1 /* 2 * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.x509; 27 28 import java.io.*; 29 import java.util.*; 30 import java.security.*; 31 32 import sun.security.util.*; 33 34 35 /** 36 * This class identifies algorithms, such as cryptographic transforms, each 37 * of which may be associated with parameters. Instances of this base class 38 * are used when this runtime environment has no special knowledge of the 39 * algorithm type, and may also be used in other cases. Equivalence is 40 * defined according to OID and (where relevant) parameters. 41 * 42 * <P>Subclasses may be used, for example when the algorithm ID has 43 * associated parameters which some code (e.g. code using public keys) needs 44 * to have parsed. Two examples of such algorithms are Diffie-Hellman key 45 * exchange, and the Digital Signature Standard Algorithm (DSS/DSA). 46 * 47 * <P>The OID constants defined in this class correspond to some widely 48 * used algorithms, for which conventional string names have been defined. 49 * This class is not a general repository for OIDs, or for such string names. 50 * Note that the mappings between algorithm IDs and algorithm names is 51 * not one-to-one. 52 * 53 * 54 * @author David Brownell 55 * @author Amit Kapoor 56 * @author Hemma Prafullchandra 57 */ 58 public class AlgorithmId implements Serializable, DerEncoder { 59 60 /** use serialVersionUID from JDK 1.1. for interoperability */ 61 private static final long serialVersionUID = 7205873507486557157L; 62 63 /** 64 * The object identitifer being used for this algorithm. 65 */ 66 private ObjectIdentifier algid; 67 68 // The (parsed) parameters 69 private AlgorithmParameters algParams; 70 private boolean constructedFromDer = true; 71 72 /** 73 * Parameters for this algorithm. These are stored in unparsed 74 * DER-encoded form; subclasses can be made to automaticaly parse 75 * them so there is fast access to these parameters. 76 */ 77 protected DerValue params; 78 79 80 /** 81 * Constructs an algorithm ID which will be initialized 82 * separately, for example by deserialization. 83 * @deprecated use one of the other constructors. 84 */ 85 @Deprecated 86 public AlgorithmId() { } 87 88 /** 89 * Constructs a parameterless algorithm ID. 90 * 91 * @param oid the identifier for the algorithm 92 */ 93 public AlgorithmId(ObjectIdentifier oid) { 94 algid = oid; 95 } 96 97 /** 98 * Constructs an algorithm ID with algorithm parameters. 99 * 100 * @param oid the identifier for the algorithm. 101 * @param algparams the associated algorithm parameters. 102 */ 103 public AlgorithmId(ObjectIdentifier oid, AlgorithmParameters algparams) { 104 algid = oid; 105 algParams = algparams; 106 constructedFromDer = false; 107 } 108 109 private AlgorithmId(ObjectIdentifier oid, DerValue params) 110 throws IOException { 111 this.algid = oid; 112 this.params = params; 113 if (this.params != null) { 114 decodeParams(); 115 } 116 } 117 118 protected void decodeParams() throws IOException { 119 String algidString = algid.toString(); 120 try { 121 algParams = AlgorithmParameters.getInstance(algidString); 122 } catch (NoSuchAlgorithmException e) { 123 /* 124 * This algorithm parameter type is not supported, so we cannot 125 * parse the parameters. 126 */ 127 algParams = null; 128 return; 129 } 130 131 // Decode (parse) the parameters 132 algParams.init(params.toByteArray()); 133 } 134 135 /** 136 * Marshal a DER-encoded "AlgorithmID" sequence on the DER stream. 137 */ 138 public final void encode(DerOutputStream out) throws IOException { 139 derEncode(out); 140 } 141 142 /** 143 * DER encode this object onto an output stream. 144 * Implements the <code>DerEncoder</code> interface. 145 * 146 * @param out 147 * the output stream on which to write the DER encoding. 148 * 149 * @exception IOException on encoding error. 150 */ 151 public void derEncode (OutputStream out) throws IOException { 152 DerOutputStream bytes = new DerOutputStream(); 153 DerOutputStream tmp = new DerOutputStream(); 154 155 bytes.putOID(algid); 156 // Setup params from algParams since no DER encoding is given 157 if (constructedFromDer == false) { 158 if (algParams != null) { 159 params = new DerValue(algParams.getEncoded()); 160 } else { 161 params = null; 162 } 163 } 164 if (params == null) { 165 // Changes backed out for compatibility with Solaris 166 167 // Several AlgorithmId should omit the whole parameter part when 168 // it's NULL. They are --- 169 // rfc3370 2.1: Implementations SHOULD generate SHA-1 170 // AlgorithmIdentifiers with absent parameters. 