Search in sources :

Example 1 with TokenException

use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.

the class CryptoManager method getTokenByName.

/**
 * Looks up the CryptoToken with the given name.  Searches all
 * loaded cryptographic modules for the token.
 *
 * @param name The name of the token.
 * @return The token.
 * @exception org.mozilla.jss.NoSuchTokenException If no token
 *  is found with the given name.
 */
public synchronized CryptoToken getTokenByName(String name) throws NoSuchTokenException {
    Enumeration<CryptoToken> tokens = getAllTokens();
    CryptoToken token;
    while (tokens.hasMoreElements()) {
        token = tokens.nextElement();
        try {
            if (name.equals(token.getName())) {
                return token;
            }
        } catch (TokenException e) {
            throw new RuntimeException(e);
        }
    }
    throw new NoSuchTokenException("No such token: " + name);
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) TokenException(org.mozilla.jss.crypto.TokenException)

Example 2 with TokenException

use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.

the class SelfTest method main.

public static void main(String[] args) throws Throwable {
    CryptoToken tok;
    CryptoToken intTok;
    CryptoManager manager;
    Password pass1 = null, pass2 = null;
    java.security.KeyPair keyPair;
    char[] passchar1 = { 'f', 'o', 'o', 'b', 'a', 'r' };
    char[] passchar2 = { 'n', 'e', 't', 's', 'c', 'a', 'p', 'e' };
    if (args.length != 1) {
        System.err.println("Usage: java ...SelfTest <dbdir>");
        return;
    }
    try {
        manager = CryptoManager.getInstance();
    } catch (NotInitializedException e) {
        System.out.println("CryptoManager not initialized");
        return;
    }
    try {
        tok = manager.getTokenByName("asdffda");
        System.out.println("ERROR: found a nonexistent token");
    } catch (NoSuchTokenException e) {
        System.out.println("Good, could not find non-existent token");
    }
    try {
        Enumeration<PK11Module> modules = manager.getModules();
        System.out.println("Modules:");
        while (modules.hasMoreElements()) {
            System.out.println("\t" + modules.nextElement().getName());
        }
        Enumeration<CryptoToken> tokens = manager.getAllTokens();
        System.out.println("All Tokens:");
        while (tokens.hasMoreElements()) {
            System.out.println("\t" + tokens.nextElement().getName());
        }
        Enumeration<CryptoToken> extTokens = manager.getExternalTokens();
        System.out.println("External Tokens:");
        while (extTokens.hasMoreElements()) {
            System.out.println("\t" + extTokens.nextElement().getName());
        }
        tok = manager.getTokenByName("Internal Key Storage Token");
        System.out.println("Good, found internal DB token");
        if (tok.equals(manager.getInternalKeyStorageToken())) {
            System.out.println("Good, it really is the key storage token");
        } else {
            System.out.println("ERROR: it's not the same as the key " + "storage token!");
        }
        if (((PK11Token) tok).isInternalKeyStorageToken()) {
            System.out.println("Good, " + tok.getName() + " knows " + "what it is");
        } else {
            System.out.println("ERROR: " + tok.getName() + " doesn't know" + " it is key storage token");
        }
        intTok = manager.getInternalCryptoToken();
        if (((PK11Token) intTok).isInternalCryptoToken()) {
            System.out.println("Good, " + tok.getName() + " knows it is the internal token");
        } else {
            System.out.println("ERROR: " + tok.getName() + " doesn't know what that it is the internal token");
        }
        if (tok.isLoggedIn() == false) {
            System.out.println("Good, isLoggedIn correctly says we're" + " not logged in");
        } else {
            System.out.println("ERROR: isLoggedIn incorrectly says we're" + " logged in");
        }
        System.out.println("Good, successfully opened token \"" + tok.getName() + "\"");
        pass1 = new Password(passchar1.clone());
        pass2 = new Password(new char[] { 0 });
        tok.initPassword(pass2, pass1);
        pass1.clear();
        pass2.clear();
        System.out.println("Good, initialized PIN");
        tok.logout();
        try {
            pass1 = new Password(passchar2.clone());
            tok.login(pass1);
            System.out.println("ERROR: Successfully logged in with wrong" + " PIN");
        } catch (IncorrectPasswordException e) {
            System.out.println("Good, unable to login with wrong PIN");
        } finally {
            pass1.clear();
        }
        pass1 = new Password(passchar1.clone());
        tok.login(pass1);
        pass1.clear();
        System.out.println("Good, logged in");
        if (tok.isLoggedIn() == true) {
            System.out.println("Good, isLoggedIn correctly says we're" + " logged in");
        } else {
            System.out.println("ERROR: isLoggedIn incorrectly says we're" + " not logged in");
        }
        pass1 = new Password(passchar1.clone());
        pass2 = new Password(passchar2.clone());
        tok.changePassword(pass1, pass2);
        pass1.clear();
        pass2.clear();
        System.out.println("Good, changed PIN");
        try {
            pass1 = new Password(passchar1.clone());
            tok.login(pass1);
            // Should still be logged in
            System.out.println("Good, logging in with wrong PIN ok if " + " already logged in");
        } catch (IncorrectPasswordException e) {
            System.out.println("ERROR: logged in second time with wrong" + "PIN, but we should still be logged in");
        } finally {
            pass1.clear();
        }
        try {
            tok.logout();
            System.out.println("Good, logged out successfully.");
        } catch (TokenException e) {
            System.out.println("ERROR: failed to logout from token");
        }
        if (tok.isLoggedIn() == false) {
            System.out.println("Good, isLoggedIn correctly says we're" + " not logged in");
        } else {
            System.out.println("ERROR: isLoggedIn incorrectly says we're" + " logged in");
        }
        try {
            tok.logout();
            System.out.println("ERROR: logged out twice in a row");
        } catch (TokenException e) {
            System.out.println("Good, got an exception when we tried" + " to log out twice in a row");
        }
        try {
            pass1 = new Password(passchar1.clone());
            tok.login(pass1);
            pass1.clear();
            System.out.println("ERROR: logged in with wrong pw");
        } catch (IncorrectPasswordException e) {
            System.out.println("Good, logging in with wrong PIN gave err");
        }
        System.out.println("Test completed");
        tok = null;
    } catch (IncorrectPasswordException e) {
        System.out.println("Got an incorrect PIN: " + e);
    } catch (AlreadyInitializedException e) {
        System.out.println("ERROR: This test only works with uninitialized databases");
    } catch (TokenException e) {
        System.out.println("Token error: " + e);
    } catch (NoSuchTokenException e) {
        System.out.println("ERROR: could not find internal DB token");
    } finally {
        if (pass1 != null) {
            pass1.clear();
        }
        if (pass2 != null) {
            pass2.clear();
        }
    }
// System.gc();
// NativeProxy.assertRegistryEmpty();
// System.runFinalization();
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) NotInitializedException(org.mozilla.jss.NotInitializedException) PK11Token(org.mozilla.jss.pkcs11.PK11Token) CryptoManager(org.mozilla.jss.CryptoManager) AlreadyInitializedException(org.mozilla.jss.crypto.AlreadyInitializedException) IncorrectPasswordException(org.mozilla.jss.util.IncorrectPasswordException) NoSuchTokenException(org.mozilla.jss.NoSuchTokenException) TokenException(org.mozilla.jss.crypto.TokenException) NoSuchTokenException(org.mozilla.jss.NoSuchTokenException) PK11Module(org.mozilla.jss.pkcs11.PK11Module) Password(org.mozilla.jss.util.Password)

