From 5f5ffeaa9193a28484a9ae2b15e18dbd5712d6c2 Mon Sep 17 00:00:00 2001 From: tkellner Date: Tue, 30 Aug 2011 10:39:29 +0000 Subject: Change UseSHA2 config value to UseStrongHash UseStrongHash behaviour: * Use SHA-256 for new cards which do support it (key length) * Use RIPEMD160 for older cards git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@962 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../impl/CreateXMLSignatureCommandImpl.java | 8 ++++---- .../impl/xsect/AlgorithmMethodFactoryImpl.java | 21 ++++++++++----------- 2 files changed, 14 insertions(+), 15 deletions(-) (limited to 'bkucommon/src/main') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java index df87ca92..5d604abf 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java @@ -97,14 +97,14 @@ public class CreateXMLSignatureCommandImpl extends private class ConfigurationFacade implements MoccaConfigurationFacade { private Configuration configuration; - public static final String USE_SHA2 = "useSHA2"; + public static final String USE_STRONG_HASH = "useStrongHash"; public void setConfiguration(Configuration configuration) { this.configuration = configuration; } - public boolean getUseSHA2() { - return configuration.getBoolean(USE_SHA2, false); + public boolean getUseStrongHash() { + return configuration.getBoolean(USE_STRONG_HASH, false); } } @@ -125,7 +125,7 @@ public class CreateXMLSignatureCommandImpl extends AlgorithmMethodFactory algorithmMethodFactory; try { algorithmMethodFactory = new AlgorithmMethodFactoryImpl( - signingCertificate, configurationFacade.getUseSHA2()); + signingCertificate, configurationFacade.getUseStrongHash()); } catch (NoSuchAlgorithmException e) { log.error("Failed to get DigestMethod.", e); throw new SLCommandException(4006); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java index c695aefd..a3f11920 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java @@ -50,11 +50,6 @@ import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; */ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { - /** - * Use SHA-2? - */ - private boolean SHA2 = false; - /** * The signature algorithm URI. */ @@ -80,11 +75,9 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { * if the public key algorithm of the given * signingCertificate is not supported */ - public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useSHA2) + public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useStrongHash) throws NoSuchAlgorithmException { - SHA2 = useSHA2; - PublicKey publicKey = signingCertificate.getPublicKey(); String algorithm = publicKey.getAlgorithm(); @@ -97,9 +90,12 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { keyLength = ((RSAPublicKey) publicKey).getModulus().bitLength(); } - if (SHA2 && keyLength >= 2048) { + if (useStrongHash && keyLength >= 2048) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_SHA256; digestAlgorithmURI = DigestMethod.SHA256; +// } else if (useStrongHash) { +// signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_RIPEMD160_ERRATA; +// digestAlgorithmURI = DigestMethod.RIPEMD160; } else { signatureAlgorithmURI = SignatureMethod.RSA_SHA1; } @@ -115,12 +111,15 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { fieldSize = params.getCurve().getField().getFieldSize(); } - if (SHA2 && fieldSize >= 512) { + if (useStrongHash && fieldSize >= 512) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512; digestAlgorithmURI = DigestMethod.SHA512; - } else if (SHA2 && fieldSize >= 256) { + } else if (useStrongHash && fieldSize >= 256) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA256; digestAlgorithmURI = DigestMethod.SHA256; + } else if (useStrongHash) { + signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_RIPEMD160; + digestAlgorithmURI = DigestMethod.RIPEMD160; } else { signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1; } -- cgit v1.2.3