From: Felix Dörre Date: Sat, 12 Aug 2017 18:16:28 +0000 (+0200) Subject: fix: sha384 certificates X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=19dfeb8cc6ffa3f469e2b27fcedccc56b776c693 fix: sha384 certificates Change-Id: I3e58ebf50822df13212be9b95f11433dd462ba62 --- diff --git a/src/club/wpia/gigi/database/DatabaseConnection.java b/src/club/wpia/gigi/database/DatabaseConnection.java index 26449809..819dcf93 100644 --- a/src/club/wpia/gigi/database/DatabaseConnection.java +++ b/src/club/wpia/gigi/database/DatabaseConnection.java @@ -122,7 +122,7 @@ public class DatabaseConnection { } - public static final int CURRENT_SCHEMA_VERSION = 27; + public static final int CURRENT_SCHEMA_VERSION = 28; public static final int CONNECTION_TIMEOUT = 24 * 60 * 60; diff --git a/src/club/wpia/gigi/database/tableStructure.sql b/src/club/wpia/gigi/database/tableStructure.sql index 57825338..4b5194f7 100644 --- a/src/club/wpia/gigi/database/tableStructure.sql +++ b/src/club/wpia/gigi/database/tableStructure.sql @@ -139,7 +139,7 @@ CREATE TABLE "user_agreements" ( DROP TABLE IF EXISTS "certs"; DROP TYPE IF EXISTS "mdType"; -CREATE TYPE "mdType" AS ENUM('md5','sha1','sha256','sha512'); +CREATE TYPE "mdType" AS ENUM('md5','sha1','sha256','sha384','sha512'); DROP TYPE IF EXISTS "csrType"; CREATE TYPE "csrType" AS ENUM ('CSR', 'SPKAC'); @@ -375,7 +375,7 @@ CREATE TABLE "schemeVersion" ( "version" smallint NOT NULL, PRIMARY KEY ("version") ); -INSERT INTO "schemeVersion" (version) VALUES(27); +INSERT INTO "schemeVersion" (version) VALUES(28); DROP TABLE IF EXISTS `passwordResetTickets`; CREATE TABLE `passwordResetTickets` ( diff --git a/src/club/wpia/gigi/database/upgrade/from_27.sql b/src/club/wpia/gigi/database/upgrade/from_27.sql new file mode 100644 index 00000000..79a6b5d0 --- /dev/null +++ b/src/club/wpia/gigi/database/upgrade/from_27.sql @@ -0,0 +1 @@ +ALTER TYPE "mdType" ADD VALUE 'sha384' AFTER 'sha256'; diff --git a/tests/club/wpia/gigi/TestCertificate.java b/tests/club/wpia/gigi/TestCertificate.java index d791bfd0..53b6509d 100644 --- a/tests/club/wpia/gigi/TestCertificate.java +++ b/tests/club/wpia/gigi/TestCertificate.java @@ -11,6 +11,7 @@ import java.sql.SQLException; import java.util.Collection; import java.util.List; +import org.hamcrest.CoreMatchers; import org.junit.Test; import club.wpia.gigi.dbObjects.Certificate; @@ -93,6 +94,15 @@ public class TestCertificate extends ManagedTest { } } + @Test + public void testCertCreateSHA384() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException { + KeyPair kp = generateKeypair(); + String key = generatePEMCSR(kp, "CN=testmail@example.com"); + Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "testmail@example.com"), Digest.SHA384, key, CSRType.CSR, getClientProfile()); + await(c.issue(null, "2y", u)); + assertThat(c.cert().getSigAlgName().toLowerCase(), CoreMatchers.containsString("sha384")); + } + @Test public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException { KeyPair kp = generateKeypair(); diff --git a/util-testing/club/wpia/gigi/util/SimpleSigner.java b/util-testing/club/wpia/gigi/util/SimpleSigner.java index 76edd6ed..070194e4 100644 --- a/util-testing/club/wpia/gigi/util/SimpleSigner.java +++ b/util-testing/club/wpia/gigi/util/SimpleSigner.java @@ -425,15 +425,15 @@ public class SimpleSigner { PrintWriter pw = new PrintWriter(f); pw.println(ser); pw.close(); - if (digest != Digest.SHA256 && digest != Digest.SHA512) { + if (digest != Digest.SHA256 && digest != Digest.SHA384 && digest != Digest.SHA512) { System.err.println("assuming sha256 either way ;-): " + digest); digest = Digest.SHA256; } ObjectIdentifier sha512withrsa = new ObjectIdentifier(new int[] { - 1, 2, 840, 113549, 1, 1, digest == Digest.SHA256 ? 11 : 13 + 1, 2, 840, 113549, 1, 1, digest == Digest.SHA256 ? 11 : (digest == Digest.SHA384 ? 12 : 13) }); AlgorithmId aid = new AlgorithmId(sha512withrsa); - Signature s = Signature.getInstance(digest == Digest.SHA256 ? "SHA256withRSA" : "SHA512withRSA"); + Signature s = Signature.getInstance(digest == Digest.SHA256 ? "SHA256withRSA" : (digest == Digest.SHA384 ? "SHA384withRSA" : "SHA512withRSA")); DerOutputStream cert = new DerOutputStream(); DerOutputStream content = new DerOutputStream();