8291509: Minor cleanup could be done in sun.security
Reviewed-by: weijun
This commit is contained in:
parent
6beeb8471c
commit
4cec141a90
src/java.base/share/classes/sun/security
action
internal
interfaces
spec
jca
pkcs
ContentInfo.javaEncryptedPrivateKeyInfo.javaPKCS7.javaPKCS8Key.javaPKCS9Attribute.javaPKCS9Attributes.javaSignerInfo.javaSigningCertificateInfo.java
pkcs10
pkcs12
provider
AbstractDrbg.javaAbstractHashDrbg.javaConfigFile.javaCtrDrbg.javaDRBG.javaDSA.javaDSAKeyFactory.javaDSAKeyPairGenerator.javaDSAParameterGenerator.javaDSAPrivateKey.javaDSAPublicKey.javaDomainKeyStore.javaHashDrbg.javaHmacDrbg.javaJavaKeyStore.javaKeyProtector.javaMD4.javaMD5.javaParameterCache.javaPolicyParser.javaSHA3.javaSHA5.javaSecureRandom.javaSeedGenerator.javaSubjectCodeSource.javaSunEntries.javaX509Factory.java
certpath
AdaptableX509CertSelector.javaAdjacencyList.javaAlgorithmChecker.javaBuildStep.javaBuilder.javaCertId.javaCertPathHelper.javaCollectionCertStore.javaConstraintsChecker.javaDistributionPointFetcher.javaForwardBuilder.javaForwardState.javaIndexedCollectionCertStore.javaKeyChecker.javaOCSP.javaOCSPNonceExtension.javaOCSPRequest.javaOCSPResponse.javaPKIX.javaPKIXMasterCertPathValidator.javaPolicyChecker.javaPolicyNodeImpl.javaResponderId.javaRevocationChecker.javaState.javaSunCertPathBuilder.javaSunCertPathBuilderException.javaSunCertPathBuilderResult.javaURICertStore.javaVertex.javaX509CertPath.javaX509CertificatePair.java
ssl
rsa
PSSParameters.javaRSACore.javaRSAKeyFactory.javaRSAKeyPairGenerator.javaRSAPSSSignature.javaRSAPadding.javaRSAPrivateCrtKeyImpl.javaRSAPublicKeyImpl.javaRSASignature.javaRSAUtil.javaSunRsaSignEntries.java
ssl
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -50,7 +50,7 @@ import java.security.AccessController;
|
||||
|
||||
public class GetBooleanAction
|
||||
implements java.security.PrivilegedAction<Boolean> {
|
||||
private String theProp;
|
||||
private final String theProp;
|
||||
|
||||
/**
|
||||
* Constructor that takes the name of the system property whose boolean
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -67,9 +67,9 @@ import java.security.AccessController;
|
||||
|
||||
public class GetIntegerAction
|
||||
implements java.security.PrivilegedAction<Integer> {
|
||||
private String theProp;
|
||||
private int defaultVal;
|
||||
private boolean defaultSet;
|
||||
private final String theProp;
|
||||
private final int defaultVal;
|
||||
private final boolean defaultSet;
|
||||
|
||||
/**
|
||||
* Constructor that takes the name of the system property whose integer
|
||||
@ -79,6 +79,8 @@ public class GetIntegerAction
|
||||
*/
|
||||
public GetIntegerAction(String theProp) {
|
||||
this.theProp = theProp;
|
||||
this.defaultVal = 0;
|
||||
this.defaultSet = false;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1998, 2006, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -64,9 +64,9 @@ package sun.security.action;
|
||||
*/
|
||||
|
||||
public class GetLongAction implements java.security.PrivilegedAction<Long> {
|
||||
private String theProp;
|
||||
private long defaultVal;
|
||||
private boolean defaultSet = false;
|
||||
private final String theProp;
|
||||
private final long defaultVal;
|
||||
private final boolean defaultSet;
|
||||
|
||||
/**
|
||||
* Constructor that takes the name of the system property whose
|
||||
@ -76,6 +76,8 @@ public class GetLongAction implements java.security.PrivilegedAction<Long> {
|
||||
*/
|
||||
public GetLongAction(String theProp) {
|
||||
this.theProp = theProp;
|
||||
this.defaultVal = 0;
|
||||
this.defaultSet = false;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -51,8 +51,8 @@ import java.util.Properties;
|
||||
*/
|
||||
|
||||
public class GetPropertyAction implements PrivilegedAction<String> {
|
||||
private String theProp;
|
||||
private String defaultVal;
|
||||
private final String theProp;
|
||||
private final String defaultVal;
|
||||
|
||||
/**
|
||||
* Constructor that takes the name of the system property whose
|
||||
@ -62,6 +62,7 @@ public class GetPropertyAction implements PrivilegedAction<String> {
|
||||
*/
|
||||
public GetPropertyAction(String theProp) {
|
||||
this.theProp = theProp;
|
||||
this.defaultVal = null;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -51,7 +51,7 @@ public interface TlsMasterSecret extends SecretKey {
|
||||
@Deprecated
|
||||
@SuppressWarnings("serial")
|
||||
@java.io.Serial
|
||||
public static final long serialVersionUID = -461748105810469773L;
|
||||
long serialVersionUID = -461748105810469773L;
|
||||
|
||||
/**
|
||||
* Returns the major version number encapsulated in the premaster secret
|
||||
@ -62,7 +62,7 @@ public interface TlsMasterSecret extends SecretKey {
|
||||
*
|
||||
* @return the major version number, or -1 if it is not available
|
||||
*/
|
||||
public int getMajorVersion();
|
||||
int getMajorVersion();
|
||||
|
||||
/**
|
||||
* Returns the minor version number encapsulated in the premaster secret
|
||||
@ -73,6 +73,6 @@ public interface TlsMasterSecret extends SecretKey {
|
||||
*
|
||||
* @return the major version number, or -1 if it is not available
|
||||
*/
|
||||
public int getMinorVersion();
|
||||
int getMinorVersion();
|
||||
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -94,7 +94,7 @@ public class TlsKeyMaterialParameterSpec implements AlgorithmParameterSpec {
|
||||
byte[] serverRandom, String cipherAlgorithm, int cipherKeyLength,
|
||||
int expandedCipherKeyLength, int ivLength, int macKeyLength,
|
||||
String prfHashAlg, int prfHashLength, int prfBlockSize) {
|
||||
if (masterSecret.getAlgorithm().equals("TlsMasterSecret") == false) {
|
||||
if (!masterSecret.getAlgorithm().equals("TlsMasterSecret")) {
|
||||
throw new IllegalArgumentException("Not a TLS master secret");
|
||||
}
|
||||
if (cipherAlgorithm == null) {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -31,7 +31,7 @@ import javax.crypto.SecretKey;
|
||||
|
||||
/**
|
||||
* Parameters for SSL/TLS master secret generation.
|
||||
* This class encapsulates the information necessary to calculate a SSL/TLS
|
||||
* This class encapsulates the information necessary to calculate an SSL/TLS
|
||||
* master secret from the premaster secret and other parameters.
|
||||
* It is used to initialize KeyGenerators of the type "TlsMasterSecret".
|
||||
*
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -99,18 +99,18 @@ public class TlsPrfParameterSpec implements AlgorithmParameterSpec {
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the label to use in the PRF calcuation.
|
||||
* Returns the label to use in the PRF calculation.
|
||||
*
|
||||
* @return the label to use in the PRF calcuation.
|
||||
* @return the label to use in the PRF calculation.
|
||||
*/
|
||||
public String getLabel() {
|
||||
return label;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a copy of the seed to use in the PRF calcuation.
|
||||
* Returns a copy of the seed to use in the PRF calculation.
|
||||
*
|
||||
* @return a copy of the seed to use in the PRF calcuation.
|
||||
* @return a copy of the seed to use in the PRF calculation.
|
||||
*/
|
||||
public byte[] getSeed() {
|
||||
return seed.clone();
|
||||
|
@ -128,7 +128,7 @@ public class GetInstance {
|
||||
|
||||
/**
|
||||
* Return a List of all the available Services that implement any of
|
||||
* the specified algorithms. See getServices(String, String) for detals.
|
||||
* the specified algorithms. See getServices(String, String) for details.
|
||||
*/
|
||||
public static List<Service> getServices(List<ServiceId> ids) {
|
||||
ProviderList list = Providers.getProviderList();
|
||||
@ -254,7 +254,7 @@ public class GetInstance {
|
||||
if (superClass == null) {
|
||||
return;
|
||||
}
|
||||
if (superClass.isAssignableFrom(subClass) == false) {
|
||||
if (!superClass.isAssignableFrom(subClass)) {
|
||||
throw new NoSuchAlgorithmException
|
||||
("class configured for " + s.getType() + ": "
|
||||
+ s.getClassName() + " not a " + s.getType());
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,8 +25,7 @@
|
||||
|
||||
package sun.security.jca;
|
||||
|
||||
import java.lang.ref.*;
|
||||
import java.security.*;
|
||||
import java.security.SecureRandom;
|
||||
|
||||
/**
|
||||
* Collection of static utility methods used by the security framework.
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -136,10 +136,9 @@ final class ProviderConfig {
|
||||
if (this == obj) {
|
||||
return true;
|
||||
}
|
||||
if (obj instanceof ProviderConfig == false) {
|
||||
if (!(obj instanceof ProviderConfig other)) {
|
||||
return false;
|
||||
}
|
||||
ProviderConfig other = (ProviderConfig)obj;
|
||||
return this.provName.equals(other.provName)
|
||||
&& this.argument.equals(other.argument);
|
||||
|
||||
@ -173,7 +172,7 @@ final class ProviderConfig {
|
||||
if (p != null) {
|
||||
return p;
|
||||
}
|
||||
if (shouldLoad() == false) {
|
||||
if (!shouldLoad()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@ -411,7 +410,7 @@ final class ProviderConfig {
|
||||
} catch (Exception e) {
|
||||
Throwable t;
|
||||
if (e instanceof InvocationTargetException) {
|
||||
t = ((InvocationTargetException)e).getCause();
|
||||
t = e.getCause();
|
||||
} else {
|
||||
t = e;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -126,7 +126,7 @@ public final class ProviderList {
|
||||
ProviderConfig[] configs = new ProviderConfig[providerList.size() - 1];
|
||||
int j = 0;
|
||||
for (ProviderConfig config : providerList.configs) {
|
||||
if (config.getProvider().getName().equals(name) == false) {
|
||||
if (!config.getProvider().getName().equals(name)) {
|
||||
configs[j++] = config;
|
||||
}
|
||||
}
|
||||
@ -150,10 +150,11 @@ public final class ProviderList {
|
||||
private volatile boolean allLoaded;
|
||||
|
||||
// List returned by providers()
|
||||
private final List<Provider> userList = new AbstractList<Provider>() {
|
||||
private final List<Provider> userList = new AbstractList<>() {
|
||||
public int size() {
|
||||
return configs.length;
|
||||
}
|
||||
|
||||
public Provider get(int index) {
|
||||
return getProvider(index);
|
||||
}
|
||||
@ -195,7 +196,7 @@ public final class ProviderList {
|
||||
}
|
||||
|
||||
// Get rid of duplicate providers.
|
||||
if (configList.contains(config) == false) {
|
||||
if (!configList.contains(config)) {
|
||||
configList.add(config);
|
||||
}
|
||||
i++;
|
||||
@ -364,7 +365,7 @@ public final class ProviderList {
|
||||
* algorithm.
|
||||
*/
|
||||
public Service getService(String type, String name) {
|
||||
ArrayList<PreferredEntry> pList = null;
|
||||
ArrayList<PreferredEntry> pList;
|
||||
int i;
|
||||
|
||||
// Preferred provider list
|
||||
@ -469,7 +470,7 @@ public final class ProviderList {
|
||||
firstService = s;
|
||||
} else {
|
||||
if (services == null) {
|
||||
services = new ArrayList<Service>(4);
|
||||
services = new ArrayList<>(4);
|
||||
services.add(firstService);
|
||||
}
|
||||
services.add(s);
|
||||
@ -562,7 +563,7 @@ public final class ProviderList {
|
||||
}
|
||||
|
||||
public Iterator<Service> iterator() {
|
||||
return new Iterator<Service>() {
|
||||
return new Iterator<>() {
|
||||
int index;
|
||||
|
||||
public boolean hasNext() {
|
||||
@ -587,7 +588,7 @@ public final class ProviderList {
|
||||
|
||||
// Provider list defined by jdk.security.provider.preferred entry
|
||||
static final class PreferredList {
|
||||
ArrayList<PreferredEntry> list = new ArrayList<PreferredEntry>();
|
||||
ArrayList<PreferredEntry> list = new ArrayList<>();
|
||||
|
||||
/*
|
||||
* Return a list of all preferred entries that match the passed
|
||||
@ -599,7 +600,7 @@ public final class ProviderList {
|
||||
|
||||
}
|
||||
|
||||
ArrayList<PreferredEntry> l = new ArrayList<PreferredEntry>();
|
||||
ArrayList<PreferredEntry> l = new ArrayList<>();
|
||||
for (ServiceId id : s.ids) {
|
||||
implGetAll(l, id.type, id.algorithm);
|
||||
}
|
||||
@ -612,7 +613,7 @@ public final class ProviderList {
|
||||
* type and algorithm.
|
||||
*/
|
||||
ArrayList<PreferredEntry> getAll(String type, String algorithm) {
|
||||
ArrayList<PreferredEntry> l = new ArrayList<PreferredEntry>();
|
||||
ArrayList<PreferredEntry> l = new ArrayList<>();
|
||||
implGetAll(l, type, algorithm);
|
||||
return l;
|
||||
}
|
||||
@ -655,27 +656,27 @@ public final class ProviderList {
|
||||
}
|
||||
|
||||
/* Defined Groups for jdk.security.provider.preferred */
|
||||
private static final String SHA2Group[] = { "SHA-224", "SHA-256",
|
||||
private static final String[] SHA2_GROUP = { "SHA-224", "SHA-256",
|
||||
"SHA-384", "SHA-512", "SHA-512/224", "SHA-512/256" };
|
||||
private static final String HmacSHA2Group[] = { "HmacSHA224",
|
||||
private static final String[] HMACSHA2_GROUP = { "HmacSHA224",
|
||||
"HmacSHA256", "HmacSHA384", "HmacSHA512"};
|
||||
private static final String SHA2RSAGroup[] = { "SHA224withRSA",
|
||||
private static final String[] SHA2RSA_GROUP = { "SHA224withRSA",
|
||||
"SHA256withRSA", "SHA384withRSA", "SHA512withRSA"};
|
||||
private static final String SHA2DSAGroup[] = { "SHA224withDSA",
|
||||
private static final String[] SHA2DSA_GROUP = { "SHA224withDSA",
|
||||
"SHA256withDSA", "SHA384withDSA", "SHA512withDSA"};
|
||||
private static final String SHA2ECDSAGroup[] = { "SHA224withECDSA",
|
||||
private static final String[] SHA2ECDSA_GROUP = { "SHA224withECDSA",
|
||||
"SHA256withECDSA", "SHA384withECDSA", "SHA512withECDSA"};
|
||||
private static final String SHA3Group[] = { "SHA3-224", "SHA3-256",
|
||||
private static final String[] SHA3_GROUP = { "SHA3-224", "SHA3-256",
|
||||
"SHA3-384", "SHA3-512" };
|
||||
private static final String HmacSHA3Group[] = { "HmacSHA3-224",
|
||||
private static final String[] HMACSHA3_GROUP = { "HmacSHA3-224",
|
||||
"HmacSHA3-256", "HmacSHA3-384", "HmacSHA3-512"};
|
||||
|
||||
// Individual preferred property entry from jdk.security.provider.preferred
|
||||
private static class PreferredEntry {
|
||||
private String type = null;
|
||||
private String algorithm;
|
||||
private String provider;
|
||||
private String alternateNames[] = null;
|
||||
private final String type;
|
||||
private final String algorithm;
|
||||
private final String provider;
|
||||
private final String[] alternateNames;
|
||||
private boolean group = false;
|
||||
|
||||
PreferredEntry(String t, String p) {
|
||||
@ -684,6 +685,7 @@ public final class ProviderList {
|
||||
type = t.substring(0, i);
|
||||
algorithm = t.substring(i + 1);
|
||||
} else {
|
||||
type = null;
|
||||
algorithm = t;
|
||||
}
|
||||
|
||||
@ -692,19 +694,21 @@ public final class ProviderList {
|
||||
if (type != null && type.compareToIgnoreCase("Group") == 0) {
|
||||
// Currently intrinsic algorithm groups
|
||||
if (algorithm.compareToIgnoreCase("SHA2") == 0) {
|
||||
alternateNames = SHA2Group;
|
||||
alternateNames = SHA2_GROUP;
|
||||
} else if (algorithm.compareToIgnoreCase("HmacSHA2") == 0) {
|
||||
alternateNames = HmacSHA2Group;
|
||||
alternateNames = HMACSHA2_GROUP;
|
||||
} else if (algorithm.compareToIgnoreCase("SHA2RSA") == 0) {
|
||||
alternateNames = SHA2RSAGroup;
|
||||
alternateNames = SHA2RSA_GROUP;
|
||||
} else if (algorithm.compareToIgnoreCase("SHA2DSA") == 0) {
|
||||
alternateNames = SHA2DSAGroup;
|
||||
alternateNames = SHA2DSA_GROUP;
|
||||
} else if (algorithm.compareToIgnoreCase("SHA2ECDSA") == 0) {
|
||||
alternateNames = SHA2ECDSAGroup;
|
||||
alternateNames = SHA2ECDSA_GROUP;
|
||||
} else if (algorithm.compareToIgnoreCase("SHA3") == 0) {
|
||||
alternateNames = SHA3Group;
|
||||
alternateNames = SHA3_GROUP;
|
||||
} else if (algorithm.compareToIgnoreCase("HmacSHA3") == 0) {
|
||||
alternateNames = HmacSHA3Group;
|
||||
alternateNames = HMACSHA3_GROUP;
|
||||
} else {
|
||||
alternateNames = null;
|
||||
}
|
||||
if (alternateNames != null) {
|
||||
group = true;
|
||||
@ -715,6 +719,8 @@ public final class ProviderList {
|
||||
alternateNames = new String[] { "SHA-1" };
|
||||
} else if (algorithm.compareToIgnoreCase("SHA-1") == 0) {
|
||||
alternateNames = new String[] { "SHA1" };
|
||||
} else {
|
||||
alternateNames = null;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -62,7 +62,7 @@ public class Providers {
|
||||
// After the switch to modules, JDK providers are all in modules and JDK
|
||||
// no longer needs to load signed jars during start up.
|
||||
//
|
||||
// However, for earlier releases, it need special handling to resolve
|
||||
// However, for earlier releases, it needs special handling to resolve
|
||||
// circularities when loading signed JAR files during startup. The code
|
||||
// below is part of that.
|
||||
//
|
||||
@ -101,7 +101,7 @@ public class Providers {
|
||||
/**
|
||||
* Start JAR verification. This sets a special provider list for
|
||||
* the current thread. You MUST save the return value from this
|
||||
* method and you MUST call stopJarVerification() with that object
|
||||
* method, and you MUST call stopJarVerification() with that object
|
||||
* once you are done.
|
||||
*/
|
||||
public static Object startJarVerification() {
|
||||
@ -131,7 +131,7 @@ public class Providers {
|
||||
|
||||
/**
|
||||
* Return the current ProviderList. If the thread-local list is set,
|
||||
* it is returned. Otherwise, the system wide list is returned.
|
||||
* it is returned. Otherwise, the system-wide list is returned.
|
||||
*/
|
||||
public static ProviderList getProviderList() {
|
||||
ProviderList list = getThreadProviderList();
|
||||
@ -143,7 +143,7 @@ public class Providers {
|
||||
|
||||
/**
|
||||
* Set the current ProviderList. Affects the thread-local list if set,
|
||||
* otherwise the system wide list.
|
||||
* otherwise the system-wide list.
|
||||
*/
|
||||
public static void setProviderList(ProviderList newList) {
|
||||
if (getThreadProviderList() == null) {
|
||||
|
@ -90,8 +90,7 @@ public class ContentInfo {
|
||||
* Parses a PKCS#7 content info.
|
||||
*/
|
||||
public ContentInfo(DerInputStream derin)
|
||||
throws IOException, ParsingException
|
||||
{
|
||||
throws IOException {
|
||||
this(derin, false);
|
||||
}
|
||||
|
||||
@ -102,12 +101,11 @@ public class ContentInfo {
|
||||
* PKCS#7 blocks that were generated using JDK1.1.x.
|
||||
*
|
||||
* @param derin the ASN.1 encoding of the content info.
|
||||
* @param oldStyle flag indicating whether or not the given content info
|
||||
* @param oldStyle flag indicating whether the given content info
|
||||
* is encoded according to JDK1.1.x.
|
||||
*/
|
||||
public ContentInfo(DerInputStream derin, boolean oldStyle)
|
||||
throws IOException, ParsingException
|
||||
{
|
||||
throws IOException {
|
||||
DerInputStream disType;
|
||||
DerInputStream disTaggedContent;
|
||||
DerValue type;
|
||||
@ -177,7 +175,7 @@ public class ContentInfo {
|
||||
|
||||
// content is optional, it could be external
|
||||
if (content != null) {
|
||||
DerValue taggedContent = null;
|
||||
DerValue taggedContent;
|
||||
contentDerCode = new DerOutputStream();
|
||||
content.encode(contentDerCode);
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1998, 1999, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -47,10 +47,10 @@ import sun.security.util.DerOutputStream;
|
||||
public class EncryptedPrivateKeyInfo {
|
||||
|
||||
// the "encryptionAlgorithm" field
|
||||
private AlgorithmId algid;
|
||||
private final AlgorithmId algid;
|
||||
|
||||
// the "encryptedData" field
|
||||
private byte[] encryptedData;
|
||||
private final byte[] encryptedData;
|
||||
|
||||
// the ASN.1 encoded contents of this class
|
||||
private byte[] encoded;
|
||||
|
@ -90,7 +90,7 @@ public class PKCS7 {
|
||||
* @exception ParsingException on parsing errors.
|
||||
* @exception IOException on other errors.
|
||||
*/
|
||||
public PKCS7(InputStream in) throws ParsingException, IOException {
|
||||
public PKCS7(InputStream in) throws IOException {
|
||||
DataInputStream dis = new DataInputStream(in);
|
||||
byte[] data = new byte[dis.available()];
|
||||
dis.readFully(data);
|
||||
@ -158,7 +158,7 @@ public class PKCS7 {
|
||||
* Parses a PKCS#7 block.
|
||||
*
|
||||
* @param derin the ASN.1 encoding of the PKCS#7 block.
|
||||
* @param oldStyle flag indicating whether or not the given PKCS#7 block
|
||||
* @param oldStyle flag indicating whether the given PKCS#7 block
|
||||
* is encoded according to JDK1.1.x.
|
||||
*/
|
||||
private void parse(DerInputStream derin, boolean oldStyle)
|
||||
@ -212,8 +212,7 @@ public class PKCS7 {
|
||||
this(digestAlgorithmIds, contentInfo, certificates, null, signerInfos);
|
||||
}
|
||||
|
||||
private void parseNetscapeCertChain(DerValue val)
|
||||
throws ParsingException, IOException {
|
||||
private void parseNetscapeCertChain(DerValue val) throws IOException {
|
||||
DerInputStream dis = new DerInputStream(val.toByteArray());
|
||||
DerValue[] contents = dis.getSequence(2);
|
||||
certificates = new X509Certificate[contents.length];
|
||||
@ -259,9 +258,7 @@ public class PKCS7 {
|
||||
// crls
|
||||
// [1] IMPLICIT CertificateRevocationLists OPTIONAL,
|
||||
// signerInfos SignerInfos }
|
||||
private void parseSignedData(DerValue val)
|
||||
throws ParsingException, IOException {
|
||||
|
||||
private void parseSignedData(DerValue val) throws IOException {
|
||||
DerInputStream dis = val.toDerInputStream();
|
||||
|
||||
// Version
|
||||
@ -385,9 +382,7 @@ public class PKCS7 {
|
||||
* Parses an old-style SignedData encoding (for backwards
|
||||
* compatibility with JDK1.1.x).
|
||||
*/
|
||||
private void parseOldSignedData(DerValue val)
|
||||
throws ParsingException, IOException
|
||||
{
|
||||
private void parseOldSignedData(DerValue val) throws IOException {
|
||||
DerInputStream dis = val.toDerInputStream();
|
||||
|
||||
// Version
|
||||
@ -531,7 +526,7 @@ public class PKCS7 {
|
||||
// Add the CRL set (tagged with [1] IMPLICIT)
|
||||
// to the signed data
|
||||
signedData.putOrderedSetOf((byte)0xA1,
|
||||
implCRLs.toArray(new X509CRLImpl[implCRLs.size()]));
|
||||
implCRLs.toArray(new X509CRLImpl[0]));
|
||||
}
|
||||
|
||||
// signerInfos
|
||||
@ -765,8 +760,8 @@ public class PKCS7 {
|
||||
* @param privateKey signer's private ky
|
||||
* @param signerChain signer's certificate chain
|
||||
* @param content the content to sign
|
||||
* @param internalsf whether the content should be include in output
|
||||
* @param directsign if the content is signed directly or thru authattrs
|
||||
* @param internalsf whether the content should be included in output
|
||||
* @param directsign if the content is signed directly or through authattrs
|
||||
* @param ts (optional) timestamper
|
||||
* @return the pkcs7 output in an array
|
||||
* @throws SignatureException if signing failed
|
||||
@ -1012,8 +1007,8 @@ public class PKCS7 {
|
||||
throws IOException, CertificateException
|
||||
{
|
||||
// Generate a timestamp
|
||||
MessageDigest messageDigest = null;
|
||||
TSRequest tsQuery = null;
|
||||
MessageDigest messageDigest;
|
||||
TSRequest tsQuery;
|
||||
try {
|
||||
messageDigest = MessageDigest.getInstance(tSADigestAlg);
|
||||
tsQuery = new TSRequest(tSAPolicyID, toBeTimestamped, messageDigest);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -78,14 +78,14 @@ public class PKCS8Key implements PrivateKey {
|
||||
private static final int V2 = 1;
|
||||
|
||||
/**
|
||||
* Default constructor. Constructors in sub-classes that create a new key
|
||||
* Default constructor. Constructors in subclasses that create a new key
|
||||
* from its components require this. These constructors must initialize
|
||||
* {@link #algid} and {@link #key}.
|
||||
*/
|
||||
protected PKCS8Key() { }
|
||||
|
||||
/**
|
||||
* Another constructor. Constructors in sub-classes that create a new key
|
||||
* Another constructor. Constructors in subclasses that create a new key
|
||||
* from an encoded byte array require this. We do not assign this
|
||||
* encoding to {@link #encodedKey} directly.
