diff options
author | Christina Fu <cfu@redhat.com> | 2014-09-25 09:03:58 -0700 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2014-09-25 10:01:40 -0700 |
commit | ee33bb2a90a183b9d5552c6ac193e9d8958a3974 (patch) | |
tree | a9de42fa15937b982128eb2f032daa47ebaa4872 /base/util | |
parent | 247b30faec1b85c66979fcdffdfad04a29c87b11 (diff) | |
download | pki-ee33bb2a90a183b9d5552c6ac193e9d8958a3974.tar.gz pki-ee33bb2a90a183b9d5552c6ac193e9d8958a3974.tar.xz pki-ee33bb2a90a183b9d5552c6ac193e9d8958a3974.zip |
ticket #1110 pkispawn (configuration) does not provide CA extensions in subordinate certificate signing requests (CSR)
Diffstat (limited to 'base/util')
-rw-r--r-- | base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 49 |
1 files changed, 48 insertions, 1 deletions
diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index ee077872f..cf2bafac1 100644 --- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -46,7 +46,10 @@ import java.util.Vector; import javax.crypto.SecretKey; import netscape.security.pkcs.PKCS10; +import netscape.security.pkcs.PKCS10Attribute; +import netscape.security.pkcs.PKCS10Attributes; import netscape.security.pkcs.PKCS7; +import netscape.security.pkcs.PKCS9Attribute; import netscape.security.util.BigInt; import netscape.security.util.DerInputStream; import netscape.security.util.DerOutputStream; @@ -62,6 +65,7 @@ import netscape.security.x509.CertificateSubjectName; import netscape.security.x509.CertificateValidity; import netscape.security.x509.CertificateVersion; import netscape.security.x509.CertificateX509Key; +import netscape.security.x509.Extensions; import netscape.security.x509.X500Name; import netscape.security.x509.X500Signer; import netscape.security.x509.X509CertImpl; @@ -1179,12 +1183,36 @@ public class CryptoUtil { throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException { + return createCertificationRequest(subjectName, pubk, prik, alg, null); + } + + /* + * This createCertificationRequest() allows extensions to be added to the CSR + */ + public static PKCS10 createCertificationRequest(String subjectName, + X509Key pubk, PrivateKey prik, String alg, Extensions exts) + throws NoSuchAlgorithmException, NoSuchProviderException, + InvalidKeyException, IOException, CertificateException, + SignatureException { X509Key key = pubk; java.security.Signature sig = java.security.Signature.getInstance(alg, "Mozilla-JSS"); sig.initSign(prik); - PKCS10 pkcs10 = new PKCS10(key); + PKCS10 pkcs10 = null; + + if (exts != null) { + PKCS10Attribute attr = new + PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, + exts); + PKCS10Attributes attrs = new PKCS10Attributes(); + + attrs.setAttribute(attr.getAttributeValue().getName(), attr); + + pkcs10 = new PKCS10(key, attrs); + } else { + pkcs10 = new PKCS10(key); + } X500Name name = new X500Name(subjectName); X500Signer signer = new X500Signer(sig, name); @@ -1350,6 +1378,25 @@ public class CryptoUtil { } /** + * Converts string containing pairs of characters in the range of '0' + * to '9', 'a' to 'f' to an array of bytes such that each pair of + * characters in the string represents an individual byte + */ + public static byte[] hexString2Bytes(String string) { + if (string == null) + return null; + int stringLength = string.length(); + if ((stringLength == 0) || ((stringLength % 2) != 0)) + return null; + byte[] bytes = new byte[(stringLength / 2)]; + for (int i = 0, b = 0; i < stringLength; i += 2, ++b) { + String nextByte = string.substring(i, (i + 2)); + bytes[b] = (byte) Integer.parseInt(nextByte, 0x10); + } + return bytes; + } + + /** * Retrieves a private key from a unique key ID. */ public static PrivateKey findPrivateKeyFromID(byte id[]) |