Hi,all,
I can use JSS to retrieve user certificate and use the certificate to
sign XML strings with software security device, and with PKCS#11 module for
smartcards on Windows too, but fail to sign with smartcards on Linux, JSS
seems to be hanged while initialization.
The PKCS#11 module I use is OpenSC: http://www.opensc.org , it works
prity fine with Mozilla1.3 on Windows.
The java program is below, function getKSDir() get the location of
keystore correctly, and pass it to CryptoManager.initialize(), then JSS(or
JVM?) seems to be hanged, because the applet calls this class is hanged(the
second line indicating JSS is initialized is not printed).
Any idea to find out what is wrong?
Thanks in advance.
Best
Regars
Jean
package cn.com.listener.easytax.signature;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.CryptoManager.InitializationValues;
import org.mozilla.jss.crypto.AlreadyInitializedException;
import org.mozilla.jss.crypto.CryptoStore;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.pkcs11.PK11Token;
import org.mozilla.jss.util.Password;
public class SignWithPKCS11 implements SignWithBrowser {
private CryptoManager manager;
private CryptoToken token;
private CryptoStore store;
private String ksdir =
System.getProperty("user.home")
+ "/Application Data/Mozilla/Profiles/default/flk21wx1.slt";
char[] passchar = { '1', '2', '3', '4', '5', '6', '7', '8' };
Password passwd = null;
private String issuer = new String("ZhuHai Local Taxation Bureau");
private String certNick = ClientInfo.subjectDN + "'s " + issuer + " ID";
private org.mozilla.jss.crypto.X509Certificate cert = null;
public boolean find = false;
public SignWithPKCS11() {
try {
//Detect the location of keystore database and initialize crypto manager
//And then locate the certificate client used to login
CryptoManager.InitializationValues vals =
new CryptoManager.InitializationValues(this.getKSDir());
System.out.println("Ready to initialize JSS.");
CryptoManager.initialize(vals);
System.out.println("JSS initialized.");
} catch (org.mozilla.jss.crypto.AlreadyInitializedException ae){
} catch (Exception e) {
e.printStackTrace();
}
// locate the certificate
try {
manager = CryptoManager.getInstance();
if (!(find = this.findCert()))
System.out.println("Certificate not found!");
} catch (Exception e) {
e.printStackTrace();
}
}
public byte[] sign(String subjectDN, String toSign) {
return this.sign(subjectDN, toSign.getBytes());
}
public byte[] sign(String subjectDN, byte[] toSign) {
try {
PrivateKey pk = manager.findPrivKeyByCert(cert);
// RSA SHA1
Signature signer = Signature.getInstance("SHA1withRSA", "Mozilla-JSS");
signer.initSign(pk);
signer.update(toSign);
return signer.sign();
} catch (Exception e) {
return null;
}
}
public X509Certificate getCert(String subjectDN) {
try {
byte[] der = cert.getEncoded();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate x509cert =
(X509Certificate) cf.generateCertificate(new ByteArrayInputStream(der));
return x509cert;
} catch (Exception e) {
return null;
}
}
public boolean isCard(String subjectDN) {
try {
return (
!(((PK11Token) token).isInternalKeyStorageToken()
|| ((PK11Token) token).isInternalCryptoToken())
&& !(token.getName()).equalsIgnoreCase("Builtin Object Token"));
} catch (Exception e) {
return false;
}
}
public boolean isCardPresent(String subjectDN, boolean msg) {
if (isCard(subjectDN)) {
boolean p = ((PK11Token) token).isPresent();
return p;
}
return false;
}
public boolean deleCert(String subjectDN) {
return true;
}
public boolean deleAllCert(String issuer, String subjectDN) {
return true;
}
public String getKSDir() {
try {
String os=System.getProperty("os.name");
String subdir = "/.mozilla";
if (os.indexOf("Windows")>=0)
subdir = "/Application Data/Mozilla/Profiles";
String udir =
System.getProperty("user.home") + subdir;
File userDir = new File(udir);
String[] pfs = userDir.list();
for (int i = 0; i < pfs.length; i++) {
String pf = userDir + "/" + pfs[i];
File dir = new File(pf);
if (dir.isDirectory()) {
String[] fs = dir.list();
for (int j = 0; j < fs.length; j++)
try {
if ((fs[j].substring(fs[j].length() - 4, fs[j].length()))
.equalsIgnoreCase(".slt")) {
System.out.println(pf + "/" + fs[j]);
return pf + "/" + fs[j];
}
} catch (Exception e) {
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public boolean findCert() {
System.out.println("Cert nick name: " + certNick);
boolean find = false;
Enumeration tokens = manager.getAllTokens();
org.mozilla.jss.crypto.X509Certificate certs[];
while (tokens.hasMoreElements()) {
try {
token = (CryptoToken) tokens.nextElement();
System.out.println(token.getName());
store = token.getCryptoStore();
String tokenName = "";
if (!(((PK11Token) token).isInternalKeyStorageToken()
|| ((PK11Token) token).isInternalCryptoToken())
&& !(token.getName()).equalsIgnoreCase("Builtin Object Token"))
tokenName = token.getName() + ":";
//If is external token and not login, login first
if (token.isLoggedIn() == false && tokenName.length() > 0) {
passwd = new Password((char[]) passchar.clone());
token.login(passwd);
}
certs = (org.mozilla.jss.crypto.X509Certificate[])
store.getCertificates();
String tokNick = tokenName + certNick;
for (int i = 0; i < certs.length; i++) {
System.out.println(certs[i].getNickname());
if ((certs[i].getNickname()).equalsIgnoreCase(tokNick)) {
find = true;
cert = certs[i];
break;
}
}
} catch (Exception e) {
e.printStackTrace();
} finally {
if (find == true)
break;
}
}
if (find == true) {
try {
System.out.println("Token: " + token.getName());
System.out.println(cert.getNickname());
} catch (Exception e) {
}
}
return find;
}
}
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
