8246397: Use KnownOIDs for known OIDs

Reviewed-by: xuelei

src/java.base/share/classes/java/security/Signature.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,6 +46,7 @@ import jdk.internal.access.SharedSecrets;
 import sun.security.util.Debug;
 import sun.security.jca.*;
 import sun.security.jca.GetInstance.Instance;
+import sun.security.util.KnownOIDs;
 
 /**
  * The Signature class is used to provide applications the functionality
@@ -548,7 +549,7 @@ public abstract class Signature extends SignatureSpi {
             Set<String> critSet = c.getCriticalExtensionOIDs();
 
             if (critSet != null && !critSet.isEmpty()
-                && critSet.contains("2.5.29.15")) {
+                && critSet.contains(KnownOIDs.KeyUsage.value())) {
                 boolean[] keyUsageInfo = c.getKeyUsage();
                 // keyUsageInfo[0] is for digitalSignature.
                 if ((keyUsageInfo != null) && (keyUsageInfo[0] == false))

src/java.base/share/classes/java/security/cert/CertificateRevokedException.java

@@ -35,6 +35,7 @@ import java.util.Map;
 import javax.security.auth.x500.X500Principal;
 
 import sun.security.util.IOUtils;
+import sun.security.util.KnownOIDs;
 import sun.security.util.ObjectIdentifier;
 import sun.security.x509.InvalidityDateExtension;
 
@@ -149,7 +150,7 @@ public class CertificateRevokedException extends CertificateException {
      * @return the invalidity date, or {@code null} if not specified
      */
     public Date getInvalidityDate() {
-        Extension ext = getExtensions().get("2.5.29.24");
+        Extension ext = getExtensions().get(KnownOIDs.InvalidityDate.value());
         if (ext == null) {
             return null;
         } else {

src/java.base/share/classes/java/security/cert/X509CRLSelector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@ import javax.security.auth.x500.X500Principal;
 
 import sun.security.util.Debug;
 import sun.security.util.DerInputStream;
+import sun.security.util.KnownOIDs;
 import sun.security.x509.CRLNumberExtension;
 import sun.security.x509.X500Name;
 
@@ -620,7 +621,7 @@ public class X509CRLSelector implements CRLSelector {
 
         if ((minCRL != null) || (maxCRL != null)) {
             /* Get CRL number extension from CRL */
-            byte[] crlNumExtVal = xcrl.getExtensionValue("2.5.29.20");
+            byte[] crlNumExtVal = xcrl.getExtensionValue(KnownOIDs.CRLNumber.value());
             if (crlNumExtVal == null) {
                 if (debug != null) {
                     debug.println("X509CRLSelector.match: no CRLNumber");

src/java.base/share/classes/java/security/cert/X509CertSelector.java

@@ -117,22 +117,6 @@ public class X509CertSelector implements CertSelector {
 
     private static final Boolean FALSE = Boolean.FALSE;
 
-    private static final int PRIVATE_KEY_USAGE_ID = 0;
-    private static final int SUBJECT_ALT_NAME_ID = 1;
-    private static final int NAME_CONSTRAINTS_ID = 2;
-    private static final int CERT_POLICIES_ID = 3;
-    private static final int EXTENDED_KEY_USAGE_ID = 4;
-    private static final int NUM_OF_EXTENSIONS = 5;
-    private static final String[] EXTENSION_OIDS = new String[NUM_OF_EXTENSIONS];
-
-    static {
-        EXTENSION_OIDS[PRIVATE_KEY_USAGE_ID]  = "2.5.29.16";
-        EXTENSION_OIDS[SUBJECT_ALT_NAME_ID]   = "2.5.29.17";
-        EXTENSION_OIDS[NAME_CONSTRAINTS_ID]   = "2.5.29.30";
-        EXTENSION_OIDS[CERT_POLICIES_ID]      = "2.5.29.32";
-        EXTENSION_OIDS[EXTENDED_KEY_USAGE_ID] = "2.5.29.37";
-    };
-
     /* Constants representing the GeneralName types */
     static final int NAME_ANY = 0;
     static final int NAME_RFC822 = 1;
@@ -1940,48 +1924,48 @@ public class X509CertSelector implements CertSelector {
      * object with the extension encoding retrieved from the passed in
      * {@code X509Certificate}.
      */
-    private static Extension getExtensionObject(X509Certificate cert, int extId)
+    private static Extension getExtensionObject(X509Certificate cert, KnownOIDs extId)
             throws IOException {
         if (cert instanceof X509CertImpl) {
-            X509CertImpl impl = (X509CertImpl)cert;
+            X509CertImpl impl = (X509CertImpl) cert;
             switch (extId) {
-            case PRIVATE_KEY_USAGE_ID:
-                return impl.getPrivateKeyUsageExtension();
-            case SUBJECT_ALT_NAME_ID:
-                return impl.getSubjectAlternativeNameExtension();
-            case NAME_CONSTRAINTS_ID:
-                return impl.getNameConstraintsExtension();
-            case CERT_POLICIES_ID:
-                return impl.getCertificatePoliciesExtension();
-            case EXTENDED_KEY_USAGE_ID:
-                return impl.getExtendedKeyUsageExtension();
-            default:
-                return null;
+                case PrivateKeyUsage:
+                    return impl.getPrivateKeyUsageExtension();
+                case SubjectAlternativeName:
+                    return impl.getSubjectAlternativeNameExtension();
+                case NameConstraints:
+                    return impl.getNameConstraintsExtension();
+                case CertificatePolicies:
+                    return impl.getCertificatePoliciesExtension();
+                case extendedKeyUsage:
+                    return impl.getExtendedKeyUsageExtension();
+                default:
+                    return null;
             }
         }
-        byte[] rawExtVal = cert.getExtensionValue(EXTENSION_OIDS[extId]);
+        byte[] rawExtVal = cert.getExtensionValue(extId.value());
         if (rawExtVal == null) {
             return null;
         }
         DerInputStream in = new DerInputStream(rawExtVal);
         byte[] encoded = in.getOctetString();
         switch (extId) {
-        case PRIVATE_KEY_USAGE_ID:
-            try {
-                return new PrivateKeyUsageExtension(FALSE, encoded);
-            } catch (CertificateException ex) {
-                throw new IOException(ex.getMessage());
-            }
-        case SUBJECT_ALT_NAME_ID:
-            return new SubjectAlternativeNameExtension(FALSE, encoded);
-        case NAME_CONSTRAINTS_ID:
-            return new NameConstraintsExtension(FALSE, encoded);
-        case CERT_POLICIES_ID:
-            return new CertificatePoliciesExtension(FALSE, encoded);
-        case EXTENDED_KEY_USAGE_ID:
-            return new ExtendedKeyUsageExtension(FALSE, encoded);
-        default:
-            return null;
+            case PrivateKeyUsage:
+                try {
+                    return new PrivateKeyUsageExtension(FALSE, encoded);
+                } catch (CertificateException ex) {
+                    throw new IOException(ex.getMessage());
+                }
+            case SubjectAlternativeName:
+                return new SubjectAlternativeNameExtension(FALSE, encoded);
+            case NameConstraints:
+                return new NameConstraintsExtension(FALSE, encoded);
+            case CertificatePolicies:
+                return new CertificatePoliciesExtension(FALSE, encoded);
+            case extendedKeyUsage:
+                return new ExtendedKeyUsageExtension(FALSE, encoded);
+            default:
+                return null;
         }
     }
 
