Refactor NSSCertRequestCLI

The code in NSSCertRequestCLI that constructs key usages has been moved into NSSDatabase.
dogtagpki · Feb 11, 2025 · 9f361e7 · 9f361e7
1 parent 4fd502e
commit 9f361e7
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 13 deletions.
diff --git a/base/common/src/main/java/org/dogtagpki/nss/NSSDatabase.java b/base/common/src/main/java/org/dogtagpki/nss/NSSDatabase.java
@@ -1033,12 +1033,14 @@ public KeyPair createECKeyPair(
     public KeyPair createECKeyPair(
             CryptoToken token,
             String curveName,
-            Usage[] usages,
-            Usage[] usagesMask) throws Exception {
+            boolean sslECDH) throws Exception {
 
         logger.debug("NSSDatabase: Creating EC key");
         logger.debug("NSSDatabase: - curve: " + curveName);
 
+        Usage[] usages = null;
+        Usage[] usagesMask = sslECDH ? CryptoUtil.ECDH_USAGES_MASK : CryptoUtil.ECDHE_USAGES_MASK;
+
         return CryptoUtil.generateECCKeyPair(
                 token,
                 curveName,

diff --git a/base/tools/src/main/java/com/netscape/cmstools/nss/NSSCertRequestCLI.java b/base/tools/src/main/java/com/netscape/cmstools/nss/NSSCertRequestCLI.java
@@ -17,7 +17,6 @@
 import org.dogtagpki.nss.NSSExtensionGenerator;
 import org.dogtagpki.util.cert.CertUtil;
 import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage;
 import org.mozilla.jss.netscape.security.pkcs.PKCS10;
 import org.mozilla.jss.netscape.security.x509.Extensions;
 import org.mozilla.jss.netscape.security.x509.X509Key;
@@ -120,25 +119,17 @@ public void execute(CommandLine cmd) throws Exception {
 
         } else if ("RSA".equalsIgnoreCase(keyType)) {
 
-            Usage[] usages = keyWrap ? CryptoUtil.RSA_KEYPAIR_USAGES : null;
-            Usage[] usagesMask = keyWrap ? CryptoUtil.RSA_KEYPAIR_USAGES_MASK : null;
-
             keyPair = nssdb.createRSAKeyPair(
                     token,
                     Integer.parseInt(keySize),
-                    usages,
-                    usagesMask);
+                    keyWrap);
 
         } else if ("EC".equalsIgnoreCase(keyType)) {
 
-            Usage[] usages = null;
-            Usage[] usagesMask = sslECDH ? CryptoUtil.ECDH_USAGES_MASK : CryptoUtil.ECDHE_USAGES_MASK;
-
             keyPair = nssdb.createECKeyPair(
                     token,
                     curve,
-                    usages,
-                    usagesMask);
+                    sslECDH);
 
         } else {
             throw new Exception("Unsupported key type: " + keyType);