java.lang.Object
- com.netscape.cmsutil.crypto.CryptoUtil

public class CryptoUtil
extends java.lang.Object

Field Summary

Fields
Modifier and Type	Field	Description
`static java.util.List<java.lang.Integer>`	`clientECCipherList`
`static java.lang.Integer[]`	`clientECCiphers`
`static java.lang.String`	`INTERNAL_TOKEN_FULL_NAME`
`static java.lang.String`	`INTERNAL_TOKEN_NAME`
`static int`	`KEY_ID_LENGTH`
`static int`	`LINE_COUNT`
`static org.mozilla.jss.asn1.OBJECT_IDENTIFIER`	`RSA_ENCRYPTION`

Constructor Summary

Constructors
Constructor Description

CryptoUtil()

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method	Description
`static boolean`	`arraysEqual(byte[] bytes, byte[] ints)`
`static byte[]`	`base64Decode(java.lang.String s)`
`static java.lang.String`	`base64Encode(byte[] bytes)`
`static java.lang.String`	`byte2string(byte[] id)`	Converts any length byte array into a signed, variable-length hexadecimal number.
`static char[]`	`bytesToChars(byte[] bytes)`
`static java.lang.String`	`certFormat(java.lang.String content)`
`static byte[]`	`charsToBytes(char[] chars)`
`static boolean`	`compare(byte[] src, byte[] dest)`	Compares 2 byte arrays to see if they are the same.
`static org.mozilla.jss.netscape.security.pkcs.PKCS10`	`createCertificationRequest(java.lang.String subjectName, java.security.KeyPair keyPair)`	Creates a PKCS#10 request.
`static org.mozilla.jss.netscape.security.pkcs.PKCS10`	`createCertificationRequest(java.lang.String subjectName, java.security.KeyPair keyPair, java.lang.String alg)`
`static org.mozilla.jss.netscape.security.pkcs.PKCS10`	`createCertificationRequest(java.lang.String subjectName, org.mozilla.jss.netscape.security.x509.X509Key pubk, java.security.PrivateKey prik, java.lang.String alg, org.mozilla.jss.netscape.security.x509.Extensions exts)`
`static org.mozilla.jss.crypto.SymmetricKey`	`createDes3SessionKeyOnInternal()`
`static byte[]`	`createEncodedPKIArchiveOptions(org.mozilla.jss.crypto.CryptoToken token, java.security.PublicKey wrappingKey, char[] data, org.mozilla.jss.netscape.security.util.WrappingParams params, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)`
`static byte[]`	`createEncodedPKIArchiveOptions(org.mozilla.jss.crypto.CryptoToken token, java.security.PublicKey wrappingKey, org.mozilla.jss.crypto.PrivateKey data, org.mozilla.jss.netscape.security.util.WrappingParams params, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)`
`static byte[]`	`createEncodedPKIArchiveOptions(org.mozilla.jss.crypto.CryptoToken token, java.security.PublicKey wrappingKey, org.mozilla.jss.crypto.SymmetricKey data, org.mozilla.jss.netscape.security.util.WrappingParams params, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)`
`static org.mozilla.jss.pkix.cms.EnvelopedData`	`createEnvelopedData(byte[] encContent, byte[] encSymKey)`	for CMC encryptedPOP
`static org.mozilla.jss.netscape.security.x509.KeyIdentifier`	`createKeyIdentifier(java.security.KeyPair keypair)`
`static org.mozilla.jss.util.Password`	`createPasswordFromBytes(byte[] bytes)`	Create a jss Password object from a provided byte array.
`static org.mozilla.jss.pkix.crmf.PKIArchiveOptions`	`createPKIArchiveOptions(byte[] session_data, byte[] key_data, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)`
`static org.mozilla.jss.pkix.crmf.PKIArchiveOptions`	`createPKIArchiveOptions(org.mozilla.jss.crypto.CryptoToken token, java.security.PublicKey wrappingKey, char[] data, org.mozilla.jss.netscape.security.util.WrappingParams params, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)`
`static org.mozilla.jss.pkix.crmf.PKIArchiveOptions`	`createPKIArchiveOptions(org.mozilla.jss.crypto.CryptoToken token, java.security.PublicKey wrappingKey, org.mozilla.jss.crypto.PrivateKey data, org.mozilla.jss.netscape.security.util.WrappingParams params, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)`
`static void`	`createSharedSecret(java.lang.String nickname)`
`static org.mozilla.jss.netscape.security.x509.X509CertInfo`	`createX509CertInfo(org.mozilla.jss.netscape.security.x509.X509Key x509key, java.math.BigInteger serialno, org.mozilla.jss.netscape.security.x509.CertificateIssuerName issuerName, java.lang.String subjname, java.util.Date notBefore, java.util.Date notAfter, java.lang.String alg)`	Creates a Certificate template.
`static org.mozilla.jss.netscape.security.x509.X509Key`	`createX509Key(java.security.PublicKey publicKey)`
`static byte[]`	`decodeKeyID(java.lang.String id)`	Converts NSS key ID from a signed, variable-length hexadecimal number into a 20 byte array, which will be identical to the original byte array.
`static byte[]`	`decryptUsingSymmetricKey(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.IVParameterSpec ivspec, byte[] encryptedData, org.mozilla.jss.crypto.SymmetricKey wrappingKey, org.mozilla.jss.crypto.EncryptionAlgorithm encryptionAlgorithm)`
`static void`	`deleteCertificates(java.lang.String nickname)`	Deletes all certificates by a nickname.
`static void`	`deletePrivateKey(org.mozilla.jss.crypto.PrivateKey prikey)`	Deletes a private key.
`static void`	`deleteSharedSecret(java.lang.String nickname)`
`static void`	`deleteUserCertificates(java.lang.String nickname)`	Deletes user certificates by a nickname.
`static java.lang.String`	`encodeKeyID(byte[] keyID)`	Converts NSS key ID from a 20 byte array into a signed, variable-length hexadecimal number (to maintain compatibility with byte2string()).
`static byte[]`	`encodePKIArchiveOptions(org.mozilla.jss.pkix.crmf.PKIArchiveOptions opts)`
`static byte[]`	`encryptSecret(org.mozilla.jss.crypto.CryptoToken token, byte[] secret, org.mozilla.jss.crypto.IVParameterSpec iv, org.mozilla.jss.crypto.SymmetricKey key, org.mozilla.jss.crypto.EncryptionAlgorithm algorithm)`
`static byte[]`	`encryptUsingSymmetricKey(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.SymmetricKey wrappingKey, byte[] data, org.mozilla.jss.crypto.EncryptionAlgorithm alg, org.mozilla.jss.crypto.IVParameterSpec ivspec)`
`static java.util.List<byte[]>`	`exportSharedSecret(java.lang.String nickname, java.security.cert.X509Certificate wrappingCert, org.mozilla.jss.crypto.SymmetricKey wrappingKey)`
`static org.mozilla.jss.crypto.PrivateKey`	`findPrivateKeyFromID(byte[] id)`	Retrieves a private key from a unique key ID.
`static java.security.KeyPair`	`generateECCKeyPair(org.mozilla.jss.crypto.CryptoToken token, int keysize)`	Generates an ecc key pair.
`static java.security.KeyPair`	`generateECCKeyPair(org.mozilla.jss.crypto.CryptoToken token, int keysize, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask)`
`static java.security.KeyPair`	`generateECCKeyPair(org.mozilla.jss.crypto.CryptoToken token, int keysize, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask, boolean temporary, int sensitive, int extractable)`
`static java.security.KeyPair`	`generateECCKeyPair(org.mozilla.jss.crypto.CryptoToken token, java.lang.String curveName)`	Generates an ecc key pair by curve name
`static java.security.KeyPair`	`generateECCKeyPair(org.mozilla.jss.crypto.CryptoToken token, java.lang.String curveName, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask)`
`static java.security.KeyPair`	`generateECCKeyPair(org.mozilla.jss.crypto.CryptoToken token, java.lang.String curveName, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask, boolean temporary, int sensitive, int extractable)`
`static org.mozilla.jss.crypto.SymmetricKey`	`generateKey(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.KeyGenAlgorithm alg, int keySize, org.mozilla.jss.crypto.SymmetricKey.Usage[] usages, boolean temporary)`
`static byte[]`	`generateKeyIdentifier(byte[] rawKey)`
`static byte[]`	`generateKeyIdentifier(byte[] rawKey, java.lang.String alg)`
`static java.security.KeyPair`	`generateRSAKeyPair(org.mozilla.jss.crypto.CryptoToken token, int keysize)`	Generates a RSA key pair.
`static java.security.KeyPair`	`generateRSAKeyPair(org.mozilla.jss.crypto.CryptoToken token, int keysize, boolean temporary)`
`static org.mozilla.jss.netscape.security.x509.X509CertImpl[]`	`getAllUserCerts()`	Retrieves all user certificates from all tokens.
`static org.mozilla.jss.crypto.CryptoToken`	`getCryptoToken(java.lang.String name)`	Retrieves handle to a crypto token.
`static org.mozilla.jss.pkix.primitive.AlgorithmIdentifier`	`getDefaultHashAlg()`
`static java.lang.String`	`getDefaultHashAlgName()`	The following are convenience routines for quick preliminary feature development or test programs that would just take the defaults
`static java.lang.String[]`	`getECcurves()`
