diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2016-02-15 16:52:23 +0100 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2016-04-02 05:14:00 +0200 |
| commit | 5f48cd624742c897979ac977bfe9d71e26a9e697 (patch) | |
| tree | c9419dbf1254f60d8897180a173faf2855e291b8 | |
| parent | 12127e52a70ce32272aed0c413d69178726a1a1a (diff) | |
| download | pki-5f48cd624742c897979ac977bfe9d71e26a9e697.tar.gz pki-5f48cd624742c897979ac977bfe9d71e26a9e697.tar.xz pki-5f48cd624742c897979ac977bfe9d71e26a9e697.zip | |
Refactored PKCS12CertInfo and PKCS12KeyInfo classes.
The PKCS12CertInfo and PKCS12KeyInfo classes have been moved out
of PKCS12Util into separate classes.
The createLocalKeyID() has been modified to return BigInteger
instead of byte array.
https://fedorahosted.org/pki/ticket/1742
7 files changed, 133 insertions, 35 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java index f4d97cd74..a83fbac4f 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java @@ -21,7 +21,7 @@ package com.netscape.cmstools.pkcs12; import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.cmstools.cli.CLI; -import netscape.security.pkcs.PKCS12Util.PKCS12CertInfo; +import netscape.security.pkcs.PKCS12CertInfo; /** * @author Endi S. Dewata @@ -35,13 +35,13 @@ public class PKCS12CertCLI extends CLI { } public static void printCertInfo(PKCS12CertInfo certInfo) throws Exception { - System.out.println(" Serial Number: " + new CertId(certInfo.cert.getSerialNumber()).toHexString()); - System.out.println(" Nickname: " + certInfo.nickname); - System.out.println(" Subject DN: " + certInfo.cert.getSubjectDN()); - System.out.println(" Issuer DN: " + certInfo.cert.getIssuerDN()); + System.out.println(" Serial Number: " + new CertId(certInfo.getCert().getSerialNumber()).toHexString()); + System.out.println(" Nickname: " + certInfo.getNickname()); + System.out.println(" Subject DN: " + certInfo.getCert().getSubjectDN()); + System.out.println(" Issuer DN: " + certInfo.getCert().getIssuerDN()); - if (certInfo.trustFlags != null) { - System.out.println(" Trust flags: " + certInfo.trustFlags); + if (certInfo.getTrustFlags() != null) { + System.out.println(" Trust flags: " + certInfo.getTrustFlags()); } } } diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java index 4cbfee518..3aec7a6b2 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java @@ -29,8 +29,8 @@ import org.apache.commons.cli.ParseException; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; +import netscape.security.pkcs.PKCS12CertInfo; import netscape.security.pkcs.PKCS12Util; -import netscape.security.pkcs.PKCS12Util.PKCS12CertInfo; /** * @author Endi S. Dewata diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java index 9f0779782..d859fcea1 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java @@ -20,7 +20,7 @@ package com.netscape.cmstools.pkcs12; import com.netscape.cmstools.cli.CLI; -import netscape.security.pkcs.PKCS12Util.PKCS12KeyInfo; +import netscape.security.pkcs.PKCS12KeyInfo; /** * @author Endi S. Dewata @@ -34,10 +34,10 @@ public class PKCS12KeyCLI extends CLI { } public static void printKeyInfo(PKCS12KeyInfo keyInfo) throws Exception { - System.out.println(" Subject DN: " + keyInfo.subjectDN); + System.out.println(" Subject DN: " + keyInfo.getSubjectDN()); - if (keyInfo.privateKeyInfo != null) { - System.out.println(" Algorithm: " + keyInfo.privateKeyInfo.getAlgorithm()); + if (keyInfo.getPrivateKeyInfo() != null) { + System.out.println(" Algorithm: " + keyInfo.getPrivateKeyInfo().getAlgorithm()); } } } diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java index d8c165cd6..3bda750a4 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java @@ -32,8 +32,8 @@ import org.mozilla.jss.util.Password; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; +import netscape.security.pkcs.PKCS12KeyInfo; import netscape.security.pkcs.PKCS12Util; -import netscape.security.pkcs.PKCS12Util.PKCS12KeyInfo; /** * @author Endi S. Dewata diff --git a/base/util/src/netscape/security/pkcs/PKCS12CertInfo.java b/base/util/src/netscape/security/pkcs/PKCS12CertInfo.java new file mode 100644 index 000000000..d1a9cc9fc --- /dev/null +++ b/base/util/src/netscape/security/pkcs/PKCS12CertInfo.java @@ -0,0 +1,54 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2016 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package netscape.security.pkcs; + +import netscape.security.x509.X509CertImpl; + +public class PKCS12CertInfo { + + X509CertImpl cert; + String nickname; + String trustFlags; + + public PKCS12CertInfo() { + } + + public X509CertImpl getCert() { + return cert; + } + + public void setCert(X509CertImpl cert) { + this.cert = cert; + } + + public String getNickname() { + return nickname; + } + + public void setNickname(String nickname) { + this.nickname = nickname; + } + + public String getTrustFlags() { + return trustFlags; + } + + public void setTrustFlags(String trustFlags) { + this.trustFlags = trustFlags; + } +} diff --git a/base/util/src/netscape/security/pkcs/PKCS12KeyInfo.java b/base/util/src/netscape/security/pkcs/PKCS12KeyInfo.java new file mode 100644 index 000000000..ff3f2a289 --- /dev/null +++ b/base/util/src/netscape/security/pkcs/PKCS12KeyInfo.java @@ -0,0 +1,55 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2016 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package netscape.security.pkcs; + +import org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo; +import org.mozilla.jss.pkix.primitive.PrivateKeyInfo; + +public class PKCS12KeyInfo { + + EncryptedPrivateKeyInfo encPrivateKeyInfo; + PrivateKeyInfo privateKeyInfo; + String subjectDN; + + public PKCS12KeyInfo() { + } + + public EncryptedPrivateKeyInfo getEncPrivateKeyInfo() { + return encPrivateKeyInfo; + } + + public void setEncPrivateKeyInfo(EncryptedPrivateKeyInfo encPrivateKeyInfo) { + this.encPrivateKeyInfo = encPrivateKeyInfo; + } + + public PrivateKeyInfo getPrivateKeyInfo() { + return privateKeyInfo; + } + + public void setPrivateKeyInfo(PrivateKeyInfo privateKeyInfo) { + this.privateKeyInfo = privateKeyInfo; + } + + public String getSubjectDN() { + return subjectDN; + } + + public void setSubjectDN(String subjectDN) { + this.subjectDN = subjectDN; + } +} diff --git a/base/util/src/netscape/security/pkcs/PKCS12Util.java b/base/util/src/netscape/security/pkcs/PKCS12Util.java index 6acace0b9..9d852cb6a 100644 --- a/base/util/src/netscape/security/pkcs/PKCS12Util.java +++ b/base/util/src/netscape/security/pkcs/PKCS12Util.java @@ -20,6 +20,7 @@ package netscape.security.pkcs; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileOutputStream; +import java.math.BigInteger; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; @@ -76,18 +77,6 @@ public class PKCS12Util { PFX pfx; boolean trustFlagsEnabled = true; - public static class PKCS12KeyInfo { - public EncryptedPrivateKeyInfo encPrivateKeyInfo; - public PrivateKeyInfo privateKeyInfo; - public String subjectDN; - } - - public static class PKCS12CertInfo { - public X509CertImpl cert; - public String nickname; - public String trustFlags; - } - public boolean isTrustFlagsEnabled() { return trustFlagsEnabled; } @@ -143,7 +132,7 @@ public class PKCS12Util { } public void addKeyBag(PrivateKey privateKey, X509Certificate x509cert, - Password pass, byte[] localKeyID, SEQUENCE safeContents) throws Exception { + Password pass, BigInteger localKeyID, SEQUENCE safeContents) throws Exception { logger.fine("Creating key bag for " + x509cert.getSubjectDN()); @@ -167,13 +156,13 @@ public class PKCS12Util { safeContents.addElement(keyBag); } - public byte[] addCertBag(X509Certificate x509cert, String nickname, + public BigInteger addCertBag(X509Certificate x509cert, String nickname, SEQUENCE safeContents) throws Exception { logger.fine("Creating cert bag for " + nickname); ASN1Value cert = new OCTET_STRING(x509cert.getEncoded()); - byte[] localKeyID = createLocalKeyID(x509cert); + BigInteger localKeyID = createLocalKeyID(x509cert); String trustFlags = null; if (trustFlagsEnabled) { @@ -191,7 +180,7 @@ public class PKCS12Util { return localKeyID; } - byte[] createLocalKeyID(X509Certificate cert) throws Exception { + BigInteger createLocalKeyID(X509Certificate cert) throws Exception { // SHA1 hash of the X509Cert DER encoding byte[] certDer = cert.getEncoded(); @@ -199,10 +188,10 @@ public class PKCS12Util { MessageDigest md = MessageDigest.getInstance("SHA"); md.update(certDer); - return md.digest(); + return new BigInteger(1, md.digest()); } - SET createKeyBagAttrs(String subjectDN, byte localKeyID[]) + SET createKeyBagAttrs(String subjectDN, BigInteger localKeyID) throws Exception { SET attrs = new SET(); @@ -220,7 +209,7 @@ public class PKCS12Util { localKeyAttr.addElement(SafeBag.LOCAL_KEY_ID); SET localKeySet = new SET(); - localKeySet.addElement(new OCTET_STRING(localKeyID)); + localKeySet.addElement(new OCTET_STRING(localKeyID.toByteArray())); localKeyAttr.addElement(localKeySet); attrs.addElement(localKeyAttr); @@ -228,7 +217,7 @@ public class PKCS12Util { return attrs; } - SET createCertBagAttrs(String nickname, byte localKeyID[], String trustFlags) + SET createCertBagAttrs(String nickname, BigInteger localKeyID, String trustFlags) throws Exception { SET attrs = new SET(); @@ -246,7 +235,7 @@ public class PKCS12Util { localKeyAttr.addElement(SafeBag.LOCAL_KEY_ID); SET localKeySet = new SET(); - localKeySet.addElement(new OCTET_STRING(localKeyID)); + localKeySet.addElement(new OCTET_STRING(localKeyID.toByteArray())); localKeyAttr.addElement(localKeySet); attrs.addElement(localKeyAttr); @@ -287,7 +276,7 @@ public class PKCS12Util { PrivateKey prikey = cm.findPrivKeyByCert(cert); logger.fine("Found certificate " + nickname + " with private key"); - byte localKeyID[] = addCertBag(cert, nickname, safeContents); + BigInteger localKeyID = addCertBag(cert, nickname, safeContents); addKeyBag(prikey, cert, password, localKeyID, encSafeContents); } catch (ObjectNotFoundException e) { |