Added PKCS #12 attribute to store certificate trust flags.

A new PKCS #12 attribute has been defined to store NSS certificate trust flags in PKCS #12 file. The PKCS12Util has been modified to store the trust flags during export and reset the trust flags in NSS database during import. https://fedorahosted.org/pki/ticket/1742
author: Endi S. Dewata <edewata@redhat.com> 2016-02-13 09:42:14 +0100
committer: Endi S. Dewata <edewata@redhat.com> 2016-02-17 21:24:49 +0100
commit: 6947854a3ab6ee4f296a5f97850f5521572683a1 (patch)
tree: c22fe4c16811b77920cafd2e811050067f3b3632 /base/java-tools
parent: 54849505729d3f6345bc7b530e5a40c14ff36116 (diff)
download: pki-6947854a3ab6ee4f296a5f97850f5521572683a1.tar.gz
pki-6947854a3ab6ee4f296a5f97850f5521572683a1.tar.xz
pki-6947854a3ab6ee4f296a5f97850f5521572683a1.zip
4 files changed, 19 insertions, 3 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java
index 2179c186c..f4d97cd74 100644
--- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java
@@ -18,6 +18,7 @@
 
 package com.netscape.cmstools.pkcs12;
 
+import com.netscape.certsrv.dbs.certdb.CertId;
 import com.netscape.cmstools.cli.CLI;
 
 import netscape.security.pkcs.PKCS12Util.PKCS12CertInfo;
@@ -34,8 +35,13 @@ public class PKCS12CertCLI extends CLI {
     }
 
     public static void printCertInfo(PKCS12CertInfo certInfo) throws Exception {
+        System.out.println("  Serial Number: " + new CertId(certInfo.cert.getSerialNumber()).toHexString());
         System.out.println("  Nickname: " + certInfo.nickname);
-        System.out.println("  Subject: " + certInfo.cert.getSubjectDN());
-        System.out.println("  Issuer: " + certInfo.cert.getIssuerDN());
+        System.out.println("  Subject DN: " + certInfo.cert.getSubjectDN());
+        System.out.println("  Issuer DN: " + certInfo.cert.getIssuerDN());
+
+        if (certInfo.trustFlags != null) {
+            System.out.println("  Trust flags: " + certInfo.trustFlags);
+        }
     }
 }
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java
index 1e6774004..e5acd0600 100644
--- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java
@@ -59,6 +59,8 @@ public class PKCS12ExportCLI extends CLI {
         option.setArgName("path");
         options.addOption(option);
 
+        options.addOption(null, "no-trust-flags", false, "Do not include trust flags");
+
         options.addOption("v", "verbose", false, "Run in verbose mode.");
         options.addOption(null, "debug", false, "Run in debug mode.");
         options.addOption(null, "help", false, "Show help message.");
@@ -120,8 +122,11 @@ public class PKCS12ExportCLI extends CLI {
 
         Password password = new Password(passwordString.toCharArray());
 
+        boolean trustFlagsEnabled = !cmd.hasOption("no-trust-flags");
+
         try {
             PKCS12Util util = new PKCS12Util();
+            util.setTrustFlagsEnabled(trustFlagsEnabled);
             util.exportData(filename, password);
         } finally {
             password.clear();
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java
index 8add346fb..4e9ed23fc 100644
--- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java
@@ -59,6 +59,8 @@ public class PKCS12ImportCLI extends CLI {
         option.setArgName("path");
         options.addOption(option);
 
+        options.addOption(null, "no-trust-flags", false, "Do not include trust flags");
+
         options.addOption("v", "verbose", false, "Run in verbose mode.");
         options.addOption(null, "debug", false, "Run in debug mode.");
         options.addOption(null, "help", false, "Show help message.");
@@ -120,8 +122,11 @@ public class PKCS12ImportCLI extends CLI {
 
         Password password = new Password(passwordString.toCharArray());
 
+        boolean trustFlagsEnabled = !cmd.hasOption("no-trust-flags");
+
         try {
             PKCS12Util util = new PKCS12Util();
+            util.setTrustFlagsEnabled(trustFlagsEnabled);
             util.importData(filename, password);
         } finally {
             password.clear();
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java
index 5297a50ad..9f0779782 100644
--- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java
@@ -34,7 +34,7 @@ public class PKCS12KeyCLI extends CLI {
     }
 
     public static void printKeyInfo(PKCS12KeyInfo keyInfo) throws Exception {
-        System.out.println("  Subject: " + keyInfo.subjectDN);
+        System.out.println("  Subject DN: " + keyInfo.subjectDN);
 
         if (keyInfo.privateKeyInfo != null) {
             System.out.println("  Algorithm: " + keyInfo.privateKeyInfo.getAlgorithm());
author	Endi S. Dewata <edewata@redhat.com>	2016-02-13 09:42:14 +0100
committer	Endi S. Dewata <edewata@redhat.com>	2016-02-17 21:24:49 +0100
commit	6947854a3ab6ee4f296a5f97850f5521572683a1 (patch)
tree	c22fe4c16811b77920cafd2e811050067f3b3632 /base/java-tools
parent	54849505729d3f6345bc7b530e5a40c14ff36116 (diff)
download	pki-6947854a3ab6ee4f296a5f97850f5521572683a1.tar.gz pki-6947854a3ab6ee4f296a5f97850f5521572683a1.tar.xz pki-6947854a3ab6ee4f296a5f97850f5521572683a1.zip