See #119.
Change-Id: Ia481947c3dff9b6a9770462185c5a12f0f1d996b
import org.cacert.gigi.output.template.Outputable;
import org.cacert.gigi.output.template.TranslateCommand;
+import org.cacert.gigi.output.template.SprintfCommand;
+import java.util.Arrays;
public enum Digest {
- SHA256("Currently recommended, because the other algorithms" + " might break on some older versions of the GnuTLS library" + " (older than 3.x) still shipped in Debian for example."), SHA384(""), SHA512("Highest protection against hash collision attacks of the algorithms offered here.");
+ SHA256(new SprintfCommand("Most compatible choice (see {0}documentation{1} for details)", Arrays.asList("!'<a href='//links.teracara.org/sha2-256'>", "!'</a>"))),
+ SHA384("Best matched with ECC P-384"),
+ SHA512("Highest collision resistance, recommended");
private final Outputable exp;
exp = new TranslateCommand(explanation);
}
+ private Digest(Outputable exp) {
+ this.exp = exp;
+ }
+
public Outputable getExp() {
return exp;
}
public static Digest getDefault() {
- return SHA256;
+ return SHA512;
}
}
selectedDigest = Digest.SHA512;
} else if (sign.toLowerCase().startsWith("sha384")) {
selectedDigest = Digest.SHA384;
+ } else if (sign.toLowerCase().startsWith("sha256")) {
+ selectedDigest = Digest.SHA256;
}
}
String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8"));
assertArrayEquals(new String[] {
- "server", CertificateRequest.DEFAULT_CN, "dns:a." + uniq + ".tld\ndns:" + uniq + ".tld\n", Digest.SHA256.toString()
+ "server", CertificateRequest.DEFAULT_CN, "dns:a." + uniq + ".tld\ndns:" + uniq + ".tld\n", Digest.SHA512.toString()
}, res);
}
CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
}, new RFC822Name(email));
- String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA");
+ String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA256WithRSA");
String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8"));
assertArrayEquals(new String[] {
- "client", "a b", "email:" + email + "\n", Digest.SHA512.toString()
+ "client", "a b", "email:" + email + "\n", Digest.SHA256.toString()
}, res);
}
}
public static String generatePEMCSR(KeyPair kp, String dn, PKCS10Attributes atts) throws GeneralSecurityException, IOException {
- return generatePEMCSR(kp, dn, atts, "SHA256WithRSA");
+ return generatePEMCSR(kp, dn, atts, "SHA512WithRSA");
}
public static String generatePEMCSR(KeyPair kp, String dn, PKCS10Attributes atts, String signature) throws GeneralSecurityException, IOException {