openjdk · Feb 18, 2020
diff --git a/‎src/java.base/macosx/classes/apple/security/KeychainStore.java
+7-16 b/‎src/java.base/macosx/classes/apple/security/KeychainStore.java
+7-16
diff --git a/‎src/java.base/share/classes/com/sun/crypto/provider/DHPrivateKey.java
+2-4 b/‎src/java.base/share/classes/com/sun/crypto/provider/DHPrivateKey.java
+2-4
diff --git a/‎src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java
+5-3 b/‎src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java
+5-3
diff --git a/‎src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java
+5-19 b/‎src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java
+5-19
diff --git a/‎src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java
+21-50 b/‎src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java
+21-50
diff --git a/‎src/java.base/share/classes/java/security/cert/X509CertSelector.java
+2-2 b/‎src/java.base/share/classes/java/security/cert/X509CertSelector.java
+2-2
diff --git a/‎src/java.base/share/classes/sun/security/pkcs/ContentInfo.java
+30-44 b/‎src/java.base/share/classes/sun/security/pkcs/ContentInfo.java
+30-44
diff --git a/‎src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java
+6-7 b/‎src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java
+6-7
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -89,12 +89,13 @@ class TrustedCertEntry {
     private Hashtable<String, Object> entries = new Hashtable<>();
 
     /**
-     * Algorithm identifiers and corresponding OIDs for the contents of the PKCS12 bag we get from the Keychain.
+     * Algorithm identifiers and corresponding OIDs for the contents of the
+     * PKCS12 bag we get from the Keychain.
      */
-    private static final int keyBag[]  = {1, 2, 840, 113549, 1, 12, 10, 1, 2};
-    private static final int pbeWithSHAAnd3KeyTripleDESCBC[] =     {1, 2, 840, 113549, 1, 12, 1, 3};
-    private static ObjectIdentifier PKCS8ShroudedKeyBag_OID;
-    private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID;
+    private static ObjectIdentifier PKCS8ShroudedKeyBag_OID =
+            ObjectIdentifier.of("1.2.840.113549.1.12.10.1.2");
+    private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID =
+            ObjectIdentifier.of("1.2.840.113549.1.12.1.3");
 
     /**
      * Constnats used in PBE decryption.
@@ -104,16 +105,6 @@ class TrustedCertEntry {
 
     private static final Debug debug = Debug.getInstance("keystore");
 
-    static {
-        jdk.internal.loader.BootLoader.loadLibrary("osxsecurity");
-        try {
-            PKCS8ShroudedKeyBag_OID = new ObjectIdentifier(keyBag);
-            pbeWithSHAAnd3KeyTripleDESCBC_OID = new ObjectIdentifier(pbeWithSHAAnd3KeyTripleDESCBC);
-        } catch (IOException ioe) {
-            // should not happen
-        }
-    }
-
     private static void permissionCheck() {
         SecurityManager sec = System.getSecurityManager();
 
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -72,8 +72,6 @@ final class DHPrivateKey implements PrivateKey,
     // the private-value length (optional)
     private int l;
 
-    private int DH_data[] = { 1, 2, 840, 113549, 1, 3, 1 };
-
     /**
      * Make a DH private key out of a private value <code>x</code>, a prime
      * modulus <code>p</code>, and a base generator <code>g</code>.
@@ -220,7 +218,7 @@ public synchronized byte[] getEncoded() {
                 DerOutputStream algid = new DerOutputStream();
 
                 // store OID
-                algid.putOID(new ObjectIdentifier(DH_data));
+                algid.putOID(DHPublicKey.DH_OID);
                 // encode parameters
                 DerOutputStream params = new DerOutputStream();
                 params.putInteger(this.p);
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -69,7 +69,9 @@ final class DHPublicKey implements PublicKey,
     // the private-value length (optional)
     private int l;
 
-    private int DH_data[] = { 1, 2, 840, 113549, 1, 3, 1 };
+    // Note: this OID is used by DHPrivateKey as well.
+    static ObjectIdentifier DH_OID =
+            ObjectIdentifier.of("1.2.840.113549.1.3.1");
 
     /**
      * Make a DH public key out of a public value <code>y</code>, a prime
@@ -203,7 +205,7 @@ public synchronized byte[] getEncoded() {
                 DerOutputStream algid = new DerOutputStream();
 
                 // store oid in algid
-                algid.putOID(new ObjectIdentifier(DH_data));
+                algid.putOID(DH_OID);
 
                 // encode parameters
                 DerOutputStream params = new DerOutputStream();
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,24 +55,10 @@ public final class OAEPParameters extends AlgorithmParametersSpi {
     private String mdName;
     private MGF1ParameterSpec mgfSpec;
     private byte[] p;
-    private static ObjectIdentifier OID_MGF1;
-    private static ObjectIdentifier OID_PSpecified;
-
-    static {
-        try {
-            OID_MGF1 = new ObjectIdentifier(new int[] {1,2,840,113549,1,1,8});
-        } catch (IOException ioe) {
-            // should not happen
-            OID_MGF1 = null;
-        }
-        try {
-            OID_PSpecified =
-                new ObjectIdentifier(new int[] {1,2,840,113549,1,1,9});
-        } catch (IOException ioe) {
-            // should not happen
-            OID_PSpecified = null;
-        }
-    }
+    private static ObjectIdentifier OID_MGF1 =
+            ObjectIdentifier.of("1.2.840.113549.1.1.8");
+    private static ObjectIdentifier OID_PSpecified =
+            ObjectIdentifier.of("1.2.840.113549.1.1.9");
 
     public OAEPParameters() {
     }
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -90,57 +90,28 @@
  *
  * </pre>
  */
-
 abstract class PBES2Parameters extends AlgorithmParametersSpi {
 
-    private static final int pkcs5PBKDF2[] =
-                                        {1, 2, 840, 113549, 1, 5, 12};
-    private static final int pkcs5PBES2[] =
-                                        {1, 2, 840, 113549, 1, 5, 13};
-    private static final int hmacWithSHA1[] =
-                                        {1, 2, 840, 113549, 2, 7};
-    private static final int hmacWithSHA224[] =
-                                        {1, 2, 840, 113549, 2, 8};
-    private static final int hmacWithSHA256[] =
-                                        {1, 2, 840, 113549, 2, 9};
-    private static final int hmacWithSHA384[] =
-                                        {1, 2, 840, 113549, 2, 10};
-    private static final int hmacWithSHA512[] =
-                                        {1, 2, 840, 113549, 2, 11};
-    private static final int aes128CBC[] =
-                                        {2, 16, 840, 1, 101, 3, 4, 1, 2};
-    private static final int aes192CBC[] =
-                                        {2, 16, 840, 1, 101, 3, 4, 1, 22};
-    private static final int aes256CBC[] =
-                                        {2, 16, 840, 1, 101, 3, 4, 1, 42};
-
-    private static ObjectIdentifier pkcs5PBKDF2_OID;
-    private static ObjectIdentifier pkcs5PBES2_OID;
-    private static ObjectIdentifier hmacWithSHA1_OID;
-    private static ObjectIdentifier hmacWithSHA224_OID;
-    private static ObjectIdentifier hmacWithSHA256_OID;
-    private static ObjectIdentifier hmacWithSHA384_OID;
-    private static ObjectIdentifier hmacWithSHA512_OID;
-    private static ObjectIdentifier aes128CBC_OID;
-    private static ObjectIdentifier aes192CBC_OID;
-    private static ObjectIdentifier aes256CBC_OID;
-
-    static {
-        try {
-            pkcs5PBKDF2_OID = new ObjectIdentifier(pkcs5PBKDF2);
-            pkcs5PBES2_OID = new ObjectIdentifier(pkcs5PBES2);
-            hmacWithSHA1_OID = new ObjectIdentifier(hmacWithSHA1);
-            hmacWithSHA224_OID = new ObjectIdentifier(hmacWithSHA224);
-            hmacWithSHA256_OID = new ObjectIdentifier(hmacWithSHA256);
-            hmacWithSHA384_OID = new ObjectIdentifier(hmacWithSHA384);
-            hmacWithSHA512_OID = new ObjectIdentifier(hmacWithSHA512);
-            aes128CBC_OID = new ObjectIdentifier(aes128CBC);
-            aes192CBC_OID = new ObjectIdentifier(aes192CBC);
-            aes256CBC_OID = new ObjectIdentifier(aes256CBC);
-        } catch (IOException ioe) {
-            // should not happen
-        }
-    }
+    private static ObjectIdentifier pkcs5PBKDF2_OID =
+            ObjectIdentifier.of("1.2.840.113549.1.5.12");
+    private static ObjectIdentifier pkcs5PBES2_OID =
+            ObjectIdentifier.of("1.2.840.113549.1.5.13");
+    private static ObjectIdentifier hmacWithSHA1_OID =
+            ObjectIdentifier.of("1.2.840.113549.2.7");
+    private static ObjectIdentifier hmacWithSHA224_OID =
+            ObjectIdentifier.of("1.2.840.113549.2.8");
+    private static ObjectIdentifier hmacWithSHA256_OID =
+            ObjectIdentifier.of("1.2.840.113549.2.9");
+    private static ObjectIdentifier hmacWithSHA384_OID =
+            ObjectIdentifier.of("1.2.840.113549.2.10");
+    private static ObjectIdentifier hmacWithSHA512_OID =
+            ObjectIdentifier.of("1.2.840.113549.2.11");
+    private static ObjectIdentifier aes128CBC_OID =
+            ObjectIdentifier.of("2.16.840.1.101.3.4.1.2");
+    private static ObjectIdentifier aes192CBC_OID =
+            ObjectIdentifier.of("2.16.840.1.101.3.4.1.22");
+    private static ObjectIdentifier aes256CBC_OID =
+            ObjectIdentifier.of("2.16.840.1.101.3.4.1.42");
 
     // the PBES2 algorithm name
     private String pbes2AlgorithmName = null;
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -88,7 +88,7 @@ public class X509CertSelector implements CertSelector {
     private static final Debug debug = Debug.getInstance("certpath");
 
     private static final ObjectIdentifier ANY_EXTENDED_KEY_USAGE =
-        ObjectIdentifier.newInternal(new int[] {2, 5, 29, 37, 0});
+        ObjectIdentifier.of("2.5.29.37.0");
 
     static {
         CertPathHelperImpl.initialize();
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,50 +38,36 @@
 public class ContentInfo {
 
     // pkcs7 pre-defined content types
-    private static int[]  pkcs7 = {1, 2, 840, 113549, 1, 7};
-    private static int[]   data = {1, 2, 840, 113549, 1, 7, 1};
-    private static int[]  sdata = {1, 2, 840, 113549, 1, 7, 2};
-    private static int[]  edata = {1, 2, 840, 113549, 1, 7, 3};
-    private static int[] sedata = {1, 2, 840, 113549, 1, 7, 4};
-    private static int[]  ddata = {1, 2, 840, 113549, 1, 7, 5};
-    private static int[] crdata = {1, 2, 840, 113549, 1, 7, 6};
-    private static int[] nsdata = {2, 16, 840, 1, 113730, 2, 5};
-    // timestamp token (id-ct-TSTInfo) from RFC 3161
-    private static int[] tstInfo = {1, 2, 840, 113549, 1, 9, 16, 1, 4};
+    public static ObjectIdentifier PKCS7_OID =
+            ObjectIdentifier.of("1.2.840.113549.1.7");
+    public static ObjectIdentifier DATA_OID =
+            ObjectIdentifier.of("1.2.840.113549.1.7.1");
+    public static ObjectIdentifier SIGNED_DATA_OID =
+            ObjectIdentifier.of("1.2.840.113549.1.7.2");
+    public static ObjectIdentifier ENVELOPED_DATA_OID =
+            ObjectIdentifier.of("1.2.840.113549.1.7.3");
+    public static ObjectIdentifier SIGNED_AND_ENVELOPED_DATA_OID =
+            ObjectIdentifier.of("1.2.840.113549.1.7.4");
+    public static ObjectIdentifier DIGESTED_DATA_OID =
+            ObjectIdentifier.of("1.2.840.113549.1.7.5");
+    public static ObjectIdentifier ENCRYPTED_DATA_OID =
+            ObjectIdentifier.of("1.2.840.113549.1.7.6");
+
     // this is for backwards-compatibility with JDK 1.1.x
-    private static final int[] OLD_SDATA = {1, 2, 840, 1113549, 1, 7, 2};
-    private static final int[] OLD_DATA = {1, 2, 840, 1113549, 1, 7, 1};
-    public static ObjectIdentifier PKCS7_OID;
-    public static ObjectIdentifier DATA_OID;
-    public static ObjectIdentifier SIGNED_DATA_OID;
-    public static ObjectIdentifier ENVELOPED_DATA_OID;
-    public static ObjectIdentifier SIGNED_AND_ENVELOPED_DATA_OID;
-    public static ObjectIdentifier DIGESTED_DATA_OID;
-    public static ObjectIdentifier ENCRYPTED_DATA_OID;
-    public static ObjectIdentifier OLD_SIGNED_DATA_OID;
-    public static ObjectIdentifier OLD_DATA_OID;
-    public static ObjectIdentifier NETSCAPE_CERT_SEQUENCE_OID;
-    public static ObjectIdentifier TIMESTAMP_TOKEN_INFO_OID;
-
-    static {
-        PKCS7_OID =  ObjectIdentifier.newInternal(pkcs7);
-        DATA_OID = ObjectIdentifier.newInternal(data);
-        SIGNED_DATA_OID = ObjectIdentifier.newInternal(sdata);
-        ENVELOPED_DATA_OID = ObjectIdentifier.newInternal(edata);
-        SIGNED_AND_ENVELOPED_DATA_OID = ObjectIdentifier.newInternal(sedata);
-        DIGESTED_DATA_OID = ObjectIdentifier.newInternal(ddata);
-        ENCRYPTED_DATA_OID = ObjectIdentifier.newInternal(crdata);
-        OLD_SIGNED_DATA_OID = ObjectIdentifier.newInternal(OLD_SDATA);
-        OLD_DATA_OID = ObjectIdentifier.newInternal(OLD_DATA);
-        /**
-         * The ASN.1 systax for the Netscape Certificate Sequence
-         * data type is defined
-         * <a href=http://wp.netscape.com/eng/security/comm4-cert-download.html>
-         * here.</a>
-         */
-        NETSCAPE_CERT_SEQUENCE_OID = ObjectIdentifier.newInternal(nsdata);
-        TIMESTAMP_TOKEN_INFO_OID = ObjectIdentifier.newInternal(tstInfo);
-    }
+    public static ObjectIdentifier OLD_SIGNED_DATA_OID =
+            ObjectIdentifier.of("1.2.840.1113549.1.7.2");
+    public static ObjectIdentifier OLD_DATA_OID =
+            ObjectIdentifier.of("1.2.840.1113549.1.7.1");
+
+    // The ASN.1 systax for the Netscape Certificate Sequence data type is
+    // defined at:
+    //      http://wp.netscape.com/eng/security/comm4-cert-download.html
+    public static ObjectIdentifier NETSCAPE_CERT_SEQUENCE_OID =
+            ObjectIdentifier.of("2.16.840.1.113730.2.5");
+
+    // timestamp token (id-ct-TSTInfo) from RFC 3161
+    public static ObjectIdentifier TIMESTAMP_TOKEN_INFO_OID =
+            ObjectIdentifier.of("1.2.840.113549.1.9.16.1.4");
 
     ObjectIdentifier contentType;
     DerValue content; // OPTIONAL
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -190,15 +190,14 @@ public class PKCS9Attribute implements DerEncoder {
 
     static {   // static initializer for PKCS9_OIDS
         for (int i = 1; i < PKCS9_OIDS.length - 2; i++) {
-            PKCS9_OIDS[i] =
-                ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,i});
+            PKCS9_OIDS[i] = ObjectIdentifier.of("1.2.840.113549.1.9." + i);
         }
         // Initialize SigningCertificate and SignatureTimestampToken
         // separately (because their values are out of sequence)
         PKCS9_OIDS[PKCS9_OIDS.length - 2] =
-            ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,16,2,12});
+            ObjectIdentifier.of("1.2.840.113549.1.9.16.2.12");
         PKCS9_OIDS[PKCS9_OIDS.length - 1] =
-            ObjectIdentifier.newInternal(new int[]{1,2,840,113549,1,9,16,2,14});
+            ObjectIdentifier.of("1.2.840.113549.1.9.16.2.14");
 
         try {
             BYTE_ARRAY_CLASS = Class.forName("[B");
@@ -253,7 +252,7 @@ public class PKCS9Attribute implements DerEncoder {
      * that occur in PKCS9, in lower case.
      */
     private static final Hashtable<String, ObjectIdentifier> NAME_OID_TABLE =
-        new Hashtable<String, ObjectIdentifier>(18);
+        new Hashtable<String, ObjectIdentifier>(17);
 
     static { // static initializer for PCKS9_NAMES
         NAME_OID_TABLE.put("emailaddress", PKCS9_OIDS[1]);
@@ -280,7 +279,7 @@ public class PKCS9Attribute implements DerEncoder {
      * corresponding attribute value type.
      */
     private static final Hashtable<ObjectIdentifier, String> OID_NAME_TABLE =
-        new Hashtable<ObjectIdentifier, String>(16);
+        new Hashtable<ObjectIdentifier, String>(17);
     static {
         OID_NAME_TABLE.put(PKCS9_OIDS[1], EMAIL_ADDRESS_STR);
         OID_NAME_TABLE.put(PKCS9_OIDS[2], UNSTRUCTURED_NAME_STR);