security/pkcs/PKCS9Attribute.java

0N/A/*
2619N/A * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
2362N/A * published by the Free Software Foundation.  Oracle designates this
0N/A * particular file as subject to the "Classpath" exception as provided
2362N/A * by Oracle in the LICENSE file that accompanied this code.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/Apackage sun.security.pkcs;
0N/A
0N/Aimport java.io.IOException;
0N/Aimport java.io.OutputStream;
0N/Aimport java.security.cert.CertificateException;
2619N/Aimport java.util.Locale;
0N/Aimport java.util.Date;
0N/Aimport java.util.Hashtable;
0N/Aimport sun.security.x509.CertificateExtensions;
0N/Aimport sun.security.util.Debug;
0N/Aimport sun.security.util.DerEncoder;
0N/Aimport sun.security.util.DerValue;
0N/Aimport sun.security.util.DerInputStream;
0N/Aimport sun.security.util.DerOutputStream;
0N/Aimport sun.security.util.ObjectIdentifier;
0N/Aimport sun.misc.HexDumpEncoder;
0N/A
0N/A/**
0N/A * Class supporting any PKCS9 attributes.
5872N/A * Supports DER decoding/encoding and access to attribute values.
0N/A *
0N/A * <a name="classTable"><h3>Type/Class Table</h3></a>
0N/A * The following table shows the correspondence between
0N/A * PKCS9 attribute types and value component classes.
5872N/A * For types not listed here, its name is the OID
5872N/A * in string form, its value is a (single-valued)
5872N/A * byte array that is the SET's encoding.
0N/A *
0N/A * <P>
0N/A * <TABLE BORDER CELLPADDING=8 ALIGN=CENTER>
0N/A *
0N/A * <TR>
0N/A * <TH>Object Identifier</TH>
0N/A * <TH>Attribute Name</TH>
0N/A * <TH>Type</TH>
0N/A * <TH>Value Class</TH>
0N/A * </TR>
0N/A *
0N/A * <TR>
0N/A * <TD>1.2.840.113549.1.9.1</TD>
0N/A * <TD>EmailAddress</TD>
0N/A * <TD>Multi-valued</TD>
0N/A * <TD><code>String[]</code></TD>
0N/A * </TR>
0N/A *
0N/A * <TR>
0N/A * <TD>1.2.840.113549.1.9.2</TD>
0N/A * <TD>UnstructuredName</TD>
0N/A * <TD>Multi-valued</TD>
0N/A * <TD><code>String[]</code></TD>
0N/A * </TR>
0N/A *
0N/A * <TR>
0N/A * <TD>1.2.840.113549.1.9.3</TD>
0N/A * <TD>ContentType</TD>
0N/A * <TD>Single-valued</TD>
0N/A * <TD><code>ObjectIdentifier</code></TD>
0N/A * </TR>
0N/A *
0N/A * <TR>
0N/A * <TD>1.2.840.113549.1.9.4</TD>
0N/A * <TD>MessageDigest</TD>
0N/A * <TD>Single-valued</TD>
0N/A * <TD><code>byte[]</code></TD>
0N/A * </TR>
0N/A *
0N/A * <TR>
0N/A * <TD>1.2.840.113549.1.9.5</TD>
0N/A * <TD>SigningTime</TD>
0N/A * <TD>Single-valued</TD>
0N/A * <TD><code>Date</code></TD>
0N/A * </TR>
0N/A *
0N/A * <TR>
0N/A * <TD>1.2.840.113549.1.9.6</TD>
0N/A * <TD>Countersignature</TD>
0N/A * <TD>Multi-valued</TD>
0N/A * <TD><code>SignerInfo[]</code></TD>
0N/A * </TR>
0N/A *
0N/A * <TR>
0N/A * <TD>1.2.840.113549.1.9.7</TD>
0N/A * <TD>ChallengePassword</TD>
0N/A * <TD>Single-valued</TD>
0N/A * <TD><code>String</code></TD>
0N/A * </TR>
0N/A *
0N/A * <TR>
0N/A * <TD>1.2.840.113549.1.9.8</TD>
0N/A * <TD>UnstructuredAddress</TD>
0N/A * <TD>Single-valued</TD>
0N/A * <TD><code>String</code></TD>
0N/A * </TR>
0N/A *
0N/A * <TR>
0N/A * <TD>1.2.840.113549.1.9.9</TD>
0N/A * <TD>ExtendedCertificateAttributes</TD>
0N/A * <TD>Multi-valued</TD>
0N/A * <TD>(not supported)</TD>
0N/A * </TR>
0N/A *
0N/A * <TR>
0N/A * <TD>1.2.840.113549.1.9.10</TD>
0N/A * <TD>IssuerAndSerialNumber</TD>
0N/A * <TD>Single-valued</TD>
0N/A * <TD>(not supported)</TD>
0N/A * </TR>
0N/A *
0N/A * <TR>
0N/A * <TD>1.2.840.113549.1.9.{11,12}</TD>
0N/A * <TD>RSA DSI proprietary</TD>
