Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-12 21:05:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix Bug 87650: replace slot traversal functions with list functions.

Browse Source 
Use SECKEY_ImportDERPublicKey.
Add SecureRandom provider.
Get CERTCertificateRequestTemplate through accessor function.
This commit is contained in:
nicolson%netscape.com 2001-06-25 19:34:52 +00:00
parent 46c3dc53ea
commit 53fa9f7928
9 changed files with 182 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
security/jss/org/mozilla/jss/crypto/TokenSupplier.java
View File

@ -41,4 +41,5 @@ package org.mozilla.jss.crypto;
*/
public interface TokenSupplier {
public CryptoToken getInternalCryptoToken();
public JSSSecureRandom getSecureRNG();
}

33
security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c
View File

@ -472,7 +472,7 @@ finish:
* SubjectPublicKeyInfo.
*/
static jobject
pubkFromRaw(JNIEnv *env, KeyType type, jbyteArray rawBA)
pubkFromRaw(JNIEnv *env, CK_KEY_TYPE type, jbyteArray rawBA)
{
jobject pubkObj=NULL;
SECKEYPublicKey *pubk=NULL;
@ -480,7 +480,7 @@ pubkFromRaw(JNIEnv *env, KeyType type, jbyteArray rawBA)
SECItem *pubkDER=NULL;
/* validate args */
PR_ASSERT(env!=NULL && (type == rsaKey || type == dsaKey));
PR_ASSERT(env!=NULL && (type == CKK_RSA || type == CKK_DSA));
if( rawBA == NULL ) {
JSS_throw(env, NULL_POINTER_EXCEPTION);
goto finish;
@ -492,24 +492,8 @@ pubkFromRaw(JNIEnv *env, KeyType type, jbyteArray rawBA)
goto finish;
}
pubk = PR_NEW(SECKEYPublicKey);
if(pubk == NULL) {
JSS_throw(env, OUT_OF_MEMORY_ERROR);
goto finish;
}
pubk->arena = NULL;
pubk->pkcs11Slot = NULL;
pubk->pkcs11ID = CK_INVALID_HANDLE;
pubk->keyType = type;
if( type == rsaKey ) {
rv = SEC_ASN1DecodeItem(NULL, pubk, SECKEY_RSAPublicKeyTemplate,
pubkDER);
} else {
rv = SEC_ASN1DecodeItem(NULL, pubk, SECKEY_DSAPublicKeyTemplate,
pubkDER);
}
if( rv != SECSuccess ) {
pubk = SECKEY_ImportDERPublicKey(pubkDER, type);
if( pubk == NULL ) {
JSS_throw(env, INVALID_KEY_FORMAT_EXCEPTION);
goto finish;
}
@ -522,11 +506,6 @@ pubkFromRaw(JNIEnv *env, KeyType type, jbyteArray rawBA)
}
finish:
if(pubk!=NULL) {
/* this will only happen if we failed the ASN1 decoding, meaning
* there's no data stored in the internal SECItems */
PR_Free(pubk);
}
if(pubkDER!=NULL) {
SECITEM_FreeItem(pubkDER, PR_TRUE /*freeit*/);
}
@ -541,7 +520,7 @@ JNIEXPORT jobject JNICALL
Java_org_mozilla_jss_pkcs11_PK11PubKey_RSAFromRaw
(JNIEnv *env, jclass clazz, jbyteArray rawBA)
{
return pubkFromRaw(env, rsaKey, rawBA);
return pubkFromRaw(env, CKK_RSA, rawBA);
}
/***********************************************************************
@ -552,7 +531,7 @@ JNIEXPORT jobject JNICALL
Java_org_mozilla_jss_pkcs11_PK11PubKey_DSAFromRaw
(JNIEnv *env, jclass clazz, jbyteArray rawBA)
{
return pubkFromRaw(env, dsaKey, rawBA);
return pubkFromRaw(env, CKK_DSA, rawBA);
}
/***********************************************************************

142
security/jss/org/mozilla/jss/pkcs11/PK11Store.c
View File

@ -179,19 +179,6 @@ finish:
return status;
}
/**********************************************************************
* keyTraversalCallback
*
* Given a private key and vector, inserts the private key into the vector.
*
*/
static SECStatus
keyTraversalCallback(SECKEYPrivateKey *key, void *arg)
{
PR_ASSERT( ((TraversalCallbackInfo*)arg)->type == KEY_OBJECT);
return traversalCallback( (void*)key, arg);
}
/**********************************************************************
* certTraversalCallback
*
@ -214,7 +201,12 @@ Java_org_mozilla_jss_pkcs11_PK11Store_putKeysInVector
(JNIEnv *env, jobject this, jobject keyVector)
{
PK11SlotInfo *slot;
TraversalCallbackInfo info;
SECKEYPrivateKeyList *keyList = NULL;
SECKEYPrivateKey* keyCopy = NULL;
jobject object = NULL;
jclass vectorClass;
jmethodID addElement;
SECKEYPrivateKeyListNode *node = NULL;
PR_ASSERT(env!=NULL && this!=NULL && keyVector!=NULL);
@ -224,10 +216,6 @@ Java_org_mozilla_jss_pkcs11_PK11Store_putKeysInVector
}
PR_ASSERT(slot!=NULL);
info.env = env;
info.vector = keyVector;
info.type = KEY_OBJECT;
/*
* Most, if not all, tokens have to be logged in before they allow
* access to their private keys, so try to login here. If we're already
@ -237,18 +225,57 @@ Java_org_mozilla_jss_pkcs11_PK11Store_putKeysInVector
*/
PK11_Authenticate(slot, PR_TRUE /*load certs*/, NULL /*wincx*/);
if( PK11_TraversePrivateKeysInSlot(slot,
keyTraversalCallback,
(void*)&info) != SECSuccess)
{
if( ! (*env)->ExceptionOccurred(env) ) {
JSS_throwMsg(env, TOKEN_EXCEPTION,
"PK11_TraverseSlot returned an error");
}
/*
* Get the list of keys on this token
*/
keyList = PK11_ListPrivateKeysInSlot(slot);
if( keyList == NULL ) {
JSS_throwMsg(env, TOKEN_EXCEPTION, "PK11_ListPrivateKeysInSlot "
"returned an error");
goto finish;
}
/**************************************************
* Get JNI ids
**************************************************/
vectorClass = (*env)->GetObjectClass(env, keyVector);
if(vectorClass == NULL) {
ASSERT_OUTOFMEM(env);
goto finish;
}
addElement = (*env)->GetMethodID(env,
vectorClass,
VECTOR_ADD_ELEMENT_NAME,
VECTOR_ADD_ELEMENT_SIG);
if(addElement == NULL) {
ASSERT_OUTOFMEM(env);
goto finish;
}
for( node = PRIVKEY_LIST_HEAD(keyList);
!PRIVKEY_LIST_END(node, keyList);
node = PRIVKEY_LIST_NEXT(node) )
{
/***************************************************
* Wrap the object
***************************************************/
keyCopy = SECKEY_CopyPrivateKey(node->key);
object = JSS_PK11_wrapPrivKey(env, &keyCopy);
if(object == NULL) {
PR_ASSERT( (*env)->ExceptionOccurred(env) );
goto finish;
}
/***************************************************
* Insert the key into the vector
***************************************************/
(*env)->CallVoidMethod(env, keyVector, addElement, object);
}
finish:
if( keyList != NULL ) {
SECKEY_DestroyPrivateKeyList(keyList);
}
return;
}
@ -260,7 +287,12 @@ Java_org_mozilla_jss_pkcs11_PK11Store_putCertsInVector
(JNIEnv *env, jobject this, jobject certVector)
{
PK11SlotInfo *slot;
TraversalCallbackInfo info;
jclass vectorClass;
jmethodID addElement;
CERTCertList *certList = NULL;
CERTCertificate *certCopy;
CERTCertListNode *node = NULL;
jobject object;
PR_ASSERT(env!=NULL && this!=NULL && certVector!=NULL);
@ -277,22 +309,54 @@ Java_org_mozilla_jss_pkcs11_PK11Store_putCertsInVector
PK11_Authenticate(slot, PR_TRUE /*load certs*/, NULL /*wincx*/);
}
info.env = env;
info.vector = certVector;
info.type = CERT_OBJECT;
if( PK11_TraverseCertsInSlot(slot,
certTraversalCallback,
(void*)&info) != SECSuccess)
{
if( ! (*env)->ExceptionOccurred(env) ) {
JSS_throwMsg(env, TOKEN_EXCEPTION,
"PK11_TraverseSlot returned an error");
}
certList = PK11_ListCertsInSlot(slot);
if( certList == NULL ) {
JSS_throwMsg(env, TOKEN_EXCEPTION, "PK11_ListCertsInSlot "
"returned an error");
goto finish;
}
/**************************************************
* Get JNI ids
**************************************************/
vectorClass = (*env)->GetObjectClass(env, certVector);
if(vectorClass == NULL) {
ASSERT_OUTOFMEM(env);
goto finish;
}
addElement = (*env)->GetMethodID(env,
vectorClass,
VECTOR_ADD_ELEMENT_NAME,
VECTOR_ADD_ELEMENT_SIG);
if(addElement == NULL) {
ASSERT_OUTOFMEM(env);
goto finish;
}
for( node = CERT_LIST_HEAD(certList);
!CERT_LIST_END(node, certList);
node = CERT_LIST_NEXT(node) )
{
/***************************************************
* Wrap the object
***************************************************/
certCopy = CERT_DupCertificate(node->cert);
object = JSS_PK11_wrapCert(env, &certCopy);
if(object == NULL) {
PR_ASSERT( (*env)->ExceptionOccurred(env) );
goto finish;
}
/***************************************************
* Insert the cert into the vector
***************************************************/
(*env)->CallVoidMethod(env, certVector, addElement, object);
}
finish:
if( certList != NULL ) {
CERT_DestroyCertList(certList);
}
return;
}

