summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2012-01-11 12:57:53 -0500
committerAde Lee <alee@redhat.com>2012-01-11 13:49:04 -0500
commit10cfe7756e967ac91c66d33b392aeab9cf3780fb (patch)
treed5ac9b58442265d2ce5ef60e31f041ddacba1b4f /pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
parentedcb24f65cc3700e75d0a1d14dc2483f210b0ee4 (diff)
downloadpki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.tar.gz
pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.tar.xz
pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.zip
Formatting (no line wrap in comments or code)
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java')
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java299
1 files changed, 148 insertions, 151 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
index 589d5a68c..6d7d71b0e 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FilterOutputStream;
@@ -116,7 +115,6 @@ import com.netscape.cmscore.dbs.DateMapper;
import com.netscape.cmscore.dbs.X509CertImplMapper;
import com.netscape.cmsutil.crypto.CryptoUtil;
-
/**
* This class provides all the base methods to generate the key for different
* kinds of certificates.
@@ -155,8 +153,8 @@ public class KeyCertUtil {
}
}
- public static String getTokenNames(CryptoManager manager)
- throws TokenException {
+ public static String getTokenNames(CryptoManager manager)
+ throws TokenException {
String tokenList = "";
Enumeration tokens = manager.getExternalTokens();
int num = 0;
@@ -182,9 +180,9 @@ public class KeyCertUtil {
ByteArrayOutputStream output = new ByteArrayOutputStream();
Base64OutputStream b64 = new Base64OutputStream(new
PrintStream(new
- FilterOutputStream(output)
+ FilterOutputStream(output)
)
- );
+ );
b64.write(bytes);
b64.flush();
@@ -195,7 +193,7 @@ public class KeyCertUtil {
}
public static byte[] makeDSSParms(BigInteger P, BigInteger Q, BigInteger G)
- throws IOException {
+ throws IOException {
// Write P, Q, G to a DER stream
DerOutputStream contents = new DerOutputStream();
@@ -212,8 +210,8 @@ public class KeyCertUtil {
return sequence.toByteArray();
}
- public static PrivateKey getPrivateKey(String tokenname, String nickname)
- throws TokenException, EBaseException,
+ public static PrivateKey getPrivateKey(String tokenname, String nickname)
+ throws TokenException, EBaseException,
NoSuchTokenException, NotInitializedException, CertificateException,
CertificateEncodingException, EBaseException, ObjectNotFoundException {
@@ -222,15 +220,15 @@ public class KeyCertUtil {
String tokenName = store.getString("ca.signing.cacertnickname");
*/
X509Certificate cert = getCertificate(tokenname, nickname);
-
+
return CryptoManager.getInstance().findPrivKeyByCert(cert);
}
- public static String getCertSubjectName(String tokenname, String nickname)
- throws TokenException, EBaseException, NoSuchTokenException,
+ public static String getCertSubjectName(String tokenname, String nickname)
+ throws TokenException, EBaseException, NoSuchTokenException,
NotInitializedException, CertificateException,
CertificateEncodingException, EBaseException {
-
+
X509Certificate cert = getCertificate(tokenname, nickname);
X509CertImpl impl = new X509CertImpl(cert.getEncoded());
@@ -238,16 +236,16 @@ public class KeyCertUtil {
}
public static X509CertImpl signCert(PrivateKey privateKey, X509CertInfo certInfo,
- SignatureAlgorithm sigAlg)
- throws NoSuchTokenException, EBaseException, NotInitializedException {
+ SignatureAlgorithm sigAlg)
+ throws NoSuchTokenException, EBaseException, NotInitializedException {
try {
CertificateAlgorithmId sId = (CertificateAlgorithmId)
- certInfo.get(X509CertInfo.ALGORITHM_ID);
+ certInfo.get(X509CertInfo.ALGORITHM_ID);
AlgorithmId sigAlgId =
- (AlgorithmId) sId.get(CertificateAlgorithmId.ALGORITHM);
+ (AlgorithmId) sId.get(CertificateAlgorithmId.ALGORITHM);
- org.mozilla.jss.crypto.PrivateKey priKey =
- (org.mozilla.jss.crypto.PrivateKey) privateKey;
+ org.mozilla.jss.crypto.PrivateKey priKey =
+ (org.mozilla.jss.crypto.PrivateKey) privateKey;
CryptoToken token = priKey.getOwningToken();
DerOutputStream tmp = new DerOutputStream();
@@ -282,7 +280,7 @@ public class KeyCertUtil {
} catch (CertificateException e) {
throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
}
- }
+ }
public static SignatureAlgorithm getSigningAlgorithm(String keyType) {
SignatureAlgorithm sAlg = null;
@@ -317,9 +315,9 @@ public class KeyCertUtil {
}
public static AlgorithmId getAlgorithmId(String algname, IConfigStore store)
- throws EBaseException {
+ throws EBaseException {
try {
-
+
if (algname.equals("DSA")) {
byte[] p = store.getByteArray("ca.dsaP", null);
byte[] q = store.getByteArray("ca.dsaQ", null);
@@ -340,10 +338,10 @@ public class KeyCertUtil {
}
public static X509Certificate getCertificate(String tokenname,
- String nickname) throws NotInitializedException, NoSuchTokenException,
+ String nickname) throws NotInitializedException, NoSuchTokenException,
EBaseException, TokenException {
CryptoManager manager = CryptoManager.getInstance();
- CryptoToken token = null;
+ CryptoToken token = null;
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
token = manager.getInternalKeyStorageToken();
@@ -364,12 +362,12 @@ public class KeyCertUtil {
}
}
- public static KeyPair getKeyPair(String tokenname, String nickname)
- throws NotInitializedException, NoSuchTokenException, TokenException,
+ public static KeyPair getKeyPair(String tokenname, String nickname)
+ throws NotInitializedException, NoSuchTokenException, TokenException,
ObjectNotFoundException, EBaseException {
X509Certificate cert = getCertificate(tokenname, nickname);
PrivateKey priKey =
- CryptoManager.getInstance().findPrivKeyByCert(cert);
+ CryptoManager.getInstance().findPrivKeyByCert(cert);
PublicKey publicKey = cert.getPublicKey();
return new KeyPair(publicKey, priKey);
@@ -383,8 +381,8 @@ public class KeyCertUtil {
}
}
- public static PQGParams getCAPQG(int keysize, IConfigStore store)
- throws EBaseException {
+ public static PQGParams getCAPQG(int keysize, IConfigStore store)
+ throws EBaseException {
if (store != null) {
try {
int pqgKeySize = store.getInteger("ca.dsaPQG.keyLength", 0);
@@ -421,9 +419,9 @@ public class KeyCertUtil {
store.putInteger("ca.dsaCounter", pqg.getCounter());
store.putString("ca.dsaH", KeyCertUtil.base64Encode(
pqg.getH().toByteArray()));
- store.putString("ca.DSSParms",
- KeyCertUtil.base64Encode(
- KeyCertUtil.makeDSSParms(pqg.getP(), pqg.getQ(), pqg.getG())));
+ store.putString("ca.DSSParms",
+ KeyCertUtil.base64Encode(
+ KeyCertUtil.makeDSSParms(pqg.getP(), pqg.getQ(), pqg.getG())));
store.commit(false);
return pqg;
} catch (IOException ee) {
@@ -438,12 +436,12 @@ public class KeyCertUtil {
}
public static KeyPair generateKeyPair(CryptoToken token,
- KeyPairAlgorithm kpAlg, int keySize, PQGParams pqg)
- throws NoSuchAlgorithmException, TokenException, InvalidAlgorithmParameterException,
+ KeyPairAlgorithm kpAlg, int keySize, PQGParams pqg)
+ throws NoSuchAlgorithmException, TokenException, InvalidAlgorithmParameterException,
InvalidParameterException, PQGParamGenException {
KeyPairGenerator kpGen = token.getKeyPairGenerator(kpAlg);
-
+
if (kpAlg == KeyPairAlgorithm.DSA) {
if (pqg == null) {
kpGen.initialize(keySize);
@@ -463,8 +461,7 @@ public class KeyCertUtil {
do {
// 602548 NSS bug - to overcome it, we use isBadDSAKeyPair
kp = kpGen.genKeyPair();
- }
- while (isBadDSAKeyPair(kp));
+ } while (isBadDSAKeyPair(kp));
return kp;
}
}
@@ -489,7 +486,7 @@ public class KeyCertUtil {
byte[] bits = bs.getBits();
ByteArrayInputStream bitstream = new ByteArrayInputStream(bs.getBits());
ASN1Header wrapper = new ASN1Header(bitstream);
- byte[] valBytes = new byte[ (int) wrapper.getContentLength() ];
+ byte[] valBytes = new byte[(int) wrapper.getContentLength()];
ASN1Util.readFully(valBytes, bitstream);
@@ -503,7 +500,7 @@ public class KeyCertUtil {
}
public static KeyPair generateKeyPair(String tokenName, String alg,
- int keySize, PQGParams pqg) throws EBaseException {
+ int keySize, PQGParams pqg) throws EBaseException {
CryptoToken token = null;
@@ -548,8 +545,8 @@ public class KeyCertUtil {
}
}
- public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair)
- throws NoSuchAlgorithmException, NoSuchProviderException,
+ public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair)
+ throws NoSuchAlgorithmException, NoSuchProviderException,
InvalidKeyException, IOException, CertificateException,
SignatureException {
PublicKey pubk = keyPair.getPublic();
@@ -564,7 +561,7 @@ public class KeyCertUtil {
alg = "DSA";
}
java.security.Signature sig =
- java.security.Signature.getInstance(alg, "Mozilla-JSS");
+ java.security.Signature.getInstance(alg, "Mozilla-JSS");
sig.initSign(keyPair.getPrivate());
@@ -579,9 +576,9 @@ public class KeyCertUtil {
}
public static PKCS10 getCertRequest(String subjectName, KeyPair
- keyPair, Extensions
- exts)
- throws NoSuchAlgorithmException, NoSuchProviderException,
+ keyPair, Extensions
+ exts)
+ throws NoSuchAlgorithmException, NoSuchProviderException,
InvalidKeyException, IOException, CertificateException,
SignatureException {
PublicKey pubk = keyPair.getPublic();
@@ -596,7 +593,7 @@ public class KeyCertUtil {
alg = "DSA";
}
java.security.Signature sig =
- java.security.Signature.getInstance(alg, "Mozilla-JSS");
+ java.security.Signature.getInstance(alg, "Mozilla-JSS");
sig.initSign(keyPair.getPrivate());
@@ -604,8 +601,8 @@ public class KeyCertUtil {
if (exts != null) {
PKCS10Attribute attr = new
- PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID,
- (CertAttrSet) exts);
+ PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID,
+ (CertAttrSet) exts);
PKCS10Attributes attrs = new PKCS10Attributes();
attrs.setAttribute(attr.getAttributeValue().getName(), attr);
@@ -623,8 +620,8 @@ public class KeyCertUtil {
return pkcs10;
}
- public static X509Key convertPublicKeyToX509Key(PublicKey pubk)
- throws InvalidKeyException {
+ public static X509Key convertPublicKeyToX509Key(PublicKey pubk)
+ throws InvalidKeyException {
X509Key xKey;
@@ -653,23 +650,23 @@ public class KeyCertUtil {
}
public static X509Certificate
- importCert(X509CertImpl signedCert, String nickname,
- String certType) throws NotInitializedException, TokenException,
- CertificateEncodingException, UserCertConflictException,
- NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
-
+ importCert(X509CertImpl signedCert, String nickname,
+ String certType) throws NotInitializedException, TokenException,
+ CertificateEncodingException, UserCertConflictException,
+ NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
+
return importCert(signedCert.getEncoded(), nickname, certType);
}
public static X509Certificate
- importCert(String b64E, String nickname, String certType)
- throws NotInitializedException, TokenException,
- CertificateEncodingException, UserCertConflictException,
- NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
-
+ importCert(String b64E, String nickname, String certType)
+ throws NotInitializedException, TokenException,
+ CertificateEncodingException, UserCertConflictException,
+ NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
+
byte b[] = b64E.getBytes();
X509Certificate cert = getInternalCertificate(b, nickname, certType);
-
+
if (cert instanceof InternalCertificate) {
setTrust(certType, (InternalCertificate) cert);
}
@@ -677,10 +674,10 @@ public class KeyCertUtil {
}
public static X509Certificate
- importCert(byte[] b, String nickname, String certType)
- throws NotInitializedException, TokenException,
- CertificateEncodingException, UserCertConflictException,
- NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
+ importCert(byte[] b, String nickname, String certType)
+ throws NotInitializedException, TokenException,
+ CertificateEncodingException, UserCertConflictException,
+ NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
X509Certificate cert = getInternalCertificate(b, nickname, certType);
@@ -690,8 +687,8 @@ public class KeyCertUtil {
return cert;
}
- public static X509Certificate getInternalCertificate(byte[] b, String nickname, String certType)
- throws NotInitializedException, TokenException, CertificateEncodingException,
+ public static X509Certificate getInternalCertificate(byte[] b, String nickname, String certType)
+ throws NotInitializedException, TokenException, CertificateEncodingException,
UserCertConflictException, NicknameConflictException, NoSuchItemOnTokenException,
CertificateException {
X509Certificate cert = null;
@@ -700,12 +697,12 @@ public class KeyCertUtil {
cert = CryptoManager.getInstance().importUserCACertPackage(b,
nickname);
} else if (certType.equals(Constants.PR_RA_SIGNING_CERT) ||
- certType.equals(Constants.PR_KRA_TRANSPORT_CERT) ||
- certType.equals(Constants.PR_OCSP_SIGNING_CERT) ||
- certType.equals(Constants.PR_SERVER_CERT) ||
- certType.equals(Constants.PR_SERVER_CERT_RADM) ||
- certType.equals(Constants.PR_OTHER_CERT) ||
- certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
+ certType.equals(Constants.PR_KRA_TRANSPORT_CERT) ||
+ certType.equals(Constants.PR_OCSP_SIGNING_CERT) ||
+ certType.equals(Constants.PR_SERVER_CERT) ||
+ certType.equals(Constants.PR_SERVER_CERT_RADM) ||
+ certType.equals(Constants.PR_OTHER_CERT) ||
+ certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
cert = CryptoManager.getInstance().importCertPackage(b,
nickname);
} else if (certType.equals(Constants.PR_SERVER_CERT_CHAIN)) {
@@ -718,15 +715,15 @@ public class KeyCertUtil {
cert = certchain[certchain.length - 1];
}
}
- return cert;
+ return cert;
}
public static void setTrust(String certType, InternalCertificate inCert) {
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
int flag = InternalCertificate.VALID_CA |
- InternalCertificate.TRUSTED_CA |
- InternalCertificate.USER |
- InternalCertificate.TRUSTED_CLIENT_CA;
+ InternalCertificate.TRUSTED_CA |
+ InternalCertificate.USER |
+ InternalCertificate.TRUSTED_CLIENT_CA;
inCert.setSSLTrust(flag);
inCert.setObjectSigningTrust(flag);
@@ -736,23 +733,23 @@ public class KeyCertUtil {
inCert.setSSLTrust(flag);
inCert.setObjectSigningTrust(flag);
- inCert.setEmailTrust(flag);
+ inCert.setEmailTrust(flag);
} else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
int flag = InternalCertificate.USER | InternalCertificate.VALID_CA;
inCert.setSSLTrust(flag);
inCert.setObjectSigningTrust(flag);
- inCert.setEmailTrust(flag);
+ inCert.setEmailTrust(flag);
} else if (certType.equals(Constants.PR_SERVER_CERT) ||
- certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
+ certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
int flag = InternalCertificate.USER | InternalCertificate.VALID_CA;
inCert.setSSLTrust(flag);
inCert.setObjectSigningTrust(flag);
- inCert.setEmailTrust(flag);
+ inCert.setEmailTrust(flag);
} else if (certType.equals(Constants.PR_TRUSTED_CA_CERT)) {
inCert.setSSLTrust(InternalCertificate.TRUSTED_CA | InternalCertificate.TRUSTED_CLIENT_CA |
- InternalCertificate.VALID_CA);
+ InternalCertificate.VALID_CA);
//inCert.setEmailTrust(InternalCertificate.TRUSTED_CA);
// cannot set this bit. If set, then the cert will not appear when you called getCACerts().
