diff --git a/security/jss/lib/jss.def b/security/jss/lib/jss.def index a589aaca9398..719644434b1b 100644 --- a/security/jss/lib/jss.def +++ b/security/jss/lib/jss.def @@ -66,11 +66,8 @@ Java_org_mozilla_jss_CryptoManager_importCRLNative; Java_org_mozilla_jss_CryptoManager_importCertPackageNative; Java_org_mozilla_jss_CryptoManager_importCertToPermNative; Java_org_mozilla_jss_CryptoManager_initializeAllNative; -Java_org_mozilla_jss_CryptoManager_initializeNative; Java_org_mozilla_jss_CryptoManager_putModulesInVector; Java_org_mozilla_jss_CryptoManager_setNativePasswordCallback; -Java_org_mozilla_jss_NSSInit_initializeNative; -Java_org_mozilla_jss_NSSInit_setPasswordCallback; Java_org_mozilla_jss_pkcs11_CertProxy_releaseNativeResources; Java_org_mozilla_jss_pkcs11_CipherContextProxy_releaseNativeResources; Java_org_mozilla_jss_pkcs11_PK11Module_getLibraryName; diff --git a/security/jss/manifest.mn b/security/jss/manifest.mn index be6747a3325a..67ac129a9375 100644 --- a/security/jss/manifest.mn +++ b/security/jss/manifest.mn @@ -35,8 +35,7 @@ CORE_DEPTH = .. MODULE = jss -IMPORTS = svrcore/SVRCORE_2_5_1 \ - security/NSS_2_8_4_RTM \ +IMPORTS = security/NSS_3_2_RTM\ dbm/DBM_1_54 \ nspr20/v3.5.1 \ $(NULL) diff --git a/security/jss/org/mozilla/jss/manage/CryptoManager.c b/security/jss/org/mozilla/jss/manage/CryptoManager.c index fce16f3002a8..1de311713305 100644 --- a/security/jss/org/mozilla/jss/manage/CryptoManager.c +++ b/security/jss/org/mozilla/jss/manage/CryptoManager.c @@ -44,12 +44,13 @@ #include #include #include +#include +#include #include #include #include -#include "jssinit.h" #include "pk11util.h" #if defined(AIX) || defined(HPUX) || defined(LINUX) @@ -126,9 +127,8 @@ handleSigChild(JNIEnv *env) { #endif -int ConfigureOSCP( +int ConfigureOCSP( JNIEnv *env, - CERTCertDBHandle *db, jboolean ocspCheckingEnabled, jstring ocspResponderURL, jstring ocspResponderCertNickname ) @@ -137,6 +137,7 @@ int ConfigureOSCP( char *ocspResponderCertNickname_string=NULL; SECStatus status; int result = SECSuccess; + CERTCertDBHandle *certdb = CERT_GetDefaultCertDB(); /* if caller specified default responder, get the @@ -167,14 +168,14 @@ int ConfigureOSCP( /* first disable OCSP - we'll enable it later */ - CERT_DisableOCSPChecking(db); + CERT_DisableOCSPChecking(certdb); /* if they set the default responder, then set it up * and enable it */ if (ocspResponderURL) { status = - CERT_SetOCSPDefaultResponder( db, + CERT_SetOCSPDefaultResponder( certdb, ocspResponderURL_string, ocspResponderCertNickname_string ); @@ -185,18 +186,18 @@ int ConfigureOSCP( result = SECFailure; goto loser; } - CERT_EnableOCSPDefaultResponder(db); + CERT_EnableOCSPDefaultResponder(certdb); } else { /* if no defaultresponder is set, disable it */ - CERT_DisableOCSPDefaultResponder(db); + CERT_DisableOCSPDefaultResponder(certdb); } /* enable OCSP checking if requested */ if (ocspCheckingEnabled) { - CERT_EnableOCSPChecking(db); + CERT_EnableOCSPChecking(certdb); } loser: @@ -215,6 +216,7 @@ loser: } +#if 0 /*********************************************************************** * simpleInitialize * @@ -306,7 +308,9 @@ Java_org_mozilla_jss_CryptoManager_initializeNative return; } } +#endif +#if 0 /* * Callback for key database name. Name is passed in through void* argument. */ @@ -331,6 +335,7 @@ certDBNameCallback(void *arg, int dbVersion) return PL_strdup(""); } } +#endif /********************************************************************** * This is the PasswordCallback object that will be used to login @@ -344,58 +349,9 @@ static jobject globalPasswordCallback = NULL; */ JavaVM * JSS_javaVM; -/*********************************************************************** - * CryptoManager.initialize - * - * Initialize the security library and open all the databases. - * - */ JNIEXPORT void JNICALL Java_org_mozilla_jss_CryptoManager_initializeAllNative (JNIEnv *env, jclass clazz, - jstring modDBName, - jstring keyDBName, - jstring certDBName, - jboolean readOnly, - jstring manuString, - jstring libraryString, - jstring tokString, - jstring keyTokString, - jstring slotString, - jstring keySlotString, - jstring fipsString, - jstring fipsKeyString, - jboolean ocspCheckingEnabled, - jstring ocspResponderURL, - jstring ocspResponderCertNickname ) -{ - JSS_completeInitialize(env, - modDBName, - keyDBName, - certDBName, - readOnly, - manuString, - libraryString, - tokString, - keyTokString, - slotString, - keySlotString, - fipsString, - fipsKeyString, - ocspCheckingEnabled, - ocspResponderURL, - ocspResponderCertNickname - ); -} - -/*********************************************************************** - * JSS_completeInitialize - * - * Initialize the security library and open all the databases. - * - */ -void -JSS_completeInitialize(JNIEnv *env, jstring configDir, jstring certPrefix, jstring keyPrefix, @@ -433,10 +389,24 @@ JSS_completeInitialize(JNIEnv *env, /* This is thread-safe because initialize is synchronized */ static PRBool initialized=PR_FALSE; + if( configDir == NULL || + manuString == NULL || + libraryString == NULL || + tokString == NULL || + keyTokString == NULL || + slotString == NULL || + keySlotString == NULL || + fipsString == NULL || + fipsKeyString == NULL ) + { + JSS_throw(env, NULL_POINTER_EXCEPTION); + goto finish; + } + /* Make sure initialize() completes only once */ if(initialized) { JSS_throw(env, ALREADY_INITIALIZED_EXCEPTION); - return; + goto finish; } /* @@ -475,23 +445,32 @@ JSS_completeInitialize(JNIEnv *env, ); - /* - * Set up arguments to NSS_Initialize - */ szConfigDir = (char*) (*env)->GetStringUTFChars(env, configDir, NULL); - szCertPrefix = (char*) (*env)->GetStringUTFChars(env, certPrefix, NULL); - szKeyPrefix = (char*) (*env)->GetStringUTFChars(env, keyPrefix, NULL); - szSecmodName = (char*) (*env)->GetStringUTFChars(env, secmodName, NULL); - initFlags = 0; - if( readOnly ) { - initFlags |= NSS_INIT_READONLY; + if( certPrefix != NULL && keyPrefix != NULL && secmodName != NULL ) { + /* + * Set up arguments to NSS_Initialize + */ + szCertPrefix = (char*) (*env)->GetStringUTFChars(env, certPrefix, NULL); + szKeyPrefix = (char*) (*env)->GetStringUTFChars(env, keyPrefix, NULL); + szSecmodName = (char*) (*env)->GetStringUTFChars(env, secmodName, NULL); + initFlags = 0; + if( readOnly ) { + initFlags |= NSS_INIT_READONLY; + } + + /* + * Initialize NSS. + */ + rv = NSS_Initialize(szConfigDir, szCertPrefix, szKeyPrefix, + szSecmodName, initFlags); + } else { + if( readOnly ) { + rv = NSS_Init(szConfigDir); + } else { + rv = NSS_InitReadWrite(szConfigDir); + } } - /* - * Initialize NSS. - */ - rv = NSS_Initialize(szConfigDir, szCertPrefix, szKeyPrefix, szSecmodName, - initFlags); if( rv != SECSuccess ) { JSS_throwMsg(env, SECURITY_EXCEPTION, "Unable to initialize security library"); @@ -508,9 +487,8 @@ JSS_completeInitialize(JNIEnv *env, /* * Setup NSS to call the specified OCSP responder */ - rv = ConfigureOSCP( + rv = ConfigureOCSP( env, - cdb_handle, ocspCheckingEnabled, ocspResponderURL, ocspResponderCertNickname ); @@ -519,11 +497,6 @@ JSS_completeInitialize(JNIEnv *env, goto finish; } - if( NSS_SetDomesticPolicy() != SECSuccess ) { - JSS_throwMsg(env, SECURITY_EXCEPTION, "Unable to set security policy"); - goto finish; - } - /* * Save the JavaVM pointer so we can retrieve the JNI environment * later. This only works if there is only one Java VM. @@ -543,6 +516,13 @@ JSS_completeInitialize(JNIEnv *env, } JSS_javaVM = VMs[0]; +#if 0 + if( NSS_SetDomesticPolicy() != SECSuccess ) { + JSS_throwMsg(env, SECURITY_EXCEPTION, "Unable to set domestic policy"); + goto finish; + } +#endif + initialized = PR_TRUE; finish: @@ -575,25 +555,6 @@ finish: return; } - - - - -/********************************************************************** - * - * CryptoManager.setNativePasswordCallback - * - * Sets the global PasswordCallback object, which will be used to - * login to tokens implicitly if necessary. - * - */ -JNIEXPORT void JNICALL -Java_org_mozilla_jss_CryptoManager_setNativePasswordCallback - (JNIEnv *env, jclass clazz, jobject callback) -{ - JSS_setPasswordCallback(env, callback); -} - /********************************************************************** * * JSS_setPasswordCallback @@ -620,6 +581,21 @@ JSS_setPasswordCallback(JNIEnv *env, jobject callback) } } +/********************************************************************** + * + * CryptoManager.setNativePasswordCallback + * + * Sets the global PasswordCallback object, which will be used to + * login to tokens implicitly if necessary. + * + */ +JNIEXPORT void JNICALL +Java_org_mozilla_jss_CryptoManager_setNativePasswordCallback + (JNIEnv *env, jclass clazz, jobject callback) +{ + JSS_setPasswordCallback(env, callback); +} + /******************************************************************** * * g e t P W F r o m C a l l b a c k @@ -1003,11 +979,5 @@ JNIEXPORT void JNICALL Java_org_mozilla_jss_DatabaseCloser_closeDatabases (JNIEnv *env, jobject this) { - PR_ASSERT( CERT_GetDefaultCertDB() != NULL ); - CERT_ClosePermCertDB( CERT_GetDefaultCertDB() ); - CERT_SetDefaultCertDB( NULL ); - - PR_ASSERT( SECKEY_GetDefaultKeyDB() != NULL ); - SECKEY_CloseKeyDB( SECKEY_GetDefaultKeyDB() ); - SECKEY_SetDefaultKeyDB( NULL ); + NSS_Shutdown(); } diff --git a/security/jss/org/mozilla/jss/manage/CryptoManager.java b/security/jss/org/mozilla/jss/manage/CryptoManager.java index b08b7cac82be..e139e660f290 100644 --- a/security/jss/org/mozilla/jss/manage/CryptoManager.java +++ b/security/jss/org/mozilla/jss/manage/CryptoManager.java @@ -51,7 +51,7 @@ import org.mozilla.jss.CRLImportException; * Initialization is done with static methods, and must be done before * an instance can be created. All other operations are done with instance * methods. - * @version $Revision: 1.5 $ $Date: 2001/04/03 04:08:19 $ + * @version $Revision: 1.6 $ $Date: 2001/04/10 17:32:20 $ */ public final class CryptoManager implements TokenSupplier { @@ -114,6 +114,14 @@ public final class CryptoManager implements TokenSupplier this.configDir = configDir; } + /** + * deprecated + */ + public InitializationValues(String secmodName, String keydbName, + String certdbName) + { + } + public InitializationValues(String configDir, String certPrefix, String keyPrefix, String secmodName) { @@ -706,21 +714,6 @@ public final class CryptoManager implements TokenSupplier // Initialization //////////////////////////////////////////////////// - /** - * Initialize the security subsystem. Initializes NSPR and the - * Random Number Generator, but does not open any databases or initialize - * PKCS #11. The only cryptographic operation that can be performed - * after this call is PQG parameter generation. This method can - * be called repeatedly, before or after the call to - * initialize(InitializationValues). - */ - public static synchronized void initialize() - { - NSSInit.loadNativeLibraries(); - initializeNative(); - } - private static native void initializeNative(); - /** * Initialize the security subsystem. Opens the databases, loads all * PKCS #11 modules, initializes the internal random number generator. @@ -744,6 +737,19 @@ public final class CryptoManager implements TokenSupplier initialize( new InitializationValues(configDir) ); } + /** + * deprecated + */ + public static synchronized void initialize( String secmodName, + String keydbName, String certdbName) + throws KeyDatabaseException, + CertDatabaseException, + AlreadyInitializedException, + GeneralSecurityException + { + initialize( new InitializationValues() ); + } + /** * Initialize the security subsystem. Opens the databases, loads all * PKCS #11 modules, initializes the internal random number generator. @@ -768,7 +774,7 @@ public final class CryptoManager implements TokenSupplier if(instance != null) { throw new AlreadyInitializedException(); } - NSSInit.loadNativeLibraries(); + loadNativeLibraries(); if (values.ocspResponderURL != null) { if (values.ocspResponderCertNickname == null) { throw new GeneralSecurityException( diff --git a/security/jss/org/mozilla/jss/manage/NSSInit.c b/security/jss/org/mozilla/jss/manage/NSSInit.c deleted file mode 100644 index 683964d34ace..000000000000 --- a/security/jss/org/mozilla/jss/manage/NSSInit.c +++ /dev/null @@ -1,109 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape Security Services for Java. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "_jni/org_mozilla_jss_NSSInit.h" -#include -#include "jssinit.h" - -/********************************************************************/ -/* The following VERSION Strings should be updated in the following */ -/* files everytime a new release of JSS is generated: */ -/* */ -/* jssjava: ns/ninja/cmd/jssjava/jssjava.c */ -/* jss.jar: ns/ninja/org/mozilla/jss/manage/NSSInit.java */ -/* jss.dll: ns/ninja/org/mozilla/jss/manage/NSSInit.c */ -/* */ -/********************************************************************/ - -static const char* DLL_JSS_VERSION = "JSS_VERSION = JSS_3_0"; -static const char* DLL_JDK_VERSION = "JDK_VERSION = JDK 1.2.2"; -static const char* DLL_NSS_VERSION = "NSS_VERSION = NSS_3_2_RTM"; -static const char* DLL_DBM_VERSION = "DBM_VERSION = NSS_3_1_1_RTM"; -static const char* DLL_NSPR_VERSION = "NSPR_VERSION = NSPRPUB_RELEASE_4_1"; - -/*********************************************************************** - * NSSInit.initializeNative - * - * This just passes its arguments to CryptoManager.initializeAllNative. - */ -JNIEXPORT void JNICALL -Java_org_mozilla_jss_NSSInit_initializeNative - (JNIEnv *env, jclass clazz, - jstring modDBName, - jstring keyDBName, - jstring certDBName, - jboolean readOnly, - jstring manuString, - jstring libraryString, - jstring tokString, - jstring keyTokString, - jstring slotString, - jstring keySlotString, - jstring fipsString, - jstring fipsKeyString ) -{ - jboolean ocsp = JNI_FALSE; - jstring ocsp_url = NULL; - jstring ocsp_nickname = NULL; - - JSS_completeInitialize( - env, - modDBName, - keyDBName, - certDBName, - readOnly, - manuString, - libraryString, - tokString, - keyTokString, - slotString, - keySlotString, - fipsString, - fipsKeyString, - ocsp, - ocsp_url, - ocsp_nickname); -} - - -/*********************************************************************** - * NSSInit.setPasswordCallback - * - * This just passes its arguments to CryptoManager.setNativePasswordCallback - */ -JNIEXPORT void JNICALL -Java_org_mozilla_jss_NSSInit_setPasswordCallback - (JNIEnv *env, jclass clazz, jobject pwcb) -{ - JSS_setPasswordCallback(env, pwcb); -} diff --git a/security/jss/org/mozilla/jss/manage/PK11Finder.c b/security/jss/org/mozilla/jss/manage/PK11Finder.c index 5af9346e721c..bbb7a874f613 100644 --- a/security/jss/org/mozilla/jss/manage/PK11Finder.c +++ b/security/jss/org/mozilla/jss/manage/PK11Finder.c @@ -58,35 +58,35 @@ JNIEXPORT jobject JNICALL Java_org_mozilla_jss_CryptoManager_findCertByNicknameNative (JNIEnv *env, jobject this, jstring nickname) { - char *nick=NULL; - jobject certObject=NULL; - CERTCertificate *cert=NULL; + char *nick=NULL; + jobject certObject=NULL; + CERTCertificate *cert=NULL; - PR_ASSERT(env!=NULL && this!=NULL && nickname!=NULL); + PR_ASSERT(env!=NULL && this!=NULL && nickname!=NULL); - nick = (char*) (*env)->GetStringUTFChars(env, nickname, NULL); - PR_ASSERT(nick!=NULL); + nick = (char*) (*env)->GetStringUTFChars(env, nickname, NULL); + PR_ASSERT(nick!=NULL); - cert = PK11_FindCertFromNickname(nick, NULL); + cert = PK11_FindCertFromNickname(nick, NULL); - if(cert == NULL) { + if(cert == NULL) { cert = CERT_FindCertByNickname( CERT_GetDefaultCertDB(), nick ); if( cert == NULL ) { - JSS_nativeThrow(env, OBJECT_NOT_FOUND_EXCEPTION); - goto finish; + JSS_nativeThrow(env, OBJECT_NOT_FOUND_EXCEPTION); + goto finish; } - } + } - certObject = JSS_PK11_wrapCert(env, &cert); + certObject = JSS_PK11_wrapCert(env, &cert); finish: - if(nick != NULL) { - (*env)->ReleaseStringUTFChars(env, nickname, nick); - } - if(cert != NULL) { - CERT_DestroyCertificate(cert); - } - return certObject; + if(nick != NULL) { + (*env)->ReleaseStringUTFChars(env, nickname, nick); + } + if(cert != NULL) { + CERT_DestroyCertificate(cert); + } + return certObject; } /* @@ -216,13 +216,13 @@ JNIEXPORT jobject JNICALL Java_org_mozilla_jss_CryptoManager_findCertByIssuerAndSerialNumberNative (JNIEnv *env, jobject this, jbyteArray issuerBA, jbyteArray serialNumBA) { - jobject certObject=NULL; - CERTCertificate *cert=NULL; + jobject certObject=NULL; + CERTCertificate *cert=NULL; SECItem *issuer=NULL, *serialNum=NULL; CERTIssuerAndSN issuerAndSN; PK11SlotInfo *slot=NULL; - PR_ASSERT(env!=NULL && this!=NULL); + PR_ASSERT(env!=NULL && this!=NULL); /* validate args */ if( issuerBA == NULL || serialNumBA == NULL ) { @@ -249,27 +249,27 @@ Java_org_mozilla_jss_CryptoManager_findCertByIssuerAndSerialNumberNative CERT_GetDefaultCertDB(), &issuerAndSN); if( cert == NULL ) { - JSS_nativeThrow(env, OBJECT_NOT_FOUND_EXCEPTION); - goto finish; + JSS_nativeThrow(env, OBJECT_NOT_FOUND_EXCEPTION); + goto finish; } - } + } - certObject = JSS_PK11_wrapCert(env, &cert); + certObject = JSS_PK11_wrapCert(env, &cert); finish: if(slot) { PK11_FreeSlot(slot); } - if(cert != NULL) { - CERT_DestroyCertificate(cert); - } + if(cert != NULL) { + CERT_DestroyCertificate(cert); + } if(issuer) { SECITEM_FreeItem(issuer, PR_TRUE /*freeit*/); } if(serialNum) { SECITEM_FreeItem(serialNum, PR_TRUE /*freeit*/); } - return certObject; + return certObject; } /***************************************************************** @@ -281,39 +281,39 @@ JNIEXPORT jobject JNICALL Java_org_mozilla_jss_CryptoManager_findPrivKeyByCertNative (JNIEnv *env, jobject this, jobject Cert) { - PRThread *pThread; - CERTCertificate *cert; - SECKEYPrivateKey *privKey=NULL; - jobject Key; + PRThread *pThread; + CERTCertificate *cert; + SECKEYPrivateKey *privKey=NULL; + jobject Key; - pThread = PR_AttachThread(PR_SYSTEM_THREAD, 0, NULL); - PR_ASSERT( pThread != NULL); - PR_ASSERT( env!=NULL && this!=NULL && Cert!=NULL); + pThread = PR_AttachThread(PR_SYSTEM_THREAD, 0, NULL); + PR_ASSERT( pThread != NULL); + PR_ASSERT( env!=NULL && this!=NULL && Cert!=NULL); - if( JSS_PK11_getCertPtr(env, Cert, &cert) != PR_SUCCESS) { - PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL); - goto finish; - } - if(cert==NULL) { - PR_ASSERT(PR_FALSE); - JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION); - goto finish; - } + if( JSS_PK11_getCertPtr(env, Cert, &cert) != PR_SUCCESS) { + PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL); + goto finish; + } + if(cert==NULL) { + PR_ASSERT(PR_FALSE); + JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION); + goto finish; + } - privKey = PK11_FindKeyByAnyCert(cert, NULL); - if(privKey == NULL) { - JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION); - goto finish; - } + privKey = PK11_FindKeyByAnyCert(cert, NULL); + if(privKey == NULL) { + JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION); + goto finish; + } - Key = JSS_PK11_wrapPrivKey(env, &privKey); + Key = JSS_PK11_wrapPrivKey(env, &privKey); finish: - if(privKey != NULL) { - SECKEY_DestroyPrivateKey(privKey); - } - PR_DetachThread(); - return Key; + if(privKey != NULL) { + SECKEY_DestroyPrivateKey(privKey); + } + PR_DetachThread(); + return Key; } @@ -715,52 +715,52 @@ JNIEXPORT jobject JNICALL Java_org_mozilla_jss_CryptoManager_importCertToPermNative (JNIEnv *env, jobject this, jobject cert, jstring nickString) { - SECStatus rv; - CERTCertificate *newCert; - CERTCertTrust trustflags; - jobject result=NULL; - char *nickname=NULL; + SECStatus rv; + CERTCertificate *newCert; + CERTCertTrust trustflags; + jobject result=NULL; + char *nickname=NULL; - /* first, get the NSS cert pointer from the 'cert' object */ + /* first, get the NSS cert pointer from the 'cert' object */ - if ( JSS_PK11_getCertPtr(env, cert, &newCert) != PR_SUCCESS) { - PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL); - goto finish; - } - PR_ASSERT(newCert != NULL); + if ( JSS_PK11_getCertPtr(env, cert, &newCert) != PR_SUCCESS) { + PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL); + goto finish; + } + PR_ASSERT(newCert != NULL); - if (nickString != NULL) { - nickname = (char*) (*env)->GetStringUTFChars(env, nickString, NULL); - } + if (nickString != NULL) { + nickname = (char*) (*env)->GetStringUTFChars(env, nickString, NULL); + } - trustflags.sslFlags = 0; - trustflags.emailFlags = 0; - trustflags.objectSigningFlags = 0; + trustflags.sslFlags = 0; + trustflags.emailFlags = 0; + trustflags.objectSigningFlags = 0; - /* Then, add to permanent database */ + /* Then, add to permanent database */ - rv = CERT_AddTempCertToPerm(newCert, nickname, + rv = CERT_AddTempCertToPerm(newCert, nickname, &trustflags); - if (rv == SECSuccess) { - /* build return object */ - result = JSS_PK11_wrapCert(env, &newCert); - } - else { - /* CERT_AddTempCertToPerm does not properly set NSPR - Error value, so no detail can be retrieved - */ - JSS_throwMsg(env, TOKEN_EXCEPTION, - "Unable to insert certificate into permanent database"); + if (rv == SECSuccess) { + /* build return object */ + result = JSS_PK11_wrapCert(env, &newCert); + } + else { + /* CERT_AddTempCertToPerm does not properly set NSPR + Error value, so no detail can be retrieved + */ + JSS_throwMsg(env, TOKEN_EXCEPTION, + "Unable to insert certificate into permanent database"); - } - if (nickname != NULL) { - (*env)->ReleaseStringUTFChars(env, nickString, nickname); - } + } + if (nickname != NULL) { + (*env)->ReleaseStringUTFChars(env, nickString, nickname); + } finish: - return result; + return result; } @@ -785,7 +785,7 @@ static int find_leaf_cert( int i; int status = 0; - theCert= CERT_NewTempCertificate(certdb, &derCerts[cur_link], + theCert= CERT_NewTempCertificate(certdb, &derCerts[cur_link], NULL, PR_FALSE /* isperm */, PR_TRUE /*copyDER*/); if (theCert == NULL) { status = -1; @@ -796,12 +796,12 @@ static int find_leaf_cert( /* help speeding up the searching */ continue; } - curCert = CERT_NewTempCertificate(certdb, &derCerts[i], NULL, - PR_FALSE /* isperm */, PR_TRUE /*copyDER*/); - if(curCert == NULL) { + curCert = CERT_NewTempCertificate(certdb, &derCerts[i], NULL, + PR_FALSE /* isperm */, PR_TRUE /*copyDER*/); + if(curCert == NULL) { status = -1; goto finish; - } + } if (SECITEM_CompareItem(&theCert->derSubject, &curCert->derIssuer) == SECEqual) { linked[i] = 1; @@ -809,16 +809,16 @@ static int find_leaf_cert( status = 1; /* got it */ goto finish; } - CERT_DeleteTempCertificate(curCert); + CERT_DeleteTempCertificate(curCert); curCert = NULL; } /* for */ finish: if (theCert != NULL) { - CERT_DeleteTempCertificate(theCert); + CERT_DeleteTempCertificate(theCert); } if (curCert != NULL) { - CERT_DeleteTempCertificate(curCert); + CERT_DeleteTempCertificate(curCert); } return status; } @@ -960,44 +960,46 @@ Java_org_mozilla_jss_CryptoManager_importCertPackageNative * if present, shouldn't be assumed either. ***************************************************/ if (numCerts > 1) { - for (certi=0; certiGetStringUTFChars(env, url_jstr, NULL); - PR_ASSERT(url!=NULL); - } - else { - url = NULL; - } + if (url_jstr != NULL) { + url = (char*) (*env)->GetStringUTFChars(env, url_jstr, NULL); + PR_ASSERT(url!=NULL); + } + else { + url = NULL; + } - crl = CERT_ImportCRL( certdb, packageItem, url, rl_type, NULL); + crl = CERT_ImportCRL( certdb, packageItem, url, rl_type, NULL); if( crl == NULL ) { - status = PR_GetError(); - errmsg = NULL; - switch (status) { - case SEC_ERROR_OLD_CRL: - case SEC_ERROR_OLD_KRL: - /* not an error - leave as NULL */ - errmsg = NULL; - goto finish; - case SEC_ERROR_CRL_EXPIRED: - errmsg = "CRL Expired"; - break; - case SEC_ERROR_KRL_EXPIRED: - errmsg = "KRL Expired"; - break; - case SEC_ERROR_CRL_NOT_YET_VALID: - errmsg = "CRL Not yet valid"; - break; - case SEC_ERROR_KRL_NOT_YET_VALID: - errmsg = "KRL Not yet valid"; - break; - case SEC_ERROR_CRL_INVALID: - errmsg = "Invalid encoding of CRL"; - break; - case SEC_ERROR_KRL_INVALID: - errmsg = "Invalid encoding of KRL"; - break; - case SEC_ERROR_BAD_DATABASE: - errmsg = "Database error"; - break; - default: - /* printf("NSS ERROR = %d\n",status); */ - errmsg = "Failed to import Revocation List"; - } - if (errmsg) { - JSS_throwMsg(env, CRL_IMPORT_EXCEPTION, errmsg); - } + status = PR_GetError(); + errmsg = NULL; + switch (status) { + case SEC_ERROR_OLD_CRL: + case SEC_ERROR_OLD_KRL: + /* not an error - leave as NULL */ + errmsg = NULL; + goto finish; + case SEC_ERROR_CRL_EXPIRED: + errmsg = "CRL Expired"; + break; + case SEC_ERROR_KRL_EXPIRED: + errmsg = "KRL Expired"; + break; + case SEC_ERROR_CRL_NOT_YET_VALID: + errmsg = "CRL Not yet valid"; + break; + case SEC_ERROR_KRL_NOT_YET_VALID: + errmsg = "KRL Not yet valid"; + break; + case SEC_ERROR_CRL_INVALID: + errmsg = "Invalid encoding of CRL"; + break; + case SEC_ERROR_KRL_INVALID: + errmsg = "Invalid encoding of KRL"; + break; + case SEC_ERROR_BAD_DATABASE: + errmsg = "Database error"; + break; + default: + /* printf("NSS ERROR = %d\n",status); */ + errmsg = "Failed to import Revocation List"; + } + if (errmsg) { + JSS_throwMsg(env, CRL_IMPORT_EXCEPTION, errmsg); + } } finish: - if (packageItem) { + if (packageItem) { SECITEM_FreeItem(packageItem, PR_TRUE /*freeit*/); - } + } - if(url != NULL) { - (*env)->ReleaseStringUTFChars(env, url_jstr, url); - } + if(url != NULL) { + (*env)->ReleaseStringUTFChars(env, url_jstr, url); + } - if (crl) { - SEC_DestroyCrl(crl); - } + if (crl) { + SEC_DestroyCrl(crl); + } } diff --git a/security/jss/org/mozilla/jss/manage/jssinit.h b/security/jss/org/mozilla/jss/manage/jssinit.h deleted file mode 100644 index dec72ec14367..000000000000 --- a/security/jss/org/mozilla/jss/manage/jssinit.h +++ /dev/null @@ -1,77 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape Security Services for Java. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -/* This header depends on: -#include -#include -*/ - -#ifndef JSS_INIT_H -#define JSS_INIT_H - -/*********************************************************************** - * JSS_completeInitialize - * - * Initialize the security library and open all the databases. - * - */ -void -JSS_completeInitialize(JNIEnv *env, - jstring modDBName, - jstring keyDBName, - jstring certDBName, - jboolean readOnly, - jstring manuString, - jstring libraryString, - jstring tokString, - jstring keyTokString, - jstring slotString, - jstring keySlotString, - jstring fipsString, - jstring fipsKeyString, - jboolean ocspCheckingEnabled, - jstring ocspResponderURL, - jstring ocspResponderCertNickname ); - - -/********************************************************************** - * - * JSS_setPasswordCallback - * - * Sets the global PasswordCallback object, which will be used to - * login to tokens implicitly if necessary. - * - */ -void -JSS_setPasswordCallback(JNIEnv *env, jobject callback); - -#endif diff --git a/security/jss/org/mozilla/jss/ssl/SSLServer.java b/security/jss/org/mozilla/jss/ssl/SSLServer.java index 193543c60e11..de07459a8426 100644 --- a/security/jss/org/mozilla/jss/ssl/SSLServer.java +++ b/security/jss/org/mozilla/jss/ssl/SSLServer.java @@ -330,7 +330,7 @@ public class SSLServer System.out.println("SSLServer started\n"); try { - NSSInit.initialize("secmod.db", "key3.db", "cert7.db"); + CryptoManager.initialize("secmod.db", "key3.db", "cert7.db"); } catch (KeyDatabaseException kdbe) { System.out.println("Couldn't open the key database\n"); @@ -344,6 +344,10 @@ public class SSLServer System.out.println("CryptoManager already initialized???"); return; } + catch (java.security.GeneralSecurityException e) { + System.out.println("General security exception while initializing"); + return; + } SSLServerSocket.configServerSessionIDCache(10, 0, 0, null); diff --git a/security/jss/samples/SigTest.java b/security/jss/samples/SigTest.java index 3f0453efa507..5d054d6e5a74 100644 --- a/security/jss/samples/SigTest.java +++ b/security/jss/samples/SigTest.java @@ -78,10 +78,8 @@ public class SigTest { try { CryptoManager.InitializationValues vals = new - CryptoManager.InitializationValues - ( args[0]+"/secmod.db", - args[0]+"/key3.db", - args[0]+"/cert7.db" ); + CryptoManager.InitializationValues(args[0], "foobar-", "foobar-", + "../secmodule.db"); CryptoManager.initialize(vals); manager = CryptoManager.getInstance();