diff --git a/security/jss/org/mozilla/jss/manage/CRLImportException.java b/security/jss/org/mozilla/jss/manage/CRLImportException.java deleted file mode 100644 index edbc27e63db5..000000000000 --- a/security/jss/org/mozilla/jss/manage/CRLImportException.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape Security Services for Java. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -package org.mozilla.jss; - -/** - * Thrown if a CRL cannot be imported - */ -public class CRLImportException extends java.lang.Exception { - public CRLImportException() {} - public CRLImportException(String mesg) { - super(mesg); - } -} diff --git a/security/jss/org/mozilla/jss/manage/CertDatabaseException.java b/security/jss/org/mozilla/jss/manage/CertDatabaseException.java deleted file mode 100644 index 144b44fc543f..000000000000 --- a/security/jss/org/mozilla/jss/manage/CertDatabaseException.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape Security Services for Java. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -package org.mozilla.jss; - -/** - * This exception is thrown if the certificate database does not exist, - * or if an error occurs while opening it. - */ -public class CertDatabaseException extends java.lang.Exception { - public CertDatabaseException() {} - public CertDatabaseException(String mesg) { - super(mesg); - } -} diff --git a/security/jss/org/mozilla/jss/manage/CryptoManager.c b/security/jss/org/mozilla/jss/manage/CryptoManager.c deleted file mode 100644 index 3876da04b76e..000000000000 --- a/security/jss/org/mozilla/jss/manage/CryptoManager.c +++ /dev/null @@ -1,849 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape Security Services for Java. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#include "_jni/org_mozilla_jss_CryptoManager.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "pk11util.h" - -#if defined(AIX) || defined(HPUX) || defined(LINUX) -#include -#endif - -/********************************************************************/ -/* The following VERSION Strings should be updated in the following */ -/* files everytime a new release of JSS is generated: */ -/* */ -/* jss.jar: ns/ninja/org/mozilla/jss/manage/CryptoManager.java */ -/* jss.dll: ns/ninja/org/mozilla/jss/manage/CryptoManager.c */ -/* */ -/********************************************************************/ - -static const char* DLL_JSS_VERSION = "JSS_VERSION = JSS_3_0"; -static const char* DLL_JDK_VERSION = "JDK_VERSION = JDK 1.2.2"; -static const char* DLL_NSS_VERSION = "NSS_VERSION = NSS_3_2_RTM"; -static const char* DLL_DBM_VERSION = "DBM_VERSION = NSS_3_1_1_RTM"; -static const char* DLL_NSPR_VERSION = "NSPR_VERSION = NSPRPUB_RELEASE_4_1"; - -static jobject -makePWCBInfo(JNIEnv *env, PK11SlotInfo *slot); - -static char* -getPWFromCallback(PK11SlotInfo *slot, PRBool retry, void *arg); - -/************************************************************* - * AIX, HP, and Linux signal handling madness - * - * In order for the JVM, kernel, and NSPR to work together, we setup - * a signal handler for SIGCHLD that does nothing. This is only done - * on AIX, HP, and Linux. - *************************************************************/ -#if defined(AIX) || defined(HPUX) || defined(LINUX) - -static PRStatus -handleSigChild(JNIEnv *env) { - - struct sigaction action; - sigset_t signalset; - int result; - - sigemptyset(&signalset); - - action.sa_handler = SIG_DFL; - action.sa_mask = signalset; - action.sa_flags = 0; - - result = sigaction( SIGCHLD, &action, NULL ); - - if( result != 0 ) { - JSS_throwMsg(env, GENERAL_SECURITY_EXCEPTION, - "Failed to set SIGCHLD handler"); - return PR_FAILURE; - } - - return PR_SUCCESS; -} - -#endif - - -int ConfigureOCSP( - JNIEnv *env, - jboolean ocspCheckingEnabled, - jstring ocspResponderURL, - jstring ocspResponderCertNickname ) -{ - char *ocspResponderURL_string=NULL; - char *ocspResponderCertNickname_string=NULL; - SECStatus status; - int result = SECSuccess; - CERTCertDBHandle *certdb = CERT_GetDefaultCertDB(); - - - /* if caller specified default responder, get the - * strings associated with these args - */ - - if (ocspResponderURL) { - ocspResponderURL_string = - (char*) (*env)->GetStringUTFChars(env, ocspResponderURL, NULL); - if (ocspResponderURL_string == NULL) { - JSS_throwMsg(env, GENERAL_SECURITY_EXCEPTION, - "OCSP invalid URL"); - result = SECFailure; - goto loser; - } - } - - if (ocspResponderCertNickname) { - ocspResponderCertNickname_string = - (char*) (*env)->GetStringUTFChars(env, ocspResponderCertNickname, NULL); - if (ocspResponderCertNickname_string == NULL) { - JSS_throwMsg(env, GENERAL_SECURITY_EXCEPTION, - "OCSP invalid nickname"); - result = SECFailure; - goto loser; - } - } - - /* first disable OCSP - we'll enable it later */ - - CERT_DisableOCSPChecking(certdb); - - /* if they set the default responder, then set it up - * and enable it - */ - if (ocspResponderURL) { - status = - CERT_SetOCSPDefaultResponder( certdb, - ocspResponderURL_string, - ocspResponderCertNickname_string - ); - if (status == SECFailure) { - /* deal with error */ - JSS_throwMsg(env, GENERAL_SECURITY_EXCEPTION, - "OCSP Could not set responder"); - result = SECFailure; - goto loser; - } - CERT_EnableOCSPDefaultResponder(certdb); - } - else { - /* if no defaultresponder is set, disable it */ - CERT_DisableOCSPDefaultResponder(certdb); - } - - - /* enable OCSP checking if requested */ - - if (ocspCheckingEnabled) { - CERT_EnableOCSPChecking(certdb); - } - -loser: - - if (ocspResponderURL_string) { - (*env)->ReleaseStringUTFChars(env, - ocspResponderURL, ocspResponderURL_string); - } - - if (ocspResponderCertNickname_string) { - (*env)->ReleaseStringUTFChars(env, - ocspResponderCertNickname, ocspResponderCertNickname_string); - } - - return result; - -} - - -/********************************************************************** - * This is the PasswordCallback object that will be used to login - * to tokens implicitly. - */ -static jobject globalPasswordCallback = NULL; - -/********************************************************************** - * The Java virtual machine can be used to retrieve the JNI environment - * pointer from callback functions. - */ -JavaVM * JSS_javaVM; - -JNIEXPORT void JNICALL -Java_org_mozilla_jss_CryptoManager_initializeAllNative - (JNIEnv *env, jclass clazz, - jstring configDir, - jstring certPrefix, - jstring keyPrefix, - jstring secmodName, - jboolean readOnly, - jstring manuString, - jstring libraryString, - jstring tokString, - jstring keyTokString, - jstring slotString, - jstring keySlotString, - jstring fipsString, - jstring fipsKeyString, - jboolean ocspCheckingEnabled, - jstring ocspResponderURL, - jstring ocspResponderCertNickname ) -{ - SECStatus rv = SECFailure; - JavaVM *VMs[5]; - jint numVMs; - char *szConfigDir = NULL; - char *szCertPrefix = NULL; - char *szKeyPrefix = NULL; - char *szSecmodName = NULL; - char *manuChars=NULL; - char *libraryChars=NULL; - char *tokChars=NULL; - char *keyTokChars=NULL; - char *slotChars=NULL; - char *keySlotChars=NULL; - char *fipsChars=NULL; - char *fipsKeyChars=NULL; - PRUint32 initFlags; - - /* This is thread-safe because initialize is synchronized */ - static PRBool initialized=PR_FALSE; - - if( configDir == NULL || - manuString == NULL || - libraryString == NULL || - tokString == NULL || - keyTokString == NULL || - slotString == NULL || - keySlotString == NULL || - fipsString == NULL || - fipsKeyString == NULL ) - { - JSS_throw(env, NULL_POINTER_EXCEPTION); - goto finish; - } - - /* Make sure initialize() completes only once */ - if(initialized) { - JSS_throw(env, ALREADY_INITIALIZED_EXCEPTION); - goto finish; - } - - /* - * Set the PKCS #11 strings - */ - manuChars = (char*) (*env)->GetStringUTFChars(env, manuString, NULL); - libraryChars = (char*) (*env)->GetStringUTFChars(env, libraryString, NULL); - tokChars = (char*) (*env)->GetStringUTFChars(env, tokString, NULL); - keyTokChars = (char*) (*env)->GetStringUTFChars(env, keyTokString, NULL); - slotChars = (char*) (*env)->GetStringUTFChars(env, slotString, NULL); - keySlotChars = (char*) (*env)->GetStringUTFChars(env, keySlotString, NULL); - fipsChars = (char*) (*env)->GetStringUTFChars(env, fipsString, NULL); - fipsKeyChars = (char*) (*env)->GetStringUTFChars(env, fipsKeyString, NULL); - if( (*env)->ExceptionOccurred(env) ) { - ASSERT_OUTOFMEM(env); - goto finish; - } - PR_ASSERT( strlen(manuChars) == 33 ); - PR_ASSERT( strlen(libraryChars) == 33 ); - PR_ASSERT( strlen(tokChars) == 33 ); - PR_ASSERT( strlen(keyTokChars) == 33 ); - PR_ASSERT( strlen(slotChars) == 65 ); - PR_ASSERT( strlen(keySlotChars) == 65 ); - PR_ASSERT( strlen(fipsChars) == 65 ); - PR_ASSERT( strlen(fipsKeyChars) == 65 ); - PK11_ConfigurePKCS11( PL_strdup(manuChars), - PL_strdup(libraryChars), - PL_strdup(tokChars), - PL_strdup(keyTokChars), - PL_strdup(slotChars), - PL_strdup(keySlotChars), - PL_strdup(fipsChars), - PL_strdup(fipsKeyChars), - 0, /* minimum pin length */ - PR_FALSE /* password required */ - ); - - - szConfigDir = (char*) (*env)->GetStringUTFChars(env, configDir, NULL); - if( certPrefix != NULL && keyPrefix != NULL && secmodName != NULL ) { - /* - * Set up arguments to NSS_Initialize - */ - szCertPrefix = (char*) (*env)->GetStringUTFChars(env, certPrefix, NULL); - szKeyPrefix = (char*) (*env)->GetStringUTFChars(env, keyPrefix, NULL); - szSecmodName = (char*) (*env)->GetStringUTFChars(env, secmodName, NULL); - initFlags = 0; - if( readOnly ) { - initFlags |= NSS_INIT_READONLY; - } - - /* - * Initialize NSS. - */ - rv = NSS_Initialize(szConfigDir, szCertPrefix, szKeyPrefix, - szSecmodName, initFlags); - } else { - if( readOnly ) { - rv = NSS_Init(szConfigDir); - } else { - rv = NSS_InitReadWrite(szConfigDir); - } - } - - if( rv != SECSuccess ) { - JSS_throwMsg(env, SECURITY_EXCEPTION, - "Unable to initialize security library"); - goto finish; - } - - /* - * Set default password callback. This is the only place this - * should ever be called if you are using Ninja. - */ - PK11_SetPasswordFunc(getPWFromCallback); - - /* - * Setup NSS to call the specified OCSP responder - */ - rv = ConfigureOCSP( - env, - ocspCheckingEnabled, - ocspResponderURL, - ocspResponderCertNickname ); - - if (rv != SECSuccess) { - goto finish; - } - - /* - * Save the JavaVM pointer so we can retrieve the JNI environment - * later. This only works if there is only one Java VM. - */ - if( JNI_GetCreatedJavaVMs(VMs, 5, &numVMs) != 0) { - JSS_trace(env, JSS_TRACE_ERROR, - "Unable to to access Java virtual machine"); - PR_ASSERT(PR_FALSE); - goto finish; - } - if(numVMs != 1) { - char *str; - PR_smprintf(str, "Invalid number of Java VMs: %d", numVMs); - JSS_trace(env, JSS_TRACE_ERROR, str); - PR_smprintf_free(str); - PR_ASSERT(PR_FALSE); - } - JSS_javaVM = VMs[0]; - - /* - * Set up policy. We're always domestic now. Thanks to the US Government! - */ - if( NSS_SetDomesticPolicy() != SECSuccess ) { - JSS_throwMsg(env, SECURITY_EXCEPTION, "Unable to set security policy"); - goto finish; - } - - initialized = PR_TRUE; - -finish: - /* LET'S BE CAREFUL. Unbraced if statements ahead. */ - if(szConfigDir) - (*env)->ReleaseStringUTFChars(env, configDir, szConfigDir); - if(szCertPrefix) - (*env)->ReleaseStringUTFChars(env, certPrefix, szCertPrefix); - if(szKeyPrefix) - (*env)->ReleaseStringUTFChars(env, keyPrefix, szKeyPrefix); - if(szSecmodName) - (*env)->ReleaseStringUTFChars(env, secmodName, szSecmodName); - if(manuChars) - (*env)->ReleaseStringUTFChars(env, manuString, manuChars); - if(libraryChars) - (*env)->ReleaseStringUTFChars(env, libraryString, libraryChars); - if(tokChars) - (*env)->ReleaseStringUTFChars(env, tokString, tokChars); - if(keyTokChars) - (*env)->ReleaseStringUTFChars(env, keyTokString, keyTokChars); - if(slotChars) - (*env)->ReleaseStringUTFChars(env, slotString, slotChars); - if(keySlotChars) - (*env)->ReleaseStringUTFChars(env, keySlotString, keySlotChars); - if(fipsChars) - (*env)->ReleaseStringUTFChars(env, fipsString, fipsChars); - if(fipsKeyChars) - (*env)->ReleaseStringUTFChars(env, fipsKeyString, fipsKeyChars); - - return; -} - -/********************************************************************** - * - * JSS_setPasswordCallback - * - * Sets the global PasswordCallback object, which will be used to - * login to tokens implicitly if necessary. - * - */ -void -JSS_setPasswordCallback(JNIEnv *env, jobject callback) -{ - PR_ASSERT(env!=NULL && callback!=NULL); - - /* Free the previously-registered password callback */ - if( globalPasswordCallback != NULL ) { - (*env)->DeleteGlobalRef(env, globalPasswordCallback); - globalPasswordCallback = NULL; - } - - /* Store the new password callback */ - globalPasswordCallback = (*env)->NewGlobalRef(env, callback); - if(globalPasswordCallback == NULL) { - JSS_throw(env, OUT_OF_MEMORY_ERROR); - } -} - -/********************************************************************** - * - * CryptoManager.setNativePasswordCallback - * - * Sets the global PasswordCallback object, which will be used to - * login to tokens implicitly if necessary. - * - */ -JNIEXPORT void JNICALL -Java_org_mozilla_jss_CryptoManager_setNativePasswordCallback - (JNIEnv *env, jclass clazz, jobject callback) -{ - JSS_setPasswordCallback(env, callback); -} - -/******************************************************************** - * - * g e t P W F r o m C a l l b a c k - * - * Extracts a password from a password callback and returns - * it to PKCS #11. - * - * INPUTS - * slot - * The PK11SlotInfo* for the slot we are logging into. - * retry - * PR_TRUE if this is the first time we are trying to login, - * PR_FALSE if we tried before and our password was wrong. - * arg - * This can contain a Java PasswordCallback object reference, - * or NULL to use the default password callback. - * RETURNS - * The password as extracted from the callback, or NULL if the - * callback gives up. - */ -static char* -getPWFromCallback(PK11SlotInfo *slot, PRBool retry, void *arg) -{ - jobject pwcbInfo; - jobject pwObject; - jbyteArray pwArray=NULL; - char* pwchars; - char* returnchars=NULL; - jclass callbackClass; - jclass passwordClass; - jmethodID getPWMethod; - jmethodID getByteCopyMethod; - jmethodID clearMethod; - jthrowable exception; - jobject callback; - JNIEnv *env; - - PR_ASSERT(slot!=NULL); - if(slot==NULL) { - return NULL; - } - - /* Get the callback from the arg, or use the default */ - PR_ASSERT(sizeof(void*) == sizeof(jobject)); - callback = (jobject)arg; - if(callback == NULL) { - callback = globalPasswordCallback; - if(callback == NULL) { - /* No global password callback set, no way to get a password */ - return NULL; - } - } - - /* Get the JNI environment */ - if((*JSS_javaVM)->AttachCurrentThread(JSS_javaVM, (void**)&env, NULL) != 0){ - PR_ASSERT(PR_FALSE); - goto finish; - } - PR_ASSERT(env != NULL); - - /***************************************** - * Construct the JSS_PasswordCallbackInfo - *****************************************/ - pwcbInfo = makePWCBInfo(env, slot); - if(pwcbInfo==NULL) { - goto finish; - } - - /***************************************** - * Get the callback class and methods - *****************************************/ - callbackClass = (*env)->GetObjectClass(env, callback); - if(callbackClass == NULL) { - JSS_trace(env, JSS_TRACE_ERROR, "Failed to find password " - "callback class"); - PR_ASSERT(PR_FALSE); - } - if(retry) { - getPWMethod = (*env)->GetMethodID( - env, - callbackClass, - PW_CALLBACK_GET_PW_AGAIN_NAME, - PW_CALLBACK_GET_PW_AGAIN_SIG); - } else { - getPWMethod = (*env)->GetMethodID( - env, - callbackClass, - PW_CALLBACK_GET_PW_FIRST_NAME, - PW_CALLBACK_GET_PW_FIRST_SIG); - } - if(getPWMethod == NULL) { - JSS_trace(env, JSS_TRACE_ERROR, - "Failed to find password callback accessor method"); - ASSERT_OUTOFMEM(env); - goto finish; - } - - /***************************************** - * Get the password from the callback - *****************************************/ - pwObject = (*env)->CallObjectMethod( - env, - callback, - getPWMethod, - pwcbInfo); - if( (*env)->ExceptionOccurred(env) != NULL) { - goto finish; - } - if( pwObject == NULL ) { - JSS_throw(env, GIVE_UP_EXCEPTION); - goto finish; - } - - /***************************************** - * Get Password class and methods - *****************************************/ - passwordClass = (*env)->GetObjectClass(env, pwObject); - if(passwordClass == NULL) { - JSS_trace(env, JSS_TRACE_ERROR, "Failed to find Password class"); - ASSERT_OUTOFMEM(env); - goto finish; - } - getByteCopyMethod = (*env)->GetMethodID( - env, - passwordClass, - PW_GET_BYTE_COPY_NAME, - PW_GET_BYTE_COPY_SIG); - clearMethod = (*env)->GetMethodID( env, - passwordClass, - PW_CLEAR_NAME, - PW_CLEAR_SIG); - if(getByteCopyMethod==NULL || clearMethod==NULL) { - JSS_trace(env, JSS_TRACE_ERROR, - "Failed to find Password manipulation methods from native " - "implementation"); - ASSERT_OUTOFMEM(env); - goto finish; - } - - /************************************************ - * Get the bytes from the password, then clear it - ***********************************************/ - pwArray = (*env)->CallObjectMethod( env, pwObject, getByteCopyMethod); - (*env)->CallVoidMethod(env, pwObject, clearMethod); - - exception = (*env)->ExceptionOccurred(env); - if(exception == NULL) { - PR_ASSERT(pwArray != NULL); - - /************************************************************* - * Copy the characters out of the byte array, - * then erase it - *************************************************************/ - pwchars = (char*) (*env)->GetByteArrayElements(env, pwArray, NULL); - PR_ASSERT(pwchars!=NULL); - - returnchars = PL_strdup(pwchars); - JSS_wipeCharArray(pwchars); - (*env)->ReleaseByteArrayElements(env, pwArray, (jbyte*)pwchars, 0); - } else { - returnchars = NULL; - } - -finish: - if( (exception=(*env)->ExceptionOccurred(env)) != NULL) { -#ifdef DEBUG - jclass giveupClass; - jmethodID printStackTrace; - jclass excepClass; -#endif - (*env)->ExceptionClear(env); -#ifdef DEBUG - giveupClass = (*env)->FindClass(env, GIVE_UP_EXCEPTION); - PR_ASSERT(giveupClass != NULL); - if( ! (*env)->IsInstanceOf(env, exception, giveupClass) ) { - excepClass = (*env)->GetObjectClass(env, exception); - printStackTrace = (*env)->GetMethodID(env, excepClass, - "printStackTrace", "()V"); - (*env)->CallVoidMethod(env, exception, printStackTrace); - PR_ASSERT( PR_FALSE ); - } - PR_ASSERT(returnchars==NULL); -#endif - } - return returnchars; -} - -/********************************************************************** - * - * m a k e P W C B I n f o - * - * Creates a Java PasswordCallbackInfo structure from a PKCS #11 token. - * Returns this object, or NULL if an exception was thrown. - */ -static jobject -makePWCBInfo(JNIEnv *env, PK11SlotInfo *slot) -{ - jclass infoClass; - jmethodID constructor; - jstring name; - jobject pwcbInfo=NULL; - - PR_ASSERT(env!=NULL && slot!=NULL); - - /***************************************** - * Turn the token name into a Java String - *****************************************/ - name = (*env)->NewStringUTF(env, PK11_GetTokenName(slot)); - if(name == NULL) { - ASSERT_OUTOFMEM(env); - goto finish; - } - - /***************************************** - * Look up the class and constructor - *****************************************/ - infoClass = (*env)->FindClass(env, TOKEN_CBINFO_CLASS_NAME); - if(infoClass == NULL) { - JSS_trace(env, JSS_TRACE_ERROR, "Unable to find TokenCallbackInfo " - "class"); - ASSERT_OUTOFMEM(env); - goto finish; - } - constructor = (*env)->GetMethodID( env, - infoClass, - TOKEN_CBINFO_CONSTRUCTOR_NAME, - TOKEN_CBINFO_CONSTRUCTOR_SIG); - if(constructor == NULL) { - JSS_trace(env, JSS_TRACE_ERROR, "Unable to find " - "TokenCallbackInfo constructor"); - ASSERT_OUTOFMEM(env); - goto finish; - } - - /***************************************** - * Create the CallbackInfo object - *****************************************/ - pwcbInfo = (*env)->NewObject(env, infoClass, constructor, name); - if(pwcbInfo == NULL) { - JSS_trace(env, JSS_TRACE_ERROR, "Unable to create TokenCallbackInfo"); - ASSERT_OUTOFMEM(env); - } - -finish: - return pwcbInfo; -} - -/********************************************************************** - * CryptoManager.putModulesInVector - * - * Wraps all PKCS #11 modules in PK11Module Java objects, then puts - * these into a Vector. - */ -JNIEXPORT void JNICALL -Java_org_mozilla_jss_CryptoManager_putModulesInVector - (JNIEnv *env, jobject this, jobject vector) -{ - SECMODListLock *listLock=NULL; - SECMODModuleList *list; - SECMODModule *modp=NULL; - jclass vectorClass; - jmethodID addElement; - jobject module; - - PR_ASSERT(env!=NULL && this!=NULL && vector!=NULL); - - /*************************************************** - * Get JNI ids - ***************************************************/ - vectorClass = (*env)->GetObjectClass(env, vector); - if(vectorClass == NULL) goto finish; - - addElement = (*env)->GetMethodID(env, - vectorClass, - VECTOR_ADD_ELEMENT_NAME, - VECTOR_ADD_ELEMENT_SIG); - if(addElement==NULL) goto finish; - - /*************************************************** - * Lock the list - ***************************************************/ - listLock = SECMOD_GetDefaultModuleListLock(); - PR_ASSERT(listLock!=NULL); - - SECMOD_GetReadLock(listLock); - - /*************************************************** - * Loop over the modules, adding each one to the vector - ***************************************************/ - for( list = SECMOD_GetDefaultModuleList(); list != NULL; list=list->next) { - PR_ASSERT(list->module != NULL); - - /** Make a PK11Module **/ - modp = SECMOD_ReferenceModule(list->module); - module = JSS_PK11_wrapPK11Module(env, &modp); - PR_ASSERT(modp==NULL); - if(module == NULL) { - goto finish; - } - - /** Stick the PK11Module in the Vector **/ - (*env)->CallVoidMethod(env, vector, addElement, module); - } - -finish: - /*** Unlock the list ***/ - if(listLock != NULL) { - SECMOD_ReleaseReadLock(listLock); - } - /*** Free this module if it wasn't properly Java-ized ***/ - if(modp!=NULL) { - SECMOD_DestroyModule(modp); - } - - return; -} - - -/********************************************************************** - * CryptoManager.enableFIPS - * - * Enables or disables FIPS mode. - * INPUTS - * fips - * true means turn on FIPS mode, false means turn it off. - * RETURNS - * true if a switch happened, false if the library was already - * in the requested mode. - * THROWS - * java.security.GeneralSecurityException if an error occurred with - * the PKCS #11 library. - */ -JNIEXPORT jboolean JNICALL -Java_org_mozilla_jss_CryptoManager_enableFIPS - (JNIEnv *env, jclass clazz, jboolean fips) -{ - char *name=NULL; - jboolean switched = JNI_FALSE; - SECStatus status; - - if( ((fips==JNI_TRUE) && !PK11_IsFIPS()) || - ((fips==JNI_FALSE) && PK11_IsFIPS()) ) - { - name = PL_strdup(SECMOD_GetInternalModule()->commonName); - status = SECMOD_DeleteInternalModule(name); - PR_Free(name); - switched = JNI_TRUE; - } - - if(status != SECSuccess) { - JSS_throwMsg(env, - GENERAL_SECURITY_EXCEPTION, - "Failed to toggle FIPS mode"); - } - - return switched; -} - -/*********************************************************************** - * CryptoManager.FIPSEnabled - * - * Returns true if FIPS mode is currently on, false if it ain't. - */ -JNIEXPORT jboolean JNICALL -Java_org_mozilla_jss_CryptoManager_FIPSEnabled(JNIEnv *env, jobject this) -{ - if( PK11_IsFIPS() ) { - return JNI_TRUE; - } else { - return JNI_FALSE; - } -} - -/*********************************************************************** - * DatabaseCloser.closeDatabases - * - * Closes the cert and key database, rendering the security library - * unusable. - */ -JNIEXPORT void JNICALL -Java_org_mozilla_jss_DatabaseCloser_closeDatabases - (JNIEnv *env, jobject this) -{ - NSS_Shutdown(); -} diff --git a/security/jss/org/mozilla/jss/manage/CryptoManager.java b/security/jss/org/mozilla/jss/manage/CryptoManager.java deleted file mode 100644 index 624c45265733..000000000000 --- a/security/jss/org/mozilla/jss/manage/CryptoManager.java +++ /dev/null @@ -1,1317 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape Security Services for Java. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -package org.mozilla.jss; - -import org.mozilla.jss.crypto.*; -import org.mozilla.jss.util.*; -import org.mozilla.jss.asn1.*; -import java.security.cert.CertificateException; -import java.security.GeneralSecurityException; -import org.mozilla.jss.pkcs11.PK11Cert; -import java.util.*; -import org.mozilla.jss.pkcs11.PK11Token; -import org.mozilla.jss.pkcs11.PK11Module; -import org.mozilla.jss.pkcs11.PK11SecureRandom; -import java.security.cert.CertificateEncodingException; -import org.mozilla.jss.CRLImportException; - -/** - * This class is the starting poing for the crypto package. - * Use it to initialize the subsystem and to lookup certs, keys, and tokens. - * Initialization is done with static methods, and must be done before - * an instance can be created. All other operations are done with instance - * methods. - * @version $Revision: 1.12 $ $Date: 2002/01/30 20:38:53 $ - */ -public final class CryptoManager implements TokenSupplier -{ - - public final static class NotInitializedException extends Exception {} - public final static class NicknameConflictException extends Exception {} - public final static class UserCertConflictException extends Exception {} - public final static class InvalidLengthException extends Exception {} - - /** - * The various options that can be used to initialize CryptoManager. - */ - public final static class InitializationValues { - protected InitializationValues() { - Assert.notReached("Default constructor"); - } - - ///////////////////////////////////////////////////////////// - // Constants - ///////////////////////////////////////////////////////////// - /** - * Token names must be this length exactly. - */ - public final int TOKEN_LENGTH = 33; - /** - * Slot names must be this length exactly. - */ - public final int SLOT_LENGTH = 65; - /** - * ManufacturerID must be this length exactly. - */ - public final int MANUFACTURER_LENGTH = 33; - /** - * Library description must be this length exactly. - */ - public final int LIBRARY_LENGTH = 33; - - /** - * This class enumerates the possible modes for FIPS compliance. - */ - public static final class FIPSMode { - private FIPSMode() {} - - /** - * Enable FIPS mode. - */ - public static final FIPSMode ENABLED = new FIPSMode(); - /** - * Disable FIPS mode. - */ - public static final FIPSMode DISABLED = new FIPSMode(); - /** - * Leave FIPS mode unchanged. All servers except Admin - * Server should use this, because only Admin Server should - * be altering FIPS mode. - */ - public static final FIPSMode UNCHANGED = new FIPSMode(); - } - - public InitializationValues(String configDir) { - this.configDir = configDir; - } - - public InitializationValues(String configDir, String certPrefix, - String keyPrefix, String secmodName) - { - this.configDir = configDir; - this.certPrefix = certPrefix; - this.keyPrefix = keyPrefix; - this.secmodName = secmodName; - } - - public String configDir = null; - public String certPrefix = null; - public String keyPrefix = null; - public String secmodName = null; - - /** - * The password callback to be used by JSS whenever a password - * is needed. May be NULL, in which the library will immediately fail - * to get a password if it tries to login automatically while - * performing - * a cryptographic operation. It will still work if the token - * has been manually logged in with CryptoToken.login. - *

The default is a ConsolePasswordCallback. - */ - public PasswordCallback passwordCallback = - new ConsolePasswordCallback(); - - /** - * The FIPS mode of the security library. Servers should - * use FIPSMode.UNCHANGED, since only - * Admin Server is supposed to alter this value. - *

The default is FIPSMode.UNCHANGED. - */ - public FIPSMode fipsMode = FIPSMode.UNCHANGED; - - /** - * To open the databases in read-only mode, set this flag to - * true. The default is false, meaning - * the databases are opened in read-write mode. - */ - public boolean readOnly = false; - - //////////////////////////////////////////////////////////////////// - // Manufacturer ID - //////////////////////////////////////////////////////////////////// - /** - * Returns the Manufacturer ID of the internal PKCS #11 module. - *

The default is "mozilla.org ". - */ - public String getManufacturerID() { return manufacturerID; } - - /** - * Sets the Manufacturer ID of the internal PKCS #11 module. - * This value must be exactly MANUFACTURER_LENGTH - * characters long. - * @exception InvalidLengthException If s.length() is not - * exactly MANUFACTURER_LENGTH. - */ - public void setManufacturerID(String s) throws InvalidLengthException { - if( s.length() != MANUFACTURER_LENGTH ) { - throw new InvalidLengthException(); - } - manufacturerID = s; - } - private String manufacturerID = - "mozilla.org "; - - //////////////////////////////////////////////////////////////////// - // Library Description - //////////////////////////////////////////////////////////////////// - /** - * Returns the description of the internal PKCS #11 module. - *

The default is "Internal Crypto Services ". - */ - public String getLibraryDescription() { return libraryDescription; } - - /** - * Sets the description of the internal PKCS #11 module. - * This value must be exactly LIBRARY_LENGTH - * characters long. - * @exception InvalidLengthException If s.length() is - * not exactly LIBRARY_LENGTH. - */ - public void setLibraryDescription(String s) - throws InvalidLengthException - { - if( s.length() != LIBRARY_LENGTH ) { - throw new InvalidLengthException(); - } - libraryDescription = s; - } - private String libraryDescription = - "Internal Crypto Services "; - - //////////////////////////////////////////////////////////////////// - // Internal Token Description - //////////////////////////////////////////////////////////////////// - /** - * Returns the description of the internal PKCS #11 token. - *

The default is "Internal Crypto Services Token ". - */ - public String getInternalTokenDescription() { - return internalTokenDescription; - } - - /** - * Sets the description of the internal PKCS #11 token. - * This value must be exactly TOKEN_LENGTH characters long. - * @exception InvalidLengthException If s.length() is - * not exactly TOKEN_LENGTH. - */ - public void setInternalTokenDescription(String s) - throws InvalidLengthException - { - if(s.length() != TOKEN_LENGTH) { - throw new InvalidLengthException(); - } - internalTokenDescription = s; - } - private String internalTokenDescription = - "Internal Crypto Services Token "; - - //////////////////////////////////////////////////////////////////// - // Internal Key Storage Token Description - //////////////////////////////////////////////////////////////////// - /** - * Returns the description of the internal PKCS #11 key storage token. - *

The default is "Internal Key Storage Token ". - */ - public String getInternalKeyStorageTokenDescription() { - return internalKeyStorageTokenDescription; - } - - /** - * Sets the description of the internal PKCS #11 key storage token. - * This value must be exactly TOKEN_LENGTH characters long. - * @exception InvalidLengthException If s.length() is - * not exactly TOKEN_LENGTH. - */ - public void setInternalKeyStorageTokenDescription(String s) - throws InvalidLengthException - { - if(s.length() != TOKEN_LENGTH) { - throw new InvalidLengthException(); - } - internalKeyStorageTokenDescription = s; - } - private String internalKeyStorageTokenDescription = - "Internal Key Storage Token "; - - //////////////////////////////////////////////////////////////////// - // Internal Slot Description - //////////////////////////////////////////////////////////////////// - /** - * Returns the description of the internal PKCS #11 slot. - *

The default is "NSS Internal Cryptographic Services ". - */ - public String getInternalSlotDescription() { - return internalSlotDescription; - } - - /** - * Sets the description of the internal PKCS #11 slot. - * This value must be exactly SLOT_LENGTH characters - * long. - * @exception InvalidLengthException If s.length() is - * not exactly SLOT_LENGTH. - */ - public void setInternalSlotDescription(String s) - throws InvalidLengthException - { - if(s.length() != SLOT_LENGTH) { - throw new InvalidLengthException(); - } - internalSlotDescription = s; - } - private String internalSlotDescription = - "NSS Internal Cryptographic Services "; - - //////////////////////////////////////////////////////////////////// - // Internal Key Storage Slot Description - //////////////////////////////////////////////////////////////////// - /** - * Returns the description of the internal PKCS #11 key storage slot. - *

The default is "NSS Internal Private Key and Certificate Storage ". - - */ - public String getInternalKeyStorageSlotDescription() { - return internalKeyStorageSlotDescription; - } - - /** - * Sets the description of the internal PKCS #11 key storage slot. - * This value must be exactly SLOT_LENGTH characters - * long. - * @exception InvalidLengthException If s.length() is - * not exactly SLOT_LENGTH. - */ - public void setInternalKeyStorageSlotDescription(String s) - throws InvalidLengthException - { - if(s.length() != SLOT_LENGTH) { - throw new InvalidLengthException(); - } - internalKeyStorageSlotDescription = s; - } - private String internalKeyStorageSlotDescription = - "NSS Internal Private Key and Certificate Storage "; - - //////////////////////////////////////////////////////////////////// - // FIPS Slot Description - //////////////////////////////////////////////////////////////////// - /** - * Returns the description of the internal PKCS #11 FIPS slot. - *

The default is "NSS Internal FIPS-140-1 Cryptographic Services ". - */ - public String getFIPSSlotDescription() { - return FIPSSlotDescription; - } - - /** - * Sets the description of the internal PKCS #11 FIPS slot. - * This value must be exactly SLOT_LENGTH characters - * long. - * @exception InvalidLengthException If s.length() is - * not exactly SLOT_LENGTH. - */ - public void setFIPSSlotDescription(String s) - throws InvalidLengthException - { - if(s.length() != SLOT_LENGTH) { - throw new InvalidLengthException(); - } - FIPSSlotDescription = s; - } - private String FIPSSlotDescription = - "NSS Internal FIPS-140-1 Cryptographic Services "; - - //////////////////////////////////////////////////////////////////// - // FIPS Key Storage Slot Description - //////////////////////////////////////////////////////////////////// - /** - * Returns the description of the internal PKCS #11 FIPS - * Key Storage slot. - *

The default is "NSS Internal FIPS-140-1 Private Key and Certificate Storage ". - */ - public String getFIPSKeyStorageSlotDescription() { - return FIPSKeyStorageSlotDescription; - } - - /** - * Sets the description of the internal PKCS #11 FIPS Key Storage slot. - * This value must be exactly SLOT_LENGTH characters - * long. - * @exception InvalidLengthException If s.length() is - * not exactly SLOT_LENGTH. - */ - public void setFIPSKeyStorageSlotDescription(String s) - throws InvalidLengthException - { - if(s.length() != SLOT_LENGTH) { - throw new InvalidLengthException(); - } - FIPSKeyStorageSlotDescription = s; - } - private String FIPSKeyStorageSlotDescription = - "NSS Internal FIPS-140-1 Private Key and Certificate Storage "; - - /** - * To have NSS check the OCSP responder for when verifying - * certificates, set this flags to true. It is false by - * default. - */ - public boolean ocspCheckingEnabled = false; - - /** - * Specify the location and cert of the responder. - * If OCSP checking is enabled *and* this variable is - * set to some URL, all OCSP checking will be done via - * this URL. - * - * If this variable is null, the OCSP responder URL will - * be obtained from the AIA extension in the certificate - * being queried. - * - * If this is set, you must also set ocspResponderCertNickname - * - */ - - - public String ocspResponderURL = null; - - /** - * The nickname of the cert to trust (expected) to - * sign the OCSP responses. - * Only checked when the OCSPResponder value is set. - */ - public String ocspResponderCertNickname = null; - - - /** - * Install the JSS crypto provider. Default is true. - */ - public boolean installJSSProvider = true; - - /** - * Remove the Sun crypto provider. Default is false. - */ - public boolean removeSunProvider = false; - } - - //////////////////////////////////////////////////// - // Module and Token Management - //////////////////////////////////////////////////// - - /** - * Retrieves the internal cryptographic services token. This is the - * token built into NSS that performs bulk - * cryptographic operations. - *

In FIPS mode, the internal cryptographic services token is the - * same as the internal key storage token. - * - * @return The internal cryptographic services token. - */ - public synchronized CryptoToken getInternalCryptoToken() { - return internalCryptoToken; - } - - /** - * Retrieves the internal key storage token. This is the token - * provided by NSS to store private keys. - * The keys stored in this token are stored in an encrypted key database. - *

