summaryrefslogtreecommitdiffstats
path: root/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java')
-rw-r--r--pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java153
1 files changed, 79 insertions, 74 deletions
diff --git a/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java b/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java
index 6641e3be4..5f0999119 100644
--- a/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java
+++ b/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java
@@ -46,31 +46,32 @@ import org.mozilla.jss.util.Password;
import com.netscape.cmsutil.util.HMACDigest;
+
/**
* Generates a 1024-bit RSA key pair in the security database, constructs a
- * PKCS#10 certificate request with the public key, and outputs the request to a
- * file.
+ * PKCS#10 certificate request with the public key, and outputs the request
+ * to a file.
* <p>
- * PKCS #10 is a certification request syntax standard defined by RSA. A CA may
- * support multiple types of certificate requests. The Certificate System CA
- * supports KEYGEN, PKCS#10, CRMF, and CMC.
+ * PKCS #10 is a certification request syntax standard defined by RSA. A CA
+ * may support multiple types of certificate requests. The Certificate System
+ * CA supports KEYGEN, PKCS#10, CRMF, and CMC.
* <p>
* To get a certificate from the CA, the certificate request needs to be
* submitted to and approved by a CA agent. Once approved, a certificate is
- * created for the request, and certificate attributes, such as extensions, are
- * populated according to certificate profiles.
+ * created for the request, and certificate attributes, such as extensions,
+ * are populated according to certificate profiles.
* <p>
- *
* @version $Revision$, $Date$
*/
-public class PKCS10Client {
-
+public class PKCS10Client
+{
+
private static void printUsage() {
- System.out
- .println("Usage: PKCS10Client -p <certdb password> -d <location of certdb> -o <output file which saves the base64 PKCS10> -s <subjectDN>\n");
+ System.out.println("Usage: PKCS10Client -p <certdb password> -d <location of certdb> -o <output file which saves the base64 PKCS10> -s <subjectDN>\n");
}
- public static void main(String args[]) {
+ public static void main(String args[])
+ {
String dbdir = null, ofilename = null, password = null, subjectName = null;
if (args.length != 8) {
@@ -78,32 +79,33 @@ public class PKCS10Client {
System.exit(1);
}
- for (int i = 0; i < args.length; i++) {
+ for (int i=0; i<args.length; i++) {
String name = args[i];
if (name.equals("-p")) {
- password = args[i + 1];
+ password = args[i+1];
} else if (name.equals("-d")) {
- dbdir = args[i + 1];
+ dbdir = args[i+1];
} else if (name.equals("-o")) {
- ofilename = args[i + 1];
+ ofilename = args[i+1];
} else if (name.equals("-s")) {
- subjectName = args[i + 1];
+ subjectName = args[i+1];
}
}
-
+
if (password == null || ofilename == null || subjectName == null) {
System.out.println("Illegal input parameters.");
printUsage();
System.exit(1);
}
-
+
if (dbdir == null)
dbdir = ".";
- try {
+ try {
String mPrefix = "";
- CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues(
- dbdir, mPrefix, mPrefix, "secmod.db");
+ CryptoManager.InitializationValues vals =
+ new CryptoManager.InitializationValues(dbdir, mPrefix,
+ mPrefix, "secmod.db");
CryptoManager.initialize(vals);
CryptoManager cm = CryptoManager.getInstance();
@@ -111,10 +113,9 @@ public class PKCS10Client {
Password pass = new Password(password.toCharArray());
token.login(pass);
- KeyPairGenerator kg = token
- .getKeyPairGenerator(KeyPairAlgorithm.RSA);
+ KeyPairGenerator kg = token.getKeyPairGenerator(KeyPairAlgorithm.RSA);
kg.initialize(1024);
- KeyPair pair = kg.genKeyPair();
+ KeyPair pair = kg.genKeyPair();
// Add idPOPLinkWitness control
String secretValue = "testing";
@@ -123,44 +124,43 @@ public class PKCS10Client {
MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
key1 = SHA1Digest.digest(secretValue.getBytes());
- /* seed */
- byte[] b = { 0x10, 0x53, 0x42, 0x24, 0x1a, 0x2a, 0x35, 0x3c, 0x7a,
- 0x52, 0x54, 0x56, 0x71, 0x65, 0x66, 0x4c, 0x51, 0x34, 0x35,
- 0x23, 0x3c, 0x42, 0x43, 0x45, 0x61, 0x4f, 0x6e, 0x43, 0x1e,
- 0x2a, 0x2b, 0x31, 0x32, 0x34, 0x35, 0x36, 0x55, 0x51, 0x48,
- 0x14, 0x16, 0x29, 0x41, 0x42, 0x43, 0x7b, 0x63, 0x44, 0x6a,
- 0x12, 0x6b, 0x3c, 0x4c, 0x3f, 0x00, 0x14, 0x51, 0x61, 0x15,
- 0x22, 0x23, 0x5f, 0x5e, 0x69 };
+/* seed */
+byte[] b =
+{0x10, 0x53, 0x42, 0x24, 0x1a, 0x2a, 0x35, 0x3c,
+ 0x7a, 0x52, 0x54, 0x56, 0x71, 0x65, 0x66, 0x4c,
+ 0x51, 0x34, 0x35, 0x23, 0x3c, 0x42, 0x43, 0x45,
