diff options
23 files changed, 587 insertions, 61 deletions
diff --git a/pki/base/common/src/UserMessages.properties b/pki/base/common/src/UserMessages.properties index 9d454a981..af3f28f6f 100644 --- a/pki/base/common/src/UserMessages.properties +++ b/pki/base/common/src/UserMessages.properties @@ -88,6 +88,7 @@ CMS_BASE_CA_SIGNINGCERT_NOT_FOUND=CA signing certificate not found CMS_BASE_INVALID_NUMBER_FORMAT=Invalid number format CMS_BASE_INVALID_NUMBER_FORMAT_1=Invalid number format: {0} CMS_BASE_INVALID_CERT_EXTENSION=Invalid certificate extension +CMS_BASE_INVALID_ECC_CURVE_NAME=Invalid ECC Curve Name CMS_BASE_NO_EMPTY_CIPHERPREFS=Blank cipher preferences are not allowed CMS_BASE_LOGIN_FAILED=Failed to login to the token: incorrect password CMS_BASE_INVALID_KEYSIZE_PARAMS=The key size {0} is outside the bounds described by the DSA key pair generation algorithm. diff --git a/pki/base/common/src/com/netscape/certsrv/common/Constants.java b/pki/base/common/src/com/netscape/certsrv/common/Constants.java index c58eef14c..6c6cef0ff 100644 --- a/pki/base/common/src/com/netscape/certsrv/common/Constants.java +++ b/pki/base/common/src/com/netscape/certsrv/common/Constants.java @@ -490,6 +490,8 @@ public interface Constants { public final static String PR_TOKEN_NAME = "tokenName"; public final static String PR_TOKEN_PASSWD = "tokenPwd"; public final static String PR_KEY_LENGTH = "keyLength"; + public final static String PR_KEY_CURVENAME = "keyCurveName"; + public static final String PR_SIGNEDBY_TYPE = "signedBy"; public final static String PR_KEY_TYPE = "keyType"; public final static String PR_PQGPARAMS = "pqgParams"; public final static String PR_CERT_REQUEST = "certReq"; @@ -518,6 +520,9 @@ public interface Constants { /* SSL Cipher Preferences */ public final static String PR_CIPHER_PREF = "cipherpref"; + /* SSL EC Type */ + public final static String PR_ECTYPE = "ectype"; + /* values for SSL cipher preferences */ public final static String PR_SSL2_RC4_128_WITH_MD5 = "rc4"; diff --git a/pki/base/common/src/com/netscape/certsrv/common/ScopeDef.java b/pki/base/common/src/com/netscape/certsrv/common/ScopeDef.java index 4b1b582bb..0be3fdf0a 100644 --- a/pki/base/common/src/com/netscape/certsrv/common/ScopeDef.java +++ b/pki/base/common/src/com/netscape/certsrv/common/ScopeDef.java @@ -170,6 +170,7 @@ public interface ScopeDef { // Key Pair public final static String SC_KEY_LENGTH = "keyLength"; + public final static String SC_KEY_CURVENAME = "keyCurveName"; public final static String SC_CERTIFICATE_EXTENSION = "certificateExt"; public final static String SC_TOKEN_STATUS = "tokenStatus"; public final static String SC_TOKEN_LOGON = "tokenLogon"; diff --git a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java index 396fa4d9f..2e4c0a9ee 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java +++ b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java @@ -144,6 +144,26 @@ public interface ICryptoSubsystem extends ISubsystem { int keySize, PQGParams pqg) throws EBaseException; /** + * Generates an ECC key pair based on the given parameters. + * + * @param properties key parameters + * @return key pair + * @exception EBaseException failed to generate key pair + */ + public KeyPair getECCKeyPair(KeyCertData properties) throws EBaseException; + + /** + * Generates an ECC key pair based on the given parameters. + * + * @param token token name + * @param curveName curve name + * @param certType type of cert(sslserver etc..) + * @return key pair + * @exception EBaseException failed to generate key pair + */ + public KeyPair getECCKeyPair(String token, String curveName, String certType) throws EBaseException; + + /** * Retrieves the signature algorithm of the certificate named * by the given nickname. * diff --git a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java index d41cd4068..1ad0e378c 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java +++ b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java @@ -50,4 +50,6 @@ public interface ITransportKeyUnit extends IEncryptionUnit { public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey pubKey) throws EBaseException; public CryptoToken getToken(); + public String getSigningAlgorithm() throws EBaseException; + public void setSigningAlgorithm(String str) throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java b/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java index 473d02ff9..87dd298f7 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java +++ b/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java @@ -150,6 +150,24 @@ public class KeyCertData extends Properties { } /** + * Retrieves key curve name. + * + * @return key curve name + */ + public String getKeyCurveName() { + return (String) get(Constants.PR_KEY_CURVENAME); + } + + /** + * Sets key curvename. + * + * @param len key curvename + */ + public void setKeyCurveName(String len) { + put(Constants.PR_KEY_CURVENAME, len); + } + + /** * Retrieves signature algorithm. * * @return signature algorithm @@ -168,6 +186,24 @@ public class KeyCertData extends Properties { } /** + * Retrieves algorithm used to sign the root CA Cert. + * + * @return signature algorithm + */ + public String getSignedBy() { + return (String) get(Constants.PR_SIGNEDBY_TYPE); + } + + /** + * Sets signature algorithm used to sign root CA cert + * + * @param alg signature algorithm + */ + public void setSignedBy(String alg) { + put(Constants.PR_SIGNEDBY_TYPE, alg); + } + + /** * Retrieves signature algorithm. * * @return signature algorithm diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index 780c93692..79c20a614 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -264,6 +264,8 @@ public final class CMSAdminServlet extends AdminServlet { validateKeyLength(req, resp); else if (scope.equals(ScopeDef.SC_CERTIFICATE_EXTENSION)) validateCertExtension(req, resp); + else if (scope.equals(ScopeDef.SC_KEY_CURVENAME)) + validateCurveName(req, resp); } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), @@ -1281,6 +1283,7 @@ private void createMasterKey(HttpServletRequest req, String serverID = ""; String otherNickname = ""; String certSubType = ""; + String keyCurveName = ""; while (enum1.hasMoreElements()) { String key = (String) enum1.nextElement(); @@ -1303,6 +1306,8 @@ private void createMasterKey(HttpServletRequest req, otherNickname = value; } else if (key.equals(Constants.PR_CERTIFICATE_SUBTYPE)) { certSubType = value; + } else if (key.equals(Constants.PR_KEY_CURVENAME)) { + keyCurveName = value; } } @@ -1348,10 +1353,14 @@ private void createMasterKey(HttpServletRequest req, } keypair = jssSubSystem.getKeyPair(nickname); } else { - if (keyType.equals("DSA")) - pqgParams = jssSubSystem.getPQG(keyLength); - keypair = jssSubSystem.getKeyPair(tokenName, keyType, keyLength, - pqgParams); + if (keyType.equals("ECC")) { + // get ECC keypair + keypair = jssSubSystem.getECCKeyPair(tokenName, keyCurveName, certType); + } else { //DSA or RSA + if (keyType.equals("DSA")) + pqgParams = jssSubSystem.getPQG(keyLength); + keypair = jssSubSystem.getKeyPair(tokenName, keyType, keyLength, pqgParams); + } } // reset the "auditPublicKey" @@ -1761,9 +1770,24 @@ private void createMasterKey(HttpServletRequest req, KeyPair caKeyPair = null; String defaultSigningAlg = null; + String defaultOCSPSigningAlg = null; + + if (properties.getHashType() != null) { + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { + defaultSigningAlg = properties.getHashType(); + } + if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { + defaultOCSPSigningAlg = properties.getHashType(); + } + } // create a new CA certificate or ssl server cert - if (properties.getKeyLength() != null) { + if (properties.getKeyCurveName() != null) { //new ECC + CMS.debug("CMSAdminServlet: issueImportCert: generating ECC keys"); + pair = jssSubSystem.getECCKeyPair(properties); + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + caKeyPair = pair; + } else if (properties.getKeyLength() != null) { //new RSA or DSA keyType = properties.getKeyType(); String keyLen = properties.getKeyLength(); PQGParams pqgParams = null; @@ -1774,11 +1798,8 @@ private void createMasterKey(HttpServletRequest req, //properties.put(Constants.PR_PQGPARAMS, pqgParams); } pair = jssSubSystem.getKeyPair(properties); - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) caKeyPair = pair; - defaultSigningAlg = getDefaultSigningAlg(keyType, - properties.getHashType()); - } // renew the CA certificate or ssl server cert } else { pair = jssSubSystem.getKeyPair(nickname); @@ -1798,11 +1819,21 @@ private void createMasterKey(HttpServletRequest req, */ } + String alg = properties.getSignedBy(); if (!certType.equals(Constants.PR_CA_SIGNING_CERT)) { caKeyPair = jssSubSystem.getKeyPair(canickname); updateCASignature(canickname, properties, jssSubSystem); + } else if (alg != null) { + // self signed CA signing cert, new keys + // value provided for signedBy + SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg); + properties.setSignatureAlgorithm(sigAlg); + properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig)); } + if (pair == null) + CMS.debug("CMSAdminServlet: issueImportCert: key pair is null"); + BigInteger nextSerialNo = repository.getNextSerialNumber(); properties.setSerialNumber(nextSerialNo); @@ -1815,6 +1846,9 @@ private void createMasterKey(HttpServletRequest req, jssSubSystem.getSignedCert(properties, certType, caKeyPair.getPrivate()); + if (signedCert == null) + CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); + /* bug 600124 try { jssSubSystem.deleteTokenCertificate(nickname, pathname); @@ -1829,6 +1863,7 @@ private void createMasterKey(HttpServletRequest req, //jss adds the token prefix!!! //log(ILogger.LL_DEBUG,"import as alias"+ nicknameWithoutTokenName); try { + CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: " + nicknameWithoutTokenName); jssSubSystem.importCert(signedCert, nicknameWithoutTokenName, certType); } catch (EBaseException e) { @@ -1837,6 +1872,7 @@ private void createMasterKey(HttpServletRequest req, String newNickname = nicknameWithoutTokenName + "-" + now.getTime(); + CMS.debug("CMSAdminServlet: issueImportCert: Importing cert with nickname: " + newNickname); jssSubSystem.importCert(signedCert, newNickname, certType); nicknameWithoutTokenName = newNickname; @@ -1945,9 +1981,16 @@ private void createMasterKey(HttpServletRequest req, } } } - + + // set signing algorithms if needed if (certType.equals(Constants.PR_CA_SIGNING_CERT)) signingUnit.setDefaultAlgorithm(defaultSigningAlg); + + if (defaultOCSPSigningAlg != null) { + ISigningUnit ocspSigningUnit = ca.getOCSPSigningUnit(); + ocspSigningUnit.setDefaultAlgorithm(defaultOCSPSigningAlg); + } + properties.clear(); properties = null; @@ -1963,6 +2006,7 @@ private void createMasterKey(HttpServletRequest req, mConfig.commit(true); sendResponse(SUCCESS, null, null, resp); } catch (EBaseException eAudit1) { + CMS.debug("CMSAdminServlet: issueImportCert: EBaseException thrown: " + eAudit1.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, @@ -1975,6 +2019,7 @@ private void createMasterKey(HttpServletRequest req, // rethrow the specific exception to be handled later throw eAudit1; } catch (IOException eAudit2) { + CMS.debug("CMSAdminServlet: issueImportCert: IOException thrown: " + eAudit2.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, @@ -3001,6 +3046,36 @@ private void createMasterKey(HttpServletRequest req, sendResponse(SUCCESS, null, null, resp); } + private void validateCurveName(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + Enumeration enum1 = req.getParameterNames(); + String curveName = null; + + while (enum1.hasMoreElements()) { + String key = (String) enum1.nextElement(); + String value = req.getParameter(key); + + if (key.equals(Constants.PR_KEY_CURVENAME)) { + curveName = value; + } + } + // check that the curvename is in the list of supported curves + String curveList = mConfig.getString("keys.ecc.curve.list", "nistp521"); + String[] curves = curveList.split(","); + boolean match = false; + for (int i=0; i<curves.length; i++) { + if (curves[i].equals(curveName)) { + match = true; + } + } + if (!match) { + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ECC_CURVE_NAME")); + } + + sendResponse(SUCCESS, null, null, resp); + } + private void validateCertExtension(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException, EBaseException { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index 864bcaf80..f8851d3ca 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -556,6 +556,10 @@ public class DonePanel extends WizardPanelBase { val = cs.getString("preop.ca.type", ""); if (val.compareTo("") != 0) cs.putString("cloning.ca.type", val); } + + // save EC type for sslserver cert (if present) + cs.putString("jss.ssl.sslserver.ectype", cs.getString("preop.cert.sslserver.ec.type", "ECDHE")); + cs.removeSubStore("preop"); cs.commit(false); diff --git a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java index 0d3f03199..08615264e 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java @@ -53,6 +53,7 @@ import org.mozilla.jss.pkcs11.PK11SecureRandom; import com.netscape.cmscore.cert.*; import com.netscape.cmscore.util.Debug; import netscape.ldap.util.*; +import com.netscape.cmsutil.crypto.*; /** @@ -96,6 +97,7 @@ public final class JssSubsystem implements ICryptoSubsystem { private static final String PROP_SSL = "ssl"; private static final String PROP_SSL_CIPHERPREF = Constants.PR_CIPHER_PREF; + private static final String PROP_SSL_ECTYPE = Constants.PR_ECTYPE; private static Hashtable mCipherNames = new Hashtable(); @@ -303,6 +305,15 @@ public final class JssSubsystem implements ICryptoSubsystem { return cipherpref; } + public String getECType(String certType) throws EBaseException { + if (mSSLConfig != null) { + // for SSL server, check the value of jss.ssl.sslserver.ectype + return mSSLConfig.getString(certType + "." + PROP_SSL_ECTYPE, "ECDHE"); + } else { + return "ECDHE"; + } + } + public String isCipherFortezza() throws EBaseException { // we always display fortezza suites. // too much work to display tokens/certs corresponding to the @@ -870,6 +881,72 @@ public final class JssSubsystem implements ICryptoSubsystem { return pair; } + public KeyPair getECCKeyPair(KeyCertData properties) throws EBaseException { + String token = Constants.PR_INTERNAL_TOKEN_NAME; + String keyType = "ECC"; + String keyCurve = "nistp512"; + String certType = null; + KeyPair pair = null; + + String tmp = (String) properties.get(Constants.PR_TOKEN_NAME); + if (tmp != null) + token = tmp; + + tmp = (String) properties.get(Constants.PR_KEY_CURVENAME); + if (tmp != null) + keyCurve = tmp; + + certType = (String) properties.get(Constants.RS_ID); + + pair = getECCKeyPair(token, keyCurve, certType); + + return pair; + } + + public KeyPair getECCKeyPair(String token, String keyCurve, String certType) throws EBaseException { + KeyPair pair = null; + + if ((token == null) || (token.equals(""))) + token = Constants.PR_INTERNAL_TOKEN_NAME; + + if ((keyCurve == null) || (keyCurve.equals(""))) + keyCurve = "nistp512"; + + String ectype = getECType(certType); + + // ECDHE needs "SIGN" but no "DERIVE" + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE + }; + + // ECDH needs "DERIVE" but no any kind of "SIGN" + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = { + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, + }; + + try { + if (ectype.equals("ECDHE")) + pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, usages_mask); + else + pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, ECDH_usages_mask); + } catch (NotInitializedException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + } catch (NoSuchTokenException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + } catch (NoSuchAlgorithmException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_SUCH_ALGORITHM", e.toString())); + } catch (TokenException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + } + + return pair; + } + public void importCert(X509CertImpl signedCert, String nickname, String certType) throws EBaseException { diff --git a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java index f233cd5f8..4f551cd26 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java +++ b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java @@ -59,6 +59,7 @@ import com.netscape.certsrv.security.*; import com.netscape.cmscore.cert.*; import com.netscape.cmscore.util.*; import com.netscape.cmscore.dbs.*; +import com.netscape.cmsutil.crypto.*; /** @@ -502,6 +503,8 @@ public class KeyCertUtil { if (pubk instanceof RSAPublicKey) { alg = "MD5/RSA"; + } else if (pubk instanceof PK11ECPublicKey) { + alg = "SHA256withEC"; } else { alg = "DSA"; } @@ -532,6 +535,8 @@ public class KeyCertUtil { if (pubk instanceof RSAPublicKey) { alg = "MD5/RSA"; + } else if (pubk instanceof PK11ECPublicKey) { + alg = "SHA256withEC"; } else { alg = "DSA"; } @@ -575,6 +580,10 @@ public class KeyCertUtil { xKey = new netscape.security.provider.RSAPublicKey( new BigInt(rsaKey.getModulus()), new BigInt(rsaKey.getPublicExponent())); + } else if (pubk instanceof PK11ECPublicKey) { + byte encoded[] = pubk.getEncoded(); + xKey = CryptoUtil.getPublicX509ECCKey(encoded); + } else { DSAPublicKey dsaKey = (DSAPublicKey) pubk; DSAParams params = dsaKey.getParams(); diff --git a/pki/base/console/src/com/netscape/admin/certsrv/config/WMessageDigestPage.java b/pki/base/console/src/com/netscape/admin/certsrv/config/WMessageDigestPage.java index be76ef68f..ce0ced102 100644 --- a/pki/base/console/src/com/netscape/admin/certsrv/config/WMessageDigestPage.java +++ b/pki/base/console/src/com/netscape/admin/certsrv/config/WMessageDigestPage.java @@ -41,9 +41,11 @@ import com.netscape.management.client.util.*; * @see com.netscape.admin.certsrv.config.install */ public class WMessageDigestPage extends WizardBasePanel implements IWizardPanel { - protected JComboBox mRSAHashTypeBox, mDSAHashTypeBox; + protected JComboBox mRSAHashTypeBox, mDSAHashTypeBox, mECCHashTypeBox; + protected JComboBox mRSASignedByTypeBox, mDSASignedByTypeBox, mECCSignedByTypeBox; protected String mHelpIndex; protected String mCAKeyType; + protected JTextArea mSignedByTypeLbl; private static final String HELPINDEX = "install-cert-mda-wizard-help"; public WMessageDigestPage(String panelName) { @@ -60,11 +62,17 @@ public class WMessageDigestPage extends WizardBasePanel implements IWizardPanel setBorder(makeTitledBorder(mPanelName)); if (mCAKeyType.equals("RSA")) { + mECCHashTypeBox.setVisible(false); mDSAHashTypeBox.setVisible(false); mRSAHashTypeBox.setVisible(true); String sha1 = mResource.getString(mPanelName+"_COMBOBOX_RSAHASHTYPE_VALUE_2"); mRSAHashTypeBox.setSelectedItem(sha1); + } else if (mCAKeyType.equals("ECC")) { + mECCHashTypeBox.setVisible(true); + mDSAHashTypeBox.setVisible(false); + mRSAHashTypeBox.setVisible(false); } else { + mECCHashTypeBox.setVisible(false); mDSAHashTypeBox.setVisible(true); mRSAHashTypeBox.setVisible(false); } @@ -77,6 +85,33 @@ public class WMessageDigestPage extends WizardBasePanel implements IWizardPanel return true; } + public void enableSignedByFields(boolean enable) { + if (!enable) { + mRSASignedByTypeBox.setVisible(false); + mDSASignedByTypeBox.setVisible(false); + mECCSignedByTypeBox.setVisible(false); + mSignedByTypeLbl.setVisible(false); + return; + } + + if (mCAKeyType.equals("RSA")) { + mRSASignedByTypeBox.setVisible(true); + mDSASignedByTypeBox.setVisible(false); + mECCSignedByTypeBox.setVisible(false); + } else if (mCAKeyType.equals("ECC")) { + mRSASignedByTypeBox.setVisible(false); + mDSASignedByTypeBox.setVisible(false); + mECCSignedByTypeBox.setVisible(true); + } else { + mECCSignedByTypeBox.setVisible(false); + mDSASignedByTypeBox.setVisible(true); + mRSASignedByTypeBox.setVisible(false); + } + + mSignedByTypeLbl.setVisible(true); + } + + public boolean concludePanel(WizardInfo info) { return true; } @@ -108,6 +143,7 @@ public class WMessageDigestPage extends WizardBasePanel implements IWizardPanel gbc.insets = new Insets(0, 4*COMPONENT_SPACE, COMPONENT_SPACE, COMPONENT_SPACE); gbc.fill = gbc.NONE; + gbc.gridwidth = gbc.REMAINDER; add(mRSAHashTypeBox, gbc); mDSAHashTypeBox = makeJComboBox("DSAHASHTYPE"); @@ -117,8 +153,19 @@ public class WMessageDigestPage extends WizardBasePanel implements IWizardPanel gbc.insets = new Insets(0, COMPONENT_SPACE, COMPONENT_SPACE, COMPONENT_SPACE); gbc.fill = gbc.NONE; + gbc.gridwidth = gbc.REMAINDER; add(mDSAHashTypeBox, gbc); + mECCHashTypeBox = makeJComboBox("ECCHASHTYPE"); + mECCHashTypeBox.setVisible(false); + CMSAdminUtil.resetGBC(gbc); + gbc.anchor = gbc.NORTHWEST; + gbc.insets = new Insets(0, COMPONENT_SPACE, COMPONENT_SPACE, + COMPONENT_SPACE); + gbc.fill = gbc.NONE; + gbc.gridwidth = gbc.REMAINDER; + add(mECCHashTypeBox, gbc); + JLabel dummy = new JLabel(" "); CMSAdminUtil.resetGBC(gbc); gbc.anchor = gbc.WEST; @@ -127,6 +174,55 @@ public class WMessageDigestPage extends WizardBasePanel implements IWizardPanel gbc.insets = new Insets(0, 0,COMPONENT_SPACE, COMPONENT_SPACE); add(dummy, gbc); + JLabel dummy2 = new JLabel(" "); + CMSAdminUtil.resetGBC(gbc); + gbc.anchor = gbc.WEST; + gbc.gridwidth = gbc.REMAINDER; + gbc.weightx = 1.0; + gbc.insets = new Insets(0, 0,COMPONENT_SPACE, COMPONENT_SPACE); + add(dummy2, gbc); + + mSignedByTypeLbl = createTextArea(mResource.getString( + mPanelName+"_TEXT_SIGNEDBYTYPE_LABEL")); + CMSAdminUtil.resetGBC(gbc); + gbc.anchor = gbc.NORTHWEST; + gbc.weightx = 1.0; + gbc.weighty = 0.0; + gbc.insets = new Insets(COMPONENT_SPACE,COMPONENT_SPACE, + COMPONENT_SPACE,COMPONENT_SPACE); + gbc.gridwidth = gbc.REMAINDER; + add(mSignedByTypeLbl, gbc); + + mRSASignedByTypeBox = makeJComboBox("RSASIGNEDBYTYPE"); + mRSASignedByTypeBox.setVisible(true); + CMSAdminUtil.resetGBC(gbc); + gbc.anchor = gbc.NORTHWEST; + gbc.insets = new Insets(0, 4*COMPONENT_SPACE, COMPONENT_SPACE, + COMPONENT_SPACE); + gbc.fill = gbc.NONE; + gbc.gridwidth = gbc.REMAINDER; + add(mRSASignedByTypeBox, gbc); + + mDSASignedByTypeBox = makeJComboBox("DSASIGNEDBYTYPE"); + mDSASignedByTypeBox.setVisible(false); + CMSAdminUtil.resetGBC(gbc); + gbc.anchor = gbc.NORTHWEST; + gbc.insets = new Insets(0, COMPONENT_SPACE, COMPONENT_SPACE, + COMPONENT_SPACE); + gbc.fill = gbc.NONE; + gbc.gridwidth = gbc.REMAINDER; + add(mDSASignedByTypeBox, gbc); + + mECCSignedByTypeBox = makeJComboBox("ECCSIGNEDBYTYPE"); + mECCSignedByTypeBox.setVisible(false); + CMSAdminUtil.resetGBC(gbc); + gbc.anchor = gbc.NORTHWEST; + gbc.insets = new Insets(0, COMPONENT_SPACE, COMPONENT_SPACE, + COMPONENT_SPACE); + gbc.fill = gbc.NONE; + gbc.gridwidth = gbc.REMAINDER; + add(mECCSignedByTypeBox, gbc); + JLabel dummy1 = new JLabel(" "); CMSAdminUtil.resetGBC(gbc); gbc.anchor = gbc.CENTER; diff --git a/pki/base/console/src/com/netscape/admin/certsrv/config/install/InstallWizardInfo.java b/pki/base/console/src/com/netscape/admin/certsrv/config/install/InstallWizardInfo.java index a081bdd3d..a88101cc4 100644 --- a/pki/base/console/src/com/netscape/admin/certsrv/config/install/InstallWizardInfo.java +++ b/pki/base/console/src/com/netscape/admin/certsrv/config/install/InstallWizardInfo.java @@ -833,6 +833,17 @@ public class InstallWizardInfo extends WizardInfo { return val; } + public String getKeyCurveName() { + String val = (String)get(ConfigConstants.PR_KEY_CURVENAME); + if (val ==null) + val = "nistp521"; + return val; + } + + public void setKeyCurveName(String val) { + put(ConfigConstants.PR_KEY_CURVENAME, val); + } + public String getKeyType() { String type = (String)get(ConfigConstants.PR_KEY_TYPE); // work around the historical mistake, @@ -1405,6 +1416,14 @@ public class InstallWizardInfo extends WizardInfo { put(ConfigConstants.PR_HASH_TYPE, type); } + public String getSignedByType() { + return (String)get(ConfigConstants.PR_SIGNEDBY_TYPE); + } + + public void setSignedByType(String type) { + put(ConfigConstants.PR_SIGNEDBY_TYPE, type); + } + public String getCAKeyType() { return (String)get(ConfigConstants.PR_CA_KEYTYPE); } diff --git a/pki/base/console/src/com/netscape/admin/certsrv/config/install/WICertExtensionPage.java b/pki/base/console/src/com/netscape/admin/certsrv/config/install/WICertExtensionPage.java index 9611be01c..7ba0636fd 100644 --- a/pki/base/console/src/com/netscape/admin/certsrv/config/install/WICertExtensionPage.java +++ b/pki/base/console/src/com/netscape/admin/certsrv/config/install/WICertExtensionPage.java @@ -92,6 +92,7 @@ class WICertExtensionPage extends WBaseCertExtensionPage implements nvps.add(Constants.PR_TOKEN_NAME, wizardInfo.getTokenName()); nvps.add(Constants.PR_KEY_LENGTH, wizardInfo.getKeyLength()); nvps.add(Constants.PR_KEY_TYPE, wizardInfo.getKeyType()); + nvps.add(Constants.PR_KEY_CURVENAME, wizardInfo.getKeyCurveName()); addValidityPeriod(wizardInfo, nvps); if (mBasicCheckBox.isSelected()) diff --git a/pki/base/console/src/com/netscape/admin/certsrv/keycert/CertSetupWizardInfo.java b/pki/base/console/src/com/netscape/admin/certsrv/keycert/CertSetupWizardInfo.java index 274ce2b5e..81ffc2d0e 100644 --- a/pki/base/console/src/com/netscape/admin/certsrv/keycert/CertSetupWizardInfo.java +++ b/pki/base/console/src/com/netscape/admin/certsrv/keycert/CertSetupWizardInfo.java @@ -165,6 +165,10 @@ public class CertSetupWizardInfo extends WizardInfo { return (String)get(Constants.PR_KEY_LENGTH); } + public String getKeyCurveName() { + return (String)get(Constants.PR_KEY_CURVENAME); + } + public String getKeyType() { return (String)get(Constants.PR_KEY_TYPE); } @@ -307,6 +311,15 @@ public class CertSetupWizardInfo extends WizardInfo { put(ConfigConstants.PR_HASH_TYPE, type); } + public String getSignedByType() { + return (String)get(ConfigConstants.PR_SIGNEDBY_TYPE); + } + + public void setSignedByType(String type) { + put(ConfigConstants.PR_SIGNEDBY_TYPE, type); + } + + public boolean isLoggedIn() { String value = (String)get(Constants.PR_LOGGED_IN); if (value != null && value.equals(Constants.FALSE)) diff --git a/pki/base/console/src/com/netscape/admin/certsrv/keycert/WCertDNPage.java b/pki/base/console/src/com/netscape/admin/certsrv/keycert/WCertDNPage.java index 455c245da..661b7e469 100644 --- a/pki/base/console/src/com/netscape/admin/certsrv/keycert/WCertDNPage.java +++ b/pki/base/console/src/com/netscape/admin/certsrv/keycert/WCertDNPage.java @@ -147,8 +147,14 @@ class WCertDNPage extends WBaseDNPage implements IWizardPanel { } if (wizardInfo.isNewKey()) { - nvps.add(Constants.PR_KEY_LENGTH, wizardInfo.getKeyLength()); - nvps.add(Constants.PR_KEY_TYPE, wizardInfo.getKeyType()); + String type = wizardInfo.getKeyType(); + if (type.equals("ECC")) { + nvps.add(Constants.PR_KEY_CURVENAME, wizardInfo.getKeyCurveName()); + } else { + nvps.add(Constants.PR_KEY_LENGTH, wizardInfo.getKeyLength()); + } + + nvps.add(Constants.PR_KEY_TYPE, type); nvps.add(Constants.PR_TOKEN_NAME, wizardInfo.getTokenName()); } diff --git a/pki/base/console/src/com/netscape/admin/certsrv/keycert/WCertExtensionPage.java b/pki/base/console/src/com/netscape/admin/certsrv/keycert/WCertExtensionPage.java index 4f5222bb1..b53e200dc 100644 --- a/pki/base/console/src/com/netscape/admin/certsrv/keycert/WCertExtensionPage.java +++ b/pki/base/console/src/com/netscape/admin/certsrv/keycert/WCertExtensionPage.java @@ -161,8 +161,13 @@ class WCertExtensionPage extends WBaseCertExtensionPage implements nvps.add(Constants.PR_SUBJECT_NAME, wizardInfo.getSubjectName()); if (wizardInfo.isNewKey()) { - nvps.add(Constants.PR_KEY_LENGTH, wizardInfo.getKeyLength()); - nvps.add(Constants.PR_KEY_TYPE, wizardInfo.getKeyType()); + String type = wizardInfo.getKeyType(); + if (type.equals("ECC")) { + nvps.add(Constants.PR_KEY_CURVENAME, wizardInfo.getKeyCurveName()); + } else { + nvps.add(Constants.PR_KEY_LENGTH, wizardInfo.getKeyLength()); + } + nvps.add(Constants.PR_KEY_TYPE, type); nvps.add(Constants.PR_TOKEN_NAME, wizardInfo.getTokenName()); } //nvps.add(Constants.PR_VALIDITY_PERIOD, wizardInfo.getValidityPeriod()); diff --git a/pki/base/console/src/com/netscape/admin/certsrv/keycert/WCertMessageDigestPage.java b/pki/base/console/src/com/netscape/admin/certsrv/keycert/WCertMessageDigestPage.java index bc9018b3f..a378e91d3 100644 --- a/pki/base/console/src/com/netscape/admin/certsrv/keycert/WCertMessageDigestPage.java +++ b/pki/base/console/src/com/netscape/admin/certsrv/keycert/WCertMessageDigestPage.java @@ -57,17 +57,35 @@ class WCertMessageDigestPage extends WMessageDigestPage { public boolean initializePanel(WizardInfo info) { CertSetupWizardInfo wizardInfo = (CertSetupWizardInfo)info; + String certType = wizardInfo.getCertType(); + + mCAKeyType = (String)wizardInfo.get(Constants.PR_KEY_TYPE); + if (wizardInfo.getOperationType().equals(wizardInfo.INSTALLTYPE)) return false; - if ((wizardInfo.getCAType().equals(wizardInfo.SUBORDINATE_CA)) - && !(wizardInfo.isSSLCertLocalCA())) - return false; + if ((wizardInfo.getCAType().equals(wizardInfo.SUBORDINATE_CA)) + && !(wizardInfo.isSSLCertLocalCA())) + return false; + if (!wizardInfo.isNewKey()) return false; - mCAKeyType = (String)wizardInfo.get(Constants.PR_KEY_TYPE); + if (wizardInfo.getCAType().equals(wizardInfo.SELF_SIGNED) && + certType.equals(Constants.PR_CA_SIGNING_CERT)) { + enableSignedByFields(true); + } else { + enableSignedByFields(false); + } + + if ((!certType.equals(Constants.PR_CA_SIGNING_CERT)) && + (!certType.equals(Constants.PR_OCSP_SIGNING_CERT))) { + // (!certType.equals(Constants.PR_KRA_TRANSPORT_CERT))) { + // non-signing cert, algorithm specified by CA + return false; + } + return super.initializePanel(info); } @@ -75,8 +93,18 @@ class WCertMessageDigestPage extends WMessageDigestPage { CertSetupWizardInfo wizardInfo = (CertSetupWizardInfo)info; if (mDSAHashTypeBox.isVisible()) wizardInfo.setHashType((String)mDSAHashTypeBox.getSelectedItem()); - else + else if (mECCHashTypeBox.isVisible()) + wizardInfo.setHashType((String)mECCHashTypeBox.getSelectedItem()); + else if (mRSAHashTypeBox.isVisible()) wizardInfo.setHashType((String)mRSAHashTypeBox.getSelectedItem()); + + if (mDSASignedByTypeBox.isVisible()) + wizardInfo.setSignedByType((String)mDSASignedByTypeBox.getSelectedItem()); + else if (mECCSignedByTypeBox.isVisible()) + wizardInfo.setSignedByType((String)mECCSignedByTypeBox.getSelectedItem()); + else if (mRSASignedByTypeBox.isVisible()) + wizardInfo.setSignedByType((String)mRSASignedByTypeBox.getSelectedItem()); + } public void callHelp() { diff --git a/pki/base/console/src/com/netscape/admin/certsrv/keycert/WExecutePage.java b/pki/base/console/src/com/netscape/admin/certsrv/keycert/WExecutePage.java index 3e10e634b..109a82e69 100644 --- a/pki/base/console/src/com/netscape/admin/certsrv/keycert/WExecutePage.java +++ b/pki/base/console/src/com/netscape/admin/certsrv/keycert/WExecutePage.java @@ -110,8 +110,12 @@ class WExecutePage extends WizardBasePanel implements IWizardPanel { NameValuePairs nvps = wizardInfo.getNameValuePairs(); - if (wizardInfo.isNewKey()) - nvps.add(ConfigConstants.PR_HASH_TYPE, wizardInfo.getHashType()); + if (wizardInfo.isNewKey()) { + if (wizardInfo.getHashType() != null) + nvps.add(ConfigConstants.PR_HASH_TYPE, wizardInfo.getHashType()); + if (wizardInfo.getSignedByType() != null) + nvps.add(ConfigConstants.PR_SIGNEDBY_TYPE, wizardInfo.getSignedByType()); + } nvps.add("pathname", dir); try { diff --git a/pki/base/console/src/com/netscape/admin/certsrv/keycert/WKeyPage.java b/pki/base/console/src/com/netscape/admin/certsrv/keycert/WKeyPage.java index 0216e5902..84852fa4b 100644 --- a/pki/base/console/src/com/netscape/admin/certsrv/keycert/WKeyPage.java +++ b/pki/base/console/src/com/netscape/admin/certsrv/keycert/WKeyPage.java @@ -44,12 +44,13 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { private JRadioButton mExistingKeyBtn; private JRadioButton mNewKeyBtn; private JComboBox mKeyTypeBox, mDSAKeyTypeBox; - private JComboBox mKeyLengthBox, mDSAKeyLengthBox; + private JComboBox mKeyLengthBox, mDSAKeyLengthBox, mKeyCurveBox; private JComboBox mTokenBox, mNicknameBox; private JTextField mKeyLengthText; - private JLabel keyHeading, keyTypeLbl, keyLengthLbl, unitLbl, - keyLengthCustomLbl, unit1Lbl, mTokenLbl, mNicknameLbl; - private JLabel keyLengthCustomText; + private JTextField mKeyCurveText; + private JLabel keyHeading, keyTypeLbl, keyLengthLbl, keyCurveLbl, unitLbl, + unit1Lbl, mTokenLbl, mNicknameLbl; + private JLabel keyLengthCustomText, keyCurveCustomText; private static final String PANELNAME = "KEYWIZARD"; private CertSetupWizardInfo wizardInfo; private static final String HELPINDEX = @@ -142,19 +143,12 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { mKeyTypeBox.setVisible(true); } - String type = "RSA"; + String type = (String)mKeyTypeBox.getSelectedItem(); if (mDSAKeyTypeBox.isVisible()) { type = (String)mDSAKeyTypeBox.getSelectedItem(); } - if (type.equals("RSA")) { - mDSAKeyLengthBox.setVisible(false); - mKeyLengthBox.setVisible(true); - } else { - mKeyLengthBox.setVisible(false); - mDSAKeyLengthBox.setVisible(true); - } - + setLengthCurveFields(type); enableKeyLengthFields(); //if (mNewKeyBtn.isSelected() || certType.equals(Constants.PR_OTHER_CERT)) { @@ -190,7 +184,7 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { } public boolean validatePanel() { - if (mKeyLengthText.isEnabled()) { + if (mKeyLengthText.isVisible() && mKeyLengthText.isEnabled()) { String str = mKeyLengthText.getText().trim(); if (str.equals("")) { setErrorMessage("BLANKLEN"); @@ -209,6 +203,15 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { } } + /* + if (mKeyCurveText.isVisible() && mKeyCurveText.isEnabled()) { + String str = mKeyCurveText.getText().trim(); + if (str.equals("")) { + setErrorMessage("BLANKCURVE"); + return false; + } + }*/ + return true; } @@ -221,18 +224,31 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { if (mKeyLengthBox.isVisible()) { val = (String)mKeyLengthBox.getSelectedItem(); + } else if (mKeyCurveBox.isVisible()) { + val = (String)mKeyCurveBox.getSelectedItem(); } else { - if (mDSAKeyLengthBox.isVisible()) - val = (String)mDSAKeyLengthBox.getSelectedItem(); - } + if (mDSAKeyLengthBox.isVisible()) + val = (String)mDSAKeyLengthBox.getSelectedItem(); + } if (val.equals("Custom")) { - wizardInfo.addEntry(Constants.PR_KEY_LENGTH, - mKeyLengthText.getText().trim()); - nvps.add(Constants.PR_KEY_LENGTH, mKeyLengthText.getText().trim()); + if (mKeyCurveBox.isVisible()) { // ECC + wizardInfo.addEntry(Constants.PR_KEY_CURVENAME, + mKeyCurveText.getText().trim()); + nvps.add(Constants.PR_KEY_CURVENAME, mKeyCurveText.getText().trim()); + } else { + wizardInfo.addEntry(Constants.PR_KEY_LENGTH, + mKeyLengthText.getText().trim()); + nvps.add(Constants.PR_KEY_LENGTH, mKeyLengthText.getText().trim()); + } } else { - wizardInfo.addEntry(Constants.PR_KEY_LENGTH, val.trim()); - nvps.add(Constants.PR_KEY_LENGTH, val.trim()); + if (mKeyCurveBox.isVisible()) { // ECC + wizardInfo.addEntry(Constants.PR_KEY_CURVENAME, val.trim()); + nvps.add(Constants.PR_KEY_CURVENAME, val.trim()); + } else { + wizardInfo.addEntry(Constants.PR_KEY_LENGTH, val.trim()); + nvps.add(Constants.PR_KEY_LENGTH, val.trim()); + } } if (mKeyTypeBox.isVisible()) { @@ -253,9 +269,14 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { nvps.add(Constants.PR_CERTIFICATE_TYPE, certType); try { - // validate the key length - connection.validate(DestDef.DEST_SERVER_ADMIN, - ScopeDef.SC_KEY_LENGTH, nvps); + // validate the key length or curvename + if (mKeyCurveBox.isVisible()) { //ECC + connection.validate(DestDef.DEST_SERVER_ADMIN, + ScopeDef.SC_KEY_CURVENAME, nvps); + } else { + connection.validate(DestDef.DEST_SERVER_ADMIN, + ScopeDef.SC_KEY_LENGTH, nvps); + } NameValuePairs response = null; if (!mNewKeyBtn.isSelected()) { @@ -523,6 +544,23 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { add(mDSAKeyLengthBox, gbc); //panel.add(mDSAKeyLengthBox, gbc); + keyCurveLbl = makeJLabel("KEYCURVE"); + CMSAdminUtil.resetGBC(gbc); + gbc.anchor = gbc.CENTER; + gbc.fill = gbc.NONE; + gbc.insets = new Insets(0, 4*COMPONENT_SPACE,COMPONENT_SPACE, + COMPONENT_SPACE); + add(keyCurveLbl, gbc); + + mKeyCurveBox = makeJComboBox("KEYCURVE"); + CMSAdminUtil.resetGBC(gbc); + gbc.anchor = gbc.NORTHWEST; + gbc.fill = gbc.NONE; + gbc.gridwidth = gbc.REMAINDER; + gbc.insets = new Insets(0, COMPONENT_SPACE,COMPONENT_SPACE, + COMPONENT_SPACE); + add(mKeyCurveBox, gbc); + unitLbl = makeJLabel("UNITS"); CMSAdminUtil.resetGBC(gbc); gbc.anchor = gbc.CENTER; @@ -551,6 +589,14 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { COMPONENT_SPACE,COMPONENT_SPACE); panel1.add(keyLengthCustomText, gbc); + keyCurveCustomText = makeJLabel("CUSTOMKEYCURVE"); + CMSAdminUtil.resetGBC(gbc); + gbc.anchor = gbc.WEST; + gbc.fill = gbc.NONE; + gbc.insets = new Insets(COMPONENT_SPACE, 4*COMPONENT_SPACE, + COMPONENT_SPACE,COMPONENT_SPACE); + panel1.add(keyCurveCustomText, gbc); + mKeyLengthText = makeJTextField(7); CMSAdminUtil.resetGBC(gbc); gbc.anchor = gbc.WEST; @@ -560,6 +606,13 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { panel1.add(mKeyLengthText, gbc); mActiveColor = mKeyLengthText.getBackground(); + mKeyCurveText = makeJTextField(7); + CMSAdminUtil.resetGBC(gbc); + gbc.anchor = gbc.WEST; + gbc.fill = gbc.NONE; + gbc.insets = new Insets(0, COMPONENT_SPACE, 0, 0); + panel1.add(mKeyCurveText, gbc); + unit1Lbl = makeJLabel("UNITS"); CMSAdminUtil.resetGBC(gbc); gbc.anchor = gbc.WEST; @@ -610,8 +663,50 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { CMSAdminUtil.repaintComp(mTokenLbl); } + public void setLengthCurveFields(String type) { + if (type.equals("RSA")) { + mDSAKeyLengthBox.setVisible(false); + mKeyLengthBox.setVisible(true); + mKeyCurveBox.setVisible(false); + keyLengthCustomText.setVisible(true); + keyCurveCustomText.setVisible(false); + keyLengthLbl.setVisible(true); + keyCurveLbl.setVisible(false); + unit1Lbl.setVisible(true); + unitLbl.setVisible(true); + mKeyLengthText.setVisible(true); + mKeyCurveText.setVisible(false); + } else if (type.equals("ECC")) { + mDSAKeyLengthBox.setVisible(false); + mKeyLengthBox.setVisible(false); + mKeyCurveBox.setVisible(true); + keyLengthCustomText.setVisible(false); + keyCurveCustomText.setVisible(true); + keyLengthLbl.setVisible(false); + keyCurveLbl.setVisible(true); + unit1Lbl.setVisible(false); + unitLbl.setVisible(false); + mKeyLengthText.setVisible(false); + mKeyCurveText.setVisible(true); + } else { + mDSAKeyLengthBox.setVisible(true); + mKeyLengthBox.setVisible(false); + mKeyCurveBox.setVisible(false); + keyLengthCustomText.setVisible(true); + keyCurveCustomText.setVisible(false); + keyLengthLbl.setVisible(true); + keyCurveLbl.setVisible(false); + unit1Lbl.setVisible(true); + unitLbl.setVisible(true); + mKeyLengthText.setVisible(true); + mKeyCurveText.setVisible(false); + } + } + + public void itemStateChanged(ItemEvent e) { - if (e.getSource().equals(mKeyLengthBox) || + if (e.getSource().equals(mKeyLengthBox) || + e.getSource().equals(mKeyCurveBox) || e.getSource().equals(mDSAKeyLengthBox)) { enableKeyLengthFields(); } else if (e.getSource().equals(mKeyTypeBox) || @@ -621,14 +716,8 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { type = (String)mKeyTypeBox.getSelectedItem(); else if (mDSAKeyTypeBox.isVisible()) type = (String)mDSAKeyTypeBox.getSelectedItem(); - - if (type.equals("RSA")) { - mDSAKeyLengthBox.setVisible(false); - mKeyLengthBox.setVisible(true); - } else { - mDSAKeyLengthBox.setVisible(true); - mKeyLengthBox.setVisible(false); - } + + setLengthCurveFields(type); enableKeyLengthFields(); CMSAdminUtil.repaintComp(this); } @@ -639,16 +728,27 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { if (mKeyLengthBox.isVisible()) value = (String)mKeyLengthBox.getSelectedItem(); + else if (mKeyCurveBox.isVisible()) + value = (String)mKeyCurveBox.getSelectedItem(); else value = (String)mDSAKeyLengthBox.getSelectedItem(); if (value.equals("Custom") && mNewKeyBtn.isSelected()) { - enableFields(keyLengthCustomText, mKeyLengthText, true, mActiveColor); - enableFields(unit1Lbl, null, true, mActiveColor); + if (mKeyCurveBox.isVisible()) { //ECC + enableFields(keyCurveCustomText, mKeyCurveText, true, mActiveColor); + } else { + enableFields(keyLengthCustomText, mKeyLengthText, true, mActiveColor); + enableFields(unit1Lbl, null, true, mActiveColor); + } } else { - enableFields(keyLengthCustomText, mKeyLengthText, false, - getBackground()); - enableFields(unit1Lbl, null, false, getBackground()); + if (mKeyCurveBox.isVisible()) { //ECC + enableFields(keyCurveCustomText, mKeyCurveText, false, + getBackground()); + } else { + enableFields(keyLengthCustomText, mKeyLengthText, false, + getBackground()); + enableFields(unit1Lbl, null, false, getBackground()); + } } } @@ -670,26 +770,36 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { keyHeading.setEnabled(enable); keyTypeLbl.setEnabled(enable); keyLengthLbl.setEnabled(enable); + keyCurveLbl.setEnabled(enable); unitLbl.setEnabled(enable); unit1Lbl.setEnabled(enable); keyLengthCustomText.setEnabled(enable); + keyCurveCustomText.setEnabled(enable); mKeyLengthText.setEnabled(enable); mKeyLengthText.setEditable(enable); mKeyLengthText.setBackground(color); + mKeyCurveText.setEnabled(enable); + mKeyCurveText.setEditable(enable); + mKeyCurveText.setBackground(color); mKeyTypeBox.setEnabled(enable); mDSAKeyTypeBox.setEnabled(enable); mKeyLengthBox.setEnabled(enable); + mKeyCurveBox.setEnabled(enable); mDSAKeyLengthBox.setEnabled(enable); repaintComp(keyHeading); repaintComp(keyTypeLbl); repaintComp(keyLengthLbl); + repaintComp(keyCurveLbl); repaintComp(unitLbl); repaintComp(unit1Lbl); repaintComp(keyLengthCustomText); + repaintComp(keyCurveCustomText); repaintComp(mKeyLengthText); + repaintComp(mKeyCurveText); repaintComp(mKeyTypeBox); repaintComp(mDSAKeyTypeBox); repaintComp(mKeyLengthBox); + repaintComp(mKeyCurveBox); repaintComp(mDSAKeyLengthBox); } diff --git a/pki/base/console/src/com/netscape/certsrv/common/ConfigConstants.java b/pki/base/console/src/com/netscape/certsrv/common/ConfigConstants.java index d8eb6cd8f..437974f13 100644 --- a/pki/base/console/src/com/netscape/certsrv/common/ConfigConstants.java +++ b/pki/base/console/src/com/netscape/certsrv/common/ConfigConstants.java @@ -200,6 +200,7 @@ public interface ConfigConstants { public static final String PR_SSL_SUBJECT_NAME = "sslSubjectName"; public static final String PR_KEY_TYPE = "keyType"; public static final String PR_KEY_LENGTH = "keyLength"; + public static final String PR_KEY_CURVENAME = "keyCurveName"; public static final String PR_CERT_REQUEST = "certReq"; public static final String PR_REQUEST_ID = "ReqID"; public static final String PR_REQUEST_FORMAT = "ReqFormat"; @@ -272,6 +273,7 @@ public interface ConfigConstants { public static final String PR_RSA_MIN_KEYLENGTH = "RSAMinKeyLength"; public static final String PR_CA_KEYTYPE = "ca_keyType"; public static final String PR_HASH_TYPE = "hashType"; + public static final String PR_SIGNEDBY_TYPE = "signedBy"; public static final String PR_NOTAFTER = "notAfter"; public static final String PR_CA_O_COMPONENT = "caOComponent"; public static final String PR_CA_C_COMPONENT = "caCComponent"; diff --git a/pki/base/console/src/com/netscape/certsrv/common/Constants.java b/pki/base/console/src/com/netscape/certsrv/common/Constants.java index 460ede629..e993efa31 100644 --- a/pki/base/console/src/com/netscape/certsrv/common/Constants.java +++ b/pki/base/console/src/com/netscape/certsrv/common/Constants.java @@ -492,6 +492,8 @@ public interface Constants { public final static String PR_TOKEN_NAME = "tokenName"; public final static String PR_TOKEN_PASSWD = "tokenPwd"; public final static String PR_KEY_LENGTH = "keyLength"; + public final static String PR_KEY_CURVENAME = "keyCurveName"; + public static final String PR_SIGNEDBY_TYPE = "signedBy"; public final static String PR_KEY_TYPE = "keyType"; public final static String PR_PQGPARAMS = "pqgParams"; public final static String PR_CERT_REQUEST = "certReq"; diff --git a/pki/base/console/src/com/netscape/certsrv/common/ScopeDef.java b/pki/base/console/src/com/netscape/certsrv/common/ScopeDef.java index 2c01ef345..b3e4a79a6 100644 --- a/pki/base/console/src/com/netscape/certsrv/common/ScopeDef.java +++ b/pki/base/console/src/com/netscape/certsrv/common/ScopeDef.java @@ -170,6 +170,7 @@ public interface ScopeDef { // Key Pair public final static String SC_KEY_LENGTH = "keyLength"; + public final static String SC_KEY_CURVENAME = "keyCurveName"; public final static String SC_CERTIFICATE_EXTENSION = "certificateExt"; public final static String SC_TOKEN_STATUS = "tokenStatus"; public final static String SC_TOKEN_LOGON = "tokenLogon"; diff --git a/pki/base/kra/src/com/netscape/kra/TransportKeyUnit.java b/pki/base/kra/src/com/netscape/kra/TransportKeyUnit.java index 9edf7450e..0c6820f4d 100644 --- a/pki/base/kra/src/com/netscape/kra/TransportKeyUnit.java +++ b/pki/base/kra/src/com/netscape/kra/TransportKeyUnit.java @@ -52,6 +52,7 @@ public class TransportKeyUnit extends EncryptionUnit implements ISubsystem, ITransportKeyUnit { public static final String PROP_NICKNAME = "nickName"; + public static final String PROP_SIGNING_ALGORITHM = "signingAlgorithm"; // private RSAPublicKey mPublicKey = null; // private RSAPrivateKey mPrivateKey = null; @@ -151,6 +152,14 @@ public class TransportKeyUnit extends EncryptionUnit implements mConfig.putString(PROP_NICKNAME, str); } + public String getSigningAlgorithm() throws EBaseException { + return mConfig.getString(PROP_SIGNING_ALGORITHM); + } + + public void setSigningAlgorithm(String str) throws EBaseException { + mConfig.putString(PROP_SIGNING_ALGORITHM, str); + } + /** * Logins to this token. */ |