1 /*
2 * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.x509;
27
28 import java.io.*;
29 import java.util.*;
30 import java.security.*;
31
32 import sun.security.util.*;
33
34
35 /**
36 * This class identifies algorithms, such as cryptographic transforms, each
37 * of which may be associated with parameters. Instances of this base class
38 * are used when this runtime environment has no special knowledge of the
39 * algorithm type, and may also be used in other cases. Equivalence is
40 * defined according to OID and (where relevant) parameters.
41 *
42 * <P>Subclasses may be used, for example when the algorithm ID has
43 * associated parameters which some code (e.g. code using public keys) needs
44 * to have parsed. Two examples of such algorithms are Diffie-Hellman key
45 * exchange, and the Digital Signature Standard Algorithm (DSS/DSA).
46 *
47 * <P>The OID constants defined in this class correspond to some widely
48 * used algorithms, for which conventional string names have been defined.
49 * This class is not a general repository for OIDs, or for such string names.
50 * Note that the mappings between algorithm IDs and algorithm names is
51 * not one-to-one.
52 *
53 *
54 * @author David Brownell
55 * @author Amit Kapoor
56 * @author Hemma Prafullchandra
57 */
58 public class AlgorithmId implements Serializable, DerEncoder {
59
60 /** use serialVersionUID from JDK 1.1. for interoperability */
61 private static final long serialVersionUID = 7205873507486557157L;
62
63 /**
64 * The object identitifer being used for this algorithm.
65 */
66 private ObjectIdentifier algid;
67
68 // The (parsed) parameters
69 private AlgorithmParameters algParams;
70 private boolean constructedFromDer = true;
71
72 /**
73 * Parameters for this algorithm. These are stored in unparsed
74 * DER-encoded form; subclasses can be made to automaticaly parse
75 * them so there is fast access to these parameters.
76 */
77 protected DerValue params;
78
79
80 /**
81 * Constructs an algorithm ID which will be initialized
82 * separately, for example by deserialization.
83 * @deprecated use one of the other constructors.
84 */
85 @Deprecated
86 public AlgorithmId() { }
87
88 /**
89 * Constructs a parameterless algorithm ID.
90 *
91 * @param oid the identifier for the algorithm
92 */
93 public AlgorithmId(ObjectIdentifier oid) {
94 algid = oid;
95 }
96
97 /**
98 * Constructs an algorithm ID with algorithm parameters.
99 *
100 * @param oid the identifier for the algorithm.
101 * @param algparams the associated algorithm parameters.
102 */
103 public AlgorithmId(ObjectIdentifier oid, AlgorithmParameters algparams) {
104 algid = oid;
105 algParams = algparams;
106 constructedFromDer = false;
107 }
108
109 private AlgorithmId(ObjectIdentifier oid, DerValue params)
110 throws IOException {
111 this.algid = oid;
112 this.params = params;
113 if (this.params != null) {
114 decodeParams();
115 }
116 }
117
118 protected void decodeParams() throws IOException {
119 String algidString = algid.toString();
120 try {
121 algParams = AlgorithmParameters.getInstance(algidString);
122 } catch (NoSuchAlgorithmException e) {
123 /*
124 * This algorithm parameter type is not supported, so we cannot
125 * parse the parameters.
126 */
127 algParams = null;
128 return;
129 }
130
131 // Decode (parse) the parameters
132 algParams.init(params.toByteArray());
133 }
134
135 /**
136 * Marshal a DER-encoded "AlgorithmID" sequence on the DER stream.
137 */
138 public final void encode(DerOutputStream out) throws IOException {
139 derEncode(out);
140 }
141
142 /**
143 * DER encode this object onto an output stream.
144 * Implements the <code>DerEncoder</code> interface.
145 *
146 * @param out
147 * the output stream on which to write the DER encoding.
148 *
149 * @exception IOException on encoding error.
150 */
151 public void derEncode (OutputStream out) throws IOException {
152 DerOutputStream bytes = new DerOutputStream();
153 DerOutputStream tmp = new DerOutputStream();
154
155 bytes.putOID(algid);
156 // Setup params from algParams since no DER encoding is given
157 if (constructedFromDer == false) {
158 if (algParams != null) {
159 params = new DerValue(algParams.getEncoded());
160 } else {
161 params = null;
162 }
163 }
164 if (params == null) {
165 // Changes backed out for compatibility with Solaris
166
167 // Several AlgorithmId should omit the whole parameter part when
168 // it's NULL. They are ---
169 // rfc3370 2.1: Implementations SHOULD generate SHA-1
170 // AlgorithmIdentifiers with absent parameters.
171 // rfc3447 C1: When id-sha1, id-sha224, id-sha256, id-sha384 and
172 // id-sha512 are used in an AlgorithmIdentifier the parameters
173 // (which are optional) SHOULD be omitted.
174 // rfc3279 2.3.2: The id-dsa algorithm syntax includes optional
175 // domain parameters... When omitted, the parameters component
176 // MUST be omitted entirely
177 // rfc3370 3.1: When the id-dsa-with-sha1 algorithm identifier
178 // is used, the AlgorithmIdentifier parameters field MUST be absent.
