problem p12 adding CrlBag with Java

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

problem p12 adding CrlBag with Java

Gsealy
I want to add crlbag into p12 file, but openssl and keytool can't read the P7 data in command。I don't know if I have successfully added the p12 file.
there is my some code in test class:
    // when I add BC provider in getInstance, it will print extra in data OID(CrlBag's)
    KeyStore store = KeyStore.getInstance("PKCS12");
    // initialize keystore with pfx
    store.load(new ByteArrayInputStream(pfx.toASN1Structure().getEncoded()), passwd);
    store.setKeyEntry("Eric's Key", privKey, passwd, chain);
    FileOutputStream fout = new FileOutputStream(certPath);
    store.store(fout, passwd);
    fout.close();

    // add CRL Bag
    /* CrlBag() is raed a crl file from disk*/
    X509CRL crl = CrlBag();
    X509CRLHolder acrl = new X509CRLHolder(crl.getEncoded());
    PKCS12SafeBagBuilder crlBagBuilder = new PKCS12SafeBagBuilder(acrl.toASN1Structure());
    // construct the actual key store
    PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder();
    pfxPduBuilder.addData(crlBagBuilder.build());

Some code I was copy from the PfxPduTest.java.
How can I add the CRLBag or other Bag type in PKCS12 to p12?
                                                                   Thanks,
                                                                   Gsealy         


Reply | Threaded
Open this post in threaded view
|

Re: problem p12 adding CrlBag with Java

David Hook-3

There's no way to pick this up via the KeyStore API, the only way to check for this is to write some corresponding code to do the task using
the PKIX API for PKCS#12 that used to create the file. To be honest I'm not really sure how either the KeyStore or the openssl command will
behave if it finds a CrlBag in a PKCS#12 file.

Regards,

David

On 12/01/18 14:07, J Gsealy wrote:
I want to add crlbag into p12 file, but openssl and keytool can't read the P7 data in command。I don't know if I have successfully added the p12 file.
there is my some code in test class:
    // when I add BC provider in getInstance, it will print extra in data OID(CrlBag's)
    KeyStore store = KeyStore.getInstance("PKCS12");
    // initialize keystore with pfx
    store.load(new ByteArrayInputStream(pfx.toASN1Structure().getEncoded()), passwd);
    store.setKeyEntry("Eric's Key", privKey, passwd, chain);
    FileOutputStream fout = new FileOutputStream(certPath);
    store.store(fout, passwd);
    fout.close();

    // add CRL Bag
    /* CrlBag() is raed a crl file from disk*/
    X509CRL crl = CrlBag();
    X509CRLHolder acrl = new X509CRLHolder(crl.getEncoded());
    PKCS12SafeBagBuilder crlBagBuilder = new PKCS12SafeBagBuilder(acrl.toASN1Structure());
    // construct the actual key store
    PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder();
    pfxPduBuilder.addData(crlBagBuilder.build());

Some code I was copy from the PfxPduTest.java.
How can I add the CRLBag or other Bag type in PKCS12 to p12?
                                                                   Thanks,
                                                                   Gsealy         



Reply | Threaded
Open this post in threaded view
|

Re: problem p12 adding CrlBag with Java

David Hook-3

Not using the KeyStore API. The bcpkix API will allow you to do it though.

Regards,

David

On 16/01/18 19:43, J Gsealy wrote:
That means I can't use java make a p12 file with other Bags(CrlBag, SecretBag, SafecontentBag)?

Thanks,
Gsealy


 
Date: 2018-01-13 09:40
Subject: Re: [dev-crypto] problem p12 adding CrlBag with Java

There's no way to pick this up via the KeyStore API, the only way to check for this is to write some corresponding code to do the task using
the PKIX API for PKCS#12 that used to create the file. To be honest I'm not really sure how either the KeyStore or the openssl command will
behave if it finds a CrlBag in a PKCS#12 file.

Regards,

David

On 12/01/18 14:07, J Gsealy wrote:
I want to add crlbag into p12 file, but openssl and keytool can't read the P7 data in command。I don't know if I have successfully added the p12 file.
there is my some code in test class:
    // when I add BC provider in getInstance, it will print extra in data OID(CrlBag's)
    KeyStore store = KeyStore.getInstance("PKCS12");
    // initialize keystore with pfx
    store.load(new ByteArrayInputStream(pfx.toASN1Structure().getEncoded()), passwd);
    store.setKeyEntry("Eric's Key", privKey, passwd, chain);
    FileOutputStream fout = new FileOutputStream(certPath);
    store.store(fout, passwd);
    fout.close();

    // add CRL Bag
    /* CrlBag() is raed a crl file from disk*/
    X509CRL crl = CrlBag();
    X509CRLHolder acrl = new X509CRLHolder(crl.getEncoded());
    PKCS12SafeBagBuilder crlBagBuilder = new PKCS12SafeBagBuilder(acrl.toASN1Structure());
    // construct the actual key store
    PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder();
    pfxPduBuilder.addData(crlBagBuilder.build());

Some code I was copy from the PfxPduTest.java.
How can I add the CRLBag or other Bag type in PKCS12 to p12?
                                                                   Thanks,
                                                                   Gsealy