try {
Provider p;
KeyStore keyStore;
+ FileInputStream fis = null;
if(fileName.endsWith(".pkcs11")) {
String ksType;
p = Factory.getSecurityProvider(ksType="PKCS11",params);
keyStore = KeyStore.getInstance(ksType,p);
} else if(fileName.endsWith(".jks")) {
keyStore = KeyStore.getInstance("JKS");
+ fis = new FileInputStream(f);
} else if(fileName.endsWith(".p12") || fileName.endsWith(".pkcs12")) {
keyStore = KeyStore.getInstance("PKCS12");
+ fis = new FileInputStream(f);
} else {
throw new CertException("Unknown Keystore type from filename " + fileName);
}
- FileInputStream fis = new FileInputStream(f);
KeyStore.ProtectionParameter keyPass;
try {
keyStore.load(fis,ksPass);
} finally {
- fis.close();
+ if (fis != null)
+ fis.close();
+ }
+ Entry entry;
+ if(fileName.endsWith(".pkcs11")) {
+ entry = keyStore.getEntry(params[0][1]/*alias*/, null);
+ } else {
+ entry = keyStore.getEntry(params[0][1]/*alias*/, keyPass);
}
- Entry entry = keyStore.getEntry(params[0][1]/*alias*/, keyPass);
if(entry==null) {
throw new CertException("There is no Keystore entry with name '" + params[0][1] +'\'');
}
--- /dev/null
+#
+# Import the keys and certs to pkcs11 based softhsm
+#
+
+if [ "$#" -ne 3 ]; then
+ echo "Usage: p11.sh <user pin> <so pin> <id>"
+ exit 1
+fi
+
+LIB_PATH=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
+
+mkdir -p p11key p11crt cacerts
+# Conver the keys and certs to DER format
+# key to der
+openssl rsa -in private/ca.key -outform DER -out p11key/cakey.der
+# cert to der
+cp certs/ca.crt cacerts
+DLIST=`ls -d intermediate_*`
+for DIR in $DLIST; do
+ cp $DIR/certs/ca.crt cacerts/$DIR.crt
+done
+for CA in `ls cacerts`; do
+ openssl x509 -in cacerts/$CA -outform DER -out p11crt/$CA
+done
+
+# create token directory
+mkdir /var/lib/softhsm/tokens
+# create slot
+softhsm2-util --init-token --slot 0 --label "ca token" --pin $1 --so-pin $2
+# import key into softhsm
+pkcs11-tool --module $LIB_PATH -l --pin $1 --write-object p11key/cakey.der --type privkey --id $3
+# import certs into softhsm
+for CRT in `ls cacerts`; do
+ pkcs11-tool --module $LIB_PATH -l --pin $1 --write-object p11crt/$CRT --type cert --id $3
+done
+
+rm -r p11key
+rm -r p11crt
+rm -r cacerts