Package com.netscape.certsrv.security
Interface ICryptoSubsystem
- All Known Implementing Classes:
JssSubsystem
public interface ICryptoSubsystem
This interface represents the cryptographics subsystem
that provides all the security related functions.
- Version:
- $Revision$, $Date$
-
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionvoid
addEntropy
(int bits) Adds the specified number of bits of entropy from the system entropy generator to the RNG of the default PKCS#11 RNG token.void
Checks if the given base-64 encoded string contains an extension or a sequence of extensions.void
deleteCert
(String nickname, String notAfterTime) Delete certificate of the given nickname.void
deleteRootCert
(String nickname, String serialno, String issuername) void
deleteTokenCertificate
(String nickname, String pathname) Deletes certificate of the given nickname.void
deleteUserCert
(String nickname, String serialno, String issuername) org.mozilla.jss.netscape.security.x509.AlgorithmId
getAlgorithmId
(String algname, ConfigStore store) Retrieves CA's signing algorithm id.Retrieves a list of nicknames of certificates that are in the installed tokens.Gets all certificates on all tokens for Certificate Database Management.Gets all CA certificates on all tokens.org.mozilla.jss.crypto.PQGParams
getCAPQG
(int keysize, ConfigStore store) Retrieves PQG parameters based on key size.org.mozilla.jss.netscape.security.x509.CertificateExtensions
getCertExtensions
(String tokenname, String nickname) Retrieves extensions of the certificate that is identified by the given nickname.Retrieves all certificates.getCertPrettyPrint
(String nickname, String serialno, String issuername, Locale locale) getCertPrettyPrint
(String nickname, String date, Locale locale) Retrieves certificate in pretty-print format by the nickname.getCertPrettyPrint
(String b64E, Locale locale) Retrieves the certificate in the pretty print format.getCertPrettyPrintAndFingerPrint
(String nickname, String serialno, String issuername, Locale locale) getCertRequest
(String subjectName, KeyPair kp) Generates certificate request from the given key pair.getCertSubjectName
(String tokenname, String nickname) Retrieves subject name of the certificate that is identified by the given nickname.Retrieves the cipher preferences.Retrieves the SSL cipher version.getECCKeyPair
(KeyCertData properties) Generates an ECC key pair based on the given parameters.getECCKeyPair
(org.mozilla.jss.crypto.CryptoToken token, String curveName, String certType) Generates an ECC key pair based on the given parameters.org.mozilla.jss.netscape.security.x509.CertificateExtensions
getExtensions
(String tokenname, String nickname) Retrieves extensions of the certificate that is identified by the given nickname.Retrieves the token name of the internal (software) token.getKeyPair
(KeyCertData properties) Generates a key pair based on the given parameters.getKeyPair
(String nickname) Retrieves the key pair based on the given nickname.getKeyPair
(org.mozilla.jss.crypto.CryptoToken token, String alg, int keySize) Generates a key pair based on the given parameters.getKeyPair
(org.mozilla.jss.crypto.CryptoToken token, String alg, int keySize, org.mozilla.jss.crypto.PQGParams pqg) Generates a key pair based on the given parameters.org.mozilla.jss.crypto.PQGParams
getPQG
(int keysize) Retrieves PQG parameters based on key size.getRootCertTrustBit
(String nickname, String serialno, String issuerName) getSignatureAlgorithm
(String nickname) Retrieves the signature algorithm of the certificate named by the given nickname.org.mozilla.jss.netscape.security.x509.X509CertImpl
getSignedCert
(KeyCertData data, String certType, PrivateKey priKey) Signs the certificate template into the given data and returns a signed certificate.getSubjectDN
(String nickname) Retrieves the subject DN of the certificate identified by the nickname.Retrieves a list of currently registered token names.void
importCert
(String b64E, String nickname, String certType) Imports certificate into the server.void
importCert
(org.mozilla.jss.netscape.security.x509.X509CertImpl signedCert, String nickname, String certType) Imports certificate into the server.boolean
Checks to see if the certificate of the given nickname is a CA certificate.Checks if fortezza is enabled.boolean
isTokenLoggedIn
(String name) Checks if the given token is logged in.void
Checks if the given dn is a valid distinguished name.void
loggedInToken
(String tokenName, String pwd) Logs into token.void
setCipherPreferences
(String cipherPrefs) Sets the current SSL cipher preferences.void
setRootCertTrust
(String nickname, String serialno, String issuername, String trust) void
Trusts a certificate for all available purposes.
-
Field Details
-
ID
- See Also:
-
-
Method Details
-
getAllCerts
Retrieves a list of nicknames of certificates that are in the installed tokens.- Returns:
- a list of comma-separated nicknames
- Throws:
EBaseException
- failed to retrieve nicknames
-
getCertPrettyPrint
Retrieves certificate in pretty-print format by the nickname.- Parameters:
nickname
- nickname of certificatedate
- not after of the returned certificate must be datelocale
- user locale- Returns:
- certificate in pretty-print format
- Throws:
EBaseException
- failed to retrieve certificate
-
getRootCertTrustBit
String getRootCertTrustBit(String nickname, String serialno, String issuerName) throws EBaseException - Throws:
EBaseException
-
getCertPrettyPrint
String getCertPrettyPrint(String nickname, String serialno, String issuername, Locale locale) throws EBaseException - Throws:
EBaseException
-
getCertPrettyPrintAndFingerPrint
String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, String issuername, Locale locale) throws EBaseException - Throws:
EBaseException
-
getCertPrettyPrint
Retrieves the certificate in the pretty print format.- Parameters:
b64E
- certificate in mime-64 encoded formatlocale
- end user locale- Returns:
- certificate in pretty-print format
- Throws:
EBaseException
- failed to retrieve certificate
-
importCert
Imports certificate into the server.- Parameters:
b64E
- certificate in mime-64 encoded formatnickname
- nickname for the importing certificatecertType
- certificate type- Throws:
EBaseException
- failed to import certificate
-
importCert
void importCert(org.mozilla.jss.netscape.security.x509.X509CertImpl signedCert, String nickname, String certType) throws EBaseException Imports certificate into the server.- Parameters:
signedCert
- certificatenickname
- nickname for the importing certificatecertType
- certificate type- Throws:
EBaseException
- failed to import certificate
-
getKeyPair
Generates a key pair based on the given parameters.- Parameters:
properties
- key parameters- Returns:
- key pair
- Throws:
EBaseException
- failed to generate key pair
-
getKeyPair
Retrieves the key pair based on the given nickname.- Parameters:
nickname
- nickname of the public key- Throws:
EBaseException
- failed to retrieve key pair
-
getKeyPair
KeyPair getKeyPair(org.mozilla.jss.crypto.CryptoToken token, String alg, int keySize) throws EBaseException Generates a key pair based on the given parameters.- Parameters:
token
- token where key is generatedalg
- key algorithmkeySize
- key size- Returns:
- key pair
- Throws:
EBaseException
- failed to generate key pair
-
getKeyPair
KeyPair getKeyPair(org.mozilla.jss.crypto.CryptoToken token, String alg, int keySize, org.mozilla.jss.crypto.PQGParams pqg) throws EBaseException Generates a key pair based on the given parameters.- Parameters:
token
- token where key is generatedalg
- key algorithmkeySize
- key sizepqg
- pqg parameters if DSA key, otherwise null- Returns:
- key pair
- Throws:
EBaseException
- failed to generate key pair
-
getECCKeyPair
Generates an ECC key pair based on the given parameters.- Parameters:
properties
- key parameters- Returns:
- key pair
- Throws:
EBaseException
- failed to generate key pair
-
getECCKeyPair
KeyPair getECCKeyPair(org.mozilla.jss.crypto.CryptoToken token, String curveName, String certType) throws EBaseException Generates an ECC key pair based on the given parameters.- Parameters:
token
- token namecurveName
- curve namecertType
- type of cert(sslserver etc..)- Returns:
- key pair
- Throws:
EBaseException
- failed to generate key pair
-
getSignatureAlgorithm
Retrieves the signature algorithm of the certificate named by the given nickname.- Parameters:
nickname
- nickname of the certificate- Returns:
- signature algorithm
- Throws:
EBaseException
- failed to retrieve signature
-
isX500DN
Checks if the given dn is a valid distinguished name.- Parameters:
dn
- distinguished name- Throws:
EBaseException
- failed to check
-
getAlgorithmId
org.mozilla.jss.netscape.security.x509.AlgorithmId getAlgorithmId(String algname, ConfigStore store) throws EBaseException Retrieves CA's signing algorithm id. If it is DSA algorithm, algorithm is constructed by reading the parameters ca.dsaP, ca.dsaQ, ca.dsaG.- Parameters:
algname
- DSA or RSAstore
- configuration store.- Returns:
- algorithm id
- Throws:
EBaseException
- failed to retrieve algorithm id
-
getCertSubjectName
Retrieves subject name of the certificate that is identified by the given nickname.- Parameters:
tokenname
- name of token where the nickname is validnickname
- nickname of the certificate- Returns:
- subject name
- Throws:
EBaseException
- failed to get subject name
-
getExtensions
org.mozilla.jss.netscape.security.x509.CertificateExtensions getExtensions(String tokenname, String nickname) throws EBaseException Retrieves extensions of the certificate that is identified by the given nickname.- Parameters:
tokenname
- name of token where the nickname is validnickname
- nickname of the certificate- Returns:
- certificate extensions
- Throws:
EBaseException
- failed to get extensions
-
deleteTokenCertificate
Deletes certificate of the given nickname.- Parameters:
nickname
- nickname of the certificatepathname
- path where a copy of the deleted certificate is stored- Throws:
EBaseException
- failed to delete certificate
-
deleteCert
Delete certificate of the given nickname.- Parameters:
nickname
- nickname of the certificatenotAfterTime
- The notAfter of the certificate. It is possible to ge t multiple certificates under the same nickname. If one of the certificates match the notAfterTime, then the certificate will get deleted. The format of the notAfterTime has to be in "MMMMM dd, yyyy HH:mm:ss" format.- Throws:
EBaseException
- failed to delete certificate
-
getSubjectDN
Retrieves the subject DN of the certificate identified by the nickname.- Parameters:
nickname
- nickname of the certificate- Returns:
- subject distinguished name
- Throws:
EBaseException
- failed to retrieve subject DN
-
trustCert
Trusts a certificate for all available purposes.- Parameters:
nickname
- nickname of the certificatedate
- certificate's not beforetrust
- "Trust" or other- Throws:
EBaseException
- failed to trust certificate
-
checkCertificateExt
Checks if the given base-64 encoded string contains an extension or a sequence of extensions.- Parameters:
ext
- extension or sequence of extension encoded in base-64- Throws:
EBaseException
- failed to check encoding
-
getAllCertsManage
Gets all certificates on all tokens for Certificate Database Management.- Returns:
- all certificates
- Throws:
EBaseException
- failed to retrieve certificates
-
getUserCerts
- Throws:
EBaseException
-
getCACerts
Gets all CA certificates on all tokens.- Returns:
- all CA certificates
- Throws:
EBaseException
- failed to retrieve certificates
-
getRootCerts
- Throws:
EBaseException
-
setRootCertTrust
void setRootCertTrust(String nickname, String serialno, String issuername, String trust) throws EBaseException - Throws:
EBaseException
-
deleteRootCert
- Throws:
EBaseException
-
deleteUserCert
- Throws:
EBaseException
-
getPQG
org.mozilla.jss.crypto.PQGParams getPQG(int keysize) Retrieves PQG parameters based on key size.- Parameters:
keysize
- key size- Returns:
- pqg parameters
-
getCAPQG
Retrieves PQG parameters based on key size.- Parameters:
keysize
- key sizestore
- configuration store- Returns:
- pqg parameters
- Throws:
EBaseException
-
getCertExtensions
