diff options
39 files changed, 96 insertions, 41 deletions
diff --git a/pki/base/ca/shared/conf/CS.cfg b/pki/base/ca/shared/conf/CS.cfg index 1f237de2e..b7c24d224 100644 --- a/pki/base/ca/shared/conf/CS.cfg +++ b/pki/base/ca/shared/conf/CS.cfg @@ -490,7 +490,7 @@ ca.Policy.rule.ServerCertKeyUsageExt.keyCertsign=false ca.Policy.rule.ServerCertKeyUsageExt.keyEncipherment=true ca.Policy.rule.ServerCertKeyUsageExt.nonRepudiation=true ca.Policy.rule.ServerCertKeyUsageExt.predicate=HTTP_PARAMS.certType==server -ca.Policy.rule.SigningAlgRule.algorithms=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withEC +ca.Policy.rule.SigningAlgRule.algorithms=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC ca.Policy.rule.SigningAlgRule.enable=true ca.Policy.rule.SigningAlgRule.implName=SigningAlgorithmConstraints ca.Policy.rule.SigningAlgRule.predicate= diff --git a/pki/base/ca/shared/profiles/ca/caAdminCert.cfg b/pki/base/ca/shared/profiles/ca/caAdminCert.cfg index db15fe83f..853940728 100644 --- a/pki/base/ca/shared/profiles/ca/caAdminCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caAdminCert.cfg @@ -82,7 +82,7 @@ policyset.adminCertSet.7.default.params.exKeyUsageCritical=false policyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.adminCertSet.8.constraint.name=No Constraint -policyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl policyset.adminCertSet.8.default.name=Signing Alg policyset.adminCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caAgentFileSigning.cfg b/pki/base/ca/shared/profiles/ca/caAgentFileSigning.cfg index 192756222..3472d2642 100644 --- a/pki/base/ca/shared/profiles/ca/caAgentFileSigning.cfg +++ b/pki/base/ca/shared/profiles/ca/caAgentFileSigning.cfg @@ -81,7 +81,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.serverCertSet.8.constraint.name=No Constraint -policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl policyset.serverCertSet.8.default.name=Signing Alg policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caAgentServerCert.cfg b/pki/base/ca/shared/profiles/ca/caAgentServerCert.cfg index 534becd63..cd642d368 100644 --- a/pki/base/ca/shared/profiles/ca/caAgentServerCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caAgentServerCert.cfg @@ -80,7 +80,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.serverCertSet.8.constraint.name=No Constraint -policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl policyset.serverCertSet.8.default.name=Signing Alg policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caCACert.cfg b/pki/base/ca/shared/profiles/ca/caCACert.cfg index 0af20356b..6438406e3 100644 --- a/pki/base/ca/shared/profiles/ca/caCACert.cfg +++ b/pki/base/ca/shared/profiles/ca/caCACert.cfg @@ -80,7 +80,7 @@ policyset.caCertSet.8.default.name=Subject Key Identifier Extension Default policyset.caCertSet.8.default.params.critical=false policyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.caCertSet.9.constraint.name=No Constraint -policyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.caCertSet.9.default.class_id=signingAlgDefaultImpl policyset.caCertSet.9.default.name=Signing Alg policyset.caCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caCMCUserCert.cfg b/pki/base/ca/shared/profiles/ca/caCMCUserCert.cfg index f9f55851a..47f53a78c 100644 --- a/pki/base/ca/shared/profiles/ca/caCMCUserCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caCMCUserCert.cfg @@ -81,7 +81,7 @@ policyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false policyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.cmcUserCertSet.8.constraint.name=No Constraint -policyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl policyset.cmcUserCertSet.8.default.name=Signing Alg policyset.cmcUserCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caDirUserCert.cfg b/pki/base/ca/shared/profiles/ca/caDirUserCert.cfg index 693f3dc9e..7e334a276 100644 --- a/pki/base/ca/shared/profiles/ca/caDirUserCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caDirUserCert.cfg @@ -94,7 +94,7 @@ policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint -policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caDualCert.cfg b/pki/base/ca/shared/profiles/ca/caDualCert.cfg index bd99199fa..78b73a8e4 100644 --- a/pki/base/ca/shared/profiles/ca/caDualCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caDualCert.cfg @@ -90,7 +90,7 @@ policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1 policyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.encryptionCertSet.9.constraint.name=No Constraint -policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl policyset.encryptionCertSet.9.default.name=Signing Alg policyset.encryptionCertSet.9.default.params.signingAlg=- @@ -163,8 +163,8 @@ policyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.signingCertSet.8.default.params.subjAltNameNumGNs=1 policyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.signingCertSet.9.constraint.name=No Constraint -policyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA +policyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl policyset.signingCertSet.9.default.name=Signing Alg policyset.signingCertSet.9.default.params.signingAlg=SHA1withRSA -policyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA +policyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC diff --git a/pki/base/ca/shared/profiles/ca/caDualRAuserCert.cfg b/pki/base/ca/shared/profiles/ca/caDualRAuserCert.cfg index 0f6036cf2..eb8849af3 100644 --- a/pki/base/ca/shared/profiles/ca/caDualRAuserCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caDualRAuserCert.cfg @@ -89,7 +89,7 @@ policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint -policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC +policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg b/pki/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg index 11a5475ec..d8752a9cf 100644 --- a/pki/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg @@ -80,7 +80,7 @@ policyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false policyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.cmcUserCertSet.8.constraint.name=No Constraint -policyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl policyset.cmcUserCertSet.8.default.name=Signing Alg policyset.cmcUserCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caInstallCACert.cfg b/pki/base/ca/shared/profiles/ca/caInstallCACert.cfg index 2f01ee306..f31c8899a 100644 --- a/pki/base/ca/shared/profiles/ca/caInstallCACert.cfg +++ b/pki/base/ca/shared/profiles/ca/caInstallCACert.cfg @@ -81,7 +81,7 @@ policyset.caCertSet.8.default.name=Subject Key Identifier Extension Default policyset.caCertSet.8.default.params.critical=false policyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.caCertSet.9.constraint.name=No Constraint -policyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.caCertSet.9.default.class_id=signingAlgDefaultImpl policyset.caCertSet.9.default.name=Signing Alg policyset.caCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg index 547a11166..449941a96 100644 --- a/pki/base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg @@ -81,7 +81,7 @@ policyset.auditSigningCertSet.7.default.params.exKeyUsageCritical=false policyset.auditSigningCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.4 policyset.auditSigningCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.auditSigningCertSet.9.constraint.name=No Constraint -policyset.auditSigningCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.auditSigningCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.auditSigningCertSet.9.default.class_id=signingAlgDefaultImpl policyset.auditSigningCertSet.9.default.name=Signing Alg policyset.auditSigningCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg index 5702c7662..89d89ea60 100644 --- a/pki/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg @@ -66,7 +66,7 @@ policyset.ocspCertSet.8.default.name=OCSP No Check Extension policyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false policyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.ocspCertSet.9.constraint.name=No Constraint -policyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl policyset.ocspCertSet.9.default.name=Signing Alg policyset.ocspCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg index 453d31e06..373cffa7d 100644 --- a/pki/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg @@ -66,7 +66,7 @@ policyset.ocspCertSet.8.default.name=OCSP No Check Extension policyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false policyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.ocspCertSet.9.constraint.name=No Constraint -policyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl policyset.ocspCertSet.9.default.name=Signing Alg policyset.ocspCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg index 85aff8b4f..9481e35c8 100644 --- a/pki/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg @@ -81,7 +81,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.serverCertSet.8.constraint.name=No Constraint -policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl policyset.serverCertSet.8.default.name=Signing Alg policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg index 95534a15a..6adbac8ef 100644 --- a/pki/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg @@ -83,7 +83,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.serverCertSet.8.constraint.name=No Constraint -policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl policyset.serverCertSet.8.default.name=Signing Alg policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg index 55896adb6..a8dd95b7b 100644 --- a/pki/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg @@ -75,7 +75,7 @@ policyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false policyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false policyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.transportCertSet.8.constraint.name=No Constraint -policyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl policyset.transportCertSet.8.default.name=Signing Alg policyset.transportCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caJarSigningCert.cfg b/pki/base/ca/shared/profiles/ca/caJarSigningCert.cfg index aa43f185d..e68cc75a9 100644 --- a/pki/base/ca/shared/profiles/ca/caJarSigningCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caJarSigningCert.cfg @@ -81,7 +81,7 @@ policyset.caJarSigningSet.5.default.params.nsCertSSLClient=false policyset.caJarSigningSet.5.default.params.nsCertSSLServer=false policyset.caJarSigningSet.6.constraint.class_id=signingAlgConstraintImpl policyset.caJarSigningSet.6.constraint.name=No Constraint -policyset.caJarSigningSet.6.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC +policyset.caJarSigningSet.6.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.caJarSigningSet.6.default.class_id=signingAlgDefaultImpl policyset.caJarSigningSet.6.default.name=Signing Alg policyset.caJarSigningSet.6.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caOCSPCert.cfg b/pki/base/ca/shared/profiles/ca/caOCSPCert.cfg index 4f5204f1e..191d5b4eb 100644 --- a/pki/base/ca/shared/profiles/ca/caOCSPCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caOCSPCert.cfg @@ -65,7 +65,7 @@ policyset.ocspCertSet.8.default.name=OCSP No Check Extension policyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false policyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.ocspCertSet.9.constraint.name=No Constraint -policyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl policyset.ocspCertSet.9.default.name=Signing Alg policyset.ocspCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caOtherCert.cfg b/pki/base/ca/shared/profiles/ca/caOtherCert.cfg index 2abdc36f8..2bc1ed5ba 100644 --- a/pki/base/ca/shared/profiles/ca/caOtherCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caOtherCert.cfg @@ -80,7 +80,7 @@ policyset.otherCertSet.7.default.params.exKeyUsageCritical=false policyset.otherCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1 policyset.otherCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.otherCertSet.8.constraint.name=No Constraint -policyset.otherCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.otherCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.otherCertSet.8.default.class_id=signingAlgDefaultImpl policyset.otherCertSet.8.default.name=Signing Alg policyset.otherCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caRACert.cfg b/pki/base/ca/shared/profiles/ca/caRACert.cfg index 4910bd4b7..0ecaed097 100644 --- a/pki/base/ca/shared/profiles/ca/caRACert.cfg +++ b/pki/base/ca/shared/profiles/ca/caRACert.cfg @@ -80,7 +80,7 @@ policyset.raCertSet.7.default.params.exKeyUsageCritical=false policyset.raCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2 policyset.raCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.raCertSet.8.constraint.name=No Constraint -policyset.raCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.raCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.raCertSet.8.default.class_id=signingAlgDefaultImpl policyset.raCertSet.8.default.name=Signing Alg policyset.raCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caRARouterCert.cfg b/pki/base/ca/shared/profiles/ca/caRARouterCert.cfg index a6df27a6e..b2a769a92 100644 --- a/pki/base/ca/shared/profiles/ca/caRARouterCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caRARouterCert.cfg @@ -80,7 +80,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.serverCertSet.8.constraint.name=No Constraint -policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl policyset.serverCertSet.8.default.name=Signing Alg policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caRAagentCert.cfg b/pki/base/ca/shared/profiles/ca/caRAagentCert.cfg index 97d4c9821..a5bad467e 100644 --- a/pki/base/ca/shared/profiles/ca/caRAagentCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caRAagentCert.cfg @@ -90,7 +90,7 @@ policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint -policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC +policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caRAserverCert.cfg b/pki/base/ca/shared/profiles/ca/caRAserverCert.cfg index e139a193f..6a4402025 100644 --- a/pki/base/ca/shared/profiles/ca/caRAserverCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caRAserverCert.cfg @@ -80,7 +80,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.serverCertSet.8.constraint.name=No Constraint -policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl policyset.serverCertSet.8.default.name=Signing Alg policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caRouterCert.cfg b/pki/base/ca/shared/profiles/ca/caRouterCert.cfg index 484651724..c7df41bff 100644 --- a/pki/base/ca/shared/profiles/ca/caRouterCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caRouterCert.cfg @@ -80,7 +80,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.serverCertSet.8.constraint.name=No Constraint -policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl policyset.serverCertSet.8.default.name=Signing Alg policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caServerCert.cfg b/pki/base/ca/shared/profiles/ca/caServerCert.cfg index 7f971429b..cc04f345a 100644 --- a/pki/base/ca/shared/profiles/ca/caServerCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caServerCert.cfg @@ -80,7 +80,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.serverCertSet.8.constraint.name=No Constraint -policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl policyset.serverCertSet.8.default.name=Signing Alg policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caSignedLogCert.cfg b/pki/base/ca/shared/profiles/ca/caSignedLogCert.cfg index 00a35d386..96b1abbbb 100644 --- a/pki/base/ca/shared/profiles/ca/caSignedLogCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caSignedLogCert.cfg @@ -69,7 +69,7 @@ policyset.caLogSigningSet.8.default.name=Subject Key Identifier Extension Defaul policyset.caLogSigningSet.8.default.params.critical=false policyset.caLogSigningSet.9.constraint.class_id=signingAlgConstraintImpl policyset.caLogSigningSet.9.constraint.name=No Constraint -policyset.caLogSigningSet.9.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC +policyset.caLogSigningSet.9.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.caLogSigningSet.9.default.class_id=signingAlgDefaultImpl policyset.caLogSigningSet.9.default.name=Signing Alg policyset.caLogSigningSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg b/pki/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg index 91e34b8ab..dd26a29b0 100644 --- a/pki/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg @@ -79,7 +79,7 @@ policyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false policyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.cmcUserCertSet.8.constraint.name=No Constraint -policyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl policyset.cmcUserCertSet.8.default.name=Signing Alg policyset.cmcUserCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caTPSCert.cfg b/pki/base/ca/shared/profiles/ca/caTPSCert.cfg index b2233a4e7..87bc5bf5d 100644 --- a/pki/base/ca/shared/profiles/ca/caTPSCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caTPSCert.cfg @@ -80,7 +80,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.serverCertSet.8.constraint.name=No Constraint -policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl policyset.serverCertSet.8.default.name=Signing Alg policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caTransportCert.cfg b/pki/base/ca/shared/profiles/ca/caTransportCert.cfg index a63e254c1..75fa3ad45 100644 --- a/pki/base/ca/shared/profiles/ca/caTransportCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caTransportCert.cfg @@ -74,7 +74,7 @@ policyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false policyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false policyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.transportCertSet.8.constraint.name=No Constraint -policyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl policyset.transportCertSet.8.default.name=Signing Alg policyset.transportCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg b/pki/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg index 357e4bea5..1acdf7a9e 100644 --- a/pki/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg @@ -94,7 +94,7 @@ policyset.userCertSet.8.default.params.subjAltExtSource_1=UUID4 policyset.userCertSet.8.default.params.subjAltNameNumGNs=2 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint -policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC +policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caUserCert.cfg b/pki/base/ca/shared/profiles/ca/caUserCert.cfg index 56780ac62..a2e5e8336 100644 --- a/pki/base/ca/shared/profiles/ca/caUserCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caUserCert.cfg @@ -96,7 +96,7 @@ policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint -policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC +policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/src/com/netscape/ca/SigningUnit.java b/pki/base/ca/src/com/netscape/ca/SigningUnit.java index d6ff93389..363f9df48 100644 --- a/pki/base/ca/src/com/netscape/ca/SigningUnit.java +++ b/pki/base/ca/src/com/netscape/ca/SigningUnit.java @@ -361,9 +361,9 @@ public final class SigningUnit implements ISigningUnit { } if (key.getAlgorithmId().getOID().equals(AlgorithmId.DSA_oid)) { - return new String[] { "SHA1withDSA" }; + return AlgorithmId.DSA_SIGNING_ALGORITHMS; } else { - return new String[] { "MD5withRSA", "MD2withRSA", "SHA1withRSA", "SHA256withRSA", "SHA512withRSA","SHA1withEC" }; + return AlgorithmId.ALL_SIGNING_ALGORITHMS; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java index fa9e078b2..d4a6fdc70 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java @@ -110,7 +110,7 @@ public class CACertCAEnrollProfile extends CAEnrollProfile IConfigStore defConfig4 = def4.getConfigStore(); defConfig4.putString("params.signingAlg","SHA1withRSA"); defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index 5e53c6588..8d94f1b13 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -2018,6 +2018,16 @@ private void createMasterKey(HttpServletRequest req, if (messageDigest.equals("SHA1")) { return "SHA1withDSA"; } + } else /* EC */ { + if (messageDigest.equals("SHA1")) { + return "SHA1withEC"; + } else if (messageDigest.equals("SHA256")) { + return "SHA256withEC"; + } else if (messageDigest.equals("SHA384")) { + return "SHA384withEC"; + } else if (messageDigest.equals("SHA512")) { + return "SHA512withEC"; + } } return null; } diff --git a/pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java b/pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java index 37c641e35..11fd5772a 100644 --- a/pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java +++ b/pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java @@ -340,9 +340,9 @@ public final class SigningUnit implements ISigningUnit { } if (key.getAlgorithmId().getOID().equals(AlgorithmId.DSA_oid)) { - return new String[] { "SHA1withDSA"}; + return AlgorithmId.DSA_SIGNING_ALGORITHMS; } else { - return new String[] { "MD5withRSA", "MD2withRSA", "SHA1withRSA"}; + return AlgorithmId.ALL_SIGNING_ALGORITHMS; } } diff --git a/pki/base/util/src/com/netscape/cmsutil/util/Cert.java b/pki/base/util/src/com/netscape/cmsutil/util/Cert.java index 8190321c2..f427d57ad 100644 --- a/pki/base/util/src/com/netscape/cmsutil/util/Cert.java +++ b/pki/base/util/src/com/netscape/cmsutil/util/Cert.java @@ -46,6 +46,12 @@ public class Cert { return SignatureAlgorithm.RSASignatureWithSHA512Digest; else if (algname.equals("SHA1withEC")) return SignatureAlgorithm.ECSignatureWithSHA1Digest; + else if (algname.equals("SHA256withEC")) + return