+ 0x61, 0x4f, 0x6e, 0x43, 0x1e, 0x2a, 0x2b, 0x31,
+ 0x32, 0x34, 0x35, 0x36, 0x55, 0x51, 0x48, 0x14,
+ 0x16, 0x29, 0x41, 0x42, 0x43, 0x7b, 0x63, 0x44,
+ 0x6a, 0x12, 0x6b, 0x3c, 0x4c, 0x3f, 0x00, 0x14,
+ 0x51, 0x61, 0x15, 0x22, 0x23, 0x5f, 0x5e, 0x69};
HMACDigest hmacDigest = new HMACDigest(SHA1Digest, key1);
hmacDigest.update(b);
finalDigest = hmacDigest.digest();
OCTET_STRING ostr = new OCTET_STRING(finalDigest);
- Attribute attr = new Attribute(
- OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness, ostr);
-
+ Attribute attr = new Attribute(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness, ostr);
+
SET attributes = new SET();
attributes.addElement(attr);
Name n = getJssName(subjectName);
- SubjectPublicKeyInfo subjectPub = new SubjectPublicKeyInfo(
- pair.getPublic());
- CertificationRequestInfo certReqInfo = new CertificationRequestInfo(
- new INTEGER(0), n, subjectPub, attributes);
- CertificationRequest certRequest = new CertificationRequest(
- certReqInfo, pair.getPrivate(),
- SignatureAlgorithm.RSASignatureWithMD5Digest);
+ SubjectPublicKeyInfo subjectPub = new SubjectPublicKeyInfo(pair.getPublic());
+ CertificationRequestInfo certReqInfo =
+ new CertificationRequestInfo(new INTEGER(0), n, subjectPub, attributes);
+ CertificationRequest certRequest = new CertificationRequest(certReqInfo,
+ pair.getPrivate(), SignatureAlgorithm.RSASignatureWithMD5Digest);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
certRequest.encode(bos);
byte[] bb = bos.toByteArray();
String b64E = com.netscape.osutil.OSUtil.BtoA(bb);
-
+
System.out.println("");
System.out.println(b64E);
System.out.println("");
-
+
PrintStream ps = null;
ps = new PrintStream(new FileOutputStream(ofilename));
ps.println(b64E);
@@ -170,81 +170,86 @@ public class PKCS10Client {
}
}
- static Name getJssName(String dn) {
+ static Name getJssName(String dn)
+ {
X500Name x5Name = null;
try {
- x5Name = new X500Name(dn);
- } catch (IOException e) {
+ x5Name= new X500Name(dn);
+ } catch(IOException e) {
- System.out.println("Illegal Subject Name: " + dn + " Error: "
- + e.toString());
+ System.out.println("Illegal Subject Name: " + dn + " Error: " + e.toString());
System.out.println("Filling in default Subject Name......");
return null;
}
Name ret = new Name();
netscape.security.x509.RDN[] names = null;
- names = x5Name.getNames();
+ names = x5Name.getNames();
int nameLen = x5Name.getNamesLength();
netscape.security.x509.RDN cur = null;
- for (int i = 0; i < nameLen; i++) {
+ for(int i = 0; i < nameLen ; i++)
+ {
cur = names[i];
String rdnStr = cur.toString();
String[] split = rdnStr.split("=");
- if (split.length != 2)
+ if(split.length != 2)
continue;
try {
- if (split[0].equals("UID")) {
- ret.addElement(new AVA(new OBJECT_IDENTIFIER(
- "0.9.2342.19200300.100.1.1"), new PrintableString(
- split[1])));
- // System.out.println("UID found : " + split[1]);
+ if(split[0].equals("UID"))
+ {
+ ret.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString(split[1])));
+ // System.out.println("UID found : " + split[1]);
}
- if (split[0].equals("C")) {
+ if(split[0].equals("C"))
+ {
ret.addCountryName(split[1]);
- // System.out.println("C found : " + split[1]);
+ // System.out.println("C found : " + split[1]);
continue;
}
- if (split[0].equals("CN")) {
+ if(split[0].equals("CN"))
+ {
ret.addCommonName(split[1]);
- // System.out.println("CN found : " + split[1]);
+ // System.out.println("CN found : " + split[1]);
continue;
}
- if (split[0].equals("L")) {
+ if(split[0].equals("L"))
+ {
ret.addLocalityName(split[1]);
- // System.out.println("L found : " + split[1]);
+ // System.out.println("L found : " + split[1]);
continue;
}
- if (split[0].equals("O")) {
+ if(split[0].equals("O"))
+ {
ret.addOrganizationName(split[1]);
- // System.out.println("O found : " + split[1]);
+ // System.out.println("O found : " + split[1]);
continue;
}
- if (split[0].equals("ST")) {
+ if(split[0].equals("ST"))
+ {
ret.addStateOrProvinceName(split[1]);
- // System.out.println("ST found : " + split[1]);
+ // System.out.println("ST found : " + split[1]);
continue;
}
- if (split[0].equals("OU")) {
+ if(split[0].equals("OU"))
+ {
ret.addOrganizationalUnitName(split[1]);
- // System.out.println("OU found : " + split[1]);
+ // System.out.println("OU found : " + split[1]);
continue;
}
- } catch (Exception e) {
- System.out.println("Error constructing RDN: " + rdnStr
- + " Error: " + e.toString());
+ } catch (Exception e) {
+ System.out.println("Error constructing RDN: " + rdnStr + " Error: " + e.toString());
continue;
}
}
generated by cgit (git 2.34.1) at 2024-07-04 08:13:37 +0000