Class JssSubsystem

  • All Implemented Interfaces:
    ISubsystem, com.netscape.certsrv.security.ICryptoSubsystem

    public final class JssSubsystem
    extends java.lang.Object
    implements com.netscape.certsrv.security.ICryptoSubsystem
    Subsystem for initializing JSS>

    Version:
    $Revision$ $Date$
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String ID  
      static org.slf4j.Logger logger  
      protected IConfigStore mConfig  
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addEntropy​(int bits)
      Adds the specified number of bits of entropy from the system entropy generator to the RNG of the default PKCS#11 RNG token.
      void checkCertificateExt​(java.lang.String ext)
      Checks if the given base-64 encoded string contains an extension or a sequence of extensions.
      void checkKeyLength​(java.lang.String keyType, int keyLength, java.lang.String certType, int minRSAKeyLen)  
      void deleteCACert​(java.lang.String nickname, java.lang.String notAfterTime)
      Delete the CA certificate from the perm database.
      void deleteCert​(java.lang.String nickname, java.lang.String notAfterTime)
      Delete any certificate from the any token.
      void deleteRootCert​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername)  
      void deleteTokenCertificate​(java.lang.String nickname, java.lang.String pathname)
      Deletes certificate of the given nickname.
      void deleteUserCert​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername)  
      org.mozilla.jss.netscape.security.x509.AlgorithmId getAlgorithmId​(java.lang.String algname, IConfigStore store)
      Retrieves CA's signing algorithm id.
      java.lang.String getAllCerts()
      Retrieves a list of nicknames of certificates that are in the installed tokens.
      com.netscape.certsrv.common.NameValuePairs getAllCertsManage()
      Gets all certificates on all tokens for Certificate Database Management.
      com.netscape.certsrv.common.NameValuePairs getCACerts()
      Gets all CA certificates on all tokens.
      org.mozilla.jss.crypto.PQGParams getCAPQG​(int keysize, IConfigStore store)
      Retrieves PQG parameters based on key size.
      org.mozilla.jss.netscape.security.x509.CertificateExtensions getCertExtensions​(java.lang.String tokenname, java.lang.String nickname)
      Retrieves extensions of the certificate that is identified by the given nickname.
      org.mozilla.jss.crypto.X509Certificate getCertificate​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName)  
      com.netscape.certsrv.common.NameValuePairs getCertInfo​(java.lang.String b64E)  
      java.lang.String getCertList​(java.lang.String name)  
      java.lang.String getCertListWithoutTokenName​(java.lang.String name)
      Retrieves all certificates.
      java.lang.String getCertPrettyPrint​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName, java.util.Locale locale)  
      java.lang.String getCertPrettyPrint​(java.lang.String nickname, java.lang.String date, java.util.Locale locale)
      Retrieves certificate in pretty-print format by the nickname.
      java.lang.String getCertPrettyPrint​(java.lang.String b64E, java.util.Locale locale)
      Retrieves the certificate in the pretty print format.
      java.lang.String getCertPrettyPrintAndFingerPrint​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName, java.util.Locale locale)  
      java.lang.String getCertRequest​(java.lang.String subjectName, java.security.KeyPair kp)
      Generates certificate request from the given key pair.
      java.lang.String getCertSubjectName​(java.lang.String tokenname, java.lang.String nickname)
      Retrieves subject name of the certificate that is identified by the given nickname.
      java.lang.String getCipherPreferences()
      Retrieves the cipher preferences.
      java.lang.String getCipherVersion()
      Retrieves the SSL cipher version.
      IConfigStore getConfigStore()
      Retrieves a configuration store of this subsystem.
      java.security.KeyPair getECCKeyPair​(com.netscape.certsrv.security.KeyCertData properties)
      Generates an ECC key pair based on the given parameters.
      java.security.KeyPair getECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token, java.lang.String keyCurve, java.lang.String certType)
      Generates an ECC key pair based on the given parameters.
      java.lang.String getECType​(java.lang.String certType)  
      org.mozilla.jss.netscape.security.x509.CertificateExtensions getExtensions​(java.lang.String tokenname, java.lang.String nickname)
      Retrieves extensions of the certificate that is identified by the given nickname.
      java.lang.String getId()
      Retrieves the name of this subsystem.
      static JssSubsystem getInstance()  
      java.lang.String getInternalTokenName()
      Retrieves the token name of the internal (software) token.
      java.security.KeyPair getKeyPair​(com.netscape.certsrv.security.KeyCertData properties)
      Generates a key pair based on the given parameters.
      java.security.KeyPair getKeyPair​(java.lang.String nickname)
      Retrieves the key pair based on the given nickname.
      java.security.KeyPair getKeyPair​(org.mozilla.jss.crypto.CryptoToken token, java.lang.String alg, int keySize)
      Generates a key pair based on the given parameters.
      java.security.KeyPair getKeyPair​(org.mozilla.jss.crypto.CryptoToken token, java.lang.String alg, int keySize, org.mozilla.jss.crypto.PQGParams pqg)
      Generates a key pair based on the given parameters.
      org.mozilla.jss.crypto.PQGParams getPQG​(int keysize)
      Retrieves PQG parameters based on key size.
      java.security.SecureRandom getRandomNumberGenerator()  
      com.netscape.certsrv.common.NameValuePairs getRootCerts()  
      java.lang.String getRootCertTrustBit​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName)  
      java.lang.String getSignatureAlgorithm​(java.lang.String nickname)
      Retrieves the signature algorithm of the certificate named by the given nickname.
      org.mozilla.jss.netscape.security.x509.X509CertImpl getSignedCert​(com.netscape.certsrv.security.KeyCertData data, java.lang.String certType, java.security.PrivateKey priKey)
      Signs the certificate template into the given data and returns a signed certificate.
      java.lang.String getSubjectDN​(java.lang.String nickname)
      Retrieves the subject DN of the certificate identified by the nickname.
      java.lang.String getTokenList()
      Retrieves a list of currently registered token names.
      com.netscape.certsrv.common.NameValuePairs getUserCerts()  
      void importCert​(java.lang.String b64E, java.lang.String nickname, java.lang.String certType)
      Imports certificate into the server.
      void importCert​(org.mozilla.jss.netscape.security.x509.X509CertImpl signedCert, java.lang.String nickname, java.lang.String certType)
      Imports certificate into the server.
      void init​(IConfigStore config)
      Initializes the Jss security subsystem.
      boolean isCACert​(java.lang.String fullNickname)
      Checks to see if the certificate of the given nickname is a CA certificate.
      java.lang.String isCipherFortezza()
      Checks if fortezza is enabled.
      boolean isTokenLoggedIn​(java.lang.String name)
      Checks if the given token is logged in.
      void isX500DN​(java.lang.String dn)
      Checks if the given dn is a valid distinguished name.
      void loggedInToken​(java.lang.String tokenName, java.lang.String pwd)
      Logs into token.
      static void main​(java.lang.String[] args)  
      void obscureBytes​(byte[] memory)  
      void obscureBytes​(byte[] memory, java.lang.String method)  
      void obscureChars​(char[] memory)  
      void setCipherPreferences​(java.lang.String cipherPrefs)
      Sets the current SSL cipher preferences.
      void setId​(java.lang.String id)
      Sets specific to this subsystem.
      void setRootCertTrust​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName, java.lang.String trust)  
      void shutdown()
      Shutdowns this subsystem.
      void startup()
      Starts up this service.
      void trustCert​(java.lang.String nickname, java.lang.String date, java.lang.String trust)
      Trusts a certificate for all available purposes.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Method Detail

