author | weijun |
Thu, 13 Dec 2018 11:16:33 +0800 | |
changeset 52996 | 2457d862a646 |
parent 51216 | e429a304c97d |
child 53082 | 4c539cb11633 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
2 |
* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.security.x509; |
|
27 |
||
28 |
import java.io.*; |
|
29 |
import java.util.*; |
|
30 |
import java.security.*; |
|
31 |
||
32 |
import sun.security.util.*; |
|
33 |
||
34 |
||
35 |
/** |
|
36 |
* This class identifies algorithms, such as cryptographic transforms, each |
|
37 |
* of which may be associated with parameters. Instances of this base class |
|
38 |
* are used when this runtime environment has no special knowledge of the |
|
39 |
* algorithm type, and may also be used in other cases. Equivalence is |
|
40 |
* defined according to OID and (where relevant) parameters. |
|
41 |
* |
|
28059
e576535359cc
8067377: My hobby: caning, then then canning, the the can-can
martin
parents:
25859
diff
changeset
|
42 |
* <P>Subclasses may be used, for example when the algorithm ID has |
2 | 43 |
* associated parameters which some code (e.g. code using public keys) needs |
44 |
* to have parsed. Two examples of such algorithms are Diffie-Hellman key |
|
45 |
* exchange, and the Digital Signature Standard Algorithm (DSS/DSA). |
|
46 |
* |
|
47 |
* <P>The OID constants defined in this class correspond to some widely |
|
48 |
* used algorithms, for which conventional string names have been defined. |
|
49 |
* This class is not a general repository for OIDs, or for such string names. |
|
50 |
* Note that the mappings between algorithm IDs and algorithm names is |
|
51 |
* not one-to-one. |
|
52 |
* |
|
53 |
* |
|
54 |
* @author David Brownell |
|
55 |
* @author Amit Kapoor |
|
56 |
* @author Hemma Prafullchandra |
|
57 |
*/ |
|
58 |
public class AlgorithmId implements Serializable, DerEncoder { |
|
59 |
||
60 |
/** use serialVersionUID from JDK 1.1. for interoperability */ |
|
61 |
private static final long serialVersionUID = 7205873507486557157L; |
|
62 |
||
63 |
/** |
|
64 |
* The object identitifer being used for this algorithm. |
|
65 |
*/ |
|
66 |
private ObjectIdentifier algid; |
|
67 |
||
68 |
// The (parsed) parameters |
|
69 |
private AlgorithmParameters algParams; |
|
70 |
private boolean constructedFromDer = true; |
|
71 |
||
72 |
/** |
|
73 |
* Parameters for this algorithm. These are stored in unparsed |
|
74 |
* DER-encoded form; subclasses can be made to automaticaly parse |
|
75 |
* them so there is fast access to these parameters. |
|
76 |
*/ |
|
77 |
protected DerValue params; |
|
78 |
||
79 |
||
80 |
/** |
|
81 |
* Constructs an algorithm ID which will be initialized |
|
82 |
* separately, for example by deserialization. |
|
83 |
* @deprecated use one of the other constructors. |
|
84 |
*/ |
|
85 |
@Deprecated |
|
86 |
public AlgorithmId() { } |
|
87 |
||
88 |
/** |
|
89 |
* Constructs a parameterless algorithm ID. |
|
90 |
* |
|
91 |
* @param oid the identifier for the algorithm |
|
92 |
*/ |
|
93 |
public AlgorithmId(ObjectIdentifier oid) { |
|
94 |
algid = oid; |
|
95 |
} |
|
96 |
||
97 |
/** |
|
98 |
* Constructs an algorithm ID with algorithm parameters. |
|
99 |
* |
|
100 |
* @param oid the identifier for the algorithm. |
|
101 |
* @param algparams the associated algorithm parameters. |
|
102 |
*/ |
|
103 |
public AlgorithmId(ObjectIdentifier oid, AlgorithmParameters algparams) { |
|
104 |
algid = oid; |
|
105 |
algParams = algparams; |
|
106 |
constructedFromDer = false; |
|
107 |
} |
|
108 |
||
109 |
private AlgorithmId(ObjectIdentifier oid, DerValue params) |
|
110 |
throws IOException { |
|
111 |
this.algid = oid; |
|
112 |
this.params = params; |
|
113 |
if (this.params != null) { |
|
114 |
decodeParams(); |
|
115 |
} |
|
116 |
} |
|
117 |
||
118 |
protected void decodeParams() throws IOException { |
|
119 |
String algidString = algid.toString(); |
|
120 |
try { |
|
121 |
algParams = AlgorithmParameters.getInstance(algidString); |
|
122 |
} catch (NoSuchAlgorithmException e) { |
|
13661
7c894680910a
6995421: Eliminate the static dependency to sun.security.ec.ECKeyFactory
mullan
parents:
13361
diff
changeset
|
123 |
/* |
7c894680910a
6995421: Eliminate the static dependency to sun.security.ec.ECKeyFactory
mullan
parents:
13361
diff
changeset
|
124 |
* This algorithm parameter type is not supported, so we cannot |
7c894680910a
6995421: Eliminate the static dependency to sun.security.ec.ECKeyFactory
mullan
parents:
13361
diff
changeset
|
125 |
* parse the parameters. |
7c894680910a
6995421: Eliminate the static dependency to sun.security.ec.ECKeyFactory
mullan
parents:
13361
diff
changeset
|
126 |
*/ |
7c894680910a
6995421: Eliminate the static dependency to sun.security.ec.ECKeyFactory
mullan
parents:
13361
diff
changeset
|
127 |
algParams = null; |
7c894680910a
6995421: Eliminate the static dependency to sun.security.ec.ECKeyFactory
mullan
parents:
13361
diff
changeset
|
128 |
return; |
2 | 129 |
} |
13661
7c894680910a
6995421: Eliminate the static dependency to sun.security.ec.ECKeyFactory
mullan
parents:
13361
diff
changeset
|
130 |
|
2 | 131 |
// Decode (parse) the parameters |
132 |
algParams.init(params.toByteArray()); |
|
133 |
} |
|
134 |
||
135 |
/** |
|
136 |
* Marshal a DER-encoded "AlgorithmID" sequence on the DER stream. |
|
137 |
*/ |
|
138 |
public final void encode(DerOutputStream out) throws IOException { |
|
139 |
derEncode(out); |
|
140 |
} |
|
141 |
||
142 |
/** |
|
143 |
* DER encode this object onto an output stream. |
|
144 |
* Implements the <code>DerEncoder</code> interface. |
|
145 |
* |
|
146 |
* @param out |
|
147 |
* the output stream on which to write the DER encoding. |
|
148 |
* |
|
149 |
* @exception IOException on encoding error. |
|
150 |
*/ |
|
151 |
public void derEncode (OutputStream out) throws IOException { |
|
152 |
DerOutputStream bytes = new DerOutputStream(); |
|
153 |
DerOutputStream tmp = new DerOutputStream(); |
|
154 |
||
155 |
bytes.putOID(algid); |
|
156 |
// Setup params from algParams since no DER encoding is given |
|
157 |
if (constructedFromDer == false) { |
|
158 |
if (algParams != null) { |
|
159 |
params = new DerValue(algParams.getEncoded()); |
|
160 |
} else { |
|
161 |
params = null; |
|
162 |
} |
|
163 |
} |
|
164 |
if (params == null) { |
|
165 |
// Changes backed out for compatibility with Solaris |
|
166 |
||
167 |
// Several AlgorithmId should omit the whole parameter part when |
|
168 |
// it's NULL. They are --- |
|
169 |
// rfc3370 2.1: Implementations SHOULD generate SHA-1 |
|
170 |
// AlgorithmIdentifiers with absent parameters. |
|
12685 | 171 |
// rfc3447 C1: When id-sha1, id-sha224, id-sha256, id-sha384 and |
172 |
// id-sha512 are used in an AlgorithmIdentifier the parameters |
|
173 |
// (which are optional) SHOULD be omitted. |
|
2 | 174 |
// rfc3279 2.3.2: The id-dsa algorithm syntax includes optional |
175 |
// domain parameters... When omitted, the parameters component |
|
176 |
// MUST be omitted entirely |
|
177 |
// rfc3370 3.1: When the id-dsa-with-sha1 algorithm identifier |
|
178 |
// is used, the AlgorithmIdentifier parameters field MUST be absent. |
|
179 |
/*if ( |
|
180 |
algid.equals((Object)SHA_oid) || |
|
12685 | 181 |
algid.equals((Object)SHA224_oid) || |
2 | 182 |
algid.equals((Object)SHA256_oid) || |
183 |
algid.equals((Object)SHA384_oid) || |
|
184 |
algid.equals((Object)SHA512_oid) || |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
185 |
algid.equals((Object)SHA512_224_oid) || |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
186 |
algid.equals((Object)SHA512_256_oid) || |
2 | 187 |
algid.equals((Object)DSA_oid) || |
188 |
algid.equals((Object)sha1WithDSA_oid)) { |
|
189 |
; // no parameter part encoded |
|
190 |
} else { |
|
191 |
bytes.putNull(); |
|
192 |
}*/ |
|
193 |
bytes.putNull(); |
|
194 |
} else { |
|
195 |
bytes.putDerValue(params); |
|
196 |
} |
|
197 |
tmp.write(DerValue.tag_Sequence, bytes); |
|
198 |
out.write(tmp.toByteArray()); |
|
199 |
} |
|
200 |
||
201 |
||
202 |
/** |
|
203 |
* Returns the DER-encoded X.509 AlgorithmId as a byte array. |
|
204 |
*/ |
|
205 |
public final byte[] encode() throws IOException { |
|
206 |
DerOutputStream out = new DerOutputStream(); |
|
207 |
derEncode(out); |
|
208 |
return out.toByteArray(); |
|
209 |
} |
|
210 |
||
211 |
/** |
|
212 |
* Returns the ISO OID for this algorithm. This is usually converted |
|
213 |
* to a string and used as part of an algorithm name, for example |
|
214 |
* "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code> |
|
215 |
* call when you do not need to ensure cross-system portability |
|
216 |
* of algorithm names, or need a user friendly name. |
|
217 |
*/ |
|
218 |
public final ObjectIdentifier getOID () { |
|
219 |
return algid; |
|
220 |
} |
|
221 |
||
222 |
/** |
|
223 |
* Returns a name for the algorithm which may be more intelligible |
|
224 |
* to humans than the algorithm's OID, but which won't necessarily |
|
225 |
* be comprehensible on other systems. For example, this might |
|
226 |
* return a name such as "MD5withRSA" for a signature algorithm on |
|
227 |
* some systems. It also returns names like "OID.1.2.3.4", when |
|
228 |
* no particular name for the algorithm is known. |
|
229 |
*/ |
|
230 |
public String getName() { |
|
231 |
String algName = nameTable.get(algid); |
|
232 |
if (algName != null) { |
|
233 |
return algName; |
|
234 |
} |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
6122
diff
changeset
|
235 |
if ((params != null) && algid.equals((Object)specifiedWithECDSA_oid)) { |
2 | 236 |
try { |
237 |
AlgorithmId paramsId = |
|
238 |
AlgorithmId.parse(new DerValue(getEncodedParams())); |
|
239 |
String paramsName = paramsId.getName(); |
|
13361
bda5c2354fc6
7180907: Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes
weijun
parents:
12685
diff
changeset
|
240 |
algName = makeSigAlg(paramsName, "EC"); |
2 | 241 |
} catch (IOException e) { |
242 |
// ignore |
|
243 |
} |
|
244 |
} |
|
245 |
return (algName == null) ? algid.toString() : algName; |
|
246 |
} |
|
247 |
||
248 |
public AlgorithmParameters getParameters() { |
|
249 |
return algParams; |
|
250 |
} |
|
251 |
||
252 |
/** |
|
253 |
* Returns the DER encoded parameter, which can then be |
|
254 |
* used to initialize java.security.AlgorithmParamters. |
|
255 |
* |
|
256 |
* @return DER encoded parameters, or null not present. |
|
257 |
*/ |
|
258 |
public byte[] getEncodedParams() throws IOException { |
|
259 |
return (params == null) ? null : params.toByteArray(); |
|
260 |
} |
|
261 |
||
262 |
/** |
|
263 |
* Returns true iff the argument indicates the same algorithm |
|
264 |
* with the same parameters. |
|
265 |
*/ |
|
266 |
public boolean equals(AlgorithmId other) { |
|
267 |
boolean paramsEqual = |
|
268 |
(params == null ? other.params == null : params.equals(other.params)); |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
6122
diff
changeset
|
269 |
return (algid.equals((Object)other.algid) && paramsEqual); |
2 | 270 |
} |
271 |
||
272 |
/** |
|
273 |
* Compares this AlgorithmID to another. If algorithm parameters are |
|
274 |
* available, they are compared. Otherwise, just the object IDs |
|
275 |
* for the algorithm are compared. |
|
276 |
* |
|
277 |
* @param other preferably an AlgorithmId, else an ObjectIdentifier |
|
278 |
*/ |
|
279 |
public boolean equals(Object other) { |
|
280 |
if (this == other) { |
|
281 |
return true; |
|
282 |
} |
|
283 |
if (other instanceof AlgorithmId) { |
|
284 |
return equals((AlgorithmId) other); |
|
285 |
} else if (other instanceof ObjectIdentifier) { |
|
286 |
return equals((ObjectIdentifier) other); |
|
287 |
} else { |
|
288 |
return false; |
|
289 |
} |
|
290 |
} |
|
291 |
||
292 |
/** |
|
293 |
* Compares two algorithm IDs for equality. Returns true iff |
|
294 |
* they are the same algorithm, ignoring algorithm parameters. |
|
295 |
*/ |
|
296 |
public final boolean equals(ObjectIdentifier id) { |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
6122
diff
changeset
|
297 |
return algid.equals((Object)id); |
2 | 298 |
} |
299 |
||
300 |
/** |
|
301 |
* Returns a hashcode for this AlgorithmId. |
|
302 |
* |
|
303 |
* @return a hashcode for this AlgorithmId. |
|
304 |
*/ |
|
305 |
public int hashCode() { |
|
306 |
StringBuilder sbuf = new StringBuilder(); |
|
307 |
sbuf.append(algid.toString()); |
|
308 |
sbuf.append(paramsToString()); |
|
309 |
return sbuf.toString().hashCode(); |
|
310 |
} |
|
311 |
||
312 |
/** |
|
313 |
* Provides a human-readable description of the algorithm parameters. |
|
314 |
* This may be redefined by subclasses which parse those parameters. |
|
315 |
*/ |
|
316 |
protected String paramsToString() { |
|
317 |
if (params == null) { |
|
318 |
return ""; |
|
319 |
} else if (algParams != null) { |
|
320 |
return algParams.toString(); |
|
321 |
} else { |
|
322 |
return ", params unparsed"; |
|
323 |
} |
|
324 |
} |
|
325 |
||
326 |
/** |
|
327 |
* Returns a string describing the algorithm and its parameters. |
|
328 |
*/ |
|
329 |
public String toString() { |
|
330 |
return getName() + paramsToString(); |
|
331 |
} |
|
332 |
||
333 |
/** |
|
334 |
* Parse (unmarshal) an ID from a DER sequence input value. This form |
|
335 |
* parsing might be used when expanding a value which has already been |
|
336 |
* partially unmarshaled as a set or sequence member. |
|
337 |
* |
|
338 |
* @exception IOException on error. |
|
339 |
* @param val the input value, which contains the algid and, if |
|
340 |
* there are any parameters, those parameters. |
|
341 |
* @return an ID for the algorithm. If the system is configured |
|
342 |
* appropriately, this may be an instance of a class |
|
343 |
* with some kind of special support for this algorithm. |
|
344 |
* In that case, you may "narrow" the type of the ID. |
|
345 |
*/ |
|
346 |
public static AlgorithmId parse(DerValue val) throws IOException { |
|
347 |
if (val.tag != DerValue.tag_Sequence) { |
|
348 |
throw new IOException("algid parse error, not a sequence"); |
|
349 |
} |
|
350 |
||
351 |
/* |
|
352 |
* Get the algorithm ID and any parameters. |
|
353 |
*/ |
|
354 |
ObjectIdentifier algid; |
|
355 |
DerValue params; |
|
356 |
DerInputStream in = val.toDerInputStream(); |
|
357 |
||
358 |
algid = in.getOID(); |
|
359 |
if (in.available() == 0) { |
|
360 |
params = null; |
|
361 |
} else { |
|
362 |
params = in.getDerValue(); |
|
363 |