Example 3 with TokenException

use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.

the class SSLClientAuth method doIt.

/**
 * @param args
 * @throws java.lang.Exception
 */
public void doIt(String[] args) throws Exception {
    if (args.length < 2) {
        System.out.println("Usage: java org.mozilla.jss.tests." + "SSLClientAuth <dbdir> <passwordFile> [port]" + " [Certificate Serial Number]");
        System.exit(1);
    }
    cm = CryptoManager.getInstance();
    CryptoToken tok = cm.getInternalKeyStorageToken();
    PasswordCallback cb = new FilePasswordCallback(args[1]);
    tok.login(cb);
    if (args.length >= 3) {
        port = Integer.parseInt(args[2]);
        System.out.println("using port:" + port);
    }
    if (args.length >= 4) {
        serialNum = Integer.parseInt(args[3]);
    } else {
        SecureRandom rng = SecureRandom.getInstance("pkcs11prng", "Mozilla-JSS");
        serialNum = nextRandInt(rng);
    }
    X509Certificate[] certs;
    /* ensure certificate does not already exists */
    /* we don't have to test all three */
    serverCertNick = "SSLserver-" + serialNum;
    clientCertNick = "SSLclient-" + serialNum;
    certs = cm.findCertsByNickname(serverCertNick);
    if (certs.length == 0) {
        generateCerts(cm, serialNum);
    } else {
        try {
            nssServerCert = cm.findCertByNickname(serverCertNick);
            nssClientCert = cm.findCertByNickname(clientCertNick);
        } catch (TokenException ex) {
            ex.printStackTrace();
            System.exit(1);
        } catch (ObjectNotFoundException ex) {
            ex.printStackTrace();
            System.exit(1);
        }
    }
    configureDefaultSSLoptions();
    testSpecificCiphers();
    useNickname = false;
    testConnection();
    useNickname = true;
    testConnection();
    System.out.println("Exiting main()");
    if (getSuccess()) {
        System.exit(0);
    } else {
        System.exit(1);
    }
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) TokenException(org.mozilla.jss.crypto.TokenException) ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException) PasswordCallback(org.mozilla.jss.util.PasswordCallback) SecureRandom(java.security.SecureRandom) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Example 4 with TokenException