|
||||
*
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -29,6 +29,7 @@ import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.util.Date;
|
||||
|
||||
import sun.security.x509.CertificateExtensions;
|
||||
import sun.security.util.*;
|
||||
|
||||
@ -507,10 +508,7 @@ public class PKCS9Attribute implements DerEncoder {
|
||||
break;
|
||||
|
||||
case 17: // SignatureTimestampToken attribute
|
||||
value = elems[0].toByteArray();
|
||||
break;
|
||||
|
||||
case 18: // CMSAlgorithmProtection
|
||||
case 18: // CMSAlgorithmProtection
|
||||
value = elems[0].toByteArray();
|
||||
break;
|
||||
|
||||
@ -638,9 +636,6 @@ public class PKCS9Attribute implements DerEncoder {
|
||||
// break unnecessary
|
||||
|
||||
case 17: // SignatureTimestampToken
|
||||
temp.write(DerValue.tag_Set, (byte[])value);
|
||||
break;
|
||||
|
||||
case 18: // CMSAlgorithmProtection
|
||||
temp.write(DerValue.tag_Set, (byte[])value);
|
||||
break;
|
||||
@ -745,7 +740,6 @@ public class PKCS9Attribute implements DerEncoder {
|
||||
sb.append(value.toString());
|
||||
}
|
||||
sb.append("]");
|
||||
return sb.toString();
|
||||
} else { // multi-valued
|
||||
boolean first = true;
|
||||
Object[] values = (Object[]) value;
|
||||
@ -757,8 +751,8 @@ public class PKCS9Attribute implements DerEncoder {
|
||||
sb.append(", ");
|
||||
sb.append(curVal.toString());
|
||||
}
|
||||
return sb.toString();
|
||||
}
|
||||
return sb.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -28,6 +28,7 @@ package sun.security.pkcs;
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
import java.util.Hashtable;
|
||||
|
||||
import sun.security.util.DerEncoder;
|
||||
import sun.security.util.DerValue;
|
||||
import sun.security.util.DerInputStream;
|
||||
@ -44,7 +45,7 @@ public class PKCS9Attributes {
|
||||
* Attributes in this set indexed by OID.
|
||||
*/
|
||||
private final Hashtable<ObjectIdentifier, PKCS9Attribute> attributes =
|
||||
new Hashtable<ObjectIdentifier, PKCS9Attribute>(3);
|
||||
new Hashtable<>(3);
|
||||
|
||||
/**
|
||||
* The keys of this hashtable are the OIDs of permitted attributes.
|
||||
@ -123,7 +124,7 @@ public class PKCS9Attributes {
|
||||
*
|
||||
* @param in the contents of the DER encoding of the attribute set.
|
||||
* @param ignoreUnsupportedAttributes If true then any attributes
|
||||
* not supported by the PKCS9Attribute class are ignored. Otherwise
|
||||
* not supported by the PKCS9Attribute class are ignored. Otherwise,
|
||||
* unsupported attributes cause an exception to be thrown.
|
||||
* @exception IOException
|
||||
* on i/o error, encoding syntax error, or unsupported or
|
||||
@ -296,8 +297,7 @@ public class PKCS9Attributes {
|
||||
public Object getAttributeValue(ObjectIdentifier oid)
|
||||
throws IOException {
|
||||
try {
|
||||
Object value = getAttribute(oid).getValue();
|
||||
return value;
|
||||
return getAttribute(oid).getValue();
|
||||
} catch (NullPointerException ex) {
|
||||
throw new IOException("No value found for attribute " + oid);
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,30 +25,20 @@
|
||||
|
||||
package sun.security.pkcs;
|
||||
|
||||
import java.io.OutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
import java.math.BigInteger;
|
||||
import java.security.cert.CertPathValidatorException;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.CertPath;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.*;
|
||||
import java.security.cert.*;
|
||||
import java.security.spec.PSSParameterSpec;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.*;
|
||||
|
||||
import sun.security.provider.SHAKE256;
|
||||
import sun.security.timestamp.TimestampToken;
|
||||
import sun.security.util.*;
|
||||
import sun.security.x509.AlgorithmId;
|
||||
import sun.security.x509.X500Name;
|
||||
import sun.security.x509.KeyUsageExtension;
|
||||
import sun.security.x509.X500Name;
|
||||
|
||||
/**
|
||||
* A SignerInfo, as defined in PKCS#7's signedData type.
|
||||
@ -81,7 +71,7 @@ public class SignerInfo implements DerEncoder {
|
||||
* should also be checked (ex: if it is a signature algorithm).
|
||||
*/
|
||||
private record AlgorithmInfo(String field, boolean checkKey) {}
|
||||
private Map<AlgorithmId, AlgorithmInfo> algorithms = new HashMap<>();
|
||||
private final Map<AlgorithmId, AlgorithmInfo> algorithms = new HashMap<>();
|
||||
|
||||
public SignerInfo(X500Name issuerName,
|
||||
BigInteger serial,
|
||||
@ -112,9 +102,7 @@ public class SignerInfo implements DerEncoder {
|
||||
/**
|
||||
* Parses a PKCS#7 signer info.
|
||||
*/
|
||||
public SignerInfo(DerInputStream derin)
|
||||
throws IOException, ParsingException
|
||||
{
|
||||
public SignerInfo(DerInputStream derin) throws IOException {
|
||||
this(derin, false);
|
||||
}
|
||||
|
||||
@ -125,12 +113,11 @@ public class SignerInfo implements DerEncoder {
|
||||
* PKCS#7 blocks that were generated using JDK1.1.x.
|
||||
*
|
||||
* @param derin the ASN.1 encoding of the signer info.
|
||||
* @param oldStyle flag indicating whether or not the given signer info
|
||||
* @param oldStyle flag indicating whether the given signer info
|
||||
* is encoded according to JDK1.1.x.
|
||||
*/
|
||||
public SignerInfo(DerInputStream derin, boolean oldStyle)
|
||||
throws IOException, ParsingException
|
||||
{
|
||||
throws IOException {
|
||||
// version
|
||||
version = derin.getBigInteger();
|
||||
|
||||
@ -357,7 +344,7 @@ public class SignerInfo implements DerEncoder {
|
||||
|
||||
byte[] dataSigned;
|
||||
|
||||
// if there are authenticate attributes, get the message
|
||||
// if there are authenticated attributes, get the message
|
||||
// digest and compare it with the digest of data
|
||||
if (authenticatedAttributes == null) {
|
||||
dataSigned = data;
|
||||
@ -454,7 +441,7 @@ public class SignerInfo implements DerEncoder {
|
||||
if (keyUsageBits != null) {
|
||||
KeyUsageExtension keyUsage;
|
||||
try {
|
||||
// We don't care whether or not this extension was marked
|
||||
// We don't care whether this extension was marked
|
||||
// critical in the certificate.
|
||||
// We're interested only in its value (i.e., the bits set)
|
||||
// and treat the extension as critical.
|
||||
@ -737,7 +724,7 @@ public class SignerInfo implements DerEncoder {
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify all of the algorithms in the array of SignerInfos against the
|
||||
* Verify all the algorithms in the array of SignerInfos against the
|
||||
* constraints in the jdk.jar.disabledAlgorithms security property.
|
||||
*
|
||||
* @param infos array of SignerInfos
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -26,11 +26,9 @@
|
||||
package sun.security.pkcs;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
|
||||
import sun.security.util.HexDumpEncoder;
|
||||
import sun.security.util.DerInputStream;
|
||||
import sun.security.util.DerValue;
|
||||
import sun.security.util.HexDumpEncoder;
|
||||
import sun.security.x509.GeneralNames;
|
||||
import sun.security.x509.SerialNumber;
|
||||
|
||||
@ -83,8 +81,6 @@ import sun.security.x509.SerialNumber;
|
||||
*/
|
||||
public class SigningCertificateInfo {
|
||||
|
||||
private byte[] ber = null;
|
||||
|
||||
private ESSCertId[] certId = null;
|
||||
|
||||
public SigningCertificateInfo(byte[] ber) throws IOException {
|
||||
@ -132,9 +128,9 @@ class ESSCertId {
|
||||
|
||||
private static volatile HexDumpEncoder hexDumper;
|
||||
|
||||
private byte[] certHash;
|
||||
private GeneralNames issuer;
|
||||
private SerialNumber serialNumber;
|
||||
private final byte[] certHash;
|
||||
private final GeneralNames issuer;
|
||||
private final SerialNumber serialNumber;
|
||||
|
||||
ESSCertId(DerValue certId) throws IOException {
|
||||
// Parse certHash
|
||||
@ -147,6 +143,9 @@ class ESSCertId {
|
||||
issuer = new GeneralNames(issuerSerial.data.getDerValue());
|
||||
// Parse serialNumber
|
||||
serialNumber = new SerialNumber(issuerSerial.data.getDerValue());
|
||||
} else {
|
||||
issuer = null;
|
||||
serialNumber = null;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -361,9 +361,9 @@ public class PKCS10 {
|
||||
return(retval);
|
||||
}
|
||||
|
||||
private X500Name subject;
|
||||
private PublicKey subjectPublicKeyInfo;
|
||||
private String sigAlg;
|
||||
private PKCS10Attributes attributeSet;
|
||||
private byte[] encoded; // signed
|
||||
private X500Name subject;
|
||||
private final PublicKey subjectPublicKeyInfo;
|
||||
private String sigAlg;
|
||||
private final PKCS10Attributes attributeSet;
|
||||
private byte[] encoded; // signed
|
||||
}
|
||||
|
@ -56,8 +56,8 @@ import sun.security.util.*;
|
||||
*/
|
||||
public class PKCS10Attribute implements DerEncoder {
|
||||
|
||||
protected ObjectIdentifier attributeId = null;
|
||||
protected Object attributeValue = null;
|
||||
protected ObjectIdentifier attributeId;
|
||||
protected Object attributeValue;
|
||||
|
||||
/**
|
||||
* Constructs an attribute from a DER encoding.
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -27,13 +27,15 @@ package sun.security.pkcs10;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.Enumeration;
|
||||
import java.util.Hashtable;
|
||||
|
||||
import sun.security.util.*;
|
||||
import sun.security.util.DerEncoder;
|
||||
import sun.security.util.DerInputStream;
|
||||
import sun.security.util.DerOutputStream;
|
||||
import sun.security.util.DerValue;
|
||||
|
||||
/**
|
||||
* This class defines the PKCS10 attributes for the request.
|
||||
@ -49,8 +51,8 @@ import sun.security.util.*;
|
||||
*/
|
||||
public class PKCS10Attributes implements DerEncoder {
|
||||
|
||||
private Hashtable<String, PKCS10Attribute> map =
|
||||
new Hashtable<String, PKCS10Attribute>(3);
|
||||
private final Hashtable<String, PKCS10Attribute> map =
|
||||
new Hashtable<>(3);
|
||||
|
||||
/**
|
||||
* Default constructor for the PKCS10 attribute.
|
||||
@ -174,18 +176,16 @@ public class PKCS10Attributes implements DerEncoder {
|
||||
Collection<PKCS10Attribute> othersAttribs =
|
||||
((PKCS10Attributes)other).getAttributes();
|
||||
PKCS10Attribute[] attrs =
|
||||
othersAttribs.toArray(new PKCS10Attribute[othersAttribs.size()]);
|
||||
othersAttribs.toArray(new PKCS10Attribute[0]);
|
||||
int len = attrs.length;
|
||||
if (len != map.size())
|
||||
return false;
|
||||
PKCS10Attribute thisAttr, otherAttr;
|
||||
String key = null;
|
||||
String key;
|
||||
for (int i=0; i < len; i++) {
|
||||
otherAttr = attrs[i];
|
||||
key = otherAttr.getAttributeId().toString();
|
||||
|
||||
if (key == null)
|
||||
return false;
|
||||
thisAttr = map.get(key);
|
||||
if (thisAttr == null)
|
||||
return false;
|
||||
@ -213,7 +213,6 @@ public class PKCS10Attributes implements DerEncoder {
|
||||
* @return a string representation of this PKCS10Attributes.
|
||||
*/
|
||||
public String toString() {
|
||||
String s = map.size() + "\n" + map.toString();
|
||||
return s;
|
||||
return map.size() + "\n" + map;
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -43,11 +43,11 @@ import sun.security.pkcs.ParsingException;
|
||||
|
||||
class MacData {
|
||||
|
||||
private String digestAlgorithmName;
|
||||
private final String digestAlgorithmName;
|
||||
private AlgorithmParameters digestAlgorithmParams;
|
||||
private byte[] digest;
|
||||
private byte[] macSalt;
|
||||
private int iterations;
|
||||
private final byte[] digest;
|
||||
private final byte[] macSalt;
|
||||
private final int iterations;
|
||||
|
||||
// the ASN.1 encoded contents of this class
|
||||
private byte[] encoded = null;
|
||||
@ -55,9 +55,7 @@ class MacData {
|
||||
/**
|
||||
* Parses a PKCS#12 MAC data.
|
||||
*/
|
||||
MacData(DerInputStream derin)
|
||||
throws IOException, ParsingException
|
||||
{
|
||||
MacData(DerInputStream derin) throws IOException {
|
||||
DerValue[] macData = derin.getSequence(2);
|
||||
if (macData.length < 2 || macData.length > 3) {
|
||||
throw new ParsingException("Invalid length for MacData");
|
||||
|
@ -212,12 +212,12 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
private static class PrivateKeyEntry extends KeyEntry {
|
||||
byte[] protectedPrivKey;
|
||||
Certificate[] chain;
|
||||
};
|
||||
}
|
||||
|
||||
// A secret key
|
||||
private static class SecretKeyEntry extends KeyEntry {
|
||||
byte[] protectedSecretKey;
|
||||
};
|
||||
}
|
||||
|
||||
// A certificate entry
|
||||
private static class CertEntry extends Entry {
|
||||
@ -272,12 +272,12 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
* Private keys and certificates are stored in a map.
|
||||
* Map entries are keyed by alias names.
|
||||
*/
|
||||
private Map<String, Entry> entries =
|
||||
Collections.synchronizedMap(new LinkedHashMap<String, Entry>());
|
||||
private final Map<String, Entry> entries =
|
||||
Collections.synchronizedMap(new LinkedHashMap<>());
|
||||
|
||||
private ArrayList<KeyEntry> keyList = new ArrayList<KeyEntry>();
|
||||
private List<X509Certificate> allCerts = new ArrayList<>();
|
||||
private ArrayList<CertEntry> certEntries = new ArrayList<CertEntry>();
|
||||
private final ArrayList<KeyEntry> keyList = new ArrayList<>();
|
||||
private final List<X509Certificate> allCerts = new ArrayList<>();
|
||||
private final ArrayList<CertEntry> certEntries = new ArrayList<>();
|
||||
|
||||
/**
|
||||
* Returns the key associated with the given alias, using the given
|
||||
@ -298,14 +298,14 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
throws NoSuchAlgorithmException, UnrecoverableKeyException
|
||||
{
|
||||
Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));
|
||||
Key key = null;
|
||||
Key key;
|
||||
|
||||
if (!(entry instanceof KeyEntry)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// get the encoded private key or secret key
|
||||
byte[] encrBytes = null;
|
||||
byte[] encrBytes;
|
||||
if (entry instanceof PrivateKeyEntry) {
|
||||
encrBytes = ((PrivateKeyEntry) entry).protectedPrivKey;
|
||||
} else if (entry instanceof SecretKeyEntry) {
|
||||
@ -866,7 +866,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
*/
|
||||
private SecretKey getPBEKey(char[] password) throws IOException
|
||||
{
|
||||
SecretKey skey = null;
|
||||
SecretKey skey;
|
||||
|
||||
PBEKeySpec keySpec = new PBEKeySpec(password);
|
||||
try {
|
||||
@ -900,9 +900,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
*/
|
||||
private byte[] encryptPrivateKey(byte[] data,
|
||||
KeyStore.PasswordProtection passwordProtection)
|
||||
throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException
|
||||
throws UnrecoverableKeyException
|
||||
{
|
||||
byte[] key = null;
|
||||
byte[] key;
|
||||
|
||||
try {
|
||||
String algorithm;
|
||||
@ -1043,8 +1043,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
}
|
||||
|
||||
Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));
|
||||
if (entry instanceof PrivateKeyEntry) {
|
||||
PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry;
|
||||
if (entry instanceof PrivateKeyEntry keyEntry) {
|
||||
if (keyEntry.chain != null) {
|
||||
certificateCount -= keyEntry.chain.length;
|
||||
}
|
||||
@ -1107,12 +1106,8 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
*/
|
||||
public boolean engineIsCertificateEntry(String alias) {
|
||||
Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));
|
||||
if (entry instanceof CertEntry certEntry &&
|
||||
certEntry.trustedKeyUsage != null) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
return entry instanceof CertEntry certEntry &&
|
||||
certEntry.trustedKeyUsage != null;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1455,7 +1450,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
} else {
|
||||
KeyStore.SecretKeyEntry ske = (KeyStore.SecretKeyEntry)entry;
|
||||
setKeyEntry(alias, ske.getSecretKey(), pProtect,
|
||||
(Certificate[])null, ske.getAttributes());
|
||||
null, ske.getAttributes());
|
||||
|
||||
return;
|
||||
}
|
||||
@ -1514,7 +1509,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
private byte[] calculateMac(char[] passwd, byte[] data)
|
||||
throws IOException
|
||||
{
|
||||
byte[] mData = null;
|
||||
byte[] mData;
|
||||
String algName = macAlgorithm.substring(7);
|
||||
|
||||
try {
|
||||
@ -1598,7 +1593,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
* unique, and the corresponding private key should have the same
|
||||
* localKeyID. For trusted CA certs in the cert-chain, localKeyID
|
||||
* attribute is not required, hence most vendors don't include it.
|
||||
* NSS/Netscape require it to be unique or null, where as IE/OpenSSL
|
||||
* NSS/Netscape require it to be unique or null, whereas IE/OpenSSL
|
||||
* ignore it.
|
||||
*
|
||||
* Here is a list of pkcs12 attribute values in CertBags.
|
||||
@ -1632,8 +1627,8 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
byte[] friendlyName = null;
|
||||
byte[] trustedKeyUsage = null;
|
||||
|
||||
// return null if all three attributes are null
|
||||
if ((alias == null) && (keyId == null) && (trustedKeyUsage == null)) {
|
||||
// return null if both attributes are null
|
||||
if (alias == null && keyId == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@ -1723,13 +1718,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
// certificate chain
|
||||
Certificate[] certs;
|
||||
|
||||
if (entry instanceof PrivateKeyEntry) {
|
||||
PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry;
|
||||
if (keyEntry.chain != null) {
|
||||
certs = keyEntry.chain;
|
||||
} else {
|
||||
certs = new Certificate[0];
|
||||
}
|
||||
if (entry instanceof PrivateKeyEntry keyEntry) {
|
||||
certs = (keyEntry.chain != null) ?
|
||||
keyEntry.chain : new Certificate[0];
|
||||
} else if (entry instanceof CertEntry) {
|
||||
certs = new Certificate[]{((CertEntry) entry).cert};
|
||||
} else {
|
||||
@ -1767,11 +1758,10 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
// write SafeBag Attributes
|
||||
// All Certs should have a unique friendlyName.
|
||||
// This change is made to meet NSS requirements.
|
||||
byte[] bagAttrs = null;
|
||||
byte[] bagAttrs;
|
||||
if (i == 0) {
|
||||
// Only End-Entity Cert should have a localKeyId.
|
||||
if (entry instanceof KeyEntry) {
|
||||
KeyEntry keyEntry = (KeyEntry) entry;
|
||||
if (entry instanceof KeyEntry keyEntry) {
|
||||
bagAttrs =
|
||||
getBagAttributes(keyEntry.alias, keyEntry.keyId,
|
||||
keyEntry.attributes);
|
||||
@ -1815,8 +1805,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
* Each PKCS8ShroudedKeyBag includes pkcs12 attributes
|
||||
* (see comments in getBagAttributes)
|
||||
*/
|
||||
private byte[] createSafeContent()
|
||||
throws CertificateException, IOException {
|
||||
private byte[] createSafeContent() throws IOException {
|
||||
|
||||
DerOutputStream out = new DerOutputStream();
|
||||
for (Enumeration<String> e = engineAliases(); e.hasMoreElements(); ) {
|
||||
@ -1835,7 +1824,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
|
||||
// get the encrypted private key
|
||||
byte[] encrBytes = ((PrivateKeyEntry)keyEntry).protectedPrivKey;
|
||||
EncryptedPrivateKeyInfo encrInfo = null;
|
||||
EncryptedPrivateKeyInfo encrInfo;
|
||||
try {
|
||||
encrInfo = new EncryptedPrivateKeyInfo(encrBytes);
|
||||
|
||||
@ -1908,7 +1897,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
private byte[] encryptContent(byte[] data, char[] password)
|
||||
throws IOException {
|
||||
|
||||
byte[] encryptedData = null;
|
||||
byte[] encryptedData;
|
||||
|
||||
|
||||
try {
|
||||
@ -2215,12 +2204,11 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
* Match up private keys with certificate chains.
|
||||
*/
|
||||
PrivateKeyEntry[] list =
|
||||
keyList.toArray(new PrivateKeyEntry[keyList.size()]);
|
||||
keyList.toArray(new PrivateKeyEntry[0]);
|
||||
for (int m = 0; m < list.length; m++) {
|
||||
PrivateKeyEntry entry = list[m];
|
||||
if (entry.keyId != null) {
|
||||
ArrayList<X509Certificate> chain =
|
||||
new ArrayList<X509Certificate>();
|
||||
ArrayList<X509Certificate> chain = new ArrayList<>();
|
||||
X509Certificate cert = findMatchedCertificate(entry);
|
||||
|
||||
mainloop:
|
||||
@ -2248,7 +2236,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
}
|
||||
/* Update existing KeyEntry in entries table */
|
||||
if (chain.size() > 0) {
|
||||
entry.chain = chain.toArray(new Certificate[chain.size()]);
|
||||
entry.chain = chain.toArray(new Certificate[0]);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -2396,8 +2384,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
}
|
||||
|
||||
private void loadSafeContents(DerInputStream stream)
|
||||
throws IOException, NoSuchAlgorithmException, CertificateException
|
||||
{
|
||||
throws IOException, CertificateException {
|
||||
DerValue[] safeBags = stream.getSequence(2);
|
||||
int count = safeBags.length;
|
||||
|
||||
@ -2517,14 +2504,13 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
/*
|
||||
* As per PKCS12 v1.0 friendlyname (alias) and localKeyId (keyId)
|
||||
* are optional PKCS12 bagAttributes. But entries in the keyStore
|
||||
* are identified by their alias. Hence we need to have an
|
||||
* are identified by their alias. Hence, we need to have an
|
||||
* Unfriendlyname in the alias, if alias is null. The keyId
|
||||
* attribute is required to match the private key with the
|
||||
* certificate. If we get a bagItem of type KeyEntry with a
|
||||
* null keyId, we should skip it entirely.
|
||||
*/
|
||||
if (bagItem instanceof KeyEntry) {
|
||||
KeyEntry entry = (KeyEntry)bagItem;
|
||||
if (bagItem instanceof KeyEntry entry) {
|
||||
|
||||
if (keyId == null) {
|
||||
if (bagItem instanceof PrivateKeyEntry) {
|
||||
@ -2551,7 +2537,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
date = new Date(
|
||||
Long.parseLong(keyIdStr.substring(5)));
|
||||
} catch (Exception e) {
|
||||
date = null;
|
||||
// date has been initialized to null
|
||||
}
|
||||
}
|
||||
if (date == null) {
|
||||
@ -2560,7 +2546,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
entry.date = date;
|
||||
|
||||
if (bagItem instanceof PrivateKeyEntry) {
|
||||
keyList.add((PrivateKeyEntry) entry);
|
||||
keyList.add(entry);
|
||||
}
|
||||
if (entry.attributes == null) {
|
||||
entry.attributes = new HashSet<>();
|
||||
@ -2572,8 +2558,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
|
||||
entry.alias = alias;
|
||||
entries.put(alias.toLowerCase(Locale.ENGLISH), entry);
|
||||
|
||||
} else if (bagItem instanceof X509Certificate) {
|
||||
X509Certificate cert = (X509Certificate)bagItem;
|
||||
} else if (bagItem instanceof X509Certificate cert) {
|
||||
// Insert a localKeyID for the corresponding cert
|
||||
// Note: This is a workaround to allow null localKeyID
|
||||
// attribute in pkcs12 with one private key entry and
|
||||
|
@ -57,7 +57,7 @@ import static java.security.DrbgParameters.Capability.*;
|
||||
* <p>
|
||||
* SecureRandom methods like reseed and nextBytes are not thread-safe.
|
||||
* An implementation is required to protect shared access to instantiate states
|
||||
* (instantiated, nonce) and DRBG states (v, c, key, reseedCounter, etc).
|
||||
* (instantiated, nonce) and DRBG states (v, c, key, reseedCounter, etc.).
|
||||
*/
|
||||
public abstract class AbstractDrbg {
|
||||
|
||||
@ -78,7 +78,7 @@ public abstract class AbstractDrbg {
|
||||
* after each random bits generation and reset it in reseed. A mechanism
|
||||
* does <em>not</em> need to compare it to {@link #reseedInterval}.
|
||||
*
|
||||
* Volatile, will be used in a double checked locking.
|
||||
* Volatile, will be used in double-checked locking.
|
||||
*/
|
||||
protected volatile int reseedCounter;
|
||||
|
||||
@ -343,12 +343,10 @@ public abstract class AbstractDrbg {
|
||||
if (debug != null) {
|
||||
debug.println(this, "nextBytes");
|
||||
}
|
||||
if (params instanceof DrbgParameters.NextBytes) {
|
||||
if (params instanceof DrbgParameters.NextBytes dp) {
|
||||
|
||||
// 800-90Ar1 9.3: Generate Process.
|
||||
|
||||
DrbgParameters.NextBytes dp = (DrbgParameters.NextBytes) params;
|
||||
|
||||
// Step 2: max_number_of_bits_per_request
|
||||
if (result.length > maxNumberOfBytesPerRequest) {
|
||||
// generateAlgorithm should be called multiple times to fill
|
||||
@ -378,7 +376,7 @@ public abstract class AbstractDrbg {
|
||||
instantiateIfNecessary(null);
|
||||
|
||||
// Step 7: Auto reseed (reseedCounter might overflow)
|
||||
// Double checked locking, safe because reseedCounter is volatile
|
||||
// Double-checked locking, safe because reseedCounter is volatile
|
||||
if (reseedCounter < 0 || reseedCounter > reseedInterval || pr) {
|
||||
synchronized (this) {
|
||||
if (reseedCounter < 0 || reseedCounter > reseedInterval
|
||||
@ -410,8 +408,7 @@ public abstract class AbstractDrbg {
|
||||
if (params == null) {
|
||||
params = DrbgParameters.reseed(predictionResistanceFlag, null);
|
||||
}
|
||||
if (params instanceof DrbgParameters.Reseed) {
|
||||
DrbgParameters.Reseed dp = (DrbgParameters.Reseed) params;
|
||||
if (params instanceof DrbgParameters.Reseed dp) {
|
||||
|
||||
// 800-90Ar1 9.2: Reseed Process.
|
||||
|
||||
@ -542,7 +539,7 @@ public abstract class AbstractDrbg {
|
||||
prseeder = defaultES;
|
||||
// According to SP800-90C section 7, a DRBG without live
|
||||
// entropy (drbg here, with pr being false) can instantiate
|
||||
// another DRBG with weaker strength. So we choose highest
|
||||
// another DRBG with weaker strength. So we choose the highest
|
||||
// strength we support.
