sun.security.util.ObjectIdentifier Java Examples

/**
 * Sets the policy constraint. The {@code X509Certificate} must
 * include at least one of the specified policies in its certificate
 * policies extension. If {@code certPolicySet} is empty, then the
 * {@code X509Certificate} must include at least some specified policy
 * in its certificate policies extension. If {@code certPolicySet} is
 * {@code null}, no policy check will be performed.
 * <p>
 * Note that the {@code Set} is cloned to protect against
 * subsequent modifications.
 *
 * @param certPolicySet a {@code Set} of certificate policy OIDs in
 *                      string format (or {@code null}). Each OID is
 *                      represented by a set of nonnegative integers
 *                    separated by periods.
 * @throws IOException if a parsing error occurs on the OID such as
 * the first component is not 0, 1 or 2 or the second component is
 * greater than 39.
 * @see #getPolicy
 */
public void setPolicy(Set<String> certPolicySet) throws IOException {
    if (certPolicySet == null) {
        policySet = null;
        policy = null;
    } else {
        // Snapshot set and parse it
        Set<String> tempSet = Collections.unmodifiableSet
                                    (new HashSet<String>(certPolicySet));
        /* Convert to Vector of ObjectIdentifiers */
        Iterator<String> i = tempSet.iterator();
        Vector<CertificatePolicyId> polIdVector = new Vector<CertificatePolicyId>();
        while (i.hasNext()) {
            Object o = i.next();
            if (!(o instanceof String)) {
                throw new IOException("non String in certPolicySet");
            }
            polIdVector.add(new CertificatePolicyId(new ObjectIdentifier(
              (String)o)));
        }
        // If everything went OK, make the changes
        policySet = tempSet;
        policy = new CertificatePolicySet(polIdVector);
    }
}
 

/**
 * Sets the policy constraint. The {@code X509Certificate} must
 * include at least one of the specified policies in its certificate
 * policies extension. If {@code certPolicySet} is empty, then the
 * {@code X509Certificate} must include at least some specified policy
 * in its certificate policies extension. If {@code certPolicySet} is
 * {@code null}, no policy check will be performed.
 * <p>
 * Note that the {@code Set} is cloned to protect against
 * subsequent modifications.
 *
 * @param certPolicySet a {@code Set} of certificate policy OIDs in
 *                      string format (or {@code null}). Each OID is
 *                      represented by a set of nonnegative integers
 *                    separated by periods.
 * @throws IOException if a parsing error occurs on the OID such as
 * the first component is not 0, 1 or 2 or the second component is
 * greater than 39.
 * @see #getPolicy
 */
public void setPolicy(Set<String> certPolicySet) throws IOException {
    if (certPolicySet == null) {
        policySet = null;
        policy = null;
    } else {
        // Snapshot set and parse it
        Set<String> tempSet = Collections.unmodifiableSet
                                    (new HashSet<String>(certPolicySet));
        /* Convert to Vector of ObjectIdentifiers */
        Iterator<String> i = tempSet.iterator();
        Vector<CertificatePolicyId> polIdVector = new Vector<CertificatePolicyId>();
        while (i.hasNext()) {
            Object o = i.next();
            if (!(o instanceof String)) {
                throw new IOException("non String in certPolicySet");
            }
            polIdVector.add(new CertificatePolicyId(new ObjectIdentifier(
              (String)o)));
        }
        // If everything went OK, make the changes
        policySet = tempSet;
        policy = new CertificatePolicySet(polIdVector);
    }
}
 

/**
 * Creates the extension (also called by the subclass).
 */
protected CRLDistributionPointsExtension(ObjectIdentifier extensionId,
    Boolean critical, Object value, String extensionName)
        throws IOException {

    this.extensionId = extensionId;
    this.critical = critical.booleanValue();

    if (!(value instanceof byte[])) {
        throw new IOException("Illegal argument type");
    }

    extensionValue = (byte[])value;
    DerValue val = new DerValue(extensionValue);
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding for " + extensionName +
                              " extension.");
    }
    distributionPoints = new ArrayList<DistributionPoint>();
    while (val.data.available() != 0) {
        DerValue seq = val.data.getDerValue();
        DistributionPoint point = new DistributionPoint(seq);
        distributionPoints.add(point);
    }
    this.extensionName = extensionName;
}
 

private void init(ObjectIdentifier oid, Object value)
    throws IllegalArgumentException {

    this.oid = oid;
    index = indexOf(oid, PKCS9_OIDS, 1);
    Class<?> clazz = index == -1 ? BYTE_ARRAY_CLASS: VALUE_CLASSES[index];
    if (!clazz.isInstance(value)) {
            throw new IllegalArgumentException(
                       "Wrong value class " +
                       " for attribute " + oid +
                       " constructing PKCS9Attribute; was " +
                       value.getClass().toString() + ", should be " +
                       clazz.toString());
    }
    this.value = value;
}
 

