diff options
author | Andrew Wnuk <awnuk@redhat.com> | 2013-08-20 23:46:06 -0400 |
---|---|---|
committer | Andrew Wnuk <awnuk@redhat.com> | 2013-08-26 16:49:07 -0700 |
commit | b60f6404379714e36903cd75f70d8724f2007107 (patch) | |
tree | 3daf4377c6d5d6eb3c4eae8d447aa10d68780f4b /base/java-tools/src/com/netscape/cmstools/PKCS10Client.java | |
parent | 8c101dcf24c956b28dd4739faaeabf8800179405 (diff) | |
download | pki-b60f6404379714e36903cd75f70d8724f2007107.tar.gz pki-b60f6404379714e36903cd75f70d8724f2007107.tar.xz pki-b60f6404379714e36903cd75f70d8724f2007107.zip |
PKCS10Client update
This patch provides enhancement to PKCS10Client allowing to control encoding for components of the subject name.
Ticket #677
Diffstat (limited to 'base/java-tools/src/com/netscape/cmstools/PKCS10Client.java')
-rw-r--r-- | base/java-tools/src/com/netscape/cmstools/PKCS10Client.java | 94 |
1 files changed, 85 insertions, 9 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java b/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java index cbe5f3f43..b432c7d1a 100644 --- a/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java +++ b/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java @@ -30,11 +30,15 @@ import netscape.security.x509.X500Name; import netscape.security.x509.X509Key; import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.asn1.BMPString; import org.mozilla.jss.asn1.INTEGER; import org.mozilla.jss.asn1.OBJECT_IDENTIFIER; import org.mozilla.jss.asn1.OCTET_STRING; import org.mozilla.jss.asn1.PrintableString; import org.mozilla.jss.asn1.SET; +import org.mozilla.jss.asn1.TeletexString; +import org.mozilla.jss.asn1.UTF8String; +import org.mozilla.jss.asn1.UniversalString; import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.crypto.KeyPairAlgorithm; import org.mozilla.jss.crypto.KeyPairGenerator; @@ -74,6 +78,8 @@ public class PKCS10Client { System.out.println( " Optionally, for ECC key generation per definition in JSS pkcs11.PK11KeyPairGenerator:\n"); System.out.println( + " -k <true for enabling encoding of attribute values; false for default encoding of attribute values; default is false>\n"); + System.out.println( " -t <true for temporary(session); false for permanent(token); default is false>\n"); System.out.println( " -s <1 for sensitive; 0 for non-sensitive; -1 temporaryPairMode dependent; default is -1>\n"); @@ -93,6 +99,7 @@ public class PKCS10Client { String alg = "rsa"; String ecc_curve = "nistp256"; boolean ec_temporary = false; /* session if true; token if false */ + boolean enable_encoding = false; /* enable encoding attribute values if true */ int ec_sensitive = -1; /* -1, 0, or 1 */ int ec_extractable = -1; /* -1, 0, or 1 */ boolean ec_ssl_ecdh = false; @@ -128,6 +135,12 @@ public class PKCS10Client { ec_temporary = true; else ec_temporary = false; + } else if (name.equals("-k")) { + String temp = args[i+1]; + if (temp.equals("true")) + enable_encoding = true; + else + enable_encoding = false; } else if (name.equals("-s")) { String ec_sensitive_s = args[i+1]; ec_sensitive = Integer.parseInt(ec_sensitive_s); @@ -260,7 +273,7 @@ public class PKCS10Client { SET attributes = new SET(); attributes.addElement(attr); - Name n = getJssName(subjectName); + Name n = getJssName(enable_encoding, subjectName); SubjectPublicKeyInfo subjectPub = new SubjectPublicKeyInfo(pair.getPublic()); System.out.println("PKCS10Client: pair.getPublic() called."); CertificationRequestInfo certReqInfo = @@ -326,7 +339,44 @@ public class PKCS10Client { } - static Name getJssName(String dn) { + static boolean isEncoded (String elementValue) { + boolean encoded = false; + + if (elementValue != null && ((elementValue.startsWith("UTF8String:")) || + (elementValue.startsWith("PrintableString:")) || + (elementValue.startsWith("BMPString:")) || + (elementValue.startsWith("TeletexString:")) || + (elementValue.startsWith("UniversalString:")))) { + encoded = true; + } + return encoded; + } + + static Name addNameElement (Name name, OBJECT_IDENTIFIER oid, int n, String elementValue) { + try { + String encodingType = (n > 0)? elementValue.substring(0, n): null; + String nameValue = (n > 0)? elementValue.substring(n+1): null; + if (encodingType != null && encodingType.length() > 0 && + nameValue != null && nameValue.length() > 0) { + if (encodingType.equals("UTF8String")) { + name.addElement( new AVA(oid, new UTF8String(nameValue))); + } else if (encodingType.equals("PrintableString")) { + name.addElement( new AVA(oid, new PrintableString(nameValue))); + } else if (encodingType.equals("BMPString")) { + name.addElement( new AVA(oid, new BMPString(nameValue))); + } else if (encodingType.equals("TeletexString")) { + name.addElement( new AVA(oid, new TeletexString(nameValue))); + } else if (encodingType.equals("UniversalString")) { + name.addElement( new AVA(oid, new UniversalString(nameValue))); + } + } + } catch (Exception e) { + System.out.println("PKCS10Client: Error adding name element: " + elementValue + " Error: " + e.toString()); + } + return name; + } + + static Name getJssName(boolean enable_encoding, String dn) { X500Name x5Name = null; @@ -353,11 +403,17 @@ public class PKCS10Client { if (split.length != 2) continue; + int n = split[1].indexOf(':'); try { if (split[0].equals("UID")) { - ret.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString( - split[1]))); + if (enable_encoding && isEncoded(split[1])) { + ret = addNameElement(ret, new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), + n, split[1]); + } else { + ret.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), + new PrintableString(split[1]))); + } // System.out.println("UID found : " + split[1]); } @@ -368,31 +424,51 @@ public class PKCS10Client { } if (split[0].equals("CN")) { - ret.addCommonName(split[1]); + if (enable_encoding && isEncoded(split[1])) { + ret = addNameElement (ret, Name.commonName, n, split[1]); + } else { + ret.addCommonName(split[1]); + } // System.out.println("CN found : " + split[1]); continue; } if (split[0].equals("L")) { - ret.addLocalityName(split[1]); + if (enable_encoding && isEncoded(split[1])) { + ret = addNameElement (ret, Name.localityName, n, split[1]); + } else { + ret.addLocalityName(split[1]); + } // System.out.println("L found : " + split[1]); continue; } if (split[0].equals("O")) { - ret.addOrganizationName(split[1]); + if (enable_encoding && isEncoded(split[1])) { + ret = addNameElement (ret, Name.organizationName, n, split[1]); + } else { + ret.addOrganizationName(split[1]); + } // System.out.println("O found : " + split[1]); continue; } if (split[0].equals("ST")) { - ret.addStateOrProvinceName(split[1]); + if (enable_encoding && isEncoded(split[1])) { + ret = addNameElement (ret, Name.stateOrProvinceName, n, split[1]); + } else { + ret.addStateOrProvinceName(split[1]); + } // System.out.println("ST found : " + split[1]); continue; } if (split[0].equals("OU")) { - ret.addOrganizationalUnitName(split[1]); + if (enable_encoding && isEncoded(split[1])) { + ret = addNameElement (ret, Name.organizationalUnitName, n, split[1]); + } else { + ret.addOrganizationalUnitName(split[1]); + } // System.out.println("OU found : " + split[1]); continue; } |