jdk/src/share/classes/sun/security/pkcs/PKCS9Attribute.java
author juh
Wed, 24 Jul 2013 12:48:10 -0700
changeset 19043 42407be709a3
parent 16848 630dd3143428
child 24969 afa6934dd8e8
permissions -rw-r--r--
8016916: UnstructuredName should support DirectoryString Reviewed-by: mullan
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     1
/*
19043
42407be709a3 8016916: UnstructuredName should support DirectoryString
juh
parents: 16848
diff changeset
     2
 * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load
duke
parents:
diff changeset
     4
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
     5
 * This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load
duke
parents:
diff changeset
     6
 * under the terms of the GNU General Public License version 2 only, as
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2
diff changeset
     7
 * published by the Free Software Foundation.  Oracle designates this
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     8
 * particular file as subject to the "Classpath" exception as provided
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2
diff changeset
     9
 * by Oracle in the LICENSE file that accompanied this code.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    10
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    11
 * This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load
duke
parents:
diff changeset
    12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load
duke
parents:
diff changeset
    13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
90ce3da70b43 Initial load
duke
parents:
diff changeset
    14
 * version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load
duke
parents:
diff changeset
    15
 * accompanied this code).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    16
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    17
 * You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load
duke
parents:
diff changeset
    18
 * 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load
duke
parents:
diff changeset
    19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    20
 *
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2
diff changeset
    21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2
diff changeset
    22
 * or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2
diff changeset
    23
 * questions.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    24
 */
90ce3da70b43 Initial load
duke
parents:
diff changeset
    25
90ce3da70b43 Initial load
duke
parents:
diff changeset
    26
package sun.security.pkcs;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    27
90ce3da70b43 Initial load
duke
parents:
diff changeset
    28
import java.io.IOException;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    29
import java.io.OutputStream;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    30
import java.security.cert.CertificateException;
6122
16fa7ed7ff1b 6867345: Turkish regional options cause NPE in sun.security.x509.AlgorithmId.algOID
xuelei
parents: 5506
diff changeset
    31
import java.util.Locale;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    32
import java.util.Date;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    33
import java.util.Hashtable;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    34
import sun.security.x509.CertificateExtensions;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    35
import sun.security.util.Debug;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    36
import sun.security.util.DerEncoder;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    37
import sun.security.util.DerValue;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    38
import sun.security.util.DerInputStream;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    39
import sun.security.util.DerOutputStream;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    40
import sun.security.util.ObjectIdentifier;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    41
import sun.misc.HexDumpEncoder;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    42
90ce3da70b43 Initial load
duke
parents:
diff changeset
    43
/**
90ce3da70b43 Initial load
duke
parents:
diff changeset
    44
 * Class supporting any PKCS9 attributes.
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
    45
 * Supports DER decoding/encoding and access to attribute values.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    46
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    47
 * <a name="classTable"><h3>Type/Class Table</h3></a>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    48
 * The following table shows the correspondence between
90ce3da70b43 Initial load
duke
parents:
diff changeset
    49
 * PKCS9 attribute types and value component classes.
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
    50
 * For types not listed here, its name is the OID
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
    51
 * in string form, its value is a (single-valued)
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
    52
 * byte array that is the SET's encoding.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    53
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    54
 * <P>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    55
 * <TABLE BORDER CELLPADDING=8 ALIGN=CENTER>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    56
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    57
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    58
 * <TH>Object Identifier</TH>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    59
 * <TH>Attribute Name</TH>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    60
 * <TH>Type</TH>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    61
 * <TH>Value Class</TH>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    62
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    63
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    64
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    65
 * <TD>1.2.840.113549.1.9.1</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    66
 * <TD>EmailAddress</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    67
 * <TD>Multi-valued</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    68
 * <TD><code>String[]</code></TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    69
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    70
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    71
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    72
 * <TD>1.2.840.113549.1.9.2</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    73
 * <TD>UnstructuredName</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    74
 * <TD>Multi-valued</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    75
 * <TD><code>String[]</code></TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    76
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    77
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    78
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    79
 * <TD>1.2.840.113549.1.9.3</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    80
 * <TD>ContentType</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    81
 * <TD>Single-valued</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    82
 * <TD><code>ObjectIdentifier</code></TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    83
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    84
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    85
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    86
 * <TD>1.2.840.113549.1.9.4</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    87
 * <TD>MessageDigest</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    88
 * <TD>Single-valued</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    89
 * <TD><code>byte[]</code></TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    90
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    91
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    92
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    93
 * <TD>1.2.840.113549.1.9.5</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    94
 * <TD>SigningTime</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    95
 * <TD>Single-valued</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    96
 * <TD><code>Date</code></TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    97
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    98
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    99
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   100
 * <TD>1.2.840.113549.1.9.6</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   101
 * <TD>Countersignature</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   102
 * <TD>Multi-valued</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   103
 * <TD><code>SignerInfo[]</code></TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   104
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   105
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   106
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   107
 * <TD>1.2.840.113549.1.9.7</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   108
 * <TD>ChallengePassword</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   109
 * <TD>Single-valued</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   110
 * <TD><code>String</code></TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   111
