use of com.iplanet.am.util.JSSPasswordCallback in project OpenAM by OpenRock.
the class JSSInit method initialize.
public static synchronized boolean initialize() {
if (initialized) {
return true;
}
final String method = "JSSInit.initialize";
// JSS, initialize cert db
String certdbDir = SystemPropertiesManager.get("com.iplanet.am.admin.cli.certdb.dir");
if (certdbDir == null) {
certdbDir = defaultDBdir;
}
String certdbPrefix = SystemPropertiesManager.get("com.iplanet.am.admin.cli.certdb.prefix");
if (certdbPrefix == null) {
certdbPrefix = "";
}
// Property to determine if JSS needs to installed with highest priority
// at initialization of JSS. If not, it needs to added explicitly
// at the end
boolean donotInstallJSSProviderAt0 = Boolean.valueOf(SystemPropertiesManager.get("com.sun.identity.jss.donotInstallAtHighestPriority", "false")).booleanValue();
String passfile = SystemPropertiesManager.get("com.iplanet.am.admin.cli.certdb.passfile");
String ocspCheckValue = SystemPropertiesManager.get("com.sun.identity.authentication.ocspCheck");
String fipsMode = SystemPropertiesManager.get("com.sun.identity.security.fipsmode", null);
if (ocspCheckValue != null && ocspCheckValue.trim().length() == 0) {
ocspCheckValue = null;
}
boolean ocspCheck = (ocspCheckValue != null && ocspCheckValue.equalsIgnoreCase("true"));
String responderURL = SystemPropertiesManager.get("com.sun.identity.authentication.ocsp.responder.url");
if (responderURL != null && responderURL.trim().length() == 0) {
responderURL = null;
}
String responderNickName = SystemPropertiesManager.get("com.sun.identity.authentication.ocsp.responder.nickname");
if (responderNickName != null && responderNickName.trim().length() == 0) {
responderNickName = null;
}
if (debug.messageEnabled()) {
debug.message(method + "certdbDir = " + certdbDir);
debug.message(method + "certdbPrefix = " + certdbPrefix);
debug.message(method + "certdbPassfile = " + passfile);
debug.message(method + "responderURL = " + responderURL);
debug.message(method + "responderNickName = " + responderNickName);
debug.message(method + "fipsMode = " + fipsMode);
}
String password = null;
if (passfile != null) {
try {
FileInputStream fis = new FileInputStream(passfile);
InputStreamReader isr = new InputStreamReader(fis);
BufferedReader br = new BufferedReader(isr);
password = br.readLine();
} catch (Exception ex) {
if (debug.messageEnabled()) {
debug.message(method + "Unable to " + "read JSS password file " + passfile);
}
}
}
String keydbPrefix = certdbPrefix;
String moddb = "secmod.db";
try {
cm = CryptoManager.getInstance();
} catch (CryptoManager.NotInitializedException exp) {
try {
CryptoManager.InitializationValues iv = null;
if (certdbPrefix.length() == 0) {
iv = new CryptoManager.InitializationValues(certdbDir);
} else {
iv = new CryptoManager.InitializationValues(certdbDir, certdbPrefix, keydbPrefix, moddb);
}
if (debug.messageEnabled()) {
debug.message(method + "output of Initilization values ");
debug.message(method + "Manufacturer ID: " + iv.getManufacturerID());
debug.message(method + "Library: " + iv.getLibraryDescription());
debug.message(method + "Internal Slot: " + iv.getInternalSlotDescription());
debug.message(method + "Internal Token: " + iv.getInternalTokenDescription());
debug.message(method + "Key Storage Slot: " + iv.getFIPSKeyStorageSlotDescription());
debug.message(method + "Key Storage Token: " + iv.getInternalKeyStorageTokenDescription());
debug.message(method + "FIPS Slot: " + iv.getFIPSSlotDescription());
debug.message(method + "FIPS Key Storage: " + iv.getFIPSKeyStorageSlotDescription());
}
if (fipsMode == null) {
iv.fipsMode = CryptoManager.InitializationValues.FIPSMode.UNCHANGED;
} else if (fipsMode.equalsIgnoreCase("true")) {
iv.fipsMode = CryptoManager.InitializationValues.FIPSMode.ENABLED;
} else if (fipsMode.equalsIgnoreCase("false")) {
iv.fipsMode = CryptoManager.InitializationValues.FIPSMode.DISABLED;
}
iv.removeSunProvider = false;
// if other providers are being used
if (donotInstallJSSProviderAt0) {
iv.installJSSProvider = false;
}
// set open mode of the databases
iv.readOnly = true;
// enable OCSP
iv.ocspCheckingEnabled = ocspCheck;
// responderURL & responderNickname must both present
if (ocspCheck && responderURL != null && responderNickName != null) {
iv.ocspResponderCertNickname = responderNickName;
iv.ocspResponderURL = responderURL;
}
CryptoManager.initialize(iv);
// add it to the list of JCE providers at the end
if (donotInstallJSSProviderAt0) {
Provider provider = null;
try {
provider = (Provider) Class.forName("org.mozilla.jss.JSSProvider").newInstance();
} catch (ClassNotFoundException e) {
provider = (Provider) Class.forName("org.mozilla.jss.provider.Provider").newInstance();
}
Security.addProvider(provider);
}
cm = CryptoManager.getInstance();
if (password != null) {
cm.setPasswordCallback(new JSSPasswordCallback(password));
}
token = cm.getInternalKeyStorageToken();
if (cm.FIPSEnabled()) {
token.login(cm.getPasswordCallback());
}
cm.setThreadToken(token);
if (debug.messageEnabled()) {
if (cm.FIPSEnabled() == true) {
debug.message(method + "FIPS enabled.");
} else {
debug.message(method + "FIPS not enabled.");
}
}
initialized = true;
} catch (KeyDatabaseException kdbe) {
debug.error(method + "Couldn't open the key database.", kdbe);
} catch (CertDatabaseException cdbe) {
debug.error(method + "Couldn't open the certificate database.", cdbe);
} catch (AlreadyInitializedException aie) {
debug.error(method + "CryptoManager already initialized.", aie);
} catch (Exception e) {
debug.error(method + "Exception occurred: ", e);
}
}
return initialized;
}
Aggregations