mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

380065 fix for JSS cert creation and ssl hangs r=self JSS tests only

This commit is contained in:
glen.beasley%sun.com 2007-08-23 23:21:13 +00:00
Родитель 2b787f4fed
Коммит 7a5c1aea38
7 изменённых файлов: 274 добавлений и 254 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

36
security/jss/org/mozilla/jss/tests/GenerateTestCert.java
Просмотреть файл

@ -176,10 +176,6 @@ public class GenerateTestCert {
System.out.println("Number of certificates stored in the " +
" database: " + originalPermCerts);
SecureRandom rng= SecureRandom.getInstance("pkcs11prng",
"Mozilla-JSS");
int rand = nextRandInt(rng);
String hostname = "localhost";
if (args.length > 4) {
hostname = args[3];
@ -222,7 +218,8 @@ public class GenerateTestCert {
// generate CA cert
java.security.KeyPairGenerator kpg =
java.security.KeyPairGenerator.getInstance(keyType, "Mozilla-JSS");
java.security.KeyPairGenerator.getInstance(
keyType, "Mozilla-JSS");
kpg.initialize(keyLength);
KeyPair caPair = kpg.genKeyPair();
@ -230,7 +227,7 @@ public class GenerateTestCert {
extensions.addElement(makeBasicConstraintsExtension());
Certificate caCert = makeCert("CACert", "CACert", serialNum,
caPair.getPrivate(), caPair.getPublic(), rand, extensions);
caPair.getPrivate(), caPair.getPublic(), serialNum, extensions);
X509Certificate nssCaCert = cm.importUserCACertPackage(
ASN1Util.encode(caCert), caCertNick);
InternalCertificate intern = (InternalCertificate)nssCaCert;
@ -244,7 +241,7 @@ public class GenerateTestCert {
KeyPair serverPair = kpg.genKeyPair();
Certificate serverCert = makeCert("CACert", hostname,
serialNum+1, caPair.getPrivate(),
serverPair.getPublic(), rand, null);
serverPair.getPublic(), serialNum, null);
nssServerCert = cm.importCertPackage(
ASN1Util.encode(serverCert), serverCertNick);
@ -253,7 +250,7 @@ public class GenerateTestCert {
KeyPair clientPair = kpg.genKeyPair();
Certificate clientCert = makeCert("CACert", "ClientCert",
serialNum+2, caPair.getPrivate(), clientPair.getPublic(),
rand, null);
serialNum, null);
nssClientCert = cm.importCertPackage(
ASN1Util.encode(clientCert), clientCertNick);
@ -290,7 +287,6 @@ public class GenerateTestCert {
System.out.println(clientCertNick + " should exist!");
System.exit(1);
};
System.out.println("Exiting GenerateTestCert");
} catch(Exception e) {
e.printStackTrace();
@ -299,16 +295,6 @@ public class GenerateTestCert {
System.exit(0);
}
static int nextRandInt(SecureRandom rand) throws Exception {
int i;
byte[] bytes = new byte[4];
rand.nextBytes(bytes);
i = ((int)bytes[0])<<24 | ((int)bytes[1])<<16 |
((int)bytes[2])<<8 | ((int)bytes[3]);
System.out.println("generated random value:" + i);
return i;
}
/**
* Make basic extension.
*/
@ -345,16 +331,16 @@ public class GenerateTestCert {
AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier(sigAlg.toOID());
Name issuer = new Name();
issuer.addCommonName(issuerName);
issuer.addCountryName("US");
issuer.addOrganizationName("Mozilla"+rand);
issuer.addOrganizationalUnitName("JSS Testing");
issuer.addOrganizationName("Mozilla");
issuer.addOrganizationalUnitName("JSS Testing" + rand);
issuer.addCommonName(issuerName);
Name subject = new Name();
subject.addCommonName(subjectName);
subject.addCountryName("US");
subject.addOrganizationName("Mozilla"+rand);
subject.addOrganizationalUnitName("JSS Testing");
subject.addOrganizationName("Mozilla");
subject.addOrganizationalUnitName("JSS Testing" + rand);
subject.addCommonName(subjectName);
Calendar cal = Calendar.getInstance();
Date notBefore = cal.getTime();

6
security/jss/org/mozilla/jss/tests/JSSE_SSLServer.java
Просмотреть файл

@ -179,7 +179,6 @@ public class JSSE_SSLServer {
System.out.println("Initializing " + args[5] + "-NSS");
Provider nss = null;
nss = new sun.security.pkcs11.SunPKCS11(nssConfig);
System.out.println("inserting provider?");
Security.insertProviderAt(nss, 1);
System.out.println("Initialized " + args[5] + "-NSS");
@ -212,8 +211,8 @@ public class JSSE_SSLServer {
if ( ssf != null ) {
SSLServerSocket ss =
(SSLServerSocket)ssf.createServerSocket(port);
// Set server socket timeout to 90 sec
// ss.setSoTimeout(15 * 1000);
// Set server socket timeout to 5 minutes
ss.setSoTimeout(300 * 1000);
System.out.println("Enable ciphers.");
// Enable all the JSSE ciphersuites
ss.setEnabledCipherSuites(ss.getSupportedCipherSuites());
@ -227,6 +226,7 @@ public class JSSE_SSLServer {
try {
//The client will tell the server to shutdown
Socket socket = ss.accept();
socket.setSoTimeout(300 * 1000);
socketCntr ++;
readWriteThread rwThread = new readWriteThread(socket,
socketCntr);

2
security/jss/org/mozilla/jss/tests/JSS_SelfServClient.java
Просмотреть файл

@ -638,7 +638,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
System.out.println("ActiveCount" + socketThreads.activeCount());
//This loop should always exit but it has the potential
//to hang the QA tests so...
if (i == 1000) { // 1000 x 10
if (i == 100) { // 100 x 10
System.out.println("It is taking too long for the " +
"threads to die. Exiting the program");
System.out.println("Time taken: " +

4
security/jss/org/mozilla/jss/tests/JSS_SelfServServer.java
Просмотреть файл

@ -239,7 +239,7 @@ public class JSS_SelfServServer {
if (bVerbose)
System.out.println("Server created socket");
//serverSock.setSoTimeout(5000); // Set timeout for 5 sec
serverSock.setSoTimeout(300*1000); // Set timeout for 5 minutes
serverSock.requireClientAuth(SSLSocket.SSL_REQUIRE_NO_ERROR);
serverSock.setServerCertNickname("Server_ECDSA");
@ -258,7 +258,7 @@ public class JSS_SelfServServer {
sock.addHandshakeCompletedListener(
new HandshakeListener("server", this));
socketCntr++;
//sock.setSoTimeout(30*1000);
sock.setSoTimeout(300*1000);
if (bVerbose) {
System.out.println("Timeout value for sockets: " +
sock.getSoTimeout());

7
security/jss/org/mozilla/jss/tests/ListCerts.java
Просмотреть файл

@ -48,8 +48,6 @@ import org.mozilla.jss.crypto.*;
import org.mozilla.jss.pkix.cert.Certificate;
import org.mozilla.jss.pkix.cert.CertificateInfo;
import org.mozilla.jss.pkix.cert.Extension;
import java.security.Security;
import java.security.Provider;
public class ListCerts {
@ -69,12 +67,7 @@ public class ListCerts {
CryptoManager cm = CryptoManager.getInstance();
X509Certificate[] certs = cm.findCertsByNickname(nickname);
Provider[] providers = Security.getProviders();
for ( int i=0; i < providers.length; i++ ) {
System.out.println("Provider "+i+": "+providers[i].getName());
}
System.out.println(certs.length + " certs found with this nickname.");
for(int i=0; i < certs.length; i++) {
System.out.println("\nSubject: "+certs[i].getSubjectDN());
Certificate cert =

