mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Tweaks for JSS 3.1, and get it to build.

This commit is contained in:
nicolson%netscape.com 2001-04-10 17:32:30 +00:00
Родитель d49a818ed0
Коммит 6ccb52de5e
9 изменённых файлов: 310 добавлений и 520 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
security/jss/lib/jss.def
Просмотреть файл

@ -66,11 +66,8 @@ Java_org_mozilla_jss_CryptoManager_importCRLNative;
Java_org_mozilla_jss_CryptoManager_importCertPackageNative;
Java_org_mozilla_jss_CryptoManager_importCertToPermNative;
Java_org_mozilla_jss_CryptoManager_initializeAllNative;
Java_org_mozilla_jss_CryptoManager_initializeNative;
Java_org_mozilla_jss_CryptoManager_putModulesInVector;
Java_org_mozilla_jss_CryptoManager_setNativePasswordCallback;
Java_org_mozilla_jss_NSSInit_initializeNative;
Java_org_mozilla_jss_NSSInit_setPasswordCallback;
Java_org_mozilla_jss_pkcs11_CertProxy_releaseNativeResources;
Java_org_mozilla_jss_pkcs11_CipherContextProxy_releaseNativeResources;
Java_org_mozilla_jss_pkcs11_PK11Module_getLibraryName;

3
security/jss/manifest.mn
Просмотреть файл

@ -35,8 +35,7 @@ CORE_DEPTH = ..
MODULE = jss
IMPORTS = svrcore/SVRCORE_2_5_1 \
security/NSS_2_8_4_RTM \
IMPORTS = security/NSS_3_2_RTM\
dbm/DBM_1_54 \
nspr20/v3.5.1 \
$(NULL)

180
security/jss/org/mozilla/jss/manage/CryptoManager.c
Просмотреть файл

@ -44,12 +44,13 @@
#include <nspr.h>
#include <plstr.h>
#include <pkcs11.h>
#include <nss.h>
#include <ssl.h>
#include <jssutil.h>
#include <java_ids.h>
#include <jss_exceptions.h>
#include "jssinit.h"
#include "pk11util.h"
#if defined(AIX) || defined(HPUX) || defined(LINUX)
@ -126,9 +127,8 @@ handleSigChild(JNIEnv *env) {
#endif
int ConfigureOSCP(
int ConfigureOCSP(
JNIEnv *env,
CERTCertDBHandle *db,
jboolean ocspCheckingEnabled,
jstring ocspResponderURL,
jstring ocspResponderCertNickname )
@ -137,6 +137,7 @@ int ConfigureOSCP(
char *ocspResponderCertNickname_string=NULL;
SECStatus status;
int result = SECSuccess;
CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
/* if caller specified default responder, get the
@ -167,14 +168,14 @@ int ConfigureOSCP(
/* first disable OCSP - we'll enable it later */
CERT_DisableOCSPChecking(db);
CERT_DisableOCSPChecking(certdb);
/* if they set the default responder, then set it up
* and enable it
*/
if (ocspResponderURL) {
status =
CERT_SetOCSPDefaultResponder( db,
CERT_SetOCSPDefaultResponder( certdb,
ocspResponderURL_string,
ocspResponderCertNickname_string
);
@ -185,18 +186,18 @@ int ConfigureOSCP(
result = SECFailure;
goto loser;
}
CERT_EnableOCSPDefaultResponder(db);
CERT_EnableOCSPDefaultResponder(certdb);
}
else {
/* if no defaultresponder is set, disable it */
CERT_DisableOCSPDefaultResponder(db);
CERT_DisableOCSPDefaultResponder(certdb);
}
/* enable OCSP checking if requested */
if (ocspCheckingEnabled) {
CERT_EnableOCSPChecking(db);
CERT_EnableOCSPChecking(certdb);
}
loser:
@ -215,6 +216,7 @@ loser:
}
#if 0
/***********************************************************************
* simpleInitialize
*
@ -306,7 +308,9 @@ Java_org_mozilla_jss_CryptoManager_initializeNative
return;
}
}
#endif
#if 0
/*
* Callback for key database name. Name is passed in through void* argument.
*/
@ -331,6 +335,7 @@ certDBNameCallback(void *arg, int dbVersion)
return PL_strdup("");
}
}
#endif
/**********************************************************************
* This is the PasswordCallback object that will be used to login
@ -344,58 +349,9 @@ static jobject globalPasswordCallback = NULL;
*/
JavaVM * JSS_javaVM;
/***********************************************************************
* CryptoManager.initialize
*
* Initialize the security library and open all the databases.
*
*/
JNIEXPORT void JNICALL
Java_org_mozilla_jss_CryptoManager_initializeAllNative
(JNIEnv *env, jclass clazz,
jstring modDBName,
jstring keyDBName,
jstring certDBName,
jboolean readOnly,
jstring manuString,
jstring libraryString,
jstring tokString,
jstring keyTokString,
jstring slotString,
jstring keySlotString,
jstring fipsString,
jstring fipsKeyString,
jboolean ocspCheckingEnabled,
jstring ocspResponderURL,
jstring ocspResponderCertNickname )
{
JSS_completeInitialize(env,
modDBName,
keyDBName,
certDBName,
readOnly,
manuString,
libraryString,
tokString,
keyTokString,
slotString,
keySlotString,
fipsString,
fipsKeyString,
ocspCheckingEnabled,
ocspResponderURL,
ocspResponderCertNickname
);
}
/***********************************************************************
* JSS_completeInitialize
*
* Initialize the security library and open all the databases.
*
*/
void
JSS_completeInitialize(JNIEnv *env,
jstring configDir,
jstring certPrefix,
jstring keyPrefix,
@ -433,10 +389,24 @@ JSS_completeInitialize(JNIEnv *env,
/* This is thread-safe because initialize is synchronized */
static PRBool initialized=PR_FALSE;
if( configDir == NULL ||
manuString == NULL ||
libraryString == NULL ||
tokString == NULL ||
keyTokString == NULL ||
slotString == NULL ||
keySlotString == NULL ||
fipsString == NULL ||
fipsKeyString == NULL )
{
JSS_throw(env, NULL_POINTER_EXCEPTION);
goto finish;
}
/* Make sure initialize() completes only once */
if(initialized) {
JSS_throw(env, ALREADY_INITIALIZED_EXCEPTION);
return;
goto finish;
}
/*
@ -475,23 +445,32 @@ JSS_completeInitialize(JNIEnv *env,
);
/*
* Set up arguments to NSS_Initialize
*/
szConfigDir = (char*) (*env)->GetStringUTFChars(env, configDir, NULL);
szCertPrefix = (char*) (*env)->GetStringUTFChars(env, certPrefix, NULL);
szKeyPrefix = (char*) (*env)->GetStringUTFChars(env, keyPrefix, NULL);
szSecmodName = (char*) (*env)->GetStringUTFChars(env, secmodName, NULL);
initFlags = 0;
if( readOnly ) {
initFlags |= NSS_INIT_READONLY;
if( certPrefix != NULL && keyPrefix != NULL && secmodName != NULL ) {
/*
* Set up arguments to NSS_Initialize
*/
szCertPrefix = (char*) (*env)->GetStringUTFChars(env, certPrefix, NULL);
szKeyPrefix = (char*) (*env)->GetStringUTFChars(env, keyPrefix, NULL);
szSecmodName = (char*) (*env)->GetStringUTFChars(env, secmodName, NULL);
initFlags = 0;
if( readOnly ) {
initFlags |= NSS_INIT_READONLY;
}
/*
* Initialize NSS.
*/
rv = NSS_Initialize(szConfigDir, szCertPrefix, szKeyPrefix,
szSecmodName, initFlags);
} else {
if( readOnly ) {
rv = NSS_Init(szConfigDir);
} else {
rv = NSS_InitReadWrite(szConfigDir);
}
}
/*
* Initialize NSS.
*/
rv = NSS_Initialize(szConfigDir, szCertPrefix, szKeyPrefix, szSecmodName,
initFlags);
if( rv != SECSuccess ) {
JSS_throwMsg(env, SECURITY_EXCEPTION,
"Unable to initialize security library");
@ -508,9 +487,8 @@ JSS_completeInitialize(JNIEnv *env,
/*
* Setup NSS to call the specified OCSP responder
*/
rv = ConfigureOSCP(
rv = ConfigureOCSP(
env,
cdb_handle,
ocspCheckingEnabled,
ocspResponderURL,
ocspResponderCertNickname );
@ -519,11 +497,6 @@ JSS_completeInitialize(JNIEnv *env,
goto finish;
}
if( NSS_SetDomesticPolicy() != SECSuccess ) {
JSS_throwMsg(env, SECURITY_EXCEPTION, "Unable to set security policy");
goto finish;
}
/*
* Save the JavaVM pointer so we can retrieve the JNI environment
* later. This only works if there is only one Java VM.
@ -543,6 +516,13 @@ JSS_completeInitialize(JNIEnv *env,
}
JSS_javaVM = VMs[0];
#if 0
if( NSS_SetDomesticPolicy() != SECSuccess ) {
JSS_throwMsg(env, SECURITY_EXCEPTION, "Unable to set domestic policy");
goto finish;
}
#endif
initialized = PR_TRUE;
finish:
@ -575,25 +555,6 @@ finish:
return;
}
/**********************************************************************
*
* CryptoManager.setNativePasswordCallback
*
* Sets the global PasswordCallback object, which will be used to
* login to tokens implicitly if necessary.
*
*/
JNIEXPORT void JNICALL
Java_org_mozilla_jss_CryptoManager_setNativePasswordCallback
(JNIEnv *env, jclass clazz, jobject callback)
{
JSS_setPasswordCallback(env, callback);
}
/**********************************************************************
*
* JSS_setPasswordCallback
@ -620,6 +581,21 @@ JSS_setPasswordCallback(JNIEnv *env, jobject callback)
}
}
/**********************************************************************
*
* CryptoManager.setNativePasswordCallback
*
* Sets the global PasswordCallback object, which will be used to
* login to tokens implicitly if necessary.
*
*/
JNIEXPORT void JNICALL
Java_org_mozilla_jss_CryptoManager_setNativePasswordCallback
(JNIEnv *env, jclass clazz, jobject callback)
{
JSS_setPasswordCallback(env, callback);
}
/********************************************************************
*
* g e t P W F r o m C a l l b a c k
@ -1003,11 +979,5 @@ JNIEXPORT void JNICALL
Java_org_mozilla_jss_DatabaseCloser_closeDatabases
(JNIEnv *env, jobject this)
{
PR_ASSERT( CERT_GetDefaultCertDB() != NULL );
CERT_ClosePermCertDB( CERT_GetDefaultCertDB() );
CERT_SetDefaultCertDB( NULL );
PR_ASSERT( SECKEY_GetDefaultKeyDB() != NULL );
SECKEY_CloseKeyDB( SECKEY_GetDefaultKeyDB() );
SECKEY_SetDefaultKeyDB( NULL );
NSS_Shutdown();
}

40
security/jss/org/mozilla/jss/manage/CryptoManager.java
Просмотреть файл

@ -51,7 +51,7 @@ import org.mozilla.jss.CRLImportException;
* Initialization is done with static methods, and must be done before
* an instance can be created. All other operations are done with instance
* methods.
* @version $Revision: 1.5 $ $Date: 2001/04/03 04:08:19 $
* @version $Revision: 1.6 $ $Date: 2001/04/10 17:32:20 $
*/
public final class CryptoManager implements TokenSupplier
{
@ -114,6 +114,14 @@ public final class CryptoManager implements TokenSupplier
this.configDir = configDir;
}
/**
* deprecated
*/
public InitializationValues(String secmodName, String keydbName,
String certdbName)
{
}
public InitializationValues(String configDir, String certPrefix,
String keyPrefix, String secmodName)
{
@ -706,21 +714,6 @@ public final class CryptoManager implements TokenSupplier
// Initialization
////////////////////////////////////////////////////
/**
* Initialize the security subsystem. Initializes NSPR and the
* Random Number Generator, but does not open any databases or initialize
* PKCS #11. The only cryptographic operation that can be performed
* after this call is PQG parameter generation. This method can
* be called repeatedly, before or after the call to
* <code>initialize(InitializationValues)</code>.
*/
public static synchronized void initialize()
{
NSSInit.loadNativeLibraries();
initializeNative();
}
private static native void initializeNative();
/**
* Initialize the security subsystem. Opens the databases, loads all
* PKCS #11 modules, initializes the internal random number generator.
@ -744,6 +737,19 @@ public final class CryptoManager implements TokenSupplier
initialize( new InitializationValues(configDir) );
}
/**
* deprecated
*/
public static synchronized void initialize( String secmodName,
String keydbName, String certdbName)
throws KeyDatabaseException,
CertDatabaseException,
AlreadyInitializedException,
GeneralSecurityException
{
initialize( new InitializationValues() );
}
/**
* Initialize the security subsystem. Opens the databases, loads all
* PKCS #11 modules, initializes the internal random number generator.
@ -768,7 +774,7 @@ public final class CryptoManager implements TokenSupplier
if(instance != null) {
throw new AlreadyInitializedException();
}
NSSInit.loadNativeLibraries();
loadNativeLibraries();
if (values.ocspResponderURL != null) {
if (values.ocspResponderCertNickname == null) {
throw new GeneralSecurityException(

