1 /*
   2  * Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.x509;
  27 
  28 import java.io.*;
  29 import java.security.spec.AlgorithmParameterSpec;
  30 import java.security.spec.InvalidParameterSpecException;
  31 import java.security.spec.MGF1ParameterSpec;
  32 import java.security.spec.PSSParameterSpec;
  33 import java.util.*;
  34 import java.security.*;
  35 
  36 import sun.security.rsa.PSSParameters;
  37 import sun.security.util.*;
  38 
  39 
  40 /**
  41  * This class identifies algorithms, such as cryptographic transforms, each
  42  * of which may be associated with parameters.  Instances of this base class
  43  * are used when this runtime environment has no special knowledge of the
  44  * algorithm type, and may also be used in other cases.  Equivalence is
  45  * defined according to OID and (where relevant) parameters.
  46  *
  47  * <P>Subclasses may be used, for example when when the algorithm ID has
  48  * associated parameters which some code (e.g. code using public keys) needs
  49  * to have parsed.  Two examples of such algorithms are Diffie-Hellman key
  50  * exchange, and the Digital Signature Standard Algorithm (DSS/DSA).
  51  *
  52  * <P>The OID constants defined in this class correspond to some widely
  53  * used algorithms, for which conventional string names have been defined.
  54  * This class is not a general repository for OIDs, or for such string names.
  55  * Note that the mappings between algorithm IDs and algorithm names is
  56  * not one-to-one.
  57  *
  58  *
  59  * @author David Brownell
  60  * @author Amit Kapoor
  61  * @author Hemma Prafullchandra
  62  */
  63 public class AlgorithmId implements Serializable, DerEncoder {
  64 
  65     /** use serialVersionUID from JDK 1.1. for interoperability */
  66     private static final long serialVersionUID = 7205873507486557157L;
  67 
  68     /**
  69      * The object identitifer being used for this algorithm.
  70      */
  71     private ObjectIdentifier algid;
  72 
  73     // The (parsed) parameters
  74     private AlgorithmParameters algParams;
  75     private boolean constructedFromDer = true;
  76 
  77     /**
  78      * Parameters for this algorithm.  These are stored in unparsed
  79      * DER-encoded form; subclasses can be made to automaticaly parse
  80      * them so there is fast access to these parameters.
  81      */
  82     protected DerValue          params;
  83 
  84     private transient byte[] encodedParams;
  85 
  86     /**
  87      * Constructs an algorithm ID which will be initialized
  88      * separately, for example by deserialization.
  89      * @deprecated use one of the other constructors.
  90      */
  91     @Deprecated
  92     public AlgorithmId() { }
  93 
  94     /**
  95      * Constructs a parameterless algorithm ID.
  96      *
  97      * @param oid the identifier for the algorithm
  98      */
  99     public AlgorithmId(ObjectIdentifier oid) {
 100         algid = oid;
 101     }
 102 
 103     /**
 104      * Constructs an algorithm ID with algorithm parameters.
 105      *
 106      * @param oid the identifier for the algorithm.
 107      * @param algparams the associated algorithm parameters.
 108      */
 109     public AlgorithmId(ObjectIdentifier oid, AlgorithmParameters algparams) {
 110         algid = oid;
 111         algParams = algparams;
 112         constructedFromDer = false;
 113         if (algParams != null) {
 114             try {
 115                 encodedParams = algParams.getEncoded();
 116             } catch (IOException ioe) {
 117                 // It should be safe to ignore this.
 118                 // This exception can occur if AlgorithmParameters was not
 119                 // initialized (which should not occur), or if it was
 120                 // initialized with bogus parameters, which should have
 121                 // been detected when init was called.
 122                 assert false;
 123             }
 124         }
 125     }
 126 
 127     private AlgorithmId(ObjectIdentifier oid, DerValue params)
 128             throws IOException {
 129         this.algid = oid;
 130         this.params = params;
 131         if (this.params != null) {
 132             encodedParams = params.toByteArray();
 133             decodeParams();
 134         }
 135     }
 136 
 137     protected void decodeParams() throws IOException {
 138         String algidName = getName();
 139         try {
 140             algParams = AlgorithmParameters.getInstance(algidName);
 141         } catch (NoSuchAlgorithmException e) {
 142             /*
 143              * This algorithm parameter type is not supported, so we cannot
 144              * parse the parameters.
 145              */
 146             algParams = null;
 147             return;
 148         }
 149 
 150         // Decode (parse) the parameters
 151         algParams.init(encodedParams.clone());
 152     }
 153 
 154     /**
 155      * Marshal a DER-encoded "AlgorithmID" sequence on the DER stream.
 156      */
 157     public final void encode(DerOutputStream out) throws IOException {
 158         derEncode(out);
 159     }
 160 
 161     /**
 162      * DER encode this object onto an output stream.
 163      * Implements the <code>DerEncoder</code> interface.
 164      *
 165      * @param out
 166      * the output stream on which to write the DER encoding.
 167      *
 168      * @exception IOException on encoding error.
 169      */
 170     @Override
 171     public void derEncode (OutputStream out) throws IOException {
 172         DerOutputStream bytes = new DerOutputStream();
 173         DerOutputStream tmp = new DerOutputStream();
 174 
 175         bytes.putOID(algid);
 176         // Setup params from algParams since no DER encoding is given
 177         if (constructedFromDer == false) {
 178             if (encodedParams != null) {
 179                 params = new DerValue(encodedParams);
 180             } else {
 181                 params = null;
 182             }
 183         }
 184         if (params == null) {
 185             // Changes backed out for compatibility with Solaris
 186 
 187             // Several AlgorithmId should omit the whole parameter part when
 188             // it's NULL. They are ---
 189             // rfc3370 2.1: Implementations SHOULD generate SHA-1
 190             // AlgorithmIdentifiers with absent parameters.
 191             // rfc3447 C1: When id-sha1, id-sha224, id-sha256, id-sha384 and
 192             // id-sha512 are used in an AlgorithmIdentifier the parameters
 193             // (which are optional) SHOULD be omitted.
