diff --git a/src/java.base/macosx/classes/apple/security/KeychainStore.java b/src/java.base/macosx/classes/apple/security/KeychainStore.java
index a39be310117..2128ec5c97e 100644
--- a/src/java.base/macosx/classes/apple/security/KeychainStore.java
+++ b/src/java.base/macosx/classes/apple/security/KeychainStore.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -89,12 +89,13 @@ public final class KeychainStore extends KeyStoreSpi {
private Hashtable<String, Object> entries = new Hashtable<>();
/**
- * Algorithm identifiers and corresponding OIDs for the contents of the PKCS12 bag we get from the Keychain.
+ * Algorithm identifiers and corresponding OIDs for the contents of the
+ * PKCS12 bag we get from the Keychain.
*/
- private static final int keyBag[] = {1, 2, 840, 113549, 1, 12, 10, 1, 2};
- private static final int pbeWithSHAAnd3KeyTripleDESCBC[] = {1, 2, 840, 113549, 1, 12, 1, 3};
- private static ObjectIdentifier PKCS8ShroudedKeyBag_OID;
- private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID;
+ private static ObjectIdentifier PKCS8ShroudedKeyBag_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.12.10.1.2");
+ private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.12.1.3");
/**
* Constnats used in PBE decryption.
@@ -104,16 +105,6 @@ public final class KeychainStore extends KeyStoreSpi {
private static final Debug debug = Debug.getInstance("keystore");
- static {
- jdk.internal.loader.BootLoader.loadLibrary("osxsecurity");
- try {
- PKCS8ShroudedKeyBag_OID = new ObjectIdentifier(keyBag);
- pbeWithSHAAnd3KeyTripleDESCBC_OID = new ObjectIdentifier(pbeWithSHAAnd3KeyTripleDESCBC);
- } catch (IOException ioe) {
- // should not happen
- }
- }
-
private static void permissionCheck() {
SecurityManager sec = System.getSecurityManager();
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/DHPrivateKey.java b/src/java.base/share/classes/com/sun/crypto/provider/DHPrivateKey.java
index 5b1f9bffb6c..24cbf949321 100644
--- a/src/java.base/share/classes/com/sun/crypto/provider/DHPrivateKey.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/DHPrivateKey.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -72,8 +72,6 @@ javax.crypto.interfaces.DHPrivateKey, Serializable {
// the private-value length (optional)
private int l;
- private int DH_data[] = { 1, 2, 840, 113549, 1, 3, 1 };
-
/**
* Make a DH private key out of a private value <code>x</code>, a prime
* modulus <code>p</code>, and a base generator <code>g</code>.
@@ -220,7 +218,7 @@ javax.crypto.interfaces.DHPrivateKey, Serializable {
DerOutputStream algid = new DerOutputStream();
// store OID
- algid.putOID(new ObjectIdentifier(DH_data));
+ algid.putOID(DHPublicKey.DH_OID);
// encode parameters
DerOutputStream params = new DerOutputStream();
params.putInteger(this.p);
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java b/src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java
index 7f902525f53..7c54d7482b5 100644
--- a/src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -69,7 +69,9 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
// the private-value length (optional)
private int l;
- private int DH_data[] = { 1, 2, 840, 113549, 1, 3, 1 };
+ // Note: this OID is used by DHPrivateKey as well.
+ static ObjectIdentifier DH_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.3.1");
/**
* Make a DH public key out of a public value <code>y</code>, a prime
@@ -203,7 +205,7 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
DerOutputStream algid = new DerOutputStream();
// store oid in algid
- algid.putOID(new ObjectIdentifier(DH_data));
+ algid.putOID(DH_OID);
// encode parameters
DerOutputStream params = new DerOutputStream();
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java b/src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java
index e180935536a..ca2d70fe69a 100644
--- a/src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -55,24 +55,10 @@ public final class OAEPParameters extends AlgorithmParametersSpi {
private String mdName;
private MGF1ParameterSpec mgfSpec;
private byte[] p;
- private static ObjectIdentifier OID_MGF1;
- private static ObjectIdentifier OID_PSpecified;
-
- static {
- try {
- OID_MGF1 = new ObjectIdentifier(new int[] {1,2,840,113549,1,1,8});
- } catch (IOException ioe) {
- // should not happen
- OID_MGF1 = null;
- }
- try {
- OID_PSpecified =
- new ObjectIdentifier(new int[] {1,2,840,113549,1,1,9});
- } catch (IOException ioe) {
- // should not happen
- OID_PSpecified = null;
- }
- }
+ private static ObjectIdentifier OID_MGF1 =
+ ObjectIdentifier.of("1.2.840.113549.1.1.8");
+ private static ObjectIdentifier OID_PSpecified =
+ ObjectIdentifier.of("1.2.840.113549.1.1.9");
public OAEPParameters() {
}
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java b/src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java
index 968d591ac6c..0c2e420eedc 100644
--- a/src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -90,57 +90,28 @@ import sun.security.util.*;
*
* </pre>
*/
-
abstract class PBES2Parameters extends AlgorithmParametersSpi {
- private static final int pkcs5PBKDF2[] =
- {1, 2, 840, 113549, 1, 5, 12};
- private static final int pkcs5PBES2[] =
- {1, 2, 840, 113549, 1, 5, 13};
- private static final int hmacWithSHA1[] =
- {1, 2, 840, 113549, 2, 7};
- private static final int hmacWithSHA224[] =
- {1, 2, 840, 113549, 2, 8};
- private static final int hmacWithSHA256[] =
- {1, 2, 840, 113549, 2, 9};
- private static final int hmacWithSHA384[] =
- {1, 2, 840, 113549, 2, 10};
- private static final int hmacWithSHA512[] =
- {1, 2, 840, 113549, 2, 11};
- private static final int aes128CBC[] =
- {2, 16, 840, 1, 101, 3, 4, 1, 2};
- private static final int aes192CBC[] =
- {2, 16, 840, 1, 101, 3, 4, 1, 22};
- private static final int aes256CBC[] =
- {2, 16, 840, 1, 101, 3, 4, 1, 42};
-
- private static ObjectIdentifier pkcs5PBKDF2_OID;
- private static ObjectIdentifier pkcs5PBES2_OID;
- private static ObjectIdentifier hmacWithSHA1_OID;
- private static ObjectIdentifier hmacWithSHA224_OID;
- private static ObjectIdentifier hmacWithSHA256_OID;
- private static ObjectIdentifier hmacWithSHA384_OID;
- private static ObjectIdentifier hmacWithSHA512_OID;
- private static ObjectIdentifier aes128CBC_OID;
- private static ObjectIdentifier aes192CBC_OID;
- private static ObjectIdentifier aes256CBC_OID;
-
- static {
- try {
- pkcs5PBKDF2_OID = new ObjectIdentifier(pkcs5PBKDF2);
- pkcs5PBES2_OID = new ObjectIdentifier(pkcs5PBES2);
- hmacWithSHA1_OID = new ObjectIdentifier(hmacWithSHA1);
- hmacWithSHA224_OID = new ObjectIdentifier(hmacWithSHA224);
- hmacWithSHA256_OID = new ObjectIdentifier(hmacWithSHA256);
- hmacWithSHA384_OID = new ObjectIdentifier(hmacWithSHA384);
- hmacWithSHA512_OID = new ObjectIdentifier(hmacWithSHA512);
- aes128CBC_OID = new ObjectIdentifier(aes128CBC);
- aes192CBC_OID = new ObjectIdentifier(aes192CBC);
- aes256CBC_OID = new ObjectIdentifier(aes256CBC);
- } catch (IOException ioe) {
- // should not happen
- }
- }
+ private static ObjectIdentifier pkcs5PBKDF2_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.5.12");
+ private static ObjectIdentifier pkcs5PBES2_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.5.13");
+ private static ObjectIdentifier hmacWithSHA1_OID =
+ ObjectIdentifier.of("1.2.840.113549.2.7");
+ private static ObjectIdentifier hmacWithSHA224_OID =
+ ObjectIdentifier.of("1.2.840.113549.2.8");
+ private static ObjectIdentifier hmacWithSHA256_OID =
+ ObjectIdentifier.of("1.2.840.113549.2.9");
+ private static ObjectIdentifier hmacWithSHA384_OID =
+ ObjectIdentifier.of("1.2.840.113549.2.10");
+ private static ObjectIdentifier hmacWithSHA512_OID =
+ ObjectIdentifier.of("1.2.840.113549.2.11");
+ private static ObjectIdentifier aes128CBC_OID =
+ ObjectIdentifier.of("2.16.840.1.101.3.4.1.2");
+ private static ObjectIdentifier aes192CBC_OID =
+ ObjectIdentifier.of("2.16.840.1.101.3.4.1.22");
+ private static ObjectIdentifier aes256CBC_OID =
+ ObjectIdentifier.of("2.16.840.1.101.3.4.1.42");
// the PBES2 algorithm name
private String pbes2AlgorithmName = null;
diff --git a/src/java.base/share/classes/java/security/cert/X509CertSelector.java b/src/java.base/share/classes/java/security/cert/X509CertSelector.java
index 70c77258ad0..6314a5ae1ad 100644
--- a/src/java.base/share/classes/java/security/cert/X509CertSelector.java
+++ b/src/java.base/share/classes/java/security/cert/X509CertSelector.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -88,7 +88,7 @@ public class X509CertSelector implements CertSelector {
private static final Debug debug = Debug.getInstance("certpath");
private static final ObjectIdentifier ANY_EXTENDED_KEY_USAGE =
- ObjectIdentifier.newInternal(new int[] {2, 5, 29, 37, 0});
+ ObjectIdentifier.of("2.5.29.37.0");
static {
CertPathHelperImpl.initialize();
diff --git a/src/java.base/share/classes/sun/security/pkcs/ContentInfo.java b/src/java.base/share/classes/sun/security/pkcs/ContentInfo.java
index 47a64dbfb79..00abc8d2d0c 100644
--- a/src/java.base/share/classes/sun/security/pkcs/ContentInfo.java
+++ b/src/java.base/share/classes/sun/security/pkcs/ContentInfo.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -38,50 +38,36 @@ import sun.security.util.*;
public class ContentInfo {
// pkcs7 pre-defined content types
- private static int[] pkcs7 = {1, 2, 840, 113549, 1, 7};
- private static int[] data = {1, 2, 840, 113549, 1, 7, 1};
- private static int[] sdata = {1, 2, 840, 113549, 1, 7, 2};
- private static int[] edata = {1, 2, 840, 113549, 1, 7, 3};
- private static int[] sedata = {1, 2, 840, 113549, 1, 7, 4};
- private static int[] ddata = {1, 2, 840, 113549, 1, 7, 5};
- private static int[] crdata = {1, 2, 840, 113549, 1, 7, 6};
- private static int[] nsdata = {2, 16, 840, 1, 113730, 2, 5};
- // timestamp token (id-ct-TSTInfo) from RFC 3161
- private static int[] tstInfo = {1, 2, 840, 113549, 1, 9, 16, 1, 4};
- // this is for backwards-compatibility with JDK 1.1.x
- private static final int[] OLD_SDATA = {1, 2, 840, 1113549, 1, 7, 2};
- private static final int[] OLD_DATA = {1, 2, 840, 1113549, 1, 7, 1};
- public static ObjectIdentifier PKCS7_OID;
- public static ObjectIdentifier DATA_OID;
- public static ObjectIdentifier SIGNED_DATA_OID;
- public static ObjectIdentifier ENVELOPED_DATA_OID;
- public static ObjectIdentifier SIGNED_AND_ENVELOPED_DATA_OID;
- public static ObjectIdentifier DIGESTED_DATA_OID;
- public static ObjectIdentifier ENCRYPTED_DATA_OID;
- public static ObjectIdentifier OLD_SIGNED_DATA_OID;
- public static ObjectIdentifier OLD_DATA_OID;
- public static ObjectIdentifier NETSCAPE_CERT_SEQUENCE_OID;
- public static ObjectIdentifier TIMESTAMP_TOKEN_INFO_OID;
+ public static ObjectIdentifier PKCS7_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.7");
+ public static ObjectIdentifier DATA_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.7.1");
+ public static ObjectIdentifier SIGNED_DATA_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.7.2");
+ public static ObjectIdentifier ENVELOPED_DATA_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.7.3");
+ public static ObjectIdentifier SIGNED_AND_ENVELOPED_DATA_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.7.4");
+ public static ObjectIdentifier DIGESTED_DATA_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.7.5");
+ public static ObjectIdentifier ENCRYPTED_DATA_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.7.6");
- static {
- PKCS7_OID = ObjectIdentifier.newInternal(pkcs7);
- DATA_OID = ObjectIdentifier.newInternal(data);
- SIGNED_DATA_OID = ObjectIdentifier.newInternal(sdata);
- ENVELOPED_DATA_OID = ObjectIdentifier.newInternal(edata);
- SIGNED_AND_ENVELOPED_DATA_OID = ObjectIdentifier.newInternal(sedata);
- DIGESTED_DATA_OID = ObjectIdentifier.newInternal(ddata);
- ENCRYPTED_DATA_OID = ObjectIdentifier.newInternal(crdata);
- OLD_SIGNED_DATA_OID = ObjectIdentifier.newInternal(OLD_SDATA);
- OLD_DATA_OID = ObjectIdentifier.newInternal(OLD_DATA);
- /**
- * The ASN.1 systax for the Netscape Certificate Sequence
- * data type is defined
- * <a href=http://wp.netscape.com/eng/security/comm4-cert-download.html>
- * here.</a>
- */
- NETSCAPE_CERT_SEQUENCE_OID = ObjectIdentifier.newInternal(nsdata);
- TIMESTAMP_TOKEN_INFO_OID = ObjectIdentifier.newInternal(tstInfo);
- }
+ // this is for backwards-compatibility with JDK 1.1.x
+ public static ObjectIdentifier OLD_SIGNED_DATA_OID =
+ ObjectIdentifier.of("1.2.840.1113549.1.7.2");
+ public static ObjectIdentifier OLD_DATA_OID =
+ ObjectIdentifier.of("1.2.840.1113549.1.7.1");
+
+ // The ASN.1 systax for the Netscape Certificate Sequence data type is
+ // defined at:
+ // http://wp.netscape.com/eng/security/comm4-cert-download.html
+ public static ObjectIdentifier NETSCAPE_CERT_SEQUENCE_OID =
+ ObjectIdentifier.of("2.16.840.1.113730.2.5");
+
+ // timestamp token (id-ct-TSTInfo) from RFC 3161
+ public static ObjectIdentifier TIMESTAMP_TOKEN_INFO_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.9.16.1.4");
ObjectIdentifier contentType;
DerValue content; // OPTIONAL
diff --git a/src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java b/src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java
index 463fbd74056..a7ec86935ea 100644
--- a/src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java
+++ b/src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -190,15 +190,14 @@ public class PKCS9Attribute implements DerEncoder {
static { // static initializer for PKCS9_OIDS
for (int i = 1; i < PKCS9_OIDS.length - 2; i++) {
- PKCS9_OIDS[i] =
- ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,i});
+ PKCS9_OIDS[i] = ObjectIdentifier.of("1.2.840.113549.1.9." + i);
}
// Initialize SigningCertificate and SignatureTimestampToken
// separately (because their values are out of sequence)
PKCS9_OIDS[PKCS9_OIDS.length - 2] =
- ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,16,2,12});
+ ObjectIdentifier.of("1.2.840.113549.1.9.16.2.12");
PKCS9_OIDS[PKCS9_OIDS.length - 1] =
- ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,16,2,14});
+ ObjectIdentifier.of("1.2.840.113549.1.9.16.2.14");
try {
BYTE_ARRAY_CLASS = Class.forName("[B");
@@ -253,7 +252,7 @@ public class PKCS9Attribute implements DerEncoder {
* that occur in PKCS9, in lower case.
*/
private static final Hashtable<String, ObjectIdentifier> NAME_OID_TABLE =
- new Hashtable<String, ObjectIdentifier>(18);
+ new Hashtable<String, ObjectIdentifier>(17);
static { // static initializer for PCKS9_NAMES
NAME_OID_TABLE.put("emailaddress", PKCS9_OIDS[1]);
@@ -280,7 +279,7 @@ public class PKCS9Attribute implements DerEncoder {
* corresponding attribute value type.
*/
private static final Hashtable<ObjectIdentifier, String> OID_NAME_TABLE =
- new Hashtable<ObjectIdentifier, String>(16);
+ new Hashtable<ObjectIdentifier, String>(17);
static {
OID_NAME_TABLE.put(PKCS9_OIDS[1], EMAIL_ADDRESS_STR);
OID_NAME_TABLE.put(PKCS9_OIDS[2], UNSTRUCTURED_NAME_STR);
diff --git a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
index ba586b49a4f..ae9b5a7a217 100644
--- a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
+++ b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -157,34 +157,34 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
private static final Debug debug = Debug.getInstance("pkcs12");
- private static final int[] keyBag = {1, 2, 840, 113549, 1, 12, 10, 1, 2};
- private static final int[] certBag = {1, 2, 840, 113549, 1, 12, 10, 1, 3};
- private static final int[] secretBag = {1, 2, 840, 113549, 1, 12, 10, 1, 5};
+ private static final ObjectIdentifier PKCS8ShroudedKeyBag_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.12.10.1.2");
+ private static final ObjectIdentifier CertBag_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.12.10.1.3");
+ private static final ObjectIdentifier SecretBag_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.12.10.1.5");
+ private static final ObjectIdentifier PKCS9FriendlyName_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.9.20");
+ private static final ObjectIdentifier PKCS9LocalKeyId_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.9.21");
+ private static final ObjectIdentifier PKCS9CertType_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.9.22.1");
+ private static final ObjectIdentifier pbes2_OID =
+ ObjectIdentifier.of("1.2.840.113549.1.5.13");
- private static final int[] pkcs9Name = {1, 2, 840, 113549, 1, 9, 20};
- private static final int[] pkcs9KeyId = {1, 2, 840, 113549, 1, 9, 21};
-
- private static final int[] pkcs9certType = {1, 2, 840, 113549, 1, 9, 22, 1};
-
- private static final int[] pbes2 = {1, 2, 840, 113549, 1, 5, 13};
- // TODO: temporary Oracle OID
/*
- * { joint-iso-itu-t(2) country(16) us(840) organization(1) oracle(113894)
- * jdk(746875) crypto(1) id-at-trustedKeyUsage(1) }
+ * Temporary Oracle OID
+ *
+ * {joint-iso-itu-t(2) country(16) us(840) organization(1)
+ * oracle(113894) jdk(746875) crypto(1) id-at-trustedKeyUsage(1)}
*/
- private static final int[] TrustedKeyUsage =
- {2, 16, 840, 1, 113894, 746875, 1, 1};
- private static final int[] AnyExtendedKeyUsage = {2, 5, 29, 37, 0};
+ private static final ObjectIdentifier TrustedKeyUsage_OID =
+ ObjectIdentifier.of("2.16.840.1.113894.746875.1.1");
- private static final ObjectIdentifier PKCS8ShroudedKeyBag_OID;
- private static final ObjectIdentifier CertBag_OID;
- private static final ObjectIdentifier SecretBag_OID;
- private static final ObjectIdentifier PKCS9FriendlyName_OID;
- private static final ObjectIdentifier PKCS9LocalKeyId_OID;
- private static final ObjectIdentifier PKCS9CertType_OID;
- private static final ObjectIdentifier pbes2_OID;
- private static final ObjectIdentifier TrustedKeyUsage_OID;
- private static final ObjectIdentifier[] AnyUsage;
+ private static final ObjectIdentifier[] AnyUsage = new ObjectIdentifier[] {
+ // AnyExtendedKeyUsage
+ ObjectIdentifier.of("2.5.29.37.0")
+ };
private int counter = 0;
@@ -213,23 +213,6 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
// the source of randomness
private SecureRandom random;
- static {
- try {
- PKCS8ShroudedKeyBag_OID = new ObjectIdentifier(keyBag);
- CertBag_OID = new ObjectIdentifier(certBag);
- SecretBag_OID = new ObjectIdentifier(secretBag);
- PKCS9FriendlyName_OID = new ObjectIdentifier(pkcs9Name);
- PKCS9LocalKeyId_OID = new ObjectIdentifier(pkcs9KeyId);
- PKCS9CertType_OID = new ObjectIdentifier(pkcs9certType);
- pbes2_OID = new ObjectIdentifier(pbes2);
- TrustedKeyUsage_OID = new ObjectIdentifier(TrustedKeyUsage);
- AnyUsage = new ObjectIdentifier[]{
- new ObjectIdentifier(AnyExtendedKeyUsage)};
- } catch (IOException ioe) {
- throw new AssertionError("OID not initialized", ioe);
- }
- }
-
// A keystore entry and associated attributes
private static class Entry {
Date date; // the creation date of this entry
diff --git a/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java b/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java
index 34a8fcd3e7d..9747835f870 100644
--- a/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java
+++ b/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java
@@ -135,7 +135,7 @@ public final class OCSPResponse {
private static final Debug debug = Debug.getInstance("certpath");
private static final boolean dump = debug != null && Debug.isOn("ocsp");
private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID =
- ObjectIdentifier.newInternal(new int[] { 1, 3, 6, 1, 5, 5, 7, 48, 1, 1});
+ ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.1");
private static final int CERT_STATUS_GOOD = 0;
private static final int CERT_STATUS_REVOKED = 1;
private static final int CERT_STATUS_UNKNOWN = 2;
diff --git a/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java b/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java
index f28a02a9487..224cc12a477 100644
--- a/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java
+++ b/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -50,9 +50,7 @@ import java.util.Arrays;
* @author Hemma Prafullchandra
*/
-public final
-class ObjectIdentifier implements Serializable
-{
+public final class ObjectIdentifier implements Serializable {
/**
* We use the DER value (no tag, no length) as the internal format
* @serial
@@ -100,6 +98,7 @@ class ObjectIdentifier implements Serializable
*/
@SuppressWarnings("serial") // Not statically typed as Serializable
private Object components = null; // path from root
+
/**
* @serial
*/
@@ -141,15 +140,15 @@ class ObjectIdentifier implements Serializable
static class HugeOidNotSupportedByOldJDK implements Serializable {
@java.io.Serial
private static final long serialVersionUID = 1L;
- static HugeOidNotSupportedByOldJDK theOne = new HugeOidNotSupportedByOldJDK();
+ static HugeOidNotSupportedByOldJDK theOne =
+ new HugeOidNotSupportedByOldJDK();
}
/**
* Constructs, from a string. This string should be of the form 1.23.56.
* Validity check included.
*/
- public ObjectIdentifier (String oid) throws IOException
- {
+ public ObjectIdentifier(String oid) throws IOException {
int ch = '.';
int start = 0;
int end = 0;
@@ -217,20 +216,6 @@ class ObjectIdentifier implements Serializable
}
}
- /**
- * Constructor, from an array of integers.
- * Validity check included.
- */
- public ObjectIdentifier(int[] values) throws IOException
- {
- checkCount(values.length);
- checkFirstComponent(values[0]);
- checkSecondComponent(values[0], values[1]);
- for (int i=2; i<values.length; i++)
- checkOtherComponent(i, values[i]);
- init(values, values.length);
- }
-
/**
* Constructor, from an ASN.1 encoded input stream.
* Validity check NOT included.
@@ -243,8 +228,7 @@ class ObjectIdentifier implements Serializable
* @param in DER-encoded data holding an object ID
* @exception IOException indicates a decoding error
*/
- public ObjectIdentifier (DerInputStream in) throws IOException
- {
+ public ObjectIdentifier(DerInputStream in) throws IOException {
byte type_id;
int bufferEnd;
@@ -257,7 +241,7 @@ class ObjectIdentifier implements Serializable
* up so that we can use in.available() to check for the end of
* this value in the data stream.
*/
- type_id = (byte) in.getByte ();
+ type_id = (byte)in.getByte();
if (type_id != DerValue.tag_ObjectId)
throw new IOException (
"ObjectIdentifier() -- data isn't an object ID"
@@ -280,8 +264,7 @@ class ObjectIdentifier implements Serializable
* the tag and length have been removed/verified
* Validity check NOT included.
*/
- ObjectIdentifier (DerInputBuffer buf) throws IOException
- {
+ ObjectIdentifier(DerInputBuffer buf) throws IOException {
DerInputStream in = new DerInputStream(buf);
encoding = new byte[in.available()];
in.getBytes(encoding);
@@ -308,28 +291,23 @@ class ObjectIdentifier implements Serializable
}
/**
- * This method is kept for compatibility reasons. The new implementation
- * does the check and conversion. All around the JDK, the method is called
- * in static blocks to initialize pre-defined ObjectIdentifieies. No
- * obvious performance hurt will be made after this change.
+ * Returns an ObjectIdentifier instance for the specific string OID.
*
- * Old doc: Create a new ObjectIdentifier for internal use. The values are
- * neither checked nor cloned.
+ * Note: Please use legal string OID only. Otherwise, a RuntimeException
+ * is thrown.
*/
- public static ObjectIdentifier newInternal(int[] values) {
+ public static ObjectIdentifier of(String oid) {
try {
- return new ObjectIdentifier(values);
- } catch (IOException ex) {
- throw new RuntimeException(ex);
- // Should not happen, internal calls always uses legal values.
+ return new ObjectIdentifier(oid);
+ } catch (IOException ioe) {
+ throw new RuntimeException(ioe);
}
}
/*
* n.b. the only public interface is DerOutputStream.putOID()
*/
- void encode (DerOutputStream out) throws IOException
- {
+ void encode(DerOutputStream out) throws IOException {
out.write (DerValue.tag_ObjectId, encoding);
}
@@ -370,17 +348,21 @@ class ObjectIdentifier implements Serializable
if ((encoding[i] & 0x80) == 0) {
// one section [fromPos..i]
if (i - fromPos + 1 > 4) {
- BigInteger big = new BigInteger(pack(encoding, fromPos, i-fromPos+1, 7, 8));
+ BigInteger big = new BigInteger(pack(encoding,
+ fromPos, i-fromPos+1, 7, 8));
if (fromPos == 0) {
result[which++] = 2;
- BigInteger second = big.subtract(BigInteger.valueOf(80));
- if (second.compareTo(BigInteger.valueOf(Integer.MAX_VALUE)) == 1) {
+ BigInteger second =
+ big.subtract(BigInteger.valueOf(80));
+ if (second.compareTo(
+ BigInteger.valueOf(Integer.MAX_VALUE)) == 1) {
return null;
} else {
result[which++] = second.intValue();
}
} else {
- if (big.compareTo(BigInteger.valueOf(Integer.MAX_VALUE)) == 1) {
+ if (big.compareTo(
+ BigInteger.valueOf(Integer.MAX_VALUE)) == 1) {
return null;
} else {
result[which++] = big.intValue();
@@ -435,7 +417,8 @@ class ObjectIdentifier implements Serializable
sb.append('.');
}
if (i - fromPos + 1 > 4) { // maybe big integer
- BigInteger big = new BigInteger(pack(encoding, fromPos, i-fromPos+1, 7, 8));
+ BigInteger big = new BigInteger(
+ pack(encoding, fromPos, i-fromPos+1, 7, 8));
if (fromPos == 0) {
// first section encoded with more than 4 bytes,
// must be 2.something
@@ -476,7 +459,7 @@ class ObjectIdentifier implements Serializable
/**
* Repack all bits from input to output. On the both sides, only a portion
* (from the least significant bit) of the 8 bits in a byte is used. This
- * number is defined as the number of useful bits (NUB) for the array. All the
+ * number is defined as the number of useful bits (NUB) for the array. All
* used bits from the input byte array and repacked into the output in the
* exactly same order. The output bits are aligned so that the final bit of
* the input (the least significant bit in the last byte), when repacked as
@@ -498,7 +481,8 @@ class ObjectIdentifier implements Serializable
* @param ow NUB for output
* @return the repacked bytes
*/
- private static byte[] pack(byte[] in, int ioffset, int ilength, int iw, int ow) {
+ private static byte[] pack(byte[] in,
+ int ioffset, int ilength, int iw, int ow) {
assert (iw > 0 && iw <= 8): "input NUB must be between 1 and 8";
assert (ow > 0 && ow <= 8): "output NUB must be between 1 and 8";
@@ -520,12 +504,13 @@ class ObjectIdentifier implements Serializable
if (count > ow - opos%ow) { // free space available in output byte
count = ow - opos%ow; // choose the smaller number
}
+
// and move them!
- out[opos/ow] |= // paste!
- (((in[ioffset+ipos/iw]+256) // locate the byte (+256 so that it's never negative)
- >> (iw-ipos%iw-count)) // move to the end of a byte
- & ((1 << (count))-1)) // zero out all other bits
- << (ow-opos%ow-count); // move to the output position
+ out[opos/ow] |= // paste!
+ (((in[ioffset+ipos/iw]+256) // locate the byte (+256 so that it's never negative)
+ >> (iw-ipos%iw-count)) & // move to the end of a byte
+ ((1 << (count))-1)) // zero out all other bits
+ << (ow-opos%ow-count); // move to the output position
ipos += count; // advance
opos += count; // advance
}
@@ -541,7 +526,8 @@ class ObjectIdentifier implements Serializable
* @param ooffset the starting position to paste
* @return the number of bytes pasted
*/
- private static int pack7Oid(byte[] in, int ioffset, int ilength, byte[] out, int ooffset) {
+ private static int pack7Oid(byte[] in,
+ int ioffset, int ilength, byte[] out, int ooffset) {
byte[] pack = pack(in, ioffset, ilength, 8, 7);
int firstNonZero = pack.length-1; // paste at least one byte
for (int i=pack.length-2; i>=0; i--) {
@@ -550,7 +536,8 @@ class ObjectIdentifier implements Serializable
}
pack[i] |= 0x80;
}
- System.arraycopy(pack, firstNonZero, out, ooffset, pack.length-firstNonZero);
+ System.arraycopy(pack, firstNonZero,
+ out, ooffset, pack.length-firstNonZero);
return pack.length-firstNonZero;
}
@@ -561,7 +548,8 @@ class ObjectIdentifier implements Serializable
* @param ooffset the starting position to paste
* @return the number of bytes pasted
*/
- private static int pack8(byte[] in, int ioffset, int ilength, byte[] out, int ooffset) {
+ private static int pack8(byte[] in,
+ int ioffset, int ilength, byte[] out, int ooffset) {
byte[] pack = pack(in, ioffset, ilength, 7, 8);
int firstNonZero = pack.length-1; // paste at least one byte
for (int i=pack.length-2; i>=0; i--) {
@@ -569,7 +557,8 @@ class ObjectIdentifier implements Serializable
firstNonZero = i;
}
}
- System.arraycopy(pack, firstNonZero, out, ooffset, pack.length-firstNonZero);
+ System.arraycopy(pack, firstNonZero,
+ out, ooffset, pack.length-firstNonZero);
return pack.length-firstNonZero;
}
@@ -621,31 +610,39 @@ class ObjectIdentifier implements Serializable
}
}
}
+
private static void checkCount(int count) throws IOException {
if (count < 2) {
throw new IOException("ObjectIdentifier() -- " +
"Must be at least two oid components ");
}
}
+
private static void checkFirstComponent(int first) throws IOException {
if (first < 0 || first > 2) {
throw new IOException("ObjectIdentifier() -- " +
"First oid component is invalid ");
}
}
- private static void checkFirstComponent(BigInteger first) throws IOException {
+
+ private static void checkFirstComponent(
+ BigInteger first) throws IOException {
if (first.signum() == -1 || first.compareTo(BigInteger.TWO) > 0) {
throw new IOException("ObjectIdentifier() -- " +
"First oid component is invalid ");
}
}
- private static void checkSecondComponent(int first, int second) throws IOException {
+
+ private static void checkSecondComponent(
+ int first, int second) throws IOException {
if (second < 0 || first != 2 && second > 39) {
throw new IOException("ObjectIdentifier() -- " +
"Second oid component is invalid ");
}
}
- private static void checkSecondComponent(int first, BigInteger second) throws IOException {
+
+ private static void checkSecondComponent(
+ int first, BigInteger second) throws IOException {
if (second.signum() == -1 ||
first != 2 &&
second.compareTo(BigInteger.valueOf(39)) == 1) {
@@ -653,13 +650,16 @@ class ObjectIdentifier implements Serializable
"Second oid component is invalid ");
}
}
+
private static void checkOtherComponent(int i, int num) throws IOException {
if (num < 0) {
throw new IOException("ObjectIdentifier() -- " +
"oid component #" + (i+1) + " must be non-negative ");
}
}
- private static void checkOtherComponent(int i, BigInteger num) throws IOException {
+
+ private static void checkOtherComponent(
+ int i, BigInteger num) throws IOException {
if (num.signum() == -1) {
throw new IOException("ObjectIdentifier() -- " +
"oid component #" + (i+1) + " must be non-negative ");
diff --git a/src/java.base/share/classes/sun/security/x509/AccessDescription.java b/src/java.base/share/classes/sun/security/x509/AccessDescription.java
index 45fa695e88c..62389d52f80 100644
--- a/src/java.base/share/classes/sun/security/x509/AccessDescription.java
+++ b/src/java.base/share/classes/sun/security/x509/AccessDescription.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -42,16 +42,16 @@ public final class AccessDescription {
private GeneralName accessLocation;
public static final ObjectIdentifier Ad_OCSP_Id =
- ObjectIdentifier.newInternal(new int[] {1, 3, 6, 1, 5, 5, 7, 48, 1});
+ ObjectIdentifier.of("1.3.6.1.5.5.7.48.1");
public static final ObjectIdentifier Ad_CAISSUERS_Id =
- ObjectIdentifier.newInternal(new int[] {1, 3, 6, 1, 5, 5, 7, 48, 2});
+ ObjectIdentifier.of("1.3.6.1.5.5.7.48.2");
public static final ObjectIdentifier Ad_TIMESTAMPING_Id =
- ObjectIdentifier.newInternal(new int[] {1, 3, 6, 1, 5, 5, 7, 48, 3});
+ ObjectIdentifier.of("1.3.6.1.5.5.7.48.3");
public static final ObjectIdentifier Ad_CAREPOSITORY_Id =
- ObjectIdentifier.newInternal(new int[] {1, 3, 6, 1, 5, 5, 7, 48, 5});
+ ObjectIdentifier.of("1.3.6.1.5.5.7.48.5");
public AccessDescription(ObjectIdentifier accessMethod, GeneralName accessLocation) {
this.accessMethod = accessMethod;
diff --git a/src/java.base/share/classes/sun/security/x509/AlgorithmId.java b/src/java.base/share/classes/sun/security/x509/AlgorithmId.java
index 06c905a9d05..f24a7e6559e 100644
--- a/src/java.base/share/classes/sun/security/x509/AlgorithmId.java
+++ b/src/java.base/share/classes/sun/security/x509/AlgorithmId.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -591,10 +591,6 @@ public class AlgorithmId implements Serializable, DerEncoder {
return oidTable().get(name.toUpperCase(Locale.ENGLISH));
}
- private static ObjectIdentifier oid(int ... values) {
- return ObjectIdentifier.newInternal(values);
- }
-
private static volatile Map<String,ObjectIdentifier> oidTable;
private static final Map<ObjectIdentifier,String> nameTable;
@@ -654,14 +650,14 @@ public class AlgorithmId implements Serializable, DerEncoder {
* OID = 1.2.840.113549.2.2
*/
public static final ObjectIdentifier MD2_oid =
- ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 2});
+ ObjectIdentifier.of("1.2.840.113549.2.2");
/**
* Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321.
