diff --git a/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template b/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template
index 350cb9b6ad1..be2caefb2a1 100644
--- a/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template
+++ b/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template
@@ -315,6 +315,10 @@ function keyLengthsCurvesOptions (keyPurpose)
if (keyPurpose.length == 0 || (keyPurpose.length > 0 && policySetListSet[i].setId.indexOf(keyPurpose) > -1)) {
keyType = policySetListSet[i].policySet[j].constraintSet[k].value;
}
+ } else {
+ if (document.getElementById("keyTypeId").value != "undefined") {
+ keyType = document.getElementById("keyTypeId").value;
+ }
}
}
@@ -346,6 +350,8 @@ function keyLengthsCurvesOptions (keyPurpose)
value != "nistp256" && value != "nistp384" && value != "nistp521" &&
value != "ECDSA_P256" && value != "ECDSA_P384" && value != "ECDSA_P521") {
included = false;
+ } else if (keyType == "EC" && isNumeric(value)) {
+ included = false;
}
if (included) {
@@ -377,6 +383,18 @@ function keyLengthsCurvesOptions (keyPurpose)
return options;
}
+function updateKeyLengthsCurvesOptions() {
+ // get the keySize select element via its known id
+ var cSelect = document.getElementById("keySizeId");
+
+ // remove the current options from the select tag
+ var len=cSelect.options.length;
+ while (cSelect.options.length > 0) {
+ cSelect.remove(0);
+ }
+ cSelect.innerHTML = keyLengthsCurvesOptions("");
+}
+
function isNumeric(sText)
{
var validChars = "0123456789";
@@ -753,17 +771,18 @@ for (var m = 0; m < inputPluginListSet.length; m++) {
} else if (inputListSet[n].inputSyntax == 'server_side_keygen_request_type') {
// get PKCS#12 password
document.writeln('
');
- document.write('PKCS #12 Password: | ');
- document.write(' | ');
+ document.writeln('PKCS #12 Password: | ');
+ document.writeln(' | ');
document.writeln('
');
document.writeln('');
- document.write('PKCS #12 Password again: | ');
- document.write(' | ');
- document.writeln(' ');
- document.writeln(' ');
+ document.writeln('PKCS #12 Password again: | ');
+ document.writeln(' | ');
document.writeln('
');
-
+ } else if (inputListSet[n].inputSyntax == 'server_side_keygen_key_type') {
+ document.writeln(' ');
+ } else if (inputListSet[n].inputSyntax == 'server_side_keygen_key_size') {
+ document.writeln(' ');
} else if (inputListSet[n].inputSyntax == 'cert_request') {
document.writeln('');
} else if (inputListSet[n].inputSyntax == 'cert_request_type') {
diff --git a/base/common/src/com/netscape/certsrv/property/IDescriptor.java b/base/common/src/com/netscape/certsrv/property/IDescriptor.java
index 4de6bb3916f..8eed7aef1fb 100644
--- a/base/common/src/com/netscape/certsrv/property/IDescriptor.java
+++ b/base/common/src/com/netscape/certsrv/property/IDescriptor.java
@@ -47,6 +47,8 @@ public interface IDescriptor {
public static String CERT_REQUEST_TYPE = "cert_request_type";
public static String SERVER_SIDE_KEYGEN_REQUEST_TYPE = "server_side_keygen_request_type";
public static String SERVER_SIDE_KEYGEN_PKCS12 = "server_side_keygen_p12";
+ public static String SERVER_SIDE_KEYGEN_KEY_TYPE = "server_side_keygen_key_type";
+ public static String SERVER_SIDE_KEYGEN_KEY_SIZE = "server_side_keygen_key_size";
public static String CHOICE = "choice"; // choice of strings
public static String DN = "dn";
public static String IP = "ip";
diff --git a/base/server/cms/src/com/netscape/cms/profile/def/ServerKeygenUserKeyDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/ServerKeygenUserKeyDefault.java
index e82ee24b79f..13a8dec744a 100644
--- a/base/server/cms/src/com/netscape/cms/profile/def/ServerKeygenUserKeyDefault.java
+++ b/base/server/cms/src/com/netscape/cms/profile/def/ServerKeygenUserKeyDefault.java
@@ -336,22 +336,61 @@ public void populate(IRequest request, X509CertInfo info)
request.setExtData("isServerSideKeygen", "true");
CryptoToken token = cm.getInternalKeyStorageToken();
- String keySizeStr = request.getExtDataInString("keySize");
- int keySize = 1024;
- if (keySizeStr != null) {
- CMS.debug("ServerKeygenUserKeyDefault: populate: keySize in request: " + keySizeStr);
- keySize = Integer.parseInt(keySizeStr);
+ String keyTypeStr = request.getExtDataInString("keyType");
+ String keyType = "RSA";
+ int keySize = 2048;
+ String curveName = "nistp521";
+
+ // Populate the keyType and keySize/keyCurve
+
+ if (keyTypeStr != null && !keyTypeStr.isEmpty()) {
+ CMS.debug("ServerKeygenUserKeyDefault: populate: keyType in request: " + keyTypeStr);
+ keyType = keyTypeStr;
} else {
- CMS.debug("ServerKeygenUserKeyDefault: populate: keySize in request null; default to 2048");
+ CMS.debug("ServerKeygenUserKeyDefault: populate: keyType in request null; default to RSA");
+ }
+
+ String keySizeCurveStr = request.getExtDataInString("keySize");
+
+ if (keyType.contentEquals("RSA")) {
+ if (keySizeCurveStr != null && !keySizeCurveStr.isEmpty()) {
+ CMS.debug("ServerKeygenUserKeyDefault: populate: keySize in request: " + keySizeCurveStr);
+ keySize = Integer.parseInt(keySizeCurveStr);
+ } else {
+ CMS.debug("ServerKeygenUserKeyDefault: populate: keySize in request null; default to" + keySize);
+ }
+ // Do things when RSA is selected
+ } else if (keyType.contentEquals("EC")) {
+ // TODO: dmoluguw: Fix the following to generate right Key ECC keys
+
+ if (keySizeCurveStr != null && !keySizeCurveStr.isEmpty()) {
+ CMS.debug("ServerKeygenUserKeyDefault: populate: keyCurve in request: " + keySizeCurveStr);
+ curveName = keySizeCurveStr;
+ } else {
+ CMS.debug("ServerKeygenUserKeyDefault: populate: keySize in request null; default to" + curveName);
+ }
+ // Do things when EC is selected
+ } else {
+ throw new Exception("Unsupported keyType: " + keyType);
+ }
+ request.setExtData(IRequest.KEY_GEN_ALGORITHM, keyType);
+ if(keyType.contentEquals("RSA")) {
+ request.setExtData(IRequest.KEY_GEN_SIZE, keySize);
+ }
+ else if (keyType.contentEquals("EC")) {
+ // TODO: Check whether IRequest.KEY_GEN_SIZE can accept string value
+ request.setExtData(IRequest.KEY_GEN_SIZE, curveName);
}
- request.setExtData(IRequest.KEY_GEN_ALGORITHM, "RSA");
- request.setExtData(IRequest.KEY_GEN_SIZE, keySize);
/*
* it is necessary to put in a static fake key here to prevent
* issue; The fake key will be replaced later once KRA generates
* the real keys
*/
+
+ // dmoluguw: TODO: The below values seem to be for development purposes,
+ // and will probably work only with keyType="RSA"
+
String pubKeyStr = "";
switch (keySize) {
case 1024:
diff --git a/base/server/cms/src/com/netscape/cms/profile/input/ServerKeygenInput.java b/base/server/cms/src/com/netscape/cms/profile/input/ServerKeygenInput.java
index fb460d0fe26..29890f467da 100644
--- a/base/server/cms/src/com/netscape/cms/profile/input/ServerKeygenInput.java
+++ b/base/server/cms/src/com/netscape/cms/profile/input/ServerKeygenInput.java
@@ -39,17 +39,17 @@
public class ServerKeygenInput extends EnrollInput implements IProfileInput {
public static final String P12PASSWORD = "serverSideKeygenP12Passwd";
-/*
+
public static final String KEY_TYPE = "keyType";
public static final String KEY_SIZE = "keySize";
-*/
+
public ServerKeygenInput() {
addValueName(P12PASSWORD);
-/*
+
addValueName(KEY_TYPE);
addValueName(KEY_SIZE);
-*/
+
}
/**
@@ -99,16 +99,14 @@ public IDescriptor getValueDescriptor(Locale locale, String name) {
return new Descriptor(IDescriptor.SERVER_SIDE_KEYGEN_REQUEST_TYPE, null,
null,
CMS.getUserMessage(locale, "CMS_PROFILE_SERVER_KEYGEN_P12PASSWD"));
-/*
} else if (name.equals(KEY_TYPE)) {
- return new Descriptor(IDescriptor.STRING, null,
+ return new Descriptor(IDescriptor.SERVER_SIDE_KEYGEN_KEY_TYPE, null,
null,
CMS.getUserMessage(locale, "CMS_PROFILE_SERVER_KEYGEN_KEY_TYPE"));
} else if (name.equals(KEY_SIZE)) {
- return new Descriptor(IDescriptor.STRING, null,
+ return new Descriptor(IDescriptor.SERVER_SIDE_KEYGEN_KEY_SIZE, null,
null,
CMS.getUserMessage(locale, "CMS_PROFILE_SERVER_KEYGEN_KEY_SIZE"));
-*/
}
return null;
}
diff --git a/base/server/cmsbundle/src/UserMessages.properties b/base/server/cmsbundle/src/UserMessages.properties
index 608d29a2aaf..2c57c59b0a9 100644
--- a/base/server/cmsbundle/src/UserMessages.properties
+++ b/base/server/cmsbundle/src/UserMessages.properties
@@ -1053,8 +1053,8 @@ CMS_PROFILE_INPUT_FILE_SIGNING_TEXT=Text Being Signed
CMS_PROFILE_INPUT_SERVER_KEYGEN_NAME=Server-Side Key Generation
CMS_PROFILE_INPUT_SERVER_KEYGEN_TEXT=Server-Side Key Generation
CMS_PROFILE_SERVER_KEYGEN_P12PASSWD=Server-Side Key Generation P12 Password
-CMS_PROFILE_SERVER_KEYGEN_KEY_TYPE=Server-Side Key Generation KEY TYPE
-CMS_PROFILE_SERVER_KEYGEN_KEY_SIZE=Server-Side Key Generation KEY SIZE
+CMS_PROFILE_SERVER_KEYGEN_KEY_TYPE=Server-Side Key Generation Key Type
+CMS_PROFILE_SERVER_KEYGEN_KEY_SIZE=Server-Side Key Generation Key Size
CMS_PROFILE_INPUT_SUBJECT_ALT_NAME_EXT_NAME=Subject Alternative Name Extension Information
CMS_PROFILE_INPUT_SUBJECT_ALT_NAME_EXT_TEXT=Subject Alternative Name Extension Information
CMS_PROFILE_IMAGE=Image