Change UseSHA2 config value to UseStrongHash

UseStrongHash behaviour: * Use SHA-256 for new cards which do support it (key length) * Use RIPEMD160 for older cards git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@962 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
author: tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> 2011-08-30 10:39:29 +0000
committer: tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> 2011-08-30 10:39:29 +0000
commit: 5f5ffeaa9193a28484a9ae2b15e18dbd5712d6c2 (patch)
tree: 012346fb8a77579524f63712f17925d294a7d6c6 /bkucommon
parent: 1b8b3004c00b233e28a421674506a168e56a92a9 (diff)
download: mocca-5f5ffeaa9193a28484a9ae2b15e18dbd5712d6c2.tar.gz
mocca-5f5ffeaa9193a28484a9ae2b15e18dbd5712d6c2.tar.bz2
mocca-5f5ffeaa9193a28484a9ae2b15e18dbd5712d6c2.zip
2 files changed, 14 insertions, 15 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
index df87ca92..5d604abf 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
@@ -97,14 +97,14 @@ public class CreateXMLSignatureCommandImpl extends
   private class ConfigurationFacade implements MoccaConfigurationFacade {
     private Configuration configuration;
 
-    public static final String USE_SHA2 = "useSHA2";
+    public static final String USE_STRONG_HASH = "useStrongHash";
 
     public void setConfiguration(Configuration configuration) {
         this.configuration = configuration;
     }
 
-    public boolean getUseSHA2() {
-        return configuration.getBoolean(USE_SHA2, false);
+    public boolean getUseStrongHash() {
+        return configuration.getBoolean(USE_STRONG_HASH, false);
     }
   }
 
@@ -125,7 +125,7 @@ public class CreateXMLSignatureCommandImpl extends
     AlgorithmMethodFactory algorithmMethodFactory;
     try {
       algorithmMethodFactory = new AlgorithmMethodFactoryImpl(
-          signingCertificate, configurationFacade.getUseSHA2());
+          signingCertificate, configurationFacade.getUseStrongHash());
     } catch (NoSuchAlgorithmException e) {
       log.error("Failed to get DigestMethod.", e);
       throw new SLCommandException(4006);
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
index c695aefd..a3f11920 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
@@ -50,11 +50,6 @@ import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
  */
 public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
 
-  /**
-   * Use SHA-2?
-   */
-  private boolean SHA2 = false;
-  
   /**
    * The signature algorithm URI.
    */
@@ -80,11 +75,9 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
    *           if the public key algorithm of the given
    *           <code>signingCertificate</code> is not supported
    */
-  public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useSHA2)
+  public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useStrongHash)
       throws NoSuchAlgorithmException {
 
-    SHA2 = useSHA2;
-
     PublicKey publicKey = signingCertificate.getPublicKey();
     String algorithm = publicKey.getAlgorithm();
 
@@ -97,9 +90,12 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
         keyLength = ((RSAPublicKey) publicKey).getModulus().bitLength();
       }
       
-      if (SHA2 && keyLength >= 2048) {
+      if (useStrongHash && keyLength >= 2048) {
         signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_SHA256;
         digestAlgorithmURI = DigestMethod.SHA256;
+//      } else if (useStrongHash) {
+//        signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_RIPEMD160_ERRATA;
+//        digestAlgorithmURI = DigestMethod.RIPEMD160;
       } else {
         signatureAlgorithmURI = SignatureMethod.RSA_SHA1;
       }
@@ -115,12 +111,15 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
         fieldSize = params.getCurve().getField().getFieldSize();
       }
       
-      if (SHA2 && fieldSize >= 512) {
+      if (useStrongHash && fieldSize >= 512) {
         signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512;
         digestAlgorithmURI = DigestMethod.SHA512;
-      } else if (SHA2 && fieldSize >= 256) {
+      } else if (useStrongHash && fieldSize >= 256) {
         signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA256;
         digestAlgorithmURI = DigestMethod.SHA256;
+      } else if (useStrongHash) {
+          signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_RIPEMD160;
+          digestAlgorithmURI = DigestMethod.RIPEMD160;
       } else {
         signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1;
       }
author	tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>	2011-08-30 10:39:29 +0000
committer	tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>	2011-08-30 10:39:29 +0000
commit	5f5ffeaa9193a28484a9ae2b15e18dbd5712d6c2 (patch)
tree	012346fb8a77579524f63712f17925d294a7d6c6 /bkucommon
parent	1b8b3004c00b233e28a421674506a168e56a92a9 (diff)
download	mocca-5f5ffeaa9193a28484a9ae2b15e18dbd5712d6c2.tar.gz mocca-5f5ffeaa9193a28484a9ae2b15e18dbd5712d6c2.tar.bz2 mocca-5f5ffeaa9193a28484a9ae2b15e18dbd5712d6c2.zip