1 /* 2 * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.x509; 27 28 import java.io.*; 29 import java.util.*; 30 import java.security.*; 31 32 import sun.security.util.*; 33 34 35 /** 36 * This class identifies algorithms, such as cryptographic transforms, each 37 * of which may be associated with parameters. Instances of this base class 38 * are used when this runtime environment has no special knowledge of the 39 * algorithm type, and may also be used in other cases. Equivalence is 40 * defined according to OID and (where relevant) parameters. 41 * 42 * <P>Subclasses may be used, for example when the algorithm ID has 43 * associated parameters which some code (e.g. code using public keys) needs 44 * to have parsed. Two examples of such algorithms are Diffie-Hellman key 45 * exchange, and the Digital Signature Standard Algorithm (DSS/DSA). 46 * 47 * <P>The OID constants defined in this class correspond to some widely 48 * used algorithms, for which conventional string names have been defined. 49 * This class is not a general repository for OIDs, or for such string names. 50 * Note that the mappings between algorithm IDs and algorithm names is 51 * not one-to-one. 52 * 53 * 54 * @author David Brownell 55 * @author Amit Kapoor 56 * @author Hemma Prafullchandra 57 */ 58 public class AlgorithmId implements Serializable, DerEncoder { 59 60 /** use serialVersionUID from JDK 1.1. for interoperability */ 61 private static final long serialVersionUID = 7205873507486557157L; 62 63 /** 64 * The object identitifer being used for this algorithm. 65 */ 66 private ObjectIdentifier algid; 67 68 // The (parsed) parameters 69 private AlgorithmParameters algParams; 70 private boolean constructedFromDer = true; 71 72 /** 73 * Parameters for this algorithm. These are stored in unparsed 74 * DER-encoded form; subclasses can be made to automaticaly parse 75 * them so there is fast access to these parameters. 76 */ 77 protected DerValue params; 78 79 80 /** 81 * Constructs an algorithm ID which will be initialized 82 * separately, for example by deserialization. 83 * @deprecated use one of the other constructors. 84 */ 85 @Deprecated 86 public AlgorithmId() { } 87 88 /** 89 * Constructs a parameterless algorithm ID. 90 * 91 * @param oid the identifier for the algorithm 92 */ 93 public AlgorithmId(ObjectIdentifier oid) { 94 algid = oid; 95 } 96 97 /** 98 * Constructs an algorithm ID with algorithm parameters. 99 * 100 * @param oid the identifier for the algorithm. 101 * @param algparams the associated algorithm parameters. 102 */ 103 public AlgorithmId(ObjectIdentifier oid, AlgorithmParameters algparams) { 104 algid = oid; 105 algParams = algparams; 106 constructedFromDer = false; 107 } 108 109 private AlgorithmId(ObjectIdentifier oid, DerValue params) 110 throws IOException { 111 this.algid = oid; 112 this.params = params; 113 if (this.params != null) { 114 decodeParams(); 115 } 116 } 117 118 protected void decodeParams() throws IOException { 119 String algidString = algid.toString(); 120 try { 121 algParams = AlgorithmParameters.getInstance(algidString); 122 } catch (NoSuchAlgorithmException e) { 123 /* 124 * This algorithm parameter type is not supported, so we cannot 125 * parse the parameters. 126 */ 127 algParams = null; 128 return; 129 } 130 131 // Decode (parse) the parameters 132 algParams.init(params.toByteArray()); 133 } 134 135 /** 136 * Marshal a DER-encoded "AlgorithmID" sequence on the DER stream. 137 */ 138 public final void encode(DerOutputStream out) throws IOException { 139 derEncode(out); 140 } 141 142 /** 143 * DER encode this object onto an output stream. 144 * Implements the <code>DerEncoder</code> interface. 145 * 146 * @param out 147 * the output stream on which to write the DER encoding. 148 * 149 * @exception IOException on encoding error. 150 */ 151 public void derEncode (OutputStream out) throws IOException { 152 DerOutputStream bytes = new DerOutputStream(); 153 DerOutputStream tmp = new DerOutputStream(); 154 155 bytes.putOID(algid); 156 // Setup params from algParams since no DER encoding is given 157 if (constructedFromDer == false) { 158 if (algParams != null) { 159 params = new DerValue(algParams.getEncoded()); 160 } else { 161 params = null; 162 } 163 } 164 if (params == null) { 165 // Changes backed out for compatibility with Solaris 166 167 // Several AlgorithmId should omit the whole parameter part when 168 // it's NULL. They are --- 169 // rfc3370 2.1: Implementations SHOULD generate SHA-1 170 // AlgorithmIdentifiers with absent parameters. 