109
security/jss/org/mozilla/jss/manage/NSSInit.c
Просмотреть файл

@ -1,109 +0,0 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape Security Services for Java.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "_jni/org_mozilla_jss_NSSInit.h"
#include <nspr.h>
#include "jssinit.h"
/********************************************************************/
/* The following VERSION Strings should be updated in the following */
/* files everytime a new release of JSS is generated: */
/* */
/* jssjava: ns/ninja/cmd/jssjava/jssjava.c */
/* jss.jar: ns/ninja/org/mozilla/jss/manage/NSSInit.java */
/* jss.dll: ns/ninja/org/mozilla/jss/manage/NSSInit.c */
/* */
/********************************************************************/
static const char* DLL_JSS_VERSION = "JSS_VERSION = JSS_3_0";
static const char* DLL_JDK_VERSION = "JDK_VERSION = JDK 1.2.2";
static const char* DLL_NSS_VERSION = "NSS_VERSION = NSS_3_2_RTM";
static const char* DLL_DBM_VERSION = "DBM_VERSION = NSS_3_1_1_RTM";
static const char* DLL_NSPR_VERSION = "NSPR_VERSION = NSPRPUB_RELEASE_4_1";
/***********************************************************************
* NSSInit.initializeNative
*
* This just passes its arguments to CryptoManager.initializeAllNative.
*/
JNIEXPORT void JNICALL
Java_org_mozilla_jss_NSSInit_initializeNative
(JNIEnv *env, jclass clazz,
jstring modDBName,
jstring keyDBName,
jstring certDBName,
jboolean readOnly,
jstring manuString,
jstring libraryString,
jstring tokString,
jstring keyTokString,
jstring slotString,
jstring keySlotString,
jstring fipsString,
jstring fipsKeyString )
{
jboolean ocsp = JNI_FALSE;
jstring ocsp_url = NULL;
jstring ocsp_nickname = NULL;
JSS_completeInitialize(
env,
modDBName,
keyDBName,
certDBName,
readOnly,
manuString,
libraryString,
tokString,
keyTokString,
slotString,
keySlotString,
fipsString,
fipsKeyString,
ocsp,
ocsp_url,
ocsp_nickname);
}
/***********************************************************************
* NSSInit.setPasswordCallback
*
* This just passes its arguments to CryptoManager.setNativePasswordCallback
*/
JNIEXPORT void JNICALL
Java_org_mozilla_jss_NSSInit_setPasswordCallback
(JNIEnv *env, jclass clazz, jobject pwcb)
{
JSS_setPasswordCallback(env, pwcb);
}

406
security/jss/org/mozilla/jss/manage/PK11Finder.c
Просмотреть файл

@ -58,35 +58,35 @@ JNIEXPORT jobject JNICALL
Java_org_mozilla_jss_CryptoManager_findCertByNicknameNative
(JNIEnv *env, jobject this, jstring nickname)
{
char *nick=NULL;
jobject certObject=NULL;
CERTCertificate *cert=NULL;
char *nick=NULL;
jobject certObject=NULL;
CERTCertificate *cert=NULL;
PR_ASSERT(env!=NULL && this!=NULL && nickname!=NULL);
PR_ASSERT(env!=NULL && this!=NULL && nickname!=NULL);
nick = (char*) (*env)->GetStringUTFChars(env, nickname, NULL);
PR_ASSERT(nick!=NULL);
nick = (char*) (*env)->GetStringUTFChars(env, nickname, NULL);
PR_ASSERT(nick!=NULL);
cert = PK11_FindCertFromNickname(nick, NULL);
cert = PK11_FindCertFromNickname(nick, NULL);
if(cert == NULL) {
if(cert == NULL) {
cert = CERT_FindCertByNickname( CERT_GetDefaultCertDB(), nick );
if( cert == NULL ) {
JSS_nativeThrow(env, OBJECT_NOT_FOUND_EXCEPTION);
goto finish;
JSS_nativeThrow(env, OBJECT_NOT_FOUND_EXCEPTION);
goto finish;
}
}
}
certObject = JSS_PK11_wrapCert(env, &cert);
certObject = JSS_PK11_wrapCert(env, &cert);
finish:
if(nick != NULL) {
(*env)->ReleaseStringUTFChars(env, nickname, nick);
}
if(cert != NULL) {
CERT_DestroyCertificate(cert);
}
return certObject;
if(nick != NULL) {
(*env)->ReleaseStringUTFChars(env, nickname, nick);
}
if(cert != NULL) {
CERT_DestroyCertificate(cert);
}
return certObject;
}
/*
@ -216,13 +216,13 @@ JNIEXPORT jobject JNICALL
Java_org_mozilla_jss_CryptoManager_findCertByIssuerAndSerialNumberNative
(JNIEnv *env, jobject this, jbyteArray issuerBA, jbyteArray serialNumBA)
{
jobject certObject=NULL;
CERTCertificate *cert=NULL;
jobject certObject=NULL;
CERTCertificate *cert=NULL;
SECItem *issuer=NULL, *serialNum=NULL;
CERTIssuerAndSN issuerAndSN;
PK11SlotInfo *slot=NULL;
PR_ASSERT(env!=NULL && this!=NULL);
PR_ASSERT(env!=NULL && this!=NULL);
/* validate args */
if( issuerBA == NULL || serialNumBA == NULL ) {
@ -249,27 +249,27 @@ Java_org_mozilla_jss_CryptoManager_findCertByIssuerAndSerialNumberNative
CERT_GetDefaultCertDB(),
&issuerAndSN);
if( cert == NULL ) {
JSS_nativeThrow(env, OBJECT_NOT_FOUND_EXCEPTION);
goto finish;
JSS_nativeThrow(env, OBJECT_NOT_FOUND_EXCEPTION);
goto finish;
}
}
}
certObject = JSS_PK11_wrapCert(env, &cert);
certObject = JSS_PK11_wrapCert(env, &cert);
finish:
if(slot) {
PK11_FreeSlot(slot);
}
if(cert != NULL) {
CERT_DestroyCertificate(cert);
}
if(cert != NULL) {
CERT_DestroyCertificate(cert);
}
if(issuer) {
SECITEM_FreeItem(issuer, PR_TRUE /*freeit*/);
}
if(serialNum) {
SECITEM_FreeItem(serialNum, PR_TRUE /*freeit*/);
}
return certObject;
return certObject;
}
/*****************************************************************
@ -281,39 +281,39 @@ JNIEXPORT jobject JNICALL
Java_org_mozilla_jss_CryptoManager_findPrivKeyByCertNative
(JNIEnv *env, jobject this, jobject Cert)
{
PRThread *pThread;
CERTCertificate *cert;
SECKEYPrivateKey *privKey=NULL;
jobject Key;
PRThread *pThread;
CERTCertificate *cert;
SECKEYPrivateKey *privKey=NULL;
jobject Key;
pThread = PR_AttachThread(PR_SYSTEM_THREAD, 0, NULL);
PR_ASSERT( pThread != NULL);
PR_ASSERT( env!=NULL && this!=NULL && Cert!=NULL);
pThread = PR_AttachThread(PR_SYSTEM_THREAD, 0, NULL);
PR_ASSERT( pThread != NULL);
PR_ASSERT( env!=NULL && this!=NULL && Cert!=NULL);
if( JSS_PK11_getCertPtr(env, Cert, &cert) != PR_SUCCESS) {
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
goto finish;
}
if(cert==NULL) {
PR_ASSERT(PR_FALSE);
JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION);
goto finish;
}
if( JSS_PK11_getCertPtr(env, Cert, &cert) != PR_SUCCESS) {
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
goto finish;
}
if(cert==NULL) {
PR_ASSERT(PR_FALSE);
JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION);
goto finish;
}
privKey = PK11_FindKeyByAnyCert(cert, NULL);
if(privKey == NULL) {
JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION);
goto finish;
}
privKey = PK11_FindKeyByAnyCert(cert, NULL);
if(privKey == NULL) {
JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION);
goto finish;
}
Key = JSS_PK11_wrapPrivKey(env, &privKey);
Key = JSS_PK11_wrapPrivKey(env, &privKey);
finish:
if(privKey != NULL) {
SECKEY_DestroyPrivateKey(privKey);
}
PR_DetachThread();
return Key;
if(privKey != NULL) {
SECKEY_DestroyPrivateKey(privKey);
}
PR_DetachThread();
return Key;
}
@ -715,52 +715,52 @@ JNIEXPORT jobject JNICALL
Java_org_mozilla_jss_CryptoManager_importCertToPermNative
(JNIEnv *env, jobject this, jobject cert, jstring nickString)
{
SECStatus rv;
CERTCertificate *newCert;
CERTCertTrust trustflags;
jobject result=NULL;
char *nickname=NULL;
SECStatus rv;
CERTCertificate *newCert;
CERTCertTrust trustflags;
jobject result=NULL;
char *nickname=NULL;
/* first, get the NSS cert pointer from the 'cert' object */
/* first, get the NSS cert pointer from the 'cert' object */
if ( JSS_PK11_getCertPtr(env, cert, &newCert) != PR_SUCCESS) {
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
