB/NoPadding", P11Cipher,
m(CKM_AES_ECB));
d(CIP, "AES/ECB/PKCS5Padding", P11Cipher, s("AES"),
d(CIP, "AES/ECB/PKCS5Padding", P11Cipher,
List.of("AES"),
m(CKM_AES_ECB));
d(CIP, "AES/CTR/NoPadding", P11Cipher,
m(CKM_AES_CTR));
d(CIP, "AES/GCM/NoPadding", P11AEADCipher,
m(CKM_AES_GCM));
d(CIP, "AES_128/GCM/NoPadding", P11AEADCipher,
s("2.16.840.1.101.3.4.1.6", "OID.2.16.840.1.101.3.4.1.6"),
dA(CIP, "AES_128/GCM/NoPadding", P11AEADCipher,
m(CKM_AES_GCM));
d(CIP, "AES_192/GCM/NoPadding", P11AEADCipher,
s("2.16.840.1.101.3.4.1.26", "OID.2.16.840.1.101.3.4.1.26"),
dA(CIP, "AES_192/GCM/NoPadding", P11AEADCipher,
m(CKM_AES_GCM));
d(CIP, "AES_256/GCM/NoPadding", P11AEADCipher,
s("2.16.840.1.101.3.4.1.46", "OID.2.16.840.1.101.3.4.1.46"),
dA(CIP, "AES_256/GCM/NoPadding", P11AEADCipher,
m(CKM_AES_GCM));
d(CIP, "Blowfish/CBC/NoPadding", P11Cipher,
@ -708,52 +692,43 @@ public final class SunPKCS11 extends AuthProvider {
d(CIP, "Blowfish/CBC/PKCS5Padding", P11Cipher,
m(CKM_BLOWFISH_CBC));
d(CIP, "RSA/ECB/PKCS1Padding", P11RSACipher, s("RSA"),
d(CIP, "RSA/ECB/PKCS1Padding", P11RSACipher,
List.of("RSA"),
m(CKM_RSA_PKCS));
d(CIP, "RSA/ECB/NoPadding", P11RSACipher,
m(CKM_RSA_X_509));
d(SIG, "RawDSA", P11Signature, s("NONEwithDSA"),
d(SIG, "RawDSA", P11Signature,
List.of("NONEwithDSA"),
m(CKM_DSA));
d(SIG, "DSA", P11Signature,
s("SHA1withDSA", "1.3.14.3.2.13", "1.3.14.3.2.27",
"1.2.840.10040.4.3", "OID.1.2.840.10040.4.3"),
dA(SIG, "SHA1withDSA", P11Signature,
m(CKM_DSA_SHA1, CKM_DSA));
d(SIG, "SHA224withDSA", P11Signature,
s("2.16.840.1.101.3.4.3.1", "OID.2.16.840.1.101.3.4.3.1"),
dA(SIG, "SHA224withDSA", P11Signature,
m(CKM_DSA_SHA224));
d(SIG, "SHA256withDSA", P11Signature,
s("2.16.840.1.101.3.4.3.2", "OID.2.16.840.1.101.3.4.3.2"),
dA(SIG, "SHA256withDSA", P11Signature,
m(CKM_DSA_SHA256));
d(SIG, "SHA384withDSA", P11Signature,
s("2.16.840.1.101.3.4.3.3", "OID.2.16.840.1.101.3.4.3.3"),
dA(SIG, "SHA384withDSA", P11Signature,
m(CKM_DSA_SHA384));
d(SIG, "SHA512withDSA", P11Signature,
s("2.16.840.1.101.3.4.3.4", "OID.2.16.840.1.101.3.4.3.4"),
dA(SIG, "SHA512withDSA", P11Signature,
m(CKM_DSA_SHA512));
d(SIG, "RawDSAinP1363Format", P11Signature,
s("NONEwithDSAinP1363Format"),
List.of("NONEwithDSAinP1363Format"),
m(CKM_DSA));
d(SIG, "DSAinP1363Format", P11Signature,
s("SHA1withDSAinP1363Format"),
List.of("SHA1withDSAinP1363Format"),
m(CKM_DSA_SHA1, CKM_DSA));
d(SIG, "NONEwithECDSA", P11Signature,
m(CKM_ECDSA));
d(SIG, "SHA1withECDSA", P11Signature,
s("ECDSA", "1.2.840.10045.4.1", "OID.1.2.840.10045.4.1"),
dA(SIG, "SHA1withECDSA", P11Signature,
m(CKM_ECDSA_SHA1, CKM_ECDSA));
d(SIG, "SHA224withECDSA", P11Signature,
s("1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"),
dA(SIG, "SHA224withECDSA", P11Signature,
m(CKM_ECDSA));
d(SIG, "SHA256withECDSA", P11Signature,
s("1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"),
dA(SIG, "SHA256withECDSA", P11Signature,
m(CKM_ECDSA));
d(SIG, "SHA384withECDSA", P11Signature,
s("1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3"),
dA(SIG, "SHA384withECDSA", P11Signature,
m(CKM_ECDSA));
d(SIG, "SHA512withECDSA", P11Signature,
s("1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4"),
dA(SIG, "SHA512withECDSA", P11Signature,
m(CKM_ECDSA));
d(SIG, "NONEwithECDSAinP1363Format", P11Signature,
m(CKM_ECDSA));
@ -767,30 +742,21 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_ECDSA));
d(SIG, "SHA512withECDSAinP1363Format", P11Signature,
m(CKM_ECDSA));
d(SIG, "MD2withRSA", P11Signature,
s("1.2.840.113549.1.1.2", "OID.1.2.840.113549.1.1.2"),
dA(SIG, "MD2withRSA", P11Signature,
m(CKM_MD2_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "MD5withRSA", P11Signature,
s("1.2.840.113549.1.1.4", "OID.1.2.840.113549.1.1.4"),
dA(SIG, "MD5withRSA", P11Signature,
m(CKM_MD5_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "SHA1withRSA", P11Signature,
s("1.2.840.113549.1.1.5", "OID.1.2.840.113549.1.1.5",
"1.3.14.3.2.29"),
dA(SIG, "SHA1withRSA", P11Signature,
m(CKM_SHA1_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "SHA224withRSA", P11Signature,
s("1.2.840.113549.1.1.14", "OID.1.2.840.113549.1.1.14"),
dA(SIG, "SHA224withRSA", P11Signature,
m(CKM_SHA224_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "SHA256withRSA", P11Signature,
s("1.2.840.113549.1.1.11", "OID.1.2.840.113549.1.1.11"),
dA(SIG, "SHA256withRSA", P11Signature,
m(CKM_SHA256_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "SHA384withRSA", P11Signature,
s("1.2.840.113549.1.1.12", "OID.1.2.840.113549.1.1.12"),
dA(SIG, "SHA384withRSA", P11Signature,
m(CKM_SHA384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "SHA512withRSA", P11Signature,
s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"),
dA(SIG, "SHA512withRSA", P11Signature,
m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "RSASSA-PSS", P11PSSSignature,
s("1.2.840.113549.1.1.10", "OID.1.2.840.113549.1.1.10"),
dA(SIG, "RSASSA-PSS", P11PSSSignature,
m(CKM_RSA_PKCS_PSS));
d(SIG, "SHA1withRSASSA-PSS", P11PSSSignature,
m(CKM_SHA1_RSA_PKCS_PSS));
@ -805,7 +771,7 @@ public final class SunPKCS11 extends AuthProvider {
d(KG, "SunTlsRsaPremasterSecret",
"sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator",
s("SunTls12RsaPremasterSecret"),
List.of("SunTls12RsaPremasterSecret"),
m(CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_PRE_MASTER_KEY_GEN));
d(KG, "SunTlsMasterSecret",
"sun.security.pkcs11.P11TlsMasterSecretGenerator",
@ -1048,7 +1014,7 @@ public final class SunPKCS11 extends AuthProvider {
if (config.isEnabled(PCKM_KEYSTORE)) {
putService(new P11Service(token, KS, "PKCS11",
"sun.security.pkcs11.P11KeyStore",
s("PKCS11-" + config.getName()),
List.of("PKCS11-" + config.getName()),
PCKM_KEYSTORE));
}
return null;
@ -1065,17 +1031,13 @@ public final class SunPKCS11 extends AuthProvider {
private final long mechanism;
P11Service(Token token, String type, String algorithm,
String className, String[] al, long mechanism) {
super(token.provider, type, algorithm, className, toList(al),
String className, List<String> al, long mechanism) {
super(token.provider, type, algorithm, className, al,
type.equals(SR) ? Map.of("ThreadSafe", "true") : null);
this.token = token;
this.mechanism = mechanism & 0xFFFFFFFFL;
}
private static List<String> toList(String[] aliases) {
return (aliases == null) ? null : Arrays.asList(aliases);
}
public Object newInstance(Object param)
throws NoSuchAlgorithmException {
if (token.isValid() == false) {

99
src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java

@ -31,12 +31,10 @@ import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.ProviderException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.regex.Pattern;
import sun.security.ec.ed.EdDSAAlgorithmParameters;
import sun.security.ec.ed.EdDSAKeyFactory;
@ -46,6 +44,7 @@ import sun.security.util.CurveDB;
import sun.security.util.NamedCurve;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.util.SecurityProviderConstants.*;
/**
* Provider class for the Elliptic Curve provider.
@ -97,6 +96,13 @@ public final class SunEC extends Provider {
return SunEC.disableNative;
}
private static class ProviderServiceA extends ProviderService {
ProviderServiceA(Provider p, String type, String algo, String cn,
HashMap<String, String> attrs) {
super(p, type, algo, cn, getAliases(algo), attrs);
}
}
private static class ProviderService extends Provider.Service {
ProviderService(Provider p, String type, String algo, String cn) {
@ -104,9 +110,8 @@ public final class SunEC extends Provider {
}
ProviderService(Provider p, String type, String algo, String cn,
String[] aliases, HashMap<String, String> attrs) {
super(p, type, algo, cn,
(aliases == null? null : Arrays.asList(aliases)), attrs);
List<String> aliases, HashMap<String, String> attrs) {
super(p, type, algo, cn, aliases, attrs);
}
@Override
@ -232,7 +237,7 @@ public final class SunEC extends Provider {
*/
putService(new ProviderService(this, "KeyFactory",
"EC", "sun.security.ec.ECKeyFactory",
new String[] { "EllipticCurve" }, ATTRS));
List.of("EllipticCurve"), ATTRS));
/*
* Algorithm Parameter engine
@ -240,7 +245,6 @@ public final class SunEC extends Provider {
// "AlgorithmParameters.EC SupportedCurves" prop used by unit test
boolean firstCurve = true;
StringBuilder names = new StringBuilder();
Pattern nameSplitPattern = Pattern.compile(CurveDB.SPLIT_PATTERN);
Collection<? extends NamedCurve> supportedCurves;
if (SunEC.isNativeDisabled()) {
@ -260,10 +264,9 @@ public final class SunEC extends Provider {
}
names.append("[");
String[] commonNames = nameSplitPattern.split(namedCurve.getName());
String[] commonNames = namedCurve.getNameAndAliases();
for (String commonName : commonNames) {
names.append(commonName.trim());
names.append(commonName);
names.append(",");
}
@ -274,10 +277,8 @@ public final class SunEC extends Provider {
HashMap<String, String> apAttrs = new HashMap<>(ATTRS);
apAttrs.put("SupportedCurves", names.toString());
putService(new ProviderService(this, "AlgorithmParameters",
"EC", "sun.security.util.ECParameters",
new String[] { "EllipticCurve", "1.2.840.10045.2.1", "OID.1.2.840.10045.2.1" },
apAttrs));
putService(new ProviderServiceA(this, "AlgorithmParameters",
"EC", "sun.security.util.ECParameters", apAttrs));
putXDHEntries();
putEdDSAEntries();
@ -288,25 +289,20 @@ public final class SunEC extends Provider {
putService(new ProviderService(this, "Signature",
"NONEwithECDSA", "sun.security.ec.ECDSASignature$Raw",
null, ATTRS));
putService(new ProviderService(this, "Signature",
putService(new ProviderServiceA(this, "Signature",
"SHA1withECDSA", "sun.security.ec.ECDSASignature$SHA1",
new String[] { "1.2.840.10045.4.1", "OID.1.2.840.10045.4.1" },
ATTRS));
putService(new ProviderService(this, "Signature",
putService(new ProviderServiceA(this, "Signature",
"SHA224withECDSA", "sun.security.ec.ECDSASignature$SHA224",
new String[] { "1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"},
ATTRS));
putService(new ProviderService(this, "Signature",
putService(new ProviderServiceA(this, "Signature",
"SHA256withECDSA", "sun.security.ec.ECDSASignature$SHA256",
new String[] { "1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"},
ATTRS));
putService(new ProviderService(this, "Signature",
putService(new ProviderServiceA(this, "Signature",
"SHA384withECDSA", "sun.security.ec.ECDSASignature$SHA384",
new String[] { "1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3" },
ATTRS));
putService(new ProviderService(this, "Signature",
putService(new ProviderServiceA(this, "Signature",
"SHA512withECDSA", "sun.security.ec.ECDSASignature$SHA512",
new String[] { "1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4" },
ATTRS));
putService(new ProviderService(this, "Signature",
@ -333,7 +329,7 @@ public final class SunEC extends Provider {
*/
putService(new ProviderService(this, "KeyPairGenerator",
"EC", "sun.security.ec.ECKeyPairGenerator",
new String[] { "EllipticCurve" }, ATTRS));
List.of("EllipticCurve"), ATTRS));
/*
* Key Agreement engine
@ -350,31 +346,30 @@ public final class SunEC extends Provider {
/* XDH does not require native implementation */
putService(new ProviderService(this, "KeyFactory",
"XDH", "sun.security.ec.XDHKeyFactory", null, ATTRS));
putService(new ProviderService(this, "KeyFactory",
putService(new ProviderServiceA(this, "KeyFactory",
"X25519", "sun.security.ec.XDHKeyFactory.X25519",
new String[]{"1.3.101.110", "OID.1.3.101.110"}, ATTRS));
putService(new ProviderService(this, "KeyFactory",
ATTRS));
putService(new ProviderServiceA(this, "KeyFactory",
"X448", "sun.security.ec.XDHKeyFactory.X448",
new String[]{"1.3.101.111", "OID.1.3.101.111"}, ATTRS));
ATTRS));
putService(new ProviderService(this, "KeyPairGenerator",
"XDH", "sun.security.ec.XDHKeyPairGenerator", null, ATTRS));
putService(new ProviderService(this, "KeyPairGenerator",
putService(new ProviderServiceA(this, "KeyPairGenerator",
"X25519", "sun.security.ec.XDHKeyPairGenerator.X25519",
new String[]{"1.3.101.110", "OID.1.3.101.110"}, ATTRS));
putService(new ProviderService(this, "KeyPairGenerator",
ATTRS));
putService(new ProviderServiceA(this, "KeyPairGenerator",
"X448", "sun.security.ec.XDHKeyPairGenerator.X448",
new String[]{"1.3.101.111", "OID.1.3.101.111"}, ATTRS));
ATTRS));
putService(new ProviderService(this, "KeyAgreement",
"XDH", "sun.security.ec.XDHKeyAgreement", null, ATTRS));
putService(new ProviderService(this, "KeyAgreement",
putService(new ProviderServiceA(this, "KeyAgreement",
"X25519", "sun.security.ec.XDHKeyAgreement.X25519",
new String[]{"1.3.101.110", "OID.1.3.101.110"}, ATTRS));
putService(new ProviderService(this, "KeyAgreement",
ATTRS));
putService(new ProviderServiceA(this, "KeyAgreement",
"X448", "sun.security.ec.XDHKeyAgreement.X448",
new String[]{"1.3.101.111", "OID.1.3.101.111"}, ATTRS));
ATTRS));
}
private void putEdDSAEntries() {
@ -385,30 +380,26 @@ public final class SunEC extends Provider {
/* EdDSA does not require native implementation */
putService(new ProviderService(this, "KeyFactory",
"EdDSA", "sun.security.ec.ed.EdDSAKeyFactory", null, ATTRS));
putService(new ProviderService(this, "KeyFactory",
"Ed25519", "sun.security.ec.ed.EdDSAKeyFactory.Ed25519",
new String[]{"1.3.101.112", "OID.1.3.101.112"}, ATTRS));
putService(new ProviderService(this, "KeyFactory",
"Ed448", "sun.security.ec.ed.EdDSAKeyFactory.Ed448",
new String[]{"1.3.101.113", "OID.1.3.101.113"}, ATTRS));
putService(new ProviderServiceA(this, "KeyFactory",
"Ed25519", "sun.security.ec.ed.EdDSAKeyFactory.Ed25519", ATTRS));
putService(new ProviderServiceA(this, "KeyFactory",
"Ed448", "sun.security.ec.ed.EdDSAKeyFactory.Ed448", ATTRS));
putService(new ProviderService(this, "KeyPairGenerator",
"EdDSA", "sun.security.ec.ed.EdDSAKeyPairGenerator", null, ATTRS));
putService(new ProviderService(this, "KeyPairGenerator",
putService(new ProviderServiceA(this, "KeyPairGenerator",
"Ed25519", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed25519",
new String[]{"1.3.101.112", "OID.1.3.101.112"}, ATTRS));
putService(new ProviderService(this, "KeyPairGenerator",
ATTRS));
putService(new ProviderServiceA(this, "KeyPairGenerator",
"Ed448", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed448",
new String[]{"1.3.101.113", "OID.1.3.101.113"}, ATTRS));
ATTRS));
putService(new ProviderService(this, "Signature",
"EdDSA", "sun.security.ec.ed.EdDSASignature", null, ATTRS));
putService(new ProviderService(this, "Signature",
"Ed25519", "sun.security.ec.ed.EdDSASignature.Ed25519",
new String[]{"1.3.101.112", "OID.1.3.101.112"}, ATTRS));
putService(new ProviderService(this, "Signature",
"Ed448", "sun.security.ec.ed.EdDSASignature.Ed448",
new String[]{"1.3.101.113", "OID.1.3.101.113"}, ATTRS));
putService(new ProviderServiceA(this, "Signature",
"Ed25519", "sun.security.ec.ed.EdDSASignature.Ed25519", ATTRS));
putService(new ProviderServiceA(this, "Signature",
"Ed448", "sun.security.ec.ed.EdDSASignature.Ed448", ATTRS));
}
}

