下面列出了java.security.PKCS12Attribute#sun.security.util.ObjectIdentifier 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
/**
* Creates the extension (also called by the subclass).
*/
protected CRLDistributionPointsExtension(ObjectIdentifier extensionId,
Boolean critical, Object value, String extensionName)
throws IOException {
this.extensionId = extensionId;
this.critical = critical.booleanValue();
if (!(value instanceof byte[])) {
throw new IOException("Illegal argument type");
}
extensionValue = (byte[])value;
DerValue val = new DerValue(extensionValue);
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding for " + extensionName +
" extension.");
}
distributionPoints = new ArrayList<DistributionPoint>();
while (val.data.available() != 0) {
DerValue seq = val.data.getDerValue();
DistributionPoint point = new DistributionPoint(seq);
distributionPoints.add(point);
}
this.extensionName = extensionName;
}
/**
* Sets the policy constraint. The {@code X509Certificate} must
* include at least one of the specified policies in its certificate
* policies extension. If {@code certPolicySet} is empty, then the
* {@code X509Certificate} must include at least some specified policy
* in its certificate policies extension. If {@code certPolicySet} is
* {@code null}, no policy check will be performed.
* <p>
* Note that the {@code Set} is cloned to protect against
* subsequent modifications.
*
* @param certPolicySet a {@code Set} of certificate policy OIDs in
* string format (or {@code null}). Each OID is
* represented by a set of nonnegative integers
* separated by periods.
* @throws IOException if a parsing error occurs on the OID such as
* the first component is not 0, 1 or 2 or the second component is
* greater than 39.
* @see #getPolicy
*/
public void setPolicy(Set<String> certPolicySet) throws IOException {
if (certPolicySet == null) {
policySet = null;
policy = null;
} else {
// Snapshot set and parse it
Set<String> tempSet = Collections.unmodifiableSet
(new HashSet<String>(certPolicySet));
/* Convert to Vector of ObjectIdentifiers */
Iterator<String> i = tempSet.iterator();
Vector<CertificatePolicyId> polIdVector = new Vector<CertificatePolicyId>();
while (i.hasNext()) {
Object o = i.next();
if (!(o instanceof String)) {
throw new IOException("non String in certPolicySet");
}
polIdVector.add(new CertificatePolicyId(new ObjectIdentifier(
(String)o)));
}
// If everything went OK, make the changes
policySet = tempSet;
policy = new CertificatePolicySet(polIdVector);
}
}
/**
* Creates the extension (also called by the subclass).
*/
protected CRLDistributionPointsExtension(ObjectIdentifier extensionId,
Boolean critical, Object value, String extensionName)
throws IOException {
this.extensionId = extensionId;
this.critical = critical.booleanValue();
if (!(value instanceof byte[])) {
throw new IOException("Illegal argument type");
}
extensionValue = (byte[])value;
DerValue val = new DerValue(extensionValue);
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding for " + extensionName +
" extension.");
}
distributionPoints = new ArrayList<DistributionPoint>();
while (val.data.available() != 0) {
DerValue seq = val.data.getDerValue();
DistributionPoint point = new DistributionPoint(seq);
distributionPoints.add(point);
}
this.extensionName = extensionName;
}
NamedCurve(String name, String oid, EllipticCurve curve,
ECPoint g, BigInteger n, int h) {
super(curve, g, n, h);
this.name = name;
this.oid = oid;
DerOutputStream out = new DerOutputStream();
try {
out.putOID(new ObjectIdentifier(oid));
} catch (IOException e) {
throw new RuntimeException("Internal error", e);
}
encoded = out.toByteArray();
}
NamedCurve(String name, String oid, EllipticCurve curve,
ECPoint g, BigInteger n, int h) {
super(curve, g, n, h);
this.name = name;
this.oid = oid;
DerOutputStream out = new DerOutputStream();
try {
out.putOID(new ObjectIdentifier(oid));
} catch (IOException e) {
throw new RuntimeException("Internal error", e);
}
encoded = out.toByteArray();
}
/**
* Sets the policy constraint. The {@code X509Certificate} must
* include at least one of the specified policies in its certificate
* policies extension. If {@code certPolicySet} is empty, then the
* {@code X509Certificate} must include at least some specified policy
* in its certificate policies extension. If {@code certPolicySet} is
* {@code null}, no policy check will be performed.
* <p>
* Note that the {@code Set} is cloned to protect against
* subsequent modifications.
*
* @param certPolicySet a {@code Set} of certificate policy OIDs in
* string format (or {@code null}). Each OID is
* represented by a set of nonnegative integers
* separated by periods.
* @throws IOException if a parsing error occurs on the OID such as
* the first component is not 0, 1 or 2 or the second component is
* greater than 39.
* @see #getPolicy
*/
public void setPolicy(Set<String> certPolicySet) throws IOException {
if (certPolicySet == null) {
policySet = null;
policy = null;
} else {
// Snapshot set and parse it
Set<String> tempSet = Collections.unmodifiableSet
(new HashSet<>(certPolicySet));
/* Convert to Vector of ObjectIdentifiers */
Iterator<String> i = tempSet.iterator();
Vector<CertificatePolicyId> polIdVector = new Vector<>();
while (i.hasNext()) {
Object o = i.next();
if (!(o instanceof String)) {
throw new IOException("non String in certPolicySet");
}
polIdVector.add(new CertificatePolicyId(new ObjectIdentifier(
(String)o)));
}
// If everything went OK, make the changes
policySet = tempSet;
policy = new CertificatePolicySet(polIdVector);
}
}
/**
* Return the extension as user readable string.
*/
public String toString() {
if (keyUsages == null) return "";
String usage = " ";
boolean first = true;
for (ObjectIdentifier oid: keyUsages) {
if(!first) {
usage += "\n ";
}
String result = map.get(oid);
if (result != null) {
usage += result;
} else {
usage += oid.toString();
}
first = false;
}
return super.toString() + "ExtendedKeyUsages [\n"
+ usage + "\n]\n";
}
NamedCurve(String name, String oid, EllipticCurve curve,
ECPoint g, BigInteger n, int h) {
super(curve, g, n, h);
this.name = name;
this.oid = oid;
DerOutputStream out = new DerOutputStream();
try {
out.putOID(new ObjectIdentifier(oid));
} catch (IOException e) {
throw new RuntimeException("Internal error", e);
}
encoded = out.toByteArray();
}
private void init(ObjectIdentifier oid, Object value)
throws IllegalArgumentException {
this.oid = oid;
index = indexOf(oid, PKCS9_OIDS, 1);
Class<?> clazz = index == -1 ? BYTE_ARRAY_CLASS: VALUE_CLASSES[index];
if (!clazz.isInstance(value)) {
throw new IllegalArgumentException(
"Wrong value class " +
" for attribute " + oid +
" constructing PKCS9Attribute; was " +
value.getClass().toString() + ", should be " +
clazz.toString());
}
this.value = value;
}
/**
* Create the extension from its DER encoded value and criticality.
*
* @param critical true if the extension is to be treated as critical.
* @param value an array of DER encoded bytes of the actual value.
* @exception ClassCastException if value is not an array of bytes
* @exception IOException on error.
*/
public ExtendedKeyUsageExtension(Boolean critical, Object value)
throws IOException {
this.extensionId = PKIXExtensions.ExtendedKeyUsage_Id;
this.critical = critical.booleanValue();
this.extensionValue = (byte[]) value;
DerValue val = new DerValue(this.extensionValue);
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding for " +
"ExtendedKeyUsageExtension.");
}
keyUsages = new Vector<ObjectIdentifier>();
while (val.data.available() != 0) {
DerValue seq = val.data.getDerValue();
ObjectIdentifier usage = seq.getOID();
keyUsages.addElement(usage);
}
}
/**
* Sets the policy constraint. The {@code X509Certificate} must
* include at least one of the specified policies in its certificate
* policies extension. If {@code certPolicySet} is empty, then the
* {@code X509Certificate} must include at least some specified policy
* in its certificate policies extension. If {@code certPolicySet} is
* {@code null}, no policy check will be performed.
* <p>
* Note that the {@code Set} is cloned to protect against
* subsequent modifications.
*
* @param certPolicySet a {@code Set} of certificate policy OIDs in
* string format (or {@code null}). Each OID is
* represented by a set of nonnegative integers
* separated by periods.
* @throws IOException if a parsing error occurs on the OID such as
* the first component is not 0, 1 or 2 or the second component is
* greater than 39.
* @see #getPolicy
*/
public void setPolicy(Set<String> certPolicySet) throws IOException {
if (certPolicySet == null) {
policySet = null;
policy = null;
} else {
// Snapshot set and parse it
Set<String> tempSet = Collections.unmodifiableSet
(new HashSet<String>(certPolicySet));
/* Convert to Vector of ObjectIdentifiers */
Iterator<String> i = tempSet.iterator();
Vector<CertificatePolicyId> polIdVector = new Vector<CertificatePolicyId>();
while (i.hasNext()) {
Object o = i.next();
if (!(o instanceof String)) {
throw new IOException("non String in certPolicySet");
}
polIdVector.add(new CertificatePolicyId(new ObjectIdentifier(
(String)o)));
}
// If everything went OK, make the changes
policySet = tempSet;
policy = new CertificatePolicySet(polIdVector);
}
}
/**
* Construct a set of PKCS9 Attributes from the given array of
* PKCS9 attributes.
* DER encoding on a DerInputStream. All attributes in
* <code>attribs</code> must be
* supported by class PKCS9Attribute.
*
* @exception IOException
* on i/o error, encoding syntax error, or unsupported or
* duplicate attribute.
*
* @see PKCS9Attribute
*/
public PKCS9Attributes(PKCS9Attribute[] attribs)
throws IllegalArgumentException, IOException {
ObjectIdentifier oid;
for (int i=0; i < attribs.length; i++) {
oid = attribs[i].getOID();
if (attributes.containsKey(oid))
throw new IllegalArgumentException(
"PKCSAttribute " + attribs[i].getOID() +
" duplicated while constructing " +
"PKCS9Attributes.");
attributes.put(oid, attribs[i]);
}
derEncoding = generateDerEncoding();
permittedAttributes = null;
}
private void init(ObjectIdentifier oid, Object value)
throws IllegalArgumentException {
this.oid = oid;
index = indexOf(oid, PKCS9_OIDS, 1);
Class<?> clazz = index == -1 ? BYTE_ARRAY_CLASS: VALUE_CLASSES[index];
if (!clazz.isInstance(value)) {
throw new IllegalArgumentException(
"Wrong value class " +
" for attribute " + oid +
" constructing PKCS9Attribute; was " +
value.getClass().toString() + ", should be " +
clazz.toString());
}
this.value = value;
}
/**
* Return the extension as user readable string.
*/
public String toString() {
if (keyUsages == null) return "";
String usage = " ";
boolean first = true;
for (ObjectIdentifier oid: keyUsages) {
if(!first) {
usage += "\n ";
}
String result = map.get(oid);
if (result != null) {
usage += result;
} else {
usage += oid.toString();
}
first = false;
}
return super.toString() + "ExtendedKeyUsages [\n"
+ usage + "\n]\n";
}
private void init(ObjectIdentifier oid, Object value)
throws IllegalArgumentException {
this.oid = oid;
index = indexOf(oid, PKCS9_OIDS, 1);
Class<?> clazz = index == -1 ? BYTE_ARRAY_CLASS: VALUE_CLASSES[index];
if (!clazz.isInstance(value)) {
throw new IllegalArgumentException(
"Wrong value class " +
" for attribute " + oid +
" constructing PKCS9Attribute; was " +
value.getClass().toString() + ", should be " +
clazz.toString());
}
this.value = value;
}
/**
* Construct a set of PKCS9 Attributes from the given array of
* PKCS9 attributes.
* DER encoding on a DerInputStream. All attributes in
* <code>attribs</code> must be
* supported by class PKCS9Attribute.
*
* @exception IOException
* on i/o error, encoding syntax error, or unsupported or
* duplicate attribute.
