Index: pki/base/ca/shared/conf/CS.cfg
===================================================================
--- pki/base/ca/shared/conf/CS.cfg (revision 2389)
+++ pki/base/ca/shared/conf/CS.cfg (working copy)
@@ -55,6 +55,7 @@
ca.cert.subsystem.certusage=SSLClient
ca.cert.audit_signing.certusage=ObjectSigner
preop.cert.list=signing,ocsp_signing,sslserver,subsystem,audit_signing
+preop.cert.rsalist=audit_signing
preop.cert.signing.enable=true
preop.cert.ocsp_signing.enable=true
preop.cert.sslserver.enable=true
Index: pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
===================================================================
--- pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java (revision 2381)
+++ pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java (working copy)
@@ -143,6 +143,8 @@
// same token for now
String token = config.getString(PRE_CONF_CA_TOKEN);
String certTags = config.getString("preop.cert.list");
+ String rsaCertTags = config.getString("preop.cert.rsalist", "");
+ context.put("rsaTags", rsaCertTags);
StringTokenizer st = new StringTokenizer(certTags, ",");
mShowSigning = false;
Index: pki/base/tks/shared/conf/CS.cfg
===================================================================
--- pki/base/tks/shared/conf/CS.cfg (revision 2381)
+++ pki/base/tks/shared/conf/CS.cfg (working copy)
@@ -30,6 +30,7 @@
tks.cert.subsystem.certusage=SSLClient
tks.cert.audit_signing.certusage=ObjectSigner
preop.cert.list=sslserver,subsystem,audit_signing
+preop.cert.rsalist=audit_signing
preop.cert.sslserver.enable=true
preop.cert.subsystem.enable=true
preop.cert.audit_signing.enable=true
Index: pki/base/ocsp/shared/conf/CS.cfg
===================================================================
--- pki/base/ocsp/shared/conf/CS.cfg (revision 2381)
+++ pki/base/ocsp/shared/conf/CS.cfg (working copy)
@@ -39,6 +39,7 @@
preop.module.token=Internal Key Storage Token
ocsp.cert.list=signing,sslserver,subsystem,audit_signing
preop.cert.list=signing,sslserver,subsystem,audit_signing
+preop.cert.rsalist=audit_signing
ocsp.cert.signing=StatusResponder
ocsp.cert.sslserver.certusage=SSLServer
ocsp.cert.subsystem.certusage=SSLClient
Index: pki/base/kra/shared/conf/CS.cfg
===================================================================
--- pki/base/kra/shared/conf/CS.cfg (revision 2381)
+++ pki/base/kra/shared/conf/CS.cfg (working copy)
@@ -45,6 +45,7 @@
kra.cert.subsystem.certusage=SSLClient
kra.cert.audit_signing.certusage=ObjectSigner
preop.cert.list=transport,storage,sslserver,subsystem,audit_signing
+preop.cert.rsalist=transport,storage,audit_signing
preop.cert.transport.enable=true
preop.cert.storage.enable=true
preop.cert.sslserver.enable=true
Index: pki/redhat/common-ui/shared/admin/console/config/sizepanel.vm
===================================================================
--- pki/redhat/common-ui/shared/admin/console/config/sizepanel.vm (revision 15995)
+++ pki/redhat/common-ui/shared/admin/console/config/sizepanel.vm (working copy)
@@ -35,6 +35,13 @@
var ecclist="${ecclist}";
var curvelist="${curvelist}";
var displaycurvelist = "${displaycurvelist}";
+var rsaTags = "${rsaTags}";
+var additionalMessage = "";
+if (rsaTags.length > 0) {
+ additionalMessage = (rsaTags.indexOf(",") != -1)?
+ "IMPORTANT: Currently, the Audit Log Signing, Transport, and Storage functionality ONLY support RSA keys. Users that require ECC keys MUST first select the ECC key type and then verify on the Advanced tab that RSA keys are selected for the Audit Log Signing Certificate, Transport Certificate, and Storage Certificate. All other keys can be ECC.":
+ "
IMPORTANT: Currently, the Audit Log Signing functionality ONLY supports RSA keys. Users that require ECC keys MUST first select the ECC key type and then verify on the Advanced tab that an RSA key is selected for the Audit Log Signing Certificate. All other keys can be ECC.";
+}
function myOnLoad() {
var form = document.forms[0];
@@ -143,7 +150,7 @@
} else {
algSelect = document.forms[0].elements[certTag + '_keyalgorithm'];
}
- if (algSelect == undefined) {
+ if (typeof(algSelect) == "undefined") {
return;
}
algSelect.options.length=0;
@@ -179,6 +186,9 @@
} else {
algSelect = document.forms[0].elements[certTag + '_signingalgorithm'];
}
+ if (typeof(algSelect) == "undefined") {
+ return;
+ }
algSelect.options.length=0;
if (keyType == "rsa") {
list = rsalist.split(",");
@@ -229,6 +239,17 @@
}
}
+function indexOfTag(tag)
+{
+ var index = rsaTags.indexOf(tag);
+ if (index > 0) {
+ if (rsaTags.charAt(index-1) != ',') {
+ index = -1;
+ }
+ }
+ return index;
+}
+
function keyTypeChange(certTag)
{
var form = document.forms[0];
@@ -237,13 +258,18 @@
keyTypeSelect = document.forms[0].elements['keytype'];
for (var i = 0; i < form.length; i++) {
var name = form[i].name;
- if (name.indexOf('_keytype') != -1) {
- form.elements[name].selectedIndex = keyTypeSelect.selectedIndex;
+ var k = name.indexOf('_keytype');
+ if (k != -1) {
+ var tag = name.substring(0, k);
+ if ((keyTypeSelect.value.indexOf('ecc') != -1) &&
+ (indexOfTag(tag) == -1)) {
+ form.elements[name].selectedIndex = keyTypeSelect.selectedIndex;
+ setAlgOptions(keyTypeSelect.value, tag);
+ setSigningAlgOptions(keyTypeSelect.value, tag);
+ toggleKeyCurve(keyTypeSelect.value, tag);
+ }
}
}
- setAllAlgOptions(keyTypeSelect.value);
- setAllSigningAlgOptions(keyTypeSelect.value);
- toggleAllKeyCurves(keyTypeSelect.value);
} else {
keyTypeSelect = document.forms[0].elements[certTag + '_keytype'];
toggleKeyCurve(keyTypeSelect.value, certTag);
@@ -337,8 +363,12 @@
}
-Select the key pair type(s), associated key pair size(s) or curve name(s), and signature algorithm(s) from the pulldown menus. Currently, the Audit Log Signing functionality only supports RSA keys. Users that require ECC keys must select the Advanced tab, and specify RSA keys for the Audit Log Signing Certificate. All other keys can be ECC. [Details]
+Select the key pair type(s), associated key pair size(s) or curve name(s), and signature algorithm(s) from the pulldown menus.
+ [Details]
+