In FIPS mode, the internal key storage token is the same as - * the internal cryptographic services token. - * - * @return The internal key storage token. - */ - public synchronized CryptoToken getInternalKeyStorageToken() { - return internalKeyStorageToken; - } - - /** - * Looks up the CryptoToken with the given name. Searches all - * loaded cryptographic modules for the token. - * - * @param name The name of the token. - * @exception org.mozilla.jss.crypto.NoSuchTokenException If no token - * is found with the given name. - */ - public synchronized CryptoToken getTokenByName(String name) - throws NoSuchTokenException - { - Enumeration tokens = getAllTokens(); - CryptoToken token; - - while(tokens.hasMoreElements()) { - token = (CryptoToken) tokens.nextElement(); - try { - if( name.equals(token.getName()) ) { - return token; - } - } catch( TokenException e ) { - Assert.assert(false, "Got a token exception"); - } - } - throw new NoSuchTokenException(); - } - - /** - * Retrieves all tokens that support the given algorithm. - * - */ - public synchronized Enumeration getTokensSupportingAlgorithm(Algorithm alg) - { - Enumeration tokens = getAllTokens(); - Vector goodTokens = new Vector(); - CryptoToken tok; - - while(tokens.hasMoreElements()) { - tok = (CryptoToken) tokens.nextElement(); - if( tok.doesAlgorithm(alg) ) { - goodTokens.addElement(tok); - } - } - return goodTokens.elements(); - } - - /** - * Retrieves all tokens. This is an enumeration of all tokens on all - * modules. - * - * @return All tokens accessible from JSS. Each item of the enumeration - * is a CryptoToken - * @see org.mozilla.jss.crypto.CryptoToken - */ - public synchronized Enumeration getAllTokens() { - Enumeration modules = getModules(); - Enumeration tokens; - Vector allTokens = new Vector(); - - while(modules.hasMoreElements()) { - tokens = ((PK11Module)modules.nextElement()).getTokens(); - while(tokens.hasMoreElements()) { - allTokens.addElement( tokens.nextElement() ); - } - } - return allTokens.elements(); - } - - /** - * Retrieves all tokens except those built into NSS. - * This excludes the internal token and the internal - * key storage token (which are one and the same in FIPS mode). - * - * @return All tokens accessible from JSS, except for the built-in - * internal tokens. - */ - public synchronized Enumeration getExternalTokens() { - Enumeration modules = getModules(); - Enumeration tokens; - PK11Token token; - Vector allTokens = new Vector(); - - while(modules.hasMoreElements()) { - tokens = ((PK11Module)modules.nextElement()).getTokens(); - while(tokens.hasMoreElements()) { - token = (PK11Token) tokens.nextElement(); - if( ! token.isInternalCryptoToken() && - ! token.isInternalKeyStorageToken() ) - { - allTokens.addElement( token ); - } - } - } - return allTokens.elements(); - } - - /** - * Retrieves all installed cryptographic modules. - * - * @return An enumeration of all installed PKCS #11 modules. Each - * item in the enumeration is a PK11Module. - * @see org.mozilla.jss.pkcs11.PK11Module - */ - public synchronized Enumeration getModules() { - return moduleVector.elements(); - } - - // Need to reload modules after adding new one - //public native addModule(String name, String libraryName); - - /** - * The list of modules. This should be initialized by the constructor - * and updated whenever 1) a new module is added, 2) a module is deleted, - * or 3) FIPS mode is switched. - */ - private Vector moduleVector; - - /** - * Re-creates the Vector of modules that is stored by CryptoManager. - * This entails going into native code to enumerate all modules, - * wrap each one in a PK11Module, and storing the PK11Module in the vector. - */ - private synchronized void reloadModules() { - moduleVector = new Vector(); - putModulesInVector(moduleVector); - - // Get the internal tokens - Enumeration tokens = getAllTokens(); - - internalCryptoToken = null; - internalKeyStorageToken = null; - while(tokens.hasMoreElements()) { - PK11Token token = (PK11Token) tokens.nextElement(); - if( token.isInternalCryptoToken() ) { - Assert.assert(internalCryptoToken == null); - internalCryptoToken = token; - } - if( token.isInternalKeyStorageToken() ) { - Assert.assert(internalKeyStorageToken == null); - internalKeyStorageToken = token; - } - } - Assert.assert(internalKeyStorageToken != null); - Assert.assert(internalCryptoToken != null); - } - - /** - * The internal cryptographic services token. - */ - private CryptoToken internalCryptoToken; - - /** - * The internal key storage token. - */ - private CryptoToken internalKeyStorageToken; - - /** - * Native code to traverse all PKCS #11 modules, wrap each one in - * a PK11Module, and insert each PK11Module into the given vector. - */ - private native void putModulesInVector(Vector vector); - - - /////////////////////////////////////////////////////////////////////// - // Constructor and Accessors - /////////////////////////////////////////////////////////////////////// - - /** - * Constructor, for internal use only. - */ - protected CryptoManager() { - TokenSupplierManager.setTokenSupplier(this); - reloadModules(); - } - - /** - * Retrieve the single instance of CryptoManager. - * This cannot be called before initialization. - * - * @see #initialize(CryptoManager.InitializationValues) - * @exception NotInitializedException If - * initialize(InitializationValues has not yet been - * called. - */ - public synchronized static CryptoManager getInstance() - throws NotInitializedException - { - if(instance==null) { - throw new NotInitializedException(); - } - return instance; - } - - /** - * The singleton instance, and a static initializer to create it. - */ - private static CryptoManager instance=null; - - - /////////////////////////////////////////////////////////////////////// - // FIPS management - /////////////////////////////////////////////////////////////////////// - - /** - * Enables or disables FIPS-140-1 compliant mode. If this returns true, - * you must reloadModules(). This should only be called once in a program, - * at the beginning, because it invalidates tokens and modules. - * - * @param fips true to turn FIPS compliant mode on, false to turn it off. - */ - private static native boolean enableFIPS(boolean fips) - throws GeneralSecurityException; - - /** - * Determines whether FIPS-140-1 compliance is active. - * - * @return true if the security library is in FIPS-140-1 compliant mode. - */ - public synchronized native boolean FIPSEnabled(); - - /////////////////////////////////////////////////////////////////////// - // Password Callback management - /////////////////////////////////////////////////////////////////////// - - /** - * This function sets the global password callback. It is - * not thread-safe to change this. A better strategy than using - * callbacks is to explicitly login to the tokens you need to use. - * Password callbacks are then only used as a last resort. - *

The callback may be NULL, in which case password callbacks will - * fail gracefully. - */ - public synchronized void setPasswordCallback(PasswordCallback pwcb) { - passwordCallback = pwcb; - setNativePasswordCallback( pwcb ); - } - private native void setNativePasswordCallback(PasswordCallback cb); - - /** - * Returns the currently registered password callback. - */ - public synchronized PasswordCallback getPasswordCallback() { - return passwordCallback; - } - - private PasswordCallback passwordCallback; - - - //////////////////////////////////////////////////// - // Initialization - //////////////////////////////////////////////////// - - /** - * Initialize the security subsystem. Opens the databases, loads all - * PKCS #11 modules, initializes the internal random number generator. - * The initialize methods that take arguments should be - * called only once, otherwise they will throw - * an exception. It is OK to call them after calling - * initialize(). - * - * @param configDir The directory containing the security databases. - * @exception org.mozilla.jss.util.KeyDatabaseException Unable to open - * the key database, or it was currupted. - * @exception org.mozilla.jss.util.CertDatabaseException Unable - * to open the certificate database, or it was currupted. - **/ - public static synchronized void initialize( String configDir ) - throws KeyDatabaseException, - CertDatabaseException, - AlreadyInitializedException, - GeneralSecurityException - { - initialize( new InitializationValues(configDir) ); - } - - /** - * Initialize the security subsystem. Opens the databases, loads all - * PKCS #11 modules, initializes the internal random number generator. - * The initialize methods that take arguments should be - * called only once, otherwise they will throw - * an exception. It is OK to call them after calling - * initialize(). - * - * @param values The options with which to initialize CryptoManager. - * @exception org.mozilla.jss.util.KeyDatabaseException Unable to open - * the key database, or it was currupted. - * @exception org.mozilla.jss.util.CertDatabaseException Unable - * to open the certificate database, or it was currupted. - **/ - public static synchronized void initialize( InitializationValues values ) - throws - KeyDatabaseException, - CertDatabaseException, - AlreadyInitializedException, - GeneralSecurityException - { - if(instance != null) { - throw new AlreadyInitializedException(); - } - loadNativeLibraries(); - if (values.ocspResponderURL != null) { - if (values.ocspResponderCertNickname == null) { - throw new GeneralSecurityException( - "Must set ocspResponderCertNickname"); - } - } - initializeAllNative(values.configDir, - values.certPrefix, - values.keyPrefix, - values.secmodName, - values.readOnly, - values.getManufacturerID(), - values.getLibraryDescription(), - values.getInternalTokenDescription(), - values.getInternalKeyStorageTokenDescription(), - values.getInternalSlotDescription(), - values.getInternalKeyStorageSlotDescription(), - values.getFIPSSlotDescription(), - values.getFIPSKeyStorageSlotDescription(), - values.ocspCheckingEnabled, - values.ocspResponderURL, - values.ocspResponderCertNickname - ); - - instance = new CryptoManager(); - instance.setPasswordCallback(values.passwordCallback); - if( values.fipsMode != InitializationValues.FIPSMode.UNCHANGED) { - if( enableFIPS(values.fipsMode == - InitializationValues.FIPSMode.ENABLED) ) - { - instance.reloadModules(); - } - } - if( values.removeSunProvider ) { - java.security.Security.removeProvider("SUN"); - } - if( values.installJSSProvider ) { - int position = java.security.Security.insertProviderAt( - new JSSProvider(), - 1); - if(position==-1) { - Debug.trace(Debug.ERROR, - "Unable to install default provider"); - } - } - } - - private static native void - initializeAllNative(String configDir, - String certPrefix, - String keyPrefix, - String secmodName, - boolean readOnly, - String manufacturerID, - String libraryDescription, - String internalTokenDescription, - String internalKeyStorageTokenDescription, - String internalSlotDescription, - String internalKeyStorageSlotDescription, - String fipsSlotDescription, - String fipsKeyStorageSlotDescription, - boolean ocspCheckingEnabled, - String ocspResponderURL, - String ocspResponderCertNickname -) - throws KeyDatabaseException, - CertDatabaseException, - AlreadyInitializedException; - - ///////////////////////////////////////////////////////////// - // Cert Lookup - ///////////////////////////////////////////////////////////// - /** - * Retrieves all CA certificates in the trust database. This - * is a fairly expensive operation in that it involves traversing - * the entire certificate database. - * @return An array of all CA certificates stored permanently - * in the trust database. - */ - public native X509Certificate[] - getCACerts(); - - /** - * Retrieves all certificates in the trust database. This - * is a fairly expensive operation in that it involves traversing - * the entire certificate database. - * @return An array of all certificates stored permanently - * in the trust database. - */ - public native X509Certificate[] - getPermCerts(); - - /** - * Imports a chain of certificates. The leaf certificate may be a - * a user certificate, that is, a certificate that belongs to the - * current user and whose private key is available for use. - * If the leaf certificate is a user certificate, it is stored - * on the token - * that contains the corresponding private key, and is assigned the - * given nickname. - * - * @param certPackage An encoded certificate or certificate chain. - * Acceptable - * encodings are binary PKCS #7 SignedData objects and - * DER-encoded certificates, which may or may not be wrapped - * in a Base-64 encoding package surrounded by - * "-----BEGIN CERTIFICATE-----" and - * "-----END CERTIFICATE-----". - * @param nickname The nickname for the user certificate. It must - * be unique. It is ignored if there is no user certificate. - * @return The leaf certificate from the chain. - * @exception CertificateEncodingException If the package encoding - * was not recognized. - * @exception CertificateNicknameConflictException If the leaf certificate - * is a user certificate, and another certificate already has the - * given nickname. - * @exception UserCertConflictException If the leaf certificate - * is a user certificate, but it has already been imported. - * @exception NoSuchItemOnTokenException If the leaf certificate is - * a user certificate, but the matching private key cannot be found. - * @exception TokenException If an error occurs importing a leaf - * certificate into a token. - */ - public X509Certificate - importCertPackage(byte[] certPackage, String nickname ) - throws CertificateEncodingException, - NicknameConflictException, - UserCertConflictException, - NoSuchItemOnTokenException, - TokenException - { - return importCertPackageNative(certPackage, nickname, false, false); - } - - /** - * Imports a chain of certificates. The leaf of the chain is a CA - * certificate AND a user certificate (this would only be called by - * a CA installing its own certificate). - * - * @param certPackage An encoded certificate or certificate chain. - * Acceptable - * encodings are binary PKCS #7 SignedData objects and - * DER-encoded certificates, which may or may not be wrapped - * in a Base-64 encoding package surrounded by - * "-----BEGIN CERTIFICATE-----" and - * "-----END CERTIFICATE-----". - * @param nickname The nickname for the user certificate. It must - * be unique. - * @return The leaf certificate from the chain. - * @exception CertificateEncodingException If the package encoding - * was not recognized. - * @exception CertificateNicknameConflictException If the leaf certificate - * another certificate already has the given nickname. - * @exception UserCertConflictException If the leaf certificate - * has already been imported. - * @exception NoSuchItemOnTokenException If the the private key matching - * the leaf certificate cannot be found. - * @exception TokenException If an error occurs importing the leaf - * certificate into a token. - */ - public X509Certificate - importUserCACertPackage(byte[] certPackage, String nickname) - throws CertificateEncodingException, - NicknameConflictException, - UserCertConflictException, - NoSuchItemOnTokenException, - TokenException - { - return importCertPackageNative(certPackage, nickname, false, true); - } - - - - /** - * Imports a chain of certificates, none of which is a user certificate. - * - * @param certPackage An encoded certificate or certificate chain. - * Acceptable - * encodings are binary PKCS #7 SignedData objects and - * DER-encoded certificates, which may or may not be wrapped - * in a Base-64 encoding package surrounded by - * "-----BEGIN CERTIFICATE-----" and - * "-----END CERTIFICATE-----". - * @return The leaf certificate from the chain. - * @exception CertificateEncodingException If the package encoding - * was not recognized. - * @exception TokenException If an error occurs importing a leaf - * certificate into a token. - */ - public X509Certificate - importCACertPackage(byte[] certPackage) - throws CertificateEncodingException, - TokenException - { - try { - return importCertPackageNative(certPackage, null, true, false); - } catch(NicknameConflictException e) { - Assert.notReached("importing CA certs caused nickname conflict"); - Debug.trace(Debug.ERROR, - "importing CA certs caused nickname conflict"); - } catch(UserCertConflictException e) { - Assert.notReached("importing CA certs caused user cert conflict"); - Debug.trace(Debug.ERROR, - "importing CA certs caused user cert conflict"); - } catch(NoSuchItemOnTokenException e) { - Assert.notReached("importing CA certs caused NoSuchItemOnToken"+ - "Exception"); - Debug.trace(Debug.ERROR, - "importing CA certs caused NoSuchItemOnTokenException"); - } - return null; - } - - /** - * Imports a single certificate into the permanent certificate - * database. - * - * @param derCert the certificate you want to add - * @param nickname the nickname you want to refer to the certificate as - * (must not be null) - */ - - public InternalCertificate - importCertToPerm(X509Certificate cert, String nickname) - throws TokenException, InvalidNicknameException - { - if (nickname==null) { - throw new InvalidNicknameException("Nickname must be non-null"); - } - - if (cert instanceof InternalCertificate) { - return (InternalCertificate) cert; - } - else { - return importCertToPermNative(cert,nickname); - } - } - - private native InternalCertificate - importCertToPermNative(X509Certificate cert, String nickname) - throws TokenException; - - /** - * @param noUser true if we know that none of the certs are user certs. - * In this case, no attempt will be made to find a matching private - * key for the leaf certificate. - */ - private native X509Certificate - importCertPackageNative(byte[] certPackage, String nickname, - boolean noUser, boolean leafIsCA) - throws CertificateEncodingException, - NicknameConflictException, - UserCertConflictException, - NoSuchItemOnTokenException, - TokenException; - - /*============ CRL importing stuff ********************************/ - - private static int TYPE_KRL = 0; - private static int TYPE_CRL = 1; - /** - * Imports a CRL, and stores it into the cert7.db - * Validate CRL then import it to the dbase. If there is already a CRL with the - * same CA in the dbase, it will be replaced if derCRL is more up to date. - * - * @param crl the DER-encoded CRL. - * @param url the URL where this CRL can be retrieved from (for future updates). - * [ note that CRLs are not retrieved automatically ]. Can be null - * @exception CRLImportException If the package encoding - * was not recognized. - */ - public void - importCRL(byte[] crl,String url) - throws CRLImportException, - TokenException - { - importCRLNative(crl,url,TYPE_CRL); - } - - - /** - * Imports a CRL, and stores it into the cert7.db - * - * @param the DER-encoded CRL. - */ - private native - void importCRLNative(byte[] crl, String url, int rl_type) - throws CRLImportException, TokenException; - - - - /*============ Cert Exporting stuff ********************************/ - - - /** - * Exports one or more certificates into a PKCS #7 certificate container. - * This is just a SignedData object whose certificates - * field contains the given certificates but whose content field - * is empty. - * - * @param certs One or more certificates that should be exported into - * the PKCS #7 object. The leaf certificate should be the first - * in the chain. The output of buildCertificateChain - * would be appropriate here. - * @exception CertificateEncodingException If the array is empty, - * or an error occurred encoding the certificates. - * @return A byte array containing a PKCS #7 SignedData object. - * @see #buildCertificateChain - */ - public native byte[] - exportCertsToPKCS7(X509Certificate[] certs) - throws CertificateEncodingException; - - /** - * Looks up a certificate given its nickname. - * - * @param nickname The nickname of the certificate to look for. - * @return The certificate matching this nickname, if one is found. - * @exception ObjectNotFoundException If no certificate could be found - * with the given nickname. - * @exception TokenException If an error occurs in the security library. - */ - public org.mozilla.jss.crypto.X509Certificate - findCertByNickname(String nickname) - throws ObjectNotFoundException, TokenException - { - Assert.assert(nickname!=null); - return findCertByNicknameNative(nickname); - } - - /** - * Returns all certificates with the given nickname. - * - * @param nickname The nickname of the certificate to look for. - * @return The certificates matching this nickname. The array may be empty - * if no matching certs were found. - * @exception TokenException If an error occurs in the security library. - */ - public org.mozilla.jss.crypto.X509Certificate[] - findCertsByNickname(String nickname) - throws TokenException - { - Assert.assert(nickname!=null); - return findCertsByNicknameNative(nickname); - } - - /** - * Looks up a certificate by issuer and serial number. The internal - * database and all PKCS #11 modules are searched. - * - * @param derIssuer The DER encoding of the certificate issuer name. - * The issuer name has ASN.1 type Name, which is defined in - * X.501. - * @param serialNumber The certificate serial number. - * @exception ObjectNotFoundException If the certificate is not found - * in the internal certificate database or on any PKCS #11 token. - * @exception TokenException If an error occurs in the security library. - */ - public org.mozilla.jss.crypto.X509Certificate - findCertByIssuerAndSerialNumber(byte[] derIssuer, INTEGER serialNumber) - throws ObjectNotFoundException, TokenException - { - try { - ANY sn = (ANY) ASN1Util.decode(ANY.getTemplate(), - ASN1Util.encode(serialNumber) ); - return findCertByIssuerAndSerialNumberNative(derIssuer, - sn.getContents() ); - } catch( InvalidBERException e ) { - Assert.notReached("Invalid BER encoding of INTEGER"); - return null; - } - } - - /** - * @param serialNumber The contents octets of a DER-encoding of the - * certificate serial number. - */ - private native org.mozilla.jss.crypto.X509Certificate - findCertByIssuerAndSerialNumberNative(byte[] derIssuer, byte[] serialNumber) - throws ObjectNotFoundException, TokenException; - - protected native org.mozilla.jss.crypto.X509Certificate - findCertByNicknameNative(String nickname) - throws ObjectNotFoundException, TokenException; - - protected native org.mozilla.jss.crypto.X509Certificate[] - findCertsByNicknameNative(String nickname) - throws TokenException; - - ///////////////////////////////////////////////////////////// - // build cert chains - ///////////////////////////////////////////////////////////// - /** - * Given a certificate, constructs its certificate chain. It may - * or may not chain up to a trusted root. - * @param leaf The certificate that is the starting point of the chain. - * @return An array of certificates, starting at the leaf and ending - * with the highest certificate on the chain that was found. - * @throws CertificateException If the certificate is not recognized - * by the underlying provider. - */ - public org.mozilla.jss.crypto.X509Certificate[] - buildCertificateChain(org.mozilla.jss.crypto.X509Certificate leaf) - throws java.security.cert.CertificateException, TokenException - { - if( ! (leaf instanceof PK11Cert) ) { - throw new CertificateException( - "Certificate is not a PKCS #11 certificate"); - } - return buildCertificateChainNative((PK11Cert)leaf); - } - - native org.mozilla.jss.crypto.X509Certificate[] - buildCertificateChainNative(PK11Cert leaf) - throws CertificateException, TokenException; - - - ///////////////////////////////////////////////////////////// - // lookup private keys - ///////////////////////////////////////////////////////////// - /** - * Looks up the PrivateKey matching the given certificate. - * - * @exception ObjectNotFoundException If no private key can be - * found matching the given certificate. - * @exception TokenException If an error occurs in the security library. - */ - public org.mozilla.jss.crypto.PrivateKey - findPrivKeyByCert(org.mozilla.jss.crypto.X509Certificate cert) - throws ObjectNotFoundException, TokenException - { - Assert.assert(cert!=null); - if(! (cert instanceof org.mozilla.jss.pkcs11.PK11Cert)) { - Assert.notReached("non-pkcs11 cert passed to PK11Finder"); - throw new ObjectNotFoundException(); - } - return findPrivKeyByCertNative(cert); - } - - protected native org.mozilla.jss.crypto.PrivateKey - findPrivKeyByCertNative(org.mozilla.jss.crypto.X509Certificate cert) - throws ObjectNotFoundException, TokenException; - - ///////////////////////////////////////////////////////////// - // Provide Pseudo-Random Number Generation - ///////////////////////////////////////////////////////////// - - /** - * Retrieves a FIPS-140-1 validated random number generator. - * - * @return A JSS SecureRandom implemented with FIPS-validated NSS. - */ - public org.mozilla.jss.crypto.JSSSecureRandom - createPseudoRandomNumberGenerator() - { - return new PK11SecureRandom(); - } - - /** - * Retrieves a FIPS-140-1 validated random number generator. - * - * @return A JSS SecureRandom implemented with FIPS-validated NSS. - */ - public org.mozilla.jss.crypto.JSSSecureRandom - getSecureRNG() { - return new PK11SecureRandom(); - } - - /********************************************************************/ - /* The following VERSION Strings should be updated in the following */ - /* files everytime a new release of JSS is generated: */ - /* */ - /* jss.jar: ns/ninja/org/mozilla/jss/manage/CryptoManager.java */ - /* jss.dll: ns/ninja/org/mozilla/jss/manage/CryptoManager.c */ - /* */ - /********************************************************************/ - - public static final String - JAR_JSS_VERSION = "JSS_VERSION = JSS_3_0"; - public static final String - JAR_JDK_VERSION = "JDK_VERSION = JDK 1.2.2"; - public static final String - JAR_NSS_VERSION = "NSS_VERSION = NSS_3_2_RTM"; - public static final String - JAR_DBM_VERSION = "DBM_VERSION = NSS_3_1_1_RTM"; - public static final String - JAR_NSPR_VERSION = "NSPR_VERSION = NSPRPUB_RELEASE_4_1"; - - /** - * Loads the JSS dynamic library if necessary. - * The system property "jss.load" will be set to "no" by jssjava - * because it is statically linked to the jss libraries. If this - * property is not set, that means we are not running jssjava - * and need to dynamically load the library. - *

This method is idempotent. - */ - synchronized static void loadNativeLibraries() - { - if( ! mNativeLibrariesLoaded && - ! ("no").equals(System.getProperty("jss.load")) ) - { - try { - Debug.trace(Debug.VERBOSE, "about to load jss library"); - System.loadLibrary("jss3"); - Debug.trace(Debug.VERBOSE, "jss library loaded"); - } catch( UnsatisfiedLinkError e) { - Debug.trace(Debug.ERROR, "ERROR: Unable to load jss library"); - throw new UnsatisfiedLinkError( - "Unable to load jss library or one of its dependencies"); - } - mNativeLibrariesLoaded = true; - } - } - static private boolean mNativeLibrariesLoaded = false; - - // Hashtable is synchronized. - private Hashtable perThreadTokenTable = new Hashtable(); - - /** - * Sets the default token for the current thread. This token will - * be used when JSS is called through the JCA interface, which has - * no means of specifying which token to use. - * - *

If no token is set, the InternalKeyStorageToken will be used. Setting - * this thread's token to null will also cause the - * InternalKeyStorageToken to be used. - * - * @param The token to use for crypto operations. Specifying null - * will cause the InternalKeyStorageToken to be used. - */ - public void setThreadToken(CryptoToken token) { - if( token != null ) { - perThreadTokenTable.put(Thread.currentThread(), token); - } else { - perThreadTokenTable.remove(Thread.currentThread()); - } - } - - /** - * Returns the default token for the current thread. This token will - * be used when JSS is called through the JCA interface, which has - * no means of specifying which token to use. - * - *

If no token is set, the InternalKeyStorageToken will be used. Setting - * this thread's token to null will also cause the - * InternalKeyStorageToken to be used. - * - * @return The default token for this thread. If it has not been specified, - * it will be the InternalKeyStorageToken. - */ - public CryptoToken getThreadToken() { - CryptoToken tok = - (CryptoToken) perThreadTokenTable.get(Thread.currentThread()); - if( tok == null ) { - tok = getInternalKeyStorageToken(); - } - return tok; - } - -} diff --git a/security/jss/org/mozilla/jss/manage/DatabaseCloser.java b/security/jss/org/mozilla/jss/manage/DatabaseCloser.java deleted file mode 100644 index 45b17fcf4fd8..000000000000 --- a/security/jss/org/mozilla/jss/manage/DatabaseCloser.java +++ /dev/null @@ -1,74 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape Security Services for Java. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -package org.mozilla.jss; - -/** - * A class for closing databases. Since closing the databases is - * very dangerous and breaks the JSS model, it may only be done from - * special applications. This class should be subclasses by - * authorized subclasses. It cannot be instantiated itself. - */ -public abstract class DatabaseCloser { - - private static final String authorizedClosers[] = - { "org.mozilla.certsetup.apps.CertSetup$DatabaseCloser", - "org.mozilla.jss.CloseDBs" }; - - /** - * Creates a new DatabaseCloser. This should only be called - * from an authorized subclass. This class cannot itself be - * instantiated. - * - * @throws Exception If the instantiation is not a valid subclass. - */ - public DatabaseCloser() throws Exception { - Class clazz = this.getClass(); - String name = clazz.getName(); - boolean approved = false; - for(int i=0; i < authorizedClosers.length; i++) { - if( name.equals( authorizedClosers[i] ) ) { - approved = true; - break; - } - } - if(!approved) { - throw new Exception(); - } - } - - /** - * Closes the certificate and key databases. This is extremely - * dangerous. - */ - protected native void closeDatabases(); -} diff --git a/security/jss/org/mozilla/jss/manage/JSSProvider.java b/security/jss/org/mozilla/jss/manage/JSSProvider.java deleted file mode 100644 index c990f1f06126..000000000000 --- a/security/jss/org/mozilla/jss/manage/JSSProvider.java +++ /dev/null @@ -1,93 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape Security Services for Java. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -package org.mozilla.jss; - -public class JSSProvider extends java.security.Provider { - - public JSSProvider() { - super("Mozilla-JSS", 3.1, - "Provides Signature, Message Digesting, and RNG"); - - ///////////////////////////////////////////////////////////// - // Signature - ///////////////////////////////////////////////////////////// - - put("Signature.SHA1withDSA", - "org.mozilla.jss.provider.java.security.DSASignatureSpi"); - - put("Alg.Alias.Signature.DSA", "SHA1withDSA"); - put("Alg.Alias.Signature.DSS", "SHA1withDSA"); - put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); - put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA"); - put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA"); - put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); - put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA"); - - put("Signature.MD5/RSA", - "org.mozilla.jss.provider.java.security.MD5RSASignatureSpi"); - put("Signature.MD2/RSA", - "org.mozilla.jss.provider.java.security.MD2RSASignatureSpi"); - put("Signature.SHA-1/RSA", - "org.mozilla.jss.provider.java.security.SHA1RSASignatureSpi"); - - put("Alg.Alias.Signature.SHA1/RSA", "SHA-1/RSA"); - - ///////////////////////////////////////////////////////////// - // Message Digesting - ///////////////////////////////////////////////////////////// - - put("MessageDigest.SHA-1", - "org.mozilla.jss.provider.java.security.SHA1MessageDigestSpi"); - put("MessageDigest.MD2", - "org.mozilla.jss.provider.java.security.MD2MessageDigestSpi"); - put("MessageDigest.MD5", - "org.mozilla.jss.provider.java.security.MD5MessageDigestSpi"); - - put("Alg.Alias.MessageDigest.SHA1", "SHA-1"); - put("Alg.Alias.MessageDigest.SHA", "SHA-1"); - - ///////////////////////////////////////////////////////////// - // SecureRandom - ///////////////////////////////////////////////////////////// - put("SecureRandom.pkcs11prng", - "org.mozilla.jss.provider.PKCS11SecureRandom"); - - ///////////////////////////////////////////////////////////// - // KeyPairGenerator - ///////////////////////////////////////////////////////////// - put("KeyPairGenerator.RSA", - "org.mozilla.jss.provider.java.security.RSAKeyPairGeneratorSpi"); - put("KeyPairGenerator.DSA", - "org.mozilla.jss.provider.java.security.DSAKeyPairGeneratorSpi"); - } -} diff --git a/security/jss/org/mozilla/jss/manage/KeyDatabaseException.java b/security/jss/org/mozilla/jss/manage/KeyDatabaseException.java deleted file mode 100644 index d40c4350fb0d..000000000000 --- a/security/jss/org/mozilla/jss/manage/KeyDatabaseException.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape Security Services for Java. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -package org.mozilla.jss; - -/** - * This exception is thrown if the key database does not exist, or if - * an error occurs while opening it. - */ -public class KeyDatabaseException extends java.lang.Exception { - public KeyDatabaseException() {} - public KeyDatabaseException(String mesg) { - super(mesg); - } -} diff --git a/security/jss/org/mozilla/jss/manage/Makefile b/security/jss/org/mozilla/jss/manage/Makefile deleted file mode 100644 index 9b72e07f79e9..000000000000 --- a/security/jss/org/mozilla/jss/manage/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape Security Services for Java. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1998-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/$(MODULE)/config/config.mk - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/jss/org/mozilla/jss/manage/NoSuchTokenException.java b/security/jss/org/mozilla/jss/manage/NoSuchTokenException.java deleted file mode 100644 index 455663473d22..000000000000 --- a/security/jss/org/mozilla/jss/manage/NoSuchTokenException.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape Security Services for Java. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -package org.mozilla.jss; - -/** - * Thrown if a token cannot be found. - */ -public class NoSuchTokenException extends java.lang.Exception { - public NoSuchTokenException() {} - public NoSuchTokenException(String mesg) { - super(mesg); - } -} diff --git a/security/jss/org/mozilla/jss/manage/PK11Finder.c b/security/jss/org/mozilla/jss/manage/PK11Finder.c deleted file mode 100644 index a2985679c66c..000000000000 --- a/security/jss/org/mozilla/jss/manage/PK11Finder.c +++ /dev/null @@ -1,1571 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape Security Services for Java. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#include "_jni/org_mozilla_jss_CryptoManager.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include "pk11util.h" -#include - -/* - * This is a semi-private NSS function, exposed only for JSS. - */ -SECStatus -CERT_ImportCAChainTrusted(SECItem *certs, int numcerts, SECCertUsage certUsage); - -/***************************************************************** - * - * CryptoManager. f i n d C e r t B y N i c k n a m e N a t i v e - * - */ -JNIEXPORT jobject JNICALL -Java_org_mozilla_jss_CryptoManager_findCertByNicknameNative - (JNIEnv *env, jobject this, jstring nickname) -{ - char *nick=NULL; - jobject certObject=NULL; - CERTCertificate *cert=NULL; - - PR_ASSERT(env!=NULL && this!=NULL && nickname!=NULL); - - nick = (char*) (*env)->GetStringUTFChars(env, nickname, NULL); - PR_ASSERT(nick!=NULL); - - cert = PK11_FindCertFromNickname(nick, NULL); - - if(cert == NULL) { - cert = CERT_FindCertByNickname( CERT_GetDefaultCertDB(), nick ); - if( cert == NULL ) { - JSS_nativeThrow(env, OBJECT_NOT_FOUND_EXCEPTION); - goto finish; - } - } - - certObject = JSS_PK11_wrapCert(env, &cert); - -finish: - if(nick != NULL) { - (*env)->ReleaseStringUTFChars(env, nickname, nick); - } - if(cert != NULL) { - CERT_DestroyCertificate(cert); - } - return certObject; -} - -/***************************************************************** - * - * CryptoManager. f i n d C e r t s B y N i c k n a m e N a t i v e - * - */ -JNIEXPORT jobjectArray JNICALL -Java_org_mozilla_jss_CryptoManager_findCertsByNicknameNative - (JNIEnv *env, jobject this, jstring nickname) -{ - CERTCertList *list =NULL; - jobjectArray certArray=NULL; - CERTCertListNode *node; - const char *nickChars=NULL; - jboolean charsAreCopied; - jclass certClass; - int count; - int i; - - /* convert the nickname string */ - nickChars = (*env)->GetStringUTFChars(env, nickname, &charsAreCopied); - if( nickChars == NULL ) { - goto finish; - } - - /* get the list of certs with the given nickname */ - list = PK11_FindCertsFromNickname( (char*)nickChars, NULL /*wincx*/); - if( list == NULL ) { - count = 0; - } else { - /* Since this structure changed in NSS_2_7_RTM (the reference */ - /* to "count" was removed from the "list" structure) we must */ - /* now count up the number of nodes manually! */ - for( node = CERT_LIST_HEAD(list), count=0; - ! CERT_LIST_END(node, list); - node = CERT_LIST_NEXT(node), count++ ); - } - PR_ASSERT(count >= 0); - - /* create the cert array */ - certClass = (*env)->FindClass(env, X509_CERT_CLASS); - if( certClass == NULL ) { - goto finish; - } - certArray = (*env)->NewObjectArray(env, count, certClass, NULL); - if( certArray == NULL ) { - /* exception was thrown */ - goto finish; - } - - if( list == NULL ) { - goto finish; - } - - /* traverse the list, placing each cert into the array */ - for( node = CERT_LIST_HEAD(list), i=0; - ! CERT_LIST_END(node, list); - node = CERT_LIST_NEXT(node), i++ ) { - - CERTCertificate *cert; - jobject certObj; - - /* Create a Java certificate object from the current CERTCertificate */ - cert = CERT_DupCertificate(node->cert); - certObj = JSS_PK11_wrapCert(env, &cert); - if( certObj == NULL ) { - goto finish; - } - - /* put the Java certificate into the next element in the array */ - (*env)->SetObjectArrayElement(env, certArray, i, certObj); - - if( (*env)->ExceptionOccurred(env) ) { - goto finish; - } - } - - /* sanity check */ - PR_ASSERT( i == count ); - -finish: - if(list) { - CERT_DestroyCertList(list); - } - if( nickChars && charsAreCopied ) { - (*env)->ReleaseStringUTFChars(env, nickname, nickChars); - } - return certArray; -} - -/***************************************************************** - * - * CryptoManager.findCertByIssuerAndSerialNumberNative - * - */ -JNIEXPORT jobject JNICALL -Java_org_mozilla_jss_CryptoManager_findCertByIssuerAndSerialNumberNative - (JNIEnv *env, jobject this, jbyteArray issuerBA, jbyteArray serialNumBA) -{ - jobject certObject=NULL; - CERTCertificate *cert=NULL; - SECItem *issuer=NULL, *serialNum=NULL; - CERTIssuerAndSN issuerAndSN; - PK11SlotInfo *slot=NULL; - - PR_ASSERT(env!=NULL && this!=NULL); - - /* validate args */ - if( issuerBA == NULL || serialNumBA == NULL ) { - JSS_throwMsg(env, ILLEGAL_ARGUMENT_EXCEPTION, - "NULL parameter passed to CryptoManager.findCertByIssuer" - "AndSerialNumberNative"); - goto finish; - } - - /* convert byte arrays to SECItems */ - issuer = JSS_ByteArrayToSECItem(env, issuerBA); - if( issuer == NULL ) { - goto finish; } - serialNum = JSS_ByteArrayToSECItem(env, serialNumBA); - if( serialNum == NULL ) { - goto finish; } - issuerAndSN.derIssuer = *issuer; - issuerAndSN.serialNumber = *serialNum; - - /* lookup with PKCS #11 first, then use cert database */ - cert = PK11_FindCertByIssuerAndSN(&slot, &issuerAndSN, NULL /*wincx*/); - if( cert == NULL ) { - cert = CERT_FindCertByIssuerAndSN( - CERT_GetDefaultCertDB(), - &issuerAndSN); - if( cert == NULL ) { - JSS_nativeThrow(env, OBJECT_NOT_FOUND_EXCEPTION); - goto finish; - } - } - - certObject = JSS_PK11_wrapCert(env, &cert); - -finish: - if(slot) { - PK11_FreeSlot(slot); - } - if(cert != NULL) { - CERT_DestroyCertificate(cert); - } - if(issuer) { - SECITEM_FreeItem(issuer, PR_TRUE /*freeit*/); - } - if(serialNum) { - SECITEM_FreeItem(serialNum, PR_TRUE /*freeit*/); - } - return certObject; -} - -/***************************************************************** - * - * CryptoManager. f i n d P r i v K e y B y C e r t N a t i v e - * - */ -JNIEXPORT jobject JNICALL -Java_org_mozilla_jss_CryptoManager_findPrivKeyByCertNative - (JNIEnv *env, jobject this, jobject Cert) -{ - PRThread *pThread; - CERTCertificate *cert; - SECKEYPrivateKey *privKey=NULL; - jobject Key; - - pThread = PR_AttachThread(PR_SYSTEM_THREAD, 0, NULL); - PR_ASSERT( pThread != NULL); - PR_ASSERT( env!=NULL && this!=NULL && Cert!=NULL); - - if( JSS_PK11_getCertPtr(env, Cert, &cert) != PR_SUCCESS) { - PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL); - goto finish; - } - if(cert==NULL) { - PR_ASSERT(PR_FALSE); - JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION); - goto finish; - } - - privKey = PK11_FindKeyByAnyCert(cert, NULL); - if(privKey == NULL) { - JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION); - goto finish; - } - - Key = JSS_PK11_wrapPrivKey(env, &privKey); - -finish: - if(privKey != NULL) { - SECKEY_DestroyPrivateKey(privKey); - } - PR_DetachThread(); - return Key; -} - - -/*********************************************************************** - * Node in linked list of certificates - */ -typedef struct JSScertNode { - struct JSScertNode *next; - CERTCertificate *cert; -} JSScertNode; - - -/*********************************************************************** - * - * c e r t _ c h a i n _ f r o m _ c e r t - * - * Builds a certificate chain from a certificate. Returns a Java array - * of PK11Certs. - * - * INPUTS: - * env - * The JNI environment. Must not be NULL. - * handle - * The certificate database in which to search for the certificate - * chain. This should usually be the default cert db. Must not - * be NULL. - * leaf - * A CERTCertificate that is the leaf of the cert chain. Must not - * be NULL. - * RETURNS: - * NULL if an exception was thrown, or - * A Java array of PK11Cert objects which constitute the chain of - * certificates. The chains starts with the one passed in and - * continues until either a self-signed root is found or the next - * certificate in the chain cannot be found. At least one cert will - * be in the chain: the leaf certificate passed in. - */ -static jobjectArray -cert_chain_from_cert(JNIEnv *env, CERTCertDBHandle *handle, - CERTCertificate *leaf) -{ - CERTCertificate *c; - int i, len = 0; - JSScertNode *head=NULL, *tail, *node; - jobjectArray certArray = NULL; - jclass certClass; - - PR_ASSERT(env!