Search in sources :

Example 6 with CryptoStore

use of org.mozilla.jss.crypto.CryptoStore in project jss by dogtagpki.

the class PKCS12Util method storeCertIntoNSS.

/**
 * Store a certificate (and key, if present) in NSSDB.
 */
public void storeCertIntoNSS(PKCS12 pkcs12, Password password, PKCS12CertInfo certInfo, boolean overwrite) throws Exception {
    CryptoManager cm = CryptoManager.getInstance();
    CryptoToken ct = cm.getInternalKeyStorageToken();
    CryptoStore store = ct.getCryptoStore();
    String nickname = certInfo.getFriendlyName();
    for (X509Certificate cert : cm.findCertsByNickname(nickname)) {
        if (!overwrite) {
            return;
        }
        store.deleteCert(cert);
    }
    X509CertImpl certImpl = certInfo.getCert();
    X509Certificate cert;
    byte[] keyID = certInfo.getKeyID();
    if (keyID != null) {
        // cert has key
        logger.debug("Importing private key for " + certInfo.getFriendlyName());
        PKCS12KeyInfo keyInfo = pkcs12.getKeyInfoByID(keyID);
        importKey(pkcs12, password, certInfo.getFriendlyName(), keyInfo);
        logger.debug("Importing user certificate " + certInfo.getFriendlyName());
        cert = cm.importUserCACertPackage(certImpl.getEncoded(), certInfo.getFriendlyName());
    } else {
        // cert has no key
        logger.debug("Importing CA certificate " + certInfo.getFriendlyName());
        // Note: JSS does not preserve CA certificate nickname
        cert = cm.importCACertPackage(certImpl.getEncoded());
    }
    String trustFlags = certInfo.getTrustFlags();
    if (trustFlags != null && trustFlagsEnabled) {
        PK11Cert pk11Cert = (PK11Cert) cert;
        pk11Cert.setTrustFlags(trustFlags);
    }
}
Also used : CryptoStore(org.mozilla.jss.crypto.CryptoStore) CryptoToken(org.mozilla.jss.crypto.CryptoToken) X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl) CryptoManager(org.mozilla.jss.CryptoManager) BMPString(org.mozilla.jss.asn1.BMPString) X509Certificate(org.mozilla.jss.crypto.X509Certificate) PK11Cert(org.mozilla.jss.pkcs11.PK11Cert)

Example 7 with CryptoStore

use of org.mozilla.jss.crypto.CryptoStore in project jss by dogtagpki.

the class PKCS12Util method loadFromNSS.

public void loadFromNSS(PKCS12 pkcs12, boolean includeKey, boolean includeChain) throws Exception {
    logger.info("Loading certificates and keys from NSS database");
    CryptoManager cm = CryptoManager.getInstance();
    CryptoToken token = cm.getInternalKeyStorageToken();
    CryptoStore store = token.getCryptoStore();
    for (X509Certificate cert : store.getCertificates()) {
        loadCertFromNSS(pkcs12, cert, includeKey, includeChain);
    }
}
Also used : CryptoStore(org.mozilla.jss.crypto.CryptoStore) CryptoToken(org.mozilla.jss.crypto.CryptoToken) CryptoManager(org.mozilla.jss.CryptoManager) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Example 8 with CryptoStore

use of org.mozilla.jss.crypto.CryptoStore in project jss by dogtagpki.

the class JSSKeyStoreSpi method engineDeleteEntry.

