diff -up jss/org/mozilla/jss/asn1/ASN1Header.java.34 jss/org/mozilla/jss/asn1/ASN1Header.java
--- jss/org/mozilla/jss/asn1/ASN1Header.java.34 2015-03-16 01:55:53.000000000 -0700
+++ jss/org/mozilla/jss/asn1/ASN1Header.java 2016-08-16 14:28:31.399609568 -0700
@@ -227,7 +227,7 @@ public class ASN1Header {
/**
* This constructor is to be called when we are constructing an ASN1Value
* rather than decoding it.
- * @param contentLength Must be >=0. Although indefinite length
+ * @param contentLength Must be ≥0. Although indefinite length
* <i>decoding</i> is supported, indefinite length <i>encoding</i>
* is not.
*/
diff -up jss/org/mozilla/jss/crypto/Cipher.java.34 jss/org/mozilla/jss/crypto/Cipher.java
--- jss/org/mozilla/jss/crypto/Cipher.java.34 2016-08-16 14:28:31.384609824 -0700
+++ jss/org/mozilla/jss/crypto/Cipher.java 2016-08-16 14:28:31.400609551 -0700
@@ -43,7 +43,7 @@ public abstract class Cipher {
throws InvalidKeyException, InvalidAlgorithmParameterException,
TokenException;
- /**
+ /**
* Initializes a decryption context with a symmetric key and
* algorithm parameters.
*/
diff -up jss/org/mozilla/jss/crypto/CryptoToken.java.34 jss/org/mozilla/jss/crypto/CryptoToken.java
--- jss/org/mozilla/jss/crypto/CryptoToken.java.34 2016-08-16 14:28:31.384609824 -0700
+++ jss/org/mozilla/jss/crypto/CryptoToken.java 2016-08-16 14:28:31.400609551 -0700
@@ -139,7 +139,7 @@ public interface CryptoToken {
/**
* Determines whether this token supports the given algorithm.
*
- * @param alg A JSS algorithm. Note that for Signature, a token may
+ * @param alg A JSS algorithm. Note that for Signature, a token may
* fail to support a specific SignatureAlgorithm (such as
* RSASignatureWithMD5Digest) even though it does support the
* generic algorithm (RSASignature). In this case, the signature
@@ -228,9 +228,9 @@ public interface CryptoToken {
* @see #logout
*/
public boolean isLoggedIn() throws TokenException;
-
+
/**
- * returns true if this token needs to be logged into before
+ * returns true if this token needs to be logged into before
* it can be used.
*
* @see #login
diff -up jss/org/mozilla/jss/CryptoManager.java.34 jss/org/mozilla/jss/CryptoManager.java
--- jss/org/mozilla/jss/CryptoManager.java.34 2016-08-16 14:28:31.397609602 -0700
+++ jss/org/mozilla/jss/CryptoManager.java 2016-08-16 14:28:31.408609414 -0700
@@ -343,7 +343,7 @@ public final class CryptoManager impleme
////////////////////////////////////////////////////////////////////
/**
* Returns the description of the internal PKCS #11 FIPS slot.
- * <p>The default is
+ * <p>The default is
* <code>"NSS FIPS 140-2 User Private Key Services"</code>.
*/
public String getFIPSSlotDescription() {
@@ -374,7 +374,7 @@ public final class CryptoManager impleme
/**
* Returns the description of the internal PKCS #11 FIPS
* Key Storage slot.
- * <p>The default is
+ * <p>The default is
* <code>"NSS FIPS 140-2 User Private Key Services"</code>.
*/
public String getFIPSKeyStorageSlotDescription() {
@@ -464,26 +464,26 @@ public final class CryptoManager impleme
public boolean initializeJavaOnly = false;
/**
- * Enable PKIX verify rather than the old cert library,
+ * Enable PKIX verify rather than the old cert library,
* to verify certificates. Default is false.
*/
public boolean PKIXVerify = false;
/**
- * Don't open the cert DB and key DB's, just
+ * Don't open the cert DB and key DB's, just
* initialize the volatile certdb. Default is false.
*/
public boolean noCertDB = false;
/**
- * Don't open the security module DB,
+ * Don't open the security module DB,
* just initialize the PKCS #11 module.
* Default is false.
*/
- public boolean noModDB = false;
+ public boolean noModDB = false;
- /**
- * Continue to force initializations even if the
+ /**
+ * Continue to force initializations even if the
* databases cannot be opened.
* Default is false.
*/
@@ -496,7 +496,7 @@ public final class CryptoManager impleme
*/
public boolean noRootInit = false;
- /**
+ /**
* Use smaller tables and caches.
* Default is false.
*/
@@ -520,11 +520,11 @@ public final class CryptoManager impleme
* error when loading PKCS#11 modules. This is necessary
* if another piece of code is using the same PKCS#11
* modules that NSS is accessing without going through
- * NSS, for example Java SunPKCS11 provider.
+ * NSS, for example Java SunPKCS11 provider.
* default is false.
*/
public boolean PK11Reload = false;
-
+
/**
* never call C_Finalize on any
* PKCS#11 module. This may be necessary in order to
@@ -539,7 +539,7 @@ public final class CryptoManager impleme
* Default is false.
*/
public boolean noPK11Finalize = false;
-
+
/**
* Sets 4 recommended options for applications that
* use both NSS and the Java SunPKCS11 provider.
@@ -584,7 +584,7 @@ public final class CryptoManager impleme
* loaded cryptographic modules for the token.
*
* @param name The name of the token.
- * @exception org.mozilla.jss.crypto.NoSuchTokenException If no token
+ * @exception org.mozilla.jss.NoSuchTokenException If no token
* is found with the given name.
*/
public synchronized CryptoToken getTokenByName(String name)
@@ -839,9 +839,9 @@ public final class CryptoManager impleme
* <code>initialize()</code>.
*
* @param configDir The directory containing the security databases.
- * @exception org.mozilla.jss.util.KeyDatabaseException Unable to open
+ * @exception org.mozilla.jss.KeyDatabaseException Unable to open
* the key database, or it was currupted.
- * @exception org.mozilla.jss.util.CertDatabaseException Unable
+ * @exception org.mozilla.jss.CertDatabaseException Unable
* to open the certificate database, or it was currupted.
**/
public static synchronized void initialize( String configDir )
@@ -862,10 +862,10 @@ public final class CryptoManager impleme
* <code>initialize()</code>.
*
* @param values The options with which to initialize CryptoManager.
- * @exception org.mozilla.jss.util.KeyDatabaseException Unable to open
+ * @exception org.mozilla.jss.KeyDatabaseException Unable to open
* the key database, or it was corrupted.
- * @exception org.mozilla.jss.util.CertDatabaseException Unable
- * to open the certificate database, or it was corrupted.
+ * @exception org.mozilla.jss.CertDatabaseException Unable
+ * to open the certificate database, or it was currupted.
**/
public static synchronized void initialize( InitializationValues values )
throws
@@ -903,7 +903,7 @@ public final class CryptoManager impleme
values.initializeJavaOnly,
values.PKIXVerify,
values.noCertDB,
- values.noModDB,
+ values.noModDB,
values.forceOpen,
values.noRootInit,
values.optimizeSpace,
@@ -968,7 +968,7 @@ public final class CryptoManager impleme
boolean initializeJavaOnly,
boolean PKIXVerify,
boolean noCertDB,
- boolean noModDB,
+ boolean noModDB,
boolean forceOpen,
boolean noRootInit,
boolean optimizeSpace,
@@ -1024,7 +1024,7 @@ public final class CryptoManager impleme
* @return The leaf certificate from the chain.
* @exception CertificateEncodingException If the package encoding
* was not recognized.
- * @exception CertificateNicknameConflictException If the leaf certificate
+ * @exception NicknameConflictException If the leaf certificate
* is a user certificate, and another certificate already has the
* given nickname.
* @exception UserCertConflictException If the leaf certificate
@@ -1062,7 +1062,7 @@ public final class CryptoManager impleme
* @return The leaf certificate from the chain.
* @exception CertificateEncodingException If the package encoding
* was not recognized.
- * @exception CertificateNicknameConflictException If the leaf certificate
+ * @exception NicknameConflictException If the leaf certificate
* another certificate already has the given nickname.
* @exception UserCertConflictException If the leaf certificate
* has already been imported.
diff -up jss/org/mozilla/jss/pkcs11/PK11Token.java.34 jss/org/mozilla/jss/pkcs11/PK11Token.java
--- jss/org/mozilla/jss/pkcs11/PK11Token.java.34 2016-08-16 14:28:31.367610113 -0700
+++ jss/org/mozilla/jss/pkcs11/PK11Token.java 2016-08-16 14:28:31.409609397 -0700
@@ -16,7 +16,7 @@ import java.security.InvalidParameterExc
* CryptoManager class.
*
* @author nicolson
- * @version $Revision$ $Date$
+ * @version $Revision$ $Date$
* @see org.mozilla.jss.CryptoManager
*/
public final class PK11Token implements CryptoToken {
@@ -39,7 +39,7 @@ public final class PK11Token implements
// public routines
////////////////////////////////////////////////////
public org.mozilla.jss.crypto.Signature
- getSignatureContext(SignatureAlgorithm algorithm)
+ getSignatureContext(SignatureAlgorithm algorithm)
throws NoSuchAlgorithmException, TokenException
{
Assert._assert(algorithm!=null);
@@ -130,7 +130,7 @@ public final class PK11Token implements
}
public native boolean isLoggedIn() throws TokenException;
-
+
public native boolean needsLogin() throws TokenException;
@@ -138,7 +138,7 @@ public final class PK11Token implements
* Log into the token. If you are already logged in, this method has
* no effect, even if the PIN is wrong.
*
- * @param callback A callback to use to obtain the password, or a
+ * @param callback A callback to use to obtain the password, or a
* Password object.
* @exception NotInitializedException The token has not yet been
* initialized.
@@ -174,7 +174,7 @@ public final class PK11Token implements
public native boolean isPresent();
/**
- * Log out of the token.
+ * Log out of the token.
*
* @exception TokenException If you are already logged in, or an
* unspecified error occurs.
@@ -204,8 +204,10 @@ public final class PK11Token implements
*
* @param ssopwcb The security officer's current password callback.
* @param userpwcb The user's new password callback.
- * @exception IncorrectPinException If the security officer PIN is
+ * @exception IncorrectPasswordException If the security officer PIN is
* incorrect.
+ * @exception AlreadyInitializedException If the password hasn't already
+ * been set.
* @exception TokenException If the PIN was already initialized,
* or there was an unspecified error in the token.
*/
@@ -253,7 +255,7 @@ public final class PK11Token implements
userpw = userpwcb.getPasswordFirstAttempt(pwcb);
userpwArray = Tunnel.getPasswordByteCopy(userpw);
initPassword(ssopwArray, userpwArray);
-
+
} catch (PasswordCallback.GiveUpException e) {
throw new IncorrectPasswordException(e.toString());
} finally {
@@ -337,7 +339,7 @@ public final class PK11Token implements
newPIN = newPINcb.getPasswordFirstAttempt(pwcb);
newPW = Tunnel.getPasswordByteCopy(newPIN);
changePassword(oldPW, newPW);
-
+
} catch (PasswordCallback.GiveUpException e) {
throw new IncorrectPasswordException(e.toString());
} finally {
@@ -398,7 +400,7 @@ public final class PK11Token implements
/**
* Deep-comparison operator.
- *
+ *
* @return true if these tokens point to the same underlying native token.