0N/A * <TD>Single-valued</TD>
0N/A * <TD>(not supported)</TD>
0N/A * </TR>
0N/A *
0N/A * <TR>
0N/A * <TD>1.2.840.113549.1.9.13</TD>
0N/A * <TD>S/MIME unused assignment</TD>
0N/A * <TD>Single-valued</TD>
0N/A * <TD>(not supported)</TD>
0N/A * </TR>
0N/A *
0N/A * <TR>
0N/A * <TD>1.2.840.113549.1.9.14</TD>
0N/A * <TD>ExtensionRequest</TD>
0N/A * <TD>Single-valued</TD>
0N/A * <TD>CertificateExtensions</TD>
0N/A * </TR>
0N/A *
0N/A * <TR>
0N/A * <TD>1.2.840.113549.1.9.15</TD>
0N/A * <TD>SMIMECapability</TD>
0N/A * <TD>Single-valued</TD>
0N/A * <TD>(not supported)</TD>
0N/A * </TR>
0N/A *
0N/A * <TR>
0N/A * <TD>1.2.840.113549.1.9.16.2.12</TD>
0N/A * <TD>SigningCertificate</TD>
0N/A * <TD>Single-valued</TD>
0N/A * <TD>SigningCertificateInfo</TD>
0N/A * </TR>
0N/A *
0N/A * <TR>
0N/A * <TD>1.2.840.113549.1.9.16.2.14</TD>
0N/A * <TD>SignatureTimestampToken</TD>
0N/A * <TD>Single-valued</TD>
0N/A * <TD>byte[]</TD>
0N/A * </TR>
0N/A *
0N/A * </TABLE>
0N/A *
0N/A * @author Douglas Hoover
0N/A */
0N/Apublic class PKCS9Attribute implements DerEncoder {
0N/A
0N/A    /* Are we debugging ? */
0N/A    private static final Debug debug = Debug.getInstance("jar");
0N/A
0N/A    /**
0N/A     * Array of attribute OIDs defined in PKCS9, by number.
0N/A     */
0N/A    static final ObjectIdentifier[] PKCS9_OIDS = new ObjectIdentifier[18];
0N/A
5872N/A    private final static Class<?> BYTE_ARRAY_CLASS;
5872N/A
0N/A    static {   // static initializer for PKCS9_OIDS
0N/A        for (int i = 1; i < PKCS9_OIDS.length - 2; i++) {
0N/A            PKCS9_OIDS[i] =
0N/A                ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,i});
0N/A        }
0N/A        // Initialize SigningCertificate and SignatureTimestampToken
0N/A        // separately (because their values are out of sequence)
0N/A        PKCS9_OIDS[PKCS9_OIDS.length - 2] =
0N/A            ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,16,2,12});
0N/A        PKCS9_OIDS[PKCS9_OIDS.length - 1] =
0N/A            ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,16,2,14});
5872N/A
5872N/A        try {
5872N/A            BYTE_ARRAY_CLASS = Class.forName("[B");
5872N/A        } catch (ClassNotFoundException e) {
5872N/A            throw new ExceptionInInitializerError(e.toString());
5872N/A        }
0N/A    }
0N/A
0N/A    // first element [0] not used
0N/A    public static final ObjectIdentifier EMAIL_ADDRESS_OID = PKCS9_OIDS[1];
0N/A    public static final ObjectIdentifier UNSTRUCTURED_NAME_OID = PKCS9_OIDS[2];
0N/A    public static final ObjectIdentifier CONTENT_TYPE_OID = PKCS9_OIDS[3];
0N/A    public static final ObjectIdentifier MESSAGE_DIGEST_OID = PKCS9_OIDS[4];
0N/A    public static final ObjectIdentifier SIGNING_TIME_OID = PKCS9_OIDS[5];
0N/A    public static final ObjectIdentifier COUNTERSIGNATURE_OID = PKCS9_OIDS[6];
0N/A    public static final ObjectIdentifier CHALLENGE_PASSWORD_OID = PKCS9_OIDS[7];
0N/A    public static final ObjectIdentifier UNSTRUCTURED_ADDRESS_OID = PKCS9_OIDS[8];
0N/A    public static final ObjectIdentifier EXTENDED_CERTIFICATE_ATTRIBUTES_OID
0N/A                                         = PKCS9_OIDS[9];
0N/A    public static final ObjectIdentifier ISSUER_SERIALNUMBER_OID = PKCS9_OIDS[10];
0N/A    // [11], [12] are RSA DSI proprietary
0N/A    // [13] ==> signingDescription, S/MIME, not used anymore
0N/A    public static final ObjectIdentifier EXTENSION_REQUEST_OID = PKCS9_OIDS[14];
0N/A    public static final ObjectIdentifier SMIME_CAPABILITY_OID = PKCS9_OIDS[15];
0N/A    public static final ObjectIdentifier SIGNING_CERTIFICATE_OID = PKCS9_OIDS[16];
0N/A    public static final ObjectIdentifier SIGNATURE_TIMESTAMP_TOKEN_OID =
0N/A                                PKCS9_OIDS[17];
0N/A    public static final String EMAIL_ADDRESS_STR = "EmailAddress";
0N/A    public static final String UNSTRUCTURED_NAME_STR = "UnstructuredName";
0N/A    public static final String CONTENT_TYPE_STR = "ContentType";
0N/A    public static final String MESSAGE_DIGEST_STR = "MessageDigest";
0N/A    public static final String SIGNING_TIME_STR = "SigningTime";
0N/A    public static final String COUNTERSIGNATURE_STR = "Countersignature";
0N/A    public static final String CHALLENGE_PASSWORD_STR = "ChallengePassword";
0N/A    public static final String UNSTRUCTURED_ADDRESS_STR = "UnstructuredAddress";
0N/A    public static final String EXTENDED_CERTIFICATE_ATTRIBUTES_STR =
0N/A                               "ExtendedCertificateAttributes";
0N/A    public static final String ISSUER_SERIALNUMBER_STR = "IssuerAndSerialNumber";
0N/A    // [11], [12] are RSA DSI proprietary
0N/A    private static final String RSA_PROPRIETARY_STR = "RSAProprietary";
0N/A    // [13] ==> signingDescription, S/MIME, not used anymore
0N/A    private static final String SMIME_SIGNING_DESC_STR = "SMIMESigningDesc";
0N/A    public static final String EXTENSION_REQUEST_STR = "ExtensionRequest";
0N/A    public static final String SMIME_CAPABILITY_STR = "SMIMECapability";
0N/A    public static final String SIGNING_CERTIFICATE_STR = "SigningCertificate";
0N/A    public static final String SIGNATURE_TIMESTAMP_TOKEN_STR =
0N/A                                "SignatureTimestampToken";
0N/A
0N/A    /**
0N/A     * Hashtable mapping names and variant names of supported
0N/A     * attributes to their OIDs. This table contains all name forms
0N/A     * that occur in PKCS9, in lower case.
0N/A     */
0N/A    private static final Hashtable<String, ObjectIdentifier> NAME_OID_TABLE =
0N/A        new Hashtable<String, ObjectIdentifier>(18);
0N/A
0N/A    static { // static initializer for PCKS9_NAMES
0N/A        NAME_OID_TABLE.put("emailaddress", PKCS9_OIDS[1]);
0N/A        NAME_OID_TABLE.put("unstructuredname", PKCS9_OIDS[2]);
0N/A        NAME_OID_TABLE.put("contenttype", PKCS9_OIDS[3]);
0N/A        NAME_OID_TABLE.put("messagedigest", PKCS9_OIDS[4]);
0N/A        NAME_OID_TABLE.put("signingtime", PKCS9_OIDS[5]);
0N/A        NAME_OID_TABLE.put("countersignature", PKCS9_OIDS[6]);
0N/A        NAME_OID_TABLE.put("challengepassword", PKCS9_OIDS[7]);
0N/A        NAME_OID_TABLE.put("unstructuredaddress", PKCS9_OIDS[8]);
0N/A        NAME_OID_TABLE.put("extendedcertificateattributes", PKCS9_OIDS[9]);
0N/A        NAME_OID_TABLE.put("issuerandserialnumber", PKCS9_OIDS[10]);
0N/A        NAME_OID_TABLE.put("rsaproprietary", PKCS9_OIDS[11]);
0N/A        NAME_OID_TABLE.put("rsaproprietary", PKCS9_OIDS[12]);
0N/A        NAME_OID_TABLE.put("signingdescription", PKCS9_OIDS[13]);
0N/A        NAME_OID_TABLE.put("extensionrequest", PKCS9_OIDS[14]);
0N/A        NAME_OID_TABLE.put("smimecapability", PKCS9_OIDS[15]);
0N/A        NAME_OID_TABLE.put("signingcertificate", PKCS9_OIDS[16]);
0N/A        NAME_OID_TABLE.put("signaturetimestamptoken", PKCS9_OIDS[17]);
0N/A    };
0N/A
0N/A    /**
0N/A     * Hashtable mapping attribute OIDs defined in PKCS9 to the
0N/A     * corresponding attribute value type.
