diff options
Diffstat (limited to 'pki/base/util/src/netscape/security/x509/AlgorithmId.java')
| -rw-r--r-- | pki/base/util/src/netscape/security/x509/AlgorithmId.java | 1024 |
1 files changed, 539 insertions, 485 deletions
diff --git a/pki/base/util/src/netscape/security/x509/AlgorithmId.java b/pki/base/util/src/netscape/security/x509/AlgorithmId.java index 5cbd3dee6..289262615 100644 --- a/pki/base/util/src/netscape/security/x509/AlgorithmId.java +++ b/pki/base/util/src/netscape/security/x509/AlgorithmId.java @@ -30,26 +30,25 @@ import netscape.security.util.DerValue; import netscape.security.util.ObjectIdentifier; /** - * This class identifies algorithms, such as cryptographic transforms, each of - * which may be associated with parameters. Instances of this base class are - * used when this runtime environment has no special knowledge of the algorithm - * type, and may also be used in other cases. Equivalence is defined according - * to OID and (where relevant) parameters. - * - * <P> - * Subclasses may be used, for example when when the algorithm ID has associated - * parameters which some code (e.g. code using public keys) needs to have - * parsed. Two examples of such algorithms are Diffie-Hellman key exchange, and - * the Digital Signature Standard Algorithm (DSS/DSA). - * - * <P> - * The OID constants defined in this class correspond to some widely used - * algorithms, for which conventional string names have been defined. This class - * is not a general repository for OIDs, or for such string names. Note that the - * mappings between algorithm IDs and algorithm names is not one-to-one. - * + * This class identifies algorithms, such as cryptographic transforms, each + * of which may be associated with parameters. Instances of this base class + * are used when this runtime environment has no special knowledge of the + * algorithm type, and may also be used in other cases. Equivalence is + * defined according to OID and (where relevant) parameters. + * + * <P>Subclasses may be used, for example when when the algorithm ID has + * associated parameters which some code (e.g. code using public keys) needs + * to have parsed. Two examples of such algorithms are Diffie-Hellman key + * exchange, and the Digital Signature Standard Algorithm (DSS/DSA). + * + * <P>The OID constants defined in this class correspond to some widely + * used algorithms, for which conventional string names have been defined. + * This class is not a general repository for OIDs, or for such string names. + * Note that the mappings between algorithm IDs and algorithm names is + * not one-to-one. + * * @version 1.70 - * + * * @author David Brownell * @author Amit Kapoor * @author Hemma Prafullchandra @@ -65,398 +64,416 @@ public class AlgorithmId implements Serializable, DerEncoder { /** * The object identitifer being used for this algorithm. */ - private ObjectIdentifier algid = null; + private ObjectIdentifier algid = null; // The (parsed) parameters private AlgorithmParameters algParams; /** - * Parameters for this algorithm. These are stored in unparsed DER-encoded - * form; subclasses can be made to automaticaly parse them so there is fast - * access to these parameters. + * Parameters for this algorithm. These are stored in unparsed + * DER-encoded form; subclasses can be made to automaticaly parse + * them so there is fast access to these parameters. */ - protected DerValue params = null; + protected DerValue params = null; - protected String paramsString = null; + + protected String paramsString = null; /** - * Returns one of the algorithm IDs most commonly associated with this - * algorithm name. - * + * Returns one of the algorithm IDs most commonly associated + * with this algorithm name. + * * @param algname the name being used * @deprecated use the short get form of this method. * @exception NoSuchAlgorithmException on error. */ - public static AlgorithmId getAlgorithmId(String algname) - throws NoSuchAlgorithmException { - return get(algname); + public static AlgorithmId getAlgorithmId(String algname) + throws NoSuchAlgorithmException + { + return get(algname); } public AlgorithmParameters getParameters() { - return this.algParams; + return this.algParams; } public String getParametersString() { return this.paramsString; } - public void setParametersString(String paramStr) { + public void setParametersString(String paramStr) { this.paramsString = paramStr; } - + /** - * Returns one of the algorithm IDs most commonly associated with this - * algorithm name. - * + * Returns one of the algorithm IDs most commonly associated + * with this algorithm name. + * * @param algname the name being used * @exception NoSuchAlgorithmException on error. */ - public static AlgorithmId get(String algname) - throws NoSuchAlgorithmException { - ObjectIdentifier oid = algOID(algname); + public static AlgorithmId get(String algname) + throws NoSuchAlgorithmException + { + ObjectIdentifier oid = algOID(algname); - if (oid == null) - throw new NoSuchAlgorithmException("unrecognized algorithm name: " - + algname); + if (oid == null) + throw new NoSuchAlgorithmException + ("unrecognized algorithm name: " + algname); - return new AlgorithmId(oid); + return new AlgorithmId(oid); } /** - * Parse (unmarshal) an ID from a DER sequence input value. This form + * Parse (unmarshal) an ID from a DER sequence input value. This form * parsing might be used when expanding a value which has already been * partially unmarshaled as a set or sequence member. - * + * * @exception IOException on error. - * @param val the input value, which contains the algid and, if there are - * any parameters, those parameters. - * @return an ID for the algorithm. If the system is configured - * appropriately, this may be an instance of a class with some kind - * of special support for this algorithm. In that case, you may - * "narrow" the type of the ID. - */ - public static AlgorithmId parse(DerValue val) throws IOException { - if (val.tag != DerValue.tag_Sequence) - throw new IOException("algid parse error, not a sequence"); - - /* - * Get the algorithm ID and any parameters. - */ - ObjectIdentifier algid; - DerValue params; - DerInputStream in = val.toDerInputStream(); - - algid = in.getOID(); - if (in.available() == 0) - params = null; - else { - params = in.getDerValue(); - if (params.tag == DerValue.tag_Null) - params = null; - } - - /* - * Figure out what class (if any) knows about this oid's parameters. - * Make one, and give it the data to decode. - */ - AlgorithmId alg = new AlgorithmId(algid, params); + * @param val the input value, which contains the algid and, if + * there are any parameters, those parameters. + * @return an ID for the algorithm. If the system is configured + * appropriately, this may be an instance of a class + * with some kind of special support for this algorithm. + * In that case, you may "narrow" the type of the ID. + */ + public static AlgorithmId parse(DerValue val) + throws IOException + { + if (val.tag != DerValue.tag_Sequence) + throw new IOException("algid parse error, not a sequence"); + + /* + * Get the algorithm ID and any parameters. + */ + ObjectIdentifier algid; + DerValue params; + DerInputStream in = val.toDerInputStream(); + + algid = in.getOID(); + if (in.available() == 0) + params = null; + else { + params = in.getDerValue(); + if (params.tag == DerValue.tag_Null) + params = null; + } + + /* + * Figure out what class (if any) knows about this oid's + * parameters. Make one, and give it the data to decode. + */ + AlgorithmId alg = new AlgorithmId(algid, params); if (params != null) - alg.decodeParams(); + alg.decodeParams(); + /* - * Set the raw params string in case higher level code might want the - * info - */ + * Set the raw params string in case + * higher level code might want the info + */ String paramStr = null; - if (params != null) { + if ( params != null ) { paramStr = params.toString(); } alg.setParametersString(paramStr); - return alg; - } - - public static AlgorithmId parse(byte[] val) throws IOException { - return null; + return alg; } + public static AlgorithmId parse(byte[] val) + throws IOException + { + return null; + } + /** * Constructs a parameterless algorithm ID. - * + * * @param oid the identifier for the algorithm */ public AlgorithmId(ObjectIdentifier oid) { - algid = oid; + algid = oid; } + private AlgorithmId(ObjectIdentifier oid, DerValue params) - throws IOException { - this.algid = oid; - this.params = params; + throws IOException { + this.algid = oid; + this.params = params; if (this.params != null) - decodeParams(); + decodeParams(); } + /** - * Constructs an algorithm ID which will be initialized separately, for - * example by deserialization. - * + * Constructs an algorithm ID which will be initialized + * separately, for example by deserialization. * @deprecated use one of the other constructors. */ - public AlgorithmId() { - } + public AlgorithmId() { } + protected void decodeParams() throws IOException { - try { - this.algParams = AlgorithmParameters.getInstance(this.algid - .toString()); - } catch (NoSuchAlgorithmException e) { - /* - * This algorithm parameter type is not supported, so we cannot - * parse the parameters. - */ - this.algParams = null; - return; - } - // Decode (parse) the parameters - this.algParams.init(this.params.toByteArray()); + try { + this.algParams = AlgorithmParameters.getInstance + (this.algid.toString()); + } catch (NoSuchAlgorithmException e) { + /* + * This algorithm parameter type is not supported, so we cannot + * parse the parameters. + */ + this.algParams = null; + return; + } + // Decode (parse) the parameters + this.algParams.init(this.params.toByteArray()); } /** * Marshal a DER-encoded "AlgorithmID" sequence on the DER stream. */ - public final void encode(DerOutputStream out) throws IOException { - derEncode(out); + public final void encode(DerOutputStream out) + throws IOException + { + derEncode(out); } /** - * DER encode this object onto an output stream. Implements the - * <code>DerEncoder</code> interface. - * - * @param out the output stream on which to write the DER encoding. - * + * DER encode this object onto an output stream. + * Implements the <code>DerEncoder</code> interface. + * + * @param out + * the output stream on which to write the DER encoding. + * * @exception IOException on encoding error. */ - public void derEncode(OutputStream out) throws IOException { - DerOutputStream bytes = new DerOutputStream(); - DerOutputStream tmp = new DerOutputStream(); - - bytes.putOID(algid); - if (params == null) - bytes.putNull(); - else - bytes.putDerValue(params); - tmp.write(DerValue.tag_Sequence, bytes); - out.write(tmp.toByteArray()); + public void derEncode (OutputStream out) throws IOException + { + DerOutputStream bytes = new DerOutputStream(); + DerOutputStream tmp = new DerOutputStream(); + + bytes.putOID(algid); + if (params == null) + bytes.putNull(); + else + bytes.putDerValue(params); + tmp.write(DerValue.tag_Sequence, bytes); + out.write(tmp.toByteArray()); } - // XXXX cleaning required +// XXXX cleaning required /** * Returns the DER-encoded X.509 AlgorithmId as a byte array. */ - public final byte[] encode() throws IOException { - DerOutputStream out = new DerOutputStream(); - DerOutputStream bytes = new DerOutputStream(); - - bytes.putOID(algid); - if (params == null) - bytes.putNull(); - else - bytes.putDerValue(params); - out.write(DerValue.tag_Sequence, bytes); - return out.toByteArray(); + public final byte[] encode() throws IOException + { + DerOutputStream out = new DerOutputStream (); + DerOutputStream bytes = new DerOutputStream (); + + bytes.putOID(algid); + if (params == null) + bytes.putNull(); + else + bytes.putDerValue(params); + out.write(DerValue.tag_Sequence, bytes); + return out.toByteArray(); } /** - * Returns list of signing algorithms for a key algorithm such as RSA or - * DSA. + * Returns list of signing algorithms for a key algorithm such as + * RSA or DSA. */ public static String[] getSigningAlgorithms(AlgorithmId alg) { - ObjectIdentifier algOid = alg.getOID(); - // System.out.println("Key Alg oid "+algOid.toString()); - if (algOid.equals(DSA_oid) || algOid.equals(DSA_OIW_oid)) { - return DSA_SIGNING_ALGORITHMS; - } else if (algOid.equals(RSA_oid) || algOid.equals(RSAEncryption_oid)) { - return RSA_SIGNING_ALGORITHMS; - } else if (algOid.equals(ANSIX962_EC_Public_Key_oid) - || algOid.equals(ANSIX962_SHA1_With_EC_oid)) { - return EC_SIGNING_ALGORITHMS; - } else { - return null; - } + ObjectIdentifier algOid = alg.getOID(); + //System.out.println("Key Alg oid "+algOid.toString()); + if (algOid.equals(DSA_oid) || algOid.equals(DSA_OIW_oid)) { + return DSA_SIGNING_ALGORITHMS; + } else if (algOid.equals(RSA_oid) || algOid.equals(RSAEncryption_oid)) { + return RSA_SIGNING_ALGORITHMS; + } else if (algOid.equals(ANSIX962_EC_Public_Key_oid) || algOid.equals(ANSIX962_SHA1_With_EC_oid)) { + return EC_SIGNING_ALGORITHMS; + } else { + return null; + } } /* - * Translates from some common algorithm names to the OID with which they're - * usually associated ... this mapping is the reverse of the one below, - * except in those cases where synonyms are supported or where a given - * algorithm is commonly associated with multiple OIDs. - */ - private static ObjectIdentifier algOID(String name) { - // Digesting algorithms - - if (name.equals("MD5")) - return AlgorithmId.MD5_oid; - if (name.equals("MD2")) - return AlgorithmId.MD2_oid; - if (name.equals("SHA") || name.equals("SHA1") || name.equals("SHA-1")) - return AlgorithmId.SHA_oid; - if (name.equals("SHA256") || name.equals("SHA-256")) - return AlgorithmId.SHA256_oid; - if (name.equals("SHA512") || name.equals("SHA-512")) - return AlgorithmId.SHA512_oid; - - // Various public key algorithms - - if (name.equals("RSA")) - return AlgorithmId.RSA_oid; - - if (name.equals("RSAEncryption")) - return AlgorithmId.RSAEncryption_oid; - if (name.equals("Diffie-Hellman") || name.equals("DH")) - return AlgorithmId.DH_oid; - if (name.equals("DSA")) - return AlgorithmId.DSA_oid; - - // Common signature types - - if (name.equals("SHA1withEC") || name.equals("SHA1/EC") - || name.equals("1.2.840.10045.4.1")) - return AlgorithmId.sha1WithEC_oid; - if (name.equals("SHA256withEC") || name.equals("SHA256/EC") - || name.equals("1.2.840.10045.4.3.2")) - return AlgorithmId.sha256WithEC_oid; - if (name.equals("SHA384withEC") || name.equals("SHA384/EC") - || name.equals("1.2.840.10045.4.3.3")) - return AlgorithmId.sha384WithEC_oid; - if (name.equals("SHA512withEC") || name.equals("SHA512/EC") - || name.equals("1.2.840.10045.4.3.4")) - return AlgorithmId.sha512WithEC_oid; - if (name.equals("SHA1withRSA") || name.equals("SHA1/RSA") - || name.equals("1.2.840.113549.1.1.5")) - return AlgorithmId.sha1WithRSAEncryption_oid; - if (name.equals("SHA256withRSA") || name.equals("SHA256/RSA") - || name.equals("1.2.840.113549.1.1.11")) - return AlgorithmId.sha256WithRSAEncryption_oid; - if (name.equals("SHA512withRSA") || name.equals("SHA512/RSA") - || name.equals("1.2.840.113549.1.1.13")) - return AlgorithmId.sha512WithRSAEncryption_oid; - if (name.equals("MD5withRSA") || name.equals("MD5/RSA")) - return AlgorithmId.md5WithRSAEncryption_oid; - if (name.equals("MD2withRSA") || name.equals("MD2/RSA")) - return AlgorithmId.md2WithRSAEncryption_oid; - if (name.equals("SHAwithDSA") || name.equals("SHA1withDSA") - || name.equals("SHA/DSA") || name.equals("SHA1/DSA")) - return AlgorithmId.sha1WithDSA_oid; - - return null; + * Translates from some common algorithm names to the + * OID with which they're usually associated ... this mapping + * is the reverse of the one below, except in those cases + * where synonyms are supported or where a given algorithm + * is commonly associated with multiple OIDs. + */ + private static ObjectIdentifier algOID (String name) + { + // Digesting algorithms + + if (name.equals ("MD5")) + return AlgorithmId.MD5_oid; + if (name.equals ("MD2")) + return AlgorithmId.MD2_oid; + if (name.equals ("SHA") || name.equals ("SHA1") + || name.equals("SHA-1")) + return AlgorithmId.SHA_oid; + if (name.equals ("SHA256") || name.equals("SHA-256")) + return AlgorithmId.SHA256_oid; + if (name.equals("SHA512") || name.equals("SHA-512")) + return AlgorithmId.SHA512_oid; + + // Various public key algorithms + + if (name.equals ("RSA")) + return AlgorithmId.RSA_oid; + + if (name.equals ("RSAEncryption")) + return AlgorithmId.RSAEncryption_oid; + if (name.equals ("Diffie-Hellman") || name.equals("DH")) + return AlgorithmId.DH_oid; + if (name.equals ("DSA")) + return AlgorithmId.DSA_oid; + + // Common signature types + + if (name.equals ("SHA1withEC") || name.equals("SHA1/EC") + || name.equals("1.2.840.10045.4.1")) + return AlgorithmId.sha1WithEC_oid; + if (name.equals ("SHA256withEC") || name.equals("SHA256/EC") + || name.equals("1.2.840.10045.4.3.2")) + return AlgorithmId.sha256WithEC_oid; + if (name.equals ("SHA384withEC") || name.equals("SHA384/EC") + || name.equals("1.2.840.10045.4.3.3")) + return AlgorithmId.sha384WithEC_oid; + if (name.equals ("SHA512withEC") || name.equals("SHA512/EC") + || name.equals("1.2.840.10045.4.3.4")) + return AlgorithmId.sha512WithEC_oid; + if (name.equals ("SHA1withRSA") || name.equals("SHA1/RSA") + || name.equals("1.2.840.113549.1.1.5")) + return AlgorithmId.sha1WithRSAEncryption_oid; + if (name.equals ("SHA256withRSA") || name.equals("SHA256/RSA") + || name.equals("1.2.840.113549.1.1.11")) + return AlgorithmId.sha256WithRSAEncryption_oid; + if (name.equals ("SHA512withRSA") || name.equals("SHA512/RSA") + || name.equals("1.2.840.113549.1.1.13")) + return AlgorithmId.sha512WithRSAEncryption_oid; + if (name.equals ("MD5withRSA") || name.equals("MD5/RSA")) + return AlgorithmId.md5WithRSAEncryption_oid; + if (name.equals ("MD2withRSA") || name.equals("MD2/RSA")) + return AlgorithmId.md2WithRSAEncryption_oid; + if (name.equals("SHAwithDSA") || name.equals("SHA1withDSA") + || name.equals("SHA/DSA") || name.equals("SHA1/DSA")) + return AlgorithmId.sha1WithDSA_oid; + + return null; } /* - * For the inevitable cases where key or signature types are not configured - * in an environment which encounters such keys or signatures, we still - * attempt to provide user-friendly names for some of the most common - * algorithms. Subclasses can of course override getName(). - * - * Wherever possible, the names are those defined by the IETF. Such names - * are noted below. - */ - private String algName() { - // Common message digest algorithms - - if (algid.equals(AlgorithmId.MD5_oid)) - return "MD5"; // RFC 1423 - if (algid.equals(AlgorithmId.MD2_oid)) - return "MD2"; // RFC 1423 - if (algid.equals(AlgorithmId.SHA_oid)) - return "SHA"; - if (algid.equals(AlgorithmId.SHA256_oid)) - return "SHA256"; - if (algid.equals(AlgorithmId.SHA512_oid)) - return "SHA512"; - - // Common key types - - if (algid.equals(AlgorithmId.ANSIX962_EC_Public_Key_oid)) - return "EC"; - if (algid.equals(AlgorithmId.RSAEncryption_oid) - || algid.equals(AlgorithmId.RSA_oid)) - return "RSA"; - if (algid.equals(AlgorithmId.DH_oid) + * For the inevitable cases where key or signature types are not + * configured in an environment which encounters such keys or + * signatures, we still attempt to provide user-friendly names + * for some of the most common algorithms. Subclasses can of + * course override getName(). + * + * Wherever possible, the names are those defined by the IETF. + * Such names are noted below. + */ + private String algName() + { + // Common message digest algorithms + + if (algid.equals(AlgorithmId.MD5_oid)) + return "MD5"; // RFC 1423 + if (algid.equals(AlgorithmId.MD2_oid)) + return "MD2"; // RFC 1423 + if (algid.equals(AlgorithmId.SHA_oid)) + return "SHA"; + if (algid.equals(AlgorithmId.SHA256_oid)) + return "SHA256"; + if (algid.equals(AlgorithmId.SHA512_oid)) + return "SHA512"; + + // Common key types + + if (algid.equals(AlgorithmId.ANSIX962_EC_Public_Key_oid)) + return "EC"; + if (algid.equals(AlgorithmId.RSAEncryption_oid) + || algid.equals(AlgorithmId.RSA_oid)) + return "RSA"; + if (algid.equals(AlgorithmId.DH_oid) || algid.equals(AlgorithmId.DH_PKIX_oid)) - return "Diffie-Hellman"; - if (algid.equals(AlgorithmId.DSA_oid) + return "Diffie-Hellman"; + if (algid.equals(AlgorithmId.DSA_oid) || algid.equals(AlgorithmId.DSA_OIW_oid)) - return "DSA"; - - // Common signature types - - if (algid.equals(AlgorithmId.sha1WithEC_oid)) - return "SHA1withEC"; - if (algid.equals(AlgorithmId.sha256WithEC_oid)) - return "SHA256withEC"; - if (algid.equals(AlgorithmId.sha384WithEC_oid)) - return "SHA384withEC"; - if (algid.equals(AlgorithmId.sha512WithEC_oid)) - return "SHA512withEC"; - if (algid.equals(AlgorithmId.md5WithRSAEncryption_oid)) - return "MD5withRSA"; - if (algid.equals(AlgorithmId.md2WithRSAEncryption_oid)) - return "MD2withRSA"; - if (algid.equals(AlgorithmId.sha1WithRSAEncryption_oid)) - return "SHA1withRSA"; - if (algid.equals(AlgorithmId.sha256WithRSAEncryption_oid)) - return "SHA256withRSA"; - if (algid.equals(AlgorithmId.sha512WithRSAEncryption_oid)) - return "SHA512withRSA"; - if (algid.equals(AlgorithmId.sha1WithDSA_oid) + return "DSA"; + + // Common signature types + + if (algid.equals (AlgorithmId.sha1WithEC_oid)) + return "SHA1withEC"; + if (algid.equals (AlgorithmId.sha256WithEC_oid)) + return "SHA256withEC"; + if (algid.equals (AlgorithmId.sha384WithEC_oid)) + return "SHA384withEC"; + if (algid.equals (AlgorithmId.sha512WithEC_oid)) + return "SHA512withEC"; + if (algid.equals (AlgorithmId.md5WithRSAEncryption_oid)) + return "MD5withRSA"; + if (algid.equals (AlgorithmId.md2WithRSAEncryption_oid)) + return "MD2withRSA"; + if (algid.equals (AlgorithmId.sha1WithRSAEncryption_oid)) + return "SHA1withRSA"; + if (algid.equals (AlgorithmId.sha256WithRSAEncryption_oid)) + return "SHA256withRSA"; + if (algid.equals (AlgorithmId.sha512WithRSAEncryption_oid)) + return "SHA512withRSA"; + if (algid.equals(AlgorithmId.sha1WithDSA_oid) || algid.equals(AlgorithmId.sha1WithDSA_OIW_oid) || algid.equals(AlgorithmId.shaWithDSA_OIW_oid)) - return "SHA1withDSA"; + return "SHA1withDSA"; - // default returns a dot-notation ID + // default returns a dot-notation ID - return "OID." + algid.toString(); + return "OID." + algid.toString (); } /** - * Returns the ISO OID for this algorithm. This is usually converted to a - * string and used as part of an algorithm name, for example - * "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code> call - * when you do not need to ensure cross-system portability of algorithm - * names, or need a user friendly name. + * Returns the ISO OID for this algorithm. This is usually converted + * to a string and used as part of an algorithm name, for example + * "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code> + * call when you do not need to ensure cross-system portability + * of algorithm names, or need a user friendly name. */ - final public ObjectIdentifier getOID() { - return algid; - } + final public ObjectIdentifier getOID () + { return algid; } + /** - * Returns a name for the algorithm which may be more intelligible to humans - * than the algorithm's OID, but which won't necessarily be comprehensible - * on other systems. For example, this might return a name such as - * "MD5withRSA" for a signature algorithm on some systems. It also returns - * names like "OID.1.2.3.4", when no particular name for the algorithm is - * known. + * Returns a name for the algorithm which may be more intelligible + * to humans than the algorithm's OID, but which won't necessarily + * be comprehensible on other systems. For example, this might + * return a name such as "MD5withRSA" for a signature algorithm on + * some systems. It also returns names like "OID.1.2.3.4", when + * no particular name for the algorithm is known. */ - public String getName() { - return algName(); - } + public String getName() + { return algName (); } /** * Returns a string describing the algorithm and its parameters. */ - public String toString() { - return (algName() + paramsToString()); + public String toString() + { + return (algName() + paramsToString()); } /** - * Returns the DER encoded parameter, which can then be used to initialize - * java.security.AlgorithmParamters. - * + * Returns the DER encoded parameter, which can then be + * used to initialize java.security.AlgorithmParamters. + * * @return DER encoded parameters, or null not present. */ public byte[] getEncodedParams() throws IOException { @@ -467,58 +484,66 @@ public class AlgorithmId implements Serializable, DerEncoder { } /** - * Provides a human-readable description of the algorithm parameters. This - * may be redefined by subclasses which parse those parameters. + * Provides a human-readable description of the algorithm parameters. + * This may be redefined by subclasses which parse those parameters. */ - protected String paramsToString() { - if (params == null) { - return ""; - } else if (algParams != null) { - return algParams.toString(); - } else { - return ", params unparsed"; - } + protected String paramsToString() + { + if (params == null) { + return ""; + } else if (algParams != null) { + return algParams.toString(); + } else { + return ", params unparsed"; + } } + /** - * Returns true iff the argument indicates the same algorithm with the same - * parameters. + * Returns true iff the argument indicates the same algorithm + * with the same parameters. */ - public boolean equals(AlgorithmId other) { - if (!algid.equals(other.algid)) - return false; - else if (params == null && other.params == null) - return true; - else if (params == null) + public boolean equals(AlgorithmId other) + { + if (!algid.equals (other.algid)) return false; - else - return params.equals(other.params); + else if (params == null && other.params == null) + return true; + else if (params == null) + return false; + else + return params.equals(other.params); } + /** - * Compares this AlgorithmID to another. If algorithm parameters are - * available, they are compared. Otherwise, just the object IDs for the - * algorithm are compared. - * + * Compares this AlgorithmID to another. If algorithm parameters are + * available, they are compared. Otherwise, just the object IDs + * for the algorithm are compared. + * * @param other preferably an AlgorithmId, else an ObjectIdentifier */ - public boolean equals(Object other) { - if (other instanceof AlgorithmId) - return equals((AlgorithmId) other); - else if (other instanceof ObjectIdentifier) - return equals((ObjectIdentifier) other); - else - return false; + public boolean equals(Object other) + { + if (other instanceof AlgorithmId) + return equals((AlgorithmId) other); + else if (other instanceof ObjectIdentifier) + return equals((ObjectIdentifier) other); + else + return false; } + /** - * Compares two algorithm IDs for equality. Returns true iff they are the - * same algorithm, ignoring algorithm parameters. + * Compares two algorithm IDs for equality. Returns true iff + * they are the same algorithm, ignoring algorithm parameters. */ - public final boolean equals(ObjectIdentifier id) { - return algid.equals(id); + public final boolean equals(ObjectIdentifier id) + { + return algid.equals(id); } + /*****************************************************************/ /* @@ -528,37 +553,37 @@ public class AlgorithmId implements Serializable, DerEncoder { private static final int MD5_data[] = { 1, 2, 840, 113549, 2, 5 }; // sha = { 1, 3, 14, 3, 2, 18 }; private static final int