Package com.netscape.cmscore.security
Class JssSubsystem
- java.lang.Object
-
- com.netscape.cmscore.security.JssSubsystem
-
- All Implemented Interfaces:
ISubsystem
,com.netscape.certsrv.security.ICryptoSubsystem
public final class JssSubsystem extends java.lang.Object implements com.netscape.certsrv.security.ICryptoSubsystem
Subsystem for initializing JSS>- Version:
- $Revision$ $Date$
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
ID
static org.slf4j.Logger
logger
protected IConfigStore
mConfig
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addEntropy(int bits)
Adds the specified number of bits of entropy from the system entropy generator to the RNG of the default PKCS#11 RNG token.void
checkCertificateExt(java.lang.String ext)
Checks if the given base-64 encoded string contains an extension or a sequence of extensions.void
checkKeyLength(java.lang.String keyType, int keyLength, java.lang.String certType, int minRSAKeyLen)
void
deleteCACert(java.lang.String nickname, java.lang.String notAfterTime)
Delete the CA certificate from the perm database.void
deleteCert(java.lang.String nickname, java.lang.String notAfterTime)
Delete any certificate from the any token.void
deleteRootCert(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername)
void
deleteTokenCertificate(java.lang.String nickname, java.lang.String pathname)
Deletes certificate of the given nickname.void
deleteUserCert(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername)
org.mozilla.jss.netscape.security.x509.AlgorithmId
getAlgorithmId(java.lang.String algname, IConfigStore store)
Retrieves CA's signing algorithm id.java.lang.String
getAllCerts()
Retrieves a list of nicknames of certificates that are in the installed tokens.com.netscape.certsrv.common.NameValuePairs
getAllCertsManage()
Gets all certificates on all tokens for Certificate Database Management.com.netscape.certsrv.common.NameValuePairs
getCACerts()
Gets all CA certificates on all tokens.org.mozilla.jss.crypto.PQGParams
getCAPQG(int keysize, IConfigStore store)
Retrieves PQG parameters based on key size.org.mozilla.jss.netscape.security.x509.CertificateExtensions
getCertExtensions(java.lang.String tokenname, java.lang.String nickname)
Retrieves extensions of the certificate that is identified by the given nickname.org.mozilla.jss.crypto.X509Certificate
getCertificate(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName)
com.netscape.certsrv.common.NameValuePairs
getCertInfo(java.lang.String b64E)
java.lang.String
getCertList(java.lang.String name)
java.lang.String
getCertListWithoutTokenName(java.lang.String name)
Retrieves all certificates.java.lang.String
getCertPrettyPrint(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName, java.util.Locale locale)
java.lang.String
getCertPrettyPrint(java.lang.String nickname, java.lang.String date, java.util.Locale locale)
Retrieves certificate in pretty-print format by the nickname.java.lang.String
getCertPrettyPrint(java.lang.String b64E, java.util.Locale locale)
Retrieves the certificate in the pretty print format.java.lang.String
getCertPrettyPrintAndFingerPrint(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName, java.util.Locale locale)
java.lang.String
getCertRequest(java.lang.String subjectName, java.security.KeyPair kp)
Generates certificate request from the given key pair.java.lang.String
getCertSubjectName(java.lang.String tokenname, java.lang.String nickname)
Retrieves subject name of the certificate that is identified by the given nickname.java.lang.String
getCipherPreferences()
Retrieves the cipher preferences.java.lang.String
getCipherVersion()
Retrieves the SSL cipher version.IConfigStore
getConfigStore()
Retrieves a configuration store of this subsystem.java.security.KeyPair
getECCKeyPair(com.netscape.certsrv.security.KeyCertData properties)
Generates an ECC key pair based on the given parameters.java.security.KeyPair
getECCKeyPair(org.mozilla.jss.crypto.CryptoToken token, java.lang.String keyCurve, java.lang.String certType)
Generates an ECC key pair based on the given parameters.java.lang.String
getECType(java.lang.String certType)
org.mozilla.jss.netscape.security.x509.CertificateExtensions
getExtensions(java.lang.String tokenname, java.lang.String nickname)
Retrieves extensions of the certificate that is identified by the given nickname.java.lang.String
getId()
Retrieves the name of this subsystem.static JssSubsystem
getInstance()
java.lang.String
getInternalTokenName()
Retrieves the token name of the internal (software) token.java.security.KeyPair
getKeyPair(com.netscape.certsrv.security.KeyCertData properties)
Generates a key pair based on the given parameters.java.security.KeyPair
getKeyPair(java.lang.String nickname)
Retrieves the key pair based on the given nickname.java.security.KeyPair
getKeyPair(org.mozilla.jss.crypto.CryptoToken token, java.lang.String alg, int keySize)
Generates a key pair based on the given parameters.java.security.KeyPair
getKeyPair(org.mozilla.jss.crypto.CryptoToken token, java.lang.String alg, int keySize, org.mozilla.jss.crypto.PQGParams pqg)
Generates a key pair based on the given parameters.org.mozilla.jss.crypto.PQGParams
getPQG(int keysize)
Retrieves PQG parameters based on key size.java.security.SecureRandom
getRandomNumberGenerator()
com.netscape.certsrv.common.NameValuePairs
getRootCerts()
java.lang.String
getRootCertTrustBit(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName)
java.lang.String
getSignatureAlgorithm(java.lang.String nickname)
Retrieves the signature algorithm of the certificate named by the given nickname.org.mozilla.jss.netscape.security.x509.X509CertImpl
getSignedCert(com.netscape.certsrv.security.KeyCertData data, java.lang.String certType, java.security.PrivateKey priKey)
Signs the certificate template into the given data and returns a signed certificate.java.lang.String
getSubjectDN(java.lang.String nickname)
Retrieves the subject DN of the certificate identified by the nickname.java.lang.String
getTokenList()
Retrieves a list of currently registered token names.com.netscape.certsrv.common.NameValuePairs
getUserCerts()
void
importCert(java.lang.String b64E, java.lang.String nickname, java.lang.String certType)
Imports certificate into the server.void
importCert(org.mozilla.jss.netscape.security.x509.X509CertImpl signedCert, java.lang.String nickname, java.lang.String certType)
Imports certificate into the server.void
init(IConfigStore config)
Initializes the Jss security subsystem.boolean
isCACert(java.lang.String fullNickname)
Checks to see if the certificate of the given nickname is a CA certificate.java.lang.String
isCipherFortezza()
Checks if fortezza is enabled.boolean
isTokenLoggedIn(java.lang.String name)
Checks if the given token is logged in.void
isX500DN(java.lang.String dn)
Checks if the given dn is a valid distinguished name.void
loggedInToken(java.lang.String tokenName, java.lang.String pwd)
Logs into token.static void
main(java.lang.String[] args)
void
obscureBytes(byte[] memory)
void
obscureBytes(byte[] memory, java.lang.String method)
void
obscureChars(char[] memory)
void
setCipherPreferences(java.lang.String cipherPrefs)
Sets the current SSL cipher preferences.void
setId(java.lang.String id)
Sets specific to this subsystem.void
setRootCertTrust(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName, java.lang.String trust)
void
shutdown()
Shutdowns this subsystem.void
startup()
Starts up this service.void
trustCert(java.lang.String nickname, java.lang.String date, java.lang.String trust)
Trusts a certificate for all available purposes.
-
-
-
Field Detail
-
logger
public static org.slf4j.Logger logger
-
ID
public static final java.lang.String ID
- See Also:
- Constant Field Values
-
mConfig
protected IConfigStore mConfig
-
-
Method Detail
-
getInstance
public static JssSubsystem getInstance()
-
getId
public java.lang.String getId()
Description copied from interface:ISubsystem
Retrieves the name of this subsystem.- Specified by:
getId
in interfaceISubsystem
- Returns:
- subsystem identifier
-
setId
public void setId(java.lang.String id) throws EBaseException
Description copied from interface:ISubsystem
Sets specific to this subsystem.- Specified by:
setId
in interfaceISubsystem
- Parameters:
id
- subsystem identifier- Throws:
EBaseException
- failed to set id
-
addEntropy
public void addEntropy(int bits) throws org.mozilla.jss.util.NotImplementedException, java.io.IOException, org.mozilla.jss.crypto.TokenException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Adds the specified number of bits of entropy from the system entropy generator to the RNG of the default PKCS#11 RNG token. The default token is set using the modutil command. Note that the system entropy generator (usually /dev/random) will block until sufficient entropy is collected.- Specified by:
addEntropy
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
bits
- number of bits of entropy- Throws:
org.mozilla.jss.util.NotImplementedException
- If the Crypto device does not support adding entropyjava.io.IOException
- If there was a problem reading from the /dev/randomorg.mozilla.jss.crypto.TokenException
- If there was some other problem with the Crypto device
-
init
public void init(IConfigStore config) throws EBaseException
Initializes the Jss security subsystem.- Specified by:
init
in interfaceISubsystem
- Parameters:
config
- configuration store- Throws:
EBaseException
- failed to initialize
-
getRandomNumberGenerator
public java.security.SecureRandom getRandomNumberGenerator()
-
obscureBytes
public void obscureBytes(byte[] memory)
-
obscureBytes
public void obscureBytes(byte[] memory, java.lang.String method)
-
obscureChars
public void obscureChars(char[] memory)
-
getCipherVersion
public java.lang.String getCipherVersion() throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves the SSL cipher version.- Specified by:
getCipherVersion
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Returns:
- cipher version (i.e. "cipherdomestic")
- Throws:
EBaseException
-
getCipherPreferences
public java.lang.String getCipherPreferences() throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves the cipher preferences.- Specified by:
getCipherPreferences
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Returns:
- cipher preferences (i.e. "rc4export,rc2export,...")
- Throws:
EBaseException
-
getECType
public java.lang.String getECType(java.lang.String certType) throws EBaseException
- Throws:
EBaseException
-
isCipherFortezza
public java.lang.String isCipherFortezza() throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Checks if fortezza is enabled.- Specified by:
isCipherFortezza
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Returns:
- "true" if fortezza is enabled
- Throws:
EBaseException
-
setCipherPreferences
public void setCipherPreferences(java.lang.String cipherPrefs) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Sets the current SSL cipher preferences.- Specified by:
setCipherPreferences
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
cipherPrefs
- cipher preferences (i.e. "rc4export,rc2export,...")- Throws:
EBaseException
- failed to set cipher preferences
-
getConfigStore
public IConfigStore getConfigStore()
Retrieves a configuration store of this subsystem.- Specified by:
getConfigStore
in interfaceISubsystem
- Returns:
- configuration store of this subsystem
-
startup
public void startup() throws EBaseException
Starts up this service.- Specified by:
startup
in interfaceISubsystem
- Throws:
EBaseException
- failed to start up
-
shutdown
public void shutdown()
Shutdowns this subsystem.- Specified by:
shutdown
in interfaceISubsystem
-
getInternalTokenName
public java.lang.String getInternalTokenName() throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves the token name of the internal (software) token.- Specified by:
getInternalTokenName
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Returns:
- the token name
- Throws:
EBaseException
- failed to retrieve token name
-
getTokenList
public java.lang.String getTokenList() throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves a list of currently registered token names.- Specified by:
getTokenList
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Returns:
- list of token names
- Throws:
EBaseException
- failed to retrieve token list
-
isTokenLoggedIn
public boolean isTokenLoggedIn(java.lang.String name) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Checks if the given token is logged in.- Specified by:
isTokenLoggedIn
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
name
- token name- Returns:
- true if token is logged in
- Throws:
EBaseException
- failed to login
-
loggedInToken
public void loggedInToken(java.lang.String tokenName, java.lang.String pwd) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Logs into token.- Specified by:
loggedInToken
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
tokenName
- name of the tokenpwd
- token password- Throws:
EBaseException
- failed to login
-
getCertSubjectName
public java.lang.String getCertSubjectName(java.lang.String tokenname, java.lang.String nickname) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves subject name of the certificate that is identified by the given nickname.- Specified by:
getCertSubjectName
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
tokenname
- name of token where the nickname is validnickname
- nickname of the certificate- Returns:
- subject name
- Throws:
EBaseException
- failed to get subject name
-
getAllCerts
public java.lang.String getAllCerts() throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves a list of nicknames of certificates that are in the installed tokens.- Specified by:
getAllCerts
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Returns:
- a list of comma-separated nicknames
- Throws:
EBaseException
- failed to retrieve nicknames
-
getCertListWithoutTokenName
public java.lang.String getCertListWithoutTokenName(java.lang.String name) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves all certificates. The result list will not contain the token tag.- Specified by:
getCertListWithoutTokenName
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
name
- token name- Returns:
- list of certificates without token tag
- Throws:
EBaseException
- failed to retrieve
-
getCertList
public java.lang.String getCertList(java.lang.String name) throws EBaseException
- Throws:
EBaseException
-
getAlgorithmId
public org.mozilla.jss.netscape.security.x509.AlgorithmId getAlgorithmId(java.lang.String algname, IConfigStore store) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves CA's signing algorithm id. If it is DSA algorithm, algorithm is constructed by reading the parameters ca.dsaP, ca.dsaQ, ca.dsaG.- Specified by:
getAlgorithmId
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
algname
- DSA or RSAstore
- configuration store.- Returns:
- algorithm id
- Throws:
EBaseException
- failed to retrieve algorithm id
-
getSignatureAlgorithm
public java.lang.String getSignatureAlgorithm(java.lang.String nickname) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves the signature algorithm of the certificate named by the given nickname.- Specified by:
getSignatureAlgorithm
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
nickname
- nickname of the certificate- Returns:
- signature algorithm
- Throws:
EBaseException
- failed to retrieve signature
-
getKeyPair
public java.security.KeyPair getKeyPair(java.lang.String nickname) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves the key pair based on the given nickname.- Specified by:
getKeyPair
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
nickname
- nickname of the public key- Throws:
EBaseException
- failed to retrieve key pair
-
getKeyPair
public java.security.KeyPair getKeyPair(org.mozilla.jss.crypto.CryptoToken token, java.lang.String alg, int keySize) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Generates a key pair based on the given parameters.- Specified by:
getKeyPair
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
token
- token where key is generatedalg
- key algorithmkeySize
- key size- Returns:
- key pair
- Throws:
EBaseException
- failed to generate key pair
-
getKeyPair
public java.security.KeyPair getKeyPair(org.mozilla.jss.crypto.CryptoToken token, java.lang.String alg, int keySize, org.mozilla.jss.crypto.PQGParams pqg) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Generates a key pair based on the given parameters.- Specified by:
getKeyPair
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
token
- token where key is generatedalg
- key algorithmkeySize
- key sizepqg
- pqg parameters if DSA key, otherwise null- Returns:
- key pair
- Throws:
EBaseException
- failed to generate key pair
-
isX500DN
public void isX500DN(java.lang.String dn) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Checks if the given dn is a valid distinguished name.- Specified by:
isX500DN
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
dn
- distinguished name- Throws:
EBaseException
- failed to check
-
getCertRequest
public java.lang.String getCertRequest(java.lang.String subjectName, java.security.KeyPair kp) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Generates certificate request from the given key pair.- Specified by:
getCertRequest
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
subjectName
- subject name to use in the requestkp
- key pair that contains public key material- Returns:
- certificate request in base-64 encoded format
- Throws:
EBaseException
- failed to generate request
-
importCert
public void importCert(java.lang.String b64E, java.lang.String nickname, java.lang.String certType) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Imports certificate into the server.- Specified by:
importCert
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
b64E
- certificate in mime-64 encoded formatnickname
- nickname for the importing certificatecertType
- certificate type- Throws:
EBaseException
- failed to import certificate
-
getKeyPair
public java.security.KeyPair getKeyPair(com.netscape.certsrv.security.KeyCertData properties) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Generates a key pair based on the given parameters.- Specified by:
getKeyPair
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
properties
- key parameters- Returns:
- key pair
- Throws:
EBaseException
- failed to generate key pair
-
getECCKeyPair
public java.security.KeyPair getECCKeyPair(com.netscape.certsrv.security.KeyCertData properties) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Generates an ECC key pair based on the given parameters.- Specified by:
getECCKeyPair
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
properties
- key parameters- Returns:
- key pair
- Throws:
EBaseException
- failed to generate key pair
-
getECCKeyPair
public java.security.KeyPair getECCKeyPair(org.mozilla.jss.crypto.CryptoToken token, java.lang.String keyCurve, java.lang.String certType) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Generates an ECC key pair based on the given parameters.- Specified by:
getECCKeyPair
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
token
- token namekeyCurve
- curve namecertType
- type of cert(sslserver etc..)- Returns:
- key pair
- Throws:
EBaseException
- failed to generate key pair
-
importCert
public void importCert(org.mozilla.jss.netscape.security.x509.X509CertImpl signedCert, java.lang.String nickname, java.lang.String certType) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Imports certificate into the server.- Specified by:
importCert
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
signedCert
- certificatenickname
- nickname for the importing certificatecertType
- certificate type- Throws:
EBaseException
- failed to import certificate
-
getCertInfo
public com.netscape.certsrv.common.NameValuePairs getCertInfo(java.lang.String b64E) throws EBaseException
- Throws:
EBaseException
-
deleteUserCert
public void deleteUserCert(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername) throws EBaseException
- Specified by:
deleteUserCert
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Throws:
EBaseException
-
deleteRootCert
public void deleteRootCert(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername) throws EBaseException
- Specified by:
deleteRootCert
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Throws:
EBaseException
-
getRootCerts
public com.netscape.certsrv.common.NameValuePairs getRootCerts() throws EBaseException
- Specified by:
getRootCerts
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Throws:
EBaseException
-
getUserCerts
public com.netscape.certsrv.common.NameValuePairs getUserCerts() throws EBaseException
- Specified by:
getUserCerts
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Throws:
EBaseException
-
getAllCertsManage
public com.netscape.certsrv.common.NameValuePairs getAllCertsManage() throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Gets all certificates on all tokens for Certificate Database Management.- Specified by:
getAllCertsManage
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Returns:
- all certificates
- Throws:
EBaseException
- failed to retrieve certificates
-
getCACerts
public com.netscape.certsrv.common.NameValuePairs getCACerts() throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Gets all CA certificates on all tokens.- Specified by:
getCACerts
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Returns:
- all CA certificates
- Throws:
EBaseException
- failed to retrieve certificates
-
trustCert
public void trustCert(java.lang.String nickname, java.lang.String date, java.lang.String trust) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Trusts a certificate for all available purposes.- Specified by:
trustCert
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
nickname
- nickname of the certificatedate
- certificate's not beforetrust
- "Trust" or other- Throws:
EBaseException
- failed to trust certificate
-
deleteCACert
public void deleteCACert(java.lang.String nickname, java.lang.String notAfterTime) throws EBaseException
Delete the CA certificate from the perm database.- Parameters:
nickname
- The nickname of the CA certificate.notAfterTime
- The notAfter of the certificate. It is possible to get multiple certificates under the same nickname. If one of the certificates match the notAfterTime, then the certificate will get deleted. The format of the notAfterTime has to be in "MMMMM dd, yyyy HH:mm:ss" format.- Throws:
EBaseException
-
deleteCert
public void deleteCert(java.lang.String nickname, java.lang.String notAfterTime) throws EBaseException
Delete any certificate from the any token.- Specified by:
deleteCert
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
nickname
- The nickname of the certificate.notAfterTime
- The notAfter of the certificate. It is possible to get multiple certificates under the same nickname. If one of the certificates match the notAfterTime, then the certificate will get deleted. The format of the notAfterTime has to be in "MMMMM dd, yyyy HH:mm:ss" format.- Throws:
EBaseException
- failed to delete certificate
-
deleteTokenCertificate
public void deleteTokenCertificate(java.lang.String nickname, java.lang.String pathname) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Deletes certificate of the given nickname.- Specified by:
deleteTokenCertificate
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
nickname
- nickname of the certificatepathname
- path where a copy of the deleted certificate is stored- Throws:
EBaseException
- failed to delete certificate
-
getSubjectDN
public java.lang.String getSubjectDN(java.lang.String nickname) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves the subject DN of the certificate identified by the nickname.- Specified by:
getSubjectDN
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
nickname
- nickname of the certificate- Returns:
- subject distinguished name
- Throws:
EBaseException
- failed to retrieve subject DN
-
setRootCertTrust
public void setRootCertTrust(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName, java.lang.String trust) throws EBaseException
- Specified by:
setRootCertTrust
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Throws:
EBaseException
-
getCertificate
public org.mozilla.jss.crypto.X509Certificate getCertificate(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName) throws EBaseException
- Throws:
EBaseException
-
getRootCertTrustBit