org.mozilla.jss.netscape.security.x509.CertificateExtensions getCertExtensions(String tokenname, String nickname) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.crypto.TokenException, org.mozilla.jss.crypto.ObjectNotFoundException, IOException, CertificateException Retrieves extensions of the certificate that is identified by the given nickname.- Parameters:
tokenname
- token namenickname
- nickname- Returns:
- certificate extensions
- Throws:
org.mozilla.jss.NotInitializedException
org.mozilla.jss.crypto.TokenException
org.mozilla.jss.crypto.ObjectNotFoundException
IOException
CertificateException
-
isTokenLoggedIn
Checks if the given token is logged in.- Parameters:
name
- token name- Returns:
- true if token is logged in
- Throws:
EBaseException
- failed to login
-
loggedInToken
Logs into token.- Parameters:
tokenName
- name of the tokenpwd
- token password- Throws:
EBaseException
- failed to login
-
getCertRequest
Generates certificate request from the given key pair.- Parameters:
subjectName
- subject name to use in the requestkp
- key pair that contains public key material- Returns:
- certificate request in base-64 encoded format
- Throws:
EBaseException
- failed to generate request
-
isCipherFortezza
Checks if fortezza is enabled.- Returns:
- "true" if fortezza is enabled
- Throws:
EBaseException
-
getCipherVersion
Retrieves the SSL cipher version.- Returns:
- cipher version (i.e. "cipherdomestic")
- Throws:
EBaseException
-
getCipherPreferences
Retrieves the cipher preferences.- Returns:
- cipher preferences (i.e. "rc4export,rc2export,...")
- Throws:
EBaseException
-
setCipherPreferences
Sets the current SSL cipher preferences.- Parameters:
cipherPrefs
- cipher preferences (i.e. "rc4export,rc2export,...")- Throws:
EBaseException
- failed to set cipher preferences
-
getTokenList
Retrieves a list of currently registered token names.- Returns:
- list of token names
- Throws:
EBaseException
- failed to retrieve token list
-
getCertListWithoutTokenName
Retrieves all certificates. The result list will not contain the token tag.- Parameters:
name
- token name- Returns:
- list of certificates without token tag
- Throws:
EBaseException
- failed to retrieve
-
getInternalTokenName
Retrieves the token name of the internal (software) token.- Returns:
- the token name
- Throws:
EBaseException
- failed to retrieve token name
-
isCACert
Checks to see if the certificate of the given nickname is a CA certificate.- Parameters:
fullNickname
- nickname of the certificate to check- Returns:
- true if it is a CA certificate
- Throws:
EBaseException
- failed to check
-
addEntropy
void addEntropy(int bits) throws org.mozilla.jss.util.NotImplementedException, IOException, org.mozilla.jss.crypto.TokenException Adds the specified number of bits of entropy from the system entropy generator to the RNG of the default PKCS#11 RNG token. The default token is set using the modutil command. Note that the system entropy generator (usually /dev/random) will block until sufficient entropy is collected.- Parameters:
bits
- number of bits of entropy- Throws:
org.mozilla.jss.util.NotImplementedException
- If the Crypto device does not support adding entropyorg.mozilla.jss.crypto.TokenException
- If there was some other problem with the Crypto deviceIOException
- If there was a problem reading from the /dev/random
-
getSignedCert
org.mozilla.jss.netscape.security.x509.X509CertImpl getSignedCert(KeyCertData data, String certType, PrivateKey priKey) throws EBaseException Signs the certificate template into the given data and returns a signed certificate.- Parameters:
data
- data that contains certificate templatecertType
- certificate typepriKey
- CA signing key- Returns:
- certificate
- Throws:
EBaseException
- failed to sign certificate template
-