From a96ecbae1bfa27223bbebc7a67f695b643c4aebe Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Mon, 15 Feb 2016 05:27:19 +0100 Subject: Refactored PKCS12Util to use PKCS12 object. The PKCS12Util has been modified such that it stores the certs and keys in PKCS12 object instead of PFX object. The PKCS12 object can be loaded either from NSS database or PKCS #12 file. The PKCS12 object can later be stored into NSS database or PKCS #12 file. The pki pkcs12-cert-find and pkcs12-key-find commands were modified to require PKCS #12 password. https://fedorahosted.org/pki/ticket/1742 --- .../src/com/netscape/cmstools/PKCS12Export.java | 5 ++- .../netscape/cmstools/pkcs12/PKCS12CertCLI.java | 4 ++ .../cmstools/pkcs12/PKCS12CertFindCLI.java | 48 +++++++++++++++++++--- .../netscape/cmstools/pkcs12/PKCS12ExportCLI.java | 6 ++- .../netscape/cmstools/pkcs12/PKCS12ImportCLI.java | 6 ++- .../com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java | 7 ++-- .../netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java | 20 +++++---- 7 files changed, 76 insertions(+), 20 deletions(-) (limited to 'base/java-tools/src/com/netscape') diff --git a/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java b/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java index 5d698bea3..bcc4252ba 100644 --- a/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java +++ b/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java @@ -26,6 +26,7 @@ import org.mozilla.jss.CryptoManager; import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.util.Password; +import netscape.security.pkcs.PKCS12; import netscape.security.pkcs.PKCS12Util; /** @@ -126,7 +127,9 @@ public class PKCS12Export { try { PKCS12Util util = new PKCS12Util(); - util.exportData(pkcs12OutputFilename, password); + PKCS12 pkcs12 = util.loadFromNSS(); + util.storeIntoFile(pkcs12, pkcs12OutputFilename, password); + } finally { password.clear(); } diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java index a83fbac4f..807404749 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java @@ -40,6 +40,10 @@ public class PKCS12CertCLI extends CLI { System.out.println(" Subject DN: " + certInfo.getCert().getSubjectDN()); System.out.println(" Issuer DN: " + certInfo.getCert().getIssuerDN()); + if (certInfo.getKeyID() != null) { + System.out.println(" Key ID: " + certInfo.getKeyID().toString(16)); + } + if (certInfo.getTrustFlags() != null) { System.out.println(" Trust flags: " + certInfo.getTrustFlags()); } diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java index 3aec7a6b2..8c6fb8845 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java @@ -18,17 +18,21 @@ package com.netscape.cmstools.pkcs12; -import java.util.List; +import java.io.BufferedReader; +import java.io.FileReader; +import java.util.Collection; import java.util.logging.Level; import java.util.logging.Logger; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Option; import org.apache.commons.cli.ParseException; +import org.mozilla.jss.util.Password; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; +import netscape.security.pkcs.PKCS12; import netscape.security.pkcs.PKCS12CertInfo; import netscape.security.pkcs.PKCS12Util; @@ -52,7 +56,15 @@ public class PKCS12CertFindCLI extends CLI { option.setArgName("path"); options.addOption(option); - options.addOption("v", "verbose", false, "Run in verbose mode."); + option = new Option(null, "pkcs12-password", true, "PKCS #12 password"); + option.setArgName("password"); + options.addOption(option); + + option = new Option(null, "pkcs12-password-file", true, "PKCS #12 password file"); + option.setArgName("path"); + options.addOption(option); + + options.addOption("v", "verbose", false, "Run in verbose mode."); options.addOption(null, "debug", false, "Run in debug mode."); options.addOption(null, "help", false, "Show help message."); } @@ -101,10 +113,36 @@ public class PKCS12CertFindCLI extends CLI { System.exit(-1); } - PKCS12Util util = new PKCS12Util(); - util.loadFromPKCS12(filename); + String passwordString = cmd.getOptionValue("pkcs12-password"); + + if (passwordString == null) { + + String passwordFile = cmd.getOptionValue("pkcs12-password-file"); + if (passwordFile != null) { + try (BufferedReader in = new BufferedReader(new FileReader(passwordFile))) { + passwordString = in.readLine(); + } + } + } + + if (passwordString == null) { + System.err.println("Error: Missing PKCS #12 password."); + printHelp(); + System.exit(-1); + } + + Password password = new Password(passwordString.toCharArray()); - List certInfos = util.getCertInfos(); + Collection certInfos; + try { + PKCS12Util util = new PKCS12Util(); + PKCS12 pkcs12 = util.loadFromFile(filename, password); + + certInfos = pkcs12.getCertInfos(); + + } finally { + password.clear(); + } MainCLI.printMessage(certInfos.size() + " entries found"); if (certInfos.size() == 0) return; diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java index e5acd0600..174748262 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java @@ -29,6 +29,7 @@ import org.mozilla.jss.util.Password; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; +import netscape.security.pkcs.PKCS12; import netscape.security.pkcs.PKCS12Util; /** @@ -127,7 +128,10 @@ public class PKCS12ExportCLI extends CLI { try { PKCS12Util util = new PKCS12Util(); util.setTrustFlagsEnabled(trustFlagsEnabled); - util.exportData(filename, password); + + PKCS12 pkcs12 = util.loadFromNSS(); + util.storeIntoFile(pkcs12, filename, password); + } finally { password.clear(); } diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java index 4e9ed23fc..3e42efcbc 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java @@ -29,6 +29,7 @@ import org.mozilla.jss.util.Password; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; +import netscape.security.pkcs.PKCS12; import netscape.security.pkcs.PKCS12Util; /** @@ -127,7 +128,10 @@ public class PKCS12ImportCLI extends CLI { try { PKCS12Util util = new PKCS12Util(); util.setTrustFlagsEnabled(trustFlagsEnabled); - util.importData(filename, password); + + PKCS12 pkcs12 = util.loadFromFile(filename, password); + util.storeIntoNSS(pkcs12, password); + } finally { password.clear(); } diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java index d859fcea1..bce1e137b 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java @@ -34,10 +34,9 @@ public class PKCS12KeyCLI extends CLI { } public static void printKeyInfo(PKCS12KeyInfo keyInfo) throws Exception { - System.out.println(" Subject DN: " + keyInfo.getSubjectDN()); - if (keyInfo.getPrivateKeyInfo() != null) { - System.out.println(" Algorithm: " + keyInfo.getPrivateKeyInfo().getAlgorithm()); - } + System.out.println(" Key ID: " + keyInfo.getID().toString(16)); + System.out.println(" Subject DN: " + keyInfo.getSubjectDN()); + System.out.println(" Algorithm: " + keyInfo.getPrivateKeyInfo().getAlgorithm()); } } diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java index 3bda750a4..92b9cf132 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java @@ -20,7 +20,7 @@ package com.netscape.cmstools.pkcs12; import java.io.BufferedReader; import java.io.FileReader; -import java.util.List; +import java.util.Collection; import java.util.logging.Level; import java.util.logging.Logger; @@ -32,6 +32,7 @@ import org.mozilla.jss.util.Password; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; +import netscape.security.pkcs.PKCS12; import netscape.security.pkcs.PKCS12KeyInfo; import netscape.security.pkcs.PKCS12Util; @@ -124,21 +125,24 @@ public class PKCS12KeyFindCLI extends CLI { } } - Password password = null; - if (passwordString != null) { - password = new Password(passwordString.toCharArray()); + if (passwordString == null) { + System.err.println("Error: Missing PKCS #12 password."); + printHelp(); + System.exit(-1); } - List keyInfos; + Password password = new Password(passwordString.toCharArray()); + + Collection keyInfos; try { PKCS12Util util = new PKCS12Util(); - util.loadFromPKCS12(filename); + PKCS12 pkcs12 = util.loadFromFile(filename, password); - keyInfos = util.getKeyInfos(password); + keyInfos = pkcs12.getKeyInfos(); } finally { - if (password != null) password.clear(); + password.clear(); } MainCLI.printMessage(keyInfos.size() + " entries found"); -- cgit