Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/sun/security/pkcs/PKCS9Attribute.java
38830 views
/*1* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.pkcs;2627import java.io.IOException;28import java.io.OutputStream;29import java.security.cert.CertificateException;30import java.util.Locale;31import java.util.Date;32import java.util.Hashtable;33import sun.security.x509.CertificateExtensions;34import sun.security.util.Debug;35import sun.security.util.DerEncoder;36import sun.security.util.DerValue;37import sun.security.util.DerInputStream;38import sun.security.util.DerOutputStream;39import sun.security.util.ObjectIdentifier;40import sun.misc.HexDumpEncoder;4142/**43* Class supporting any PKCS9 attributes.44* Supports DER decoding/encoding and access to attribute values.45*46* <a name="classTable"><h3>Type/Class Table</h3></a>47* The following table shows the correspondence between48* PKCS9 attribute types and value component classes.49* For types not listed here, its name is the OID50* in string form, its value is a (single-valued)51* byte array that is the SET's encoding.52*53* <P>54* <TABLE BORDER CELLPADDING=8 ALIGN=CENTER>55*56* <TR>57* <TH>Object Identifier</TH>58* <TH>Attribute Name</TH>59* <TH>Type</TH>60* <TH>Value Class</TH>61* </TR>62*63* <TR>64* <TD>1.2.840.113549.1.9.1</TD>65* <TD>EmailAddress</TD>66* <TD>Multi-valued</TD>67* <TD><code>String[]</code></TD>68* </TR>69*70* <TR>71* <TD>1.2.840.113549.1.9.2</TD>72* <TD>UnstructuredName</TD>73* <TD>Multi-valued</TD>74* <TD><code>String[]</code></TD>75* </TR>76*77* <TR>78* <TD>1.2.840.113549.1.9.3</TD>79* <TD>ContentType</TD>80* <TD>Single-valued</TD>81* <TD><code>ObjectIdentifier</code></TD>82* </TR>83*84* <TR>85* <TD>1.2.840.113549.1.9.4</TD>86* <TD>MessageDigest</TD>87* <TD>Single-valued</TD>88* <TD><code>byte[]</code></TD>89* </TR>90*91* <TR>92* <TD>1.2.840.113549.1.9.5</TD>93* <TD>SigningTime</TD>94* <TD>Single-valued</TD>95* <TD><code>Date</code></TD>96* </TR>97*98* <TR>99* <TD>1.2.840.113549.1.9.6</TD>100* <TD>Countersignature</TD>101* <TD>Multi-valued</TD>102* <TD><code>SignerInfo[]</code></TD>103* </TR>104*105* <TR>106* <TD>1.2.840.113549.1.9.7</TD>107* <TD>ChallengePassword</TD>108* <TD>Single-valued</TD>109* <TD><code>String</code></TD>110* </TR>111*112* <TR>113* <TD>1.2.840.113549.1.9.8</TD>114* <TD>UnstructuredAddress</TD>115* <TD>Single-valued</TD>116* <TD><code>String</code></TD>117* </TR>118*119* <TR>120* <TD>1.2.840.113549.1.9.9</TD>121* <TD>ExtendedCertificateAttributes</TD>122* <TD>Multi-valued</TD>123* <TD>(not supported)</TD>124* </TR>125*126* <TR>127* <TD>1.2.840.113549.1.9.10</TD>128* <TD>IssuerAndSerialNumber</TD>129* <TD>Single-valued</TD>130* <TD>(not supported)</TD>131* </TR>132*133* <TR>134* <TD>1.2.840.113549.1.9.{11,12}</TD>135* <TD>RSA DSI proprietary</TD>136* <TD>Single-valued</TD>137* <TD>(not supported)</TD>138* </TR>139*140* <TR>141* <TD>1.2.840.113549.1.9.13</TD>142* <TD>S/MIME unused assignment</TD>143* <TD>Single-valued</TD>144* <TD>(not supported)</TD>145* </TR>146*147* <TR>148* <TD>1.2.840.113549.1.9.14</TD>149* <TD>ExtensionRequest</TD>150* <TD>Single-valued</TD>151* <TD>CertificateExtensions</TD>152* </TR>153*154* <TR>155* <TD>1.2.840.113549.1.9.15</TD>156* <TD>SMIMECapability</TD>157* <TD>Single-valued</TD>158* <TD>(not supported)</TD>159* </TR>160*161* <TR>162* <TD>1.2.840.113549.1.9.16.2.12</TD>163* <TD>SigningCertificate</TD>164* <TD>Single-valued</TD>165* <TD>SigningCertificateInfo</TD>166* </TR>167*168* <TR>169* <TD>1.2.840.113549.1.9.16.2.14</TD>170* <TD>SignatureTimestampToken</TD>171* <TD>Single-valued</TD>172* <TD>byte[]</TD>173* </TR>174*175* </TABLE>176*177* @author Douglas Hoover178*/179public class PKCS9Attribute implements DerEncoder {180181/* Are we debugging ? */182private static final Debug debug = Debug.getInstance("jar");183184/**185* Array of attribute OIDs defined in PKCS9, by number.186*/187static final ObjectIdentifier[] PKCS9_OIDS = new ObjectIdentifier[18];188189private final static Class<?> BYTE_ARRAY_CLASS;190191static { // static initializer for PKCS9_OIDS192for (int i = 1; i < PKCS9_OIDS.length - 2; i++) {193PKCS9_OIDS[i] =194ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,i});195}196// Initialize SigningCertificate and SignatureTimestampToken197// separately (because their values are out of sequence)198PKCS9_OIDS[PKCS9_OIDS.length - 2] =199ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,16,2,12});200PKCS9_OIDS[PKCS9_OIDS.length - 1] =201ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,16,2,14});202203try {204BYTE_ARRAY_CLASS = Class.forName("[B");205} catch (ClassNotFoundException e) {206throw new ExceptionInInitializerError(e.toString());207}208}209210// first element [0] not used211public static final ObjectIdentifier EMAIL_ADDRESS_OID = PKCS9_OIDS[1];212public static final ObjectIdentifier UNSTRUCTURED_NAME_OID = PKCS9_OIDS[2];213public static final ObjectIdentifier CONTENT_TYPE_OID = PKCS9_OIDS[3];214public static final ObjectIdentifier MESSAGE_DIGEST_OID = PKCS9_OIDS[4];215public static final ObjectIdentifier SIGNING_TIME_OID = PKCS9_OIDS[5];216public static final ObjectIdentifier COUNTERSIGNATURE_OID = PKCS9_OIDS[6];217public static final ObjectIdentifier CHALLENGE_PASSWORD_OID = PKCS9_OIDS[7];218public static final ObjectIdentifier UNSTRUCTURED_ADDRESS_OID = PKCS9_OIDS[8];219public static final ObjectIdentifier EXTENDED_CERTIFICATE_ATTRIBUTES_OID220= PKCS9_OIDS[9];221public static final ObjectIdentifier ISSUER_SERIALNUMBER_OID = PKCS9_OIDS[10];222// [11], [12] are RSA DSI proprietary223// [13] ==> signingDescription, S/MIME, not used anymore224public static final ObjectIdentifier EXTENSION_REQUEST_OID = PKCS9_OIDS[14];225public static final ObjectIdentifier SMIME_CAPABILITY_OID = PKCS9_OIDS[15];226public static final ObjectIdentifier SIGNING_CERTIFICATE_OID = PKCS9_OIDS[16];227public static final ObjectIdentifier SIGNATURE_TIMESTAMP_TOKEN_OID =228PKCS9_OIDS[17];229public static final String EMAIL_ADDRESS_STR = "EmailAddress";230public static final String UNSTRUCTURED_NAME_STR = "UnstructuredName";231public static final String CONTENT_TYPE_STR = "ContentType";232public static final String MESSAGE_DIGEST_STR = "MessageDigest";233public static final String SIGNING_TIME_STR = "SigningTime";234public static final String COUNTERSIGNATURE_STR = "Countersignature";235public static final String CHALLENGE_PASSWORD_STR = "ChallengePassword";236public static final String UNSTRUCTURED_ADDRESS_STR = "UnstructuredAddress";237public static final String EXTENDED_CERTIFICATE_ATTRIBUTES_STR =238"ExtendedCertificateAttributes";239public static final String ISSUER_SERIALNUMBER_STR = "IssuerAndSerialNumber";240// [11], [12] are RSA DSI proprietary241private static final String RSA_PROPRIETARY_STR = "RSAProprietary";242// [13] ==> signingDescription, S/MIME, not used anymore243private static final String SMIME_SIGNING_DESC_STR = "SMIMESigningDesc";244public static final String EXTENSION_REQUEST_STR = "ExtensionRequest";245public static final String SMIME_CAPABILITY_STR = "SMIMECapability";246public static final String SIGNING_CERTIFICATE_STR = "SigningCertificate";247public static final String SIGNATURE_TIMESTAMP_TOKEN_STR =248"SignatureTimestampToken";249250/**251* Hashtable mapping names and variant names of supported252* attributes to their OIDs. This table contains all name forms253* that occur in PKCS9, in lower case.254*/255private static final Hashtable<String, ObjectIdentifier> NAME_OID_TABLE =256new