@@ -2171,7 +2155,7 @@ public class X509CertSelector implements CertSelector {
         PrivateKeyUsageExtension ext = null;
         try {
             ext = (PrivateKeyUsageExtension)
-                getExtensionObject(xcert, PRIVATE_KEY_USAGE_ID);
+                getExtensionObject(xcert, KnownOIDs.PrivateKeyUsage);
             if (ext != null) {
                 ext.valid(privateKeyValid);
             }
@@ -2283,7 +2267,7 @@ public class X509CertSelector implements CertSelector {
         try {
             ExtendedKeyUsageExtension ext =
                 (ExtendedKeyUsageExtension)getExtensionObject(xcert,
-                                                EXTENDED_KEY_USAGE_ID);
+                                                KnownOIDs.extendedKeyUsage);
             if (ext != null) {
                 Vector<ObjectIdentifier> certKeyPurposeVector =
                     ext.get(ExtendedKeyUsageExtension.USAGES);
@@ -2313,8 +2297,8 @@ public class X509CertSelector implements CertSelector {
         }
         try {
             SubjectAlternativeNameExtension sanExt =
-                (SubjectAlternativeNameExtension) getExtensionObject(xcert,
-                                                      SUBJECT_ALT_NAME_ID);
+                (SubjectAlternativeNameExtension) getExtensionObject(
+                        xcert, KnownOIDs.SubjectAlternativeName);
             if (sanExt == null) {
                 if (debug != null) {
                   debug.println("X509CertSelector.match: "
@@ -2383,7 +2367,7 @@ public class X509CertSelector implements CertSelector {
         }
         try {
             CertificatePoliciesExtension ext = (CertificatePoliciesExtension)
-                getExtensionObject(xcert, CERT_POLICIES_ID);
+                getExtensionObject(xcert, KnownOIDs.CertificatePolicies);
             if (ext == null) {
                 if (debug != null) {
                   debug.println("X509CertSelector.match: "
@@ -2448,7 +2432,7 @@ public class X509CertSelector implements CertSelector {
         }
         try {
             NameConstraintsExtension ext = (NameConstraintsExtension)
-                getExtensionObject(xcert, NAME_CONSTRAINTS_ID);
+                getExtensionObject(xcert, KnownOIDs.NameConstraints);
             if (ext == null) {
                 return true;
             }

src/java.base/share/classes/javax/crypto/Cipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,6 +45,7 @@ import java.nio.ReadOnlyBufferException;
 
 import sun.security.util.Debug;
 import sun.security.jca.*;
+import sun.security.util.KnownOIDs;
 
 /**
  * This class provides the functionality of a cryptographic cipher for
@@ -238,9 +239,6 @@ public class Cipher {
     // cipher has been initialized.
     private int opmode = 0;
 
-    // The OID for the KeyUsage extension in an X.509 v3 certificate
-    private static final String KEY_USAGE_EXTENSION_OID = "2.5.29.15";
-
     // next SPI  to try in provider selection
     // null once provider is selected
     private CipherSpi firstSpi;
@@ -1742,7 +1740,7 @@ public class Cipher {
             Set<String> critSet = cert.getCriticalExtensionOIDs();
 
             if (critSet != null && !critSet.isEmpty()
-                && critSet.contains(KEY_USAGE_EXTENSION_OID)) {
+                && critSet.contains(KnownOIDs.KeyUsage.value())) {
                 boolean[] keyUsageInfo = cert.getKeyUsage();
                 // keyUsageInfo[2] is for keyEncipherment;
                 // keyUsageInfo[3] is for dataEncipherment.

src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java

@@ -2233,7 +2233,8 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
         X500Principal issuerPrinc = input.getIssuerX500Principal();
 
