fix: sha384 certificates

author Felix Dörre <felix@dogcraft.de>

Sat, 12 Aug 2017 18:16:28 +0000 (20:16 +0200)

committer Felix Dörre <felix@dogcraft.de>

Sat, 12 Aug 2017 18:16:55 +0000 (20:16 +0200)
author Felix Dörre <felix@dogcraft.de>
Sat, 12 Aug 2017 18:16:28 +0000 (20:16 +0200)
committer Felix Dörre <felix@dogcraft.de>
Sat, 12 Aug 2017 18:16:55 +0000 (20:16 +0200)
diff --git a/src/club/wpia/gigi/database/DatabaseConnection.java b/src/club/wpia/gigi/database/DatabaseConnection.java

index 26449809e37bab02927af5acb4255235e7e256a2..819dcf932f969d991ab2a95bb6bba9efc80051b1 100644 (file)
--- a/src/club/wpia/gigi/database/DatabaseConnection.java
+++ b/src/club/wpia/gigi/database/DatabaseConnection.java
@@ -122,7 +122,7 @@ public class DatabaseConnection {
  
      }
  
-    public static final int CURRENT_SCHEMA_VERSION = 27;
+    public static final int CURRENT_SCHEMA_VERSION = 28;
  
      public static final int CONNECTION_TIMEOUT = 24 * 60 * 60;
  
diff --git a/src/club/wpia/gigi/database/tableStructure.sql b/src/club/wpia/gigi/database/tableStructure.sql

index 57825338bdf2180fd67ec1d0a287f1c42b2e076f..4b5194f77c1ac67d9f274dd324ee3531cf20fcf6 100644 (file)
--- a/src/club/wpia/gigi/database/tableStructure.sql
+++ b/src/club/wpia/gigi/database/tableStructure.sql
@@ -139,7 +139,7 @@ CREATE TABLE "user_agreements" (
  DROP TABLE IF EXISTS "certs";
  
  DROP TYPE IF EXISTS "mdType";
-CREATE TYPE "mdType" AS ENUM('md5','sha1','sha256','sha512');
+CREATE TYPE "mdType" AS ENUM('md5','sha1','sha256','sha384','sha512');
  
  DROP TYPE IF EXISTS "csrType";
  CREATE TYPE "csrType" AS ENUM ('CSR', 'SPKAC');
@@ -375,7 +375,7 @@ CREATE TABLE "schemeVersion" (
    "version" smallint NOT NULL,
    PRIMARY KEY ("version")
  );
-INSERT INTO "schemeVersion" (version)  VALUES(27);
+INSERT INTO "schemeVersion" (version)  VALUES(28);
  
  DROP TABLE IF EXISTS `passwordResetTickets`;
  CREATE TABLE `passwordResetTickets` (
diff --git a/src/club/wpia/gigi/database/upgrade/from_27.sql b/src/club/wpia/gigi/database/upgrade/from_27.sql

new file mode 100644 (file)

index 0000000..79a6b5d
--- /dev/null
+++ b/src/club/wpia/gigi/database/upgrade/from_27.sql
@@ -0,0 +1 @@
+ALTER TYPE "mdType" ADD VALUE 'sha384' AFTER 'sha256';
diff --git a/tests/club/wpia/gigi/TestCertificate.java b/tests/club/wpia/gigi/TestCertificate.java

index d791bfd0ee84654ac3a88769530b7befd203ba29..53b6509d38e0cecbe66524f5410c0f451d198e43 100644 (file)
--- a/tests/club/wpia/gigi/TestCertificate.java
+++ b/tests/club/wpia/gigi/TestCertificate.java
@@ -11,6 +11,7 @@ import java.sql.SQLException;
  import java.util.Collection;
  import java.util.List;
  
+import org.hamcrest.CoreMatchers;
  import org.junit.Test;
  
  import club.wpia.gigi.dbObjects.Certificate;
@@ -93,6 +94,15 @@ public class TestCertificate extends ManagedTest {
          }
      }
  
+    @Test
+    public void testCertCreateSHA384() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
+        KeyPair kp = generateKeypair();
+        String key = generatePEMCSR(kp, "CN=testmail@example.com");
+        Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "testmail@example.com"), Digest.SHA384, key, CSRType.CSR, getClientProfile());
+        await(c.issue(null, "2y", u));
+        assertThat(c.cert().getSigAlgName().toLowerCase(), CoreMatchers.containsString("sha384"));
+    }
+
      @Test
      public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
          KeyPair kp = generateKeypair();
diff --git a/util-testing/club/wpia/gigi/util/SimpleSigner.java b/util-testing/club/wpia/gigi/util/SimpleSigner.java

index 76edd6ed4c31f16dc3ca2da1752b701312c9e6dc..070194e4c1f9f1351f24661dc1b077e26799c5a9 100644 (file)
--- a/util-testing/club/wpia/gigi/util/SimpleSigner.java
+++ b/util-testing/club/wpia/gigi/util/SimpleSigner.java
@@ -425,15 +425,15 @@ public class SimpleSigner {
              PrintWriter pw = new PrintWriter(f);
              pw.println(ser);
              pw.close();
-            if (digest != Digest.SHA256 && digest != Digest.SHA512) {
+            if (digest != Digest.SHA256 && digest != Digest.SHA384 && digest != Digest.SHA512) {
                  System.err.println("assuming sha256 either way ;-): " + digest);
                  digest = Digest.SHA256;
              }
              ObjectIdentifier sha512withrsa = new ObjectIdentifier(new int[] {
-                    1, 2, 840, 113549, 1, 1, digest == Digest.SHA256 ? 11 : 13
+                    1, 2, 840, 113549, 1, 1, digest == Digest.SHA256 ? 11 : (digest == Digest.SHA384 ? 12 : 13)
              });
              AlgorithmId aid = new AlgorithmId(sha512withrsa);
-            Signature s = Signature.getInstance(digest == Digest.SHA256 ? "SHA256withRSA" : "SHA512withRSA");
+            Signature s = Signature.getInstance(digest == Digest.SHA256 ? "SHA256withRSA" : (digest == Digest.SHA384 ? "SHA384withRSA" : "SHA512withRSA"));
  
              DerOutputStream cert = new DerOutputStream();
              DerOutputStream content = new DerOutputStream();
author	Felix Dörre <felix@dogcraft.de>
	Sat, 12 Aug 2017 18:16:28 +0000 (20:16 +0200)
committer	Felix Dörre <felix@dogcraft.de>
	Sat, 12 Aug 2017 18:16:55 +0000 (20:16 +0200)
src/club/wpia/gigi/database/DatabaseConnection.java		patch \| blob \| history
src/club/wpia/gigi/database/tableStructure.sql		patch \| blob \| history
src/club/wpia/gigi/database/upgrade/from_27.sql	[new file with mode: 0644]	patch \| blob
tests/club/wpia/gigi/TestCertificate.java		patch \| blob \| history
util-testing/club/wpia/gigi/util/SimpleSigner.java		patch \| blob \| history