Glen Beasley wrote:
you can code the same pretty print functionality but there is no
existing function that
duplicates certutil -l -n.
You can start with
http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/ListCerts.java
Which currently outputs:
java -cp ./jss4.jar org.mozilla.jss.tests.ListCerts . Client_RSA
main: jss library loaded
1 certs found with this nickname.
Subject: CN=ClientCert,OU=JSS Testing100,O=Mozilla,C=US
Signature oid {1 2 840 113549 1 1 11}
Convert to JDK cert
Subject CN=ClientCert, OU=JSS Testing100, O=Mozilla, C=US
Signature oid SHA256withRSA
no NON Critical Extensions
no Critical Extensions
END
Yeah, I was looking more like the NSS output or very similar to what I'm
currently using which is functionality that Dogtag CA uses (part of
their "security_deprecated" sdk...JSS is the "security" toolkit). I'm
just looking to drop a jar (nsutil) for that one thing I need and it's
probably something other people would like.
The class I'm using is
https://pki.fedoraproject.org/svn/pki/trunk/pki/base/util/src/netscape/security/util/CertPrettyPrint.java
and I need to convert my jss/java cert to a
https://pki.fedoraproject.org/svn/pki/trunk/pki/base/util/src/netscape/security/x509/X509CertImpl.java
to pass in to that thing. Since the Dogtag code is GPL...what are the
(legal) ramifications of attempting to port that functionality over for
JSS? I guess it would be an interesting side project. I haven't really
looked at it to see how hard it would be but I imagine JSS can already
ASN.1 decode all the pieces, it's just a question of formatting it and
tossing out a String.
Dave
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
