diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2016-02-22 18:29:46 +0100 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2016-02-24 21:30:20 +0100 |
| commit | b74bf9b82102715e08fa3fd3bd5ce9462312aded (patch) | |
| tree | d6ece51d84f7b1a76bab74de24403433322bf478 /base/java-tools/src/com | |
| parent | b96bcf71fcfd23eb2e5c636f8eee626c11c14960 (diff) | |
| download | pki-b74bf9b82102715e08fa3fd3bd5ce9462312aded.tar.gz pki-b74bf9b82102715e08fa3fd3bd5ce9462312aded.tar.xz pki-b74bf9b82102715e08fa3fd3bd5ce9462312aded.zip | |
Updated PKCS12Util.
The PKCSUtil has been updated to match the functionality provided
by JSS.
In order to import a certificate properly, the certificate needs
to be exported with its private key and certificate chain, so the
option to export without key or without the certificate chain has
been removed. The option to export only the certificate chain has
also been removed since it can be done by exporting the complete
certificate chain, then remove the leaf certificate while keeping
the chain.
The pki pkcs12-cert-add has been modified to provide an option
to create a new PKCS #12 file to store the certificate.
The pki pkcs12-export has been modified to always overwrite
existing file to match the behavior of PKCS12Export. It also has
been modified to accept a list of nicknames of certificates to
export.
https://fedorahosted.org/pki/ticket/1742
Diffstat (limited to 'base/java-tools/src/com')
| -rw-r--r-- | base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java | 19 | ||||
| -rw-r--r-- | base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java | 19 |
2 files changed, 21 insertions, 17 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java index 6c9d8032e..ce7b3dd79 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java @@ -63,10 +63,8 @@ public class PKCS12CertAddCLI extends CLI { option.setArgName("path"); options.addOption(option); + options.addOption(null, "new-file", false, "Create a new PKCS #12 file"); options.addOption(null, "no-trust-flags", false, "Do not include trust flags"); - options.addOption(null, "no-cert", false, "Do not include certificate itself"); - options.addOption(null, "no-key", false, "Do not include certificate key"); - options.addOption(null, "no-chain", false, "Do not include certificate chain"); options.addOption("v", "verbose", false, "Run in verbose mode."); options.addOption(null, "debug", false, "Run in debug mode."); @@ -139,10 +137,8 @@ public class PKCS12CertAddCLI extends CLI { Password password = new Password(passwordString.toCharArray()); + boolean newFile = cmd.hasOption("new-file"); boolean includeTrustFlags = !cmd.hasOption("no-trust-flags"); - boolean includeCert = !cmd.hasOption("no-cert"); - boolean includeKey = !cmd.hasOption("no-key"); - boolean includeChain = !cmd.hasOption("no-chain"); try { PKCS12Util util = new PKCS12Util(); @@ -150,13 +146,16 @@ public class PKCS12CertAddCLI extends CLI { PKCS12 pkcs12; - if (new File(filename).exists()) { - pkcs12 = util.loadFromFile(filename, password); - } else { + if (newFile || !new File(filename).exists()) { + // if new file requested or file does not exist, create a new file pkcs12 = new PKCS12(); + + } else { + // otherwise, add into the same file + pkcs12 = util.loadFromFile(filename, password); } - util.loadFromNSS(pkcs12, nickname, includeCert, includeKey, includeChain); + util.loadCertFromNSS(pkcs12, nickname); util.storeIntoFile(pkcs12, filename, password); } finally { diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java index a5c9e2823..f17251284 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java @@ -18,7 +18,6 @@ package com.netscape.cmstools.pkcs12; import java.io.BufferedReader; -import java.io.File; import java.io.FileReader; import java.util.logging.Level; import java.util.logging.Logger; @@ -45,7 +44,7 @@ public class PKCS12ExportCLI extends CLI { } public void printHelp() { - formatter.printHelp(getFullName() + " [OPTIONS...]", options); + formatter.printHelp(getFullName() + " [OPTIONS...] [nicknames...]", options); } public void createOptions() { @@ -96,6 +95,7 @@ public class PKCS12ExportCLI extends CLI { Logger.getLogger("netscape").setLevel(Level.FINE); } + String[] nicknames = cmd.getArgs(); String filename = cmd.getOptionValue("pkcs12"); if (filename == null) { @@ -130,15 +130,20 @@ public class PKCS12ExportCLI extends CLI { PKCS12Util util = new PKCS12Util(); util.setTrustFlagsEnabled(trustFlagsEnabled); - PKCS12 pkcs12; + // overwrite existing file + PKCS12 pkcs12 = new PKCS12(); + + if (nicknames.length == 0) { + // load all certificates + util.loadFromNSS(pkcs12); - if (new File(filename).exists()) { - pkcs12 = util.loadFromFile(filename, password); } else { - pkcs12 = new PKCS12(); + // load specified certificates + for (String nickname : nicknames) { + util.loadCertFromNSS(pkcs12, nickname); + } } - util.loadFromNSS(pkcs12); util.storeIntoFile(pkcs12, filename, password); } finally { |