use of org.mozilla.jss.crypto.CryptoStore in project jss by dogtagpki.
the class PKCS12Util method storeCertIntoNSS.
/**
* Store a certificate (and key, if present) in NSSDB.
*/
public void storeCertIntoNSS(PKCS12 pkcs12, Password password, PKCS12CertInfo certInfo, boolean overwrite) throws Exception {
CryptoManager cm = CryptoManager.getInstance();
CryptoToken ct = cm.getInternalKeyStorageToken();
CryptoStore store = ct.getCryptoStore();
String nickname = certInfo.getFriendlyName();
for (X509Certificate cert : cm.findCertsByNickname(nickname)) {
if (!overwrite) {
return;
}
store.deleteCert(cert);
}
X509CertImpl certImpl = certInfo.getCert();
X509Certificate cert;
byte[] keyID = certInfo.getKeyID();
if (keyID != null) {
// cert has key
logger.debug("Importing private key for " + certInfo.getFriendlyName());
PKCS12KeyInfo keyInfo = pkcs12.getKeyInfoByID(keyID);
importKey(pkcs12, password, certInfo.getFriendlyName(), keyInfo);
logger.debug("Importing user certificate " + certInfo.getFriendlyName());
cert = cm.importUserCACertPackage(certImpl.getEncoded(), certInfo.getFriendlyName());
} else {
// cert has no key
logger.debug("Importing CA certificate " + certInfo.getFriendlyName());
// Note: JSS does not preserve CA certificate nickname
cert = cm.importCACertPackage(certImpl.getEncoded());
}
String trustFlags = certInfo.getTrustFlags();
if (trustFlags != null && trustFlagsEnabled) {
PK11Cert pk11Cert = (PK11Cert) cert;
pk11Cert.setTrustFlags(trustFlags);
}
}
use of org.mozilla.jss.crypto.CryptoStore in project jss by dogtagpki.
the class PKCS12Util method loadFromNSS.
public void loadFromNSS(PKCS12 pkcs12, boolean includeKey, boolean includeChain) throws Exception {
logger.info("Loading certificates and keys from NSS database");
CryptoManager cm = CryptoManager.getInstance();
CryptoToken token = cm.getInternalKeyStorageToken();
CryptoStore store = token.getCryptoStore();
for (X509Certificate cert : store.getCertificates()) {
loadCertFromNSS(pkcs12, cert, includeKey, includeChain);
}
}
use of org.mozilla.jss.crypto.CryptoStore in project jss by dogtagpki.
the class JSSKeyStoreSpi method engineDeleteEntry.
@Override
public void engineDeleteEntry(String alias) throws KeyStoreException {
try {
CryptoManager manager = CryptoManager.getInstance();
try {
logger.debug("JSSKeyStoreSpi: searching for cert");
X509Certificate cert = manager.findCertByNickname(alias);
CryptoToken token;
if (cert instanceof TokenCertificate) {
TokenCertificate tokenCert = (TokenCertificate) cert;
token = tokenCert.getOwningToken();
} else {
token = manager.getInternalKeyStorageToken();
}
CryptoStore store = token.getCryptoStore();
logger.debug("JSSKeyStoreSpi: deleting cert: " + alias);
store.deleteCertOnly(cert);
return;
} catch (ObjectNotFoundException e) {
logger.debug("JSSKeyStoreSpi: cert not found, searching for key");
}
String[] parts = parseAlias(alias);
String tokenName = parts[0];
String nickname = parts[1];
CryptoToken token;
if (tokenName == null) {
token = manager.getInternalKeyStorageToken();
} else {
token = manager.getTokenByName(tokenName);
}
CryptoStore store = token.getCryptoStore();
logger.debug("JSSKeyStoreSpi: searching for private key");
for (PrivateKey privateKey : store.getPrivateKeys()) {
// convert key ID into hexadecimal
String keyID = Utils.HexEncode(privateKey.getUniqueID());
logger.debug("JSSKeyStoreSpi: - " + keyID);
if (!nickname.equals(keyID)) {
continue;
}
try {
logger.debug("JSSKeyStoreSpi: searching for public key: " + nickname);
PublicKey publicKey = store.findPublicKey(privateKey);
logger.debug("JSSKeyStoreSpi: deleting public key: " + nickname);
store.deletePublicKey(publicKey);
} catch (ObjectNotFoundException e) {
logger.debug("JSSKeyStoreSpi: public key not found: " + nickname);
}
logger.debug("JSSKeyStoreSpi: deleting private key: " + nickname);
store.deletePrivateKey(privateKey);
return;
}
logger.debug("JSSKeyStoreSpi: entry not found: " + alias);
throw new KeyStoreException("Entry not found: " + alias);
} catch (NotInitializedException e) {
throw new KeyStoreException(e);
} catch (NoSuchTokenException e) {
throw new KeyStoreException(e);
} catch (TokenException e) {
throw new KeyStoreException(e);
} catch (NoSuchItemOnTokenException e) {
throw new KeyStoreException(e);
}
}
Aggregations