Bug 499494 - change CA defaults to SHA2 (phase 1)

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1516 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

3 files changed, 4 insertions, 4 deletions

diff --git a/pki/base/ca/shared/profiles/ca/caDualCert.cfg b/pki/base/ca/shared/profiles/ca/caDualCert.cfg
index f85c70f41..e85cbe002 100644
--- a/pki/base/ca/shared/profiles/ca/caDualCert.cfg
+++ b/pki/base/ca/shared/profiles/ca/caDualCert.cfg
@@ -164,5 +164,5 @@ policyset.signingCertSet.9.constraint.name=No Constraint
 policyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
 policyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.signingCertSet.9.default.name=Signing Alg
-policyset.signingCertSet.9.default.params.signingAlg=SHA1withRSA
+policyset.signingCertSet.9.default.params.signingAlg=-
 policyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java
index 26d9a2df8..b3061837a 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java
@@ -61,7 +61,7 @@ public class SigningAlgDefault extends EnrollDefault {
     public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_ALGORITHM)) {
             return new Descriptor(IDescriptor.CHOICE, DEF_CONFIG_ALGORITHMS,
-                    "SHA1withRSA",
+                    "SHA256withRSA",
                     CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM"));
         } else {
             return null;
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java
index 719a171a3..e79372b16 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java
@@ -92,7 +92,7 @@ public class FileSigningInput extends EnrollInput implements IProfileInput {
         throws EProfileException {
         request.setExtData(TEXT, ctx.get(TEXT));
         request.setExtData(URL, ctx.get(URL));
-        request.setExtData(DIGEST_TYPE, "SHA1");
+        request.setExtData(DIGEST_TYPE, "SHA256");
  
         try {
           // retrieve file and calculate the hash
@@ -111,7 +111,7 @@ public class FileSigningInput extends EnrollInput implements IProfileInput {
           is.close();
 
           // calculate digest
-          MessageDigest digester = MessageDigest.getInstance("SHA1");
+          MessageDigest digester = MessageDigest.getInstance("SHA256");
           byte digest[] = digester.digest(data);
           request.setExtData(DIGEST, toHexString(digest));
         } catch (Exception e) {