summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java8
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java21
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java4
3 files changed, 16 insertions, 17 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
index df87ca92..5d604abf 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
@@ -97,14 +97,14 @@ public class CreateXMLSignatureCommandImpl extends
private class ConfigurationFacade implements MoccaConfigurationFacade {
private Configuration configuration;
- public static final String USE_SHA2 = "useSHA2";
+ public static final String USE_STRONG_HASH = "useStrongHash";
public void setConfiguration(Configuration configuration) {
this.configuration = configuration;
}
- public boolean getUseSHA2() {
- return configuration.getBoolean(USE_SHA2, false);
+ public boolean getUseStrongHash() {
+ return configuration.getBoolean(USE_STRONG_HASH, false);
}
}
@@ -125,7 +125,7 @@ public class CreateXMLSignatureCommandImpl extends
AlgorithmMethodFactory algorithmMethodFactory;
try {
algorithmMethodFactory = new AlgorithmMethodFactoryImpl(
- signingCertificate, configurationFacade.getUseSHA2());
+ signingCertificate, configurationFacade.getUseStrongHash());
} catch (NoSuchAlgorithmException e) {
log.error("Failed to get DigestMethod.", e);
throw new SLCommandException(4006);
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
index c695aefd..a3f11920 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
@@ -50,11 +50,6 @@ import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
*/
public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
- /**
- * Use SHA-2?
- */
- private boolean SHA2 = false;
-
/**
* The signature algorithm URI.
*/
@@ -80,11 +75,9 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
* if the public key algorithm of the given
* <code>signingCertificate</code> is not supported
*/
- public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useSHA2)
+ public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useStrongHash)
throws NoSuchAlgorithmException {
- SHA2 = useSHA2;
-
PublicKey publicKey = signingCertificate.getPublicKey();
String algorithm = publicKey.getAlgorithm();
@@ -97,9 +90,12 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
keyLength = ((RSAPublicKey) publicKey).getModulus().bitLength();
}
- if (SHA2 && keyLength >= 2048) {
+ if (useStrongHash && keyLength >= 2048) {
signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_SHA256;
digestAlgorithmURI = DigestMethod.SHA256;
+// } else if (useStrongHash) {
+// signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_RIPEMD160_ERRATA;
+// digestAlgorithmURI = DigestMethod.RIPEMD160;
} else {
signatureAlgorithmURI = SignatureMethod.RSA_SHA1;
}
@@ -115,12 +111,15 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
fieldSize = params.getCurve().getField().getFieldSize();
}
- if (SHA2 && fieldSize >= 512) {
+ if (useStrongHash && fieldSize >= 512) {
signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512;
digestAlgorithmURI = DigestMethod.SHA512;
- } else if (SHA2 && fieldSize >= 256) {
+ } else if (useStrongHash && fieldSize >= 256) {
signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA256;
digestAlgorithmURI = DigestMethod.SHA256;
+ } else if (useStrongHash) {
+ signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_RIPEMD160;
+ digestAlgorithmURI = DigestMethod.RIPEMD160;
} else {
signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1;
}
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java
index 1de5c75c..ecd01f81 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java
@@ -403,8 +403,8 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu
if (version < 1.2) {
// algorithm ID ECDSA with RIPEMD160 doesn't work
//dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x20});
- // algorithm ID ECDSA with SHA-1
- dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x10});
+ // algorithm ID ECDSA with SHA-1
+ dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x10});
} else {
// portable algorithm reference
dst.write(new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x04});