Search in sources :

Example 1 with IncorrectPasswordException

use of org.mozilla.jss.util.IncorrectPasswordException in project jss by dogtagpki.

the class SelfTest method main.

public static void main(String[] args) throws Throwable {
    CryptoToken tok;
    CryptoToken intTok;
    CryptoManager manager;
    Password pass1 = null, pass2 = null;
    java.security.KeyPair keyPair;
    char[] passchar1 = { 'f', 'o', 'o', 'b', 'a', 'r' };
    char[] passchar2 = { 'n', 'e', 't', 's', 'c', 'a', 'p', 'e' };
    if (args.length != 1) {
        System.err.println("Usage: java ...SelfTest <dbdir>");
        return;
    }
    try {
        manager = CryptoManager.getInstance();
    } catch (NotInitializedException e) {
        System.out.println("CryptoManager not initialized");
        return;
    }
    try {
        tok = manager.getTokenByName("asdffda");
        System.out.println("ERROR: found a nonexistent token");
    } catch (NoSuchTokenException e) {
        System.out.println("Good, could not find non-existent token");
    }
    try {
        Enumeration<PK11Module> modules = manager.getModules();
        System.out.println("Modules:");
        while (modules.hasMoreElements()) {
            System.out.println("\t" + modules.nextElement().getName());
        }
        Enumeration<CryptoToken> tokens = manager.getAllTokens();
        System.out.println("All Tokens:");
        while (tokens.hasMoreElements()) {
            System.out.println("\t" + tokens.nextElement().getName());
        }
        Enumeration<CryptoToken> extTokens = manager.getExternalTokens();
        System.out.println("External Tokens:");
        while (extTokens.hasMoreElements()) {
            System.out.println("\t" + extTokens.nextElement().getName());
        }
        tok = manager.getTokenByName("Internal Key Storage Token");
        System.out.println("Good, found internal DB token");
        if (tok.equals(manager.getInternalKeyStorageToken())) {
            System.out.println("Good, it really is the key storage token");
        } else {
            System.out.println("ERROR: it's not the same as the key " + "storage token!");
        }
        if (((PK11Token) tok).isInternalKeyStorageToken()) {
            System.out.println("Good, " + tok.getName() + " knows " + "what it is");
        } else {
            System.out.println("ERROR: " + tok.getName() + " doesn't know" + " it is key storage token");
        }
        intTok = manager.getInternalCryptoToken();
        if (((PK11Token) intTok).isInternalCryptoToken()) {
            System.out.println("Good, " + tok.getName() + " knows it is the internal token");
        } else {
            System.out.println("ERROR: " + tok.getName() + " doesn't know what that it is the internal token");
        }
        if (tok.isLoggedIn() == false) {
            System.out.println("Good, isLoggedIn correctly says we're" + " not logged in");
        } else {
            System.out.println("ERROR: isLoggedIn incorrectly says we're" + " logged in");
        }
        System.out.println("Good, successfully opened token \"" + tok.getName() + "\"");
        pass1 = new Password(passchar1.clone());
        pass2 = new Password(new char[] { 0 });
        tok.initPassword(pass2, pass1);
        pass1.clear();
        pass2.clear();
        System.out.println("Good, initialized PIN");
        tok.logout();
        try {
            pass1 = new Password(passchar2.clone());
            tok.login(pass1);
            System.out.println("ERROR: Successfully logged in with wrong" + " PIN");
        } catch (IncorrectPasswordException e) {
            System.out.println("Good, unable to login with wrong PIN");
        } finally {
            pass1.clear();
        }
        pass1 = new Password(passchar1.clone());
        tok.login(pass1);
        pass1.clear();
        System.out.println("Good, logged in");
        if (tok.isLoggedIn() == true) {
            System.out.println("Good, isLoggedIn correctly says we're" + " logged in");
        } else {
            System.out.println("ERROR: isLoggedIn incorrectly says we're" + " not logged in");
        }
        pass1 = new Password(passchar1.clone());
        pass2 = new Password(passchar2.clone());
        tok.changePassword(pass1, pass2);
        pass1.clear();
        pass2.clear();
        System.out.println("Good, changed PIN");
        try {
            pass1 = new Password(passchar1.clone());
            tok.login(pass1);
            // Should still be logged in
            System.out.println("Good, logging in with wrong PIN ok if " + " already logged in");
        } catch (IncorrectPasswordException e) {
            System.out.println("ERROR: logged in second time with wrong" + "PIN, but we should still be logged in");
        } finally {
            pass1.clear();
        }
        try {
            tok.logout();
            System.out.println("Good, logged out successfully.");
        } catch (TokenException e) {
            System.out.println("ERROR: failed to logout from token");
        }
        if (tok.isLoggedIn() == false) {
            System.out.println("Good, isLoggedIn correctly says we're" + " not logged in");
        } else {
            System.out.println("ERROR: isLoggedIn incorrectly says we're" + " logged in");
        }
        try {
            tok.logout();
            System.out.println("ERROR: logged out twice in a row");
        } catch (TokenException e) {
            System.out.println("Good, got an exception when we tried" + " to log out twice in a row");
        }
        try {
            pass1 = new Password(passchar1.clone());
            tok.login(pass1);
            pass1.clear();
            System.out.println("ERROR: logged in with wrong pw");
        } catch (IncorrectPasswordException e) {
            System.out.println("Good, logging in with wrong PIN gave err");
        }
        System.out.println("Test completed");
        tok = null;
    } catch (IncorrectPasswordException e) {
        System.out.println("Got an incorrect PIN: " + e);
    } catch (AlreadyInitializedException e) {
        System.out.println("ERROR: This test only works with uninitialized databases");
    } catch (TokenException e) {
        System.out.println("Token error: " + e);
    } catch (NoSuchTokenException e) {
        System.out.println("ERROR: could not find internal DB token");
    } finally {
        if (pass1 != null) {
            pass1.clear();
        }
        if (pass2 != null) {
            pass2.clear();
        }
    }
// System.gc();
// NativeProxy.assertRegistryEmpty();
// System.runFinalization();
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) NotInitializedException(org.mozilla.jss.NotInitializedException) PK11Token(org.mozilla.jss.pkcs11.PK11Token) CryptoManager(org.mozilla.jss.CryptoManager) AlreadyInitializedException(org.mozilla.jss.crypto.AlreadyInitializedException) IncorrectPasswordException(org.mozilla.jss.util.IncorrectPasswordException) NoSuchTokenException(org.mozilla.jss.NoSuchTokenException) TokenException(org.mozilla.jss.crypto.TokenException) NoSuchTokenException(org.mozilla.jss.NoSuchTokenException) PK11Module(org.mozilla.jss.pkcs11.PK11Module) Password(org.mozilla.jss.util.Password)

Example 2 with IncorrectPasswordException

use of org.mozilla.jss.util.IncorrectPasswordException in project jss by dogtagpki.

the class TokenCallbackInfo method changePassword.

/**
 * Change password.  This changes the user's PIN after it has already
 * been initialized.
 *
 * @param oldPINcb The user's old PIN callback.
 * @param newPINcb The new PIN callback.
 * @exception IncorrectPasswordException If the old PIN is incorrect.
 * @exception TokenException If some other error occurs on the token.
 */
@Override
public void changePassword(PasswordCallback oldPINcb, PasswordCallback newPINcb) throws IncorrectPasswordException, TokenException {
    byte[] oldPW = null;
    byte[] newPW = null;
    Password oldPIN = null;
    Password newPIN = null;
    PasswordCallbackInfo pwcb = makePWCBInfo();
    if (oldPINcb == null) {
        oldPINcb = new NullPasswordCallback();
    }
    if (newPINcb == null) {
        newPINcb = new NullPasswordCallback();
    }
    try {
        // Verify the old password
        oldPIN = oldPINcb.getPasswordFirstAttempt(pwcb);
        oldPW = Tunnel.getPasswordByteCopy(oldPIN);
        if (!userPasswordIsCorrect(oldPW)) {
            do {
                Password.wipeBytes(oldPW);
                oldPIN.clear();
                oldPIN = oldPINcb.getPasswordAgain(pwcb);
                oldPW = Tunnel.getPasswordByteCopy(oldPIN);
            } while (!userPasswordIsCorrect(oldPW));
        }
        // Now change the PIN
        newPIN = newPINcb.getPasswordFirstAttempt(pwcb);
        newPW = Tunnel.getPasswordByteCopy(newPIN);
        changePassword(oldPW, newPW);
    } catch (PasswordCallback.GiveUpException e) {
        throw new IncorrectPasswordException(e.toString());
    } finally {
        if (oldPW != null) {
            Password.wipeBytes(oldPW);
        }
        if (oldPIN != null) {
            oldPIN.clear();
        }
        if (newPW != null) {
            Password.wipeBytes(newPW);
        }
        if (newPIN != null) {
            newPIN.clear();
        }
    }
}
Also used : IncorrectPasswordException(org.mozilla.jss.util.IncorrectPasswordException) PasswordCallback(org.mozilla.jss.util.PasswordCallback) NullPasswordCallback(org.mozilla.jss.util.NullPasswordCallback) NullPasswordCallback(org.mozilla.jss.util.NullPasswordCallback) PasswordCallbackInfo(org.mozilla.jss.util.PasswordCallbackInfo) Password(org.mozilla.jss.util.Password)

Example 3 with IncorrectPasswordException

use of org.mozilla.jss.util.IncorrectPasswordException in project jss by dogtagpki.

the class TokenCallbackInfo method initPassword.

