Skip to content
Permalink
Browse files
8246397: Use KnownOIDs for known OIDs
Reviewed-by: xuelei
  • Loading branch information
wangweij committed Jun 4, 2020
1 parent 2bfc64a commit bcbe46b0b3a623c0f871886c41662eac2f219f08
Showing 10 changed files with 69 additions and 76 deletions.
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -46,6 +46,7 @@
import sun.security.util.Debug;
import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;
import sun.security.util.KnownOIDs;

/**
* The Signature class is used to provide applications the functionality
@@ -548,7 +549,7 @@ private static PublicKey getPublicKeyFromCert(Certificate cert)
Set<String> critSet = c.getCriticalExtensionOIDs();

if (critSet != null && !critSet.isEmpty()
&& critSet.contains("2.5.29.15")) {
&& critSet.contains(KnownOIDs.KeyUsage.value())) {
boolean[] keyUsageInfo = c.getKeyUsage();
// keyUsageInfo[0] is for digitalSignature.
if ((keyUsageInfo != null) && (keyUsageInfo[0] == false))
@@ -35,6 +35,7 @@
import javax.security.auth.x500.X500Principal;

import sun.security.util.IOUtils;
import sun.security.util.KnownOIDs;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.InvalidityDateExtension;

@@ -149,7 +150,7 @@ public X500Principal getAuthorityName() {
* @return the invalidity date, or {@code null} if not specified
*/
public Date getInvalidityDate() {
Extension ext = getExtensions().get("2.5.29.24");
Extension ext = getExtensions().get(KnownOIDs.InvalidityDate.value());
if (ext == null) {
return null;
} else {
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@

import sun.security.util.Debug;
import sun.security.util.DerInputStream;
import sun.security.util.KnownOIDs;
import sun.security.x509.CRLNumberExtension;
import sun.security.x509.X500Name;

@@ -620,7 +621,7 @@ public boolean match(CRL crl) {

if ((minCRL != null) || (maxCRL != null)) {
/* Get CRL number extension from CRL */
byte[] crlNumExtVal = xcrl.getExtensionValue("2.5.29.20");
byte[] crlNumExtVal = xcrl.getExtensionValue(KnownOIDs.CRLNumber.value());
if (crlNumExtVal == null) {
if (debug != null) {
debug.println("X509CRLSelector.match: no CRLNumber");
@@ -117,22 +117,6 @@ public class X509CertSelector implements CertSelector {

private static final Boolean FALSE = Boolean.FALSE;

private static final int PRIVATE_KEY_USAGE_ID = 0;
private static final int SUBJECT_ALT_NAME_ID = 1;
private static final int NAME_CONSTRAINTS_ID = 2;
private static final int CERT_POLICIES_ID = 3;
private static final int EXTENDED_KEY_USAGE_ID = 4;
private static final int NUM_OF_EXTENSIONS = 5;
private static final String[] EXTENSION_OIDS = new String[NUM_OF_EXTENSIONS];

static {
EXTENSION_OIDS[PRIVATE_KEY_USAGE_ID] = "2.5.29.16";
EXTENSION_OIDS[SUBJECT_ALT_NAME_ID] = "2.5.29.17";
EXTENSION_OIDS[NAME_CONSTRAINTS_ID] = "2.5.29.30";
EXTENSION_OIDS[CERT_POLICIES_ID] = "2.5.29.32";
EXTENSION_OIDS[EXTENDED_KEY_USAGE_ID] = "2.5.29.37";
};

/* Constants representing the GeneralName types */
static final int NAME_ANY = 0;
static final int NAME_RFC822 = 1;
@@ -1940,48 +1924,48 @@ private static String keyUsageToString(boolean[] k) {
* object with the extension encoding retrieved from the passed in
* {@code X509Certificate}.
*/
private static Extension getExtensionObject(X509Certificate cert, int extId)
private static Extension getExtensionObject(X509Certificate cert, KnownOIDs extId)
throws IOException {
if (cert instanceof X509CertImpl) {
X509CertImpl impl = (X509CertImpl)cert;
X509CertImpl impl = (X509CertImpl) cert;
switch (extId) {
case PRIVATE_KEY_USAGE_ID:
return impl.getPrivateKeyUsageExtension();
case SUBJECT_ALT_NAME_ID:
return impl.getSubjectAlternativeNameExtension();
case NAME_CONSTRAINTS_ID:
return impl.getNameConstraintsExtension();
case CERT_POLICIES_ID:
return impl.getCertificatePoliciesExtension();
case EXTENDED_KEY_USAGE_ID:
return impl.getExtendedKeyUsageExtension();
default:
return null;
}
}
byte[] rawExtVal = cert.getExtensionValue(EXTENSION_OIDS[extId]);
case PrivateKeyUsage:
return impl.getPrivateKeyUsageExtension();
case SubjectAlternativeName:
return impl.getSubjectAlternativeNameExtension();
case NameConstraints:
return impl.getNameConstraintsExtension();
case CertificatePolicies:
return impl.getCertificatePoliciesExtension();
case extendedKeyUsage:
return impl.getExtendedKeyUsageExtension();
default:
return null;
}
}
byte[] rawExtVal = cert.getExtensionValue(extId.value());
if (rawExtVal == null) {
return null;
}
DerInputStream in = new DerInputStream(rawExtVal);
byte[] encoded = in.getOctetString();
switch (extId) {
case PRIVATE_KEY_USAGE_ID:
try {
return new PrivateKeyUsageExtension(FALSE, encoded);
} catch (CertificateException ex) {
throw new IOException(ex.getMessage());
}
case SUBJECT_ALT_NAME_ID:
return new SubjectAlternativeNameExtension(FALSE, encoded);
case NAME_CONSTRAINTS_ID:
return new NameConstraintsExtension(FALSE, encoded);
case CERT_POLICIES_ID:
return new CertificatePoliciesExtension(FALSE, encoded);
case EXTENDED_KEY_USAGE_ID:
return new ExtendedKeyUsageExtension(FALSE, encoded);
default:
return null;
case PrivateKeyUsage:
try {
return new PrivateKeyUsageExtension(FALSE, encoded);
} catch (CertificateException ex) {
throw new IOException(ex.getMessage());
}
case SubjectAlternativeName:
return new SubjectAlternativeNameExtension(FALSE, encoded);
case NameConstraints:
return new NameConstraintsExtension(FALSE, encoded);
case CertificatePolicies:
return new CertificatePoliciesExtension(FALSE, encoded);
case extendedKeyUsage:
return new ExtendedKeyUsageExtension(FALSE, encoded);
default:
return null;
}
}

@@ -2171,7 +2155,7 @@ private boolean matchPrivateKeyValid(X509Certificate xcert) {
PrivateKeyUsageExtension ext = null;
try {
ext = (PrivateKeyUsageExtension)
getExtensionObject(xcert, PRIVATE_KEY_USAGE_ID);
getExtensionObject(xcert, KnownOIDs.PrivateKeyUsage);
if (ext != null) {
ext.valid(privateKeyValid);
}
@@ -2283,7 +2267,7 @@ private boolean matchExtendedKeyUsage(X509Certificate xcert) {
try {
ExtendedKeyUsageExtension ext =
(ExtendedKeyUsageExtension)getExtensionObject(xcert,
EXTENDED_KEY_USAGE_ID);
KnownOIDs.extendedKeyUsage);
if (ext != null) {
Vector<ObjectIdentifier> certKeyPurposeVector =
ext.get(ExtendedKeyUsageExtension.USAGES);
@@ -2313,8 +2297,8 @@ private boolean matchSubjectAlternativeNames(X509Certificate xcert) {
}
try {
SubjectAlternativeNameExtension sanExt =
(SubjectAlternativeNameExtension) getExtensionObject(xcert,
SUBJECT_ALT_NAME_ID);
(SubjectAlternativeNameExtension) getExtensionObject(
xcert, KnownOIDs.SubjectAlternativeName);
if (sanExt == null) {
if (debug != null) {
debug.println("X509CertSelector.match: "
@@ -2383,7 +2367,7 @@ private boolean matchPolicy(X509Certificate xcert) {
}
try {
CertificatePoliciesExtension ext = (CertificatePoliciesExtension)
getExtensionObject(xcert, CERT_POLICIES_ID);
getExtensionObject(xcert, KnownOIDs.CertificatePolicies);
if (ext == null) {
if (debug != null) {
debug.println("X509CertSelector.match: "
@@ -2448,7 +2432,7 @@ private boolean matchPathToNames(X509Certificate xcert) {
}
try {
NameConstraintsExtension ext = (NameConstraintsExtension)
getExtensionObject(xcert, NAME_CONSTRAINTS_ID);
getExtensionObject(xcert, KnownOIDs.NameConstraints);
if (ext == null) {
return true;
}
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,6 +45,7 @@

import sun.security.util.Debug;
import sun.security.jca.*;
import sun.security.util.KnownOIDs;

/**
* This class provides the functionality of a cryptographic cipher for
@@ -238,9 +239,6 @@ public class Cipher {
// cipher has been initialized.
private int opmode = 0;

// The OID for the KeyUsage extension in an X.509 v3 certificate
private static final String KEY_USAGE_EXTENSION_OID = "2.5.29.15";

// next SPI to try in provider selection
// null once provider is selected
private CipherSpi firstSpi;
@@ -1742,7 +1740,7 @@ public final void init(int opmode, Certificate certificate,
Set<String> critSet = cert.getCriticalExtensionOIDs();

if (critSet != null && !critSet.isEmpty()
&& critSet.contains(KEY_USAGE_EXTENSION_OID)) {
&& critSet.contains(KnownOIDs.KeyUsage.value())) {
boolean[] keyUsageInfo = cert.getKeyUsage();
// keyUsageInfo[2] is for keyEncipherment;
// keyUsageInfo[3] is for dataEncipherment.
@@ -2233,7 +2233,8 @@ private X509Certificate findIssuer(X509Certificate input) {
X500Principal issuerPrinc = input.getIssuerX500Principal();

// AuthorityKeyIdentifier value encoded as an OCTET STRING
byte[] issuerIdExtension = input.getExtensionValue("2.5.29.35");
byte[] issuerIdExtension = input.getExtensionValue(
KnownOIDs.AuthorityKeyID.value());
byte[] issuerId = null;

if (issuerIdExtension != null) {
@@ -2251,7 +2252,8 @@ private X509Certificate findIssuer(X509Certificate input) {
if (cert.getSubjectX500Principal().equals(issuerPrinc)) {
if (issuerId != null) {
// SubjectKeyIdentifier value encoded as an OCTET STRING
byte[] subjectIdExtension = cert.getExtensionValue("2.5.29.14");
byte[] subjectIdExtension = cert.getExtensionValue(
KnownOIDs.SubjectKeyID.value());
byte[] subjectId = null;
if (subjectIdExtension != null) {
try {
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2011, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,7 @@

import sun.security.util.Debug;
import sun.security.util.DerInputStream;
import sun.security.util.KnownOIDs;
import sun.security.x509.SerialNumber;
import sun.security.x509.AuthorityKeyIdentifierExtension;

@@ -212,7 +213,8 @@ private boolean matchSubjectKeyID(X509Certificate xcert) {
return true;
}
try {
byte[] extVal = xcert.getExtensionValue("2.5.29.14");
byte[] extVal = xcert.getExtensionValue(
KnownOIDs.SubjectKeyID.value());
if (extVal == null) {
if (debug != null && Debug.isVerbose()) {
debug.println("AdaptableX509CertSelector.match: "
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,6 @@
package sun.security.provider.certpath;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertPathValidatorException;
@@ -38,6 +37,7 @@
import java.util.*;

import sun.security.util.Debug;
import sun.security.util.KnownOIDs;
import sun.security.x509.CertificatePoliciesExtension;
import sun.security.x509.PolicyConstraintsExtension;
import sun.security.x509.PolicyMappingsExtension;
@@ -72,7 +72,7 @@ class PolicyChecker extends PKIXCertPathChecker {
private Set<String> supportedExts;

private static final Debug debug = Debug.getInstance("certpath");
static final String ANY_POLICY = "2.5.29.32.0";
static final String ANY_POLICY = KnownOIDs.CE_CERT_POLICIES_ANY.value();

/**
* Constructs a Policy Checker.
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@

package sun.security.provider.certpath;

import sun.security.util.KnownOIDs;

import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
@@ -50,7 +52,8 @@ final class PolicyNodeImpl implements PolicyNode {
/**
* Use to specify the special policy "Any Policy"
*/
private static final String ANY_POLICY = "2.5.29.32.0";
private static final String ANY_POLICY
= KnownOIDs.CE_CERT_POLICIES_ANY.value();

// every node has one parent, and zero or more children
private PolicyNodeImpl mParent;
@@ -33,6 +33,7 @@
import java.util.HashMap;
import java.util.function.Function;

import sun.security.util.KnownOIDs;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;

@@ -116,7 +117,7 @@ public String getName() {
try {
BigInteger p = TWO.pow(255).subtract(BigInteger.valueOf(19));
addParameters(255, p, 121665, (byte)0x09, 3,
"1.3.101.110", NamedParameterSpec.X25519.getName(),
KnownOIDs.X25519.value(), NamedParameterSpec.X25519.getName(),
bySize, byOid, byName);

} catch (IOException ex) {
@@ -128,7 +129,7 @@ public String getName() {
BigInteger p = TWO.pow(448).subtract(TWO.pow(224))
.subtract(BigInteger.ONE);
addParameters(448, p, 39081, (byte)0x05, 2,
"1.3.101.111", NamedParameterSpec.X448.getName(),
KnownOIDs.X448.value(), NamedParameterSpec.X448.getName(),
bySize, byOid, byName);

} catch (IOException ex) {

0 comments on commit bcbe46b

Please sign in to comment.