From 5f5ffeaa9193a28484a9ae2b15e18dbd5712d6c2 Mon Sep 17 00:00:00 2001
From: tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Tue, 30 Aug 2011 10:39:29 +0000
Subject: Change UseSHA2 config value to UseStrongHash

UseStrongHash behaviour:
 * Use SHA-256 for new cards which do support it (key length)
 * Use RIPEMD160 for older cards


git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@962 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../impl/CreateXMLSignatureCommandImpl.java         |  8 ++++----
 .../impl/xsect/AlgorithmMethodFactoryImpl.java      | 21 ++++++++++-----------
 2 files changed, 14 insertions(+), 15 deletions(-)

(limited to 'bkucommon')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
index df87ca92..5d604abf 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
@@ -97,14 +97,14 @@ public class CreateXMLSignatureCommandImpl extends
   private class ConfigurationFacade implements MoccaConfigurationFacade {
     private Configuration configuration;
 
-    public static final String USE_SHA2 = "useSHA2";
+    public static final String USE_STRONG_HASH = "useStrongHash";
 
     public void setConfiguration(Configuration configuration) {
         this.configuration = configuration;
     }
 
-    public boolean getUseSHA2() {
-        return configuration.getBoolean(USE_SHA2, false);
+    public boolean getUseStrongHash() {
+        return configuration.getBoolean(USE_STRONG_HASH, false);
     }
   }
 
@@ -125,7 +125,7 @@ public class CreateXMLSignatureCommandImpl extends
     AlgorithmMethodFactory algorithmMethodFactory;
     try {
       algorithmMethodFactory = new AlgorithmMethodFactoryImpl(
-          signingCertificate, configurationFacade.getUseSHA2());
+          signingCertificate, configurationFacade.getUseStrongHash());
     } catch (NoSuchAlgorithmException e) {
       log.error("Failed to get DigestMethod.", e);
       throw new SLCommandException(4006);
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
index c695aefd..a3f11920 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
@@ -50,11 +50,6 @@ import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
  */
 public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
 
-  /**
-   * Use SHA-2?
-   */
-  private boolean SHA2 = false;
-  
   /**
    * The signature algorithm URI.
    */
@@ -80,11 +75,9 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
    *           if the public key algorithm of the given
    *           <code>signingCertificate</code> is not supported
    */
-  public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useSHA2)
+  public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useStrongHash)
       throws NoSuchAlgorithmException {
 
-    SHA2 = useSHA2;
-
     PublicKey publicKey = signingCertificate.getPublicKey();
     String algorithm = publicKey.getAlgorithm();
 
@@ -97,9 +90,12 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
         keyLength = ((RSAPublicKey) publicKey).getModulus().bitLength();
       }
       
-      if (SHA2 && keyLength >= 2048) {
+      if (useStrongHash && keyLength >= 2048) {
         signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_SHA256;
         digestAlgorithmURI = DigestMethod.SHA256;
+//      } else if (useStrongHash) {
+//        signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_RIPEMD160_ERRATA;
+//        digestAlgorithmURI = DigestMethod.RIPEMD160;
       } else {
         signatureAlgorithmURI = SignatureMethod.RSA_SHA1;
       }
@@ -115,12 +111,15 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
         fieldSize = params.getCurve().getField().getFieldSize();
       }
       
-      if (SHA2 && fieldSize >= 512) {
+      if (useStrongHash && fieldSize >= 512) {
         signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512;
         digestAlgorithmURI = DigestMethod.SHA512;
-      } else if (SHA2 && fieldSize >= 256) {
+      } else if (useStrongHash && fieldSize >= 256) {
         signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA256;
         digestAlgorithmURI = DigestMethod.SHA256;
+      } else if (useStrongHash) {
+          signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_RIPEMD160;
+          digestAlgorithmURI = DigestMethod.RIPEMD160;
       } else {
         signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1;
       }
-- 
cgit v1.2.3