diff options
| author | Andrew Wnuk <awnuk@redhat.com> | 2012-02-29 18:31:58 -0800 |
|---|---|---|
| committer | Andrew Wnuk <awnuk@redhat.com> | 2012-02-29 18:31:58 -0800 |
| commit | daa4b591dfed937a8384babbe6d39686b70f7efd (patch) | |
| tree | 5e5ec111681ee54d289a33a873ba85cc42732504 /pki | |
| parent | a42cc41559436f94ba38b3d54b2d52b2126147b8 (diff) | |
| download | pki-daa4b591dfed937a8384babbe6d39686b70f7efd.tar.gz pki-daa4b591dfed937a8384babbe6d39686b70f7efd.tar.xz pki-daa4b591dfed937a8384babbe6d39686b70f7efd.zip | |
Option to change default algorithms
RSA should be default selection for transport, storage, and audit keys till ECC is fully implemented.
Bug #787806.
Diffstat (limited to 'pki')
| -rw-r--r-- | pki/base/ca/shared/conf/CS.cfg.in | 1 | ||||
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java | 2 | ||||
| -rw-r--r-- | pki/base/kra/shared/conf/CS.cfg.in | 1 | ||||
| -rw-r--r-- | pki/base/ocsp/shared/conf/CS.cfg.in | 1 | ||||
| -rw-r--r-- | pki/base/tks/shared/conf/CS.cfg.in | 1 | ||||
| -rw-r--r-- | pki/dogtag/common-ui/shared/admin/console/config/sizepanel.vm | 44 |
6 files changed, 43 insertions, 7 deletions
diff --git a/pki/base/ca/shared/conf/CS.cfg.in b/pki/base/ca/shared/conf/CS.cfg.in index 13278ae72..1ba0d2f40 100644 --- a/pki/base/ca/shared/conf/CS.cfg.in +++ b/pki/base/ca/shared/conf/CS.cfg.in @@ -59,6 +59,7 @@ ca.cert.sslserver.certusage=SSLServer ca.cert.subsystem.certusage=SSLClient ca.cert.audit_signing.certusage=ObjectSigner preop.cert.list=signing,ocsp_signing,sslserver,subsystem,audit_signing +preop.cert.rsalist=audit_signing preop.cert.signing.enable=true preop.cert.ocsp_signing.enable=true preop.cert.sslserver.enable=true diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java index 03f0e186d..678145a92 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java @@ -153,6 +153,8 @@ public class SizePanel extends WizardPanelBase { // same token for now String token = config.getString(PRE_CONF_CA_TOKEN); String certTags = config.getString("preop.cert.list"); + String rsaCertTags = config.getString("preop.cert.rsalist", ""); + context.put("rsaTags", rsaCertTags); StringTokenizer st = new StringTokenizer(certTags, ","); mShowSigning = false; diff --git a/pki/base/kra/shared/conf/CS.cfg.in b/pki/base/kra/shared/conf/CS.cfg.in index c99058b74..19570155c 100644 --- a/pki/base/kra/shared/conf/CS.cfg.in +++ b/pki/base/kra/shared/conf/CS.cfg.in @@ -49,6 +49,7 @@ kra.cert.sslserver.certusage=SSLServer kra.cert.subsystem.certusage=SSLClient kra.cert.audit_signing.certusage=ObjectSigner preop.cert.list=transport,storage,sslserver,subsystem,audit_signing +preop.cert.rsalist=transport,storage,audit_signing preop.cert.transport.enable=true preop.cert.storage.enable=true preop.cert.sslserver.enable=true diff --git a/pki/base/ocsp/shared/conf/CS.cfg.in b/pki/base/ocsp/shared/conf/CS.cfg.in index c05c23fbb..4dbda23cb 100644 --- a/pki/base/ocsp/shared/conf/CS.cfg.in +++ b/pki/base/ocsp/shared/conf/CS.cfg.in @@ -43,6 +43,7 @@ preop.configModules.count=3 preop.module.token=Internal Key Storage Token ocsp.cert.list=signing,sslserver,subsystem,audit_signing preop.cert.list=signing,sslserver,subsystem,audit_signing +preop.cert.rsalist=audit_signing ocsp.cert.signing.certusage=StatusResponder ocsp.cert.sslserver.certusage=SSLServer ocsp.cert.subsystem.certusage=SSLClient diff --git a/pki/base/tks/shared/conf/CS.cfg.in b/pki/base/tks/shared/conf/CS.cfg.in index 213b7645f..bf195d234 100644 --- a/pki/base/tks/shared/conf/CS.cfg.in +++ b/pki/base/tks/shared/conf/CS.cfg.in @@ -34,6 +34,7 @@ tks.cert.sslserver.certusage=SSLServer tks.cert.subsystem.certusage=SSLClient tks.cert.audit_signing.certusage=ObjectSigner preop.cert.list=sslserver,subsystem,audit_signing +preop.cert.rsalist=audit_signing preop.cert.sslserver.enable=true preop.cert.subsystem.enable=true preop.cert.audit_signing.enable=true diff --git a/pki/dogtag/common-ui/shared/admin/console/config/sizepanel.vm b/pki/dogtag/common-ui/shared/admin/console/config/sizepanel.vm index d8b3c3108..ef80ecf20 100644 --- a/pki/dogtag/common-ui/shared/admin/console/config/sizepanel.vm +++ b/pki/dogtag/common-ui/shared/admin/console/config/sizepanel.vm @@ -35,6 +35,13 @@ var rsalist="${rsalist}"; var ecclist="${ecclist}"; var curvelist="${curvelist}"; var displaycurvelist = "${displaycurvelist}"; +var rsaTags = "${rsaTags}"; +var additionalMessage = ""; +if (rsaTags.length > 0) { + additionalMessage = (rsaTags.indexOf(",") != -1)? + "<p><b>IMPORTANT:</b> <i>Currently, the Audit Log Signing, Transport, and Storage functionality <b>ONLY</b> support RSA keys. Users that require ECC keys <b>MUST</b> first select the ECC key type and then verify on the Advanced tab that RSA keys are selected for the Audit Log Signing Certificate, Transport Certificate, and Storage Certificate. All other keys can be ECC.</i>": + "<p><b>IMPORTANT:</b> <i>Currently, the Audit Log Signing functionality <b>ONLY</b> supports RSA keys. Users that require ECC keys <b>MUST</b> first select the ECC key type and then verify on the Advanced tab that an RSA key is selected for the Audit Log Signing Certificate. All other keys can be ECC.</i>"; +} function myOnLoad() { var form = document.forms[0]; @@ -143,7 +150,7 @@ function setAlgOptions(keyType, certTag) } else { algSelect = document.forms[0].elements[certTag + '_keyalgorithm']; } - if (algSelect == undefined) { + if (typeof(algSelect) == "undefined") { return; } algSelect.options.length=0; @@ -179,6 +186,9 @@ function setSigningAlgOptions(keyType, certTag) } else { algSelect = document.forms[0].elements[certTag + '_signingalgorithm']; } + if (typeof(algSelect) == "undefined") { + return; + } algSelect.options.length=0; if (keyType == "rsa") { list = rsalist.split(","); @@ -229,6 +239,17 @@ function toggleAllKeyCurves(keyType) } } +function indexOfTag(tag) +{ + var index = rsaTags.indexOf(tag); + if (index > 0) { + if (rsaTags.charAt(index-1) != ',') { + index = -1; + } + } + return index; +} + function keyTypeChange(certTag) { var form = document.forms[0]; @@ -237,13 +258,18 @@ function keyTypeChange(certTag) keyTypeSelect = document.forms[0].elements['keytype']; for (var i = 0; i < form.length; i++) { var name = form[i].name; - if (name.indexOf('_keytype') != -1) { - form.elements[name].selectedIndex = keyTypeSelect.selectedIndex; + var k = name.indexOf('_keytype'); + if (k != -1) { + var tag = name.substring(0, k); + if ((keyTypeSelect.value.indexOf('ecc') != -1) && + (indexOfTag(tag) == -1)) { + form.elements[name].selectedIndex = keyTypeSelect.selectedIndex; + setAlgOptions(keyTypeSelect.value, tag); + setSigningAlgOptions(keyTypeSelect.value, tag); + toggleKeyCurve(keyTypeSelect.value, tag); + } } } - setAllAlgOptions(keyTypeSelect.value); - setAllSigningAlgOptions(keyTypeSelect.value); - toggleAllKeyCurves(keyTypeSelect.value); } else { keyTypeSelect = document.forms[0].elements[certTag + '_keytype']; toggleKeyCurve(keyTypeSelect.value, certTag); @@ -337,7 +363,11 @@ function displayCurveList() } </SCRIPT> -Select the key pair type(s), associated key pair size(s) or curve name(s), and signature algorithm(s) from the pulldown menus. <font color="red">Currently, the Audit Log Signing functionality only supports RSA keys. Users that require ECC keys must select the Advanced tab, and specify RSA keys for the Audit Log Signing Certificate. All other keys can be ECC. </font><a href="javascript:toggle_details();">[Details]</a> +Select the key pair type(s), associated key pair size(s) or curve name(s), and signature algorithm(s) from the pulldown menus. +<SCRIPT type="text/JavaScript"> +document.write(additionalMessage); +</SCRIPT> + <a href="javascript:toggle_details();">[Details]</a> <SCRIPT type="text/JavaScript"> function toggle_details() { |