diff options
7 files changed, 133 insertions, 35 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java index f4d97cd74..a83fbac4f 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java @@ -21,7 +21,7 @@ package com.netscape.cmstools.pkcs12; import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.cmstools.cli.CLI; -import netscape.security.pkcs.PKCS12Util.PKCS12CertInfo; +import netscape.security.pkcs.PKCS12CertInfo; /** * @author Endi S. Dewata @@ -35,13 +35,13 @@ public class PKCS12CertCLI extends CLI { } public static void printCertInfo(PKCS12CertInfo certInfo) throws Exception { - System.out.println(" Serial Number: " + new CertId(certInfo.cert.getSerialNumber()).toHexString()); - System.out.println(" Nickname: " + certInfo.nickname); - System.out.println(" Subject DN: " + certInfo.cert.getSubjectDN()); - System.out.println(" Issuer DN: " + certInfo.cert.getIssuerDN()); + System.out.println(" Serial Number: " + new CertId(certInfo.getCert().getSerialNumber()).toHexString()); + System.out.println(" Nickname: " + certInfo.getNickname()); + System.out.println(" Subject DN: " + certInfo.getCert().getSubjectDN()); + System.out.println(" Issuer DN: " + certInfo.getCert().getIssuerDN()); - if (certInfo.trustFlags != null) { - System.out.println(" Trust flags: " + certInfo.trustFlags); + if (certInfo.getTrustFlags() != null) { + System.out.println(" Trust flags: " + certInfo.getTrustFlags()); } } } diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java index 4cbfee518..3aec7a6b2 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java @@ -29,8 +29,8 @@ import org.apache.commons.cli.ParseException; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; +import netscape.security.pkcs.PKCS12CertInfo; import netscape.security.pkcs.PKCS12Util; -import netscape.security.pkcs.PKCS12Util.PKCS12CertInfo; /** * @author Endi S. Dewata diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java index 9f0779782..d859fcea1 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java @@ -20,7 +20,7 @@ package com.netscape.cmstools.pkcs12; import com.netscape.cmstools.cli.CLI; -import netscape.security.pkcs.PKCS12Util.PKCS12KeyInfo; +import netscape.security.pkcs.PKCS12KeyInfo; /** * @author Endi S. Dewata @@ -34,10 +34,10 @@ public class PKCS12KeyCLI extends CLI { } public static void printKeyInfo(PKCS12KeyInfo keyInfo) throws Exception { - System.out.println(" Subject DN: " + keyInfo.subjectDN); + System.out.println(" Subject DN: " + keyInfo.getSubjectDN()); - if (keyInfo.privateKeyInfo != null) { - System.out.println(" Algorithm: " + keyInfo.privateKeyInfo.getAlgorithm()); + if (keyInfo.getPrivateKeyInfo() != null) { + System.out.println(" Algorithm: " + keyInfo.getPrivateKeyInfo().getAlgorithm()); } } } diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java index d8c165cd6..3bda750a4 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java @@ -32,8 +32,8 @@ import org.mozilla.jss.util.Password; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; +import netscape.security.pkcs.PKCS12KeyInfo; import netscape.security.pkcs.PKCS12Util; -import netscape.security.pkcs.PKCS12Util.PKCS12KeyInfo; /** * @author Endi S. Dewata diff --git a/base/util/src/netscape/security/pkcs/PKCS12CertInfo.java b/base/util/src/netscape/security/pkcs/PKCS12CertInfo.java new file mode 100644 index 000000000..d1a9cc9fc --- /dev/null +++ b/base/util/src/netscape/security/pkcs/PKCS12CertInfo.java @@ -0,0 +1,54 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2016 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package netscape.security.pkcs; + +import netscape.security.x509.X509CertImpl; + +public class PKCS12CertInfo { + + X509CertImpl cert; + String nickname; + String trustFlags; + + public PKCS12CertInfo() { + } + + public X509CertImpl getCert() { + return cert; + } + + public void setCert(X509CertImpl cert) { + this.cert = cert; + } + + public String getNickname() { + return nickname; + } + + public void setNickname(String nickname) { + this.nickname = nickname; + } + + public String getTrustFlags() { + return trustFlags; + } + + public void setTrustFlags(String trustFlags) { + this.trustFlags = trustFlags; + } +} diff --git a/base/util/src/netscape/security/pkcs/PKCS12KeyInfo.java b/base/util/src/netscape/security/pkcs/PKCS12KeyInfo.java new file mode 100644 index 000000000..ff3f2a289 --- /dev/null +++ b/base/util/src/netscape/security/pkcs/PKCS12KeyInfo.java @@ -0,0 +1,55 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2016 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package netscape.security.pkcs; + +import