|
||||
HashDrbg first = new HashDrbg(new MoreDrbgParameters(
|
||||
prseeder, null, "SHA-256", null, false,
|
||||
@ -572,10 +569,10 @@ public abstract class AbstractDrbg {
|
||||
}
|
||||
|
||||
/**
|
||||
* A mechanism shall override this constructor to setup {@link #mechName},
|
||||
* A mechanism shall override this constructor to set up {@link #mechName},
|
||||
* {@link #highestSupportedSecurityStrength},
|
||||
* {@link #supportPredictionResistance}, {@link #supportReseeding}
|
||||
* or other features like {@link #DEFAULT_STRENGTH}. Finally it shall
|
||||
* or other features like {@link #DEFAULT_STRENGTH}. Finally, it shall
|
||||
* call {@link #configure} on {@code params}.
|
||||
*
|
||||
* @param params the {@link SecureRandomParameters} object.
|
||||
@ -619,8 +616,7 @@ public abstract class AbstractDrbg {
|
||||
if (params == null) {
|
||||
params = DrbgParameters.instantiation(-1, RESEED_ONLY, null);
|
||||
}
|
||||
if (params instanceof MoreDrbgParameters) {
|
||||
MoreDrbgParameters m = (MoreDrbgParameters)params;
|
||||
if (params instanceof MoreDrbgParameters m) {
|
||||
this.requestedNonce = m.nonce;
|
||||
this.es = m.es;
|
||||
this.requestedAlgorithm = m.algorithm;
|
||||
@ -628,44 +624,40 @@ public abstract class AbstractDrbg {
|
||||
params = DrbgParameters.instantiation(m.strength,
|
||||
m.capability, m.personalizationString);
|
||||
}
|
||||
if (params != null) {
|
||||
if (params instanceof DrbgParameters.Instantiation) {
|
||||
DrbgParameters.Instantiation inst =
|
||||
(DrbgParameters.Instantiation) params;
|
||||
if (params instanceof DrbgParameters.Instantiation inst) {
|
||||
|
||||
// 800-90Ar1 9.1: Instantiate Process. Steps 1-5.
|
||||
// 800-90Ar1 9.1: Instantiate Process. Steps 1-5.
|
||||
|
||||
// Step 1: Check requested_instantiation_security_strength
|
||||
if (inst.getStrength() > highestSupportedSecurityStrength) {
|
||||
throw new IllegalArgumentException("strength too big: "
|
||||
+ inst.getStrength());
|
||||
}
|
||||
|
||||
// Step 2: Check prediction_resistance_flag
|
||||
if (inst.getCapability().supportsPredictionResistance()
|
||||
&& !supportPredictionResistance) {
|
||||
throw new IllegalArgumentException("pr not supported");
|
||||
}
|
||||
|
||||
// Step 3: Check personalization_string
|
||||
byte[] ps = inst.getPersonalizationString();
|
||||
if (ps != null && ps.length > maxPersonalizationStringLength) {
|
||||
throw new IllegalArgumentException("ps too long: "
|
||||
+ ps.length);
|
||||
}
|
||||
|
||||
if (inst.getCapability().supportsReseeding()
|
||||
&& !supportReseeding) {
|
||||
throw new IllegalArgumentException("reseed not supported");
|
||||
}
|
||||
this.personalizationString = ps;
|
||||
this.predictionResistanceFlag =
|
||||
inst.getCapability().supportsPredictionResistance();
|
||||
this.requestedInstantiationSecurityStrength = inst.getStrength();
|
||||
} else {
|
||||
throw new IllegalArgumentException("unknown params: "
|
||||
+ params.getClass());
|
||||
// Step 1: Check requested_instantiation_security_strength
|
||||
if (inst.getStrength() > highestSupportedSecurityStrength) {
|
||||
throw new IllegalArgumentException("strength too big: "
|
||||
+ inst.getStrength());
|
||||
}
|
||||
|
||||
// Step 2: Check prediction_resistance_flag
|
||||
if (inst.getCapability().supportsPredictionResistance()
|
||||
&& !supportPredictionResistance) {
|
||||
throw new IllegalArgumentException("pr not supported");
|
||||
}
|
||||
|
||||
// Step 3: Check personalization_string
|
||||
byte[] ps = inst.getPersonalizationString();
|
||||
if (ps != null && ps.length > maxPersonalizationStringLength) {
|
||||
throw new IllegalArgumentException("ps too long: "
|
||||
+ ps.length);
|
||||
}
|
||||
|
||||
if (inst.getCapability().supportsReseeding()
|
||||
&& !supportReseeding) {
|
||||
throw new IllegalArgumentException("reseed not supported");
|
||||
}
|
||||
this.personalizationString = ps;
|
||||
this.predictionResistanceFlag =
|
||||
inst.getCapability().supportsPredictionResistance();
|
||||
this.requestedInstantiationSecurityStrength = inst.getStrength();
|
||||
} else {
|
||||
throw new IllegalArgumentException("unknown params: "
|
||||
+ params.getClass());
|
||||
}
|
||||
|
||||
// Step 4: Set security_strength
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -66,8 +66,7 @@ public abstract class AbstractHashDrbg extends AbstractDrbg {
|
||||
}
|
||||
this.securityStrength = tryStrength;
|
||||
} else {
|
||||
this.securityStrength = DEFAULT_STRENGTH > supportedStrength ?
|
||||
supportedStrength : DEFAULT_STRENGTH;
|
||||
this.securityStrength = Math.min(DEFAULT_STRENGTH, supportedStrength);
|
||||
}
|
||||
} else {
|
||||
int tryStrength = (requestedInstantiationSecurityStrength < 0) ?
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -123,8 +123,8 @@ public final class ConfigFile extends Configuration {
|
||||
private StreamTokenizer st;
|
||||
private int lookahead;
|
||||
|
||||
private static Debug debugConfig = Debug.getInstance("configfile");
|
||||
private static Debug debugParser = Debug.getInstance("configparser");
|
||||
private static final Debug debugConfig = Debug.getInstance("configfile");
|
||||
private static final Debug debugParser = Debug.getInstance("configparser");
|
||||
|
||||
/**
|
||||
* Creates a new {@code ConfigurationSpi} object.
|
||||
@ -164,8 +164,8 @@ public final class ConfigFile extends Configuration {
|
||||
|
||||
// call in a doPrivileged
|
||||
//
|
||||
// we have already passed the Configuration.getInstance
|
||||
// security check. also this class is not freely accessible
|
||||
// We have already passed the Configuration.getInstance
|
||||
// security check. Also, this class is not freely accessible
|
||||
// (it is in the "sun" package).
|
||||
|
||||
try {
|
||||
@ -207,7 +207,7 @@ public final class ConfigFile extends Configuration {
|
||||
|
||||
// For policy.expandProperties, check if either a security or system
|
||||
// property is set to false (old code erroneously checked the system
|
||||
// prop so we must check both to preserve compatibility).
|
||||
// prop, so we must check both to preserve compatibility).
|
||||
String expand = Security.getProperty("policy.expandProperties");
|
||||
if (expand == null) {
|
||||
expand = System.getProperty("policy.expandProperties");
|
||||
@ -220,7 +220,7 @@ public final class ConfigFile extends Configuration {
|
||||
Map<String, List<AppConfigurationEntry>> newConfig = new HashMap<>();
|
||||
|
||||
if (url != null) {
|
||||
/**
|
||||
/*
|
||||
* If the caller specified a URI via Configuration.getInstance,
|
||||
* we only read from that URI
|
||||
*/
|
||||
@ -232,7 +232,7 @@ public final class ConfigFile extends Configuration {
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
/*
|
||||
* Caller did not specify URI via Configuration.getInstance.
|
||||
* Read from URLs listed in the java.security properties file.
|
||||
*/
|
||||
@ -254,7 +254,7 @@ public final class ConfigFile extends Configuration {
|
||||
extra_config);
|
||||
}
|
||||
|
||||
URL configURL = null;
|
||||
URL configURL;
|
||||
try {
|
||||
configURL = new URL(extra_config);
|
||||
} catch (MalformedURLException mue) {
|
||||
@ -302,7 +302,7 @@ public final class ConfigFile extends Configuration {
|
||||
n++;
|
||||
}
|
||||
|
||||
if (initialized == false && n == 1 && config_url == null) {
|
||||
if (!initialized && n == 1) {
|
||||
|
||||
// get the config from the user's home directory
|
||||
if (debugConfig != null) {
|
||||
@ -353,7 +353,7 @@ public final class ConfigFile extends Configuration {
|
||||
public AppConfigurationEntry[] engineGetAppConfigurationEntry
|
||||
(String applicationName) {
|
||||
|
||||
List<AppConfigurationEntry> list = null;
|
||||
List<AppConfigurationEntry> list;
|
||||
synchronized (configuration) {
|
||||
list = configuration.get(applicationName);
|
||||
}
|
||||
@ -375,7 +375,7 @@ public final class ConfigFile extends Configuration {
|
||||
}
|
||||
|
||||
/**
|
||||
* Refresh and reload the Configuration by re-reading all of the
|
||||
* Refresh and reload the Configuration by re-reading all the
|
||||
* login configurations.
|
||||
*
|
||||
* @throws SecurityException if the caller does not have permission
|
||||
@ -448,7 +448,7 @@ public final class ConfigFile extends Configuration {
|
||||
match("{");
|
||||
|
||||
// get the modules
|
||||
while (peek("}") == false) {
|
||||
while (!peek("}")) {
|
||||
// get the module class name
|
||||
String moduleClass = match("module class name");
|
||||
|
||||
@ -476,7 +476,7 @@ public final class ConfigFile extends Configuration {
|
||||
|
||||
// get the args
|
||||
Map<String, String> options = new HashMap<>();
|
||||
while (peek(";") == false) {
|
||||
while (!peek(";")) {
|
||||
String key = match("option key");
|
||||
match("=");
|
||||
try {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2016, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -93,8 +93,7 @@ public class CtrDrbg extends AbstractDrbg {
|
||||
}
|
||||
this.securityStrength = tryStrength;
|
||||
} else {
|
||||
this.securityStrength = (DEFAULT_STRENGTH > supportedStrength) ?
|
||||
supportedStrength : DEFAULT_STRENGTH;
|
||||
this.securityStrength = Math.min(DEFAULT_STRENGTH, supportedStrength);
|
||||
}
|
||||
} else {
|
||||
int tryStrength = (requestedInstantiationSecurityStrength < 0) ?
|
||||
@ -244,7 +243,7 @@ public class CtrDrbg extends AbstractDrbg {
|
||||
more = nonce;
|
||||
} else {
|
||||
if (nonce.length + personalizationString.length < 0) {
|
||||
// Length must be represented as a 32 bit integer in df()
|
||||
// Length must be represented as a 32-bit integer in df()
|
||||
throw new IllegalArgumentException(
|
||||
"nonce plus personalization string is too long");
|
||||
}
|
||||
@ -328,7 +327,7 @@ public class CtrDrbg extends AbstractDrbg {
|
||||
try {
|
||||
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(k, keyAlg));
|
||||
int tailLen = temp.length - blockLen*i;
|
||||
// 14. requested_bits = leftmost(temp, nuumber_of_bits_to_return)
|
||||
// 14. requested_bits = leftmost(temp, number_of_bits_to_return)
|
||||
if (tailLen > blockLen) {
|
||||
tailLen = blockLen;
|
||||
}
|
||||
@ -395,7 +394,7 @@ public class CtrDrbg extends AbstractDrbg {
|
||||
// Step 1: cat bytes
|
||||
if (additionalInput != null) {
|
||||
if (ei.length + additionalInput.length < 0) {
|
||||
// Length must be represented as a 32 bit integer in df()
|
||||
// Length must be represented as a 32-bit integer in df()
|
||||
throw new IllegalArgumentException(
|
||||
"entropy plus additional input is too long");
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2016, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -154,8 +154,7 @@ public final class DRBG extends SecureRandomSpi {
|
||||
|
||||
if (params != null) {
|
||||
// MoreDrbgParameters is used for testing.
|
||||
if (params instanceof MoreDrbgParameters) {
|
||||
MoreDrbgParameters m = (MoreDrbgParameters) params;
|
||||
if (params instanceof MoreDrbgParameters m) {
|
||||
params = DrbgParameters.instantiation(m.strength,
|
||||
m.capability, m.personalizationString);
|
||||
|
||||
@ -171,9 +170,7 @@ public final class DRBG extends SecureRandomSpi {
|
||||
}
|
||||
usedf = m.usedf;
|
||||
}
|
||||
if (params instanceof DrbgParameters.Instantiation) {
|
||||
DrbgParameters.Instantiation dp =
|
||||
(DrbgParameters.Instantiation) params;
|
||||
if (params instanceof DrbgParameters.Instantiation dp) {
|
||||
|
||||
// ps is still null by now
|
||||
ps = dp.getPersonalizationString();
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -43,7 +43,7 @@ import sun.security.jca.JCAUtil;
|
||||
|
||||
/**
|
||||
* The Digital Signature Standard (using the Digital Signature
|
||||
* Algorithm), as described in fips186-3 of the National Instute of
|
||||
* Algorithm), as described in fips186-3 of the National Institute of
|
||||
* Standards and Technology (NIST), using SHA digest algorithms
|
||||
* from FIPS180-3.
|
||||
*
|
||||
@ -141,14 +141,11 @@ abstract class DSA extends SignatureSpi {
|
||||
*/
|
||||
protected void engineInitSign(PrivateKey privateKey)
|
||||
throws InvalidKeyException {
|
||||
if (!(privateKey instanceof java.security.interfaces.DSAPrivateKey)) {
|
||||
if (!(privateKey instanceof java.security.interfaces.DSAPrivateKey priv)) {
|
||||
throw new InvalidKeyException("not a DSA private key: " +
|
||||
privateKey);
|
||||
}
|
||||
|
||||
java.security.interfaces.DSAPrivateKey priv =
|
||||
(java.security.interfaces.DSAPrivateKey)privateKey;
|
||||
|
||||
// check for algorithm specific constraints before doing initialization
|
||||
DSAParams params = priv.getParams();
|
||||
if (params == null) {
|
||||
@ -179,12 +176,10 @@ abstract class DSA extends SignatureSpi {
|
||||
*/
|
||||
protected void engineInitVerify(PublicKey publicKey)
|
||||
throws InvalidKeyException {
|
||||
if (!(publicKey instanceof java.security.interfaces.DSAPublicKey)) {
|
||||
if (!(publicKey instanceof java.security.interfaces.DSAPublicKey pub)) {
|
||||
throw new InvalidKeyException("not a DSA public key: " +
|
||||
publicKey);
|
||||
}
|
||||
java.security.interfaces.DSAPublicKey pub =
|
||||
(java.security.interfaces.DSAPublicKey)publicKey;
|
||||
|
||||
// check for algorithm specific constraints before doing initialization
|
||||
DSAParams params = pub.getParams();
|
||||
@ -321,8 +316,8 @@ abstract class DSA extends SignatureSpi {
|
||||
protected boolean engineVerify(byte[] signature, int offset, int length)
|
||||
throws SignatureException {
|
||||
|
||||
BigInteger r = null;
|
||||
BigInteger s = null;
|
||||
BigInteger r;
|
||||
BigInteger s;
|
||||
|
||||
if (p1363Format) {
|
||||
if ((length & 1) == 1) {
|
||||
@ -490,7 +485,7 @@ abstract class DSA extends SignatureSpi {
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a human readable rendition of the engine.
|
||||
* Return a human-readable rendition of the engine.
|
||||
*/
|
||||
public String toString() {
|
||||
String printable = "DSA Signature";
|
||||
@ -505,7 +500,7 @@ abstract class DSA extends SignatureSpi {
|
||||
printable += "\n\ty: " + Debug.toHexString(presetY);
|
||||
}
|
||||
if (presetY == null && presetX == null) {
|
||||
printable += "\n\tUNINIIALIZED";
|
||||
printable += "\n\tUNINITIALIZED";
|
||||
}
|
||||
return printable;
|
||||
}
|
||||
@ -709,7 +704,7 @@ abstract class DSA extends SignatureSpi {
|
||||
ofs += len;
|
||||
}
|
||||
}
|
||||
protected final void engineUpdate(ByteBuffer input) {
|
||||
protected void engineUpdate(ByteBuffer input) {
|
||||
int inputLen = input.remaining();
|
||||
if (inputLen > (digestBuffer.length - ofs)) {
|
||||
ofs = Integer.MAX_VALUE;
|
||||
@ -744,12 +739,12 @@ abstract class DSA extends SignatureSpi {
|
||||
protected void engineReset() {
|
||||
ofs = 0;
|
||||
}
|
||||
protected final int engineGetDigestLength() {
|
||||
protected int engineGetDigestLength() {
|
||||
return digestBuffer.length;
|
||||
}
|
||||
}
|
||||
|
||||
private Raw(boolean p1363Format) throws NoSuchAlgorithmException {
|
||||
private Raw(boolean p1363Format) {
|
||||
super(new NullDigest20(), p1363Format);
|
||||
}
|
||||
|
||||
@ -759,7 +754,7 @@ abstract class DSA extends SignatureSpi {
|
||||
* Standard Raw DSA implementation.
|
||||
*/
|
||||
public static final class RawDSA extends Raw {
|
||||
public RawDSA() throws NoSuchAlgorithmException {
|
||||
public RawDSA() {
|
||||
super(false);
|
||||
}
|
||||
}
|
||||
@ -768,7 +763,7 @@ abstract class DSA extends SignatureSpi {
|
||||
* Raw DSA implementation that uses the IEEE P1363 format.
|
||||
*/
|
||||
public static final class RawDSAinP1363Format extends Raw {
|
||||
public RawDSAinP1363Format() throws NoSuchAlgorithmException {
|
||||
public RawDSAinP1363Format() {
|
||||
super(true);
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -63,8 +63,7 @@ public class DSAKeyFactory extends KeyFactorySpi {
|
||||
protected PublicKey engineGeneratePublic(KeySpec keySpec)
|
||||
throws InvalidKeySpecException {
|
||||
try {
|
||||
if (keySpec instanceof DSAPublicKeySpec) {
|
||||
DSAPublicKeySpec dsaPubKeySpec = (DSAPublicKeySpec)keySpec;
|
||||
if (keySpec instanceof DSAPublicKeySpec dsaPubKeySpec) {
|
||||
return new DSAPublicKeyImpl(dsaPubKeySpec.getY(),
|
||||
dsaPubKeySpec.getP(),
|
||||
dsaPubKeySpec.getQ(),
|
||||
@ -96,8 +95,7 @@ public class DSAKeyFactory extends KeyFactorySpi {
|
||||
protected PrivateKey engineGeneratePrivate(KeySpec keySpec)
|
||||
throws InvalidKeySpecException {
|
||||
try {
|
||||
if (keySpec instanceof DSAPrivateKeySpec) {
|
||||
DSAPrivateKeySpec dsaPrivKeySpec = (DSAPrivateKeySpec)keySpec;
|
||||
if (keySpec instanceof DSAPrivateKeySpec dsaPrivKeySpec) {
|
||||
return new DSAPrivateKey(dsaPrivKeySpec.getX(),
|
||||
dsaPrivKeySpec.getP(),
|
||||
dsaPrivKeySpec.getQ(),
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -26,12 +26,10 @@
|
||||
package sun.security.provider;
|
||||
|
||||
import java.math.BigInteger;
|
||||
|
||||
import java.security.*;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.*;
|
||||
import java.security.interfaces.DSAParams;
|
||||
import java.security.spec.AlgorithmParameterSpec;
|
||||
import java.security.spec.InvalidParameterSpecException;
|
||||
import java.security.spec.DSAParameterSpec;
|
||||
|
||||
import sun.security.jca.JCAUtil;
|
||||
@ -169,8 +167,7 @@ class DSAKeyPairGenerator extends KeyPairGenerator {
|
||||
pub = new DSAPublicKeyImpl(y, p, q, g);
|
||||
DSAPrivateKey priv = new DSAPrivateKey(x, p, q, g);
|
||||
|
||||
KeyPair pair = new KeyPair(pub, priv);
|
||||
return pair;
|
||||
return new KeyPair(pub, priv);
|
||||
} catch (InvalidKeyException e) {
|
||||
throw new ProviderException(e);
|
||||
}
|
||||
@ -183,7 +180,7 @@ class DSAKeyPairGenerator extends KeyPairGenerator {
|
||||
* generateX method.
|
||||
*/
|
||||
private BigInteger generateX(SecureRandom random, BigInteger q) {
|
||||
BigInteger x = null;
|
||||
BigInteger x;
|
||||
byte[] temp = new byte[qlen];
|
||||
while (true) {
|
||||
random.nextBytes(temp);
|
||||
@ -202,8 +199,7 @@ class DSAKeyPairGenerator extends KeyPairGenerator {
|
||||
* @param p the base parameter.
|
||||
*/
|
||||
BigInteger generateY(BigInteger x, BigInteger p, BigInteger g) {
|
||||
BigInteger y = g.modPow(x, p);
|
||||
return y;
|
||||
return g.modPow(x, p);
|
||||
}
|
||||
|
||||
public static final class Current extends DSAKeyPairGenerator {
|
||||
|
@ -105,10 +105,9 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
|
||||
@Override
|
||||
protected void engineInit(AlgorithmParameterSpec genParamSpec,
|
||||
SecureRandom random) throws InvalidAlgorithmParameterException {
|
||||
if (!(genParamSpec instanceof DSAGenParameterSpec)) {
|
||||
if (!(genParamSpec instanceof DSAGenParameterSpec dsaGenParams)) {
|
||||
throw new InvalidAlgorithmParameterException("Invalid parameter");
|
||||
}
|
||||
DSAGenParameterSpec dsaGenParams = (DSAGenParameterSpec)genParamSpec;
|
||||
|
||||
// directly initialize using the already validated values
|
||||
this.valueL = dsaGenParams.getPrimePLength();
|
||||
@ -124,7 +123,7 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
|
||||
*/
|
||||
@Override
|
||||
protected AlgorithmParameters engineGenerateParameters() {
|
||||
AlgorithmParameters algParams = null;
|
||||
AlgorithmParameters algParams;
|
||||
try {
|
||||
if (this.random == null) {
|
||||
this.random = new SecureRandom();
|
||||
@ -142,14 +141,13 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
|
||||
new DSAParameterSpec(paramP, paramQ, paramG);
|
||||
algParams = AlgorithmParameters.getInstance("DSA", "SUN");
|
||||
algParams.init(dsaParamSpec);
|
||||
} catch (InvalidParameterSpecException e) {
|
||||
} catch (InvalidParameterSpecException | NoSuchAlgorithmException |
|
||||
NoSuchProviderException e) {
|
||||
// this should never happen
|
||||
throw new RuntimeException(e.getMessage());
|
||||
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
|
||||
// this should never happen, because we provide it
|
||||
throw new RuntimeException(e.getMessage());
|
||||
}
|
||||
|
||||
|
||||
return algParams;
|
||||
}
|
||||
|
||||
@ -203,7 +201,7 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
|
||||
if (primeCertainty < 0) {
|
||||
throw new ProviderException("Invalid valueL: " + valueL);
|
||||
}
|
||||
BigInteger resultP, resultQ, seed = null;
|
||||
BigInteger resultP, resultQ, seed;
|
||||
int counter;
|
||||
while (true) {
|
||||
do {
|
||||
@ -251,9 +249,8 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
|
||||
if (resultP.compareTo(twoLm1) > -1
|
||||
&& resultP.isProbablePrime(primeCertainty)) {
|
||||
/* Step 11.8 */
|
||||
BigInteger[] result = {resultP, resultQ, seed,
|
||||
return new BigInteger[]{resultP, resultQ, seed,
|
||||
BigInteger.valueOf(counter)};
|
||||
return result;
|
||||
}
|
||||
/* Step 11.9 */
|
||||
offset = offset.add(BigInteger.valueOf(n)).add(BigInteger.ONE);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -58,7 +58,7 @@ public final class DSAPrivateKey extends PKCS8Key
|
||||
private static final long serialVersionUID = -3244453684193605938L;
|
||||
|
||||
/* the private key */
|
||||
private BigInteger x;
|
||||
private final BigInteger x;
|
||||
|
||||
/**
|
||||
* Make a DSA private key out of a private key and three parameters.