*
* @see PKCS9Attribute
*/
public PKCS9Attributes(PKCS9Attribute[] attribs)
throws IllegalArgumentException, IOException {
ObjectIdentifier oid;
for (int i=0; i < attribs.length; i++) {
oid = attribs[i].getOID();
if (attributes.containsKey(oid))
throw new IllegalArgumentException(
"PKCSAttribute " + attribs[i].getOID() +
" duplicated while constructing " +
"PKCS9Attributes.");
attributes.put(oid, attribs[i]);
}
derEncoding = generateDerEncoding();
permittedAttributes = null;
}
private Set<KeyStore.Entry.Attribute> getAttributes(Entry entry) {
if (entry.attributes == null) {
entry.attributes = new HashSet<>();
}
// friendlyName
entry.attributes.add(new PKCS12Attribute(
PKCS9FriendlyName_OID.toString(), entry.alias));
// localKeyID
byte[] keyIdValue = entry.keyId;
if (keyIdValue != null) {
entry.attributes.add(new PKCS12Attribute(
PKCS9LocalKeyId_OID.toString(), Debug.toString(keyIdValue)));
}
// trustedKeyUsage
if (entry instanceof CertEntry) {
ObjectIdentifier[] trustedKeyUsageValue =
((CertEntry) entry).trustedKeyUsage;
if (trustedKeyUsageValue != null) {
if (trustedKeyUsageValue.length == 1) { // omit brackets
entry.attributes.add(new PKCS12Attribute(
TrustedKeyUsage_OID.toString(),
trustedKeyUsageValue[0].toString()));
} else { // multi-valued
entry.attributes.add(new PKCS12Attribute(
TrustedKeyUsage_OID.toString(),
Arrays.toString(trustedKeyUsageValue)));
}
}
}
return entry.attributes;
}
private static String mapPBEParamsToAlgorithm(ObjectIdentifier algorithm,
AlgorithmParameters algParams) throws NoSuchAlgorithmException {
// Check for PBES2 algorithms
if (algorithm.equals((Object)pbes2_OID) && algParams != null) {
return algParams.toString();
}
return algorithm.toString();
}
/**
* Deserialize the {@code CertificateRevokedException} instance.
*/
private void readObject(ObjectInputStream ois)
throws IOException, ClassNotFoundException {
// Read in the non-transient fields
// (revocationDate, reason, authority)
ois.defaultReadObject();
// Defensively copy the revocation date
revocationDate = new Date(revocationDate.getTime());
// Read in the size (number of mappings) of the extensions map
// and create the extensions map
int size = ois.readInt();
if (size == 0) {
extensions = Collections.emptyMap();
} else {
extensions = new HashMap<String, Extension>(size);
}
// Read in the extensions and put the mappings in the extensions map
for (int i = 0; i < size; i++) {
String oid = (String) ois.readObject();
boolean critical = ois.readBoolean();
int length = ois.readInt();
byte[] extVal = new byte[length];
ois.readFully(extVal);
Extension ext = sun.security.x509.Extension.newExtension
(new ObjectIdentifier(oid), critical, extVal);
extensions.put(oid, ext);
}
}
/**
* Deserialize the {@code CertificateRevokedException} instance.
*/
private void readObject(ObjectInputStream ois)
throws IOException, ClassNotFoundException {
// Read in the non-transient fields
// (revocationDate, reason, authority)
ois.defaultReadObject();
// Defensively copy the revocation date
revocationDate = new Date(revocationDate.getTime());
// Read in the size (number of mappings) of the extensions map
// and create the extensions map
int size = ois.readInt();
if (size == 0) {
extensions = Collections.emptyMap();
} else {
extensions = new HashMap<String, Extension>(size);
}
// Read in the extensions and put the mappings in the extensions map
for (int i = 0; i < size; i++) {
String oid = (String) ois.readObject();
boolean critical = ois.readBoolean();
int length = ois.readInt();
byte[] extVal = new byte[length];
ois.readFully(extVal);
Extension ext = sun.security.x509.Extension.newExtension
(new ObjectIdentifier(oid), critical, extVal);
extensions.put(oid, ext);
}
}
/**
* Get the attribute value.
*/
public Vector<ObjectIdentifier> get(String name) throws IOException {
if (name.equalsIgnoreCase(USAGES)) {
//XXXX May want to consider cloning this
return keyUsages;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:ExtendedKeyUsageExtension.");
}
}
/**
* Deserialize the {@code CertificateRevokedException} instance.