if (params.tag == DerValue.tag_Null) { |
|
364 |
if (params.length() != 0) { |
|
365 |
throw new IOException("invalid NULL"); |
|
366 |
} |
|
367 |
params = null; |
|
368 |
} |
|
369 |
if (in.available() != 0) { |
|
370 |
throw new IOException("Invalid AlgorithmIdentifier: extra data"); |
|
371 |
} |
|
372 |
} |
|
373 |
||
374 |
return new AlgorithmId(algid, params); |
|
375 |
} |
|
376 |
||
377 |
/** |
|
378 |
* Returns one of the algorithm IDs most commonly associated |
|
379 |
* with this algorithm name. |
|
380 |
* |
|
381 |
* @param algname the name being used |
|
382 |
* @deprecated use the short get form of this method. |
|
383 |
* @exception NoSuchAlgorithmException on error. |
|
384 |
*/ |
|
385 |
@Deprecated |
|
386 |
public static AlgorithmId getAlgorithmId(String algname) |
|
387 |
throws NoSuchAlgorithmException { |
|
388 |
return get(algname); |
|
389 |
} |
|
390 |
||
391 |
/** |
|
392 |
* Returns one of the algorithm IDs most commonly associated |
|
393 |
* with this algorithm name. |
|
394 |
* |
|
395 |
* @param algname the name being used |
|
396 |
* @exception NoSuchAlgorithmException on error. |
|
397 |
*/ |
|
398 |
public static AlgorithmId get(String algname) |
|
399 |
throws NoSuchAlgorithmException { |
|
400 |
ObjectIdentifier oid; |
|
401 |
try { |
|
402 |
oid = algOID(algname); |
|
403 |
} catch (IOException ioe) { |
|
404 |
throw new NoSuchAlgorithmException |
|
405 |
("Invalid ObjectIdentifier " + algname); |
|
406 |
} |
|
407 |
||
408 |
if (oid == null) { |
|
409 |
throw new NoSuchAlgorithmException |
|
410 |
("unrecognized algorithm name: " + algname); |
|
411 |
} |
|
412 |
return new AlgorithmId(oid); |
|
413 |
} |
|
414 |
||
415 |
/** |
|
416 |
* Returns one of the algorithm IDs most commonly associated |
|
417 |
* with this algorithm parameters. |
|
418 |
* |
|
419 |
* @param algparams the associated algorithm parameters. |
|
420 |
* @exception NoSuchAlgorithmException on error. |
|
421 |
*/ |
|
422 |
public static AlgorithmId get(AlgorithmParameters algparams) |
|
423 |
throws NoSuchAlgorithmException { |
|
424 |
ObjectIdentifier oid; |
|
425 |
String algname = algparams.getAlgorithm(); |
|
426 |
try { |
|
427 |
oid = algOID(algname); |
|
428 |
} catch (IOException ioe) { |
|
429 |
throw new NoSuchAlgorithmException |
|
430 |
("Invalid ObjectIdentifier " + algname); |
|
431 |
} |
|
432 |
if (oid == null) { |
|
433 |
throw new NoSuchAlgorithmException |
|
434 |
("unrecognized algorithm name: " + algname); |
|
435 |
} |
|
436 |
return new AlgorithmId(oid, algparams); |
|
437 |
} |
|
438 |
||
439 |
/* |
|
440 |
* Translates from some common algorithm names to the |
|
441 |
* OID with which they're usually associated ... this mapping |
|
442 |
* is the reverse of the one below, except in those cases |
|
443 |
* where synonyms are supported or where a given algorithm |
|
444 |
* is commonly associated with multiple OIDs. |
|
445 |
* |
|
446 |
* XXX This method needs to be enhanced so that we can also pass the |
|
447 |
* scope of the algorithm name to it, e.g., the algorithm name "DSA" |
|
448 |
* may have a different OID when used as a "Signature" algorithm than when |
|
449 |
* used as a "KeyPairGenerator" algorithm. |
|
450 |
*/ |
|
451 |
private static ObjectIdentifier algOID(String name) throws IOException { |
|
452 |
// See if algname is in printable OID ("dot-dot") notation |
|
453 |
if (name.indexOf('.') != -1) { |
|
454 |
if (name.startsWith("OID.")) { |
|
455 |
return new ObjectIdentifier(name.substring("OID.".length())); |
|
456 |
} else { |
|
457 |
return new ObjectIdentifier(name); |
|
458 |
} |
|
459 |
} |
|
460 |
||
461 |
// Digesting algorithms |
|
462 |
if (name.equalsIgnoreCase("MD5")) { |
|
463 |
return AlgorithmId.MD5_oid; |
|
464 |
} |
|
465 |
if (name.equalsIgnoreCase("MD2")) { |
|
466 |
return AlgorithmId.MD2_oid; |
|
467 |
} |
|
468 |
if (name.equalsIgnoreCase("SHA") || name.equalsIgnoreCase("SHA1") |
|
469 |
|| name.equalsIgnoreCase("SHA-1")) { |
|
470 |
return AlgorithmId.SHA_oid; |
|
471 |
} |
|
472 |
if (name.equalsIgnoreCase("SHA-256") || |
|
473 |
name.equalsIgnoreCase("SHA256")) { |
|
474 |
return AlgorithmId.SHA256_oid; |
|
475 |
} |
|
476 |
if (name.equalsIgnoreCase("SHA-384") || |
|
477 |
name.equalsIgnoreCase("SHA384")) { |
|
478 |
return AlgorithmId.SHA384_oid; |
|
479 |
} |
|
480 |
if (name.equalsIgnoreCase("SHA-512") || |
|
481 |
name.equalsIgnoreCase("SHA512")) { |
|
482 |
return AlgorithmId.SHA512_oid; |
|
483 |
} |
|
12685 | 484 |
if (name.equalsIgnoreCase("SHA-224") || |
485 |
name.equalsIgnoreCase("SHA224")) { |
|
486 |
return AlgorithmId.SHA224_oid; |
|
487 |
} |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
488 |
if (name.equalsIgnoreCase("SHA-512/224") || |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
489 |
name.equalsIgnoreCase("SHA512/224")) { |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
490 |
return AlgorithmId.SHA512_224_oid; |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
491 |
} |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
492 |
if (name.equalsIgnoreCase("SHA-512/256") || |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
493 |
name.equalsIgnoreCase("SHA512/256")) { |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
494 |
return AlgorithmId.SHA512_256_oid; |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
495 |
} |
2 | 496 |
// Various public key algorithms |
497 |
if (name.equalsIgnoreCase("RSA")) { |
|
498 |
return AlgorithmId.RSAEncryption_oid; |
|
499 |
} |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
500 |
if (name.equalsIgnoreCase("RSASSA-PSS")) { |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
501 |
return AlgorithmId.RSASSA_PSS_oid; |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
502 |
} |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
503 |
if (name.equalsIgnoreCase("RSAES-OAEP")) { |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
504 |
return AlgorithmId.RSAES_OAEP_oid; |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
505 |
} |
2 | 506 |
if (name.equalsIgnoreCase("Diffie-Hellman") |
507 |
|| name.equalsIgnoreCase("DH")) { |
|
508 |
return AlgorithmId.DH_oid; |
|
509 |
} |
|
510 |
if (name.equalsIgnoreCase("DSA")) { |
|
511 |
return AlgorithmId.DSA_oid; |
|
512 |
} |
|
513 |
if (name.equalsIgnoreCase("EC")) { |
|
514 |
return EC_oid; |
|
515 |
} |
|
13672
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
516 |
if (name.equalsIgnoreCase("ECDH")) { |
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
517 |
return AlgorithmId.ECDH_oid; |
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
518 |
} |
2 | 519 |
|
15298 | 520 |
// Secret key algorithms |
521 |
if (name.equalsIgnoreCase("AES")) { |
|
522 |
return AlgorithmId.AES_oid; |
|
523 |
} |
|
524 |
||
2 | 525 |
// Common signature types |
526 |
if (name.equalsIgnoreCase("MD5withRSA") |
|
527 |
|| name.equalsIgnoreCase("MD5/RSA")) { |
|
528 |
return AlgorithmId.md5WithRSAEncryption_oid; |
|
529 |
} |
|
530 |
if (name.equalsIgnoreCase("MD2withRSA") |
|
531 |
|| name.equalsIgnoreCase("MD2/RSA")) { |
|
532 |
return AlgorithmId.md2WithRSAEncryption_oid; |
|
533 |
} |
|
534 |
if (name.equalsIgnoreCase("SHAwithDSA") |
|
535 |
|| name.equalsIgnoreCase("SHA1withDSA") |
|
536 |
|| name.equalsIgnoreCase("SHA/DSA") |
|
537 |
|| name.equalsIgnoreCase("SHA1/DSA") |
|
538 |
|| name.equalsIgnoreCase("DSAWithSHA1") |
|
539 |
|| name.equalsIgnoreCase("DSS") |
|
540 |
|| name.equalsIgnoreCase("SHA-1/DSA")) { |
|
541 |
return AlgorithmId.sha1WithDSA_oid; |
|
542 |
} |
|
13672
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
543 |
if (name.equalsIgnoreCase("SHA224WithDSA")) { |
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
544 |
return AlgorithmId.sha224WithDSA_oid; |
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
545 |
} |
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
546 |
if (name.equalsIgnoreCase("SHA256WithDSA")) { |
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
547 |
return AlgorithmId.sha256WithDSA_oid; |
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
548 |
} |
2 | 549 |
if (name.equalsIgnoreCase("SHA1WithRSA") |
550 |
|| name.equalsIgnoreCase("SHA1/RSA")) { |
|
551 |
return AlgorithmId.sha1WithRSAEncryption_oid; |
|
552 |
} |
|
553 |
if (name.equalsIgnoreCase("SHA1withECDSA") |
|
554 |
|| name.equalsIgnoreCase("ECDSA")) { |
|
555 |
return AlgorithmId.sha1WithECDSA_oid; |
|
556 |
} |
|
3717
c2ea049a4442
6871847: AlgorithmId.get("SHA256withECDSA") not available
weijun
parents:
2944
diff
changeset
|
557 |
if (name.equalsIgnoreCase("SHA224withECDSA")) { |
c2ea049a4442
6871847: AlgorithmId.get("SHA256withECDSA") not available
weijun
parents:
2944
diff
changeset
|
558 |
return AlgorithmId.sha224WithECDSA_oid; |
c2ea049a4442
6871847: AlgorithmId.get("SHA256withECDSA") not available
weijun
parents:
2944
diff
changeset
|
559 |
} |
c2ea049a4442
6871847: AlgorithmId.get("SHA256withECDSA") not available
weijun
parents:
2944
diff
changeset
|
560 |
if (name.equalsIgnoreCase("SHA256withECDSA")) { |
c2ea049a4442
6871847: AlgorithmId.get("SHA256withECDSA") not available
weijun
parents:
2944
diff
changeset
|
561 |
return AlgorithmId.sha256WithECDSA_oid; |
c2ea049a4442
6871847: AlgorithmId.get("SHA256withECDSA") not available
weijun
parents:
2944
diff
changeset
|
562 |
} |
c2ea049a4442
6871847: AlgorithmId.get("SHA256withECDSA") not available
weijun
parents:
2944
diff
changeset
|
563 |
if (name.equalsIgnoreCase("SHA384withECDSA")) { |
c2ea049a4442
6871847: AlgorithmId.get("SHA256withECDSA") not available
weijun
parents:
2944
diff
changeset
|
564 |
return AlgorithmId.sha384WithECDSA_oid; |
c2ea049a4442
6871847: AlgorithmId.get("SHA256withECDSA") not available
weijun
parents:
2944
diff
changeset
|
565 |
} |
c2ea049a4442
6871847: AlgorithmId.get("SHA256withECDSA") not available
weijun
parents:
2944
diff
changeset
|
566 |
if (name.equalsIgnoreCase("SHA512withECDSA")) { |
c2ea049a4442
6871847: AlgorithmId.get("SHA256withECDSA") not available
weijun
parents:
2944
diff
changeset
|
567 |
return AlgorithmId.sha512WithECDSA_oid; |
c2ea049a4442
6871847: AlgorithmId.get("SHA256withECDSA") not available
weijun
parents:
2944
diff
changeset
|
568 |
} |
2 | 569 |
|
37908
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
570 |
return oidTable().get(name.toUpperCase(Locale.ENGLISH)); |
2 | 571 |
} |
572 |
||
573 |
private static ObjectIdentifier oid(int ... values) { |
|
574 |
return ObjectIdentifier.newInternal(values); |
|
575 |
} |
|
576 |
||
37908
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
577 |
private static volatile Map<String,ObjectIdentifier> oidTable; |
2 | 578 |
private static final Map<ObjectIdentifier,String> nameTable; |
579 |
||
37908
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
580 |
/** Returns the oidTable, lazily initializing it on first access. */ |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
581 |
private static Map<String,ObjectIdentifier> oidTable() |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
582 |
throws IOException { |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
583 |
// Double checked locking; safe because oidTable is volatile |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
584 |
Map<String,ObjectIdentifier> tab; |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
585 |
if ((tab = oidTable) == null) { |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
586 |
synchronized (AlgorithmId.class) { |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
587 |
if ((tab = oidTable) == null) |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
588 |
oidTable = tab = computeOidTable(); |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
589 |
} |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
590 |
} |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
591 |
return tab; |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
592 |
} |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
593 |
|
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
594 |
/** Collects the algorithm names from the installed providers. */ |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
595 |
private static HashMap<String,ObjectIdentifier> computeOidTable() |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
596 |
throws IOException { |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
597 |
HashMap<String,ObjectIdentifier> tab = new HashMap<>(); |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
598 |
for (Provider provider : Security.getProviders()) { |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
599 |
for (Object key : provider.keySet()) { |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
600 |
String alias = (String)key; |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
601 |
String upperCaseAlias = alias.toUpperCase(Locale.ENGLISH); |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
602 |
int index; |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
603 |
if (upperCaseAlias.startsWith("ALG.ALIAS") && |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
604 |
(index=upperCaseAlias.indexOf("OID.", 0)) != -1) { |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
605 |
index += "OID.".length(); |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
606 |
if (index == alias.length()) { |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
607 |
// invalid alias entry |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
608 |
break; |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
609 |
} |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
610 |
String oidString = alias.substring(index); |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
611 |
String stdAlgName = provider.getProperty(alias); |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
612 |
if (stdAlgName != null) { |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
613 |
stdAlgName = stdAlgName.toUpperCase(Locale.ENGLISH); |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
614 |
} |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
615 |
if (stdAlgName != null && |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
616 |
tab.get(stdAlgName) == null) { |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
617 |
tab.put(stdAlgName, new ObjectIdentifier(oidString)); |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
618 |
} |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
619 |
