mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

NSS/JSS integration.

This commit is contained in:
nicolson%netscape.com 2001-06-11 05:15:49 +00:00
Родитель 80c028553d
Коммит 9bd48e9536
18 изменённых файлов: 316 добавлений и 1510 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

228
security/jss/config/libnames.mk
Просмотреть файл

@ -1,228 +0,0 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape Security Services for Java.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1998-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#######################################################################
# Initialize variables containing STATIC component library names #
#######################################################################
#
# jss hclhacks library
#
LIBJSSHCLHACKS = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)jsshclhacks$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
#
# jss library
#
LIBJSS = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)jss$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
#
# jss ssl jni library
#
LIBJSSSSL = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)jssssl$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
#
# jss util jni library
#
LIBJSSUTIL = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)jssutil$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
#
# jss pkcs #11 jni library
#
LIBJSSPKCS11= $(SOURCE_LIB_DIR)/$(LIB_PREFIX)jsspkcs11$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
#
# jss crypto jni library
#
LIBJSSCRYPTO= $(SOURCE_LIB_DIR)/$(LIB_PREFIX)jsscrypto$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
#
# jss manage jni library
#
LIBJSSMANAGE = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)jssmanage$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
#
# security libraries
#
LIBSSL = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)ssl$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBNSS = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)nss$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBNSSB = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)nssb$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBPKCS7 = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)pkcs7$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBPKCS12 = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)pkcs12$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBSECUTIL = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)secutil$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBJAR = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)jar$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBSECTOOL = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)sectool$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBFORT = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)fort$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBNSSCKBI = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)nssckbi$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBNSSCKFW = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)nssckfw$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBCRYPTOHI= $(SOURCE_LIB_DIR)/$(LIB_PREFIX)cryptohi$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBCERTHI = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)certhi$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBPK11WRAP= $(SOURCE_LIB_DIR)/$(LIB_PREFIX)pk11wrap$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBSMIME = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)smime$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBSOFTOKEN= $(SOURCE_LIB_DIR)/$(LIB_PREFIX)softoken$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBCERTDB = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)certdb$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBFREEBL = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)freebl$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
#
# DBM library
#
LIBDBM = $(SOURCE_LIB_DIR)/$(LIB_PREFIX)dbm$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
#
# NSPR 2.0 libraries
#
ifeq ($(OS_ARCH),WINNT)
ifeq ($(OS_TARGET),WIN95)
LIBPLDS = $(SOURCE_LIB_DIR)/plds4_s$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBPLC = $(SOURCE_LIB_DIR)/plc4_s$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBPR = $(SOURCE_LIB_DIR)/nspr4_s$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
else
LIBPLDS = $(SOURCE_LIB_DIR)/libplds4_s$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBPLC = $(SOURCE_LIB_DIR)/libplc4_s$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBPR = $(SOURCE_LIB_DIR)/libnspr4_s$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
endif
else
LIBPLDS = $(SOURCE_LIB_DIR)/libplds4$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBPLC = $(SOURCE_LIB_DIR)/libplc4$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
LIBPR = $(SOURCE_LIB_DIR)/libnspr4$(STATIC_LIB_EXTENSION)$(STATIC_LIB_SUFFIX_FOR_LINKING)
endif
#######################################################################
# Initialize variables containing DYNAMIC component library names #
#######################################################################
#
# jss hclhacks library
#
DLLJSSHCLHACKS = $(SOURCE_LIB_DIR)/$(DLL_PREFIX)jsshclhacks$(DYNAMIC_LIB_EXTENSION)$(JDK_DEBUG_SUFFIX)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
#
# jss library
#
DLLJSS = $(SOURCE_LIB_DIR)/$(DLL_PREFIX)jss$(DYNAMIC_LIB_EXTENSION)$(JDK_DEBUG_SUFFIX)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
#
# jssutil library
#
DLLJSSUTIL = $(SOURCE_LIB_DIR)/$(DLL_PREFIX)jssutil$(DYNAMIC_LIB_EXTENSION)$(JDK_DEBUG_SUFFIX)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
#
# jsspkcs11 library
#
DLLJSSPKCS11 = $(SOURCE_LIB_DIR)/$(DLL_PREFIX)jsspkcs11$(DYNAMIC_LIB_EXTENSION)$(JDK_DEBUG_SUFFIX)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
#
# jsscrypto library
#
DLLJSSCRYPTO= $(SOURCE_LIB_DIR)/$(DLL_PREFIX)jsscrypto$(DYNAMIC_LIB_EXTENSION)$(JDK_DEBUG_SUFFIX)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
#
# jssmanage library
#
DLLJSSMANAGE = $(SOURCE_LIB_DIR)/$(DLL_PREFIX)jssmanage$(DYNAMIC_LIB_EXTENSION)$(JDK_DEBUG_SUFFIX)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
#
# jssssl library
#
DLLJSSSSL = $(SOURCE_LIB_DIR)/$(DLL_PREFIX)jssssl$(DYNAMIC_LIB_EXTENSION)$(JDK_DEBUG_SUFFIX)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
#
# there are NO dynamic security libraries
#
#
# DBM library
#
DLLDBM = $(SOURCE_LIB_DIR)/$(DLL_PREFIX)dbm$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
#
# NSPR 2.0 libraries
#
ifeq ($(OS_ARCH),WINNT)
ifeq ($(OS_TARGET),WIN95)
DLLPLDS = $(SOURCE_LIB_DIR)/plds4$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
DLLPLC = $(SOURCE_LIB_DIR)/plc4$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
DLLPR = $(SOURCE_LIB_DIR)/nspr4$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
else
DLLPLDS = $(SOURCE_LIB_DIR)/libplds4$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
DLLPLC = $(SOURCE_LIB_DIR)/libplc4$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
DLLPR = $(SOURCE_LIB_DIR)/libnspr4$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
endif
else
DLLPLDS = $(SOURCE_LIB_DIR)/libplds4$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
DLLPLC = $(SOURCE_LIB_DIR)/libplc4$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
DLLPR = $(SOURCE_LIB_DIR)/libnspr4$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX_FOR_LINKING)
endif
#######################################################################
# Tweak library names for windows and AIX.
#######################################################################
ifndef BUILD_OPT
ifdef LIBRARY_NAME
ifeq ($(OS_ARCH), WINNT)
ifeq ($(OS_TARGET), WIN16)
SHARED_LIBRARY_G = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)16_g.dll
IMPORT_LIBRARY_G = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)16_g.lib
else
SHARED_LIBRARY_G = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)32_g.dll
IMPORT_LIBRARY_G = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)32_g.lib
endif
else
ifeq ($(OS_ARCH)$(OS_RELEASE), AIX4.1)
SHARED_LIBRARY_G = $(OBJDIR)/lib$(LIBRARY_NAME)$(LIBRARY_VERSION)_shr_g.a
else
SHARED_LIBRARY_G = $(OBJDIR)/lib$(LIBRARY_NAME)$(LIBRARY_VERSION)_g.$(DLL_SUFFIX)
endif
endif
endif
endif

21
security/jss/lib/config.mk
Просмотреть файл

@ -41,24 +41,9 @@ SHARED_LIBRARY_DIRS = \
../org/mozilla/jss/pkcs11 \
../org/mozilla/jss/ssl \
../org/mozilla/jss/util \
../org/mozilla/jss/hclhacks \
$(NULL)
EXTRA_LIBS += \
$(LIBNSS) \
$(LIBSSL) \
$(LIBCRYPTOHI) \
$(LIBCERTHI) \
$(LIBNSSB) \
$(LIBPK11WRAP) \
$(LIBJAR) \
$(LIBPKCS12) \
$(LIBPKCS7) \
$(LIBSMIME) \
$(LIBSOFTOKEN) \
$(LIBCERTDB) \
$(LIBFREEBL) \
$(LIBSECUTIL) \
$(LIBDBM) \
$(NULL)
@ -72,6 +57,9 @@ DLLFLAGS += -DEF:jss.def
#RESNAME = jss.rc
EXTRA_SHARED_LIBS += \
$(DIST)/lib/nss/nss3.lib
$(DIST)/lib/nss/smime3.lib
$(DIST)/lib/nss/ssl3.lib
$(DIST)/lib/$(NSPR31_LIB_PREFIX)plc4.lib \
$(DIST)/lib/$(NSPR31_LIB_PREFIX)plds4.lib \
$(DIST)/lib/$(NSPR31_LIB_PREFIX)nspr4.lib \
@ -83,6 +71,9 @@ else
EXTRA_SHARED_LIBS += \
-L$(DIST)/lib \
-lnss3 \
-lsmime3 \
-lssl3 \
-lplc4 \
-lplds4 \
-lnspr4 \

2
security/jss/lib/jss.def
Просмотреть файл

@ -149,9 +149,7 @@ Java_org_mozilla_jss_pkcs11_PK11Signature_initSigContext;
Java_org_mozilla_jss_pkcs11_PK11Signature_initVfyContext;
Java_org_mozilla_jss_pkcs11_PK11Store_deleteCert;
Java_org_mozilla_jss_pkcs11_PK11Store_deletePrivateKey;
Java_org_mozilla_jss_pkcs11_PK11Store_importEncryptedPrivateKey;
Java_org_mozilla_jss_pkcs11_PK11Store_importPrivateKey;
Java_org_mozilla_jss_pkcs11_PK11Store_importTemporaryEncryptedPrivateKey;
Java_org_mozilla_jss_pkcs11_PK11Store_putCertsInVector;
Java_org_mozilla_jss_pkcs11_PK11Store_putKeysInVector;
Java_org_mozilla_jss_pkcs11_SigContextProxy_releaseNativeResources;

2
security/jss/lib/rules.mk
Просмотреть файл

@ -35,7 +35,6 @@ release_md:: release_sanitize
release_sanitize::
-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jsscrypto$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jsshclhacks$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jssmanage$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jsspkcs11$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jsspolicy$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
@ -43,7 +42,6 @@ release_sanitize::
-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jssutil$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
ifeq ($(OS_ARCH),WINNT)
-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jsscrypto$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jsshclhacks$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jssmanage$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jsspkcs11$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jsspolicy$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)

77
security/jss/org/mozilla/jss/crypto/CryptoStore.java
Просмотреть файл

@ -48,56 +48,6 @@ public interface CryptoStore {
// Private Keys
////////////////////////////////////////////////////////////
/**
* Imports an encoded, encrypted private key into this token.
*
* @param encodedKey The encoded, encrypted private key. These bytes
* are expected to be a DER-encoded PKCS #8 EncryptedKeyInfo.
* Currently, the only encryption algorithm is RC4.
* @param password The password that encodes this key. The password
* will be cleared by this method. This password,
* together with the salt, are used to construct the decrypting key.
* @param salt The password salt.
* @exception InvalidKeyFormatException If the key cannot be decoded.
* This may be caused by supplying an incorrect password, or
* it may be due to corrupted data.
* @exception TokenException If the key cannot be imported to this token.
* @deprecated A key type should be specified so that the correct usages
* can be enabled on the key.
*/
public void
importEncryptedPrivateKey( byte[] encodedKey,
Password password,
byte[] salt,
byte[] globalSalt )
throws InvalidKeyFormatException, TokenException;
/**
* Imports an encoded, encrypted private key into this token.
*
* @param encodedKey The encoded, encrypted private key. These bytes
* are expected to be a DER-encoded PKCS #8 EncryptedKeyInfo.
* Currently, the only encryption algorithm is RC4.
* @param password The password that encodes this key. The password
* will be cleared by this method. This password,
* together with the salt, are used to construct the decrypting key.
* @param salt The password salt.
* @param type The type of the private key. This is used to enable the
* right operations for the key.
* @exception InvalidKeyFormatException If the key cannot be decoded.
* This may be caused by supplying an incorrect password, or
* it may be due to corrupted data.
* @exception TokenException If the key cannot be imported to this token.
* @deprecated Use importPrivateKey instead.
*/
public void
importEncryptedPrivateKey( byte[] encodedKey,
Password password,
byte[] salt,
byte[] globalSalt,
PrivateKey.Type type )
throws InvalidKeyFormatException, TokenException;
/**
* Imports a raw private key into this token.
*
@ -111,33 +61,6 @@ public interface CryptoStore {
throws TokenException, KeyAlreadyImportedException;
/**
* Imports an encoded, encrypted private key into this token, and stores
* it as a temporary (session) object. The key will be deleted
* when it is garbage collected.
*
* @param encodedKey The encoded, encrypted private key. These bytes
* are expected to be a DER-encoded PKCS #8 EncryptedKeyInfo.
* Currently, the only encryption algorithm is RC4.
* @param password The password that encodes this key. The password
* will be cleared by this method. This password,
* together with the salt, are used to construct the decrypting key.
* @param salt The password salt.
* @param type The type of the private key. This is used to enable the
* right operations for the key.
* @exception InvalidKeyFormatException If the key cannot be decoded.
* This may be caused by supplying an incorrect password, or
* it may be due to corrupted data.
* @exception TokenException If the key cannot be imported to this token.
*/
public void
importTemporaryEncryptedPrivateKey( byte[] encodedKey,
Password password,
byte[] salt,
byte[] globalSalt,
PrivateKey.Type type )
throws InvalidKeyFormatException, TokenException;
/**
* Returns all private keys stored on this token.
*

36
security/jss/org/mozilla/jss/crypto/PQGParams.c
Просмотреть файл

@ -40,7 +40,7 @@
#include <secoidt.h>
#include <keyt.h> /* for PQGParams */
#include <blapi.h>
#include <pqgutil.h>
#include <pk11pqg.h>
#include <jss_bigint.h>
#include <jssutil.h>
@ -137,8 +137,8 @@ generate(JNIEnv *env, jclass PQGParamsClass, jint keySize, jint seedBytes)
/***********************************************************************
* PQG_ParamGen doesn't take a key size, it takes an index that points to
* a valid key size.
* PK11_PQG_ParamGen doesn't take a key size, it takes an index that
* points to a valid key size.
*/
keySizeIndex = PQG_PBITS_TO_INDEX(keySize);
if(keySizeIndex == -1 || keySize<512 || keySize>1024) {
@ -152,9 +152,9 @@ generate(JNIEnv *env, jclass PQGParamsClass, jint keySize, jint seedBytes)
* Do the actual parameter generation.
*/
if(seedBytes == 0) {
status = PQG_ParamGen(keySizeIndex, &pParams, &pVfy);
status = PK11_PQG_ParamGen(keySizeIndex, &pParams, &pVfy);
} else {
status = PQG_ParamGenSeedLen(keySizeIndex, seedBytes, &pParams, &pVfy);
status = PK11_PQG_ParamGenSeedLen(keySizeIndex, seedBytes, &pParams, &pVfy);
}
if(status != SECSuccess) {
JSS_throw(env, PQG_PARAM_GEN_EXCEPTION);
@ -185,16 +185,16 @@ generate(JNIEnv *env, jclass PQGParamsClass, jint keySize, jint seedBytes)
/***********************************************************************
* Convert the parameters to Java types.
*/
if( PQG_GetPrimeFromParams( pParams, &P) ||
PQG_GetSubPrimeFromParams( pParams, &Q) ||
PQG_GetBaseFromParams( pParams, &G) ||
PQG_GetHFromVerify( pVfy, &H) ||
PQG_GetSeedFromVerify( pVfy, &seed) )
if( PK11_PQG_GetPrimeFromParams( pParams, &P) ||
PK11_PQG_GetSubPrimeFromParams( pParams, &Q) ||
PK11_PQG_GetBaseFromParams( pParams, &G) ||
PK11_PQG_GetHFromVerify( pVfy, &H) ||
PK11_PQG_GetSeedFromVerify( pVfy, &seed) )
{
JSS_throw(env, PQG_PARAM_GEN_EXCEPTION);
goto finish;
}
counter = PQG_GetCounterFromVerify(pVfy);
counter = PK11_PQG_GetCounterFromVerify(pVfy);
/*
* construct P
@ -297,10 +297,10 @@ generate(JNIEnv *env, jclass PQGParamsClass, jint keySize, jint seedBytes)
finish:
if(pParams!=NULL) {
PQG_DestroyParams(pParams);
PK11_PQG_DestroyParams(pParams);
}
if(pVfy!=NULL) {
PQG_DestroyVerify(pVfy);
PK11_PQG_DestroyVerify(pVfy);
}
SECITEM_FreeItem(&P, PR_FALSE /*don't free P itself*/);
SECITEM_FreeItem(&Q, PR_FALSE);
@ -359,8 +359,8 @@ Java_org_mozilla_jss_crypto_PQGParams_paramsAreValidNative
/***********************************************************************
* Construct PQGParams and PQGVerify structures.
*/
pParams = PQG_NewParams(&P, &Q, &G);
pVfy = PQG_NewVerify(counter, &seed, &H);
pParams = PK11_PQG_NewParams(&P, &Q, &G);
pVfy = PK11_PQG_NewVerify(counter, &seed, &H);
if(pParams==NULL || pVfy==NULL) {
JSS_throw(env, OUT_OF_MEMORY_ERROR);
goto finish;
@ -369,7 +369,7 @@ Java_org_mozilla_jss_crypto_PQGParams_paramsAreValidNative
/***********************************************************************
* Perform the verification.
*/
if( PQG_VerifyParams(pParams, pVfy, &verifyResult) != PR_SUCCESS) {
if( PK11_PQG_VerifyParams(pParams, pVfy, &verifyResult) != PR_SUCCESS) {
JSS_throw(env, OUT_OF_MEMORY_ERROR);
goto finish;
}
@ -383,8 +383,8 @@ finish:
SECITEM_FreeItem(&G, PR_FALSE);
SECITEM_FreeItem(&seed, PR_FALSE);
SECITEM_FreeItem(&H, PR_FALSE);
PQG_DestroyParams(pParams);
PQG_DestroyVerify(pVfy);
PK11_PQG_DestroyParams(pParams);
PK11_PQG_DestroyVerify(pVfy);
return valid;
}

783
security/jss/org/mozilla/jss/manage/PK11Finder.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

2
security/jss/org/mozilla/jss/manifest.mn
Просмотреть файл

@ -35,7 +35,7 @@ CORE_DEPTH = ../../../..
MODULE = jss
DIRS = hclhacks\
DIRS = \
policy \
util \
asn1 \