/**
 * Construct a set of PKCS9 Attributes from the given array of
 * PKCS9 attributes.
 * DER encoding on a DerInputStream.  All attributes in
 * <code>attribs</code> must be
 * supported by class PKCS9Attribute.
 *
 * @exception IOException
 * on i/o error, encoding syntax error, or unsupported or
 * duplicate attribute.
 *
 * @see PKCS9Attribute
 */
public PKCS9Attributes(PKCS9Attribute[] attribs)
throws IllegalArgumentException, IOException {
    ObjectIdentifier oid;
    for (int i=0; i < attribs.length; i++) {
        oid = attribs[i].getOID();
        if (attributes.containsKey(oid))
            throw new IllegalArgumentException(
                      "PKCSAttribute " + attribs[i].getOID() +
                      " duplicated while constructing " +
                      "PKCS9Attributes.");

        attributes.put(oid, attribs[i]);
    }
    derEncoding = generateDerEncoding();
    permittedAttributes = null;
}
 

/**
 * Creates the extension (also called by the subclass).
 */
protected CRLDistributionPointsExtension(ObjectIdentifier extensionId,
    Boolean critical, Object value, String extensionName)
        throws IOException {

    this.extensionId = extensionId;
    this.critical = critical.booleanValue();

    if (!(value instanceof byte[])) {
        throw new IOException("Illegal argument type");
    }

    extensionValue = (byte[])value;
    DerValue val = new DerValue(extensionValue);
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding for " + extensionName +
                              " extension.");
    }
    distributionPoints = new ArrayList<DistributionPoint>();
    while (val.data.available() != 0) {
        DerValue seq = val.data.getDerValue();
        DistributionPoint point = new DistributionPoint(seq);
        distributionPoints.add(point);
    }
    this.extensionName = extensionName;
}
 

NamedCurve(String name, String oid, EllipticCurve curve,
        ECPoint g, BigInteger n, int h) {
    super(curve, g, n, h);
    this.name = name;
    this.oid = oid;

    DerOutputStream out = new DerOutputStream();

    try {
        out.putOID(new ObjectIdentifier(oid));
    } catch (IOException e) {
        throw new RuntimeException("Internal error", e);
    }

    encoded = out.toByteArray();
}
 

NamedCurve(String name, String oid, EllipticCurve curve,
        ECPoint g, BigInteger n, int h) {
    super(curve, g, n, h);
    this.name = name;
    this.oid = oid;

    DerOutputStream out = new DerOutputStream();

    try {
        out.putOID(new ObjectIdentifier(oid));
    } catch (IOException e) {
        throw new RuntimeException("Internal error", e);
    }

    encoded = out.toByteArray();
}
 

/**
 * Sets the policy constraint. The {@code X509Certificate} must
 * include at least one of the specified policies in its certificate
 * policies extension. If {@code certPolicySet} is empty, then the
 * {@code X509Certificate} must include at least some specified policy
 * in its certificate policies extension. If {@code certPolicySet} is
 * {@code null}, no policy check will be performed.
 * <p>
 * Note that the {@code Set} is cloned to protect against
 * subsequent modifications.
 *
 * @param certPolicySet a {@code Set} of certificate policy OIDs in
 *                      string format (or {@code null}). Each OID is
 *                      represented by a set of nonnegative integers
 *                    separated by periods.
 * @throws IOException if a parsing error occurs on the OID such as
 * the first component is not 0, 1 or 2 or the second component is
 * greater than 39.
 * @see #getPolicy
 */
public void setPolicy(Set<String> certPolicySet) throws IOException {
    if (certPolicySet == null) {
        policySet = null;
        policy = null;
    } else {
        // Snapshot set and parse it
        Set<String> tempSet = Collections.unmodifiableSet
                                    (new HashSet<>(certPolicySet));
        /* Convert to Vector of ObjectIdentifiers */
        Iterator<String> i = tempSet.iterator();
        Vector<CertificatePolicyId> polIdVector = new Vector<>();
        while (i.hasNext()) {
            Object o = i.next();
            if (!(o instanceof String)) {
                throw new IOException("non String in certPolicySet");
            }
            polIdVector.add(new CertificatePolicyId(new ObjectIdentifier(
              (String)o)));
        }
        // If everything went OK, make the changes
        policySet = tempSet;
        policy = new CertificatePolicySet(polIdVector);
    }
}
 

