diff options
author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-10-11 21:07:42 +0000 |
---|---|---|
committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-10-11 21:07:42 +0000 |
commit | 29542dfea4560bb5c8564da3461d2371d02bf964 (patch) | |
tree | face7fe51b2dbef6e7ed232f56788408a95b37f7 /pki/base/console | |
parent | 829fb6d82407e897db53991df55526da2e287a5b (diff) | |
download | pki-29542dfea4560bb5c8564da3461d2371d02bf964.tar.gz pki-29542dfea4560bb5c8564da3461d2371d02bf964.tar.xz pki-29542dfea4560bb5c8564da3461d2371d02bf964.zip |
Bug 518241 - pkiconsole does not launch when CA is configured with ECC
- phase 1: enable all available cipher suites
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1346 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/console')
-rw-r--r-- | pki/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java | 47 |
1 files changed, 33 insertions, 14 deletions
diff --git a/pki/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java b/pki/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java index bd599360c..bc9b8dd94 100644 --- a/pki/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java +++ b/pki/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java @@ -30,6 +30,7 @@ import org.mozilla.jss.ssl.*; import org.mozilla.jss.*; import org.mozilla.jss.util.*; import org.mozilla.jss.crypto.*; +import org.mozilla.jss.pkcs11.*; import javax.swing.*; import java.awt.*; @@ -90,30 +91,43 @@ public class JSSConnection implements IConnection, SSLCertificateApprovalCallbac UtilConsoleGlobals.initJSS(); cf = UtilConsoleGlobals.getX509CertificateFactory(); - try { - cryptoManager = CryptoManager.getInstance(); - } catch (Exception e) { - } + try { + cryptoManager = CryptoManager.getInstance(); + } catch (Exception e) { + } - s = new SSLSocket(host, port, null, 0, this, this); - s.enableSSL3(true); - s.enableSSL3Default(true); - int ciphers[] = s.getImplementedCipherSuites(); + // SSLSocket needs to be set before getting an instance + // to get the ciphers + SSLSocket.enableSSL3Default(true); + int TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005; + int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A; + + int ciphers[] = SSLSocket.getImplementedCipherSuites(); for (int i = 0; ciphers != null && i < ciphers.length; i++) { - Debug.println("NSS Cipher Supported '0x" + + Debug.println("JSSConnection Debug: NSS Cipher Supported '0x" + Integer.toHexString(ciphers[i]) + "'"); - int TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005; + SSLSocket.setCipherPreferenceDefault(ciphers[i], true); /* Enable ECC Cipher */ + if (ciphers[i] == TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA) { - s.setCipherPreference(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, true); + Debug.println("JSSConnection Debug: found TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, setting preference"); + SSLSocket.setCipherPreferenceDefault(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, true); + } + if (ciphers[i] == TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) { + Debug.println("JSSConnection Debug: found TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, setting preference"); + SSLSocket.setCipherPreferenceDefault(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, true); } } + s = new SSLSocket(host, port, null, 0, this, this); +// s.enableSSL3(true); +// s.enableSSL3Default(true); // Initialze Http Input and Output Streams httpIn = s.getInputStream(); httpOut = s.getOutputStream(); - cryptoManager.setPasswordCallback(new pwcb()); + cryptoManager.setPasswordCallback(new pwcb()); + Debug.println("JSSConnection Debug: end of JSSConnection constructor"); } public boolean approve(org.mozilla.jss.crypto.X509Certificate serverCert, @@ -341,7 +355,10 @@ public class JSSConnection implements IConnection, SSLCertificateApprovalCallbac { Thread.sleep(100); } - catch (Exception e) {System.out.println("sleeping "+e.toString());} + catch (Exception e) { + Debug.println("JSSConnection Debug: in sendRequest:"+e.toString()); + System.out.println("sleeping "+e.toString()); + } //System.out.println("Request Sent - bytes:" + httpOut.getTotal()); // Init the Reply stream @@ -465,8 +482,10 @@ public class JSSConnection implements IConnection, SSLCertificateApprovalCallbac //System.out.println("XXX read " + nRead); - if (requestFailed(new String(headerLine))) + if (requestFailed(new String(headerLine))) { + Debug.println("JSSConnection Debug: in readHeader requestFailed"); throw new IOException(getReasonPhrase(new String (headerLine))); + } while (true) { nRead = readLineFromStream(httpIn, headerLine, 0, 1096); |