2
src/jdk.crypto.ec/share/classes/sun/security/ec/XECParameters.java

@ -144,7 +144,7 @@ public class XECParameters {
Map<ObjectIdentifier, XECParameters> byOid,
Map<String, XECParameters> byName) throws IOException {
ObjectIdentifier oid = new ObjectIdentifier(objectId);
ObjectIdentifier oid = ObjectIdentifier.of(objectId);
XECParameters params =
new XECParameters(bits, p, a24, basePoint, logCofactor, oid, name);
namedParams.put(name.toLowerCase(), oid, bits, params);

64
src/jdk.crypto.ec/share/classes/sun/security/ec/ed/EdDSAParameters.java

@ -27,6 +27,7 @@ package sun.security.ec.ed;
import sun.security.ec.ParametersMap;
import sun.security.provider.SHAKE256;
import sun.security.util.ObjectIdentifier;
import sun.security.util.KnownOIDs;
import sun.security.util.math.*;
import sun.security.util.math.intpoly.*;
import sun.security.x509.AlgorithmId;
@ -250,58 +251,47 @@ public class EdDSAParameters {
static {
// set up Ed25519
try {
IntegerFieldModuloP ed25519Field = new IntegerPolynomial25519();
IntegerFieldModuloP ed25519OrderField = new Curve25519OrderField();
BigInteger biD = new BigInteger("3709570593466943934313808350875" +
IntegerFieldModuloP ed25519Field = new IntegerPolynomial25519();
IntegerFieldModuloP ed25519OrderField = new Curve25519OrderField();
BigInteger biD = new BigInteger("3709570593466943934313808350875" +
"4565189542113879843219016388785533085940283555");
ImmutableIntegerModuloP d = ed25519Field.getElement(biD);
BigInteger baseX = new BigInteger("15112221349535400772501151409" +
ImmutableIntegerModuloP d = ed25519Field.getElement(biD);
BigInteger baseX = new BigInteger("15112221349535400772501151409" +
"588531511454012693041857206046113283949847762202");
BigInteger baseY = new BigInteger("46316835694926478169428394003" +
BigInteger baseY = new BigInteger("46316835694926478169428394003" +
"475163141307993866256225615783033603165251855960");
EdECOperations edOps = new Ed25519Operations(d, baseX, baseY);
String name = NamedParameterSpec.ED25519.getName();
ObjectIdentifier oid = new ObjectIdentifier("1.3.101.112");
int bits = 255;
DigesterFactory digester = new SHA512DigesterFactory();
EdDSAParameters params = new EdDSAParameters(name, oid,
EdECOperations edOps = new Ed25519Operations(d, baseX, baseY);
String name = NamedParameterSpec.ED25519.getName();
ObjectIdentifier oid = ObjectIdentifier.of(KnownOIDs.Ed25519);
int bits = 255;
DigesterFactory digester = new SHA512DigesterFactory();
EdDSAParameters params = new EdDSAParameters(name, oid,
ed25519Field, ed25519OrderField, d, edOps,
digester, EdDSAParameters::dom2, 32, bits, 3);
namedParams.put(name, oid, bits, params);
} catch (IOException ex) {
// Unable to set Ed25519 parameters---it will be disabled
}
namedParams.put(name, oid, bits, params);
// set up Ed448
try {
IntegerFieldModuloP ed448Field = new IntegerPolynomial448();
IntegerFieldModuloP ed448OrderField = new Curve448OrderField();
BigInteger biD = ed448Field.getSize().subtract(
new BigInteger("39081"));
ImmutableIntegerModuloP d = ed448Field.getElement(biD);
BigInteger baseX = new BigInteger("224580040295924300187604334" +
IntegerFieldModuloP ed448Field = new IntegerPolynomial448();
IntegerFieldModuloP ed448OrderField = new Curve448OrderField();
biD = ed448Field.getSize().subtract(new BigInteger("39081"));
d = ed448Field.getElement(biD);
baseX = new BigInteger("224580040295924300187604334" +
"099896036246789641632564134246125461686950415467406032909" +
"029192869357953282578032075146446173674602635247710");
BigInteger baseY = new BigInteger("298819210078481492676017930" +
baseY = new BigInteger("298819210078481492676017930" +
"443930673437544040154080242095928241372331506189835876003" +
"536878655418784733982303233503462500531545062832660");
EdECOperations edOps = new Ed448Operations(d, baseX, baseY);
String name = NamedParameterSpec.ED448.getName();
ObjectIdentifier oid = new ObjectIdentifier("1.3.101.113");
int bits = 448;
DigesterFactory digester = new SHAKE256DigesterFactory();
EdDSAParameters params = new EdDSAParameters(name, oid,
edOps = new Ed448Operations(d, baseX, baseY);
name = NamedParameterSpec.ED448.getName();
oid = ObjectIdentifier.of(KnownOIDs.Ed448);
bits = 448;
digester = new SHAKE256DigesterFactory();
params = new EdDSAParameters(name, oid,
ed448Field, ed448OrderField, d, edOps,
digester, EdDSAParameters::dom4, 57, bits, 2);
namedParams.put(name, oid, bits, params);
} catch (IOException ex) {
// Unable to set Ed448 parameters---it will be disabled
}
namedParams.put(name, oid, bits, params);
namedParams.fix();
}

83
src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/SunMSCAPI.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,9 +32,10 @@ import java.security.NoSuchAlgorithmException;
import java.security.InvalidParameterException;
import java.security.ProviderException;
import java.util.HashMap;
import java.util.Arrays;
import java.util.List;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.util.SecurityProviderConstants.getAliases;
/**
* A Cryptographic Service Provider for the Microsoft Crypto API.
@ -56,16 +57,21 @@ public final class SunMSCAPI extends Provider {
}
});
}
private static class ProviderServiceA extends ProviderService {
ProviderServiceA(Provider p, String type, String algo, String cn,
HashMap<String, String> attrs) {
super(p, type, algo, cn, getAliases(algo), attrs);
}
}
private static final class ProviderService extends Provider.Service {
private static class ProviderService extends Provider.Service {
ProviderService(Provider p, String type, String algo, String cn) {
super(p, type, algo, cn, null, null);
}
ProviderService(Provider p, String type, String algo, String cn,
String[] aliases, HashMap<String, String> attrs) {
super(p, type, algo, cn,
(aliases == null? null : Arrays.asList(aliases)), attrs);
List<String> aliases, HashMap<String, String> attrs) {
super(p, type, algo, cn, aliases, attrs);
}
@Override
@ -176,48 +182,47 @@ public final class SunMSCAPI extends Provider {
putService(new ProviderService(p, "Signature",
"SHA1withRSA", "sun.security.mscapi.CSignature$SHA1withRSA",
null, attrs));
putService(new ProviderService(p, "Signature",
"SHA256withRSA", "sun.security.mscapi.CSignature$SHA256withRSA",
new String[] { "1.2.840.113549.1.1.11", "OID.1.2.840.113549.1.1.11" },
putService(new ProviderServiceA(p, "Signature",
"SHA256withRSA",
"sun.security.mscapi.CSignature$SHA256withRSA",
attrs));
putService(new ProviderService(p, "Signature",
"SHA384withRSA", "sun.security.mscapi.CSignature$SHA384withRSA",
new String[] { "1.2.840.113549.1.1.12", "OID.1.2.840.113549.1.1.12" },
putService(new ProviderServiceA(p, "Signature",
"SHA384withRSA",
"sun.security.mscapi.CSignature$SHA384withRSA",
attrs));
putService(new ProviderService(p, "Signature",
"SHA512withRSA", "sun.security.mscapi.CSignature$SHA512withRSA",
new String[] { "1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13" },
putService(new ProviderServiceA(p, "Signature",
"SHA512withRSA",
"sun.security.mscapi.CSignature$SHA512withRSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"RSASSA-PSS", "sun.security.mscapi.CSignature$PSS",
attrs));
putService(new ProviderService(p, "Signature",
"RSASSA-PSS", "sun.security.mscapi.CSignature$PSS",
new String[] { "1.2.840.113549.1.1.10", "OID.1.2.840.113549.1.1.10" },
attrs));
putService(new ProviderService(p, "Signature",
"MD5withRSA", "sun.security.mscapi.CSignature$MD5withRSA",
null, attrs));
putService(new ProviderService(p, "Signature",
"MD2withRSA", "sun.security.mscapi.CSignature$MD2withRSA",
null, attrs));
putService(new ProviderService(p, "Signature",
"SHA1withECDSA", "sun.security.mscapi.CSignature$SHA1withECDSA",
new String[] { "1.2.840.10045.4.1", "OID.1.2.840.10045.4.1" },
attrs));
putService(new ProviderService(p, "Signature",
"SHA224withECDSA", "sun.security.mscapi.CSignature$SHA224withECDSA",
new String[] { "1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"},
attrs));
putService(new ProviderService(p, "Signature",
"SHA256withECDSA", "sun.security.mscapi.CSignature$SHA256withECDSA",
new String[] { "1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"},
attrs));
putService(new ProviderService(p, "Signature",
"SHA384withECDSA", "sun.security.mscapi.CSignature$SHA384withECDSA",
new String[] { "1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3"},
attrs));
putService(new ProviderService(p, "Signature",
"SHA512withECDSA", "sun.security.mscapi.CSignature$SHA512withECDSA",
new String[] { "1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4"},
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA1withECDSA",
"sun.security.mscapi.CSignature$SHA1withECDSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA224withECDSA",
"sun.security.mscapi.CSignature$SHA224withECDSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA256withECDSA",
"sun.security.mscapi.CSignature$SHA256withECDSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA384withECDSA",
"sun.security.mscapi.CSignature$SHA384withECDSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA512withECDSA",
"sun.security.mscapi.CSignature$SHA512withECDSA",
attrs));
/*
* Key Pair Generator engines
*/