/**
 * Return the extension as user readable string.
 */
public String toString() {
    if (keyUsages == null) return "";
    String usage = "  ";
    boolean first = true;
    for (ObjectIdentifier oid: keyUsages) {
        if(!first) {
            usage += "\n  ";
        }

        String result = map.get(oid);
        if (result != null) {
            usage += result;
        } else {
            usage += oid.toString();
        }
        first = false;
    }
    return super.toString() + "ExtendedKeyUsages [\n"
           + usage + "\n]\n";
}
 

/**
 * Return the extension as user readable string.
 */
public String toString() {
    if (keyUsages == null) return "";
    String usage = "  ";
    boolean first = true;
    for (ObjectIdentifier oid: keyUsages) {
        if(!first) {
            usage += "\n  ";
        }

        String result = map.get(oid);
        if (result != null) {
            usage += result;
        } else {
            usage += oid.toString();
        }
        first = false;
    }
    return super.toString() + "ExtendedKeyUsages [\n"
           + usage + "\n]\n";
}
 

private void init(ObjectIdentifier oid, Object value)
    throws IllegalArgumentException {

    this.oid = oid;
    index = indexOf(oid, PKCS9_OIDS, 1);
    Class<?> clazz = index == -1 ? BYTE_ARRAY_CLASS: VALUE_CLASSES[index];
    if (!clazz.isInstance(value)) {
            throw new IllegalArgumentException(
                       "Wrong value class " +
                       " for attribute " + oid +
                       " constructing PKCS9Attribute; was " +
                       value.getClass().toString() + ", should be " +
                       clazz.toString());
    }
    this.value = value;
}
 

NamedCurve(String name, String oid, EllipticCurve curve,
        ECPoint g, BigInteger n, int h) {
    super(curve, g, n, h);
    this.name = name;
    this.oid = oid;

    DerOutputStream out = new DerOutputStream();

    try {
        out.putOID(new ObjectIdentifier(oid));
    } catch (IOException e) {
        throw new RuntimeException("Internal error", e);
    }

    encoded = out.toByteArray();
}
 

private void init(ObjectIdentifier oid, Object value)
    throws IllegalArgumentException {

    this.oid = oid;
    index = indexOf(oid, PKCS9_OIDS, 1);
    Class<?> clazz = index == -1 ? BYTE_ARRAY_CLASS: VALUE_CLASSES[index];
    if (!clazz.isInstance(value)) {
            throw new IllegalArgumentException(
                       "Wrong value class " +
                       " for attribute " + oid +
                       " constructing PKCS9Attribute; was " +
                       value.getClass().toString() + ", should be " +
                       clazz.toString());
    }
    this.value = value;
}
 

/**
 * Create the extension from its DER encoded value and criticality.
 *
 * @param critical true if the extension is to be treated as critical.
 * @param value an array of DER encoded bytes of the actual value.
 * @exception ClassCastException if value is not an array of bytes
 * @exception IOException on error.
 */
public ExtendedKeyUsageExtension(Boolean critical, Object value)
throws IOException {
    this.extensionId = PKIXExtensions.ExtendedKeyUsage_Id;
    this.critical = critical.booleanValue();
    this.extensionValue = (byte[]) value;
    DerValue val = new DerValue(this.extensionValue);
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Invalid encoding for " +
                               "ExtendedKeyUsageExtension.");
    }
    keyUsages = new Vector<ObjectIdentifier>();
    while (val.data.available() != 0) {
        DerValue seq = val.data.getDerValue();
        ObjectIdentifier usage = seq.getOID();
        keyUsages.addElement(usage);
    }
}
 

