diff options
Diffstat (limited to 'base/util/src/netscape/security/x509/AlgorithmId.java')
| -rw-r--r-- | base/util/src/netscape/security/x509/AlgorithmId.java | 767 |
1 files changed, 767 insertions, 0 deletions
diff --git a/base/util/src/netscape/security/x509/AlgorithmId.java b/base/util/src/netscape/security/x509/AlgorithmId.java new file mode 100644 index 000000000..b0113af41 --- /dev/null +++ b/base/util/src/netscape/security/x509/AlgorithmId.java @@ -0,0 +1,767 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package netscape.security.x509; + +import java.io.IOException; +import java.io.OutputStream; +import java.io.Serializable; +import java.security.AlgorithmParameters; +import java.security.NoSuchAlgorithmException; + +import netscape.security.util.DerEncoder; +import netscape.security.util.DerInputStream; +import netscape.security.util.DerOutputStream; +import netscape.security.util.DerValue; +import netscape.security.util.ObjectIdentifier; + +/** + * This class identifies algorithms, such as cryptographic transforms, each + * of which may be associated with parameters. Instances of this base class + * are used when this runtime environment has no special knowledge of the + * algorithm type, and may also be used in other cases. Equivalence is + * defined according to OID and (where relevant) parameters. + * + * <P> + * Subclasses may be used, for example when when the algorithm ID has associated parameters which some code (e.g. code + * using public keys) needs to have parsed. Two examples of such algorithms are Diffie-Hellman key exchange, and the + * Digital Signature Standard Algorithm (DSS/DSA). + * + * <P> + * The OID constants defined in this class correspond to some widely used algorithms, for which conventional string + * names have been defined. This class is not a general repository for OIDs, or for such string names. Note that the + * mappings between algorithm IDs and algorithm names is not one-to-one. + * + * @version 1.70 + * + * @author David Brownell + * @author Amit Kapoor + * @author Hemma Prafullchandra + */ +public class AlgorithmId implements Serializable, DerEncoder { + + /** use serialVersionUID from JDK 1.1. for interoperability */ + private static final long serialVersionUID = 7205873507486557157L; + + /* Are we debugging? */ + private static boolean debug = false; + + /** + * The object identitifer being used for this algorithm. + */ + private ObjectIdentifier algid = null; + + // The (parsed) parameters + private AlgorithmParameters algParams; + + /** + * Parameters for this algorithm. These are stored in unparsed + * DER-encoded form; subclasses can be made to automaticaly parse + * them so there is fast access to these parameters. + */ + protected DerValue params = null; + + protected String paramsString = null; + + /** + * Returns one of the algorithm IDs most commonly associated + * with this algorithm name. + * + * @param algname the name being used + * @deprecated use the short get form of this method. + * @exception NoSuchAlgorithmException on error. + */ + public static AlgorithmId getAlgorithmId(String algname) + throws NoSuchAlgorithmException { + return get(algname); + } + + public AlgorithmParameters getParameters() { + return this.algParams; + } + + public String getParametersString() { + return this.paramsString; + } + + public void setParametersString(String paramStr) { + + this.paramsString = paramStr; + } + + /** + * Returns one of the algorithm IDs most commonly associated + * with this algorithm name. + * + * @param algname the name being used + * @exception NoSuchAlgorithmException on error. + */ + public static AlgorithmId get(String algname) + throws NoSuchAlgorithmException { + ObjectIdentifier oid = algOID(algname); + + if (oid == null) + throw new NoSuchAlgorithmException("unrecognized algorithm name: " + algname); + + return new AlgorithmId(oid); + } + + /** + * Parse (unmarshal) an ID from a DER sequence input value. This form + * parsing might be used when expanding a value which has already been + * partially unmarshaled as a set or sequence member. + * + * @exception IOException on error. + * @param val the input value, which contains the algid and, if + * there are any parameters, those parameters. + * @return an ID for the algorithm. If the system is configured + * appropriately, this may be an instance of a class + * with some kind of special support for this algorithm. + * In that case, you may "narrow" the type of the ID. + */ + public static AlgorithmId parse(DerValue val) + throws IOException { + if (val.tag != DerValue.tag_Sequence) + throw new IOException("algid parse error, not a sequence"); + + /* + * Get the algorithm ID and any parameters. + */ + ObjectIdentifier algid; + DerValue params; + DerInputStream in = val.toDerInputStream(); + + algid = in.getOID(); + if (in.available() == 0) + params = null; + else { + params = in.getDerValue(); + if (params.tag == DerValue.tag_Null) + params = null; + } + + /* + * Figure out what class (if any) knows about this oid's + * parameters. Make one, and give it the data to decode. + */ + AlgorithmId alg = new AlgorithmId(algid, params); + if (params != null) + alg.decodeParams(); + + /* + * Set the raw params string in case + * higher level code might want the info + */ + + String paramStr = null; + + if (params != null) { + paramStr = params.toString(); + } + + alg.setParametersString(paramStr); + + return alg; + } + + public static AlgorithmId parse(byte[] val) + throws IOException { + return null; + } + + /** + * Constructs a parameterless algorithm ID. + * + * @param oid the identifier for the algorithm + */ + public AlgorithmId(ObjectIdentifier oid) { + algid = oid; + } + + private AlgorithmId(ObjectIdentifier oid, DerValue params) + throws IOException { + this.algid = oid; + this.params = params; + if (this.params != null) + decodeParams(); + } + + /** + * Constructs an algorithm ID which will be initialized + * separately, for example by deserialization. + * + * @deprecated use one of the other constructors. + */ + public AlgorithmId() { + } + + protected void decodeParams() throws IOException { + try { + this.algParams = AlgorithmParameters.getInstance + (this.algid.toString()); + } catch (NoSuchAlgorithmException e) { + /* + * This algorithm parameter type is not supported, so we cannot + * parse the parameters. + */ + this.algParams = null; + return; + } + // Decode (parse) the parameters + this.algParams.init(this.params.toByteArray()); + } + + /** + * Marshal a DER-encoded "AlgorithmID" sequence on the DER stream. + */ + public final void encode(DerOutputStream out) + throws IOException { + derEncode(out); + } + + /** + * DER encode this object onto an output stream. + * Implements the <code>DerEncoder</code> interface. + * + * @param out + * the output stream on which to write the DER encoding. + * + * @exception IOException on encoding error. + */ + public void derEncode(OutputStream out) throws IOException { + DerOutputStream bytes = new DerOutputStream(); + DerOutputStream tmp = new DerOutputStream(); + + bytes.putOID(algid); + if (params == null) + bytes.putNull(); + else + bytes.putDerValue(params); + tmp.write(DerValue.tag_Sequence, bytes); + out.write(tmp.toByteArray()); + } + + // XXXX cleaning required + /** + * Returns the DER-encoded X.509 AlgorithmId as a byte array. + */ + public final byte[] encode() throws IOException { + DerOutputStream out = new DerOutputStream(); + DerOutputStream bytes = new DerOutputStream(); + + bytes.putOID(algid); + if (params == null) + bytes.putNull(); + else + bytes.putDerValue(params); + out.write(DerValue.tag_Sequence, bytes); + return out.toByteArray(); + } + + /** + * Returns list of signing algorithms for a key algorithm such as + * RSA or DSA. + */ + public static String[] getSigningAlgorithms(AlgorithmId alg) { + ObjectIdentifier algOid = alg.getOID(); + //System.out.println("Key Alg oid "+algOid.toString()); + if (algOid.equals(DSA_oid) || algOid.equals(DSA_OIW_oid)) { + return DSA_SIGNING_ALGORITHMS; + } else if (algOid.equals(RSA_oid) || algOid.equals(RSAEncryption_oid)) { + return RSA_SIGNING_ALGORITHMS; + } else if (algOid.equals(ANSIX962_EC_Public_Key_oid) || algOid.equals(ANSIX962_SHA1_With_EC_oid)) { + return EC_SIGNING_ALGORITHMS; + } else { + return