8242151: Improve OID mapping and reuse among JDK security providers f…

…or aliases registration Use sun.security.util.KnownOIDs enum instead of hardcoding oid strings everywhere Reviewed-by: mbaesken, mbalao Backport-of: 080b3b8
openjdk · Jun 14, 2023 · 3bc72d0 · 3bc72d0 · openjdk-notifier · Jun 14, 2023
1 parent 26652c8
commit 3bc72d0
Show file tree

Hide file tree

Showing 76 changed files with 1,292 additions and 1,763 deletions.
diff --git a/src/java.base/macosx/classes/apple/security/KeychainStore.java b/src/java.base/macosx/classes/apple/security/KeychainStore.java
@@ -112,9 +112,9 @@ class TrustedCertEntry {
      * PKCS12 bag we get from the Keychain.
      */
     private static ObjectIdentifier PKCS8ShroudedKeyBag_OID =
-            ObjectIdentifier.of1("1.2.840.113549.1.12.10.1.2");
+            ObjectIdentifier.of(KnownOIDs.PKCS8ShroudedKeyBag);
     private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID =
-            ObjectIdentifier.of1("1.2.840.113549.1.12.1.3");
+            ObjectIdentifier.of(KnownOIDs.PBEWithSHA1AndDESede);
 
     /**
      * Constnats used in PBE decryption.

diff --git a/src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java b/src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java
@@ -70,7 +70,7 @@ final class DHPublicKey implements PublicKey,
 
     // Note: this OID is used by DHPrivateKey as well.
     static ObjectIdentifier DH_OID =
-            ObjectIdentifier.of1("1.2.840.113549.1.3.1");
+            ObjectIdentifier.of(KnownOIDs.DiffieHellman);
 
     /**
      * Make a DH public key out of a public value <code>y</code>, a prime

diff --git a/src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java b/src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java
@@ -48,6 +48,7 @@
 
 import sun.security.x509.AlgorithmId;
 import sun.security.util.ObjectIdentifier;
+import sun.security.util.KnownOIDs;
 import sun.security.util.SecurityProperties;
 
 /**
@@ -67,14 +68,6 @@
 
 final class KeyProtector {
 
-    // defined by SunSoft (SKI project)
-    private static final String PBE_WITH_MD5_AND_DES3_CBC_OID
-            = "1.3.6.1.4.1.42.2.19.1";
-
-    // JavaSoft proprietary key-protection algorithm (used to protect private
-    // keys in the keystore implementation that comes with JDK 1.2)
-    private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1";
-
     private static final int MAX_ITERATION_COUNT = 5000000;
     private static final int MIN_ITERATION_COUNT = 10000;
     private static final int DEFAULT_ITERATION_COUNT = 200000;
@@ -154,7 +147,8 @@ byte[] protect(PrivateKey key)
         pbeParams.init(pbeSpec);
 
         AlgorithmId encrAlg = new AlgorithmId
-            (new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), pbeParams);
+            (ObjectIdentifier.of(KnownOIDs.JAVASOFT_JCEKeyProtector),
+             pbeParams);
         return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
     }
 
@@ -169,13 +163,13 @@ Key recover(EncryptedPrivateKeyInfo encrInfo)
         SecretKey sKey = null;
         try {
             String encrAlg = encrInfo.getAlgorithm().getOID().toString();
-            if (!encrAlg.equals(PBE_WITH_MD5_AND_DES3_CBC_OID)
-                && !encrAlg.equals(KEY_PROTECTOR_OID)) {
+            if (!encrAlg.equals(KnownOIDs.JAVASOFT_JCEKeyProtector.value())
+                && !encrAlg.equals(KnownOIDs.JAVASOFT_JDKKeyProtector.value())) {
                 throw new UnrecoverableKeyException("Unsupported encryption "
                                                     + "algorithm");
             }
 
-            if (encrAlg.equals(KEY_PROTECTOR_OID)) {
+            if (encrAlg.equals(KnownOIDs.JAVASOFT_JDKKeyProtector.value())) {
                 // JDK 1.2 style recovery
                 plain = recover(encrInfo.getEncryptedData());
             } else {

diff --git a/src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java b/src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java
@@ -56,9 +56,9 @@ public final class OAEPParameters extends AlgorithmParametersSpi {
     private MGF1ParameterSpec mgfSpec;
     private byte[] p;
     private static ObjectIdentifier OID_MGF1 =
-            ObjectIdentifier.of1("1.2.840.113549.1.1.8");
+            ObjectIdentifier.of(KnownOIDs.MGF1);
     private static ObjectIdentifier OID_PSpecified =
-            ObjectIdentifier.of1("1.2.840.113549.1.1.9");
+            ObjectIdentifier.of(KnownOIDs.PSpecified);
 
     public OAEPParameters() {
     }

diff --git a/src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java b/src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java
@@ -93,25 +93,15 @@
 abstract class PBES2Parameters extends AlgorithmParametersSpi {
 