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   112
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   113
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   114
 * <TD>1.2.840.113549.1.9.8</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   115
 * <TD>UnstructuredAddress</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   116
 * <TD>Single-valued</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   117
 * <TD><code>String</code></TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   118
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   119
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   120
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   121
 * <TD>1.2.840.113549.1.9.9</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   122
 * <TD>ExtendedCertificateAttributes</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   123
 * <TD>Multi-valued</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   124
 * <TD>(not supported)</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   125
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   126
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   127
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   128
 * <TD>1.2.840.113549.1.9.10</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   129
 * <TD>IssuerAndSerialNumber</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   130
 * <TD>Single-valued</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   131
 * <TD>(not supported)</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   132
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   133
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   134
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   135
 * <TD>1.2.840.113549.1.9.{11,12}</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   136
 * <TD>RSA DSI proprietary</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   137
 * <TD>Single-valued</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   138
 * <TD>(not supported)</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   139
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   140
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   141
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   142
 * <TD>1.2.840.113549.1.9.13</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   143
 * <TD>S/MIME unused assignment</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   144
 * <TD>Single-valued</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   145
 * <TD>(not supported)</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   146
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   147
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   148
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   149
 * <TD>1.2.840.113549.1.9.14</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   150
 * <TD>ExtensionRequest</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   151
 * <TD>Single-valued</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   152
 * <TD>CertificateExtensions</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   153
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   154
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   155
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   156
 * <TD>1.2.840.113549.1.9.15</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   157
 * <TD>SMIMECapability</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   158
 * <TD>Single-valued</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   159
 * <TD>(not supported)</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   160
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   161
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   162
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   163
 * <TD>1.2.840.113549.1.9.16.2.12</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   164
 * <TD>SigningCertificate</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   165
 * <TD>Single-valued</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   166
 * <TD>SigningCertificateInfo</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   167
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   168
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   169
 * <TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   170
 * <TD>1.2.840.113549.1.9.16.2.14</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   171
 * <TD>SignatureTimestampToken</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   172
 * <TD>Single-valued</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   173
 * <TD>byte[]</TD>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   174
 * </TR>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   175
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   176
 * </TABLE>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   177
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   178
 * @author Douglas Hoover
90ce3da70b43 Initial load
duke
parents:
diff changeset
   179
 */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   180
public class PKCS9Attribute implements DerEncoder {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   181
90ce3da70b43 Initial load
duke
parents:
diff changeset
   182
    /* Are we debugging ? */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   183
    private static final Debug debug = Debug.getInstance("jar");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   184
90ce3da70b43 Initial load
duke
parents:
diff changeset
   185
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   186
     * Array of attribute OIDs defined in PKCS9, by number.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   187
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   188
    static final ObjectIdentifier[] PKCS9_OIDS = new ObjectIdentifier[18];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   189
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   190
    private final static Class<?> BYTE_ARRAY_CLASS;
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   191
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   192
    static {   // static initializer for PKCS9_OIDS
90ce3da70b43 Initial load
duke
parents:
diff changeset
   193
        for (int i = 1; i < PKCS9_OIDS.length - 2; i++) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   194
            PKCS9_OIDS[i] =
90ce3da70b43 Initial load
duke
parents:
diff changeset
   195
                ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,i});
90ce3da70b43 Initial load
duke
parents:
diff changeset
   196
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   197
        // Initialize SigningCertificate and SignatureTimestampToken
90ce3da70b43 Initial load
duke
parents:
diff changeset
   198
        // separately (because their values are out of sequence)
90ce3da70b43 Initial load
duke
parents:
diff changeset
   199
        PKCS9_OIDS[PKCS9_OIDS.length - 2] =
90ce3da70b43 Initial load
duke
parents:
diff changeset
   200
            ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,16,2,12});
90ce3da70b43 Initial load
duke
parents:
diff changeset
   201
        PKCS9_OIDS[PKCS9_OIDS.length - 1] =
90ce3da70b43 Initial load
duke
parents:
diff changeset
   202
            ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,16,2,14});
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   203
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   204
        try {
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   205
            BYTE_ARRAY_CLASS = Class.forName("[B");
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   206
        } catch (ClassNotFoundException e) {
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   207
            throw new ExceptionInInitializerError(e.toString());
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   208
        }
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   209
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   210
90ce3da70b43 Initial load
duke
parents:
diff changeset
   211
    // first element [0] not used
90ce3da70b43 Initial load
duke
parents:
diff changeset
   212
    public static final ObjectIdentifier EMAIL_ADDRESS_OID = PKCS9_OIDS[1];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   213
    public static final ObjectIdentifier UNSTRUCTURED_NAME_OID = PKCS9_OIDS[2];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   214
    public static final ObjectIdentifier CONTENT_TYPE_OID = PKCS9_OIDS[3];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   215
    public static final ObjectIdentifier MESSAGE_DIGEST_OID = PKCS9_OIDS[4];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   216
    public static final ObjectIdentifier SIGNING_TIME_OID = PKCS9_OIDS[5];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   217
    public static final ObjectIdentifier COUNTERSIGNATURE_OID = PKCS9_OIDS[6];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   218
    public static final ObjectIdentifier CHALLENGE_PASSWORD_OID = PKCS9_OIDS[7];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   219
    public static final ObjectIdentifier UNSTRUCTURED_ADDRESS_OID = PKCS9_OIDS[8];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   220
    public static final ObjectIdentifier EXTENDED_CERTIFICATE_ATTRIBUTES_OID
90ce3da70b43 Initial load
duke
parents:
diff changeset
   221
                                         = PKCS9_OIDS[9];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   222
    public static final ObjectIdentifier ISSUER_SERIALNUMBER_OID = PKCS9_OIDS[10];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   223
    // [11], [12] are RSA DSI proprietary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   224
    // [13] ==> signingDescription, S/MIME, not used anymore
90ce3da70b43 Initial load
duke
parents:
diff changeset
   225
    public static final ObjectIdentifier EXTENSION_REQUEST_OID = PKCS9_OIDS[14];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   226
    public static final ObjectIdentifier SMIME_CAPABILITY_OID = PKCS9_OIDS[15];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   227
    public static final ObjectIdentifier SIGNING_CERTIFICATE_OID = PKCS9_OIDS[16];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   228
    public static final ObjectIdentifier SIGNATURE_TIMESTAMP_TOKEN_OID =
90ce3da70b43 Initial load
duke
parents:
diff changeset
   229
                                PKCS9_OIDS[17];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   230
    public static final String EMAIL_ADDRESS_STR = "EmailAddress";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   231
    public static final String UNSTRUCTURED_NAME_STR = "UnstructuredName";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   232
    public static final String CONTENT_TYPE_STR = "ContentType";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   233
    public static final String MESSAGE_DIGEST_STR = "MessageDigest";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   234
    public static final String SIGNING_TIME_STR = "SigningTime";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   235
    public static final String COUNTERSIGNATURE_STR = "Countersignature";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   236
    public static final String CHALLENGE_PASSWORD_STR = "ChallengePassword";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   237
    public static final String UNSTRUCTURED_ADDRESS_STR = "UnstructuredAddress";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   238
    public static final String EXTENDED_CERTIFICATE_ATTRIBUTES_STR =
90ce3da70b43 Initial load
duke
parents:
diff changeset
   239
                               "ExtendedCertificateAttributes";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   240
    public static final String ISSUER_SERIALNUMBER_STR = "IssuerAndSerialNumber";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   241
    // [11], [12] are RSA DSI proprietary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   242
    private static final String RSA_PROPRIETARY_STR = "RSAProprietary";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   243
    // [13] ==> signingDescription, S/MIME, not used anymore
90ce3da70b43 Initial load
duke
parents:
diff changeset
   244
    private static final String SMIME_SIGNING_DESC_STR = "SMIMESigningDesc";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   245
    public static final String EXTENSION_REQUEST_STR = "ExtensionRequest";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   246
    public static final String SMIME_CAPABILITY_STR = "SMIMECapability";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   247
    public static final String SIGNING_CERTIFICATE_STR = "SigningCertificate";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   248
    public static final String SIGNATURE_TIMESTAMP_TOKEN_STR =
90ce3da70b43 Initial load
duke
parents:
diff changeset
   249
                                "SignatureTimestampToken";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   250
90ce3da70b43 Initial load
duke
parents:
diff changeset
   251
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   252
     * Hashtable mapping names and variant names of supported
90ce3da70b43 Initial load
duke
parents:
diff changeset
   253
     * attributes to their OIDs. This table contains all name forms
90ce3da70b43 Initial load
duke
parents:
diff changeset
   254
     * that occur in PKCS9, in lower case.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   255
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   256
    private static final Hashtable<String, ObjectIdentifier> NAME_OID_TABLE =
90ce3da70b43 Initial load
duke
parents:
diff changeset
   257
        new Hashtable<String, ObjectIdentifier>(18);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   258
90ce3da70b43 Initial load
duke
parents:
diff changeset
   259
    static { // static initializer for PCKS9_NAMES
90ce3da70b43 Initial load
duke
parents:
diff changeset
   260
        NAME_OID_TABLE.put("emailaddress", PKCS9_OIDS[1]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   261
        NAME_OID_TABLE.put("unstructuredname", PKCS9_OIDS[2]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   262
        NAME_OID_TABLE.put("contenttype", PKCS9_OIDS[3]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   263
        NAME_OID_TABLE.put("messagedigest", PKCS9_OIDS[4]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   264
        NAME_OID_TABLE.put("signingtime", PKCS9_OIDS[5]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   265
        NAME_OID_TABLE.put("countersignature", PKCS9_OIDS[6]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   266
        NAME_OID_TABLE.put("challengepassword", PKCS9_OIDS[7]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   267
        NAME_OID_TABLE.put("unstructuredaddress", PKCS9_OIDS[8]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   268
        NAME_OID_TABLE.put("extendedcertificateattributes", PKCS9_OIDS[9]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   269
        NAME_OID_TABLE.put("issuerandserialnumber", PKCS9_OIDS[10]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   270
        NAME_OID_TABLE.put("rsaproprietary", PKCS9_OIDS[11]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   271
        NAME_OID_TABLE.put("rsaproprietary", PKCS9_OIDS[12]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   272
        NAME_OID_TABLE.put("signingdescription", PKCS9_OIDS[13]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   273
        NAME_OID_TABLE.put("extensionrequest", PKCS9_OIDS[14]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   274
        NAME_OID_TABLE.put("smimecapability", PKCS9_OIDS[15]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   275
        NAME_OID_TABLE.put("signingcertificate", PKCS9_OIDS[16]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   276
        NAME_OID_TABLE.put("signaturetimestamptoken", PKCS9_OIDS[17]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   277
    };
90ce3da70b43 Initial load
duke
parents:
diff changeset
   278
90ce3da70b43 Initial load
duke
parents:
diff changeset
   279
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   280
     * Hashtable mapping attribute OIDs defined in PKCS9 to the
90ce3da70b43 Initial load
duke
parents:
diff changeset
   281
     * corresponding attribute value type.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   282
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   283
    private static final Hashtable<ObjectIdentifier, String> OID_NAME_TABLE =
90ce3da70b43 Initial load
duke
parents:
diff changeset
   284
        new Hashtable<ObjectIdentifier, String>(16);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   285
    static {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   286
        OID_NAME_TABLE.put(PKCS9_OIDS[1], EMAIL_ADDRESS_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   287
        OID_NAME_TABLE.put(PKCS9_OIDS[2], UNSTRUCTURED_NAME_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   288
        OID_NAME_TABLE.put(PKCS9_OIDS[3], CONTENT_TYPE_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   289
        OID_NAME_TABLE.put(PKCS9_OIDS[4], MESSAGE_DIGEST_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   290
        OID_NAME_TABLE.put(PKCS9_OIDS[5], SIGNING_TIME_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   291
        OID_NAME_TABLE.put(PKCS9_OIDS[6], COUNTERSIGNATURE_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   292
        OID_NAME_TABLE.put(PKCS9_OIDS[7], CHALLENGE_PASSWORD_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   293
        OID_NAME_TABLE.put(PKCS9_OIDS[8], UNSTRUCTURED_ADDRESS_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   294
        OID_NAME_TABLE.put(PKCS9_OIDS[9], EXTENDED_CERTIFICATE_ATTRIBUTES_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   295
        OID_NAME_TABLE.put(PKCS9_OIDS[10], ISSUER_SERIALNUMBER_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   296
        OID_NAME_TABLE.put(PKCS9_OIDS[11], RSA_PROPRIETARY_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   297
        OID_NAME_TABLE.put(PKCS9_OIDS[12], RSA_PROPRIETARY_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   298
        OID_NAME_TABLE.put(PKCS9_OIDS[13], SMIME_SIGNING_DESC_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   299
        OID_NAME_TABLE.put(PKCS9_OIDS[14], EXTENSION_REQUEST_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   300
        OID_NAME_TABLE.put(PKCS9_OIDS[15], SMIME_CAPABILITY_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   301
        OID_NAME_TABLE.put(PKCS9_OIDS[16], SIGNING_CERTIFICATE_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   302
        OID_NAME_TABLE.put(PKCS9_OIDS[17], SIGNATURE_TIMESTAMP_TOKEN_STR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   303
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   304
90ce3da70b43 Initial load
duke
parents:
diff changeset
   305
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   306
     * Acceptable ASN.1 tags for DER encodings of values of PKCS9
90ce3da70b43 Initial load
duke
parents:
diff changeset
   307
     * attributes, by index in <code>PKCS9_OIDS</code>.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   308
     * Sets of acceptable tags are represented as arrays.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   309
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   310
    private static final Byte[][] PKCS9_VALUE_TAGS = {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   311
        null,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   312
        {new Byte(DerValue.tag_IA5String)},   // EMailAddress
19043
42407be709a3 8016916: UnstructuredName should support DirectoryString
juh
parents: 16848
diff changeset
   313
        {new Byte(DerValue.tag_IA5String),   // UnstructuredName
42407be709a3 8016916: UnstructuredName should support DirectoryString
juh
parents: 16848
diff changeset
   314
         new Byte(DerValue.tag_PrintableString)},
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   315
        {new Byte(DerValue.tag_ObjectId)},    // ContentType
90ce3da70b43 Initial load
duke
parents:
diff changeset
   316
        {new Byte(DerValue.tag_OctetString)}, // MessageDigest
90ce3da70b43 Initial load
duke
parents:
diff changeset
   317
        {new Byte(DerValue.tag_UtcTime)},     // SigningTime
90ce3da70b43 Initial load
duke
parents:
diff changeset
   318
        {new Byte(DerValue.tag_Sequence)},    // Countersignature
90ce3da70b43 Initial load
duke
parents:
diff changeset
   319
        {new Byte(DerValue.tag_PrintableString),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   320
         new Byte(DerValue.tag_T61String)},   // ChallengePassword
90ce3da70b43 Initial load
duke
parents:
diff changeset
   321
        {new Byte(DerValue.tag_PrintableString),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   322
         new Byte(DerValue.tag_T61String)},   // UnstructuredAddress
90ce3da70b43 Initial load
duke
parents:
diff changeset
   323
        {new Byte(DerValue.tag_SetOf)},       // ExtendedCertificateAttributes
90ce3da70b43 Initial load
duke
parents:
diff changeset
   324
        {new Byte(DerValue.tag_Sequence)},    // issuerAndSerialNumber
90ce3da70b43 Initial load
duke
parents:
diff changeset
   325
        null,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   326
        null,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   327
        null,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   328
        {new Byte(DerValue.tag_Sequence)},    // extensionRequest
90ce3da70b43 Initial load
duke
parents:
diff changeset
   329
        {new Byte(DerValue.tag_Sequence)},    // SMIMECapability
90ce3da70b43 Initial load
duke
parents:
diff changeset
   330
        {new Byte(DerValue.tag_Sequence)},    // SigningCertificate
90ce3da70b43 Initial load
duke
parents:
diff changeset
   331
        {new Byte(DerValue.tag_Sequence)}     // SignatureTimestampToken
90ce3da70b43 Initial load
duke
parents:
diff changeset
   332
    };
90ce3da70b43 Initial load
duke
parents:
diff changeset
   333
10336
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents: 6122
diff changeset
   334
    private static final Class<?>[] VALUE_CLASSES = new Class<?>[18];
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   335
90ce3da70b43 Initial load
duke
parents:
diff changeset
   336
    static {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   337
        try {
10336
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents: 6122
diff changeset
   338
            Class<?> str = Class.forName("[Ljava.lang.String;");
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   339
90ce3da70b43 Initial load
duke
parents:
diff changeset
   340
            VALUE_CLASSES[0] = null;  // not used
90ce3da70b43 Initial load
duke
parents:
diff changeset
   341
            VALUE_CLASSES[1] = str;   // EMailAddress
90ce3da70b43 Initial load
duke
parents:
diff changeset
   342
            VALUE_CLASSES[2] = str;   // UnstructuredName
90ce3da70b43 Initial load
duke
parents:
diff changeset
   343
            VALUE_CLASSES[3] =        // ContentType
90ce3da70b43 Initial load
duke
parents:
diff changeset
   344
                Class.forName("sun.security.util.ObjectIdentifier");
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   345
            VALUE_CLASSES[4] = BYTE_ARRAY_CLASS; // MessageDigest (byte[])
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   346
            VALUE_CLASSES[5] = Class.forName("java.util.Date"); // SigningTime
90ce3da70b43 Initial load
duke
parents:
diff changeset
   347
            VALUE_CLASSES[6] =        // Countersignature
90ce3da70b43 Initial load
duke
parents:
diff changeset
   348
                Class.forName("[Lsun.security.pkcs.SignerInfo;");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   349
            VALUE_CLASSES[7] =        // ChallengePassword
90ce3da70b43 Initial load
duke
parents:
diff changeset
   350
                Class.forName("java.lang.String");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   351
            VALUE_CLASSES[8] = str;   // UnstructuredAddress
90ce3da70b43 Initial load
duke
parents:
diff changeset
   352
            VALUE_CLASSES[9] = null;  // ExtendedCertificateAttributes
90ce3da70b43 Initial load
duke
parents:
diff changeset
   353
            VALUE_CLASSES[10] = null;  // IssuerAndSerialNumber
90ce3da70b43 Initial load
duke
parents:
diff changeset
   354
            VALUE_CLASSES[11] = null;  // not used
90ce3da70b43 Initial load
duke
parents:
diff changeset
   355
            VALUE_CLASSES[12] = null;  // not used
90ce3da70b43 Initial load
duke
parents:
diff changeset
   356
            VALUE_CLASSES[13] = null;  // not used
90ce3da70b43 Initial load
duke
parents:
diff changeset
   357
            VALUE_CLASSES[14] =        // ExtensionRequest
90ce3da70b43 Initial load
duke
parents:
diff changeset
   358
                Class.forName("sun.security.x509.CertificateExtensions");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   359
            VALUE_CLASSES[15] = null;  // not supported yet
90ce3da70b43 Initial load
duke
parents:
diff changeset
   360
            VALUE_CLASSES[16] = null;  // not supported yet
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   361
            VALUE_CLASSES[17] = BYTE_ARRAY_CLASS;  // SignatureTimestampToken
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   362
        } catch (ClassNotFoundException e) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   363
            throw new ExceptionInInitializerError(e.toString());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   364
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   365
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   366
90ce3da70b43 Initial load
duke
parents:
diff changeset
   367
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   368
     * Array indicating which PKCS9 attributes are single-valued,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   369
     * by index in <code>PKCS9_OIDS</code>.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   370
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   371
    private static final boolean[] SINGLE_VALUED = {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   372
      false,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   373
      false,   // EMailAddress
90ce3da70b43 Initial load
duke
parents:
diff changeset
   374
      false,   // UnstructuredName
90ce3da70b43 Initial load
duke
parents:
diff changeset
   375
      true,    // ContentType
90ce3da70b43 Initial load
duke
parents:
diff changeset
   376
      true,    // MessageDigest
90ce3da70b43 Initial load
duke
parents:
diff changeset
   377
      true,    // SigningTime
90ce3da70b43 Initial load
duke
parents:
diff changeset
   378
      false,   // Countersignature
90ce3da70b43 Initial load
duke
parents:
diff changeset
   379
      true,    // ChallengePassword
90ce3da70b43 Initial load
duke
parents:
diff changeset
   380
      false,   // UnstructuredAddress
90ce3da70b43 Initial load
duke
parents:
diff changeset
   381
      false,   // ExtendedCertificateAttributes
90ce3da70b43 Initial load
duke
parents:
diff changeset
   382
      true,    // IssuerAndSerialNumber - not supported yet
90ce3da70b43 Initial load
duke
parents:
diff changeset
   383
      false,   // not used
90ce3da70b43 Initial load
duke
parents:
diff changeset
   384
      false,   // not used
90ce3da70b43 Initial load
duke
parents:
diff changeset
   385
      false,   // not used
90ce3da70b43 Initial load
duke
parents:
diff changeset
   386
      true,    // ExtensionRequest
90ce3da70b43 Initial load
duke
parents:
diff changeset
   387
      true,    // SMIMECapability - not supported yet
90ce3da70b43 Initial load
duke
parents:
diff changeset
   388
      true,    // SigningCertificate
90ce3da70b43 Initial load
duke
parents:
diff changeset
   389
      true     // SignatureTimestampToken
90ce3da70b43 Initial load
duke
parents:
diff changeset
   390
    };
90ce3da70b43 Initial load
duke
parents:
diff changeset
   391
90ce3da70b43 Initial load
duke
parents:
diff changeset
   392
    /**
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   393
     * The OID of this attribute.
