Search in sources :

Example 1 with JSSPasswordCallback

use of com.iplanet.am.util.JSSPasswordCallback in project OpenAM by OpenRock.

the class JSSInit method initialize.

public static synchronized boolean initialize() {
    if (initialized) {
        return true;
    }
    final String method = "JSSInit.initialize";
    // JSS, initialize cert db
    String certdbDir = SystemPropertiesManager.get("com.iplanet.am.admin.cli.certdb.dir");
    if (certdbDir == null) {
        certdbDir = defaultDBdir;
    }
    String certdbPrefix = SystemPropertiesManager.get("com.iplanet.am.admin.cli.certdb.prefix");
    if (certdbPrefix == null) {
        certdbPrefix = "";
    }
    // Property to determine if JSS needs to installed with highest priority
    // at initialization of JSS. If not, it needs to added explicitly
    // at the end
    boolean donotInstallJSSProviderAt0 = Boolean.valueOf(SystemPropertiesManager.get("com.sun.identity.jss.donotInstallAtHighestPriority", "false")).booleanValue();
    String passfile = SystemPropertiesManager.get("com.iplanet.am.admin.cli.certdb.passfile");
    String ocspCheckValue = SystemPropertiesManager.get("com.sun.identity.authentication.ocspCheck");
    String fipsMode = SystemPropertiesManager.get("com.sun.identity.security.fipsmode", null);
    if (ocspCheckValue != null && ocspCheckValue.trim().length() == 0) {
        ocspCheckValue = null;
    }
    boolean ocspCheck = (ocspCheckValue != null && ocspCheckValue.equalsIgnoreCase("true"));
    String responderURL = SystemPropertiesManager.get("com.sun.identity.authentication.ocsp.responder.url");
    if (responderURL != null && responderURL.trim().length() == 0) {
        responderURL = null;
    }
    String responderNickName = SystemPropertiesManager.get("com.sun.identity.authentication.ocsp.responder.nickname");
    if (responderNickName != null && responderNickName.trim().length() == 0) {
        responderNickName = null;
    }
    if (debug.messageEnabled()) {
        debug.message(method + "certdbDir = " + certdbDir);
        debug.message(method + "certdbPrefix = " + certdbPrefix);
        debug.message(method + "certdbPassfile = " + passfile);
        debug.message(method + "responderURL = " + responderURL);
        debug.message(method + "responderNickName = " + responderNickName);
        debug.message(method + "fipsMode = " + fipsMode);
    }
    String password = null;
    if (passfile != null) {
        try {
            FileInputStream fis = new FileInputStream(passfile);
            InputStreamReader isr = new InputStreamReader(fis);
            BufferedReader br = new BufferedReader(isr);
            password = br.readLine();
        } catch (Exception ex) {
            if (debug.messageEnabled()) {
                debug.message(method + "Unable to " + "read JSS password file " + passfile);
            }
        }
    }
    String keydbPrefix = certdbPrefix;
    String moddb = "secmod.db";
    try {
        cm = CryptoManager.getInstance();
    } catch (CryptoManager.NotInitializedException exp) {
        try {
            CryptoManager.InitializationValues iv = null;
            if (certdbPrefix.length() == 0) {
                iv = new CryptoManager.InitializationValues(certdbDir);
            } else {
                iv = new CryptoManager.InitializationValues(certdbDir, certdbPrefix, keydbPrefix, moddb);
            }
            if (debug.messageEnabled()) {
                debug.message(method + "output of Initilization values ");
                debug.message(method + "Manufacturer ID: " + iv.getManufacturerID());
                debug.message(method + "Library: " + iv.getLibraryDescription());
                debug.message(method + "Internal Slot: " + iv.getInternalSlotDescription());
                debug.message(method + "Internal Token: " + iv.getInternalTokenDescription());
                debug.message(method + "Key Storage Slot: " + iv.getFIPSKeyStorageSlotDescription());
                debug.message(method + "Key Storage Token: " + iv.getInternalKeyStorageTokenDescription());
                debug.message(method + "FIPS Slot: " + iv.getFIPSSlotDescription());
                debug.message(method + "FIPS Key Storage: " + iv.getFIPSKeyStorageSlotDescription());
            }
            if (fipsMode == null) {
                iv.fipsMode = CryptoManager.InitializationValues.FIPSMode.UNCHANGED;
            } else if (fipsMode.equalsIgnoreCase("true")) {
                iv.fipsMode = CryptoManager.InitializationValues.FIPSMode.ENABLED;
            } else if (fipsMode.equalsIgnoreCase("false")) {
                iv.fipsMode = CryptoManager.InitializationValues.FIPSMode.DISABLED;
            }
            iv.removeSunProvider = false;
            // if other providers are being used
            if (donotInstallJSSProviderAt0) {
                iv.installJSSProvider = false;
            }
            // set open mode of the databases
            iv.readOnly = true;
            // enable OCSP
            iv.ocspCheckingEnabled = ocspCheck;
            // responderURL & responderNickname must both present
            if (ocspCheck && responderURL != null && responderNickName != null) {
                iv.ocspResponderCertNickname = responderNickName;
                iv.ocspResponderURL = responderURL;
            }
            CryptoManager.initialize(iv);
            // add it to the list of JCE providers at the end
            if (donotInstallJSSProviderAt0) {
                Provider provider = null;
                try {
                    provider = (Provider) Class.forName("org.mozilla.jss.JSSProvider").newInstance();
                } catch (ClassNotFoundException e) {
                    provider = (Provider) Class.forName("org.mozilla.jss.provider.Provider").newInstance();
                }
                Security.addProvider(provider);
            }
            cm = CryptoManager.getInstance();
            if (password != null) {
                cm.setPasswordCallback(new JSSPasswordCallback(password));
            }
            token = cm.getInternalKeyStorageToken();
            if (cm.FIPSEnabled()) {
                token.login(cm.getPasswordCallback());
            }
            cm.setThreadToken(token);
            if (debug.messageEnabled()) {
                if (cm.FIPSEnabled() == true) {
                    debug.message(method + "FIPS enabled.");
                } else {
                    debug.message(method + "FIPS not enabled.");
                }
            }
            initialized = true;
        } catch (KeyDatabaseException kdbe) {
            debug.error(method + "Couldn't open the key database.", kdbe);
        } catch (CertDatabaseException cdbe) {
            debug.error(method + "Couldn't open the certificate database.", cdbe);
        } catch (AlreadyInitializedException aie) {
            debug.error(method + "CryptoManager already initialized.", aie);
        } catch (Exception e) {
            debug.error(method + "Exception occurred: ", e);
        }
    }
    return initialized;
}
Also used : InputStreamReader(java.io.InputStreamReader) CryptoManager(org.mozilla.jss.CryptoManager) KeyDatabaseException(org.mozilla.jss.KeyDatabaseException) FileInputStream(java.io.FileInputStream) AlreadyInitializedException(org.mozilla.jss.crypto.AlreadyInitializedException) KeyDatabaseException(org.mozilla.jss.KeyDatabaseException) CertDatabaseException(org.mozilla.jss.CertDatabaseException) AlreadyInitializedException(org.mozilla.jss.crypto.AlreadyInitializedException) Provider(java.security.Provider) JSSPasswordCallback(com.iplanet.am.util.JSSPasswordCallback) CertDatabaseException(org.mozilla.jss.CertDatabaseException) BufferedReader(java.io.BufferedReader)

Aggregations

JSSPasswordCallback (com.iplanet.am.util.JSSPasswordCallback)1 BufferedReader (java.io.BufferedReader)1 FileInputStream (java.io.FileInputStream)1 InputStreamReader (java.io.InputStreamReader)1 Provider (java.security.Provider)1 CertDatabaseException (org.mozilla.jss.CertDatabaseException)1 CryptoManager (org.mozilla.jss.CryptoManager)1 KeyDatabaseException (org.mozilla.jss.KeyDatabaseException)1 AlreadyInitializedException (org.mozilla.jss.crypto.AlreadyInitializedException)1