     private static ObjectIdentifier pkcs5PBKDF2_OID =
-            ObjectIdentifier.of1("1.2.840.113549.1.5.12");
+            ObjectIdentifier.of(KnownOIDs.PBKDF2WithHmacSHA1);
     private static ObjectIdentifier pkcs5PBES2_OID =
-            ObjectIdentifier.of1("1.2.840.113549.1.5.13");
-    private static ObjectIdentifier hmacWithSHA1_OID =
-            ObjectIdentifier.of1("1.2.840.113549.2.7");
-    private static ObjectIdentifier hmacWithSHA224_OID =
-            ObjectIdentifier.of1("1.2.840.113549.2.8");
-    private static ObjectIdentifier hmacWithSHA256_OID =
-            ObjectIdentifier.of1("1.2.840.113549.2.9");
-    private static ObjectIdentifier hmacWithSHA384_OID =
-            ObjectIdentifier.of1("1.2.840.113549.2.10");
-    private static ObjectIdentifier hmacWithSHA512_OID =
-            ObjectIdentifier.of1("1.2.840.113549.2.11");
+            ObjectIdentifier.of(KnownOIDs.PBES2);
     private static ObjectIdentifier aes128CBC_OID =
-            ObjectIdentifier.of1("2.16.840.1.101.3.4.1.2");
+            ObjectIdentifier.of(KnownOIDs.AES_128$CBC$NoPadding);
     private static ObjectIdentifier aes192CBC_OID =
-            ObjectIdentifier.of1("2.16.840.1.101.3.4.1.22");
+            ObjectIdentifier.of(KnownOIDs.AES_192$CBC$NoPadding);
     private static ObjectIdentifier aes256CBC_OID =
-            ObjectIdentifier.of1("2.16.840.1.101.3.4.1.42");
+            ObjectIdentifier.of(KnownOIDs.AES_256$CBC$NoPadding);
 
     // the PBES2 algorithm name
     private String pbes2AlgorithmName = null;
@@ -126,7 +116,8 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
     private AlgorithmParameterSpec cipherParam = null;
 
     // the key derivation function (default is HmacSHA1)
-    private ObjectIdentifier kdfAlgo_OID = hmacWithSHA1_OID;
+    private ObjectIdentifier kdfAlgo_OID =
+            ObjectIdentifier.of(KnownOIDs.HmacSHA1);
 
     // the encryption function
     private ObjectIdentifier cipherAlgo_OID = null;
@@ -171,19 +162,11 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
 
         switch (kdfAlgo) {
         case "HmacSHA1":
-            kdfAlgo_OID = hmacWithSHA1_OID;
-            break;
         case "HmacSHA224":
-            kdfAlgo_OID = hmacWithSHA224_OID;
-            break;
         case "HmacSHA256":
-            kdfAlgo_OID = hmacWithSHA256_OID;
-            break;
         case "HmacSHA384":
-            kdfAlgo_OID = hmacWithSHA384_OID;
-            break;
         case "HmacSHA512":
-            kdfAlgo_OID = hmacWithSHA512_OID;
+            kdfAlgo_OID = ObjectIdentifier.of(KnownOIDs.findMatch(kdfAlgo));
             break;
         default:
             throw new NoSuchAlgorithmException(
@@ -255,7 +238,7 @@ protected void engineInit(byte[] encoded)
         }
         cipherAlgo = parseES(pBES2_params.data.getDerValue());
 
-        pbes2AlgorithmName = new StringBuilder().append("PBEWith")
+        this.pbes2AlgorithmName = new StringBuilder().append("PBEWith")
             .append(kdfAlgo).append("And").append(cipherAlgo).toString();
     }
 
@@ -306,21 +289,18 @@ private String parseKDF(DerValue keyDerivationFunc) throws IOException {
         }
         if (prf != null) {
             kdfAlgo_OID = prf.data.getOID();
-            if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
-                kdfAlgo = "HmacSHA1";
-            } else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
-                kdfAlgo = "HmacSHA224";
-            } else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
-                kdfAlgo = "HmacSHA256";
-            } else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
-                kdfAlgo = "HmacSHA384";
-            } else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
-                kdfAlgo = "HmacSHA512";
-            } else {
+            KnownOIDs o = KnownOIDs.findMatch(kdfAlgo_OID.toString());
+            if (o == null || (!o.stdName().equals("HmacSHA1") &&
+                !o.stdName().equals("HmacSHA224") &&
+                !o.stdName().equals("HmacSHA256") &&
+                !o.stdName().equals("HmacSHA384") &&
+                !o.stdName().equals("HmacSHA512"))) {
                 throw new IOException("PBE parameter parsing error: "
                         + "expecting the object identifier for a HmacSHA key "
                         + "derivation function");
             }
+            kdfAlgo = o.stdName();
+
             if (prf.data.available() != 0) {
                 // parameter is 'NULL' for all HmacSHA KDFs
                 DerValue parameter = prf.data.getDerValue();