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,23 +25,21 @@
|
||||
|
||||
package sun.security.provider;
|
||||
|
||||
import java.util.*;
|
||||
import java.io.*;
|
||||
import java.io.IOException;
|
||||
import java.io.Serializable;
|
||||
import java.math.BigInteger;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.ProviderException;
|
||||
import java.security.AlgorithmParameters;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.interfaces.DSAParams;
|
||||
import java.security.spec.DSAParameterSpec;
|
||||
import java.security.spec.InvalidParameterSpecException;
|
||||
import java.security.interfaces.DSAParams;
|
||||
|
||||
import sun.security.x509.X509Key;
|
||||
import sun.security.x509.AlgIdDSA;
|
||||
import sun.security.util.BitArray;
|
||||
import sun.security.util.Debug;
|
||||
import sun.security.util.DerValue;
|
||||
import sun.security.util.DerInputStream;
|
||||
import sun.security.util.DerOutputStream;
|
||||
import sun.security.util.DerValue;
|
||||
import sun.security.x509.AlgIdDSA;
|
||||
import sun.security.x509.X509Key;
|
||||
|
||||
/**
|
||||
* An X.509 public key for the Digital Signature Algorithm.
|
||||
|
@ -396,8 +396,7 @@ abstract class DomainKeyStore extends KeyStoreSpi {
|
||||
final Iterator<Map.Entry<String, KeyStore>> iterator =
|
||||
keystores.entrySet().iterator();
|
||||
|
||||
return new Enumeration<String>() {
|
||||
private int index = 0;
|
||||
return new Enumeration<>() {
|
||||
private Map.Entry<String, KeyStore> keystoresEntry = null;
|
||||
private String prefix = null;
|
||||
private Enumeration<String> aliases = null;
|
||||
@ -555,14 +554,13 @@ abstract class DomainKeyStore extends KeyStoreSpi {
|
||||
KeyStore keystore = keystores.get(splits[0]);
|
||||
if (keystore != null) {
|
||||
return new AbstractMap.SimpleEntry<>(splits[1],
|
||||
(Collection<KeyStore>) Collections.singleton(keystore));
|
||||
Collections.singleton(keystore));
|
||||
}
|
||||
} else if (splits.length == 1) { // unprefixed alias
|
||||
// Check all keystores for the first occurrence of the alias
|
||||
return new AbstractMap.SimpleEntry<>(alias, keystores.values());
|
||||
}
|
||||
return new AbstractMap.SimpleEntry<>("",
|
||||
(Collection<KeyStore>) Collections.<KeyStore>emptyList());
|
||||
return new AbstractMap.SimpleEntry<>("", Collections.emptyList());
|
||||
}
|
||||
|
||||
/*
|
||||
@ -652,9 +650,7 @@ abstract class DomainKeyStore extends KeyStoreSpi {
|
||||
public void engineStore(KeyStore.LoadStoreParameter param)
|
||||
throws IOException, NoSuchAlgorithmException, CertificateException
|
||||
{
|
||||
if (param instanceof DomainLoadStoreParameter) {
|
||||
DomainLoadStoreParameter domainParameter =
|
||||
(DomainLoadStoreParameter) param;
|
||||
if (param instanceof DomainLoadStoreParameter domainParameter) {
|
||||
List<KeyStoreBuilderComponents> builders = getBuilders(
|
||||
domainParameter.getConfiguration(),
|
||||
domainParameter.getProtectionParams());
|
||||
@ -714,7 +710,7 @@ abstract class DomainKeyStore extends KeyStoreSpi {
|
||||
{
|
||||
// Support loading from a stream only for a JKS or default type keystore
|
||||
try {
|
||||
KeyStore keystore = null;
|
||||
KeyStore keystore;
|
||||
|
||||
try {
|
||||
keystore = KeyStore.getInstance("JKS");
|
||||
@ -743,9 +739,7 @@ abstract class DomainKeyStore extends KeyStoreSpi {
|
||||
public void engineLoad(KeyStore.LoadStoreParameter param)
|
||||
throws IOException, NoSuchAlgorithmException, CertificateException
|
||||
{
|
||||
if (param instanceof DomainLoadStoreParameter) {
|
||||
DomainLoadStoreParameter domainParameter =
|
||||
(DomainLoadStoreParameter) param;
|
||||
if (param instanceof DomainLoadStoreParameter domainParameter) {
|
||||
List<KeyStoreBuilderComponents> builders = getBuilders(
|
||||
domainParameter.getConfiguration(),
|
||||
domainParameter.getProtectionParams());
|
||||
@ -786,7 +780,7 @@ abstract class DomainKeyStore extends KeyStoreSpi {
|
||||
throws IOException {
|
||||
|
||||
PolicyParser parser = new PolicyParser(true); // expand properties
|
||||
Collection<PolicyParser.DomainEntry> domains = null;
|
||||
Collection<PolicyParser.DomainEntry> domains;
|
||||
List<KeyStoreBuilderComponents> builders = new ArrayList<>();
|
||||
String uriDomain = configuration.getFragment();
|
||||
|
||||
@ -812,7 +806,7 @@ abstract class DomainKeyStore extends KeyStoreSpi {
|
||||
this.entryNameSeparator =
|
||||
domainProperties.get(ENTRY_NAME_SEPARATOR);
|
||||
// escape any regex meta characters
|
||||
char ch = 0;
|
||||
char ch;
|
||||
StringBuilder s = new StringBuilder();
|
||||
for (int i = 0; i < this.entryNameSeparator.length(); i++) {
|
||||
ch = this.entryNameSeparator.charAt(i);
|
||||
@ -867,7 +861,7 @@ abstract class DomainKeyStore extends KeyStoreSpi {
|
||||
}
|
||||
}
|
||||
|
||||
KeyStore.ProtectionParameter keystoreProtection = null;
|
||||
KeyStore.ProtectionParameter keystoreProtection;
|
||||
if (passwords.containsKey(keystoreName)) {
|
||||
keystoreProtection = passwords.get(keystoreName);
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2016, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -138,10 +138,8 @@ public class HashDrbg extends AbstractHashDrbg {
|
||||
// Step 1 of 10.1.1.3: Prepend 0x01 || V
|
||||
inputs.add(0, ONE);
|
||||
inputs.add(1, v);
|
||||
seed = hashDf(seedLen, inputs);
|
||||
} else {
|
||||
seed = hashDf(seedLen, inputs);
|
||||
}
|
||||
seed = hashDf(seedLen, inputs);
|
||||
|
||||
// Step 3. V = seed.
|
||||
v = seed;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -177,7 +177,7 @@ public class HmacDrbg extends AbstractHashDrbg {
|
||||
v = mac.doFinal(v);
|
||||
// Step 4.2 temp = temp || V.
|
||||
System.arraycopy(v, 0, result, pos,
|
||||
len > outLen ? outLen : len);
|
||||
Math.min(len, outLen));
|
||||
|
||||
len -= outLen;
|
||||
if (len <= 0) {
|
||||
|
@ -63,7 +63,7 @@ public abstract sealed class JavaKeyStore extends KeyStoreSpi {
|
||||
}
|
||||
}
|
||||
|
||||
// special JKS that uses case sensitive aliases
|
||||
// special JKS that uses case-sensitive aliases
|
||||
public static final class CaseExactJKS extends JavaKeyStore {
|
||||
String convertAlias(String alias) {
|
||||
return alias;
|
||||
@ -103,13 +103,13 @@ public abstract sealed class JavaKeyStore extends KeyStoreSpi {
|
||||
Date date; // the creation date of this entry
|
||||
byte[] protectedPrivKey;
|
||||
Certificate[] chain;
|
||||
};
|
||||
}
|
||||
|
||||
// Trusted certificates
|
||||
private static class TrustedCertEntry {
|
||||
Date date; // the creation date of this entry
|
||||
Certificate cert;
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Private keys and certificates are stored in a hashtable.
|
||||
@ -118,7 +118,7 @@ public abstract sealed class JavaKeyStore extends KeyStoreSpi {
|
||||
private final Hashtable<String, Object> entries;
|
||||
|
||||
JavaKeyStore() {
|
||||
entries = new Hashtable<String, Object>();
|
||||
entries = new Hashtable<>();
|
||||
}
|
||||
|
||||
// convert an alias to internal form, overridden in subclasses:
|
||||
@ -656,8 +656,8 @@ public abstract sealed class JavaKeyStore extends KeyStoreSpi {
|
||||
MessageDigest md = null;
|
||||
CertificateFactory cf = null;
|
||||
Hashtable<String, CertificateFactory> cfs = null;
|
||||
ByteArrayInputStream bais = null;
|
||||
byte[] encoded = null;
|
||||
ByteArrayInputStream bais;
|
||||
byte[] encoded;
|
||||
int trustedKeyCount = 0, privateKeyCount = 0;
|
||||
|
||||
if (stream == null)
|
||||
@ -684,7 +684,7 @@ public abstract sealed class JavaKeyStore extends KeyStoreSpi {
|
||||
cf = CertificateFactory.getInstance("X509");
|
||||
} else {
|
||||
// version 2
|
||||
cfs = new Hashtable<String, CertificateFactory>(3);
|
||||
cfs = new Hashtable<>(3);
|
||||
}
|
||||
|
||||
entries.clear();
|
||||
@ -714,7 +714,7 @@ public abstract sealed class JavaKeyStore extends KeyStoreSpi {
|
||||
int numOfCerts = dis.readInt();
|
||||
if (numOfCerts > 0) {
|
||||
List<Certificate> certs = new ArrayList<>(
|
||||
numOfCerts > 10 ? 10 : numOfCerts);
|
||||
Math.min(numOfCerts, 10));
|
||||
for (int j = 0; j < numOfCerts; j++) {
|
||||
if (xVersion == 2) {
|
||||
// read the certificate type, and instantiate a
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -26,20 +26,15 @@
|
||||
package sun.security.provider;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.Key;
|
||||
import java.security.KeyStoreException;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.UnrecoverableKeyException;
|
||||
import java.util.*;
|
||||
import java.security.*;
|
||||
import java.util.Arrays;
|
||||
|
||||
import sun.security.pkcs.PKCS8Key;
|
||||
import sun.security.pkcs.EncryptedPrivateKeyInfo;
|
||||
import sun.security.x509.AlgorithmId;
|
||||
import sun.security.util.ObjectIdentifier;
|
||||
import sun.security.pkcs.PKCS8Key;
|
||||
import sun.security.util.KnownOIDs;
|
||||
import sun.security.util.DerValue;
|
||||
import sun.security.util.ObjectIdentifier;
|
||||
import sun.security.x509.AlgorithmId;
|
||||
|
||||
/**
|
||||
* This is an implementation of a Sun proprietary, exportable algorithm
|
||||
@ -110,7 +105,7 @@ final class KeyProtector {
|
||||
// key protector. We store it as a byte array, so that we can digest it.
|
||||
private byte[] passwdBytes;
|
||||
|
||||
private MessageDigest md;
|
||||
private final MessageDigest md;
|
||||
|
||||
|
||||
/**
|
||||
@ -231,7 +226,7 @@ final class KeyProtector {
|
||||
byte[] digest;
|
||||
int numRounds;
|
||||
int xorOffset; // offset in xorKey where next digest will be stored
|
||||
int encrKeyLen; // the length of the encrpyted key
|
||||
int encrKeyLen; // the length of the encrypted key
|
||||
|
||||
// do we support the algorithm?
|
||||
AlgorithmId encrAlg = encrInfo.getAlgorithm();
|
||||
|
@ -26,7 +26,6 @@
|
||||
package sun.security.provider;
|
||||
|
||||
import java.security.*;
|
||||
import java.util.Arrays;
|
||||
|
||||
import static sun.security.provider.ByteArrayAccess.*;
|
||||
import static sun.security.util.SecurityConstants.PROVIDER_VER;
|
||||
@ -34,7 +33,7 @@ import static sun.security.util.SecurityConstants.PROVIDER_VER;
|
||||
/**
|
||||
* The MD4 class is used to compute an MD4 message digest over a given
|
||||
* buffer of bytes. It is an implementation of the RSA Data Security Inc
|
||||
* MD4 algorithim as described in internet RFC 1320.
|
||||
* MD4 algorithm as described in internet RFC 1320.
|
||||
*
|
||||
* <p>The MD4 algorithm is very weak and should not be used unless it is
|
||||
* unavoidable. Therefore, it is not registered in our standard providers. To
|
||||
|
@ -25,21 +25,17 @@
|
||||
|
||||
package sun.security.provider;
|
||||
|
||||
import java.lang.invoke.MethodHandles;
|
||||
import java.lang.invoke.VarHandle;
|
||||
import java.nio.ByteOrder;
|
||||
import java.util.Arrays;
|
||||
import java.util.Objects;
|
||||
|
||||
import static sun.security.provider.ByteArrayAccess.*;
|
||||
|
||||
import jdk.internal.util.Preconditions;
|
||||
import jdk.internal.vm.annotation.IntrinsicCandidate;
|
||||
|
||||
import static sun.security.provider.ByteArrayAccess.*;
|
||||
|
||||
/**
|
||||
* The MD5 class is used to compute an MD5 message digest over a given
|
||||
* buffer of bytes. It is an implementation of the RSA Data Security Inc
|
||||
* MD5 algorithim as described in internet RFC 1321.
|
||||
* MD5 algorithm as described in internet RFC 1321.
|
||||
*
|
||||
* @author Chuck McManis
|
||||
* @author Benjamin Renaud
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -138,7 +138,7 @@ public final class ParameterCache {
|
||||
|
||||
/**
|
||||
* Return new DSA parameters for the given length combination of prime and
|
||||
* sub prime. Do not lookup in cache and do not cache the newly generated
|
||||
* sub-prime. Do not look up in cache and do not cache the newly generated
|
||||
* parameters. This method really only exists for the legacy method
|
||||
* DSAKeyPairGenerator.initialize(int, boolean, SecureRandom).
|
||||
*/
|
||||
@ -157,13 +157,12 @@ public final class ParameterCache {
|
||||
gen.init(genParams, random);
|
||||
}
|
||||
AlgorithmParameters params = gen.generateParameters();
|
||||
DSAParameterSpec spec = params.getParameterSpec(DSAParameterSpec.class);
|
||||
return spec;
|
||||
return params.getParameterSpec(DSAParameterSpec.class);
|
||||
}
|
||||
|
||||
static {
|
||||
dhCache = new ConcurrentHashMap<Integer,DHParameterSpec>();
|
||||
dsaCache = new ConcurrentHashMap<Integer,DSAParameterSpec>();
|
||||
dhCache = new ConcurrentHashMap<>();
|
||||
dsaCache = new ConcurrentHashMap<>();
|
||||
|
||||
/*
|
||||
* We support precomputed parameter for legacy 512, 768 bit moduli,
|
||||
@ -173,7 +172,7 @@ public final class ParameterCache {
|
||||
* for validation purposes. We also include the test vectors
|
||||
* from the DSA specification, FIPS 186, and the FIPS 186
|
||||
* Change No 1, which updates the test vector using SHA-1
|
||||
* instead of SHA (for both the G function and the message
|
||||
* instead of SHA for both the G function and the message
|
||||
* hash.
|
||||
*/
|
||||
|
||||
|
@ -67,7 +67,7 @@ import sun.security.util.LocalizedMessage;
|
||||
* <p>The protection domain contains a CodeSource
|
||||
* object, which encapsulates its codebase (URL) and public key attributes.
|
||||
* It also contains the principals associated with the domain.
|
||||
* The Policy object evaluates the global policy in light of who the
|
||||
* The Policy object evaluates the global policy in light of whom the
|
||||
* principal is and what the code source is and returns an appropriate
|
||||
* Permissions object.
|
||||
*
|
||||
@ -79,7 +79,7 @@ import sun.security.util.LocalizedMessage;
|
||||
|
||||
public class PolicyParser {
|
||||
|
||||
private Vector<GrantEntry> grantEntries;
|
||||
private final Vector<GrantEntry> grantEntries;
|
||||
private Map<String, DomainEntry> domainEntries;
|
||||
|
||||
// Convenience variables for parsing
|
||||
@ -114,7 +114,7 @@ public class PolicyParser {
|
||||
*/
|
||||
|
||||
public PolicyParser() {
|
||||
grantEntries = new Vector<GrantEntry>();
|
||||
grantEntries = new Vector<>();
|
||||
}
|
||||
|
||||
|
||||
@ -143,7 +143,7 @@ public class PolicyParser {
|
||||
policy = new BufferedReader(policy);
|
||||
}
|
||||
|
||||
/**
|
||||
/*
|
||||
* Configure the stream tokenizer:
|
||||
* Recognize strings between "..."
|
||||
* Don't convert words to lowercase
|
||||
@ -169,7 +169,7 @@ public class PolicyParser {
|
||||
st.slashSlashComments(true);
|
||||
st.slashStarComments(true);
|
||||
|
||||
/**
|
||||
/*
|
||||
* The main parsing loop. The loop is executed once
|
||||
* for each entry in the config file. The entries
|
||||
* are delimited by semicolons. Once we've read in
|
||||
@ -200,16 +200,14 @@ public class PolicyParser {
|
||||
domainEntries = new TreeMap<>();
|
||||
}
|
||||
DomainEntry de = parseDomainEntry();
|
||||
if (de != null) {
|
||||
String domainName = de.getName();
|
||||
if (domainEntries.putIfAbsent(domainName, de) != null) {
|
||||
LocalizedMessage localizedMsg = new LocalizedMessage(
|
||||
"duplicate.keystore.domain.name");
|
||||
Object[] source = {domainName};
|
||||
String msg = "duplicate keystore domain name: " +
|
||||
domainName;
|
||||
throw new ParsingException(msg, localizedMsg, source);
|
||||
}
|
||||
String domainName = de.getName();
|
||||
if (domainEntries.putIfAbsent(domainName, de) != null) {
|
||||
LocalizedMessage localizedMsg = new LocalizedMessage(
|
||||
"duplicate.keystore.domain.name");
|
||||
Object[] source = {domainName};
|
||||
String msg = "duplicate keystore domain name: " +
|
||||
domainName;
|
||||
throw new ParsingException(msg, localizedMsg, source);
|
||||
}
|
||||
} else {
|
||||
// error?
|
||||
@ -573,7 +571,7 @@ public class PolicyParser {
|
||||
return null;
|
||||
}
|
||||
|
||||
return (ignoreEntry == true) ? null : e;
|
||||
return (ignoreEntry) ? null : e;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -618,9 +616,8 @@ public class PolicyParser {
|
||||
private DomainEntry parseDomainEntry()
|
||||
throws ParsingException, IOException
|
||||
{
|
||||
boolean ignoreEntry = false;
|
||||
DomainEntry domainEntry;
|
||||
String name = null;
|
||||
String name;
|
||||
Map<String, String> properties = new HashMap<>();
|
||||
|
||||
match("domain");
|
||||
@ -646,7 +643,7 @@ public class PolicyParser {
|
||||
}
|
||||
match("}");
|
||||
|
||||
return (ignoreEntry == true) ? null : domainEntry;
|
||||
return domainEntry;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -870,15 +867,15 @@ public class PolicyParser {
|
||||
public Vector<PermissionEntry> permissionEntries;
|
||||
|
||||
public GrantEntry() {
|
||||
principals = new LinkedList<PrincipalEntry>();
|
||||
permissionEntries = new Vector<PermissionEntry>();
|
||||
principals = new LinkedList<>();
|
||||
permissionEntries = new Vector<>();
|
||||
}
|
||||
|
||||
public GrantEntry(String signedBy, String codeBase) {
|
||||
this.codeBase = codeBase;
|
||||
this.signedBy = signedBy;
|
||||
principals = new LinkedList<PrincipalEntry>();
|
||||
permissionEntries = new Vector<PermissionEntry>();
|
||||
principals = new LinkedList<>();
|
||||
permissionEntries = new Vector<>();
|
||||
}
|
||||
|
||||
public void add(PermissionEntry pe)
|
||||
@ -954,9 +951,8 @@ public class PolicyParser {
|
||||
GrantEntry ge = new GrantEntry();
|
||||
ge.codeBase = this.codeBase;
|
||||
ge.signedBy = this.signedBy;
|
||||
ge.principals = new LinkedList<PrincipalEntry>(this.principals);
|
||||
ge.permissionEntries =
|
||||
new Vector<PermissionEntry>(this.permissionEntries);
|
||||
ge.principals = new LinkedList<>(this.principals);
|
||||
ge.permissionEntries = new Vector<>(this.permissionEntries);
|
||||
return ge;
|
||||
}
|
||||
}
|
||||
@ -1059,10 +1055,9 @@ public class PolicyParser {
|
||||
if (this == obj)
|
||||
return true;
|
||||
|
||||
if (!(obj instanceof PrincipalEntry))
|
||||
if (!(obj instanceof PrincipalEntry that))
|
||||
return false;
|
||||
|
||||
PrincipalEntry that = (PrincipalEntry)obj;
|
||||
return (principalClass.equals(that.principalClass) &&
|
||||
principalName.equals(that.principalName));
|
||||
}
|
||||
@ -1140,11 +1135,9 @@ public class PolicyParser {
|
||||
if (obj == this)
|
||||
return true;
|
||||
|
||||
if (! (obj instanceof PermissionEntry))
|
||||
if (! (obj instanceof PermissionEntry that))
|
||||
return false;
|
||||
|
||||
PermissionEntry that = (PermissionEntry) obj;
|
||||
|
||||
if (this.permission == null) {
|
||||
if (that.permission != null) return false;
|
||||
} else {
|
||||
@ -1164,13 +1157,10 @@ public class PolicyParser {
|
||||
}
|
||||
|
||||
if (this.signedBy == null) {
|
||||
if (that.signedBy != null) return false;
|
||||
return that.signedBy == null;
|
||||
} else {
|
||||
if (!this.signedBy.equals(that.signedBy)) return false;
|
||||
return this.signedBy.equals(that.signedBy);
|
||||
}
|
||||
|
||||
// everything matched -- the 2 objects are equal
|
||||
return true;
|
||||
}
|
||||
|
||||
public void write(PrintWriter out) {
|
||||
@ -1185,7 +1175,7 @@ public class PolicyParser {
|
||||
// $name =~ s/\"/\\\"/g;
|
||||
// and then in a java string, it's escaped again
|
||||
|
||||
out.print(name.replaceAll("\\\\", "\\\\\\\\").replaceAll("\\\"", "\\\\\\\""));
|
||||
out.print(name.replaceAll("\\\\", "\\\\\\\\").replaceAll("\"", "\\\\\\\""));
|
||||
out.print('"');
|
||||
}
|
||||
if (action != null) {
|
||||
@ -1256,10 +1246,8 @@ public class PolicyParser {
|
||||
}
|
||||
s.append(" {\n");
|
||||
|
||||
if (entries != null) {
|
||||
for (KeyStoreEntry entry : entries.values()) {
|
||||
s.append(entry).append("\n");
|
||||
}
|
||||
for (KeyStoreEntry entry : entries.values()) {
|
||||
s.append(entry).append("\n");
|
||||
}
|
||||
s.append("}");
|
||||
|
||||
|
@ -25,11 +25,13 @@
|
||||
|
||||
package sun.security.provider;
|
||||
|
||||
import java.security.ProviderException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Objects;
|
||||
|
||||
import jdk.internal.vm.annotation.IntrinsicCandidate;
|
||||
import static sun.security.provider.ByteArrayAccess.*;
|
||||
import java.nio.*;
|
||||
import java.util.*;
|
||||
import java.security.*;
|
||||
import static sun.security.provider.ByteArrayAccess.b2lLittle;
|
||||
import static sun.security.provider.ByteArrayAccess.l2bLittle;
|
||||
|
||||
/**
|
||||
* This class implements the Secure Hash Algorithm SHA-3 developed by
|
||||
@ -194,7 +196,7 @@ abstract class SHA3 extends DigestBase {
|
||||
a15 ^= d0; a16 ^= d1; a17 ^= d2; a18 ^= d3; a19 ^= d4;
|
||||
a20 ^= d0; a21 ^= d1; a22 ^= d2; a23 ^= d3; a24 ^= d4;
|
||||
|
||||
/**
|
||||
/*
|
||||
* Merged Step mapping Rho (section 3.2.2) and Pi (section 3.2.3).
|
||||
* for performance. Optimization is achieved by precalculating
|
||||
* shift constants for the following loop
|
||||
|
@ -239,7 +239,7 @@ abstract class SHA5 extends DigestBase {
|
||||
// offset 'ofs') and not on array 'W', therefore 'buf' and 'ofs'
|
||||
// must be passed as parameter to the method.
|
||||
@IntrinsicCandidate
|
||||
private final void implCompress0(byte[] buf, int ofs) {
|
||||
private void implCompress0(byte[] buf, int ofs) {
|
||||
if (W == null) {
|
||||
W = new long[80];
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -30,9 +30,10 @@ import java.security.MessageDigest;
|
||||
import java.security.SecureRandomSpi;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.util.Arrays;
|
||||
|
||||
/**
|
||||
* <p>This class provides a crytpographically strong pseudo-random number
|
||||
* <p>This class provides a cryptographically strong pseudo-random number
|
||||
* generator based on the SHA-1 hash algorithm.
|
||||
*
|
||||
* <p>Note that if a seed is not provided, we attempt to provide sufficient
|
||||
@ -157,9 +158,7 @@ implements java.io.Serializable {
|
||||
public synchronized void engineSetSeed(byte[] seed) {
|
||||
if (state != null) {
|
||||
digest.update(state);
|
||||
for (int i = 0; i < state.length; i++) {
|
||||
state[i] = 0;
|
||||
}
|
||||
Arrays.fill(state, (byte) 0);
|
||||
}
|
||||
state = digest.digest(seed);
|
||||
remCount = 0;
|
||||
@ -233,8 +232,7 @@ implements java.io.Serializable {
|
||||
int r = remCount;
|
||||
if (r > 0) {
|
||||
// How many bytes?
|
||||
todo = (result.length - index) < (DIGEST_SIZE - r) ?
|
||||
(result.length - index) : (DIGEST_SIZE - r);
|
||||
todo = Math.min(result.length - index, DIGEST_SIZE - r);
|
||||
// Copy the bytes, zero the buffer
|
||||
for (int i = 0; i < todo; i++) {
|
||||
result[i] = output[r];
|
||||
@ -252,8 +250,7 @@ implements java.io.Serializable {
|
||||
updateState(state, output);
|
||||
|
||||
// How many bytes?
|
||||
todo = (result.length - index) > DIGEST_SIZE ?
|
||||
DIGEST_SIZE : result.length - index;
|
||||
todo = Math.min((result.length - index), DIGEST_SIZE);
|
||||
// Copy the bytes, zero the buffer
|
||||
for (int i = 0; i < todo; i++) {
|
||||
result[index++] = output[i];
|
||||
|
@ -36,16 +36,16 @@ package sun.security.provider;
|
||||
* number of times the VM manages to loop in a given period. This number
|
||||
* roughly reflects the machine load at that point in time.
|
||||
* The samples are translated using a permutation (s-box)
|
||||
* and then XORed together. This process is non linear and
|
||||
* and then XORed together. This process is non-linear and
|
||||
* should prevent the samples from "averaging out". The s-box
|
||||
* was designed to have even statistical distribution; it's specific
|
||||
* was designed to have even statistical distribution; its specific
|
||||
* values are not crucial for the security of the seed.
|
||||
* We also create a number of sleeper threads which add entropy
|
||||
* to the system by keeping the scheduler busy.
|
||||
* Twenty such samples should give us roughly 160 bits of randomness.
|
||||
* <p>
|
||||
* These values are gathered in the background by a daemon thread
|
||||
* thus allowing the system to continue performing it's different
|
||||
* thus allowing the system to continue performing its different
|
||||
* activities, which in turn add entropy to the random seed.
|
||||
* <p>
|
||||
* The class also gathers miscellaneous system information, some
|
||||
@ -186,7 +186,7 @@ abstract class SeedGenerator {
|
||||
DirectoryStream<Path> stream =
|
||||
Files.newDirectoryStream(f.toPath())) {
|
||||
// We use a Random object to choose what file names
|
||||
// should be used. Otherwise on a machine with too
|
||||
// should be used. Otherwise, on a machine with too
|
||||
// many files, the same first 1024 files always get
|
||||
// used. Any, We make sure the first 512 files are
|
||||
// always used.
|
||||
@ -269,7 +269,7 @@ abstract class SeedGenerator {
|
||||
private static class ThreadedSeedGenerator extends SeedGenerator
|
||||
implements Runnable {
|
||||
// Queue is used to collect seed bytes
|
||||
private byte[] pool;
|
||||
private final byte[] pool;
|
||||
private int start, end, count;
|
||||
|
||||
// Thread group for our threads
|
||||
@ -359,7 +359,7 @@ abstract class SeedGenerator {
|
||||
int latch = 0;
|
||||
long startTime = System.nanoTime();
|
||||
while (System.nanoTime() - startTime < 250000000) {
|
||||
synchronized(this){};
|
||||
synchronized(this){}
|
||||
// Mask the sign bit and keep latch non-negative
|
||||
latch = (latch + 1) & 0x1FFFFFFF;
|
||||
}
|
||||
@ -485,7 +485,7 @@ abstract class SeedGenerator {
|
||||
|
||||
static class URLSeedGenerator extends SeedGenerator {
|
||||
|
||||
private String deviceName;
|
||||
private final String deviceName;
|
||||
private InputStream seedStream;
|
||||
|
||||
/**
|
||||
|
@ -49,13 +49,13 @@ class SubjectCodeSource extends CodeSource implements java.io.Serializable {
|
||||
@java.io.Serial
|
||||
private static final long serialVersionUID = 6039418085604715275L;
|
||||
|
||||
private Subject subject;
|
||||
private LinkedList<PrincipalEntry> principals;
|
||||
private final Subject subject;
|
||||
private final LinkedList<PrincipalEntry> principals;
|
||||
private static final Class<?>[] PARAMS = { String.class };
|
||||
private static final sun.security.util.Debug debug =
|
||||
sun.security.util.Debug.getInstance("auth", "\t[Auth Access]");
|
||||
@SuppressWarnings("serial") // Not statically typed as Serializable
|
||||
private ClassLoader sysClassLoader;
|
||||
private final ClassLoader sysClassLoader;
|
||||
|
||||
/**
|
||||
* Creates a new <code>SubjectCodeSource</code>
|
||||
@ -231,7 +231,7 @@ class SubjectCodeSource extends CodeSource implements java.io.Serializable {
|
||||
Iterator<Principal> i =
|
||||
that.getSubject().getPrincipals().iterator();
|
||||
|
||||
subjectList = new LinkedList<PrincipalEntry>();
|
||||
subjectList = new LinkedList<>();
|
||||
while (i.hasNext()) {
|
||||
Principal p = i.next();
|
||||
PrincipalEntry spppe = new PrincipalEntry
|
||||
@ -315,14 +315,12 @@ class SubjectCodeSource extends CodeSource implements java.io.Serializable {
|
||||
if (obj == this)
|
||||
return true;
|
||||
|
||||
if (super.equals(obj) == false)
|
||||
if (!super.equals(obj))
|
||||
return false;
|
||||
|
||||
if (!(obj instanceof SubjectCodeSource))
|
||||
if (!(obj instanceof SubjectCodeSource that))
|
||||
return false;
|
||||
|
||||
SubjectCodeSource that = (SubjectCodeSource)obj;
|
||||
|
||||
// the principal lists must match
|
||||
try {
|
||||
if (this.getSubject() != that.getSubject())
|
||||
@ -335,11 +333,9 @@ class SubjectCodeSource extends CodeSource implements java.io.Serializable {
|
||||
(this.principals != null && that.principals == null))
|
||||
return false;
|
||||
|
||||
if (this.principals != null && that.principals != null) {
|
||||
if (!this.principals.containsAll(that.principals) ||
|
||||
!that.principals.containsAll(this.principals))
|
||||
|
||||
return false;
|
||||
if (this.principals != null) {
|
||||
return this.principals.containsAll(that.principals) &&
|
||||
that.principals.containsAll(this.principals);
|
||||
}
|
||||
|
||||
return true;
|
||||
|
@ -25,14 +25,22 @@
|
||||
|
||||
package sun.security.provider;
|
||||
|
||||
import java.io.*;
|
||||
import java.net.*;
|
||||
import java.util.*;
|
||||
import java.security.*;
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
import java.net.URL;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.security.Provider;
|
||||
import java.security.Security;
|
||||
import java.util.HashMap;
|
||||
import java.util.Iterator;
|
||||
import java.util.LinkedHashSet;
|
||||
|
||||
import jdk.internal.util.StaticProperty;
|
||||
import sun.security.action.GetBooleanAction;
|
||||
import sun.security.util.SecurityProviderConstants;
|
||||
|
||||
import static sun.security.util.SecurityProviderConstants.getAliases;
|
||||
|
||||
/**
|
||||
@ -312,7 +320,7 @@ public final class SunEntries {
|
||||
getAliases(algo), attrs));
|
||||
}
|
||||
|
||||
private LinkedHashSet<Provider.Service> services;
|
||||
private final LinkedHashSet<Provider.Service> services;
|
||||
|
||||
// name of the *System* property, takes precedence over PROP_RNDSOURCE
|
||||
private static final String PROP_EGD = "java.security.egd";
|
||||
@ -358,7 +366,7 @@ public final class SunEntries {
|
||||
/*
|
||||
* Use a URI to access this File. Previous code used a URL
|
||||
* which is less strict on syntax. If we encounter a
|
||||
* URISyntaxException we make best efforts for backwards
|
||||
* URISyntaxException we make a best effort for backwards
|
||||
* compatibility. e.g. space character in deviceName string.
|
||||
*
|
||||
* Method called within PrivilegedExceptionAction block.
|
||||
@ -381,7 +389,7 @@ public final class SunEntries {
|
||||
}
|
||||
} catch (URISyntaxException use) {
|
||||
/*
|
||||
* Make best effort to access this File.
|
||||
* Make a best effort to access this File.
|
||||
* We can try using the URL path.
|
||||
*/
|
||||
return new File(device.getPath());
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -27,21 +27,21 @@ package sun.security.provider;
|
||||
|
||||
import java.io.*;
|
||||
import java.security.PublicKey;
|
||||
import java.util.*;
|
||||
import java.security.cert.*;
|
||||
import java.util.*;
|
||||
|
||||
import jdk.internal.event.EventHelper;
|
||||
import jdk.internal.event.X509CertificateEvent;
|
||||
import sun.security.util.KeyUtil;
|
||||
import sun.security.util.Pem;
|
||||
import sun.security.x509.*;
|
||||
|
||||
import sun.security.pkcs.PKCS7;
|
||||
import sun.security.pkcs.ParsingException;
|
||||
import sun.security.provider.certpath.X509CertPath;
|
||||
import sun.security.provider.certpath.X509CertificatePair;
|
||||
import sun.security.util.DerValue;
|
||||
import sun.security.util.Cache;
|
||||
import java.util.Base64;
|
||||
import sun.security.pkcs.ParsingException;
|
||||
import sun.security.util.DerValue;
|
||||
import sun.security.util.KeyUtil;
|
||||
import sun.security.x509.X509CRLImpl;
|
||||
import sun.security.x509.X509CertImpl;
|
||||
|
||||
/**
|
||||
* This class defines a certificate factory for X.509 v3 certificates {@literal &}
|
||||
@ -130,7 +130,7 @@ public class X509Factory extends CertificateFactorySpi {
|
||||
int read = 0;
|
||||
byte[] buffer = new byte[2048];
|
||||
while (length > 0) {
|
||||
int n = in.read(buffer, 0, length<2048?length:2048);
|
||||
int n = in.read(buffer, 0, Math.min(length, 2048));
|
||||
if (n <= 0) {
|
||||
break;
|
||||
}
|
||||
@ -676,7 +676,7 @@ public class X509Factory extends CertificateFactorySpi {
|
||||
|
||||
/**
|
||||
* Read one BER data block. This method is aware of indefinite-length BER
|
||||
* encoding and will read all of the sub-sections in a recursive way
|
||||
* encoding and will read all the subsections in a recursive way
|
||||
*
|
||||
* @param is Read from this InputStream
|
||||
* @param bout Write into this OutputStream
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2011, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2011, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -196,11 +196,7 @@ class AdaptableX509CertSelector extends X509CertSelector {
|
||||
}
|
||||
|
||||
|
||||
if (!super.match(cert)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
return super.match(cert);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -85,10 +85,10 @@ import java.util.List;
|
||||
public class AdjacencyList {
|
||||
|
||||
// the actual set of steps the AdjacencyList represents
|
||||
private ArrayList<BuildStep> mStepList;
|
||||
private final ArrayList<BuildStep> mStepList;
|
||||
|
||||
// the original list, just for the toString method
|
||||
private List<List<Vertex>> mOrigList;
|
||||
private final List<List<Vertex>> mOrigList;
|
||||
|
||||
/**
|
||||
* Constructs a new <code>AdjacencyList</code> based on the specified
|
||||
@ -98,7 +98,7 @@ public class AdjacencyList {
|
||||
* <code>Vertex</code> objects
|
||||
*/
|
||||
public AdjacencyList(List<List<Vertex>> list) {
|
||||
mStepList = new ArrayList<BuildStep>();
|
||||
mStepList = new ArrayList<>();
|
||||
mOrigList = list;
|
||||
buildList(list, 0, null);
|
||||
}
|
||||
@ -151,7 +151,7 @@ public class AdjacencyList {
|
||||
if (allNegOne) {
|
||||
// There are two cases that we could be looking at here. We
|
||||
// may need to back up, or the build may have succeeded at
|
||||
// this point. This is based on whether or not any
|
||||
// this point. This is based on whether any
|
||||
// exceptions were found in the list.
|
||||
if (allXcps) {
|
||||
// we need to go back...see if this is the last one
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2009, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2009, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,32 +25,16 @@
|
||||
|
||||
package sun.security.provider.certpath;
|
||||
|
||||
import java.security.AlgorithmConstraints;
|
||||
import java.security.CryptoPrimitive;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.Date;
|
||||
import java.util.Set;
|
||||
import java.util.EnumSet;
|
||||
import java.math.BigInteger;
|
||||
import java.security.PublicKey;
|
||||
import java.security.KeyFactory;
|
||||
import java.security.AlgorithmParameters;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.*;
|
||||
import java.security.cert.*;
|
||||
import java.security.cert.Certificate;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.cert.PKIXCertPathChecker;
|
||||
import java.security.cert.TrustAnchor;
|
||||
import java.security.cert.CRLException;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.CertPathValidatorException;
|
||||
import java.security.cert.CertPathValidatorException.BasicReason;
|
||||
import java.security.cert.PKIXReason;
|
||||
import java.security.interfaces.DSAParams;
|
||||
import java.security.interfaces.DSAPublicKey;
|
||||
import java.security.spec.DSAPublicKeySpec;
|
||||
import java.util.*;
|
||||
|
||||
import sun.security.util.ConstraintsParameters;
|
||||
import sun.security.util.Debug;
|
||||
import sun.security.util.DisabledAlgorithmConstraints;
|
||||
import sun.security.validator.Validator;
|
||||
@ -175,7 +159,7 @@ public final class AlgorithmChecker extends PKIXCertPathChecker {
|
||||
@Override
|
||||
public boolean isForwardCheckingSupported() {
|
||||
// Note that as this class does not support forward mode, the method
|
||||
// will always returns false.
|
||||
// will always return false.
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -215,9 +199,7 @@ public final class AlgorithmChecker extends PKIXCertPathChecker {
|
||||
PublicKey currPubKey = cert.getPublicKey();
|
||||
String currSigAlg = x509Cert.getSigAlgName();
|
||||
|
||||
if (constraints instanceof DisabledAlgorithmConstraints) {
|
||||
DisabledAlgorithmConstraints dac =
|
||||
(DisabledAlgorithmConstraints)constraints;
|
||||
if (constraints instanceof DisabledAlgorithmConstraints dac) {
|
||||
if (prevPubKey != null && prevPubKey == trustedPubKey) {
|
||||
// check constraints of trusted public key (make sure
|
||||
// algorithm and size is not restricted)
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -38,10 +38,10 @@ import java.security.cert.X509Certificate;
|
||||
*/
|
||||
public class BuildStep {
|
||||
|
||||
private Vertex vertex;
|
||||
private final Vertex vertex;
|
||||
private X509Certificate cert;
|
||||
private Throwable throwable;
|
||||
private int result;
|
||||
private final int result;
|
||||
|
||||
/**
|
||||
* result code associated with a certificate that may continue a path from
|
||||
@ -187,29 +187,15 @@ public class BuildStep {
|
||||
* @return String string representing meaning of the result code
|
||||
*/
|
||||
public String resultToString(int res) {
|
||||
String resultString = "";
|
||||
switch (res) {
|
||||
case POSSIBLE:
|
||||
resultString = "Certificate to be tried.\n";
|
||||
break;
|
||||
case BACK:
|
||||
resultString = "Certificate backed out since path does not "
|
||||
return switch (res) {
|
||||
case POSSIBLE -> "Certificate to be tried.\n";
|
||||
case BACK -> "Certificate backed out since path does not "
|
||||
+ "satisfy build requirements.\n";
|
||||
break;
|
||||
case FOLLOW:
|
||||
resultString = "Certificate satisfies conditions.\n";
|
||||
break;
|
||||
case FAIL:
|
||||
resultString = "Certificate backed out since path does not "
|
||||
case FOLLOW, SUCCEED -> "Certificate satisfies conditions.\n";
|
||||
case FAIL -> "Certificate backed out since path does not "
|
||||
+ "satisfy conditions.\n";
|
||||
break;
|
||||
case SUCCEED:
|
||||
resultString = "Certificate satisfies conditions.\n";
|
||||
break;
|
||||
default:
|
||||
resultString = "Internal error: Invalid step result value.\n";
|
||||
}
|
||||
return resultString;
|
||||
default -> "Internal error: Invalid step result value.\n";
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
@ -220,7 +206,7 @@ public class BuildStep {
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
String out = "Internal Error\n";
|
||||
String out;
|
||||
switch (result) {
|
||||
case BACK:
|
||||
case FAIL:
|
||||
@ -256,8 +242,6 @@ public class BuildStep {
|
||||
case SUCCEED:
|
||||
out = out + vertex.moreToString();
|
||||
break;
|
||||
case POSSIBLE:
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
@ -157,7 +157,6 @@ abstract class Builder {
|
||||
case GeneralNameInterface.NAME_MATCH:
|
||||
return 0;
|
||||
case GeneralNameInterface.NAME_WIDENS:
|
||||
break;
|
||||
case GeneralNameInterface.NAME_NARROWS:
|
||||
break;
|
||||
default: // should never occur
|
||||
@ -203,7 +202,6 @@ abstract class Builder {
|
||||
return 0;
|
||||
case GeneralNameInterface.NAME_WIDENS:
|
||||
/* base is ancestor of test */
|
||||
return (test.subtreeDepth()-base.subtreeDepth());
|
||||
case GeneralNameInterface.NAME_NARROWS:
|
||||
/* base is descendant of test */
|
||||
return (test.subtreeDepth()-base.subtreeDepth());
|
||||
@ -329,7 +327,7 @@ abstract class Builder {
|
||||
constraints.merge(ncExt);
|
||||
} else {
|
||||
// Make sure we do a clone here, because we're probably
|
||||
// going to modify this object later and we don't want to
|
||||
// going to modify this object later, and we don't want to
|
||||
// be sharing it with a Certificate object!
|
||||
constraints = (NameConstraintsExtension) ncExt.clone();
|
||||
}
|
||||
@ -403,7 +401,7 @@ abstract class Builder {
|
||||
} else {
|
||||
// we just return an empty set to make sure that there is
|
||||
// at least a certificate policies extension in the cert
|
||||
matchingPolicies = Collections.<String>emptySet();
|
||||
matchingPolicies = Collections.emptySet();
|
||||
}
|
||||
}
|
||||
return matchingPolicies;
|
||||
|
@ -80,7 +80,7 @@ public class CertId {
|
||||
SerialNumber serialNumber) throws IOException {
|
||||
|
||||
// compute issuerNameHash
|
||||
MessageDigest md = null;
|
||||
MessageDigest md;
|
||||
try {
|
||||
md = MessageDigest.getInstance("SHA1");
|
||||
} catch (NoSuchAlgorithmException nsae) {
|
||||
@ -206,29 +206,23 @@ public class CertId {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (hashAlgId.equals(that.getHashAlgorithm()) &&
|
||||
Arrays.equals(issuerNameHash, that.getIssuerNameHash()) &&
|
||||
Arrays.equals(issuerKeyHash, that.getIssuerKeyHash()) &&
|
||||
certSerialNumber.getNumber().equals(that.getSerialNumber())) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
return hashAlgId.equals(that.getHashAlgorithm()) &&
|
||||
Arrays.equals(issuerNameHash, that.getIssuerNameHash()) &&
|
||||
Arrays.equals(issuerKeyHash, that.getIssuerKeyHash()) &&
|
||||
certSerialNumber.getNumber().equals(that.getSerialNumber());
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a string representation of the CertId.
|
||||
*/
|
||||
@Override public String toString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
sb.append("CertId \n");
|
||||
sb.append("Algorithm: " + hashAlgId.toString() +"\n");
|
||||
sb.append("issuerNameHash \n");
|
||||
HexDumpEncoder encoder = new HexDumpEncoder();
|
||||
sb.append(encoder.encode(issuerNameHash));
|
||||
sb.append("\nissuerKeyHash: \n");
|
||||
sb.append(encoder.encode(issuerKeyHash));
|
||||
sb.append("\n" + certSerialNumber.toString());
|
||||
return sb.toString();
|
||||
return "CertId \n" +
|
||||
"Algorithm: " + hashAlgId.toString() + "\n" +
|
||||
"issuerNameHash \n" +
|
||||
encoder.encode(issuerNameHash) +
|
||||
"\nissuerKeyHash: \n" +
|
||||
encoder.encode(issuerKeyHash) +
|
||||
"\n" + certSerialNumber.toString();
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -72,6 +72,6 @@ public abstract class CertPathHelper {
|
||||
}
|
||||
|
||||
public static boolean isJdkCA(TrustAnchor anchor) {
|
||||
return (anchor == null) ? false : instance.implIsJdkCA(anchor);
|
||||
return anchor != null && instance.implIsJdkCA(anchor);
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -26,18 +26,10 @@
|
||||
package sun.security.provider.certpath;
|
||||
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.cert.Certificate;
|
||||
import java.security.cert.CRL;
|
||||
import java.security.cert.*;
|
||||
import java.util.Collection;
|
||||
import java.util.ConcurrentModificationException;
|
||||
import java.util.HashSet;
|
||||
import java.security.cert.CertSelector;
|
||||
import java.security.cert.CertStore;
|
||||
import java.security.cert.CertStoreException;
|
||||
import java.security.cert.CertStoreParameters;
|
||||
import java.security.cert.CollectionCertStoreParameters;
|
||||
import java.security.cert.CRLSelector;
|
||||
import java.security.cert.CertStoreSpi;
|
||||
|
||||
/**
|
||||
* A <code>CertStore</code> that retrieves <code>Certificates</code> and
|
||||
@ -78,7 +70,7 @@ import java.security.cert.CertStoreSpi;
|
||||
*/
|
||||
public class CollectionCertStore extends CertStoreSpi {
|
||||
|
||||
private Collection<?> coll;
|
||||
private final Collection<?> coll;
|
||||
|
||||
/**
|
||||
* Creates a <code>CertStore</code> with the specified parameters.
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -195,10 +195,10 @@ class ConstraintsChecker extends PKIXCertPathChecker {
|
||||
debug.println("mergedNC = " + newConstraints);
|
||||
}
|
||||
if (newConstraints == null) {
|
||||
return newConstraints;
|
||||
return null;
|
||||
} else {
|
||||
// Make sure we do a clone here, because we're probably
|
||||
// going to modify this object later and we don't want to
|
||||
// going to modify this object later, and we don't want to
|
||||
// be sharing it with a Certificate object!
|
||||
return (NameConstraintsExtension)newConstraints.clone();
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,19 +25,22 @@
|
||||
|
||||
package sun.security.provider.certpath;
|
||||
|
||||
import java.io.*;
|
||||
import java.io.IOException;
|
||||
import java.net.URI;
|
||||
import java.security.*;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.PublicKey;
|
||||
import java.security.cert.*;
|
||||
import javax.security.auth.x500.X500Principal;
|
||||
import java.util.*;
|
||||
import javax.security.auth.x500.X500Principal;
|
||||
|
||||
import sun.security.util.Debug;
|
||||
import sun.security.util.Event;
|
||||
import sun.security.validator.Validator;
|
||||
import static sun.security.x509.PKIXExtensions.*;
|
||||
import sun.security.x509.*;
|
||||
|
||||
import static sun.security.x509.PKIXExtensions.IssuingDistributionPoint_Id;
|
||||
|
||||
/**
|
||||
* Class to obtain CRLs via the CRLDistributionPoints extension.
|
||||
* Note that the functionality of this class must be explicitly enabled
|
||||
@ -219,7 +222,7 @@ public class DistributionPointFetcher {
|
||||
}
|
||||
|
||||
Event.report(Event.ReporterCategory.CRLCHECK, "event.crl.check", uri.toString());
|
||||
CertStore ucs = null;
|
||||
CertStore ucs;
|
||||
try {
|
||||
ucs = URICertStore.getInstance(new URICertStoreParameters(uri));
|
||||
} catch (InvalidAlgorithmParameterException |
|
||||
@ -331,21 +334,20 @@ public class DistributionPointFetcher {
|
||||
X500Name pointCrlIssuer = null;
|
||||
if (pointCrlIssuers != null) {
|
||||
if (idpExt == null ||
|
||||
((Boolean) idpExt.get
|
||||
(IssuingDistributionPointExtension.INDIRECT_CRL)).equals
|
||||
(Boolean.FALSE)) {
|
||||
idpExt.get(IssuingDistributionPointExtension.INDIRECT_CRL)
|
||||
== Boolean.FALSE) {
|
||||
return false;
|
||||
}
|
||||
boolean match = false;
|
||||
for (Iterator<GeneralName> t = pointCrlIssuers.iterator();
|
||||
!match && t.hasNext(); ) {
|
||||
GeneralNameInterface name = t.next().getName();
|
||||
if (crlIssuer.equals(name) == true) {
|
||||
if (crlIssuer.equals(name)) {
|
||||
pointCrlIssuer = (X500Name) name;
|
||||
match = true;
|
||||
}
|
||||
}
|
||||
if (match == false) {
|
||||
if (!match) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -357,7 +359,7 @@ public class DistributionPointFetcher {
|
||||
} else {
|
||||
indirectCRL = true;
|
||||
}
|
||||
} else if (crlIssuer.equals(certIssuer) == false) {
|
||||
} else if (!crlIssuer.equals(certIssuer)) {
|
||||
if (debug != null) {
|
||||
debug.println("crl issuer does not equal cert issuer.\n" +
|
||||
"crl issuer: " + crlIssuer + "\n" +
|
||||
@ -477,10 +479,10 @@ public class DistributionPointFetcher {
|
||||
// the names in the cRLIssuer of the cert's DP
|
||||
boolean match = false;
|
||||
for (Iterator<GeneralName> t = pointCrlIssuers.iterator();
|
||||
!match && t.hasNext(); ) {
|
||||
!match && t.hasNext(); ) {
|
||||
GeneralNameInterface crlIssuerName = t.next().getName();
|
||||
for (Iterator<GeneralName> i = idpNames.iterator();
|
||||
!match && i.hasNext(); ) {
|
||||
!match && i.hasNext(); ) {
|
||||
GeneralNameInterface idpName = i.next().getName();
|
||||
match = crlIssuerName.equals(idpName);
|
||||
}
|
||||
@ -550,7 +552,7 @@ public class DistributionPointFetcher {
|
||||
// modify it)
|
||||
interimReasonsMask = reasons.getFlags().clone();
|
||||
}
|
||||
} else if (idpExt == null || reasons == null) {
|
||||
} else {
|
||||
if (pointReasonFlags != null) {
|
||||
// set interim reasons mask to the value of DP reasons
|
||||
interimReasonsMask = pointReasonFlags.clone();
|
||||
@ -563,11 +565,11 @@ public class DistributionPointFetcher {
|
||||
// verify that interim reasons mask includes one or more reasons
|
||||
// not included in the reasons mask
|
||||
boolean oneOrMore = false;
|
||||
for (int i = 0; i < interimReasonsMask.length && !oneOrMore; i++) {
|
||||
for (int i = 0; i < interimReasonsMask.length; i++) {
|
||||
if (interimReasonsMask[i] &&
|
||||
!(i < reasonsMask.length && reasonsMask[i]))
|
||||
{
|
||||
!(i < reasonsMask.length && reasonsMask[i])) {
|
||||
oneOrMore = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!oneOrMore) {
|
||||
@ -583,7 +585,7 @@ public class DistributionPointFetcher {
|
||||
boolean[] crlSign = {false,false,false,false,false,false,true};
|
||||
certSel.setKeyUsage(crlSign);
|
||||
|
||||
// Currently by default, forward builder does not enable
|
||||
// Currently, by default, forward builder does not enable
|
||||
// subject/authority key identifier identifying for target
|
||||
// certificate, instead, it only compares the CRL issuer and
|
||||
// the target certificate subject. If the certificate of the
|
||||
@ -632,7 +634,7 @@ public class DistributionPointFetcher {
|
||||
newTrustAnchors.add(temporary);
|
||||
}
|
||||
|
||||
PKIXBuilderParameters params = null;
|
||||
PKIXBuilderParameters params;
|
||||
try {
|
||||
params = new PKIXBuilderParameters(newTrustAnchors, certSel);
|
||||
} catch (InvalidAlgorithmParameterException iape) {
|
||||
@ -723,7 +725,7 @@ public class DistributionPointFetcher {
|
||||
private static boolean issues(X509CertImpl cert, X509CRLImpl crl,
|
||||
String provider) throws IOException
|
||||
{
|
||||
boolean matched = false;
|
||||
boolean matched;
|
||||
|
||||
AdaptableX509CertSelector issuerSelector =
|
||||
new AdaptableX509CertSelector();
|
||||
@ -757,7 +759,6 @@ public class DistributionPointFetcher {
|
||||
cert.getAuthorityKeyIdentifierExtension() == null)) {
|
||||
try {
|
||||
crl.verify(cert.getPublicKey(), provider);
|
||||
matched = true;
|
||||
} catch (GeneralSecurityException e) {
|
||||
matched = false;
|
||||
}
|
||||
|
@ -69,7 +69,7 @@ final class ForwardBuilder extends Builder {
|
||||
private AdaptableX509CertSelector caSelector;
|
||||
private X509CertSelector caTargetSelector;
|
||||
TrustAnchor trustAnchor;
|
||||
private boolean searchAllCertStores = true;
|
||||
private final boolean searchAllCertStores;
|
||||
|
||||
/**
|
||||
* Initialize the builder with the input parameters.
|
||||
@ -98,7 +98,7 @@ final class ForwardBuilder extends Builder {
|
||||
/**
|
||||
* Retrieves all certs from the specified CertStores that satisfy the
|
||||
* requirements specified in the parameters and the current
|
||||
* PKIX state (name constraints, policy constraints, etc).
|
||||
* PKIX state (name constraints, policy constraints, etc.).
|
||||
*
|
||||
* @param currentState the current state.
|
||||
* Must be an instance of <code>ForwardState</code>
|
||||
@ -107,7 +107,7 @@ final class ForwardBuilder extends Builder {
|
||||
@Override
|
||||
Collection<X509Certificate> getMatchingCerts(State currentState,
|
||||
List<CertStore> certStores)
|
||||
throws CertStoreException, CertificateException, IOException
|
||||
throws IOException
|
||||
{
|
||||
if (debug != null) {
|
||||
debug.println("ForwardBuilder.getMatchingCerts()...");
|
||||
@ -197,7 +197,7 @@ final class ForwardBuilder extends Builder {
|
||||
* Compose a CertSelector to filter out
|
||||
* certs which do not satisfy requirements.
|
||||
*/
|
||||
X509CertSelector sel = null;
|
||||
X509CertSelector sel;
|
||||
|
||||
if (currentState.isInitial()) {
|
||||
if (targetCertConstraints.getBasicConstraints() == -2) {
|
||||
@ -355,7 +355,7 @@ final class ForwardBuilder extends Builder {
|
||||
private boolean getCerts(AuthorityInfoAccessExtension aiaExt,
|
||||
Collection<X509Certificate> certs)
|
||||
{
|
||||
if (Builder.USE_AIA == false) {
|
||||
if (!Builder.USE_AIA) {
|
||||
return false;
|
||||
}
|
||||
List<AccessDescription> adList = aiaExt.getAccessDescriptions();
|
||||
@ -539,16 +539,13 @@ final class ForwardBuilder extends Builder {
|
||||
debug.println(METHOD_NME +" distanceTto2: " + distanceTto2);
|
||||
}
|
||||
if (distanceTto1 > 0 || distanceTto2 > 0) {
|
||||
if (distanceTto1 == distanceTto2) {
|
||||
// at least one is positive
|
||||
if (distanceTto2 <= 0) { // only d1 is positive
|
||||
return -1;
|
||||
} else if (distanceTto1 > 0 && distanceTto2 <= 0) {
|
||||
return -1;
|
||||
} else if (distanceTto1 <= 0 && distanceTto2 > 0) {
|
||||
return 1;
|
||||
} else if (distanceTto1 < distanceTto2) {
|
||||
return -1;
|
||||
} else { // distanceTto1 > distanceTto2
|
||||
} else if (distanceTto1 <= 0) { // only d2 is positive
|
||||
return 1;
|
||||
} else { // all positive
|
||||
return distanceTto1 > distanceTto2 ? 1 : -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -571,16 +568,13 @@ final class ForwardBuilder extends Builder {
|
||||
debug.println(METHOD_NME +" distanceTto2: " + distanceTto2);
|
||||
}
|
||||
if (distanceTto1 < 0 || distanceTto2 < 0) {
|
||||
if (distanceTto1 == distanceTto2) {
|
||||
// at least one is negative
|
||||
if (distanceTto2 >= 0) { // only d1 is negative
|
||||
return -1;
|
||||
} else if (distanceTto1 < 0 && distanceTto2 >= 0) {
|
||||
return -1;
|
||||
} else if (distanceTto1 >= 0 && distanceTto2 < 0) {
|
||||
return 1;
|
||||
} else if (distanceTto1 > distanceTto2) {
|
||||
return -1;
|
||||
} else {
|
||||
} else if (distanceTto1 >= 0) { // only d2 is negative
|
||||
return 1;
|
||||
} else { // all negative
|
||||
return distanceTto1 < distanceTto2 ? 1 : -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -678,9 +672,9 @@ final class ForwardBuilder extends Builder {
|
||||
* signature and revocation status of the previous cert.
|
||||
*
|
||||
* If the last certificate is being verified (the one whose subject
|
||||
* matches the target subject, then steps in 6.1.4 of the PKIX
|
||||
* matches the target subject) then steps in 6.1.4 of the PKIX
|
||||
* Certification Path Validation algorithm are NOT executed,
|
||||
* regardless of whether or not the last cert is an end-entity
|
||||
* regardless of whether the last cert is an end-entity
|
||||
* cert or not. This allows callers to certify CA certs as
|
||||
* well as EE certs.
|
||||
*
|
||||
@ -703,7 +697,7 @@ final class ForwardBuilder extends Builder {
|
||||
ForwardState currState = (ForwardState)currentState;
|
||||
|
||||
// Don't bother to verify untrusted certificate more.
|
||||
currState.untrustedChecker.check(cert, Collections.<String>emptySet());
|
||||
currState.untrustedChecker.check(cert, Collections.emptySet());
|
||||
|
||||
/*
|
||||
* check for looping - abort a loop if we encounter the same
|
||||
@ -732,7 +726,7 @@ final class ForwardBuilder extends Builder {
|
||||
*/
|
||||
Set<String> unresCritExts = cert.getCriticalExtensionOIDs();
|
||||
if (unresCritExts == null) {
|
||||
unresCritExts = Collections.<String>emptySet();
|
||||
unresCritExts = Collections.emptySet();
|
||||
}
|
||||
for (PKIXCertPathChecker checker : currState.forwardCheckers) {
|
||||
checker.check(cert, unresCritExts);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -113,16 +113,14 @@ class ForwardState implements State {
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
sb.append("State [");
|
||||
sb.append("\n issuerDN of last cert: ").append(issuerDN);
|
||||
sb.append("\n traversedCACerts: ").append(traversedCACerts);
|
||||
sb.append("\n init: ").append(init);
|
||||
sb.append("\n keyParamsNeeded: ").append(keyParamsNeededFlag);
|
||||
sb.append("\n subjectNamesTraversed: \n").append
|
||||
(subjectNamesTraversed);
|
||||
sb.append("]\n");
|
||||
return sb.toString();
|
||||
return "State [" +
|
||||
"\n issuerDN of last cert: " + issuerDN +
|
||||
"\n traversedCACerts: " + traversedCACerts +
|
||||
"\n init: " + init +
|
||||
"\n keyParamsNeeded: " + keyParamsNeededFlag +
|
||||
"\n subjectNamesTraversed: \n" +
|
||||
subjectNamesTraversed +
|
||||
"]\n";
|
||||
}
|
||||
|
||||
/**
|
||||
@ -133,14 +131,14 @@ class ForwardState implements State {
|
||||
public void initState(List<PKIXCertPathChecker> certPathCheckers)
|
||||
throws CertPathValidatorException
|
||||
{
|
||||
subjectNamesTraversed = new HashSet<GeneralNameInterface>();
|
||||
subjectNamesTraversed = new HashSet<>();
|
||||
traversedCACerts = 0;
|
||||
|
||||
/*
|
||||
* Populate forwardCheckers with every user-defined checker
|
||||
* that supports forward checking and initialize the forwardCheckers
|
||||
*/
|
||||
forwardCheckers = new ArrayList<PKIXCertPathChecker>();
|
||||
forwardCheckers = new ArrayList<>();
|
||||
for (PKIXCertPathChecker checker : certPathCheckers) {
|
||||
if (checker.isForwardCheckingSupported()) {
|
||||
checker.init(true);
|
||||
@ -238,7 +236,7 @@ class ForwardState implements State {
|
||||
clonedState.forwardCheckers.listIterator();
|
||||
while (li.hasNext()) {
|
||||
PKIXCertPathChecker checker = li.next();
|
||||
if (checker instanceof Cloneable) {
|
||||
if (checker != null) {
|
||||
li.set((PKIXCertPathChecker)checker.clone());
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -138,8 +138,8 @@ public class IndexedCollectionCertStore extends CertStoreSpi {
|
||||
* and CRLs.
|
||||
*/
|
||||
private void buildIndex(Collection<?> coll) {
|
||||
certSubjects = new HashMap<X500Principal, Object>();
|
||||
crlIssuers = new HashMap<X500Principal, Object>();
|
||||
certSubjects = new HashMap<>();
|
||||
crlIssuers = new HashMap<>();
|
||||
otherCertificates = null;
|
||||
otherCRLs = null;
|
||||
for (Object obj : coll) {
|
||||
@ -149,12 +149,12 @@ public class IndexedCollectionCertStore extends CertStoreSpi {
|
||||
indexCRL((X509CRL)obj);
|
||||
} else if (obj instanceof Certificate) {
|
||||
if (otherCertificates == null) {
|
||||
otherCertificates = new HashSet<Certificate>();
|
||||
otherCertificates = new HashSet<>();
|
||||
}
|
||||
otherCertificates.add((Certificate)obj);
|
||||
} else if (obj instanceof CRL) {
|
||||
if (otherCRLs == null) {
|
||||
otherCRLs = new HashSet<CRL>();
|
||||
otherCRLs = new HashSet<>();
|
||||
}
|
||||
otherCRLs.add((CRL)obj);
|
||||
} else {
|
||||
@ -162,10 +162,10 @@ public class IndexedCollectionCertStore extends CertStoreSpi {
|
||||
}
|
||||
}
|
||||
if (otherCertificates == null) {
|
||||
otherCertificates = Collections.<Certificate>emptySet();
|
||||
otherCertificates = Collections.emptySet();
|
||||
}
|
||||
if (otherCRLs == null) {
|
||||
otherCRLs = Collections.<CRL>emptySet();
|
||||
otherCRLs = Collections.emptySet();
|
||||
}
|
||||
}
|
||||
|
||||
@ -187,7 +187,7 @@ public class IndexedCollectionCertStore extends CertStoreSpi {
|
||||
} else {
|
||||
@SuppressWarnings("unchecked") // See certSubjects javadoc.
|
||||
List<X509Certificate> list = (List<X509Certificate>)oldEntry;
|
||||
if (list.contains(cert) == false) {
|
||||
if (!list.contains(cert)) {
|
||||
list.add(cert);
|
||||
}
|
||||
certSubjects.put(subject, list);
|
||||
@ -214,7 +214,7 @@ public class IndexedCollectionCertStore extends CertStoreSpi {
|
||||
// See crlIssuers javadoc.
|
||||
@SuppressWarnings("unchecked")
|
||||
List<X509CRL> list = (List<X509CRL>)oldEntry;
|
||||
if (list.contains(crl) == false) {
|
||||
if (!list.contains(crl)) {
|
||||
list.add(crl);
|
||||
}
|
||||
crlIssuers.put(issuer, list);
|
||||
@ -246,7 +246,7 @@ public class IndexedCollectionCertStore extends CertStoreSpi {
|
||||
return matches;
|
||||
}
|
||||
|
||||
if (selector instanceof X509CertSelector == false) {
|
||||
if (!(selector instanceof X509CertSelector x509Selector)) {
|
||||
Set<Certificate> matches = new HashSet<>();
|
||||
matchX509Certs(selector, matches);
|
||||
for (Certificate cert : otherCertificates) {
|
||||
@ -260,7 +260,6 @@ public class IndexedCollectionCertStore extends CertStoreSpi {
|
||||
if (certSubjects.isEmpty()) {
|
||||
return Collections.<X509Certificate>emptySet();
|
||||
}
|
||||
X509CertSelector x509Selector = (X509CertSelector)selector;
|
||||
// see if the subject is specified
|
||||
X500Principal subject;
|
||||
X509Certificate matchCert = x509Selector.getCertificate();
|
||||
@ -275,8 +274,7 @@ public class IndexedCollectionCertStore extends CertStoreSpi {
|
||||
if (entry == null) {
|
||||
return Collections.<X509Certificate>emptySet();
|
||||
}
|
||||
if (entry instanceof X509Certificate) {
|
||||
X509Certificate x509Entry = (X509Certificate)entry;
|
||||
if (entry instanceof X509Certificate x509Entry) {
|
||||
if (x509Selector.match(x509Entry)) {
|
||||
return Collections.singleton(x509Entry);
|
||||
} else {
|
||||
@ -309,8 +307,7 @@ public class IndexedCollectionCertStore extends CertStoreSpi {
|
||||
Collection<Certificate> matches) {
|
||||
|
||||
for (Object obj : certSubjects.values()) {
|
||||
if (obj instanceof X509Certificate) {
|
||||
X509Certificate cert = (X509Certificate)obj;
|
||||
if (obj instanceof X509Certificate cert) {
|
||||
if (selector.match(cert)) {
|
||||
matches.add(cert);
|
||||
}
|
||||
@ -350,7 +347,7 @@ public class IndexedCollectionCertStore extends CertStoreSpi {
|
||||
return matches;
|
||||
}
|
||||
|
||||
if (selector instanceof X509CRLSelector == false) {
|
||||
if (!(selector instanceof X509CRLSelector x509Selector)) {
|
||||
Set<CRL> matches = new HashSet<>();
|
||||
matchX509CRLs(selector, matches);
|
||||
for (CRL crl : otherCRLs) {
|
||||
@ -362,9 +359,8 @@ public class IndexedCollectionCertStore extends CertStoreSpi {
|
||||
}
|
||||
|
||||
if (crlIssuers.isEmpty()) {
|
||||
return Collections.<CRL>emptySet();
|
||||
return Collections.emptySet();
|
||||
}
|
||||
X509CRLSelector x509Selector = (X509CRLSelector)selector;
|
||||
// see if the issuer is specified
|
||||
Collection<X500Principal> issuers = x509Selector.getIssuers();
|
||||
if (issuers != null) {
|
||||
@ -373,8 +369,7 @@ public class IndexedCollectionCertStore extends CertStoreSpi {
|
||||
Object entry = crlIssuers.get(issuer);
|
||||
if (entry == null) {
|
||||
// empty
|
||||
} else if (entry instanceof X509CRL) {
|
||||
X509CRL crl = (X509CRL)entry;
|
||||
} else if (entry instanceof X509CRL crl) {
|
||||
if (x509Selector.match(crl)) {
|
||||
matches.add(crl);
|
||||
}
|
||||
@ -403,8 +398,7 @@ public class IndexedCollectionCertStore extends CertStoreSpi {
|
||||
*/
|
||||
private void matchX509CRLs(CRLSelector selector, Collection<CRL> matches) {
|
||||
for (Object obj : crlIssuers.values()) {
|
||||
if (obj instanceof X509CRL) {
|
||||
X509CRL crl = (X509CRL)obj;
|
||||
if (obj instanceof X509CRL crl) {
|
||||
if (selector.match(crl)) {
|
||||
matches.add(crl);
|
||||
}
|
||||
|
@ -113,7 +113,7 @@ class KeyChecker extends PKIXCertPathChecker {
|
||||
// if final certificate, check that target constraints are satisfied
|
||||
if (remainingCerts == 0) {
|
||||
if (targetConstraints != null &&
|
||||
targetConstraints.match(currCert) == false) {
|
||||
!targetConstraints.match(currCert)) {
|
||||
throw new CertPathValidatorException("target certificate " +
|
||||
"constraints check failed");
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2009, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2009, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -57,10 +57,10 @@ import static java.nio.charset.StandardCharsets.UTF_8;
|
||||
|
||||
/**
|
||||
* This is a class that checks the revocation status of a certificate(s) using
|
||||
* OCSP. It is not a PKIXCertPathChecker and therefore can be used outside of
|
||||
* OCSP. It is not a PKIXCertPathChecker and therefore can be used outside
|
||||
* the CertPathValidator framework. It is useful when you want to
|
||||
* just check the revocation status of a certificate, and you don't want to
|
||||
* incur the overhead of validating all of the certificates in the
|
||||
* incur the overhead of validating all the certificates in the
|
||||
* associated certificate chain.
|
||||
*
|
||||
* @author Sean Mullan
|
||||
@ -128,7 +128,7 @@ public final class OCSP {
|
||||
}
|
||||
}
|
||||
|
||||
OCSPResponse ocspResponse = null;
|
||||
OCSPResponse ocspResponse;
|
||||
try {
|
||||
byte[] response = getOCSPBytes(certIds, responderURI, extensions);
|
||||
ocspResponse = new OCSPResponse(response);
|
||||
@ -271,8 +271,8 @@ public final class OCSP {
|
||||
/**
|
||||
* The Revocation Status of a certificate.
|
||||
*/
|
||||
public static interface RevocationStatus {
|
||||
public enum CertStatus { GOOD, REVOKED, UNKNOWN };
|
||||
public interface RevocationStatus {
|
||||
enum CertStatus { GOOD, REVOKED, UNKNOWN }
|
||||
|
||||
/**
|
||||
* Returns the revocation status.
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -48,7 +48,7 @@ public final class OCSPNonceExtension extends Extension {
|
||||
* Attribute name.
|
||||
*/
|
||||
private static final String EXTENSION_NAME = "OCSPNonce";
|
||||
private byte[] nonceData = null;
|
||||
private final byte[] nonceData;
|
||||
|
||||
/**
|
||||
* Create an {@code OCSPNonceExtension} by providing the nonce length.
|
||||
@ -166,11 +166,9 @@ public final class OCSPNonceExtension extends Extension {
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
sb.append(super.toString()).append(EXTENSION_NAME).append(": ");
|
||||
sb.append((nonceData == null) ? "" : Debug.toString(nonceData));
|
||||
sb.append("\n");
|
||||
return sb.toString();
|
||||
return super.toString() + EXTENSION_NAME + ": " +
|
||||
((nonceData == null) ? "" : Debug.toString(nonceData)) +
|
||||
"\n";
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -95,7 +95,7 @@ class OCSPRequest {
|
||||
|
||||
OCSPRequest(List<CertId> certIds) {
|
||||
this.certIds = certIds;
|
||||
this.extensions = Collections.<Extension>emptyList();
|
||||
this.extensions = Collections.emptyList();
|
||||
}
|
||||
|
||||
OCSPRequest(List<CertId> certIds, List<Extension> extensions) {
|
||||
|
@ -129,7 +129,8 @@ public final class OCSPResponse {
|
||||
UNUSED, // is not used
|
||||
SIG_REQUIRED, // Must sign the request
|
||||
UNAUTHORIZED // Request unauthorized
|
||||
};
|
||||
}
|
||||
|
||||
private static final ResponseStatus[] rsvalues = ResponseStatus.values();
|
||||
|
||||
private static final Debug debug = Debug.getInstance("certpath");
|
||||
@ -171,7 +172,7 @@ public final class OCSPResponse {
|
||||
return tmp * 1000;
|
||||
}
|
||||
|
||||
// an array of all of the CRLReasons (used in SingleResponse)
|
||||
// an array of all the CRLReasons (used in SingleResponse)
|
||||
private static final CRLReason[] values = CRLReason.values();
|
||||
|
||||
private final ResponseStatus responseStatus;
|
||||
@ -180,7 +181,7 @@ public final class OCSPResponse {
|
||||
private final byte[] signature;
|
||||
private final byte[] tbsResponseData;
|
||||
private final byte[] responseNonce;
|
||||
private List<X509CertImpl> certs;
|
||||
private final List<X509CertImpl> certs;
|
||||
private X509CertImpl signerCert = null;
|
||||
private final ResponderId respId;
|
||||
private Date producedAtDate = null;
|
||||
@ -218,7 +219,7 @@ public final class OCSPResponse {
|
||||
if (responseStatus != ResponseStatus.SUCCESSFUL) {
|
||||
// no need to continue, responseBytes are not set.
|
||||
singleResponseMap = Collections.emptyMap();
|
||||
certs = new ArrayList<X509CertImpl>();
|
||||
certs = new ArrayList<>();
|
||||
sigAlgId = null;
|
||||
signature = null;
|
||||
tbsResponseData = null;
|
||||
@ -243,7 +244,7 @@ public final class OCSPResponse {
|
||||
// responseType
|
||||
derIn = tmp.data;
|
||||
ObjectIdentifier responseType = derIn.getOID();
|
||||
if (responseType.equals((Object)OCSP_BASIC_RESPONSE_OID)) {
|
||||
if (responseType.equals(OCSP_BASIC_RESPONSE_OID)) {
|
||||
if (debug != null) {
|
||||
debug.println("OCSP response type: basic");
|
||||
}
|
||||
@ -351,7 +352,7 @@ public final class OCSPResponse {
|
||||
"OCSP response: expected ASN.1 context specific tag 0.");
|
||||
}
|
||||
DerValue[] derCerts = seqCert.getData().getSequence(3);
|
||||
certs = new ArrayList<X509CertImpl>(derCerts.length);
|
||||
certs = new ArrayList<>(derCerts.length);
|
||||
try {
|
||||
for (int i = 0; i < derCerts.length; i++) {
|
||||
X509CertImpl cert =
|
||||
@ -367,7 +368,7 @@ public final class OCSPResponse {
|
||||
throw new IOException("Bad encoding in X509 Certificate", ce);
|
||||
}
|
||||
} else {
|
||||
certs = new ArrayList<X509CertImpl>();
|
||||
certs = new ArrayList<>();
|
||||
}
|
||||
}
|
||||
|
||||
@ -390,7 +391,7 @@ public final class OCSPResponse {
|
||||
responseStatus);
|
||||
}
|
||||
|
||||
// Check that the response includes a response for all of the
|
||||
// Check that the response includes a response for all the
|
||||
// certs that were supplied in the request
|
||||
for (CertId certId : certIds) {
|
||||
SingleResponse sr = getSingleResponse(certId);
|
||||
@ -439,7 +440,7 @@ public final class OCSPResponse {
|
||||
// This will match if the SKID is encoded using the 160-bit
|
||||
// SHA-1 hash method as defined in RFC 5280.
|
||||
KeyIdentifier certKeyId = cert.getSubjectKeyId();
|
||||
if (certKeyId != null && ridKeyId.equals(certKeyId)) {
|
||||
if (ridKeyId.equals(certKeyId)) {
|
||||
signerCert = cert;
|
||||
break;
|
||||
} else {
|
||||
@ -511,7 +512,7 @@ public final class OCSPResponse {
|
||||
new AlgorithmChecker(issuerInfo.getAnchor(), date,
|
||||
variant);
|
||||
algChecker.init(false);
|
||||
algChecker.check(signerCert, Collections.<String>emptySet());
|
||||
algChecker.check(signerCert, Collections.emptySet());
|
||||
|
||||
// check the validity
|
||||
try {
|
||||
@ -699,7 +700,7 @@ public final class OCSPResponse {
|
||||
* Get the {@code ResponderId} from this {@code OCSPResponse}
|
||||
*
|
||||
* @return the {@code ResponderId} from this response or {@code null}
|
||||
* if no responder ID is in the body of the response (e.g. a
|
||||
* if no responder ID is in the body of the response, e.g. a
|
||||
* response with a status other than SUCCESS.
|
||||
*/
|
||||
public ResponderId getResponderId() {
|
||||
@ -1071,11 +1072,9 @@ public final class OCSPResponse {
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
sb.append("Issuer Info:\n");
|
||||
sb.append("Name: ").append(name.toString()).append("\n");
|
||||
sb.append("Public Key:\n").append(pubKey.toString()).append("\n");
|
||||
return sb.toString();
|
||||
return "Issuer Info:\n" +
|
||||
"Name: " + name.toString() + "\n" +
|
||||
"Public Key:\n" + pubKey.toString() + "\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2012, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -85,7 +85,7 @@ class PKIX {
|
||||
private Set<String> policies;
|
||||
private boolean gotConstraints;
|
||||
private CertSelector constraints;
|
||||
private Set<TrustAnchor> anchors;
|
||||
private final Set<TrustAnchor> anchors;
|
||||
private List<X509Certificate> certs;
|
||||
private Timestamp timestamp;
|
||||
private Date timestampDate;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -98,7 +98,7 @@ class PKIXMasterCertPathValidator {
|
||||
|
||||
Set<String> unresCritExts = currCert.getCriticalExtensionOIDs();
|
||||
if (unresCritExts == null) {
|
||||
unresCritExts = Collections.<String>emptySet();
|
||||
unresCritExts = Collections.emptySet();
|
||||
}
|
||||
|
||||
if (debug != null && !unresCritExts.isEmpty()) {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -96,7 +96,7 @@ class PolicyChecker extends PKIXCertPathChecker {
|
||||
this.initPolicies = HashSet.newHashSet(1);
|
||||
this.initPolicies.add(ANY_POLICY);
|
||||
} else {
|
||||
this.initPolicies = new HashSet<String>(initialPolicies);
|
||||
this.initPolicies = new HashSet<>(initialPolicies);
|
||||
}
|
||||
this.certPathLen = certPathLen;
|
||||
this.expPolicyRequired = expPolicyRequired;
|
||||
@ -213,7 +213,7 @@ class PolicyChecker extends PKIXCertPathChecker {
|
||||
+ "policyTree = " + rootNode);
|
||||
}
|
||||
|
||||
X509CertImpl currCertImpl = null;
|
||||
X509CertImpl currCertImpl;
|
||||
try {
|
||||
currCertImpl = X509CertImpl.toImpl(currCert);
|
||||
} catch (CertificateException ce) {
|
||||
@ -228,7 +228,7 @@ class PolicyChecker extends PKIXCertPathChecker {
|
||||
|
||||
if (!finalCert) {
|
||||
explicitPolicy = mergeExplicitPolicy(explicitPolicy, currCertImpl,
|
||||
finalCert);
|
||||
false);
|
||||
policyMapping = mergePolicyMapping(policyMapping, currCertImpl);
|
||||
inhibitAnyPolicy = mergeInhibitAnyPolicy(inhibitAnyPolicy,
|
||||
currCertImpl);
|
||||
@ -430,7 +430,7 @@ class PolicyChecker extends PKIXCertPathChecker {
|
||||
{
|
||||
boolean policiesCritical = false;
|
||||
List<PolicyInformation> policyInfo;
|
||||
PolicyNodeImpl rootNode = null;
|
||||
PolicyNodeImpl rootNode;
|
||||
Set<PolicyQualifierInfo> anyQuals = new HashSet<>();
|
||||
|
||||
if (origRootNode == null)
|
||||
@ -545,8 +545,7 @@ class PolicyChecker extends PKIXCertPathChecker {
|
||||
// removing those nodes which would later have
|
||||
// been removed by PKIX: Section 6.1.5: Step (g)(iii)
|
||||
|
||||
if ((rootNode != null) && (!initPolicies.contains(ANY_POLICY))
|
||||
&& (currCertPolicies != null)) {
|
||||
if (rootNode != null && !initPolicies.contains(ANY_POLICY)) {
|
||||
rootNode = removeInvalidNodes(rootNode, certIndex,
|
||||
initPolicies, currCertPolicies);
|
||||
|
||||
@ -561,7 +560,7 @@ class PolicyChecker extends PKIXCertPathChecker {
|
||||
if (finalCert) {
|
||||
// PKIX: Section 6.1.5: Steps (a) and (b)
|
||||
explicitPolicy = mergeExplicitPolicy(explicitPolicy, currCert,
|
||||
finalCert);
|
||||
true);
|
||||
}
|
||||
|
||||
// PKIX: Section 6.1.3: Step (f)
|
||||
@ -610,7 +609,7 @@ class PolicyChecker extends PKIXCertPathChecker {
|
||||
// we deleted the anyPolicy node and have nothing to re-add,
|
||||
// so we need to prune the tree
|
||||
rootNode.prune(certIndex);
|
||||
if (rootNode.getChildren().hasNext() == false) {
|
||||
if (!rootNode.getChildren().hasNext()) {
|
||||
rootNode = null;
|
||||
}
|
||||
} else {
|
||||
@ -648,14 +647,12 @@ class PolicyChecker extends PKIXCertPathChecker {
|
||||
* @param matchAny a boolean indicating whether a value of ANY_POLICY
|
||||
* in the expected policy set will be considered a match
|
||||
* @return a boolean indicating whether a match was found
|
||||
* @exception CertPathValidatorException Exception thrown if error occurs.