25
security/jss/org/mozilla/jss/pkcs11/PK11Cert.c
Просмотреть файл

@ -250,6 +250,15 @@ JSS_PK11_getCertPtr(JNIEnv *env, jobject certObject, CERTCertificate **ptr)
CERT_PROXY_SIG, (void**)ptr);
}
/*
* This is a shady way of deciding if the cert is a user cert.
* Hopefully it will work. What we used to do was check for cert->slot.
*/
#define isUserCert(cert) \
( ((cert)->trust->sslFlags & CERTDB_USER) || \
((cert)->trust->emailFlags & CERTDB_USER) || \
((cert)->trust->objectSigningFlags & CERTDB_USER) )
/****************************************************************
*
* J S S _ P K 1 1 _ w r a p C e r t
@ -267,23 +276,19 @@ JSS_PK11_wrapCert(JNIEnv *env, CERTCertificate **cert)
jbyteArray byteArray;
jobject Cert=NULL;
char *className;
PK11SlotInfo *certSlot = NULL;
CK_OBJECT_HANDLE certID;
PK11SlotInfo *slot = NULL;
PR_ASSERT(env!=NULL && cert!=NULL && *cert!=NULL);
byteArray = JSS_ptrToByteArray(env, *cert);
/*
* This call will update the correct slot to cert->slot, which otherwise
* might not be accurate.
*/
certID = PK11_FindObjectForCert(*cert, NULL, &certSlot);
/* Is this a user cert? */
slot = PK11_KeyForCertExists(*cert, NULL /*keyPtr*/, NULL /*wincx*/);
/*
* Lookup the class and constructor
*/
if( (*cert)->slot ) {
if( slot ) {
if( (*cert)->isperm ) {
/* it has a slot and it's in the permanent database */
className = INTERNAL_TOKEN_CERT_CLASS_NAME;
@ -327,8 +332,8 @@ finish:
if(Cert==NULL) {
CERT_DestroyCertificate(*cert);
}
if(certSlot!=NULL) {
PK11_FreeSlot(certSlot);
if( slot != NULL ) {
PK11_FreeSlot(slot);
}
*cert = NULL;
return Cert;

7
security/jss/org/mozilla/jss/pkcs11/PK11KeyGenerator.c
Просмотреть файл

@ -39,6 +39,7 @@
#include <key.h>
#include <certt.h>
#include <secpkcs5.h> /* for hand-generating SHA-1 PBA HMAC key */
#include <pk11pqg.h>
#include "jssutil.h"
#include "pk11util.h"
@ -48,12 +49,6 @@
#include <pk11func.h>
#include <secoid.h>
#define HCLHACK
#ifdef HCLHACK
/* PKCS #11 HACK */
#include <secmodi.h>
#endif
/***********************************************************************
*
* PK11KeyGenerator.generateNormal

4
security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c
Просмотреть файл

@ -256,7 +256,7 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
goto finish;
}
params = PQG_NewParams(&p, &q, &g);
params = PK11_PQG_NewParams(&p, &q, &g);
if(params == NULL) {
JSS_throw(env, OUT_OF_MEMORY_ERROR);
goto finish;
@ -301,6 +301,6 @@ finish:
SECITEM_FreeItem(&p, PR_FALSE);
SECITEM_FreeItem(&q, PR_FALSE);
SECITEM_FreeItem(&g, PR_FALSE);
PQG_DestroyParams(params);
PK11_PQG_DestroyParams(params);
return keyPair;
}

21
security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
Просмотреть файл

@ -47,12 +47,6 @@
#include <pk11util.h>
#include <Algorithm.h>
#define LITTLE_HCLHACK
#ifdef LITTLE_HCLHACK
/* PKCS #11 HACK */
#include <secmodi.h>
#endif
#define MAX_PRIVATE_KEY_LEN MAX_RSA_MODULUS_LEN
/*
@ -62,21 +56,6 @@
*/
#define MAX_WRAPPED_KEY_LEN 4096
#ifdef LITTLE_HCLHACK
static void
pk11_EnterKeyMonitor(PK11SymKey *symKey) {
if (!symKey->sessionOwner || !(symKey->slot->isThreadSafe))
PK11_EnterSlotMonitor(symKey->slot);
}
static void
pk11_ExitKeyMonitor(PK11SymKey *symKey) {
if (!symKey->sessionOwner || !(symKey->slot->isThreadSafe))
PK11_ExitSlotMonitor(symKey->slot);
}
#endif
/***********************************************************************
*
* PK11KeyWrapper.nativeWrapSymWithSym

20
security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c
Просмотреть файл

@ -47,8 +47,6 @@
#include <jssutil.h>
#include "pk11util.h"
#include <hclhacks.h>
#include "java_ids.h"
#include <jss_exceptions.h>
#include <jss_bigint.h>
@ -569,7 +567,6 @@ Java_org_mozilla_jss_pkcs11_PK11PubKey_getEncoded
(JNIEnv *env, jobject this)
{
SECKEYPublicKey *pubk;
CERTSubjectPublicKeyInfo *spki=NULL;
jbyteArray encodedBA=NULL;
SECItem *spkiDER=NULL;
@ -579,19 +576,7 @@ Java_org_mozilla_jss_pkcs11_PK11PubKey_getEncoded
goto finish;
}
/* get the subjectpublickeyinfo */
spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
if( spki == NULL ) {
/* out of memory? */
JSS_trace(env, JSS_TRACE_ERROR, "unable to convert public key to"
" SubjectPublicKeyInfo");
JSS_throw(env, OUT_OF_MEMORY_ERROR);
goto finish;
}
/* DER-encode the subjectpublickeyinfo */
spkiDER = SEC_ASN1EncodeItem(NULL /*arena*/, NULL/*dest*/, spki,
CERT_SubjectPublicKeyInfoTemplate);
spkiDER = PK11_DEREncodePublicKey(pubk);
if( spkiDER == NULL ) {
JSS_trace(env, JSS_TRACE_ERROR, "unable to DER-encode"
" SubjectPublicKeyInfo");
@ -603,9 +588,6 @@ Java_org_mozilla_jss_pkcs11_PK11PubKey_getEncoded
encodedBA = JSS_SECItemToByteArray(env, spkiDER);
finish:
if(spki!=NULL) {
SECKEY_DestroySubjectPublicKeyInfo(spki);
}
if(spkiDER!=NULL) {
SECITEM_FreeItem(spkiDER, PR_TRUE /*freeit*/);
}

20
security/jss/org/mozilla/jss/pkcs11/PK11Signature.c
Просмотреть файл

@ -48,9 +48,6 @@
#include <jss_exceptions.h>
#include "pk11util.h"
/*** temporary? ***/
#include <hclhacks.h>
static PRStatus
getPrivateKey(JNIEnv *env, jobject sig, SECKEYPrivateKey**key);
@ -120,7 +117,7 @@ JNIEXPORT void JNICALL
Java_org_mozilla_jss_pkcs11_PK11Signature_initVfyContext
(JNIEnv *env, jobject this)
{
VFYContext2 *ctxt=NULL;
VFYContext *ctxt=NULL;
jobject contextProxy=NULL;
SECKEYPublicKey *pubk;
@ -129,13 +126,14 @@ Java_org_mozilla_jss_pkcs11_PK11Signature_initVfyContext
goto finish;
}
ctxt = VFY_CreateContext2(pubk, getAlgorithm(env, this));
ctxt = VFY_CreateContext(pubk, NULL /*sig*/, getAlgorithm(env, this),
NULL /*wincx*/);
if( ctxt == NULL) {
JSS_throwMsg(env, TOKEN_EXCEPTION,
"Unable to create verification context");
goto finish;
}
if( VFY_Begin2(ctxt) != SECSuccess) {
if( VFY_Begin(ctxt) != SECSuccess) {
JSS_throwMsg(env, TOKEN_EXCEPTION,
"Unable to begin verification context");
goto finish;
@ -155,7 +153,7 @@ finish:
if(contextProxy==NULL && ctxt!=NULL) {
/* we created a context but not the Java wrapper, so we need to
* delete the context here */
VFY_DestroyContext2(ctxt, PR_TRUE /*freeit*/);
VFY_DestroyContext(ctxt, PR_TRUE /*freeit*/);
}
}
@ -201,7 +199,7 @@ Java_org_mozilla_jss_pkcs11_PK11Signature_engineUpdateNative
}
} else {
PR_ASSERT( type == VFY_CONTEXT );
if( VFY_Update2( (VFYContext2*)ctxt,
if( VFY_Update( (VFYContext*)ctxt,
(unsigned char*)bytes,
(unsigned) numBytes ) != SECSuccess)
{
@ -280,7 +278,7 @@ Java_org_mozilla_jss_pkcs11_PK11Signature_engineVerifyNative
(JNIEnv *env, jobject this, jbyteArray sigArray)
{
jboolean verified = JNI_FALSE;
VFYContext2 *ctxt;
VFYContext *ctxt;
SigContextType type;
SECItem sigItem = {siBuffer, NULL, 0};
@ -316,7 +314,7 @@ Java_org_mozilla_jss_pkcs11_PK11Signature_engineVerifyNative
/*
* Finish the verification operation
*/
if( VFY_End2(ctxt, &sigItem, NULL) == SECSuccess) {
if( VFY_EndWithSignature(ctxt, &sigItem) == SECSuccess) {
verified = JNI_TRUE;
} else if( PR_GetError() != SEC_ERROR_BAD_SIGNATURE) {
PR_ASSERT(PR_FALSE);
@ -668,7 +666,7 @@ Java_org_mozilla_jss_pkcs11_SigContextProxy_releaseNativeResources
SGN_DestroyContext( (SGNContext*)proxy->ctxt, PR_TRUE /*freeit*/);
} else {
PR_ASSERT(proxy->type == VFY_CONTEXT);
VFY_DestroyContext2( (VFYContext2*)proxy->ctxt, PR_TRUE /*freeit*/);
VFY_DestroyContext( (VFYContext*)proxy->ctxt, PR_TRUE /*freeit*/);
}
PR_Free(proxy);