2
security/jss/org/mozilla/jss/pkcs11/PK11Token.c
View File

@ -1100,7 +1100,7 @@ GenerateCertRequest(JNIEnv *env,
/* der encode the request */
blob = SEC_ASN1EncodeItem(req->arena, &result_der, req,
CERT_CertificateRequestTemplate);
SEC_ASN1_GET(CERT_CertificateRequestTemplate));
/* sign the request */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);

62
security/jss/org/mozilla/jss/provider/PKCS11SecureRandom.java Normal file
View File

@ -0,0 +1,62 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
package org.mozilla.jss.provider;
import org.mozilla.jss.crypto.TokenSupplierManager;
import org.mozilla.jss.crypto.JSSSecureRandom;
public class PKCS11SecureRandom extends java.security.SecureRandomSpi {
JSSSecureRandom engine;
PKCS11SecureRandom() {
super();
engine = TokenSupplierManager.getTokenSupplier().getSecureRNG();
}
protected byte[]
engineGenerateSeed(int numBytes) {
byte[] bytes = new byte[numBytes];
engine.nextBytes(bytes);
return bytes;
}
protected void
engineNextBytes(byte[] bytes) {
engine.nextBytes(bytes);
}
protected void
engineSetSeed(byte[] seed) {
engine.setSeed(seed);
}
}

5
security/jss/org/mozilla/jss/provider/Provider.java
View File

@ -73,5 +73,10 @@ public class Provider extends java.security.Provider {
put("Alg.Alias.MessageDigest.SHA1", "SHA-1");
put("Alg.Alias.MessageDigest.SHA", "SHA-1");
/////////////////////////////////////////////////////////////
// SecureRandom
/////////////////////////////////////////////////////////////
put("mozilla.pkcs11.prng",
"org.mozilla.jss.provider.PKCS11SecureRandom");
}
}

2
security/jss/org/mozilla/jss/provider/manifest.mn
View File

@ -52,6 +52,7 @@ CLASSES = \
MD2RSASignature \
SHA1MessageDigest \
SHA1RSASignature \
PKCS11SecureRandom \
$(NULL)
JSRCS = \
@ -65,4 +66,5 @@ JSRCS = \
MD2RSASignature.java \
SHA1MessageDigest.java \
SHA1RSASignature.java \
PKCS11SecureRandom.java \
$(NULL)

4
security/jss/samples/TestCryptoStore.java
View File

@ -49,9 +49,7 @@ public class TestCryptoStore {
try {
CryptoManager.InitializationValues vals = new
CryptoManager.InitializationValues( args[0]+"/secmodule.db",
args[0]+"/key3.db",
args[0]+"/cert7.db" );
CryptoManager.InitializationValues(args[0]);
try {
vals.setInternalTokenDescription
("TestCryptoStore Internal Token "); // too long

5
security/jss/samples/TestKeyGen.java
View File

@ -77,10 +77,7 @@ public class TestKeyGen {
}
CryptoManager.InitializationValues vals = new
CryptoManager.InitializationValues(
args[0]+"/secmodule.db",
args[0]+"/key3.db",
args[0]+"/cert7.db" );
CryptoManager.InitializationValues( args[0] );
CryptoManager.initialize(vals);
manager = CryptoManager.getInstance();