/**
 * Construct a set of PKCS9 Attributes from the given array of
 * PKCS9 attributes.
 * DER encoding on a DerInputStream.  All attributes in
 * <code>attribs</code> must be
 * supported by class PKCS9Attribute.
 *
 * @exception IOException
 * on i/o error, encoding syntax error, or unsupported or
 * duplicate attribute.
 *
 * @see PKCS9Attribute
 */
public PKCS9Attributes(PKCS9Attribute[] attribs)
throws IllegalArgumentException, IOException {
    ObjectIdentifier oid;
    for (int i=0; i < attribs.length; i++) {
        oid = attribs[i].getOID();
        if (attributes.containsKey(oid))
            throw new IllegalArgumentException(
                      "PKCSAttribute " + attribs[i].getOID() +
                      " duplicated while constructing " +
                      "PKCS9Attributes.");

        attributes.put(oid, attribs[i]);
    }
    derEncoding = generateDerEncoding();
    permittedAttributes = null;
}
 

private static String mapPBEParamsToAlgorithm(ObjectIdentifier algorithm,
    AlgorithmParameters algParams) throws NoSuchAlgorithmException {
    // Check for PBES2 algorithms
    if (algorithm.equals((Object)pbes2_OID) && algParams != null) {
        return algParams.toString();
    }
    return algorithm.toString();
}
 

private Set<KeyStore.Entry.Attribute> getAttributes(Entry entry) {

        if (entry.attributes == null) {
            entry.attributes = new HashSet<>();
        }

        // friendlyName
        entry.attributes.add(new PKCS12Attribute(
            PKCS9FriendlyName_OID.toString(), entry.alias));

        // localKeyID
        byte[] keyIdValue = entry.keyId;
        if (keyIdValue != null) {
            entry.attributes.add(new PKCS12Attribute(
                PKCS9LocalKeyId_OID.toString(), Debug.toString(keyIdValue)));
        }

        // trustedKeyUsage
        if (entry instanceof CertEntry) {
            ObjectIdentifier[] trustedKeyUsageValue =
                ((CertEntry) entry).trustedKeyUsage;
            if (trustedKeyUsageValue != null) {
                if (trustedKeyUsageValue.length == 1) { // omit brackets
                    entry.attributes.add(new PKCS12Attribute(
                        TrustedKeyUsage_OID.toString(),
                        trustedKeyUsageValue[0].toString()));
                } else { // multi-valued
                    entry.attributes.add(new PKCS12Attribute(
                        TrustedKeyUsage_OID.toString(),
                        Arrays.toString(trustedKeyUsageValue)));
                }
            }
        }

        return entry.attributes;
    }
 

private ObjectIdentifier findOidForExtName(String type)
        throws Exception {
    switch (oneOf(type, extSupported)) {
        case 0: return PKIXExtensions.BasicConstraints_Id;
        case 1: return PKIXExtensions.KeyUsage_Id;
        case 2: return PKIXExtensions.ExtendedKeyUsage_Id;
        case 3: return PKIXExtensions.SubjectAlternativeName_Id;
        case 4: return PKIXExtensions.IssuerAlternativeName_Id;
        case 5: return PKIXExtensions.SubjectInfoAccess_Id;
        case 6: return PKIXExtensions.AuthInfoAccess_Id;
        case 8: return PKIXExtensions.CRLDistributionPoints_Id;
        default: return new ObjectIdentifier(type);
    }
}
 

/**
 * Get the attribute value.
 */
public Vector<ObjectIdentifier> get(String name) throws IOException {
    if (name.equalsIgnoreCase(USAGES)) {
        //XXXX May want to consider cloning this
        return keyUsages;
    } else {
      throw new IOException("Attribute name [" + name +
                            "] not recognized by " +
                            "CertAttrSet:ExtendedKeyUsageExtension.");
    }
}
 

/**
 * Creates the extension (also called by the subclass).
 */
protected CRLDistributionPointsExtension(ObjectIdentifier extensionId,
    boolean isCritical, List<DistributionPoint> distributionPoints,
        String extensionName) throws IOException {

    this.extensionId = extensionId;
    this.critical = isCritical;
    this.distributionPoints = distributionPoints;
    encodeThis();
    this.extensionName = extensionName;
}
 

/**
 * Creates the extension (also called by the subclass).
 */
protected CRLDistributionPointsExtension(ObjectIdentifier extensionId,
    boolean isCritical, List<DistributionPoint> distributionPoints,
        String extensionName) throws IOException {

    this.extensionId = extensionId;
    this.critical = isCritical;
    this.distributionPoints = distributionPoints;
    encodeThis();
    this.extensionName = extensionName;
}
 

/**
 * Creates the extension (also called by the subclass).
 */
protected CRLDistributionPointsExtension(ObjectIdentifier extensionId,
    boolean isCritical, List<DistributionPoint> distributionPoints,
        String extensionName) throws IOException {

    this.extensionId = extensionId;
    this.critical = isCritical;
    this.distributionPoints = distributionPoints;
    encodeThis();
    this.extensionName = extensionName;
}
 

public List<String> getExtendedKeyUsage() {
    List<String> al = new ArrayList<String>(keyUsages.size());
    for (ObjectIdentifier oid : keyUsages) {
        al.add(oid.toString());
    }
    return al;
}
 

/**
 * Constructs an Oid object from a string representation of its
 * integer components.
 *
 * @param strOid the dot separated string representation of the oid.
 * For instance, "1.2.840.113554.1.2.2".
 * @exception GSSException may be thrown when the string is incorrectly
 *     formatted
 */
public Oid(String strOid) throws GSSException {

    try {
        oid = new ObjectIdentifier(strOid);
        derEncoding = null;
    } catch (Exception e) {
        throw new GSSException(GSSException.FAILURE,
                      "Improperly formatted Object Identifier String - "
                      + strOid);
    }
}
 

private AlgorithmParameters parseAlgParameters(ObjectIdentifier algorithm,
    DerInputStream in) throws IOException
{
    AlgorithmParameters algParams = null;
    try {
        DerValue params;
        if (in.available() == 0) {
            params = null;
        } else {
            params = in.getDerValue();
            if (params.tag == DerValue.tag_Null) {
               params = null;
            }
        }
        if (params != null) {
            if (algorithm.equals(pbes2_OID)) {
                algParams = AlgorithmParameters.getInstance("PBES2");
            } else {
                algParams = AlgorithmParameters.getInstance("PBE");
            }
            algParams.init(params.toByteArray());
        }
    } catch (Exception e) {
       throw new IOException("parseAlgParameters failed: " +
                             e.getMessage(), e);
    }
    return algParams;
}
 

public byte[] encode() throws IOException {

        DerOutputStream request = new DerOutputStream();

        // encode version
        request.putInteger(version);

        // encode messageImprint
        DerOutputStream messageImprint = new DerOutputStream();
        hashAlgorithmId.encode(messageImprint);
        messageImprint.putOctetString(hashValue);
        request.write(DerValue.tag_Sequence, messageImprint);

        // encode optional elements

        if (policyId != null) {
            request.putOID(new ObjectIdentifier(policyId));
        }
        if (nonce != null) {
            request.putInteger(nonce);
        }
        if (returnCertificate) {
            request.putBoolean(true);
        }

        DerOutputStream out = new DerOutputStream();
        out.write(DerValue.tag_Sequence, request);
        return out.toByteArray();
    }
 

public byte[] encode() throws IOException {

        DerOutputStream request = new DerOutputStream();

        // encode version
        request.putInteger(version);

        // encode messageImprint
        DerOutputStream messageImprint = new DerOutputStream();
        hashAlgorithmId.encode(messageImprint);
        messageImprint.putOctetString(hashValue);
        request.write(DerValue.tag_Sequence, messageImprint);

        // encode optional elements

        if (policyId != null) {
            request.putOID(new ObjectIdentifier(policyId));
        }
        if (nonce != null) {
            request.putInteger(nonce);
        }
        if (returnCertificate) {
            request.putBoolean(true);
        }

        DerOutputStream out = new DerOutputStream();
        out.write(DerValue.tag_Sequence, request);
        return out.toByteArray();
    }
 

private static void check(byte[] in, String oid) throws Exception {
    ObjectIdentifier o = (ObjectIdentifier) (
            new ObjectInputStream(new ByteArrayInputStream(in)).readObject());
    if (!o.toString().equals(oid)) {
        throw new Exception("Read Fail " + o + ", not " + oid);
    }
}
 

/**
 *  Get an attribute value by type name.
 */
public Object getAttributeValue(String name) throws IOException {
    ObjectIdentifier oid = PKCS9Attribute.getOID(name);

    if (oid == null)
        throw new IOException("Attribute name " + name +
                              " not recognized or not supported.");

    return getAttributeValue(oid);
}