SHA1_OIW_data[] = { 1, 3, 14, 3, 2, 26 }; - private static final int SHA256_data[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 }; - private static final int SHA512_data[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 }; + private static final int SHA256_data[] = {2, 16, 840, 1, 101, 3, 4, 2, 1}; + private static final int SHA512_data[] = {2, 16, 840, 1, 101, 3, 4, 2, 3}; /** - * Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319. OID = - * 1.2.840.113549.2.2 + * Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319. + * OID = 1.2.840.113549.2.2 */ - public static final ObjectIdentifier MD2_oid = new ObjectIdentifier( - MD2_data); + public static final ObjectIdentifier + MD2_oid = new ObjectIdentifier(MD2_data); /** - * Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321. OID = - * 1.2.840.113549.2.5 + * Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321. + * OID = 1.2.840.113549.2.5 */ - public static final ObjectIdentifier MD5_oid = new ObjectIdentifier( - MD5_data); + public static final ObjectIdentifier + MD5_oid = new ObjectIdentifier(MD5_data); /** - * Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1. This - * is sometimes called "SHA", though that is often confusing since many - * people refer to FIPS 180 (which has an error) as defining SHA. OID = - * 1.3.14.3.2.26 + * Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1. + * This is sometimes called "SHA", though that is often confusing since + * many people refer to FIPS 180 (which has an error) as defining SHA. + * OID = 1.3.14.3.2.26 */ - public static final ObjectIdentifier SHA_oid = new ObjectIdentifier( - SHA1_OIW_data); + public static final ObjectIdentifier + SHA_oid = new ObjectIdentifier(SHA1_OIW_data); - public static final ObjectIdentifier SHA256_oid = new ObjectIdentifier( - SHA256_data); + public static final ObjectIdentifier + SHA256_oid = new ObjectIdentifier(SHA256_data); - public static final ObjectIdentifier SHA512_oid = new ObjectIdentifier( - SHA512_data); + public static final ObjectIdentifier + SHA512_oid = new ObjectIdentifier(SHA512_data); /* * COMMON PUBLIC KEY TYPES @@ -568,194 +593,223 @@ public class AlgorithmId implements Serializable, DerEncoder { private static final int DSA_OIW_data[] = { 1, 3, 14, 3, 2, 12 }; private static final int DSA_PKIX_data[] = { 1, 2, 840, 10040, 4, 1 }; private static final int RSA_data[] = { 1, 2, 5, 8, 1, 1 }; - private static final int RSAEncryption_data[] = { 1, 2, 840, 113549, 1, 1, - 1 }; - private static final int ANSI_X962_public_key_data[] = { 1, 2, 840, 10045, - 2, 1 }; - private static final int ANSI_X962_sha1_with_ec_data[] = { 1, 2, 840, - 10045, 4, 1 }; - - public static final ObjectIdentifier ANSIX962_EC_Public_Key_oid = new ObjectIdentifier( - ANSI_X962_public_key_data); - public static final ObjectIdentifier ANSIX962_SHA1_With_EC_oid = new ObjectIdentifier( - ANSI_X962_sha1_with_ec_data); + private static final int RSAEncryption_data[] = + { 1, 2, 840, 113549, 1, 1, 1 }; + private static final int ANSI_X962_public_key_data[] = + { 1, 2, 840, 10045, 2, 1 }; + private static final int ANSI_X962_sha1_with_ec_data[] = + { 1, 2, 840, 10045, 4, 1 }; + + public static final ObjectIdentifier + ANSIX962_EC_Public_Key_oid = new ObjectIdentifier(ANSI_X962_public_key_data); + public static final ObjectIdentifier + ANSIX962_SHA1_With_EC_oid = new ObjectIdentifier(ANSI_X962_sha1_with_ec_data); /* - * Note the preferred OIDs are named simply with no "OIW" or "PKIX" in them, - * even though they may point to data from these specs; e.g. SHA_oid, - * DH_oid, DSA_oid, SHA1WithDSA_oid... + * Note the preferred OIDs are named simply with no "OIW" or + * "PKIX" in them, even though they may point to data from these + * specs; e.g. SHA_oid, DH_oid, DSA_oid, SHA1WithDSA_oid... */ /** - * Algorithm ID for Diffie Hellman Key agreement, from PKCS #3. Parameters - * include public values P and G, and may optionally specify the length of - * the private key X. Alternatively, algorithm parameters may be derived - * from another source such as a Certificate Authority's certificate. OID = - * 1.2.840.113549.1.3.1 + * Algorithm ID for Diffie Hellman Key agreement, from PKCS #3. + * Parameters include public values P and G, and may optionally specify + * the length of the private key X. Alternatively, algorithm parameters + * may be derived from another source such as a Certificate Authority's + * certificate. + * OID = 1.2.840.113549.1.3.1 */ - public static final ObjectIdentifier DH_oid = new ObjectIdentifier(DH_data); + public static final ObjectIdentifier + DH_oid = new ObjectIdentifier(DH_data); /** - * Algorithm ID for the Diffie Hellman Key Agreement (DH), from the IETF - * PKIX IPKI Part I. Parameters may include public values P and G. OID = - * 1.2.840.10046.2.1 + * Algorithm ID for the Diffie Hellman Key Agreement (DH), from the + * IETF PKIX IPKI Part I. + * Parameters may include public values P and G. + * OID = 1.2.840.10046.2.1 */ - public static final ObjectIdentifier DH_PKIX_oid = new ObjectIdentifier( - DH_PKIX_data); + public static final ObjectIdentifier + DH_PKIX_oid = new ObjectIdentifier(DH_PKIX_data); /** - * Algorithm ID for the Digital Signing Algorithm (DSA), from the NIST OIW - * Stable Agreements part 12. Parameters may include public values P, Q, and - * G; or these may be derived from another source such as a Certificate - * Authority's certificate. OID = 1.3.14.3.2.12 + * Algorithm ID for the Digital Signing Algorithm (DSA), from the + * NIST OIW Stable Agreements part 12. + * Parameters may include public values P, Q, and G; or these may be + * derived from + * another source such as a Certificate Authority's certificate. + * OID = 1.3.14.3.2.12 */ - public static final ObjectIdentifier DSA_OIW_oid = new ObjectIdentifier( - DSA_OIW_data); + public static final ObjectIdentifier + DSA_OIW_oid = new ObjectIdentifier(DSA_OIW_data); /** - * Algorithm ID for the Digital Signing Algorithm (DSA), from the IETF PKIX - * IPKI Part I. Parameters may include public values P, Q, and G; or these - * may be derived from another source such as a Certificate Authority's - * certificate. OID = 1.2.840.10040.4.1 + * Algorithm ID for the Digital Signing Algorithm (DSA), from the + * IETF PKIX IPKI Part I. + * Parameters may include public values P, Q, and G; or these may be + * derived from + * another source such as a Certificate Authority's certificate. + * OID = 1.2.840.10040.4.1 */ - public static final ObjectIdentifier DSA_oid = new ObjectIdentifier( - DSA_PKIX_data); + public static final ObjectIdentifier + DSA_oid = new ObjectIdentifier(DSA_PKIX_data); /** - * Algorithm ID for RSA keys used for any purpose, as defined in X.509. The - * algorithm parameter is a single value, the number of bits in the public - * modulus. OID = 1.2.5.8.1.1 + * Algorithm ID for RSA keys used for any purpose, as defined in X.509. + * The algorithm parameter is a single value, the number of bits in the + * public modulus. + * OID = 1.2.5.8.1.1 */ - public static final ObjectIdentifier RSA_oid = new ObjectIdentifier( - RSA_data); + public static final ObjectIdentifier + RSA_oid = new ObjectIdentifier(RSA_data); + /** - * Algorithm ID for RSA keys used with RSA encryption, as defined in PKCS - * #1. There are no parameters associated with this algorithm. OID = - * 1.2.840.113549.1.1.1 + * Algorithm ID for RSA keys used with RSA encryption, as defined + * in PKCS #1. There are no parameters associated with this algorithm. + * OID = 1.2.840.113549.1.1.1 */ - public static final ObjectIdentifier RSAEncryption_oid = new ObjectIdentifier( - RSAEncryption_data); + public static final ObjectIdentifier + RSAEncryption_oid = new ObjectIdentifier(RSAEncryption_data); + /* * COMMON SIGNATURE ALGORITHMS */ - private static final int sha1WithEC_data[] = { 1, 2, 840, 10045, 4, 1 }; - private static final int sha256WithEC_data[] = { 1, 2, 840, 10045, 4, 3, 2 }; - private static final int sha384WithEC_data[] = { 1, 2, 840, 10045, 4, 3, 3 }; - private static final int sha512WithEC_data[] = { 1, 2, 840, 10045, 4, 3, 4 }; - private static final int md2WithRSAEncryption_data[] = { 1, 2, 840, 113549, - 1, 1, 2 }; - private static final int md5WithRSAEncryption_data[] = { 1, 2, 840, 113549, - 1, 1, 4 }; - private static final int sha1WithRSAEncryption_data[] = { 1, 2, 840, - 113549, 1, 1, 5 }; - private static final int sha256WithRSAEncryption_data[] = { 1, 2, 840, - 113549, 1, 1, 11 }; - private static final int sha512WithRSAEncryption_data[] = { 1, 2, 840, - 113549, 1, 1, 13 }; - private static final int sha1WithRSAEncryption_OIW_data[] = { 1, 3, 14, 3, - 2, 29 }; - private static final int shaWithDSA_OIW_data[] = { 1, 3, 14, 3, 2, 13 }; - private static final int sha1WithDSA_OIW_data[] = { 1, 3, 14, 3, 2, 27 }; - private static final int dsaWithSHA1_PKIX_data[] = { 1, 2, 840, 10040, 4, 3 }; - - public static final ObjectIdentifier sha1WithEC_oid = new ObjectIdentifier( - sha1WithEC_data); - - public static final ObjectIdentifier sha256WithEC_oid = new ObjectIdentifier( - sha256WithEC_data); - - public static final ObjectIdentifier sha384WithEC_oid = new ObjectIdentifier( - sha384WithEC_data); - - public static final ObjectIdentifier sha512WithEC_oid = new ObjectIdentifier( - sha512WithEC_data); - - /** - * Identifies a signing algorithm where an MD2 digest is encrypted using an - * RSA private key; defined in PKCS #1. Use of this signing algorithm is - * discouraged due to MD2 vulnerabilities. OID = 1.2.840.113549.1.1.2 - */ - public static final ObjectIdentifier md2WithRSAEncryption_oid = new ObjectIdentifier( - md2WithRSAEncryption_data); - - /** - * Identifies a signing algorithm where an MD5 digest is encrypted using an - * RSA private key; defined in PKCS #1. OID = 1.2.840.113549.1.1.4 - */ - public static final ObjectIdentifier md5WithRSAEncryption_oid = new ObjectIdentifier( - md5WithRSAEncryption_data); + private static final int sha1WithEC_data[] = + { 1, 2, 840, 10045, 4, 1 }; + private static final int sha256WithEC_data[] = + { 1, 2, 840, 10045, 4, 3, 2 }; + private static final int sha384WithEC_data[] = + { 1, 2, 840, 10045, 4, 3, 3 }; + private static final int sha512WithEC_data[] = + { 1, 2, 840, 10045, 4, 3, 4 }; + private static final int md2WithRSAEncryption_data[] = + { 1, 2, 840, 113549, 1, 1, 2 }; + private static final int md5WithRSAEncryption_data[] = + { 1, 2, 840, 113549, 1, 1, 4 }; + private static final int sha1WithRSAEncryption_data[] = + { 1, 2, 840, 113549 ,1, 1, 5 }; + private static final int sha256WithRSAEncryption_data[] = + { 1, 2, 840, 113549 ,1, 1, 11 }; + private static final int sha512WithRSAEncryption_data[] = + { 1, 2, 840, 113549 ,1, 1, 13 }; + private static final int sha1WithRSAEncryption_OIW_data[] = + { 1, 3, 14, 3, 2, 29 }; + private static final int shaWithDSA_OIW_data[] = + { 1, 3, 14, 3, 2, 13 }; + private static final int sha1WithDSA_OIW_data[] = + { 1, 3, 14, 3, 2, 27 }; + private static final int dsaWithSHA1_PKIX_data[] = + { 1, 