Interface ICryptoSubsystem

  • All Superinterfaces:
    ISubsystem

    public interface ICryptoSubsystem
    extends ISubsystem
    This interface represents the cryptographics subsystem that provides all the security related functions.
    Version:
    $Revision$, $Date$
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String ID  
    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      void addEntropy​(int bits)
      Adds the specified number of bits of entropy from the system entropy generator to the RNG of the default PKCS#11 RNG token.
      void checkCertificateExt​(java.lang.String ext)
      Checks if the given base-64 encoded string contains an extension or a sequence of extensions.
      void deleteCert​(java.lang.String nickname, java.lang.String notAfterTime)
      Delete certificate of the given nickname.
      void deleteRootCert​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername)  
      void deleteTokenCertificate​(java.lang.String nickname, java.lang.String pathname)
      Deletes certificate of the given nickname.
      void deleteUserCert​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername)  
      AlgorithmId getAlgorithmId​(java.lang.String algname, IConfigStore store)
      Retrieves CA's signing algorithm id.
      java.lang.String getAllCerts()
      Retrieves a list of nicknames of certificates that are in the installed tokens.
      NameValuePairs getAllCertsManage()
      Gets all certificates on all tokens for Certificate Database Management.
      NameValuePairs getCACerts()
      Gets all CA certificates on all tokens.
      org.mozilla.jss.crypto.PQGParams getCAPQG​(int keysize, IConfigStore store)
      Retrieves PQG parameters based on key size.
      CertificateExtensions getCertExtensions​(java.lang.String tokenname, java.lang.String nickname)
      Retrieves extensions of the certificate that is identified by the given nickname.
      java.lang.String getCertListWithoutTokenName​(java.lang.String name)
      Retrieves all certificates.
      java.lang.String getCertPrettyPrint​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername, java.util.Locale locale)  
      java.lang.String getCertPrettyPrint​(java.lang.String nickname, java.lang.String date, java.util.Locale locale)
      Retrieves certificate in pretty-print format by the nickname.
      java.lang.String getCertPrettyPrint​(java.lang.String b64E, java.util.Locale locale)
      Retrieves the certificate in the pretty print format.
      java.lang.String getCertPrettyPrintAndFingerPrint​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername, java.util.Locale locale)  
      java.lang.String getCertRequest​(java.lang.String subjectName, java.security.KeyPair kp)
      Generates certificate request from the given key pair.
      java.lang.String getCertSubjectName​(java.lang.String tokenname, java.lang.String nickname)
      Retrieves subject name of the certificate that is identified by the given nickname.
      java.lang.String getCipherPreferences()
      Retrieves the cipher preferences.
      java.lang.String getCipherVersion()
      Retrieves the SSL cipher version.
      java.security.KeyPair getECCKeyPair​(KeyCertData properties)
      Generates an ECC key pair based on the given parameters.
      java.security.KeyPair getECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token, java.lang.String curveName, java.lang.String certType)
      Generates an ECC key pair based on the given parameters.
      CertificateExtensions getExtensions​(java.lang.String tokenname, java.lang.String nickname)
      Retrieves extensions of the certificate that is identified by the given nickname.
      java.lang.String getInternalTokenName()
      Retrieves the token name of the internal (software) token.
      java.security.KeyPair getKeyPair​(KeyCertData properties)
      Generates a key pair based on the given parameters.
      java.security.KeyPair getKeyPair​(java.lang.String nickname)
      Retrieves the key pair based on the given nickname.
      java.security.KeyPair getKeyPair​(org.mozilla.jss.crypto.CryptoToken token, java.lang.String alg, int keySize)
      Generates a key pair based on the given parameters.
      java.security.KeyPair getKeyPair​(org.mozilla.jss.crypto.CryptoToken token, java.lang.String alg, int keySize, org.mozilla.jss.crypto.PQGParams pqg)
      Generates a key pair based on the given parameters.
      org.mozilla.jss.crypto.PQGParams getPQG​(int keysize)
      Retrieves PQG parameters based on key size.
      NameValuePairs getRootCerts()  
      java.lang.String getRootCertTrustBit​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName)  
      java.lang.String getSignatureAlgorithm​(java.lang.String nickname)
      Retrieves the signature algorithm of the certificate named by the given nickname.
      X509CertImpl getSignedCert​(KeyCertData data, java.lang.String certType, java.security.PrivateKey priKey)
      Signs the certificate template into the given data and returns a signed certificate.
      java.lang.String getSubjectDN​(java.lang.String nickname)
      Retrieves the subject DN of the certificate identified by the nickname.
      java.lang.String getTokenList()
      Retrieves a list of currently registered token names.
      NameValuePairs getUserCerts()  
      void importCert​(java.lang.String b64E, java.lang.String nickname, java.lang.String certType)
      Imports certificate into the server.
      void importCert​(X509CertImpl signedCert, java.lang.String nickname, java.lang.String certType)
      Imports certificate into the server.
      boolean isCACert​(java.lang.String fullNickname)
      Checks to see if the certificate of the given nickname is a CA certificate.
      java.lang.String isCipherFortezza()
      Checks if fortezza is enabled.
      boolean isTokenLoggedIn​(java.lang.String name)
      Checks if the given token is logged in.
      void isX500DN​(java.lang.String dn)
      Checks if the given dn is a valid distinguished name.
      void loggedInToken​(java.lang.String tokenName, java.lang.String pwd)
      Logs into token.
      void setCipherPreferences​(java.lang.String cipherPrefs)
      Sets the current SSL cipher preferences.
      void setRootCertTrust​(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername, java.lang.String trust)  
      void trustCert​(java.lang.String nickname, java.lang.String date, java.lang.String trust)
      Trusts a certificate for all available purposes.
    • Method Detail

      • getAllCerts

        java.lang.String getAllCerts()
                              throws EBaseException
        Retrieves a list of nicknames of certificates that are in the installed tokens.
        Returns:
        a list of comma-separated nicknames
        Throws:
        EBaseException - failed to retrieve nicknames
      • getCertPrettyPrint

        java.lang.String getCertPrettyPrint​(java.lang.String nickname,
                                            java.lang.String date,
                                            java.util.Locale locale)
                                     throws EBaseException
        Retrieves certificate in pretty-print format by the nickname.
        Parameters:
        nickname - nickname of certificate
        date - not after of the returned certificate must be date
        locale - user locale
        Returns:
        certificate in pretty-print format
        Throws:
        EBaseException - failed to retrieve certificate
      • getRootCertTrustBit

        java.lang.String getRootCertTrustBit​(java.lang.String nickname,
                                             java.lang.String serialno,
                                             java.lang.String issuerName)
                                      throws EBaseException
        Throws:
        EBaseException
      • getCertPrettyPrint

        java.lang.String getCertPrettyPrint​(java.lang.String nickname,
                                            java.lang.String serialno,
                                            java.lang.String issuername,
                                            java.util.Locale locale)
                                     throws EBaseException
        Throws:
        EBaseException
      • getCertPrettyPrintAndFingerPrint

        java.lang.String getCertPrettyPrintAndFingerPrint​(java.lang.String nickname,
                                                          java.lang.String serialno,
                                                          java.lang.String issuername,
                                                          java.util.Locale locale)
                                                   throws EBaseException
        Throws:
        EBaseException
      • getCertPrettyPrint

        java.lang.String getCertPrettyPrint​(java.lang.String b64E,
                                            java.util.Locale locale)
                                     throws EBaseException
        Retrieves the certificate in the pretty print format.
        Parameters:
        b64E - certificate in mime-64 encoded format
        locale - end user locale
        Returns:
        certificate in pretty-print format
        Throws:
        EBaseException - failed to retrieve certificate
      • importCert

        void importCert​(java.lang.String b64E,
                        java.lang.String nickname,
                        java.lang.String certType)
                 throws EBaseException
        Imports certificate into the server.
        Parameters:
        b64E - certificate in mime-64 encoded format
        nickname - nickname for the importing certificate
        certType - certificate type
        Throws:
        EBaseException - failed to import certificate
      • importCert

