diff options
| author | Christina Fu <cfu@redhat.com> | 2014-08-16 13:46:20 -0700 |
|---|---|---|
| committer | Christina Fu <cfu@redhat.com> | 2014-08-20 10:14:00 -0700 |
| commit | f90798b725430ac2ec44d1e29ea9fbd53abc4c64 (patch) | |
| tree | 1c19948a7c33e7bf8f06eca076dd36e6caf882f5 /base/common/src/org | |
| parent | 6936dab4beffcb16dfff9332e5f18e37bf67c20a (diff) | |
| download | pki-f90798b725430ac2ec44d1e29ea9fbd53abc4c64.tar.gz pki-f90798b725430ac2ec44d1e29ea9fbd53abc4c64.tar.xz pki-f90798b725430ac2ec44d1e29ea9fbd53abc4c64.zip | |
ticket#882 tokendb policy handling, revocation and re-enroll
Diffstat (limited to 'base/common/src/org')
| -rw-r--r-- | base/common/src/org/dogtagpki/tps/main/Util.java | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/base/common/src/org/dogtagpki/tps/main/Util.java b/base/common/src/org/dogtagpki/tps/main/Util.java index 8e6ffe614..c39b43577 100644 --- a/base/common/src/org/dogtagpki/tps/main/Util.java +++ b/base/common/src/org/dogtagpki/tps/main/Util.java @@ -20,11 +20,18 @@ */ package org.dogtagpki.tps.main; +import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URLDecoder; import java.net.URLEncoder; import java.security.spec.AlgorithmParameterSpec; +import netscape.security.x509.AuthorityKeyIdentifierExtension; +import netscape.security.x509.KeyIdentifier; +import netscape.security.x509.PKIXExtensions; +import netscape.security.x509.SubjectKeyIdentifierExtension; +import netscape.security.x509.X509CertImpl; + import org.mozilla.jss.CryptoManager; import org.mozilla.jss.crypto.Cipher; import org.mozilla.jss.crypto.CryptoToken; @@ -32,6 +39,7 @@ import org.mozilla.jss.crypto.EncryptionAlgorithm; import org.mozilla.jss.crypto.IVParameterSpec; import org.mozilla.jss.pkcs11.PK11SymKey; +import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.cmsutil.util.Utils; @@ -288,4 +296,40 @@ public class Util { } + /* + * getCertAkiString returns the Authority Key Identifier of the certificate in Base64 encoding + * @param cert X509CertImpl of the cert to be processed + * @return Base64 encoding of the cert's AKI + */ + public static String getCertAkiString(X509CertImpl cert) + throws EBaseException, IOException { + if (cert == null) { + throw new EBaseException("CARemoteRequestHandler: getCertAkiString(): input parameter cert null."); + } + AuthorityKeyIdentifierExtension certAKI = + (AuthorityKeyIdentifierExtension) + cert.getExtension(PKIXExtensions.AuthorityKey_Id.toString()); + KeyIdentifier kid = + (KeyIdentifier) certAKI.get(AuthorityKeyIdentifierExtension.KEY_ID); + return (CMS.BtoA(kid.getIdentifier()).trim()); + } + + /* + * getCertAkiString returns the Subject Key Identifier of the certificate in Base64 encoding + * @param cert X509CertImpl of the cert to be processed + * @return Base64 encoding of the cert's SKI + */ + public static String getCertSkiString(X509CertImpl cert) + throws EBaseException, IOException { + if (cert == null) { + throw new EBaseException("CARemoteRequestHandler: getCertSkiString(): input parameter cert null."); + } + SubjectKeyIdentifierExtension certSKI = + (SubjectKeyIdentifierExtension) + cert.getExtension(PKIXExtensions.SubjectKey_Id.toString()); + KeyIdentifier kid = + (KeyIdentifier) certSKI.get(SubjectKeyIdentifierExtension.KEY_ID); + return (CMS.BtoA(kid.getIdentifier()).trim()); + } + } |