Class AlgorithmId

java.lang.Object
org.mozilla.jss.netscape.security.x509.AlgorithmId
All Implemented Interfaces:
Serializable, DerEncoder
Direct Known Subclasses:
AlgIdDSA

public class AlgorithmId extends Object implements Serializable, DerEncoder
This class identifies algorithms, such as cryptographic transforms, each of which may be associated with parameters. Instances of this base class are used when this runtime environment has no special knowledge of the algorithm type, and may also be used in other cases. Equivalence is defined according to OID and (where relevant) parameters.

Subclasses may be used, for example when when the algorithm ID has associated parameters which some code (e.g. code using public keys) needs to have parsed. Two examples of such algorithms are Diffie-Hellman key exchange, and the Digital Signature Standard Algorithm (DSS/DSA).

The OID constants defined in this class correspond to some widely used algorithms, for which conventional string names have been defined. This class is not a general repository for OIDs, or for such string names. Note that the mappings between algorithm IDs and algorithm names is not one-to-one.

Version:
1.70
See Also:
  • Field Details

    • serialVersionUID

      private static final long serialVersionUID
      use serialVersionUID from JDK 1.1. for interoperability
      See Also:
    • algid

      private ObjectIdentifier algid
      The object identitifer being used for this algorithm.
    • algParams

      private AlgorithmParameters algParams
    • cachedAlgName

      private String cachedAlgName
    • params

      protected DerValue params
      Parameters for this algorithm. These are stored in unparsed DER-encoded form; subclasses can be made to automaticaly parse them so there is fast access to these parameters.
    • paramsString

      protected String paramsString
    • MD2_data

      private static final int[] MD2_data
    • MD5_data

      private static final int[] MD5_data
    • SHA1_OIW_data

      @Deprecated(since="5.0.1", forRemoval=true) private static final int[] SHA1_OIW_data
      Deprecated, for removal: This API element is subject to removal in a future version.
    • SHA256_data

      private static final int[] SHA256_data
    • SHA384_data

      private static final int[] SHA384_data
    • SHA512_data

      private static final int[] SHA512_data
    • MGF1_data

      private static final int[] MGF1_data
    • MD2_oid

      public static final ObjectIdentifier MD2_oid
      Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319. OID = 1.2.840.113549.2.2
    • MD5_oid

      public static final ObjectIdentifier MD5_oid
      Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321. OID = 1.2.840.113549.2.5
    • SHA_oid

      @Deprecated(since="5.0.1", forRemoval=true) public static final ObjectIdentifier SHA_oid
      Deprecated, for removal: This API element is subject to removal in a future version.
      Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1. This is sometimes called "SHA", though that is often confusing since many people refer to FIPS 180 (which has an error) as defining SHA. OID = 1.3.14.3.2.26
    • SHA256_oid

      public static final ObjectIdentifier SHA256_oid
    • SHA384_oid

      public static final ObjectIdentifier SHA384_oid
    • SHA512_oid

      public static final ObjectIdentifier SHA512_oid
    • MGF1_oid

      public static final ObjectIdentifier MGF1_oid
    • DH_data

      private static final int[] DH_data
    • DH_PKIX_data

      private static final int[] DH_PKIX_data
    • DSA_OIW_data

      private static final int[] DSA_OIW_data
    • DSA_PKIX_data

      private static final int[] DSA_PKIX_data
    • RSA_data

      private static final int[] RSA_data
    • RSAEncryption_data

      private static final int[] RSAEncryption_data
    • ANSI_X962_public_key_data

      private static final int[] ANSI_X962_public_key_data
    • ANSI_X962_sha1_with_ec_data

      private static final int[] ANSI_X962_sha1_with_ec_data
    • ANSIX962_EC_Public_Key_oid

      public static final ObjectIdentifier ANSIX962_EC_Public_Key_oid
    • ANSIX962_SHA1_With_EC_oid

