Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/sun/security/x509/AlgorithmId.java
38831 views
/*1* Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.x509;2627import java.io.*;28import java.security.spec.AlgorithmParameterSpec;29import java.security.spec.InvalidParameterSpecException;30import java.security.spec.MGF1ParameterSpec;31import java.security.spec.PSSParameterSpec;32import java.util.*;33import java.security.*;3435import sun.security.rsa.PSSParameters;36import sun.security.util.*;373839/**40* This class identifies algorithms, such as cryptographic transforms, each41* of which may be associated with parameters. Instances of this base class42* are used when this runtime environment has no special knowledge of the43* algorithm type, and may also be used in other cases. Equivalence is44* defined according to OID and (where relevant) parameters.45*46* <P>Subclasses may be used, for example when when the algorithm ID has47* associated parameters which some code (e.g. code using public keys) needs48* to have parsed. Two examples of such algorithms are Diffie-Hellman key49* exchange, and the Digital Signature Standard Algorithm (DSS/DSA).50*51* <P>The OID constants defined in this class correspond to some widely52* used algorithms, for which conventional string names have been defined.53* This class is not a general repository for OIDs, or for such string names.54* Note that the mappings between algorithm IDs and algorithm names is55* not one-to-one.56*57*58* @author David Brownell59* @author Amit Kapoor60* @author Hemma Prafullchandra61*/62public class AlgorithmId implements Serializable, DerEncoder {6364/** use serialVersionUID from JDK 1.1. for interoperability */65private static final long serialVersionUID = 7205873507486557157L;6667/**68* The object identitifer being used for this algorithm.69*/70private ObjectIdentifier algid;7172// The (parsed) parameters73private AlgorithmParameters algParams;74private boolean constructedFromDer = true;7576/**77* Parameters for this algorithm. These are stored in unparsed78* DER-encoded form; subclasses can be made to automaticaly parse79* them so there is fast access to these parameters.80*/81protected DerValue params;8283private transient byte[] encodedParams;8485/**86* Constructs an algorithm ID which will be initialized87* separately, for example by deserialization.88* @deprecated use one of the other constructors.89*/90@Deprecated91public AlgorithmId() { }9293/**94* Constructs a parameterless algorithm ID.95*96* @param oid the identifier for the algorithm97*/98public AlgorithmId(ObjectIdentifier oid) {99algid = oid;100}101102/**103* Constructs an algorithm ID with algorithm parameters.104*105* @param oid the identifier for the algorithm.106* @param algparams the associated algorithm parameters.107*/108public AlgorithmId(ObjectIdentifier oid, AlgorithmParameters algparams) {109algid = oid;110algParams = algparams;111constructedFromDer = false;112if (algParams != null) {113try {114encodedParams = algParams.getEncoded();115} catch (IOException ioe) {116// It should be safe to ignore this.117// This exception can occur if AlgorithmParameters was not118// initialized (which should not occur), or if it was119// initialized with bogus parameters, which should have120// been detected when init was called.121assert false;122}123}124}125126private AlgorithmId(ObjectIdentifier oid, DerValue params)127throws IOException {128this.algid = oid;129this.params = params;130if (this.params != null) {131encodedParams = params.toByteArray();132decodeParams();133}134}135136protected void decodeParams() throws IOException {137String algidName = getName();138try {139algParams = AlgorithmParameters.getInstance(algidName);140} catch (NoSuchAlgorithmException e) {141/*142* This algorithm parameter type is not supported, so we cannot143* parse the parameters.144*/145algParams = null;146return;147}148149// Decode (parse) the parameters150algParams.init(encodedParams.clone());151}152153/**154* Marshal a DER-encoded "AlgorithmID" sequence on the DER stream.155*/156public final void encode(DerOutputStream out) throws IOException {157derEncode(out);158}159160/**161* DER encode this object onto an output stream.162* Implements the <code>DerEncoder</code> interface.163*164* @param out165* the output stream on which to write the DER encoding.166*167* @exception IOException on encoding error.168*/169@Override170public void derEncode (OutputStream out) throws IOException {171DerOutputStream bytes = new DerOutputStream();172DerOutputStream tmp = new DerOutputStream();173174bytes.putOID(algid);175// Setup