From 5f5ffeaa9193a28484a9ae2b15e18dbd5712d6c2 Mon Sep 17 00:00:00 2001
From: tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Tue, 30 Aug 2011 10:39:29 +0000
Subject: Change UseSHA2 config value to UseStrongHash

UseStrongHash behaviour:
 * Use SHA-256 for new cards which do support it (key length)
 * Use RIPEMD160 for older cards


git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@962 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../impl/xsect/AlgorithmMethodFactoryImpl.java      | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
index c695aefd..a3f11920 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
@@ -50,11 +50,6 @@ import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
  */
 public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
 
-  /**
-   * Use SHA-2?
-   */
-  private boolean SHA2 = false;
-  
   /**
    * The signature algorithm URI.
    */
@@ -80,11 +75,9 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
    *           if the public key algorithm of the given
    *           <code>signingCertificate</code> is not supported
    */
-  public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useSHA2)
+  public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useStrongHash)
       throws NoSuchAlgorithmException {
 
-    SHA2 = useSHA2;
-
     PublicKey publicKey = signingCertificate.getPublicKey();
     String algorithm = publicKey.getAlgorithm();
 
@@ -97,9 +90,12 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
         keyLength = ((RSAPublicKey) publicKey).getModulus().bitLength();
       }
       
-      if (SHA2 && keyLength >= 2048) {
+      if (useStrongHash && keyLength >= 2048) {
         signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_SHA256;
         digestAlgorithmURI = DigestMethod.SHA256;
+//      } else if (useStrongHash) {
+//        signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_RIPEMD160_ERRATA;
+//        digestAlgorithmURI = DigestMethod.RIPEMD160;
       } else {
         signatureAlgorithmURI = SignatureMethod.RSA_SHA1;
       }
@@ -115,12 +111,15 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
         fieldSize = params.getCurve().getField().getFieldSize();
       }
       
-      if (SHA2 && fieldSize >= 512) {
+      if (useStrongHash && fieldSize >= 512) {
         signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512;
         digestAlgorithmURI = DigestMethod.SHA512;
-      } else if (SHA2 && fieldSize >= 256) {
+      } else if (useStrongHash && fieldSize >= 256) {
         signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA256;
         digestAlgorithmURI = DigestMethod.SHA256;
+      } else if (useStrongHash) {
+          signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_RIPEMD160;
+          digestAlgorithmURI = DigestMethod.RIPEMD160;
       } else {
         signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1;
       }
-- 
cgit v1.2.3