From e9ee0936969731ecf60a29b3ca5b052ca033ab07 Mon Sep 17 00:00:00 2001
From: awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>
Date: Tue, 21 Sep 2010 21:25:38 +0000
Subject: Fixed bugzilla bugs: 621327 and 621334.

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1313 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
---
 .../com/netscape/cmsutil/scep/CRSPKIMessage.java   | 54 +++++++++++++++++-----
 1 file changed, 43 insertions(+), 11 deletions(-)

(limited to 'pki/base/util/src/com/netscape/cmsutil')

diff --git a/pki/base/util/src/com/netscape/cmsutil/scep/CRSPKIMessage.java b/pki/base/util/src/com/netscape/cmsutil/scep/CRSPKIMessage.java
index b45f50d59..6ffd58e33 100644
--- a/pki/base/util/src/com/netscape/cmsutil/scep/CRSPKIMessage.java
+++ b/pki/base/util/src/com/netscape/cmsutil/scep/CRSPKIMessage.java
@@ -142,6 +142,7 @@ public class CRSPKIMessage {
 
     private SET           sis;     // set of SignerInfos
     private SignerInfo   si;     // First SignerInfo
+    private AlgorithmIdentifier digestAlgorithmId = null;
     private int          siv;  // Version
     private SET          aa;   // Authenticated Attributes
     private SET          aa_old;   // Authenticated Attributes
@@ -168,6 +169,7 @@ public class CRSPKIMessage {
     private byte[]       iv;              // initialization vector for above key
     private byte[]       ec;              // encrypted content (P10, in case of request)
     private byte[]       cc;              // * 'clear' content (not in ASN.1) *
+    private String       encryptionAlgorithm = null;
 
     // For the CertRep, the enveloped content is another signed Data:
     private SignedData     crsd;
@@ -222,6 +224,25 @@ public class CRSPKIMessage {
         return oid;
     }
 
+    // getHashAlgorithm is added to work around issue 636217
+    private String getHashAlgorithm (OBJECT_IDENTIFIER algorithmOID)
+    {
+        String hashAlgorithm = null;
+        OBJECT_IDENTIFIER oid = MD5_DIGEST;
+        if (algorithmOID != null) {
+            if (algorithmOID.equals(MD5_DIGEST)) {
+                hashAlgorithm = "MD5";
+            } else if (algorithmOID.equals(SHA1_DIGEST)) {
+                hashAlgorithm = "SHA1";
+            } else if (algorithmOID.equals(SHA256_DIGEST)) {
+                hashAlgorithm = "SHA256";
+            } else  if (algorithmOID.equals(SHA512_DIGEST)) {
+                hashAlgorithm = "SHA512";
+            }
+        }
+        return hashAlgorithm;
+    }
+
     // These functions are used to initialize the various blobs
 
     public void makeSignedData(int version,
@@ -514,6 +535,18 @@ public class CRSPKIMessage {
         return iv;
     }
 
+    public String getEncryptionAlgorithm() {
+        return encryptionAlgorithm;
+    }
+
+    public String getDigestAlgorithmName() {
+        String name = null;
+        if (digestAlgorithmId != null) {
+           name = getHashAlgorithm(digestAlgorithmId.getOID());
+        }
+        return name;
+    }
+
     public PublicKey getSignerPublicKey() {
         try {
 
@@ -653,7 +686,7 @@ public class CRSPKIMessage {
     }
             
 
-    public String decodeCRSPKIMessage (ByteArrayInputStream bais) throws InvalidBERException, Exception {
+    private void decodeCRSPKIMessage (ByteArrayInputStream bais) throws InvalidBERException, Exception {
 
         org.mozilla.jss.pkcs7.ContentInfo.Template crscit;
 
@@ -671,7 +704,7 @@ public class CRSPKIMessage {
                     new ByteArrayInputStream(
                         ((ANY) crsci.getContent()).getEncoded()
                     ));
-        return this.decodeSD();
+        this.decodeSD();
     }
 
     public CRSPKIMessage() {
@@ -683,7 +716,7 @@ public class CRSPKIMessage {
         decodeCRSPKIMessage(bais);
     }
 
-    private String decodeSD() throws Exception {
+    private void decodeSD() throws Exception {
         ContentInfo  sdci;
 
         sis = sd.getSignerInfos();
@@ -715,8 +748,7 @@ public class CRSPKIMessage {
         sgnIASN = new IssuerAndSerialNumber(firstCertInfo.getIssuer(),
                     firstCertInfo.getSerialNumber());
         
-        return decodeED();
-            
+        decodeED();
     }
             
     private void decodeSI() throws Exception {
@@ -724,13 +756,15 @@ public class CRSPKIMessage {
             throw new Exception("SignerInfos is empty");
         }
         si = (SignerInfo) sis.elementAt(0);
+
+        digestAlgorithmId = si.getDigestAlgorithmIdentifer();
+
         decodeAA();
 
         aa_digest = new OCTET_STRING(si.getEncryptedDigest());
     }
         
-    private String decodeED() throws Exception {
-        String encAlgorithm = null;
+    private void decodeED() throws Exception {
         SET ris;
 
         ris = (SET) sded.getRecipientInfos();
@@ -742,9 +776,9 @@ public class CRSPKIMessage {
         eci = sded.getEncryptedContentInfo();
 
         if (eci.getContentEncryptionAlgorithm().getOID().equals(DES_EDE3_CBC_ENCRYPTION)) {
-            encAlgorithm = "DES3";
+            encryptionAlgorithm = "DES3";
         } else if (eci.getContentEncryptionAlgorithm().getOID().equals(DES_CBC_ENCRYPTION)) {
-            encAlgorithm = "DES";
+            encryptionAlgorithm = "DES";
         } else {
             throw new Exception("P10 encrypted alg is not supported (not DES): " + eci.getContentEncryptionAlgorithm().getOID());
         }
@@ -762,8 +796,6 @@ public class CRSPKIMessage {
         iv = os.toByteArray();
 
         decodeRI();
-
-        return encAlgorithm;
     }
         
     /**
-- 
cgit