        void importCert​(X509CertImpl signedCert,
                        java.lang.String nickname,
                        java.lang.String certType)
                 throws EBaseException
        Imports certificate into the server.
        Parameters:
        signedCert - certificate
        nickname - nickname for the importing certificate
        certType - certificate type
        Throws:
        EBaseException - failed to import certificate
      • getKeyPair

        java.security.KeyPair getKeyPair​(KeyCertData properties)
                                  throws EBaseException
        Generates a key pair based on the given parameters.
        Parameters:
        properties - key parameters
        Returns:
        key pair
        Throws:
        EBaseException - failed to generate key pair
      • getKeyPair

        java.security.KeyPair getKeyPair​(java.lang.String nickname)
                                  throws EBaseException
        Retrieves the key pair based on the given nickname.
        Parameters:
        nickname - nickname of the public key
        Throws:
        EBaseException - failed to retrieve key pair
      • getKeyPair

        java.security.KeyPair getKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                         java.lang.String alg,
                                         int keySize)
                                  throws EBaseException
        Generates a key pair based on the given parameters.
        Parameters:
        token - token where key is generated
        alg - key algorithm
        keySize - key size
        Returns:
        key pair
        Throws:
        EBaseException - failed to generate key pair
      • getKeyPair

        java.security.KeyPair getKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                         java.lang.String alg,
                                         int keySize,
                                         org.mozilla.jss.crypto.PQGParams pqg)
                                  throws EBaseException
        Generates a key pair based on the given parameters.
        Parameters:
        token - token where key is generated
        alg - key algorithm
        keySize - key size
        pqg - pqg parameters if DSA key, otherwise null
        Returns:
        key pair
        Throws:
        EBaseException - failed to generate key pair
      • getECCKeyPair

        java.security.KeyPair getECCKeyPair​(KeyCertData properties)
                                     throws EBaseException
        Generates an ECC key pair based on the given parameters.
        Parameters:
        properties - key parameters
        Returns:
        key pair
        Throws:
        EBaseException - failed to generate key pair
      • getECCKeyPair

        java.security.KeyPair getECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                            java.lang.String curveName,
                                            java.lang.String certType)
                                     throws EBaseException
        Generates an ECC key pair based on the given parameters.
        Parameters:
        token - token name
        curveName - curve name
        certType - type of cert(sslserver etc..)
        Returns:
        key pair
        Throws:
        EBaseException - failed to generate key pair
      • getSignatureAlgorithm

        java.lang.String getSignatureAlgorithm​(java.lang.String nickname)
                                        throws EBaseException
        Retrieves the signature algorithm of the certificate named by the given nickname.
        Parameters:
        nickname - nickname of the certificate
        Returns:
        signature algorithm
        Throws:
        EBaseException - failed to retrieve signature
      • isX500DN

        void isX500DN​(java.lang.String dn)
               throws EBaseException
        Checks if the given dn is a valid distinguished name.
        Parameters:
        dn - distinguished name
        Throws:
        EBaseException - failed to check
      • getAlgorithmId

        AlgorithmId getAlgorithmId​(java.lang.String algname,
                                   IConfigStore store)
                            throws EBaseException
        Retrieves CA's signing algorithm id. If it is DSA algorithm, algorithm is constructed by reading the parameters ca.dsaP, ca.dsaQ, ca.dsaG.
        Parameters:
        algname - DSA or RSA
        store - configuration store.
        Returns:
        algorithm id
        Throws:
        EBaseException - failed to retrieve algorithm id
      • getCertSubjectName

        java.lang.String getCertSubjectName​(java.lang.String tokenname,
                                            java.lang.String nickname)
                                     throws EBaseException
        Retrieves subject name of the certificate that is identified by the given nickname.
        Parameters:
        tokenname - name of token where the nickname is valid
        nickname - nickname of the certificate
        Returns:
        subject name
        Throws:
        EBaseException - failed to get subject name
      • getExtensions

        CertificateExtensions getExtensions​(java.lang.String tokenname,
                                            java.lang.String nickname)
                                     throws EBaseException
        Retrieves extensions of the certificate that is identified by the given nickname.
        Parameters:
        tokenname - name of token where the nickname is valid
        nickname - nickname of the certificate
        Returns:
        certificate extensions
        Throws:
        EBaseException - failed to get extensions
      • deleteTokenCertificate

        void deleteTokenCertificate​(java.lang.String nickname,
                                    java.lang.String pathname)
                             throws EBaseException
        Deletes certificate of the given nickname.
        Parameters:
        nickname - nickname of the certificate
        pathname - path where a copy of the deleted certificate is stored
        Throws:
        EBaseException - failed to delete certificate
      • deleteCert

        void deleteCert​(java.lang.String nickname,
                        java.lang.String notAfterTime)
                 throws EBaseException
        Delete certificate of the given nickname.
        Parameters:
        nickname - nickname of the certificate
        notAfterTime - The notAfter of the certificate. It is possible to ge t multiple certificates under the same nickname. If one of the certificates match the notAfterTime, then the certificate will get deleted. The format of the notAfterTime has to be in "MMMMM dd, yyyy HH:mm:ss" format.
        Throws:
        EBaseException - failed to delete certificate
      • getSubjectDN

        java.lang.String getSubjectDN​(java.lang.String nickname)
                               throws EBaseException
        Retrieves the subject DN of the certificate identified by the nickname.
        Parameters:
        nickname - nickname of the certificate
        Returns:
        subject distinguished name
        Throws:
        EBaseException - failed to retrieve subject DN
      • trustCert

        void trustCert​(java.lang.String nickname,
                       java.lang.String date,
                       java.lang.String trust)
                throws EBaseException
        Trusts a certificate for all available purposes.
        Parameters:
        nickname - nickname of the certificate
        date - certificate's not before
        trust - "Trust" or other
        Throws:
        EBaseException - failed to trust certificate
      • checkCertificateExt

        void checkCertificateExt​(java.lang.String ext)
                          throws EBaseException
        Checks if the given base-64 encoded string contains an extension or a sequence of extensions.
        Parameters:
        ext - extension or sequence of extension encoded in base-64
        Throws:
        EBaseException - failed to check encoding
      • getAllCertsManage

        NameValuePairs getAllCertsManage()
                                  throws EBaseException
        Gets all certificates on all tokens for Certificate Database Management.
        Returns:
        all certificates
        Throws:
        EBaseException - failed to retrieve certificates
      • setRootCertTrust

        void setRootCertTrust​(java.lang.String nickname,
                              java.lang.String serialno,
                              java.lang.String issuername,
                              java.lang.String trust)
                       throws EBaseException
        Throws:
        EBaseException
      • deleteRootCert

        void deleteRootCert​(java.lang.String nickname,
                            java.lang.String serialno,
                            java.lang.String issuername)
                     throws EBaseException
        Throws:
        EBaseException
      • deleteUserCert

        void deleteUserCert​(java.lang.String nickname,
                            java.lang.String serialno,
                            java.lang.String issuername)
                     throws EBaseException
        Throws:
        EBaseException
      • getPQG

        org.mozilla.jss.crypto.PQGParams getPQG​(int keysize)
        Retrieves PQG parameters based on key size.
        Parameters:
        keysize - key size
        Returns:
        pqg parameters
      • getCAPQG

        org.mozilla.jss.crypto.PQGParams getCAPQG​(int keysize,
                                                  IConfigStore store)
                                           throws EBaseException
        Retrieves PQG parameters based on key size.
        Parameters:
        keysize - key size
        store - configuration store
        Returns:
        pqg parameters
        Throws:
        EBaseException
      • getCertExtensions

        CertificateExtensions getCertExtensions​(java.lang.String tokenname,
                                                java.lang.String nickname)
                                         throws org.mozilla.jss.NotInitializedException,
                                                org.mozilla.jss.crypto.TokenException,
                                                org.mozilla.jss.crypto.ObjectNotFoundException,
                                                java.io.IOException,
                                                java.security.cert.CertificateException
        Retrieves extensions of the certificate that is identified by the given nickname.
        Parameters:
        tokenname - token name
        nickname - nickname
        Returns:
        certificate extensions
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.crypto.TokenException
        org.mozilla.jss.crypto.ObjectNotFoundException
        java.io.IOException
        java.security.cert.CertificateException
      • isTokenLoggedIn

        boolean isTokenLoggedIn​(java.lang.String name)
                         throws EBaseException
        Checks if the given token is logged in.
        Parameters:
        name - token name
        Returns:
        true if token is logged in
        Throws:
        EBaseException - failed to login
      • loggedInToken

        void loggedInToken​(java.lang.String tokenName,
                           java.lang.String pwd)
                    throws EBaseException
        Logs into token.
        Parameters:
        tokenName - name of the token
        pwd - token password
        Throws:
        EBaseException - failed to login
      • getCertRequest

        java.lang.String getCertRequest​(java.lang.String subjectName,
                                        java.security.KeyPair kp)
                                 throws EBaseException
        Generates certificate request from the given key pair.
        Parameters:
        subjectName - subject name to use in the request
        kp - key pair that contains public key material
        Returns:
        certificate request in base-64 encoded format
        Throws:
        EBaseException - failed to generate request
      • isCipherFortezza

        java.lang.String isCipherFortezza()
                                   throws EBaseException
        Checks if fortezza is enabled.
        Returns:
        "true" if fortezza is enabled
        Throws:
        EBaseException
      • getCipherVersion

        java.lang.String getCipherVersion()
                                   throws EBaseException
        Retrieves the SSL cipher version.
        Returns:
        cipher version (i.e. "cipherdomestic")
        Throws:
        EBaseException
      • getCipherPreferences

        java.lang.String getCipherPreferences()
                                       throws EBaseException
        Retrieves the cipher preferences.
        Returns:
        cipher preferences (i.e. "rc4export,rc2export,...")
        Throws:
        EBaseException
      • setCipherPreferences

        void setCipherPreferences​(java.lang.String cipherPrefs)
                           throws EBaseException
        Sets the current SSL cipher preferences.
        Parameters:
        cipherPrefs - cipher preferences (i.e. "rc4export,rc2export,...")
        Throws:
        EBaseException - failed to set cipher preferences
      • getTokenList

        java.lang.String getTokenList()
                               throws EBaseException
        Retrieves a list of currently registered token names.
        Returns:
        list of token names
        Throws:
        EBaseException - failed to retrieve token list
      • getCertListWithoutTokenName

        java.lang.String getCertListWithoutTokenName​(java.lang.String name)
                                              throws EBaseException
        Retrieves all certificates. The result list will not contain the token tag.
        Parameters:
        name - token name
        Returns:
        list of certificates without token tag
        Throws:
        EBaseException - failed to retrieve
      • getInternalTokenName

        java.lang.String getInternalTokenName()
                                       throws EBaseException
        Retrieves the token name of the internal (software) token.
        Returns:
        the token name
        Throws:
        EBaseException - failed to retrieve token name
      • isCACert

        boolean isCACert​(java.lang.String fullNickname)
                  throws EBaseException
        Checks to see if the certificate of the given nickname is a CA certificate.
        Parameters:
        fullNickname - nickname of the certificate to check
        Returns:
        true if it is a CA certificate
        Throws:
        EBaseException - failed to check
      • addEntropy

        void addEntropy​(int bits)
                 throws org.mozilla.jss.util.NotImplementedException,
                        java.io.IOException,
                        org.mozilla.jss.crypto.TokenException
        Adds the specified number of bits of entropy from the system entropy generator to the RNG of the default PKCS#11 RNG token. The default token is set using the modutil command. Note that the system entropy generator (usually /dev/random) will block until sufficient entropy is collected.
        Parameters:
        bits - number of bits of entropy
        Throws:
        org.mozilla.jss.util.NotImplementedException - If the Crypto device does not support adding entropy
        org.mozilla.jss.crypto.TokenException - If there was some other problem with the Crypto device
        java.io.IOException - If there was a problem reading from the /dev/random
      • getSignedCert

        X509CertImpl getSignedCert​(KeyCertData data,
                                   java.lang.String certType,
                                   java.security.PrivateKey priKey)
                            throws EBaseException
        Signs the certificate template into the given data and returns a signed certificate.
        Parameters:
        data - data that contains certificate template
        certType - certificate type
        priKey - CA signing key
        Returns:
        certificate
        Throws:
        EBaseException - failed to sign certificate template