Search in sources :

Example 1 with PK11Token

use of org.mozilla.jss.pkcs11.PK11Token in project jss by dogtagpki.

the class SelfTest method main.

public static void main(String[] args) throws Throwable {
    CryptoToken tok;
    CryptoToken intTok;
    CryptoManager manager;
    Password pass1 = null, pass2 = null;
    java.security.KeyPair keyPair;
    char[] passchar1 = { 'f', 'o', 'o', 'b', 'a', 'r' };
    char[] passchar2 = { 'n', 'e', 't', 's', 'c', 'a', 'p', 'e' };
    if (args.length != 1) {
        System.err.println("Usage: java ...SelfTest <dbdir>");
        return;
    }
    try {
        manager = CryptoManager.getInstance();
    } catch (NotInitializedException e) {
        System.out.println("CryptoManager not initialized");
        return;
    }
    try {
        tok = manager.getTokenByName("asdffda");
        System.out.println("ERROR: found a nonexistent token");
    } catch (NoSuchTokenException e) {
        System.out.println("Good, could not find non-existent token");
    }
    try {
        Enumeration<PK11Module> modules = manager.getModules();
        System.out.println("Modules:");
        while (modules.hasMoreElements()) {
            System.out.println("\t" + modules.nextElement().getName());
        }
        Enumeration<CryptoToken> tokens = manager.getAllTokens();
        System.out.println("All Tokens:");
        while (tokens.hasMoreElements()) {
            System.out.println("\t" + tokens.nextElement().getName());
        }
        Enumeration<CryptoToken> extTokens = manager.getExternalTokens();
        System.out.println("External Tokens:");
        while (extTokens.hasMoreElements()) {
            System.out.println("\t" + extTokens.nextElement().getName());
        }
        tok = manager.getTokenByName("Internal Key Storage Token");
        System.out.println("Good, found internal DB token");
        if (tok.equals(manager.getInternalKeyStorageToken())) {
            System.out.println("Good, it really is the key storage token");
        } else {
            System.out.println("ERROR: it's not the same as the key " + "storage token!");
        }
        if (((PK11Token) tok).isInternalKeyStorageToken()) {
            System.out.println("Good, " + tok.getName() + " knows " + "what it is");
        } else {
            System.out.println("ERROR: " + tok.getName() + " doesn't know" + " it is key storage token");
        }
        intTok = manager.getInternalCryptoToken();
        if (((PK11Token) intTok).isInternalCryptoToken()) {
            System.out.println("Good, " + tok.getName() + " knows it is the internal token");
        } else {
            System.out.println("ERROR: " + tok.getName() + " doesn't know what that it is the internal token");
        }
        if (tok.isLoggedIn() == false) {
            System.out.println("Good, isLoggedIn correctly says we're" + " not logged in");
        } else {
            System.out.println("ERROR: isLoggedIn incorrectly says we're" + " logged in");
        }
        System.out.println("Good, successfully opened token \"" + tok.getName() + "\"");
        pass1 = new Password(passchar1.clone());
        pass2 = new Password(new char[] { 0 });
        tok.initPassword(pass2, pass1);
        pass1.clear();
        pass2.clear();
        System.out.println("Good, initialized PIN");
        tok.logout();
        try {
            pass1 = new Password(passchar2.clone());
            tok.login(pass1);
            System.out.println("ERROR: Successfully logged in with wrong" + " PIN");
        } catch (IncorrectPasswordException e) {
            System.out.println("Good, unable to login with wrong PIN");
        } finally {
            pass1.clear();
        }
        pass1 = new Password(passchar1.clone());
        tok.login(pass1);
        pass1.clear();
        System.out.println("Good, logged in");
        if (tok.isLoggedIn() == true) {
            System.out.println("Good, isLoggedIn correctly says we're" + " logged in");
        } else {
            System.out.println("ERROR: isLoggedIn incorrectly says we're" + " not logged in");
        }
        pass1 = new Password(passchar1.clone());
        pass2 = new Password(passchar2.clone());
        tok.changePassword(pass1, pass2);
        pass1.clear();
        pass2.clear();
        System.out.println("Good, changed PIN");
        try {
            pass1 = new Password(passchar1.clone());
            tok.login(pass1);
            // Should still be logged in
            System.out.println("Good, logging in with wrong PIN ok if " + " already logged in");
        } catch (IncorrectPasswordException e) {
            System.out.println("ERROR: logged in second time with wrong" + "PIN, but we should still be logged in");
        } finally {
            pass1.clear();
        }
        try {
            tok.logout();
            System.out.println("Good, logged out successfully.");
        } catch (TokenException e) {
            System.out.println("ERROR: failed to logout from token");
        }
        if (tok.isLoggedIn() == false) {
            System.out.println("Good, isLoggedIn correctly says we're" + " not logged in");
        } else {
            System.out.println("ERROR: isLoggedIn incorrectly says we're" + " logged in");
        }
        try {
            tok.logout();
            System.out.println("ERROR: logged out twice in a row");
        } catch (TokenException e) {
            System.out.println("Good, got an exception when we tried" + " to log out twice in a row");
        }
        try {
            pass1 = new Password(passchar1.clone());
            tok.login(pass1);
            pass1.clear();
            System.out.println("ERROR: logged in with wrong pw");
        } catch (IncorrectPasswordException e) {
            System.out.println("Good, logging in with wrong PIN gave err");
        }
        System.out.println("Test completed");
        tok = null;
    } catch (IncorrectPasswordException e) {
        System.out.println("Got an incorrect PIN: " + e);
    } catch (AlreadyInitializedException e) {
        System.out.println("ERROR: This test only works with uninitialized databases");
    } catch (TokenException e) {
        System.out.println("Token error: " + e);
    } catch (NoSuchTokenException e) {
        System.out.println("ERROR: could not find internal DB token");
    } finally {
        if (pass1 != null) {
            pass1.clear();
        }
        if (pass2 != null) {
            pass2.clear();
        }
    }
// System.gc();
// NativeProxy.assertRegistryEmpty();
// System.runFinalization();
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) NotInitializedException(org.mozilla.jss.NotInitializedException) PK11Token(org.mozilla.jss.pkcs11.PK11Token) CryptoManager(org.mozilla.jss.CryptoManager) AlreadyInitializedException(org.mozilla.jss.crypto.AlreadyInitializedException) IncorrectPasswordException(org.mozilla.jss.util.IncorrectPasswordException) NoSuchTokenException(org.mozilla.jss.NoSuchTokenException) TokenException(org.mozilla.jss.crypto.TokenException) NoSuchTokenException(org.mozilla.jss.NoSuchTokenException) PK11Module(org.mozilla.jss.pkcs11.PK11Module) Password(org.mozilla.jss.util.Password)

