Example 6 with CryptoStore
use of org.mozilla.jss.crypto.CryptoStore in project jss by dogtagpki.
the class PKCS12Util method storeCertIntoNSS.
/**
* Store a certificate (and key, if present) in NSSDB.
*/
public void storeCertIntoNSS(PKCS12 pkcs12, Password password, PKCS12CertInfo certInfo, boolean overwrite) throws Exception {
CryptoManager cm = CryptoManager.getInstance();
CryptoToken ct = cm.getInternalKeyStorageToken();
CryptoStore store = ct.getCryptoStore();
String nickname = certInfo.getFriendlyName();
for (X509Certificate cert : cm.findCertsByNickname(nickname)) {
if (!overwrite) {
return;
}
store.deleteCert(cert);
}
X509CertImpl certImpl = certInfo.getCert();
X509Certificate cert;
byte[] keyID = certInfo.getKeyID();
if (keyID != null) {
// cert has key
logger.debug("Importing private key for " + certInfo.getFriendlyName());
PKCS12KeyInfo keyInfo = pkcs12.getKeyInfoByID(keyID);
importKey(pkcs12, password, certInfo.getFriendlyName(), keyInfo);
logger.debug("Importing user certificate " + certInfo.getFriendlyName());
cert = cm.importUserCACertPackage(certImpl.getEncoded(), certInfo.getFriendlyName());
} else {
// cert has no key
logger.debug("Importing CA certificate " + certInfo.getFriendlyName());
// Note: JSS does not preserve CA certificate nickname
cert = cm.importCACertPackage(certImpl.getEncoded());
}
String trustFlags = certInfo.getTrustFlags();
if (trustFlags != null && trustFlagsEnabled) {
PK11Cert pk11Cert = (PK11Cert) cert;
pk11Cert.setTrustFlags(trustFlags);
}
}
Also used :
CryptoStore(org.mozilla.jss.crypto.CryptoStore)
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl)
CryptoManager(org.mozilla.jss.CryptoManager)
BMPString(org.mozilla.jss.asn1.BMPString)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
PK11Cert(org.mozilla.jss.pkcs11.PK11Cert)
Example 7 with CryptoStore
use of org.mozilla.jss.crypto.CryptoStore in project jss by dogtagpki.
the class PKCS12Util method loadFromNSS.
public void loadFromNSS(PKCS12 pkcs12, boolean includeKey, boolean includeChain) throws Exception {
logger.info("Loading certificates and keys from NSS database");
CryptoManager cm = CryptoManager.getInstance();
CryptoToken token = cm.getInternalKeyStorageToken();
CryptoStore store = token.getCryptoStore();
for (X509Certificate cert : store.getCertificates()) {
loadCertFromNSS(pkcs12, cert, includeKey, includeChain);
}
}
Also used :
CryptoStore(org.mozilla.jss.crypto.CryptoStore)
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
CryptoManager(org.mozilla.jss.CryptoManager)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
Example 8 with CryptoStore
use of org.mozilla.jss.crypto.CryptoStore in project jss by dogtagpki.
the class JSSKeyStoreSpi method engineDeleteEntry.
@Override
public void engineDeleteEntry(String alias) throws KeyStoreException {
try {
CryptoManager manager = CryptoManager.getInstance();
try {
logger.debug("JSSKeyStoreSpi: searching for cert");
X509Certificate cert = manager.findCertByNickname(alias);
CryptoToken token;
if (cert instanceof TokenCertificate) {
TokenCertificate tokenCert = (TokenCertificate) cert;
token = tokenCert.getOwningToken();
} else {
token = manager.getInternalKeyStorageToken();
}
CryptoStore store = token.getCryptoStore();
logger.debug("JSSKeyStoreSpi: deleting cert: " + alias);
store.deleteCertOnly(cert);
return;
} catch (ObjectNotFoundException e) {
logger.debug("JSSKeyStoreSpi: cert not found, searching for key");
}
String[] parts = parseAlias(alias);
String tokenName = parts[0];
String nickname = parts[1];
CryptoToken token;
if (tokenName == null) {
token = manager.getInternalKeyStorageToken();
} else {
token = manager.getTokenByName(tokenName);
}
CryptoStore store = token.getCryptoStore();
logger.debug("JSSKeyStoreSpi: searching for private key");
for (PrivateKey privateKey : store.getPrivateKeys()) {
// convert key ID into hexadecimal
String keyID = Utils.HexEncode(privateKey.getUniqueID());
logger.debug("JSSKeyStoreSpi: - " + keyID);
if (!nickname.equals(keyID)) {
continue;
}
try {
logger.debug("JSSKeyStoreSpi: searching for public key: " + nickname);
PublicKey publicKey = store.findPublicKey(privateKey);
logger.debug("JSSKeyStoreSpi: deleting public key: " + nickname);
store.deletePublicKey(publicKey);
} catch (ObjectNotFoundException e) {
logger.debug("JSSKeyStoreSpi: public key not found: " + nickname);
}
logger.debug("JSSKeyStoreSpi: deleting private key: " + nickname);
store.deletePrivateKey(privateKey);
return;
}
logger.debug("JSSKeyStoreSpi: entry not found: " + alias);
throw new KeyStoreException("Entry not found: " + alias);
} catch (NotInitializedException e) {
throw new KeyStoreException(e);
} catch (NoSuchTokenException e) {
throw new KeyStoreException(e);
} catch (TokenException e) {
throw new KeyStoreException(e);
} catch (NoSuchItemOnTokenException e) {
throw new KeyStoreException(e);
}
}
Also used :
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
PrivateKey(org.mozilla.jss.crypto.PrivateKey)
NotInitializedException(org.mozilla.jss.NotInitializedException)
PublicKey(java.security.PublicKey)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
CryptoManager(org.mozilla.jss.CryptoManager)
KeyStoreException(java.security.KeyStoreException)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
CryptoStore(org.mozilla.jss.crypto.CryptoStore)
NoSuchTokenException(org.mozilla.jss.NoSuchTokenException)
ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException)
NoSuchTokenException(org.mozilla.jss.NoSuchTokenException)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
TokenException(org.mozilla.jss.crypto.TokenException)
TokenCertificate(org.mozilla.jss.crypto.TokenCertificate)
Aggregations
CryptoStore (org.mozilla.jss.crypto.CryptoStore)8
CryptoManager (org.mozilla.jss.CryptoManager)7
CryptoToken (org.mozilla.jss.crypto.CryptoToken)7
X509Certificate (org.mozilla.jss.crypto.X509Certificate)6
NoSuchTokenException (org.mozilla.jss.NoSuchTokenException)3
NotInitializedException (org.mozilla.jss.NotInitializedException)3
NoSuchItemOnTokenException (org.mozilla.jss.crypto.NoSuchItemOnTokenException)3
PrivateKey (org.mozilla.jss.crypto.PrivateKey)3
TokenException (org.mozilla.jss.crypto.TokenException)3
ANY (org.mozilla.jss.asn1.ANY)2
BMPString (org.mozilla.jss.asn1.BMPString)2
ObjectNotFoundException (org.mozilla.jss.crypto.ObjectNotFoundException)2
BufferedInputStream (java.io.BufferedInputStream)1
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
FileInputStream (java.io.FileInputStream)1
FileNotFoundException (java.io.FileNotFoundException)1
FileOutputStream (java.io.FileOutputStream)1
BigInteger (java.math.BigInteger)1
KeyStoreException (java.security.KeyStoreException)1
PublicKey (java.security.PublicKey)1