171 // rfc3447 C1: When id-sha1, id-sha224, id-sha256, id-sha384 and 172 // id-sha512 are used in an AlgorithmIdentifier the parameters 173 // (which are optional) SHOULD be omitted. 174 // rfc3279 2.3.2: The id-dsa algorithm syntax includes optional 175 // domain parameters... When omitted, the parameters component 176 // MUST be omitted entirely 177 // rfc3370 3.1: When the id-dsa-with-sha1 algorithm identifier 178 // is used, the AlgorithmIdentifier parameters field MUST be absent. 179 /*if ( 180 algid.equals((Object)SHA_oid) || 181 algid.equals((Object)SHA224_oid) || 182 algid.equals((Object)SHA256_oid) || 183 algid.equals((Object)SHA384_oid) || 184 algid.equals((Object)SHA512_oid) || 185 algid.equals((Object)DSA_oid) || 186 algid.equals((Object)sha1WithDSA_oid)) { 187 ; // no parameter part encoded 188 } else { 189 bytes.putNull(); 190 }*/ 191 bytes.putNull(); 192 } else { 193 bytes.putDerValue(params); 194 } 195 tmp.write(DerValue.tag_Sequence, bytes); 196 out.write(tmp.toByteArray()); 197 } 198 199 200 /** 201 * Returns the DER-encoded X.509 AlgorithmId as a byte array. 202 */ 203 public final byte[] encode() throws IOException { 204 DerOutputStream out = new DerOutputStream(); 205 derEncode(out); 206 return out.toByteArray(); 207 } 208 209 /** 210 * Returns the ISO OID for this algorithm. This is usually converted 211 * to a string and used as part of an algorithm name, for example 212 * "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code> 213 * call when you do not need to ensure cross-system portability 214 * of algorithm names, or need a user friendly name. 215 */ 216 public final ObjectIdentifier getOID () { 217 return algid; 218 } 219 220 /** 221 * Returns a name for the algorithm which may be more intelligible 222 * to humans than the algorithm's OID, but which won't necessarily 223 * be comprehensible on other systems. For example, this might 224 * return a name such as "MD5withRSA" for a signature algorithm on 225 * some systems. It also returns names like "OID.1.2.3.4", when 226 * no particular name for the algorithm is known. 227 */ 228 public String getName() { 229 String algName = nameTable.get(algid); 230 if (algName != null) { 231 return algName; 232 } 233 if ((params != null) && algid.equals((Object)specifiedWithECDSA_oid)) { 234 try { 235 AlgorithmId paramsId = 236 AlgorithmId.parse(new DerValue(getEncodedParams())); 237 String paramsName = paramsId.getName(); 238 algName = makeSigAlg(paramsName, "EC"); 239 } catch (IOException e) { 240 // ignore 241 } 242 } 243 return (algName == null) ? algid.toString() : algName; 244 } 245 246 public AlgorithmParameters getParameters() { 247 return algParams; 248 } 249 250 /** 251 * Returns the DER encoded parameter, which can then be 252 * used to initialize java.security.AlgorithmParamters. 253 * 254 * @return DER encoded parameters, or null not present. 255 */ 256 public byte[] getEncodedParams() throws IOException { 257 return (params == null) ? null : params.toByteArray(); 258 } 259 260 /** 261 * Returns true iff the argument indicates the same algorithm 262 * with the same parameters. 263 */ 264 public boolean equals(AlgorithmId other) { 265 boolean paramsEqual = 266 (params == null ? other.params == null : params.equals(other.params)); 267 return (algid.equals((Object)other.algid) && paramsEqual); 268 } 269 270 /** 271 * Compares this AlgorithmID to another. If algorithm parameters are 272 * available, they are compared. Otherwise, just the object IDs 273 * for the algorithm are compared. 274 * 275 * @param other preferably an AlgorithmId, else an ObjectIdentifier 276 */ 277 public boolean equals(Object other) { 278 if (this == other) { 279 return true; 280 } 281 if (other instanceof AlgorithmId) { 282 return equals((AlgorithmId) other); 283 } else if (other instanceof ObjectIdentifier) { 284 return equals((ObjectIdentifier) other); 285 } else { 286 return false; 287 } 288 } 289 290 /** 291 * Compares two algorithm IDs for equality. Returns true iff 292 * they are the same algorithm, ignoring algorithm parameters. 293 */ 294 public final boolean equals(ObjectIdentifier id) { 295 return algid.equals((Object)id); 296 } 297 298 /** 299 * Returns a hashcode for this AlgorithmId. 300 * 301 * @return a hashcode for this AlgorithmId. 302 */ 303 public int hashCode() { 304 StringBuilder sbuf = new StringBuilder(); 305 sbuf.append(algid.toString()); 306 sbuf.append(paramsToString()); 307 return sbuf.toString().hashCode(); 308 } 309 310 /** 311 * Provides a human-readable description of the algorithm parameters. 312 * This may be redefined by subclasses which parse those parameters. 313 */ 314 protected String paramsToString() { 315 if (params == null) { 316 return ""; 317 } else if (algParams != null) { 318 return algParams.toString(); 319 } else { 320 return ", params unparsed"; 321 } 322 } 323 324 /** 325 * Returns a string describing the algorithm and its parameters. 326 */ 327 public String toString() { 328 return getName() + paramsToString(); 329 } 330 331 /** 332 * Parse (unmarshal) an ID from a DER sequence input value. This form 333 * parsing might be used when expanding a value which has already been 334 * partially unmarshaled as a set or sequence member. 335 * 336 * @exception IOException on error. 337 * @param val the input value, which contains the algid and, if 338 * there are any parameters, those parameters. 339 * @return an ID for the algorithm. If the system is configured 340 * appropriately, this may be an instance of a class 341 * with some kind of special support for this algorithm. 342 * In that case, you may "narrow" the type of the ID. 343 */ 344 public static AlgorithmId parse(DerValue val) throws IOException { 345 if (val.tag != DerValue.tag_Sequence) { 346 throw new IOException("algid parse error, not a sequence"); 347 } 348 349 /* 350 * Get the algorithm ID and any parameters. 351 */ 352 ObjectIdentifier algid; 353 DerValue params; 354 DerInputStream in = val.toDerInputStream(); 355 356 algid = in.getOID(); 357 if (in.available() == 0) { 358 params = null; 359 } else { 360 params = in.getDerValue(); 361 if (params.tag == DerValue.tag_Null) { 362 if (params.length() != 0) { 363 throw new IOException("invalid NULL"); 364 } 365 params = null; 366 } 367 if (in.available() != 0) { 368 throw new IOException("Invalid AlgorithmIdentifier: extra data"); 369 } 370 } 371 372 return new AlgorithmId(algid, params); 373 } 374 375 /** 376 * Returns one of the algorithm IDs most commonly associated 377 * with this algorithm name. 378 * 379 * @param algname the name being used 380 * @deprecated use the short get form of this method. 381 * @exception NoSuchAlgorithmException on error. 382 */ 383 @Deprecated 384 public static AlgorithmId getAlgorithmId(String algname) 385 throws NoSuchAlgorithmException { 386 return get(algname); 387 } 388 389 /** 390 * Returns one of the algorithm IDs most commonly associated 391 * with this algorithm name. 392 * 393 * @param algname the name being used 394 * @exception NoSuchAlgorithmException on error. 395 */ 396 public static AlgorithmId get(String algname) 397 throws NoSuchAlgorithmException { 398 ObjectIdentifier oid; 399 try { 400 oid = algOID(algname); 401 } catch (IOException ioe) { 402 throw new NoSuchAlgorithmException 403 ("Invalid ObjectIdentifier " + algname); 404 } 405 406 if (oid == null) { 407 throw new NoSuchAlgorithmException 408 ("unrecognized algorithm name: " + algname); 409 } 410 return new AlgorithmId(oid); 411 } 412 413 /** 414 * Returns one of the algorithm IDs most commonly associated 415 * with this algorithm parameters. 416 * 417 * @param algparams the associated algorithm parameters. 418 * @exception NoSuchAlgorithmException on error. 419 */ 420 public static AlgorithmId get(AlgorithmParameters algparams) 421 throws NoSuchAlgorithmException { 422 ObjectIdentifier oid; 423 String algname = algparams.getAlgorithm(); 424 try { 425 oid = algOID(algname); 426 } catch (IOException ioe) { 427 throw new NoSuchAlgorithmException 428 ("Invalid ObjectIdentifier " + algname); 429 } 430 if (oid == null) { 431 throw new NoSuchAlgorithmException 432 ("unrecognized algorithm name: " + algname); 433 } 434 return new AlgorithmId(oid, algparams); 435 } 436 437 /* 438 * Translates from some common algorithm names to the 439 * OID with which they're usually associated ... this mapping 440 * is the reverse of the one below, except in those cases 441 * where synonyms are supported or where a given algorithm 442 * is commonly associated with multiple OIDs. 443 * 444 * XXX This method needs to be enhanced so that we can also pass the 445 * scope of the algorithm name to it, e.g., the algorithm name "DSA" 446 * may have a different OID when used as a "Signature" algorithm than when 447 * used as a "KeyPairGenerator" algorithm. 448 */ 449 private static ObjectIdentifier algOID(String name) throws IOException { 450 // See if algname is in printable OID ("dot-dot") notation 451 if (name.indexOf('.') != -1) { 452 if (name.startsWith("OID.")) { 453 return new ObjectIdentifier(name.substring("OID.".length())); 454 } else { 455 return new ObjectIdentifier(name); 456 } 457 } 458 459 // Digesting algorithms 460 if (name.equalsIgnoreCase("MD5")) { 461 return AlgorithmId.MD5_oid; 462 } 463 if (name.equalsIgnoreCase("MD2")) { 464 return AlgorithmId.MD2_oid; 465 } 466 if (name.equalsIgnoreCase("SHA") || name.equalsIgnoreCase("SHA1") 467 || name.equalsIgnoreCase("SHA-1")) { 468 return AlgorithmId.SHA_oid; 469 } 470 if (name.equalsIgnoreCase("SHA-256") || 471 name.equalsIgnoreCase("SHA256")) { 472 return AlgorithmId.SHA256_oid; 473 } 474 if (name.equalsIgnoreCase("SHA-384") || 475 name.equalsIgnoreCase("SHA384")) { 476 return AlgorithmId.SHA384_oid; 477 } 478 if (name.equalsIgnoreCase("SHA-512") || 479 name.equalsIgnoreCase("SHA512")) { 480 return AlgorithmId.SHA512_oid; 481 } 482 if (name.equalsIgnoreCase("SHA-224") || 483 name.equalsIgnoreCase("SHA224")) { 484 return AlgorithmId.SHA224_oid; 485 } 486 487 // Various public key algorithms 488 if (name.equalsIgnoreCase("RSA")) { 489 return AlgorithmId.RSAEncryption_oid; 490 } 491 if (name.equalsIgnoreCase("Diffie-Hellman") 492 || name.equalsIgnoreCase("DH")) { 493 return AlgorithmId.DH_oid; 494 } 495 if (name.equalsIgnoreCase("DSA")) { 496 return AlgorithmId.DSA_oid; 497 } 498 if (name.equalsIgnoreCase("EC")) { 499 return EC_oid; 500 } 501 if (name.equalsIgnoreCase("ECDH")) { 502 return AlgorithmId.ECDH_oid; 503 } 504 505 // Secret key algorithms 506 if (name.equalsIgnoreCase("AES")) { 507 return AlgorithmId.AES_oid; 508 } 509 510 // Common signature types 511 if (name.equalsIgnoreCase("MD5withRSA") 512 || name.equalsIgnoreCase("MD5/RSA")) { 513 return AlgorithmId.md5WithRSAEncryption_oid; 514 } 515 if (name.equalsIgnoreCase("MD2withRSA") 516 || name.equalsIgnoreCase("MD2/RSA")) { 517 return AlgorithmId.md2WithRSAEncryption_oid; 518 } 519 if (name.equalsIgnoreCase("SHAwithDSA") 520 || name.equalsIgnoreCase("SHA1withDSA") 521 || name.equalsIgnoreCase("SHA/DSA") 522 || name.equalsIgnoreCase("SHA1/DSA") 523 || name.equalsIgnoreCase("DSAWithSHA1") 524 || name.equalsIgnoreCase("DSS") 525 || name.equalsIgnoreCase("SHA-1/DSA")) { 526 return AlgorithmId.sha1WithDSA_oid; 527 } 528 if (name.equalsIgnoreCase("SHA224WithDSA")) { 529 return AlgorithmId.sha224WithDSA_oid; 530 } 531 if (name.equalsIgnoreCase("SHA256WithDSA")) { 532 return AlgorithmId.sha256WithDSA_oid; 533 } 534 if (name.equalsIgnoreCase("SHA1WithRSA") 535 || name.equalsIgnoreCase("SHA1/RSA")) { 536 return AlgorithmId.sha1WithRSAEncryption_oid; 537 } 538 if (name.equalsIgnoreCase("SHA1withECDSA") 539 || name.equalsIgnoreCase("ECDSA")) { 540 return AlgorithmId.sha1WithECDSA_oid; 541 } 542 if (name.equalsIgnoreCase("SHA224withECDSA")) { 543 return AlgorithmId.sha224WithECDSA_oid; 544 } 545 if (name.equalsIgnoreCase("SHA256withECDSA")) { 546 return AlgorithmId.sha256WithECDSA_oid; 547 } 548 if (name.equalsIgnoreCase("SHA384withECDSA")) { 549 return AlgorithmId.sha384WithECDSA_oid; 550 } 551 if (name.equalsIgnoreCase("SHA512withECDSA")) { 552 return AlgorithmId.sha512WithECDSA_oid; 553 } 554 555 return oidTable().get(name.toUpperCase(Locale.ENGLISH)); 556 } 557 558 private static ObjectIdentifier oid(int ... values) { 559 return ObjectIdentifier.newInternal(values); 560 } 561 562 private static volatile Map<String,ObjectIdentifier> oidTable; 563 private static final Map<ObjectIdentifier,String> nameTable; 564 565 /** Returns the oidTable, lazily initializing it on first access. */ 566 private static Map<String,ObjectIdentifier> oidTable() 567 throws IOException { 568 // Double checked locking; safe because oidTable is volatile 569 Map<String,ObjectIdentifier> tab; 570 if ((tab = oidTable) == null) { 571 synchronized (AlgorithmId.class) { 572 if ((tab = oidTable) == null) 573 oidTable = tab = computeOidTable(); 574 } 575 } 576 return tab; 577 } 578 579 /** Collects the algorithm names from the installed providers. */ 580 private static HashMap<String,ObjectIdentifier> computeOidTable() 581 throws IOException { 582 HashMap<String,ObjectIdentifier> tab = new HashMap<>(); 583 for (Provider provider : Security.getProviders()) { 584 for (Object key : provider.keySet()) { 585 String alias = (String)key; 586 String upperCaseAlias = alias.toUpperCase(Locale.ENGLISH); 587 int index; 588 if (upperCaseAlias.startsWith("ALG.ALIAS") && 589 (index=upperCaseAlias.indexOf("OID.", 0)) != -1) { 590 index += "OID.".length(); 591 if (index == alias.length()) { 592 // invalid alias entry 593 break; 594 } 595 String oidString = alias.substring(index); 596 String stdAlgName = provider.getProperty(alias); 597 if (stdAlgName != null) { 598 stdAlgName = stdAlgName.toUpperCase(Locale.ENGLISH); 599 } 600 if (stdAlgName != null && 601 tab.get(stdAlgName) == null) { 602 tab.put(stdAlgName, new ObjectIdentifier(oidString)); 603 } 604 } 605 } 606 } 607 return tab; 608 } 609 610 /*****************************************************************/ 611 612 /* 613 * HASHING ALGORITHMS 614 */ 615 616 /** 617 * Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319. 618 * OID = 1.2.840.113549.2.2 619 */ 620 public static final ObjectIdentifier MD2_oid = 621 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 2}); 622 623 /** 624 * Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321. 625 * OID = 1.2.840.113549.2.5 626 */ 627 public static final ObjectIdentifier MD5_oid = 628 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 5}); 629 630 /** 631 * Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1. 632 * This is sometimes called "SHA", though that is often confusing since 633 * many people refer to FIPS 180 (which has an error) as defining SHA. 634 * OID = 1.3.14.3.2.26. Old SHA-0 OID: 1.3.14.3.2.18. 635 */ 636 public static final ObjectIdentifier SHA_oid = 637 ObjectIdentifier.newInternal(new int[] {1, 3, 14, 3, 2, 26}); 638 639 public static final ObjectIdentifier SHA224_oid = 640 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 4}); 641 642 public static final ObjectIdentifier SHA256_oid = 643 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 1}); 644 645 public static final ObjectIdentifier SHA384_oid = 646 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 2}); 647 648 public static final ObjectIdentifier SHA512_oid = 649 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 3}); 650 651 /* 652 * COMMON PUBLIC KEY TYPES 653 */ 654 private static final int[] DH_data = { 1, 2, 840, 113549, 1, 3, 1 }; 655 private static final int[] DH_PKIX_data = { 1, 2, 840, 10046, 2, 1 }; 656 private static final int[] DSA_OIW_data = { 1, 3, 14, 3, 2, 12 }; 657 private static final int[] DSA_PKIX_data = { 1, 2, 840, 10040, 4, 1 }; 658 private static final int[] RSA_data = { 2, 5, 8, 1, 1 }; 659 private static final int[] RSAEncryption_data = 660 { 1, 2, 840, 113549, 1, 1, 1 }; 661 662 public static final ObjectIdentifier DH_oid; 663 public static final ObjectIdentifier DH_PKIX_oid; 664 public static final ObjectIdentifier DSA_oid; 665 public static final ObjectIdentifier DSA_OIW_oid; 666 public static final ObjectIdentifier EC_oid = oid(1, 2, 840, 10045, 2, 1); 667 public static final ObjectIdentifier ECDH_oid = oid(1, 3, 132, 1, 12); 668 public static final ObjectIdentifier RSA_oid; 669 public static final ObjectIdentifier RSAEncryption_oid; 670 671 /* 672 * COMMON SECRET KEY TYPES 673 */ 674 public static final ObjectIdentifier AES_oid = 675 oid(2, 16, 840, 1, 101, 3, 4, 1); 676 677 /* 678 * COMMON SIGNATURE ALGORITHMS 679 */ 680 private static final int[] md2WithRSAEncryption_data = 681 { 1, 2, 840, 113549, 1, 1, 2 }; 682 private static final int[] md5WithRSAEncryption_data = 683 { 1, 2, 840, 113549, 1, 1, 4 }; 684 private static final int[] sha1WithRSAEncryption_data = 685 { 1, 2, 840, 113549, 1, 1, 5 }; 686 private static final int[] sha1WithRSAEncryption_OIW_data = 687 { 1, 3, 14, 3, 2, 29 }; 688 private static final int[] sha224WithRSAEncryption_data = 689 { 1, 2, 840, 113549, 1, 1, 14 }; 690 private static final int[] sha256WithRSAEncryption_data = 691 { 1, 2, 840, 113549, 1, 1, 11 }; 692 private static final int[] sha384WithRSAEncryption_data = 693 { 1, 2, 840, 113549, 1, 1, 12 }; 694 private static final int[] sha512WithRSAEncryption_data = 695 { 1, 2, 840, 113549, 1, 1, 13 }; 696 private static final int[] shaWithDSA_OIW_data = 697 { 1, 3, 14, 3, 2, 13 }; 698 private static final int[] sha1WithDSA_OIW_data = 699 { 1, 3, 14, 3, 2, 27 }; 700 private static final int[] dsaWithSHA1_PKIX_data = 701 { 1, 2, 840, 10040, 4, 3 }; 702 703 public static final ObjectIdentifier md2WithRSAEncryption_oid; 704 public static final ObjectIdentifier md5WithRSAEncryption_oid; 705 public static final ObjectIdentifier sha1WithRSAEncryption_oid; 706 public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid; 707 public static final ObjectIdentifier sha224WithRSAEncryption_oid; 708 public static final ObjectIdentifier sha256WithRSAEncryption_oid; 709 public static final ObjectIdentifier sha384WithRSAEncryption_oid; 710 public static final ObjectIdentifier sha512WithRSAEncryption_oid; 711 public static final ObjectIdentifier shaWithDSA_OIW_oid; 712 public static final ObjectIdentifier sha1WithDSA_OIW_oid; 713 public static final ObjectIdentifier sha1WithDSA_oid; 714 public static final ObjectIdentifier sha224WithDSA_oid = 715 oid(2, 16, 840, 1, 101, 3, 4, 3, 1); 716 public static final ObjectIdentifier sha256WithDSA_oid = 717 oid(2, 16, 840, 1, 101, 3, 4, 3, 2); 718 719 public static final ObjectIdentifier sha1WithECDSA_oid = 720 oid(1, 2, 840, 10045, 4, 1); 721 public static final ObjectIdentifier sha224WithECDSA_oid = 722 oid(1, 2, 840, 10045, 4, 3, 1); 723 public static final ObjectIdentifier sha256WithECDSA_oid = 724 oid(1, 2, 840, 10045, 4, 3, 2); 725 public static final ObjectIdentifier sha384WithECDSA_oid = 726 oid(1, 2, 840, 10045, 4, 3, 3); 727 public static final ObjectIdentifier sha512WithECDSA_oid = 728 oid(1, 2, 840, 10045, 4, 3, 4); 729 public static final ObjectIdentifier specifiedWithECDSA_oid = 730 oid(1, 2, 840, 10045, 4, 3); 731 732 /** 733 * Algorithm ID for the PBE encryption algorithms from PKCS#5 and 734 * PKCS#12. 735 */ 736 public static final ObjectIdentifier pbeWithMD5AndDES_oid = 737 ObjectIdentifier.newInternal(new int[]{1, 2, 840, 113549, 1, 5, 3}); 738 public static final ObjectIdentifier pbeWithMD5AndRC2_oid = 739 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 6}); 740 public static final ObjectIdentifier pbeWithSHA1AndDES_oid = 741 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 10}); 742 public static final ObjectIdentifier pbeWithSHA1AndRC2_oid = 743 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 11}); 744 public static ObjectIdentifier pbeWithSHA1AndDESede_oid = 745 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 3}); 746 public static ObjectIdentifier pbeWithSHA1AndRC2_40_oid = 747 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 6}); 748 749 static { 750 /* 751 * Note the preferred OIDs are named simply with no "OIW" or 752 * "PKIX" in them, even though they may point to data from these 753 * specs; e.g. SHA_oid, DH_oid, DSA_oid, SHA1WithDSA_oid... 754 */ 755 /** 756 * Algorithm ID for Diffie Hellman Key agreement, from PKCS #3. 757 * Parameters include public values P and G, and may optionally specify 758 * the length of the private key X. Alternatively, algorithm parameters 759 * may be derived from another source such as a Certificate Authority's 760 * certificate. 761 * OID = 1.2.840.113549.1.3.1 762 */ 763 DH_oid = ObjectIdentifier.newInternal(DH_data); 764 765 /** 766 * Algorithm ID for the Diffie Hellman Key Agreement (DH), from RFC 3279. 767 * Parameters may include public values P and G. 768 * OID = 1.2.840.10046.2.1 769 */ 770 DH_PKIX_oid = ObjectIdentifier.newInternal(DH_PKIX_data); 771 772 /** 773 * Algorithm ID for the Digital Signing Algorithm (DSA), from the 774 * NIST OIW Stable Agreements part 12. 775 * Parameters may include public values P, Q, and G; or these may be 776 * derived from 777 * another source such as a Certificate Authority's certificate. 778 * OID = 1.3.14.3.2.12 779 */ 780 DSA_OIW_oid = ObjectIdentifier.newInternal(DSA_OIW_data); 781 782 /** 783 * Algorithm ID for the Digital Signing Algorithm (DSA), from RFC 3279. 784 * Parameters may include public values P, Q, and G; or these may be 785 * derived from another source such as a Certificate Authority's 786 * certificate. 787 * OID = 1.2.840.10040.4.1 788 */ 789 DSA_oid = ObjectIdentifier.newInternal(DSA_PKIX_data); 790 791 /** 792 * Algorithm ID for RSA keys used for any purpose, as defined in X.509. 793 * The algorithm parameter is a single value, the number of bits in the 794 * public modulus. 795 * OID = 2.5.8.1.1 796 */ 797 RSA_oid = ObjectIdentifier.newInternal(RSA_data); 798 799 /** 800 * Algorithm ID for RSA keys used with RSA encryption, as defined 801 * in PKCS #1. There are no parameters associated with this algorithm. 802 * OID = 1.2.840.113549.1.1.1 803 */ 804 RSAEncryption_oid = ObjectIdentifier.newInternal(RSAEncryption_data); 805 806 /** 807 * Identifies a signing algorithm where an MD2 digest is encrypted 808 * using an RSA private key; defined in PKCS #1. Use of this 809 * signing algorithm is discouraged due to MD2 vulnerabilities. 810 * OID = 1.2.840.113549.1.1.2 811 */ 812 md2WithRSAEncryption_oid = 813 ObjectIdentifier.newInternal(md2WithRSAEncryption_data); 814 815 /** 816 * Identifies a signing algorithm where an MD5 digest is 817 * encrypted using an RSA private key; defined in PKCS #1. 818 * OID = 1.2.840.113549.1.1.4 819 */ 820 md5WithRSAEncryption_oid = 821 ObjectIdentifier.newInternal(md5WithRSAEncryption_data); 822 823 /** 824 * Identifies a signing algorithm where a SHA1 digest is 825 * encrypted using an RSA private key; defined by RSA DSI. 826 * OID = 1.2.840.113549.1.1.5 827 */ 828 sha1WithRSAEncryption_oid = 829 ObjectIdentifier.newInternal(sha1WithRSAEncryption_data); 830 831 /** 832 * Identifies a signing algorithm where a SHA1 digest is 833 * encrypted using an RSA private key; defined in NIST OIW. 834 * OID = 1.3.14.3.2.29 835 */ 836 sha1WithRSAEncryption_OIW_oid = 837 ObjectIdentifier.newInternal(sha1WithRSAEncryption_OIW_data); 838 839 /** 840 * Identifies a signing algorithm where a SHA224 digest is 841 * encrypted using an RSA private key; defined by PKCS #1. 842 * OID = 1.2.840.113549.1.1.14 843 */ 844 sha224WithRSAEncryption_oid = 845 ObjectIdentifier.newInternal(sha224WithRSAEncryption_data); 846 847 /** 848 * Identifies a signing algorithm where a SHA256 digest is 849 * encrypted using an RSA private key; defined by PKCS #1. 850 * OID = 1.2.840.113549.1.1.11 851 */ 852 sha256WithRSAEncryption_oid = 853 ObjectIdentifier.newInternal(sha256WithRSAEncryption_data); 854 855 /** 856 * Identifies a signing algorithm where a SHA384 digest is 857 * encrypted using an RSA private key; defined by PKCS #1. 858 * OID = 1.2.840.113549.1.1.12 859 */ 860 sha384WithRSAEncryption_oid = 861 ObjectIdentifier.newInternal(sha384WithRSAEncryption_data); 862 863 /** 864 * Identifies a signing algorithm where a SHA512 digest is 865 * encrypted using an RSA private key; defined by PKCS #1. 866 * OID = 1.2.840.113549.1.1.13 867 */ 868 sha512WithRSAEncryption_oid = 869 ObjectIdentifier.newInternal(sha512WithRSAEncryption_data); 870 871 /** 872 * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a 873 * SHA digest is signed using the Digital Signing Algorithm (DSA). 874 * This should not be used. 875 * OID = 1.3.14.3.2.13 876 */ 877 shaWithDSA_OIW_oid = ObjectIdentifier.newInternal(shaWithDSA_OIW_data); 878 879 /** 880 * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a 881 * SHA1 digest is signed using the Digital Signing Algorithm (DSA). 882 * OID = 1.3.14.3.2.27 883 */ 884 sha1WithDSA_OIW_oid = ObjectIdentifier.newInternal(sha1WithDSA_OIW_data); 885 886 /** 887 * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a 888 * SHA1 digest is signed using the Digital Signing Algorithm (DSA). 889 * OID = 1.2.840.10040.4.3 890 */ 891 sha1WithDSA_oid = ObjectIdentifier.newInternal(dsaWithSHA1_PKIX_data); 892 893 nameTable = new HashMap<>(); 894 nameTable.put(MD5_oid, "MD5"); 895 nameTable.put(MD2_oid, "MD2"); 896 nameTable.put(SHA_oid, "SHA-1"); 897 nameTable.put(SHA224_oid, "SHA-224"); 898 nameTable.put(SHA256_oid, "SHA-256"); 899 nameTable.put(SHA384_oid, "SHA-384"); 900 nameTable.put(SHA512_oid, "SHA-512"); 901 nameTable.put(RSAEncryption_oid, "RSA"); 902 nameTable.put(RSA_oid, "RSA"); 903 nameTable.put(DH_oid, "Diffie-Hellman"); 904 nameTable.put(DH_PKIX_oid, "Diffie-Hellman"); 905 nameTable.put(DSA_oid, "DSA"); 906 nameTable.put(DSA_OIW_oid, "DSA"); 907 nameTable.put(EC_oid, "EC"); 908 nameTable.put(ECDH_oid, "ECDH"); 909 910 nameTable.put(AES_oid, "AES"); 911 912 nameTable.put(sha1WithECDSA_oid, "SHA1withECDSA"); 913 nameTable.put(sha224WithECDSA_oid, "SHA224withECDSA"); 914 nameTable.put(sha256WithECDSA_oid, "SHA256withECDSA"); 915 nameTable.put(sha384WithECDSA_oid, "SHA384withECDSA"); 916 nameTable.put(sha512WithECDSA_oid, "SHA512withECDSA"); 917 nameTable.put(md5WithRSAEncryption_oid, "MD5withRSA"); 918 nameTable.put(md2WithRSAEncryption_oid, "MD2withRSA"); 919 nameTable.put(sha1WithDSA_oid, "SHA1withDSA"); 920 nameTable.put(sha1WithDSA_OIW_oid, "SHA1withDSA"); 921 nameTable.put(shaWithDSA_OIW_oid, "SHA1withDSA"); 922 nameTable.put(sha224WithDSA_oid, "SHA224withDSA"); 923 