Bug 635033 - At installation wizard selecting key types other than CA's signing cert will fail

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1319 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

3 files changed, 19 insertions, 12 deletions

diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index 592312084..bae3745ee 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -260,7 +260,7 @@ public class CertUtil {
  */
 
     public static String getAdminProfileAlgorithm(IConfigStore config) {
-        String algorithm = "SHA1withRSA";
+        String algorithm = "SHA256withRSA";
         try {
             String caSigningKeyType = config.getString("preop.cert.signing.keytype","rsa");
             String pfile = config.getString("profile.caAdminCert.config");
@@ -405,14 +405,19 @@ public class CertUtil {
             CMS.debug("key algorithm is " + keyAlgo);
             String caSigningKeyType = 
                  config.getString("preop.cert.signing.keytype","rsa");
+            String caSigningKeyAlgo = 
+                 config.getString("preop.cert.signing.keyalgorithm","SHA256withRSA");
             CMS.debug("CA Signing Key type " + caSigningKeyType);
+            CMS.debug("CA Signing Key algorithm " + caSigningKeyAlgo);
 
             if (caSigningKeyType.equals("ecc")) {
-              CMS.debug("Signing ECC certificate");
-              cert = CryptoUtil.signECCCert(caPrik, info, keyAlgorithm);
+              CMS.debug("CA signing cert is ECC");
+              cert = CryptoUtil.signECCCert(caPrik, info,
+                      caSigningKeyAlgo);
             } else {
-              CMS.debug("Signing RSA certificate");
-              cert = CryptoUtil.signCert(caPrik, info, keyAlgorithm);
+              CMS.debug("CA signing cert is not ecc");
+              cert = CryptoUtil.signCert(caPrik, info,
+                      caSigningKeyAlgo);
             }
 
             if (cert != null) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
index 39cc2c211..d7670cd9b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
@@ -416,7 +416,8 @@ public class SizePanel extends WizardPanelBase {
     public void createECCKeyPair(String token, int keysize, IConfigStore config, String ct) 
             throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException
     {
-        CMS.debug("Generating ECC key pair");
+        CMS.debug("Generating ECC key pair with keysize="+ keysize +
+                    ", token="+token);
         KeyPair pair = null;
         /*
          * default ssl server cert to ECDHE unless stated otherwise
diff --git a/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
index 177affad2..15aac27b7 100644
--- a/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
+++ b/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
@@ -160,6 +160,7 @@ public class CryptoUtil {
                 NoSuchAlgorithmException,
                 TokenException {
         CryptoToken t = getTokenByName(token);
+
         KeyPairAlgorithm alg = KeyPairAlgorithm.EC;
         KeyPairGenerator g = t.getKeyPairGenerator(alg);
 
@@ -532,7 +533,7 @@ public class CryptoUtil {
                 CertificateException, 
                 InvalidKeyException {
         // set default; use the other call with "alg" to set algorithm
-        String alg = "SHA1withRSA";
+        String alg = "SHA256withRSA";
         try {
         return createX509CertInfo (x509key, serialno, issuername, subjname, notBefore, notAfter, alg);
         } catch (NoSuchAlgorithmException ex) {
@@ -583,7 +584,7 @@ public class CryptoUtil {
                 CertificateException
     {
         // set default; use the other call with "alg" to specify algorithm
-        String alg = "SHA1withEC";
+        String alg = "SHA256withEC";
         return signECCCert(privateKey, certInfo, alg);
     }
 
@@ -670,9 +671,9 @@ public class CryptoUtil {
                 InvalidKeyException, IOException, CertificateException,
                 SignatureException {
         // give default
-        String alg = "SHA1withRSA";
+        String alg = "SHA256withRSA";
         if (isECCKey(pubk)) {
-          alg = "SHA1withEC";
+          alg = "SHA256withEC";
         }
         return createCertificationRequest(subjectName, pubk, prik, alg);
     }
@@ -707,9 +708,9 @@ public class CryptoUtil {
         PublicKey pubk = keyPair.getPublic();
         X509Key key = convertPublicKeyToX509Key(pubk);
         if (pubk instanceof RSAPublicKey) {
-            alg = "SHA1withRSA";
+            alg = "SHA256withRSA";
         } else if (isECCKey(key)) {
-            alg = "SHA1withEC";
+            alg = "SHA256withEC";
         } else {
             // Assert.assert(pubk instanceof DSAPublicKey);
             alg = "DSA";