0N/A     */
0N/A    private static final Hashtable<ObjectIdentifier, String> OID_NAME_TABLE =
0N/A        new Hashtable<ObjectIdentifier, String>(16);
0N/A    static {
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[1], EMAIL_ADDRESS_STR);
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[2], UNSTRUCTURED_NAME_STR);
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[3], CONTENT_TYPE_STR);
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[4], MESSAGE_DIGEST_STR);
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[5], SIGNING_TIME_STR);
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[6], COUNTERSIGNATURE_STR);
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[7], CHALLENGE_PASSWORD_STR);
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[8], UNSTRUCTURED_ADDRESS_STR);
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[9], EXTENDED_CERTIFICATE_ATTRIBUTES_STR);
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[10], ISSUER_SERIALNUMBER_STR);
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[11], RSA_PROPRIETARY_STR);
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[12], RSA_PROPRIETARY_STR);
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[13], SMIME_SIGNING_DESC_STR);
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[14], EXTENSION_REQUEST_STR);
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[15], SMIME_CAPABILITY_STR);
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[16], SIGNING_CERTIFICATE_STR);
0N/A        OID_NAME_TABLE.put(PKCS9_OIDS[17], SIGNATURE_TIMESTAMP_TOKEN_STR);
0N/A    }
0N/A
0N/A    /**
0N/A     * Acceptable ASN.1 tags for DER encodings of values of PKCS9
0N/A     * attributes, by index in <code>PKCS9_OIDS</code>.
0N/A     * Sets of acceptable tags are represented as arrays.
0N/A     */
0N/A    private static final Byte[][] PKCS9_VALUE_TAGS = {
0N/A        null,
0N/A        {new Byte(DerValue.tag_IA5String)},   // EMailAddress
0N/A        {new Byte(DerValue.tag_IA5String)},   // UnstructuredName
0N/A        {new Byte(DerValue.tag_ObjectId)},    // ContentType
0N/A        {new Byte(DerValue.tag_OctetString)}, // MessageDigest
0N/A        {new Byte(DerValue.tag_UtcTime)},     // SigningTime
0N/A        {new Byte(DerValue.tag_Sequence)},    // Countersignature
0N/A        {new Byte(DerValue.tag_PrintableString),
0N/A         new Byte(DerValue.tag_T61String)},   // ChallengePassword
0N/A        {new Byte(DerValue.tag_PrintableString),
0N/A         new Byte(DerValue.tag_T61String)},   // UnstructuredAddress
0N/A        {new Byte(DerValue.tag_SetOf)},       // ExtendedCertificateAttributes
0N/A        {new Byte(DerValue.tag_Sequence)},    // issuerAndSerialNumber
0N/A        null,
0N/A        null,
0N/A        null,
0N/A        {new Byte(DerValue.tag_Sequence)},    // extensionRequest
0N/A        {new Byte(DerValue.tag_Sequence)},    // SMIMECapability
0N/A        {new Byte(DerValue.tag_Sequence)},    // SigningCertificate
0N/A        {new Byte(DerValue.tag_Sequence)}     // SignatureTimestampToken
0N/A    };
0N/A
0N/A    private static final Class[] VALUE_CLASSES = new Class[18];
0N/A
0N/A    static {
0N/A        try {
0N/A            Class str = Class.forName("[Ljava.lang.String;");
0N/A
0N/A            VALUE_CLASSES[0] = null;  // not used
0N/A            VALUE_CLASSES[1] = str;   // EMailAddress
0N/A            VALUE_CLASSES[2] = str;   // UnstructuredName
0N/A            VALUE_CLASSES[3] =        // ContentType
0N/A                Class.forName("sun.security.util.ObjectIdentifier");
5872N/A            VALUE_CLASSES[4] = BYTE_ARRAY_CLASS; // MessageDigest (byte[])
0N/A            VALUE_CLASSES[5] = Class.forName("java.util.Date"); // SigningTime
0N/A            VALUE_CLASSES[6] =        // Countersignature
0N/A                Class.forName("[Lsun.security.pkcs.SignerInfo;");
0N/A            VALUE_CLASSES[7] =        // ChallengePassword
0N/A                Class.forName("java.lang.String");
0N/A            VALUE_CLASSES[8] = str;   // UnstructuredAddress
0N/A            VALUE_CLASSES[9] = null;  // ExtendedCertificateAttributes
0N/A            VALUE_CLASSES[10] = null;  // IssuerAndSerialNumber
0N/A            VALUE_CLASSES[11] = null;  // not used
0N/A            VALUE_CLASSES[12] = null;  // not used
0N/A            VALUE_CLASSES[13] = null;  // not used
0N/A            VALUE_CLASSES[14] =        // ExtensionRequest
0N/A                Class.forName("sun.security.x509.CertificateExtensions");
0N/A            VALUE_CLASSES[15] = null;  // not supported yet
0N/A            VALUE_CLASSES[16] = null;  // not supported yet
5872N/A            VALUE_CLASSES[17] = BYTE_ARRAY_CLASS;  // SignatureTimestampToken
0N/A        } catch (ClassNotFoundException e) {
0N/A            throw new ExceptionInInitializerError(e.toString());
0N/A        }
0N/A    }
0N/A
0N/A    /**
0N/A     * Array indicating which PKCS9 attributes are single-valued,
0N/A     * by index in <code>PKCS9_OIDS</code>.
