diff options
Diffstat (limited to 'pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java')
-rw-r--r-- | pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 394 |
1 files changed, 193 insertions, 201 deletions
diff --git a/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index e659da9b9..e2d5d156a 100644 --- a/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.crypto; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.CharConversionException; @@ -109,27 +108,27 @@ public class CryptoUtil { /* * encodes cert */ - // private static BASE64Encoder mEncoder = new BASE64Encoder(); + // private static BASE64Encoder mEncoder = new BASE64Encoder(); public static String toMIME64(X509CertImpl cert) { try { - return - "-----BEGIN CERTIFICATE-----\n" - // + mEncoder.encodeBuffer(cert.getEncoded()) - + OSUtil.BtoA( cert.getEncoded() ) + return "-----BEGIN CERTIFICATE-----\n" + // + mEncoder.encodeBuffer(cert.getEncoded()) + + OSUtil.BtoA(cert.getEncoded()) + "-----END CERTIFICATE-----\n"; - } catch (Exception e) {} + } catch (Exception e) { + } return null; } - + public static boolean arraysEqual(byte[] bytes, byte[] ints) { if (bytes == null || ints == null) { return false; } - + if (bytes.length != ints.length) { return false; } - + for (int i = 0; i < bytes.length; i++) { if (bytes[i] != ints[i]) { return false; @@ -142,7 +141,7 @@ public class CryptoUtil { * Retrieves handle to a JSS token. */ public static CryptoToken getTokenByName(String token) - throws CryptoManager.NotInitializedException, + throws CryptoManager.NotInitializedException, NoSuchTokenException { CryptoManager cm = CryptoManager.getInstance(); CryptoToken t = null; @@ -159,7 +158,7 @@ public class CryptoUtil { * Generates a RSA key pair. */ public static KeyPair generateRSAKeyPair(String token, int keysize) - throws CryptoManager.NotInitializedException, + throws CryptoManager.NotInitializedException, NoSuchTokenException, NoSuchAlgorithmException, TokenException { @@ -172,21 +171,20 @@ public class CryptoUtil { return pair; } - public static boolean isECCKey(X509Key key) - { + public static boolean isECCKey(X509Key key) { String keyAlgo = key.getAlgorithm(); - if (keyAlgo.equals("EC") || + if (keyAlgo.equals("EC") || keyAlgo.equals("OID.1.2.840.10045.44")) { // ECC - return true; - } - return false; + return true; + } + return false; } /** * Generates an ecc key pair. */ public static KeyPair generateECCKeyPair(String token, int keysize) - throws CryptoManager.NotInitializedException, + throws CryptoManager.NotInitializedException, NoSuchTokenException, NoSuchAlgorithmException, TokenException { @@ -194,9 +192,9 @@ public class CryptoUtil { } public static KeyPair generateECCKeyPair(String token, int keysize, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask) - throws CryptoManager.NotInitializedException, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask) + throws CryptoManager.NotInitializedException, NoSuchTokenException, NoSuchAlgorithmException, TokenException { @@ -217,7 +215,7 @@ public class CryptoUtil { * Generates an ecc key pair by curve name */ public static KeyPair generateECCKeyPair(String token, String curveName) - throws CryptoManager.NotInitializedException, + throws CryptoManager.NotInitializedException, NoSuchTokenException, NoSuchAlgorithmException, TokenException { @@ -225,7 +223,7 @@ public class CryptoUtil { } public static KeyPair generateECCKeyPair(CryptoToken token, String curveName) - throws CryptoManager.NotInitializedException, + throws CryptoManager.NotInitializedException, NoSuchTokenException, NoSuchAlgorithmException, TokenException { @@ -233,9 +231,9 @@ public class CryptoUtil { } public static KeyPair generateECCKeyPair(String token, String curveName, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask) - throws CryptoManager.NotInitializedException, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask) + throws CryptoManager.NotInitializedException, NoSuchTokenException, NoSuchAlgorithmException, TokenException { @@ -244,9 +242,9 @@ public class CryptoUtil { } public static KeyPair generateECCKeyPair(CryptoToken token, String curveName, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask) - throws CryptoManager.NotInitializedException, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask) + throws CryptoManager.NotInitializedException, NoSuchTokenException, NoSuchAlgorithmException, TokenException { @@ -255,17 +253,17 @@ public class CryptoUtil { g.setKeyPairUsages(usage_ops, usage_mask); - System.out.println("CryptoUtil: generateECCKeyPair: curve = "+ curveName); + System.out.println("CryptoUtil: generateECCKeyPair: curve = " + curveName); int curveCode = 0; try { curveCode = g.getCurveCodeByName(curveName); } catch (Exception e) { - System.out.println("CryptoUtil: generateECCKeyPair: "+ e.toString()); + System.out.println("CryptoUtil: generateECCKeyPair: " + e.toString()); throw new NoSuchAlgorithmException(); } g.initialize(curveCode); - System.out.println("CryptoUtil: generateECCKeyPair: after KeyPairGenerator initialize with:"+ curveName); + System.out.println("CryptoUtil: generateECCKeyPair: after KeyPairGenerator initialize with:" + curveName); KeyPair pair = g.genKeyPair(); return pair; @@ -289,21 +287,21 @@ public class CryptoUtil { ByteArrayOutputStream output = new ByteArrayOutputStream(); Base64OutputStream b64 = new Base64OutputStream(new PrintStream(new - FilterOutputStream(output))); - + FilterOutputStream(output))); + b64.write(bytes); b64.flush(); - + // This is internationally safe because Base64 chars are // contained within 8859_1 return output.toString("8859_1"); } - + public static byte[] base64Decode(String s) throws IOException { - // BASE64Decoder base64 = new BASE64Decoder(); - // byte[] d = base64.decodeBuffer(s); - byte[] d = OSUtil.AtoB( s ); - + // BASE64Decoder base64 = new BASE64Decoder(); + // byte[] d = base64.decodeBuffer(s); + byte[] d = OSUtil.AtoB(s); + return d; } @@ -313,10 +311,10 @@ public class CryptoUtil { public static String reqFormat(String content) { int beginIndex = CERTREQ_BEGIN_HEADING.length(); int endIndex = CERTREQ_END_HEADING.length(); - + String result = CERTREQ_BEGIN_HEADING + "\n"; int index = 0; - + while (content.length() >= LINE_COUNT) { result = result + content.substring(0, LINE_COUNT) + "\n"; content = content.substring(LINE_COUNT); @@ -326,11 +324,11 @@ public class CryptoUtil { } else { result = result + CERTREQ_END_HEADING; } - + return result; } - - public static String getPKCS10FromKey(String dn, + + public static String getPKCS10FromKey(String dn, byte modulus[], byte exponent[], byte prikdata[]) throws IOException, InvalidKeyException, @@ -339,8 +337,7 @@ public class CryptoUtil { CertificateException, SignatureException, CryptoManager.NotInitializedException, - NoSuchAlgorithmException - { + NoSuchAlgorithmException { X509Key x509key = getPublicX509Key(modulus, exponent); PrivateKey prik = findPrivateKeyFromID(prikdata); PKCS10 pkcs10 = createCertificationRequest(dn, x509key, prik); @@ -350,7 +347,7 @@ public class CryptoUtil { return bs.toString(); } - public static String getPKCS10FromKey(String dn, + public static String getPKCS10FromKey(String dn, byte modulus[], byte exponent[], byte prikdata[], String alg) throws IOException, InvalidKeyException, @@ -359,8 +356,7 @@ public class CryptoUtil { CertificateException, SignatureException, CryptoManager.NotInitializedException, - NoSuchAlgorithmException - { + NoSuchAlgorithmException { X509Key x509key = getPublicX509Key(modulus, exponent); PrivateKey prik = findPrivateKeyFromID(prikdata); PKCS10 pkcs10 = createCertificationRequest(dn, x509key, prik, alg); @@ -379,10 +375,10 @@ public class CryptoUtil { } int beginIndex = CERT_BEGIN_HEADING.length(); int endIndex = CERT_END_HEADING.length(); - + String result = CERT_BEGIN_HEADING + "\n"; int index = 0; - + while (content.length() >= LINE_COUNT) { result = result + content.substring(0, LINE_COUNT) + "\n"; content = content.substring(LINE_COUNT); @@ -392,31 +388,32 @@ public class CryptoUtil { } else { result = result + CERT_END_HEADING; } - + return result; } /** * strips out the begin and end certificate brackets + * * @param s the string potentially bracketed with - * "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" + * "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" * @return string without the brackets */ public static String stripCertBrackets(String s) { if (s == null) { return s; } - + if (s.startsWith(CERT_BEGIN_HEADING) && s.endsWith(CERT_END_HEADING)) { return (s.substring(27, (s.length() - 25))); } - + // To support Thawte's header and footer if ((s.startsWith("-----BEGIN PKCS #7 SIGNED DATA-----")) && (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) { return (s.substring(35, (s.length() - 33))); } - + return s; } @@ -430,13 +427,13 @@ public class CryptoUtil { s = s.replaceAll("-----END NEW CERTIFICATE REQUEST-----", ""); s = s.replaceAll("-----BEGIN CERTIFICATE-----", ""); s = s.replaceAll("-----END CERTIFICATE-----", ""); - + StringBuffer sb = new StringBuffer(); StringTokenizer st = new StringTokenizer(s, "\r\n "); - + while (st.hasMoreTokens()) { String nextLine = st.nextToken(); - + nextLine = nextLine.trim(); if (nextLine.equals("-----BEGIN CERTIFICATE REQUEST-----")) { continue; @@ -460,10 +457,10 @@ public class CryptoUtil { } return sb.toString(); } - + public static String normalizeCertStr(String s) { String val = ""; - + for (int i = 0; i < s.length(); i++) { if (s.charAt(i) == '\n') { continue; @@ -484,61 +481,58 @@ public class CryptoUtil { CryptoManager.NotInitializedException, TokenException, CertificateEncodingException, - CertificateException - { + CertificateException { byte[] blah = base64Decode(certchain); CryptoManager manager = CryptoManager.getInstance(); PKCS7 pkcs7 = null; - try { - // try PKCS7 first - pkcs7 = new PKCS7(blah); + try { + // try PKCS7 first + pkcs7 = new PKCS7(blah); } catch (Exception e) { } X509Certificate cert = null; if (pkcs7 == null) { - cert = manager.importCACertPackage(blah); - } else { - java.security.cert.X509Certificate certsInP7[] = - pkcs7.getCertificates(); - if (certsInP7 == null) { cert = manager.importCACertPackage(blah); - } else { - for (int i = 0; i < certsInP7.length; i++) { - // import P7 one by one - cert = manager.importCACertPackage(certsInP7[i].getEncoded()); + } else { + java.security.cert.X509Certificate certsInP7[] = + pkcs7.getCertificates(); + if (certsInP7 == null) { + cert = manager.importCACertPackage(blah); + } else { + for (int i = 0; i < certsInP7.length; i++) { + // import P7 one by one + cert = manager.importCACertPackage(certsInP7[i].getEncoded()); + } } - } } - X509Certificate[] certchains = - CryptoManager.getInstance().buildCertificateChain(cert); - + X509Certificate[] certchains = + CryptoManager.getInstance().buildCertificateChain(cert); + if (certchains != null) { - cert = certchains[certchains.length - 1]; + cert = certchains[certchains.length - 1]; } InternalCertificate icert = (InternalCertificate) cert; - icert.setSSLTrust( InternalCertificate.TRUSTED_CA + icert.setSSLTrust(InternalCertificate.TRUSTED_CA | InternalCertificate.TRUSTED_CLIENT_CA | InternalCertificate.VALID_CA); } public static SEQUENCE parseCRMFMsgs(byte cert_request[]) - throws IOException, InvalidBERException - { - ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(cert_request); + throws IOException, InvalidBERException { + ByteArrayInputStream crmfBlobIn = + new ByteArrayInputStream(cert_request); SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode( + new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode( crmfBlobIn); return crmfMsgs; } - public static X509Key getX509KeyFromCRMFMsgs(SEQUENCE crmfMsgs) - throws IOException, NoSuchAlgorithmException, - InvalidKeyException, InvalidKeyFormatException - { + public static X509Key getX509KeyFromCRMFMsgs(SEQUENCE crmfMsgs) + throws IOException, NoSuchAlgorithmException, + InvalidKeyException, InvalidKeyFormatException { int nummsgs = crmfMsgs.size(); if (nummsgs <= 0) { - throw new IOException("invalid certificate requests"); + throw new IOException("invalid certificate requests"); } CertReqMsg msg = (CertReqMsg) crmfMsgs.elementAt(0); CertRequest certreq = msg.getCertReq(); @@ -549,28 +543,28 @@ public class CryptoUtil { return x509key; } - public static X509Key getPublicX509Key(byte modulus[], byte exponent[]) - throws InvalidKeyException { + public static X509Key getPublicX509Key(byte modulus[], byte exponent[]) + throws InvalidKeyException { return new netscape.security.provider.RSAPublicKey(new BigInt(modulus), new BigInt(exponent)); } public static X509Key getPublicX509ECCKey(byte encoded[]) - throws InvalidKeyException { - try { - return X509Key.parse(new DerValue(encoded)); - } catch (IOException e) { - throw new InvalidKeyException(); - } + throws InvalidKeyException { + try { + return X509Key.parse(new DerValue(encoded)); + } catch (IOException e) { + throw new InvalidKeyException(); + } } public static X509Key convertPublicKeyToX509Key(PublicKey pubk) - throws InvalidKeyException { + throws InvalidKeyException { X509Key xKey; - + if (pubk instanceof RSAPublicKey) { RSAPublicKey rsaKey = (RSAPublicKey) pubk; - + xKey = new netscape.security.provider.RSAPublicKey( new BigInt(rsaKey.getModulus()), new BigInt(rsaKey.getPublicExponent())); @@ -578,18 +572,18 @@ public class CryptoUtil { // Assert.assert(pubk instanceof DSAPublicKey); DSAPublicKey dsaKey = (DSAPublicKey) pubk; DSAParams params = dsaKey.getParams(); - + xKey = new netscape.security.provider.DSAPublicKey(dsaKey.getY(), params.getP(), params.getQ(), params.getG()); } return xKey; } - public static String getSubjectName(SEQUENCE crmfMsgs) - throws IOException { + public static String getSubjectName(SEQUENCE crmfMsgs) + throws IOException { int nummsgs = crmfMsgs.size(); if (nummsgs <= 0) { - throw new IOException("invalid certificate requests"); + throw new IOException("invalid certificate requests"); } CertReqMsg msg = (CertReqMsg) crmfMsgs.elementAt(0); CertRequest certreq = msg.getCertReq(); @@ -597,7 +591,7 @@ public class CryptoUtil { Name n = certTemplate.getSubject(); ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream(); n.encode(subjectEncStream); - + byte[] b = subjectEncStream.toByteArray(); X500Name subject = new X500Name(b); return subject.toString(); @@ -607,46 +601,46 @@ public class CryptoUtil { * Creates a Certificate template. */ public static X509CertInfo createX509CertInfo(KeyPair pair, - int serialno, String issuername, String subjname, + int