rpms/jss
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- Bugzilla Bug # 638833 - rfe ecc - add ec curve name support in JSS and CS

Browse Source 
- Bugzilla Bug # 529945 - expose NSS calls for OCSP settings
This commit is contained in:
Kevin Wright 2010-11-02 15:05:40 -07:00
parent a0982c4698
commit 6722db77ab
4 changed files with 607 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +1,2 @@
jss-4.2.6.tar.gz
/jss-4.2.6.tar.gz

490
jss-ECC_keygen_byCurveName.patch Normal file
View File

@ -0,0 +1,490 @@
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java.fix jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java.fix 2010-10-20 09:54:35.189680000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java 2010-10-20 10:54:53.154835000 -0700
@@ -196,7 +196,10 @@ public class KeyPairGenerator {
engine.setKeyPairUsages(usages,usages_mask);
}
-
+ public int getCurveCodeByName(String curveName)
+ throws InvalidParameterException {
+ return engine.getCurveCodeByName(curveName);
+ }
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java.fix jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java.fix 2010-10-20 09:54:52.393628000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java 2010-10-20 10:55:39.441698000 -0700
@@ -94,4 +94,6 @@ public abstract class KeyPairGeneratorSp
public abstract void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages,
KeyPairGeneratorSpi.Usage[] usages_mask);
+
+ public abstract int getCurveCodeByName(String curveName) throws InvalidParameterException;
}
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java.fix jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java.fix 2010-10-15 10:30:57.832196000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java 2010-10-20 11:09:30.523208000 -0700
@@ -44,6 +44,7 @@ import java.security.*;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.DSAParameterSpec;
+import java.util.Hashtable;
/**
@@ -55,6 +56,246 @@ public final class PK11KeyPairGenerator
extends org.mozilla.jss.crypto.KeyPairGeneratorSpi
{
+ // curve code for getting the actual EC curve
+ private enum ECCurve_Code {
+ // NIST, SEC2 Prime curves
+ secp521r1 , // == nistp521
+ nistp521 ,
+ secp384r1 , // == nistp384
+ nistp384 ,
+ secp256r1 , // == nistp256
+ nistp256 ,
+ secp256k1 ,
+ secp224r1 , // == nistp224
+ nistp224 ,
+ secp224k1 ,
+ secp192r1 , // == nistp192
+ nistp192 ,
+ secp192k1 ,
+ secp160r2 ,
+ secp160r1 ,
+ secp160k1 ,
+ secp128r2 ,
+ secp128r1 ,
+ secp112r2 ,
+ secp112r1 ,
+ // NIST, SEC2 Binary curves
+ sect571r1 , // == nistb571
+ nistb571 ,
+ sect571k1 , // == nistk571
+ nistk571 ,
+ sect409r1 , // == nistb409
+ nistb409 ,
+ sect409k1 , // == nistk409
+ nistk409 ,
+ sect283r1 , // == nistb283
+ nistb283 ,
+ sect283k1 , // == nistk283
+ nistk283 ,
+ sect239k1 ,
+ sect233r1 , // == nistb233
+ nistb233 ,
+ sect233k1 , // == nistk233
+ nistk233 ,
+ sect193r2 ,
+ sect193r1 ,
+ nistb163 ,
+ sect163r2 , // == nistb163
+ sect163r1 ,
+ sect163k1 , // == nistk163
+ nistk163 ,
+ sect131r2 ,
+ sect131r1 ,
+ sect113r2 ,
+ sect113r1 ,
+ // ANSI X9.62 Prime curves
+ prime239v3 ,
+ prime239v2 ,
+ prime239v1 ,
+ prime192v3 ,
+ prime192v2 ,
+ prime192v1 , // == nistp192
+ // prime256v1 == nistp256
