Re: [Pki-devel] [PATCH] #2614 CMC: id-cmc-popLinkWitnessV2 feature implementation
thanks. Pushed to master: commit b04739d364e7e220da29ce8d47654377999ad881 Christina On 04/13/2017 05:44 PM, John Magne wrote: Cond ACK. Looks good. I just put a few minor suggestions to take care of in the attachment, which is merely the original patch with comments interspersed, identified with - Original Message - From: "Christina Fu" <c...@redhat.com> To: pki-devel@redhat.com Sent: Thursday, April 13, 2017 5:03:06 PM Subject: [Pki-devel] [PATCH] #2614 CMC: id-cmc-popLinkWitnessV2 feature implementation Please review. thanks! Christina ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
Re: [Pki-devel] [PATCH] #2614 CMC: id-cmc-popLinkWitnessV2 feature implementation
Cond ACK. Looks good. I just put a few minor suggestions to take care of in the attachment, which is merely the original patch with comments interspersed, identified with - Original Message - From: "Christina Fu" <c...@redhat.com> To: pki-devel@redhat.com Sent: Thursday, April 13, 2017 5:03:06 PM Subject: [Pki-devel] [PATCH] #2614 CMC: id-cmc-popLinkWitnessV2 feature implementation Please review. thanks! Christina ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel>From 23f532da661f2528c47df67c8663a0f4f96401ea Mon Sep 17 00:00:00 2001 From: Christina Fu <c...@redhat.com> Date: Thu, 13 Apr 2017 16:53:58 -0700 Subject: [PATCH] Ticket #2614 CMC: id-cmc-popLinkWitnessV2 feature implementation This patch provides the feature for CMC on handling id-cmc-popLinkWitnessV2 --- .../src/com/netscape/cmstools/CMCRequest.java | 445 +++-- .../src/com/netscape/cmstools/CRMFPopClient.java | 10 +- .../src/com/netscape/cmstools/PKCS10Client.java| 22 +- .../netscape/cms/profile/common/EnrollProfile.java | 416 ++- .../cms/servlet/common/CMCOutputTemplate.java | 12 + base/server/cmsbundle/src/UserMessages.properties | 2 + 6 files changed, 752 insertions(+), 155 deletions(-) diff --git a/base/java-tools/src/com/netscape/cmstools/CMCRequest.java b/base/java-tools/src/com/netscape/cmstools/CMCRequest.java index a2aca8a..004b81d 100644 --- a/base/java-tools/src/com/netscape/cmstools/CMCRequest.java +++ b/base/java-tools/src/com/netscape/cmstools/CMCRequest.java @@ -34,6 +34,7 @@ import java.security.NoSuchAlgorithmException; import java.text.SimpleDateFormat; import java.util.Arrays; import java.util.Date; +import java.util.Random; import java.util.StringTokenizer; import org.mozilla.jss.CryptoManager; @@ -53,10 +54,12 @@ import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.crypto.DigestAlgorithm; import org.mozilla.jss.crypto.ObjectNotFoundException; import org.mozilla.jss.crypto.PrivateKey; +import org.mozilla.jss.crypto.Signature; import org.mozilla.jss.crypto.SignatureAlgorithm; import org.mozilla.jss.crypto.SymmetricKey; import org.mozilla.jss.crypto.X509Certificate; import org.mozilla.jss.pkcs10.CertificationRequest; +import org.mozilla.jss.pkcs10.CertificationRequestInfo; import org.mozilla.jss.pkix.cmc.CMCCertId; import org.mozilla.jss.pkix.cmc.CMCStatusInfo; import org.mozilla.jss.pkix.cmc.DecryptedPOP; @@ -68,6 +71,7 @@ import org.mozilla.jss.pkix.cmc.OtherInfo; import org.mozilla.jss.pkix.cmc.OtherMsg; import org.mozilla.jss.pkix.cmc.PKIData; import