Interface ICryptoSubsystem

All Known Implementing Classes:
JssSubsystem

public interface ICryptoSubsystem
This interface represents the cryptographics subsystem that provides all the security related functions.
Version:
$Revision$, $Date$
  • Field Details

  • Method Details

    • getAllCerts

      String getAllCerts() throws EBaseException
      Retrieves a list of nicknames of certificates that are in the installed tokens.
      Returns:
      a list of comma-separated nicknames
      Throws:
      EBaseException - failed to retrieve nicknames
    • getCertPrettyPrint

      String getCertPrettyPrint(String nickname, String date, Locale locale) throws EBaseException
      Retrieves certificate in pretty-print format by the nickname.
      Parameters:
      nickname - nickname of certificate
      date - not after of the returned certificate must be date
      locale - user locale
      Returns:
      certificate in pretty-print format
      Throws:
      EBaseException - failed to retrieve certificate
    • getRootCertTrustBit

      String getRootCertTrustBit(String nickname, String serialno, String issuerName) throws EBaseException
      Throws:
      EBaseException
    • getCertPrettyPrint

      String getCertPrettyPrint(String nickname, String serialno, String issuername, Locale locale) throws EBaseException
      Throws:
      EBaseException
    • getCertPrettyPrintAndFingerPrint

      String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, String issuername, Locale locale) throws EBaseException
      Throws:
      EBaseException
    • getCertPrettyPrint

      String getCertPrettyPrint(String b64E, Locale locale) throws EBaseException
      Retrieves the certificate in the pretty print format.
      Parameters:
      b64E - certificate in mime-64 encoded format
      locale - end user locale
      Returns:
      certificate in pretty-print format
      Throws:
      EBaseException - failed to retrieve certificate
    • importCert

      void importCert(String b64E, String nickname, String certType) throws EBaseException
      Imports certificate into the server.
      Parameters:
      b64E - certificate in mime-64 encoded format
      nickname - nickname for the importing certificate
      certType - certificate type
      Throws:
      EBaseException - failed to import certificate
    • importCert

      void importCert(org.mozilla.jss.netscape.security.x509.X509CertImpl signedCert, String nickname, String certType) throws EBaseException
      Imports certificate into the server.
      Parameters:
      signedCert - certificate
      nickname - nickname for the importing certificate
      certType - certificate type
      Throws:
      EBaseException - failed to import certificate
    • getKeyPair

      KeyPair getKeyPair(KeyCertData properties) throws EBaseException
      Generates a key pair based on the given parameters.
      Parameters:
      properties - key parameters
      Returns:
      key pair
      Throws:
      EBaseException - failed to generate key pair
    • getKeyPair

      KeyPair getKeyPair(String nickname) throws EBaseException
      Retrieves the key pair based on the given nickname.
      Parameters:
      nickname - nickname of the public key
      Throws:
      EBaseException - failed to retrieve key pair
    • getKeyPair

      KeyPair getKeyPair(org.mozilla.jss.crypto.CryptoToken token, String alg, int keySize) throws EBaseException
      Generates a key pair based on the given parameters.
      Parameters:
      token - token where key is generated
      alg - key algorithm
      keySize - key size
      Returns:
      key pair
      Throws:
      EBaseException - failed to generate key pair
    • getKeyPair

      KeyPair getKeyPair(org.mozilla.jss.crypto.CryptoToken token, String alg, int keySize, org.mozilla.jss.crypto.PQGParams pqg) throws EBaseException
      Generates a key pair based on the given parameters.
      Parameters:
      token - token where key is generated
      alg - key algorithm
      keySize - key size
      pqg - pqg parameters if DSA key, otherwise null
      Returns:
      key pair
      Throws:
      EBaseException - failed to generate key pair
    • getECCKeyPair

      KeyPair getECCKeyPair(KeyCertData properties) throws EBaseException
      Generates an ECC key pair based on the given parameters.
      Parameters:
      properties - key parameters
      Returns:
      key pair
      Throws:
      EBaseException - failed to generate key pair
    • getECCKeyPair

      KeyPair getECCKeyPair(org.mozilla.jss.crypto.CryptoToken token, String curveName, String certType) throws EBaseException
      Generates an ECC key pair based on the given parameters.
      Parameters:
      token - token name
      curveName - curve name
      certType - type of cert(sslserver etc..)
      Returns:
      key pair
      Throws:
      EBaseException - failed to generate key pair
    • getSignatureAlgorithm

