import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@Override
public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {
- File fks = new File(dir,arti.getNs()+'.'+kst);
+ File fks = new File(dir,arti.getNs()+'.'+(kst==Agent.PKCS12?"p12":kst));
try {
KeyStore jks = KeyStore.getInstance(kst);
if(fks.exists()) {
// find where the trusts end in 1.0 API
X509Certificate x509;
- List<X509Certificate> chainList = new ArrayList<X509Certificate>();
- Set<X509Certificate> caSet = new HashSet<X509Certificate>();
+ List<X509Certificate> chainList = new ArrayList<>();
+ Set<X509Certificate> caSet = new HashSet<>();
for(Certificate c : certColl) {
x509 = (X509Certificate)c;
// Is a Root (self-signed, anyway)
PrivateKey pk = Factory.toPrivateKey(trans, certInfo.getPrivatekey());
addEncProperty(Config.CADI_KEY_PASSWORD, keyPass);
addProperty(Config.CADI_ALIAS, arti.getMechid());
-// Set<Attribute> attribs = new HashSet<Attribute>();
+// Set<Attribute> attribs = new HashSet<>();
// if(kst.equals("pkcs12")) {
// // Friendly Name
// attribs.add(new PKCS12Attribute("1.2.840.113549.1.9.20", arti.getNs()));
write(fks,Chmod.to400,jks,keystorePassArray);
// Change out to TrustStore
- fks = new File(dir,arti.getNs()+".trust."+kst);
+ // NOTE: PKCS12 does NOT support Trusted Entries. Put in JKS Always
+ fks = new File(dir,arti.getNs()+".trust.jks");
if(fks.exists()) {
File backup = File.createTempFile(fks.getName()+'.', ".backup",dir);
fks.renameTo(backup);
}
- jks = KeyStore.getInstance(kst);
+ jks = KeyStore.getInstance(Agent.JKS);
// Set Truststore Password
addProperty(Config.CADI_TRUSTSTORE,fks.getAbsolutePath());
Code Review / aaf / authz.git / blobdiff