mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Tweaks for JSS 3.1, and get it to build.

This commit is contained in:
nicolson%netscape.com 2001-04-10 17:32:30 +00:00
Родитель d49a818ed0
Коммит 6ccb52de5e
9 изменённых файлов: 310 добавлений и 520 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
security/jss/lib/jss.def
Просмотреть файл

@ -66,11 +66,8 @@ Java_org_mozilla_jss_CryptoManager_importCRLNative;
Java_org_mozilla_jss_CryptoManager_importCertPackageNative;
Java_org_mozilla_jss_CryptoManager_importCertToPermNative;
Java_org_mozilla_jss_CryptoManager_initializeAllNative;
Java_org_mozilla_jss_CryptoManager_initializeNative;
Java_org_mozilla_jss_CryptoManager_putModulesInVector;
Java_org_mozilla_jss_CryptoManager_setNativePasswordCallback;
Java_org_mozilla_jss_NSSInit_initializeNative;
Java_org_mozilla_jss_NSSInit_setPasswordCallback;
Java_org_mozilla_jss_pkcs11_CertProxy_releaseNativeResources;
Java_org_mozilla_jss_pkcs11_CipherContextProxy_releaseNativeResources;
Java_org_mozilla_jss_pkcs11_PK11Module_getLibraryName;

3
security/jss/manifest.mn
Просмотреть файл

@ -35,8 +35,7 @@ CORE_DEPTH = ..
MODULE = jss
IMPORTS = svrcore/SVRCORE_2_5_1 \
security/NSS_2_8_4_RTM \
IMPORTS = security/NSS_3_2_RTM\
dbm/DBM_1_54 \
nspr20/v3.5.1 \
$(NULL)

158
security/jss/org/mozilla/jss/manage/CryptoManager.c
Просмотреть файл

@ -44,12 +44,13 @@
#include <nspr.h>
#include <plstr.h>
#include <pkcs11.h>
#include <nss.h>
#include <ssl.h>
#include <jssutil.h>
#include <java_ids.h>
#include <jss_exceptions.h>
#include "jssinit.h"
#include "pk11util.h"
#if defined(AIX) || defined(HPUX) || defined(LINUX)
@ -126,9 +127,8 @@ handleSigChild(JNIEnv *env) {
#endif
int ConfigureOSCP(
int ConfigureOCSP(
JNIEnv *env,
CERTCertDBHandle *db,
jboolean ocspCheckingEnabled,
jstring ocspResponderURL,
jstring ocspResponderCertNickname )
@ -137,6 +137,7 @@ int ConfigureOSCP(
char *ocspResponderCertNickname_string=NULL;
SECStatus status;
int result = SECSuccess;
CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
/* if caller specified default responder, get the
@ -167,14 +168,14 @@ int ConfigureOSCP(
/* first disable OCSP - we'll enable it later */
CERT_DisableOCSPChecking(db);
CERT_DisableOCSPChecking(certdb);
/* if they set the default responder, then set it up
* and enable it
*/
if (ocspResponderURL) {
status =
CERT_SetOCSPDefaultResponder( db,
CERT_SetOCSPDefaultResponder( certdb,
ocspResponderURL_string,
ocspResponderCertNickname_string
);
@ -185,18 +186,18 @@ int ConfigureOSCP(
result = SECFailure;
goto loser;
}
CERT_EnableOCSPDefaultResponder(db);
CERT_EnableOCSPDefaultResponder(certdb);
}
else {
/* if no defaultresponder is set, disable it */
CERT_DisableOCSPDefaultResponder(db);
CERT_DisableOCSPDefaultResponder(certdb);
}
/* enable OCSP checking if requested */
if (ocspCheckingEnabled) {
CERT_EnableOCSPChecking(db);
CERT_EnableOCSPChecking(certdb);
}
loser:
@ -215,6 +216,7 @@ loser:
}
#if 0
/***********************************************************************
* simpleInitialize
*
@ -306,7 +308,9 @@ Java_org_mozilla_jss_CryptoManager_initializeNative
return;
}
}
#endif
#if 0
/*
* Callback for key database name. Name is passed in through void* argument.
*/
@ -331,6 +335,7 @@ certDBNameCallback(void *arg, int dbVersion)
return PL_strdup("");
}
}
#endif
/**********************************************************************
* This is the PasswordCallback object that will be used to login
@ -344,58 +349,9 @@ static jobject globalPasswordCallback = NULL;
*/
JavaVM * JSS_javaVM;
/***********************************************************************
* CryptoManager.initialize
*
* Initialize the security library and open all the databases.
*
*/
JNIEXPORT void JNICALL
Java_org_mozilla_jss_CryptoManager_initializeAllNative
(JNIEnv *env, jclass clazz,
jstring modDBName,
jstring keyDBName,
jstring certDBName,
jboolean readOnly,
jstring manuString,
jstring libraryString,
jstring tokString,
jstring keyTokString,
jstring slotString,
jstring keySlotString,
jstring fipsString,
jstring fipsKeyString,
jboolean ocspCheckingEnabled,
jstring ocspResponderURL,
jstring ocspResponderCertNickname )
{
JSS_completeInitialize(env,
modDBName,
keyDBName,
certDBName,
readOnly,
manuString,
libraryString,
tokString,
keyTokString,
slotString,
keySlotString,
fipsString,
fipsKeyString,
ocspCheckingEnabled,
ocspResponderURL,
ocspResponderCertNickname
);
}
/***********************************************************************
* JSS_completeInitialize
*
* Initialize the security library and open all the databases.
*
*/
void
JSS_completeInitialize(JNIEnv *env,
jstring configDir,
jstring certPrefix,
jstring keyPrefix,
@ -433,10 +389,24 @@ JSS_completeInitialize(JNIEnv *env,
/* This is thread-safe because initialize is synchronized */
static PRBool initialized=PR_FALSE;
if( configDir == NULL ||
manuString == NULL ||
libraryString == NULL ||
tokString == NULL ||
keyTokString == NULL ||
slotString == NULL ||
keySlotString == NULL ||
fipsString == NULL ||
fipsKeyString == NULL )
{
JSS_throw(env, NULL_POINTER_EXCEPTION);
goto finish;
}
/* Make sure initialize() completes only once */
if(initialized) {
JSS_throw(env, ALREADY_INITIALIZED_EXCEPTION);
return;
goto finish;
}
/*
@ -475,10 +445,11 @@ JSS_completeInitialize(JNIEnv *env,
);
szConfigDir = (char*) (*env)->GetStringUTFChars(env, configDir, NULL);
if( certPrefix != NULL && keyPrefix != NULL && secmodName != NULL ) {
/*
* Set up arguments to NSS_Initialize
*/
szConfigDir = (char*) (*env)->GetStringUTFChars(env, configDir, NULL);
szCertPrefix = (char*) (*env)->GetStringUTFChars(env, certPrefix, NULL);
szKeyPrefix = (char*) (*env)->GetStringUTFChars(env, keyPrefix, NULL);
szSecmodName = (char*) (*env)->GetStringUTFChars(env, secmodName, NULL);
@ -490,8 +461,16 @@ JSS_completeInitialize(JNIEnv *env,
/*
* Initialize NSS.
*/
rv = NSS_Initialize(szConfigDir, szCertPrefix, szKeyPrefix, szSecmodName,
initFlags);
rv = NSS_Initialize(szConfigDir, szCertPrefix, szKeyPrefix,
szSecmodName, initFlags);
} else {
if( readOnly ) {
rv = NSS_Init(szConfigDir);
} else {
rv = NSS_InitReadWrite(szConfigDir);
}
}
if( rv != SECSuccess ) {
JSS_throwMsg(env, SECURITY_EXCEPTION,
"Unable to initialize security library");
@ -508,9 +487,8 @@ JSS_completeInitialize(JNIEnv *env,
/*
* Setup NSS to call the specified OCSP responder
*/
rv = ConfigureOSCP(
rv = ConfigureOCSP(
env,
cdb_handle,
ocspCheckingEnabled,
ocspResponderURL,
ocspResponderCertNickname );
@ -519,11 +497,6 @@ JSS_completeInitialize(JNIEnv *env,
goto finish;
}
if( NSS_SetDomesticPolicy() != SECSuccess ) {
JSS_throwMsg(env, SECURITY_EXCEPTION, "Unable to set security policy");
goto finish;
}
/*
* Save the JavaVM pointer so we can retrieve the JNI environment
* later. This only works if there is only one Java VM.
@ -543,6 +516,13 @@ JSS_completeInitialize(JNIEnv *env,
}
JSS_javaVM = VMs[0];
#if 0
if( NSS_SetDomesticPolicy() != SECSuccess ) {
JSS_throwMsg(env, SECURITY_EXCEPTION, "Unable to set domestic policy");
goto finish;
}
#endif
initialized = PR_TRUE;
finish:
@ -575,25 +555,6 @@ finish:
return;
}
/**********************************************************************
*
* CryptoManager.setNativePasswordCallback
*
* Sets the global PasswordCallback object, which will be used to
* login to tokens implicitly if necessary.
*
*/
JNIEXPORT void JNICALL
Java_org_mozilla_jss_CryptoManager_setNativePasswordCallback
(JNIEnv *env, jclass clazz, jobject callback)
{
JSS_setPasswordCallback(env, callback);
}
/**********************************************************************
*
* JSS_setPasswordCallback
@ -620,6 +581,21 @@ JSS_setPasswordCallback(JNIEnv *env, jobject callback)
}
}
/**********************************************************************
*
* CryptoManager.setNativePasswordCallback
*
* Sets the global PasswordCallback object, which will be used to
* login to tokens implicitly if necessary.
*
*/
JNIEXPORT void JNICALL
Java_org_mozilla_jss_CryptoManager_setNativePasswordCallback
(JNIEnv *env, jclass clazz, jobject callback)
{
JSS_setPasswordCallback(env, callback);
}
/********************************************************************
*
* g e t P W F r o m C a l l b a c k
@ -1003,11 +979,5 @@ JNIEXPORT void JNICALL
Java_org_mozilla_jss_DatabaseCloser_closeDatabases
(JNIEnv *env, jobject this)
{
PR_ASSERT( CERT_GetDefaultCertDB() != NULL );
CERT_ClosePermCertDB( CERT_GetDefaultCertDB() );
CERT_SetDefaultCertDB( NULL );
PR_ASSERT( SECKEY_GetDefaultKeyDB() != NULL );
SECKEY_CloseKeyDB( SECKEY_GetDefaultKeyDB() );
SECKEY_SetDefaultKeyDB( NULL );
NSS_Shutdown();
}

