use of org.mozilla.jss.crypto.ObjectNotFoundException in project jss by dogtagpki.
the class SSLClientAuth method doIt.
/**
* @param args
* @throws java.lang.Exception
*/
public void doIt(String[] args) throws Exception {
if (args.length < 2) {
System.out.println("Usage: java org.mozilla.jss.tests." + "SSLClientAuth <dbdir> <passwordFile> [port]" + " [Certificate Serial Number]");
System.exit(1);
}
cm = CryptoManager.getInstance();
CryptoToken tok = cm.getInternalKeyStorageToken();
PasswordCallback cb = new FilePasswordCallback(args[1]);
tok.login(cb);
if (args.length >= 3) {
port = Integer.parseInt(args[2]);
System.out.println("using port:" + port);
}
if (args.length >= 4) {
serialNum = Integer.parseInt(args[3]);
} else {
SecureRandom rng = SecureRandom.getInstance("pkcs11prng", "Mozilla-JSS");
serialNum = nextRandInt(rng);
}
X509Certificate[] certs;
/* ensure certificate does not already exists */
/* we don't have to test all three */
serverCertNick = "SSLserver-" + serialNum;
clientCertNick = "SSLclient-" + serialNum;
certs = cm.findCertsByNickname(serverCertNick);
if (certs.length == 0) {
generateCerts(cm, serialNum);
} else {
try {
nssServerCert = cm.findCertByNickname(serverCertNick);
nssClientCert = cm.findCertByNickname(clientCertNick);
} catch (TokenException ex) {
ex.printStackTrace();
System.exit(1);
} catch (ObjectNotFoundException ex) {
ex.printStackTrace();
System.exit(1);
}
}
configureDefaultSSLoptions();
testSpecificCiphers();
useNickname = false;
testConnection();
useNickname = true;
testConnection();
System.out.println("Exiting main()");
if (getSuccess()) {
System.exit(0);
} else {
System.exit(1);
}
}
use of org.mozilla.jss.crypto.ObjectNotFoundException in project jss by dogtagpki.
the class SocketBase method setClientCertNickname.
/**
* Sets the nickname of the certificate to use for client authentication.
*/
public void setClientCertNickname(String nick) throws SocketException {
try {
CryptoManager cm = CryptoManager.getInstance();
X509Certificate cert = cm.findCertByNickname(nick);
setClientCert(cert);
} catch (NotInitializedException nie) {
throw new RuntimeException(nie);
} catch (ObjectNotFoundException onfe) {
throw new RuntimeException(onfe);
} catch (TokenException te) {
throw new RuntimeException(te);
}
}
use of org.mozilla.jss.crypto.ObjectNotFoundException in project jss by dogtagpki.
the class JSSKeyStoreSpi method engineGetKey.
@Override
public Key engineGetKey(String alias, char[] password) {
logger.debug("JSSKeyStoreSpi: engineGetKey(" + alias + ")");
try {
CryptoManager cm = CryptoManager.getInstance();
logger.debug("JSSKeyStoreSpi: searching for cert");
try {
X509Certificate cert = cm.findCertByNickname(alias);
logger.debug("JSSKeyStoreSpi: found cert: " + alias);
PrivateKey privateKey = cm.findPrivKeyByCert(cert);
logger.debug("JSSKeyStoreSpi: found private key: " + alias);
return privateKey;
} catch (ObjectNotFoundException e) {
logger.debug("JSSKeyStoreSpi: cert/key not found, searching for key");
}
String[] parts = parseAlias(alias);
String tokenName = parts[0];
String nickname = parts[1];
CryptoToken token;
if (tokenName == null) {
token = cm.getInternalKeyStorageToken();
} else {
token = cm.getTokenByName(tokenName);
}
CryptoStore store = token.getCryptoStore();
logger.debug("JSSKeyStoreSpi: searching for private key");
for (PrivateKey privateKey : store.getPrivateKeys()) {
// convert key ID into hexadecimal
String keyID = Utils.HexEncode(privateKey.getUniqueID());
logger.debug("JSSKeyStoreSpi: - " + keyID);
if (nickname.equals(keyID)) {
logger.debug("JSSKeyStoreSpi: found private key: " + nickname);
return privateKey;
}
}
logger.debug("JSSKeyStoreSpi: searching for symmetric key");
for (SymmetricKey symmetricKey : store.getSymmetricKeys()) {
logger.debug("JSSKeyStoreSpi: - " + symmetricKey.getNickName());
if (nickname.equals(symmetricKey.getNickName())) {
logger.debug("JSSKeyStoreSpi: found symmetric key: " + nickname);
return new SecretKeyFacade(symmetricKey);
}
}
logger.debug("JSSKeyStoreSpi: key not found: " + nickname);
return null;
} catch (NoSuchTokenException e) {
throw new RuntimeException(e);
} catch (NotInitializedException e) {
throw new RuntimeException(e);
} catch (TokenException e) {
throw new RuntimeException(e);
}
}
use of org.mozilla.jss.crypto.ObjectNotFoundException in project jss by dogtagpki.