171 // rfc3447 C1: When id-sha1, id-sha224, id-sha256, id-sha384 and 172 // id-sha512 are used in an AlgorithmIdentifier the parameters 173 // (which are optional) SHOULD be omitted. 174 // rfc3279 2.3.2: The id-dsa algorithm syntax includes optional 175 // domain parameters... When omitted, the parameters component 176 // MUST be omitted entirely 177 // rfc3370 3.1: When the id-dsa-with-sha1 algorithm identifier 178 // is used, the AlgorithmIdentifier parameters field MUST be absent. 179 /*if ( 180 algid.equals((Object)SHA_oid) || 181 algid.equals((Object)SHA224_oid) || 182 algid.equals((Object)SHA256_oid) || 183 algid.equals((Object)SHA384_oid) || 184 algid.equals((Object)SHA512_oid) || 185 algid.equals((Object)SHA512_224_oid) || 186 algid.equals((Object)SHA512_256_oid) || 187 algid.equals((Object)DSA_oid) || 188 algid.equals((Object)sha1WithDSA_oid)) { 189 ; // no parameter part encoded 190 } else { 191 bytes.putNull(); 192 }*/ 193 bytes.putNull(); 194 } else { 195 bytes.putDerValue(params); 196 } 197 tmp.write(DerValue.tag_Sequence, bytes); 198 out.write(tmp.toByteArray()); 199 } 200 201 202 /** 203 * Returns the DER-encoded X.509 AlgorithmId as a byte array. 204 */ 205 public final byte[] encode() throws IOException { 206 DerOutputStream out = new DerOutputStream(); 207 derEncode(out); 208 return out.toByteArray(); 209 } 210 211 /** 212 * Returns the ISO OID for this algorithm. This is usually converted 213 * to a string and used as part of an algorithm name, for example 214 * "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code> 215 * call when you do not need to ensure cross-system portability 216 * of algorithm names, or need a user friendly name. 217 */ 218 public final ObjectIdentifier getOID () { 219 return algid; 220 } 221 222 /** 223 * Returns a name for the algorithm which may be more intelligible 224 * to humans than the algorithm's OID, but which won't necessarily 225 * be comprehensible on other systems. For example, this might 226 * return a name such as "MD5withRSA" for a signature algorithm on 227 * some systems. It also returns names like "OID.1.2.3.4", when 228 * no particular name for the algorithm is known. 229 */ 230 public String getName() { 231 String algName = nameTable.get(algid); 232 if (algName != null) { 233 return algName; 234 } 235 if ((params != null) && algid.equals((Object)specifiedWithECDSA_oid)) { 236 try { 237 AlgorithmId paramsId = 238 AlgorithmId.parse(new DerValue(getEncodedParams())); 239 String paramsName = paramsId.getName(); 240 algName = makeSigAlg(paramsName, "EC"); 241 } catch (IOException e) { 242 // ignore 243 } 244 } 245 return (algName == null) ? algid.toString() : algName; 246 } 247 248 public AlgorithmParameters getParameters() { 249 return algParams; 250 } 251 252 /** 253 * Returns the DER encoded parameter, which can then be 254 * used to initialize java.security.AlgorithmParamters. 255 * 256 * @return DER encoded parameters, or null not present. 257 */ 258 public byte[] getEncodedParams() throws IOException { 259 return (params == null) ? null : params.toByteArray(); 260 } 261 262 /** 263 * Returns true iff the argument indicates the same algorithm 264 * with the same parameters. 265 */ 266 public boolean equals(AlgorithmId other) { 267 boolean paramsEqual = 268 (params == null ? other.params == null : params.equals(other.params)); 269 return (algid.equals((Object)other.algid) && paramsEqual); 270 } 271 272 /** 273 * Compares this AlgorithmID to another. If algorithm parameters are 274 * available, they are compared. Otherwise, just the object IDs 275 * for the algorithm are compared. 276 * 277 * @param other preferably an AlgorithmId, else an ObjectIdentifier 278 */ 279 public boolean equals(Object other) { 280 if (this == other) { 281 return true; 282 } 283 if (other instanceof AlgorithmId) { 284 return equals((AlgorithmId) other); 285 } else if (other instanceof ObjectIdentifier) { 286 return equals((ObjectIdentifier) other); 287 } else { 288 return false; 289 } 290 } 291 292 /** 293 * Compares two algorithm IDs for equality. Returns true iff 294 * they are the same algorithm, ignoring algorithm parameters. 295 */ 296 public final boolean equals(ObjectIdentifier id) { 297 return algid.equals((Object)id); 298 } 299 300 /** 301 * Returns a hashcode for this AlgorithmId. 302 * 303 * @return a hashcode for this AlgorithmId. 304 */ 305 public int hashCode() { 306 StringBuilder sbuf = new StringBuilder(); 307 sbuf.append(algid.toString()); 308 sbuf.append(paramsToString()); 309 return sbuf.toString().hashCode(); 310 } 311 312 /** 313 * Provides a human-readable description of the algorithm parameters. 314 * This may be redefined by subclasses which parse those parameters. 315 */ 316 protected String paramsToString() { 317 if (params == null) { 318 return ""; 319 } else if (algParams != null) { 320 return algParams.toString(); 321 } else { 322 return ", params unparsed"; 323 } 324 } 325 326 /** 327 * Returns a string describing the algorithm and its parameters. 328 */ 329 public String toString() { 330 return getName() + paramsToString(); 331 } 332 333 /** 334 * Parse (unmarshal) an ID from a DER sequence input value. This form 335 * parsing might be used when expanding a value which has already been 336 * partially unmarshaled as a set or sequence member. 337 * 338 * @exception IOException on error. 339 * @param val the input value, which contains the algid and, if 340 * there are any parameters, those parameters. 341 * @return an ID for the algorithm. If the system is configured 342 * appropriately, this may be an instance of a class 343 * with some kind of special support for this algorithm. 344 * In that case, you may "narrow" the type of the ID. 345 */ 346 public static AlgorithmId parse(DerValue val) throws IOException { 347 if (val.tag != DerValue.tag_Sequence) { 348 throw new IOException("algid parse error, not a sequence"); 349 } 350 351 /* 352 * Get the algorithm ID and any parameters. 353 */ 354 ObjectIdentifier algid; 355 DerValue params; 356 DerInputStream in = val.toDerInputStream(); 357 358 algid = in.getOID(); 359 if (in.available() == 0) { 360 params = null; 361 } else { 362 params = in.getDerValue(); 363 if (params.tag == DerValue.tag_Null) { 364 if (params.length() != 0) { 365 throw new IOException("invalid NULL"); 366 } 367 params = null; 368 } 369 if (in.available() != 0) { 370 throw new IOException("Invalid AlgorithmIdentifier: extra data"); 371 } 372 } 373 374 return new AlgorithmId(algid, params); 375 } 376 377 /** 378 * Returns one of the algorithm IDs most commonly associated 379 * with this algorithm name. 380 * 381 * @param algname the name being used 382 * @deprecated use the short get form of this method. 383 * @exception NoSuchAlgorithmException on error. 384 */ 385 @Deprecated 386 public static AlgorithmId getAlgorithmId(String algname) 387 throws NoSuchAlgorithmException { 388 return get(algname); 389 } 390 391 /** 392 * Returns one of the algorithm IDs most commonly associated 393 * with this algorithm name. 394 * 395 * @param algname the name being used 396 * @exception NoSuchAlgorithmException on error. 397 */ 398 public static AlgorithmId get(String algname) 399 throws NoSuchAlgorithmException { 400 ObjectIdentifier oid; 401 try { 402 oid = algOID(algname); 403 } catch (IOException ioe) { 404 throw new NoSuchAlgorithmException 405 ("Invalid ObjectIdentifier " + algname); 406 } 407 408 if (oid == null) { 409 throw new NoSuchAlgorithmException 410 ("unrecognized algorithm name: " + algname); 411 } 412 return new AlgorithmId(oid); 413 } 414 415 /** 416 * Returns one of the algorithm IDs most commonly associated 417 * with this algorithm parameters. 418 * 419 * @param algparams the associated algorithm parameters. 420 * @exception NoSuchAlgorithmException on error. 421 */ 422 public static AlgorithmId get(AlgorithmParameters algparams) 423 throws NoSuchAlgorithmException { 424 ObjectIdentifier oid; 425 String algname = algparams.getAlgorithm(); 426 try { 427 oid = algOID(algname); 428 } catch (IOException ioe) { 429 throw new NoSuchAlgorithmException 430 ("Invalid ObjectIdentifier " + algname); 431 } 432 if (oid == null) { 433 throw new NoSuchAlgorithmException 434 ("unrecognized algorithm name: " + algname); 435 } 436 return new AlgorithmId(oid, algparams); 437 } 438 439 /* 440 * Translates from some common algorithm names to the 441 * OID with which they're usually associated ... this mapping 442 * is the reverse of the one below, except in those cases 443 * where synonyms are supported or where a given algorithm 444 * is commonly associated with multiple OIDs. 445 * 446 * XXX This method needs to be enhanced so that we can also pass the 447 * scope of the algorithm name to it, e.g., the algorithm name "DSA" 448 * may have a different OID when used as a "Signature" algorithm than when 449 * used as a "KeyPairGenerator" algorithm. 