@@ -761,7 +758,7 @@ public class KeyCertUtil {
}
public static byte[] convertB64EToByteArray(String b64E)
- throws CertificateException, IOException {
+ throws CertificateException, IOException {
String str = CertUtils.stripCertBrackets(b64E);
byte bCert[] = (byte[]) (com.netscape.osutil.OSUtil.AtoB(str));
@@ -775,33 +772,33 @@ public class KeyCertUtil {
/**
* ASN.1 structure:
- * 0 30 142: SEQUENCE {
- * 3 30 69: SEQUENCE {
- * 5 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18)
- * 10 04 62: OCTET STRING
- * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A
- * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01
- * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74
- * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01
- * : }
- * 74 30 69: SEQUENCE {
- * 76 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
- * 81 04 62: OCTET STRING
- * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A
- * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01
- * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74
- * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01
- * : }
- * : }
+ * 0 30 142: SEQUENCE {
+ * 3 30 69: SEQUENCE {
+ * 5 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18)
+ * 10 04 62: OCTET STRING
+ * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A
+ * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01
+ * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74
+ * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01
+ * : }
+ * 74 30 69: SEQUENCE {
+ * 76 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
+ * 81 04 62: OCTET STRING
+ * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A
+ * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01
+ * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74
+ * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01
+ * : }
+ * : }
* Uses the following to test with configuration wizard:
* MIGOMEUGA1UdEQQ+MDyCAWGCAWGkEDAOMQwwCgYDVQQDEwNkc2GHBAEBAQGGAWGB
* FHRob21hc2tAbmV0c2NhcGUuY29tiAMpAQEwRQYDVR0SBD4wPIIBYYIBYaQQMA4x
* DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB
- * AQ==
+ * AQ==
*/
public static void setDERExtension(
- CertificateExtensions ext, KeyCertData properties)
- throws IOException {
+ CertificateExtensions ext, KeyCertData properties)
+ throws IOException {
String b64E = properties.getDerExtension();
@@ -826,8 +823,8 @@ public class KeyCertUtil {
}
public static void setBasicConstraintsExtension(
- CertificateExtensions ext, KeyCertData properties)
- throws IOException {
+ CertificateExtensions ext, KeyCertData properties)
+ throws IOException {
String isCA = properties.isCA();
String certLen = properties.getCertLen();
@@ -843,12 +840,12 @@ public class KeyCertUtil {
else
len = Integer.parseInt(certLen);
- if ((isCA == null) || (isCA.equals("")) ||
- (isCA.equals(Constants.FALSE)))
+ if ((isCA == null) || (isCA.equals("")) ||
+ (isCA.equals(Constants.FALSE)))
bool = false;
else
bool = true;
-
+
BasicConstraintsExtension basic = new BasicConstraintsExtension(
bool, len);
@@ -856,17 +853,17 @@ public class KeyCertUtil {
}
public static void setExtendedKeyUsageExtension(
- CertificateExtensions ext, KeyCertData properties) throws IOException,
+ CertificateExtensions ext, KeyCertData properties) throws IOException,
CertificateException {
ExtendedKeyUsageExtension ns = new ExtendedKeyUsageExtension();
boolean anyExt = false;
-
+
String sslClient = properties.getSSLClientBit();
-
+
if ((sslClient != null) && (sslClient.equals(Constants.TRUE))) {
ns.addOID(new ObjectIdentifier("1.3.6.1.5.5.7.3.2"));
anyExt = true;
- }
+ }
String sslServer = properties.getSSLServerBit();