params from algParams since no DER encoding is given176if (constructedFromDer == false) {177if (encodedParams != null) {178params = new DerValue(encodedParams);179} else {180params = null;181}182}183if (params == null) {184// Changes backed out for compatibility with Solaris185186// Several AlgorithmId should omit the whole parameter part when187// it's NULL. They are ---188// rfc3370 2.1: Implementations SHOULD generate SHA-1189// AlgorithmIdentifiers with absent parameters.190// rfc3447 C1: When id-sha1, id-sha224, id-sha256, id-sha384 and191// id-sha512 are used in an AlgorithmIdentifier the parameters192// (which are optional) SHOULD be omitted.193// rfc3279 2.3.2: The id-dsa algorithm syntax includes optional194// domain parameters... When omitted, the parameters component195// MUST be omitted entirely196// rfc3370 3.1: When the id-dsa-with-sha1 algorithm identifier197// is used, the AlgorithmIdentifier parameters field MUST be absent.198/*if (199algid.equals((Object)SHA_oid) ||200algid.equals((Object)SHA224_oid) ||201algid.equals((Object)SHA256_oid) ||202algid.equals((Object)SHA384_oid) ||203algid.equals((Object)SHA512_oid) ||204algid.equals((Object)SHA512_224_oid) ||205algid.equals((Object)SHA512_256_oid) ||206algid.equals((Object)DSA_oid) ||207algid.equals((Object)sha1WithDSA_oid)) {208; // no parameter part encoded209} else {210bytes.putNull();211}*/212if (algid.equals(RSASSA_PSS_oid)) {213// RFC 4055 3.3: when an RSASSA-PSS key does not require214// parameter validation, field is absent.215} else {216bytes.putNull();217}218} else {219bytes.putDerValue(params);220}221tmp.write(DerValue.tag_Sequence, bytes);222out.write(tmp.toByteArray());223}224225226/**227* Returns the DER-encoded X.509 AlgorithmId as a byte array.228*/229public final byte[] encode() throws IOException {230DerOutputStream out = new DerOutputStream();231derEncode(out);232return out.toByteArray();233}234235/**236* Returns the ISO OID for this algorithm. This is usually converted237* to a string and used as part of an algorithm name, for example238* "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code>239* call when you do not need to ensure cross-system portability240* of algorithm names, or need a user friendly name.241*/242public final ObjectIdentifier getOID () {243return algid;244}245246/**247* Returns a name for the algorithm which may be more intelligible248* to humans than the algorithm's OID, but which won't necessarily249* be comprehensible on other systems. For example, this might250* return a name such as "MD5withRSA" for a signature algorithm on251* some systems. It also returns names like "OID.1.2.3.4", when252* no particular name for the algorithm is known.253*254* Note: for ecdsa-with-SHA2 plus hash algorithm (Ex: SHA-256), this method255* returns the "full" signature algorithm (Ex: SHA256withECDSA) directly.256*/257public String getName() {258String algName = nameTable.get(algid);259if (algName != null) {260return algName;261}262if ((params != null) && algid.equals((Object)specifiedWithECDSA_oid)) {263try {264AlgorithmId paramsId =265AlgorithmId.parse(new DerValue(encodedParams));266String paramsName = paramsId.getName();267algName = makeSigAlg(paramsName, "EC");268} catch (IOException e) {269// ignore270}271}272return (algName == null) ? algid.toString() : algName;273}274275public AlgorithmParameters getParameters() {276return algParams;277}278279/**280* Returns the DER encoded parameter, which can then be281* used to initialize java.security.AlgorithmParameters.282*283* Note that this* method should always return a new array as it is called284* directly by the JDK implementation of X509Certificate.getSigAlgParams()285* and X509CRL.getSigAlgParams().286*287* Note: for ecdsa-with-SHA2 plus hash algorithm (Ex: SHA-256), this method288* returns null because {@link #getName()} has already returned the "full"289* signature algorithm (Ex: SHA256withECDSA).290*291* @return DER encoded parameters, or null not present.292*/293public byte[] getEncodedParams() throws IOException {294return (encodedParams == null || algid.equals(specifiedWithECDSA_oid))295? null296: encodedParams.clone();297}298299/**300* Returns true iff the argument indicates the same algorithm301* with the same parameters.302*/303public boolean equals(AlgorithmId other) {304return algid.equals((Object)other.algid) &&305Arrays.equals(encodedParams, other.encodedParams);306}307308/**309* Compares this AlgorithmID to another. If algorithm parameters are310* available, they are compared. Otherwise, just the object IDs311* for the algorithm are compared.312*313* @param