Skip to content

Commit

Permalink
Refactor PKCS10Client (part 1)
Browse files Browse the repository at this point in the history 
The PKCS10Client has been updated to create the key pair
using NSSDatabase.
  • Loading branch information
@edewata
edewata committed Feb 12, 2025
1 parent 28cdc45 commit a0704b7
Showing 1 changed file with 21 additions and 15 deletions.
36 changes: 21 additions & 15 deletions base/tools/src/main/java/com/netscape/cmstools/PKCS10Client.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,11 @@
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;

import org.dogtagpki.nss.NSSDatabase;
import org.dogtagpki.util.cert.CertUtil;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.InitializationValues;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage;
import org.mozilla.jss.crypto.PrivateKey;
import org.mozilla.jss.netscape.security.pkcs.PKCS10;
import org.mozilla.jss.netscape.security.x509.Extensions;
Expand All @@ -42,6 +42,7 @@
import org.mozilla.jss.util.Password;

import com.netscape.cmsutil.crypto.CryptoUtil;
import com.netscape.cmsutil.password.PlainPasswordFile;

/**
* Generates an ECC or RSA key pair in the security database, constructs a
Expand Down Expand Up @@ -219,8 +220,10 @@ public static void main(String args[]) throws Exception {
CryptoManager.initialize(vals);

CryptoManager cm = CryptoManager.getInstance();

tokenName = tokenName == null ? CryptoUtil.INTERNAL_TOKEN_NAME : tokenName;
CryptoToken token = CryptoUtil.getKeyStorageToken(tokenName);
tokenName = token.getName();

if(verbose) {
System.out.println("PKCS10Client: Debug: got token.");
}
Expand All @@ -231,6 +234,8 @@ public static void main(String args[]) throws Exception {
System.out.println("PKCS10Client: Debug: thread token set.");
}

PlainPasswordFile passwordStore = new PlainPasswordFile();

if (passwordFile != null) {
String line;
try (BufferedReader in = new BufferedReader(new FileReader(passwordFile))) {
Expand All @@ -239,6 +244,7 @@ public static void main(String args[]) throws Exception {
line = "";
}
}

Password pass = new Password(line.toCharArray());

try {
Expand All @@ -249,6 +255,9 @@ public static void main(String args[]) throws Exception {
} finally {
pass.clear();
}

passwordStore.putPassword(tokenName, line);

} else if (password != null) {
Password pass = new Password(password.toCharArray());

Expand All @@ -260,8 +269,13 @@ public static void main(String args[]) throws Exception {
} finally {
pass.clear();
}

passwordStore.putPassword(tokenName, password);
}

NSSDatabase nssdb = new NSSDatabase(dbdir);
nssdb.setPasswordStore(passwordStore);

KeyPair pair = null;

if (alg.equals("rsa")) {
Expand All @@ -270,28 +284,20 @@ public static void main(String args[]) throws Exception {
System.out.println("PKCS10Client: rsa_keygen_wrap_unwrap_ops: " + rsa_keygen_wrap_unwrap_ops);
}

Usage[] usages = rsa_keygen_wrap_unwrap_ops ? CryptoUtil.RSA_KEYPAIR_USAGES : null;
Usage[] usagesMask = rsa_keygen_wrap_unwrap_ops ? CryptoUtil.RSA_KEYPAIR_USAGES_MASK : null;

pair = CryptoUtil.generateRSAKeyPair(
pair = nssdb.createRSAKeyPair(
token,
rsa_keylen,
usages,
usagesMask);
rsa_keygen_wrap_unwrap_ops);

} else if (alg.equals("ec")) {

Usage[] usages = null;
Usage[] usagesMask = ec_ssl_ecdh ? CryptoUtil.ECDH_USAGES_MASK : CryptoUtil.ECDHE_USAGES_MASK;

pair = CryptoUtil.generateECCKeyPair(
pair = nssdb.createECKeyPair(
token,
ecc_curve,
ec_ssl_ecdh,
ec_temporary,
ec_sensitive,
ec_extractable,
usages,
usagesMask);
ec_extractable);

if (pair == null) {
System.out.println("PKCS10Client: pair null.");
Expand Down

0 comments on commit a0704b7

Please sign in to comment.