Search in sources :

Example 6 with PasswordCallback

use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.

the class FipsTest method main.

public static void main(String[] args) {
    try {
        if (args.length < 2) {
            System.out.println("Usage: FipsTest <dbdir> <fipsmode enter: " + "enable OR disable OR chkfips > <password file>");
            return;
        }
        String dbdir = args[0];
        String fipsmode = args[1];
        String password = "";
        if (args.length == 3) {
            password = args[2];
            System.out.println("The password file " + password);
        }
        InitializationValues vals = new InitializationValues(dbdir);
        System.out.println("output of Initilization values ");
        System.out.println("Manufacturer ID: " + vals.getManufacturerID());
        System.out.println("Library: " + vals.getLibraryDescription());
        System.out.println("Internal Slot: " + vals.getInternalSlotDescription());
        System.out.println("Internal Token: " + vals.getInternalTokenDescription());
        System.out.println("Key Storage Slot: " + vals.getFIPSKeyStorageSlotDescription());
        System.out.println("Key Storage Token: " + vals.getInternalKeyStorageTokenDescription());
        System.out.println("FIPS Slot: " + vals.getFIPSSlotDescription());
        System.out.println("FIPS Key Storage: " + vals.getFIPSKeyStorageSlotDescription());
        if (fipsmode.equalsIgnoreCase("enable")) {
            vals.fipsMode = InitializationValues.FIPSMode.ENABLED;
        } else if (fipsmode.equalsIgnoreCase("disable")) {
            vals.fipsMode = InitializationValues.FIPSMode.DISABLED;
        } else {
            vals.fipsMode = InitializationValues.FIPSMode.UNCHANGED;
        }
        CryptoManager.initialize(vals);
        CryptoManager cm = CryptoManager.getInstance();
        if (cm.FIPSEnabled() == true) {
            System.out.println("\n\t\tFIPS enabled\n");
        } else {
            System.out.println("\n\t\tFIPS not enabled\n");
        }
        Enumeration<PK11Module> modules = cm.getModules();
        System.out.println("\nListing of Modules:");
        while (modules.hasMoreElements()) {
            System.out.println("\t" + modules.nextElement().getName());
        }
        CryptoToken tok;
        String tokenName;
        Enumeration<CryptoToken> tokens = cm.getAllTokens();
        System.out.println("\nAll Tokens:");
        while (tokens.hasMoreElements()) {
            tok = tokens.nextElement();
            System.out.print("\t" + tok.getName());
            if (tok.needsLogin() == true) {
                System.out.println("\t - Needs login.\n");
            } else {
                System.out.println("\t - Does not need login.\n");
            }
        }
        tokens = cm.getExternalTokens();
        System.out.println("\nExternal Tokens:");
        while (tokens.hasMoreElements()) {
            System.out.println("\t" + tokens.nextElement().getName());
        }
        /* find the Internal Key Storage token */
        if (cm.FIPSEnabled() == true) {
            tokenName = vals.getFIPSSlotDescription();
        } else {
            tokenName = vals.getInternalKeyStorageTokenDescription();
        }
        /* truncate to 32 bytes and remove trailing white space*/
        tokenName = tokenName.substring(0, 32);
        tokenName = tokenName.trim();
        System.out.println("\nFinding the Internal Key Storage token: " + tokenName);
        tok = cm.getTokenByName(tokenName);
        if (((PK11Token) tok).isInternalKeyStorageToken() && tok.equals(cm.getInternalKeyStorageToken())) {
            System.out.println("Good, " + tok.getName() + ", knows it is " + "the internal Key Storage Token");
        } else {
            System.out.println("ERROR: " + tok.getName() + ", doesn't know" + " it is the internal key storage token");
        }
        if (!password.equals("")) {
            System.out.println("logging in to the Token: " + tok.getName());
            PasswordCallback cb = new FilePasswordCallback(password);
            tok.login(cb);
            System.out.println("logged in to the Token: " + tok.getName());
        }
        /* find the Internal Crypto token */
        if (cm.FIPSEnabled() == true) {
            tokenName = vals.getFIPSSlotDescription();
        } else {
            tokenName = vals.getInternalTokenDescription();
        }
        /* truncate to 32 bytes and remove trailing white space*/
        tokenName = tokenName.substring(0, 32);
        tokenName = tokenName.trim();
        System.out.println("\nFinding the Internal Crypto token: " + tokenName);
        tok = cm.getTokenByName(tokenName);
        if (((PK11Token) tok).isInternalCryptoToken() && tok.equals(cm.getInternalCryptoToken())) {
            System.out.println("Good, " + tok.getName() + ", knows it is the internal Crypto token");
        } else {
            System.out.println("ERROR: " + tok.getName() + ", doesn't know that it is the internal Crypto token");
        }
        System.exit(0);
    } catch (Exception e) {
        e.printStackTrace();
        System.exit(1);
    }
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) InitializationValues(org.mozilla.jss.InitializationValues) PasswordCallback(org.mozilla.jss.util.PasswordCallback) CryptoManager(org.mozilla.jss.CryptoManager) PK11Module(org.mozilla.jss.pkcs11.PK11Module)

Example 7 with PasswordCallback

use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.

the class TokenCallbackInfo method changePassword.

/**
 * Change password.  This changes the user's PIN after it has already
 * been initialized.
 *
 * @param oldPINcb The user's old PIN callback.
 * @param newPINcb The new PIN callback.
 * @exception IncorrectPasswordException If the old PIN is incorrect.
 * @exception TokenException If some other error occurs on the token.
 */
@Override
public void changePassword(PasswordCallback oldPINcb, PasswordCallback newPINcb) throws IncorrectPasswordException, TokenException {
    byte[] oldPW = null;
    byte[] newPW = null;
    Password oldPIN = null;
    Password newPIN = null;
    PasswordCallbackInfo pwcb = makePWCBInfo();
    if (oldPINcb == null) {
        oldPINcb = new NullPasswordCallback();
    }
    if (newPINcb == null) {
        newPINcb = new NullPasswordCallback();
    }
    try {
        // Verify the old password
        oldPIN = oldPINcb.getPasswordFirstAttempt(pwcb);
        oldPW = Tunnel.getPasswordByteCopy(oldPIN);
        if (!userPasswordIsCorrect(oldPW)) {
            do {
                Password.wipeBytes(oldPW);
                oldPIN.clear();
                oldPIN = oldPINcb.getPasswordAgain(pwcb);
                oldPW = Tunnel.getPasswordByteCopy(oldPIN);
            } while (!userPasswordIsCorrect(oldPW));
        }
        // Now change the PIN
        newPIN = newPINcb.getPasswordFirstAttempt(pwcb);
        newPW = Tunnel.getPasswordByteCopy(newPIN);
        changePassword(oldPW, newPW);
    } catch (PasswordCallback.GiveUpException e) {
        throw new IncorrectPasswordException(e.toString());
    } finally {
        if (oldPW != null) {
            Password.wipeBytes(oldPW);
        }
        if (oldPIN != null) {
            oldPIN.clear();
        }
        if (newPW != null) {
            Password.wipeBytes(newPW);
        }
        if (newPIN != null) {
            newPIN.clear();
        }
    }
}
Also used : IncorrectPasswordException(org.mozilla.jss.util.IncorrectPasswordException) PasswordCallback(org.mozilla.jss.util.PasswordCallback) NullPasswordCallback(org.mozilla.jss.util.NullPasswordCallback) NullPasswordCallback(org.mozilla.jss.util.NullPasswordCallback) PasswordCallbackInfo(org.mozilla.jss.util.PasswordCallbackInfo) Password(org.mozilla.jss.util.Password)

Example 8 with PasswordCallback

use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.

the class TokenCallbackInfo method initPassword.

/**
 * Determines whether this is a removable token. For example, a smart card
 * is removable, while the Netscape internal module and a hardware
 * accelerator card are not removable.
 * @return true if the token is removable, false otherwise.
 */
// public native boolean isRemovable();
/**
 * Initialize PIN.  This sets the user's new PIN, using the current
 * security officer PIN for authentication.
 *
 * @param ssopwcb The security officer's current password callback.
 * @param userpwcb The user's new password callback.
 * @exception IncorrectPasswordException If the security officer PIN is
 *  incorrect.
 * @exception AlreadyInitializedException If the password hasn't already
 *  been set.
 * @exception TokenException If the PIN was already initialized,
 *  or there was an unspecified error in the token.
 */
@Override
public void initPassword(PasswordCallback ssopwcb, PasswordCallback userpwcb) throws IncorrectPasswordException, AlreadyInitializedException, TokenException {
    byte[] ssopwArray = null;
    byte[] userpwArray = null;
    Password ssopw = null;
    Password userpw = null;
    PasswordCallbackInfo pwcb = makePWCBInfo();
    if (ssopwcb == null) {
        ssopwcb = new NullPasswordCallback();
    }
    if (userpwcb == null) {
        userpwcb = new NullPasswordCallback();
    }
    try {
        // checks for the internal module
        if (!PWInitable()) {
            throw new AlreadyInitializedException();
        }
        // Verify the SSO Password, except on internal module
        if (isInternalKeyStorageToken()) {
            ssopwArray = new byte[] { 0 };
        } else {
            ssopw = ssopwcb.getPasswordFirstAttempt(pwcb);
            ssopwArray = Tunnel.getPasswordByteCopy(ssopw);
            while (!SSOPasswordIsCorrect(ssopwArray)) {
                Password.wipeBytes(ssopwArray);
                ssopw.clear();
                ssopw = ssopwcb.getPasswordAgain(pwcb);
                ssopwArray = Tunnel.getPasswordByteCopy(ssopw);
            }
        }
        // Now change the PIN
        userpw = userpwcb.getPasswordFirstAttempt(pwcb);
        userpwArray = Tunnel.getPasswordByteCopy(userpw);
        initPassword(ssopwArray, userpwArray);
    } catch (PasswordCallback.GiveUpException e) {
        throw new IncorrectPasswordException(e.toString());
    } finally {
        // zero-out the arrays
        if (ssopwArray != null) {
            Password.wipeBytes(ssopwArray);
        }
        if (ssopw != null) {
            ssopw.clear();
        }
        if (userpwArray != null) {
            Password.wipeBytes(userpwArray);
        }
        if (userpw != null) {
            userpw.clear();
        }
    }
}
Also used : IncorrectPasswordException(org.mozilla.jss.util.IncorrectPasswordException) PasswordCallback(org.mozilla.jss.util.PasswordCallback) NullPasswordCallback(org.mozilla.jss.util.NullPasswordCallback) NullPasswordCallback(org.mozilla.jss.util.NullPasswordCallback) PasswordCallbackInfo(org.mozilla.jss.util.PasswordCallbackInfo) AlreadyInitializedException(org.mozilla.jss.crypto.AlreadyInitializedException) Password(org.mozilla.jss.util.Password)