`static java.util.Vector<java.lang.String>`	`getECKeyCurve(org.mozilla.jss.netscape.security.x509.X509Key key)`
`static org.mozilla.jss.netscape.security.x509.Extension`	`getExtensionFromCertTemplate(org.mozilla.jss.pkix.crmf.CertTemplate certTemplate, org.mozilla.jss.netscape.security.util.ObjectIdentifier csOID)`
`static org.mozilla.jss.netscape.security.x509.Extension`	`getExtensionFromPKCS10(org.mozilla.jss.netscape.security.pkcs.PKCS10 pkcs10, java.lang.String extnName)`
`static org.mozilla.jss.asn1.OBJECT_IDENTIFIER`	`getHashAlgorithmOID(java.lang.String name)`	getHashAlgorithmOID returns OID of the hashing algorithm name
`static java.lang.String`	`getHMACAlgName(java.lang.String name)`	Maps from HMACAlgorithm name to JSS Provider HMAC Alg name.
`static org.mozilla.jss.asn1.OBJECT_IDENTIFIER`	`getHMACAlgorithmOID(java.lang.String name)`	getHMACAlgorithmOID returns OID of the HMAC algorithm name
`static java.lang.String`	`getHMACtoMessageDigestName(java.lang.String name)`	maps from HMACAlgorithm name to FIPS 180-2 MessageDigest algorithm name
`static org.mozilla.jss.crypto.CryptoToken`	`getKeyStorageToken(java.lang.String name)`	Retrieves handle to a key store token.
`static byte[]`	`getModulus(java.security.PublicKey pubk)`
`static java.lang.String`	`getNameFromHashAlgorithm(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier ai)`	getNameFromHashAlgorithm returns the hashing algorithm name from input Algorithm
`static byte[]`	`getNonceData(int size)`	Generates a nonce_iv for padding.
`static org.mozilla.jss.asn1.OBJECT_IDENTIFIER`	`getOID(org.mozilla.jss.crypto.KeyWrapAlgorithm kwAlg)`
`static org.mozilla.jss.crypto.PrivateKey`	`getPrivateKey(java.lang.String nickname)`	Retrieves a private key by nickname.
`static byte[]`	`getPublicExponent(java.security.PublicKey pubk)`
`static java.security.SecureRandom`	`getRandomNumberGenerator()`
`static java.lang.String`	`getSKIString(org.mozilla.jss.netscape.security.x509.X509CertImpl cert)`
`static java.lang.String`	`getSubjectName(org.mozilla.jss.asn1.SEQUENCE crmfMsgs)`
`static org.mozilla.jss.crypto.SymmetricKey`	`getSymKeyByName(org.mozilla.jss.crypto.CryptoToken token, java.lang.String name)`
`static java.security.cert.X509Certificate[]`	`getX509CertificateFromPKCS7(byte[] b)`
`static org.mozilla.jss.netscape.security.x509.X509Key`	`getX509KeyFromCRMFMsg(org.mozilla.jss.pkix.crmf.CertReqMsg crmfMsg)`
`static org.mozilla.jss.netscape.security.x509.X509Key`	`getX509KeyFromCRMFMsgs(org.mozilla.jss.asn1.SEQUENCE crmfMsgs)`
`static byte[]`	`hexString2Bytes(java.lang.String string)`	Converts string containing pairs of characters in the range of '0' to '9', 'a' to 'f' to an array of bytes such that each pair of characters in the string represents an individual byte
`static void`	`importCertificateChain(byte[] bytes)`
`static java.security.Key`	`importHmacSha1Key(byte[] key)`	importHmacSha1Key returns a key based on a byte array, which is originally a password.
`static org.mozilla.jss.crypto.X509Certificate[]`	`importPKCS7(org.mozilla.jss.netscape.security.pkcs.PKCS7 pkcs7)`
`static org.mozilla.jss.crypto.X509Certificate[]`	`importPKCS7(org.mozilla.jss.netscape.security.pkcs.PKCS7 pkcs7, java.lang.String nickname, java.lang.String trustFlags)`
`static org.mozilla.jss.crypto.PrivateKey`	`importPKIArchiveOptions(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.PrivateKey unwrappingKey, java.security.PublicKey pubkey, byte[] data)`
`static void`	`importSharedSecret(byte[] wrappedSessionKey, byte[] wrappedSharedSecret, java.lang.String subsystemCertNickname, java.lang.String sharedSecretNickname)`
`static org.mozilla.jss.crypto.X509Certificate`	`importUserCertificate(byte[] bytes, java.lang.String nickname)`	Imports a user certificate.
`static org.mozilla.jss.crypto.X509Certificate`	`importUserCertificateChain(java.lang.String c, java.lang.String nickname)`	Imports a PKCS#7 certificate chain that includes the user certificate, and trusts the certificate.
`static boolean`	`isCertTrusted(org.mozilla.jss.crypto.InternalCertificate cert)`	To certificate server point of view, SSL trust is what we referring.
`static boolean`	`isECCKey(org.mozilla.jss.netscape.security.x509.X509Key key)`
`static boolean`	`isInternalToken(java.lang.String name)`
`static boolean`	`isTrust(int flag)`
`static java.lang.String`	`mapSignatureAlgorithmToInternalName(org.mozilla.jss.crypto.SignatureAlgorithm alg)`
`static java.lang.String`	`normalizeCertAndReq(java.lang.String s)`
`static java.lang.String`	`normalizeCertStr(java.lang.String s)`
`static void`	`obscureBytes(byte[] memory, java.lang.String method)`
`static void`	`obscureChars(char[] memory)`
`static org.mozilla.jss.asn1.SEQUENCE`	`parseCRMFMsgs(byte[] cert_request)`
`static java.lang.String`	`reqFormat(java.lang.String content)`
`static void`	`setClientCiphers(java.lang.String list)`
`static void`	`setDefaultSSLCiphers()`
`static void`	`setSSLCipher(java.lang.String name, boolean enabled)`
`static void`	`setSSLCiphers(java.lang.String ciphers)`
`static void`	`setTrustFlags(org.mozilla.jss.crypto.X509Certificate cert, java.lang.String trustFlags)`
`static boolean`	`sharedSecretExists(java.lang.String nickname)`
`static org.mozilla.jss.netscape.security.x509.X509CertImpl`	`signCert(java.security.PrivateKey privateKey, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo, java.lang.String alg)`	Signs certificate.
`static org.mozilla.jss.netscape.security.x509.X509CertImpl`	`signCert(java.security.PrivateKey privateKey, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo, org.mozilla.jss.crypto.SignatureAlgorithm sigAlg)`
`static org.mozilla.jss.netscape.security.x509.X509CertImpl`	`signECCCert(java.security.PrivateKey privateKey, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)`
`static byte[]`	`string2byte(java.lang.String id)`	Converts a signed, variable-length hexadecimal number into a byte array, which may not be identical to the original byte array.
`static java.lang.String`	`stripCertBrackets(java.lang.String s)`	strips out the begin and end certificate brackets
`static void`	`trustAuditSigningCert(org.mozilla.jss.crypto.X509Certificate cert)`
`static void`	`trustCACert(org.mozilla.jss.crypto.X509Certificate cert)`
`static void`	`trustCert(org.mozilla.jss.crypto.InternalCertificate cert)`	Trusts a certificate.
`static void`	`trustCertByNickname(java.lang.String nickname)`	Trusts a certificate by nickname.
`static void`	`unsetSSLCiphers()`
`static void`	`unTrustCert(org.mozilla.jss.crypto.InternalCertificate cert)`
`static org.mozilla.jss.crypto.PrivateKey`	`unwrap(org.mozilla.jss.crypto.CryptoToken token, java.security.PublicKey pubKey, boolean temporary, org.mozilla.jss.crypto.SymmetricKey wrappingKey, byte[] wrappedData, org.mozilla.jss.crypto.KeyWrapAlgorithm wrapAlgorithm, org.mozilla.jss.crypto.IVParameterSpec wrapIV)`
`static org.mozilla.jss.crypto.SymmetricKey`	`unwrap(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.SymmetricKey.Type keyType, int strength, org.mozilla.jss.crypto.SymmetricKey.Usage usage, org.mozilla.jss.crypto.PrivateKey wrappingKey, byte[] wrappedData, org.mozilla.jss.crypto.KeyWrapAlgorithm wrapAlgorithm)`
`static org.mozilla.jss.crypto.SymmetricKey`	`unwrap(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.SymmetricKey.Type keyType, int strength, org.mozilla.jss.crypto.SymmetricKey.Usage usage, org.mozilla.jss.crypto.SymmetricKey wrappingKey, byte[] wrappedData, org.mozilla.jss.crypto.KeyWrapAlgorithm wrapAlgorithm, org.mozilla.jss.crypto.IVParameterSpec wrappingIV)`
`static byte[]`	`unwrapUsingPassphrase(byte[] wrappedRecoveredKey, java.lang.String recoveryPassphrase)`
`static byte[]`	`wrapSymmetricKey(org.mozilla.jss.crypto.CryptoToken token, java.security.PublicKey wrappingKey, org.mozilla.jss.crypto.SymmetricKey sk)`
`static byte[]`	`wrapUsingPublicKey(org.mozilla.jss.crypto.CryptoToken token, java.security.PublicKey wrappingKey, org.mozilla.jss.crypto.SymmetricKey data, org.mozilla.jss.crypto.KeyWrapAlgorithm alg)`
`static byte[]`	`wrapUsingSymmetricKey(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.SymmetricKey wrappingKey, org.mozilla.jss.crypto.PrivateKey data, org.mozilla.jss.crypto.IVParameterSpec ivspec, org.mozilla.jss.crypto.KeyWrapAlgorithm alg)`
`static byte[]`	`wrapUsingSymmetricKey(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.SymmetricKey wrappingKey, org.mozilla.jss.crypto.SymmetricKey data, org.mozilla.jss.crypto.IVParameterSpec ivspec, org.mozilla.jss.crypto.KeyWrapAlgorithm alg)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

KEY_ID_LENGTH
```
public static final int KEY_ID_LENGTH
```
See Also:

Constant Field Values

INTERNAL_TOKEN_NAME

public static final java.lang.String INTERNAL_TOKEN_NAME

See Also:: Constant Field Values

INTERNAL_TOKEN_FULL_NAME

public static final java.lang.String INTERNAL_TOKEN_FULL_NAME

See Also:: Constant Field Values

LINE_COUNT
```
public static final int LINE_COUNT
```
See Also:

Constant Field Values

clientECCiphers

public static final java.lang.Integer[] clientECCiphers

clientECCipherList

public static java.util.List<java.lang.Integer> clientECCipherList

RSA_ENCRYPTION

public static org.mozilla.jss.asn1.OBJECT_IDENTIFIER RSA_ENCRYPTION

Constructor Detail
- CryptoUtil
```
public CryptoUtil()
```

Method Detail

arraysEqual

public static boolean arraysEqual(byte[] bytes,
                                  byte[] ints)

isInternalToken

public static boolean isInternalToken(java.lang.String name)

getCryptoToken

public static org.mozilla.jss.crypto.CryptoToken getCryptoToken(java.lang.String name)
                                                         throws org.mozilla.jss.NotInitializedException,
                                                                org.mozilla.jss.NoSuchTokenException

Retrieves handle to a crypto token.

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.NoSuchTokenException

getKeyStorageToken

public static org.mozilla.jss.crypto.CryptoToken getKeyStorageToken(java.lang.String name)
                                                             throws org.mozilla.jss.NotInitializedException,
                                                                    org.mozilla.jss.NoSuchTokenException

Retrieves handle to a key store token.

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.NoSuchTokenException

generateRSAKeyPair

public static java.security.KeyPair generateRSAKeyPair(org.mozilla.jss.crypto.CryptoToken token,
                                                       int keysize)
                                                throws java.lang.Exception

Generates a RSA key pair.

Throws:: java.lang.Exception

generateRSAKeyPair

public static java.security.KeyPair generateRSAKeyPair(org.mozilla.jss.crypto.CryptoToken token,
                                                       int keysize,
                                                       boolean temporary)
                                                throws java.lang.Exception

Throws:: java.lang.Exception

isECCKey

public static boolean isECCKey(org.mozilla.jss.netscape.security.x509.X509Key key)

generateECCKeyPair

public static java.security.KeyPair generateECCKeyPair(org.mozilla.jss.crypto.CryptoToken token,
                                                       int keysize)
                                                throws org.mozilla.jss.NotInitializedException,
                                                       org.mozilla.jss.NoSuchTokenException,
                                                       java.security.NoSuchAlgorithmException,
                                                       org.mozilla.jss.crypto.TokenException

Generates an ecc key pair.

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.NoSuchTokenException; java.security.NoSuchAlgorithmException; org.mozilla.jss.crypto.TokenException

generateECCKeyPair

public static java.security.KeyPair generateECCKeyPair(org.mozilla.jss.crypto.CryptoToken token,
                                                       int keysize,
                                                       org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops,
                                                       org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask)
                                                throws org.mozilla.jss.NotInitializedException,
                                                       org.mozilla.jss.NoSuchTokenException,
                                                       java.security.NoSuchAlgorithmException,
                                                       org.mozilla.jss.crypto.TokenException

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.NoSuchTokenException; java.security.NoSuchAlgorithmException; org.mozilla.jss.crypto.TokenException

generateECCKeyPair

public static java.security.KeyPair generateECCKeyPair(org.mozilla.jss.crypto.CryptoToken token,
                                                       int keysize,
                                                       org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops,
                                                       org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask,
                                                       boolean temporary,
                                                       int sensitive,
                                                       int extractable)
                                                throws org.mozilla.jss.NotInitializedException,
                                                       org.mozilla.jss.NoSuchTokenException,
                                                       java.security.NoSuchAlgorithmException,
                                                       org.mozilla.jss.crypto.TokenException