22
src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/LibMDMech.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package com.oracle.security.ucrypto;
import java.util.List;
import static sun.security.util.SecurityProviderConstants.getAliases;
/**
* Enum for representing the ucrypto mechanisms.
*
@ -36,25 +39,30 @@ public enum LibMDMech {
{ sd("MessageDigest", "MD5", "com.oracle.security.ucrypto.NativeDigestMD$MD5")
}),
SHA_1(new ServiceDesc[]
{ sd("MessageDigest", "SHA", "com.oracle.security.ucrypto.NativeDigestMD$SHA1",
"SHA-1", "SHA1")
{ sd("MessageDigest", "SHA-1", "com.oracle.security.ucrypto.NativeDigestMD$SHA1",
getAliases("SHA-1"))
}),
SHA_256(new ServiceDesc[]
{ sd("MessageDigest", "SHA-256", "com.oracle.security.ucrypto.NativeDigestMD$SHA256",
"2.16.840.1.101.3.4.2.1", "OID.2.16.840.1.101.3.4.2.1")
getAliases("SHA-256"))
}),
SHA_384(new ServiceDesc[]
{ sd("MessageDigest", "SHA-384", "com.oracle.security.ucrypto.NativeDigestMD$SHA384",
"2.16.840.1.101.3.4.2.2", "OID.2.16.840.1.101.3.4.2.2")
getAliases("SHA-384"))
}),
SHA_512(new ServiceDesc[]
{ sd("MessageDigest", "SHA-512", "com.oracle.security.ucrypto.NativeDigestMD$SHA512",
"2.16.840.1.101.3.4.2.3", "OID.2.16.840.1.101.3.4.2.3")
getAliases("SHA-512"))
});
ServiceDesc[] serviceDescs;
private static ServiceDesc sd(String type, String algo, String cn, String... aliases) {
private static ServiceDesc sd(String type, String algo, String cn) {
return new ServiceDesc(type, algo, cn, null);
}
private static ServiceDesc sd(String type, String algo, String cn,
List<String> aliases) {
return new ServiceDesc(type, algo, cn, aliases);
}

10
src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/ServiceDesc.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,15 +42,11 @@ final class ServiceDesc {
this(type, algo, cn, null);
}
ServiceDesc(String type, String algo, String cn, String[] aliases) {
ServiceDesc(String type, String algo, String cn, List<String> aliases) {
this.type = type;
this.algo = algo;
this.cn = cn;
if (aliases != null) {
this.aliases = Arrays.asList(aliases);
} else {
this.aliases = null;
}
this.aliases = aliases;
}
String getType() {
return type;

132
src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoMech.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package com.oracle.security.ucrypto;
import java.util.List;
import static sun.security.util.SecurityProviderConstants.getAliases;
/**
* Enum for representing the ucrypto mechanisms.
*
@ -36,23 +39,23 @@ public enum UcryptoMech {
CRYPTO_AES_ECB(new ServiceDesc[]
{ sd("Cipher", "AES/ECB/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding"),
sd("Cipher", "AES/ECB/PKCS5Padding", "com.oracle.security.ucrypto.NativeCipherWithJavaPadding$AesEcbPKCS5",
"AES"),
sd("Cipher", "AES_128/ECB/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding",
"2.16.840.1.101.3.4.1.1", "OID.2.16.840.1.101.3.4.1.1"),
sd("Cipher", "AES_192/ECB/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding",
"2.16.840.1.101.3.4.1.21", "OID.2.16.840.1.101.3.4.1.21"),
sd("Cipher", "AES_256/ECB/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding",
"2.16.840.1.101.3.4.1.41", "OID.2.16.840.1.101.3.4.1.41")
List.of("AES")),
sdA("Cipher", "AES_128/ECB/NoPadding",
"com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding"),
sdA("Cipher", "AES_192/ECB/NoPadding",
"com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding"),
sdA("Cipher", "AES_256/ECB/NoPadding",
"com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding")
}),
CRYPTO_AES_CBC(new ServiceDesc[]
{ sd("Cipher", "AES/CBC/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding"),
sd("Cipher", "AES/CBC/PKCS5Padding", "com.oracle.security.ucrypto.NativeCipherWithJavaPadding$AesCbcPKCS5"),
sd("Cipher", "AES_128/CBC/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding",
"2.16.840.1.101.3.4.1.2", "OID.2.16.840.1.101.3.4.1.2"),
sd("Cipher", "AES_192/CBC/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding",
"2.16.840.1.101.3.4.1.22", "OID.2.16.840.1.101.3.4.1.22"),
sd("Cipher", "AES_256/CBC/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding",
"2.16.840.1.101.3.4.1.42", "OID.2.16.840.1.101.3.4.1.42")
sdA("Cipher", "AES_128/CBC/NoPadding",
"com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding"),
sdA("Cipher", "AES_192/CBC/NoPadding",
"com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding"),
sdA("Cipher", "AES_256/CBC/NoPadding",
"com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding")
}),
// CRYPTO_AES_CBC_PAD(null), // Support added since S11.1; however we still use CRYPTO_AES_CBC due to known bug
CRYPTO_AES_CTR(new ServiceDesc[]
@ -60,12 +63,12 @@ public enum UcryptoMech {
// CRYPTO_AES_CCM(null), // Need Java API for CK_AES_CCM_PARAMS
CRYPTO_AES_GCM(new ServiceDesc[]
{ sd("Cipher", "AES/GCM/NoPadding", "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding"),
sd("Cipher", "AES_128/GCM/NoPadding", "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding",
"2.16.840.1.101.3.4.1.6", "OID.2.16.840.1.101.3.4.1.6"),
sd("Cipher", "AES_192/GCM/NoPadding", "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding",
"2.16.840.1.101.3.4.1.26", "OID.2.16.840.1.101.3.4.1.26"),
sd("Cipher", "AES_256/GCM/NoPadding", "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding",
"2.16.840.1.101.3.4.1.46", "OID.2.16.840.1.101.3.4.1.46")
sdA("Cipher", "AES_128/GCM/NoPadding",
"com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding"),
sdA("Cipher", "AES_192/GCM/NoPadding",
"com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding"),
sdA("Cipher", "AES_256/GCM/NoPadding",
"com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding")
}),
// CRYPTO_AES_GMAC(null), // No support from Solaris
CRYPTO_AES_CFB128(new ServiceDesc[]
@ -75,76 +78,87 @@ public enum UcryptoMech {
CRYPTO_RSA_PKCS(new ServiceDesc[]
{ sd("Cipher", "RSA/ECB/PKCS1Padding", "com.oracle.security.ucrypto.NativeRSACipher$PKCS1Padding",
"RSA")
List.of("RSA"))
}),
CRYPTO_RSA_X_509(new ServiceDesc[]
{ sd("Cipher", "RSA/ECB/NoPadding", "com.oracle.security.ucrypto.NativeRSACipher$NoPadding") }),
CRYPTO_MD5_RSA_PKCS(new ServiceDesc[]
{ sd("Signature", "MD5withRSA", "com.oracle.security.ucrypto.NativeRSASignature$MD5",
"1.2.840.113549.1.1.4", "OID.1.2.840.113549.1.1.4")
{ sdA("Signature", "MD5withRSA",
"com.oracle.security.ucrypto.NativeRSASignature$MD5")
}),
CRYPTO_SHA1_RSA_PKCS(new ServiceDesc[]
{ sd("Signature", "SHA1withRSA", "com.oracle.security.ucrypto.NativeRSASignature$SHA1",
"1.2.840.113549.1.1.5", "OID.1.2.840.113549.1.1.5",
"1.3.14.3.2.29")
{ sdA("Signature", "SHA1withRSA",
"com.oracle.security.ucrypto.NativeRSASignature$SHA1")
}),
CRYPTO_SHA256_RSA_PKCS(new ServiceDesc[]
{ sd("Signature", "SHA256withRSA", "com.oracle.security.ucrypto.NativeRSASignature$SHA256",
"1.2.840.113549.1.1.11", "OID.1.2.840.113549.1.1.11")
{ sdA("Signature", "SHA256withRSA",
"com.oracle.security.ucrypto.NativeRSASignature$SHA256")
}),
CRYPTO_SHA384_RSA_PKCS(new ServiceDesc[]
{ sd("Signature", "SHA384withRSA", "com.oracle.security.ucrypto.NativeRSASignature$SHA384",
"1.2.840.113549.1.1.12", "OID.1.2.840.113549.1.1.12")
{ sdA("Signature", "SHA384withRSA",
"com.oracle.security.ucrypto.NativeRSASignature$SHA384")
}),
CRYPTO_SHA512_RSA_PKCS(new ServiceDesc[]
{ sd("Signature", "SHA512withRSA", "com.oracle.security.ucrypto.NativeRSASignature$SHA512",
"1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13")
{ sdA("Signature", "SHA512withRSA",
"com.oracle.security.ucrypto.NativeRSASignature$SHA512")
}),
CRYPTO_MD5(new ServiceDesc[]
{ sd("MessageDigest", "MD5", "com.oracle.security.ucrypto.NativeDigest$MD5") }),
{ sd("MessageDigest", "MD5", "com.oracle.security.ucrypto.NativeDigest$MD5")
}),
CRYPTO_SHA1(new ServiceDesc[]
{ sd("MessageDigest", "SHA", "com.oracle.security.ucrypto.NativeDigest$SHA1", "SHA-1", "SHA1") }),
{ sdA("MessageDigest", "SHA-1",
"com.oracle.security.ucrypto.NativeDigest$SHA1")
}),
CRYPTO_SHA224(new ServiceDesc[]
{ sd("MessageDigest", "SHA-224", "com.oracle.security.ucrypto.NativeDigest$SHA224",
"2.16.840.1.101.3.4.2.4", "OID.2.16.840.1.101.3.4.2.4")
}),
{ sdA("MessageDigest", "SHA-224",
"com.oracle.security.ucrypto.NativeDigest$SHA224")
}),
CRYPTO_SHA256(new ServiceDesc[]
{ sd("MessageDigest", "SHA-256", "com.oracle.security.ucrypto.NativeDigest$SHA256",
"2.16.840.1.101.3.4.2.1", "OID.2.16.840.1.101.3.4.2.1")
}),
{ sdA("MessageDigest", "SHA-256",
"com.oracle.security.ucrypto.NativeDigest$SHA256")
}),
CRYPTO_SHA384(new ServiceDesc[]
{ sd("MessageDigest", "SHA-384", "com.oracle.security.ucrypto.NativeDigest$SHA384",
"2.16.840.1.101.3.4.2.2", "OID.2.16.840.1.101.3.4.2.2")
}),
{ sdA("MessageDigest", "SHA-384",
"com.oracle.security.ucrypto.NativeDigest$SHA384")
}),
CRYPTO_SHA512(new ServiceDesc[]
{ sd("MessageDigest", "SHA-512", "com.oracle.security.ucrypto.NativeDigest$SHA512",
"2.16.840.1.101.3.4.2.3", "OID.2.16.840.1.101.3.4.2.3")
}),
{ sdA("MessageDigest", "SHA-512",
"com.oracle.security.ucrypto.NativeDigest$SHA512")
}),
CRYPTO_SHA3_224(new ServiceDesc[]
{ sd("MessageDigest", "SHA3-224", "com.oracle.security.ucrypto.NativeDigest$SHA3_224",
"2.16.840.1.101.3.4.2.7", "OID.2.16.840.1.101.3.4.2.7")
}),
{ sdA("MessageDigest", "SHA3-224",
"com.oracle.security.ucrypto.NativeDigest$SHA3_224")
}),
CRYPTO_SHA3_256(new ServiceDesc[]
{ sd("MessageDigest", "SHA3-256", "com.oracle.security.ucrypto.NativeDigest$SHA3_256",
"2.16.840.1.101.3.4.2.8", "OID.2.16.840.1.101.3.4.2.8")
}),
{ sdA("MessageDigest", "SHA3-256",
"com.oracle.security.ucrypto.NativeDigest$SHA3_256")
}),
CRYPTO_SHA3_384(new ServiceDesc[]
{ sd("MessageDigest", "SHA3-384", "com.oracle.security.ucrypto.NativeDigest$SHA3_384",
"2.16.840.1.101.3.4.2.9", "OID.2.16.840.1.101.3.4.2.9")
}),
{ sdA("MessageDigest", "SHA3-384",
"com.oracle.security.ucrypto.NativeDigest$SHA3_384")
}),
CRYPTO_SHA3_512(new ServiceDesc[]
{ sd("MessageDigest", "SHA3-512", "com.oracle.security.ucrypto.NativeDigest$SHA3_512",
"2.16.840.1.101.3.4.2.10", "OID.2.16.840.1.101.3.4.2.10")
});
{ sdA("MessageDigest", "SHA3-512",
"com.oracle.security.ucrypto.NativeDigest$SHA3_512")
});
private int mech = 0;
private final ServiceDesc[] serviceDescs;
private static ServiceDesc sd(String type, String algo, String cn, String... aliases) {
private static ServiceDesc sd(String type, String algo, String cn) {
return new ServiceDesc(type, algo, cn, null);
}
private static ServiceDesc sd(String type, String algo, String cn,
List<String> aliases) {
return new ServiceDesc(type, algo, cn, aliases);
}
private static ServiceDesc sdA(String type, String algo, String cn) {
return new ServiceDesc(type, algo, cn, getAliases(algo));
}
UcryptoMech(ServiceDesc[] serviceDescs) {
this.serviceDescs = serviceDescs;
}