} |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
620 |
} |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
621 |
} |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
622 |
return tab; |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
623 |
} |
b9bb960b959c
8156584: Initialization race in sun.security.x509.AlgorithmId.get
martin
parents:
35283
diff
changeset
|
624 |
|
2 | 625 |
/*****************************************************************/ |
626 |
||
627 |
/* |
|
628 |
* HASHING ALGORITHMS |
|
629 |
*/ |
|
630 |
||
631 |
/** |
|
632 |
* Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319. |
|
633 |
* OID = 1.2.840.113549.2.2 |
|
634 |
*/ |
|
635 |
public static final ObjectIdentifier MD2_oid = |
|
636 |
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 2}); |
|
637 |
||
638 |
/** |
|
639 |
* Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321. |
|
640 |
* OID = 1.2.840.113549.2.5 |
|
641 |
*/ |
|
642 |
public static final ObjectIdentifier MD5_oid = |
|
643 |
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 5}); |
|
644 |
||
645 |
/** |
|
646 |
* Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1. |
|
647 |
* This is sometimes called "SHA", though that is often confusing since |
|
648 |
* many people refer to FIPS 180 (which has an error) as defining SHA. |
|
649 |
* OID = 1.3.14.3.2.26. Old SHA-0 OID: 1.3.14.3.2.18. |
|
650 |
*/ |
|
651 |
public static final ObjectIdentifier SHA_oid = |
|
652 |
ObjectIdentifier.newInternal(new int[] {1, 3, 14, 3, 2, 26}); |
|
653 |
||
12685 | 654 |
public static final ObjectIdentifier SHA224_oid = |
655 |
ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 4}); |
|
656 |
||
2 | 657 |
public static final ObjectIdentifier SHA256_oid = |
658 |
ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 1}); |
|
659 |
||
660 |
public static final ObjectIdentifier SHA384_oid = |
|
661 |
ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 2}); |
|
662 |
||
663 |
public static final ObjectIdentifier SHA512_oid = |
|
664 |
ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 3}); |
|
665 |
||
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
666 |
public static final ObjectIdentifier SHA512_224_oid = |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
667 |
ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 5}); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
668 |
|
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
669 |
public static final ObjectIdentifier SHA512_256_oid = |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
670 |
ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 6}); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
671 |
|
2 | 672 |
/* |
673 |
* COMMON PUBLIC KEY TYPES |
|
674 |
*/ |
|
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30033
diff
changeset
|
675 |
private static final int[] DH_data = { 1, 2, 840, 113549, 1, 3, 1 }; |
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30033
diff
changeset
|
676 |
private static final int[] DH_PKIX_data = { 1, 2, 840, 10046, 2, 1 }; |
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30033
diff
changeset
|
677 |
private static final int[] DSA_OIW_data = { 1, 3, 14, 3, 2, 12 }; |
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30033
diff
changeset
|
678 |
private static final int[] DSA_PKIX_data = { 1, 2, 840, 10040, 4, 1 }; |
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30033
diff
changeset
|
679 |
private static final int[] RSA_data = { 2, 5, 8, 1, 1 }; |
2 | 680 |
|
681 |
public static final ObjectIdentifier DH_oid; |
|
682 |
public static final ObjectIdentifier DH_PKIX_oid; |
|
683 |
public static final ObjectIdentifier DSA_oid; |
|
684 |
public static final ObjectIdentifier DSA_OIW_oid; |
|
685 |
public static final ObjectIdentifier EC_oid = oid(1, 2, 840, 10045, 2, 1); |
|
13672
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
686 |
public static final ObjectIdentifier ECDH_oid = oid(1, 3, 132, 1, 12); |
2 | 687 |
public static final ObjectIdentifier RSA_oid; |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
688 |
public static final ObjectIdentifier RSAEncryption_oid = |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
689 |
oid(1, 2, 840, 113549, 1, 1, 1); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
690 |
public static final ObjectIdentifier RSAES_OAEP_oid = |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
691 |
oid(1, 2, 840, 113549, 1, 1, 7); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
692 |
public static final ObjectIdentifier RSASSA_PSS_oid = |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
693 |
oid(1, 2, 840, 113549, 1, 1, 10); |
2 | 694 |
|
695 |
/* |
|
15298 | 696 |
* COMMON SECRET KEY TYPES |
697 |
*/ |
|
698 |
public static final ObjectIdentifier AES_oid = |
|
699 |
oid(2, 16, 840, 1, 101, 3, 4, 1); |
|
700 |
||
701 |
/* |
|
2 | 702 |
* COMMON SIGNATURE ALGORITHMS |
703 |
*/ |
|
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30033
diff
changeset
|
704 |
private static final int[] md2WithRSAEncryption_data = |
2 | 705 |
{ 1, 2, 840, 113549, 1, 1, 2 }; |
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30033
diff
changeset
|
706 |
private static final int[] md5WithRSAEncryption_data = |
2 | 707 |
{ 1, 2, 840, 113549, 1, 1, 4 }; |
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30033
diff
changeset
|
708 |
private static final int[] sha1WithRSAEncryption_data = |
2 | 709 |
{ 1, 2, 840, 113549, 1, 1, 5 }; |
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30033
diff
changeset
|
710 |
private static final int[] sha1WithRSAEncryption_OIW_data = |
2 | 711 |
{ 1, 3, 14, 3, 2, 29 }; |
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30033
diff
changeset
|
712 |
private static final int[] sha224WithRSAEncryption_data = |
12685 | 713 |
{ 1, 2, 840, 113549, 1, 1, 14 }; |
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30033
diff
changeset
|
714 |
private static final int[] sha256WithRSAEncryption_data = |
2 | 715 |
{ 1, 2, 840, 113549, 1, 1, 11 }; |
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30033
diff
changeset
|
716 |
private static final int[] sha384WithRSAEncryption_data = |
2 | 717 |
{ 1, 2, 840, 113549, 1, 1, 12 }; |
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30033
diff
changeset
|
718 |
private static final int[] sha512WithRSAEncryption_data = |
2 | 719 |
{ 1, 2, 840, 113549, 1, 1, 13 }; |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
720 |
|
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30033
diff
changeset
|
721 |
private static final int[] shaWithDSA_OIW_data = |
2 | 722 |
{ 1, 3, 14, 3, 2, 13 }; |
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30033
diff
changeset
|
723 |
private static final int[] sha1WithDSA_OIW_data = |
2 | 724 |
{ 1, 3, 14, 3, 2, 27 }; |
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30033
diff
changeset
|
725 |
private static final int[] dsaWithSHA1_PKIX_data = |
2 | 726 |
{ 1, 2, 840, 10040, 4, 3 }; |
727 |
||
728 |
public static final ObjectIdentifier md2WithRSAEncryption_oid; |
|
729 |
public static final ObjectIdentifier md5WithRSAEncryption_oid; |
|
730 |
public static final ObjectIdentifier sha1WithRSAEncryption_oid; |
|
731 |
