}
- public static final int CURRENT_SCHEMA_VERSION = 27;
+ public static final int CURRENT_SCHEMA_VERSION = 28;
public static final int CONNECTION_TIMEOUT = 24 * 60 * 60;
DROP TABLE IF EXISTS "certs";
DROP TYPE IF EXISTS "mdType";
-CREATE TYPE "mdType" AS ENUM('md5','sha1','sha256','sha512');
+CREATE TYPE "mdType" AS ENUM('md5','sha1','sha256','sha384','sha512');
DROP TYPE IF EXISTS "csrType";
CREATE TYPE "csrType" AS ENUM ('CSR', 'SPKAC');
"version" smallint NOT NULL,
PRIMARY KEY ("version")
);
-INSERT INTO "schemeVersion" (version) VALUES(27);
+INSERT INTO "schemeVersion" (version) VALUES(28);
DROP TABLE IF EXISTS `passwordResetTickets`;
CREATE TABLE `passwordResetTickets` (
--- /dev/null
+ALTER TYPE "mdType" ADD VALUE 'sha384' AFTER 'sha256';
import java.util.Collection;
import java.util.List;
+import org.hamcrest.CoreMatchers;
import org.junit.Test;
import club.wpia.gigi.dbObjects.Certificate;
}
}
+ @Test
+ public void testCertCreateSHA384() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
+ KeyPair kp = generateKeypair();
+ String key = generatePEMCSR(kp, "CN=testmail@example.com");
+ Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "testmail@example.com"), Digest.SHA384, key, CSRType.CSR, getClientProfile());
+ await(c.issue(null, "2y", u));
+ assertThat(c.cert().getSigAlgName().toLowerCase(), CoreMatchers.containsString("sha384"));
+ }
+
@Test
public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
KeyPair kp = generateKeypair();
PrintWriter pw = new PrintWriter(f);
pw.println(ser);
pw.close();
- if (digest != Digest.SHA256 && digest != Digest.SHA512) {
+ if (digest != Digest.SHA256 && digest != Digest.SHA384 && digest != Digest.SHA512) {
System.err.println("assuming sha256 either way ;-): " + digest);
digest = Digest.SHA256;
}
ObjectIdentifier sha512withrsa = new ObjectIdentifier(new int[] {
- 1, 2, 840, 113549, 1, 1, digest == Digest.SHA256 ? 11 : 13
+ 1, 2, 840, 113549, 1, 1, digest == Digest.SHA256 ? 11 : (digest == Digest.SHA384 ? 12 : 13)
});
AlgorithmId aid = new AlgorithmId(sha512withrsa);
- Signature s = Signature.getInstance(digest == Digest.SHA256 ? "SHA256withRSA" : "SHA512withRSA");
+ Signature s = Signature.getInstance(digest == Digest.SHA256 ? "SHA256withRSA" : (digest == Digest.SHA384 ? "SHA384withRSA" : "SHA512withRSA"));
DerOutputStream cert = new DerOutputStream();
DerOutputStream content = new DerOutputStream();