* false otherwise, or if <code>compare</code> is null.
*/
@@ -455,7 +457,7 @@ public final class PK11Token implements
G = g;
String pk10String;
try {
- pk10String =
+ pk10String =
generatePK10(subject, keysize, keyType, p,
q, g);
} catch (TokenException e) {
@@ -463,7 +465,7 @@ public final class PK11Token implements
} catch (InvalidParameterException e) {
throw e;
}
-
+
return ("-----BEGIN NEW CERTIFICATE REQUEST-----\n"+
pk10String +
"\n-----END NEW CERTIFICATE REQUEST-----");
@@ -474,7 +476,7 @@ public final class PK11Token implements
}
String pk10String;
try {
- pk10String =
+ pk10String =
generatePK10(subject, keysize, keyType, P,
Q, G);
} catch (TokenException e) {
@@ -507,7 +509,7 @@ public final class PK11Token implements
/**
* Creates a new PK11Token. Should only be called from PK11Token's
- * native code.
+ * native code.
* @param pointer A byte array containing a pointer to a PKCS #11 slot.
*/
protected PK11Token(byte[] pointer, boolean internal, boolean keyStorage) {
diff -up jss/org/mozilla/jss/pkcs12/CertBag.java.34 jss/org/mozilla/jss/pkcs12/CertBag.java
--- jss/org/mozilla/jss/pkcs12/CertBag.java.34 2015-03-16 01:55:53.000000000 -0700
+++ jss/org/mozilla/jss/pkcs12/CertBag.java 2016-08-16 14:28:31.409609397 -0700
@@ -59,6 +59,7 @@ public class CertBag implements ASN1Valu
* <li>If the type is <code>SDSI_CERT_TYPE</code>, returns
* an IA5String.
* <li>For all other types, returns an ANY.
+ * </ul>
*
* @exception InvalidBERException If the cert is not encoded correctly.
*/
diff -up jss/org/mozilla/jss/pkcs12/SafeBag.java.34 jss/org/mozilla/jss/pkcs12/SafeBag.java
--- jss/org/mozilla/jss/pkcs12/SafeBag.java.34 2016-08-16 14:28:31.319610932 -0700
+++ jss/org/mozilla/jss/pkcs12/SafeBag.java 2016-08-16 14:28:31.409609397 -0700
@@ -63,7 +63,7 @@ public final class SafeBag implements AS
*/
public SET getBagAttributes() {
return bagAttributes;
- }
+ }
///////////////////////////////////////////////////////////////////////
// OIDs
@@ -81,7 +81,7 @@ public final class SafeBag implements AS
public static final OBJECT_IDENTIFIER PKCS12_BAG_IDS =
PKCS12_VERSION_1.subBranch(1);
- /**
+ /**
* A bag containing a private key. The bag content is a <i>KeyBag</i>,
* which is equivalent to a PKCS #8 <i>PrivateKeyInfo</i>
*/
@@ -124,7 +124,7 @@ public final class SafeBag implements AS
/**
* A FriendlyName attribute. The value is a BMPString.
*/
- public static final OBJECT_IDENTIFIER FRIENDLY_NAME =
+ public static final OBJECT_IDENTIFIER FRIENDLY_NAME =
OBJECT_IDENTIFIER.PKCS9.subBranch(20);
/**
@@ -149,7 +149,7 @@ public final class SafeBag implements AS
* @param bagAttributes A SET of Attributes for this SafeBag. Since
* attributes are optional, this parameter may be null.
*/
- public SafeBag(OBJECT_IDENTIFIER bagType, ASN1Value bagContent,
+ public SafeBag(OBJECT_IDENTIFIER bagType, ASN1Value bagContent,
SET bagAttributes)
{
if( bagType==null || bagContent==null ) {
@@ -244,7 +244,7 @@ public final class SafeBag implements AS
MessageDigest digester = MessageDigest.getInstance("SHA-1");
return digester.digest(derCert);
}
-
+
/**
* Creates a SafeBag containing a PKCS-8ShroudedKeyBag, which is
@@ -275,7 +275,7 @@ public final class SafeBag implements AS
EncryptedPrivateKeyInfo epki= EncryptedPrivateKeyInfo.createPBE(
PBEAlgorithm.PBE_SHA1_DES3_CBC, password, salt,
DEFAULT_ITERATIONS, new PasswordConverter(), privk);
-
+
SET attributes = new SET();
attributes.addElement(new Attribute(
FRIENDLY_NAME,
diff -up jss/org/mozilla/jss/pkcs7/ContentInfo.java.34 jss/org/mozilla/jss/pkcs7/ContentInfo.java
--- jss/org/mozilla/jss/pkcs7/ContentInfo.java.34 2015-03-16 01:55:53.000000000 -0700
+++ jss/org/mozilla/jss/pkcs7/ContentInfo.java 2016-08-16 14:28:31.410609380 -0700
@@ -19,19 +19,19 @@ public class ContentInfo implements ASN1
public static final Tag TAG = SEQUENCE.TAG; // XXX is this right?
- public static OBJECT_IDENTIFIER DATA =
+ public static OBJECT_IDENTIFIER DATA =
new OBJECT_IDENTIFIER(new long[] { 1, 2, 840, 113549, 1, 7, 1 });
- public static OBJECT_IDENTIFIER SIGNED_DATA =
+ public static OBJECT_IDENTIFIER SIGNED_DATA =
new OBJECT_IDENTIFIER(new long[] { 1, 2, 840, 113549, 1, 7, 2 });
- public static OBJECT_IDENTIFIER ENVELOPED_DATA =
+ public static OBJECT_IDENTIFIER ENVELOPED_DATA =
new OBJECT_IDENTIFIER(new long[] { 1, 2, 840, 113549, 1, 7, 3 });
- public static OBJECT_IDENTIFIER SIGNED_AND_ENVELOPED_DATA =
+ public static OBJECT_IDENTIFIER SIGNED_AND_ENVELOPED_DATA =
new OBJECT_IDENTIFIER(new long[] { 1, 2, 840, 113549, 1, 7, 4 });
- public static OBJECT_IDENTIFIER DIGESTED_DATA =
+ public static OBJECT_IDENTIFIER DIGESTED_DATA =
new OBJECT_IDENTIFIER(new long[] { 1, 2, 840, 113549, 1, 7, 5 });
- public static OBJECT_IDENTIFIER ENCRYPTED_DATA =
+ public static OBJECT_IDENTIFIER ENCRYPTED_DATA =
new OBJECT_IDENTIFIER(new long[] { 1, 2, 840, 113549, 1, 7, 6 });
-
+
@@ -137,7 +137,6 @@ public class ContentInfo implements ASN1
* an OCTET_STRING will be returned.
* <p>If the contentType is <b>not</b> one of the six standard types,
* the returned object will be an ANY.
- * </ul>
*/
public ASN1Value getInterpretedContent() throws InvalidBERException {
if(contentType.equals(DATA)) {
@@ -209,7 +208,7 @@ public class ContentInfo implements ASN1
));
}
- public ASN1Value decode(InputStream istream)
+ public ASN1Value decode(InputStream istream)
throws IOException, InvalidBERException
{
return decode(ContentInfo.TAG,istream);
diff -up jss/org/mozilla/jss/pkcs7/SignerInfo.java.34 jss/org/mozilla/jss/pkcs7/SignerInfo.java
--- jss/org/mozilla/jss/pkcs7/SignerInfo.java.34 2016-08-16 14:28:31.320610915 -0700
+++ jss/org/mozilla/jss/pkcs7/SignerInfo.java 2016-08-16 14:28:31.410609380 -0700
@@ -97,7 +97,8 @@ public class SignerInfo implements ASN1V
/**
* Retrieves the DigestAlgorithm used in this SignerInfo.
*
- * @exception NoSuchAlgorithm If the algorithm is not recognized by JSS.
+ * @exception NoSuchAlgorithmException If the algorithm is not recognized
+ * by JSS.
*/
public DigestAlgorithm getDigestAlgorithm()
throws NoSuchAlgorithmException
@@ -290,7 +291,7 @@ public class SignerInfo implements ASN1V
signingAlg.getRawAlg().toOID(),null );
- if( authenticatedAttributes != null )
+ if( authenticatedAttributes != null )
{
Assert._assert( authenticatedAttributes.size() >= 2 );
this.authenticatedAttributes = authenticatedAttributes;
@@ -370,11 +371,11 @@ public class SignerInfo implements ASN1V
/**
* Verifies that this SignerInfo contains a valid signature of the
* given message digest. If any authenticated attributes are present,
- * they are also validated. The verification algorithm is as follows:<ul>
- * <p>Note that this does <b>not</b> verify the validity of the
- * the certificate itself, only the signature.
+ * they are also validated. The verification algorithm is as follows:
+ * Note that this does <b>not</b> verify the validity of the
+ * the certificate itself, only the signature.<ul>
*
- * <li>If no authenticated attributes are present, the content type is
+ * <li>If no authenticated attributes are present, the content type is
* verified to be <i>data</i>. Then it is verified that the message
* digest passed
* in, when encrypted with the given public key, matches the encrypted
@@ -398,7 +399,7 @@ public class SignerInfo implements ASN1V
* SignerInfo.
* @param contentType The type of the content that is signed by this
* SignerInfo.
- * @exception NoSuchObjectException If no certificate matching the
+ * @exception ObjectNotFoundException If no certificate matching the
* the issuer name and serial number can be found.
