diff options
Diffstat (limited to 'pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java')
-rw-r--r-- | pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java | 102 |
1 files changed, 54 insertions, 48 deletions
diff --git a/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java b/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java index 38b3e162..6ef29407 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.FileOutputStream; @@ -53,13 +52,13 @@ import org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo; import org.mozilla.jss.pkix.primitive.PrivateKeyInfo; import org.mozilla.jss.util.Password; - /** * Tool for creating PKCS12 file * * <P> + * * @version $Revision$, $Date$ - * + * */ public class PKCS12Export { @@ -67,14 +66,16 @@ public class PKCS12Export { private static void debug(String s) { if (debugMode) - System.out.println("PKCS12Export debug: " + s); + System.out.println("PKCS12Export debug: " + s); } private static void printUsage() { - System.out.println("Usage: PKCS12Export -d <cert/key db directory> -p <file containing password for keydb> -w <file containing pkcs12 password> -o <output file for pkcs12>"); + System.out + .println("Usage: PKCS12Export -d <cert/key db directory> -p <file containing password for keydb> -w <file containing pkcs12 password> -o <output file for pkcs12>"); System.out.println(""); System.out.println("If you want to turn on debug, do the following:"); - System.out.println("Usage: PKCS12Export -debug -d <cert/key db directory> -p <file containing password for keydb> -w <file containing pkcs12 password> -o <output file for pkcs12>"); + System.out + .println("Usage: PKCS12Export -debug -d <cert/key db directory> -p <file containing password for keydb> -w <file containing pkcs12 password> -o <output file for pkcs12>"); } private static byte[] getEncodedKey(org.mozilla.jss.crypto.PrivateKey pkey) { @@ -83,8 +84,9 @@ public class PKCS12Export { CryptoToken token = cm.getInternalKeyStorageToken(); KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); - KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + KeyWrapper wrapper = token + .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; IVParameterSpec param = new IVParameterSpec(iv); wrapper.initWrap(sk, param); byte[] enckey = wrapper.wrap(pkey); @@ -93,38 +95,39 @@ public class PKCS12Export { byte[] recovered = c.doFinal(enckey); return recovered; } catch (Exception e) { - debug("PKCS12Export getEncodedKey: Exception="+e.toString()); + debug("PKCS12Export getEncodedKey: Exception=" + e.toString()); System.exit(1); } return null; } - private static void addKeyBag(org.mozilla.jss.crypto.PrivateKey pkey, X509Certificate x509cert, - Password pass, byte[] localKeyId, SEQUENCE safeContents) { + private static void addKeyBag(org.mozilla.jss.crypto.PrivateKey pkey, + X509Certificate x509cert, Password pass, byte[] localKeyId, + SEQUENCE safeContents) { try { PasswordConverter passConverter = new PasswordConverter(); - byte salt[] = {0x01, 0x01, 0x01, 0x01}; + byte salt[] = { 0x01, 0x01, 0x01, 0x01 }; byte[] priData = getEncodedKey(pkey); - PrivateKeyInfo pki = (PrivateKeyInfo) - ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData); + PrivateKeyInfo pki = (PrivateKeyInfo) ASN1Util.decode( + PrivateKeyInfo.getTemplate(), priData); ASN1Value key = EncryptedPrivateKeyInfo.createPBE( - PBEAlgorithm.PBE_SHA1_DES3_CBC, - pass, salt, 1, passConverter, pki); - SET keyAttrs = createBagAttrs( - x509cert.getSubjectDN().toString(), localKeyId); - SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, - key, keyAttrs); + PBEAlgorithm.PBE_SHA1_DES3_CBC, pass, salt, 1, + passConverter, pki); + SET keyAttrs = createBagAttrs(x509cert.getSubjectDN().toString(), + localKeyId); + SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, key, + keyAttrs); safeContents.addElement(keyBag); } catch (Exception e) { - debug("PKCS12Export addKeyBag: Exception="+e.toString()); + debug("PKCS12Export addKeyBag: Exception=" + e.toString()); System.exit(1); } } private static byte[] addCertBag(X509Certificate x509cert, String nickname, - SEQUENCE safeContents) throws IOException { + SEQUENCE safeContents) throws IOException { byte[] localKeyId = null; try { ASN1Value cert = new OCTET_STRING(x509cert.getEncoded()); @@ -132,11 +135,11 @@ public class PKCS12Export { SET certAttrs = null; if (nickname != null) certAttrs = createBagAttrs(nickname, localKeyId); - SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, - new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs); + SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, new