Updated the code with additional OIDs for the algorithms that certificates use for the signatures. And updated the isIssuer method to not use the hard coded algorithm string.

This commit is contained in:
Cyrus 2021-04-15 14:15:11 -04:00
parent 760f246096
commit 46c9640cbe

View File

@ -103,12 +103,21 @@ public abstract class Certificate extends ArchivableEntity {
private static final String KEY_USAGE_EO = "ENCIPHER ONLY"; private static final String KEY_USAGE_EO = "ENCIPHER ONLY";
private static final String KEY_USAGE_DO = "DECIPHER ONLY"; private static final String KEY_USAGE_DO = "DECIPHER ONLY";
private static final String ECDSA_OID = "1.2.840.10045.4.3.2"; private static final String ECDSA_OID = "1.2.840.10045.4.3.2";
private static final String ECDSA_SHA224_OID = "1.2.840.10045.4.1";
private static final String RSA256_OID = "1.2.840.113549.1.1.11"; private static final String RSA256_OID = "1.2.840.113549.1.1.11";
private static final String RSA384_OID = "1.2.840.113549.1.1.12"; private static final String RSA384_OID = "1.2.840.113549.1.1.12";
private static final String RSA512_OID = "1.2.840.113549.1.1.13"; private static final String RSA512_OID = "1.2.840.113549.1.1.13";
private static final String RSA224_OID = "1.2.840.113549.1.1.14"; private static final String RSA224_OID = "1.2.840.113549.1.1.14";
private static final String RSA512_224_OID = "1.2.840.113549.1.1.15";
private static final String RSA512_256_OID = "1.2.840.113549.1.1.16";
private static final String RSA256_STRING = "SHA256WithRSA"; private static final String RSA256_STRING = "SHA256WithRSA";
private static final String RSA384_STRING = "SHA384WithRSA";
private static final String RSA224_STRING = "SHA224WithRSA";
private static final String RSA512_STRING = "SHA512WithRSA";
private static final String RSA512_224_STRING = "SHA512-224WithRSA";
private static final String RSA512_256_STRING = "SHA512-256WithRSA";
private static final String ECDSA_STRING = "SHA256WithECDSA"; private static final String ECDSA_STRING = "SHA256WithECDSA";
private static final String ECDSA_SHA224_STRING = "SHA224WithECDSA";
private static final Logger LOGGER = LogManager.getLogger(Certificate.class); private static final Logger LOGGER = LogManager.getLogger(Certificate.class);
@ -416,9 +425,27 @@ public abstract class Certificate extends ArchivableEntity {
case RSA256_OID: case RSA256_OID:
this.signatureAlgorithm = RSA256_STRING; this.signatureAlgorithm = RSA256_STRING;
break; break;
case RSA384_OID:
this.signatureAlgorithm = RSA384_STRING;
break;
case RSA224_OID:
this.signatureAlgorithm = RSA224_STRING;
break;
case RSA512_OID:
this.signatureAlgorithm = RSA512_STRING;
break;
case RSA512_224_OID:
this.signatureAlgorithm = RSA512_224_STRING;
break;
case RSA512_256_OID:
this.signatureAlgorithm = RSA512_256_STRING;
break;
case ECDSA_OID: case ECDSA_OID:
this.signatureAlgorithm = ECDSA_STRING; this.signatureAlgorithm = ECDSA_STRING;
break; break;
case ECDSA_SHA224_OID:
this.signatureAlgorithm = ECDSA_SHA224_STRING;
break;
default: default:
break; break;
} }
@ -772,9 +799,8 @@ public abstract class Certificate extends ArchivableEntity {
break; break;
case ATTRIBUTE_CERTIFICATE: case ATTRIBUTE_CERTIFICATE:
AttributeCertificate attCert = getAttributeCertificate(); AttributeCertificate attCert = getAttributeCertificate();
String algorithm = "SHA256withRSA";
try { try {
Signature sig = Signature.getInstance(algorithm); Signature sig = Signature.getInstance(this.getSignatureAlgorithm());
sig.initVerify(issuerX509.getPublicKey()); sig.initVerify(issuerX509.getPublicKey());
sig.update(attCert.getAcinfo().getEncoded()); sig.update(attCert.getAcinfo().getEncoded());
if (sig.verify(attCert.getSignatureValue().getBytes())) { if (sig.verify(attCert.getSignatureValue().getBytes())) {
@ -782,8 +808,8 @@ public abstract class Certificate extends ArchivableEntity {
} }
} catch (NoSuchAlgorithmException } catch (NoSuchAlgorithmException
| InvalidKeyException | InvalidKeyException
| SignatureException e) { | SignatureException sigEx) {
LOGGER.error(e); LOGGER.error(sigEx);
} }
break; break;
default: default: