diff --git a/mozilla/security/jss/org/mozilla/jss/manage/CryptoManager.c b/mozilla/security/jss/org/mozilla/jss/manage/CryptoManager.c index 23728b22131..fce16f3002a 100644 --- a/mozilla/security/jss/org/mozilla/jss/manage/CryptoManager.c +++ b/mozilla/security/jss/org/mozilla/jss/manage/CryptoManager.c @@ -69,20 +69,20 @@ struct CERTCertDBHandleStr { PZMonitor *dbMon; }; -/* -** NOTE: We must declare a function "prototype" for the following function -** since it is defined in the "private" NSPR 2.0 header files, -** specifically "ns/nspr20/pr/include/private/pprthred.h". -** -** Get this thread's affinity mask. The affinity mask is a 32 bit quantity -** marking a bit for each processor this process is allowed to run on. -** The processor mask is returned in the mask argument. -** The least-significant-bit represents processor 0. -** -** Returns 0 on success, -1 on failure. -*/ -PRInt32 -PR_GetThreadAffinityMask(PRThread *thread, PRUint32 *mask); +/********************************************************************/ +/* The following VERSION Strings should be updated in the following */ +/* files everytime a new release of JSS is generated: */ +/* */ +/* jss.jar: ns/ninja/org/mozilla/jss/manage/CryptoManager.java */ +/* jss.dll: ns/ninja/org/mozilla/jss/manage/CryptoManager.c */ +/* */ +/********************************************************************/ + +static const char* DLL_JSS_VERSION = "JSS_VERSION = JSS_3_0"; +static const char* DLL_JDK_VERSION = "JDK_VERSION = JDK 1.2.2"; +static const char* DLL_NSS_VERSION = "NSS_VERSION = NSS_3_2_RTM"; +static const char* DLL_DBM_VERSION = "DBM_VERSION = NSS_3_1_1_RTM"; +static const char* DLL_NSPR_VERSION = "NSPR_VERSION = NSPRPUB_RELEASE_4_1"; static jobject makePWCBInfo(JNIEnv *env, PK11SlotInfo *slot); @@ -396,9 +396,10 @@ Java_org_mozilla_jss_CryptoManager_initializeAllNative */ void JSS_completeInitialize(JNIEnv *env, - jstring modDBName, - jstring keyDBName, - jstring certDBName, + jstring configDir, + jstring certPrefix, + jstring keyPrefix, + jstring secmodName, jboolean readOnly, jstring manuString, jstring libraryString, @@ -412,13 +413,13 @@ JSS_completeInitialize(JNIEnv *env, jstring ocspResponderURL, jstring ocspResponderCertNickname ) { - CERTCertDBHandle *cdb_handle=NULL; - SECKEYKeyDBHandle *kdb_handle=NULL; SECStatus rv = SECFailure; - PRStatus status = PR_FAILURE; JavaVM *VMs[5]; jint numVMs; - char *szDBName = NULL; /* C string version of a database filename */ + char *szConfigDir = NULL; + char *szCertPrefix = NULL; + char *szKeyPrefix = NULL; + char *szSecmodName = NULL; char *manuChars=NULL; char *libraryChars=NULL; char *tokChars=NULL; @@ -427,76 +428,17 @@ JSS_completeInitialize(JNIEnv *env, char *keySlotChars=NULL; char *fipsChars=NULL; char *fipsKeyChars=NULL; + PRUint32 initFlags; /* This is thread-safe because initialize is synchronized */ static PRBool initialized=PR_FALSE; - /* - * Initialize NSPR and the RNG - */ - if( simpleInitialize(env) != PR_SUCCESS ) { - PR_ASSERT((*env)->ExceptionOccurred(env)); - return; - } - - - PR_ASSERT(env!=NULL && modDBName!=NULL && certDBName!=NULL - && keyDBName!=NULL); - /* Make sure initialize() completes only once */ if(initialized) { JSS_throw(env, ALREADY_INITIALIZED_EXCEPTION); return; } - /* - * Initialize the private key database. - */ - szDBName = (char*) (*env)->GetStringUTFChars(env, keyDBName, NULL); - PR_ASSERT(szDBName != NULL); - /* Bug #299899: OpenKeyDBFilename is broken. */ - kdb_handle = SECKEY_OpenKeyDB( readOnly, - keyDBNameCallback, - (void*) szDBName); - (*env)->ReleaseStringUTFChars(env, keyDBName, szDBName); - if (kdb_handle != NULL) { - SECKEY_SetDefaultKeyDB(kdb_handle); - } else { - char *err; - PR_smprintf(err, "Unable to open key database %s", szDBName); - JSS_nativeThrowMsg(env, KEY_DATABASE_EXCEPTION, err); - PR_smprintf_free(err); - goto finish; - } - - /* - * Initialize the certificate database. - */ - cdb_handle = PR_NEWZAP(CERTCertDBHandle); - if(cdb_handle == NULL) { - JSS_nativeThrowMsg(env, - OUT_OF_MEMORY_ERROR, - "creating certificate database handle"); - goto finish; - } - - szDBName = (char*) (*env)->GetStringUTFChars(env, certDBName, NULL); - PR_ASSERT(szDBName != NULL); - /* Bug #299899: OpenCertDBFilename is broken. */ - rv = CERT_OpenCertDB(cdb_handle, readOnly, - certDBNameCallback, szDBName); - (*env)->ReleaseStringUTFChars(env, certDBName, szDBName); - - if (rv == SECSuccess) { - CERT_SetDefaultCertDB(cdb_handle); - } else { - char *err; - PR_smprintf(err, "Unable to open certificate database %s", szDBName); - JSS_nativeThrowMsg(env, CERT_DATABASE_EXCEPTION, err); - PR_smprintf_free(err); - goto finish; - } - /* * Set the PKCS #11 strings */ @@ -532,14 +474,30 @@ JSS_completeInitialize(JNIEnv *env, PR_FALSE /* password required */ ); + /* - * Open the PKCS #11 Module database + * Set up arguments to NSS_Initialize */ - szDBName = (char *) (*env)->GetStringUTFChars(env, modDBName, NULL); - PR_ASSERT(szDBName != NULL); - SECMOD_init(szDBName); - /* !!! SECMOD_init doesn't return an error code: Bug #262562 */ - (*env)->ReleaseStringUTFChars(env, modDBName, szDBName); + szConfigDir = (char*) (*env)->GetStringUTFChars(env, configDir, NULL); + szCertPrefix = (char*) (*env)->GetStringUTFChars(env, certPrefix, NULL); + szKeyPrefix = (char*) (*env)->GetStringUTFChars(env, keyPrefix, NULL); + szSecmodName = (char*) (*env)->GetStringUTFChars(env, secmodName, NULL); + initFlags = 0; + if( readOnly ) { + initFlags |= NSS_INIT_READONLY; + } + + /* + * Initialize NSS. + */ + rv = NSS_Initialize(szConfigDir, szCertPrefix, szKeyPrefix, szSecmodName, + initFlags); + if( rv != SECSuccess ) { + JSS_throwMsg(env, SECURITY_EXCEPTION, + "Unable to initialize security library"); + goto finish; + } + /* * Set default password callback. This is the only place this @@ -587,27 +545,16 @@ JSS_completeInitialize(JNIEnv *env, initialized = PR_TRUE; - status = PR_SUCCESS; - finish: - if(status == PR_FAILURE) { - if(cdb_handle) { - if(CERT_GetDefaultCertDB() == cdb_handle) { - CERT_SetDefaultCertDB(NULL); - } - CERT_ClosePermCertDB(cdb_handle); - PR_Free(cdb_handle); - } - if(kdb_handle) { - if(SECKEY_GetDefaultKeyDB() == kdb_handle) { - SECKEY_SetDefaultKeyDB(NULL); - } - SECKEY_CloseKeyDB(kdb_handle); - /* CloseKeyDB also frees the handle */ - } - } - /* LET'S BE CAREFUL. Unbraced if statements ahead. */ + if(szConfigDir) + (*env)->ReleaseStringUTFChars(env, configDir, szConfigDir); + if(szCertPrefix) + (*env)->ReleaseStringUTFChars(env, certPrefix, szCertPrefix); + if(szKeyPrefix) + (*env)->ReleaseStringUTFChars(env, keyPrefix, szKeyPrefix); + if(szSecmodName) + (*env)->ReleaseStringUTFChars(env, secmodName, szSecmodName); if(manuChars) (*env)->ReleaseStringUTFChars(env, manuString, manuChars); if(libraryChars) diff --git a/mozilla/security/jss/org/mozilla/jss/manage/CryptoManager.java b/mozilla/security/jss/org/mozilla/jss/manage/CryptoManager.java index 5f072e1591d..d4323d26a4c 100644 --- a/mozilla/security/jss/org/mozilla/jss/manage/CryptoManager.java +++ b/mozilla/security/jss/org/mozilla/jss/manage/CryptoManager.java @@ -51,7 +51,7 @@ import org.mozilla.jss.CRLImportException; * Initialization is done with static methods, and must be done before * an instance can be created. All other operations are done with instance * methods. - * @version $Revision: 1.4 $ $Date: 2001-03-23 19:50:02 $ + * @version $Revision: 1.5 $ $Date: 2001-04-03 04:08:19 $ */ public final class CryptoManager implements TokenSupplier { @@ -110,37 +110,23 @@ public final class CryptoManager implements TokenSupplier public static final FIPSMode UNCHANGED = new FIPSMode(); } - /** - * Creates a new set of CryptoManager initialization values. - * These values should be passed into - * CryptoManager.initialize(). All the values have - * defaults, except for modDBName, keyDBName, and certDBName, - * which are passed in as parameters. All the values can be - * modified after this constructor has been called. - */ - public InitializationValues( String modDBName, - String keyDBName, - String certDBName ) - { - this.modDBName = modDBName; - this.keyDBName = keyDBName; - this.certDBName = certDBName; + public InitializationValues(String configDir) { + this.configDir = configDir; } - /** - * The path of the security module database (secmod[ule].db). - */ - public String modDBName; + public InitializationValues(String configDir, String certPrefix, + String keyPrefix, String secmodName) + { + this.configDir = configDir; + this.certPrefix = certPrefix; + this.keyPrefix = keyPrefix; + this.secmodName = secmodName; + } - /** - * The path of the key database (key3.db). - */ - public String keyDBName; - - /** - * The path of the certificate database (cert7.db). - */ - public String certDBName; + public String configDir = null; + public String certPrefix = null; + public String keyPrefix = null; + public String secmodName = null; /** * The password callback to be used by JSS whenever a password @@ -743,28 +729,19 @@ public final class CryptoManager implements TokenSupplier * an exception. It is OK to call them after calling * initialize(). * - * @param modDBName The full path, relative or absolute, of the security - * module database. - * @param keyDBName The full path, relative or absolute, of the key - * database. - * @param certDBName The full path, relative or absolute, of the - * certificate database. + * @param configDir The directory containing the security databases. * @exception org.mozilla.jss.util.KeyDatabaseException Unable to open * the key database, or it was currupted. * @exception org.mozilla.jss.util.CertDatabaseException Unable * to open the certificate database, or it was currupted. **/ - public static synchronized void initialize( String modDBName, - String keyDBName, - String certDBName ) + public static synchronized void initialize( String configDir ) throws KeyDatabaseException, CertDatabaseException, AlreadyInitializedException, GeneralSecurityException { - InitializationValues vals = - new InitializationValues( modDBName, keyDBName, certDBName ); - initialize( vals ); + initialize( new InitializationValues(configDir) ); } /** @@ -798,9 +775,10 @@ public final class CryptoManager implements TokenSupplier "Must set ocspResponderCertNickname"); } } - initializeAllNative(values.modDBName, - values.keyDBName, - values.certDBName, + initializeAllNative(values.configDir, + values.certPrefix, + values.keyPrefix, + values.secmodName, values.readOnly, values.getManufacturerID(), values.getLibraryDescription(), @@ -839,9 +817,10 @@ public final class CryptoManager implements TokenSupplier } private static native void - initializeAllNative(String modDBName, - String keyDBName, - String certDBName, + initializeAllNative(String configDir, + String certPrefix, + String keyPrefix, + String secmodName, boolean readOnly, String manufacturerID, String libraryDescription, @@ -1264,4 +1243,52 @@ public final class CryptoManager implements TokenSupplier public static final int DOMESTIC_POLICY=1; public static final int EXPORT_POLICY=2; public static final int FRANCE_POLICY=3; + + + /********************************************************************/ + /* The following VERSION Strings should be updated in the following */ + /* files everytime a new release of JSS is generated: */ + /* */ + /* jss.jar: ns/ninja/org/mozilla/jss/manage/CryptoManager.java */ + /* jss.dll: ns/ninja/org/mozilla/jss/manage/CryptoManager.c */ + /* */ + /********************************************************************/ + + public static final String + JAR_JSS_VERSION = "JSS_VERSION = JSS_3_0"; + public static final String + JAR_JDK_VERSION = "JDK_VERSION = JDK 1.2.2"; + public static final String + JAR_NSS_VERSION = "NSS_VERSION = NSS_3_2_RTM"; + public static final String + JAR_DBM_VERSION = "DBM_VERSION = NSS_3_1_1_RTM"; + public static final String + JAR_NSPR_VERSION = "NSPR_VERSION = NSPRPUB_RELEASE_4_1"; + + /** + * Loads the JSS dynamic library if necessary. + * The system property "jss.load" will be set to "no" by jssjava + * because it is statically linked to the jss libraries. If this + * property is not set, that means we are not running jssjava + * and need to dynamically load the library. + *

This method is idempotent. + */ + synchronized static void loadNativeLibraries() + { + if( ! mNativeLibrariesLoaded && + ! ("no").equals(System.getProperty("jss.load")) ) + { + try { + Debug.trace(Debug.VERBOSE, "about to load jss library"); + System.loadLibrary("jss3"); + Debug.trace(Debug.VERBOSE, "jss library loaded"); + } catch( UnsatisfiedLinkError e) { + Debug.trace(Debug.ERROR, "ERROR: Unable to load jss library"); + throw e; + } + mNativeLibrariesLoaded = true; + } + } + static private boolean mNativeLibrariesLoaded = false; + } diff --git a/mozilla/security/jss/org/mozilla/jss/manage/NSSInit.java b/mozilla/security/jss/org/mozilla/jss/manage/NSSInit.java deleted file mode 100644 index d1c8ab5e4fc..00000000000 --- a/mozilla/security/jss/org/mozilla/jss/manage/NSSInit.java +++ /dev/null @@ -1,198 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape Security Services for Java. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -package org.mozilla.jss; - -import org.mozilla.jss.util.Debug; -import org.mozilla.jss.util.PasswordCallback; -import org.mozilla.jss.util.ConsolePasswordCallback; -import org.mozilla.jss.KeyDatabaseException; -import org.mozilla.jss.CertDatabaseException; -import org.mozilla.jss.crypto.AlreadyInitializedException; - -/** - * This class initializes Java NSS and sets up the password callback. - */ -public final class NSSInit { - - /********************************************************************/ - /* The following VERSION Strings should be updated in the following */ - /* files everytime a new release of JSS is generated: */ - /* */ - /* jssjava: ns/ninja/cmd/jssjava/jssjava.c */ - /* jss.jar: ns/ninja/org/mozilla/jss/manage/NSSInit.java */ - /* jss.dll: ns/ninja/org/mozilla/jss/manage/NSSInit.c */ - /* */ - /********************************************************************/ - - public static final String - JAR_JSS_VERSION = "JSS_VERSION = JSS_3_0"; - public static final String - JAR_JDK_VERSION = "JDK_VERSION = JDK 1.2.2"; - public static final String - JAR_NSS_VERSION = "NSS_VERSION = NSS_3_2_RTM"; - public static final String - JAR_DBM_VERSION = "DBM_VERSION = NSS_3_1_1_RTM"; - public static final String - JAR_NSPR_VERSION = "NSPR_VERSION = NSPRPUB_RELEASE_4_1"; - - /** - * Loads the JSS dynamic library if necessary. - * The system property "jss.load" will be set to "no" by jssjava - * because it is statically linked to the jss libraries. If this - * property is not set, that means we are not running jssjava - * and need to dynamically load the library. - *

This method is idempotent. - */ - synchronized static void loadNativeLibraries() - { - if( ! mNativeLibrariesLoaded && - ! ("no").equals(System.getProperty("jss.load")) ) - { - try { - Debug.trace(Debug.VERBOSE, "about to load jss library"); - System.loadLibrary("jss3"); - Debug.trace(Debug.VERBOSE, "jss library loaded"); - } catch( UnsatisfiedLinkError e) { - Debug.trace(Debug.ERROR, "ERROR: Unable to load jss library"); - throw e; - } - mNativeLibrariesLoaded = true; - } - } - static private boolean mNativeLibrariesLoaded = false; - - /** - * Initialize Java NSS. This method opens the security module, key, - * and certificate databases and initializes the Random Number Generator. - * The certificate and key databases are opened in read-only mode. - * - *

This method also attempts to load the native implementation library. - * On UNIX systems, this library is named libjss.so, - * and it must be present in the LD_LIBRARY_PATH. - * On Windows systems, the library is named - * jss.dll and must be present in the PATH. - * If the library cannot be found, an UnsatisfiedLinkError - * is thrown. - * - *

This method should only be called once by an application, - * otherwise an - * AlreadyInitializedException will be thrown. - * - * @param modDBName The complete path, relative or absolute, of the - * security module database. - * If it does not exist, it will be created. - * @param keyDBName The complete path, relative or absolute, of the key - * database. It must already exist. - * @param certDBName The complete path, relative or absolute, of the - * certificate database. It must already exist. - * @exception KeyDatabaseException If the key database does not exist - * or cannot be opened. - * @exception CertDatabaseException If the certificate database does - * not exist or cannot be opened. - * @exception AlreadyInitializedException If this method has already - * been called. - * @exception UnsatisfiedLinkError If the implementation dynamic library - * cannot be found or loaded. - */ - public static synchronized void - initialize( String modDBName, String keyDBName, - String certDBName ) - throws KeyDatabaseException, CertDatabaseException, - AlreadyInitializedException - { - if (mNSSInitialized) throw new AlreadyInitializedException(); - - loadNativeLibraries(); - initializeNative(modDBName, - keyDBName, - certDBName, - true, // readOnly - "mozilla.org ", - "Internal Crypto Services ", - "Internal Crypto Services Token ", - "Internal Key Storage Token ", - "NSS Internal Cryptographic Services ", - "NSS Internal Private Key and Certificate Storage ", - "NSS Internal FIPS-140-1 Cryptographic Services ", - "NSS Internal FIPS-140-1 Private Key and Certificate Storage "); - - setPasswordCallback( new ConsolePasswordCallback() ); - mNSSInitialized = true; - } - static private boolean mNSSInitialized = false; - - /** - * Indicates whether Java NSS has been initialized. - * - * @return true if initialize has been called, - * false otherwise. - */ - public static synchronized boolean isInitialized() - { - return mNSSInitialized; - } - - private static native void initializeNative( - String modDBName, - String keyDBName, - String certDBName, - boolean readOnly, - String manuString, - String libraryString, - String tokString, - String keyTokString, - String slotString, - String keySlotString, - String fipsString, - String fipsKeyString) - throws KeyDatabaseException, CertDatabaseException, - AlreadyInitializedException; - - /** - * Sets the password callback. - * This password callback will be called when access is required - * to the key database, and to any PKCS #11 token. Once a token - * has been logged into successfully, it is not necessary to login to - * that token again. By default, - * a ConsolePasswordCallback is used to obtain passwords - * from the console. - * - *

This method may be called multiple times to alter the password - * callback. - * - * @see org.mozilla.jss.util.PasswordCallback - * @see org.mozilla.jss.util.ConsolePasswordCallback - */ - public static synchronized native void - setPasswordCallback(PasswordCallback cb); -} diff --git a/mozilla/security/jss/org/mozilla/jss/manage/manifest.mn b/mozilla/security/jss/org/mozilla/jss/manage/manifest.mn index fcc3b51c3b5..4ad7fd8e271 100644 --- a/mozilla/security/jss/org/mozilla/jss/manage/manifest.mn +++ b/mozilla/security/jss/org/mozilla/jss/manage/manifest.mn @@ -43,7 +43,6 @@ PACKAGE = org/mozilla/jss JNI_GEN = \ org.mozilla.jss.DatabaseCloser \ org.mozilla.jss.CryptoManager \ - org.mozilla.jss.NSSInit \ $(NULL) CLASSES = \ @@ -52,7 +51,6 @@ CLASSES = \ CryptoManager \ KeyDatabaseException \ NoSuchTokenException \ - NSSInit \ DatabaseCloser \ $(NULL) @@ -62,14 +60,12 @@ JSRCS = \ CryptoManager.java \ KeyDatabaseException.java \ NoSuchTokenException.java \ - NSSInit.java \ DatabaseCloser.java \ $(NULL) CSRCS = \ CryptoManager.c \ PK11Finder.c \ - NSSInit.c \ $(NULL)