diff options
Diffstat (limited to 'pki/base/util/src/com/netscape/cmsutil/util/Cert.java')
-rw-r--r-- | pki/base/util/src/com/netscape/cmsutil/util/Cert.java | 179 |
1 files changed, 179 insertions, 0 deletions
diff --git a/pki/base/util/src/com/netscape/cmsutil/util/Cert.java b/pki/base/util/src/com/netscape/cmsutil/util/Cert.java new file mode 100644 index 000000000..8190321c2 --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/util/Cert.java @@ -0,0 +1,179 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.util; + + +import netscape.security.pkcs.PKCS7; +import netscape.security.x509.X509CRLImpl; +import netscape.security.x509.X509CertImpl; +import org.mozilla.jss.crypto.SignatureAlgorithm; +import sun.misc.BASE64Decoder; + +import java.io.IOException; +import java.security.cert.CertificateException; +import java.security.cert.X509CRL; +import java.security.cert.X509Certificate; + +public class Cert { + + public static SignatureAlgorithm mapAlgorithmToJss(String algname) { + if (algname.equals("MD5withRSA")) + return SignatureAlgorithm.RSASignatureWithMD5Digest; + else if (algname.equals("MD2withRSA")) + return SignatureAlgorithm.RSASignatureWithMD2Digest; + else if (algname.equals("SHA1withRSA")) + return SignatureAlgorithm.RSASignatureWithSHA1Digest; + else if (algname.equals("SHA1withDSA")) + return SignatureAlgorithm.DSASignatureWithSHA1Digest; + else if (algname.equals("SHA256withRSA")) + return SignatureAlgorithm.RSASignatureWithSHA256Digest; + else if (algname.equals("SHA512withRSA")) + return SignatureAlgorithm.RSASignatureWithSHA512Digest; + else if (algname.equals("SHA1withEC")) + return SignatureAlgorithm.ECSignatureWithSHA1Digest; + return null; + } + + public static String stripBrackets(String s) { + if (s == null) { + return s; + } + + if ((s.startsWith("-----BEGIN CERTIFICATE-----")) && + (s.endsWith("-----END CERTIFICATE-----"))) { + return (s.substring(27, (s.length() - 25))); + } + + // To support Thawte's header and footer + if ((s.startsWith("-----BEGIN PKCS #7 SIGNED DATA-----")) && + (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) { + return (s.substring(35, (s.length() - 33))); + } + + return s; + } + + public static String stripCRLBrackets(String s) { + if (s == null) { + return s; + } + if ((s.startsWith("-----BEGIN CERTIFICATE REVOCATION LIST-----")) && + (s.endsWith("-----END CERTIFICATE REVOCATION LIST-----"))) { + return (s.substring(43, (s.length() - 41))); + } + return s; + } + + public static String stripCertBrackets(String s) { + return stripBrackets(s); + } + + private static BASE64Decoder mDecoder = new BASE64Decoder(); + public static X509CertImpl mapCert(String mime64) + throws IOException { + mime64 = stripCertBrackets(mime64.trim()); + String newval = normalizeCertStr(mime64); + byte rawPub[] = mDecoder.decodeBuffer(newval); + X509CertImpl cert = null; + + try { + cert = new X509CertImpl(rawPub); + } catch (CertificateException e) { + } + return cert; + } + + public static X509Certificate[] mapCertFromPKCS7(String mime64) + throws IOException { + mime64 = stripCertBrackets(mime64.trim()); + String newval = normalizeCertStr(mime64); + byte rawPub[] = mDecoder.decodeBuffer(newval); + PKCS7 p7 = null; + + try { + p7 = new PKCS7(rawPub); + } catch (Exception e) { + throw new IOException( "p7 is null" ); + } + return p7.getCertificates(); + } + + public static X509CRL mapCRL(String mime64) + throws IOException { + mime64 = stripCRLBrackets(mime64.trim()); + String newval = normalizeCertStr(mime64); + byte rawPub[] = mDecoder.decodeBuffer(newval); + X509CRL crl = null; + + try { + crl = new X509CRLImpl(rawPub); + } catch (Exception e) { + } + return crl; + } + + public static X509CRL mapCRL1(String mime64) + throws IOException { + mime64 = stripCRLBrackets(mime64.trim()); + + byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(mime64); + X509CRL crl = null; + + try { + crl = new X509CRLImpl(rawPub); + } catch (Exception e) { + throw new IOException(e.toString()); + } + return crl; + } + + public static String normalizeCertStr(String s) { + String val = ""; + + for (int i = 0; i < s.length(); i++) { + if (s.charAt(i) == '\n') { + continue; + } else if (s.charAt(i) == '\r') { + continue; + } else if (s.charAt(i) == '"') { + continue; + } else if (s.charAt(i) == ' ') { + continue; + } + val += s.charAt(i); + } + return val; + } + + public static String normalizeCertStrAndReq(String s) { + String val = ""; + + for (int i = 0; i < s.length(); i++) { + if (s.charAt(i) == '\n') { + continue; + } else if (s.charAt(i) == '\r') { + continue; + } else if (s.charAt(i) == '"') { + continue; + } + val += s.charAt(i); + } + return val; + } +} + |