diff options
| author | Ade Lee <alee@redhat.com> | 2017-03-15 23:05:07 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2017-03-15 23:05:07 -0400 |
| commit | 080f3d2a8bf36be407c79ddd71381450c8667b2e (patch) | |
| tree | 58594f9c45e88c882579d9f6638ff6639e506729 /base/java-tools/src | |
| parent | 764a17314e81cade8bf1192739b5a2fad11d18bd (diff) | |
| parent | 07135b5906f97a8c68148a07484e63d6896f410b (diff) | |
| download | pki-080f3d2a8bf36be407c79ddd71381450c8667b2e.tar.gz pki-080f3d2a8bf36be407c79ddd71381450c8667b2e.tar.xz pki-080f3d2a8bf36be407c79ddd71381450c8667b2e.zip | |
Merge branch 'master' of github.com:dogtagpki/pki
Diffstat (limited to 'base/java-tools/src')
| -rw-r--r-- | base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java | 14 | ||||
| -rw-r--r-- | base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java | 9 |
2 files changed, 13 insertions, 10 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java b/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java index 8d5bd1f8a..0a05a395a 100644 --- a/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java +++ b/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java @@ -59,7 +59,6 @@ import org.mozilla.jss.crypto.KeyGenerator; import org.mozilla.jss.crypto.KeyPairAlgorithm; import org.mozilla.jss.crypto.KeyPairGenerator; import org.mozilla.jss.crypto.KeyWrapAlgorithm; -import org.mozilla.jss.crypto.KeyWrapper; import org.mozilla.jss.crypto.Signature; import org.mozilla.jss.crypto.SignatureAlgorithm; import org.mozilla.jss.crypto.SymmetricKey; @@ -551,9 +550,12 @@ public class CRMFPopClient { public byte[] wrapPrivateKey(CryptoToken token, SymmetricKey sessionKey, byte[] iv, KeyPair keyPair) throws Exception { // wrap private key using session - KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); - wrapper.initWrap(sessionKey, new IVParameterSpec(iv)); - return wrapper.wrap((org.mozilla.jss.crypto.PrivateKey) keyPair.getPrivate()); + return CryptoUtil.wrapUsingSymmetricKey( + token, + sessionKey, + (org.mozilla.jss.crypto.PrivateKey) keyPair.getPrivate(), + new IVParameterSpec(iv), + KeyWrapAlgorithm.DES3_CBC_PAD); } public byte[] wrapSessionKey(CryptoToken token, X509Certificate transportCert, SymmetricKey sessionKey) throws Exception { @@ -561,9 +563,7 @@ public class CRMFPopClient { // wrap session key using KRA transport cert // currently, a transport cert has to be an RSA cert, // regardless of the key you are wrapping - KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.RSA); - wrapper.initWrap(transportCert.getPublicKey(), null); - return wrapper.wrap(sessionKey); + return CryptoUtil.wrapUsingPublicKey(token, transportCert.getPublicKey(), sessionKey, KeyWrapAlgorithm.RSA); } public CertRequest createCertRequest( diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java index 22bddcf32..a3f1deb36 100644 --- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java @@ -18,6 +18,7 @@ package com.netscape.cmstools.client; +import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -97,11 +98,13 @@ public class ClientCertValidateCLI extends CLI { CryptoManager cm = CryptoManager.getInstance(); if (cu.getUsage() != CryptoManager.CertificateUsage.CheckAllUsages.getUsage()) { - if (cm.isCertValid(nickname, true, cu)) { + try { + cm.verifyCertificate(nickname, true, cu); System.out.println("Valid certificate: " + nickname); return true; - } else { - System.out.println("Invalid certificate: " + nickname); + } catch (CertificateException e) { + // Invalid certificate: (<code>) <message> + System.out.println(e.getMessage()); return false; } |