David Stutzman wrote:
Glen Beasley wrote:
you can code the same pretty print functionality but there is no
existing function that
duplicates certutil -l -n.
You can start with
http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/ListCerts.java
Which currently outputs:
java -cp ./jss4.jar org.mozilla.jss.tests.ListCerts . Client_RSA
main: jss library loaded
1 certs found with this nickname.
Subject: CN=ClientCert,OU=JSS Testing100,O=Mozilla,C=US
Signature oid {1 2 840 113549 1 1 11}
Convert to JDK cert
Subject CN=ClientCert, OU=JSS Testing100, O=Mozilla, C=US
Signature oid SHA256withRSA
no NON Critical Extensions
no Critical Extensions
END
Yeah, I was looking more like the NSS output or very similar to what
I'm currently using which is functionality that Dogtag CA uses (part
of their "security_deprecated" sdk...JSS is the "security" toolkit).
I'm just looking to drop a jar (nsutil) for that one thing I need and
it's probably something other people would like.
The class I'm using is
https://pki.fedoraproject.org/svn/pki/trunk/pki/base/util/src/netscape/security/util/CertPrettyPrint.java
and I need to convert my jss/java cert to a
https://pki.fedoraproject.org/svn/pki/trunk/pki/base/util/src/netscape/security/x509/X509CertImpl.java
to pass in to that thing. Since the Dogtag code is GPL...what are the
(legal) ramifications of attempting to port that functionality over
for JSS?
My belief is if there was a well written patch that did this clean up,
both the JSS and Dogtag teams would welcome it. So, if you desire
CertPrintPrint.java functionality to belong to JSS you can open a bug on
JSS and either attempt a patch or hopefully a JSS developer may have
some cycles to do it.
http://pki.fedoraproject.org/wiki/PKI_TechNote_Jar_files
nsutil.jar - "this jar file provides the basic ASN.1/DER encoding and
decoding functions for all X.509 objects such as keys, certificates,
certificate extensions. It is one of the two ASN.1 implementation in the
PKI server. The other one is JSS. The server currently is using a both
implementation. The long term plan is to migrate everything to JSS"
-glen
I guess it would be an interesting side project. I haven't really
looked at it to see how hard it would be but I imagine JSS can already
ASN.1 decode all the pieces, it's just a question of formatting it and
tossing out a String.
Dave
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