8
src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoProvider.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,7 +32,6 @@ import java.util.*;
import java.security.*;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
/**
* OracleUcrypto provider main class.
*
@ -134,9 +133,8 @@ public final class UcryptoProvider extends Provider {
}
}
private static ServiceDesc sd(String type, String algo, String cn,
String... aliases) {
return new ServiceDesc(type, algo, cn, aliases);
private static ServiceDesc sd(String type, String algo, String cn) {
return new ServiceDesc(type, algo, cn, null);
}
private static final class ProviderService extends Provider.Service {

22
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java

@ -48,25 +48,11 @@ import sun.security.x509.*;
@SuppressWarnings("removal")
public final class TimestampedSigner extends ContentSigner {
/*
* Object identifier for the subject information access X.509 certificate
* extension.
*/
private static final String SUBJECT_INFO_ACCESS_OID = "1.3.6.1.5.5.7.1.11";
/*
* Object identifier for the timestamping access descriptors.
*/
private static final ObjectIdentifier AD_TIMESTAMPING_Id;
static {
ObjectIdentifier tmp = null;
try {
tmp = new ObjectIdentifier("1.3.6.1.5.5.7.48.3");
} catch (IOException e) {
// ignore
}
AD_TIMESTAMPING_Id = tmp;
}
private static final ObjectIdentifier AD_TIMESTAMPING_Id =
ObjectIdentifier.of(KnownOIDs.AD_TimeStamping);
/**
* Instantiates a content signer that supports timestamped signatures.
@ -155,8 +141,8 @@ public final class TimestampedSigner extends ContentSigner {
}
// Parse the extensions
try {
byte[] extensionValue =
tsaCertificate.getExtensionValue(SUBJECT_INFO_ACCESS_OID);
byte[] extensionValue = tsaCertificate.getExtensionValue
(KnownOIDs.SubjectInfoAccess.value());
if (extensionValue == null) {
return null;
}

4
test/jdk/java/security/testlibrary/CertificateBuilder.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -322,7 +322,7 @@ public class CertificateBuilder {
if (!ekuOids.isEmpty()) {
Vector<ObjectIdentifier> oidVector = new Vector<>();
for (String oid : ekuOids) {
oidVector.add(new ObjectIdentifier(oid));
oidVector.add(ObjectIdentifier.of(oid));
}
addExtension(new ExtendedKeyUsageExtension(oidVector));
}

9
test/jdk/java/security/testlibrary/SimpleOCSPServer.java

@ -45,11 +45,7 @@ import sun.security.provider.certpath.ResponderId;
import sun.security.provider.certpath.CertId;
import sun.security.provider.certpath.OCSPResponse;
import sun.security.provider.certpath.OCSPResponse.ResponseStatus;
import sun.security.util.Debug;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import sun.security.util.*;
/**
@ -59,7 +55,8 @@ import sun.security.util.ObjectIdentifier;
public class SimpleOCSPServer {
private final Debug debug = Debug.getInstance("oserv");
private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.1");
ObjectIdentifier.of(KnownOIDs.OCSPBasicResponse);
private static final SimpleDateFormat utcDateFmt =
new SimpleDateFormat("MMM dd yyyy, HH:mm:ss z");

8
test/jdk/sun/security/jgss/spnego/NotPreferredMech.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/*
* @test
* @bug 8048194
* @bug 8048194 8242151
* @modules java.base/sun.security.util
* java.security.jgss/sun.security.jgss
* java.security.jgss/sun.security.jgss.spnego:+open
@ -57,7 +57,7 @@ public class NotPreferredMech {
mechTypeList.write(DerValue.tag_Sequence, mech);
// Generates a NegTokenInit mechToken field for 1.2.3.4 mech
GSSHeader h1 = new GSSHeader(new ObjectIdentifier("1.2.3.4"), 1);
GSSHeader h1 = new GSSHeader(ObjectIdentifier.of("1.2.3.4"), 1);
ByteArrayOutputStream bout = new ByteArrayOutputStream();
h1.encode(bout);
bout.write(new byte[1]);
@ -78,7 +78,7 @@ public class NotPreferredMech {
// and wraps it into a GSSToken
GSSHeader h = new GSSHeader(
new ObjectIdentifier(GSSUtil.GSS_SPNEGO_MECH_OID.toString()),
ObjectIdentifier.of(GSSUtil.GSS_SPNEGO_MECH_OID.toString()),
spnegoToken.length);
bout = new ByteArrayOutputStream();
h.encode(bout);

6
test/jdk/sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/*
* @test
* @bug 8048357
* @bug 8048357 8242151
* @summary test DER encoding of PKCS10 attributes
* @modules java.base/sun.security.pkcs
* java.base/sun.security.pkcs10
@ -62,7 +62,7 @@ public class PKCS10AttrEncoding {
// initializations
int len = ids.length;
Object[] values = {
new ObjectIdentifier("1.2.3.4"),
ObjectIdentifier.of("1.2.3.4"),
new GregorianCalendar(1970, 1, 25, 8, 56, 7).getTime(),
"challenging"
};