      • getId

        public java.lang.String getId()
        Description copied from interface: ISubsystem
        Retrieves the name of this subsystem.
        Specified by:
        getId in interface ISubsystem
        Returns:
        subsystem identifier
      • setId

        public void setId​(java.lang.String id)
                   throws EBaseException
        Description copied from interface: ISubsystem
        Sets specific to this subsystem.
        Specified by:
        setId in interface ISubsystem
        Parameters:
        id - subsystem identifier
        Throws:
        EBaseException - failed to set id
      • addEntropy

        public void addEntropy​(int bits)
                        throws org.mozilla.jss.util.NotImplementedException,
                               java.io.IOException,
                               org.mozilla.jss.crypto.TokenException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Adds the specified number of bits of entropy from the system entropy generator to the RNG of the default PKCS#11 RNG token. The default token is set using the modutil command. Note that the system entropy generator (usually /dev/random) will block until sufficient entropy is collected.
        Specified by:
        addEntropy in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        bits - number of bits of entropy
        Throws:
        org.mozilla.jss.util.NotImplementedException - If the Crypto device does not support adding entropy
        java.io.IOException - If there was a problem reading from the /dev/random
        org.mozilla.jss.crypto.TokenException - If there was some other problem with the Crypto device
      • getRandomNumberGenerator

        public java.security.SecureRandom getRandomNumberGenerator()
      • obscureBytes

        public void obscureBytes​(byte[] memory)
      • obscureBytes

        public void obscureBytes​(byte[] memory,
                                 java.lang.String method)
      • obscureChars

        public void obscureChars​(char[] memory)
      • getCipherVersion

        public java.lang.String getCipherVersion()
                                          throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves the SSL cipher version.
        Specified by:
        getCipherVersion in interface com.netscape.certsrv.security.ICryptoSubsystem
        Returns:
        cipher version (i.e. "cipherdomestic")
        Throws:
        EBaseException
      • getCipherPreferences

        public java.lang.String getCipherPreferences()
                                              throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves the cipher preferences.
        Specified by:
        getCipherPreferences in interface com.netscape.certsrv.security.ICryptoSubsystem
        Returns:
        cipher preferences (i.e. "rc4export,rc2export,...")
        Throws:
        EBaseException
      • isCipherFortezza

        public java.lang.String isCipherFortezza()
                                          throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Checks if fortezza is enabled.
        Specified by:
        isCipherFortezza in interface com.netscape.certsrv.security.ICryptoSubsystem
        Returns:
        "true" if fortezza is enabled
        Throws:
        EBaseException
      • setCipherPreferences

        public void setCipherPreferences​(java.lang.String cipherPrefs)
                                  throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Sets the current SSL cipher preferences.
        Specified by:
        setCipherPreferences in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        cipherPrefs - cipher preferences (i.e. "rc4export,rc2export,...")
        Throws:
        EBaseException - failed to set cipher preferences
      • getConfigStore

        public IConfigStore getConfigStore()
        Retrieves a configuration store of this subsystem.

        Specified by:
        getConfigStore in interface ISubsystem
        Returns:
        configuration store of this subsystem
      • shutdown

        public void shutdown()
        Shutdowns this subsystem.

        Specified by:
        shutdown in interface ISubsystem
      • getInternalTokenName

        public java.lang.String getInternalTokenName()
                                              throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves the token name of the internal (software) token.
        Specified by:
        getInternalTokenName in interface com.netscape.certsrv.security.ICryptoSubsystem
        Returns:
        the token name
        Throws:
        EBaseException - failed to retrieve token name
      • getTokenList

        public java.lang.String getTokenList()
                                      throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves a list of currently registered token names.
        Specified by:
        getTokenList in interface com.netscape.certsrv.security.ICryptoSubsystem
        Returns:
        list of token names
        Throws:
        EBaseException - failed to retrieve token list
      • isTokenLoggedIn

        public boolean isTokenLoggedIn​(java.lang.String name)
                                throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Checks if the given token is logged in.
        Specified by:
        isTokenLoggedIn in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        name - token name
        Returns:
        true if token is logged in
        Throws:
        EBaseException - failed to login
      • loggedInToken

        public void loggedInToken​(java.lang.String tokenName,
                                  java.lang.String pwd)
                           throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Logs into token.
        Specified by:
        loggedInToken in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        tokenName - name of the token
        pwd - token password
        Throws:
        EBaseException - failed to login
      • getCertSubjectName

        public java.lang.String getCertSubjectName​(java.lang.String tokenname,
                                                   java.lang.String nickname)
                                            throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves subject name of the certificate that is identified by the given nickname.
        Specified by:
        getCertSubjectName in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        tokenname - name of token where the nickname is valid
        nickname - nickname of the certificate
        Returns:
        subject name
        Throws:
        EBaseException - failed to get subject name
      • getAllCerts

        public java.lang.String getAllCerts()
                                     throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves a list of nicknames of certificates that are in the installed tokens.
        Specified by:
        getAllCerts in interface com.netscape.certsrv.security.ICryptoSubsystem
        Returns:
        a list of comma-separated nicknames
        Throws:
        EBaseException - failed to retrieve nicknames
      • getCertListWithoutTokenName

        public java.lang.String getCertListWithoutTokenName​(java.lang.String name)
                                                     throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves all certificates. The result list will not contain the token tag.
        Specified by:
        getCertListWithoutTokenName in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        name - token name
        Returns:
        list of certificates without token tag
        Throws:
        EBaseException - failed to retrieve
      • getAlgorithmId

        public org.mozilla.jss.netscape.security.x509.AlgorithmId getAlgorithmId​(java.lang.String algname,
                                                                                 IConfigStore store)
                                                                          throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves CA's signing algorithm id. If it is DSA algorithm, algorithm is constructed by reading the parameters ca.dsaP, ca.dsaQ, ca.dsaG.
        Specified by:
        getAlgorithmId in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        algname - DSA or RSA
        store - configuration store.
        Returns:
        algorithm id
        Throws:
        EBaseException - failed to retrieve algorithm id
      • getSignatureAlgorithm

        public java.lang.String getSignatureAlgorithm​(java.lang.String nickname)
                                               throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves the signature algorithm of the certificate named by the given nickname.
        Specified by:
        getSignatureAlgorithm in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        nickname - nickname of the certificate
        Returns:
        signature algorithm
        Throws:
        EBaseException - failed to retrieve signature
      • getKeyPair

        public java.security.KeyPair getKeyPair​(java.lang.String nickname)
                                         throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves the key pair based on the given nickname.
        Specified by:
        getKeyPair in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        nickname - nickname of the public key
        Throws:
        EBaseException - failed to retrieve key pair
      • getKeyPair

        public java.security.KeyPair getKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                                java.lang.String alg,
                                                int keySize)
                                         throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Generates a key pair based on the given parameters.
        Specified by:
        getKeyPair in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        token - token where key is generated
        alg - key algorithm
        keySize - key size
        Returns:
        key pair
        Throws:
        EBaseException - failed to generate key pair
      • getKeyPair

        public java.security.KeyPair getKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                                java.lang.String alg,
                                                int keySize,
                                                org.mozilla.jss.crypto.PQGParams pqg)
                                         throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Generates a key pair based on the given parameters.
        Specified by:
        getKeyPair in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        token - token where key is generated
        alg - key algorithm
        keySize - key size
        pqg - pqg parameters if DSA key, otherwise null
        Returns:
        key pair
        Throws:
        EBaseException - failed to generate key pair
      • isX500DN

        public void isX500DN​(java.lang.String dn)
                      throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Checks if the given dn is a valid distinguished name.
        Specified by:
        isX500DN in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        dn - distinguished name
        Throws:
        EBaseException - failed to check
      • getCertRequest

        public java.lang.String getCertRequest​(java.lang.String subjectName,
                                               java.security.KeyPair kp)
                                        throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Generates certificate request from the given key pair.
        Specified by:
        getCertRequest in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        subjectName - subject name to use in the request
        kp - key pair that contains public key material
        Returns:
        certificate request in base-64 encoded format
        Throws:
        EBaseException - failed to generate request
      • importCert

        public void importCert​(java.lang.String b64E,
                               java.lang.String nickname,
                               java.lang.String certType)
                        throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Imports certificate into the server.
        Specified by:
        importCert in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        b64E - certificate in mime-64 encoded format
        nickname - nickname for the importing certificate
        certType - certificate type
        Throws:
        EBaseException - failed to import certificate
      • getKeyPair

        public java.security.KeyPair getKeyPair​(com.netscape.certsrv.security.KeyCertData properties)
                                         throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Generates a key pair based on the given parameters.
        Specified by:
        getKeyPair in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        properties - key parameters
        Returns:
        key pair
        Throws:
        EBaseException - failed to generate key pair
      • getECCKeyPair

        public java.security.KeyPair getECCKeyPair​(com.netscape.certsrv.security.KeyCertData properties)
                                            throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Generates an ECC key pair based on the given parameters.
        Specified by:
        getECCKeyPair in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        properties - key parameters
        Returns:
        key pair
        Throws:
        EBaseException - failed to generate key pair
      • getECCKeyPair

        public java.security.KeyPair getECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                                   java.lang.String keyCurve,
                                                   java.lang.String certType)
                                            throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Generates an ECC key pair based on the given parameters.
        Specified by:
        getECCKeyPair in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        token - token name
        keyCurve - curve name
        certType - type of cert(sslserver etc..)
        Returns:
        key pair
        Throws:
        EBaseException - failed to generate key pair
      • importCert

        public void importCert​(org.mozilla.jss.netscape.security.x509.X509CertImpl signedCert,
                               java.lang.String nickname,
                               java.lang.String certType)
                        throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Imports certificate into the server.
        Specified by:
        importCert in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        signedCert - certificate
        nickname - nickname for the importing certificate
        certType - certificate type
        Throws:
        EBaseException - failed to import certificate
      • getCertInfo

        public com.netscape.certsrv.common.NameValuePairs getCertInfo​(java.lang.String b64E)
                                                               throws EBaseException
        Throws:
        EBaseException
      • deleteUserCert

        public void deleteUserCert​(java.lang.String nickname,
                                   java.lang.String serialno,
                                   java.lang.String issuername)
                            throws EBaseException
        Specified by:
        deleteUserCert in interface com.netscape.certsrv.security.ICryptoSubsystem
        Throws:
        EBaseException
      • deleteRootCert

        public void deleteRootCert​(java.lang.String nickname,
                                   java.lang.String serialno,
                                   java.lang.String issuername)
                            throws EBaseException
        Specified by:
        deleteRootCert in interface com.netscape.certsrv.security.ICryptoSubsystem
        Throws:
        EBaseException
      • getRootCerts

        public com.netscape.certsrv.common.NameValuePairs getRootCerts()
                                                                throws EBaseException
        Specified by:
        getRootCerts in interface com.netscape.certsrv.security.ICryptoSubsystem
        Throws:
        EBaseException
      • getUserCerts

        public com.netscape.certsrv.common.NameValuePairs getUserCerts()
                                                                throws EBaseException
        Specified by:
        getUserCerts in interface com.netscape.certsrv.security.ICryptoSubsystem
        Throws:
        EBaseException
      • getAllCertsManage

        public com.netscape.certsrv.common.NameValuePairs getAllCertsManage()
                                                                     throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Gets all certificates on all tokens for Certificate Database Management.
        Specified by:
        getAllCertsManage in interface com.netscape.certsrv.security.ICryptoSubsystem
        Returns:
        all certificates
        Throws:
        EBaseException - failed to retrieve certificates
      • getCACerts

        public com.netscape.certsrv.common.NameValuePairs getCACerts()
                                                              throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Gets all CA certificates on all tokens.
        Specified by:
        getCACerts in interface com.netscape.certsrv.security.ICryptoSubsystem
        Returns:
        all CA certificates
        Throws:
        EBaseException - failed to retrieve certificates
      • trustCert

        public void trustCert​(java.lang.String nickname,
                              java.lang.String date,
                              java.lang.String trust)
                       throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Trusts a certificate for all available purposes.
        Specified by:
        trustCert in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        nickname - nickname of the certificate
        date - certificate's not before
        trust - "Trust" or other
        Throws:
        EBaseException - failed to trust certificate
      • deleteCACert

        public void deleteCACert​(java.lang.String nickname,
                                 java.lang.String notAfterTime)
                          throws EBaseException
        Delete the CA certificate from the perm database.
        Parameters:
        nickname - The nickname of the CA certificate.
        notAfterTime - The notAfter of the certificate. It is possible to get multiple certificates under the same nickname. If one of the certificates match the notAfterTime, then the certificate will get deleted. The format of the notAfterTime has to be in "MMMMM dd, yyyy HH:mm:ss" format.
        Throws:
        EBaseException
      • deleteCert

        public void deleteCert​(java.lang.String nickname,
                               java.lang.String notAfterTime)
                        throws EBaseException
        Delete any certificate from the any token.
        Specified by:
        deleteCert in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        nickname - The nickname of the certificate.
        notAfterTime - The notAfter of the certificate. It is possible to get multiple certificates under the same nickname. If one of the certificates match the notAfterTime, then the certificate will get deleted. The format of the notAfterTime has to be in "MMMMM dd, yyyy HH:mm:ss" format.
        Throws:
        EBaseException - failed to delete certificate
      • deleteTokenCertificate

        public void deleteTokenCertificate​(java.lang.String nickname,
                                           java.lang.String pathname)
                                    throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Deletes certificate of the given nickname.
        Specified by:
        deleteTokenCertificate in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        nickname - nickname of the certificate
        pathname - path where a copy of the deleted certificate is stored
        Throws:
        EBaseException - failed to delete certificate
      • getSubjectDN

        public java.lang.String getSubjectDN​(java.lang.String nickname)
                                      throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves the subject DN of the certificate identified by the nickname.
        Specified by:
        getSubjectDN in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        nickname - nickname of the certificate
        Returns:
        subject distinguished name
        Throws:
        EBaseException - failed to retrieve subject DN
      • setRootCertTrust

        public void setRootCertTrust​(java.lang.String nickname,
                                     java.lang.String serialno,
                                     java.lang.String issuerName,
                                     java.lang.String trust)
                              throws EBaseException
        Specified by:
        setRootCertTrust in interface com.netscape.certsrv.security.ICryptoSubsystem
        Throws:
        EBaseException
      • getCertificate

        public org.mozilla.jss.crypto.X509Certificate getCertificate​(java.lang.String nickname,
                                                                     java.lang.String serialno,
                                                                     java.lang.String issuerName)
                                                              throws EBaseException
        Throws:
        EBaseException
      • getRootCertTrustBit

        public java.lang.String getRootCertTrustBit​(java.lang.String nickname,
                                                    java.lang.String serialno,
                                                    java.lang.String issuerName)
                                             throws EBaseException
        Specified by:
        getRootCertTrustBit in interface com.netscape.certsrv.security.ICryptoSubsystem
        Throws:
        EBaseException
      • getCertPrettyPrint

        public java.lang.String getCertPrettyPrint​(java.lang.String nickname,
                                                   java.lang.String serialno,
                                                   java.lang.String issuerName,
                                                   java.util.Locale locale)
                                            throws EBaseException
        Specified by:
        getCertPrettyPrint in interface com.netscape.certsrv.security.ICryptoSubsystem
        Throws:
        EBaseException
      • getCertPrettyPrintAndFingerPrint

        public java.lang.String getCertPrettyPrintAndFingerPrint​(java.lang.String nickname,
                                                                 java.lang.String serialno,
                                                                 java.lang.String issuerName,
                                                                 java.util.Locale locale)
                                                          throws EBaseException
        Specified by:
        getCertPrettyPrintAndFingerPrint in interface com.netscape.certsrv.security.ICryptoSubsystem
        Throws:
        EBaseException
      • getCertPrettyPrint

        public java.lang.String getCertPrettyPrint​(java.lang.String nickname,
                                                   java.lang.String date,
                                                   java.util.Locale locale)
                                            throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves certificate in pretty-print format by the nickname.
        Specified by:
        getCertPrettyPrint in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        nickname - nickname of certificate
        date - not after of the returned certificate must be date
        locale - user locale
        Returns:
        certificate in pretty-print format
        Throws:
        EBaseException - failed to retrieve certificate
      • getCertPrettyPrint