SignatureAlgorithm.ECSignatureWithSHA256Digest; + else if (algname.equals("SHA384withEC")) + return SignatureAlgorithm.ECSignatureWithSHA384Digest; + else if (algname.equals("SHA512withEC")) + return SignatureAlgorithm.ECSignatureWithSHA512Digest; return null; } diff --git a/pki/base/util/src/netscape/security/pkcs/PKCS10.java b/pki/base/util/src/netscape/security/pkcs/PKCS10.java index 52725dd16..c07edbc2e 100644 --- a/pki/base/util/src/netscape/security/pkcs/PKCS10.java +++ b/pki/base/util/src/netscape/security/pkcs/PKCS10.java @@ -186,6 +186,12 @@ public class PKCS10 idName = "SHA1/DSA"; else if(idName.equals("SHA1withEC")) idName = "SHA1/EC"; + else if(idName.equals("SHA256withEC")) + idName = "SHA256/EC"; + else if(idName.equals("SHA384withEC")) + idName = "SHA384/EC"; + else if(idName.equals("SHA512withEC")) + idName = "SHA512/EC"; if (sigver) { sig = Signature.getInstance(idName,"Mozilla-JSS"); diff --git a/pki/base/util/src/netscape/security/x509/AlgorithmId.java b/pki/base/util/src/netscape/security/x509/AlgorithmId.java index 28f6fa494..e01049e73 100644 --- a/pki/base/util/src/netscape/security/x509/AlgorithmId.java +++ b/pki/base/util/src/netscape/security/x509/AlgorithmId.java @@ -311,6 +311,15 @@ public class AlgorithmId implements Serializable, DerEncoder { if (name.equals ("SHA1withEC") || name.equals("SHA1/EC") || name.equals("1.2.840.10045.4.1")) return AlgorithmId.sha1WithEC_oid; + if (name.equals ("SHA256withEC") || name.equals("SHA256/EC") + || name.equals("1.2.840.10045.4.3.2")) + return AlgorithmId.sha256WithEC_oid; + if (name.equals ("SHA384withEC") || name.equals("SHA384/EC") + || name.equals("1.2.840.10045.4.3.3")) + return AlgorithmId.sha384WithEC_oid; + if (name.equals ("SHA512withEC") || name.equals("SHA512/EC") + || name.equals("1.2.840.10045.4.3.4")) + return AlgorithmId.sha512WithEC_oid; if (name.equals ("SHA1withRSA") || name.equals("SHA1/RSA") || name.equals("1.2.840.113549.1.1.5")) return AlgorithmId.sha1WithRSAEncryption_oid; @@ -374,6 +383,12 @@ public class AlgorithmId implements Serializable, DerEncoder { if (algid.equals (AlgorithmId.sha1WithEC_oid)) return "SHA1withEC"; + if (algid.equals (AlgorithmId.sha256WithEC_oid)) + return "SHA256withEC"; + if (algid.equals (AlgorithmId.sha384WithEC_oid)) + return "SHA384withEC"; + if (algid.equals (AlgorithmId.sha512WithEC_oid)) + return "SHA512withEC"; if (algid.equals (AlgorithmId.md5WithRSAEncryption_oid)) return "MD5withRSA"; if (algid.equals (AlgorithmId.md2WithRSAEncryption_oid)) @@ -630,6 +645,12 @@ public class AlgorithmId implements Serializable, DerEncoder { */ private static final int sha1WithEC_data[] = { 1, 2, 840, 10045, 4, 1 }; + private static final int sha256WithEC_data[] = + { 1, 2, 840, 10045, 4, 3, 2 }; + private static final int sha384WithEC_data[] = + { 1, 2, 840, 10045, 4, 3, 3 }; + private static final int sha512WithEC_data[] = + { 1, 2, 840, 10045, 4, 3, 4 }; private static final int md2WithRSAEncryption_data[] = { 1, 2, 840, 113549, 1, 1, 2 }; private static final int md5WithRSAEncryption_data[] = @@ -653,6 +674,18 @@ public class AlgorithmId implements Serializable, DerEncoder { sha1WithEC_oid = new ObjectIdentifier(sha1WithEC_data); + public static final ObjectIdentifier + sha256WithEC_oid = new + ObjectIdentifier(sha256WithEC_data); + + public static final ObjectIdentifier + sha384WithEC_oid = new + ObjectIdentifier(sha384WithEC_data); + + public static final ObjectIdentifier + sha512WithEC_oid = new + ObjectIdentifier(sha512WithEC_data); + /** * Identifies a signing algorithm where an MD2 digest is encrypted * using an RSA private key; defined in PKCS #1. Use of this @@ -740,12 +773,12 @@ public class AlgorithmId implements Serializable, DerEncoder { { "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "MD5withRSA", "MD2withRSA" }; public static final String[] EC_SIGNING_ALGORITHMS = new String[] - { "SHA1withEC" }; + { "SHA1withEC", "SHA256withEC", "SHA384withEC", "SHA512withEC" }; /** * All supported signing algorithms. */ public static final String[] ALL_SIGNING_ALGORITHMS = new String[] - { "SHA1withRSA", "MD5withRSA", "MD2withRSA", "SHA1withDSA", "SHA256withRSA", "SHA512withRSA", "SHA1withEC" }; + { "SHA1withRSA", "MD5withRSA", "MD2withRSA", "SHA1withDSA", "SHA256withRSA", "SHA512withRSA", "SHA1withEC", "SHA256withEC", "SHA384withEC", "SHA512withEC" }; } |