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.NoSuchTokenException; java.security.NoSuchAlgorithmException; org.mozilla.jss.crypto.TokenException

generateECCKeyPair

public static java.security.KeyPair generateECCKeyPair(org.mozilla.jss.crypto.CryptoToken token,
                                                       java.lang.String curveName)
                                                throws org.mozilla.jss.NotInitializedException,
                                                       org.mozilla.jss.NoSuchTokenException,
                                                       java.security.NoSuchAlgorithmException,
                                                       org.mozilla.jss.crypto.TokenException

Generates an ecc key pair by curve name

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.NoSuchTokenException; java.security.NoSuchAlgorithmException; org.mozilla.jss.crypto.TokenException

generateECCKeyPair

public static java.security.KeyPair generateECCKeyPair(org.mozilla.jss.crypto.CryptoToken token,
                                                       java.lang.String curveName,
                                                       org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops,
                                                       org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask)
                                                throws org.mozilla.jss.NotInitializedException,
                                                       org.mozilla.jss.NoSuchTokenException,
                                                       java.security.NoSuchAlgorithmException,
                                                       org.mozilla.jss.crypto.TokenException

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.NoSuchTokenException; java.security.NoSuchAlgorithmException; org.mozilla.jss.crypto.TokenException

generateECCKeyPair

public static java.security.KeyPair generateECCKeyPair(org.mozilla.jss.crypto.CryptoToken token,
                                                       java.lang.String curveName,
                                                       org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops,
                                                       org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask,
                                                       boolean temporary,
                                                       int sensitive,
                                                       int extractable)
                                                throws org.mozilla.jss.NotInitializedException,
                                                       org.mozilla.jss.NoSuchTokenException,
                                                       java.security.NoSuchAlgorithmException,
                                                       org.mozilla.jss.crypto.TokenException

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.NoSuchTokenException; java.security.NoSuchAlgorithmException; org.mozilla.jss.crypto.TokenException

setClientCiphers

public static void setClientCiphers(java.lang.String list)
                             throws java.net.SocketException

Throws:: java.net.SocketException

setSSLCiphers

public static void setSSLCiphers(java.lang.String ciphers)
                          throws java.net.SocketException

Throws:: java.net.SocketException

setSSLCipher

public static void setSSLCipher(java.lang.String name,
                                boolean enabled)
                         throws java.net.SocketException

Throws:: java.net.SocketException

setDefaultSSLCiphers

public static void setDefaultSSLCiphers()
                                 throws java.net.SocketException

Throws:: java.net.SocketException

unsetSSLCiphers

public static void unsetSSLCiphers()
                            throws java.net.SocketException

Throws:: java.net.SocketException

getModulus

public static byte[] getModulus(java.security.PublicKey pubk)

getPublicExponent

public static byte[] getPublicExponent(java.security.PublicKey pubk)

base64Encode

public static java.lang.String base64Encode(byte[] bytes)
                                     throws java.io.IOException

Throws:: java.io.IOException

base64Decode

public static byte[] base64Decode(java.lang.String s)
                           throws java.io.IOException

Throws:: java.io.IOException

reqFormat

public static java.lang.String reqFormat(java.lang.String content)

certFormat

public static java.lang.String certFormat(java.lang.String content)

stripCertBrackets
```
public static java.lang.String stripCertBrackets(java.lang.String s)
```
strips out the begin and end certificate brackets

Parameters:

s - the string potentially bracketed with "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"

Returns:

string without the brackets

normalizeCertAndReq

public static java.lang.String normalizeCertAndReq(java.lang.String s)

normalizeCertStr

public static java.lang.String normalizeCertStr(java.lang.String s)

importPKCS7

public static org.mozilla.jss.crypto.X509Certificate[] importPKCS7(org.mozilla.jss.netscape.security.pkcs.PKCS7 pkcs7,
                                                                   java.lang.String nickname,
                                                                   java.lang.String trustFlags)
                                                            throws java.lang.Exception

Throws:: java.lang.Exception

importPKCS7

public static org.mozilla.jss.crypto.X509Certificate[] importPKCS7(org.mozilla.jss.netscape.security.pkcs.PKCS7 pkcs7)
                                                            throws java.lang.Exception

Throws:: java.lang.Exception

importCertificateChain

public static void importCertificateChain(byte[] bytes)
                                   throws java.lang.Exception

Throws:: java.lang.Exception

parseCRMFMsgs

public static org.mozilla.jss.asn1.SEQUENCE parseCRMFMsgs(byte[] cert_request)
                                                   throws java.io.IOException,
                                                          org.mozilla.jss.asn1.InvalidBERException

Throws:: java.io.IOException; org.mozilla.jss.asn1.InvalidBERException

getX509KeyFromCRMFMsgs

public static org.mozilla.jss.netscape.security.x509.X509Key getX509KeyFromCRMFMsgs(org.mozilla.jss.asn1.SEQUENCE crmfMsgs)
                                                                             throws java.io.IOException,
                                                                                    java.security.NoSuchAlgorithmException,
                                                                                    java.security.InvalidKeyException,
                                                                                    org.mozilla.jss.crypto.InvalidKeyFormatException

Throws:: java.io.IOException; java.security.NoSuchAlgorithmException; java.security.InvalidKeyException; org.mozilla.jss.crypto.InvalidKeyFormatException

getX509KeyFromCRMFMsg

public static org.mozilla.jss.netscape.security.x509.X509Key getX509KeyFromCRMFMsg(org.mozilla.jss.pkix.crmf.CertReqMsg crmfMsg)
                                                                            throws java.io.IOException,
                                                                                   java.security.NoSuchAlgorithmException,
                                                                                   java.security.InvalidKeyException,
                                                                                   org.mozilla.jss.crypto.InvalidKeyFormatException

Throws:: java.io.IOException; java.security.NoSuchAlgorithmException; java.security.InvalidKeyException; org.mozilla.jss.crypto.InvalidKeyFormatException

createX509Key

public static org.mozilla.jss.netscape.security.x509.X509Key createX509Key(java.security.PublicKey publicKey)
                                                                    throws java.security.InvalidKeyException

Throws:: java.security.InvalidKeyException

getSubjectName

public static java.lang.String getSubjectName(org.mozilla.jss.asn1.SEQUENCE crmfMsgs)
                                       throws java.io.IOException

Throws:: java.io.IOException

createX509CertInfo

public static org.mozilla.jss.netscape.security.x509.X509CertInfo createX509CertInfo(org.mozilla.jss.netscape.security.x509.X509Key x509key,
                                                                                     java.math.BigInteger serialno,
                                                                                     org.mozilla.jss.netscape.security.x509.CertificateIssuerName issuerName,
                                                                                     java.lang.String subjname,
                                                                                     java.util.Date notBefore,
                                                                                     java.util.Date notAfter,
                                                                                     java.lang.String alg)
                                                                              throws java.io.IOException,
                                                                                     java.security.cert.CertificateException,
                                                                                     java.security.InvalidKeyException,
                                                                                     java.security.NoSuchAlgorithmException

Creates a Certificate template.

