diff options
| author | Andrew Wnuk <awnuk@redhat.com> | 2012-03-06 11:04:51 -0800 |
|---|---|---|
| committer | Andrew Wnuk <awnuk@redhat.com> | 2012-03-06 11:04:51 -0800 |
| commit | 7364a11df617ee2ceabe7a686a4ad5d8e19f9dac (patch) | |
| tree | 0131ec9865722a079f2e0fed8dca7cab2f34d87e | |
| parent | f1f2482bb0a6a812ccaffc2bfbb8761323ecd8c8 (diff) | |
| download | pki-7364a11df617ee2ceabe7a686a4ad5d8e19f9dac.tar.gz pki-7364a11df617ee2ceabe7a686a4ad5d8e19f9dac.tar.xz pki-7364a11df617ee2ceabe7a686a4ad5d8e19f9dac.zip | |
Option to create ECC credentials for admin
Configuration wizard should provide option to issue ECC credentials for admin during ECC CA configuration.
Bug #784387.
| -rw-r--r-- | pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 4 | ||||
| -rw-r--r-- | pki/dogtag/common-ui/shared/admin/console/config/adminpanel.vm | 11 |
2 files changed, 14 insertions, 1 deletions
diff --git a/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index 92d0f7e55..bf4de6a83 100644 --- a/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -99,6 +99,7 @@ import org.mozilla.jss.crypto.SignatureAlgorithm; import org.mozilla.jss.crypto.SymmetricKey; import org.mozilla.jss.crypto.TokenException; import org.mozilla.jss.crypto.X509Certificate; +import org.mozilla.jss.pkcs11.PK11ECPublicKey; import org.mozilla.jss.pkcs12.PasswordConverter; import org.mozilla.jss.pkcs7.EncryptedContentInfo; import org.mozilla.jss.pkix.crmf.CertReqMsg; @@ -579,6 +580,9 @@ public class CryptoUtil { xKey = new netscape.security.provider.RSAPublicKey( new BigInt(rsaKey.getModulus()), new BigInt(rsaKey.getPublicExponent())); + } else if (pubk instanceof PK11ECPublicKey) { + byte encoded[] = pubk.getEncoded(); + xKey = CryptoUtil.getPublicX509ECCKey(encoded); } else { // Assert.assert(pubk instanceof DSAPublicKey); DSAPublicKey dsaKey = (DSAPublicKey) pubk; diff --git a/pki/dogtag/common-ui/shared/admin/console/config/adminpanel.vm b/pki/dogtag/common-ui/shared/admin/console/config/adminpanel.vm index 60af2a530..5db27e00d 100644 --- a/pki/dogtag/common-ui/shared/admin/console/config/adminpanel.vm +++ b/pki/dogtag/common-ui/shared/admin/console/config/adminpanel.vm @@ -35,13 +35,18 @@ function performPanel() { var dn = "cn=" + name + ",uid=admin,e="+email+",o="+o; document.forms[0].subject.value = dn; var keyGenAlg = "rsa-dual-use"; + var keyParams = null; + if (document.forms[0].keytype.value == 'ecc') { + keyGenAlg = "ec-dual-use"; + keyParams = "curve=nistp256" + } if (navigator.appName == "Netscape" && typeof(crypto.version) != "undefined") { crmfObject = crypto.generateCRMFRequest( dn, "regToken", "authenticator", null, - "setCRMFRequest();", 1024, null, keyGenAlg); + "setCRMFRequest();", 2048, keyParams, keyGenAlg); } else { Send_OnClick(); } @@ -204,6 +209,10 @@ The administrator is a privileged user who manages this subsystem. Please enter <input type="hidden" name="securitydomain" value="$securityDomain" /> <input type="hidden" name="subject" value="cn=x" /> </tr> + <tr> + <th>Key Type:</th> + <td><select name="keytype"><option value="rsa">RSA</option><option value="ecc">ECC</option></select></td> + </tr> </table> <div align="right"> <hr /> |