I've been feeling my way around the JSS API. The "Using JSS" document, the FAQ and the test code are (just) enough to get going. But I've come across several points where the API seems really low-level. I was wondering if I've missed something?
I can go through the following long chain to find out about a cert, knowing the nickname: CryptoManager.initialize(dbdir); CryptoManager cm = CryptoManager.getInstance(); X509Certificate cert = cm.findCertByNickname(nickname); Certificate cert = (Certificate)ASN1Util.decode(Certificate.getTemplate(), x509Cert.getEncoded()); CertificateInfo info = cert.getInfo(); (Phew!) 1) Then, I can get the Subject with: Name subject = info.getSubject(); This Name class seems to have ways of adding each of the individual components of the Name (O, OU, CN etc.) but not ways of getting them individually as Strings. Have I missed something? http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/pkix/primitive/Name.html 2) There don't seem to be any useful constants for the obvious values for some of the calls. So I can call: OBJECT_IDENTIFIER sigalg = info.getSignatureAlgId().getOID(); but I then have to compare it like this: if (!sigalg.toString().equals("{1 2 840 113549 1 1 5}")) because there's no handy constant for the OID for the "SHA1/RSA" signature algorithm (which the above is). 3) I seem to be left entirely on my own when attempting to look at Extensions: SEQUENCE extensions = info.getExtensions(); for (int i = 0; i < extensions.size(); i++) { Extension ext = (Extension)extensions.elementAt(i); String extId = ext.getExtnId(); OCTET_STRING value = ext.getExtnValue(); } What am I supposed to do with that OCTET_STRING? Do manual ASN.1 decoding on it according to my supposed knowledge of the internals of this particular Extension? Can anyone give me some guidance? Thanks :-) Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto