diff options
Diffstat (limited to 'bkucommon/src/main/java/at/gv')
2 files changed, 14 insertions, 15 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java index df87ca92..5d604abf 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java @@ -97,14 +97,14 @@ public class CreateXMLSignatureCommandImpl extends private class ConfigurationFacade implements MoccaConfigurationFacade { private Configuration configuration; - public static final String USE_SHA2 = "useSHA2"; + public static final String USE_STRONG_HASH = "useStrongHash"; public void setConfiguration(Configuration configuration) { this.configuration = configuration; } - public boolean getUseSHA2() { - return configuration.getBoolean(USE_SHA2, false); + public boolean getUseStrongHash() { + return configuration.getBoolean(USE_STRONG_HASH, false); } } @@ -125,7 +125,7 @@ public class CreateXMLSignatureCommandImpl extends AlgorithmMethodFactory algorithmMethodFactory; try { algorithmMethodFactory = new AlgorithmMethodFactoryImpl( - signingCertificate, configurationFacade.getUseSHA2()); + signingCertificate, configurationFacade.getUseStrongHash()); } catch (NoSuchAlgorithmException e) { log.error("Failed to get DigestMethod.", e); throw new SLCommandException(4006); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java index c695aefd..a3f11920 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java @@ -50,11 +50,6 @@ import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; */
public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
- /** - * Use SHA-2? - */ - private boolean SHA2 = false; -
/**
* The signature algorithm URI.
*/
@@ -80,11 +75,9 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { * if the public key algorithm of the given
* <code>signingCertificate</code> is not supported
*/
- public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useSHA2)
+ public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useStrongHash)
throws NoSuchAlgorithmException { - SHA2 = useSHA2;
- PublicKey publicKey = signingCertificate.getPublicKey();
String algorithm = publicKey.getAlgorithm(); @@ -97,9 +90,12 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { keyLength = ((RSAPublicKey) publicKey).getModulus().bitLength(); } - if (SHA2 && keyLength >= 2048) { + if (useStrongHash && keyLength >= 2048) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_SHA256; digestAlgorithmURI = DigestMethod.SHA256; +// } else if (useStrongHash) { +// signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_RIPEMD160_ERRATA; +// digestAlgorithmURI = DigestMethod.RIPEMD160; } else { signatureAlgorithmURI = SignatureMethod.RSA_SHA1; } @@ -115,12 +111,15 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { fieldSize = params.getCurve().getField().getFieldSize(); } - if (SHA2 && fieldSize >= 512) { + if (useStrongHash && fieldSize >= 512) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512; digestAlgorithmURI = DigestMethod.SHA512; - } else if (SHA2 && fieldSize >= 256) { + } else if (useStrongHash && fieldSize >= 256) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA256; digestAlgorithmURI = DigestMethod.SHA256; + } else if (useStrongHash) { + signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_RIPEMD160; + digestAlgorithmURI = DigestMethod.RIPEMD160; } else { signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1; } |