public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid; |
|
12685 | 732 |
public static final ObjectIdentifier sha224WithRSAEncryption_oid; |
2 | 733 |
public static final ObjectIdentifier sha256WithRSAEncryption_oid; |
734 |
public static final ObjectIdentifier sha384WithRSAEncryption_oid; |
|
735 |
public static final ObjectIdentifier sha512WithRSAEncryption_oid; |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
736 |
public static final ObjectIdentifier sha512_224WithRSAEncryption_oid = |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
737 |
oid(1, 2, 840, 113549, 1, 1, 15); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
738 |
public static final ObjectIdentifier sha512_256WithRSAEncryption_oid = |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
739 |
oid(1, 2, 840, 113549, 1, 1, 16);; |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
740 |
|
2 | 741 |
public static final ObjectIdentifier shaWithDSA_OIW_oid; |
742 |
public static final ObjectIdentifier sha1WithDSA_OIW_oid; |
|
743 |
public static final ObjectIdentifier sha1WithDSA_oid; |
|
13672
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
744 |
public static final ObjectIdentifier sha224WithDSA_oid = |
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
745 |
oid(2, 16, 840, 1, 101, 3, 4, 3, 1); |
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
746 |
public static final ObjectIdentifier sha256WithDSA_oid = |
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
747 |
oid(2, 16, 840, 1, 101, 3, 4, 3, 2); |
2 | 748 |
|
749 |
public static final ObjectIdentifier sha1WithECDSA_oid = |
|
750 |
oid(1, 2, 840, 10045, 4, 1); |
|
751 |
public static final ObjectIdentifier sha224WithECDSA_oid = |
|
752 |
oid(1, 2, 840, 10045, 4, 3, 1); |
|
753 |
public static final ObjectIdentifier sha256WithECDSA_oid = |
|
754 |
oid(1, 2, 840, 10045, 4, 3, 2); |
|
755 |
public static final ObjectIdentifier sha384WithECDSA_oid = |
|
756 |
oid(1, 2, 840, 10045, 4, 3, 3); |
|
757 |
public static final ObjectIdentifier sha512WithECDSA_oid = |
|
758 |
oid(1, 2, 840, 10045, 4, 3, 4); |
|
759 |
public static final ObjectIdentifier specifiedWithECDSA_oid = |
|
760 |
oid(1, 2, 840, 10045, 4, 3); |
|
761 |
||
762 |
/** |
|
763 |
* Algorithm ID for the PBE encryption algorithms from PKCS#5 and |
|
764 |
* PKCS#12. |
|
765 |
*/ |
|
766 |
public static final ObjectIdentifier pbeWithMD5AndDES_oid = |
|
767 |
ObjectIdentifier.newInternal(new int[]{1, 2, 840, 113549, 1, 5, 3}); |
|
768 |
public static final ObjectIdentifier pbeWithMD5AndRC2_oid = |
|
769 |
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 6}); |
|
770 |
public static final ObjectIdentifier pbeWithSHA1AndDES_oid = |
|
771 |
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 10}); |
|
772 |
public static final ObjectIdentifier pbeWithSHA1AndRC2_oid = |
|
773 |
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 11}); |
|
52996
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
51216
diff
changeset
|
774 |
public static ObjectIdentifier pbeWithSHA1AndRC4_128_oid = |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
51216
diff
changeset
|
775 |
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 1}); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
51216
diff
changeset
|
776 |
public static ObjectIdentifier pbeWithSHA1AndRC4_40_oid = |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
51216
diff
changeset
|
777 |
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 2}); |
2 | 778 |
public static ObjectIdentifier pbeWithSHA1AndDESede_oid = |
779 |
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 3}); |
|
52996
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
51216
diff
changeset
|
780 |
public static ObjectIdentifier pbeWithSHA1AndRC2_128_oid = |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
51216
diff
changeset
|
781 |
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 5}); |
2 | 782 |
public static ObjectIdentifier pbeWithSHA1AndRC2_40_oid = |
783 |
ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 6}); |
|
784 |
||
785 |
static { |
|
786 |
/* |
|
787 |
* Note the preferred OIDs are named simply with no "OIW" or |
|
788 |
* "PKIX" in them, even though they may point to data from these |
|
789 |
* specs; e.g. SHA_oid, DH_oid, DSA_oid, SHA1WithDSA_oid... |
|
790 |
*/ |
|
791 |
/** |
|
792 |
* Algorithm ID for Diffie Hellman Key agreement, from PKCS #3. |
|
793 |
* Parameters include public values P and G, and may optionally specify |
|
794 |
* the length of the private key X. Alternatively, algorithm parameters |
|
795 |
* may be derived from another source such as a Certificate Authority's |
|
796 |
* certificate. |
|
797 |
* OID = 1.2.840.113549.1.3.1 |
|
798 |
*/ |
|
799 |
DH_oid = ObjectIdentifier.newInternal(DH_data); |
|
800 |
||
801 |
/** |
|
802 |
* Algorithm ID for the Diffie Hellman Key Agreement (DH), from RFC 3279. |
|
803 |
* Parameters may include public values P and G. |
|
804 |
* OID = 1.2.840.10046.2.1 |
|
805 |
*/ |
|
806 |
DH_PKIX_oid = ObjectIdentifier.newInternal(DH_PKIX_data); |
|
807 |
||
808 |
/** |
|
809 |
* Algorithm ID for the Digital Signing Algorithm (DSA), from the |
|
810 |
* NIST OIW Stable Agreements part 12. |
|
811 |
* Parameters may include public values P, Q, and G; or these may be |
|
812 |
* derived from |
|
813 |
* another source such as a Certificate Authority's certificate. |
|
814 |
* OID = 1.3.14.3.2.12 |
|
815 |
*/ |
|
816 |
DSA_OIW_oid = ObjectIdentifier.newInternal(DSA_OIW_data); |
|
817 |
||
818 |
/** |
|
819 |
* Algorithm ID for the Digital Signing Algorithm (DSA), from RFC 3279. |
|
820 |
* Parameters may include public values P, Q, and G; or these may be |
|
821 |
* derived from another source such as a Certificate Authority's |
|
822 |
* certificate. |
|
823 |
* OID = 1.2.840.10040.4.1 |
|
824 |
*/ |
|
825 |
DSA_oid = ObjectIdentifier.newInternal(DSA_PKIX_data); |
|
826 |
||
827 |
/** |
|
828 |
* Algorithm ID for RSA keys used for any purpose, as defined in X.509. |
|
829 |
* The algorithm parameter is a single value, the number of bits in the |
|
830 |
* public modulus. |
|
2944
276b6d106714
6570344: Invalid RSA OID in sun.security.x509.AlgorithmId
xuelei
parents:
2
diff
changeset
|
831 |
* OID = 2.5.8.1.1 |
2 | 832 |
*/ |
833 |
RSA_oid = ObjectIdentifier.newInternal(RSA_data); |
|
834 |
||
835 |
/** |
|
836 |
* Identifies a signing algorithm where an MD2 digest is encrypted |
|
837 |
* using an RSA private key; defined in PKCS #1. Use of this |
|
838 |
* signing algorithm is discouraged due to MD2 vulnerabilities. |
|
839 |
* OID = 1.2.840.113549.1.1.2 |
|
840 |
*/ |
|
841 |
md2WithRSAEncryption_oid = |
|
842 |
ObjectIdentifier.newInternal(md2WithRSAEncryption_data); |
|
843 |
||
844 |
/** |
|
845 |
* Identifies a signing algorithm where an MD5 digest is |
|
846 |
* encrypted using an RSA private key; defined in PKCS #1. |
|
847 |
* OID = 1.2.840.113549.1.1.4 |
|
848 |
*/ |
|
849 |
md5WithRSAEncryption_oid = |
|
850 |
ObjectIdentifier.newInternal(md5WithRSAEncryption_data); |
|
851 |
||
852 |
/** |
|
853 |
* Identifies a signing algorithm where a SHA1 digest is |
|
854 |
* encrypted using an RSA private key; defined by RSA DSI. |
|
855 |
