use of org.mozilla.jss.InitializationValues in project jss by dogtagpki.
the class VerifyCert method main.
public static void main(String[] args) {
try {
VerifyCert vc = new VerifyCert();
if (args.length < 3) {
vc.usage();
return;
}
String dbdir = args[0];
String password = args[1];
String name = args[2];
String ResponderURL = null;
String ResponderNickname = null;
// if OCSPResponderURL than must have OCSPCertificateNickname
if (args.length == 4 || args.length > 5)
vc.usage();
else if (args.length == 5) {
ResponderURL = args[3];
ResponderNickname = args[4];
}
// initialize JSS
InitializationValues vals = new InitializationValues(dbdir);
// enable PKIX verify rather than the old NSS cert library,
// to verify certificates.
vals.PKIXVerify = true;
// as a JSS test set the initialize for cooperate to true
// One would set this to true if one configured NSS with
// to use other PKCS11 modules.
vals.cooperate = true;
// configure OCSP
vals.ocspCheckingEnabled = true;
if (ResponderURL != null && ResponderNickname != null) {
vals.ocspResponderCertNickname = ResponderNickname;
vals.ocspResponderURL = ResponderURL;
}
CryptoManager cm = CryptoManager.getInstance();
PasswordCallback pwd = new Password(password.toCharArray());
cm.setPasswordCallback(pwd);
try (FileInputStream fin = new FileInputStream(name)) {
byte[] pkg = new byte[fin.available()];
fin.read(pkg);
// display the cert
vc.showCert(name);
// validate the cert
vc.validateDerCert(pkg, cm);
} catch (java.io.FileNotFoundException e) {
// assume name is a nickname of cert in the db
vc.validateCertInDB(name, cm);
}
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
}
use of org.mozilla.jss.InitializationValues in project jss by dogtagpki.
the class FipsTest method main.
public static void main(String[] args) {
try {
if (args.length < 2) {
System.out.println("Usage: FipsTest <dbdir> <fipsmode enter: " + "enable OR disable OR chkfips > <password file>");
return;
}
String dbdir = args[0];
String fipsmode = args[1];
String password = "";
if (args.length == 3) {
password = args[2];
System.out.println("The password file " + password);
}
InitializationValues vals = new InitializationValues(dbdir);
System.out.println("output of Initilization values ");
System.out.println("Manufacturer ID: " + vals.getManufacturerID());
System.out.println("Library: " + vals.getLibraryDescription());
System.out.println("Internal Slot: " + vals.getInternalSlotDescription());
System.out.println("Internal Token: " + vals.getInternalTokenDescription());
System.out.println("Key Storage Slot: " + vals.getFIPSKeyStorageSlotDescription());
System.out.println("Key Storage Token: " + vals.getInternalKeyStorageTokenDescription());
System.out.println("FIPS Slot: " + vals.getFIPSSlotDescription());
System.out.println("FIPS Key Storage: " + vals.getFIPSKeyStorageSlotDescription());
if (fipsmode.equalsIgnoreCase("enable")) {
vals.fipsMode = InitializationValues.FIPSMode.ENABLED;
} else if (fipsmode.equalsIgnoreCase("disable")) {
vals.fipsMode = InitializationValues.FIPSMode.DISABLED;
} else {
vals.fipsMode = InitializationValues.FIPSMode.UNCHANGED;
}
CryptoManager.initialize(vals);
CryptoManager cm = CryptoManager.getInstance();
if (cm.FIPSEnabled() == true) {
System.out.println("\n\t\tFIPS enabled\n");
} else {
System.out.println("\n\t\tFIPS not enabled\n");
}
Enumeration<PK11Module> modules = cm.getModules();
System.out.println("\nListing of Modules:");
while (modules.hasMoreElements()) {
System.out.println("\t" + modules.nextElement().getName());
}
CryptoToken tok;
String tokenName;
Enumeration<CryptoToken> tokens = cm.getAllTokens();
System.out.println("\nAll Tokens:");
while (tokens.hasMoreElements()) {
tok = tokens.nextElement();
System.out.print("\t" + tok.getName());
if (tok.needsLogin() == true) {
System.out.println("\t - Needs login.\n");
} else {
System.out.println("\t - Does not need login.\n");
}
}
tokens = cm.getExternalTokens();
System.out.println("\nExternal Tokens:");
while (tokens.hasMoreElements()) {
System.out.println("\t" + tokens.nextElement().getName());
}
/* find the Internal Key Storage token */
if (cm.FIPSEnabled() == true) {
tokenName = vals.getFIPSSlotDescription();
} else {
tokenName = vals.getInternalKeyStorageTokenDescription();
}
/* truncate to 32 bytes and remove trailing white space*/
tokenName = tokenName.substring(0, 32);
tokenName = tokenName.trim();
System.out.println("\nFinding the Internal Key Storage token: " + tokenName);
tok = cm.getTokenByName(tokenName);
if (((PK11Token) tok).isInternalKeyStorageToken() && tok.equals(cm.getInternalKeyStorageToken())) {
System.out.println("Good, " + tok.getName() + ", knows it is " + "the internal Key Storage Token");
} else {
System.out.println("ERROR: " + tok.getName() + ", doesn't know" + " it is the internal key storage token");
}
if (!password.equals("")) {
System.out.println("logging in to the Token: " + tok.getName());
PasswordCallback cb = new FilePasswordCallback(password);
tok.login(cb);
System.out.println("logged in to the Token: " + tok.getName());
}
/* find the Internal Crypto token */
if (cm.FIPSEnabled() == true) {
tokenName = vals.getFIPSSlotDescription();
} else {
tokenName = vals.getInternalTokenDescription();
}
/* truncate to 32 bytes and remove trailing white space*/
tokenName = tokenName.substring(0, 32);
tokenName = tokenName.trim();
System.out.println("\nFinding the Internal Crypto token: " + tokenName);
tok = cm.getTokenByName(tokenName);
if (((PK11Token) tok).isInternalCryptoToken() && tok.equals(cm.getInternalCryptoToken())) {
System.out.println("Good, " + tok.getName() + ", knows it is the internal Crypto token");
} else {
System.out.println("ERROR: " + tok.getName() + ", doesn't know that it is the internal Crypto token");
}
System.exit(0);
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
}
use of org.mozilla.jss.InitializationValues in project tomcatjss by dogtagpki.
the class TomcatJSS method init.
public void init() throws Exception {
if (initialized) {
return;
}
logger.info("TomcatJSS: initialization");
if (certdbDir == null) {
certdbDir = System.getProperty("catalina.base") + File.separator + "alias";
}
logger.debug("TomcatJSS: certdbDir: " + certdbDir);
if (passwordClass == null) {
passwordClass = PlainPasswordFile.class.getName();
}
logger.debug("TomcatJSS: passwordClass: " + passwordClass);
if (passwordFile == null) {
passwordFile = System.getProperty("catalina.base") + File.separator + "conf" + File.separator + "password.conf";
}
logger.debug("TomcatJSS: passwordFile: " + passwordFile);
if (serverCertNickFile != null) {
logger.debug("TomcatJSS: serverCertNickFile: " + serverCertNickFile);
}
InitializationValues vals = new InitializationValues(certdbDir);
vals.removeSunProvider = false;
vals.installJSSProvider = true;
try {
CryptoManager.initialize(vals);
} catch (AlreadyInitializedException e) {
logger.warn("TomcatJSS: " + e);
}
manager = CryptoManager.getInstance();
passwordStore = (IPasswordStore) Class.forName(passwordClass).newInstance();
passwordStore.init(passwordFile);
login();
if (serverCertNickFile != null) {
serverCertNick = new String(Files.readAllBytes(Paths.get(serverCertNickFile))).trim();
logger.debug("serverCertNick: " + serverCertNick);
}
logger.debug("clientAuth: " + clientAuth);
if (clientAuth.equalsIgnoreCase("true")) {
requireClientAuth = true;
} else if (clientAuth.equalsIgnoreCase("yes")) {
requireClientAuth = true;
logger.warn("The \"yes\" value for clientAuth has been deprecated. Use \"true\" instead.");
} else if (clientAuth.equalsIgnoreCase("want")) {
wantClientAuth = true;
}
logger.debug("requireClientAuth: " + requireClientAuth);
logger.debug("wantClientAuth: " + wantClientAuth);
if (requireClientAuth || wantClientAuth) {
configureOCSP();
}
// 12 hours = 43200 seconds
SSLServerSocket.configServerSessionIDCache(0, 43200, 43200, null);
logger.info("TomcatJSS: initialization complete");
initialized = true;
}
use of org.mozilla.jss.InitializationValues in project jss by dogtagpki.
the class ClientHandshakeCB method main.
public static void main(String[] argv) throws Exception {
int i;
try {
InitializationValues vals = new InitializationValues(".");
CryptoManager.initialize(vals);
// NSSInit.initialize("secmod.db", "key3.db", "cert7.db");
} catch (KeyDatabaseException kdbe) {
System.out.println("Couldn't open the key database");
return;
} catch (CertDatabaseException cdbe) {
System.out.println("Couldn't open the certificate database");
return;
} catch (AlreadyInitializedException aie) {
System.out.println("CryptoManager already initialized???");
return;
} catch (Exception e) {
System.out.println("Exception occurred: " + e.getMessage());
return;
}
/* enable all the SSL2 cipher suites */
for (i = SSLSocket.SSL2_RC4_128_WITH_MD5; i <= SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5; ++i) {
// SSLSocket.setPermittedByPolicy(i, SSLSocket.SSL_ALLOWED);
if (i != 0xFF05) {
SSLSocket.setCipherPreferenceDefault(i, true);
}
}
/* enable all the SSL3 cipher suites */
for (i = 0; cipherSuites[i] != 0; ++i) {
// SSLSocket.setPermittedByPolicy(cipherSuites[i], SSLSocket.SSL_ALLOWED);
SSLSocket.setCipherPreferenceDefault(cipherSuites[i], true);
}
SSLClient x = new SSLClient(System.out, "Stand alone Ver 0.01", argv);
x.run(true, false);
}
Aggregations