Re: [Pki-devel] [PATCH] #2614 CMC: id-cmc-popLinkWitnessV2 feature implementation

2017-04-13 Thread Christina Fu 

thanks.

Pushed to master:

commit b04739d364e7e220da29ce8d47654377999ad881

Christina


On 04/13/2017 05:44 PM, John Magne wrote:

Cond ACK.


Looks good.

I just put a few minor suggestions to take care of in the attachment, which is 
merely the original patch with comments
interspersed, identified with 


- Original Message -
From: "Christina Fu" <c...@redhat.com>
To: pki-devel@redhat.com
Sent: Thursday, April 13, 2017 5:03:06 PM
Subject: [Pki-devel] [PATCH] #2614 CMC: id-cmc-popLinkWitnessV2 feature 
implementation

Please review.

thanks!

Christina


___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel


___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [PATCH] #2614 CMC: id-cmc-popLinkWitnessV2 feature implementation

2017-04-13 Thread John Magne 

Cond ACK.


Looks good.

I just put a few minor suggestions to take care of in the attachment, which is 
merely the original patch with comments
interspersed, identified with 


- Original Message -
From: "Christina Fu" <c...@redhat.com>
To: pki-devel@redhat.com
Sent: Thursday, April 13, 2017 5:03:06 PM
Subject: [Pki-devel] [PATCH] #2614 CMC: id-cmc-popLinkWitnessV2 feature 
implementation

Please review.

thanks!

Christina


___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel>From 23f532da661f2528c47df67c8663a0f4f96401ea Mon Sep 17 00:00:00 2001
From: Christina Fu <c...@redhat.com>
Date: Thu, 13 Apr 2017 16:53:58 -0700
Subject: [PATCH] Ticket #2614 CMC: id-cmc-popLinkWitnessV2 feature
 implementation This patch provides the feature for CMC on handling
 id-cmc-popLinkWitnessV2

---
 .../src/com/netscape/cmstools/CMCRequest.java  | 445 +++--
 .../src/com/netscape/cmstools/CRMFPopClient.java   |  10 +-
 .../src/com/netscape/cmstools/PKCS10Client.java|  22 +-
 .../netscape/cms/profile/common/EnrollProfile.java | 416 ++-
 .../cms/servlet/common/CMCOutputTemplate.java  |  12 +
 base/server/cmsbundle/src/UserMessages.properties  |   2 +
 6 files changed, 752 insertions(+), 155 deletions(-)

diff --git a/base/java-tools/src/com/netscape/cmstools/CMCRequest.java b/base/java-tools/src/com/netscape/cmstools/CMCRequest.java
index a2aca8a..004b81d 100644
--- a/base/java-tools/src/com/netscape/cmstools/CMCRequest.java
+++ b/base/java-tools/src/com/netscape/cmstools/CMCRequest.java
@@ -34,6 +34,7 @@ import java.security.NoSuchAlgorithmException;
 import java.text.SimpleDateFormat;
 import java.util.Arrays;
 import java.util.Date;
+import java.util.Random;
 import java.util.StringTokenizer;
 