@@ -907,7 +904,7 @@ public class KeyCertUtil {
}
public static void setNetscapeCertificateExtension(
- CertificateExtensions ext, KeyCertData properties) throws IOException,
+ CertificateExtensions ext, KeyCertData properties) throws IOException,
CertificateException {
NSCertTypeExtension ns = new NSCertTypeExtension();
@@ -965,37 +962,37 @@ public class KeyCertUtil {
ext.set(NSCertTypeExtension.NAME, ns);
}
- public static void setOCSPNoCheck(KeyPair keypair,
- CertificateExtensions ext, KeyCertData properties) throws IOException,
+ public static void setOCSPNoCheck(KeyPair keypair,
+ CertificateExtensions ext, KeyCertData properties) throws IOException,
NoSuchAlgorithmException, InvalidKeyException {
String noCheck = properties.getOCSPNoCheck();
if ((noCheck != null) && (noCheck.equals(Constants.TRUE))) {
- OCSPNoCheckExtension noCheckExt =
- new OCSPNoCheckExtension();
+ OCSPNoCheckExtension noCheckExt =
+ new OCSPNoCheckExtension();
ext.set(OCSPNoCheckExtension.NAME, noCheckExt);
}
}
- public static void setOCSPSigning(KeyPair keypair,
- CertificateExtensions ext, KeyCertData properties) throws IOException,
+ public static void setOCSPSigning(KeyPair keypair,
+ CertificateExtensions ext, KeyCertData properties) throws IOException,
NoSuchAlgorithmException, InvalidKeyException {
String signing = properties.getOCSPSigning();
- if ((signing != null) && (signing.equals(Constants.TRUE))) {
- Vector oidSet = new Vector();
+ if ((signing != null) && (signing.equals(Constants.TRUE))) {
+ Vector oidSet = new Vector();
oidSet.addElement(
- ObjectIdentifier.getObjectIdentifier(
- ExtendedKeyUsageExtension.OID_OCSPSigning));
- ExtendedKeyUsageExtension ocspExt =
- new ExtendedKeyUsageExtension(false, oidSet);
+ ObjectIdentifier.getObjectIdentifier(
+ ExtendedKeyUsageExtension.OID_OCSPSigning));
+ ExtendedKeyUsageExtension ocspExt =
+ new ExtendedKeyUsageExtension(false, oidSet);
ext.set(ExtendedKeyUsageExtension.NAME, ocspExt);
}
}
- public static void setAuthInfoAccess(KeyPair keypair,
- CertificateExtensions ext, KeyCertData properties) throws IOException,
+ public static void setAuthInfoAccess(KeyPair keypair,
+ CertificateExtensions ext, KeyCertData properties) throws IOException,
NoSuchAlgorithmException, InvalidKeyException {
String aia = properties.getAIA();
@@ -1004,7 +1001,7 @@ public class KeyCertUtil {
String port = CMS.getEENonSSLPort();
AuthInfoAccessExtension aiaExt = new AuthInfoAccessExtension(false);
if (hostname != null && port != null) {
- String location = "http://"+hostname+":"+port+"/ca/ocsp";
+ String location = "http://" + hostname + ":" + port + "/ca/ocsp";
GeneralName ocspName = new GeneralName(new URIName(location));
aiaExt.addAccessDescription(AuthInfoAccessExtension.METHOD_OCSP, ocspName);
}
@@ -1013,42 +1010,42 @@ public class KeyCertUtil {
}
}
- public static void setAuthorityKeyIdentifier(KeyPair keypair,
- CertificateExtensions ext, KeyCertData properties) throws IOException,
+ public static void setAuthorityKeyIdentifier(KeyPair keypair,
+ CertificateExtensions ext, KeyCertData properties) throws IOException,
NoSuchAlgorithmException, InvalidKeyException {
String aki = properties.getAKI();
if ((aki != null) && (aki.equals(Constants.TRUE))) {
KeyIdentifier id = createKeyIdentifier(keypair);
- AuthorityKeyIdentifierExtension akiExt =
- new AuthorityKeyIdentifierExtension(id, null, null);
+ AuthorityKeyIdentifierExtension akiExt =
+ new AuthorityKeyIdentifierExtension(id, null, null);
ext.set(AuthorityKeyIdentifierExtension.NAME, akiExt);
}
}
- public static void setSubjectKeyIdentifier(KeyPair keypair,
- CertificateExtensions ext,
- KeyCertData properties) throws IOException, NoSuchAlgorithmException,
+ public static void setSubjectKeyIdentifier(KeyPair keypair,
+ CertificateExtensions ext,
+ KeyCertData properties) throws IOException, NoSuchAlgorithmException,
InvalidKeyException {
String ski = properties.getSKI();
if ((ski != null) && (ski.equals(Constants.TRUE))) {
KeyIdentifier id = createKeyIdentifier(keypair);
SubjectKeyIdentifierExtension skiExt =
- new SubjectKeyIdentifierExtension(id.getIdentifier());
+ new SubjectKeyIdentifierExtension(id.getIdentifier());
ext.set(SubjectKeyIdentifierExtension.NAME, skiExt);
}
}
public static void setKeyUsageExtension(CertificateExtensions ext,
- KeyUsageExtension keyUsage) throws IOException {
+ KeyUsageExtension keyUsage) throws IOException {
ext.set(KeyUsageExtension.NAME, keyUsage);
}
- public static KeyIdentifier createKeyIdentifier(KeyPair keypair)
- throws NoSuchAlgorithmException, InvalidKeyException {
+ public static KeyIdentifier createKeyIdentifier(KeyPair keypair)
+ throws NoSuchAlgorithmException, InvalidKeyException {
MessageDigest md = MessageDigest.getInstance("SHA-1");
X509Key subjectKeyInfo = convertPublicKeyToX509Key(
keypair.getPublic());
@@ -1058,8 +1055,8 @@ public class KeyCertUtil {
return new KeyIdentifier(md.digest());
}
- public static BigInteger getSerialNumber(LDAPConnection conn, String baseDN)
- throws LDAPException {
+ public static BigInteger getSerialNumber(LDAPConnection conn, String baseDN)
+ throws LDAPException {
String dn = "ou=certificateRepository,ou=ca," + baseDN;
BigInteger serialno = null;
LDAPEntry entry = conn.read(dn);
@@ -1079,9 +1076,9 @@ public class KeyCertUtil {
return serialno;
}
- public static void setSerialNumber(LDAPConnection conn,
- String baseDN, BigInteger serial)
- throws LDAPException {
+ public static void setSerialNumber(LDAPConnection conn,
+ String baseDN, BigInteger serial)
+ throws LDAPException {
String dn = "ou=certificateRepository,ou=ca," + baseDN;
LDAPAttribute attr = new LDAPAttribute("serialno");
@@ -1096,19 +1093,19 @@ public class KeyCertUtil {
}
public static void addCertToDB(LDAPConnection conn, String dn, X509CertImpl cert)
- throws LDAPException, EBaseException {
+ throws LDAPException, EBaseException {
BigInteger serialno = cert.getSerialNumber();
X509CertImplMapper mapper = new X509CertImplMapper();
LDAPAttributeSet attrs = new LDAPAttributeSet();
mapper.mapObjectToLDAPAttributeSet(null, null,
- cert, attrs);
+ cert, attrs);
attrs.add(new LDAPAttribute("objectclass", "top"));
attrs.add(new LDAPAttribute("objectclass",
"certificateRecord"));
attrs.add(new LDAPAttribute("serialno",
BigIntegerMapper.BigIntegerToDB(
- serialno)));
+ serialno)));
attrs.add(new LDAPAttribute("dateOfCreate",
DateMapper.dateToDB((CMS.getCurrentDate()))));
attrs.add(new LDAPAttribute("dateOfModify",
@@ -1124,12 +1121,12 @@ public class KeyCertUtil {
conn.add(entry);
}
- public static CertificateExtensions getExtensions(String tokenname, String nickname)
- throws NotInitializedException, TokenException, ObjectNotFoundException,
+ public static CertificateExtensions getExtensions(String tokenname, String nickname)
+ throws NotInitializedException, TokenException, ObjectNotFoundException,
IOException, CertificateException {
String fullnickname = nickname;
- if (!tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME))
+ if (!tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME))
fullnickname = tokenname + ":" + nickname;
CryptoManager manager = CryptoManager.getInstance();
X509Certificate cert = manager.findCertByNickname(fullnickname);
generated by cgit (git 2.34.1) at 2024-07-06 09:27:04 +0000