org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo; +import org.mozilla.jss.pkix.primitive.PrivateKeyInfo; + +public class PKCS12KeyInfo { + + EncryptedPrivateKeyInfo encPrivateKeyInfo; + PrivateKeyInfo privateKeyInfo; + String subjectDN; + + public PKCS12KeyInfo() { + } + + public EncryptedPrivateKeyInfo getEncPrivateKeyInfo() { + return encPrivateKeyInfo; + } + + public void setEncPrivateKeyInfo(EncryptedPrivateKeyInfo encPrivateKeyInfo) { + this.encPrivateKeyInfo = encPrivateKeyInfo; + } + + public PrivateKeyInfo getPrivateKeyInfo() { + return privateKeyInfo; + } + + public void setPrivateKeyInfo(PrivateKeyInfo privateKeyInfo) { + this.privateKeyInfo = privateKeyInfo; + } + + public String getSubjectDN() { + return subjectDN; + } + + public void setSubjectDN(String subjectDN) { + this.subjectDN = subjectDN; + } +} diff --git a/base/util/src/netscape/security/pkcs/PKCS12Util.java b/base/util/src/netscape/security/pkcs/PKCS12Util.java index 6acace0b9..9d852cb6a 100644 --- a/base/util/src/netscape/security/pkcs/PKCS12Util.java +++ b/base/util/src/netscape/security/pkcs/PKCS12Util.java @@ -20,6 +20,7 @@ package netscape.security.pkcs; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileOutputStream; +import java.math.BigInteger; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; @@ -76,18 +77,6 @@ public class PKCS12Util { PFX pfx; boolean trustFlagsEnabled = true; - public static class PKCS12KeyInfo { - public EncryptedPrivateKeyInfo encPrivateKeyInfo; - public PrivateKeyInfo privateKeyInfo; - public String subjectDN; - } - - public static class PKCS12CertInfo { - public X509CertImpl cert; - public String nickname; - public String trustFlags; - } - public boolean isTrustFlagsEnabled() { return trustFlagsEnabled; } @@ -143,7 +132,7 @@ public class PKCS12Util { } public void addKeyBag(PrivateKey privateKey, X509Certificate x509cert, - Password pass, byte[] localKeyID, SEQUENCE safeContents) throws Exception { + Password pass, BigInteger localKeyID, SEQUENCE safeContents) throws Exception { logger.fine("Creating key bag for " + x509cert.getSubjectDN()); @@ -167,13 +156,13 @@ public class PKCS12Util { safeContents.addElement(keyBag); } - public byte[] addCertBag(X509Certificate x509cert, String nickname, + public BigInteger addCertBag(X509Certificate x509cert, String nickname, SEQUENCE safeContents) throws Exception { logger.fine("Creating cert bag for " + nickname); ASN1Value cert = new OCTET_STRING(x509cert.getEncoded()); - byte[] localKeyID = createLocalKeyID(x509cert); + BigInteger localKeyID = createLocalKeyID(x509cert); String trustFlags = null; if (trustFlagsEnabled) { @@ -191,7 +180,7 @@ public class PKCS12Util { return localKeyID; } - byte[] createLocalKeyID(X509Certificate cert) throws Exception { + BigInteger createLocalKeyID(X509Certificate cert) throws Exception { // SHA1 hash of the X509Cert DER encoding byte[] certDer = cert.getEncoded(); @@ -199,10 +188,10 @@ public class PKCS12Util { MessageDigest md = MessageDigest.getInstance("SHA"); md.update(certDer); - return md.digest(); + return new BigInteger(1, md.digest()); } - SET createKeyBagAttrs(String subjectDN, byte localKeyID[]) + SET createKeyBagAttrs(String subjectDN, BigInteger localKeyID) throws Exception { SET attrs = new SET(); @@ -220,7 +209,7 @@ public class PKCS12Util { localKeyAttr.addElement(SafeBag.LOCAL_KEY_ID); SET localKeySet = new SET(); - localKeySet.addElement(new OCTET_STRING(localKeyID)); + localKeySet.addElement(new OCTET_STRING(localKeyID.toByteArray())); localKeyAttr.addElement(localKeySet); attrs.addElement(localKeyAttr); @@ -228,7 +217,7 @@ public class PKCS12Util { return attrs; } - SET createCertBagAttrs(String nickname, byte localKeyID[], String trustFlags) + SET createCertBagAttrs(String nickname, BigInteger localKeyID, String trustFlags) throws Exception { SET attrs = new SET(); @@ -246,7 +235,7 @@ public class PKCS12Util { localKeyAttr.addElement(SafeBag.LOCAL_KEY_ID); SET localKeySet = new SET(); - localKeySet.addElement(new OCTET_STRING(localKeyID)); + localKeySet.addElement(new OCTET_STRING(localKeyID.toByteArray())); localKeyAttr.addElement(localKeySet); attrs.addElement(localKeyAttr); @@ -287,7 +276,7 @@ public class PKCS12Util { PrivateKey prikey = cm.findPrivKeyByCert(cert); logger.fine("Found certificate " + nickname + " with private key"); - byte localKeyID[] = addCertBag(cert, nickname, safeContents); + BigInteger localKeyID = addCertBag(cert, nickname, safeContents); addKeyBag(prikey, cert, password, localKeyID, encSafeContents); } catch (ObjectNotFoundException e) { |