diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2016-02-15 05:27:19 +0100 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2016-02-19 15:30:07 +0100 |
| commit | 67a0c95b8622b18c9803b2bfe0f708be8747f896 (patch) | |
| tree | d6f7991a223ac5403bbeae2a1ef1d2cb330d4584 /base/util | |
| parent | a96ecbae1bfa27223bbebc7a67f695b643c4aebe (diff) | |
| download | pki-67a0c95b8622b18c9803b2bfe0f708be8747f896.tar.gz pki-67a0c95b8622b18c9803b2bfe0f708be8747f896.tar.xz pki-67a0c95b8622b18c9803b2bfe0f708be8747f896.zip | |
Added CLI to manage certs in PKCS #12 file.
New CLIs have been added to add a certificate from NSS database and
to remove a certificate from the PKCS #12 file.
https://fedorahosted.org/pki/ticket/1742
Diffstat (limited to 'base/util')
| -rw-r--r-- | base/util/src/netscape/security/pkcs/PKCS12Util.java | 45 |
1 files changed, 37 insertions, 8 deletions
diff --git a/base/util/src/netscape/security/pkcs/PKCS12Util.java b/base/util/src/netscape/security/pkcs/PKCS12Util.java index c5173a208..8d189a9d7 100644 --- a/base/util/src/netscape/security/pkcs/PKCS12Util.java +++ b/base/util/src/netscape/security/pkcs/PKCS12Util.java @@ -232,24 +232,36 @@ public class PKCS12Util { return attrs; } - public PKCS12 loadFromNSS() throws Exception { + public void loadFromNSS(PKCS12 pkcs12) throws Exception { - logger.info("Loading data from NSS database"); + logger.info("Loading all certificate and keys from NSS database"); CryptoManager cm = CryptoManager.getInstance(); CryptoToken token = cm.getInternalKeyStorageToken(); CryptoStore store = token.getCryptoStore(); - PKCS12 pkcs12 = new PKCS12(); - + // load all certs for (X509Certificate cert : store.getCertificates()) { - loadCertAndKeyFromNSS(pkcs12, cert); + loadCertFromNSS(pkcs12, cert, true); // load cert with private key } + } - return pkcs12; + public void loadFromNSS(PKCS12 pkcs12, String nickname, boolean includeCert, boolean includeKey, boolean includeChain) throws Exception { + + CryptoManager cm = CryptoManager.getInstance(); + + X509Certificate cert = cm.findCertByNickname(nickname); + + if (includeCert) { + loadCertFromNSS(pkcs12, cert, includeKey); + } + + if (includeChain) { + loadCertChainFromNSS(pkcs12, cert); + } } - public void loadCertAndKeyFromNSS(PKCS12 pkcs12, X509Certificate cert) throws Exception { + public void loadCertFromNSS(PKCS12 pkcs12, X509Certificate cert, boolean includeKey) throws Exception { String nickname = cert.getNickname(); logger.info("Loading certificate \"" + nickname + "\" from NSS database"); @@ -265,9 +277,12 @@ public class PKCS12Util { certInfo.trustFlags = getTrustFlags(cert); pkcs12.addCertInfo(certInfo); + if (!includeKey) return; + + logger.info("Loading private key for certificate \"" + nickname + "\" from NSS database"); + try { PrivateKey privateKey = cm.findPrivKeyByCert(cert); - logger.fine("Certificate \"" + nickname + "\" has private key"); PKCS12KeyInfo keyInfo = new PKCS12KeyInfo(); @@ -285,6 +300,20 @@ public class PKCS12Util { } } + public void loadCertChainFromNSS(PKCS12 pkcs12, X509Certificate cert) throws Exception { + + logger.info("Loading certificate chain for \"" + cert.getNickname() + "\""); + + CryptoManager cm = CryptoManager.getInstance(); + X509Certificate[] certChain = cm.buildCertificateChain(cert); + + // load parent certificates only + for (int i = 1; i < certChain.length; i++) { + X509Certificate c = certChain[i]; + loadCertFromNSS(pkcs12, c, false); // do not include private key + } + } + public void storeIntoFile(PKCS12 pkcs12, String filename, Password password) throws Exception { logger.info("Storing data into PKCS #12 file"); |