539
security/jss/org/mozilla/jss/pkcs11/PK11Store.c
Просмотреть файл

@ -447,9 +447,8 @@ JNIEXPORT void JNICALL
Java_org_mozilla_jss_pkcs11_PK11Store_deleteCert
(JNIEnv *env, jobject this, jobject certObject)
{
PK11SlotInfo *slot, *certSlot=NULL;
CK_OBJECT_HANDLE certID;
CERTCertificate *cert;
SECStatus status;
PR_ASSERT(env!=NULL && this!=NULL);
if(certObject == NULL) {
@ -457,69 +456,14 @@ Java_org_mozilla_jss_pkcs11_PK11Store_deleteCert
goto finish;
}
/**************************************************
* Get the C structures
**************************************************/
if( JSS_PK11_getStoreSlotPtr(env, this, &slot) != PR_SUCCESS) {
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
goto finish;
}
if( JSS_PK11_getCertPtr(env, certObject, &cert) != PR_SUCCESS) {
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
goto finish;
}
certID = PK11_FindObjectForCert(cert, NULL, &certSlot);
/***************************************************
* Validate structures
***************************************************/
if( slot != certSlot) {
if( certSlot == NULL ) {
/* try deleting from internal cert database */
if( SEC_DeletePermCertificate(cert) != SECSuccess) {
JSS_throwMsg(env, TOKEN_EXCEPTION,
"Unable to delete certificate from internal database");
}
} else {
JSS_throw(env, NO_SUCH_ITEM_ON_TOKEN_EXCEPTION);
}
goto finish; /* in any case we're done */
}
/***************************************************
* Perform the destruction
***************************************************/
if( PK11_Authenticate(certSlot, PR_TRUE /*loadCerts*/, NULL /*wincx*/)
!= SECSuccess)
{
JSS_throwMsg(env, TOKEN_EXCEPTION, "Unable to login to token");
goto finish;
}
if( PK11_DestroyTokenObject(certSlot, certID) != SECSuccess)
{
JSS_throwMsg(env, TOKEN_EXCEPTION, "Unable to actually destroy object");
goto finish;
}
if ((cert->istemp != PR_TRUE) && (cert->istemp != PR_FALSE)) {
/* the cloning feature somehow doesn't have istemp initialized */
cert->istemp = PR_FALSE;
}
/* This call returns SECSuccess if cert istemp is PR_FALSE */
if (cert->istemp == PR_TRUE) {
if( CERT_DeleteTempCertificate(cert) != SECSuccess ) {
JSS_throwMsg(env, TOKEN_EXCEPTION, "Unable to delete temporary cert");
goto finish;
}
}
status = PK11_DeleteTokenCertAndKey(cert, NULL);
finish:
if(certSlot != NULL) {
PK11_FreeSlot(certSlot);
}
return;
}
@ -633,439 +577,8 @@ finish:
return ret;
}
typedef enum {
SUCCESS=0,
TOKEN_FAILURE,
DECODE_FAILURE,
LOGIN_FAILURE,
OUT_OF_MEM,
KEYID_FAILURE,
KEY_EXISTS
} ImportResult;
SECKEYLowPrivateKey *
seckey_decrypt_private_key(SECKEYEncryptedPrivateKeyInfo *epki,
SECItem *pwitem);
SECKEYEncryptedPrivateKeyInfo *
seckey_encrypt_private_key(
SECKEYLowPrivateKey *pk, SECItem *pwitem, SECKEYKeyDBHandle *keydb,
SECOidTag algorithm);
int PK11_NumberObjectsFor(PK11SlotInfo*, CK_ATTRIBUTE*, int);
/***********************************************************************
* decoding part copied from keydb.c seckey_decode_encrypted_private_key
*/
static ImportResult
decodeAndImportEncryptedKey(SECKEYDBKey *dbkey, SECItem *pwitem,
PK11SlotInfo *slot, KeyType keyType, PRBool temporary)
{
SECKEYLowPrivateKey *pk = NULL;
SECKEYEncryptedPrivateKeyInfo *epki=NULL;
SECKEYEncryptedPrivateKeyInfo *newepki=NULL;
PRArenaPool *temparena = NULL;
SECStatus rv = SECFailure;
SECOidTag algorithm;
SECItem *publicValue = NULL;
SECItem nickname;
ImportResult result=DECODE_FAILURE;
PR_ASSERT(dbkey!=NULL && pwitem!=NULL);
temparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if(temparena == NULL) {
return OUT_OF_MEM;
}
epki = (SECKEYEncryptedPrivateKeyInfo *)
PORT_ArenaZAlloc(temparena, sizeof(SECKEYEncryptedPrivateKeyInfo));
if(epki == NULL) {
goto loser;
}
rv = SEC_ASN1DecodeItem(temparena, epki,
SECKEY_EncryptedPrivateKeyInfoTemplate,
&(dbkey->derPK));
if(rv != SECSuccess) {
goto loser;
}
algorithm = SECOID_GetAlgorithmTag(&(epki->algorithm));
switch(algorithm)
{
case SEC_OID_RC4:
rv = SECITEM_CopyItem(temparena, &(epki->algorithm.parameters),
&(dbkey->salt));
break;
default:
break;
}
pk = seckey_decrypt_private_key(epki, pwitem);
if(pk == NULL) {
result = DECODE_FAILURE;
goto loser;
}
if(pk->keyType == dsaKey) {
publicValue = &pk->u.dsa.publicValue;
} else {
PR_ASSERT( pk->keyType == rsaKey );
publicValue = &pk->u.rsa.modulus;
}
newepki = seckey_encrypt_private_key(pk, pwitem, NULL /*keydb*/,
SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4);
if(newepki == NULL) {
result = DECODE_FAILURE;
goto loser;
}
/***************************************************
* Login to the token if necessary
***************************************************/
if( PK11_Authenticate(slot, PR_TRUE /*loadcerts*/, NULL /*wincx*/)
!= SECSuccess)
{
result = LOGIN_FAILURE;
goto loser;
}
nickname.len = 0;
nickname.data = NULL;
rv = PK11_ImportEncryptedPrivateKeyInfo(slot, newepki, pwitem, &nickname,
publicValue, !temporary, PR_TRUE /*private*/, keyType,
0 /*default key usage*/, NULL /*wincx*/);
if(rv == SECSuccess) {
result = SUCCESS;
} else {
result = TOKEN_FAILURE;
}
loser:
if(pk) {
SECKEY_LowDestroyPrivateKey(pk);
}
if(newepki) {
SECKEY_DestroyEncryptedPrivateKeyInfo(newepki, PR_TRUE /* freeit */);
}
PORT_FreeArena(temparena, PR_TRUE);
return result;
}
/***********************************************************************
* decoding part copied from keydb.c seckey_decode_encrypted_private_key
*/
static ImportResult
decodeAndImportKey(SECItem *dervalue,
PK11SlotInfo *slot, KeyType keyType, PRBool temporary)
{
SECKEYLowPrivateKey *pk = NULL;
SECKEYPrivateKeyInfo *pki = NULL;
PRArenaPool *temparena = NULL;
PRArenaPool *pkarena = NULL;
SECStatus rv = SECFailure;
SECOidTag algorithm;
SECItem *publicValue = NULL;
SECItem *keyid = NULL;
SECKEYPrivateKey *existingpk = NULL;
SECItem nickname;
ImportResult result=DECODE_FAILURE;
PR_ASSERT(dervalue!=NULL);
temparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
pkarena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if(temparena == NULL) {
return OUT_OF_MEM;
}
if(pkarena == NULL) {
return OUT_OF_MEM;
}
pki = PR_NEWZAP(SECKEYPrivateKeyInfo);
if(pki == NULL) {
result = DECODE_FAILURE;
goto loser;
}
pk = PR_NEWZAP(SECKEYLowPrivateKey);
if(pk == NULL) {
result = DECODE_FAILURE;
goto loser;
}
rv = SEC_ASN1DecodeItem(temparena, pki,
SECKEY_PrivateKeyInfoTemplate,
dervalue);
if(rv != SECSuccess) {
goto loser;
}
/* decode the PublicKey from inside the PublicKeyInfo structure */
/* the format of this encoding is defined by the algorithm
in the publickeyinfo, so we have to use different ASN
templates depending on which key is which */
switch(SECOID_GetAlgorithmTag(&pki->algorithm)) {
case SEC_OID_X500_RSA_ENCRYPTION:
case SEC_OID_PKCS1_RSA_ENCRYPTION:
pk->keyType = rsaKey;
rv = SEC_ASN1DecodeItem(pkarena, pk,
SECKEY_RSAPrivateKeyTemplate,
&pki->privateKey);
break;
case SEC_OID_ANSIX9_DSA_SIGNATURE:
pk->keyType = dsaKey;
rv = SEC_ASN1DecodeItem(pkarena, pk,
SECKEY_DSAPrivateKeyTemplate,
&pki->privateKey);
if (rv != SECSuccess)
goto loser;
rv = SEC_ASN1DecodeItem(pkarena, &pk->u.dsa.params,
SECKEY_PQGParamsTemplate,
&pki->algorithm.parameters);
break;
default:
rv = SECFailure;
break;
}
/* pull out public key */
if(pk->keyType == dsaKey) {
publicValue = &pk->u.dsa.publicValue;
} else {
PR_ASSERT( pk->keyType == rsaKey );
