diff options
| author | Ade Lee <alee@redhat.com> | 2017-06-06 16:16:40 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2017-06-07 16:00:52 -0400 |
| commit | d5c331a42955365b76a1549aec047e613d3185dc (patch) | |
| tree | 6258a518501aa166cb803abe04f046da410aec31 /base/java-tools/src/com | |
| parent | 38df4274214938ceece85627abb6d4fe77b960ff (diff) | |
| download | pki-d5c331a42955365b76a1549aec047e613d3185dc.tar.gz pki-d5c331a42955365b76a1549aec047e613d3185dc.tar.xz pki-d5c331a42955365b76a1549aec047e613d3185dc.zip | |
Server side changes to correctly parse the new PKIArchiveOptions
The server is modified to read the new OIDs in the PKIArchiveOptions
and handle them correctly.
Change-Id: I328df4d6588b3c2c26a387ab2e9ed742d36824d4
Diffstat (limited to 'base/java-tools/src/com')
| -rw-r--r-- | base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java b/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java index b06faa6be..25de2dd60 100644 --- a/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java +++ b/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java @@ -191,7 +191,7 @@ public class CRMFPopClient { options.addOption(option); option = new Option("w", true, "Algorithm to be used for key wrapping"); - option.setArgName("keySet"); + option.setArgName("keywrap algorithm"); options.addOption(option); options.addOption("y", false, "for Self-signed cmc."); @@ -655,13 +655,23 @@ public class CRMFPopClient { KeyPair keyPair, Name subject, KeyWrapAlgorithm keyWrapAlgorithm) throws Exception { - byte[] iv = null; - if (keyWrapAlgorithm.getParameterClasses() != null) { - iv = CryptoUtil.getNonceData(keyWrapAlgorithm.getBlockSize()); - } + byte[] iv = CryptoUtil.getNonceData(keyWrapAlgorithm.getBlockSize()); OBJECT_IDENTIFIER kwOID = CryptoUtil.getOID(keyWrapAlgorithm); + /* TODO(alee) + * + * HACK HACK! + * algorithms like AES KeyWrap do not require an IV, but we need to include one + * in the AlgorithmIdentifier above, or the creation and parsing of the + * PKIArchiveOptions options will fail. So we include an IV in aid, but null it + * later to correctly encrypt the data + */ AlgorithmIdentifier aid = new AlgorithmIdentifier(kwOID, new OCTET_STRING(iv)); + + Class[] iv_classes = keyWrapAlgorithm.getParameterClasses(); + if (iv_classes == null || iv_classes.length == 0) + iv = null; + WrappingParams params = getWrappingParams(keyWrapAlgorithm, iv); PKIArchiveOptions opts = CryptoUtil.createPKIArchiveOptions( |