@Override
public void engineDeleteEntry(String alias) throws KeyStoreException {
    try {
        CryptoManager manager = CryptoManager.getInstance();
        try {
            logger.debug("JSSKeyStoreSpi: searching for cert");
            X509Certificate cert = manager.findCertByNickname(alias);
            CryptoToken token;
            if (cert instanceof TokenCertificate) {
                TokenCertificate tokenCert = (TokenCertificate) cert;
                token = tokenCert.getOwningToken();
            } else {
                token = manager.getInternalKeyStorageToken();
            }
            CryptoStore store = token.getCryptoStore();
            logger.debug("JSSKeyStoreSpi: deleting cert: " + alias);
            store.deleteCertOnly(cert);
            return;
        } catch (ObjectNotFoundException e) {
            logger.debug("JSSKeyStoreSpi: cert not found, searching for key");
        }
        String[] parts = parseAlias(alias);
        String tokenName = parts[0];
        String nickname = parts[1];
        CryptoToken token;
        if (tokenName == null) {
            token = manager.getInternalKeyStorageToken();
        } else {
            token = manager.getTokenByName(tokenName);
        }
        CryptoStore store = token.getCryptoStore();
        logger.debug("JSSKeyStoreSpi: searching for private key");
        for (PrivateKey privateKey : store.getPrivateKeys()) {
            // convert key ID into hexadecimal
            String keyID = Utils.HexEncode(privateKey.getUniqueID());
            logger.debug("JSSKeyStoreSpi: - " + keyID);
            if (!nickname.equals(keyID)) {
                continue;
            }
            try {
                logger.debug("JSSKeyStoreSpi: searching for public key: " + nickname);
                PublicKey publicKey = store.findPublicKey(privateKey);
                logger.debug("JSSKeyStoreSpi: deleting public key: " + nickname);
                store.deletePublicKey(publicKey);
            } catch (ObjectNotFoundException e) {
                logger.debug("JSSKeyStoreSpi: public key not found: " + nickname);
            }
            logger.debug("JSSKeyStoreSpi: deleting private key: " + nickname);
            store.deletePrivateKey(privateKey);
            return;
        }
        logger.debug("JSSKeyStoreSpi: entry not found: " + alias);
        throw new KeyStoreException("Entry not found: " + alias);
    } catch (NotInitializedException e) {
        throw new KeyStoreException(e);
    } catch (NoSuchTokenException e) {
        throw new KeyStoreException(e);
    } catch (TokenException e) {
        throw new KeyStoreException(e);
    } catch (NoSuchItemOnTokenException e) {
        throw new KeyStoreException(e);
    }
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) PrivateKey(org.mozilla.jss.crypto.PrivateKey) NotInitializedException(org.mozilla.jss.NotInitializedException) PublicKey(java.security.PublicKey) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) CryptoManager(org.mozilla.jss.CryptoManager) KeyStoreException(java.security.KeyStoreException) X509Certificate(org.mozilla.jss.crypto.X509Certificate) CryptoStore(org.mozilla.jss.crypto.CryptoStore) NoSuchTokenException(org.mozilla.jss.NoSuchTokenException) ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException) NoSuchTokenException(org.mozilla.jss.NoSuchTokenException) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) TokenException(org.mozilla.jss.crypto.TokenException) TokenCertificate(org.mozilla.jss.crypto.TokenCertificate)

Aggregations

CryptoStore (org.mozilla.jss.crypto.CryptoStore)8 CryptoManager (org.mozilla.jss.CryptoManager)7 CryptoToken (org.mozilla.jss.crypto.CryptoToken)7 X509Certificate (org.mozilla.jss.crypto.X509Certificate)6 NoSuchTokenException (org.mozilla.jss.NoSuchTokenException)3 NotInitializedException (org.mozilla.jss.NotInitializedException)3 NoSuchItemOnTokenException (org.mozilla.jss.crypto.NoSuchItemOnTokenException)3 PrivateKey (org.mozilla.jss.crypto.PrivateKey)3 TokenException (org.mozilla.jss.crypto.TokenException)3 ANY (org.mozilla.jss.asn1.ANY)2 BMPString (org.mozilla.jss.asn1.BMPString)2 ObjectNotFoundException (org.mozilla.jss.crypto.ObjectNotFoundException)2 BufferedInputStream (java.io.BufferedInputStream)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 FileInputStream (java.io.FileInputStream)1 FileNotFoundException (java.io.FileNotFoundException)1 FileOutputStream (java.io.FileOutputStream)1 BigInteger (java.math.BigInteger)1 KeyStoreException (java.security.KeyStoreException)1 PublicKey (java.security.PublicKey)1