use of org.mozilla.jss.pkcs11.PK11Token in project jss by dogtagpki.
the class SelfTest method main.
public static void main(String[] args) throws Throwable {
CryptoToken tok;
CryptoToken intTok;
CryptoManager manager;
Password pass1 = null, pass2 = null;
java.security.KeyPair keyPair;
char[] passchar1 = { 'f', 'o', 'o', 'b', 'a', 'r' };
char[] passchar2 = { 'n', 'e', 't', 's', 'c', 'a', 'p', 'e' };
if (args.length != 1) {
System.err.println("Usage: java ...SelfTest <dbdir>");
return;
}
try {
manager = CryptoManager.getInstance();
} catch (NotInitializedException e) {
System.out.println("CryptoManager not initialized");
return;
}
try {
tok = manager.getTokenByName("asdffda");
System.out.println("ERROR: found a nonexistent token");
} catch (NoSuchTokenException e) {
System.out.println("Good, could not find non-existent token");
}
try {
Enumeration<PK11Module> modules = manager.getModules();
System.out.println("Modules:");
while (modules.hasMoreElements()) {
System.out.println("\t" + modules.nextElement().getName());
}
Enumeration<CryptoToken> tokens = manager.getAllTokens();
System.out.println("All Tokens:");
while (tokens.hasMoreElements()) {
System.out.println("\t" + tokens.nextElement().getName());
}
Enumeration<CryptoToken> extTokens = manager.getExternalTokens();
System.out.println("External Tokens:");
while (extTokens.hasMoreElements()) {
System.out.println("\t" + extTokens.nextElement().getName());
}
tok = manager.getTokenByName("Internal Key Storage Token");
System.out.println("Good, found internal DB token");
if (tok.equals(manager.getInternalKeyStorageToken())) {
System.out.println("Good, it really is the key storage token");
} else {
System.out.println("ERROR: it's not the same as the key " + "storage token!");
}
if (((PK11Token) tok).isInternalKeyStorageToken()) {
System.out.println("Good, " + tok.getName() + " knows " + "what it is");
} else {
System.out.println("ERROR: " + tok.getName() + " doesn't know" + " it is key storage token");
}
intTok = manager.getInternalCryptoToken();
if (((PK11Token) intTok).isInternalCryptoToken()) {
System.out.println("Good, " + tok.getName() + " knows it is the internal token");
} else {
System.out.println("ERROR: " + tok.getName() + " doesn't know what that it is the internal token");
}
if (tok.isLoggedIn() == false) {
System.out.println("Good, isLoggedIn correctly says we're" + " not logged in");
} else {
System.out.println("ERROR: isLoggedIn incorrectly says we're" + " logged in");
}
System.out.println("Good, successfully opened token \"" + tok.getName() + "\"");
pass1 = new Password(passchar1.clone());
pass2 = new Password(new char[] { 0 });
tok.initPassword(pass2, pass1);
pass1.clear();
pass2.clear();
System.out.println("Good, initialized PIN");
tok.logout();
try {
pass1 = new Password(passchar2.clone());
tok.login(pass1);
System.out.println("ERROR: Successfully logged in with wrong" + " PIN");
} catch (IncorrectPasswordException e) {
System.out.println("Good, unable to login with wrong PIN");
} finally {
pass1.clear();
}
pass1 = new Password(passchar1.clone());
tok.login(pass1);
pass1.clear();
System.out.println("Good, logged in");
if (tok.isLoggedIn() == true) {
System.out.println("Good, isLoggedIn correctly says we're" + " logged in");
} else {
System.out.println("ERROR: isLoggedIn incorrectly says we're" + " not logged in");
}
pass1 = new Password(passchar1.clone());
pass2 = new Password(passchar2.clone());
tok.changePassword(pass1, pass2);
pass1.clear();
pass2.clear();
System.out.println("Good, changed PIN");
try {
pass1 = new Password(passchar1.clone());
tok.login(pass1);
// Should still be logged in
System.out.println("Good, logging in with wrong PIN ok if " + " already logged in");
} catch (IncorrectPasswordException e) {
System.out.println("ERROR: logged in second time with wrong" + "PIN, but we should still be logged in");
} finally {
pass1.clear();
}
try {
tok.logout();
System.out.println("Good, logged out successfully.");
} catch (TokenException e) {
System.out.println("ERROR: failed to logout from token");
}
if (tok.isLoggedIn() == false) {
System.out.println("Good, isLoggedIn correctly says we're" + " not logged in");
} else {
System.out.println("ERROR: isLoggedIn incorrectly says we're" + " logged in");
}
try {
tok.logout();
System.out.println("ERROR: logged out twice in a row");
} catch (TokenException e) {
System.out.println("Good, got an exception when we tried" + " to log out twice in a row");
}
try {
pass1 = new Password(passchar1.clone());
tok.login(pass1);
pass1.clear();
System.out.println("ERROR: logged in with wrong pw");
} catch (IncorrectPasswordException e) {
System.out.println("Good, logging in with wrong PIN gave err");
}
System.out.println("Test completed");
tok = null;
} catch (IncorrectPasswordException e) {
System.out.println("Got an incorrect PIN: " + e);
} catch (AlreadyInitializedException e) {
System.out.println("ERROR: This test only works with uninitialized databases");
} catch (TokenException e) {
System.out.println("Token error: " + e);
} catch (NoSuchTokenException e) {
System.out.println("ERROR: could not find internal DB token");
} finally {
if (pass1 != null) {
pass1.clear();
}
if (pass2 != null) {
pass2.clear();
}
}
// System.gc();
// NativeProxy.assertRegistryEmpty();
// System.runFinalization();
}
use of org.mozilla.jss.pkcs11.PK11Token in project jss by dogtagpki.
