diff options
| author | clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2011-01-11 19:22:01 +0000 |
|---|---|---|
| committer | clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2011-01-11 19:22:01 +0000 |
| commit | 0ab2acec3b22feaeb19767a64281054a7437552b (patch) | |
| tree | 6184e4b1e241379c46e8d6cbbdfdbf19eee95d28 | |
| parent | 1adb10227e9a722b5ea6a93ec928d805c826d328 (diff) | |
| download | mocca-0ab2acec3b22feaeb19767a64281054a7437552b.tar.gz mocca-0ab2acec3b22feaeb19767a64281054a7437552b.tar.bz2 mocca-0ab2acec3b22feaeb19767a64281054a7437552b.zip | |
enable SHA-2 for RSA >= 2048 or ECDSA >= 256
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/branches/mocca-1.3.4-update1-sha2@889 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
| -rw-r--r-- | bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java | 190 |
1 files changed, 95 insertions, 95 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java index f1219a6c..d2c4106b 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java @@ -14,8 +14,8 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
+package at.gv.egiz.bku.slcommands.impl.xsect; + import iaik.security.ecc.interfaces.ECDSAParams; import iaik.xml.crypto.XmldsigMore; @@ -33,53 +33,53 @@ import javax.xml.crypto.dsig.SignatureMethod; import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec; import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; -
-/**
- * An implementation of the AlgorithmMethod factory that uses the signing
- * certificate to choose appropriate algorithms.
- *
- * @author mcentner
- */
-public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
+ +/** + * An implementation of the AlgorithmMethod factory that uses the signing + * certificate to choose appropriate algorithms. + * + * @author mcentner + */ +public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { /** * Use SHA-2? */ - private static boolean SHA2 = false; -
- /**
- * The signature algorithm URI.
- */
+ private static boolean SHA2 = true; + + /** + * The signature algorithm URI. + */ private String signatureAlgorithmURI; /** * the digest algorithm URI. */ - private String digestAlgorithmURI = DigestMethod.SHA1;
-
- /**
- * The algorithm parameters for the signature algorithm.
- */
- private SignatureMethodParameterSpec signatureMethodParameterSpec;
-
- /**
- * Creates a new AlgrithmMethodFactory with the given
- * <code>signingCertificate</code>.
- *
- * @param signingCertificate
- *
- * @throws NoSuchAlgorithmException
- * if the public key algorithm of the given
- * <code>signingCertificate</code> is not supported
- */
- public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate)
- throws NoSuchAlgorithmException {
- - PublicKey publicKey = signingCertificate.getPublicKey();
+ private String digestAlgorithmURI = DigestMethod.SHA1; + + /** + * The algorithm parameters for the signature algorithm. + */ + private SignatureMethodParameterSpec signatureMethodParameterSpec; + + /** + * Creates a new AlgrithmMethodFactory with the given + * <code>signingCertificate</code>. + * + * @param signingCertificate + * + * @throws NoSuchAlgorithmException + * if the public key algorithm of the given + * <code>signingCertificate</code> is not supported + */ + public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate) + throws NoSuchAlgorithmException { + + PublicKey publicKey = signingCertificate.getPublicKey(); String algorithm = publicKey.getAlgorithm(); -
- if ("DSA".equals(algorithm)) {
- signatureAlgorithmURI = SignatureMethod.DSA_SHA1;
+ + if ("DSA".equals(algorithm)) { + signatureAlgorithmURI = SignatureMethod.DSA_SHA1; } else if ("RSA".equals(algorithm)) { int keyLength = 0; @@ -93,7 +93,7 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { } else { signatureAlgorithmURI = SignatureMethod.RSA_SHA1; } -
+ } else if (("EC".equals(algorithm)) || ("ECDSA".equals(algorithm))) { int fieldSize = 0; @@ -114,58 +114,58 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { } else { signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1; } -
- } else {
- throw new NoSuchAlgorithmException("Public key algorithm '" + algorithm
- + "' not supported.");
- }
-
- }
-
- /*
- * (non-Javadoc)
- *
- * @seeat.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory#
- * createCanonicalizationMethod
- * (at.gv.egiz.bku.slcommands.impl.xsect.SignatureContext)
- */
- @Override
- public CanonicalizationMethod createCanonicalizationMethod(
- SignatureContext signatureContext) throws NoSuchAlgorithmException,
- InvalidAlgorithmParameterException {
-
- return signatureContext.getSignatureFactory().newCanonicalizationMethod(
- CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null);
-
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- * at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory#createDigestMethod
- * (at.gv.egiz.bku.slcommands.impl.xsect.SignatureContext)
- */
- @Override
- public DigestMethod createDigestMethod(SignatureContext signatureContext)
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
-
- return signatureContext.getSignatureFactory().newDigestMethod(
- digestAlgorithmURI, (DigestMethodParameterSpec) null);
- }
-
- /*
- * (non-Javadoc)
- *
- * @seeat.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory#
- * createSignatureMethod
- * (at.gv.egiz.bku.slcommands.impl.xsect.SignatureContext)
- */
- @Override
- public SignatureMethod createSignatureMethod(SignatureContext signatureContext)
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
-
- return new STALSignatureMethod(signatureAlgorithmURI, signatureMethodParameterSpec);
- }
-
-}
+ + } else { + throw new NoSuchAlgorithmException("Public key algorithm '" + algorithm + + "' not supported."); + } + + } + + /* + * (non-Javadoc) + * + * @seeat.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory# + * createCanonicalizationMethod + * (at.gv.egiz.bku.slcommands.impl.xsect.SignatureContext) + */ + @Override + public CanonicalizationMethod createCanonicalizationMethod( + SignatureContext signatureContext) throws NoSuchAlgorithmException, + InvalidAlgorithmParameterException { + + return signatureContext.getSignatureFactory().newCanonicalizationMethod( + CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory#createDigestMethod + * (at.gv.egiz.bku.slcommands.impl.xsect.SignatureContext) + */ + @Override + public DigestMethod createDigestMethod(SignatureContext signatureContext) + throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { + + return signatureContext.getSignatureFactory().newDigestMethod( + digestAlgorithmURI, (DigestMethodParameterSpec) null); + } + + /* + * (non-Javadoc) + * + * @seeat.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory# + * createSignatureMethod + * (at.gv.egiz.bku.slcommands.impl.xsect.SignatureContext) + */ + @Override + public SignatureMethod createSignatureMethod(SignatureContext signatureContext) + throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { + + return new STALSignatureMethod(signatureAlgorithmURI, signatureMethodParameterSpec); + } + +} |