      String getSignatureAlgorithm(String nickname) throws EBaseException
      Retrieves the signature algorithm of the certificate named by the given nickname.
      Parameters:
      nickname - nickname of the certificate
      Returns:
      signature algorithm
      Throws:
      EBaseException - failed to retrieve signature
    • isX500DN

      void isX500DN(String dn) throws EBaseException
      Checks if the given dn is a valid distinguished name.
      Parameters:
      dn - distinguished name
      Throws:
      EBaseException - failed to check
    • getAlgorithmId

      org.mozilla.jss.netscape.security.x509.AlgorithmId getAlgorithmId(String algname, ConfigStore store) throws EBaseException
      Retrieves CA's signing algorithm id. If it is DSA algorithm, algorithm is constructed by reading the parameters ca.dsaP, ca.dsaQ, ca.dsaG.
      Parameters:
      algname - DSA or RSA
      store - configuration store.
      Returns:
      algorithm id
      Throws:
      EBaseException - failed to retrieve algorithm id
    • getCertSubjectName

      String getCertSubjectName(String tokenname, String nickname) throws EBaseException
      Retrieves subject name of the certificate that is identified by the given nickname.
      Parameters:
      tokenname - name of token where the nickname is valid
      nickname - nickname of the certificate
      Returns:
      subject name
      Throws:
      EBaseException - failed to get subject name
    • getExtensions

      org.mozilla.jss.netscape.security.x509.CertificateExtensions getExtensions(String tokenname, String nickname) throws EBaseException
      Retrieves extensions of the certificate that is identified by the given nickname.
      Parameters:
      tokenname - name of token where the nickname is valid
      nickname - nickname of the certificate
      Returns:
      certificate extensions
      Throws:
      EBaseException - failed to get extensions
    • deleteTokenCertificate

      void deleteTokenCertificate(String nickname, String pathname) throws EBaseException
      Deletes certificate of the given nickname.
      Parameters:
      nickname - nickname of the certificate
      pathname - path where a copy of the deleted certificate is stored
      Throws:
      EBaseException - failed to delete certificate
    • deleteCert

      void deleteCert(String nickname, String notAfterTime) throws EBaseException
      Delete certificate of the given nickname.
      Parameters:
      nickname - nickname of the certificate
      notAfterTime - The notAfter of the certificate. It is possible to ge t multiple certificates under the same nickname. If one of the certificates match the notAfterTime, then the certificate will get deleted. The format of the notAfterTime has to be in "MMMMM dd, yyyy HH:mm:ss" format.
      Throws:
      EBaseException - failed to delete certificate
    • getSubjectDN

      String getSubjectDN(String nickname) throws EBaseException
      Retrieves the subject DN of the certificate identified by the nickname.
      Parameters:
      nickname - nickname of the certificate
      Returns:
      subject distinguished name
      Throws:
      EBaseException - failed to retrieve subject DN
    • trustCert

      void trustCert(String nickname, String date, String trust) throws EBaseException
      Trusts a certificate for all available purposes.
      Parameters:
      nickname - nickname of the certificate
      date - certificate's not before
      trust - "Trust" or other
      Throws:
      EBaseException - failed to trust certificate
    • checkCertificateExt

      void checkCertificateExt(String ext) throws EBaseException
      Checks if the given base-64 encoded string contains an extension or a sequence of extensions.
      Parameters:
      ext - extension or sequence of extension encoded in base-64
      Throws:
      EBaseException - failed to check encoding
    • getAllCertsManage

      NameValuePairs getAllCertsManage() throws EBaseException
      Gets all certificates on all tokens for Certificate Database Management.
      Returns:
      all certificates
      Throws:
      EBaseException - failed to retrieve certificates
    • getUserCerts

      NameValuePairs getUserCerts() throws EBaseException
      Throws:
      EBaseException
    • getCACerts

      NameValuePairs getCACerts() throws EBaseException
      Gets all CA certificates on all tokens.
      Returns:
      all CA certificates
      Throws:
      EBaseException - failed to retrieve certificates
    • getRootCerts

      NameValuePairs getRootCerts() throws EBaseException
      Throws:
      EBaseException
    • setRootCertTrust

      void setRootCertTrust(String nickname, String serialno, String issuername, String trust) throws EBaseException
      Throws:
      EBaseException
    • deleteRootCert

      void deleteRootCert(String nickname, String serialno, String issuername) throws EBaseException
      Throws:
      EBaseException
    • deleteUserCert

      void deleteUserCert(String nickname, String serialno, String issuername) throws EBaseException
      Throws:
      EBaseException
    • getPQG

      org.mozilla.jss.crypto.PQGParams getPQG(int keysize)
      Retrieves PQG parameters based on key size.
      Parameters:
      keysize - key size
      Returns:
      pqg parameters
    • getCAPQG

