Bug 504061 - ECC: unable to install subsystems (sub-CA, DRM, TKS, etc.) for an ECC CA (installation and starting ONLY. Run time issues are filed as separate bugs)

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1330 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

1 files changed, 3 insertions, 2 deletions

diff --git a/pki/base/kra/src/com/netscape/kra/TransportKeyUnit.java b/pki/base/kra/src/com/netscape/kra/TransportKeyUnit.java
index 4fc65fcea..e7e0e9f64 100644
--- a/pki/base/kra/src/com/netscape/kra/TransportKeyUnit.java
+++ b/pki/base/kra/src/com/netscape/kra/TransportKeyUnit.java
@@ -38,6 +38,7 @@ import org.mozilla.jss.util.*;
 import org.mozilla.jss.crypto.*;
 import org.mozilla.jss.*;
 import org.mozilla.jss.crypto.PrivateKey;
+import com.netscape.cmsutil.util.Cert;
 
 
 /**
@@ -96,11 +97,11 @@ public class TransportKeyUnit extends EncryptionUnit implements
         try {
             mManager = CryptoManager.getInstance();
             mCert = mManager.findCertByNickname(getNickName());
+            String algo = config.getString("signingAlgorithm", "SHA256withRSA");
 
             // #613795 - initialize this; otherwise JSS is not happy
             CryptoToken token = getToken(); 
-            SignatureAlgorithm sigalg = 
-              SignatureAlgorithm.RSASignatureWithMD5Digest;
+            SignatureAlgorithm sigalg = Cert.mapAlgorithmToJss(algo);
             Signature signer = token.getSignatureContext(sigalg); 
             signer.initSign(getPrivateKey());