Search in sources :

Example 1 with ObjectNotFoundException

use of org.mozilla.jss.crypto.ObjectNotFoundException in project jss by dogtagpki.

the class SSLClientAuth method doIt.

/**
 * @param args
 * @throws java.lang.Exception
 */
public void doIt(String[] args) throws Exception {
    if (args.length < 2) {
        System.out.println("Usage: java org.mozilla.jss.tests." + "SSLClientAuth <dbdir> <passwordFile> [port]" + " [Certificate Serial Number]");
        System.exit(1);
    }
    cm = CryptoManager.getInstance();
    CryptoToken tok = cm.getInternalKeyStorageToken();
    PasswordCallback cb = new FilePasswordCallback(args[1]);
    tok.login(cb);
    if (args.length >= 3) {
        port = Integer.parseInt(args[2]);
        System.out.println("using port:" + port);
    }
    if (args.length >= 4) {
        serialNum = Integer.parseInt(args[3]);
    } else {
        SecureRandom rng = SecureRandom.getInstance("pkcs11prng", "Mozilla-JSS");
        serialNum = nextRandInt(rng);
    }
    X509Certificate[] certs;
    /* ensure certificate does not already exists */
    /* we don't have to test all three */
    serverCertNick = "SSLserver-" + serialNum;
    clientCertNick = "SSLclient-" + serialNum;
    certs = cm.findCertsByNickname(serverCertNick);
    if (certs.length == 0) {
        generateCerts(cm, serialNum);
    } else {
        try {
            nssServerCert = cm.findCertByNickname(serverCertNick);
            nssClientCert = cm.findCertByNickname(clientCertNick);
        } catch (TokenException ex) {
            ex.printStackTrace();
            System.exit(1);
        } catch (ObjectNotFoundException ex) {
            ex.printStackTrace();
            System.exit(1);
        }
    }
    configureDefaultSSLoptions();
    testSpecificCiphers();
    useNickname = false;
    testConnection();
    useNickname = true;
    testConnection();
    System.out.println("Exiting main()");
    if (getSuccess()) {
        System.exit(0);
    } else {
        System.exit(1);
    }
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) TokenException(org.mozilla.jss.crypto.TokenException) ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException) PasswordCallback(org.mozilla.jss.util.PasswordCallback) SecureRandom(java.security.SecureRandom) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Example 2 with ObjectNotFoundException

use of org.mozilla.jss.crypto.ObjectNotFoundException in project jss by dogtagpki.

the class SocketBase method setClientCertNickname.

/**
 * Sets the nickname of the certificate to use for client authentication.
 */
public void setClientCertNickname(String nick) throws SocketException {
    try {
        CryptoManager cm = CryptoManager.getInstance();
        X509Certificate cert = cm.findCertByNickname(nick);
        setClientCert(cert);
    } catch (NotInitializedException nie) {
        throw new RuntimeException(nie);
    } catch (ObjectNotFoundException onfe) {
        throw new RuntimeException(onfe);
    } catch (TokenException te) {
        throw new RuntimeException(te);
    }
}
Also used : NotInitializedException(org.mozilla.jss.NotInitializedException) ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException) TokenException(org.mozilla.jss.crypto.TokenException) CryptoManager(org.mozilla.jss.CryptoManager) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Example 3 with ObjectNotFoundException

use of org.mozilla.jss.crypto.ObjectNotFoundException in project jss by dogtagpki.

the class JSSKeyStoreSpi method engineGetKey.

@Override
public Key engineGetKey(String alias, char[] password) {
    logger.debug("JSSKeyStoreSpi: engineGetKey(" + alias + ")");
    try {
        CryptoManager cm = CryptoManager.getInstance();
        logger.debug("JSSKeyStoreSpi: searching for cert");
        try {
            X509Certificate cert = cm.findCertByNickname(alias);
            logger.debug("JSSKeyStoreSpi: found cert: " + alias);
            PrivateKey privateKey = cm.findPrivKeyByCert(cert);
            logger.debug("JSSKeyStoreSpi: found private key: " + alias);
            return privateKey;
        } catch (ObjectNotFoundException e) {
            logger.debug("JSSKeyStoreSpi: cert/key not found, searching for key");
        }
        String[] parts = parseAlias(alias);
        String tokenName = parts[0];
        String nickname = parts[1];
        CryptoToken token;
        if (tokenName == null) {
            token = cm.getInternalKeyStorageToken();
        } else {
            token = cm.getTokenByName(tokenName);
        }
        CryptoStore store = token.getCryptoStore();
        logger.debug("JSSKeyStoreSpi: searching for private key");
        for (PrivateKey privateKey : store.getPrivateKeys()) {
            // convert key ID into hexadecimal
            String keyID = Utils.HexEncode(privateKey.getUniqueID());
            logger.debug("JSSKeyStoreSpi: - " + keyID);
            if (nickname.equals(keyID)) {
                logger.debug("JSSKeyStoreSpi: found private key: " + nickname);
                return privateKey;
            }
        }
        logger.debug("JSSKeyStoreSpi: searching for symmetric key");
        for (SymmetricKey symmetricKey : store.getSymmetricKeys()) {
            logger.debug("JSSKeyStoreSpi: - " + symmetricKey.getNickName());
            if (nickname.equals(symmetricKey.getNickName())) {
                logger.debug("JSSKeyStoreSpi: found symmetric key: " + nickname);
                return new SecretKeyFacade(symmetricKey);
            }
        }
        logger.debug("JSSKeyStoreSpi: key not found: " + nickname);
        return null;
    } catch (NoSuchTokenException e) {
        throw new RuntimeException(e);
    } catch (NotInitializedException e) {
        throw new RuntimeException(e);
    } catch (TokenException e) {
        throw new RuntimeException(e);
    }
}
Also used : PrivateKey(org.mozilla.jss.crypto.PrivateKey) CryptoToken(org.mozilla.jss.crypto.CryptoToken) NotInitializedException(org.mozilla.jss.NotInitializedException) SymmetricKey(org.mozilla.jss.crypto.SymmetricKey) CryptoManager(org.mozilla.jss.CryptoManager) X509Certificate(org.mozilla.jss.crypto.X509Certificate) CryptoStore(org.mozilla.jss.crypto.CryptoStore) SecretKeyFacade(org.mozilla.jss.crypto.SecretKeyFacade) NoSuchTokenException(org.mozilla.jss.NoSuchTokenException) ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException) NoSuchTokenException(org.mozilla.jss.NoSuchTokenException) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) TokenException(org.mozilla.jss.crypto.TokenException)

