diff options
| author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-09-21 00:28:48 +0000 |
|---|---|---|
| committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-09-21 00:28:48 +0000 |
| commit | 962d2c5f60b2498511fc9f675d1e1117995cdd03 (patch) | |
| tree | 6f6794b68c6f91e751e95fb54fe70b8e1b77eed0 /pki/base/common/src/com/netscape/cms/servlet/common | |
| parent | c305cf21c4649944c21fd7eb228c3645fc3b9679 (diff) | |
| download | pki-962d2c5f60b2498511fc9f675d1e1117995cdd03.tar.gz pki-962d2c5f60b2498511fc9f675d1e1117995cdd03.tar.xz pki-962d2c5f60b2498511fc9f675d1e1117995cdd03.zip | |
Bug 634663 - CA CMC response default hard-coded to SHA1
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1310 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/common')
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java index e7d2aaa94..6cd9e7afb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java @@ -41,6 +41,7 @@ import org.mozilla.jss.*; import netscape.security.x509.*; import com.netscape.certsrv.profile.*; import com.netscape.certsrv.ca.*; +import com.netscape.certsrv.security.*; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -350,13 +351,12 @@ public class CMCOutputTemplate { issuer, new INTEGER(x509CAcert.getSerialNumber().toString())); SignerIdentifier si = new SignerIdentifier( SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); - // SHA1 is the default digest Alg for now. - DigestAlgorithm digestAlg = null; - SignatureAlgorithm signAlg = null; + // use CA instance's default signature and digest algorithm + SignatureAlgorithm signAlg = ca.getDefaultSignatureAlgorithm(); org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509CAcert); +/* org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); - if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.RSA ) ) { signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) { @@ -368,17 +368,17 @@ public class CMCOutputTemplate { + "signAlg is unsupported!" ); return null; } - - MessageDigest SHADigest = null; +*/ + DigestAlgorithm digestAlg = signAlg.getDigestAlg(); + MessageDigest msgDigest = null; byte[] digest = null; - SHADigest = MessageDigest.getInstance("SHA1"); - digestAlg = DigestAlgorithm.SHA1; + msgDigest = MessageDigest.getInstance(digestAlg.toString()); ByteArrayOutputStream ostream = new ByteArrayOutputStream(); respBody.encode((OutputStream) ostream); - digest = SHADigest.digest(ostream.toByteArray()); + digest = msgDigest.digest(ostream.toByteArray()); SignerInfo signInfo = new SignerInfo(si, null, null, @@ -400,6 +400,7 @@ public class CMCOutputTemplate { enContentInfo, certs, null, signInfos); ContentInfo contentInfo = new ContentInfo(signedData); + CMS.debug("CMCOutputTemplate::getContentInfo() - done"); return contentInfo; } catch (Exception e) { CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: "+e.toString()); |