+ // ANSI X9.62 Binary curves
+ c2pnb163v1 ,
+ c2pnb163v2 ,
+ c2pnb163v3 ,
+ c2pnb176v1 ,
+ c2tnb191v1 ,
+ c2tnb191v2 ,
+ c2tnb191v3 ,
+ //c2onb191v4 ,
+ //c2onb191v5 ,
+ c2pnb208w1 ,
+ c2tnb239v1 ,
+ c2tnb239v2 ,
+ c2tnb239v3 ,
+ //c2onb239v4 ,
+ //c2onb239v5 ,
+ c2pnb272w1 ,
+ c2pnb304w1 ,
+ c2tnb359v1 ,
+ c2pnb368w1 ,
+ c2tnb431r1
+ // no WTLS curves fo now
+ };
+
+ private static Hashtable ECCurve_NameToCode = new Hashtable();
+ static {
+ // NIST, SEC2 Prime curves
+ ECCurve_NameToCode.put(
+ "secp521r1", ECCurve_Code.secp521r1);
+ ECCurve_NameToCode.put(
+ "nistp521", ECCurve_Code.nistp521);
+ ECCurve_NameToCode.put(
+ "secp384r1", ECCurve_Code.secp384r1);
+ ECCurve_NameToCode.put(
+ "nistp384", ECCurve_Code.nistp384);
+ ECCurve_NameToCode.put(
+ "secp256r1", ECCurve_Code.secp256r1);
+ ECCurve_NameToCode.put(
+ "nistp256", ECCurve_Code.nistp256);
+ ECCurve_NameToCode.put(
+ "secp256k1", ECCurve_Code.secp256k1);
+ ECCurve_NameToCode.put(
+ "secp224r1", ECCurve_Code.secp224r1);
+ ECCurve_NameToCode.put(
+ "nistp224", ECCurve_Code.nistp224);
+ ECCurve_NameToCode.put(
+ "secp224k1", ECCurve_Code.secp224k1);
+ ECCurve_NameToCode.put(
+ "secp192r1", ECCurve_Code.secp192r1);
+ ECCurve_NameToCode.put(
+ "nistp192", ECCurve_Code.nistp192);
+ ECCurve_NameToCode.put(
+ "secp192k1", ECCurve_Code.secp192k1);
+ ECCurve_NameToCode.put(
+ "secp160r2", ECCurve_Code.secp160r2);
+ ECCurve_NameToCode.put(
+ "secp160r1", ECCurve_Code.secp160r1);
+ ECCurve_NameToCode.put(
+ "secp160k1", ECCurve_Code.secp160k1);
+ ECCurve_NameToCode.put(
+ "secp128r2", ECCurve_Code.secp128r2);
+ ECCurve_NameToCode.put(
+ "secp128r1", ECCurve_Code.secp128r1);
+ ECCurve_NameToCode.put(
+ "secp112r2", ECCurve_Code.secp112r2);
+ ECCurve_NameToCode.put(
+ "secp112r1", ECCurve_Code.secp112r1);
+ // NIST, SEC2 Binary curves
+ ECCurve_NameToCode.put(
+ "sect571r1", ECCurve_Code.sect571r1);
+ ECCurve_NameToCode.put(
+ "nistb571", ECCurve_Code.nistb571);
+ ECCurve_NameToCode.put(
+ "sect571k1", ECCurve_Code.sect571k1);
+ ECCurve_NameToCode.put(
+ "nistk571", ECCurve_Code.nistk571);
+ ECCurve_NameToCode.put(
+ "sect409r1", ECCurve_Code.sect409r1);
+ ECCurve_NameToCode.put(
+ "nistb409", ECCurve_Code.nistb409);
+ ECCurve_NameToCode.put(
+ "sect409k1", ECCurve_Code.sect409k1);
+ ECCurve_NameToCode.put(
+ "nistk409", ECCurve_Code.nistk409);
+ ECCurve_NameToCode.put(
+ "sect283r1", ECCurve_Code.sect283r1);
+ ECCurve_NameToCode.put(
+ "nistb283", ECCurve_Code.nistb283);
+ ECCurve_NameToCode.put(
+ "sect283k1", ECCurve_Code.sect283k1);
+ ECCurve_NameToCode.put(
+ "nistk283", ECCurve_Code.nistk283);
+ ECCurve_NameToCode.put(
+ "sect239k1", ECCurve_Code.sect239k1);
+ ECCurve_NameToCode.put(
+ "sect233r1", ECCurve_Code.sect233r1);
+ ECCurve_NameToCode.put(
+ "nistb233", ECCurve_Code.nistb233);
+ ECCurve_NameToCode.put(
+ "sect233k1", ECCurve_Code.sect233k1);
+ ECCurve_NameToCode.put(
+ "nistk233", ECCurve_Code.nistk233);
+ ECCurve_NameToCode.put(
+ "sect193r2", ECCurve_Code.sect193r2);
+ ECCurve_NameToCode.put(
+ "sect193r1", ECCurve_Code.sect193r1);
+ ECCurve_NameToCode.put(
+ "nistb163", ECCurve_Code.nistb163);
+ ECCurve_NameToCode.put(
+ "sect163r2", ECCurve_Code.sect163r2);
+ ECCurve_NameToCode.put(
+ "sect163r1", ECCurve_Code.sect163r1);
+ ECCurve_NameToCode.put(
+ "sect163k1", ECCurve_Code.sect163k1);
+ ECCurve_NameToCode.put(
+ "nistk163", ECCurve_Code.nistk163);
+ ECCurve_NameToCode.put(
+ "sect131r2", ECCurve_Code.sect131r2);
+ ECCurve_NameToCode.put(
+ "sect131r1", ECCurve_Code.sect131r1);
+ ECCurve_NameToCode.put(
+ "sect113r2", ECCurve_Code.sect113r2);
+ ECCurve_NameToCode.put(
+ "sect113r1", ECCurve_Code.sect113r1);
+ // ANSI Prime curves
+ ECCurve_NameToCode.put(
+ "prime239v3", ECCurve_Code.prime239v3);
+ ECCurve_NameToCode.put(
+ "prime239v2", ECCurve_Code.prime239v2);
+ ECCurve_NameToCode.put(
+ "prime239v1", ECCurve_Code.prime239v1);
+ ECCurve_NameToCode.put(
+ "prime192v3", ECCurve_Code.prime192v3);
+ ECCurve_NameToCode.put(
+ "prime192v2", ECCurve_Code.prime192v2);
+ ECCurve_NameToCode.put(
+ "prime192v1", ECCurve_Code.prime192v1);
+ // ANSI Binary curves
+ ECCurve_NameToCode.put(
+ "c2pnb163v1", ECCurve_Code.c2pnb163v1);
+ ECCurve_NameToCode.put(
+ "c2pnb163v2", ECCurve_Code.c2pnb163v2);
+ ECCurve_NameToCode.put(
+ "c2pnb163v3", ECCurve_Code.c2pnb163v3);
+ ECCurve_NameToCode.put(
+ "c2pnb176v1", ECCurve_Code.c2pnb176v1);
+ ECCurve_NameToCode.put(
+ "c2tnb191v1", ECCurve_Code.c2tnb191v1);
+ ECCurve_NameToCode.put(
+ "c2tnb191v2", ECCurve_Code.c2tnb191v2);
+ ECCurve_NameToCode.put(
+ "c2tnb191v3", ECCurve_Code.c2tnb191v3);
+ //ECCurve_NameToCode.put(
+ // "c2onb191v4", ECCurve_Code.c2onb191v4);
+ //ECCurve_NameToCode.put(
+ // "c2onb191v5", ECCurve_Code.c2onb191v5);
+ ECCurve_NameToCode.put(
+ "c2pnb208w1", ECCurve_Code.c2pnb208w1);
+ ECCurve_NameToCode.put(
+ "c2tnb239v1", ECCurve_Code.c2tnb239v1);
+ ECCurve_NameToCode.put(
+ "c2tnb239v2", ECCurve_Code.c2tnb239v2);
+ ECCurve_NameToCode.put(
+ "c2tnb239v3", ECCurve_Code.c2tnb239v3);
+ //ECCurve_NameToCode.put(
+ // "c2onb239v4", ECCurve_Code.c2onb239v4);
+ //ECCurve_NameToCode.put(
+ // "c2onb239v5", ECCurve_Code.c2onb239v5);
+ ECCurve_NameToCode.put(
+ "c2pnb272w1", ECCurve_Code.c2pnb272w1);
+ ECCurve_NameToCode.put(
+ "c2pnb304w1", ECCurve_Code.c2pnb304w1);
+ ECCurve_NameToCode.put(
+ "c2tnb359v1", ECCurve_Code.c2tnb359v1);
+ ECCurve_NameToCode.put(
+ "c2pnb368w1", ECCurve_Code.c2pnb368w1);
+ ECCurve_NameToCode.put(
+ "c2tnb431r1", ECCurve_Code.c2tnb431r1);
+ }
+
// opFlag constants: each of these flags specifies a crypto operation
// the key will support. Their values must match the same-named C
// preprocessor macros defined in the PKCS #11 header pkcs11t.h.
@@ -165,7 +406,15 @@ public final class PK11KeyPairGenerator
}
} else {
Assert._assert( algorithm == KeyPairAlgorithm.EC );
- params = getCurve(strength);
+ if (strength < 112) {
+ // for EC, "strength" is actually a code for curves defined in
+ // ECCurve_Code
+ params = getECCurve(strength);
+ } else {
+ // this is the old method of strength to curve mapping,
+ // which is somewhat defective
+ params = getCurve(strength);
+ }
}
}
@@ -642,6 +891,189 @@ public final class PK11KeyPairGenerator
static final OBJECT_IDENTIFIER CURVE_SECG_T571R1
= SECG_EC_CURVE.subBranch(39);
+ // the EC curvecode to oid hash table
+ private static Hashtable mECCurve_CodeToCurve = new Hashtable();
+ static {
+ // SEG Prime curves
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.secp521r1.ordinal(), (Object) CURVE_SECG_P521R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.nistp521.ordinal(), (Object) CURVE_SECG_P521R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.secp384r1.ordinal(), (Object) CURVE_SECG_P384R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.nistp384.ordinal(), (Object) CURVE_SECG_P384R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.secp256r1.ordinal(), (Object) CURVE_ANSI_P256V1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.nistp256.ordinal(), (Object) CURVE_ANSI_P256V1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.secp256k1.ordinal(), (Object) CURVE_SECG_P256K1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.secp224r1.ordinal(), (Object) CURVE_SECG_P224R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.nistp224.ordinal(), (Object) CURVE_SECG_P224R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.secp224k1.ordinal(), (Object) CURVE_SECG_P224K1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.secp192r1.ordinal(), (Object) CURVE_ANSI_P192V1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.nistp192.ordinal(), (Object) CURVE_ANSI_P192V1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.secp192k1.ordinal(), (Object) CURVE_SECG_P192K1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.secp160r2.ordinal(), (Object) CURVE_SECG_P160R2);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.secp160r1.ordinal(), (Object) CURVE_SECG_P160R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.secp160k1.ordinal(), (Object) CURVE_SECG_P160K1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.secp128r2.ordinal(), (Object) CURVE_SECG_P128R2);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.secp128r1.ordinal(), (Object) CURVE_SECG_P128R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.secp112r2.ordinal(), (Object) CURVE_SECG_P112R2);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.secp112r1.ordinal(), (Object) CURVE_SECG_P112R1);
+ // SEG Binary curves
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect571r1.ordinal(), (Object) CURVE_SECG_T571R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.nistb571.ordinal(), (Object) CURVE_SECG_T571R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect571k1.ordinal(), (Object) CURVE_SECG_T571K1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.nistk571.ordinal(), (Object) CURVE_SECG_T571K1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect409r1.ordinal(), (Object) CURVE_SECG_T409R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.nistb409.ordinal(), (Object) CURVE_SECG_T409R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect409k1.ordinal(), (Object) CURVE_SECG_T409K1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.nistk409.ordinal(), (Object) CURVE_SECG_T409K1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect283r1.ordinal(), (Object) CURVE_SECG_T283R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.nistb283.ordinal(), (Object) CURVE_SECG_T283R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect283k1.ordinal(), (Object) CURVE_SECG_T283K1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.nistk283.ordinal(), (Object) CURVE_SECG_T283K1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect239k1.ordinal(), (Object) CURVE_SECG_T239K1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect233r1.ordinal(), (Object) CURVE_SECG_T233R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.nistb233.ordinal(), (Object) CURVE_SECG_T233R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect233k1.ordinal(), (Object) CURVE_SECG_T233K1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.nistk233.ordinal(), (Object) CURVE_SECG_T233K1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect193r2.ordinal(), (Object) CURVE_SECG_T193R2);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect193r1.ordinal(), (Object) CURVE_SECG_T193R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.nistb163.ordinal(), (Object) CURVE_SECG_T163K1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect163r2.ordinal(), (Object) CURVE_SECG_T163R2);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect163r1.ordinal(), (Object) CURVE_SECG_T163R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect163k1.ordinal(), (Object) CURVE_SECG_T163K1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.nistk163.ordinal(), (Object) CURVE_SECG_T163K1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect131r2.ordinal(), (Object) CURVE_SECG_T131R2);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect131r1.ordinal(), (Object) CURVE_SECG_T131R1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect113r2.ordinal(), (Object) CURVE_SECG_T113R2);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.sect113r1.ordinal(), (Object) CURVE_SECG_T113R1);
+ // ANSI Prime curves
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.prime239v3.ordinal(), (Object) CURVE_ANSI_P239V3);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.prime239v2.ordinal(), (Object) CURVE_ANSI_P239V2);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.prime239v1.ordinal(), (Object) CURVE_ANSI_P239V1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.prime192v3.ordinal(), (Object) CURVE_ANSI_P192V3);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.prime192v2.ordinal(), (Object) CURVE_ANSI_P192V2);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.prime192v1.ordinal(), (Object) CURVE_ANSI_P192V1);
+ // ANSI Binary curves
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.c2pnb163v1.ordinal(), (Object) CURVE_ANSI_PNB163V1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.c2pnb163v2.ordinal(), (Object) CURVE_ANSI_PNB163V2);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.c2pnb163v3.ordinal(), (Object) CURVE_ANSI_PNB163V3);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.c2pnb176v1.ordinal(), (Object) CURVE_ANSI_PNB176V1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.c2tnb191v1.ordinal(), (Object) CURVE_ANSI_TNB191V1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.c2tnb191v2.ordinal(), (Object) CURVE_ANSI_TNB191V2);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.c2tnb191v3.ordinal(), (Object) CURVE_ANSI_TNB191V3);
+ //mECCurve_CodeToCurve.put(
+ // ECCurve_Code.c2onb191v4.ordinal(), (Object) CURVE_ANSI_ONB191V4);
+ //mECCurve_CodeToCurve.put(
+ // ECCurve_Code.c2onb191v5.ordinal(), (Object) CURVE_ANSI_ONB191V5);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.c2pnb208w1.ordinal(), (Object) CURVE_ANSI_PNB208W1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.c2tnb239v1.ordinal(), (Object) CURVE_ANSI_TNB239V1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.c2tnb239v2.ordinal(), (Object) CURVE_ANSI_TNB239V2);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.c2tnb239v3.ordinal(), (Object) CURVE_ANSI_TNB239V3);
+ //mECCurve_CodeToCurve.put(
+ // ECCurve_Code.c2onb239v4.ordinal(), (Object) CURVE_ANSI_ONB239V4);
+ //mECCurve_CodeToCurve.put(
+ // ECCurve_Code.c2onb239v5.ordinal(), (Object) CURVE_ANSI_ONB239V5);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.c2pnb272w1.ordinal(), (Object) CURVE_ANSI_PNB272W1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.c2pnb304w1.ordinal(), (Object) CURVE_ANSI_PNB304W1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.c2tnb359v1.ordinal(), (Object) CURVE_ANSI_TNB359V1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.c2pnb368w1.ordinal(), (Object) CURVE_ANSI_PNB368W1);
+ mECCurve_CodeToCurve.put(
+ ECCurve_Code.c2tnb431r1.ordinal(), (Object) CURVE_ANSI_TNB431R1);
+ }
+
+ public int getCurveCodeByName(String curveName)
+ throws InvalidParameterException {
+ if (curveName == null)
+ throw new InvalidParameterException();
+ ECCurve_Code c = (ECCurve_Code) ECCurve_NameToCode.get(curveName);
+ if (c == null)
+ throw new InvalidParameterException(curveName);
+ return c.ordinal();
+ }
+
+ /*
+ * getECCurve
+ * maps curvecode to the actual oid of the curve and
+ * returns the PK11ParameterSpec
+ */
+ private AlgorithmParameterSpec getECCurve(int curvecode)
+ throws InvalidParameterException
+ {
+ OBJECT_IDENTIFIER oid;
+
+ oid = (OBJECT_IDENTIFIER) mECCurve_CodeToCurve.get(curvecode);
+ if (oid == null)
+ throw new IllegalArgumentException("curvecode ="+curvecode);
+ return new PK11ParameterSpec(ASN1Util.encode(oid));
+ }
+
private AlgorithmParameterSpec getCurve(int strength)
throws InvalidParameterException
{

106
jss-ocspSettings.patch Normal file
View File

@ -0,0 +1,106 @@
diff -up jss-4.2.6/mozilla/security/jss/lib/jss.def.orig jss-4.2.6/mozilla/security/jss/lib/jss.def
--- jss-4.2.6/mozilla/security/jss/lib/jss.def.orig 2009-11-04 14:26:26.000000000 -0800
+++ jss-4.2.6/mozilla/security/jss/lib/jss.def 2009-11-04 14:11:05.000000000 -0800
@@ -329,6 +329,8 @@ Java_org_mozilla_jss_pkcs11_PK11Token_ne
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPairWithOpFlags;
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPairWithOpFlags;
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPairWithOpFlags;
+Java_org_mozilla_jss_CryptoManager_OCSPCacheSettingsNative;
+Java_org_mozilla_jss_CryptoManager_setOCSPTimeoutNative;
;+ local:
;+ *;
;+};
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c.orig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c.orig 2009-11-04 14:20:43.000000000 -0800
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c 2009-11-05 10:48:32.590000000 -0800
@@ -976,3 +976,45 @@ Java_org_mozilla_jss_CryptoManager_confi
}
}
+
+/**********************************************************************
+* OCSPCacheSettingsNative
+*
+* Allows configuration of the OCSP responder cache during runtime.
+*/
+JNIEXPORT void JNICALL
+Java_org_mozilla_jss_CryptoManager_OCSPCacheSettingsNative(
+ JNIEnv *env, jobject this,
+ jint ocsp_cache_size,
+ jint ocsp_min_cache_entry_duration,
+ jint ocsp_max_cache_entry_duration)
+{
+ SECStatus rv = SECFailure;
+
+ rv = CERT_OCSPCacheSettings(
+ ocsp_cache_size, ocsp_min_cache_entry_duration,
+ ocsp_max_cache_entry_duration);
+
+ if (rv != SECSuccess) {
+ JSS_throwMsgPrErr(env,
+ GENERAL_SECURITY_EXCEPTION,
+ "Failed to set OCSP cache: error "+ PORT_GetError());
+ }
+}
+
+JNIEXPORT void JNICALL
+Java_org_mozilla_jss_CryptoManager_setOCSPTimeoutNative(
+ JNIEnv *env, jobject this,
+ jint ocsp_timeout )
+{
+ SECStatus rv = SECFailure;
+
+ rv = CERT_SetOCSPTimeout(ocsp_timeout);
+
+ if (rv != SECSuccess) {
+ JSS_throwMsgPrErr(env,
+ GENERAL_SECURITY_EXCEPTION,
+ "Failed to set OCSP timeout: error "+ PORT_GetError());
+ }
+}
+
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java.orig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java.orig 2009-11-04 14:20:33.000000000 -0800
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java 2009-11-05 10:48:59.415001000 -0800
@@ -1479,4 +1479,41 @@ public final class CryptoManager impleme
String ocspResponderCertNickname )
throws GeneralSecurityException;
+ /**
+ * change OCSP cache settings
+ * * @param ocsp_cache_size max cache entries
+ * * @param ocsp_min_cache_entry_duration minimum seconds to next fetch attempt
+ * * @param ocsp_max_cache_entry_duration maximum seconds to next fetch attempt
+ */
+ public void OCSPCacheSettings(
+ int ocsp_cache_size,
+ int ocsp_min_cache_entry_duration,
+ int ocsp_max_cache_entry_duration)
+ throws GeneralSecurityException
+ {
+ OCSPCacheSettingsNative(ocsp_cache_size,
+ ocsp_min_cache_entry_duration,
+ ocsp_max_cache_entry_duration);
+ }
+
+ private native void OCSPCacheSettingsNative(
+ int ocsp_cache_size,
+ int ocsp_min_cache_entry_duration,
+ int ocsp_max_cache_entry_duration)
+ throws GeneralSecurityException;
+
+ /**
+ * set OCSP timeout value
+ * * @param ocspTimeout OCSP timeout in seconds
+ */
+ public void setOCSPTimeout(
+ int ocsp_timeout )
+ throws GeneralSecurityException
+ {
+ setOCSPTimeoutNative( ocsp_timeout);
+ }
+
+ private native void setOCSPTimeoutNative(
+ int ocsp_timeout )
+ throws GeneralSecurityException;
}

11
jss.spec
View File

@ -1,6 +1,6 @@
Name: jss
Version: 4.2.6
Release: 6%{?dist}
Release: 7%{?dist}
Summary: Java Security Services (JSS)
Group: System Environment/Libraries
@ -27,6 +27,9 @@ Patch2: jss-javadocs-param.patch
Patch3: jss-ipv6.patch
Patch4: jss-ECC-pop.patch
Patch5: jss-loadlibrary.patch
Patch6: jss-ocspSettings.patch
Patch7: jss-ECC_keygen_byCurveName.patch
%description
Java Security Services (JSS) is a java native interface which provides a bridge
@ -48,6 +51,8 @@ This package contains the API documentation for JSS.
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%build
[ -z "$JAVA_HOME" ] && export JAVA_HOME=%{_jvmdir}/java
@ -143,6 +148,10 @@ rm -rf $RPM_BUILD_ROOT
%changelog
* Wed Oct 20 2010 Christina Fu <cfu@redhat.com> 4.2.6-7
- Bugzilla Bug # 638833 - rfe ecc - add ec curve name support in JSS and CS
- Bugzilla Bug # 529945 - expose NSS calls for OCSP settings
* Wed Jan 13 2010 Rob Crittenden <rcritten@redhat.com> 4.2.6-6
- Need to explicitly catch UnsatisfiedLinkError exception for System.load()