diff options
| author | tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2011-08-30 10:39:29 +0000 |
|---|---|---|
| committer | tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2011-08-30 10:39:29 +0000 |
| commit | 5f5ffeaa9193a28484a9ae2b15e18dbd5712d6c2 (patch) | |
| tree | 012346fb8a77579524f63712f17925d294a7d6c6 /bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java | |
| parent | 1b8b3004c00b233e28a421674506a168e56a92a9 (diff) | |
| download | mocca-5f5ffeaa9193a28484a9ae2b15e18dbd5712d6c2.tar.gz mocca-5f5ffeaa9193a28484a9ae2b15e18dbd5712d6c2.tar.bz2 mocca-5f5ffeaa9193a28484a9ae2b15e18dbd5712d6c2.zip | |
Change UseSHA2 config value to UseStrongHash
UseStrongHash behaviour:
* Use SHA-256 for new cards which do support it (key length)
* Use RIPEMD160 for older cards
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@962 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java')
| -rw-r--r-- | bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java index c695aefd..a3f11920 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java @@ -50,11 +50,6 @@ import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; */
public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
- /** - * Use SHA-2? - */ - private boolean SHA2 = false; -
/**
* The signature algorithm URI.
*/
@@ -80,11 +75,9 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { * if the public key algorithm of the given
* <code>signingCertificate</code> is not supported
*/
- public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useSHA2)
+ public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useStrongHash)
throws NoSuchAlgorithmException { - SHA2 = useSHA2;
- PublicKey publicKey = signingCertificate.getPublicKey();
String algorithm = publicKey.getAlgorithm(); @@ -97,9 +90,12 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { keyLength = ((RSAPublicKey) publicKey).getModulus().bitLength(); } - if (SHA2 && keyLength >= 2048) { + if (useStrongHash && keyLength >= 2048) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_SHA256; digestAlgorithmURI = DigestMethod.SHA256; +// } else if (useStrongHash) { +// signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_RIPEMD160_ERRATA; +// digestAlgorithmURI = DigestMethod.RIPEMD160; } else { signatureAlgorithmURI = SignatureMethod.RSA_SHA1; } @@ -115,12 +111,15 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { fieldSize = params.getCurve().getField().getFieldSize(); } - if (SHA2 && fieldSize >= 512) { + if (useStrongHash && fieldSize >= 512) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512; digestAlgorithmURI = DigestMethod.SHA512; - } else if (SHA2 && fieldSize >= 256) { + } else if (useStrongHash && fieldSize >= 256) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA256; digestAlgorithmURI = DigestMethod.SHA256; + } else if (useStrongHash) { + signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_RIPEMD160; + digestAlgorithmURI = DigestMethod.RIPEMD160; } else { signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1; } |