mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-29 07:42:04 +00:00
338484 Run SSL tests in FIPS mode
This commit is contained in:
glen.beasley%sun.com
parent
92b6fc2615
commit
bbe5f84528
@ -56,7 +56,7 @@ import org.mozilla.jss.provider.java.security.JSSMessageDigestSpi;
|
||||
* Initialization is done with static methods, and must be done before
|
||||
* an instance can be created. All other operations are done with instance
|
||||
* methods.
|
||||
* @version $Revision: 1.43 $ $Date: 2006/05/11 22:58:32 $
|
||||
* @version $Revision: 1.44 $ $Date: 2006/05/24 03:09:42 $
|
||||
*/
|
||||
public final class CryptoManager implements TokenSupplier
|
||||
{
|
||||
@ -281,7 +281,7 @@ public final class CryptoManager implements TokenSupplier
|
||||
internalTokenDescription = s;
|
||||
}
|
||||
private String internalTokenDescription =
|
||||
"Internal Crypto Services Token ";
|
||||
"NSS Generic Crypto Services ";
|
||||
|
||||
////////////////////////////////////////////////////////////////////
|
||||
// Internal Key Storage Token Description
|
||||
@ -368,14 +368,15 @@ public final class CryptoManager implements TokenSupplier
|
||||
internalKeyStorageSlotDescription = s;
|
||||
}
|
||||
private String internalKeyStorageSlotDescription =
|
||||
"NSS Internal Private Key and Certificate Storage ";
|
||||
"NSS User Private Key and Certificate Services ";
|
||||
|
||||
////////////////////////////////////////////////////////////////////
|
||||
// FIPS Slot Description
|
||||
////////////////////////////////////////////////////////////////////
|
||||
/**
|
||||
* Returns the description of the internal PKCS #11 FIPS slot.
|
||||
* <p>The default is <code>"NSS Internal FIPS-140-1 Cryptographic Services "</code>.
|
||||
* <p>The default is
|
||||
* <code>"NSS FIPS 140-2 User Private Key Services"</code>.
|
||||
*/
|
||||
public String getFIPSSlotDescription() {
|
||||
return FIPSSlotDescription;
|
||||
@ -397,7 +398,7 @@ public final class CryptoManager implements TokenSupplier
|
||||
FIPSSlotDescription = s;
|
||||
}
|
||||
private String FIPSSlotDescription =
|
||||
"NSS Internal FIPS-140-1 Cryptographic Services ";
|
||||
"NSS FIPS 140-2 User Private Key Services ";
|
||||
|
||||
////////////////////////////////////////////////////////////////////
|
||||
// FIPS Key Storage Slot Description
|
||||
@ -405,7 +406,8 @@ public final class CryptoManager implements TokenSupplier
|
||||
/**
|
||||
* Returns the description of the internal PKCS #11 FIPS
|
||||
* Key Storage slot.
|
||||
* <p>The default is <code>"NSS Internal FIPS-140-1 Private Key and Certificate Storage "</code>.
|
||||
* <p>The default is
|
||||
* <code>"NSS FIPS 140-2 User Private Key Services"</code>.
|
||||
*/
|
||||
public String getFIPSKeyStorageSlotDescription() {
|
||||
return FIPSKeyStorageSlotDescription;
|
||||
@ -427,7 +429,7 @@ public final class CryptoManager implements TokenSupplier
|
||||
FIPSKeyStorageSlotDescription = s;
|
||||
}
|
||||
private String FIPSKeyStorageSlotDescription =
|
||||
"NSS Internal FIPS-140-1 Private Key and Certificate Storage ";
|
||||
"NSS FIPS 140-2 User Private Key Services ";
|
||||
|
||||
/**
|
||||
* To have NSS check the OCSP responder for when verifying
|
||||
@ -728,7 +730,7 @@ public final class CryptoManager implements TokenSupplier
|
||||
///////////////////////////////////////////////////////////////////////
|
||||
|
||||
/**
|
||||
* Enables or disables FIPS-140-1 compliant mode. If this returns true,
|
||||
* Enables or disables FIPS-140-2 compliant mode. If this returns true,
|
||||
* you must reloadModules(). This should only be called once in a program,
|
||||
* at the beginning, because it invalidates tokens and modules.
|
||||
*
|
||||
@ -738,9 +740,9 @@ public final class CryptoManager implements TokenSupplier
|
||||
throws GeneralSecurityException;
|
||||
|
||||
/**
|
||||
* Determines whether FIPS-140-1 compliance is active.
|
||||
* Determines whether FIPS-140-2 compliance is active.
|
||||
*
|
||||
* @return true if the security library is in FIPS-140-1 compliant mode.
|
||||
* @return true if the security library is in FIPS-140-2 compliant mode.
|
||||
*/
|
||||
public synchronized native boolean FIPSEnabled();
|
||||
|
||||
@ -1282,7 +1284,7 @@ public final class CryptoManager implements TokenSupplier
|
||||
/////////////////////////////////////////////////////////////
|
||||
|
||||
/**
|
||||
* Retrieves a FIPS-140-1 validated random number generator.
|
||||
* Retrieves a FIPS-140-2 validated random number generator.
|
||||
*
|
||||
* @return A JSS SecureRandom implemented with FIPS-validated NSS.
|
||||
*/
|
||||
@ -1293,7 +1295,7 @@ public final class CryptoManager implements TokenSupplier
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves a FIPS-140-1 validated random number generator.
|
||||
* Retrieves a FIPS-140-2 validated random number generator.
|
||||
*
|
||||
* @return A JSS SecureRandom implemented with FIPS-validated NSS.
|
||||
*/
|
||||
|
||||
@ -51,110 +51,110 @@ public class Constants {
|
||||
}
|
||||
|
||||
/** Debug level for all tests */
|
||||
public static int debug_level = 0;
|
||||
public static int debug_level = 1;
|
||||
|
||||
/** Cipher supported by JSS */
|
||||
public static int jssCipherSuites[] = {
|
||||
SSLSocket.SSL3_RSA_WITH_NULL_MD5,
|
||||
SSLSocket.SSL3_RSA_WITH_NULL_SHA,
|
||||
SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5,
|
||||
SSLSocket.SSL3_RSA_WITH_RC4_128_MD5,
|
||||
SSLSocket.SSL3_RSA_WITH_RC4_128_SHA,
|
||||
SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
|
||||
SSLSocket.SSL3_RSA_WITH_IDEA_CBC_SHA,
|
||||
SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
||||
SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA,
|
||||
SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
SSLSocket.SSL3_RSA_WITH_NULL_MD5, /* 0 */
|
||||
SSLSocket.SSL3_RSA_WITH_NULL_SHA, /* 1 */
|
||||
SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5, /* 2 */
|
||||
SSLSocket.SSL3_RSA_WITH_RC4_128_MD5, /* 3 */
|
||||
SSLSocket.SSL3_RSA_WITH_RC4_128_SHA, /* 4 */
|
||||
SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* 5 */
|
||||
SSLSocket.SSL3_RSA_WITH_IDEA_CBC_SHA, /* 6 */
|
||||
SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA, /* 7 */
|
||||
SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA, /* 8 */
|
||||
SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA, /* 9 */
|
||||
// DH and DHE Ciphers are client only.
|
||||
SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
|
||||
SSLSocket.SSL3_DH_DSS_WITH_DES_CBC_SHA,
|
||||
SSLSocket.SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA,
|
||||
SSLSocket.SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
||||
SSLSocket.SSL3_DH_RSA_WITH_DES_CBC_SHA,
|
||||
SSLSocket.SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
|
||||
SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA,
|
||||
SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
|
||||
SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
||||
SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA,
|
||||
SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5,
|
||||
SSLSocket.SSL3_DH_ANON_WITH_RC4_128_MD5,
|
||||
SSLSocket.SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
|
||||
SSLSocket.SSL3_DH_ANON_WITH_DES_CBC_SHA,
|
||||
SSLSocket.SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA,
|
||||
SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
|
||||
SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA,
|
||||
SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, /* 10 */
|
||||
SSLSocket.SSL3_DH_DSS_WITH_DES_CBC_SHA, /* 11 */
|
||||
SSLSocket.SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA, /* 12 */
|
||||
SSLSocket.SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, /* 13 */
|
||||
SSLSocket.SSL3_DH_RSA_WITH_DES_CBC_SHA, /* 14 */
|
||||
SSLSocket.SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA, /* 15 */
|
||||
SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, /* 16 */
|
||||
SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA, /* 17 */
|
||||
SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* 18 */
|
||||
SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, /* 19 */
|
||||
SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA, /* 20 */
|
||||
SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* 21 */
|
||||
SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5, /* 22 */
|
||||
SSLSocket.SSL3_DH_ANON_WITH_RC4_128_MD5, /* 23 */
|
||||
SSLSocket.SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, /* 24 */
|
||||
SSLSocket.SSL3_DH_ANON_WITH_DES_CBC_SHA, /* 25 */
|
||||
SSLSocket.SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA, /* 26 */
|
||||
SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* 27 Server */
|
||||
SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* 28 Server */
|
||||
// These are TLS Ciphers.
|
||||
SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
|
||||
SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
|
||||
SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* 29 Server */
|
||||
SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* 30 Server*/
|
||||
// DH and DHE Ciphers are client only.
|
||||
SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
|
||||
SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
|
||||
SSLSocket.TLS_DHE_DSS_WITH_RC4_128_SHA,
|
||||
SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
SSLSocket.TLS_DH_DSS_WITH_AES_128_CBC_SHA,
|
||||
SSLSocket.TLS_DH_RSA_WITH_AES_128_CBC_SHA,
|
||||
SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
|
||||
SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
SSLSocket.TLS_DH_ANON_WITH_AES_128_CBC_SHA,
|
||||
SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
SSLSocket.TLS_DH_DSS_WITH_AES_256_CBC_SHA,
|
||||
SSLSocket.TLS_DH_RSA_WITH_AES_256_CBC_SHA,
|
||||
SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
|
||||
SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
SSLSocket.TLS_DH_ANON_WITH_AES_256_CBC_SHA,
|
||||
SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, /* 31 */
|
||||
SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, /* 32 */
|
||||
SSLSocket.TLS_DHE_DSS_WITH_RC4_128_SHA, /* 33 */
|
||||
SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA, /* 34 Server */
|
||||
SSLSocket.TLS_DH_DSS_WITH_AES_128_CBC_SHA, /* 35 */
|
||||
SSLSocket.TLS_DH_RSA_WITH_AES_128_CBC_SHA, /* 36 */
|
||||
SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* 37 */
|
||||
SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* 38 */
|
||||
SSLSocket.TLS_DH_ANON_WITH_AES_128_CBC_SHA, /* 39 */
|
||||
SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA, /* 40 Server */
|
||||
SSLSocket.TLS_DH_DSS_WITH_AES_256_CBC_SHA, /* 41 */
|
||||
SSLSocket.TLS_DH_RSA_WITH_AES_256_CBC_SHA, /* 42 */
|
||||
SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* 43 */
|
||||
SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* 44 */
|
||||
SSLSocket.TLS_DH_ANON_WITH_AES_256_CBC_SHA, /* 45 */
|
||||
0
|
||||
};
|
||||
|
||||
/** String representation of JSS supported ciphers */
|
||||
public static String jssCipherNames[] = {
|
||||
"SSLSocket.SSL3_RSA_WITH_NULL_MD5",
|
||||
"SSLSocket.SSL3_RSA_WITH_NULL_SHA",
|
||||
"SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5",
|
||||
"SSLSocket.SSL3_RSA_WITH_RC4_128_MD5",
|
||||
"SSLSocket.SSL3_RSA_WITH_RC4_128_SHA",
|
||||
"SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
|
||||
"SSLSocket.SSL3_RSA_WITH_IDEA_CBC_SHA",
|
||||
"SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
||||
"SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA",
|
||||
"SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
"SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
|
||||
"SSLSocket.SSL3_DH_DSS_WITH_DES_CBC_SHA",
|
||||
"SSLSocket.SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA",
|
||||
"SSLSocket.SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
||||
"SSLSocket.SSL3_DH_RSA_WITH_DES_CBC_SHA",
|
||||
"SSLSocket.SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
"SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
|
||||
"SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA",
|
||||
"SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
|
||||
"SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
||||
"SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA",
|
||||
"SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
"SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5",
|
||||
"SSLSocket.SSL3_DH_ANON_WITH_RC4_128_MD5",
|
||||
"SSLSocket.SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA",
|
||||
"SSLSocket.SSL3_DH_ANON_WITH_DES_CBC_SHA",
|
||||
"SSLSocket.SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA",
|
||||
"SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",
|
||||
"SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA",
|
||||
"SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA",
|
||||
"SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA",
|
||||
"SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",
|
||||
"SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",
|
||||
"SSLSocket.TLS_DHE_DSS_WITH_RC4_128_SHA",
|
||||
"SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA",
|
||||
"SSLSocket.TLS_DH_DSS_WITH_AES_128_CBC_SHA",
|
||||
"SSLSocket.TLS_DH_RSA_WITH_AES_128_CBC_SHA",
|
||||
"SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
|
||||
"SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
|
||||
"SSLSocket.TLS_DH_ANON_WITH_AES_128_CBC_SHA",
|
||||
"SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA",
|
||||
"SSLSocket.TLS_DH_DSS_WITH_AES_256_CBC_SHA",
|
||||
"SSLSocket.TLS_DH_RSA_WITH_AES_256_CBC_SHA",
|
||||
"SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
|
||||
"SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
|
||||
"SSLSocket.TLS_DH_ANON_WITH_AES_256_CBC_SHA"
|
||||
"SSLSocket.SSL3_RSA_WITH_NULL_MD5", /* 0 */
|
||||
"SSLSocket.SSL3_RSA_WITH_NULL_SHA", /* 1 */
|
||||
"SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5", /* 2 */
|
||||
"SSLSocket.SSL3_RSA_WITH_RC4_128_MD5", /* 3 */
|
||||
"SSLSocket.SSL3_RSA_WITH_RC4_128_SHA", /* 4 */
|
||||
"SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5", /* 5 */
|
||||
"SSLSocket.SSL3_RSA_WITH_IDEA_CBC_SHA", /* 6 */
|
||||
"SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA", /* 7 */
|
||||
"SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA", /* 8 */
|
||||
"SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA", /* 9 */
|
||||
"SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", /* 10 */
|
||||
"SSLSocket.SSL3_DH_DSS_WITH_DES_CBC_SHA", /* 11 */
|
||||
"SSLSocket.SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA", /* 12 */
|
||||
"SSLSocket.SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", /* 13 */
|
||||
"SSLSocket.SSL3_DH_RSA_WITH_DES_CBC_SHA", /* 14 */
|
||||
"SSLSocket.SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA", /* 15 */
|
||||
"SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", /* 16 */
|
||||
"SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA", /* 17 */
|
||||
"SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA", /* 18 */
|
||||
"SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", /* 19 */
|
||||
"SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA", /* 20 */
|
||||
"SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA", /* 21 */
|
||||
"SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5", /* 22 */
|
||||
"SSLSocket.SSL3_DH_ANON_WITH_RC4_128_MD5", /* 23 */
|
||||
"SSLSocket.SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA", /* 24 */
|
||||
"SSLSocket.SSL3_DH_ANON_WITH_DES_CBC_SHA", /* 25 */
|
||||
"SSLSocket.SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA", /* 26 */
|
||||
"SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", /* 27 Server */
|
||||
"SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA", /* 28 Server */
|
||||
"SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", /* 29 Server */
|
||||
"SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", /* 30 Server */
|
||||
"SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", /* 31 */
|
||||
"SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", /* 32 */
|
||||
"SSLSocket.TLS_DHE_DSS_WITH_RC4_128_SHA", /* 33 */
|
||||
"SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA", /* 34 Server */
|
||||
"SSLSocket.TLS_DH_DSS_WITH_AES_128_CBC_SHA", /* 35 */
|
||||
"SSLSocket.TLS_DH_RSA_WITH_AES_128_CBC_SHA", /* 36 */
|
||||
"SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA", /* 37 */
|
||||
"SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA", /* 38 */
|
||||
"SSLSocket.TLS_DH_ANON_WITH_AES_128_CBC_SHA", /* 39 */
|
||||
"SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA", /* 40 Server */
|
||||
"SSLSocket.TLS_DH_DSS_WITH_AES_256_CBC_SHA", /* 41 */
|
||||
"SSLSocket.TLS_DH_RSA_WITH_AES_256_CBC_SHA", /* 42 */
|
||||
"SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA", /* 43 */
|
||||
"SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA", /* 44 */
|
||||
"SSLSocket.TLS_DH_ANON_WITH_AES_256_CBC_SHA" /* 45 */
|
||||
};
|
||||
|
||||
/** Cipher supported by JSSE (JDK 1.5.x) */
|
||||
|
||||
@ -40,6 +40,7 @@ import org.mozilla.jss.*;
|
||||
import org.mozilla.jss.pkcs11.*;
|
||||
import org.mozilla.jss.crypto.*;
|
||||
import java.io.*;
|
||||
import org.mozilla.jss.util.PasswordCallback;
|
||||
|
||||
|
||||
public class FipsTest {
|
||||
@ -48,46 +49,53 @@ public class FipsTest {
|
||||
|
||||
try {
|
||||
|
||||
if( args.length != 2 ) {
|
||||
if( args.length < 2 ) {
|
||||
System.out.println("Usage: FipsTest <dbdir> <fipsmode enter: " +
|
||||
"enable OR disable OR chkfips >");
|
||||
"enable OR disable OR chkfips > <password file>");
|
||||
return;
|
||||
}
|
||||
String dbdir = args[0];
|
||||
String fipsmode = args[1];
|
||||
|
||||
|
||||
String password = "";
|
||||
|
||||
if (args.length == 3) {
|
||||
password = args[2];
|
||||
System.out.println("The password file " +password);
|
||||
}
|
||||
|
||||
CryptoManager.InitializationValues vals = new
|
||||
CryptoManager.InitializationValues(dbdir);
|
||||
|
||||
|
||||
System.out.println("output of Initilization values ");
|
||||
System.out.println("Manufacturer ID: " + vals.getManufacturerID());
|
||||
System.out.println("Library: " + vals.getLibraryDescription());
|
||||
System.out.println("Internal Slot: " +
|
||||
System.out.println("Internal Slot: " +
|
||||
vals.getInternalSlotDescription());
|
||||
System.out.println("Internal Token: " +
|
||||
System.out.println("Internal Token: " +
|
||||
vals.getInternalTokenDescription());
|
||||
System.out.println("Key Storage Slot: " +
|
||||
System.out.println("Key Storage Slot: " +
|
||||
vals.getFIPSKeyStorageSlotDescription());
|
||||
System.out.println("Key Storage Token: " +
|
||||
System.out.println("Key Storage Token: " +
|
||||
vals.getInternalKeyStorageTokenDescription());
|
||||
System.out.println("FIPS Slot: " +
|
||||
System.out.println("FIPS Slot: " +
|
||||
vals.getFIPSSlotDescription());
|
||||
System.out.println("FIPS Key Storage: " +
|
||||
System.out.println("FIPS Key Storage: " +
|
||||
vals.getFIPSKeyStorageSlotDescription());
|
||||
|
||||
|
||||
|
||||
|
||||
if (fipsmode.equalsIgnoreCase("enable")) {
|
||||
vals.fipsMode = CryptoManager.InitializationValues.FIPSMode.ENABLED;
|
||||
} else if (fipsmode.equalsIgnoreCase("disable")){
|
||||
vals.fipsMode =
|
||||
vals.fipsMode =
|
||||
CryptoManager.InitializationValues.FIPSMode.DISABLED;
|
||||
} else {
|
||||
vals.fipsMode =
|
||||
vals.fipsMode =
|
||||
CryptoManager.InitializationValues.FIPSMode.UNCHANGED;
|
||||
}
|
||||
|
||||
|
||||
CryptoManager.initialize(vals);
|
||||
|
||||
|
||||
CryptoManager cm = CryptoManager.getInstance();
|
||||
|
||||
if (cm.FIPSEnabled() == true ) {
|
||||
@ -95,29 +103,29 @@ public class FipsTest {
|
||||
} else {
|
||||
System.out.println("\n\t\tFIPS not enabled\n");
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
java.util.Enumeration items;
|
||||
items = cm.getModules();
|
||||
System.out.println("\nListing of Modules:");
|
||||
while(items.hasMoreElements()) {
|
||||
items = cm.getModules();
|
||||
System.out.println("\nListing of Modules:");
|
||||
while(items.hasMoreElements()) {
|
||||
System.out.println("\t"+
|
||||
((PK11Module)items.nextElement()).getName() );
|
||||
}
|
||||
}
|
||||
|
||||
items = cm.getAllTokens();
|
||||
System.out.println("\nAll Tokens:");
|
||||
while(items.hasMoreElements()) {
|
||||
items = cm.getAllTokens();
|
||||
System.out.println("\nAll Tokens:");
|
||||
while(items.hasMoreElements()) {
|
||||
System.out.println("\t"+
|
||||
((CryptoToken)items.nextElement()).getName() );
|
||||
}
|
||||
|
||||
items = cm.getExternalTokens();
|
||||
System.out.println("\nExternal Tokens:");
|
||||
while(items.hasMoreElements()) {
|
||||
}
|
||||
|
||||
items = cm.getExternalTokens();
|
||||
System.out.println("\nExternal Tokens:");
|
||||
while(items.hasMoreElements()) {
|
||||
System.out.println("\t"+
|
||||
((CryptoToken)items.nextElement()).getName() );
|
||||
}
|
||||
}
|
||||
|
||||
CryptoToken tok;
|
||||
String tokenName;
|
||||
@ -128,15 +136,15 @@ public class FipsTest {
|
||||
} else {
|
||||
tokenName = vals.getInternalKeyStorageTokenDescription();
|
||||
}
|
||||
|
||||
|
||||
/* truncate to 32 bytes and remove trailing white space*/
|
||||
tokenName = tokenName.substring(0, 32);
|
||||
tokenName = tokenName.trim();
|
||||
System.out.println("\nFinding the Internal Key Storage token: "+
|
||||
System.out.println("\nFinding the Internal Key Storage token: "+
|
||||
tokenName);
|
||||
tok = cm.getTokenByName(tokenName);
|
||||
|
||||
if( ((PK11Token)tok).isInternalKeyStorageToken()
|
||||
|
||||
if( ((PK11Token)tok).isInternalKeyStorageToken()
|
||||
&& tok.equals(cm.getInternalKeyStorageToken()) ) {
|
||||
System.out.println("Good, "+tok.getName()+", knows it is " +
|
||||
"the internal Key Storage Token");
|
||||
@ -145,30 +153,37 @@ public class FipsTest {
|
||||
" it is the internal key storage token");
|
||||
}
|
||||
|
||||
if (!password.equals("")) {
|
||||
System.out.println("logging in to the Token: " + tok.getName());
|
||||
