Class PKCS9Attribute

java.lang.Object
org.mozilla.jss.netscape.security.pkcs.PKCS9Attribute
All Implemented Interfaces:
DerEncoder

public class PKCS9Attribute extends Object implements DerEncoder
Class supporting any PKCS9 attribute except ExtendedCertificateAttribute. Supports DER decoding and access to attribute values, but not DER encoding or setting of values.
Version:
1.2 97/12/10
  • Field Details

    • RSADSI_str

      private static final String RSADSI_str
      See Also:
    • PKCS_str

      private static final String PKCS_str
      See Also:
    • PKCS9_str

      private static final String PKCS9_str
      See Also:
    • PKCS9_OIDS

      static final ObjectIdentifier[] PKCS9_OIDS
      Array of attribute OIDs defined in PKCS9, by number.
    • EMAIL_ADDRESS_OID

      public static final ObjectIdentifier EMAIL_ADDRESS_OID
    • UNSTRUCTURED_NAME_OID

      public static final ObjectIdentifier UNSTRUCTURED_NAME_OID
    • CONTENT_TYPE_OID

      public static final ObjectIdentifier CONTENT_TYPE_OID
    • MESSAGE_DIGEST_OID

      public static final ObjectIdentifier MESSAGE_DIGEST_OID
    • SIGNING_TIME_OID

      public static final ObjectIdentifier SIGNING_TIME_OID
    • COUNTERSIGNATURE_OID

      public static final ObjectIdentifier COUNTERSIGNATURE_OID
    • CHALLENGE_PASSWORD_OID

      public static final ObjectIdentifier CHALLENGE_PASSWORD_OID
    • UNSTRUCTURED_ADDRESS_OID

      public static final ObjectIdentifier UNSTRUCTURED_ADDRESS_OID
    • EXTENDED_CERTIFICATE_ATTRIBUTES_OID

      public static final ObjectIdentifier EXTENDED_CERTIFICATE_ATTRIBUTES_OID
    • ISSUER_AND_SERIALNUMBER_OID

      public static final ObjectIdentifier ISSUER_AND_SERIALNUMBER_OID
    • PASSWORD_CHECK_OID

      public static final ObjectIdentifier PASSWORD_CHECK_OID
    • PUBLIC_KEY_OID

      public static final ObjectIdentifier PUBLIC_KEY_OID
    • SIGNING_DESCRIPTION_OID

      public static final ObjectIdentifier SIGNING_DESCRIPTION_OID
    • EXTENSION_REQUEST_OID

      public static final ObjectIdentifier EXTENSION_REQUEST_OID
    • EMAIL_ADDRESS_STR

      public static final String EMAIL_ADDRESS_STR
      See Also:
    • UNSTRUCTURED_NAME_STR

      public static final String UNSTRUCTURED_NAME_STR
      See Also:
    • CONTENT_TYPE_STR

      public static final String CONTENT_TYPE_STR
      See Also:
    • MESSAGE_DIGEST_STR

      public static final String MESSAGE_DIGEST_STR
      See Also:
    • SIGNING_TIME_STR

      public static final String SIGNING_TIME_STR
      See Also:
    • COUNTERSIGNATURE_STR

      public static final String COUNTERSIGNATURE_STR
      See Also:
    • CHALLENGE_PASSWORD_STR

      public static final String CHALLENGE_PASSWORD_STR
      See Also:
    • UNSTRUCTURED_ADDRESS_STR

      public static final String UNSTRUCTURED_ADDRESS_STR
      See Also:
    • EXTENDED_CERTIFICATE_ATTRIBUTES_STR

      public static final String EXTENDED_CERTIFICATE_ATTRIBUTES_STR
      See Also:
    • ISSUER_AND_SERIALNUMBER_STR

      public static final String ISSUER_AND_SERIALNUMBER_STR
      See Also:
    • PASSWORD_CHECK_STR

      public static final String PASSWORD_CHECK_STR
      See Also:
    • PUBLIC_KEY_STR

      public static final String PUBLIC_KEY_STR
      See Also:
    • SIGNING_DESCRIPTION_STR

      public static final String SIGNING_DESCRIPTION_STR
      See Also:
    • EXTENSION_REQUEST_STR

      public static final String EXTENSION_REQUEST_STR
      See Also:
    • NAME_OID_TABLE

      private static final Hashtable<String,ObjectIdentifier> NAME_OID_TABLE
      Hashtable mapping names and variant names of supported attributes to their OIDs. This table contains all name forms that occur in PKCS9, in lower case.
    • OID_NAME_TABLE

      private static final Hashtable<ObjectIdentifier,String> OID_NAME_TABLE
      Hashtable mapping attribute OIDs defined in PKCS9 to the corresponding attribute value type.
    • PKCS9_VALUE_TAGS

      private static final Byte[][] PKCS9_VALUE_TAGS
      Acceptable ASN.1 tags for DER encodings of values of PKCS9 attributes, by index in PKCS9_OIDS. Sets of acceptable tags are represented as arrays.
    • VALUE_CLASSES

      private static final Class<?>[] VALUE_CLASSES
      Class types required for values for a given PKCS9 attribute type.

