diff options
author | Andrew Wnuk <awnuk@redhat.com> | 2012-02-29 18:31:58 -0800 |
---|---|---|
committer | Andrew Wnuk <awnuk@redhat.com> | 2012-02-29 18:31:58 -0800 |
commit | daa4b591dfed937a8384babbe6d39686b70f7efd (patch) | |
tree | 5e5ec111681ee54d289a33a873ba85cc42732504 | |
parent | a42cc41559436f94ba38b3d54b2d52b2126147b8 (diff) | |
download | pki-daa4b591dfed937a8384babbe6d39686b70f7efd.tar.gz pki-daa4b591dfed937a8384babbe6d39686b70f7efd.tar.xz pki-daa4b591dfed937a8384babbe6d39686b70f7efd.zip |
Option to change default algorithms
RSA should be default selection for transport, storage, and audit keys till ECC is fully implemented.
Bug #787806.
-rw-r--r-- | pki/base/ca/shared/conf/CS.cfg.in | 1 | ||||
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java | 2 | ||||
-rw-r--r-- | pki/base/kra/shared/conf/CS.cfg.in | 1 | ||||
-rw-r--r-- | pki/base/ocsp/shared/conf/CS.cfg.in | 1 | ||||
-rw-r--r-- | pki/base/tks/shared/conf/CS.cfg.in | 1 | ||||
-rw-r--r-- | pki/dogtag/common-ui/shared/admin/console/config/sizepanel.vm | 44 |
6 files changed, 43 insertions, 7 deletions
diff --git a/pki/base/ca/shared/conf/CS.cfg.in b/pki/base/ca/shared/conf/CS.cfg.in index 13278ae7..1ba0d2f4 100644 --- a/pki/base/ca/shared/conf/CS.cfg.in +++ b/pki/base/ca/shared/conf/CS.cfg.in @@ -59,6 +59,7 @@ ca.cert.sslserver.certusage=SSLServer ca.cert.subsystem.certusage=SSLClient ca.cert.audit_signing.certusage=ObjectSigner preop.cert.list=signing,ocsp_signing,sslserver,subsystem,audit_signing +preop.cert.rsalist=audit_signing preop.cert.signing.enable=true preop.cert.ocsp_signing.enable=true preop.cert.sslserver.enable=true diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java index 03f0e186..678145a9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java @@ -153,6 +153,8 @@ public class SizePanel extends WizardPanelBase { // same token for now String token = config.getString(PRE_CONF_CA_TOKEN); String certTags = config.getString("preop.cert.list"); + String rsaCertTags = config.getString("preop.cert.rsalist", ""); + context.put("rsaTags", rsaCertTags); StringTokenizer st = new StringTokenizer(certTags, ","); mShowSigning = false; diff --git a/pki/base/kra/shared/conf/CS.cfg.in b/pki/base/kra/shared/conf/CS.cfg.in index c99058b7..19570155 100644 --- a/pki/base/kra/shared/conf/CS.cfg.in +++ b/pki/base/kra/shared/conf/CS.cfg.in @@ -49,6 +49,7 @@ kra.cert.sslserver.certusage=SSLServer kra.cert.subsystem.certusage=SSLClient kra.cert.audit_signing.certusage=ObjectSigner preop.cert.list=transport,storage,sslserver,subsystem,audit_signing +preop.cert.rsalist=transport,storage,audit_signing preop.cert.transport.enable=true preop.cert.storage.enable=true preop.cert.sslserver.enable=true diff --git a/pki/base/ocsp/shared/conf/CS.cfg.in b/pki/base/ocsp/shared/conf/CS.cfg.in index c05c23fb..4dbda23c 100644 --- a/pki/base/ocsp/shared/conf/CS.cfg.in +++ b/pki/base/ocsp/shared/conf/CS.cfg.in @@ -43,6 +43,7 @@ preop.configModules.count=3 preop.module.token=Internal Key Storage Token ocsp.cert.list=signing,sslserver,subsystem,audit_signing preop.cert.list=signing,sslserver,subsystem,audit_signing +preop.cert.rsalist=audit_signing ocsp.cert.signing.certusage=StatusResponder ocsp.cert.sslserver.certusage=SSLServer ocsp.cert.subsystem.certusage=SSLClient diff --git a/pki/base/tks/shared/conf/CS.cfg.in b/pki/base/tks/shared/conf/CS.cfg.in index 213b7645..bf195d23 100644 --- a/pki/base/tks/shared/conf/CS.cfg.in +++ b/pki/base/tks/shared/conf/CS.cfg.in @@ -34,6 +34,7 @@ tks.cert.sslserver.certusage=SSLServer tks.cert.subsystem.certusage=SSLClient tks.cert.audit_signing.certusage=ObjectSigner preop.cert.list=sslserver,subsystem,audit_signing +preop.cert.rsalist=audit_signing preop.cert.sslserver.enable=true preop.cert.subsystem.enable=true preop.cert.audit_signing.enable=true diff --git a/pki/dogtag/common-ui/shared/admin/console/config/sizepanel.vm b/pki/dogtag/common-ui/shared/admin/console/config/sizepanel.vm index d8b3c310..ef80ecf2 100644 --- a/pki/dogtag/common-ui/shared/admin/console/config/sizepanel.vm +++ b/pki/dogtag/common-ui/shared/admin/console/config/sizepanel.vm @@ -35,6 +35,13 @@ var rsalist="${rsalist}"; var ecclist="${ecclist}"; var curvelist="${curvelist}"; var displaycurvelist = "${displaycurvelist}"; +var rsaTags = "${rsaTags}"; +var additionalMessage = ""; +if (rsaTags.length > 0) { + additionalMessage = (rsaTags.indexOf(",") != -1)? + "<p><b>IMPORTANT:</b> <i>Currently, the Audit Log Signing, Transport, and Storage functionality <b>ONLY</b> support RSA keys. Users that require ECC keys <b>MUST</b> first select the ECC key type and then verify on the Advanced tab that RSA keys are selected for the Audit Log Signing Certificate, Transport Certificate, and Storage Certificate. All other keys can be ECC.</i>": + "<p><b>IMPORTANT:</b> <i>Currently, the Audit Log Signing functionality <b>ONLY</b> supports RSA keys. Users that require ECC keys <b>MUST</b> first select the ECC key type and then verify on the Advanced tab that an RSA key is selected for the Audit Log Signing Certificate. All other keys can be ECC.</i>"; +} function myOnLoad() { var form = document.forms[0]; @@ -143,7 +150,7 @@ function setAlgOptions(keyType, certTag) } else { algSelect = document.forms[0].elements[certTag + '_keyalgorithm']; } - if (algSelect == undefined) { + if (typeof(algSelect) == "undefined") { return; } algSelect.options.length=0; @@ -179,6 +186,9 @@ function setSigningAlgOptions(keyType, certTag) } else { algSelect = document.forms[0].elements[certTag + '_signingalgorithm']; } + if (typeof(algSelect) == "undefined") { + return; + } algSelect.options.length=0; if (keyType == "rsa") { list = rsalist.split(","); @@ -229,6 +239,17 @@ function toggleAllKeyCurves(keyType) } } +function indexOfTag(tag) +{ + var index = rsaTags.indexOf(tag); + if (index > 0) { + if (rsaTags.charAt(index-1) != ',') { + index = -1; + } + } + return index; +} + function keyTypeChange(certTag) { var form = document.forms[0]; @@ -237,13 +258,18 @@ function keyTypeChange(certTag) keyTypeSelect = document.forms[0].elements['keytype']; for (var i = 0; i < form.length; i++) { var name = form[i].name; - if (name.indexOf('_keytype') != -1) { - form.elements[name].selectedIndex = keyTypeSelect.selectedIndex; + var k = name.indexOf('_keytype'); + if (k != -1) { + var tag = name.substring(0, k); + if ((keyTypeSelect.value.indexOf('ecc') != -1) && + (indexOfTag(tag) == -1)) { + form.elements[name].selectedIndex = keyTypeSelect.selectedIndex; + setAlgOptions(keyTypeSelect.value, tag); + setSigningAlgOptions(keyTypeSelect.value, tag); + toggleKeyCurve(keyTypeSelect.value, tag); + } } } - setAllAlgOptions(keyTypeSelect.value); - setAllSigningAlgOptions(keyTypeSelect.value); - toggleAllKeyCurves(keyTypeSelect.value); } else { keyTypeSelect = document.forms[0].elements[certTag + '_keytype']; toggleKeyCurve(keyTypeSelect.value, certTag); @@ -337,7 +363,11 @@ function displayCurveList() } </SCRIPT> -Select the key pair type(s), associated key pair size(s) or curve name(s), and signature algorithm(s) from the pulldown menus. <font color="red">Currently, the Audit Log Signing functionality only supports RSA keys. Users that require ECC keys must select the Advanced tab, and specify RSA keys for the Audit Log Signing Certificate. All other keys can be ECC. </font><a href="javascript:toggle_details();">[Details]</a> +Select the key pair type(s), associated key pair size(s) or curve name(s), and signature algorithm(s) from the pulldown menus. +<SCRIPT type="text/JavaScript"> +document.write(additionalMessage); +</SCRIPT> + <a href="javascript:toggle_details();">[Details]</a> <SCRIPT type="text/JavaScript"> function toggle_details() { |