PasswordCallback cb = new FilePasswordCallback(password);
|
||||
tok.login(cb);
|
||||
System.out.println("logged in to the Token: " + tok.getName());
|
||||
}
|
||||
|
||||
/* find the Internal Crypto token */
|
||||
if (cm.FIPSEnabled() == true ) {
|
||||
tokenName = vals.getFIPSSlotDescription();
|
||||
} else {
|
||||
tokenName = vals.getInternalTokenDescription();
|
||||
tokenName = vals.getInternalTokenDescription();
|
||||
}
|
||||
|
||||
|
||||
/* truncate to 32 bytes and remove trailing white space*/
|
||||
tokenName = tokenName.substring(0, 32);
|
||||
tokenName = tokenName.trim();
|
||||
System.out.println("\nFinding the Internal Crypto token: " + tokenName);
|
||||
tok = cm.getTokenByName(tokenName);
|
||||
|
||||
if( ((PK11Token)tok).isInternalCryptoToken() &&
|
||||
if( ((PK11Token)tok).isInternalCryptoToken() &&
|
||||
tok.equals(cm.getInternalCryptoToken() )) {
|
||||
System.out.println("Good, "+tok.getName()+
|
||||
System.out.println("Good, "+tok.getName()+
|
||||
", knows it is the internal Crypto token");
|
||||
} else {
|
||||
System.out.println("ERROR: "+tok.getName()+
|
||||
", doesn't know that it is the internal Crypto token");
|
||||
}
|
||||
|
||||
|
||||
System.exit(0);
|
||||
|
||||
|
||||
} catch( Exception e ) {
|
||||
e.printStackTrace();
|
||||
System.exit(1);
|
||||
|
||||
@ -90,6 +90,7 @@ public class JSS_SSLServer {
|
||||
private String serverHost = "localhost";
|
||||
private boolean TestInetAddress = false;
|
||||
private boolean success = true;
|
||||
private boolean bTestFipsMode = false;
|
||||
public int port = 29750;
|
||||
public static String usage = "USAGE: java JSS_SSLServer " +
|
||||
"<cert db path> <passwords> <server_name> " +
|
||||
@ -100,13 +101,20 @@ public class JSS_SSLServer {
|
||||
if ( args.length < 4 ) {
|
||||
System.out.println(usage);
|
||||
System.exit(1);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
CryptoManager.initialize(args[0]);
|
||||
CryptoManager cm = CryptoManager.getInstance();
|
||||
CryptoToken tok = cm.getInternalKeyStorageToken();
|
||||
PasswordCallback cb = new FilePasswordCallback(args[1]); // passwords
|
||||
tok.login(cb);
|
||||
try {
|
||||
tok.login(cb);
|
||||
} catch (Exception ex) {
|
||||
System.out.println("unable to log into the token");
|
||||
ex.printStackTrace();
|
||||
System.exit(1);
|
||||
}
|
||||
|
||||
serverHost = args[2]; // localhost
|
||||
serverCertNick = args[3]; // servercertnick
|
||||
|
||||
@ -120,33 +128,55 @@ public class JSS_SSLServer {
|
||||
System.out.println("using port: " + port);
|
||||
}
|
||||
|
||||
if ((args.length == 7) && args[6].equalsIgnoreCase("bypass")== true) {
|
||||
if ((args.length >= 7) && args[6].equalsIgnoreCase("bypass")== true) {
|
||||
org.mozilla.jss.ssl.SSLSocket.bypassPKCS11Default(true);
|
||||
System.out.println("enabled bypassPKCS11 mode for all sockets");
|
||||
}
|
||||
|
||||
|
||||
if ((args.length == 8) && args[7].equalsIgnoreCase("fips") == true) {
|
||||
bTestFipsMode = true;
|
||||
System.out.println("testing in FIPS mode bypass must be off");
|
||||
org.mozilla.jss.ssl.SSLSocket.bypassPKCS11Default(false);
|
||||
}
|
||||
// We have to configure the server session ID cache before
|
||||
// creating any server sockets.
|
||||
SSLServerSocket.configServerSessionIDCache(10, 100, 100, null);
|
||||
|
||||
/* enable all the SSL2 cipher suites */
|
||||
for (int i = SSLSocket.SSL2_RC4_128_WITH_MD5;
|
||||
i <= SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5; ++i) {
|
||||
if (i != SSLSocket.SSL2_IDEA_128_CBC_WITH_MD5) {
|
||||
if (!bTestFipsMode) {
|
||||
for (int i = SSLSocket.SSL2_RC4_128_WITH_MD5;
|
||||
i <= SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5; ++i) {
|
||||
if (i != SSLSocket.SSL2_IDEA_128_CBC_WITH_MD5) {
|
||||
SSLSocket.setCipherPreferenceDefault( i, true);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Enable all the SSL3 and TLS server cipher suites.
|
||||
* Constants.jssCipherSuites[0-9,32,33,37,43]
|
||||
* Constants.jssCipherSuites[0-9,27,28,29,30,34,40]
|
||||
*/
|
||||
int [] jssServerCiphers = {0,1,2,3,4,5,6,7,8,9,32,33,37,43};
|
||||
int [] jssCiphers = {0,1,2,3,4,5,6,7,8,9,27,28,29,30,34,40};
|
||||
int [] jssFIPSCiphers = {27,28,34,40};
|
||||
int [] jssServerCiphers;
|
||||
if (!bTestFipsMode)
|
||||
jssServerCiphers = jssCiphers;
|
||||
else
|
||||
jssServerCiphers = jssFIPSCiphers;
|
||||
|
||||
System.out.println("JSSServerCipher length" + jssServerCiphers.length);
|
||||
for (int i=0; i<jssServerCiphers.length; i++) {
|
||||
try {
|
||||
SSLSocket.setCipherPreferenceDefault(
|
||||
Constants.jssCipherSuites[jssServerCiphers[i]], true);
|
||||
if ( Constants.debug_level >= 3 )
|
||||
System.out.println("Added Cipher" + i +
|
||||
Constants.jssCipherNames[jssServerCiphers[i]]);
|
||||
|
||||
} catch (Exception ex) {
|
||||
if ( Constants.debug_level >= 3 )
|
||||
System.out.println("Added Cipher" + i +
|
||||
Constants.jssCipherNames[jssServerCiphers[i]]);
|
||||
}
|
||||
}
|
||||
|
||||
@ -179,21 +209,39 @@ public class JSS_SSLServer {
|
||||
boolean socketListenStatus = true;
|
||||
|
||||
while ( socketListenStatus ) {
|
||||
|
||||
// accept the connection
|
||||
sock = (SSLSocket) serverSock.accept();
|
||||
try {
|
||||
sock = (SSLSocket) serverSock.accept();
|
||||
} catch (IOException e) {
|
||||
socketListenStatus=false;
|
||||
System.out.println("Timeout occurred on the serversocket");
|
||||
break;
|
||||
}
|
||||
|
||||
if ( Constants.debug_level >= 3 )
|
||||
System.out.println("accepted " + socketListenStatus);
|
||||
|
||||
sock.addHandshakeCompletedListener(
|
||||
new HandshakeListener("server", this));
|
||||
|
||||
|
||||
// try to read some bytes, to allow the handshake to go through
|
||||
InputStream is = sock.getInputStream();
|
||||
