Class JssSubsystem

  • All Implemented Interfaces:
    ICryptoSubsystem

    public final class JssSubsystem
    extends java.lang.Object
    implements ICryptoSubsystem
    Subsystem for initializing JSS

    Version:
    $Revision$ $Date$
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addEntropy​(int bits)
      Adds the specified number of bits of entropy from the system entropy generator to the RNG of the default PKCS#11 RNG token.
      void checkCertificateExt​(java.lang.String ext)
      Checks if the given base-64 encoded string contains an extension or a sequence of extensions.
      void checkKeyLength​(java.lang.String keyType, int keyLength, java.lang.String certType, int minRSAKeyLen)  
      void deleteCACert​(java.lang.String nickname, java.lang.String notAfterTime)
      Delete the CA certificate from the perm database.
      void deleteCert​(java.lang.String nickname, java.lang.String notAfterTime)
      Delete any certificate from the any token.
      void deleteRootCert​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername)  
      void deleteTokenCertificate​(java.lang.String nickname, java.lang.String pathname)
      Deletes certificate of the given nickname.
      void deleteUserCert​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername)  
      org.mozilla.jss.netscape.security.x509.AlgorithmId getAlgorithmId​(java.lang.String algname, IConfigStore store)
      Retrieves CA's signing algorithm id.
      java.lang.String getAllCerts()
      Retrieves a list of nicknames of certificates that are in the installed tokens.
      NameValuePairs getAllCertsManage()
      Gets all certificates on all tokens for Certificate Database Management.
      NameValuePairs getCACerts()
      Gets all CA certificates on all tokens.
      org.mozilla.jss.crypto.PQGParams getCAPQG​(int keysize, IConfigStore store)
      Retrieves PQG parameters based on key size.
      org.mozilla.jss.netscape.security.x509.CertificateExtensions getCertExtensions​(java.lang.String tokenname, java.lang.String nickname)
      Retrieves extensions of the certificate that is identified by the given nickname.
      org.mozilla.jss.crypto.X509Certificate getCertificate​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName)  
      NameValuePairs getCertInfo​(java.lang.String b64E)  
      java.lang.String getCertList​(java.lang.String name)  
      java.lang.String getCertListWithoutTokenName​(java.lang.String name)
      Retrieves all certificates.
      java.lang.String getCertPrettyPrint​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName, java.util.Locale locale)  
      java.lang.String getCertPrettyPrint​(java.lang.String nickname, java.lang.String date, java.util.Locale locale)
      Retrieves certificate in pretty-print format by the nickname.
      java.lang.String getCertPrettyPrint​(java.lang.String b64E, java.util.Locale locale)
      Retrieves the certificate in the pretty print format.
      java.lang.String getCertPrettyPrintAndFingerPrint​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName, java.util.Locale locale)  
      java.lang.String getCertRequest​(java.lang.String subjectName, java.security.KeyPair kp)
      Generates certificate request from the given key pair.
      java.lang.String getCertSubjectName​(java.lang.String tokenname, java.lang.String nickname)
      Retrieves subject name of the certificate that is identified by the given nickname.
      java.lang.String getCipherPreferences()
      Retrieves the cipher preferences.
      java.lang.String getCipherVersion()
      Retrieves the SSL cipher version.
      JssSubsystemConfig getConfigStore()
      Retrieves a configuration store of this subsystem.
      java.security.KeyPair getECCKeyPair​(KeyCertData properties)
      Generates an ECC key pair based on the given parameters.
      java.security.KeyPair getECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token, java.lang.String keyCurve, java.lang.String certType)
      Generates an ECC key pair based on the given parameters.
      java.lang.String getECType​(java.lang.String certType)  
      org.mozilla.jss.netscape.security.x509.CertificateExtensions getExtensions​(java.lang.String tokenname, java.lang.String nickname)
      Retrieves extensions of the certificate that is identified by the given nickname.
      java.lang.String getId()  
      static JssSubsystem getInstance()  
      java.lang.String getInternalTokenName()
      Retrieves the token name of the internal (software) token.
      java.security.KeyPair getKeyPair​(KeyCertData properties)
      Generates a key pair based on the given parameters.
      java.security.KeyPair getKeyPair​(java.lang.String nickname)
      Retrieves the key pair based on the given nickname.
      java.security.KeyPair getKeyPair​(org.mozilla.jss.crypto.CryptoToken token, java.lang.String alg, int keySize)
      Generates a key pair based on the given parameters.
      java.security.KeyPair getKeyPair​(org.mozilla.jss.crypto.CryptoToken token, java.lang.String alg, int keySize, org.mozilla.jss.crypto.PQGParams pqg)
      Generates a key pair based on the given parameters.
      org.mozilla.jss.crypto.PQGParams getPQG​(int keysize)
      Retrieves PQG parameters based on key size.
      java.security.SecureRandom getRandomNumberGenerator()  
      NameValuePairs getRootCerts()  
      java.lang.String getRootCertTrustBit​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName)  
      java.lang.String getSignatureAlgorithm​(java.lang.String nickname)
      Retrieves the signature algorithm of the certificate named by the given nickname.
      org.mozilla.jss.netscape.security.x509.X509CertImpl getSignedCert​(KeyCertData data, java.lang.String certType, java.security.PrivateKey priKey)
      Signs the certificate template into the given data and returns a signed certificate.
      java.lang.String getSubjectDN​(java.lang.String nickname)
      Retrieves the subject DN of the certificate identified by the nickname.
      java.lang.String getTokenList()
      Retrieves a list of currently registered token names.
      NameValuePairs getUserCerts()  
      void importCert​(java.lang.String b64E, java.lang.String nickname, java.lang.String certType)
      Imports certificate into the server.
      void importCert​(org.mozilla.jss.netscape.security.x509.X509CertImpl signedCert, java.lang.String nickname, java.lang.String certType)
      Imports certificate into the server.
      void init​(JssSubsystemConfig config)
      Initializes the Jss security subsystem.
      boolean isCACert​(java.lang.String fullNickname)
      Checks to see if the certificate of the given nickname is a CA certificate.
      java.lang.String isCipherFortezza()
      Checks if fortezza is enabled.
      boolean isTokenLoggedIn​(java.lang.String name)
      Checks if the given token is logged in.
      void isX500DN​(java.lang.String dn)
      Checks if the given dn is a valid distinguished name.
      void loggedInToken​(java.lang.String tokenName, java.lang.String pwd)
      Logs into token.
      static void main​(java.lang.String[] args)  
      void obscureBytes​(byte[] memory)  
      void obscureBytes​(byte[] memory, java.lang.String method)  
      void obscureChars​(char[] memory)  
      void setCipherPreferences​(java.lang.String cipherPrefs)
      Sets the current SSL cipher preferences.
      void setId​(java.lang.String id)  
      void setRootCertTrust​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName, java.lang.String trust)  
      void shutdown()
      Shutdowns this subsystem.
      void startup()
      Starts up this service.
      void trustCert​(java.lang.String nickname, java.lang.String date, java.lang.String trust)
      Trusts a certificate for all available purposes.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Method Detail

      • getId

        public java.lang.String getId()
      • addEntropy

        public void addEntropy​(int bits)
                        throws org.mozilla.jss.util.NotImplementedException,
                               java.io.IOException,
                               org.mozilla.jss.crypto.TokenException
        Description copied from interface: ICryptoSubsystem
        Adds the specified number of bits of entropy from the system entropy generator to the RNG of the default PKCS#11 RNG token. The default token is set using the modutil command. Note that the system entropy generator (usually /dev/random) will block until sufficient entropy is collected.
        Specified by:
        addEntropy in interface ICryptoSubsystem
        Parameters:
        bits - number of bits of entropy
        Throws:
        org.mozilla.jss.util.NotImplementedException - If the Crypto device does not support adding entropy
        java.io.IOException - If there was a problem reading from the /dev/random
        org.mozilla.jss.crypto.TokenException - If there was some other problem with the Crypto device
      • getRandomNumberGenerator

        public java.security.SecureRandom getRandomNumberGenerator()
      • obscureBytes

        public void obscureBytes​(byte[] memory)
      • obscureBytes

        public void obscureBytes​(byte[] memory,
                                 java.lang.String method)
      • obscureChars

        public void obscureChars​(char[] memory)
      • setCipherPreferences

        public void setCipherPreferences​(java.lang.String cipherPrefs)
                                  throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Sets the current SSL cipher preferences.
        Specified by:
        setCipherPreferences in interface ICryptoSubsystem
        Parameters:
        cipherPrefs - cipher preferences (i.e. "rc4export,rc2export,...")
        Throws:
        EBaseException - failed to set cipher preferences
      • getConfigStore

        public JssSubsystemConfig getConfigStore()
        Retrieves a configuration store of this subsystem.

      • shutdown

        public void shutdown()
        Shutdowns this subsystem.

      • getCertSubjectName

        public java.lang.String getCertSubjectName​(java.lang.String tokenname,
                                                   java.lang.String nickname)
                                            throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Retrieves subject name of the certificate that is identified by the given nickname.
        Specified by:
        getCertSubjectName in interface ICryptoSubsystem
        Parameters:
        tokenname - name of token where the nickname is valid
        nickname - nickname of the certificate
        Returns:
        subject name
        Throws:
        EBaseException - failed to get subject name
      • getAllCerts

        public java.lang.String getAllCerts()
                                     throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Retrieves a list of nicknames of certificates that are in the installed tokens.
        Specified by:
        getAllCerts in interface ICryptoSubsystem
        Returns:
        a list of comma-separated nicknames
        Throws:
        EBaseException - failed to retrieve nicknames
      • getCertListWithoutTokenName

        public java.lang.String getCertListWithoutTokenName​(java.lang.String name)
                                                     throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Retrieves all certificates. The result list will not contain the token tag.
        Specified by:
        getCertListWithoutTokenName in interface ICryptoSubsystem
        Parameters:
        name - token name
        Returns:
        list of certificates without token tag
        Throws:
        EBaseException - failed to retrieve
      • getAlgorithmId

        public org.mozilla.jss.netscape.security.x509.AlgorithmId getAlgorithmId​(java.lang.String algname,
                                                                                 IConfigStore store)
                                                                          throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Retrieves CA's signing algorithm id. If it is DSA algorithm, algorithm is constructed by reading the parameters ca.dsaP, ca.dsaQ, ca.dsaG.
        Specified by:
        getAlgorithmId in interface ICryptoSubsystem
        Parameters:
        algname - DSA or RSA
        store - configuration store.
        Returns:
        algorithm id
        Throws:
        EBaseException - failed to retrieve algorithm id
      • getSignatureAlgorithm

        public java.lang.String getSignatureAlgorithm​(java.lang.String nickname)
                                               throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Retrieves the signature algorithm of the certificate named by the given nickname.
        Specified by:
        getSignatureAlgorithm in interface ICryptoSubsystem
        Parameters:
        nickname - nickname of the certificate
        Returns:
        signature algorithm
        Throws:
        EBaseException - failed to retrieve signature
      • getKeyPair

        public java.security.KeyPair getKeyPair​(java.lang.String nickname)
                                         throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Retrieves the key pair based on the given nickname.
        Specified by:
        getKeyPair in interface ICryptoSubsystem
        Parameters:
        nickname - nickname of the public key
        Throws:
        EBaseException - failed to retrieve key pair
      • getKeyPair

        public java.security.KeyPair getKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                                java.lang.String alg,
                                                int keySize)
                                         throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Generates a key pair based on the given parameters.
        Specified by:
        getKeyPair in interface ICryptoSubsystem
        Parameters:
        token - token where key is generated
        alg - key algorithm
        keySize - key size
        Returns:
        key pair
        Throws:
        EBaseException - failed to generate key pair
      • getKeyPair

        public java.security.KeyPair getKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                                java.lang.String alg,
                                                int keySize,
                                                org.mozilla.jss.crypto.PQGParams pqg)
                                         throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Generates a key pair based on the given parameters.
        Specified by:
        getKeyPair in interface ICryptoSubsystem
        Parameters:
        token - token where key is generated
        alg - key algorithm
        keySize - key size
        pqg - pqg parameters if DSA key, otherwise null
        Returns:
        key pair
        Throws:
        EBaseException - failed to generate key pair
      • getCertRequest

        public java.lang.String getCertRequest​(java.lang.String subjectName,
                                               java.security.KeyPair kp)
                                        throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Generates certificate request from the given key pair.
        Specified by:
        getCertRequest in interface ICryptoSubsystem
        Parameters:
        subjectName - subject name to use in the request
        kp - key pair that contains public key material
        Returns:
        certificate request in base-64 encoded format
        Throws:
        EBaseException - failed to generate request
      • importCert