*/
public void verify(byte[] messageDigest, OBJECT_IDENTIFIER contentType)
@@ -412,14 +413,14 @@ public class SignerInfo implements ASN1V
issuerAndSerialNumber.getSerialNumber() );
verify(messageDigest, contentType, cert.getPublicKey());
}
-
+
/**
* Verifies that this SignerInfo contains a valid signature of the
* given message digest. If any authenticated attributes are present,
* they are also validated. The verification algorithm is as follows:<ul>
*
- * <li>If no authenticated attributes are present, the content type is
+ * <li>If no authenticated attributes are present, the content type is
* verified to be <i>data</i>. Then it is verified that the message
* digest passed
* in, when encrypted with the given public key, matches the encrypted
@@ -666,7 +667,7 @@ public class SignerInfo implements ASN1V
// verify the contents octets of the DER encoded authenticated attribs
byte[] toBeDigested;
toBeDigested = ASN1Util.encode(authenticatedAttributes);
-
+
MessageDigest md = MessageDigest.getInstance(
DigestAlgorithm.fromOID(digestAlgorithm.getOID()).toString() );
byte[] digest = md.digest(toBeDigested);
@@ -715,7 +716,7 @@ public class SignerInfo implements ASN1V
}
return true;
- }
+ }
///////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////
@@ -779,7 +780,7 @@ public class SignerInfo implements ASN1V
seqt.addOptionalElement(
new Tag(0),
new SET.OF_Template(Attribute.getTemplate()));
-
+
// digestEncryptionAlgorithm
seqt.addElement(AlgorithmIdentifier.getTemplate()); // dig encr alg
@@ -792,12 +793,12 @@ public class SignerInfo implements ASN1V
new SET.OF_Template(Attribute.getTemplate()));
}
-
+
public boolean tagMatch(Tag tag) {
return TAG.equals(tag);
}
- public ASN1Value decode(InputStream istream)
+ public ASN1Value decode(InputStream istream)
throws IOException, InvalidBERException
{
return decode(TAG,istream);
diff -up jss/org/mozilla/jss/pkix/cmc/CMCStatusInfo.java.34 jss/org/mozilla/jss/pkix/cmc/CMCStatusInfo.java
--- jss/org/mozilla/jss/pkix/cmc/CMCStatusInfo.java.34 2016-08-16 14:28:31.320610915 -0700
+++ jss/org/mozilla/jss/pkix/cmc/CMCStatusInfo.java 2016-08-16 14:28:31.411609363 -0700
@@ -15,17 +15,17 @@ import java.util.BitSet;
/**
* CMC <i>CMCStatusInfo</i>:
* <pre>
- * CMCStatusInfo ::= SEQUENCE {
- * cMCStatus CMCStatus,
- * bodyList SEQUENCE SIZE (1..MAX) OF BodyPartID,
- * statusString UTF8String OPTIONAL,
- * otherInfo CHOICE {
- * failInfo CMCFailInfo,
- * pendInfo PendInfo } OPTIONAL
- * }
- * PendInfo ::= SEQUENCE {
- * pendToken OCTET STRING,
- * pendTime GeneralizedTime
+ * CMCStatusInfo ::= SEQUENCE {
+ * cMCStatus CMCStatus,
+ * bodyList SEQUENCE SIZE (1..MAX) OF BodyPartID,
+ * statusString UTF8String OPTIONAL,
+ * otherInfo CHOICE {
+ * failInfo CMCFailInfo,
+ * pendInfo PendInfo } OPTIONAL
+ * }
+ * PendInfo ::= SEQUENCE {
+ * pendToken OCTET STRING,
+ * pendTime GeneralizedTime
* }
* </pre>
*/
@@ -36,7 +36,7 @@ public class CMCStatusInfo implements AS
// Members
///////////////////////////////////////////////////////////////////////
private INTEGER status;
- private SEQUENCE bodyList;
+ private SEQUENCE bodyList;
private UTF8String statusString;
private OtherInfo otherInfo;
@@ -135,7 +135,7 @@ public class CMCStatusInfo implements AS
public int getStatus() {
return status.intValue();
}
-
+
public SEQUENCE getBodyList() {
return bodyList;
}
diff -up jss/org/mozilla/jss/pkix/cms/ContentInfo.java.34 jss/org/mozilla/jss/pkix/cms/ContentInfo.java
--- jss/org/mozilla/jss/pkix/cms/ContentInfo.java.34 2015-03-16 01:55:53.000000000 -0700
+++ jss/org/mozilla/jss/pkix/cms/ContentInfo.java 2016-08-16 14:28:31.411609363 -0700
@@ -136,7 +136,6 @@ public class ContentInfo implements ASN1
* an OCTET_STRING will be returned.
* <p>If the contentType is <b>not</b> one of the six standard types,
* the returned object will be an ANY.
- * </ul>
*/
public ASN1Value getInterpretedContent() throws InvalidBERException {
if(contentType.equals(DATA)) {
diff -up jss/org/mozilla/jss/pkix/cms/SignerInfo.java.34 jss/org/mozilla/jss/pkix/cms/SignerInfo.java
--- jss/org/mozilla/jss/pkix/cms/SignerInfo.java.34 2015-03-16 01:55:53.000000000 -0700
+++ jss/org/mozilla/jss/pkix/cms/SignerInfo.java 2016-08-16 14:28:31.412609346 -0700
@@ -98,7 +98,8 @@ public class SignerInfo implements ASN1V
/**
* Retrieves the DigestAlgorithm used in this SignerInfo.
*
- * @exception NoSuchAlgorithm If the algorithm is not recognized by JSS.
+ * @exception NoSuchAlgorithmException If the algorithm is not
+ * recognized by JSS.
*/
public DigestAlgorithm getDigestAlgorithm()
throws NoSuchAlgorithmException
@@ -371,9 +372,9 @@ public class SignerInfo implements ASN1V
/**
* Verifies that this SignerInfo contains a valid signature of the
* given message digest. If any signed attributes are present,
- * they are also validated. The verification algorithm is as follows:<ul>
- * <p>Note that this does <b>not</b> verify the validity of the
- * the certificate itself, only the signature.
+ * they are also validated. The verification algorithm is as follows:
+ * Note that this does <b>not</b> verify the validity of the
+ * the certificate itself, only the signature.<ul>
*
* <li>If no signed attributes are present, the content type is
* verified to be <i>data</i>. Then it is verified that the message
@@ -399,8 +400,8 @@ public class SignerInfo implements ASN1V
* SignerInfo.
* @param contentType The type of the content that is signed by this
* SignerInfo.
- * @exception NoSuchObjectException If no certificate matching the
- * the issuer name and serial number can be found.
+ * @exception ObjectNotFoundException If no certificate
+ * matching the issuer name and serial number can be found.
*/
public void verify(byte[] messageDigest, OBJECT_IDENTIFIER contentType)
throws CryptoManager.NotInitializedException, NoSuchAlgorithmException,
diff -up jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java.34 jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java
--- jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java.34 2015-03-16 01:55:53.000000000 -0700
+++ jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java 2016-08-16 14:28:31.412609346 -0700
@@ -80,7 +80,7 @@ public class CertReqMsg implements ASN1V
/**
* Constructs a <i>CertReqmsg</i> from a <i>CertRequest</i> and, optionally,
- * a <i>pop>/i> and a <i>regInfo</i>.
+ * a <i>pop</i> and a <i>regInfo</i>.
* @param pop May be NULL.
* @param regInfo May be NULL.
*/
diff -up jss/org/mozilla/jss/pkix/primitive/DirectoryString.java.34 jss/org/mozilla/jss/pkix/primitive/DirectoryString.java
--- jss/org/mozilla/jss/pkix/primitive/DirectoryString.java.34 2016-08-16 14:28:31.321610898 -0700
+++ jss/org/mozilla/jss/pkix/primitive/DirectoryString.java 2016-08-16 14:28:31.413609329 -0700
@@ -146,6 +146,6 @@ public class DirectoryString implements
{
Assert._assert( tagMatch(implicitTag) );
return decode(istream);
- }
+ }
}
}
diff -up jss/org/mozilla/jss/ssl/SSLServerSocket.java.34 jss/org/mozilla/jss/ssl/SSLServerSocket.java
--- jss/org/mozilla/jss/ssl/SSLServerSocket.java.34 2016-08-16 14:28:31.260611937 -0700
+++ jss/org/mozilla/jss/ssl/SSLServerSocket.java 2016-08-16 14:28:31.415609295 -0700
@@ -34,7 +34,7 @@ public class SSLServerSocket extends jav
private boolean isClosed = false;
private boolean inAccept = false;
private java.lang.Object acceptLock = new java.lang.Object();
-
+
/**
* The default size of the listen queue.
*/
@@ -63,7 +63,7 @@ public class SSLServerSocket extends jav
* unspecified local address will be bound to.
*/
public SSLServerSocket(int port, int backlog, InetAddress bindAddr)
- throws IOException
+ throws IOException
{
this(port, backlog, bindAddr, null);
}
@@ -78,7 +78,7 @@ public class SSLServerSocket extends jav
*/
public SSLServerSocket(int port, int backlog, InetAddress bindAddr,
SSLCertificateApprovalCallback certApprovalCallback)
- throws IOException
+ throws IOException
{
this(port,backlog, bindAddr, certApprovalCallback, false);
}
@@ -98,7 +98,7 @@ public class SSLServerSocket extends jav
public SSLServerSocket(int port, int backlog, InetAddress bindAddr,
SSLCertificateApprovalCallback certApprovalCallback,
boolean reuseAddr)
- throws IOException
+ throws IOException
{
// Dance the dance of fools. The superclass doesn't have a default
// constructor, so we have to trick it here. This is an example
@@ -143,7 +143,6 @@ public class SSLServerSocket extends jav
*
* @throws IOException If an input or output exception occurred
* @throws SocketTimeoutException If the socket times out trying to connect
- * @throws InterruptedIOException If an input or output is interrupted
* @throws SSLSocketException JSS subclass of java.net.SocketException
*/
public Socket accept() throws IOException {
@@ -151,7 +150,7 @@ public class SSLServerSocket extends jav
synchronized (this) {
if (isClosed) {
throw new IOException(
- "SSLServerSocket has been closed, and cannot be reused.");
+ "SSLServerSocket has been closed, and cannot be reused.");
}
inAccept = true;
}
@@ -197,7 +196,7 @@ public class SSLServerSocket extends jav
public native boolean getReuseAddress() throws SocketException;
private native void abortAccept() throws SocketException;
private native byte[] socketAccept(SSLSocket s, int timeout,
- boolean handshakeAsClient)
+ boolean handshakeAsClient)
throws SocketException, SocketTimeoutException;
/**
@@ -238,7 +237,7 @@ public class SSLServerSocket extends jav
/* Lock acceptLock to ensure that accept has been aborted. */
synchronized (acceptLock) {
base.close();
- sockProxy = null;
+ sockProxy = null;
base.setProxy(null);
}
}
@@ -356,8 +355,8 @@ public class SSLServerSocket extends jav
}
/**
- * Enables Session tickets on this socket. It is disabled by default,
- * unless the default has been changed with
+ * Enables Session tickets on this socket. It is disabled by default,
+ * unless the default has been changed with
* <code>SSLSocket.enableSessionTicketsDefault</code>.
*/
public void enableSessionTickets(boolean enable) throws SocketException {
@@ -376,8 +375,8 @@ public class SSLServerSocket extends jav
* restriction, whether or not the peer's hello bears the TLS
* renegotiation info extension. Vulnerable, as in the past.
*
- * SSLSocket.SSL_RENEGOTIATE_REQUIRES_XTN - Only renegotiate if the
- * peer's hello bears the TLS renegotiation_info extension. This is
+ * SSLSocket.SSL_RENEGOTIATE_REQUIRES_XTN - Only renegotiate if the
+ * peer's hello bears the TLS renegotiation_info extension. This is
* safe renegotiation.
*
* SSLSocket.SSL_RENEGOTIATE_TRANSITIONAL - Disallow unsafe
@@ -411,8 +410,8 @@ public class SSLServerSocket extends jav
}
/**
- * Enables the bypass of PKCS11 for performance on this socket.
- * It is disabled by default, unless the default has been changed
+ * Enables the bypass of PKCS11 for performance on this socket.
+ * It is disabled by default, unless the default has been changed
* with <code>SSLSocket.bypassPKCS11Default</code>.
*/
public void bypassPKCS11(boolean enable) throws SocketException {
@@ -421,15 +420,15 @@ public class SSLServerSocket extends jav
/**
* Enable rollback detection for this socket.
- * It is enabled by default, unless the default has been changed
+ * It is enabled by default, unless the default has been changed
* with <code>SSLSocket.enableRollbackDetectionDefault</code>.
*/
public void enableRollbackDetection(boolean enable) throws SocketException {
base.enableRollbackDetection(enable);
}
-
+
/**
- * This option, enableStepDown, is concerned with the generation
+ * This option, enableStepDown, is concerned with the generation
* of step-down keys which are used with export suites.
* If the server cert's public key is 512 bits or less,
* this option is ignored because step-down keys don't
@@ -440,7 +439,7 @@ public class SSLServerSocket extends jav
* enable=false: don't generate step-down keys; disable
* export cipher suites
*
- * This option is enabled by default; unless the default has
+ * This option is enabled by default; unless the default has
* been changed with <code>SSLSocket.enableStepDownDefault</code>.
