diff options
author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-11-17 01:25:33 +0000 |
---|---|---|
committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-11-17 01:25:33 +0000 |
commit | bfe068b1d96afc4cfb0b4535db838e404684c2ce (patch) | |
tree | 405c81a3f156c919fc1e7a9ff66aab926919c49a | |
parent | 2b212177b4a8d46f48eb420e3f9276979cb2fcbf (diff) | |
download | pki-bfe068b1d96afc4cfb0b4535db838e404684c2ce.tar.gz pki-bfe068b1d96afc4cfb0b4535db838e404684c2ce.tar.xz pki-bfe068b1d96afc4cfb0b4535db838e404684c2ce.zip |
Bug 499494 - change CA defaults to SHA2 (phase 1)
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1516 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
3 files changed, 4 insertions, 4 deletions
diff --git a/pki/base/ca/shared/profiles/ca/caDualCert.cfg b/pki/base/ca/shared/profiles/ca/caDualCert.cfg index f85c70f41..e85cbe002 100644 --- a/pki/base/ca/shared/profiles/ca/caDualCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caDualCert.cfg @@ -164,5 +164,5 @@ policyset.signingCertSet.9.constraint.name=No Constraint policyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl policyset.signingCertSet.9.default.name=Signing Alg -policyset.signingCertSet.9.default.params.signingAlg=SHA1withRSA +policyset.signingCertSet.9.default.params.signingAlg=- policyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java index 26d9a2df8..b3061837a 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java @@ -61,7 +61,7 @@ public class SigningAlgDefault extends EnrollDefault { public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_ALGORITHM)) { return new Descriptor(IDescriptor.CHOICE, DEF_CONFIG_ALGORITHMS, - "SHA1withRSA", + "SHA256withRSA", CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM")); } else { return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java index 719a171a3..e79372b16 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java @@ -92,7 +92,7 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { throws EProfileException { request.setExtData(TEXT, ctx.get(TEXT)); request.setExtData(URL, ctx.get(URL)); - request.setExtData(DIGEST_TYPE, "SHA1"); + request.setExtData(DIGEST_TYPE, "SHA256"); try { // retrieve file and calculate the hash @@ -111,7 +111,7 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { is.close(); // calculate digest - MessageDigest digester = MessageDigest.getInstance("SHA1"); + MessageDigest digester = MessageDigest.getInstance("SHA256"); byte digest[] = digester.digest(data); request.setExtData(DIGEST, toHexString(digest)); } catch (Exception e) { |