 import org.mozilla.jss.CryptoManager;
@@ -53,10 +54,12 @@ import org.mozilla.jss.crypto.CryptoToken;
 import org.mozilla.jss.crypto.DigestAlgorithm;
 import org.mozilla.jss.crypto.ObjectNotFoundException;
 import org.mozilla.jss.crypto.PrivateKey;
+import org.mozilla.jss.crypto.Signature;
 import org.mozilla.jss.crypto.SignatureAlgorithm;
 import org.mozilla.jss.crypto.SymmetricKey;
 import org.mozilla.jss.crypto.X509Certificate;
 import org.mozilla.jss.pkcs10.CertificationRequest;
+import org.mozilla.jss.pkcs10.CertificationRequestInfo;
 import org.mozilla.jss.pkix.cmc.CMCCertId;
 import org.mozilla.jss.pkix.cmc.CMCStatusInfo;
 import org.mozilla.jss.pkix.cmc.DecryptedPOP;
@@ -68,6 +71,7 @@ import org.mozilla.jss.pkix.cmc.OtherInfo;
 import org.mozilla.jss.pkix.cmc.OtherMsg;
 import org.mozilla.jss.pkix.cmc.PKIData;
 import org.mozilla.jss.pkix.cmc.PendInfo;
+import org.mozilla.jss.pkix.cmc.PopLinkWitnessV2;
 import org.mozilla.jss.pkix.cmc.ResponseBody;
 import org.mozilla.jss.pkix.cmc.TaggedAttribute;
 import org.mozilla.jss.pkix.cmc.TaggedCertificationRequest;
@@ -85,7 +89,11 @@ import org.mozilla.jss.pkix.cms.SignerInfo;
 import org.mozilla.jss.pkix.crmf.CertReqMsg;
 import org.mozilla.jss.pkix.crmf.CertRequest;
 import org.mozilla.jss.pkix.crmf.CertTemplate;
+import org.mozilla.jss.pkix.crmf.POPOSigningKey;
+import org.mozilla.jss.pkix.crmf.ProofOfPossession;
+import org.mozilla.jss.pkix.primitive.AVA;
 import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
+import org.mozilla.jss.pkix.primitive.Attribute;
 import org.mozilla.jss.pkix.primitive.Name;
 import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo;
 import org.mozilla.jss.util.Password;
@@ -148,6 +156,37 @@ public class CMCRequest {
 }
 
 /**
+ * getSigningAlgFromPrivate
+ *
+ */



check for null to avoid null pointer exception. I know it's just the tool, but it would be ugly for the user






+static SignatureAlgorithm getSigningAlgFromPrivate (java.security.PrivateKey privKey) {
+String method = "getSigningAlgFromPrivate: ";
+System.out.println(method + "begins.");
+SignatureAlgorithm signAlg = null;
+/*
+org.mozilla.jss.crypto.PrivateKey.Type signingKeyType =
+((org.mozilla.jss.crypto.PrivateKey) privKey)
+.getType();
+*/
+// TODO: allow more options later
+String signingKeyType = privKey.getAlgorithm();
+System.out.println(method + "found signingKeyType=" + signingKeyType);
+if (signingKeyType.equalsIgnoreCase("RSA")) {
+signAlg = SignatureAlgorithm.RSASignatureWithSHA256Digest;
+} else if (signingKeyType.equalsIgnoreCase("EC")) {
+signAlg = SignatureAlgorithm.ECSignatureWithSHA256Digest;
+} else {
+System.out.println(method + "Algorithm not supported:" +
+signingKeyType);
+return null;
+}
+System.out.println(method + "using SignatureAlgorithm: " +
+signA

[Pki-devel] [PATCH] #2614 CMC: id-cmc-popLinkWitnessV2 feature implementation

2017-04-13 Thread Christina Fu 

Please review.

thanks!

Christina

>From 23f532da661f2528c47df67c8663a0f4f96401ea Mon Sep 17 00:00:00 2001
From: Christina Fu 
Date: Thu, 13 Apr 2017 16:53:58 -0700
Subject: [PATCH] Ticket #2614 CMC: id-cmc-popLinkWitnessV2 feature
 implementation This patch provides the feature for CMC on handling
 id-cmc-popLinkWitnessV2

---
 .../src/com/netscape/cmstools/CMCRequest.java  | 445 +++--
 .../src/com/netscape/cmstools/CRMFPopClient.java   |  10 +-
 .../src/com/netscape/cmstools/PKCS10Client.java|  22 +-
 .../netscape/cms/profile/common/EnrollProfile.java | 416 ++-
 .../cms/servlet/common/CMCOutputTemplate.java  |  12 +
 base/server/cmsbundle/src/UserMessages.properties  |   2 +
 6 files changed, 752 insertions(+), 155 deletions(-)

diff --git a/base/java-tools/src/com/netscape/cmstools/CMCRequest.java b/base/java-tools/src/com/netscape/cmstools/CMCRequest.java
index a2aca8a..004b81d 100644
--- a/base/java-tools/src/com/netscape/cmstools/CMCRequest.java
+++ b/base/java-tools/src/com/netscape/cmstools/CMCRequest.java
@@ -34,6 +34,7 @@ import java.security.NoSuchAlgorithmException;
 import java.text.SimpleDateFormat;
 import java.util.Arrays;
 import java.util.Date;
+import java.util.Random;
 import java.util.StringTokenizer;
 
 import org.mozilla.jss.CryptoManager;
@@ -53,10 +54,12 @@ import org.mozilla.jss.crypto.CryptoToken;
 import org.mozilla.jss.crypto.DigestAlgorithm;
 import org.mozilla.jss.crypto.ObjectNotFoundException;
 import org.mozilla.jss.crypto.PrivateKey;
+import org.mozilla.jss.crypto.Signature;
 import org.mozilla.jss.crypto.SignatureAlgorithm;
 import org.mozilla.jss.crypto.SymmetricKey;
 import org.mozilla.jss.crypto.X509Certificate;
 import org.mozilla.jss.pkcs10.CertificationRequest;
+import org.mozilla.jss.pkcs10.CertificationRequestInfo;
 import org.mozilla.jss.pkix.cmc.CMCCertId;
 import org.mozilla.jss.pkix.cmc.CMCStatusInfo;
 import org.mozilla.jss.pkix.cmc.DecryptedPOP;
@@ -68,6 +71,7 @@ import org.mozilla.jss.pkix.cmc.OtherInfo;
 import org.mozilla.jss.pkix.cmc.OtherMsg;
 import org.mozilla.jss.pkix.cmc.PKIData;
 import org.mozilla.jss.pkix.cmc.PendInfo;
+import org.mozilla.jss.pkix.cmc.PopLinkWitnessV2;
 import org.mozilla.jss.pkix.cmc.ResponseBody;
 import org.mozilla.jss.pkix.cmc.TaggedAttribute;
 import org.mozilla.jss.pkix.cmc.TaggedCertificationRequest;
@@ -85,7 +89,11 @@ import org.mozilla.jss.pkix.cms.SignerInfo;
 import org.mozilla.jss.pkix.crmf.CertReqMsg;
 import org.mozilla.jss.pkix.crmf.CertRequest;
 import org.mozilla.jss.pkix.crmf.CertTemplate;
+import org.mozilla.jss.pkix.crmf.POPOSigningKey;
+import org.mozilla.jss.pkix.crmf.ProofOfPossession;
+import org.mozilla.jss.pkix.primitive.AVA;
 import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
+import org.mozilla.jss.pkix.primitive.Attribute;
 import org.mozilla.jss.pkix.primitive.Name;
 import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo;
 import org.mozilla.jss.util.Password;
@@ -148,6 +156,37 @@ public class CMCRequest {
 }
 
 /**
+ * getSigningAlgFromPrivate
+ *
+ */
+static SignatureAlgorithm getSigningAlgFromPrivate (java.security.PrivateKey privKey) {
+String method = "getSigningAlgFromPrivate: ";
+System.out.println(method + "begins.");
+SignatureAlgorithm signAlg = null;
+/*
+org.mozilla.jss.crypto.PrivateKey.Type signingKeyType =
+((org.mozilla.jss.crypto.PrivateKey) privKey)
+.getType();
+*/
+// TODO: allow more options later
+String signingKeyType = privKey.getAlgorithm();
+System.out.println(method + "found signingKeyType=" + signingKeyType);
+if (signingKeyType.equalsIgnoreCase("RSA")) {
+signAlg = SignatureAlgorithm.RSASignatureWithSHA256Digest;
+} else if (signingKeyType.equalsIgnoreCase("EC")) {
+signAlg = SignatureAlgorithm.ECSignatureWithSHA256Digest;
+} else {
+System.out.println(method + "Algorithm not supported:" +
+signingKeyType);
+return null;
+}
+System.out.println(method + "using SignatureAlgorithm: " +
+signAlg.toString());
+
+return signAlg;
+}
+
+/**
  * signData signs the request PKIData
  *
  * @param signerCert the certificate of the authorized signer of the CMC revocation request.
@@ -190,17 +229,9 @@ public class CMCRequest {
 
 EncapsulatedContentInfo ci = new EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIData, pkidata);
 DigestAlgorithm digestAlg = null;
-SignatureAlgorithm signAlg = null;
-org.mozilla.jss.crypto.PrivateKey.Type signingKeyType = ((org.mozilla.jss.crypto.PrivateKey) privKey)
-.getType();
-if (signingKeyType.equals(org.mozilla.jss.crypto.PrivateKey.Type.RSA)) {
-signAlg =