Fixed pki pkcs12-import backward compatibility.

For backward compatibility the pki pkcs12-import has been modified to generate default nicknames and trust flags for CA certificates if they are not specified in the PKCS #12 file. The PKCS12Util was also modified to find the certificate corresponding to a key more accurately using the local ID instead of the subject DN. The configuration servlet has been modified to provide better debugging information when updating the security domain. https://fedorahosted.org/pki/ticket/2255
author: Endi S. Dewata <edewata@redhat.com> 2016-04-06 19:22:48 +0200
committer: Endi S. Dewata <edewata@redhat.com> 2016-04-08 17:19:30 +0200
commit: d43f4dab6773ea7d91e71193969b26df4efaaffc (patch)
tree: 1ebf4ac62ac82ed40de8719426b1847f7f76ddea /base/util
parent: 0bf38b56a56af5f66229f17c2e7ddbf127d4de14 (diff)
download: pki-d43f4dab6773ea7d91e71193969b26df4efaaffc.tar.gz
pki-d43f4dab6773ea7d91e71193969b26df4efaaffc.tar.xz
pki-d43f4dab6773ea7d91e71193969b26df4efaaffc.zip
1 files changed, 14 insertions, 3 deletions
diff --git a/base/util/src/netscape/security/pkcs/PKCS12Util.java b/base/util/src/netscape/security/pkcs/PKCS12Util.java
index 967479b69..43435c822 100644
--- a/base/util/src/netscape/security/pkcs/PKCS12Util.java
+++ b/base/util/src/netscape/security/pkcs/PKCS12Util.java
@@ -31,6 +31,7 @@ import java.security.cert.CertificateException;
 import java.util.Collection;
 import java.util.logging.Logger;
 
+import org.apache.commons.lang.StringUtils;
 import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.asn1.ANY;
 import org.mozilla.jss.asn1.ASN1Util;
@@ -67,6 +68,7 @@ import org.mozilla.jss.pkix.primitive.PrivateKeyInfo;
 import org.mozilla.jss.util.Password;
 
 import netscape.ldap.LDAPDN;
+import netscape.ldap.util.DN;
 import netscape.security.x509.X509CertImpl;
 
 public class PKCS12Util {
@@ -417,7 +419,8 @@ public class PKCS12Util {
         byte[] x509cert = certStr.toByteArray();
 
         certInfo.cert = new X509CertImpl(x509cert);
-        logger.fine("   Subject DN: " + certInfo.cert.getSubjectDN());
+        Principal subjectDN = certInfo.cert.getSubjectDN();
+        logger.fine("   Subject DN: " + subjectDN);
 
         SET bagAttrs = bag.getBagAttributes();
 
@@ -468,6 +471,14 @@ public class PKCS12Util {
             logger.fine("   ID: " + certInfo.id.toString(16));
         }
 
+        if (certInfo.nickname == null) {
+            logger.fine("   Nickname not specified, generating new nickname");
+            DN dn = new DN(subjectDN.getName());
+            String[] values = dn.explodeDN(true);
+            certInfo.nickname = StringUtils.join(values, " - ");
+            logger.fine("   Nickname: " + certInfo.nickname);
+        }
+
         return certInfo;
     }
 
@@ -580,9 +591,9 @@ public class PKCS12Util {
         privateKeyInfo.encode(bos);
         byte[] privateKey = bos.toByteArray();
 
-        PKCS12CertInfo certInfo = getCertBySubjectDN(pkcs12, keyInfo.subjectDN);
+        PKCS12CertInfo certInfo = pkcs12.getCertInfoByID(keyInfo.getID());
         if (certInfo == null) {
-            logger.fine("Private key nas no certificate, ignore");
+            logger.fine("Private key has no certificate, ignore");
             return;
         }
author	Endi S. Dewata <edewata@redhat.com>	2016-04-06 19:22:48 +0200
committer	Endi S. Dewata <edewata@redhat.com>	2016-04-08 17:19:30 +0200
commit	d43f4dab6773ea7d91e71193969b26df4efaaffc (patch)
tree	1ebf4ac62ac82ed40de8719426b1847f7f76ddea /base/util
parent	0bf38b56a56af5f66229f17c2e7ddbf127d4de14 (diff)
download	pki-d43f4dab6773ea7d91e71193969b26df4efaaffc.tar.gz pki-d43f4dab6773ea7d91e71193969b26df4efaaffc.tar.xz pki-d43f4dab6773ea7d91e71193969b26df4efaaffc.zip