Example 2 with PK11Token

use of org.mozilla.jss.pkcs11.PK11Token in project jss by dogtagpki.

the class FipsTest method main.

public static void main(String[] args) {
    try {
        if (args.length < 2) {
            System.out.println("Usage: FipsTest <dbdir> <fipsmode enter: " + "enable OR disable OR chkfips > <password file>");
            return;
        }
        String dbdir = args[0];
        String fipsmode = args[1];
        String password = "";
        if (args.length == 3) {
            password = args[2];
            System.out.println("The password file " + password);
        }
        InitializationValues vals = new InitializationValues(dbdir);
        System.out.println("output of Initilization values ");
        System.out.println("Manufacturer ID: " + vals.getManufacturerID());
        System.out.println("Library: " + vals.getLibraryDescription());
        System.out.println("Internal Slot: " + vals.getInternalSlotDescription());
        System.out.println("Internal Token: " + vals.getInternalTokenDescription());
        System.out.println("Key Storage Slot: " + vals.getFIPSKeyStorageSlotDescription());
        System.out.println("Key Storage Token: " + vals.getInternalKeyStorageTokenDescription());
        System.out.println("FIPS Slot: " + vals.getFIPSSlotDescription());
        System.out.println("FIPS Key Storage: " + vals.getFIPSKeyStorageSlotDescription());
        if (fipsmode.equalsIgnoreCase("enable")) {
            vals.fipsMode = InitializationValues.FIPSMode.ENABLED;
        } else if (fipsmode.equalsIgnoreCase("disable")) {
            vals.fipsMode = InitializationValues.FIPSMode.DISABLED;
        } else {
            vals.fipsMode = InitializationValues.FIPSMode.UNCHANGED;
        }
        CryptoManager.initialize(vals);
        CryptoManager cm = CryptoManager.getInstance();
        if (cm.FIPSEnabled() == true) {
            System.out.println("\n\t\tFIPS enabled\n");
        } else {
            System.out.println("\n\t\tFIPS not enabled\n");
        }
        Enumeration<PK11Module> modules = cm.getModules();
        System.out.println("\nListing of Modules:");
        while (modules.hasMoreElements()) {
            System.out.println("\t" + modules.nextElement().getName());
        }
        CryptoToken tok;
        String tokenName;
        Enumeration<CryptoToken> tokens = cm.getAllTokens();
        System.out.println("\nAll Tokens:");
        while (tokens.hasMoreElements()) {
            tok = tokens.nextElement();
            System.out.print("\t" + tok.getName());
            if (tok.needsLogin() == true) {
                System.out.println("\t - Needs login.\n");
            } else {
                System.out.println("\t - Does not need login.\n");
            }
        }
        tokens = cm.getExternalTokens();
        System.out.println("\nExternal Tokens:");
        while (tokens.hasMoreElements()) {
            System.out.println("\t" + tokens.nextElement().getName());
        }
        /* find the Internal Key Storage token */
        if (cm.FIPSEnabled() == true) {
            tokenName = vals.getFIPSSlotDescription();
        } else {
            tokenName = vals.getInternalKeyStorageTokenDescription();
        }
        /* truncate to 32 bytes and remove trailing white space*/
        tokenName = tokenName.substring(0, 32);
        tokenName = tokenName.trim();
        System.out.println("\nFinding the Internal Key Storage token: " + tokenName);
        tok = cm.getTokenByName(tokenName);
        if (((PK11Token) tok).isInternalKeyStorageToken() && tok.equals(cm.getInternalKeyStorageToken())) {
            System.out.println("Good, " + tok.getName() + ", knows it is " + "the internal Key Storage Token");
        } else {
            System.out.println("ERROR: " + tok.getName() + ", doesn't know" + " it is the internal key storage token");
        }
        if (!password.equals("")) {
            System.out.println("logging in to the Token: " + tok.getName());
            PasswordCallback cb = new FilePasswordCallback(password);
            tok.login(cb);
            System.out.println("logged in to the Token: " + tok.getName());
        }
        /* find the Internal Crypto token */
        if (cm.FIPSEnabled() == true) {
            tokenName = vals.getFIPSSlotDescription();
        } else {
            tokenName = vals.getInternalTokenDescription();
        }
        /* truncate to 32 bytes and remove trailing white space*/
        tokenName = tokenName.substring(0, 32);
        tokenName = tokenName.trim();
        System.out.println("\nFinding the Internal Crypto token: " + tokenName);
        tok = cm.getTokenByName(tokenName);
        if (((PK11Token) tok).isInternalCryptoToken() && tok.equals(cm.getInternalCryptoToken())) {
            System.out.println("Good, " + tok.getName() + ", knows it is the internal Crypto token");
        } else {
            System.out.println("ERROR: " + tok.getName() + ", doesn't know that it is the internal Crypto token");
        }
        System.exit(0);
    } catch (Exception e) {
        e.printStackTrace();
        System.exit(1);
    }
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) InitializationValues(org.mozilla.jss.InitializationValues) PasswordCallback(org.mozilla.jss.util.PasswordCallback) CryptoManager(org.mozilla.jss.CryptoManager) PK11Module(org.mozilla.jss.pkcs11.PK11Module)

Example 3 with PK11Token

use of org.mozilla.jss.pkcs11.PK11Token in project jss by dogtagpki.

the class SigTest method main.

public static void main(String[] args) throws Exception {
    CryptoToken token;
    CryptoManager manager;
    byte[] data = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    byte[] signature;
    Signature signer;
    Signature signerPSS;
    PublicKey pubk;
    KeyPairGenerator kpgen;
    KeyPair keyPair;
    if (args.length < 2 || args.length > 3) {
        usage();
        System.exit(1);
    }
    manager = CryptoManager.getInstance();
    manager.setPasswordCallback(new FilePasswordCallback(args[1]));
    /* Print out list of available tokens */
    Enumeration<CryptoToken> en = manager.getAllTokens();
    System.out.println("Available tokens:");
    while (en.hasMoreElements()) {
        PK11Token p = (PK11Token) en.nextElement();
        System.out.println(" token : " + p.getName());
    }
    if (args.length >= 3) {
        token = manager.getTokenByName(args[2]);
    } else {
        // get default internal key storage token
        token = manager.getInternalKeyStorageToken();
    }
    // Generate an RSA keypair
    kpgen = token.getKeyPairGenerator(KeyPairAlgorithm.RSA);
    kpgen.initialize(Policy.RSA_MINIMUM_KEY_SIZE);
    KeyPairGeneratorSpi.Usage[] usages = { KeyPairGeneratorSpi.Usage.SIGN, KeyPairGeneratorSpi.Usage.VERIFY };
    KeyPairGeneratorSpi.Usage[] usages_mask = { KeyPairGeneratorSpi.Usage.SIGN, KeyPairGeneratorSpi.Usage.VERIFY };
    kpgen.setKeyPairUsages(usages, usages_mask);
    keyPair = kpgen.genKeyPair();
    // RSA SHA256
    signer = token.getSignatureContext(SignatureAlgorithm.RSASignatureWithSHA256Digest);
    System.out.println("Created a signing context");
    signer.initSign((org.mozilla.jss.crypto.PrivateKey) keyPair.getPrivate());
    System.out.println("initialized the signing operation");
    signer.update(data);
    System.out.println("updated signature with data");
    signature = signer.sign();
    System.out.println("Successfully signed!");
    signer.initVerify(keyPair.getPublic());
    System.out.println("initialized verification");
    signer.update(data);
    System.out.println("updated verification with data");
    if (signer.verify(signature)) {
        System.out.println("Signature Verified Successfully!");
    } else {
        throw new Exception("ERROR: Signature failed to verify.");
    }
    signerPSS = token.getSignatureContext(SignatureAlgorithm.RSAPSSSignatureWithSHA256Digest);
    signerPSS.initSign((org.mozilla.jss.crypto.PrivateKey) keyPair.getPrivate());
    signerPSS.update(data);
    signature = signerPSS.sign();
    System.out.println("PSS Successfully signed!");
    signerPSS.initVerify(keyPair.getPublic());
    signerPSS.update(data);
    System.out.println("updated verification with data");
    if (signerPSS.verify(signature)) {
        System.out.println("PSS Signature Verified Successfully!");
    } else {
        throw new Exception("ERROR: PSS Signature failed to verify.");
    }
    System.out.println("SigTest passed.");
}
Also used : KeyPair(java.security.KeyPair) CryptoToken(org.mozilla.jss.crypto.CryptoToken) PK11Token(org.mozilla.jss.pkcs11.PK11Token) PublicKey(java.security.PublicKey) CryptoManager(org.mozilla.jss.CryptoManager) KeyPairGenerator(org.mozilla.jss.crypto.KeyPairGenerator) Signature(org.mozilla.jss.crypto.Signature)

Example 4 with PK11Token

use of org.mozilla.jss.pkcs11.PK11Token in project jss by dogtagpki.

the class CryptoManager method reloadModules.

/**
 * Re-creates the Vector of modules that is stored by CryptoManager.
 * This entails going into native code to enumerate all modules,
 * wrap each one in a PK11Module, and storing the PK11Module in the vector.
 */
private synchronized void reloadModules() {
    moduleVector = new Vector<>();
    putModulesInVector(moduleVector);
    // Get the internal tokens
    Enumeration<CryptoToken> tokens = getAllTokens();
    internalCryptoToken = null;
    internalKeyStorageToken = null;
    while (tokens.hasMoreElements()) {
        PK11Token token = (PK11Token) tokens.nextElement();
        if (token.isInternalCryptoToken()) {
            assert (internalCryptoToken == null);
            internalCryptoToken = token;
        }
        if (token.isInternalKeyStorageToken()) {
            assert (internalKeyStorageToken == null);
            internalKeyStorageToken = token;
        }
    }
    assert (internalKeyStorageToken != null);
    assert (internalCryptoToken != null);
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) PK11Token(org.mozilla.jss.pkcs11.PK11Token)

Example 5 with PK11Token

use of org.mozilla.jss.pkcs11.PK11Token in project jss by dogtagpki.

the class CryptoManager method getExternalTokens.

/**
 * Retrieves all tokens except those built into NSS.
 * This excludes the internal token and the internal
 * key storage token (which are one and the same in FIPS mode).
 *
 * @return All tokens accessible from JSS, except for the built-in
 *      internal tokens.
 */
public synchronized Enumeration<CryptoToken> getExternalTokens() {
    Enumeration<PK11Module> modules = getModules();
    Enumeration<CryptoToken> tokens;
    PK11Token token;
    Vector<CryptoToken> allTokens = new Vector<>();
    while (modules.hasMoreElements()) {
        tokens = modules.nextElement().getTokens();
        while (tokens.hasMoreElements()) {
            token = (PK11Token) tokens.nextElement();
            if (!token.isInternalCryptoToken() && !token.isInternalKeyStorageToken()) {
                allTokens.addElement(token);
            }
        }
    }
    return allTokens.elements();
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) PK11Token(org.mozilla.jss.pkcs11.PK11Token) PK11Module(org.mozilla.jss.pkcs11.PK11Module) Vector(java.util.Vector)

Aggregations

CryptoToken (org.mozilla.jss.crypto.CryptoToken)5 PK11Token (org.mozilla.jss.pkcs11.PK11Token)4 CryptoManager (org.mozilla.jss.CryptoManager)3 PK11Module (org.mozilla.jss.pkcs11.PK11Module)3 KeyPair (java.security.KeyPair)1 PublicKey (java.security.PublicKey)1 Vector (java.util.Vector)1 InitializationValues (org.mozilla.jss.InitializationValues)1 NoSuchTokenException (org.mozilla.jss.NoSuchTokenException)1 NotInitializedException (org.mozilla.jss.NotInitializedException)1 AlreadyInitializedException (org.mozilla.jss.crypto.AlreadyInitializedException)1 KeyPairGenerator (org.mozilla.jss.crypto.KeyPairGenerator)1 Signature (org.mozilla.jss.crypto.Signature)1 TokenException (org.mozilla.jss.crypto.TokenException)1 IncorrectPasswordException (org.mozilla.jss.util.IncorrectPasswordException)1 Password (org.mozilla.jss.util.Password)1 PasswordCallback (org.mozilla.jss.util.PasswordCallback)1