mozilla
/
mozilla-history
зеркало из https://github.com/mozilla/mozilla-history.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

341681 Crypto.TokenException in Socket test r=neil

This commit is contained in:
glen.beasley%sun.com 2007-03-31 04:28:19 +00:00
Родитель a589bf2b07
Коммит 229072ab4f
1 изменённых файлов: 117 добавлений и 42 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

113
security/jss/org/mozilla/jss/tests/GenerateTestCert.java
Просмотреть файл

@ -67,18 +67,34 @@ public class GenerateTestCert {
private final SignatureAlgorithm sigAlg =
SignatureAlgorithm.RSASignatureWithSHA1Digest;
private X509Certificate nssServerCert, nssClientCert;
private String serverCertNick, clientCertNick;
static final private String CACERT_NICKNAME = "JSSCATestCert";
static final private String SERVERCERT_NICKNAME = "JSSTestServerCert";
static final private String CLIENTCERT_NICKNAME = "JSSTestClientCert";
/**
* Main method for testing and generating cert pairs.
*/
public static void main(String[] args) throws Exception {
if( args.length > 0 )
(new GenerateTestCert()).doIt(args);
else
GenerateTestCert gtc = new GenerateTestCert();
if ( args.length > 0 ) {
gtc.doIt(args);
} else {
gtc.usage();
}
}
public void usage() {
System.out.println("USAGE: " +
"java org.mozilla.jss.tests.GenerateTestCert " +
"<test dir> <password file>\n");
"<test dir> <password file> [hostname] [CAcertNickname] " +
"[ServerCertNickname] [ClientCertNickName]");
System.out.println("This program creates self signed Certificates." +
"They are only meant for testing and should never be " +
"used in production. " +
"\nThe default nicknames:" +
"\n\tCA certificate: " + CACERT_NICKNAME +
"\n\tServer certificate: " + SERVERCERT_NICKNAME +
"\n\tClient certificate: " + CLIENTCERT_NICKNAME);
System.exit(1);
}
@ -87,11 +103,12 @@ public class GenerateTestCert {
* pair.
*/
private void doIt(String[] args) throws Exception {
String caCertNick = CACERT_NICKNAME;
String serverCertNick = SERVERCERT_NICKNAME;
String clientCertNick = CLIENTCERT_NICKNAME;
if ( args.length != 2 ) {
System.out.println("Usage: java org.mozilla.jss.tests." +
"GenerateTestCert <dbdir> <passwordFile>");
System.exit(1);
if ( args.length < 2 ) {
usage();
}
try {
@ -105,20 +122,57 @@ public class GenerateTestCert {
SecureRandom rng= SecureRandom.getInstance("pkcs11prng",
"Mozilla-JSS");
int rand = 24022402;
int rand = nextRandInt (rng);
String hostname = "localhost";
if (args.length > 3) {
hostname = args[2];
}
X509Certificate[] certs;
if (args.length > 4) {
caCertNick = args[3];
}
/* ensure certificate does not already exists */
certs = cm.findCertsByNickname(caCertNick);
if (certs.length > 0) {
System.out.println(caCertNick + " already exists!");
System.exit (1);
};
if (args.length > 5) {
serverCertNick = args[4];
}
certs = cm.findCertsByNickname(serverCertNick);
if (certs.length > 0) {
System.out.println(serverCertNick + " already exists!");
System.exit (1);
};
if (args.length == 6) {
clientCertNick = args[5];
}
certs = cm.findCertsByNickname(clientCertNick);
if (certs.length > 0) {
System.out.println(clientCertNick + " already exists!");
System.exit (1);
};
int keyLength = 512;
// generate CA cert
java.security.KeyPairGenerator kpg =
java.security.KeyPairGenerator.getInstance("RSA", "Mozilla-JSS");
kpg.initialize(512);
kpg.initialize(keyLength);
KeyPair caPair = kpg.genKeyPair();
SEQUENCE extensions = new SEQUENCE();
extensions.addElement(makeBasicConstraintsExtension());
Certificate caCert = makeCert("CACert", "CACert", 1,
Certificate caCert = makeCert("CACert", "CACert", rand+1,
caPair.getPrivate(), caPair.getPublic(), rand, extensions);
X509Certificate nssCaCert = cm.importUserCACertPackage (
ASN1Util.encode(caCert), "JSSCATestCert");
ASN1Util.encode (caCert), caCertNick);
InternalCertificate intern = (InternalCertificate)nssCaCert;
intern.setSSLTrust(
InternalCertificate.TRUSTED_CA |
@ -126,24 +180,28 @@ public class GenerateTestCert {
InternalCertificate.VALID_CA);
// generate server cert
kpg.initialize(512);
kpg.initialize(keyLength);
KeyPair serverPair = kpg.genKeyPair();
Certificate serverCert = makeCert("CACert", "localhost", 2,
Certificate serverCert = makeCert("CACert", hostname, rand+2,
caPair.getPrivate(), serverPair.getPublic(), rand, null);
serverCertNick = "JSSCATestServerCert";
nssServerCert = cm.importCertPackage(
ASN1Util.encode(serverCert), serverCertNick);
// generate client auth cert
kpg.initialize(512);
kpg.initialize(keyLength);
KeyPair clientPair = kpg.genKeyPair();
Certificate clientCert = makeCert("CACert", "ClientCert", 3,
Certificate clientCert = makeCert("CACert", "ClientCert", rand+3,
caPair.getPrivate(), clientPair.getPublic(), rand, null);
clientCertNick = "JSSCATestClientCert";
nssClientCert = cm.importCertPackage(
ASN1Util.encode(clientCert), clientCertNick);
System.out.println("\nThis program created certificates with \n" +
"following cert nicknames:" +
"\n\t" + caCertNick +
"\n\t" + serverCertNick +
"\n\t" + clientCertNick);
System.out.println("Exiting main()");
} catch(Exception e) {
e.printStackTrace();
System.exit(1);
@ -151,6 +209,13 @@ public class GenerateTestCert {
System.exit(0);
}
static int nextRandInt(SecureRandom rand) throws Exception {
byte[] bytes = new byte[4];
rand.nextBytes(bytes);
return ((int)bytes[0])<<24 | ((int)bytes[1])<<16 |
((int)bytes[2])<<8 | ((int)bytes[3]);
}
/**
* Make basic extension.
*/
@ -165,6 +230,16 @@ public class GenerateTestCert {
/**
* Method that generates a certificate for given credential
*
* @param issuerName
* @param subjectName
* @param serialNumber
* @param privKey
* @param pubKey
* @param rand
* @param extensions
* @throws java.lang.Exception
* @return
*/
private Certificate makeCert(String issuerName,
String subjectName,