From bc2461f2051247f59b68ba39d0eba9796b3ddfe0 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Tue, 1 Mar 2016 20:46:49 -0500 Subject: [PATCH 74/75] Move OCSP digest name lookup to CertID class The OCSP digest name lookup is currently defined in IOCSPAuthority and implemented by OCSPAuthority, but /any/ code that deals with CertID might need to know the digest, so move the lookup there. Also refactor the lookup to use a HashMap, and add mappings for SHA2 algorithms. --- .../com/netscape/certsrv/ocsp/IOCSPAuthority.java | 9 --------- base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java | 21 --------------------- .../cms/src/com/netscape/cms/ocsp/DefStore.java | 3 +-- .../cms/src/com/netscape/cms/ocsp/LDAPStore.java | 3 +-- base/util/src/com/netscape/cmsutil/ocsp/CertID.java | 19 +++++++++++++++++++ 5 files changed, 21 insertions(+), 34 deletions(-) diff --git a/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java b/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java index 6164b4917181d0181c73eabd0a7a9c3fe265e2de..3264d2ce5f1dbb88172e9ac124168af5acf7930b 100644 --- a/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java +++ b/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java @@ -144,15 +144,6 @@ public interface IOCSPAuthority extends ISubsystem { public X500Name getName(); /** - * This method retrieves an OCSP server instance digest name as a string. - *

- * - * @param alg the signing algorithm - * @return String the digest name of the related OCSP server - */ - public String getDigestName(AlgorithmIdentifier alg); - - /** * This method signs the basic OCSP response data provided as a parameter. *

* diff --git a/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java b/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java index eb9060663c0ff5336cf7d4d0736b6d6284d2ae49..e6fd87da0770a2e85958112765464fccbd26cb05 100644 --- a/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java +++ b/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java @@ -257,27 +257,6 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, return mOCSPSigningAlgorithms; } - public static final OBJECT_IDENTIFIER MD2 = - new OBJECT_IDENTIFIER("1.2.840.113549.2.2"); - public static final OBJECT_IDENTIFIER MD5 = - new OBJECT_IDENTIFIER("1.2.840.113549.2.5"); - public static final OBJECT_IDENTIFIER SHA1 = - new OBJECT_IDENTIFIER("1.3.14.3.2.26"); - - public String getDigestName(AlgorithmIdentifier alg) { - if (alg == null) { - return null; - } else if (alg.getOID().equals(MD2)) { - return "MD2"; - } else if (alg.getOID().equals(MD5)) { - return "MD5"; - } else if (alg.getOID().equals(SHA1)) { - return "SHA1"; // 1.3.14.3.2.26 - } else { - return null; - } - } - /** * Retrieves the name of this OCSP server. */ diff --git a/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java b/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java index 86e0c68b1b40a90c1647abaeccbec983b2d7ee49..217c56833ca660176702c9badf5e14d286482908 100644 --- a/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java +++ b/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java @@ -449,8 +449,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CERT", e.toString())); return null; } - MessageDigest md = MessageDigest.getInstance( - mOCSPAuthority.getDigestName(cid.getHashAlgorithm())); + MessageDigest md = MessageDigest.getInstance(cid.getDigestName()); X509Key key = (X509Key) cert.getPublicKey(); byte digest[] = md.digest(key.getKey()); diff --git a/base/server/cms/src/com/netscape/cms/ocsp/LDAPStore.java b/base/server/cms/src/com/netscape/cms/ocsp/LDAPStore.java index e2e5fc4937d626d70a15946bb6a839c43440ce29..0d2d608bf057ac281e3a8c1ae1da597579a25c5e 100644 --- a/base/server/cms/src/com/netscape/cms/ocsp/LDAPStore.java +++ b/base/server/cms/src/com/netscape/cms/ocsp/LDAPStore.java @@ -466,8 +466,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { MessageDigest md = null; try { - md = MessageDigest.getInstance( - mOCSPAuthority.getDigestName(cid.getHashAlgorithm())); + md = MessageDigest.getInstance(cid.getDigestName()); } catch (Exception e) { } X509Key key = (X509Key) caCert.getPublicKey(); diff --git a/base/util/src/com/netscape/cmsutil/ocsp/CertID.java b/base/util/src/com/netscape/cmsutil/ocsp/CertID.java index 23668f194da1b383b6023984fd5a6f27b1718bd7..2a1f398ff47d911e38da0366dc79c8d1f7443f73 100644 --- a/base/util/src/com/netscape/cmsutil/ocsp/CertID.java +++ b/base/util/src/com/netscape/cmsutil/ocsp/CertID.java @@ -20,11 +20,13 @@ package com.netscape.cmsutil.ocsp; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; +import java.util.HashMap; import org.mozilla.jss.asn1.ASN1Template; import org.mozilla.jss.asn1.ASN1Value; import org.mozilla.jss.asn1.INTEGER; import org.mozilla.jss.asn1.InvalidBERException; +import org.mozilla.jss.asn1.OBJECT_IDENTIFIER; import org.mozilla.jss.asn1.OCTET_STRING; import org.mozilla.jss.asn1.SEQUENCE; import org.mozilla.jss.asn1.Tag; @@ -152,4 +154,21 @@ public class CertID implements ASN1Value { (INTEGER) seq.elementAt(3)); } } + + + private static HashMap digestNames = new HashMap<>(); + + static { + digestNames.put(new OBJECT_IDENTIFIER("1.2.840.113549.2.2"), "MD2"); + digestNames.put(new OBJECT_IDENTIFIER("1.2.840.113549.2.5"), "MD5"); + digestNames.put(new OBJECT_IDENTIFIER("1.3.14.3.2.26"), "SHA-1"); + digestNames.put(new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.2.4"), "SHA-224"); + digestNames.put(new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.2.1"), "SHA-256"); + digestNames.put(new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.2.2"), "SHA-384"); + digestNames.put(new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.2.3"), "SHA-512"); + } + + public String getDigestName() { + return digestNames.get(hashAlgorithm.getOID()); + } } -- 2.5.0