6
test/jdk/sun/security/pkcs/pkcs10/PKCS10AttributeReader.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/*
* @test
* @bug 8048357
* @bug 8048357 8242151
* @summary Read in a file containing a DER encoded PKCS10 certificate request,
* flanked with "begin" and "end" lines.
* @modules java.base/sun.security.pkcs
@ -86,7 +86,7 @@ public class PKCS10AttributeReader {
put(PKCS9Attribute.CHALLENGE_PASSWORD_OID, "GuessWhoAmI");
put(PKCS9Attribute.SIGNING_TIME_OID, new Date(861720610000L));
put(PKCS9Attribute.CONTENT_TYPE_OID,
new ObjectIdentifier("1.9.50.51.52"));
ObjectIdentifier.of("1.9.50.51.52"));
}
};

8
test/jdk/sun/security/pkcs/pkcs9/UnknownAttribute.java

@ -23,7 +23,7 @@
/*
* @test
* @bug 8011867
* @bug 8011867 8242151
* @summary Accept unknown PKCS #9 attributes
* @library /test/lib
* @modules java.base/sun.security.pkcs
@ -43,7 +43,7 @@ public class UnknownAttribute {
public static void main(String[] args) throws Exception {
// Unknown attr
PKCS9Attribute p1 = new PKCS9Attribute(
PKCS9Attribute.CHALLENGE_PASSWORD_STR, "t0p5ecr3t");
PKCS9Attribute.CHALLENGE_PASSWORD_OID, "t0p5ecr3t");
if (!p1.isKnown()) {
throw new Exception();
}
@ -65,13 +65,13 @@ public class UnknownAttribute {
}
// Unknown attr from value
try {
new PKCS9Attribute(new ObjectIdentifier("1.2.3"), "hello");
new PKCS9Attribute(ObjectIdentifier.of("1.2.3"), "hello");
throw new Exception();
} catch (IllegalArgumentException iae) {
// Good. Unknown attr must have byte[] value type
}
PKCS9Attribute p3 = new PKCS9Attribute(
new ObjectIdentifier("1.2.3"), new byte[]{0x31,0x02,0x05,0x00});
ObjectIdentifier.of("1.2.3"), new byte[]{0x31,0x02,0x05,0x00});
if (p3.isKnown()) {
throw new Exception();
}

6
test/jdk/sun/security/pkcs12/PKCS12SameKeyId.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/*
* @test
* @bug 6958026
* @bug 6958026 8242151
* @summary Problem with PKCS12 keystore
* @modules java.base/sun.security.pkcs
* java.base/sun.security.tools.keytool
@ -75,7 +75,7 @@ public class PKCS12SameKeyId {
AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
AlgorithmId algid = new AlgorithmId(
new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);
ObjectIdentifier.of("1.2.840.113549.1.12.1.3"), algParams);
PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");

76
test/jdk/sun/security/pkcs12/ParamsPreferences.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,14 +32,14 @@ import java.util.List;
import static jdk.test.lib.security.DerUtils.*;
import static sun.security.pkcs.ContentInfo.DATA_OID;
import static sun.security.pkcs.ContentInfo.ENCRYPTED_DATA_OID;
import static sun.security.x509.AlgorithmId.*;
import sun.security.util.ObjectIdentifier;
import sun.security.util.KnownOIDs;
/*
* @test
* @bug 8076190
* @bug 8076190 8242151
* @library /test/lib
* @modules java.base/sun.security.pkcs
* java.base/sun.security.x509
* java.base/sun.security.util
* @summary Checks the preferences order of pkcs12 params
*/
@ -50,16 +50,16 @@ public class ParamsPreferences {
// with storepass
test(c++, "-", "-",
pbeWithSHA1AndRC2_40_oid, 50000,
pbeWithSHA1AndDESede_oid, 50000,
SHA_oid, 100000);
oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
oid(KnownOIDs.SHA_1), 100000);
// password-less with system property
test(c++, "keystore.pkcs12.certProtectionAlgorithm", "NONE",
"keystore.pkcs12.macAlgorithm", "NONE",
"-", "-",
null, 0,
pbeWithSHA1AndDESede_oid, 50000,
oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
null, 0);
// password-less with security property
@ -68,7 +68,7 @@ public class ParamsPreferences {
"keystore.pkcs12.macAlgorithm", "NONE",
"-",
null, 0,
pbeWithSHA1AndDESede_oid, 50000,
oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
null, 0);
// back to with storepass by overriding security property with system property
@ -78,9 +78,9 @@ public class ParamsPreferences {
"keystore.pkcs12.certProtectionAlgorithm", "NONE",
"keystore.pkcs12.macAlgorithm", "NONE",
"-",
pbeWithSHA1AndDESede_oid, 50000,
pbeWithSHA1AndDESede_oid, 50000,
SHA256_oid, 100000);
oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
oid(KnownOIDs.SHA_256), 100000);
// back to with storepass by using "" to force hardcoded default
test(c++, "keystore.pkcs12.certProtectionAlgorithm", "",
@ -91,9 +91,9 @@ public class ParamsPreferences {
"keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40",
"keystore.pkcs12.macAlgorithm", "NONE",
"-",
pbeWithSHA1AndRC2_40_oid, 50000,
pbeWithSHA1AndDESede_oid, 50000,
SHA_oid, 100000);
oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
oid(KnownOIDs.SHA_1), 100000);
// change everything with system property
test(c++, "keystore.pkcs12.certProtectionAlgorithm", "PBEWithSHA1AndDESede",
@ -103,9 +103,9 @@ public class ParamsPreferences {
"keystore.pkcs12.macAlgorithm", "HmacPBESHA256",
"keystore.pkcs12.macIterationCount", 2000,
"-", "-",
pbeWithSHA1AndDESede_oid, 3000,
pbeWithSHA1AndRC2_40_oid, 4000,
SHA256_oid, 2000);
oid(KnownOIDs.PBEWithSHA1AndDESede), 3000,
oid(KnownOIDs.PBEWithSHA1AndRC2_40), 4000,
oid(KnownOIDs.SHA_256), 2000);
// change everything with security property
test(c++, "-",
@ -116,9 +116,9 @@ public class ParamsPreferences {
"keystore.pkcs12.macAlgorithm", "HmacPBESHA256",
"keystore.pkcs12.macIterationCount", 2000,
"-",
pbeWithSHA1AndDESede_oid, 3000,
pbeWithSHA1AndRC2_40_oid, 4000,
SHA256_oid, 2000);
oid(KnownOIDs.PBEWithSHA1AndDESede), 3000,
oid(KnownOIDs.PBEWithSHA1AndRC2_40), 4000,
oid(KnownOIDs.SHA_256), 2000);
// override security property with system property
test(c++, "keystore.pkcs12.certProtectionAlgorithm", "PBEWithSHA1AndDESede",
@ -135,9 +135,9 @@ public class ParamsPreferences {
"keystore.pkcs12.macAlgorithm", "HmacPBESHA1",
"keystore.pkcs12.macIterationCount", 2000,
"-",
pbeWithSHA1AndDESede_oid, 13000,
pbeWithSHA1AndRC2_40_oid, 14000,
SHA256_oid, 12000);
oid(KnownOIDs.PBEWithSHA1AndDESede), 13000,
oid(KnownOIDs.PBEWithSHA1AndRC2_40), 14000,
oid(KnownOIDs.SHA_256), 12000);
// check keyProtectionAlgorithm old behavior. Preferences of
// 4 different settings.
@ -145,25 +145,25 @@ public class ParamsPreferences {
test(c++, "-",
"keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128",
"-",
pbeWithSHA1AndRC2_40_oid, 50000,
pbeWithSHA1AndRC2_128_oid, 50000,
SHA_oid, 100000);
oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
oid(KnownOIDs.PBEWithSHA1AndRC2_128), 50000,
oid(KnownOIDs.SHA_1), 100000);
test(c++, "-",
"keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128",
"keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40",
"-",
pbeWithSHA1AndRC2_40_oid, 50000,
pbeWithSHA1AndRC2_40_oid, 50000,
SHA_oid, 100000);
oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
oid(KnownOIDs.SHA_1), 100000);
test(c++,
"keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC4_128",
"-",
"keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128",
"keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40",
"-",
pbeWithSHA1AndRC2_40_oid, 50000,
pbeWithSHA1AndRC4_128_oid, 50000,
SHA_oid, 100000);
oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
oid(KnownOIDs.PBEWithSHA1AndRC4_128), 50000,
oid(KnownOIDs.SHA_1), 100000);
test(c++,
"keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC4_128",
"keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC4_40",
@ -171,9 +171,13 @@ public class ParamsPreferences {
"keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128",
"keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40",
"-",
pbeWithSHA1AndRC2_40_oid, 50000,
pbeWithSHA1AndRC4_40_oid, 50000,
SHA_oid, 100000);
oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
oid(KnownOIDs.PBEWithSHA1AndRC4_40), 50000,
oid(KnownOIDs.SHA_1), 100000);
}
private static ObjectIdentifier oid(KnownOIDs o) {
return ObjectIdentifier.of(o);
}
/**

