Search in sources :

Example 1 with InitializationValues

use of org.mozilla.jss.InitializationValues in project jss by dogtagpki.

the class VerifyCert method main.

public static void main(String[] args) {
    try {
        VerifyCert vc = new VerifyCert();
        if (args.length < 3) {
            vc.usage();
            return;
        }
        String dbdir = args[0];
        String password = args[1];
        String name = args[2];
        String ResponderURL = null;
        String ResponderNickname = null;
        // if OCSPResponderURL than must have OCSPCertificateNickname
        if (args.length == 4 || args.length > 5)
            vc.usage();
        else if (args.length == 5) {
            ResponderURL = args[3];
            ResponderNickname = args[4];
        }
        // initialize JSS
        InitializationValues vals = new InitializationValues(dbdir);
        // enable PKIX verify rather than the old NSS cert library,
        // to verify certificates.
        vals.PKIXVerify = true;
        // as a JSS test set the initialize for cooperate to true
        // One would set this to true if one configured NSS with
        // to use other PKCS11 modules.
        vals.cooperate = true;
        // configure OCSP
        vals.ocspCheckingEnabled = true;
        if (ResponderURL != null && ResponderNickname != null) {
            vals.ocspResponderCertNickname = ResponderNickname;
            vals.ocspResponderURL = ResponderURL;
        }
        CryptoManager cm = CryptoManager.getInstance();
        PasswordCallback pwd = new Password(password.toCharArray());
        cm.setPasswordCallback(pwd);
        try (FileInputStream fin = new FileInputStream(name)) {
            byte[] pkg = new byte[fin.available()];
            fin.read(pkg);
            // display the cert
            vc.showCert(name);
            // validate the cert
            vc.validateDerCert(pkg, cm);
        } catch (java.io.FileNotFoundException e) {
            // assume name is a nickname of cert in the db
            vc.validateCertInDB(name, cm);
        }
    } catch (Exception e) {
        e.printStackTrace();
        System.exit(1);
    }
}
Also used : InitializationValues(org.mozilla.jss.InitializationValues) PasswordCallback(org.mozilla.jss.util.PasswordCallback) CryptoManager(org.mozilla.jss.CryptoManager) FileInputStream(java.io.FileInputStream) Password(org.mozilla.jss.util.Password)

Example 2 with InitializationValues

use of org.mozilla.jss.InitializationValues in project jss by dogtagpki.

the class FipsTest method main.

public static void main(String[] args) {
    try {
        if (args.length < 2) {
            System.out.println("Usage: FipsTest <dbdir> <fipsmode enter: " + "enable OR disable OR chkfips > <password file>");
            return;
        }
        String dbdir = args[0];
        String fipsmode = args[1];
        String password = "";
        if (args.length == 3) {
            password = args[2];
            System.out.println("The password file " + password);
        }
        InitializationValues vals = new InitializationValues(dbdir);
        System.out.println("output of Initilization values ");
        System.out.println("Manufacturer ID: " + vals.getManufacturerID());
        System.out.println("Library: " + vals.getLibraryDescription());
        System.out.println("Internal Slot: " + vals.getInternalSlotDescription());
        System.out.println("Internal Token: " + vals.getInternalTokenDescription());
        System.out.println("Key Storage Slot: " + vals.getFIPSKeyStorageSlotDescription());
        System.out.println("Key Storage Token: " + vals.getInternalKeyStorageTokenDescription());
        System.out.println("FIPS Slot: " + vals.getFIPSSlotDescription());
        System.out.println("FIPS Key Storage: " + vals.getFIPSKeyStorageSlotDescription());
        if (fipsmode.equalsIgnoreCase("enable")) {
            vals.fipsMode = InitializationValues.FIPSMode.ENABLED;
        } else if (fipsmode.equalsIgnoreCase("disable")) {
            vals.fipsMode = InitializationValues.FIPSMode.DISABLED;
        } else {
            vals.fipsMode = InitializationValues.FIPSMode.UNCHANGED;
        }
        CryptoManager.initialize(vals);
        CryptoManager cm = CryptoManager.getInstance();
        if (cm.FIPSEnabled() == true) {
            System.out.println("\n\t\tFIPS enabled\n");
        } else {
            System.out.println("\n\t\tFIPS not enabled\n");
        }
        Enumeration<PK11Module> modules = cm.getModules();
        System.out.println("\nListing of Modules:");
        while (modules.hasMoreElements()) {
            System.out.println("\t" + modules.nextElement().getName());
        }
        CryptoToken tok;
        String tokenName;
        Enumeration<CryptoToken> tokens = cm.getAllTokens();
        System.out.println("\nAll Tokens:");
        while (tokens.hasMoreElements()) {
            tok = tokens.nextElement();
            System.out.print("\t" + tok.getName());
            if (tok.needsLogin() == true) {
                System.out.println("\t - Needs login.\n");
            } else {
                System.out.println("\t - Does not need login.\n");
            }
        }
        tokens = cm.getExternalTokens();
        System.out.println("\nExternal Tokens:");
        while (tokens.hasMoreElements()) {
            System.out.println("\t" + tokens.nextElement().getName());
        }
        /* find the Internal Key Storage token */
        if (cm.FIPSEnabled() == true) {
            tokenName = vals.getFIPSSlotDescription();
        } else {
            tokenName = vals.getInternalKeyStorageTokenDescription();
        }
        /* truncate to 32 bytes and remove trailing white space*/
        tokenName = tokenName.substring(0, 32);
        tokenName = tokenName.trim();
        System.out.println("\nFinding the Internal Key Storage token: " + tokenName);
        tok = cm.getTokenByName(tokenName);
        if (((PK11Token) tok).isInternalKeyStorageToken() && tok.equals(cm.getInternalKeyStorageToken())) {
            System.out.println("Good, " + tok.getName() + ", knows it is " + "the internal Key Storage Token");
        } else {
            System.out.println("ERROR: " + tok.getName() + ", doesn't know" + " it is the internal key storage token");
        }
        if (!password.equals("")) {
            System.out.println("logging in to the Token: " + tok.getName());
            PasswordCallback cb = new FilePasswordCallback(password);
            tok.login(cb);
            System.out.println("logged in to the Token: " + tok.getName());
        }
        /* find the Internal Crypto token */
        if (cm.FIPSEnabled() == true) {
            tokenName = vals.getFIPSSlotDescription();
        } else {
            tokenName = vals.getInternalTokenDescription();
        }
        /* truncate to 32 bytes and remove trailing white space*/
        tokenName = tokenName.substring(0, 32);
        tokenName = tokenName.trim();
        System.out.println("\nFinding the Internal Crypto token: " + tokenName);
        tok = cm.getTokenByName(tokenName);
        if (((PK11Token) tok).isInternalCryptoToken() && tok.equals(cm.getInternalCryptoToken())) {
            System.out.println("Good, " + tok.getName() + ", knows it is the internal Crypto token");
        } else {
            System.out.println("ERROR: " + tok.getName() + ", doesn't know that it is the internal Crypto token");
        }
        System.exit(0);
    } catch (Exception e) {
        e.printStackTrace();
        System.exit(1);
    }
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) InitializationValues(org.mozilla.jss.InitializationValues) PasswordCallback(org.mozilla.jss.util.PasswordCallback) CryptoManager(org.mozilla.jss.CryptoManager) PK11Module(org.mozilla.jss.pkcs11.PK11Module)

Example 3 with InitializationValues

use of org.mozilla.jss.InitializationValues in project tomcatjss by dogtagpki.

the class TomcatJSS method init.

public void init() throws Exception {
    if (initialized) {
        return;
    }
    logger.info("TomcatJSS: initialization");
    if (certdbDir == null) {
        certdbDir = System.getProperty("catalina.base") + File.separator + "alias";
    }
    logger.debug("TomcatJSS: certdbDir: " + certdbDir);
    if (passwordClass == null) {
        passwordClass = PlainPasswordFile.class.getName();
    }
    logger.debug("TomcatJSS: passwordClass: " + passwordClass);
    if (passwordFile == null) {
        passwordFile = System.getProperty("catalina.base") + File.separator + "conf" + File.separator + "password.conf";
    }
    logger.debug("TomcatJSS: passwordFile: " + passwordFile);
    if (serverCertNickFile != null) {
        logger.debug("TomcatJSS: serverCertNickFile: " + serverCertNickFile);
    }
    InitializationValues vals = new InitializationValues(certdbDir);
    vals.removeSunProvider = false;
    vals.installJSSProvider = true;
    try {
        CryptoManager.initialize(vals);
    } catch (AlreadyInitializedException e) {
        logger.warn("TomcatJSS: " + e);
    }
    manager = CryptoManager.getInstance();
    passwordStore = (IPasswordStore) Class.forName(passwordClass).newInstance();
    passwordStore.init(passwordFile);
    login();
    if (serverCertNickFile != null) {
        serverCertNick = new String(Files.readAllBytes(Paths.get(serverCertNickFile))).trim();
        logger.debug("serverCertNick: " + serverCertNick);
    }
    logger.debug("clientAuth: " + clientAuth);
    if (clientAuth.equalsIgnoreCase("true")) {
        requireClientAuth = true;
    } else if (clientAuth.equalsIgnoreCase("yes")) {
        requireClientAuth = true;
        logger.warn("The \"yes\" value for clientAuth has been deprecated. Use \"true\" instead.");
    } else if (clientAuth.equalsIgnoreCase("want")) {
        wantClientAuth = true;
    }
    logger.debug("requireClientAuth: " + requireClientAuth);
    logger.debug("wantClientAuth: " + wantClientAuth);
    if (requireClientAuth || wantClientAuth) {
        configureOCSP();
    }
    // 12 hours = 43200 seconds
    SSLServerSocket.configServerSessionIDCache(0, 43200, 43200, null);
    logger.info("TomcatJSS: initialization complete");
    initialized = true;
}
Also used : InitializationValues(org.mozilla.jss.InitializationValues) AlreadyInitializedException(org.mozilla.jss.crypto.AlreadyInitializedException)

Example 4 with InitializationValues

use of org.mozilla.jss.InitializationValues in project jss by dogtagpki.

the class ClientHandshakeCB method main.

public static void main(String[] argv) throws Exception {
    int i;
    try {
        InitializationValues vals = new InitializationValues(".");
        CryptoManager.initialize(vals);
    // NSSInit.initialize("secmod.db", "key3.db", "cert7.db");
    } catch (KeyDatabaseException kdbe) {
        System.out.println("Couldn't open the key database");
        return;
    } catch (CertDatabaseException cdbe) {
        System.out.println("Couldn't open the certificate database");
        return;
    } catch (AlreadyInitializedException aie) {
        System.out.println("CryptoManager already initialized???");
        return;
    } catch (Exception e) {
        System.out.println("Exception occurred: " + e.getMessage());
        return;
    }
    /* enable all the SSL2 cipher suites */
    for (i = SSLSocket.SSL2_RC4_128_WITH_MD5; i <= SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5; ++i) {
        // SSLSocket.setPermittedByPolicy(i, SSLSocket.SSL_ALLOWED);
        if (i != 0xFF05) {
            SSLSocket.setCipherPreferenceDefault(i, true);
        }
    }
    /* enable all the SSL3 cipher suites */
    for (i = 0; cipherSuites[i] != 0; ++i) {
        // SSLSocket.setPermittedByPolicy(cipherSuites[i], SSLSocket.SSL_ALLOWED);
        SSLSocket.setCipherPreferenceDefault(cipherSuites[i], true);
    }
    SSLClient x = new SSLClient(System.out, "Stand alone Ver 0.01", argv);
    x.run(true, false);
}
Also used : CertDatabaseException(org.mozilla.jss.CertDatabaseException) InitializationValues(org.mozilla.jss.InitializationValues) KeyDatabaseException(org.mozilla.jss.KeyDatabaseException) AlreadyInitializedException(org.mozilla.jss.crypto.AlreadyInitializedException) AlreadyInitializedException(org.mozilla.jss.crypto.AlreadyInitializedException) KeyDatabaseException(org.mozilla.jss.KeyDatabaseException) IOException(java.io.IOException) CertDatabaseException(org.mozilla.jss.CertDatabaseException)

Aggregations

InitializationValues (org.mozilla.jss.InitializationValues)4 CryptoManager (org.mozilla.jss.CryptoManager)2 AlreadyInitializedException (org.mozilla.jss.crypto.AlreadyInitializedException)2 PasswordCallback (org.mozilla.jss.util.PasswordCallback)2 FileInputStream (java.io.FileInputStream)1 IOException (java.io.IOException)1 CertDatabaseException (org.mozilla.jss.CertDatabaseException)1 KeyDatabaseException (org.mozilla.jss.KeyDatabaseException)1 CryptoToken (org.mozilla.jss.crypto.CryptoToken)1 PK11Module (org.mozilla.jss.pkcs11.PK11Module)1 Password (org.mozilla.jss.util.Password)1