      @Deprecated(since="5.0.1", forRemoval=true) public static final ObjectIdentifier ANSIX962_SHA1_With_EC_oid
      Deprecated, for removal: This API element is subject to removal in a future version.
    • DH_oid

      public static final ObjectIdentifier DH_oid
      Algorithm ID for Diffie Hellman Key agreement, from PKCS #3. Parameters include public values P and G, and may optionally specify the length of the private key X. Alternatively, algorithm parameters may be derived from another source such as a Certificate Authority's certificate. OID = 1.2.840.113549.1.3.1
    • DH_PKIX_oid

      public static final ObjectIdentifier DH_PKIX_oid
      Algorithm ID for the Diffie Hellman Key Agreement (DH), from the IETF PKIX IPKI Part I. Parameters may include public values P and G. OID = 1.2.840.10046.2.1
    • DSA_OIW_oid

      public static final ObjectIdentifier DSA_OIW_oid
      Algorithm ID for the Digital Signing Algorithm (DSA), from the NIST OIW Stable Agreements part 12. Parameters may include public values P, Q, and G; or these may be derived from another source such as a Certificate Authority's certificate. OID = 1.3.14.3.2.12
    • DSA_oid

      public static final ObjectIdentifier DSA_oid
      Algorithm ID for the Digital Signing Algorithm (DSA), from the IETF PKIX IPKI Part I. Parameters may include public values P, Q, and G; or these may be derived from another source such as a Certificate Authority's certificate. OID = 1.2.840.10040.4.1
    • RSA_oid

      public static final ObjectIdentifier RSA_oid
      Algorithm ID for RSA keys used for any purpose, as defined in X.509. The algorithm parameter is a single value, the number of bits in the public modulus. OID = 1.2.5.8.1.1
    • RSAEncryption_oid

      public static final ObjectIdentifier RSAEncryption_oid
      Algorithm ID for RSA keys used with RSA encryption, as defined in PKCS #1. There are no parameters associated with this algorithm. OID = 1.2.840.113549.1.1.1
    • sha1WithEC_data

      @Deprecated(since="5.0.1", forRemoval=true) private static final int[] sha1WithEC_data
      Deprecated, for removal: This API element is subject to removal in a future version.
    • sha224WithEC_data

      private static final int[] sha224WithEC_data
    • sha256WithEC_data

      private static final int[] sha256WithEC_data
    • sha384WithEC_data

      private static final int[] sha384WithEC_data
    • sha512WithEC_data

      private static final int[] sha512WithEC_data
    • md2WithRSAEncryption_data

      private static final int[] md2WithRSAEncryption_data
    • md5WithRSAEncryption_data

      private static final int[] md5WithRSAEncryption_data
    • sha1WithRSAEncryption_data

      @Deprecated(since="5.0.1", forRemoval=true) private static final int[] sha1WithRSAEncryption_data
      Deprecated, for removal: This API element is subject to removal in a future version.
    • sha256WithRSAEncryption_data

      private static final int[] sha256WithRSAEncryption_data
    • sha384WithRSAEncryption_data

      private static final int[] sha384WithRSAEncryption_data
    • sha512WithRSAEncryption_data

      private static final int[] sha512WithRSAEncryption_data
    • sha1WithRSAEncryption_OIW_data

      @Deprecated(since="5.0.1", forRemoval=true) private static final int[] sha1WithRSAEncryption_OIW_data
      Deprecated, for removal: This API element is subject to removal in a future version.
    • shaWithDSA_OIW_data

      @Deprecated(since="5.0.1", forRemoval=true) private static final int[] shaWithDSA_OIW_data
      Deprecated, for removal: This API element is subject to removal in a future version.
    • sha1WithDSA_OIW_data

      @Deprecated(since="5.0.1", forRemoval=true) private static final int[] sha1WithDSA_OIW_data
      Deprecated, for removal: This API element is subject to removal in a future version.
    • dsaWithSHA1_PKIX_data

      @Deprecated(since="5.0.1", forRemoval=true) private static final int[] dsaWithSHA1_PKIX_data
      Deprecated, for removal: This API element is subject to removal in a future version.
    • rsaPSS_data

      private static final int[] rsaPSS_data
    • sha1WithEC_oid

      @Deprecated(since="5.0.1", forRemoval=true) public static final ObjectIdentifier sha1WithEC_oid
      Deprecated, for removal: This API element is subject to removal in a future version.
    • sha224WithEC_oid

      public static final ObjectIdentifier sha224WithEC_oid
    • sha256WithEC_oid

      public static final ObjectIdentifier sha256WithEC_oid
    • sha384WithEC_oid

      public static final ObjectIdentifier sha384WithEC_oid
    • sha512WithEC_oid

      public static final ObjectIdentifier sha512WithEC_oid
    • rsaPSS_oid

      public static final ObjectIdentifier rsaPSS_oid
    • md2WithRSAEncryption_oid

      public static final ObjectIdentifier md2WithRSAEncryption_oid
      Identifies a signing algorithm where an MD2 digest is encrypted using an RSA private key; defined in PKCS #1. Use of this signing algorithm is discouraged due to MD2 vulnerabilities. OID = 1.2.840.113549.1.1.2
    • md5WithRSAEncryption_oid

      public static final ObjectIdentifier md5WithRSAEncryption_oid
      Identifies a signing algorithm where an MD5 digest is encrypted using an RSA private key; defined in PKCS #1. OID = 1.2.840.113549.1.1.4
    • sha1WithRSAEncryption_oid

