diff --git a/security/jss/org/mozilla/jss/CryptoManager.c b/security/jss/org/mozilla/jss/CryptoManager.c index 99f8b10c0e24..65964ad7b067 100644 --- a/security/jss/org/mozilla/jss/CryptoManager.c +++ b/security/jss/org/mozilla/jss/CryptoManager.c @@ -879,7 +879,7 @@ Java_org_mozilla_jss_CryptoManager_enableFIPS { char *name=NULL; jboolean switched = JNI_FALSE; - SECStatus status; + SECStatus status = SECSuccess; if( ((fips==JNI_TRUE) && !PK11_IsFIPS()) || ((fips==JNI_FALSE) && PK11_IsFIPS()) ) diff --git a/security/jss/org/mozilla/jss/tests/FipsTest.java b/security/jss/org/mozilla/jss/tests/FipsTest.java new file mode 100644 index 000000000000..e576e6f37eff --- /dev/null +++ b/security/jss/org/mozilla/jss/tests/FipsTest.java @@ -0,0 +1,177 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape Security Services for Java. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1998-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +package org.mozilla.jss.tests; + +import org.mozilla.jss.*; +import org.mozilla.jss.pkcs11.*; +import org.mozilla.jss.crypto.*; +import java.io.*; + + +public class FipsTest { + + public static void main(String args[]) { + + try { + + if( args.length != 2 ) { + System.out.println("Usage: FipsTest "); + return; + } + String dbdir = args[0]; + String fipsmode = args[1]; + + CryptoManager.InitializationValues vals = new + CryptoManager.InitializationValues(dbdir); + + System.out.println("output of Initilization values "); + System.out.println("Manufacturer ID: " + vals.getManufacturerID()); + System.out.println("Library: " + vals.getLibraryDescription()); + System.out.println("Internal Slot: " + + vals.getInternalSlotDescription()); + System.out.println("Internal Token: " + + vals.getInternalTokenDescription()); + System.out.println("Key Storage Slot: " + + vals.getFIPSKeyStorageSlotDescription()); + System.out.println("Key Storage Token: " + + vals.getInternalKeyStorageTokenDescription()); + System.out.println("FIPS Slot: " + + vals.getFIPSSlotDescription()); + System.out.println("FIPS Key Storage: " + + vals.getFIPSKeyStorageSlotDescription()); + + + if (fipsmode.equalsIgnoreCase("enable")) { + vals.fipsMode = CryptoManager.InitializationValues.FIPSMode.ENABLED; + } else if (fipsmode.equalsIgnoreCase("disable")){ + vals.fipsMode = + CryptoManager.InitializationValues.FIPSMode.DISABLED; + } else { + vals.fipsMode = + CryptoManager.InitializationValues.FIPSMode.UNCHANGED; + } + + CryptoManager.initialize(vals); + + CryptoManager cm = CryptoManager.getInstance(); + + if (cm.FIPSEnabled() == true ) { + System.out.println("\n\t\tFIPS enabled\n"); + } else { + System.out.println("\n\t\tFIPS not enabled\n"); + } + + + java.util.Enumeration items; + items = cm.getModules(); + System.out.println("\nListing of Modules:"); + while(items.hasMoreElements()) { + System.out.println("\t"+ + ((PK11Module)items.nextElement()).getName() ); + } + + items = cm.getAllTokens(); + System.out.println("\nAll Tokens:"); + while(items.hasMoreElements()) { + System.out.println("\t"+ + ((CryptoToken)items.nextElement()).getName() ); + } + + items = cm.getExternalTokens(); + System.out.println("\nExternal Tokens:"); + while(items.hasMoreElements()) { + System.out.println("\t"+ + ((CryptoToken)items.nextElement()).getName() ); + } + + CryptoToken tok; + String tokenName; + + /* find the Internal Key Storage token */ + if (cm.FIPSEnabled() == true ) { + tokenName = vals.getFIPSSlotDescription(); + } else { + tokenName = vals.getInternalKeyStorageTokenDescription(); + } + + /* truncate to 32 bytes and remove trailing white space*/ + tokenName = tokenName.substring(0, 32); + tokenName = tokenName.trim(); + System.out.println("\nFinding the Internal Key Storage token: "+ + tokenName); + tok = cm.getTokenByName(tokenName); + + if( ((PK11Token)tok).isInternalKeyStorageToken() + && tok.equals(cm.getInternalKeyStorageToken()) ) { + System.out.println("Good, "+tok.getName()+", knows it is " + + "the internal Key Storage Token"); + } else { + System.out.println("ERROR: "+tok.getName()+", doesn't know"+ + " it is the internal key storage token"); + } + + /* find the Internal Crypto token */ + if (cm.FIPSEnabled() == true ) { + tokenName = vals.getFIPSSlotDescription(); + } else { + tokenName = vals.getInternalTokenDescription(); + } + + /* truncate to 32 bytes and remove trailing white space*/ + tokenName = tokenName.substring(0, 32); + tokenName = tokenName.trim(); + System.out.println("\nFinding the Internal Crypto token: " + tokenName); + tok = cm.getTokenByName(tokenName); + + if( ((PK11Token)tok).isInternalCryptoToken() && + tok.equals(cm.getInternalCryptoToken() )) { + System.out.println("Good, "+tok.getName()+ + ", knows it is the internal Crypto token"); + } else { + System.out.println("ERROR: "+tok.getName()+ + ", doesn't know that it is the internal Crypto token"); + } + + System.exit(0); + + } catch( Exception e ) { + e.printStackTrace(); + System.exit(1); + } + } +} diff --git a/security/jss/org/mozilla/jss/tests/all.pl b/security/jss/org/mozilla/jss/tests/all.pl index c43a801ff893..ced472e59c4c 100644 --- a/security/jss/org/mozilla/jss/tests/all.pl +++ b/security/jss/org/mozilla/jss/tests/all.pl @@ -324,6 +324,24 @@ $result >>=8; $result and print "JSSE client returned $result\n"; print_case_result ($result,"JSS server / JSSE client"); +# +# Test Enable FIPSMODE +# +print "============= Start enable FIPSMODE\n"; +$result = system("$java org.mozilla.jss.tests.FipsTest $testdir enable"); +$result >>=8; +$result and print "Enable FIPSMODE returned $result\n"; +print_case_result ($result,"FIPSMODE enabled"); + +# +# Test Disable FIPSMODE +# +print "============= Start disable FIPSMODE\n"; +$result = system("$java org.mozilla.jss.tests.FipsTest $testdir disable"); +$result >>=8; +$result and print "Disable FIPSMODE returned $result\n"; +print_case_result ($result,"FIPSMODE disabled"); + # # Test for JSS jar and library revision #