From 5406f90edc47fecff0ff9a00b64b8740b6ac02f8 Mon Sep 17 00:00:00 2001 From: mcentner Date: Fri, 13 Nov 2009 10:28:00 +0000 Subject: SHA-2 disabled for the moment. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@542 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../impl/xsect/AlgorithmMethodFactoryImpl.java | 19 ++++++++++++------- .../egiz/bku/slcommands/impl/xsect/STALProvider.java | 3 +++ 2 files changed, 15 insertions(+), 7 deletions(-) (limited to 'bkucommon/src/main/java/at/gv') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java index 061fe707..8391e450 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java @@ -41,7 +41,12 @@ import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; * @author mcentner */ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { - + + /** + * Use SHA-2? + */ + private static boolean SHA2 = false; + /** * The signature algorithm URI. */ @@ -82,7 +87,7 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { keyLength = ((RSAPublicKey) publicKey).getModulus().bitLength(); } - if (keyLength >= 2048) { + if (SHA2 && keyLength >= 2048) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_SHA256; digestAlgorithmURI = DigestMethod.SHA256; } else { @@ -100,14 +105,14 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { fieldSize = params.getCurve().getField().getFieldSize(); } - if (fieldSize < 256) { - signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1; - } else if (fieldSize < 512) { + if (SHA2 && fieldSize >= 512) { + signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512; + digestAlgorithmURI = DigestMethod.SHA512; + } else if (SHA2 && fieldSize >= 256) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA256; digestAlgorithmURI = DigestMethod.SHA256; } else { - signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512; - digestAlgorithmURI = DigestMethod.SHA512; + signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1; } } else { diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java index 42c6a4c5..9fb9a3f1 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java @@ -54,6 +54,9 @@ public class STALProvider extends Provider { IMPL_PACKAGE_NAME + ".STALSignature"); map.put("Signature." + XmldsigMore.SIGNATURE_ECDSA_SHA256, IMPL_PACKAGE_NAME + ".STALSignature"); + map.put("Signature." + XmldsigMore.SIGNATURE_ECDSA_SHA512, + IMPL_PACKAGE_NAME + ".STALSignature"); + AccessController.doPrivileged(new PrivilegedAction() { @Override -- cgit v1.2.3