      The following table shows the correspondence between attribute types and value component classes.

      OID Attribute Type Name Kind Value Class
      1.2.840.113549.1.9.1 EmailAddress Multiple-valued String[]
      1.2.840.113549.1.9.2 UnstructuredName Multiple-valued String
      1.2.840.113549.1.9.3 ContentType Single-valued ObjectIdentifier
      1.2.840.113549.1.9.4 MessageDigest Single-valued byte[]
      1.2.840.113549.1.9.5 SigningTime Single-valued Date
      1.2.840.113549.1.9.6 Countersignature Multiple-valued SignerInfo
      1.2.840.113549.1.9.7 ChallengePassword Single-valued String
      1.2.840.113549.1.9.8 UnstructuredAddress Single-valued String
      1.2.840.113549.1.9.9 ExtendedCertificateAttributes Multiple-valued (not supported)
      1.2.840.113549.1.9.10 IssuerAndSerialNumber Single-valued (not supported)
      1.2.840.113549.1.9.11 PasswordCheck Single-valued (not supported)
      1.2.840.113549.1.9.12 PublicKey Single-valued (not supported)
      1.2.840.113549.1.9.13 SigningDescription Single-valued (not supported)
      1.2.840.113549.1.9.14 ExtensionRequest Single-valued Sequence
    • SINGLE_VALUED

      private static final boolean[] SINGLE_VALUED
      Array indicating which PKCS9 attributes are single-valued, by index in PKCS9_OIDS.
    • index

      private int index
      The OID of this attribute is PKCS9_OIDS[index].
    • value

      private Object value
      Value set of this attribute. Its class is given by VALUE_CLASSES[index].
  • Constructor Details

    • PKCS9Attribute

      public PKCS9Attribute(ObjectIdentifier oid, Object value) throws IllegalArgumentException
      Construct an attribute object from the attribute's OID and value. If the attribute is single-valued, provide only one value. If the attribute is multiple-valued, provide an array containing all the values. Arrays of length zero are accepted, though probably useless.

      The following table gives the class that value must have for a given attribute.

      value
      OID Attribute Type Name Kind Value Class
      1.2.840.113549.1.9.1 EmailAddress Multiple-valued String[]
      1.2.840.113549.1.9.2 UnstructuredName Multiple-valued String[]
      1.2.840.113549.1.9.3 ContentType Single-valued ObjectIdentifier
      1.2.840.113549.1.9.4 MessageDigest Single-valued byte[]
      1.2.840.113549.1.9.5 SigningTime Single-valued Date
      1.2.840.113549.1.9.6 Countersignature Multiple-valued SignerInfo[]
      1.2.840.113549.1.9.7 ChallengePassword Single-valued String
      1.2.840.113549.1.9.8 UnstructuredAddress Single-valued String[]
      1.2.840.113549.1.9.9 ExtendedCertificateAttributes Multiple-valued (not supported)
      1.2.840.113549.1.9.10 IssuerAndSerialNumber Single-valued (not supported)
      1.2.840.113549.1.9.11 PasswordCheck Single-valued (not supported)
      1.2.840.113549.1.9.12 PublicKey Single-valued (not supported)
      1.2.840.113549.1.9.13 SigningDescription Single-valued (not supported)
      1.2.840.113549.1.9.14 ExtensionRequest Single-valued Sequence
      Throws:
      IllegalArgumentException
    • PKCS9Attribute

      public PKCS9Attribute(String name, Object value) throws IllegalArgumentException
      Construct an attribute object from the attribute's name and value. If the attribute is single-valued, provide only one value. If the attribute is multiple-valued, provide an array containing all the values. Arrays of length zero are accepted, though probably useless.

