use of org.mozilla.jss.util.IncorrectPasswordException in project jss by dogtagpki.
the class SelfTest method main.
public static void main(String[] args) throws Throwable {
CryptoToken tok;
CryptoToken intTok;
CryptoManager manager;
Password pass1 = null, pass2 = null;
java.security.KeyPair keyPair;
char[] passchar1 = { 'f', 'o', 'o', 'b', 'a', 'r' };
char[] passchar2 = { 'n', 'e', 't', 's', 'c', 'a', 'p', 'e' };
if (args.length != 1) {
System.err.println("Usage: java ...SelfTest <dbdir>");
return;
}
try {
manager = CryptoManager.getInstance();
} catch (NotInitializedException e) {
System.out.println("CryptoManager not initialized");
return;
}
try {
tok = manager.getTokenByName("asdffda");
System.out.println("ERROR: found a nonexistent token");
} catch (NoSuchTokenException e) {
System.out.println("Good, could not find non-existent token");
}
try {
Enumeration<PK11Module> modules = manager.getModules();
System.out.println("Modules:");
while (modules.hasMoreElements()) {
System.out.println("\t" + modules.nextElement().getName());
}
Enumeration<CryptoToken> tokens = manager.getAllTokens();
System.out.println("All Tokens:");
while (tokens.hasMoreElements()) {
System.out.println("\t" + tokens.nextElement().getName());
}
Enumeration<CryptoToken> extTokens = manager.getExternalTokens();
System.out.println("External Tokens:");
while (extTokens.hasMoreElements()) {
System.out.println("\t" + extTokens.nextElement().getName());
}
tok = manager.getTokenByName("Internal Key Storage Token");
System.out.println("Good, found internal DB token");
if (tok.equals(manager.getInternalKeyStorageToken())) {
System.out.println("Good, it really is the key storage token");
} else {
System.out.println("ERROR: it's not the same as the key " + "storage token!");
}
if (((PK11Token) tok).isInternalKeyStorageToken()) {
System.out.println("Good, " + tok.getName() + " knows " + "what it is");
} else {
System.out.println("ERROR: " + tok.getName() + " doesn't know" + " it is key storage token");
}
intTok = manager.getInternalCryptoToken();
if (((PK11Token) intTok).isInternalCryptoToken()) {
System.out.println("Good, " + tok.getName() + " knows it is the internal token");
} else {
System.out.println("ERROR: " + tok.getName() + " doesn't know what that it is the internal token");
}
if (tok.isLoggedIn() == false) {
System.out.println("Good, isLoggedIn correctly says we're" + " not logged in");
} else {
System.out.println("ERROR: isLoggedIn incorrectly says we're" + " logged in");
}
System.out.println("Good, successfully opened token \"" + tok.getName() + "\"");
pass1 = new Password(passchar1.clone());
pass2 = new Password(new char[] { 0 });
tok.initPassword(pass2, pass1);
pass1.clear();
pass2.clear();
System.out.println("Good, initialized PIN");
tok.logout();
try {
pass1 = new Password(passchar2.clone());
tok.login(pass1);
System.out.println("ERROR: Successfully logged in with wrong" + " PIN");
} catch (IncorrectPasswordException e) {
System.out.println("Good, unable to login with wrong PIN");
} finally {
pass1.clear();
}
pass1 = new Password(passchar1.clone());
tok.login(pass1);
pass1.clear();
System.out.println("Good, logged in");
if (tok.isLoggedIn() == true) {
System.out.println("Good, isLoggedIn correctly says we're" + " logged in");
} else {
System.out.println("ERROR: isLoggedIn incorrectly says we're" + " not logged in");
}
pass1 = new Password(passchar1.clone());
pass2 = new Password(passchar2.clone());
tok.changePassword(pass1, pass2);
pass1.clear();
pass2.clear();
System.out.println("Good, changed PIN");
try {
pass1 = new Password(passchar1.clone());
tok.login(pass1);
// Should still be logged in
System.out.println("Good, logging in with wrong PIN ok if " + " already logged in");
} catch (IncorrectPasswordException e) {
System.out.println("ERROR: logged in second time with wrong" + "PIN, but we should still be logged in");
} finally {
pass1.clear();
}
try {
tok.logout();
System.out.println("Good, logged out successfully.");
} catch (TokenException e) {
System.out.println("ERROR: failed to logout from token");
}
if (tok.isLoggedIn() == false) {
System.out.println("Good, isLoggedIn correctly says we're" + " not logged in");
} else {
System.out.println("ERROR: isLoggedIn incorrectly says we're" + " logged in");
}
try {
tok.logout();
System.out.println("ERROR: logged out twice in a row");
} catch (TokenException e) {
System.out.println("Good, got an exception when we tried" + " to log out twice in a row");
}
try {
pass1 = new Password(passchar1.clone());
tok.login(pass1);
pass1.clear();
System.out.println("ERROR: logged in with wrong pw");
} catch (IncorrectPasswordException e) {
System.out.println("Good, logging in with wrong PIN gave err");
}
System.out.println("Test completed");
tok = null;
} catch (IncorrectPasswordException e) {
System.out.println("Got an incorrect PIN: " + e);
} catch (AlreadyInitializedException e) {
System.out.println("ERROR: This test only works with uninitialized databases");
} catch (TokenException e) {
System.out.println("Token error: " + e);
} catch (NoSuchTokenException e) {
System.out.println("ERROR: could not find internal DB token");
} finally {
if (pass1 != null) {
pass1.clear();
}
if (pass2 != null) {
pass2.clear();
}
}
// System.gc();
// NativeProxy.assertRegistryEmpty();
// System.runFinalization();
}
use of org.mozilla.jss.util.IncorrectPasswordException in project jss by dogtagpki.
the class TokenCallbackInfo method changePassword.
/**
* Change password. This changes the user's PIN after it has already
* been initialized.
*
* @param oldPINcb The user's old PIN callback.
* @param newPINcb The new PIN callback.
* @exception IncorrectPasswordException If the old PIN is incorrect.
* @exception TokenException If some other error occurs on the token.
*/
@Override
public void changePassword(PasswordCallback oldPINcb, PasswordCallback newPINcb) throws IncorrectPasswordException, TokenException {
byte[] oldPW = null;
byte[] newPW = null;
Password oldPIN = null;
Password newPIN = null;
PasswordCallbackInfo pwcb = makePWCBInfo();
if (oldPINcb == null) {
oldPINcb = new NullPasswordCallback();
}
if (newPINcb == null) {
newPINcb = new NullPasswordCallback();
}
try {
// Verify the old password
oldPIN = oldPINcb.getPasswordFirstAttempt(pwcb);
oldPW = Tunnel.getPasswordByteCopy(oldPIN);
if (!userPasswordIsCorrect(oldPW)) {
do {
Password.wipeBytes(oldPW);
oldPIN.clear();
oldPIN = oldPINcb.getPasswordAgain(pwcb);
oldPW = Tunnel.getPasswordByteCopy(oldPIN);
} while (!userPasswordIsCorrect(oldPW));
}
// Now change the PIN
newPIN = newPINcb.getPasswordFirstAttempt(pwcb);
newPW = Tunnel.getPasswordByteCopy(newPIN);
changePassword(oldPW, newPW);
} catch (PasswordCallback.GiveUpException e) {
throw new IncorrectPasswordException(e.toString());
} finally {
if (oldPW != null) {
Password.wipeBytes(oldPW);
}
if (oldPIN != null) {
oldPIN.clear();
}
if (newPW != null) {
Password.wipeBytes(newPW);
}
if (newPIN != null) {
newPIN.clear();
}
}
}
use of org.mozilla.jss.util.IncorrectPasswordException in project jss by dogtagpki.
the class TokenCallbackInfo method initPassword.
/**
* Determines whether this is a removable token. For example, a smart card
* is removable, while the Netscape internal module and a hardware
* accelerator card are not removable.
* @return true if the token is removable, false otherwise.
*/
// public native boolean isRemovable();
/**
* Initialize PIN. This sets the user's new PIN, using the current
* security officer PIN for authentication.
*
* @param ssopwcb The security officer's current password callback.
* @param userpwcb The user's new password callback.
* @exception IncorrectPasswordException If the security officer PIN is
* incorrect.
* @exception AlreadyInitializedException If the password hasn't already
* been set.
* @exception TokenException If the PIN was already initialized,
* or there was an unspecified error in the token.
*/
@Override
public void initPassword(PasswordCallback ssopwcb, PasswordCallback userpwcb) throws IncorrectPasswordException, AlreadyInitializedException, TokenException {
byte[] ssopwArray = null;
byte[] userpwArray = null;
Password ssopw = null;
Password userpw = null;
PasswordCallbackInfo pwcb = makePWCBInfo();
if (ssopwcb == null) {
ssopwcb = new NullPasswordCallback();
}
if (userpwcb == null) {
userpwcb = new NullPasswordCallback();
}
try {
// checks for the internal module
if (!PWInitable()) {
throw new AlreadyInitializedException();
}
// Verify the SSO Password, except on internal module
if (isInternalKeyStorageToken()) {
ssopwArray = new byte[] { 0 };
} else {
ssopw = ssopwcb.getPasswordFirstAttempt(pwcb);
ssopwArray = Tunnel.getPasswordByteCopy(ssopw);
while (!SSOPasswordIsCorrect(ssopwArray)) {
Password.wipeBytes(ssopwArray);
ssopw.clear();
ssopw = ssopwcb.getPasswordAgain(pwcb);
ssopwArray = Tunnel.getPasswordByteCopy(ssopw);
}
}
// Now change the PIN
userpw = userpwcb.getPasswordFirstAttempt(pwcb);
userpwArray = Tunnel.getPasswordByteCopy(userpw);
initPassword(ssopwArray, userpwArray);
} catch (PasswordCallback.GiveUpException e) {
throw new IncorrectPasswordException(e.toString());
} finally {
// zero-out the arrays
if (ssopwArray != null) {
Password.wipeBytes(ssopwArray);
}
if (ssopw != null) {
ssopw.clear();
}
if (userpwArray != null) {
Password.wipeBytes(userpwArray);
}
if (userpw != null) {
userpw.clear();
}
}
}
use of org.mozilla.jss.util.IncorrectPasswordException in project tomcatjss by dogtagpki.
the class TomcatJSS method login.
public void login(String tag) throws Exception {
CryptoToken token = getToken(tag);
if (token.isLoggedIn()) {
logger.debug("TomcatJSS: already logged into " + tag);
return;
}
logger.debug("TomcatJSS: logging into " + tag);
int iteration = 0;
do {
String strPassword = passwordStore.getPassword(tag, iteration);
if (strPassword == null) {
logger.debug("TomcatJSS: no password for " + tag);
return;
}
Password password = new Password(strPassword.toCharArray());
try {
token.login(password);
return;
} catch (IncorrectPasswordException e) {
logger.warn("TomcatJSS: incorrect password");
iteration++;
} finally {
password.clear();
}
} while (iteration < MAX_LOGIN_ATTEMPTS);
logger.error("TomcatJSS: failed to log into " + tag);
}
Aggregations