diff options
3 files changed, 16 insertions, 17 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java index df87ca92..5d604abf 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java @@ -97,14 +97,14 @@ public class CreateXMLSignatureCommandImpl extends private class ConfigurationFacade implements MoccaConfigurationFacade { private Configuration configuration; - public static final String USE_SHA2 = "useSHA2"; + public static final String USE_STRONG_HASH = "useStrongHash"; public void setConfiguration(Configuration configuration) { this.configuration = configuration; } - public boolean getUseSHA2() { - return configuration.getBoolean(USE_SHA2, false); + public boolean getUseStrongHash() { + return configuration.getBoolean(USE_STRONG_HASH, false); } } @@ -125,7 +125,7 @@ public class CreateXMLSignatureCommandImpl extends AlgorithmMethodFactory algorithmMethodFactory; try { algorithmMethodFactory = new AlgorithmMethodFactoryImpl( - signingCertificate, configurationFacade.getUseSHA2()); + signingCertificate, configurationFacade.getUseStrongHash()); } catch (NoSuchAlgorithmException e) { log.error("Failed to get DigestMethod.", e); throw new SLCommandException(4006); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java index c695aefd..a3f11920 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java @@ -50,11 +50,6 @@ import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; */
public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
- /** - * Use SHA-2? - */ - private boolean SHA2 = false; -
/**
* The signature algorithm URI.
*/
@@ -80,11 +75,9 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { * if the public key algorithm of the given
* <code>signingCertificate</code> is not supported
*/
- public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useSHA2)
+ public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useStrongHash)
throws NoSuchAlgorithmException { - SHA2 = useSHA2;
- PublicKey publicKey = signingCertificate.getPublicKey();
String algorithm = publicKey.getAlgorithm(); @@ -97,9 +90,12 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { keyLength = ((RSAPublicKey) publicKey).getModulus().bitLength(); } - if (SHA2 && keyLength >= 2048) { + if (useStrongHash && keyLength >= 2048) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_SHA256; digestAlgorithmURI = DigestMethod.SHA256; +// } else if (useStrongHash) { +// signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_RIPEMD160_ERRATA; +// digestAlgorithmURI = DigestMethod.RIPEMD160; } else { signatureAlgorithmURI = SignatureMethod.RSA_SHA1; } @@ -115,12 +111,15 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { fieldSize = params.getCurve().getField().getFieldSize(); } - if (SHA2 && fieldSize >= 512) { + if (useStrongHash && fieldSize >= 512) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512; digestAlgorithmURI = DigestMethod.SHA512; - } else if (SHA2 && fieldSize >= 256) { + } else if (useStrongHash && fieldSize >= 256) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA256; digestAlgorithmURI = DigestMethod.SHA256; + } else if (useStrongHash) { + signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_RIPEMD160; + digestAlgorithmURI = DigestMethod.RIPEMD160; } else { signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1; } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java index 1de5c75c..ecd01f81 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java @@ -403,8 +403,8 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu if (version < 1.2) { // algorithm ID ECDSA with RIPEMD160 doesn't work //dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x20}); - // algorithm ID ECDSA with SHA-1 - dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x10}); + // algorithm ID ECDSA with SHA-1 + dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x10}); } else { // portable algorithm reference dst.write(new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x04}); |