      @Deprecated(since="5.0.1", forRemoval=true) public static final ObjectIdentifier sha1WithRSAEncryption_oid
      Deprecated, for removal: This API element is subject to removal in a future version.
      The proper one for sha1/rsa
    • sha256WithRSAEncryption_oid

      public static final ObjectIdentifier sha256WithRSAEncryption_oid
      The proper one for sha256/rsa
    • sha384WithRSAEncryption_oid

      public static final ObjectIdentifier sha384WithRSAEncryption_oid
      The proper one for sha384/rsa
    • sha512WithRSAEncryption_oid

      public static final ObjectIdentifier sha512WithRSAEncryption_oid
      The proper one for sha512/rsa
    • sha1WithRSAEncryption_OIW_oid

      @Deprecated(since="5.0.1", forRemoval=true) public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid
      Deprecated, for removal: This API element is subject to removal in a future version.
      Identifies a signing algorithm where an SHA1 digest is encrypted using an RSA private key; defined in NIST OIW. OID = 1.3.14.3.2.29
    • shaWithDSA_OIW_oid

      @Deprecated(since="5.0.1", forRemoval=true) public static final ObjectIdentifier shaWithDSA_OIW_oid
      Deprecated, for removal: This API element is subject to removal in a future version.
      Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a SHA digest is signed using the Digital Signing Algorithm (DSA). This should not be used. OID = 1.3.14.3.2.13
    • sha1WithDSA_OIW_oid

      @Deprecated(since="5.0.1", forRemoval=true) public static final ObjectIdentifier sha1WithDSA_OIW_oid
      Deprecated, for removal: This API element is subject to removal in a future version.
      Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a SHA1 digest is signed using the Digital Signing Algorithm (DSA). OID = 1.3.14.3.2.27
    • sha1WithDSA_oid

      @Deprecated(since="5.0.1", forRemoval=true) public static final ObjectIdentifier sha1WithDSA_oid
      Deprecated, for removal: This API element is subject to removal in a future version.
      Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a SHA1 digest is signed using the Digital Signing Algorithm (DSA). OID = 1.2.840.10040.4.3
    • DSA_SIGNING_ALGORITHMS

      @Deprecated(since="5.0.1", forRemoval=true) public static final String[] DSA_SIGNING_ALGORITHMS
      Deprecated, for removal: This API element is subject to removal in a future version.
      Supported signing algorithms for a DSA key.
    • RSA_SIGNING_ALGORITHMS

      public static final String[] RSA_SIGNING_ALGORITHMS
      Supported signing algorithms for a RSA key.
    • EC_SIGNING_ALGORITHMS

      public static final String[] EC_SIGNING_ALGORITHMS
    • ALL_SIGNING_ALGORITHMS

      public static final String[] ALL_SIGNING_ALGORITHMS
      All supported signing algorithms.
  • Constructor Details

  • Method Details

    • getParameters

      public AlgorithmParameters getParameters()
    • getParametersString

      public String getParametersString()
    • setParametersString

      public void setParametersString(String paramStr)
    • get

      public static AlgorithmId get(String algname) throws NoSuchAlgorithmException
      Returns one of the algorithm IDs most commonly associated with this algorithm name.
      Parameters:
      algname - the name being used
      Returns:
      an ID for the algorithm.
      Throws:
      NoSuchAlgorithmException - on error.
    • parse

      public static AlgorithmId parse(DerValue val) throws IOException
      Parse (unmarshal) an ID from a DER sequence input value. This form parsing might be used when expanding a value which has already been partially unmarshaled as a set or sequence member.
      Parameters:
      val - the input value, which contains the algid and, if there are any parameters, those parameters.
      Returns:
      an ID for the algorithm. If the system is configured appropriately, this may be an instance of a class with some kind of special support for this algorithm. In that case, you may "narrow" the type of the ID.
      Throws:
      IOException - on error.
    • parse

      public static AlgorithmId parse(byte[] val) throws IOException
      Throws:
      IOException
    • getPSSParams