0N/A     */
0N/A    private static final boolean[] SINGLE_VALUED = {
0N/A      false,
0N/A      false,   // EMailAddress
0N/A      false,   // UnstructuredName
0N/A      true,    // ContentType
0N/A      true,    // MessageDigest
0N/A      true,    // SigningTime
0N/A      false,   // Countersignature
0N/A      true,    // ChallengePassword
0N/A      false,   // UnstructuredAddress
0N/A      false,   // ExtendedCertificateAttributes
0N/A      true,    // IssuerAndSerialNumber - not supported yet
0N/A      false,   // not used
0N/A      false,   // not used
0N/A      false,   // not used
0N/A      true,    // ExtensionRequest
0N/A      true,    // SMIMECapability - not supported yet
0N/A      true,    // SigningCertificate
0N/A      true     // SignatureTimestampToken
0N/A    };
0N/A
0N/A    /**
5872N/A     * The OID of this attribute.
5872N/A     */
5872N/A    private ObjectIdentifier oid;
5872N/A
5872N/A    /**
5872N/A     * The index of the OID of this attribute in <code>PKCS9_OIDS</code>,
5872N/A     * or -1 if it's unknown.
0N/A     */
0N/A    private int index;
0N/A
0N/A    /**
0N/A     * Value set of this attribute.  Its class is given by
5872N/A     * <code>VALUE_CLASSES[index]</code>. The SET itself
5872N/A     * as byte[] if unknown.
0N/A     */
0N/A    private Object value;
0N/A
0N/A    /**
0N/A     * Construct an attribute object from the attribute's OID and
0N/A     * value.  If the attribute is single-valued, provide only one
0N/A     * value.  If the attribute is multi-valued, provide an array
0N/A     * containing all the values.
0N/A     * Arrays of length zero are accepted, though probably useless.
0N/A     *
0N/A     * <P> The
0N/A     * <a href=#classTable>table</a> gives the class that <code>value</code>
0N/A     * must have for a given attribute.
0N/A     *
5872N/A     * @exception IllegalArgumentException
5872N/A     * if the <code>value</code> has the wrong type.
0N/A     */
0N/A    public PKCS9Attribute(ObjectIdentifier oid, Object value)
0N/A    throws IllegalArgumentException {
0N/A        init(oid, value);
0N/A    }
0N/A
0N/A    /**
0N/A     * Construct an attribute object from the attribute's name and
0N/A     * value.  If the attribute is single-valued, provide only one
0N/A     * value.  If the attribute is multi-valued, provide an array
0N/A     * containing all the values.
0N/A     * Arrays of length zero are accepted, though probably useless.
0N/A     *
0N/A     * <P> The
0N/A     * <a href=#classTable>table</a> gives the class that <code>value</code>
0N/A     * must have for a given attribute. Reasonable variants of these
0N/A     * attributes are accepted; in particular, case does not matter.
0N/A     *
0N/A     * @exception IllegalArgumentException
5872N/A     * if the <code>name</code> is not recognized or the
0N/A     * <code>value</code> has the wrong type.
0N/A     */
0N/A    public PKCS9Attribute(String name, Object value)
0N/A    throws IllegalArgumentException {
0N/A        ObjectIdentifier oid = getOID(name);
0N/A
0N/A        if (oid == null)
0N/A            throw new IllegalArgumentException(
0N/A                       "Unrecognized attribute name " + name +
0N/A                       " constructing PKCS9Attribute.");
0N/A
0N/A        init(oid, value);
0N/A    }
0N/A
0N/A    private void init(ObjectIdentifier oid, Object value)
0N/A        throws IllegalArgumentException {
0N/A
5872N/A        this.oid = oid;
0N/A        index = indexOf(oid, PKCS9_OIDS, 1);
5872N/A        Class<?> clazz = index == -1 ? BYTE_ARRAY_CLASS: VALUE_CLASSES[index];
5872N/A        if (!clazz.isInstance(value)) {
0N/A                throw new IllegalArgumentException(
0N/A                           "Wrong value class " +
0N/A                           " for attribute " + oid +
0N/A                           " constructing PKCS9Attribute; was " +
0N/A                           value.getClass().toString() + ", should be " +
5872N/A                           clazz.toString());
5872N/A        }
0N/A        this.value = value;
0N/A    }
0N/A
0N/A
0N/A    /**
0N/A     * Construct a PKCS9Attribute from its encoding on an input
0N/A     * stream.
0N/A     *
0N/A     * @param val the DerValue representing the DER encoding of the attribute.
0N/A     * @exception IOException on parsing error.