=NULL && handle!=NULL && leaf!=NULL); - - head = tail = (JSScertNode*) PR_CALLOC( sizeof(JSScertNode) ); - if (head == NULL) goto no_memory; - - /* put primary cert first in the linked list */ - head->cert = c = CERT_DupCertificate(leaf); - head->next = NULL; - PR_ASSERT(c != NULL); /* CERT_DupCertificate really can't return NULL */ - len++; - - /* - * add certs until we come to a self-signed one - */ - while(SECITEM_CompareItem(&c->derIssuer, &c->derSubject) != SECEqual) { - c = CERT_FindCertByName(handle, &tail->cert->derIssuer); - if (c == NULL) break; - - tail->next = (JSScertNode*) PR_CALLOC( sizeof(JSScertNode) ); - tail = tail->next; - if (tail == NULL) goto no_memory; - - tail->cert = c; - len++; - } - - /* - * Turn the cert chain into a Java array of certificates - */ - certClass = (*env)->FindClass(env, CERT_CLASS_NAME); - if(certClass==NULL) { - ASSERT_OUTOFMEM(env); - goto finish; - } - certArray = (*env)->NewObjectArray(env, len, certClass, (jobject)NULL); - if(certArray==NULL) { - ASSERT_OUTOFMEM(env); - goto finish; - } - /* convert linked list to array, freeing the linked list as we go */ - for( i=0; head != NULL; ++i ) { - jobject certObj; - - node = head; - - PR_ASSERT(i < len); - PR_ASSERT(node->cert != NULL); - - /* Convert C cert to Java cert */ - certObj = JSS_PK11_wrapCert(env, &node->cert); - PR_ASSERT( node->cert == NULL ); - if(certObj == NULL) { - PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL ); - goto finish; - } - - /* Insert Java cert into array */ - (*env)->SetObjectArrayElement(env, certArray, i, certObj); - if( (*env)->ExceptionOccurred(env) ) { - goto finish; - } - - /* Free this list element */ - head = head->next; - PR_Free(node); - } - - goto finish; -no_memory: - JSS_throw(env, OUT_OF_MEMORY_ERROR); -finish: - /* Free the linked list of certs if it hasn't been deleted already */ - while(head != NULL) { - node = head; - head = head->next; - if (node->cert != NULL) { - CERT_DestroyCertificate(node->cert); - } - PR_Free(node); - } - - return certArray; -} - -/***************************************************************** - * - * CryptoManager. b u i l d C e r t i f i c a t e C h a i n N a t i v e - * - * INPUTS: - * env - * The JNI environment. Must not be NULL. - * this - * The PK11Finder object. Must not be NULL. - * leafCert - * A PK11Cert object from which a cert chain will be built. - * Must not be NULL. - * RETURNS: - * NULL if an exception occurred, or - * An array of PK11Certs, the cert chain, with the leaf at the bottom. - * There will always be at least one element in the array (the leaf). - */ -JNIEXPORT jobjectArray JNICALL -Java_org_mozilla_jss_CryptoManager_buildCertificateChainNative - (JNIEnv *env, jobject this, jobject leafCert) -{ - PRThread *pThread; - CERTCertificate *leaf; - jobjectArray chainArray=NULL; - CERTCertDBHandle *certdb; - - pThread = PR_AttachThread(PR_SYSTEM_THREAD, 0, NULL); - PR_ASSERT(pThread != NULL); - - PR_ASSERT(env!=NULL && this!=NULL && leafCert!=NULL); - - if( JSS_PK11_getCertPtr(env, leafCert, &leaf) != PR_SUCCESS) { - JSS_throwMsg(env, CERTIFICATE_EXCEPTION, - "Could not extract pointer from PK11Cert"); - goto finish; - } - PR_ASSERT(leaf!=NULL); - - certdb = CERT_GetDefaultCertDB(); - if(certdb == NULL) { - PR_ASSERT(PR_FALSE); - JSS_throwMsg(env, TOKEN_EXCEPTION, - "No default certificate database has been registered"); - goto finish; - } - - /* Get the cert chain */ - chainArray = cert_chain_from_cert(env, certdb, leaf); - if(chainArray == NULL) { - PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL); - goto finish; - } - -finish: - - PR_DetachThread(); - return chainArray; -} - -/*********************************************************************** - * DERCertCollection - */ -typedef struct { - SECItem *derCerts; - int numCerts; -} DERCertCollection; - -/*********************************************************************** - * c o l l e c t _ c e r t s - * - * Copies certs into a new array. - * - * 'arg' is a pointer to a DERCertCollection structure, which will be filled in. - * 'certs' is an array of pointers to SECItems. - */ -static SECStatus -collect_der_certs(void *arg, SECItem **certs, int numcerts) -{ - int itemsCopied=0; - SECItem *certCopies; /* array of SECItem */ - SECStatus rv; - - PR_ASSERT(arg!=NULL); - - certCopies = PR_MALLOC( sizeof(SECItem) * numcerts); - ((DERCertCollection*)arg)->derCerts = certCopies; - ((DERCertCollection*)arg)->numCerts = numcerts; - if(certCopies == NULL) { - return SECFailure; - } - for(itemsCopied=0; itemsCopied < numcerts; itemsCopied++) { - rv=SECITEM_CopyItem(NULL, &certCopies[itemsCopied], certs[itemsCopied]); - if( rv == SECFailure ) { - goto loser; - } - } - PR_ASSERT(itemsCopied == numcerts); - - return SECSuccess; - -loser: - for(; itemsCopied >= 0; itemsCopied--) { - SECITEM_FreeItem( &certCopies[itemsCopied], PR_FALSE /*freeit*/); - } - PR_Free( certCopies ); - ((DERCertCollection*)arg)->derCerts = NULL; - ((DERCertCollection*)arg)->numCerts = 0; - return SECFailure; -} - -/*********************************************************************** - * CryptoManager.importCertToPerm - * - add the certificate to the permanent database - * - * throws TOKEN_EXCEPTION - */ -JNIEXPORT jobject JNICALL -Java_org_mozilla_jss_CryptoManager_importCertToPermNative - (JNIEnv *env, jobject this, jobject cert, jstring nickString) -{ - SECStatus rv; - CERTCertificate *oldCert; - jobject result=NULL; - char *nickname=NULL; - CERTCertificate **certArray = NULL; - SECItem *derCertArray[1]; - - /* first, get the NSS cert pointer from the 'cert' object */ - - if ( JSS_PK11_getCertPtr(env, cert, &oldCert) != PR_SUCCESS) { - PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL); - goto finish; - } - PR_ASSERT(oldCert != NULL); - - if (nickString != NULL) { - nickname = (char*) (*env)->GetStringUTFChars(env, nickString, NULL); - } - /* Then, add to permanent database */ - - derCertArray[0] = &oldCert->derCert; - rv = CERT_ImportCerts(CERT_GetDefaultCertDB(), -1 /* usage */, - 1, derCertArray, &certArray, PR_TRUE /*keepCerts*/, - PR_FALSE /*caOnly*/, nickname); - if( rv != SECSuccess || certArray == NULL || certArray[0] == NULL) { - JSS_throwMsg(env, TOKEN_EXCEPTION, "Unable to insert certificate" - " into permanent database"); - goto finish; - } - result = JSS_PK11_wrapCert(env, &certArray[0]); - -finish: - /* this checks for NULL */ - CERT_DestroyCertArray(certArray, 1); - if (nickname != NULL) { - (*env)->ReleaseStringUTFChars(env, nickString, nickname); - } - return result; -} - -static unsigned char* -data_start(unsigned char *buf, int length, unsigned int *data_length, - PRBool includeTag) -{ - unsigned char tag; - int used_length= 0; - - tag = buf[used_length++]; - - /* blow out when we come to the end */ - if (tag == 0) { - return NULL; - } - - *data_length = buf[used_length++]; - - if (*data_length&0x80) { - int len_count = *data_length & 0x7f; - - *data_length = 0; - - while (len_count-- > 0) { - *data_length = (*data_length << 8) | buf[used_length++]; - } - } - - if (*data_length > (length-used_length) ) { - *data_length = length-used_length; - return NULL; - } - if (includeTag) *data_length += used_length; - - return (buf + (includeTag ? 0 : used_length)); -} - -static PRStatus -getCertFields(SECItem *derCert, SECItem *issuer, - SECItem *serial, SECItem *subject) -{ - unsigned char *buf; - unsigned int buf_length; - unsigned char *date; - unsigned int datelen; - unsigned char *cert = derCert->data; - unsigned int cert_length = derCert->len; - - /* get past the signature wrap */ - buf = data_start(cert,cert_length,&buf_length,PR_FALSE); - if (buf == NULL) return PR_FAILURE; - - /* get into the raw cert data */ - buf = data_start(buf,buf_length,&buf_length,PR_FALSE); - if (buf == NULL) return PR_FAILURE; - - /* skip past any optional version number */ - if ((buf[0] & 0xa0) == 0xa0) { - date = data_start(buf,buf_length,&datelen,PR_FALSE); - if (date == NULL) return PR_FAILURE; - buf_length -= (date-buf) + datelen; - buf = date + datelen; - } - - /* serial number */ - serial->data = data_start(buf,buf_length,&serial->len,PR_FALSE); - if (serial->data == NULL) return PR_FAILURE; - buf_length -= (serial->data-buf) + serial->len; - buf = serial->data + serial->len; - - /* skip the OID */ - date = data_start(buf,buf_length,&datelen,PR_FALSE); - if (date == NULL) return PR_FAILURE; - buf_length -= (date-buf) + datelen; - buf = date + datelen; - - /* issuer */ - issuer->data = data_start(buf,buf_length,&issuer->len,PR_TRUE); - if (issuer->data == NULL) return PR_FAILURE; - buf_length -= (issuer->data-buf) + issuer->len; - buf = issuer->data + issuer->len; - - /* skip the date */ - date = data_start(buf,buf_length,&datelen,PR_FALSE); - if (date == NULL) return PR_FAILURE; - buf_length -= (date-buf) + datelen; - buf = date + datelen; - - /*subject */ - subject->data=data_start(buf,buf_length,&subject->len,PR_TRUE); - if (subject->data == NULL) return PR_FAILURE; - buf_length -= (subject->data-buf) + subject->len; - buf = subject->data +subject->len; - - /*subject */ - return PR_SUCCESS; -} - - -/** - * Returns - * -1 if operation error. - * 0 if no leaf found. - * 1 if leaf is found - */ -static int find_child_cert( - CERTCertDBHandle *certdb, - SECItem *derCerts, - int numCerts, - int *linked, - int cur_link, - int *leaf_link -) -{ - int i; - int status = 0; - SECItem parentIssuer, parentSerial, parentSubject; - PRStatus decodeStatus; - - decodeStatus = getCertFields(&derCerts[cur_link], &parentIssuer, - &parentSerial, &parentSubject); - if( decodeStatus != PR_SUCCESS ) { - status = -1; - goto finish; - } - - for (i=0; iGetByteArrayElements(env, packageArray, NULL); - if(packageBytes == NULL) { - PR_ASSERT( (*env)->ExceptionOccurred(env) ); - goto finish; - } - packageLen = (*env)->GetArrayLength(env, packageArray); - - /*************************************************** - * Decode package with HCL function - ***************************************************/ - status = CERT_DecodeCertPackage((char*) packageBytes, - (int) packageLen, - collect_der_certs, - (void*) &collection); - if( status != SECSuccess || collection.numCerts < 1 ) { - if( (*env)->ExceptionOccurred(env) == NULL) { - JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION, - "Security library failed to decode certificate package"); - } - goto finish; - } - derCerts = collection.derCerts; - numCerts = collection.numCerts; - - /*************************************************** - * convert nickname to char* - ***************************************************/ - if(nickString == NULL) { - nickChars = NULL; - } else { - nickChars = (char*) (*env)->GetStringUTFChars(env, nickString, NULL); - } - - /*************************************************** - * user cert can be anywhere in the cert chain. loop and find it. - * The point is to find the user cert with keys on the db, then - * treat the other certs in the chain as CA certs to import. - * The real order of the cert chain shouldn't matter, and shouldn't - * be assumed, and the real location of this user cert in the chain, - * if present, shouldn't be assumed either. - ***************************************************/ - if (numCerts > 1) { - for (certi=0; certi= 1 ) { - - if (certi == 0) { - status = CERT_ImportCAChainTrusted(derCerts+userCertFound, - numCerts-userCertFound, - certUsageUserCertImport); - if(status != SECSuccess) { - JSS_trace(env, JSS_TRACE_ERROR, - "CERT_ImportCAChain returned an error in " - "CryptoManager.importCertPackage."); - JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION, - "CERT_ImportCAChain returned an error"); - goto finish; - } - } else if (certi == numCerts) { - status = CERT_ImportCAChainTrusted(derCerts, - numCerts-userCertFound, - certUsageUserCertImport); - if(status != SECSuccess) { - JSS_trace(env, JSS_TRACE_ERROR, - "CERT_ImportCAChain returned an error in " - "CryptoManager.importCertPackage."); - JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION, - "CERT_ImportCAChain returned an error"); - goto finish; - } - } else { - status = CERT_ImportCAChainTrusted(derCerts, - certi, - certUsageUserCertImport); - if(status != SECSuccess) { - JSS_trace(env, JSS_TRACE_ERROR, - "CERT_ImportCAChain returned an error in " - "CryptoManager.importCertPackage."); - JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION, - "CERT_ImportCAChain returned an error"); - goto finish; - } - - status = CERT_ImportCAChainTrusted(derCerts+certi+1, - numCerts-certi-1, - certUsageUserCertImport); - if(status != SECSuccess) { - JSS_trace(env, JSS_TRACE_ERROR, - "CERT_ImportCAChain returned an error in " - "CryptoManager.importCertPackage."); - JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION, - "CERT_ImportCAChain returned an error"); - goto finish; - } - - } - - } - - /*************************************************** - * Now lookup the leaf cert and make it into a Java object. - * Apparently, the PK11 lookup checks external tokens first, - * while the CERT lookup checks the database first. If the leaf is - * a CA cert, we want to return the copy in the internal database - * rather than the copy on the token, so we use the CERT call. We - * use the PK11 call for user certs that aren't expected to be CAs - * by the caller. - ***************************************************/ - if(slot && !leafIsCA) { - PK11_FreeSlot(slot); - leafCert = PK11_FindCertByIssuerAndSN(&slot, &issuerAndSN, NULL); - } else { - leafCert = CERT_FindCertByIssuerAndSN(certdb, &issuerAndSN); - } - PR_ASSERT( leafCert != NULL ); - leafObject = JSS_PK11_wrapCert(env, &leafCert); - -finish: - if(slot!