Search code examples
javacryptographyjceoid

How to translate an OID to a JCE algorithm name?


I am looking for a library that can take a oid such as 1.2.840.10040.4.3 and translate it to its standard name (in this case SHA1withDSA)

Using org.cesecore.certificates.util.AlgorithmTools, I am able to achieve some of the required functionality, but it is very limited.

This is the current code:

String signatureAlgorithmName = AlgorithmTools.getAlgorithmNameFromOID(oid);

Note:

The standard names can be found here


Solution

  • There is an online database of OID's at oid-info.com that you can use.

    As you can see the OID database is huge. Besides that, due to companies defining their own OID's under their base OID, many OID's are actually unknown.

    The AlgorithmTools class has simply defined a list of OID's for signature algorithms, it doesn't attempt to dynamically find out which algorithms are available by using an OID as alias.

    Note that some OID's are used for multiple classes. For instance, you can have an RSA Cipher, KeyFactory and KeyPairGenerator.

    You can however find out which OID's are available for the currently installed providers:

    package nl.owlstead.stackoverflow;
    
    import java.security.Provider;
    import java.security.Provider.Service;
    import java.security.Security;
    import java.util.Set;
    import java.util.SortedSet;
    import java.util.TreeSet;
    import java.util.regex.Matcher;
    import java.util.regex.Pattern;
    
    public class GetOIDToAlgorithmNameMapping {
        private static final Pattern KEY_TYPE_PATTERN = Pattern.compile("^(\\w+)[.].*$");
        private static final Pattern KEY_ALIAS_TYPE_PATTERN = Pattern.compile("^Alg[.]Alias[.](\\w+).*$");
        private static final Pattern KEY_OID_PATTERN = Pattern.compile(".*?(\\d+(?:[.]\\d+){3,})$");
    
        public static void main(String[] args) throws Exception {
            Provider[] provs = Security.getProviders();
    
            for (Provider prov : provs) {
                System.out.printf("%n >>> Provider: %s <<< %n%n", prov.getName());
    
                SortedSet<String> typeAndOID = getTypeAndOIDStrings(prov);
    
                for (String entry : typeAndOID) {
                    String[] typeAndOIDArray = entry.split("-");
                    String type = typeAndOIDArray[0];
                    String oid = typeAndOIDArray[1];
                    Service service = prov.getService(type, oid);
                    String algo = service.getAlgorithm();
                    System.out.printf("Type: %s, OID: %s, algo: %s%n", type, oid, algo);
                }
            }
        }
    
        private static SortedSet<String> getTypeAndOIDStrings(Provider prov) {
            SortedSet<String> typeAndOID = new TreeSet<>();
    
            Set<Object> keys = prov.keySet();
            for (Object key : keys) {
                String keyString = key.toString();
                Matcher oidMatcher = KEY_OID_PATTERN.matcher(keyString);
                if (oidMatcher.matches()) {
                    // get OID from matched keyString
                    String oid = oidMatcher.group(1);
    
                    // determine type
                    String type;
                    Matcher aliasTypeMatcher = KEY_ALIAS_TYPE_PATTERN.matcher(keyString);
                    if (aliasTypeMatcher.matches()) {
                        type = aliasTypeMatcher.group(1);
                    } else {
                        Matcher typeMatcher = KEY_TYPE_PATTERN.matcher(keyString);
                        typeMatcher.matches();
                        type = typeMatcher.group(1);
                    }
    
                    // algorithm parameters are not algorithms, so skip them
                    if (type.equals("AlgorithmParameters")) {
                        continue;
                    }
    
                    // auto-removes dupes
                    typeAndOID.add(type + "-" + oid);
                }
            }
            return typeAndOID;
        }
    }
    

    Example output:

     >>> Provider: SUN <<< 
    
    Type: KeyFactory, OID: 1.2.840.10040.4.1, algo: DSA
    Type: KeyFactory, OID: 1.3.14.3.2.12, algo: DSA
    Type: KeyPairGenerator, OID: 1.2.840.10040.4.1, algo: DSA
    Type: KeyPairGenerator, OID: 1.3.14.3.2.12, algo: DSA
    Type: MessageDigest, OID: 1.3.14.3.2.26, algo: SHA
    Type: MessageDigest, OID: 2.16.840.1.101.3.4.2.1, algo: SHA-256
    Type: MessageDigest, OID: 2.16.840.1.101.3.4.2.2, algo: SHA-384
    Type: MessageDigest, OID: 2.16.840.1.101.3.4.2.3, algo: SHA-512
    Type: MessageDigest, OID: 2.16.840.1.101.3.4.2.4, algo: SHA-224
    Type: Signature, OID: 1.2.840.10040.4.3, algo: SHA1withDSA
    Type: Signature, OID: 1.3.14.3.2.13, algo: SHA1withDSA
    Type: Signature, OID: 1.3.14.3.2.27, algo: SHA1withDSA
    Type: Signature, OID: 2.16.840.1.101.3.4.3.1, algo: SHA224withDSA
    Type: Signature, OID: 2.16.840.1.101.3.4.3.2, algo: SHA256withDSA
    
     >>> Provider: SunRsaSign <<< 
    
    Type: KeyFactory, OID: 1.2.840.113549.1.1, algo: RSA
    Type: KeyPairGenerator, OID: 1.2.840.113549.1.1, algo: RSA
    Type: Signature, OID: 1.2.840.113549.1.1.11, algo: SHA256withRSA
    Type: Signature, OID: 1.2.840.113549.1.1.12, algo: SHA384withRSA
    Type: Signature, OID: 1.2.840.113549.1.1.13, algo: SHA512withRSA
    Type: Signature, OID: 1.2.840.113549.1.1.14, algo: SHA224withRSA
    Type: Signature, OID: 1.2.840.113549.1.1.2, algo: MD2withRSA
    Type: Signature, OID: 1.2.840.113549.1.1.4, algo: MD5withRSA
    Type: Signature, OID: 1.2.840.113549.1.1.5, algo: SHA1withRSA
    Type: Signature, OID: 1.3.14.3.2.29, algo: SHA1withRSA
    
     >>> Provider: SunEC <<< 
    
    Type: Signature, OID: 1.2.840.10045.4.1, algo: SHA1withECDSA
    Type: Signature, OID: 1.2.840.10045.4.3.1, algo: SHA224withECDSA
    Type: Signature, OID: 1.2.840.10045.4.3.2, algo: SHA256withECDSA
    Type: Signature, OID: 1.2.840.10045.4.3.3, algo: SHA384withECDSA
    Type: Signature, OID: 1.2.840.10045.4.3.4, algo: SHA512withECDSA
    
     >>> Provider: SunJSSE <<< 
    
    Type: KeyFactory, OID: 1.2.840.113549.1.1, algo: RSA
    Type: KeyPairGenerator, OID: 1.2.840.113549.1.1, algo: RSA
    Type: Signature, OID: 1.2.840.113549.1.1.2, algo: MD2withRSA
    Type: Signature, OID: 1.2.840.113549.1.1.4, algo: MD5withRSA
    Type: Signature, OID: 1.2.840.113549.1.1.5, algo: SHA1withRSA
    Type: Signature, OID: 1.3.14.3.2.29, algo: SHA1withRSA
    
     >>> Provider: SunJCE <<< 
    
    Type: AlgorithmParameterGenerator, OID: 1.2.840.113549.1.3.1, algo: DiffieHellman
    Type: Cipher, OID: 1.2.840.113549.1.12.1.1, algo: PBEWithSHA1AndRC4_128
    Type: Cipher, OID: 1.2.840.113549.1.12.1.2, algo: PBEWithSHA1AndRC4_40
    Type: Cipher, OID: 1.2.840.113549.1.12.1.3, algo: PBEWithSHA1AndDESede
    Type: Cipher, OID: 1.2.840.113549.1.12.1.5, algo: PBEWithSHA1AndRC2_128
    Type: Cipher, OID: 1.2.840.113549.1.12.1.6, algo: PBEWithSHA1AndRC2_40
    Type: Cipher, OID: 1.2.840.113549.1.5.3, algo: PBEWithMD5AndDES
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.1, algo: AES_128/ECB/NoPadding
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.2, algo: AES_128/CBC/NoPadding
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.21, algo: AES_192/ECB/NoPadding
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.22, algo: AES_192/CBC/NoPadding
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.23, algo: AES_192/OFB/NoPadding
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.24, algo: AES_192/CFB/NoPadding
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.25, algo: AESWrap_192
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.26, algo: AES_192/GCM/NoPadding
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.3, algo: AES_128/OFB/NoPadding
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.4, algo: AES_128/CFB/NoPadding
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.41, algo: AES_256/ECB/NoPadding
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.42, algo: AES_256/CBC/NoPadding
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.43, algo: AES_256/OFB/NoPadding
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.44, algo: AES_256/CFB/NoPadding
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.45, algo: AESWrap_256
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.46, algo: AES_256/GCM/NoPadding
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.5, algo: AESWrap_128
    Type: Cipher, OID: 2.16.840.1.101.3.4.1.6, algo: AES_128/GCM/NoPadding
    Type: KeyAgreement, OID: 1.2.840.113549.1.3.1, algo: DiffieHellman
    Type: KeyFactory, OID: 1.2.840.113549.1.3.1, algo: DiffieHellman
    Type: KeyGenerator, OID: 1.2.840.113549.2.10, algo: HmacSHA384
    Type: KeyGenerator, OID: 1.2.840.113549.2.11, algo: HmacSHA512
    Type: KeyGenerator, OID: 1.2.840.113549.2.7, algo: HmacSHA1
    Type: KeyGenerator, OID: 1.2.840.113549.2.8, algo: HmacSHA224
    Type: KeyGenerator, OID: 1.2.840.113549.2.9, algo: HmacSHA256
    Type: KeyPairGenerator, OID: 1.2.840.113549.1.3.1, algo: DiffieHellman
    Type: Mac, OID: 1.2.840.113549.2.10, algo: HmacSHA384
    Type: Mac, OID: 1.2.840.113549.2.11, algo: HmacSHA512
    Type: Mac, OID: 1.2.840.113549.2.7, algo: HmacSHA1
    Type: Mac, OID: 1.2.840.113549.2.8, algo: HmacSHA224
    Type: Mac, OID: 1.2.840.113549.2.9, algo: HmacSHA256
    Type: SecretKeyFactory, OID: 1.2.840.113549.1.12.1.1, algo: PBEWithSHA1AndRC4_128
    Type: SecretKeyFactory, OID: 1.2.840.113549.1.12.1.2, algo: PBEWithSHA1AndRC4_40
    Type: SecretKeyFactory, OID: 1.2.840.113549.1.12.1.3, algo: PBEWithSHA1AndDESede
    Type: SecretKeyFactory, OID: 1.2.840.113549.1.12.1.5, algo: PBEWithSHA1AndRC2_128
    Type: SecretKeyFactory, OID: 1.2.840.113549.1.12.1.6, algo: PBEWithSHA1AndRC2_40
    Type: SecretKeyFactory, OID: 1.2.840.113549.1.5.12, algo: PBKDF2WithHmacSHA1
    Type: SecretKeyFactory, OID: 1.2.840.113549.1.5.3, algo: PBEWithMD5AndDES
    
     >>> Provider: SunJGSS <<< 
    
    Type: GssApiMechanism, OID: 1.2.840.113554.1.2.2, algo: 1.2.840.113554.1.2.2
    Type: GssApiMechanism, OID: 1.3.6.1.5.5.2, algo: 1.3.6.1.5.5.2
    
     >>> Provider: SunSASL <<< 
    
    
     >>> Provider: XMLDSig <<< 
    
    
     >>> Provider: SunPCSC <<< 
    
    
     >>> Provider: SunMSCAPI <<< 
    
    Type: Signature, OID: 1.2.840.113549.1.1.11, algo: SHA256withRSA
    Type: Signature, OID: 1.2.840.113549.1.1.12, algo: SHA384withRSA
    Type: Signature, OID: 1.2.840.113549.1.1.13, algo: SHA512withRSA