Example 9 with PasswordCallback

use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.

the class JSS_SelfServServer method doIt.

public void doIt(String[] args) throws Exception {
    if (args.length < 5 || args[0].toLowerCase().equals("-h")) {
        System.out.println(usage);
        System.exit(1);
    }
    try {
        if (!args[0].equals("."))
            fCertDbPath = args[0];
        if (!args[1].equals("passwords"))
            fPasswordFile = args[1];
        if (!args[2].equals("localhost"))
            fServerHost = args[2];
        if (args[3].equalsIgnoreCase("true") == true)
            TestInetAddress = true;
        if (args.length >= 5)
            port = Integer.parseInt(args[4]);
        if (args.length >= 6 && args[5].equalsIgnoreCase("verbose")) {
            bVerbose = true;
        }
        if (args.length >= 7 && !args[6].equalsIgnoreCase("default")) {
            fServerCertNick = args[6];
        }
    } catch (NumberFormatException e) {
        System.out.println("Error parsing command line " + e.getMessage());
        System.out.println(usage);
        System.exit(1);
    }
    if (bVerbose)
        System.out.println("initializing JSS");
    CryptoManager cm = CryptoManager.getInstance();
    CryptoToken tok = cm.getInternalKeyStorageToken();
    PasswordCallback cb = new FilePasswordCallback(fPasswordFile);
    tok.login(cb);
    // We have to configure the server session ID cache before
    // creating any server sockets.
    SSLServerSocket.configServerSessionIDCache(10, 100, 100, null);
    if (cm.FIPSEnabled()) {
        /* turn on only FIPS ciphersuites */
        /* Disable SSL2 and SSL3 ciphers */
        SSLSocket.enableSSL2Default(false);
        SSLSocket.enableSSL3Default(false);
        // Enable only FIPS ciphersuites.
        int[] ciphers = org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites();
        for (int i = 0; i < ciphers.length; ++i) {
            if (SSLSocket.isFipsCipherSuite(ciphers[i])) {
                /* enable the FIPS ciphersuite */
                SSLSocket.setCipherPreferenceDefault(ciphers[i], true);
            } else if (SSLSocket.getCipherPreferenceDefault(ciphers[i])) {
                /* disable the non fips ciphersuite */
                SSLSocket.setCipherPreferenceDefault(ciphers[i], false);
            }
        }
    } else {
        /* turn on all implemented ciphersuites the server certificate
            * will determine if the ciphersuites can be used.
            */
        int[] ciphers = org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites();
        for (int i = 0; i < ciphers.length; ++i) {
            try {
                SSLSocket.setCipherPreferenceDefault(ciphers[i], true);
                if (bVerbose) {
                    System.out.println(Constants.cipher.cipherToString(ciphers[i]) + " " + Integer.toHexString(ciphers[i]));
                }
            } catch (Exception ex) {
                ex.printStackTrace();
                System.exit(1);
            }
        }
        // disable SSL2 ciphersuites
        SSLSocket.enableSSL2Default(false);
    }
    // open the server socket and bind to the port
    if (bVerbose)
        System.out.println("JSS_SelfServServ about .... to create socket");
    if (TestInetAddress) {
        if (bVerbose)
            System.out.println("JSS_SelfServServ HostName " + fServerHost + " the Inet Address " + InetAddress.getByName(fServerHost));
        serverSock = new SSLServerSocket(port, 5, InetAddress.getByName(fServerHost), null, true);
    } else {
        if (bVerbose)
            System.out.println("Inet set to Null");
        serverSock = new SSLServerSocket(port, 5, null, null, true);
    }
    if (bVerbose)
        System.out.println("JSS_SelfServServ created socket");
    // Set timeout for 10 minutes
    serverSock.setSoTimeout(600 * 1000);
    serverSock.requireClientAuth(SSLSocket.SSL_REQUIRE_NO_ERROR);
    serverSock.setServerCertNickname("Server_ECDSA");
    serverSock.setServerCertNickname("Server_RSA");
    serverSock.setServerCertNickname("Server_DSS");
    if (bVerbose)
        System.out.println("JSS_SelfServServ specified cert by nickname");
    System.out.println("JSS_SelfServServ " + fServerHost + " ready to accept connections on " + port);
    int socketCntr = 0;
    try {
        while (true) {
            // accept the connection
            sock = (SSLSocket) serverSock.accept();
            sock.addHandshakeCompletedListener(new HandshakeListener("server", this));
            socketCntr++;
            sock.setSoTimeout(300 * 1000);
            if (bVerbose) {
                System.out.println("Timeout value for SSL sockets: " + sock.getSoTimeout() + " milliseconds");
            }
            readWriteThread rwThread = new readWriteThread(sock, socketCntr);
            rwThread.start();
        }
    } catch (SocketTimeoutException ex) {
        if (socketCntr == 0) {
            System.out.println("JSS_SelfServServ No Client attempted to " + "connect! If " + "test ran from all.pl check the client execution " + "for errors.");
        } else {
            System.out.println("JSS_SelfServServ there has been " + socketCntr + " client " + " connections but the server Accept has timed out!");
        }
        System.out.println("JSS_SelfServServ Timeout value: " + serverSock.getSoTimeout() + " milliseconds");
        ex.printStackTrace();
        System.out.println("JSS_SelfServServ exiting due to timeout.");
        System.exit(1);
    } catch (Exception ex) {
        System.out.println("JSS_SelfServServ Exception:");
        ex.printStackTrace();
        System.out.println("JSS_SelfServServ exiting.");
        System.exit(1);
    }
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) SocketTimeoutException(java.net.SocketTimeoutException) PasswordCallback(org.mozilla.jss.util.PasswordCallback) CryptoManager(org.mozilla.jss.CryptoManager) SSLServerSocket(org.mozilla.jss.ssl.SSLServerSocket) IOException(java.io.IOException) SocketTimeoutException(java.net.SocketTimeoutException)

