summaryrefslogtreecommitdiffstats
path: root/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java')
-rw-r--r--pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java102
1 files changed, 54 insertions, 48 deletions
diff --git a/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java b/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java
index 38b3e162..6ef29407 100644
--- a/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java
+++ b/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmstools;
-
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.FileOutputStream;
@@ -53,13 +52,13 @@ import org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo;
import org.mozilla.jss.pkix.primitive.PrivateKeyInfo;
import org.mozilla.jss.util.Password;
-
/**
* Tool for creating PKCS12 file
*
* <P>
+ *
* @version $Revision$, $Date$
- *
+ *
*/
public class PKCS12Export {
@@ -67,14 +66,16 @@ public class PKCS12Export {
private static void debug(String s) {
if (debugMode)
- System.out.println("PKCS12Export debug: " + s);
+ System.out.println("PKCS12Export debug: " + s);
}
private static void printUsage() {
- System.out.println("Usage: PKCS12Export -d <cert/key db directory> -p <file containing password for keydb> -w <file containing pkcs12 password> -o <output file for pkcs12>");
+ System.out
+ .println("Usage: PKCS12Export -d <cert/key db directory> -p <file containing password for keydb> -w <file containing pkcs12 password> -o <output file for pkcs12>");
System.out.println("");
System.out.println("If you want to turn on debug, do the following:");
- System.out.println("Usage: PKCS12Export -debug -d <cert/key db directory> -p <file containing password for keydb> -w <file containing pkcs12 password> -o <output file for pkcs12>");
+ System.out
+ .println("Usage: PKCS12Export -debug -d <cert/key db directory> -p <file containing password for keydb> -w <file containing pkcs12 password> -o <output file for pkcs12>");
}
private static byte[] getEncodedKey(org.mozilla.jss.crypto.PrivateKey pkey) {
@@ -83,8 +84,9 @@ public class PKCS12Export {
CryptoToken token = cm.getInternalKeyStorageToken();
KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3);
SymmetricKey sk = kg.generate();
- KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
- byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1};
+ KeyWrapper wrapper = token
+ .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
+ byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
IVParameterSpec param = new IVParameterSpec(iv);
wrapper.initWrap(sk, param);
byte[] enckey = wrapper.wrap(pkey);
@@ -93,38 +95,39 @@ public class PKCS12Export {
byte[] recovered = c.doFinal(enckey);
return recovered;
} catch (Exception e) {
- debug("PKCS12Export getEncodedKey: Exception="+e.toString());
+ debug("PKCS12Export getEncodedKey: Exception=" + e.toString());
System.exit(1);
}
return null;
}
- private static void addKeyBag(org.mozilla.jss.crypto.PrivateKey pkey, X509Certificate x509cert,
- Password pass, byte[] localKeyId, SEQUENCE safeContents) {
+ private static void addKeyBag(org.mozilla.jss.crypto.PrivateKey pkey,
+ X509Certificate x509cert, Password pass, byte[] localKeyId,
+ SEQUENCE safeContents) {
try {
PasswordConverter passConverter = new PasswordConverter();
- byte salt[] = {0x01, 0x01, 0x01, 0x01};
+ byte salt[] = { 0x01, 0x01, 0x01, 0x01 };
byte[] priData = getEncodedKey(pkey);
- PrivateKeyInfo pki = (PrivateKeyInfo)
- ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData);
+ PrivateKeyInfo pki = (PrivateKeyInfo) ASN1Util.decode(
+ PrivateKeyInfo.getTemplate(), priData);
ASN1Value key = EncryptedPrivateKeyInfo.createPBE(
- PBEAlgorithm.PBE_SHA1_DES3_CBC,
- pass, salt, 1, passConverter, pki);
- SET keyAttrs = createBagAttrs(
- x509cert.getSubjectDN().toString(), localKeyId);
- SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG,
- key, keyAttrs);
+ PBEAlgorithm.PBE_SHA1_DES3_CBC, pass, salt, 1,
+ passConverter, pki);
+ SET keyAttrs = createBagAttrs(x509cert.getSubjectDN().toString(),
+ localKeyId);
+ SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, key,
+ keyAttrs);
safeContents.addElement(keyBag);
} catch (Exception e) {
- debug("PKCS12Export addKeyBag: Exception="+e.toString());
+ debug("PKCS12Export addKeyBag: Exception=" + e.toString());
System.exit(1);
}
}
private static byte[] addCertBag(X509Certificate x509cert, String nickname,
- SEQUENCE safeContents) throws IOException {
+ SEQUENCE safeContents) throws IOException {
byte[] localKeyId = null;
try {
ASN1Value cert = new OCTET_STRING(x509cert.getEncoded());
@@ -132,11 +135,11 @@ public class PKCS12Export {
SET certAttrs = null;
if (nickname != null)
certAttrs = createBagAttrs(nickname, localKeyId);
- SafeBag certBag = new SafeBag(SafeBag.CERT_BAG,
- new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs);
+ SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, new CertBag(
+ CertBag.X509_CERT_TYPE, cert), certAttrs);
safeContents.addElement(certBag);
} catch (Exception e) {
- debug("PKCS12Export addCertBag: "+e.toString());
+ debug("PKCS12Export addCertBag: " + e.toString());
System.exit(1);
}
@@ -153,7 +156,7 @@ public class PKCS12Export {
md.update(certDer);
return md.digest();
} catch (Exception e) {
- debug("PKCS12Export createLocalKeyId: Exception: "+e.toString());
+ debug("PKCS12Export createLocalKeyId: Exception: " + e.toString());
System.exit(1);
}
@@ -161,7 +164,7 @@ public class PKCS12Export {
}
private static SET createBagAttrs(String nickName, byte localKeyId[])
- throws IOException {
+ throws IOException {
try {
SET attrs = new SET();
SEQUENCE nickNameAttr = new SEQUENCE();
@@ -182,7 +185,7 @@ public class PKCS12Export {
attrs.addElement(localKeyAttr);
return attrs;
} catch (Exception e) {
- debug("PKCS12Export createBagAttrs: Exception="+e.toString());
+ debug("PKCS12Export createBagAttrs: Exception=" + e.toString());
System.exit(1);
}
@@ -200,24 +203,24 @@ public class PKCS12Export {
String snickname = null;
String pk12pwdfile = null;
String pk12output = null;
- for (int i=0; i<args.length; i++) {
+ for (int i = 0; i < args.length; i++) {
if (args[i].equals("-d")) {
- dir = args[i+1];
+ dir = args[i + 1];
} else if (args[i].equals("-p")) {
- pwdfile = args[i+1];
+ pwdfile = args[i + 1];
} else if (args[i].equals("-s")) {
- snickname = args[i+1];
+ snickname = args[i + 1];
} else if (args[i].equals("-w")) {
- pk12pwdfile = args[i+1];
+ pk12pwdfile = args[i + 1];
} else if (args[i].equals("-o")) {
- pk12output = args[i+1];
+ pk12output = args[i + 1];
} else if (args[i].equals("-debug")) {
debugMode = true;
}
}
- debug("The directory for certdb/keydb is "+dir);
- debug("The password file for keydb is "+pwdfile);
+ debug("The directory for certdb/keydb is " + dir);
+ debug("The password file for keydb is " + pwdfile);
// get password
String pwd = null;
@@ -225,7 +228,8 @@ public class PKCS12Export {
BufferedReader in = new BufferedReader(new FileReader(pwdfile));
pwd = in.readLine();
} catch (Exception e) {
- debug("Failed to read the keydb password from the file. Exception: "+e.toString());
+ debug("Failed to read the keydb password from the file. Exception: "
+ + e.toString());
System.exit(1);
}
@@ -234,14 +238,15 @@ public class PKCS12Export {
BufferedReader in = new BufferedReader(new FileReader(pk12pwdfile));
pk12pwd = in.readLine();
} catch (Exception e) {
- debug("Failed to read the keydb password from the file. Exception: "+e.toString());
+ debug("Failed to read the keydb password from the file. Exception: "
+ + e.toString());
System.exit(1);
}
CryptoManager cm = null;
try {
- CryptoManager.InitializationValues vals =
- new CryptoManager.InitializationValues(dir, "", "", "secmod.db");
+ CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues(
+ dir, "", "", "secmod.db");
CryptoManager.initialize(vals);
cm = CryptoManager.getInstance();
} catch (Exception e) {
@@ -257,16 +262,16 @@ public class PKCS12Export {
token.login(pass);
CryptoStore store = token.getCryptoStore();
X509Certificate[] certs = store.getCertificates();
- debug("Number of user certificates = "+certs.length);
+ debug("Number of user certificates = " + certs.length);
Password pass12 = new Password(pk12pwd.toCharArray());
- for (int i=0; i<certs.length; i++) {
+ for (int i = 0; i < certs.length; i++) {
String nickname = certs[i].getNickname();
- debug("Certificate nickname = "+nickname);
+ debug("Certificate nickname = " + nickname);
org.mozilla.jss.crypto.PrivateKey prikey = null;
try {
prikey = cm.findPrivKeyByCert(certs[i]);
} catch (Exception e) {
- debug("PKCS12Export Exception: "+e.toString());
+ debug("PKCS12Export Exception: " + e.toString());
}
if (prikey == null) {
@@ -274,9 +279,10 @@ public class PKCS12Export {
byte[] localKeyId = addCertBag(certs[i], null, safeContents);
} else {
debug("Private key is not null");
- byte localKeyId[] =
- addCertBag(certs[i], nickname, safeContents);
- addKeyBag(prikey, certs[i], pass12, localKeyId, encSafeContents);
+ byte localKeyId[] = addCertBag(certs[i], nickname,
+ safeContents);
+ addKeyBag(prikey, certs[i], pass12, localKeyId,
+ encSafeContents);
}
}
@@ -294,7 +300,7 @@ public class PKCS12Export {
pass.clear();
pass12.clear();
} catch (Exception e) {
- debug("PKCS12Export Exception: "+e.toString());
+ debug("PKCS12Export Exception: " + e.toString());
System.exit(1);
}
}
generated by cgit (git 2.34.1) at 2024-05-05 14:13:45 +0000