[Pki-devel] [PATCH] 684 Refactored PKCS12CertInfo and PKCS12KeyInfo classes.
Endi Sukma Dewata
edewata at redhat.com
Wed Feb 17 07:02:26 UTC 2016
On 2/16/2016 11:36 AM, Endi Sukma Dewata wrote:
> The PKCS12CertInfo and PKCS12KeyInfo classes have been moved out
> of PKCS12Util into separate classes.
>
> The createLocalKeyID() has been modified to return BigInteger
> instead of byte array.
>
> https://fedorahosted.org/pki/ticket/1742
>
> This depends on patch #682 and #683.
Rebased on top of #682-1 and #683-1.
--
Endi S. Dewata
-------------- next part --------------
>From 24b1895fbde1ae4ab134a665d7cbc7fda0386e1f Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata at redhat.com>
Date: Mon, 15 Feb 2016 16:52:23 +0100
Subject: [PATCH] Refactored PKCS12CertInfo and PKCS12KeyInfo classes.
The PKCS12CertInfo and PKCS12KeyInfo classes have been moved out
of PKCS12Util into separate classes.
The createLocalKeyID() has been modified to return BigInteger
instead of byte array.
https://fedorahosted.org/pki/ticket/1742
---
.../netscape/cmstools/pkcs12/PKCS12CertCLI.java | 14 +++---
.../cmstools/pkcs12/PKCS12CertFindCLI.java | 2 +-
.../com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java | 8 ++--
.../netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java | 2 +-
.../netscape/security/pkcs/PKCS12CertInfo.java} | 41 ++++++++++------
.../src/netscape/security/pkcs/PKCS12KeyInfo.java | 55 ++++++++++++++++++++++
.../src/netscape/security/pkcs/PKCS12Util.java | 37 +++++----------
7 files changed, 107 insertions(+), 52 deletions(-)
copy base/{java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java => util/src/netscape/security/pkcs/PKCS12CertInfo.java} (55%)
create mode 100644 base/util/src/netscape/security/pkcs/PKCS12KeyInfo.java
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java
index f4d97cd742ec294671008fece537ed4f0a09dc3b..a83fbac4f7cd1ef523480368557e9042fdaa461c 100644
--- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java
@@ -21,7 +21,7 @@ package com.netscape.cmstools.pkcs12;
import com.netscape.certsrv.dbs.certdb.CertId;
import com.netscape.cmstools.cli.CLI;
-import netscape.security.pkcs.PKCS12Util.PKCS12CertInfo;
+import netscape.security.pkcs.PKCS12CertInfo;
/**
* @author Endi S. Dewata
@@ -35,13 +35,13 @@ public class PKCS12CertCLI extends CLI {
}
public static void printCertInfo(PKCS12CertInfo certInfo) throws Exception {
- System.out.println(" Serial Number: " + new CertId(certInfo.cert.getSerialNumber()).toHexString());
- System.out.println(" Nickname: " + certInfo.nickname);
- System.out.println(" Subject DN: " + certInfo.cert.getSubjectDN());
- System.out.println(" Issuer DN: " + certInfo.cert.getIssuerDN());
+ System.out.println(" Serial Number: " + new CertId(certInfo.getCert().getSerialNumber()).toHexString());
+ System.out.println(" Nickname: " + certInfo.getNickname());
+ System.out.println(" Subject DN: " + certInfo.getCert().getSubjectDN());
+ System.out.println(" Issuer DN: " + certInfo.getCert().getIssuerDN());
- if (certInfo.trustFlags != null) {
- System.out.println(" Trust flags: " + certInfo.trustFlags);
+ if (certInfo.getTrustFlags() != null) {
+ System.out.println(" Trust flags: " + certInfo.getTrustFlags());
}
}
}
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java
index 4cbfee5183d0c1a59140e0b560a2d2859adadcd8..3aec7a6b2a4c0d640dd4289da2b08f150989d7e1 100644
--- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java
@@ -29,8 +29,8 @@ import org.apache.commons.cli.ParseException;
import com.netscape.cmstools.cli.CLI;
import com.netscape.cmstools.cli.MainCLI;
+import netscape.security.pkcs.PKCS12CertInfo;
import netscape.security.pkcs.PKCS12Util;
-import netscape.security.pkcs.PKCS12Util.PKCS12CertInfo;
/**
* @author Endi S. Dewata
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java
index 9f0779782b19135d0adbb38803432918ed8ec580..d859fcea1c480a17217ab6ee76138ff8641c0bc2 100644
--- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java
@@ -20,7 +20,7 @@ package com.netscape.cmstools.pkcs12;
import com.netscape.cmstools.cli.CLI;
-import netscape.security.pkcs.PKCS12Util.PKCS12KeyInfo;
+import netscape.security.pkcs.PKCS12KeyInfo;
/**
* @author Endi S. Dewata
@@ -34,10 +34,10 @@ public class PKCS12KeyCLI extends CLI {
}
public static void printKeyInfo(PKCS12KeyInfo keyInfo) throws Exception {
- System.out.println(" Subject DN: " + keyInfo.subjectDN);
+ System.out.println(" Subject DN: " + keyInfo.getSubjectDN());
- if (keyInfo.privateKeyInfo != null) {
- System.out.println(" Algorithm: " + keyInfo.privateKeyInfo.getAlgorithm());
+ if (keyInfo.getPrivateKeyInfo() != null) {
+ System.out.println(" Algorithm: " + keyInfo.getPrivateKeyInfo().getAlgorithm());
}
}
}
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java
index d8c165cd60aacf9fe892753f98dc039549723723..3bda750a477e000f946cdb39d049245c3cb59176 100644
--- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java
@@ -32,8 +32,8 @@ import org.mozilla.jss.util.Password;
import com.netscape.cmstools.cli.CLI;
import com.netscape.cmstools.cli.MainCLI;
+import netscape.security.pkcs.PKCS12KeyInfo;
import netscape.security.pkcs.PKCS12Util;
-import netscape.security.pkcs.PKCS12Util.PKCS12KeyInfo;
/**
* @author Endi S. Dewata
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java b/base/util/src/netscape/security/pkcs/PKCS12CertInfo.java
similarity index 55%
copy from base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java
copy to base/util/src/netscape/security/pkcs/PKCS12CertInfo.java
index 9f0779782b19135d0adbb38803432918ed8ec580..d1a9cc9fca9ff53a13a2ad79269994fd3b19fcf7 100644
--- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java
+++ b/base/util/src/netscape/security/pkcs/PKCS12CertInfo.java
@@ -15,29 +15,40 @@
// (C) 2016 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
+package netscape.security.pkcs;
-package com.netscape.cmstools.pkcs12;
+import netscape.security.x509.X509CertImpl;
-import com.netscape.cmstools.cli.CLI;
+public class PKCS12CertInfo {
-import netscape.security.pkcs.PKCS12Util.PKCS12KeyInfo;
+ X509CertImpl cert;
+ String nickname;
+ String trustFlags;
-/**
- * @author Endi S. Dewata
- */
-public class PKCS12KeyCLI extends CLI {
+ public PKCS12CertInfo() {
+ }
+
+ public X509CertImpl getCert() {
+ return cert;
+ }
- public PKCS12KeyCLI(PKCS12CLI parent) {
- super("key", "PKCS #12 key management commands", parent);
+ public void setCert(X509CertImpl cert) {
+ this.cert = cert;
+ }
- addModule(new PKCS12KeyFindCLI(this));
+ public String getNickname() {
+ return nickname;
}
- public static void printKeyInfo(PKCS12KeyInfo keyInfo) throws Exception {
- System.out.println(" Subject DN: " + keyInfo.subjectDN);
+ public void setNickname(String nickname) {
+ this.nickname = nickname;
+ }
+
+ public String getTrustFlags() {
+ return trustFlags;
+ }
- if (keyInfo.privateKeyInfo != null) {
- System.out.println(" Algorithm: " + keyInfo.privateKeyInfo.getAlgorithm());
- }
+ public void setTrustFlags(String trustFlags) {
+ this.trustFlags = trustFlags;
}
}
diff --git a/base/util/src/netscape/security/pkcs/PKCS12KeyInfo.java b/base/util/src/netscape/security/pkcs/PKCS12KeyInfo.java
new file mode 100644
index 0000000000000000000000000000000000000000..ff3f2a289dea23e6d26482b3dd610867f49e385a
--- /dev/null
+++ b/base/util/src/netscape/security/pkcs/PKCS12KeyInfo.java
@@ -0,0 +1,55 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2016 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package netscape.security.pkcs;
+
+import org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo;
+import org.mozilla.jss.pkix.primitive.PrivateKeyInfo;
+
+public class PKCS12KeyInfo {
+
+ EncryptedPrivateKeyInfo encPrivateKeyInfo;
+ PrivateKeyInfo privateKeyInfo;
+ String subjectDN;
+
+ public PKCS12KeyInfo() {
+ }
+
+ public EncryptedPrivateKeyInfo getEncPrivateKeyInfo() {
+ return encPrivateKeyInfo;
+ }
+
+ public void setEncPrivateKeyInfo(EncryptedPrivateKeyInfo encPrivateKeyInfo) {
+ this.encPrivateKeyInfo = encPrivateKeyInfo;
+ }
+
+ public PrivateKeyInfo getPrivateKeyInfo() {
+ return privateKeyInfo;
+ }
+
+ public void setPrivateKeyInfo(PrivateKeyInfo privateKeyInfo) {
+ this.privateKeyInfo = privateKeyInfo;
+ }
+
+ public String getSubjectDN() {
+ return subjectDN;
+ }
+
+ public void setSubjectDN(String subjectDN) {
+ this.subjectDN = subjectDN;
+ }
+}
diff --git a/base/util/src/netscape/security/pkcs/PKCS12Util.java b/base/util/src/netscape/security/pkcs/PKCS12Util.java
index 6acace0b96efe3dc1ab641b1271a92aafcc69b66..3233446d3ef0a7ea3d96812fed52f3e2457ec068 100644
--- a/base/util/src/netscape/security/pkcs/PKCS12Util.java
+++ b/base/util/src/netscape/security/pkcs/PKCS12Util.java
@@ -20,6 +20,7 @@ package netscape.security.pkcs;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileOutputStream;
+import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
@@ -76,18 +77,6 @@ public class PKCS12Util {
PFX pfx;
boolean trustFlagsEnabled = true;
- public static class PKCS12KeyInfo {
- public EncryptedPrivateKeyInfo encPrivateKeyInfo;
- public PrivateKeyInfo privateKeyInfo;
- public String subjectDN;
- }
-
- public static class PKCS12CertInfo {
- public X509CertImpl cert;
- public String nickname;
- public String trustFlags;
- }
-
public boolean isTrustFlagsEnabled() {
return trustFlagsEnabled;
}
@@ -143,7 +132,7 @@ public class PKCS12Util {
}
public void addKeyBag(PrivateKey privateKey, X509Certificate x509cert,
- Password pass, byte[] localKeyID, SEQUENCE safeContents) throws Exception {
+ Password pass, BigInteger localKeyID, SEQUENCE safeContents) throws Exception {
logger.fine("Creating key bag for " + x509cert.getSubjectDN());
@@ -167,13 +156,13 @@ public class PKCS12Util {
safeContents.addElement(keyBag);
}
- public byte[] addCertBag(X509Certificate x509cert, String nickname,
+ public BigInteger addCertBag(X509Certificate x509cert, String nickname,
SEQUENCE safeContents) throws Exception {
logger.fine("Creating cert bag for " + nickname);
ASN1Value cert = new OCTET_STRING(x509cert.getEncoded());
- byte[] localKeyID = createLocalKeyID(x509cert);
+ BigInteger keyID = createLocalKeyID(x509cert);
String trustFlags = null;
if (trustFlagsEnabled) {
@@ -181,17 +170,17 @@ public class PKCS12Util {
logger.fine("Trust flags: " + trustFlags);
}
- SET certAttrs = createCertBagAttrs(nickname, localKeyID, trustFlags);
+ SET certAttrs = createCertBagAttrs(nickname, keyID, trustFlags);
SafeBag certBag = new SafeBag(SafeBag.CERT_BAG,
new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs);
safeContents.addElement(certBag);
- return localKeyID;
+ return keyID;
}
- byte[] createLocalKeyID(X509Certificate cert) throws Exception {
+ BigInteger createLocalKeyID(X509Certificate cert) throws Exception {
// SHA1 hash of the X509Cert DER encoding
byte[] certDer = cert.getEncoded();
@@ -199,10 +188,10 @@ public class PKCS12Util {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(certDer);
- return md.digest();
+ return new BigInteger(md.digest());
}
- SET createKeyBagAttrs(String subjectDN, byte localKeyID[])
+ SET createKeyBagAttrs(String subjectDN, BigInteger localKeyID)
throws Exception {
SET attrs = new SET();
@@ -220,7 +209,7 @@ public class PKCS12Util {
localKeyAttr.addElement(SafeBag.LOCAL_KEY_ID);
SET localKeySet = new SET();
- localKeySet.addElement(new OCTET_STRING(localKeyID));
+ localKeySet.addElement(new OCTET_STRING(localKeyID.toByteArray()));
localKeyAttr.addElement(localKeySet);
attrs.addElement(localKeyAttr);
@@ -228,7 +217,7 @@ public class PKCS12Util {
return attrs;
}
- SET createCertBagAttrs(String nickname, byte localKeyID[], String trustFlags)
+ SET createCertBagAttrs(String nickname, BigInteger keyID, String trustFlags)
throws Exception {
SET attrs = new SET();
@@ -246,7 +235,7 @@ public class PKCS12Util {
localKeyAttr.addElement(SafeBag.LOCAL_KEY_ID);
SET localKeySet = new SET();
- localKeySet.addElement(new OCTET_STRING(localKeyID));
+ localKeySet.addElement(new OCTET_STRING(keyID.toByteArray()));
localKeyAttr.addElement(localKeySet);
attrs.addElement(localKeyAttr);
@@ -287,7 +276,7 @@ public class PKCS12Util {
PrivateKey prikey = cm.findPrivKeyByCert(cert);
logger.fine("Found certificate " + nickname + " with private key");
- byte localKeyID[] = addCertBag(cert, nickname, safeContents);
+ BigInteger localKeyID = addCertBag(cert, nickname, safeContents);
addKeyBag(prikey, cert, password, localKeyID, encSafeContents);
} catch (ObjectNotFoundException e) {
--
2.4.3
More information about the Pki-devel
mailing list