JSS 3.1.2

org.mozilla.jss
Class CryptoManager.InitializationValues

java.lang.Object
  |
  +--org.mozilla.jss.CryptoManager.InitializationValues
Enclosing class:
CryptoManager

public static final class CryptoManager.InitializationValues
extends java.lang.Object

The various options that can be used to initialize CryptoManager.


Inner Class Summary
static class CryptoManager.InitializationValues.FIPSMode
          This class enumerates the possible modes for FIPS compliance.
 
Field Summary
 java.lang.String certPrefix
           
 java.lang.String configDir
           
private  java.lang.String FIPSKeyStorageSlotDescription
           
 CryptoManager.InitializationValues.FIPSMode fipsMode
          The FIPS mode of the security library.
private  java.lang.String FIPSSlotDescription
           
 boolean installJSSProvider
          Install the JSS crypto provider.
private  java.lang.String internalKeyStorageSlotDescription
           
private  java.lang.String internalKeyStorageTokenDescription
           
private  java.lang.String internalSlotDescription
           
private  java.lang.String internalTokenDescription
           
 java.lang.String keyPrefix
           
 int LIBRARY_LENGTH
          Library description must be this length exactly.
private  java.lang.String libraryDescription
           
 int MANUFACTURER_LENGTH
          ManufacturerID must be this length exactly.
private  java.lang.String manufacturerID
           
 boolean ocspCheckingEnabled
          To have NSS check the OCSP responder for when verifying certificates, set this flags to true.
 java.lang.String ocspResponderCertNickname
          The nickname of the cert to trust (expected) to sign the OCSP responses.
 java.lang.String ocspResponderURL
          Specify the location and cert of the responder.
 PasswordCallback passwordCallback
          The password callback to be used by JSS whenever a password is needed.
 boolean readOnly
          To open the databases in read-only mode, set this flag to true.
 boolean removeSunProvider
          Remove the Sun crypto provider.
 java.lang.String secmodName
           
 int SLOT_LENGTH
          Slot names must be this length exactly.
 int TOKEN_LENGTH
          Token names must be this length exactly.
 
Constructor Summary
protected CryptoManager.InitializationValues()
           
  CryptoManager.InitializationValues(java.lang.String configDir)
           
  CryptoManager.InitializationValues(java.lang.String configDir, java.lang.String certPrefix, java.lang.String keyPrefix, java.lang.String secmodName)
           
 
Method Summary
 java.lang.String getFIPSKeyStorageSlotDescription()
          Returns the description of the internal PKCS #11 FIPS Key Storage slot.
 java.lang.String getFIPSSlotDescription()
          Returns the description of the internal PKCS #11 FIPS slot.
 java.lang.String getInternalKeyStorageSlotDescription()
          Returns the description of the internal PKCS #11 key storage slot.
 java.lang.String getInternalKeyStorageTokenDescription()
          Returns the description of the internal PKCS #11 key storage token.
 java.lang.String getInternalSlotDescription()
          Returns the description of the internal PKCS #11 slot.
 java.lang.String getInternalTokenDescription()
          Returns the description of the internal PKCS #11 token.
 java.lang.String getLibraryDescription()
          Returns the description of the internal PKCS #11 module.
 java.lang.String getManufacturerID()
          Returns the Manufacturer ID of the internal PKCS #11 module.
 void setFIPSKeyStorageSlotDescription(java.lang.String s)
          Sets the description of the internal PKCS #11 FIPS Key Storage slot.
 void setFIPSSlotDescription(java.lang.String s)
          Sets the description of the internal PKCS #11 FIPS slot.
 void setInternalKeyStorageSlotDescription(java.lang.String s)
          Sets the description of the internal PKCS #11 key storage slot.
 void setInternalKeyStorageTokenDescription(java.lang.String s)
          Sets the description of the internal PKCS #11 key storage token.
 void setInternalSlotDescription(java.lang.String s)
          Sets the description of the internal PKCS #11 slot.
 void setInternalTokenDescription(java.lang.String s)
          Sets the description of the internal PKCS #11 token.
 void setLibraryDescription(java.lang.String s)
          Sets the description of the internal PKCS #11 module.
 void setManufacturerID(java.lang.String s)
          Sets the Manufacturer ID of the internal PKCS #11 module.
 
Methods inherited from class java.lang.Object
, clone, equals, finalize, getClass, hashCode, notify, notifyAll, registerNatives, toString, wait, wait, wait
 

Field Detail

TOKEN_LENGTH

public final int TOKEN_LENGTH
Token names must be this length exactly.

SLOT_LENGTH

public final int SLOT_LENGTH
Slot names must be this length exactly.

MANUFACTURER_LENGTH

public final int MANUFACTURER_LENGTH
ManufacturerID must be this length exactly.

LIBRARY_LENGTH

public final int LIBRARY_LENGTH
Library description must be this length exactly.

configDir

public java.lang.String configDir

certPrefix

public java.lang.String certPrefix

keyPrefix

public java.lang.String keyPrefix

secmodName

public java.lang.String secmodName

passwordCallback

public PasswordCallback passwordCallback
The password callback to be used by JSS whenever a password is needed. May be NULL, in which the library will immediately fail to get a password if it tries to login automatically while performing a cryptographic operation. It will still work if the token has been manually logged in with CryptoToken.login.

The default is a ConsolePasswordCallback.


fipsMode

public CryptoManager.InitializationValues.FIPSMode fipsMode
The FIPS mode of the security library. Servers should use FIPSMode.UNCHANGED, since only Admin Server is supposed to alter this value.

The default is FIPSMode.UNCHANGED.


readOnly

public boolean readOnly
To open the databases in read-only mode, set this flag to true. The default is false, meaning the databases are opened in read-write mode.

manufacturerID

private java.lang.String manufacturerID

libraryDescription

private java.lang.String libraryDescription

internalTokenDescription

private java.lang.String internalTokenDescription

internalKeyStorageTokenDescription

private java.lang.String internalKeyStorageTokenDescription

internalSlotDescription

private java.lang.String internalSlotDescription

internalKeyStorageSlotDescription

private java.lang.String internalKeyStorageSlotDescription

FIPSSlotDescription

private java.lang.String FIPSSlotDescription

FIPSKeyStorageSlotDescription

private java.lang.String FIPSKeyStorageSlotDescription

ocspCheckingEnabled

public boolean ocspCheckingEnabled
To have NSS check the OCSP responder for when verifying certificates, set this flags to true. It is false by default.

ocspResponderURL

public java.lang.String ocspResponderURL
Specify the location and cert of the responder. If OCSP checking is enabled *and* this variable is set to some URL, all OCSP checking will be done via this URL. If this variable is null, the OCSP responder URL will be obtained from the AIA extension in the certificate being queried. If this is set, you must also set ocspResponderCertNickname

ocspResponderCertNickname

public java.lang.String ocspResponderCertNickname
The nickname of the cert to trust (expected) to sign the OCSP responses. Only checked when the OCSPResponder value is set.

installJSSProvider

public boolean installJSSProvider
Install the JSS crypto provider. Default is true.

removeSunProvider

public boolean removeSunProvider
Remove the Sun crypto provider. Default is true.
Constructor Detail

CryptoManager.InitializationValues

protected CryptoManager.InitializationValues()

CryptoManager.InitializationValues

public CryptoManager.InitializationValues(java.lang.String configDir)

CryptoManager.InitializationValues

public CryptoManager.InitializationValues(java.lang.String configDir,
                                          java.lang.String certPrefix,
                                          java.lang.String keyPrefix,
                                          java.lang.String secmodName)
Method Detail

getManufacturerID

public java.lang.String getManufacturerID()
Returns the Manufacturer ID of the internal PKCS #11 module.

The default is "mozilla.org ".


setManufacturerID

public void setManufacturerID(java.lang.String s)
                       throws CryptoManager.InvalidLengthException
Sets the Manufacturer ID of the internal PKCS #11 module. This value must be exactly MANUFACTURER_LENGTH characters long.
Throws:
InvalidLengthException - If s.length() is not exactly MANUFACTURER_LENGTH.

getLibraryDescription

public java.lang.String getLibraryDescription()
Returns the description of the internal PKCS #11 module.

The default is "Internal Crypto Services ".


setLibraryDescription

public void setLibraryDescription(java.lang.String s)
                           throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 module. This value must be exactly LIBRARY_LENGTH characters long.
Throws:
InvalidLengthException - If s.length() is not exactly LIBRARY_LENGTH.

getInternalTokenDescription

public java.lang.String getInternalTokenDescription()
Returns the description of the internal PKCS #11 token.

The default is "Internal Crypto Services Token ".


setInternalTokenDescription

public void setInternalTokenDescription(java.lang.String s)
                                 throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 token. This value must be exactly TOKEN_LENGTH characters long.
Throws:
InvalidLengthException - If s.length() is not exactly TOKEN_LENGTH.

getInternalKeyStorageTokenDescription

public java.lang.String getInternalKeyStorageTokenDescription()
Returns the description of the internal PKCS #11 key storage token.

The default is "Internal Key Storage Token ".


setInternalKeyStorageTokenDescription

public void setInternalKeyStorageTokenDescription(java.lang.String s)
                                           throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 key storage token. This value must be exactly TOKEN_LENGTH characters long.
Throws:
InvalidLengthException - If s.length() is not exactly TOKEN_LENGTH.

getInternalSlotDescription

public java.lang.String getInternalSlotDescription()
Returns the description of the internal PKCS #11 slot.

The default is "NSS Internal Cryptographic Services ".


setInternalSlotDescription

public void setInternalSlotDescription(java.lang.String s)
                                throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 slot. This value must be exactly SLOT_LENGTH characters long.
Throws:
InvalidLengthException - If s.length() is not exactly SLOT_LENGTH.

getInternalKeyStorageSlotDescription

public java.lang.String getInternalKeyStorageSlotDescription()
Returns the description of the internal PKCS #11 key storage slot.

The default is "NSS Internal Private Key and Certificate Storage ".


setInternalKeyStorageSlotDescription

public void setInternalKeyStorageSlotDescription(java.lang.String s)
                                          throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 key storage slot. This value must be exactly SLOT_LENGTH characters long.
Throws:
InvalidLengthException - If s.length() is not exactly SLOT_LENGTH.

getFIPSSlotDescription

public java.lang.String getFIPSSlotDescription()
Returns the description of the internal PKCS #11 FIPS slot.

The default is "NSS Internal FIPS-140-1 Cryptographic Services ".


setFIPSSlotDescription

public void setFIPSSlotDescription(java.lang.String s)
                            throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 FIPS slot. This value must be exactly SLOT_LENGTH characters long.
Throws:
InvalidLengthException - If s.length() is not exactly SLOT_LENGTH.

getFIPSKeyStorageSlotDescription

public java.lang.String getFIPSKeyStorageSlotDescription()
Returns the description of the internal PKCS #11 FIPS Key Storage slot.

The default is "NSS Internal FIPS-140-1 Private Key and Certificate Storage ".


setFIPSKeyStorageSlotDescription

public void setFIPSKeyStorageSlotDescription(java.lang.String s)
                                      throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 FIPS Key Storage slot. This value must be exactly SLOT_LENGTH characters long.
Throws:
InvalidLengthException - If s.length() is not exactly SLOT_LENGTH.

JSS 3.1.2