        public java.lang.String getCertPrettyPrint​(java.lang.String b64E,
                                                   java.util.Locale locale)
                                            throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves the certificate in the pretty print format.
        Specified by:
        getCertPrettyPrint in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        b64E - certificate in mime-64 encoded format
        locale - end user locale
        Returns:
        certificate in pretty-print format
        Throws:
        EBaseException - failed to retrieve certificate
      • getSignedCert

        public org.mozilla.jss.netscape.security.x509.X509CertImpl getSignedCert​(com.netscape.certsrv.security.KeyCertData data,
                                                                                 java.lang.String certType,
                                                                                 java.security.PrivateKey priKey)
                                                                          throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Signs the certificate template into the given data and returns a signed certificate.
        Specified by:
        getSignedCert in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        data - data that contains certificate template
        certType - certificate type
        priKey - CA signing key
        Returns:
        certificate
        Throws:
        EBaseException - failed to sign certificate template
      • isCACert

        public boolean isCACert​(java.lang.String fullNickname)
                         throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Checks to see if the certificate of the given nickname is a CA certificate.
        Specified by:
        isCACert in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        fullNickname - nickname of the certificate to check
        Returns:
        true if it is a CA certificate
        Throws:
        EBaseException - failed to check
      • getExtensions

        public org.mozilla.jss.netscape.security.x509.CertificateExtensions getExtensions​(java.lang.String tokenname,
                                                                                          java.lang.String nickname)
                                                                                   throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves extensions of the certificate that is identified by the given nickname.
        Specified by:
        getExtensions in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        tokenname - name of token where the nickname is valid
        nickname - nickname of the certificate
        Returns:
        certificate extensions
        Throws:
        EBaseException - failed to get extensions
      • checkCertificateExt

        public void checkCertificateExt​(java.lang.String ext)
                                 throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Checks if the given base-64 encoded string contains an extension or a sequence of extensions.
        Specified by:
        checkCertificateExt in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        ext - extension or sequence of extension encoded in base-64
        Throws:
        EBaseException - failed to check encoding
      • checkKeyLength

        public void checkKeyLength​(java.lang.String keyType,
                                   int keyLength,
                                   java.lang.String certType,
                                   int minRSAKeyLen)
                            throws EBaseException
        Throws:
        EBaseException
      • getPQG

        public org.mozilla.jss.crypto.PQGParams getPQG​(int keysize)
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves PQG parameters based on key size.
        Specified by:
        getPQG in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        keysize - key size
        Returns:
        pqg parameters
      • getCAPQG

        public org.mozilla.jss.crypto.PQGParams getCAPQG​(int keysize,
                                                         IConfigStore store)
                                                  throws EBaseException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves PQG parameters based on key size.
        Specified by:
        getCAPQG in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        keysize - key size
        store - configuration store
        Returns:
        pqg parameters
        Throws:
        EBaseException
      • getCertExtensions

        public org.mozilla.jss.netscape.security.x509.CertificateExtensions getCertExtensions​(java.lang.String tokenname,
                                                                                              java.lang.String nickname)
                                                                                       throws org.mozilla.jss.NotInitializedException,
                                                                                              org.mozilla.jss.crypto.TokenException,
                                                                                              org.mozilla.jss.crypto.ObjectNotFoundException,
                                                                                              java.io.IOException,
                                                                                              java.security.cert.CertificateException
        Description copied from interface: com.netscape.certsrv.security.ICryptoSubsystem
        Retrieves extensions of the certificate that is identified by the given nickname.
        Specified by:
        getCertExtensions in interface com.netscape.certsrv.security.ICryptoSubsystem
        Parameters:
        tokenname - token name
        nickname - nickname
        Returns:
        certificate extensions
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.crypto.TokenException
        org.mozilla.jss.crypto.ObjectNotFoundException
        java.io.IOException
        java.security.cert.CertificateException
      • main

        public static void main​(java.lang.String[] args)
                         throws java.lang.Exception
        Throws:
        java.lang.Exception