From 7e42ef2f63a73931610252db3e30b8a7357e4425 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Wed, 8 Mar 2017 23:46:30 -0500 Subject: Refactor crypto code Move some of the crypto functions in EncryptionUnit to CryptoUtil. Change-Id: Iee391392fb88a87f6af3b450b69508fd52729a62 --- .../src/com/netscape/cmstools/CRMFPopClient.java | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'base/java-tools/src') diff --git a/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java b/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java index 8d5bd1f8a..0a05a395a 100644 --- a/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java +++ b/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java @@ -59,7 +59,6 @@ import org.mozilla.jss.crypto.KeyGenerator; import org.mozilla.jss.crypto.KeyPairAlgorithm; import org.mozilla.jss.crypto.KeyPairGenerator; import org.mozilla.jss.crypto.KeyWrapAlgorithm; -import org.mozilla.jss.crypto.KeyWrapper; import org.mozilla.jss.crypto.Signature; import org.mozilla.jss.crypto.SignatureAlgorithm; import org.mozilla.jss.crypto.SymmetricKey; @@ -551,9 +550,12 @@ public class CRMFPopClient { public byte[] wrapPrivateKey(CryptoToken token, SymmetricKey sessionKey, byte[] iv, KeyPair keyPair) throws Exception { // wrap private key using session - KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); - wrapper.initWrap(sessionKey, new IVParameterSpec(iv)); - return wrapper.wrap((org.mozilla.jss.crypto.PrivateKey) keyPair.getPrivate()); + return CryptoUtil.wrapUsingSymmetricKey( + token, + sessionKey, + (org.mozilla.jss.crypto.PrivateKey) keyPair.getPrivate(), + new IVParameterSpec(iv), + KeyWrapAlgorithm.DES3_CBC_PAD); } public byte[] wrapSessionKey(CryptoToken token, X509Certificate transportCert, SymmetricKey sessionKey) throws Exception { @@ -561,9 +563,7 @@ public class CRMFPopClient { // wrap session key using KRA transport cert // currently, a transport cert has to be an RSA cert, // regardless of the key you are wrapping - KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.RSA); - wrapper.initWrap(transportCert.getPublicKey(), null); - return wrapper.wrap(sessionKey); + return CryptoUtil.wrapUsingPublicKey(token, transportCert.getPublicKey(), sessionKey, KeyWrapAlgorithm.RSA); } public CertRequest createCertRequest( -- cgit From 3253d852eb50d30f30a37800f0cf16898a038b6c Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Mon, 13 Mar 2017 21:42:49 +0100 Subject: Troubleshooting improvement for ClientCertValidateCLI. The ClientCertValidateCLI has been modified to display the NSS error code and error message for invalid certificates. --- .../src/com/netscape/cmstools/client/ClientCertValidateCLI.java | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'base/java-tools/src') diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java index 22bddcf32..a3f1deb36 100644 --- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java @@ -18,6 +18,7 @@ package com.netscape.cmstools.client; +import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -97,11 +98,13 @@ public class ClientCertValidateCLI extends CLI { CryptoManager cm = CryptoManager.getInstance(); if (cu.getUsage() != CryptoManager.CertificateUsage.CheckAllUsages.getUsage()) { - if (cm.isCertValid(nickname, true, cu)) { + try { + cm.verifyCertificate(nickname, true, cu); System.out.println("Valid certificate: " + nickname); return true; - } else { - System.out.println("Invalid certificate: " + nickname); + } catch (CertificateException e) { + // Invalid certificate: () + System.out.println(e.getMessage()); return false; } -- cgit