66
test/jdk/sun/security/pkcs12/ParamsTest.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,10 +23,9 @@
/*
* @test
* @bug 8076190
* @bug 8076190 8242151
* @library /test/lib
* @modules java.base/sun.security.pkcs
* java.base/sun.security.x509
* java.base/sun.security.util
* @summary Customizing the generation of a PKCS12 keystore
*/
@ -49,7 +48,8 @@ import java.util.Base64;
import java.util.Objects;
import static jdk.test.lib.security.DerUtils.*;
import static sun.security.x509.AlgorithmId.*;
import sun.security.util.ObjectIdentifier;
import sun.security.util.KnownOIDs;
import static sun.security.pkcs.ContentInfo.*;
public class ParamsTest {
@ -102,11 +102,11 @@ public class ParamsTest {
+ "-destkeystore ksnormal -deststorepass changeit");
data = Files.readAllBytes(Path.of("ksnormal"));
checkInt(data, "22", 100000); // Mac ic
checkAlg(data, "2000", SHA_oid); // Mac alg
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg
checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
checkInt(data, "110c010c010011", 50000); // key ic
checkAlg(data, "110c10", ENCRYPTED_DATA_OID);
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg
checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
checkInt(data, "110c1101111", 50000); // cert ic
check("ksnormal", "a", "changeit", "changeit", true, true, true);
@ -120,13 +120,13 @@ public class ParamsTest {
+ "-J-Dkeystore.pkcs12.macAlgorithm=NONE");
data = Files.readAllBytes(Path.of("ksnormal"));
checkInt(data, "22", 100000); // Mac ic
checkAlg(data, "2000", SHA_oid); // Mac alg
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg
checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
checkInt(data, "110c010c010011", 50000); // key ic
checkAlg(data, "110c010c11000", pbeWithSHA1AndDESede_oid); // new key alg
checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // new key alg
checkInt(data, "110c010c110011", 50000); // new key ic
checkAlg(data, "110c10", ENCRYPTED_DATA_OID);
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg
checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
checkInt(data, "110c1101111", 50000); // cert ic
check("ksnormal", "b", null, "changeit", true, false, true);
check("ksnormal", "b", "changeit", "changeit", true, true, true);
@ -139,7 +139,7 @@ public class ParamsTest {
+ "-J-Dkeystore.pkcs12.macAlgorithm=NONE");
data = Files.readAllBytes(Path.of("ksnopass"));
shouldNotExist(data, "2"); // no Mac
checkAlg(data, "110c010c01000", pbeWithSHA1AndRC4_128_oid);
checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndRC4_128));
checkInt(data, "110c010c010011", 50000);
checkAlg(data, "110c10", DATA_OID);
check("ksnopass", "a", null, "changeit", true, true, true);
@ -151,9 +151,9 @@ public class ParamsTest {
+ "-storepass changeit -alias b -dname CN=B");
data = Files.readAllBytes(Path.of("ksnopass"));
shouldNotExist(data, "2"); // no Mac
checkAlg(data, "110c010c01000", pbeWithSHA1AndRC4_128_oid);
checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndRC4_128));
checkInt(data, "110c010c010011", 50000);
checkAlg(data, "110c010c11000", pbeWithSHA1AndDESede_oid);
checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndDESede));
checkInt(data, "110c010c110011", 50000);
checkAlg(data, "110c10", DATA_OID);
check("ksnopass", "a", null, "changeit", true, true, true);
@ -166,10 +166,10 @@ public class ParamsTest {
+ "-J-Dkeystore.pkcs12.keyPbeIterationCount=7777");
data = Files.readAllBytes(Path.of("ksnewic"));
checkInt(data, "22", 5555); // Mac ic
checkAlg(data, "2000", SHA_oid); // Mac alg
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg
checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
checkInt(data, "110c010c010011", 7777); // key ic
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg
checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
checkInt(data, "110c1101111", 6666); // cert ic
// keypbe alg cannot be NONE
@ -185,12 +185,12 @@ public class ParamsTest {
+ "-J-Dkeystore.pkcs12.keyProtectionAlgorithm=PBEWithSHA1AndRC4_128");
data = Files.readAllBytes(Path.of("ksnewic"));
checkInt(data, "22", 5555); // Mac ic
checkAlg(data, "2000", SHA_oid); // Mac alg
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg
checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
checkInt(data, "110c010c010011", 7777); // key ic
checkAlg(data, "110c010c11000", pbeWithSHA1AndRC4_128_oid); // new key alg
checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndRC4_128)); // new key alg
checkInt(data, "110c010c110011", 50000); // new key ic
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg
checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
checkInt(data, "110c1101111", 6666); // cert ic
// Check KeyStore loading multiple keystores
@ -202,13 +202,13 @@ public class ParamsTest {
}
data = Files.readAllBytes(Path.of("ksnormaldup"));
checkInt(data, "22", 100000); // Mac ic
checkAlg(data, "2000", SHA_oid); // Mac alg
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg
checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
checkInt(data, "110c010c010011", 50000); // key ic
checkAlg(data, "110c010c11000", pbeWithSHA1AndDESede_oid); // new key alg
checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // new key alg
checkInt(data, "110c010c110011", 50000); // new key ic
checkAlg(data, "110c10", ENCRYPTED_DATA_OID);
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg
checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
checkInt(data, "110c1101111", 50000); // cert ic
try (FileInputStream fis = new FileInputStream("ksnopass");
@ -218,9 +218,9 @@ public class ParamsTest {
}
data = Files.readAllBytes(Path.of("ksnopassdup"));
shouldNotExist(data, "2"); // no Mac
checkAlg(data, "110c010c01000", pbeWithSHA1AndRC4_128_oid);
checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndRC4_128));
checkInt(data, "110c010c010011", 50000);
checkAlg(data, "110c010c11000", pbeWithSHA1AndDESede_oid);
checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndDESede));
checkInt(data, "110c010c110011", 50000);
checkAlg(data, "110c10", DATA_OID);
@ -231,12 +231,12 @@ public class ParamsTest {
}
data = Files.readAllBytes(Path.of("ksnewicdup"));
checkInt(data, "22", 5555); // Mac ic
checkAlg(data, "2000", SHA_oid); // Mac alg
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg
checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
checkInt(data, "110c010c010011", 7777); // key ic
checkAlg(data, "110c010c11000", pbeWithSHA1AndRC4_128_oid); // new key alg
checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndRC4_128)); // new key alg
checkInt(data, "110c010c110011", 50000); // new key ic
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg
checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
checkInt(data, "110c1101111", 6666); // cert ic
// Check keytool behavior
@ -434,6 +434,10 @@ public class ParamsTest {
Asserts.assertEQ(expectedKey, actualKey, label + "-key");
}
private static ObjectIdentifier oid(KnownOIDs o) {
return ObjectIdentifier.of(o);
}
static OutputAnalyzer keytool(String s) throws Throwable {
return SecurityTools.keytool(s);
}

7
test/jdk/sun/security/tools/jarsigner/TimestampCheck.java

@ -63,6 +63,7 @@ import sun.security.x509.X500Name;
/*
* @test
* @bug 6543842 6543440 6939248 8009636 8024302 8163304 8169911 8180289 8172404
* 8242151
* @summary checking response of timestamp
* @modules java.base/sun.security.pkcs
* java.base/sun.security.timestamp
@ -134,7 +135,7 @@ public class TimestampCheck {
messageImprint.data.getDerValue());
System.out.println("# AlgorithmId: " + aid);
ObjectIdentifier policyId = new ObjectIdentifier(defaultPolicyId);
ObjectIdentifier policyId = ObjectIdentifier.of(defaultPolicyId);
BigInteger nonce = null;
while (value.data.available() > 0) {
DerValue v = value.data.getDerValue();
@ -158,7 +159,7 @@ public class TimestampCheck {
String alias = path.startsWith("ts") ? path : "ts";
if (path.equals("diffpolicy")) {
policyId = new ObjectIdentifier(defaultPolicyId);
policyId = ObjectIdentifier.of(defaultPolicyId);
}
DerOutputStream statusInfo = new DerOutputStream();
@ -230,7 +231,7 @@ public class TimestampCheck {
alias, "changeit".toCharArray())));
sig.update(tstInfo.toByteArray());
ContentInfo contentInfo = new ContentInfo(new ObjectIdentifier(
ContentInfo contentInfo = new ContentInfo(ObjectIdentifier.of(
"1.2.840.113549.1.9.16.1.4"),
new DerValue(tstInfo2.toByteArray()));

22
test/jdk/sun/security/tools/keytool/KeyToolTest.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/*
* @test
* @bug 6251120 8231950
* @bug 6251120 8231950 8242151
* @summary Testing keytool
*
* Run through autotest.sh and manualtest.sh
@ -1602,7 +1602,7 @@ public class KeyToolTest {
int pos = 0;
System.err.print("x");
Extension ex = ((X509CertImpl)ks.getCertificate(alias))
.getExtension(new ObjectIdentifier(oid));
.getExtension(ObjectIdentifier.of(oid));
if (!Arrays.equals(value, ex.getValue())) {
throw new RuntimeException("Not same content in " +
alias + " for " + oid);
@ -1611,9 +1611,9 @@ public class KeyToolTest {
}
CheckOid coid = new CheckOid();
assertTrue(((X509CertImpl)ks.getCertificate("oid1"))
.getExtension(new ObjectIdentifier("1.2.3")).isCritical());
.getExtension(ObjectIdentifier.of("1.2.3")).isCritical());
assertTrue(!((X509CertImpl)ks.getCertificate("oid2"))
.getExtension(new ObjectIdentifier("1.2.3")).isCritical());
.getExtension(ObjectIdentifier.of("1.2.3")).isCritical());
coid.check(ks, "oid1", "1.2.3", new byte[]{1,2});
coid.check(ks, "oid2", "1.2.3", new byte[]{});
coid.check(ks, "oid12", "1.2.3", new byte[]{});
@ -1643,14 +1643,14 @@ public class KeyToolTest {
assertTrue(a.getAuthorityKeyIdentifierExtension() != null);
assertTrue(a.getSubjectKeyIdentifierExtension() != null);
assertTrue(a.getKeyUsage() == null);
assertTrue(a.getExtension(new ObjectIdentifier("1.2.3")).isCritical());
assertTrue(!a.getExtension(new ObjectIdentifier("1.2.4")).isCritical());
assertTrue(!a.getExtension(new ObjectIdentifier("1.2.5")).isCritical());
assertTrue(a.getExtension(ObjectIdentifier.of("1.2.3")).isCritical());
assertTrue(!a.getExtension(ObjectIdentifier.of("1.2.4")).isCritical());
assertTrue(!a.getExtension(ObjectIdentifier.of("1.2.5")).isCritical());
assertTrue(a.getExtensionValue("1.2.3").length == 3);
assertTrue(a.getExtensionValue("1.2.4").length == 4);
assertTrue(a.getExtensionValue("1.2.5").length == 5);
assertTrue(a.getBasicConstraints() == 2);
assertTrue(!a.getExtension(new ObjectIdentifier("2.3.4")).isCritical());
assertTrue(!a.getExtension(ObjectIdentifier.of("2.3.4")).isCritical());
assertTrue(a.getExtensionValue("2.3.4").length == 6);
// 8073181: keytool -ext honored not working correctly
@ -1660,8 +1660,8 @@ public class KeyToolTest {
testOK("", simple+"-importcert -file test2.cert -alias b");
ks = loadStore("x.jks", "changeit", "JKS");
X509CertImpl b = (X509CertImpl)ks.getCertificate("b");
assertTrue(!b.getExtension(new ObjectIdentifier("1.2.3")).isCritical());
assertTrue(b.getExtension(new ObjectIdentifier("1.2.4")).isCritical());
assertTrue(!b.getExtension(ObjectIdentifier.of("1.2.3")).isCritical());
assertTrue(b.getExtension(ObjectIdentifier.of("1.2.4")).isCritical());
// 8073182: keytool may generate duplicate extensions
testOK("", pre+"dup -ext bc=2 -ext 2.5.29.19=30030101FF -ext bc=3");

6
test/jdk/sun/security/util/Oid/OidEquals.java

@ -23,7 +23,7 @@
/*
* @test
* @bug 8022444
* @bug 8022444 8242151
* @summary Test ObjectIdentifier.equals(Object obj)
* @modules java.base/sun.security.util
*/
@ -32,8 +32,8 @@ import sun.security.util.ObjectIdentifier;
public class OidEquals {
public static void main(String[] args) throws Exception {
ObjectIdentifier oid1 = new ObjectIdentifier("1.3.6.1.4.1.42.2.17");
ObjectIdentifier oid2 = new ObjectIdentifier("1.2.3.4");
ObjectIdentifier oid1 = ObjectIdentifier.of("1.3.6.1.4.1.42.2.17");
ObjectIdentifier oid2 = ObjectIdentifier.of("1.2.3.4");
assertEquals(oid1, oid1);
assertNotEquals(oid1, oid2);

8
test/jdk/sun/security/util/Oid/OidFormat.java

@ -24,9 +24,7 @@
/*
* @test
* @author Weijun Wang
* @bug 6418422
* @bug 6418425
* @bug 6418433
* @bug 6418422 6418425 6418433 8242151
* @summary ObjectIdentifier should reject 1.2.3.-4 and throw IOException on all format errors
* @modules java.base/sun.security.util
* java.security.jgss
@ -90,7 +88,7 @@ public class OidFormat {
static void testGood(String s) throws Exception {
System.err.println("Trying " + s);
ObjectIdentifier oid = new ObjectIdentifier(s);
ObjectIdentifier oid = ObjectIdentifier.of(s);
if (!oid.toString().equals(s)) {
throw new Exception("equal test fail");
}
@ -106,7 +104,7 @@ public class OidFormat {
static void testBad(String s) throws Exception {
System.err.println("Trying " + s);
try {
new ObjectIdentifier(s);
ObjectIdentifier.of(s);
throw new Exception("should be invalid ObjectIdentifier");
} catch (IOException ioe) {
System.err.println(ioe);

6
test/jdk/sun/security/util/Oid/S11N.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/*
* @test
* @bug 4811968 6908628 8006564 8130696
* @bug 4811968 6908628 8006564 8130696 8242151
* @modules java.base/sun.security.util
* @run main S11N check
* @summary Serialization compatibility with old versions (and fixes)
@ -118,7 +118,7 @@ public class S11N {
// Gets the serialized form for this java
private static byte[] out(String oid) throws Exception {
ByteArrayOutputStream bout = new ByteArrayOutputStream();
new ObjectOutputStream(bout).writeObject(new ObjectIdentifier(oid));
new ObjectOutputStream(bout).writeObject(ObjectIdentifier.of(oid));
return bout.toByteArray();
}

4
test/jdk/sun/security/x509/AVA/AVAEqualsHashCode.java

@ -24,7 +24,7 @@
/*
* @test
* @author Gary Ellison
* @bug 4170635
* @bug 4170635 8242151
* @summary Verify equals()/hashCode() contract honored
* @modules java.base/sun.security.util
* java.base/sun.security.x509
@ -44,7 +44,7 @@ public class AVAEqualsHashCode {
String name = "CN=eve s. dropper";
X500Name dn = new X500Name(name);
DerOutputStream deros = new DerOutputStream();
ObjectIdentifier oid = new ObjectIdentifier("1.2.840.113549.2.5");
ObjectIdentifier oid = ObjectIdentifier.of("1.2.840.113549.2.5");
dn.encode(deros);
byte[] ba = deros.toByteArray();

51
test/jdk/sun/security/x509/AlgorithmId/ExtensibleAlgorithmId.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,8 +23,9 @@
/*
* @test
* @bug 4162868 8130181
* @bug 4162868 8130181 8242151
* @modules java.base/sun.security.x509
* @modules java.base/sun.security.util
* @run main/othervm ExtensibleAlgorithmId
* @summary Algorithm Name-to-OID mapping needs to be made extensible.
*/
@ -39,31 +40,43 @@ public class ExtensibleAlgorithmId {
public static void main(String[] args) throws Exception {
TestProvider p = new TestProvider();
Security.addProvider(p);
AlgorithmId algid = AlgorithmId.getAlgorithmId("XYZ");
String alias = "Alg.Alias.Signature.OID." + algid.toString();
AlgorithmId algid = AlgorithmId.getAlgorithmId(TestProvider.ALG_NAME);
String oid = algid.getOID().toString();
if (!oid.equals(TestProvider.ALG_OID)) {
throw new Exception("Provider alias oid not used, found " + oid);
}
String name = algid.getName();
if (!name.equalsIgnoreCase(TestProvider.ALG_NAME)) {
throw new Exception("provider alias name not used, found " + name);
}
String alias = "Alg.Alias.Signature.OID." + oid;
String stdAlgName = p.getProperty(alias);
if (stdAlgName == null || !stdAlgName.equalsIgnoreCase("XYZ")) {
if (stdAlgName == null ||
!stdAlgName.equalsIgnoreCase(TestProvider.ALG_NAME)) {
throw new Exception("Wrong OID");
}
}
}
class TestProvider extends Provider {
static class TestProvider extends Provider {
public TestProvider() {
static String ALG_OID = "1.2.3.4.5.6.7.8.9.0";
static String ALG_NAME = "XYZ";
public TestProvider() {
super("Dummy", "1.0", "XYZ algorithm");
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
put("Signature.XYZ", "test.xyz");
// preferred OID
put("Alg.Alias.Signature.OID.1.2.3.4.5.6.7.8.9.0",
"XYZ");
put("Alg.Alias.Signature.9.8.7.6.5.4.3.2.1.0",
"XYZ");
return null;
}
});
put("Signature." + ALG_NAME, "test.xyz");
// preferred OID
put("Alg.Alias.Signature.OID." + ALG_OID,
ALG_NAME);
put("Alg.Alias.Signature.9.8.7.6.5.4.3.2.1.0",
ALG_NAME);
return null;
}
});
}
}
}

4
test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java

@ -23,7 +23,7 @@
/*
* @test
* @bug 8049237
* @bug 8049237 8242151
* @modules java.base/sun.security.x509
* java.base/sun.security.util
* jdk.crypto.ec
@ -155,7 +155,7 @@ public class V3Certificate {
GeneralName ip = new GeneralName(ipInf);
GeneralNameInterface oidInf =
new OIDName(new ObjectIdentifier("1.2.3.4"));
new OIDName(ObjectIdentifier.of("1.2.3.4"));
GeneralName oid = new GeneralName(oidInf);
SubjectAlternativeNameExtension subjectName

6
test/jdk/sun/security/x509/equalNames/AltNamesEqualsTest.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -24,7 +24,7 @@
/*
* @test
* @summary Make sure names that are equal are treated as such.
* @bug 4273559
* @bug 4273559 8242151
* @author Yassir Elley
* @modules java.base/sun.security.util
* java.base/sun.security.x509
@ -114,7 +114,7 @@ public class AltNamesEqualsTest{
throws Exception
{
OIDName oidName = null;
ObjectIdentifier oid = new ObjectIdentifier(name);
ObjectIdentifier oid = ObjectIdentifier.of(name);
oidName = new OIDName(oid);
return oidName;
}