org.mozilla.jss

Class CryptoManager.InitializationValues

Enclosing Class:
CryptoManager

public static final class CryptoManager.InitializationValues
extends java.lang.Object

The various options that can be used to initialize CryptoManager.

Nested Class Summary

static class
CryptoManager.InitializationValues.FIPSMode
This class enumerates the possible modes for FIPS compliance.

Field Summary

int
LIBRARY_LENGTH
Library description must be this length exactly.
int
MANUFACTURER_LENGTH
ManufacturerID must be this length exactly.
int
SLOT_LENGTH
Slot names must be this length exactly.
int
TOKEN_LENGTH
Token names must be this length exactly.
String
certPrefix
String
configDir
CryptoManager.InitializationValues.FIPSMode
fipsMode
The FIPS mode of the security library.
boolean
initializeJavaOnly
If true, none of the underlying NSS components will be initialized.
boolean
installJSSProvider
Install the JSS crypto provider.
String
keyPrefix
boolean
ocspCheckingEnabled
To have NSS check the OCSP responder for when verifying certificates, set this flags to true.
String
ocspResponderCertNickname
The nickname of the cert to trust (expected) to sign the OCSP responses.
String
ocspResponderURL
Specify the location and cert of the responder.
PasswordCallback
passwordCallback
The password callback to be used by JSS whenever a password is needed.
boolean
readOnly
To open the databases in read-only mode, set this flag to true.
boolean
removeSunProvider
Remove the Sun crypto provider.
String
secmodName

Constructor Summary

InitializationValues()
InitializationValues(String configDir)
InitializationValues(String configDir, String certPrefix, String keyPrefix, String secmodName)

Method Summary

String
getFIPSKeyStorageSlotDescription()
Returns the description of the internal PKCS #11 FIPS Key Storage slot.
String
getFIPSSlotDescription()
Returns the description of the internal PKCS #11 FIPS slot.
String
getInternalKeyStorageSlotDescription()
Returns the description of the internal PKCS #11 key storage slot.
String
getInternalKeyStorageTokenDescription()
Returns the description of the internal PKCS #11 key storage token.
String
getInternalSlotDescription()
Returns the description of the internal PKCS #11 slot.
String
getInternalTokenDescription()
Returns the description of the internal PKCS #11 token.
String
getLibraryDescription()
Returns the description of the internal PKCS #11 module.
String
getManufacturerID()
Returns the Manufacturer ID of the internal PKCS #11 module.
void
setFIPSKeyStorageSlotDescription(String s)
Sets the description of the internal PKCS #11 FIPS Key Storage slot.
void
setFIPSSlotDescription(String s)
Sets the description of the internal PKCS #11 FIPS slot.
void
setInternalKeyStorageSlotDescription(String s)
Sets the description of the internal PKCS #11 key storage slot.
void
setInternalKeyStorageTokenDescription(String s)
Sets the description of the internal PKCS #11 key storage token.
void
setInternalSlotDescription(String s)
Sets the description of the internal PKCS #11 slot.
void
setInternalTokenDescription(String s)
Sets the description of the internal PKCS #11 token.
void
setLibraryDescription(String s)
Sets the description of the internal PKCS #11 module.
void
setManufacturerID(String s)
Sets the Manufacturer ID of the internal PKCS #11 module.

Field Details

LIBRARY_LENGTH

public final int LIBRARY_LENGTH
Library description must be this length exactly.


MANUFACTURER_LENGTH

public final int MANUFACTURER_LENGTH
ManufacturerID must be this length exactly.


SLOT_LENGTH

public final int SLOT_LENGTH
Slot names must be this length exactly.


TOKEN_LENGTH

public final int TOKEN_LENGTH
Token names must be this length exactly.


certPrefix

public String certPrefix


configDir

public String configDir


fipsMode

public CryptoManager.InitializationValues.FIPSMode fipsMode
The FIPS mode of the security library. Servers should use FIPSMode.UNCHANGED, since only Admin Server is supposed to alter this value.

The default is FIPSMode.UNCHANGED.


initializeJavaOnly

public boolean initializeJavaOnly
If true, none of the underlying NSS components will be initialized. Only the Java portions of JSS will be initialized. This should only be used if NSS has been initialized elsewhere.

Specifically, the following components will not be configured by CryptoManager.initialize if this flag is set:

  • The NSS databases.
  • OCSP checking.
  • The NSS password callback.
  • The internal PKCS #11 software token's identifier labels: slot, token, module, and manufacturer.
  • The minimum PIN length for the software token.
  • The frequency with which the user must login to the software token.
  • The cipher strength policy (export/domestic).