      private AlgorithmParameters getPSSParams(String algName) throws NoSuchAlgorithmException, IOException
      Throws:
      NoSuchAlgorithmException
      IOException
    • decodeParams

      protected void decodeParams() throws IOException
      Throws:
      IOException
    • encode

      public final void encode(DerOutputStream out) throws IOException
      Marshal a DER-encoded "AlgorithmID" sequence on the DER stream.
      Parameters:
      out - the output stream on which to write the DER encoding.
      Throws:
      IOException - on encoding error.
    • derEncode

      public void derEncode(OutputStream out) throws IOException
      DER encode this object onto an output stream. Implements the DerEncoder interface.
      Specified by:
      derEncode in interface DerEncoder
      Parameters:
      out - the output stream on which to write the DER encoding.
      Throws:
      IOException - on encoding error.
    • derEncodeWithContext

      public void derEncodeWithContext(OutputStream out, int contextVal) throws IOException
      DER encode this object onto an output stream. Implements the DerEncoder interface.
      Parameters:
      out - the output stream on which to write the DER encoding params, using context value.
      contextVal - context value
      Throws:
      IOException - on encoding error.
    • encode

      public final byte[] encode() throws IOException
      Returns the DER-encoded X.509 AlgorithmId as a byte array.
      Returns:
      the byte array
      Throws:
      IOException - If an error occurred.
    • getSigningAlgorithms

      public static String[] getSigningAlgorithms(AlgorithmId alg)
      Returns list of signing algorithms for a key algorithm such as RSA or DSA.
      Parameters:
      alg - key algorithm
      Returns:
      list of signing algorithms
    • algOID

      private static ObjectIdentifier algOID(String name)
    • algName

      private String algName()
    • getOID

      public final ObjectIdentifier getOID()
      Returns the ISO OID for this algorithm. This is usually converted to a string and used as part of an algorithm name, for example "OID.1.3.14.3.2.13" style notation. Use the getName call when you do not need to ensure cross-system portability of algorithm names, or need a user friendly name.
      Returns:
      the ISO OID
    • getName

      public String getName()
      Returns a name for the algorithm which may be more intelligible to humans than the algorithm's OID, but which won't necessarily be comprehensible on other systems. For example, this might return a name such as "MD5withRSA" for a signature algorithm on some systems. It also returns names like "OID.1.2.3.4", when no particular name for the algorithm is known.
      Returns:
      the name
    • toString

      public String toString()
      Returns a string describing only the algorithm without parameters. Use toStringWithParams() for algorithm name and paramaters, or paramsToString() for just parameters.
      Overrides:
      toString in class Object
      Returns:
      algorithm name
    • toStringWithParams

      public String toStringWithParams()
      Returns a string describing the algorithm and its parameters.
      Returns:
      algorithm name and parameters
    • getEncodedParams

      public byte[] getEncodedParams() throws IOException
      Returns the DER encoded parameter, which can then be used to initialize java.security.AlgorithmParamters.
      Returns:
      DER encoded parameters, or null not present.
      Throws:
      IOException - If an error occurred.
    • paramsToString

      protected String paramsToString()
      Provides a human-readable description of the algorithm parameters. This may be redefined by subclasses which parse those parameters.
      Returns:
      algorithm parameters description
    • equals

      public boolean equals(AlgorithmId other)
      Returns true iff the argument indicates the same algorithm with the same parameters.
      Parameters:
      other - another algorithm ID
      Returns:
      true iff it's identical
    • equals

      public boolean equals(Object other)
      Compares this AlgorithmID to another. If algorithm parameters are available, they are compared. Otherwise, just the object IDs for the algorithm are compared.
      Overrides:
      equals in class Object
      Parameters:
      other - preferably an AlgorithmId, else an ObjectIdentifier
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object
    • equals

      public final boolean equals(ObjectIdentifier id)
      Compares two algorithm IDs for equality. Returns true iff they are the same algorithm, ignoring algorithm parameters.
      Parameters:
      id - another algorithm ID
      Returns:
      true iff it's the same
    • createPSSAlgorithmParametersFromData

      public static AlgorithmParameters createPSSAlgorithmParametersFromData(byte[] der) throws Exception
      Throws:
      Exception
    • createPSSAlgorithmParameters

      Used to create the PSS algorithm params needed for RSA PSS signatures.
      Parameters:
      algName - algorithm name
      Returns:
      algorithm parameters
      Throws:
      IllegalArgumentException
      NoSuchProviderException
      InvalidParameterSpecException
      NoSuchAlgorithmException