*/
public void enableStepDown(boolean enable) throws SocketException {
@@ -448,9 +447,9 @@ public class SSLServerSocket extends jav
}
/**
- * Enable simultaneous read/write by separate read and write threads
+ * Enable simultaneous read/write by separate read and write threads
* (full duplex) for this socket.
- * It is disabled by default, unless the default has been changed
+ * It is disabled by default, unless the default has been changed
* with <code>SSLSocket.enableFDXDefault</code>.
*/
public void enableFDX(boolean enable) throws SocketException {
@@ -459,7 +458,7 @@ public class SSLServerSocket extends jav
/**
* Enable sending v3 client hello in v2 format for this socket.
- * It is enabled by default, unless the default has been changed
+ * It is enabled by default, unless the default has been changed
* with <code>SSLSocket.enableV2CompatibleHelloDefault</code>.
*/
public void enableV2CompatibleHello(boolean enable) throws SocketException {
@@ -472,7 +471,7 @@ public class SSLServerSocket extends jav
public String getSSLOptions() {
return base.getSSLOptions();
}
-
+
/**
* @return the local address of this server socket.
*/
@@ -498,16 +497,16 @@ public class SSLServerSocket extends jav
* peer. If requestClientAuth() has not already been called, this
* method will tell the socket to request client auth as well as requiring
* it.
- * @param mode One of: SSLSocket.SSL_REQUIRE_NEVER,
- * SSLSocket.SSL_REQUIRE_ALWAYS,
- * SSLSocket.SSL_REQUIRE_FIRST_HANDSHAKE,
- * SSLSocket.SSL_REQUIRE_NO_ERROR
+ * @param mode One of: SSLSocket.SSL_REQUIRE_NEVER,
+ * SSLSocket.SSL_REQUIRE_ALWAYS,
+ * SSLSocket.SSL_REQUIRE_FIRST_HANDSHAKE,
+ * SSLSocket.SSL_REQUIRE_NO_ERROR
*/
public void requireClientAuth(int mode)
throws SocketException
{
- if (mode >= SocketBase.SSL_REQUIRE_NEVER &&
+ if (mode >= SocketBase.SSL_REQUIRE_NEVER &&
mode <= SocketBase.SSL_REQUIRE_NO_ERROR) {
base.requireClientAuth(mode);
} else {
diff -up jss/org/mozilla/jss/ssl/SSLSocket.java.34 jss/org/mozilla/jss/ssl/SSLSocket.java
diff -up jss/org/mozilla/jss/tests/HMACTest.java.34 jss/org/mozilla/jss/tests/HMACTest.java
--- jss/org/mozilla/jss/tests/HMACTest.java.34 2015-03-16 01:55:53.000000000 -0700
+++ jss/org/mozilla/jss/tests/HMACTest.java 2016-08-16 14:28:31.416609278 -0700
@@ -69,7 +69,7 @@ public class HMACTest {
mozillaHmac.update(clearText.getBytes());
mozillaHmacOut = mozillaHmac.doFinal();
- // loop through all configured providers; if they support the
+ // loop through all configured providers; if they support the
// algorithm compare the result to Mozilla's HMAC
Provider[] providers = Security.getProviders("Mac." + alg);
String provider = null;
@@ -123,18 +123,18 @@ public class HMACTest {
/**
* Main test method.
- * @params args[]
+ * @param argv
*/
public static void main(String[] argv) {
try {
HMACTest hmacTest = new HMACTest(argv);
- //The secret key must be a JSS key. That is, it must be an
+ //The secret key must be a JSS key. That is, it must be an
//instanceof org.mozilla.jss.crypto.SecretKeyFacade.
//Generate the secret key using PKCS # 5 password Based Encryption
- //we have to specify a salt and an iteration count.
+ //we have to specify a salt and an iteration count.
PBEKeySpec pbeKeySpec;
SecretKeyFactory keyFac;
@@ -157,17 +157,17 @@ public class HMACTest {
String clearText = new String("FireFox and Thunderbird rule");
for (int i = 0; i < JSS_HMAC_Algs.length; i++) {
if (hmacTest.fipsMode()) {
- //In FIPS Mode only test JSS due to NSS prevents
- //key data from being extracted above the
- //NSS cryptographic boundary when FIPS mode
- //is enabled.
+ //In FIPS Mode only test JSS due to NSS prevents
+ //key data from being extracted above the
+ //NSS cryptographic boundary when FIPS mode
+ //is enabled.
//note there is a bug with HmacSHA512 in fipsmode.
//https://bugzilla.mozilla.org/show_bug.cgi?id=436907
if (!JSS_HMAC_Algs[i].equals("HmacSHA512")) {
hmacTest.doHMAC(JSS_HMAC_Algs[i], sk, clearText);
}
} else {
- // compare MOZ_PROVIDER_NAME implementation with all
+ // compare MOZ_PROVIDER_NAME implementation with all
// providers that also support the given algorithm
if (!hmacTest.compareHMAC(
JSS_HMAC_Algs[i], sk, clearText)) {
diff -up jss/org/mozilla/jss/tests/JCASymKeyGen.java.34 jss/org/mozilla/jss/tests/JCASymKeyGen.java
--- jss/org/mozilla/jss/tests/JCASymKeyGen.java.34 2016-08-16 14:28:31.323610863 -0700
+++ jss/org/mozilla/jss/tests/JCASymKeyGen.java 2016-08-16 14:28:31.417609261 -0700
@@ -30,14 +30,14 @@ import javax.crypto.spec.PBEKeySpec;
import java.security.SecureRandom;
/**
- *
+ *
*/
public class JCASymKeyGen {
static final String MOZ_PROVIDER_NAME = "Mozilla-JSS";
byte[] plainText = "Firefox rules!Firefox rules!Firefox rules!Firefox rules!Firefox rules!".getBytes();
- byte[] plainTextPad = "Thunderbird rules!Thunderbird rules!Thunderbird rules!Thunderbird rules!Thunderbird rules!".getBytes();
+ byte[] plainTextPad = "Thunderbird rules!Thunderbird rules!Thunderbird rules!Thunderbird rules!Thunderbird rules!".getBytes();
byte[] plainTextB = "NSPR NSS JSS!NSPR NSS JSS!NSPR NSS JSS!".getBytes();
- byte[] plainTextPadB = "Use Firefox and Thunderbird!".getBytes();
+ byte[] plainTextPadB = "Use Firefox and Thunderbird!".getBytes();
static boolean bFipsMode = false;
/**
@@ -136,12 +136,12 @@ public class JCASymKeyGen {
MOZ_PROVIDER_NAME);
random.nextBytes(salt);
int iterationCount = 2;
-
+
kf = SecretKeyFactory.getInstance(keyType,
provider);
PBEKeySpec keySpec = new PBEKeySpec(pw, salt, iterationCount);
key = (SecretKeyFacade) kf.generateSecret(keySpec);
-
+
//todo this should work as well
//PBEKeySpec pbeKeySpec = new PBEKeySpec(pw));
// key = kf.generateSecret(pbeKeySpec);
@@ -197,7 +197,7 @@ public class JCASymKeyGen {
random.nextBytes(iv);
RC2ParSpec = new RC2ParameterSpec(128, iv);
cipher.init(Cipher.ENCRYPT_MODE, sKey, RC2ParSpec);
-
+
} else {
cipher.init(Cipher.ENCRYPT_MODE, sKey);
//generate the algorithm Parameters; they need to be
@@ -208,17 +208,17 @@ public class JCASymKeyGen {
encodedAlgParams = ap.getEncoded();
}
}
-
-
- //System.out.print(plaintext.length + " plaintext size " +
- // providerForEncrypt + " encrypt outputsize: " +
+
+
+ //System.out.print(plaintext.length + " plaintext size " +
+ // providerForEncrypt + " encrypt outputsize: " +
// cipher.getOutputSize(plaintext.length));
- byte[] ciphertext =
+ byte[] ciphertext =
new byte[cipher.getOutputSize(plaintext.length)];
- int cLen = cipher.update(plaintext, 0, plaintext.length,
+ int cLen = cipher.update(plaintext, 0, plaintext.length,
ciphertext, 0);
- cLen += cipher.doFinal(ciphertext, cLen);
-
+ cLen += cipher.doFinal(ciphertext, cLen);
+
//decrypt
cipher = Cipher.getInstance(algType, providerForDecrypt);
if (encodedAlgParams == null)
@@ -234,11 +234,11 @@ public class JCASymKeyGen {
aps.init(encodedAlgParams);
cipher.init(Cipher.DECRYPT_MODE, sKey, aps);
}
-
+
byte[] recovered = new byte[cLen];
int rLen = cipher.update(ciphertext, 0, cLen, recovered, 0);
rLen += cipher.doFinal(recovered, rLen);
-
+
//ensure the recovered bytes equals the orginal plaintext
boolean isEqual = true;
for (int i = 0; i < plaintext.length; i++) {
@@ -247,7 +247,7 @@ public class JCASymKeyGen {
break;
}
}
-
+
if (isEqual) {
//System.out.println(providerForEncrypt + " encrypted & " +
// providerForDecrypt + " decrypted using " +
@@ -292,13 +292,13 @@ public class JCASymKeyGen {
plaintext = plainTextPad;
plaintextB = plainTextPadB;
}
-
+
//encypt
Cipher cipher = Cipher.getInstance(algType, providerForEncrypt);
AlgorithmParameters ap = null;
byte[] encodedAlgParams = null;
AlgorithmParameterSpec RC2ParSpec = null;
-
+
if (algFamily.compareToIgnoreCase("RC2")==0) {
//JDK 1.4 requires you to pass in generated algorithm
//parameters for RC2 (JDK 1.5 does not).
@@ -308,7 +308,7 @@ public class JCASymKeyGen {
random.nextBytes(iv);
RC2ParSpec = new RC2ParameterSpec(128, iv);
cipher.init(Cipher.ENCRYPT_MODE, sKey, RC2ParSpec);
-
+
} else {
cipher.init(Cipher.ENCRYPT_MODE, sKey);
//generate the algorithm Parameters; they need to be
@@ -319,16 +319,16 @@ public class JCASymKeyGen {
encodedAlgParams = ap.getEncoded();
}
}
-
- byte[] ciphertext =
+
+ byte[] ciphertext =
new byte[(cipher.getOutputSize(plaintext.length +
plaintextB.length))];
- int cLen = cipher.update(plaintext, 0, plaintext.length,
+ int cLen = cipher.update(plaintext, 0, plaintext.length,
ciphertext, 0);
- cLen += cipher.update(plaintextB, 0, plaintextB.length,
+ cLen += cipher.update(plaintextB, 0, plaintextB.length,
ciphertext, cLen);
- cLen += cipher.doFinal(ciphertext, cLen);
-
+ cLen += cipher.doFinal(ciphertext, cLen);
+
//decrypt
cipher = Cipher.getInstance(algType, providerForDecrypt);
if (encodedAlgParams == null)
@@ -344,7 +344,7 @@ public class JCASymKeyGen {
aps.init(encodedAlgParams);
cipher.init(Cipher.DECRYPT_MODE, sKey, aps);
}
-
+
byte[] recovered = new byte[cLen];
int rLen = cipher.update(ciphertext, 0, cLen, recovered, 0);
rLen += cipher.doFinal(recovered, rLen);
@@ -364,7 +364,7 @@ public class JCASymKeyGen {
}
}
}
-
+
if (isEqual) {
//System.out.println(providerForEncrypt + " encrypted & " +
// providerForDecrypt + " decrypted using " +
@@ -388,9 +388,9 @@ public class JCASymKeyGen {
ex.printStackTrace();
}
}
-
+
public static void main(String args[]) {
-
+
String certDbLoc = ".";
String passwdFile = null;
// Mozilla supported symmetric key ciphers and algorithms
@@ -412,9 +412,9 @@ public class JCASymKeyGen {
{"PBEWithSHA1AndDESede", "DESede/ECB/NoPadding"},
//{"PBEWithSHA1And128RC4"}, todo
};
-
-
-
+
+
+
if ( args.length <= 2 ) {
certDbLoc = args[0];
if (args.length == 2) {
@@ -429,7 +429,7 @@ public class JCASymKeyGen {
System.out.println("FIPSMODE requires Java 1.6 or higher!");
System.exit(1);
}
-
+
//If the IBMJCE provider exists tests with it otherwise
//use the SunJCE provider.