450 */ 451 private static ObjectIdentifier algOID(String name) throws IOException { 452 // See if algname is in printable OID ("dot-dot") notation 453 if (name.indexOf('.') != -1) { 454 if (name.startsWith("OID.")) { 455 return new ObjectIdentifier(name.substring("OID.".length())); 456 } else { 457 return new ObjectIdentifier(name); 458 } 459 } 460 461 // Digesting algorithms 462 if (name.equalsIgnoreCase("MD5")) { 463 return AlgorithmId.MD5_oid; 464 } 465 if (name.equalsIgnoreCase("MD2")) { 466 return AlgorithmId.MD2_oid; 467 } 468 if (name.equalsIgnoreCase("SHA") || name.equalsIgnoreCase("SHA1") 469 || name.equalsIgnoreCase("SHA-1")) { 470 return AlgorithmId.SHA_oid; 471 } 472 if (name.equalsIgnoreCase("SHA-256") || 473 name.equalsIgnoreCase("SHA256")) { 474 return AlgorithmId.SHA256_oid; 475 } 476 if (name.equalsIgnoreCase("SHA-384") || 477 name.equalsIgnoreCase("SHA384")) { 478 return AlgorithmId.SHA384_oid; 479 } 480 if (name.equalsIgnoreCase("SHA-512") || 481 name.equalsIgnoreCase("SHA512")) { 482 return AlgorithmId.SHA512_oid; 483 } 484 if (name.equalsIgnoreCase("SHA-224") || 485 name.equalsIgnoreCase("SHA224")) { 486 return AlgorithmId.SHA224_oid; 487 } 488 if (name.equalsIgnoreCase("SHA-512/224") || 489 name.equalsIgnoreCase("SHA512/224")) { 490 return AlgorithmId.SHA512_224_oid; 491 } 492 if (name.equalsIgnoreCase("SHA-512/256") || 493 name.equalsIgnoreCase("SHA512/256")) { 494 return AlgorithmId.SHA512_256_oid; 495 } 496 // Various public key algorithms 497 if (name.equalsIgnoreCase("RSA")) { 498 return AlgorithmId.RSAEncryption_oid; 499 } 500 if (name.equalsIgnoreCase("RSASSA-PSS")) { 501 return AlgorithmId.RSASSA_PSS_oid; 502 } 503 if (name.equalsIgnoreCase("RSAES-OAEP")) { 504 return AlgorithmId.RSAES_OAEP_oid; 505 } 506 if (name.equalsIgnoreCase("Diffie-Hellman") 507 || name.equalsIgnoreCase("DH")) { 508 return AlgorithmId.DH_oid; 509 } 510 if (name.equalsIgnoreCase("DSA")) { 511 return AlgorithmId.DSA_oid; 512 } 513 if (name.equalsIgnoreCase("EC")) { 514 return EC_oid; 515 } 516 if (name.equalsIgnoreCase("ECDH")) { 517 return AlgorithmId.ECDH_oid; 518 } 519 520 // Secret key algorithms 521 if (name.equalsIgnoreCase("AES")) { 522 return AlgorithmId.AES_oid; 523 } 524 525 // Common signature types 526 if (name.equalsIgnoreCase("MD5withRSA") 527 || name.equalsIgnoreCase("MD5/RSA")) { 528 return AlgorithmId.md5WithRSAEncryption_oid; 529 } 530 if (name.equalsIgnoreCase("MD2withRSA") 531 || name.equalsIgnoreCase("MD2/RSA")) { 532 return AlgorithmId.md2WithRSAEncryption_oid; 533 } 534 if (name.equalsIgnoreCase("SHAwithDSA") 535 || name.equalsIgnoreCase("SHA1withDSA") 536 || name.equalsIgnoreCase("SHA/DSA") 537 || name.equalsIgnoreCase("SHA1/DSA") 538 || name.equalsIgnoreCase("DSAWithSHA1") 539 || name.equalsIgnoreCase("DSS") 540 || name.equalsIgnoreCase("SHA-1/DSA")) { 541 return AlgorithmId.sha1WithDSA_oid; 542 } 543 if (name.equalsIgnoreCase("SHA224WithDSA")) { 544 return AlgorithmId.sha224WithDSA_oid; 545 } 546 if (name.equalsIgnoreCase("SHA256WithDSA")) { 547 return AlgorithmId.sha256WithDSA_oid; 548 } 549 if (name.equalsIgnoreCase("SHA1WithRSA") 550 || name.equalsIgnoreCase("SHA1/RSA")) { 551 return AlgorithmId.sha1WithRSAEncryption_oid; 552 } 553 if (name.equalsIgnoreCase("SHA1withECDSA") 554 || name.equalsIgnoreCase("ECDSA")) { 555 return AlgorithmId.sha1WithECDSA_oid; 556 } 557 if (name.equalsIgnoreCase("SHA224withECDSA")) { 558 return AlgorithmId.sha224WithECDSA_oid; 559 } 560 if (name.equalsIgnoreCase("SHA256withECDSA")) { 561 return AlgorithmId.sha256WithECDSA_oid; 562 } 563 if (name.equalsIgnoreCase("SHA384withECDSA")) { 564 return AlgorithmId.sha384WithECDSA_oid; 565 } 566 if (name.equalsIgnoreCase("SHA512withECDSA")) { 567 return AlgorithmId.sha512WithECDSA_oid; 568 } 569 570 return oidTable().get(name.toUpperCase(Locale.ENGLISH)); 571 } 572 573 private static ObjectIdentifier oid(int ... values) { 574 return ObjectIdentifier.newInternal(values); 575 } 576 577 private static volatile Map<String,ObjectIdentifier> oidTable; 578 private static final Map<ObjectIdentifier,String> nameTable; 579 580 /** Returns the oidTable, lazily initializing it on first access. */ 581 private static Map<String,ObjectIdentifier> oidTable() 582 throws IOException { 583 // Double checked locking; safe because oidTable is volatile 584 Map<String,ObjectIdentifier> tab; 585 if ((tab = oidTable) == null) { 586 synchronized (AlgorithmId.class) { 587 if ((tab = oidTable) == null) 588 oidTable = tab = computeOidTable(); 589 } 590 } 591 return tab; 592 } 593 594 /** Collects the algorithm names from the installed providers. */ 595 private static HashMap<String,ObjectIdentifier> computeOidTable() 596 throws IOException { 597 HashMap<String,ObjectIdentifier> tab = new HashMap<>(); 598 for (Provider provider : Security.getProviders()) { 599 for (Object key : provider.keySet()) { 600 String alias = (String)key; 601 