serialno, String issuername, String subjname, Date notBefore, Date notAfter) - throws IOException, - CertificateException, + throws IOException, + CertificateException, InvalidKeyException { - return createX509CertInfo(convertPublicKeyToX509Key(pair.getPublic()), + return createX509CertInfo(convertPublicKeyToX509Key(pair.getPublic()), serialno, issuername, subjname, notBefore, notAfter); } public static X509CertInfo createX509CertInfo(PublicKey publickey, - int serialno, String issuername, String subjname, + int serialno, String issuername, String subjname, Date notBefore, Date notAfter) - throws IOException, - CertificateException, + throws IOException, + CertificateException, InvalidKeyException { return createX509CertInfo(convertPublicKeyToX509Key(publickey), serialno, issuername, subjname, notBefore, notAfter); } public static X509CertInfo createX509CertInfo(X509Key x509key, - int serialno, String issuername, String subjname, + int serialno, String issuername, String subjname, Date notBefore, Date notAfter) - throws IOException, - CertificateException, + throws IOException, + CertificateException, InvalidKeyException { // set default; use the other call with "alg" to set algorithm String alg = "SHA256withRSA"; try { - return createX509CertInfo (x509key, serialno, issuername, subjname, notBefore, notAfter, alg); + return createX509CertInfo(x509key, serialno, issuername, subjname, notBefore, notAfter, alg); } catch (NoSuchAlgorithmException ex) { - // for those that calls the old call without alg - throw new CertificateException("createX509CertInfo old call should not be here"); + // for those that calls the old call without alg + throw new CertificateException("createX509CertInfo old call should not be here"); } } public static X509CertInfo createX509CertInfo(X509Key x509key, - int serialno, String issuername, String subjname, + int serialno, String issuername, String subjname, Date notBefore, Date notAfter, String alg) - throws IOException, - CertificateException, + throws IOException, + CertificateException, InvalidKeyException, NoSuchAlgorithmException { X509CertInfo info = new X509CertInfo(); @@ -668,10 +662,9 @@ public class CryptoUtil { return info; } - - public static X509CertImpl signECCCert(PrivateKey privateKey, + public static X509CertImpl signECCCert(PrivateKey privateKey, X509CertInfo certInfo) - throws NoSuchTokenException, + throws NoSuchTokenException, CryptoManager.NotInitializedException, NoSuchAlgorithmException, NoSuchTokenException, @@ -679,16 +672,15 @@ public class CryptoUtil { InvalidKeyException, SignatureException, IOException, - CertificateException - { + CertificateException { // set default; use the other call with "alg" to specify algorithm String alg = "SHA256withEC"; return signECCCert(privateKey, certInfo, alg); } - public static X509CertImpl signECCCert(PrivateKey privateKey, + public static X509CertImpl signECCCert(PrivateKey privateKey, X509CertInfo certInfo, String alg) - throws NoSuchTokenException, + throws NoSuchTokenException, CryptoManager.NotInitializedException, NoSuchAlgorithmException, NoSuchTokenException, @@ -696,18 +688,17 @@ public class CryptoUtil { InvalidKeyException, SignatureException, IOException, - CertificateException - { - return signCert(privateKey, certInfo, + CertificateException { + return signCert(privateKey, certInfo, Cert.mapAlgorithmToJss(alg)); } /** * Signs certificate. */ - public static X509CertImpl signCert(PrivateKey privateKey, + public static X509CertImpl signCert(PrivateKey privateKey, X509CertInfo certInfo, String alg) - throws NoSuchTokenException, + throws