Field Detail

• ID

  static final java.lang.String ID

  See Also:

  Constant Field Values

Method Detail

• getAllCerts

  java.lang.String getAllCerts()
                        throws EBaseException

  Retrieves a list of nicknames of certificates that are in the installed tokens.

  Returns:

  a list of comma-separated nicknames

  Throws:

  EBaseException - failed to retrieve nicknames

• getCertPrettyPrint

  java.lang.String getCertPrettyPrint​(java.lang.String nickname,
                                      java.lang.String date,
                                      java.util.Locale locale)
                               throws EBaseException

  Retrieves certificate in pretty-print format by the nickname.

  Parameters:

  nickname - nickname of certificate

  date - not after of the returned certificate must be date

  locale - user locale

  Returns:

  certificate in pretty-print format

  Throws:

  EBaseException - failed to retrieve certificate

• getRootCertTrustBit

  java.lang.String getRootCertTrustBit​(java.lang.String nickname,
                                       java.lang.String serialno,
                                       java.lang.String issuerName)
                                throws EBaseException

  Throws:

  EBaseException

• getCertPrettyPrint

  java.lang.String getCertPrettyPrint​(java.lang.String nickname,
                                      java.lang.String serialno,
                                      java.lang.String issuername,
                                      java.util.Locale locale)
                               throws EBaseException

  Throws:

  EBaseException

• getCertPrettyPrintAndFingerPrint

  java.lang.String getCertPrettyPrintAndFingerPrint​(java.lang.String nickname,
                                                    java.lang.String serialno,
                                                    java.lang.String issuername,
                                                    java.util.Locale locale)
                                             throws EBaseException

  Throws:

  EBaseException

• getCertPrettyPrint

  java.lang.String getCertPrettyPrint​(java.lang.String b64E,
                                      java.util.Locale locale)
                               throws EBaseException

  Retrieves the certificate in the pretty print format.

  Parameters:

  b64E - certificate in mime-64 encoded format

  locale - end user locale

  Returns:

  certificate in pretty-print format

  Throws:

  EBaseException - failed to retrieve certificate

• importCert

  void importCert​(java.lang.String b64E,
                  java.lang.String nickname,
                  java.lang.String certType)
           throws EBaseException

  Imports certificate into the server.

  Parameters:

  b64E - certificate in mime-64 encoded format

  nickname - nickname for the importing certificate

  certType - certificate type

  Throws:

  EBaseException - failed to import certificate

• importCert

  void importCert​(org.mozilla.jss.netscape.security.x509.X509CertImpl signedCert,
                  java.lang.String nickname,
                  java.lang.String certType)
           throws EBaseException

  Imports certificate into the server.

  Parameters:

  signedCert - certificate

  nickname - nickname for the importing certificate

  certType - certificate type

  Throws:

  EBaseException - failed to import certificate

• getKeyPair

  java.security.KeyPair getKeyPair​(KeyCertData properties)
                            throws EBaseException

  Generates a key pair based on the given parameters.

  Parameters:

  properties - key parameters

  Returns:

  key pair

  Throws:

  EBaseException - failed to generate key pair

• getKeyPair

  java.security.KeyPair getKeyPair​(java.lang.String nickname)
                            throws EBaseException

  Retrieves the key pair based on the given nickname.

  Parameters:

  nickname - nickname of the public key

  Throws:

  EBaseException - failed to retrieve key pair

• getKeyPair

  java.security.KeyPair getKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                   java.lang.String alg,
                                   int keySize)
                            throws EBaseException

  Generates a key pair based on the given parameters.

  Parameters:

  token - token where key is generated

  alg - key algorithm

  keySize - key size

  Returns:

  key pair

  Throws:

  EBaseException - failed to generate key pair

• getKeyPair

  java.security.KeyPair getKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                   java.lang.String alg,
                                   int keySize,
                                   org.mozilla.jss.crypto.PQGParams pqg)
                            throws EBaseException

  Generates a key pair based on the given parameters.

  Parameters:

  token - token where key is generated

  alg - key algorithm

  keySize - key size

  pqg - pqg parameters if DSA key, otherwise null

  Returns:

  key pair

  Throws:

  EBaseException - failed to generate key pair

• getECCKeyPair

  java.security.KeyPair getECCKeyPair​(KeyCertData properties)
                               throws EBaseException

  Generates an ECC key pair based on the given parameters.

  Parameters:

  properties - key parameters

  Returns:

  key pair

  Throws:

  EBaseException - failed to generate key pair

• getECCKeyPair

  java.security.KeyPair getECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                      java.lang.String curveName,
                                      java.lang.String certType)
                               throws EBaseException

  Generates an ECC key pair based on the given parameters.

  Parameters:

  token - token name

  curveName - curve name

  certType - type of cert(sslserver etc..)

  Returns:

  key pair

  Throws:

  EBaseException - failed to generate key pair

• getSignatureAlgorithm

  java.lang.String getSignatureAlgorithm​(java.lang.String nickname)
                                  throws EBaseException

  Retrieves the signature algorithm of the certificate named by the given nickname.

  Parameters:

  nickname - nickname of the certificate

  Returns:

  signature algorithm

  Throws:

  EBaseException - failed to retrieve signature

• isX500DN

  void isX500DN​(java.lang.String dn)
         throws EBaseException

  Checks if the given dn is a valid distinguished name.

  Parameters:

  dn - distinguished name

  Throws:

  EBaseException - failed to check

• getAlgorithmId

  org.mozilla.jss.netscape.security.x509.AlgorithmId getAlgorithmId​(java.lang.String algname,
                                                                    IConfigStore store)
                                                             throws EBaseException

  Retrieves CA's signing algorithm id. If it is DSA algorithm, algorithm is constructed by reading the parameters ca.dsaP, ca.dsaQ, ca.dsaG.

  Parameters:

  algname - DSA or RSA

  store - configuration store.

  Returns:

  algorithm id

  Throws:

  EBaseException - failed to retrieve algorithm id

• getCertSubjectName

  java.lang.String getCertSubjectName​(java.lang.String tokenname,
                                      java.lang.String nickname)
                               throws EBaseException

  Retrieves subject name of the certificate that is identified by the given nickname.

  Parameters:

  tokenname - name of token where the nickname is valid

  nickname - nickname of the certificate

  Returns:

  subject name

  Throws:

  EBaseException - failed to get subject name

• getExtensions

  org.mozilla.jss.netscape.security.x509.CertificateExtensions getExtensions​(java.lang.String tokenname,
                                                                             java.lang.String nickname)
                                                                      throws EBaseException

  Retrieves extensions of the certificate that is identified by the given nickname.

  Parameters:

  tokenname - name of token where the nickname is valid

  nickname - nickname of the certificate

  Returns:

  certificate extensions

  Throws:

  EBaseException - failed to get extensions

• deleteTokenCertificate

  void deleteTokenCertificate​(java.lang.String nickname,
                              java.lang.String pathname)
                       throws EBaseException

  Deletes certificate of the given nickname.

  Parameters:

  nickname - nickname of the certificate

  pathname - path where a copy of the deleted certificate is stored

  Throws:

  EBaseException - failed to delete certificate

• deleteCert

  void deleteCert​(java.lang.String nickname,
                  java.lang.String notAfterTime)
           throws EBaseException

  Delete certificate of the given nickname.

  Parameters:

  nickname - nickname of the certificate

  notAfterTime - The notAfter of the certificate. It is possible to ge t multiple certificates under the same nickname. If one of the certificates match the notAfterTime, then the certificate will get deleted. The format of the notAfterTime has to be in "MMMMM dd, yyyy HH:mm:ss" format.

  Throws:

  EBaseException - failed to delete certificate

• getSubjectDN

  java.lang.String getSubjectDN​(java.lang.String nickname)
                         throws EBaseException

  Retrieves the subject DN of the certificate identified by the nickname.

  Parameters:

  nickname - nickname of the certificate

  Returns:

  subject distinguished name

  Throws:

  EBaseException - failed to retrieve subject DN

• trustCert

  void trustCert​(java.lang.String nickname,
                 java.lang.String date,
                 java.lang.String trust)
          throws EBaseException

  Trusts a certificate for all available purposes.

  Parameters:

  nickname - nickname of the certificate

  date - certificate's not before

  trust - "Trust" or other

  Throws:

  EBaseException - failed to trust certificate

• checkCertificateExt

  void checkCertificateExt​(java.lang.String ext)
                    throws EBaseException

  Checks if the given base-64 encoded string contains an extension or a sequence of extensions.

  Parameters:

  ext - extension or sequence of extension encoded in base-64

  Throws:

  EBaseException - failed to check encoding

• getAllCertsManage

  NameValuePairs getAllCertsManage()
                            throws EBaseException

  Gets all certificates on all tokens for Certificate Database Management.

  Returns:

  all certificates

  Throws:

  EBaseException - failed to retrieve certificates

• getUserCerts

  NameValuePairs getUserCerts()
                       throws EBaseException

  Throws:

  EBaseException

• getCACerts

  NameValuePairs getCACerts()
                     throws EBaseException

  Gets all CA certificates on all tokens.

  Returns:

  all CA certificates

  Throws:

  EBaseException - failed to retrieve certificates

• getRootCerts

  NameValuePairs getRootCerts()
                       throws EBaseException

  Throws:

  EBaseException

• setRootCertTrust

  void setRootCertTrust​(java.lang.String nickname,
                        java.lang.String serialno,
                        java.lang.String issuername,
                        java.lang.String trust)
                 throws EBaseException

  Throws:

  EBaseException

• deleteRootCert

  void deleteRootCert​(java.lang.String nickname,
                      java.lang.String serialno,
                      java.lang.String issuername)
               throws EBaseException

  Throws:

  EBaseException

• deleteUserCert

  void deleteUserCert​(java.lang.String nickname,
                      java.lang.String serialno,
                      java.lang.String issuername)
               throws EBaseException

  Throws:

  EBaseException

• getPQG

  org.mozilla.jss.crypto.PQGParams getPQG​(int keysize)

  Retrieves PQG parameters based on key size.

  Parameters:

  keysize - key size

  Returns:

  pqg parameters

• getCAPQG

  org.mozilla.jss.crypto.PQGParams getCAPQG​(int keysize,
                                            IConfigStore store)
                                     throws EBaseException

  Retrieves PQG parameters based on key size.

  Parameters:

  keysize - key size

  store - configuration store

  Returns:

  pqg parameters

  Throws:

  EBaseException

• getCertExtensions

  org.mozilla.jss.netscape.security.x509.CertificateExtensions getCertExtensions​(java.lang.String tokenname,
                                                                                 java.lang.String nickname)
                                                                          throws org.mozilla.jss.NotInitializedException,
                                                                                 org.mozilla.jss.crypto.TokenException,
                                                                                 org.mozilla.jss.crypto.ObjectNotFoundException,
                                                                                 java.io.IOException,
                                                                                 java.security.cert.CertificateException

  Retrieves extensions of the certificate that is identified by the given nickname.

  Parameters:

  tokenname - token name

  nickname - nickname

  Returns:

  certificate extensions

  Throws:

  org.mozilla.jss.NotInitializedException

  org.mozilla.jss.crypto.TokenException

  org.mozilla.jss.crypto.ObjectNotFoundException

  java.io.IOException

  java.security.cert.CertificateException

• isTokenLoggedIn

  boolean isTokenLoggedIn​(java.lang.String name)
                   throws EBaseException

  Checks if the given token is logged in.

  Parameters:

  name - token name

  Returns:

  true if token is logged in

  Throws:

  EBaseException - failed to login

• loggedInToken

  void loggedInToken​(java.lang.String tokenName,
                     java.lang.String pwd)
              throws EBaseException

  Logs into token.

  Parameters:

  tokenName - name of the token

  pwd - token password

  Throws:

  EBaseException - failed to login

• getCertRequest

  java.lang.String getCertRequest​(java.lang.String subjectName,
                                  java.security.KeyPair kp)
                           throws EBaseException

  Generates certificate request from the given key pair.

  Parameters:

  subjectName - subject name to use in the request

  kp - key pair that contains public key material

  Returns:

  certificate request in base-64 encoded format

  Throws:

  EBaseException - failed to generate request

• isCipherFortezza

  java.lang.String isCipherFortezza()
                             throws EBaseException

  Checks if fortezza is enabled.

  Returns:

  "true" if fortezza is enabled

  Throws:

  EBaseException

• getCipherVersion

  java.lang.String getCipherVersion()
                             throws EBaseException

  Retrieves the SSL cipher version.

  Returns:

  cipher version (i.e. "cipherdomestic")

  Throws:

  EBaseException

• getCipherPreferences

  java.lang.String getCipherPreferences()
                                 throws EBaseException

  Retrieves the cipher preferences.

  Returns:

  cipher preferences (i.e. "rc4export,rc2export,...")

  Throws:

  EBaseException

• setCipherPreferences

  void setCipherPreferences​(java.lang.String cipherPrefs)
                     throws EBaseException

  Sets the current SSL cipher preferences.

  Parameters:

  cipherPrefs - cipher preferences (i.e. "rc4export,rc2export,...")

  Throws:

  EBaseException - failed to set cipher preferences

• getTokenList

  java.lang.String getTokenList()
                         throws EBaseException

  Retrieves a list of currently registered token names.

  Returns:

  list of token names

  Throws:

  EBaseException - failed to retrieve token list

• getCertListWithoutTokenName

  java.lang.String getCertListWithoutTokenName​(java.lang.String name)
                                        throws EBaseException

  Retrieves all certificates. The result list will not contain the token tag.

  Parameters:

  name - token name

  Returns:

  list of certificates without token tag

  Throws:

  EBaseException - failed to retrieve

• getInternalTokenName

  java.lang.String getInternalTokenName()
                                 throws EBaseException

  Retrieves the token name of the internal (software) token.

  Returns:

  the token name

  Throws:

  EBaseException - failed to retrieve token name

• isCACert

  boolean isCACert​(java.lang.String fullNickname)
            throws EBaseException

  Checks to see if the certificate of the given nickname is a CA certificate.

  Parameters:

  fullNickname - nickname of the certificate to check

  Returns:

  true if it is a CA certificate

  Throws:

  EBaseException - failed to check

• addEntropy

  void addEntropy​(int bits)
           throws org.mozilla.jss.util.NotImplementedException,
                  java.io.IOException,
                  org.mozilla.jss.crypto.TokenException

  Adds the specified number of bits of entropy from the system entropy generator to the RNG of the default PKCS#11 RNG token. The default token is set using the modutil command. Note that the system entropy generator (usually /dev/random) will block until sufficient entropy is collected.

  Parameters:

  bits - number of bits of entropy

  Throws:

  org.mozilla.jss.util.NotImplementedException - If the Crypto device does not support adding entropy

  org.mozilla.jss.crypto.TokenException - If there was some other problem with the Crypto device

  java.io.IOException - If there was a problem reading from the /dev/random

• getSignedCert

  org.mozilla.jss.netscape.security.x509.X509CertImpl getSignedCert​(KeyCertData data,
                                                                    java.lang.String certType,
                                                                    java.security.PrivateKey priKey)
                                                             throws EBaseException

  Signs the certificate template into the given data and returns a signed certificate.

  Parameters:

  data - data that contains certificate template

  certType - certificate type

  priKey - CA signing key

  Returns:

  certificate

  Throws:

  EBaseException - failed to sign certificate template