/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* This class identifies algorithms, such as cryptographic transforms, each
* of which may be associated with parameters. Instances of this base class
* are used when this runtime environment has no special knowledge of the
* algorithm type, and may also be used in other cases. Equivalence is
* defined according to OID and (where relevant) parameters.
*
* <P>Subclasses may be used, for example when when the algorithm ID has
* associated parameters which some code (e.g. code using public keys) needs
* to have parsed. Two examples of such algorithms are Diffie-Hellman key
*
* <P>The OID constants defined in this class correspond to some widely
* used algorithms, for which conventional string names have been defined.
* This class is not a general repository for OIDs, or for such string names.
* Note that the mappings between algorithm IDs and algorithm names is
* not one-to-one.
*
*
* @author David Brownell
* @author Amit Kapoor
* @author Hemma Prafullchandra
*/
/** use serialVersionUID from JDK 1.1. for interoperability */
/**
* The object identitifer being used for this algorithm.
*/
// The (parsed) parameters
private boolean constructedFromDer = true;
/**
* Parameters for this algorithm. These are stored in unparsed
* DER-encoded form; subclasses can be made to automaticaly parse
* them so there is fast access to these parameters.
*/
/**
* Constructs an algorithm ID which will be initialized
* separately, for example by deserialization.
* @deprecated use one of the other constructors.
*/
public AlgorithmId() { }
/**
* Constructs a parameterless algorithm ID.
*
* @param oid the identifier for the algorithm
*/
}
/**
* Constructs an algorithm ID with algorithm parameters.
*
* @param oid the identifier for the algorithm.
* @param algparams the associated algorithm parameters.
*/
constructedFromDer = false;
}
throws IOException {
decodeParams();
}
}
try {
} catch (NoSuchAlgorithmException e) {
try {
// Try the internal EC code so that we can fully parse EC
// keys even if the provider is not registered.
// This code can go away once we have EC in the SUN provider.
} catch (NoSuchAlgorithmException ee) {
/*
* This algorithm parameter type is not supported, so we cannot
* parse the parameters.
*/
return;
}
}
// Decode (parse) the parameters
}
/**
* Marshal a DER-encoded "AlgorithmID" sequence on the DER stream.
*/
}
/**
* DER encode this object onto an output stream.
* Implements the <code>DerEncoder</code> interface.
*
* @param out
* the output stream on which to write the DER encoding.
*
* @exception IOException on encoding error.
*/
// Setup params from algParams since no DER encoding is given
if (constructedFromDer == false) {
} else {
}
}
// Changes backed out for compatibility with Solaris
// Several AlgorithmId should omit the whole parameter part when
// it's NULL. They are ---
// rfc3370 2.1: Implementations SHOULD generate SHA-1
// AlgorithmIdentifiers with absent parameters.
// rfc3447 C1: When id-sha1, id-sha256, id-sha384 and id-sha512
// are used in an AlgorithmIdentifier the parameters (which are
// optional) SHOULD be omitted.
// rfc3279 2.3.2: The id-dsa algorithm syntax includes optional
// domain parameters... When omitted, the parameters component
// MUST be omitted entirely
// rfc3370 3.1: When the id-dsa-with-sha1 algorithm identifier
// is used, the AlgorithmIdentifier parameters field MUST be absent.
/*if (
algid.equals((Object)SHA_oid) ||
algid.equals((Object)SHA256_oid) ||
algid.equals((Object)SHA384_oid) ||
algid.equals((Object)SHA512_oid) ||
algid.equals((Object)DSA_oid) ||
algid.equals((Object)sha1WithDSA_oid)) {
; // no parameter part encoded
} else {
bytes.putNull();
}*/
} else {
}
}
/**
* Returns the DER-encoded X.509 AlgorithmId as a byte array.
*/
return out.toByteArray();
}
/**
* Returns the ISO OID for this algorithm. This is usually converted
* to a string and used as part of an algorithm name, for example
* "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code>
* call when you do not need to ensure cross-system portability
* of algorithm names, or need a user friendly name.
*/
return algid;
}
/**
* Returns a name for the algorithm which may be more intelligible
* to humans than the algorithm's OID, but which won't necessarily
* be comprehensible on other systems. For example, this might
* return a name such as "MD5withRSA" for a signature algorithm on
* some systems. It also returns names like "OID.1.2.3.4", when
* no particular name for the algorithm is known.
*/
return algName;
}
try {
paramsName = "SHA1";
}
} catch (IOException e) {
// ignore
}
}
}
return algParams;
}
/**
* Returns the DER encoded parameter, which can then be
* used to initialize java.security.AlgorithmParamters.
*
* @return DER encoded parameters, or null not present.
*/
}
/**
* Returns true iff the argument indicates the same algorithm
* with the same parameters.
*/
boolean paramsEqual =
}
/**
* Compares this AlgorithmID to another. If algorithm parameters are
* available, they are compared. Otherwise, just the object IDs
* for the algorithm are compared.