NoSuchTokenException, CryptoManager.NotInitializedException, NoSuchAlgorithmException, NoSuchTokenException, @@ -716,13 +707,13 @@ public class CryptoUtil { SignatureException, IOException, CertificateException { - return signCert (privateKey, certInfo, + return signCert(privateKey, certInfo, Cert.mapAlgorithmToJss(alg)); } - public static X509CertImpl signCert(PrivateKey privateKey, + public static X509CertImpl signCert(PrivateKey privateKey, X509CertInfo certInfo, SignatureAlgorithm sigAlg) - throws NoSuchTokenException, + throws NoSuchTokenException, CryptoManager.NotInitializedException, NoSuchAlgorithmException, NoSuchTokenException, @@ -735,28 +726,28 @@ public class CryptoUtil { DerInputStream ds = new DerInputStream(ASN1Util.encode(sigAlg.toOID())); ObjectIdentifier sigAlgOID = new ObjectIdentifier(ds); AlgorithmId aid = new AlgorithmId(sigAlgOID); - certInfo.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(aid)); - - org.mozilla.jss.crypto.PrivateKey priKey = - (org.mozilla.jss.crypto.PrivateKey) privateKey; + certInfo.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId(aid)); + + org.mozilla.jss.crypto.PrivateKey priKey = + (org.mozilla.jss.crypto.PrivateKey) privateKey; CryptoToken token = priKey.getOwningToken(); - + DerOutputStream tmp = new DerOutputStream(); DerOutputStream out = new DerOutputStream(); - + certInfo.encode(tmp); Signature signer = token.getSignatureContext(sigAlg); - + signer.initSign(priKey); signer.update(tmp.toByteArray()); byte signed[] = signer.sign(); - + aid.encode(tmp); tmp.putBitString(signed); out.write(DerValue.tag_Sequence, tmp); X509CertImpl signedCert = new X509CertImpl(out.toByteArray()); - + return signedCert; } @@ -765,20 +756,20 @@ public class CryptoUtil { */ public static PKCS10 createCertificationRequest(String subjectName, X509Key pubk, PrivateKey prik) - throws NoSuchAlgorithmException, NoSuchProviderException, + throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException { // give default String alg = "SHA256withRSA"; if (isECCKey(pubk)) { - alg = "SHA256withEC"; + alg = "SHA256withEC"; } return createCertificationRequest(subjectName, pubk, prik, alg); } public static PKCS10 createCertificationRequest(String subjectName, X509Key pubk, PrivateKey prik, String alg) - throws NoSuchAlgorithmException, NoSuchProviderException, + throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException { X509Key key = pubk; @@ -799,7 +790,7 @@ public class CryptoUtil { */ public static PKCS10 createCertificationRequest(String subjectName, KeyPair keyPair) - throws NoSuchAlgorithmException, NoSuchProviderException, + throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException { String alg; @@ -813,45 +804,45 @@ public class CryptoUtil { // Assert.assert(pubk instanceof DSAPublicKey); alg = "DSA"; } - return createCertificationRequest(subjectName,keyPair, alg); + return createCertificationRequest(subjectName, keyPair, alg); } public static PKCS10 createCertificationRequest(String subjectName, KeyPair keyPair, String alg) - throws NoSuchAlgorithmException, NoSuchProviderException, + throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException { PublicKey pubk = keyPair.getPublic(); X509Key key = convertPublicKeyToX509Key(pubk); - + java.security.Signature sig = java.security.Signature.getInstance(alg, "Mozilla-JSS"); - + sig.initSign(keyPair.getPrivate()); - + PKCS10 pkcs10 = new PKCS10(key); - + X500Name name = new X500Name(subjectName); X500Signer signer = new X500Signer(sig, name); - + pkcs10.encodeAndSign(signer); - + return pkcs10; } public static void unTrustCert(InternalCertificate cert) { // remove TRUSTED_CA int flag = cert.getSSLTrust(); - + flag ^= InternalCertificate.VALID_CA; cert.setSSLTrust(flag); } - + /** * Trusts a certificate by nickname. */ - public static void trustCertByNickname(String nickname) - throws CryptoManager.NotInitializedException, + public static void trustCertByNickname(String nickname) + throws CryptoManager.NotInitializedException, TokenException { CryptoManager cm = CryptoManager.getInstance(); X509Certificate certs[] = cm.findCertsByNickname(nickname); @@ -871,12 +862,12 @@ public class CryptoUtil { int flag = InternalCertificate.VALID_CA | InternalCertificate.TRUSTED_CA | InternalCertificate.USER | InternalCertificate.TRUSTED_CLIENT_CA; - + cert.setSSLTrust(flag); cert.setObjectSigningTrust(flag); cert.setEmailTrust(flag); } - + /** * To certificate server point of view, SSL trust is * what we referring. @@ -889,7 +880,7 @@ public class CryptoUtil { return false; } } - + public static boolean isTrust(int flag) { if (((flag & InternalCertificate.VALID_CA) > 0) && ((flag & InternalCertificate.TRUSTED_CA) > 0) @@ -906,11 +897,11 @@ public class CryptoUtil { */ public static SymmetricKey generateKey(CryptoToken token, KeyGenAlgorithm alg) - throws TokenException, NoSuchAlgorithmException, + throws TokenException, NoSuchAlgorithmException, IllegalStateException { try { KeyGenerator kg = token.getKeyGenerator(alg); - + return kg.generate(); } catch (CharConversionException e) { throw new RuntimeException( @@ -950,8 +941,8 @@ public class CryptoUtil { /** * Retrieves a private key from a unique key ID. */ - public static PrivateKey findPrivateKeyFromID(byte id[]) - throws CryptoManager.NotInitializedException, + public static PrivateKey findPrivateKeyFromID(byte id[]) + throws CryptoManager.NotInitializedException, TokenException { CryptoManager cm = CryptoManager.getInstance(); Enumeration enums = cm.getAllTokens(); @@ -960,7 +951,7 @@ public class CryptoUtil { CryptoToken token = (CryptoToken) enums.nextElement(); String tokenName = token.getName(); CryptoStore store = token.getCryptoStore(); - PrivateKey keys[] = store.getPrivateKeys(); + PrivateKey keys[] = store.getPrivateKeys(); if (keys != null) { for (int i = 0; i < keys.length; i++) { @@ -977,7 +968,7 @@ public class CryptoUtil { * Retrieves all user certificates from all tokens. */ public static X509CertImpl[] getAllUserCerts() - throws CryptoManager.NotInitializedException, + throws CryptoManager.NotInitializedException, TokenException { Vector certs = new Vector(); CryptoManager cm = CryptoManager.getInstance(); @@ -986,10 +977,10 @@ public class CryptoUtil { while (enums.hasMoreElements()) { CryptoToken token = (CryptoToken) enums.nextElement(); String tokenName = token.getName(); - + CryptoStore store = token.getCryptoStore(); org.mozilla.jss.crypto.X509Certificate list[] = store.getCertificates(); - + for (int i = 0; i < list.length; i++) { try { PrivateKey key = cm.findPrivKeyByCert(list[i]); @@ -1022,7 +1013,7 @@ public class CryptoUtil { * Deletes a private key. */ public static void deletePrivateKey(PrivateKey prikey) - throws CryptoManager.NotInitializedException, TokenException { + throws CryptoManager.NotInitializedException, TokenException { CryptoManager cm = CryptoManager.getInstance(); try { @@ -1030,21 +1021,23 @@ public class CryptoUtil { CryptoStore store = token.getCryptoStore(); store.deletePrivateKey(prikey); - } catch (NoSuchItemOnTokenException e) {} + } catch (NoSuchItemOnTokenException e) { + } } /** * Retrieves a private key by nickname. */ public static PrivateKey getPrivateKey(String nickname) - throws CryptoManager.NotInitializedException, TokenException { + throws CryptoManager.NotInitializedException, TokenException { try { CryptoManager cm = CryptoManager.getInstance(); X509Certificate cert = cm.findCertByNickname(nickname); org.mozilla.jss.crypto.PrivateKey prikey = cm.findPrivKeyByCert(cert); return prikey; - } catch (ObjectNotFoundException e) {} + } catch (ObjectNotFoundException e) { + } return null; } @@ -1052,7 +1045,7 @@ public class CryptoUtil { * Deletes all certificates by a nickname. */ public static void deleteAllCertificates(String nickname) - throws CryptoManager.NotInitializedException, TokenException { + throws CryptoManager.NotInitializedException, TokenException { CryptoManager cm = CryptoManager.getInstance(); X509Certificate certs[] = cm.findCertsByNickname(nickname); @@ -1068,18 +1061,20 @@ public class CryptoUtil { CryptoStore store = token.getCryptoStore(); store.deleteCert(cert); - } catch (NoSuchItemOnTokenException e) {} catch (ObjectNotFoundException e) {} + } catch (NoSuchItemOnTokenException e) { + } catch (ObjectNotFoundException e) { + } } } /** - * Imports a PKCS#7 certificate chain that includes the user + * Imports a PKCS#7 certificate chain that includes the user * certificate, and trusts the certificate. */ - public static X509Certificate importUserCertificateChain(String c, + public static X509Certificate importUserCertificateChain(String c, String nickname) - throws CryptoManager.NotInitializedException, - CryptoManager.NicknameConflictException, + throws CryptoManager.NotInitializedException, + CryptoManager.NicknameConflictException, CryptoManager.UserCertConflictException, NoSuchItemOnTokenException, TokenException, @@ -1095,7 +1090,7 @@ public class CryptoUtil { * Imports a user certificate, and trusts the certificate. */ public static void importUserCertificate(X509CertImpl cert, String nickname) - throws CryptoManager.NotInitializedException, + throws CryptoManager.NotInitializedException, CertificateEncodingException, NoSuchItemOnTokenException, TokenException, @@ -1108,8 +1103,8 @@ public class CryptoUtil { } public static void importUserCertificate(X509CertImpl cert, String nickname, - boolean trust) - throws CryptoManager.NotInitializedException, + boolean trust) + throws CryptoManager.NotInitializedException, CertificateEncodingException, NoSuchItemOnTokenException, TokenException, @@ -1127,7 +1122,7 @@ public class CryptoUtil { CertificateChain certchain = new CertificateChain(); certchain.decode(bis); - java.security.cert.X509Certificate[] certs = certchain.getChain(); + java.security.cert.X509Certificate[] certs = certchain.getChain(); return certs; } @@ -1136,25 +1131,22 @@ public class CryptoUtil { // START ENABLE_ECC // This following can be removed when JSS with ECC capability // is integrated. -class CryptoAlgorithm extends Algorithm -{ +class CryptoAlgorithm extends Algorithm { protected CryptoAlgorithm(int oidIndex, String name) { super(oidIndex, name); } } -class CryptoKeyPairAlgorithm extends KeyPairAlgorithm -{ - protected CryptoKeyPairAlgorithm(int oidIndex, String name, Algorithm algFamily) { super(oidIndex, name, algFamily); +class CryptoKeyPairAlgorithm extends KeyPairAlgorithm { + protected CryptoKeyPairAlgorithm(int oidIndex, String name, Algorithm algFamily) { + super(oidIndex, name, algFamily); } } -class CryptoSignatureAlgorithm extends SignatureAlgorithm -{ +class CryptoSignatureAlgorithm extends SignatureAlgorithm { protected CryptoSignatureAlgorithm(int oidIndex, String name, - SignatureAlgorithm signingAlg, DigestAlgorithm digestAlg, - OBJECT_IDENTIFIER oid) - { + SignatureAlgorithm signingAlg, DigestAlgorithm digestAlg, + OBJECT_IDENTIFIER oid) { super(oidIndex, name, signingAlg, digestAlg, oid); } } |