diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-02-13 09:42:14 +0100 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2016-02-17 21:24:49 +0100 |
commit | 6947854a3ab6ee4f296a5f97850f5521572683a1 (patch) | |
tree | c22fe4c16811b77920cafd2e811050067f3b3632 /base/java-tools | |
parent | 54849505729d3f6345bc7b530e5a40c14ff36116 (diff) | |
download | pki-6947854a3ab6ee4f296a5f97850f5521572683a1.tar.gz pki-6947854a3ab6ee4f296a5f97850f5521572683a1.tar.xz pki-6947854a3ab6ee4f296a5f97850f5521572683a1.zip |
Added PKCS #12 attribute to store certificate trust flags.
A new PKCS #12 attribute has been defined to store NSS certificate
trust flags in PKCS #12 file. The PKCS12Util has been modified to
store the trust flags during export and reset the trust flags in
NSS database during import.
https://fedorahosted.org/pki/ticket/1742
Diffstat (limited to 'base/java-tools')
4 files changed, 19 insertions, 3 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java index 2179c186c..f4d97cd74 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java @@ -18,6 +18,7 @@ package com.netscape.cmstools.pkcs12; +import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.cmstools.cli.CLI; import netscape.security.pkcs.PKCS12Util.PKCS12CertInfo; @@ -34,8 +35,13 @@ public class PKCS12CertCLI extends CLI { } public static void printCertInfo(PKCS12CertInfo certInfo) throws Exception { + System.out.println(" Serial Number: " + new CertId(certInfo.cert.getSerialNumber()).toHexString()); System.out.println(" Nickname: " + certInfo.nickname); - System.out.println(" Subject: " + certInfo.cert.getSubjectDN()); - System.out.println(" Issuer: " + certInfo.cert.getIssuerDN()); + System.out.println(" Subject DN: " + certInfo.cert.getSubjectDN()); + System.out.println(" Issuer DN: " + certInfo.cert.getIssuerDN()); + + if (certInfo.trustFlags != null) { + System.out.println(" Trust flags: " + certInfo.trustFlags); + } } } diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java index 1e6774004..e5acd0600 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java @@ -59,6 +59,8 @@ public class PKCS12ExportCLI extends CLI { option.setArgName("path"); options.addOption(option); + options.addOption(null, "no-trust-flags", false, "Do not include trust flags"); + options.addOption("v", "verbose", false, "Run in verbose mode."); options.addOption(null, "debug", false, "Run in debug mode."); options.addOption(null, "help", false, "Show help message."); @@ -120,8 +122,11 @@ public class PKCS12ExportCLI extends CLI { Password password = new Password(passwordString.toCharArray()); + boolean trustFlagsEnabled = !cmd.hasOption("no-trust-flags"); + try { PKCS12Util util = new PKCS12Util(); + util.setTrustFlagsEnabled(trustFlagsEnabled); util.exportData(filename, password); } finally { password.clear(); diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java index 8add346fb..4e9ed23fc 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java @@ -59,6 +59,8 @@ public class PKCS12ImportCLI extends CLI { option.setArgName("path"); options.addOption(option); + options.addOption(null, "no-trust-flags", false, "Do not include trust flags"); + options.addOption("v", "verbose", false, "Run in verbose mode."); options.addOption(null, "debug", false, "Run in debug mode."); options.addOption(null, "help", false, "Show help message."); @@ -120,8 +122,11 @@ public class PKCS12ImportCLI extends CLI { Password password = new Password(passwordString.toCharArray()); + boolean trustFlagsEnabled = !cmd.hasOption("no-trust-flags"); + try { PKCS12Util util = new PKCS12Util(); + util.setTrustFlagsEnabled(trustFlagsEnabled); util.importData(filename, password); } finally { password.clear(); diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java index 5297a50ad..9f0779782 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java @@ -34,7 +34,7 @@ public class PKCS12KeyCLI extends CLI { } public static void printKeyInfo(PKCS12KeyInfo keyInfo) throws Exception { - System.out.println(" Subject: " + keyInfo.subjectDN); + System.out.println(" Subject DN: " + keyInfo.subjectDN); if (keyInfo.privateKeyInfo != null) { System.out.println(" Algorithm: " + keyInfo.privateKeyInfo.getAlgorithm()); |