diff options
Diffstat (limited to 'base/util/src/netscape/security/pkcs/PKCS12Util.java')
-rw-r--r-- | base/util/src/netscape/security/pkcs/PKCS12Util.java | 65 |
1 files changed, 31 insertions, 34 deletions
diff --git a/base/util/src/netscape/security/pkcs/PKCS12Util.java b/base/util/src/netscape/security/pkcs/PKCS12Util.java index 665998e2f..b2c8f8667 100644 --- a/base/util/src/netscape/security/pkcs/PKCS12Util.java +++ b/base/util/src/netscape/security/pkcs/PKCS12Util.java @@ -209,14 +209,16 @@ public class PKCS12Util { attrs.addElement(nicknameAttr); - SEQUENCE localKeyAttr = new SEQUENCE(); - localKeyAttr.addElement(SafeBag.LOCAL_KEY_ID); + if (certInfo.keyID != null) { + SEQUENCE localKeyAttr = new SEQUENCE(); + localKeyAttr.addElement(SafeBag.LOCAL_KEY_ID); - SET localKeySet = new SET(); - localKeySet.addElement(new OCTET_STRING(certInfo.keyID.toByteArray())); - localKeyAttr.addElement(localKeySet); + SET localKeySet = new SET(); + localKeySet.addElement(new OCTET_STRING(certInfo.keyID.toByteArray())); + localKeyAttr.addElement(localKeySet); - attrs.addElement(localKeyAttr); + attrs.addElement(localKeyAttr); + } if (certInfo.trustFlags != null && trustFlagsEnabled) { SEQUENCE trustFlagsAttr = new SEQUENCE(); @@ -252,13 +254,11 @@ public class PKCS12Util { loadCertChainFromNSS(pkcs12, cert); } - public void loadCertFromNSS(PKCS12 pkcs12, X509Certificate cert) throws Exception { + public void loadCertFromNSS(PKCS12 pkcs12, X509Certificate cert, BigInteger keyID) throws Exception { String nickname = cert.getNickname(); logger.info("Loading certificate \"" + nickname + "\" from NSS database"); - BigInteger keyID = createLocalKeyID(cert); - PKCS12CertInfo certInfo = new PKCS12CertInfo(); certInfo.keyID = keyID; certInfo.nickname = nickname; @@ -267,7 +267,7 @@ public class PKCS12Util { pkcs12.addCertInfo(certInfo); } - public void loadCertKeyFromNSS(PKCS12 pkcs12, X509Certificate cert) throws Exception { + public void loadCertKeyFromNSS(PKCS12 pkcs12, X509Certificate cert, BigInteger keyID) throws Exception { String nickname = cert.getNickname(); logger.info("Loading private key for certificate \"" + nickname + "\" from NSS database"); @@ -278,10 +278,8 @@ public class PKCS12Util { PrivateKey privateKey = cm.findPrivKeyByCert(cert); logger.fine("Certificate \"" + nickname + "\" has private key"); - PKCS12CertInfo certInfo = pkcs12.getCertInfoByNickname(nickname); - PKCS12KeyInfo keyInfo = new PKCS12KeyInfo(); - keyInfo.id = certInfo.getKeyID(); + keyInfo.id = keyID; keyInfo.subjectDN = cert.getSubjectDN().toString(); byte[] privateData = getEncodedKey(privateKey); @@ -299,15 +297,17 @@ public class PKCS12Util { CryptoManager cm = CryptoManager.getInstance(); + BigInteger keyID = createLocalKeyID(cert); + // load cert with key - loadCertFromNSS(pkcs12, cert); - loadCertKeyFromNSS(pkcs12, cert); + loadCertFromNSS(pkcs12, cert, keyID); + loadCertKeyFromNSS(pkcs12, cert, keyID); // load parent certs without key X509Certificate[] certChain = cm.buildCertificateChain(cert); for (int i = 1; i < certChain.length; i++) { X509Certificate c = certChain[i]; - loadCertFromNSS(pkcs12, c); + loadCertFromNSS(pkcs12, c, null); } } @@ -591,21 +591,19 @@ public class PKCS12Util { wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publicKey), publicKey); } - public void importKeys(PKCS12 pkcs12) throws Exception { - - for (PKCS12KeyInfo keyInfo : pkcs12.getKeyInfos()) { - importKey(pkcs12, keyInfo); - } - } - - public void importCert(PKCS12 pkcs12, PKCS12CertInfo certInfo) throws Exception { + public void storeCertIntoNSS(PKCS12 pkcs12, PKCS12CertInfo certInfo) throws Exception { CryptoManager cm = CryptoManager.getInstance(); X509Certificate cert; + BigInteger keyID = certInfo.getKeyID(); + PKCS12KeyInfo keyInfo = keyID == null ? null : pkcs12.getKeyInfoByID(keyID); + + if (keyInfo != null) { // cert has key + logger.fine("Importing user key for " + certInfo.nickname); + importKey(pkcs12, keyInfo); - if (pkcs12.getKeyInfoByID(certInfo.getKeyID()) != null) { // cert has key - logger.fine("Importing user CA certificate " + certInfo.nickname); + logger.fine("Importing user certificate " + certInfo.nickname); cert = cm.importUserCACertPackage(certInfo.cert.getEncoded(), certInfo.nickname); } else { // cert has no key @@ -617,18 +615,17 @@ public class PKCS12Util { setTrustFlags(cert, certInfo.trustFlags); } - public void importCerts(PKCS12 pkcs12) throws Exception { - - for (PKCS12CertInfo certInfo : pkcs12.getCertInfos()) { - importCert(pkcs12, certInfo); - } + public void storeCertIntoNSS(PKCS12 pkcs12, String nickname) throws Exception { + PKCS12CertInfo certInfo = pkcs12.getCertInfoByNickname(nickname); + storeCertIntoNSS(pkcs12, certInfo); } - public void storeIntoNSS(PKCS12 pkcs12, Password password) throws Exception { + public void storeIntoNSS(PKCS12 pkcs12) throws Exception { logger.info("Storing data into NSS database"); - importKeys(pkcs12); - importCerts(pkcs12); + for (PKCS12CertInfo certInfo : pkcs12.getCertInfos()) { + storeCertIntoNSS(pkcs12, certInfo); + } } } |