*
* @param other preferably an AlgorithmId, else an ObjectIdentifier
*/
if (this == other) {
return true;
}
if (other instanceof AlgorithmId) {
} else if (other instanceof ObjectIdentifier) {
} else {
return false;
}
}
/**
* Compares two algorithm IDs for equality. Returns true iff
* they are the same algorithm, ignoring algorithm parameters.
*/
}
/**
* Returns a hashcode for this AlgorithmId.
*
* @return a hashcode for this AlgorithmId.
*/
public int hashCode() {
}
/**
* Provides a human-readable description of the algorithm parameters.
* This may be redefined by subclasses which parse those parameters.
*/
return "";
} else {
return ", params unparsed";
}
}
/**
* Returns a string describing the algorithm and its parameters.
*/
return getName() + paramsToString();
}
/**
* Parse (unmarshal) an ID from a DER sequence input value. This form
* parsing might be used when expanding a value which has already been
* partially unmarshaled as a set or sequence member.
*
* @exception IOException on error.
* @param val the input value, which contains the algid and, if
* there are any parameters, those parameters.
* @return an ID for the algorithm. If the system is configured
* appropriately, this may be an instance of a class
* with some kind of special support for this algorithm.
* In that case, you may "narrow" the type of the ID.
*/
throw new IOException("algid parse error, not a sequence");
}
/*
* Get the algorithm ID and any parameters.
*/
} else {
throw new IOException("invalid NULL");
}
}
throw new IOException("Invalid AlgorithmIdentifier: extra data");
}
}
}
/**
* Returns one of the algorithm IDs most commonly associated
* with this algorithm name.
*
* @param algname the name being used
* @deprecated use the short get form of this method.
* @exception NoSuchAlgorithmException on error.
*/
throws NoSuchAlgorithmException {
}
/**
* Returns one of the algorithm IDs most commonly associated
* with this algorithm name.
*
* @param algname the name being used
* @exception NoSuchAlgorithmException on error.
*/
throws NoSuchAlgorithmException {
try {
} catch (IOException ioe) {
throw new NoSuchAlgorithmException
("Invalid ObjectIdentifier " + algname);
}
throw new NoSuchAlgorithmException
("unrecognized algorithm name: " + algname);
}
return new AlgorithmId(oid);
}
/**
* Returns one of the algorithm IDs most commonly associated
* with this algorithm parameters.
*
* @param algparams the associated algorithm parameters.
* @exception NoSuchAlgorithmException on error.
*/
throws NoSuchAlgorithmException {
try {
} catch (IOException ioe) {
throw new NoSuchAlgorithmException
("Invalid ObjectIdentifier " + algname);
}
throw new NoSuchAlgorithmException
("unrecognized algorithm name: " + algname);
}
}
/*
* Translates from some common algorithm names to the
* OID with which they're usually associated ... this mapping
* is the reverse of the one below, except in those cases
* where synonyms are supported or where a given algorithm
* is commonly associated with multiple OIDs.
*
* XXX This method needs to be enhanced so that we can also pass the
* scope of the algorithm name to it, e.g., the algorithm name "DSA"
* may have a different OID when used as a "Signature" algorithm than when
* used as a "KeyPairGenerator" algorithm.
*/
// See if algname is in printable OID ("dot-dot") notation
} else {
return new ObjectIdentifier(name);
}
}
// Digesting algorithms
return AlgorithmId.MD5_oid;
}
return AlgorithmId.MD2_oid;
}
return AlgorithmId.SHA_oid;
}
return AlgorithmId.SHA256_oid;
}
return AlgorithmId.SHA384_oid;
}
return AlgorithmId.SHA512_oid;
}
// Various public key algorithms
return AlgorithmId.RSAEncryption_oid;
}
return AlgorithmId.DH_oid;
}
return AlgorithmId.DSA_oid;
}
return EC_oid;
}
// Common signature types
return AlgorithmId.md5WithRSAEncryption_oid;
}
return AlgorithmId.md2WithRSAEncryption_oid;
}
return AlgorithmId.sha1WithDSA_oid;
}
return AlgorithmId.sha1WithRSAEncryption_oid;
}
return AlgorithmId.sha1WithECDSA_oid;
}
return AlgorithmId.sha224WithECDSA_oid;
}
return AlgorithmId.sha256WithECDSA_oid;
}
return AlgorithmId.sha384WithECDSA_oid;
}
return AlgorithmId.sha512WithECDSA_oid;
}
// See if any of the installed providers supply a mapping from
// the given algorithm name to an OID string
if (!initOidTable) {
enum_.hasMoreElements(); ) {
int index;
// invalid alias entry
break;
}
}
if (stdAlgName != null) {
}
if (stdAlgName != null &&
new ObjectIdentifier(oidString));
}
}
}
}
}
initOidTable = true;
}
}
}
private static boolean initOidTable = false;
/*****************************************************************/
/*
* HASHING ALGORITHMS
*/
/**
* Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319.
* OID = 1.2.840.113549.2.2
*/
/**
* Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321.
* OID = 1.2.840.113549.2.5
*/
/**
* Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1.
* This is sometimes called "SHA", though that is often confusing since
* many people refer to FIPS 180 (which has an error) as defining SHA.
* OID = 1.3.14.3.2.26. Old SHA-0 OID: 1.3.14.3.2.18.