Throws:: java.io.IOException; java.security.cert.CertificateException; java.security.InvalidKeyException; java.security.NoSuchAlgorithmException

signECCCert

public static org.mozilla.jss.netscape.security.x509.X509CertImpl signECCCert(java.security.PrivateKey privateKey,
                                                                              org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)
                                                                       throws org.mozilla.jss.NoSuchTokenException,
                                                                              org.mozilla.jss.NotInitializedException,
                                                                              java.security.NoSuchAlgorithmException,
                                                                              org.mozilla.jss.NoSuchTokenException,
                                                                              org.mozilla.jss.crypto.TokenException,
                                                                              java.security.InvalidKeyException,
                                                                              java.security.SignatureException,
                                                                              java.io.IOException,
                                                                              java.security.cert.CertificateException

Throws:: org.mozilla.jss.NoSuchTokenException; org.mozilla.jss.NotInitializedException; java.security.NoSuchAlgorithmException; org.mozilla.jss.crypto.TokenException; java.security.InvalidKeyException; java.security.SignatureException; java.io.IOException; java.security.cert.CertificateException

signCert

public static org.mozilla.jss.netscape.security.x509.X509CertImpl signCert(java.security.PrivateKey privateKey,
                                                                           org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo,
                                                                           java.lang.String alg)
                                                                    throws org.mozilla.jss.NoSuchTokenException,
                                                                           org.mozilla.jss.NotInitializedException,
                                                                           java.security.NoSuchAlgorithmException,
                                                                           org.mozilla.jss.NoSuchTokenException,
                                                                           org.mozilla.jss.crypto.TokenException,
                                                                           java.security.InvalidKeyException,
                                                                           java.security.SignatureException,
                                                                           java.io.IOException,
                                                                           java.security.cert.CertificateException

Signs certificate.

Throws:: org.mozilla.jss.NoSuchTokenException; org.mozilla.jss.NotInitializedException; java.security.NoSuchAlgorithmException; org.mozilla.jss.crypto.TokenException; java.security.InvalidKeyException; java.security.SignatureException; java.io.IOException; java.security.cert.CertificateException

signCert

public static org.mozilla.jss.netscape.security.x509.X509CertImpl signCert(java.security.PrivateKey privateKey,
                                                                           org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo,
                                                                           org.mozilla.jss.crypto.SignatureAlgorithm sigAlg)
                                                                    throws org.mozilla.jss.NoSuchTokenException,
                                                                           org.mozilla.jss.NotInitializedException,
                                                                           java.security.NoSuchAlgorithmException,
                                                                           org.mozilla.jss.NoSuchTokenException,
                                                                           org.mozilla.jss.crypto.TokenException,
                                                                           java.security.InvalidKeyException,
                                                                           java.security.SignatureException,
                                                                           java.io.IOException,
                                                                           java.security.cert.CertificateException

Throws:: org.mozilla.jss.NoSuchTokenException; org.mozilla.jss.NotInitializedException; java.security.NoSuchAlgorithmException; org.mozilla.jss.crypto.TokenException; java.security.InvalidKeyException; java.security.SignatureException; java.io.IOException; java.security.cert.CertificateException

createCertificationRequest

public static org.mozilla.jss.netscape.security.pkcs.PKCS10 createCertificationRequest(java.lang.String subjectName,
                                                                                       org.mozilla.jss.netscape.security.x509.X509Key pubk,
                                                                                       java.security.PrivateKey prik,
                                                                                       java.lang.String alg,
                                                                                       org.mozilla.jss.netscape.security.x509.Extensions exts)
                                                                                throws java.security.NoSuchAlgorithmException,
                                                                                       java.security.NoSuchProviderException,
                                                                                       java.security.InvalidKeyException,
                                                                                       java.io.IOException,
                                                                                       java.security.cert.CertificateException,
                                                                                       java.security.SignatureException

Throws:: java.security.NoSuchAlgorithmException; java.security.NoSuchProviderException; java.security.InvalidKeyException; java.io.IOException; java.security.cert.CertificateException; java.security.SignatureException

createKeyIdentifier

public static org.mozilla.jss.netscape.security.x509.KeyIdentifier createKeyIdentifier(java.security.KeyPair keypair)
                                                                                throws java.security.NoSuchAlgorithmException,
                                                                                       java.security.InvalidKeyException

Throws:: java.security.NoSuchAlgorithmException; java.security.InvalidKeyException

generateKeyIdentifier

public static byte[] generateKeyIdentifier(byte[] rawKey)

generateKeyIdentifier

public static byte[] generateKeyIdentifier(byte[] rawKey,
                                           java.lang.String alg)

getSKIString

public static java.lang.String getSKIString(org.mozilla.jss.netscape.security.x509.X509CertImpl cert)
                                     throws java.io.IOException

Throws:: java.io.IOException

createCertificationRequest

public static org.mozilla.jss.netscape.security.pkcs.PKCS10 createCertificationRequest(java.lang.String subjectName,
                                                                                       java.security.KeyPair keyPair)
                                                                                throws java.security.NoSuchAlgorithmException,
                                                                                       java.security.NoSuchProviderException,
                                                                                       java.security.InvalidKeyException,
                                                                                       java.io.IOException,
                                                                                       java.security.cert.CertificateException,
                                                                                       java.security.SignatureException

Creates a PKCS#10 request.

Throws:: java.security.NoSuchAlgorithmException; java.security.NoSuchProviderException; java.security.InvalidKeyException; java.io.IOException; java.security.cert.CertificateException; java.security.SignatureException

createCertificationRequest

public static org.mozilla.jss.netscape.security.pkcs.PKCS10 createCertificationRequest(java.lang.String subjectName,
                                                                                       java.security.KeyPair keyPair,
                                                                                       java.lang.String alg)
                                                                                throws java.security.NoSuchAlgorithmException,
                                                                                       java.security.NoSuchProviderException,
                                                                                       java.security.InvalidKeyException,
                                                                                       java.io.IOException,
                                                                                       java.security.cert.CertificateException,
                                                                                       java.security.SignatureException

Throws:: java.security.NoSuchAlgorithmException; java.security.NoSuchProviderException; java.security.InvalidKeyException; java.io.IOException; java.security.cert.CertificateException; java.security.SignatureException

getExtensionFromPKCS10

public static org.mozilla.jss.netscape.security.x509.Extension getExtensionFromPKCS10(org.mozilla.jss.netscape.security.pkcs.PKCS10 pkcs10,
                                                                                      java.lang.String extnName)
                                                                               throws java.io.IOException,
                                                                                      java.security.cert.CertificateException

Throws:: java.io.IOException; java.security.cert.CertificateException

getExtensionFromCertTemplate

public static org.mozilla.jss.netscape.security.x509.Extension getExtensionFromCertTemplate(org.mozilla.jss.pkix.crmf.CertTemplate certTemplate,
                                                                                            org.mozilla.jss.netscape.security.util.ObjectIdentifier csOID)

unTrustCert

public static void unTrustCert(org.mozilla.jss.crypto.InternalCertificate cert)

trustCertByNickname

public static void trustCertByNickname(java.lang.String nickname)
                                throws org.mozilla.jss.NotInitializedException,
                                       org.mozilla.jss.crypto.TokenException

Trusts a certificate by nickname.

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.crypto.TokenException

trustCert

public static void trustCert(org.mozilla.jss.crypto.InternalCertificate cert)

Trusts a certificate.

setTrustFlags

public static void setTrustFlags(org.mozilla.jss.crypto.X509Certificate cert,
                                 java.lang.String trustFlags)
                          throws java.lang.Exception

Throws:: java.lang.Exception

trustCACert

public static void trustCACert(org.mozilla.jss.crypto.X509Certificate cert)

trustAuditSigningCert

public static void trustAuditSigningCert(org.mozilla.jss.crypto.X509Certificate cert)

isCertTrusted

public static boolean isCertTrusted(org.mozilla.jss.crypto.InternalCertificate cert)

To certificate server point of view, SSL trust is what we referring.

isTrust

public static boolean isTrust(int flag)

generateKey

public static org.mozilla.jss.crypto.SymmetricKey generateKey(org.mozilla.jss.crypto.CryptoToken token,
                                                              org.mozilla.jss.crypto.KeyGenAlgorithm alg,
                                                              int keySize,
                                                              org.mozilla.jss.crypto.SymmetricKey.Usage[] usages,
                                                              boolean temporary)
                                                       throws java.lang.Exception

Throws:: java.lang.Exception

compare

public static boolean compare(byte[] src,
                              byte[] dest)

Compares 2 byte arrays to see if they are the same.

byte2string
```
public static java.lang.String byte2string(byte[] id)
```
Converts any length byte array into a signed, variable-length hexadecimal number.

string2byte
```
public static byte[] string2byte(java.lang.String id)
```
Converts a signed, variable-length hexadecimal number into a byte array, which may not be identical to the original byte array.

encodeKeyID
```
public static java.lang.String encodeKeyID(byte[] keyID)
```
Converts NSS key ID from a 20 byte array into a signed, variable-length hexadecimal number (to maintain compatibility with byte2string()).

decodeKeyID
```
public static byte[] decodeKeyID(java.lang.String id)
```
Converts NSS key ID from a signed, variable-length hexadecimal number into a 20 byte array, which will be identical to the original byte array.

hexString2Bytes
```
public static byte[] hexString2Bytes(java.lang.String string)
```
Converts string containing pairs of characters in the range of '0' to '9', 'a' to 'f' to an array of bytes such that each pair of characters in the string represents an individual byte

bytesToChars

public static char[] bytesToChars(byte[] bytes)

charsToBytes

public static byte[] charsToBytes(char[] chars)

createPasswordFromBytes

public static org.mozilla.jss.util.Password createPasswordFromBytes(byte[] bytes)

Create a jss Password object from a provided byte array.

findPrivateKeyFromID

public static org.mozilla.jss.crypto.PrivateKey findPrivateKeyFromID(byte[] id)
                                                              throws org.mozilla.jss.NotInitializedException,
                                                                     org.mozilla.jss.crypto.TokenException

Retrieves a private key from a unique key ID.

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.crypto.TokenException

getAllUserCerts

public static org.mozilla.jss.netscape.security.x509.X509CertImpl[] getAllUserCerts()
                                                                             throws org.mozilla.jss.NotInitializedException,
                                                                                    org.mozilla.jss.crypto.TokenException

Retrieves all user certificates from all tokens.

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.crypto.TokenException

deletePrivateKey

public static void deletePrivateKey(org.mozilla.jss.crypto.PrivateKey prikey)
                             throws org.mozilla.jss.NotInitializedException,
                                    org.mozilla.jss.crypto.TokenException

Deletes a private key.

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.crypto.TokenException

getPrivateKey

public static org.mozilla.jss.crypto.PrivateKey getPrivateKey(java.lang.String nickname)
                                                       throws org.mozilla.jss.NotInitializedException,
                                                              org.mozilla.jss.crypto.TokenException

Retrieves a private key by nickname.

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.crypto.TokenException

deleteCertificates

public static void deleteCertificates(java.lang.String nickname)
                               throws org.mozilla.jss.crypto.TokenException,
                                      org.mozilla.jss.crypto.ObjectNotFoundException,
                                      org.mozilla.jss.crypto.NoSuchItemOnTokenException,
                                      org.mozilla.jss.NotInitializedException

Deletes all certificates by a nickname.

Throws:: org.mozilla.jss.crypto.TokenException; org.mozilla.jss.crypto.ObjectNotFoundException; org.mozilla.jss.crypto.NoSuchItemOnTokenException; org.mozilla.jss.NotInitializedException

deleteUserCertificates

public static void deleteUserCertificates(java.lang.String nickname)
                                   throws org.mozilla.jss.NotInitializedException,
                                          org.mozilla.jss.crypto.TokenException

Deletes user certificates by a nickname.

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.crypto.TokenException

importUserCertificateChain

public static org.mozilla.jss.crypto.X509Certificate importUserCertificateChain(java.lang.String c,
                                                                                java.lang.String nickname)
                                                                         throws org.mozilla.jss.NotInitializedException,
                                                                                org.mozilla.jss.NicknameConflictException,
                                                                                org.mozilla.jss.UserCertConflictException,
                                                                                org.mozilla.jss.crypto.NoSuchItemOnTokenException,
                                                                                org.mozilla.jss.crypto.TokenException,
                                                                                java.security.cert.CertificateEncodingException

Imports a PKCS#7 certificate chain that includes the user certificate, and trusts the certificate.

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.NicknameConflictException; org.mozilla.jss.UserCertConflictException; org.mozilla.jss.crypto.NoSuchItemOnTokenException; org.mozilla.jss.crypto.TokenException; java.security.cert.CertificateEncodingException

importUserCertificate

public static org.mozilla.jss.crypto.X509Certificate importUserCertificate(byte[] bytes,
                                                                           java.lang.String nickname)
                                                                    throws org.mozilla.jss.NotInitializedException,
                                                                           java.security.cert.CertificateEncodingException,
                                                                           org.mozilla.jss.crypto.NoSuchItemOnTokenException,
                                                                           org.mozilla.jss.crypto.TokenException,
                                                                           org.mozilla.jss.NicknameConflictException,
                                                                           org.mozilla.jss.UserCertConflictException

Imports a user certificate.

Throws:: org.mozilla.jss.NotInitializedException; java.security.cert.CertificateEncodingException; org.mozilla.jss.crypto.NoSuchItemOnTokenException; org.mozilla.jss.crypto.TokenException; org.mozilla.jss.NicknameConflictException; org.mozilla.jss.UserCertConflictException

getX509CertificateFromPKCS7

public static java.security.cert.X509Certificate[] getX509CertificateFromPKCS7(byte[] b)
                                                                        throws java.io.IOException

Throws:: java.io.IOException

getNonceData

public static byte[] getNonceData(int size)
                           throws java.security.GeneralSecurityException

Generates a nonce_iv for padding.

Throws:: java.security.GeneralSecurityException

getRandomNumberGenerator

public static java.security.SecureRandom getRandomNumberGenerator()
                                                           throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

obscureChars

public static void obscureChars(char[] memory)

obscureBytes

public static void obscureBytes(byte[] memory,
                                java.lang.String method)

unwrapUsingPassphrase

public static byte[] unwrapUsingPassphrase(byte[] wrappedRecoveredKey,
                                           java.lang.String recoveryPassphrase)
                                    throws java.io.IOException,
                                           org.mozilla.jss.asn1.InvalidBERException,
                                           java.security.InvalidKeyException,
                                           java.lang.IllegalStateException,
                                           java.security.NoSuchAlgorithmException,
                                           java.security.InvalidAlgorithmParameterException,
                                           org.mozilla.jss.NotInitializedException,
                                           org.mozilla.jss.crypto.TokenException,
                                           org.mozilla.jss.crypto.IllegalBlockSizeException,
                                           javax.crypto.BadPaddingException

Throws:: java.io.IOException; org.mozilla.jss.asn1.InvalidBERException; java.security.InvalidKeyException; java.lang.IllegalStateException; java.security.NoSuchAlgorithmException; java.security.InvalidAlgorithmParameterException; org.mozilla.jss.NotInitializedException; org.mozilla.jss.crypto.TokenException; org.mozilla.jss.crypto.IllegalBlockSizeException; javax.crypto.BadPaddingException

encryptSecret

public static byte[] encryptSecret(org.mozilla.jss.crypto.CryptoToken token,
                                   byte[] secret,
                                   org.mozilla.jss.crypto.IVParameterSpec iv,
                                   org.mozilla.jss.crypto.SymmetricKey key,
                                   org.mozilla.jss.crypto.EncryptionAlgorithm algorithm)
                            throws java.security.NoSuchAlgorithmException,
                                   org.mozilla.jss.crypto.TokenException,
                                   java.security.InvalidKeyException,
                                   java.security.InvalidAlgorithmParameterException,
                                   org.mozilla.jss.crypto.IllegalBlockSizeException,
                                   javax.crypto.BadPaddingException

Throws:: java.security.NoSuchAlgorithmException; org.mozilla.jss.crypto.TokenException; java.security.InvalidKeyException; java.security.InvalidAlgorithmParameterException; org.mozilla.jss.crypto.IllegalBlockSizeException; javax.crypto.BadPaddingException

wrapSymmetricKey

public static byte[] wrapSymmetricKey(org.mozilla.jss.crypto.CryptoToken token,
                                      java.security.PublicKey wrappingKey,
                                      org.mozilla.jss.crypto.SymmetricKey sk)
                               throws java.lang.Exception

Throws:: java.lang.Exception

createPKIArchiveOptions

public static org.mozilla.jss.pkix.crmf.PKIArchiveOptions createPKIArchiveOptions(org.mozilla.jss.crypto.CryptoToken token,
                                                                                  java.security.PublicKey wrappingKey,
                                                                                  org.mozilla.jss.crypto.PrivateKey data,
                                                                                  org.mozilla.jss.netscape.security.util.WrappingParams params,
                                                                                  org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)
                                                                           throws java.lang.Exception

Throws:: java.lang.Exception

createEncodedPKIArchiveOptions

public static byte[] createEncodedPKIArchiveOptions(org.mozilla.jss.crypto.CryptoToken token,
                                                    java.security.PublicKey wrappingKey,
                                                    org.mozilla.jss.crypto.PrivateKey data,
                                                    org.mozilla.jss.netscape.security.util.WrappingParams params,
                                                    org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)
                                             throws java.lang.Exception

Throws:: java.lang.Exception

createEncodedPKIArchiveOptions

public static byte[] createEncodedPKIArchiveOptions(org.mozilla.jss.crypto.CryptoToken token,
                                                    java.security.PublicKey wrappingKey,
                                                    org.mozilla.jss.crypto.SymmetricKey data,
                                                    org.mozilla.jss.netscape.security.util.WrappingParams params,
                                                    org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)
                                             throws java.lang.Exception

Throws:: java.lang.Exception

createPKIArchiveOptions

public static org.mozilla.jss.pkix.crmf.PKIArchiveOptions createPKIArchiveOptions(org.mozilla.jss.crypto.CryptoToken token,
                                                                                  java.security.PublicKey wrappingKey,
                                                                                  char[] data,
                                                                                  org.mozilla.jss.netscape.security.util.WrappingParams params,
                                                                                  org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)
                                                                           throws java.lang.Exception

Throws:: java.lang.Exception

createEncodedPKIArchiveOptions

public static byte[] createEncodedPKIArchiveOptions(org.mozilla.jss.crypto.CryptoToken token,
                                                    java.security.PublicKey wrappingKey,
                                                    char[] data,
                                                    org.mozilla.jss.netscape.security.util.WrappingParams params,
                                                    org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)
                                             throws java.lang.Exception

Throws:: java.lang.Exception

createPKIArchiveOptions

public static org.mozilla.jss.pkix.crmf.PKIArchiveOptions createPKIArchiveOptions(byte[] session_data,
                                                                                  byte[] key_data,
                                                                                  org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)

encodePKIArchiveOptions

public static byte[] encodePKIArchiveOptions(org.mozilla.jss.pkix.crmf.PKIArchiveOptions opts)
                                      throws java.lang.Exception

Throws:: java.lang.Exception

importPKIArchiveOptions

public static org.mozilla.jss.crypto.PrivateKey importPKIArchiveOptions(org.mozilla.jss.crypto.CryptoToken token,
                                                                        org.mozilla.jss.crypto.PrivateKey unwrappingKey,
                                                                        java.security.PublicKey pubkey,
                                                                        byte[] data)
                                                                 throws org.mozilla.jss.asn1.InvalidBERException,
                                                                        java.lang.Exception

Throws:: org.mozilla.jss.asn1.InvalidBERException; java.lang.Exception

sharedSecretExists

public static boolean sharedSecretExists(java.lang.String nickname)
                                  throws org.mozilla.jss.NotInitializedException,
                                         org.mozilla.jss.crypto.TokenException

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.crypto.TokenException

createSharedSecret

public static void createSharedSecret(java.lang.String nickname)
                               throws org.mozilla.jss.NotInitializedException,
                                      org.mozilla.jss.crypto.TokenException

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.crypto.TokenException

deleteSharedSecret

public static void deleteSharedSecret(java.lang.String nickname)
                               throws org.mozilla.jss.NotInitializedException,
                                      org.mozilla.jss.crypto.TokenException,
                                      java.security.InvalidKeyException

Throws:: org.mozilla.jss.NotInitializedException; org.mozilla.jss.crypto.TokenException; java.security.InvalidKeyException

createDes3SessionKeyOnInternal

public static org.mozilla.jss.crypto.SymmetricKey createDes3SessionKeyOnInternal()
                                                                          throws java.lang.Exception

Throws:: java.lang.Exception

exportSharedSecret

public static java.util.List<byte[]> exportSharedSecret(java.lang.String nickname,
                                                        java.security.cert.X509Certificate wrappingCert,
                                                        org.mozilla.jss.crypto.SymmetricKey wrappingKey)
                                                 throws java.lang.Exception

Throws:: java.lang.Exception

importSharedSecret

public static void importSharedSecret(byte[] wrappedSessionKey,
                                      byte[] wrappedSharedSecret,
                                      java.lang.String subsystemCertNickname,
                                      java.lang.String sharedSecretNickname)
                               throws java.lang.Exception,
                                      org.mozilla.jss.NotInitializedException,
                                      org.mozilla.jss.crypto.TokenException,
                                      java.security.NoSuchAlgorithmException,
                                      org.mozilla.jss.crypto.ObjectNotFoundException,
                                      java.security.InvalidKeyException,
                                      java.security.InvalidAlgorithmParameterException,
                                      java.io.IOException

Throws:: java.lang.Exception; org.mozilla.jss.NotInitializedException; org.mozilla.jss.crypto.TokenException; java.security.NoSuchAlgorithmException; org.mozilla.jss.crypto.ObjectNotFoundException; java.security.InvalidKeyException; java.security.InvalidAlgorithmParameterException; java.io.IOException

getSymKeyByName

public static org.mozilla.jss.crypto.SymmetricKey getSymKeyByName(org.mozilla.jss.crypto.CryptoToken token,
                                                                  java.lang.String name)
                                                           throws java.lang.Exception

Throws:: java.lang.Exception

getECcurves

public static java.lang.String[] getECcurves()

getECKeyCurve

public static java.util.Vector<java.lang.String> getECKeyCurve(org.mozilla.jss.netscape.security.x509.X509Key key)
                                                        throws java.lang.Exception

Throws:: java.lang.Exception

decryptUsingSymmetricKey

public static byte[] decryptUsingSymmetricKey(org.mozilla.jss.crypto.CryptoToken token,
                                              org.mozilla.jss.crypto.IVParameterSpec ivspec,
                                              byte[] encryptedData,
                                              org.mozilla.jss.crypto.SymmetricKey wrappingKey,
                                              org.mozilla.jss.crypto.EncryptionAlgorithm encryptionAlgorithm)
                                       throws java.lang.Exception

Throws:: java.lang.Exception

encryptUsingSymmetricKey

public static byte[] encryptUsingSymmetricKey(org.mozilla.jss.crypto.CryptoToken token,
                                              org.mozilla.jss.crypto.SymmetricKey wrappingKey,
                                              byte[] data,
                                              org.mozilla.jss.crypto.EncryptionAlgorithm alg,
                                              org.mozilla.jss.crypto.IVParameterSpec ivspec)
                                       throws java.lang.Exception

Throws:: java.lang.Exception

wrapUsingSymmetricKey

public static byte[] wrapUsingSymmetricKey(org.mozilla.jss.crypto.CryptoToken token,
                                           org.mozilla.jss.crypto.SymmetricKey wrappingKey,
                                           org.mozilla.jss.crypto.SymmetricKey data,
                                           org.mozilla.jss.crypto.IVParameterSpec ivspec,
                                           org.mozilla.jss.crypto.KeyWrapAlgorithm alg)
                                    throws java.lang.Exception