* OID = 1.2.840.113549.1.1.5 |
|
856 |
*/ |
|
857 |
sha1WithRSAEncryption_oid = |
|
858 |
ObjectIdentifier.newInternal(sha1WithRSAEncryption_data); |
|
859 |
||
860 |
/** |
|
861 |
* Identifies a signing algorithm where a SHA1 digest is |
|
862 |
* encrypted using an RSA private key; defined in NIST OIW. |
|
863 |
* OID = 1.3.14.3.2.29 |
|
864 |
*/ |
|
865 |
sha1WithRSAEncryption_OIW_oid = |
|
866 |
ObjectIdentifier.newInternal(sha1WithRSAEncryption_OIW_data); |
|
867 |
||
868 |
/** |
|
12685 | 869 |
* Identifies a signing algorithm where a SHA224 digest is |
870 |
* encrypted using an RSA private key; defined by PKCS #1. |
|
871 |
* OID = 1.2.840.113549.1.1.14 |
|
872 |
*/ |
|
873 |
sha224WithRSAEncryption_oid = |
|
874 |
ObjectIdentifier.newInternal(sha224WithRSAEncryption_data); |
|
875 |
||
876 |
/** |
|
2 | 877 |
* Identifies a signing algorithm where a SHA256 digest is |
878 |
* encrypted using an RSA private key; defined by PKCS #1. |
|
879 |
* OID = 1.2.840.113549.1.1.11 |
|
880 |
*/ |
|
881 |
sha256WithRSAEncryption_oid = |
|
882 |
ObjectIdentifier.newInternal(sha256WithRSAEncryption_data); |
|
883 |
||
884 |
/** |
|
885 |
* Identifies a signing algorithm where a SHA384 digest is |
|
886 |
* encrypted using an RSA private key; defined by PKCS #1. |
|
887 |
* OID = 1.2.840.113549.1.1.12 |
|
888 |
*/ |
|
889 |
sha384WithRSAEncryption_oid = |
|
890 |
ObjectIdentifier.newInternal(sha384WithRSAEncryption_data); |
|
891 |
||
892 |
/** |
|
893 |
* Identifies a signing algorithm where a SHA512 digest is |
|
894 |
* encrypted using an RSA private key; defined by PKCS #1. |
|
895 |
* OID = 1.2.840.113549.1.1.13 |
|
896 |
*/ |
|
897 |
sha512WithRSAEncryption_oid = |
|
898 |
ObjectIdentifier.newInternal(sha512WithRSAEncryption_data); |
|
899 |
||
900 |
/** |
|
901 |
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a |
|
902 |
* SHA digest is signed using the Digital Signing Algorithm (DSA). |
|
903 |
* This should not be used. |
|
904 |
* OID = 1.3.14.3.2.13 |
|
905 |
*/ |
|
906 |
shaWithDSA_OIW_oid = ObjectIdentifier.newInternal(shaWithDSA_OIW_data); |
|
907 |
||
908 |
/** |
|
909 |
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a |
|
910 |
* SHA1 digest is signed using the Digital Signing Algorithm (DSA). |
|
911 |
* OID = 1.3.14.3.2.27 |
|
912 |
*/ |
|
913 |
sha1WithDSA_OIW_oid = ObjectIdentifier.newInternal(sha1WithDSA_OIW_data); |
|
914 |
||
915 |
/** |
|
916 |
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a |
|
917 |
* SHA1 digest is signed using the Digital Signing Algorithm (DSA). |
|
918 |
* OID = 1.2.840.10040.4.3 |
|
919 |
*/ |
|
920 |
sha1WithDSA_oid = ObjectIdentifier.newInternal(dsaWithSHA1_PKIX_data); |
|
921 |
||
30033
b9c86c17164a
8078468: Update security libraries to use diamond with anonymous classes
darcy
parents:
28059
diff
changeset
|
922 |
nameTable = new HashMap<>(); |
2 | 923 |
nameTable.put(MD5_oid, "MD5"); |
924 |
nameTable.put(MD2_oid, "MD2"); |
|
13361
bda5c2354fc6
7180907: Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes
weijun
parents:
12685
diff
changeset
|
925 |
nameTable.put(SHA_oid, "SHA-1"); |
bda5c2354fc6
7180907: Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes
weijun
parents:
12685
diff
changeset
|
926 |
nameTable.put(SHA224_oid, "SHA-224"); |
bda5c2354fc6
7180907: Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes
weijun
parents:
12685
diff
changeset
|
927 |
nameTable.put(SHA256_oid, "SHA-256"); |
bda5c2354fc6
7180907: Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes
weijun
parents:
12685
diff
changeset
|
928 |
nameTable.put(SHA384_oid, "SHA-384"); |
bda5c2354fc6
7180907: Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes
weijun
parents:
12685
diff
changeset
|
929 |
nameTable.put(SHA512_oid, "SHA-512"); |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
930 |
nameTable.put(SHA512_224_oid, "SHA-512/224"); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
931 |
nameTable.put(SHA512_256_oid, "SHA-512/256"); |
2 | 932 |
nameTable.put(RSAEncryption_oid, "RSA"); |
933 |
nameTable.put(RSA_oid, "RSA"); |
|
934 |
nameTable.put(DH_oid, "Diffie-Hellman"); |
|
935 |
nameTable.put(DH_PKIX_oid, "Diffie-Hellman"); |
|
936 |
nameTable.put(DSA_oid, "DSA"); |
|
937 |
nameTable.put(DSA_OIW_oid, "DSA"); |
|
938 |
nameTable.put(EC_oid, "EC"); |
|
13672
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
939 |
nameTable.put(ECDH_oid, "ECDH"); |
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
940 |
|
15298 | 941 |
nameTable.put(AES_oid, "AES"); |
942 |
||
2 | 943 |
nameTable.put(sha1WithECDSA_oid, "SHA1withECDSA"); |
944 |
nameTable.put(sha224WithECDSA_oid, "SHA224withECDSA"); |
|
945 |
nameTable.put(sha256WithECDSA_oid, "SHA256withECDSA"); |
|
946 |
nameTable.put(sha384WithECDSA_oid, "SHA384withECDSA"); |
|
947 |
nameTable.put(sha512WithECDSA_oid, "SHA512withECDSA"); |
|
948 |
nameTable.put(md5WithRSAEncryption_oid, "MD5withRSA"); |
|
949 |
nameTable.put(md2WithRSAEncryption_oid, "MD2withRSA"); |
|
950 |
nameTable.put(sha1WithDSA_oid, "SHA1withDSA"); |
|
951 |
nameTable.put(sha1WithDSA_OIW_oid, "SHA1withDSA"); |
|
952 |
nameTable.put(shaWithDSA_OIW_oid, "SHA1withDSA"); |
|
13672
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
953 |
nameTable.put(sha224WithDSA_oid, "SHA224withDSA"); |
604588823b5a
7044060: Need to support NSA Suite B Cryptography algorithms
valeriep
parents:
13661
diff
changeset
|
954 |
nameTable.put(sha256WithDSA_oid, "SHA256withDSA"); |
2 | 955 |
nameTable.put(sha1WithRSAEncryption_oid, "SHA1withRSA"); |
956 |
nameTable.put(sha1WithRSAEncryption_OIW_oid, "SHA1withRSA"); |
|
12685 | 957 |
nameTable.put(sha224WithRSAEncryption_oid, "SHA224withRSA"); |
2 | 958 |
nameTable.put(sha256WithRSAEncryption_oid, "SHA256withRSA"); |
959 |
nameTable.put(sha384WithRSAEncryption_oid, "SHA384withRSA"); |
|
960 |
nameTable.put(sha512WithRSAEncryption_oid, "SHA512withRSA"); |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
961 |
nameTable.put(sha512_224WithRSAEncryption_oid, "SHA512/224withRSA"); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
962 |
nameTable.put(sha512_256WithRSAEncryption_oid, "SHA512/256withRSA"); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
963 |
nameTable.put(RSASSA_PSS_oid, "RSASSA-PSS"); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
964 |
nameTable.put(RSAES_OAEP_oid, "RSAES-OAEP"); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
965 |
|
2 | 966 |
nameTable.put(pbeWithMD5AndDES_oid, "PBEWithMD5AndDES"); |
967 |
nameTable.put(pbeWithMD5AndRC2_oid, "PBEWithMD5AndRC2"); |
|
968 |
nameTable.put(pbeWithSHA1AndDES_oid, "PBEWithSHA1AndDES"); |
|
969 |
nameTable.put(pbeWithSHA1AndRC2_oid, "PBEWithSHA1AndRC2"); |
|
52996
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
51216
diff
changeset
|
970 |
nameTable.put(pbeWithSHA1AndRC4_128_oid, "PBEWithSHA1AndRC4_128"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
51216
diff
changeset
|
971 |
nameTable.put(pbeWithSHA1AndRC4_40_oid, "PBEWithSHA1AndRC4_40"); |
2 | 972 |
nameTable.put(pbeWithSHA1AndDESede_oid, "PBEWithSHA1AndDESede"); |
52996
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
51216
diff
changeset
|
973 |
nameTable.put(pbeWithSHA1AndRC2_128_oid, "PBEWithSHA1AndRC2_128"); |
2 | 974 |