public java.lang.String getRootCertTrustBit(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName) throws EBaseException
- Specified by:
getRootCertTrustBit
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Throws:
EBaseException
-
getCertPrettyPrint
public java.lang.String getCertPrettyPrint(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName, java.util.Locale locale) throws EBaseException
- Specified by:
getCertPrettyPrint
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Throws:
EBaseException
-
getCertPrettyPrintAndFingerPrint
public java.lang.String getCertPrettyPrintAndFingerPrint(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName, java.util.Locale locale) throws EBaseException
- Specified by:
getCertPrettyPrintAndFingerPrint
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Throws:
EBaseException
-
getCertPrettyPrint
public java.lang.String getCertPrettyPrint(java.lang.String nickname, java.lang.String date, java.util.Locale locale) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves certificate in pretty-print format by the nickname.- Specified by:
getCertPrettyPrint
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
nickname
- nickname of certificatedate
- not after of the returned certificate must be datelocale
- user locale- Returns:
- certificate in pretty-print format
- Throws:
EBaseException
- failed to retrieve certificate
-
getCertPrettyPrint
public java.lang.String getCertPrettyPrint(java.lang.String b64E, java.util.Locale locale) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves the certificate in the pretty print format.- Specified by:
getCertPrettyPrint
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
b64E
- certificate in mime-64 encoded formatlocale
- end user locale- Returns:
- certificate in pretty-print format
- Throws:
EBaseException
- failed to retrieve certificate
-
getSignedCert
public org.mozilla.jss.netscape.security.x509.X509CertImpl getSignedCert(com.netscape.certsrv.security.KeyCertData data, java.lang.String certType, java.security.PrivateKey priKey) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Signs the certificate template into the given data and returns a signed certificate.- Specified by:
getSignedCert
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
data
- data that contains certificate templatecertType
- certificate typepriKey
- CA signing key- Returns:
- certificate
- Throws:
EBaseException
- failed to sign certificate template
-
isCACert
public boolean isCACert(java.lang.String fullNickname) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Checks to see if the certificate of the given nickname is a CA certificate.- Specified by:
isCACert
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
fullNickname
- nickname of the certificate to check- Returns:
- true if it is a CA certificate
- Throws:
EBaseException
- failed to check
-
getExtensions
public org.mozilla.jss.netscape.security.x509.CertificateExtensions getExtensions(java.lang.String tokenname, java.lang.String nickname) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves extensions of the certificate that is identified by the given nickname.- Specified by:
getExtensions
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
tokenname
- name of token where the nickname is validnickname
- nickname of the certificate- Returns:
- certificate extensions
- Throws:
EBaseException
- failed to get extensions
-
checkCertificateExt
public void checkCertificateExt(java.lang.String ext) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Checks if the given base-64 encoded string contains an extension or a sequence of extensions.- Specified by:
checkCertificateExt
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
ext
- extension or sequence of extension encoded in base-64- Throws:
EBaseException
- failed to check encoding
-
checkKeyLength
public void checkKeyLength(java.lang.String keyType, int keyLength, java.lang.String certType, int minRSAKeyLen) throws EBaseException
- Throws:
EBaseException
-
getPQG
public org.mozilla.jss.crypto.PQGParams getPQG(int keysize)
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves PQG parameters based on key size.- Specified by:
getPQG
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
keysize
- key size- Returns:
- pqg parameters
-
getCAPQG
public org.mozilla.jss.crypto.PQGParams getCAPQG(int keysize, IConfigStore store) throws EBaseException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves PQG parameters based on key size.- Specified by:
getCAPQG
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
keysize
- key sizestore
- configuration store- Returns:
- pqg parameters
- Throws:
EBaseException
-
getCertExtensions
public org.mozilla.jss.netscape.security.x509.CertificateExtensions getCertExtensions(java.lang.String tokenname, java.lang.String nickname) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.crypto.TokenException, org.mozilla.jss.crypto.ObjectNotFoundException, java.io.IOException, java.security.cert.CertificateException
Description copied from interface:com.netscape.certsrv.security.ICryptoSubsystem
Retrieves extensions of the certificate that is identified by the given nickname.- Specified by:
getCertExtensions
in interfacecom.netscape.certsrv.security.ICryptoSubsystem
- Parameters:
tokenname
- token namenickname
- nickname- Returns:
- certificate extensions
- Throws:
org.mozilla.jss.NotInitializedException
org.mozilla.jss.crypto.TokenException
org.mozilla.jss.crypto.ObjectNotFoundException
java.io.IOException
java.security.cert.CertificateException
-
main
public static void main(java.lang.String[] args) throws java.lang.Exception
- Throws:
java.lang.Exception
-
-