the class FipsTest method main.
public static void main(String[] args) {
try {
if (args.length < 2) {
System.out.println("Usage: FipsTest <dbdir> <fipsmode enter: " + "enable OR disable OR chkfips > <password file>");
return;
}
String dbdir = args[0];
String fipsmode = args[1];
String password = "";
if (args.length == 3) {
password = args[2];
System.out.println("The password file " + password);
}
InitializationValues vals = new InitializationValues(dbdir);
System.out.println("output of Initilization values ");
System.out.println("Manufacturer ID: " + vals.getManufacturerID());
System.out.println("Library: " + vals.getLibraryDescription());
System.out.println("Internal Slot: " + vals.getInternalSlotDescription());
System.out.println("Internal Token: " + vals.getInternalTokenDescription());
System.out.println("Key Storage Slot: " + vals.getFIPSKeyStorageSlotDescription());
System.out.println("Key Storage Token: " + vals.getInternalKeyStorageTokenDescription());
System.out.println("FIPS Slot: " + vals.getFIPSSlotDescription());
System.out.println("FIPS Key Storage: " + vals.getFIPSKeyStorageSlotDescription());
if (fipsmode.equalsIgnoreCase("enable")) {
vals.fipsMode = InitializationValues.FIPSMode.ENABLED;
} else if (fipsmode.equalsIgnoreCase("disable")) {
vals.fipsMode = InitializationValues.FIPSMode.DISABLED;
} else {
vals.fipsMode = InitializationValues.FIPSMode.UNCHANGED;
}
CryptoManager.initialize(vals);
CryptoManager cm = CryptoManager.getInstance();
if (cm.FIPSEnabled() == true) {
System.out.println("\n\t\tFIPS enabled\n");
} else {
System.out.println("\n\t\tFIPS not enabled\n");
}
Enumeration<PK11Module> modules = cm.getModules();
System.out.println("\nListing of Modules:");
while (modules.hasMoreElements()) {
System.out.println("\t" + modules.nextElement().getName());
}
CryptoToken tok;
String tokenName;
Enumeration<CryptoToken> tokens = cm.getAllTokens();
System.out.println("\nAll Tokens:");
while (tokens.hasMoreElements()) {
tok = tokens.nextElement();
System.out.print("\t" + tok.getName());
if (tok.needsLogin() == true) {
System.out.println("\t - Needs login.\n");
} else {
System.out.println("\t - Does not need login.\n");
}
}
tokens = cm.getExternalTokens();
System.out.println("\nExternal Tokens:");
while (tokens.hasMoreElements()) {
System.out.println("\t" + tokens.nextElement().getName());
}
/* find the Internal Key Storage token */
if (cm.FIPSEnabled() == true) {
tokenName = vals.getFIPSSlotDescription();
} else {
tokenName = vals.getInternalKeyStorageTokenDescription();
}
/* truncate to 32 bytes and remove trailing white space*/
tokenName = tokenName.substring(0, 32);
tokenName = tokenName.trim();
System.out.println("\nFinding the Internal Key Storage token: " + tokenName);
tok = cm.getTokenByName(tokenName);
if (((PK11Token) tok).isInternalKeyStorageToken() && tok.equals(cm.getInternalKeyStorageToken())) {
System.out.println("Good, " + tok.getName() + ", knows it is " + "the internal Key Storage Token");
} else {
System.out.println("ERROR: " + tok.getName() + ", doesn't know" + " it is the internal key storage token");
}
if (!password.equals("")) {
System.out.println("logging in to the Token: " + tok.getName());
PasswordCallback cb = new FilePasswordCallback(password);
tok.login(cb);
System.out.println("logged in to the Token: " + tok.getName());
}
/* find the Internal Crypto token */
if (cm.FIPSEnabled() == true) {
tokenName = vals.getFIPSSlotDescription();
} else {
tokenName = vals.getInternalTokenDescription();
}
/* truncate to 32 bytes and remove trailing white space*/
tokenName = tokenName.substring(0, 32);
tokenName = tokenName.trim();
System.out.println("\nFinding the Internal Crypto token: " + tokenName);
tok = cm.getTokenByName(tokenName);
if (((PK11Token) tok).isInternalCryptoToken() && tok.equals(cm.getInternalCryptoToken())) {
System.out.println("Good, " + tok.getName() + ", knows it is the internal Crypto token");
} else {
System.out.println("ERROR: " + tok.getName() + ", doesn't know that it is the internal Crypto token");
}
System.exit(0);
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
}
use of org.mozilla.jss.pkcs11.PK11Token in project jss by dogtagpki.
