summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java70
1 files changed, 61 insertions, 9 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
index 032724ebb..39cc2c211 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
@@ -130,6 +130,29 @@ public class SizePanel extends WizardPanelBase {
}
context.put("select", select);
+
+ String ecclist = "";
+ try {
+ ecclist = config.getString("preop.ecc.algorithm.list", "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC");
+ } catch (Exception e) {
+ }
+ context.put("ecclist", ecclist);
+
+ String rsalist = "";
+ try {
+ rsalist = config.getString("preop.rsa.algorithm.list", "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA");
+ } catch (Exception e) {
+ }
+
+ context.put("rsalist", rsalist);
+
+ String subsystemType = "";
+ try {
+ subsystemType = config.getString("pkicreate.subsystem_type");
+ } catch (Exception e) {
+ }
+ context.put("subsystemtype", subsystemType);
+
try {
// same token for now
String token = config.getString(PRE_CONF_CA_TOKEN);
@@ -229,6 +252,15 @@ public class SizePanel extends WizardPanelBase {
continue;
String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa or ecc
+ String keyalgorithm = HttpInput.getString(request, ct + "_keyalgorithm");
+
+ if (keyalgorithm == null) {
+ if (keytype != null && keytype.equals("ecc")) {
+ keyalgorithm = "SHA256withEC";
+ } else {
+ keyalgorithm = "SHA256withRSA";
+ }
+ }
String select = HttpInput.getID(request, ct + "_choice");
@@ -243,6 +275,8 @@ public class SizePanel extends WizardPanelBase {
config.getString(PCERT_PREFIX+ct+".keysize.size", "");
String oldkeytype =
config.getString(PCERT_PREFIX + ct + ".keytype", "");
+ String oldkeyalgorithm =
+ config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
if (select.equals("default")) {
// XXXrenaming these...keep for now just in case
@@ -258,6 +292,7 @@ public class SizePanel extends WizardPanelBase {
}
config.putString(PCERT_PREFIX + ct + ".keytype", keytype);
+ config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm);
config.putString(PCERT_PREFIX + ct + ".keysize.select",
"default");
if (keytype != null && keytype.equals("ecc")) {
@@ -282,6 +317,7 @@ public class SizePanel extends WizardPanelBase {
HttpInput.getKeySize(request, ct + "_custom_size", keytype));
config.putString(PCERT_PREFIX + ct + ".keytype", keytype);
+ config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm);
config.putString(PCERT_PREFIX + ct + ".keysize.select",
"custom");
config.putString(PCERT_PREFIX + ct + ".keysize.custom_size",
@@ -297,8 +333,11 @@ public class SizePanel extends WizardPanelBase {
config.getString(PCERT_PREFIX+ct+".keysize.size", "");
String newkeytype =
config.getString(PCERT_PREFIX + ct + ".keytype", "");
+ String newkeyalgorithm =
+ config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
if (!oldkeysize.equals(newkeysize) ||
- !oldkeytype.equals(newkeytype))
+ !oldkeytype.equals(newkeytype) ||
+ !oldkeyalgorithm.equals(newkeyalgorithm))
hasChanged = true;
}// while
@@ -342,9 +381,10 @@ public class SizePanel extends WizardPanelBase {
try {
String keytype = config.getString(PCERT_PREFIX + ct + ".keytype");
+ String keyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm");
int keysize = config.getInteger(
PCERT_PREFIX + ct + ".keysize.size");
-
+
if (keytype.equals("rsa")) {
createRSAKeyPair(token, keysize, config, ct);
@@ -442,6 +482,12 @@ public class SizePanel extends WizardPanelBase {
config.putString(PCERT_PREFIX + ct + ".pubkey.encoded",
CryptoUtil.byte2string(encoded));
+ String keyAlgo = "";
+ try {
+ keyAlgo = config.getString(PCERT_PREFIX + ct + ".keyalgorithm");
+ } catch (Exception e1) {
+ }
+
// set default signing algorithm for CA
String systemType = "";
try {
@@ -452,20 +498,20 @@ public class SizePanel extends WizardPanelBase {
if (systemType.equals("OCSP")) {
if (ct.equals("signing")) {
config.putString("ocsp.signing.defaultSigningAlgorithm",
- "SHA1withEC");
+ keyAlgo);
}
}
if (systemType.equals("CA")) {
if (ct.equals("signing")) {
config.putString("ca.signing.defaultSigningAlgorithm",
- "SHA1withEC");
+ keyAlgo);
config.putString("ca.crl.MasterCRL.signingAlgorithm",
- "SHA1withEC");
+ keyAlgo);
}
if (ct.equals("ocsp_signing")) {
config.putString("ca.ocsp_signing.defaultSigningAlgorithm",
- "SHA1withEC");
+ keyAlgo);
}
}
@@ -498,15 +544,21 @@ public class SizePanel extends WizardPanelBase {
config.putString(PCERT_PREFIX + ct + ".pubkey.exponent",
CryptoUtil.byte2string(exponent));
+ String keyAlgo = "";
+ try {
+ keyAlgo = config.getString(PCERT_PREFIX + ct + ".keyalgorithm");
+ } catch (Exception e1) {
+ }
+
if (ct.equals("signing")) {
config.putString("ca.signing.defaultSigningAlgorithm",
- "SHA1withRSA");
+ keyAlgo);
config.putString("ca.crl.MasterCRL.signingAlgorithm",
- "SHA1withRSA");
+ keyAlgo);
}
if (ct.equals("ocsp_signing")) {
config.putString("ca.ocsp_signing.defaultSigningAlgorithm",
- "SHA1withRSA");
+ keyAlgo);
}
}
generated by cgit (git 2.34.1) at 2024-06-26 05:02:34 +0000