From 671f84bd8625ea7e06fa8272ae629309df06e9ca Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Tue, 8 Nov 2022 22:35:29 +0000 Subject: [PATCH] 8296143: CertAttrSet's set/get mechanism is not type-safe Reviewed-by: mullan --- .../cert/CertificateRevokedException.java | 2 +- .../java/security/cert/X509CRLSelector.java | 6 +- .../java/security/cert/X509CertSelector.java | 46 +-- .../classes/sun/security/pkcs/PKCS7.java | 4 +- .../sun/security/pkcs/PKCS9Attribute.java | 8 +- .../certpath/AdaptableX509CertSelector.java | 3 +- .../provider/certpath/AlgorithmChecker.java | 2 +- .../security/provider/certpath/Builder.java | 15 +- .../certpath/DistributionPointFetcher.java | 32 +- .../provider/certpath/ForwardState.java | 22 +- .../provider/certpath/PolicyChecker.java | 144 ++----- .../provider/certpath/RevocationChecker.java | 16 +- .../security/provider/certpath/Vertex.java | 36 +- .../classes/sun/security/ssl/SSLLogger.java | 9 +- .../security/tools/keytool/CertAndKeyGen.java | 18 +- .../sun/security/tools/keytool/Main.java | 84 ++-- .../security/validator/SimpleValidator.java | 3 +- .../x509/AttributeNameEnumeration.java | 49 --- .../x509/AuthorityInfoAccessExtension.java | 50 +-- .../x509/AuthorityKeyIdentifierExtension.java | 67 +--- .../x509/BasicConstraintsExtension.java | 54 +-- .../x509/CRLDistributionPointsExtension.java | 47 +-- .../sun/security/x509/CRLExtensions.java | 25 +- .../sun/security/x509/CRLNumberExtension.java | 37 +- .../security/x509/CRLReasonCodeExtension.java | 41 +- .../sun/security/x509/CertAttrSet.java | 50 +-- .../security/x509/CertificateAlgorithmId.java | 45 +-- .../security/x509/CertificateExtensions.java | 57 +-- .../x509/CertificateIssuerExtension.java | 42 +- .../security/x509/CertificateIssuerName.java | 146 ------- .../x509/CertificatePoliciesExtension.java | 47 +-- .../x509/CertificateSerialNumber.java | 40 +- .../security/x509/CertificateSubjectName.java | 51 +-- .../security/x509/CertificateValidity.java | 52 +-- .../sun/security/x509/CertificateVersion.java | 49 +-- .../sun/security/x509/CertificateX509Key.java | 39 +- .../x509/DeltaCRLIndicatorExtension.java | 3 - .../x509/ExtendedKeyUsageExtension.java | 47 +-- .../x509/InhibitAnyPolicyExtension.java | 92 +---- .../x509/InvalidityDateExtension.java | 36 +- .../x509/IssuerAlternativeNameExtension.java | 48 +-- .../IssuingDistributionPointExtension.java | 114 +----- .../sun/security/x509/KeyUsageExtension.java | 40 +- .../x509/NameConstraintsExtension.java | 63 +-- .../x509/NetscapeCertTypeExtension.java | 26 +- .../security/x509/OCSPNoCheckExtension.java | 31 +- .../x509/PolicyConstraintsExtension.java | 52 +-- .../sun/security/x509/PolicyInformation.java | 48 --- .../x509/PolicyMappingsExtension.java | 46 +-- .../x509/PrivateKeyUsageExtension.java | 56 +-- .../x509/SubjectAlternativeNameExtension.java | 45 +-- .../x509/SubjectInfoAccessExtension.java | 51 +-- .../x509/SubjectKeyIdentifierExtension.java | 48 +-- .../sun/security/x509/X509AttributeName.java | 72 ---- .../sun/security/x509/X509CRLEntryImpl.java | 11 +- .../sun/security/x509/X509CRLImpl.java | 74 ++-- .../sun/security/x509/X509CertImpl.java | 364 +++-------------- .../sun/security/x509/X509CertInfo.java | 367 ++++-------------- .../sun/security/x509/certAttributes.html | 245 ------------ .../sun/security/tools/jarsigner/Main.java | 2 +- .../security/cert/X509CertSelectorTest.java | 18 +- .../sun/security/pkcs/pkcs7/SignerOrder.java | 17 +- .../security/provider/X509Factory/BigCRL.java | 11 +- .../ssl/X509KeyManager/NoGoodKey.java | 4 +- .../sun/security/x509/OtherName/Parse.java | 2 +- .../x509/X509CertImpl/V3Certificate.java | 52 ++- 66 files changed, 632 insertions(+), 2891 deletions(-) delete mode 100644 src/java.base/share/classes/sun/security/x509/AttributeNameEnumeration.java delete mode 100644 src/java.base/share/classes/sun/security/x509/CertificateIssuerName.java delete mode 100644 src/java.base/share/classes/sun/security/x509/X509AttributeName.java delete mode 100644 src/java.base/share/classes/sun/security/x509/certAttributes.html diff --git a/src/java.base/share/classes/java/security/cert/CertificateRevokedException.java b/src/java.base/share/classes/java/security/cert/CertificateRevokedException.java index 46c8ebb5f65e3..70083033fc6e6 100644 --- a/src/java.base/share/classes/java/security/cert/CertificateRevokedException.java +++ b/src/java.base/share/classes/java/security/cert/CertificateRevokedException.java @@ -155,7 +155,7 @@ public Date getInvalidityDate() { return null; } else { try { - Date invalidity = InvalidityDateExtension.toImpl(ext).get("DATE"); + Date invalidity = InvalidityDateExtension.toImpl(ext).getDate(); return new Date(invalidity.getTime()); } catch (IOException ioe) { return null; diff --git a/src/java.base/share/classes/java/security/cert/X509CRLSelector.java b/src/java.base/share/classes/java/security/cert/X509CRLSelector.java index 45bc470c8c166..0a4e5ac36732b 100644 --- a/src/java.base/share/classes/java/security/cert/X509CRLSelector.java +++ b/src/java.base/share/classes/java/security/cert/X509CRLSelector.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -323,7 +323,7 @@ private static HashSet cloneAndCheckIssuerNames(Collection names) else namesCopy.add(nameObject); } - return(namesCopy); + return namesCopy; } /** @@ -630,7 +630,7 @@ public boolean match(CRL crl) { byte[] encoded = in.getOctetString(); CRLNumberExtension crlNumExt = new CRLNumberExtension(Boolean.FALSE, encoded); - crlNum = crlNumExt.get(CRLNumberExtension.NUMBER); + crlNum = crlNumExt.getCrlNumber(); } catch (IOException ex) { if (debug != null) { debug.println("X509CRLSelector.match: exception in " diff --git a/src/java.base/share/classes/java/security/cert/X509CertSelector.java b/src/java.base/share/classes/java/security/cert/X509CertSelector.java index 291ff5bee8304..c472d58b473f6 100644 --- a/src/java.base/share/classes/java/security/cert/X509CertSelector.java +++ b/src/java.base/share/classes/java/security/cert/X509CertSelector.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1288,7 +1288,7 @@ public X500Principal getIssuer() { */ @Deprecated(since="16") public String getIssuerAsString() { - return (issuer == null ? null : issuer.getName()); + return issuer == null ? null : issuer.getName(); } /** @@ -1310,7 +1310,7 @@ public String getIssuerAsString() { * @throws IOException if an encoding error occurs */ public byte[] getIssuerAsBytes() throws IOException { - return (issuer == null ? null: issuer.getEncoded()); + return issuer == null ? null : issuer.getEncoded(); } /** @@ -1347,7 +1347,7 @@ public X500Principal getSubject() { */ @Deprecated(since="16") public String getSubjectAsString() { - return (subject == null ? null : subject.getName()); + return subject == null ? null : subject.getName(); } /** @@ -1369,7 +1369,7 @@ public String getSubjectAsString() { * @throws IOException if an encoding error occurs */ public byte[] getSubjectAsBytes() throws IOException { - return (subject == null ? null : subject.getEncoded()); + return subject == null ? null : subject.getEncoded(); } /** @@ -1868,7 +1868,7 @@ private static String keyUsageToString(boolean[] k) { s += "]\n"; - return (s); + return s; } /** @@ -2120,12 +2120,8 @@ private boolean matchPrivateKeyValid(X509Certificate xcert) { } catch (CertificateExpiredException e1) { if (debug != null) { String time = "n/a"; - try { - Date notAfter = ext.get(PrivateKeyUsageExtension.NOT_AFTER); - time = notAfter.toString(); - } catch (CertificateException ex) { - // not able to retrieve notAfter value - } + Date notAfter = ext.getNotAfter(); + time = notAfter.toString(); debug.println("X509CertSelector.match: private key usage not " + "within validity date; ext.NOT_After: " + time + "; X509CertSelector: " @@ -2136,12 +2132,8 @@ private boolean matchPrivateKeyValid(X509Certificate xcert) { } catch (CertificateNotYetValidException e2) { if (debug != null) { String time = "n/a"; - try { - Date notBefore = ext.get(PrivateKeyUsageExtension.NOT_BEFORE); - time = notBefore.toString(); - } catch (CertificateException ex) { - // not able to retrieve notBefore value - } + Date notBefore = ext.getNotBefore(); + time = notBefore.toString(); debug.println("X509CertSelector.match: private key usage not " + "within validity date; ext.NOT_BEFORE: " + time + "; X509CertSelector: " @@ -2227,8 +2219,7 @@ private boolean matchExtendedKeyUsage(X509Certificate xcert) { (ExtendedKeyUsageExtension)getExtensionObject(xcert, KnownOIDs.extendedKeyUsage); if (ext != null) { - Vector certKeyPurposeVector = - ext.get(ExtendedKeyUsageExtension.USAGES); + Vector certKeyPurposeVector = ext.getUsages(); if (!certKeyPurposeVector.contains(ANY_EXTENDED_KEY_USAGE) && !certKeyPurposeVector.containsAll(keyPurposeOIDSet)) { if (debug != null) { @@ -2264,8 +2255,7 @@ private boolean matchSubjectAlternativeNames(X509Certificate xcert) { } return false; } - GeneralNames certNames = - sanExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME); + GeneralNames certNames = sanExt.getNames(); Iterator i = subjectAlternativeGeneralNames.iterator(); while (i.hasNext()) { @@ -2333,7 +2323,7 @@ private boolean matchPolicy(X509Certificate xcert) { } return false; } - List policies = ext.get(CertificatePoliciesExtension.POLICIES); + List policies = ext.getCertPolicies(); /* * Convert the Vector of PolicyInformation to a Vector * of CertificatePolicyIds for easier comparison. @@ -2401,17 +2391,15 @@ private boolean matchPathToNames(X509Certificate xcert) { } } - GeneralSubtrees permitted = - ext.get(NameConstraintsExtension.PERMITTED_SUBTREES); - GeneralSubtrees excluded = - ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES); + GeneralSubtrees permitted = ext.getPermittedSubtrees(); + GeneralSubtrees excluded = ext.getExcludedSubtrees(); if (excluded != null) { - if (matchExcluded(excluded) == false) { + if (!matchExcluded(excluded)) { return false; } } if (permitted != null) { - if (matchPermitted(permitted) == false) { + if (!matchPermitted(permitted)) { return false; } } diff --git a/src/java.base/share/classes/sun/security/pkcs/PKCS7.java b/src/java.base/share/classes/sun/security/pkcs/PKCS7.java index 056599baa8360..c359130ea376d 100644 --- a/src/java.base/share/classes/sun/security/pkcs/PKCS7.java +++ b/src/java.base/share/classes/sun/security/pkcs/PKCS7.java @@ -684,9 +684,7 @@ private void populateCertIssuerNames() { try { X509CertInfo tbsCert = new X509CertInfo(cert.getTBSCertificate()); - certIssuerName = (Principal) - tbsCert.get(X509CertInfo.ISSUER + "." + - X509CertInfo.DN_NAME); + certIssuerName = tbsCert.getIssuer(); } catch (Exception e) { // error generating X500Name object from the cert's // issuer DN, leave name as is. diff --git a/src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java b/src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java index d15c7432a757c..6f213241ccf53 100644 --- a/src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java +++ b/src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java @@ -617,11 +617,7 @@ public void derEncode(DerOutputStream out) throws IOException { { DerOutputStream temp2 = new DerOutputStream(); CertificateExtensions exts = (CertificateExtensions)value; - try { - exts.encode(temp2, true); - } catch (CertificateException ex) { - throw new IOException(ex.toString()); - } + exts.encode(temp2, true); temp.write(DerValue.tag_Set, temp2.toByteArray()); } break; @@ -687,7 +683,7 @@ public ObjectIdentifier getOID() { public String getName() { String n = oid.toString(); KnownOIDs os = KnownOIDs.findMatch(n); - return (os == null? n : os.stdName()); + return os == null ? n : os.stdName(); } /** diff --git a/src/java.base/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java b/src/java.base/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java index 9706ceed29e91..dcd7bdc14eda7 100644 --- a/src/java.base/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java +++ b/src/java.base/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java @@ -131,8 +131,7 @@ void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext) if (ext != null) { ski = ext.getEncodedKeyIdentifier(); - SerialNumber asn = (SerialNumber)ext.get( - AuthorityKeyIdentifierExtension.SERIAL_NUMBER); + SerialNumber asn = ext.getSerialNumber(); if (asn != null) { serial = asn.getNumber(); } diff --git a/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java b/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java index 5519fff06aeb0..7ce31492b4b41 100644 --- a/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java +++ b/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java @@ -190,7 +190,7 @@ public void check(Certificate cert, AlgorithmId algorithmId; try { x509Cert = X509CertImpl.toImpl((X509Certificate)cert); - algorithmId = (AlgorithmId)x509Cert.get(X509CertImpl.SIG_ALG); + algorithmId = x509Cert.getSigAlg(); } catch (CertificateException ce) { throw new CertPathValidatorException(ce); } diff --git a/src/java.base/share/classes/sun/security/provider/certpath/Builder.java b/src/java.base/share/classes/sun/security/provider/certpath/Builder.java index 71701607edf58..23c12519ad7f3 100644 --- a/src/java.base/share/classes/sun/security/provider/certpath/Builder.java +++ b/src/java.base/share/classes/sun/security/provider/certpath/Builder.java @@ -204,7 +204,7 @@ static int hops(GeneralNameInterface base, GeneralNameInterface test, /* base is ancestor of test */ case GeneralNameInterface.NAME_NARROWS: /* base is descendant of test */ - return (test.subtreeDepth()-base.subtreeDepth()); + return test.subtreeDepth() - base.subtreeDepth(); default: // should never occur return incomparable; } @@ -230,7 +230,7 @@ static int hops(GeneralNameInterface base, GeneralNameInterface test, int commonDistance = commonName.subtreeDepth(); int baseDistance = baseName.subtreeDepth(); int testDistance = testName.subtreeDepth(); - return (baseDistance + testDistance - (2 * commonDistance)); + return baseDistance + testDistance - (2 * commonDistance); } } @@ -300,8 +300,7 @@ static int targetDistance(NameConstraintsExtension constraints, SubjectAlternativeNameExtension altNameExt = certImpl.getSubjectAlternativeNameExtension(); if (altNameExt != null) { - GeneralNames altNames = altNameExt.get( - SubjectAlternativeNameExtension.SUBJECT_NAME); + GeneralNames altNames = altNameExt.getNames(); /* see if any alternative name matches target */ if (altNames != null) { for (int j = 0, n = altNames.size(); j < n; j++) { @@ -337,10 +336,8 @@ static int targetDistance(NameConstraintsExtension constraints, + constraints); } /* reduce permitted by excluded */ - GeneralSubtrees permitted = - constraints.get(NameConstraintsExtension.PERMITTED_SUBTREES); - GeneralSubtrees excluded = - constraints.get(NameConstraintsExtension.EXCLUDED_SUBTREES); + GeneralSubtrees permitted = constraints.getPermittedSubtrees(); + GeneralSubtrees excluded = constraints.getExcludedSubtrees(); if (permitted != null) { permitted.reduce(excluded); } @@ -362,7 +359,7 @@ static int targetDistance(NameConstraintsExtension constraints, GeneralNameInterface perName = permitted.get(i).getName().getName(); int distance = distance(perName, target, -1); if (distance >= 0) { - return (distance + 1); + return distance + 1; } } /* no matching type in permitted; cert holder could certify target */ diff --git a/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java b/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java index 64b463e6dcaea..7f5dc361b7858 100644 --- a/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java +++ b/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java @@ -102,7 +102,7 @@ public static Collection getCRLs(X509CRLSelector selector, return Collections.emptySet(); } List points = - ext.get(CRLDistributionPointsExtension.POINTS); + ext.getDistributionPoints(); Set results = new HashSet<>(); for (Iterator t = points.iterator(); t.hasNext() && !Arrays.equals(reasonsMask, ALL_REASONS); ) { @@ -116,7 +116,7 @@ public static Collection getCRLs(X509CRLSelector selector, debug.println("Returning " + results.size() + " CRLs"); } return results; - } catch (CertificateException | IOException e) { + } catch (CertificateException e) { return Collections.emptySet(); } } @@ -333,9 +333,7 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point, GeneralNames pointCrlIssuers = point.getCRLIssuer(); X500Name pointCrlIssuer = null; if (pointCrlIssuers != null) { - if (idpExt == null || - idpExt.get(IssuingDistributionPointExtension.INDIRECT_CRL) - == Boolean.FALSE) { + if (idpExt == null || !idpExt.isIndirectCRL()) { return false; } boolean match = false; @@ -398,8 +396,7 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point, } if (idpExt != null) { - DistributionPointName idpPoint = (DistributionPointName) - idpExt.get(IssuingDistributionPointExtension.POINT); + DistributionPointName idpPoint = idpExt.getDistributionPoint(); if (idpPoint != null) { GeneralNames idpNames = idpPoint.getFullName(); if (idpNames == null) { @@ -495,9 +492,8 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point, // if the onlyContainsUserCerts boolean is asserted, verify that the // cert is not a CA cert - Boolean b = (Boolean) - idpExt.get(IssuingDistributionPointExtension.ONLY_USER_CERTS); - if (b.equals(Boolean.TRUE) && certImpl.getBasicConstraints() != -1) { + boolean b = idpExt.hasOnlyUserCerts(); + if (b && certImpl.getBasicConstraints() != -1) { if (debug != null) { debug.println("cert must be a EE cert"); } @@ -506,9 +502,8 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point, // if the onlyContainsCACerts boolean is asserted, verify that the // cert is a CA cert - b = (Boolean) - idpExt.get(IssuingDistributionPointExtension.ONLY_CA_CERTS); - if (b.equals(Boolean.TRUE) && certImpl.getBasicConstraints() == -1) { + b = idpExt.hasOnlyCACerts(); + if (b && certImpl.getBasicConstraints() == -1) { if (debug != null) { debug.println("cert must be a CA cert"); } @@ -517,9 +512,8 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point, // verify that the onlyContainsAttributeCerts boolean is not // asserted - b = (Boolean) idpExt.get - (IssuingDistributionPointExtension.ONLY_ATTRIBUTE_CERTS); - if (b.equals(Boolean.TRUE)) { + b = idpExt.hasOnlyAttributeCerts(); + if (b) { if (debug != null) { debug.println("cert must not be an AA cert"); } @@ -531,8 +525,7 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point, boolean[] interimReasonsMask = new boolean[9]; ReasonFlags reasons = null; if (idpExt != null) { - reasons = (ReasonFlags) - idpExt.get(IssuingDistributionPointExtension.REASONS); + reasons = idpExt.getRevocationReasons(); } boolean[] pointReasonFlags = point.getReasonFlags(); @@ -603,8 +596,7 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point, certSel.setSubjectKeyIdentifier(kid); } - SerialNumber asn = (SerialNumber)akidext.get( - AuthorityKeyIdentifierExtension.SERIAL_NUMBER); + SerialNumber asn = akidext.getSerialNumber(); if (asn != null) { certSel.setSerialNumber(asn.getNumber()); } diff --git a/src/java.base/share/classes/sun/security/provider/certpath/ForwardState.java b/src/java.base/share/classes/sun/security/provider/certpath/ForwardState.java index 2bdfe793d693b..24219a5a38989 100644 --- a/src/java.base/share/classes/sun/security/provider/certpath/ForwardState.java +++ b/src/java.base/share/classes/sun/security/provider/certpath/ForwardState.java @@ -187,27 +187,17 @@ public void updateState(X509Certificate cert) /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ - if (init || !X509CertImpl.isSelfIssued(cert)){ + if (init || !X509CertImpl.isSelfIssued(cert)) { X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); - try { - SubjectAlternativeNameExtension subjAltNameExt + SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); - if (subjAltNameExt != null) { - GeneralNames gNames = subjAltNameExt.get( - SubjectAlternativeNameExtension.SUBJECT_NAME); - for (GeneralName gName : gNames.names()) { - subjectNamesTraversed.add(gName.getName()); - } + if (subjAltNameExt != null) { + GeneralNames gNames = subjAltNameExt.getNames(); + for (GeneralName gName : gNames.names()) { + subjectNamesTraversed.add(gName.getName()); } - } catch (IOException e) { - if (debug != null) { - debug.println("ForwardState.updateState() unexpected " - + "exception"); - e.printStackTrace(); - } - throw new CertPathValidatorException(e); } } diff --git a/src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java b/src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java index e645848c9075c..650a0a3ba38b7 100644 --- a/src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java +++ b/src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java @@ -25,7 +25,6 @@ package sun.security.provider.certpath; -import java.io.IOException; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertPathValidatorException; @@ -265,42 +264,30 @@ private void checkPolicy(X509Certificate currCert) * occurs */ static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert, - boolean finalCert) throws CertPathValidatorException - { + boolean finalCert) throws CertPathValidatorException { if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) { explicitPolicy--; } - try { - PolicyConstraintsExtension polConstExt + PolicyConstraintsExtension polConstExt = currCert.getPolicyConstraintsExtension(); - if (polConstExt == null) - return explicitPolicy; - int require = - polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue(); - if (debug != null) { - debug.println("PolicyChecker.mergeExplicitPolicy() " - + "require Index from cert = " + require); - } - if (!finalCert) { - if (require != -1) { - if ((explicitPolicy == -1) || (require < explicitPolicy)) { - explicitPolicy = require; - } - } - } else { - if (require == 0) + if (polConstExt == null) + return explicitPolicy; + int require = polConstExt.getRequire(); + if (debug != null) { + debug.println("PolicyChecker.mergeExplicitPolicy() " + + "require Index from cert = " + require); + } + if (!finalCert) { + if (require != -1) { + if ((explicitPolicy == -1) || (require < explicitPolicy)) { explicitPolicy = require; + } } - } catch (IOException e) { - if (debug != null) { - debug.println("PolicyChecker.mergeExplicitPolicy " - + "unexpected exception"); - e.printStackTrace(); - } - throw new CertPathValidatorException(e); + } else { + if (require == 0) + explicitPolicy = require; } - return explicitPolicy; } @@ -318,36 +305,25 @@ static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert, * occurs */ static int mergePolicyMapping(int policyMapping, X509CertImpl currCert) - throws CertPathValidatorException - { + throws CertPathValidatorException { if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) { policyMapping--; } - try { - PolicyConstraintsExtension polConstExt + PolicyConstraintsExtension polConstExt = currCert.getPolicyConstraintsExtension(); - if (polConstExt == null) - return policyMapping; + if (polConstExt == null) + return policyMapping; - int inhibit = - polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue(); - if (debug != null) - debug.println("PolicyChecker.mergePolicyMapping() " + int inhibit = polConstExt.getInhibit(); + if (debug != null) + debug.println("PolicyChecker.mergePolicyMapping() " + "inhibit Index from cert = " + inhibit); - if (inhibit != -1) { - if ((policyMapping == -1) || (inhibit < policyMapping)) { - policyMapping = inhibit; - } - } - } catch (IOException e) { - if (debug != null) { - debug.println("PolicyChecker.mergePolicyMapping " - + "unexpected exception"); - e.printStackTrace(); + if (inhibit != -1) { + if ((policyMapping == -1) || (inhibit < policyMapping)) { + policyMapping = inhibit; } - throw new CertPathValidatorException(e); } return policyMapping; @@ -366,38 +342,26 @@ static int mergePolicyMapping(int policyMapping, X509CertImpl currCert) * occurs */ static int mergeInhibitAnyPolicy(int inhibitAnyPolicy, - X509CertImpl currCert) throws CertPathValidatorException - { + X509CertImpl currCert) throws CertPathValidatorException { if ((inhibitAnyPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) { inhibitAnyPolicy--; } - try { - InhibitAnyPolicyExtension inhAnyPolExt = (InhibitAnyPolicyExtension) + InhibitAnyPolicyExtension inhAnyPolExt = (InhibitAnyPolicyExtension) currCert.getExtension(InhibitAnyPolicy_Id); - if (inhAnyPolExt == null) - return inhibitAnyPolicy; + if (inhAnyPolExt == null) + return inhibitAnyPolicy; - int skipCerts = - inhAnyPolExt.get(InhibitAnyPolicyExtension.SKIP_CERTS).intValue(); - if (debug != null) - debug.println("PolicyChecker.mergeInhibitAnyPolicy() " + int skipCerts = inhAnyPolExt.getSkipCerts(); + if (debug != null) + debug.println("PolicyChecker.mergeInhibitAnyPolicy() " + "skipCerts Index from cert = " + skipCerts); - if (skipCerts != -1) { - if (skipCerts < inhibitAnyPolicy) { - inhibitAnyPolicy = skipCerts; - } - } - } catch (IOException e) { - if (debug != null) { - debug.println("PolicyChecker.mergeInhibitAnyPolicy " - + "unexpected exception"); - e.printStackTrace(); + if (skipCerts != -1) { + if (skipCerts < inhibitAnyPolicy) { + inhibitAnyPolicy = skipCerts; } - throw new CertPathValidatorException(e); } - return inhibitAnyPolicy; } @@ -449,12 +413,7 @@ static PolicyNodeImpl processPolicies(int certIndex, Set initPolicies, debug.println("PolicyChecker.processPolicies() " + "policiesCritical = " + policiesCritical); - try { - policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES); - } catch (IOException ioe) { - throw new CertPathValidatorException("Exception while " - + "retrieving policyOIDs", ioe); - } + policyInfo = currCertPolicies.getCertPolicies(); if (debug != null) debug.println("PolicyChecker.processPolicies() " @@ -618,7 +577,7 @@ private static PolicyNodeImpl rewriteLeafNodes(int certIndex, anyNode.getPolicyQualifiers(); for (String policy : initial) { Set expectedPolicies = Collections.singleton(policy); - PolicyNodeImpl node = new PolicyNodeImpl(parentNode, policy, + new PolicyNodeImpl(parentNode, policy, anyQualifiers, anyCritical, expectedPolicies, false); } } @@ -672,7 +631,6 @@ private static boolean processParents(int certIndex, foundMatch = true; - PolicyNodeImpl curNode = null; Set curExpPols; if (curPolicy.equals(ANY_POLICY)) { @@ -698,7 +656,7 @@ private static boolean processParents(int certIndex, Set expPols = new HashSet<>(); expPols.add(curParExpPol); - curNode = new PolicyNodeImpl + new PolicyNodeImpl (curParent, curParExpPol, pQuals, policiesCritical, expPols, false); } @@ -706,7 +664,7 @@ private static boolean processParents(int certIndex, curExpPols = new HashSet<>(); curExpPols.add(curPolicy); - curNode = new PolicyNodeImpl + new PolicyNodeImpl (curParent, curPolicy, pQuals, policiesCritical, curExpPols, false); } @@ -747,17 +705,7 @@ private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, + "inside policyMapping check"); List maps; - try { - maps = polMappingsExt.get(PolicyMappingsExtension.MAP); - } catch (IOException e) { - if (debug != null) { - debug.println("PolicyChecker.processPolicyMappings() " - + "mapping exception"); - e.printStackTrace(); - } - throw new CertPathValidatorException("Exception while checking " - + "mapping", e); - } + maps = polMappingsExt.getMaps(); boolean childDeleted = false; for (CertificatePolicyMap polMap : maps) { @@ -816,7 +764,7 @@ private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, Set expPols = new HashSet<>(); expPols.add(subjectDomain); - PolicyNodeImpl curNode = new PolicyNodeImpl + new PolicyNodeImpl (curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true); } @@ -853,13 +801,7 @@ private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode, CertificatePoliciesExtension currCertPolicies) throws CertPathValidatorException { - List policyInfo; - try { - policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES); - } catch (IOException ioe) { - throw new CertPathValidatorException("Exception while " - + "retrieving policyOIDs", ioe); - } + List policyInfo = currCertPolicies.getCertPolicies(); boolean childDeleted = false; for (PolicyInformation curPolInfo : policyInfo) { diff --git a/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java b/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java index 50e2f1d9b3678..6645e5a533b80 100644 --- a/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java +++ b/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java @@ -839,6 +839,9 @@ static boolean certCanSignCrl(X509Certificate cert) { return false; } + private static final boolean[] ALL_REASONS = + {true, true, true, true, true, true, true, true, true}; + /** * Internal method that verifies a set of possible_crls, * and sees if each is approved, based on the cert. @@ -848,11 +851,9 @@ static boolean certCanSignCrl(X509Certificate cert) { * @param signFlag true if prevKey was trusted to sign CRLs * @param prevKey the public key of the issuer of cert * @param reasonsMask the reason code mask - * @param trustAnchors a Set of TrustAnchors> + * @param anchors a Set of TrustAnchors> * @return a collection of approved crls (or an empty collection) */ - private static final boolean[] ALL_REASONS = - {true, true, true, true, true, true, true, true, true}; private Collection verifyPossibleCRLs(Set crls, X509Certificate cert, PublicKey prevKey, @@ -879,7 +880,7 @@ private Collection verifyPossibleCRLs(Set crls, null, null); points = Collections.singletonList(point); } else { - points = ext.get(CRLDistributionPointsExtension.POINTS); + points = ext.getDistributionPoints(); } Set results = new HashSet<>(); for (DistributionPoint point : points) { @@ -965,6 +966,9 @@ private void verifyWithSeparateSigningKey(X509Certificate cert, } } + private static final boolean [] CRL_SIGN_USAGE = + { false, false, false, false, false, false, true }; + /** * Tries to find a CertPath that establishes a key that can be * used to verify the revocation status of a given certificate. @@ -979,8 +983,6 @@ private void verifyWithSeparateSigningKey(X509Certificate cert, * establishment of this path. * @throws CertPathValidatorException on failure */ - private static final boolean [] CRL_SIGN_USAGE = - { false, false, false, false, false, false, true }; private void buildToNewKey(X509Certificate currCert, PublicKey prevKey, Set stackedCerts) @@ -1179,7 +1181,7 @@ private static class RejectKeySelector extends X509CertSelector { @Override public boolean match(Certificate cert) { if (!super.match(cert)) - return(false); + return false; if (badKeySet.contains(cert.getPublicKey())) { if (debug != null) diff --git a/src/java.base/share/classes/sun/security/provider/certpath/Vertex.java b/src/java.base/share/classes/sun/security/provider/certpath/Vertex.java index 4e6e8712d5cf2..3d0fca2337648 100644 --- a/src/java.base/share/classes/sun/security/provider/certpath/Vertex.java +++ b/src/java.base/share/classes/sun/security/provider/certpath/Vertex.java @@ -25,7 +25,6 @@ package sun.security.provider.certpath; -import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -146,13 +145,13 @@ public String certToString() { } sb.append("Issuer: ").append - (x509Cert.getIssuerX500Principal()).append("\n"); + (x509Cert.getIssuerX500Principal()).append("\n"); sb.append("Subject: ").append - (x509Cert.getSubjectX500Principal()).append("\n"); + (x509Cert.getSubjectX500Principal()).append("\n"); sb.append("SerialNum: ").append - (x509Cert.getSerialNumber().toString(16)).append("\n"); + (x509Cert.getSerialNumber().toString(16)).append("\n"); sb.append("Expires: ").append - (x509Cert.getNotAfter().toString()).append("\n"); + (x509Cert.getNotAfter().toString()).append("\n"); boolean[] iUID = x509Cert.getIssuerUniqueID(); if (iUID != null) { sb.append("IssuerUID: "); @@ -169,26 +168,17 @@ public String certToString() { } sb.append("\n"); } - try { - SubjectKeyIdentifierExtension sKeyID = + SubjectKeyIdentifierExtension sKeyID = x509Cert.getSubjectKeyIdentifierExtension(); - if (sKeyID != null) { - KeyIdentifier keyID = sKeyID.get( - SubjectKeyIdentifierExtension.KEY_ID); - sb.append("SubjKeyID: ").append(keyID.toString()); - } - AuthorityKeyIdentifierExtension aKeyID = + if (sKeyID != null) { + KeyIdentifier keyID = sKeyID.getKeyIdentifier(); + sb.append("SubjKeyID: ").append(keyID.toString()); + } + AuthorityKeyIdentifierExtension aKeyID = x509Cert.getAuthorityKeyIdentifierExtension(); - if (aKeyID != null) { - KeyIdentifier keyID = (KeyIdentifier)aKeyID.get( - AuthorityKeyIdentifierExtension.KEY_ID); - sb.append("AuthKeyID: ").append(keyID.toString()); - } - } catch (IOException e) { - if (debug != null) { - debug.println("Vertex.certToString() unexpected exception"); - e.printStackTrace(); - } + if (aKeyID != null) { + KeyIdentifier keyID = aKeyID.getKeyIdentifier(); + sb.append("AuthKeyID: ").append(keyID.toString()); } return sb.toString(); } diff --git a/src/java.base/share/classes/sun/security/ssl/SSLLogger.java b/src/java.base/share/classes/sun/security/ssl/SSLLogger.java index b32fc24550b54..f427c2b671fc7 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLLogger.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLLogger.java @@ -230,7 +230,7 @@ public String getName() { @Override public boolean isLoggable(Level level) { - return (level != Level.OFF); + return level != Level.OFF; } @Override @@ -480,11 +480,8 @@ private static String formatCertificate(Certificate certificate) { try { X509CertImpl x509 = X509CertImpl.toImpl((X509Certificate)certificate); - X509CertInfo certInfo = - (X509CertInfo)x509.get(X509CertImpl.NAME + "." + - X509CertImpl.INFO); - CertificateExtensions certExts = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + X509CertInfo certInfo = x509.getInfo(); + CertificateExtensions certExts = certInfo.getExtensions(); if (certExts == null) { Object[] certFields = { x509.getVersion(), diff --git a/src/java.base/share/classes/sun/security/tools/keytool/CertAndKeyGen.java b/src/java.base/share/classes/sun/security/tools/keytool/CertAndKeyGen.java index 2e399ae2222e0..2af319603bad8 100644 --- a/src/java.base/share/classes/sun/security/tools/keytool/CertAndKeyGen.java +++ b/src/java.base/share/classes/sun/security/tools/keytool/CertAndKeyGen.java @@ -319,23 +319,21 @@ public X509Certificate getSelfCertificate (X500Name myname, Date firstDate, X509CertInfo info = new X509CertInfo(); // Add all mandatory attributes - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + info.setVersion(new CertificateVersion(CertificateVersion.V3)); if (prng == null) { prng = new SecureRandom(); } - info.set(X509CertInfo.SERIAL_NUMBER, - CertificateSerialNumber.newRandom64bit(prng)); - info.set(X509CertInfo.SUBJECT, myname); - info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey)); - info.set(X509CertInfo.VALIDITY, interval); + info.setSerialNumber(CertificateSerialNumber.newRandom64bit(prng)); + info.setSubject(myname); + info.setKey(new CertificateX509Key(publicKey)); + info.setValidity(interval); if (signerFlag) { // use signer's subject name to set the issuer name - info.set(X509CertInfo.ISSUER, signerSubjectName); + info.setIssuer(signerSubjectName); } else { - info.set(X509CertInfo.ISSUER, myname); + info.setIssuer(myname); } - if (ext != null) info.set(X509CertInfo.EXTENSIONS, ext); + if (ext != null) info.setExtensions(ext); cert = new X509CertImpl(info); if (signerFlag) { diff --git a/src/java.base/share/classes/sun/security/tools/keytool/Main.java b/src/java.base/share/classes/sun/security/tools/keytool/Main.java index 16140e0479491..433923554ba36 100644 --- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java +++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java @@ -1451,10 +1451,8 @@ private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStr Certificate signerCert = keyStore.getCertificate(alias); byte[] encoded = signerCert.getEncoded(); X509CertImpl signerCertImpl = new X509CertImpl(encoded); - X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); - X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." + - X509CertInfo.DN_NAME); + X509CertInfo signerCertInfo = signerCertImpl.getInfo(); + X500Name issuer = signerCertInfo.getSubject(); Date firstDate = getStartDate(startDate); Date lastDate = getLastDate(firstDate, validity); @@ -1467,12 +1465,10 @@ private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStr sigAlgName = getCompatibleSigAlgName(privateKey); } X509CertInfo info = new X509CertInfo(); - info.set(X509CertInfo.VALIDITY, interval); - info.set(X509CertInfo.SERIAL_NUMBER, - CertificateSerialNumber.newRandom64bit(new SecureRandom())); - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - info.set(X509CertInfo.ISSUER, issuer); + info.setValidity(interval); + info.setSerialNumber(CertificateSerialNumber.newRandom64bit(new SecureRandom())); + info.setVersion(new CertificateVersion(CertificateVersion.V3)); + info.setIssuer(issuer); BufferedReader reader = new BufferedReader(new InputStreamReader(in)); boolean canRead = false; @@ -1498,9 +1494,8 @@ private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStr req.getSubjectPublicKeyInfo(), null, null, null); checkWeakConstraint(rb.getString("the.certificate.request"), req, cpcp); - info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo())); - info.set(X509CertInfo.SUBJECT, - dname==null?req.getSubjectName():new X500Name(dname)); + info.setKey(new CertificateX509Key(req.getSubjectPublicKeyInfo())); + info.setSubject(dname==null ? req.getSubjectName() : new X500Name(dname)); CertificateExtensions reqex = null; for (PKCS10Attribute attr : req.getAttributes().getAttributes()) { if (attr.getAttributeId().equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) { @@ -1540,7 +1535,7 @@ private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStr v3ext, subjectPubKey, signerSubjectKeyId); - info.set(X509CertInfo.EXTENSIONS, ext); + info.setExtensions(ext); X509CertImpl cert = new X509CertImpl(info); cert.sign(privateKey, sigAlgName); dumpCert(cert, out); @@ -1567,10 +1562,8 @@ private void doGenCRL(PrintStream out) Certificate signerCert = keyStore.getCertificate(alias); byte[] encoded = signerCert.getEncoded(); X509CertImpl signerCertImpl = new X509CertImpl(encoded); - X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); - X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." + - X509CertInfo.DN_NAME); + X509CertInfo signerCertInfo = signerCertImpl.getInfo(); + X500Name owner = signerCertInfo.getSubject(); Date firstDate = getStartDate(startDate); Date lastDate = getLastDate(firstDate, validity); @@ -1589,7 +1582,7 @@ private void doGenCRL(PrintStream out) int d = id.indexOf(':'); if (d >= 0) { CRLExtensions ext = new CRLExtensions(); - ext.set("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1)))); + ext.setExtension("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1)))); badCerts[i] = new X509CRLEntryImpl(new BigInteger(id.substring(0, d)), firstDate, ext); } else { @@ -1970,10 +1963,8 @@ private void doGenKeyPair(String alias, String dname, String keyAlgName, signerCertImpl = new X509CertImpl(signerCert.getEncoded()); } - X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); - X500Name signerSubjectName = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." + - X509CertInfo.DN_NAME); + X509CertInfo signerCertInfo = signerCertImpl.getInfo(); + X500Name signerSubjectName = signerCertInfo.getSubject(); keypair = new CertAndKeyGen(keyAlgName, sigAlgName, providerName, signerPrivateKey, signerSubjectName); @@ -2066,7 +2057,7 @@ private String ecGroupNameForSize(int size) throws Exception { * Clones an entry * @param orig original alias * @param dest destination alias - * @changePassword if the password can be changed + * @param changePassword if the password can be changed */ private void doCloneEntry(String orig, String dest, boolean changePassword) throws Exception @@ -2666,8 +2657,7 @@ public static List readCRLsFromCert(X509Certificate cert) CRLDistributionPointsExtension ext = X509CertImpl.toImpl(cert).getCRLDistributionPointsExtension(); if (ext == null) return crls; - List distPoints = - ext.get(CRLDistributionPointsExtension.POINTS); + List distPoints = ext.getDistributionPoints(); for (DistributionPoint o: distPoints) { GeneralNames names = o.getFullName(); if (names != null) { @@ -3202,47 +3192,41 @@ private void doSelfCert(String alias, String dname, String sigAlgName) // (no public APIs available yet) byte[] encoded = oldCert.getEncoded(); X509CertImpl certImpl = new X509CertImpl(encoded); - X509CertInfo certInfo = (X509CertInfo)certImpl.get(X509CertImpl.NAME - + "." + - X509CertImpl.INFO); + X509CertInfo certInfo = certImpl.getInfo(); // Extend its validity Date firstDate = getStartDate(startDate); Date lastDate = getLastDate(firstDate, validity); CertificateValidity interval = new CertificateValidity(firstDate, lastDate); - certInfo.set(X509CertInfo.VALIDITY, interval); + certInfo.setValidity(interval); // Make new serial number - certInfo.set(X509CertInfo.SERIAL_NUMBER, + certInfo.setSerialNumber( CertificateSerialNumber.newRandom64bit(new SecureRandom())); // Set owner and issuer fields X500Name owner; if (dname == null) { // Get the owner name from the certificate - owner = (X500Name)certInfo.get(X509CertInfo.SUBJECT + "." + - X509CertInfo.DN_NAME); + owner = certInfo.getSubject(); } else { // Use the owner name specified at the command line owner = new X500Name(dname); - certInfo.set(X509CertInfo.SUBJECT + "." + - X509CertInfo.DN_NAME, owner); + certInfo.setSubject(owner); } // Make issuer same as owner (self-signed!) - certInfo.set(X509CertInfo.ISSUER + "." + - X509CertInfo.DN_NAME, owner); + certInfo.setIssuer(owner); - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.setVersion(new CertificateVersion(CertificateVersion.V3)); CertificateExtensions ext = createV3Extensions( null, - (CertificateExtensions)certInfo.get(X509CertInfo.EXTENSIONS), + certInfo.getExtensions(), v3ext, oldCert.getPublicKey(), null); - certInfo.set(X509CertInfo.EXTENSIONS, ext); + certInfo.setExtensions(ext); // Sign the new certificate X509CertImpl newCert = new X509CertImpl(certInfo); newCert.sign(privKey, sigAlgName); @@ -3505,7 +3489,7 @@ private String getAlias(String prompt) throws Exception { /** * Prompts user for an input string from the command line (System.in) - * @prompt the prompt string printed + * @param prompt the prompt string printed * @return the string entered by the user, without the \n at the end */ private String inputStringFromStdin(String prompt) throws Exception { @@ -3634,11 +3618,8 @@ private void printX509Cert(X509Certificate cert, PrintStream out) out.println(form.format(source)); if (cert instanceof X509CertImpl impl) { - X509CertInfo certInfo = (X509CertInfo)impl.get(X509CertImpl.NAME - + "." + - X509CertImpl.INFO); - CertificateExtensions exts = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + X509CertInfo certInfo = impl.getInfo(); + CertificateExtensions exts = certInfo.getExtensions(); if (exts != null) { printExtensions(rb.getString("Extensions."), exts, out); } @@ -4506,9 +4487,8 @@ private ObjectIdentifier findOidForExtName(String type) } // Add an extension into a CertificateExtensions, always using OID as key - private static void setExt(CertificateExtensions result, Extension ex) - throws IOException { - result.set(ex.getId(), ex); + private static void setExt(CertificateExtensions result, Extension ex) { + result.setExtension(ex.getId(), ex); } /** @@ -4568,7 +4548,7 @@ private CertificateExtensions createV3Extensions( // translate to all-OID first. CertificateExtensions request2 = new CertificateExtensions(); for (sun.security.x509.Extension ex: requestedEx.getAllExtensions()) { - request2.set(ex.getId(), ex); + request2.setExtension(ex.getId(), ex); } for(String extstr: extstrs) { if (extstr.toLowerCase(Locale.ENGLISH).startsWith("honored=")) { @@ -4609,7 +4589,7 @@ private CertificateExtensions createV3Extensions( } String n = findOidForExtName(type).toString(); if (add) { - Extension e = request2.get(n); + Extension e = request2.getExtension(n); if (!e.isCritical() && action == 0 || e.isCritical() && action == 1) { e = Extension.newExtension( diff --git a/src/java.base/share/classes/sun/security/validator/SimpleValidator.java b/src/java.base/share/classes/sun/security/validator/SimpleValidator.java index 0f2ead062f947..c289f6f2e1d7e 100644 --- a/src/java.base/share/classes/sun/security/validator/SimpleValidator.java +++ b/src/java.base/share/classes/sun/security/validator/SimpleValidator.java @@ -308,8 +308,7 @@ static boolean getNetscapeCertTypeBit(X509Certificate cert, String type) { .toByteArray(); ext = new NetscapeCertTypeExtension(encoded); } - Boolean val = ext.get(type); - return val.booleanValue(); + return ext.get(type); } catch (IOException e) { return false; } diff --git a/src/java.base/share/classes/sun/security/x509/AttributeNameEnumeration.java b/src/java.base/share/classes/sun/security/x509/AttributeNameEnumeration.java deleted file mode 100644 index e8ab9f78711b5..0000000000000 --- a/src/java.base/share/classes/sun/security/x509/AttributeNameEnumeration.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.x509; - -import java.util.Vector; - -/** - *

