|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--org.mozilla.jss.CryptoManager
This class is the starting poing for the crypto package. Use it to initialize the subsystem and to lookup certs, keys, and tokens. Initialization is done with static methods, and must be done before an instance can be created. All other operations are done with instance methods.
Inner Class Summary | |
static class |
CryptoManager.InitializationValues
The various options that can be used to initialize CryptoManager. |
static interface |
CryptoManager.InvalidLengthException
|
static interface |
CryptoManager.NicknameConflictException
|
static interface |
CryptoManager.NotInitializedException
|
static interface |
CryptoManager.UserCertConflictException
|
Field Summary | |
static int |
DOMESTIC_POLICY
|
static int |
EXPORT_POLICY
|
static int |
FRANCE_POLICY
|
static int |
NULL_POLICY
|
Method Summary | |
X509Certificate[] |
buildCertificateChain(X509Certificate leaf)
Given a certificate, constructs its certificate chain. |
JSSSecureRandom |
createPseudoRandomNumberGenerator()
Retrieves a FIPS-140-1 validated random number generator. |
byte[] |
exportCertsToPKCS7(X509Certificate[] certs)
Exports one or more certificates into a PKCS #7 certificate container. |
X509Certificate |
findCertByIssuerAndSerialNumber(byte[] derIssuer,
INTEGER serialNumber)
Looks up a certificate by issuer and serial number. |
X509Certificate |
findCertByNickname(java.lang.String nickname)
Looks up a certificate given its nickname. |
X509Certificate[] |
findCertsByNickname(java.lang.String nickname)
Returns all certificates with the given nickname. |
PrivateKey |
findPrivKeyByCert(X509Certificate cert)
Looks up the PrivateKey matching the given certificate. |
boolean |
FIPSEnabled()
Determines whether FIPS-140-1 compliance is active. |
java.util.Enumeration |
getAllTokens()
Retrieves all tokens. |
InternalCertificate[] |
getCACerts()
Retrieves all CA certificates in the trust database. |
java.util.Enumeration |
getExternalTokens()
Retrieves all tokens except those built into NSS. |
static CryptoManager |
getInstance()
Retrieve the single instance of CryptoManager. |
CryptoToken |
getInternalCryptoToken()
Retrieves the internal cryptographic services token. |
CryptoToken |
getInternalKeyStorageToken()
Retrieves the internal key storage token. |
java.util.Enumeration |
getModules()
Retrieves all installed cryptographic modules. |
PasswordCallback |
getPasswordCallback()
Returns the currently registered password callback. |
InternalCertificate[] |
getPermCerts()
Retrieves all certificates in the trust database. |
JSSSecureRandom |
getSecureRNG()
Retrieves a FIPS-140-1 validated random number generator. |
CryptoToken |
getTokenByName(java.lang.String name)
Looks up the CryptoToken with the given name. |
java.util.Enumeration |
getTokensSupportingAlgorithm(Algorithm alg)
Retrieves all tokens that support the given algorithm. |
X509Certificate |
importCACertPackage(byte[] certPackage)
Imports a chain of certificates, none of which is a user certificate. |
X509Certificate |
importCertPackage(byte[] certPackage,
java.lang.String nickname)
Imports a chain of certificates. |
InternalCertificate |
importCertToPerm(X509Certificate cert,
java.lang.String nickname)
Imports a single certificate into the permanent certificate database. |
void |
importCRL(byte[] crl,
java.lang.String url)
Imports a CRL, and stores it into the cert7.db Validate CRL then import it to the dbase. |
X509Certificate |
importUserCACertPackage(byte[] certPackage,
java.lang.String nickname)
Imports a chain of certificates. |
static void |
initialize()
Initialize the security subsystem. |
static void |
initialize(CryptoManager.InitializationValues values)
Initialize the security subsystem. |
static void |
initialize(java.lang.String modDBName,
java.lang.String keyDBName,
java.lang.String certDBName)
Initialize the security subsystem. |
void |
setPasswordCallback(PasswordCallback pwcb)
This function sets the global password callback. |
Methods inherited from class java.lang.Object |
equals,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
Field Detail |
public static final int NULL_POLICY
public static final int DOMESTIC_POLICY
public static final int EXPORT_POLICY
public static final int FRANCE_POLICY
Method Detail |
public CryptoToken getInternalCryptoToken()
In FIPS mode, the internal cryptographic services token is the same as the internal key storage token.
public CryptoToken getInternalKeyStorageToken()
In FIPS mode, the internal key storage token is the same as the internal cryptographic services token.
public CryptoToken getTokenByName(java.lang.String name) throws NoSuchTokenException
name
- The name of the token.public java.util.Enumeration getTokensSupportingAlgorithm(Algorithm alg)
public java.util.Enumeration getAllTokens()
CryptoToken
CryptoToken
public java.util.Enumeration getExternalTokens()
public java.util.Enumeration getModules()
PK11Module
.PK11Module
public static CryptoManager getInstance() throws CryptoManager.NotInitializedException
initialize(InitializationValues
has not yet been
called.initialize(CryptoManager.InitializationValues)
public boolean FIPSEnabled()
public void setPasswordCallback(PasswordCallback pwcb)
The callback may be NULL, in which case password callbacks will fail gracefully.
public PasswordCallback getPasswordCallback()
public static void initialize()
initialize(InitializationValues)
.public static void initialize(java.lang.String modDBName, java.lang.String keyDBName, java.lang.String certDBName) throws KeyDatabaseException, CertDatabaseException, AlreadyInitializedException, java.security.GeneralSecurityException
initialize
methods that take arguments should be
called only once, otherwise they will throw
an exception. It is OK to call them after calling
initialize()
.modDBName
- The full path, relative or absolute, of the security
module database.keyDBName
- The full path, relative or absolute, of the key
database.certDBName
- The full path, relative or absolute, of the
certificate database.public static void initialize(CryptoManager.InitializationValues values) throws KeyDatabaseException, CertDatabaseException, AlreadyInitializedException, java.security.GeneralSecurityException
initialize
methods that take arguments should be
called only once, otherwise they will throw
an exception. It is OK to call them after calling
initialize()
.values
- The options with which to initialize CryptoManager.public InternalCertificate[] getCACerts()
public InternalCertificate[] getPermCerts()
public X509Certificate importCertPackage(byte[] certPackage, java.lang.String nickname) throws java.security.cert.CertificateEncodingException, CryptoManager.NicknameConflictException, CryptoManager.UserCertConflictException, NoSuchItemOnTokenException, TokenException
certPackage
- An encoded certificate or certificate chain.
Acceptable
encodings are binary PKCS #7 SignedData objects and
DER-encoded certificates, which may or may not be wrapped
in a Base-64 encoding package surrounded by
"-----BEGIN CERTIFICATE-----
" and
"-----END CERTIFICATE-----
".nickname
- The nickname for the user certificate. It must
be unique. It is ignored if there is no user certificate.public X509Certificate importUserCACertPackage(byte[] certPackage, java.lang.String nickname) throws java.security.cert.CertificateEncodingException, CryptoManager.NicknameConflictException, CryptoManager.UserCertConflictException, NoSuchItemOnTokenException, TokenException
certPackage
- An encoded certificate or certificate chain.
Acceptable
encodings are binary PKCS #7 SignedData objects and
DER-encoded certificates, which may or may not be wrapped
in a Base-64 encoding package surrounded by
"-----BEGIN CERTIFICATE-----
" and
"-----END CERTIFICATE-----
".nickname
- The nickname for the user certificate. It must
be unique.public X509Certificate importCACertPackage(byte[] certPackage) throws java.security.cert.CertificateEncodingException, TokenException
certPackage
- An encoded certificate or certificate chain.
Acceptable
encodings are binary PKCS #7 SignedData objects and
DER-encoded certificates, which may or may not be wrapped
in a Base-64 encoding package surrounded by
"-----BEGIN CERTIFICATE-----
" and
"-----END CERTIFICATE-----
".public InternalCertificate importCertToPerm(X509Certificate cert, java.lang.String nickname) throws TokenException, org.mozilla.jss.util.InvalidNicknameException
derCert
- the certificate you want to addnickname
- the nickname you want to refer to the certificate as
(must not be null)public void importCRL(byte[] crl, java.lang.String url) throws CRLImportException, TokenException
crl
- the DER-encoded CRL.url
- the URL where this CRL can be retrieved from (for future updates).
[ note that CRLs are not retrieved automatically ]. Can be nullpublic byte[] exportCertsToPKCS7(X509Certificate[] certs) throws java.security.cert.CertificateEncodingException
certs
- One or more certificates that should be exported into
the PKCS #7 object. The leaf certificate should be the first
in the chain. The output of buildCertificateChain
would be appropriate here.buildCertificateChain(org.mozilla.jss.crypto.X509Certificate)
public X509Certificate findCertByNickname(java.lang.String nickname) throws ObjectNotFoundException, TokenException
nickname
- The nickname of the certificate to look for.public X509Certificate[] findCertsByNickname(java.lang.String nickname) throws TokenException
nickname
- The nickname of the certificate to look for.public X509Certificate findCertByIssuerAndSerialNumber(byte[] derIssuer, INTEGER serialNumber) throws ObjectNotFoundException, TokenException
derIssuer
- The DER encoding of the certificate issuer name.
The issuer name has ASN.1 type Name, which is defined in
X.501.serialNumber
- The certificate serial number.public X509Certificate[] buildCertificateChain(X509Certificate leaf) throws java.security.cert.CertificateException, TokenException
leaf
- The certificate that is the starting point of the chain.public PrivateKey findPrivKeyByCert(X509Certificate cert) throws ObjectNotFoundException, TokenException
public JSSSecureRandom createPseudoRandomNumberGenerator()
public JSSSecureRandom getSecureRNG()
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |