Re: Importing CA Cert into Firefox using JSS

[Mikmorg]

OK, I think I've written a little sample program that works. Given 2
args (the path to the profile, and the path to the .crt file for the
new CA to add), this looks like it works:

Anyway, I plan to put some of this code inside my copy of selenium-rc's
proxy server (for those who care).

If anyone sees a problem, I'd love to know before I go throwing this
code in there. Thanks for all your help, guys!

import java.io.*;
import org.mozilla.jss.*;
import org.mozilla.jss.crypto.*;


public class Main {

        public static final int CERT_MAX_SIZE = 1024 * 1024;

        /**
         * @param args
         */
        public static void main(String[] args) throws Exception {

                if(args.length < 2) {
                        System.out.println("Usage: java 
org.mdmsolutions.certtool
C:\\path\\to\\files C:\\path\\to\\cert.crt");
                        System.exit(0);
                }

                try {
                        CryptoManager.initialize(args[0]);
                        CryptoManager cm = CryptoManager.getInstance();

                        X509Certificate[] caCerts = cm.getCACerts();

                        for(int i=0; i < caCerts.length; i++) {
                                System.out.println("CA Cert: " + 
caCerts[i].getNickname());
                        }

                        X509Certificate[] permCerts = cm.getPermCerts();

                        for(int i=0; i < permCerts.length; i++) {
                                System.out.println("Perm Cert: " + 
permCerts[i].getNickname());
                        }

                        File certFile = new File(args[1]);
                        byte[] certBuffer = new byte[(int)certFile.length()];

                        FileInputStream certStream = new 
FileInputStream(certFile);

                        int offset = 0, numRead = 0;
                        while (offset < certBuffer.length
                                        && (numRead = 
certStream.read(certBuffer, offset,
certBuffer.length - offset)) >= 0) {
                                offset += numRead;
                        }

                        if(offset < certBuffer.length) {
                                throw new IOException("Could not completely 
read file " +
certFile.getName());
                        }

                        certStream.close();

                        X509Certificate certIn = 
cm.importCertPackage(certBuffer, "TEST
CERT");
                        System.out.println("Added Cert: " + 
certIn.getNickname());

                        if(certIn == null) {
                                System.err.println("Certificate import failed 
(certIn == null)");
                                System.exit(1);
                        }

                        InternalCertificate certInAsInternal = 
(InternalCertificate)certIn;

                        certInAsInternal.setSSLTrust(
                                        InternalCertificate.TRUSTED_CA |
                                        InternalCertificate.TRUSTED_CLIENT_CA |
                                        InternalCertificate.TRUSTED_PEER |
                                        InternalCertificate.VALID_CA |
                                        InternalCertificate.VALID_PEER
                                        );

                }
                catch(Exception e) {
                        e.printStackTrace();
                        System.exit(1);
                }
                
        }

}

_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto