diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-03-31 21:59:25 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2016-04-04 19:33:05 +0200 |
commit | 6448bfea3282f2f3a81520b3381d2a833babd491 (patch) | |
tree | d24371d40dc4eecf705ac1f4cd73886b8ceec82a /base/java-tools/src/com/netscape/cmstools/pkcs12 | |
parent | 5fc6095c21a01de7c1386759a10b3303a0861cfe (diff) | |
download | pki-6448bfea3282f2f3a81520b3381d2a833babd491.tar.gz pki-6448bfea3282f2f3a81520b3381d2a833babd491.tar.xz pki-6448bfea3282f2f3a81520b3381d2a833babd491.zip |
Fixed missing trust flags in certificate backup.
The ConfigurationUtils.backupKeys() has been modified to use
PKCS12Util to export the certificates and their trust flags into
a PKCS #12 file such that the file can be used for cloning.
The code to generate PFX object has been refactored from the
PKCS12Util.storeIntoFile() into a separate generatePFX() method.
The PKCS12Util.loadCertFromNSS() has been modified to provide
options to load a certificate from NSS database without the key
or the certificate chain. The CLIs have been modified to provide
the same options.
The PKCS12Util.getCertInfo() has modified to ignore missing
certificate attributes in the PKCS #12 file and generate a new
local ID.
https://fedorahosted.org/pki/ticket/2255
Diffstat (limited to 'base/java-tools/src/com/netscape/cmstools/pkcs12')
-rw-r--r-- | base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java | 7 | ||||
-rw-r--r-- | base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java | 12 |
2 files changed, 14 insertions, 5 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java index 48e4907cf..a422b200d 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java @@ -65,6 +65,8 @@ public class PKCS12CertAddCLI extends CLI { options.addOption(null, "new-file", false, "Create a new PKCS #12 file"); options.addOption(null, "no-trust-flags", false, "Do not include trust flags"); + options.addOption(null, "no-key", false, "Do not include private key"); + options.addOption(null, "no-chain", false, "Do not include certificate chain"); options.addOption("v", "verbose", false, "Run in verbose mode."); options.addOption(null, "debug", false, "Run in debug mode."); @@ -139,6 +141,8 @@ public class PKCS12CertAddCLI extends CLI { boolean newFile = cmd.hasOption("new-file"); boolean includeTrustFlags = !cmd.hasOption("no-trust-flags"); + boolean includeKey = !cmd.hasOption("no-key"); + boolean includeChain = !cmd.hasOption("no-chain"); try { PKCS12Util util = new PKCS12Util(); @@ -155,7 +159,8 @@ public class PKCS12CertAddCLI extends CLI { pkcs12 = util.loadFromFile(filename, password); } - util.loadCertFromNSS(pkcs12, nickname); + // load the specified certificate + util.loadCertFromNSS(pkcs12, nickname, includeKey, includeChain); util.storeIntoFile(pkcs12, filename, password); } finally { diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java index d42c449b4..fab5ecdda 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java @@ -63,6 +63,8 @@ public class PKCS12ExportCLI extends CLI { options.addOption(null, "new-file", false, "Create a new PKCS #12 file"); options.addOption(null, "no-trust-flags", false, "Do not include trust flags"); + options.addOption(null, "no-key", false, "Do not include private key"); + options.addOption(null, "no-chain", false, "Do not include certificate chain"); options.addOption("v", "verbose", false, "Run in verbose mode."); options.addOption(null, "debug", false, "Run in debug mode."); @@ -127,11 +129,13 @@ public class PKCS12ExportCLI extends CLI { Password password = new Password(passwordString.toCharArray()); boolean newFile = cmd.hasOption("new-file"); - boolean trustFlagsEnabled = !cmd.hasOption("no-trust-flags"); + boolean includeTrustFlags = !cmd.hasOption("no-trust-flags"); + boolean includeKey = !cmd.hasOption("no-key"); + boolean includeChain = !cmd.hasOption("no-chain"); try { PKCS12Util util = new PKCS12Util(); - util.setTrustFlagsEnabled(trustFlagsEnabled); + util.setTrustFlagsEnabled(includeTrustFlags); PKCS12 pkcs12; @@ -149,9 +153,9 @@ public class PKCS12ExportCLI extends CLI { util.loadFromNSS(pkcs12); } else { - // load specified certificates + // load the specified certificates for (String nickname : nicknames) { - util.loadCertFromNSS(pkcs12, nickname); + util.loadCertFromNSS(pkcs12, nickname, includeKey, includeChain); } } |