org.mozilla.jss

Class CryptoManager.InitializationValues

java.lang.Object

org.mozilla.jss.CryptoManager.InitializationValues

Enclosing class:

CryptoManager

public static final class CryptoManager.InitializationValues
extends java.lang.Object

The various options that can be used to initialize CryptoManager.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CryptoManager.InitializationValues.FIPSMode This class enumerates the possible modes for FIPS compliance.

Field Summary

Fields

Modifier and Type	Field and Description
java.lang.String	certPrefix
java.lang.String	configDir
CryptoManager.InitializationValues.FIPSMode	fipsMode The FIPS mode of the security library.
boolean	initializeJavaOnly If true, none of the underlying NSS components will be initialized.
boolean	installJSSProvider Install the JSS crypto provider.
java.lang.String	keyPrefix
int	LIBRARY_LENGTH Library description must be this length exactly.
int	MANUFACTURER_LENGTH ManufacturerID must be this length exactly.
boolean	ocspCheckingEnabled To have NSS check the OCSP responder for when verifying certificates, set this flags to true.
java.lang.String	ocspResponderCertNickname The nickname of the cert to trust (expected) to sign the OCSP responses.
java.lang.String	ocspResponderURL Specify the location and cert of the responder.
PasswordCallback	passwordCallback The password callback to be used by JSS whenever a password is needed.
boolean	readOnly To open the databases in read-only mode, set this flag to true.
boolean	removeSunProvider Remove the Sun crypto provider.
java.lang.String	secmodName
int	SLOT_LENGTH Slot names must be this length exactly.
int	TOKEN_LENGTH Token names must be this length exactly.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	CryptoManager.InitializationValues()
	CryptoManager.InitializationValues(java.lang.String configDir)
	CryptoManager.InitializationValues(java.lang.String configDir, java.lang.String certPrefix, java.lang.String keyPrefix, java.lang.String secmodName)

Method Summary

Methods

Modifier and Type	Method and Description
java.lang.String	getFIPSKeyStorageSlotDescription() Returns the description of the internal PKCS #11 FIPS Key Storage slot.
java.lang.String	getFIPSSlotDescription() Returns the description of the internal PKCS #11 FIPS slot.
java.lang.String	getInternalKeyStorageSlotDescription() Returns the description of the internal PKCS #11 key storage slot.
java.lang.String	getInternalKeyStorageTokenDescription() Returns the description of the internal PKCS #11 key storage token.
java.lang.String	getInternalSlotDescription() Returns the description of the internal PKCS #11 slot.
java.lang.String	getInternalTokenDescription() Returns the description of the internal PKCS #11 token.
java.lang.String	getLibraryDescription() Returns the description of the internal PKCS #11 module.
java.lang.String	getManufacturerID() Returns the Manufacturer ID of the internal PKCS #11 module.
void	setFIPSKeyStorageSlotDescription(java.lang.String s) Sets the description of the internal PKCS #11 FIPS Key Storage slot.
void	setFIPSSlotDescription(java.lang.String s) Sets the description of the internal PKCS #11 FIPS slot.
void	setInternalKeyStorageSlotDescription(java.lang.String s) Sets the description of the internal PKCS #11 key storage slot.
void	setInternalKeyStorageTokenDescription(java.lang.String s) Sets the description of the internal PKCS #11 key storage token.
void	setInternalSlotDescription(java.lang.String s) Sets the description of the internal PKCS #11 slot.
void	setInternalTokenDescription(java.lang.String s) Sets the description of the internal PKCS #11 token.
void	setLibraryDescription(java.lang.String s) Sets the description of the internal PKCS #11 module.
void	setManufacturerID(java.lang.String s) Sets the Manufacturer ID of the internal PKCS #11 module.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TOKEN_LENGTH

public final int TOKEN_LENGTH

Token names must be this length exactly.

See Also:

Constant Field Values

SLOT_LENGTH

public final int SLOT_LENGTH

Slot names must be this length exactly.

See Also:

Constant Field Values

MANUFACTURER_LENGTH

public final int MANUFACTURER_LENGTH

ManufacturerID must be this length exactly.

See Also:

Constant Field Values

LIBRARY_LENGTH

public final int LIBRARY_LENGTH

Library description must be this length exactly.

See Also:

Constant Field Values

configDir

public java.lang.String configDir

certPrefix

public java.lang.String certPrefix

keyPrefix

public java.lang.String keyPrefix

secmodName

public java.lang.String secmodName

passwordCallback

public PasswordCallback passwordCallback

The password callback to be used by JSS whenever a password is needed. May be NULL, in which the library will immediately fail to get a password if it tries to login automatically while performing a cryptographic operation. It will still work if the token has been manually logged in with CryptoToken.login.

The default is a ConsolePasswordCallback.

fipsMode

public CryptoManager.InitializationValues.FIPSMode fipsMode

The FIPS mode of the security library. Servers should use FIPSMode.UNCHANGED, since only Admin Server is supposed to alter this value.

The default is FIPSMode.UNCHANGED.

readOnly

public boolean readOnly

To open the databases in read-only mode, set this flag to true. The default is false, meaning the databases are opened in read-write mode.

ocspCheckingEnabled

public boolean ocspCheckingEnabled

To have NSS check the OCSP responder for when verifying certificates, set this flags to true. It is false by default.

ocspResponderURL

public java.lang.String ocspResponderURL

Specify the location and cert of the responder. If OCSP checking is enabled *and* this variable is set to some URL, all OCSP checking will be done via this URL. If this variable is null, the OCSP responder URL will be obtained from the AIA extension in the certificate being queried. If this is set, you must also set ocspResponderCertNickname

ocspResponderCertNickname

public java.lang.String ocspResponderCertNickname

The nickname of the cert to trust (expected) to sign the OCSP responses. Only checked when the OCSPResponder value is set.

installJSSProvider

public boolean installJSSProvider

Install the JSS crypto provider. Default is true.

removeSunProvider

public boolean removeSunProvider

Remove the Sun crypto provider. Default is false.

initializeJavaOnly

public boolean initializeJavaOnly

If true, none of the underlying NSS components will be initialized. Only the Java portions of JSS will be initialized. This should only be used if NSS has been initialized elsewhere.