The default is false.


installJSSProvider

public boolean installJSSProvider
Install the JSS crypto provider. Default is true.


keyPrefix

public String keyPrefix


ocspCheckingEnabled

public boolean ocspCheckingEnabled
To have NSS check the OCSP responder for when verifying certificates, set this flags to true. It is false by default.


ocspResponderCertNickname

public String ocspResponderCertNickname
The nickname of the cert to trust (expected) to sign the OCSP responses. Only checked when the OCSPResponder value is set.


ocspResponderURL

public String ocspResponderURL
Specify the location and cert of the responder. If OCSP checking is enabled *and* this variable is set to some URL, all OCSP checking will be done via this URL. If this variable is null, the OCSP responder URL will be obtained from the AIA extension in the certificate being queried. If this is set, you must also set ocspResponderCertNickname


passwordCallback

public PasswordCallback passwordCallback
The password callback to be used by JSS whenever a password is needed. May be NULL, in which the library will immediately fail to get a password if it tries to login automatically while performing a cryptographic operation. It will still work if the token has been manually logged in with CryptoToken.login.

The default is a ConsolePasswordCallback.


readOnly

public boolean readOnly
To open the databases in read-only mode, set this flag to true. The default is false, meaning the databases are opened in read-write mode.


removeSunProvider

public boolean removeSunProvider
Remove the Sun crypto provider. Default is false.


secmodName

public String secmodName

Constructor Details

InitializationValues

protected InitializationValues()


InitializationValues

public InitializationValues(String configDir)


InitializationValues

public InitializationValues(String configDir,
                            String certPrefix,
                            String keyPrefix,
                            String secmodName)

Method Details

getFIPSKeyStorageSlotDescription

public String getFIPSKeyStorageSlotDescription()
Returns the description of the internal PKCS #11 FIPS Key Storage slot.

The default is "NSS Internal FIPS-140-1 Private Key and Certificate Storage ".


getFIPSSlotDescription

public String getFIPSSlotDescription()
Returns the description of the internal PKCS #11 FIPS slot.

The default is "NSS Internal FIPS-140-1 Cryptographic Services ".


getInternalKeyStorageSlotDescription

public String getInternalKeyStorageSlotDescription()
Returns the description of the internal PKCS #11 key storage slot.

The default is "NSS Internal Private Key and Certificate Storage ".


getInternalKeyStorageTokenDescription

public String getInternalKeyStorageTokenDescription()
Returns the description of the internal PKCS #11 key storage token.

The default is "Internal Key Storage Token ".


getInternalSlotDescription

public String getInternalSlotDescription()
Returns the description of the internal PKCS #11 slot.

The default is "NSS Internal Cryptographic Services ".


getInternalTokenDescription

public String getInternalTokenDescription()
Returns the description of the internal PKCS #11 token.

The default is "Internal Crypto Services Token ".


getLibraryDescription

public String getLibraryDescription()
Returns the description of the internal PKCS #11 module.

The default is "Internal Crypto Services ".


getManufacturerID

public String getManufacturerID()
Returns the Manufacturer ID of the internal PKCS #11 module.

The default is "mozilla.org ".


setFIPSKeyStorageSlotDescription

public void setFIPSKeyStorageSlotDescription(String s)
            throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 FIPS Key Storage slot. This value must be exactly SLOT_LENGTH characters long.

Throws:
CryptoManager.InvalidLengthException - If s.length() is not exactly SLOT_LENGTH.


setFIPSSlotDescription

public void setFIPSSlotDescription(String s)
            throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 FIPS slot. This value must be exactly SLOT_LENGTH characters long.

Throws:
CryptoManager.InvalidLengthException - If s.length() is not exactly SLOT_LENGTH.


setInternalKeyStorageSlotDescription

public void setInternalKeyStorageSlotDescription(String s)
            throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 key storage slot. This value must be exactly SLOT_LENGTH characters long.

Throws:
CryptoManager.InvalidLengthException - If s.length() is not exactly SLOT_LENGTH.


setInternalKeyStorageTokenDescription

public void setInternalKeyStorageTokenDescription(String s)
            throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 key storage token. This value must be exactly TOKEN_LENGTH characters long.

Throws:
CryptoManager.InvalidLengthException - If s.length() is not exactly TOKEN_LENGTH.


setInternalSlotDescription

public void setInternalSlotDescription(String s)
            throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 slot. This value must be exactly SLOT_LENGTH characters long.

Throws:
CryptoManager.InvalidLengthException - If s.length() is not exactly SLOT_LENGTH.


setInternalTokenDescription

public void setInternalTokenDescription(String s)
            throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 token. This value must be exactly TOKEN_LENGTH characters long.

Throws:
CryptoManager.InvalidLengthException - If s.length() is not exactly TOKEN_LENGTH.


setLibraryDescription

public void setLibraryDescription(String s)
            throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 module. This value must be exactly LIBRARY_LENGTH characters long.

Throws:
CryptoManager.InvalidLengthException - If s.length() is not exactly LIBRARY_LENGTH.


setManufacturerID

public void setManufacturerID(String s)
            throws CryptoManager.InvalidLengthException
Sets the Manufacturer ID of the internal PKCS #11 module. This value must be exactly MANUFACTURER_LENGTH characters long.

Throws:
CryptoManager.InvalidLengthException - If s.length() is not exactly MANUFACTURER_LENGTH.