other preferably an AlgorithmId, else an ObjectIdentifier314*/315@Override316public boolean equals(Object other) {317if (this == other) {318return true;319}320if (other instanceof AlgorithmId) {321return equals((AlgorithmId) other);322} else if (other instanceof ObjectIdentifier) {323return equals((ObjectIdentifier) other);324} else {325return false;326}327}328329/**330* Compares two algorithm IDs for equality. Returns true iff331* they are the same algorithm, ignoring algorithm parameters.332*/333public final boolean equals(ObjectIdentifier id) {334return algid.equals((Object)id);335}336337/**338* Returns a hashcode for this AlgorithmId.339*340* @return a hashcode for this AlgorithmId.341*/342@Override343public int hashCode() {344int hashCode = algid.hashCode();345hashCode = 31 * hashCode + Arrays.hashCode(encodedParams);346return hashCode;347}348349/**350* Provides a human-readable description of the algorithm parameters.351* This may be redefined by subclasses which parse those parameters.352*/353protected String paramsToString() {354if (encodedParams == null) {355return "";356} else if (algParams != null) {357return ", " + algParams.toString();358} else {359return ", params unparsed";360}361}362363/**364* Returns a string describing the algorithm and its parameters.365*/366@Override367public String toString() {368return getName() + paramsToString();369}370371/**372* Parse (unmarshal) an ID from a DER sequence input value. This form373* parsing might be used when expanding a value which has already been374* partially unmarshaled as a set or sequence member.375*376* @exception IOException on error.377* @param val the input value, which contains the algid and, if378* there are any parameters, those parameters.379* @return an ID for the algorithm. If the system is configured380* appropriately, this may be an instance of a class381* with some kind of special support for this algorithm.382* In that case, you may "narrow" the type of the ID.383*/384public static AlgorithmId parse(DerValue val) throws IOException {385if (val.tag != DerValue.tag_Sequence) {386throw new IOException("algid parse error, not a sequence");387}388389/*390* Get the algorithm ID and any parameters.391*/392ObjectIdentifier algid;393DerValue params;394DerInputStream in = val.toDerInputStream();395396algid = in.getOID();397if (in.available() == 0) {398params = null;399} else {400params = in.getDerValue();401if (params.tag == DerValue.tag_Null) {402if (params.length() != 0) {403throw new IOException("invalid NULL");404}405params = null;406}407if (in.available() != 0) {408throw new IOException("Invalid AlgorithmIdentifier: extra data");409}410}411412return new AlgorithmId(algid, params);413}414415/**416* Returns one of the algorithm IDs most commonly associated417* with this algorithm name.418*419* @param algname the name being used420* @deprecated use the short get form of this method.421* @exception NoSuchAlgorithmException on error.422*/423@Deprecated424public static AlgorithmId getAlgorithmId(String algname)425throws NoSuchAlgorithmException {426return get(algname);427}428429/**430* Returns one of the algorithm IDs most commonly associated431* with this algorithm name.432*433* @param algname the name being used434* @exception NoSuchAlgorithmException on error.435*/436public static AlgorithmId get(String algname)437throws NoSuchAlgorithmException {438ObjectIdentifier oid;439try {440oid = algOID(algname);441} catch (IOException ioe) {442throw new NoSuchAlgorithmException443("Invalid ObjectIdentifier " + algname);444}445446if (oid == null) {447throw new NoSuchAlgorithmException448("unrecognized algorithm name: " + algname);449}450return new AlgorithmId(oid);451}452453/**454* Returns one of the algorithm IDs most commonly associated455* with this algorithm parameters.456*457* @param algparams the associated algorithm parameters.458* @exception NoSuchAlgorithmException on error.459*/460public static AlgorithmId get(AlgorithmParameters algparams)461throws NoSuchAlgorithmException {462ObjectIdentifier oid;463String algname = algparams.getAlgorithm();464try {465oid = algOID(algname);466} catch (IOException ioe) {467throw new NoSuchAlgorithmException468("Invalid ObjectIdentifier " + algname);469}470if (oid == null) {471throw new NoSuchAlgorithmException472("unrecognized algorithm name: " + algname);473}474return new AlgorithmId(oid, algparams);475}476477/*478* Translates from some common algorithm names to the479* OID with which they're usually associated ... this mapping480* is the reverse of the one below, except in those cases481* where synonyms are supported or where a given algorithm482* is commonly associated with multiple OIDs.483*484* XXX This method needs to be enhanced so that we can also pass the485* scope of the algorithm name to it, e.g., the algorithm name "DSA"486* may have a different OID when used as a "Signature" algorithm than when487* used as a "KeyPairGenerator" algorithm.488*/489private static ObjectIdentifier algOID(String name) throws IOException {490// See if algname is in printable OID ("dot-dot") notation491if (name.indexOf('.') != -1) {492if (name.startsWith("OID.")) {493return new ObjectIdentifier(name.substring("OID.".length()));494} else {495return new ObjectIdentifier(name);496}497}498499// Digesting algorithms500if (name.equalsIgnoreCase("MD5")) {501return AlgorithmId.MD5_oid;502}503if (name.equalsIgnoreCase("MD2")) {504return AlgorithmId.MD2_oid;505}506if (name.equalsIgnoreCase("SHA") || name.equalsIgnoreCase("SHA1")507|| name.equalsIgnoreCase("SHA-1")) {508return AlgorithmId.SHA_oid;509}510if (name.equalsIgnoreCase("SHA-256") ||511name.equalsIgnoreCase("SHA256")) {512return AlgorithmId.SHA256_oid;513}514if (name.equalsIgnoreCase("SHA-384") ||515name.equalsIgnoreCase("SHA384")) {516return AlgorithmId.SHA384_oid;517}518if (name.equalsIgnoreCase("SHA-512") ||519name.equalsIgnoreCase("SHA512")) {520return AlgorithmId.SHA512_oid;521}522if (name.equalsIgnoreCase("SHA-224") ||523name.equalsIgnoreCase("SHA224")) {524return AlgorithmId.SHA224_oid;525}526if (name.equalsIgnoreCase("SHA-512/224") ||527name.equalsIgnoreCase("SHA512/224")) {528return AlgorithmId.SHA512_224_oid;529}530if (name.equalsIgnoreCase("SHA-512/256") ||531name.equalsIgnoreCase("SHA512/256")) {532return AlgorithmId.SHA512_256_oid;533}534// Various public key algorithms535if (name.equalsIgnoreCase("RSA")) {536return AlgorithmId.RSAEncryption_oid;537}538if (name.equalsIgnoreCase("RSASSA-PSS")) {539return AlgorithmId.RSASSA_PSS_oid;540}541if (name.equalsIgnoreCase("RSAES-OAEP")) {542return AlgorithmId.RSAES_OAEP_oid;543}544if (name.equalsIgnoreCase("Diffie-Hellman")545|| name.equalsIgnoreCase("DH")) {546return AlgorithmId.DH_oid;547}548if (name.equalsIgnoreCase("DSA")) {549return AlgorithmId.DSA_oid;550}551if (name.equalsIgnoreCase("EC")) {552return EC_oid;553}554if (name.equalsIgnoreCase("ECDH")) {555return AlgorithmId.ECDH_oid;556}557558// Secret key algorithms559if (name.equalsIgnoreCase("AES")) {560return AlgorithmId.AES_oid;561}562563// Common signature types564if (name.equalsIgnoreCase("MD5withRSA")565|| name.equalsIgnoreCase("MD5/RSA")) {566return AlgorithmId.md5WithRSAEncryption_oid;567}568if (name.equalsIgnoreCase("MD2withRSA")569|| name.equalsIgnoreCase("MD2/RSA")) {570return AlgorithmId.md2WithRSAEncryption_oid;571}572if (name.equalsIgnoreCase("SHAwithDSA")573|| name.equalsIgnoreCase("SHA1withDSA")574|| name.equalsIgnoreCase("SHA/DSA")575|| name.equalsIgnoreCase("SHA1/DSA")576|| name.equalsIgnoreCase("DSAWithSHA1")577|| name.equalsIgnoreCase("DSS")578|| name.equalsIgnoreCase("SHA-1/DSA")) {579return AlgorithmId.sha1WithDSA_oid;580}581if (name.equalsIgnoreCase("SHA224WithDSA")) {582return AlgorithmId.sha224WithDSA_oid;583}584if (name.equalsIgnoreCase("SHA256WithDSA")) {585return AlgorithmId.sha256WithDSA_oid;586}587if (name.equalsIgnoreCase("SHA1WithRSA")588|| name.equalsIgnoreCase("SHA1/RSA")) {589return AlgorithmId.sha1WithRSAEncryption_oid;590}591if (name.equalsIgnoreCase("SHA1withECDSA")592|| name.equalsIgnoreCase("ECDSA")) {593return AlgorithmId.sha1WithECDSA_oid;594}595if (name.equalsIgnoreCase("SHA224withECDSA")) {596return AlgorithmId.sha224WithECDSA_oid;597}598if (name.equalsIgnoreCase("SHA256withECDSA")) {599return AlgorithmId.sha256WithECDSA_oid;600}601if (name.equalsIgnoreCase("SHA384withECDSA")) {602return AlgorithmId.sha384WithECDSA_oid;603}604if (name.equalsIgnoreCase("SHA512withECDSA")) {605return AlgorithmId.sha512WithECDSA_oid;606}607608// See if any of the installed providers supply a mapping from609// the given algorithm name to an OID string610String oidString;611if (!initOidTable) {612Provider[] provs = Security.getProviders();613for (int i=0; i<provs.length; i++) {614for (Enumeration<Object> enum_ = provs[i].keys();615enum_.hasMoreElements(); ) {616String alias = (String)enum_.nextElement();617String upperCaseAlias = alias.toUpperCase(Locale.ENGLISH);618int index;619if (upperCaseAlias.startsWith("ALG.ALIAS") &&620(index=upperCaseAlias.indexOf("OID.", 0)) != -1) {621index += "OID.".length();622if (index == alias.length()) {623// invalid alias entry624break;625}626if (oidTable == null) {627oidTable = new HashMap<String,ObjectIdentifier>();628}629oidString = alias.substring(index);630String stdAlgName = provs[i].getProperty(alias);631if (stdAlgName != null) {632stdAlgName = stdAlgName.toUpperCase(Locale.ENGLISH);633}634if (stdAlgName != null &&635oidTable.get(stdAlgName) == null) {636oidTable.put(stdAlgName,637new ObjectIdentifier(oidString));638}639}640}641}642643if (oidTable == null) {644oidTable = Collections.