Example 1 with PasswordCallback
use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.
the class JSS_FileUploadServer method doIt.
public void doIt(String[] args) throws Exception {
if (args.length < 1 || args[0].toLowerCase().indexOf("-h") != -1) {
System.out.println(usage);
System.exit(1);
}
int socketCntr = 0;
try {
if (args[0].length() > 0 && !args[0].equals("."))
fCertDbPath = args[0];
if (args[1].length() > 0 && !args[1].equals("passwords"))
fPasswordFile = args[1];
if (args[2].length() > 0 && !args[2].equals("localhost"))
fServerHost = args[2];
if (args[3].length() > 0)
fServerCertNick = args[3];
} catch (Exception e) {
}
CryptoManager cm = CryptoManager.getInstance();
CryptoToken tok = cm.getInternalKeyStorageToken();
PasswordCallback cb = new FilePasswordCallback(fPasswordFile);
tok.login(cb);
if (args[4].equalsIgnoreCase("true") == true) {
TestInetAddress = true;
}
// We have to configure the server session ID cache before
// creating any server sockets.
SSLServerSocket.configServerSessionIDCache(10, 100, 100, null);
// Disable SSL2
SSLSocket.enableSSL2Default(false);
// Note we will use the NSS default enabled ciphers suites
// open the server socket and bind to the port
logger.debug("Server about .... to create socket");
if (TestInetAddress) {
logger.debug("the HostName " + fServerHost + " the Inet Address " + InetAddress.getByName(fServerHost));
serverSock = new SSLServerSocket(port, 5, InetAddress.getByName(fServerHost), null, true);
} else {
logger.debug("Inet set to Null");
serverSock = new SSLServerSocket(port, 5, null, null, true);
}
logger.debug("Server created socket");
// serverSock.setSoTimeout(120 * 1000);
serverSock.requireClientAuth(SSLSocket.SSL_REQUIRE_NO_ERROR);
serverSock.setServerCertNickname(fServerCertNick);
logger.debug("Server specified cert by nickname");
System.out.println("Server ready to accept connections");
while (true) {
// accept the connection
sock = (SSLSocket) serverSock.accept();
// sock.setKeepAlive(true);
sock.addHandshakeCompletedListener(new HandshakeListener("server", this));
socketCntr++;
readWriteThread rwThread = new readWriteThread(sock, socketCntr);
rwThread.start();
}
}
Also used :
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
PasswordCallback(org.mozilla.jss.util.PasswordCallback)
CryptoManager(org.mozilla.jss.CryptoManager)
SSLServerSocket(org.mozilla.jss.ssl.SSLServerSocket)
Example 2 with PasswordCallback
use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.
the class X509CertTest method main.
/* Just some sample code to exercise the new classes */
public static void main(String[] args) throws Exception {
if (args.length != 2) {
System.out.println("Usage: X509CertTest <dbdir> <passwordfile>");
return;
}
String dbdir = args[0];
String passwordfile = args[1];
Date notBefore = new Date();
Calendar cal = Calendar.getInstance();
cal.setTime(notBefore);
cal.set(Calendar.YEAR, 2037);
Date notAfter = cal.getTime();
// Generate ca keyPair
CryptoManager cryptoManager = CryptoManager.getInstance();
CryptoToken token = cryptoManager.getInternalKeyStorageToken();
PasswordCallback cb = new FilePasswordCallback(passwordfile);
token.login(cb);
testEC(token, notBefore, notAfter);
testRSA(token, notBefore, notAfter);
testImport();
}
Also used :
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
Calendar(java.util.Calendar)
PasswordCallback(org.mozilla.jss.util.PasswordCallback)
CryptoManager(org.mozilla.jss.CryptoManager)
Date(java.util.Date)
Example 3 with PasswordCallback
use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.
the class SSLClientAuth method doIt.
/**
* @param args
* @throws java.lang.Exception
*/
public void doIt(String[] args) throws Exception {
if (args.length < 2) {
System.out.println("Usage: java org.mozilla.jss.tests." + "SSLClientAuth <dbdir> <passwordFile> [port]" + " [Certificate Serial Number]");
System.exit(1);
}
cm = CryptoManager.getInstance();
CryptoToken tok = cm.getInternalKeyStorageToken();
PasswordCallback cb = new FilePasswordCallback(args[1]);
tok.login(cb);
if (args.length >= 3) {
port = Integer.parseInt(args[2]);
System.out.println("using port:" + port);
}
if (args.length >= 4) {
serialNum = Integer.parseInt(args[3]);
} else {
SecureRandom rng = SecureRandom.getInstance("pkcs11prng", "Mozilla-JSS");
serialNum = nextRandInt(rng);
}
X509Certificate[] certs;
/* ensure certificate does not already exists */
/* we don't have to test all three */
serverCertNick = "SSLserver-" + serialNum;
clientCertNick = "SSLclient-" + serialNum;
certs = cm.findCertsByNickname(serverCertNick);
if (certs.length == 0) {
generateCerts(cm, serialNum);
} else {
try {
nssServerCert = cm.findCertByNickname(serverCertNick);
nssClientCert = cm.findCertByNickname(clientCertNick);
} catch (TokenException ex) {
ex.printStackTrace();
System.exit(1);
} catch (ObjectNotFoundException ex) {
ex.printStackTrace();
System.exit(1);
}
}
configureDefaultSSLoptions();
testSpecificCiphers();
useNickname = false;
testConnection();
useNickname = true;
testConnection();
System.out.println("Exiting main()");
if (getSuccess()) {
System.exit(0);
} else {
System.exit(1);
}
}
Also used :
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
TokenException(org.mozilla.jss.crypto.TokenException)
ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException)
PasswordCallback(org.mozilla.jss.util.PasswordCallback)
SecureRandom(java.security.SecureRandom)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
Example 4 with PasswordCallback
use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.
the class VerifyCert method main.
public static void main(String[] args) {
try {
VerifyCert vc = new VerifyCert();
if (args.length < 3) {
vc.usage();
return;
}
String dbdir = args[0];
String password = args[1];
String name = args[2];
String ResponderURL = null;
String ResponderNickname = null;
// if OCSPResponderURL than must have OCSPCertificateNickname
if (args.length == 4 || args.length > 5)
vc.usage();
else if (args.length == 5) {
ResponderURL = args[3];
ResponderNickname = args[4];
}
// initialize JSS
InitializationValues vals = new InitializationValues(dbdir);
// enable PKIX verify rather than the old NSS cert library,
// to verify certificates.
vals.PKIXVerify = true;
// as a JSS test set the initialize for cooperate to true
// One would set this to true if one configured NSS with
// to use other PKCS11 modules.
vals.cooperate = true;
// configure OCSP
vals.ocspCheckingEnabled = true;
if (ResponderURL != null && ResponderNickname != null) {
vals.ocspResponderCertNickname = ResponderNickname;
vals.ocspResponderURL = ResponderURL;
}
CryptoManager cm = CryptoManager.getInstance();
PasswordCallback pwd = new Password(password.toCharArray());
cm.setPasswordCallback(pwd);
try (FileInputStream fin = new FileInputStream(name)) {
byte[] pkg = new byte[fin.available()];
fin.read(pkg);
// display the cert
vc.showCert(name);
// validate the cert
vc.validateDerCert(pkg, cm);
} catch (java.io.FileNotFoundException e) {
// assume name is a nickname of cert in the db
vc.validateCertInDB(name, cm);
}
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
}
Also used :
InitializationValues(org.mozilla.jss.InitializationValues)
PasswordCallback(org.mozilla.jss.util.PasswordCallback)
CryptoManager(org.mozilla.jss.CryptoManager)
FileInputStream(java.io.FileInputStream)
Password(org.mozilla.jss.util.Password)
Example 5 with PasswordCallback
use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.
the class GenerateTestCert method doIt.
/**
* Based on the input parameters, generate a cert
* pair.
