diff options
author | Christina Fu <cfu@redhat.com> | 2013-01-15 23:59:24 -0800 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2013-01-15 23:58:46 -0500 |
commit | 7a0252247e860806d6456e997149602c9750206a (patch) | |
tree | cb72b43ee39d7bf777dcf09702dbc7bc7bd4e51c /base/java-tools/src/com/netscape/cmstools/HttpClient.java | |
parent | 3dc5d33f394c30071b3c8794c8adb2e7dcd54e5c (diff) | |
download | pki-7a0252247e860806d6456e997149602c9750206a.tar.gz pki-7a0252247e860806d6456e997149602c9750206a.tar.xz pki-7a0252247e860806d6456e997149602c9750206a.zip |
https://fedorahosted.org/pki/ticket/362 RFE: CMC ECC
Diffstat (limited to 'base/java-tools/src/com/netscape/cmstools/HttpClient.java')
-rw-r--r-- | base/java-tools/src/com/netscape/cmstools/HttpClient.java | 65 |
1 files changed, 53 insertions, 12 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/HttpClient.java b/base/java-tools/src/com/netscape/cmstools/HttpClient.java index fe89dd428..cd6a6ea18 100644 --- a/base/java-tools/src/com/netscape/cmstools/HttpClient.java +++ b/base/java-tools/src/com/netscape/cmstools/HttpClient.java @@ -49,6 +49,7 @@ import com.netscape.cmsutil.util.Utils; * @version $Revision$, $Date$ */ public class HttpClient { + public static final String PR_INTERNAL_TOKEN_NAME = "internal"; private String _host = null; private int _port = 0; private boolean _secure = false; @@ -61,6 +62,18 @@ public class HttpClient { SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5, SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSLSocket.SSL3_RSA_WITH_NULL_MD5, + SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, + SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA, + SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA, + SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA, + SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 0 }; @@ -104,7 +117,7 @@ public class HttpClient { return bytes; } - public void send(String ifilename, String ofilename, String dbdir, + public void send(String ifilename, String ofilename, String tokenName, String dbdir, String nickname, String password, String servlet, String clientmode) throws Exception { DataOutputStream dos = null; @@ -121,37 +134,57 @@ public class HttpClient { CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues(dbdir, "", "", "secmod.db"); CryptoManager.initialize(vals); - sslSocket = new SSLSocket(_host, _port); + CryptoManager cm = CryptoManager.getInstance(); + CryptoToken token = null; + if ((tokenName == null) || (tokenName.equals(""))) { + token = cm.getInternalKeyStorageToken(); + tokenName = PR_INTERNAL_TOKEN_NAME; + } else { + token = cm.getTokenByName(tokenName); + } + cm.setThreadToken(token); + Password pass = new Password(password.toCharArray()); + token.login(pass); + int i; for (i = SSLSocket.SSL2_RC4_128_WITH_MD5; i <= SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5; ++i) { try { - sslSocket.setCipherPreference(i, true); + SSLSocket.setCipherPreferenceDefault(i, false); } catch (SocketException e) { } } //skip SSL_EN_IDEA_128_EDE3_CBC_WITH_MD5 for (i = SSLSocket.SSL2_DES_64_CBC_WITH_MD5; i <= SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5; ++i) { try { - sslSocket.setCipherPreference(i, true); + SSLSocket.setCipherPreferenceDefault(i, false); } catch (SocketException e) { } } for (i = 0; cipherSuites[i] != 0; ++i) { try { - sslSocket.setCipherPreference(cipherSuites[i], true); + SSLSocket.setCipherPreferenceDefault(cipherSuites[i], true); } catch (SocketException e) { } } SSLHandshakeCompletedListener listener = new ClientHandshakeCB(this); + sslSocket = new SSLSocket(_host, _port); sslSocket.addHandshakeCompletedListener(listener); + CryptoToken tt = cm.getThreadToken(); + System.out.println("after SSLSocket created, thread token is "+ tt.getName()); + if (clientmode != null && clientmode.equals("true")) { - CryptoManager cm = CryptoManager.getInstance(); - CryptoToken token = cm.getInternalKeyStorageToken(); - Password pass = new Password(password.toCharArray()); - token.login(pass); - X509Certificate cert = cm.findCertByNickname(nickname); + StringBuffer certname = new StringBuffer(); + if (!token.equals(cm.getInternalKeyStorageToken())) { + certname.append(tokenName); + certname.append(":"); + } + certname.append(nickname); + + X509Certificate cert = + cm.findCertByNickname(certname.toString()); + if (cert == null) System.out.println("client cert is null"); else @@ -174,6 +207,7 @@ public class HttpClient { System.out.println("Missing servlet name."); printUsage(); } else { + System.out.println("writing to socket"); String s = "POST " + servlet + " HTTP/1.0\r\n"; dos.writeBytes(s); } @@ -261,6 +295,7 @@ public class HttpClient { System.out.println("port=1025"); System.out.println(""); System.out.println("#secure: true for secure connection, false for nonsecure connection"); + System.out.println("#For secure connection, in an ECC setup, must set environment variable 'export NSS_USE_DECODED_CKA_EC_POINT=1' prior to running this command"); System.out.println("secure=false"); System.out.println(""); System.out.println("#input: full path for the enrollment request, the content must be in binary format"); @@ -269,6 +304,10 @@ public class HttpClient { System.out.println("#output: full path for the response in binary format"); System.out.println("output=/u/doc/cmcResp"); System.out.println(""); + System.out.println("#tokenname: name of token where SSL client authentication cert can be found (default is internal)"); + System.out.println("#This parameter will be ignored if secure=false"); + System.out.println("tokenname=hsmname"); + System.out.println(""); System.out.println("#dbdir: directory for cert8.db, key3.db and secmod.db"); System.out.println("#This parameter will be ignored if secure=false"); System.out.println("dbdir=/u/smith/.netscape"); @@ -292,7 +331,7 @@ public class HttpClient { } public static void main(String args[]) { - String host = null, portstr = null, secure = null, dbdir = null, nickname = null; + String host = null, portstr = null, secure = null, tokenName = null, dbdir = null, nickname = null; String password = null, ofilename = null, ifilename = null; String servlet = null; String clientmode = null; @@ -338,6 +377,8 @@ public class HttpClient { portstr = val; } else if (name.equals("secure")) { secure = val; + } else if (name.equals("tokenname")) { + tokenName = val; } else if (name.equals("dbdir")) { dbdir = val; } else if (name.equals("nickname")) { @@ -409,7 +450,7 @@ public class HttpClient { try { HttpClient client = new HttpClient(host, port, secure); - client.send(ifilename, ofilename, dbdir, nickname, password, servlet, clientmode); + client.send(ifilename, ofilename, tokenName, dbdir, nickname, password, servlet, clientmode); } catch (Exception e) { System.out.println("Error: " + e.toString()); } |