I've been feeling my way around the JSS API. The "Using JSS" document,
the FAQ and the test code are (just) enough to get going. But I've come
across several points where the API seems really low-level. I was
wondering if I've missed something?
I can go through the following long chain to find out about a cert,
knowing the nickname:
CryptoManager.initialize(dbdir);
CryptoManager cm = CryptoManager.getInstance();
X509Certificate cert = cm.findCertByNickname(nickname);
Certificate cert =
(Certificate)ASN1Util.decode(Certificate.getTemplate(),
x509Cert.getEncoded());
CertificateInfo info = cert.getInfo();
(Phew!)
1) Then, I can get the Subject with:
Name subject = info.getSubject();
This Name class seems to have ways of adding each of the individual
components of the Name (O, OU, CN etc.) but not ways of getting them
individually as Strings. Have I missed something?
http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/pkix/primitive/Name.html
2) There don't seem to be any useful constants for the obvious values
for some of the calls. So I can call:
OBJECT_IDENTIFIER sigalg = info.getSignatureAlgId().getOID();
but I then have to compare it like this:
if (!sigalg.toString().equals("{1 2 840 113549 1 1 5}"))
because there's no handy constant for the OID for the "SHA1/RSA"
signature algorithm (which the above is).
3) I seem to be left entirely on my own when attempting to look at
Extensions:
SEQUENCE extensions = info.getExtensions();
for (int i = 0; i < extensions.size(); i++) {
Extension ext = (Extension)extensions.elementAt(i);
String extId = ext.getExtnId();
OCTET_STRING value = ext.getExtnValue();
}
What am I supposed to do with that OCTET_STRING? Do manual ASN.1
decoding on it according to my supposed knowledge of the internals of
this particular Extension?
Can anyone give me some guidance?
Thanks :-)
Gerv
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