This class provides the Enumeration implementation used - * by all the X509 certificate attributes to return the attribute - * names contained within them. - * - * @author Amit Kapoor - * @author Hemma Prafullchandra - */ -public class AttributeNameEnumeration extends Vector { - - @java.io.Serial - private static final long serialVersionUID = -6067440240757099134L; - - /** - * The default constructor for this class. - */ - public AttributeNameEnumeration() { - super(4,2); - } -} diff --git a/src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java b/src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java index f715c9b0f6984..1017b251dd77d 100644 --- a/src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java +++ b/src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java @@ -63,20 +63,9 @@ */ public class AuthorityInfoAccessExtension extends Extension - implements CertAttrSet { + implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = - "x509.info.extensions.AuthorityInfoAccess"; - - /** - * Attribute name. - */ public static final String NAME = "AuthorityInfoAccess"; - public static final String DESCRIPTIONS = "descriptions"; /** * The List of AccessDescription objects. @@ -136,7 +125,7 @@ public List getAccessDescriptions() { } /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { @@ -159,40 +148,7 @@ public void encode(DerOutputStream out) throws IOException { super.encode(out); } - /** - * Set the attribute value. - */ - @SuppressWarnings("unchecked") // Checked with an instanceof check - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(DESCRIPTIONS)) { - if (!(obj instanceof List)) { - throw new IOException("Attribute value should be of type List."); - } - accessDescriptions = (List)obj; - } else { - throw new IOException("Attribute name [" + name + - "] not recognized by " + - "CertAttrSet:AuthorityInfoAccessExtension."); - } - encodeThis(); - } - - /** - * Get the attribute value. - */ - public List get(String name) throws IOException { - if (name.equalsIgnoreCase(DESCRIPTIONS)) { - return accessDescriptions; - } else { - throw new IOException("Attribute name [" + name + - "] not recognized by " + - "CertAttrSet:AuthorityInfoAccessExtension."); - } - } - - - - // Encode this extension value + // Encode this extension value private void encodeThis() throws IOException { if (accessDescriptions.isEmpty()) { this.extensionValue = null; diff --git a/src/java.base/share/classes/sun/security/x509/AuthorityKeyIdentifierExtension.java b/src/java.base/share/classes/sun/security/x509/AuthorityKeyIdentifierExtension.java index 2251182e01d9b..b6f24a3268f9a 100644 --- a/src/java.base/share/classes/sun/security/x509/AuthorityKeyIdentifierExtension.java +++ b/src/java.base/share/classes/sun/security/x509/AuthorityKeyIdentifierExtension.java @@ -53,20 +53,9 @@ * @see CertAttrSet */ public class AuthorityKeyIdentifierExtension extends Extension -implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = - "x509.info.extensions.AuthorityKeyIdentifier"; - /** - * Attribute names. - */ + implements CertAttrSet { + public static final String NAME = "AuthorityKeyIdentifier"; - public static final String KEY_ID = "key_id"; - public static final String AUTH_NAME = "auth_name"; - public static final String SERIAL_NUMBER = "serial_number"; // Private data members private static final byte TAG_ID = 0; @@ -226,59 +215,25 @@ public void encode(DerOutputStream out) throws IOException { super.encode(out); } - /** - * Set the attribute value. - */ - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(KEY_ID)) { - if (!(obj instanceof KeyIdentifier)) { - throw new IOException("Attribute value should be of " + - "type KeyIdentifier."); - } - id = (KeyIdentifier)obj; - } else if (name.equalsIgnoreCase(AUTH_NAME)) { - if (!(obj instanceof GeneralNames)) { - throw new IOException("Attribute value should be of " + - "type GeneralNames."); - } - names = (GeneralNames)obj; - } else if (name.equalsIgnoreCase(SERIAL_NUMBER)) { - if (!(obj instanceof SerialNumber)) { - throw new IOException("Attribute value should be of " + - "type SerialNumber."); - } - serialNum = (SerialNumber)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:AuthorityKeyIdentifier."); - } - encodeThis(); + public KeyIdentifier getKeyIdentifier() { + return id; } - /** - * Get the attribute value. - */ - public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(KEY_ID)) { - return (id); - } else if (name.equalsIgnoreCase(AUTH_NAME)) { - return (names); - } else if (name.equalsIgnoreCase(SERIAL_NUMBER)) { - return (serialNum); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:AuthorityKeyIdentifier."); - } + public GeneralNames getAuthName() { + return names; } + public SerialNumber getSerialNumber() { + return serialNum; + } /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { - return (NAME); + return NAME; } /** diff --git a/src/java.base/share/classes/sun/security/x509/BasicConstraintsExtension.java b/src/java.base/share/classes/sun/security/x509/BasicConstraintsExtension.java index e93d2faa00577..1accb9642eec4 100644 --- a/src/java.base/share/classes/sun/security/x509/BasicConstraintsExtension.java +++ b/src/java.base/share/classes/sun/security/x509/BasicConstraintsExtension.java @@ -49,18 +49,9 @@ * @see Extension */ public class BasicConstraintsExtension extends Extension -implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.extensions.BasicConstraints"; - /** - * Attribute names. - */ + implements CertAttrSet { + public static final String NAME = "BasicConstraints"; - public static final String IS_CA = "is_ca"; - public static final String PATH_LEN = "path_len"; // Private data members private boolean ca = false; @@ -198,48 +189,19 @@ public void encode(DerOutputStream out) throws IOException { super.encode(out); } - /** - * Set the attribute value. - */ - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(IS_CA)) { - if (!(obj instanceof Boolean)) { - throw new IOException("Attribute value should be of type Boolean."); - } - ca = ((Boolean)obj).booleanValue(); - } else if (name.equalsIgnoreCase(PATH_LEN)) { - if (!(obj instanceof Integer)) { - throw new IOException("Attribute value should be of type Integer."); - } - pathLen = ((Integer)obj).intValue(); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:BasicConstraints."); - } - encodeThis(); + public boolean isCa() { + return ca; } - /** - * Get the attribute value. - */ - public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(IS_CA)) { - return (Boolean.valueOf(ca)); - } else if (name.equalsIgnoreCase(PATH_LEN)) { - return (Integer.valueOf(pathLen)); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:BasicConstraints."); - } + public int getPathLen() { + return pathLen; } - - /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { - return (NAME); + return NAME; } } diff --git a/src/java.base/share/classes/sun/security/x509/CRLDistributionPointsExtension.java b/src/java.base/share/classes/sun/security/x509/CRLDistributionPointsExtension.java index 8d693441a051a..7a536a7ad5281 100644 --- a/src/java.base/share/classes/sun/security/x509/CRLDistributionPointsExtension.java +++ b/src/java.base/share/classes/sun/security/x509/CRLDistributionPointsExtension.java @@ -79,20 +79,9 @@ * @see CertAttrSet */ public class CRLDistributionPointsExtension extends Extension - implements CertAttrSet { + implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = - "x509.info.extensions.CRLDistributionPoints"; - - /** - * Attribute name. - */ public static final String NAME = "CRLDistributionPoints"; - public static final String POINTS = "points"; /** * The List of DistributionPoint objects. @@ -185,7 +174,7 @@ protected CRLDistributionPointsExtension(ObjectIdentifier extensionId, } /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { @@ -218,35 +207,11 @@ protected void encode(DerOutputStream out, ObjectIdentifier extensionId, super.encode(out); } - /** - * Set the attribute value. - */ - @SuppressWarnings("unchecked") // Checked with instanceof - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(POINTS)) { - if (!(obj instanceof List)) { - throw new IOException("Attribute value should be of type List."); - } - distributionPoints = (List)obj; - } else { - throw new IOException("Attribute name [" + name + - "] not recognized by " + - "CertAttrSet:" + extensionName + '.'); - } - encodeThis(); - } - - /** - * Get the attribute value. + /** + * Get the DistributionPoint value. */ - public List get(String name) throws IOException { - if (name.equalsIgnoreCase(POINTS)) { - return distributionPoints; - } else { - throw new IOException("Attribute name [" + name + - "] not recognized by " + - "CertAttrSet:" + extensionName + '.'); - } + public List getDistributionPoints() { + return distributionPoints; } diff --git a/src/java.base/share/classes/sun/security/x509/CRLExtensions.java b/src/java.base/share/classes/sun/security/x509/CRLExtensions.java index a16bbc530b865..646af05da7b94 100644 --- a/src/java.base/share/classes/sun/security/x509/CRLExtensions.java +++ b/src/java.base/share/classes/sun/security/x509/CRLExtensions.java @@ -32,7 +32,6 @@ import java.security.cert.CRLException; import java.util.Collection; import java.util.Collections; -import java.util.Enumeration; import java.util.Map; import java.util.TreeMap; @@ -169,15 +168,14 @@ public void encode(OutputStream out, boolean isExplicit) * * @param alias the identifier string for the extension to retrieve. */ - public Extension get(String alias) { - X509AttributeName attr = new X509AttributeName(alias); + public Extension getExtension(String alias) { String name; - String id = attr.getPrefix(); - if (id.equalsIgnoreCase(X509CertImpl.NAME)) { // fully qualified + if (alias.startsWith(X509CertImpl.NAME)) { int index = alias.lastIndexOf('.'); name = alias.substring(index + 1); - } else + } else { name = alias; + } return map.get(name); } @@ -185,11 +183,10 @@ public Extension get(String alias) { * Set the extension value with this alias. * * @param alias the identifier string for the extension to set. - * @param obj the Object to set the extension identified by the - * alias. + * @param ext the extension identified by the alias. */ - public void set(String alias, Object obj) { - map.put(alias, (Extension)obj); + public void setExtension(String alias, Extension ext) { + map.put(alias, ext); } /** @@ -201,14 +198,6 @@ public void delete(String alias) { map.remove(alias); } - /** - * Return an enumeration of the extensions. - * @return an enumeration of the extensions in this CRL. - */ - public Enumeration getElements() { - return Collections.enumeration(map.values()); - } - /** * Return a collection view of the extensions. * @return a collection view of the extensions in this CRL. diff --git a/src/java.base/share/classes/sun/security/x509/CRLNumberExtension.java b/src/java.base/share/classes/sun/security/x509/CRLNumberExtension.java index e5684d76af797..12eb8f63f44ae 100644 --- a/src/java.base/share/classes/sun/security/x509/CRLNumberExtension.java +++ b/src/java.base/share/classes/sun/security/x509/CRLNumberExtension.java @@ -44,13 +44,9 @@ * @see CertAttrSet */ public class CRLNumberExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { - /** - * Attribute name. - */ public static final String NAME = "CRLNumber"; - public static final String NUMBER = "value"; private static final String LABEL = "CRL Number"; @@ -135,31 +131,10 @@ protected CRLNumberExtension(ObjectIdentifier extensionId, } /** - * Set the attribute value. + * Get the crlNumber value. */ - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(NUMBER)) { - if (!(obj instanceof BigInteger)) { - throw new IOException("Attribute must be of type BigInteger."); - } - crlNumber = (BigInteger)obj; - } else { - throw new IOException("Attribute name not recognized by" + - " CertAttrSet:" + extensionName + '.'); - } - encodeThis(); - } - - /** - * Get the attribute value. - */ - public BigInteger get(String name) throws IOException { - if (name.equalsIgnoreCase(NUMBER)) { - return crlNumber; - } else { - throw new IOException("Attribute name not recognized by" + - " CertAttrSet:" + extensionName + '.'); - } + public BigInteger getCrlNumber() { + return crlNumber; } @@ -206,10 +181,10 @@ protected void encode(DerOutputStream out, ObjectIdentifier extensionId, /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { - return (extensionName); + return extensionName; } } diff --git a/src/java.base/share/classes/sun/security/x509/CRLReasonCodeExtension.java b/src/java.base/share/classes/sun/security/x509/CRLReasonCodeExtension.java index d5d5d2244402c..c5f8c8de338b3 100644 --- a/src/java.base/share/classes/sun/security/x509/CRLReasonCodeExtension.java +++ b/src/java.base/share/classes/sun/security/x509/CRLReasonCodeExtension.java @@ -39,13 +39,9 @@ * @see CertAttrSet */ public class CRLReasonCodeExtension extends Extension - implements CertAttrSet { + implements CertAttrSet { - /** - * Attribute name - */ public static final String NAME = "CRLReasonCode"; - public static final String REASON = "reason"; private static final CRLReason[] values = CRLReason.values(); @@ -102,35 +98,6 @@ public CRLReasonCodeExtension(Boolean critical, Object value) this.reasonCode = val.getEnumerated(); } - /** - * Set the attribute value. - */ - public void set(String name, Object obj) throws IOException { - if (!(obj instanceof Integer)) { - throw new IOException("Attribute must be of type Integer."); - } - if (name.equalsIgnoreCase(REASON)) { - reasonCode = ((Integer)obj).intValue(); - } else { - throw new IOException - ("Name not supported by CRLReasonCodeExtension"); - } - encodeThis(); - } - - /** - * Get the attribute value. - */ - public Integer get(String name) throws IOException { - if (name.equalsIgnoreCase(REASON)) { - return reasonCode; - } else { - throw new IOException - ("Name not supported by CRLReasonCodeExtension"); - } - } - - /** * Returns a printable representation of the Reason code. */ @@ -156,7 +123,7 @@ public void encode(DerOutputStream out) throws IOException { /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { @@ -174,4 +141,8 @@ public CRLReason getReasonCode() { return CRLReason.UNSPECIFIED; } } + + public int getReason() { + return reasonCode; + } } diff --git a/src/java.base/share/classes/sun/security/x509/CertAttrSet.java b/src/java.base/share/classes/sun/security/x509/CertAttrSet.java index a22875f308ccc..334c9a981628b 100644 --- a/src/java.base/share/classes/sun/security/x509/CertAttrSet.java +++ b/src/java.base/share/classes/sun/security/x509/CertAttrSet.java @@ -28,57 +28,17 @@ import sun.security.util.DerOutputStream; import java.io.IOException; -import java.security.cert.CertificateException; /** - * This interface defines the methods required of a certificate attribute. - * Examples of X.509 certificate attributes are Validity, Issuer_Name, and - * Subject Name. A CertAttrSet may comprise one attribute or many - * attributes. - *

- * A CertAttrSet itself can also be comprised of other sub-sets. - * In the case of X.509 V3 certificates, for example, the "extensions" - * attribute has subattributes, such as those for KeyUsage and - * AuthorityKeyIdentifier. - * - * @author Amit Kapoor - * @author Hemma Prafullchandra - * @see CertificateException + * This interface defines a certificate attribute that can be DER-encoded. */ -public interface CertAttrSet { +public interface CertAttrSet { /** - * Encodes the attribute to the output stream in a format - * that can be parsed by the decode method. + * Encodes the attribute to the output stream. * * @param out the DerOutputStream to encode the attribute to. - * - * @exception CertificateException on encoding or validity errors. - * @exception IOException on other errors. - */ - void encode(DerOutputStream out) - throws CertificateException, IOException; - - /** - * Sets an attribute value within this CertAttrSet. - * - * @param name the name of the attribute (e.g. "x509.info.key") - * @param obj the attribute object. - * - * @exception CertificateException on attribute handling errors. - * @exception IOException on other errors. - */ - void set(String name, Object obj) - throws CertificateException, IOException; - - /** - * Gets an attribute value for this CertAttrSet. - * - * @param name the name of the attribute to return. - * - * @exception CertificateException on attribute handling errors. - * @exception IOException on other errors. + * @exception IOException on write errors. */ - Object get(String name) - throws CertificateException, IOException; + void encode(DerOutputStream out) throws IOException; } diff --git a/src/java.base/share/classes/sun/security/x509/CertificateAlgorithmId.java b/src/java.base/share/classes/sun/security/x509/CertificateAlgorithmId.java index c61772f4bd7b4..87b83825c6951 100644 --- a/src/java.base/share/classes/sun/security/x509/CertificateAlgorithmId.java +++ b/src/java.base/share/classes/sun/security/x509/CertificateAlgorithmId.java @@ -36,27 +36,11 @@ * @author Amit Kapoor * @author Hemma Prafullchandra */ -public class CertificateAlgorithmId implements CertAttrSet { +public class CertificateAlgorithmId implements CertAttrSet { private AlgorithmId algId; - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.algorithmID"; - /** - * Sub attributes name for this CertAttrSet. - */ public static final String NAME = "algorithmID"; - /** - * Identifier to be used with get, set, and delete methods. When - * using this identifier the associated object being passed in or - * returned is an instance of AlgorithmId. - * @see sun.security.x509.AlgorithmId - */ - public static final String ALGORITHM = "algorithm"; - /** * Default constructor for the certificate attribute. * @@ -109,30 +93,9 @@ public void encode(DerOutputStream out) throws IOException { } /** - * Set the attribute value. - */ - public void set(String name, Object obj) throws IOException { - if (!(obj instanceof AlgorithmId)) { - throw new IOException("Attribute must be of type AlgorithmId."); - } - if (name.equalsIgnoreCase(ALGORITHM)) { - algId = (AlgorithmId)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:CertificateAlgorithmId."); - } - } - - /** - * Get the attribute value. + * Get the AlgorithmId value. */ - public AlgorithmId get(String name) throws IOException { - if (name.equalsIgnoreCase(ALGORITHM)) { - return (algId); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:CertificateAlgorithmId."); - } + public AlgorithmId getAlgId() throws IOException { + return algId; } - } diff --git a/src/java.base/share/classes/sun/security/x509/CertificateExtensions.java b/src/java.base/share/classes/sun/security/x509/CertificateExtensions.java index 75a58fddd6d21..bdad37a8047bc 100644 --- a/src/java.base/share/classes/sun/security/x509/CertificateExtensions.java +++ b/src/java.base/share/classes/sun/security/x509/CertificateExtensions.java @@ -40,15 +40,8 @@ * @author Hemma Prafullchandra * @see CertAttrSet */ -public class CertificateExtensions implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.extensions"; - /** - * name - */ +public class CertificateExtensions implements CertAttrSet { + public static final String NAME = "extensions"; private static final Debug debug = Debug.getInstance("x509"); @@ -148,8 +141,7 @@ private void parseExtension(Extension ext) throws IOException { * @exception IOException on errors. */ @Override - public void encode(DerOutputStream out) - throws CertificateException, IOException { + public void encode(DerOutputStream out) throws IOException { encode(out, false); } @@ -162,7 +154,7 @@ public void encode(DerOutputStream out) * @exception IOException on errors. */ public void encode(DerOutputStream out, boolean isCertReq) - throws CertificateException, IOException { + throws IOException { DerOutputStream extOut = new DerOutputStream(); for (Extension ext : map.values()) { ext.encode(extOut); @@ -179,40 +171,34 @@ public void encode(DerOutputStream out, boolean isCertReq) } /** - * Set the attribute value. + * Set the extension value. * @param name the extension name used in the cache. - * @param obj the object to set. - * @exception IOException if the object could not be cached. + * @param ext the extension to set. */ - public void set(String name, Object obj) throws IOException { - if (obj instanceof Extension) { - map.put(name, (Extension)obj); - } else { - throw new IOException("Unknown extension type."); - } + public void setExtension(String name, Extension ext) { + map.put(name, ext); } /** - * Get the attribute value. - * @param name the extension name used in the lookup. - * @exception IOException if named extension is not found. + * Get the extension with this alias. + * + * @param alias the identifier string for the extension to retrieve. + * Could be one of "x509.info.extensions.ExtensionName", + * "ExtensionName", "2.3.4.5". */ - public Extension get(String name) throws IOException { - Extension obj = map.get(name); - if (obj == null) { - throw new IOException("No extension found with name " + name); + public Extension getExtension(String alias) { + String name; + if (alias.startsWith(X509CertImpl.NAME)) { + int index = alias.lastIndexOf('.'); + name = alias.substring(index + 1); + } else { + name = alias; } - return (obj); - } - - // Similar to get(String), but throw no exception, might return null. - // Used in X509CertImpl::getExtension(OID). - Extension getExtension(String name) { return map.get(name); } /** - * Delete the attribute value. + * Delete the extension value. * @param name the extension name used in the lookup. * @exception IOException if named extension is not found. */ @@ -310,5 +296,4 @@ public int hashCode() { public String toString() { return map.toString(); } - } diff --git a/src/java.base/share/classes/sun/security/x509/CertificateIssuerExtension.java b/src/java.base/share/classes/sun/security/x509/CertificateIssuerExtension.java index 246522744a7be..9080f101f23e1 100644 --- a/src/java.base/share/classes/sun/security/x509/CertificateIssuerExtension.java +++ b/src/java.base/share/classes/sun/security/x509/CertificateIssuerExtension.java @@ -59,13 +59,9 @@ * @see CertAttrSet */ public class CertificateIssuerExtension extends Extension - implements CertAttrSet { + implements CertAttrSet { - /** - * Attribute names. - */ public static final String NAME = "CertificateIssuer"; - public static final String ISSUER = "issuer"; private GeneralNames names; @@ -115,40 +111,10 @@ public CertificateIssuerExtension(Boolean critical, Object value) this.names = new GeneralNames(val); } - /** - * Set the attribute value. - * - * @throws IOException on error - */ - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(ISSUER)) { - if (!(obj instanceof GeneralNames)) { - throw new IOException("Attribute value must be of type " + - "GeneralNames"); - } - this.names = (GeneralNames)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:CertificateIssuer"); - } - encodeThis(); - } - - /** - * Gets the attribute value. - * - * @throws IOException on error - */ - public GeneralNames get(String name) throws IOException { - if (name.equalsIgnoreCase(ISSUER)) { - return names; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:CertificateIssuer"); - } + public GeneralNames getNames() { + return names; } - /** * Returns a printable representation of the certificate issuer. */ @@ -175,7 +141,7 @@ public void encode(DerOutputStream out) throws IOException { /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { diff --git a/src/java.base/share/classes/sun/security/x509/CertificateIssuerName.java b/src/java.base/share/classes/sun/security/x509/CertificateIssuerName.java deleted file mode 100644 index 85bd2f86d2949..0000000000000 --- a/src/java.base/share/classes/sun/security/x509/CertificateIssuerName.java +++ /dev/null @@ -1,146 +0,0 @@ -/* - * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.x509; - -import java.io.IOException; -import java.io.InputStream; - -import javax.security.auth.x500.X500Principal; - -import sun.security.util.*; - -/** - * This class defines the X500Name attribute for the Certificate. - * - * @author Amit Kapoor - * @author Hemma Prafullchandra - * @see CertAttrSet - */ -public class CertificateIssuerName implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.issuer"; - /** - * Sub attributes name for this CertAttrSet. - */ - public static final String NAME = "issuer"; - public static final String DN_NAME = "dname"; - - // accessor name for cached X500Principal only - // do not allow a set() of this value - public static final String DN_PRINCIPAL = "x500principal"; - - // Private data member - private X500Name dnName; - - // cached X500Principal version of the name - private X500Principal dnPrincipal; - - /** - * Default constructor for the certificate attribute. - * - * @param name the X500Name - */ - public CertificateIssuerName(X500Name name) { - this.dnName = name; - } - - /** - * Create the object, decoding the values from the passed DER stream. - * - * @param in the DerInputStream to read the X500Name from. - * @exception IOException on decoding errors. - */ - public CertificateIssuerName(DerInputStream in) throws IOException { - dnName = new X500Name(in); - } - - /** - * Create the object, decoding the values from the passed stream. - * - * @param in the InputStream to read the X500Name from. - * @exception IOException on decoding errors. - */ - public CertificateIssuerName(InputStream in) throws IOException { - DerValue derVal = new DerValue(in); - dnName = new X500Name(derVal); - } - - /** - * Return the name as user readable string. - */ - public String toString() { - if (dnName == null) return ""; - return(dnName.toString()); - } - - /** - * Encode the name in DER form to the stream. - * - * @param out the DerOutputStream to marshal the contents to. - * @exception IOException on errors. - */ - @Override - public void encode(DerOutputStream out) throws IOException { - dnName.encode(out); - } - - /** - * Set the attribute value. - */ - public void set(String name, Object obj) throws IOException { - if (!(obj instanceof X500Name)) { - throw new IOException("Attribute must be of type X500Name."); - } - if (name.equalsIgnoreCase(DN_NAME)) { - this.dnName = (X500Name)obj; - this.dnPrincipal = null; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:CertificateIssuerName."); - } - } - - /** - * Get the attribute value. - */ - public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(DN_NAME)) { - return(dnName); - } else if (name.equalsIgnoreCase(DN_PRINCIPAL)) { - if ((dnPrincipal == null) && (dnName != null)) { - dnPrincipal = dnName.asX500Principal(); - } - return dnPrincipal; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:CertificateIssuerName."); - } - } - -} diff --git a/src/java.base/share/classes/sun/security/x509/CertificatePoliciesExtension.java b/src/java.base/share/classes/sun/security/x509/CertificatePoliciesExtension.java index 758c82bb7083d..0d63b066ab508 100644 --- a/src/java.base/share/classes/sun/security/x509/CertificatePoliciesExtension.java +++ b/src/java.base/share/classes/sun/security/x509/CertificatePoliciesExtension.java @@ -66,17 +66,9 @@ * @see CertAttrSet */ public class CertificatePoliciesExtension extends Extension -implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.extensions.CertificatePolicies"; - /** - * Attribute names. - */ + implements CertAttrSet { + public static final String NAME = "CertificatePolicies"; - public static final String POLICIES = "policies"; /** * List of PolicyInformation for this object. @@ -187,44 +179,19 @@ public void encode(DerOutputStream out) throws IOException { } /** - * Set the attribute value. + * Get the PolicyInformation value. */ - @SuppressWarnings("unchecked") // Checked with an instanceof check - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(POLICIES)) { - if (!(obj instanceof List)) { - throw new IOException("Attribute value should be of type List."); - } - certPolicies = (List)obj; - } else { - throw new IOException("Attribute name [" + name + - "] not recognized by " + - "CertAttrSet:CertificatePoliciesExtension."); - } - encodeThis(); - } - - /** - * Get the attribute value. - */ - public List get(String name) throws IOException { - if (name.equalsIgnoreCase(POLICIES)) { - //XXXX May want to consider cloning this - return certPolicies; - } else { - throw new IOException("Attribute name [" + name + - "] not recognized by " + - "CertAttrSet:CertificatePoliciesExtension."); - } + public List getCertPolicies() { + return certPolicies; } /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { - return (NAME); + return NAME; } } diff --git a/src/java.base/share/classes/sun/security/x509/CertificateSerialNumber.java b/src/java.base/share/classes/sun/security/x509/CertificateSerialNumber.java index c95c21641f3d1..9115a53671a5b 100644 --- a/src/java.base/share/classes/sun/security/x509/CertificateSerialNumber.java +++ b/src/java.base/share/classes/sun/security/x509/CertificateSerialNumber.java @@ -38,18 +38,9 @@ * @author Hemma Prafullchandra * @see CertAttrSet */ -public class CertificateSerialNumber implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.serialNumber"; +public class CertificateSerialNumber implements CertAttrSet { - /** - * Sub attributes name for this CertAttrSet. - */ public static final String NAME = "serialNumber"; - public static final String NUMBER = "number"; private SerialNumber serial; @@ -106,7 +97,7 @@ public CertificateSerialNumber(DerValue val) throws IOException { */ public String toString() { if (serial == null) return ""; - return (serial.toString()); + return serial.toString(); } /** @@ -120,31 +111,8 @@ public void encode(DerOutputStream out) throws IOException { serial.encode(out); } - /** - * Set the attribute value. - */ - public void set(String name, Object obj) throws IOException { - if (!(obj instanceof SerialNumber)) { - throw new IOException("Attribute must be of type SerialNumber."); - } - if (name.equalsIgnoreCase(NUMBER)) { - serial = (SerialNumber)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:CertificateSerialNumber."); - } - } - - /** - * Get the attribute value. - */ - public SerialNumber get(String name) throws IOException { - if (name.equalsIgnoreCase(NUMBER)) { - return (serial); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:CertificateSerialNumber."); - } + public SerialNumber getSerial() { + return serial; } /** diff --git a/src/java.base/share/classes/sun/security/x509/CertificateSubjectName.java b/src/java.base/share/classes/sun/security/x509/CertificateSubjectName.java index 2c27ec568f1ee..d3d8da304abcc 100644 --- a/src/java.base/share/classes/sun/security/x509/CertificateSubjectName.java +++ b/src/java.base/share/classes/sun/security/x509/CertificateSubjectName.java @@ -39,21 +39,9 @@ * @author Hemma Prafullchandra * @see CertAttrSet */ -public class CertificateSubjectName implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.subject"; - /** - * Sub attributes name for this CertAttrSet. - */ - public static final String NAME = "subject"; - public static final String DN_NAME = "dname"; +public class CertificateSubjectName implements CertAttrSet { - // accessor name for cached X500Principal only - // do not allow a set() of this value - public static final String DN_PRINCIPAL = "x500principal"; + public static final String NAME = "subject"; // Private data member private X500Name dnName; @@ -96,7 +84,7 @@ public CertificateSubjectName(InputStream in) throws IOException { */ public String toString() { if (dnName == null) return ""; - return(dnName.toString()); + return dnName.toString(); } /** @@ -109,37 +97,4 @@ public String toString() { public void encode(DerOutputStream out) throws IOException { dnName.encode(out); } - - /** - * Set the attribute value. - */ - public void set(String name, Object obj) throws IOException { - if (!(obj instanceof X500Name)) { - throw new IOException("Attribute must be of type X500Name."); - } - if (name.equalsIgnoreCase(DN_NAME)) { - this.dnName = (X500Name)obj; - this.dnPrincipal = null; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:CertificateSubjectName."); - } - } - - /** - * Get the attribute value. - */ - public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(DN_NAME)) { - return(dnName); - } else if (name.equalsIgnoreCase(DN_PRINCIPAL)) { - if ((dnPrincipal == null) && (dnName != null)) { - dnPrincipal = dnName.asX500Principal(); - } - return dnPrincipal; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:CertificateSubjectName."); - } - } } diff --git a/src/java.base/share/classes/sun/security/x509/CertificateValidity.java b/src/java.base/share/classes/sun/security/x509/CertificateValidity.java index c2c408de984fb..8f7e7f0aa9193 100644 --- a/src/java.base/share/classes/sun/security/x509/CertificateValidity.java +++ b/src/java.base/share/classes/sun/security/x509/CertificateValidity.java @@ -37,18 +37,9 @@ * @author Hemma Prafullchandra * @see CertAttrSet */ -public class CertificateValidity implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.validity"; - /** - * Sub attributes name for this CertAttrSet. - */ +public class CertificateValidity implements CertAttrSet { + public static final String NAME = "validity"; - public static final String NOT_BEFORE = "notBefore"; - public static final String NOT_AFTER = "notAfter"; /** * YR_2050 date and time set to Jan01 00:00 2050 GMT */ @@ -59,13 +50,13 @@ public class CertificateValidity implements CertAttrSet { private Date notAfter; // Returns the first time the certificate is valid. - private Date getNotBefore() { - return (new Date(notBefore.getTime())); + public Date getNotBefore() { + return new Date(notBefore.getTime()); } // Returns the last time the certificate is valid. - private Date getNotAfter() { - return (new Date(notAfter.getTime())); + public Date getNotAfter() { + return new Date(notAfter.getTime()); } // Construct the class from the DerValue @@ -169,37 +160,6 @@ public void encode(DerOutputStream out) throws IOException { out.write(DerValue.tag_Sequence, pair); } - /** - * Set the attribute value. - */ - public void set(String name, Object obj) throws IOException { - if (!(obj instanceof Date)) { - throw new IOException("Attribute must be of type Date."); - } - if (name.equalsIgnoreCase(NOT_BEFORE)) { - notBefore = (Date)obj; - } else if (name.equalsIgnoreCase(NOT_AFTER)) { - notAfter = (Date)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet: CertificateValidity."); - } - } - - /** - * Get the attribute value. - */ - public Date get(String name) throws IOException { - if (name.equalsIgnoreCase(NOT_BEFORE)) { - return (getNotBefore()); - } else if (name.equalsIgnoreCase(NOT_AFTER)) { - return (getNotAfter()); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet: CertificateValidity."); - } - } - /** * Verify that the current time is within the validity period. * diff --git a/src/java.base/share/classes/sun/security/x509/CertificateVersion.java b/src/java.base/share/classes/sun/security/x509/CertificateVersion.java index b27f3439404f0..f245894e85d1b 100644 --- a/src/java.base/share/classes/sun/security/x509/CertificateVersion.java +++ b/src/java.base/share/classes/sun/security/x509/CertificateVersion.java @@ -37,7 +37,7 @@ * @author Hemma Prafullchandra * @see CertAttrSet */ -public class CertificateVersion implements CertAttrSet { +public class CertificateVersion implements CertAttrSet { /** * X509Certificate Version 1 */ @@ -50,23 +50,15 @@ public class CertificateVersion implements CertAttrSet { * X509Certificate Version 3 */ public static final int V3 = 2; - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.version"; - /** - * Sub attributes name for this CertAttrSet. - */ + public static final String NAME = "version"; - public static final String VERSION = "number"; // Private data members int version = V1; // Returns the version number. - private int getVersion() { - return(version); + public int getVersion() { + return version; } // Construct the class from the passed DerValue @@ -147,7 +139,7 @@ public CertificateVersion(DerValue val) throws IOException { * Return the version number of the certificate. */ public String toString() { - return("Version: V" + (version+1)); + return "Version: V" + (version+1); } /** @@ -169,37 +161,10 @@ public void encode(DerOutputStream out) throws IOException { tmp); } - /** - * Set the attribute value. - */ - public void set(String name, Object obj) throws IOException { - if (!(obj instanceof Integer)) { - throw new IOException("Attribute must be of type Integer."); - } - if (name.equalsIgnoreCase(VERSION)) { - version = ((Integer)obj).intValue(); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet: CertificateVersion."); - } - } - - /** - * Get the attribute value. - */ - public Integer get(String name) throws IOException { - if (name.equalsIgnoreCase(VERSION)) { - return(getVersion()); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet: CertificateVersion."); - } - } - - /** + /** * Compare versions. */ public int compare(int vers) { - return(version - vers); + return version - vers; } } diff --git a/src/java.base/share/classes/sun/security/x509/CertificateX509Key.java b/src/java.base/share/classes/sun/security/x509/CertificateX509Key.java index ec8bb6c06241a..af2abbd4f423d 100644 --- a/src/java.base/share/classes/sun/security/x509/CertificateX509Key.java +++ b/src/java.base/share/classes/sun/security/x509/CertificateX509Key.java @@ -38,17 +38,9 @@ * @author Hemma Prafullchandra * @see CertAttrSet */ -public class CertificateX509Key implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.key"; - /** - * Sub attributes name for this CertAttrSet. - */ +public class CertificateX509Key implements CertAttrSet { + public static final String NAME = "key"; - public static final String KEY = "value"; // Private data member private PublicKey key; @@ -89,7 +81,7 @@ public CertificateX509Key(InputStream in) throws IOException { */ public String toString() { if (key == null) return ""; - return(key.toString()); + return key.toString(); } /** @@ -103,28 +95,11 @@ public void encode(DerOutputStream out) throws IOException { out.write(key.getEncoded()); } - /** - * Set the attribute value. - */ - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(KEY)) { - this.key = (PublicKey)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet: CertificateX509Key."); - } - } - - /** - * Get the attribute value. + /** + * Get the PublicKey value. */ - public PublicKey get(String name) throws IOException { - if (name.equalsIgnoreCase(KEY)) { - return(key); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet: CertificateX509Key."); - } + public PublicKey getKey() { + return key; } } diff --git a/src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java b/src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java index d33c8ff787a79..8f0908abbc6df 100644 --- a/src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java +++ b/src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java @@ -59,9 +59,6 @@ */ public class DeltaCRLIndicatorExtension extends CRLNumberExtension { - /** - * Attribute name. - */ public static final String NAME = "DeltaCRLIndicator"; private static final String LABEL = "Base CRL Number"; diff --git a/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java b/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java index 91add404b8604..cadd7875550ce 100644 --- a/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java +++ b/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java @@ -77,19 +77,9 @@ * @since 1.4 */ public class ExtendedKeyUsageExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.extensions.ExtendedKeyUsage"; - - /** - * Attribute names. - */ public static final String NAME = "ExtendedKeyUsage"; - public static final String USAGES = "usages"; /** * Vector of KeyUsages for this object. @@ -207,45 +197,20 @@ public void encode(DerOutputStream out) throws IOException { } /** - * Set the attribute value. + * Get the keyUsages value. */ - @SuppressWarnings("unchecked") // Checked with instanceof - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(USAGES)) { - if (!(obj instanceof Vector)) { - throw new IOException("Attribute value should be of type Vector."); - } - this.keyUsages = (Vector)obj; - } else { - throw new IOException("Attribute name [" + name + - "] not recognized by " + - "CertAttrSet:ExtendedKeyUsageExtension."); - } - encodeThis(); - } - - /** - * Get the attribute value. - */ - public Vector get(String name) throws IOException { - if (name.equalsIgnoreCase(USAGES)) { - //XXXX May want to consider cloning this - return keyUsages; - } else { - throw new IOException("Attribute name [" + name + - "] not recognized by " + - "CertAttrSet:ExtendedKeyUsageExtension."); - } + public Vector getUsages() { + return keyUsages; } /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { - return (NAME); + return NAME; } public List getExtendedKeyUsage() { diff --git a/src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java b/src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java index bb7e808562045..97179437c89bc 100644 --- a/src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java +++ b/src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java @@ -57,15 +57,7 @@ * @see Extension */ public class InhibitAnyPolicyExtension extends Extension -implements CertAttrSet { - - private static final Debug debug = Debug.getInstance("certpath"); - - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.extensions.InhibitAnyPolicy"; + implements CertAttrSet { /** * Object identifier for "any-policy" @@ -73,11 +65,7 @@ public class InhibitAnyPolicyExtension extends Extension public static ObjectIdentifier AnyPolicy_Id = ObjectIdentifier.of(KnownOIDs.CE_CERT_POLICIES_ANY); - /** - * Attribute names. - */ public static final String NAME = "InhibitAnyPolicy"; - public static final String SKIP_CERTS = "skip_certs"; // Private data members private int skipCerts = Integer.MAX_VALUE; @@ -145,79 +133,39 @@ public InhibitAnyPolicyExtension(Boolean critical, Object value) } } - /** - * Return user readable form of extension. - */ - public String toString() { - return super.toString() + "InhibitAnyPolicy: " + skipCerts + "\n"; - } - - /** - * Encode this extension value to the output stream. - * - * @param out the DerOutputStream to encode the extension to. - */ - @Override - public void encode(DerOutputStream out) throws IOException { - if (extensionValue == null) { - this.extensionId = PKIXExtensions.InhibitAnyPolicy_Id; - critical = true; - encodeThis(); - } - super.encode(out); - } - /** - * Set the attribute value. - * - * @param name name of attribute to set. Must be SKIP_CERTS. - * @param obj value to which attribute is to be set. Must be Integer - * type. - * @throws IOException on error + * Return user readable form of extension. */ - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(SKIP_CERTS)) { - if (!(obj instanceof Integer)) - throw new IOException("Attribute value should be of type Integer."); - int skipCertsValue = ((Integer)obj).intValue(); - if (skipCertsValue < -1) - throw new IOException("Invalid value for skipCerts"); - if (skipCertsValue == -1) { - skipCerts = Integer.MAX_VALUE; - } else { - skipCerts = skipCertsValue; - } - } else - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:InhibitAnyPolicy."); - encodeThis(); + public String toString() { + return super.toString() + "InhibitAnyPolicy: " + skipCerts + "\n"; } /** - * Get the attribute value. + * Encode this extension value to the output stream. * - * @param name name of attribute to get. Must be SKIP_CERTS. - * @return value of the attribute. In this case it will be of type - * Integer. - * @throws IOException on error + * @param out the DerOutputStream to encode the extension to. */ - public Integer get(String name) throws IOException { - if (name.equalsIgnoreCase(SKIP_CERTS)) - return (skipCerts); - else - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:InhibitAnyPolicy."); + @Override + public void encode(DerOutputStream out) throws IOException { + if (extensionValue == null) { + this.extensionId = PKIXExtensions.InhibitAnyPolicy_Id; + critical = true; + encodeThis(); + } + super.encode(out); } - + public int getSkipCerts() { + return skipCerts; + } /** - * Return the name of this attribute. + * Return the name of this extension. * - * @return name of attribute. + * @return name of extension. */ @Override public String getName() { - return (NAME); + return NAME; } } diff --git a/src/java.base/share/classes/sun/security/x509/InvalidityDateExtension.java b/src/java.base/share/classes/sun/security/x509/InvalidityDateExtension.java index 96e5d2664b9d9..e20300864231c 100644 --- a/src/java.base/share/classes/sun/security/x509/InvalidityDateExtension.java +++ b/src/java.base/share/classes/sun/security/x509/InvalidityDateExtension.java @@ -56,13 +56,12 @@ * @author Sean Mullan */ public class InvalidityDateExtension extends Extension - implements CertAttrSet { + implements CertAttrSet { /** * Attribute name and Reason codes */ public static final String NAME = "InvalidityDate"; - public static final String DATE = "date"; private Date date; @@ -118,34 +117,13 @@ public InvalidityDateExtension(Boolean critical, Object value) } /** - * Set the attribute value. + * Get the Date value. */ - public void set(String name, Object obj) throws IOException { - if (!(obj instanceof Date)) { - throw new IOException("Attribute must be of type Date."); - } - if (name.equalsIgnoreCase(DATE)) { - date = (Date) obj; - } else { - throw new IOException - ("Name not supported by InvalidityDateExtension"); - } - encodeThis(); - } - - /** - * Get the attribute value. - */ - public Date get(String name) throws IOException { - if (name.equalsIgnoreCase(DATE)) { - if (date == null) { - return null; - } else { - return (new Date(date.getTime())); // clone - } + public Date getDate() throws IOException { + if (date == null) { + return null; } else { - throw new IOException - ("Name not supported by InvalidityDateExtension"); + return new Date(date.getTime()); // clone } } @@ -175,7 +153,7 @@ public void encode(DerOutputStream out) throws IOException { /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { diff --git a/src/java.base/share/classes/sun/security/x509/IssuerAlternativeNameExtension.java b/src/java.base/share/classes/sun/security/x509/IssuerAlternativeNameExtension.java index 5bddc4cea7093..5ff58654b5357 100644 --- a/src/java.base/share/classes/sun/security/x509/IssuerAlternativeNameExtension.java +++ b/src/java.base/share/classes/sun/security/x509/IssuerAlternativeNameExtension.java @@ -46,18 +46,9 @@ * @see CertAttrSet */ public class IssuerAlternativeNameExtension -extends Extension implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = - "x509.info.extensions.IssuerAlternativeName"; - /** - * Attribute names. - */ + extends Extension implements CertAttrSet { + public static final String NAME = "IssuerAlternativeName"; - public static final String ISSUER_NAME = "issuer_name"; // private data members GeneralNames names; @@ -170,42 +161,15 @@ public void encode(DerOutputStream out) throws IOException { super.encode(out); } - /** - * Set the attribute value. - */ - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(ISSUER_NAME)) { - if (!(obj instanceof GeneralNames)) { - throw new IOException("Attribute value should be of" + - " type GeneralNames."); - } - names = (GeneralNames)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:IssuerAlternativeName."); - } - encodeThis(); + public GeneralNames getNames() { + return names; } /** - * Get the attribute value. - */ - public GeneralNames get(String name) throws IOException { - if (name.equalsIgnoreCase(ISSUER_NAME)) { - return (names); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:IssuerAlternativeName."); - } - } - - - - /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { - return (NAME); + return NAME; } } diff --git a/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java b/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java index 6de06fbae150a..9bd8a276e680e 100644 --- a/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java +++ b/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java @@ -64,25 +64,9 @@ * @since 1.6 */ public class IssuingDistributionPointExtension extends Extension - implements CertAttrSet { + implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = - "x509.info.extensions.IssuingDistributionPoint"; - - /** - * Attribute names. - */ public static final String NAME = "IssuingDistributionPoint"; - public static final String POINT = "point"; - public static final String REASONS = "reasons"; - public static final String ONLY_USER_CERTS = "only_user_certs"; - public static final String ONLY_CA_CERTS = "only_ca_certs"; - public static final String ONLY_ATTRIBUTE_CERTS = "only_attribute_certs"; - public static final String INDIRECT_CRL = "indirect_crl"; /* * The distribution point name for the CRL. @@ -218,7 +202,7 @@ public IssuingDistributionPointExtension(Boolean critical, Object value) } /** - * Returns the name of this attribute. + * Returns the name of this extension. */ @Override public String getName() { @@ -242,90 +226,34 @@ public void encode(DerOutputStream out) throws IOException { super.encode(out); } - /** - * Sets the attribute value. - */ - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(POINT)) { - if (!(obj instanceof DistributionPointName)) { - throw new IOException( - "Attribute value should be of type DistributionPointName."); - } - distributionPoint = (DistributionPointName)obj; - - } else if (name.equalsIgnoreCase(REASONS)) { - if (!(obj instanceof ReasonFlags)) { - throw new IOException( - "Attribute value should be of type ReasonFlags."); - } - revocationReasons = (ReasonFlags)obj; - - } else if (name.equalsIgnoreCase(INDIRECT_CRL)) { - if (!(obj instanceof Boolean)) { - throw new IOException( - "Attribute value should be of type Boolean."); - } - isIndirectCRL = ((Boolean)obj).booleanValue(); - - } else if (name.equalsIgnoreCase(ONLY_USER_CERTS)) { - if (!(obj instanceof Boolean)) { - throw new IOException( - "Attribute value should be of type Boolean."); - } - hasOnlyUserCerts = ((Boolean)obj).booleanValue(); - - } else if (name.equalsIgnoreCase(ONLY_CA_CERTS)) { - if (!(obj instanceof Boolean)) { - throw new IOException( - "Attribute value should be of type Boolean."); - } - hasOnlyCACerts = ((Boolean)obj).booleanValue(); - - } else if (name.equalsIgnoreCase(ONLY_ATTRIBUTE_CERTS)) { - if (!(obj instanceof Boolean)) { - throw new IOException( - "Attribute value should be of type Boolean."); - } - hasOnlyAttributeCerts = ((Boolean)obj).booleanValue(); - - } else { - throw new IOException("Attribute name [" + name + - "] not recognized by " + - "CertAttrSet:IssuingDistributionPointExtension."); - } + public void setRevocationReasons(ReasonFlags val) throws IOException { + revocationReasons = val; encodeThis(); } - /** - * Gets the attribute value. - */ - public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(POINT)) { - return distributionPoint; - - } else if (name.equalsIgnoreCase(INDIRECT_CRL)) { - return Boolean.valueOf(isIndirectCRL); - - } else if (name.equalsIgnoreCase(REASONS)) { - return revocationReasons; - - } else if (name.equalsIgnoreCase(ONLY_USER_CERTS)) { - return Boolean.valueOf(hasOnlyUserCerts); + public DistributionPointName getDistributionPoint() { + return distributionPoint; + } - } else if (name.equalsIgnoreCase(ONLY_CA_CERTS)) { - return Boolean.valueOf(hasOnlyCACerts); + public ReasonFlags getRevocationReasons() { + return revocationReasons; + } - } else if (name.equalsIgnoreCase(ONLY_ATTRIBUTE_CERTS)) { - return Boolean.valueOf(hasOnlyAttributeCerts); + public boolean hasOnlyUserCerts() { + return hasOnlyUserCerts; + } - } else { - throw new IOException("Attribute name [" + name + - "] not recognized by " + - "CertAttrSet:IssuingDistributionPointExtension."); - } + public boolean hasOnlyCACerts() { + return hasOnlyCACerts; } + public boolean hasOnlyAttributeCerts() { + return hasOnlyAttributeCerts; + } + public boolean isIndirectCRL() { + return isIndirectCRL; + } // Encodes this extension value private void encodeThis() throws IOException { diff --git a/src/java.base/share/classes/sun/security/x509/KeyUsageExtension.java b/src/java.base/share/classes/sun/security/x509/KeyUsageExtension.java index 3ebf74d7f47ad..20d05514f3c9e 100644 --- a/src/java.base/share/classes/sun/security/x509/KeyUsageExtension.java +++ b/src/java.base/share/classes/sun/security/x509/KeyUsageExtension.java @@ -44,16 +44,8 @@ * @see CertAttrSet */ public class KeyUsageExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.extensions.KeyUsage"; - /** - * Attribute names. - */ public static final String NAME = "KeyUsage"; public static final String DIGITAL_SIGNATURE = "digital_signature"; public static final String NON_REPUDIATION = "non_repudiation"; @@ -183,11 +175,7 @@ public KeyUsageExtension() { /** * Set the attribute value. */ - public void set(String name, Object obj) throws IOException { - if (!(obj instanceof Boolean)) { - throw new IOException("Attribute must be of type Boolean."); - } - boolean val = ((Boolean)obj).booleanValue(); + public void set(String name, boolean val) throws IOException { if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) { set(0,val); } else if (name.equalsIgnoreCase(NON_REPUDIATION)) { @@ -216,25 +204,25 @@ public void set(String name, Object obj) throws IOException { /** * Get the attribute value. */ - public Boolean get(String name) throws IOException { + public boolean get(String name) throws IOException { if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) { - return Boolean.valueOf(isSet(0)); + return isSet(0); } else if (name.equalsIgnoreCase(NON_REPUDIATION)) { - return Boolean.valueOf(isSet(1)); + return isSet(1); } else if (name.equalsIgnoreCase(KEY_ENCIPHERMENT)) { - return Boolean.valueOf(isSet(2)); + return isSet(2); } else if (name.equalsIgnoreCase(DATA_ENCIPHERMENT)) { - return Boolean.valueOf(isSet(3)); + return isSet(3); } else if (name.equalsIgnoreCase(KEY_AGREEMENT)) { - return Boolean.valueOf(isSet(4)); + return isSet(4); } else if (name.equalsIgnoreCase(KEY_CERTSIGN)) { - return Boolean.valueOf(isSet(5)); + return isSet(5); } else if (name.equalsIgnoreCase(CRL_SIGN)) { - return Boolean.valueOf(isSet(6)); + return isSet(6); } else if (name.equalsIgnoreCase(ENCIPHER_ONLY)) { - return Boolean.valueOf(isSet(7)); + return isSet(7); } else if (name.equalsIgnoreCase(DECIPHER_ONLY)) { - return Boolean.valueOf(isSet(8)); + return isSet(8); } else { throw new IOException("Attribute name not recognized by" + " CertAttrSet:KeyUsage."); @@ -305,10 +293,10 @@ public boolean[] getBits() { } /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { - return (NAME); + return NAME; } } diff --git a/src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java b/src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java index cc23bcd316e38..97222b63098c0 100644 --- a/src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java +++ b/src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java @@ -60,18 +60,9 @@ * @see CertAttrSet */ public class NameConstraintsExtension extends Extension -implements CertAttrSet, Cloneable { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.extensions.NameConstraints"; - /** - * Attribute names. - */ + implements CertAttrSet, Cloneable { + public static final String NAME = "NameConstraints"; - public static final String PERMITTED_SUBTREES = "permitted_subtrees"; - public static final String EXCLUDED_SUBTREES = "excluded_subtrees"; // Private data members private static final byte TAG_PERMITTED = 0; @@ -244,51 +235,20 @@ public void encode(DerOutputStream out) throws IOException { super.encode(out); } - /** - * Set the attribute value. - */ - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { - if (!(obj instanceof GeneralSubtrees)) { - throw new IOException("Attribute value should be" - + " of type GeneralSubtrees."); - } - permitted = (GeneralSubtrees)obj; - } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { - if (!(obj instanceof GeneralSubtrees)) { - throw new IOException("Attribute value should be " - + "of type GeneralSubtrees."); - } - excluded = (GeneralSubtrees)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:NameConstraintsExtension."); - } - encodeThis(); + public GeneralSubtrees getPermittedSubtrees() { + return permitted; } - /** - * Get the attribute value. - */ - public GeneralSubtrees get(String name) throws IOException { - if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { - return (permitted); - } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { - return (excluded); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:NameConstraintsExtension."); - } + public GeneralSubtrees getExcludedSubtrees() { + return excluded; } - - /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { - return (NAME); + return NAME; } /** @@ -327,7 +287,7 @@ public void merge(NameConstraintsExtension newConstraints) * value and the value indicated in the extension field. */ - GeneralSubtrees newExcluded = newConstraints.get(EXCLUDED_SUBTREES); + GeneralSubtrees newExcluded = newConstraints.getExcludedSubtrees(); if (excluded == null) { excluded = (newExcluded != null) ? (GeneralSubtrees)newExcluded.clone() : null; @@ -344,7 +304,7 @@ public void merge(NameConstraintsExtension newConstraints) * previous value and the value indicated in the extension field. */ - GeneralSubtrees newPermitted = newConstraints.get(PERMITTED_SUBTREES); + GeneralSubtrees newPermitted = newConstraints.getPermittedSubtrees(); if (permitted == null) { permitted = (newPermitted != null) ? (GeneralSubtrees)newPermitted.clone() : null; @@ -432,8 +392,7 @@ public boolean verify(X509Certificate cert) throws IOException { if (altNameExt != null) { // extract altNames from extension; this call does not // return an IOException on null altnames - altNames = altNameExt.get( - SubjectAlternativeNameExtension.SUBJECT_NAME); + altNames = altNameExt.getNames(); } } catch (CertificateException ce) { throw new IOException("Unable to extract extensions from " + diff --git a/src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java b/src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java index 51a2b869a9b25..4a4029ef0acaf 100644 --- a/src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java +++ b/src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java @@ -48,17 +48,8 @@ */ public class NetscapeCertTypeExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.extensions.NetscapeCertType"; - - /** - * Attribute names. - */ public static final String NAME = "NetscapeCertType"; public static final String SSL_CLIENT = "ssl_client"; public static final String SSL_SERVER = "ssl_server"; @@ -199,11 +190,7 @@ public NetscapeCertTypeExtension() { /** * Set the attribute value. */ - public void set(String name, Object obj) throws IOException { - if (!(obj instanceof Boolean)) - throw new IOException("Attribute must be of type Boolean."); - - boolean val = ((Boolean)obj).booleanValue(); + public void set(String name, Boolean val) throws IOException { set(getPosition(name), val); encodeThis(); } @@ -211,11 +198,10 @@ public void set(String name, Object obj) throws IOException { /** * Get the attribute value. */ - public Boolean get(String name) throws IOException { - return Boolean.valueOf(isSet(getPosition(name))); + public boolean get(String name) throws IOException { + return isSet(getPosition(name)); } - /** * Returns a printable representation of the NetscapeCertType. */ @@ -268,11 +254,11 @@ public void encode(DerOutputStream out) throws IOException { /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { - return (NAME); + return NAME; } /** diff --git a/src/java.base/share/classes/sun/security/x509/OCSPNoCheckExtension.java b/src/java.base/share/classes/sun/security/x509/OCSPNoCheckExtension.java index d71a7befbe377..77509610e67bd 100644 --- a/src/java.base/share/classes/sun/security/x509/OCSPNoCheckExtension.java +++ b/src/java.base/share/classes/sun/security/x509/OCSPNoCheckExtension.java @@ -48,17 +48,8 @@ * @see CertAttrSet */ public class OCSPNoCheckExtension extends Extension - implements CertAttrSet { + implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = - "x509.info.extensions.OCSPNoCheck"; - /** - * Attribute names. - */ public static final String NAME = "OCSPNoCheck"; /** @@ -88,25 +79,7 @@ public OCSPNoCheckExtension(Boolean critical, Object value) } /** - * Set the attribute value. - */ - public void set(String name, Object obj) throws IOException { - throw new IOException("No attribute is allowed by " + - "CertAttrSet:OCSPNoCheckExtension."); - } - - /** - * Get the attribute value. - */ - public Object get(String name) throws IOException { - throw new IOException("No attribute is allowed by " + - "CertAttrSet:OCSPNoCheckExtension."); - } - - - - /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { diff --git a/src/java.base/share/classes/sun/security/x509/PolicyConstraintsExtension.java b/src/java.base/share/classes/sun/security/x509/PolicyConstraintsExtension.java index 4f8574f05ee1a..67c9eb24f8a60 100644 --- a/src/java.base/share/classes/sun/security/x509/PolicyConstraintsExtension.java +++ b/src/java.base/share/classes/sun/security/x509/PolicyConstraintsExtension.java @@ -53,18 +53,9 @@ * @see CertAttrSet */ public class PolicyConstraintsExtension extends Extension -implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.extensions.PolicyConstraints"; - /** - * Attribute names. - */ + implements CertAttrSet { + public static final String NAME = "PolicyConstraints"; - public static final String REQUIRE = "require"; - public static final String INHIBIT = "inhibit"; private static final byte TAG_REQUIRE = 0; private static final byte TAG_INHIBIT = 1; @@ -209,46 +200,19 @@ public void encode(DerOutputStream out) throws IOException { super.encode(out); } - /** - * Set the attribute value. - */ - public void set(String name, Object obj) throws IOException { - if (!(obj instanceof Integer)) { - throw new IOException("Attribute value should be of type Integer."); - } - if (name.equalsIgnoreCase(REQUIRE)) { - require = ((Integer)obj).intValue(); - } else if (name.equalsIgnoreCase(INHIBIT)) { - inhibit = ((Integer)obj).intValue(); - } else { - throw new IOException("Attribute name " + "[" + name + "]" + - " not recognized by " + - "CertAttrSet:PolicyConstraints."); - } - encodeThis(); + public int getRequire() { + return require; } - /** - * Get the attribute value. - */ - public Integer get(String name) throws IOException { - if (name.equalsIgnoreCase(REQUIRE)) { - return require; - } else if (name.equalsIgnoreCase(INHIBIT)) { - return inhibit; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:PolicyConstraints."); - } + public int getInhibit() { + return inhibit; } - - /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { - return (NAME); + return NAME; } } diff --git a/src/java.base/share/classes/sun/security/x509/PolicyInformation.java b/src/java.base/share/classes/sun/security/x509/PolicyInformation.java index 5a053546b0937..b0105c3f37972 100644 --- a/src/java.base/share/classes/sun/security/x509/PolicyInformation.java +++ b/src/java.base/share/classes/sun/security/x509/PolicyInformation.java @@ -166,54 +166,6 @@ public Set getPolicyQualifiers() { return policyQualifiers; } - /** - * Get the attribute value. - */ - public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(ID)) { - return policyIdentifier; - } else if (name.equalsIgnoreCase(QUALIFIERS)) { - return policyQualifiers; - } else { - throw new IOException("Attribute name [" + name + - "] not recognized by PolicyInformation."); - } - } - - /** - * Set the attribute value. - */ - @SuppressWarnings("unchecked") // Checked with instanceof - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(ID)) { - if (obj instanceof CertificatePolicyId) - policyIdentifier = (CertificatePolicyId)obj; - else - throw new IOException("Attribute value must be instance " + - "of CertificatePolicyId."); - } else if (name.equalsIgnoreCase(QUALIFIERS)) { - if (policyIdentifier == null) { - throw new IOException("Attribute must have a " + - "CertificatePolicyIdentifier value before " + - "PolicyQualifierInfo can be set."); - } - if (obj instanceof Set) { - for (Object obj1 : (Set) obj) { - if (!(obj1 instanceof PolicyQualifierInfo)) { - throw new IOException("Attribute value must be a " + - "Set of PolicyQualifierInfo objects."); - } - } - policyQualifiers = (Set) obj; - } else { - throw new IOException("Attribute value must be of type Set."); - } - } else { - throw new IOException("Attribute name [" + name + - "] not recognized by PolicyInformation"); - } - } - /** * Return a printable representation of the PolicyInformation. */ diff --git a/src/java.base/share/classes/sun/security/x509/PolicyMappingsExtension.java b/src/java.base/share/classes/sun/security/x509/PolicyMappingsExtension.java index e9add34624a83..9a350cc9a4e78 100644 --- a/src/java.base/share/classes/sun/security/x509/PolicyMappingsExtension.java +++ b/src/java.base/share/classes/sun/security/x509/PolicyMappingsExtension.java @@ -50,17 +50,9 @@ * @see CertAttrSet */ public class PolicyMappingsExtension extends Extension -implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.extensions.PolicyMappings"; - /** - * Attribute names. - */ + implements CertAttrSet { + public static final String NAME = "PolicyMappings"; - public static final String MAP = "map"; // Private data members private List maps; @@ -157,41 +149,15 @@ public void encode(DerOutputStream out) throws IOException { super.encode(out); } - /** - * Set the attribute value. - */ - @SuppressWarnings("unchecked") // Checked with instanceof - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(MAP)) { - if (!(obj instanceof List)) { - throw new IOException("Attribute value should be of" + - " type List."); - } - maps = (List)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:PolicyMappingsExtension."); - } - encodeThis(); - } - - /** - * Get the attribute value. - */ - public List get(String name) throws IOException { - if (name.equalsIgnoreCase(MAP)) { - return (maps); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:PolicyMappingsExtension."); - } + public List getMaps() { + return maps; } /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName () { - return (NAME); + return NAME; } } diff --git a/src/java.base/share/classes/sun/security/x509/PrivateKeyUsageExtension.java b/src/java.base/share/classes/sun/security/x509/PrivateKeyUsageExtension.java index 35e8cb70853db..9fd5924efac7b 100644 --- a/src/java.base/share/classes/sun/security/x509/PrivateKeyUsageExtension.java +++ b/src/java.base/share/classes/sun/security/x509/PrivateKeyUsageExtension.java @@ -58,18 +58,9 @@ * @see CertAttrSet */ public class PrivateKeyUsageExtension extends Extension -implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.extensions.PrivateKeyUsage"; - /** - * Sub attributes name for this CertAttrSet. - */ + implements CertAttrSet { + public static final String NAME = "PrivateKeyUsage"; - public static final String NOT_BEFORE = "not_before"; - public static final String NOT_AFTER = "not_after"; // Private data members private static final byte TAG_BEFORE = 0; @@ -248,48 +239,19 @@ public void encode(DerOutputStream out) throws IOException { super.encode(out); } - /** - * Set the attribute value. - * @exception CertificateException on attribute handling errors. - */ - public void set(String name, Object obj) - throws CertificateException, IOException { - if (!(obj instanceof Date)) { - throw new CertificateException("Attribute must be of type Date."); - } - if (name.equalsIgnoreCase(NOT_BEFORE)) { - notBefore = (Date)obj; - } else if (name.equalsIgnoreCase(NOT_AFTER)) { - notAfter = (Date)obj; - } else { - throw new CertificateException("Attribute name not recognized by" - + " CertAttrSet:PrivateKeyUsage."); - } - encodeThis(); + public Date getNotBefore() { + return new Date(notBefore.getTime()); } - /** - * Get the attribute value. - * @exception CertificateException on attribute handling errors. - */ - public Date get(String name) throws CertificateException { - if (name.equalsIgnoreCase(NOT_BEFORE)) { - return (new Date(notBefore.getTime())); - } else if (name.equalsIgnoreCase(NOT_AFTER)) { - return (new Date(notAfter.getTime())); - } else { - throw new CertificateException("Attribute name not recognized by" - + " CertAttrSet:PrivateKeyUsage."); - } - } - - + public Date getNotAfter() { + return new Date(notAfter.getTime()); + } /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { - return(NAME); + return NAME; } } diff --git a/src/java.base/share/classes/sun/security/x509/SubjectAlternativeNameExtension.java b/src/java.base/share/classes/sun/security/x509/SubjectAlternativeNameExtension.java index 8c58f3fa3250f..7f9c443aa9e0f 100644 --- a/src/java.base/share/classes/sun/security/x509/SubjectAlternativeNameExtension.java +++ b/src/java.base/share/classes/sun/security/x509/SubjectAlternativeNameExtension.java @@ -51,18 +51,9 @@ * @see CertAttrSet */ public class SubjectAlternativeNameExtension extends Extension -implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = - "x509.info.extensions.SubjectAlternativeName"; - /** - * Attribute names. - */ + implements CertAttrSet { + public static final String NAME = "SubjectAlternativeName"; - public static final String SUBJECT_NAME = "subject_name"; // private data members GeneralNames names; @@ -173,41 +164,19 @@ public void encode(DerOutputStream out) throws IOException { } /** - * Set the attribute value. + * Get the GeneralNames value. */ - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(SUBJECT_NAME)) { - if (!(obj instanceof GeneralNames)) { - throw new IOException("Attribute value should be of " + - "type GeneralNames."); - } - names = (GeneralNames)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:SubjectAlternativeName."); - } - encodeThis(); - } - - /** - * Get the attribute value. - */ - public GeneralNames get(String name) throws IOException { - if (name.equalsIgnoreCase(SUBJECT_NAME)) { - return (names); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:SubjectAlternativeName."); - } + public GeneralNames getNames() { + return names; } /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { - return (NAME); + return NAME; } } diff --git a/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java b/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java index 34df1ef2382a0..cb744f59d225e 100644 --- a/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java +++ b/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java @@ -67,20 +67,9 @@ */ public class SubjectInfoAccessExtension extends Extension - implements CertAttrSet { + implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = - "x509.info.extensions.SubjectInfoAccess"; - - /** - * Attribute name. - */ public static final String NAME = "SubjectInfoAccess"; - public static final String DESCRIPTIONS = "descriptions"; /** * The List of AccessDescription objects. @@ -140,7 +129,7 @@ public List getAccessDescriptions() { } /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { @@ -163,40 +152,7 @@ public void encode(DerOutputStream out) throws IOException { super.encode(out); } - /** - * Set the attribute value. - */ - @SuppressWarnings("unchecked") // Checked with instanceof - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(DESCRIPTIONS)) { - if (!(obj instanceof List)) { - throw new IOException("Attribute value should be of type List."); - } - accessDescriptions = (List)obj; - } else { - throw new IOException("Attribute name [" + name + - "] not recognized by " + - "CertAttrSet:SubjectInfoAccessExtension."); - } - encodeThis(); - } - - /** - * Get the attribute value. - */ - public List get(String name) throws IOException { - if (name.equalsIgnoreCase(DESCRIPTIONS)) { - return accessDescriptions; - } else { - throw new IOException("Attribute name [" + name + - "] not recognized by " + - "CertAttrSet:SubjectInfoAccessExtension."); - } - } - - - - // Encode this extension value + // Encode this extension value private void encodeThis() throws IOException { if (accessDescriptions.isEmpty()) { this.extensionValue = null; @@ -218,5 +174,4 @@ public String toString() { return super.toString() + "SubjectInfoAccess [\n " + accessDescriptions + "\n]\n"; } - } diff --git a/src/java.base/share/classes/sun/security/x509/SubjectKeyIdentifierExtension.java b/src/java.base/share/classes/sun/security/x509/SubjectKeyIdentifierExtension.java index dbdf88e6bc527..97b4be3899d5f 100644 --- a/src/java.base/share/classes/sun/security/x509/SubjectKeyIdentifierExtension.java +++ b/src/java.base/share/classes/sun/security/x509/SubjectKeyIdentifierExtension.java @@ -51,18 +51,9 @@ * @see CertAttrSet */ public class SubjectKeyIdentifierExtension extends Extension -implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = - "x509.info.extensions.SubjectKeyIdentifier"; - /** - * Attribute names. - */ + implements CertAttrSet { + public static final String NAME = "SubjectKeyIdentifier"; - public static final String KEY_ID = "key_id"; // Private data member private KeyIdentifier id; @@ -133,42 +124,15 @@ public void encode(DerOutputStream out) throws IOException { super.encode(out); } - /** - * Set the attribute value. - */ - public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(KEY_ID)) { - if (!(obj instanceof KeyIdentifier)) { - throw new IOException("Attribute value should be of" + - " type KeyIdentifier."); - } - id = (KeyIdentifier)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:SubjectKeyIdentifierExtension."); - } - encodeThis(); - } - - /** - * Get the attribute value. - */ - public KeyIdentifier get(String name) throws IOException { - if (name.equalsIgnoreCase(KEY_ID)) { - return (id); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:SubjectKeyIdentifierExtension."); - } + public KeyIdentifier getKeyIdentifier() { + return id; } - - /** - * Return the name of this attribute. + * Return the name of this extension. */ @Override public String getName() { - return (NAME); + return NAME; } } diff --git a/src/java.base/share/classes/sun/security/x509/X509AttributeName.java b/src/java.base/share/classes/sun/security/x509/X509AttributeName.java deleted file mode 100644 index c009633f410d4..0000000000000 --- a/src/java.base/share/classes/sun/security/x509/X509AttributeName.java +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.x509; - -/** - * This class is used to parse attribute names like "x509.info.extensions". - * - * @author Amit Kapoor - * @author Hemma Prafullchandra - */ -public class X509AttributeName { - // Public members - private static final char SEPARATOR = '.'; - - // Private data members - private final String prefix; - private final String suffix; - - /** - * Default constructor for the class. Name is of the form - * "x509.info.extensions". - * - * @param name the attribute name. - */ - public X509AttributeName(String name) { - int i = name.indexOf(SEPARATOR); - if (i < 0) { - prefix = name; - suffix = null; - } else { - prefix = name.substring(0, i); - suffix = name.substring(i + 1); - } - } - - /** - * Return the prefix of the name. - */ - public String getPrefix() { - return (prefix); - } - - /** - * Return the suffix of the name. - */ - public String getSuffix() { - return (suffix); - } -} diff --git a/src/java.base/share/classes/sun/security/x509/X509CRLEntryImpl.java b/src/java.base/share/classes/sun/security/x509/X509CRLEntryImpl.java index 77e85d6f30c8f..c5916a75fe695 100644 --- a/src/java.base/share/classes/sun/security/x509/X509CRLEntryImpl.java +++ b/src/java.base/share/classes/sun/security/x509/X509CRLEntryImpl.java @@ -144,7 +144,7 @@ public X509CRLEntryImpl(DerValue derValue) throws CRLException { * false. */ public boolean hasExtensions() { - return (extensions != null); + return extensions != null; } /** @@ -272,14 +272,13 @@ public static CRLReason getRevocationReason(X509CRLEntry crlEntry) { * get Reason Code from CRL entry. * * @return Integer or null, if no such extension - * @throws IOException on error */ - public Integer getReasonCode() throws IOException { + public Integer getReasonCode() { Object obj = getExtension(PKIXExtensions.ReasonCode_Id); if (obj == null) return null; CRLReasonCodeExtension reasonCode = (CRLReasonCodeExtension)obj; - return reasonCode.get(CRLReasonCodeExtension.REASON); + return reasonCode.getReason(); } /** @@ -416,7 +415,7 @@ public byte[] getExtensionValue(String oid) { } } } else - crlExt = extensions.get(extAlias); + crlExt = extensions.getExtension(extAlias); if (crlExt == null) return null; byte[] extData = crlExt.getExtensionValue(); @@ -443,7 +442,7 @@ public Extension getExtension(ObjectIdentifier oid) { // following returns null if no such OID in map //XXX consider cloning this - return extensions.get(OIDMap.getName(oid)); + return extensions.getExtension(OIDMap.getName(oid)); } private void parse(DerValue derVal) diff --git a/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java b/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java index 2ae9030c88581..cfab251f186ae 100644 --- a/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java +++ b/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java @@ -207,11 +207,7 @@ public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate, X500Principal badCertIssuer = crlIssuer; for (int i = 0; i < badCerts.length; i++) { X509CRLEntryImpl badCert = (X509CRLEntryImpl)badCerts[i]; - try { - badCertIssuer = getCertIssuer(badCert, badCertIssuer); - } catch (IOException ioe) { - throw new CRLException(ioe); - } + badCertIssuer = getCertIssuer(badCert, badCertIssuer); badCert.setCertificateIssuer(crlIssuer, badCertIssuer); X509IssuerSerial issuerSerial = new X509IssuerSerial (badCertIssuer, badCert.getSerialNumber()); @@ -686,7 +682,7 @@ public X500Principal getIssuerX500Principal() { * @return the thisUpdate date from the CRL. */ public Date getThisUpdate() { - return (new Date(thisUpdate.getTime())); + return new Date(thisUpdate.getTime()); } /** @@ -698,7 +694,7 @@ public Date getThisUpdate() { public Date getNextUpdate() { if (nextUpdate == null) return null; - return (new Date(nextUpdate.getTime())); + return new Date(nextUpdate.getTime()); } /** @@ -838,13 +834,11 @@ public AlgorithmId getSigAlgId() { * * @return AuthorityKeyIdentifier or null * (if no AuthorityKeyIdentifierExtension) - * @throws IOException on error */ - public KeyIdentifier getAuthKeyId() throws IOException { + public KeyIdentifier getAuthKeyId() { AuthorityKeyIdentifierExtension aki = getAuthKeyIdExtension(); if (aki != null) { - return (KeyIdentifier)aki.get( - AuthorityKeyIdentifierExtension.KEY_ID); + return aki.getKeyIdentifier(); } else { return null; } @@ -854,35 +848,31 @@ public KeyIdentifier getAuthKeyId() throws IOException { * return the AuthorityKeyIdentifierExtension, if any. * * @return AuthorityKeyIdentifierExtension or null (if no such extension) - * @throws IOException on error */ - public AuthorityKeyIdentifierExtension getAuthKeyIdExtension() - throws IOException { - Object obj = getExtension(PKIXExtensions.AuthorityKey_Id); - return (AuthorityKeyIdentifierExtension)obj; + public AuthorityKeyIdentifierExtension getAuthKeyIdExtension() { + return (AuthorityKeyIdentifierExtension) + getExtension(PKIXExtensions.AuthorityKey_Id); } /** * return the CRLNumberExtension, if any. * * @return CRLNumberExtension or null (if no such extension) - * @throws IOException on error */ - public CRLNumberExtension getCRLNumberExtension() throws IOException { - Object obj = getExtension(PKIXExtensions.CRLNumber_Id); - return (CRLNumberExtension)obj; + public CRLNumberExtension getCRLNumberExtension() { + return (CRLNumberExtension) + getExtension(PKIXExtensions.CRLNumber_Id); } /** * return the CRL number from the CRLNumberExtension, if any. * * @return number or null (if no such extension) - * @throws IOException on error */ - public BigInteger getCRLNumber() throws IOException { + public BigInteger getCRLNumber() { CRLNumberExtension numExt = getCRLNumberExtension(); if (numExt != null) { - return numExt.get(CRLNumberExtension.NUMBER); + return numExt.getCrlNumber(); } else { return null; } @@ -892,25 +882,21 @@ public BigInteger getCRLNumber() throws IOException { * return the DeltaCRLIndicatorExtension, if any. * * @return DeltaCRLIndicatorExtension or null (if no such extension) - * @throws IOException on error */ - public DeltaCRLIndicatorExtension getDeltaCRLIndicatorExtension() - throws IOException { - - Object obj = getExtension(PKIXExtensions.DeltaCRLIndicator_Id); - return (DeltaCRLIndicatorExtension)obj; + public DeltaCRLIndicatorExtension getDeltaCRLIndicatorExtension() { + return (DeltaCRLIndicatorExtension) + getExtension(PKIXExtensions.DeltaCRLIndicator_Id); } /** * return the base CRL number from the DeltaCRLIndicatorExtension, if any. * * @return number or null (if no such extension) - * @throws IOException on error */ - public BigInteger getBaseCRLNumber() throws IOException { + public BigInteger getBaseCRLNumber() { DeltaCRLIndicatorExtension dciExt = getDeltaCRLIndicatorExtension(); if (dciExt != null) { - return dciExt.get(DeltaCRLIndicatorExtension.NUMBER); + return dciExt.getCrlNumber(); } else { return null; } @@ -920,12 +906,10 @@ public BigInteger getBaseCRLNumber() throws IOException { * return the IssuerAlternativeNameExtension, if any. * * @return IssuerAlternativeNameExtension or null (if no such extension) - * @throws IOException on error */ - public IssuerAlternativeNameExtension getIssuerAltNameExtension() - throws IOException { - Object obj = getExtension(PKIXExtensions.IssuerAlternativeName_Id); - return (IssuerAlternativeNameExtension)obj; + public IssuerAlternativeNameExtension getIssuerAltNameExtension() { + return (IssuerAlternativeNameExtension) + getExtension(PKIXExtensions.IssuerAlternativeName_Id); } /** @@ -933,13 +917,11 @@ public IssuerAlternativeNameExtension getIssuerAltNameExtension() * * @return IssuingDistributionPointExtension or null * (if no such extension) - * @throws IOException on error */ public IssuingDistributionPointExtension - getIssuingDistributionPointExtension() throws IOException { - - Object obj = getExtension(PKIXExtensions.IssuingDistributionPoint_Id); - return (IssuingDistributionPointExtension) obj; + getIssuingDistributionPointExtension() { + return (IssuingDistributionPointExtension) + getExtension(PKIXExtensions.IssuingDistributionPoint_Id); } /** @@ -1022,7 +1004,7 @@ public byte[] getExtensionValue(String oid) { } } } else - crlExt = extensions.get(extAlias); + crlExt = extensions.getExtension(extAlias); if (crlExt == null) return null; byte[] extData = crlExt.getExtensionValue(); @@ -1047,7 +1029,7 @@ public Object getExtension(ObjectIdentifier oid) { return null; // XXX Consider cloning this - return extensions.get(OIDMap.getName(oid)); + return extensions.getExtension(OIDMap.getName(oid)); } /* @@ -1239,12 +1221,12 @@ public static X509CRLImpl toImpl(X509CRL crl) * prevCertIssuer if it does not exist */ private X500Principal getCertIssuer(X509CRLEntryImpl entry, - X500Principal prevCertIssuer) throws IOException { + X500Principal prevCertIssuer) { CertificateIssuerExtension ciExt = entry.getCertificateIssuerExtension(); if (ciExt != null) { - GeneralNames names = ciExt.get(CertificateIssuerExtension.ISSUER); + GeneralNames names = ciExt.getNames(); X500Name issuerDN = (X500Name) names.get(0).getName(); return issuerDN.asX500Principal(); } else { diff --git a/src/java.base/share/classes/sun/security/x509/X509CertImpl.java b/src/java.base/share/classes/sun/security/x509/X509CertImpl.java index 318689fdb3db4..2d441f7c0bff7 100644 --- a/src/java.base/share/classes/sun/security/x509/X509CertImpl.java +++ b/src/java.base/share/classes/sun/security/x509/X509CertImpl.java @@ -77,45 +77,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder { @java.io.Serial private static final long serialVersionUID = -3457612960190864406L; - private static final char DOT = '.'; - /** - * Public attribute names. - */ public static final String NAME = "x509"; - public static final String INFO = X509CertInfo.NAME; - public static final String ALG_ID = "algorithm"; - public static final String SIGNATURE = "signature"; - public static final String SIGNED_CERT = "signed_cert"; - - /** - * The following are defined for ease-of-use. These - * are the most frequently retrieved attributes. - */ - // x509.info.subject.dname - public static final String SUBJECT_DN = NAME + DOT + INFO + DOT + - X509CertInfo.SUBJECT + DOT + X509CertInfo.DN_NAME; - // x509.info.issuer.dname - public static final String ISSUER_DN = NAME + DOT + INFO + DOT + - X509CertInfo.ISSUER + DOT + X509CertInfo.DN_NAME; - // x509.info.serialNumber.number - public static final String SERIAL_ID = NAME + DOT + INFO + DOT + - X509CertInfo.SERIAL_NUMBER + DOT + - CertificateSerialNumber.NUMBER; - // x509.info.key.value - public static final String PUBLIC_KEY = NAME + DOT + INFO + DOT + - X509CertInfo.KEY + DOT + - CertificateX509Key.KEY; - - // x509.info.version.value - public static final String VERSION = NAME + DOT + INFO + DOT + - X509CertInfo.VERSION + DOT + - CertificateVersion.VERSION; - - // x509.algorithm - public static final String SIG_ALG = NAME + DOT + ALG_ID; - - // x509.signature - public static final String SIG = NAME + DOT + SIGNATURE; // when we sign and decode we set this to true // this is our means to make certificates immutable @@ -555,8 +517,7 @@ public void sign(PrivateKey key, String algorithm, String provider) DerOutputStream tmp = new DerOutputStream(); // encode certificate info - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(algId)); + info.setAlgorithmId(new CertificateAlgorithmId(algId)); info.encode(tmp); byte[] rawCert = tmp.toByteArray(); @@ -610,7 +571,7 @@ public void checkValidity(Date date) CertificateValidity interval; try { - interval = (CertificateValidity)info.get(CertificateValidity.NAME); + interval = info.getValidity(); } catch (Exception e) { throw new CertificateNotYetValidException("Incorrect validity period"); } @@ -625,92 +586,10 @@ public void checkValidity(Date date) * Note that the X509CertInfo is not cloned for performance reasons. * Callers must ensure that they do not modify it. All other * attributes are cloned. - * - * @param name the name of the attribute. - * @exception CertificateParsingException on invalid attribute identifier. - */ - public Object get(String name) - throws CertificateParsingException { - X509AttributeName attr = new X509AttributeName(name); - String id = attr.getPrefix(); - if (!(id.equalsIgnoreCase(NAME))) { - throw new CertificateParsingException("Invalid root of " - + "attribute name, expected [" + NAME + - "], received " + "[" + id + "]"); - } - attr = new X509AttributeName(attr.getSuffix()); - id = attr.getPrefix(); - - if (id.equalsIgnoreCase(INFO)) { - if (info == null) { - return null; - } - if (attr.getSuffix() != null) { - try { - return info.get(attr.getSuffix()); - } catch (IOException | CertificateException e) { - throw new CertificateParsingException(e.toString()); - } - } else { - return info; - } - } else if (id.equalsIgnoreCase(ALG_ID)) { - return(algId); - } else if (id.equalsIgnoreCase(SIGNATURE)) { - if (signature != null) - return signature.clone(); - else - return null; - } else if (id.equalsIgnoreCase(SIGNED_CERT)) { - if (signedCert != null) - return signedCert.clone(); - else - return null; - } else { - throw new CertificateParsingException("Attribute name not " - + "recognized or get() not allowed for the same: " + id); - } - } - - /** - * Set the requested attribute in the certificate. - * - * @param name the name of the attribute. - * @param obj the value of the attribute. - * @exception CertificateException on invalid attribute identifier. - * @exception IOException on encoding error of attribute. */ - public void set(String name, Object obj) - throws CertificateException, IOException { - // check if immutable - if (readOnly) - throw new CertificateException("cannot over-write existing" - + " certificate"); - - X509AttributeName attr = new X509AttributeName(name); - String id = attr.getPrefix(); - if (!(id.equalsIgnoreCase(NAME))) { - throw new CertificateException("Invalid root of attribute name," - + " expected [" + NAME + "], received " + id); - } - attr = new X509AttributeName(attr.getSuffix()); - id = attr.getPrefix(); - - if (id.equalsIgnoreCase(INFO)) { - if (attr.getSuffix() == null) { - if (!(obj instanceof X509CertInfo)) { - throw new CertificateException("Attribute value should" - + " be of type X509CertInfo."); - } - info = (X509CertInfo)obj; - } else { - info.set(attr.getSuffix(), obj); - } - signedCert = null; //reset this as certificate data has changed - } else { - throw new CertificateException("Attribute name not recognized or " + - "set() not allowed for the same: " + id); - } + + public X509CertInfo getInfo() { + return info; } /** @@ -739,12 +618,7 @@ public String toString() { public PublicKey getPublicKey() { if (info == null) return null; - try { - return (PublicKey)info.get(CertificateX509Key.NAME - + DOT + CertificateX509Key.KEY); - } catch (Exception e) { - return null; - } + return info.getKey().getKey(); } /** @@ -756,9 +630,8 @@ public int getVersion() { if (info == null) return -1; try { - int vers = ((Integer)info.get(CertificateVersion.NAME - + DOT + CertificateVersion.VERSION)).intValue(); - return vers+1; + int vers = info.getVersion().getVersion(); + return vers + 1; } catch (Exception e) { return -1; } @@ -784,13 +657,7 @@ public BigInteger getSerialNumber() { public SerialNumber getSerialNumberObject() { if (info == null) return null; - try { - return (SerialNumber)info.get( - CertificateSerialNumber.NAME + DOT + - CertificateSerialNumber.NUMBER); - } catch (Exception e) { - return null; - } + return info.getSerialNumber().getSerial(); } @@ -803,12 +670,7 @@ public SerialNumber getSerialNumberObject() { public Principal getSubjectDN() { if (info == null) return null; - try { - return (Principal)info.get(X509CertInfo.SUBJECT + DOT + - X509CertInfo.DN_NAME); - } catch (Exception e) { - return null; - } + return info.getSubject(); } /** @@ -821,9 +683,7 @@ public X500Principal getSubjectX500Principal() { return null; } try { - return (X500Principal)info.get( - X509CertInfo.SUBJECT + DOT + - "x500principal"); + return info.getSubject().asX500Principal(); } catch (Exception e) { return null; } @@ -838,12 +698,7 @@ public X500Principal getSubjectX500Principal() { public Principal getIssuerDN() { if (info == null) return null; - try { - return (Principal)info.get(X509CertInfo.ISSUER + DOT + - X509CertInfo.DN_NAME); - } catch (Exception e) { - return null; - } + return info.getIssuer(); } /** @@ -856,9 +711,7 @@ public X500Principal getIssuerX500Principal() { return null; } try { - return (X500Principal)info.get( - X509CertInfo.ISSUER + DOT + - "x500principal"); + return info.getIssuer().asX500Principal(); } catch (Exception e) { return null; } @@ -872,12 +725,7 @@ public X500Principal getIssuerX500Principal() { public Date getNotBefore() { if (info == null) return null; - try { - return (Date) info.get(CertificateValidity.NAME + DOT + - CertificateValidity.NOT_BEFORE); - } catch (Exception e) { - return null; - } + return info.getValidity().getNotBefore(); } /** @@ -888,12 +736,7 @@ public Date getNotBefore() { public Date getNotAfter() { if (info == null) return null; - try { - return (Date) info.get(CertificateValidity.NAME + DOT + - CertificateValidity.NOT_AFTER); - } catch (Exception e) { - return null; - } + return info.getValidity().getNotAfter(); } /** @@ -932,7 +775,7 @@ public byte[] getSignature() { public String getSigAlgName() { if (algId == null) return null; - return (algId.getName()); + return algId.getName(); } /** @@ -945,7 +788,11 @@ public String getSigAlgOID() { if (algId == null) return null; ObjectIdentifier oid = algId.getOID(); - return (oid.toString()); + return oid.toString(); + } + + public AlgorithmId getSigAlg() { + return algId; } /** @@ -967,16 +814,11 @@ public byte[] getSigAlgParams() { public boolean[] getIssuerUniqueID() { if (info == null) return null; - try { - UniqueIdentity id = (UniqueIdentity)info.get( - X509CertInfo.ISSUER_ID); - if (id == null) - return null; - else - return (id.getId()); - } catch (Exception e) { + UniqueIdentity id = info.getIssuerUniqueId(); + if (id == null) return null; - } + else + return id.getId(); } /** @@ -987,26 +829,18 @@ public boolean[] getIssuerUniqueID() { public boolean[] getSubjectUniqueID() { if (info == null) return null; - try { - UniqueIdentity id = (UniqueIdentity)info.get( - X509CertInfo.SUBJECT_ID); - if (id == null) - return null; - else - return (id.getId()); - } catch (Exception e) { + UniqueIdentity id = info.getSubjectUniqueId(); + if (id == null) return null; - } + else + return id.getId(); } public KeyIdentifier getAuthKeyId() { AuthorityKeyIdentifierExtension aki = getAuthorityKeyIdentifierExtension(); if (aki != null) { - try { - return (KeyIdentifier)aki.get( - AuthorityKeyIdentifierExtension.KEY_ID); - } catch (IOException ioe) {} // not possible + return aki.getKeyIdentifier(); } return null; } @@ -1017,9 +851,7 @@ public KeyIdentifier getAuthKeyId() { public KeyIdentifier getSubjectKeyId() { SubjectKeyIdentifierExtension ski = getSubjectKeyIdentifierExtension(); if (ski != null) { - try { - return ski.get(SubjectKeyIdentifierExtension.KEY_ID); - } catch (IOException ioe) {} // not possible + return ski.getKeyIdentifier(); } return null; } @@ -1151,15 +983,10 @@ public CRLDistributionPointsExtension getCRLDistributionPointsExtension() { public boolean hasUnsupportedCriticalExtension() { if (info == null) return false; - try { - CertificateExtensions exts = (CertificateExtensions)info.get( - CertificateExtensions.NAME); - if (exts == null) - return false; - return exts.hasUnsupportedCriticalExtension(); - } catch (Exception e) { + CertificateExtensions exts = info.getExtensions(); + if (exts == null) return false; - } + return exts.hasUnsupportedCriticalExtension(); } /** @@ -1175,8 +1002,7 @@ public Set getCriticalExtensionOIDs() { return null; } try { - CertificateExtensions exts = (CertificateExtensions)info.get( - CertificateExtensions.NAME); + CertificateExtensions exts = info.getExtensions(); if (exts == null) { return null; } @@ -1205,8 +1031,7 @@ public Set getNonCriticalExtensionOIDs() { return null; } try { - CertificateExtensions exts = (CertificateExtensions)info.get( - CertificateExtensions.NAME); + CertificateExtensions exts = info.getExtensions(); if (exts == null) { return null; } @@ -1234,50 +1059,32 @@ public Extension getExtension(ObjectIdentifier oid) { if (info == null) { return null; } - try { - CertificateExtensions extensions; - try { - extensions = (CertificateExtensions)info.get(CertificateExtensions.NAME); - } catch (CertificateException ce) { - return null; + CertificateExtensions extensions = info.getExtensions(); + if (extensions != null) { + Extension ex = extensions.getExtension(oid.toString()); + if (ex != null) { + return ex; } - if (extensions != null) { - Extension ex = extensions.getExtension(oid.toString()); - if (ex != null) { - return ex; + for (Extension ex2 : extensions.getAllExtensions()) { + if (ex2.getExtensionId().equals(oid)) { + //XXXX May want to consider cloning this + return ex2; } - for (Extension ex2 : extensions.getAllExtensions()) { - if (ex2.getExtensionId().equals(oid)) { - //XXXX May want to consider cloning this - return ex2; - } - } - /* no such extension in this certificate */ } - return null; - } catch (IOException ioe) { - return null; + /* no such extension in this certificate */ } + return null; } public Extension getUnparseableExtension(ObjectIdentifier oid) { if (info == null) { return null; } - try { - CertificateExtensions extensions; - try { - extensions = (CertificateExtensions)info.get(CertificateExtensions.NAME); - } catch (CertificateException ce) { - return null; - } - if (extensions == null) { - return null; - } else { - return extensions.getUnparseableExtensions().get(oid.toString()); - } - } catch (IOException ioe) { + CertificateExtensions extensions = info.getExtensions(); + if (extensions == null) { return null; + } else { + return extensions.getUnparseableExtensions().get(oid.toString()); } } @@ -1292,8 +1099,7 @@ public byte[] getExtensionValue(String oid) { ObjectIdentifier findOID = ObjectIdentifier.of(oid); String extAlias = OIDMap.getName(findOID); Extension certExt = null; - CertificateExtensions exts = (CertificateExtensions)info.get( - CertificateExtensions.NAME); + CertificateExtensions exts = info.getExtensions(); if (extAlias == null) { // may be unknown // get the extensions, search through' for this oid @@ -1309,11 +1115,7 @@ public byte[] getExtensionValue(String oid) { } } } else { // there's subclass that can handle this extension - try { - certExt = (Extension)this.get(extAlias); - } catch (CertificateException e) { - // get() throws an Exception instead of returning null, ignore - } + certExt = getInfo().getExtensions().getExtension(extAlias); } if (certExt == null) { if (exts != null) { @@ -1342,11 +1144,8 @@ public byte[] getExtensionValue(String oid) { */ public boolean[] getKeyUsage() { try { - String extAlias = OIDMap.getName(PKIXExtensions.KeyUsage_Id); - if (extAlias == null) - return null; - - KeyUsageExtension certExt = (KeyUsageExtension)this.get(extAlias); + KeyUsageExtension certExt = (KeyUsageExtension) + getInfo().getExtensions().getExtension(KeyUsageExtension.NAME); if (certExt == null) return null; @@ -1435,18 +1234,12 @@ public static List getExtendedKeyUsage(X509Certificate cert) */ public int getBasicConstraints() { try { - String extAlias = OIDMap.getName(PKIXExtensions.BasicConstraints_Id); - if (extAlias == null) - return -1; - BasicConstraintsExtension certExt = - (BasicConstraintsExtension)this.get(extAlias); + BasicConstraintsExtension certExt = getBasicConstraintsExtension(); if (certExt == null) return -1; - if (((Boolean) certExt.get(BasicConstraintsExtension.IS_CA)). - booleanValue()) - return ((Integer)certExt.get( - BasicConstraintsExtension.PATH_LEN)).intValue(); + if (certExt.isCa()) + return certExt.getPathLen(); else return -1; } catch (Exception e) { @@ -1577,14 +1370,7 @@ public synchronized Collection> getSubjectAlternativeNames() if (subjectAltNameExt == null) { return null; } - GeneralNames names; - try { - names = subjectAltNameExt.get( - SubjectAlternativeNameExtension.SUBJECT_NAME); - } catch (IOException ioe) { - // should not occur - return Collections.emptySet(); - } + GeneralNames names = subjectAltNameExt.getNames(); subjectAlternativeNames = makeAltNames(names); return subjectAlternativeNames; } @@ -1610,14 +1396,7 @@ public static Collection> getSubjectAlternativeNames(X509Certificate cer new SubjectAlternativeNameExtension(Boolean.FALSE, data); - GeneralNames names; - try { - names = subjectAltNameExt.get( - SubjectAlternativeNameExtension.SUBJECT_NAME); - } catch (IOException ioe) { - // should not occur - return Collections.emptySet(); - } + GeneralNames names = subjectAltNameExt.getNames(); return makeAltNames(names); } catch (IOException ioe) { throw new CertificateParsingException(ioe); @@ -1643,14 +1422,7 @@ public synchronized Collection> getIssuerAlternativeNames() if (issuerAltNameExt == null) { return null; } - GeneralNames names; - try { - names = issuerAltNameExt.get( - IssuerAlternativeNameExtension.ISSUER_NAME); - } catch (IOException ioe) { - // should not occur - return Collections.emptySet(); - } + GeneralNames names = issuerAltNameExt.getNames(); issuerAlternativeNames = makeAltNames(names); return issuerAlternativeNames; } @@ -1676,14 +1448,7 @@ public static Collection> getIssuerAlternativeNames(X509Certificate cert IssuerAlternativeNameExtension issuerAltNameExt = new IssuerAlternativeNameExtension(Boolean.FALSE, data); - GeneralNames names; - try { - names = issuerAltNameExt.get( - IssuerAlternativeNameExtension.ISSUER_NAME); - } catch (IOException ioe) { - // should not occur - return Collections.emptySet(); - } + GeneralNames names = issuerAltNameExt.getNames(); return makeAltNames(names); } catch (IOException ioe) { throw new CertificateParsingException(ioe); @@ -1746,10 +1511,7 @@ private void parse(DerValue val) info = new X509CertInfo(seq[0]); // the "inner" and "outer" signature algorithms must match - AlgorithmId infoSigAlg = (AlgorithmId)info.get( - CertificateAlgorithmId.NAME - + DOT + - CertificateAlgorithmId.ALGORITHM); + AlgorithmId infoSigAlg = info.getAlgorithmId().getAlgId(); if (! algId.equals(infoSigAlg)) throw new CertificateException("Signature algorithm mismatch"); readOnly = true; diff --git a/src/java.base/share/classes/sun/security/x509/X509CertInfo.java b/src/java.base/share/classes/sun/security/x509/X509CertInfo.java index e8ad79794dd40..880a20116bed2 100644 --- a/src/java.base/share/classes/sun/security/x509/X509CertInfo.java +++ b/src/java.base/share/classes/sun/security/x509/X509CertInfo.java @@ -61,12 +61,8 @@ * @see CertAttrSet * @see X509CertImpl */ -public class X509CertInfo implements CertAttrSet { - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info"; +public class X509CertInfo { + // Certificate attribute names public static final String NAME = "info"; public static final String DN_NAME = "dname"; @@ -97,36 +93,9 @@ public class X509CertInfo implements CertAttrSet { // X509.v3 extensions protected CertificateExtensions extensions = null; - // Attribute numbers for internal manipulation - private static final int ATTR_VERSION = 1; - private static final int ATTR_SERIAL = 2; - private static final int ATTR_ALGORITHM = 3; - private static final int ATTR_ISSUER = 4; - private static final int ATTR_VALIDITY = 5; - private static final int ATTR_SUBJECT = 6; - private static final int ATTR_KEY = 7; - private static final int ATTR_ISSUER_ID = 8; - private static final int ATTR_SUBJECT_ID = 9; - private static final int ATTR_EXTENSIONS = 10; - // DER encoded CertificateInfo data private byte[] rawCertInfo = null; - // The certificate attribute name to integer mapping stored here - private static final Map map = new HashMap<>(); - static { - map.put(VERSION, Integer.valueOf(ATTR_VERSION)); - map.put(SERIAL_NUMBER, Integer.valueOf(ATTR_SERIAL)); - map.put(ALGORITHM_ID, Integer.valueOf(ATTR_ALGORITHM)); - map.put(ISSUER, Integer.valueOf(ATTR_ISSUER)); - map.put(VALIDITY, Integer.valueOf(ATTR_VALIDITY)); - map.put(SUBJECT, Integer.valueOf(ATTR_SUBJECT)); - map.put(KEY, Integer.valueOf(ATTR_KEY)); - map.put(ISSUER_ID, Integer.valueOf(ATTR_ISSUER_ID)); - map.put(SUBJECT_ID, Integer.valueOf(ATTR_SUBJECT_ID)); - map.put(EXTENSIONS, Integer.valueOf(ATTR_EXTENSIONS)); - } - /** * Construct an uninitialized X509CertInfo on which * decode must later be called (or which may be deserialized). @@ -178,7 +147,6 @@ public X509CertInfo(DerValue derVal) throws CertificateParsingException { * @exception CertificateException on encoding errors. * @exception IOException on other errors. */ - @Override public void encode(DerOutputStream out) throws CertificateException, IOException { if (rawCertInfo == null) { @@ -232,18 +200,18 @@ public boolean equals(Object other) { */ public boolean equals(X509CertInfo other) { if (this == other) { - return(true); + return true; } else if (rawCertInfo == null || other.rawCertInfo == null) { - return(false); + return false; } else if (rawCertInfo.length != other.rawCertInfo.length) { - return(false); + return false; } for (int i = 0; i < rawCertInfo.length; i++) { if (rawCertInfo[i] != other.rawCertInfo[i]) { - return(false); + return false; } } - return(true); + return true; } /** @@ -256,7 +224,7 @@ public int hashCode() { for (int i = 1; i < rawCertInfo.length; i++) { retval += rawCertInfo[i] * i; } - return(retval); + return retval; } /** @@ -331,175 +299,24 @@ public String toString() { return sb.toString(); } - /** - * Set the certificate attribute. - * - * @param name the name of the Certificate attribute. - * @param val the value of the Certificate attribute. - * @exception CertificateException on invalid attributes. - * @exception IOException on other errors. - */ - public void set(String name, Object val) - throws CertificateException, IOException { - X509AttributeName attrName = new X509AttributeName(name); - - int attr = attributeMap(attrName.getPrefix()); - if (attr == 0) { - throw new CertificateException("Attribute name not recognized: " - + name); - } - // set rawCertInfo to null, so that we are forced to re-encode - rawCertInfo = null; - String suffix = attrName.getSuffix(); - - switch (attr) { - case ATTR_VERSION: - if (suffix == null) { - setVersion(val); - } else { - version.set(suffix, val); - } - break; - - case ATTR_SERIAL: - if (suffix == null) { - setSerialNumber(val); - } else { - serialNum.set(suffix, val); - } - break; - - case ATTR_ALGORITHM: - if (suffix == null) { - setAlgorithmId(val); - } else { - algId.set(suffix, val); - } - break; - - case ATTR_ISSUER: - setIssuer(val); - break; - - case ATTR_VALIDITY: - if (suffix == null) { - setValidity(val); - } else { - interval.set(suffix, val); - } - break; - - case ATTR_SUBJECT: - setSubject(val); - break; + public CertificateExtensions getExtensions() { + return extensions; + } - case ATTR_KEY: - if (suffix == null) { - setKey(val); - } else { - pubKey.set(suffix, val); - } - break; - - case ATTR_ISSUER_ID: - setIssuerUniqueId(val); - break; - - case ATTR_SUBJECT_ID: - setSubjectUniqueId(val); - break; - - case ATTR_EXTENSIONS: - if (suffix == null) { - setExtensions(val); - } else { - if (extensions == null) - extensions = new CertificateExtensions(); - extensions.set(suffix, val); - } - break; - } + public UniqueIdentity getIssuerUniqueId() { + return issuerUniqueId; } + public UniqueIdentity getSubjectUniqueId() { + return subjectUniqueId; + } - /** - * Get the certificate attribute. - * - * @param name the name of the Certificate attribute. - * - * @exception CertificateException on invalid attributes. - * @exception IOException on other errors. - */ - public Object get(String name) - throws CertificateException, IOException { - X509AttributeName attrName = new X509AttributeName(name); + public X500Name getIssuer() { + return issuer; + } - int attr = attributeMap(attrName.getPrefix()); - if (attr == 0) { - throw new CertificateParsingException( - "Attribute name not recognized: " + name); - } - String suffix = attrName.getSuffix(); - - switch (attr) { // frequently used attributes first - case (ATTR_EXTENSIONS): - if (suffix == null) { - return(extensions); - } else { - if (extensions == null) { - return null; - } else { - return(extensions.get(suffix)); - } - } - case (ATTR_SUBJECT): - if (suffix == null) { - return(subject); - } else { - return(getX500Name(suffix, false)); - } - case (ATTR_ISSUER): - if (suffix == null) { - return(issuer); - } else { - return(getX500Name(suffix, true)); - } - case (ATTR_KEY): - if (suffix == null) { - return(pubKey); - } else { - return(pubKey.get(suffix)); - } - case (ATTR_ALGORITHM): - if (suffix == null) { - return(algId); - } else { - return(algId.get(suffix)); - } - case (ATTR_VALIDITY): - if (suffix == null) { - return(interval); - } else { - return(interval.get(suffix)); - } - case (ATTR_VERSION): - if (suffix == null) { - return(version); - } else { - return(version.get(suffix)); - } - case (ATTR_SERIAL): - if (suffix == null) { - return(serialNum); - } else { - return(serialNum.get(suffix)); - } - case (ATTR_ISSUER_ID): - return(issuerUniqueId); - case (ATTR_SUBJECT_ID): - return(subjectUniqueId); - } - return null; + public X500Name getSubject() { + return subject; } /* @@ -621,18 +438,15 @@ private void verifyCert(X500Name subject, "incomplete: subject field is empty, and certificate " + "has no extensions"); } - SubjectAlternativeNameExtension subjectAltNameExt; - GeneralNames names; - try { - subjectAltNameExt = (SubjectAlternativeNameExtension) - extensions.get(SubjectAlternativeNameExtension.NAME); - names = subjectAltNameExt.get( - SubjectAlternativeNameExtension.SUBJECT_NAME); - } catch (IOException e) { + SubjectAlternativeNameExtension subjectAltNameExt = + (SubjectAlternativeNameExtension) + extensions.getExtension(SubjectAlternativeNameExtension.NAME); + if (subjectAltNameExt == null) { throw new CertificateParsingException("X.509 Certificate is " + "incomplete: subject field is empty, and " + "SubjectAlternativeName extension is absent"); } + GeneralNames names = subjectAltNameExt.getNames(); // SubjectAlternativeName extension is empty or not marked critical if (names == null || names.isEmpty()) { @@ -697,28 +511,20 @@ private void emit(DerOutputStream out) out.write(DerValue.tag_Sequence, tmp); } - /** - * Returns the integer attribute number for the passed attribute name. - */ - private int attributeMap(String name) { - Integer num = map.get(name); - if (num == null) { - return 0; - } - return num.intValue(); - } - /** * Set the version number of the certificate. * * @param val the Object class value for the Extensions * @exception CertificateException on invalid data. */ - private void setVersion(Object val) throws CertificateException { - if (!