         // AuthorityKeyIdentifier value encoded as an OCTET STRING
-        byte[] issuerIdExtension = input.getExtensionValue("2.5.29.35");
+        byte[] issuerIdExtension = input.getExtensionValue(
+                KnownOIDs.AuthorityKeyID.value());
         byte[] issuerId = null;
 
         if (issuerIdExtension != null) {
@@ -2251,7 +2252,8 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
             if (cert.getSubjectX500Principal().equals(issuerPrinc)) {
                 if (issuerId != null) {
                     // SubjectKeyIdentifier value encoded as an OCTET STRING
-                    byte[] subjectIdExtension = cert.getExtensionValue("2.5.29.14");
+                    byte[] subjectIdExtension = cert.getExtensionValue(
+                            KnownOIDs.SubjectKeyID.value());
                     byte[] subjectId = null;
                     if (subjectIdExtension != null) {
                         try {

src/java.base/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,7 @@ import java.util.Date;
 
 import sun.security.util.Debug;
 import sun.security.util.DerInputStream;
+import sun.security.util.KnownOIDs;
 import sun.security.x509.SerialNumber;
 import sun.security.x509.AuthorityKeyIdentifierExtension;
 
@@ -212,7 +213,8 @@ class AdaptableX509CertSelector extends X509CertSelector {
             return true;
         }
         try {
-            byte[] extVal = xcert.getExtensionValue("2.5.29.14");
+            byte[] extVal = xcert.getExtensionValue(
+                    KnownOIDs.SubjectKeyID.value());
             if (extVal == null) {
                 if (debug != null && Debug.isVerbose()) {
                     debug.println("AdaptableX509CertSelector.match: "

src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,6 @@
 package sun.security.provider.certpath;
 
 import java.io.IOException;
-import java.security.GeneralSecurityException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertPathValidatorException;
@@ -38,6 +37,7 @@ import java.security.cert.X509Certificate;
 import java.util.*;
 
 import sun.security.util.Debug;
+import sun.security.util.KnownOIDs;
 import sun.security.x509.CertificatePoliciesExtension;
 import sun.security.x509.PolicyConstraintsExtension;
 import sun.security.x509.PolicyMappingsExtension;
@@ -72,7 +72,7 @@ class PolicyChecker extends PKIXCertPathChecker {
     private Set<String> supportedExts;
 
     private static final Debug debug = Debug.getInstance("certpath");
-    static final String ANY_POLICY = "2.5.29.32.0";
+    static final String ANY_POLICY = KnownOIDs.CE_CERT_POLICIES_ANY.value();
 
     /**
      * Constructs a Policy Checker.

src/java.base/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
 
 package sun.security.provider.certpath;
 
+import sun.security.util.KnownOIDs;
+
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Iterator;
@@ -50,7 +52,8 @@ final class PolicyNodeImpl implements PolicyNode {
     /**
      * Use to specify the special policy "Any Policy"
      */
-    private static final String ANY_POLICY = "2.5.29.32.0";
+    private static final String ANY_POLICY
+            = KnownOIDs.CE_CERT_POLICIES_ANY.value();
 
     // every node has one parent, and zero or more children
     private PolicyNodeImpl mParent;

src/jdk.crypto.ec/share/classes/sun/security/ec/XECParameters.java

@@ -33,6 +33,7 @@ import java.util.Map;
 import java.util.HashMap;
 import java.util.function.Function;
 
+import sun.security.util.KnownOIDs;
 import sun.security.util.ObjectIdentifier;
 import sun.security.x509.AlgorithmId;
 
@@ -116,7 +117,7 @@ public class XECParameters {
         try {
             BigInteger p = TWO.pow(255).subtract(BigInteger.valueOf(19));
             addParameters(255, p, 121665, (byte)0x09, 3,
-                "1.3.101.110", NamedParameterSpec.X25519.getName(),
+                KnownOIDs.X25519.value(), NamedParameterSpec.X25519.getName(),
                 bySize, byOid, byName);
 
         } catch (IOException ex) {
@@ -128,7 +129,7 @@ public class XECParameters {
             BigInteger p = TWO.pow(448).subtract(TWO.pow(224))
                 .subtract(BigInteger.ONE);
             addParameters(448, p, 39081, (byte)0x05, 2,
-                "1.3.101.111", NamedParameterSpec.X448.getName(),
+                KnownOIDs.X448.value(), NamedParameterSpec.X448.getName(),
                 bySize, byOid, byName);
 
         } catch (IOException ex) {