<String,ObjectIdentifier>emptyMap();645}646initOidTable = true;647}648649return oidTable.get(name.toUpperCase(Locale.ENGLISH));650}651652private static ObjectIdentifier oid(int ... values) {653return ObjectIdentifier.newInternal(values);654}655656private static boolean initOidTable = false;657private static Map<String,ObjectIdentifier> oidTable;658private static final Map<ObjectIdentifier,String> nameTable;659660/*****************************************************************/661662/*663* HASHING ALGORITHMS664*/665666/**667* Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319.668* OID = 1.2.840.113549.2.2669*/670public static final ObjectIdentifier MD2_oid =671ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 2});672673/**674* Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321.675* OID = 1.2.840.113549.2.5676*/677public static final ObjectIdentifier MD5_oid =678ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 5});679680/**681* Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1.682* This is sometimes called "SHA", though that is often confusing since683* many people refer to FIPS 180 (which has an error) as defining SHA.684* OID = 1.3.14.3.2.26. Old SHA-0 OID: 1.3.14.3.2.18.685*/686public static final ObjectIdentifier SHA_oid =687ObjectIdentifier.newInternal(new int[] {1, 3, 14, 3, 2, 26});688689public static final ObjectIdentifier SHA224_oid =690ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 4});691692public static final ObjectIdentifier SHA256_oid =693ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 1});694695public static final ObjectIdentifier SHA384_oid =696ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 2});697698public static final ObjectIdentifier SHA512_oid =699ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 3});700701public static final ObjectIdentifier SHA512_224_oid =702ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 5});703704public static final ObjectIdentifier SHA512_256_oid =705ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 6});706707/*708* COMMON PUBLIC KEY TYPES709*/710private static final int DH_data[] = { 1, 2, 840, 113549, 1, 3, 1 };711private static final int DH_PKIX_data[] = { 1, 2, 840, 10046, 2, 1 };712private static final int DSA_OIW_data[] = { 1, 3, 14, 3, 2, 12 };713private static final int DSA_PKIX_data[] = { 1, 2, 840, 10040, 4, 1 };714private static final int RSA_data[] = { 2, 5, 8, 1, 1 };715716public static final ObjectIdentifier DH_oid;717public static final ObjectIdentifier DH_PKIX_oid;718public static final ObjectIdentifier DSA_oid;719public static final ObjectIdentifier DSA_OIW_oid;720public static final ObjectIdentifier EC_oid = oid(1, 2, 840, 10045, 2, 1);721public static final ObjectIdentifier ECDH_oid = oid(1, 3, 132, 1, 12);722public static final ObjectIdentifier RSA_oid;723public static final ObjectIdentifier RSAEncryption_oid =724oid(1, 2, 840, 113549, 1, 1, 1);725public static final ObjectIdentifier RSAES_OAEP_oid =726oid(1, 2, 840, 113549, 1, 1, 7);727public static final ObjectIdentifier mgf1_oid =728oid(1, 2, 840, 113549, 1, 1, 8);729public static final ObjectIdentifier RSASSA_PSS_oid =730oid(1, 2, 840, 113549, 1, 1, 10);731732/*733* COMMON SECRET KEY TYPES734*/735public static final ObjectIdentifier AES_oid =736oid(2, 16, 840, 1, 101, 3, 4, 1);737738/*739* COMMON SIGNATURE ALGORITHMS740*/741private static final int md2WithRSAEncryption_data[] =742{ 1, 2, 840, 113549, 1, 1, 2 };743private static final int md5WithRSAEncryption_data[] =744{ 1, 2, 840, 113549, 1, 1, 4 };745private static final int sha1WithRSAEncryption_data[] =746{ 1, 2, 840, 113549, 1, 1, 5 };747private static final int sha1WithRSAEncryption_OIW_data[] =748{ 1, 3, 14, 3, 2, 29 };749private static final int sha224WithRSAEncryption_data[] =750{ 1, 2, 840, 113549, 1, 1, 14 };751private static final int sha256WithRSAEncryption_data[] =752{ 1, 2, 840, 113549, 1, 1, 11 };753private static final int sha384WithRSAEncryption_data[] =754{ 1, 2, 840, 113549, 1, 1, 12 };755private static final int sha512WithRSAEncryption_data[] =756{ 1, 2, 840, 113549, 1, 1, 13 };757758private static final int shaWithDSA_OIW_data[] =759{ 1, 3, 14, 3, 2, 13 };760private static final int sha1WithDSA_OIW_data[] =761{ 