Hashtable<String, ObjectIdentifier>(18);257258static { // static initializer for PCKS9_NAMES259NAME_OID_TABLE.put("emailaddress", PKCS9_OIDS[1]);260NAME_OID_TABLE.put("unstructuredname", PKCS9_OIDS[2]);261NAME_OID_TABLE.put("contenttype", PKCS9_OIDS[3]);262NAME_OID_TABLE.put("messagedigest", PKCS9_OIDS[4]);263NAME_OID_TABLE.put("signingtime", PKCS9_OIDS[5]);264NAME_OID_TABLE.put("countersignature", PKCS9_OIDS[6]);265NAME_OID_TABLE.put("challengepassword", PKCS9_OIDS[7]);266NAME_OID_TABLE.put("unstructuredaddress", PKCS9_OIDS[8]);267NAME_OID_TABLE.put("extendedcertificateattributes", PKCS9_OIDS[9]);268NAME_OID_TABLE.put("issuerandserialnumber", PKCS9_OIDS[10]);269NAME_OID_TABLE.put("rsaproprietary", PKCS9_OIDS[11]);270NAME_OID_TABLE.put("rsaproprietary", PKCS9_OIDS[12]);271NAME_OID_TABLE.put("signingdescription", PKCS9_OIDS[13]);272NAME_OID_TABLE.put("extensionrequest", PKCS9_OIDS[14]);273NAME_OID_TABLE.put("smimecapability", PKCS9_OIDS[15]);274NAME_OID_TABLE.put("signingcertificate", PKCS9_OIDS[16]);275NAME_OID_TABLE.put("signaturetimestamptoken", PKCS9_OIDS[17]);276};277278/**279* Hashtable mapping attribute OIDs defined in PKCS9 to the280* corresponding attribute value type.281*/282private static final Hashtable<ObjectIdentifier, String> OID_NAME_TABLE =283new Hashtable<ObjectIdentifier, String>(16);284static {285OID_NAME_TABLE.put(PKCS9_OIDS[1], EMAIL_ADDRESS_STR);286OID_NAME_TABLE.put(PKCS9_OIDS[2], UNSTRUCTURED_NAME_STR);287OID_NAME_TABLE.put(PKCS9_OIDS[3], CONTENT_TYPE_STR);288OID_NAME_TABLE.put(PKCS9_OIDS[4], MESSAGE_DIGEST_STR);289OID_NAME_TABLE.put(PKCS9_OIDS[5], SIGNING_TIME_STR);290OID_NAME_TABLE.put(PKCS9_OIDS[6], COUNTERSIGNATURE_STR);291OID_NAME_TABLE.put(PKCS9_OIDS[7], CHALLENGE_PASSWORD_STR);292OID_NAME_TABLE.put(PKCS9_OIDS[8], UNSTRUCTURED_ADDRESS_STR);293OID_NAME_TABLE.put(PKCS9_OIDS[9], EXTENDED_CERTIFICATE_ATTRIBUTES_STR);294OID_NAME_TABLE.put(PKCS9_OIDS[10], ISSUER_SERIALNUMBER_STR);295OID_NAME_TABLE.put(PKCS9_OIDS[11], RSA_PROPRIETARY_STR);296OID_NAME_TABLE.put(PKCS9_OIDS[12], RSA_PROPRIETARY_STR);297OID_NAME_TABLE.put(PKCS9_OIDS[13], SMIME_SIGNING_DESC_STR);298OID_NAME_TABLE.put(PKCS9_OIDS[14], EXTENSION_REQUEST_STR);299OID_NAME_TABLE.put(PKCS9_OIDS[15], SMIME_CAPABILITY_STR);300OID_NAME_TABLE.put(PKCS9_OIDS[16], SIGNING_CERTIFICATE_STR);301OID_NAME_TABLE.put(PKCS9_OIDS[17], SIGNATURE_TIMESTAMP_TOKEN_STR);302}303304/**305* Acceptable ASN.1 tags for DER encodings of values of PKCS9306* attributes, by index in <code>PKCS9_OIDS</code>.307* Sets of acceptable tags are represented as arrays.308*/309private static final Byte[][] PKCS9_VALUE_TAGS = {310null,311{new Byte(DerValue.tag_IA5String)}, // EMailAddress312{new Byte(DerValue.tag_IA5String), // UnstructuredName313new Byte(DerValue.tag_PrintableString)},314{new Byte(DerValue.tag_ObjectId)}, // ContentType315{new Byte(DerValue.tag_OctetString)}, // MessageDigest316{new Byte(DerValue.tag_UtcTime)}, // SigningTime317{new Byte(DerValue.tag_Sequence)}, // Countersignature318{new Byte(DerValue.tag_PrintableString),319new Byte(DerValue.tag_T61String)}, // ChallengePassword320{new Byte(DerValue.tag_PrintableString),321new Byte(DerValue.tag_T61String)}, // UnstructuredAddress322{new Byte(DerValue.tag_SetOf)}, // ExtendedCertificateAttributes323{new Byte(DerValue.tag_Sequence)}, // issuerAndSerialNumber324null,325null,326null,327{new Byte(DerValue.tag_Sequence)}, // extensionRequest328{new Byte(DerValue.tag_Sequence)}, // SMIMECapability329{new Byte(DerValue.tag_Sequence)}, // SigningCertificate330{new Byte(DerValue.tag_Sequence)} // SignatureTimestampToken331};332333private static final Class<?>[] VALUE_CLASSES = new Class<?>[18];334335static {336try {337Class<?