Fix generation of CRMF request for ECC keys

Old CRMFPopClients add the OID for ECC public keys in the encryption
algorithm OID for no obvious reason (considering the OID was never
read on the server side to begin with).

Now that we do read and use that field, we need to set it properly,
and also special case on the server side to handle old clients.

Change-Id: I0d753e572206e9062746c879ce683978e5e657bd

1 files changed, 1 insertions, 15 deletions

diff --git a/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java b/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java
index 901528c2f..9d81a72a6 100644
--- a/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java
+++ b/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java
@@ -562,7 +562,7 @@ public class CRMFPopClient {
         }
 
         byte[] iv = CryptoUtil.getNonceData(encryptAlg.getIVLength());
-        AlgorithmIdentifier aid = getAlgorithmId(algorithm, encryptAlg, iv);
+        AlgorithmIdentifier aid = new AlgorithmIdentifier(encryptAlg.toOID(), new OCTET_STRING(iv));
         WrappingParams params = getWrappingParams(encryptAlg, iv);
 
         PKIArchiveOptions opts = CryptoUtil.createPKIArchiveOptions(
@@ -600,20 +600,6 @@ public class CRMFPopClient {
         }
     }
 
-    private AlgorithmIdentifier getAlgorithmId(String algorithm, EncryptionAlgorithm encryptAlg, byte[] iv)
-            throws Exception {
-        AlgorithmIdentifier aid;
-        if (algorithm.equals("rsa")) {
-            aid = new AlgorithmIdentifier(encryptAlg.toOID(), new OCTET_STRING(iv));
-        } else if (algorithm.equals("ec")) {
-            // TODO(alee) figure out what this should be for ECC
-            aid = new AlgorithmIdentifier(new OBJECT_IDENTIFIER("1.2.840.10045.2.1"), new OCTET_STRING(iv));
-        } else {
-            throw new Exception("Unknown algorithm: " + algorithm);
-        }
-        return aid;
-    }
-
     public OCTET_STRING createIDPOPLinkWitness() throws Exception {
 
         String secretValue = "testing";