nameTable.put(pbeWithSHA1AndRC2_40_oid, "PBEWithSHA1AndRC2_40"); |
975 |
} |
|
4152
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
976 |
|
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
977 |
/** |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
978 |
* Creates a signature algorithm name from a digest algorithm |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
979 |
* name and a encryption algorithm name. |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
980 |
*/ |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
981 |
public static String makeSigAlg(String digAlg, String encAlg) { |
13361
bda5c2354fc6
7180907: Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes
weijun
parents:
12685
diff
changeset
|
982 |
digAlg = digAlg.replace("-", ""); |
bda5c2354fc6
7180907: Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes
weijun
parents:
12685
diff
changeset
|
983 |
if (encAlg.equalsIgnoreCase("EC")) encAlg = "ECDSA"; |
4152
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
984 |
|
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
985 |
return digAlg + "with" + encAlg; |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
986 |
} |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
987 |
|
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
988 |
/** |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
989 |
* Extracts the encryption algorithm name from a signature |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
990 |
* algorithm name. |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
991 |
*/ |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
992 |
public static String getEncAlgFromSigAlg(String signatureAlgorithm) { |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
993 |
signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH); |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
994 |
int with = signatureAlgorithm.indexOf("WITH"); |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
995 |
String keyAlgorithm = null; |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
996 |
if (with > 0) { |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
997 |
int and = signatureAlgorithm.indexOf("AND", with + 4); |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
998 |
if (and > 0) { |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
999 |
keyAlgorithm = signatureAlgorithm.substring(with + 4, and); |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1000 |
} else { |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1001 |
keyAlgorithm = signatureAlgorithm.substring(with + 4); |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1002 |
} |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1003 |
if (keyAlgorithm.equalsIgnoreCase("ECDSA")) { |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1004 |
keyAlgorithm = "EC"; |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1005 |
} |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1006 |
} |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1007 |
return keyAlgorithm; |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1008 |
} |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1009 |
|
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1010 |
/** |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1011 |
* Extracts the digest algorithm name from a signature |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1012 |
* algorithm name. |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1013 |
*/ |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1014 |
public static String getDigAlgFromSigAlg(String signatureAlgorithm) { |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1015 |
signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH); |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1016 |
int with = signatureAlgorithm.indexOf("WITH"); |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1017 |
if (with > 0) { |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1018 |
return signatureAlgorithm.substring(0, with); |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1019 |
} |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1020 |
return null; |
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
3717
diff
changeset
|
1021 |
} |
33872 | 1022 |
|
1023 |
/** |
|
1024 |
* Checks if a signature algorithm matches a key algorithm, i.e. a |
|
1025 |
* signature can be initialized with a key. |
|
1026 |
* |
|
1027 |
* @param kAlg must not be null |
|
1028 |
* @param sAlg must not be null |
|
1029 |
* @throws IllegalArgumentException if they do not match |
|
1030 |
*/ |
|
1031 |
public static void checkKeyAndSigAlgMatch(String kAlg, String sAlg) { |
|
1032 |
String sAlgUp = sAlg.toUpperCase(Locale.US); |
|
1033 |
if ((sAlgUp.endsWith("WITHRSA") && !kAlg.equalsIgnoreCase("RSA")) || |
|
1034 |
(sAlgUp.endsWith("WITHECDSA") && !kAlg.equalsIgnoreCase("EC")) || |
|
1035 |
(sAlgUp.endsWith("WITHDSA") && !kAlg.equalsIgnoreCase("DSA"))) { |
|
1036 |
throw new IllegalArgumentException( |
|
1037 |
"key algorithm not compatible with signature algorithm"); |
|
1038 |
} |
|
1039 |
} |
|
1040 |
||
1041 |
/** |
|
1042 |
* Returns the default signature algorithm for a private key. The digest |
|
1043 |
* part might evolve with time. Remember to update the spec of |
|
1044 |
* {@link jdk.security.jarsigner.JarSigner.Builder#getDefaultSignatureAlgorithm(PrivateKey)} |
|
1045 |
* if updated. |
|
1046 |
* |
|
1047 |
* @param k cannot be null |
|
1048 |
* @return the default alg, might be null if unsupported |
|
1049 |
*/ |
|
1050 |
public static String getDefaultSigAlgForKey(PrivateKey k) { |
|
51216 | 1051 |
switch (k.getAlgorithm().toUpperCase(Locale.ENGLISH)) { |
33872 | 1052 |
case "EC": |
1053 |
return ecStrength(KeyUtil.getKeySize(k)) |
|
1054 |
+ "withECDSA"; |
|
1055 |
case "DSA": |
|
1056 |
return ifcFfcStrength(KeyUtil.getKeySize(k)) |
|
1057 |
+ "withDSA"; |
|
1058 |
case "RSA": |
|
1059 |
return ifcFfcStrength(KeyUtil.getKeySize(k)) |
|
1060 |
+ "withRSA"; |
|
1061 |
default: |
|
1062 |
return null; |
|
1063 |
} |
|
1064 |
} |
|
1065 |
||
42685
a538ed225637
8171190: Bump reference of NIST 800-57 Part 1 Rev 3 to Rev 4 in JarSigner API spec
weijun
parents:
37908
diff
changeset
|
1066 |
// Values from SP800-57 part 1 rev 4 tables 2 and 3 |
33872 | 1067 |
private static String ecStrength (int bitLength) { |
1068 |
if (bitLength >= 512) { // 256 bits of strength |
|
1069 |
return "SHA512"; |
|
1070 |
} else if (bitLength >= 384) { // 192 bits of strength |
|
1071 |
return "SHA384"; |
|
1072 |
} else { // 128 bits of strength and less |
|
1073 |
return "SHA256"; |
|
1074 |
} |
|
1075 |
} |
|
1076 |
||
42685
a538ed225637
8171190: Bump reference of NIST 800-57 Part 1 Rev 3 to Rev 4 in JarSigner API spec
weijun
parents:
37908
diff
changeset
|
1077 |
// Same values for RSA and DSA |
33872 | 1078 |
private static String ifcFfcStrength (int bitLength) { |
1079 |
if (bitLength > 7680) { // 256 bits |
|
1080 |
return "SHA512"; |
|
1081 |
} else if (bitLength > 3072) { // 192 bits |
|
1082 |
return "SHA384"; |
|
1083 |
} else { // 128 bits and less |
|
1084 |
return "SHA256"; |
|
1085 |
} |
|
1086 |
} |
|
2 | 1087 |
} |