Specifically, the following components will not be configured by CryptoManager.initialize if this flag is set:

• The NSS databases.
• OCSP checking.
• The NSS password callback.
• The internal PKCS #11 software token's identifier labels: slot, token, module, and manufacturer.
• The minimum PIN length for the software token.
• The frequency with which the user must login to the software token.
• The cipher strength policy (export/domestic).

The default is false.

Constructor Detail

CryptoManager.InitializationValues

protected CryptoManager.InitializationValues()

CryptoManager.InitializationValues

public CryptoManager.InitializationValues(java.lang.String configDir)

CryptoManager.InitializationValues

public CryptoManager.InitializationValues(java.lang.String configDir,
                                  java.lang.String certPrefix,
                                  java.lang.String keyPrefix,
                                  java.lang.String secmodName)

Method Detail

getManufacturerID

public java.lang.String getManufacturerID()

Returns the Manufacturer ID of the internal PKCS #11 module.

The default is "mozilla.org ".

setManufacturerID

public void setManufacturerID(java.lang.String s)
                       throws CryptoManager.InvalidLengthException

Sets the Manufacturer ID of the internal PKCS #11 module. This value must be exactly MANUFACTURER_LENGTH characters long.

Throws:

CryptoManager.InvalidLengthException - If s.length() is not exactly MANUFACTURER_LENGTH.

getLibraryDescription

public java.lang.String getLibraryDescription()

Returns the description of the internal PKCS #11 module.

The default is "Internal Crypto Services ".

setLibraryDescription

public void setLibraryDescription(java.lang.String s)
                           throws CryptoManager.InvalidLengthException

Sets the description of the internal PKCS #11 module. This value must be exactly LIBRARY_LENGTH characters long.

Throws:

CryptoManager.InvalidLengthException - If s.length() is not exactly LIBRARY_LENGTH.

getInternalTokenDescription

public java.lang.String getInternalTokenDescription()

Returns the description of the internal PKCS #11 token.

The default is "Internal Crypto Services Token ".

setInternalTokenDescription

public void setInternalTokenDescription(java.lang.String s)
                                 throws CryptoManager.InvalidLengthException

Sets the description of the internal PKCS #11 token. This value must be exactly TOKEN_LENGTH characters long.

Throws:

CryptoManager.InvalidLengthException - If s.length() is not exactly TOKEN_LENGTH.

getInternalKeyStorageTokenDescription

public java.lang.String getInternalKeyStorageTokenDescription()

Returns the description of the internal PKCS #11 key storage token.

The default is "Internal Key Storage Token ".

setInternalKeyStorageTokenDescription

public void setInternalKeyStorageTokenDescription(java.lang.String s)
                                           throws CryptoManager.InvalidLengthException

Sets the description of the internal PKCS #11 key storage token. This value must be exactly TOKEN_LENGTH characters long.

Throws:

CryptoManager.InvalidLengthException - If s.length() is not exactly TOKEN_LENGTH.

getInternalSlotDescription

public java.lang.String getInternalSlotDescription()

Returns the description of the internal PKCS #11 slot.

The default is "NSS Internal Cryptographic Services ".

setInternalSlotDescription

public void setInternalSlotDescription(java.lang.String s)
                                throws CryptoManager.InvalidLengthException

Sets the description of the internal PKCS #11 slot. This value must be exactly SLOT_LENGTH characters long.

Throws:

CryptoManager.InvalidLengthException - If s.length() is not exactly SLOT_LENGTH.

getInternalKeyStorageSlotDescription

public java.lang.String getInternalKeyStorageSlotDescription()

Returns the description of the internal PKCS #11 key storage slot.

The default is "NSS Internal Private Key and Certificate Storage ".

setInternalKeyStorageSlotDescription

public void setInternalKeyStorageSlotDescription(java.lang.String s)
                                          throws CryptoManager.InvalidLengthException

Sets the description of the internal PKCS #11 key storage slot. This value must be exactly SLOT_LENGTH characters long.

Throws:

CryptoManager.InvalidLengthException - If s.length() is not exactly SLOT_LENGTH.

getFIPSSlotDescription

public java.lang.String getFIPSSlotDescription()

Returns the description of the internal PKCS #11 FIPS slot.

The default is "NSS FIPS 140-2 User Private Key Services".

setFIPSSlotDescription

public void setFIPSSlotDescription(java.lang.String s)
                            throws CryptoManager.InvalidLengthException

Sets the description of the internal PKCS #11 FIPS slot. This value must be exactly SLOT_LENGTH characters long.

Throws:

CryptoManager.InvalidLengthException - If s.length() is not exactly SLOT_LENGTH.

getFIPSKeyStorageSlotDescription

public java.lang.String getFIPSKeyStorageSlotDescription()

Returns the description of the internal PKCS #11 FIPS Key Storage slot.

The default is "NSS FIPS 140-2 User Private Key Services".

setFIPSKeyStorageSlotDescription

public void setFIPSKeyStorageSlotDescription(java.lang.String s)
                                      throws CryptoManager.InvalidLengthException

Sets the description of the internal PKCS #11 FIPS Key Storage slot. This value must be exactly SLOT_LENGTH characters long.

Throws:

CryptoManager.InvalidLengthException - If s.length() is not exactly SLOT_LENGTH.