try {
|
||||
BufferedReader bir = new BufferedReader(
|
||||
new InputStreamReader(is));
|
||||
String socketData = bir.readLine();
|
||||
if ( socketData.equals("null") )
|
||||
if ( socketData.equals("null") ) {
|
||||
socketListenStatus = false;
|
||||
else if ( socketData != null )
|
||||
if ( Constants.debug_level >= 3 )
|
||||
System.out.println("breaking cipher loop");
|
||||
}
|
||||
else if ( socketData != null ) {
|
||||
jssSupportedCiphers.add(socketData);
|
||||
if ( Constants.debug_level >= 3 )
|
||||
System.out.println("accepted using " + socketData);
|
||||
}
|
||||
|
||||
} catch(EOFException e) {
|
||||
} catch(IOException ex) {
|
||||
} catch(NullPointerException npe) {
|
||||
|
||||
@ -119,7 +119,6 @@ public class SSLClientAuth implements Runnable {
|
||||
|
||||
CryptoManager.initialize(args[0]);
|
||||
CryptoManager cm = CryptoManager.getInstance();
|
||||
|
||||
CryptoToken tok = cm.getInternalKeyStorageToken();
|
||||
|
||||
PasswordCallback cb = new FilePasswordCallback(args[1]);
|
||||
@ -175,6 +174,13 @@ public class SSLClientAuth implements Runnable {
|
||||
clientCertNick = "clientcertnick"+rand;
|
||||
nssClientCert = cm.importCertPackage(
|
||||
ASN1Util.encode(clientCert), clientCertNick);
|
||||
//Disable SSL2 and SSL3 ciphers
|
||||
SSLSocket.enableSSL2Default(false);
|
||||
SSLSocket.enableSSL3Default(false);
|
||||
//The cipher TLS_RSA_WITH_AES_128_CBC_SHA is chosen since
|
||||
//it works when the NSS database is FIPS mode and also non FIPS mode
|
||||
SSLSocket.setCipherPreferenceDefault(
|
||||
SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA, true);
|
||||
|
||||
useNickname = false;
|
||||
testConnection();
|
||||
@ -283,7 +289,6 @@ public class SSLClientAuth implements Runnable {
|
||||
SSLServerSocket serverSock = new SSLServerSocket(port, 5, null, null,
|
||||
true);
|
||||
System.out.println("Server created socket");
|
||||
|
||||
serverSock.requireClientAuth(true, true);
|
||||
if( useNickname ) {
|
||||
serverSock.setServerCertNickname(serverCertNick);
|
||||
|
||||
@ -269,6 +269,7 @@ if( ! -d $testdir ) {
|
||||
my $result;
|
||||
|
||||
print "============= Setup DB\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.SetupDBs $testdir $pwfile");
|
||||
$result = system("$java org.mozilla.jss.tests.SetupDBs $testdir $pwfile");
|
||||
$result >>=8;
|
||||
$result and print "SetupDBs returned $result\n";
|
||||
@ -278,6 +279,7 @@ print_case_result ($result,"Setup DB");
|
||||
# List CA certs
|
||||
#
|
||||
print "============= List CA certs\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.ListCACerts $testdir");
|
||||
$result = system("$java org.mozilla.jss.tests.ListCACerts $testdir");
|
||||
$result >>=8;
|
||||
$result and print "ListCACerts returned $result\n";
|
||||
@ -287,6 +289,7 @@ print_case_result ($result,"List CA certs");
|
||||
# test sockets
|
||||
#
|
||||
print "============= test sockets\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $portJSSServer");
|
||||
$result = system("$java org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $portJSSServer");
|
||||
$result >>=8;
|
||||
$result and print "SSLClientAuth returned $result\n";
|
||||
@ -298,6 +301,7 @@ $portJSSServer=$portJSSServer+1;
|
||||
# test sockets in bypass mode
|
||||
#
|
||||
print "============= test sockets using bypass \n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $portJSSServer bypass");
|
||||
$result = system("$java org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $portJSSServer bypass");
|
||||
$result >>=8;
|
||||
$result and print "SSLClientAuth using bypass mode returned $result\n";
|
||||
@ -306,6 +310,7 @@ print_case_result ($result,"SSLClientAuth using bypass");
|
||||
# test key gen
|
||||
#
|
||||
print "============= test key gen\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.TestKeyGen $testdir $pwfile");
|
||||
$result = system("$java org.mozilla.jss.tests.TestKeyGen $testdir $pwfile");
|
||||
$result >>=8;
|
||||
$result and print "TestKeyGen returned $result\n";
|
||||
@ -314,6 +319,7 @@ print_case_result ($result,"Key generation");
|
||||
# test KeyFactory
|
||||
#
|
||||
print "============= test KeyFactory\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.KeyFactoryTest $testdir $pwfile");
|
||||
$result = system("$java org.mozilla.jss.tests.KeyFactoryTest $testdir $pwfile");
|
||||
$result >>=8;
|
||||
$result and print "KeyFactoryTest returned $result\n";
|
||||
@ -322,6 +328,7 @@ print_case_result ($result,"KeyFactoryTest");
|
||||
# test digesting
|
||||
#
|
||||
print "============= test digesting\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.DigestTest $testdir $pwfile");
|
||||
$result = system("$java org.mozilla.jss.tests.DigestTest $testdir $pwfile");
|
||||
$result >>=8;
|
||||
$result and print "DigestTest returned $result\n";
|
||||
@ -331,6 +338,7 @@ print_case_result ($result,"Digesting");
|
||||
# test HMAC
|
||||
#
|
||||
print "============= test HMAC\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.HMACTest $testdir $pwfile");
|
||||
$result = system("$java org.mozilla.jss.tests.HMACTest $testdir $pwfile");
|
||||
$result >>=8;
|
||||
$result and print "HMACTest returned $result\n";
|
||||
@ -339,6 +347,7 @@ print_case_result ($result,"HMACTest");
|
||||
# test JCA Sig Test
|
||||
#
|
||||
print "============= test Mozilla-JSS SigatureSPI JCASigTest\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.JCASigTest $testdir $pwfile");
|
||||
$result = system("$java org.mozilla.jss.tests.JCASigTest $testdir $pwfile");
|
||||
$result >>=8;
|
||||
$result and print "TestJCASigTest returned $result\n";
|
||||
@ -347,6 +356,7 @@ print_case_result ($result,"Mozilla-JSS SigatureSPI JCASigTest");
|
||||
# test Secret Decoder Ring
|
