1 files changed, 53 insertions, 12 deletions

diff --git a/base/java-tools/src/com/netscape/cmstools/HttpClient.java b/base/java-tools/src/com/netscape/cmstools/HttpClient.java
index fe89dd428..cd6a6ea18 100644
--- a/base/java-tools/src/com/netscape/cmstools/HttpClient.java
+++ b/base/java-tools/src/com/netscape/cmstools/HttpClient.java
@@ -49,6 +49,7 @@ import com.netscape.cmsutil.util.Utils;
  * @version $Revision$, $Date$
  */
 public class HttpClient {
+    public static final String PR_INTERNAL_TOKEN_NAME = "internal";
     private String _host = null;
     private int _port = 0;
     private boolean _secure = false;
@@ -61,6 +62,18 @@ public class HttpClient {
             SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5,
             SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
             SSLSocket.SSL3_RSA_WITH_NULL_MD5,
+            SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+            SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+            SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+            SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+            SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA,
+            SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA,
+            SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+            SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+            SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
+            SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
+            SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+            SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
             0
     };
 
@@ -104,7 +117,7 @@ public class HttpClient {
         return bytes;
     }
 
-    public void send(String ifilename, String ofilename, String dbdir,
+    public void send(String ifilename, String ofilename, String tokenName, String dbdir,
             String nickname, String password, String servlet, String clientmode)
             throws Exception {
         DataOutputStream dos = null;
@@ -121,37 +134,57 @@ public class HttpClient {
                 CryptoManager.InitializationValues vals =
                         new CryptoManager.InitializationValues(dbdir, "", "", "secmod.db");
                 CryptoManager.initialize(vals);
-                sslSocket = new SSLSocket(_host, _port);
+                CryptoManager cm = CryptoManager.getInstance();
+                CryptoToken token = null;
+                if ((tokenName == null) || (tokenName.equals(""))) {
+                    token = cm.getInternalKeyStorageToken();
+                    tokenName = PR_INTERNAL_TOKEN_NAME;
+                } else {
+                    token = cm.getTokenByName(tokenName);
+                }
+                cm.setThreadToken(token);
+                Password pass = new Password(password.toCharArray());
+                token.login(pass);
+
                 int i;
 
                 for (i = SSLSocket.SSL2_RC4_128_WITH_MD5; i <= SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5; ++i) {
                     try {
-                        sslSocket.setCipherPreference(i, true);
+                        SSLSocket.setCipherPreferenceDefault(i, false);
                     } catch (SocketException e) {
                     }
                 }
                 //skip SSL_EN_IDEA_128_EDE3_CBC_WITH_MD5
                 for (i = SSLSocket.SSL2_DES_64_CBC_WITH_MD5; i <= SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5; ++i) {
                     try {
-                        sslSocket.setCipherPreference(i, true);
+                        SSLSocket.setCipherPreferenceDefault(i, false);
                     } catch (SocketException e) {
                     }
                 }
                 for (i = 0; cipherSuites[i] != 0; ++i) {
                     try {
-                        sslSocket.setCipherPreference(cipherSuites[i], true);
+                        SSLSocket.setCipherPreferenceDefault(cipherSuites[i], true);
                     } catch (SocketException e) {
                     }
                 }
                 SSLHandshakeCompletedListener listener = new ClientHandshakeCB(this);
+                sslSocket = new SSLSocket(_host, _port);
                 sslSocket.addHandshakeCompletedListener(listener);
 
+                CryptoToken tt = cm.getThreadToken();
+                System.out.println("after SSLSocket created, thread token is "+ tt.getName());
+
                 if (clientmode != null && clientmode.equals("true")) {
-                    CryptoManager cm = CryptoManager.getInstance();
-                    CryptoToken token = cm.getInternalKeyStorageToken();
-                    Password pass = new Password(password.toCharArray());
-                    token.login(pass);
-                    X509Certificate cert = cm.findCertByNickname(nickname);
+                    StringBuffer certname = new StringBuffer();
+                    if (!token.equals(cm.getInternalKeyStorageToken())) {
+                        certname.append(tokenName);
+                        certname.append(":");
+                    }
+                    certname.append(nickname);
+
+                    X509Certificate cert =
+                        cm.findCertByNickname(certname.toString());
+
                     if (cert == null)
                         System.out.println("client cert is null");
                     else
@@ -174,6 +207,7 @@ public class HttpClient {
                 System.out.println("Missing servlet name.");
                 printUsage();
             } else {
+                System.out.println("writing to socket");
                 String s = "POST " + servlet + " HTTP/1.0\r\n";
                 dos.writeBytes(s);
             }
@@ -261,6 +295,7 @@ public class HttpClient {
         System.out.println("port=1025");
         System.out.println("");
         System.out.println("#secure: true for secure connection, false for nonsecure connection");
+        System.out.println("#For secure connection, in an ECC setup, must set environment variable 'export NSS_USE_DECODED_CKA_EC_POINT=1' prior to running this command");
         System.out.println("secure=false");
         System.out.println("");
         System.out.println("#input: full path for the enrollment request, the content must be in binary format");
@@ -269,6 +304,10 @@ public class HttpClient {
         System.out.println("#output: full path for the response in binary format");
         System.out.println("output=/u/doc/cmcResp");
         System.out.println("");
+        System.out.println("#tokenname: name of token where SSL client authentication cert can be found (default is internal)");
+        System.out.println("#This parameter will be ignored if secure=false");
+        System.out.println("tokenname=hsmname");
+        System.out.println("");
         System.out.println("#dbdir: directory for cert8.db, key3.db and secmod.db");
         System.out.println("#This parameter will be ignored if secure=false");
         System.out.println("dbdir=/u/smith/.netscape");
@@ -292,7 +331,7 @@ public class HttpClient {
     }
 
     public static void main(String args[]) {
-        String host = null, portstr = null, secure = null, dbdir = null, nickname = null;
+        String host = null, portstr = null, secure = null, tokenName = null, dbdir = null, nickname = null;
         String password = null, ofilename = null, ifilename = null;
         String servlet = null;
         String clientmode = null;
@@ -338,6 +377,8 @@ public class HttpClient {
                             portstr = val;
                         } else if (name.equals("secure")) {
                             secure = val;
+                        } else if (name.equals("tokenname")) {
+                            tokenName = val;
                         } else if (name.equals("dbdir")) {
                             dbdir = val;
                         } else if (name.equals("nickname")) {
@@ -409,7 +450,7 @@ public class HttpClient {
         try {
             HttpClient client =
                     new HttpClient(host, port, secure);
-            client.send(ifilename, ofilename, dbdir, nickname, password, servlet, clientmode);
+            client.send(ifilename, ofilename, tokenName,  dbdir, nickname, password, servlet, clientmode);
         } catch (Exception e) {
             System.out.println("Error: " + e.toString());
         }