use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.

the class SocketBase method setClientCertNickname.

/**
 * Sets the nickname of the certificate to use for client authentication.
 */
public void setClientCertNickname(String nick) throws SocketException {
    try {
        CryptoManager cm = CryptoManager.getInstance();
        X509Certificate cert = cm.findCertByNickname(nick);
        setClientCert(cert);
    } catch (NotInitializedException nie) {
        throw new RuntimeException(nie);
    } catch (ObjectNotFoundException onfe) {
        throw new RuntimeException(onfe);
    } catch (TokenException te) {
        throw new RuntimeException(te);
    }
}
Also used : NotInitializedException(org.mozilla.jss.NotInitializedException) ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException) TokenException(org.mozilla.jss.crypto.TokenException) CryptoManager(org.mozilla.jss.CryptoManager) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Example 5 with TokenException

use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.

the class PK11KeyWrapper method wrap.

@Override
public byte[] wrap(SymmetricKey toBeWrapped) throws InvalidKeyException, IllegalStateException, TokenException {
    if (state != WRAP) {
        throw new IllegalStateException();
    }
    if (algorithm == KeyWrapAlgorithm.PLAINTEXT) {
        throw new InvalidKeyException("plaintext wrapping not supported");
    }
    checkWrappee(toBeWrapped);
    if (symKey != null) {
        assert (privKey == null && pubKey == null);
        return nativeWrapSymWithSym(token, toBeWrapped, symKey, algorithm, IV);
    }
    assert (pubKey != null && privKey == null && symKey == null);
    NativeProxy params = null;
    long params_size = 0;
    if (parameters != null) {
        try {
            ((NativeEnclosure) parameters).open();
            params = ((NativeEnclosure) parameters).mPointer;
            params_size = ((NativeEnclosure) parameters).mPointerSize;
        } catch (Exception e) {
            throw new TokenException(e.getMessage(), e);
        }
    }
    try {
        return nativeWrapSymWithPub(token, toBeWrapped, pubKey, algorithm, params, params_size);
    } finally {
        if (parameters != null) {
            try {
                ((NativeEnclosure) parameters).close();
            } catch (Exception e) {
                throw new TokenException(e.getMessage(), e);
            }
        }
    }
}
Also used : NativeProxy(org.mozilla.jss.util.NativeProxy) NativeEnclosure(org.mozilla.jss.util.NativeEnclosure) TokenException(org.mozilla.jss.crypto.TokenException) InvalidKeyException(java.security.InvalidKeyException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) TokenException(org.mozilla.jss.crypto.TokenException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException)

Aggregations

TokenException (org.mozilla.jss.crypto.TokenException)28 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11 NoSuchItemOnTokenException (org.mozilla.jss.crypto.NoSuchItemOnTokenException)10 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)9 CryptoManager (org.mozilla.jss.CryptoManager)9 NotInitializedException (org.mozilla.jss.NotInitializedException)9 InvalidKeyException (java.security.InvalidKeyException)8 NoSuchTokenException (org.mozilla.jss.NoSuchTokenException)8 CryptoToken (org.mozilla.jss.crypto.CryptoToken)8 ObjectNotFoundException (org.mozilla.jss.crypto.ObjectNotFoundException)8 X509Certificate (org.mozilla.jss.crypto.X509Certificate)8 SymmetricKey (org.mozilla.jss.crypto.SymmetricKey)7 SecretKeyFacade (org.mozilla.jss.crypto.SecretKeyFacade)5 CharConversionException (java.io.CharConversionException)4 TokenRuntimeException (org.mozilla.jss.crypto.TokenRuntimeException)4 CertificateException (java.security.cert.CertificateException)3 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)3 PBEKeyGenParams (org.mozilla.jss.crypto.PBEKeyGenParams)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 IOException (java.io.IOException)2