diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-04-06 19:22:48 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2016-04-08 17:19:30 +0200 |
commit | d43f4dab6773ea7d91e71193969b26df4efaaffc (patch) | |
tree | 1ebf4ac62ac82ed40de8719426b1847f7f76ddea /base/util | |
parent | 0bf38b56a56af5f66229f17c2e7ddbf127d4de14 (diff) | |
download | pki-d43f4dab6773ea7d91e71193969b26df4efaaffc.tar.gz pki-d43f4dab6773ea7d91e71193969b26df4efaaffc.tar.xz pki-d43f4dab6773ea7d91e71193969b26df4efaaffc.zip |
Fixed pki pkcs12-import backward compatibility.
For backward compatibility the pki pkcs12-import has been modified
to generate default nicknames and trust flags for CA certificates
if they are not specified in the PKCS #12 file. The PKCS12Util was
also modified to find the certificate corresponding to a key more
accurately using the local ID instead of the subject DN.
The configuration servlet has been modified to provide better
debugging information when updating the security domain.
https://fedorahosted.org/pki/ticket/2255
Diffstat (limited to 'base/util')
-rw-r--r-- | base/util/src/netscape/security/pkcs/PKCS12Util.java | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/base/util/src/netscape/security/pkcs/PKCS12Util.java b/base/util/src/netscape/security/pkcs/PKCS12Util.java index 967479b69..43435c822 100644 --- a/base/util/src/netscape/security/pkcs/PKCS12Util.java +++ b/base/util/src/netscape/security/pkcs/PKCS12Util.java @@ -31,6 +31,7 @@ import java.security.cert.CertificateException; import java.util.Collection; import java.util.logging.Logger; +import org.apache.commons.lang.StringUtils; import org.mozilla.jss.CryptoManager; import org.mozilla.jss.asn1.ANY; import org.mozilla.jss.asn1.ASN1Util; @@ -67,6 +68,7 @@ import org.mozilla.jss.pkix.primitive.PrivateKeyInfo; import org.mozilla.jss.util.Password; import netscape.ldap.LDAPDN; +import netscape.ldap.util.DN; import netscape.security.x509.X509CertImpl; public class PKCS12Util { @@ -417,7 +419,8 @@ public class PKCS12Util { byte[] x509cert = certStr.toByteArray(); certInfo.cert = new X509CertImpl(x509cert); - logger.fine(" Subject DN: " + certInfo.cert.getSubjectDN()); + Principal subjectDN = certInfo.cert.getSubjectDN(); + logger.fine(" Subject DN: " + subjectDN); SET bagAttrs = bag.getBagAttributes(); @@ -468,6 +471,14 @@ public class PKCS12Util { logger.fine(" ID: " + certInfo.id.toString(16)); } + if (certInfo.nickname == null) { + logger.fine(" Nickname not specified, generating new nickname"); + DN dn = new DN(subjectDN.getName()); + String[] values = dn.explodeDN(true); + certInfo.nickname = StringUtils.join(values, " - "); + logger.fine(" Nickname: " + certInfo.nickname); + } + return certInfo; } @@ -580,9 +591,9 @@ public class PKCS12Util { privateKeyInfo.encode(bos); byte[] privateKey = bos.toByteArray(); - PKCS12CertInfo certInfo = getCertBySubjectDN(pkcs12, keyInfo.subjectDN); + PKCS12CertInfo certInfo = pkcs12.getCertInfoByID(keyInfo.getID()); if (certInfo == null) { - logger.fine("Private key nas no certificate, ignore"); + logger.fine("Private key has no certificate, ignore"); return; } |