use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.
the class JSS_FileUploadServer method doIt.
public void doIt(String[] args) throws Exception {
if (args.length < 1 || args[0].toLowerCase().indexOf("-h") != -1) {
System.out.println(usage);
System.exit(1);
}
int socketCntr = 0;
try {
if (args[0].length() > 0 && !args[0].equals("."))
fCertDbPath = args[0];
if (args[1].length() > 0 && !args[1].equals("passwords"))
fPasswordFile = args[1];
if (args[2].length() > 0 && !args[2].equals("localhost"))
fServerHost = args[2];
if (args[3].length() > 0)
fServerCertNick = args[3];
} catch (Exception e) {
}
CryptoManager cm = CryptoManager.getInstance();
CryptoToken tok = cm.getInternalKeyStorageToken();
PasswordCallback cb = new FilePasswordCallback(fPasswordFile);
tok.login(cb);
if (args[4].equalsIgnoreCase("true") == true) {
TestInetAddress = true;
}
// We have to configure the server session ID cache before
// creating any server sockets.
SSLServerSocket.configServerSessionIDCache(10, 100, 100, null);
// Disable SSL2
SSLSocket.enableSSL2Default(false);
// Note we will use the NSS default enabled ciphers suites
// open the server socket and bind to the port
logger.debug("Server about .... to create socket");
if (TestInetAddress) {
logger.debug("the HostName " + fServerHost + " the Inet Address " + InetAddress.getByName(fServerHost));
serverSock = new SSLServerSocket(port, 5, InetAddress.getByName(fServerHost), null, true);
} else {
logger.debug("Inet set to Null");
serverSock = new SSLServerSocket(port, 5, null, null, true);
}
logger.debug("Server created socket");
// serverSock.setSoTimeout(120 * 1000);
serverSock.requireClientAuth(SSLSocket.SSL_REQUIRE_NO_ERROR);
serverSock.setServerCertNickname(fServerCertNick);
logger.debug("Server specified cert by nickname");
System.out.println("Server ready to accept connections");
while (true) {
// accept the connection
sock = (SSLSocket) serverSock.accept();
// sock.setKeepAlive(true);
sock.addHandshakeCompletedListener(new HandshakeListener("server", this));
socketCntr++;
readWriteThread rwThread = new readWriteThread(sock, socketCntr);
rwThread.start();
}
}
use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.
the class X509CertTest method main.
/* Just some sample code to exercise the new classes */
public static void main(String[] args) throws Exception {
if (args.length != 2) {
System.out.println("Usage: X509CertTest <dbdir> <passwordfile>");
return;
}
String dbdir = args[0];
String passwordfile = args[1];
Date notBefore = new Date();
Calendar cal = Calendar.getInstance();
cal.setTime(notBefore);
cal.set(Calendar.YEAR, 2037);
Date notAfter = cal.getTime();
// Generate ca keyPair
CryptoManager cryptoManager = CryptoManager.getInstance();
CryptoToken token = cryptoManager.getInternalKeyStorageToken();
PasswordCallback cb = new FilePasswordCallback(passwordfile);
token.login(cb);
testEC(token, notBefore, notAfter);
testRSA(token, notBefore, notAfter);
testImport();
}
use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.
the class SSLClientAuth method doIt.
/**
* @param args
* @throws java.lang.Exception
*/
public void doIt(String[] args) throws Exception {
if (args.length < 2) {
System.out.println("Usage: java org.mozilla.jss.tests." + "SSLClientAuth <dbdir> <passwordFile> [port]" + " [Certificate Serial Number]");
System.exit(1);
}
cm = CryptoManager.getInstance();
CryptoToken tok = cm.getInternalKeyStorageToken();
PasswordCallback cb = new FilePasswordCallback(args[1]);
tok.login(cb);
if (args.length >= 3) {
port = Integer.parseInt(args[2]);
System.out.println("using port:" + port);
}
if (args.length >= 4) {
serialNum = Integer.parseInt(args[3]);
} else {
SecureRandom rng = SecureRandom.getInstance("pkcs11prng", "Mozilla-JSS");
serialNum = nextRandInt(rng);
}
X509Certificate[] certs;
/* ensure certificate does not already exists */
/* we don't have to test all three */
serverCertNick = "SSLserver-" + serialNum;
clientCertNick = "SSLclient-" + serialNum;
certs = cm.findCertsByNickname(serverCertNick);
if (certs.length == 0) {
generateCerts(cm, serialNum);
} else {
try {
nssServerCert = cm.findCertByNickname(serverCertNick);
nssClientCert = cm.findCertByNickname(clientCertNick);
} catch (TokenException ex) {
ex.printStackTrace();
System.exit(1);
} catch (ObjectNotFoundException ex) {
ex.printStackTrace();
System.exit(1);
}
}
configureDefaultSSLoptions();
testSpecificCiphers();
useNickname = false;
testConnection();
useNickname = true;
testConnection();
System.out.println("Exiting main()");
if (getSuccess()) {
System.exit(0);
} else {
System.exit(1);
}
}
use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.
the class VerifyCert method main.
public static void main(String[] args) {
try {
VerifyCert vc = new VerifyCert();
if (args.length < 3) {
vc.usage();
return;
}
String dbdir = args[0];
String password = args[1];
String name = args[2];
String ResponderURL = null;
String ResponderNickname = null;
// if OCSPResponderURL than must have OCSPCertificateNickname
if (args.length == 4 || args.length > 5)
vc.usage();
else if (args.length == 5) {
ResponderURL = args[3];
ResponderNickname = args[4];
}
// initialize JSS
InitializationValues vals = new InitializationValues(dbdir);
// enable PKIX verify rather than the old NSS cert library,
// to verify certificates.
vals.PKIXVerify = true;
// as a JSS test set the initialize for cooperate to true
// One would set this to true if one configured NSS with
// to use other PKCS11 modules.
vals.cooperate = true;
// configure OCSP
vals.ocspCheckingEnabled = true;
if (ResponderURL != null && ResponderNickname != null) {
vals.ocspResponderCertNickname = ResponderNickname;
vals.ocspResponderURL = ResponderURL;
}
CryptoManager cm = CryptoManager.getInstance();
PasswordCallback pwd = new Password(password.toCharArray());
cm.setPasswordCallback(pwd);
try (FileInputStream fin = new FileInputStream(name)) {
byte[] pkg = new byte[fin.available()];
fin.read(pkg);
// display the cert
vc.showCert(name);
// validate the cert
vc.validateDerCert(pkg, cm);
} catch (java.io.FileNotFoundException e) {
// assume name is a nickname of cert in the db
vc.validateCertInDB(name, cm);
}
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
}
use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.
the class GenerateTestCert method doIt.
/**
* Based on the input parameters, generate a cert
* pair.
*/
private void doIt(String[] args) throws Exception {
String caCertNick = CACERT_NICKNAME;
String serverCertNick = SERVERCERT_NICKNAME;
String clientCertNick = CLIENTCERT_NICKNAME;
if (args.length < 3) {
usage();
}
try {
CryptoManager cm = CryptoManager.getInstance();
CryptoToken tok = cm.getInternalKeyStorageToken();
PasswordCallback cb = new FilePasswordCallback(args[1]);
tok.login(cb);
int serialNum = Integer.parseInt(args[2]);
X509Certificate[] permCerts = cm.getPermCerts();
int originalPermCerts = permCerts.length;
System.out.println("Number of certificates stored in the " + " database: " + originalPermCerts);
String hostname = "localhost";
if (args.length > 4) {
hostname = args[3];
}
String alg = "SHA-256/RSA";
if (args.length > 5) {
alg = args[4];
}
setSigAlg(alg);
X509Certificate[] certs;
if (args.length > 6) {
caCertNick = args[5];
}
/* ensure certificate does not already exists */
certs = cm.findCertsByNickname(caCertNick);
if (certs.length > 0) {
System.out.println(caCertNick + " already exists!");
System.exit(1);
}
if (args.length > 7) {
serverCertNick = args[6];
}
certs = cm.findCertsByNickname(serverCertNick);
if (certs.length > 0) {
System.out.println(serverCertNick + " already exists!");
System.exit(1);
}
if (args.length == 8) {
clientCertNick = args[7];
}
certs = cm.findCertsByNickname(clientCertNick);
if (certs.length > 0) {
System.out.println(clientCertNick + " already exists!");
System.exit(1);
}
// generate CA cert
java.security.KeyPairGenerator kpg = java.security.KeyPairGenerator.getInstance(keyType, "Mozilla-JSS");
kpg.initialize(keyLength);
KeyPair caPair = kpg.genKeyPair();
SEQUENCE extensions = new SEQUENCE();
extensions.addElement(makeBasicConstraintsExtension());
Certificate caCert = makeCert("CACert", "CACert", serialNum, caPair.getPrivate(), caPair.getPublic(), serialNum, extensions);
X509Certificate nssCaCert = cm.importUserCACertPackage(ASN1Util.encode(caCert), caCertNick);
InternalCertificate intern = (InternalCertificate) nssCaCert;
intern.setSSLTrust(PK11Cert.TRUSTED_CA | PK11Cert.TRUSTED_CLIENT_CA | PK11Cert.VALID_CA);
// generate server cert
kpg.initialize(keyLength);
KeyPair serverPair = kpg.genKeyPair();
Certificate serverCert = makeCert("CACert", hostname, serialNum + 1, caPair.getPrivate(), serverPair.getPublic(), serialNum, null);
nssServerCert = cm.importCertPackage(ASN1Util.encode(serverCert), serverCertNick);
// generate client auth cert
kpg.initialize(keyLength);
KeyPair clientPair = kpg.genKeyPair();
Certificate clientCert = makeCert("CACert", "ClientCert", serialNum + 2, caPair.getPrivate(), clientPair.getPublic(), serialNum, null);
nssClientCert = cm.importCertPackage(ASN1Util.encode(clientCert), clientCertNick);
System.out.println("\nThis program created certificates with \n" + "following cert nicknames:" + "\n\t" + caCertNick + "\n\t" + serverCertNick + "\n\t" + clientCertNick);
permCerts = cm.getPermCerts();
if ((originalPermCerts + 3) != permCerts.length) {
System.out.println("Error there should be three more " + " certificates stored in the database");
System.exit(1);
} else {
System.out.println("Number of certificates stored in the " + " database: " + permCerts.length);
}
/* ensure certificates exists */
certs = cm.findCertsByNickname(caCertNick);
if (certs.length == 0) {
System.out.println(caCertNick + " should exist!");
System.exit(1);
}
certs = cm.findCertsByNickname(serverCertNick);
if (certs.length == 0) {
System.out.println(serverCertNick + " should exist!");
System.exit(1);
}
certs = cm.findCertsByNickname(clientCertNick);
if (certs.length == 0) {
System.out.println(clientCertNick + " should exist!");
System.exit(1);
}
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
System.exit(0);
}
Aggregations