the class PKCS12Util method loadCertFromNSS.
public void loadCertFromNSS(PKCS12 pkcs12, X509Certificate cert, boolean includeKey, boolean includeChain, String friendlyName) throws Exception {
CryptoManager cm = CryptoManager.getInstance();
PKCS12CertInfo certInfo = createCertInfoFromNSS(cert, friendlyName);
pkcs12.addCertInfo(certInfo, true);
byte[] id = certInfo.getID();
logger.debug(" - Certificate ID: " + Utils.HexEncode(id));
logger.debug(" Friendly name: " + certInfo.getFriendlyName());
logger.debug(" Trust flags: " + certInfo.getTrustFlags());
if (includeKey) {
try {
PrivateKey privateKey = cm.findPrivKeyByCert(cert);
PKCS12KeyInfo keyInfo = createKeyInfoFromNSS(cert, privateKey, friendlyName);
pkcs12.addKeyInfo(keyInfo);
byte[] keyID = keyInfo.getID();
certInfo.setKeyID(keyID);
logger.debug(" Key ID: " + Utils.HexEncode(keyID));
} catch (ObjectNotFoundException e) {
logger.debug("Certificate has no private key");
}
}
if (includeChain) {
// load cert chain
X509Certificate[] certChain = cm.buildCertificateChain(cert);
if (certChain.length > 1) {
logger.debug(" Certificate Chain:");
}
for (int i = 1; i < certChain.length; i++) {
X509Certificate caCert = certChain[i];
PKCS12CertInfo caCertInfo = createCertInfoFromNSS(caCert);
pkcs12.addCertInfo(caCertInfo, false);
byte[] caCertID = caCertInfo.getID();
logger.debug(" - Certificate ID: " + Utils.HexEncode(caCertID));
logger.debug(" Friendly name: " + caCertInfo.getFriendlyName());
logger.debug(" Trust flags: " + caCertInfo.getTrustFlags());
}
}
}
use of org.mozilla.jss.crypto.ObjectNotFoundException in project jss by dogtagpki.
the class PK11Store method findPublicKey.
@Override
public PublicKey findPublicKey(PrivateKey privateKey) throws TokenException, ObjectNotFoundException {
if (privateKey instanceof RSAKey) {
logger.debug("PKCS11Store: searching for RSA public key");
RSAKey rsaPrivateKey = (RSAKey) privateKey;
BigInteger modulus = rsaPrivateKey.getModulus();
for (PublicKey publicKey : getPublicKeys()) {
if (!(publicKey instanceof RSAPublicKey)) {
// not an RSA public key
continue;
}
RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
if (!modulus.equals(rsaPublicKey.getModulus())) {
// modulus doesn't match
continue;
}
logger.debug("PKCS11Store: found RSA public key");
return publicKey;
}
} else {
// TODO: add support for non-RSA keys
}
throw new ObjectNotFoundException("Unable to find public key");
}
Aggregations