0N/A     */
0N/A    public PKCS9Attribute(DerValue derVal) throws IOException {
0N/A
0N/A        DerInputStream derIn = new DerInputStream(derVal.toByteArray());
0N/A        DerValue[] val =  derIn.getSequence(2);
0N/A
0N/A        if (derIn.available() != 0)
0N/A            throw new IOException("Excess data parsing PKCS9Attribute");
0N/A
0N/A        if (val.length != 2)
0N/A            throw new IOException("PKCS9Attribute doesn't have two components");
0N/A
0N/A        // get the oid
5872N/A        oid = val[0].getOID();
5872N/A        byte[] content = val[1].toByteArray();
5872N/A        DerValue[] elems = new DerInputStream(content).getSet(1);
5872N/A
0N/A        index = indexOf(oid, PKCS9_OIDS, 1);
0N/A        if (index == -1) {
0N/A            if (debug != null) {
5872N/A                debug.println("Unsupported signer attribute: " + oid);
0N/A            }
5872N/A            value = content;
5872N/A            return;
0N/A        }
0N/A
0N/A        // check single valued have only one value
0N/A        if (SINGLE_VALUED[index] && elems.length > 1)
0N/A            throwSingleValuedException();
0N/A
0N/A        // check for illegal element tags
0N/A        Byte tag;
0N/A        for (int i=0; i < elems.length; i++) {
0N/A            tag = new Byte(elems[i].tag);
0N/A
0N/A            if (indexOf(tag, PKCS9_VALUE_TAGS[index], 0) == -1)
0N/A                throwTagException(tag);
0N/A        }
0N/A
0N/A        switch (index) {
0N/A        case 1:     // email address
0N/A        case 2:     // unstructured name
0N/A        case 8:     // unstructured address
0N/A            { // open scope
0N/A                String[] values = new String[elems.length];
0N/A
0N/A                for (int i=0; i < elems.length; i++)
0N/A                    values[i] = elems[i].getAsString();
0N/A                value = values;
0N/A            } // close scope
0N/A            break;
0N/A
0N/A        case 3:     // content type
0N/A            value = elems[0].getOID();
0N/A            break;
0N/A
0N/A        case 4:     // message digest
0N/A            value = elems[0].getOctetString();
0N/A            break;
0N/A
0N/A        case 5:     // signing time
0N/A            value = (new DerInputStream(elems[0].toByteArray())).getUTCTime();
0N/A            break;
0N/A
0N/A        case 6:     // countersignature
0N/A            { // open scope
0N/A                SignerInfo[] values = new SignerInfo[elems.length];
0N/A                for (int i=0; i < elems.length; i++)
0N/A                    values[i] =
0N/A                        new SignerInfo(elems[i].toDerInputStream());
0N/A                value = values;
0N/A            } // close scope
0N/A            break;
0N/A
0N/A        case 7:     // challenge password
0N/A            value = elems[0].getAsString();
0N/A            break;
0N/A
0N/A        case 9:     // extended-certificate attribute -- not supported
0N/A            throw new IOException("PKCS9 extended-certificate " +
0N/A                                  "attribute not supported.");
0N/A            // break unnecessary
0N/A        case 10:    // issuerAndserialNumber attribute -- not supported
0N/A            throw new IOException("PKCS9 IssuerAndSerialNumber" +
0N/A                                  "attribute not supported.");
0N/A            // break unnecessary
0N/A        case 11:    // RSA DSI proprietary
0N/A        case 12:    // RSA DSI proprietary
0N/A            throw new IOException("PKCS9 RSA DSI attributes" +
0N/A                                  "11 and 12, not supported.");
0N/A            // break unnecessary
0N/A        case 13:    // S/MIME unused attribute
0N/A            throw new IOException("PKCS9 attribute #13 not supported.");
0N/A            // break unnecessary
0N/A
0N/A        case 14:     // ExtensionRequest
0N/A            value = new CertificateExtensions(
0N/A                       new DerInputStream(elems[0].toByteArray()));
0N/A            break;
0N/A
0N/A        case 15:     // SMIME-capability attribute -- not supported
0N/A            throw new IOException("PKCS9 SMIMECapability " +
0N/A                                  "attribute not supported.");
0N/A            // break unnecessary
0N/A        case 16:     // SigningCertificate attribute
0N/A            value = new SigningCertificateInfo(elems[0].toByteArray());
0N/A            break;
0N/A
0N/A        case 17:     // SignatureTimestampToken attribute
0N/A            value = elems[0].toByteArray();
0N/A            break;
0N/A        default: // can't happen
0N/A        }
0N/A    }
0N/A
0N/A    /**
0N/A     * Write the DER encoding of this attribute to an output stream.
0N/A     *
0N/A     * <P> N.B.: This method always encodes values of
0N/A     * ChallengePassword and UnstructuredAddress attributes as ASN.1
0N/A     * <code>PrintableString</code>s, without checking whether they
0N/A     * should be encoded as <code>T61String</code>s.
0N/A     */
0N/A    public void derEncode(OutputStream out) throws IOException {
0N/A        DerOutputStream temp = new DerOutputStream();
5872N/A        temp.putOID(oid);
0N/A        switch (index) {
5872N/A        case -1:    // Unknown
5872N/A            temp.write((byte[])value);
5872N/A            break;
0N/A        case 1:     // email address
0N/A        case 2:     // unstructured name
0N/A            { // open scope
0N/A                String[] values = (String[]) value;
0N/A                DerOutputStream[] temps = new
0N/A                    DerOutputStream[values.length];
0N/A
0N/A                for (int i=0; i < values.length; i++) {
0N/A                    temps[i] = new DerOutputStream();
0N/A                    temps[i].putIA5String( values[i]);
0N/A                }
0N/A                temp.putOrderedSetOf(DerValue.tag_Set, temps);
0N/A            } // close scope
0N/A            break;
0N/A
0N/A        case 3:     // content type
0N/A            {
0N/A                DerOutputStream temp2 = new DerOutputStream();
0N/A                temp2.putOID((ObjectIdentifier) value);
0N/A                temp.write(DerValue.tag_Set, temp2.toByteArray());
0N/A            }
0N/A            break;
0N/A
0N/A        case 4:     // message digest
0N/A            {
0N/A                DerOutputStream temp2 = new DerOutputStream();
0N/A                temp2.putOctetString((byte[]) value);
0N/A                temp.write(DerValue.tag_Set, temp2.toByteArray());
0N/A            }
0N/A            break;
0N/A
0N/A        case 5:     // signing time
0N/A            {
0N/A                DerOutputStream temp2 = new DerOutputStream();
0N/A                temp2.putUTCTime((Date) value);
0N/A                temp.write(DerValue.tag_Set, temp2.toByteArray());
0N/A            }
0N/A            break;
0N/A
0N/A        case 6:     // countersignature
0N/A            temp.putOrderedSetOf(DerValue.tag_Set, (DerEncoder[]) value);
0N/A            break;
0N/A
0N/A        case 7:     // challenge password
0N/A            {
0N/A                DerOutputStream temp2 = new DerOutputStream();
0N/A                temp2.putPrintableString((String) value);
0N/A                temp.write(DerValue.tag_Set, temp2.toByteArray());
0N/A            }
0N/A            break;
0N/A
0N/A        case 8:     // unstructured address
0N/A            { // open scope
0N/A                String[] values = (String[]) value;
0N/A                DerOutputStream[] temps = new
0N/A                    DerOutputStream[values.length];
0N/A
0N/A                for (int i=0; i < values.length; i++) {
0N/A                    temps[i] = new DerOutputStream();
0N/A                    temps[i].putPrintableString(values[i]);
0N/A                }
0N/A                temp.putOrderedSetOf(DerValue.tag_Set, temps);
0N/A            } // close scope
0N/A            break;
0N/A
0N/A        case 9:     // extended-certificate attribute -- not supported
0N/A            throw new IOException("PKCS9 extended-certificate " +
0N/A                                  "attribute not supported.");
0N/A            // break unnecessary
0N/A        case 10:    // issuerAndserialNumber attribute -- not supported
0N/A            throw new IOException("PKCS9 IssuerAndSerialNumber" +
0N/A                                  "attribute not supported.");
0N/A            // break unnecessary
0N/A        case 11:    // RSA DSI proprietary
0N/A        case 12:    // RSA DSI proprietary
0N/A            throw new IOException("PKCS9 RSA DSI attributes" +
0N/A                                  "11 and 12, not supported.");
0N/A            // break unnecessary
0N/A        case 13:    // S/MIME unused attribute
0N/A            throw new IOException("PKCS9 attribute #13 not supported.");
0N/A            // break unnecessary
0N/A
0N/A        case 14:     // ExtensionRequest
0N/A            {
0N/A                DerOutputStream temp2 = new DerOutputStream();
0N/A                CertificateExtensions exts = (CertificateExtensions)value;
0N/A                try {
0N/A                    exts.encode(temp2, true);
0N/A                } catch (CertificateException ex) {
0N/A                    throw new IOException(ex.toString());
0N/A                }
0N/A                temp.write(DerValue.tag_Set, temp2.toByteArray());
0N/A            }
0N/A            break;
0N/A        case 15:    // SMIMECapability
0N/A            throw new IOException("PKCS9 attribute #15 not supported.");
0N/A            // break unnecessary
0N/A
0N/A        case 16:    // SigningCertificate
0N/A            throw new IOException(
0N/A                "PKCS9 SigningCertificate attribute not supported.");
0N/A            // break unnecessary
0N/A
0N/A        case 17:    // SignatureTimestampToken
0N/A            temp.write(DerValue.tag_Set, (byte[])value);
0N/A            break;
0N/A
0N/A        default: // can't happen
0N/A        }
0N/A
0N/A        DerOutputStream derOut = new DerOutputStream();
0N/A        derOut.write(DerValue.tag_Sequence, temp.toByteArray());
0N/A
0N/A        out.write(derOut.toByteArray());
0N/A
0N/A    }
0N/A
0N/A    /**
5872N/A     * Returns if the attribute is known. Unknown attributes can be created
5872N/A     * from DER encoding with unknown OIDs.
5872N/A     */
5872N/A    public boolean isKnown() {
5872N/A        return index != -1;
5872N/A    }
5872N/A
5872N/A    /**
0N/A     * Get the value of this attribute.  If the attribute is
0N/A     * single-valued, return just the one value.  If the attribute is
0N/A     * multi-valued, return an array containing all the values.
0N/A     * It is possible for this array to be of length 0.