/**
 * Determines whether this is a removable token. For example, a smart card
 * is removable, while the Netscape internal module and a hardware
 * accelerator card are not removable.
 * @return true if the token is removable, false otherwise.
 */
// public native boolean isRemovable();
/**
 * Initialize PIN.  This sets the user's new PIN, using the current
 * security officer PIN for authentication.
 *
 * @param ssopwcb The security officer's current password callback.
 * @param userpwcb The user's new password callback.
 * @exception IncorrectPasswordException If the security officer PIN is
 *  incorrect.
 * @exception AlreadyInitializedException If the password hasn't already
 *  been set.
 * @exception TokenException If the PIN was already initialized,
 *  or there was an unspecified error in the token.
 */
@Override
public void initPassword(PasswordCallback ssopwcb, PasswordCallback userpwcb) throws IncorrectPasswordException, AlreadyInitializedException, TokenException {
    byte[] ssopwArray = null;
    byte[] userpwArray = null;
    Password ssopw = null;
    Password userpw = null;
    PasswordCallbackInfo pwcb = makePWCBInfo();
    if (ssopwcb == null) {
        ssopwcb = new NullPasswordCallback();
    }
    if (userpwcb == null) {
        userpwcb = new NullPasswordCallback();
    }
    try {
        // checks for the internal module
        if (!PWInitable()) {
            throw new AlreadyInitializedException();
        }
        // Verify the SSO Password, except on internal module
        if (isInternalKeyStorageToken()) {
            ssopwArray = new byte[] { 0 };
        } else {
            ssopw = ssopwcb.getPasswordFirstAttempt(pwcb);
            ssopwArray = Tunnel.getPasswordByteCopy(ssopw);
            while (!SSOPasswordIsCorrect(ssopwArray)) {
                Password.wipeBytes(ssopwArray);
                ssopw.clear();
                ssopw = ssopwcb.getPasswordAgain(pwcb);
                ssopwArray = Tunnel.getPasswordByteCopy(ssopw);
            }
        }
        // Now change the PIN
        userpw = userpwcb.getPasswordFirstAttempt(pwcb);
        userpwArray = Tunnel.getPasswordByteCopy(userpw);
        initPassword(ssopwArray, userpwArray);
    } catch (PasswordCallback.GiveUpException e) {
        throw new IncorrectPasswordException(e.toString());
    } finally {
        // zero-out the arrays
        if (ssopwArray != null) {
            Password.wipeBytes(ssopwArray);
        }
        if (ssopw != null) {
            ssopw.clear();
        }
        if (userpwArray != null) {
            Password.wipeBytes(userpwArray);
        }
        if (userpw != null) {
            userpw.clear();
        }
    }
}
Also used : IncorrectPasswordException(org.mozilla.jss.util.IncorrectPasswordException) PasswordCallback(org.mozilla.jss.util.PasswordCallback) NullPasswordCallback(org.mozilla.jss.util.NullPasswordCallback) NullPasswordCallback(org.mozilla.jss.util.NullPasswordCallback) PasswordCallbackInfo(org.mozilla.jss.util.PasswordCallbackInfo) AlreadyInitializedException(org.mozilla.jss.crypto.AlreadyInitializedException) Password(org.mozilla.jss.util.Password)

Example 4 with IncorrectPasswordException

use of org.mozilla.jss.util.IncorrectPasswordException in project tomcatjss by dogtagpki.

the class TomcatJSS method login.

public void login(String tag) throws Exception {
    CryptoToken token = getToken(tag);
    if (token.isLoggedIn()) {
        logger.debug("TomcatJSS: already logged into " + tag);
        return;
    }
    logger.debug("TomcatJSS: logging into " + tag);
    int iteration = 0;
    do {
        String strPassword = passwordStore.getPassword(tag, iteration);
        if (strPassword == null) {
            logger.debug("TomcatJSS: no password for " + tag);
            return;
        }
        Password password = new Password(strPassword.toCharArray());
        try {
            token.login(password);
            return;
        } catch (IncorrectPasswordException e) {
            logger.warn("TomcatJSS: incorrect password");
            iteration++;
        } finally {
            password.clear();
        }
    } while (iteration < MAX_LOGIN_ATTEMPTS);
    logger.error("TomcatJSS: failed to log into " + tag);
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) IncorrectPasswordException(org.mozilla.jss.util.IncorrectPasswordException) Password(org.mozilla.jss.util.Password)

Aggregations

IncorrectPasswordException (org.mozilla.jss.util.IncorrectPasswordException)4 Password (org.mozilla.jss.util.Password)4 AlreadyInitializedException (org.mozilla.jss.crypto.AlreadyInitializedException)2 CryptoToken (org.mozilla.jss.crypto.CryptoToken)2 NullPasswordCallback (org.mozilla.jss.util.NullPasswordCallback)2 PasswordCallback (org.mozilla.jss.util.PasswordCallback)2 PasswordCallbackInfo (org.mozilla.jss.util.PasswordCallbackInfo)2 CryptoManager (org.mozilla.jss.CryptoManager)1 NoSuchTokenException (org.mozilla.jss.NoSuchTokenException)1 NotInitializedException (org.mozilla.jss.NotInitializedException)1 TokenException (org.mozilla.jss.crypto.TokenException)1 PK11Module (org.mozilla.jss.pkcs11.PK11Module)1 PK11Token (org.mozilla.jss.pkcs11.PK11Token)1