com.netscape.certsrv.security
Interface ICryptoSubsystem

All Superinterfaces:
ISubsystem

public interface ICryptoSubsystem
extends ISubsystem

This interface represents the cryptographics subsystem that provides all the security related functions.

Version:
$Revision: 1473 $, $Date: 2010-11-04 12:36:19 -0700 (Thu, 04 Nov 2010) $

Field Summary
static java.lang.String ID
           
 
Method Summary
 void addEntropy(int bits)
          Adds the specified number of bits of entropy from the system entropy generator to the RNG of the default PKCS#11 RNG token.
 void checkCertificateExt(java.lang.String ext)
          Checks if the given base-64 encoded string contains an extension or a sequence of extensions.
 void deleteCert(java.lang.String nickname, java.lang.String notAfterTime)
          Delete certificate of the given nickname.
 void deleteRootCert(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername)
           
 void deleteTokenCertificate(java.lang.String nickname, java.lang.String pathname)
          Deletes certificate of the given nickname.
 void deleteUserCert(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername)
           
 netscape.security.x509.AlgorithmId getAlgorithmId(java.lang.String algname, IConfigStore store)
          Retrieves CA's signing algorithm id.
 java.lang.String getAllCerts()
          Retrieves a list of nicknames of certificates that are in the installed tokens.
 NameValuePairs getAllCertsManage()
          Gets all certificates on all tokens for Certificate Database Management.
 NameValuePairs getCACerts()
          Gets all CA certificates on all tokens.
 org.mozilla.jss.crypto.PQGParams getCAPQG(int keysize, IConfigStore store)
          Retrieves PQG parameters based on key size.
 netscape.security.x509.CertificateExtensions getCertExtensions(java.lang.String tokenname, java.lang.String nickname)
          Retrieves extensions of the certificate that is identified by the given nickname.
 java.lang.String getCertListWithoutTokenName(java.lang.String name)
          Retrieves all certificates.
 java.lang.String getCertPrettyPrint(java.lang.String b64E, java.util.Locale locale)
          Retrieves the certificate in the pretty print format.
 java.lang.String getCertPrettyPrint(java.lang.String nickname, java.lang.String date, java.util.Locale locale)
          Retrieves certificate in pretty-print format by the nickname.
 java.lang.String getCertPrettyPrint(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername, java.util.Locale locale)
           
 java.lang.String getCertPrettyPrintAndFingerPrint(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername, java.util.Locale locale)
           
 java.lang.String getCertRequest(java.lang.String subjectName, java.security.KeyPair kp)
          Generates certificate request from the given key pair.
 java.lang.String getCertSubjectName(java.lang.String tokenname, java.lang.String nickname)
          Retrieves subject name of the certificate that is identified by the given nickname.
 java.lang.String getCipherPreferences()
          Retrieves the cipher preferences.
 java.lang.String getCipherVersion()
          Retrieves the SSL cipher version.
 java.security.KeyPair getECCKeyPair(KeyCertData properties)
          Generates an ECC key pair based on the given parameters.
 java.security.KeyPair getECCKeyPair(java.lang.String token, java.lang.String curveName, java.lang.String certType)
          Generates an ECC key pair based on the given parameters.
 netscape.security.x509.CertificateExtensions getExtensions(java.lang.String tokenname, java.lang.String nickname)
          Retrieves extensions of the certificate that is identified by the given nickname.
 java.lang.String getInternalTokenName()
          Retrieves the token name of the internal (software) token.
 java.security.KeyPair getKeyPair(KeyCertData properties)
          Generates a key pair based on the given parameters.
 java.security.KeyPair getKeyPair(java.lang.String nickname)
          Retrieves the key pair based on the given nickname.
 java.security.KeyPair getKeyPair(java.lang.String tokenName, java.lang.String alg, int keySize)
          Generates a key pair based on the given parameters.
 java.security.KeyPair getKeyPair(java.lang.String tokenName, java.lang.String alg, int keySize, org.mozilla.jss.crypto.PQGParams pqg)
          Generates a key pair based on the given parameters.
 org.mozilla.jss.crypto.PQGParams getPQG(int keysize)
          Retrieves PQG parameters based on key size.
 NameValuePairs getRootCerts()
           
 java.lang.String getRootCertTrustBit(java.lang.String nickname, java.lang.String serialno, java.lang.String issuerName)
           
 java.lang.String getSignatureAlgorithm(java.lang.String nickname)
          Retrieves the signature algorithm of the certificate named by the given nickname.
 netscape.security.x509.X509CertImpl getSignedCert(KeyCertData data, java.lang.String certType, java.security.PrivateKey priKey)
          Signs the certificate template into the given data and returns a signed certificate.
 java.lang.String getSubjectDN(java.lang.String nickname)
          Retrieves the subject DN of the certificate identified by the nickname.
 java.lang.String getTokenList()
          Retrieves a list of currently registered token names.
 NameValuePairs getUserCerts()
           
 void importCert(java.lang.String b64E, java.lang.String nickname, java.lang.String certType)
          Imports certificate into the server.
 void importCert(netscape.security.x509.X509CertImpl signedCert, java.lang.String nickname, java.lang.String certType)
          Imports certificate into the server.
 boolean isCACert(java.lang.String fullNickname)
          Checks to see if the certificate of the given nickname is a CA certificate.
 java.lang.String isCipherFortezza()
          Checks if fortezza is enabled.
 boolean isTokenLoggedIn(java.lang.String name)
          Checks if the given token is logged in.
 void isX500DN(java.lang.String dn)
          Checks if the given dn is a valid distinguished name.
 void loggedInToken(java.lang.String tokenName, java.lang.String pwd)
          Logs into token.
 void setCipherPreferences(java.lang.String cipherPrefs)
          Sets the current SSL cipher preferences.
 void setRootCertTrust(java.lang.String nickname, java.lang.String serialno, java.lang.String issuername, java.lang.String trust)
           
 void trustCert(java.lang.String nickname, java.lang.String date, java.lang.String trust)
          Trusts a certificate for all available purposes.
 
Methods inherited from interface com.netscape.certsrv.base.ISubsystem
getConfigStore, getId, init, setId, shutdown, startup
 

Field Detail

ID

static final java.lang.String ID
See Also:
Constant Field Values
Method Detail

getAllCerts

java.lang.String getAllCerts()
                             throws EBaseException
Retrieves a list of nicknames of certificates that are in the installed tokens.

Returns:
a list of comma-separated nicknames
Throws:
EBaseException - failed to retrieve nicknames

getCertPrettyPrint

java.lang.String getCertPrettyPrint(java.lang.String nickname,
                                    java.lang.String date,
                                    java.util.Locale locale)
                                    throws EBaseException
Retrieves certificate in pretty-print format by the nickname.

Parameters:
nickname - nickname of certificate
date - not after of the returned certificate must be date
locale - user locale
Returns:
certificate in pretty-print format
Throws:
EBaseException - failed to retrieve certificate

getRootCertTrustBit

java.lang.String getRootCertTrustBit(java.lang.String nickname,
                                     java.lang.String serialno,
                                     java.lang.String issuerName)
                                     throws EBaseException
Throws:
EBaseException

getCertPrettyPrint

java.lang.String getCertPrettyPrint(java.lang.String nickname,
                                    java.lang.String serialno,
                                    java.lang.String issuername,
                                    java.util.Locale locale)
                                    throws EBaseException
Throws:
EBaseException

getCertPrettyPrintAndFingerPrint

java.lang.String getCertPrettyPrintAndFingerPrint(java.lang.String nickname,
                                                  java.lang.String serialno,
                                                  java.lang.String issuername,
                                                  java.util.Locale locale)
                                                  throws EBaseException
Throws:
EBaseException

getCertPrettyPrint

java.lang.String getCertPrettyPrint(java.lang.String b64E,
                                    java.util.Locale locale)
                                    throws EBaseException
Retrieves the certificate in the pretty print format.

Parameters:
b64E - certificate in mime-64 encoded format
locale - end user locale
Returns:
certificate in pretty-print format
Throws:
EBaseException - failed to retrieve certificate

importCert

void importCert(java.lang.String b64E,
                java.lang.String nickname,
                java.lang.String certType)
                throws EBaseException
Imports certificate into the server.