 194             // rfc3279 2.3.2: The id-dsa algorithm syntax includes optional
 195             // domain parameters... When omitted, the parameters component
 196             // MUST be omitted entirely
 197             // rfc3370 3.1: When the id-dsa-with-sha1 algorithm identifier
 198             // is used, the AlgorithmIdentifier parameters field MUST be absent.
 199             /*if (
 200                 algid.equals((Object)SHA_oid) ||
 201                 algid.equals((Object)SHA224_oid) ||
 202                 algid.equals((Object)SHA256_oid) ||
 203                 algid.equals((Object)SHA384_oid) ||
 204                 algid.equals((Object)SHA512_oid) ||
 205                 algid.equals((Object)SHA512_224_oid) ||
 206                 algid.equals((Object)SHA512_256_oid) ||
 207                 algid.equals((Object)DSA_oid) ||
 208                 algid.equals((Object)sha1WithDSA_oid)) {
 209                 ; // no parameter part encoded
 210             } else {
 211                 bytes.putNull();
 212             }*/
 213             if (algid.equals(RSASSA_PSS_oid)) {
 214                 // RFC 4055 3.3: when an RSASSA-PSS key does not require
 215                 // parameter validation, field is absent.
 216             } else {
 217                 bytes.putNull();
 218             }
 219         } else {
 220             bytes.putDerValue(params);
 221         }
 222         tmp.write(DerValue.tag_Sequence, bytes);
 223         out.write(tmp.toByteArray());
 224     }
 225 
 226 
 227     /**
 228      * Returns the DER-encoded X.509 AlgorithmId as a byte array.
 229      */
 230     public final byte[] encode() throws IOException {
 231         DerOutputStream out = new DerOutputStream();
 232         derEncode(out);
 233         return out.toByteArray();
 234     }
 235 
 236     /**
 237      * Returns the ISO OID for this algorithm.  This is usually converted
 238      * to a string and used as part of an algorithm name, for example
 239      * "OID.1.3.14.3.2.13" style notation.  Use the <code>getName</code>
 240      * call when you do not need to ensure cross-system portability
 241      * of algorithm names, or need a user friendly name.
 242      */
 243     public final ObjectIdentifier getOID () {
 244         return algid;
 245     }
 246 
 247     /**
 248      * Returns a name for the algorithm which may be more intelligible
 249      * to humans than the algorithm's OID, but which won't necessarily
 250      * be comprehensible on other systems.  For example, this might
 251      * return a name such as "MD5withRSA" for a signature algorithm on
 252      * some systems.  It also returns names like "OID.1.2.3.4", when
 253      * no particular name for the algorithm is known.
 254      *
 255      * Note: for ecdsa-with-SHA2 plus hash algorithm (Ex: SHA-256), this method
 256      * returns the "full" signature algorithm (Ex: SHA256withECDSA) directly.
 257      */
 258     public String getName() {
 259         String algName = nameTable.get(algid);
 260         if (algName != null) {
 261             return algName;
 262         }
 263         if ((params != null) && algid.equals((Object)specifiedWithECDSA_oid)) {
 264             try {
 265                 AlgorithmId paramsId =
 266                         AlgorithmId.parse(new DerValue(encodedParams));
 267                 String paramsName = paramsId.getName();
 268                 algName = makeSigAlg(paramsName, "EC");
 269             } catch (IOException e) {
 270                 // ignore
 271             }
 272         }
 273         return (algName == null) ? algid.toString() : algName;
 274     }
 275 
 276     public AlgorithmParameters getParameters() {
 277         return algParams;
 278     }
 279 
 280     /**
 281      * Returns the DER encoded parameter, which can then be
 282      * used to initialize java.security.AlgorithmParameters.
 283      *
 284      * Note that this* method should always return a new array as it is called
 285      * directly by the JDK implementation of X509Certificate.getSigAlgParams()
 286      * and X509CRL.getSigAlgParams().
 287      *
 288      * Note: for ecdsa-with-SHA2 plus hash algorithm (Ex: SHA-256), this method
 289      * returns null because {@link #getName()} has already returned the "full"
 290      * signature algorithm (Ex: SHA256withECDSA).
 291      *
 292      * @return DER encoded parameters, or null not present.
 293      */
 294     public byte[] getEncodedParams() throws IOException {
 295         return (encodedParams == null || algid.equals(specifiedWithECDSA_oid))
 296                 ? null
 297                 : encodedParams.clone();
 298     }
 299 
 300     /**
 301      * Returns true iff the argument indicates the same algorithm
 302      * with the same parameters.
 303      */
 304     public boolean equals(AlgorithmId other) {
 305         return algid.equals((Object)other.algid) &&
 306             Arrays.equals(encodedParams, other.encodedParams);
 307     }
 308 
 309     /**
 310      * Compares this AlgorithmID to another.  If algorithm parameters are
 311      * available, they are compared.  Otherwise, just the object IDs
 312      * for the algorithm are compared.
 313      *
 314      * @param other preferably an AlgorithmId, else an ObjectIdentifier
 315      */
 316     @Override
 317     public boolean equals(Object other) {
 318         if (this == other) {
 319             return true;
 320         }
 321         if (other instanceof AlgorithmId) {
 322             return equals((AlgorithmId) other);
 323         } else if (other instanceof ObjectIdentifier) {
 324             return equals((ObjectIdentifier) other);
 325         } else {
 326             return false;
 327         }
 328     }
 329 
 330     /**
 331      * Compares two algorithm IDs for equality.  Returns true iff
 332      * they are the same algorithm, ignoring algorithm parameters.
 333      */
 334     public final boolean equals(ObjectIdentifier id) {
 335         return algid.equals((Object)id);
 336     }
 337 
 338     /**
 339      * Returns a hashcode for this AlgorithmId.
 340      *
 341      * @return a hashcode for this AlgorithmId.
 342      */
 343     @Override
 344     public int hashCode() {
 345         int hashCode = algid.hashCode();
 346         hashCode = 31 * hashCode + Arrays.hashCode(encodedParams);
 347         return hashCode;
 348     }
 349 
 350     /**
 351      * Provides a human-readable description of the algorithm parameters.