        public void importCert​(java.lang.String b64E,
                               java.lang.String nickname,
                               java.lang.String certType)
                        throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Imports certificate into the server.
        Specified by:
        importCert in interface ICryptoSubsystem
        Parameters:
        b64E - certificate in mime-64 encoded format
        nickname - nickname for the importing certificate
        certType - certificate type
        Throws:
        EBaseException - failed to import certificate
      • getECCKeyPair

        public java.security.KeyPair getECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                                   java.lang.String keyCurve,
                                                   java.lang.String certType)
                                            throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Generates an ECC key pair based on the given parameters.
        Specified by:
        getECCKeyPair in interface ICryptoSubsystem
        Parameters:
        token - token name
        keyCurve - curve name
        certType - type of cert(sslserver etc..)
        Returns:
        key pair
        Throws:
        EBaseException - failed to generate key pair
      • importCert

        public void importCert​(org.mozilla.jss.netscape.security.x509.X509CertImpl signedCert,
                               java.lang.String nickname,
                               java.lang.String certType)
                        throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Imports certificate into the server.
        Specified by:
        importCert in interface ICryptoSubsystem
        Parameters:
        signedCert - certificate
        nickname - nickname for the importing certificate
        certType - certificate type
        Throws:
        EBaseException - failed to import certificate
      • trustCert

        public void trustCert​(java.lang.String nickname,
                              java.lang.String date,
                              java.lang.String trust)
                       throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Trusts a certificate for all available purposes.
        Specified by:
        trustCert in interface ICryptoSubsystem
        Parameters:
        nickname - nickname of the certificate
        date - certificate's not before
        trust - "Trust" or other
        Throws:
        EBaseException - failed to trust certificate
      • deleteCACert

        public void deleteCACert​(java.lang.String nickname,
                                 java.lang.String notAfterTime)
                          throws EBaseException
        Delete the CA certificate from the perm database.
        Parameters:
        nickname - The nickname of the CA certificate.
        notAfterTime - The notAfter of the certificate. It is possible to get multiple certificates under the same nickname. If one of the certificates match the notAfterTime, then the certificate will get deleted. The format of the notAfterTime has to be in "MMMMM dd, yyyy HH:mm:ss" format.
        Throws:
        EBaseException
      • deleteCert

        public void deleteCert​(java.lang.String nickname,
                               java.lang.String notAfterTime)
                        throws EBaseException
        Delete any certificate from the any token.
        Specified by:
        deleteCert in interface ICryptoSubsystem
        Parameters:
        nickname - The nickname of the certificate.
        notAfterTime - The notAfter of the certificate. It is possible to get multiple certificates under the same nickname. If one of the certificates match the notAfterTime, then the certificate will get deleted. The format of the notAfterTime has to be in "MMMMM dd, yyyy HH:mm:ss" format.
        Throws:
        EBaseException - failed to delete certificate
      • deleteTokenCertificate

        public void deleteTokenCertificate​(java.lang.String nickname,
                                           java.lang.String pathname)
                                    throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Deletes certificate of the given nickname.
        Specified by:
        deleteTokenCertificate in interface ICryptoSubsystem
        Parameters:
        nickname - nickname of the certificate
        pathname - path where a copy of the deleted certificate is stored
        Throws:
        EBaseException - failed to delete certificate
      • getSubjectDN

        public java.lang.String getSubjectDN​(java.lang.String nickname)
                                      throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Retrieves the subject DN of the certificate identified by the nickname.
        Specified by:
        getSubjectDN in interface ICryptoSubsystem
        Parameters:
        nickname - nickname of the certificate
        Returns:
        subject distinguished name
        Throws:
        EBaseException - failed to retrieve subject DN
      • getCertificate

        public org.mozilla.jss.crypto.X509Certificate getCertificate​(java.lang.String nickname,
                                                                     java.lang.String serialno,
                                                                     java.lang.String issuerName)
                                                              throws EBaseException
        Throws:
        EBaseException
      • getCertPrettyPrint