publicValue = &pk->u.rsa.modulus;
}
/***************************************************
* Login to the token if necessary
***************************************************/
if( PK11_Authenticate(slot, PR_TRUE /*loadcerts*/, NULL /*wincx*/)
!= SECSuccess)
{
result = LOGIN_FAILURE;
goto loser;
}
/***************************************************
* Throw a 'key exists' exception if the key is
* already in the token
***************************************************/
/* first make the key id - a 'nickname' for the key
derived from the public key
*/
keyid = PK11_MakeIDFromPubKey(publicValue);
if (keyid == NULL) {
result = KEYID_FAILURE;
goto loser;
}
existingpk = PK11_FindKeyByKeyID(slot,keyid,NULL);
if (existingpk != NULL) {
result = KEY_EXISTS;
goto loser;
}
nickname.len = 0;
nickname.data = NULL;
rv = PK11_ImportPrivateKeyInfo(slot, pki, &nickname,
publicValue, PR_TRUE /*PERM*/, PR_TRUE /*PRIVATE*/,
0 /*keyusage*/, NULL /*wincx*/ );
if(rv == SECSuccess) {
result = SUCCESS;
} else {
result = TOKEN_FAILURE;
/* if the public key import failed, we are responsible
freeing this memory - otherwise it's the
responsiblity of the owner of the key */
PORT_FreeArena(pkarena, PR_TRUE);
}
loser:
if(existingpk) {
SECKEY_DestroyPrivateKey(existingpk);
}
if(keyid) {
SECITEM_FreeItem(keyid,PR_TRUE);
}
if(pk) {
SECKEY_LowDestroyPrivateKey(pk);
}
if(pki) {
SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /* freeit */);
}
PORT_FreeArena(temparena, PR_TRUE);
return result;
}
/***********************************************************************
* importEncryptedPrivateKey
*/
static void
importEncryptedPrivateKey
( JNIEnv *env,
jobject this,
jbyteArray encodedKeyArray,
jobject passwordObject,
jbyteArray saltArray,
jbyteArray globalSaltArray,
jobject keyTypeObj,
PRBool temporary )
{
SECKEYDBKey dbkey;
SECItem *pwitem=NULL;
ImportResult result;
PK11SlotInfo *slot;
jthrowable excep;
KeyType keyType;
keyType = JSS_PK11_getKeyType(env, keyTypeObj);
if( keyType == nullKey ) {
/* exception was thrown */
goto finish;
}
/*
* initialize so we can goto finish
*/
dbkey.arena = NULL;
dbkey.version = 0;
dbkey.nickname = NULL;
dbkey.salt.data = NULL;
dbkey.salt.len = 0;
dbkey.derPK.data = NULL;
dbkey.derPK.len = 0;
PR_ASSERT(env!=NULL && this!=NULL);
if(encodedKeyArray == NULL || passwordObject==NULL || saltArray==NULL) {
JSS_throw(env, NULL_POINTER_EXCEPTION);
goto finish;
}
/*
* Extract the encoded key into the DBKEY
*/
dbkey.derPK.len = (*env)->GetArrayLength(env, encodedKeyArray);
if(dbkey.derPK.len <= 0) {
JSS_throwMsg(env, INVALID_KEY_FORMAT_EXCEPTION, "Key array is empty");
goto finish;
}
dbkey.derPK.data = (unsigned char*)
(*env)->GetByteArrayElements(env, encodedKeyArray, NULL);
if(dbkey.derPK.data == NULL) {
ASSERT_OUTOFMEM(env);
goto finish;
}
/*
* Extract the salt into the DBKEY
*/
dbkey.salt.len = (*env)->GetArrayLength(env, saltArray);
if(dbkey.salt.len <= 0) {
JSS_throwMsg(env, INVALID_KEY_FORMAT_EXCEPTION, "Salt array is empty");
goto finish;
}
dbkey.salt.data = (unsigned char*)
(*env)->GetByteArrayElements(env, saltArray, NULL);
if(dbkey.salt.data == NULL) {
ASSERT_OUTOFMEM(env);
goto finish;
}
/*
* Extract the password into a SECItem, which has the side effect
* of clearing the password.
*/
pwitem = passwordToSecitem(env, passwordObject, globalSaltArray);
if(pwitem == NULL) {
PR_ASSERT( (*env)->ExceptionOccurred(env) );
goto finish;
}
/*
* Get the PKCS #11 slot
*/
if( JSS_PK11_getStoreSlotPtr(env, this, &slot) != PR_SUCCESS) {
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
goto finish;
}
/*
* Now decode and import
*/
result = decodeAndImportEncryptedKey(&dbkey, pwitem, slot, keyType, temporary);
if( result == TOKEN_FAILURE ) {
JSS_throwMsg(env, TOKEN_EXCEPTION, "Failed to import key to token");
} else if( result == DECODE_FAILURE ) {
JSS_throwMsg(env, INVALID_KEY_FORMAT_EXCEPTION,
"Failed to decode key");
} else if( result == LOGIN_FAILURE ) {
JSS_throwMsg(env, TOKEN_EXCEPTION, "Failed to login to token");
} else {
PR_ASSERT( result == SUCCESS );
}
finish:
/* Save any exceptions */
if( (excep=(*env)->ExceptionOccurred(env)) ) {
(*env)->ExceptionClear(env);
}
if(dbkey.derPK.data != NULL) {
(*env)->ReleaseByteArrayElements( env,
encodedKeyArray,
(jbyte*) dbkey.derPK.data,
JNI_ABORT );
}
if(dbkey.salt.data != NULL) {
(*env)->ReleaseByteArrayElements( env,
saltArray,
(jbyte*) dbkey.salt.data,
JNI_ABORT );
}
if(pwitem) {
SECITEM_ZfreeItem(pwitem, PR_TRUE);
}
/* now re-throw the exception */
if( excep ) {
(*env)->Throw(env, excep);
}
}
/***********************************************************************
* PK11Store.importEncryptedPrivateKey
*/
JNIEXPORT void JNICALL
Java_org_mozilla_jss_pkcs11_PK11Store_importEncryptedPrivateKey
( JNIEnv *env,
jobject this,
jbyteArray encodedKeyArray,
jobject passwordObject,
jbyteArray saltArray,
jbyteArray globalSaltArray,
jobject keyTypeObj )
{
importEncryptedPrivateKey(env, this, encodedKeyArray, passwordObject,
saltArray, globalSaltArray, keyTypeObj, PR_FALSE /* not temporary */);
}
/***********************************************************************
* importPrivateKey
*/
@ -1078,11 +591,11 @@ importPrivateKey
PRBool temporary )
{
SECItem derPK;
ImportResult result;
PK11SlotInfo *slot;
jthrowable excep;
KeyType keyType;
SECStatus status;
SECItem nickname;
keyType = JSS_PK11_getKeyType(env, keyTypeObj);
if( keyType == nullKey ) {
@ -1093,7 +606,6 @@ importPrivateKey
/*
* initialize so we can goto finish
*/
/* dbkey.arena = NULL; */
derPK.data = NULL;
derPK.len = 0;
@ -1128,23 +640,15 @@ importPrivateKey
goto finish;
}
/*
* Now decode and import
*/
result = decodeAndImportKey(&derPK, slot, keyType, temporary);
if( result == TOKEN_FAILURE ) {
JSS_throwMsg(env, TOKEN_EXCEPTION, "Failed to import key to token");
} else if( result == DECODE_FAILURE ) {
JSS_throwMsg(env, INVALID_KEY_FORMAT_EXCEPTION,
"Failed to decode key");
} else if( result == KEY_EXISTS) {
JSS_throwMsg(env, KEY_EXISTS_EXCEPTION, "Key already in token");
} else if( result == KEYID_FAILURE ) {
JSS_throwMsg(env, TOKEN_EXCEPTION, "Error creating Key ID");
} else if( result == LOGIN_FAILURE ) {
JSS_throwMsg(env, TOKEN_EXCEPTION, "Failed to login to token");
} else {
PR_ASSERT( result == SUCCESS );
nickname.len = 0;
nickname.data = NULL;
status = PK11_ImportDERPrivateKeyInfo(slot, &derPK, &nickname,
NULL /*public value*/, PR_TRUE /*isPerm*/,
PR_TRUE /*isPrivate*/, 0 /*keyUsage*/, NULL /*wincx*/);
if(status != SECSuccess) {
JSS_throwMsg(env, TOKEN_EXCEPTION, "Failed to import private key info");
goto finish;
}
finish:
@ -1178,20 +682,3 @@ Java_org_mozilla_jss_pkcs11_PK11Store_importPrivateKey
importPrivateKey(env, this, keyArray,
keyTypeObj, PR_FALSE /* not temporary */);
}
/***********************************************************************
* PK11Store.importTemporaryEncryptedPrivateKey
*/
JNIEXPORT void JNICALL
Java_org_mozilla_jss_pkcs11_PK11Store_importTemporaryEncryptedPrivateKey
( JNIEnv *env,
jobject this,
jbyteArray encodedKeyArray,
jobject passwordObject,
jbyteArray saltArray,
jbyteArray globalSaltArray,
jobject keyTypeObj )
{
importEncryptedPrivateKey(env, this, encodedKeyArray, passwordObject,
saltArray, globalSaltArray, keyTypeObj, PR_FALSE /* temporary */);
}

33
security/jss/org/mozilla/jss/pkcs11/PK11Store.java
Просмотреть файл

@ -43,14 +43,6 @@ public final class PK11Store implements CryptoStore {
////////////////////////////////////////////////////////////
// Private Keys
////////////////////////////////////////////////////////////
public native void
importEncryptedPrivateKey( byte[] encodedKey,
Password password,
byte[] salt,
byte[] globalSalt,
PrivateKey.Type type )
throws InvalidKeyFormatException, TokenException;
/**
* Imports a raw private key into this token.
*
@ -63,31 +55,6 @@ public final class PK11Store implements CryptoStore {
PrivateKey.Type type )
throws TokenException,KeyAlreadyImportedException;
/**
* @deprecated
*/
public void
importEncryptedPrivateKey( byte[] encodedKey,
Password password,
byte[] salt,
byte[] globalSalt )
throws InvalidKeyFormatException, TokenException {
importEncryptedPrivateKey( encodedKey, password, salt, globalSalt,
PrivateKey.RSA );
}
public native void
importTemporaryEncryptedPrivateKey( byte[] encodedKey,
Password password,
byte[] salt,
byte[] globalSalt,
PrivateKey.Type type )
throws InvalidKeyFormatException, TokenException;
public synchronized PrivateKey[]
getPrivateKeys() throws TokenException {
Vector keys = new Vector();

4
security/jss/org/mozilla/jss/pkcs11/PK11Token.c
Просмотреть файл

@ -992,7 +992,7 @@ JNIEXPORT jstring JNICALL Java_org_mozilla_jss_pkcs11_PK11Token_generatePK10
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
goto finish;
}
dsaParams = PQG_NewParams(&p, &q, &g);
dsaParams = PK11_PQG_NewParams(&p, &q, &g);
if(dsaParams == NULL) {
JSS_throw(env, OUT_OF_MEMORY_ERROR);
goto finish;
@ -1037,7 +1037,7 @@ finish:
SECITEM_FreeItem(&p, PR_FALSE);
SECITEM_FreeItem(&q, PR_FALSE);
SECITEM_FreeItem(&g, PR_FALSE);
PQG_DestroyParams(dsaParams);
PK11_PQG_DestroyParams(dsaParams);
}
if (b64request == NULL) {

2
security/jss/org/mozilla/jss/ssl/SSLServerSocket.c
Просмотреть файл

@ -117,7 +117,7 @@ Java_org_mozilla_jss_ssl_SSLServerSocket_socketAccept
/* setup the handshake callback */
status = SSL_HandshakeCallback(newSD->fd, JSSL_HandshakeCallback,
newSD);
if( status != PR_SUCCESS ) {
if( status != SECSuccess ) {
JSS_throwMsg(env, SOCKET_EXCEPTION,
"Unable to install handshake callback");
}