diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2016-02-15 05:27:19 +0100 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2016-02-19 15:17:53 +0100 |
| commit | a96ecbae1bfa27223bbebc7a67f695b643c4aebe (patch) | |
| tree | f73e4a49d678d6eeec263c48bf383459485ba62c /base/java-tools/src/com/netscape | |
| parent | 0d44556fa78203121a24224d4733b89c36ef9cc9 (diff) | |
| download | pki-a96ecbae1bfa27223bbebc7a67f695b643c4aebe.tar.gz pki-a96ecbae1bfa27223bbebc7a67f695b643c4aebe.tar.xz pki-a96ecbae1bfa27223bbebc7a67f695b643c4aebe.zip | |
Refactored PKCS12Util to use PKCS12 object.
The PKCS12Util has been modified such that it stores the certs and
keys in PKCS12 object instead of PFX object. The PKCS12 object can
be loaded either from NSS database or PKCS #12 file. The PKCS12
object can later be stored into NSS database or PKCS #12 file.
The pki pkcs12-cert-find and pkcs12-key-find commands were modified
to require PKCS #12 password.
https://fedorahosted.org/pki/ticket/1742
Diffstat (limited to 'base/java-tools/src/com/netscape')
7 files changed, 76 insertions, 20 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java b/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java index 5d698bea3..bcc4252ba 100644 --- a/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java +++ b/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java @@ -26,6 +26,7 @@ import org.mozilla.jss.CryptoManager; import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.util.Password; +import netscape.security.pkcs.PKCS12; import netscape.security.pkcs.PKCS12Util; /** @@ -126,7 +127,9 @@ public class PKCS12Export { try { PKCS12Util util = new PKCS12Util(); - util.exportData(pkcs12OutputFilename, password); + PKCS12 pkcs12 = util.loadFromNSS(); + util.storeIntoFile(pkcs12, pkcs12OutputFilename, password); + } finally { password.clear(); } diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java index a83fbac4f..807404749 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java @@ -40,6 +40,10 @@ public class PKCS12CertCLI extends CLI { System.out.println(" Subject DN: " + certInfo.getCert().getSubjectDN()); System.out.println(" Issuer DN: " + certInfo.getCert().getIssuerDN()); + if (certInfo.getKeyID() != null) { + System.out.println(" Key ID: " + certInfo.getKeyID().toString(16)); + } + if (certInfo.getTrustFlags() != null) { System.out.println(" Trust flags: " + certInfo.getTrustFlags()); } diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java index 3aec7a6b2..8c6fb8845 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java @@ -18,17 +18,21 @@ package com.netscape.cmstools.pkcs12; -import java.util.List; +import java.io.BufferedReader; +import java.io.FileReader; +import java.util.Collection; import java.util.logging.Level; import java.util.logging.Logger; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Option; import org.apache.commons.cli.ParseException; +import org.mozilla.jss.util.Password; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; +import netscape.security.pkcs.PKCS12; import netscape.security.pkcs.PKCS12CertInfo; import netscape.security.pkcs.PKCS12Util; @@ -52,7 +56,15 @@ public class PKCS12CertFindCLI extends CLI { option.setArgName("path"); options.addOption(option); - options.addOption("v", "verbose", false, "Run in verbose mode."); + option = new Option(null, "pkcs12-password", true, "PKCS #12 password"); + option.setArgName("password"); + options.addOption(option); + + option = new Option(null, "pkcs12-password-file", true, "PKCS #12 password file"); + option.setArgName("path"); + options.addOption(option); + + options.addOption("v", "verbose", false, "Run in verbose mode."); options.addOption(null, "debug", false, "Run in debug mode."); options.addOption(null, "help", false, "Show help message."); } @@ -101,10 +113,36 @@ public class PKCS12CertFindCLI extends CLI { System.exit(-1); } - PKCS12Util util = new PKCS12Util(); - util.loadFromPKCS12(filename); + String passwordString = cmd.getOptionValue("pkcs12-password"); + + if (passwordString == null) { + + String passwordFile = cmd.getOptionValue("pkcs12-password-file"); + if (passwordFile != null) { + try (BufferedReader in = new BufferedReader(new FileReader(passwordFile))) { + passwordString = in.readLine(); + } + } + } + + if (passwordString == null) { + System.err.println("Error: Missing PKCS #12 password."); + printHelp(); + System.exit(-1); + } + + Password password = new Password(passwordString.toCharArray()); - List<PKCS12CertInfo> certInfos = util.getCertInfos(); + Collection<PKCS12CertInfo> certInfos; + try { + PKCS12Util util = new PKCS12Util(); + PKCS12 pkcs12 = util.loadFromFile(filename, password); + + certInfos = pkcs12.getCertInfos(); + + } finally { + password.clear(); + } MainCLI.printMessage(certInfos.size() + " entries found"); if (certInfos.size() == 0) return; diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java index e5acd0600..174748262 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java @@ -29,6 +29,7 @@ import org.mozilla.jss.util.Password; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; +import netscape.security.pkcs.PKCS12; import netscape.security.pkcs.PKCS12Util; /** @@ -127,7 +128,10 @@ public class PKCS12ExportCLI extends CLI { try { PKCS12Util util = new PKCS12Util(); util.setTrustFlagsEnabled(trustFlagsEnabled); - util.exportData(filename, password); + + PKCS12 pkcs12 = util.loadFromNSS(); + util.storeIntoFile(pkcs12, filename, password); + } finally { password.clear(); } diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java index 4e9ed23fc..3e42efcbc 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java @@ -29,6 +29,7 @@ import org.mozilla.jss.util.Password; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; +import netscape.security.pkcs.PKCS12; import netscape.security.pkcs.PKCS12Util; /** @@ -127,7 +128,10 @@ public class PKCS12ImportCLI extends CLI { try { PKCS12Util util = new PKCS12Util(); util.setTrustFlagsEnabled(trustFlagsEnabled); - util.importData(filename, password); + + PKCS12 pkcs12 = util.loadFromFile(filename, password); + util.storeIntoNSS(pkcs12, password); + } finally { password.clear(); } diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java index d859fcea1..bce1e137b 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java @@ -34,10 +34,9 @@ public class PKCS12KeyCLI extends CLI { } public static void printKeyInfo(PKCS12KeyInfo keyInfo) throws Exception { - System.out.println(" Subject DN: " + keyInfo.getSubjectDN()); - if (keyInfo.getPrivateKeyInfo() != null) { - System.out.println(" Algorithm: " + keyInfo.getPrivateKeyInfo().getAlgorithm()); - } + System.out.println(" Key ID: " + keyInfo.getID().toString(16)); + System.out.println(" Subject DN: " + keyInfo.getSubjectDN()); + System.out.println(" Algorithm: " + keyInfo.getPrivateKeyInfo().getAlgorithm()); } } diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java index 3bda750a4..92b9cf132 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java @@ -20,7 +20,7 @@ package com.netscape.cmstools.pkcs12; import java.io.BufferedReader; import java.io.FileReader; -import java.util.List; +import java.util.Collection; import java.util.logging.Level; import java.util.logging.Logger; @@ -32,6 +32,7 @@ import org.mozilla.jss.util.Password; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; +import netscape.security.pkcs.PKCS12; import netscape.security.pkcs.PKCS12KeyInfo; import netscape.security.pkcs.PKCS12Util; @@ -124,21 +125,24 @@ public class PKCS12KeyFindCLI extends CLI { } } - Password password = null; - if (passwordString != null) { - password = new Password(passwordString.toCharArray()); + if (passwordString == null) { + System.err.println("Error: Missing PKCS #12 password."); + printHelp(); + System.exit(-1); } - List<PKCS12KeyInfo> keyInfos; + Password password = new Password(passwordString.toCharArray()); + + Collection<PKCS12KeyInfo> keyInfos; try { PKCS12Util util = new PKCS12Util(); - util.loadFromPKCS12(filename); + PKCS12 pkcs12 = util.loadFromFile(filename, password); - keyInfos = util.getKeyInfos(password); + keyInfos = pkcs12.getKeyInfos(); } finally { - if (password != null) password.clear(); + password.clear(); } MainCLI.printMessage(keyInfos.size() + " entries found"); |