libjss.so
on UNIX, jss.dll on Windows) and a ZIP file
(jss.zip) containing system-independent Java classes.
These classes are compatible with JDK 1.1 or later using the native
thread implementation (not green threads).
jss.zip in your
CLASSPATH.
libjss.so in your
LD_LIBRARY_PATH (on UNIX) or jss.dll
in your PATH (on Windows), and put
jss.zip in your CLASSPATH.
NSSInit.initialize must be called to open the security
databases and initialize the random number generator.
NSSInit.setPasswordCallback may be called to change the password
callback; the default is to prompt for passwords on the command line.
The files in the examples directory illustrate the use of JSS
in an application:
cert7.db and key3.db files, also in the
examples directory,
can be used for this purpose. When SSLServer is run,
it will ask for a password
for the "Internal Key Storage Token", which is the key database.
The password for the example key3.db file is "netscape".
org.mozilla.jss.ssl package.
The .class files must be put in the subdirectory
org/mozilla/jss/ssl of a CLASSPATH entry
in order to be located by the Java virtual machine.
In FIPS mode, the internal cryptographic services token is the * same as the internal key storage token. * * @return The internal cryptographic services token. */ @Override public synchronized CryptoToken getInternalCryptoToken() { return internalCryptoToken; } /** * Retrieves the internal key storage token. This is the token * provided by NSS to store private keys. * The keys stored in this token are stored in an encrypted key database. *
In FIPS mode, the internal key storage token is the same as
* the internal cryptographic services token.
*
* @return The internal key storage token.
*/
public synchronized CryptoToken getInternalKeyStorageToken() {
return internalKeyStorageToken;
}
/**
* Looks up the CryptoToken with the given name. Searches all
* loaded cryptographic modules for the token.
*
* @param name The name of the token.
* @return The token.
* @exception org.mozilla.jss.NoSuchTokenException If no token
* is found with the given name.
*/
public synchronized CryptoToken getTokenByName(String name)
throws NoSuchTokenException
{
Enumeration The callback may be NULL, in which case password callbacks will
* fail gracefully.
*
* @param pwcb Password callback.
*/
public synchronized void setPasswordCallback(PasswordCallback pwcb) {
passwordCallback = pwcb;
setNativePasswordCallback( pwcb );
}
private native void setNativePasswordCallback(PasswordCallback cb);
/**
* Returns the currently registered password callback.
*
* @return Password callback.
*/
public synchronized PasswordCallback getPasswordCallback() {
return passwordCallback;
}
private PasswordCallback passwordCallback;
////////////////////////////////////////////////////
// Initialization
////////////////////////////////////////////////////
/**
* Initialize the security subsystem. Opens the databases, loads all
* PKCS #11 modules, initializes the internal random number generator.
* The If no token is set, the InternalKeyStorageToken will be used. Setting
* this thread's token to If no token is set, the InternalKeyStorageToken will be used. Setting
* this thread's token to The default is a The default is The default is The default is The default is The default is The default is The default is The default is
* The default is
* Specifically, the following components will not be
* configured by The default is KeyManager is used to create, lookup, and delete the symmetric keys used
for SecretDecoderRing. Encryptor is used to encrypt data. Decryptor is used
to decrypt data that was previously encrypted with Encryptor. Encoding
and Encoding.Template are used internally, but they were made public
because they may occasionally be useful to applications.
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/UserCertConflictException.java������������������������������0000664�0000000�0000000�00000000537�14125500636�0025753�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss;
public final class UserCertConflictException extends Exception {
private static final long serialVersionUID = 1L;
}
�����������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/�������������������������������������������������������0000775�0000000�0000000�00000000000�14125500636�0020650�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/ANY.java�����������������������������������������������0000664�0000000�0000000�00000022613�14125500636�0022146�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
/**
* Represents an ASN.1
* An
* If
* Instances of CryptoToken are obtained from CryptoManager.
*
* @see org.mozilla.jss.CryptoManager
*/
public interface CryptoToken {
//
// SERVICES
//
/**
* Creates a Signature object, which can perform signing and signature
* verification. Signing and verification cryptographic operations will
* take place on this token. The signing key must be located on this
* token.
*
* @param algorithm The algorithm used for the signing/verification.
* @exception java.security.NoSuchAlgorithmException If the given
* algorithm is not supported by this provider.
*/
public abstract org.mozilla.jss.crypto.Signature getSignatureContext(SignatureAlgorithm algorithm)
throws java.security.NoSuchAlgorithmException, TokenException;
/**
* Creates a Digest object. Digesting cryptographic operations will
* take place on this token.
*
* @param algorithm The algorithm used for digesting.
* @exception java.security.NoSuchAlgorithmException If this provider
* does not support the given algorithm.
*/
public abstract JSSMessageDigest getDigestContext(DigestAlgorithm algorithm)
throws java.security.NoSuchAlgorithmException, DigestException;
// !!! MAC ???
/**
* Creates a Cipher object, which can be used for encryption and
* decryption. Cryptographic operations will take place on this token.
* The keys used in the operations must be located on this token.
*
* @param algorithm The algorithm used for encryption/decryption.
* @exception java.security.NoSuchAlgorithmException If this provider
* does not support the given algorithm.
*/
public abstract Cipher getCipherContext(EncryptionAlgorithm algorithm)
throws java.security.NoSuchAlgorithmException, TokenException;
public abstract SymmetricKeyDeriver getSymmetricKeyDeriver()
throws TokenException;
public abstract KeyWrapper getKeyWrapper(KeyWrapAlgorithm algorithm)
throws java.security.NoSuchAlgorithmException, TokenException;
/**
* Returns a Random Number Generator implemented on this token.
*
* @exception org.mozilla.jss.crypto.ServiceNotProvidedException If this token
* does not perform random number generation
*/
/*
public abstract SecureRandom getRandomGenerator()
throws NotImplementedException, TokenException;
*/
// !!! Derive Keys ???
/**
* Creates a KeyGenerator object, which can be used to generate
* symmetric encryption keys. Any keys generated with this KeyGenerator
* will be generated on this token.
*
* @param algorithm The algorithm that the keys will be used with.
* @exception java.security.NoSuchAlgorithmException If this token does not
* support the given algorithm.
*/
public abstract KeyGenerator getKeyGenerator(KeyGenAlgorithm algorithm)
throws java.security.NoSuchAlgorithmException, TokenException;
/**
* Clones a SymmetricKey from a different token onto this token.
*
* @exception SymmetricKey.NotExtractableException If the key material
* cannot be extracted from the current token.
* @exception InvalidKeyException If the owning token cannot process
* the key to be cloned.
*/
public SymmetricKey cloneKey(SymmetricKey key)
throws SymmetricKey.NotExtractableException,
InvalidKeyException, TokenException;
/**
* Creates a KeyPairGenerator object, which can be used to generate
* key pairs. Any keypairs generated with this generator will be generated
* on this token.
*
* @param algorithm The algorithm that the keys will be used with (RSA,
* DSA, EC, etc.)
* @exception java.security.NoSuchAlgorithmException If this token does
* not support the given algorithm.
*/
public abstract KeyPairGenerator getKeyPairGenerator(KeyPairAlgorithm algorithm)
throws java.security.NoSuchAlgorithmException, TokenException;
/**
* Generates a b64 encoded PKCS10 blob used for making cert
* request. Begin/End brackets included.
*
* @param subject subject dn of the certificate
* @param keysize size of the key
* @param keyType "rsa" or "dsa"
* @param P The DSA prime parameter
* @param Q The DSA sub-prime parameter
* @param G The DSA base parameter
* @return base64 encoded pkcs10 certificate request with
* Begin/end brackets
*/
public abstract String generateCertRequest(String subject, int keysize,
String keyType,
byte[] P, byte[] Q,
byte[] G)
throws TokenException, InvalidParameterException,
PQGParamGenException;
/**
* Determines whether this token supports the given algorithm.
*
* @param alg A JSS algorithm. Note that for Signature, a token may
* fail to support a specific SignatureAlgorithm (such as
* RSASignatureWithMD5Digest) even though it does support the
* generic algorithm (RSASignature). In this case, the signature
* operation will be performed on that token, but the digest
* operation will be performed on the internal token.
* @return true if the token supports the algorithm.
*/
public boolean doesAlgorithm(Algorithm alg);
/**
* Login to the token. If a token is logged in, it will not trigger
* password callbacks.
*
* @param pwcb The password callback for this token.
* @exception IncorrectPasswordException If the supplied password is
* incorrect.
* @see #setLoginMode
* @see org.mozilla.jss.CryptoManager#setPasswordCallback
*/
public abstract void login(PasswordCallback pwcb)
throws IncorrectPasswordException, TokenException;
/**
* Logout of the token.
*
*/
public abstract void logout() throws TokenException;
/**
* Login once, never need to re-enter the password until you log out.
*/
public static final int ONE_TIME = 0;
/**
* Need to re-login after a period of time.
*
* @see org.mozilla.jss.crypto.CryptoToken#setLoginTimeoutMinutes
*/
public static final int TIMEOUT = 1;
/**
* Need to provide a password before each crypto operation.
*/
public static final int EVERY_TIME = 2;
/**
* Returns the login mode of this token: ONE_TIME, TIMEOUT, or
* EVERY_TIME. The default is ONE_TIME.
*
* @see #getLoginTimeoutMinutes
* @exception TokenException If an error occurs on the token.
*/
public abstract int getLoginMode() throws TokenException;
/**
* Sets the login mode of this token.
*
* @param mode ONE_TIME, TIMEOUT, or EVERY_TIME
* @exception TokenException If this mode is not supported by this token,
* or an error occurs on the token.
* @see #login
* @see #setLoginTimeoutMinutes
*/
public abstract void setLoginMode(int mode) throws TokenException;
/**
* Returns the login timeout period. The timeout is only used if the
* login mode is TIMEOUT.
*
* @see #getLoginMode
* @exception TokenException If an error occurs on the token.
*/
public abstract int getLoginTimeoutMinutes() throws TokenException;
/**
* Sets the timeout period for logging in. This will only be used
* if the login mode is TIMEOUT.
*
* @exception TokenException If timeouts are not supported by this
* token, or an error occurs on the token.
* @see #setLoginMode
*/
public abstract void setLoginTimeoutMinutes(int timeoutMinutes)
throws TokenException;
/**
* Find out if the token is currently logged in.
*
* @see #login
* @see #logout
*/
public boolean isLoggedIn() throws TokenException;
/**
* returns true if this token needs to be logged into before
* it can be used.
*
* @see #login
* @see #logout
*/
public boolean needsLogin() throws TokenException;
/**
* Initialize the password of this token.
*
* @param securityOfficerPW A callback to obtain the password of the
* SecurityOfficer. Pass in a NullPasswordCallback if there is
* no security officer password. Must not be null.
* @param userPW A callback to obtain the new password for this token.
* Must not be null.
* @exception IncorrectPasswordException If the supplied security officer
* password is incorrect.
* @exception AlreadyInitializedException If the token only allows one
* password initialization, and it has already occurred.
* @exception TokenException If an error occurs on the token.
*/
public abstract void initPassword(PasswordCallback securityOfficerPW, PasswordCallback userPW)
throws IncorrectPasswordException, AlreadyInitializedException,
TokenException;
/**
* Determine whether the password has been initialized yet. Some tokens
* (such as the Netscape Internal Key Token) don't allow initializing
* the PIN more than once.
*
* @exception TokenException If an error occurs on the token.
*/
public abstract boolean passwordIsInitialized() throws TokenException;
/**
* Change the password of this token.
*
* @exception IncorrectPasswordException If the supplied old password is
* incorrect.
* @param oldpw A callback (which could be just a Password) to retrieve
* the current password.
* @param newpw A callback (which could be just a Password) to retrieve
* the new password.
*/
public abstract void changePassword(PasswordCallback oldpw, PasswordCallback newpw)
throws IncorrectPasswordException, TokenException;
/**
* Obtain the nickname, or label, of this token.
*
* @exception TokenException If an error occurs on the token.
*/
public abstract String getName() throws TokenException;
/**
* Get the CryptoStore interface to this token's objects.
*/
public abstract CryptoStore getCryptoStore();
/**
* Deep comparison operation. Use this, rather than ==, to determine
* whether two CryptoTokens are the same.
*/
@Override
public boolean equals(Object object);
/**
* Determines whether this token is currently present.
* This could return false if the token is a smart card that was
* removed from its slot.
*/
public boolean isPresent();
public void importPublicKey(
PublicKey pubKey,
boolean permanent)
throws TokenException;
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/DigestAlgorithm.java���������������������������������0000664�0000000�0000000�00000005561�14125500636�0025266�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
import java.security.NoSuchAlgorithmException;
import java.util.Hashtable;
import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
public class DigestAlgorithm extends Algorithm {
// The size in bytes of the output of this hash.
private int outputSize;
protected DigestAlgorithm(int oidIndex, String name,
OBJECT_IDENTIFIER oid, int outputSize)
{
super(oidIndex, name, oid);
this.outputSize = outputSize;
// only store the first algorithm for a given oid. More than one
// alg might share the same oid, such as from child classes.
if( oid != null && oidMap.get(oid)==null ) {
oidMap.put(oid, this);
}
}
///////////////////////////////////////////////////////////////////////
// OID mapping
///////////////////////////////////////////////////////////////////////
private static Hashtable PKCS #5 algorithms require exactly 8 bytes of salt. PKCS #12
* algorithms take
* a variable length, but recommend that the salt length be at least
* as long as the output of the hash function. For SHA-1, the output
* length is 20 bytes.
*/
public int getSaltLength() {
return saltLength;
}
///////////////////////////////////////////////////////////////////////
// OIDs
///////////////////////////////////////////////////////////////////////
private static final OBJECT_IDENTIFIER PKCS5 = OBJECT_IDENTIFIER.PKCS5;
private static final OBJECT_IDENTIFIER PKCS12_PBE =
OBJECT_IDENTIFIER.PKCS12.subBranch(1);
///////////////////////////////////////////////////////////////////////
// OID mapping
///////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////
// PKCS 5 v2
public static final PBEAlgorithm
PBE_PKCS5_PBKDF2 = new PBEAlgorithm(
SEC_OID_PKCS5_PBKDF2, "PBKDF2", 128,
PKCS5.subBranch(12), EncryptionAlgorithm.AES_128_CBC, 8 );
//////////////////////////////////////////////////////////////
// PKCS 5 v2
public static final PBEAlgorithm
PBE_PKCS5_PBES2 = new PBEAlgorithm(
SEC_OID_PKCS5_PBES2, "PBES2", 128,
PKCS5.subBranch(13), EncryptionAlgorithm.AES_128_CBC, 8 );
//////////////////////////////////////////////////////////////
// PKCS 5 v2
public static final PBEAlgorithm
PBE_PKCS5_PBMAC1 = new PBEAlgorithm(
SEC_OID_PKCS5_PBMAC1, "PBMAC1", 128,
PKCS5.subBranch(14), EncryptionAlgorithm.AES_128_CBC, 8 );
//////////////////////////////////////////////////////////////
public static final PBEAlgorithm
PBE_MD2_DES_CBC = new PBEAlgorithm(
SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC, "PBE/MD2/DES/CBC", 56,
PKCS5.subBranch(1), EncryptionAlgorithm.DES_CBC, 8 );
//////////////////////////////////////////////////////////////
public static final PBEAlgorithm
PBE_MD5_DES_CBC = new PBEAlgorithm(
SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC, "PBE/MD5/DES/CBC", 56,
PKCS5.subBranch(3), EncryptionAlgorithm.DES_CBC, 8 );
//////////////////////////////////////////////////////////////
public static final PBEAlgorithm
PBE_SHA1_DES_CBC = new PBEAlgorithm(
SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC, "PBE/SHA1/DES/CBC", 56,
PKCS5.subBranch(10), EncryptionAlgorithm.DES_CBC, 8 );
//////////////////////////////////////////////////////////////
public static final PBEAlgorithm
PBE_SHA1_RC4_128 = new PBEAlgorithm(
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4,
"PBE/SHA1/RC4-128", 128, PKCS12_PBE.subBranch(1),
EncryptionAlgorithm.RC4, 20 );
//////////////////////////////////////////////////////////////
public static final PBEAlgorithm
PBE_SHA1_RC4_40 = new PBEAlgorithm(
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4,
"PBE/SHA1/RC4-40", 40, PKCS12_PBE.subBranch(2),
EncryptionAlgorithm.RC4, 20 );
//////////////////////////////////////////////////////////////
public static final PBEAlgorithm
PBE_SHA1_DES3_CBC = new PBEAlgorithm(
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC,
"PBE/SHA1/DES3/CBC", 168, PKCS12_PBE.subBranch(3),
EncryptionAlgorithm.DES3_CBC, 20 );
//////////////////////////////////////////////////////////////
public static final PBEAlgorithm
PBE_SHA1_RC2_128_CBC = new PBEAlgorithm(
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
"PBE/SHA1/RC2-128", 128, PKCS12_PBE.subBranch(5),
EncryptionAlgorithm.RC2_CBC, 20 );
//////////////////////////////////////////////////////////////
public static final PBEAlgorithm
PBE_SHA1_RC2_40_CBC = new PBEAlgorithm(
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
"PBE/SHA1/RC2-40", 40, PKCS12_PBE.subBranch(6),
EncryptionAlgorithm.RC2_CBC, 20 );
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/PBEKeyGenParams.java���������������������������������0000664�0000000�0000000�00000010757�14125500636�0025060�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.KeySpec;
import org.mozilla.jss.util.Password;
public class PBEKeyGenParams implements AlgorithmParameterSpec, KeySpec {
private Password pass;
private byte[] salt;
private int iterations;
private EncryptionAlgorithm encryptionAlgorithm = EncryptionAlgorithm.DES3_CBC;
static private final int DEFAULT_SALT_LENGTH = 8;
static private final int DEFAULT_ITERATIONS = 1;
/**
* Creates PBE parameters.
*
* @param pass The password. It will be cloned, so the
* caller is still responsible for clearing it. It must not be null.
* @param salt The salt for the PBE algorithm. Will not be cloned.
* Must not be null. It is the responsibility of the caller to
* use the right salt length for the algorithm. Most algorithms
* use 8 bytes of salt.
* @param iterations The iteration count for the PBE algorithm.
*/
public PBEKeyGenParams(Password pass, byte[] salt, int iterations) {
if (pass == null || salt == null) {
throw new NullPointerException();
}
this.pass = (Password) pass.clone();
this.salt = salt;
this.iterations = iterations;
}
/**
* Creates PBE parameters using default encryption algorithm
* (DES3_EDE3_CBC).
*
* @param pass The password. It will be cloned, so the
* caller is still responsible for clearing it. It must not be null.
* @param salt The salt for the PBE algorithm. Will not be cloned.
* Must not be null. It is the responsibility of the caller to
* use the right salt length for the algorithm. Most algorithms
* use 8 bytes of salt.
* @param iterations The iteration count for the PBE algorithm.
*/
public PBEKeyGenParams(char[] pass, byte[] salt, int iterations) {
if (pass == null || salt == null) {
throw new NullPointerException();
}
this.pass = new Password(pass.clone());
this.salt = salt;
this.iterations = iterations;
}
/**
* Creates PBE parameters using default encryption algorithm
* (DES3_EDE3_CBC).
*
* @param pass The password. It will be cloned, so the
* caller is still responsible for clearing it. It must not be null.
* @param salt The salt for the PBE algorithm. Will not be cloned.
* Must not be null. It is the responsibility of the caller to
* use the right salt length for the algorithm. Most algorithms
* use 8 bytes of salt.
* @param iterations The iteration count for the PBE algorithm.
* @param encAlg The encryption algorithm. This is used with SOME
* PBE algorithms for determining the KDF output length.
*/
public PBEKeyGenParams(
char[] pass, byte[] salt, int iterations,
EncryptionAlgorithm encAlg) {
if (pass == null || salt == null) {
throw new NullPointerException();
}
this.pass = new Password(pass.clone());
this.salt = salt;
this.iterations = iterations;
if (encAlg != null)
this.encryptionAlgorithm = encAlg;
}
/**
* Returns a reference to the password, not a copy.
*/
public Password getPassword() {
return pass;
}
/**
* Returns a reference to the salt.
*/
public byte[] getSalt() {
return salt;
}
/**
* Returns the iteration count.
*/
public int getIterations() {
return iterations;
}
/**
* The encryption algorithm is used with SOME PBE algorithms for
* determining the KDF output length.
*/
public EncryptionAlgorithm getEncryptionAlgorithm() {
return encryptionAlgorithm;
}
/**
* Clears the password. This should be called when this object is no
* longer needed so the password is not left around in memory.
*/
public void clear() {
pass.clear();
}
/**
* @deprecated finalize() in Object has been deprecated
*/
@Override
@Deprecated
protected void finalize() throws Throwable {
pass.clear();
}
}
�����������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/PKCS11Algorithm.java���������������������������������0000664�0000000�0000000�00000010407�14125500636�0024744�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������package org.mozilla.jss.crypto;
import org.mozilla.jss.pkcs11.PKCS11Constants;
public enum PKCS11Algorithm {
CKM_AES_CBC (Algorithm.CKM_AES_CBC, PKCS11Constants.CKM_AES_CBC),
CKM_AES_CBC_PAD (Algorithm.CKM_AES_CBC_PAD, PKCS11Constants.CKM_AES_CBC_PAD),
CKM_AES_ECB (Algorithm.CKM_AES_ECB, PKCS11Constants.CKM_AES_ECB),
CKM_AES_KEY_GEN (Algorithm.CKM_AES_KEY_GEN, PKCS11Constants.CKM_AES_KEY_GEN),
CKM_DES3_CBC_PAD (Algorithm.CKM_DES3_CBC_PAD, PKCS11Constants.CKM_DES3_CBC_PAD),
CKM_DES3_ECB (Algorithm.CKM_DES3_ECB, PKCS11Constants.CKM_DES3_ECB),
CKM_DES3_KEY_GEN (Algorithm.CKM_DES3_KEY_GEN, PKCS11Constants.CKM_DES3_KEY_GEN),
CKM_DES_CBC_PAD (Algorithm.CKM_DES_CBC_PAD, PKCS11Constants.CKM_DES_CBC_PAD),
CKM_DES_KEY_GEN (Algorithm.CKM_DES_KEY_GEN, PKCS11Constants.CKM_DES_KEY_GEN),
CKM_DSA_KEY_PAIR_GEN (Algorithm.CKM_DSA_KEY_PAIR_GEN, PKCS11Constants.CKM_DSA_KEY_PAIR_GEN),
CKM_EC_KEY_PAIR_GEN (Algorithm.CKM_EC_KEY_PAIR_GEN, PKCS11Constants.CKM_EC_KEY_PAIR_GEN),
CKM_NSS_AES_KEY_WRAP (Algorithm.CKM_NSS_AES_KEY_WRAP, PKCS11Constants.CKM_NSS_AES_KEY_WRAP),
CKM_NSS_AES_KEY_WRAP_PAD (Algorithm.CKM_NSS_AES_KEY_WRAP_PAD, PKCS11Constants.CKM_NSS_AES_KEY_WRAP_PAD),
CKM_PBA_SHA1_WITH_SHA1_HMAC (Algorithm.CKM_PBA_SHA1_WITH_SHA1_HMAC, PKCS11Constants.CKM_PBA_SHA1_WITH_SHA1_HMAC),
CKM_RC2_CBC_PAD (Algorithm.CKM_RC2_CBC_PAD, PKCS11Constants.CKM_RC2_CBC_PAD),
CKM_RC2_KEY_GEN (Algorithm.CKM_RC2_KEY_GEN, PKCS11Constants.CKM_RC2_KEY_GEN),
CKM_RC4_KEY_GEN (Algorithm.CKM_RC4_KEY_GEN, PKCS11Constants.CKM_RC4_KEY_GEN),
CKM_RSA_PKCS_KEY_PAIR_GEN (Algorithm.CKM_RSA_PKCS_KEY_PAIR_GEN, PKCS11Constants.CKM_RSA_PKCS_KEY_PAIR_GEN),
CKM_SHA_1_HMAC (Algorithm.CKM_SHA_1_HMAC, PKCS11Constants.CKM_SHA_1_HMAC),
CKM_SHA_256_HMAC (Algorithm.CKM_SHA256_HMAC, PKCS11Constants.CKM_SHA256_HMAC),
CKM_SHA_384_HMAC (Algorithm.CKM_SHA384_HMAC, PKCS11Constants.CKM_SHA384_HMAC),
CKM_SHA_512_HMAC (Algorithm.CKM_SHA512_HMAC, PKCS11Constants.CKM_SHA512_HMAC),
CKM_AES_CMAC (Algorithm.CKM_AES_CMAC, PKCS11Constants.CKM_AES_CMAC),
CKM_SP800_108_COUNTER_KDF (Algorithm.CKM_SP800_108_COUNTER_KDF, PKCS11Constants.CKM_SP800_108_COUNTER_KDF),
CKM_SP800_108_FEEDBACK_KDF (Algorithm.CKM_SP800_108_FEEDBACK_KDF, PKCS11Constants.CKM_SP800_108_FEEDBACK_KDF),
CKM_SP800_108_DOUBLE_PIPELINE_KDF (Algorithm.CKM_SP800_108_DOUBLE_PIPELINE_KDF, PKCS11Constants.CKM_SP800_108_DOUBLE_PIPELINE_KDF),
CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA (Algorithm.CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, PKCS11Constants.CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA),
CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA (Algorithm.CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, PKCS11Constants.CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA),
CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA (Algorithm.CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, PKCS11Constants.CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA),
CKM_MD2(Algorithm.SEC_OID_MD2, PKCS11Constants.CKM_MD2),
CKM_MD5(Algorithm.SEC_OID_MD5, PKCS11Constants.CKM_MD5),
CKM_SHA_1(Algorithm.SEC_OID_SHA1, PKCS11Constants.CKM_SHA_1),
CKM_SHA256(Algorithm.SEC_OID_SHA256, PKCS11Constants.CKM_SHA256),
CKM_SHA384(Algorithm.SEC_OID_SHA384, PKCS11Constants.CKM_SHA384),
CKM_SHA512(Algorithm.SEC_OID_SHA512, PKCS11Constants.CKM_SHA512);
// Value from Algorithm's constant -- this is an index into Algorithm's
// table.
private int alg_index;
// Value from PKCS11Constants -- this is a constant defined in PKCS #11.
private long pk11_value;
private PKCS11Algorithm(int alg_index, long pk11_value) {
this.alg_index = alg_index;
this.pk11_value = pk11_value;
}
public int getIndex() {
return alg_index;
}
public long getValue() {
return pk11_value;
}
public static PKCS11Algorithm valueOfIndex(int index) {
for (PKCS11Algorithm alg : PKCS11Algorithm.values()) {
if (alg.alg_index == index) {
return alg;
}
}
return null;
}
public static PKCS11Algorithm valueOfConstant(long constant) {
for (PKCS11Algorithm alg : PKCS11Algorithm.values()) {
if (alg.pk11_value == constant) {
return alg;
}
}
return null;
}
}
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/PQGParamGenException.java����������������������������0000664�0000000�0000000�00000001326�14125500636�0026114�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
public class PQGParamGenException extends Exception {
private static final long serialVersionUID = 1L;
public PQGParamGenException() {}
public PQGParamGenException(String mesg) { super(mesg); }
public PQGParamGenException(String mesg, Throwable cause) { super(mesg, cause); }
public PQGParamGenException(String mesg, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
super(mesg, cause, enableSuppression, writableStackTrace);
}
}
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/PQGParams.c������������������������������������������0000664�0000000�0000000�00000024346�14125500636�0023276�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "_jni/org_mozilla_jss_crypto_PQGParams.h"
#include This class has two main purposes:
* generating PQG parameters and verifying PQG parameters. To generate
* PQG parameters, call one of the static It is necessary to call BigInteger adds an extra sign bit to the beginning of its byte
* array representation. In some cases this will cause the size
* of the byte array to increase, which may be unacceptable for some
* applications. This function returns a minimal byte array representing
* the BigInteger without extra sign bits.
*
* @return An unsigned, big-endian byte array representation
* of a BigInteger.
*/
public static byte[] BigIntegerToUnsignedByteArray(BigInteger big) {
byte[] ret;
// big must not be negative
assert(big.signum() != -1);
// bitLength is the size of the data without the sign bit. If
// it exactly fills an integral number of bytes, that means a whole
// new byte will have to be added to accomodate the sign bit. In
// this case we need to remove the first byte.
if(big.bitLength() % 8 == 0) {
byte[] array = big.toByteArray();
// The first byte should just be sign bits
assert( array[0] == 0 );
ret = new byte[array.length-1];
System.arraycopy(array, 1, ret, 0, ret.length);
} else {
ret = big.toByteArray();
}
return ret;
}
/**
* Verifies the PQG parameters using the seed, counter, and H values.
* @return true if the parameters verified correctly, false if they
* did not verify.
*/
public boolean paramsAreValid() {
return paramsAreValidNative(BigIntegerToUnsignedByteArray( getP() ),
BigIntegerToUnsignedByteArray( getQ() ),
BigIntegerToUnsignedByteArray( getG() ),
BigIntegerToUnsignedByteArray( seed ),
counter,
BigIntegerToUnsignedByteArray( H ));
}
private native boolean paramsAreValidNative(byte[] P, byte[] Q, byte[]G,
byte[] seed, int counter, byte[] H);
/**
* @return The Seed used to generate P, Q, and G.
*/
public BigInteger getSeed() {
return seed;
}
/**
* @return The Counter (C) used to generate P, Q, and G.
*/
public int getCounter() {
return counter;
}
/**
* @return The H value used to generate P, Q, and G.
*/
public BigInteger getH() {
return H;
}
private BigInteger seed;
private int counter;
private BigInteger H;
}
������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/Policy.c���������������������������������������������0000664�0000000�0000000�00000002305�14125500636�0022731�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#include "_jni/org_mozilla_jss_crypto_Policy.h"
#include A dedicated key is used to encrypt all SecretDecoderRing data.
* The same key is used for all SDR data, and not for any other data.
* This key will be generated the first time it is needed.
*
* The cipher used is DES3-EDE (Triple-DES) in CBC mode. The ciphertext
* is DER-encoded in the following ASN.1 data structure:
* You must set the password on the Internal Key Storage Token
* (aka software token, key3.db) before you use the SecretDecoderRing.
*/
public class SecretDecoderRing {
public static final String encodingFormat = "UTF-8";
/**
* Encrypts the given plaintext with the Secret Decoder Ring key stored
* in the NSS key database.
*/
public native byte[] encrypt(byte[] plaintext)
throws TokenException;
/**
* Encrypts the given plaintext string with the Secret Decoder Ring key
* stored in the NSS key database.
*/
public byte[] encrypt(String plaintext) throws TokenException {
try {
return encrypt(plaintext.getBytes(encodingFormat));
} catch(UnsupportedEncodingException e) {
// this shouldn't happen, because we use a universally-supported
// charset
throw new RuntimeException(e.getMessage());
}
}
/**
* Decrypts the given ciphertext with the Secret Decoder Ring key stored
* in the NSS key database.
*/
public native byte[] decrypt(byte[] ciphertext)
throws TokenException;
/**
* Decrypts the given ciphertext with the Secret Decoder Ring key stored
* in the NSS key database, returning the original plaintext string.
*/
public String decryptToString(byte[] ciphertext)
throws TokenException {
try {
return new String(decrypt(ciphertext), encodingFormat);
} catch(UnsupportedEncodingException e) {
// this shouldn't happen, because we use a universally-supported
// charset
throw new RuntimeException(e.getMessage());
}
}
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/SecretKeyFacade.java���������������������������������0000664�0000000�0000000�00000001327�14125500636�0025156�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
public class SecretKeyFacade implements javax.crypto.SecretKey {
private static final long serialVersionUID = 1L;
public SymmetricKey key;
public SecretKeyFacade(SymmetricKey symk) {
key = symk;
}
@Override
public String getAlgorithm() {
return key.getAlgorithm();
}
@Override
public byte[] getEncoded() {
return key.getEncoded();
}
@Override
public String getFormat() {
return key.getFormat();
}
}
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/ShortBufferException.java����������������������������0000664�0000000�0000000�00000000706�14125500636�0026304�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
/**
* This class is a placeholder for javax.crypto.ShortBufferException until
* we move to JDK 1.2.
*/
public class ShortBufferException extends Exception {
private static final long serialVersionUID = 1L; }
����������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/Signature.java���������������������������������������0000664�0000000�0000000�00000015147�14125500636�0024142�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
/**
* A class for producing and verifying digital signatures.
* Instances of this class can be obtain from
* When you unwrap a symmetric key, you must specify which one of these
* operations it will be used to perform.
*/
public enum Usage {
ENCRYPT(PKCS11Constants.CKF_ENCRYPT, PKCS11Constants.CKA_ENCRYPT), DECRYPT(PKCS11Constants.CKF_DECRYPT,
PKCS11Constants.CKA_DECRYPT), WRAP(PKCS11Constants.CKF_WRAP, PKCS11Constants.CKA_WRAP), UNWRAP(
PKCS11Constants.CKF_UNWRAP,
PKCS11Constants.CKA_UNWRAP), SIGN(PKCS11Constants.CKF_SIGN, PKCS11Constants.CKA_SIGN), VERIFY(
PKCS11Constants.CKF_VERIFY, PKCS11Constants.CKA_VERIFY);
private final long value;
private final long cka_value;
Usage(long value, long cka_value) {
this.value = value;
this.cka_value = cka_value;
}
/**
* @deprecated Use
* This deprecated extension, if present, defines both the purpose (e.g., encipherment, signature, certificate signing)
* and the application (e.g., SSL, S/Mime or Object Signing of the key contained in the certificate.
*
* @author galperin
* @version $Revision$, $Date$
*/
public class NSCertTypeExtension extends Extension implements CertAttrSet {
/**
*
*/
private static final long serialVersionUID = 1856407688086284397L;
// The object identifiers
private static final int CertType_data[] = { 2, 16, 840, 1, 113730, 1, 1 };
/**
* Identifies the particular public key used to sign the certificate.
*/
public static final ObjectIdentifier CertType_Id = new
ObjectIdentifier(CertType_data);
/**
* Attribute names.
*/
public static final String NAME = "NSCertType";
public static final String SSL_CLIENT = "ssl_client";
public static final String SSL_SERVER = "ssl_server";
public static final String EMAIL = "email";
public static final String OBJECT_SIGNING = "object_signing";
public static final String SSL_CA = "ssl_ca";
public static final String EMAIL_CA = "email_ca";
public static final String OBJECT_SIGNING_CA = "object_signing_ca";
/**
* Attribute names.
*/
public static final int SSL_CLIENT_BIT = 0;
public static final int SSL_SERVER_BIT = 1;
public static final int EMAIL_BIT = 2;
public static final int OBJECT_SIGNING_BIT = 3;
// 4 is reserved.
public static final int SSL_CA_BIT = 5;
public static final int EMAIL_CA_BIT = 6;
public static final int OBJECT_SIGNING_CA_BIT = 7;
public static final int NBITS = 8;
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.extensions.NSCertType";
// Private data members
private byte[] mBitString;
private static class MapEntry {
String mName;
int mPosition;
MapEntry(String name, int position) {
mName = name;
mPosition = position;
}
}
private static MapEntry[] mMapData =
{
new MapEntry(SSL_CLIENT, 0),
new MapEntry(SSL_SERVER, 1),
new MapEntry(EMAIL, 2),
new MapEntry(OBJECT_SIGNING, 3),
// note that bit 4 is reserved
new MapEntry(SSL_CA, 5),
new MapEntry(EMAIL_CA, 6),
new MapEntry(OBJECT_SIGNING_CA, 7),
};
private static Vector
* Attributes are addiitonal attributes which can be inserted in a PKCS certificate request. For example a
* "Driving License Certificate" could have the driving license number as a attribute.
*
*
* Attributes are represented as a sequence of the attribute identifier (Object Identifier) and a set of DER encoded
* attribute values. The current implementation only supports one value per attribute.
*
* ASN.1 definition of Attribute:
*
* CryptoToken
* @see org.mozilla.jss.crypto.CryptoToken
*/
public synchronized EnumerationPK11Module.
* @see org.mozilla.jss.pkcs11.PK11Module
*/
public synchronized Enumerationinitialize(InitializationValues has not yet been
* called.
* @return CryptoManager instance.
*/
public static CryptoManager getInstance()
throws NotInitializedException
{
synchronized (CryptoManager.class) {
if (instance != null) {
return instance;
}
}
/* Java has lazy-loading Security providers; until a provider
* is requested, it won't be loaded. This means we could've
* initialized the CryptoManager via the JSSLoader but we won't
* know about it until it is explicitly requested.
*
* This breaks tests looking to configure a file-based password
* handler: if the very first call is to getInstance(...) instead
* of a Provider call, we'd fail.
*
* Try to get the Mozilla-JSS provider by name before reporting
* that we're not initialized.
*
* However, in order for the JSSProvider to load, we need to
* release our lock on CryptoManager (and in particular, on
* CryptoManager.instance).
*
* For a more complete discussion see docs/usage/cryptomanager.md
* in the source distribution.
*/
java.security.Provider p = Security.getProvider("Mozilla-JSS");
synchronized (CryptoManager.class) {
// When instance is properly configured, use that.
if (instance != null) {
return instance;
}
// Otherwise, work around this by looking at what JSSProvider
// created. Note that this will work when CryptoManager no
// longer is a singleton and becomes tied to a specific
// JSSProvider instance.
if (p instanceof JSSProvider) {
JSSProvider jssProvider = (JSSProvider) p;
assert jssProvider.getCryptoManager() != null;
if (instance == null) {
instance = jssProvider.getCryptoManager();
}
return instance;
}
}
throw new NotInitializedException();
}
/**
* The singleton instance, and a static initializer to create it.
*/
private static CryptoManager instance=null;
///////////////////////////////////////////////////////////////////////
// FIPS management
///////////////////////////////////////////////////////////////////////
/**
* Enables or disables FIPS-140-2 compliant mode. If this returns true,
* you must reloadModules(). This should only be called once in a program,
* at the beginning, because it invalidates tokens and modules.
*
* @param fips true to turn FIPS compliant mode on, false to turn it off.
*/
private static native boolean enableFIPS(boolean fips)
throws GeneralSecurityException;
/**
* Determines whether FIPS-140-2 compliance is active.
*
* @return true if the security library is in FIPS-140-2 compliant mode.
*/
public synchronized native boolean FIPSEnabled();
///////////////////////////////////////////////////////////////////////
// Password Callback management
///////////////////////////////////////////////////////////////////////
/**
* This function sets the global password callback. It is
* not thread-safe to change this.
* initialize methods that take arguments should be
* called only once, otherwise they will throw
* an exception. It is OK to call them after calling
* initialize().
*
* @param configDir The directory containing the security databases.
* @exception org.mozilla.jss.KeyDatabaseException Unable to open
* the key database, or it was currupted.
* @exception org.mozilla.jss.CertDatabaseException Unable
* to open the certificate database, or it was currupted.
* @exception AlreadyInitializedException If the security subsystem is already initialized.
* @exception GeneralSecurityException If other security error occurred.
**/
public static synchronized void initialize( String configDir )
throws KeyDatabaseException,
CertDatabaseException,
AlreadyInitializedException,
GeneralSecurityException
{
initialize( new InitializationValues(configDir) );
}
/**
* Initialize the security subsystem. Opens the databases, loads all
* PKCS #11 modules, initializes the internal random number generator.
* The initialize methods that take arguments should be
* called only once, otherwise they will throw
* an exception. It is OK to call them after calling
* initialize().
*
* @param values The options with which to initialize CryptoManager.
* @exception org.mozilla.jss.KeyDatabaseException Unable to open
* the key database, or it was corrupted.
* @exception org.mozilla.jss.CertDatabaseException Unable
* to open the certificate database, or it was currupted.
* @exception AlreadyInitializedException If security subsystem is already initialized.
* @exception GeneralSecurityException If other security error occurred.
**/
public static synchronized void initialize( InitializationValues values )
throws
KeyDatabaseException,
CertDatabaseException,
AlreadyInitializedException,
GeneralSecurityException
{
if(instance != null) {
throw new AlreadyInitializedException();
}
if (values.ocspResponderURL != null) {
if (values.ocspResponderCertNickname == null) {
throw new GeneralSecurityException(
"Must set ocspResponderCertNickname");
}
}
initializeAllNative2(values.configDir,
values.certPrefix,
values.keyPrefix,
values.secmodName,
values.readOnly,
values.getManufacturerID(),
values.getLibraryDescription(),
values.getInternalTokenDescription(),
values.getInternalKeyStorageTokenDescription(),
values.getInternalSlotDescription(),
values.getInternalKeyStorageSlotDescription(),
values.getFIPSSlotDescription(),
values.getFIPSKeyStorageSlotDescription(),
values.ocspCheckingEnabled,
values.ocspResponderURL,
values.ocspResponderCertNickname,
values.initializeJavaOnly,
values.PKIXVerify,
values.noCertDB,
values.noModDB,
values.forceOpen,
values.noRootInit,
values.optimizeSpace,
values.PK11ThreadSafe,
values.PK11Reload,
values.noPK11Finalize,
values.cooperate
);
instance = new CryptoManager();
instance.setPasswordCallback(values.passwordCallback);
if( values.fipsMode != InitializationValues.FIPSMode.UNCHANGED) {
if( enableFIPS(values.fipsMode ==
InitializationValues.FIPSMode.ENABLED) )
{
instance.reloadModules();
}
}
// Force class load before we install the provider. Otherwise we get
// an infinite loop as the Security manager tries to instantiate the
// digest to verify its own JAR file.
JSSMessageDigestSpi mds = new JSSMessageDigestSpi.SHA1();
logger.debug("Loaded " + mds);
// Force the KeyType class to load before we can install JSS as a
// provider. JSS's signature provider accesses KeyType.
KeyType kt = KeyType.getKeyTypeFromAlgorithm(
SignatureAlgorithm.RSASignatureWithSHA1Digest);
logger.debug("Loaded " + kt);
if( values.installJSSProvider ) {
int insert_position = 1;
if (!values.installJSSProviderFirst) {
insert_position = java.security.Security.getProviders().length + 1;
}
int position = java.security.Security.insertProviderAt(new JSSProvider(true), insert_position);
if (position < 0) {
logger.warn("JSS provider is already installed");
}
// This returns -1 if the provider was already installed, in which
// case it is not installed again. Is this
// an error? I don't think so, although it might be confusing
// if the provider is not in the position they expected.
// However, this will only happen if they are installing the
// provider themselves, so presumably they know what they're
// doing.
}
if( values.removeSunProvider ) {
java.security.Security.removeProvider("SUN");
}
logger.info("JSS CryptoManager: successfully initialized from NSS database at " + values.configDir);
}
private static native void
initializeAllNative2(String configDir,
String certPrefix,
String keyPrefix,
String secmodName,
boolean readOnly,
String manufacturerID,
String libraryDescription,
String internalTokenDescription,
String internalKeyStorageTokenDescription,
String internalSlotDescription,
String internalKeyStorageSlotDescription,
String fipsSlotDescription,
String fipsKeyStorageSlotDescription,
boolean ocspCheckingEnabled,
String ocspResponderURL,
String ocspResponderCertNickname,
boolean initializeJavaOnly,
boolean PKIXVerify,
boolean noCertDB,
boolean noModDB,
boolean forceOpen,
boolean noRootInit,
boolean optimizeSpace,
boolean PK11ThreadSafe,
boolean PK11Reload,
boolean noPK11Finalize,
boolean cooperate)
throws KeyDatabaseException,
CertDatabaseException,
AlreadyInitializedException;
/////////////////////////////////////////////////////////////
// Cert Lookup
/////////////////////////////////////////////////////////////
/**
* Retrieves all CA certificates in the trust database. This
* is a fairly expensive operation in that it involves traversing
* the entire certificate database.
* @return An array of all CA certificates stored permanently
* in the trust database.
*/
public native X509Certificate[]
getCACerts();
/**
* Retrieves all certificates in the trust database. This
* is a fairly expensive operation in that it involves traversing
* the entire certificate database.
* @return An array of all certificates stored permanently
* in the trust database.
*/
public native X509Certificate[]
getPermCerts();
/**
* Imports a chain of certificates. The leaf certificate may be a
* a user certificate, that is, a certificate that belongs to the
* current user and whose private key is available for use.
* If the leaf certificate is a user certificate, it is stored
* on the token
* that contains the corresponding private key, and is assigned the
* given nickname.
*
* @param certPackage An encoded certificate or certificate chain.
* Acceptable
* encodings are binary PKCS #7 SignedData objects and
* DER-encoded certificates, which may or may not be wrapped
* in a Base-64 encoding package surrounded by
* "-----BEGIN CERTIFICATE-----" and
* "-----END CERTIFICATE-----".
* @param nickname The nickname for the user certificate. It must
* be unique. It is ignored if there is no user certificate.
* @return The leaf certificate from the chain.
* @exception CertificateEncodingException If the package encoding
* was not recognized.
* @exception NicknameConflictException If the leaf certificate
* is a user certificate, and another certificate already has the
* given nickname.
* @exception UserCertConflictException If the leaf certificate
* is a user certificate, but it has already been imported.
* @exception NoSuchItemOnTokenException If the leaf certificate is
* a user certificate, but the matching private key cannot be found.
* @exception TokenException If an error occurs importing a leaf
* certificate into a token.
*/
public X509Certificate
importCertPackage(byte[] certPackage, String nickname )
throws CertificateEncodingException,
NicknameConflictException,
UserCertConflictException,
NoSuchItemOnTokenException,
TokenException
{
return importCertPackageNative(certPackage, nickname, false, false);
}
/**
* Imports a chain of certificates. The leaf of the chain is a CA
* certificate AND a user certificate (this would only be called by
* a CA installing its own certificate).
*
* @param certPackage An encoded certificate or certificate chain.
* Acceptable
* encodings are binary PKCS #7 SignedData objects and
* DER-encoded certificates, which may or may not be wrapped
* in a Base-64 encoding package surrounded by
* "-----BEGIN CERTIFICATE-----" and
* "-----END CERTIFICATE-----".
* @param nickname The nickname for the user certificate. It must
* be unique.
* @return The leaf certificate from the chain.
* @exception CertificateEncodingException If the package encoding
* was not recognized.
* @exception NicknameConflictException If the leaf certificate
* another certificate already has the given nickname.
* @exception UserCertConflictException If the leaf certificate
* has already been imported.
* @exception NoSuchItemOnTokenException If the the private key matching
* the leaf certificate cannot be found.
* @exception TokenException If an error occurs importing the leaf
* certificate into a token.
*/
public X509Certificate
importUserCACertPackage(byte[] certPackage, String nickname)
throws CertificateEncodingException,
NicknameConflictException,
UserCertConflictException,
NoSuchItemOnTokenException,
TokenException
{
return importCertPackageNative(certPackage, nickname, false, true);
}
/**
* Imports a chain of certificates, none of which is a user certificate.
*
* @param certPackage An encoded certificate or certificate chain.
* Acceptable
* encodings are binary PKCS #7 SignedData objects and
* DER-encoded certificates, which may or may not be wrapped
* in a Base-64 encoding package surrounded by
* "-----BEGIN CERTIFICATE-----" and
* "-----END CERTIFICATE-----".
* @return The leaf certificate from the chain.
* @exception CertificateEncodingException If the package encoding
* was not recognized.
* @exception TokenException If an error occurs importing a leaf
* certificate into a token.
*/
public X509Certificate
importCACertPackage(byte[] certPackage)
throws CertificateEncodingException,
TokenException
{
try {
return importCertPackageNative(certPackage, null, true, false);
} catch(NicknameConflictException e) {
logger.error("importing CA certs caused nickname conflict", e);
throw new RuntimeException("Importing CA certs caused nickname conflict: " + e.getMessage(), e);
} catch(UserCertConflictException e) {
logger.error("importing CA certs caused user cert conflict", e);
throw new RuntimeException("Importing CA certs caused user cert conflict: " + e.getMessage(), e);
} catch(NoSuchItemOnTokenException e) {
logger.error("importing CA certs caused NoSuchItemOnTokenException", e);
throw new RuntimeException("Importing CA certs caused NoSuchItemOnToken"+
"Exception: " + e.getMessage(), e);
}
}
/**
* Imports a single certificate into the permanent certificate
* database.
*
* @param cert the certificate you want to add
* @param nickname the nickname you want to refer to the certificate as
* (must not be null)
* @return Certificate object.
* @throws TokenException If an error occurred in the token.
* @throws InvalidNicknameException If the nickname is invalid.
*/
public InternalCertificate
importCertToPerm(X509Certificate cert, String nickname)
throws TokenException, InvalidNicknameException
{
if (nickname==null) {
throw new InvalidNicknameException("Nickname must be non-null");
}
else {
return importCertToPermNative(cert,nickname);
}
}
/**
* Imports a single DER-encoded certificate into the permanent or temporary
* certificate database.
*/
public X509Certificate importDERCert(byte[] cert, CertificateUsage usage,
boolean permanent, String nickname) {
return importDERCertNative(cert, usage.getEnumValue(), permanent, nickname);
}
private native X509Certificate importDERCertNative(byte[] cert, int usage, boolean permanent, String nickname);
private native InternalCertificate
importCertToPermNative(X509Certificate cert, String nickname)
throws TokenException;
/**
* @param noUser true if we know that none of the certs are user certs.
* In this case, no attempt will be made to find a matching private
* key for the leaf certificate.
*/
private native X509Certificate
importCertPackageNative(byte[] certPackage, String nickname,
boolean noUser, boolean leafIsCA)
throws CertificateEncodingException,
NicknameConflictException,
UserCertConflictException,
NoSuchItemOnTokenException,
TokenException;
/*============ CRL importing stuff ********************************/
private static int TYPE_KRL = 0;
private static int TYPE_CRL = 1;
/**
* Imports a CRL, and stores it into the cert7.db
* Validate CRL then import it to the dbase. If there is already a CRL with the
* same CA in the dbase, it will be replaced if derCRL is more up to date.
*
* @param crl the DER-encoded CRL.
* @param url the URL where this CRL can be retrieved from (for future updates).
* [ note that CRLs are not retrieved automatically ]. Can be null
* @exception CRLImportException If the package encoding
* was not recognized.
* @exception TokenException If an error occurred in the token.
*/
public void
importCRL(byte[] crl,String url)
throws CRLImportException,
TokenException
{
importCRLNative(crl,url,TYPE_CRL);
}
/**
* Imports a CRL, and stores it into the cert7.db
*
* @param the DER-encoded CRL.
*/
private native
void importCRLNative(byte[] crl, String url, int rl_type)
throws CRLImportException, TokenException;
/*============ Cert Exporting stuff ********************************/
/**
* Exports one or more certificates into a PKCS #7 certificate container.
* This is just a SignedData object whose certificates
* field contains the given certificates but whose content field
* is empty.
*
* @param certs One or more certificates that should be exported into
* the PKCS #7 object. The leaf certificate should be the first
* in the chain. The output of buildCertificateChain
* would be appropriate here.
* @exception CertificateEncodingException If the array is empty,
* or an error occurred encoding the certificates.
* @return A byte array containing a PKCS #7 SignedData object.
* @see #buildCertificateChain
*/
public native byte[]
exportCertsToPKCS7(X509Certificate[] certs)
throws CertificateEncodingException;
/**
* Looks up a certificate given its nickname.
*
* @param nickname The nickname of the certificate to look for.
* @return The certificate matching this nickname, if one is found.
* @exception ObjectNotFoundException If no certificate could be found
* with the given nickname.
* @exception TokenException If an error occurs in the security library.
*/
public org.mozilla.jss.crypto.X509Certificate
findCertByNickname(String nickname)
throws ObjectNotFoundException, TokenException
{
assert(nickname!=null);
return findCertByNicknameNative(nickname);
}
/**
* Returns all certificates with the given nickname.
*
* @param nickname The nickname of the certificate to look for.
* @return The certificates matching this nickname. The array may be empty
* if no matching certs were found.
* @exception TokenException If an error occurs in the security library.
*/
public org.mozilla.jss.crypto.X509Certificate[]
findCertsByNickname(String nickname)
throws TokenException
{
assert(nickname!=null);
return findCertsByNicknameNative(nickname);
}
/**
* Looks up a certificate by issuer and serial number. The internal
* database and all PKCS #11 modules are searched.
*
* @param derIssuer The DER encoding of the certificate issuer name.
* The issuer name has ASN.1 type Name, which is defined in
* X.501.
* @param serialNumber The certificate serial number.
* @return Certificate object.
* @exception ObjectNotFoundException If the certificate is not found
* in the internal certificate database or on any PKCS #11 token.
* @exception TokenException If an error occurs in the security library.
*/
public org.mozilla.jss.crypto.X509Certificate
findCertByIssuerAndSerialNumber(byte[] derIssuer, INTEGER serialNumber)
throws ObjectNotFoundException, TokenException
{
try {
ANY sn = (ANY) ASN1Util.decode(ANY.getTemplate(),
ASN1Util.encode(serialNumber) );
return findCertByIssuerAndSerialNumberNative(derIssuer,
sn.getContents() );
} catch( InvalidBERException e ) {
throw new RuntimeException("Invalid BER encoding of INTEGER: " + e.getMessage(), e);
}
}
/**
* @param serialNumber The contents octets of a DER-encoding of the
* certificate serial number.
*/
private native org.mozilla.jss.crypto.X509Certificate
findCertByIssuerAndSerialNumberNative(byte[] derIssuer, byte[] serialNumber)
throws ObjectNotFoundException, TokenException;
protected native org.mozilla.jss.crypto.X509Certificate
findCertByNicknameNative(String nickname)
throws ObjectNotFoundException, TokenException;
protected native org.mozilla.jss.crypto.X509Certificate[]
findCertsByNicknameNative(String nickname)
throws TokenException;
/////////////////////////////////////////////////////////////
// build cert chains
/////////////////////////////////////////////////////////////
/**
* Given a certificate, constructs its certificate chain. It may
* or may not chain up to a trusted root.
* @param leaf The certificate that is the starting point of the chain.
* @return An array of certificates, starting at the leaf and ending
* with the highest certificate on the chain that was found.
* @throws CertificateException If the certificate is not recognized
* by the underlying provider.
* @throws TokenException If an error occurred in the token.
*/
public org.mozilla.jss.crypto.X509Certificate[]
buildCertificateChain(org.mozilla.jss.crypto.X509Certificate leaf)
throws java.security.cert.CertificateException, TokenException
{
if( ! (leaf instanceof PK11Cert) ) {
throw new CertificateException(
"Certificate is not a PKCS #11 certificate");
}
return buildCertificateChainNative((PK11Cert)leaf);
}
native org.mozilla.jss.crypto.X509Certificate[]
buildCertificateChainNative(PK11Cert leaf)
throws CertificateException, TokenException;
/////////////////////////////////////////////////////////////
// lookup private keys
/////////////////////////////////////////////////////////////
/**
* Looks up the PrivateKey matching the given certificate.
*
* @param cert Certificate.
* @return Private key.
* @exception ObjectNotFoundException If no private key can be
* found matching the given certificate.
* @exception TokenException If an error occurs in the security library.
*/
public org.mozilla.jss.crypto.PrivateKey
findPrivKeyByCert(org.mozilla.jss.crypto.X509Certificate cert)
throws ObjectNotFoundException, TokenException
{
assert(cert!=null);
if(! (cert instanceof org.mozilla.jss.pkcs11.PK11Cert)) {
throw new ObjectNotFoundException("Non-pkcs11 cert passed to PK11Finder");
}
return findPrivKeyByCertNative(cert);
}
protected native org.mozilla.jss.crypto.PrivateKey
findPrivKeyByCertNative(org.mozilla.jss.crypto.X509Certificate cert)
throws ObjectNotFoundException, TokenException;
/////////////////////////////////////////////////////////////
// Provide Pseudo-Random Number Generation
/////////////////////////////////////////////////////////////
/**
* Retrieves a FIPS-140-2 validated random number generator.
*
* @return A JSS SecureRandom implemented with FIPS-validated NSS.
*/
public org.mozilla.jss.crypto.JSSSecureRandom
createPseudoRandomNumberGenerator()
{
return new PK11SecureRandom();
}
/**
* Retrieves a FIPS-140-2 validated random number generator.
*
* @return A JSS SecureRandom implemented with FIPS-validated NSS.
*/
@Override
public org.mozilla.jss.crypto.JSSSecureRandom
getSecureRNG() {
return new PK11SecureRandom();
}
/********************************************************************/
/* The VERSION Strings should be updated everytime a new release */
/* of JSS is generated. Note that this is done by changing */
/* cmake/JSSConfig.cmake. */
/********************************************************************/
public native static int getJSSMajorVersion();
public native static int getJSSMinorVersion();
public native static int getJSSPatchVersion();
private native static boolean getJSSDebug();
public static final String
JAR_JSS_VERSION = "JSS_VERSION = JSS_" + getJSSMajorVersion() +
"_" + getJSSMinorVersion() +
"_" + getJSSPatchVersion();
public static final boolean JSS_DEBUG = getJSSDebug();
// Hashtable is synchronized.
private Hashtablenull will also cause the
* InternalKeyStorageToken to be used.
*
* @param token The token to use for crypto operations. Specifying
* null will cause the InternalKeyStorageToken to be used.
*/
@Override
public void setThreadToken(CryptoToken token) {
if( token != null ) {
perThreadTokenTable.put(Thread.currentThread(), token);
} else {
perThreadTokenTable.remove(Thread.currentThread());
}
}
/**
* Returns the default token for the current thread. This token will
* be used when JSS is called through the JCA interface, which has
* no means of specifying which token to use.
*
* null will also cause the
* InternalKeyStorageToken to be used.
*
* @return The default token for this thread. If it has not been specified,
* it will be the InternalKeyStorageToken.
*/
@Override
public CryptoToken getThreadToken() {
CryptoToken tok =
perThreadTokenTable.get(Thread.currentThread());
if( tok == null ) {
tok = getInternalKeyStorageToken();
}
return tok;
}
/////////////////////////////////////////////////////////////
// isCertValid
/////////////////////////////////////////////////////////////
/**
* Verify a certificate that exists in the given cert database,
* check if is valid and that we trust the issuer. Verify time
* against Now.
* @param nickname The nickname of the certificate to verify.
* @param checkSig verify the signature of the certificate
* @return currCertificateUsage which contains current usage bit map as defined in CertificateUsage
*
* @exception InvalidNicknameException If the nickname is null
* @exception ObjectNotFoundException If no certificate could be found
* with the given nickname.
*/
public int isCertValid(String nickname, boolean checkSig)
throws ObjectNotFoundException, InvalidNicknameException
{
if (nickname==null) {
throw new InvalidNicknameException("Nickname must be non-null");
}
int currCertificateUsage = 0x0000; // initialize it to 0
currCertificateUsage = verifyCertificateNowCUNative(nickname,
checkSig);
return currCertificateUsage;
}
private native int verifyCertificateNowCUNative(String nickname,
boolean checkSig) throws ObjectNotFoundException;
/////////////////////////////////////////////////////////////
// isCertValid
/////////////////////////////////////////////////////////////
/**
* Verify a certificate that exists in the given cert database,
* check if is valid and that we trust the issuer. Verify time
* against Now.
* @param nickname The nickname of the certificate to verify.
* @param checkSig verify the signature of the certificate
* @param certificateUsage see certificateUsage defined to verify Certificate; to retrieve current certificate usage, call the isCertValid() above
* @return true for success; false otherwise
*
* @exception InvalidNicknameException If the nickname is null
* @exception ObjectNotFoundException If no certificate could be found
* with the given nickname.
* @deprecated Use verifyCertificate() instead
*/
@Deprecated
public boolean isCertValid(String nickname, boolean checkSig,
CertificateUsage certificateUsage)
throws ObjectNotFoundException, InvalidNicknameException
{
if (nickname==null) {
throw new InvalidNicknameException("Nickname must be non-null");
}
// 0 certificate usage will get current usage
// should call isCertValid() call above that returns certificate usage
if ((certificateUsage == null) ||
(certificateUsage == CertificateUsage.CheckAllUsages)){
int currCertificateUsage = 0x0000;
currCertificateUsage = verifyCertificateNowCUNative(nickname,
checkSig);
if (currCertificateUsage == CertificateUsage.basicCertificateUsages){
// cert is good for nothing
return false;
} else
return true;
} else {
return verifyCertificateNowNative(nickname, checkSig,
certificateUsage.getUsage());
}
}
/**
* Verify a certificate that exists in the given cert database,
* check if it's valid and that we trust the issuer. Verify time
* against now.
* @param nickname nickname of the certificate to verify.
* @param checkSig verify the signature of the certificate
* @param certificateUsage see certificate usage defined to verify certificate
*
* @exception InvalidNicknameException If the nickname is null.
* @exception ObjectNotFoundException If no certificate could be found
* with the given nickname.
* @exception CertificateException If certificate is invalid.
*/
public void verifyCertificate(String nickname,
boolean checkSig,
CertificateUsage certificateUsage)
throws ObjectNotFoundException, InvalidNicknameException, CertificateException {
int usage = certificateUsage == null ? 0 : certificateUsage.getUsage();
verifyCertificateNowNative2(nickname, checkSig, usage);
}
/**
* Verify an X509Certificate by checking if it's valid and that we trust
* the issuer. Verify time against now.
* @param cert the certificate to verify
* @param checkSig verify the signature of the certificate
* @param certificateUsage see certificate usage defined to verify certificate
*
* @exception InvalidNicknameException If the nickname is null.
* @exception ObjectNotFoundException If no certificate could be found
* with the given nickname.
* @exception CertificateException If certificate is invalid.
*/
public void verifyCertificate(X509Certificate cert, boolean checkSig,
CertificateUsage certificateUsage) throws ObjectNotFoundException,
InvalidNicknameException, CertificateException {
int usage = certificateUsage == null ? 0 : certificateUsage.getUsage();
verifyCertificateNowNative3(cert, checkSig, usage);
}
private native boolean verifyCertificateNowNative(String nickname,
boolean checkSig, int certificateUsage) throws ObjectNotFoundException;
private native void verifyCertificateNowNative2(
String nickname,
boolean checkSig,
int certificateUsage)
throws ObjectNotFoundException, InvalidNicknameException, CertificateException;
private native void verifyCertificateNowNative3(
X509Certificate cert,
boolean checkSig,
int certificateUsage)
throws ObjectNotFoundException, InvalidNicknameException, CertificateException;
/**
* note: this method calls obsolete function in NSS
*
* Verify a certificate that exists in the given cert database,
* check if is valid and that we trust the issuer. Verify time
* against Now.
* @param nickname The nickname of the certificate to verify.
* @param checkSig verify the signature of the certificate
* @param certUsage see exposed certUsage defines to verify Certificate
* @return true for success; false otherwise
*
* @exception InvalidNicknameException If the nickname is null
* @exception ObjectNotFoundException If no certificate could be found
* with the given nickname.
*/
public boolean isCertValid(String nickname, boolean checkSig,
CertUsage certUsage)
throws ObjectNotFoundException, InvalidNicknameException
{
if (nickname==null) {
throw new InvalidNicknameException("Nickname must be non-null");
}
return verifyCertNowNative(nickname, checkSig, certUsage.getUsage());
}
/*
* Obsolete in NSS
*/
private native boolean verifyCertNowNative(String nickname,
boolean checkSig, int cUsage) throws ObjectNotFoundException;
/////////////////////////////////////////////////////////////
// isCertValid
/////////////////////////////////////////////////////////////
/**
* Verify a certificate in memory. Check if
* valid and that we trust the issuer. Verify time
* against Now.
* @param certPackage certificate in memory
* @param checkSig verify the signature of the certificate
* @param certUsage see exposed certUsage defines to verify Certificate
* @return true for success; false otherwise
*
* @exception TokenException unable to insert temporary certificate
* into database.
* @exception CertificateEncodingException If the package encoding
* was not recognized.
*/
public boolean isCertValid(byte[] certPackage, boolean checkSig,
CertUsage certUsage)
throws TokenException, CertificateEncodingException
{
return verifyCertTempNative(certPackage , checkSig,
certUsage.getUsage());
}
private native boolean verifyCertTempNative(byte[] certPackage,
boolean checkSig, int cUsage)
throws TokenException, CertificateEncodingException;
///////////////////////////////////////////////////////////////////////
// OCSP management
///////////////////////////////////////////////////////////////////////
/* OCSP Policy related */
public enum OCSPPolicy {
NONE,
NORMAL,
LEAF_AND_CHAIN;
}
private static OCSPPolicy ocspPolicy = OCSPPolicy.NONE;
/**
* Gets the current ocsp Policy.
* Currently we only support 2 modes OCSP_LEAF_AND_CHAIN_POLICY.
* And OCSP_NORMAL_POLICY, which is current processing , by default.
* If we have AIA based OCSP enabled we will check all certs in the chain.
* using PKIX cert verfication calls in the various cert auth callbacks we
* have.
* @return - The current ocsp policy in effect.
*/
public static synchronized int getOCSPPolicy() {
return ocspPolicy.ordinal();
}
/**
* Gets the current OCSP Policy.
*
* @see getOCSPPolicy()
*
* @return - The current OCSP policy in effect.
*/
public static synchronized OCSPPolicy getOCSPPolicyEnum() {
return ocspPolicy;
}
/**
* Sets the current ocsp Policy.
* Currently we only support one mode OCSP_LEAF_AND_CHAIN_POLICY.
* If we have AIA based OCSP enabled we will check all certs in the chain.
* using PKIX cert verfication calls in the various cert auth callbacks we
* have.
* @param policy - Either cert and chain or normal default processing.
*
*/
public static synchronized void setOCSPPolicy(OCSPPolicy policy) {
ocspPolicy = policy;
}
/**
* Enables OCSP, note when you Initialize JSS for the first time, for
* backwards compatibility, the initialize will enable OCSP if you
* previously set values.ocspCheckingEnabled and
* values.ocspResponderURL/values.ocspResponderCertNickname
* configureOCSP will allow changing of the the OCSPResponder at runtime.
* @param ocspCheckingEnabled true or false to enable/disable OCSP
* @param ocspResponderURL - url of the OCSP responder
* @param ocspResponderCertNickname - the nickname of the OCSP
* signer certificate or the CA certificate found in the cert DB
* @throws GeneralSecurityException If a security error has occurred.
*/
public void configureOCSP(
boolean ocspCheckingEnabled,
String ocspResponderURL,
String ocspResponderCertNickname )
throws GeneralSecurityException
{
/* set the ocsp policy */
if(ocspCheckingEnabled &&
ocspResponderURL == null &&
ocspResponderCertNickname == null) {
setOCSPPolicy(OCSPPolicy.LEAF_AND_CHAIN);
} else {
setOCSPPolicy(OCSPPolicy.NORMAL);
}
configureOCSPNative(ocspCheckingEnabled,
ocspResponderURL,
ocspResponderCertNickname );
}
private native void configureOCSPNative( boolean ocspCheckingEnabled,
String ocspResponderURL,
String ocspResponderCertNickname )
throws GeneralSecurityException;
/**
* change OCSP cache settings
* @param ocsp_cache_size max cache entries
* @param ocsp_min_cache_entry_duration minimum seconds to next fetch attempt
* @param ocsp_max_cache_entry_duration maximum seconds to next fetch attempt
* @throws GeneralSecurityException If a security error has occurred.
*/
public void OCSPCacheSettings(
int ocsp_cache_size,
int ocsp_min_cache_entry_duration,
int ocsp_max_cache_entry_duration)
throws GeneralSecurityException
{
OCSPCacheSettingsNative(ocsp_cache_size,
ocsp_min_cache_entry_duration,
ocsp_max_cache_entry_duration);
}
private native void OCSPCacheSettingsNative(
int ocsp_cache_size,
int ocsp_min_cache_entry_duration,
int ocsp_max_cache_entry_duration)
throws GeneralSecurityException;
/**
* set OCSP timeout value
* @param ocsp_timeout OCSP timeout in seconds
* @throws GeneralSecurityException If a security error has occurred.
*/
public void setOCSPTimeout(
int ocsp_timeout )
throws GeneralSecurityException
{
setOCSPTimeoutNative( ocsp_timeout);
}
private native void setOCSPTimeoutNative(
int ocsp_timeout )
throws GeneralSecurityException;
/**
* Shutdowns this CryptoManager instance and the associated NSS
* initialization.
*/
public synchronized void shutdown() throws Exception {
try {
NativeProxy.purgeAllInRegistry();
} finally {
shutdownNative();
CryptoManager.instance = null;
}
}
public native void shutdownNative();
}
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/DatabaseCloser.java�����������������������������������������0000664�0000000�0000000�00000003024�14125500636�0023524�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss;
/**
* A class for closing databases. Since closing the databases is
* very dangerous and breaks the JSS model, it may only be done from
* special applications. This class should be subclasses by
* authorized subclasses. It cannot be instantiated itself.
*/
public abstract class DatabaseCloser {
private static final String authorizedClosers[] =
{ "org.mozilla.certsetup.apps.CertSetup$DatabaseCloser",
"org.mozilla.jss.CloseDBs" };
/**
* Creates a new DatabaseCloser. This should only be called
* from an authorized subclass. This class cannot itself be
* instantiated.
*
* @throws Exception If the instantiation is not a valid subclass.
*/
public DatabaseCloser() throws Exception {
Class clazz = this.getClass();
String name = clazz.getName();
boolean approved = false;
for(int i=0; i < authorizedClosers.length; i++) {
if( name.equals( authorizedClosers[i] ) ) {
approved = true;
break;
}
}
if(!approved) {
throw new Exception();
}
}
/**
* Closes the certificate and key databases. This is extremely
* dangerous.
*/
protected native void closeDatabases();
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/InitializationValues.java�����������������������������������0000664�0000000�0000000�00000046104�14125500636�0025025�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss;
import org.mozilla.jss.util.ConsolePasswordCallback;
import org.mozilla.jss.util.PasswordCallback;
/**
* The various options that can be used to initialize CryptoManager.
*/
public final class InitializationValues {
protected InitializationValues() {
throw new RuntimeException("Default InitializationValues constructor");
}
/////////////////////////////////////////////////////////////
// Constants
/////////////////////////////////////////////////////////////
/**
* Token names must be this length exactly.
*/
public final int TOKEN_LENGTH = 33;
/**
* Slot names must be this length exactly.
*/
public final int SLOT_LENGTH = 65;
/**
* ManufacturerID must be this length exactly.
*/
public final int MANUFACTURER_LENGTH = 33;
/**
* Library description must be this length exactly.
*/
public final int LIBRARY_LENGTH = 33;
/**
* This class enumerates the possible modes for FIPS compliance.
*/
public static final class FIPSMode {
private FIPSMode() {}
/**
* Enable FIPS mode.
*/
public static final InitializationValues.FIPSMode ENABLED = new FIPSMode();
/**
* Disable FIPS mode.
*/
public static final InitializationValues.FIPSMode DISABLED = new FIPSMode();
/**
* Leave FIPS mode unchanged. All servers except Admin
* Server should use this, because only Admin Server should
* be altering FIPS mode.
*/
public static final InitializationValues.FIPSMode UNCHANGED = new FIPSMode();
}
/**
* Default constructor taking only the path to the NSS DB directory.
*/
public InitializationValues(String configDir) {
this.configDir = configDir;
}
/**
* Optional constructor taking the path to the NSS DB directory,
* the prefix of the cert database, the prefix of the key database,
* and the name of the secmod/pkcs11 database.
*/
public InitializationValues(String configDir, String certPrefix,
String keyPrefix, String secmodName)
{
this.configDir = configDir;
this.certPrefix = certPrefix;
this.keyPrefix = keyPrefix;
this.secmodName = secmodName;
}
public String configDir = null;
public String certPrefix = null;
public String keyPrefix = null;
public String secmodName = null;
/**
* The password callback to be used by JSS whenever a password
* is needed. May be NULL, in which the library will immediately fail
* to get a password if it tries to login automatically while
* performing
* a cryptographic operation. It will still work if the token
* has been manually logged in with CryptoToken.login.
* ConsolePasswordCallback.
*/
public PasswordCallback passwordCallback =
new ConsolePasswordCallback();
/**
* The FIPS mode of the security library. Servers should
* use FIPSMode.UNCHANGED, since only
* Admin Server is supposed to alter this value.
* FIPSMode.UNCHANGED.
*/
public InitializationValues.FIPSMode fipsMode = FIPSMode.UNCHANGED;
/**
* To open the databases in read-only mode, set this flag to
* true. The default is false, meaning
* the databases are opened in read-write mode.
*/
public boolean readOnly = false;
////////////////////////////////////////////////////////////////////
// Manufacturer ID
////////////////////////////////////////////////////////////////////
/**
* Returns the Manufacturer ID of the internal PKCS #11 module.
* "mozilla.org ".
*
* @return Manufacturer ID.
*/
public String getManufacturerID() { return manufacturerID; }
/**
* Sets the Manufacturer ID of the internal PKCS #11 module.
* This value must be exactly MANUFACTURER_LENGTH
* characters long.
*
* @param s Manufacturer ID.
* @exception InvalidLengthException If s.length() is not
* exactly MANUFACTURER_LENGTH.
*/
public void setManufacturerID(String s) throws InvalidLengthException {
if (s.length() != MANUFACTURER_LENGTH) {
String msg = "Expected internal manufacturer ID description ";
msg += "of length " + MANUFACTURER_LENGTH + " but was ";
msg += s.length();
throw new InvalidLengthException();
}
manufacturerID = s;
}
private String manufacturerID =
"mozilla.org ";
////////////////////////////////////////////////////////////////////
// Library Description
////////////////////////////////////////////////////////////////////
/**
* Returns the description of the internal PKCS #11 module.
* "Internal Crypto Services ".
*
* @return Library description.
*/
public String getLibraryDescription() { return libraryDescription; }
/**
* Sets the description of the internal PKCS #11 module.
* This value must be exactly LIBRARY_LENGTH
* characters long.
*
* @param s Library description.
* @exception InvalidLengthException If s.length() is
* not exactly LIBRARY_LENGTH.
*/
public void setLibraryDescription(String s)
throws InvalidLengthException
{
if (s.length() != LIBRARY_LENGTH) {
String msg = "Expected internal library description of length ";
msg += LIBRARY_LENGTH + " but was " + s.length();
throw new InvalidLengthException(msg);
}
libraryDescription = s;
}
private String libraryDescription =
"Internal Crypto Services ";
////////////////////////////////////////////////////////////////////
// Internal Token Description
////////////////////////////////////////////////////////////////////
/**
* Returns the description of the internal PKCS #11 token.
* "Internal Crypto Services Token ".
*
* @return Description of internal PKCS #11 token.
*/
public String getInternalTokenDescription() {
return internalTokenDescription;
}
/**
* Sets the description of the internal PKCS #11 token.
* This value must be exactly TOKEN_LENGTH characters long.
*
* @param s Description of internal PKCS #11 token.
* @exception InvalidLengthException If s.length() is
* not exactly TOKEN_LENGTH.
*/
public void setInternalTokenDescription(String s)
throws InvalidLengthException
{
if (s.length() != TOKEN_LENGTH) {
String msg = "Expected internal token description of length ";
msg += TOKEN_LENGTH + " but was " + s.length();
throw new InvalidLengthException(msg);
}
internalTokenDescription = s;
}
private String internalTokenDescription =
"NSS Generic Crypto Services ";
////////////////////////////////////////////////////////////////////
// Internal Key Storage Token Description
////////////////////////////////////////////////////////////////////
/**
* Returns the description of the internal PKCS #11 key storage token.
* "Internal Key Storage Token ".
*
* @return Description of internal PKCS #11 key storage token.
*/
public String getInternalKeyStorageTokenDescription() {
return internalKeyStorageTokenDescription;
}
/**
* Sets the description of the internal PKCS #11 key storage token.
* This value must be exactly TOKEN_LENGTH characters long.
*
* @param s Description of internal PKCS #11 key storage token.
* @exception InvalidLengthException If s.length() is
* not exactly TOKEN_LENGTH.
*/
public void setInternalKeyStorageTokenDescription(String s)
throws InvalidLengthException
{
if (s.length() != TOKEN_LENGTH) {
String msg = "Expected internal key storage token description ";
msg += "of length " + TOKEN_LENGTH + " but was " + s.length();
throw new InvalidLengthException(msg);
}
internalKeyStorageTokenDescription = s;
}
private String internalKeyStorageTokenDescription =
"Internal Key Storage Token ";
////////////////////////////////////////////////////////////////////
// Internal Slot Description
////////////////////////////////////////////////////////////////////
/**
* Returns the description of the internal PKCS #11 slot.
* "NSS Internal Cryptographic Services ".
*
* @return Description of internal PKCS #11 slot.
*/
public String getInternalSlotDescription() {
return internalSlotDescription;
}
/**
* Sets the description of the internal PKCS #11 slot.
* This value must be exactly SLOT_LENGTH characters
* long.
*
* @param s Description of internal PKCS #11 slot.
* @exception InvalidLengthException If s.length() is
* not exactly SLOT_LENGTH.
*/
public void setInternalSlotDescription(String s)
throws InvalidLengthException
{
if (s.length() != SLOT_LENGTH) {
String msg = "Expected internal slot description of length ";
msg += SLOT_LENGTH + " but was " + s.length();
throw new InvalidLengthException(msg);
}
internalSlotDescription = s;
}
private String internalSlotDescription =
"NSS Internal Cryptographic Services ";
////////////////////////////////////////////////////////////////////
// Internal Key Storage Slot Description
////////////////////////////////////////////////////////////////////
/**
* Returns the description of the internal PKCS #11 key storage slot.
* "NSS Internal Private Key and Certificate Storage ".
*
* @return Description of internal PKCS #11 key storage slot.
*/
public String getInternalKeyStorageSlotDescription() {
return internalKeyStorageSlotDescription;
}
/**
* Sets the description of the internal PKCS #11 key storage slot.
* This value must be exactly SLOT_LENGTH characters
* long.
*
* @param s Description of internal PKCS #11 key storage slot.
* @exception InvalidLengthException If s.length() is
* not exactly SLOT_LENGTH.