String upperCaseAlias = alias.toUpperCase(Locale.ENGLISH); 602 int index; 603 if (upperCaseAlias.startsWith("ALG.ALIAS") && 604 (index=upperCaseAlias.indexOf("OID.", 0)) != -1) { 605 index += "OID.".length(); 606 if (index == alias.length()) { 607 // invalid alias entry 608 break; 609 } 610 String oidString = alias.substring(index); 611 String stdAlgName = provider.getProperty(alias); 612 if (stdAlgName != null) { 613 stdAlgName = stdAlgName.toUpperCase(Locale.ENGLISH); 614 } 615 if (stdAlgName != null && 616 tab.get(stdAlgName) == null) { 617 tab.put(stdAlgName, new ObjectIdentifier(oidString)); 618 } 619 } 620 } 621 } 622 return tab; 623 } 624 625 /*****************************************************************/ 626 627 /* 628 * HASHING ALGORITHMS 629 */ 630 631 /** 632 * Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319. 633 * OID = 1.2.840.113549.2.2 634 */ 635 public static final ObjectIdentifier MD2_oid = 636 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 2}); 637 638 /** 639 * Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321. 640 * OID = 1.2.840.113549.2.5 641 */ 642 public static final ObjectIdentifier MD5_oid = 643 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 5}); 644 645 /** 646 * Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1. 647 * This is sometimes called "SHA", though that is often confusing since 648 * many people refer to FIPS 180 (which has an error) as defining SHA. 649 * OID = 1.3.14.3.2.26. Old SHA-0 OID: 1.3.14.3.2.18. 650 */ 651 public static final ObjectIdentifier SHA_oid = 652 ObjectIdentifier.newInternal(new int[] {1, 3, 14, 3, 2, 26}); 653 654 public static final ObjectIdentifier SHA224_oid = 655 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 4}); 656 657 public static final ObjectIdentifier SHA256_oid = 658 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 1}); 659 660 public static final ObjectIdentifier SHA384_oid = 661 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 2}); 662 663 public static final ObjectIdentifier SHA512_oid = 664 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 3}); 665 666 public static final ObjectIdentifier SHA512_224_oid = 667 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 5}); 668 669 public static final ObjectIdentifier SHA512_256_oid = 670 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 6}); 671 672 /* 673 * COMMON PUBLIC KEY TYPES 674 */ 675 private static final int[] DH_data = { 1, 2, 840, 113549, 1, 3, 1 }; 676 private static final int[] DH_PKIX_data = { 1, 2, 840, 10046, 2, 1 }; 677 private static final int[] DSA_OIW_data = { 1, 3, 14, 3, 2, 12 }; 678 private static final int[] DSA_PKIX_data = { 1, 2, 840, 10040, 4, 1 }; 679 private static final int[] RSA_data = { 2, 5, 8, 1, 1 }; 680 681 public static final ObjectIdentifier DH_oid; 682 public static final ObjectIdentifier DH_PKIX_oid; 683 public static final ObjectIdentifier DSA_oid; 684 public static final ObjectIdentifier DSA_OIW_oid; 685 public static final ObjectIdentifier EC_oid = oid(1, 2, 840, 10045, 2, 1); 686 public static final ObjectIdentifier ECDH_oid = oid(1, 3, 132, 1, 12); 687 public static final ObjectIdentifier RSA_oid; 688 public static final ObjectIdentifier RSAEncryption_oid = 689 oid(1, 2, 840, 113549, 1, 1, 1); 690 public static final ObjectIdentifier RSAES_OAEP_oid = 691 oid(1, 2, 840, 113549, 1, 1, 7); 692 public static final ObjectIdentifier RSASSA_PSS_oid = 693 oid(1, 2, 840, 113549, 1, 1, 10); 694 695 /* 696 * COMMON SECRET KEY TYPES 697 */ 698 public static final ObjectIdentifier AES_oid = 699 oid(2, 16, 840, 1, 101, 3, 4, 1); 700 701 /* 702 * COMMON SIGNATURE ALGORITHMS 703 */ 704 private static final int[] md2WithRSAEncryption_data = 705 { 1, 2, 840, 113549, 1, 1, 2 }; 706 private static final int[] md5WithRSAEncryption_data = 707 { 1, 2, 840, 113549, 1, 1, 4 }; 708 private static final int[] sha1WithRSAEncryption_data = 709 { 1, 2, 840, 113549, 1, 1, 5 }; 710 private static final int[] sha1WithRSAEncryption_OIW_data = 711 { 1, 3, 14, 3, 2, 29 }; 712 private static final int[] sha224WithRSAEncryption_data = 713 { 1, 2, 840, 113549, 1, 1, 14 }; 714 private static final int[] sha256WithRSAEncryption_data = 715 { 1, 2, 840, 113549, 1, 1, 11 }; 716 private static final int[] sha384WithRSAEncryption_data = 717 { 1, 2, 840, 113549, 1, 1, 12 }; 718 private static final int[] sha512WithRSAEncryption_data = 719 { 1, 2, 840, 113549, 1, 1, 13 }; 720 721 private static final int[] shaWithDSA_OIW_data = 722 { 1, 3, 14, 3, 2, 13 }; 723 private static final int[] sha1WithDSA_OIW_data = 724 { 1, 3, 14, 