 352      * This may be redefined by subclasses which parse those parameters.
 353      */
 354     protected String paramsToString() {
 355         if (encodedParams == null) {
 356             return "";
 357         } else if (algParams != null) {
 358             return ", " + algParams.toString();
 359         } else {
 360             return ", params unparsed";
 361         }
 362     }
 363 
 364     /**
 365      * Returns a string describing the algorithm and its parameters.
 366      */
 367     @Override
 368     public String toString() {
 369         return getName() + paramsToString();
 370     }
 371 
 372     /**
 373      * Parse (unmarshal) an ID from a DER sequence input value.  This form
 374      * parsing might be used when expanding a value which has already been
 375      * partially unmarshaled as a set or sequence member.
 376      *
 377      * @exception IOException on error.
 378      * @param val the input value, which contains the algid and, if
 379      *          there are any parameters, those parameters.
 380      * @return an ID for the algorithm.  If the system is configured
 381      *          appropriately, this may be an instance of a class
 382      *          with some kind of special support for this algorithm.
 383      *          In that case, you may "narrow" the type of the ID.
 384      */
 385     public static AlgorithmId parse(DerValue val) throws IOException {
 386         if (val.tag != DerValue.tag_Sequence) {
 387             throw new IOException("algid parse error, not a sequence");
 388         }
 389 
 390         /*
 391          * Get the algorithm ID and any parameters.
 392          */
 393         ObjectIdentifier        algid;
 394         DerValue                params;
 395         DerInputStream          in = val.toDerInputStream();
 396 
 397         algid = in.getOID();
 398         if (in.available() == 0) {
 399             params = null;
 400         } else {
 401             params = in.getDerValue();
 402             if (params.tag == DerValue.tag_Null) {
 403                 if (params.length() != 0) {
 404                     throw new IOException("invalid NULL");
 405                 }
 406                 params = null;
 407             }
 408             if (in.available() != 0) {
 409                 throw new IOException("Invalid AlgorithmIdentifier: extra data");
 410             }
 411         }
 412 
 413         return new AlgorithmId(algid, params);
 414     }
 415 
 416     /**
 417      * Returns one of the algorithm IDs most commonly associated
 418      * with this algorithm name.
 419      *
 420      * @param algname the name being used
 421      * @deprecated use the short get form of this method.
 422      * @exception NoSuchAlgorithmException on error.
 423      */
 424     @Deprecated
 425     public static AlgorithmId getAlgorithmId(String algname)
 426             throws NoSuchAlgorithmException {
 427         return get(algname);
 428     }
 429 
 430     /**
 431      * Returns one of the algorithm IDs most commonly associated
 432      * with this algorithm name.
 433      *
 434      * @param algname the name being used
 435      * @exception NoSuchAlgorithmException on error.
 436      */
 437     public static AlgorithmId get(String algname)
 438             throws NoSuchAlgorithmException {
 439         ObjectIdentifier oid;
 440         try {
 441             oid = algOID(algname);
 442         } catch (IOException ioe) {
 443             throw new NoSuchAlgorithmException
 444                 ("Invalid ObjectIdentifier " + algname);
 445         }
 446 
 447         if (oid == null) {
 448             throw new NoSuchAlgorithmException
 449                 ("unrecognized algorithm name: " + algname);
 450         }
 451         return new AlgorithmId(oid);
 452     }
 453 
 454     /**
 455      * Returns one of the algorithm IDs most commonly associated
 456      * with this algorithm parameters.
 457      *
 458      * @param algparams the associated algorithm parameters.
 459      * @exception NoSuchAlgorithmException on error.
 460      */
 461     public static AlgorithmId get(AlgorithmParameters algparams)
 462             throws NoSuchAlgorithmException {
 463         ObjectIdentifier oid;
 464         String algname = algparams.getAlgorithm();
 465         try {
 466             oid = algOID(algname);
 467         } catch (IOException ioe) {
 468             throw new NoSuchAlgorithmException
 469                 ("Invalid ObjectIdentifier " + algname);
 470         }
 471         if (oid == null) {
 472             throw new NoSuchAlgorithmException
 473                 ("unrecognized algorithm name: " + algname);
 474         }
 475         return new AlgorithmId(oid, algparams);
 476     }
 477 
 478     /*
 479      * Translates from some common algorithm names to the
 480      * OID with which they're usually associated ... this mapping
 481      * is the reverse of the one below, except in those cases
 482      * where synonyms are supported or where a given algorithm
 483      * is commonly associated with multiple OIDs.
 484      *
 485      * XXX This method needs to be enhanced so that we can also pass the
 486      * scope of the algorithm name to it, e.g., the algorithm name "DSA"
 487      * may have a different OID when used as a "Signature" algorithm than when
 488      * used as a "KeyPairGenerator" algorithm.