40
security/jss/org/mozilla/jss/manage/CryptoManager.java
Просмотреть файл

@ -51,7 +51,7 @@ import org.mozilla.jss.CRLImportException;
* Initialization is done with static methods, and must be done before
* an instance can be created. All other operations are done with instance
* methods.
* @version $Revision: 1.5 $ $Date: 2001/04/03 04:08:19 $
* @version $Revision: 1.6 $ $Date: 2001/04/10 17:32:20 $
*/
public final class CryptoManager implements TokenSupplier
{
@ -114,6 +114,14 @@ public final class CryptoManager implements TokenSupplier
this.configDir = configDir;
}
/**
* deprecated
*/
public InitializationValues(String secmodName, String keydbName,
String certdbName)
{
}
public InitializationValues(String configDir, String certPrefix,
String keyPrefix, String secmodName)
{
@ -706,21 +714,6 @@ public final class CryptoManager implements TokenSupplier
// Initialization
////////////////////////////////////////////////////
/**
* Initialize the security subsystem. Initializes NSPR and the
* Random Number Generator, but does not open any databases or initialize
* PKCS #11. The only cryptographic operation that can be performed
* after this call is PQG parameter generation. This method can
* be called repeatedly, before or after the call to
* <code>initialize(InitializationValues)</code>.
*/
public static synchronized void initialize()
{
NSSInit.loadNativeLibraries();
initializeNative();
}
private static native void initializeNative();
/**
* Initialize the security subsystem. Opens the databases, loads all
* PKCS #11 modules, initializes the internal random number generator.
@ -744,6 +737,19 @@ public final class CryptoManager implements TokenSupplier
initialize( new InitializationValues(configDir) );
}
/**
* deprecated
*/
public static synchronized void initialize( String secmodName,
String keydbName, String certdbName)
throws KeyDatabaseException,
CertDatabaseException,
AlreadyInitializedException,
GeneralSecurityException
{
initialize( new InitializationValues() );
}
/**
* Initialize the security subsystem. Opens the databases, loads all
* PKCS #11 modules, initializes the internal random number generator.
@ -768,7 +774,7 @@ public final class CryptoManager implements TokenSupplier
if(instance != null) {
throw new AlreadyInitializedException();
}
NSSInit.loadNativeLibraries();
loadNativeLibraries();
if (values.ocspResponderURL != null) {
if (values.ocspResponderCertNickname == null) {
throw new GeneralSecurityException(

109
security/jss/org/mozilla/jss/manage/NSSInit.c
Просмотреть файл

@ -1,109 +0,0 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape Security Services for Java.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "_jni/org_mozilla_jss_NSSInit.h"
#include <nspr.h>
#include "jssinit.h"
/********************************************************************/
/* The following VERSION Strings should be updated in the following */
/* files everytime a new release of JSS is generated: */
/* */
/* jssjava: ns/ninja/cmd/jssjava/jssjava.c */
/* jss.jar: ns/ninja/org/mozilla/jss/manage/NSSInit.java */
/* jss.dll: ns/ninja/org/mozilla/jss/manage/NSSInit.c */
/* */
/********************************************************************/
static const char* DLL_JSS_VERSION = "JSS_VERSION = JSS_3_0";
static const char* DLL_JDK_VERSION = "JDK_VERSION = JDK 1.2.2";
static const char* DLL_NSS_VERSION = "NSS_VERSION = NSS_3_2_RTM";
static const char* DLL_DBM_VERSION = "DBM_VERSION = NSS_3_1_1_RTM";
static const char* DLL_NSPR_VERSION = "NSPR_VERSION = NSPRPUB_RELEASE_4_1";
/***********************************************************************
* NSSInit.initializeNative
*
* This just passes its arguments to CryptoManager.initializeAllNative.
*/
JNIEXPORT void JNICALL
Java_org_mozilla_jss_NSSInit_initializeNative
(JNIEnv *env, jclass clazz,
jstring modDBName,
jstring keyDBName,
jstring certDBName,
jboolean readOnly,
jstring manuString,
jstring libraryString,
jstring tokString,
jstring keyTokString,
jstring slotString,
jstring keySlotString,
jstring fipsString,
jstring fipsKeyString )
{
jboolean ocsp = JNI_FALSE;
jstring ocsp_url = NULL;
jstring ocsp_nickname = NULL;
JSS_completeInitialize(
env,
modDBName,
keyDBName,
certDBName,
readOnly,
manuString,
libraryString,
tokString,
keyTokString,
slotString,
keySlotString,
fipsString,
fipsKeyString,
ocsp,
ocsp_url,
ocsp_nickname);
}
/***********************************************************************
* NSSInit.setPasswordCallback
*
* This just passes its arguments to CryptoManager.setNativePasswordCallback
*/
JNIEXPORT void JNICALL
Java_org_mozilla_jss_NSSInit_setPasswordCallback
(JNIEnv *env, jclass clazz, jobject pwcb)
{
JSS_setPasswordCallback(env, pwcb);
}

4
security/jss/org/mozilla/jss/manage/PK11Finder.c
Просмотреть файл

@ -988,7 +988,9 @@ Java_org_mozilla_jss_CryptoManager_importCertPackageNative
*/
if ((slot == NULL)) { /* same as "noUser = 1" */
/* #397713 */
if (!find_leaf_cert_in_chain(certdb, derCerts, numCerts, &theDerCert)) {
if (!find_leaf_cert_in_chain(certdb, derCerts,
numCerts, &theDerCert))
{
JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION,
"Failed to locate leaf certificate in chain");
goto finish;

77
security/jss/org/mozilla/jss/manage/jssinit.h
Просмотреть файл

@ -1,77 +0,0 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape Security Services for Java.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
/* This header depends on:
#include <jni.h>
#include <nspr.h>
*/
#ifndef JSS_INIT_H
#define JSS_INIT_H
/***********************************************************************
* JSS_completeInitialize
*
* Initialize the security library and open all the databases.
*
*/
void
JSS_completeInitialize(JNIEnv *env,
jstring modDBName,
jstring keyDBName,
jstring certDBName,
jboolean readOnly,
jstring manuString,
jstring libraryString,
jstring tokString,
jstring keyTokString,
jstring slotString,
jstring keySlotString,
jstring fipsString,
jstring fipsKeyString,
jboolean ocspCheckingEnabled,
jstring ocspResponderURL,
jstring ocspResponderCertNickname );
/**********************************************************************
*
* JSS_setPasswordCallback
*
* Sets the global PasswordCallback object, which will be used to
* login to tokens implicitly if necessary.
*
*/
void
JSS_setPasswordCallback(JNIEnv *env, jobject callback);
#endif

6
security/jss/org/mozilla/jss/ssl/SSLServer.java
Просмотреть файл

@ -330,7 +330,7 @@ public class SSLServer
System.out.println("SSLServer started\n");
try {
NSSInit.initialize("secmod.db", "key3.db", "cert7.db");
CryptoManager.initialize("secmod.db", "key3.db", "cert7.db");
}
catch (KeyDatabaseException kdbe) {
System.out.println("Couldn't open the key database\n");
@ -344,6 +344,10 @@ public class SSLServer
System.out.println("CryptoManager already initialized???");
return;
}
catch (java.security.GeneralSecurityException e) {
System.out.println("General security exception while initializing");
return;
}
SSLServerSocket.configServerSessionIDCache(10, 0, 0, null);

6
security/jss/samples/SigTest.java
Просмотреть файл

@ -78,10 +78,8 @@ public class SigTest {
try {
CryptoManager.InitializationValues vals = new
CryptoManager.InitializationValues
( args[0]+"/secmod.db",
args[0]+"/key3.db",
args[0]+"/cert7.db" );
CryptoManager.InitializationValues(args[0], "foobar-", "foobar-",
"../secmodule.db");
CryptoManager.initialize(vals);
manager = CryptoManager.getInstance();