the class SigTest method main.
public static void main(String[] args) throws Exception {
CryptoToken token;
CryptoManager manager;
byte[] data = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9 };
byte[] signature;
Signature signer;
Signature signerPSS;
PublicKey pubk;
KeyPairGenerator kpgen;
KeyPair keyPair;
if (args.length < 2 || args.length > 3) {
usage();
System.exit(1);
}
manager = CryptoManager.getInstance();
manager.setPasswordCallback(new FilePasswordCallback(args[1]));
/* Print out list of available tokens */
Enumeration<CryptoToken> en = manager.getAllTokens();
System.out.println("Available tokens:");
while (en.hasMoreElements()) {
PK11Token p = (PK11Token) en.nextElement();
System.out.println(" token : " + p.getName());
}
if (args.length >= 3) {
token = manager.getTokenByName(args[2]);
} else {
// get default internal key storage token
token = manager.getInternalKeyStorageToken();
}
// Generate an RSA keypair
kpgen = token.getKeyPairGenerator(KeyPairAlgorithm.RSA);
kpgen.initialize(Policy.RSA_MINIMUM_KEY_SIZE);
KeyPairGeneratorSpi.Usage[] usages = { KeyPairGeneratorSpi.Usage.SIGN, KeyPairGeneratorSpi.Usage.VERIFY };
KeyPairGeneratorSpi.Usage[] usages_mask = { KeyPairGeneratorSpi.Usage.SIGN, KeyPairGeneratorSpi.Usage.VERIFY };
kpgen.setKeyPairUsages(usages, usages_mask);
keyPair = kpgen.genKeyPair();
// RSA SHA256
signer = token.getSignatureContext(SignatureAlgorithm.RSASignatureWithSHA256Digest);
System.out.println("Created a signing context");
signer.initSign((org.mozilla.jss.crypto.PrivateKey) keyPair.getPrivate());
System.out.println("initialized the signing operation");
signer.update(data);
System.out.println("updated signature with data");
signature = signer.sign();
System.out.println("Successfully signed!");
signer.initVerify(keyPair.getPublic());
System.out.println("initialized verification");
signer.update(data);
System.out.println("updated verification with data");
if (signer.verify(signature)) {
System.out.println("Signature Verified Successfully!");
} else {
throw new Exception("ERROR: Signature failed to verify.");
}
signerPSS = token.getSignatureContext(SignatureAlgorithm.RSAPSSSignatureWithSHA256Digest);
signerPSS.initSign((org.mozilla.jss.crypto.PrivateKey) keyPair.getPrivate());
signerPSS.update(data);
signature = signerPSS.sign();
System.out.println("PSS Successfully signed!");
signerPSS.initVerify(keyPair.getPublic());
signerPSS.update(data);
System.out.println("updated verification with data");
if (signerPSS.verify(signature)) {
System.out.println("PSS Signature Verified Successfully!");
} else {
throw new Exception("ERROR: PSS Signature failed to verify.");
}
System.out.println("SigTest passed.");
}
use of org.mozilla.jss.pkcs11.PK11Token in project jss by dogtagpki.
the class CryptoManager method reloadModules.
/**
* Re-creates the Vector of modules that is stored by CryptoManager.
* This entails going into native code to enumerate all modules,
* wrap each one in a PK11Module, and storing the PK11Module in the vector.
*/
private synchronized void reloadModules() {
moduleVector = new Vector<>();
putModulesInVector(moduleVector);
// Get the internal tokens
Enumeration<CryptoToken> tokens = getAllTokens();
internalCryptoToken = null;
internalKeyStorageToken = null;
while (tokens.hasMoreElements()) {
PK11Token token = (PK11Token) tokens.nextElement();
if (token.isInternalCryptoToken()) {
assert (internalCryptoToken == null);
internalCryptoToken = token;
}
if (token.isInternalKeyStorageToken()) {
assert (internalKeyStorageToken == null);
internalKeyStorageToken = token;
}
}
assert (internalKeyStorageToken != null);
assert (internalCryptoToken != null);
}
use of org.mozilla.jss.pkcs11.PK11Token in project jss by dogtagpki.
the class CryptoManager method getExternalTokens.
/**
* Retrieves all tokens except those built into NSS.
* This excludes the internal token and the internal
* key storage token (which are one and the same in FIPS mode).
*
* @return All tokens accessible from JSS, except for the built-in
* internal tokens.
*/
public synchronized Enumeration<CryptoToken> getExternalTokens() {
Enumeration<PK11Module> modules = getModules();
Enumeration<CryptoToken> tokens;
PK11Token token;
Vector<CryptoToken> allTokens = new Vector<>();
while (modules.hasMoreElements()) {
tokens = modules.nextElement().getTokens();
while (tokens.hasMoreElements()) {
token = (PK11Token) tokens.nextElement();
if (!token.isInternalCryptoToken() && !token.isInternalKeyStorageToken()) {
allTokens.addElement(token);
}
}
}
return allTokens.elements();
}
Aggregations