0N/A     *
0N/A     * <P> The
0N/A     * <a href=#classTable>table</a> gives the class of the value returned,
0N/A     * depending on the type of this attribute.
0N/A     */
0N/A    public Object getValue() {
0N/A        return value;
0N/A    }
0N/A
0N/A    /**
0N/A     * Show whether this attribute is single-valued.
0N/A     */
0N/A    public boolean isSingleValued() {
5872N/A        return index == -1 || SINGLE_VALUED[index];
0N/A    }
0N/A
0N/A    /**
0N/A     *  Return the OID of this attribute.
0N/A     */
0N/A    public ObjectIdentifier getOID() {
5872N/A        return oid;
0N/A    }
0N/A
0N/A    /**
0N/A     *  Return the name of this attribute.
0N/A     */
0N/A    public String getName() {
5872N/A        return index == -1 ?
5872N/A                oid.toString() :
5872N/A                OID_NAME_TABLE.get(PKCS9_OIDS[index]);
0N/A    }
0N/A
0N/A    /**
0N/A     * Return the OID for a given attribute name or null if we don't recognize
0N/A     * the name.
0N/A     */
0N/A    public static ObjectIdentifier getOID(String name) {
2619N/A        return NAME_OID_TABLE.get(name.toLowerCase(Locale.ENGLISH));
0N/A    }
0N/A
0N/A    /**
0N/A     * Return the attribute name for a given OID or null if we don't recognize
0N/A     * the oid.
0N/A     */
0N/A    public static String getName(ObjectIdentifier oid) {
0N/A        return OID_NAME_TABLE.get(oid);
0N/A    }
0N/A
0N/A    /**
0N/A     * Returns a string representation of this attribute.
0N/A     */
0N/A    public String toString() {
0N/A        StringBuffer buf = new StringBuffer(100);
0N/A
0N/A        buf.append("[");
0N/A
5872N/A        if (index == -1) {
5872N/A            buf.append(oid.toString());
5872N/A        } else {
5872N/A            buf.append(OID_NAME_TABLE.get(PKCS9_OIDS[index]));
5872N/A        }
0N/A        buf.append(": ");
0N/A
5872N/A        if (index == -1 || SINGLE_VALUED[index]) {
0N/A            if (value instanceof byte[]) { // special case for octet string
0N/A                HexDumpEncoder hexDump = new HexDumpEncoder();
0N/A                buf.append(hexDump.encodeBuffer((byte[]) value));
0N/A            } else {
0N/A                buf.append(value.toString());
0N/A            }
0N/A            buf.append("]");
0N/A            return buf.toString();
0N/A        } else { // multi-valued
0N/A            boolean first = true;
0N/A            Object[] values = (Object[]) value;
0N/A
0N/A            for (int j=0; j < values.length; j++) {
0N/A                if (first)
0N/A                    first = false;
0N/A                else
0N/A                    buf.append(", ");
0N/A
0N/A                buf.append(values[j].toString());
0N/A            }
0N/A            return buf.toString();
0N/A        }
0N/A    }
0N/A
0N/A    /**
0N/A     * Beginning the search at <code>start</code>, find the first
0N/A     * index <code>i</code> such that <code>a[i] = obj</code>.
0N/A     *
0N/A     * @return the index, if found, and -1 otherwise.
0N/A     */
0N/A    static int indexOf(Object obj, Object[] a, int start) {
0N/A        for (int i=start; i < a.length; i++) {
0N/A            if (obj.equals(a[i])) return i;
0N/A        }
0N/A        return -1;
0N/A    }
0N/A
0N/A    /**
0N/A     * Throw an exception when there are multiple values for
0N/A     * a single-valued attribute.
0N/A     */
0N/A    private void throwSingleValuedException() throws IOException {
0N/A        throw new IOException("Single-value attribute " +
5872N/A                              oid + " (" + getName() + ")" +
0N/A                              " has multiple values.");
0N/A    }
0N/A
0N/A    /**
0N/A     * Throw an exception when the tag on a value encoding is
5872N/A     * wrong for the attribute whose value it is. This method
5872N/A     * will only be called for known tags.
0N/A     */
0N/A    private void throwTagException(Byte tag)
0N/A    throws IOException {
0N/A        Byte[] expectedTags = PKCS9_VALUE_TAGS[index];
0N/A        StringBuffer msg = new StringBuffer(100);
0N/A        msg.append("Value of attribute ");
5872N/A        msg.append(oid.toString());
0N/A        msg.append(" (");
0N/A        msg.append(getName());
0N/A        msg.append(") has wrong tag: ");
0N/A        msg.append(tag.toString());
0N/A        msg.append(".  Expected tags: ");
0N/A
0N/A        msg.append(expectedTags[0].toString());
0N/A
0N/A        for (int i = 1; i < expectedTags.length; i++) {
0N/A            msg.append(", ");
0N/A            msg.append(expectedTags[i].toString());
0N/A        }
0N/A        msg.append(".");
0N/A        throw new IOException(msg.toString());
0N/A    }
0N/A}