(val instanceof CertificateVersion)) { - throw new CertificateException("Version class type invalid."); - } - version = (CertificateVersion)val; + public void setVersion(CertificateVersion val) { + // set rawCertInfo to null, so that we are forced to re-encode + rawCertInfo = null; + version = val; + } + + public CertificateVersion getVersion() { + return version; } /** @@ -727,11 +533,14 @@ private void setVersion(Object val) throws CertificateException { * @param val the Object class value for the CertificateSerialNumber * @exception CertificateException on invalid data. */ - private void setSerialNumber(Object val) throws CertificateException { - if (!(val instanceof CertificateSerialNumber)) { - throw new CertificateException("SerialNumber class type invalid."); - } - serialNum = (CertificateSerialNumber)val; + public void setSerialNumber(CertificateSerialNumber val) { + // set rawCertInfo to null, so that we are forced to re-encode + rawCertInfo = null; + serialNum = val; + } + + public CertificateSerialNumber getSerialNumber() { + return serialNum; } /** @@ -740,12 +549,14 @@ private void setSerialNumber(Object val) throws CertificateException { * @param val the Object class value for the AlgorithmId * @exception CertificateException on invalid data. */ - private void setAlgorithmId(Object val) throws CertificateException { - if (!(val instanceof CertificateAlgorithmId)) { - throw new CertificateException( - "AlgorithmId class type invalid."); - } - algId = (CertificateAlgorithmId)val; + public void setAlgorithmId(CertificateAlgorithmId val) { + // set rawCertInfo to null, so that we are forced to re-encode + rawCertInfo = null; + algId = val; + } + + public CertificateAlgorithmId getAlgorithmId() { + return algId; } /** @@ -754,12 +565,10 @@ private void setAlgorithmId(Object val) throws CertificateException { * @param val the Object class value for the issuer * @exception CertificateException on invalid data. */ - private void setIssuer(Object val) throws CertificateException { - if (!(val instanceof X500Name)) { - throw new CertificateException( - "Issuer class type invalid."); - } - issuer = (X500Name)val; + public void setIssuer(X500Name val) { + // set rawCertInfo to null, so that we are forced to re-encode + rawCertInfo = null; + issuer = val; } /** @@ -768,12 +577,14 @@ private void setIssuer(Object val) throws CertificateException { * @param val the Object class value for the CertificateValidity * @exception CertificateException on invalid data. */ - private void setValidity(Object val) throws CertificateException { - if (!(val instanceof CertificateValidity)) { - throw new CertificateException( - "CertificateValidity class type invalid."); - } - interval = (CertificateValidity)val; + public void setValidity(CertificateValidity val) { + // set rawCertInfo to null, so that we are forced to re-encode + rawCertInfo = null; + interval = val; + } + + public CertificateValidity getValidity() { + return interval; } /** @@ -782,12 +593,10 @@ private void setValidity(Object val) throws CertificateException { * @param val the Object class value for the Subject * @exception CertificateException on invalid data. */ - private void setSubject(Object val) throws CertificateException { - if (!(val instanceof X500Name)) { - throw new CertificateException( - "Subject class type invalid."); - } - subject = (X500Name)val; + public void setSubject(X500Name val) throws CertificateException { + // set rawCertInfo to null, so that we are forced to re-encode + rawCertInfo = null; + subject = val; } /** @@ -796,12 +605,14 @@ private void setSubject(Object val) throws CertificateException { * @param val the Object class value for the PublicKey * @exception CertificateException on invalid data. */ - private void setKey(Object val) throws CertificateException { - if (!(val instanceof CertificateX509Key)) { - throw new CertificateException( - "Key class type invalid."); - } - pubKey = (CertificateX509Key)val; + public void setKey(CertificateX509Key val) { + // set rawCertInfo to null, so that we are forced to re-encode + rawCertInfo = null; + pubKey = val; + } + + public CertificateX509Key getKey() { + return pubKey; } /** @@ -810,15 +621,13 @@ private void setKey(Object val) throws CertificateException { * @param val the Object class value for the IssuerUniqueId * @exception CertificateException */ - private void setIssuerUniqueId(Object val) throws CertificateException { + public void setIssuerUniqueId(UniqueIdentity val) throws CertificateException { + // set rawCertInfo to null, so that we are forced to re-encode + rawCertInfo = null; if (version.compare(CertificateVersion.V2) < 0) { throw new CertificateException("Invalid version"); } - if (!(val instanceof UniqueIdentity)) { - throw new CertificateException( - "IssuerUniqueId class type invalid."); - } - issuerUniqueId = (UniqueIdentity)val; + issuerUniqueId = val; } /** @@ -827,15 +636,13 @@ private void setIssuerUniqueId(Object val) throws CertificateException { * @param val the Object class value for the SubjectUniqueId * @exception CertificateException */ - private void setSubjectUniqueId(Object val) throws CertificateException { + public void setSubjectUniqueId(UniqueIdentity val) throws CertificateException { + // set rawCertInfo to null, so that we are forced to re-encode + rawCertInfo = null; if (version.compare(CertificateVersion.V2) < 0) { throw new CertificateException("Invalid version"); } - if (!(val instanceof UniqueIdentity)) { - throw new CertificateException( - "SubjectUniqueId class type invalid."); - } - subjectUniqueId = (UniqueIdentity)val; + subjectUniqueId = val; } /** @@ -844,14 +651,12 @@ private void setSubjectUniqueId(Object val) throws CertificateException { * @param val the Object class value for the Extensions * @exception CertificateException */ - private void setExtensions(Object val) throws CertificateException { + public void setExtensions(CertificateExtensions val) throws CertificateException { + // set rawCertInfo to null, so that we are forced to re-encode + rawCertInfo = null; if (version.compare(CertificateVersion.V3) < 0) { throw new CertificateException("Invalid version"); } - if (!(val instanceof CertificateExtensions)) { - throw new CertificateException( - "Extensions class type invalid."); - } - extensions = (CertificateExtensions)val; + extensions = val; } } diff --git a/src/java.base/share/classes/sun/security/x509/certAttributes.html b/src/java.base/share/classes/sun/security/x509/certAttributes.html deleted file mode 100644 index 11541201e45ee..0000000000000 --- a/src/java.base/share/classes/sun/security/x509/certAttributes.html +++ /dev/null @@ -1,245 +0,0 @@ - - - -Certificate Attributes - -

Certificate Attributes

-
July 1998
-

-In JDK1.2 we provide an implementation of X.509 (version 3). -The X509CertImpl class supports the following methods to -manipulate the various attributes of a certificate: -

-     Object get(String name), and
-     void set(String name, Object value)
-
-A list of all the X.509 v3 Certificate attributes that can be manipulated -is provided in the following table. -For example, if you want to get the signature component of -the certificate: -
-     X509CertImpl cert;
-     // get the certificate object
-     byte[] sig = (byte[])cert.get("x509.signature");
-                  // using the fully-qualified identifier
-OR
-     byte[] sig = (byte[])cert.get(X509CertImpl.SIG);
-                  // using defined constants
-
-

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
sun.security.x509.X509CertImpl
AttributeFully-qualified identifierDefined constantsType of Object returned
-(in sun.security.x509 unless fully-qualified)
signatureAlgorithmx509.algorithmX509CertImpl.SIG_ALGAlgorithmId
signaturex509.signatureX509CertImpl.SIGbyte[]
tbsCertificatex509.infoX509CertInfo.IDENTX509CertInfo
versionx509.info.version
-x509.info.version.number
CertificateVersion.IDENT
-none
CertificateVersion
-java.lang.Integer
serialNumberx509.info.serialNumber
-x509.info.serialNumber.number
CertificateSerialNumber.IDENT
-X509CertImpl.SERIAL_ID
CertificateSerialNumber
-SerialNumber
signaturex509.info.algorithmID
-x509.info.algorithmID.algorithm
CertificateAlgorithmId.IDENT
-none
CertificateAlgorithmId
-AlgorithmId
issuerx509.info.issuer
-x509.info.issuer.dname
none
-X509CertImpl.ISSUER_DN
X500Name
-X500Name
validity
-validity.notAfter
-validity.notBefore
x509.info.validity
-x509.info.validity.notAfter
-x509.info.validity.notBefore
CertificateValidity.IDENT
-none
-none
CertificateValidity
-java.util.Date
-java.util.Date
subjectx509.info.subject
-x509.info.subject.dname
none
-X509CertImpl.SUBJECT_DN
X500Name
-X500Name
subjectPublicKeyInfox509.info.key
-x509.info.key.value
CertificateX509Key.IDENT
-X509CertImpl.PUBLIC_KEY
CertificateX509Key
-X509Key
issuerUniqueIDx509.info.issuerID
-x509.info.issuerID.id
none
-none
UniqueIdentity
-UniqueIdentity
subjectUniqueIDx509.info.subjectID
-x509.info.subjectID.id
none
-none
UniqueIdentity
-UniqueIdentity
extensionsx509.info.extensionsCertificateExtensions.IDENTCertificateExtensions
-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
X.509 V3 certificate extensions
ExtensionExtension attribute identifierShort formType of Object returned
Authority Key Identifierx509.info.extensions.AuthorityKeyIdentifierAuthorityKeyIdentifierExtension.IDENTAuthorityKeyIdentifierExtension
Subject Key Identifierx509.info.extensions.SubjectKeyIdentifierSubjectKeyIdentifierExtension.IDENTSubjectKeyIdentifierExtension
Key Usagex509.info.extensions.KeyUsageKeyUsageExtension.IDENTKeyUsageExtension
Private Key Usage Periodx509.info.extensions.PrivateKeyUsagePrivateKeyUsageExtension.IDENTPrivateKeyUsageExtension
Policy Mappingsx509.info.extensions.PolicyMappingsPolicyMappingsExtension.IDENTPolicyMappingsExtension
Subject Alternative Namex509.info.extensions.SubjectAlternativeNameSubjectAlternativeNameExtension.IDENTSubjectAlternativeNameExtension
Issuer Alternative Namex509.info.extensions.IssuerAlternativeNameIssuerAlternativeNameExtension.IDENTIssuerAlternativeNameExtension
Basic Constraintsx509.info.extensions.BasicConstraintsBasicConstraintsExtension.IDENTBasicConstraintsExtension
Name Constraintsx509.info.extensions.NameConstraintsNameConstraintsExtension.IDENTNameConstraintsExtension
Policy Constraintsx509.info.extensions.PolicyConstraintsPolicyConstraintsExtension.IDENTPolicyConstraintsExtension
Netscape Certificate Typex509.info.extensions.NetscapeCertTypeNetscapeCertTypeExtension.IDENTNetscapeCertTypeExtension
-

-Extensions can be added by implementing the -sun.security.x509.CertAttrSet interface and -subclassing sun.security.x509.Extension class. -Register the new extension using the OIDMap class. -The following extensions are not currently supported from the -PKIX profile: - - - - - - - - - -
NameObjectIdentifier
CertificatePolicies2.5.29.32
- - diff --git a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java index 8aec39aab2fb0..9be5942b4c5ef 100644 --- a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java +++ b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java @@ -2400,7 +2400,7 @@ void checkCertUsage(X509Certificate userCert, boolean[] bad) { NetscapeCertTypeExtension extn = new NetscapeCertTypeExtension(encoded); - Boolean val = extn.get(NetscapeCertTypeExtension.OBJECT_SIGNING); + boolean val = extn.get(NetscapeCertTypeExtension.OBJECT_SIGNING); if (!val) { if (bad != null) { bad[2] = true; diff --git a/test/jdk/java/security/cert/X509CertSelectorTest.java b/test/jdk/java/security/cert/X509CertSelectorTest.java index 3ff5b65350a16..0f77155dc3eff 100644 --- a/test/jdk/java/security/cert/X509CertSelectorTest.java +++ b/test/jdk/java/security/cert/X509CertSelectorTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,13 +21,9 @@ * questions. */ import static sun.security.x509.GeneralNameInterface.NAME_DIRECTORY; -import static sun.security.x509.NameConstraintsExtension.EXCLUDED_SUBTREES; -import static sun.security.x509.NameConstraintsExtension.PERMITTED_SUBTREES; import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; import java.io.IOException; -import java.io.InputStream; import java.math.BigInteger; import java.security.GeneralSecurityException; import java.security.KeyFactory; @@ -284,7 +280,7 @@ private void testPrivateKeyValid() throws IOException, CertificateException { DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16")); byte[] encoded = in.getOctetString(); PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded); - Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE); + Date validDate = ext.getNotBefore(); selector.setPrivateKeyValid(validDate); checkMatch(selector, cert, true); @@ -351,8 +347,8 @@ private void testSubjectAltName() throws IOException { DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17")); byte[] encoded = in.getOctetString(); SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded); - GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); - GeneralName name = (GeneralName) names.get(0); + GeneralNames names = ext.getNames(); + GeneralName name = names.get(0); selector.setSubjectAlternativeNames(null); DerOutputStream tmp2 = new DerOutputStream(); name.getName().encode(tmp2); @@ -383,7 +379,7 @@ private void testPolicy() throws IOException { // good match DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32")); CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString()); - List policies = ext.get(CertificatePoliciesExtension.POLICIES); + List policies = ext.getCertPolicies(); // match on the first policy id PolicyInformation policyInfo = (PolicyInformation) policies.get(0); s.clear(); @@ -403,8 +399,8 @@ private void testPathToName() throws IOException { DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.30")); byte[] encoded = in.getOctetString(); NameConstraintsExtension ext = new NameConstraintsExtension(false, encoded); - GeneralSubtrees permitted = (GeneralSubtrees) ext.get(PERMITTED_SUBTREES); - GeneralSubtrees excluded = (GeneralSubtrees) ext.get(EXCLUDED_SUBTREES); + GeneralSubtrees permitted = ext.getPermittedSubtrees(); + GeneralSubtrees excluded = ext.getExcludedSubtrees(); // bad matches on pathToName within excluded subtrees if (excluded != null) { diff --git a/test/jdk/sun/security/pkcs/pkcs7/SignerOrder.java b/test/jdk/sun/security/pkcs/pkcs7/SignerOrder.java index 64954c7cdc222..817a784720c8a 100644 --- a/test/jdk/sun/security/pkcs/pkcs7/SignerOrder.java +++ b/test/jdk/sun/security/pkcs/pkcs7/SignerOrder.java @@ -245,17 +245,14 @@ private X509Certificate getSelfCert() throws Exception { X509CertInfo info = new X509CertInfo(); // Add all mandatory attributes - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V1)); - info.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber( + info.setVersion(new CertificateVersion(CertificateVersion.V1)); + info.setSerialNumber(new CertificateSerialNumber( (int) (firstDate.getTime() / 1000))); - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(algId)); - info.set(X509CertInfo.SUBJECT, agent); - info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey)); - info.set(X509CertInfo.VALIDITY, interval); - info.set(X509CertInfo.ISSUER, agent); + info.setAlgorithmId(new CertificateAlgorithmId(algId)); + info.setSubject(agent); + info.setKey(new CertificateX509Key(publicKey)); + info.setValidity(interval); + info.setIssuer(agent); certLocal = new X509CertImpl(info); certLocal.sign(privateKey, algId.getName()); diff --git a/test/jdk/sun/security/provider/X509Factory/BigCRL.java b/test/jdk/sun/security/provider/X509Factory/BigCRL.java index 963069cdc0e7e..67feee3de3d11 100644 --- a/test/jdk/sun/security/provider/X509Factory/BigCRL.java +++ b/test/jdk/sun/security/provider/X509Factory/BigCRL.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,7 +35,6 @@ import java.security.cert.Certificate; import java.security.PrivateKey; import java.security.cert.X509CRLEntry; -import java.util.Arrays; import java.util.Date; import sun.security.x509.*; import java.security.cert.CertificateFactory; @@ -55,10 +54,8 @@ public static void main(String[] args) throws Exception { Certificate signerCert = keyStore.getCertificate(alias); byte[] encoded = signerCert.getEncoded(); X509CertImpl signerCertImpl = new X509CertImpl(encoded); - X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); - X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." - + X509CertInfo.DN_NAME); + X509CertInfo signerCertInfo = signerCertImpl.getInfo(); + X500Name owner = signerCertInfo.getSubject(); Date date = new Date(); PrivateKey privateKey = (PrivateKey) @@ -67,7 +64,7 @@ public static void main(String[] args) throws Exception { X509CRLEntry[] badCerts = new X509CRLEntry[n]; CRLExtensions ext = new CRLExtensions(); - ext.set("Reason", new CRLReasonCodeExtension(1)); + ext.setExtension("Reason", new CRLReasonCodeExtension(1)); for (int i = 0; i < n; i++) { badCerts[i] = new X509CRLEntryImpl( BigInteger.valueOf(i), date, ext); diff --git a/test/jdk/sun/security/ssl/X509KeyManager/NoGoodKey.java b/test/jdk/sun/security/ssl/X509KeyManager/NoGoodKey.java index 71007010d8b83..1643877ca4a5a 100644 --- a/test/jdk/sun/security/ssl/X509KeyManager/NoGoodKey.java +++ b/test/jdk/sun/security/ssl/X509KeyManager/NoGoodKey.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2021, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -55,7 +55,7 @@ public static void main(String[] args) throws Exception { Vector xku = new Vector<>(1); xku.add(ObjectIdentifier.of(KnownOIDs.KP_TimeStamping)); var ext = new ExtendedKeyUsageExtension(xku); - exts.set(ext.getId(), ext); + exts.setExtension(ext.getId(), ext); KeyStore ks = KeyStore.getInstance("pkcs12"); char[] pass = "password".toCharArray(); diff --git a/test/jdk/sun/security/x509/OtherName/Parse.java b/test/jdk/sun/security/x509/OtherName/Parse.java index 7db5ffe56d262..23d9ae611678c 100644 --- a/test/jdk/sun/security/x509/OtherName/Parse.java +++ b/test/jdk/sun/security/x509/OtherName/Parse.java @@ -76,7 +76,7 @@ public static void main(String[] args) throws Exception { names.add(new GeneralName( new OtherName(ObjectIdentifier.of("1.2.3.6"), d2))); - exts.set("x", new SubjectAlternativeNameExtension(names)); + exts.setExtension("x", new SubjectAlternativeNameExtension(names)); CertAndKeyGen g = new CertAndKeyGen("Ed25519", "Ed25519"); g.generate(-1); X509Certificate x = g.getSelfCertificate(new X500Name("CN=ME"), diff --git a/test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java b/test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java index 95741c9f54fa2..b2b845bca8557 100644 --- a/test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java +++ b/test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -122,21 +122,17 @@ public static boolean test(String algorithm, String sigAlg, int keyLength) // Certificate Info X509CertInfo cert = new X509CertInfo(); - cert.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - cert.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber((int) (firstDate.getTime() / 1000))); - cert.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(AlgorithmId.get(sigAlg))); - cert.set(X509CertInfo.SUBJECT, subject); - cert.set(X509CertInfo.KEY, new CertificateX509Key(publicKey)); - cert.set(X509CertInfo.VALIDITY, interval); - cert.set(X509CertInfo.ISSUER, issuer); - - cert.set(X509CertInfo.ISSUER_ID, - new UniqueIdentity( + cert.setVersion(new CertificateVersion(CertificateVersion.V3)); + cert.setSerialNumber(new CertificateSerialNumber((int) (firstDate.getTime() / 1000))); + cert.setAlgorithmId(new CertificateAlgorithmId(AlgorithmId.get(sigAlg))); + cert.setSubject(subject); + cert.setKey(new CertificateX509Key(publicKey)); + cert.setValidity(interval); + cert.setIssuer(issuer); + + cert.setIssuerUniqueId(new UniqueIdentity( new BitArray(issuerId.length * 8 - 2, issuerId))); - cert.set(X509CertInfo.SUBJECT_ID, new UniqueIdentity(subjectId)); + cert.setSubjectUniqueId(new UniqueIdentity(subjectId)); // Create Extensions CertificateExtensions exts = new CertificateExtensions(); @@ -163,13 +159,9 @@ public static boolean test(String algorithm, String sigAlg, int keyLength) IssuerAlternativeNameExtension issuerName = new IssuerAlternativeNameExtension(); - GeneralNames subjectNames - = (GeneralNames) subjectName. - get(SubjectAlternativeNameExtension.SUBJECT_NAME); + GeneralNames subjectNames = subjectName.getNames(); - GeneralNames issuerNames - = (GeneralNames) issuerName. - get(IssuerAlternativeNameExtension.ISSUER_NAME); + GeneralNames issuerNames = issuerName.getNames(); subjectNames.add(mail); subjectNames.add(dns); @@ -201,15 +193,15 @@ public static boolean test(String algorithm, String sigAlg, int keyLength) PolicyConstraintsExtension pce = new PolicyConstraintsExtension(2, 4); - exts.set(SubjectAlternativeNameExtension.NAME, subjectName); - exts.set(IssuerAlternativeNameExtension.NAME, issuerName); - exts.set(PrivateKeyUsageExtension.NAME, pkusage); - exts.set(KeyUsageExtension.NAME, usage); - exts.set(AuthorityKeyIdentifierExtension.NAME, aki); - exts.set(SubjectKeyIdentifierExtension.NAME, ski); - exts.set(BasicConstraintsExtension.NAME, cons); - exts.set(PolicyConstraintsExtension.NAME, pce); - cert.set(X509CertInfo.EXTENSIONS, exts); + exts.setExtension(SubjectAlternativeNameExtension.NAME, subjectName); + exts.setExtension(IssuerAlternativeNameExtension.NAME, issuerName); + exts.setExtension(PrivateKeyUsageExtension.NAME, pkusage); + exts.setExtension(KeyUsageExtension.NAME, usage); + exts.setExtension(AuthorityKeyIdentifierExtension.NAME, aki); + exts.setExtension(SubjectKeyIdentifierExtension.NAME, ski); + exts.setExtension(BasicConstraintsExtension.NAME, cons); + exts.setExtension(PolicyConstraintsExtension.NAME, pce); + cert.setExtensions(exts); // Generate and sign X509CertImpl X509CertImpl crt = new X509CertImpl(cert);