String otherProvider = new String("IBMJCE");
@@ -447,11 +447,11 @@ public class JCASymKeyGen {
System.out.println(otherProvider + ": " + p.getInfo());
p = Security.getProvider(MOZ_PROVIDER_NAME);
System.out.println(MOZ_PROVIDER_NAME + ": " + p.getInfo());
-
+
javax.crypto.SecretKey mozKey = null;
-
+
try {
-
+
for (int i = 0 ; i < symKeyTable.length; i++) {
try {
//generate the key using mozilla
@@ -469,11 +469,11 @@ public class JCASymKeyGen {
//test the cipher algorithms for this keyType
for (int a = 1 ; a < symKeyTable[i].length; a++){
//encrypt/decrypt with Mozilla Provider
-
+
skg.testCipher(mozKey, symKeyTable[i][0], symKeyTable[i][a],
MOZ_PROVIDER_NAME, MOZ_PROVIDER_NAME);
- skg.testMultiPartCipher(mozKey, symKeyTable[i][0],
- symKeyTable[i][a],
+ skg.testMultiPartCipher(mozKey, symKeyTable[i][0],
+ symKeyTable[i][a],
MOZ_PROVIDER_NAME, MOZ_PROVIDER_NAME);
try {
@@ -488,25 +488,25 @@ public class JCASymKeyGen {
continue;
}
//in FIPSMODE you can only use the Mozilla Provider
- if (!bFipsMode) {
+ if (!bFipsMode) {
//encrypt with Mozilla, and Decrypt with otherProvider
- skg.testCipher(mozKey, symKeyTable[i][0],
+ skg.testCipher(mozKey, symKeyTable[i][0],
symKeyTable[i][a],
MOZ_PROVIDER_NAME, otherProvider);
- skg.testMultiPartCipher(mozKey, symKeyTable[i][0],
+ skg.testMultiPartCipher(mozKey, symKeyTable[i][0],
symKeyTable[i][a],
MOZ_PROVIDER_NAME, otherProvider);
-
+
//encrypt with otherProvider and decrypt with Mozilla
- skg.testCipher(mozKey, symKeyTable[i][0],
+ skg.testCipher(mozKey, symKeyTable[i][0],
symKeyTable[i][a],
otherProvider, MOZ_PROVIDER_NAME);
- skg.testMultiPartCipher(mozKey, symKeyTable[i][0],
+ skg.testMultiPartCipher(mozKey, symKeyTable[i][0],
symKeyTable[i][a],
otherProvider, MOZ_PROVIDER_NAME);
- System.out.println(MOZ_PROVIDER_NAME + " and " +
+ System.out.println(MOZ_PROVIDER_NAME + " and " +
otherProvider + " tested " + symKeyTable[i][a]);
}
}
@@ -518,7 +518,7 @@ public class JCASymKeyGen {
//end of main
System.exit(0);
}
-
+
/**
* Validate if the key algorithm of a given SecretKey
* is the same as expected.
@@ -533,7 +533,7 @@ public class JCASymKeyGen {
}
return status;
}
-
+
/**
* Validate if the key length of a given SecretKey
* is the same as expected.
@@ -558,7 +558,7 @@ public class JCASymKeyGen {
private String asHex(byte buf[]) {
StringBuffer strbuf = new StringBuffer(buf.length * 2);
int i;
-
+
for (i = 0; i < buf.length; i++) {
if (((int) buf[i] & 0xff) < 0x10)
strbuf.append("0");
diff -up jss/org/mozilla/jss/tests/JSSE_SSLClient.java.34 jss/org/mozilla/jss/tests/JSSE_SSLClient.java
--- jss/org/mozilla/jss/tests/JSSE_SSLClient.java.34 2016-08-16 14:28:31.325610829 -0700
+++ jss/org/mozilla/jss/tests/JSSE_SSLClient.java 2016-08-16 14:28:31.417609261 -0700
@@ -21,7 +21,7 @@ import java.util.Iterator;
*
*/
public class JSSE_SSLClient {
-
+
// Local members
private String sslRevision = "TLS";
private String host = null;
@@ -112,20 +112,20 @@ public class JSSE_SSLClient {
}
for (int i = 0 ; i < 20 ; i++) {
try {
-
+
Thread.sleep(1000);
System.out.println("Testing Connection:" +
host + ":" + port);
socket = (SSLSocket)factory.createSocket(host, port);
socket.setEnabledCipherSuites(factory.getDefaultCipherSuites());
-
+
if (socket.isBound()) {
System.out.println("connect isBound");
isServerAlive = true;
socket.close();
break;
}
-
+
} catch (java.net.ConnectException ex) {
//not able to connect
} catch (InterruptedException ex) {
@@ -133,9 +133,9 @@ public class JSSE_SSLClient {
} catch (IOException ex) {
ex.printStackTrace();
}
-
+
}
-
+
return isServerAlive;
}
/**
@@ -147,7 +147,7 @@ public class JSSE_SSLClient {
if (factory == null) {
initSocketFactory();
}
-
+
if (!isServerAlive()) {
System.out.println("Unable to connect to " + host + ":" +
port + " exiting.");
@@ -167,18 +167,18 @@ public class JSSE_SSLClient {
}
}
}
-
-
+
+
public void configureCipherSuites(String server, String CipherSuite) {
-
+
boolean testCipher = true;
-
+
if (factory == null) {
initSocketFactory();
}
-
+
String ciphers[] = factory.getSupportedCipherSuites();
-
+
for (int i = 0; i < ciphers.length; ++i) {
String ciphersuite = ciphers[i];
testCipher = true;
@@ -209,31 +209,31 @@ public class JSSE_SSLClient {
}
*/
}
-
+
if (testCipher) {
ciphersToTest.add(ciphers[i]);
if (bVerbose) System.out.print(" - Testing");
}
}
-
+
if (bVerbose) System.out.print("\n");
-
+
if(bVerbose) System.out.println("\nTesting " + ciphersToTest.size() +
" ciphersuites.");
-
+
}
-
+
private void initSocketFactory() {
-
+
SSLContext ctx = null;
KeyManagerFactory kmf = null;
TrustManagerFactory tmf = null;
KeyStore ks = null;
KeyStore ksTrust = null;
String provider = "SunJCE";
-
-
-
+
+
+
/*
* Set up a key manager for client authentication
* if asked by the server. Use the implementation's
@@ -241,13 +241,13 @@ public class JSSE_SSLClient {
*/
char[] passphrase = "m1oZilla".toCharArray();
try {
-
-
+
+
String javaVendor = System.getProperty("java.vendor");
if (Constants.debug_level > 3)
System.out.println("DEBUG: JSSE_SSLClient.java java.vendor=" +
javaVendor);
-
+
// Initialize the system
if (javaVendor.equals("IBM Corporation")) {
System.setProperty("java.protocol.handler.pkgs",
@@ -261,7 +261,7 @@ public class JSSE_SSLClient {
java.security.Security.addProvider((java.security.Provider)
Class.forName("com.sun.crypto.provider.SunJCE").newInstance());
}
-
+
// Load the keystore that contains the certificate
String certificate = new String("SunX509");
ks = KeyStore.getInstance("PKCS12");
@@ -269,7 +269,7 @@ public class JSSE_SSLClient {
certificate = new String("IbmX509");
ks = KeyStore.getInstance("PKCS12", provider);
}
-
+
try {
kmf = KeyManagerFactory.getInstance(certificate);
ks.load(new FileInputStream(getKeystoreLoc()), passphrase);
@@ -289,7 +289,7 @@ public class JSSE_SSLClient {
throw keyEx;
}
kmf.init(ks, passphrase);
-
+
// trust manager that trusts all certificates
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@@ -317,11 +317,11 @@ public class JSSE_SSLClient {
String authType) {}
}
};
-
+
ctx = SSLContext.getInstance(sslRevision);
ctx.init(kmf.getKeyManagers(), trustAllCerts, null);
factory = ctx.getSocketFactory();
-
+
String[] JSSE_ciphers = factory.getSupportedCipherSuites();
} catch (KeyStoreException ex) {
ex.printStackTrace();
@@ -336,9 +336,9 @@ public class JSSE_SSLClient {
} catch (Exception ex) {
ex.printStackTrace();
}
-
+
}
-
+
/**
* sendServerShutdownMsg
*/
@@ -348,11 +348,11 @@ public class JSSE_SSLClient {
if (factory == null) {
initSocketFactory();
}
-
+
socket = (SSLSocket)factory.createSocket(host, port);
socket.setEnabledCipherSuites(factory.getDefaultCipherSuites());
-
-
+
+
if (bVerbose) System.out.println("Sending shutdown message " +
"to server.");
socket.startHandshake();
@@ -366,9 +366,9 @@ public class JSSE_SSLClient {
} catch (Exception ex) {
ex.printStackTrace();
}
-
+
}
-
+
private void testSSLSocket(SSLSocket socket, String ciphersuite,
int socketID) {
/*
@@ -395,12 +395,12 @@ public class JSSE_SSLClient {
handshakeEx.printStackTrace();
System.exit(1);
}
-
+
try {
// Set socket timeout to 10 sec
socket.setSoTimeout(10 * 1000);
socket.startHandshake();
-
+
String outputLine = null;
String inputLine = null;
InputStream is = socket.getInputStream();
@@ -409,7 +409,7 @@ public class JSSE_SSLClient {
new InputStreamReader(is));
PrintWriter out;
out = new PrintWriter(new BufferedWriter(new OutputStreamWriter(os)));
-
+
//write then read on the connection once.
outputLine = ciphersuite + ":" + socketID + "\n";
if (bVerbose) {
@@ -436,23 +436,23 @@ public class JSSE_SSLClient {
ex.printStackTrace();
}
}
-
-
-
+
+
+
public void outputCipherResults() {
String banner = new String
("\n----------------------------------------------------------\n");
-
+
System.out.println(banner);
System.out.println("JSSE has " +
factory.getSupportedCipherSuites().length + " ciphersuites and " +
ciphersToTest.size() + " were configured and tested.");
-
+
if (ciphersToTest.size() == h_ciphers.size()) {
System.out.println("All " + ciphersToTest.size() +
" configured ciphersuites tested Successfully!\n");
}
-
+
if (!h_ciphers.isEmpty()) {
if (!f_ciphers.isEmpty()) {
System.out.println(banner);
@@ -463,14 +463,14 @@ public class JSSE_SSLClient {
Iterator iter = h_ciphers.iterator();
while (iter.hasNext()) {
System.out.println((String) iter.next());
-
+
}
}
if (bFipsMode) {
System.out.println("Note: ciphersuites that have the prefix " +
"\"SSL\" or \"SSL3\" were used in TLS mode.");
}
-
+
if (ciphersToTest.size()
!= (h_ciphers.size() + f_ciphers.size())) {
System.out.println("ERROR: did not test all expected ciphersuites");
@@ -483,24 +483,24 @@ public class JSSE_SSLClient {
Iterator iter = f_ciphers.iterator();
while (iter.hasNext()) {
System.out.println((String) iter.next());
-
+
}
System.out.println("we should have no failed ciphersuites!");
System.exit(1);
}
-
+
System.out.println(banner);
-
+
}
-
-
-
-
+
+
+
+
/**
* Main method for local unit testing.