||||
#
|
||||
print "============= test Secret Decoder Ring\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.TestSDR $testdir $pwfile");
|
||||
$result = system("$java org.mozilla.jss.tests.TestSDR $testdir $pwfile");
|
||||
$result >>=8;
|
||||
$result and print "TestSDR returned $result\n";
|
||||
@ -356,6 +366,7 @@ print_case_result ($result,"Secret Decoder Ring");
|
||||
# Generate a known cert pair that can be used for testing
|
||||
#
|
||||
print "============= Generate known cert pair for testing\n";
|
||||
$result=system("echo $java org.mozilla.jss.tests.GenerateTestCert $testdir $pwfile");
|
||||
$result=system("$java org.mozilla.jss.tests.GenerateTestCert $testdir $pwfile");
|
||||
$result >>=8;
|
||||
$result and print "Generate known cert pair for testing returned $result\n";
|
||||
@ -364,6 +375,7 @@ $result and print "Generate known cert pair for testing returned $result\n";
|
||||
# List cert by certnick
|
||||
#
|
||||
print "============= List cert by certnick\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.ListCerts $testdir JSSCATestCert");
|
||||
$result = system("$java org.mozilla.jss.tests.ListCerts $testdir JSSCATestCert");
|
||||
$result >>=8;
|
||||
$result and print "List cert by certnick returned $result\n";
|
||||
@ -373,6 +385,7 @@ print_case_result ($result,"List cert by certnick");
|
||||
# Verify cert by certnick
|
||||
#
|
||||
print "============= Verify cert by certnick\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.VerifyCert $testdir $pwfile JSSCATestCert");
|
||||
$result = system("$java org.mozilla.jss.tests.VerifyCert $testdir $pwfile JSSCATestCert");
|
||||
$result >>=8;
|
||||
$result and print "Verify cert by certnick returned $result\n";
|
||||
@ -382,7 +395,8 @@ print_case_result ($result,"Verify cert by certnick");
|
||||
# Create keystore.pfx from generated cert db
|
||||
# for "JSSCATestCert"
|
||||
print "============= convert PKCS11 cert to PKCS12 format\n";
|
||||
$result = system("$nss_lib_dir/../bin/pk12util$exe_suffix -o $testdir/keystore.pfx -n JSSCATestCert -d ./$testdir -K netscape -W netscape");
|
||||
$result = system("echo $nss_lib_dir/../bin/pk12util$exe_suffix -o $testdir/keystore.pfx -n JSSCATestCert -d $testdir -K netscape -W netscape");
|
||||
$result = system("$nss_lib_dir/../bin/pk12util$exe_suffix -o $testdir/keystore.pfx -n JSSCATestCert -d $testdir -K netscape -W netscape");
|
||||
$result >>=8;
|
||||
$result and print "Convert PKCS11 to PKCS12 returned $result\n";
|
||||
|
||||
@ -390,6 +404,7 @@ $result and print "Convert PKCS11 to PKCS12 returned $result\n";
|
||||
# TestSDR Test
|
||||
#
|
||||
print "============= TestSDR Test\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.TestSDR $testdir $pwfile");
|
||||
$result = system("$java org.mozilla.jss.tests.TestSDR $testdir $pwfile");
|
||||
$result >>=8;
|
||||
$result and print "TestSDR test returned $result\n";
|
||||
@ -399,6 +414,7 @@ print_case_result ($result,"TestSDR test");
|
||||
# Start JSSE server
|
||||
#
|
||||
print "============= Start JSSE server tests\n";
|
||||
$result=system("echo ./startJsseServ.$scriptext $jss_classpath $testdir $portJSSEServer $java");
|
||||
$result=system("./startJsseServ.$scriptext $jss_classpath $testdir $portJSSEServer $java");
|
||||
$result >>=8;
|
||||
$result and print "JSSE servers returned $result\n";
|
||||
@ -407,6 +423,7 @@ $result and print "JSSE servers returned $result\n";
|
||||
# Test JSS client communication
|
||||
#
|
||||
print "============= Start JSS client tests\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.JSS_SSLClient $testdir $pwfile $hostname $portJSSEServer bypassOff");
|
||||
$result = system("$java org.mozilla.jss.tests.JSS_SSLClient $testdir $pwfile $hostname $portJSSEServer bypassOff");
|
||||
$result >>=8;
|
||||
$result and print "JSS client returned $result\n";
|
||||
@ -418,7 +435,8 @@ $portJSSServer=$portJSSServer+1;
|
||||
# Start JSS server
|
||||
#
|
||||
print "============= Start JSS server tests\n";
|
||||
$result=system("./startJssServ.$scriptext $jss_classpath $testdir $portJSSServer bypassOff $java");
|
||||
$result=system("echo ./startJssServ.$scriptext $jss_classpath $testdir $portJSSServer bypassOff fipsOff $java");
|
||||
$result=system("./startJssServ.$scriptext $jss_classpath $testdir $portJSSServer bypassOff fipsOff $java");
|
||||
$result >>=8;
|
||||
$result and print "JSS servers returned $result\n";
|
||||
|
||||
@ -426,24 +444,72 @@ $result and print "JSS servers returned $result\n";
|
||||
# Test JSSE client communication
|
||||
#
|
||||
print "============= Start JSSE client tests\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.JSSE_SSLClient $testdir $portJSSServer");
|
||||
$result = system("$java org.mozilla.jss.tests.JSSE_SSLClient $testdir $portJSSServer");
|
||||
$result >>=8;
|
||||
$result and print "JSSE client returned $result\n";
|
||||
print_case_result ($result,"JSS server / JSSE client");
|
||||
|
||||
$portJSSServer=$portJSSServer+1;
|
||||
|
||||
#
|
||||
# Test Enable FIPSMODE
|
||||
#
|
||||
print "============= Start enable FIPSMODE\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.FipsTest $testdir enable");
|
||||
$result = system("$java org.mozilla.jss.tests.FipsTest $testdir enable");
|
||||
$result >>=8;
|
||||
$result and print "Enable FIPSMODE returned $result\n";
|
||||
print_case_result ($result,"FIPSMODE enabled");
|
||||
|
||||
#
|
||||
# test sockets
|
||||
#
|
||||
print "============= test sockets\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $portJSSServer");
|
||||
$result = system("$java org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $portJSSServer");
|
||||
$result >>=8;
|
||||
$result and print "SSLClientAuth returned $result\n";
|
||||
print_case_result ($result,"Sockets");
|
||||
|
||||
$portJSSServer=$portJSSServer+1;
|
||||
|
||||
#
|
||||
# Test chkfips FIPSMODE
|
||||
#
|
||||
print "============= Start enable FIPSMODE\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.FipsTest $testdir chkfips");
|
||||
$result = system("$java org.mozilla.jss.tests.FipsTest $testdir chkfips");
|
||||
$result >>=8;
|
||||
$result and print "Enable FIPSMODE returned $result\n";
|
||||
print_case_result ($result,"FIPSMODE enabled");
|
||||
|
||||
#
|
||||
# Start JSS server
|
||||
#
|
||||
print "============= Start JSS server tests\n";
|
||||
$result=system("echo ./startJssServ.$scriptext $jss_classpath $testdir $portJSSServer bypassOff fips $java");
|
||||
$result=system("./startJssServ.$scriptext $jss_classpath $testdir $portJSSServer bypassOff fips $java");
|
||||
$result >>=8;
|
||||
$result and print "JSS servers returned $result\n";
|
||||
|
||||
#
|
||||
# Test JSSE client communication
|
||||
#
|
||||
print "============= Start JSSE client tests\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.JSSE_SSLClient $testdir $portJSSServer");
|
||||
$result = system("$java org.mozilla.jss.tests.JSSE_SSLClient $testdir $portJSSServer");
|
||||
$result >>=8;
|
||||
$result and print "JSSE client returned $result\n";
|
||||
print_case_result ($result,"JSS server / JSSE client");
|
||||
|
||||
$portJSSServer=$portJSSServer+1;
|
||||
|
||||
#
|
||||
# Test Disable FIPSMODE
|
||||
#
|
||||
print "============= Start disable FIPSMODE\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.FipsTest $testdir disable");
|
||||
$result = system("$java org.mozilla.jss.tests.FipsTest $testdir disable");
|
||||
$result >>=8;
|
||||
$result and print "Disable FIPSMODE returned $result\n";
|
||||
@ -453,6 +519,7 @@ print_case_result ($result,"FIPSMODE disabled");
|
||||
# Test SecretKeys
|
||||
#
|
||||
print "============= Start Secret Key Gen and Ciphers\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.SymKeyGen $testdir");
|
||||
$result = system("$java org.mozilla.jss.tests.SymKeyGen $testdir");
|
||||
$result >>=8;
|
||||
$result and print "SymKeyGen returned $result\n";
|
||||
@ -462,6 +529,7 @@ print_case_result ($result,"SymKeyGen successful");
|
||||
# Test Mozilla-JSS SecretKeys
|
||||
#
|
||||
print "============= Start Mozilla-JSS Secret Key Gen and Ciphers\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.JCASymKeyGen $testdir");
|
||||
$result = system("$java org.mozilla.jss.tests.JCASymKeyGen $testdir");
|
||||
$result >>=8;
|
||||
$result and print "JCASymKeyGen returned $result\n";
|
||||
@ -473,6 +541,7 @@ $portJSSEServer=$portJSSEServer+1;
|
||||
# Start JSSE server to test JSS client in bypassPKCS11 mode
|
||||
#
|
||||
print "============= Start JSSE server tests to test the bypass\n";
|
||||
$result=system("echo ./startJsseServ.$scriptext $jss_classpath $testdir $portJSSEServer $java");
|
||||
$result=system("./startJsseServ.$scriptext $jss_classpath $testdir $portJSSEServer $java");
|
||||
$result >>=8;
|
||||
$result and print "JSSE servers testing JSS client in bypassPKCS11 test returned $result\n";
|
||||
@ -481,6 +550,7 @@ $result and print "JSSE servers testing JSS client in bypassPKCS11 test returned
|
||||
# Test JSS in bypassPKCS11 mode client communication
|
||||
#
|
||||
print "============= Start JSS client tests in bypassPKCS11 mode\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.JSS_SSLClient $testdir $pwfile $hostname $portJSSEServer bypass");
|
||||
$result = system("$java org.mozilla.jss.tests.JSS_SSLClient $testdir $pwfile $hostname $portJSSEServer bypass");
|
||||
$result >>=8;
|
||||
$result and print "JSS client in bypassPKCS11 mode returned $result\n";
|
||||
@ -492,7 +562,8 @@ $portJSSServer=$portJSSServer+1;
|
||||
# Start JSS server in bypassPKCS11 mode
|
||||
#
|
||||
print "============= Start JSS server tests in bypassPKCS11 mode\n";
|
||||
$result=system("./startJssServ.$scriptext $jss_classpath $testdir $portJSSServer bypass $java");
|
||||
$result=system("echo ./startJssServ.$scriptext $jss_classpath $testdir $portJSSServer bypass fipsOff $java");
|
||||
$result=system("./startJssServ.$scriptext $jss_classpath $testdir $portJSSServer bypass fipsOff $java");
|
||||
$result >>=8;
|
||||
$result and print "JSS servers in bypassPKCS11 mode returned $result\n";
|
||||
|
||||
@ -500,6 +571,7 @@ $result and print "JSS servers in bypassPKCS11 mode returned $result\n";
|
||||
# Test JSSE client communication
|
||||
#
|
||||
print "============= Start JSSE client tests to test the JSS server in bypassPKCS11 mode\n";
|
||||
$result = system("echo $java org.mozilla.jss.tests.JSSE_SSLClient $testdir $portJSSServer");
|
||||
$result = system("$java org.mozilla.jss.tests.JSSE_SSLClient $testdir $portJSSServer");
|
||||
$result >>=8;
|
||||
$result and print "JSSE client talking to JSS Server in bypassPKCS11 mode returned $result\n";
|
||||
|
||||
@ -1 +1,2 @@
|
||||
Internal\ Key\ Storage\ Token=netscape
|
||||
NSS\ FIPS\ 140-2\ User\ Private\ Key=netscape
|
||||
|
||||
@ -44,7 +44,8 @@ JSS_CLASSPATH=$1
|
||||
TESTDIR=$2
|
||||
Port=$3
|
||||
Bypass=$4
|
||||
shift 4
|
||||
FipsMode=$5
|
||||
shift 5
|
||||
JAVA_BIN_AND_OPT=$@
|
||||
|
||||
if [ -z "$JAVA_BIN_AND_OPT" ] ;
|
||||
@ -52,5 +53,5 @@ then
|
||||
JAVA_BIN_AND_OPT=${JAVA_HOME}/bin/java
|
||||
fi
|
||||
|
||||
${JAVA_BIN_AND_OPT} -classpath ${JSS_CLASSPATH} org.mozilla.jss.tests.JSS_SSLServer ${TESTDIR} passwords localhost JSSCATestCert true ${Port} ${Bypass} &
|
||||
${JAVA_BIN_AND_OPT} -classpath ${JSS_CLASSPATH} org.mozilla.jss.tests.JSS_SSLServer ${TESTDIR} passwords localhost JSSCATestCert true ${Port} ${Bypass} ${FipsMode} &
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user