nameTable.put(sha256WithDSA_oid, "SHA256withDSA"); 924 nameTable.put(sha1WithRSAEncryption_oid, "SHA1withRSA"); 925 nameTable.put(sha1WithRSAEncryption_OIW_oid, "SHA1withRSA"); 926 nameTable.put(sha224WithRSAEncryption_oid, "SHA224withRSA"); 927 nameTable.put(sha256WithRSAEncryption_oid, "SHA256withRSA"); 928 nameTable.put(sha384WithRSAEncryption_oid, "SHA384withRSA"); 929 nameTable.put(sha512WithRSAEncryption_oid, "SHA512withRSA"); 930 nameTable.put(pbeWithMD5AndDES_oid, "PBEWithMD5AndDES"); 931 nameTable.put(pbeWithMD5AndRC2_oid, "PBEWithMD5AndRC2"); 932 nameTable.put(pbeWithSHA1AndDES_oid, "PBEWithSHA1AndDES"); 933 nameTable.put(pbeWithSHA1AndRC2_oid, "PBEWithSHA1AndRC2"); 934 nameTable.put(pbeWithSHA1AndDESede_oid, "PBEWithSHA1AndDESede"); 935 nameTable.put(pbeWithSHA1AndRC2_40_oid, "PBEWithSHA1AndRC2_40"); 936 } 937 938 /** 939 * Creates a signature algorithm name from a digest algorithm 940 * name and a encryption algorithm name. 941 */ 942 public static String makeSigAlg(String digAlg, String encAlg) { 943 digAlg = digAlg.replace("-", ""); 944 if (encAlg.equalsIgnoreCase("EC")) encAlg = "ECDSA"; 945 946 return digAlg + "with" + encAlg; 947 } 948 949 /** 950 * Extracts the encryption algorithm name from a signature 951 * algorithm name. 952 */ 953 public static String getEncAlgFromSigAlg(String signatureAlgorithm) { 954 signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH); 955 int with = signatureAlgorithm.indexOf("WITH"); 956 String keyAlgorithm = null; 957 if (with > 0) { 958 int and = signatureAlgorithm.indexOf("AND", with + 4); 959 if (and > 0) { 960 keyAlgorithm = signatureAlgorithm.substring(with + 4, and); 961 } else { 962 keyAlgorithm = signatureAlgorithm.substring(with + 4); 963 } 964 if (keyAlgorithm.equalsIgnoreCase("ECDSA")) { 965 keyAlgorithm = "EC"; 966 } 967 } 968 return keyAlgorithm; 969 } 970 971 /** 972 * Extracts the digest algorithm name from a signature 973 * algorithm name. 974 */ 975 public static String getDigAlgFromSigAlg(String signatureAlgorithm) { 976 signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH); 977 int with = signatureAlgorithm.indexOf("WITH"); 978 if (with > 0) { 979 return signatureAlgorithm.substring(0, with); 980 } 981 return null; 982 } 983 984 /** 985 * Checks if a signature algorithm matches a key algorithm, i.e. a 986 * signature can be initialized with a key. 987 * 988 * @param kAlg must not be null 989 * @param sAlg must not be null 990 * @throws IllegalArgumentException if they do not match 991 */ 992 public static void checkKeyAndSigAlgMatch(String kAlg, String sAlg) { 993 String sAlgUp = sAlg.toUpperCase(Locale.US); 994 if ((sAlgUp.endsWith("WITHRSA") && !kAlg.equalsIgnoreCase("RSA")) || 995 (sAlgUp.endsWith("WITHECDSA") && !kAlg.equalsIgnoreCase("EC")) || 996 (sAlgUp.endsWith("WITHDSA") && !kAlg.equalsIgnoreCase("DSA"))) { 997 throw new IllegalArgumentException( 998 "key algorithm not compatible with signature algorithm"); 999 } 1000 } 1001 1002 /** 1003 * Returns the default signature algorithm for a private key. The digest 1004 * part might evolve with time. Remember to update the spec of 1005 * {@link jdk.security.jarsigner.JarSigner.Builder#getDefaultSignatureAlgorithm(PrivateKey)} 1006 * if updated. 1007 * 1008 * @param k cannot be null 1009 * @return the default alg, might be null if unsupported 1010 */ 1011 public static String getDefaultSigAlgForKey(PrivateKey k) { 1012 switch (k.getAlgorithm().toUpperCase(Locale.ROOT)) { 1013 case "EC": 1014 return ecStrength(KeyUtil.getKeySize(k)) 1015 + "withECDSA"; 1016 case "DSA": 1017 return ifcFfcStrength(KeyUtil.getKeySize(k)) 1018 + "withDSA"; 1019 case "RSA": 1020 return ifcFfcStrength(KeyUtil.getKeySize(k)) 1021 + "withRSA"; 1022 default: 1023 return null; 1024 } 1025 } 1026 1027 // Values from SP800-57 part 1 rev 4 tables 2 and 3 1028 private static String ecStrength (int bitLength) { 1029 if (bitLength >= 512) { // 256 bits of strength 1030 return "SHA512"; 1031 } else if (bitLength >= 384) { // 192 bits of strength 1032 return "SHA384"; 1033 } else { // 128 bits of strength and less 1034 return "SHA256"; 1035 } 1036 } 1037 1038 // Same values for RSA and DSA 1039 private static String ifcFfcStrength (int bitLength) { 1040 if (bitLength > 7680) { // 256 bits 1041 return "SHA512"; 1042 } else if (bitLength > 3072) { // 192 bits 1043 return "SHA384"; 1044 } else { // 128 bits and less 1045 return "SHA256"; 1046 } 1047 } 1048 }