> str = Class.forName("[Ljava.lang.String;");338339VALUE_CLASSES[0] = null; // not used340VALUE_CLASSES[1] = str; // EMailAddress341VALUE_CLASSES[2] = str; // UnstructuredName342VALUE_CLASSES[3] = // ContentType343Class.forName("sun.security.util.ObjectIdentifier");344VALUE_CLASSES[4] = BYTE_ARRAY_CLASS; // MessageDigest (byte[])345VALUE_CLASSES[5] = Class.forName("java.util.Date"); // SigningTime346VALUE_CLASSES[6] = // Countersignature347Class.forName("[Lsun.security.pkcs.SignerInfo;");348VALUE_CLASSES[7] = // ChallengePassword349Class.forName("java.lang.String");350VALUE_CLASSES[8] = str; // UnstructuredAddress351VALUE_CLASSES[9] = null; // ExtendedCertificateAttributes352VALUE_CLASSES[10] = null; // IssuerAndSerialNumber353VALUE_CLASSES[11] = null; // not used354VALUE_CLASSES[12] = null; // not used355VALUE_CLASSES[13] = null; // not used356VALUE_CLASSES[14] = // ExtensionRequest357Class.forName("sun.security.x509.CertificateExtensions");358VALUE_CLASSES[15] = null; // not supported yet359VALUE_CLASSES[16] = null; // not supported yet360VALUE_CLASSES[17] = BYTE_ARRAY_CLASS; // SignatureTimestampToken361} catch (ClassNotFoundException e) {362throw new ExceptionInInitializerError(e.toString());363}364}365366/**367* Array indicating which PKCS9 attributes are single-valued,368* by index in <code>PKCS9_OIDS</code>.369*/370private static final boolean[] SINGLE_VALUED = {371false,372false, // EMailAddress373false, // UnstructuredName374true, // ContentType375true, // MessageDigest376true, // SigningTime377false, // Countersignature378true, // ChallengePassword379false, // UnstructuredAddress380false, // ExtendedCertificateAttributes381true, // IssuerAndSerialNumber - not supported yet382false, // not used383false, // not used384false, // not used385true, // ExtensionRequest386true, // SMIMECapability - not supported yet387true, // SigningCertificate388true // SignatureTimestampToken389};390391/**392* The OID of this attribute.393*/394private ObjectIdentifier oid;395396/**397* The index of the OID of this attribute in <code>PKCS9_OIDS</code>,398* or -1 if it's unknown.399*/400private int index;401402/**403* Value set of this attribute. Its class is given by404* <code>VALUE_CLASSES[index]</code>. The SET itself405* as byte[] if unknown.406*/407private Object value;408409/**410* Construct an attribute object from the attribute's OID and411* value. If the attribute is single-valued, provide only one412* value. If the attribute is multi-valued, provide an array413* containing all the values.414* Arrays of length zero are accepted, though probably useless.415*416* <P> The417* <a href=#classTable>table</a> gives the class that <code>value</code>418* must have for a given attribute.419*420* @exception IllegalArgumentException421* if the <code>value</code> has the wrong type.422*/423public PKCS9Attribute(ObjectIdentifier oid, Object value)424throws IllegalArgumentException {425init(oid, value);426}427428/**429* Construct an attribute object from the attribute's name and430* value. If the attribute is single-valued, provide only one431* value. If the attribute is multi-valued, provide an array432* containing all the values.433* Arrays of length zero are accepted, though probably useless.434*435* <P> The436* <a href=#classTable>table</a> gives the class that <code>value</code>437* must have for a given attribute. Reasonable variants of these438* attributes are accepted; in particular, case does not matter.439*440* @exception IllegalArgumentException441* if the <code>name</code> is not recognized or the442* <code>value</code> has the wrong type.443*/444public PKCS9Attribute(String name, Object value)445throws IllegalArgumentException {446ObjectIdentifier oid = getOID(name);447448if (oid == null)449throw new IllegalArgumentException(450"Unrecognized attribute name " + name +451" constructing PKCS9Attribute.");452453init(oid, value);454}455456private void init(ObjectIdentifier oid, Object value)457throws IllegalArgumentException {458459this.oid = oid;460index = indexOf(oid, PKCS9_OIDS, 1);461Class<?> clazz = index == -1 ? BYTE_ARRAY_CLASS: VALUE_CLASSES[index];462if (!clazz.isInstance(value)) {463throw new IllegalArgumentException(464"Wrong value class " +465" for attribute " + oid +466" constructing PKCS9Attribute; was " +467value.getClass().toString() + ", should be " +468clazz.toString());469}470this.value = value;471}472473474/**475* Construct a PKCS9Attribute from its encoding on an input476* stream.477*478* @param val the DerValue representing the DER encoding of the attribute.479* @exception IOException on parsing error.480*/481public PKCS9Attribute(DerValue derVal) throws IOException {482483DerInputStream derIn = new DerInputStream(derVal.toByteArray());484DerValue[] val = derIn.getSequence(2);485486if (derIn.available() != 0)487throw new IOException("Excess data parsing PKCS9Attribute");488489if (val.length != 2)490throw new IOException("PKCS9Attribute doesn't have two components");491492// get the oid493oid = val[0].getOID();494byte[] content = val[1].toByteArray();495DerValue[] elems = new DerInputStream(content).getSet(1);496497index = indexOf(oid, PKCS9_OIDS, 1);498if (index == -1) {499if (debug != null) {500debug.println("Unsupported signer attribute: " + oid);501}502value = content;503return;504}505506// check single valued have only one value507if (SINGLE_VALUED[index] && elems.length > 1)508throwSingleValuedException();509510// check for illegal element tags511Byte tag;512for (int i=0; i < elems.length; i++) {513tag = new Byte(elems[i].tag);514515if (indexOf(tag, PKCS9_VALUE_TAGS[index], 0) == -1)516throwTagException(tag);517}518519switch (index) {520case 1: // email address521case 2: // unstructured name522case 8: // unstructured address523{ // open scope524String[] values = new String[elems.length];525526for (int i=0; i < elems.length; i++)527values[i] = elems[i].getAsString();528value = values;529} // close scope530break;531532case 3: // content type533value = elems[0].getOID();534break;535536case 4: // message digest537value = elems[0].getOctetString();538break;539540case 5: // signing time541value = (new DerInputStream(elems[0].toByteArray())).getUTCTime();542break;543544case 6: // countersignature545{ // open scope546SignerInfo[] values = new SignerInfo[elems.length];547for (int i=0; i < elems.length; i++)548values[i] =549new SignerInfo(elems[i].toDerInputStream());550value = values;551} // close scope552break;553554case 7: // challenge password555value = elems[0].getAsString();556break;557558case 9: // extended-certificate attribute -- not supported559throw new IOException("PKCS9 extended-certificate " +560"attribute not supported.");561// break unnecessary562case 10: // issuerAndserialNumber attribute -- not supported563throw new IOException("PKCS9 IssuerAndSerialNumber" +564"attribute not supported.");565// break unnecessary566case 11: // RSA DSI proprietary567case 12: // RSA DSI proprietary568throw new IOException("PKCS9 RSA DSI attributes" +569"11 and 12, not supported.");570// break unnecessary571case 13: // S/MIME unused attribute572throw new IOException("PKCS9 attribute #13 not supported.");573// break unnecessary574575case 14: // ExtensionRequest576value = new CertificateExtensions(577new DerInputStream(elems[0].toByteArray()));578break;579580case 15: // SMIME-capability attribute -- not supported581throw new IOException("PKCS9 SMIMECapability " +582"attribute not supported.");583// break unnecessary584case 16: // SigningCertificate attribute585value = new SigningCertificateInfo(elems[0].toByteArray());586break;587588case 17: // SignatureTimestampToken attribute589value = elems[0].toByteArray();590break;591default: // can't happen592}593}594595/**596* Write the DER encoding of this attribute to an output stream.597*598* <P> N.B.: This method always encodes values of599* ChallengePassword and UnstructuredAddress attributes as ASN.1600* <code>PrintableString</code>s, without checking whether they601* should be encoded as <code>T61String</code>s.602*/603public void derEncode(OutputStream out) throws IOException {604DerOutputStream temp = new DerOutputStream();605temp.putOID(oid);606switch (index) {607case -1: // Unknown608temp.write((byte[])value);609break;610case 1: // email address611case 2: // unstructured name612{ // open scope613String[] values = (String[]) value;614DerOutputStream[] temps = new615DerOutputStream[values.length];616617for (int i=0; i < values.length; i++) {618temps[i] = new DerOutputStream();619temps[i].putIA5String( values[i]);620}621temp.putOrderedSetOf(DerValue.tag_Set, temps);622} // close scope623break;624625case 3: // content type626{627DerOutputStream temp2 = new DerOutputStream();628temp2.putOID((ObjectIdentifier) value);629temp.write(DerValue.tag_Set, temp2.toByteArray());630}631break;632633case 4: // message digest634{635DerOutputStream temp2 = new DerOutputStream();636temp2.putOctetString((byte[]) value);637temp.write(DerValue.tag_Set, temp2.toByteArray());638}639break;640641case 5: // signing time642{643DerOutputStream temp2 = new DerOutputStream();644temp2.putUTCTime((Date) value);645temp.write(DerValue.tag_Set, temp2.toByteArray());646}647break;648649case 6: // countersignature650temp.putOrderedSetOf(DerValue.tag_Set, (DerEncoder[]) value);651break;652653case 7: // challenge password654{655DerOutputStream temp2 = new DerOutputStream();656temp2.putPrintableString((String) value);657temp.write(DerValue.tag_Set, temp2.toByteArray());658}659break;660661case 8: // unstructured address662{ // open scope663String[] values = (String[]) value;664DerOutputStream[] temps = new665DerOutputStream[values.length];666667for (int i=0; i < values.length; i++) {668temps[i] = new DerOutputStream();669temps[i].putPrintableString(values[i]);670}671temp.putOrderedSetOf(DerValue.tag_Set, temps);672} // close scope673break;674675case 9: // extended-certificate attribute -- not supported676throw new IOException("PKCS9 extended-certificate " +677"attribute not supported.");678// break unnecessary679case 10: // issuerAndserialNumber attribute -- not supported680throw new IOException("PKCS9 IssuerAndSerialNumber" +681"attribute not supported.");682// break unnecessary683case 11: // RSA DSI proprietary684case 12: // RSA DSI proprietary685throw new IOException("PKCS9 RSA DSI attributes" +686"11 and 12, not supported.");687// break unnecessary688case 13: // S/MIME unused attribute689throw new IOException("PKCS9 attribute #13 not supported.");690// break unnecessary691692case 14: // ExtensionRequest693{694DerOutputStream temp2 = new DerOutputStream();695CertificateExtensions exts = (CertificateExtensions)value;696try {697exts.encode(temp2, true);698} catch (CertificateException ex) {699throw new IOException(ex.toString());700}701temp.write(DerValue.tag_Set, temp2.toByteArray());702}703break;704case 15: // SMIMECapability705throw new IOException("PKCS9 attribute #15 not supported.");706// break unnecessary707708case 16: // SigningCertificate709throw new IOException(710"PKCS9 SigningCertificate attribute not supported.");711// break unnecessary712713case 17: // SignatureTimestampToken714temp.write(DerValue.tag_Set, (byte[])value);715break;716717default: // can't happen718}719720DerOutputStream derOut = new DerOutputStream();721derOut.write(DerValue.tag_Sequence, temp.toByteArray());722723out.write(derOut.toByteArray());724725}726727/**728* Returns if the attribute is known. Unknown attributes can be created729* from DER encoding with unknown OIDs.730*/731public boolean isKnown() {732return index != -1;733}734735/**736* Get the value of this attribute. If the attribute is737* single-valued, return just the one value. If the attribute is738* multi-valued, return an array containing all the values.739* It is possible for this array to be of length 0.740*741* <P> The742* <a href=#classTable>table</a> gives the class of the value returned,743* depending on the type of this attribute.744*/745public Object getValue() {746return value;747}748749/**750* Show whether this attribute is single-valued.751*/752public boolean isSingleValued() {753return index == -1 || SINGLE_VALUED[index];754}755756/**757* Return the OID of this attribute.758*/759public ObjectIdentifier getOID() {760return oid;761}762763/**764* Return the name of this attribute.765*/766public String getName() {767return index == -1 ?768oid.toString() :769OID_NAME_TABLE.get(PKCS9_OIDS[index]);770}771772/**773* Return the OID for a given attribute name or null if we don't recognize774* the name.775*/776public static ObjectIdentifier getOID(String name) {777return NAME_OID_TABLE.get(name.toLowerCase(Locale.ENGLISH));778}779780/**781* Return the attribute name for a given OID or null if we don't recognize782* the oid.783*/784public static String getName(ObjectIdentifier oid) {785return OID_NAME_TABLE.get(oid);786}787788/**789* Returns a string representation of this attribute.790*/791public String toString() {792StringBuffer buf = new StringBuffer(100);793794buf.append("[");795796if (index == -1) {797buf.append(oid.toString());798} else {799buf.append(OID_NAME_TABLE.get(PKCS9_OIDS[index]));800}801buf.append(": ");802803if (index == -1 || SINGLE_VALUED[index]) {804if (value instanceof byte[]) { // special case for octet string805HexDumpEncoder hexDump = new HexDumpEncoder();806buf.append(hexDump.encodeBuffer((byte[]) value));807} else {808buf.append(value.toString());809}810buf.append("]");811return buf.toString();812} else { // multi-valued813boolean first = true;814Object[] values = (Object[]) value;815816for (int j=0; j < values.length; j++) {817if (first)818first = false;819else820buf.append(", ");821822buf.append(values[j].toString());823}824return buf.toString();825}826}827828/**829* Beginning the search at <code>start</code>, find the first830* index <code>i</code> such that <code>a[i] = obj</code>.831*832* @return the index, if found, and -1 otherwise.833*/834static int indexOf(Object obj, Object[] a, int start) {835for (int i=start; i < a.length; i++) {836if (obj.equals(a[i])) return i;837}838return -1;839}840841/**842* Throw an exception when there are multiple values for843* a single-valued attribute.844*/845private void throwSingleValuedException() throws IOException {846throw new IOException("Single-value attribute " +847oid + " (" + getName() + ")" +848" has multiple values.");849}850851/**852* Throw an exception when the tag on a value encoding is853* wrong for the attribute whose value it is. This method854* will only be called for known tags.855*/856private void throwTagException(Byte tag)857throws IOException {858Byte[] expectedTags = PKCS9_VALUE_TAGS[index];859StringBuffer msg = new StringBuffer(100);860msg.append("Value of attribute ");861msg.append(oid.toString());862msg.append(" (");863msg.append(getName());864msg.append(") has wrong tag: ");865msg.append(tag.toString());866msg.append(". Expected tags: ");867868msg.append(expectedTags[0].toString());869870for (int i = 1; i < expectedTags.length; i++) {871msg.append(", ");872msg.append(expectedTags[i].toString());873}874msg.append(".");875throw new IOException(msg.toString());876}877}878879880