*/
public void setInternalKeyStorageSlotDescription(String s)
throws InvalidLengthException
{
if (s.length() != SLOT_LENGTH) {
String msg = "Expected internal key storage slot description of ";
msg += "length " + SLOT_LENGTH + " but was " + s.length();
throw new InvalidLengthException(msg);
}
internalKeyStorageSlotDescription = s;
}
private String internalKeyStorageSlotDescription =
"NSS User Private Key and Certificate Services ";
////////////////////////////////////////////////////////////////////
// FIPS Slot Description
////////////////////////////////////////////////////////////////////
/**
* Returns the description of the internal PKCS #11 FIPS slot.
* "NSS FIPS 140-2 User Private Key Services".
*
* @return Description of internal PKCS #11 FIPS slot.
*/
public String getFIPSSlotDescription() {
return FIPSSlotDescription;
}
/**
* Sets the description of the internal PKCS #11 FIPS slot.
* This value must be exactly SLOT_LENGTH characters
* long.
*
* @param s Description of internal PKCS #11 FIPS slot.
* @exception InvalidLengthException If s.length() is
* not exactly SLOT_LENGTH.
*/
public void setFIPSSlotDescription(String s)
throws InvalidLengthException
{
if (s.length() != SLOT_LENGTH) {
String msg = "Expected FIPS slot description of length ";
msg += SLOT_LENGTH + " but was " + s.length();
throw new InvalidLengthException(msg);
}
FIPSSlotDescription = s;
}
private String FIPSSlotDescription =
"NSS FIPS 140-2 User Private Key Services ";
////////////////////////////////////////////////////////////////////
// FIPS Key Storage Slot Description
////////////////////////////////////////////////////////////////////
/**
* Returns the description of the internal PKCS #11 FIPS
* Key Storage slot.
* "NSS FIPS 140-2 User Private Key Services".
*
* @return Description of internal PKCS #11 FIPS key storage slot.
*/
public String getFIPSKeyStorageSlotDescription() {
return FIPSKeyStorageSlotDescription;
}
/**
* Sets the description of the internal PKCS #11 FIPS Key Storage slot.
* This value must be exactly SLOT_LENGTH characters
* long.
*
* @param s Description of internal PKCS #11 FIPS key storage slot.
* @exception InvalidLengthException If s.length() is
* not exactly SLOT_LENGTH.
*/
public void setFIPSKeyStorageSlotDescription(String s)
throws InvalidLengthException
{
if (s.length() != SLOT_LENGTH) {
String msg = "Expected FIPS key storage slot description of ";
msg += "length " + SLOT_LENGTH + " but was " + s.length();
throw new InvalidLengthException(msg);
}
FIPSKeyStorageSlotDescription = s;
}
private String FIPSKeyStorageSlotDescription =
"NSS FIPS 140-2 User Private Key Services ";
/**
* To have NSS check the OCSP responder for when verifying
* certificates, set this flags to true. It is false by
* default.
*/
public boolean ocspCheckingEnabled = false;
/**
* Specify the location and cert of the responder.
* If OCSP checking is enabled *and* this variable is
* set to some URL, all OCSP checking will be done via
* this URL.
*
* If this variable is null, the OCSP responder URL will
* be obtained from the AIA extension in the certificate
* being queried.
*
* If this is set, you must also set ocspResponderCertNickname
*
*/
public String ocspResponderURL = null;
/**
* The nickname of the cert to trust (expected) to
* sign the OCSP responses.
* Only checked when the OCSPResponder value is set.
*/
public String ocspResponderCertNickname = null;
/**
* Install the JSS crypto provider. Default is true.
*/
public boolean installJSSProvider = true;
/**
* Remove the Sun crypto provider. Default is false.
*/
public boolean removeSunProvider = false;
/**
* Whether or not to initialize the JSS provider first. Default is true.
*/
public boolean installJSSProviderFirst = true;
/**
* If true, none of the underlying NSS components will
* be initialized. Only the Java portions of JSS will be
* initialized. This should only be used if NSS has been initialized
* elsewhere.
*
* CryptoManager.initialize if this flag is set:
*
*
*
* false.
*/
public boolean initializeJavaOnly = false;
/**
* Enable PKIX verify rather than the old cert library,
* to verify certificates. Default is false.
*/
public boolean PKIXVerify = false;
/**
* Don't open the cert DB and key DB's, just
* initialize the volatile certdb. Default is false.
*/
public boolean noCertDB = false;
/**
* Don't open the security module DB,
* just initialize the PKCS #11 module.
* Default is false.
*/
public boolean noModDB = false;
/**
* Continue to force initializations even if the
* databases cannot be opened.
* Default is false.
*/
public boolean forceOpen = false;
/**
* Don't try to look for the root certs module
* automatically.
* Default is false.
*/
public boolean noRootInit = false;
/**
* Use smaller tables and caches.
* Default is false.
*/
public boolean optimizeSpace = false;
/**
* only load PKCS#11 modules that are
* thread-safe, ie. that support locking - either OS
* locking or NSS-provided locks . If a PKCS#11
* module isn't thread-safe, don't serialize its
* calls; just don't load it instead. This is necessary
* if another piece of code is using the same PKCS#11
* modules that NSS is accessing without going through
* NSS, for example the Java SunPKCS11 provider.
* Default is false.
*/
public boolean PK11ThreadSafe = false;
/**
* Init PK11Reload to ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED
* error when loading PKCS#11 modules. This is necessary
* if another piece of code is using the same PKCS#11
* modules that NSS is accessing without going through
* NSS, for example Java SunPKCS11 provider.
* Default is false.
*/
public boolean PK11Reload = false;
/**
* never call C_Finalize on any
* PKCS#11 module. This may be necessary in order to
* ensure continuous operation and proper shutdown
* sequence if another piece of code is using the same
* PKCS#11 modules that NSS is accessing without going
* through NSS, for example Java SunPKCS11 provider.
* The following limitation applies when this is set :
* SECMOD_WaitForAnyTokenEvent will not use
* C_WaitForSlotEvent, in order to prevent the need for
* C_Finalize. This call will be emulated instead.
* Default is false.
*/
public boolean noPK11Finalize = false;
/**
* Sets 4 recommended options for applications that
* use both NSS and the Java SunPKCS11 provider.
* Default is false.
*/
public boolean cooperate = false;
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/InvalidLengthException.java���������������������������������0000664�0000000�0000000�00000001370�14125500636�0025261�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss;
public final class InvalidLengthException extends Exception {
private static final long serialVersionUID = 1L;
public InvalidLengthException() {}
public InvalidLengthException(String mesg) {
super(mesg);
}
public InvalidLengthException(String mesg, Throwable cause) {
super(mesg, cause);
}
public InvalidLengthException(String mesg, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
super(mesg, cause, enableSuppression, writableStackTrace);
}
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/JSSLoader.java����������������������������������������������0000664�0000000�0000000�00000033760�14125500636�0022450�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������package org.mozilla.jss;
import java.io.FileInputStream;
import java.io.InputStream;
import java.util.Properties;
import org.mozilla.jss.util.Password;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* The JSS Loader facilitates loading JSS via the Provider interface directly,
* including from a static java.security configuration file.
*
* This replaces the previous CryptoManager.initialize(...) approach, allowing
* better control over where the JSSProvider gets loaded. In order to use this
* provider, the caller has to specify a configuration file (either via a
* String path or its contents via an InputStream). This configuration file is
* a java.util.Properties file. The following keys are understood:
*
* - nss.config_dir -- the path to the NSS DB to initialize with
* - nss.cert_prefix -- the prefix for the certificate store
* - nss.key_prefix -- the prefix for the key store
* - nss.secmod_name -- the name of the secmod file
*
* - nss.read_only -- whether to open the NSS DB read-only (default: false)
* - nss.java_only -- whether to initialize only the java portion of JSS,
* and assume that NSS is already initialized (default:
* false)
*
* - nss.pkix_verify -- whether to use PKIX for verification (default: false)
* - nss.no_cert_db -- whether to open the certificate and key databases;
* see InitializationValues for more info (default: false)
* - nss.no_mod_db -- whether to open the security module database; see
* InitializationValues for more info (default: false)
* - nss.force_open -- whether to force initializations even if the database
* cannot be opened; see InitializationValues for more
* info (default: false)
* - nss.no_root_init -- whether to look for root certificate module and load
* it; see InitializationValues for more info
* (default: false)
* - nss.optimize_space -- whether to use smaller tables and caches; see
* InitializationValues for more info (default: false)
* - nss.pk11_thread_safe -- whether to only load PKCS#11 modules that are
* thread-safe; see InitializationValues for more
* info (default: false)
* - nss.pk11_reload -- whether to ignore already initialized errors when
* loading PKCS#11 modules; see InitializationValues for
* more info (default: false)
* - nss.no_pk11_finalize -- whether to avoid calling C_Finalize on PKCS#11
* modules; see InitializationValues for more info
* (default: false)
* - nss.cooperate -- whether to cooperate with other parts of the program
* already having initialized NSS (default: false)
*
* - jss.experimental.sslengine -- whether to enable experimental SSLEngine
* support
*
* - jss.fips -- whether to switch this NSS DB into FIPS mode; allowed values
* are ENABLED (to force FIPS mode), DISABLED (to force
* non-FIPS mode), or UNCHANGED (default, to infer the value
* from the NSS DB and/or the system)
*
* - jss.ocsp.enabled -- whether or not to enable OCSP checking
* - jss.ocsp.responder.url -- URL of the OCSP responder to check
* - jss.ocsp.responder.cert_nickname -- nickname of the OCSP responder's
* certificate in the NSS DB
* - jss.ocsp.policy -- which JSS OCSP checking policy to use; allowed values
* are NONE, NORMAL, and LEAF_AND_CHAIN; refer to
* CryptoManager documentation for the difference
*
* - jss.password -- static password to use to authenticate to tokens; if
* this fails, the user will be prompted via the console
*/
public class JSSLoader {
public static Logger logger = LoggerFactory.getLogger(JSSLoader.class);
/**
* Initialize JSS from the specified path to a configuration file.
*/
public static CryptoManager init(String config_path) throws Exception {
if (config_path == null) {
String msg = "Please specify the path to the JSS configuration ";
msg += "file in the java.security provider list.";
throw new NullPointerException(msg);
}
try (FileInputStream fistream = new FileInputStream(config_path)) {
return init(fistream);
}
}
/**
* Initialize JSS from an InputStream.
*/
public static CryptoManager init(InputStream istream) throws Exception {
if (CryptoManager.isInitialized()) {
return CryptoManager.getInstance();
}
if (istream == null) {
String msg = "Please specify the JSS configuration InputStream ";
msg += "in order to properly install this provider.";
throw new NullPointerException(msg);
}
Properties config = new Properties();
config.load(istream);
InitializationValues ivs = constructIV(config);
parseFipsMode(config, ivs);
parseReadOnly(config, ivs);
parseOCSPSettings(config, ivs);
parseProviderSettings(config, ivs);
parseNSSSettings(config, ivs);
// For more information about the interactions between JSSLoader and
// CryptoManager, see docs/usage/cryptomanager.md in the source
// distribution.
CryptoManager.initialize(ivs);
CryptoManager cm = CryptoManager.getInstance();
parseOCSPPolicy(config, cm);
parsePasswords(config, cm);
parseExperimental(config);
return cm;
}
/**
* Constructs an InitializationValues from the specified properties files,
* reading only the properties required to construct a new instance.
*
* These properties are:
* - nss.config_dir
* - nss.cert_prefix
* - nss.key_prefix
* - nss.secmod_name
*/
private static InitializationValues constructIV(Properties config) {
String configDir = config.getProperty("nss.config_dir", "/etc/pki/nssdb");
String certPrefix = config.getProperty("nss.cert_prefix");
String keyPrefix = config.getProperty("nss.key_prefix");
String secmodName = config.getProperty("nss.secmod_name");
if (certPrefix == null && keyPrefix == null && secmodName == null) {
return new InitializationValues(configDir);
}
return new InitializationValues(configDir, certPrefix, keyPrefix, secmodName);
}
/**
* Updates the specified InitializationValues with the FIPS-specific
* properties.
*
* These properties are:
* - jss.fips
*/
private static void parseFipsMode(Properties config, InitializationValues ivs) {
String mode = config.getProperty("jss.fips", "unchanged");
if (mode.equalsIgnoreCase("enabled")) {
ivs.fipsMode = InitializationValues.FIPSMode.ENABLED;
} else if (mode.equalsIgnoreCase("disabled")) {
ivs.fipsMode = InitializationValues.FIPSMode.DISABLED;
} else if (mode.equalsIgnoreCase("unchanged")) {
ivs.fipsMode = InitializationValues.FIPSMode.UNCHANGED;
} else {
String msg = "Unknown value for jss.fips: " + mode + ". ";
msg += "Expecting one of ENABLED, DISABLED, or UNCHANGED.";
throw new RuntimeException(msg);
}
}
/**
* Update the specified InitializationValues with the value of the
* nss.read_only property.
*/
private static void parseReadOnly(Properties config, InitializationValues ivs) {
Boolean value = parseBoolean(config, "nss.read_only");
if (value != null) {
ivs.readOnly = value;
}
}
/**
* Update the specified InitializationValues with the value of the OCSP
* properties.
*
* These properties are:
* - jss.ocsp.enabled
* - jss.ocsp.responder.url
* - jss.ocsp.responder.cert_nickname
*/
private static void parseOCSPSettings(Properties config, InitializationValues ivs) {
Boolean enabled = parseBoolean(config, "jss.ocsp.enabled");
if (enabled != null) {
ivs.ocspCheckingEnabled = enabled;
}
String url = config.getProperty("jss.ocsp.responder.url");
ivs.ocspResponderURL = url;
String nickname = config.getProperty("jss.ocsp.responder.cert_nickname");
ivs.ocspResponderCertNickname = nickname;
}
/**
* Configure the specified InitializationValues with the correct
* provider-related properties.
*/
private static void parseProviderSettings(Properties config, InitializationValues ivs) {
// We don't want to do any of this: if the user wanted to, they'd have
// already specified this as part of the java.security configuration
// file. Plus, we're installing ourselves as the Mozilla-JSS provider.
ivs.installJSSProvider = false;
ivs.removeSunProvider = false;
ivs.installJSSProviderFirst = false;
}
/**
* Configure the specified InitializationValues with the values of various
* NSS-specific configuration values.
*
* These properties are:
* - nss.java_only
* - nss.pkix_verify
* - nss.no_cert_db
* - nss.no_mod_db
* - nss.force_open
* - nss.no_root_init
* - nss.optimize_space
* - nss.pk11_thread_safe
* - nss.pk11_reload
* - nss.no_pk11_finalize
* - nss.cooperate
*/
private static void parseNSSSettings(Properties config, InitializationValues ivs) {
Boolean initializeJavaOnly = parseBoolean(config, "nss.java_only");
if (initializeJavaOnly != null) {
ivs.initializeJavaOnly = initializeJavaOnly;
}
Boolean PKIXVerify = parseBoolean(config, "nss.pkix_verify");
if (PKIXVerify!= null) {
ivs.PKIXVerify= PKIXVerify;
}
Boolean noCertDB = parseBoolean(config, "nss.no_cert_db");
if (noCertDB != null) {
ivs.noCertDB = noCertDB;
}
Boolean noModDB = parseBoolean(config, "nss.no_mod_db");
if (noModDB != null) {
ivs.noModDB = noModDB;
}
Boolean forceOpen = parseBoolean(config, "nss.force_open");
if (forceOpen != null) {
ivs.forceOpen = forceOpen;
}
Boolean noRootInit = parseBoolean(config, "nss.no_root_init");
if (noRootInit != null) {
ivs.noRootInit = noRootInit;
}
Boolean optimizeSpace = parseBoolean(config, "nss.optimize_space");
if (optimizeSpace != null) {
ivs.optimizeSpace = optimizeSpace;
}
Boolean PK11ThreadSafe = parseBoolean(config, "nss.pk11_thread_safe");
if (PK11ThreadSafe != null) {
ivs.PK11ThreadSafe = PK11ThreadSafe;
}
Boolean PK11Reload = parseBoolean(config, "nss.pk11_reload");
if (PK11Reload != null) {
ivs.PK11Reload = PK11Reload;
}
Boolean noPK11Finalize = parseBoolean(config, "nss.no_pk11_finalize");
if (noPK11Finalize != null) {
ivs.noPK11Finalize = noPK11Finalize;
}
Boolean cooperate = parseBoolean(config, "nss.cooperate");
if (cooperate != null) {
ivs.cooperate = cooperate;
}
}
/**
* Once the CryptoManager has been initialized, update it with the value
* of the remaining OCSP propertiy, jss.ocsp.policy.
*/
private static void parseOCSPPolicy(Properties config, CryptoManager cm) {
String policy = config.getProperty("jss.ocsp.policy", "NONE");
if (policy.equalsIgnoreCase("none")) {
CryptoManager.setOCSPPolicy(CryptoManager.OCSPPolicy.NONE);
} else if (policy.equalsIgnoreCase("normal")) {
CryptoManager.setOCSPPolicy(CryptoManager.OCSPPolicy.NORMAL);
} else if (policy.equalsIgnoreCase("leaf_and_chain")) {
CryptoManager.setOCSPPolicy(CryptoManager.OCSPPolicy.LEAF_AND_CHAIN);
} else {
String msg = "Unknown value for jss.ocsp.policy: " + policy + ".";
msg += "Expecting one of NONE, NORMAL, or LEAF_AND_CHAIN.";
throw new RuntimeException(msg);
}
}
/**
* Once the CryptoManager has been initialized, update it with the correct
* PasswordCallback handler.
*
* Currently only understands a hard-coded password set via jss.password.
*/
private static void parsePasswords(Properties config, CryptoManager cm) {
String password = config.getProperty("jss.password");
if (password != null && !password.isEmpty()) {
Password pass_cb = new Password(password.toCharArray());
cm.setPasswordCallback(pass_cb);
}
}
/**
* Check for exerpimental flags.
*/
private static void parseExperimental(Properties config) {
Boolean sslengine = parseBoolean(config, "jss.experimental.sslengine");
if (sslengine != null) {
JSSProvider.ENABLE_JSSENGINE = sslengine;
}
}
/**
* Helper function to parse a boolean value at the given key name.
*
* Returns true if the value is true or yes, false if the value is
* false or no, and null if the value is empty or not present. Throws
* an exception for a malformed value. Case insensitive.
*/
private static Boolean parseBoolean(Properties config, String key_name) {
String value = config.getProperty(key_name);
if (value == null || value.isEmpty()) {
return null;
}
if (value.equalsIgnoreCase("true") || value.equalsIgnoreCase("yes")) {
return true;
}
if (value.equalsIgnoreCase("false") || value.equalsIgnoreCase("no")) {
return false;
}
String msg = "Unknown value for boolean " + key_name + ": " + value;
msg += ". Expecting true, false, or not specified.";
throw new RuntimeException(msg);
}
}
����������������jss-5.0.0/src/main/java/org/mozilla/jss/JSSProvider.java��������������������������������������������0000664�0000000�0000000�00000052670�14125500636�0023035�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss;
import java.io.InputStream;
import java.security.Provider;
public final class JSSProvider extends java.security.Provider {
public static boolean ENABLE_JSSENGINE = true;
private static final long serialVersionUID = 1L;
/********************************************************************/
/* The VERSION Strings should be updated everytime a new release */
/* of JSS is generated. Note that this is done by changing */
/* cmake/JSSConfig.cmake. */
/********************************************************************/
private static int JSS_MAJOR_VERSION = CryptoManager.getJSSMajorVersion();
private static int JSS_MINOR_VERSION = CryptoManager.getJSSMinorVersion();
private static int JSS_PATCH_VERSION = CryptoManager.getJSSPatchVersion();
private static double JSS_VERSION = JSS_MAJOR_VERSION +
(JSS_MINOR_VERSION * 100 +
JSS_PATCH_VERSION)/10000.0;
private static JSSLoader loader = new JSSLoader();
private static CryptoManager cm;
public JSSProvider() {
this(CryptoManager.isInitialized());
}
public JSSProvider(boolean initialize) {
super("Mozilla-JSS", JSS_VERSION,
"Provides Signature, Message Digesting, and RNG");
if (initialize) {
initializeProvider();
}
}
public JSSProvider(String config_path) throws Exception {
this(false);
configure(config_path);
}
public JSSProvider(InputStream config) throws Exception {
this(false);
cm = JSSLoader.init(config);
initializeProvider();
}
/**
* Configure this instance of JSSProvider with the specified path
* to a JSS configuration properties file.
*
* See JSSLoader's class description for a description of the JSS
* configuration properties file and known values.
*
* If the JSSProvider is already loaded, this is a no-op.
*/
@Override
public Provider configure(String arg) {
try {
cm = JSSLoader.init(arg);
} catch (NullPointerException npe) {
throw npe;
} catch (Exception e) {
throw new RuntimeException(e.getMessage(), e);
}
initializeProvider();
return this;
}
/**
* Return the CryptoManager this instance was initialized with.
*/
public CryptoManager getCryptoManager() {
if (cm == null) {
try {
cm = CryptoManager.getInstance();
} catch (NotInitializedException nie) {}
}
return cm;
}
protected void initializeProvider() {
/////////////////////////////////////////////////////////////
// Signature
/////////////////////////////////////////////////////////////
put("Signature.SHA1withDSA",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$DSA");
put("Alg.Alias.Signature.DSA", "SHA1withDSA");
put("Alg.Alias.Signature.DSS", "SHA1withDSA");
put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA");
put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA");
put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA");
put("Signature.MD5/RSA",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$MD5RSA");
put("Alg.Alias.Signature.MD5withRSA", "MD5/RSA");
put("Signature.MD2/RSA",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$MD2RSA");
put("Signature.SHA-1/RSA",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA1RSA");
put("Alg.Alias.Signature.SHA1/RSA", "SHA-1/RSA");
put("Alg.Alias.Signature.SHA1withRSA", "SHA-1/RSA");
put("Signature.SHA-256/RSA",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA256RSA");
put("Alg.Alias.Signature.SHA256/RSA", "SHA-256/RSA");
put("Alg.Alias.Signature.SHA256withRSA", "SHA-256/RSA");
put("Signature.RSASSA-PSS",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$RSAPSSSignature");
put("Alg.Alias.Signature.1.2.840.113549.1.1.10", "RSASSA-PSS");
put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
put("Signature.SHA-256/RSA/PSS",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA256RSAPSS");
put("Alg.Alias.Signature.SHA256withRSA/PSS","SHA-256/RSA/PSS");
put("Signature.SHA-384/RSA/PSS",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA384RSAPSS");
put("Alg.Alias.Signature.SHA384withRSA/PSS","SHA-384/RSA/PSS");
put("Signature.SHA-512/RSA/PSS",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA512RSAPSS");
put("Alg.Alias.Signature.SHA512withRSA/PSS","SHA-512/RSA/PSS");
put("Signature.SHA-384/RSA",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA384RSA");
put("Alg.Alias.Signature.SHA384/RSA", "SHA-384/RSA");
put("Alg.Alias.Signature.SHA384withRSA", "SHA-384/RSA");
put("Signature.SHA-512/RSA",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA512RSA");
put("Alg.Alias.Signature.SHA512/RSA", "SHA-512/RSA");
put("Alg.Alias.Signature.SHA512withRSA", "SHA-512/RSA");
// ECC
put("Signature.SHA1withEC",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA1EC");
put("Alg.Alias.Signature.EC", "SHA1withEC");
put("Alg.Alias.Signature.ECC", "SHA1withEC");
put("Alg.Alias.Signature.ECDSA", "SHA1withEC");
put("Alg.Alias.Signature.SHA/EC", "SHA1withEC");
put("Alg.Alias.Signature.SHA1/EC", "SHA1withEC");
put("Alg.Alias.Signature.SHA-1/EC", "SHA1withEC");
put("Alg.Alias.Signature.SHA/ECDSA", "SHA1withEC");
put("Alg.Alias.Signature.SHA1/ECDSA", "SHA1withEC");
put("Alg.Alias.Signature.SHA1withECDSA", "SHA1withEC"); //JCE Standard Name
put("Signature.SHA256withEC",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA256EC");
put("Alg.Alias.Signature.SHA256/EC", "SHA256withEC");
put("Alg.Alias.Signature.SHA-256/EC", "SHA256withEC");
put("Alg.Alias.Signature.SHA256withECDSA", "SHA256withEC"); //JCE Standard Name
put("Signature.SHA384withEC",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA384EC");
put("Alg.Alias.Signature.SHA384/EC", "SHA384withEC");
put("Alg.Alias.Signature.SHA-384/EC", "SHA384withEC");
put("Alg.Alias.Signature.SHA384withECDSA", "SHA384withEC"); //JCE Standard Name
put("Signature.SHA512withEC",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA512EC");
put("Alg.Alias.Signature.SHA512/EC", "SHA512withEC");
put("Alg.Alias.Signature.SHA-512/EC", "SHA512withEC");
put("Alg.Alias.Signature.SHA512withECDSA", "SHA512withEC"); //JCE Standard Name
/////////////////////////////////////////////////////////////
// Message Digesting
/////////////////////////////////////////////////////////////
put("MessageDigest.SHA-1",
"org.mozilla.jss.provider.java.security.JSSMessageDigestSpi$SHA1");
put("MessageDigest.MD2",
"org.mozilla.jss.provider.java.security.JSSMessageDigestSpi$MD2");
put("MessageDigest.MD5",
"org.mozilla.jss.provider.java.security.JSSMessageDigestSpi$MD5");
put("MessageDigest.SHA-256",
"org.mozilla.jss.provider.java.security.JSSMessageDigestSpi$SHA256");
put("MessageDigest.SHA-384",
"org.mozilla.jss.provider.java.security.JSSMessageDigestSpi$SHA384");
put("MessageDigest.SHA-512",
"org.mozilla.jss.provider.java.security.JSSMessageDigestSpi$SHA512");
put("Alg.Alias.MessageDigest.SHA1", "SHA-1");
put("Alg.Alias.MessageDigest.SHA", "SHA-1");
put("Alg.Alias.MessageDigest.SHA256", "SHA-256");
put("Alg.Alias.MessageDigest.SHA384", "SHA-384");
put("Alg.Alias.MessageDigest.SHA512", "SHA-512");
/////////////////////////////////////////////////////////////
// SecureRandom
/////////////////////////////////////////////////////////////
put("SecureRandom.pkcs11prng",
"org.mozilla.jss.provider.java.security.JSSSecureRandomSpi");
/////////////////////////////////////////////////////////////
// KeyPairGenerator
/////////////////////////////////////////////////////////////
put("KeyPairGenerator.RSA",
"org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi$RSA");
put("KeyPairGenerator.DSA",
"org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi$DSA");
put("KeyPairGenerator.EC",
"org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi$EC");
/////////////////////////////////////////////////////////////
// KeyFactory
/////////////////////////////////////////////////////////////
put("KeyFactory.RSA",
"org.mozilla.jss.provider.java.security.KeyFactorySpi1_2");
put("KeyFactory.DSA",
"org.mozilla.jss.provider.java.security.KeyFactorySpi1_2");
put("KeyFactory.EC",
"org.mozilla.jss.provider.java.security.KeyFactorySpi1_2");
/////////////////////////////////////////////////////////////
// KeyStore
/////////////////////////////////////////////////////////////
put("KeyStore.PKCS11",
"org.mozilla.jss.provider.java.security.JSSKeyStoreSpi");
/////////////////////////////////////////////////////////////
// AlgorithmParameters
/////////////////////////////////////////////////////////////
put("AlgorithmParameters.IvAlgorithmParameters",
"org.mozilla.jss.provider.java.security.IvAlgorithmParameters");
put("AlgorithmParameters.RC2AlgorithmParameters",
"org.mozilla.jss.provider.java.security.RC2AlgorithmParameters");
put("AlgorithmParameters.RSAPSSAlgorithmParameters",
"org.mozilla.jss.provider.java.security.RSAPSSAlgorithmParameters");
/////////////////////////////////////////////////////////////
// Cipher
/////////////////////////////////////////////////////////////
put("Cipher.DES",
"org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$DES");
put("Cipher.DESede",
"org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$DESede");
put("Alg.Alias.Cipher.DES3", "DESede");
put("Cipher.AES",
"org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$AES");
put("Cipher.RC4",
"org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$RC4");
put("Cipher.RSA",
"org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$RSA");
put("Cipher.RC2",
"org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$RC2");
/////////////////////////////////////////////////////////////
// KeyGenerator
/////////////////////////////////////////////////////////////
String kg_spi = "org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi";
put("KeyGenerator.DES", kg_spi + "$DES");
put("KeyGenerator.DESede", kg_spi + "$DESede");
put("Alg.Alias.KeyGenerator.DES3", "DESede");
put("KeyGenerator.AES", kg_spi + "$AES");
put("KeyGenerator.RC4", kg_spi + "$RC4");
put("KeyGenerator.RC2", kg_spi + "$RC2");
put("KeyGenerator.HmacSHA1", kg_spi + "$HmacSHA1");
put("KeyGenerator.PBAHmacSHA1", kg_spi + "$PBAHmacSHA1");
put("KeyGenerator.HmacSHA256", kg_spi + "$HmacSHA256");
put("KeyGenerator.HmacSHA384", kg_spi + "$HmacSHA384");
put("KeyGenerator.HmacSHA512", kg_spi + "$HmacSHA512");
// KBKDF: Counter
put("KeyGenerator.KbkdfCounter", kg_spi + "$KbkdfCounter");
put("Alg.Alias.KeyGenerator.KBKDF-Counter", "KbkdfCounter");
put("Alg.Alias.KeyGenerator.SP800-108-KDF-Counter", "KbkdfCounter");
put("Alg.Alias.KeyGenerator.SP800-108-Counter", "KbkdfCounter");
put("Alg.Alias.KeyGenerator.CounterKbkdf", "KbkdfCounter");
// KBKDF: Counter (data)
put("KeyGenerator.KbkdfCounterData", kg_spi + "$KbkdfCounterData");
put("Alg.Alias.KeyGenerator.KBKDF-Counter-Data", "KbkdfCounterData");
put("Alg.Alias.KeyGenerator.SP800-108-KDF-Counter-Data", "KbkdfCounterData");
put("Alg.Alias.KeyGenerator.SP800-108-Counter-Data", "KbkdfCounterData");
put("Alg.Alias.KeyGenerator.CounterKbkdf-Data", "KbkdfCounterData");
// KBKDF: Feedback
put("KeyGenerator.KbkdfFeedback", kg_spi + "$KbkdfFeedback");
put("Alg.Alias.KeyGenerator.KBKDF-Feedback", "KbkdfFeedback");
put("Alg.Alias.KeyGenerator.SP800-108-KDF-Feedback", "KbkdfFeedback");
put("Alg.Alias.KeyGenerator.SP800-108-Feedback", "KbkdfFeedback");
put("Alg.Alias.KeyGenerator.FeedbackKbkdf", "KbkdfFeedback");
// KBKDF: Feedback (data)
put("KeyGenerator.KbkdfFeedbackData", kg_spi + "$KbkdfFeedbackData");
put("Alg.Alias.KeyGenerator.KBKDF-Feedback-Data", "KbkdfFeedbackData");
put("Alg.Alias.KeyGenerator.SP800-108-KDF-Feedback-Data", "KbkdfFeedbackData");
put("Alg.Alias.KeyGenerator.SP800-108-Feedback-Data", "KbkdfFeedbackData");
put("Alg.Alias.KeyGenerator.FeedbackKbkdf-Data", "KbkdfFeedbackData");
// KBKDF: Double Pipeline -- sometimes Pipeline KBKDF
put("KeyGenerator.KbkdfDoublePipeline", kg_spi + "$KbkdfDoublePipeline");
put("Alg.Alias.KeyGenerator.KBKDF-DoublePipeline", "KbkdfDoublePipeline");
put("Alg.Alias.KeyGenerator.SP800-108-KDF-DoublePipeline", "KbkdfDoublePipeline");
put("Alg.Alias.KeyGenerator.SP800-108-DoublePipeline", "KbkdfDoublePipeline");
put("Alg.Alias.KeyGenerator.DoublePipelineKbkdf", "KbkdfDoublePipeline");
put("Alg.Alias.KeyGenerator.KbkdfPipeline", "KbkdfDoublePipeline");
put("Alg.Alias.KeyGenerator.KBKDF-Pipeline", "KbkdfDoublePipeline");
put("Alg.Alias.KeyGenerator.SP800-108-KDF-Pipeline", "KbkdfDoublePipeline");
put("Alg.Alias.KeyGenerator.SP800-108-Pipeline", "KbkdfDoublePipeline");
put("Alg.Alias.KeyGenerator.PipelineKbkdf", "KbkdfDoublePipeline");
// KBKDF: Double Pipeline (data) -- sometimes Pipeline KBKDF (data)
put("KeyGenerator.KbkdfDoublePipelineData", kg_spi + "$KbkdfDoublePipelineData");
put("Alg.Alias.KeyGenerator.KBKDF-DoublePipeline-Data", "KbkdfDoublePipelineData");
put("Alg.Alias.KeyGenerator.SP800-108-KDF-DoublePipeline-Data", "KbkdfDoublePipelineData");
put("Alg.Alias.KeyGenerator.SP800-108-DoublePipeline-Data", "KbkdfDoublePipelineData");
put("Alg.Alias.KeyGenerator.DoublePipelineKbkdf-Data", "KbkdfDoublePipelineData");
put("Alg.Alias.KeyGenerator.KbkdfPipelineData", "KbkdfDoublePipelineData");
put("Alg.Alias.KeyGenerator.KBKDF-Pipeline-Data", "KbkdfDoublePipelineData");
put("Alg.Alias.KeyGenerator.SP800-108-KDF-Pipeline-Data", "KbkdfDoublePipelineData");
put("Alg.Alias.KeyGenerator.SP800-108-Pipeline-Data", "KbkdfDoublePipelineData");
put("Alg.Alias.KeyGenerator.PipelineKbkdf-Data", "KbkdfDoublePipelineData");
/////////////////////////////////////////////////////////////
// SecretKeyFactory
/////////////////////////////////////////////////////////////
put("SecretKeyFactory.GenericSecret", "org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$GenericSecret");
put("Alg.Alias.SecretKeyFactory.GENERIC_SECRET", "GenericSecret");
put("SecretKeyFactory.DES",
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$DES");
put("SecretKeyFactory.DESede",
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$DESede");
put("Alg.Alias.SecretKeyFactory.DES3", "DESede");
put("SecretKeyFactory.AES",
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$AES");
put("SecretKeyFactory.RC4",
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$RC4");
put("SecretKeyFactory.RC2",
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$RC2");
put("SecretKeyFactory.HmacSHA1",
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$HmacSHA1");
put("SecretKeyFactory.PBAHmacSHA1",
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$PBAHmacSHA1");
put("SecretKeyFactory.HmacSHA256",
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$HmacSHA256");
put("SecretKeyFactory.HmacSHA384",
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$HmacSHA384");
put("SecretKeyFactory.HmacSHA512",
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$HmacSHA512");
put("SecretKeyFactory.PBEWithMD5AndDES",
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$PBE_MD5_DES_CBC");
put("SecretKeyFactory.PBEWithSHA1AndDES",
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$PBE_SHA1_DES_CBC");
put("SecretKeyFactory.PBEWithSHA1AndDESede",
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$PBE_SHA1_DES3_CBC");
put("Alg.Alias.SecretKeyFactory.PBEWithSHA1AndDES3", "PBEWithSHA1AndDESede");
put("SecretKeyFactory.PBEWithSHA1And128RC4",
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$PBE_SHA1_RC4_128");
/////////////////////////////////////////////////////////////
// MAC
/////////////////////////////////////////////////////////////
put("Mac.HmacSHA1",
"org.mozilla.jss.provider.javax.crypto.JSSMacSpi$HmacSHA1");
put("Alg.Alias.Mac.Hmac-SHA1", "HmacSHA1");
put("Mac.HmacSHA256",
"org.mozilla.jss.provider.javax.crypto.JSSMacSpi$HmacSHA256");
put("Alg.Alias.Mac.Hmac-SHA256", "HmacSHA256");
put("Mac.HmacSHA384",
"org.mozilla.jss.provider.javax.crypto.JSSMacSpi$HmacSHA384");
put("Alg.Alias.Mac.Hmac-SHA384", "HmacSHA384");
put("Mac.HmacSHA512",
"org.mozilla.jss.provider.javax.crypto.JSSMacSpi$HmacSHA512");
put("Mac.CmacAES", "org.mozilla.jss.provider.javax.crypto.JSSMacSpi$CmacAES");
put("Alg.Alias.Mac.Hmac-SHA512", "HmacSHA512");
put("Alg.Alias.Mac.SHA-1-HMAC", "HmacSHA1");
put("Alg.Alias.Mac.SHA-256-HMAC", "HmacSHA256");
put("Alg.Alias.Mac.SHA-384-HMAC", "HmacSHA384");
put("Alg.Alias.Mac.SHA-512-HMAC", "HmacSHA512");
put("Alg.Alias.Mac.AES-128-CMAC", "CmacAES");
put("Alg.Alias.Mac.AES-192-CMAC", "CmacAES");
put("Alg.Alias.Mac.AES-256-CMAC", "CmacAES");
put("Alg.Alias.Mac.CmacAES128", "CmacAES");
put("Alg.Alias.Mac.CmacAES192", "CmacAES");
put("Alg.Alias.Mac.CmacAES256", "CmacAES");
put("Alg.Alias.Mac.AES_CMAC", "CmacAES");
put("Alg.Alias.Mac.CMAC_AES", "CmacAES");
/////////////////////////////////////////////////////////////
// KeyManagerFactory
/////////////////////////////////////////////////////////////
put("KeyManagerFactory.NssX509",
"org.mozilla.jss.provider.javax.crypto.JSSKeyManagerFactory");
put("Alg.Alias.KeyManagerFactory.SunX509", "NssX509");
put("Alg.Alias.KeyManagerFactory.PKIX", "SunX509");
/////////////////////////////////////////////////////////////
// TrustManagerFactory
/////////////////////////////////////////////////////////////
put("TrustManagerFactory.NssX509",
"org.mozilla.jss.provider.javax.crypto.JSSTrustManagerFactory");
put("Alg.Alias.TrustManagerFactory.SunX509", "NssX509");
put("Alg.Alias.TrustManagerFactory.PKIX", "NssX509");
put("Alg.Alias.TrustManagerFactory.X509", "NssX509");
put("Alg.Alias.TrustManagerFactory.X.509", "NssX509");
/////////////////////////////////////////////////////////////
// TLS
/////////////////////////////////////////////////////////////
if (ENABLE_JSSENGINE) {
put("SSLContext.Default", "org.mozilla.jss.provider.javax.net.JSSContextSpi");
put("SSLContext.SSL", "org.mozilla.jss.provider.javax.net.JSSContextSpi");
put("SSLContext.TLS", "org.mozilla.jss.provider.javax.net.JSSContextSpi");
put("SSLContext.TLSv1.1", "org.mozilla.jss.provider.javax.net.JSSContextSpi$TLSv11");
put("SSLContext.TLSv1.2", "org.mozilla.jss.provider.javax.net.JSSContextSpi$TLSv12");
put("SSLContext.TLSv1.3", "org.mozilla.jss.provider.javax.net.JSSContextSpi$TLSv13");
}
}
@Override
public String toString() {
String mozillaProviderVersion = JSS_MAJOR_VERSION + "." +
JSS_MINOR_VERSION;
if ( JSS_PATCH_VERSION != 0 ) {
mozillaProviderVersion = mozillaProviderVersion + "." +
JSS_PATCH_VERSION;
}
return "Mozilla-JSS version " + mozillaProviderVersion;
}
}
������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/KeyDatabaseException.java�����������������������������������0000664�0000000�0000000�00000001546�14125500636�0024713�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss;
/**
* This exception is thrown if the key database does not exist, or if
* an error occurs while opening it.
