1 files changed, 136 insertions, 0 deletions

diff --git a/base/util/src/netscape/security/pkcs/PKCS12.java b/base/util/src/netscape/security/pkcs/PKCS12.java
new file mode 100644
index 000000000..df7fde447
--- /dev/null
+++ b/base/util/src/netscape/security/pkcs/PKCS12.java
@@ -0,0 +1,136 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2016 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package netscape.security.pkcs;
+
+import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
+
+public class PKCS12 {
+
+    // PKI OID: 2.16.840.1.113730.5
+    public final static OBJECT_IDENTIFIER PKI_OID = new OBJECT_IDENTIFIER("2.16.840.1.113730.5");
+
+    // PKCS #12 OID: 2.16.840.1.113730.5.1
+    public final static OBJECT_IDENTIFIER PKCS12_OID = PKI_OID.subBranch(1);
+
+    // PKCS #12 attributes OID: 2.16.840.1.113730.5.1.1
+    public final static OBJECT_IDENTIFIER PKCS12_ATTRIBUTES_OID = PKCS12_OID.subBranch(1);
+
+    // Certificate trust flags OID: 2.16.840.1.113730.5.1.1.1
+    public final static OBJECT_IDENTIFIER CERT_TRUST_FLAGS_OID = PKCS12_ATTRIBUTES_OID.subBranch(1);
+
+    // based on certdb.h in NSS
+    public final static int TERMINAL_RECORD   = 1 << 0;
+    public final static int TRUSTED           = 1 << 1;
+    public final static int SEND_WARN         = 1 << 2;
+    public final static int VALID_CA          = 1 << 3;
+    public final static int TRUSTED_CA        = 1 << 4;
+    public final static int NS_TRUSTED_CA     = 1 << 5;
+    public final static int USER              = 1 << 6;
+    public final static int TRUSTED_CLIENT_CA = 1 << 7;
+    public final static int INVISIBLE_CA      = 1 << 8;
+    public final static int GOVT_APPROVED_CA  = 1 << 9;
+
+    public static boolean isFlagEnabled(int flag, int flags) {
+        return (flag & flags) > 0;
+    }
+
+    // based on printflags() in secutil.c in NSS
+    public static String encodeFlags(int flags) {
+
+        StringBuffer sb = new StringBuffer();
+
+        if (isFlagEnabled(VALID_CA, flags) && !isFlagEnabled(TRUSTED_CA, flags) && !isFlagEnabled(TRUSTED_CLIENT_CA, flags))
+            sb.append("c");
+
+        if (isFlagEnabled(TERMINAL_RECORD, flags) && !isFlagEnabled(TRUSTED, flags))
+            sb.append("p");
+
+        if (isFlagEnabled(TRUSTED_CA, flags))
+            sb.append("C");
+
+        if (isFlagEnabled(TRUSTED_CLIENT_CA, flags))
+            sb.append("T");
+
+        if (isFlagEnabled(TRUSTED, flags))
+            sb.append("P");
+
+        if (isFlagEnabled(USER, flags))
+            sb.append("u");
+
+        if (isFlagEnabled(SEND_WARN, flags))
+            sb.append("w");
+
+        if (isFlagEnabled(INVISIBLE_CA, flags))
+            sb.append("I");
+
+        if (isFlagEnabled(GOVT_APPROVED_CA, flags))
+            sb.append("G");
+
+        return sb.toString();
+    }
+
+    // based on CERT_DecodeTrustString() in certdb.c in NSS
+    public static int decodeFlags(String flags) throws Exception {
+
+        int value = 0;
+
+        for (char c : flags.toCharArray()) {
+            switch (c) {
+            case 'p':
+                value = value | TERMINAL_RECORD;
+                break;
+
+            case 'P':
+                value = value | TRUSTED | TERMINAL_RECORD;
+                break;
+
+            case 'w':
+                value = value | SEND_WARN;
+                break;
+
+            case 'c':
+                value = value | VALID_CA;
+                break;
+
+            case 'T':
+                value = value | TRUSTED_CLIENT_CA | VALID_CA;
+                break;
+
+            case 'C' :
+                value = value | TRUSTED_CA | VALID_CA;
+                break;
+
+            case 'u':
+                value = value | USER;
+                break;
+
+            case 'i':
+                value = value | INVISIBLE_CA;
+                break;
+            case 'g':
+                value = value | GOVT_APPROVED_CA;
+                break;
+
+            default:
+                throw new Exception("Invalid trust flag: " + c);
+            }
+        }
+
+        return value;
+    }
+}