diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2016-03-01 20:46:49 -0500 |
|---|---|---|
| committer | Fraser Tweedale <ftweedal@redhat.com> | 2016-03-03 17:19:49 -0500 |
| commit | 04214b3d3405750cbbda228554c0d9f087a59170 (patch) | |
| tree | 3bd51b1de1cb95d229994b0f58331a3a0cb4c9a9 | |
| parent | afe1d7205ae32c272e15dbf42475da4a79b5c9bc (diff) | |
| download | pki-04214b3d3405750cbbda228554c0d9f087a59170.tar.gz pki-04214b3d3405750cbbda228554c0d9f087a59170.tar.xz pki-04214b3d3405750cbbda228554c0d9f087a59170.zip | |
Move OCSP digest name lookup to CertID class
The OCSP digest name lookup is currently defined in IOCSPAuthority
and implemented by OCSPAuthority, but /any/ code that deals with
CertID might need to know the digest, so move the lookup there.
Also refactor the lookup to use a HashMap, and add mappings for SHA2
algorithms.
5 files changed, 21 insertions, 34 deletions
diff --git a/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java b/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java index 6164b4917..3264d2ce5 100644 --- a/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java +++ b/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java @@ -144,15 +144,6 @@ public interface IOCSPAuthority extends ISubsystem { public X500Name getName(); /** - * This method retrieves an OCSP server instance digest name as a string. - * <P> - * - * @param alg the signing algorithm - * @return String the digest name of the related OCSP server - */ - public String getDigestName(AlgorithmIdentifier alg); - - /** * This method signs the basic OCSP response data provided as a parameter. * <P> * diff --git a/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java b/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java index eb9060663..e6fd87da0 100644 --- a/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java +++ b/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java @@ -257,27 +257,6 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, return mOCSPSigningAlgorithms; } - public static final OBJECT_IDENTIFIER MD2 = - new OBJECT_IDENTIFIER("1.2.840.113549.2.2"); - public static final OBJECT_IDENTIFIER MD5 = - new OBJECT_IDENTIFIER("1.2.840.113549.2.5"); - public static final OBJECT_IDENTIFIER SHA1 = - new OBJECT_IDENTIFIER("1.3.14.3.2.26"); - - public String getDigestName(AlgorithmIdentifier alg) { - if (alg == null) { - return null; - } else if (alg.getOID().equals(MD2)) { - return "MD2"; - } else if (alg.getOID().equals(MD5)) { - return "MD5"; - } else if (alg.getOID().equals(SHA1)) { - return "SHA1"; // 1.3.14.3.2.26 - } else { - return null; - } - } - /** * Retrieves the name of this OCSP server. */ diff --git a/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java b/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java index 86e0c68b1..217c56833 100644 --- a/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java +++ b/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java @@ -449,8 +449,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CERT", e.toString())); return null; } - MessageDigest md = MessageDigest.getInstance( - mOCSPAuthority.getDigestName(cid.getHashAlgorithm())); + MessageDigest md = MessageDigest.getInstance(cid.getDigestName()); X509Key key = (X509Key) cert.getPublicKey(); byte digest[] = md.digest(key.getKey()); diff --git a/base/server/cms/src/com/netscape/cms/ocsp/LDAPStore.java b/base/server/cms/src/com/netscape/cms/ocsp/LDAPStore.java index e2e5fc493..0d2d608bf 100644 --- a/base/server/cms/src/com/netscape/cms/ocsp/LDAPStore.java +++ b/base/server/cms/src/com/netscape/cms/ocsp/LDAPStore.java @@ -466,8 +466,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { MessageDigest md = null; try { - md = MessageDigest.getInstance( - mOCSPAuthority.getDigestName(cid.getHashAlgorithm())); + md = MessageDigest.getInstance(cid.getDigestName()); } catch (Exception e) { } X509Key key = (X509Key) caCert.getPublicKey(); diff --git a/base/util/src/com/netscape/cmsutil/ocsp/CertID.java b/base/util/src/com/netscape/cmsutil/ocsp/CertID.java index 23668f194..2a1f398ff 100644 --- a/base/util/src/com/netscape/cmsutil/ocsp/CertID.java +++ b/base/util/src/com/netscape/cmsutil/ocsp/CertID.java @@ -20,11 +20,13 @@ package com.netscape.cmsutil.ocsp; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; +import java.util.HashMap; import org.mozilla.jss.asn1.ASN1Template; import org.mozilla.jss.asn1.ASN1Value; import org.mozilla.jss.asn1.INTEGER; import org.mozilla.jss.asn1.InvalidBERException; +import org.mozilla.jss.asn1.OBJECT_IDENTIFIER; import org.mozilla.jss.asn1.OCTET_STRING; import org.mozilla.jss.asn1.SEQUENCE; import org.mozilla.jss.asn1.Tag; @@ -152,4 +154,21 @@ public class CertID implements ASN1Value { (INTEGER) seq.elementAt(3)); } } + + + private static HashMap<OBJECT_IDENTIFIER, String> digestNames = new HashMap<>(); + + static { + digestNames.put(new OBJECT_IDENTIFIER("1.2.840.113549.2.2"), "MD2"); + digestNames.put(new OBJECT_IDENTIFIER("1.2.840.113549.2.5"), "MD5"); + digestNames.put(new OBJECT_IDENTIFIER("1.3.14.3.2.26"), "SHA-1"); + digestNames.put(new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.2.4"), "SHA-224"); + digestNames.put(new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.2.1"), "SHA-256"); + digestNames.put(new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.2.2"), "SHA-384"); + digestNames.put(new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.2.3"), "SHA-512"); + } + + public String getDigestName() { + return digestNames.get(hashAlgorithm.getOID()); + } } |