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   394
     */
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   395
    private ObjectIdentifier oid;
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   396
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   397
    /**
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   398
     * The index of the OID of this attribute in <code>PKCS9_OIDS</code>,
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   399
     * or -1 if it's unknown.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   400
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   401
    private int index;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   402
90ce3da70b43 Initial load
duke
parents:
diff changeset
   403
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   404
     * Value set of this attribute.  Its class is given by
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   405
     * <code>VALUE_CLASSES[index]</code>. The SET itself
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   406
     * as byte[] if unknown.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   407
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   408
    private Object value;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   409
90ce3da70b43 Initial load
duke
parents:
diff changeset
   410
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   411
     * Construct an attribute object from the attribute's OID and
90ce3da70b43 Initial load
duke
parents:
diff changeset
   412
     * value.  If the attribute is single-valued, provide only one
90ce3da70b43 Initial load
duke
parents:
diff changeset
   413
     * value.  If the attribute is multi-valued, provide an array
90ce3da70b43 Initial load
duke
parents:
diff changeset
   414
     * containing all the values.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   415
     * Arrays of length zero are accepted, though probably useless.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   416
     *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   417
     * <P> The
90ce3da70b43 Initial load
duke
parents:
diff changeset
   418
     * <a href=#classTable>table</a> gives the class that <code>value</code>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   419
     * must have for a given attribute.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   420
     *
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   421
     * @exception IllegalArgumentException
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   422
     * if the <code>value</code> has the wrong type.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   423
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   424
    public PKCS9Attribute(ObjectIdentifier oid, Object value)
90ce3da70b43 Initial load
duke
parents:
diff changeset
   425
    throws IllegalArgumentException {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   426
        init(oid, value);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   427
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   428
90ce3da70b43 Initial load
duke
parents:
diff changeset
   429
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   430
     * Construct an attribute object from the attribute's name and
90ce3da70b43 Initial load
duke
parents:
diff changeset
   431
     * value.  If the attribute is single-valued, provide only one
90ce3da70b43 Initial load
duke
parents:
diff changeset
   432
     * value.  If the attribute is multi-valued, provide an array
90ce3da70b43 Initial load
duke
parents:
diff changeset
   433
     * containing all the values.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   434
     * Arrays of length zero are accepted, though probably useless.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   435
     *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   436
     * <P> The
90ce3da70b43 Initial load
duke
parents:
diff changeset
   437
     * <a href=#classTable>table</a> gives the class that <code>value</code>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   438
     * must have for a given attribute. Reasonable variants of these
90ce3da70b43 Initial load
duke
parents:
diff changeset
   439
     * attributes are accepted; in particular, case does not matter.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   440
     *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   441
     * @exception IllegalArgumentException
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   442
     * if the <code>name</code> is not recognized or the
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   443
     * <code>value</code> has the wrong type.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   444
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   445
    public PKCS9Attribute(String name, Object value)
90ce3da70b43 Initial load
duke
parents:
diff changeset
   446
    throws IllegalArgumentException {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   447
        ObjectIdentifier oid = getOID(name);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   448
90ce3da70b43 Initial load
duke
parents:
diff changeset
   449
        if (oid == null)
90ce3da70b43 Initial load
duke
parents:
diff changeset
   450
            throw new IllegalArgumentException(
90ce3da70b43 Initial load
duke
parents:
diff changeset
   451
                       "Unrecognized attribute name " + name +
90ce3da70b43 Initial load
duke
parents:
diff changeset
   452
                       " constructing PKCS9Attribute.");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   453
90ce3da70b43 Initial load
duke
parents:
diff changeset
   454
        init(oid, value);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   455
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   456
90ce3da70b43 Initial load
duke
parents:
diff changeset
   457
    private void init(ObjectIdentifier oid, Object value)
90ce3da70b43 Initial load
duke
parents:
diff changeset
   458
        throws IllegalArgumentException {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   459
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   460
        this.oid = oid;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   461
        index = indexOf(oid, PKCS9_OIDS, 1);
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   462
        Class<?> clazz = index == -1 ? BYTE_ARRAY_CLASS: VALUE_CLASSES[index];
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   463
        if (!clazz.isInstance(value)) {
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   464
                throw new IllegalArgumentException(
90ce3da70b43 Initial load
duke
parents:
diff changeset
   465
                           "Wrong value class " +
90ce3da70b43 Initial load
duke
parents:
diff changeset
   466
                           " for attribute " + oid +
90ce3da70b43 Initial load
duke
parents:
diff changeset
   467
                           " constructing PKCS9Attribute; was " +
90ce3da70b43 Initial load
duke
parents:
diff changeset
   468
                           value.getClass().toString() + ", should be " +
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   469
                           clazz.toString());
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   470
        }
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   471
        this.value = value;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   472
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   473
90ce3da70b43 Initial load
duke
parents:
diff changeset
   474
90ce3da70b43 Initial load
duke
parents:
diff changeset
   475
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   476
     * Construct a PKCS9Attribute from its encoding on an input
90ce3da70b43 Initial load
duke
parents:
diff changeset
   477
     * stream.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   478
     *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   479
     * @param val the DerValue representing the DER encoding of the attribute.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   480
     * @exception IOException on parsing error.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   481
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   482
    public PKCS9Attribute(DerValue derVal) throws IOException {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   483
90ce3da70b43 Initial load
duke
parents:
diff changeset
   484
        DerInputStream derIn = new DerInputStream(derVal.toByteArray());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   485
        DerValue[] val =  derIn.getSequence(2);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   486
90ce3da70b43 Initial load
duke
parents:
diff changeset
   487
        if (derIn.available() != 0)
90ce3da70b43 Initial load
duke
parents:
diff changeset
   488
            throw new IOException("Excess data parsing PKCS9Attribute");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   489
90ce3da70b43 Initial load
duke
parents:
diff changeset
   490
        if (val.length != 2)
90ce3da70b43 Initial load
duke
parents:
diff changeset
   491
            throw new IOException("PKCS9Attribute doesn't have two components");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   492
90ce3da70b43 Initial load
duke
parents:
diff changeset
   493
        // get the oid
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   494
        oid = val[0].getOID();
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   495
        byte[] content = val[1].toByteArray();
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   496
        DerValue[] elems = new DerInputStream(content).getSet(1);
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   497
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   498
        index = indexOf(oid, PKCS9_OIDS, 1);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   499
        if (index == -1) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   500
            if (debug != null) {
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   501
                debug.println("Unsupported signer attribute: " + oid);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   502
            }
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   503
            value = content;
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   504
            return;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   505
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   506
90ce3da70b43 Initial load
duke
parents:
diff changeset
   507
        // check single valued have only one value
90ce3da70b43 Initial load
duke
parents:
diff changeset
   508
        if (SINGLE_VALUED[index] && elems.length > 1)
90ce3da70b43 Initial load
duke
parents:
diff changeset
   509
            throwSingleValuedException();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   510
90ce3da70b43 Initial load
duke
parents:
diff changeset
   511
        // check for illegal element tags
90ce3da70b43 Initial load
duke
parents:
diff changeset
   512
        Byte tag;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   513
        for (int i=0; i < elems.length; i++) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   514
            tag = new Byte(elems[i].tag);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   515
90ce3da70b43 Initial load
duke
parents:
diff changeset
   516
            if (indexOf(tag, PKCS9_VALUE_TAGS[index], 0) == -1)
90ce3da70b43 Initial load
duke
parents:
diff changeset
   517
                throwTagException(tag);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   518
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   519
90ce3da70b43 Initial load
duke
parents:
diff changeset
   520
        switch (index) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   521
        case 1:     // email address
90ce3da70b43 Initial load
duke
parents:
diff changeset
   522
        case 2:     // unstructured name
90ce3da70b43 Initial load
duke
parents:
diff changeset
   523
        case 8:     // unstructured address
90ce3da70b43 Initial load
duke
parents:
diff changeset
   524
            { // open scope
90ce3da70b43 Initial load
duke
parents:
diff changeset
   525
                String[] values = new String[elems.length];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   526
90ce3da70b43 Initial load
duke
parents:
diff changeset
   527
                for (int i=0; i < elems.length; i++)
90ce3da70b43 Initial load
duke
parents:
diff changeset
   528
                    values[i] = elems[i].getAsString();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   529
                value = values;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   530
            } // close scope
90ce3da70b43 Initial load
duke
parents:
diff changeset
   531
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   532
90ce3da70b43 Initial load
duke
parents:
diff changeset
   533
        case 3:     // content type
90ce3da70b43 Initial load
duke
parents:
diff changeset
   534
            value = elems[0].getOID();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   535
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   536
90ce3da70b43 Initial load
duke
parents:
diff changeset
   537
        case 4:     // message digest
90ce3da70b43 Initial load
duke
parents:
diff changeset
   538
            value = elems[0].getOctetString();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   539
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   540
90ce3da70b43 Initial load
duke
parents:
diff changeset
   541
        case 5:     // signing time
90ce3da70b43 Initial load
duke
parents:
diff changeset
   542
            value = (new DerInputStream(elems[0].toByteArray())).getUTCTime();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   543
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   544
90ce3da70b43 Initial load
duke
parents:
diff changeset
   545
        case 6:     // countersignature
90ce3da70b43 Initial load
duke
parents:
diff changeset
   546
            { // open scope
90ce3da70b43 Initial load
duke
parents:
diff changeset
   547
                SignerInfo[] values = new SignerInfo[elems.length];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   548
                for (int i=0; i < elems.length; i++)
90ce3da70b43 Initial load
duke
parents:
diff changeset
   549
                    values[i] =
90ce3da70b43 Initial load
duke
parents:
diff changeset
   550
                        new SignerInfo(elems[i].toDerInputStream());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   551
                value = values;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   552
            } // close scope
90ce3da70b43 Initial load
duke
parents:
diff changeset
   553
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   554
90ce3da70b43 Initial load
duke
parents:
diff changeset
   555
        case 7:     // challenge password
90ce3da70b43 Initial load
duke
parents:
diff changeset
   556
            value = elems[0].getAsString();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   557
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   558
90ce3da70b43 Initial load
duke
parents:
diff changeset
   559
        case 9:     // extended-certificate attribute -- not supported
90ce3da70b43 Initial load
duke
parents:
diff changeset
   560
            throw new IOException("PKCS9 extended-certificate " +
90ce3da70b43 Initial load
duke
parents:
diff changeset
   561
                                  "attribute not supported.");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   562
            // break unnecessary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   563
        case 10:    // issuerAndserialNumber attribute -- not supported
90ce3da70b43 Initial load
duke
parents:
diff changeset
   564
            throw new IOException("PKCS9 IssuerAndSerialNumber" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
   565
                                  "attribute not supported.");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   566
            // break unnecessary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   567
        case 11:    // RSA DSI proprietary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   568
        case 12:    // RSA DSI proprietary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   569
            throw new IOException("PKCS9 RSA DSI attributes" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
   570
                                  "11 and 12, not supported.");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   571
            // break unnecessary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   572
        case 13:    // S/MIME unused attribute
90ce3da70b43 Initial load
duke
parents:
diff changeset
   573
            throw new IOException("PKCS9 attribute #13 not supported.");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   574
            // break unnecessary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   575
90ce3da70b43 Initial load
duke
parents:
diff changeset
   576
        case 14:     // ExtensionRequest
90ce3da70b43 Initial load
duke
parents:
diff changeset
   577
            value = new CertificateExtensions(
90ce3da70b43 Initial load
duke
parents:
diff changeset
   578
                       new DerInputStream(elems[0].toByteArray()));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   579
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   580
90ce3da70b43 Initial load
duke
parents:
diff changeset
   581
        case 15:     // SMIME-capability attribute -- not supported
90ce3da70b43 Initial load
duke
parents:
diff changeset
   582
            throw new IOException("PKCS9 SMIMECapability " +
90ce3da70b43 Initial load
duke
parents:
diff changeset
   583
                                  "attribute not supported.");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   584
            // break unnecessary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   585
        case 16:     // SigningCertificate attribute
90ce3da70b43 Initial load
duke
parents:
diff changeset
   586
            value = new SigningCertificateInfo(elems[0].toByteArray());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   587
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   588
90ce3da70b43 Initial load
duke
parents:
diff changeset
   589
        case 17:     // SignatureTimestampToken attribute
90ce3da70b43 Initial load
duke
parents:
diff changeset
   590
            value = elems[0].toByteArray();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   591
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   592
        default: // can't happen
90ce3da70b43 Initial load
duke
parents:
diff changeset
   593
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   594
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   595
90ce3da70b43 Initial load
duke
parents:
diff changeset
   596
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   597
     * Write the DER encoding of this attribute to an output stream.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   598
     *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   599
     * <P> N.B.: This method always encodes values of
90ce3da70b43 Initial load
duke
parents:
diff changeset
   600
     * ChallengePassword and UnstructuredAddress attributes as ASN.1
90ce3da70b43 Initial load
duke
parents:
diff changeset
   601
     * <code>PrintableString</code>s, without checking whether they
90ce3da70b43 Initial load
duke
parents:
diff changeset
   602
     * should be encoded as <code>T61String</code>s.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   603
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   604
    public void derEncode(OutputStream out) throws IOException {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   605
        DerOutputStream temp = new DerOutputStream();
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   606
        temp.putOID(oid);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   607
        switch (index) {
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   608
        case -1:    // Unknown
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   609
            temp.write((byte[])value);
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   610
            break;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   611
        case 1:     // email address
90ce3da70b43 Initial load
duke
parents:
diff changeset
   612
        case 2:     // unstructured name
90ce3da70b43 Initial load
duke
parents:
diff changeset
   613
            { // open scope
90ce3da70b43 Initial load
duke
parents:
diff changeset
   614
                String[] values = (String[]) value;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   615
                DerOutputStream[] temps = new
90ce3da70b43 Initial load
duke
parents:
diff changeset
   616
                    DerOutputStream[values.length];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   617
90ce3da70b43 Initial load
duke
parents:
diff changeset
   618
                for (int i=0; i < values.length; i++) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   619
                    temps[i] = new DerOutputStream();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   620
                    temps[i].putIA5String( values[i]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   621
                }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   622
                temp.putOrderedSetOf(DerValue.tag_Set, temps);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   623
            } // close scope
90ce3da70b43 Initial load
duke
parents:
diff changeset
   624
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   625
90ce3da70b43 Initial load
duke
parents:
diff changeset
   626
        case 3:     // content type
90ce3da70b43 Initial load
duke
parents:
diff changeset
   627
            {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   628
                DerOutputStream temp2 = new DerOutputStream();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   629
                temp2.putOID((ObjectIdentifier) value);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   630
                temp.write(DerValue.tag_Set, temp2.toByteArray());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   631
            }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   632
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   633
90ce3da70b43 Initial load
duke
parents:
diff changeset
   634
        case 4:     // message digest
90ce3da70b43 Initial load
duke
parents:
diff changeset
   635
            {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   636
                DerOutputStream temp2 = new DerOutputStream();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   637
                temp2.putOctetString((byte[]) value);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   638
                temp.write(DerValue.tag_Set, temp2.toByteArray());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   639
            }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   640
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   641
90ce3da70b43 Initial load
duke
parents:
diff changeset
   642
        case 5:     // signing time
90ce3da70b43 Initial load
duke
parents:
diff changeset
   643
            {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   644
                DerOutputStream temp2 = new DerOutputStream();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   645
                temp2.putUTCTime((Date) value);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   646
                temp.write(DerValue.tag_Set, temp2.toByteArray());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   647
            }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   648
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   649
90ce3da70b43 Initial load
duke
parents:
diff changeset
   650
        case 6:     // countersignature
90ce3da70b43 Initial load
duke
parents:
diff changeset
   651
            temp.putOrderedSetOf(DerValue.tag_Set, (DerEncoder[]) value);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   652
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   653
90ce3da70b43 Initial load
duke
parents:
diff changeset
   654
        case 7:     // challenge password
90ce3da70b43 Initial load
duke
parents:
diff changeset
   655
            {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   656
                DerOutputStream temp2 = new DerOutputStream();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   657
                temp2.putPrintableString((String) value);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   658
                temp.write(DerValue.tag_Set, temp2.toByteArray());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   659
            }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   660
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   661
90ce3da70b43 Initial load
duke
parents:
diff changeset
   662
        case 8:     // unstructured address
90ce3da70b43 Initial load
duke
parents:
diff changeset
   663
            { // open scope
90ce3da70b43 Initial load
duke
parents:
diff changeset
   664
                String[] values = (String[]) value;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   665
                DerOutputStream[] temps = new
90ce3da70b43 Initial load
duke
parents:
diff changeset
   666
                    DerOutputStream[values.length];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   667
90ce3da70b43 Initial load
duke
parents:
diff changeset
   668
                for (int i=0; i < values.length; i++) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   669
                    temps[i] = new DerOutputStream();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   670
                    temps[i].putPrintableString(values[i]);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   671
                }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   672
                temp.putOrderedSetOf(DerValue.tag_Set, temps);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   673
            } // close scope
90ce3da70b43 Initial load
duke
parents:
diff changeset
   674
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   675
90ce3da70b43 Initial load
duke
parents:
diff changeset
   676
        case 9:     // extended-certificate attribute -- not supported
90ce3da70b43 Initial load
duke
parents:
diff changeset
   677
            throw new IOException("PKCS9 extended-certificate " +
90ce3da70b43 Initial load
duke
parents:
diff changeset
   678
                                  "attribute not supported.");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   679
            // break unnecessary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   680
        case 10:    // issuerAndserialNumber attribute -- not supported
90ce3da70b43 Initial load
duke
parents:
diff changeset
   681
            throw new IOException("PKCS9 IssuerAndSerialNumber" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
   682
                                  "attribute not supported.");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   683
            // break unnecessary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   684
        case 11:    // RSA DSI proprietary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   685
        case 12:    // RSA DSI proprietary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   686
            throw new IOException("PKCS9 RSA DSI attributes" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
   687
                                  "11 and 12, not supported.");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   688
            // break unnecessary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   689
        case 13:    // S/MIME unused attribute
90ce3da70b43 Initial load
duke
parents:
diff changeset
   690
            throw new IOException("PKCS9 attribute #13 not supported.");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   691
            // break unnecessary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   692
90ce3da70b43 Initial load
duke
parents:
diff changeset
   693
        case 14:     // ExtensionRequest
90ce3da70b43 Initial load
duke
parents:
diff changeset
   694
            {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   695
                DerOutputStream temp2 = new DerOutputStream();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   696
                CertificateExtensions exts = (CertificateExtensions)value;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   697
                try {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   698
                    exts.encode(temp2, true);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   699
                } catch (CertificateException ex) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   700
                    throw new IOException(ex.toString());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   701
                }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   702
                temp.write(DerValue.tag_Set, temp2.toByteArray());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   703
            }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   704
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   705
        case 15:    // SMIMECapability
90ce3da70b43 Initial load
duke
parents:
diff changeset
   706
            throw new IOException("PKCS9 attribute #15 not supported.");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   707
            // break unnecessary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   708
90ce3da70b43 Initial load
duke
parents:
diff changeset
   709
        case 16:    // SigningCertificate
90ce3da70b43 Initial load
duke
parents:
diff changeset
   710
            throw new IOException(
90ce3da70b43 Initial load
duke
parents:
diff changeset
   711
                "PKCS9 SigningCertificate attribute not supported.");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   712
            // break unnecessary
90ce3da70b43 Initial load
duke
parents:
diff changeset
   713
90ce3da70b43 Initial load
duke
parents:
diff changeset
   714
        case 17:    // SignatureTimestampToken
90ce3da70b43 Initial load
duke
parents:
diff changeset
   715
            temp.write(DerValue.tag_Set, (byte[])value);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   716
            break;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   717
90ce3da70b43 Initial load
duke
parents:
diff changeset
   718
        default: // can't happen
90ce3da70b43 Initial load
duke
parents:
diff changeset
   719
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   720
90ce3da70b43 Initial load
duke
parents:
diff changeset
   721
        DerOutputStream derOut = new DerOutputStream();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   722
        derOut.write(DerValue.tag_Sequence, temp.toByteArray());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   723
90ce3da70b43 Initial load
duke
parents:
diff changeset
   724
        out.write(derOut.toByteArray());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   725
90ce3da70b43 Initial load
duke
parents:
diff changeset
   726
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   727
90ce3da70b43 Initial load
duke
parents:
diff changeset
   728
    /**
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   729
     * Returns if the attribute is known. Unknown attributes can be created
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   730
     * from DER encoding with unknown OIDs.
