Add PK11Store.findCert()

The PK11Store.findCert() has been added to find a cert in NSS token from its binary data.
dogtagpki · Aug 2, 2024 · 4ddfa3a · 4ddfa3a
1 parent 0feecc4
commit 4ddfa3a
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 0 deletions.
diff --git a/base/src/main/java/org/mozilla/jss/crypto/CryptoStore.java b/base/src/main/java/org/mozilla/jss/crypto/CryptoStore.java
@@ -165,6 +165,15 @@ public void importEncryptedPrivateKeyInfo(
      */
     public X509Certificate[] getCertificates() throws TokenException;
 
+    /**
+     * Find a certificate in this token from its binary data.
+     *
+     * @param certBytes Certificate binaries
+     * @return X509Certificate object
+     * @throws TokenException
+     */
+    public X509Certificate findCert(byte[] certBytes) throws TokenException;
+
     /**
      * Imports a certificate into this token.
      *

diff --git a/base/src/main/java/org/mozilla/jss/pkcs11/PK11Store.java b/base/src/main/java/org/mozilla/jss/pkcs11/PK11Store.java
@@ -4,6 +4,7 @@
 
 package org.mozilla.jss.pkcs11;
 
+import java.io.ByteArrayInputStream;
 import java.math.BigInteger;
 import java.security.PublicKey;
 import java.security.interfaces.RSAKey;
@@ -14,6 +15,8 @@
 
 import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.NotInitializedException;
+import org.mozilla.jss.asn1.ASN1Util;
+import org.mozilla.jss.asn1.INTEGER;
 import org.mozilla.jss.crypto.Algorithm;
 import org.mozilla.jss.crypto.CryptoStore;
 import org.mozilla.jss.crypto.KeyAlreadyImportedException;
@@ -25,6 +28,9 @@
 import org.mozilla.jss.crypto.SymmetricKey;
 import org.mozilla.jss.crypto.TokenException;
 import org.mozilla.jss.crypto.X509Certificate;
+import org.mozilla.jss.pkix.cert.Certificate;
+import org.mozilla.jss.pkix.cert.CertificateInfo;
+import org.mozilla.jss.pkix.primitive.Name;
 import org.mozilla.jss.util.Password;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -194,6 +200,31 @@ public native void importEncryptedPrivateKeyInfo(
     }
     protected native void putCertsInVector(Vector<X509Certificate> certs) throws TokenException;
 
+    @Override
+    public X509Certificate findCert(byte[] certBytes) throws TokenException {
+
+        try (ByteArrayInputStream is = new ByteArrayInputStream(certBytes)) {
+
+            Certificate pkixCert = (Certificate) Certificate.getTemplate().decode(is);
+            CertificateInfo certInfo = pkixCert.getInfo();
+
+            Name issuer = certInfo.getIssuer();
+            INTEGER serialNumber = certInfo.getSerialNumber();
+
+            // TODO: replace with PK11_FindCertFromDERCert()
+            CryptoManager cm = CryptoManager.getInstance();
+            return cm.findCertByIssuerAndSerialNumber(
+                    ASN1Util.encode(issuer),
+                    serialNumber);
+
+        } catch (ObjectNotFoundException e) {
+            return null;
+
+        } catch (Exception e) {
+            throw new TokenException("Unable to find certificate: " + e.getMessage(), e);
+        }
+    }
+
     @Override
     public native X509Certificate importCert(byte[] certBytes, String nickname)
             throws TokenException;