null; + } + } + + /* + * Translates from some common algorithm names to the + * OID with which they're usually associated ... this mapping + * is the reverse of the one below, except in those cases + * where synonyms are supported or where a given algorithm + * is commonly associated with multiple OIDs. + */ + private static ObjectIdentifier algOID(String name) { + // Digesting algorithms + + if (name.equals("MD5")) + return AlgorithmId.MD5_oid; + if (name.equals("MD2")) + return AlgorithmId.MD2_oid; + if (name.equals("SHA") || name.equals("SHA1") + || name.equals("SHA-1")) + return AlgorithmId.SHA_oid; + if (name.equals("SHA256") || name.equals("SHA-256")) + return AlgorithmId.SHA256_oid; + if (name.equals("SHA512") || name.equals("SHA-512")) + return AlgorithmId.SHA512_oid; + + // Various public key algorithms + + if (name.equals("RSA")) + return AlgorithmId.RSA_oid; + + if (name.equals("RSAEncryption")) + return AlgorithmId.RSAEncryption_oid; + if (name.equals("Diffie-Hellman") || name.equals("DH")) + return AlgorithmId.DH_oid; + if (name.equals("DSA")) + return AlgorithmId.DSA_oid; + + // Common signature types + + if (name.equals("SHA1withEC") || name.equals("SHA1/EC") + || name.equals("1.2.840.10045.4.1")) + return AlgorithmId.sha1WithEC_oid; + if (name.equals("SHA256withEC") || name.equals("SHA256/EC") + || name.equals("1.2.840.10045.4.3.2")) + return AlgorithmId.sha256WithEC_oid; + if (name.equals("SHA384withEC") || name.equals("SHA384/EC") + || name.equals("1.2.840.10045.4.3.3")) + return AlgorithmId.sha384WithEC_oid; + if (name.equals("SHA512withEC") || name.equals("SHA512/EC") + || name.equals("1.2.840.10045.4.3.4")) + return AlgorithmId.sha512WithEC_oid; + if (name.equals("SHA1withRSA") || name.equals("SHA1/RSA") + || name.equals("1.2.840.113549.1.1.5")) + return AlgorithmId.sha1WithRSAEncryption_oid; + if (name.equals("SHA256withRSA") || name.equals("SHA256/RSA") + || name.equals("1.2.840.113549.1.1.11")) + return AlgorithmId.sha256WithRSAEncryption_oid; + if (name.equals("SHA512withRSA") || name.equals("SHA512/RSA") + || name.equals("1.2.840.113549.1.1.13")) + return AlgorithmId.sha512WithRSAEncryption_oid; + if (name.equals("MD5withRSA") || name.equals("MD5/RSA")) + return AlgorithmId.md5WithRSAEncryption_oid; + if (name.equals("MD2withRSA") || name.equals("MD2/RSA")) + return AlgorithmId.md2WithRSAEncryption_oid; + if (name.equals("SHAwithDSA") || name.equals("SHA1withDSA") + || name.equals("SHA/DSA") || name.equals("SHA1/DSA")) + return AlgorithmId.sha1WithDSA_oid; + + return null; + } + + /* + * For the inevitable cases where key or signature types are not + * configured in an environment which encounters such keys or + * signatures, we still attempt to provide user-friendly names + * for some of the most common algorithms. Subclasses can of + * course override getName(). + * + * Wherever possible, the names are those defined by the IETF. + * Such names are noted below. + */ + private String algName() { + // Common message digest algorithms + + if (algid.equals(AlgorithmId.MD5_oid)) + return "MD5"; // RFC 1423 + if (algid.equals(AlgorithmId.MD2_oid)) + return "MD2"; // RFC 1423 + if (algid.equals(AlgorithmId.SHA_oid)) + return "SHA"; + if (algid.equals(AlgorithmId.SHA256_oid)) + return "SHA256"; + if (algid.equals(AlgorithmId.SHA512_oid)) + return "SHA512"; + + // Common key types + + if (algid.equals(AlgorithmId.ANSIX962_EC_Public_Key_oid)) + return "EC"; + if (algid.equals(AlgorithmId.RSAEncryption_oid) + || algid.equals(AlgorithmId.RSA_oid)) + return "RSA"; + if (algid.equals(AlgorithmId.DH_oid) + || algid.equals(AlgorithmId.DH_PKIX_oid)) + return "Diffie-Hellman"; + if (algid.equals(AlgorithmId.DSA_oid) + || algid.equals(AlgorithmId.DSA_OIW_oid)) + return "DSA"; + + // Common signature types + + if (algid.equals(AlgorithmId.sha1WithEC_oid)) + return "SHA1withEC"; + if (algid.equals(AlgorithmId.sha256WithEC_oid)) + return "SHA256withEC"; + if (algid.equals(AlgorithmId.sha384WithEC_oid)) + return "SHA384withEC"; + if (algid.equals(AlgorithmId.sha512WithEC_oid)) + return "SHA512withEC"; + if (algid.equals(AlgorithmId.md5WithRSAEncryption_oid)) + return "MD5withRSA"; + if (algid.equals(AlgorithmId.md2WithRSAEncryption_oid)) + return "MD2withRSA"; + if (algid.equals(AlgorithmId.sha1WithRSAEncryption_oid)) + return "SHA1withRSA"; + if (algid.equals(AlgorithmId.sha256WithRSAEncryption_oid)) + return "SHA256withRSA"; + if (algid.equals(AlgorithmId.sha512WithRSAEncryption_oid)) + return "SHA512withRSA"; + if (algid.equals(AlgorithmId.sha1WithDSA_oid) + || algid.equals(AlgorithmId.sha1WithDSA_OIW_oid) + || algid.equals(AlgorithmId.shaWithDSA_OIW_oid)) + return "SHA1withDSA"; + + // default returns a dot-notation ID + + return "OID." + algid.toString(); + } + + /** + * Returns the ISO OID for this algorithm. This is usually converted + * to a string and used as part of an algorithm name, for example + * "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code> call when you do not need to ensure cross-system + * portability + * of algorithm names, or need a user friendly name. + */ + final public ObjectIdentifier getOID() { + return algid; + } + + /** + * Returns a name for the algorithm which may be more intelligible + * to humans than the algorithm's OID, but which won't necessarily + * be comprehensible on other systems. For example, this might + * return a name such as "MD5withRSA" for a signature algorithm on + * some systems. It also returns names like "OID.1.2.3.4", when + * no particular name for the algorithm is known. + */ + public String getName() { + return algName(); + } + + /** + * Returns a string describing the algorithm and its parameters. + */ + public String toString() { + return (algName() + paramsToString()); + } + + /** + * Returns the DER encoded parameter, which can then be + * used to initialize java.security.AlgorithmParamters. + * + * @return DER encoded parameters, or null not present. + */ + public byte[] getEncodedParams() throws IOException { + if (params == null) + return null; + else + return params.toByteArray(); + } + + /** + * Provides a human-readable description of the algorithm parameters. + * This may be redefined by subclasses which parse those parameters. + */ + protected String paramsToString() { + if (params == null) { + return ""; + } else if (algParams != null) { + return algParams.toString(); + } else { + return ", params unparsed"; + } + } + + /** + * Returns true iff the argument indicates the same algorithm + * with the same parameters. + */ + public boolean equals(AlgorithmId other) { + if (!algid.equals(other.algid)) + return false; + else if (params == null && other.params == null) + return true; + else if (params == null) + return false; + else + return params.equals(other.params); + } + + /** + * Compares this AlgorithmID to another. If algorithm parameters are + * available, they are compared. Otherwise, just the object IDs + * for the algorithm are compared. + * + * @param other preferably an AlgorithmId, else an ObjectIdentifier + */ + public boolean equals(Object other) { + if (other instanceof AlgorithmId) + return equals((AlgorithmId) other); + else if (other instanceof ObjectIdentifier) + return equals((ObjectIdentifier) other); + else + return false; + } + + /** + * Compares two algorithm IDs for equality. Returns true iff + * they are the same algorithm, ignoring algorithm parameters. + */ + public final boolean equals(ObjectIdentifier id) { + return algid.equals(id); + } + + /*****************************************************************/ + + /* + * HASHING ALGORITHMS + */ + private static final int MD2_data[] = { 1, 2, 840, 113549, 2, 2 }; + private static final int MD5_data[] = { 1, 2, 840, 113549, 2, 5 }; + // sha = { 1, 3, 14, 3, 2, 18 }; + private static final int SHA1_OIW_data[] = { 1, 3, 14, 3, 2, 26 }; + private static final int SHA256_data[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 }; + private static final int SHA512_data[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 }; + + /** + * Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319. + * OID = 1.2.840.113549.2.2 + */ + public static final ObjectIdentifier MD2_oid = new ObjectIdentifier(MD2_data); + + /** + * Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321. + * OID = 1.2.840.113549.2.5 + */ + public static final ObjectIdentifier MD5_oid = new ObjectIdentifier(MD5_data); + + /** + * Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1. + * This is sometimes called "SHA", though that is often confusing since + * many people refer to FIPS 180 (which has an error) as defining SHA. + * OID = 1.3.14.3.2.26 + */ + public static final ObjectIdentifier SHA_oid = new ObjectIdentifier(SHA1_OIW_data); + + public static final ObjectIdentifier SHA256_oid = new ObjectIdentifier(SHA256_data); + + public static final ObjectIdentifier SHA512_oid = new ObjectIdentifier(SHA512_data); + + /* + * COMMON PUBLIC KEY TYPES + */ + private static final int DH_data[] = { 1, 2, 840, 113549, 1, 3, 1 }; + private static final int DH_PKIX_data[] = { 1, 2, 840, 10046, 2, 1 }; + private static final int DSA_OIW_data[] = { 1, 3, 14, 3, 2, 12 }; + private static final int DSA_PKIX_data[] = { 1, 2, 840, 10040, 4, 1 }; + private static final int RSA_data[] = { 1, 2, 5, 8, 1, 1 }; + private static final int RSAEncryption_data[] = + { 1, 2, 840, 113549, 1, 1, 1 }; + private static final int ANSI_X962_public_key_data[] = + { 1, 2, 840, 10045, 2, 1 }; + private static final int ANSI_X962_sha1_with_ec_data[] = + { 1, 2, 840, 10045, 4, 1 }; + + public static final ObjectIdentifier ANSIX962_EC_Public_Key_oid = new ObjectIdentifier(ANSI_X962_public_key_data); + public static final ObjectIdentifier ANSIX962_SHA1_With_EC_oid = new ObjectIdentifier(ANSI_X962_sha1_with_ec_data); + + /* + * Note the preferred OIDs are named simply with no "OIW" or + * "PKIX" in them, even though they may point to data from these + * specs; e.g. SHA_oid, DH_oid, DSA_oid, SHA1WithDSA_oid... + */ + /** + * Algorithm ID for Diffie Hellman Key agreement, from PKCS #3. + * Parameters include public values P and G, and may optionally specify + * the length of the private key X. Alternatively, algorithm parameters + * may be derived from another source such as a Certificate Authority's + * certificate. + * OID = 1.2.840.113549.1.3.1 + */ + public static final ObjectIdentifier DH_oid = new ObjectIdentifier(DH_data); + + /** + * Algorithm ID for the Diffie Hellman Key Agreement (DH), from the + * IETF PKIX IPKI Part I. + * Parameters may include public values P and G. + * OID = 1.2.840.10046.2.1 + */ + public static final ObjectIdentifier DH_PKIX_oid = new ObjectIdentifier(DH_PKIX_data); + + /** + * Algorithm ID for the Digital Signing Algorithm (DSA), from the + * NIST OIW Stable Agreements part 12. + * Parameters may include public values P, Q, and G; or these may be + * derived from + * another source such as a Certificate Authority's certificate. + * OID = 1.3.14.3.2.12 + */ + public static final ObjectIdentifier DSA_OIW_oid = new ObjectIdentifier(DSA_OIW_data); + + /** + * Algorithm ID for the Digital Signing Algorithm (DSA), from the + * IETF PKIX IPKI Part I. + * Parameters may include public values P, Q, and G; or these may be + * derived from + * another source such as a Certificate Authority's certificate. + * OID = 1.2.840.10040.4.1 + */ + public static final ObjectIdentifier DSA_oid = new ObjectIdentifier(DSA_PKIX_data); + + /** + * Algorithm ID for RSA keys used for any purpose, as defined in X.509. + * The algorithm parameter is a single value, the number of bits in the + * public modulus. + * OID = 1.2.5.8.1.1 + */ + public static final ObjectIdentifier RSA_oid = new ObjectIdentifier(RSA_data); + + /** + * Algorithm ID for RSA keys used with RSA encryption, as defined + * in PKCS #1. There are no parameters associated with this algorithm. + * OID = 1.2.840.113549.1.1.1 + */ + public static final ObjectIdentifier RSAEncryption_oid = new ObjectIdentifier(RSAEncryption_data); + + /* + * COMMON SIGNATURE ALGORITHMS + */ + private static final int sha1WithEC_data[] = + { 1, 2, 840, 10045, 4, 1 }; + private static final int sha256WithEC_data[] = + { 1, 2, 840, 10045, 4, 3, 2 }; + private static final int sha384WithEC_data[] = + { 1, 2, 840, 10045, 4, 3, 3 }; + private static final int sha512WithEC_data[] = + { 1, 2, 840, 10045, 4, 3, 4 }; + private static final int md2WithRSAEncryption_data[] = + { 1, 2, 840, 113549, 1, 1, 2 }; + private static final int md5WithRSAEncryption_data[] = + { 1, 2, 840, 113549, 1, 1, 4 }; + private static final int sha1WithRSAEncryption_data[] = + { 1, 2, 840, 113549, 1, 1, 5 }; + private static final int sha256WithRSAEncryption_data[] = + { 1, 2, 840, 113549, 1, 1, 11 }; + private static final int sha512WithRSAEncryption_data[] = + { 1, 2, 840, 113549, 1, 1, 13 }; + private static final int sha1WithRSAEncryption_OIW_data[] = + { 1, 3, 14, 3, 2, 29 }; + private static final int shaWithDSA_OIW_data[] = + { 1, 3, 14, 3, 2, 13 }; + private static final int sha1WithDSA_OIW_data[] = + { 1, 3, 14, 3, 2, 27 }; + private static final int dsaWithSHA1_PKIX_data[] = + { 1, 2, 840, 10040, 4, 3 }; + + public static final ObjectIdentifier sha1WithEC_oid = new + ObjectIdentifier(sha1WithEC_data); + + public static final ObjectIdentifier sha256WithEC_oid = new + ObjectIdentifier(sha256WithEC_data); + + public static final ObjectIdentifier sha384WithEC_oid = new + ObjectIdentifier(sha384WithEC_data); + + public static final ObjectIdentifier sha512WithEC_oid = new + ObjectIdentifier(sha512WithEC_data); + + /** + * Identifies a signing algorithm where an MD2 digest is encrypted + * using an RSA private key; defined in PKCS #1. Use of this + * signing algorithm is discouraged due to MD2 vulnerabilities. + * OID = 1.2.840.113549.1.1.2 + */ + public static final ObjectIdentifier md2WithRSAEncryption_oid = new + ObjectIdentifier(md2WithRSAEncryption_data); + + /** + * Identifies a signing algorithm where an MD5 digest is + * encrypted using an RSA private key; defined in PKCS #1. + * OID = 1.2.840.113549.1.1.4 + */ + public static final ObjectIdentifier md5WithRSAEncryption_oid = new + ObjectIdentifier(md5WithRSAEncryption_data); + + /** + * The proper one for sha1/rsa + */ + public static final ObjectIdentifier sha1WithRSAEncryption_oid = new + ObjectIdentifier(sha1WithRSAEncryption_data); + + /** + * The proper one for sha256/rsa + */ + public static final ObjectIdentifier sha256WithRSAEncryption_oid = new + ObjectIdentifier(sha256WithRSAEncryption_data); + + /** + * The proper one for sha512/rsa + */ + public static final ObjectIdentifier sha512WithRSAEncryption_oid = new + ObjectIdentifier(sha512WithRSAEncryption_data); + + /** + * Identifies a signing algorithm where an SHA1 digest is + * encrypted using an RSA private key; defined in NIST OIW. + * OID = 1.3.14.3.2.29 + */ + public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid = new + ObjectIdentifier(sha1WithRSAEncryption_OIW_data); + + /** + * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a + * SHA digest is signed using the Digital Signing Algorithm (DSA). + * This should not be used. + * OID = 1.3.14.3.2.13 + */ + public static final ObjectIdentifier shaWithDSA_OIW_oid = new ObjectIdentifier(shaWithDSA_OIW_data); + + /** + * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a + * SHA1 digest is signed using the Digital Signing Algorithm (DSA). + * OID = 1.3.14.3.2.27 + */ + public static final ObjectIdentifier sha1WithDSA_OIW_oid = new ObjectIdentifier(sha1WithDSA_OIW_data); + + /** + * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a + * SHA1 digest is signed using the Digital Signing Algorithm (DSA). + * OID = 1.2.840.10040.4.3 + */ + public static final ObjectIdentifier sha1WithDSA_oid = new ObjectIdentifier(dsaWithSHA1_PKIX_data); + + /** + * Supported signing algorithms for a DSA key. + */ + public static final String[] DSA_SIGNING_ALGORITHMS = new String[] + { "SHA1withDSA" }; + + /** + * Supported signing algorithms for a RSA key. + */ + public static final String[] RSA_SIGNING_ALGORITHMS = new String[] + { "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "MD5withRSA", "MD2withRSA" }; + + public static final String[] EC_SIGNING_ALGORITHMS = new String[] + { "SHA1withEC", "SHA256withEC", "SHA384withEC", "SHA512withEC" }; + + /** + * All supported signing algorithms. + */ + public static final String[] ALL_SIGNING_ALGORITHMS = new String[] + { + "SHA1withRSA", "MD5withRSA", "MD2withRSA", "SHA1withDSA", "SHA256withRSA", "SHA512withRSA", "SHA1withEC", + "SHA256withEC", "SHA384withEC", "SHA512withEC" }; + +} |