goto finish;
}
PR_ASSERT(newCert != NULL);
if ( JSS_PK11_getCertPtr(env, cert, &newCert) != PR_SUCCESS) {
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
goto finish;
}
PR_ASSERT(newCert != NULL);
if (nickString != NULL) {
nickname = (char*) (*env)->GetStringUTFChars(env, nickString, NULL);
}
if (nickString != NULL) {
nickname = (char*) (*env)->GetStringUTFChars(env, nickString, NULL);
}
trustflags.sslFlags = 0;
trustflags.emailFlags = 0;
trustflags.objectSigningFlags = 0;
trustflags.sslFlags = 0;
trustflags.emailFlags = 0;
trustflags.objectSigningFlags = 0;
/* Then, add to permanent database */
/* Then, add to permanent database */
rv = CERT_AddTempCertToPerm(newCert, nickname,
rv = CERT_AddTempCertToPerm(newCert, nickname,
&trustflags);
if (rv == SECSuccess) {
/* build return object */
result = JSS_PK11_wrapCert(env, &newCert);
}
else {
/* CERT_AddTempCertToPerm does not properly set NSPR
Error value, so no detail can be retrieved
*/
JSS_throwMsg(env, TOKEN_EXCEPTION,
"Unable to insert certificate into permanent database");
if (rv == SECSuccess) {
/* build return object */
result = JSS_PK11_wrapCert(env, &newCert);
}
else {
/* CERT_AddTempCertToPerm does not properly set NSPR
Error value, so no detail can be retrieved
*/
JSS_throwMsg(env, TOKEN_EXCEPTION,
"Unable to insert certificate into permanent database");
}
if (nickname != NULL) {
(*env)->ReleaseStringUTFChars(env, nickString, nickname);
}
}
if (nickname != NULL) {
(*env)->ReleaseStringUTFChars(env, nickString, nickname);
}
finish:
return result;
return result;
}
@ -785,7 +785,7 @@ static int find_leaf_cert(
int i;
int status = 0;
theCert= CERT_NewTempCertificate(certdb, &derCerts[cur_link],
theCert= CERT_NewTempCertificate(certdb, &derCerts[cur_link],
NULL, PR_FALSE /* isperm */, PR_TRUE /*copyDER*/);
if (theCert == NULL) {
status = -1;
@ -796,12 +796,12 @@ static int find_leaf_cert(
/* help speeding up the searching */
continue;
}
curCert = CERT_NewTempCertificate(certdb, &derCerts[i], NULL,
PR_FALSE /* isperm */, PR_TRUE /*copyDER*/);
if(curCert == NULL) {
curCert = CERT_NewTempCertificate(certdb, &derCerts[i], NULL,
PR_FALSE /* isperm */, PR_TRUE /*copyDER*/);
if(curCert == NULL) {
status = -1;
goto finish;
}
}
if (SECITEM_CompareItem(&theCert->derSubject,
&curCert->derIssuer) == SECEqual) {
linked[i] = 1;
@ -809,16 +809,16 @@ static int find_leaf_cert(
status = 1; /* got it */
goto finish;
}
CERT_DeleteTempCertificate(curCert);
CERT_DeleteTempCertificate(curCert);
curCert = NULL;
} /* for */
finish:
if (theCert != NULL) {
CERT_DeleteTempCertificate(theCert);
CERT_DeleteTempCertificate(theCert);
}
if (curCert != NULL) {
CERT_DeleteTempCertificate(curCert);
CERT_DeleteTempCertificate(curCert);
}
return status;
}
@ -960,44 +960,46 @@ Java_org_mozilla_jss_CryptoManager_importCertPackageNative
* if present, shouldn't be assumed either.
***************************************************/
if (numCerts > 1) {
for (certi=0; certi<numCerts; certi++) {
leafCert= CERT_NewTempCertificate(certdb, &derCerts[certi], NULL,
PR_FALSE /* isperm */, PR_TRUE /*copyDER*/);
if(leafCert == NULL) {
JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION,
"Failed to create new temporary certificate");
goto finish;
}
for (certi=0; certi<numCerts; certi++) {
leafCert = CERT_NewTempCertificate(certdb, &derCerts[certi], NULL,
PR_FALSE /* isperm */, PR_TRUE /*copyDER*/);
if(leafCert == NULL) {
JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION,
"Failed to create new temporary certificate");
goto finish;
}
slot = PK11_KeyForCertExists(leafCert, &keyID, NULL);
if (slot !=NULL) { /* found the use cert */
theDerCert = derCerts[certi];
/* delete it so it wouldn't cause conflict */
CERT_DeleteTempCertificate(leafCert);
break; /*certi now indicates the location of our user cert in chain*/
}
slot = PK11_KeyForCertExists(leafCert, &keyID, NULL);
if (slot !=NULL) { /* found the use cert */
theDerCert = derCerts[certi];
/* delete it so it wouldn't cause conflict */
CERT_DeleteTempCertificate(leafCert);
break; /*certi now indicates the location of our user cert in chain*/
}
/* delete it so it wouldn't cause conflict */
CERT_DeleteTempCertificate(leafCert);
/* delete it so it wouldn't cause conflict */
CERT_DeleteTempCertificate(leafCert);
} /* end for */
} /* end for */
/* (NO_USER_CERT_HANDLING)
/* (NO_USER_CERT_HANDLING)
Handles the case when the user certificate is not in
the certificate chain.
*/
if ((slot == NULL)) { /* same as "noUser = 1" */
/* #397713 */
if (!find_leaf_cert_in_chain(certdb, derCerts, numCerts, &theDerCert)) {
JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION,
"Failed to locate leaf certificate in chain");
goto finish;
*/
if ((slot == NULL)) { /* same as "noUser = 1" */
/* #397713 */
if (!find_leaf_cert_in_chain(certdb, derCerts,
numCerts, &theDerCert))
{
JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION,
"Failed to locate leaf certificate in chain");
goto finish;