*/
public static void main(String [] args) {
-
+
String testCipher = null;
String testHost = "localhost";
String keystoreLocation = "rsa.pfx";
@@ -509,13 +509,13 @@ public class JSSE_SSLClient {
String usage = "java org.mozilla.jss.tests.JSSE_SSLClient" +
"\n<keystore location> " +
"<test port> <test host> <server type> <test cipher>";
-
+
try {
if ( args[0].toLowerCase().equals("-h") || args.length < 1) {
System.out.println(usage);
System.exit(1);
}
-
+
if ( args.length >= 1 ) {
keystoreLocation = (String)args[0];
}
@@ -536,13 +536,13 @@ public class JSSE_SSLClient {
System.out.println(usage);
System.exit(1);
}
-
+
JSSE_SSLClient sslSock = new JSSE_SSLClient();
-
+
sslSock.setHost(testHost);
sslSock.setPort(testPort);
sslSock.setKeystoreLoc(keystoreLocation);
-
+
sslSock.setCipherSuite(testCipher);
sslSock.configureCipherSuites(serverType, testCipher);
try {
@@ -555,8 +555,8 @@ public class JSSE_SSLClient {
}
sslSock.sendServerShutdownMsg();
sslSock.outputCipherResults();
-
-
+
+
System.exit(0);
}
}
diff -up jss/org/mozilla/jss/tests/JSSE_SSLServer.java.34 jss/org/mozilla/jss/tests/JSSE_SSLServer.java
--- jss/org/mozilla/jss/tests/JSSE_SSLServer.java.34 2016-08-16 14:28:31.326610812 -0700
+++ jss/org/mozilla/jss/tests/JSSE_SSLServer.java 2016-08-16 14:28:31.418609244 -0700
@@ -12,7 +12,7 @@ import java.util.Vector;
import org.mozilla.jss.*;
import java.security.Provider;
import java.security.Security;
-//note: SunPKCS11 requires JDK 1.5 or higher.
+//note: SunPKCS11 requires JDK 1.5 or higher.
//SunPKCS11 import sun.security.pkcs11.SunPKCS11;
/**
@@ -23,7 +23,7 @@ import java.security.Security;
*/
public class JSSE_SSLServer {
-
+
private int DefaultServerPort = 29753;
private int port = DefaultServerPort;
private String type = "SSLv3";
@@ -71,7 +71,7 @@ public class JSSE_SSLServer {
public String getKeystore() {
return configDir;
}
-
+
/**
* Main method to create the class server. This takes
* one command line arguments, the port on which the
@@ -92,11 +92,11 @@ public class JSSE_SSLServer {
String pwFile = "";
String nssConfig = "";
JSSE_SSLServer sslServer = new JSSE_SSLServer();
-
+
if ( args.length <= 1 ) {
System.out.println(
"USAGE: java JSSE_SSLServer [port] [TLS | SSLv3]" +
- "[ClientAuth = true | false]" +
+ "[ClientAuth = true | false]" +
"[config directory] [keystore filename]" +
"[NSS DB passwordFile]" +
"[JCE || Mozilla-JSS || Sunpkcs11]");
@@ -107,7 +107,7 @@ public class JSSE_SSLServer {
"client authentication as well.");
System.exit(1);
}
-
+
for (int i = 0; i < args.length; i++) {
System.out.println(i + " = " + args[i]);
}
@@ -132,7 +132,7 @@ public class JSSE_SSLServer {
if (args.length >= 8) {
pwFile = args[7];
}
-
+
System.out.println("Initializing " + args[5]);
CryptoManager.InitializationValues vals = new
CryptoManager.InitializationValues(configDir);
@@ -141,9 +141,9 @@ public class JSSE_SSLServer {
manager = CryptoManager.getInstance();
manager.setPasswordCallback(
new FilePasswordCallback(pwFile) );
-
+
} else if (args[5].equalsIgnoreCase("Sunpkcs11")) {
-
+
System.out.println("Sunpkcs11 requires JDK 1.5" +
"at this time JSS need to build with JDK 1.4.2");
//SunPKCS11 nssConfig = args[6];
@@ -151,33 +151,33 @@ public class JSSE_SSLServer {
//SunPKCS11 Provider nss = null;
//SunPKCS11 nss = new sun.security.pkcs11.SunPKCS11(nssConfig);
//SunPKCS11 Security.insertProviderAt(nss, 1);
-//SunPKCS11 System.out.println("Initialized " + args[5] + "-NSS");
-
+//SunPKCS11 System.out.println("Initialized " + args[5] + "-NSS");
+
} else {
- //use default
+ //use default
}
-
-
+
+
}
-
+
Provider[] providers = Security.getProviders();
for ( int i=0; i < providers.length; i++ ) {
System.out.println("Provider "+i+": "+providers[i].getName());
}
-
-
+
+
// System.out.println("using port: " + port);
// System.out.println("mode type " + type + " ClientAuth " +
// (bClientAuth ? "true" : "false"));
// System.out.println("configDir " + configDir);
-
+
try {
System.out.println("creating SSLSockets:");
-
- SSLServerSocketFactory ssf =
+
+ SSLServerSocketFactory ssf =
sslServer.getServerSocketFactory(type);
-
+
if ( ssf != null ) {
SSLServerSocket ss =
@@ -187,7 +187,7 @@ public class JSSE_SSLServer {
System.out.println("Enable ciphers.");
// Enable all the JSSE ciphersuites
ss.setEnabledCipherSuites(ss.getSupportedCipherSuites());
-
+
System.out.println("Create JSSE SSLServer");
((SSLServerSocket)ss).setNeedClientAuth(bClientAuth);
JSSE_SSLServer JSSEServ = new JSSE_SSLServer();
@@ -213,8 +213,8 @@ public class JSSE_SSLServer {
}
}
} else {
-
-
+
+
if(System.getProperty("java.vendor").equals("IBM Corporation")){
System.out.println("Using IBM JDK: Cannot load keystore " +
"due to strong security encryption settings\nwith " +
@@ -225,7 +225,7 @@ public class JSSE_SSLServer {
System.out.println("unable to initialize JSSE_SocketFactory " +
"exiting!");
System.exit(1);
-
+
}
} catch (Exception e) {
System.out.println("Unable to start JSSE_SSLServer: " +
@@ -237,7 +237,7 @@ public class JSSE_SSLServer {
// Exit gracefully
System.exit(0);
}
-
+
/**
* ReadWrite thread class that takes a
* SSLSocket as input and read then writes
@@ -246,14 +246,14 @@ public class JSSE_SSLServer {
private class readWriteThread extends Thread {
private Socket socket = null;
private int socketCntr = 0;
-
+
public readWriteThread(Socket sock, int cntr) {
this.socket = sock;
this.socketCntr = cntr;
}
-
+
public void run() {
-
+
try {
String inputLine = null;
String outputLine = null;
@@ -263,9 +263,9 @@ public class JSSE_SSLServer {
new InputStreamReader(is));
PrintWriter out = new PrintWriter(new BufferedWriter(
new OutputStreamWriter(os)));
-
+
while (true) {
-
+
try {
if ((inputLine = bir.readLine()) != null) {
if (inputLine.equalsIgnoreCase("shutdown")) {
@@ -279,7 +279,7 @@ public class JSSE_SSLServer {
System.exit(0);
}
outputLine = "ServerSSLSocket- " + socketCntr;
-
+
if (bVerbose) {
System.out.println("ServerSSLSocket-" +
socketCntr + ": Received " + inputLine);
@@ -299,7 +299,7 @@ public class JSSE_SSLServer {
}
break;
}
-
+
} catch (SocketTimeoutException ste) {
System.out.println("ServerSSLSocket-" + socketCntr +
" timed out: " + ste.toString());
@@ -309,7 +309,7 @@ public class JSSE_SSLServer {
break;
}
}
-
+
/* close streams and close socket */
is.close();
os.close();
@@ -319,54 +319,54 @@ public class JSSE_SSLServer {
" has been Closed.");
}
} catch (IOException e) {
-
+
e.printStackTrace();
}
-
+
}
}
-
-
-
+
+
+
SSLServerSocketFactory getServerSocketFactory(String type) {
-
+
// set up key manager to do server authentication
SSLContext ctx = null;
KeyManagerFactory kmf = null;
KeyStore ks = null;
char[] passphrase = "m1oZilla".toCharArray();
SSLServerSocketFactory ssf = null;
-
+
System.setProperty("javax.net.ssl.trustStore",
System.getProperty("java.home") + "/jre/lib/security/cacerts");
String certificate = "SunX509";
String javaVendor = System.getProperty("java.vendor");
if (javaVendor.equals("IBM Corporation"))
certificate = "IbmX509";
-
+
System.out.println("keystore loc: " + getKeystore());
-
+
if (!(type.equals("TLS") || type.equals("SSLv3"))) {
System.out.println("type must equal \'TLS\' or \'SSLv3\'\n");
System.exit(1);
}
-
+
try {
ctx = SSLContext.getInstance(type);
kmf = KeyManagerFactory.getInstance(certificate);
ks = KeyStore.getInstance("PKCS12");
-
+
ks.load(new FileInputStream(getKeystore()), passphrase);
kmf.init(ks, passphrase);
ctx.init(kmf.getKeyManagers(), null, null);
-
+
ssf = ctx.getServerSocketFactory();
return ssf;
} catch (Exception e) {
//if (Constants.debug_level > 3)
e.printStackTrace();
}
-
+
return ssf;
}
}
diff -up jss/org/mozilla/jss/tests/JSS_FileUploadClient.java.34 jss/org/mozilla/jss/tests/JSS_FileUploadClient.java
--- jss/org/mozilla/jss/tests/JSS_FileUploadClient.java.34 2016-08-16 14:28:31.327610795 -0700
+++ jss/org/mozilla/jss/tests/JSS_FileUploadClient.java 2016-08-16 14:28:31.418609244 -0700
@@ -17,7 +17,7 @@ import java.net.*;
import java.io.*;
public class JSS_FileUploadClient {
-
+
private String clientCertNick = null;
private String serverHost = null;
private boolean TestCertCallBack = false;
@@ -114,7 +114,7 @@ public class JSS_FileUploadClient {
public boolean isHandshakeCompleted() {
return this.handshakeCompleted;
}
-
+
/**
* Set handshakeCompleted flag to indicate
* that the socket handshake is coplete.
@@ -122,7 +122,7 @@ public class JSS_FileUploadClient {
public void setHandshakeCompleted() {
this.handshakeCompleted = true;
}
-
+
/**
* Clear handshakeCompleted flag to indicate
* that the system is now ready for another
@@ -131,43 +131,43 @@ public class JSS_FileUploadClient {
public void clearHandshakeCompleted() {
this.handshakeCompleted = false;
}
-
+
/**
* Set EOF for closing server socket
- * @param null for closing server socket
+ * @param fEof for closing server socket
*/
public void setEOF(String fEof) {
this.EOF = fEof;
}
-
+
/**
* ReadWrite thread class that takes a
* SSLSocket as input and sleeps
* for 2 sec between sending some test
* data and receiving.