=NULL) { - PK11_FreeSlot(slot); - } - if(derCerts != NULL) { - for(i=0; i < numCerts; i++) { - SECITEM_FreeItem(&derCerts[i], PR_FALSE /*freeit*/); - } - PR_Free(derCerts); - } - if(packageBytes != NULL) { - (*env)->ReleaseByteArrayElements(env, packageArray, packageBytes, - JNI_ABORT); /* don't copy back */ - } - if(leafCert != NULL) { - CERT_DestroyCertificate(leafCert); - } - - return leafObject; -} - -/********************************************************************** - * PKCS #7 Encoding data structures - */ -typedef struct BufferNodeStr { - char *data; - unsigned long len; - struct BufferNodeStr *next; -} BufferNode; - -typedef struct { - BufferNode *head; - BufferNode *tail; - unsigned long totalLen; -} EncoderCallbackInfo; - -/********************************************************************** - * c r e a t e E n c o d e r C a l l b a c k I n f o - * - * Constructor for EncoderCallbackInfo structure. - * Returns NULL if it runs out of memory, otherwise a new EncoderCallbackInfo. - */ -static EncoderCallbackInfo* -createEncoderCallbackInfo() -{ - EncoderCallbackInfo *info; - - info = PR_Malloc( sizeof(EncoderCallbackInfo) ); - if( info == NULL ) { - return NULL; - } - info->head = info->tail = NULL; - info->totalLen = 0; - - return info; -} - -/*********************************************************************** - * d e s t r o y E n c o d e r C a l l b a c k I n f o - * - * Destructor for EncoderCallbackInfo structure. - */ -static void -destroyEncoderCallbackInfo(EncoderCallbackInfo *info) -{ - BufferNode *node; - - PR_ASSERT(info != NULL); - - while(info->head != NULL) { - node = info->head; - info->head = info->head->next; - - if(node->data) { - PR_Free(node->data); - } - PR_Free(node); - } - PR_Free(info); -} - -/*********************************************************************** - * e n c o d e r O u t p u t C a l l b a c k - * - * Called by the PKCS #7 encoder whenever output is available. - * Appends the output to a linked list. - */ -static void -encoderOutputCallback( void *arg, const char *buf, unsigned long len) -{ - BufferNode *node; - EncoderCallbackInfo *info; - - /*************************************************** - * validate arguments - ***************************************************/ - PR_ASSERT(arg!=NULL); - info = (EncoderCallbackInfo*) arg; - if(len == 0) { - return; - } - PR_ASSERT(buf != NULL); - - /*************************************************** - * Create a new node to store this information - ***************************************************/ - node = PR_NEW( BufferNode ); - if( node == NULL ) { - PR_ASSERT(PR_FALSE); - goto finish; - } - node->len = len; - node->data = PR_Malloc( len ); - if( node->data == NULL ) { - PR_ASSERT(PR_FALSE); - goto finish; - } - memcpy( node->data, buf, len ); - node->next = NULL; - - /*************************************************** - * Stick the new node onto the end of the list - ***************************************************/ - if( info->head == NULL ) { - PR_ASSERT(info->tail == NULL); - - info->head = info->tail = node; - } else { - PR_ASSERT(info->tail != NULL); - info->tail->next = node; - info->tail = node; - } - node = NULL; - - info->totalLen += len; - -finish: - if(node != NULL) { - if( node->data != NULL) { - PR_Free(node->data); - } - PR_Free(node); - } - return; -} - -/*********************************************************************** - * CryptoManager.exportCertsToPKCS7 - */ -JNIEXPORT jbyteArray JNICALL -Java_org_mozilla_jss_CryptoManager_exportCertsToPKCS7 - (JNIEnv *env, jobject this, jobjectArray certArray) -{ - int i, certcount; - SEC_PKCS7ContentInfo *cinfo=NULL; - CERTCertificate *cert; - jclass certClass; - jbyteArray pkcs7ByteArray=NULL; - jbyte *pkcs7Bytes=NULL; - EncoderCallbackInfo *info=NULL; - SECStatus status; - - /************************************************** - * Validate arguments - **************************************************/ - PR_ASSERT(env!=NULL && this!=NULL); - if(certArray == NULL) { - JSS_throw(env, NULL_POINTER_EXCEPTION); - goto finish; - } - - certcount = (*env)->GetArrayLength(env, certArray); - if(certcount < 1) { - JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION, - "At least one certificate must be passed to exportCertsToPKCS7"); - goto finish; - } - - /* - * JNI ID lookup - */ - certClass = (*env)->FindClass(env, CERT_CLASS_NAME); - if(certClass == NULL) { - ASSERT_OUTOFMEM(env); - goto finish; - } - - /*************************************************** - * Add each cert to the PKCS #7 context. Create the context - * for the first cert. - ***************************************************/ - for(i=0; i < certcount; i++) { - jobject certObject; - - certObject = (*env)->GetObjectArrayElement(env, certArray, i); - if( (*env)->ExceptionOccurred(env) != NULL) { - goto finish; - } - PR_ASSERT( certObject != NULL ); - - /* - * Make sure this is a PK11Cert - */ - if( ! (*env)->IsInstanceOf(env, certObject, certClass) ) { - JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION, - "Certificate was not a PK11 Certificate"); - goto finish; - } - - /* - * Convert it to a CERTCertificate - */ - if( JSS_PK11_getCertPtr(env, certObject, &cert) != PR_SUCCESS) { - JSS_trace(env, JSS_TRACE_ERROR, - "Unable to convert Java certificate to CERTCertificate"); - goto finish; - } - PR_ASSERT(cert != NULL); - - if( i == 0 ) { - /* - * First certificate: create a new PKCS #7 cert-only context - */ - PR_ASSERT(cinfo == NULL); - cinfo = SEC_PKCS7CreateCertsOnly(cert, - PR_FALSE, /* don't include chain */ - NULL /* cert db */ ); - if(cinfo == NULL) { - JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION, - "Failed to create PKCS #7 encoding context"); - goto finish; - } - } else { - /* - * All remaining certificates: add cert to context - */ - PR_ASSERT(cinfo != NULL); - - if( SEC_PKCS7AddCertificate(cinfo, cert) != SECSuccess ) { - JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION, - "Failed to add certificate to PKCS #7 encoding context"); - goto finish; - } - } - } - PR_ASSERT( i == certcount ); - PR_ASSERT( cinfo != NULL ); - - /************************************************** - * Encode the PKCS #7 context into its DER encoding - **************************************************/ - info = createEncoderCallbackInfo(); - if(info == NULL) { - JSS_throw(env, OUT_OF_MEMORY_ERROR); - goto finish; - } - - status = SEC_PKCS7Encode(cinfo, - encoderOutputCallback, - (void*)info, - NULL /* bulk key */, - NULL /* password function */, - NULL /* password function arg */ ); - if( status != SECSuccess ) { - JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION, - "Failed to encode PKCS #7 context"); - } - /* Make sure we got at least some data from the encoder */ - PR_ASSERT(info->totalLen > 0); - PR_ASSERT(info->head != NULL); - - /************************************************** - * Create a new byte array to hold the encoded PKCS #7 - **************************************************/ - pkcs7ByteArray = (*env)->NewByteArray(env, info->totalLen); - if(pkcs7ByteArray == NULL) { - ASSERT_OUTOFMEM(env); - goto finish; - } - pkcs7Bytes = (*env)->GetByteArrayElements(env, pkcs7ByteArray, NULL); - if(pkcs7Bytes == NULL) { - ASSERT_OUTOFMEM(env); - goto finish; - } - - /************************************************** - * Copy the PKCS #7 encoding into the byte array - **************************************************/ - { - BufferNode *node; - unsigned long processed=0; - - for(node=info->head; node!=NULL; node = node->next) { - PR_ASSERT(processed < info->totalLen); - PR_ASSERT(node->data != NULL); - PR_ASSERT(node->len > 0); - memcpy(pkcs7Bytes+processed, node->data, node->len); - processed += node->len; - } - PR_ASSERT( processed == info->totalLen ); - } - -finish: - /************************************************** - * Free allocated resources - **************************************************/ - if( cinfo != NULL) { - SEC_PKCS7DestroyContentInfo(cinfo); - } - if(pkcs7Bytes != NULL) { - PR_ASSERT(pkcs7ByteArray != NULL); - (*env)->ReleaseByteArrayElements(env, pkcs7ByteArray, pkcs7Bytes, 0); - } - if( info != NULL ) { - destroyEncoderCallbackInfo(info); - } - - /************************************************** - * Return the PKCS #7 information in a byte array, or NULL if an - * exception occurred - **************************************************/ - PR_ASSERT( (*env)->ExceptionOccurred(env)!=NULL || pkcs7ByteArray!=NULL ); - return pkcs7ByteArray; -} - -/*************************************************************************** - * getCerts - * - * Gathers all certificates of the given type into a Java array. - */ -static jobjectArray -getCerts(JNIEnv *env, PK11CertListType type) -{ - jobjectArray certArray = NULL; - jclass certClass; - jobject certObject; - CERTCertList *certList = NULL; - CERTCertListNode *node; - int numCerts, i; - - certList = PK11_ListCerts(type, NULL); - if( certList == NULL ) { - JSS_throwMsg(env, TOKEN_EXCEPTION, "Unable to list certificates"); - goto finish; - } - - /* first count the damn certs */ - numCerts = 0; - for( node = CERT_LIST_HEAD(certList); ! CERT_LIST_END(node, certList); - node = CERT_LIST_NEXT(node) ) { - ++numCerts; - } - - /************************************************** - * Create array of Java certificates - **************************************************/ - certClass = (*env)->FindClass(env, X509_CERT_CLASS); - if(certClass == NULL) { - ASSERT_OUTOFMEM(env); - goto finish; - } - - certArray = (*env)->NewObjectArray( env, - numCerts, - certClass, - NULL ); - if( certArray == NULL ) { - ASSERT_OUTOFMEM(env); - goto finish; - } - PR_ASSERT( (*env)->ExceptionOccurred(env) == NULL ); - - - /************************************************** - * Put all the certs in the array - **************************************************/ - i = 0; - for( node = CERT_LIST_HEAD(certList); ! CERT_LIST_END(node, certList); - node = CERT_LIST_NEXT(node) ) { - - PR_ASSERT( i < numCerts ); - - certObject = JSS_PK11_wrapCert(env, &(node->cert)); - if( certObject == NULL ) { - goto finish; - } - (*env)->SetObjectArrayElement(env, certArray, i, certObject); - if( (*env)->ExceptionOccurred(env) ) { - goto finish; - } - ++i; - - } - PR_ASSERT( i == numCerts ); - -finish: - if( certList != NULL ) { - CERT_DestroyCertList(certList); - } - - return certArray; -} - - -/*********************************************************************** - * CryptoManager.getCACerts - */ -JNIEXPORT jobjectArray JNICALL -Java_org_mozilla_jss_CryptoManager_getCACerts - (JNIEnv *env, jobject this) -{ - return getCerts(env, PK11CertListCA); -} - -/*********************************************************************** - * CryptoManager.getPermCerts - */ -JNIEXPORT jobjectArray JNICALL -Java_org_mozilla_jss_CryptoManager_getPermCerts - (JNIEnv *env, jobject this) -{ - return getCerts(env, PK11CertListUnique); -} - - - /* Imports a CRL, and stores it into the cert7.db - * - * @param the DER-encoded CRL. - */ - - -JNIEXPORT void JNICALL -Java_org_mozilla_jss_CryptoManager_importCRLNative - (JNIEnv *env, jobject this, - jbyteArray der_crl, jstring url_jstr, jint rl_type) - -{ - CERTCertDBHandle *certdb = CERT_GetDefaultCertDB(); - CERTSignedCrl *crl = NULL; - SECItem *packageItem = NULL; - int status = SECFailure; - char *url; - char *errmsg = NULL; - - /*************************************************** - * Validate arguments - ***************************************************/ - PR_ASSERT( env!=NULL && this!=NULL ); - if(der_crl == NULL) { - PR_ASSERT(PR_FALSE); - /* XXX need new exception here */ - JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION, - "CRL package is NULL"); - goto finish; - } - PR_ASSERT(certdb != NULL); - - /* convert CRL byte[] into secitem */ - - packageItem = JSS_ByteArrayToSECItem(env, der_crl); - if ( packageItem == NULL ) { - goto finish; - } - /* XXX need to deal with if error */ - - if (url_jstr != NULL) { - url = (char*) (*env)->GetStringUTFChars(env, url_jstr, NULL); - PR_ASSERT(url!=NULL); - } - else { - url = NULL; - } - - crl = CERT_ImportCRL( certdb, packageItem, url, rl_type, NULL); - - if( crl == NULL ) { - status = PR_GetError(); - errmsg = NULL; - switch (status) { - case SEC_ERROR_OLD_CRL: - case SEC_ERROR_OLD_KRL: - /* not an error - leave as NULL */ - errmsg = NULL; - goto finish; - case SEC_ERROR_CRL_EXPIRED: - errmsg = "CRL Expired"; - break; - case SEC_ERROR_KRL_EXPIRED: - errmsg = "KRL Expired"; - break; - case SEC_ERROR_CRL_NOT_YET_VALID: - errmsg = "CRL Not yet valid"; - break; - case SEC_ERROR_KRL_NOT_YET_VALID: - errmsg = "KRL Not yet valid"; - break; - case SEC_ERROR_CRL_INVALID: - errmsg = "Invalid encoding of CRL"; - break; - case SEC_ERROR_KRL_INVALID: - errmsg = "Invalid encoding of KRL"; - break; - case SEC_ERROR_BAD_DATABASE: - errmsg = "Database error"; - break; - default: - /* printf("NSS ERROR = %d\n",status); */ - errmsg = "Failed to import Revocation List"; - } - if (errmsg) { - JSS_throwMsg(env, CRL_IMPORT_EXCEPTION, errmsg); - } - } - -finish: - - if (packageItem) { - SECITEM_FreeItem(packageItem, PR_TRUE /*freeit*/); - } - - if(url != NULL) { - (*env)->ReleaseStringUTFChars(env, url_jstr, url); - } - - if (crl) { - SEC_DestroyCrl(crl); - } -} - - diff --git a/security/jss/org/mozilla/jss/manage/config.mk b/security/jss/org/mozilla/jss/manage/config.mk deleted file mode 100644 index d42c0f539cae..000000000000 --- a/security/jss/org/mozilla/jss/manage/config.mk +++ /dev/null @@ -1,37 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape Security Services for Java. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1998-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -TARGETS=$(LIBRARY) -SHARED_LIBRARY= -IMPORT_LIBRARY= - -NO_MD_RELEASE=1 diff --git a/security/jss/org/mozilla/jss/manage/manifest.mn b/security/jss/org/mozilla/jss/manage/manifest.mn deleted file mode 100644 index 6c9a814c9c91..000000000000 --- a/security/jss/org/mozilla/jss/manage/manifest.mn +++ /dev/null @@ -1,49 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape Security Services for Java. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1998-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -CORE_DEPTH = ../../../../.. - -MODULE = jss - -NS_USE_JDK = 1 - -REQUIRES = nspr20 security - -PACKAGE = org/mozilla/jss - -CSRCS = \ - CryptoManager.c \ - PK11Finder.c \ - $(NULL) - - -LIBRARY_NAME = jssmanage