Example 4 with ObjectNotFoundException

use of org.mozilla.jss.crypto.ObjectNotFoundException in project jss by dogtagpki.

the class PKCS12Util method loadCertFromNSS.

public void loadCertFromNSS(PKCS12 pkcs12, X509Certificate cert, boolean includeKey, boolean includeChain, String friendlyName) throws Exception {
    CryptoManager cm = CryptoManager.getInstance();
    PKCS12CertInfo certInfo = createCertInfoFromNSS(cert, friendlyName);
    pkcs12.addCertInfo(certInfo, true);
    byte[] id = certInfo.getID();
    logger.debug(" - Certificate ID: " + Utils.HexEncode(id));
    logger.debug("   Friendly name: " + certInfo.getFriendlyName());
    logger.debug("   Trust flags: " + certInfo.getTrustFlags());
    if (includeKey) {
        try {
            PrivateKey privateKey = cm.findPrivKeyByCert(cert);
            PKCS12KeyInfo keyInfo = createKeyInfoFromNSS(cert, privateKey, friendlyName);
            pkcs12.addKeyInfo(keyInfo);
            byte[] keyID = keyInfo.getID();
            certInfo.setKeyID(keyID);
            logger.debug("   Key ID: " + Utils.HexEncode(keyID));
        } catch (ObjectNotFoundException e) {
            logger.debug("Certificate has no private key");
        }
    }
    if (includeChain) {
        // load cert chain
        X509Certificate[] certChain = cm.buildCertificateChain(cert);
        if (certChain.length > 1) {
            logger.debug("   Certificate Chain:");
        }
        for (int i = 1; i < certChain.length; i++) {
            X509Certificate caCert = certChain[i];
            PKCS12CertInfo caCertInfo = createCertInfoFromNSS(caCert);
            pkcs12.addCertInfo(caCertInfo, false);
            byte[] caCertID = caCertInfo.getID();
            logger.debug("   - Certificate ID: " + Utils.HexEncode(caCertID));
            logger.debug("     Friendly name: " + caCertInfo.getFriendlyName());
            logger.debug("     Trust flags: " + caCertInfo.getTrustFlags());
        }
    }
}
Also used : PrivateKey(org.mozilla.jss.crypto.PrivateKey) ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException) CryptoManager(org.mozilla.jss.CryptoManager) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Example 5 with ObjectNotFoundException

use of org.mozilla.jss.crypto.ObjectNotFoundException in project jss by dogtagpki.

the class PK11Store method findPublicKey.

@Override
public PublicKey findPublicKey(PrivateKey privateKey) throws TokenException, ObjectNotFoundException {
    if (privateKey instanceof RSAKey) {
        logger.debug("PKCS11Store: searching for RSA public key");
        RSAKey rsaPrivateKey = (RSAKey) privateKey;
        BigInteger modulus = rsaPrivateKey.getModulus();
        for (PublicKey publicKey : getPublicKeys()) {
            if (!(publicKey instanceof RSAPublicKey)) {
                // not an RSA public key
                continue;
            }
            RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
            if (!modulus.equals(rsaPublicKey.getModulus())) {
                // modulus doesn't match
                continue;
            }
            logger.debug("PKCS11Store: found RSA public key");
            return publicKey;
        }
    } else {
    // TODO: add support for non-RSA keys
    }
    throw new ObjectNotFoundException("Unable to find public key");
}
Also used : RSAKey(java.security.interfaces.RSAKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException) BigInteger(java.math.BigInteger)

Aggregations

ObjectNotFoundException (org.mozilla.jss.crypto.ObjectNotFoundException)9 CryptoManager (org.mozilla.jss.CryptoManager)7 TokenException (org.mozilla.jss.crypto.TokenException)7 X509Certificate (org.mozilla.jss.crypto.X509Certificate)7 NotInitializedException (org.mozilla.jss.NotInitializedException)6 NoSuchItemOnTokenException (org.mozilla.jss.crypto.NoSuchItemOnTokenException)6 NoSuchTokenException (org.mozilla.jss.NoSuchTokenException)5 CryptoToken (org.mozilla.jss.crypto.CryptoToken)3 PrivateKey (org.mozilla.jss.crypto.PrivateKey)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 InputStream (java.io.InputStream)2 PublicKey (java.security.PublicKey)2 CertificateException (java.security.cert.CertificateException)2 CertificateFactory (java.security.cert.CertificateFactory)2 CryptoStore (org.mozilla.jss.crypto.CryptoStore)2 TokenCertificate (org.mozilla.jss.crypto.TokenCertificate)2 PK11Cert (org.mozilla.jss.pkcs11.PK11Cert)2 BigInteger (java.math.BigInteger)1 KeyStoreException (java.security.KeyStoreException)1 SecureRandom (java.security.SecureRandom)1