1, 3, 14, 3, 2, 27 };762private static final int dsaWithSHA1_PKIX_data[] =763{ 1, 2, 840, 10040, 4, 3 };764765public static final ObjectIdentifier md2WithRSAEncryption_oid;766public static final ObjectIdentifier md5WithRSAEncryption_oid;767public static final ObjectIdentifier sha1WithRSAEncryption_oid;768public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid;769public static final ObjectIdentifier sha224WithRSAEncryption_oid;770public static final ObjectIdentifier sha256WithRSAEncryption_oid;771public static final ObjectIdentifier sha384WithRSAEncryption_oid;772public static final ObjectIdentifier sha512WithRSAEncryption_oid;773public static final ObjectIdentifier sha512_224WithRSAEncryption_oid =774oid(1, 2, 840, 113549, 1, 1, 15);775public static final ObjectIdentifier sha512_256WithRSAEncryption_oid =776oid(1, 2, 840, 113549, 1, 1, 16);;777778public static final ObjectIdentifier shaWithDSA_OIW_oid;779public static final ObjectIdentifier sha1WithDSA_OIW_oid;780public static final ObjectIdentifier sha1WithDSA_oid;781public static final ObjectIdentifier sha224WithDSA_oid =782oid(2, 16, 840, 1, 101, 3, 4, 3, 1);783public static final ObjectIdentifier sha256WithDSA_oid =784oid(2, 16, 840, 1, 101, 3, 4, 3, 2);785786public static final ObjectIdentifier sha1WithECDSA_oid =787oid(1, 2, 840, 10045, 4, 1);788public static final ObjectIdentifier sha224WithECDSA_oid =789oid(1, 2, 840, 10045, 4, 3, 1);790public static final ObjectIdentifier sha256WithECDSA_oid =791oid(1, 2, 840, 10045, 4, 3, 2);792public static final ObjectIdentifier sha384WithECDSA_oid =793oid(1, 2, 840, 10045, 4, 3, 3);794public static final ObjectIdentifier sha512WithECDSA_oid =795oid(1, 2, 840, 10045, 4, 3, 4);796public static final ObjectIdentifier specifiedWithECDSA_oid =797oid(1, 2, 840, 10045, 4, 3);798799/**800* Algorithm ID for the PBE encryption algorithms from PKCS#5 and801* PKCS#12.802*/803public static final ObjectIdentifier pbeWithMD5AndDES_oid =804ObjectIdentifier.newInternal(new int[]{1, 2, 840, 113549, 1, 5, 3});805public static final ObjectIdentifier pbeWithMD5AndRC2_oid =806ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 6});807public static final ObjectIdentifier pbeWithSHA1AndDES_oid =808ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 10});809public static final ObjectIdentifier pbeWithSHA1AndRC2_oid =810ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 11});811public static ObjectIdentifier pbeWithSHA1AndDESede_oid =812ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 3});813public static ObjectIdentifier pbeWithSHA1AndRC2_40_oid =814ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 6});815816static {817/*818* Note the preferred OIDs are named simply with no "OIW" or819* "PKIX" in them, even though they may point to data from these820* specs; e.g. SHA_oid, DH_oid, DSA_oid, SHA1WithDSA_oid...821*/822/**823* Algorithm ID for Diffie Hellman Key agreement, from PKCS #3.824* Parameters include public values P and G, and may optionally specify825* the length of the private key X. Alternatively, algorithm parameters826* may be derived from another source such as a Certificate Authority's827* certificate.828* OID = 1.2.840.113549.1.3.1829*/830DH_oid = ObjectIdentifier.newInternal(DH_data);831832/**833* Algorithm ID for the Diffie Hellman Key Agreement (DH), from RFC 3279.834* Parameters may include public values P and G.835* OID = 1.2.840.10046.2.1836*/837DH_PKIX_oid = ObjectIdentifier.newInternal(DH_PKIX_data);838839/**840* Algorithm ID for the Digital Signing Algorithm (DSA), from the841* NIST OIW Stable Agreements part 12.842* Parameters may include public values P, Q, and G; or these may be843* derived from844* another source such as a Certificate Authority's certificate.845* OID = 1.3.14.3.2.12846*/847DSA_OIW_oid = ObjectIdentifier.newInternal(DSA_OIW_data);848849/**850* Algorithm ID for the Digital Signing Algorithm (DSA), from RFC 3279.851* Parameters may include public values P, Q, and G; or these may be852* derived from another source such as a Certificate Authority's853* certificate.854* OID = 1.2.840.10040.4.1855*/856DSA_oid = ObjectIdentifier.newInternal(DSA_PKIX_data);857858/**859* Algorithm ID for RSA keys used for any purpose, as defined in X.509.860* The algorithm parameter is a single value, the number of bits in the861* public modulus.862* OID = 2.5.8.1.1863*/864RSA_oid = ObjectIdentifier.newInternal(RSA_data);865866/**867* Identifies a signing algorithm where an MD2 digest is encrypted868* using an RSA private key; defined in PKCS #1. Use of this869* signing algorithm is discouraged due to MD2 vulnerabilities.870* OID = 1.2.840.113549.1.1.2871*/872md2WithRSAEncryption_oid =873ObjectIdentifier.newInternal(md2WithRSAEncryption_data);874875/**876* Identifies a signing algorithm where an MD5 digest is877* encrypted using an RSA private key; defined in PKCS #1.878* OID = 1.2.840.113549.1.1.4879*/880md5WithRSAEncryption_oid =881ObjectIdentifier.newInternal(md5WithRSAEncryption_data);882883/**884* Identifies a signing algorithm where a SHA1 digest is885* encrypted using an RSA private key; defined by RSA DSI.886* OID = 1.2.840.113549.1.1.5887*/888sha1WithRSAEncryption_oid =889ObjectIdentifier.newInternal(sha1WithRSAEncryption_data);890891/**892* Identifies a signing algorithm where a SHA1 digest is893* encrypted using an RSA private key; defined in NIST OIW.894* OID = 1.3.14.3.2.29895*/896sha1WithRSAEncryption_OIW_oid =897ObjectIdentifier.newInternal(sha1WithRSAEncryption_OIW_data);898899/**900* Identifies a signing algorithm where a SHA224 digest is901* encrypted using an RSA private key; defined by PKCS #1.902* OID = 1.2.840.113549.1.1.14903*/904sha224WithRSAEncryption_oid =905ObjectIdentifier.newInternal(sha224WithRSAEncryption_data);906907/**908* Identifies a signing algorithm where a SHA256 digest is909* encrypted using an RSA private key; defined by PKCS #1.910* OID = 1.2.840.113549.1.1.11911*/912sha256WithRSAEncryption_oid =913ObjectIdentifier.newInternal(sha256WithRSAEncryption_data);914915/**916* Identifies a signing algorithm where a SHA384 digest is917* encrypted using an RSA private key; defined by PKCS #1.918* OID = 1.2.840.113549.1.1.12919*/920sha384WithRSAEncryption_oid =921ObjectIdentifier.newInternal(sha384WithRSAEncryption_data);922923/**924* Identifies a signing algorithm where a SHA512 digest is925* encrypted using an RSA private key; defined by PKCS #1.926* OID = 1.2.840.113549.1.1.13927*/928sha512WithRSAEncryption_oid =929ObjectIdentifier.newInternal(sha512WithRSAEncryption_data);930931/**932* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a933* SHA digest is signed using the Digital Signing Algorithm (DSA).934* This should not be used.935* OID = 1.3.14.3.2.13936*/937shaWithDSA_OIW_oid = ObjectIdentifier.newInternal(shaWithDSA_OIW_data);938939/**940* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a941* SHA1 digest is signed using the Digital Signing Algorithm (DSA).942* OID = 1.3.14.3.2.27943*/944sha1WithDSA_OIW_oid = ObjectIdentifier.newInternal(sha1WithDSA_OIW_data);945946/**947* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a948* SHA1 digest is signed using the Digital Signing Algorithm (DSA).949* OID = 1.2.840.10040.4.3950*/951sha1WithDSA_oid = ObjectIdentifier.newInternal(dsaWithSHA1_PKIX_data);952953nameTable = new HashMap<ObjectIdentifier,String>();954nameTable.put(MD5_oid, "MD5");955nameTable.put(MD2_oid, "MD2");956nameTable.put(SHA_oid, "SHA-1");957nameTable.put(SHA224_oid, "SHA-224");958nameTable.put(SHA256_oid, "SHA-256");959nameTable.put(SHA384_oid, "SHA-384");960nameTable.put(SHA512_oid, "SHA-512");961nameTable.put(SHA512_224_oid, "SHA-512/224");962nameTable.put(SHA512_256_oid, "SHA-512/256");963nameTable.put(RSAEncryption_oid, "RSA");964nameTable.put(RSA_oid, "RSA");965nameTable.put(DH_oid, "Diffie-Hellman");966nameTable.put(DH_PKIX_oid, "Diffie-Hellman");967nameTable.put(DSA_oid, "DSA");968nameTable.put(DSA_OIW_oid, "DSA");969nameTable.put(EC_oid, "EC");970nameTable.put(ECDH_oid, "ECDH");971972nameTable.put(AES_oid, "AES");973974nameTable.put(sha1WithECDSA_oid, "SHA1withECDSA");975nameTable.put(sha224WithECDSA_oid, "SHA224withECDSA");976nameTable.put(sha256WithECDSA_oid, "SHA256withECDSA");977nameTable.put(sha384WithECDSA_oid, "SHA384withECDSA");978nameTable.put(sha512WithECDSA_oid, "SHA512withECDSA");979nameTable.put(md5WithRSAEncryption_oid, "MD5withRSA");980nameTable.put(md2WithRSAEncryption_oid, "MD2withRSA");981nameTable.put(sha1WithDSA_oid, "SHA1withDSA");982nameTable.put(sha1WithDSA_OIW_oid, "SHA1withDSA");983nameTable.put(shaWithDSA_OIW_oid, "SHA1withDSA");984nameTable.put(sha224WithDSA_oid, "SHA224withDSA");985nameTable.put(sha256WithDSA_oid, "SHA256withDSA");986nameTable.put(sha1WithRSAEncryption_oid, "SHA1withRSA");987nameTable.put(sha1WithRSAEncryption_OIW_oid, "SHA1withRSA");988nameTable.put(sha224WithRSAEncryption_oid, "SHA224withRSA");989nameTable.put(sha256WithRSAEncryption_oid, "SHA256withRSA");990nameTable.put(sha384WithRSAEncryption_oid, "SHA384withRSA");991nameTable.put(sha512WithRSAEncryption_oid, "SHA512withRSA");992nameTable.put(sha512_224WithRSAEncryption_oid, "SHA512/224withRSA");993nameTable.put(sha512_256WithRSAEncryption_oid, "SHA512/256withRSA");994nameTable.put(RSASSA_PSS_oid, "RSASSA-PSS");995nameTable.put(RSAES_OAEP_oid, "RSAES-OAEP");996997nameTable.put(pbeWithMD5AndDES_oid, "PBEWithMD5AndDES");998nameTable.put(pbeWithMD5AndRC2_oid, "PBEWithMD5AndRC2");999nameTable.put(pbeWithSHA1AndDES_oid, "PBEWithSHA1AndDES");1000nameTable.put(pbeWithSHA1AndRC2_oid, "PBEWithSHA1AndRC2");1001nameTable.put(pbeWithSHA1AndDESede_oid, "PBEWithSHA1AndDESede");1002nameTable.put(pbeWithSHA1AndRC2_40_oid, "PBEWithSHA1AndRC2_40");1003}10041005/**1006* Creates a signature algorithm name from a digest algorithm1007* name and a encryption algorithm name.1008*/1009public static String makeSigAlg(String digAlg, String encAlg) {1010digAlg = digAlg.replace("-", "");1011if (encAlg.equalsIgnoreCase("EC")) encAlg = "ECDSA";10121013return digAlg + "with" + encAlg;1014}10151016/**1017* Extracts the encryption algorithm name from a signature1018* algorithm name.1019*/1020public static String getEncAlgFromSigAlg(String signatureAlgorithm) {1021signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH);1022int with = signatureAlgorithm.indexOf("WITH");1023String keyAlgorithm = null;1024if (with > 0) {1025int and = signatureAlgorithm.indexOf("AND", with + 4);1026if (and > 0) {1027keyAlgorithm = signatureAlgorithm.substring(with + 4, and);1028} else {1029keyAlgorithm = signatureAlgorithm.substring(with + 4);1030}1031if (keyAlgorithm.equalsIgnoreCase("ECDSA")) {1032keyAlgorithm = "EC";1033}1034}1035return keyAlgorithm;1036}10371038/**1039* Extracts the digest algorithm name from a signature1040* algorithm name.1041*/1042public static String getDigAlgFromSigAlg(String signatureAlgorithm) {1043signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH);1044int with = signatureAlgorithm.indexOf("WITH");1045if (with > 0) {1046return signatureAlgorithm.substring(0, with);1047}1048return null;1049}10501051// Most commonly used PSSParameterSpec and AlgorithmId1052private static class PSSParamsHolder {10531054final static PSSParameterSpec PSS_256_SPEC = new PSSParameterSpec(1055"SHA-256", "MGF1",1056new MGF1ParameterSpec("SHA-256"),105732, PSSParameterSpec.TRAILER_FIELD_BC);1058final static PSSParameterSpec PSS_384_SPEC = new PSSParameterSpec(1059"SHA-384", "MGF1",1060new MGF1ParameterSpec("SHA-384"),106148, PSSParameterSpec.TRAILER_FIELD_BC);1062final static PSSParameterSpec PSS_512_SPEC = new PSSParameterSpec(1063"SHA-512", "MGF1",1064new MGF1ParameterSpec("SHA-512"),106564, PSSParameterSpec.TRAILER_FIELD_BC);10661067final static AlgorithmId PSS_256_ID;1068final static AlgorithmId PSS_384_ID;1069final static AlgorithmId PSS_512_ID;10701071static {1072try {1073PSS_256_ID = new AlgorithmId(RSASSA_PSS_oid,1074new DerValue(PSSParameters.getEncoded(PSS_256_SPEC)));1075PSS_384_ID = new AlgorithmId(RSASSA_PSS_oid,1076new DerValue(PSSParameters.getEncoded(PSS_384_SPEC)));1077PSS_512_ID = new AlgorithmId(RSASSA_PSS_oid,1078new DerValue(PSSParameters.getEncoded(PSS_512_SPEC)));1079} catch (IOException e) {1080throw new AssertionError("Should not happen", e);1081}1082}1083}10841085public static AlgorithmId getWithParameterSpec(String algName,1086AlgorithmParameterSpec spec) throws NoSuchAlgorithmException {10871088if (spec == null) {1089return AlgorithmId.get(algName);1090} else if (spec == PSSParamsHolder.PSS_256_SPEC) {1091return PSSParamsHolder.PSS_256_ID;1092} else if (spec == PSSParamsHolder.PSS_384_SPEC) {1093return PSSParamsHolder.PSS_384_ID;1094} else if (spec == PSSParamsHolder.PSS_512_SPEC) {1095return PSSParamsHolder.PSS_512_ID;1096} else {1097try {1098AlgorithmParameters result =1099AlgorithmParameters.getInstance(algName);1100result.init(spec);1101return get(result);1102} catch (InvalidParameterSpecException | NoSuchAlgorithmException e) {1103throw new ProviderException(e);1104}1105}1106}11071108public static PSSParameterSpec getDefaultAlgorithmParameterSpec(1109String sigAlg, PrivateKey k) {1110if (sigAlg.equalsIgnoreCase("RSASSA-PSS")) {1111switch (ifcFfcStrength(KeyUtil.getKeySize(k))) {1112case "SHA256":1113return PSSParamsHolder.PSS_256_SPEC;1114case "SHA384":1115return PSSParamsHolder.PSS_384_SPEC;1116case "SHA512":1117return PSSParamsHolder.PSS_512_SPEC;1118default:1119throw new AssertionError("Should not happen");1120}1121} else {1122return null;1123}1124}11251126// Same values for RSA and DSA (from 8056174)1127private static String ifcFfcStrength(int bitLength) {1128if (bitLength > 7680) { // 256 bits1129return "SHA512";1130} else if (bitLength > 3072) { // 192 bits1131return "SHA384";1132} else { // 128 bits and less1133return "SHA256";1134}1135}1136}113711381139