430
security/jss/org/mozilla/jss/tests/SSLClientAuth.java
Просмотреть файл

@ -35,6 +35,7 @@
* ***** END LICENSE BLOCK ***** */
package org.mozilla.jss.tests;
import java.security.cert.CertificateEncodingException;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.ssl.*;
import org.mozilla.jss.crypto.*;
@ -58,171 +59,146 @@ import java.io.*;
import java.net.SocketException;
/**
* SSLClientAuth Server/client test.
*/
* SSLClientAuth Server/client test.
*/
public class SSLClientAuth implements Runnable {
private CryptoManager cm;
public static final SignatureAlgorithm sigAlg =
public static final SignatureAlgorithm sigAlg =
SignatureAlgorithm.RSASignatureWithSHA1Digest;
/**
/**
* Method that generates a certificate for given credential
*
* @param issuerName
* @param subjectName
* @param serialNumber
* @param privKey
* @param pubKey
* @param rand
* @param extensions
* @throws java.lang.Exception
* @return
*
* @param issuerName
* @param subjectName
* @param serialNumber
* @param privKey
* @param pubKey
* @param rand
* @param extensions
* @throws java.lang.Exception
* @return
*/
public static Certificate makeCert(String issuerName, String subjectName,
int serialNumber, PrivateKey privKey, PublicKey pubKey, int rand,
SEQUENCE extensions) throws Exception
{
int serialNumber, PrivateKey privKey, PublicKey pubKey, int rand,
SEQUENCE extensions) throws Exception {
AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier( sigAlg.toOID());
Name issuer = new Name();
issuer.addCommonName(issuerName);
Name issuer = new Name();
issuer.addCountryName("US");
issuer.addOrganizationName("Mozilla"+rand);
issuer.addOrganizationalUnitName("JSS Testing");
issuer.addOrganizationName("Mozilla");
issuer.addOrganizationalUnitName("JSS Testing" + rand);
issuer.addCommonName(issuerName);
Name subject = new Name();
subject.addCommonName(subjectName);
subject.addCountryName("US");
subject.addOrganizationName("Mozilla"+rand);
subject.addOrganizationalUnitName("JSS Testing");
subject.addOrganizationName("Mozilla");
subject.addOrganizationalUnitName("JSS Testing" + rand);
subject.addCommonName(subjectName);
Calendar cal = Calendar.getInstance();
Date notBefore = cal.getTime();
cal.add(Calendar.YEAR, 1);
Date notAfter = cal.getTime();
SubjectPublicKeyInfo.Template spkiTemp =
new SubjectPublicKeyInfo.Template();
new SubjectPublicKeyInfo.Template();
SubjectPublicKeyInfo spki =
(SubjectPublicKeyInfo) ASN1Util.decode(spkiTemp,
(SubjectPublicKeyInfo) ASN1Util.decode(spkiTemp,
pubKey.getEncoded());
CertificateInfo info = new CertificateInfo(
CertificateInfo.v3, new INTEGER(serialNumber), sigAlgID,
issuer, notBefore, notAfter, subject, spki);
CertificateInfo.v3, new INTEGER(serialNumber), sigAlgID,
issuer, notBefore, notAfter, subject, spki);
if( extensions != null ) {
info.setExtensions(extensions);
}
return new Certificate(info, privKey, sigAlg);
}
/**
*
* @param args
* @throws java.lang.Exception
*
* @param args
* @throws java.lang.Exception
*/
public static void main(String[] args) throws Exception {
(new SSLClientAuth()).doIt(args);
}
private X509Certificate nssServerCert, nssClientCert;
private String serverCertNick, clientCertNick;
/**
*
* @param args
* @throws java.lang.Exception
*
* @param args
* @throws java.lang.Exception
*/
public void doIt(String[] args) throws Exception {
if ( args.length < 2 ) {
System.out.println("Usage: java org.mozilla.jss.tests." +
"SSLClientAuth <dbdir> <passwordFile> [port]" +
" [bypass] [Certificate Serial Number]");
"SSLClientAuth <dbdir> <passwordFile> [port]" +
" [bypass] [Certificate Serial Number]");
System.exit(1);
}
CryptoManager.initialize(args[0]);
cm = CryptoManager.getInstance();
CryptoToken tok = cm.getInternalKeyStorageToken();
PasswordCallback cb = new FilePasswordCallback(args[1]);
tok.login(cb);
if (args.length == 3) {
port = new Integer(args[2]).intValue();
System.out.println("using port:" + port);
}
if (args.length == 4 && (args[3].equalsIgnoreCase("bypass") == true)) {
org.mozilla.jss.ssl.SSLSocket.bypassPKCS11Default(true);
System.out.println("enabled bypassPKCS11 mode for all sockets");
System.out.println(SSLSocket.getSSLDefaultOptions());
org.mozilla.jss.ssl.SSLSocket.bypassPKCS11Default(true);
System.out.println("enabled bypassPKCS11 mode for all sockets");
System.out.println(SSLSocket.getSSLDefaultOptions());
}
if (args.length == 5) {
serialNum = new Integer(args[4]).intValue();
} else {
SecureRandom rng= SecureRandom.getInstance("pkcs11prng",
"Mozilla-JSS");
serialNum = nextRandInt(rng);
}
SecureRandom rng= SecureRandom.getInstance("pkcs11prng",
"Mozilla-JSS");
int rand;
X509Certificate[] certs;
do {
/* ensure certificate does not already exists */
/* we don't have to test all three */
rand = nextRandInt (rng);
serverCertNick = "servercertnick"+rand;
certs = cm.findCertsByNickname (serverCertNick);
} while (certs.length > 0);
/* ensure certificate does not already exists */
/* we don't have to test all three */
serverCertNick = "SSLserver-"+serialNum;
clientCertNick = "SSLclient-"+serialNum;
certs = cm.findCertsByNickname(serverCertNick);
if (certs.length == 0) {
generateCerts(cm, serialNum);
} else {
try {
nssServerCert = cm.findCertByNickname(serverCertNick);
nssClientCert = cm.findCertByNickname(clientCertNick);
} catch (TokenException ex) {
ex.printStackTrace();
System.exit(1);
} catch (ObjectNotFoundException ex) {
ex.printStackTrace();
System.exit(1);
}
// generate CA cert
// RSA Key with default exponent
int keyLength = 512;
java.security.KeyPairGenerator kpg =
java.security.KeyPairGenerator.getInstance("RSA", "Mozilla-JSS");
kpg.initialize(keyLength);
KeyPair caPair = kpg.genKeyPair();
SEQUENCE extensions = new SEQUENCE();
extensions.addElement(makeBasicConstraintsExtension());
Certificate caCert = makeCert("CACert", "CACert", serialNum++,
caPair.getPrivate(), caPair.getPublic(), rand, extensions);
X509Certificate nssCaCert = cm.importUserCACertPackage(
ASN1Util.encode(caCert), "cacertnick"+rand);
InternalCertificate intern = (InternalCertificate)nssCaCert;
intern.setSSLTrust(
InternalCertificate.TRUSTED_CA |
InternalCertificate.TRUSTED_CLIENT_CA |
InternalCertificate.VALID_CA);
// generate server cert
kpg.initialize(keyLength);
KeyPair serverPair = kpg.genKeyPair();
Certificate serverCert = makeCert("CACert", "localhost", serialNum++,
caPair.getPrivate(), serverPair.getPublic(), rand, null);
serverCertNick = "servercertnick"+rand;
nssServerCert = cm.importCertPackage(
ASN1Util.encode(serverCert), serverCertNick);
// generate client auth cert
kpg.initialize(keyLength);
KeyPair clientPair = kpg.genKeyPair();
Certificate clientCert = makeCert("CACert", "ClientCert", serialNum++,
caPair.getPrivate(), clientPair.getPublic(), rand, null);
clientCertNick = "clientcertnick"+rand;
nssClientCert = cm.importCertPackage(
ASN1Util.encode(clientCert), clientCertNick);
}
configureDefaultSSLoptions();
useNickname = false;
testConnection();
useNickname = true;
testConnection();
System.out.println("Exiting main()");
if( getSuccess() ) {
System.exit(0);
@ -230,9 +206,76 @@ public class SSLClientAuth implements Runnable {
System.exit(1);
}
}
private boolean useNickname;
private void generateCerts(CryptoManager cm, int serialNum) {
// RSA Key with default exponent
int keyLength = 1024;
try {
java.security.KeyPairGenerator kpg =
java.security.KeyPairGenerator.getInstance("RSA",
"Mozilla-JSS");
kpg.initialize(keyLength);
KeyPair caPair = kpg.genKeyPair();
//Generate CA cert
SEQUENCE extensions = new SEQUENCE();
extensions.addElement(makeBasicConstraintsExtension());
Certificate caCert = makeCert("CACert", "CACert", serialNum,
caPair.getPrivate(), caPair.getPublic(), serialNum, extensions);
X509Certificate nssCaCert = cm.importUserCACertPackage(
ASN1Util.encode(caCert), "SSLCA-"+serialNum);
InternalCertificate intern = (InternalCertificate)nssCaCert;
intern.setSSLTrust(
InternalCertificate.TRUSTED_CA |
InternalCertificate.TRUSTED_CLIENT_CA |
InternalCertificate.VALID_CA);
// generate server cert
kpg.initialize(keyLength);
KeyPair serverPair = kpg.genKeyPair();
Certificate serverCert = makeCert("CACert", "localhost",
serialNum+1, caPair.getPrivate(), serverPair.getPublic(),
serialNum, null);
nssServerCert = cm.importCertPackage(
ASN1Util.encode(serverCert), serverCertNick);
// generate client auth cert
kpg.initialize(keyLength);
KeyPair clientPair = kpg.genKeyPair();
Certificate clientCert = makeCert("CACert", "ClientCert",
serialNum+2, caPair.getPrivate(), clientPair.getPublic(),
serialNum, null);
nssClientCert = cm.importCertPackage(
ASN1Util.encode(clientCert), clientCertNick);
} catch (CertificateEncodingException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NoSuchAlgorithmException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NoSuchProviderException ex) {
ex.printStackTrace();
System.exit(1);
} catch (CryptoManager.NicknameConflictException ex) {
ex.printStackTrace();
System.exit(1);
} catch (CryptoManager.UserCertConflictException ex) {
ex.printStackTrace();
System.exit(1);
} catch (TokenException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NoSuchItemOnTokenException ex) {
ex.printStackTrace();
System.exit(1);
} catch (Exception ex) {
ex.printStackTrace();
System.exit(1);
}
}
private void configureDefaultSSLoptions() {
try {
//Disable SSL2 and SSL3 ciphers
@ -243,10 +286,10 @@ public class SSLClientAuth implements Runnable {
/* if FIPS is enabled, configure only FIPS ciphersuites */
if (cm.FIPSEnabled()) {
System.out.println("The NSS database is confirued in FIPS" +
"mode.");
"mode.");
System.out.println("Enable ony FIPS ciphersuites.");
int ciphers[] =
org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites();
org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites();
for (int i = 0; i < ciphers.length; ++i) {
if (SSLSocket.isFipsCipherSuite(ciphers[i])) {
/* enable the FIPS ciphersuite */
@ -264,21 +307,21 @@ public class SSLClientAuth implements Runnable {
System.exit(1);
}
}
private void testConnection() throws Exception {
serverReady = false;
// spawn server
Thread server = new Thread(this);
server.start();
// wait for server to open its socket
synchronized(this) {
while(!serverReady) {
this.wait();
}
}
// connect to the server
System.out.println("client about to connect");
SSLSocket sock = new SSLSocket("localhost", port);
@ -291,21 +334,20 @@ public class SSLClientAuth implements Runnable {
}
System.out.println("client connected");
sock.addHandshakeCompletedListener(
new HandshakeListener("client",this));
new HandshakeListener("client",this));
// force the handshake
sock.forceHandshake();
String cipher = sock.getStatus().getCipher();
System.out.println("client forced handshake. ciphersuite: " + cipher);
sock.close();
// wait for the server to finish
server.join();
}
public static class HandshakeListener
implements SSLHandshakeCompletedListener
{
implements SSLHandshakeCompletedListener {
private String who;
private SSLClientAuth boss;
public HandshakeListener(String who, SSLClientAuth boss) {
@ -313,114 +355,114 @@ public class SSLClientAuth implements Runnable {
this.boss = boss;
}
public void handshakeCompleted(SSLHandshakeCompletedEvent event) {
try {
String mesg = who + " got a completed handshake ";
SSLSecurityStatus status = event.getStatus();
if( status.isSecurityOn() ) {
mesg += "(security is ON)";
} else {
mesg += "(security is OFF)";
try {
String mesg = who + " got a completed handshake ";
SSLSecurityStatus status = event.getStatus();
if( status.isSecurityOn() ) {
mesg += "(security is ON)";
} else {
mesg += "(security is OFF)";
}
System.out.println(mesg);
} catch(Exception e) {
e.printStackTrace();
boss.setFailure();
}
System.out.println(mesg);
} catch(Exception e) {
e.printStackTrace();
boss.setFailure();
}
}
}
public synchronized void setFailure() {
success = false;
}
public synchronized boolean getSuccess() {
return success;
}
private boolean success = true;
public int port = 29752;
public int serialNum = 0;
public boolean serverReady = false;
/**
* Server run method.
*/
public void run() {
try {
// We have to configure the server session ID cache before
// creating any server sockets.
SSLServerSocket.configServerSessionIDCache(10, 100, 100, null);
// open the server socket and bind to the port
System.out.println("Server about to create socket");
SSLServerSocket serverSock = new SSLServerSocket(port, 5, null, null,
true);
System.out.println("Server created socket");
serverSock.requireClientAuth(SSLSocket.SSL_REQUIRE_NO_ERROR);
if( useNickname ) {
serverSock.setServerCertNickname(serverCertNick);
System.out.println("Server specified cert by nickname");
} else {
serverSock.setServerCert(nssServerCert);
System.out.println("Server specified cert directly");
}
// tell the client we're ready
synchronized(this) {
serverReady = true;
this.notify();
}
// accept the connection
System.out.println("Server about to accept");
SSLSocket sock = (SSLSocket) serverSock.accept();
System.out.println("Server accepted");
sock.addHandshakeCompletedListener(
new HandshakeListener("server", this));
// try to read some bytes, to allow the handshake to go through
InputStream is = sock.getInputStream();
try {
System.out.println("Server about to read");
is.read();
System.out.println("Server read successful");
} catch(EOFException e) {
System.out.println("Server got EOF");
}
sock.close();
serverSock.close();
} catch(Exception e) {
synchronized(this) {
serverReady = true;
setFailure();
this.notify();
}
// We have to configure the server session ID cache before
// creating any server sockets.
SSLServerSocket.configServerSessionIDCache(10, 100, 100, null);
// open the server socket and bind to the port
System.out.println("Server about to create socket");
SSLServerSocket serverSock = new SSLServerSocket(port, 5, null, null,
true);
System.out.println("Server created socket");
serverSock.requireClientAuth(SSLSocket.SSL_REQUIRE_NO_ERROR);
if( useNickname ) {
serverSock.setServerCertNickname(serverCertNick);
System.out.println("Server specified cert by nickname");
} else {
serverSock.setServerCert(nssServerCert);
System.out.println("Server specified cert directly");
}
// tell the client we're ready
synchronized(this) {
serverReady = true;
this.notify();
}
// accept the connection
System.out.println("Server about to accept");
SSLSocket sock = (SSLSocket) serverSock.accept();
System.out.println("Server accepted");
sock.addHandshakeCompletedListener(
new HandshakeListener("server", this));
// try to read some bytes, to allow the handshake to go through
InputStream is = sock.getInputStream();
try {
System.out.println("Server about to read");
is.read();
System.out.println("Server read successful");
} catch(EOFException e) {
System.out.println("Server got EOF");
}
sock.close();
serverSock.close();
} catch(Exception e) {
synchronized(this) {
serverReady = true;
setFailure();
this.notify();
}
e.printStackTrace();
}
System.out.println("Server exiting");
}
System.out.println("Server exiting");
}
static Extension makeBasicConstraintsExtension() throws Exception {
SEQUENCE bc = new SEQUENCE();
bc.addElement( new BOOLEAN(true) ); // cA
OBJECT_IDENTIFIER bcOID = new OBJECT_IDENTIFIER(
new long[] {2, 5, 29, 19}); // from RFC 2459
new long[] {2, 5, 29, 19}); // from RFC 2459
OCTET_STRING enc = new OCTET_STRING(ASN1Util.encode(bc));
return new Extension(bcOID, true, enc);
}
static int nextRandInt(SecureRandom rand) throws Exception {
int i;
byte[] bytes = new byte[4];
rand.nextBytes(bytes);
i = ((int)bytes[0])<<24 | ((int)bytes[1])<<16 |
((int)bytes[2])<<8 | ((int)bytes[3]);
((int)bytes[2])<<8 | ((int)bytes[3]);
System.out.println("generated random value:" + i);
return i;
}
}

43
security/jss/org/mozilla/jss/tests/all.pl
Просмотреть файл

@ -83,7 +83,7 @@ my $osname = `uname -s`;
sub checkPort {
my ($p) = @_;
my $localhost = inet_aton("localhost");
my $max = $p + 10; # try to find a port 10 times
my $max = $p + 20; # try to find a port 10 times
my $port = sockaddr_in($p, $localhost);
#create a socket
@ -268,9 +268,9 @@ sub setup_vars {
$testdir = $result_dir . "/" . $host . "." . $version;
#in case multiple tests are being run on the same machine increase
#the port numbers with version number + 20
#the port numbers with version number * 10
$serverPort = $serverPort + $version + 20;
$serverPort = $serverPort + ($version * 10);
outputEnv();
}
@ -380,8 +380,8 @@ sub run_ssl_test {
print "launching server FAILED with return value $result\n";
return;
}
sleep 1;
print "\nServer is envoked using port $serverPort \n" ;
sleep 3;
print "\nSSL Server is envoked using port $serverPort \n" ;
print "$clientCommand \n";
$result = system("$clientCommand");
$result >>=8;
@ -412,6 +412,7 @@ sub print_case_result {
print "JSSTEST_CASE $testrun ($testname): PASS\n";
} else {
print "JSSTEST_CASE $testrun ($testname): FAIL return value $result\n";
die;
}
}
@ -488,18 +489,15 @@ run_test($testname, $command);
updateCertSN();
$serverPort = checkPort($serverPort);
$testname = "SSLClientAuth bypass off";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $serverPort $certSN";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $serverPort bypassoff $certSN";
run_test($testname, $command);
updateCertSN();
$serverPort=$serverPort+1;
$serverPort = checkPort($serverPort);
$testname = "SSLClientAuth bypass on";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $serverPort bypass $certSN";
run_test($testname, $command);
$serverPort=$serverPort+1;
$testname = "Key Generation";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.TestKeyGen $testdir $pwfile";
run_test($testname, $command);
@ -546,25 +544,26 @@ run_test($testname, $command);
#
# Servers are kicked off by the shell script and are told to shutdown by the client test
#
$serverPort=$serverPort+1;
$serverPort = checkPort($serverPort);
$testname = "SSL Ciphersuite JSS Server and JSS client both with Bypass Off";
$serverCommand = "./startJssSelfServ.$scriptext $jss_classpath $testdir $hostname $serverPort bypassoff $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypassOff verboseoff JSS";
run_ssl_test($testname, $serverCommand, $command);
$serverPort=$serverPort+1;
$serverPort = checkPort($serverPort);
$testname = "SSL Ciphersuite JSS Server and JSS client both with Bypass On";
$serverCommand = "./startJssSelfServ.$scriptext $jss_classpath $testdir $hostname $serverPort bypass $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypass verboseoff JSS";
run_ssl_test($testname, $serverCommand, $command);
$serverPort=$serverPort+1;
$serverPort = checkPort($serverPort);
$testname = "SSL Ciphersuite JSS Server with Bypass Off and JSSE client";
$serverCommand = "./startJssSelfServ.$scriptext $jss_classpath $testdir $hostname $serverPort bypassOff $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSSE_SSLClient $testdir $serverPort $hostname JSS";
run_ssl_test($testname, $serverCommand, $command);
$serverPort=$serverPort+1;
$serverPort = checkPort($serverPort);
$testname = "SSL Ciphersuite JSS Server with Bypass On and JSSE client";
$serverCommand = "./startJssSelfServ.$scriptext $jss_classpath $testdir $hostname $serverPort bypass $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSSE_SSLClient $testdir $serverPort $hostname JSS";
@ -575,38 +574,37 @@ if ($osname =~ /HP/) {
print "Java 5 on HP does not have SunPKCS11 class\n";
} else {
$serverPort=$serverPort+1;
$serverPort = checkPort($serverPort);
$testname = "SSL Ciphersuite JSSE Server using default provider and JSS client with Bypass Off";
$serverCommand = "./startJsseServ.$scriptext $jss_classpath $serverPort false $testdir rsa.pfx default $configfile $pwfile $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypassOff verboseoff JSSE";
run_ssl_test($testname, $serverCommand, $command);
$serverPort=$serverPort+1;
$serverPort = checkPort($serverPort);
$testname = "SSL Ciphersuite JSSE Server using default provider and JSS client with Bypass ON";
$serverCommand = "./startJsseServ.$scriptext $jss_classpath $serverPort false $testdir rsa.pfx default $configfile $pwfile $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypass verboseoff JSSE";
run_ssl_test($testname, $serverCommand, $command);
$serverPort=$serverPort+1;
$serverPort = checkPort($serverPort);
$testname = "SSL Ciphersuite JSSE Server using Sunpkcs11-NSS provider and JSS client with Bypass Off";
$serverCommand = "./startJsseServ.$scriptext $jss_classpath $serverPort false $testdir rsa.pfx Sunpkcs11 $configfile $pwfile $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypassOff verboseoff JSSE";
run_ssl_test($testname, $serverCommand, $command);
$serverPort=$serverPort+1;
$serverPort = checkPort($serverPort);
$testname = "SSL Ciphersuite JSSE Server using Sunpkcs11-NSS provider and JSS client with Bypass ON";
$serverCommand = "./startJsseServ.$scriptext $jss_classpath $serverPort false $testdir rsa.pfx Sunpkcs11 $configfile $pwfile $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypass verboseoff JSSE";
run_ssl_test($testname, $serverCommand, $command);
$serverPort=$serverPort+1;
$serverPort = checkPort($serverPort);
$testname = "SSL Ciphersuite JSSE Server using Mozilla-JSS provider and JSS client with Bypass Off";
$serverCommand = "./startJsseServ.$scriptext $jss_classpath $serverPort false $testdir rsa.pfx Mozilla-JSS $configfile $pwfile $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypass verboseoff Mozilla-JSS";
run_ssl_test($testname, $serverCommand, $command);
$serverPort=$serverPort+1;
$serverPort = checkPort($serverPort);
$testname = "SSL Ciphersuite JSSE Server using Mozilla-JSS provider and JSS client with Bypass ON";
$serverCommand = "./startJsseServ.$scriptext $jss_classpath $serverPort false $testdir rsa.pfx Mozilla-JSS $configfile $pwfile $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypass verboseoff Mozilla-JSS";
@ -629,10 +627,11 @@ run_test($testname, $command);
updateCertSN();
$testname = "SSLClientAuth FIPSMODE";
$serverPort = checkPort(++$serverPort);
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $serverPort $certSN";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $serverPort bypassoff $certSN";
run_test($testname, $command);
$serverPort=$serverPort+1;
$serverPort = checkPort($serverPort);
$testname = "SSL Ciphersuite JSS Server and JSS client both with Bypass Off";
$serverCommand = "./startJssSelfServ.$scriptext $jss_classpath $testdir $hostname $serverPort bypassoff $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypassOff verboseoff JSS";