3, 2, 27 }; 725 private static final int[] dsaWithSHA1_PKIX_data = 726 { 1, 2, 840, 10040, 4, 3 }; 727 728 public static final ObjectIdentifier md2WithRSAEncryption_oid; 729 public static final ObjectIdentifier md5WithRSAEncryption_oid; 730 public static final ObjectIdentifier sha1WithRSAEncryption_oid; 731 public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid; 732 public static final ObjectIdentifier sha224WithRSAEncryption_oid; 733 public static final ObjectIdentifier sha256WithRSAEncryption_oid; 734 public static final ObjectIdentifier sha384WithRSAEncryption_oid; 735 public static final ObjectIdentifier sha512WithRSAEncryption_oid; 736 public static final ObjectIdentifier sha512_224WithRSAEncryption_oid = 737 oid(1, 2, 840, 113549, 1, 1, 15); 738 public static final ObjectIdentifier sha512_256WithRSAEncryption_oid = 739 oid(1, 2, 840, 113549, 1, 1, 16);; 740 741 public static final ObjectIdentifier shaWithDSA_OIW_oid; 742 public static final ObjectIdentifier sha1WithDSA_OIW_oid; 743 public static final ObjectIdentifier sha1WithDSA_oid; 744 public static final ObjectIdentifier sha224WithDSA_oid = 745 oid(2, 16, 840, 1, 101, 3, 4, 3, 1); 746 public static final ObjectIdentifier sha256WithDSA_oid = 747 oid(2, 16, 840, 1, 101, 3, 4, 3, 2); 748 749 public static final ObjectIdentifier sha1WithECDSA_oid = 750 oid(1, 2, 840, 10045, 4, 1); 751 public static final ObjectIdentifier sha224WithECDSA_oid = 752 oid(1, 2, 840, 10045, 4, 3, 1); 753 public static final ObjectIdentifier sha256WithECDSA_oid = 754 oid(1, 2, 840, 10045, 4, 3, 2); 755 public static final ObjectIdentifier sha384WithECDSA_oid = 756 oid(1, 2, 840, 10045, 4, 3, 3); 757 public static final ObjectIdentifier sha512WithECDSA_oid = 758 oid(1, 2, 840, 10045, 4, 3, 4); 759 public static final ObjectIdentifier specifiedWithECDSA_oid = 760 oid(1, 2, 840, 10045, 4, 3); 761 762 /** 763 * Algorithm ID for the PBE encryption algorithms from PKCS#5 and 764 * PKCS#12. 765 */ 766 public static final ObjectIdentifier pbeWithMD5AndDES_oid = 767 ObjectIdentifier.newInternal(new int[]{1, 2, 840, 113549, 1, 5, 3}); 768 public static final ObjectIdentifier pbeWithMD5AndRC2_oid = 769 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 6}); 770 public static final ObjectIdentifier pbeWithSHA1AndDES_oid = 771 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 10}); 772 public static final ObjectIdentifier pbeWithSHA1AndRC2_oid = 773 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 11}); 774 public static ObjectIdentifier pbeWithSHA1AndDESede_oid = 775 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 3}); 776 public static ObjectIdentifier pbeWithSHA1AndRC2_40_oid = 777 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 6}); 778 779 static { 780 /* 781 * Note the preferred OIDs are named simply with no "OIW" or 782 * "PKIX" in them, even though they may point to data from these 783 * specs; e.g. SHA_oid, DH_oid, DSA_oid, SHA1WithDSA_oid... 784 */ 785 /** 786 * Algorithm ID for Diffie Hellman Key agreement, from PKCS #3. 787 * Parameters include public values P and G, and may optionally specify 788 * the length of the private key X. Alternatively, algorithm parameters 789 * may be derived from another source such as a Certificate Authority's 790 * certificate. 791 * OID = 1.2.840.113549.1.3.1 792 */ 793 DH_oid = ObjectIdentifier.newInternal(DH_data); 794 795 /** 796 * Algorithm ID for the Diffie Hellman Key Agreement (DH), from RFC 3279. 797 * Parameters may include public values P and G. 798 * OID = 1.2.840.10046.2.1 799 */ 800 DH_PKIX_oid = ObjectIdentifier.newInternal(DH_PKIX_data); 801 802 /** 803 * Algorithm ID for the Digital Signing Algorithm (DSA), from the 804 * NIST OIW Stable Agreements part 12. 805 * Parameters may include public values P, Q, and G; or these may be 806 * derived from 807 * another source such as a Certificate Authority's certificate. 808 * OID = 1.3.14.3.2.12 809 */ 810 DSA_OIW_oid = ObjectIdentifier.newInternal(DSA_OIW_data); 811 812 /** 813 * Algorithm ID for the Digital Signing Algorithm (DSA), from RFC 3279. 814 * Parameters may include public values P, Q, and G; or these may be 815 * derived from another source such as a Certificate Authority's 816 * certificate. 817 * OID = 1.2.840.10040.4.1 818 */ 819 DSA_oid = ObjectIdentifier.newInternal(DSA_PKIX_data); 820 821 /** 822 * Algorithm ID for RSA keys used for any purpose, as defined in X.509. 823 * The algorithm parameter is a single value, the number of bits in the 824 * public modulus. 825 * OID = 2.5.8.1.1 826 */ 827 RSA_oid = ObjectIdentifier.newInternal(RSA_data); 828 829 /** 830 * Identifies a signing algorithm where an MD2 digest is encrypted 831 * using an RSA private key; defined in PKCS #1. Use of this 832 * signing algorithm is discouraged due to MD2 vulnerabilities. 833 * OID = 1.2.840.113549.1.1.2 834 */ 835 md2WithRSAEncryption_oid = 836 ObjectIdentifier.newInternal(md2WithRSAEncryption_data); 837 838 /** 839 * Identifies a signing algorithm where an MD5 digest is 840 * encrypted using an RSA private key; defined in PKCS #1. 841 * OID = 1.2.840.113549.1.1.4 842 */ 843 md5WithRSAEncryption_oid = 844 ObjectIdentifier.newInternal(md5WithRSAEncryption_data); 845 846 /** 847 * Identifies a signing algorithm where a SHA1 digest is 848 * encrypted using an RSA private key; defined by RSA DSI. 849 * OID = 1.2.840.113549.1.1.5 850 */ 851 sha1WithRSAEncryption_oid = 852 ObjectIdentifier.newInternal(sha1WithRSAEncryption_data); 853 854 /** 855 * Identifies a signing algorithm where a SHA1 digest is 856 * encrypted using an RSA private key; defined in NIST OIW. 857 * OID = 1.3.14.3.2.29 858 */ 859 sha1WithRSAEncryption_OIW_oid = 860 ObjectIdentifier.newInternal(sha1WithRSAEncryption_OIW_data); 861 862 /** 863 * Identifies a signing algorithm where a SHA224 digest is 864 * encrypted using an RSA private key; defined by PKCS #1. 865 * OID = 1.2.840.113549.1.1.14 866 */ 867 sha224WithRSAEncryption_oid = 868 ObjectIdentifier.newInternal(sha224WithRSAEncryption_data); 869 870 /** 871 * Identifies a signing algorithm where a SHA256 digest is 872 * encrypted using an RSA private key; defined by PKCS #1. 873 * OID = 1.2.840.113549.1.1.11 874 */ 875 sha256WithRSAEncryption_oid = 876 ObjectIdentifier.newInternal(sha256WithRSAEncryption_data); 877 878 /** 879 * Identifies a signing algorithm where a SHA384 digest is 880 * encrypted using an RSA private key; defined by PKCS #1. 881 * OID = 1.2.840.113549.1.1.12 882 */ 883 sha384WithRSAEncryption_oid = 884 ObjectIdentifier.newInternal(sha384WithRSAEncryption_data); 885 886 /** 887 * Identifies a signing algorithm where a SHA512 digest is 888 * encrypted using an RSA private key; defined by PKCS #1. 889 * OID = 1.2.840.113549.1.1.13 890 */ 891 sha512WithRSAEncryption_oid = 892 ObjectIdentifier.newInternal(sha512WithRSAEncryption_data); 893 894 /** 895 * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a 896 * SHA digest is signed using the Digital Signing Algorithm (DSA). 897 * This should not be used. 898 * OID = 1.3.14.3.2.13 899 */ 900 shaWithDSA_OIW_oid = ObjectIdentifier.newInternal(shaWithDSA_OIW_data); 901 902 /** 903 * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a 904 * SHA1 digest is signed using the Digital Signing Algorithm (DSA). 905 * OID = 1.3.14.3.2.27 906 */ 907 sha1WithDSA_OIW_oid = ObjectIdentifier.newInternal(sha1WithDSA_OIW_data); 908 909 /** 910 * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a 911 * SHA1 digest is signed using the Digital Signing Algorithm (DSA). 912 * OID = 1.2.840.10040.4.3 913 */ 914 sha1WithDSA_oid = ObjectIdentifier.newInternal(dsaWithSHA1_PKIX_data); 915 916 nameTable = new HashMap<>(); 917 nameTable.put(MD5_oid, "MD5"); 918 nameTable.put(MD2_oid, "MD2"); 919 nameTable.put(SHA_oid, "SHA-1"); 920 nameTable.put(SHA224_oid, "SHA-224"); 921 nameTable.put(SHA256_oid, "SHA-256"); 922 nameTable.put(SHA384_oid, "SHA-384"); 923 nameTable.put(SHA512_oid, "SHA-512"); 924 nameTable.put(SHA512_224_oid, "SHA-512/224"); 925 nameTable.put(SHA512_256_oid, "SHA-512/256"); 926 nameTable.put(RSAEncryption_oid, "RSA"); 927 nameTable.put(RSA_oid, "RSA"); 928 nameTable.put(DH_oid, "Diffie-Hellman"); 929 nameTable.put(DH_PKIX_oid, "Diffie-Hellman"); 930 nameTable.put(DSA_oid, "DSA"); 931 nameTable.put(DSA_OIW_oid, "DSA"); 932 nameTable.put(EC_oid, "EC"); 933 nameTable.put(ECDH_oid, "ECDH"); 934 935 nameTable.put(AES_oid, "AES"); 936 937 nameTable.put(sha1WithECDSA_oid, "SHA1withECDSA"); 938 nameTable.put(sha224WithECDSA_oid, "SHA224withECDSA"); 939 nameTable.put(sha256WithECDSA_oid, "SHA256withECDSA"); 940 nameTable.put(sha384WithECDSA_oid, "SHA384withECDSA"); 941 nameTable.put(sha512WithECDSA_oid, "SHA512withECDSA"); 942 nameTable.put(md5WithRSAEncryption_oid, "MD5withRSA"); 943 nameTable.put(md2WithRSAEncryption_oid, "MD2withRSA"); 944 nameTable.put(sha1WithDSA_oid, "SHA1withDSA"); 945 nameTable.put(sha1WithDSA_OIW_oid, "SHA1withDSA"); 946 nameTable.put(shaWithDSA_OIW_oid, "SHA1withDSA"); 947 nameTable.put(sha224WithDSA_oid, "SHA224withDSA"); 948 nameTable.put(sha256WithDSA_oid, "SHA256withDSA"); 949 nameTable.put(sha1WithRSAEncryption_oid, "SHA1withRSA"); 950 nameTable.put(sha1WithRSAEncryption_OIW_oid, "SHA1withRSA"); 951 nameTable.put(sha224WithRSAEncryption_oid, "SHA224withRSA"); 952 nameTable.put(sha256WithRSAEncryption_oid, "SHA256withRSA"); 953 nameTable.put(sha384WithRSAEncryption_oid, "SHA384withRSA"); 954 nameTable.put(sha512WithRSAEncryption_oid, "SHA512withRSA"); 955 nameTable.put(sha512_224WithRSAEncryption_oid, "SHA512/224withRSA"); 956 nameTable.put(sha512_256WithRSAEncryption_oid, "SHA512/256withRSA"); 957 nameTable.put(RSASSA_PSS_oid, "RSASSA-PSS"); 958 nameTable.put(RSAES_OAEP_oid, "RSAES-OAEP"); 959 960 nameTable.put(pbeWithMD5AndDES_oid, "PBEWithMD5AndDES"); 961 nameTable.put(pbeWithMD5AndRC2_oid, "PBEWithMD5AndRC2"); 962 nameTable.put(pbeWithSHA1AndDES_oid, "PBEWithSHA1AndDES"); 963 nameTable.put(pbeWithSHA1AndRC2_oid, "PBEWithSHA1AndRC2"); 964 nameTable.put(pbeWithSHA1AndDESede_oid, "PBEWithSHA1AndDESede"); 965 nameTable.put(pbeWithSHA1AndRC2_40_oid, "PBEWithSHA1AndRC2_40"); 966 } 967 968 /** 969 * Creates a signature algorithm name from a digest algorithm 970 * name and a encryption algorithm name. 971 */ 972 public static String makeSigAlg(String digAlg, String encAlg) { 973 digAlg = digAlg.replace("-", ""); 974 if (encAlg.equalsIgnoreCase("EC")) encAlg = "ECDSA"; 975 976 return digAlg + "with" + encAlg; 977 } 978 979 /** 980 * Extracts the encryption algorithm name from a signature 981 * algorithm name. 982 */ 983 public static String getEncAlgFromSigAlg(String signatureAlgorithm) { 984 signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH); 985 int with = signatureAlgorithm.indexOf("WITH"); 986 String keyAlgorithm = null; 987 if (with > 0) { 988 int and = signatureAlgorithm.indexOf("AND", with + 4); 989 if (and > 0) { 990 keyAlgorithm = signatureAlgorithm.substring(with + 4, and); 991 } else { 992 keyAlgorithm = signatureAlgorithm.substring(with + 4); 993 } 994 if (keyAlgorithm.equalsIgnoreCase("ECDSA")) { 995 keyAlgorithm = "EC"; 996 } 997 } 998 return keyAlgorithm; 999 } 1000 1001 /** 1002 * Extracts the digest algorithm name from a signature 1003 * algorithm name. 1004 */ 1005 public static String getDigAlgFromSigAlg(String signatureAlgorithm) { 1006 signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH); 1007 int with = signatureAlgorithm.indexOf("WITH"); 1008 if (with > 0) { 1009 return signatureAlgorithm.substring(0, with); 1010 } 1011 return null; 1012 } 1013 1014 /** 1015 * Checks if a signature algorithm matches a key algorithm, i.e. a 1016 * signature can be initialized with a key. 1017 * 1018 * @param kAlg must not be null 1019 * @param sAlg must not be null 1020 * @throws IllegalArgumentException if they do not match 1021 */ 1022 public static void checkKeyAndSigAlgMatch(String kAlg, String sAlg) { 1023 String sAlgUp = sAlg.toUpperCase(Locale.US); 1024 if ((sAlgUp.endsWith("WITHRSA") && !kAlg.equalsIgnoreCase("RSA")) || 1025 (sAlgUp.endsWith("WITHECDSA") && !kAlg.equalsIgnoreCase("EC")) || 1026 (sAlgUp.endsWith("WITHDSA") && !kAlg.equalsIgnoreCase("DSA"))) { 1027 throw new IllegalArgumentException( 1028 "key algorithm not compatible with signature algorithm"); 1029 } 1030 } 1031 1032 /** 1033 * Returns the default signature algorithm for a private key. The digest 1034 * part might evolve with time. Remember to update the spec of 1035 * {@link jdk.security.jarsigner.JarSigner.Builder#getDefaultSignatureAlgorithm(PrivateKey)} 1036 * if updated. 1037 * 1038 * @param k cannot be null 1039 * @return the default alg, might be null if unsupported 1040 */ 1041 public static String getDefaultSigAlgForKey(PrivateKey k) { 1042 switch (k.getAlgorithm().toUpperCase(Locale.ENGLISH)) { 1043 case "EC": 1044 return ecStrength(KeyUtil.getKeySize(k)) 1045 + "withECDSA"; 1046 case "DSA": 1047 return ifcFfcStrength(KeyUtil.getKeySize(k)) 1048 + "withDSA"; 1049 case "RSA": 1050 return ifcFfcStrength(KeyUtil.getKeySize(k)) 1051 + "withRSA"; 1052 default: 1053 return null; 1054 } 1055 } 1056 1057 // Values from SP800-57 part 1 rev 4 tables 2 and 3 1058 private static String ecStrength (int bitLength) { 1059 if (bitLength >= 512) { // 256 bits of strength 1060 return "SHA512"; 1061 } else if (bitLength >= 384) { // 192 bits of strength 1062 return "SHA384"; 1063 } else { // 128 bits of strength and less 1064 return "SHA256"; 1065 } 1066 } 1067 1068 // Same values for RSA and DSA 1069 private static String ifcFfcStrength (int bitLength) { 1070 if (bitLength > 7680) { // 256 bits 1071 return "SHA512"; 1072 } else if (bitLength > 3072) { // 192 bits 1073 return "SHA384"; 1074 } else { // 128 bits and less 1075 return "SHA256"; 1076 } 1077 } 1078 }