From: Benny Baumann Date: Sun, 16 Oct 2016 16:22:28 +0000 (+0200) Subject: Merge "add: email-management-api" X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=0c82165b4b796bbe026eb79fbd7bb1f9ab22bf0d;hp=10eeb7050f199457d451d0576e443d8d85d1146e Merge "add: email-management-api" --- diff --git a/src/org/cacert/gigi/dbObjects/Digest.java b/src/org/cacert/gigi/dbObjects/Digest.java index 59247121..1bf2b77b 100644 --- a/src/org/cacert/gigi/dbObjects/Digest.java +++ b/src/org/cacert/gigi/dbObjects/Digest.java @@ -2,9 +2,13 @@ package org.cacert.gigi.dbObjects; import org.cacert.gigi.output.template.Outputable; import org.cacert.gigi.output.template.TranslateCommand; +import org.cacert.gigi.output.template.SprintfCommand; +import java.util.Arrays; public enum Digest { - SHA256("Currently recommended, because the other algorithms" + " might break on some older versions of the GnuTLS library" + " (older than 3.x) still shipped in Debian for example."), SHA384(""), SHA512("Highest protection against hash collision attacks of the algorithms offered here."); + SHA256(new SprintfCommand("Most compatible choice (see {0}documentation{1} for details)", Arrays.asList("!'", "!'"))), + SHA384("Best matched with ECC P-384"), + SHA512("Highest collision resistance, recommended"); private final Outputable exp; @@ -12,12 +16,16 @@ public enum Digest { exp = new TranslateCommand(explanation); } + private Digest(Outputable exp) { + this.exp = exp; + } + public Outputable getExp() { return exp; } public static Digest getDefault() { - return SHA256; + return SHA512; } } diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateRequest.java b/src/org/cacert/gigi/pages/account/certs/CertificateRequest.java index 1067681c..5edf362e 100644 --- a/src/org/cacert/gigi/pages/account/certs/CertificateRequest.java +++ b/src/org/cacert/gigi/pages/account/certs/CertificateRequest.java @@ -225,6 +225,8 @@ public class CertificateRequest { selectedDigest = Digest.SHA512; } else if (sign.toLowerCase().startsWith("sha384")) { selectedDigest = Digest.SHA384; + } else if (sign.toLowerCase().startsWith("sha256")) { + selectedDigest = Digest.SHA256; } } diff --git a/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java b/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java index cbce25d4..2fc2f60e 100644 --- a/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java +++ b/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java @@ -85,7 +85,7 @@ public class TestCertificateAdd extends ClientTest { String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8")); assertArrayEquals(new String[] { - "server", CertificateRequest.DEFAULT_CN, "dns:a." + uniq + ".tld\ndns:" + uniq + ".tld\n", Digest.SHA256.toString() + "server", CertificateRequest.DEFAULT_CN, "dns:a." + uniq + ".tld\ndns:" + uniq + ".tld\n", Digest.SHA512.toString() }, res); } @@ -109,11 +109,11 @@ public class TestCertificateAdd extends ClientTest { CertificateRequest.OID_KEY_USAGE_SSL_CLIENT }, new RFC822Name(email)); - String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA"); + String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA256WithRSA"); String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8")); assertArrayEquals(new String[] { - "client", "a b", "email:" + email + "\n", Digest.SHA512.toString() + "client", "a b", "email:" + email + "\n", Digest.SHA256.toString() }, res); } diff --git a/tests/org/cacert/gigi/testUtils/ConfiguredTest.java b/tests/org/cacert/gigi/testUtils/ConfiguredTest.java index 1467f434..c3d67b9a 100644 --- a/tests/org/cacert/gigi/testUtils/ConfiguredTest.java +++ b/tests/org/cacert/gigi/testUtils/ConfiguredTest.java @@ -163,7 +163,7 @@ public abstract class ConfiguredTest { } public static String generatePEMCSR(KeyPair kp, String dn, PKCS10Attributes atts) throws GeneralSecurityException, IOException { - return generatePEMCSR(kp, dn, atts, "SHA256WithRSA"); + return generatePEMCSR(kp, dn, atts, "SHA512WithRSA"); } public static String generatePEMCSR(KeyPair kp, String dn, PKCS10Attributes atts, String signature) throws GeneralSecurityException, IOException {