Parameters:
b64E - certificate in mime-64 encoded format
nickname - nickname for the importing certificate
certType - certificate type
Throws:
EBaseException - failed to import certificate

importCert

void importCert(netscape.security.x509.X509CertImpl signedCert,
                java.lang.String nickname,
                java.lang.String certType)
                throws EBaseException
Imports certificate into the server.

Parameters:
signedCert - certificate
nickname - nickname for the importing certificate
certType - certificate type
Throws:
EBaseException - failed to import certificate

getKeyPair

java.security.KeyPair getKeyPair(KeyCertData properties)
                                 throws EBaseException
Generates a key pair based on the given parameters.

Parameters:
properties - key parameters
Returns:
key pair
Throws:
EBaseException - failed to generate key pair

getKeyPair

java.security.KeyPair getKeyPair(java.lang.String nickname)
                                 throws EBaseException
Retrieves the key pair based on the given nickname.

Parameters:
nickname - nickname of the public key
Throws:
EBaseException - failed to retrieve key pair

getKeyPair

java.security.KeyPair getKeyPair(java.lang.String tokenName,
                                 java.lang.String alg,
                                 int keySize)
                                 throws EBaseException
Generates a key pair based on the given parameters.

Parameters:
tokenName - name of token where key is generated
alg - key algorithm
keySize - key size
Returns:
key pair
Throws:
EBaseException - failed to generate key pair

getKeyPair

java.security.KeyPair getKeyPair(java.lang.String tokenName,
                                 java.lang.String alg,
                                 int keySize,
                                 org.mozilla.jss.crypto.PQGParams pqg)
                                 throws EBaseException
Generates a key pair based on the given parameters.

Parameters:
tokenName - name of token where key is generated
alg - key algorithm
keySize - key size
pqg - pqg parameters if DSA key, otherwise null
Returns:
key pair
Throws:
EBaseException - failed to generate key pair

getECCKeyPair

java.security.KeyPair getECCKeyPair(KeyCertData properties)
                                    throws EBaseException
Generates an ECC key pair based on the given parameters.

Parameters:
properties - key parameters
Returns:
key pair
Throws:
EBaseException - failed to generate key pair

getECCKeyPair

java.security.KeyPair getECCKeyPair(java.lang.String token,
                                    java.lang.String curveName,
                                    java.lang.String certType)
                                    throws EBaseException
Generates an ECC key pair based on the given parameters.

Parameters:
token - token name
curveName - curve name
certType - type of cert(sslserver etc..)
Returns:
key pair
Throws:
EBaseException - failed to generate key pair

getSignatureAlgorithm

java.lang.String getSignatureAlgorithm(java.lang.String nickname)
                                       throws EBaseException
Retrieves the signature algorithm of the certificate named by the given nickname.

Parameters:
nickname - nickname of the certificate
Returns:
signature algorithm
Throws:
EBaseException - failed to retrieve signature

isX500DN

void isX500DN(java.lang.String dn)
              throws EBaseException
Checks if the given dn is a valid distinguished name.

Parameters:
dn - distinguished name
Throws:
EBaseException - failed to check

getAlgorithmId

netscape.security.x509.AlgorithmId getAlgorithmId(java.lang.String algname,
                                                  IConfigStore store)
                                                  throws EBaseException
Retrieves CA's signing algorithm id. If it is DSA algorithm, algorithm is constructed by reading the parameters ca.dsaP, ca.dsaQ, ca.dsaG.

Parameters:
algname - DSA or RSA
store - configuration store.
Returns:
algorithm id
Throws:
EBaseException - failed to retrieve algorithm id

getCertSubjectName

java.lang.String getCertSubjectName(java.lang.String tokenname,
                                    java.lang.String nickname)
                                    throws EBaseException
Retrieves subject name of the certificate that is identified by the given nickname.

Parameters:
tokenname - name of token where the nickname is valid
nickname - nickname of the certificate
Returns:
subject name
Throws:
EBaseException - failed to get subject name

getExtensions

netscape.security.x509.CertificateExtensions getExtensions(java.lang.String tokenname,
                                                           java.lang.String nickname)
                                                           throws EBaseException
Retrieves extensions of the certificate that is identified by the given nickname.

Parameters:
tokenname - name of token where the nickname is valid
nickname - nickname of the certificate
Returns:
certificate extensions
Throws:
EBaseException - failed to get extensions

deleteTokenCertificate

void deleteTokenCertificate(java.lang.String nickname,
                            java.lang.String pathname)
                            throws EBaseException
Deletes certificate of the given nickname.

Parameters:
nickname - nickname of the certificate
pathname - path where a copy of the deleted certificate is stored
Throws:
EBaseException - failed to delete certificate

deleteCert

void deleteCert(java.lang.String nickname,
                java.lang.String notAfterTime)
                throws EBaseException
Delete certificate of the given nickname.

Parameters:
nickname - nickname of the certificate
notAfterTime - The notAfter of the certificate. It is possible to ge t multiple certificates under the same nickname. If one of the certificates match the notAfterTime, then the certificate will get deleted. The format of the notAfterTime has to be in "MMMMM dd, yyyy HH:mm:ss" format.
Throws:
EBaseException - failed to delete certificate

getSubjectDN

java.lang.String getSubjectDN(java.lang.String nickname)
                              throws EBaseException
Retrieves the subject DN of the certificate identified by the nickname.

Parameters:
nickname - nickname of the certificate
Returns:
subject distinguished name
Throws:
EBaseException - failed to retrieve subject DN

trustCert

void trustCert(java.lang.String nickname,
               java.lang.String date,
               java.lang.String trust)
               throws EBaseException
Trusts a certificate for all available purposes.

Parameters:
nickname - nickname of the certificate
date - certificate's not before
trust - "Trust" or other
Throws:
EBaseException - failed to trust certificate

checkCertificateExt

void checkCertificateExt(java.lang.String ext)
                         throws EBaseException
Checks if the given base-64 encoded string contains an extension or a sequence of extensions.

Parameters:
ext - extension or sequence of extension encoded in base-64
Throws:
EBaseException - failed to check encoding

getAllCertsManage

NameValuePairs getAllCertsManage()
                                 throws EBaseException
Gets all certificates on all tokens for Certificate Database Management.

Returns:
all certificates
Throws:
EBaseException - failed to retrieve certificates

getUserCerts

NameValuePairs getUserCerts()
                            throws EBaseException
Throws:
EBaseException

getCACerts

NameValuePairs getCACerts()
                          throws EBaseException
Gets all CA certificates on all tokens.

Returns:
all CA certificates
Throws:
EBaseException - failed to retrieve certificates

getRootCerts

NameValuePairs getRootCerts()
                            throws EBaseException
Throws:
EBaseException

setRootCertTrust

void setRootCertTrust(java.lang.String nickname,
                      java.lang.String serialno,
                      java.lang.String issuername,
                      java.lang.String trust)
                      throws EBaseException
Throws:
EBaseException

deleteRootCert

void deleteRootCert(java.lang.String nickname,
                    java.lang.String serialno,
                    java.lang.String issuername)
                    throws EBaseException
Throws:
EBaseException

deleteUserCert

void deleteUserCert(java.lang.String nickname,
                    java.lang.String serialno,
                    java.lang.String issuername)
                    throws EBaseException
Throws:
EBaseException

getPQG

org.mozilla.jss.crypto.PQGParams getPQG(int keysize)
Retrieves PQG parameters based on key size.

Parameters:
keysize - key size
Returns:
pqg parameters

getCAPQG

org.mozilla.jss.crypto.PQGParams getCAPQG(int keysize,
                                          IConfigStore store)
                                          throws EBaseException
Retrieves PQG parameters based on key size.

Parameters:
keysize - key size
store - configuration store
Returns:
pqg parameters
Throws:
EBaseException

getCertExtensions

netscape.security.x509.CertificateExtensions getCertExtensions(java.lang.String tokenname,
                                                               java.lang.String nickname)
                                                               throws org.mozilla.jss.CryptoManager.NotInitializedException,
                                                                      org.mozilla.jss.crypto.TokenException,
                                                                      org.mozilla.jss.crypto.ObjectNotFoundException,
                                                                      java.io.IOException,
                                                                      java.security.cert.CertificateException
Retrieves extensions of the certificate that is identified by the given nickname.

Parameters:
tokenname - token name
nickname - nickname
Returns:
certificate extensions
Throws:
org.mozilla.jss.CryptoManager.NotInitializedException
org.mozilla.jss.crypto.TokenException
org.mozilla.jss.crypto.ObjectNotFoundException
java.io.IOException
java.security.cert.CertificateException

isTokenLoggedIn

boolean isTokenLoggedIn(java.lang.String name)
                        throws EBaseException
Checks if the given token is logged in.

Parameters:
name - token name
Returns:
true if token is logged in
Throws:
EBaseException - failed to login

loggedInToken

void loggedInToken(java.lang.String tokenName,
                   java.lang.String pwd)
                   throws EBaseException
Logs into token.

Parameters:
tokenName - name of the token
pwd - token password
Throws:
EBaseException - failed to login

getCertRequest

java.lang.String getCertRequest(java.lang.String subjectName,
                                java.security.KeyPair kp)
                                throws EBaseException
Generates certificate request from the given key pair.

Parameters:
subjectName - subject name to use in the request
kp - key pair that contains public key material
Returns:
certificate request in base-64 encoded format
Throws:
EBaseException - failed to generate request

isCipherFortezza

java.lang.String isCipherFortezza()
                                  throws EBaseException
Checks if fortezza is enabled.

Returns:
"true" if fortezza is enabled
Throws:
EBaseException

getCipherVersion

java.lang.String getCipherVersion()
                                  throws EBaseException
Retrieves the SSL cipher version.

Returns:
cipher version (i.e. "cipherdomestic")
Throws:
EBaseException

getCipherPreferences

java.lang.String getCipherPreferences()
                                      throws EBaseException
Retrieves the cipher preferences.

Returns:
cipher preferences (i.e. "rc4export,rc2export,...")
Throws:
EBaseException

setCipherPreferences

void setCipherPreferences(java.lang.String cipherPrefs)
                          throws EBaseException
Sets the current SSL cipher preferences.

Parameters:
cipherPrefs - cipher preferences (i.e. "rc4export,rc2export,...")
Throws:
EBaseException - failed to set cipher preferences

getTokenList

java.lang.String getTokenList()
                              throws EBaseException
Retrieves a list of currently registered token names.

Returns:
list of token names
Throws:
EBaseException - failed to retrieve token list

getCertListWithoutTokenName

java.lang.String getCertListWithoutTokenName(java.lang.String name)
                                             throws EBaseException
Retrieves all certificates. The result list will not contain the token tag.

Parameters:
name - token name
Returns:
list of certificates without token tag
Throws:
EBaseException - failed to retrieve

getInternalTokenName

java.lang.String getInternalTokenName()
                                      throws EBaseException
Retrieves the token name of the internal (software) token.

Returns:
the token name
Throws:
EBaseException - failed to retrieve token name

isCACert

boolean isCACert(java.lang.String fullNickname)
                 throws EBaseException
Checks to see if the certificate of the given nickname is a CA certificate.

Parameters:
fullNickname - nickname of the certificate to check
Returns:
true if it is a CA certificate
Throws:
EBaseException - failed to check

addEntropy

void addEntropy(int bits)
                throws org.mozilla.jss.util.NotImplementedException,
                       java.io.IOException,
                       org.mozilla.jss.crypto.TokenException
Adds the specified number of bits of entropy from the system entropy generator to the RNG of the default PKCS#11 RNG token. The default token is set using the modutil command. Note that the system entropy generator (usually /dev/random) will block until sufficient entropy is collected.

Parameters:
bits - number of bits of entropy
Throws:
org.mozilla.jss.util.NotImplementedException - If the Crypto device does not support adding entropy
org.mozilla.jss.crypto.TokenException - If there was some other problem with the Crypto device
java.io.IOException - If there was a problem reading from the /dev/random

getSignedCert

netscape.security.x509.X509CertImpl getSignedCert(KeyCertData data,
                                                  java.lang.String certType,
                                                  java.security.PrivateKey priKey)
                                                  throws EBaseException
Signs the certificate template into the given data and returns a signed certificate.

Parameters:
data - data that contains certificate template
certType - certificate type
priKey - CA signing key
Returns:
certificate
Throws:
EBaseException - failed to sign certificate template