public interface ICryptoSubsystem extends ISubsystem
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
ID |
Modifier and Type | Method and Description |
---|---|
void |
addEntropy(int bits)
Adds the specified number of bits of entropy from the system
entropy generator to the RNG of the default PKCS#11 RNG token.
|
void |
checkCertificateExt(java.lang.String ext)
Checks if the given base-64 encoded string contains an extension
or a sequence of extensions.
|
void |
deleteCert(java.lang.String nickname,
java.lang.String notAfterTime)
Delete certificate of the given nickname.
|
void |
deleteRootCert(java.lang.String nickname,
java.lang.String serialno,
java.lang.String issuername) |
void |
deleteTokenCertificate(java.lang.String nickname,
java.lang.String pathname)
Deletes certificate of the given nickname.
|
void |
deleteUserCert(java.lang.String nickname,
java.lang.String serialno,
java.lang.String issuername) |
netscape.security.x509.AlgorithmId |
getAlgorithmId(java.lang.String algname,
IConfigStore store)
Retrieves CA's signing algorithm id.
|
java.lang.String |
getAllCerts()
Retrieves a list of nicknames of certificates that are
in the installed tokens.
|
NameValuePairs |
getAllCertsManage()
Gets all certificates on all tokens for Certificate Database Management.
|
NameValuePairs |
getCACerts()
Gets all CA certificates on all tokens.
|
org.mozilla.jss.crypto.PQGParams |
getCAPQG(int keysize,
IConfigStore store)
Retrieves PQG parameters based on key size.
|
netscape.security.x509.CertificateExtensions |
getCertExtensions(java.lang.String tokenname,
java.lang.String nickname)
Retrieves extensions of the certificate that is identified by
the given nickname.
|
java.lang.String |
getCertListWithoutTokenName(java.lang.String name)
Retrieves all certificates.
|
java.lang.String |
getCertPrettyPrint(java.lang.String b64E,
java.util.Locale locale)
Retrieves the certificate in the pretty print format.
|
java.lang.String |
getCertPrettyPrint(java.lang.String nickname,
java.lang.String date,
java.util.Locale locale)
Retrieves certificate in pretty-print format by the nickname.
|
java.lang.String |
getCertPrettyPrint(java.lang.String nickname,
java.lang.String serialno,
java.lang.String issuername,
java.util.Locale locale) |
java.lang.String |
getCertPrettyPrintAndFingerPrint(java.lang.String nickname,
java.lang.String serialno,
java.lang.String issuername,
java.util.Locale locale) |
java.lang.String |
getCertRequest(java.lang.String subjectName,
java.security.KeyPair kp)
Generates certificate request from the given key pair.
|
java.lang.String |
getCertSubjectName(java.lang.String tokenname,
java.lang.String nickname)
Retrieves subject name of the certificate that is identified by
the given nickname.
|
java.lang.String |
getCipherPreferences()
Retrieves the cipher preferences.
|
java.lang.String |
getCipherVersion()
Retrieves the SSL cipher version.
|
java.security.KeyPair |
getECCKeyPair(KeyCertData properties)
Generates an ECC key pair based on the given parameters.
|
java.security.KeyPair |
getECCKeyPair(java.lang.String token,
java.lang.String curveName,
java.lang.String certType)
Generates an ECC key pair based on the given parameters.
|
netscape.security.x509.CertificateExtensions |
getExtensions(java.lang.String tokenname,
java.lang.String nickname)
Retrieves extensions of the certificate that is identified by
the given nickname.
|
java.lang.String |
getInternalTokenName()
Retrieves the token name of the internal (software) token.
|
java.security.KeyPair |
getKeyPair(KeyCertData properties)
Generates a key pair based on the given parameters.
|
java.security.KeyPair |
getKeyPair(java.lang.String nickname)
Retrieves the key pair based on the given nickname.
|
java.security.KeyPair |
getKeyPair(java.lang.String tokenName,
java.lang.String alg,
int keySize)
Generates a key pair based on the given parameters.
|
java.security.KeyPair |
getKeyPair(java.lang.String tokenName,
java.lang.String alg,
int keySize,
org.mozilla.jss.crypto.PQGParams pqg)
Generates a key pair based on the given parameters.
|
org.mozilla.jss.crypto.PQGParams |
getPQG(int keysize)
Retrieves PQG parameters based on key size.
|
NameValuePairs |
getRootCerts() |
java.lang.String |
getRootCertTrustBit(java.lang.String nickname,
java.lang.String serialno,
java.lang.String issuerName) |
java.lang.String |
getSignatureAlgorithm(java.lang.String nickname)
Retrieves the signature algorithm of the certificate named
by the given nickname.
|
netscape.security.x509.X509CertImpl |
getSignedCert(KeyCertData data,
java.lang.String certType,
java.security.PrivateKey priKey)
Signs the certificate template into the given data and returns
a signed certificate.
|
java.lang.String |
getSubjectDN(java.lang.String nickname)
Retrieves the subject DN of the certificate identified by
the nickname.