* OID = 1.2.840.113549.2.5
*/
public static final ObjectIdentifier MD5_oid =
- ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 5});
+ ObjectIdentifier.of("1.2.840.113549.2.5");
/**
* Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1.
@@ -670,142 +666,29 @@ public class AlgorithmId implements Serializable, DerEncoder {
* OID = 1.3.14.3.2.26. Old SHA-0 OID: 1.3.14.3.2.18.
*/
public static final ObjectIdentifier SHA_oid =
- ObjectIdentifier.newInternal(new int[] {1, 3, 14, 3, 2, 26});
+ ObjectIdentifier.of("1.3.14.3.2.26");
public static final ObjectIdentifier SHA224_oid =
- ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 4});
+ ObjectIdentifier.of("2.16.840.1.101.3.4.2.4");
public static final ObjectIdentifier SHA256_oid =
- ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 1});
+ ObjectIdentifier.of("2.16.840.1.101.3.4.2.1");
public static final ObjectIdentifier SHA384_oid =
- ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 2});
+ ObjectIdentifier.of("2.16.840.1.101.3.4.2.2");
public static final ObjectIdentifier SHA512_oid =
- ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 3});
+ ObjectIdentifier.of("2.16.840.1.101.3.4.2.3");
public static final ObjectIdentifier SHA512_224_oid =
- ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 5});
+ ObjectIdentifier.of("2.16.840.1.101.3.4.2.5");
public static final ObjectIdentifier SHA512_256_oid =
- ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 6});
+ ObjectIdentifier.of("2.16.840.1.101.3.4.2.6");
/*
* COMMON PUBLIC KEY TYPES
*/
- private static final int[] DH_data = { 1, 2, 840, 113549, 1, 3, 1 };
- private static final int[] DH_PKIX_data = { 1, 2, 840, 10046, 2, 1 };
- private static final int[] DSA_OIW_data = { 1, 3, 14, 3, 2, 12 };
- private static final int[] DSA_PKIX_data = { 1, 2, 840, 10040, 4, 1 };
- private static final int[] RSA_data = { 2, 5, 8, 1, 1 };
-
- public static final ObjectIdentifier DH_oid;
- public static final ObjectIdentifier DH_PKIX_oid;
- public static final ObjectIdentifier DSA_oid;
- public static final ObjectIdentifier DSA_OIW_oid;
- public static final ObjectIdentifier EC_oid = oid(1, 2, 840, 10045, 2, 1);
- public static final ObjectIdentifier ECDH_oid = oid(1, 3, 132, 1, 12);
- public static final ObjectIdentifier RSA_oid;
- public static final ObjectIdentifier RSAEncryption_oid =
- oid(1, 2, 840, 113549, 1, 1, 1);
- public static final ObjectIdentifier RSAES_OAEP_oid =
- oid(1, 2, 840, 113549, 1, 1, 7);
- public static final ObjectIdentifier mgf1_oid =
- oid(1, 2, 840, 113549, 1, 1, 8);
- public static final ObjectIdentifier RSASSA_PSS_oid =
- oid(1, 2, 840, 113549, 1, 1, 10);
-
- /*
- * COMMON SECRET KEY TYPES
- */
- public static final ObjectIdentifier AES_oid =
- oid(2, 16, 840, 1, 101, 3, 4, 1);
-
- /*
- * COMMON SIGNATURE ALGORITHMS
- */
- private static final int[] md2WithRSAEncryption_data =
- { 1, 2, 840, 113549, 1, 1, 2 };
- private static final int[] md5WithRSAEncryption_data =
- { 1, 2, 840, 113549, 1, 1, 4 };
- private static final int[] sha1WithRSAEncryption_data =
- { 1, 2, 840, 113549, 1, 1, 5 };
- private static final int[] sha1WithRSAEncryption_OIW_data =
- { 1, 3, 14, 3, 2, 29 };
- private static final int[] sha224WithRSAEncryption_data =
- { 1, 2, 840, 113549, 1, 1, 14 };
- private static final int[] sha256WithRSAEncryption_data =
- { 1, 2, 840, 113549, 1, 1, 11 };
- private static final int[] sha384WithRSAEncryption_data =
- { 1, 2, 840, 113549, 1, 1, 12 };
- private static final int[] sha512WithRSAEncryption_data =
- { 1, 2, 840, 113549, 1, 1, 13 };
-
- private static final int[] shaWithDSA_OIW_data =
- { 1, 3, 14, 3, 2, 13 };
- private static final int[] sha1WithDSA_OIW_data =
- { 1, 3, 14, 3, 2, 27 };
- private static final int[] dsaWithSHA1_PKIX_data =
- { 1, 2, 840, 10040, 4, 3 };
-
- public static final ObjectIdentifier md2WithRSAEncryption_oid;
- public static final ObjectIdentifier md5WithRSAEncryption_oid;
- public static final ObjectIdentifier sha1WithRSAEncryption_oid;
- public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid;
- public static final ObjectIdentifier sha224WithRSAEncryption_oid;
- public static final ObjectIdentifier sha256WithRSAEncryption_oid;
- public static final ObjectIdentifier sha384WithRSAEncryption_oid;
- public static final ObjectIdentifier sha512WithRSAEncryption_oid;
- public static final ObjectIdentifier sha512_224WithRSAEncryption_oid =
- oid(1, 2, 840, 113549, 1, 1, 15);
- public static final ObjectIdentifier sha512_256WithRSAEncryption_oid =
- oid(1, 2, 840, 113549, 1, 1, 16);;
-
- public static final ObjectIdentifier shaWithDSA_OIW_oid;
- public static final ObjectIdentifier sha1WithDSA_OIW_oid;
- public static final ObjectIdentifier sha1WithDSA_oid;
- public static final ObjectIdentifier sha224WithDSA_oid =
- oid(2, 16, 840, 1, 101, 3, 4, 3, 1);
- public static final ObjectIdentifier sha256WithDSA_oid =
- oid(2, 16, 840, 1, 101, 3, 4, 3, 2);
-
- public static final ObjectIdentifier sha1WithECDSA_oid =
- oid(1, 2, 840, 10045, 4, 1);
- public static final ObjectIdentifier sha224WithECDSA_oid =
- oid(1, 2, 840, 10045, 4, 3, 1);
- public static final ObjectIdentifier sha256WithECDSA_oid =
- oid(1, 2, 840, 10045, 4, 3, 2);
- public static final ObjectIdentifier sha384WithECDSA_oid =
- oid(1, 2, 840, 10045, 4, 3, 3);
- public static final ObjectIdentifier sha512WithECDSA_oid =
- oid(1, 2, 840, 10045, 4, 3, 4);
- public static final ObjectIdentifier specifiedWithECDSA_oid =
- oid(1, 2, 840, 10045, 4, 3);
-
- /**
- * Algorithm ID for the PBE encryption algorithms from PKCS#5 and
- * PKCS#12.
- */
- public static final ObjectIdentifier pbeWithMD5AndDES_oid =
- ObjectIdentifier.newInternal(new int[]{1, 2, 840, 113549, 1, 5, 3});
- public static final ObjectIdentifier pbeWithMD5AndRC2_oid =
- ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 6});
- public static final ObjectIdentifier pbeWithSHA1AndDES_oid =
- ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 10});
- public static final ObjectIdentifier pbeWithSHA1AndRC2_oid =
- ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 11});
- public static ObjectIdentifier pbeWithSHA1AndRC4_128_oid =
- ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 1});
- public static ObjectIdentifier pbeWithSHA1AndRC4_40_oid =
- ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 2});
- public static ObjectIdentifier pbeWithSHA1AndDESede_oid =
- ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 3});
- public static ObjectIdentifier pbeWithSHA1AndRC2_128_oid =
- ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 5});
- public static ObjectIdentifier pbeWithSHA1AndRC2_40_oid =
- ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 6});
-
- static {
/*
* Note the preferred OIDs are named simply with no "OIW" or
* "PKIX" in them, even though they may point to data from these
@@ -819,14 +702,16 @@ public class AlgorithmId implements Serializable, DerEncoder {
* certificate.
* OID = 1.2.840.113549.1.3.1
*/
- DH_oid = ObjectIdentifier.newInternal(DH_data);
+ public static final ObjectIdentifier DH_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.3.1");
/**
* Algorithm ID for the Diffie Hellman Key Agreement (DH), from RFC 3279.
* Parameters may include public values P and G.
* OID = 1.2.840.10046.2.1
*/
- DH_PKIX_oid = ObjectIdentifier.newInternal(DH_PKIX_data);
+ public static final ObjectIdentifier DH_PKIX_oid =
+ ObjectIdentifier.of("1.2.840.10046.2.1");
/**
* Algorithm ID for the Digital Signing Algorithm (DSA), from the
@@ -836,7 +721,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
* another source such as a Certificate Authority's certificate.
* OID = 1.3.14.3.2.12
*/
- DSA_OIW_oid = ObjectIdentifier.newInternal(DSA_OIW_data);
+ public static final ObjectIdentifier DSA_OIW_oid =
+ ObjectIdentifier.of("1.3.14.3.2.12");
/**
* Algorithm ID for the Digital Signing Algorithm (DSA), from RFC 3279.
@@ -845,7 +731,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
* certificate.
* OID = 1.2.840.10040.4.1
*/
- DSA_oid = ObjectIdentifier.newInternal(DSA_PKIX_data);
+ public static final ObjectIdentifier DSA_oid =
+ ObjectIdentifier.of("1.2.840.10040.4.1");
/**
* Algorithm ID for RSA keys used for any purpose, as defined in X.509.
@@ -853,72 +740,95 @@ public class AlgorithmId implements Serializable, DerEncoder {
* public modulus.
* OID = 2.5.8.1.1
*/
- RSA_oid = ObjectIdentifier.newInternal(RSA_data);
+ public static final ObjectIdentifier RSA_oid =
+ ObjectIdentifier.of("2.5.8.1.1");
+ public static final ObjectIdentifier EC_oid =
+ ObjectIdentifier.of("1.2.840.10045.2.1");
+ public static final ObjectIdentifier ECDH_oid =
+ ObjectIdentifier.of("1.3.132.1.12");
+ public static final ObjectIdentifier RSAEncryption_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.1.1");
+ public static final ObjectIdentifier RSAES_OAEP_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.1.7");
+ public static final ObjectIdentifier mgf1_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.1.8");
+ public static final ObjectIdentifier RSASSA_PSS_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.1.10");
+
+ /*
+ * COMMON SECRET KEY TYPES
+ */
+ public static final ObjectIdentifier AES_oid =
+ ObjectIdentifier.of("2.16.840.1.101.3.4.1");
+
+ /*
+ * COMMON SIGNATURE ALGORITHMS
+ */
/**
* Identifies a signing algorithm where an MD2 digest is encrypted
* using an RSA private key; defined in PKCS #1. Use of this
* signing algorithm is discouraged due to MD2 vulnerabilities.
* OID = 1.2.840.113549.1.1.2
*/
- md2WithRSAEncryption_oid =
- ObjectIdentifier.newInternal(md2WithRSAEncryption_data);
+ public static final ObjectIdentifier md2WithRSAEncryption_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.1.2");
/**
* Identifies a signing algorithm where an MD5 digest is
* encrypted using an RSA private key; defined in PKCS #1.
* OID = 1.2.840.113549.1.1.4
*/
- md5WithRSAEncryption_oid =
- ObjectIdentifier.newInternal(md5WithRSAEncryption_data);
+ public static final ObjectIdentifier md5WithRSAEncryption_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.1.4");
/**
* Identifies a signing algorithm where a SHA1 digest is
* encrypted using an RSA private key; defined by RSA DSI.
* OID = 1.2.840.113549.1.1.5
*/
- sha1WithRSAEncryption_oid =
- ObjectIdentifier.newInternal(sha1WithRSAEncryption_data);
+ public static final ObjectIdentifier sha1WithRSAEncryption_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.1.5");
/**
* Identifies a signing algorithm where a SHA1 digest is
* encrypted using an RSA private key; defined in NIST OIW.
* OID = 1.3.14.3.2.29
*/
- sha1WithRSAEncryption_OIW_oid =
- ObjectIdentifier.newInternal(sha1WithRSAEncryption_OIW_data);
+ public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid =
+ ObjectIdentifier.of("1.3.14.3.2.29");
/**
* Identifies a signing algorithm where a SHA224 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.14
*/
- sha224WithRSAEncryption_oid =
- ObjectIdentifier.newInternal(sha224WithRSAEncryption_data);
+ public static final ObjectIdentifier sha224WithRSAEncryption_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.1.14");
/**
* Identifies a signing algorithm where a SHA256 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.11
*/
- sha256WithRSAEncryption_oid =
- ObjectIdentifier.newInternal(sha256WithRSAEncryption_data);
+ public static final ObjectIdentifier sha256WithRSAEncryption_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.1.11");
/**
* Identifies a signing algorithm where a SHA384 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.12
*/
- sha384WithRSAEncryption_oid =
- ObjectIdentifier.newInternal(sha384WithRSAEncryption_data);
+ public static final ObjectIdentifier sha384WithRSAEncryption_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.1.12");
/**
* Identifies a signing algorithm where a SHA512 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.13
*/
- sha512WithRSAEncryption_oid =
- ObjectIdentifier.newInternal(sha512WithRSAEncryption_data);
+ public static final ObjectIdentifier sha512WithRSAEncryption_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.1.13");
/**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
@@ -926,22 +836,72 @@ public class AlgorithmId implements Serializable, DerEncoder {
* This should not be used.
* OID = 1.3.14.3.2.13
*/
- shaWithDSA_OIW_oid = ObjectIdentifier.newInternal(shaWithDSA_OIW_data);
+ public static final ObjectIdentifier shaWithDSA_OIW_oid =
+ ObjectIdentifier.of("1.3.14.3.2.13");
/**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
* SHA1 digest is signed using the Digital Signing Algorithm (DSA).
* OID = 1.3.14.3.2.27
*/
- sha1WithDSA_OIW_oid = ObjectIdentifier.newInternal(sha1WithDSA_OIW_data);
+ public static final ObjectIdentifier sha1WithDSA_OIW_oid =
+ ObjectIdentifier.of("1.3.14.3.2.27");
/**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
* SHA1 digest is signed using the Digital Signing Algorithm (DSA).
* OID = 1.2.840.10040.4.3
*/
- sha1WithDSA_oid = ObjectIdentifier.newInternal(dsaWithSHA1_PKIX_data);
+ public static final ObjectIdentifier sha1WithDSA_oid =
+ ObjectIdentifier.of("1.2.840.10040.4.3");
+ public static final ObjectIdentifier sha512_224WithRSAEncryption_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.1.15");
+ public static final ObjectIdentifier sha512_256WithRSAEncryption_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.1.16");
+
+ public static final ObjectIdentifier sha224WithDSA_oid =
+ ObjectIdentifier.of("2.16.840.1.101.3.4.3.1");
+ public static final ObjectIdentifier sha256WithDSA_oid =
+ ObjectIdentifier.of("2.16.840.1.101.3.4.3.2");
+
+ public static final ObjectIdentifier sha1WithECDSA_oid =
+ ObjectIdentifier.of("1.2.840.10045.4.1");
+ public static final ObjectIdentifier sha224WithECDSA_oid =
+ ObjectIdentifier.of("1.2.840.10045.4.3.1");
+ public static final ObjectIdentifier sha256WithECDSA_oid =
+ ObjectIdentifier.of("1.2.840.10045.4.3.2");
+ public static final ObjectIdentifier sha384WithECDSA_oid =
+ ObjectIdentifier.of("1.2.840.10045.4.3.3");
+ public static final ObjectIdentifier sha512WithECDSA_oid =
+ ObjectIdentifier.of("1.2.840.10045.4.3.4");
+ public static final ObjectIdentifier specifiedWithECDSA_oid =
+ ObjectIdentifier.of("1.2.840.10045.4.3");
+
+ /**
+ * Algorithm ID for the PBE encryption algorithms from PKCS#5 and
+ * PKCS#12.
+ */
+ public static final ObjectIdentifier pbeWithMD5AndDES_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.5.3");
+ public static final ObjectIdentifier pbeWithMD5AndRC2_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.5.6");
+ public static final ObjectIdentifier pbeWithSHA1AndDES_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.5.10");
+ public static final ObjectIdentifier pbeWithSHA1AndRC2_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.5.11");
+ public static final ObjectIdentifier pbeWithSHA1AndRC4_128_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.12.1.1");
+ public static final ObjectIdentifier pbeWithSHA1AndRC4_40_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.12.1.2");
+ public static final ObjectIdentifier pbeWithSHA1AndDESede_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.12.1.3");
+ public static final ObjectIdentifier pbeWithSHA1AndRC2_128_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.12.1.5");
+ public static final ObjectIdentifier pbeWithSHA1AndRC2_40_oid =
+ ObjectIdentifier.of("1.2.840.113549.1.12.1.6");
+
+ static {
nameTable = new HashMap<>();
nameTable.put(MD5_oid, "MD5");
nameTable.put(MD2_oid, "MD2");
diff --git a/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java b/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java
index c8968448c7f..32691d1d759 100644
--- a/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java
+++ b/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -97,30 +97,19 @@ implements CertAttrSet<String> {
// OID defined in RFC 5280 Sections 4.2.1.12
// more from http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.html
private static final Map <ObjectIdentifier, String> map =
- new HashMap <ObjectIdentifier, String> ();
-
- private static final int[] anyExtendedKeyUsageOidData = {2, 5, 29, 37, 0};
- private static final int[] serverAuthOidData = {1, 3, 6, 1, 5, 5, 7, 3, 1};
- private static final int[] clientAuthOidData = {1, 3, 6, 1, 5, 5, 7, 3, 2};
- private static final int[] codeSigningOidData = {1, 3, 6, 1, 5, 5, 7, 3, 3};
- private static final int[] emailProtectionOidData = {1, 3, 6, 1, 5, 5, 7, 3, 4};
- private static final int[] ipsecEndSystemOidData = {1, 3, 6, 1, 5, 5, 7, 3, 5};
- private static final int[] ipsecTunnelOidData = {1, 3, 6, 1, 5, 5, 7, 3, 6};
- private static final int[] ipsecUserOidData = {1, 3, 6, 1, 5, 5, 7, 3, 7};
- private static final int[] timeStampingOidData = {1, 3, 6, 1, 5, 5, 7, 3, 8};
- private static final int[] OCSPSigningOidData = {1, 3, 6, 1, 5, 5, 7, 3, 9};
+ new HashMap<ObjectIdentifier, String>();
static {
- map.put(ObjectIdentifier.newInternal(anyExtendedKeyUsageOidData), "anyExtendedKeyUsage");
- map.put(ObjectIdentifier.newInternal(serverAuthOidData), "serverAuth");
- map.put(ObjectIdentifier.newInternal(clientAuthOidData), "clientAuth");
- map.put(ObjectIdentifier.newInternal(codeSigningOidData), "codeSigning");
- map.put(ObjectIdentifier.newInternal(emailProtectionOidData), "emailProtection");
- map.put(ObjectIdentifier.newInternal(ipsecEndSystemOidData), "ipsecEndSystem");
- map.put(ObjectIdentifier.newInternal(ipsecTunnelOidData), "ipsecTunnel");
- map.put(ObjectIdentifier.newInternal(ipsecUserOidData), "ipsecUser");
- map.put(ObjectIdentifier.newInternal(timeStampingOidData), "timeStamping");
- map.put(ObjectIdentifier.newInternal(OCSPSigningOidData), "OCSPSigning");
+ map.put(ObjectIdentifier.of("2.5.29.37.0"), "anyExtendedKeyUsage");
+ map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.1"), "serverAuth");
+ map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.2"), "clientAuth");
+ map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.3"), "codeSigning");
+ map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.4"), "emailProtection");
+ map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.5"), "ipsecEndSystem");
+ map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.6"), "ipsecTunnel");
+ map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.7"), "ipsecUser");
+ map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.8"), "timeStamping");
+ map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.9"), "OCSPSigning");
};
/**
diff --git a/src/java.base/share/classes/sun/security/x509/GeneralSubtrees.java b/src/java.base/share/classes/sun/security/x509/GeneralSubtrees.java
index 847f56aba86..8adafe20344 100644
--- a/src/java.base/share/classes/sun/security/x509/GeneralSubtrees.java
+++ b/src/java.base/share/classes/sun/security/x509/GeneralSubtrees.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -270,8 +270,7 @@ public class GeneralSubtrees implements Cloneable {
newName = new GeneralName(new IPAddressName((byte[])null));
break;
case GeneralNameInterface.NAME_OID:
- newName = new GeneralName
- (new OIDName(new ObjectIdentifier((int[])null)));
+ newName = new GeneralName(new OIDName(""));
break;
default:
throw new IOException
diff --git a/src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java b/src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java
index a20a1f55803..b21af10cc55 100644
--- a/src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java
+++ b/src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -75,14 +75,8 @@ implements CertAttrSet<String> {
/**
* Object identifier for "any-policy"
*/
- public static ObjectIdentifier AnyPolicy_Id;
- static {
- try {
- AnyPolicy_Id = new ObjectIdentifier("2.5.29.32.0");
- } catch (IOException ioe) {
- // Should not happen
- }
- }
+ public static ObjectIdentifier AnyPolicy_Id =
+ ObjectIdentifier.of("2.5.29.32.0");
/**
* Attribute names.
diff --git a/src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java b/src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java
index ca4dc3c53c3..c5577bbf2ec 100644
--- a/src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java
+++ b/src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -69,20 +69,11 @@ implements CertAttrSet<String> {
public static final String S_MIME_CA = "s_mime_ca";
public static final String OBJECT_SIGNING_CA = "object_signing_ca";
- private static final int[] CertType_data = { 2, 16, 840, 1, 113730, 1, 1 };
-
/**
* Object identifier for the Netscape-Cert-Type extension.
*/
- public static ObjectIdentifier NetscapeCertType_Id;
-
- static {
- try {
- NetscapeCertType_Id = new ObjectIdentifier(CertType_data);
- } catch (IOException ioe) {
- // should not happen
- }
- }
+ public static ObjectIdentifier NetscapeCertType_Id =
+ ObjectIdentifier.of("2.16.840.1.113730.1.1");
private boolean[] bitString;
diff --git a/src/java.base/share/classes/sun/security/x509/OIDMap.java b/src/java.base/share/classes/sun/security/x509/OIDMap.java
index a39493e279a..472de53e171 100644
--- a/src/java.base/share/classes/sun/security/x509/OIDMap.java
+++ b/src/java.base/share/classes/sun/security/x509/OIDMap.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -102,9 +102,6 @@ public class OIDMap {
private static final String OCSPNOCHECK = ROOT + "." +
OCSPNoCheckExtension.NAME;
- private static final int[] NetscapeCertType_data =
- { 2, 16, 840, 1, 113730, 1, 1 };
-
/** Map ObjectIdentifier(oid) -> OIDInfo(info) */
private static final Map<ObjectIdentifier,OIDInfo> oidMap;
@@ -138,8 +135,8 @@ public class OIDMap {
"sun.security.x509.AuthorityKeyIdentifierExtension");
addInternal(POLICY_CONSTRAINTS, PKIXExtensions.PolicyConstraints_Id,
"sun.security.x509.PolicyConstraintsExtension");
- addInternal(NETSCAPE_CERT, ObjectIdentifier.newInternal
- (new int[] {2,16,840,1,113730,1,1}),
+ addInternal(NETSCAPE_CERT,
+ ObjectIdentifier.of("2.16.840.1.113730.1.1"),
"sun.security.x509.NetscapeCertTypeExtension");
addInternal(CERT_POLICIES, PKIXExtensions.CertificatePolicies_Id,
"sun.security.x509.CertificatePoliciesExtension");
diff --git a/src/java.base/share/classes/sun/security/x509/PKIXExtensions.java b/src/java.base/share/classes/sun/security/x509/PKIXExtensions.java
index bf4f8fdf80c..af182f57663 100644
--- a/src/java.base/share/classes/sun/security/x509/PKIXExtensions.java
+++ b/src/java.base/share/classes/sun/security/x509/PKIXExtensions.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
package sun.security.x509;
-import java.io.*;
import sun.security.util.*;
@@ -48,163 +47,151 @@ import sun.security.util.*;
* @author Hemma Prafullchandra
*/
public class PKIXExtensions {
- // The object identifiers
- private static final int[] AuthorityKey_data = { 2, 5, 29, 35 };
- private static final int[] SubjectKey_data = { 2, 5, 29, 14 };
- private static final int[] KeyUsage_data = { 2, 5, 29, 15 };
- private static final int[] PrivateKeyUsage_data = { 2, 5, 29, 16 };
- private static final int[] CertificatePolicies_data = { 2, 5, 29, 32 };
- private static final int[] PolicyMappings_data = { 2, 5, 29, 33 };
- private static final int[] SubjectAlternativeName_data = { 2, 5, 29, 17 };
- private static final int[] IssuerAlternativeName_data = { 2, 5, 29, 18 };
- private static final int[] SubjectDirectoryAttributes_data = { 2, 5, 29, 9 };
- private static final int[] BasicConstraints_data = { 2, 5, 29, 19 };
- private static final int[] NameConstraints_data = { 2, 5, 29, 30 };
- private static final int[] PolicyConstraints_data = { 2, 5, 29, 36 };
- private static final int[] CRLDistributionPoints_data = { 2, 5, 29, 31 };
- private static final int[] CRLNumber_data = { 2, 5, 29, 20 };
- private static final int[] IssuingDistributionPoint_data = { 2, 5, 29, 28 };
- private static final int[] DeltaCRLIndicator_data = { 2, 5, 29, 27 };
- private static final int[] ReasonCode_data = { 2, 5, 29, 21 };
- private static final int[] HoldInstructionCode_data = { 2, 5, 29, 23 };
- private static final int[] InvalidityDate_data = { 2, 5, 29, 24 };
- private static final int[] ExtendedKeyUsage_data = { 2, 5, 29, 37 };
- private static final int[] InhibitAnyPolicy_data = { 2, 5, 29, 54 };
- private static final int[] CertificateIssuer_data = { 2, 5, 29, 29 };
- private static final int[] AuthInfoAccess_data = { 1, 3, 6, 1, 5, 5, 7, 1, 1};
- private static final int[] SubjectInfoAccess_data = { 1, 3, 6, 1, 5, 5, 7, 1, 11};
- private static final int[] FreshestCRL_data = { 2, 5, 29, 46 };
- private static final int[] OCSPNoCheck_data = { 1, 3, 6, 1, 5, 5, 7,
- 48, 1, 5};
-
- // Additional extensions under the PKIX arc that are not necessarily
- // used in X.509 Certificates or CRLs.
- private static final int OCSPNonce_data [] = { 1, 3, 6, 1, 5, 5, 7,
- 48, 1, 2};
-
/**
* Identifies the particular public key used to sign the certificate.
*/
- public static final ObjectIdentifier AuthorityKey_Id;
+ public static final ObjectIdentifier AuthorityKey_Id =
+ ObjectIdentifier.of("2.5.29.35");
/**
* Identifies the particular public key used in an application.
*/
- public static final ObjectIdentifier SubjectKey_Id;
+ public static final ObjectIdentifier SubjectKey_Id =
+ ObjectIdentifier.of("2.5.29.14");
/**
* Defines the purpose of the key contained in the certificate.
*/
- public static final ObjectIdentifier KeyUsage_Id;
+ public static final ObjectIdentifier KeyUsage_Id =
+ ObjectIdentifier.of("2.5.29.15");
/**
* Allows the certificate issuer to specify a different validity period
* for the private key than the certificate.
*/
- public static final ObjectIdentifier PrivateKeyUsage_Id;
+ public static final ObjectIdentifier PrivateKeyUsage_Id =
+ ObjectIdentifier.of("2.5.29.16");
/**
* Contains the sequence of policy information terms.
*/
- public static final ObjectIdentifier CertificatePolicies_Id;
+ public static final ObjectIdentifier CertificatePolicies_Id =
+ ObjectIdentifier.of("2.5.29.32");
/**
* Lists pairs of object identifiers of policies considered equivalent by
* the issuing CA to the subject CA.
*/
- public static final ObjectIdentifier PolicyMappings_Id;
+ public static final ObjectIdentifier PolicyMappings_Id =
+ ObjectIdentifier.of("2.5.29.33");
/**
* Allows additional identities to be bound to the subject of the
* certificate.
*/
- public static final ObjectIdentifier SubjectAlternativeName_Id;
+ public static final ObjectIdentifier SubjectAlternativeName_Id =
+ ObjectIdentifier.of("2.5.29.17");
/**
* Allows additional identities to be associated with the certificate
* issuer.
*/
- public static final ObjectIdentifier IssuerAlternativeName_Id;
+ public static final ObjectIdentifier IssuerAlternativeName_Id =
+ ObjectIdentifier.of("2.5.29.18");
/**
* Identifies additional directory attributes.
* This extension is always non-critical.
*/
- public static final ObjectIdentifier SubjectDirectoryAttributes_Id;
+ public static final ObjectIdentifier SubjectDirectoryAttributes_Id =
+ ObjectIdentifier.of("2.5.29.9");
/**
* Identifies whether the subject of the certificate is a CA and how deep
* a certification path may exist through that CA.
*/
- public static final ObjectIdentifier BasicConstraints_Id;
+ public static final ObjectIdentifier BasicConstraints_Id =
+ ObjectIdentifier.of("2.5.29.19");
/**
* Provides for permitted and excluded subtrees that place restrictions
* on names that may be included within a certificate issued by a given CA.
*/
- public static final ObjectIdentifier NameConstraints_Id;
+ public static final ObjectIdentifier NameConstraints_Id =
+ ObjectIdentifier.of("2.5.29.30");
/**
* Used to either prohibit policy mapping or limit the set of policies
* that can be in subsequent certificates.
*/
- public static final ObjectIdentifier PolicyConstraints_Id;
+ public static final ObjectIdentifier PolicyConstraints_Id =
+ ObjectIdentifier.of("2.5.29.36");
/**
* Identifies how CRL information is obtained.
*/
- public static final ObjectIdentifier CRLDistributionPoints_Id;
+ public static final ObjectIdentifier CRLDistributionPoints_Id =
+ ObjectIdentifier.of("2.5.29.31");
/**
* Conveys a monotonically increasing sequence number for each CRL
* issued by a given CA.
*/
- public static final ObjectIdentifier CRLNumber_Id;
+ public static final ObjectIdentifier CRLNumber_Id =
+ ObjectIdentifier.of("2.5.29.20");
/**
* Identifies the CRL distribution point for a particular CRL.
*/
- public static final ObjectIdentifier IssuingDistributionPoint_Id;
+ public static final ObjectIdentifier IssuingDistributionPoint_Id =
+ ObjectIdentifier.of("2.5.29.28");
/**
* Identifies the delta CRL.
*/
- public static final ObjectIdentifier DeltaCRLIndicator_Id;
+ public static final ObjectIdentifier DeltaCRLIndicator_Id =
+ ObjectIdentifier.of("2.5.29.27");
/**
* Identifies the reason for the certificate revocation.
*/
- public static final ObjectIdentifier ReasonCode_Id;
+ public static final ObjectIdentifier ReasonCode_Id =
+ ObjectIdentifier.of("2.5.29.21");
/**
* This extension provides a registered instruction identifier indicating
* the action to be taken, after encountering a certificate that has been
* placed on hold.
*/
- public static final ObjectIdentifier HoldInstructionCode_Id;
+ public static final ObjectIdentifier HoldInstructionCode_Id =
+ ObjectIdentifier.of("2.5.29.23");
/**
* Identifies the date on which it is known or suspected that the private
* key was compromised or that the certificate otherwise became invalid.
*/
- public static final ObjectIdentifier InvalidityDate_Id;
+ public static final ObjectIdentifier InvalidityDate_Id =
+ ObjectIdentifier.of("2.5.29.24");
/**
* Identifies one or more purposes for which the certified public key
* may be used, in addition to or in place of the basic purposes
* indicated in the key usage extension field.
*/
- public static final ObjectIdentifier ExtendedKeyUsage_Id;
+ public static final ObjectIdentifier ExtendedKeyUsage_Id =
+ ObjectIdentifier.of("2.5.29.37");
/**
* Specifies whether any-policy policy OID is permitted
*/
- public static final ObjectIdentifier InhibitAnyPolicy_Id;
+ public static final ObjectIdentifier InhibitAnyPolicy_Id =
+ ObjectIdentifier.of("2.5.29.54");
/**
* Identifies the certificate issuer associated with an entry in an
* indirect CRL.
*/
- public static final ObjectIdentifier CertificateIssuer_Id;
+ public static final ObjectIdentifier CertificateIssuer_Id =
+ ObjectIdentifier.of("2.5.29.29");
/**
* This extension indicates how to access CA information and services for
@@ -212,73 +199,33 @@ public class PKIXExtensions {
* This information may be used for on-line certification validation
* services.
*/
- public static final ObjectIdentifier AuthInfoAccess_Id;
+ public static final ObjectIdentifier AuthInfoAccess_Id =
+ ObjectIdentifier.of("1.3.6.1.5.5.7.1.1");
/**
* This extension indicates how to access CA information and services for
* the subject of the certificate in which the extension appears.
*/
- public static final ObjectIdentifier SubjectInfoAccess_Id;
+ public static final ObjectIdentifier SubjectInfoAccess_Id =
+ ObjectIdentifier.of("1.3.6.1.5.5.7.1.11");
/**
* Identifies how delta CRL information is obtained.
*/
- public static final ObjectIdentifier FreshestCRL_Id;
+ public static final ObjectIdentifier FreshestCRL_Id =
+ ObjectIdentifier.of("2.5.29.46");
/**
* Identifies the OCSP client can trust the responder for the
* lifetime of the responder's certificate.
*/
- public static final ObjectIdentifier OCSPNoCheck_Id;
+ public static final ObjectIdentifier OCSPNoCheck_Id =
+ ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.5");
/**
* This extension is used to provide nonce data for OCSP requests
* or responses.
*/
- public static final ObjectIdentifier OCSPNonce_Id;
-
- static {
- AuthorityKey_Id = ObjectIdentifier.newInternal(AuthorityKey_data);
- SubjectKey_Id = ObjectIdentifier.newInternal(SubjectKey_data);
- KeyUsage_Id = ObjectIdentifier.newInternal(KeyUsage_data);
- PrivateKeyUsage_Id = ObjectIdentifier.newInternal(PrivateKeyUsage_data);
- CertificatePolicies_Id =
- ObjectIdentifier.newInternal(CertificatePolicies_data);
- PolicyMappings_Id = ObjectIdentifier.newInternal(PolicyMappings_data);
- SubjectAlternativeName_Id =
- ObjectIdentifier.newInternal(SubjectAlternativeName_data);
- IssuerAlternativeName_Id =
- ObjectIdentifier.newInternal(IssuerAlternativeName_data);
- ExtendedKeyUsage_Id = ObjectIdentifier.newInternal(ExtendedKeyUsage_data);
- InhibitAnyPolicy_Id = ObjectIdentifier.newInternal(InhibitAnyPolicy_data);
- SubjectDirectoryAttributes_Id =
- ObjectIdentifier.newInternal(SubjectDirectoryAttributes_data);
- BasicConstraints_Id =
- ObjectIdentifier.newInternal(BasicConstraints_data);
- ReasonCode_Id = ObjectIdentifier.newInternal(ReasonCode_data);
- HoldInstructionCode_Id =
- ObjectIdentifier.newInternal(HoldInstructionCode_data);
- InvalidityDate_Id = ObjectIdentifier.newInternal(InvalidityDate_data);
-
- NameConstraints_Id = ObjectIdentifier.newInternal(NameConstraints_data);
- PolicyConstraints_Id =
- ObjectIdentifier.newInternal(PolicyConstraints_data);
- CRLDistributionPoints_Id =
- ObjectIdentifier.newInternal(CRLDistributionPoints_data);
- CRLNumber_Id =
- ObjectIdentifier.newInternal(CRLNumber_data);
- IssuingDistributionPoint_Id =
- ObjectIdentifier.newInternal(IssuingDistributionPoint_data);
- DeltaCRLIndicator_Id =
- ObjectIdentifier.newInternal(DeltaCRLIndicator_data);
- CertificateIssuer_Id =
- ObjectIdentifier.newInternal(CertificateIssuer_data);
- AuthInfoAccess_Id =
- ObjectIdentifier.newInternal(AuthInfoAccess_data);
- SubjectInfoAccess_Id =
- ObjectIdentifier.newInternal(SubjectInfoAccess_data);
- FreshestCRL_Id = ObjectIdentifier.newInternal(FreshestCRL_data);
- OCSPNoCheck_Id = ObjectIdentifier.newInternal(OCSPNoCheck_data);
- OCSPNonce_Id = ObjectIdentifier.newInternal(OCSPNonce_data);
- }
+ public static final ObjectIdentifier OCSPNonce_Id =
+ ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.2");
}
diff --git a/src/java.base/share/classes/sun/security/x509/X500Name.java b/src/java.base/share/classes/sun/security/x509/X500Name.java
index 9bf9c55fb61..ed265524151 100644
--- a/src/java.base/share/classes/sun/security/x509/X500Name.java
+++ b/src/java.base/share/classes/sun/security/x509/X500Name.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1102,104 +1102,83 @@ public class X500Name implements GeneralNameInterface, Principal {
* Includes all those specified in RFC 5280 as MUST or SHOULD
* be recognized
*/
- private static final int[] commonName_data = { 2, 5, 4, 3 };
- private static final int[] SURNAME_DATA = { 2, 5, 4, 4 };
- private static final int[] SERIALNUMBER_DATA = { 2, 5, 4, 5 };
- private static final int[] countryName_data = { 2, 5, 4, 6 };
- private static final int[] localityName_data = { 2, 5, 4, 7 };
- private static final int[] stateName_data = { 2, 5, 4, 8 };
- private static final int[] streetAddress_data = { 2, 5, 4, 9 };
- private static final int[] orgName_data = { 2, 5, 4, 10 };
- private static final int[] orgUnitName_data = { 2, 5, 4, 11 };
- private static final int[] title_data = { 2, 5, 4, 12 };
- private static final int[] GIVENNAME_DATA = { 2, 5, 4, 42 };
- private static final int[] INITIALS_DATA = { 2, 5, 4, 43 };
- private static final int[] GENERATIONQUALIFIER_DATA = { 2, 5, 4, 44 };
- private static final int[] DNQUALIFIER_DATA = { 2, 5, 4, 46 };
-
- private static final int[] ipAddress_data = { 1, 3, 6, 1, 4, 1, 42, 2, 11, 2, 1 };
- private static final int[] DOMAIN_COMPONENT_DATA =
- { 0, 9, 2342, 19200300, 100, 1, 25 };
- private static final int[] userid_data =
- { 0, 9, 2342, 19200300, 100, 1, 1 };
-
// OID for the "CN=" attribute, denoting a person's common name.
public static final ObjectIdentifier commonName_oid =
- ObjectIdentifier.newInternal(commonName_data);
+ ObjectIdentifier.of("2.5.4.3");
+
+ // OID for the "SURNAME=" attribute, denoting a person's surname.
+ public static final ObjectIdentifier SURNAME_OID =
+ ObjectIdentifier.of("2.5.4.4");
// OID for the "SERIALNUMBER=" attribute, denoting a serial number for.
// a name. Do not confuse with PKCS#9 issuerAndSerialNumber or the
// certificate serial number.
public static final ObjectIdentifier SERIALNUMBER_OID =
- ObjectIdentifier.newInternal(SERIALNUMBER_DATA);
+ ObjectIdentifier.of("2.5.4.5");
// OID for the "C=" attribute, denoting a country.
public static final ObjectIdentifier countryName_oid =
- ObjectIdentifier.newInternal(countryName_data);
+ ObjectIdentifier.of("2.5.4.6");
// OID for the "L=" attribute, denoting a locality (such as a city).
public static final ObjectIdentifier localityName_oid =
- ObjectIdentifier.newInternal(localityName_data);
-
- // OID for the "O=" attribute, denoting an organization name.
- public static final ObjectIdentifier orgName_oid =
- ObjectIdentifier.newInternal(orgName_data);
-
- // OID for the "OU=" attribute, denoting an organizational unit name.
- public static final ObjectIdentifier orgUnitName_oid =
- ObjectIdentifier.newInternal(orgUnitName_data);
+ ObjectIdentifier.of("2.5.4.7");
// OID for the "S=" attribute, denoting a state (such as Delaware).
public static final ObjectIdentifier stateName_oid =
- ObjectIdentifier.newInternal(stateName_data);
+ ObjectIdentifier.of("2.5.4.8");
// OID for the "STREET=" attribute, denoting a street address.
public static final ObjectIdentifier streetAddress_oid =
- ObjectIdentifier.newInternal(streetAddress_data);
+ ObjectIdentifier.of("2.5.4.9");
+
+ // OID for the "O=" attribute, denoting an organization name.
+ public static final ObjectIdentifier orgName_oid =
+ ObjectIdentifier.of("2.5.4.10");
+
+ // OID for the "OU=" attribute, denoting an organizational unit name.
+ public static final ObjectIdentifier orgUnitName_oid =
+ ObjectIdentifier.of("2.5.4.11");
// OID for the "T=" attribute, denoting a person's title.
public static final ObjectIdentifier title_oid =
- ObjectIdentifier.newInternal(title_data);
+ ObjectIdentifier.of("2.5.4.12");
+
+ // OID for the "GIVENNAME=" attribute, denoting a person's given name.
+ public static final ObjectIdentifier GIVENNAME_OID =
+ ObjectIdentifier.of("2.5.4.42");
+
+ // OID for the "INITIALS=" attribute, denoting a person's initials.
+ public static final ObjectIdentifier INITIALS_OID =
+ ObjectIdentifier.of("2.5.4.43");
+
+ // OID for the "GENERATION=" attribute, denoting Jr., II, etc.
+ public static final ObjectIdentifier GENERATIONQUALIFIER_OID =
+ ObjectIdentifier.of("2.5.4.44");
// OID for the "DNQUALIFIER=" or "DNQ=" attribute, denoting DN
// disambiguating information.
public static final ObjectIdentifier DNQUALIFIER_OID =
- ObjectIdentifier.newInternal(DNQUALIFIER_DATA);
-
- // OID for the "SURNAME=" attribute, denoting a person's surname.
- public static final ObjectIdentifier SURNAME_OID =
- ObjectIdentifier.newInternal(SURNAME_DATA);
-
- // OID for the "GIVENNAME=" attribute, denoting a person's given name.
- public static final ObjectIdentifier GIVENNAME_OID =
- ObjectIdentifier.newInternal(GIVENNAME_DATA);
-
- // OID for the "INITIALS=" attribute, denoting a person's initials.
- public static final ObjectIdentifier INITIALS_OID =
- ObjectIdentifier.newInternal(INITIALS_DATA);
-
- // OID for the "GENERATION=" attribute, denoting Jr., II, etc.
- public static final ObjectIdentifier GENERATIONQUALIFIER_OID =
- ObjectIdentifier.newInternal(GENERATIONQUALIFIER_DATA);
+ ObjectIdentifier.of("2.5.4.46");
// OIDs from other sources which show up in X.500 names we
// expect to deal with often.
//
// OID for "IP=" IP address attributes, used with SKIP.
public static final ObjectIdentifier ipAddress_oid =
- ObjectIdentifier.newInternal(ipAddress_data);
+ ObjectIdentifier.of("1.3.6.1.4.1.42.2.11.2.1");
// Domain component OID from RFC 1274, RFC 2247, RFC 5280.
//
- // OID for "DC=" domain component attributes, used with DNSNames in DN
+ // OID for "DC=" domain component attributes.used with DNSNames in DN
// format.
public static final ObjectIdentifier DOMAIN_COMPONENT_OID =
- ObjectIdentifier.newInternal(DOMAIN_COMPONENT_DATA);
+ ObjectIdentifier.of("0.9.2342.19200300.100.1.25");
// OID for "UID=" denoting a user id, defined in RFCs 1274 & 2798.
public static final ObjectIdentifier userid_oid =
- ObjectIdentifier.newInternal(userid_data);
+ ObjectIdentifier.of("0.9.2342.19200300.100.1.1");
/**
* Return constraint type:<ul>
diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/XECParameters.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/XECParameters.java
index 9d7bddb5edb..728ceef5e8e 100644
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/XECParameters.java
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/XECParameters.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -120,8 +120,8 @@ public class XECParameters {
// set up X25519
try {
BigInteger p = TWO.pow(255).subtract(BigInteger.valueOf(19));
- addParameters(255, p, 121665, (byte) 0x09, 3,
- new int[]{1, 3, 101, 110}, NamedParameterSpec.X25519.getName(),
+ addParameters(255, p, 121665, (byte)0x09, 3,
+ "1.3.101.110", NamedParameterSpec.X25519.getName(),
bySize, byOid, byName);
} catch (IOException ex) {
@@ -132,8 +132,8 @@ public class XECParameters {
try {
BigInteger p = TWO.pow(448).subtract(TWO.pow(224))
.subtract(BigInteger.ONE);
- addParameters(448, p, 39081, (byte) 0x05, 2,
- new int[]{1, 3, 101, 111}, NamedParameterSpec.X448.getName(),
+ addParameters(448, p, 39081, (byte)0x05, 2,
+ "1.3.101.111", NamedParameterSpec.X448.getName(),
bySize, byOid, byName);
} catch (IOException ex) {
@@ -146,12 +146,12 @@ public class XECParameters {
}
private static void addParameters(int bits, BigInteger p, int a24,
- byte basePoint, int logCofactor, int[] oidBytes, String name,
+ byte basePoint, int logCofactor, String objectId, String name,
Map<Integer, XECParameters> bySize,
Map<ObjectIdentifier, XECParameters> byOid,
Map<String, XECParameters> byName) throws IOException {
- ObjectIdentifier oid = new ObjectIdentifier(oidBytes);
+ ObjectIdentifier oid = new ObjectIdentifier(objectId);
XECParameters params =
new XECParameters(bits, p, a24, basePoint, logCofactor, oid, name);
bySize.put(bits, params);
diff --git a/test/jdk/java/security/testlibrary/SimpleOCSPServer.java b/test/jdk/java/security/testlibrary/SimpleOCSPServer.java
index 4901e6f2651..6651ba0b3c7 100644
--- a/test/jdk/java/security/testlibrary/SimpleOCSPServer.java
+++ b/test/jdk/java/security/testlibrary/SimpleOCSPServer.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -59,8 +59,7 @@ import sun.security.util.ObjectIdentifier;
public class SimpleOCSPServer {
private final Debug debug = Debug.getInstance("oserv");
private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID =
- ObjectIdentifier.newInternal(
- new int[] { 1, 3, 6, 1, 5, 5, 7, 48, 1, 1});
+ ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.1");
private static final SimpleDateFormat utcDateFmt =
new SimpleDateFormat("MMM dd yyyy, HH:mm:ss z");
diff --git a/test/jdk/sun/security/util/Oid/OidEquals.java b/test/jdk/sun/security/util/Oid/OidEquals.java
index 554455b345b..5dfd7b2b929 100644
--- a/test/jdk/sun/security/util/Oid/OidEquals.java
+++ b/test/jdk/sun/security/util/Oid/OidEquals.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -33,13 +33,10 @@ import sun.security.util.ObjectIdentifier;
public class OidEquals {
public static void main(String[] args) throws Exception {
ObjectIdentifier oid1 = new ObjectIdentifier("1.3.6.1.4.1.42.2.17");
- ObjectIdentifier oid2 =
- new ObjectIdentifier(new int[]{1, 3, 6, 1, 4, 1, 42, 2, 17});
- ObjectIdentifier oid3 = new ObjectIdentifier("1.2.3.4");
+ ObjectIdentifier oid2 = new ObjectIdentifier("1.2.3.4");
assertEquals(oid1, oid1);
- assertEquals(oid1, oid2);
- assertNotEquals(oid1, oid3);
+ assertNotEquals(oid1, oid2);
assertNotEquals(oid1, "1.3.6.1.4.1.42.2.17");
System.out.println("Tests passed.");
diff --git a/test/jdk/sun/security/util/Oid/OidFormat.java b/test/jdk/sun/security/util/Oid/OidFormat.java
index 48dd2f925bc..c37997d45df 100644
--- a/test/jdk/sun/security/util/Oid/OidFormat.java
+++ b/test/jdk/sun/security/util/Oid/OidFormat.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -86,52 +86,6 @@ public class OidFormat {
for (String s: goodOids) {
testGood(s);
}
-
- int[][] goodInts = {
- {0,0}, {0,1}, {1,0}, {1,2},
- {0,39}, {1,39}, {2,47}, {2,40,3,6}, {2,100,3}, {2,123456,3},
- {1,2,3}, {1,2,3445},
- {1,3,6,1,4,1,42,2,17},
- };
-
- for (int[] is: goodInts) {
- testGood(is);
- }
-
- int[][] badInts = new int[][] {
- {0}, {1}, {2},
- {3,1,1}, {3}, {4},
- {1,40}, {1,111,1},
- {-1,2}, {0,-2}, {1,-2}, {2,-2},
- {1,2,-3,4}, {1,2,3,-4},
- };
-
- for (int[] is: badInts) {
- testBad(is);
- }
-
- }
-
- static void testBad(int[] ints) throws Exception {
- System.err.println("Trying " + Arrays.toString(ints));
- try {
- new ObjectIdentifier(ints);
- throw new Exception("should be invalid ObjectIdentifier");
- } catch (IOException ioe) {
- System.err.println(ioe);
- }
- }
-
- static void testGood(int[] ints) throws Exception {
- System.err.println("Trying " + Arrays.toString(ints));
- ObjectIdentifier oid = new ObjectIdentifier(ints);
- DerOutputStream os = new DerOutputStream();
- os.putOID(oid);
- DerInputStream is = new DerInputStream(os.toByteArray());
- ObjectIdentifier oid2 = is.getOID();
- if (!oid.equals(oid2)) {
- throw new Exception("Test DER I/O fails: " + oid + " and " + oid2);
- }
}
static void testGood(String s) throws Exception {
diff --git a/test/jdk/sun/security/x509/AVA/AVAEqualsHashCode.java b/test/jdk/sun/security/x509/AVA/AVAEqualsHashCode.java
index 161cd790403..55d114d9410 100644
--- a/test/jdk/sun/security/x509/AVA/AVAEqualsHashCode.java
+++ b/test/jdk/sun/security/x509/AVA/AVAEqualsHashCode.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -40,13 +40,11 @@ public class AVAEqualsHashCode {
public static void main(String[] args) throws Exception {
- int data[] = { 1, 2, 840, 113549, 2, 5 };
-
// encode
String name = "CN=eve s. dropper";
X500Name dn = new X500Name(name);
DerOutputStream deros = new DerOutputStream();
- ObjectIdentifier oid = new ObjectIdentifier(data);
+ ObjectIdentifier oid = new ObjectIdentifier("1.2.840.113549.2.5");
dn.encode(deros);
byte[] ba = deros.toByteArray();
diff --git a/test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java b/test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java
index 6fde08c73c9..4dc4b921cb4 100644
--- a/test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java
+++ b/test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -153,9 +153,9 @@ public class V3Certificate {
GeneralNameInterface ipInf = new IPAddressName(address);
GeneralName ip = new GeneralName(ipInf);
- int[] oidData = new int[]{1, 2, 3, 4};
- GeneralNameInterface oidInf = new OIDName(new ObjectIdentifier(oidData));
+ GeneralNameInterface oidInf =
+ new OIDName(new ObjectIdentifier("1.2.3.4"));
GeneralName oid = new GeneralName(oidInf);
SubjectAlternativeNameExtension subjectName