--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/share/classes/java/security/PKCS12Attribute.java Tue Sep 12 19:03:39 2017 +0200
@@ -0,0 +1,286 @@
+/*
+ * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package java.security;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.Arrays;
+import java.util.regex.Pattern;
+import sun.security.util.*;
+
+/**
+ * An attribute associated with a PKCS12 keystore entry.
+ * The attribute name is an ASN.1 Object Identifier and the attribute
+ * value is a set of ASN.1 types.
+ *
+ * @since 1.8
+ */
+public final class PKCS12Attribute implements KeyStore.Entry.Attribute {
+
+ private static final Pattern COLON_SEPARATED_HEX_PAIRS =
+ Pattern.compile("^[0-9a-fA-F]{2}(:[0-9a-fA-F]{2})+$");
+ private String name;
+ private String value;
+ private byte[] encoded;
+ private int hashValue = -1;
+
+ /**
+ * Constructs a PKCS12 attribute from its name and value.
+ * The name is an ASN.1 Object Identifier represented as a list of
+ * dot-separated integers.
+ * A string value is represented as the string itself.
+ * A binary value is represented as a string of colon-separated
+ * pairs of hexadecimal digits.
+ * Multi-valued attributes are represented as a comma-separated
+ * list of values, enclosed in square brackets. See
+ * {@link Arrays#toString(java.lang.Object[])}.
+ * <p>
+ * A string value will be DER-encoded as an ASN.1 UTF8String and a
+ * binary value will be DER-encoded as an ASN.1 Octet String.
+ *
+ * @param name the attribute's identifier
+ * @param value the attribute's value
+ *
+ * @exception NullPointerException if {@code name} or {@code value}
+ * is {@code null}
+ * @exception IllegalArgumentException if {@code name} or
+ * {@code value} is incorrectly formatted
+ */
+ public PKCS12Attribute(String name, String value) {
+ if (name == null || value == null) {
+ throw new NullPointerException();
+ }
+ // Validate name
+ ObjectIdentifier type;
+ try {
+ type = new ObjectIdentifier(name);
+ } catch (IOException e) {
+ throw new IllegalArgumentException("Incorrect format: name", e);
+ }
+ this.name = name;
+
+ // Validate value
+ int length = value.length();
+ String[] values;
+ if (length > 1 &&
+ value.charAt(0) == '[' && value.charAt(length - 1) == ']') {
+ values = value.substring(1, length - 1).split(", ");
+ } else {
+ values = new String[]{ value };
+ }
+ this.value = value;
+
+ try {
+ this.encoded = encode(type, values);
+ } catch (IOException e) {
+ throw new IllegalArgumentException("Incorrect format: value", e);
+ }
+ }
+
+ /**
+ * Constructs a PKCS12 attribute from its ASN.1 DER encoding.
+ * The DER encoding is specified by the following ASN.1 definition:
+ * <pre>
+ *
+ * Attribute ::= SEQUENCE {
+ * type AttributeType,
+ * values SET OF AttributeValue
+ * }
+ * AttributeType ::= OBJECT IDENTIFIER
+ * AttributeValue ::= ANY defined by type
+ *
+ * </pre>
+ *
+ * @param encoded the attribute's ASN.1 DER encoding. It is cloned
+ * to prevent subsequent modificaion.
+ *
+ * @exception NullPointerException if {@code encoded} is
+ * {@code null}
+ * @exception IllegalArgumentException if {@code encoded} is
+ * incorrectly formatted
+ */
+ public PKCS12Attribute(byte[] encoded) {
+ if (encoded == null) {
+ throw new NullPointerException();
+ }
+ this.encoded = encoded.clone();
+
+ try {
+ parse(encoded);
+ } catch (IOException e) {
+ throw new IllegalArgumentException("Incorrect format: encoded", e);
+ }
+ }
+
+ /**
+ * Returns the attribute's ASN.1 Object Identifier represented as a
+ * list of dot-separated integers.
+ *
+ * @return the attribute's identifier
+ */
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * Returns the attribute's ASN.1 DER-encoded value as a string.
+ * An ASN.1 DER-encoded value is returned in one of the following
+ * {@code String} formats:
+ * <ul>
+ * <li> the DER encoding of a basic ASN.1 type that has a natural
+ * string representation is returned as the string itself.
+ * Such types are currently limited to BOOLEAN, INTEGER,
+ * OBJECT IDENTIFIER, UTCTime, GeneralizedTime and the
+ * following six ASN.1 string types: UTF8String,
+ * PrintableString, T61String, IA5String, BMPString and
+ * GeneralString.
+ * <li> the DER encoding of any other ASN.1 type is not decoded but
+ * returned as a binary string of colon-separated pairs of
+ * hexadecimal digits.
+ * </ul>
+ * Multi-valued attributes are represented as a comma-separated
+ * list of values, enclosed in square brackets. See
+ * {@link Arrays#toString(java.lang.Object[])}.
+ *
+ * @return the attribute value's string encoding
+ */
+ @Override
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * Returns the attribute's ASN.1 DER encoding.
+ *
+ * @return a clone of the attribute's DER encoding
+ */
+ public byte[] getEncoded() {
+ return encoded.clone();
+ }
+
+ /**
+ * Compares this {@code PKCS12Attribute} and a specified object for
+ * equality.
+ *
+ * @param obj the comparison object
+ *
+ * @return true if {@code obj} is a {@code PKCS12Attribute} and
+ * their DER encodings are equal.
+ */
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ }
+ if (!(obj instanceof PKCS12Attribute)) {
+ return false;
+ }
+ return Arrays.equals(encoded, ((PKCS12Attribute) obj).getEncoded());
+ }
+
+ /**
+ * Returns the hashcode for this {@code PKCS12Attribute}.
+ * The hash code is computed from its DER encoding.
+ *
+ * @return the hash code
+ */
+ @Override
+ public int hashCode() {
+ if (hashValue == -1) {
+ Arrays.hashCode(encoded);
+ }
+ return hashValue;
+ }
+
+ /**
+ * Returns a string representation of this {@code PKCS12Attribute}.
+ *
+ * @return a name/value pair separated by an 'equals' symbol
+ */
+ @Override
+ public String toString() {
+ return (name + "=" + value);
+ }
+
+ private byte[] encode(ObjectIdentifier type, String[] values)
+ throws IOException {
+ DerOutputStream attribute = new DerOutputStream();
+ attribute.putOID(type);
+ DerOutputStream attrContent = new DerOutputStream();
+ for (String value : values) {
+ if (COLON_SEPARATED_HEX_PAIRS.matcher(value).matches()) {
+ byte[] bytes =
+ new BigInteger(value.replace(":", ""), 16).toByteArray();
+ if (bytes[0] == 0) {
+ bytes = Arrays.copyOfRange(bytes, 1, bytes.length);
+ }
+ attrContent.putOctetString(bytes);
+ } else {
+ attrContent.putUTF8String(value);
+ }
+ }
+ attribute.write(DerValue.tag_Set, attrContent);
+ DerOutputStream attributeValue = new DerOutputStream();
+ attributeValue.write(DerValue.tag_Sequence, attribute);
+
+ return attributeValue.toByteArray();
+ }
+
+ private void parse(byte[] encoded) throws IOException {
+ DerInputStream attributeValue = new DerInputStream(encoded);
+ DerValue[] attrSeq = attributeValue.getSequence(2);
+ ObjectIdentifier type = attrSeq[0].getOID();
+ DerInputStream attrContent =
+ new DerInputStream(attrSeq[1].toByteArray());
+ DerValue[] attrValueSet = attrContent.getSet(1);
+ String[] values = new String[attrValueSet.length];
+ String printableString;
+ for (int i = 0; i < attrValueSet.length; i++) {
+ if (attrValueSet[i].tag == DerValue.tag_OctetString) {
+ values[i] = Debug.toString(attrValueSet[i].getOctetString());
+ } else if ((printableString = attrValueSet[i].getAsString())
+ != null) {
+ values[i] = printableString;
+ } else if (attrValueSet[i].tag == DerValue.tag_ObjectId) {
+ values[i] = attrValueSet[i].getOID().toString();
+ } else if (attrValueSet[i].tag == DerValue.tag_GeneralizedTime) {
+ values[i] = attrValueSet[i].getGeneralizedTime().toString();
+ } else if (attrValueSet[i].tag == DerValue.tag_UtcTime) {
+ values[i] = attrValueSet[i].getUTCTime().toString();
+ } else if (attrValueSet[i].tag == DerValue.tag_Integer) {
+ values[i] = attrValueSet[i].getBigInteger().toString();
+ } else if (attrValueSet[i].tag == DerValue.tag_Boolean) {
+ values[i] = String.valueOf(attrValueSet[i].getBoolean());
+ } else {
+ values[i] = Debug.toString(attrValueSet[i].getDataBytes());
+ }
+ }
+
+ this.name = type.toString();
+ this.value = values.length == 1 ? values[0] : Arrays.toString(values);
+ }
+}