Example 10 with PasswordCallback

use of org.mozilla.jss.util.PasswordCallback in project jss by dogtagpki.

the class KeyFactoryTest method main.

public static void main(String[] argv) throws Throwable {
    if (argv.length < 2) {
        System.out.println("Usage: java org.mozilla.jss.tests.KeyFactoryTest " + "<dbdir> <passwordFile>");
        System.exit(1);
    }
    CryptoToken tok = CryptoManager.getInstance().getInternalKeyStorageToken();
    PasswordCallback cb = new FilePasswordCallback(argv[1]);
    tok.login(cb);
    /* This is just a huge amount of needless info for the tinderbox and nightly QA
*        Provider []provs = Security.getProviders();
*        for( int i=0; i < provs.length; ++i) {
*            System.out.println("======");
*            System.out.println(provs[i].getName());
*            provs[i].list(System.out);
*            System.out.println("======");
*        }
*/
    (new KeyFactoryTest()).doTest();
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) PasswordCallback(org.mozilla.jss.util.PasswordCallback)

Aggregations

PasswordCallback (org.mozilla.jss.util.PasswordCallback)10 CryptoToken (org.mozilla.jss.crypto.CryptoToken)7 CryptoManager (org.mozilla.jss.CryptoManager)6 Password (org.mozilla.jss.util.Password)3 InitializationValues (org.mozilla.jss.InitializationValues)2 X509Certificate (org.mozilla.jss.crypto.X509Certificate)2 SSLServerSocket (org.mozilla.jss.ssl.SSLServerSocket)2 IncorrectPasswordException (org.mozilla.jss.util.IncorrectPasswordException)2 NullPasswordCallback (org.mozilla.jss.util.NullPasswordCallback)2 PasswordCallbackInfo (org.mozilla.jss.util.PasswordCallbackInfo)2 FileInputStream (java.io.FileInputStream)1 IOException (java.io.IOException)1 SocketTimeoutException (java.net.SocketTimeoutException)1 KeyPair (java.security.KeyPair)1 SecureRandom (java.security.SecureRandom)1 Calendar (java.util.Calendar)1 Date (java.util.Date)1 SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)1 AlreadyInitializedException (org.mozilla.jss.crypto.AlreadyInitializedException)1 InternalCertificate (org.mozilla.jss.crypto.InternalCertificate)1