diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-02-09 18:41:40 +0100 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2016-02-12 23:20:45 +0100 |
commit | 709457876a6d5e4aea281a35350667492bc34df8 (patch) | |
tree | 5bedc1f1110800c945047eacc5c65e7be9e9a7e0 /base/util | |
parent | aa613fa272defcc8eebd4b9ef2556e61683b4e97 (diff) | |
download | pki-709457876a6d5e4aea281a35350667492bc34df8.tar.gz pki-709457876a6d5e4aea281a35350667492bc34df8.tar.xz pki-709457876a6d5e4aea281a35350667492bc34df8.zip |
Added CLIs to inspect PKCS #12 file.
The pki pkcs12-cert-find and pki pkcs12-key-find commands have
been added to list the certificates and keys in a PKCS #12 file.
https://fedorahosted.org/pki/ticket/1742
Diffstat (limited to 'base/util')
-rw-r--r-- | base/util/src/netscape/security/pkcs/PKCS12Util.java | 176 |
1 files changed, 176 insertions, 0 deletions
diff --git a/base/util/src/netscape/security/pkcs/PKCS12Util.java b/base/util/src/netscape/security/pkcs/PKCS12Util.java index 63051858e..9d66ac6fb 100644 --- a/base/util/src/netscape/security/pkcs/PKCS12Util.java +++ b/base/util/src/netscape/security/pkcs/PKCS12Util.java @@ -17,15 +17,23 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.pkcs; +import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileOutputStream; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; import java.security.MessageDigest; +import java.util.ArrayList; +import java.util.List; import java.util.logging.Logger; import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.asn1.ANY; import org.mozilla.jss.asn1.ASN1Util; import org.mozilla.jss.asn1.ASN1Value; import org.mozilla.jss.asn1.BMPString; +import org.mozilla.jss.asn1.OBJECT_IDENTIFIER; import org.mozilla.jss.asn1.OCTET_STRING; import org.mozilla.jss.asn1.SEQUENCE; import org.mozilla.jss.asn1.SET; @@ -48,16 +56,30 @@ import org.mozilla.jss.pkcs12.CertBag; import org.mozilla.jss.pkcs12.PFX; import org.mozilla.jss.pkcs12.PasswordConverter; import org.mozilla.jss.pkcs12.SafeBag; +import org.mozilla.jss.pkix.primitive.Attribute; import org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo; import org.mozilla.jss.pkix.primitive.PrivateKeyInfo; import org.mozilla.jss.util.Password; +import netscape.security.x509.X509CertImpl; + public class PKCS12Util { private static Logger logger = Logger.getLogger(PKCS12Util.class.getName()); PFX pfx; + public static class PKCS12KeyInfo { + public EncryptedPrivateKeyInfo encPrivateKeyInfo; + public PrivateKeyInfo privateKeyInfo; + public String subjectDN; + } + + public static class PKCS12CertInfo { + public X509CertImpl cert; + public String nickname; + } + byte[] getEncodedKey(PrivateKey privateKey) throws Exception { CryptoManager cm = CryptoManager.getInstance(); @@ -211,4 +233,158 @@ public class PKCS12Util { loadFromNSS(password); storeIntoPKCS12(filename, password); } + + public PKCS12KeyInfo getKeyInfo(SafeBag bag, Password password) throws Exception { + + // get private key info + EncryptedPrivateKeyInfo encPrivateKeyInfo = (EncryptedPrivateKeyInfo) bag.getInterpretedBagContent(); + + PrivateKeyInfo privateKeyInfo = null; + if (password != null) { + privateKeyInfo = encPrivateKeyInfo.decrypt(password, new PasswordConverter()); + } + + // find private key's subject DN + SET bagAttrs = bag.getBagAttributes(); + String subjectDN = null; + + for (int i = 0; i < bagAttrs.size(); i++) { + + Attribute attr = (Attribute) bagAttrs.elementAt(i); + OBJECT_IDENTIFIER oid = attr.getType(); + + if (!oid.equals(SafeBag.FRIENDLY_NAME)) continue; + + SET values = attr.getValues(); + ANY value = (ANY) values.elementAt(0); + + ByteArrayInputStream bbis = new ByteArrayInputStream(value.getEncoded()); + BMPString sss = (BMPString) new BMPString.Template().decode(bbis); + subjectDN = sss.toString(); + + break; + } + + logger.fine("Found private key " + subjectDN); + + PKCS12KeyInfo keyInfo = new PKCS12KeyInfo(); + keyInfo.encPrivateKeyInfo = encPrivateKeyInfo; + keyInfo.privateKeyInfo = privateKeyInfo; + keyInfo.subjectDN = subjectDN; + + return keyInfo; + } + + public PKCS12KeyInfo getKeyInfo(SafeBag bag) throws Exception { + return getKeyInfo(bag, null); + } + + public PKCS12CertInfo getCertInfo(SafeBag bag) throws Exception { + + CertBag certBag = (CertBag) bag.getInterpretedBagContent(); + + OCTET_STRING str = (OCTET_STRING) certBag.getInterpretedCert(); + byte[] x509cert = str.toByteArray(); + + // find cert's nickname + SET bagAttrs = bag.getBagAttributes(); + String nickname = null; + + if (bagAttrs != null) { + + for (int k = 0; k < bagAttrs.size(); k++) { + + Attribute attr = (Attribute) bagAttrs.elementAt(k); + OBJECT_IDENTIFIER oid = attr.getType(); + + if (!oid.equals(SafeBag.FRIENDLY_NAME)) continue; + SET values = attr.getValues(); + ANY value = (ANY) values.elementAt(0); + + ByteArrayInputStream bbis = new ByteArrayInputStream(value.getEncoded()); + BMPString sss = (BMPString) (new BMPString.Template()).decode(bbis); + nickname = sss.toString(); + + break; + } + } + + X509CertImpl certImpl = new X509CertImpl(x509cert); + + logger.fine("Found certificate " + certImpl.getSubjectDN() + (nickname == null ? "" : " (" + nickname + ")")); + + PKCS12CertInfo certInfo = new PKCS12CertInfo(); + certInfo.cert = certImpl; + certInfo.nickname = nickname; + + return certInfo; + } + + public List<PKCS12KeyInfo> getKeyInfos(Password password) throws Exception { + + logger.fine("Getting private keys"); + + List<PKCS12KeyInfo> keyInfos = new ArrayList<PKCS12KeyInfo>(); + AuthenticatedSafes safes = pfx.getAuthSafes(); + + for (int i = 0; i < safes.getSize(); i++) { + + SEQUENCE contents = safes.getSafeContentsAt(null, i); + + for (int j = 0; j < contents.size(); j++) { + + SafeBag bag = (SafeBag) contents.elementAt(j); + OBJECT_IDENTIFIER oid = bag.getBagType(); + + if (!oid.equals(SafeBag.PKCS8_SHROUDED_KEY_BAG)) continue; + + PKCS12KeyInfo keyInfo = getKeyInfo(bag, password); + keyInfos.add(keyInfo); + } + } + + return keyInfos; + } + + public List<PKCS12KeyInfo> getKeyInfos() throws Exception { + return getKeyInfos(null); + } + + public List<PKCS12CertInfo> getCertInfos() throws Exception { + + logger.fine("Getting certificates"); + + List<PKCS12CertInfo> certInfos = new ArrayList<PKCS12CertInfo>(); + AuthenticatedSafes safes = pfx.getAuthSafes(); + + for (int i = 0; i < safes.getSize(); i++) { + + SEQUENCE contents = safes.getSafeContentsAt(null, i); + + for (int j = 0; j < contents.size(); j++) { + + SafeBag bag = (SafeBag) contents.elementAt(j); + OBJECT_IDENTIFIER oid = bag.getBagType(); + + if (!oid.equals(SafeBag.CERT_BAG)) continue; + + PKCS12CertInfo certInfo = getCertInfo(bag); + certInfos.add(certInfo); + } + } + + return certInfos; + } + + public void loadFromPKCS12(String filename) throws Exception { + + logger.info("Loading PKCS #12 file"); + + Path path = Paths.get(filename); + byte[] b = Files.readAllBytes(path); + + ByteArrayInputStream bis = new ByteArrayInputStream(b); + + pfx = (PFX) (new PFX.Template()).decode(bis); + } } |