org.mozilla.jss.pkix.cmc.PendInfo; +import org.mozilla.jss.pkix.cmc.PopLinkWitnessV2; import org.mozilla.jss.pkix.cmc.ResponseBody; import org.mozilla.jss.pkix.cmc.TaggedAttribute; import org.mozilla.jss.pkix.cmc.TaggedCertificationRequest; @@ -85,7 +89,11 @@ import org.mozilla.jss.pkix.cms.SignerInfo; import org.mozilla.jss.pkix.crmf.CertReqMsg; import org.mozilla.jss.pkix.crmf.CertRequest; import org.mozilla.jss.pkix.crmf.CertTemplate; +import org.mozilla.jss.pkix.crmf.POPOSigningKey; +import org.mozilla.jss.pkix.crmf.ProofOfPossession; +import org.mozilla.jss.pkix.primitive.AVA; import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; +import org.mozilla.jss.pkix.primitive.Attribute; import org.mozilla.jss.pkix.primitive.Name; import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo; import org.mozilla.jss.util.Password; @@ -148,6 +156,37 @@ public class CMCRequest { } /** + * getSigningAlgFromPrivate + * + */ check for null to avoid null pointer exception. I know it's just the tool, but it would be ugly for the user +static SignatureAlgorithm getSigningAlgFromPrivate (java.security.PrivateKey privKey) { +String method = "getSigningAlgFromPrivate: "; +System.out.println(method + "begins."); +SignatureAlgorithm signAlg = null; +/* +org.mozilla.jss.crypto.PrivateKey.Type signingKeyType = +((org.mozilla.jss.crypto.PrivateKey) privKey) +.getType(); +*/ +// TODO: allow more options later +String signingKeyType = privKey.getAlgorithm(); +System.out.println(method + "found signingKeyType=" + signingKeyType); +if (signingKeyType.equalsIgnoreCase("RSA")) { +signAlg = SignatureAlgorithm.RSASignatureWithSHA256Digest; +} else if (signingKeyType.equalsIgnoreCase("EC")) { +signAlg = SignatureAlgorithm.ECSignatureWithSHA256Digest; +} else { +System.out.println(method + "Algorithm not supported:" + +signingKeyType); +return null; +} +System.out.println(method + "using SignatureAlgorithm: " + +signA
[Pki-devel] [PATCH] #2614 CMC: id-cmc-popLinkWitnessV2 feature implementation
Please review. thanks! Christina >From 23f532da661f2528c47df67c8663a0f4f96401ea Mon Sep 17 00:00:00 2001 From: Christina FuDate: Thu, 13 Apr 2017 16:53:58 -0700 Subject: [PATCH] Ticket #2614 CMC: id-cmc-popLinkWitnessV2 feature implementation This patch provides the feature for CMC on handling id-cmc-popLinkWitnessV2 --- .../src/com/netscape/cmstools/CMCRequest.java | 445 +++-- .../src/com/netscape/cmstools/CRMFPopClient.java | 10 +- .../src/com/netscape/cmstools/PKCS10Client.java| 22 +- .../netscape/cms/profile/common/EnrollProfile.java | 416 ++- .../cms/servlet/common/CMCOutputTemplate.java | 12 + base/server/cmsbundle/src/UserMessages.properties | 2 + 6 files changed, 752 insertions(+), 155 deletions(-) diff --git a/base/java-tools/src/com/netscape/cmstools/CMCRequest.java b/base/java-tools/src/com/netscape/cmstools/CMCRequest.java index a2aca8a..004b81d 100644 --- a/base/java-tools/src/com/netscape/cmstools/CMCRequest.java +++ b/base/java-tools/src/com/netscape/cmstools/CMCRequest.java @@ -34,6 +34,7 @@ import java.security.NoSuchAlgorithmException; import java.text.SimpleDateFormat; import java.util.Arrays; import java.util.Date; +import java.util.Random; import java.util.StringTokenizer; import org.mozilla.jss.CryptoManager; @@ -53,10 +54,12 @@ import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.crypto.DigestAlgorithm; import org.mozilla.jss.crypto.ObjectNotFoundException; import org.mozilla.jss.crypto.PrivateKey; +import org.mozilla.jss.crypto.Signature; import org.mozilla.jss.crypto.SignatureAlgorithm; import org.mozilla.jss.crypto.SymmetricKey; import org.mozilla.jss.crypto.X509Certificate; import org.mozilla.jss.pkcs10.CertificationRequest; +import org.mozilla.jss.pkcs10.CertificationRequestInfo; import org.mozilla.jss.pkix.cmc.CMCCertId; import org.mozilla.jss.pkix.cmc.CMCStatusInfo; import org.mozilla.jss.pkix.cmc.DecryptedPOP; @@ -68,6 +71,7 @@ import org.mozilla.jss.pkix.cmc.OtherInfo; import org.mozilla.jss.pkix.cmc.OtherMsg; import org.mozilla.jss.pkix.cmc.PKIData; import org.mozilla.jss.pkix.cmc.PendInfo; +import org.mozilla.jss.pkix.cmc.PopLinkWitnessV2; import org.mozilla.jss.pkix.cmc.ResponseBody; import org.mozilla.jss.pkix.cmc.TaggedAttribute; import org.mozilla.jss.pkix.cmc.TaggedCertificationRequest; @@ -85,7 +89,11 @@ import org.mozilla.jss.pkix.cms.SignerInfo; import org.mozilla.jss.pkix.crmf.CertReqMsg; import org.mozilla.jss.pkix.crmf.CertRequest; import org.mozilla.jss.pkix.crmf.CertTemplate; +import org.mozilla.jss.pkix.crmf.POPOSigningKey; +import org.mozilla.jss.pkix.crmf.ProofOfPossession; +import org.mozilla.jss.pkix.primitive.AVA; import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; +import org.mozilla.jss.pkix.primitive.Attribute; import org.mozilla.jss.pkix.primitive.Name; import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo; import org.mozilla.jss.util.Password; @@ -148,6 +156,37 @@ public class CMCRequest { } /** + * getSigningAlgFromPrivate + * + */ +static SignatureAlgorithm getSigningAlgFromPrivate (java.security.PrivateKey privKey) { +String method = "getSigningAlgFromPrivate: "; +System.out.println(method + "begins."); +SignatureAlgorithm signAlg = null; +/* +org.mozilla.jss.crypto.PrivateKey.Type signingKeyType = +((org.mozilla.jss.crypto.PrivateKey) privKey) +.getType(); +*/ +// TODO: allow more options later +String signingKeyType = privKey.getAlgorithm(); +System.out.println(method + "found signingKeyType=" + signingKeyType); +if (signingKeyType.equalsIgnoreCase("RSA")) { +signAlg = SignatureAlgorithm.RSASignatureWithSHA256Digest; +} else if (signingKeyType.equalsIgnoreCase("EC")) { +signAlg = SignatureAlgorithm.ECSignatureWithSHA256Digest; +} else { +System.out.println(method + "Algorithm not supported:" + +signingKeyType); +return null; +} +System.out.println(method + "using SignatureAlgorithm: " + +signAlg.toString()); + +return signAlg; +} + +/** * signData signs the request PKIData * * @param signerCert the certificate of the authorized signer of the CMC revocation request. @@ -190,17 +229,9 @@ public class CMCRequest { EncapsulatedContentInfo ci = new EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIData, pkidata); DigestAlgorithm digestAlg = null; -SignatureAlgorithm signAlg = null; -org.mozilla.jss.crypto.PrivateKey.Type signingKeyType = ((org.mozilla.jss.crypto.PrivateKey) privKey) -.getType(); -if (signingKeyType.equals(org.mozilla.jss.crypto.PrivateKey.Type.RSA)) { -signAlg =