From 04214b3d3405750cbbda228554c0d9f087a59170 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Tue, 1 Mar 2016 20:46:49 -0500 Subject: Move OCSP digest name lookup to CertID class The OCSP digest name lookup is currently defined in IOCSPAuthority and implemented by OCSPAuthority, but /any/ code that deals with CertID might need to know the digest, so move the lookup there. Also refactor the lookup to use a HashMap, and add mappings for SHA2 algorithms. --- .../com/netscape/certsrv/ocsp/IOCSPAuthority.java | 9 --------- base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java | 21 --------------------- .../cms/src/com/netscape/cms/ocsp/DefStore.java | 3 +-- .../cms/src/com/netscape/cms/ocsp/LDAPStore.java | 3 +-- base/util/src/com/netscape/cmsutil/ocsp/CertID.java | 19 +++++++++++++++++++ 5 files changed, 21 insertions(+), 34 deletions(-) diff --git a/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java b/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java index 6164b4917..3264d2ce5 100644 --- a/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java +++ b/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java @@ -143,15 +143,6 @@ public interface IOCSPAuthority extends ISubsystem { */ public X500Name getName(); - /** - * This method retrieves an OCSP server instance digest name as a string. - *

- * - * @param alg the signing algorithm - * @return String the digest name of the related OCSP server - */ - public String getDigestName(AlgorithmIdentifier alg); - /** * This method signs the basic OCSP response data provided as a parameter. *

diff --git a/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java b/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java index eb9060663..e6fd87da0 100644 --- a/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java +++ b/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java @@ -257,27 +257,6 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, return mOCSPSigningAlgorithms; } - public static final OBJECT_IDENTIFIER MD2 = - new OBJECT_IDENTIFIER("1.2.840.113549.2.2"); - public static final OBJECT_IDENTIFIER MD5 = - new OBJECT_IDENTIFIER("1.2.840.113549.2.5"); - public static final OBJECT_IDENTIFIER SHA1 = - new OBJECT_IDENTIFIER("1.3.14.3.2.26"); - - public String getDigestName(AlgorithmIdentifier alg) { - if (alg == null) { - return null; - } else if (alg.getOID().equals(MD2)) { - return "MD2"; - } else if (alg.getOID().equals(MD5)) { - return "MD5"; - } else if (alg.getOID().equals(SHA1)) { - return "SHA1"; // 1.3.14.3.2.26 - } else { - return null; - } - } - /** * Retrieves the name of this OCSP server. */ diff --git a/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java b/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java index 86e0c68b1..217c56833 100644 --- a/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java +++ b/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java @@ -449,8 +449,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CERT", e.toString())); return null; } - MessageDigest md = MessageDigest.getInstance( - mOCSPAuthority.getDigestName(cid.getHashAlgorithm())); + MessageDigest md = MessageDigest.getInstance(cid.getDigestName()); X509Key key = (X509Key) cert.getPublicKey(); byte digest[] = md.digest(key.getKey()); diff --git a/base/server/cms/src/com/netscape/cms/ocsp/LDAPStore.java b/base/server/cms/src/com/netscape/cms/ocsp/LDAPStore.java index e2e5fc493..0d2d608bf 100644 --- a/base/server/cms/src/com/netscape/cms/ocsp/LDAPStore.java +++ b/base/server/cms/src/com/netscape/cms/ocsp/LDAPStore.java @@ -466,8 +466,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { MessageDigest md = null; try { - md = MessageDigest.getInstance( - mOCSPAuthority.getDigestName(cid.getHashAlgorithm())); + md = MessageDigest.getInstance(cid.getDigestName()); } catch (Exception e) { } X509Key key = (X509Key) caCert.getPublicKey(); diff --git a/base/util/src/com/netscape/cmsutil/ocsp/CertID.java b/base/util/src/com/netscape/cmsutil/ocsp/CertID.java index 23668f194..2a1f398ff 100644 --- a/base/util/src/com/netscape/cmsutil/ocsp/CertID.java +++ b/base/util/src/com/netscape/cmsutil/ocsp/CertID.java @@ -20,11 +20,13 @@ package com.netscape.cmsutil.ocsp; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; +import java.util.HashMap; import org.mozilla.jss.asn1.ASN1Template; import org.mozilla.jss.asn1.ASN1Value; import org.mozilla.jss.asn1.INTEGER; import org.mozilla.jss.asn1.InvalidBERException; +import org.mozilla.jss.asn1.OBJECT_IDENTIFIER; import org.mozilla.jss.asn1.OCTET_STRING; import org.mozilla.jss.asn1.SEQUENCE; import org.mozilla.jss.asn1.Tag; @@ -152,4 +154,21 @@ public class CertID implements ASN1Value { (INTEGER) seq.elementAt(3)); } } + + + private static HashMap digestNames = new HashMap<>(); + + static { + digestNames.put(new OBJECT_IDENTIFIER("1.2.840.113549.2.2"), "MD2"); + digestNames.put(new OBJECT_IDENTIFIER("1.2.840.113549.2.5"), "MD5"); + digestNames.put(new OBJECT_IDENTIFIER("1.3.14.3.2.26"), "SHA-1"); + digestNames.put(new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.2.4"), "SHA-224"); + digestNames.put(new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.2.1"), "SHA-256"); + digestNames.put(new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.2.2"), "SHA-384"); + digestNames.put(new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.2.3"), "SHA-512"); + } + + public String getDigestName() { + return digestNames.get(hashAlgorithm.getOID()); + } } -- cgit