|
||||
*/
|
||||
private static boolean processParents(int certIndex,
|
||||
boolean policiesCritical, boolean rejectPolicyQualifiers,
|
||||
PolicyNodeImpl rootNode, String curPolicy,
|
||||
Set<PolicyQualifierInfo> pQuals,
|
||||
boolean matchAny) throws CertPathValidatorException
|
||||
{
|
||||
boolean matchAny) {
|
||||
boolean foundMatch = false;
|
||||
|
||||
if (debug != null)
|
||||
@ -674,10 +671,9 @@ class PolicyChecker extends PKIXCertPathChecker {
|
||||
+ "found parent:\n" + curParent.asString());
|
||||
|
||||
foundMatch = true;
|
||||
String curParPolicy = curParent.getValidPolicy();
|
||||
|
||||
PolicyNodeImpl curNode = null;
|
||||
Set<String> curExpPols = null;
|
||||
Set<String> curExpPols;
|
||||
|
||||
if (curPolicy.equals(ANY_POLICY)) {
|
||||
// do step 2
|
||||
@ -707,7 +703,7 @@ class PolicyChecker extends PKIXCertPathChecker {
|
||||
policiesCritical, expPols, false);
|
||||
}
|
||||
} else {
|
||||
curExpPols = new HashSet<String>();
|
||||
curExpPols = new HashSet<>();
|
||||
curExpPols.add(curPolicy);
|
||||
|
||||
curNode = new PolicyNodeImpl
|
||||
@ -750,7 +746,7 @@ class PolicyChecker extends PKIXCertPathChecker {
|
||||
debug.println("PolicyChecker.processPolicyMappings() "
|
||||
+ "inside policyMapping check");
|
||||
|
||||
List<CertificatePolicyMap> maps = null;
|
||||
List<CertificatePolicyMap> maps;
|
||||
try {
|
||||
maps = polMappingsExt.get(PolicyMappingsExtension.MAP);
|
||||
} catch (IOException e) {
|
||||
@ -857,7 +853,7 @@ class PolicyChecker extends PKIXCertPathChecker {
|
||||
CertificatePoliciesExtension currCertPolicies)
|
||||
throws CertPathValidatorException
|
||||
{
|
||||
List<PolicyInformation> policyInfo = null;
|
||||
List<PolicyInformation> policyInfo;
|
||||
try {
|
||||
policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
|
||||
} catch (IOException ioe) {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,15 +25,11 @@
|
||||
|
||||
package sun.security.provider.certpath;
|
||||
|
||||
import sun.security.util.KnownOIDs;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.Set;
|
||||
|
||||
import java.util.*;
|
||||
import java.security.cert.*;
|
||||
|
||||
import sun.security.util.KnownOIDs;
|
||||
|
||||
/**
|
||||
* Implements the <code>PolicyNode</code> interface.
|
||||
* <p>
|
||||
@ -56,18 +52,18 @@ final class PolicyNodeImpl implements PolicyNode {
|
||||
= KnownOIDs.CE_CERT_POLICIES_ANY.value();
|
||||
|
||||
// every node has one parent, and zero or more children
|
||||
private PolicyNodeImpl mParent;
|
||||
private HashSet<PolicyNodeImpl> mChildren;
|
||||
private final PolicyNodeImpl mParent;
|
||||
private final HashSet<PolicyNodeImpl> mChildren;
|
||||
|
||||
// the 4 fields specified by RFC 5280
|
||||
private String mValidPolicy;
|
||||
private HashSet<PolicyQualifierInfo> mQualifierSet;
|
||||
private boolean mCriticalityIndicator;
|
||||
private HashSet<String> mExpectedPolicySet;
|
||||
private final String mValidPolicy;
|
||||
private final HashSet<PolicyQualifierInfo> mQualifierSet;
|
||||
private final boolean mCriticalityIndicator;
|
||||
private final HashSet<String> mExpectedPolicySet;
|
||||
private boolean mOriginalExpectedPolicySet;
|
||||
|
||||
// the tree depth
|
||||
private int mDepth;
|
||||
private final int mDepth;
|
||||
// immutability flag
|
||||
private boolean isImmutable = false;
|
||||
|
||||
@ -83,7 +79,7 @@ final class PolicyNodeImpl implements PolicyNode {
|
||||
* node is the tree's root node
|
||||
* @param validPolicy a String representing this node's valid policy OID
|
||||
* @param qualifierSet the Set of qualifiers for this policy
|
||||
* @param criticalityIndicator a boolean representing whether or not the
|
||||
* @param criticalityIndicator a boolean representing whether the
|
||||
* extension is critical
|
||||
* @param expectedPolicySet a Set of expected policies
|
||||
* @param generatedByPolicyMapping a boolean indicating whether this
|
||||
@ -94,24 +90,21 @@ final class PolicyNodeImpl implements PolicyNode {
|
||||
boolean criticalityIndicator, Set<String> expectedPolicySet,
|
||||
boolean generatedByPolicyMapping) {
|
||||
mParent = parent;
|
||||
mChildren = new HashSet<PolicyNodeImpl>();
|
||||
mChildren = new HashSet<>();
|
||||
|
||||
if (validPolicy != null)
|
||||
mValidPolicy = validPolicy;
|
||||
else
|
||||
mValidPolicy = "";
|
||||
mValidPolicy = (validPolicy != null) ? validPolicy : "";
|
||||
|
||||
if (qualifierSet != null)
|
||||
mQualifierSet = new HashSet<PolicyQualifierInfo>(qualifierSet);
|
||||
mQualifierSet = new HashSet<>(qualifierSet);
|
||||
else
|
||||
mQualifierSet = new HashSet<PolicyQualifierInfo>();
|
||||
mQualifierSet = new HashSet<>();
|
||||
|
||||
mCriticalityIndicator = criticalityIndicator;
|
||||
|
||||
if (expectedPolicySet != null)
|
||||
mExpectedPolicySet = new HashSet<String>(expectedPolicySet);
|
||||
mExpectedPolicySet = new HashSet<>(expectedPolicySet);
|
||||
else
|
||||
mExpectedPolicySet = new HashSet<String>();
|
||||
mExpectedPolicySet = new HashSet<>();
|
||||
|
||||
mOriginalExpectedPolicySet = !generatedByPolicyMapping;
|
||||
|
||||
@ -313,7 +306,7 @@ final class PolicyNodeImpl implements PolicyNode {
|
||||
* Internal recursion helper.
|
||||
*/
|
||||
private void getPolicyNodes(int depth, Set<PolicyNodeImpl> set) {
|
||||
// if we've reached the desired depth, then return ourself
|
||||
// if we've reached the desired depth, then return
|
||||
if (mDepth == depth) {
|
||||
set.add(this);
|
||||
} else {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -60,7 +60,7 @@ public final class ResponderId {
|
||||
* @see ResponderId
|
||||
* @since 9
|
||||
*/
|
||||
public static enum Type {
|
||||
public enum Type {
|
||||
/**
|
||||
* A BY_NAME {@code ResponderId} will be built from a subject name,
|
||||
* either as an {@code X500Principal} or a DER-encoded byte array.
|
||||
@ -77,7 +77,7 @@ public final class ResponderId {
|
||||
private final int tagNumber;
|
||||
private final String ridTypeName;
|
||||
|
||||
private Type(int value, String name) {
|
||||
Type(int value, String name) {
|
||||
this.tagNumber = value;
|
||||
this.ridTypeName = name;
|
||||
}
|
||||
@ -92,10 +92,10 @@ public final class ResponderId {
|
||||
}
|
||||
}
|
||||
|
||||
private Type type;
|
||||
private final Type type;
|
||||
private X500Principal responderName;
|
||||
private KeyIdentifier responderKeyId;
|
||||
private byte[] encodedRid;
|
||||
private final byte[] encodedRid;
|
||||
|
||||
/**
|
||||
* Constructs a {@code ResponderId} object using an {@code X500Principal}.
|
||||
@ -172,7 +172,7 @@ public final class ResponderId {
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the type of {@ResponderId}
|
||||
* Return the type of {@code ResponderId}
|
||||
*
|
||||
* @return a number corresponding to the context-specific tag number
|
||||
* used in the DER-encoding for a {@code ResponderId}
|
||||
@ -234,9 +234,8 @@ public final class ResponderId {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (obj instanceof ResponderId) {
|
||||
ResponderId respObj = (ResponderId)obj;
|
||||
return Arrays.equals(encodedRid, respObj.getEncoded());
|
||||
if (obj instanceof ResponderId respObj) {
|
||||
return Arrays.equals(encodedRid, respObj.getEncoded());
|
||||
}
|
||||
|
||||
return false;
|
||||
|
@ -63,7 +63,7 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
private Map<X509Certificate, byte[]> ocspResponses;
|
||||
private List<Extension> ocspExtensions;
|
||||
private final boolean legacy;
|
||||
private LinkedList<CertPathValidatorException> softFailExceptions =
|
||||
private final LinkedList<CertPathValidatorException> softFailExceptions =
|
||||
new LinkedList<>();
|
||||
|
||||
// state variables
|
||||
@ -72,7 +72,8 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
private boolean crlSignFlag;
|
||||
private int certIndex;
|
||||
|
||||
private enum Mode { PREFER_OCSP, PREFER_CRLS, ONLY_CRLS, ONLY_OCSP };
|
||||
private enum Mode { PREFER_OCSP, PREFER_CRLS, ONLY_CRLS, ONLY_OCSP }
|
||||
|
||||
private Mode mode = Mode.PREFER_OCSP;
|
||||
|
||||
private static class RevocationProperties {
|
||||
@ -293,7 +294,6 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
if (debug != null) {
|
||||
debug.println("CertStore exception:" + e);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
}
|
||||
throw new CertPathValidatorException(
|
||||
@ -388,7 +388,6 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
CertPathValidatorException cause = e;
|
||||
// Otherwise, failover
|
||||
if (debug != null) {
|
||||
debug.println("RevocationChecker.check() " + e.getMessage());
|
||||
@ -413,12 +412,12 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
throw x;
|
||||
}
|
||||
if (!isSoftFailException(x)) {
|
||||
cause.addSuppressed(x);
|
||||
throw cause;
|
||||
e.addSuppressed(x);
|
||||
throw e;
|
||||
} else {
|
||||
// only pass if both exceptions were soft failures
|
||||
if (!eSoftFail) {
|
||||
throw cause;
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -488,8 +487,6 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
}
|
||||
break;
|
||||
case "SSLServer":
|
||||
result = (t instanceof IOException);
|
||||
break;
|
||||
case "URI":
|
||||
result = (t instanceof IOException);
|
||||
break;
|
||||
@ -590,8 +587,7 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
params.variant(), anchor));
|
||||
}
|
||||
} catch (CertStoreException e) {
|
||||
if (e instanceof CertStoreTypeException) {
|
||||
CertStoreTypeException cste = (CertStoreTypeException)e;
|
||||
if (e instanceof CertStoreTypeException cste) {
|
||||
if (isCausedByNetworkIssue(cste.getType(), e)) {
|
||||
throw new CertPathValidatorException(
|
||||
"Unable to determine revocation status due to " +
|
||||
@ -610,7 +606,6 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
try {
|
||||
verifyWithSeparateSigningKey(cert, prevKey, signFlag,
|
||||
stackedCerts);
|
||||
return;
|
||||
} catch (CertPathValidatorException cpve) {
|
||||
if (networkFailureException != null) {
|
||||
// if a network issue previously prevented us from
|
||||
@ -651,7 +646,7 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
}
|
||||
|
||||
CRLReason reasonCode = CRLReason.UNSPECIFIED;
|
||||
X509CRLEntryImpl entry = null;
|
||||
X509CRLEntryImpl entry;
|
||||
for (X509CRL crl : approvedCRLs) {
|
||||
X509CRLEntry e = crl.getRevokedCertificate(cert);
|
||||
if (e != null) {
|
||||
@ -702,7 +697,7 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
Collection<String> unresolvedCritExts)
|
||||
throws CertPathValidatorException
|
||||
{
|
||||
X509CertImpl currCert = null;
|
||||
X509CertImpl currCert;
|
||||
try {
|
||||
currCert = X509CertImpl.toImpl(cert);
|
||||
} catch (CertificateException ce) {
|
||||
@ -713,8 +708,8 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
// does not need to be checked in this code. The constraints will be
|
||||
// checked when the responder's certificate is validated.
|
||||
|
||||
OCSPResponse response = null;
|
||||
CertId certId = null;
|
||||
OCSPResponse response;
|
||||
CertId certId;
|
||||
try {
|
||||
certId = new CertId(issuerInfo.getName(), issuerInfo.getPublicKey(),
|
||||
currCert.getSerialNumberObject());
|
||||
@ -756,7 +751,7 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
Extension nonceExt = new OCSPNonceExtension(DEFAULT_NONCE_BYTES);
|
||||
|
||||
if (ocspExtensions.size() > 0) {
|
||||
tmpExtensions = new ArrayList<Extension>(ocspExtensions);
|
||||
tmpExtensions = new ArrayList<>(ocspExtensions);
|
||||
tmpExtensions.add(nonceExt);
|
||||
} else {
|
||||
tmpExtensions = List.of(nonceExt);
|
||||
@ -863,9 +858,7 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
PublicKey prevKey,
|
||||
boolean signFlag,
|
||||
boolean[] reasonsMask,
|
||||
Set<TrustAnchor> anchors)
|
||||
throws CertPathValidatorException
|
||||
{
|
||||
Set<TrustAnchor> anchors) {
|
||||
try {
|
||||
X509CertImpl certImpl = X509CertImpl.toImpl(cert);
|
||||
if (debug != null) {
|
||||
@ -875,7 +868,7 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
}
|
||||
CRLDistributionPointsExtension ext =
|
||||
certImpl.getCRLDistributionPointsExtension();
|
||||
List<DistributionPoint> points = null;
|
||||
List<DistributionPoint> points;
|
||||
if (ext == null) {
|
||||
// assume a DP with reasons and CRLIssuer fields omitted
|
||||
// and a DP name of the cert issuer.
|
||||
@ -1036,7 +1029,7 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
builderParams.setRevocationEnabled(false);
|
||||
|
||||
// check for AuthorityInformationAccess extension
|
||||
if (Builder.USE_AIA == true) {
|
||||
if (Builder.USE_AIA) {
|
||||
X509CertImpl currCertImpl = null;
|
||||
try {
|
||||
currCertImpl = X509CertImpl.toImpl(currCert);
|
||||
@ -1067,7 +1060,7 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
}
|
||||
}
|
||||
|
||||
CertPathBuilder builder = null;
|
||||
CertPathBuilder builder;
|
||||
try {
|
||||
builder = CertPathBuilder.getInstance("PKIX");
|
||||
} catch (NoSuchAlgorithmException nsae) {
|
||||
@ -1089,7 +1082,7 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
// Now check revocation of all certs in path, assuming that
|
||||
// the stackedCerts are revoked.
|
||||
if (stackedCerts == null) {
|
||||
stackedCerts = new HashSet<X509Certificate>();
|
||||
stackedCerts = new HashSet<>();
|
||||
}
|
||||
stackedCerts.add(currCert);
|
||||
TrustAnchor ta = cpbr.getTrustAnchor();
|
||||
@ -1207,12 +1200,10 @@ class RevocationChecker extends PKIXRevocationChecker {
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
sb.append("RejectKeySelector: [\n");
|
||||
sb.append(super.toString());
|
||||
sb.append(badKeySet);
|
||||
sb.append("]");
|
||||
return sb.toString();
|
||||
return "RejectKeySelector: [\n" +
|
||||
super.toString() +
|
||||
badKeySet +
|
||||
"]";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -47,13 +47,13 @@ interface State extends Cloneable {
|
||||
*
|
||||
* @param cert the certificate which is used to update the state
|
||||
*/
|
||||
public void updateState(X509Certificate cert)
|
||||
void updateState(X509Certificate cert)
|
||||
throws CertificateException, IOException, CertPathValidatorException;
|
||||
|
||||
/**
|
||||
* Creates and returns a copy of this object
|
||||
*/
|
||||
public Object clone();
|
||||
Object clone();
|
||||
|
||||
/**
|
||||
* Returns a boolean flag indicating if the state is initial
|
||||
@ -61,7 +61,7 @@ interface State extends Cloneable {
|
||||
*
|
||||
* @return boolean flag indicating if the state is initial (just starting)
|
||||
*/
|
||||
public boolean isInitial();
|
||||
boolean isInitial();
|
||||
|
||||
/**
|
||||
* Returns a boolean flag indicating if a key lacking necessary key
|
||||
@ -69,5 +69,5 @@ interface State extends Cloneable {
|
||||
*
|
||||
* @return boolean flag indicating if key lacking parameters encountered.
|
||||
*/
|
||||
public boolean keyParamsNeeded();
|
||||
boolean keyParamsNeeded();
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -72,7 +72,7 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
|
||||
* private objects shared by methods
|
||||
*/
|
||||
private BuilderParams buildParams;
|
||||
private CertificateFactory cf;
|
||||
private final CertificateFactory cf;
|
||||
private boolean pathCompleted = false;
|
||||
private PolicyNode policyTreeResult;
|
||||
private TrustAnchor trustAnchor;
|
||||
@ -218,7 +218,7 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
|
||||
|
||||
/* Initialize adjacency list */
|
||||
adjacencyList.clear();
|
||||
adjacencyList.add(new LinkedList<Vertex>());
|
||||
adjacencyList.add(new LinkedList<>());
|
||||
|
||||
currentState.untrustedChecker = new UntrustedChecker();
|
||||
|
||||
@ -269,16 +269,16 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
|
||||
|
||||
/*
|
||||
* For each cert in the collection, verify anything
|
||||
* that hasn't been checked yet (signature, revocation, etc)
|
||||
* that hasn't been checked yet (signature, revocation, etc.)
|
||||
* and check for loops. Call depthFirstSearchForward()
|
||||
* recursively for each good cert.
|
||||
*/
|
||||
|
||||
vertices:
|
||||
for (Vertex vertex : vertices) {
|
||||
/**
|
||||
/*
|
||||
* Restore state to currentState each time through the loop.
|
||||
* This is important because some of the user-defined
|
||||
* This is important because some user-defined
|
||||
* checkers modify the state, which MUST be restored if
|
||||
* the cert eventually fails to lead to the target and
|
||||
* the next matching cert is tried.
|
||||
@ -405,7 +405,7 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
|
||||
Set<String> unresCritExts =
|
||||
currCert.getCriticalExtensionOIDs();
|
||||
if (unresCritExts == null) {
|
||||
unresCritExts = Collections.<String>emptySet();
|
||||
unresCritExts = Collections.emptySet();
|
||||
}
|
||||
|
||||
for (PKIXCertPathChecker currChecker : checkers) {
|
||||
@ -521,7 +521,7 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
|
||||
* Append an entry for cert in adjacency list and
|
||||
* set index for current vertex.
|
||||
*/
|
||||
adjList.add(new LinkedList<Vertex>());
|
||||
adjList.add(new LinkedList<>());
|
||||
vertex.setIndex(adjList.size() - 1);
|
||||
|
||||
/* recursively search for matching certs at next dN */
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,7 +25,6 @@
|
||||
|
||||
package sun.security.provider.certpath;
|
||||
|
||||
import java.util.List;
|
||||
import java.security.cert.CertPathBuilderException;
|
||||
|
||||
/**
|
||||
|
@ -51,7 +51,7 @@ public final class SunCertPathBuilderResult extends PKIXCertPathBuilderResult {
|
||||
|
||||
private static final Debug debug = Debug.getInstance("certpath");
|
||||
|
||||
private AdjacencyList adjList;
|
||||
private final AdjacencyList adjList;
|
||||
|
||||
/**
|
||||
* Creates a SunCertPathBuilderResult instance.
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2006, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -113,7 +113,7 @@ class URICertStore extends CertStoreSpi {
|
||||
private long lastModified;
|
||||
|
||||
// the URI of this CertStore
|
||||
private URI uri;
|
||||
private final URI uri;
|
||||
|
||||
// true if URI is ldap
|
||||
private boolean ldap = false;
|
||||
@ -284,9 +284,8 @@ class URICertStore extends CertStoreSpi {
|
||||
debug.println("Not modified, using cached copy");
|
||||
}
|
||||
return getMatchingCerts(certs, selector);
|
||||
} else if (connection instanceof HttpURLConnection) {
|
||||
} else if (connection instanceof HttpURLConnection hconn) {
|
||||
// some proxy servers omit last modified
|
||||
HttpURLConnection hconn = (HttpURLConnection)connection;
|
||||
if (hconn.getResponseCode()
|
||||
== HttpURLConnection.HTTP_NOT_MODIFIED) {
|
||||
if (debug != null) {
|
||||
@ -390,9 +389,8 @@ class URICertStore extends CertStoreSpi {
|
||||
debug.println("Not modified, using cached copy");
|
||||
}
|
||||
return getMatchingCRLs(crl, selector);
|
||||
} else if (connection instanceof HttpURLConnection) {
|
||||
} else if (connection instanceof HttpURLConnection hconn) {
|
||||
// some proxy servers omit last modified
|
||||
HttpURLConnection hconn = (HttpURLConnection)connection;
|
||||
if (hconn.getResponseCode()
|
||||
== HttpURLConnection.HTTP_NOT_MODIFIED) {
|
||||
if (debug != null) {
|
||||
|
@ -49,7 +49,7 @@ import sun.security.x509.X509CertImpl;
|
||||
final class Vertex {
|
||||
|
||||
private static final Debug debug = Debug.getInstance("certpath");
|
||||
private X509Certificate cert;
|
||||
private final X509Certificate cert;
|
||||
private int index;
|
||||
private Throwable throwable;
|
||||
|
||||
@ -134,7 +134,7 @@ final class Vertex {
|
||||
public String certToString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
|
||||
X509CertImpl x509Cert = null;
|
||||
X509CertImpl x509Cert;
|
||||
try {
|
||||
x509Cert = X509CertImpl.toImpl(cert);
|
||||
} catch (CertificateException ce) {
|
||||
@ -214,13 +214,11 @@ final class Vertex {
|
||||
* the way other Vertex.xToString() methods display
|
||||
* information.
|
||||
*
|
||||
* @return String form of index as "Last cert? [Yes/No]
|
||||
* @return String form of index as "Last cert? [Yes/No]"
|
||||
*/
|
||||
public String moreToString() {
|
||||
StringBuilder sb = new StringBuilder("Last cert? ");
|
||||
sb.append((index == -1) ? "Yes" : "No");
|
||||
sb.append("\n");
|
||||
return sb.toString();
|
||||
return "Last cert? " + ((index == -1) ? "Yes" : "No") +
|
||||
"\n";
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -69,7 +69,7 @@ public class X509CertPath extends CertPath {
|
||||
* List of certificates in this chain
|
||||
*/
|
||||
@SuppressWarnings("serial") // Not statically typed as Serializable
|
||||
private List<X509Certificate> certs;
|
||||
private final List<X509Certificate> certs;
|
||||
|
||||
/**
|
||||
* The names of our encodings. PkiPath is the default.
|
||||
@ -113,7 +113,7 @@ public class X509CertPath extends CertPath {
|
||||
// don't use
|
||||
// for (Certificate obj : certs)
|
||||
for (Object obj : certs) {
|
||||
if (obj instanceof X509Certificate == false) {
|
||||
if (!(obj instanceof X509Certificate)) {
|
||||
throw new CertificateException
|
||||
("List is not all X509Certificates: "
|
||||
+ obj.getClass().getName());
|
||||
@ -125,7 +125,7 @@ public class X509CertPath extends CertPath {
|
||||
// and the methods in the Sun JDK 1.4 implementation of ArrayList that
|
||||
// allow read-only access are thread-safe.
|
||||
this.certs = Collections.unmodifiableList(
|
||||
new ArrayList<X509Certificate>((List<X509Certificate>)certs));
|
||||
new ArrayList<>((List<X509Certificate>) certs));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -176,8 +176,8 @@ public class X509CertPath extends CertPath {
|
||||
*/
|
||||
private static List<X509Certificate> parsePKIPATH(InputStream is)
|
||||
throws CertificateException {
|
||||
List<X509Certificate> certList = null;
|
||||
CertificateFactory certFac = null;
|
||||
List<X509Certificate> certList;
|
||||
CertificateFactory certFac;
|
||||
|
||||
if (is == null) {
|
||||
throw new CertificateException("input stream is null");
|
||||
@ -187,11 +187,11 @@ public class X509CertPath extends CertPath {
|
||||
DerInputStream dis = new DerInputStream(is.readAllBytes());
|
||||
DerValue[] seq = dis.getSequence(3);
|
||||
if (seq.length == 0) {
|
||||
return Collections.<X509Certificate>emptyList();
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
certFac = CertificateFactory.getInstance("X.509");
|
||||
certList = new ArrayList<X509Certificate>(seq.length);
|
||||
certList = new ArrayList<>(seq.length);
|
||||
|
||||
// append certs in reverse order (target to trust anchor)
|
||||
for (int i = seq.length-1; i >= 0; i--) {
|
||||
@ -224,7 +224,7 @@ public class X509CertPath extends CertPath {
|
||||
}
|
||||
|
||||
try {
|
||||
if (is.markSupported() == false) {
|
||||
if (!is.markSupported()) {
|
||||
// Copy the entire input stream into an InputStream that does
|
||||
// support mark
|
||||
is = new ByteArrayInputStream(is.readAllBytes());
|
||||
@ -237,7 +237,7 @@ public class X509CertPath extends CertPath {
|
||||
certList = Arrays.asList(certArray);
|
||||
} else {
|
||||
// no certs provided
|
||||
certList = new ArrayList<X509Certificate>(0);
|
||||
certList = new ArrayList<>(0);
|
||||
}
|
||||
} catch (IOException ioe) {
|
||||
throw new CertificateException("IOException parsing PKCS7 data: " +
|
||||
@ -308,7 +308,7 @@ public class X509CertPath extends CertPath {
|
||||
private byte[] encodePKCS7() throws CertificateEncodingException {
|
||||
PKCS7 p7 = new PKCS7(new AlgorithmId[0],
|
||||
new ContentInfo(ContentInfo.DATA_OID, null),
|
||||
certs.toArray(new X509Certificate[certs.size()]),
|
||||
certs.toArray(new X509Certificate[0]),
|
||||
new SignerInfo[0]);
|
||||
DerOutputStream derout = new DerOutputStream();
|
||||
try {
|
||||
|
@ -187,7 +187,7 @@ public class X509CertificatePair {
|
||||
* Return the DER encoded form of the certificate pair.
|
||||
*
|
||||
* @return The encoded form of the certificate pair.
|
||||
* @throws CerticateEncodingException If an encoding exception occurs.
|
||||
* @throws CertificateEncodingException If an encoding exception occurs.
|
||||
*/
|
||||
public byte[] getEncoded() throws CertificateEncodingException {
|
||||
try {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2011, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -26,34 +26,15 @@
|
||||
package sun.security.provider.certpath.ssl;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.Socket;
|
||||
import java.net.URI;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.net.URLConnection;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.Provider;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.CertSelector;
|
||||
import java.security.cert.CertStore;
|
||||
import java.security.cert.CertStoreException;
|
||||
import java.security.cert.CertStoreParameters;
|
||||
import java.security.cert.CertStoreSpi;
|
||||
import java.security.cert.CRLSelector;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.cert.X509CRL;
|
||||
import java.net.Socket;
|
||||
import java.net.URLConnection;
|
||||
import javax.net.ssl.HostnameVerifier;
|
||||
import javax.net.ssl.HttpsURLConnection;
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLSession;
|
||||
import javax.net.ssl.SSLEngine;
|
||||
import javax.net.ssl.SSLSocketFactory;
|
||||
import javax.net.ssl.TrustManager;
|
||||
import javax.net.ssl.X509ExtendedTrustManager;
|
||||
import java.security.cert.*;
|
||||
import java.util.*;
|
||||
import javax.net.ssl.*;
|
||||
|
||||
/**
|
||||
* A CertStore that retrieves an SSL server's certificate chain.
