Replace InternalCertificate with PK11Cert

base/common/src/main/java/com/netscape/certsrv/client/PKICertificateApprovalCallback.java

@@ -28,7 +28,6 @@
 import java.util.HashSet;
 
 import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.InternalCertificate;
 import org.mozilla.jss.crypto.X509Certificate;
 import org.mozilla.jss.pkcs11.PK11Cert;
 import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
@@ -146,7 +145,7 @@ public boolean handleUntrustedIssuer(X509Certificate serverCert) {
             manager.importCertToPerm(serverCert, nickname);
 
             logger.info("Trusting certificate");
-            InternalCertificate internalCert = (InternalCertificate) serverCert;
+            PK11Cert internalCert = (PK11Cert) serverCert;
             internalCert.setSSLTrust(PK11Cert.TRUSTED_PEER);
 
             return true;

base/common/src/main/java/com/netscape/cmsutil/crypto/CryptoUtil.java

@@ -92,7 +92,6 @@
 import org.mozilla.jss.crypto.HMACAlgorithm;
 import org.mozilla.jss.crypto.IVParameterSpec;
 import org.mozilla.jss.crypto.IllegalBlockSizeException;
-import org.mozilla.jss.crypto.InternalCertificate;
 import org.mozilla.jss.crypto.InvalidKeyFormatException;
 import org.mozilla.jss.crypto.KeyGenAlgorithm;
 import org.mozilla.jss.crypto.KeyGenerator;
@@ -1503,7 +1502,7 @@ public static org.mozilla.jss.netscape.security.x509.Extension getExtensionFromC
         return extn;
     }
 
-    public static void unTrustCert(InternalCertificate cert) {
+    public static void unTrustCert(PK11Cert cert) {
         // remove TRUSTED_CA
         int flag = cert.getSSLTrust();
 
@@ -1524,14 +1523,14 @@ public static void trustCertByNickname(String nickname)
             return;
         }
         for (int i = 0; i < certs.length; i++) {
-            trustCert((InternalCertificate) certs[i]);
+            trustCert((PK11Cert) certs[i]);
         }
     }
 
     /**
      * Trusts a certificate.
      */
-    public static void trustCert(InternalCertificate cert) {
+    public static void trustCert(PK11Cert cert) {
         int flag = PK11Cert.VALID_CA | PK11Cert.TRUSTED_CA
                 | PK11Cert.USER
                 | PK11Cert.TRUSTED_CLIENT_CA;
@@ -1547,7 +1546,7 @@ public static void setTrustFlags(X509Certificate cert, String trustFlags) throws
         if (flags.length < 3)
             throw new Exception("Invalid trust flags: " + trustFlags);
 
-        InternalCertificate internalCert = (InternalCertificate) cert;
+        PK11Cert internalCert = (PK11Cert) cert;
         internalCert.setSSLTrust(PK11Cert.decodeTrustFlags(flags[0]));
         internalCert.setEmailTrust(PK11Cert.decodeTrustFlags(flags[1]));
         internalCert.setObjectSigningTrust(PK11Cert.decodeTrustFlags(flags[2]));
@@ -1556,7 +1555,7 @@ public static void setTrustFlags(X509Certificate cert, String trustFlags) throws
     public static void trustCACert(X509Certificate cert) {
 
         // set trust flags to CT,C,C
-        InternalCertificate ic = (InternalCertificate) cert;
+        PK11Cert ic = (PK11Cert) cert;
 
         ic.setSSLTrust(PK11Cert.TRUSTED_CA
                 | PK11Cert.TRUSTED_CLIENT_CA
@@ -1572,7 +1571,7 @@ public static void trustCACert(X509Certificate cert) {
     public static void trustAuditSigningCert(X509Certificate cert) {
 
         // set trust flags to u,u,Pu
-        InternalCertificate ic = (InternalCertificate) cert;
+        PK11Cert ic = (PK11Cert) cert;
 
         ic.setSSLTrust(PK11Cert.USER);
 
@@ -1587,7 +1586,7 @@ public static void trustAuditSigningCert(X509Certificate cert) {
      * To certificate server point of view, SSL trust is
      * what we referring.
      */
-    public static boolean isCertTrusted(InternalCertificate cert) {
+    public static boolean isCertTrusted(PK11Cert cert) {
         return isTrust(cert.getSSLTrust())
                 && isTrust(cert.getObjectSigningTrust())
                 && isTrust(cert.getEmailTrust());

base/console/src/main/java/com/netscape/admin/certsrv/connection/JSSConnection.java

@@ -39,7 +39,6 @@
 
 import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.InternalCertificate;
 import org.mozilla.jss.pkcs11.PK11Cert;
 import org.mozilla.jss.ssl.SSLAlertDescription;
 import org.mozilla.jss.ssl.SSLAlertEvent;
@@ -252,7 +251,7 @@ public boolean approve(org.mozilla.jss.crypto.X509Certificate serverCert,
                         mCertAccepted = false;
                         return false;
                     }
-			        InternalCertificate internalCert =
+                    PK11Cert internalCert = (PK11Cert)
                       cryptoManager.importCertToPerm(serverCert,
                       (nickname==null)?serverCert.getSubjectDN().toString():nickname);
 			        internalCert.setSSLTrust(

base/console/src/main/java/com/netscape/management/client/comm/HttpsChannel.java

@@ -33,14 +33,14 @@
 import com.netscape.management.nmclf.SuiPasswordField;
 import com.netscape.management.client.preferences.Preferences;
 
+import org.mozilla.jss.pkcs11.PK11Cert;
 import org.mozilla.jss.ssl.SSLSocket;
 import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
 import org.mozilla.jss.ssl.SSLClientCertificateSelectionCallback;
 import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.util.PasswordCallback;
 import org.mozilla.jss.util.PasswordCallbackInfo;
 import org.mozilla.jss.util.Password;
-import org.mozilla.jss.crypto.InternalCertificate;
 
 import javax.swing.JFrame;
 import javax.swing.SwingUtilities;
@@ -211,11 +211,11 @@ public void run () {
                     try {
                         Debug.println("install cert");
                         String nickname = serverCert.getNickname();
-                        //serverCert.setSSLTrust(org.mozilla.jss.crypto.InternalCertificate.TRUSTED_PEER);
+                        //serverCert.setSSLTrust(PK11Cert.TRUSTED_PEER);
                         Debug.println("nickname: "+nickname);
                         Debug.println("dn:       "+serverCert.getSubjectDN().toString());
-                        InternalCertificate internalCert = cryptoManager.importCertToPerm(serverCert, (nickname==null)?serverCert.getSubjectDN().toString():nickname);
-                        internalCert.setSSLTrust(org.mozilla.jss.crypto.InternalCertificate.TRUSTED_PEER | org.mozilla.jss.crypto.InternalCertificate.VALID_PEER);
+                        PK11Cert internalCert = (PK11Cert) cryptoManager.importCertToPerm(serverCert, (nickname==null)?serverCert.getSubjectDN().toString():nickname);
+                        internalCert.setSSLTrust(PK11Cert.TRUSTED_PEER | PK11Cert.VALID_PEER);
                     }catch (Exception e) {
                         //unable to save cert
                         //e.printStackTrace();

base/server/src/main/java/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java

@@ -33,7 +33,6 @@
 
 import org.dogtagpki.util.cert.CertUtil;
 import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.InternalCertificate;
 import org.mozilla.jss.netscape.security.pkcs.PKCS7;
 import org.mozilla.jss.netscape.security.util.Cert;
 import org.mozilla.jss.netscape.security.util.CertPrettyPrint;
@@ -978,7 +977,7 @@ private synchronized void addUserCert(HttpServletRequest req,
                             logger.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NON_NULL"));
                         }
 
-                        if (leafCert instanceof InternalCertificate ic) {
+                        if (leafCert instanceof PK11Cert ic) {
                             ic.setSSLTrust(
                                     PK11Cert.VALID_CA |
                                     PK11Cert.TRUSTED_CA |

base/server/src/main/java/com/netscape/cmscore/security/JssSubsystem.java

@@ -59,7 +59,6 @@
 import org.mozilla.jss.crypto.AlreadyInitializedException;
 import org.mozilla.jss.crypto.CryptoStore;
 import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.InternalCertificate;
 import org.mozilla.jss.crypto.KeyPairAlgorithm;
 import org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage;
 import org.mozilla.jss.crypto.NoSuchItemOnTokenException;
@@ -1380,7 +1379,7 @@ public NameValuePairs getCACerts() throws EBaseException {
             X509Certificate[] value = mNicknameMapCertsTable.get(nickname);
 
             for (int i = 0; i < value.length; i++) {
-                if (!(value[i] instanceof InternalCertificate icert)) {
+                if (!(value[i] instanceof PK11Cert icert)) {
                     logger.trace("cert is not an InternalCertificate");
                     logger.trace("nickname: " + nickname + "  index " + i);
                     logger.trace("cert: " + value[i]);
@@ -1435,7 +1434,7 @@ public void trustCert(String nickname, String date, String trust) throws
                 Date qualifier = mFormatter.parse(date);
 
                 if (notAfter.equals(qualifier)) {
-                    if (cert instanceof InternalCertificate internalCertificate) {
+                    if (cert instanceof PK11Cert internalCertificate) {
                         if (trust.equals("Trust")) {
                             int trustflag = PK11Cert.TRUSTED_CA |
                                     PK11Cert.TRUSTED_CLIENT_CA |
@@ -1666,7 +1665,7 @@ public void setRootCertTrust(String nickname, String serialno,
             String issuerName, String trust) throws EBaseException {
 
         X509Certificate cert = getCertificate(nickname, serialno, issuerName);
-        if (cert instanceof InternalCertificate internalCertificate) {
+        if (cert instanceof PK11Cert internalCertificate) {
             if (trust.equals("trust")) {
                 int trustflag = PK11Cert.TRUSTED_CA |
                         PK11Cert.TRUSTED_CLIENT_CA |
@@ -1745,7 +1744,7 @@ public String getRootCertTrustBit(String nickname, String serialno,
             }
 
             String trust = "U";
-            if (certs[i] instanceof InternalCertificate icert) {
+            if (certs[i] instanceof PK11Cert icert) {
                 int flag = icert.getSSLTrust();
                 if ((PK11Cert.TRUSTED_CLIENT_CA & flag) == PK11Cert.TRUSTED_CLIENT_CA)
                     trust = "T";

base/server/src/main/java/com/netscape/cmscore/security/KeyCertUtil.java

@@ -50,7 +50,6 @@
 import org.mozilla.jss.asn1.BIT_STRING;
 import org.mozilla.jss.asn1.SEQUENCE;
 import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.InternalCertificate;
 import org.mozilla.jss.crypto.KeyPairAlgorithm;
 import org.mozilla.jss.crypto.KeyPairGenerator;
 import org.mozilla.jss.crypto.NoSuchItemOnTokenException;
@@ -569,8 +568,8 @@ public static PKCS10 getCertRequest(String subjectName, KeyPair
         byte b[] = b64E.getBytes();
         X509Certificate cert = getInternalCertificate(b, nickname, certType);
 
-        if (cert instanceof InternalCertificate) {
-            setTrust(certType, (InternalCertificate) cert);
+        if (cert instanceof PK11Cert) {
+            setTrust(certType, (PK11Cert) cert);
         }
         return cert;
     }
@@ -583,8 +582,8 @@ public static PKCS10 getCertRequest(String subjectName, KeyPair
 
         X509Certificate cert = getInternalCertificate(b, nickname, certType);
 
-        if (cert instanceof InternalCertificate) {
-            setTrust(certType, (InternalCertificate) cert);
+        if (cert instanceof PK11Cert) {
+            setTrust(certType, (PK11Cert) cert);
         }
         return cert;
     }
@@ -620,7 +619,7 @@ public static X509Certificate getInternalCertificate(byte[] b, String nickname,
         return cert;
     }
 
-    public static void setTrust(String certType, InternalCertificate inCert) {
+    public static void setTrust(String certType, PK11Cert inCert) {
         if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
             int flag = PK11Cert.VALID_CA |
                     PK11Cert.TRUSTED_CA |

base/server/src/main/java/org/dogtagpki/server/rest/base/UserServletBase.java

@@ -22,7 +22,6 @@
 import org.dogtagpki.server.rest.v2.PKIServlet;
 import org.dogtagpki.util.cert.CertUtil;
 import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.InternalCertificate;
 import org.mozilla.jss.netscape.security.pkcs.PKCS7;
 import org.mozilla.jss.netscape.security.util.Cert;
 import org.mozilla.jss.netscape.security.util.CertPrettyPrint;
@@ -733,7 +732,7 @@ public UserCertData addUserCert(String userID, UserCertData userCertData, Locale
                             logger.debug("UserServletBase: {}", CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NON_NULL"));
                         }
 
-                        if (leafCert instanceof InternalCertificate internalCert) {
+                        if (leafCert instanceof PK11Cert internalCert) {
                             internalCert.setSSLTrust(
                                     PK11Cert.VALID_CA |
                                     PK11Cert.TRUSTED_CA |

base/server/src/main/java/org/dogtagpki/server/rest/v1/UserService.java

@@ -37,7 +37,6 @@
 import org.apache.commons.lang3.StringUtils;
 import org.dogtagpki.util.cert.CertUtil;
 import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.InternalCertificate;
 import org.mozilla.jss.netscape.security.pkcs.PKCS7;
 import org.mozilla.jss.netscape.security.util.Cert;
 import org.mozilla.jss.netscape.security.util.CertPrettyPrint;
@@ -826,8 +825,8 @@ public Response addUserCert(String userID, UserCertData userCertData) {
                             logger.debug("UserService: " + CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NON_NULL"));
                         }
 
-                        if (leafCert instanceof InternalCertificate) {
-                            ((InternalCertificate) leafCert).setSSLTrust(
+                        if (leafCert instanceof PK11Cert) {
+                            ((PK11Cert) leafCert).setSSLTrust(
                                     PK11Cert.VALID_CA |
                                     PK11Cert.TRUSTED_CA |
                                     PK11Cert.TRUSTED_CLIENT_CA);

base/server/src/main/resources/LogMessages.properties

@@ -1494,7 +1494,7 @@ ADMIN_SRVLT_CHAIN_STORED_DB=user certificate from certificate chain is stored in
 ADMIN_SRVLT_CERT_IN_CHAIN=certificate in certificate chain: {0} : {1}
 ADMIN_SRVLT_LEAF_CERT_NULL=importCACertPackage returns leaf certificate null
 ADMIN_SRVLT_LEAF_CERT_NON_NULL=got non-null leafCert
-ADMIN_SRVLT_NOT_INTERNAL_CERT=certificate not an instance of InternalCertificate: {0}
+ADMIN_SRVLT_NOT_INTERNAL_CERT=certificate not an instance of PK11Cert: {0}
 ADMIN_SRVLT_PKS7_IGNORED=PKCS #7?  {0} ignored
 ADMIN_SRVLT_BEFORE_VALIDITY=addUserCert(): before checkValidity()
 ADMIN_SRVLT_ADD_CERT_EXPIRED=addUserCert(): certificate expired: {0}.

tests/dogtag/shared/java/common/ComCrypto.java

@@ -35,7 +35,6 @@
 import org.dogtag.util.cert.CertUtil;
 import org.mozilla.jss.*;
 import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.InternalCertificate;
 import org.mozilla.jss.util.*;
 import org.mozilla.jss.ssl.*;
 import org.mozilla.jss.crypto.*;
@@ -233,7 +232,7 @@ public boolean importCert(X509Certificate xcert, String nickname) {
             System.out.println(
                     "importCert x509 : importing with nickname: " + nickname);
 
-            InternalCertificate cert2 = manager.importCertToPerm(xcert, nickname);
+            PK11Cert cert2 = (PK11Cert) manager.importCertToPerm(xcert, nickname);
 
             cert2.setSSLTrust(2);
             return true;
@@ -283,8 +282,7 @@ public boolean importCert(String cpack, String cn) {
                 if  (ca_certs[i].getSubjectDN().toString().equals(
                     cert.getIssuerDN().toString())) {
                     // set the trust bits
-                    InternalCertificate icert =
-                        (InternalCertificate) ca_certs[i];
+                    PK11Cert icert = (PK11Cert) ca_certs[i];
                     icert.setSSLTrust(PK11Cert.TRUSTED_CA
                           | PK11Cert.TRUSTED_CLIENT_CA
                           | PK11Cert.VALID_CA);
@@ -321,7 +319,7 @@ public boolean importCACert(String cpack) {
 
             X509Certificate cert = manager.importCACertPackage(tmp.getBytes());
             // adjust the trust bits
-            InternalCertificate icert = (InternalCertificate) cert;
+            PK11Cert icert = (PK11Cert) cert;
             icert.setSSLTrust(PK11Cert.TRUSTED_CA
                           | PK11Cert.TRUSTED_CLIENT_CA
                           | PK11Cert.VALID_CA);