179 /*if (
180 algid.equals((Object)SHA_oid) ||
181 algid.equals((Object)SHA224_oid) ||
182 algid.equals((Object)SHA256_oid) ||
183 algid.equals((Object)SHA384_oid) ||
184 algid.equals((Object)SHA512_oid) ||
185 algid.equals((Object)SHA512_224_oid) ||
186 algid.equals((Object)SHA512_256_oid) ||
187 algid.equals((Object)DSA_oid) ||
188 algid.equals((Object)sha1WithDSA_oid)) {
189 ; // no parameter part encoded
190 } else {
191 bytes.putNull();
192 }*/
193 bytes.putNull();
194 } else {
195 bytes.putDerValue(params);
196 }
197 tmp.write(DerValue.tag_Sequence, bytes);
198 out.write(tmp.toByteArray());
199 }
200
201
202 /**
203 * Returns the DER-encoded X.509 AlgorithmId as a byte array.
204 */
205 public final byte[] encode() throws IOException {
206 DerOutputStream out = new DerOutputStream();
207 derEncode(out);
208 return out.toByteArray();
209 }
210
211 /**
212 * Returns the ISO OID for this algorithm. This is usually converted
213 * to a string and used as part of an algorithm name, for example
214 * "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code>
215 * call when you do not need to ensure cross-system portability
216 * of algorithm names, or need a user friendly name.
217 */
218 public final ObjectIdentifier getOID () {
219 return algid;
220 }
221
222 /**
223 * Returns a name for the algorithm which may be more intelligible
224 * to humans than the algorithm's OID, but which won't necessarily
225 * be comprehensible on other systems. For example, this might
226 * return a name such as "MD5withRSA" for a signature algorithm on
227 * some systems. It also returns names like "OID.1.2.3.4", when
228 * no particular name for the algorithm is known.
229 */
230 public String getName() {
231 String algName = nameTable.get(algid);
232 if (algName != null) {
233 return algName;
234 }
235 if ((params != null) && algid.equals((Object)specifiedWithECDSA_oid)) {
236 try {
237 AlgorithmId paramsId =
238 AlgorithmId.parse(new DerValue(getEncodedParams()));
239 String paramsName = paramsId.getName();
240 algName = makeSigAlg(paramsName, "EC");
241 } catch (IOException e) {
242 // ignore
243 }
244 }
245 return (algName == null) ? algid.toString() : algName;
246 }
247
248 public AlgorithmParameters getParameters() {
249 return algParams;
250 }
251
252 /**
253 * Returns the DER encoded parameter, which can then be
254 * used to initialize java.security.AlgorithmParamters.
255 *
256 * @return DER encoded parameters, or null not present.
257 */
258 public byte[] getEncodedParams() throws IOException {
259 return (params == null) ? null : params.toByteArray();
260 }
261
262 /**
263 * Returns true iff the argument indicates the same algorithm
264 * with the same parameters.
265 */
266 public boolean equals(AlgorithmId other) {
267 boolean paramsEqual =
268 (params == null ? other.params == null : params.equals(other.params));
269 return (algid.equals((Object)other.algid) && paramsEqual);
270 }
271
272 /**
273 * Compares this AlgorithmID to another. If algorithm parameters are
274 * available, they are compared. Otherwise, just the object IDs
275 * for the algorithm are compared.
276 *
277 * @param other preferably an AlgorithmId, else an ObjectIdentifier
278 */
279 public boolean equals(Object other) {
280 if (this == other) {
281 return true;
282 }
283 if (other instanceof AlgorithmId) {
284 return equals((AlgorithmId) other);
285 } else if (other instanceof ObjectIdentifier) {
286 return equals((ObjectIdentifier) other);
287 } else {
288 return false;
289 }
290 }
291
292 /**
293 * Compares two algorithm IDs for equality. Returns true iff
294 * they are the same algorithm, ignoring algorithm parameters.
295 */
296 public final boolean equals(ObjectIdentifier id) {
297 return algid.equals((Object)id);
298 }
299
300 /**
301 * Returns a hashcode for this AlgorithmId.
302 *
303 * @return a hashcode for this AlgorithmId.
304 */
305 public int hashCode() {
306 StringBuilder sbuf = new StringBuilder();
307 sbuf.append(algid.toString());
308 sbuf.append(paramsToString());
309 return sbuf.toString().hashCode();
310 }
311
312 /**
313 * Provides a human-readable description of the algorithm parameters.
314 * This may be redefined by subclasses which parse those parameters.
315 */
316 protected String paramsToString() {
317 if (params == null) {
318 return "";
319 } else if (algParams != null) {
320 return algParams.toString();
321 } else {
322 return ", params unparsed";
323 }
324 }
325
326 /**
327 * Returns a string describing the algorithm and its parameters.
328 */
329 public String toString() {
330 return getName() + paramsToString();
331 }
332
333 /**
334 * Parse (unmarshal) an ID from a DER sequence input value. This form
335 * parsing might be used when expanding a value which has already been
336 * partially unmarshaled as a set or sequence member.
337 *
338 * @exception IOException on error.
339 * @param val the input value, which contains the algid and, if
340 * there are any parameters, those parameters.
341 * @return an ID for the algorithm. If the system is configured
342 * appropriately, this may be an instance of a class
343 * with some kind of special support for this algorithm.
344 * In that case, you may "narrow" the type of the ID.
345 */
346 public static AlgorithmId parse(DerValue val) throws IOException {
347 if (val.tag != DerValue.tag_Sequence) {
348 throw new IOException("algid parse error, not a sequence");
349 }
350
351 /*
352 * Get the algorithm ID and any parameters.
353 */
354 ObjectIdentifier algid;
355 DerValue params;
356 DerInputStream in = val.toDerInputStream();
357
358 algid = in.getOID();
359 if (in.available() == 0) {
360 params = null;
361 } else {
362 params = in.getDerValue();
363 if (params.tag == DerValue.tag_Null) {
364 if (params.length() != 0) {
365 throw new IOException("invalid NULL");
366 }
367 params = null;
368 }
369 if (in.available() != 0) {
370 throw new IOException("Invalid AlgorithmIdentifier: extra data");
371 }
372 }
373
374 return new AlgorithmId(algid, params);
375 }
376
377 /**
378 * Returns one of the algorithm IDs most commonly associated
379 * with this algorithm name.
380 *
381 * @param algname the name being used
382 * @deprecated use the short get form of this method.
383 * @exception NoSuchAlgorithmException on error.
384 */
385 @Deprecated
386 public static AlgorithmId getAlgorithmId(String algname)
387 throws NoSuchAlgorithmException {
388 return get(algname);
389 }
390
391 /**
392 * Returns one of the algorithm IDs most commonly associated
393 * with this algorithm name.
394 *
395 * @param algname the name being used
396 * @exception NoSuchAlgorithmException on error.
397 */
398 public static AlgorithmId get(String algname)
399 throws NoSuchAlgorithmException {
400 ObjectIdentifier oid;
401 try {
402 oid = algOID(algname);
403 } catch (IOException ioe) {
404 throw new NoSuchAlgorithmException
405 ("Invalid ObjectIdentifier " + algname);
406 }
407
408 if (oid == null) {
409 throw new NoSuchAlgorithmException
410 ("unrecognized algorithm name: " + algname);
411 }
412 return new AlgorithmId(oid);
413 }
414
415 /**
416 * Returns one of the algorithm IDs most commonly associated
417 * with this algorithm parameters.
418 *
419 * @param algparams the associated algorithm parameters.
420 * @exception NoSuchAlgorithmException on error.
421 */
422 public static AlgorithmId get(AlgorithmParameters algparams)
423 throws NoSuchAlgorithmException {
424 ObjectIdentifier oid;
425 String algname = algparams.getAlgorithm();
426 try {
427 oid = algOID(algname);
428 } catch (IOException ioe) {
429 throw new NoSuchAlgorithmException
430 ("Invalid ObjectIdentifier " + algname);
431 }
432 if (oid == null) {
433 throw new NoSuchAlgorithmException
434 ("unrecognized algorithm name: " + algname);
435 }
436 return new AlgorithmId(oid, algparams);
437 }
438
439 /*
440 * Translates from some common algorithm names to the
441 * OID with which they're usually associated ... this mapping
442 * is the reverse of the one below, except in those cases
443 * where synonyms are supported or where a given algorithm
444 * is commonly associated with multiple OIDs.
445 *
446 * XXX This method needs to be enhanced so that we can also pass the
447 * scope of the algorithm name to it, e.g., the algorithm name "DSA"
448 * may have a different OID when used as a "Signature" algorithm than when
449 * used as a "KeyPairGenerator" algorithm.
450 */
451 private static ObjectIdentifier algOID(String name) throws IOException {
452 // See if algname is in printable OID ("dot-dot") notation
453 if (name.indexOf('.') != -1) {
454 if (name.startsWith("OID.")) {
455 return new ObjectIdentifier(name.substring("OID.".length()));
456 } else {
457 return new ObjectIdentifier(name);
458 }
459 }
460
461 // Digesting algorithms
462 if (name.equalsIgnoreCase("MD5")) {
463 return AlgorithmId.MD5_oid;
464 }
465 if (name.equalsIgnoreCase("MD2")) {
466 return AlgorithmId.MD2_oid;
467 }
468 if (name.equalsIgnoreCase("SHA") || name.equalsIgnoreCase("SHA1")
469 || name.equalsIgnoreCase("SHA-1")) {
470 return AlgorithmId.SHA_oid;
471 }
472 if (name.equalsIgnoreCase("SHA-256") ||
473 name.equalsIgnoreCase("SHA256")) {
474 return AlgorithmId.SHA256_oid;
475 }
476 if (name.equalsIgnoreCase("SHA-384") ||
477 name.equalsIgnoreCase("SHA384")) {
478 return AlgorithmId.SHA384_oid;
479 }
480 if (name.equalsIgnoreCase("SHA-512") ||
481 name.equalsIgnoreCase("SHA512")) {
482 return AlgorithmId.SHA512_oid;
483 }
484 if (name.equalsIgnoreCase("SHA-224") ||
485 name.equalsIgnoreCase("SHA224")) {
486 return AlgorithmId.SHA224_oid;
487 }
488 if (name.equalsIgnoreCase("SHA-512/224") ||
489 name.equalsIgnoreCase("SHA512/224")) {
490 return AlgorithmId.SHA512_224_oid;
491 }
492 if (name.equalsIgnoreCase("SHA-512/256") ||
493 name.equalsIgnoreCase("SHA512/256")) {
494 return AlgorithmId.SHA512_256_oid;
495 }
496 // Various public key algorithms
497 if (name.equalsIgnoreCase("RSA")) {
498 return AlgorithmId.RSAEncryption_oid;
499 }
500 if (name.equalsIgnoreCase("RSASSA-PSS")) {
501 return AlgorithmId.RSASSA_PSS_oid;
502 }
503 if (name.equalsIgnoreCase("RSAES-OAEP")) {
504 return AlgorithmId.RSAES_OAEP_oid;
505 }
506 if (name.equalsIgnoreCase("Diffie-Hellman")
507 || name.equalsIgnoreCase("DH")) {
508 return AlgorithmId.DH_oid;
509 }
510 if (name.equalsIgnoreCase("DSA")) {
511 return AlgorithmId.DSA_oid;
512 }
513 if (name.equalsIgnoreCase("EC")) {
514 return EC_oid;
515 }
516 if (name.equalsIgnoreCase("ECDH")) {
517 return AlgorithmId.ECDH_oid;
518 }
519
520 // Secret key algorithms
521 if (name.equalsIgnoreCase("AES")) {
522 return AlgorithmId.AES_oid;
523 }
524
525 // Common signature types
526 if (name.equalsIgnoreCase("MD5withRSA")
527 || name.equalsIgnoreCase("MD5/RSA")) {
528 return AlgorithmId.md5WithRSAEncryption_oid;
529 }
530 if (name.equalsIgnoreCase("MD2withRSA")
531 || name.equalsIgnoreCase("MD2/RSA")) {
532 return AlgorithmId.md2WithRSAEncryption_oid;
533 }
534 if (name.equalsIgnoreCase("SHAwithDSA")
535 || name.equalsIgnoreCase("SHA1withDSA")
536 || name.equalsIgnoreCase("SHA/DSA")
537 || name.equalsIgnoreCase("SHA1/DSA")
538 || name.equalsIgnoreCase("DSAWithSHA1")
539 || name.equalsIgnoreCase("DSS")
540 || name.equalsIgnoreCase("SHA-1/DSA")) {
541 return AlgorithmId.sha1WithDSA_oid;
542 }
543 if (name.equalsIgnoreCase("SHA224WithDSA")) {
544 return AlgorithmId.sha224WithDSA_oid;
545 }
546 if (name.equalsIgnoreCase("SHA256WithDSA")) {
547 return AlgorithmId.sha256WithDSA_oid;
548 }
549 if (name.equalsIgnoreCase("SHA1WithRSA")
550 || name.equalsIgnoreCase("SHA1/RSA")) {
551 return AlgorithmId.sha1WithRSAEncryption_oid;
552 }
553 if (name.equalsIgnoreCase("SHA1withECDSA")
554 || name.equalsIgnoreCase("ECDSA")) {
555 return AlgorithmId.sha1WithECDSA_oid;
556 }
557 if (name.equalsIgnoreCase("SHA224withECDSA")) {
558 return AlgorithmId.sha224WithECDSA_oid;
559 }
560 if (name.equalsIgnoreCase("SHA256withECDSA")) {
561 return AlgorithmId.sha256WithECDSA_oid;
562 }
563 if (name.equalsIgnoreCase("SHA384withECDSA")) {
564 return AlgorithmId.sha384WithECDSA_oid;
565 }
566 if (name.equalsIgnoreCase("SHA512withECDSA")) {
567 return AlgorithmId.sha512WithECDSA_oid;
568 }
569
570 return oidTable().get(name.toUpperCase(Locale.ENGLISH));
571 }
572
573 private static ObjectIdentifier oid(int ... values) {
574 return ObjectIdentifier.newInternal(values);
575 }
576
577 private static volatile Map<String,ObjectIdentifier> oidTable;
578 private static final Map<ObjectIdentifier,String> nameTable;
579
580 /** Returns the oidTable, lazily initializing it on first access. */
581 private static Map<String,ObjectIdentifier> oidTable()
582 throws IOException {
583 // Double checked locking; safe because oidTable is volatile
584 Map<String,ObjectIdentifier> tab;
585 if ((tab = oidTable) == null) {
586 synchronized (AlgorithmId.class) {
587 if ((tab = oidTable) == null)
588 oidTable = tab = computeOidTable();
589 }
590 }
591 return tab;
592 }
593
594 /** Collects the algorithm names from the installed providers. */
595 private static HashMap<String,ObjectIdentifier> computeOidTable()
596 throws IOException {
597 HashMap<String,ObjectIdentifier> tab = new HashMap<>();
598 for (Provider provider : Security.getProviders()) {
599 for (Object key : provider.keySet()) {
600 String alias = (String)key;
601 String upperCaseAlias = alias.toUpperCase(Locale.ENGLISH);
602 int index;
603 if (upperCaseAlias.startsWith("ALG.ALIAS") &&
604 (index=upperCaseAlias.indexOf("OID.", 0)) != -1) {
605 index += "OID.".length();
606 if (index == alias.length()) {
607 // invalid alias entry
608 break;
609 }
610 String oidString = alias.substring(index);
611 String stdAlgName = provider.getProperty(alias);
612 if (stdAlgName != null) {
613 stdAlgName = stdAlgName.toUpperCase(Locale.ENGLISH);
614 }
615 if (stdAlgName != null &&
616 tab.get(stdAlgName) == null) {
617 tab.put(stdAlgName, new ObjectIdentifier(oidString));
618 }
619 }
620 }
621 }
622 return tab;
623 }
624
625 /*****************************************************************/
626
627 /*
628 * HASHING ALGORITHMS
629 */
630
631 /**
632 * Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319.
633 * OID = 1.2.840.113549.2.2
634 */
635 public static final ObjectIdentifier MD2_oid =
636 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 2});
637
638 /**
639 * Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321.
640 * OID = 1.2.840.113549.2.5
641 */
642 public static final ObjectIdentifier MD5_oid =
643 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 5});
644
645 /**
646 * Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1.
647 * This is sometimes called "SHA", though that is often confusing since
648 * many people refer to FIPS 180 (which has an error) as defining SHA.
649 * OID = 1.3.14.3.2.26. Old SHA-0 OID: 1.3.14.3.2.18.
650 */
651 public static final ObjectIdentifier SHA_oid =
652 ObjectIdentifier.newInternal(new int[] {1, 3, 14, 3, 2, 26});
653
654 public static final ObjectIdentifier SHA224_oid =
655 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 4});
656
657 public static final ObjectIdentifier SHA256_oid =
658 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 1});
659
660 public static final ObjectIdentifier SHA384_oid =
661 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 2});
662
663 public static final ObjectIdentifier SHA512_oid =
664 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 3});
665
666 public static final ObjectIdentifier SHA512_224_oid =
667 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 5});
668
669 public static final ObjectIdentifier SHA512_256_oid =
670 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 6});
671
672 /*
673 * COMMON PUBLIC KEY TYPES
674 */
675 private static final int[] DH_data = { 1, 2, 840, 113549, 1, 3, 1 };
676 private static final int[] DH_PKIX_data = { 1, 2, 840, 10046, 2, 1 };
677 private static final int[] DSA_OIW_data = { 1, 3, 14, 3, 2, 12 };
678 private static final int[] DSA_PKIX_data = { 1, 2, 840, 10040, 4, 1 };
679 private static final int[] RSA_data = { 2, 5, 8, 1, 1 };
680
681 public static final ObjectIdentifier DH_oid;
682 public static final ObjectIdentifier DH_PKIX_oid;
683 public static final ObjectIdentifier DSA_oid;
684 public static final ObjectIdentifier DSA_OIW_oid;
685 public static final ObjectIdentifier EC_oid = oid(1, 2, 840, 10045, 2, 1);
686 public static final ObjectIdentifier ECDH_oid = oid(1, 3, 132, 1, 12);
687 public static final ObjectIdentifier RSA_oid;
688 public static final ObjectIdentifier RSAEncryption_oid =
689 oid(1, 2, 840, 113549, 1, 1, 1);
690 public static final ObjectIdentifier RSAES_OAEP_oid =
691 oid(1, 2, 840, 113549, 1, 1, 7);
692 public static final ObjectIdentifier RSASSA_PSS_oid =
693 oid(1, 2, 840, 113549, 1, 1, 10);
694
695 /*
696 * COMMON SECRET KEY TYPES
697 */
698 public static final ObjectIdentifier AES_oid =
699 oid(2, 16, 840, 1, 101, 3, 4, 1);
700
701 /*
702 * COMMON SIGNATURE ALGORITHMS
703 */
704 private static final int[] md2WithRSAEncryption_data =
705 { 1, 2, 840, 113549, 1, 1, 2 };
706 private static final int[] md5WithRSAEncryption_data =
707 { 1, 2, 840, 113549, 1, 1, 4 };
708 private static final int[] sha1WithRSAEncryption_data =
709 { 1, 2, 840, 113549, 1, 1, 5 };
710 private static final int[] sha1WithRSAEncryption_OIW_data =
711 { 1, 3, 14, 3, 2, 29 };
712 private static final int[] sha224WithRSAEncryption_data =
713 { 1, 2, 840, 113549, 1, 1, 14 };
714 private static final int[] sha256WithRSAEncryption_data =
715 { 1, 2, 840, 113549, 1, 1, 11 };
716 private static final int[] sha384WithRSAEncryption_data =
717 { 1, 2, 840, 113549, 1, 1, 12 };
718 private static final int[] sha512WithRSAEncryption_data =
719 { 1, 2, 840, 113549, 1, 1, 13 };
720
721 private static final int[] shaWithDSA_OIW_data =
722 { 1, 3, 14, 3, 2, 13 };
723 private static final int[] sha1WithDSA_OIW_data =
724 { 1, 3, 14, 3, 2, 27 };
725 private static final int[] dsaWithSHA1_PKIX_data =
726 { 1, 2, 840, 10040, 4, 3 };
727
728 public static final ObjectIdentifier md2WithRSAEncryption_oid;
729 public static final ObjectIdentifier md5WithRSAEncryption_oid;
730 public static final ObjectIdentifier sha1WithRSAEncryption_oid;
731 public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid;
732 public static final ObjectIdentifier sha224WithRSAEncryption_oid;
733 public static final ObjectIdentifier sha256WithRSAEncryption_oid;
734 public static final ObjectIdentifier sha384WithRSAEncryption_oid;
735 public static final ObjectIdentifier sha512WithRSAEncryption_oid;
736 public static final ObjectIdentifier sha512_224WithRSAEncryption_oid =
737 oid(1, 2, 840, 113549, 1, 1, 15);
738 public static final ObjectIdentifier sha512_256WithRSAEncryption_oid =
739 oid(1, 2, 840, 113549, 1, 1, 16);;
740
741 public static final ObjectIdentifier shaWithDSA_OIW_oid;
742 public static final ObjectIdentifier sha1WithDSA_OIW_oid;
743 public static final ObjectIdentifier sha1WithDSA_oid;
744 public static final ObjectIdentifier sha224WithDSA_oid =
745 oid(2, 16, 840, 1, 101, 3, 4, 3, 1);
746 public static final ObjectIdentifier sha256WithDSA_oid =
747 oid(2, 16, 840, 1, 101, 3, 4, 3, 2);
748
749 public static final ObjectIdentifier sha1WithECDSA_oid =
750 oid(1, 2, 840, 10045, 4, 1);
751 public static final ObjectIdentifier sha224WithECDSA_oid =
752 oid(1, 2, 840, 10045, 4, 3, 1);
753 public static final ObjectIdentifier sha256WithECDSA_oid =
754 oid(1, 2, 840, 10045, 4, 3, 2);
755 public static final ObjectIdentifier sha384WithECDSA_oid =
756 oid(1, 2, 840, 10045, 4, 3, 3);
757 public static final ObjectIdentifier sha512WithECDSA_oid =
758 oid(1, 2, 840, 10045, 4, 3, 4);
759 public static final ObjectIdentifier specifiedWithECDSA_oid =
760 oid(1, 2, 840, 10045, 4, 3);
761
762 /**
763 * Algorithm ID for the PBE encryption algorithms from PKCS#5 and
764 * PKCS#12.
765 */
766 public static final ObjectIdentifier pbeWithMD5AndDES_oid =
767 ObjectIdentifier.newInternal(new int[]{1, 2, 840, 113549, 1, 5, 3});
768 public static final ObjectIdentifier pbeWithMD5AndRC2_oid =
769 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 6});
770 public static final ObjectIdentifier pbeWithSHA1AndDES_oid =
771 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 10});
772 public static final ObjectIdentifier pbeWithSHA1AndRC2_oid =
773 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 11});
774 public static ObjectIdentifier pbeWithSHA1AndDESede_oid =
775 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 3});
776 public static ObjectIdentifier pbeWithSHA1AndRC2_40_oid =
777 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 6});
778
779 static {
780 /*
781 * Note the preferred OIDs are named simply with no "OIW" or
782 * "PKIX" in them, even though they may point to data from these
783 * specs; e.g. SHA_oid, DH_oid, DSA_oid, SHA1WithDSA_oid...
784 */
785 /**
786 * Algorithm ID for Diffie Hellman Key agreement, from PKCS #3.
787 * Parameters include public values P and G, and may optionally specify
788 * the length of the private key X. Alternatively, algorithm parameters
789 * may be derived from another source such as a Certificate Authority's
790 * certificate.
791 * OID = 1.2.840.113549.1.3.1
792 */
793 DH_oid = ObjectIdentifier.newInternal(DH_data);
794
795 /**
796 * Algorithm ID for the Diffie Hellman Key Agreement (DH), from RFC 3279.
797 * Parameters may include public values P and G.
798 * OID = 1.2.840.10046.2.1
799 */
800 DH_PKIX_oid = ObjectIdentifier.newInternal(DH_PKIX_data);
801
802 /**
803 * Algorithm ID for the Digital Signing Algorithm (DSA), from the
804 * NIST OIW Stable Agreements part 12.
805 * Parameters may include public values P, Q, and G; or these may be
806 * derived from
807 * another source such as a Certificate Authority's certificate.
808 * OID = 1.3.14.3.2.12
809 */
810 DSA_OIW_oid = ObjectIdentifier.newInternal(DSA_OIW_data);
811
812 /**
813 * Algorithm ID for the Digital Signing Algorithm (DSA), from RFC 3279.
814 * Parameters may include public values P, Q, and G; or these may be
815 * derived from another source such as a Certificate Authority's
816 * certificate.
817 * OID = 1.2.840.10040.4.1
818 */
819 DSA_oid = ObjectIdentifier.newInternal(DSA_PKIX_data);
820
821 /**
822 * Algorithm ID for RSA keys used for any purpose, as defined in X.509.
823 * The algorithm parameter is a single value, the number of bits in the
824 * public modulus.
825 * OID = 2.5.8.1.1
826 */
827 RSA_oid = ObjectIdentifier.newInternal(RSA_data);
828
829 /**
830 * Identifies a signing algorithm where an MD2 digest is encrypted
831 * using an RSA private key; defined in PKCS #1. Use of this
832 * signing algorithm is discouraged due to MD2 vulnerabilities.
833 * OID = 1.2.840.113549.1.1.2
834 */
835 md2WithRSAEncryption_oid =
836 ObjectIdentifier.newInternal(md2WithRSAEncryption_data);
837
838 /**
839 * Identifies a signing algorithm where an MD5 digest is
840 * encrypted using an RSA private key; defined in PKCS #1.
841 * OID = 1.2.840.113549.1.1.4
842 */
843 md5WithRSAEncryption_oid =
844 ObjectIdentifier.newInternal(md5WithRSAEncryption_data);
845
846 /**
847 * Identifies a signing algorithm where a SHA1 digest is
848 * encrypted using an RSA private key; defined by RSA DSI.
849 * OID = 1.2.840.113549.1.1.5
850 */
851 sha1WithRSAEncryption_oid =
852 ObjectIdentifier.newInternal(sha1WithRSAEncryption_data);
853
854 /**
855 * Identifies a signing algorithm where a SHA1 digest is
856 * encrypted using an RSA private key; defined in NIST OIW.
857 * OID = 1.3.14.3.2.29
858 */
859 sha1WithRSAEncryption_OIW_oid =
860 ObjectIdentifier.newInternal(sha1WithRSAEncryption_OIW_data);
861
862 /**
863 * Identifies a signing algorithm where a SHA224 digest is
864 * encrypted using an RSA private key; defined by PKCS #1.
865 * OID = 1.2.840.113549.1.1.14
866 */
867 sha224WithRSAEncryption_oid =
868 ObjectIdentifier.newInternal(sha224WithRSAEncryption_data);
869
870 /**
871 * Identifies a signing algorithm where a SHA256 digest is
872 * encrypted using an RSA private key; defined by PKCS #1.
873 * OID = 1.2.840.113549.1.1.11
874 */
875 sha256WithRSAEncryption_oid =
876 ObjectIdentifier.newInternal(sha256WithRSAEncryption_data);
877
878 /**
879 * Identifies a signing algorithm where a SHA384 digest is
880 * encrypted using an RSA private key; defined by PKCS #1.
881 * OID = 1.2.840.113549.1.1.12
882 */
883 sha384WithRSAEncryption_oid =
884 ObjectIdentifier.newInternal(sha384WithRSAEncryption_data);
885
886 /**
887 * Identifies a signing algorithm where a SHA512 digest is
888 * encrypted using an RSA private key; defined by PKCS #1.
889 * OID = 1.2.840.113549.1.1.13
890 */
891 sha512WithRSAEncryption_oid =
892 ObjectIdentifier.newInternal(sha512WithRSAEncryption_data);
893
894 /**
895 * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
896 * SHA digest is signed using the Digital Signing Algorithm (DSA).
897 * This should not be used.
898 * OID = 1.3.14.3.2.13
899 */
900 shaWithDSA_OIW_oid = ObjectIdentifier.newInternal(shaWithDSA_OIW_data);
901
902 /**
903 * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
904 * SHA1 digest is signed using the Digital Signing Algorithm (DSA).
905 * OID = 1.3.14.3.2.27
906 */
907 sha1WithDSA_OIW_oid = ObjectIdentifier.newInternal(sha1WithDSA_OIW_data);
908
909 /**
910 * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
911 * SHA1 digest is signed using the Digital Signing Algorithm (DSA).
912 * OID = 1.2.840.10040.4.3
913 */
914 sha1WithDSA_oid = ObjectIdentifier.newInternal(dsaWithSHA1_PKIX_data);
915
916 nameTable = new HashMap<>();
917 nameTable.put(MD5_oid, "MD5");
918 nameTable.put(MD2_oid, "MD2");
919 nameTable.put(SHA_oid, "SHA-1");
920 nameTable.put(SHA224_oid, "SHA-224");
921 nameTable.put(SHA256_oid, "SHA-256");
922 nameTable.put(SHA384_oid, "SHA-384");
923 nameTable.put(SHA512_oid, "SHA-512");
924 nameTable.put(SHA512_224_oid, "SHA-512/224");
925 nameTable.put(SHA512_256_oid, "SHA-512/256");
926 nameTable.put(RSAEncryption_oid, "RSA");
927 nameTable.put(RSA_oid, "RSA");
928 nameTable.put(DH_oid, "Diffie-Hellman");
929 nameTable.put(DH_PKIX_oid, "Diffie-Hellman");
930 nameTable.put(DSA_oid, "DSA");
931 nameTable.put(DSA_OIW_oid, "DSA");
932 nameTable.put(EC_oid, "EC");
933 nameTable.put(ECDH_oid, "ECDH");
934
935 nameTable.put(AES_oid, "AES");
936
937 nameTable.put(sha1WithECDSA_oid, "SHA1withECDSA");
938 nameTable.put(sha224WithECDSA_oid, "SHA224withECDSA");
939 nameTable.put(sha256WithECDSA_oid, "SHA256withECDSA");
940 nameTable.put(sha384WithECDSA_oid, "SHA384withECDSA");
941 nameTable.put(sha512WithECDSA_oid, "SHA512withECDSA");
942 nameTable.put(md5WithRSAEncryption_oid, "MD5withRSA");
943 nameTable.put(md2WithRSAEncryption_oid, "MD2withRSA");
944 nameTable.put(sha1WithDSA_oid, "SHA1withDSA");
945 nameTable.put(sha1WithDSA_OIW_oid, "SHA1withDSA");
946 nameTable.put(shaWithDSA_OIW_oid, "SHA1withDSA");
947 nameTable.put(sha224WithDSA_oid, "SHA224withDSA");
948 nameTable.put(sha256WithDSA_oid, "SHA256withDSA");
949 nameTable.put(sha1WithRSAEncryption_oid, "SHA1withRSA");
950 nameTable.put(sha1WithRSAEncryption_OIW_oid, "SHA1withRSA");
951 nameTable.put(sha224WithRSAEncryption_oid, "SHA224withRSA");
952 nameTable.put(sha256WithRSAEncryption_oid, "SHA256withRSA");
953 nameTable.put(sha384WithRSAEncryption_oid, "SHA384withRSA");
954 nameTable.put(sha512WithRSAEncryption_oid, "SHA512withRSA");
955 nameTable.put(sha512_224WithRSAEncryption_oid, "SHA512/224withRSA");
956 nameTable.put(sha512_256WithRSAEncryption_oid, "SHA512/256withRSA");
957 nameTable.put(RSASSA_PSS_oid, "RSASSA-PSS");
958 nameTable.put(RSAES_OAEP_oid, "RSAES-OAEP");
959
960 nameTable.put(pbeWithMD5AndDES_oid, "PBEWithMD5AndDES");
961 nameTable.put(pbeWithMD5AndRC2_oid, "PBEWithMD5AndRC2");
962 nameTable.put(pbeWithSHA1AndDES_oid, "PBEWithSHA1AndDES");
963 nameTable.put(pbeWithSHA1AndRC2_oid, "PBEWithSHA1AndRC2");
964 nameTable.put(pbeWithSHA1AndDESede_oid, "PBEWithSHA1AndDESede");
965 nameTable.put(pbeWithSHA1AndRC2_40_oid, "PBEWithSHA1AndRC2_40");
966 }
967
968 /**
969 * Creates a signature algorithm name from a digest algorithm
970 * name and a encryption algorithm name.
971 */
972 public static String makeSigAlg(String digAlg, String encAlg) {
973 digAlg = digAlg.replace("-", "");
974 if (encAlg.equalsIgnoreCase("EC")) encAlg = "ECDSA";
975
976 return digAlg + "with" + encAlg;
977 }
978
979 /**
980 * Extracts the encryption algorithm name from a signature
981 * algorithm name.
982 */
983 public static String getEncAlgFromSigAlg(String signatureAlgorithm) {
984 signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
985 int with = signatureAlgorithm.indexOf("WITH");
986 String keyAlgorithm = null;
987 if (with > 0) {
988 int and = signatureAlgorithm.indexOf("AND", with + 4);
989 if (and > 0) {
990 keyAlgorithm = signatureAlgorithm.substring(with + 4, and);
991 } else {
992 keyAlgorithm = signatureAlgorithm.substring(with + 4);
993 }
994 if (keyAlgorithm.equalsIgnoreCase("ECDSA")) {
995 keyAlgorithm = "EC";
996 }
997 }
998 return keyAlgorithm;
999 }
1000
1001 /**
1002 * Extracts the digest algorithm name from a signature
1003 * algorithm name.
1004 */
1005 public static String getDigAlgFromSigAlg(String signatureAlgorithm) {
1006 signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
1007 int with = signatureAlgorithm.indexOf("WITH");
1008 if (with > 0) {
1009 return signatureAlgorithm.substring(0, with);
1010 }
1011 return null;
1012 }
1013
1014 /**
1015 * Checks if a signature algorithm matches a key algorithm, i.e. a
1016 * signature can be initialized with a key.
1017 *
1018 * @param kAlg must not be null
1019 * @param sAlg must not be null
1020 * @throws IllegalArgumentException if they do not match
1021 */
1022 public static void checkKeyAndSigAlgMatch(String kAlg, String sAlg) {
1023 String sAlgUp = sAlg.toUpperCase(Locale.US);
1024 if ((sAlgUp.endsWith("WITHRSA") && !kAlg.equalsIgnoreCase("RSA")) ||
1025 (sAlgUp.endsWith("WITHECDSA") && !kAlg.equalsIgnoreCase("EC")) ||
1026 (sAlgUp.endsWith("WITHDSA") && !kAlg.equalsIgnoreCase("DSA"))) {
1027 throw new IllegalArgumentException(
1028 "key algorithm not compatible with signature algorithm");
1029 }
1030 }
1031
1032 /**
1033 * Returns the default signature algorithm for a private key. The digest
1034 * part might evolve with time. Remember to update the spec of
1035 * {@link jdk.security.jarsigner.JarSigner.Builder#getDefaultSignatureAlgorithm(PrivateKey)}
1036 * if updated.
1037 *
1038 * @param k cannot be null
1039 * @return the default alg, might be null if unsupported
1040 */
1041 public static String getDefaultSigAlgForKey(PrivateKey k) {
1042 switch (k.getAlgorithm().toUpperCase(Locale.ENGLISH)) {
1043 case "EC":
1044 return ecStrength(KeyUtil.getKeySize(k))
1045 + "withECDSA";
1046 case "DSA":
1047 return ifcFfcStrength(KeyUtil.getKeySize(k))
1048 + "withDSA";
1049 case "RSA":
1050 return ifcFfcStrength(KeyUtil.getKeySize(k))
1051 + "withRSA";
1052 default:
1053 return null;
1054 }
1055 }
1056
1057 // Values from SP800-57 part 1 rev 4 tables 2 and 3
1058 private static String ecStrength (int bitLength) {
1059 if (bitLength >= 512) { // 256 bits of strength
1060 return "SHA512";
1061 } else if (bitLength >= 384) { // 192 bits of strength
1062 return "SHA384";
1063 } else { // 128 bits of strength and less
1064 return "SHA256";
1065 }
1066 }
1067
1068 // Same values for RSA and DSA
1069 private static String ifcFfcStrength (int bitLength) {
1070 if (bitLength > 7680) { // 256 bits
1071 return "SHA512";
1072 } else if (bitLength > 3072) { // 192 bits
1073 return "SHA384";
1074 } else { // 128 bits and less
1075 return "SHA256";
1076 }
1077 }
1078 }