|
||||
@ -67,11 +48,7 @@ public final class SSLServerCertStore extends CertStoreSpi {
|
||||
|
||||
static {
|
||||
trustManager = new GetChainTrustManager();
|
||||
hostnameVerifier = new HostnameVerifier() {
|
||||
public boolean verify(String hostname, SSLSession session) {
|
||||
return true;
|
||||
}
|
||||
};
|
||||
hostnameVerifier = (hostname, session) -> true;
|
||||
|
||||
SSLSocketFactory tempFactory;
|
||||
try {
|
||||
@ -95,13 +72,12 @@ public final class SSLServerCertStore extends CertStoreSpi {
|
||||
|
||||
try {
|
||||
URLConnection urlConn = uri.toURL().openConnection();
|
||||
if (urlConn instanceof HttpsURLConnection) {
|
||||
if (urlConn instanceof HttpsURLConnection https) {
|
||||
if (socketFactory == null) {
|
||||
throw new CertStoreException(
|
||||
"No initialized SSLSocketFactory");
|
||||
}
|
||||
|
||||
HttpsURLConnection https = (HttpsURLConnection)urlConn;
|
||||
https.setSSLSocketFactory(socketFactory);
|
||||
https.setHostnameVerifier(hostnameVerifier);
|
||||
synchronized (trustManager) {
|
||||
@ -128,7 +104,7 @@ public final class SSLServerCertStore extends CertStoreSpi {
|
||||
throw new CertStoreException(ioe);
|
||||
}
|
||||
|
||||
return Collections.<X509Certificate>emptySet();
|
||||
return Collections.emptySet();
|
||||
}
|
||||
|
||||
private static List<X509Certificate> getMatchingCerts
|
||||
@ -167,7 +143,7 @@ public final class SSLServerCertStore extends CertStoreSpi {
|
||||
extends X509ExtendedTrustManager {
|
||||
|
||||
private List<X509Certificate> serverChain =
|
||||
Collections.<X509Certificate>emptyList();
|
||||
Collections.emptyList();
|
||||
private boolean exchangedServerCerts = false;
|
||||
|
||||
@Override
|
||||
@ -202,8 +178,8 @@ public final class SSLServerCertStore extends CertStoreSpi {
|
||||
|
||||
exchangedServerCerts = true;
|
||||
this.serverChain = (chain == null)
|
||||
? Collections.<X509Certificate>emptyList()
|
||||
: Arrays.<X509Certificate>asList(chain);
|
||||
? Collections.emptyList()
|
||||
: Arrays.asList(chain);
|
||||
|
||||
}
|
||||
|
||||
@ -223,7 +199,7 @@ public final class SSLServerCertStore extends CertStoreSpi {
|
||||
|
||||
void cleanup() {
|
||||
exchangedServerCerts = false;
|
||||
serverChain = Collections.<X509Certificate>emptyList();
|
||||
serverChain = Collections.emptyList();
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -59,11 +59,10 @@ public final class PSSParameters extends AlgorithmParametersSpi {
|
||||
@Override
|
||||
protected void engineInit(AlgorithmParameterSpec paramSpec)
|
||||
throws InvalidParameterSpecException {
|
||||
if (!(paramSpec instanceof PSSParameterSpec)) {
|
||||
if (!(paramSpec instanceof PSSParameterSpec spec)) {
|
||||
throw new InvalidParameterSpecException
|
||||
("Inappropriate parameter specification");
|
||||
}
|
||||
PSSParameterSpec spec = (PSSParameterSpec) paramSpec;
|
||||
|
||||
String mgfName = spec.getMGFAlgorithm();
|
||||
if (!spec.getMGFAlgorithm().equalsIgnoreCase("MGF1")) {
|
||||
@ -223,12 +222,10 @@ public final class PSSParameters extends AlgorithmParametersSpi {
|
||||
public static byte[] getEncoded(PSSParameterSpec spec) throws IOException {
|
||||
|
||||
AlgorithmParameterSpec mgfSpec = spec.getMGFParameters();
|
||||
if (!(mgfSpec instanceof MGF1ParameterSpec)) {
|
||||
if (!(mgfSpec instanceof MGF1ParameterSpec mgf1Spec)) {
|
||||
throw new IOException("Cannot encode " + mgfSpec);
|
||||
}
|
||||
|
||||
MGF1ParameterSpec mgf1Spec = (MGF1ParameterSpec)mgfSpec;
|
||||
|
||||
DerOutputStream tmp = new DerOutputStream();
|
||||
DerOutputStream tmp2, tmp3;
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -150,7 +150,7 @@ public final class RSACore {
|
||||
throws BadPaddingException {
|
||||
|
||||
BigInteger c = parseMsg(msg, n);
|
||||
BlindingRandomPair brp = null;
|
||||
BlindingRandomPair brp;
|
||||
BigInteger m;
|
||||
if (ENABLE_BLINDING) {
|
||||
brp = getBlindingRandomPair(null, exp, n);
|
||||
@ -468,7 +468,7 @@ public final class RSACore {
|
||||
}
|
||||
}
|
||||
|
||||
// If this parameters are still usable, put them back into the queue.
|
||||
// If parameters are still usable, put them back into the queue.
|
||||
if (bps.isReusable()) {
|
||||
queue.add(bps);
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -135,8 +135,8 @@ public class RSAKeyFactory extends KeyFactorySpi {
|
||||
}
|
||||
|
||||
/*
|
||||
* Single test entry point for all of the mechanisms in the SunRsaSign
|
||||
* provider (RSA*KeyImpls). All of the tests are the same.
|
||||
* Single test entry point for all the mechanisms in the SunRsaSign
|
||||
* provider (RSA*KeyImpls). All the tests are the same.
|
||||
*
|
||||
* For compatibility, we round up to the nearest byte here:
|
||||
* some Key impls might pass in a value within a byte of the
|
||||
@ -257,8 +257,7 @@ public class RSAKeyFactory extends KeyFactorySpi {
|
||||
// internal implementation of translateKey() for public keys. See JCA doc
|
||||
private PublicKey translatePublicKey(PublicKey key)
|
||||
throws InvalidKeyException {
|
||||
if (key instanceof RSAPublicKey) {
|
||||
RSAPublicKey rsaKey = (RSAPublicKey)key;
|
||||
if (key instanceof RSAPublicKey rsaKey) {
|
||||
try {
|
||||
return new RSAPublicKeyImpl(
|
||||
type, rsaKey.getParams(),
|
||||
@ -278,8 +277,7 @@ public class RSAKeyFactory extends KeyFactorySpi {
|
||||
// internal implementation of translateKey() for private keys. See JCA doc
|
||||
private PrivateKey translatePrivateKey(PrivateKey key)
|
||||
throws InvalidKeyException {
|
||||
if (key instanceof RSAPrivateCrtKey) {
|
||||
RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey)key;
|
||||
if (key instanceof RSAPrivateCrtKey rsaKey) {
|
||||
try {
|
||||
return new RSAPrivateCrtKeyImpl(
|
||||
type, rsaKey.getParams(),
|
||||
@ -296,8 +294,7 @@ public class RSAKeyFactory extends KeyFactorySpi {
|
||||
// catch providers that incorrectly implement RSAPrivateCrtKey
|
||||
throw new InvalidKeyException("Invalid key", e);
|
||||
}
|
||||
} else if (key instanceof RSAPrivateKey) {
|
||||
RSAPrivateKey rsaKey = (RSAPrivateKey)key;
|
||||
} else if (key instanceof RSAPrivateKey rsaKey) {
|
||||
try {
|
||||
return new RSAPrivateKeyImpl(
|
||||
type, rsaKey.getParams(),
|
||||
@ -326,8 +323,7 @@ public class RSAKeyFactory extends KeyFactorySpi {
|
||||
if (keySpec instanceof X509EncodedKeySpec) {
|
||||
return RSAPublicKeyImpl.newKey(type, "X.509",
|
||||
((X509EncodedKeySpec)keySpec).getEncoded());
|
||||
} else if (keySpec instanceof RSAPublicKeySpec) {
|
||||
RSAPublicKeySpec rsaSpec = (RSAPublicKeySpec)keySpec;
|
||||
} else if (keySpec instanceof RSAPublicKeySpec rsaSpec) {
|
||||
try {
|
||||
return new RSAPublicKeyImpl(
|
||||
type, rsaSpec.getParams(),
|
||||
@ -353,8 +349,7 @@ public class RSAKeyFactory extends KeyFactorySpi {
|
||||
} finally {
|
||||
Arrays.fill(encoded, (byte)0);
|
||||
}
|
||||
} else if (keySpec instanceof RSAPrivateCrtKeySpec) {
|
||||
RSAPrivateCrtKeySpec rsaSpec = (RSAPrivateCrtKeySpec)keySpec;
|
||||
} else if (keySpec instanceof RSAPrivateCrtKeySpec rsaSpec) {
|
||||
try {
|
||||
return new RSAPrivateCrtKeyImpl(
|
||||
type, rsaSpec.getParams(),
|
||||
@ -370,8 +365,7 @@ public class RSAKeyFactory extends KeyFactorySpi {
|
||||
} catch (ProviderException e) {
|
||||
throw new InvalidKeySpecException(e);
|
||||
}
|
||||
} else if (keySpec instanceof RSAPrivateKeySpec) {
|
||||
RSAPrivateKeySpec rsaSpec = (RSAPrivateKeySpec)keySpec;
|
||||
} else if (keySpec instanceof RSAPrivateKeySpec rsaSpec) {
|
||||
try {
|
||||
return new RSAPrivateKeyImpl(
|
||||
type, rsaSpec.getParams(),
|
||||
@ -398,8 +392,7 @@ public class RSAKeyFactory extends KeyFactorySpi {
|
||||
} catch (InvalidKeyException e) {
|
||||
throw new InvalidKeySpecException(e);
|
||||
}
|
||||
if (key instanceof RSAPublicKey) {
|
||||
RSAPublicKey rsaKey = (RSAPublicKey)key;
|
||||
if (key instanceof RSAPublicKey rsaKey) {
|
||||
if (keySpec.isAssignableFrom(RSA_PUB_KEYSPEC_CLS)) {
|
||||
return keySpec.cast(new RSAPublicKeySpec(
|
||||
rsaKey.getModulus(),
|
||||
@ -423,8 +416,7 @@ public class RSAKeyFactory extends KeyFactorySpi {
|
||||
}
|
||||
} else if (keySpec.isAssignableFrom(RSA_PRIVCRT_KEYSPEC_CLS)) {
|
||||
// All supported keyspecs (other than PKCS8_KEYSPEC_CLS) descend from RSA_PRIVCRT_KEYSPEC_CLS
|
||||
if (key instanceof RSAPrivateCrtKey) {
|
||||
RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)key;
|
||||
if (key instanceof RSAPrivateCrtKey crtKey) {
|
||||
return keySpec.cast(new RSAPrivateCrtKeySpec(
|
||||
crtKey.getModulus(),
|
||||
crtKey.getPublicExponent(),
|
||||
|
@ -94,12 +94,11 @@ abstract class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
|
||||
// second initialize method. See JCA doc.
|
||||
public void initialize(AlgorithmParameterSpec params, SecureRandom random)
|
||||
throws InvalidAlgorithmParameterException {
|
||||
if (params instanceof RSAKeyGenParameterSpec == false) {
|
||||
if (!(params instanceof RSAKeyGenParameterSpec rsaSpec)) {
|
||||
throw new InvalidAlgorithmParameterException
|
||||
("Params must be instance of RSAKeyGenParameterSpec");
|
||||
}
|
||||
|
||||
RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec)params;
|
||||
int tmpKeySize = rsaSpec.getKeysize();
|
||||
BigInteger tmpPubExp = rsaSpec.getPublicExponent();
|
||||
AlgorithmParameterSpec tmpParams = rsaSpec.getKeyParams();
|
||||
@ -119,15 +118,14 @@ abstract class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
|
||||
// vs FIPS 186-4 checks that F4 <= e < 2^256
|
||||
// for backward compatibility, we keep the same checks
|
||||
BigInteger minValue = RSAKeyGenParameterSpec.F0;
|
||||
int maxBitLength = tmpKeySize;
|
||||
if (tmpPubExp.compareTo(RSAKeyGenParameterSpec.F0) < 0) {
|
||||
throw new InvalidAlgorithmParameterException
|
||||
("Public exponent must be " + minValue + " or larger");
|
||||
}
|
||||
if (tmpPubExp.bitLength() > maxBitLength) {
|
||||
if (tmpPubExp.bitLength() > tmpKeySize) {
|
||||
throw new InvalidAlgorithmParameterException
|
||||
("Public exponent must be no longer than " +
|
||||
maxBitLength + " bits");
|
||||
tmpKeySize + " bits");
|
||||
}
|
||||
useNew &= ((tmpPubExp.compareTo(RSAKeyGenParameterSpec.F4) >= 0) &&
|
||||
(tmpPubExp.bitLength() < 256));
|
||||
@ -160,7 +158,7 @@ abstract class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
|
||||
public KeyPair generateKeyPair() {
|
||||
BigInteger e = publicExponent;
|
||||
BigInteger minValue = (useNew? getSqrt(keySize) : ZERO);
|
||||
int lp = (keySize + 1) >> 1;;
|
||||
int lp = (keySize + 1) >> 1;
|
||||
int lq = keySize - lp;
|
||||
int pqDiffSize = lp - 100;
|
||||
|
||||
@ -212,7 +210,7 @@ abstract class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
|
||||
}
|
||||
|
||||
private static BigInteger getSqrt(int keySize) {
|
||||
BigInteger sqrt = null;
|
||||
BigInteger sqrt;
|
||||
switch (keySize) {
|
||||
case 2048:
|
||||
sqrt = SQRT_2048;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -82,7 +82,7 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
private static final byte[] EIGHT_BYTES_OF_ZEROS = new byte[8];
|
||||
|
||||
private static final Hashtable<KnownOIDs, Integer> DIGEST_LENGTHS =
|
||||
new Hashtable<KnownOIDs, Integer>();
|
||||
new Hashtable<>();
|
||||
static {
|
||||
DIGEST_LENGTHS.put(KnownOIDs.SHA_1, 20);
|
||||
DIGEST_LENGTHS.put(KnownOIDs.SHA_224, 28);
|
||||
@ -113,7 +113,7 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
private SecureRandom random;
|
||||
|
||||
/**
|
||||
* Construct a new RSAPSSSignatur with arbitrary digest algorithm
|
||||
* Construct a new RSAPSSSignature with arbitrary digest algorithm
|
||||
*/
|
||||
public RSAPSSSignature() {
|
||||
this.md = null;
|
||||
@ -169,14 +169,13 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
// key with null PSS parameters means no restriction
|
||||
return true;
|
||||
}
|
||||
if (!(keyParams instanceof PSSParameterSpec)) {
|
||||
if (!(keyParams instanceof PSSParameterSpec pssKeyParams)) {
|
||||
return false;
|
||||
}
|
||||
// nothing to compare yet, defer the check to when sigParams is set
|
||||
if (sigParams == null) {
|
||||
return true;
|
||||
}
|
||||
PSSParameterSpec pssKeyParams = (PSSParameterSpec) keyParams;
|
||||
// first check the salt length requirement
|
||||
if (pssKeyParams.getSaltLength() > sigParams.getSaltLength()) {
|
||||
return false;
|
||||
@ -291,12 +290,11 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
throw new InvalidAlgorithmParameterException
|
||||
("Parameters cannot be null");
|
||||
}
|
||||
if (!(p instanceof PSSParameterSpec)) {
|
||||
if (!(p instanceof PSSParameterSpec params)) {
|
||||
throw new InvalidAlgorithmParameterException
|
||||
("parameters must be type PSSParameterSpec");
|
||||
}
|
||||
// no need to validate again if same as current signature parameters
|
||||
PSSParameterSpec params = (PSSParameterSpec) p;
|
||||
if (params == this.sigParams) return params;
|
||||
|
||||
RSAKey key = (this.privKey == null? this.pubKey : this.privKey);
|
||||
@ -378,7 +376,7 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
* Reset the message digest if it is not already reset.
|
||||
*/
|
||||
private void resetDigest() {
|
||||
if (digestReset == false) {
|
||||
if (!digestReset) {
|
||||
this.md.reset();
|
||||
digestReset = true;
|
||||
}
|
||||
@ -429,8 +427,7 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
byte[] mHash = getDigestValue();
|
||||
try {
|
||||
byte[] encoded = encodeSignature(mHash);
|
||||
byte[] encrypted = RSACore.rsa(encoded, privKey, true);
|
||||
return encrypted;
|
||||
return RSACore.rsa(encoded, privKey, true);
|
||||
} catch (GeneralSecurityException e) {
|
||||
throw new SignatureException("Could not sign data", e);
|
||||
} catch (IOException e) {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -52,7 +52,7 @@ import sun.security.jca.JCAUtil;
|
||||
* 0x00 | BT | PS...PS | 0x00 | data...data
|
||||
*
|
||||
* where BT is the blocktype (1 or 2). The length of the entire string
|
||||
* must be the same as the size of the modulus (i.e. 128 byte for a 1024 bit
|
||||
* must be the same as the size of the modulus (i.e. 128 byte for a 1024-bit
|
||||
* key). Per spec, the padding string must be at least 8 bytes long. That
|
||||
* leaves up to (length of key in bytes) - 11 bytes for the data.
|
||||
*
|
||||
@ -68,7 +68,7 @@ import sun.security.jca.JCAUtil;
|
||||
* The algorithms (representations) are forwards-compatible: that is,
|
||||
* the algorithm described in previous releases are in later releases.
|
||||
* However, additional comments/checks/clarifications were added to the
|
||||
* later versions based on real-world experience (e.g. stricter v1.5
|
||||
* latter versions based on real-world experience (e.g. stricter v1.5
|
||||
* format checking.)
|
||||
*
|
||||
* Note: RSA keys should be at least 512 bits long
|
||||
@ -202,7 +202,7 @@ public final class RSAPadding {
|
||||
|
||||
// cache of hashes of zero length data
|
||||
private static final Map<String,byte[]> emptyHashes =
|
||||
Collections.synchronizedMap(new HashMap<String,byte[]>());
|
||||
Collections.synchronizedMap(new HashMap<>());
|
||||
|
||||
/**
|
||||
* Return the value of the digest using the specified message digest
|
||||
@ -290,7 +290,7 @@ public final class RSAPadding {
|
||||
/**
|
||||
* PKCS#1 v1.5 padding (blocktype 1 and 2).
|
||||
*/
|
||||
private byte[] padV15(byte[] data, int ofs, int len) throws BadPaddingException {
|
||||
private byte[] padV15(byte[] data, int ofs, int len) {
|
||||
byte[] padded = new byte[paddedSize];
|
||||
System.arraycopy(data, ofs, padded, paddedSize - len, len);
|
||||
int psSize = paddedSize - 3 - len;
|
||||
@ -379,7 +379,7 @@ public final class RSAPadding {
|
||||
* PKCS#1 v2.0 OAEP padding (MGF1).
|
||||
* Paragraph references refer to PKCS#1 v2.1 (June 14, 2002)
|
||||
*/
|
||||
private byte[] padOAEP(byte[] M, int ofs, int len) throws BadPaddingException {
|
||||
private byte[] padOAEP(byte[] M, int ofs, int len) {
|
||||
if (random == null) {
|
||||
random = JCAUtil.getSecureRandom();
|
||||
}
|
||||
|
@ -67,12 +67,12 @@ public final class RSAPrivateCrtKeyImpl
|
||||
private BigInteger qe; // prime exponent q
|
||||
private BigInteger coeff; // CRT coefficient
|
||||
|
||||
private transient KeyType type;
|
||||
private final transient KeyType type;
|
||||
|
||||
// Optional parameters associated with this RSA key
|
||||
// specified in the encoding of its AlgorithmId.
|
||||
// Must be null for "RSA" keys.
|
||||
private transient AlgorithmParameterSpec keyParams;
|
||||
private final transient AlgorithmParameterSpec keyParams;
|
||||
|
||||
/**
|
||||
* Generate a new RSAPrivate(Crt)Key from the specified type,
|
||||
@ -171,7 +171,7 @@ public final class RSAPrivateCrtKeyImpl
|
||||
}
|
||||
|
||||
/**
|
||||
* Construct a RSA key from its components. Used by the
|
||||
* Construct an RSA key from its components. Used by the
|
||||
* RSAKeyFactory and the RSAKeyPairGenerator.
|
||||
*/
|
||||
RSAPrivateCrtKeyImpl(KeyType type, AlgorithmParameterSpec keyParams,
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -58,12 +58,12 @@ public final class RSAPublicKeyImpl extends X509Key implements RSAPublicKey {
|
||||
private BigInteger n; // modulus
|
||||
private BigInteger e; // public exponent
|
||||
|
||||
private transient KeyType type;
|
||||
private final transient KeyType type;
|
||||
|
||||
// optional parameters associated with this RSA key
|
||||
// specified in the encoding of its AlgorithmId
|
||||
// must be null for "RSA" keys.
|
||||
private transient AlgorithmParameterSpec keyParams;
|
||||
private final transient AlgorithmParameterSpec keyParams;
|
||||
|
||||
/**
|
||||
* Generate a new RSAPublicKey from the specified type, format, and
|
||||
@ -104,7 +104,7 @@ public final class RSAPublicKeyImpl extends X509Key implements RSAPublicKey {
|
||||
}
|
||||
|
||||
/**
|
||||
* Construct a RSA key from the specified type and components. Used by
|
||||
* Construct an RSA key from the specified type and components. Used by
|
||||
* RSAKeyFactory and RSAKeyPairGenerator.
|
||||
*/
|
||||
RSAPublicKeyImpl(KeyType type, AlgorithmParameterSpec keyParams,
|
||||
|
@ -144,7 +144,7 @@ abstract class RSASignature extends SignatureSpi {
|
||||
* Reset the message digest if it is not already reset.
|
||||
*/
|
||||
private void resetDigest() {
|
||||
if (digestReset == false) {
|
||||
if (!digestReset) {
|
||||
md.reset();
|
||||
digestReset = true;
|
||||
}
|
||||
@ -190,8 +190,7 @@ abstract class RSASignature extends SignatureSpi {
|
||||
try {
|
||||
byte[] encoded = RSAUtil.encodeSignature(digestOID, digest);
|
||||
byte[] padded = padding.pad(encoded);
|
||||
byte[] encrypted = RSACore.rsa(padded, privateKey, true);
|
||||
return encrypted;
|
||||
return RSACore.rsa(padded, privateKey, true);
|
||||
} catch (GeneralSecurityException e) {
|
||||
throw new SignatureException("Could not sign data", e);
|
||||
} catch (IOException e) {
|
||||
|
@ -193,7 +193,7 @@ public class RSAUtil {
|
||||
throw new IOException("SEQUENCE length error");
|
||||
}
|
||||
AlgorithmId algId = AlgorithmId.parse(values[0]);
|
||||
if (algId.getOID().equals(oid) == false) {
|
||||
if (!algId.getOID().equals(oid)) {
|
||||
throw new IOException("ObjectIdentifier mismatch: "
|
||||
+ algId.getOID());
|
||||
}
|
||||
@ -203,7 +203,6 @@ public class RSAUtil {
|
||||
if (values[1].isConstructed()) {
|
||||
throw new IOException("Unexpected constructed digest value");
|
||||
}
|
||||
byte[] digest = values[1].getOctetString();
|
||||
return digest;
|
||||
return values[1].getOctetString();
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -107,5 +107,5 @@ public final class SunRsaSignEntries {
|
||||
return services.iterator();
|
||||
}
|
||||
|
||||
private LinkedHashSet<Provider.Service> services;
|
||||
private final LinkedHashSet<Provider.Service> services;
|
||||
}
|
||||
|
@ -87,7 +87,7 @@ enum Alert {
|
||||
// Alert message consumer
|
||||
static final SSLConsumer alertConsumer = new AlertConsumer();
|
||||
|
||||
private Alert(byte id, String description, boolean handshakeOnly) {
|
||||
Alert(byte id, String description, boolean handshakeOnly) {
|
||||
this.id = id;
|
||||
this.description = description;
|
||||
this.handshakeOnly = handshakeOnly;
|
||||
@ -146,7 +146,7 @@ enum Alert {
|
||||
// description of the Alert level
|
||||
final String description;
|
||||
|
||||
private Level(byte level, String description) {
|
||||
Level(byte level, String description) {
|
||||
this.level = level;
|
||||
this.description = description;
|
||||
}
|
||||
@ -197,10 +197,11 @@ enum Alert {
|
||||
@Override
|
||||
public String toString() {
|
||||
MessageFormat messageFormat = new MessageFormat(
|
||||
"\"Alert\": '{'\n" +
|
||||
" \"level\" : \"{0}\",\n" +
|
||||
" \"description\": \"{1}\"\n" +
|
||||
"'}'",
|
||||
"""
|
||||
"Alert": '{'
|
||||
"level" : "{0}",
|
||||
"description": "{1}"
|
||||
'}'""",
|
||||
Locale.ENGLISH);
|
||||
|
||||
Object[] messageFields = {
|
||||
@ -265,7 +266,7 @@ enum Alert {
|
||||
throw tc.fatal(Alert.HANDSHAKE_FAILURE,
|
||||
"received handshake warning: " + alert.description);
|
||||
} else {
|
||||
// Otherwise ignore the warning but remove the
|
||||
// Otherwise, ignore the warning but remove the
|
||||
// Certificate and CertificateVerify handshake
|
||||
// consumer so the state machine doesn't expect it.
|
||||
tc.handshakeContext.handshakeConsumers.remove(
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -31,10 +31,7 @@ import java.nio.charset.Charset;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.security.Security;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.*;
|
||||
import javax.net.ssl.SSLEngine;
|
||||
import javax.net.ssl.SSLProtocolException;
|
||||
import javax.net.ssl.SSLSocket;
|
||||
@ -447,7 +444,7 @@ final class AlpnExtension {
|
||||
|
||||
// Clean or register the extension
|
||||
//
|
||||
// No further use of the request and respond extension any more.
|
||||
// No further use of the request and respond extension.
|
||||
shc.handshakeExtensions.remove(SSLExtension.CH_ALPN);
|
||||
|
||||
return extData;
|
||||
@ -474,7 +471,6 @@ final class AlpnExtension {
|
||||
AlpnSpec requestedAlps =
|
||||
(AlpnSpec)chc.handshakeExtensions.get(SSLExtension.CH_ALPN);
|
||||
if (requestedAlps == null ||
|
||||
requestedAlps.applicationProtocols == null ||
|
||||
requestedAlps.applicationProtocols.isEmpty()) {
|
||||
throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
|
||||
"Unexpected " + SSLExtension.CH_ALPN.name + " extension");
|
||||
@ -506,7 +502,7 @@ final class AlpnExtension {
|
||||
|
||||
// Clean or register the extension
|
||||
//
|
||||
// No further use of the request and respond extension any more.
|
||||
// No further use of the request and respond extension.
|
||||
chc.handshakeExtensions.remove(SSLExtension.CH_ALPN);
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -115,7 +115,7 @@ abstract class Authenticator {
|
||||
*
|
||||
* Sequence numbers are of type uint64 and may not exceed 2^64-1.
|
||||
* Sequence numbers do not wrap. If a TLS
|
||||
* implementation would need to wrap a sequence number, it must
|
||||
* implementation needs to wrap a sequence number, it must
|
||||
* renegotiate instead.
|
||||
*
|
||||
* @return true if the sequence number is huge enough to renew
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user