      org.mozilla.jss.crypto.PQGParams getCAPQG(int keysize, ConfigStore store) throws EBaseException
      Retrieves PQG parameters based on key size.
      Parameters:
      keysize - key size
      store - configuration store
      Returns:
      pqg parameters
      Throws:
      EBaseException
    • getCertExtensions

      org.mozilla.jss.netscape.security.x509.CertificateExtensions getCertExtensions(String tokenname, String nickname) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.crypto.TokenException, org.mozilla.jss.crypto.ObjectNotFoundException, IOException, CertificateException
      Retrieves extensions of the certificate that is identified by the given nickname.
      Parameters:
      tokenname - token name
      nickname - nickname
      Returns:
      certificate extensions
      Throws:
      org.mozilla.jss.NotInitializedException
      org.mozilla.jss.crypto.TokenException
      org.mozilla.jss.crypto.ObjectNotFoundException
      IOException
      CertificateException
    • isTokenLoggedIn

      boolean isTokenLoggedIn(String name) throws EBaseException
      Checks if the given token is logged in.
      Parameters:
      name - token name
      Returns:
      true if token is logged in
      Throws:
      EBaseException - failed to login
    • loggedInToken

      void loggedInToken(String tokenName, String pwd) throws EBaseException
      Logs into token.
      Parameters:
      tokenName - name of the token
      pwd - token password
      Throws:
      EBaseException - failed to login
    • getCertRequest

      String getCertRequest(String subjectName, KeyPair kp) throws EBaseException
      Generates certificate request from the given key pair.
      Parameters:
      subjectName - subject name to use in the request
      kp - key pair that contains public key material
      Returns:
      certificate request in base-64 encoded format
      Throws:
      EBaseException - failed to generate request
    • isCipherFortezza

      String isCipherFortezza() throws EBaseException
      Checks if fortezza is enabled.
      Returns:
      "true" if fortezza is enabled
      Throws:
      EBaseException
    • getCipherVersion

      String getCipherVersion() throws EBaseException
      Retrieves the SSL cipher version.
      Returns:
      cipher version (i.e. "cipherdomestic")
      Throws:
      EBaseException
    • getCipherPreferences

      String getCipherPreferences() throws EBaseException
      Retrieves the cipher preferences.
      Returns:
      cipher preferences (i.e. "rc4export,rc2export,...")
      Throws:
      EBaseException
    • setCipherPreferences

      void setCipherPreferences(String cipherPrefs) throws EBaseException
      Sets the current SSL cipher preferences.
      Parameters:
      cipherPrefs - cipher preferences (i.e. "rc4export,rc2export,...")
      Throws:
      EBaseException - failed to set cipher preferences
    • getTokenList

      String getTokenList() throws EBaseException
      Retrieves a list of currently registered token names.
      Returns:
      list of token names
      Throws:
      EBaseException - failed to retrieve token list
    • getCertListWithoutTokenName

      String getCertListWithoutTokenName(String name) throws EBaseException
      Retrieves all certificates. The result list will not contain the token tag.
      Parameters:
      name - token name
      Returns:
      list of certificates without token tag
      Throws:
      EBaseException - failed to retrieve
    • getInternalTokenName

      String getInternalTokenName() throws EBaseException
      Retrieves the token name of the internal (software) token.
      Returns:
      the token name
      Throws:
      EBaseException - failed to retrieve token name
    • isCACert

      boolean isCACert(String fullNickname) throws EBaseException
      Checks to see if the certificate of the given nickname is a CA certificate.
      Parameters:
      fullNickname - nickname of the certificate to check
      Returns:
      true if it is a CA certificate
      Throws:
      EBaseException - failed to check
    • addEntropy

      void addEntropy(int bits) throws org.mozilla.jss.util.NotImplementedException, IOException, org.mozilla.jss.crypto.TokenException
      Adds the specified number of bits of entropy from the system entropy generator to the RNG of the default PKCS#11 RNG token. The default token is set using the modutil command. Note that the system entropy generator (usually /dev/random) will block until sufficient entropy is collected.
      Parameters:
      bits - number of bits of entropy
      Throws:
      org.mozilla.jss.util.NotImplementedException - If the Crypto device does not support adding entropy
      org.mozilla.jss.crypto.TokenException - If there was some other problem with the Crypto device
      IOException - If there was a problem reading from the /dev/random
    • getSignedCert

      org.mozilla.jss.netscape.security.x509.X509CertImpl getSignedCert(KeyCertData data, String certType, PrivateKey priKey) throws EBaseException
      Signs the certificate template into the given data and returns a signed certificate.
      Parameters:
      data - data that contains certificate template
      certType - certificate type
      priKey - CA signing key
      Returns:
      certificate
      Throws:
      EBaseException - failed to sign certificate template