Skip to content

Commit

Permalink
Revert PK11Store.findCert()
Browse files Browse the repository at this point in the history 
The PK11Store.findCert() has been modified to use
CryptoManager.findCertByIssuerAndSerialNumber() since
the findCertFromDERCertItem() seems to have issues in
some cases.
  • Loading branch information
@edewata
edewata committed Aug 6, 2024
1 parent 21bc2c8 commit 961c22b
Showing 1 changed file with 28 additions and 1 deletion.
29 changes: 28 additions & 1 deletion base/src/main/java/org/mozilla/jss/pkcs11/PK11Store.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

package org.mozilla.jss.pkcs11;

import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.interfaces.RSAKey;
Expand All @@ -14,6 +15,8 @@

import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.NotInitializedException;
import org.mozilla.jss.asn1.ASN1Util;
import org.mozilla.jss.asn1.INTEGER;
import org.mozilla.jss.crypto.Algorithm;
import org.mozilla.jss.crypto.CryptoStore;
import org.mozilla.jss.crypto.KeyAlreadyImportedException;
Expand All @@ -25,6 +28,9 @@
import org.mozilla.jss.crypto.SymmetricKey;
import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.crypto.X509Certificate;
import org.mozilla.jss.pkix.cert.Certificate;
import org.mozilla.jss.pkix.cert.CertificateInfo;
import org.mozilla.jss.pkix.primitive.Name;
import org.mozilla.jss.util.Password;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
Expand Down Expand Up @@ -196,7 +202,28 @@ public native void importEncryptedPrivateKeyInfo(

@Override
public X509Certificate findCert(byte[] certBytes) throws TokenException {
return findCertFromDERCertItem(certBytes);

// TODO: replace with findCertFromDERCertItem(certBytes);

try (ByteArrayInputStream is = new ByteArrayInputStream(certBytes)) {

Certificate pkixCert = (Certificate) Certificate.getTemplate().decode(is);
CertificateInfo certInfo = pkixCert.getInfo();

Name issuer = certInfo.getIssuer();
INTEGER serialNumber = certInfo.getSerialNumber();

CryptoManager cm = CryptoManager.getInstance();
return cm.findCertByIssuerAndSerialNumber(
ASN1Util.encode(issuer),
serialNumber);

} catch (ObjectNotFoundException e) {
return null;

} catch (Exception e) {
throw new TokenException("Unable to find certificate: " + e.getMessage(), e);
}
}

public native X509Certificate findCertFromDERCertItem(byte[] certBytes)
Expand Down

0 comments on commit 961c22b

Please sign in to comment.