|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
org.mozilla.jss
Class CryptoManager.InitializationValues
java.lang.Object org.mozilla.jss.CryptoManager.InitializationValues
- Enclosing class:
- CryptoManager
public static final class CryptoManager.InitializationValues
- extends java.lang.Object
The various options that can be used to initialize CryptoManager.
Nested Class Summary | |
---|---|
static class |
CryptoManager.InitializationValues.FIPSMode
This class enumerates the possible modes for FIPS compliance. |
Field Summary | |
---|---|
java.lang.String |
certPrefix
|
java.lang.String |
configDir
|
CryptoManager.InitializationValues.FIPSMode |
fipsMode
The FIPS mode of the security library. |
boolean |
initializeJavaOnly
If true, none of the underlying NSS components will be initialized. |
boolean |
installJSSProvider
Install the JSS crypto provider. |
java.lang.String |
keyPrefix
|
int |
LIBRARY_LENGTH
Library description must be this length exactly. |
int |
MANUFACTURER_LENGTH
ManufacturerID must be this length exactly. |
boolean |
ocspCheckingEnabled
To have NSS check the OCSP responder for when verifying certificates, set this flags to true. |
java.lang.String |
ocspResponderCertNickname
The nickname of the cert to trust (expected) to sign the OCSP responses. |
java.lang.String |
ocspResponderURL
Specify the location and cert of the responder. |
PasswordCallback |
passwordCallback
The password callback to be used by JSS whenever a password is needed. |
boolean |
readOnly
To open the databases in read-only mode, set this flag to true . |
boolean |
removeSunProvider
Remove the Sun crypto provider. |
java.lang.String |
secmodName
|
int |
SLOT_LENGTH
Slot names must be this length exactly. |
int |
TOKEN_LENGTH
Token names must be this length exactly. |
Constructor Summary | |
---|---|
protected |
CryptoManager.InitializationValues()
|
|
CryptoManager.InitializationValues(java.lang.String configDir)
|
|
CryptoManager.InitializationValues(java.lang.String configDir,
java.lang.String certPrefix,
java.lang.String keyPrefix,
java.lang.String secmodName)
|
Method Summary | |
---|---|
java.lang.String |
getFIPSKeyStorageSlotDescription()
Returns the description of the internal PKCS #11 FIPS Key Storage slot. |
java.lang.String |
getFIPSSlotDescription()
Returns the description of the internal PKCS #11 FIPS slot. |
java.lang.String |
getInternalKeyStorageSlotDescription()
Returns the description of the internal PKCS #11 key storage slot. |
java.lang.String |
getInternalKeyStorageTokenDescription()
Returns the description of the internal PKCS #11 key storage token. |
java.lang.String |
getInternalSlotDescription()
Returns the description of the internal PKCS #11 slot. |
java.lang.String |
getInternalTokenDescription()
Returns the description of the internal PKCS #11 token. |
java.lang.String |
getLibraryDescription()
Returns the description of the internal PKCS #11 module. |
java.lang.String |
getManufacturerID()
Returns the Manufacturer ID of the internal PKCS #11 module. |
void |
setFIPSKeyStorageSlotDescription(java.lang.String s)
Sets the description of the internal PKCS #11 FIPS Key Storage slot. |
void |
setFIPSSlotDescription(java.lang.String s)
Sets the description of the internal PKCS #11 FIPS slot. |
void |
setInternalKeyStorageSlotDescription(java.lang.String s)
Sets the description of the internal PKCS #11 key storage slot. |
void |
setInternalKeyStorageTokenDescription(java.lang.String s)
Sets the description of the internal PKCS #11 key storage token. |
void |
setInternalSlotDescription(java.lang.String s)
Sets the description of the internal PKCS #11 slot. |
void |
setInternalTokenDescription(java.lang.String s)
Sets the description of the internal PKCS #11 token. |
void |
setLibraryDescription(java.lang.String s)
Sets the description of the internal PKCS #11 module. |
void |
setManufacturerID(java.lang.String s)
Sets the Manufacturer ID of the internal PKCS #11 module. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
TOKEN_LENGTH
public final int TOKEN_LENGTH
- Token names must be this length exactly.
- See Also:
- Constant Field Values
SLOT_LENGTH
public final int SLOT_LENGTH
- Slot names must be this length exactly.
- See Also:
- Constant Field Values
MANUFACTURER_LENGTH
public final int MANUFACTURER_LENGTH
- ManufacturerID must be this length exactly.
- See Also:
- Constant Field Values
LIBRARY_LENGTH
public final int LIBRARY_LENGTH
- Library description must be this length exactly.
- See Also:
- Constant Field Values
configDir
public java.lang.String configDir
certPrefix
public java.lang.String certPrefix
keyPrefix
public java.lang.String keyPrefix
secmodName
public java.lang.String secmodName
passwordCallback
public PasswordCallback passwordCallback
- The password callback to be used by JSS whenever a password
is needed. May be NULL, in which the library will immediately fail
to get a password if it tries to login automatically while
performing
a cryptographic operation. It will still work if the token
has been manually logged in with
CryptoToken.login
.The default is a
ConsolePasswordCallback
.
fipsMode
public CryptoManager.InitializationValues.FIPSMode fipsMode
- The FIPS mode of the security library. Servers should
use
FIPSMode.UNCHANGED
, since only Admin Server is supposed to alter this value.The default is
FIPSMode.UNCHANGED
.
readOnly
public boolean readOnly
- To open the databases in read-only mode, set this flag to
true
. The default isfalse
, meaning the databases are opened in read-write mode.
ocspCheckingEnabled
public boolean ocspCheckingEnabled
- To have NSS check the OCSP responder for when verifying
certificates, set this flags to true. It is false by
default.
ocspResponderURL
public java.lang.String ocspResponderURL
- Specify the location and cert of the responder.
If OCSP checking is enabled *and* this variable is
set to some URL, all OCSP checking will be done via
this URL.
If this variable is null, the OCSP responder URL will
be obtained from the AIA extension in the certificate
being queried.
If this is set, you must also set ocspResponderCertNickname
ocspResponderCertNickname
public java.lang.String ocspResponderCertNickname
- The nickname of the cert to trust (expected) to
sign the OCSP responses.
Only checked when the OCSPResponder value is set.
installJSSProvider
public boolean installJSSProvider
- Install the JSS crypto provider. Default is true.
removeSunProvider
public boolean removeSunProvider
- Remove the Sun crypto provider. Default is false.
initializeJavaOnly
public boolean initializeJavaOnly
- If true, none of the underlying NSS components will
be initialized. Only the Java portions of JSS will be
initialized. This should only be used if NSS has been initialized
elsewhere.
Specifically, the following components will not be configured by CryptoManager.initialize if this flag is set:
- The NSS databases.
- OCSP checking.
- The NSS password callback.
- The internal PKCS #11 software token's identifier labels: slot, token, module, and manufacturer.
- The minimum PIN length for the software token.
- The frequency with which the user must login to the software token.
- The cipher strength policy (export/domestic).
The default is false.
Constructor Detail |
---|
CryptoManager.InitializationValues
protected CryptoManager.InitializationValues()
CryptoManager.InitializationValues
public CryptoManager.InitializationValues(java.lang.String configDir)
CryptoManager.InitializationValues
public CryptoManager.InitializationValues(java.lang.String configDir, java.lang.String certPrefix, java.lang.String keyPrefix, java.lang.String secmodName)
Method Detail |
---|
getManufacturerID
public java.lang.String getManufacturerID()
- Returns the Manufacturer ID of the internal PKCS #11 module.
The default is
"mozilla.org "
.
setManufacturerID
public void setManufacturerID(java.lang.String s) throws CryptoManager.InvalidLengthException
- Sets the Manufacturer ID of the internal PKCS #11 module.
This value must be exactly
MANUFACTURER_LENGTH
characters long.- Throws:
CryptoManager.InvalidLengthException
- Ifs.length()
is not exactlyMANUFACTURER_LENGTH
.
getLibraryDescription
public java.lang.String getLibraryDescription()
- Returns the description of the internal PKCS #11 module.
The default is
"Internal Crypto Services "
.
setLibraryDescription
public void setLibraryDescription(java.lang.String s) throws CryptoManager.InvalidLengthException
- Sets the description of the internal PKCS #11 module.
This value must be exactly
LIBRARY_LENGTH
characters long.- Throws:
CryptoManager.InvalidLengthException
- Ifs.length()
is not exactlyLIBRARY_LENGTH
.
getInternalTokenDescription
public java.lang.String getInternalTokenDescription()
- Returns the description of the internal PKCS #11 token.
The default is
"Internal Crypto Services Token "
.
setInternalTokenDescription
public void setInternalTokenDescription(java.lang.String s) throws CryptoManager.InvalidLengthException
- Sets the description of the internal PKCS #11 token.
This value must be exactly
TOKEN_LENGTH
characters long.- Throws:
CryptoManager.InvalidLengthException
- Ifs.length()
is not exactlyTOKEN_LENGTH
.
getInternalKeyStorageTokenDescription
public java.lang.String getInternalKeyStorageTokenDescription()
- Returns the description of the internal PKCS #11 key storage token.
The default is
"Internal Key Storage Token "
.
setInternalKeyStorageTokenDescription
public void setInternalKeyStorageTokenDescription(java.lang.String s) throws CryptoManager.InvalidLengthException
- Sets the description of the internal PKCS #11 key storage token.
This value must be exactly
TOKEN_LENGTH
characters long.- Throws:
CryptoManager.InvalidLengthException
- Ifs.length()
is not exactlyTOKEN_LENGTH
.
getInternalSlotDescription
public java.lang.String getInternalSlotDescription()
- Returns the description of the internal PKCS #11 slot.
The default is
"NSS Internal Cryptographic Services "
.
setInternalSlotDescription
public void setInternalSlotDescription(java.lang.String s) throws CryptoManager.InvalidLengthException
- Sets the description of the internal PKCS #11 slot.
This value must be exactly
SLOT_LENGTH
characters long.- Throws:
CryptoManager.InvalidLengthException
- Ifs.length()
is not exactlySLOT_LENGTH
.
getInternalKeyStorageSlotDescription
public java.lang.String getInternalKeyStorageSlotDescription()
- Returns the description of the internal PKCS #11 key storage slot.
The default is
"NSS Internal Private Key and Certificate Storage "
.
setInternalKeyStorageSlotDescription
public void setInternalKeyStorageSlotDescription(java.lang.String s) throws CryptoManager.InvalidLengthException
- Sets the description of the internal PKCS #11 key storage slot.
This value must be exactly
SLOT_LENGTH
characters long.- Throws:
CryptoManager.InvalidLengthException
- Ifs.length()
is not exactlySLOT_LENGTH
.
getFIPSSlotDescription
public java.lang.String getFIPSSlotDescription()
- Returns the description of the internal PKCS #11 FIPS slot.
The default is
"NSS FIPS 140-2 User Private Key Services"
.
setFIPSSlotDescription
public void setFIPSSlotDescription(java.lang.String s) throws CryptoManager.InvalidLengthException
- Sets the description of the internal PKCS #11 FIPS slot.
This value must be exactly
SLOT_LENGTH
characters long.- Throws:
CryptoManager.InvalidLengthException
- Ifs.length()
is not exactlySLOT_LENGTH
.
getFIPSKeyStorageSlotDescription
public java.lang.String getFIPSKeyStorageSlotDescription()
- Returns the description of the internal PKCS #11 FIPS
Key Storage slot.
The default is
"NSS FIPS 140-2 User Private Key Services"
.
setFIPSKeyStorageSlotDescription
public void setFIPSKeyStorageSlotDescription(java.lang.String s) throws CryptoManager.InvalidLengthException
- Sets the description of the internal PKCS #11 FIPS Key Storage slot.
This value must be exactly
SLOT_LENGTH
characters long.- Throws:
CryptoManager.InvalidLengthException
- Ifs.length()
is not exactlySLOT_LENGTH
.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |