Skip to content
Permalink
Browse files

Automatic merge of jdk:master into master

  • Loading branch information
duke
duke committed May 19, 2020
2 parents 49da8f7 + 080b3b8 commit f9dc03f15f3408f54998d2ab667aac12c57db5ae
Showing with 1,999 additions and 2,063 deletions.
  1. +2 −2 src/java.base/macosx/classes/apple/security/KeychainStore.java
  2. +1 −1 src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java
  3. +6 −12 src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java
  4. +2 −2 src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java
  5. +17 −37 src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java
  6. +224 −339 src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
  7. +1 −1 src/java.base/share/classes/java/security/PKCS12Attribute.java
  8. +2 −2 src/java.base/share/classes/java/security/cert/CertificateRevokedException.java
  9. +6 −10 src/java.base/share/classes/java/security/cert/X509CertSelector.java
  10. +11 −11 src/java.base/share/classes/sun/security/pkcs/ContentInfo.java
  11. +1 −1 src/java.base/share/classes/sun/security/pkcs/PKCS7.java
  12. +45 −142 src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java
  13. +18 −25 src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
  14. +6 −6 src/java.base/share/classes/sun/security/provider/KeyProtector.java
  15. +75 −97 src/java.base/share/classes/sun/security/provider/SunEntries.java
  16. +2 −5 src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java
  17. +2 −1 src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java
  18. +2 −2 src/java.base/share/classes/sun/security/rsa/PSSParameters.java
  19. +38 −51 src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
  20. +8 −8 src/java.base/share/classes/sun/security/ssl/SunJSSE.java
  21. +12 −6 src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java
  22. +2 −2 src/java.base/share/classes/sun/security/timestamp/TSRequest.java
  23. +50 −37 src/java.base/share/classes/sun/security/tools/keytool/Main.java
  24. +2 −2 src/java.base/share/classes/sun/security/util/ConstraintsParameters.java
  25. +133 −158 src/java.base/share/classes/sun/security/util/CurveDB.java
  26. +495 −0 src/java.base/share/classes/sun/security/util/KnownOIDs.java
  27. +27 −13 src/java.base/share/classes/sun/security/util/NamedCurve.java
  28. +34 −9 src/java.base/share/classes/sun/security/util/ObjectIdentifier.java
  29. +88 −2 src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java
  30. +18 −10 src/java.base/share/classes/sun/security/validator/EndEntityChecker.java
  31. +14 −9 src/java.base/share/classes/sun/security/validator/SimpleValidator.java
  32. +3 −3 src/java.base/share/classes/sun/security/x509/AVA.java
  33. +4 −4 src/java.base/share/classes/sun/security/x509/AccessDescription.java
  34. +104 −450 src/java.base/share/classes/sun/security/x509/AlgorithmId.java
  35. +6 −25 src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java
  36. +2 −5 src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java
  37. +1 −1 src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java
  38. +2 −2 src/java.base/share/classes/sun/security/x509/OIDMap.java
  39. +2 −2 src/java.base/share/classes/sun/security/x509/OIDName.java
  40. +27 −27 src/java.base/share/classes/sun/security/x509/PKIXExtensions.java
  41. +17 −17 src/java.base/share/classes/sun/security/x509/X500Name.java
  42. +4 −3 src/java.base/share/classes/sun/security/x509/X509CRLEntryImpl.java
  43. +2 −2 src/java.base/share/classes/sun/security/x509/X509CRLImpl.java
  44. +7 −12 src/java.base/share/classes/sun/security/x509/X509CertImpl.java
  45. +2 −2 src/java.security.jgss/share/classes/org/ietf/jgss/Oid.java
  46. +2 −2 src/java.security.jgss/share/classes/sun/security/jgss/GSSContextImpl.java
  47. +2 −2 src/java.security.jgss/share/classes/sun/security/jgss/GSSNameImpl.java
  48. +2 −2 src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Token.java
  49. +2 −2 src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoToken.java
  50. +2 −2 src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java
  51. +2 −2 src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java
  52. +85 −123 src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
  53. +45 −54 src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
  54. +1 −1 src/jdk.crypto.ec/share/classes/sun/security/ec/XECParameters.java
  55. +27 −37 src/jdk.crypto.ec/share/classes/sun/security/ec/ed/EdDSAParameters.java
  56. +44 −39 src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/SunMSCAPI.java
  57. +15 −7 src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/LibMDMech.java
  58. +3 −7 src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/ServiceDesc.java
  59. +73 −59 src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoMech.java
  60. +3 −5 src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoProvider.java
  61. +4 −18 src/jdk.jartool/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java
  62. +2 −2 test/jdk/java/security/testlibrary/CertificateBuilder.java
  63. +3 −6 test/jdk/java/security/testlibrary/SimpleOCSPServer.java
  64. +4 −4 test/jdk/sun/security/jgss/spnego/NotPreferredMech.java
  65. +3 −3 test/jdk/sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java
  66. +3 −3 test/jdk/sun/security/pkcs/pkcs10/PKCS10AttributeReader.java
  67. +4 −4 test/jdk/sun/security/pkcs/pkcs9/UnknownAttribute.java
  68. +3 −3 test/jdk/sun/security/pkcs12/PKCS12SameKeyId.java
  69. +40 −36 test/jdk/sun/security/pkcs12/ParamsPreferences.java
  70. +35 −31 test/jdk/sun/security/pkcs12/ParamsTest.java
  71. +4 −3 test/jdk/sun/security/tools/jarsigner/TimestampCheck.java
  72. +11 −11 test/jdk/sun/security/tools/keytool/KeyToolTest.java
  73. +3 −3 test/jdk/sun/security/util/Oid/OidEquals.java
  74. +3 −5 test/jdk/sun/security/util/Oid/OidFormat.java
  75. +3 −3 test/jdk/sun/security/util/Oid/S11N.java
  76. +2 −2 test/jdk/sun/security/x509/AVA/AVAEqualsHashCode.java
  77. +32 −19 test/jdk/sun/security/x509/AlgorithmId/ExtensibleAlgorithmId.java
  78. +2 −2 test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java
  79. +3 −3 test/jdk/sun/security/x509/equalNames/AltNamesEqualsTest.java
@@ -93,9 +93,9 @@
* PKCS12 bag we get from the Keychain.
*/
private static ObjectIdentifier PKCS8ShroudedKeyBag_OID =
ObjectIdentifier.of("1.2.840.113549.1.12.10.1.2");
ObjectIdentifier.of(KnownOIDs.PKCS8ShroudedKeyBag);
private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID =
ObjectIdentifier.of("1.2.840.113549.1.12.1.3");
ObjectIdentifier.of(KnownOIDs.PBEWithSHA1AndDESede);

/**
* Constnats used in PBE decryption.
@@ -71,7 +71,7 @@

// Note: this OID is used by DHPrivateKey as well.
static ObjectIdentifier DH_OID =
ObjectIdentifier.of("1.2.840.113549.1.3.1");
ObjectIdentifier.of(KnownOIDs.DiffieHellman);

/**
* Make a DH public key out of a public value <code>y</code>, a prime
@@ -48,6 +48,7 @@

import sun.security.x509.AlgorithmId;
import sun.security.util.ObjectIdentifier;
import sun.security.util.KnownOIDs;
import sun.security.util.SecurityProperties;

/**
@@ -67,14 +68,6 @@

final class KeyProtector {

// defined by SunSoft (SKI project)
private static final String PBE_WITH_MD5_AND_DES3_CBC_OID
= "1.3.6.1.4.1.42.2.19.1";

// JavaSoft proprietary key-protection algorithm (used to protect private
// keys in the keystore implementation that comes with JDK 1.2)
private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1";

private static final int MAX_ITERATION_COUNT = 5000000;
private static final int MIN_ITERATION_COUNT = 10000;
private static final int DEFAULT_ITERATION_COUNT = 200000;
@@ -154,7 +147,8 @@
pbeParams.init(pbeSpec);

AlgorithmId encrAlg = new AlgorithmId
(new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), pbeParams);
(ObjectIdentifier.of(KnownOIDs.JAVASOFT_JCEKeyProtector),
pbeParams);
return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
}

@@ -169,13 +163,13 @@ Key recover(EncryptedPrivateKeyInfo encrInfo)
SecretKey sKey = null;
try {
String encrAlg = encrInfo.getAlgorithm().getOID().toString();
if (!encrAlg.equals(PBE_WITH_MD5_AND_DES3_CBC_OID)
&& !encrAlg.equals(KEY_PROTECTOR_OID)) {
if (!encrAlg.equals(KnownOIDs.JAVASOFT_JCEKeyProtector.value())
&& !encrAlg.equals(KnownOIDs.JAVASOFT_JDKKeyProtector.value())) {
throw new UnrecoverableKeyException("Unsupported encryption "
+ "algorithm");
}

if (encrAlg.equals(KEY_PROTECTOR_OID)) {
if (encrAlg.equals(KnownOIDs.JAVASOFT_JDKKeyProtector.value())) {
// JDK 1.2 style recovery
plain = recover(encrInfo.getEncryptedData());
} else {
@@ -56,9 +56,9 @@
private MGF1ParameterSpec mgfSpec;
private byte[] p;
private static ObjectIdentifier OID_MGF1 =
ObjectIdentifier.of("1.2.840.113549.1.1.8");
ObjectIdentifier.of(KnownOIDs.MGF1);
private static ObjectIdentifier OID_PSpecified =
ObjectIdentifier.of("1.2.840.113549.1.1.9");
ObjectIdentifier.of(KnownOIDs.PSpecified);

public OAEPParameters() {
}
@@ -93,25 +93,15 @@
abstract class PBES2Parameters extends AlgorithmParametersSpi {

private static ObjectIdentifier pkcs5PBKDF2_OID =
ObjectIdentifier.of("1.2.840.113549.1.5.12");
ObjectIdentifier.of(KnownOIDs.PBKDF2WithHmacSHA1);
private static ObjectIdentifier pkcs5PBES2_OID =
ObjectIdentifier.of("1.2.840.113549.1.5.13");
private static ObjectIdentifier hmacWithSHA1_OID =
ObjectIdentifier.of("1.2.840.113549.2.7");
private static ObjectIdentifier hmacWithSHA224_OID =
ObjectIdentifier.of("1.2.840.113549.2.8");
private static ObjectIdentifier hmacWithSHA256_OID =
ObjectIdentifier.of("1.2.840.113549.2.9");
private static ObjectIdentifier hmacWithSHA384_OID =
ObjectIdentifier.of("1.2.840.113549.2.10");
private static ObjectIdentifier hmacWithSHA512_OID =
ObjectIdentifier.of("1.2.840.113549.2.11");
ObjectIdentifier.of(KnownOIDs.PBES2);
private static ObjectIdentifier aes128CBC_OID =
ObjectIdentifier.of("2.16.840.1.101.3.4.1.2");
ObjectIdentifier.of(KnownOIDs.AES_128$CBC$NoPadding);
private static ObjectIdentifier aes192CBC_OID =
ObjectIdentifier.of("2.16.840.1.101.3.4.1.22");
ObjectIdentifier.of(KnownOIDs.AES_192$CBC$NoPadding);
private static ObjectIdentifier aes256CBC_OID =
ObjectIdentifier.of("2.16.840.1.101.3.4.1.42");
ObjectIdentifier.of(KnownOIDs.AES_256$CBC$NoPadding);

// the PBES2 algorithm name
private String pbes2AlgorithmName = null;
@@ -126,7 +116,8 @@
private AlgorithmParameterSpec cipherParam = null;

// the key derivation function (default is HmacSHA1)
private ObjectIdentifier kdfAlgo_OID = hmacWithSHA1_OID;
private ObjectIdentifier kdfAlgo_OID =
ObjectIdentifier.of(KnownOIDs.HmacSHA1);

// the encryption function
private ObjectIdentifier cipherAlgo_OID = null;
@@ -171,19 +162,11 @@

switch (kdfAlgo) {
case "HmacSHA1":
kdfAlgo_OID = hmacWithSHA1_OID;
break;
case "HmacSHA224":
kdfAlgo_OID = hmacWithSHA224_OID;
break;
case "HmacSHA256":
kdfAlgo_OID = hmacWithSHA256_OID;
break;
case "HmacSHA384":
kdfAlgo_OID = hmacWithSHA384_OID;
break;
case "HmacSHA512":
kdfAlgo_OID = hmacWithSHA512_OID;
kdfAlgo_OID = ObjectIdentifier.of(KnownOIDs.findMatch(kdfAlgo));
break;
default:
throw new NoSuchAlgorithmException(
@@ -255,7 +238,7 @@ protected void engineInit(byte[] encoded)
}
cipherAlgo = parseES(pBES2_params.data.getDerValue());

pbes2AlgorithmName = new StringBuilder().append("PBEWith")
this.pbes2AlgorithmName = new StringBuilder().append("PBEWith")
.append(kdfAlgo).append("And").append(cipherAlgo).toString();
}

@@ -306,21 +289,18 @@ private String parseKDF(DerValue keyDerivationFunc) throws IOException {
}
if (prf != null) {
kdfAlgo_OID = prf.data.getOID();
if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA1";
} else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA224";
} else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA256";
} else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA384";
} else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA512";
} else {
KnownOIDs o = KnownOIDs.findMatch(kdfAlgo_OID.toString());
if (o == null || (!o.stdName().equals("HmacSHA1") &&
!o.stdName().equals("HmacSHA224") &&
!o.stdName().equals("HmacSHA256") &&
!o.stdName().equals("HmacSHA384") &&
!o.stdName().equals("HmacSHA512"))) {
throw new IOException("PBE parameter parsing error: "
+ "expecting the object identifier for a HmacSHA key "
+ "derivation function");
}
kdfAlgo = o.stdName();

if (prf.data.available() != 0) {
// parameter is 'NULL' for all HmacSHA KDFs
DerValue parameter = prf.data.getDerValue();

0 comments on commit f9dc03f

Please sign in to comment.