Refactor ClientCertRequestCLI.generateCrmfRequest()

The ClientCertRequestCLI.generateCrmfRequest() has been modified to take a key pair generated using generateRSAKeyPair() or generateECCKeyPair().
dogtagpki · Feb 7, 2025 · 8eee35a · 8eee35a
1 parent e86084a
commit 8eee35a
Showing 1 changed file with 32 additions and 40 deletions.
diff --git a/base/tools/src/main/java/com/netscape/cmstools/client/ClientCertRequestCLI.java b/base/tools/src/main/java/com/netscape/cmstools/client/ClientCertRequestCLI.java
@@ -313,9 +313,36 @@ public void execute(CommandLine cmd) throws Exception {
             String kwAlg = caInfoClient.getKeyWrapAlgotihm();
             KeyWrapAlgorithm keyWrapAlgorithm = KeyWrapAlgorithm.fromString(kwAlg);
 
-            csr = generateCrmfRequest(transportCert, subjectDN, attributeEncoding,
-                    algorithm, length, curve, sslECDH, temporary, sensitive, extractable, withPop,
-                    keyWrapAlgorithm, useOAEP);
+            KeyPair keyPair;
+
+            if ("rsa".equals(algorithm)) {
+
+                keyPair = generateRSAKeyPair(
+                        length,
+                        wrap);
+
+            } else if ("ec".equals(algorithm)) {
+
+                keyPair = generateECCKeyPair(
+                        curve,
+                        sslECDH,
+                        temporary,
+                        sensitive,
+                        extractable);
+
+            } else {
+                throw new Exception("Error: Unknown algorithm: " + algorithm);
+            }
+
+            csr = createCRMFRequest(
+                    keyPair,
+                    transportCert,
+                    subjectDN,
+                    attributeEncoding,
+                    algorithm,
+                    withPop,
+                    keyWrapAlgorithm,
+                    useOAEP);
 
         } else {
             throw new Exception("Unknown request type: " + requestType);
@@ -473,17 +500,12 @@ public String createPKCS10Request(
         return CertUtil.toPEM(pkcs10);
     }
 
-    public String generateCrmfRequest(
+    public String createCRMFRequest(
+            KeyPair keyPair,
             X509Certificate transportCert,
             String subjectDN,
             boolean attributeEncoding,
             String algorithm,
-            int length,
-            String curve,
-            boolean sslECDH,
-            boolean temporary,
-            int sensitive,
-            int extractable,
             boolean withPop,
             KeyWrapAlgorithm keyWrapAlgorithm,
             boolean useOAEP) throws Exception {
@@ -493,36 +515,6 @@ public String generateCrmfRequest(
 
         Name subject = CryptoUtil.createName(subjectDN, attributeEncoding);
 
-        KeyPair keyPair;
-        if (algorithm.equals("rsa")) {
-
-            Usage[] usages = null;
-            Usage[] usagesMask = null;
-
-            keyPair = CryptoUtil.generateRSAKeyPair(
-                    token,
-                    length,
-                    usages,
-                    usagesMask);
-
-        } else if (algorithm.equals("ec")) {
-
-            Usage[] usages = null;
-            Usage[] usagesMask = sslECDH ? CryptoUtil.ECDH_USAGES_MASK : CryptoUtil.ECDHE_USAGES_MASK;
-
-            keyPair = CryptoUtil.generateECCKeyPair(
-                    token,
-                    curve,
-                    temporary,
-                    sensitive,
-                    extractable,
-                    usages,
-                    usagesMask);
-
-        } else {
-            throw new Exception("Unknown algorithm: " + algorithm);
-        }
-
         CertRequest certRequest = CryptoUtil.createCertRequest(
                 false, // use_shared_secret
                 token,