Search in sources :

Example 1 with PasswordCallback

use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.

the class JSS_FileUploadServer method doIt.

public void doIt(String[] args) throws Exception {
    if (args.length < 1 || args[0].toLowerCase().indexOf("-h") != -1) {
        System.out.println(usage);
        System.exit(1);
    }
    int socketCntr = 0;
    try {
        if (args[0].length() > 0 && !args[0].equals("."))
            fCertDbPath = args[0];
        if (args[1].length() > 0 && !args[1].equals("passwords"))
            fPasswordFile = args[1];
        if (args[2].length() > 0 && !args[2].equals("localhost"))
            fServerHost = args[2];
        if (args[3].length() > 0)
            fServerCertNick = args[3];
    } catch (Exception e) {
    }
    CryptoManager cm = CryptoManager.getInstance();
    CryptoToken tok = cm.getInternalKeyStorageToken();
    PasswordCallback cb = new FilePasswordCallback(fPasswordFile);
    tok.login(cb);
    if (args[4].equalsIgnoreCase("true") == true) {
        TestInetAddress = true;
    }
    // We have to configure the server session ID cache before
    // creating any server sockets.
    SSLServerSocket.configServerSessionIDCache(10, 100, 100, null);
    // Disable SSL2
    SSLSocket.enableSSL2Default(false);
    // Note we will use the NSS default enabled ciphers suites
    // open the server socket and bind to the port
    logger.debug("Server about .... to create socket");
    if (TestInetAddress) {
        logger.debug("the HostName " + fServerHost + " the Inet Address " + InetAddress.getByName(fServerHost));
        serverSock = new SSLServerSocket(port, 5, InetAddress.getByName(fServerHost), null, true);
    } else {
        logger.debug("Inet set to Null");
        serverSock = new SSLServerSocket(port, 5, null, null, true);
    }
    logger.debug("Server created socket");
    // serverSock.setSoTimeout(120 * 1000);
    serverSock.requireClientAuth(SSLSocket.SSL_REQUIRE_NO_ERROR);
    serverSock.setServerCertNickname(fServerCertNick);
    logger.debug("Server specified cert by nickname");
    System.out.println("Server ready to accept connections");
    while (true) {
        // accept the connection
        sock = (SSLSocket) serverSock.accept();
        // sock.setKeepAlive(true);
        sock.addHandshakeCompletedListener(new HandshakeListener("server", this));
        socketCntr++;
        readWriteThread rwThread = new readWriteThread(sock, socketCntr);
        rwThread.start();
    }
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) PasswordCallback(org.mozilla.jss.util.PasswordCallback) CryptoManager(org.mozilla.jss.CryptoManager) SSLServerSocket(org.mozilla.jss.ssl.SSLServerSocket)

Example 2 with PasswordCallback

use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.

the class X509CertTest method main.

/* Just some sample code to exercise the new classes */
public static void main(String[] args) throws Exception {
    if (args.length != 2) {
        System.out.println("Usage: X509CertTest  <dbdir> <passwordfile>");
        return;
    }
    String dbdir = args[0];
    String passwordfile = args[1];
    Date notBefore = new Date();
    Calendar cal = Calendar.getInstance();
    cal.setTime(notBefore);
    cal.set(Calendar.YEAR, 2037);
    Date notAfter = cal.getTime();
    // Generate ca keyPair
    CryptoManager cryptoManager = CryptoManager.getInstance();
    CryptoToken token = cryptoManager.getInternalKeyStorageToken();
    PasswordCallback cb = new FilePasswordCallback(passwordfile);
    token.login(cb);
    testEC(token, notBefore, notAfter);
    testRSA(token, notBefore, notAfter);
    testImport();
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) Calendar(java.util.Calendar) PasswordCallback(org.mozilla.jss.util.PasswordCallback) CryptoManager(org.mozilla.jss.CryptoManager) Date(java.util.Date)

Example 3 with PasswordCallback

use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.

the class SSLClientAuth method doIt.

/**
 * @param args
 * @throws java.lang.Exception
 */
public void doIt(String[] args) throws Exception {
    if (args.length < 2) {
        System.out.println("Usage: java org.mozilla.jss.tests." + "SSLClientAuth <dbdir> <passwordFile> [port]" + " [Certificate Serial Number]");
        System.exit(1);
    }
    cm = CryptoManager.getInstance();
    CryptoToken tok = cm.getInternalKeyStorageToken();
    PasswordCallback cb = new FilePasswordCallback(args[1]);
    tok.login(cb);
    if (args.length >= 3) {
        port = Integer.parseInt(args[2]);
        System.out.println("using port:" + port);
    }
    if (args.length >= 4) {
        serialNum = Integer.parseInt(args[3]);
    } else {
        SecureRandom rng = SecureRandom.getInstance("pkcs11prng", "Mozilla-JSS");
        serialNum = nextRandInt(rng);
    }
    X509Certificate[] certs;
    /* ensure certificate does not already exists */
    /* we don't have to test all three */
    serverCertNick = "SSLserver-" + serialNum;
    clientCertNick = "SSLclient-" + serialNum;
    certs = cm.findCertsByNickname(serverCertNick);
    if (certs.length == 0) {
        generateCerts(cm, serialNum);
    } else {
        try {
            nssServerCert = cm.findCertByNickname(serverCertNick);
            nssClientCert = cm.findCertByNickname(clientCertNick);
        } catch (TokenException ex) {
            ex.printStackTrace();
            System.exit(1);
        } catch (ObjectNotFoundException ex) {
            ex.printStackTrace();
            System.exit(1);
        }
    }
    configureDefaultSSLoptions();
    testSpecificCiphers();
    useNickname = false;
    testConnection();
    useNickname = true;
    testConnection();
    System.out.println("Exiting main()");
    if (getSuccess()) {
        System.exit(0);
    } else {
        System.exit(1);
    }
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) TokenException(org.mozilla.jss.crypto.TokenException) ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException) PasswordCallback(org.mozilla.jss.util.PasswordCallback) SecureRandom(java.security.SecureRandom) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Example 4 with PasswordCallback

use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.

the class VerifyCert method main.

public static void main(String[] args) {
    try {
        VerifyCert vc = new VerifyCert();
        if (args.length < 3) {
            vc.usage();
            return;
        }
        String dbdir = args[0];
        String password = args[1];
        String name = args[2];
        String ResponderURL = null;
        String ResponderNickname = null;
        // if OCSPResponderURL than must have OCSPCertificateNickname
        if (args.length == 4 || args.length > 5)
            vc.usage();
        else if (args.length == 5) {
            ResponderURL = args[3];
            ResponderNickname = args[4];
        }
        // initialize JSS
        InitializationValues vals = new InitializationValues(dbdir);
        // enable PKIX verify rather than the old NSS cert library,
        // to verify certificates.
        vals.PKIXVerify = true;
        // as a JSS test set the initialize for cooperate to true
        // One would set this to true if one configured NSS with
        // to use other PKCS11 modules.
        vals.cooperate = true;
        // configure OCSP
        vals.ocspCheckingEnabled = true;
        if (ResponderURL != null && ResponderNickname != null) {
            vals.ocspResponderCertNickname = ResponderNickname;
            vals.ocspResponderURL = ResponderURL;
        }
        CryptoManager cm = CryptoManager.getInstance();
        PasswordCallback pwd = new Password(password.toCharArray());
        cm.setPasswordCallback(pwd);
        try (FileInputStream fin = new FileInputStream(name)) {
            byte[] pkg = new byte[fin.available()];
            fin.read(pkg);
            // display the cert
            vc.showCert(name);
            // validate the cert
            vc.validateDerCert(pkg, cm);
        } catch (java.io.FileNotFoundException e) {
            // assume name is a nickname of cert in the db
            vc.validateCertInDB(name, cm);
        }
    } catch (Exception e) {
        e.printStackTrace();
        System.exit(1);
    }
}
Also used : InitializationValues(org.mozilla.jss.InitializationValues) PasswordCallback(org.mozilla.jss.util.PasswordCallback) CryptoManager(org.mozilla.jss.CryptoManager) FileInputStream(java.io.FileInputStream) Password(org.mozilla.jss.util.Password)

Example 5 with PasswordCallback

use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.

the class GenerateTestCert method doIt.