*/
/*
* COMMON PUBLIC KEY TYPES
*/
private static final int RSAEncryption_data[] =
{ 1, 2, 840, 113549, 1, 1, 1 };
/*
* COMMON SIGNATURE ALGORITHMS
*/
private static final int md2WithRSAEncryption_data[] =
{ 1, 2, 840, 113549, 1, 1, 2 };
private static final int md5WithRSAEncryption_data[] =
{ 1, 2, 840, 113549, 1, 1, 4 };
private static final int sha1WithRSAEncryption_data[] =
{ 1, 2, 840, 113549, 1, 1, 5 };
private static final int sha1WithRSAEncryption_OIW_data[] =
{ 1, 3, 14, 3, 2, 29 };
private static final int sha256WithRSAEncryption_data[] =
{ 1, 2, 840, 113549, 1, 1, 11 };
private static final int sha384WithRSAEncryption_data[] =
{ 1, 2, 840, 113549, 1, 1, 12 };
private static final int sha512WithRSAEncryption_data[] =
{ 1, 2, 840, 113549, 1, 1, 13 };
private static final int shaWithDSA_OIW_data[] =
{ 1, 3, 14, 3, 2, 13 };
private static final int sha1WithDSA_OIW_data[] =
{ 1, 3, 14, 3, 2, 27 };
private static final int dsaWithSHA1_PKIX_data[] =
{ 1, 2, 840, 10040, 4, 3 };
/**
* Algorithm ID for the PBE encryption algorithms from PKCS#5 and
* PKCS#12.
*/
static {
/*
* Note the preferred OIDs are named simply with no "OIW" or
* "PKIX" in them, even though they may point to data from these
* specs; e.g. SHA_oid, DH_oid, DSA_oid, SHA1WithDSA_oid...
*/
/**
* Algorithm ID for Diffie Hellman Key agreement, from PKCS #3.
* Parameters include public values P and G, and may optionally specify
* the length of the private key X. Alternatively, algorithm parameters
* may be derived from another source such as a Certificate Authority's
* certificate.
* OID = 1.2.840.113549.1.3.1
*/
/**
* Algorithm ID for the Diffie Hellman Key Agreement (DH), from RFC 3279.
* Parameters may include public values P and G.
* OID = 1.2.840.10046.2.1
*/
/**
* Algorithm ID for the Digital Signing Algorithm (DSA), from the
* NIST OIW Stable Agreements part 12.
* Parameters may include public values P, Q, and G; or these may be
* derived from
* another source such as a Certificate Authority's certificate.
* OID = 1.3.14.3.2.12
*/
/**
* Algorithm ID for the Digital Signing Algorithm (DSA), from RFC 3279.
* Parameters may include public values P, Q, and G; or these may be
* derived from another source such as a Certificate Authority's
* certificate.
* OID = 1.2.840.10040.4.1
*/
/**
* Algorithm ID for RSA keys used for any purpose, as defined in X.509.
* The algorithm parameter is a single value, the number of bits in the
* public modulus.
* OID = 2.5.8.1.1
*/
/**
* Algorithm ID for RSA keys used with RSA encryption, as defined
* in PKCS #1. There are no parameters associated with this algorithm.
* OID = 1.2.840.113549.1.1.1
*/
/**
* Identifies a signing algorithm where an MD2 digest is encrypted
* using an RSA private key; defined in PKCS #1. Use of this
* signing algorithm is discouraged due to MD2 vulnerabilities.
* OID = 1.2.840.113549.1.1.2
*/
/**
* Identifies a signing algorithm where an MD5 digest is
* encrypted using an RSA private key; defined in PKCS #1.
* OID = 1.2.840.113549.1.1.4
*/
/**
* Identifies a signing algorithm where a SHA1 digest is
* encrypted using an RSA private key; defined by RSA DSI.
* OID = 1.2.840.113549.1.1.5
*/
/**
* Identifies a signing algorithm where a SHA1 digest is
* encrypted using an RSA private key; defined in NIST OIW.
* OID = 1.3.14.3.2.29
*/
/**
* Identifies a signing algorithm where a SHA256 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.11
*/
/**
* Identifies a signing algorithm where a SHA384 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.12
*/
/**
* Identifies a signing algorithm where a SHA512 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.13
*/
/**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
* SHA digest is signed using the Digital Signing Algorithm (DSA).
* This should not be used.
* OID = 1.3.14.3.2.13
*/
/**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
* SHA1 digest is signed using the Digital Signing Algorithm (DSA).
* OID = 1.3.14.3.2.27
*/
/**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
* SHA1 digest is signed using the Digital Signing Algorithm (DSA).
* OID = 1.2.840.10040.4.3
*/
}
/**
* Creates a signature algorithm name from a digest algorithm
* name and a encryption algorithm name.
*/
}
/**
* Extracts the encryption algorithm name from a signature
* algorithm name.
*/
if (with > 0) {
if (and > 0) {
} else {
}
keyAlgorithm = "EC";
}
}
return keyAlgorithm;
}
/**
* Extracts the digest algorithm name from a signature
* algorithm name.
*/
if (with > 0) {
}
return null;
}
}