        public java.lang.String getCertPrettyPrint​(java.lang.String nickname,
                                                   java.lang.String date,
                                                   java.util.Locale locale)
                                            throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Retrieves certificate in pretty-print format by the nickname.
        Specified by:
        getCertPrettyPrint in interface ICryptoSubsystem
        Parameters:
        nickname - nickname of certificate
        date - not after of the returned certificate must be date
        locale - user locale
        Returns:
        certificate in pretty-print format
        Throws:
        EBaseException - failed to retrieve certificate
      • getCertPrettyPrint

        public java.lang.String getCertPrettyPrint​(java.lang.String b64E,
                                                   java.util.Locale locale)
                                            throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Retrieves the certificate in the pretty print format.
        Specified by:
        getCertPrettyPrint in interface ICryptoSubsystem
        Parameters:
        b64E - certificate in mime-64 encoded format
        locale - end user locale
        Returns:
        certificate in pretty-print format
        Throws:
        EBaseException - failed to retrieve certificate
      • getSignedCert

        public org.mozilla.jss.netscape.security.x509.X509CertImpl getSignedCert​(KeyCertData data,
                                                                                 java.lang.String certType,
                                                                                 java.security.PrivateKey priKey)
                                                                          throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Signs the certificate template into the given data and returns a signed certificate.
        Specified by:
        getSignedCert in interface ICryptoSubsystem
        Parameters:
        data - data that contains certificate template
        certType - certificate type
        priKey - CA signing key
        Returns:
        certificate
        Throws:
        EBaseException - failed to sign certificate template
      • isCACert

        public boolean isCACert​(java.lang.String fullNickname)
                         throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Checks to see if the certificate of the given nickname is a CA certificate.
        Specified by:
        isCACert in interface ICryptoSubsystem
        Parameters:
        fullNickname - nickname of the certificate to check
        Returns:
        true if it is a CA certificate
        Throws:
        EBaseException - failed to check
      • getExtensions

        public org.mozilla.jss.netscape.security.x509.CertificateExtensions getExtensions​(java.lang.String tokenname,
                                                                                          java.lang.String nickname)
                                                                                   throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Retrieves extensions of the certificate that is identified by the given nickname.
        Specified by:
        getExtensions in interface ICryptoSubsystem
        Parameters:
        tokenname - name of token where the nickname is valid
        nickname - nickname of the certificate
        Returns:
        certificate extensions
        Throws:
        EBaseException - failed to get extensions
      • checkCertificateExt

        public void checkCertificateExt​(java.lang.String ext)
                                 throws EBaseException
        Description copied from interface: ICryptoSubsystem
        Checks if the given base-64 encoded string contains an extension or a sequence of extensions.
        Specified by:
        checkCertificateExt in interface ICryptoSubsystem
        Parameters:
        ext - extension or sequence of extension encoded in base-64
        Throws:
        EBaseException - failed to check encoding
      • checkKeyLength

        public void checkKeyLength​(java.lang.String keyType,
                                   int keyLength,
                                   java.lang.String certType,
                                   int minRSAKeyLen)
                            throws EBaseException
        Throws:
        EBaseException
      • getPQG

        public org.mozilla.jss.crypto.PQGParams getPQG​(int keysize)
        Description copied from interface: ICryptoSubsystem
        Retrieves PQG parameters based on key size.
        Specified by:
        getPQG in interface ICryptoSubsystem
        Parameters:
        keysize - key size
        Returns:
        pqg parameters
      • getCertExtensions

        public org.mozilla.jss.netscape.security.x509.CertificateExtensions getCertExtensions​(java.lang.String tokenname,
                                                                                              java.lang.String nickname)
                                                                                       throws org.mozilla.jss.NotInitializedException,
                                                                                              org.mozilla.jss.crypto.TokenException,
                                                                                              org.mozilla.jss.crypto.ObjectNotFoundException,
                                                                                              java.io.IOException,
                                                                                              java.security.cert.CertificateException
        Description copied from interface: ICryptoSubsystem
        Retrieves extensions of the certificate that is identified by the given nickname.
        Specified by:
        getCertExtensions in interface ICryptoSubsystem
        Parameters:
        tokenname - token name
        nickname - nickname
        Returns:
        certificate extensions
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.crypto.TokenException
        org.mozilla.jss.crypto.ObjectNotFoundException
        java.io.IOException
        java.security.cert.CertificateException
      • main

        public static void main​(java.lang.String[] args)
                         throws java.lang.Exception
        Throws:
        java.lang.Exception