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   731
     */
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   732
    public boolean isKnown() {
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   733
        return index != -1;
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   734
    }
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   735
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   736
    /**
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   737
     * Get the value of this attribute.  If the attribute is
90ce3da70b43 Initial load
duke
parents:
diff changeset
   738
     * single-valued, return just the one value.  If the attribute is
90ce3da70b43 Initial load
duke
parents:
diff changeset
   739
     * multi-valued, return an array containing all the values.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   740
     * It is possible for this array to be of length 0.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   741
     *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   742
     * <P> The
90ce3da70b43 Initial load
duke
parents:
diff changeset
   743
     * <a href=#classTable>table</a> gives the class of the value returned,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   744
     * depending on the type of this attribute.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   745
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   746
    public Object getValue() {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   747
        return value;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   748
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   749
90ce3da70b43 Initial load
duke
parents:
diff changeset
   750
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   751
     * Show whether this attribute is single-valued.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   752
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   753
    public boolean isSingleValued() {
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   754
        return index == -1 || SINGLE_VALUED[index];
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   755
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   756
90ce3da70b43 Initial load
duke
parents:
diff changeset
   757
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   758
     *  Return the OID of this attribute.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   759
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   760
    public ObjectIdentifier getOID() {
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   761
        return oid;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   762
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   763
90ce3da70b43 Initial load
duke
parents:
diff changeset
   764
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   765
     *  Return the name of this attribute.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   766
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   767
    public String getName() {
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   768
        return index == -1 ?
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   769
                oid.toString() :
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   770
                OID_NAME_TABLE.get(PKCS9_OIDS[index]);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   771
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   772
90ce3da70b43 Initial load
duke
parents:
diff changeset
   773
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   774
     * Return the OID for a given attribute name or null if we don't recognize
90ce3da70b43 Initial load
duke
parents:
diff changeset
   775
     * the name.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   776
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   777
    public static ObjectIdentifier getOID(String name) {
6122
16fa7ed7ff1b 6867345: Turkish regional options cause NPE in sun.security.x509.AlgorithmId.algOID
xuelei
parents: 5506
diff changeset
   778
        return NAME_OID_TABLE.get(name.toLowerCase(Locale.ENGLISH));
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   779
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   780
90ce3da70b43 Initial load
duke
parents:
diff changeset
   781
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   782
     * Return the attribute name for a given OID or null if we don't recognize
90ce3da70b43 Initial load
duke
parents:
diff changeset
   783
     * the oid.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   784
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   785
    public static String getName(ObjectIdentifier oid) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   786
        return OID_NAME_TABLE.get(oid);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   787
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   788
90ce3da70b43 Initial load
duke
parents:
diff changeset
   789
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   790
     * Returns a string representation of this attribute.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   791
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   792
    public String toString() {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   793
        StringBuffer buf = new StringBuffer(100);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   794
90ce3da70b43 Initial load
duke
parents:
diff changeset
   795
        buf.append("[");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   796
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   797
        if (index == -1) {
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   798
            buf.append(oid.toString());
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   799
        } else {
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   800
            buf.append(OID_NAME_TABLE.get(PKCS9_OIDS[index]));
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   801
        }
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   802
        buf.append(": ");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   803
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   804
        if (index == -1 || SINGLE_VALUED[index]) {
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   805
            if (value instanceof byte[]) { // special case for octet string
90ce3da70b43 Initial load
duke
parents:
diff changeset
   806
                HexDumpEncoder hexDump = new HexDumpEncoder();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   807
                buf.append(hexDump.encodeBuffer((byte[]) value));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   808
            } else {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   809
                buf.append(value.toString());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   810
            }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   811
            buf.append("]");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   812
            return buf.toString();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   813
        } else { // multi-valued
90ce3da70b43 Initial load
duke
parents:
diff changeset
   814
            boolean first = true;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   815
            Object[] values = (Object[]) value;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   816
90ce3da70b43 Initial load
duke
parents:
diff changeset
   817
            for (int j=0; j < values.length; j++) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   818
                if (first)
90ce3da70b43 Initial load
duke
parents:
diff changeset
   819
                    first = false;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   820
                else
90ce3da70b43 Initial load
duke
parents:
diff changeset
   821
                    buf.append(", ");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   822
90ce3da70b43 Initial load
duke
parents:
diff changeset
   823
                buf.append(values[j].toString());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   824
            }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   825
            return buf.toString();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   826
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   827
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   828
90ce3da70b43 Initial load
duke
parents:
diff changeset
   829
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   830
     * Beginning the search at <code>start</code>, find the first
90ce3da70b43 Initial load
duke
parents:
diff changeset
   831
     * index <code>i</code> such that <code>a[i] = obj</code>.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   832
     *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   833
     * @return the index, if found, and -1 otherwise.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   834
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   835
    static int indexOf(Object obj, Object[] a, int start) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   836
        for (int i=start; i < a.length; i++) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   837
            if (obj.equals(a[i])) return i;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   838
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   839
        return -1;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   840
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   841
90ce3da70b43 Initial load
duke
parents:
diff changeset
   842
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   843
     * Throw an exception when there are multiple values for
90ce3da70b43 Initial load
duke
parents:
diff changeset
   844
     * a single-valued attribute.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   845
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   846
    private void throwSingleValuedException() throws IOException {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   847
        throw new IOException("Single-value attribute " +
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   848
                              oid + " (" + getName() + ")" +
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   849
                              " has multiple values.");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   850
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   851
90ce3da70b43 Initial load
duke
parents:
diff changeset
   852
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   853
     * Throw an exception when the tag on a value encoding is
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   854
     * wrong for the attribute whose value it is. This method
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   855
     * will only be called for known tags.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   856
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   857
    private void throwTagException(Byte tag)
90ce3da70b43 Initial load
duke
parents:
diff changeset
   858
    throws IOException {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   859
        Byte[] expectedTags = PKCS9_VALUE_TAGS[index];
90ce3da70b43 Initial load
duke
parents:
diff changeset
   860
        StringBuffer msg = new StringBuffer(100);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   861
        msg.append("Value of attribute ");
16848
630dd3143428 8011867: Accept unknown PKCS #9 attributes
weijun
parents: 10336
diff changeset
   862
        msg.append(oid.toString());
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   863
        msg.append(" (");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   864
        msg.append(getName());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   865
        msg.append(") has wrong tag: ");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   866
        msg.append(tag.toString());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   867
        msg.append(".  Expected tags: ");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   868
90ce3da70b43 Initial load
duke
parents:
diff changeset
   869
        msg.append(expectedTags[0].toString());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   870
90ce3da70b43 Initial load
duke
parents:
diff changeset
   871
        for (int i = 1; i < expectedTags.length; i++) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   872
            msg.append(", ");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   873
            msg.append(expectedTags[i].toString());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   874
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   875
        msg.append(".");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   876
        throw new IOException(msg.toString());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   877
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   878
}