/**
 * Based on the input parameters, generate a cert
 * pair.
 */
private void doIt(String[] args) throws Exception {
    String caCertNick = CACERT_NICKNAME;
    String serverCertNick = SERVERCERT_NICKNAME;
    String clientCertNick = CLIENTCERT_NICKNAME;
    if (args.length < 3) {
        usage();
    }
    try {
        CryptoManager cm = CryptoManager.getInstance();
        CryptoToken tok = cm.getInternalKeyStorageToken();
        PasswordCallback cb = new FilePasswordCallback(args[1]);
        tok.login(cb);
        int serialNum = Integer.parseInt(args[2]);
        X509Certificate[] permCerts = cm.getPermCerts();
        int originalPermCerts = permCerts.length;
        System.out.println("Number of certificates stored in the " + " database: " + originalPermCerts);
        String hostname = "localhost";
        if (args.length > 4) {
            hostname = args[3];
        }
        String alg = "SHA-256/RSA";
        if (args.length > 5) {
            alg = args[4];
        }
        setSigAlg(alg);
        X509Certificate[] certs;
        if (args.length > 6) {
            caCertNick = args[5];
        }
        /* ensure certificate does not already exists */
        certs = cm.findCertsByNickname(caCertNick);
        if (certs.length > 0) {
            System.out.println(caCertNick + " already exists!");
            System.exit(1);
        }
        if (args.length > 7) {
            serverCertNick = args[6];
        }
        certs = cm.findCertsByNickname(serverCertNick);
        if (certs.length > 0) {
            System.out.println(serverCertNick + " already exists!");
            System.exit(1);
        }
        if (args.length == 8) {
            clientCertNick = args[7];
        }
        certs = cm.findCertsByNickname(clientCertNick);
        if (certs.length > 0) {
            System.out.println(clientCertNick + " already exists!");
            System.exit(1);
        }
        // generate CA cert
        java.security.KeyPairGenerator kpg = java.security.KeyPairGenerator.getInstance(keyType, "Mozilla-JSS");
        kpg.initialize(keyLength);
        KeyPair caPair = kpg.genKeyPair();
        SEQUENCE extensions = new SEQUENCE();
        extensions.addElement(makeBasicConstraintsExtension());
        Certificate caCert = makeCert("CACert", "CACert", serialNum, caPair.getPrivate(), caPair.getPublic(), serialNum, extensions);
        X509Certificate nssCaCert = cm.importUserCACertPackage(ASN1Util.encode(caCert), caCertNick);
        InternalCertificate intern = (InternalCertificate) nssCaCert;
        intern.setSSLTrust(PK11Cert.TRUSTED_CA | PK11Cert.TRUSTED_CLIENT_CA | PK11Cert.VALID_CA);
        // generate server cert
        kpg.initialize(keyLength);
        KeyPair serverPair = kpg.genKeyPair();
        Certificate serverCert = makeCert("CACert", hostname, serialNum + 1, caPair.getPrivate(), serverPair.getPublic(), serialNum, null);
        nssServerCert = cm.importCertPackage(ASN1Util.encode(serverCert), serverCertNick);
        // generate client auth cert
        kpg.initialize(keyLength);
        KeyPair clientPair = kpg.genKeyPair();
        Certificate clientCert = makeCert("CACert", "ClientCert", serialNum + 2, caPair.getPrivate(), clientPair.getPublic(), serialNum, null);
        nssClientCert = cm.importCertPackage(ASN1Util.encode(clientCert), clientCertNick);
        System.out.println("\nThis program created certificates with \n" + "following cert nicknames:" + "\n\t" + caCertNick + "\n\t" + serverCertNick + "\n\t" + clientCertNick);
        permCerts = cm.getPermCerts();
        if ((originalPermCerts + 3) != permCerts.length) {
            System.out.println("Error there should be three more " + " certificates stored in the database");
            System.exit(1);
        } else {
            System.out.println("Number of certificates stored in the " + " database: " + permCerts.length);
        }
        /* ensure certificates exists */
        certs = cm.findCertsByNickname(caCertNick);
        if (certs.length == 0) {
            System.out.println(caCertNick + " should exist!");
            System.exit(1);
        }
        certs = cm.findCertsByNickname(serverCertNick);
        if (certs.length == 0) {
            System.out.println(serverCertNick + " should exist!");
            System.exit(1);
        }
        certs = cm.findCertsByNickname(clientCertNick);
        if (certs.length == 0) {
            System.out.println(clientCertNick + " should exist!");
            System.exit(1);
        }
    } catch (Exception e) {
        e.printStackTrace();
        System.exit(1);
    }
    System.exit(0);
}
Also used : KeyPair(java.security.KeyPair) CryptoToken(org.mozilla.jss.crypto.CryptoToken) CryptoManager(org.mozilla.jss.CryptoManager) X509Certificate(org.mozilla.jss.crypto.X509Certificate) InternalCertificate(org.mozilla.jss.crypto.InternalCertificate) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) PasswordCallback(org.mozilla.jss.util.PasswordCallback) Certificate(org.mozilla.jss.pkix.cert.Certificate) InternalCertificate(org.mozilla.jss.crypto.InternalCertificate) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Aggregations

PasswordCallback (org.mozilla.jss.util.PasswordCallback)10 CryptoToken (org.mozilla.jss.crypto.CryptoToken)7 CryptoManager (org.mozilla.jss.CryptoManager)6 Password (org.mozilla.jss.util.Password)3 InitializationValues (org.mozilla.jss.InitializationValues)2 X509Certificate (org.mozilla.jss.crypto.X509Certificate)2 SSLServerSocket (org.mozilla.jss.ssl.SSLServerSocket)2 IncorrectPasswordException (org.mozilla.jss.util.IncorrectPasswordException)2 NullPasswordCallback (org.mozilla.jss.util.NullPasswordCallback)2 PasswordCallbackInfo (org.mozilla.jss.util.PasswordCallbackInfo)2 FileInputStream (java.io.FileInputStream)1 IOException (java.io.IOException)1 SocketTimeoutException (java.net.SocketTimeoutException)1 KeyPair (java.security.KeyPair)1 SecureRandom (java.security.SecureRandom)1 Calendar (java.util.Calendar)1 Date (java.util.Date)1 SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)1 AlreadyInitializedException (org.mozilla.jss.crypto.AlreadyInitializedException)1 InternalCertificate (org.mozilla.jss.crypto.InternalCertificate)1