      The following table gives the class that value must have for a given attribute. Reasonable variants of these attributes are accepted; in particular, case does not matter.

      value
      OID Attribute Type Name Kind Value Class
      1.2.840.113549.1.9.1 EmailAddress Multiple-valued String[]
      1.2.840.113549.1.9.2 UnstructuredName Multiple-valued String[]
      1.2.840.113549.1.9.3 ContentType Single-valued ObjectIdentifier
      1.2.840.113549.1.9.4 MessageDigest Single-valued byte[]
      1.2.840.113549.1.9.5 SigningTime Single-valued Date
      1.2.840.113549.1.9.6 Countersignature Multiple-valued SignerInfo[]
      1.2.840.113549.1.9.7 ChallengePassword Single-valued String
      1.2.840.113549.1.9.8 UnstructuredAddress Single-valued String[]
      1.2.840.113549.1.9.9 ExtendedCertificateAttributes Multiple-valued (not supported)
      1.2.840.113549.1.9.10 IssuerAndSerialNumber Single-valued (not supported)
      1.2.840.113549.1.9.11 PasswordCheck Single-valued (not supported)
      1.2.840.113549.1.9.12 PublicKey Single-valued (not supported)
      1.2.840.113549.1.9.13 SigningDescription Single-valued (not supported)
      1.2.840.113549.1.9.14 ExtensionRequest Single-valued Sequence
      Throws:
      IllegalArgumentException - if the name is not recognized of the value has the wrong type.
    • PKCS9Attribute

      public PKCS9Attribute(DerValue derVal) throws IOException
      Construct a PKCS9Attribute from its encoding on an input stream.
      Throws:
      IOException - on parsing error.
  • Method Details

    • init

      private void init(ObjectIdentifier oid, Object value) throws IllegalArgumentException
      Throws:
      IllegalArgumentException
    • decode

      private void decode(DerValue derVal) throws IOException
      Decode a PKCS9 attribute.
      Parameters:
      val - the DerValue representing the DER encoding of the attribute.
      Throws:
      IOException
    • derEncode

      public void derEncode(OutputStream out) throws IOException
      Write the DER encoding of this attribute to an output stream.

      N.B.: This method always encodes values of ChallengePassword and UnstructuredAddress attributes as ASN.1 PrintableStrings, without checking whether they should be encoded as T61Strings.

      Specified by:
      derEncode in interface DerEncoder
      Parameters:
      out - the stream on which the DER encoding is written.
      Throws:
      IOException - If an error occurred.
    • getValue

      public Object getValue()
      Get the value of this attribute. If the attribute is single-valued, return just the one value. If the attribute is multiple-valued, return an array containing all the values. It is possible for this array to be of length 0.

      The following table gives the class of the value returned, depending on the type of this attribute.

      value
      OID Attribute Type Name Kind Value Class
      1.2.840.113549.1.9.1 EmailAddress Multiple-valued String[]
      1.2.840.113549.1.9.2 UnstructuredName Multiple-valued String[]
      1.2.840.113549.1.9.3 ContentType Single-valued ObjectIdentifier
      1.2.840.113549.1.9.4 MessageDigest Single-valued byte[]
      1.2.840.113549.1.9.5 SigningTime Single-valued Date
      1.2.840.113549.1.9.6 Countersignature Multiple-valued SignerInfo[]
      1.2.840.113549.1.9.7 ChallengePassword Single-valued String
      1.2.840.113549.1.9.8 UnstructuredAddress Single-valued String[]
      1.2.840.113549.1.9.9 ExtendedCertificateAttributes Multiple-valued (not supported)
      1.2.840.113549.1.9.10 IssuerAndSerialNumber Single-valued (not supported)
      1.2.840.113549.1.9.11 PasswordCheck Single-valued (not supported)
      1.2.840.113549.1.9.12 PublicKey Single-valued (not supported)
      1.2.840.113549.1.9.13 SigningDescription Single-valued (not supported)
      1.2.840.113549.1.9.14 ExtensionRequest Single-valued Sequence
    • isSingleValued

      public boolean isSingleValued()
      Show whether this attribute is single-valued.
    • getOID

      public ObjectIdentifier getOID()
      Return the OID of this attribute.
    • getName

      public String getName()
      Return the name of this attribute.
    • getOID

      public static ObjectIdentifier getOID(String name)
      Return the OID for a given attribute name or null if we don't recognize the name.
    • getName

      public static String getName(ObjectIdentifier oid)
      Return the attribute name for a given OID or null if we don't recognize the oid.
    • toString

      public String toString()
      Returns a string representation of this attribute.
      Overrides:
      toString in class Object
    • indexOf

      static int indexOf(Object obj, Object[] a, int start)
      Beginning the search at start, find the first index i such that a[i] = obj.
      Returns:
      the index, if found, and -1 otherwise.
    • throwSingleValuedException

      private void throwSingleValuedException() throws IOException
      Throw an exception when there are multiple values for a single-valued attribute.
      Throws:
      IOException
    • throwTagException

      private void throwTagException(Byte tag) throws IOException
      Throw an exception when the tag on a value encoding is wrong for the attribute whose value it is.
      Throws:
      IOException