2, 840, 10040, 4, 3 }; + + public static final ObjectIdentifier + sha1WithEC_oid = new + ObjectIdentifier(sha1WithEC_data); + + public static final ObjectIdentifier + sha256WithEC_oid = new + ObjectIdentifier(sha256WithEC_data); + + public static final ObjectIdentifier + sha384WithEC_oid = new + ObjectIdentifier(sha384WithEC_data); + + public static final ObjectIdentifier + sha512WithEC_oid = new + ObjectIdentifier(sha512WithEC_data); + + /** + * Identifies a signing algorithm where an MD2 digest is encrypted + * using an RSA private key; defined in PKCS #1. Use of this + * signing algorithm is discouraged due to MD2 vulnerabilities. + * OID = 1.2.840.113549.1.1.2 + */ + public static final ObjectIdentifier + md2WithRSAEncryption_oid = new + ObjectIdentifier(md2WithRSAEncryption_data); + + /** + * Identifies a signing algorithm where an MD5 digest is + * encrypted using an RSA private key; defined in PKCS #1. + * OID = 1.2.840.113549.1.1.4 + */ + public static final ObjectIdentifier + md5WithRSAEncryption_oid = new + ObjectIdentifier(md5WithRSAEncryption_data); /** * The proper one for sha1/rsa */ - public static final ObjectIdentifier sha1WithRSAEncryption_oid = new ObjectIdentifier( - sha1WithRSAEncryption_data); + public static final ObjectIdentifier + sha1WithRSAEncryption_oid = new + ObjectIdentifier(sha1WithRSAEncryption_data); /** * The proper one for sha256/rsa */ - public static final ObjectIdentifier sha256WithRSAEncryption_oid = new ObjectIdentifier( - sha256WithRSAEncryption_data); + public static final ObjectIdentifier + sha256WithRSAEncryption_oid = new + ObjectIdentifier(sha256WithRSAEncryption_data); /** * The proper one for sha512/rsa */ - public static final ObjectIdentifier sha512WithRSAEncryption_oid = new ObjectIdentifier( - sha512WithRSAEncryption_data); + public static final ObjectIdentifier + sha512WithRSAEncryption_oid = new + ObjectIdentifier(sha512WithRSAEncryption_data); /** - * Identifies a signing algorithm where an SHA1 digest is encrypted using an - * RSA private key; defined in NIST OIW. OID = 1.3.14.3.2.29 + * Identifies a signing algorithm where an SHA1 digest is + * encrypted using an RSA private key; defined in NIST OIW. + * OID = 1.3.14.3.2.29 */ - public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid = new ObjectIdentifier( - sha1WithRSAEncryption_OIW_data); + public static final ObjectIdentifier + sha1WithRSAEncryption_OIW_oid = new + ObjectIdentifier(sha1WithRSAEncryption_OIW_data); /** - * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a SHA - * digest is signed using the Digital Signing Algorithm (DSA). This should - * not be used. OID = 1.3.14.3.2.13 + * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a + * SHA digest is signed using the Digital Signing Algorithm (DSA). + * This should not be used. + * OID = 1.3.14.3.2.13 */ - public static final ObjectIdentifier shaWithDSA_OIW_oid = new ObjectIdentifier( - shaWithDSA_OIW_data); + public static final ObjectIdentifier + shaWithDSA_OIW_oid = new ObjectIdentifier(shaWithDSA_OIW_data); /** - * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a SHA1 - * digest is signed using the Digital Signing Algorithm (DSA). OID = - * 1.3.14.3.2.27 + * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a + * SHA1 digest is signed using the Digital Signing Algorithm (DSA). + * OID = 1.3.14.3.2.27 */ - public static final ObjectIdentifier sha1WithDSA_OIW_oid = new ObjectIdentifier( - sha1WithDSA_OIW_data); + public static final ObjectIdentifier + sha1WithDSA_OIW_oid = new ObjectIdentifier(sha1WithDSA_OIW_data); /** - * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a SHA1 - * digest is signed using the Digital Signing Algorithm (DSA). OID = - * 1.2.840.10040.4.3 + * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a + * SHA1 digest is signed using the Digital Signing Algorithm (DSA). + * OID = 1.2.840.10040.4.3 */ - public static final ObjectIdentifier sha1WithDSA_oid = new ObjectIdentifier( - dsaWithSHA1_PKIX_data); + public static final ObjectIdentifier + sha1WithDSA_oid = new ObjectIdentifier(dsaWithSHA1_PKIX_data); - /** + /** * Supported signing algorithms for a DSA key. */ - public static final String[] DSA_SIGNING_ALGORITHMS = new String[] { "SHA1withDSA" }; + public static final String[] DSA_SIGNING_ALGORITHMS = new String[] + { "SHA1withDSA" }; - /** + /** * Supported signing algorithms for a RSA key. */ - public static final String[] RSA_SIGNING_ALGORITHMS = new String[] { - "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "MD5withRSA", - "MD2withRSA" }; + public static final String[] RSA_SIGNING_ALGORITHMS = new String[] + { "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "MD5withRSA", "MD2withRSA" }; - public static final String[] EC_SIGNING_ALGORITHMS = new String[] { - "SHA1withEC", "SHA256withEC", "SHA384withEC", "SHA512withEC" }; + public static final String[] EC_SIGNING_ALGORITHMS = new String[] + { "SHA1withEC", "SHA256withEC", "SHA384withEC", "SHA512withEC" }; - /** + /** * All supported signing algorithms. */ - public static final String[] ALL_SIGNING_ALGORITHMS = new String[] { - "SHA1withRSA", "MD5withRSA", "MD2withRSA", "SHA1withDSA", - "SHA256withRSA", "SHA512withRSA", "SHA1withEC", "SHA256withEC", - "SHA384withEC", "SHA512withEC" }; + public static final String[] ALL_SIGNING_ALGORITHMS = new String[] + { "SHA1withRSA", "MD5withRSA", "MD2withRSA", "SHA1withDSA", "SHA256withRSA", "SHA512withRSA", "SHA1withEC", "SHA256withEC", "SHA384withEC", "SHA512withEC" }; } |