diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-07-27 19:03:40 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-07-27 19:03:40 +0000 |
commit | 2eb3243de06f1589991da47bfde6271e0d80abe6 (patch) | |
tree | 8168ed24525ffd35989d54bd6dd81471d5df0b08 /pki/base/util | |
parent | 9f8b12b0400f654f8b3f10ddbd731735c1d45607 (diff) | |
download | pki-2eb3243de06f1589991da47bfde6271e0d80abe6.tar.gz pki-2eb3243de06f1589991da47bfde6271e0d80abe6.tar.xz pki-2eb3243de06f1589991da47bfde6271e0d80abe6.zip |
merge 8.1 -> tip, multiple bugs (base)
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1134 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/util')
-rw-r--r-- | pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 110 | ||||
-rw-r--r-- | pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java | 1 |
2 files changed, 100 insertions, 11 deletions
diff --git a/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index 0329c273a..720c97740 100644 --- a/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -54,6 +54,7 @@ import org.mozilla.jss.util.Base64OutputStream; import netscape.security.util.*; import netscape.security.pkcs.*; import netscape.security.x509.*; +import com.netscape.cmsutil.util.Cert; public class CryptoUtil { @@ -246,6 +247,26 @@ public class CryptoUtil { return bs.toString(); } + public static String getPKCS10FromKey(String dn, + byte modulus[], byte exponent[], byte prikdata[], String alg) + throws IOException, + InvalidKeyException, + TokenException, + NoSuchProviderException, + CertificateException, + SignatureException, + CryptoManager.NotInitializedException, + NoSuchAlgorithmException + { + X509Key x509key = getPublicX509Key(modulus, exponent); + PrivateKey prik = findPrivateKeyFromID(prikdata); + PKCS10 pkcs10 = createCertificationRequest(dn, x509key, prik, alg); + ByteArrayOutputStream bs = new ByteArrayOutputStream(); + PrintStream ps = new PrintStream(bs); + pkcs10.print(ps); + return bs.toString(); + } + /* * formats a cert */ @@ -508,6 +529,23 @@ public class CryptoUtil { throws IOException, CertificateException, InvalidKeyException { + // set default; use the other call with "alg" to set algorithm + String alg = "SHA1withRSA"; + try { + return createX509CertInfo (x509key, serialno, issuername, subjname, notBefore, notAfter, alg); + } catch (NoSuchAlgorithmException ex) { + // for those that calls the old call without alg + throw new CertificateException("createX509CertInfo old call should not be here"); + } + } + + public static X509CertInfo createX509CertInfo(X509Key x509key, + int serialno, String issuername, String subjname, + Date notBefore, Date notAfter, String alg) + throws IOException, + CertificateException, + InvalidKeyException, + NoSuchAlgorithmException { X509CertInfo info = new X509CertInfo(); info.set(X509CertInfo.VERSION, new @@ -520,11 +558,10 @@ public class CryptoUtil { CertificateSubjectName(new X500Name(subjname))); info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter)); - AlgorithmId sigAlgId = new AlgorithmId( - AlgorithmId.md5WithRSAEncryption_oid); + AlgorithmId sigAlgId = new AlgorithmId(); info.set(X509CertInfo.ALGORITHM_ID, new - CertificateAlgorithmId(sigAlgId)); + CertificateAlgorithmId(sigAlgId.get(alg))); info.set(X509CertInfo.KEY, new CertificateX509Key(x509key)); info.set(X509CertInfo.EXTENSIONS, new CertificateExtensions()); return info; @@ -543,14 +580,46 @@ public class CryptoUtil { IOException, CertificateException { + // set default; use the other call with "alg" to specify algorithm + String alg = "SHA1withEC"; + return signECCCert(privateKey, certInfo, alg); + } + + public static X509CertImpl signECCCert(PrivateKey privateKey, + X509CertInfo certInfo, String alg) + throws NoSuchTokenException, + CryptoManager.NotInitializedException, + NoSuchAlgorithmException, + NoSuchTokenException, + TokenException, + InvalidKeyException, + SignatureException, + IOException, + CertificateException + { return signCert(privateKey, certInfo, - SignatureAlgorithm.ECSignatureWithSHA1Digest); + Cert.mapAlgorithmToJss(alg)); } /** * Signs certificate. */ public static X509CertImpl signCert(PrivateKey privateKey, + X509CertInfo certInfo, String alg) + throws NoSuchTokenException, + CryptoManager.NotInitializedException, + NoSuchAlgorithmException, + NoSuchTokenException, + TokenException, + InvalidKeyException, + SignatureException, + IOException, + CertificateException { + return signCert (privateKey, certInfo, + Cert.mapAlgorithmToJss(alg)); + } + + public static X509CertImpl signCert(PrivateKey privateKey, X509CertInfo certInfo, SignatureAlgorithm sigAlg) throws NoSuchTokenException, CryptoManager.NotInitializedException, @@ -598,11 +667,20 @@ public class CryptoUtil { throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException { - X509Key key = pubk; - String alg = "MD5/RSA"; - if (isECCKey(key)) { + // give default + String alg = "SHA1withRSA"; + if (isECCKey(pubk)) { alg = "SHA1withEC"; } + return createCertificationRequest(subjectName, pubk, prik, alg); + } + + public static PKCS10 createCertificationRequest(String subjectName, + X509Key pubk, PrivateKey prik, String alg) + throws NoSuchAlgorithmException, NoSuchProviderException, + InvalidKeyException, IOException, CertificateException, + SignatureException { + X509Key key = pubk; java.security.Signature sig = java.security.Signature.getInstance(alg, "Mozilla-JSS"); @@ -623,16 +701,28 @@ public class CryptoUtil { throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException { + String alg; PublicKey pubk = keyPair.getPublic(); X509Key key = convertPublicKeyToX509Key(pubk); - String alg; - if (pubk instanceof RSAPublicKey) { - alg = "MD5/RSA"; + alg = "SHA1withRSA"; + } else if (isECCKey(key)) { + alg = "SHA1withEC"; } else { // Assert.assert(pubk instanceof DSAPublicKey); alg = "DSA"; } + return createCertificationRequest(subjectName,keyPair, alg); + } + + public static PKCS10 createCertificationRequest(String subjectName, + KeyPair keyPair, String alg) + throws NoSuchAlgorithmException, NoSuchProviderException, + InvalidKeyException, IOException, CertificateException, + SignatureException { + PublicKey pubk = keyPair.getPublic(); + X509Key key = convertPublicKeyToX509Key(pubk); + java.security.Signature sig = java.security.Signature.getInstance(alg, "Mozilla-JSS"); diff --git a/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java b/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java index 704ebe5e9..9013242e5 100644 --- a/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java +++ b/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java @@ -234,7 +234,6 @@ implements CertAttrSet { DerOutputStream tmp = new DerOutputStream(); if (this.extensionValue == null) { this.extensionId = PKIXExtensions.NameConstraints_Id; - this.critical = false; encodeThis(); } super.encode(tmp); |