}
}
}
} else {/* numCerts <= 1 */
theDerCert = derCerts[0];
certi = 0;
theDerCert = derCerts[0];
certi = 0;
}
/***************************************************
@ -1075,12 +1077,12 @@ Java_org_mozilla_jss_CryptoManager_importCertPackageNative
slot = PK11_ImportCertForKey(leafCert, nickChars, NULL);
if( slot == NULL ) {
/* We already checked for this, shouldn't fail here */
if(PR_GetError() == SEC_ERROR_ADDING_CERT) {
PR_ASSERT(PR_FALSE);
JSS_throw(env, NO_SUCH_ITEM_ON_TOKEN_EXCEPTION);
} else {
JSS_throw(env, TOKEN_EXCEPTION);
}
if(PR_GetError() == SEC_ERROR_ADDING_CERT) {
PR_ASSERT(PR_FALSE);
JSS_throw(env, NO_SUCH_ITEM_ON_TOKEN_EXCEPTION);
} else {
JSS_throw(env, TOKEN_EXCEPTION);
}
goto finish;
}
@ -1131,9 +1133,9 @@ Java_org_mozilla_jss_CryptoManager_importCertPackageNative
goto finish;
}
} else {
status = ImportCAChain(derCerts,
certi,
certUsageUserCertImport);
status = ImportCAChain(derCerts,
certi,
certUsageUserCertImport);
if(status != SECSuccess) {
JSS_trace(env, JSS_TRACE_ERROR,
"CERT_ImportCAChain returned an error in "
@ -1143,9 +1145,9 @@ Java_org_mozilla_jss_CryptoManager_importCertPackageNative
goto finish;
}
status = ImportCAChain(derCerts+certi+1,
numCerts-certi-1,
certUsageUserCertImport);
status = ImportCAChain(derCerts+certi+1,
numCerts-certi-1,
certUsageUserCertImport);
if(status != SECSuccess) {
JSS_trace(env, JSS_TRACE_ERROR,
"CERT_ImportCAChain returned an error in "
@ -1777,15 +1779,15 @@ finish:
JNIEXPORT void JNICALL
Java_org_mozilla_jss_CryptoManager_importCRLNative
(JNIEnv *env, jobject this,
jbyteArray der_crl, jstring url_jstr, jint rl_type)
jbyteArray der_crl, jstring url_jstr, jint rl_type)
{
CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
CERTSignedCrl *crl = NULL;
SECItem *packageItem = NULL;
int status = SECFailure;
char *url;
char *errmsg = NULL;
CERTSignedCrl *crl = NULL;
SECItem *packageItem = NULL;
int status = SECFailure;
char *url;
char *errmsg = NULL;
/***************************************************
* Validate arguments
@ -1793,83 +1795,83 @@ Java_org_mozilla_jss_CryptoManager_importCRLNative
PR_ASSERT( env!=NULL && this!=NULL );
if(der_crl == NULL) {
PR_ASSERT(PR_FALSE);
/* XXX need new exception here */
/* XXX need new exception here */
JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION,
"CRL package is NULL");
goto finish;
}
PR_ASSERT(certdb != NULL);
/* convert CRL byte[] into secitem */
/* convert CRL byte[] into secitem */
packageItem = JSS_ByteArrayToSECItem(env, der_crl);
if ( packageItem == NULL ) {
goto finish;
}
/* XXX need to deal with if error */
}
/* XXX need to deal with if error */
if (url_jstr != NULL) {
url = (char*) (*env)->GetStringUTFChars(env, url_jstr, NULL);
PR_ASSERT(url!=NULL);
}
else {
url = NULL;
}
if (url_jstr != NULL) {
url = (char*) (*env)->GetStringUTFChars(env, url_jstr, NULL);
PR_ASSERT(url!=NULL);
}
else {
url = NULL;
}
crl = CERT_ImportCRL( certdb, packageItem, url, rl_type, NULL);
crl = CERT_ImportCRL( certdb, packageItem, url, rl_type, NULL);
if( crl == NULL ) {
status = PR_GetError();
errmsg = NULL;
switch (status) {
case SEC_ERROR_OLD_CRL:
case SEC_ERROR_OLD_KRL:
/* not an error - leave as NULL */
errmsg = NULL;
goto finish;
case SEC_ERROR_CRL_EXPIRED:
errmsg = "CRL Expired";
break;
case SEC_ERROR_KRL_EXPIRED:
errmsg = "KRL Expired";
break;
case SEC_ERROR_CRL_NOT_YET_VALID:
errmsg = "CRL Not yet valid";
break;
case SEC_ERROR_KRL_NOT_YET_VALID:
errmsg = "KRL Not yet valid";
break;
case SEC_ERROR_CRL_INVALID:
errmsg = "Invalid encoding of CRL";
break;
case SEC_ERROR_KRL_INVALID:
errmsg = "Invalid encoding of KRL";
break;
case SEC_ERROR_BAD_DATABASE:
errmsg = "Database error";
break;
default:
/* printf("NSS ERROR = %d\n",status); */
errmsg = "Failed to import Revocation List";
}
if (errmsg) {
JSS_throwMsg(env, CRL_IMPORT_EXCEPTION, errmsg);
}
status = PR_GetError();
errmsg = NULL;
switch (status) {
case SEC_ERROR_OLD_CRL:
case SEC_ERROR_OLD_KRL:
/* not an error - leave as NULL */
errmsg = NULL;
goto finish;
case SEC_ERROR_CRL_EXPIRED:
errmsg = "CRL Expired";
break;
case SEC_ERROR_KRL_EXPIRED:
errmsg = "KRL Expired";
break;
case SEC_ERROR_CRL_NOT_YET_VALID:
errmsg = "CRL Not yet valid";
break;
case SEC_ERROR_KRL_NOT_YET_VALID:
errmsg = "KRL Not yet valid";
break;
case SEC_ERROR_CRL_INVALID:
errmsg = "Invalid encoding of CRL";
break;
case SEC_ERROR_KRL_INVALID:
errmsg = "Invalid encoding of KRL";
break;
case SEC_ERROR_BAD_DATABASE:
errmsg = "Database error";
break;
default:
/* printf("NSS ERROR = %d\n",status); */
errmsg = "Failed to import Revocation List";
}
if (errmsg) {
JSS_throwMsg(env, CRL_IMPORT_EXCEPTION, errmsg);
}
}
finish:
if (packageItem) {
if (packageItem) {
SECITEM_FreeItem(packageItem, PR_TRUE /*freeit*/);
}
}
if(url != NULL) {
(*env)->ReleaseStringUTFChars(env, url_jstr, url);
}
if(url != NULL) {
(*env)->ReleaseStringUTFChars(env, url_jstr, url);
}
if (crl) {
SEC_DestroyCrl(crl);
}
if (crl) {
SEC_DestroyCrl(crl);
}
}

77
security/jss/org/mozilla/jss/manage/jssinit.h
Просмотреть файл

@ -1,77 +0,0 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape Security Services for Java.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
/* This header depends on:
#include <jni.h>
#include <nspr.h>
*/
#ifndef JSS_INIT_H
#define JSS_INIT_H
/***********************************************************************
* JSS_completeInitialize
*
* Initialize the security library and open all the databases.
*
*/
void
JSS_completeInitialize(JNIEnv *env,
jstring modDBName,
jstring keyDBName,
jstring certDBName,
jboolean readOnly,
jstring manuString,
jstring libraryString,
jstring tokString,
jstring keyTokString,
jstring slotString,
jstring keySlotString,
jstring fipsString,
jstring fipsKeyString,
jboolean ocspCheckingEnabled,
jstring ocspResponderURL,
jstring ocspResponderCertNickname );
/**********************************************************************
*
* JSS_setPasswordCallback
*
* Sets the global PasswordCallback object, which will be used to
* login to tokens implicitly if necessary.
*
*/
void
JSS_setPasswordCallback(JNIEnv *env, jobject callback);
#endif

6
security/jss/org/mozilla/jss/ssl/SSLServer.java
Просмотреть файл

@ -330,7 +330,7 @@ public class SSLServer
System.out.println("SSLServer started\n");
try {
NSSInit.initialize("secmod.db", "key3.db", "cert7.db");
CryptoManager.initialize("secmod.db", "key3.db", "cert7.db");
}
catch (KeyDatabaseException kdbe) {
System.out.println("Couldn't open the key database\n");
@ -344,6 +344,10 @@ public class SSLServer
System.out.println("CryptoManager already initialized???");
return;
}
catch (java.security.GeneralSecurityException e) {
System.out.println("General security exception while initializing");
return;
}
SSLServerSocket.configServerSessionIDCache(10, 0, 0, null);

6
security/jss/samples/SigTest.java
Просмотреть файл

@ -78,10 +78,8 @@ public class SigTest {
try {
CryptoManager.InitializationValues vals = new
CryptoManager.InitializationValues
( args[0]+"/secmod.db",
args[0]+"/key3.db",
args[0]+"/cert7.db" );
CryptoManager.InitializationValues(args[0], "foobar-", "foobar-",
"../secmodule.db");
CryptoManager.initialize(vals);
manager = CryptoManager.getInstance();