 489      */
 490     private static ObjectIdentifier algOID(String name) throws IOException {
 491         // See if algname is in printable OID ("dot-dot") notation
 492         if (name.indexOf('.') != -1) {
 493             if (name.startsWith("OID.")) {
 494                 return new ObjectIdentifier(name.substring("OID.".length()));
 495             } else {
 496                 return new ObjectIdentifier(name);
 497             }
 498         }
 499 
 500         // Digesting algorithms
 501         if (name.equalsIgnoreCase("MD5")) {
 502             return AlgorithmId.MD5_oid;
 503         }
 504         if (name.equalsIgnoreCase("MD2")) {
 505             return AlgorithmId.MD2_oid;
 506         }
 507         if (name.equalsIgnoreCase("SHA") || name.equalsIgnoreCase("SHA1")
 508             || name.equalsIgnoreCase("SHA-1")) {
 509             return AlgorithmId.SHA_oid;
 510         }
 511         if (name.equalsIgnoreCase("SHA-256") ||
 512             name.equalsIgnoreCase("SHA256")) {
 513             return AlgorithmId.SHA256_oid;
 514         }
 515         if (name.equalsIgnoreCase("SHA-384") ||
 516             name.equalsIgnoreCase("SHA384")) {
 517             return AlgorithmId.SHA384_oid;
 518         }
 519         if (name.equalsIgnoreCase("SHA-512") ||
 520             name.equalsIgnoreCase("SHA512")) {
 521             return AlgorithmId.SHA512_oid;
 522         }
 523         if (name.equalsIgnoreCase("SHA-224") ||
 524             name.equalsIgnoreCase("SHA224")) {
 525             return AlgorithmId.SHA224_oid;
 526         }
 527         if (name.equalsIgnoreCase("SHA-512/224") ||
 528             name.equalsIgnoreCase("SHA512/224")) {
 529             return AlgorithmId.SHA512_224_oid;
 530         }
 531         if (name.equalsIgnoreCase("SHA-512/256") ||
 532             name.equalsIgnoreCase("SHA512/256")) {
 533             return AlgorithmId.SHA512_256_oid;
 534         }
 535         // Various public key algorithms
 536         if (name.equalsIgnoreCase("RSA")) {
 537             return AlgorithmId.RSAEncryption_oid;
 538         }
 539         if (name.equalsIgnoreCase("RSASSA-PSS")) {
 540             return AlgorithmId.RSASSA_PSS_oid;
 541         }
 542         if (name.equalsIgnoreCase("RSAES-OAEP")) {
 543             return AlgorithmId.RSAES_OAEP_oid;
 544         }
 545         if (name.equalsIgnoreCase("Diffie-Hellman")
 546             || name.equalsIgnoreCase("DH")) {
 547             return AlgorithmId.DH_oid;
 548         }
 549         if (name.equalsIgnoreCase("DSA")) {
 550             return AlgorithmId.DSA_oid;
 551         }
 552         if (name.equalsIgnoreCase("EC")) {
 553             return EC_oid;
 554         }
 555         if (name.equalsIgnoreCase("ECDH")) {
 556             return AlgorithmId.ECDH_oid;
 557         }
 558 
 559         // Secret key algorithms
 560         if (name.equalsIgnoreCase("AES")) {
 561             return AlgorithmId.AES_oid;
 562         }
 563 
 564         // Common signature types
 565         if (name.equalsIgnoreCase("MD5withRSA")
 566             || name.equalsIgnoreCase("MD5/RSA")) {
 567             return AlgorithmId.md5WithRSAEncryption_oid;
 568         }
 569         if (name.equalsIgnoreCase("MD2withRSA")
 570             || name.equalsIgnoreCase("MD2/RSA")) {
 571             return AlgorithmId.md2WithRSAEncryption_oid;
 572         }
 573         if (name.equalsIgnoreCase("SHAwithDSA")
 574             || name.equalsIgnoreCase("SHA1withDSA")
 575             || name.equalsIgnoreCase("SHA/DSA")
 576             || name.equalsIgnoreCase("SHA1/DSA")
 577             || name.equalsIgnoreCase("DSAWithSHA1")
 578             || name.equalsIgnoreCase("DSS")
 579             || name.equalsIgnoreCase("SHA-1/DSA")) {
 580             return AlgorithmId.sha1WithDSA_oid;
 581         }
 582         if (name.equalsIgnoreCase("SHA224WithDSA")) {
 583             return AlgorithmId.sha224WithDSA_oid;
 584         }
 585         if (name.equalsIgnoreCase("SHA256WithDSA")) {
 586             return AlgorithmId.sha256WithDSA_oid;
 587         }
 588         if (name.equalsIgnoreCase("SHA1WithRSA")
 589             || name.equalsIgnoreCase("SHA1/RSA")) {
 590             return AlgorithmId.sha1WithRSAEncryption_oid;
 591         }
 592         if (name.equalsIgnoreCase("SHA1withECDSA")
 593                 || name.equalsIgnoreCase("ECDSA")) {
 594             return AlgorithmId.sha1WithECDSA_oid;
 595         }
 596         if (name.equalsIgnoreCase("SHA224withECDSA")) {
 597             return AlgorithmId.sha224WithECDSA_oid;
 598         }
 599         if (name.equalsIgnoreCase("SHA256withECDSA")) {
 600             return AlgorithmId.sha256WithECDSA_oid;
 601         }
 602         if (name.equalsIgnoreCase("SHA384withECDSA")) {
 603             return AlgorithmId.sha384WithECDSA_oid;
 604         }
 605         if (name.equalsIgnoreCase("SHA512withECDSA")) {
 606             return AlgorithmId.sha512WithECDSA_oid;
 607         }
 608 
 609         // See if any of the installed providers supply a mapping from
 610         // the given algorithm name to an OID string
 611         String oidString;
 612         if (!initOidTable) {
 613             Provider[] provs = Security.getProviders();
 614             for (int i=0; i<provs.length; i++) {
 615                 for (Enumeration<Object> enum_ = provs[i].keys();
 616                      enum_.hasMoreElements(); ) {
 617                     String alias = (String)enum_.nextElement();
 618                     String upperCaseAlias = alias.toUpperCase(Locale.ENGLISH);
 619                     int index;
 620                     if (upperCaseAlias.startsWith("ALG.ALIAS") &&
 621                             (index=upperCaseAlias.indexOf("OID.", 0)) != -1) {
 622                         index += "OID.".length();
 623                         if (index == alias.length()) {
 624                             // invalid alias entry
 625                             break;
 626                         }
 627                         if (oidTable == null) {
 628                             oidTable = new HashMap<String,ObjectIdentifier>();
 629                         }
 630                         oidString = alias.substring(index);
 631                         String stdAlgName = provs[i].getProperty(alias);
 632                         if (stdAlgName != null) {
 633                             stdAlgName = stdAlgName.toUpperCase(Locale.ENGLISH);
 634                         }
 635                         if (stdAlgName != null &&
 636                                 oidTable.get(stdAlgName) == null) {
 637                             oidTable.put(stdAlgName,
 638                                          new ObjectIdentifier(oidString));
 639                         }
 640                     }
 641                 }
 642             }
 643 
 644             if (oidTable == null) {
 645                 oidTable = Collections.<String,ObjectIdentifier>emptyMap();
 646             }
 647             initOidTable = true;
 648         }
 649 
 650         return oidTable.get(name.toUpperCase(Locale.ENGLISH));
 651     }
 652 
 653     private static ObjectIdentifier oid(int ... values) {
 654         return ObjectIdentifier.newInternal(values);
 655     }
 656 
 657     private static boolean initOidTable = false;
 658     private static Map<String,ObjectIdentifier> oidTable;
 659     private static final Map<ObjectIdentifier,String> nameTable;
 660 
 661     /*****************************************************************/
 662 
 663     /*
 664      * HASHING ALGORITHMS
 665      */
 666 
 667     /**
 668      * Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319.
 669      * OID = 1.2.840.113549.2.2
 670      */
 671     public static final ObjectIdentifier MD2_oid =
 672     ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 2});
 673 
 674     /**
 675      * Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321.
 676      * OID = 1.2.840.113549.2.5
 677      */
 678     public static final ObjectIdentifier MD5_oid =
 679     ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 5});
 680 
 681     /**
 682      * Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1.
 683      * This is sometimes called "SHA", though that is often confusing since
 684      * many people refer to FIPS 180 (which has an error) as defining SHA.
 685      * OID = 1.3.14.3.2.26. Old SHA-0 OID: 1.3.14.3.2.18.
 686      */
 687     public static final ObjectIdentifier SHA_oid =
 688     ObjectIdentifier.newInternal(new int[] {1, 3, 14, 3, 2, 26});
 689 
 690     public static final ObjectIdentifier SHA224_oid =
 691     ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 4});
 692 
 693     public static final ObjectIdentifier SHA256_oid =
 694     ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 1});
 695 
 696     public static final ObjectIdentifier SHA384_oid =
 697     ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 2});
 698 
 699     public static final ObjectIdentifier SHA512_oid =
 700     ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 3});
 701 
 702     public static final ObjectIdentifier SHA512_224_oid =
 703     ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 5});
 704 
 705     public static final ObjectIdentifier SHA512_256_oid =
 706     ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 6});
 707 
 708     /*
 709      * COMMON PUBLIC KEY TYPES
 710      */
 711     private static final int DH_data[] = { 1, 2, 840, 113549, 1, 3, 1 };
 712     private static final int DH_PKIX_data[] = { 1, 2, 840, 10046, 2, 1 };
 713     private static final int DSA_OIW_data[] = { 1, 3, 14, 3, 2, 12 };
 714     private static final int DSA_PKIX_data[] = { 1, 2, 840, 10040, 4, 1 };
 715     private static final int RSA_data[] = { 2, 5, 8, 1, 1 };
 716 
 717     public static final ObjectIdentifier DH_oid;
 718     public static final ObjectIdentifier DH_PKIX_oid;
 719     public static final ObjectIdentifier DSA_oid;
 720     public static final ObjectIdentifier DSA_OIW_oid;
 721     public static final ObjectIdentifier EC_oid = oid(1, 2, 840, 10045, 2, 1);
 722     public static final ObjectIdentifier ECDH_oid = oid(1, 3, 132, 1, 12);
 723     public static final ObjectIdentifier RSA_oid;
 724     public static final ObjectIdentifier RSAEncryption_oid =
 725                                             oid(1, 2, 840, 113549, 1, 1, 1);
 726     public static final ObjectIdentifier RSAES_OAEP_oid =
 727                                             oid(1, 2, 840, 113549, 1, 1, 7);
 728     public static final ObjectIdentifier mgf1_oid =
 729                                             oid(1, 2, 840, 113549, 1, 1, 8);
 730     public static final ObjectIdentifier RSASSA_PSS_oid =
 731                                             oid(1, 2, 840, 113549, 1, 1, 10);
 732 
 733     /*
 734      * COMMON SECRET KEY TYPES
 735      */
 736     public static final ObjectIdentifier AES_oid =
 737                                             oid(2, 16, 840, 1, 101, 3, 4, 1);
 738 
 739     /*
 740      * COMMON SIGNATURE ALGORITHMS
 741      */
 742     private static final int md2WithRSAEncryption_data[] =
 743                                        { 1, 2, 840, 113549, 1, 1, 2 };
 744     private static final int md5WithRSAEncryption_data[] =
 745                                        { 1, 2, 840, 113549, 1, 1, 4 };
 746     private static final int sha1WithRSAEncryption_data[] =
 747                                        { 1, 2, 840, 113549, 1, 1, 5 };
 748     private static final int sha1WithRSAEncryption_OIW_data[] =
 749                                        { 1, 3, 14, 3, 2, 29 };
 750     private static final int sha224WithRSAEncryption_data[] =
 751                                        { 1, 2, 840, 113549, 1, 1, 14 };
 752     private static final int sha256WithRSAEncryption_data[] =
 753                                        { 1, 2, 840, 113549, 1, 1, 11 };
 754     private static final int sha384WithRSAEncryption_data[] =
 755                                        { 1, 2, 840, 113549, 1, 1, 12 };
 756     private static final int sha512WithRSAEncryption_data[] =
 757                                        { 1, 2, 840, 113549, 1, 1, 13 };
 758 
 759     private static final int shaWithDSA_OIW_data[] =
 760                                        { 1, 3, 14, 3, 2, 13 };
 761     private static final int sha1WithDSA_OIW_data[] =
 762                                        { 1, 3, 14, 3, 2, 27 };
 763     private static final int dsaWithSHA1_PKIX_data[] =
 764                                        { 1, 2, 840, 10040, 4, 3 };
 765 
 766     public static final ObjectIdentifier md2WithRSAEncryption_oid;
 767     public static final ObjectIdentifier md5WithRSAEncryption_oid;
 768     public static final ObjectIdentifier sha1WithRSAEncryption_oid;
 769     public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid;
 770     public static final ObjectIdentifier sha224WithRSAEncryption_oid;
 771     public static final ObjectIdentifier sha256WithRSAEncryption_oid;
 772     public static final ObjectIdentifier sha384WithRSAEncryption_oid;
 773     public static final ObjectIdentifier sha512WithRSAEncryption_oid;
 774     public static final ObjectIdentifier sha512_224WithRSAEncryption_oid =
 775                                             oid(1, 2, 840, 113549, 1, 1, 15);
 776     public static final ObjectIdentifier sha512_256WithRSAEncryption_oid =
 777                                             oid(1, 2, 840, 113549, 1, 1, 16);;
 778 
 779     public static final ObjectIdentifier shaWithDSA_OIW_oid;
 780     public static final ObjectIdentifier sha1WithDSA_OIW_oid;
 781     public static final ObjectIdentifier sha1WithDSA_oid;
 782     public static final ObjectIdentifier sha224WithDSA_oid =
 783                                             oid(2, 16, 840, 1, 101, 3, 4, 3, 1);
 784     public static final ObjectIdentifier sha256WithDSA_oid =
 785                                             oid(2, 16, 840, 1, 101, 3, 4, 3, 2);
 786 
 787     public static final ObjectIdentifier sha1WithECDSA_oid =
 788                                             oid(1, 2, 840, 10045, 4, 1);
 789     public static final ObjectIdentifier sha224WithECDSA_oid =
 790                                             oid(1, 2, 840, 10045, 4, 3, 1);
 791     public static final ObjectIdentifier sha256WithECDSA_oid =
 792                                             oid(1, 2, 840, 10045, 4, 3, 2);
 793     public static final ObjectIdentifier sha384WithECDSA_oid =
 794                                             oid(1, 2, 840, 10045, 4, 3, 3);
 795     public static final ObjectIdentifier sha512WithECDSA_oid =
 796                                             oid(1, 2, 840, 10045, 4, 3, 4);
 797     public static final ObjectIdentifier specifiedWithECDSA_oid =
 798                                             oid(1, 2, 840, 10045, 4, 3);
 799 
 800     /**
 801      * Algorithm ID for the PBE encryption algorithms from PKCS#5 and
 802      * PKCS#12.
 803      */
 804     public static final ObjectIdentifier pbeWithMD5AndDES_oid =
 805         ObjectIdentifier.newInternal(new int[]{1, 2, 840, 113549, 1, 5, 3});
 806     public static final ObjectIdentifier pbeWithMD5AndRC2_oid =
 807         ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 6});
 808     public static final ObjectIdentifier pbeWithSHA1AndDES_oid =
 809         ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 10});
 810     public static final ObjectIdentifier pbeWithSHA1AndRC2_oid =
 811         ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 11});
 812     public static ObjectIdentifier pbeWithSHA1AndDESede_oid =
 813         ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 3});
 814     public static ObjectIdentifier pbeWithSHA1AndRC2_40_oid =
 815         ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 6});
 816 
 817     static {
 818     /*
 819      * Note the preferred OIDs are named simply with no "OIW" or
 820      * "PKIX" in them, even though they may point to data from these
 821      * specs; e.g. SHA_oid, DH_oid, DSA_oid, SHA1WithDSA_oid...
 822      */
 823     /**
 824      * Algorithm ID for Diffie Hellman Key agreement, from PKCS #3.
 825      * Parameters include public values P and G, and may optionally specify
 826      * the length of the private key X.  Alternatively, algorithm parameters
 827      * may be derived from another source such as a Certificate Authority's
 828      * certificate.
 829      * OID = 1.2.840.113549.1.3.1
 830      */
 831         DH_oid = ObjectIdentifier.newInternal(DH_data);
 832 
 833     /**
 834      * Algorithm ID for the Diffie Hellman Key Agreement (DH), from RFC 3279.
 835      * Parameters may include public values P and G.
 836      * OID = 1.2.840.10046.2.1
 837      */
 838         DH_PKIX_oid = ObjectIdentifier.newInternal(DH_PKIX_data);
 839 
 840     /**
 841      * Algorithm ID for the Digital Signing Algorithm (DSA), from the
 842      * NIST OIW Stable Agreements part 12.
 843      * Parameters may include public values P, Q, and G; or these may be
 844      * derived from
 845      * another source such as a Certificate Authority's certificate.
 846      * OID = 1.3.14.3.2.12
 847      */
 848         DSA_OIW_oid = ObjectIdentifier.newInternal(DSA_OIW_data);
 849 
 850     /**
 851      * Algorithm ID for the Digital Signing Algorithm (DSA), from RFC 3279.
 852      * Parameters may include public values P, Q, and G; or these may be
 853      * derived from another source such as a Certificate Authority's
 854      * certificate.
 855      * OID = 1.2.840.10040.4.1
 856      */
 857         DSA_oid = ObjectIdentifier.newInternal(DSA_PKIX_data);
 858 
 859     /**
 860      * Algorithm ID for RSA keys used for any purpose, as defined in X.509.
 861      * The algorithm parameter is a single value, the number of bits in the
 862      * public modulus.
 863      * OID = 2.5.8.1.1
 864      */
 865         RSA_oid = ObjectIdentifier.newInternal(RSA_data);
 866 
 867     /**
 868      * Identifies a signing algorithm where an MD2 digest is encrypted
 869      * using an RSA private key; defined in PKCS #1.  Use of this
 870      * signing algorithm is discouraged due to MD2 vulnerabilities.
 871      * OID = 1.2.840.113549.1.1.2
 872      */
 873         md2WithRSAEncryption_oid =
 874             ObjectIdentifier.newInternal(md2WithRSAEncryption_data);
 875 
 876     /**
 877      * Identifies a signing algorithm where an MD5 digest is
 878      * encrypted using an RSA private key; defined in PKCS #1.
 879      * OID = 1.2.840.113549.1.1.4
 880      */
 881         md5WithRSAEncryption_oid =
 882             ObjectIdentifier.newInternal(md5WithRSAEncryption_data);
 883 
 884     /**
 885      * Identifies a signing algorithm where a SHA1 digest is
 886      * encrypted using an RSA private key; defined by RSA DSI.
 887      * OID = 1.2.840.113549.1.1.5
 888      */
 889         sha1WithRSAEncryption_oid =
 890             ObjectIdentifier.newInternal(sha1WithRSAEncryption_data);
 891 
 892     /**
 893      * Identifies a signing algorithm where a SHA1 digest is
 894      * encrypted using an RSA private key; defined in NIST OIW.
 895      * OID = 1.3.14.3.2.29
 896      */
 897         sha1WithRSAEncryption_OIW_oid =
 898             ObjectIdentifier.newInternal(sha1WithRSAEncryption_OIW_data);
 899 
 900     /**
 901      * Identifies a signing algorithm where a SHA224 digest is
 902      * encrypted using an RSA private key; defined by PKCS #1.
 903      * OID = 1.2.840.113549.1.1.14
 904      */
 905         sha224WithRSAEncryption_oid =
 906             ObjectIdentifier.newInternal(sha224WithRSAEncryption_data);
 907 
 908     /**
 909      * Identifies a signing algorithm where a SHA256 digest is
 910      * encrypted using an RSA private key; defined by PKCS #1.
 911      * OID = 1.2.840.113549.1.1.11
 912      */
 913         sha256WithRSAEncryption_oid =
 914             ObjectIdentifier.newInternal(sha256WithRSAEncryption_data);
 915 
 916     /**
 917      * Identifies a signing algorithm where a SHA384 digest is
 918      * encrypted using an RSA private key; defined by PKCS #1.
 919      * OID = 1.2.840.113549.1.1.12
 920      */
 921         sha384WithRSAEncryption_oid =
 922             ObjectIdentifier.newInternal(sha384WithRSAEncryption_data);
 923 
 924     /**
 925      * Identifies a signing algorithm where a SHA512 digest is
 926      * encrypted using an RSA private key; defined by PKCS #1.
 927      * OID = 1.2.840.113549.1.1.13
 928      */
 929         sha512WithRSAEncryption_oid =
 930             ObjectIdentifier.newInternal(sha512WithRSAEncryption_data);
 931 
 932     /**
 933      * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
 934      * SHA digest is signed using the Digital Signing Algorithm (DSA).
 935      * This should not be used.
 936      * OID = 1.3.14.3.2.13
 937      */
 938         shaWithDSA_OIW_oid = ObjectIdentifier.newInternal(shaWithDSA_OIW_data);
 939 
 940     /**
 941      * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
 942      * SHA1 digest is signed using the Digital Signing Algorithm (DSA).
 943      * OID = 1.3.14.3.2.27
 944      */
 945         sha1WithDSA_OIW_oid = ObjectIdentifier.newInternal(sha1WithDSA_OIW_data);
 946 
 947     /**
 948      * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
 949      * SHA1 digest is signed using the Digital Signing Algorithm (DSA).
 950      * OID = 1.2.840.10040.4.3
 951      */
 952         sha1WithDSA_oid = ObjectIdentifier.newInternal(dsaWithSHA1_PKIX_data);
 953 
 954         nameTable = new HashMap<ObjectIdentifier,String>();
 955         nameTable.put(MD5_oid, "MD5");
 956         nameTable.put(MD2_oid, "MD2");
 957         nameTable.put(SHA_oid, "SHA-1");
 958         nameTable.put(SHA224_oid, "SHA-224");
 959         nameTable.put(SHA256_oid, "SHA-256");
 960         nameTable.put(SHA384_oid, "SHA-384");
 961         nameTable.put(SHA512_oid, "SHA-512");
 962         nameTable.put(SHA512_224_oid, "SHA-512/224");
 963         nameTable.put(SHA512_256_oid, "SHA-512/256");
 964         nameTable.put(RSAEncryption_oid, "RSA");
 965         nameTable.put(RSA_oid, "RSA");
 966         nameTable.put(DH_oid, "Diffie-Hellman");
 967         nameTable.put(DH_PKIX_oid, "Diffie-Hellman");
 968         nameTable.put(DSA_oid, "DSA");
 969         nameTable.put(DSA_OIW_oid, "DSA");
 970         nameTable.put(EC_oid, "EC");
 971         nameTable.put(ECDH_oid, "ECDH");
 972 
 973         nameTable.put(AES_oid, "AES");
 974 
 975         nameTable.put(sha1WithECDSA_oid, "SHA1withECDSA");
 976         nameTable.put(sha224WithECDSA_oid, "SHA224withECDSA");
 977         nameTable.put(sha256WithECDSA_oid, "SHA256withECDSA");
 978         nameTable.put(sha384WithECDSA_oid, "SHA384withECDSA");
 979         nameTable.put(sha512WithECDSA_oid, "SHA512withECDSA");
 980         nameTable.put(md5WithRSAEncryption_oid, "MD5withRSA");
 981         nameTable.put(md2WithRSAEncryption_oid, "MD2withRSA");
 982         nameTable.put(sha1WithDSA_oid, "SHA1withDSA");
 983         nameTable.put(sha1WithDSA_OIW_oid, "SHA1withDSA");
 984         nameTable.put(shaWithDSA_OIW_oid, "SHA1withDSA");
 985         nameTable.put(sha224WithDSA_oid, "SHA224withDSA");
 986         nameTable.put(sha256WithDSA_oid, "SHA256withDSA");
 987         nameTable.put(sha1WithRSAEncryption_oid, "SHA1withRSA");
 988         nameTable.put(sha1WithRSAEncryption_OIW_oid, "SHA1withRSA");
 989         nameTable.put(sha224WithRSAEncryption_oid, "SHA224withRSA");
 990         nameTable.put(sha256WithRSAEncryption_oid, "SHA256withRSA");
 991         nameTable.put(sha384WithRSAEncryption_oid, "SHA384withRSA");
 992         nameTable.put(sha512WithRSAEncryption_oid, "SHA512withRSA");
 993         nameTable.put(sha512_224WithRSAEncryption_oid, "SHA512/224withRSA");
 994         nameTable.put(sha512_256WithRSAEncryption_oid, "SHA512/256withRSA");
 995         nameTable.put(RSASSA_PSS_oid, "RSASSA-PSS");
 996         nameTable.put(RSAES_OAEP_oid, "RSAES-OAEP");
 997 
 998         nameTable.put(pbeWithMD5AndDES_oid, "PBEWithMD5AndDES");
 999         nameTable.put(pbeWithMD5AndRC2_oid, "PBEWithMD5AndRC2");
1000         nameTable.put(pbeWithSHA1AndDES_oid, "PBEWithSHA1AndDES");
1001         nameTable.put(pbeWithSHA1AndRC2_oid, "PBEWithSHA1AndRC2");
1002         nameTable.put(pbeWithSHA1AndDESede_oid, "PBEWithSHA1AndDESede");
1003         nameTable.put(pbeWithSHA1AndRC2_40_oid, "PBEWithSHA1AndRC2_40");
1004     }
1005 
1006     /**
1007      * Creates a signature algorithm name from a digest algorithm
1008      * name and a encryption algorithm name.
1009      */
1010     public static String makeSigAlg(String digAlg, String encAlg) {
1011         digAlg = digAlg.replace("-", "");
1012         if (encAlg.equalsIgnoreCase("EC")) encAlg = "ECDSA";
1013 
1014         return digAlg + "with" + encAlg;
1015     }
1016 
1017     /**
1018      * Extracts the encryption algorithm name from a signature
1019      * algorithm name.
1020       */
1021     public static String getEncAlgFromSigAlg(String signatureAlgorithm) {
1022         signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
1023         int with = signatureAlgorithm.indexOf("WITH");
1024         String keyAlgorithm = null;
1025         if (with > 0) {
1026             int and = signatureAlgorithm.indexOf("AND", with + 4);
1027             if (and > 0) {
1028                 keyAlgorithm = signatureAlgorithm.substring(with + 4, and);
1029             } else {
1030                 keyAlgorithm = signatureAlgorithm.substring(with + 4);
1031             }
1032             if (keyAlgorithm.equalsIgnoreCase("ECDSA")) {
1033                 keyAlgorithm = "EC";
1034             }
1035         }
1036         return keyAlgorithm;
1037     }
1038 
1039     /**
1040      * Extracts the digest algorithm name from a signature
1041      * algorithm name.
1042       */
1043     public static String getDigAlgFromSigAlg(String signatureAlgorithm) {
1044         signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
1045         int with = signatureAlgorithm.indexOf("WITH");
1046         if (with > 0) {
1047             return signatureAlgorithm.substring(0, with);
1048         }
1049         return null;
1050     }
1051 
1052     // Most commonly used PSSParameterSpec and AlgorithmId
1053     private static class PSSParamsHolder {
1054 
1055         final static PSSParameterSpec PSS_256_SPEC = new PSSParameterSpec(
1056                 "SHA-256", "MGF1",
1057                 new MGF1ParameterSpec("SHA-256"),
1058                 32, PSSParameterSpec.TRAILER_FIELD_BC);
1059         final static PSSParameterSpec PSS_384_SPEC = new PSSParameterSpec(
1060                 "SHA-384", "MGF1",
1061                 new MGF1ParameterSpec("SHA-384"),
1062                 48, PSSParameterSpec.TRAILER_FIELD_BC);
1063         final static PSSParameterSpec PSS_512_SPEC = new PSSParameterSpec(
1064                 "SHA-512", "MGF1",
1065                 new MGF1ParameterSpec("SHA-512"),
1066                 64, PSSParameterSpec.TRAILER_FIELD_BC);
1067 
1068         final static AlgorithmId PSS_256_ID;
1069         final static AlgorithmId PSS_384_ID;
1070         final static AlgorithmId PSS_512_ID;
1071 
1072         static {
1073             try {
1074                 PSS_256_ID = new AlgorithmId(RSASSA_PSS_oid,
1075                         new DerValue(PSSParameters.getEncoded(PSS_256_SPEC)));
1076                 PSS_384_ID = new AlgorithmId(RSASSA_PSS_oid,
1077                         new DerValue(PSSParameters.getEncoded(PSS_384_SPEC)));
1078                 PSS_512_ID = new AlgorithmId(RSASSA_PSS_oid,
1079                         new DerValue(PSSParameters.getEncoded(PSS_512_SPEC)));
1080             } catch (IOException e) {
1081                 throw new AssertionError("Should not happen", e);
1082             }
1083         }
1084     }
1085 
1086     public static AlgorithmId getWithParameterSpec(String algName,
1087             AlgorithmParameterSpec spec) throws NoSuchAlgorithmException {
1088 
1089         if (spec == null) {
1090             return AlgorithmId.get(algName);
1091         } else if (spec == PSSParamsHolder.PSS_256_SPEC) {
1092             return PSSParamsHolder.PSS_256_ID;
1093         } else if (spec == PSSParamsHolder.PSS_384_SPEC) {
1094             return PSSParamsHolder.PSS_384_ID;
1095         } else if (spec == PSSParamsHolder.PSS_512_SPEC) {
1096             return PSSParamsHolder.PSS_512_ID;
1097         } else {
1098             try {
1099                 AlgorithmParameters result =
1100                         AlgorithmParameters.getInstance(algName);
1101                 result.init(spec);
1102                 return get(result);
1103             } catch (InvalidParameterSpecException | NoSuchAlgorithmException e) {
1104                 throw new ProviderException(e);
1105             }
1106         }
1107     }
1108 
1109     public static PSSParameterSpec getDefaultAlgorithmParameterSpec(
1110             String sigAlg, PrivateKey k) {
1111         if (sigAlg.equalsIgnoreCase("RSASSA-PSS")) {
1112             switch (ifcFfcStrength(KeyUtil.getKeySize(k))) {
1113                 case "SHA256":
1114                     return PSSParamsHolder.PSS_256_SPEC;
1115                 case "SHA384":
1116                     return PSSParamsHolder.PSS_384_SPEC;
1117                 case "SHA512":
1118                     return PSSParamsHolder.PSS_512_SPEC;
1119                 default:
1120                     throw new AssertionError("Should not happen");
1121             }
1122         } else {
1123             return null;
1124         }
1125     }
1126 
1127     // Same values for RSA and DSA (from 8056174)
1128     private static String ifcFfcStrength(int bitLength) {
1129         if (bitLength > 7680) { // 256 bits
1130             return "SHA512";
1131         } else if (bitLength > 3072) {  // 192 bits
1132             return "SHA384";
1133         } else  { // 128 bits and less
1134             return "SHA256";
1135         }
1136     }
1137 }