* NOTE: If bufferedStream.mark(Integer.MAX_VALUE);
- * method is invoked then fill method of
- * BufferedInputStream class copies lot of data using
- * System.arraycopy (which in-turn use memcpy). This
+ * method is invoked then fill method of
+ * BufferedInputStream class copies lot of data using
+ * System.arraycopy (which in-turn use memcpy). This
* causes very high CPU usage.
*/
private class readWriteThread extends Thread {
private SSLSocket clientSock = null;
private int socketCntr = 0;
-
+
public readWriteThread(SSLSocket sock, int cntr) {
clientSock = sock;
socketCntr = cntr;
}
-
+
public void run() {
-
+
try {
String socketData = null;
char[] cbuf = null;
int readLength = 0;
String readString = null;
-
+
OutputStream os = clientSock.getOutputStream();
System.out.println("Reading file foo.in");
BufferedReader in = new BufferedReader(
@@ -176,7 +176,7 @@ public class JSS_FileUploadClient {
fUploadFile);
PrintWriter out = new PrintWriter(new BufferedWriter(
new OutputStreamWriter(os)));
-
+
while ((readString = in.readLine()) != null) {
System.out.println("Read:" + readString);
out.println(readString);
@@ -191,13 +191,13 @@ public class JSS_FileUploadClient {
}
}
}
-
+
/**
* Initialize and create a socket connection to
* SSLServer using the set parameters.
*/
public void doIt() throws Exception {
-
+
try {
CryptoManager.initialize(fCertDbPath);
cm = CryptoManager.getInstance();
@@ -206,25 +206,25 @@ public class JSS_FileUploadClient {
tok.login(cb);
} catch (Exception e) {
}
-
+
// connect to the server
if ( Constants.debug_level >= 3 )
System.out.println("client about to connect...");
-
+
String hostAddr =
InetAddress.getByName(serverHost).getHostAddress();
-
+
if ( Constants.debug_level >= 3 )
System.out.println("the host " + serverHost +
" and the address " + hostAddr);
-
+
SSLCertificateApprovalCallback approvalCallback =
new TestCertApprovalCallback();
SSLClientCertificateSelectionCallback certSelectionCallback =
new TestClientCertificateSelectionCallback();
-
+
SSLSocket sock = null;
-
+
if (TestCertCallBack) {
if ( Constants.debug_level >= 3 )
System.out.println("calling approvalCallBack");
@@ -240,7 +240,7 @@ public class JSS_FileUploadClient {
sock = new SSLSocket(InetAddress.getByName(hostAddr),
port);
}
-
+
if ( Constants.debug_level >= 3 )
System.out.println("clientCertNick=" + clientCertNick);
sock.setClientCertNickname(clientCertNick);
@@ -251,7 +251,7 @@ public class JSS_FileUploadClient {
System.out.println("Client specified cert by nickname");
System.out.println("client connected");
}
-
+
// Set socket timeout to 10 sec
//sock.setSoTimeout(10 * 1000);
//sock.setKeepAlive(true);
@@ -261,7 +261,7 @@ public class JSS_FileUploadClient {
readWriteThread rwThread = new readWriteThread(sock, 0);
rwThread.start();
}
-
+
/**
* SSL Handshake Listener implementation.
*/
@@ -291,26 +291,26 @@ public class JSS_FileUploadClient {
setHandshakeCompleted();
}
}
-
+
/**
* Set status return value to false.
*/
public synchronized void setFailure() {
success = false;
}
-
+
/**
* Set status return value to success.
*/
public synchronized boolean getSuccess() {
return success;
}
-
+
/**
* Main method. Used for unit testing.
*/
public static void main(String[] args) {
-
+
String certnick = "JSSCATestCert";
String testCipher = "1";
String testhost = "localhost";
@@ -319,13 +319,13 @@ public class JSS_FileUploadClient {
String certDbPath = null;
String passwdFile = null;
String uploadFile = "foo.in";
-
+
String usage = "\nUSAGE:\n" +
"java org.mozilla.jss.tests.JSS_FileUploadClient" +
" [# sockets] [JSS cipher integer]\n[certdb path]" +
" [password file] [upload test file] " +
" [server host] [server port]";
-
+
try {
if (args.length <= 0 || args[0].toLowerCase().equals("-h")) {
System.out.println(usage);
@@ -336,42 +336,42 @@ public class JSS_FileUploadClient {
}
testCipher = (String)args[1];
System.out.println("Test Cipher = " + testCipher);
-
+
if ( args.length >= 3 ) {
certDbPath = (String)args[2];
passwdFile = (String)args[3];
}
-
+
if ( args.length >= 5 ) {
uploadFile = (String)args[4];
testhost = (String)args[5];
testport = new Integer(args[6]).intValue();
}
} catch (Exception e) { }
-
+
System.out.println("Client connecting to server ...");
-
+
for ( int j=0; j<socketCntr; j++) {
JSS_FileUploadClient jssTest = new JSS_FileUploadClient();
try {
if ( !testhost.equals("localhost") )
jssTest.setHostName(testhost);
-
+
if ( testport != 29755 )
jssTest.setPort(testport);
-
+
jssTest.setTestCertCallback(true);
jssTest.setClientCertNick(certnick);
-
+
if ( certDbPath != null )
jssTest.setCertDbPath(certDbPath);
-
+
if ( passwdFile != null )
jssTest.setPasswordFile(passwdFile);
-
+
if ( !uploadFile.equals("foo.in") )
jssTest.setUploadFile(uploadFile);
-
+
if ( testCipher != null ) {
try {
jssTest.setCipher(new Integer(testCipher).intValue());
diff -up jss/org/mozilla/jss/tests/JSS_SelfServClient.java.34 jss/org/mozilla/jss/tests/JSS_SelfServClient.java
--- jss/org/mozilla/jss/tests/JSS_SelfServClient.java.34 2016-08-16 14:28:31.329610761 -0700
+++ jss/org/mozilla/jss/tests/JSS_SelfServClient.java 2016-08-16 14:28:31.419609227 -0700
@@ -51,13 +51,13 @@ import java.util.*;
interface ConstantsBase {
// Test all implemented ciphersuites
public static final int TEST_CIPHERS = -1;
-
+
}
public class JSS_SelfServClient implements ConstantsBase, Constants {
-
+
private String clientCertNick = "default";
private String serverHost = "localhost";
private String ciphersuiteTested = null;
@@ -75,7 +75,7 @@ public class JSS_SelfServClient implemen
private boolean bBypassPKCS11 = false;
/* ciphersuites to test */
private ArrayList ciphersToTest = new ArrayList();
-
+
private CryptoManager cm = null;
private CryptoToken tok = null;
private PasswordCallback cb = null;
@@ -91,11 +91,11 @@ public class JSS_SelfServClient implemen
/* JSS only needs to be initailized for one instance */
private static boolean bJSS = false;
private ThreadGroup socketThreads = new ThreadGroup("SSLSockets");
-
+
public void setTestCiphers(boolean t) {
bTestCiphers = t;
}
-
+
public boolean getTestCiphers() {
return bTestCiphers;
}
@@ -114,30 +114,30 @@ public class JSS_SelfServClient implemen
* }
*}
*/
-
+
}
-
+
public void setVerbose(boolean v) {
bVerbose = v;
}
public void setBypassPKCS11(boolean f) {
bBypassPKCS11 = f;
}
-
+
public boolean getBypassPKCS11() {
return bBypassPKCS11;
}
-
+
/**
* returns true if JSS is sync with NSS ciphersuites.
*/
public boolean testJSSCiphersMatchNSS() {
-
+
initJSS();
boolean cipherSuites = true;
int ciphers[] =
org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites();
-
+
for (int i = 0; i < ciphers.length; i++) {
//if we do not find the ciphersuite than the JSS
// table is out of date.
@@ -147,7 +147,7 @@ public class JSS_SelfServClient implemen
Integer.toHexString(ciphers[i]));
}
}
-
+
if (!cipherSuites) {
System.out.println("ERROR: NSS has implemented " +
"ciphersuites that JSS does not support!\n");
@@ -157,23 +157,23 @@ public class JSS_SelfServClient implemen
"SSLSocket.java");
System.out.println("Update org/mozilla/jss/tests/" +
"Constants.java");
-
+
System.out.println("NSS implemented ciphersuites " +
"missing from JSS");
}
return cipherSuites;
}
-
+
public void configureDefaultSSLOptions() {
initJSS();
try {
//Disable SSL2
SSLSocket.enableSSL2Default(false);
-
+
//if in FIPS mode disable SSL3
if (bFipsMode)
SSLSocket.enableSSL3Default(false);
-
+
if (bBypassPKCS11 && !bFipsMode)
SSLSocket.bypassPKCS11Default(true);
} catch (SocketException ex) {
@@ -181,12 +181,12 @@ public class JSS_SelfServClient implemen
System.exit(1);
}
}
-
+
public void configureCipherSuites(String server) {
int ciphers[] =
org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites();
boolean testCipher;
-
+
for (int i = 0; i < ciphers.length; ++i) {
String ciphersuite = Constants.cipher.cipherToString(ciphers[i]);
testCipher = true;
@@ -203,7 +203,7 @@ public class JSS_SelfServClient implemen
}
if (server.equalsIgnoreCase("JSS")) {
//For JSS SSLServer don't test
-
+
if ((ciphersuite.indexOf("_DHE_") != -1) ||
(ciphersuite.indexOf("SSL2") != -1) ||
//Need to figure out why _ECDH_RSA don't work
@@ -257,7 +257,7 @@ public class JSS_SelfServClient implemen
testCipher = false;
}
}
-
+
if (testCipher) {
if (bFipsMode) {
try {
@@ -275,12 +275,12 @@ public class JSS_SelfServClient implemen
}
}
}
-
+
if (bVerbose) System.out.print("\n");
-
+
if(bVerbose) System.out.println("\nTesting " + ciphersToTest.size() +
" ciphersuites.");
-
+
}
/**
*For every enabled ciphersuite created numOfThreads connections.
@@ -332,11 +332,11 @@ public class JSS_SelfServClient implemen
} catch (SocketException ex) {
ex.printStackTrace();
}
-
+
//Disable all Ciphers we only want the one cipher
//to be turned on
for (int i = 0; i < ciphers.length; i++) {
-
+
try {
if (SSLSocket.getCipherPreferenceDefault(ciphers[i])) {
// System.out.println("Implemented Cipher Suite: " +
@@ -410,16 +410,16 @@ public class JSS_SelfServClient implemen
System.exit(1);
}
}
-
+
/**
* Return true if handshake is completed
* else return false;
- * @return boolean handshake status
+ * @return handshake status
*/
public boolean isHandshakeCompleted() {
return this.handshakeCompleted;
}
-
+
/**
* Set handshakeCompleted flag to indicate
* that the socket handshake is coplete.
@@ -427,7 +427,7 @@ public class JSS_SelfServClient implemen
public void setHandshakeCompleted() {
this.handshakeCompleted = true;
}
-
+
/**
* Clear handshakeCompleted flag to indicate
* that the system is now ready for another
@@ -436,14 +436,14 @@ public class JSS_SelfServClient implemen
public void clearHandshakeCompleted() {
this.handshakeCompleted = false;
}
-
+
/**
* returns the total number SSLSockets created.
*/
public int getSockTotal() {
return sockID;
}
-
+
/**
* ReadWrite thread class that takes a
* SSLSocket as input and sleeps
@@ -454,7 +454,7 @@ public class JSS_SelfServClient implemen
private SSLSocket clientSock = null;
private String socketID = null;
private String ciphersuite;
-
+
public readWriteThread(ThreadGroup tgOb,
String tName, String cs, SSLSocket sock) {
super(tgOb, tName);
@@ -465,9 +465,9 @@ public class JSS_SelfServClient implemen
clientSock = sock;
socketID = tName;
}
-
+
public void run() {
-
+
try {
String outputLine = null;
String inputLine = null;
@@ -477,7 +477,7 @@ public class JSS_SelfServClient implemen
new InputStreamReader(is));
PrintWriter out = new PrintWriter(new BufferedWriter(
new OutputStreamWriter(os)));
-
+
while (true) {
outputLine = ciphersuite + ":" + socketID + "\n";
if (bVerbose) {
@@ -507,10 +507,10 @@ public class JSS_SelfServClient implemen
} catch (Exception e) {
e.printStackTrace();
}
-
+
}
}
-
+
private void initJSS() {
if (bJSS) {
return; /* JSS already initialized */
@@ -520,7 +520,7 @@ public class JSS_SelfServClient implemen
CryptoManager.InitializationValues(fCertDbPath);
CryptoManager.initialize(vals);
cm = CryptoManager.getInstance();
-
+
if (cm.FIPSEnabled()) {
System.out.println("The database is in FIPSMODE");
bFipsMode = true;
@@ -558,14 +558,14 @@ public class JSS_SelfServClient implemen
System.exit(1);
}
}
-
+
public boolean isServerAlive() {
boolean isServerAlive = false;
-
+
try {
SSLSocket s = null;
if (bVerbose) System.out.println("Confirming Server is alive ");
-
+
//TLS_RSA_WITH_AES_128_CBC_SHA works in FIPS and Non FIPS mode.
//and with JSS and JSSE SSL servers.
setCipher(SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA);
@@ -574,14 +574,14 @@ public class JSS_SelfServClient implemen
for (int i = 0; i < 20; i++) {
s = createSSLSocket();
if (s != null) break;
-
+
Thread.sleep(1000);
}
if (s != null) {
s.close();
isServerAlive = true;
}
-
+
} catch (InterruptedException ex) {
ex.printStackTrace();
System.exit(1);
@@ -591,8 +591,8 @@ public class JSS_SelfServClient implemen
}
return isServerAlive;
}
-
-
+
+
/**
* sendServerShutdownMsg
*/
@@ -601,7 +601,7 @@ public class JSS_SelfServClient implemen
SSLSocket s = null;
if (bVerbose) System.out.println("Sending shutdown message " +
"to server.");
-
+
if (aWorkingCipher == 0) {
System.out.println("no ciphersuite was able to connect to " +
"the server!");
@@ -626,7 +626,7 @@ public class JSS_SelfServClient implemen
* closes the SSLSocket
*/
public void closeAllSockets() {
-
+
try {
SSLSocket s;
long start = System.currentTimeMillis();
@@ -635,7 +635,7 @@ public class JSS_SelfServClient implemen
s = (SSLSocket) sIter.next();
s.close();
}
-
+
System.out.println("Waiting till all threads are dead");
int i = 0;
while (socketThreads.activeCount() > 0) {
@@ -663,33 +663,33 @@ public class JSS_SelfServClient implemen
} catch (IOException ex) {
ex.printStackTrace();
System.exit(1);
-
+
} catch (InterruptedException ex) {
ex.printStackTrace();
System.exit(1);
-
+
}
-
+
}
-
+
/**
* returns a connected SSLSocket or null if unable to connect.
*/
private SSLSocket createSSLSocket() {
SSLSocket sock = null;
try {
-
+
// connect to the server
if ( bVerbose )
System.out.println("client about to connect...");
-
+
String hostAddr =
InetAddress.getByName(serverHost).getHostAddress();
-
+
if ( bVerbose )
System.out.println("the host " + serverHost +
" and the address " + hostAddr);
-
+
if (TestCertCallBack) {
if ( bVerbose )
System.out.println("calling approvalCallBack");
@@ -705,33 +705,33 @@ public class JSS_SelfServClient implemen
sock = new SSLSocket(InetAddress.getByName(hostAddr),
port);
}
-
+
if (clientCertNick.equalsIgnoreCase("default")) {
-
+
sock.setClientCertNickname("Client_RSA");
sock.setClientCertNickname("Client_ECDSA");
sock.setClientCertNickname("Client_DSS");
} else {
-
+
sock.setClientCertNickname(clientCertNick);
if ( bVerbose ) {
System.out.println("Client specified cert by nickname");
}
-
+
}
-
+
//Ensure the ciphersuite is disable, then enabled only it.
if (sock.getCipherPreference(fCipher)) {
System.out.println("Ciphersuite should have been disabled?");
System.exit(1);
-
+
} else {
sock.setCipherPreference(fCipher, true);
}
-
+
sock.addHandshakeCompletedListener(
new HandshakeListener("client",this));
-
+
sock.forceHandshake();
sock.setSoTimeout(10*1000);
sockList.add(sock);
@@ -740,7 +740,7 @@ public class JSS_SelfServClient implemen
if ( bVerbose ) {
System.out.println("client connected");
}
-
+
} catch (SocketException ex) {
if (bTestCiphers) {
sock = null;
@@ -755,26 +755,26 @@ public class JSS_SelfServClient implemen
ex.printStackTrace();
System.exit(1);
}
-
+
return sock;
-
+
}
-
+
public void outputCipherResults() {
String banner = new String
("\n-------------------------------------------------------\n");
-
+
System.out.println(banner);
System.out.println("JSS has " +
org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites().length +
" ciphersuites and " +
ciphersToTest.size() + " were configured and tested.");
-
+
if (ciphersToTest.size() == h_ciphers.size()) {
System.out.println("All " + ciphersToTest.size() +
" configured ciphersuites tested Successfully!\n");
}
-
+
if (!h_ciphers.isEmpty()) {
if (!f_ciphers.isEmpty()) {
System.out.println(banner);
@@ -785,14 +785,14 @@ public class JSS_SelfServClient implemen
Iterator iter = h_ciphers.iterator();
while (iter.hasNext()) {
System.out.println((String) iter.next());
-
+
}
}
if (bFipsMode) {
System.out.println("Note: ciphersuites that have the prefix " +
"\"SSL\" or \"SSL3\" were used in TLS mode.");
}
-
+
if (ciphersToTest.size()
!= (h_ciphers.size() + f_ciphers.size())) {
System.out.println("ERROR: did not test all expected ciphersuites");
@@ -805,14 +805,14 @@ public class JSS_SelfServClient implemen
Iterator iter = f_ciphers.iterator();
while (iter.hasNext()) {
System.out.println((String) iter.next());
-
+
}
System.out.println("we should have no failed ciphersuites!");
System.exit(1);
}
-
+
System.out.println(banner);
-
+
}
/**
* Initialize given number of SSLSocket client connection to the
@@ -839,14 +839,14 @@ public class JSS_SelfServClient implemen
break;
}
}
-
+
if ( bVerbose ) {
System.out.println("Active thread count: " +
socketThreads.activeCount());
System.out.println("Total threads created: " + getSockTotal());
}
}
-
+
/**
* SSL Handshake Listener implementation.
*/
@@ -877,27 +877,27 @@ public class JSS_SelfServClient implemen
setHandshakeCompleted();
}
}
-
+
/**
* Set status return value to false.
*/
public synchronized void setFailure() {
success = false;
}
-
+
/**
* Set status return value to success.
*/
public synchronized boolean getSuccess() {
return success;
}
-
+
/**
* Main method. Used for unit testing.
*/
public static void main(String[] args) {
-
-
+
+
String certnick = "default";
int testCipher = TEST_CIPHERS;
String testhost = "localhost";
@@ -919,7 +919,7 @@ public class JSS_SelfServClient implemen
"\n\nOptional:\n" +
"[certdb path] [password file] [server host] [server port]" +
"[bypass] [verbose] [server = JSS or JSSE] [ClientCert]";
-
+
try {
if (args.length <= 0 ||
args[0].toLowerCase().equals("-h")) {
@@ -959,35 +959,35 @@ public class JSS_SelfServClient implemen
bVerbose = true;
}
if (args.length >= 9) {
-
+
server = args[8].toUpperCase();
}
if (args.length >=10) {
certnick = (String)args[9];
System.out.println("certnickname: " + certnick);
}
-
-
+
+
} catch (Exception e) {
System.out.println("Unknown exception : " + e.getMessage());
System.exit(1);
}
-
+
System.out.println("Client connecting to server: " + testhost +
":" + testport);
-
+
JSS_SelfServClient jssTest = new JSS_SelfServClient();
try {
if ( !testhost.equals("localhost") )
jssTest.setHostName(testhost);
-
+
if ( testport != 29754 )
jssTest.setPort(testport);
jssTest.setPasswordFile(passwdFile);
jssTest.setCertDbPath(certDbPath);
jssTest.setVerbose(bVerbose);
jssTest.initJSS();
-
+
if (!jssTest.testJSSCiphersMatchNSS()) {
System.out.println("JSS needs to update the ciphersuites!");
System.exit(1);
@@ -995,13 +995,13 @@ public class JSS_SelfServClient implemen
jssTest.setTestCertCallback(true);
jssTest.setBypassPKCS11(bBypassPKCS11);
jssTest.configureDefaultSSLOptions();
-
+
if ( certDbPath != null )
jssTest.setCertDbPath(certDbPath);
-
+
if ( passwdFile != null )
jssTest.setPasswordFile(passwdFile);
-
+
if (!jssTest.isServerAlive()) {
System.out.println("Server " + testhost + ":" +
testport + " is not Alive.\nIf this test was ran by " +
@@ -1009,7 +1009,7 @@ public class JSS_SelfServClient implemen
"and check network issues.");
System.exit(1);
}
-
+
if (testCipher != TEST_CIPHERS) {
jssTest.setClientCertNick(certnick);
jssTest.setTestCiphers(false);
@@ -1024,18 +1024,18 @@ public class JSS_SelfServClient implemen
ex.printStackTrace();
System.exit(1);
}
-
+
if (jssTest.getSockTotal() == 0 ) {
System.out.println("No SSLSockets created check your " +
"configuration.");
System.exit(1);
}
-
+
// choose how to exit the program
System.out.println(jssTest.getSockTotal() + " SSLSockets created.");
System.out.println("Each created SSLSocket is reading/writing to" +
" the SSLServer.");
-
+
if (jssTest.getTestCiphers()) {
try {
//Sleep for 30 seconds
@@ -1049,13 +1049,13 @@ public class JSS_SelfServClient implemen
jssTest.outputCipherResults();
System.exit(0);
}
-
+
System.out.println("You can choose to exit the program enter:" +
"\n\t\'A\' to abort with out closing the sockets." +
"\n\t\'C\' to close all client sockets (server will not quit)" +
"\n\tor any other letter to close all sockets and tell the" +
"server to quit.");
-
+
try {
BufferedReader stdin = new BufferedReader(new
InputStreamReader(System.in));
@@ -1073,7 +1073,7 @@ public class JSS_SelfServClient implemen
ex.printStackTrace();
System.exit(1);
}
-
+
System.exit(0);
}
}