CertBag( + CertBag.X509_CERT_TYPE, cert), certAttrs); safeContents.addElement(certBag); } catch (Exception e) { - debug("PKCS12Export addCertBag: "+e.toString()); + debug("PKCS12Export addCertBag: " + e.toString()); System.exit(1); } @@ -153,7 +156,7 @@ public class PKCS12Export { md.update(certDer); return md.digest(); } catch (Exception e) { - debug("PKCS12Export createLocalKeyId: Exception: "+e.toString()); + debug("PKCS12Export createLocalKeyId: Exception: " + e.toString()); System.exit(1); } @@ -161,7 +164,7 @@ public class PKCS12Export { } private static SET createBagAttrs(String nickName, byte localKeyId[]) - throws IOException { + throws IOException { try { SET attrs = new SET(); SEQUENCE nickNameAttr = new SEQUENCE(); @@ -182,7 +185,7 @@ public class PKCS12Export { attrs.addElement(localKeyAttr); return attrs; } catch (Exception e) { - debug("PKCS12Export createBagAttrs: Exception="+e.toString()); + debug("PKCS12Export createBagAttrs: Exception=" + e.toString()); System.exit(1); } @@ -200,24 +203,24 @@ public class PKCS12Export { String snickname = null; String pk12pwdfile = null; String pk12output = null; - for (int i=0; i<args.length; i++) { + for (int i = 0; i < args.length; i++) { if (args[i].equals("-d")) { - dir = args[i+1]; + dir = args[i + 1]; } else if (args[i].equals("-p")) { - pwdfile = args[i+1]; + pwdfile = args[i + 1]; } else if (args[i].equals("-s")) { - snickname = args[i+1]; + snickname = args[i + 1]; } else if (args[i].equals("-w")) { - pk12pwdfile = args[i+1]; + pk12pwdfile = args[i + 1]; } else if (args[i].equals("-o")) { - pk12output = args[i+1]; + pk12output = args[i + 1]; } else if (args[i].equals("-debug")) { debugMode = true; } } - debug("The directory for certdb/keydb is "+dir); - debug("The password file for keydb is "+pwdfile); + debug("The directory for certdb/keydb is " + dir); + debug("The password file for keydb is " + pwdfile); // get password String pwd = null; @@ -225,7 +228,8 @@ public class PKCS12Export { BufferedReader in = new BufferedReader(new FileReader(pwdfile)); pwd = in.readLine(); } catch (Exception e) { - debug("Failed to read the keydb password from the file. Exception: "+e.toString()); + debug("Failed to read the keydb password from the file. Exception: " + + e.toString()); System.exit(1); } @@ -234,14 +238,15 @@ public class PKCS12Export { BufferedReader in = new BufferedReader(new FileReader(pk12pwdfile)); pk12pwd = in.readLine(); } catch (Exception e) { - debug("Failed to read the keydb password from the file. Exception: "+e.toString()); + debug("Failed to read the keydb password from the file. Exception: " + + e.toString()); System.exit(1); } CryptoManager cm = null; try { - CryptoManager.InitializationValues vals = - new CryptoManager.InitializationValues(dir, "", "", "secmod.db"); + CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues( + dir, "", "", "secmod.db"); CryptoManager.initialize(vals); cm = CryptoManager.getInstance(); } catch (Exception e) { @@ -257,16 +262,16 @@ public class PKCS12Export { token.login(pass); CryptoStore store = token.getCryptoStore(); X509Certificate[] certs = store.getCertificates(); - debug("Number of user certificates = "+certs.length); + debug("Number of user certificates = " + certs.length); Password pass12 = new Password(pk12pwd.toCharArray()); - for (int i=0; i<certs.length; i++) { + for (int i = 0; i < certs.length; i++) { String nickname = certs[i].getNickname(); - debug("Certificate nickname = "+nickname); + debug("Certificate nickname = " + nickname); org.mozilla.jss.crypto.PrivateKey prikey = null; try { prikey = cm.findPrivKeyByCert(certs[i]); } catch (Exception e) { - debug("PKCS12Export Exception: "+e.toString()); + debug("PKCS12Export Exception: " + e.toString()); } if (prikey == null) { @@ -274,9 +279,10 @@ public class PKCS12Export { byte[] localKeyId = addCertBag(certs[i], null, safeContents); } else { debug("Private key is not null"); - byte localKeyId[] = - addCertBag(certs[i], nickname, safeContents); - addKeyBag(prikey, certs[i], pass12, localKeyId, encSafeContents); + byte localKeyId[] = addCertBag(certs[i], nickname, + safeContents); + addKeyBag(prikey, certs[i], pass12, localKeyId, + encSafeContents); } } @@ -294,7 +300,7 @@ public class PKCS12Export { pass.clear(); pass12.clear(); } catch (Exception e) { - debug("PKCS12Export Exception: "+e.toString()); + debug("PKCS12Export Exception: " + e.toString()); System.exit(1); } } |