*/
private void doIt(String[] args) throws Exception {
String caCertNick = CACERT_NICKNAME;
String serverCertNick = SERVERCERT_NICKNAME;
String clientCertNick = CLIENTCERT_NICKNAME;
if (args.length < 3) {
usage();
}
try {
CryptoManager cm = CryptoManager.getInstance();
CryptoToken tok = cm.getInternalKeyStorageToken();
PasswordCallback cb = new FilePasswordCallback(args[1]);
tok.login(cb);
int serialNum = Integer.parseInt(args[2]);
X509Certificate[] permCerts = cm.getPermCerts();
int originalPermCerts = permCerts.length;
System.out.println("Number of certificates stored in the " + " database: " + originalPermCerts);
String hostname = "localhost";
if (args.length > 4) {
hostname = args[3];
}
String alg = "SHA-256/RSA";
if (args.length > 5) {
alg = args[4];
}
setSigAlg(alg);
X509Certificate[] certs;
if (args.length > 6) {
caCertNick = args[5];
}
/* ensure certificate does not already exists */
certs = cm.findCertsByNickname(caCertNick);
if (certs.length > 0) {
System.out.println(caCertNick + " already exists!");
System.exit(1);
}
if (args.length > 7) {
serverCertNick = args[6];
}
certs = cm.findCertsByNickname(serverCertNick);
if (certs.length > 0) {
System.out.println(serverCertNick + " already exists!");
System.exit(1);
}
if (args.length == 8) {
clientCertNick = args[7];
}
certs = cm.findCertsByNickname(clientCertNick);
if (certs.length > 0) {
System.out.println(clientCertNick + " already exists!");
System.exit(1);
}
// generate CA cert
java.security.KeyPairGenerator kpg = java.security.KeyPairGenerator.getInstance(keyType, "Mozilla-JSS");
kpg.initialize(keyLength);
KeyPair caPair = kpg.genKeyPair();
SEQUENCE extensions = new SEQUENCE();
extensions.addElement(makeBasicConstraintsExtension());
Certificate caCert = makeCert("CACert", "CACert", serialNum, caPair.getPrivate(), caPair.getPublic(), serialNum, extensions);
X509Certificate nssCaCert = cm.importUserCACertPackage(ASN1Util.encode(caCert), caCertNick);
InternalCertificate intern = (InternalCertificate) nssCaCert;
intern.setSSLTrust(PK11Cert.TRUSTED_CA | PK11Cert.TRUSTED_CLIENT_CA | PK11Cert.VALID_CA);
// generate server cert
kpg.initialize(keyLength);
KeyPair serverPair = kpg.genKeyPair();
Certificate serverCert = makeCert("CACert", hostname, serialNum + 1, caPair.getPrivate(), serverPair.getPublic(), serialNum, null);
nssServerCert = cm.importCertPackage(ASN1Util.encode(serverCert), serverCertNick);
// generate client auth cert
kpg.initialize(keyLength);
KeyPair clientPair = kpg.genKeyPair();
Certificate clientCert = makeCert("CACert", "ClientCert", serialNum + 2, caPair.getPrivate(), clientPair.getPublic(), serialNum, null);
nssClientCert = cm.importCertPackage(ASN1Util.encode(clientCert), clientCertNick);
System.out.println("\nThis program created certificates with \n" + "following cert nicknames:" + "\n\t" + caCertNick + "\n\t" + serverCertNick + "\n\t" + clientCertNick);
permCerts = cm.getPermCerts();
if ((originalPermCerts + 3) != permCerts.length) {
System.out.println("Error there should be three more " + " certificates stored in the database");
System.exit(1);
} else {
System.out.println("Number of certificates stored in the " + " database: " + permCerts.length);
}
/* ensure certificates exists */
certs = cm.findCertsByNickname(caCertNick);
if (certs.length == 0) {
System.out.println(caCertNick + " should exist!");
System.exit(1);
}
certs = cm.findCertsByNickname(serverCertNick);
if (certs.length == 0) {
System.out.println(serverCertNick + " should exist!");
System.exit(1);
}
certs = cm.findCertsByNickname(clientCertNick);
if (certs.length == 0) {
System.out.println(clientCertNick + " should exist!");
System.exit(1);
}
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
System.exit(0);
}
Also used :
KeyPair(java.security.KeyPair)
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
CryptoManager(org.mozilla.jss.CryptoManager)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
InternalCertificate(org.mozilla.jss.crypto.InternalCertificate)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
PasswordCallback(org.mozilla.jss.util.PasswordCallback)
Certificate(org.mozilla.jss.pkix.cert.Certificate)
InternalCertificate(org.mozilla.jss.crypto.InternalCertificate)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
Aggregations
PasswordCallback (org.mozilla.jss.util.PasswordCallback)10
CryptoToken (org.mozilla.jss.crypto.CryptoToken)7
CryptoManager (org.mozilla.jss.CryptoManager)6
Password (org.mozilla.jss.util.Password)3
InitializationValues (org.mozilla.jss.InitializationValues)2
X509Certificate (org.mozilla.jss.crypto.X509Certificate)2
SSLServerSocket (org.mozilla.jss.ssl.SSLServerSocket)2
IncorrectPasswordException (org.mozilla.jss.util.IncorrectPasswordException)2
NullPasswordCallback (org.mozilla.jss.util.NullPasswordCallback)2
PasswordCallbackInfo (org.mozilla.jss.util.PasswordCallbackInfo)2
FileInputStream (java.io.FileInputStream)1
IOException (java.io.IOException)1
SocketTimeoutException (java.net.SocketTimeoutException)1
KeyPair (java.security.KeyPair)1
SecureRandom (java.security.SecureRandom)1
Calendar (java.util.Calendar)1
Date (java.util.Date)1
SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)1
AlreadyInitializedException (org.mozilla.jss.crypto.AlreadyInitializedException)1
InternalCertificate (org.mozilla.jss.crypto.InternalCertificate)1