|
java.lang.String |
getTokenList()
Retrieves a list of currently registered token names.
|
NameValuePairs |
getUserCerts() |
void |
importCert(java.lang.String b64E,
java.lang.String nickname,
java.lang.String certType)
Imports certificate into the server.
|
void |
importCert(netscape.security.x509.X509CertImpl signedCert,
java.lang.String nickname,
java.lang.String certType)
Imports certificate into the server.
|
boolean |
isCACert(java.lang.String fullNickname)
Checks to see if the certificate of the given nickname is a
CA certificate.
|
java.lang.String |
isCipherFortezza()
Checks if fortezza is enabled.
|
boolean |
isTokenLoggedIn(java.lang.String name)
Checks if the given token is logged in.
|
void |
isX500DN(java.lang.String dn)
Checks if the given dn is a valid distinguished name.
|
void |
loggedInToken(java.lang.String tokenName,
java.lang.String pwd)
Logs into token.
|
void |
setCipherPreferences(java.lang.String cipherPrefs)
Sets the current SSL cipher preferences.
|
void |
setRootCertTrust(java.lang.String nickname,
java.lang.String serialno,
java.lang.String issuername,
java.lang.String trust) |
void |
trustCert(java.lang.String nickname,
java.lang.String date,
java.lang.String trust)
Trusts a certificate for all available purposes.
|
getConfigStore, getId, init, setId, shutdown, startup
static final java.lang.String ID
java.lang.String getAllCerts() throws EBaseException
EBaseException
- failed to retrieve nicknamesjava.lang.String getCertPrettyPrint(java.lang.String nickname, java.lang.String date, java.util.Locale locale) throws EBaseException
nickname
- nickname of certificatedate
- not after of the returned certificate must be datelocale
- user localeEBaseException
- failed to retrieve certificatejava.lang.String getRootCertTrustBit(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName) throws EBaseException
EBaseException
java.lang.String getCertPrettyPrint(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername, java.util.Locale locale) throws EBaseException
EBaseException
java.lang.String getCertPrettyPrintAndFingerPrint(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername, java.util.Locale locale) throws EBaseException
EBaseException
java.lang.String getCertPrettyPrint(java.lang.String b64E, java.util.Locale locale) throws EBaseException
b64E
- certificate in mime-64 encoded formatlocale
- end user localeEBaseException
- failed to retrieve certificatevoid importCert(java.lang.String b64E, java.lang.String nickname, java.lang.String certType) throws EBaseException
b64E
- certificate in mime-64 encoded formatnickname
- nickname for the importing certificatecertType
- certificate typeEBaseException
- failed to import certificatevoid importCert(netscape.security.x509.X509CertImpl signedCert, java.lang.String nickname, java.lang.String certType) throws EBaseException
signedCert
- certificatenickname
- nickname for the importing certificatecertType
- certificate typeEBaseException
- failed to import certificatejava.security.KeyPair getKeyPair(KeyCertData properties) throws EBaseException
properties
- key parametersEBaseException
- failed to generate key pairjava.security.KeyPair getKeyPair(java.lang.String nickname) throws EBaseException
nickname
- nickname of the public keyEBaseException
- failed to retrieve key pairjava.security.KeyPair getKeyPair(java.lang.String tokenName, java.lang.String alg, int keySize) throws EBaseException
tokenName
- name of token where key is generatedalg
- key algorithmkeySize
- key sizeEBaseException
- failed to generate key pairjava.security.KeyPair getKeyPair(java.lang.String tokenName, java.lang.String alg, int keySize, org.mozilla.jss.crypto.PQGParams pqg) throws EBaseException
tokenName
- name of token where key is generatedalg
- key algorithmkeySize
- key sizepqg
- pqg parameters if DSA key, otherwise nullEBaseException
- failed to generate key pairjava.security.KeyPair getECCKeyPair(KeyCertData properties) throws EBaseException
properties
- key parametersEBaseException
- failed to generate key pairjava.security.KeyPair getECCKeyPair(java.lang.String token, java.lang.String curveName, java.lang.String certType) throws EBaseException
token
- token namecurveName
- curve namecertType
- type of cert(sslserver etc..)EBaseException
- failed to generate key pairjava.lang.String getSignatureAlgorithm(java.lang.String nickname) throws EBaseException
nickname
- nickname of the certificateEBaseException
- failed to retrieve signaturevoid isX500DN(java.lang.String dn) throws EBaseException
dn
- distinguished nameEBaseException
- failed to checknetscape.security.x509.AlgorithmId getAlgorithmId(java.lang.String algname, IConfigStore store) throws EBaseException
algname
- DSA or RSAstore
- configuration store.EBaseException
- failed to retrieve algorithm idjava.lang.String getCertSubjectName(java.lang.String tokenname, java.lang.String nickname) throws EBaseException
tokenname
- name of token where the nickname is validnickname
- nickname of the certificateEBaseException
- failed to get subject namenetscape.security.x509.CertificateExtensions getExtensions(java.lang.String tokenname, java.lang.String nickname) throws EBaseException
tokenname
- name of token where the nickname is validnickname
- nickname of the certificateEBaseException
- failed to get extensionsvoid deleteTokenCertificate(java.lang.String nickname, java.lang.String pathname) throws EBaseException
nickname
- nickname of the certificatepathname
- path where a copy of the deleted certificate is storedEBaseException
- failed to delete certificatevoid deleteCert(java.lang.String nickname, java.lang.String notAfterTime) throws EBaseException
nickname
- nickname of the certificatenotAfterTime
- The notAfter of the certificate. It
is possible to ge t multiple certificates under
the same nickname. If one of the certificates match
the notAfterTime, then the certificate will get
deleted. The format of the notAfterTime has to be
in "MMMMM dd, yyyy HH:mm:ss" format.EBaseException
- failed to delete certificatejava.lang.String getSubjectDN(java.lang.String nickname) throws EBaseException
nickname
- nickname of the certificateEBaseException
- failed to retrieve subject DNvoid trustCert(java.lang.String nickname, java.lang.String date, java.lang.String trust) throws EBaseException
nickname
- nickname of the certificatedate
- certificate's not beforetrust
- "Trust" or otherEBaseException
- failed to trust certificatevoid checkCertificateExt(java.lang.String ext) throws EBaseException
ext
- extension or sequence of extension encoded in base-64EBaseException
- failed to check encodingNameValuePairs getAllCertsManage() throws EBaseException
EBaseException
- failed to retrieve certificatesNameValuePairs getUserCerts() throws EBaseException
EBaseException
NameValuePairs getCACerts() throws EBaseException
EBaseException
- failed to retrieve certificatesNameValuePairs getRootCerts() throws EBaseException
EBaseException
void setRootCertTrust(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername, java.lang.String trust) throws EBaseException
EBaseException
void deleteRootCert(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername) throws EBaseException
EBaseException
void deleteUserCert(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername) throws EBaseException
EBaseException
org.mozilla.jss.crypto.PQGParams getPQG(int keysize)
keysize
- key sizeorg.mozilla.jss.crypto.PQGParams getCAPQG(int keysize, IConfigStore store) throws EBaseException
keysize
- key sizestore
- configuration storeEBaseException
netscape.security.x509.CertificateExtensions getCertExtensions(java.lang.String tokenname, java.lang.String nickname) throws org.mozilla.jss.CryptoManager.NotInitializedException, org.mozilla.jss.crypto.TokenException, org.mozilla.jss.crypto.ObjectNotFoundException, java.io.IOException, java.security.cert.CertificateException
tokenname
- token namenickname
- nicknameorg.mozilla.jss.CryptoManager.NotInitializedException
org.mozilla.jss.crypto.TokenException
org.mozilla.jss.crypto.ObjectNotFoundException
java.io.IOException
java.security.cert.CertificateException
boolean isTokenLoggedIn(java.lang.String name) throws EBaseException
name
- token nameEBaseException
- failed to loginvoid loggedInToken(java.lang.String tokenName, java.lang.String pwd) throws EBaseException
tokenName
- name of the tokenpwd
- token passwordEBaseException
- failed to loginjava.lang.String getCertRequest(java.lang.String subjectName, java.security.KeyPair kp) throws EBaseException
subjectName
- subject name to use in the requestkp
- key pair that contains public key materialEBaseException
- failed to generate requestjava.lang.String isCipherFortezza() throws EBaseException
EBaseException
java.lang.String getCipherVersion() throws EBaseException
EBaseException
java.lang.String getCipherPreferences() throws EBaseException
EBaseException
void setCipherPreferences(java.lang.String cipherPrefs) throws EBaseException
cipherPrefs
- cipher preferences (i.e. "rc4export,rc2export,...")EBaseException
- failed to set cipher preferencesjava.lang.String getTokenList() throws EBaseException
EBaseException
- failed to retrieve token listjava.lang.String getCertListWithoutTokenName(java.lang.String name) throws EBaseException
name
- token nameEBaseException
- failed to retrievejava.lang.String getInternalTokenName() throws EBaseException
EBaseException
- failed to retrieve token nameboolean isCACert(java.lang.String fullNickname) throws EBaseException
fullNickname
- nickname of the certificate to checkEBaseException
- failed to checkvoid addEntropy(int bits) throws org.mozilla.jss.util.NotImplementedException, java.io.IOException, org.mozilla.jss.crypto.TokenException
bits
- number of bits of entropyorg.mozilla.jss.util.NotImplementedException
- If the Crypto device does not support
adding entropyorg.mozilla.jss.crypto.TokenException
- If there was some other problem with the Crypto devicejava.io.IOException
- If there was a problem reading from the /dev/randomnetscape.security.x509.X509CertImpl getSignedCert(KeyCertData data, java.lang.String certType, java.security.PrivateKey priKey) throws EBaseException
data
- data that contains certificate templatecertType
- certificate typepriKey
- CA signing keyEBaseException
- failed to sign certificate template