*/
public class KeyDatabaseException extends java.lang.Exception {
private static final long serialVersionUID = 1L;
public KeyDatabaseException() {}
public KeyDatabaseException(String mesg) {
super(mesg);
}
public KeyDatabaseException(String mesg, Throwable cause) {
super(mesg, cause);
}
public KeyDatabaseException(String mesg, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
super(mesg, cause, enableSuppression, writableStackTrace);
}
}
����������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/NicknameConflictException.java������������������������������0000664�0000000�0000000�00000000537�14125500636�0025744�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss;
public final class NicknameConflictException extends Exception {
private static final long serialVersionUID = 1L;
}
�����������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/NoSuchTokenException.java�����������������������������������0000664�0000000�0000000�00000001440�14125500636�0024727�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss;
/**
* Thrown if a token cannot be found.
*/
public class NoSuchTokenException extends java.lang.Exception {
private static final long serialVersionUID = 1L;
public NoSuchTokenException() {}
public NoSuchTokenException(String mesg) {
super(mesg);
}
public NoSuchTokenException(String mesg, Throwable cause) {
super(mesg, cause);
}
public NoSuchTokenException(String mesg, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
super(mesg, cause, enableSuppression, writableStackTrace);
}
}
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/NotInitializedException.java��������������������������������0000664�0000000�0000000�00000000535�14125500636�0025461�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss;
public final class NotInitializedException extends Exception {
private static final long serialVersionUID = 1L;
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/PK11Finder.c������������������������������������������������0000664�0000000�0000000�00000167627�14125500636�0022001�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "_jni/org_mozilla_jss_CryptoManager.h"
#include null if the key is not found.
*/
public SecretKey lookupKey(EncryptionAlgorithm alg, byte[] keyid)
throws TokenException
{
if( alg == null || keyid == null ) {
throw new NullPointerException();
}
SymmetricKey k = lookupKeyNative(token, alg, keyid);
if( k == null ) {
return null;
} else {
return new SecretKeyFacade(k);
}
}
private native SymmetricKey lookupKeyNative(CryptoToken token,
EncryptionAlgorithm alg, byte[] keyid) throws TokenException;
public boolean uniqueNamedKeyExists(String nickname)
throws TokenException
{
return (lookupUniqueNamedKey(Encryptor.DEFAULT_ENCRYPTION_ALG,
nickname) != null);
}
/**
* Looks up the key on this token with the given algorithm and nickname.
* @param alg The algorithm that this key will be used for.
* This is necessary because it will be stored along with the
* key for later use by the security library. It should match
* the actual algorithm of the key you are looking for. If you
* pass in a different algorithm and try to use the key that is returned,
* the results are undefined.
* @param nickname the name of the symmetric key. Duplicate keynames
* will be checked for, and are not allowed.
* @return The key, or null if the key is not found.
*/
public SecretKey lookupUniqueNamedKey(EncryptionAlgorithm alg,
String nickname)
throws TokenException
{
// always strip all preceding/trailing whitespace
// from passed-in String parameters
if( nickname != null ) {
nickname = nickname.trim();
}
if( alg == null || nickname == null || nickname.equals("") ) {
throw new NullPointerException();
}
SymmetricKey k = lookupUniqueNamedKeyNative(token, alg, nickname);
if( k == null ) {
return null;
} else {
return new SecretKeyFacade(k);
}
}
private native SymmetricKey lookupUniqueNamedKeyNative(CryptoToken token,
EncryptionAlgorithm alg, String nickname) throws TokenException;
/**
* Deletes the key with the given keyID from this token.
* @throws InvalidKeyException If the key does not exist on this token.
*/
public void deleteKey(byte[] keyID) throws TokenException,
InvalidKeyException
{
deleteKey(lookupKey(Encryptor.DEFAULT_ENCRYPTION_ALG, keyID));
}
/**
* If it exists, delete the key with the specified nickname from this
* token.
*/
public void deleteUniqueNamedKey(String nickname) throws TokenException,
InvalidKeyException
{
// only delete this symmetric key if it exists
if( uniqueNamedKeyExists(nickname) ) {
deleteKey(lookupUniqueNamedKey(Encryptor.DEFAULT_ENCRYPTION_ALG,
nickname));
}
}
/**
* Deletes this key from this token.
* @throws InvalidKeyException If the key does not reside on this token,
* or is not a JSS key.
*/
public void deleteKey(SecretKey key) throws TokenException,
InvalidKeyException
{
if( key == null ) {
throw new NullPointerException();
}
if( ! (key instanceof SecretKeyFacade) ) {
throw new InvalidKeyException("Key must be a JSS key");
}
deleteKeyNative(token, ((SecretKeyFacade)key).key);
}
private native void deleteKeyNative(CryptoToken token, SymmetricKey key)
throws TokenException;
}
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/SecretDecoderRing/package.html������������������������������0000664�0000000�0000000�00000001051�14125500636�0025617�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������
A facility for encrypting and decrypting small amounts of data with
a symmetric key. This is most commonly used for encrypting password files
to implement single sign-on.
ANY value. An ANY is just an arbitrary
* ASN.1 value. It can be thought of as the simplest implementation of the
* ASN1Value interface. Although they can be created
* from scratch (from raw BER), instances of ANY are usually
* found after decoding
* with a template that has an ANY field.
*
* ANY supports extracting the BER encoding, or decoding
* with a different template.
*/
public class ANY implements ASN1Value {
// The complete encoding of header + contents
private byte[] encoded;
private Tag tag;
/**
* Creates an ANY value, which is just a generic ASN.1 value.
* This method is provided for efficiency if the tag is already known,
* so that we don't have to parse the encoding for it.
*
* @param tag The tag of this value. It must be the same as the actual tag
* contained in the encoding.
* @param encoded The complete BER encoding of this value, including
* tag, form, length, and contents.
*/
public ANY(Tag tag, byte[] encoded) {
this.encoded = encoded;
this.tag = tag;
}
/**
* Creates an ANY value, which is just a generic ASN.1 value.
*
* @param encoded The complete BER encoding of this value, including
* tag, form, length, and contents.
* @throws InvalidBERException If there is an invalid BER encoding.
*/
public ANY(byte[] encoded) throws InvalidBERException {
try {
this.encoded = encoded;
ByteArrayInputStream bis = new ByteArrayInputStream(encoded);
ASN1Header head = new ASN1Header(bis);
this.tag = head.getTag();
} catch (IOException e) {
throw new org.mozilla.jss.util.AssertionException(
"IOException while creating ANY: " + e);
}
}
/**
* Returns the tag of this value.
*/
@Override
public Tag getTag() {
return tag;
}
/**
* Returns the complete encoding of header and contents, as passed into
* the constructor or read from a BER input stream.
*
* @return Encoded header and contents.
*/
public byte[] getEncoded() {
return encoded;
}
/**
* Returns the ASN.1 header from the encoding.
*
* @return ASN.1 header.
* @throws InvalidBERException If there is an invalid BER encoding.
* @throws IOException If other error occurred.
*/
public ASN1Header getHeader() throws InvalidBERException, IOException {
if (header == null) {
ByteArrayInputStream bis = new ByteArrayInputStream(encoded);
header = new ASN1Header(bis);
}
return header;
}
private ASN1Header header = null;
/**
* Strips out the header and returns just the contents octets of the
* encoding.
*/
private byte[] contents = null;
public byte[] getContents() throws InvalidBERException {
try {
if (contents == null) {
ByteArrayInputStream bis = new ByteArrayInputStream(encoded);
header = new ASN1Header(bis);
contents = new byte[bis.available()];
if ((contents.length != header.getContentLength()) &&
(header.getContentLength() != -1)) {
throw new InvalidBERException("Length of contents was not the " +
"same as the header predicted");
}
ASN1Util.readFully(contents, bis);
}
return contents;
} catch (IOException e) {
throw new RuntimeException("Unable to read byte array: " + e.getMessage(), e);
}
}
@Override
public void encode(OutputStream ostream) throws IOException {
ostream.write(encoded);
}
/**
* Decodes this ANY using the given template. This is useful if you
* originally decoded something as an ANY because you didn't know
* what it was, but now you know what it is supposed to be.
*
* @param template The template to use to decode this ANY.
* @return The output of the given template when it is fed the
* encoding of this ANY.
* @throws InvalidBERException If there is an invalid BER encoding.
*/
public ASN1Value decodeWith(ASN1Template template)
throws InvalidBERException {
try {
ByteArrayInputStream bis = new ByteArrayInputStream(encoded);
return template.decode(bis);
} catch (IOException e) {
throw new RuntimeException("Unable to read byte array: " + e.getMessage(), e);
}
}
/**
* Decodes this ANY using the given template. This is useful if you
* originally decoded something as an ANY because you didn't know
* what it was, but now you know what it is supposed to be.
*
* @param implicitTag The implicit tag for the encoding.
* @param template The template to use to decode this ANY.
* @return The output of the given template when it is fed the
* encoding of this ANY.
* @throws InvalidBERException If there is an invalid BER encoding.
* @throws IOException If other error occurred.
*/
public ASN1Value decodeWith(Tag implicitTag, ASN1Template template)
throws IOException, InvalidBERException {
ByteArrayInputStream bis = new ByteArrayInputStream(encoded);
return template.decode(implicitTag, bis);
}
/**
* @param implicitTag This parameter is ignored, because
* ANY values cannot have implicit tags.
* @throws IOException If an error occurred.
*/
@Override
public void encode(Tag implicitTag, OutputStream ostream)
throws IOException {
if (!implicitTag.equals(tag)) {
throw new RuntimeException("No implicit tags allowed for ANY");
}
ostream.write(encoded);
}
/**
* Extracts the contents from the ANY and encodes them with
* the provided tag.
*
* @param alternateTag Alternate tag.
* @param ostream Output stream.
* @throws InvalidBERException If there is an invalid BER encoding.
* @throws IOException If other error occurred.
*/
public void encodeWithAlternateTag(Tag alternateTag, OutputStream ostream)
throws IOException, InvalidBERException {
byte[] contents = getContents();
ASN1Header oldHead = getHeader();
assert (contents.length == oldHead.getContentLength());
ASN1Header newHead = new ASN1Header(alternateTag, oldHead.getForm(),
contents.length);
newHead.encode(ostream);
ostream.write(contents);
}
/**
* Returns a singleton instance of a decoding template.
*
* @return Decoding template.
*/
public static Template getTemplate() {
return templateInstance;
}
private static Template templateInstance = new Template();
/**
* A class for decoding ANY values from BER.
*/
public static class Template implements ASN1Template {
@Override
public boolean tagMatch(Tag tag) {
return true; // wheeeeee...it's ANY!
}
@Override
public ASN1Value decode(InputStream istream)
throws IOException, InvalidBERException {
try {
ASN1Header head = ASN1Header.lookAhead(istream);
if (head.getContentLength() == -1) {
// indefinite length encoding
ByteArrayOutputStream recording = new ByteArrayOutputStream();
// eat the header off the input stream
head = new ASN1Header(istream);
// write the header to the recording stream
recording.write(head.encode());
// write all objects from the input stream to the recording
// stream, until we hit an END-OF-CONTENTS tag
ANY any;
ANY.Template anyt = new ANY.Template();
int count = 0;
do {
any = (ANY) anyt.decode(istream);
recording.write(any.getEncoded());
} while (!any.getTag().equals(Tag.EOC));
return new ANY(head.getTag(), recording.toByteArray());
} else {
// definite length encoding
byte[] data = new byte[(int) head.getTotalLength()];
ASN1Util.readFully(data, istream);
return new ANY(head.getTag(), data);
}
} catch (InvalidBERException e) {
throw new InvalidBERException(e, "ANY");
}
}
@Override
public ASN1Value decode(Tag implicitTag, InputStream istream)
throws IOException, InvalidBERException {
throw new InvalidBERException("Implicit tag on ANY");
}
} // End of Template
}
���������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/ASN1Header.java����������������������������������������0000664�0000000�0000000�00000030521�14125500636�0023327�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
/**
* The portion of a BER encoding that precedes the contents octets. Consists
* of the tag, form, and length octets.
*/
public class ASN1Header {
// This is set by the the decoding constructor, and by the encode()
// method. If it is set by the decoding constructor, it is supposed
// to represent what was actually read from the input stream, so it
// must not be overwritten later by the output of encode(), which could
// be a different encoding (DER vs. BER, for example).
private byte[] cachedEncoding = null;
/**
* Returns the length of the header plus the length of the contents;
* the total length of the DER encoding of an ASN1 value. Returns
* -1 if indefinite length encoding was used.
*
* @return Total length.
*/
public long getTotalLength() {
if (contentLength == -1) {
return -1;
} else {
return encode().length + contentLength;
}
}
private Tag tag;
public Tag getTag() {
return tag;
}
// -1 means indefinite length encoding
private long contentLength;
/**
* Returns -1 for indefinite length encoding.
*
* @return Content length.
*/
public long getContentLength() {
return contentLength;
}
// PRIMITIVE or CONSTRUCTED
public static final Form PRIMITIVE = Form.PRIMITIVE;
public static final Form CONSTRUCTED = Form.CONSTRUCTED;
private Form form;
/**
* Returns the Form, PRIMITIVE or CONSTRUCTED.
*
* @return The form.
*/
public Form getForm() {
return form;
}
// This is the maximum size of ASN1 Header we support.
// 32 bytes is pretty huge, I've never seen anything bigger than 7.
private static final int MAX_LOOK_AHEAD = 32;
/**
* Returns information about the next item in the stream, but does not
* consume any octets.
*
* @param derStream DER stream.
* @return ASN.1 header.
* @throws InvalidBERException If there is an invalid BER encoding.
* @exception IOException If the input stream does not support look ahead.
*/
public static ASN1Header lookAhead(InputStream derStream)
throws IOException, InvalidBERException {
if (!derStream.markSupported()) {
throw new IOException("Mark not supported on this input stream");
}
derStream.mark(MAX_LOOK_AHEAD);
ASN1Header info = new ASN1Header(derStream);
derStream.reset();
return info;
}
/**
* Gets info about the next item in the DER stream, consuming the
* identifier and length octets.
*
* @param istream Input stream.
* @throws InvalidBERException If there is an invalid BER encoding.
* @throws IOException If other error occurred.
*/
public ASN1Header(InputStream istream)
throws InvalidBERException, IOException {
// default BAOS size is 32 bytes, which is plenty
ByteArrayOutputStream encoding = new ByteArrayOutputStream();
int inInt = istream.read();
if (inInt == -1) {
throw new InvalidBERException("End-of-file reached while " +
"decoding ASN.1 header");
}
encoding.write(inInt);
byte byte1 = (byte) inInt;
Tag.Class tagClass;
//
// Get Tag Class
//
tagClass = Tag.Class.fromInt((byte1 & 0xff) >>> 6);
//
// Get form
//
if ((byte1 & 0x20) == 0x20) {
form = CONSTRUCTED;
} else {
form = PRIMITIVE;
}
//
// Get Tag Number
//
long tagNum;
if ((byte1 & 0x1f) == 0x1f) {
// long form
//
// read all octets into a Vector of Bytes
//
byte next;
Vectortrue if this is a BER end-of-contents marker.
*/
public boolean isEOC() {
return (tag.equals(Tag.EOC));
}
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/ASN1Template.java��������������������������������������0000664�0000000�0000000�00000004032�14125500636�0023710�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.io.IOException;
import java.io.InputStream;
/**
* An interface for decoding ASN1Values from their BER encodings.
*
* @see ASN1Value
*/
public interface ASN1Template {
/**
* Determines whether the given tag will satisfy this template.
*
* @param tag Tag.
* @return True if the given tag will satisfy this template.
*/
public boolean tagMatch(Tag tag);
/**
* Decodes an ASN1Value from the InputStream without an implicit tag.
*
* @param istream Must support marking (markSupported() == true).
* For example, ByteArrayInputStream and BufferedInputStream
* support marking, but FileInputStream does not. If your source
* does not support marking, you can wrap it in a
* BufferedInputStream.
* @return ASN.1 value.
* @throws InvalidBERException If there is an invalid BER encoding.
* @throws IOException If other error occurred.
*/
public ASN1Value decode(InputStream istream)
throws IOException, InvalidBERException;
/**
* Decodes an ASN1Value from the InputStream with the given implicit
* tag.
*
* @param implicitTag Implicit tag.
* @param istream Must support marking (markSupported() == true).
* For example, ByteArrayInputStream and BufferedInputStream
* support marking, but FileInputStream does not. If your source
* does not support marking, you can wrap it in a
* BufferedInputStream.
* @return ASN.1 value.
* @throws InvalidBERException If there is an invalid BER encoding.
* @throws IOException If other error occurred.
*/
public ASN1Value decode(Tag implicitTag, InputStream istream)
throws IOException, InvalidBERException;
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/ASN1Util.c���������������������������������������������0000664�0000000�0000000�00000006611�14125500636�0022360�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape Security Services for Java.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "_jni/org_mozilla_jss_asn1_ASN1Util.h"
#include BIT STRING, which is an ordered sequence of bits.
* The bits are stored the same way they are encoded in BER: as an array
* of bytes with 0-7 unused bits at the end.
*/
public class BIT_STRING implements ASN1Value {
private byte[] bits;
private int padCount;
private boolean removeTrailingZeroes = false;
/**
* @param bits The bits packed into an array of bytes, with padding
* at the end. The array may be empty (but not null), in which case
* padCount must be zero. The array is referenced,
* not cloned.
* @param padCount The number of padding bits at the end of the array.
* Must be in the range [0,7].
* @exception NumberFormatException If padCount is not in
* the range [0,7], or bits is
* empty and padCount is non-zero.
*/
public BIT_STRING(byte[] bits, int padCount)
throws NumberFormatException {
if (padCount < 0 || padCount > 7) {
throw new NumberFormatException();
}
if (bits.length == 0 && padCount != 0) {
throw new NumberFormatException();
}
this.bits = bits;
this.padCount = padCount;
}
/**
* Constructs a BIT_STRING from a BitSet.
*
* @param bs A BitSet.
* @param numBits The number of bits to copy from the BitSet.
* This is necessary because the size of a BitSet is always padded
* up to a multiple of 64, but not all of these bits may
* be significant.
* @exception NumberFormatException If numBits is larger
* than bs.size() or less than zero.
*/
public BIT_STRING(BitSet bs, int numBits)
throws NumberFormatException {
if (numBits < 0 || numBits > bs.size()) {
throw new NumberFormatException();
}
// allocate enough bytes to hold all the bits
bits = new byte[(numBits + 7) / 8];
padCount = (bits.length * 8) - numBits;
assert (padCount >= 0 && padCount <= 7);
for (int i = 0; i < numBits; i++) {
if (bs.get(i)) {
bits[i / 8] |= 0x80 >>> (i % 8);
}
}
}
/**
* Determines whether the DER-encoding of this bitstring will have
* its trailing zeroes removed. Generally, DER requires that trailing
* zeroes be removed when the bitstring is used to hold flags, but
* not when it is used to hold binary data (such as a public key).
* The default is false.
*
* @return True if trailing zeroes are to be removed.
*/
public boolean getRemoveTrailingZeroes() {
return this.removeTrailingZeroes;
}
/**
* Determines whether the DER-encoding of this bitstring will have
* its trailing zeroes removed. Generally, DER requires that trailing
* zeroes be removed when the bitstring is used to hold flags, but
* not when it is used to hold binary data (such as a public key).
* The default is false. If this bit string is used to hold
* flags, you should set this to true.
*
* @param removeTrailingZeroes True if trailing zeroes are to be removed.
*/
public void setRemoveTrailingZeroes(boolean removeTrailingZeroes) {
this.removeTrailingZeroes = removeTrailingZeroes;
}
/**
* Returns the bits packed into an array of bytes, with padding
* at the end. The array may be empty (but not null), in which case
* padCount must be zero. The array is referenced,
* not cloned.
*
* @return BIT STRING as byte array.
*/
public byte[] getBits() {
return bits;
}
/**
* Copies this BIT STRING into a Java BitSet. Note that BitSet.size()
* will not accurately reflect the number of bits in the BIT STRING,
* because the size of a BitSet is always rounded up to the next multiple
* of 64. The extra bits will be set to 0.
*
* @return BIT STRING as BitSet.
*/
public BitSet toBitSet() {
BitSet bs = new BitSet();
int numBits = (bits.length * 8) - padCount;
for (int i = 0; i < numBits; i++) {
if ((bits[i / 8] & (0x80 >>> (i % 8))) != 0) {
bs.set(i);
} else {
bs.clear(i);
}
}
return bs;
}
/**
* Copies this BIT STRING into a boolean array. Each element of the array
* represents one bit with true for 1 and false
* for 0.
*
* @return BIT STRING as boolean array.
*/
public boolean[] toBooleanArray() {
boolean[] array = new boolean[(bits.length * 8) - padCount];
// all elements are set to false by default
for (int i = 0; i < array.length; i++) {
if ((bits[i / 8] & (0x80 >>> (i % 8))) != 0) {
array[i] = true;
}
}
return array;
}
/**
* Returns the number of padding bits at the end of the array.
* Must be in the range [0,7].
*
* @return Number of padding.
*/
public int getPadCount() {
return padCount;
}
public static final Tag TAG = new Tag(Tag.UNIVERSAL, 3);
public static final Form FORM = Form.PRIMITIVE;
@Override
public Tag getTag() {
return TAG;
}
@Override
public void encode(OutputStream ostream) throws IOException {
encode(TAG, ostream);
}
@Override
public void encode(Tag implicitTag, OutputStream ostream)
throws IOException {
// force all unused bits to be zero, in support of DER standard.
if (bits.length > 0) {
bits[bits.length - 1] &= (0xff << padCount);
}
int padBits;
int numBytes;
if (removeTrailingZeroes) {
// first pare off empty bytes
numBytes = bits.length;
for (; numBytes > 0; --numBytes) {
if (bits[numBytes - 1] != 0) {
break;
}
}
// Now compute the number of unused bits. This includes any
// trailing zeroes, whether they are significant or not.
if (numBytes == 0) {
padBits = 0;
} else {
for (padBits = 0; padBits < 8; ++padBits) {
if ((bits[numBytes - 1] & (1 << padBits)) != 0) {
break;
}
}
assert (padBits >= 0 && padBits <= 7);
}
} else {
// Don't remove trailing zeroes. Just write the bits out as-is.
padBits = padCount;
numBytes = bits.length;
}
ASN1Header head = new ASN1Header(implicitTag, FORM, numBytes + 1);
head.encode(ostream);
ostream.write(padBits);
ostream.write(bits, 0, numBytes);
}
private static final Template templateInstance = new Template();
public static Template getTemplate() {
return templateInstance;
}
/**
* A class for decoding a BIT_STRING from its BER encoding.
*/
public static class Template implements ASN1Template {
@Override
public boolean tagMatch(Tag tag) {
return (TAG.equals(tag));
}
@Override
public ASN1Value decode(InputStream istream)
throws IOException, InvalidBERException {
return decode(TAG, istream);
}
@Override
public ASN1Value decode(Tag implicitTag, InputStream istream)
throws IOException, InvalidBERException {
try {
ASN1Header head = new ASN1Header(istream);
head.validate(implicitTag);
if (head.getContentLength() == -1) {
// indefinite length encoding
ByteArrayOutputStream bos = new ByteArrayOutputStream();
int padCount = 0;
ASN1Header ahead;
do {
ahead = ASN1Header.lookAhead(istream);
if (!ahead.isEOC()) {
if (padCount != 0) {
throw new InvalidBERException("Element of constructed " +
"BIT STRING has nonzero unused bits, but is not\n" +
"the last element of the construction.");
}
BIT_STRING.Template bst = new BIT_STRING.Template();
BIT_STRING bs = (BIT_STRING) bst.decode(istream);
bos.write(bs.getBits());
padCount = bs.getPadCount();
}
} while (!ahead.isEOC());
// consume the EOC
ahead = new ASN1Header(istream);
return new BIT_STRING(bos.toByteArray(), padCount);
}
// First octet is the number of unused bits in last octet
int padCount = istream.read();
if (padCount == -1) {
throw new InvalidBERException.EOF();
} else if (padCount < 0 || padCount > 7) {
throw new InvalidBERException("Unused bits not in range [0,7]");
}
// get the rest of the octets
byte[] bits = new byte[(int) head.getContentLength() - 1];
ASN1Util.readFully(bits, istream);
return new BIT_STRING(bits, padCount);
} catch (InvalidBERException e) {
throw new InvalidBERException(e, "BIT STRING");
}
}
} // end of Template
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/BMPString.java�����������������������������������������0000664�0000000�0000000�00000007355�14125500636�0023332�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.io.CharConversionException;
import java.io.UnsupportedEncodingException;
/**
* The ASN.1 type BMPString. BMPStrings use the Unicode character set.
* They are encoded and decoded in big-endian format using two octets.
*/
public class BMPString extends CharacterString {
/**
* Creates a new BMPString from an array of Java characters.
*
* @param chars Input characters.
* @throws CharConversionException If an error occurred.
*/
public BMPString(char[] chars) throws CharConversionException {
super(chars);
}
/**
* Creates a new BMPString from a Java String.
*
* @param s Input string.
* @throws CharConversionException If an error occurred.
*/
public BMPString(String s) throws CharConversionException {
super(s);
}
/**
* Returns the conversion object for converting between an encoded byte
* array an an array of Java characters.
*
* @return Character converter.
*/
@Override
CharConverter getCharConverter() {
return converterInstance;
}
private static final BMPConverter converterInstance = new BMPConverter();
static final Tag TAG = new Tag(Tag.UNIVERSAL, 30);
static final Form FORM = Form.PRIMITIVE;
@Override
public Tag getTag() {
return TAG;
}
/**
* Returns a singleton instance of BMPString.Template. This is more
* efficient than creating a new BMPString.Template.
*
* @return BMSString template.
*/
public static Template getTemplate() {
return templateInstance;
}
private static final Template templateInstance = new Template();
// nested class
public static class Template extends CharacterString.Template {
@Override
protected Tag getTag() {
return TAG;
}
@Override
public boolean tagMatch(Tag tag) {
return TAG.equals(tag);
}
@Override
protected CharConverter getCharConverter() {
return new BMPConverter();
}
@Override
protected CharacterString generateInstance(char[] chars)
throws CharConversionException {
return new BMPString(chars);
}
@Override
protected String typeName() {
return "BMPString";
}
}
private static class BMPConverter implements CharConverter {
@Override
public char[] byteToChar(byte[] bytes, int offset, int len)
throws CharConversionException {
try {
String s = new String(bytes, offset, len, "UnicodeBig");
return s.toCharArray();
} catch (UnsupportedEncodingException e) {
String err = "Unable to find UnicodeBig encoding mechanism";
throw (CharConversionException) new CharConversionException(err).initCause(e);
}
}
@Override
public byte[] charToByte(char[] chars, int offset, int len)
throws CharConversionException {
try {
// We don't want the byte-order mark
String s = new String(chars, offset, len);
return s.getBytes("UnicodeBigUnmarked");
} catch (UnsupportedEncodingException e) {
String err = "Unable to find UnicodeBigUnmarked encoding mechanism";
throw (CharConversionException) new CharConversionException(err).initCause(e);
}
}
} // end of char converter
}
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/BOOLEAN.java�������������������������������������������0000664�0000000�0000000�00000005765�14125500636�0022607�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
/**
* An ASN.1 BOOLEAN value.
*/
public class BOOLEAN implements ASN1Value {
public static final Tag TAG = new Tag(Tag.Class.UNIVERSAL, 1);
public static final Form FORM = Form.PRIMITIVE;
@Override
public Tag getTag() {
return TAG;
}
private ASN1Header getHeader(Tag implicitTag) {
return new ASN1Header(implicitTag, FORM, 1);
}
@Override
public void encode(OutputStream ostream) throws IOException {
encode(TAG, ostream);
}
@Override
public void encode(Tag implicitTag, OutputStream ostream)
throws IOException {
getHeader(implicitTag).encode(ostream);
if (val) {
ostream.write(0xff);
} else {
ostream.write(0x00);
}
}
private boolean val;
/**
* Creates a BOOLEAN with the given value.
*
* @param val Boolean value.
*/
public BOOLEAN(boolean val) {
this.val = val;
}
/**
* @return The boolean value of this BOOLEAN.
*/
public boolean toBoolean() {
return val;
}
/**
* Returns "true" or "false".
*/
@Override
public String toString() {
if (val) {
return "true";
} else {
return "false";
}
}
private static final Template templateInstance = new Template();
public static Template getTemplate() {
return templateInstance;
}
/**
* A Class for decoding BOOLEAN values from their BER
* encodings.
*/
public static class Template implements ASN1Template {
@Override
public boolean tagMatch(Tag tag) {
return (tag.equals(BOOLEAN.TAG));
}
@Override
public ASN1Value decode(InputStream istream)
throws IOException, InvalidBERException {
return decode(TAG, istream);
}
@Override
public ASN1Value decode(Tag tag, InputStream istream)
throws IOException, InvalidBERException {
try {
ASN1Header head = new ASN1Header(istream);
head.validate(tag, FORM);
int b = istream.read();
if (b == -1) {
throw new InvalidBERException("End-of-file reached while " +
"decoding BOOLEAN");
}
if (b == 0x00) {
return new BOOLEAN(false);
} else {
return new BOOLEAN(true);
}
} catch (InvalidBERException e) {
throw new InvalidBERException(e, "BOOLEAN");
}
}
}
}
�����������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/CHOICE.java��������������������������������������������0000664�0000000�0000000�00000020766�14125500636�0022460�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Vector;
/**
* Objects of this class are generated by CHOICE.Template.decode(). It is
* not necessary to use them to encode a CHOICE. Since the encoding of a
* CHOICE is simply the encoding of the chosen element, it is easier
* to just write out the chosen element.
*/
public class CHOICE implements ASN1Value {
private Tag tag;
private ASN1Value val;
/**
* Create a CHOICE whose chosen element has an implicit tag.
*
* @param implicitTag Implicit tag.
* @param val The value.
*/
public CHOICE(Tag implicitTag, ASN1Value val) {
tag = implicitTag;
this.val = val;
}
/**
* Create a CHOICE whose chosen element has no implicit tag.
*
* @param val The value.
*/
public CHOICE(ASN1Value val) {
this.tag = val.getTag();
this.val = val;
}
/**
* Returns the tag that the chosen element is encoded with, which is
* either the underlying tag of the element or an implicit tag.
*/
@Override
public Tag getTag() {
return tag;
}
/**
* @return The chosen value.
*/
public ASN1Value getValue() {
return val;
}
public static CHOICE.Template getTemplate() {
return new CHOICE.Template();
}
/**
* Encodes this CHOICE. This merely consists of encoding the chosen
* element with an implicit tag, if one was given in the constructor,
* or with its own underlying tag.
*/
@Override
public void encode(OutputStream ostream) throws IOException {
val.encode(tag, ostream);
}
/**
* Encodes this CHOICE. This merely consists of encoding the chosen
* element with an implicit tag, if one was given in the constructor,
* or with its own underlying tag.
*
* @param implicitTag This value is ignored. The tag of a CHOICE
* is merely the tag of the chosen element of the CHOICE. A
* CHOICE cannot itself have an implicit tag.
*/
@Override
public void encode(Tag implicitTag, OutputStream ostream)
throws IOException {
assert (implicitTag.equals(tag));
val.encode(tag, ostream);
}
/**
* A Template for decoding ASN.1 CHOICEs
*/
public static class Template implements ASN1Template {
// The the various possibilities in this CHOICE
private VectorENUMERATED value. This has the same
* interface as INTEGER
*/
public class ENUMERATED extends INTEGER {
private static final long serialVersionUID = 1L;
public static final Tag TAG = new Tag(Tag.Class.UNIVERSAL, 10);
@Override
public Tag getTag() {
return TAG;
}
/**
* Creates a new ENUMERATED value from a long int.
*
* @param val Input value.
*/
public ENUMERATED(long val) {
super(val);
}
ENUMERATED(byte[] valBytes) {
super(valBytes);
}
/**
* @return The value as a long int.
*/
public long getValue() {
return longValue();
}
private static final ENUMERATED.Template templateInstance = new ENUMERATED.Template();
public static ASN1Template getTemplate() {
return templateInstance;
}
/**
* A template for decoding ENUMERATED values from their BER encodings.
* The template reads the value as an INTEGER. It does not check that it
* is a valid value for the ENUMERATED type.
*/
public static class Template
extends INTEGER.Template {
@Override
Tag getTag() {
return ENUMERATED.TAG;
}
@Override
public boolean tagMatch(Tag tag) {
return (tag.equals(ENUMERATED.TAG));
}
@Override
public ASN1Value decode(Tag tag, InputStream derStream)
throws InvalidBERException, IOException {
try {
ASN1Header wrapper = new ASN1Header(derStream);
wrapper.validate(tag, FORM);
// Is length < 1 ?
if (wrapper.getContentLength() < 1) {
throw new InvalidBERException("Invalid 0 length for ENUMERATED");
}
byte[] valBytes = new byte[(int) wrapper.getContentLength()];
ASN1Util.readFully(valBytes, derStream);
return new ENUMERATED(valBytes);
} catch (InvalidBERException e) {
throw new InvalidBERException(e, "ENUMERATED");
}
}
} // end of Template
}
���������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/EXPLICIT.java������������������������������������������0000664�0000000�0000000�00000010323�14125500636�0022733�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
/**
* An explicit tag.
*/
public class EXPLICIT implements ASN1Value {
public static final Form FORM = Form.CONSTRUCTED;
private ASN1Value content;
private Tag tag;
/**
* Creates an EXPLICIT tag wrapping some other ASN1Value. For example,
* for the following ASN.1 snippet:
*
*
* MyType [3] EXPLICIT INTEGER
*
*
* assuming a sample value of 5 for the INTEGER, a MyType could be
* created with:
*
*
* EXPLICIT myValue = new EXPLICIT(new Tag(3), new INTEGER(5));
*
*
* @param tag Tag.
* @param content Content.
*/
public EXPLICIT(Tag tag, ASN1Value content) {
assert (tag != null && content != null);
this.content = content;
this.tag = tag;
}
/**
* @return the ASN1Value that is wrapped by this EXPLICIT tag.
*/
public ASN1Value getContent() {
return content;
}
/**
* Returns the Tag of this EXPLICIT tag.
*/
@Override
public Tag getTag() {
return tag;
}
@Override
public void encode(OutputStream ostream) throws IOException {
encode(tag, ostream);
}
@Override
public void encode(Tag implicitTag, OutputStream ostream)
throws IOException {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
content.encode(bos);
byte[] contentBytes = bos.toByteArray();
ASN1Header head = new ASN1Header(implicitTag, FORM,
contentBytes.length);
head.encode(ostream);
ostream.write(contentBytes);
}
public static Template getTemplate(Tag tag, ASN1Template content) {
return new Template(tag, content);
}
/**
* A template for decoding an object wrapped in an EXPLICIT tag.
*/
public static class Template implements ASN1Template {
private ASN1Template content;
private Tag tag;
/**
* Creates a template for unwrapping an object wrapped in an explicit tag.
* For example, to decode:
*
*
* MyValue ::= [3] EXPLICIT INTEGER
*
*
* use:
*
*
* EXPLICIT.Template myTemplate = new EXPLICIT.Template(new Tag(3),
* new INTEGER.Template());
*
*
* @param tag The tag value of the EXPLICIT tag.
* @param content The template for decoding the object that is wrapped
* in the explicit tag.
*/
public Template(Tag tag, ASN1Template content) {
this.content = content;
this.tag = tag;
}
@Override
public boolean tagMatch(Tag tag) {
return (this.tag.equals(tag));
}
@Override
public ASN1Value decode(InputStream istream)
throws IOException, InvalidBERException {
return decode(tag, istream);
}
@Override
public ASN1Value decode(Tag implicitTag, InputStream istream)
throws IOException, InvalidBERException {
try {
ASN1Header head = new ASN1Header(istream);
head.validate(implicitTag, Form.CONSTRUCTED);
ASN1Value val = content.decode(istream);
EXPLICIT e = new EXPLICIT(tag, val);
// if indefinite content length, consume the end-of-content marker
if (head.getContentLength() == -1) {
head = new ASN1Header(istream);
if (!head.isEOC()) {
throw new InvalidBERException("No end-of-contents marker");
}
}
return e;
} catch (InvalidBERException e) {
throw new InvalidBERException(e, "EXPLICIT");
}
}
} // end of Template
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/FieldNotPresentException.java��������������������������0000664�0000000�0000000�00000001565�14125500636�0026446�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
/**
* An exception thrown when an optional field is not present.
*/
public class FieldNotPresentException extends java.lang.Exception {
private static final long serialVersionUID = 1L;
public FieldNotPresentException() {
super();
}
public FieldNotPresentException(String mesg) {
super(mesg);
}
public FieldNotPresentException(String mesg, Throwable cause) {
super(mesg, cause);
}
public FieldNotPresentException(String mesg, Throwable cause, boolean enableSuppression,
boolean writableStackTrace) {
super(mesg, cause, enableSuppression, writableStackTrace);
}
}
�������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/Form.java����������������������������������������������0000664�0000000�0000000�00000001302�14125500636�0022412�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
/**
* An enumerated type representing the forms of an ASN.1 value.
* The possibilities are PRIMITIVE and CONSTRUCTED.
*/
public class Form {
private String name;
private Form() {
}
private Form(String name) {
this.name = name;
}
public static final Form PRIMITIVE = new Form("PRIMITIVE");
public static final Form CONSTRUCTED = new Form("CONSTRUCTED");
@Override
public String toString() {
return name;
}
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/GeneralizedTime.java�����������������������������������0000664�0000000�0000000�00000003013�14125500636�0024560�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.util.Date;
/**
* The ASN.1 type GeneralizedTime
*/
public class GeneralizedTime extends TimeBase {
public static final Tag TAG = new Tag(Tag.UNIVERSAL, 24);
@Override
public Tag getTag() {
return TAG;
}
/**
* Creates a GeneralizedTime from a Date.
*
* @param date Input date.
*/
public GeneralizedTime(Date date) {
super(date);
}
@Override
protected boolean isUTC() {
return false;
}
private static final GeneralizedTime.Template templateInstance = new GeneralizedTime.Template();
public static GeneralizedTime.Template getTemplate() {
return templateInstance;
}
/**
* A class for decoding GeneralizedTimes.
*/
public static class Template extends TimeBase.Template
implements ASN1Template {
@Override
protected Tag getTag() {
return TAG;
}
@Override
public boolean tagMatch(Tag tag) {
return TAG.equals(tag);
}
@Override
protected boolean isUTC() {
return false;
}
@Override
protected TimeBase generateInstance(Date date) {
return new GeneralizedTime(date);
}
}
}
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/IA5String.java�����������������������������������������0000664�0000000�0000000�00000005516�14125500636�0023267�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.io.CharConversionException;
public class IA5String extends CharacterString {
public IA5String(char[] chars) throws CharConversionException {
super(chars);
}
public IA5String(String s) throws CharConversionException {
super(s);
}
@Override
CharConverter getCharConverter() {
return new IA5Converter();
}
public static final Tag TAG = new Tag(Tag.Class.UNIVERSAL, 22);
@Override
public Tag getTag() {
return TAG;
}
public static Template getTemplate() {
return templateInstance;
}
private static final Template templateInstance = new Template();
// nested class
public static class Template
extends CharacterString.Template {
@Override
public Tag getTag() {
return IA5String.TAG;
}
@Override
public boolean tagMatch(Tag tag) {
return (tag.equals(IA5String.TAG));
}
@Override
protected CharConverter getCharConverter() {
return new IA5Converter();
}
@Override
protected CharacterString generateInstance(char[] chars)
throws CharConversionException {
return new IA5String(chars);
}
@Override
protected String typeName() {
return "IA5String";
}
}
// nested class
private static class IA5Converter implements CharConverter {
@Override
public char[] byteToChar(byte[] bytes, int offset, int len)
throws CharConversionException {
char[] chars = new char[len];
int c; // char index
int b; // byte index
for (b = offset, c = 0; c < len; b++, c++) {
if ((bytes[b] & 0x80) != 0) {
throw new CharConversionException("Invalid character: " +
bytes[b]);
}
chars[c] = (char) (bytes[b] & 0x7f);
}
return chars;
}
@Override
public byte[] charToByte(char[] chars, int offset, int len)
throws CharConversionException {
byte[] bytes = new byte[len];
int c; // char index
int b; // byte index
for (c = offset, b = 0; b < len; c++, b++) {
if ((chars[c] & 0x7f) != chars[c]) {
throw new CharConversionException("Invalid character: " +
chars[c]);
}
bytes[b] = (byte) (chars[c] & 0x7f);
}
return bytes;
}
}
}
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/INTEGER.java�������������������������������������������0000664�0000000�0000000�00000014647�14125500636�0022624�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Random;
/**
* The ASN.1 type INTEGER. This class extends BigInteger.
*/
public class INTEGER extends BigInteger implements ASN1Value {
private static final long serialVersionUID = 1L;
private byte[] encodedContents = null;
private byte[] getEncodedContents() {
if (encodedContents == null) {
encodedContents = toByteArray();
}
return encodedContents;
}
private ASN1Header getHeader(Tag t) {
return new ASN1Header(t, FORM, getContentLength());
}
public INTEGER(String s) throws NumberFormatException {
super(s);
}
public INTEGER(String s, int r) throws NumberFormatException {
super(s, r);
}
public INTEGER(byte[] bval) throws NumberFormatException {
super(bval);
}
public INTEGER(int sign, byte[] mag) throws NumberFormatException {
super(sign, mag);
}
public INTEGER(int numBits, Random rnd) throws NumberFormatException {
super(numBits, rnd);
}
public INTEGER(int bitLength, int certainty, Random rnd) {
super(bitLength, certainty, rnd);
}
public INTEGER(long val) {
super(BigInteger.valueOf(val).toByteArray());
}
public INTEGER(BigInteger bi) {
super(bi.toByteArray());
}
public static final Tag TAG = new Tag(Tag.Class.UNIVERSAL, 2);
@Override
public Tag getTag() {
return TAG;
}
public static final Form FORM = Form.PRIMITIVE;
@Override
public void encode(OutputStream outStream) throws IOException {
encode(getTag(), outStream);
}
@Override
public void encode(Tag implicitTag, OutputStream outStream)
throws IOException {
// write header
getHeader(implicitTag).encode(outStream);
// write contents
outStream.write(getEncodedContents());
}
public long getContentLength() {
return getEncodedContents().length;
}
public byte[] encode() throws IOException {
ByteArrayOutputStream b = new ByteArrayOutputStream();
encode(b);
return b.toByteArray();
}
private static final INTEGER.Template templateInstance = new INTEGER.Template();
public static ASN1Template getTemplate() {
return templateInstance;
}
/**
* Tests the DER encoding and decoding of the INTEGER class.
*
* @param args Arguments.
*/
public static void main(String args[]) {
try {
int[] Is = new int[11];
int[][] Bs = new int[11][];
int i = 0;
Is[i] = 0;
Bs[i++] = new int[] { 0x02, 0x01, 0x00 };
Is[i] = 1;
Bs[i++] = new int[] { 0x02, 0x01, 0x01 };
Is[i] = -1;
Bs[i++] = new int[] { 0x02, 0x01, 0xff };
Is[i] = 127;
Bs[i++] = new int[] { 0x02, 0x01, 0x7f };
Is[i] = 128;
Bs[i++] = new int[] { 0x02, 0x02, 0x00, 0x80 };
Is[i] = 255;
Bs[i++] = new int[] { 0x02, 0x02, 0x00, 0xff };
Is[i] = 256;
Bs[i++] = new int[] { 0x02, 0x02, 0x01, 0x00 };
Is[i] = -128;
Bs[i++] = new int[] { 0x02, 0x01, 0x80 };
Is[i] = -129;
Bs[i++] = new int[] { 0x02, 0x02, 0xff, 0x7f };
Is[i] = 43568;
Bs[i++] = new int[] { 0x02, 0x03, 0x00, 0xaa, 0x30 };
Is[i] = -43568;
Bs[i++] = new int[] { 0x02, 0x03, 0xff, 0x55, 0xd0 };
for (i = 0; i < Is.length; i++) {
INTEGER I = new INTEGER(Is[i]);
byte[] compare = I.encode();
if (!arraysEqual(compare, Bs[i])) {
System.err.println("Encoding FAILED: " + Is[i]);
System.exit(-1);
}
ByteArrayInputStream bis = new ByteArrayInputStream(compare);
Template template = new Template();
INTEGER create = (INTEGER) template.decode(bis);
if (create.intValue() != Is[i]) {
System.err.println("Decoding FAILED: " + Is[i]);
System.exit(-1);
}
}
System.out.println("PASS");
} catch (Exception e) {
e.printStackTrace();
}
}
private static boolean arraysEqual(byte[] bytes, int[] ints) {
if (bytes == null || ints == null) {
return false;
}
if (bytes.length != ints.length) {
return false;
}
for (int i = 0; i < bytes.length; i++) {
if (bytes[i] != (byte) ints[i]) {
return false;
}
}
return true;
}
///////////////////////////////////////////////////////////////////////
// INTEGER.Template
// This is a nested class.
//
public static class Template implements ASN1Template {
Tag getTag() {
return INTEGER.TAG;
}
@Override
public boolean tagMatch(Tag tag) {
return (tag.equals(INTEGER.TAG));
}
@Override
public ASN1Value decode(InputStream derStream)
throws InvalidBERException, IOException {
return decode(getTag(), derStream);
}
@Override
public ASN1Value decode(Tag tag, InputStream derStream)
throws InvalidBERException, IOException {
try {
ASN1Header wrapper = new ASN1Header(derStream);
wrapper.validate(tag, FORM);
// Is length < 1 ?
if (wrapper.getContentLength() < 1) {
throw new InvalidBERException("Invalid 0 length for INTEGER");
}
byte[] valBytes = new byte[(int) wrapper.getContentLength()];
ASN1Util.readFully(valBytes, derStream);
return new INTEGER(valBytes);
} catch (InvalidBERException e) {
throw new InvalidBERException(e, "INTEGER");
}
}
} // end of class Template
}
�����������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/InvalidBERException.java�������������������������������0000664�0000000�0000000�00000004420�14125500636�0025311�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.util.Vector;
/**
* An exception thrown when BER decoding fails.
*/
public class InvalidBERException extends java.lang.Exception {
private static final long serialVersionUID = 1L;
private InvalidBERException child = null;
private Vector3.2.456.53.23.64".
*
* Because the toString() method here provides a different format, we also
* allow that format, for example:
* "{3 2 456 53 23 64}".
*
* @param dottedOID OID string.
* @exception NumberFormatException If the given string cannot be
* parsed into an OID.
*/
public OBJECT_IDENTIFIER(String dottedOID) throws NumberFormatException {
if (dottedOID == null || dottedOID.length() == 0) {
throw new NumberFormatException("OID string is zero-length");
}
if (dottedOID.startsWith("{")) {
// input string is of the format provided by OBJECT_IDENTIFIER,toString()
// convert this first to dotted OID
// remove the leading and trailing brackets
dottedOID = dottedOID.substring(1, dottedOID.length() - 1);
// convert spaces to dots
dottedOID = dottedOID.replaceAll(" ", ".");
}
StringTokenizer stok = new StringTokenizer(dottedOID, ".");
numbers = new long[stok.countTokens()];
int i = 0;
while (stok.hasMoreElements()) {
numbers[i++] = Long.parseLong(stok.nextToken());
}
assert (i == numbers.length);
checkLongArray(numbers);
}
public long[] getNumbers() {
return numbers;
}
@Override
public int hashCode() {
int code = 1;
for (int i = 0; i < numbers.length; i++) {
code = (int) (code + numbers[i]) * 10;
}
return code;
}
/**
* Creates a new OBJECT_IDENTIFIER that is a sub-branch of this one.
* For example, if OBJECT_IDENTIFIER oid has the value
* { 1 3 5 6 },
* then calling oid.subBranch(4) would return a new
* OBJECT_IDENTIFIER with the value { 1 3 5 6 4 }.
*
* @param num Number.
* @return New sub-branch.
*/
public OBJECT_IDENTIFIER subBranch(long num) {
long[] nums = new long[numbers.length + 1];
System.arraycopy(numbers, 0, nums, 0, numbers.length);
nums[numbers.length] = num;
return new OBJECT_IDENTIFIER(nums);
}
/**
* Creates a new OBJECT_IDENTIFIER that is a sub-branch of this one.
* For example, if OBJECT_IDENTIFIER oid has the value
* { 1 3 5 6 },
* then calling oid.subBranch(new long[]{ 4, 3})
* would return a new
* OBJECT_IDENTIFIER with the value { 1 3 5 6 4 3}.
*
* @param newNums New numbers.
* @return New sub-branch.
*/
public OBJECT_IDENTIFIER subBranch(long[] newNums) {
long[] nums = new long[numbers.length + newNums.length];
System.arraycopy(numbers, 0, nums, 0, numbers.length);
System.arraycopy(newNums, 0, nums, numbers.length, newNums.length);
return new OBJECT_IDENTIFIER(nums);
}
@Override
public boolean equals(Object obj) {
if (obj == null || !(obj instanceof OBJECT_IDENTIFIER)) {
return false;
}
long[] nums = ((OBJECT_IDENTIFIER) obj).numbers;
if (nums.length != numbers.length) {
return false;
}
for (int i = 0; i < nums.length; i++) {
if (nums[i] != numbers[i]) {
return false;
}
}
return true;
}
@Override
public String toString() {
String ret = "{" + String.valueOf(numbers[0]);
for (int i = 1; i < numbers.length; i++) {
ret = ret + " " + numbers[i];
}
ret += "}";
return ret;
}
public String toDottedString() {
String ret = String.valueOf(numbers[0]);
for (int i = 1; i < numbers.length; i++) {
ret = ret + "." + numbers[i];
}
return ret;
}
@Override
public void encode(OutputStream ostream) throws IOException {
encode(TAG, ostream);
}
private byte[] encodedContents = null;
/**
* Gets the encoding of the contents, or a cached copy.
* Since the content encoding is the same regardless of the Tag,
* this only needs to be computed once.
*/
private byte[] getEncodedContents() {
if (encodedContents == null) {
encodedContents = computeEncodedContents();
}
return encodedContents;
}
// We cache our encoding for a given tag. 99% of the time, only
// one tag will be used for an instance, so we will get a cache hit.
// In the remaining 1%, we'll have to recompute the encoding.
byte[] cachedEncoding = null;
Tag tagForCache = null;
/**
* Returns the encoding for the given tag. If the encoding for
* this tag was previously computed (and no encoding for a different
* tag has since been computed), this method returns a cached copy.
* Otherwise, the encoding will be recomputed.
*/
private byte[] getEncoding(Tag tag) {
if (!tag.equals(tagForCache)) {
// recompute for new tag
ByteArrayOutputStream out = new ByteArrayOutputStream();
ASN1Header head = getHeader(tag);
try {
head.encode(out);
} catch (IOException e) {
throw new RuntimeException("Unable to encode ASN.1 header: " + e.getMessage(), e);
}
out.write(getEncodedContents(), 0, getEncodedContents().length);
tagForCache = tag;
cachedEncoding = out.toByteArray();
}
return cachedEncoding;
}
/**
* Compute the ASN1 header for this tag.
*/
private ASN1Header getHeader(Tag implicitTag) {
return new ASN1Header(implicitTag, FORM, getEncodedContents().length);
}
/**
* Actually computes the encoding of this object identifier.
*/
private byte[] computeEncodedContents() {
ByteArrayOutputStream out = new ByteArrayOutputStream();
// handle first number
assert (numbers.length >= 2);
long n = numbers[0];
assert (n == 0 || n == 1 || n == 2);
long outb = (numbers[0] * 40) + numbers[1];
assert (((byte) outb) == outb);
out.write((byte) outb);
// handle consecutive numbers
for (int i = 2; i < numbers.length; i++) {
n = numbers[i];
assert (n >= 0);
// array of output bytes, in reverse order. 10 bytes, at 7 bits
// per byte, is 70 bits, which is more than enough to handle
// the maximum value of a long, which takes up 63 bits.
byte[] rev = new byte[10];
int idx = 0; // index into reversed bytes
// Create reversed byte list
do {
rev[idx++] = (byte) (n % 128);
n = n / 128;
} while (n > 0);
idx--; // backup to point to last element
// now print them in reverse order
while (idx > 0) {
// all but last byte have MSB==1
out.write(rev[idx--] | 0x80);
}
assert (idx == 0);
// last byte has MSB==0
out.write(rev[0]);
}
return out.toByteArray();
}
@Override
public void encode(Tag implicitTag, OutputStream ostream)
throws IOException {
ostream.write(getEncoding(implicitTag));
}
private static final Template templateInstance = new Template();
public static Template getTemplate() {
return templateInstance;
}
///////////////////////////////////////////////////////////////////////
// OBJECT_IDENTIFIER.Template
//
public static class Template implements ASN1Template {
public Tag getTag() {
return OBJECT_IDENTIFIER.TAG;
}
@Override
public boolean tagMatch(Tag tag) {
return (tag.equals(OBJECT_IDENTIFIER.TAG));
}
public Form getForm() {
return OBJECT_IDENTIFIER.FORM;
}
public boolean formMatch(Form form) {
return (form == OBJECT_IDENTIFIER.FORM);
}
@Override
public ASN1Value decode(InputStream istream)
throws IOException, InvalidBERException {
return decode(getTag(), istream);
}
@Override
public ASN1Value decode(Tag implicitTag, InputStream istream)
throws IOException, InvalidBERException {
try {
ASN1Header head = new ASN1Header(istream);
long remainingContent = head.getContentLength();
// Check the information gleaned from the header
if (!head.getTag().equals(implicitTag)) {
throw new InvalidBERException("Incorrect tag for " +
"OBJECT IDENTIFIER: " + head.getTag());
}
if (head.getForm() != getForm()) {
throw new InvalidBERException("Incorrect form for OBJECT " +
"IDENTIFIER");
}
if (remainingContent < 1) {
throw new InvalidBERException("Invalid 0 length for OBJECT" +
" IDENTIFIER");
}
VectorVector.
* Null entries may be added; they will be skipped when encoded.
*/
public class SEQUENCE extends SET {
public static final Tag TAG = new Tag(Tag.Class.UNIVERSAL, 16);
@Override
public Tag getTag() {
return TAG;
}
public static Template getTemplate() {
return new Template();
}
/**
* Writes the DER encoding to the given output stream,
* using the given implicit tag.
*/
@Override
public void encode(Tag implicitTag, OutputStream ostream)
throws IOException {
BERencode(implicitTag, ostream);
}
// SET.Element and SEQUENCE.Element are identical types. We could
// have just reused SET.Element, but that would have been a bit
// confusing for users.
private static class Element extends SET.Element {
public Element(ASN1Value val) {
super(val);
}
public Element(Tag implicitTag, ASN1Value val) {
super(implicitTag, val);
}
}
/**
* A class for constructing a SEQUENCE from its BER encoding.
* It is an ordered collection of sub-templates. Each sub-template can be
* marked optional, or a default value can be given.
*/
public static class Template implements ASN1Template {
private Vector
* MySequence ::= SEQUENCE {
* item SubType,
* ... }
*
*
* the "item" element would be added to the MySequence template with:
*
*
* mySequence.addElement(new SubType.Template());
*
*
* @param t Sub-template.
*/
public void addElement(ASN1Template t) {
addElement(new Element(null, t, false));
}
/**
* Inserts the template at the given index.
*
* @param t Sub-template.
* @param index Index.
*/
public void insertElementAt(ASN1Template t, int index) {
insertElementAt(new Element(null, t, false), index);
}
/**
* Adds a sub-template to the end of this SEQUENCE template, with the
* given implicit tag. For example, if the ASN.1 were:
*
*
* MySequence ::= SEQUENCE {
* item [0] IMPLICIT SubType,
* ... }
*
*
* the "item" element would be added to the MySequence template with:
*
*
* mySequence.addElement(new Tag(0), new SubType.Template());
*
*
* @param implicitTag Implicit tag.
* @param t Sub-template.
*/
public void addElement(Tag implicitTag, ASN1Template t) {
addElement(new Element(implicitTag, t, false));
}
/**
* Inserts the template with the given implicit tag at the given index.
*
* @param implicit Implicit tag.
* @param t Sub-Template.
* @param index Index.
*/
public void insertElementAt(Tag implicit, ASN1Template t,
int index) {
insertElementAt(new Element(implicit, t, false), index);
}
/**
* Adds an optional sub-template. For example, if the ASN.1 were:
*
*
* MySequence ::= SEQUENCE {
* item SubType OPTIONAL,
* ... }
*
*
* the "item" element would be added to the MySequence template with:
*
*
* mySequence.addOptionalElement(new SubType.Template());
*
*
* @param t Optional sub-template.
*/
public void addOptionalElement(ASN1Template t) {
addElement(new Element(null, t, true));
}
/**
* Inserts the optional template at the given index.
*
* @param t Optional sub-template.
* @param index Index.
*/
public void insertOptionalElementAt(ASN1Template t, int index) {
insertElementAt(new Element(null, t, true), index);
}
/**
* Adds an optional sub-template with an implicit tag. For example,
* if the ASN.1 were:
*
*
* MySequence ::= SEQUENCE {
* item [0] IMPLICIT SubType OPTIONAL,
* ... }
*
*
* the "item" element would be added to the MySequence template with:
*
*
* mySequence.addOptionalElement(new SubType.Template());
*
*
* @param implicitTag Implicit tag.
* @param t Optional sub-template.
*/
public void addOptionalElement(Tag implicitTag, ASN1Template t) {
addElement(new Element(implicitTag, t, true));
}
/**
* Inserts the optional template with the given default
* value at the given index.
*
* @param implicit Implicit tag.
* @param t Optional sub-template.
* @param index Index.
*/
public void insertOptionalElementAt(Tag implicit, ASN1Template t,
int index) {
insertElementAt(new Element(implicit, t, true), index);
}
/**
* Adds a sub-template with a default value. For example,
* if the ASN.1 were:
*
*
* MySequence ::= SEQUENCE {
* version INTEGER DEFAULT 1,
* ... }
*
*
* the "item" element would be added to the MySequence template with:
*
*
* mySequence.addElement(new INTEGER.Template(), new INTEGER(1));
*
*
* @param t Sub-template.
* @param def The default value for this field, which will be used if
* no value is supplied by the encoded structure. It must be of
* the same type as what the template would produce.
*/
public void addElement(ASN1Template t, ASN1Value def) {
addElement(new Element(null, t, def));
}
/**
* Inserts the template with the given default
* value at the given index.
*
* @param t Sub-template.
* @param def Default value.
* @param index Index.
*/
public void insertElementAt(ASN1Template t, ASN1Value def, int index) {
insertElementAt(new Element(null, t, def), index);
}
/**
* Adds a sub-template with a default value and an implicit tag.
* For example, if the ASN.1 were:
*
*
* MySequence ::= SEQUENCE {
* version [0] IMPLICIT INTEGER DEFAULT 1,
* ... }
*
*
* the "item" element would be added to the MySequence template with:
*
*
* mySequence.addElement(new Tag(0), new INTEGER.Template(),
* new INTEGER(1));
*
*
* @param implicitTag Implicit tag.
* @param t Sub-template.
* @param def The default value for this field, which will be used if
* no value is supplied by the encoded structure. It must be of
* the same type as what the template would produce.
*/
public void addElement(Tag implicitTag, ASN1Template t, ASN1Value def) {
addElement(new Element(implicitTag, t, def));
}
/**
* Inserts the template with the given implicit tag and given default
* value at the given index.
*
* @param implicit Implicit tag.
* @param t Sub-template.
* @param def Default value.
* @param index Index.
*/
public void insertElementAt(Tag implicit, ASN1Template t, ASN1Value def,
int index) {
insertElementAt(new Element(implicit, t, def), index);
}
/**
* Returns the implicit tag of the item stored at the given index.
* May be NULL if no implicit tag was specified.
*
* @param index Index.
* @return Tag.
*/
public Tag implicitTagAt(int index) {
return elements.elementAt(index).getImplicitTag();
}
/**
* Returns the sub-template stored at the given index.
*
* @param index Index.
* @return Sub-template.
*/
public ASN1Template templateAt(int index) {
return elements.elementAt(index).getTemplate();
}
/**
* Returns whether the sub-template at the given index is optional.
*
* @param index Index.
* @return True if the sub-template is optional.
*/
public boolean isOptionalAt(int index) {
return elements.elementAt(index).isOptional();
}
/**
* Returns the default value for the sub-template at the given index.
* May return NULL if no default value was specified.
*
* @param index Index.
* @return Default value.
*/
public ASN1Value defaultAt(int index) {
return elements.elementAt(index).getDefault();
}
/**
* @return The number of elements in this SEQUENCE template.
*/
public int size() {
return elements.size();
}
/**
* Removes all sub-templates from this SEQUENCE template.
*/
public void removeAllElements() {
elements.removeAllElements();
}
/**
* Removes the sub-template at the given index.
*
* @param index Index.
*/
public void removeElementAt(int index) {
elements.removeElementAt(index);
}
Tag getTag() {
return SEQUENCE.TAG;
}
@Override
public boolean tagMatch(Tag tag) {
return (tag.equals(SEQUENCE.TAG));
}
/**
* Decodes a SEQUENCE from its BER encoding.
*
* @param istream Input stream.
*/
@Override
public ASN1Value decode(InputStream istream)
throws IOException, InvalidBERException {
return decode(getTag(), istream);
}
/**
* Decodes a SEQUENCE from its BER encoding, where the SEQUENCE itself has
* an implicit tag.
*
* @param tag Tag.
* @param istream Input stream.
*/
@Override
public ASN1Value decode(Tag tag, InputStream istream)
throws IOException, InvalidBERException {
int index = 0;
try {
ASN1Header header = new ASN1Header(istream);
header.validate(tag, Form.CONSTRUCTED);
// will be -1 for indefinite encoding
long remainingContent = header.getContentLength();
boolean repeatableElement = false;
SEQUENCE seq = new SEQUENCE();
ASN1Header lookAhead = null;
// go through the whole template
for (index = 0; index < size(); index++) {
// find out about the next item
if (remainingContent == 0) {
lookAhead = null;
} else {
// remainingContent > 0 or remainingContent == -1, which means
// indefinite encoding.
lookAhead = ASN1Header.lookAhead(istream);
}
// skip over items that don't match. Hopefully they are
// optional or have a default. Otherwise, it's an error.
Element e = elements.elementAt(index);
if ((lookAhead == null) || lookAhead.isEOC() ||
!e.tagMatch(lookAhead.getTag())) {
if (e.isRepeatable()) {
repeatableElement = true;
} else if (e.isOptional()) {
// put an empty entry into the SEQUENCE
SEQUENCE.Element se = new SEQUENCE.Element(null, null);
seq.addElement(null);
} else if (e.getDefault() != null) {
// use the default
seq.addElement(e.getDefault());
} else {
String tagDesc;
if (lookAhead == null) {
tagDesc = "(null)";
} else {
tagDesc = lookAhead.getTag().toString();
}
throw new InvalidBERException("Missing item #" + index +
": found " + tagDesc);
}
continue;
}
// Decode this element
ASN1Template t = e.getTemplate();
ASN1Value val;
try (CountingStream countstream = new CountingStream(istream)) {
if (e.getImplicitTag() == null) {
val = t.decode(countstream);
} else {
val = t.decode(e.getImplicitTag(), countstream);
}
// Decrement remaining count
long len = countstream.getNumRead();
if (remainingContent != -1) {
if (remainingContent < len) {
// this item went past the end of the SEQUENCE
throw new InvalidBERException("Item went " +
(len - remainingContent) + " bytes past the end of" +
" the SEQUENCE");
}
remainingContent -= len;
}
}
// Store this element in the SEQUENCE
if (e.producesOutput()) {
if (e.getImplicitTag() == null) {
// no implicit tag
seq.addElement(val);
} else {
// there is an implicit tag
seq.addElement(e.getImplicitTag(), val);
}
}
// If this element is repeatable, don't go on to the next element
if (e.isRepeatable()) {
repeatableElement = true;
index--;
}
}
if (remainingContent > 0) {
throw new InvalidBERException("SEQUENCE is " + remainingContent +
" bytes longer than expected");
}
assert (remainingContent == 0 || remainingContent == -1);
// If this was indefinite-length encoding, consume the end-of-contents
if (remainingContent == -1) {
lookAhead = new ASN1Header(istream);
if (!lookAhead.isEOC()) {
throw new InvalidBERException("No end-of-contents marker");
}
}
// Make sure we stayed in sync
if (!repeatableElement) {
assert (index == seq.size());
}
return seq;
} catch (InvalidBERException e) {
e.append("SEQUENCE(item #" + index + ")");
throw e;
}
}
/**
* An element of a SEQUENCE template. For each sub-template, contains the
* template, its optionality, its implicit tag, and its default value.
*/
static class Element {
/**
* Creates a new element, which may or may not be optional.
*
* @param implicitTag Implicit tag.
* @param type Type.
* @param optional Optional.
*/
public Element(Tag implicitTag, ASN1Template type, boolean optional) {
this(implicitTag, type, optional, true);
}
/**
* Creates a new element, which may or may not be optional.
*
* @param implicitTag Implicit tag.
* @param type Type.
* @param optional Optional.
* @param doesProduceOutput True if produces output.
*/
public Element(Tag implicitTag, ASN1Template type, boolean optional,
boolean doesProduceOutput) {
this.type = type;
defaultVal = null;
this.optional = optional;
this.implicitTag = implicitTag;
this.doesProduceOutput = doesProduceOutput;
}
/**
* Creates a new element with a default value.
*
* @param implicitTag Implicit tag.
* @param type Type.
* @param defaultVal Default value.
*/
public Element(Tag implicitTag, ASN1Template type, ASN1Value defaultVal) {
this.type = type;
this.defaultVal = defaultVal;
optional = false;
this.implicitTag = implicitTag;
}
private boolean doesProduceOutput = true;
boolean producesOutput() {
return doesProduceOutput;
}
// repeatability is provided to allow for SEQUENCE OF SIZE
// constructs. It is package private.
private boolean repeatable;
void makeRepeatable() {
repeatable = true;
}
boolean isRepeatable() {
return repeatable;
}
private boolean optional;
public boolean isOptional() {
return optional;
}
private Tag implicitTag = null;
public Tag getImplicitTag() {
return implicitTag;
}
public boolean tagMatch(Tag tag) {
if (implicitTag != null) {
return (implicitTag.equals(tag));
} else {
return type.tagMatch(tag);
}
}
private ASN1Template type;
public ASN1Template getTemplate() {
return type;
}
private ASN1Value defaultVal = null;
public ASN1Value getDefault() {
return defaultVal;
}
}
} // End of SEQUENCE.Template
/**
* A Template for decoding SEQUENCE OF values. The main difference between
* a SEQUENCE.Template and a SEQUENCE.OF_Template is that a regular template
* specifies the exact ordering, number, and type of elements of the sequence,
* while
* an OF_Template has an indefinite number of elements, all the same type.
* For example, given:
*
*
* MyType ::= SEQUENCE OF Extension
*
*
* a MyType could be decoded with:
*
*
* SEQUENCE.OF_Template myTypeTemplate = new SEQUENCE.OF_Template( new
* Extension.Template) );
* SEQUENCE seq = (SEQUENCE) myTypeTemplate.decode(someInputStream);
*
*
* The number of Extensions actually decoded could be found
* with seq.size().
*/
public static class OF_Template implements ASN1Template {
private OF_Template() {
}
Template template; // a normal SEQUENCE template
public OF_Template(ASN1Template type) {
template = new Template();
Template.Element el = new Template.Element(null, type, true); //optional
el.makeRepeatable();
template.addElement(el);
}
public static OF_Template makeOutputlessOFTemplate(ASN1Template type) {
OF_Template t = new OF_Template();
t.template = new Template();
Template.Element el = new Template.Element(null, type, true, false);
el.makeRepeatable();
t.template.addElement(el);
return t;
}
@Override
public boolean tagMatch(Tag tag) {
return TAG.equals(tag);
}
/**
* Decodes a SEQUENCE OF from an input stream.
*/
@Override
public ASN1Value decode(InputStream istream)
throws IOException, InvalidBERException {
return template.decode(istream);
}
/**
* Decodes a SEQUENCE OF with an implicit tag from an input stream.
*/
@Override
public ASN1Value decode(Tag implicitTag, InputStream istream)
throws IOException, InvalidBERException {
return template.decode(implicitTag, istream);
}
}
public static void main(String args[]) {
try {
if (args.length > 0) {
// input
Template type = new Template();
type.addOptionalElement(new Tag(15), new INTEGER.Template());
type.addElement(new Tag(16), new INTEGER.Template(),
new INTEGER(42));
type.addElement(new INTEGER.Template());
type.addElement(new BOOLEAN.Template());
type.addElement(new INTEGER.Template());
type.addOptionalElement(new Tag(12), new INTEGER.Template());
type.addElement(new BOOLEAN.Template());
type.addElement(new Tag(13), new INTEGER.Template(),
new INTEGER(53));
type.addElement(new INTEGER.Template());
type.addElement(new INTEGER.Template());
type.addOptionalElement(new Tag(14), new INTEGER.Template());
type.addElement(new OBJECT_IDENTIFIER.Template());
type.addElement(new NULL.Template());
type.addElement(new EXPLICIT.Template(
new Tag(27), new INTEGER.Template()));
type.addElement(new ENUMERATED.Template());
type.addElement(new OCTET_STRING.Template());
type.addElement(new IA5String.Template());
CHOICE.Template choice = new CHOICE.Template();
choice.addElement(new Tag(23), new INTEGER.Template());
choice.addElement(new BOOLEAN.Template());
type.addElement(choice);
type.addElement(new BIT_STRING.Template());
type.addElement(new ANY.Template());
type.addElement(new PrintableString.Template());
type.addElement(new OF_Template(new INTEGER.Template()));
type.addElement(new OF_Template(new INTEGER.Template()));
byte[] stuff;
try (FileInputStream fin = new FileInputStream(args[0])) {
System.out.println("Available: " + fin.available());
stuff = new byte[fin.available()];
ASN1Util.readFully(stuff, fin);
}
SEQUENCE s = null;
for (int i = 0; i < 1; i++) {
s = (SEQUENCE) type.decode(new ByteArrayInputStream(stuff));
}
for (int i = 0; i < s.size(); i++) {
ASN1Value v = s.elementAt(i);
if (v instanceof ENUMERATED) {
ENUMERATED en = (ENUMERATED) v;
System.out.println("ENUMERATED: " + en);
} else if (v instanceof INTEGER) {
INTEGER in = (INTEGER) v;
System.out.println("INTEGER: " + in);
} else if (v instanceof BOOLEAN) {
BOOLEAN bo = (BOOLEAN) v;
System.out.println("BOOLEAN: " + bo);
} else if (v instanceof OBJECT_IDENTIFIER) {
OBJECT_IDENTIFIER oid = (OBJECT_IDENTIFIER) v;
System.out.println("OID: " + oid);
} else if (v instanceof NULL) {
NULL n = (NULL) v;
System.out.println("NULL");
} else if (v instanceof EXPLICIT) {
EXPLICIT ex = (EXPLICIT) v;
INTEGER in = (INTEGER) ex.getContent();
System.out.println("EXPLICIT [" + ex.getTag() + "]: " +
"INTEGER: " + in);
} else if (v instanceof OCTET_STRING) {
OCTET_STRING os = (OCTET_STRING) v;
byte[] bytes = os.toByteArray();
System.out.print("OCTET_STRING: ");
for (int j = 0; j < bytes.length; j++) {
System.out.print(bytes[j] + " ");
}
System.out.println("");
} else if (v instanceof CharacterString) {
CharacterString cs = (CharacterString) v;
System.out.println("String: " + cs);
} else if (v instanceof BIT_STRING) {
BIT_STRING bs = (BIT_STRING) v;
System.out.print("BIT_STRING: padCount=" +
bs.getPadCount() + " : ");
byte[] bits = bs.getBits();
for (int j = 0; j < bits.length; j++) {
System.out.print(bits[j] + " ");
}
System.out.println("");
} else if (v instanceof ANY) {
ANY any = (ANY) v;
Tag tag = any.getTag();
System.out.println("Got ANY, tag is " + tag);
ByteArrayInputStream bos = new ByteArrayInputStream(any.getEncoded());
INTEGER in = (INTEGER) new INTEGER.Template().decode(bos);
System.out.println(" INTEGER: " + in);
} else if (v instanceof SEQUENCE) {
SEQUENCE seq = (SEQUENCE) v;
System.out.println("SEQUENCE: ");
for (int j = 0; j < seq.size(); j++) {
INTEGER in = (INTEGER) seq.elementAt(j);
System.out.println(" INTEGER: " + in);
}
} else {
System.out.println("Unknown value");
}
}
} else {
// output
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(5));
seq.addElement(new BOOLEAN(true));
seq.addElement(new INTEGER(-322));
seq.addElement(new BOOLEAN(false));
seq.addElement(new INTEGER(0));
seq.addElement(new INTEGER("2934293834242"));
seq.addElement(new OBJECT_IDENTIFIER(
new long[] { 1, 2, 127, 563, 1231982 }));
seq.addElement(new NULL());
seq.addElement(new EXPLICIT(new Tag(27), new INTEGER(39)));
seq.addElement(new ENUMERATED(983));
seq.addElement(new OCTET_STRING(new byte[] {
(byte) 0x0, (byte) 0xff, (byte) 0xcc }));
seq.addElement(new IA5String("foobar"));
seq.addElement(new Tag(23), new INTEGER(234));
//seq.addElement( new BOOLEAN(false) );
byte[] bits = new byte[] { (byte) 0x80, (byte) 0xff, (byte) 0x0f };
seq.addElement(new BIT_STRING(bits, 3));
seq.addElement(new INTEGER(82734));
seq.addElement(new PrintableString("I'm printable??"));
SEQUENCE nested = new SEQUENCE();
nested.addElement(new INTEGER(5));
nested.addElement(new INTEGER(6));
seq.addElement(nested);
nested = new SEQUENCE();
seq.addElement(nested);
seq.encode(System.out);
System.out.flush();
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/SET.java�����������������������������������������������0000664�0000000�0000000�00000076250�14125500636�0022160�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.io.BufferedInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Vector;
/**
* An ASN.1 SET, which is an unordered collection of ASN.1 values.
* It has an interface like a Java Vector, but the ordering is arbitrary.
* Null entries may be added; they will be skipped when encoding.
*/
public class SET implements ASN1Value {
public static final Tag TAG = new Tag(Tag.Class.UNIVERSAL, 17);
@Override
public Tag getTag() {
return TAG;
}
protected static final Form FORM = Form.CONSTRUCTED;
// The elements of the set
protected Vector
* MyType ::= SET {
* item [0] IMPLICIT INTEGER,
* ... }
*
*
* then the "item" element could be added (with a sample value of 45)
* to the SET with:
*
*
* myTypeInstance.addElement(new Tag(0), new INTEGER(45));
*
*
* @param implicitTag Implicit tag.
* @param v Element.
*/
public void addElement(Tag implicitTag, ASN1Value v) {
addElement(new Element(implicitTag, v));
}
/**
* Inserts an element at the given index.
*
* @param v Element.
* @param index Index.
*/
public void insertElementAt(ASN1Value v, int index) {
insertElementAt(new Element(v), index);
}
/**
* Inserts an element with the given implicit tag at the given index.
*
* @param implicitTag Implicit tag.
* @param v Element.
* @param index Index.
*/
public void insertElementAt(Tag implicitTag, ASN1Value v, int index) {
insertElementAt(new Element(implicitTag, v), index);
}
/**
* Returns the element at the given index in the SET.
*
* @param index Index.
* @return Element.
*/
public ASN1Value elementAt(int index) {
return elements.elementAt(index).getValue();
}
/**
* Returns the tag of the element at the given index. If the element
* has an implicit tag, that is returned. Otherwise, the tag of the
* underlying type is returned.
*
* @param index Index.
* @return Tag.
*/
public Tag tagAt(int index) {
Tag implicit = elements.elementAt(index).getImplicitTag();
if (implicit != null) {
return implicit;
} else {
return elementAt(index).getTag();
}
}
/**
* Returns the element with the given Tag, or null if no element exists
* with the given tag.
*
* @param tag Tag.
* @return Element.
*/
public ASN1Value elementWithTag(Tag tag) {
// hmmm...linear search for now, should use hashtable later
int size = elements.size();
for (int i = 0; i < size; i++) {
Element e = elements.elementAt(i);
if (e.getTag().equals(tag)) {
return e.getValue();
}
}
return null;
}
/**
* @return The number of elements in this SET.
*/
public int size() {
return elements.size();
}
/**
* Removes all elements from this SET.
*/
public void removeAllElements() {
elements.removeAllElements();
}
/**
* Removes the element from the specified index.
*
* @param index Index.
*/
public void removeElementAt(int index) {
elements.removeElementAt(index);
}
/**
* Writes the DER encoding to the given output stream.
*
* @param ostream Output stream.
*/
@Override
public void encode(OutputStream ostream)
throws IOException {
encode(getTag(), ostream);
}
/**
* Writes the DER encoding to the given output stream,
* using the given implicit tag. To satisfy DER encoding rules,
* the elements will be re-ordered either by tag or lexicographically.
*
* @param implicitTag Implicit tag.
* @param ostream Output stream.
*/
@Override
public void encode(Tag implicitTag, OutputStream ostream)
throws IOException {
// what ordering method?
boolean lexOrdering;
if (elements.size() < 2) {
// doesn't matter, only one element
lexOrdering = true;
} else if (tagAt(0).equals(tagAt(1))) {
// tags are the same, lexicographic ordering
lexOrdering = true;
} else {
// tags are different, order by tag
lexOrdering = false;
}
// compute and order contents
int numElements = elements.size();
int totalBytes = 0;
Vector
* MySet ::= SET {
* item SubType,
* ... }
*
*
* the "item" element would be added to the MySet template with:
*
*
* mySet.addElement(new SubType.Template());
*
*
* @param t Sub-template.
*/
public void addElement(ASN1Template t) {
addElement(new Element(TAG, t, false));
}
/**
* Inserts the template at the given index.
*
* @param t Sub-template.
* @param index Index.
*/
public void insertElementAt(ASN1Template t, int index) {
insertElementAt(new Element(TAG, t, false), index);
}
/**
* Adds a sub-template with the given implicit tag to the end of this
* SET template. For example, if the ASN.1 included:
*
*
* MySet ::= SET {
* item [0] IMPLICIT SubType,
* ... }
*
*
* the "item" element would be added to the MySet template with:
*
*
* mySet.addElement(new Tag(0), new SubType.Template());
*
*
* @param implicit Implicit tag.
* @param t Sub-template.
*/
public void addElement(Tag implicit, ASN1Template t) {
addElement(new Element(implicit, t, false));
}
/**
* Inserts the template with the given implicit tag at the given index.
*
* @param implicit Implicit tag.
* @param t Sub-template.
* @param index Index.
*/
public void insertElementAt(Tag implicit, ASN1Template t,
int index) {
insertElementAt(new Element(implicit, t, false), index);
}
/**
* Adds an optional sub-template to the end
* of this SET template. For example, if the ASN.1 included:
*
*
* MySet ::= SET {
* item SubType OPTIONAL,
* ... }
*
*
* the "item" element would be added to the MySet template with:
*
*
* mySet.addOptionalElement(new SubType.Template());
*
*
* @param t Optional sub-template.
*/
public void addOptionalElement(ASN1Template t) {
addElement(new Element(TAG, t, true));
}
/**
* Inserts the optional template at the given index.
*
* @param t Optional sub-template.
* @param index Index.
*/
public void insertOptionalElementAt(ASN1Template t, int index) {
insertElementAt(new Element(null, t, true), index);
}
/**
* Adds an optional sub-template with the given implicit tag to the end
* of this SET template. For example, if the ASN.1 included:
*
*
* MySet ::= SET {
* item [0] IMPLICIT SubType OPTIONAL,
* ... }
*
*
* the "item" element would be added to the MySet template with:
*
*
* mySet.addOptionalElement(new Tag(0), new SubType.Template());
*
*
* @param implicit Implicit tag.
* @param t Optional sub-template.
*/
public void addOptionalElement(Tag implicit, ASN1Template t) {
addElement(new Element(implicit, t, true));
}
/**
* Inserts the optional template with the given default
* value at the given index.
*
* @param implicit Implicit tag.
* @param t Optional sub-template.
* @param index Index.
*/
public void insertOptionalElementAt(Tag implicit, ASN1Template t,
int index) {
insertElementAt(new Element(implicit, t, true), index);
}
/**
* Adds a sub-template with the given default value to the end
* of this SET template. For example, if the ASN.1 included:
*
*
* MySet ::= SET {
* item INTEGER DEFAULT (5),
* ... }
*
*
* the "item" element would be added to the MySet template with:
*
*
* mySet.addElement(new SubType.Template(), new INTEGER(5));
*
*
* @param t Sub-template.
* @param def Default value.
*/
public void addElement(ASN1Template t, ASN1Value def) {
addElement(new Element(TAG, t, def));
}
/**
* Inserts the template with the given default
* value at the given index.
*
* @param t Sub-template.
* @param def Default value.
* @param index Index.
*/
public void insertElementAt(ASN1Template t, ASN1Value def, int index) {
insertElementAt(new Element(null, t, def), index);
}
/**
* Adds a sub-template with the given default value and implicit tag to
* the end of this SET template. For example, if the ASN.1 included:
*
*
* MySet ::= SET {
* item [0] IMPLICIT INTEGER DEFAULT (5),
* ... }
*
*
* the "item" element would be added to the MySet template with:
*
*
* mySet.addElement(new Tag(0), new SubType.Template(), new INTEGER(5));
*
*
* @param implicit Implicit tag.
* @param t Sub-template.
* @param def Default value.
*/
public void addElement(Tag implicit, ASN1Template t, ASN1Value def) {
addElement(new Element(implicit, t, def));
}
/**
* Inserts the template with the given implicit tag and given default
* value at the given index.
*
* @param implicit Implicit tag.
* @param t Sub-template.
* @param def Default value.
* @param index Index.
*/
public void insertElementAt(Tag implicit, ASN1Template t, ASN1Value def,
int index) {
insertElementAt(new Element(implicit, t, def), index);
}
/**
* Returns the implicit tag of the item stored at the given index.
* May be NULL if no implicit tag was specified.
*
* @param index Index.
* @return Implicit tag.
*/
public Tag implicitTagAt(int index) {
return elements.elementAt(index).getImplicitTag();
}
/**
* Returns the sub-template stored at the given index.
*
* @param index Index.
* @return Sub-template.
*/
public ASN1Template templateAt(int index) {
return elements.elementAt(index).getTemplate();
}
/**
* Returns true if the sub-template at the given index
* is optional.
*
* @param index Index.
* @return True if sub-template is optional.
*/
public boolean isOptionalAt(int index) {
return elements.elementAt(index).isOptional();
}
private boolean isRepeatableAt(int index) {
return elements.elementAt(index).isRepeatable();
}
/**
* Returns the default value for the sub-template at the given index.
* May return NULL if no default value was specified.
*
* @param index Index.
* @return Default value.
*/
public ASN1Value defaultAt(int index) {
return elements.elementAt(index).getDefault();
}
/**
* @return The number of elements in the SET.
*/
public int size() {
return elements.size();
}
public void removeAllElements() {
elements.removeAllElements();
}
public void removeElementAt(int index) {
elements.removeElementAt(index);
}
private Tag getTag() {
return SET.TAG;
}
/**
* Determines whether the given tag satisfies this template.
*
* @param tag Tag.
* @return True if tag satisfies this template.
*/
@Override
public boolean tagMatch(Tag tag) {
return (tag.equals(SET.TAG));
}
/**
* Decodes the input stream into a SET value.
*
* @param istream Input stream.
* @return Decoded SET value.
*/
@Override
public ASN1Value decode(InputStream istream)
throws IOException, InvalidBERException {
return decode(getTag(), istream);
}
/**
* Decodes the input stream into a SET value with the given implicit
* tag.
*
* @param tag Implicit tag.
* @param istream Input stream.
* @return Decoded SET value.
*/
@Override
public ASN1Value decode(Tag tag, InputStream istream)
throws IOException, InvalidBERException {
try {
ASN1Header header = new ASN1Header(istream);
header.validate(tag, Form.CONSTRUCTED);
// remainingContent will be -1 for indefinite length encoding
long remainingContent = header.getContentLength();
SET set = new SET();
ASN1Header lookAhead;
boolean[] found = new boolean[elements.size()];
// while content remains, try to decode it
while (remainingContent > 0 || remainingContent == -1) {
// find out about the next item
lookAhead = ASN1Header.lookAhead(istream);
// if we found the end-of-content marker, we're done
if (lookAhead.isEOC()) {
if (remainingContent != -1) {
throw new InvalidBERException("Unexpected end-of-content" +
"marker");
}
lookAhead = new ASN1Header(istream);
break;
}
// Find the element with the matching tag
int index = findElementByTag(lookAhead.getTag());
if (index == -1) {
// element not found
throw new InvalidBERException("Unexpected Tag in SET: " +
lookAhead.getTag());
}
Element e = elements.elementAt(index);
if (found[index] && !e.isRepeatable()) {
// element already found, and it's not repeatable
throw new InvalidBERException("Duplicate Tag in SET: " +
lookAhead.getTag());
}
// mark this element as found
found[index] = true;
// Decode this element
ASN1Template t = e.getTemplate();
ASN1Value val;
try (CountingStream countstream = new CountingStream(istream)) {
if (e.getImplicitTag() == null) {
val = t.decode(countstream);
} else {
val = t.decode(e.getImplicitTag(), countstream);
}
// Decrement remaining count
long len = countstream.getNumRead();
if (remainingContent != -1) {
if (remainingContent < len) {
// this item went past the end of the SET
throw new InvalidBERException("Item went " +
(len - remainingContent) + " bytes past the end of" +
" the SET");
}
remainingContent -= len;
}
}
// Store this element in the SET
SET.Element se;
if (e.getImplicitTag() == null) {
// no implicit tag
se = new SET.Element(val);
} else {
// there is an implicit tag
se = new SET.Element(e.getImplicitTag(), val);
}
set.addElement(se);
}
// We check for this after we read in each item, so this shouldn't
// happen
assert (remainingContent == 0 || remainingContent == -1);
// Deal with elements that weren't present.
int size = elements.size();
for (int i = 0; i < size; i++) {
if (!found[i]) {
if (isOptionalAt(i) || isRepeatableAt(i)) {
// no problem
} else if (defaultAt(i) != null) {
set.addElement(new SET.Element(defaultAt(i)));
} else {
throw new InvalidBERException("Field not found in SET");
}
}
}
return set;
} catch (InvalidBERException e) {
throw new InvalidBERException(e, "SET");
}
}
/**
* Returns the index in the vector of the type with this tag and class,
* or -1 if not found.
* lame linear search - but we're dealing with small numbers of elements,
* so it's probably not worth it to use a hashtable
*
* @param tag Tag.
*/
private int findElementByTag(Tag tag) {
int size = elements.size();
for (int i = 0; i < size; i++) {
Element e = elements.elementAt(i);
if (e.tagMatch(tag)) {
// match!
return i;
}
}
// no match
return -1;
}
/**
* An element of a SET template.
*/
public static class Element {
public Element(Tag implicitTag, ASN1Template type, boolean optional) {
this.type = type;
defaultVal = null;
this.optional = optional;
this.implicitTag = implicitTag;
}
public Element(Tag implicitTag, ASN1Template type, ASN1Value defaultVal) {
this.type = type;
this.defaultVal = defaultVal;
optional = false;
this.implicitTag = implicitTag;
}
// Repeatability is used for SET OF. It is package private.
private boolean repeatable;
void makeRepeatable() {
repeatable = true;
}
boolean isRepeatable() {
return repeatable;
}
private boolean optional;
public boolean isOptional() {
return optional;
}
private Tag implicitTag = null;
public Tag getImplicitTag() {
return implicitTag;
}
/**
* Determines whether the given tag satisfies this SET element.
*
* @param tag Tag.
* @return True if tag satisfies SET.
*/
public boolean tagMatch(Tag tag) {
if (implicitTag != null) {
return (implicitTag.equals(tag));
} else {
return type.tagMatch(tag);
}
}
private ASN1Template type;
/**
* @return The template for this element.
*/
public ASN1Template getTemplate() {
return type;
}
private ASN1Value defaultVal = null;
/**
* Returns the default value for this element, if one exists.
* Otherwise, returns null.
*
* @return Default value.
*/
public ASN1Value getDefault() {
return defaultVal;
}
}
} // End of SET.Template
/**
* A Template for decoding SET OF values.
* Use this if you have a SIZE qualifier on your SET OF.
* The SET will consume as many instances of type as it can, rather than
* stopping after the first one. This is equivalent to SIZE (0..MAX).
* If you need something more restrictive, you can look at what gets parsed
* and decide whether it's OK or not yourself.
*/
public static class OF_Template implements ASN1Template {
private Template template; // a normal SET template
/**
* Creates an OF_Template with the given type. For example:
*
*
* MySet ::= SET OF INTEGER;
*
*
* A MySet template would be constructed with:
*
*
* SET.OF_Template mySetTemplate = new SET.OF_Template(new INTEGER.Template());
*
*
* @param type Type.
*/
public OF_Template(ASN1Template type) {
template = new Template();
Template.Element el = new Template.Element(null, type, false);
el.makeRepeatable();
template.addElement(el);
}
@Override
public boolean tagMatch(Tag tag) {
return TAG.equals(tag);
}
/**
* Decodes a SET OF from its BER encoding.
*/
@Override
public ASN1Value decode(InputStream istream)
throws IOException, InvalidBERException {
return template.decode(istream);
}
/**
* Decodes a SET OF with an implicit tag from its BER
* encoding.
*/
@Override
public ASN1Value decode(Tag implicitTag, InputStream istream)
throws IOException, InvalidBERException {
return template.decode(implicitTag, istream);
}
}
// Test driver for SET
public static void main(String args[]) {
try {
if (args.length > 0) {
Template t = new SET.Template();
t.addElement(new Tag(0), new INTEGER.Template());
t.addElement(new Tag(3), new INTEGER.Template());
t.addOptionalElement(new Tag(4), new INTEGER.Template());
t.addElement(new Tag(5), new INTEGER.Template(), new INTEGER(67));
t.addElement(new Tag(29), new BOOLEAN.Template());
t.addElement(new Tag(30), new BOOLEAN.Template(), new BOOLEAN(false));
t.addElement(new Tag(1), new INTEGER.Template());
t.addElement(new Tag(2), new INTEGER.Template());
SET st;
FileInputStream fin = new FileInputStream(args[0]);
try (BufferedInputStream is = new BufferedInputStream(fin)) {
st = (SET) t.decode(is);
}
for (int i = 0; i < st.size(); i++) {
ASN1Value v = st.elementAt(i);
if (v instanceof INTEGER) {
INTEGER in = (INTEGER) st.elementAt(i);
System.out.println("INTEGER: " + in);
} else if (v instanceof BOOLEAN) {
BOOLEAN bo = (BOOLEAN) st.elementAt(i);
System.out.println("BOOLEAN: " + bo);
} else {
System.out.println("Unknown value");
}
}
} else {
SET s = new SET();
s.addElement(new Tag(0), new INTEGER(255));
s.addElement(new Tag(29), new BOOLEAN(true));
s.addElement(new Tag(1), new INTEGER(-322));
s.addElement(new Tag(2), new INTEGER(0));
s.addElement(new Tag(3), new INTEGER("623423948273"));
s.encode(System.out);
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/Tag.java�����������������������������������������������0000664�0000000�0000000�00000012062�14125500636�0022227�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
/**
* Represents an ASN.1 Tag. A tag consists of a class and a number.
*/
public class Tag {
private long num;
/**
* @return The tag number.
*/
public long getNum() {
return num;
}
private Class tClass;
/**
* @return The tag class.
*/
public Class getTagClass() {
return tClass;
}
/**
* A tag class.
*/
public static final Class UNIVERSAL = Class.UNIVERSAL;
/**
* A tag class.
*/
public static final Class APPLICATION = Class.APPLICATION;
/**
* A tag class.
*/
public static final Class CONTEXT_SPECIFIC = Class.CONTEXT_SPECIFIC;
/**
* A tag class.
*/
public static final Class PRIVATE = Class.PRIVATE;
/**
* The end-of-contents marker for indefinite length encoding.
* It is encoded the same as an ASN.1 header whose tag is [UNIVERSAL 0].
*/
public static final Tag END_OF_CONTENTS = new Tag(UNIVERSAL, 0);
/**
* An alias for END_OF_CONTENTS.
*/
public static final Tag EOC = END_OF_CONTENTS;
/**
* Creates a tag with the given class and number.
*
* @param clazz The class of the tag.
* @param num The tag number.
*/
public Tag(Class clazz, long num) {
tClass = clazz;
this.num = num;
}
/**
* Creates a CONTEXT-SPECIFIC tag with the given tag number.
*
* @param num The tag number.
*/
public Tag(long num) {
this(Class.CONTEXT_SPECIFIC, num);
}
///////////////////////////////////////////////////////////////////////
// Tag Instances
//
// Since grabbing a context-specific tag is a very common operation,
// let's make singletons of the most frequently used tags.
///////////////////////////////////////////////////////////////////////
private static final int numTagInstances = 10;
private static Tag tagInstances[] = new Tag[numTagInstances];
static {
for (int i = 0; i < numTagInstances; i++) {
tagInstances[i] = new Tag(i);
}
}
/**
* Returns an instance of a context-specific tag with the given number.
* The returned instance may be singleton. It is usually more efficient to
* call this method than create your own context-specific tag.
*
* @param num Number.
* @return Tag.
*/
public static Tag get(long num) {
if (num >= 0 && num < numTagInstances) {
return tagInstances[(int) num];
} else {
return new Tag(num);
}
}
@Override
public int hashCode() {
return (tClass.toInt() * 131) + (int) num;
}
/**
* Compares two tags for equality. Tags are equal if they have
* the same class and tag number.
*
* @param obj Tag.
* @return True if equal.
*/
@Override
public boolean equals(Object obj) {
if (obj == null) {
return false;
}
if (!(obj instanceof Tag)) {
return false;
}
Tag t = (Tag) obj;
if (num == t.num && tClass == t.tClass) {
return true;
} else {
return false;
}
}
/**
* Returns a String representation of the tag. For example, a tag
* whose class was UNIVERSAL and whose number was 16 would return
* "UNIVERSAL 16".
*/
@Override
public String toString() {
return tClass + " " + num;
}
/**
* An enumeration of the ASN.1 tag classes.
*/
public static class Class {
private Class() {
}
private Class(int enc, String name) {
encoding = enc;
this.name = name;
}
private int encoding;
private String name;
public static final Class UNIVERSAL = new Class(0, "UNIVERSAL");
public static final Class APPLICATION = new Class(1, "APPLICATION");
public static final Class CONTEXT_SPECIFIC = new Class(2, "CONTEXT-SPECIFIC");
public static final Class PRIVATE = new Class(3, "PRIVATE");
public int toInt() {
return encoding;
}
@Override
public String toString() {
return name;
}
/**
* @param i Tag encoding.
* @return Tag class.
* @exception InvalidBERException If the given int does not correspond
* to any tag class.
*/
public static Class fromInt(int i) throws InvalidBERException {
if (i == 0) {
return UNIVERSAL;
} else if (i == 1) {
return APPLICATION;
} else if (i == 2) {
return CONTEXT_SPECIFIC;
} else if (i == 3) {
return PRIVATE;
} else {
throw new InvalidBERException("Invalid tag class: " + i);
}
}
}
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/TeletexString.java�������������������������������������0000664�0000000�0000000�00000005430�14125500636�0024316�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.io.CharConversionException;
/**
* The ASN.1 type TeletexString.
*/
public class TeletexString extends CharacterString {
public static final Tag TAG = new Tag(Tag.UNIVERSAL, 20);
@Override
public Tag getTag() {
return TAG;
}
public TeletexString(char[] chars) throws CharConversionException {
super(chars);
}
public TeletexString(String s) throws CharConversionException {
super(s);
}
@Override
CharConverter getCharConverter() {
return new TeletexConverter();
}
/**
* Returns a singleton instance of the decoding template for this class.
*
* @return Template.
*/
public static Template getTemplate() {
return templateInstance;
}
private static final Template templateInstance = new Template();
// nested class
public static class Template
extends CharacterString.Template {
@Override
protected Tag getTag() {
return TAG;
}
@Override
public boolean tagMatch(Tag tag) {
return TAG.equals(tag);
}
@Override
protected CharConverter getCharConverter() {
return new TeletexConverter();
}
@Override
protected CharacterString generateInstance(char[] bytes)
throws CharConversionException {
return new TeletexString(bytes);
}
@Override
protected String typeName() {
return "TeletexString";
}
} // end of Template
private static class TeletexConverter implements CharConverter {
@Override
public char[] byteToChar(byte[] bytes, int offset, int len)
throws CharConversionException {
char[] chars = new char[len];
int b;
int c;
for (b = offset, c = 0; c < len; b++, c++) {
chars[c] = (char) (bytes[b] & 0xff);
}
return chars;
}
@Override
public byte[] charToByte(char[] chars, int offset, int len)
throws CharConversionException {
byte[] bytes = new byte[len];
int b;
int c;
for (b = 0, c = offset; b < len; b++, c++) {
if ((chars[c] & 0xff00) != 0) {
throw new CharConversionException("Invalid character for" +
" TeletexString");
}
bytes[b] = (byte) (chars[c] & 0xff);
}
return bytes;
}
}
}
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/TimeBase.java������������������������������������������0000664�0000000�0000000�00000022544�14125500636�0023213�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Calendar;
import java.util.Date;
import java.util.TimeZone;
public abstract class TimeBase implements ASN1Value {
public static final Form FORM = Form.PRIMITIVE;
@Override
abstract public Tag getTag();
private Date date;
public Date toDate() {
return date;
}
abstract protected boolean isUTC();
public TimeBase(Date date) {
this.date = date;
}
@Override
public void encode(OutputStream ostream) throws IOException {
encode(getTag(), ostream);
}
/**
* Write the DER-encoding of this TimeBase.
*/
@Override
public void encode(Tag implicit, OutputStream ostream) throws IOException {
if (isUTC()) {
// length will always be 13
(new ASN1Header(implicit, FORM, 13)).encode(ostream);
} else {
// length will always be 15
(new ASN1Header(implicit, FORM, 15)).encode(ostream);
}
int i = 0, val;
// DER-encoding mandates GMT time zone
Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("GMT"));
cal.setTime(date);
if (isUTC()) {
val = cal.get(Calendar.YEAR);
ostream.write(((val % 100) / 10) + '0');
ostream.write((val % 10) + '0');
} else {
val = cal.get(Calendar.YEAR);
ostream.write(((val % 10000) / 1000) + '0');
ostream.write(((val % 1000) / 100) + '0');
ostream.write(((val % 100) / 10) + '0');
ostream.write((val % 10) + '0');
}
val = cal.get(Calendar.MONTH) + 1;
assert (val >= 1 && val <= 12);
ostream.write((val / 10) + '0');
ostream.write((val % 10) + '0');
val = cal.get(Calendar.DAY_OF_MONTH);
assert (val >= 1 && val <= 31);
ostream.write((val / 10) + '0');
ostream.write((val % 10) + '0');
val = cal.get(Calendar.HOUR_OF_DAY);
assert (val >= 0 && val <= 23);
ostream.write((val / 10) + '0');
ostream.write((val % 10) + '0');
val = cal.get(Calendar.MINUTE);
assert (val >= 0 && val <= 59);
ostream.write((val / 10) + '0');
ostream.write((val % 10) + '0');
val = cal.get(Calendar.SECOND);
assert (val >= 0 && val <= 59);
ostream.write((val / 10) + '0');
ostream.write((val % 10) + '0');
ostream.write('Z');
}
public abstract static class Template {
protected abstract boolean isUTC();
protected abstract Tag getTag();
protected abstract TimeBase generateInstance(Date date);
public boolean tagMatch(Tag tag) {
return getTag().equals(tag);
}
public ASN1Value decode(InputStream istream)
throws IOException, InvalidBERException {
return decode(getTag(), istream);
}
public ASN1Value decode(Tag implicitTag, InputStream istream)
throws IOException, InvalidBERException {
PrintableString.Template pst = new PrintableString.Template();
PrintableString ps = (PrintableString) pst.decode(implicitTag, istream);
char[] chars = ps.toCharArray();
int i = 0;
int year, month, day, hour, minute, second, hourOff, minOff;
//////////////////////////////////////////
// Get year
//
if (isUTC()) {
checkBounds(i, 2, chars.length);
year = (chars[i] - '0') * 10;
year += chars[i + 1] - '0';
// Y2K HACK!!!!! But this is what the spec says to do.
// The range is 1970 to 2069
if (year < 70) {
year += 2000;
} else {
year += 1900;
}
i += 2;
} else {
checkBounds(i, 4, chars.length);
year = (chars[i] - '0') * 1000;
year += (chars[i + 1] - '0') * 100;
year += (chars[i + 2] - '0') * 10;
year += (chars[i + 3] - '0');
checkRange(year, 0, 9999, "year");
i += 4;
}
//////////////////////////////////////////
// get month
//
month = 0;
checkBounds(i, 2, chars.length);
month = (chars[i] - '0') * 10;
month += chars[i + 1] - '0';
checkRange(month, 1, 12, "month");
month--; // Java months start at 0
i += 2;
//////////////////////////////////////////
// get day
//
checkBounds(i, 2, chars.length);
day = (chars[i] - '0') * 10;
day += chars[i + 1] - '0';
checkRange(day, 1, 31, "day");
i += 2;
//////////////////////////////////////////
// get hour
//
checkBounds(i, 2, chars.length);
hour = (chars[i] - '0') * 10;
hour += chars[i + 1] - '0';
checkRange(hour, 0, 23, "hour");
i += 2;
//////////////////////////////////////////
// get minute
//
checkBounds(i, 2, chars.length);
minute = (chars[i] - '0') * 10;
minute += chars[i + 1] - '0';
checkRange(minute, 0, 59, "minute");
i += 2;
//////////////////////////////////////////
// get second, if it's there
//
if (i < chars.length && chars[i] >= '0' && chars[i] <= '9') {
checkBounds(i, 2, chars.length);
second = (chars[i] - '0') * 10;
second += chars[i + 1] - '0';
checkRange(second, 0, 59, "second");
i += 2;
} else {
second = 0;
}
//////////////////////////////////////////
// Skip milliseconds for GeneralizedTime. There are no
// milliseconds in UTCTime.
//
if (!isUTC()) {
while (i < chars.length &&
chars[i] != '+' &&
chars[i] != '-' &&
chars[i] != 'Z') {
i++;
}
}
//////////////////////////////////////////
// get time zone
//
TimeZone tz;
if (i < chars.length) {
checkBounds(i, 1, chars.length);
if (chars[i] == '+' || chars[i] == '-') {
checkBounds(i + 1, 4, chars.length);
hourOff = (chars[i + 1] - '0') * 10;
hourOff += chars[i + 2] - '0';
minOff = (chars[i + 3] - '0') * 10;
minOff += chars[i + 4] - '0';
checkRange(hourOff, 0, 23, "hour offset");
checkRange(minOff, 0, 59, "minute offset");
if (chars[i] == '-') {
hourOff = -hourOff;
minOff = -minOff;
}
i += 5;
tz = (TimeZone) TimeZone.getTimeZone("GMT").clone();
tz.setRawOffset(((hourOff * 60) + minOff) * 60 * 1000);
} else if (chars[i] == 'Z') {
i += 1;
hourOff = minOff = 0;
tz = (TimeZone) TimeZone.getTimeZone("GMT").clone();
} else {
throw new InvalidBERException("Invalid character " +
chars[i]);
}
} else {
if (isUTC()) {
// Only UTC requires timezone
throw new InvalidBERException("no timezone specified for" +
" UTCTime");
}
// No timezone specified, use local time.
// This is generally a bad idea, because who knows what the
// local timezone is? But the spec allows it.
tz = TimeZone.getDefault();
}
// make sure we ate all the characters, there were no stragglers
// at the end
if (i != chars.length) {
throw new InvalidBERException("Extra characters at end");
}
// Create a calendar object from the date and time zone.
Calendar cal = Calendar.getInstance(tz);
cal.set(year, month, day, hour, minute, second);
return generateInstance(cal.getTime());
}
private static void checkRange(int val, int low, int high, String field)
throws InvalidBERException {
if (val < low || val > high) {
throw new InvalidBERException("Invalid " + field);
}
}
private static void checkBounds(int index, int increment, int bound)
throws InvalidBERException {
if (index + increment > bound) {
throw new InvalidBERException("Too few characters in " +
"TimeBase");
}
}
}
}
������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/UTCTime.java�������������������������������������������0000664�0000000�0000000�00000002346�14125500636�0022772�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.util.Date;
public class UTCTime extends TimeBase {
public static final Tag TAG = new Tag(Tag.UNIVERSAL, 23);
@Override
public Tag getTag() {
return TAG;
}
public UTCTime(Date date) {
super(date);
}
@Override
protected boolean isUTC() {
return true;
}
private static final UTCTime.Template templateInstance = new UTCTime.Template();
public static UTCTime.Template getTemplate() {
return templateInstance;
}
public static class Template extends TimeBase.Template
implements ASN1Template {
@Override
protected Tag getTag() {
return TAG;
}
@Override
public boolean tagMatch(Tag tag) {
return TAG.equals(tag);
}
@Override
protected boolean isUTC() {
return true;
}
@Override
protected TimeBase generateInstance(Date date) {
return new UTCTime(date);
}
}
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/UTF8String.java����������������������������������������0000664�0000000�0000000�00000005655�14125500636�0023443�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.io.CharConversionException;
import java.io.UnsupportedEncodingException;
public class UTF8String extends CharacterString {
public UTF8String(char[] chars) throws CharConversionException {
super(chars);
}
public UTF8String(String s) throws CharConversionException {
super(s);
}
@Override
CharConverter getCharConverter() {
return new UTF8Converter();
}
public static final Tag TAG = new Tag(Tag.UNIVERSAL, 12);
public static final Form FORM = Form.PRIMITIVE;
@Override
public Tag getTag() {
return TAG;
}
private static final Template templateInstance = new Template();
/**
* Returns a singleton instance of UTF8String.Template. This is more
* efficient than creating a new UTF8String.Template.
*
* @return Template.
*/
public static Template getTemplate() {
return templateInstance;
}
// nested class
public static class Template
extends CharacterString.Template {
@Override
protected Tag getTag() {
return TAG;
}
@Override
public boolean tagMatch(Tag tag) {
return TAG.equals(tag);
}
@Override
protected CharConverter getCharConverter() {
return new UTF8Converter();
}
@Override
protected CharacterString generateInstance(char[] chars)
throws CharConversionException {
return new UTF8String(chars);
}
@Override
protected String typeName() {
return "UTF8String";
}
}
private static class UTF8Converter implements CharConverter {
@Override
public char[] byteToChar(byte[] bytes, int offset, int len)
throws CharConversionException {
try {
String s = new String(bytes, offset, len, "UTF8");
return s.toCharArray();
} catch (UnsupportedEncodingException e) {
String err = "Unable to find UTF8 encoding mechanism";
throw (CharConversionException) new CharConversionException(err).initCause(e);
}
}
@Override
public byte[] charToByte(char[] chars, int offset, int len)
throws CharConversionException {
try {
String s = new String(chars, offset, len);
return s.getBytes("UTF8");
} catch (UnsupportedEncodingException e) {
String err = "Unable to find UTF8 encoding mechanism";
throw (CharConversionException) new CharConversionException(err).initCause(e);
}
}
} // end of char converter
}
�����������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/UniversalString.java�����������������������������������0000664�0000000�0000000�00000015501�14125500636�0024654�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.asn1;
import java.io.ByteArrayOutputStream;
import java.io.CharArrayWriter;
import java.io.CharConversionException;
/**
* A UCS4 string.
*/
public class UniversalString extends CharacterString {
public static final Tag TAG = new Tag(Tag.UNIVERSAL, 28);
@Override
public Tag getTag() {
return TAG;
}
public UniversalString(char[] chars) throws CharConversionException {
super(chars);
}
public UniversalString(String s) throws CharConversionException {
super(s);
}
@Override
CharConverter getCharConverter() {
return new UniversalConverter();
}
/**
* Returns a singleton instance of the decoding template for this class.
*
* @return Template.
*/
public static Template getTemplate() {
return templateInstance;
}
private static final Template templateInstance = new Template();
// nested class
public static class Template
extends CharacterString.Template {
@Override
protected Tag getTag() {
return TAG;
}
@Override
public boolean tagMatch(Tag tag) {
return TAG.equals(tag);
}
@Override
protected CharConverter getCharConverter() {
return new UniversalConverter();
}
@Override
protected CharacterString generateInstance(char[] chars)
throws CharConversionException {
return new UniversalString(chars);
}
@Override
protected String typeName() {
return "UniversalString";
}
} // end of Template
/**
* A class for converting between Unicode and UCS4.
*/
private static class UniversalConverter implements CharConverter {
// This is the maximum a UCS4 character can be if it has
// straight Unicode inside it.
public static final int MAX_UNICODE = 0x0000ffff;
// This is the maximum a UCS4 character can be if it is UTF-16
// encoded. UTF-16 encoding allows UCS4 chars to be stored across
// two Unicode chars.
public static final int MAX_UTF16 = 0x0010ffff;
// This Unicode character is used to represent an unknown character
// in some other encoding. We use it for UCS4 characters that
// are not a part of normal Unicode and also cannot be encoded
// across two Unicode chars with UTF-16.
public static final char REPLACEMENT_CHAR = 0xfffd;
// This is the base for UCS4 characters that can be mapped with UTF16.
public static final int UTF16_BASE = 0x00100000;
// In UTF16 encoding, each Unicode character has 10 bits of
// information.
public static final int HALF_SHIFT = 10;
// The lowest 10 bits
public static final int HALF_MASK = 0x3ff;
public static final int UTF16_HIGH_START = 0xd800;
public static final int UTF16_HIGH_END = 0xdcff;
public static final int UTF16_LOW_START = 0xdc00;
public static final int UTF16_LOW_END = 0xdfff;
/**
* Turns big-endian UCS4 characters into Unicode Java characters
*/
@Override
public char[] byteToChar(byte[] bytes, int offset, int len)
throws CharConversionException {
// Each UCS4 character is 4 bytes. Most UCS4 characters will
// map to one Unicode character. The exception is UTF-16
// characters, which map to two Unicode characters.
CharArrayWriter out = new CharArrayWriter(len / 4);
int end = offset + len;
while (offset < end) {
// eat 4 bytes and make a UCS4 char
if (end - offset < 4) {
throw new CharConversionException("input exhausted");
}
int ucs4 = (bytes[offset++] & 0xff) << 24;
ucs4 += (bytes[offset++] & 0xff) << 16;
ucs4 += (bytes[offset++] & 0xff) << 8;
ucs4 += bytes[offset++] & 0xff;
// convert UCS4 to Unicode
if (ucs4 <= MAX_UNICODE) {
// Unicode is a subset of UCS4, and this char is
// in the common subset. Just chop off the unused top
// two bytes.
out.write(ucs4 & 0xffff);
} else if (ucs4 <= MAX_UTF16) {
// This UCS4 char is not in Unicode, but can be encoded
// into two Unicode chars using UTF16.
ucs4 -= UTF16_BASE;
out.write((ucs4 >>> HALF_SHIFT) + UTF16_HIGH_START);
out.write((ucs4 & HALF_MASK) + UTF16_LOW_START);
} else {
// This character is not in Unicode or UTF16. We can't
// provide a suitable translation, so use the Unicode
// replacement char.
out.write(REPLACEMENT_CHAR);
}
}
return out.toCharArray();
}
// Convert Unicode chars to UCS4 chars
@Override
public byte[] charToByte(char[] chars, int offset, int len)
throws CharConversionException {
ByteArrayOutputStream out = new ByteArrayOutputStream(len * 4);
int end = offset + len;
while (offset < end) {
char c = chars[offset++];
int ucs4;
if (c >= UTF16_HIGH_START && c <= UTF16_HIGH_END) {
// This is the beginning of a UTF16 char
if (offset == end) {
throw new CharConversionException("input exhausted");
}
char low = chars[offset++];
// make sure the next char is the low half of a UTF16 char
if (low < UTF16_LOW_START || low > UTF16_LOW_END) {
throw new CharConversionException("UTF16 high " +
"character not followed by a UTF16 low character");
}
ucs4 = UTF16_BASE;
ucs4 += (c - UTF16_HIGH_START) << HALF_SHIFT;
ucs4 += low - UTF16_LOW_START;
} else {
// this is a normal Unicode char
ucs4 = (c & 0x0000ffff);
}
out.write((ucs4 & 0xff000000) >>> 24);
out.write((ucs4 & 0x00ff0000) >>> 16);
out.write((ucs4 & 0x0000ff00) >>> 8);
out.write((ucs4 & 0x000000ff));
}
return out.toByteArray();
}
}
}
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/asn1/package.html�������������������������������������������0000664�0000000�0000000�00000000444�14125500636�0023133�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������
ASN.1 structures, BER decoding, and DER encoding.
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/�����������������������������������������������������0000775�0000000�0000000�00000000000�14125500636�0021326�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/Algorithm.c������������������������������������������0000664�0000000�0000000�00000030723�14125500636�0023425�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include null if this algorithm does not take any parameters.
* If the algorithm can accept more than one type of parameter,
* this method returns only one of them. It is better to call
* getParameterClasses().
*
* @return Parameter type.
* @deprecated Call getParameterClasses() instead.
*/
@Deprecated
public Class getParameterClass() {
if (parameterClasses.length == 0) {
return null;
} else {
return parameterClasses[0];
}
}
/**
* The types of parameter that this algorithm expects. Returns
* null if this algorithm does not take any parameters.
*
* @return Parameter types.
*/
public Class[] getParameterClasses() {
return parameterClasses.clone();
}
/**
* Validates if the given Object can be used as a parameter
* for this algorithm.
* null is passed in, this method will return true
* if this algorithm takes no parameters, and false
* if this algorithm does take parameters.
*
* @param o Object.
* @return Returns true if the given Object can be used as a parameter.
*/
public boolean isValidParameterObject(Object o) {
if (o == null) {
return (parameterClasses.length == 0);
}
if (parameterClasses.length == 0) {
return false;
}
Class c = o.getClass();
for (int i = 0; i < parameterClasses.length; ++i) {
if (c.equals(parameterClasses[i])) {
return true;
}
}
return false;
}
public PKCS11Algorithm getEnum() {
return PKCS11Algorithm.valueOfIndex(this.oidIndex);
}
/**
* Index into the SECOidTag array in Algorithm.c.
*/
protected int oidIndex;
String name;
protected OBJECT_IDENTIFIER oid;
private Class[] parameterClasses = new Class[0];
//////////////////////////////////////////////////////////////
// Algorithm OIDs
//////////////////////////////////////////////////////////////
static final OBJECT_IDENTIFIER ANSI_X9_ALGORITHM = new OBJECT_IDENTIFIER(new long[] { 1, 2, 840, 10040, 4 });
static final OBJECT_IDENTIFIER ANSI_X962_OID = new OBJECT_IDENTIFIER(new long[] { 1, 2, 840, 10045 });
// Algorithm indices. These must be kept in sync with the
// algorithm array in Algorithm.c. Any PKCS11 Algorithms must be added
// to the org.mozilla.jss.crypto.PKCS11Algorithm enum.
protected static final int SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION = 0;
protected static final int SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION = 1;
protected static final int SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION = 2;
protected static final int SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST = 3;
protected static final int SEC_OID_PKCS1_RSA_ENCRYPTION = 4;
protected static final int CKM_RSA_PKCS_KEY_PAIR_GEN = 5;
protected static final int CKM_DSA_KEY_PAIR_GEN = 6;
protected static final int SEC_OID_ANSIX9_DSA_SIGNATURE = 7;
protected static final int SEC_OID_RC4 = 8;
protected static final int SEC_OID_DES_ECB = 9;
protected static final int SEC_OID_DES_CBC = 10;
protected static final int CKM_DES_CBC_PAD = 11;
protected static final int CKM_DES3_ECB = 12;
protected static final int SEC_OID_DES_EDE3_CBC = 13;
protected static final int CKM_DES3_CBC_PAD = 14;
protected static final int CKM_DES_KEY_GEN = 15;
protected static final int CKM_DES3_KEY_GEN = 16;
protected static final int CKM_RC4_KEY_GEN = 17;
protected static final int SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC = 18;
protected static final int SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC = 19;
protected static final int SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC = 20;
protected static final int SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4 = 21;
protected static final int SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4 = 22;
protected static final int SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC = 23;
protected static final int SEC_OID_MD2 = 24;
protected static final int SEC_OID_MD5 = 25;
protected static final int SEC_OID_SHA1 = 26;
protected static final int CKM_SHA_1_HMAC = 27;
protected static final int SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC = 28;
protected static final int SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC = 29;
protected static final int SEC_OID_RC2_CBC = 30;
protected static final int CKM_PBA_SHA1_WITH_SHA1_HMAC = 31;
// AES
protected static final int CKM_AES_KEY_GEN = 32;
protected static final int CKM_AES_ECB = 33;
protected static final int CKM_AES_CBC = 34;
protected static final int CKM_AES_CBC_PAD = 35;
protected static final int CKM_RC2_CBC_PAD = 36;
protected static final int CKM_RC2_KEY_GEN = 37;
//FIPS 180-2
protected static final int SEC_OID_SHA256 = 38;
protected static final int SEC_OID_SHA384 = 39;
protected static final int SEC_OID_SHA512 = 40;
protected static final int SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION = 41;
protected static final int SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION = 42;
protected static final int SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION = 43;
protected static final int SEC_OID_ANSIX962_EC_PUBLIC_KEY = 44;
protected static final int SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE = 45;
protected static final int CKM_EC_KEY_PAIR_GEN = 46;
protected static final int SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE = 47;
protected static final int SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE = 48;
protected static final int SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE = 49;
protected static final int SEC_OID_HMAC_SHA256 = 50;
protected static final int SEC_OID_HMAC_SHA384 = 51;
protected static final int SEC_OID_HMAC_SHA512 = 52;
//PKCS5 V2
protected static final int SEC_OID_PKCS5_PBKDF2 = 53;
protected static final int SEC_OID_PKCS5_PBES2 = 54;
protected static final int SEC_OID_PKCS5_PBMAC1 = 55;
protected static final int SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST = 56;
// NSS AES KeyWrap
protected static final int CKM_NSS_AES_KEY_WRAP = 57;
protected static final int CKM_NSS_AES_KEY_WRAP_PAD = 58;
// AES Encryption Algorithms
protected static final int SEC_OID_AES_128_ECB = 59;
protected static final int SEC_OID_AES_128_CBC = 60;
protected static final int SEC_OID_AES_192_ECB = 61;
protected static final int SEC_OID_AES_192_CBC = 62;
protected static final int SEC_OID_AES_256_ECB = 63;
protected static final int SEC_OID_AES_256_CBC = 64;
// PKCS#11 AES KeyWrap
// These underlying defs are currently different from the NSS AES KeyWrap
protected static final int CKM_AES_KEY_WRAP = 65;
protected static final int CKM_AES_KEY_WRAP_PAD = 66;
// PKCS#11 SHA2 HMAC
protected static final int CKM_SHA256_HMAC = 67;
protected static final int CKM_SHA384_HMAC = 68;
protected static final int CKM_SHA512_HMAC = 69;
// PKCS#11 AES-CMAC
protected static final int CKM_AES_CMAC = 70;
// Generic Secret
protected static final int CKM_GENERIC_SECRET_KEY_GEN = 71;
// PKCS#11 NIST SP800-108 KBKDFs (including NSS variants)
protected static final int CKM_SP800_108_COUNTER_KDF = 72;
protected static final int CKM_SP800_108_FEEDBACK_KDF = 73;
protected static final int CKM_SP800_108_DOUBLE_PIPELINE_KDF = 74;
protected static final int CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA = 75;
protected static final int CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA = 76;
protected static final int CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA = 77;
// RSA-PSS
protected static final int SEC_OID_PKCS1_RSA_PSS_SIGNATURE = 78;
// RSA-OAEP
protected static final int CKM_RSA_PKCS_OAEP = 79;
// CKM_AES_KEY_WRAP_KWP for HSM support
protected static final int CKM_AES_KEY_WRAP_KWP = 80;
protected static final int SEC_OID_AES_128_KEY_WRAP_KWP = 81;
protected static final int SEC_OID_AES_192_KEY_WRAP_KWP = 82;
protected static final int SEC_OID_AES_256_KEY_WRAP_KWP = 83;
}
��������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/AlreadyInitializedException.java���������������������0000664�0000000�0000000�00000001631�14125500636�0027620�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
/**
* This exception is thrown if an initialization operation
* is attempted on something that is already initialized.
*/
public class AlreadyInitializedException extends java.lang.Exception {
private static final long serialVersionUID = 1L;
public AlreadyInitializedException() {}
public AlreadyInitializedException(String mesg) {
super(mesg);
}
public AlreadyInitializedException(String mesg, Throwable cause) {
super(mesg, cause);
}
public AlreadyInitializedException(String mesg, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
super(mesg, cause, enableSuppression, writableStackTrace);
}
}
�������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/BadPaddingException.java�����������������������������0000664�0000000�0000000�00000001076�14125500636�0026031�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
/**
* @deprecated Use javax.crypto.BadPaddingException.
*/
@Deprecated
public class BadPaddingException extends javax.crypto.BadPaddingException {
private static final long serialVersionUID = 1L;
public BadPaddingException() {
super();
}
public BadPaddingException(String mesg) {
super(mesg);
}
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/CMACAlgorithm.java�����������������������������������0000664�0000000�0000000�00000004671�14125500636�0024553�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
import java.security.NoSuchAlgorithmException;
import java.util.Hashtable;
import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
/**
* Algorithms for performing CMACs. These can be used to create
* MessageDigests.
*/
public class CMACAlgorithm extends DigestAlgorithm {
protected CMACAlgorithm(int oidIndex, String name, OBJECT_IDENTIFIER oid,
int outputSize) {
super(oidIndex, name, oid, outputSize);
if (oid != null && oidMap.get(oid) == null) {
oidMap.put(oid, this);
}
}
///////////////////////////////////////////////////////////////////////
// OID mapping
///////////////////////////////////////////////////////////////////////
private static Hashtableupdate. Finally,
* doFinal is called to finalize the operation. Note that
* it is not necessary to call update if all of the data is
* available at once. In this case, all of the input can be processed with one
* call to doFinal.
*/
public abstract class Cipher {
// Note: Cipher can't extend javax.crypto.Cipher because it is part of the
// provider mechanism. In particular, it isn't an abstract class, many of
// the methods are marked final, and it expects to instantiate a CipherSpi
// class instead of be directly created like things which override our
// Cipher class expect (e.g., PK11Cipher). This is why JSSCipherSpi exists.
/**
* Initializes a encryption context with a symmetric key.
*/
public abstract void initEncrypt(SymmetricKey key)
throws InvalidKeyException, InvalidAlgorithmParameterException,
TokenException;
/**
* Initializes a decryption context with a symmetric key.
*/
public abstract void initDecrypt(SymmetricKey key)
throws InvalidKeyException, InvalidAlgorithmParameterException,
TokenException;
/**
* Initializes an encryption context with a symmetric key and
* algorithm parameters.
*/
public abstract void
initEncrypt(SymmetricKey key, AlgorithmParameterSpec parameters)
throws InvalidKeyException, InvalidAlgorithmParameterException,
TokenException;
/**
* Initializes a decryption context with a symmetric key and
* algorithm parameters.
*/
public abstract void
initDecrypt(SymmetricKey key, AlgorithmParameterSpec parameters)
throws InvalidKeyException, InvalidAlgorithmParameterException,
TokenException;
/**
* Updates the encryption context with additional input.
* @param bytes Bytes of plaintext (if encrypting) or ciphertext (if
* decrypting).
* @return Bytes of ciphertext (if encrypting) or plaintext (if decrypting).
*/
public abstract byte[] update(byte[] bytes)
throws IllegalStateException, TokenException;
/**
* Updates the encryption context with additional plaintext.
* @param bytes Bytes of plaintext (if encrypting) or ciphertext (if
* decrypting).
* @param offset The index in bytes at which to begin reading.
* @param length The number of bytes from bytes to read.
* @return Bytes of ciphertext (if encrypting) or plaintext (if decrypting).
*/
public abstract byte[] update(byte[] bytes, int offset, int length)
throws IllegalStateException, TokenException;
/**
* Completes an cipher operation. This can be called directly after
* the context is initialized, or update may be called
* any number of times before calling final.
* @param bytes Bytes of plaintext (if encrypting) or ciphertext (if
* decrypting).
* @return The last of the output.
*/
public abstract byte[] doFinal(byte[] bytes)
throws IllegalStateException, IllegalBlockSizeException,
BadPaddingException, TokenException;
/**
* Completes an cipher operation.
* @param bytes Bytes of plaintext (if encrypting) or ciphertext (if
* decrypting).
* @param offset The index in bytes at which to begin reading.
* @param length The number of bytes from bytes to read.
* @return The last of the output.
*/
public abstract byte[] doFinal(byte[] bytes, int offset, int length)
throws IllegalStateException, IllegalBlockSizeException,
BadPaddingException, TokenException;
/**
* Completes an cipher operation.
* @return The last of the output.
*/
public abstract byte[] doFinal()
throws IllegalStateException, IllegalBlockSizeException,
BadPaddingException, TokenException;
/**
* Pads a byte array so that its length is a multiple of the given
* blocksize. The method of padding is the one defined in the RSA
* PKCS standards. If M is the length of the data and
* B is the block size, the padding string consists of
* B - (M mod B) octets, each having the value
* B - (M mod B).
* @param toBePadded The byte array to pad.
* @param blockSize The block size of the encryption algorithm. Must be greater
* than zero.
* @see #unPad
*/
public static byte[]
pad(byte[] toBePadded, int blockSize) {
assert(blockSize > 0);
// the padOctet is also the number of pad octets
byte padOctet = (byte) (blockSize - (toBePadded.length % blockSize));
byte[] padded = new byte[toBePadded.length + padOctet];
System.arraycopy(toBePadded, 0, padded, 0, toBePadded.length);
for(int i = toBePadded.length; i < padded.length; i++) {
padded[i] = padOctet;
}
return padded;
}
/**
* Un-pads a byte array that is padded with PKCS padding.
*
* @param blockSize The block size of the encryption algorithm. This
* is only used for error checking: if the pad size is not
* between 1 and blockSize, a BadPaddingException is thrown.
*
* @see #pad
*/
public static byte[]
unPad(byte[] padded, int blockSize) throws BadPaddingException {
if(padded.length == 0) {
return new byte[0];
}
if( padded.length < blockSize ) {
throw new BadPaddingException("Length of padded array is less than"+
" one block");
}
byte padOctet = padded[padded.length-1];
if(padOctet > blockSize) {
throw new BadPaddingException("Padding octet ("+padOctet+") is "+
"larger than block size ("+blockSize+")");
}
if(padOctet < 1) {
throw new BadPaddingException("Padding octet is less than 1");
}
byte[] unpadded = new byte[padded.length - padOctet];
System.arraycopy(padded, 0, unpadded, 0, unpadded.length);
return unpadded;
}
/**
* Un-pads a byte array that is padded with PKCS padding. Since
* this version does not take block size as a parameter, it cannot
* error check.
* @see #pad
*/
public static byte[]
unPad(byte[] padded) throws BadPaddingException {
if(padded.length == 0) {
return new byte[0];
}
byte padOctet = padded[padded.length-1];
if(padOctet < 1) {
throw new BadPaddingException("Padding octet is less than 1");
} else if(padOctet >= padded.length) {
throw new BadPaddingException("Padding is larger than entire"+
" array");
}
byte[] unpadded = new byte[padded.length - padOctet];
System.arraycopy(padded, 0, unpadded, 0, unpadded.length);
return unpadded;
}
}
�����������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/CryptoStore.java�������������������������������������0000664�0000000�0000000�00000015720�14125500636�0024473�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
import java.security.PublicKey;
import org.mozilla.jss.NotInitializedException;
import org.mozilla.jss.util.Password;
/**
* This is an interface for a permanent repository of cryptographic objects,
* such as keys, certs, and passwords.
*/
public interface CryptoStore {
////////////////////////////////////////////////////////////
// Private Keys
////////////////////////////////////////////////////////////
/**
* Imports a raw private key into this token (permanently).
*
* @param key The private key.
* @exception TokenException If the key cannot be imported to this token.
* @exception KeyAlreadyImportedException If the key already exists on this token.
*/
public PrivateKey
importPrivateKey( byte[] key,
PrivateKey.Type type )
throws TokenException, KeyAlreadyImportedException;
/**
* Imports a raw private key into this token.
*
* @param key The private key.
* @param temporary Whether the key should be temporary.
* @exception TokenException If the key cannot be imported to this token.
* @exception KeyAlreadyImportedException If the key already exists on this token.
*/
public PrivateKey
importPrivateKey( byte[] key,
PrivateKey.Type type, boolean temporary)
throws TokenException, KeyAlreadyImportedException;
/**
* Returns all private keys stored on this token.
*
* @return An array of all private keys stored on this token.
* @exception TokenException If an error occurs on the token while
* gathering the keys.
*/
public PrivateKey[] getPrivateKeys() throws TokenException;
/**
* Returns all public keys stored on this token.
*
* @return An array of all public keys stored on this token.
* @exception TokenException If an error occurs on the token while
* gathering the keys.
*/
public PublicKey[] getPublicKeys() throws TokenException;
/**
* Returns the public key corresponding to the private key.
*
* @param privateKey
* @return The corresponding public key.
* @throws ObjectNotFoundException If the corresponding public key is not found.
* @throws TokenException If an error occurs on the token.
*/
public PublicKey findPublicKey(PrivateKey privateKey)
throws ObjectNotFoundException, TokenException;
/**
* Returns all symmetric keys stored on this token.
*
* @return An array of all symmetric keys stored on this token.
* @exception TokenException If an error occurs on the token while
* gathering the keys.
*/
public SymmetricKey[] getSymmetricKeys() throws TokenException;
/**
* Permanently deletes a private key from the token.
*
* @param privateKey A private key to be permanently deleted.
* @exception NoSuchItemOnTokenException If the given private key does
* not reside on this token.
* @exception TokenException If an error occurs on the token while
* deleting the key.
*/
public void deletePrivateKey(PrivateKey privateKey)
throws NoSuchItemOnTokenException, TokenException;
/**
* Permanently deletes a public key from the token.
*
* @param publicKey A public key to be permanently deleted.
* @exception NoSuchItemOnTokenException If the given public key does
* not reside on this token.
* @exception TokenException If an error occurs on the token while
* deleting the key.
*/
public void deletePublicKey(PublicKey publicKey)
throws NoSuchItemOnTokenException, TokenException;
/**
* Get an encrypted private key for the given cert.
*
* @param cert Certificate of key to be exported
* @param pbeAlg The PBEAlgorithm to use
* @param pw The password to encrypt with
* @param iteration Iteration count; default of 2000 if le 0
*/
public byte[] getEncryptedPrivateKeyInfo(X509Certificate cert,
PBEAlgorithm pbeAlg, Password pw, int iteration)
throws NotInitializedException,
ObjectNotFoundException, TokenException;
/**
* Get an encrypted private key, with optional password
* conversion.
*
* @param conv Password converter. If null, pw.getByteCopy()
* will be used to get password bytes.
* @param pw The password
* @param alg The encryption algorithm
* @param n Iteration count; default of 2000 if le 0
* @param k The private key
*/
public byte[] getEncryptedPrivateKeyInfo(
KeyGenerator.CharToByteConverter conv,
Password pw,
Algorithm alg,
int n,
PrivateKey k);
/**
* @param conv Password converter. If null, pw.getByteCopy()
* will be used to get password bytes.
* @param pw The password
* @param nickname Nickname to use for private key
* @param pubKey Public key corresponding to private key
*/
public void importEncryptedPrivateKeyInfo(
KeyGenerator.CharToByteConverter conv,
Password pw,
String nickname,
PublicKey pubKey,
byte[] epkiBytes);
////////////////////////////////////////////////////////////
// Certs
////////////////////////////////////////////////////////////
/**
* Returns all user certificates stored on this token. A user certificate
* is one that has a matching private key.
*
* @return An array of all user certificates present on this token.
* @exception TokenException If an error occurs on the token while
* gathering the certificates.
*/
public X509Certificate[] getCertificates() throws TokenException;
/**
* Deletes a certificate and the corresponding keys.
*
* @param cert A certificate to be deleted from this token. The cert
* must actually reside on this token.
* @exception NoSuchItemOnTokenException If the given cert does not
* reside on this token.
* @exception TokenException If an error occurred on the token while
* deleting the certificate.
*/
public void deleteCert(X509Certificate cert)
throws NoSuchItemOnTokenException, TokenException;
/**
* Deletes a certificate without deleting the corresponding keys.
*
* @param cert A certificate to be deleted from this token. The cert
* must actually reside on this token.
* @exception NoSuchItemOnTokenException If the given cert does not
* reside on this token.
* @exception TokenException If an error occurred on the token while
* deleting the certificate.
*/
public void deleteCertOnly(X509Certificate cert)
throws NoSuchItemOnTokenException, TokenException;
}
������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/CryptoToken.java�������������������������������������0000664�0000000�0000000�00000027016�14125500636�0024460�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
import java.security.DigestException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.PublicKey;
import org.mozilla.jss.util.IncorrectPasswordException;
import org.mozilla.jss.util.PasswordCallback;
/**
* A CryptoToken performs cryptographic operations and stores
* cryptographic items, such as keys and certs. It corresponds to a
* Cryptographic Service Provider (CSP) in CDSA, and to a PKCS #11 token.
* true if this algorithm performs padding.
*/
public boolean isPadded() {
return !Padding.NONE.equals(padding);
}
/**
* @return The type of padding for this algorithm.
*/
public Padding getPaddingType() {
return padding;
}
private static Class[] IVParameterSpecClasses = null;
static {
IVParameterSpecClasses = new Class[2];
IVParameterSpecClasses[0] = IVParameterSpec.class;
IVParameterSpecClasses[1] = IvParameterSpec.class;
}
/**
* Returns the number of bytes that this algorithm expects in
* its initialization vector.
*
* @return The size in bytes of the IV for this algorithm. A size of
* 0 means this algorithm does not take an IV.
*/
public native int getIVLength();
public static final EncryptionAlgorithm RC4 = new EncryptionAlgorithm(SEC_OID_RC4, Alg.RC4, Mode.NONE, Padding.NONE,
(Class) null, 1, OBJECT_IDENTIFIER.RSA_CIPHER.subBranch(4), 0);
public static final EncryptionAlgorithm DES_ECB = new EncryptionAlgorithm(SEC_OID_DES_ECB, Alg.DES, Mode.ECB,
Padding.NONE, (Class) null, 8, OBJECT_IDENTIFIER.ALGORITHM.subBranch(6),
56);
public static final EncryptionAlgorithm DES_CBC = new EncryptionAlgorithm(SEC_OID_DES_CBC, Alg.DES, Mode.CBC,
Padding.NONE, IVParameterSpecClasses, 8,
OBJECT_IDENTIFIER.ALGORITHM.subBranch(7), 56);
public static final EncryptionAlgorithm DES_CBC_PAD = new EncryptionAlgorithm(CKM_DES_CBC_PAD, Alg.DES, Mode.CBC,
Padding.PKCS5, IVParameterSpecClasses, 8, null, 56); // no oid
public static final EncryptionAlgorithm DES3_ECB = new EncryptionAlgorithm(CKM_DES3_ECB, Alg.DESede, Mode.ECB,
Padding.NONE, (Class) null, 8, null, 168); // no oid
public static final EncryptionAlgorithm DES3_CBC = new EncryptionAlgorithm(SEC_OID_DES_EDE3_CBC, Alg.DESede,
Mode.CBC, Padding.NONE, IVParameterSpecClasses, 8,
OBJECT_IDENTIFIER.RSA_CIPHER.subBranch(7), 168);
public static final EncryptionAlgorithm DES3_CBC_PAD = new EncryptionAlgorithm(CKM_DES3_CBC_PAD, Alg.DESede,
Mode.CBC, Padding.PKCS5, IVParameterSpecClasses, 8,
null, 168); //no oid
public static final EncryptionAlgorithm RC2_CBC = new EncryptionAlgorithm(SEC_OID_RC2_CBC, Alg.RC2, Mode.CBC,
Padding.NONE, RC2ParameterSpec.class, 8,
null, 0); // no oid, see comment below
// Which algorithm should be associated with this OID, RC2_CBC or
// RC2_CBC_PAD? NSS says RC2_CBC, but PKCS #5 v2.0 says RC2_CBC_PAD.
// See NSS bug 202925.
public static final EncryptionAlgorithm RC2_CBC_PAD = new EncryptionAlgorithm(CKM_RC2_CBC_PAD, Alg.RC2, Mode.CBC,
Padding.PKCS5, RC2ParameterSpec.class, 8,
OBJECT_IDENTIFIER.RSA_CIPHER.subBranch(2), 0);
public static final OBJECT_IDENTIFIER AES_ROOT_OID = new OBJECT_IDENTIFIER(
new long[] { 2, 16, 840, 1, 101, 3, 4, 1 });
public static final EncryptionAlgorithm AES_128_ECB = new EncryptionAlgorithm(SEC_OID_AES_128_ECB,
Alg.AES, Mode.ECB,
Padding.NONE, (Class) null, 16,
AES_ROOT_OID.subBranch(1), 128);
public static final EncryptionAlgorithm AES_128_CBC = new EncryptionAlgorithm(SEC_OID_AES_128_CBC,
Alg.AES, Mode.CBC,
Padding.NONE, IVParameterSpecClasses, 16,
AES_ROOT_OID.subBranch(2), 128);
public static final EncryptionAlgorithm AES_128_CBC_PAD = new EncryptionAlgorithm(SEC_OID_AES_128_CBC,
Alg.AES, Mode.CBC,
Padding.PKCS5, IVParameterSpecClasses, 16,
AES_ROOT_OID.subBranch(2), 128);
public static final EncryptionAlgorithm AES_192_ECB = new EncryptionAlgorithm(SEC_OID_AES_192_ECB,
Alg.AES, Mode.ECB,
Padding.NONE, (Class) null, 16, AES_ROOT_OID.subBranch(21), 192);
public static final EncryptionAlgorithm AES_192_CBC = new EncryptionAlgorithm(SEC_OID_AES_192_CBC,
Alg.AES, Mode.CBC,
Padding.NONE, IVParameterSpecClasses, 16,
AES_ROOT_OID.subBranch(22), 192);
public static final EncryptionAlgorithm AES_192_CBC_PAD = new EncryptionAlgorithm(SEC_OID_AES_192_CBC,
Alg.AES, Mode.CBC,
Padding.PKCS5, IVParameterSpecClasses, 16,
AES_ROOT_OID.subBranch(22), 192);
public static final EncryptionAlgorithm AES_256_ECB = new EncryptionAlgorithm(SEC_OID_AES_256_ECB,
Alg.AES, Mode.ECB,
Padding.NONE, (Class) null, 16, AES_ROOT_OID.subBranch(41), 256);
public static final EncryptionAlgorithm AES_256_CBC = new EncryptionAlgorithm(SEC_OID_AES_256_CBC,
Alg.AES, Mode.CBC,
Padding.NONE, IVParameterSpecClasses, 16,
AES_ROOT_OID.subBranch(42), 256);
public static final EncryptionAlgorithm AES_CBC_PAD = new EncryptionAlgorithm(CKM_AES_CBC_PAD, Alg.AES, Mode.CBC,
Padding.PKCS5, IVParameterSpecClasses, 16, null, 256); // no oid
public static final EncryptionAlgorithm AES_256_CBC_PAD = new EncryptionAlgorithm(SEC_OID_AES_256_CBC,
Alg.AES, Mode.CBC,
Padding.PKCS5, IVParameterSpecClasses, 16,
AES_ROOT_OID.subBranch(42), 256);
public static final EncryptionAlgorithm
AES_128_KEY_WRAP_KWP = new EncryptionAlgorithm(SEC_OID_AES_128_KEY_WRAP_KWP,
Alg.AES,Mode.NONE,
Padding.PKCS5, IVParameterSpecClasses, 16,
AES_ROOT_OID.subBranch(8), 128,"AES/None/PKCS5Padding/Kwp/128");
public static final EncryptionAlgorithm
AES_192_KEY_WRAP_KWP = new EncryptionAlgorithm(SEC_OID_AES_192_KEY_WRAP_KWP,
Alg.AES,Mode.NONE,
Padding.PKCS5, IVParameterSpecClasses, 16,
AES_ROOT_OID.subBranch(28), 192,"AES/None/PKCSPadding/Kwp/192");
public static final EncryptionAlgorithm
AES_256_KEY_WRAP_KWP = new EncryptionAlgorithm(SEC_OID_AES_256_KEY_WRAP_KWP,
Alg.AES,Mode.NONE,
Padding.PKCS5, IVParameterSpecClasses, 16,
AES_ROOT_OID.subBranch(48), 256,"AES/None/PKCS5Padding/Kwp/256");
}
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/HMACAlgorithm.java�����������������������������������0000664�0000000�0000000�00000004561�14125500636�0024556�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
import java.security.NoSuchAlgorithmException;
import java.util.Hashtable;
import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
/**
* Algorithms for performing HMACs. These can be used to create
* MessageDigests.
*/
public class HMACAlgorithm extends DigestAlgorithm {
protected HMACAlgorithm(int oidIndex, String name, OBJECT_IDENTIFIER oid,
int outputSize) {
super(oidIndex, name, oid, outputSize);
if( oid!=null && oidMap.get(oid)==null) {
oidMap.put(oid, this);
}
}
///////////////////////////////////////////////////////////////////////
// OID mapping
///////////////////////////////////////////////////////////////////////
private static Hashtableseed.
* @param seed Seed.
*/
public void setSeed(long seed);
/**
* Retrieves random bytes and stores them in the given array.
* @param bytes Array to store random bytes.
*/
public void nextBytes(byte bytes[]);
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/KBKDF.c����������������������������������������������0000664�0000000�0000000�00000073304�14125500636�0022322�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#include true if the given strength is valid for this
* key generation algorithm. Note that PBE algorithms require
* PBEParameterSpecs rather than strengths. It is the responsibility
* of the caller to verify this.
*/
public boolean isValidStrength(int strength) {
return keyStrengthValidator.isValidKeyStrength(strength);
}
//////////////////////////////////////////////////////////////
public static final KeyGenAlgorithm GENERIC_SECRET = new KeyGenAlgorithm(
CKM_GENERIC_SECRET_KEY_GEN,
"GenericSecret",
new AnyKeyStrengthValidator(),
null,
null);
//////////////////////////////////////////////////////////////
public static final KeyGenAlgorithm DES = new KeyGenAlgorithm(
CKM_DES_KEY_GEN,
"DES",
new FixedKeyStrengthValidator(56),
null,
null);
//////////////////////////////////////////////////////////////
public static final KeyGenAlgorithm DES3 = new KeyGenAlgorithm(
CKM_DES3_KEY_GEN,
"DESede",
new FixedKeyStrengthValidator(168),
null,
null);
public static final KeyGenAlgorithm DESede = DES3;
//////////////////////////////////////////////////////////////
public static final KeyGenAlgorithm RC4 = new KeyGenAlgorithm(
CKM_RC4_KEY_GEN,
"RC4",
new AnyKeyStrengthValidator(),
null,
null);
//////////////////////////////////////////////////////////////
public static final KeyGenAlgorithm PBA_SHA1_HMAC = new KeyGenAlgorithm(
CKM_PBA_SHA1_WITH_SHA1_HMAC,
"PBA/SHA1/HMAC",
new FixedKeyStrengthValidator(160),
null,
PBEKeyGenParams.class);
public static final KeyGenAlgorithm SHA1_HMAC = new KeyGenAlgorithm(
CKM_SHA_1_HMAC,
"SHA1/HMAC",
new FixedKeyStrengthValidator(160),
null,
null);
public static final KeyGenAlgorithm SHA256_HMAC = new KeyGenAlgorithm(
CKM_SHA256_HMAC,
"SHA256/HMAC",
new FixedKeyStrengthValidator(256),
null,
null);
public static final KeyGenAlgorithm SHA384_HMAC = new KeyGenAlgorithm(
CKM_SHA384_HMAC,
"SHA384/HMAC",
new FixedKeyStrengthValidator(384),
null,
null);
public static final KeyGenAlgorithm SHA512_HMAC = new KeyGenAlgorithm(
CKM_SHA512_HMAC,
"SHA512/HMAC",
new FixedKeyStrengthValidator(512),
null,
null);
//////////////////////////////////////////////////////////////
public static final KeyGenAlgorithm AES = new KeyGenAlgorithm(
CKM_AES_KEY_GEN,
"AES",
new KeyStrengthValidator() {
@Override
public boolean isValidKeyStrength(int strength) {
return strength == 128 || strength == 192 || strength == 256;
}
},
null,
null);
//////////////////////////////////////////////////////////////
public static final KeyGenAlgorithm RC2 = new KeyGenAlgorithm(
CKM_RC2_KEY_GEN,
"RC2",
new KeyStrengthValidator() {
@Override
public boolean isValidKeyStrength(int strength) {
// Allow any key of size between 1 byte and 128 bytes
return strength >= 8 && strength <= (128 * 8);
}
},
null,
null);
//////////////////////////////////////////////////////////////
/////////////// GENERIC KBKDFs: NIST SP800-108 ///////////////
//////////////////////////////////////////////////////////////
public static final KeyGenAlgorithm SP800_108_COUNTER_KDF = new KeyGenAlgorithm(
CKM_SP800_108_COUNTER_KDF,
"SP800_108_COUNTER_KDF",
new AnyKeyStrengthValidator(),
null,
KBKDFCounterParams.class);
public static final KeyGenAlgorithm SP800_108_FEEDBACK_KDF = new KeyGenAlgorithm(
CKM_SP800_108_FEEDBACK_KDF,
"SP800_108_FEEDBACK_KDF",
new AnyKeyStrengthValidator(),
null,
KBKDFFeedbackParams.class);
public static final KeyGenAlgorithm SP800_108_DOUBLE_PIPELINE_KDF = new KeyGenAlgorithm(
CKM_SP800_108_DOUBLE_PIPELINE_KDF,
"SP800_108_DOUBLE_PIPELINE_KDF",
new AnyKeyStrengthValidator(),
null,
KBKDFPipelineParams.class);
//////////////////////////////////////////////////////////////
//////////// Data KBKDFs: NSS-only NIST SP800-108 ////////////
//////////////////////////////////////////////////////////////
public static final KeyGenAlgorithm NSS_SP800_108_COUNTER_KDF_DERIVE_DATA = new KeyGenAlgorithm(
CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA,
"NSS_SP800_108_COUNTER_KDF_DERIVE_DATA",
new AnyKeyStrengthValidator(),
null,
KBKDFCounterParams.class);
public static final KeyGenAlgorithm NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA = new KeyGenAlgorithm(
CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA,
"NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA",
new AnyKeyStrengthValidator(),
null,
KBKDFFeedbackParams.class);
public static final KeyGenAlgorithm NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA = new KeyGenAlgorithm(
CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA,
"NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA",
new AnyKeyStrengthValidator(),
null,
KBKDFPipelineParams.class);
}
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/KeyGenerator.java������������������������������������0000664�0000000�0000000�00000012053�14125500636�0024571�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
import java.io.CharConversionException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.spec.AlgorithmParameterSpec;
/**
* Generates symmetric keys for encryption and decryption.
*/
public interface KeyGenerator {
/**
* @param strength Key size in bits. Must be evenly divisible by 8.
* @throws InvalidAlgorithmParameterException If parameter is invalid.
*/
public void initialize(int strength)
throws InvalidAlgorithmParameterException;
public void initialize(AlgorithmParameterSpec parameters)
throws InvalidAlgorithmParameterException;
/**
* @param usages The operations the key will be used for after it is
* generated. You have to specify these so that the key can be properly
* marked with the operations it supports. Some PKCS #11 tokens require
* that a key be marked for an operation before it can perform that
* operation. The default is SymmetricKey.Usage.SIGN and
* SymmetricKey.Usage.ENCRYPT.
*/
public void setKeyUsages(SymmetricKey.Usage[] usages);
/**
* Tells the generator to generate temporary or permanent keys.
* Temporary keys are not written permanently to the token. They
* are destroyed by the garbage collector. If this method is not
* called, the default is temporary keys.
* @param temp True to generate temporary key.
*/
public void temporaryKeys(boolean temp);
/**
* Tells the generator to generate sensitive or insensitive keys.
* Certain attributes of a sensitive key cannot be revealed in
* plaintext outside the token. If this method is not called, the
* default is token dependent.
* @param sensitive True to generate sensitive.
*/
public void sensitiveKeys(boolean sensitive);
/**
* Generates a symmetric key.
* @return Symmetric key.
* @throws IllegalStateException If key generation failed.
* @throws TokenException If an error occurred in the token.
* @throws CharConversionException If an encoding error occurred.
*/
public SymmetricKey generate()
throws IllegalStateException, TokenException, CharConversionException;
/**
* Generates an Initialization Vector using a PBE algorithm.
* In order to call this method, the algorithm must be a PBE algorithm,
* and the KeyGenerator must have been initialized with an instance
* of PBEKeyGenParams.
*
* @return The initialization vector derived from the password and salt
* using the PBE algorithm.
* @exception IllegalStateException If the algorithm is not a PBE
* algorithm, or the KeyGenerator has not been initialized with
* an instance of PBEKeyGenParams.
* @exception TokenException If an error occurs on the CryptoToken while
* generating the IV.
* @exception CharConversionException If an encoding error occurred.
*/
public byte[] generatePBE_IV()
throws IllegalStateException, TokenException, CharConversionException;
/**
* Allows a SymmetricKey to be cloned on a different token.
*
* @param key Symmetric key.
* @return Cloned symmetric key.
* @exception SymmetricKey.NotExtractableException If the key material
* cannot be extracted from the current token.
* @exception InvalidKeyException If the owning token cannot process
* the key to be cloned.
* @exception TokenException If an error occurred in the token.
*/
public SymmetricKey clone(SymmetricKey key)
throws SymmetricKey.NotExtractableException,
InvalidKeyException, TokenException;
/**
* An interface for converting a password of Java characters into an array
* of bytes. This conversion must be performed to provide a byte array
* to the low-level crypto engine. The default conversion is UTF8.
* Null-termination is not necessary, and indeed is usually incorrect,
* since the password is passed to the crypto engine as a byte array, not
* a C string.
*/
public static interface CharToByteConverter {
/**
* Converts a password of Java characters into a password of
* bytes, using some encoding scheme. The input char array must
* not be modified.
* @param chars Password characters.
* @return Password as byte array.
* @throws CharConversionException If an error occurred.
*/
public byte[] convert(char[] chars) throws CharConversionException;
}
/**
* Sets the character to byte converter for passwords. The default
* conversion is UTF8 with no null termination.
* @param charToByte Character-to-byte converter.
*/
public void setCharToByteConverter(CharToByteConverter charToByte);
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/KeyPairAlgorithm.java��������������������������������0000664�0000000�0000000�00000005657�14125500636�0025421�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
import java.security.NoSuchAlgorithmException;
import java.util.Hashtable;
/**
* Algorithms that can be used for keypair generation.
*/
public class KeyPairAlgorithm extends Algorithm {
protected KeyPairAlgorithm(int oidIndex, String name, Algorithm algFamily) {
super(oidIndex, name);
this.algFamily = algFamily;
nameMap.put(name, this);
}
/**
* Returns the algorithm family for a given key pair generation algorithm.
* If a token supports a family and is writable, we can do keypair gen
* on the token even if it doesn't support the keypair gen algorithm.
* We do this by doing the keypair gen on the internal module and then
* moving the key out to the other token.
* @return Algorithm family.
*/
public Algorithm
getAlgFamily()
{
return algFamily;
}
private static HashtablekeygenOnInternalToken to find out if this is happening.
*
* @see org.mozilla.jss.crypto.CryptoToken#getKeyPairGenerator
*/
public class KeyPairGenerator {
/**
* Creates a new key pair generator. KeyPairGenerators should
* be obtained by calling CryptoToken.getKeyPairGenerator
* instead of calling this constructor.
*
* @param algorithm The type of keys that the generator will be
* used to generate.
* @param engine The engine object that provides the implementation for
* the class.
*/
public KeyPairGenerator(KeyPairAlgorithm algorithm,
KeyPairGeneratorSpi engine) {
this.algorithm = algorithm;
this.engine = engine;
}
/**
* Generates a new key pair.
*
* @return A new key pair. The keys reside on the CryptoToken that
* provided this KeyPairGenerator.
* @exception TokenException If an error occurs on the CryptoToken
* in the process of generating the key pair.
*/
public java.security.KeyPair
genKeyPair() throws TokenException {
return engine.generateKeyPair();
}
/**
* @return The type of key that this generator generates.
*/
public KeyPairAlgorithm getAlgorithm() {
return algorithm;
}
/**
* Initializes the generator with algorithm-specific parameters.
* The SecureRandom parameters is ignored.
*
* @param params Algorithm-specific parameters for the key pair generation.
* @param random This parameter is ignored. NSS does not accept
* an external source of random numbers.
* @exception InvalidAlgorithmParameterException If the parameters are
* inappropriate for the type of key pair that is being generated,
* or they are not supported by this generator.
* @see org.mozilla.jss.crypto.RSAParameterSpec
* @see java.security.spec.DSAParameterSpec
*/
public void initialize(AlgorithmParameterSpec params, SecureRandom random)
throws InvalidAlgorithmParameterException
{
engine.initialize(params, random);
}
/**
* Initializes the generator with algorithm-specific parameters.
*
* @param params Algorithm-specific parameters for the key pair generation.
* @exception InvalidAlgorithmParameterException If the parameters are
* inappropriate for the type of key pair that is being generated,
* or they are not supported by this generator.
* @see org.mozilla.jss.crypto.RSAParameterSpec
* @see java.security.spec.DSAParameterSpec
*/
public void initialize(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException
{
engine.initialize(params, null);
}
/**
* Initializes the generator with the strength of the keys.
* The SecureRandom parameter is ignored.
*
* @param strength The strength of the keys that will be generated.
* Usually this is the length of the key in bits.
* @param random This parameter is ignored. NSS does not accept
* an external source of random numbers.
*/
public void initialize(int strength, SecureRandom random) {
engine.initialize(strength, random);
}
/**
* Initializes the generator with the strength of the keys.
*
* @param strength The strength of the keys that will be generated.
* Usually this is the length of the key in bits.
*/
public void initialize(int strength) {
engine.initialize(strength, null);
}
/**
* @return true if the keypair generation will take place on the
* internal token rather than the current token. This will
* happen if the token does not support keypair generation
* but does support this algorithm and is writable. In this
* case the keypair will be generated on the Netscape internal
* token and then moved to this token.
*/
public boolean keygenOnInternalToken() {
return engine.keygenOnInternalToken();
}
/**
* Tells the generator to generate temporary or permanent keypairs.
* Temporary keys are not written permanently to the token. They
* are destroyed by the garbage collector. If this method is not
* called, the default is permanent keypairs.
* @param temp True to generate temporary keypairs.
*/
public void temporaryPairs(boolean temp) {
engine.temporaryPairs(temp);
}
/**
* Tells the generator to generate sensitive or insensitive keypairs.
* Certain attributes of a sensitive key cannot be revealed in
* plaintext outside the token. If this method is not called, the
* default depends on the temporaryPairs mode for backward
* compatibility. The default is sensitive keypairs if the
* temporaryPairs mode is false, or insensitive keypairs if the
* temporaryPairs mode is true.
* @param sensitive To generate sensitive keypairs.
*/
public void sensitivePairs(boolean sensitive) {
engine.sensitivePairs(sensitive);
}
/**
* Tells the generator to generate extractable or unextractable
* keypairs. Extractable keys can be extracted from the token after
* wrapping. If this method is not called, the default is token
* dependent.
* @param extractable True to generate extractable keypairs.
*/
public void extractablePairs(boolean extractable) {
engine.extractablePairs(extractable);
}
public void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages,
KeyPairGeneratorSpi.Usage[] usages_mask) {
engine.setKeyPairUsages(usages,usages_mask);
}
public int getCurveCodeByName(String curveName)
throws InvalidParameterException {
return engine.getCurveCodeByName(curveName);
}
protected KeyPairAlgorithm algorithm;
protected KeyPairGeneratorSpi engine;
}
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java�����������������������������0000664�0000000�0000000�00000005671�14125500636�0026071�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.KeyPair;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import org.mozilla.jss.pkcs11.PKCS11Constants;
public abstract class KeyPairGeneratorSpi {
public KeyPairGeneratorSpi() {
}
public abstract void initialize(int strength, SecureRandom random);
public abstract void initialize(AlgorithmParameterSpec params,
SecureRandom random)
throws InvalidAlgorithmParameterException;
public abstract KeyPair generateKeyPair() throws TokenException;
public abstract int getCurveCodeByName(String curveName) throws InvalidParameterException;
public abstract void temporaryPairs(boolean temp);
public abstract void sensitivePairs(boolean sensitive);
public abstract void extractablePairs(boolean extractable);
public abstract boolean keygenOnInternalToken();
/**
* In PKCS #11, each keypair can be marked with the operations it will
* be used to perform. Some tokens require that a key be marked for
* an operation before the key can be used to perform that operation;
* other tokens don't care. NSS provides a way to specify a set of
* flags and a corresponding mask for these flags. If a specific usage
* is desired set the value for that usage. If it is not set, let NSS
* behave in it's default fashion. If a behavior is desired, also set
* that behavior in the mask as well as the flags.
*
*/
public enum Usage {
ENCRYPT (PKCS11Constants.CKF_ENCRYPT),
DECRYPT (PKCS11Constants.CKF_DECRYPT),
SIGN (PKCS11Constants.CKF_SIGN),
SIGN_RECOVER (PKCS11Constants.CKF_SIGN_RECOVER),
VERIFY (PKCS11Constants.CKF_VERIFY),
VERIFY_RECOVER (PKCS11Constants.CKF_VERIFY_RECOVER),
WRAP (PKCS11Constants.CKF_WRAP),
UNWRAP (PKCS11Constants.CKF_UNWRAP),
DERIVE (PKCS11Constants.CKF_DERIVE);
private final long value;
Usage(long value) {
this.value = value;
}
/**
* @deprecated Use ordinal() instead.
*/
@Deprecated
public int getVal() { return ordinal(); }
/**
* Get PKCS #11 CKF_ value.
*/
public long value() { return value; }
}
/**
* setKeyPairUsages
* @param usages Usages.
* @param usages_mask Usages mask.
*/
public abstract void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages,
KeyPairGeneratorSpi.Usage[] usages_mask);
}
�����������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/KeyWrapAlgorithm.java��������������������������������0000664�0000000�0000000�00000014641�14125500636�0025430�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
import java.security.NoSuchAlgorithmException;
import java.util.Hashtable;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.RC2ParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
/**
*
*/
public class KeyWrapAlgorithm extends Algorithm {
protected KeyWrapAlgorithm(int oidTag, String name, Class paramClass,
boolean padded, int blockSize) {
super(oidTag, name, null, paramClass);
this.padded = padded;
this.blockSize = blockSize;
if( name != null ) {
nameMap.put(name.toLowerCase(), this);
}
}
protected KeyWrapAlgorithm(int oidTag, String name, Class []paramClasses,
boolean padded, int blockSize) {
super(oidTag, name, null, paramClasses);
this.padded = padded;
this.blockSize = blockSize;
if( name != null ) {
nameMap.put(name.toLowerCase(), this);
}
}
private boolean padded;
private int blockSize;
private static HashtableRSAPublicKey or a
* DSAPublicKey.
* @exception InvalidKeyException If the type of the public key does not
* match the type of the private key to be unwrapped.
*/
public PrivateKey unwrapPrivate(byte[] wrapped, PrivateKey.Type type,
PublicKey publicKey)
throws TokenException, InvalidKeyException, IllegalStateException;
/**
* Unwraps a private key, creating a temporary private key object.
* A temporary
* private key is one that does not permanently reside on a token.
* As soon as it is garbage-collected, it is gone forever.
*
* @param publicKey Used to calculate the key identifier that must be stored
* with the private key. Must be a RSAPublicKey or a
* DSAPublicKey.
* @exception InvalidKeyException If the type of the public key does not
* match the type of the private key to be unwrapped.
*/
public PrivateKey unwrapTemporaryPrivate(byte[] wrapped,
PrivateKey.Type type, PublicKey publicKey)
throws TokenException, InvalidKeyException, IllegalStateException;
/**
* @param keyLength The expected length of the key in bytes. This is
* only used for variable-length keys (RC4) and non-padding
* algorithms. Otherwise, it can be set to anything(like 0).
* @param usage The operation the key will be used for after it is
* unwrapped. You have to specify this so that the key can be properly
* marked with the operation it supports. Some PKCS #11 tokens require
* that a key be marked for an operation before it can perform that
* operation.
*/
public SymmetricKey unwrapSymmetric(byte[] wrapped, SymmetricKey.Type type,
SymmetricKey.Usage usage, int keyLength)
throws TokenException, IllegalStateException,
InvalidAlgorithmParameterException;
/**
* Unwraps a key and allows it to be used for all operations.
* @param keyLength The expected length of the key in bytes. This is
* only used for variable-length keys (RC4) and non-padding
* algorithms. Otherwise, it can be set to anything(like 0).
*/
public SymmetricKey unwrapSymmetric(byte[] wrapped, SymmetricKey.Type type,
int keyLength)
throws TokenException, IllegalStateException,
InvalidAlgorithmParameterException;
public SymmetricKey unwrapSymmetricPerm(byte[] wrapped, SymmetricKey.Type type,
SymmetricKey.Usage usage, int keyLength)
throws TokenException, IllegalStateException,
InvalidAlgorithmParameterException;
/**
* Unwraps a key and allows it to be used for all operations.
* @param keyLength The expected length of the key in bytes. This is
* only used for variable-length keys (RC4) and non-padding
* algorithms. Otherwise, it can be set to anything(like 0).
*/
public SymmetricKey unwrapSymmetricPerm(byte[] wrapped, SymmetricKey.Type type,
int keyLength)
throws TokenException, IllegalStateException,
InvalidAlgorithmParameterException;
}
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/NoSuchItemOnTokenException.java����������������������0000664�0000000�0000000�00000001565�14125500636�0027373�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
/**
* Thrown if a cryptographic item does not exist on the token it is
* trying to be used on.
*/
public class NoSuchItemOnTokenException extends Exception {
private static final long serialVersionUID = 1L;
public NoSuchItemOnTokenException() {}
public NoSuchItemOnTokenException(String mesg) {
super(mesg);
}
public NoSuchItemOnTokenException(String mesg, Throwable cause) {
super(mesg, cause);
}
public NoSuchItemOnTokenException(String mesg, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
super(mesg, cause, enableSuppression, writableStackTrace);
}
}
�������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/NoSuchPaddingException.java��������������������������0000664�0000000�0000000�00000000702�14125500636�0026535�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
/**
* This class is a stub for javax.crypto.NoSuchPaddingException until we
* move to JDK 1.2.
*/
public class NoSuchPaddingException extends Exception {
private static final long serialVersionUID = 1L;
}
��������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/ObjectNotFoundException.java�������������������������0000664�0000000�0000000�00000001471�14125500636�0026736�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
/**
* This exception is thrown whenever something isn't implemented.
*/
public class ObjectNotFoundException extends Exception {
private static final long serialVersionUID = 1L;
public ObjectNotFoundException() { super(); }
public ObjectNotFoundException(String mesg) { super(mesg); }
public ObjectNotFoundException(String mesg, Throwable cause) { super(mesg, cause); }
public ObjectNotFoundException(String mesg, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
super(mesg, cause, enableSuppression, writableStackTrace);
}
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/PBEAlgorithm.java������������������������������������0000664�0000000�0000000�00000012506�14125500636�0024452�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
/**
* Algorithms that can be used for generating symmetric keys from passwords.
*/
public class PBEAlgorithm extends KeyGenAlgorithm {
private EncryptionAlgorithm encAlg;
private int saltLength;
protected PBEAlgorithm(int oidTag, String name, int validStrength,
OBJECT_IDENTIFIER oid, EncryptionAlgorithm encAlg, int saltLength)
{
super(oidTag, name, new FixedKeyStrengthValidator(validStrength),
oid, PBEKeyGenParams.class);
this.encAlg = encAlg;
this.saltLength = saltLength;
}
/**
* Returns the EncryptionAlgorithm that should be used with keys
* generated with this PBEAlgorithm. For example,
* PBE_MD2_DES_CBC.getEncryptionAlg() returns
* EncryptionAlgorithm.DES_CBC.
*/
public EncryptionAlgorithm getEncryptionAlg() {
return encAlg;
}
/**
* Returns the number of bytes of salt that should be supplied when
* generating keys with this algorithm.
*
* generate methods.
* They will return a new set of PQG parameters. To verify existing PQG
* parameters, create a new PQGParams object with the
* constructor and call paramsAreValid on the object.
*
* CryptoManager.initialize before
* using this class.
*
*/
public class PQGParams extends DSAParameterSpec {
/**
* Creates a PQGParams object from a set of pre-computed DSA
* parameters.
*
* @param P The DSA prime parameter.
* @param Q The DSA sub-prime parameter.
* @param G The DSA base parameter.
* @param seed The Seed used to calculate P, Q, and G.
* @param counter The Counter (C) used to calculate P, Q, and G.
* @param H The H value used to generate P, Q, and G.
*/
public PQGParams(BigInteger P, BigInteger Q, BigInteger G,
BigInteger seed, int counter, BigInteger H)
{
super(P, Q, G);
this.seed = seed;
this.counter = counter;
this.H = H;
}
/**
* Generates P, Q, and G parameters for DSA key generation. Also
* provides the seed, counter, and H values for verification of the
* P, Q, and G. The parameters are generated and then verified
* before being returned. The length of the Seed will equal the
* length of P.
*
* It is necessary to call one of the
* CryptoManager.initialize functions before calling
* this method.
*
* @param keySize The size of P in bits. Keys generated by these P,
* Q, and G values will have this length. Valid key sizes
* are multiples of 64 in the closed interval [512,1024].
* This also dictates the length of H and Seed.
* @return A new set of P, Q, and G parameters, along with the Seed,
* Counter, and H values used to generate them.
* @exception java.security.InvalidParameterException If the keySize
* is outside the bounds described by the DSA key pair
* generation algorithm.
* @exception org.mozilla.jss.crypto.PQGParamGenException If an error
* occurs during the generation process.
* @see org.mozilla.jss.CryptoManager#initialize
*/
public static PQGParams
generate(int keySize)
throws java.security.InvalidParameterException,
PQGParamGenException
{
PQGParams pqg = generateNative(keySize);
if( ! pqg.paramsAreValid() ) {
throw new PQGParamGenException(
"Generated parameters did not verify correctly");
}
return pqg;
}
/**
* Does the actual work of generation, but does not verify.
*/
private static native PQGParams
generateNative(int keySize)
throws java.security.InvalidParameterException,
PQGParamGenException;
/**
* Generates P, Q, and G parameters for DSA key generation. Also
* provides the seed, counter, and H values for verification of the
* P, Q, and G. The parameters are generated and then verified
* before being returned.
*
* It is necessary to call one of the
* CryptoManager.initialize functions before calling
* this method.
*
* @param keySize The size of P in bits. Keys generated by these P,
* Q, and G values will have this length. Valid key sizes
* are multiples of 64 in the closed interval [512,1024].
* This also dictates the length of H.
* @param seedBytes The number of bytes in the Seed value used to
* generate P, Q, and G. seedBytes must be
* from the closed interval [20,255].
* @return A new set of P, Q, and G parameters, along with the Seed,
* Counter, and H values used to generate them.
* @exception java.security.InvalidParameterException If the keySize
* or number of seed bytes is outside the bounds described by the
* DSA key pair generation algorithm.
* @exception org.mozilla.jss.crypto.PQGParamGenException If an error
* occurs during the generation process.
* @see org.mozilla.jss.CryptoManager#initialize
*/
public static PQGParams
generate(int keySize, int seedBytes)
throws java.security.InvalidParameterException,
PQGParamGenException
{
PQGParams pqg = generateNative(keySize, seedBytes);
if( ! pqg.paramsAreValid() ) {
throw new PQGParamGenException(
"Generated parameters did not verify correctly");
}
return pqg;
}
/**
* Does the actual work of generation, but does not verify.
*/
private static native PQGParams
generateNative(int keySize, int seedBytes)
throws java.security.InvalidParameterException,
PQGParamGenException;
/**
* Produces an unsigned byte-array representation of a BigInteger.
*
*
* SEQUENCE {
* keyid OCTET STRING,
* alg AlgorithmIdentifier,
* ciphertext OCTET STRING }
*
*
* CryptoTokens.
*
* @see org.mozilla.jss.crypto.CryptoToken#getSignatureContext
*/
public class Signature {
protected Signature() {
}
Signature(SignatureAlgorithm algorithm, SignatureSpi engine) {
this.algorithm = algorithm;
this.engine = engine;
}
/**
* This is not supported yet.
*/
public Provider getProvider() {
throw new RuntimeException("Signature.getProvider() is not yet implemented");
}
/**
* Supplying sources of randoms is not supported yet.
* public void initSign(PrivateKey privateKey, SecureRandom random)
* throws InvalidKeyException, TokenException
* {
* engine.engineInitSign(privateKey, random);
* }
*/
/**
* Initialize the signature context for signing.
*
* @param privateKey The private key with which to sign.
* @exception InvalidKeyException If the key is the wrong type for the
* algorithm or does not exist on the token of this signature
* context.
* @exception TokenException If an error occurred on the token.
*/
public void initSign(PrivateKey privateKey)
throws InvalidKeyException, TokenException {
engine.engineInitSign(privateKey);
}
/**
* Initialize the signature context for verifying.
*
* @param publicKey The public key with which to verify the signature.
* @exception InvalidKeyException If the key is the wrong type for the
* algorithm.
* @exception TokenException If an error occurs on the token.
*/
public void initVerify(PublicKey publicKey)
throws InvalidKeyException, TokenException {
engine.engineInitVerify(publicKey);
}
/**
* Set parameters for the signing algorithm. This is currently not
* supported or needed.
*
* @param params Parameters for the signing algorithm.
* @exception InvalidAlgorithmParameterException If there is something wrong
* with the parameters.
* @exception TokenException If an error occurs on the token.
*/
public void setParameter(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException, TokenException {
engine.engineSetParameter(params);
}
/**
* Finish a signing operation and return the signature.
*
* @exception SignatureException If an error occurs with the signing
* operation.
* @exception TokenException If an error occurs on the token.
* @return The signature.
*/
public byte[] sign() throws SignatureException, TokenException {
return engine.engineSign();
}
/**
* Finish a signing operation and store the signature in the provided
* buffer.
*
* @param outbuf Buffer to hold the signature
* @param offset Offset in buffer at which to store signature.
* @param len Number of bytes of buffer available for signature.
* @return int The number of bytes placed into outbuf.
* @exception SignatureException If an error occurred while signing, or
* len was insufficient to contain the signature.
* @exception TokenException If an error occurred on the token.
*/
public int sign(byte[] outbuf, int offset, int len)
throws SignatureException, TokenException {
return engine.engineSign(outbuf, offset, len);
}
/**
* Finish a verification operation.
*
* @param signature The signature to be verified.
* @return true if the signature is valid, false if it is invalid.
* @exception SignatureException If an error occurred with the verification
* operation
* @exception TokenException If an error occurred on the token.
*/
public boolean verify(byte[] signature)
throws SignatureException, TokenException {
return engine.engineVerify(signature);
}
/**
* Provide more data for a signature or verification operation.
*
* @param b A byte to be signed or verified.
* @exception SignatureException If an error occurs in the
* signature/verifcation.
* @exception TokenException If an error occurs on the token.
*/
public void update(byte b)
throws SignatureException, TokenException {
engine.engineUpdate(b);
}
/**
* Provide more data for a signature or verification operation.
*
* @param data An array of bytes to be signed or verified.
* @exception SignatureException If an error occurs in the
* signature/verifcation.
* @exception TokenException If an error occurs on the token.
*/
public void update(byte[] data)
throws SignatureException, TokenException {
engine.engineUpdate(data, 0, data.length);
}
/**
* Provide more data for a signature or verification operation.
*
* @param data An array of bytes, some of which will be signed or verified.
* @param off The beginning offset of the bytes to be signed/verified.
* @param len The number of bytes to be signed/verified.
* @exception SignatureException If an error occurs in the
* signature/verification.
* @exception TokenException If an error occurs on the token.
*/
public void update(byte[] data, int off, int len)
throws SignatureException, TokenException {
engine.engineUpdate(data, off, len);
}
/**
* Returns the name of the algorithm to be used for signing.
*/
public String getAlgorithm() {
return algorithm.toString();
}
/**
* Returns the algorithm to be used for signing.
*/
public SignatureAlgorithm getAlgorithmID() {
return algorithm;
}
/**
* Cloning is not supported yet
*/
@Override
protected Object clone() throws CloneNotSupportedException {
// no cloning for now
throw new CloneNotSupportedException();
}
protected SignatureAlgorithm algorithm;
protected SignatureSpi engine;
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/SignatureAlgorithm.java������������������������������0000664�0000000�0000000�00000021423�14125500636�0026003�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
import java.security.NoSuchAlgorithmException;
import java.util.Hashtable;
import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
/**
* Algorithms that can be used for signing.
*/
public class SignatureAlgorithm extends Algorithm {
private static Hashtableordinal() instead.
*/
@Deprecated
public int getVal() {
return ordinal();
}
/**
* Get PKCS #11 CKF_ value.
*/
public long value() {
return value;
}
/**
* Get PKCS #11 CKA_ value.
*
* @deprecated Use value() to get PKCS #11 CKF_ value instead.
*/
@Deprecated
public long getPKCS11Constant() {
return cka_value;
}
}
}
���������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/SymmetricKeyDeriver.java�����������������������������0000664�0000000�0000000�00000006074�14125500636�0026146�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape Security Services for Java.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
package org.mozilla.jss.crypto;
import java.security.InvalidKeyException;
public interface SymmetricKeyDeriver {
/* Use with the encrypt type mechanisms
Example: initDerive(
symKey, (PKCS11Constants.CKM_DES3_ECB_ENCRYPT_DATA) 4354L, derivationData, null,
PKCS11Constants.CKM_DES3_ECB, PKCS11Constants.CKA_DERIVE, 16);
*/
public abstract void initDerive(SymmetricKey baseKey,
long deriveMech, byte[] param, byte[] iv, long targetMech, long operation, long keySize)
throws InvalidKeyException;
/* Use with key extraction and key concatanation mechanisms
Example:
param: byte array that has the bit position of where to extract
initDerive(
derivedKey, PKCS11Constants.CKM_EXTRACT_KEY_FROM_KEY,param,null,
PKCS11Constants.CKA_ENCRYPT, PKCS11Constants.CKA_DERIVE,8);
initDerive(
baseSymKey,secondarySymKey, PKCS11Constants.CKM_CONCATENATE_BASE_AND_KEY,null,null,
PKCS11Constants.CKM_DES3_ECB, PKCS11Constants.CKA_DERIVE,0);
*/
public abstract void initDerive(SymmetricKey baseKey,
SymmetricKey secondaryKey, long deriveMech, byte[] param, byte[] iv, long targetMech, long operation, long keySize)
throws InvalidKeyException;
public abstract SymmetricKey derive()
throws TokenException;
}
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/TokenCertificate.java��������������������������������0000664�0000000�0000000�00000001757�14125500636�0025426�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
/**
* An X509 Certificate that lives on a PKCS #11 token.
* Many of the X509Certificates returned by JSS calls are actually
* TokenCertificates.
* To find out if an X509Certificate is a TokenCertificate, use
* instanceof.
*/
public interface TokenCertificate extends X509Certificate {
/**
* Returns the unique ID of this key. Unique IDs can be used to match
* certificates to keys.
*
* @see org.mozilla.jss.crypto.PrivateKey#getUniqueID
*/
public abstract byte[] getUniqueID();
/**
* Returns the CryptoToken that owns this certificate. Cryptographic
* operations with this key may only be performed on the token that
* owns the key.
*/
public abstract CryptoToken getOwningToken();
}
�����������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/TokenException.java����������������������������������0000664�0000000�0000000�00000001740�14125500636�0025132�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
/**
* This class indicates that an unknown error occurred on a CryptoToken.
* The nature of CryptoTokens makes such unpredictable errors possible.
* For example, a smartcard could be yanked out of its slot in the middle
* of a cryptographic operation.
*/
public class TokenException extends Exception {
private static final long serialVersionUID = 1L;
public TokenException() { super(); }
public TokenException(String mesg) {
super(mesg);
}
public TokenException(String mesg, Throwable cause) {
super(mesg, cause);
}
public TokenException(String mesg, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
super(mesg, cause, enableSuppression, writableStackTrace);
}
}
��������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/TokenRuntimeException.java���������������������������0000664�0000000�0000000�00000002012�14125500636�0026467�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
/**
* This class indicates that an unknown error occurred on a CryptoToken.
* The nature of CryptoTokens makes such unpredictable errors possible.
* For example, a smartcard could be yanked out of its slot in the middle
* of a cryptographic operation.
*/
public class TokenRuntimeException extends RuntimeException {
private static final long serialVersionUID = 1L;
public TokenRuntimeException() { super(); }
public TokenRuntimeException(String mesg) {
super(mesg);
}
public TokenRuntimeException(String mesg, Throwable cause) {
super(mesg, cause);
}
public TokenRuntimeException(String mesg, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
super(mesg, cause, enableSuppression, writableStackTrace);
}
}
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/TokenSupplier.java�����������������������������������0000664�0000000�0000000�00000001411�14125500636�0024772�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
/**
* An interface that allows providers to access CryptoManager without actually
* knowing about CryptoManager. This is necessary to prevent cyclic
* dependencies. CryptoManager knows about the providers, so the providers
* can't know about CryptoManager. Instead, CryptoManager implements
* this interface.
*/
public interface TokenSupplier {
public CryptoToken getInternalCryptoToken();
public JSSSecureRandom getSecureRNG();
public CryptoToken getThreadToken();
public void setThreadToken(CryptoToken token);
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/TokenSupplierManager.java����������������������������0000664�0000000�0000000�00000001644�14125500636�0026275�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
/**
* The org.mozilla.jss.provider package comes before CryptoManager in
* the dependency list, so this class is used to allow them to access
* CryptoManager sneakily. When CryptoManager initializes, it registers
* itself as a token supplier with setTokenSupplier. Then
* the providers call getTokenSupplier when they need to use
* CryptoManager. CryptoManager implements the TokenSupplier interface.
*/
public class TokenSupplierManager {
static private TokenSupplier supplier;
static public void setTokenSupplier(TokenSupplier ts) {
supplier = ts;
}
static public TokenSupplier getTokenSupplier() {
return supplier;
}
}
��������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/Tunnel.java������������������������������������������0000664�0000000�0000000�00000001127�14125500636�0023437�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
/**
* This is a private JSS class that allows the pkcs11 package access
* to some of the
* package methods in the crypto package. A friend declaration would
* have been ideal.
*/
public class Tunnel {
protected static Signature
ConstructSignature( SignatureAlgorithm alg, SignatureSpi engine) {
return new Signature(alg, engine);
}
}
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/X509Certificate.java���������������������������������0000664�0000000�0000000�00000002741�14125500636�0025005�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.jss.crypto;
import java.math.BigInteger;
import java.security.Principal;
import java.security.cert.CertificateEncodingException;
/**
* Certificates handled by JSS. All certificates handled by JSS are
* of this type.
*/
public interface X509Certificate
{
/**
* @return The DER encoding of this certificate.
* @throws CertificateEncodingException If an error occurred.
*/
public byte[] getEncoded()
throws CertificateEncodingException;
/**
* @return The nickname of this certificate (could be null).
*/
public abstract String getNickname();
/**
* @return The Public Key from this certificate.
*/
public abstract java.security.PublicKey getPublicKey();
/**
* @return The RFC 1485 ASCII encoding of the Subject Name.
*/
public abstract Principal
getSubjectDN();
/**
* @return The RFC 1485 ASCII encoding of the issuer's Subject Name.
*/
public abstract Principal
getIssuerDN();
/**
* @return The serial number of this certificate.
*/
public abstract BigInteger
getSerialNumber();
/**
* @return the version number of this X.509 certificate.
* 0 means v1, 1 means v2, 2 means v3.
*/
public abstract int
getVersion();
}
�������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/crypto/package.html�����������������������������������������0000664�0000000�0000000�00000000475�14125500636�0023615�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������
* CertificationRequest ::= SEQUENCE {
* certificationRequestInfo CertificationRequestInfo,
* signatureAlgorithm SignatureAlgorithmIdentifier,
* signature Signature
* }
*
* SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
* Signature ::= BIT STRING
*
* CertificationRequestInfo ::= SEQUENCE {
* version Version,
* subject Name,
* subjectPublicKeyInfo SubjectPublicKeyInfo,
* attributes [0] IMPLICIT Attributes
* }
* Attributes ::= SET OF Attribute
*
*
* @author David Brownell
* @author Amit Kapoor
* @author Hemma Prafullchandra
* @version 1.28
*/
public class PKCS10 {
public static Logger logger = LoggerFactory.getLogger(PKCS10.class);
/**
* Constructs an unsigned PKCS #10 certificate request. Before this
* request may be used, it must be encoded and signed. Then it
* must be retrieved in some conventional format (e.g. string).
*
* @param publicKey the public key that should be placed
* into the certificate generated by the CA.
*/
public PKCS10(X509Key publicKey) {
subjectPublicKeyInfo = publicKey;
attributeSet = new PKCS10Attributes();
}
/**
* Constructs an unsigned PKCS #10 certificate request. Before this
* request may be used, it must be encoded and signed. Then it
* must be retrieved in some conventional format (e.g. string).
*
* @param publicKey the public key that should be placed
* into the certificate generated by the CA.
* @param attributes additonal set of PKCS10 attributes requested
* for in the certificate.
*/
public PKCS10(X509Key publicKey, PKCS10Attributes attributes) {
subjectPublicKeyInfo = publicKey;
if (attributes != null)
attributeSet = attributes;
else
attributeSet = new PKCS10Attributes();
}
/**
* Parses an encoded, signed PKCS #10 certificate request, verifying
* the request's signature as it does so. This constructor would
* typically be used by a Certificate Authority, from which a new
* certificate would then be constructed.
*
* @param data the DER-encoded PKCS #10 request.
* @param sigver boolean specifies signature verification enabled or not
* @exception IOException for low level errors reading the data
* @exception SignatureException when the signature is invalid
* @exception NoSuchAlgorithmException when the signature
* algorithm is not supported in this environment
*/
public PKCS10(byte data[], boolean sigver)
throws IOException, SignatureException, NoSuchAlgorithmException, java.security.NoSuchProviderException {
DerInputStream in;
DerValue seq[];
AlgorithmId id;
byte sigData[];
Signature sig;
String msg = "";
logger.debug("PKCS10: begins");
if (data == null) {
throw new IllegalArgumentException("Missing PKCS #10 data");
}
certificateRequest = data;
//
// Outer sequence: request, signature algorithm, signature.
// Parse, and prepare to verify later.
//
in = new DerInputStream(data);
seq = in.getSequence(3);
if (seq == null) {
throw new IllegalArgumentException("in.getSequence null");
}
if (seq.length != 3) {
throw new IllegalArgumentException("Invalid PKCS #10 request");
}
data = seq[0].toByteArray(); // reusing this variable
certRequestInfo = seq[0].toByteArray(); // make a copy
id = AlgorithmId.parse(seq[1]);
sigData = seq[2].getBitString();
//
// Inner sequence: version, name, key, attributes
//
@SuppressWarnings("unused")
BigInt serial = seq[0].data.getInteger(); // consume serial
/*
if (serial.toInt () != 0)
throw new IllegalArgumentException ("not PKCS #10 v1");
*/
subject = new X500Name(seq[0].data);
msg = "Request Subject: " + subject + ": ";
byte val1[] = seq[0].data.getDerValue().toByteArray();
subjectPublicKeyInfo = X509Key.parse(new DerValue(val1));
PublicKey publicKey = X509Key.parsePublicKey(new DerValue(val1));
if (publicKey == null) {
logger.error("PKCS10: " + msg + "publicKey null");
throw new SignatureException(msg + "publicKey null");
}
// Cope with a somewhat common illegal PKCS #10 format
if (seq[0].data.available() != 0) {
attributeSet = new PKCS10Attributes(seq[0].data);
} else {
attributeSet = new PKCS10Attributes();
}
//
// OK, we parsed it all ... validate the signature using the
// key and signature algorithm we found.
// temporary commented out
try {
String idName = id.getName();
if (idName.equals("MD5withRSA"))
idName = "MD5/RSA";
else if (idName.equals("MD2withRSA"))
idName = "MD2/RSA";
else if (idName.equals("SHA1withRSA"))
idName = "SHA1/RSA";
else if (idName.equals("SHA1withDSA"))
idName = "SHA1/DSA";
else if (idName.equals("SHA256withRSA"))
idName = "SHA256/RSA";
else if (idName.equals("SHA384withRSA"))
idName = "SHA384/RSA";
else if (idName.equals("SHA512withRSA"))
idName = "SHA512/RSA";
else if (idName.equals("SHA1withEC"))
idName = "SHA1/EC";
else if (idName.equals("SHA256withEC"))
idName = "SHA256/EC";
else if (idName.equals("SHA384withEC"))
idName = "SHA384/EC";
else if (idName.equals("SHA512withEC"))
idName = "SHA512/EC";
if (sigver) {
sig = Signature.getInstance(idName, "Mozilla-JSS");
sig.initVerify(publicKey);
sig.update(data);
if (!sig.verify(sigData)) {
logger.error("PKCS10: " + msg + "sig.verify() failed");
throw new SignatureException(msg + "Invalid PKCS #10 signature");
}
}
} catch (InvalidKeyException e) {
logger.error("PKCS10: " + msg + e.getMessage());
throw new SignatureException(msg + "invalid key", e);
}
logger.debug("PKCS10: ends");
}
public PKCS10(byte data[])
throws IOException, SignatureException, NoSuchAlgorithmException, java.security.NoSuchProviderException {
this(data, true);
}
/**
* Create the signed certificate request. This will later be
* retrieved in either string or binary format.
*
* @param requester identifies the signer (by X.500 name)
* and provides the private key used to sign.
* @exception IOException on errors.
* @exception CertificateException on certificate handling errors.
* @exception SignatureException on signature handling errors.
*/
public void encodeAndSign(X500Signer requester)
throws CertificateException, IOException, SignatureException {
DerOutputStream out, scratch;
byte certificateRequestInfo[];
byte sig[];
if (certificateRequest != null)
throw new SignatureException("request is already signed");
subject = requester.getSigner();
/*
* Encode cert request info, wrap in a sequence for signing
*/
scratch = new DerOutputStream();
scratch.putInteger(new BigInt(0)); // version zero
subject.encode(scratch); // X.500 name
subjectPublicKeyInfo.encode(scratch); // public key
attributeSet.encode(scratch);
out = new DerOutputStream();
out.write(DerValue.tag_Sequence, scratch); // wrap it!
certificateRequestInfo = out.toByteArray();
scratch = out;
/*
* Sign it ...
*/
requester.update(certificateRequestInfo, 0,
certificateRequestInfo.length);
sig = requester.sign();
/*
* Build guts of SIGNED macro
*/
requester.getAlgorithmId().encode(scratch); // sig algorithm
scratch.putBitString(sig); // sig
/*
* Wrap those guts in a sequence
*/
out = new DerOutputStream();
out.write(DerValue.tag_Sequence, scratch);
certificateRequest = out.toByteArray();
}
/**
* Returns the subject's name.
*/
public X500Name getSubjectName() {
return subject;
}
/**
* Returns the subject's public key.
*/
public X509Key getSubjectPublicKeyInfo() {
return subjectPublicKeyInfo;
}
/**
* Returns the additional attributes requested.
*/
public PKCS10Attributes getAttributes() {
return attributeSet;
}
/**
* Returns the encoded and signed certificate request as a
* DER-encoded byte array.
*
* @return the certificate request, or null if encodeAndSign()
* has not yet been called.
*/
public byte[] toByteArray() {
return certificateRequest;
}
/**
* Prints an E-Mailable version of the certificate request on the print
* stream passed. The format is a common base64 encoded one, supported
* by most Certificate Authorities because Netscape web servers have
* used this for some time. Some certificate authorities expect some
* more information, in particular contact information for the web
* server administrator.
*
* @param out the print stream where the certificate request
* will be printed.
* @exception IOException when an output operation failed
* @exception SignatureException when the certificate request was
* not yet signed.
*/
public void print(PrintStream out)
throws IOException, SignatureException {
if (certificateRequest == null)
throw new SignatureException("Cert request was not signed");
out.println(Cert.REQUEST_HEADER);
out.print(Utils.base64encode(certificateRequest, true));
out.println(Cert.REQUEST_FOOTER);
}
/**
* Provides a short description of this request.
*/
@Override
public String toString() {
return "[PKCS #10 certificate request:\n"
+ subjectPublicKeyInfo.toString()
+ " subject: <" + subject + ">" + "\n"
+ " attributes: " + attributeSet.toString()
+ "\n]";
}
/**
* Retrieve the PKCS10 CertificateRequestInfo as a byte array
*/
public byte[] getCertRequestInfo() {
return certRequestInfo;
}
private X500Name subject;
private X509Key subjectPublicKeyInfo;
private PKCS10Attributes attributeSet;
private byte certificateRequest[]; // signed
private byte certRequestInfo[]; // inner content signed
}
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/pkcs/PKCS10Attribute.java�����������������0000664�0000000�0000000�00000020551�14125500636�0030052�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package org.mozilla.jss.netscape.security.pkcs;
import java.io.IOException;
import java.io.OutputStream;
import java.io.Serializable;
import java.lang.reflect.Array;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.security.cert.CertificateException;
import org.mozilla.jss.netscape.security.util.DerEncoder;
import org.mozilla.jss.netscape.security.util.DerInputStream;
import org.mozilla.jss.netscape.security.util.DerOutputStream;
import org.mozilla.jss.netscape.security.util.DerValue;
import org.mozilla.jss.netscape.security.util.ObjectIdentifier;
import org.mozilla.jss.netscape.security.x509.ACertAttrSet;
import org.mozilla.jss.netscape.security.x509.CertAttrSet;
import org.mozilla.jss.netscape.security.x509.Extensions;
import org.mozilla.jss.netscape.security.x509.OIDMap;
/**
* Represent a PKCS Attribute.
*
*
* Attribute :: SEQUENCE {
* type AttributeValue,
* values SET OF AttributeValue
* }
* AttributeValue ::= ANY
*
*
* @author Amit Kapoor
* @author Hemma Prafullchandra
* @version 1.13
*/
public class PKCS10Attribute implements DerEncoder, Serializable {
private static final long serialVersionUID = 2002480042340316170L;
protected ObjectIdentifier attributeId = null;
protected CertAttrSet attributeValue = null;
/**
* Default constructor. Used only by sub-classes.
*/
public PKCS10Attribute() {
}
/**
* Constructs an attribute from a DER encoded array of bytes.
*/
public PKCS10Attribute(DerValue derVal) throws IOException {
if (derVal.tag != DerValue.tag_Sequence) {
throw new IOException("Sequence tag missing for PKCS10Attribute.");
}
DerInputStream in = derVal.toDerInputStream();
// Object identifier
attributeId = in.getOID();
// System.out.println("attribute ID in pkcs10 "+attributeId.toString());
// Rest of the stuff is attribute value(s), wrapped in a SET.
// For now, assume there is only one attribute value present.
DerValue[] inAttrValues = in.getSet(1);
int attrValueNum = inAttrValues.length;
if (attrValueNum > 1) {
throw new IOException("More than one value per attribute not supported");
}
// Read the first attribute value
DerValue inAttrValue = inAttrValues[0];
if (attributeId.equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) {
//pkcs9 extensionAttr
try {
// remove the tag
//DerValue dv = inAttrValue.data.getDerValue();
// hack. toDerInputStream only gives one extension.
DerInputStream fi = new DerInputStream(inAttrValue.toByteArray());
attributeValue = new Extensions(fi);
//CertificateExtensions(fi);
return;
} catch (Exception e) {
throw new IOException(e.toString());
}
}
byte[] val = inAttrValue.toByteArray();
Class[] params = { Object.class };
try {
@SuppressWarnings("unchecked")
ClassDerEncoder interface.
*
* @param out
* the OutputStream on which to write the DER encoding.
*
* @exception IOException on encoding errors.
*/
@Override
public void derEncode(OutputStream out) throws IOException {
try {
encode(out);
} catch (CertificateException ce) {
IOException ioe = new IOException(ce.toString());
ioe.fillInStackTrace();
throw ioe;
}
}
/**
* Returns the ObjectIdentifier of the attribute.
*/
public ObjectIdentifier getAttributeId() {
return (attributeId);
}
/**
* Returns the attribute value as an byte array for further processing.
*/
public CertAttrSet getAttributeValue() {
return (attributeValue);
}
/**
* Returns the attribute in user readable form.
*/
@Override
public String toString() {
String s = "AttributeId: " + attributeId.toString() + "\n";
s += "AttributeValue: " + attributeValue.toString();
return (s);
}
}
�������������������������������������������������������������������������������������������������������������������������������������������������������jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/pkcs/PKCS10Attributes.java����������������0000664�0000000�0000000�00000012720�14125500636�0030234�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package org.mozilla.jss.netscape.security.pkcs;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.mozilla.jss.netscape.security.util.DerEncoder;
import org.mozilla.jss.netscape.security.util.DerInputStream;
import org.mozilla.jss.netscape.security.util.DerOutputStream;
import org.mozilla.jss.netscape.security.util.DerValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* This class defines the PKCS10 attributes for the request.
*
* @author Amit Kapoor
* @author Hemma Prafullchandra
* @version 1.10
*/
public class PKCS10Attributes extends Vector