*/
private void readObject(ObjectInputStream ois)
throws IOException, ClassNotFoundException {
// Read in the non-transient fields
// (revocationDate, reason, authority)
ois.defaultReadObject();
// Defensively copy the revocation date
revocationDate = new Date(revocationDate.getTime());
// Read in the size (number of mappings) of the extensions map
// and create the extensions map
int size = ois.readInt();
if (size == 0) {
extensions = Collections.emptyMap();
} else if (size < 0) {
throw new IOException("size cannot be negative");
} else {
extensions = new HashMap<>(size > 20 ? 20 : size);
}
// Read in the extensions and put the mappings in the extensions map
for (int i = 0; i < size; i++) {
String oid = (String) ois.readObject();
boolean critical = ois.readBoolean();
byte[] extVal = IOUtils.readExactlyNBytes(ois, ois.readInt());
Extension ext = sun.security.x509.Extension.newExtension
(new ObjectIdentifier(oid), critical, extVal);
extensions.put(oid, ext);
}
}
private boolean matchExtendedKeyUsage(X509Certificate xcert) {
if ((keyPurposeSet == null) || keyPurposeSet.isEmpty()) {
return true;
}
try {
ExtendedKeyUsageExtension ext =
(ExtendedKeyUsageExtension)getExtensionObject(xcert,
EXTENDED_KEY_USAGE_ID);
if (ext != null) {
Vector<ObjectIdentifier> certKeyPurposeVector =
ext.get(ExtendedKeyUsageExtension.USAGES);
if (!certKeyPurposeVector.contains(ANY_EXTENDED_KEY_USAGE)
&& !certKeyPurposeVector.containsAll(keyPurposeOIDSet)) {
if (debug != null) {
debug.println("X509CertSelector.match: cert failed "
+ "extendedKeyUsage criterion");
}
return false;
}
}
} catch (IOException ex) {
if (debug != null) {
debug.println("X509CertSelector.match: "
+ "IOException in extended key usage check");
}
return false;
}
return true;
}
private boolean matchExtendedKeyUsage(X509Certificate xcert) {
if ((keyPurposeSet == null) || keyPurposeSet.isEmpty()) {
return true;
}
try {
ExtendedKeyUsageExtension ext =
(ExtendedKeyUsageExtension)getExtensionObject(xcert,
EXTENDED_KEY_USAGE_ID);
if (ext != null) {
Vector<ObjectIdentifier> certKeyPurposeVector =
ext.get(ExtendedKeyUsageExtension.USAGES);
if (!certKeyPurposeVector.contains(ANY_EXTENDED_KEY_USAGE)
&& !certKeyPurposeVector.containsAll(keyPurposeOIDSet)) {
if (debug != null) {
debug.println("X509CertSelector.match: cert failed "
+ "extendedKeyUsage criterion");
}
return false;
}
}
} catch (IOException ex) {
if (debug != null) {
debug.println("X509CertSelector.match: "
+ "IOException in extended key usage check");
}
return false;
}
return true;
}
private ObjectIdentifier getCertPubKeyAlgOID(X509Certificate xcert) throws IOException {
byte[] encodedKey = xcert.getPublicKey().getEncoded();
DerValue val = new DerValue(encodedKey);
if (val.tag != DerValue.tag_Sequence) {
throw new RuntimeException("invalid key format");
}
return AlgorithmId.parse(val.data.getDerValue()).getOID();
}
private static String mapPBEParamsToAlgorithm(ObjectIdentifier algorithm,
AlgorithmParameters algParams) throws NoSuchAlgorithmException {
// Check for PBES2 algorithms
if (algorithm.equals((Object)pbes2_OID) && algParams != null) {
return algParams.toString();
}
return algorithm.toString();
}
/**
* Set the attribute value.
*/
@SuppressWarnings("unchecked") // Checked with instanceof
public void set(String name, Object obj) throws IOException {
if (name.equalsIgnoreCase(USAGES)) {
if (!(obj instanceof Vector)) {
throw new IOException("Attribute value should be of type Vector.");
}
this.keyUsages = (Vector<ObjectIdentifier>)obj;
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
"CertAttrSet:ExtendedKeyUsageExtension.");
}
encodeThis();
}
/**
* Write the extension to the DerOutputStream.
* (Also called by the subclass)
*/
protected void encode(OutputStream out, ObjectIdentifier extensionId,
boolean isCritical) throws IOException {
DerOutputStream tmp = new DerOutputStream();
if (this.extensionValue == null) {
this.extensionId = extensionId;
this.critical = isCritical;
encodeThis();
}
super.encode(tmp);
out.write(tmp.toByteArray());
}
/**
* Creates the extension (also called by the subclass).
*/
protected CRLDistributionPointsExtension(ObjectIdentifier extensionId,
boolean isCritical, List<DistributionPoint> distributionPoints,
String extensionName) throws IOException {
this.extensionId = extensionId;
this.critical = isCritical;
this.distributionPoints = distributionPoints;
encodeThis();
this.extensionName = extensionName;
}
/**
* Write the extension to the DerOutputStream.
* (Also called by the subclass)
*/
protected void encode(OutputStream out, ObjectIdentifier extensionId,
boolean isCritical) throws IOException {
DerOutputStream tmp = new DerOutputStream();
if (this.extensionValue == null) {
this.extensionId = extensionId;
this.critical = isCritical;
encodeThis();
}
super.encode(tmp);
out.write(tmp.toByteArray());
}