Throws:: java.lang.Exception

wrapUsingSymmetricKey

public static byte[] wrapUsingSymmetricKey(org.mozilla.jss.crypto.CryptoToken token,
                                           org.mozilla.jss.crypto.SymmetricKey wrappingKey,
                                           org.mozilla.jss.crypto.PrivateKey data,
                                           org.mozilla.jss.crypto.IVParameterSpec ivspec,
                                           org.mozilla.jss.crypto.KeyWrapAlgorithm alg)
                                    throws java.lang.Exception

Throws:: java.lang.Exception

wrapUsingPublicKey

public static byte[] wrapUsingPublicKey(org.mozilla.jss.crypto.CryptoToken token,
                                        java.security.PublicKey wrappingKey,
                                        org.mozilla.jss.crypto.SymmetricKey data,
                                        org.mozilla.jss.crypto.KeyWrapAlgorithm alg)
                                 throws java.lang.Exception

Throws:: java.lang.Exception

unwrap

public static org.mozilla.jss.crypto.SymmetricKey unwrap(org.mozilla.jss.crypto.CryptoToken token,
                                                         org.mozilla.jss.crypto.SymmetricKey.Type keyType,
                                                         int strength,
                                                         org.mozilla.jss.crypto.SymmetricKey.Usage usage,
                                                         org.mozilla.jss.crypto.SymmetricKey wrappingKey,
                                                         byte[] wrappedData,
                                                         org.mozilla.jss.crypto.KeyWrapAlgorithm wrapAlgorithm,
                                                         org.mozilla.jss.crypto.IVParameterSpec wrappingIV)
                                                  throws java.lang.Exception

Throws:: java.lang.Exception

unwrap

public static org.mozilla.jss.crypto.SymmetricKey unwrap(org.mozilla.jss.crypto.CryptoToken token,
                                                         org.mozilla.jss.crypto.SymmetricKey.Type keyType,
                                                         int strength,
                                                         org.mozilla.jss.crypto.SymmetricKey.Usage usage,
                                                         org.mozilla.jss.crypto.PrivateKey wrappingKey,
                                                         byte[] wrappedData,
                                                         org.mozilla.jss.crypto.KeyWrapAlgorithm wrapAlgorithm)
                                                  throws java.lang.Exception

Throws:: java.lang.Exception

unwrap

public static org.mozilla.jss.crypto.PrivateKey unwrap(org.mozilla.jss.crypto.CryptoToken token,
                                                       java.security.PublicKey pubKey,
                                                       boolean temporary,
                                                       org.mozilla.jss.crypto.SymmetricKey wrappingKey,
                                                       byte[] wrappedData,
                                                       org.mozilla.jss.crypto.KeyWrapAlgorithm wrapAlgorithm,
                                                       org.mozilla.jss.crypto.IVParameterSpec wrapIV)
                                                throws java.lang.Exception

Throws:: java.lang.Exception

createEnvelopedData

public static org.mozilla.jss.pkix.cms.EnvelopedData createEnvelopedData(byte[] encContent,
                                                                         byte[] encSymKey)
                                                                  throws java.lang.Exception

for CMC encryptedPOP

Throws:: java.lang.Exception

getDefaultHashAlgName
```
public static java.lang.String getDefaultHashAlgName()
```
The following are convenience routines for quick preliminary feature development or test programs that would just take the defaults

getDefaultHashAlg

public static org.mozilla.jss.pkix.primitive.AlgorithmIdentifier getDefaultHashAlg()
                                                                            throws java.lang.Exception

Throws:: java.lang.Exception

importHmacSha1Key
```
public static java.security.Key importHmacSha1Key(byte[] key)
                                           throws java.lang.Exception
```
importHmacSha1Key returns a key based on a byte array, which is originally a password. Used for the HMAC Digest algorithms.

Parameters:

key - the byte array representing the original password or secret.

Returns:

The JSS SymKey

Throws:

java.lang.Exception

getHMACtoMessageDigestName
```
public static java.lang.String getHMACtoMessageDigestName(java.lang.String name)
```
maps from HMACAlgorithm name to FIPS 180-2 MessageDigest algorithm name

getHMACAlgorithmOID

public static org.mozilla.jss.asn1.OBJECT_IDENTIFIER getHMACAlgorithmOID(java.lang.String name)
                                                                  throws java.security.NoSuchAlgorithmException

getHMACAlgorithmOID returns OID of the HMAC algorithm name

Parameters:: name - name of the HMAC algorithm
Returns:: OID of the HMAC algorithm
Throws:: java.security.NoSuchAlgorithmException

getHashAlgorithmOID

public static org.mozilla.jss.asn1.OBJECT_IDENTIFIER getHashAlgorithmOID(java.lang.String name)
                                                                  throws java.security.NoSuchAlgorithmException

getHashAlgorithmOID returns OID of the hashing algorithm name

Parameters:: name - name of the hashing algorithm
Returns:: OID of the hashing algorithm
Throws:: java.security.NoSuchAlgorithmException

getNameFromHashAlgorithm
```
public static java.lang.String getNameFromHashAlgorithm(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier ai)
                                                 throws java.security.NoSuchAlgorithmException
```
getNameFromHashAlgorithm returns the hashing algorithm name from input Algorithm

Parameters:

ai - the hashing algorithm AlgorithmIdentifier

Returns:

name of the hashing algorithm

Throws:

java.security.NoSuchAlgorithmException

getHMACAlgName

public static java.lang.String getHMACAlgName(java.lang.String name)

Maps from HMACAlgorithm name to JSS Provider HMAC Alg name.

getOID

public static org.mozilla.jss.asn1.OBJECT_IDENTIFIER getOID(org.mozilla.jss.crypto.KeyWrapAlgorithm kwAlg)
                                                     throws java.security.NoSuchAlgorithmException

Throws:: java.security.NoSuchAlgorithmException

mapSignatureAlgorithmToInternalName

public static java.lang.String mapSignatureAlgorithmToInternalName(org.mozilla.jss.crypto.SignatureAlgorithm alg)
                                                            throws java.security.NoSuchAlgorithmException

Throws:: java.security.NoSuchAlgorithmException

Class CryptoUtil

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

KEY_ID_LENGTH

INTERNAL_TOKEN_NAME

INTERNAL_TOKEN_FULL_NAME

LINE_COUNT

clientECCiphers

clientECCipherList

RSA_ENCRYPTION

Constructor Detail

CryptoUtil

Method Detail

arraysEqual

isInternalToken

getCryptoToken

getKeyStorageToken

generateRSAKeyPair

generateRSAKeyPair

isECCKey

generateECCKeyPair

generateECCKeyPair

generateECCKeyPair

generateECCKeyPair

generateECCKeyPair

generateECCKeyPair

setClientCiphers

setSSLCiphers

setSSLCipher

setDefaultSSLCiphers

unsetSSLCiphers

getModulus

getPublicExponent

base64Encode

base64Decode

reqFormat

certFormat

stripCertBrackets

normalizeCertAndReq

normalizeCertStr

importPKCS7

importPKCS7

importCertificateChain

parseCRMFMsgs

getX509KeyFromCRMFMsgs

getX509KeyFromCRMFMsg

createX509Key

getSubjectName

createX509CertInfo

signECCCert

signCert

signCert

createCertificationRequest

createKeyIdentifier

generateKeyIdentifier

generateKeyIdentifier

getSKIString

createCertificationRequest

createCertificationRequest

getExtensionFromPKCS10

getExtensionFromCertTemplate

unTrustCert

trustCertByNickname

trustCert

setTrustFlags

trustCACert

trustAuditSigningCert

isCertTrusted

isTrust

generateKey

compare

byte2string

string2byte

encodeKeyID

decodeKeyID

hexString2Bytes

bytesToChars