org.mozilla.jss
Class CryptoManager.InitializationValues
java.lang.Object
org.mozilla.jss.CryptoManager.InitializationValues
- CryptoManager
public static final class CryptoManager.InitializationValues
extends java.lang.Object
The various options that can be used to initialize CryptoManager.
LIBRARY_LENGTH
public final int LIBRARY_LENGTH
Library description must be this length exactly.
MANUFACTURER_LENGTH
public final int MANUFACTURER_LENGTH
ManufacturerID must be this length exactly.
SLOT_LENGTH
public final int SLOT_LENGTH
Slot names must be this length exactly.
TOKEN_LENGTH
public final int TOKEN_LENGTH
Token names must be this length exactly.
certPrefix
public String certPrefix
configDir
public String configDir
fipsMode
public CryptoManager.InitializationValues.FIPSMode fipsMode
The FIPS mode of the security library. Servers should
use
FIPSMode.UNCHANGED
, since only
Admin Server is supposed to alter this value.
The default is
FIPSMode.UNCHANGED
.
initializeJavaOnly
public boolean initializeJavaOnly
If
true, none of the underlying NSS components will
be initialized. Only the Java portions of JSS will be
initialized. This should only be used if NSS has been initialized
elsewhere.
Specifically, the following components will
not be
configured by
CryptoManager.initialize if this flag is set:
- The NSS databases.
- OCSP checking.
- The NSS password callback.
- The internal PKCS #11 software token's identifier labels:
slot, token, module, and manufacturer.
- The minimum PIN length for the software token.
- The frequency with which the user must login to the software
token.
- The cipher strength policy (export/domestic).
The default is
false.
installJSSProvider
public boolean installJSSProvider
Install the JSS crypto provider. Default is true.
keyPrefix
public String keyPrefix
ocspCheckingEnabled
public boolean ocspCheckingEnabled
To have NSS check the OCSP responder for when verifying
certificates, set this flags to true. It is false by
default.
ocspResponderCertNickname
public String ocspResponderCertNickname
The nickname of the cert to trust (expected) to
sign the OCSP responses.
Only checked when the OCSPResponder value is set.
ocspResponderURL
public String ocspResponderURL
Specify the location and cert of the responder.
If OCSP checking is enabled *and* this variable is
set to some URL, all OCSP checking will be done via
this URL.
If this variable is null, the OCSP responder URL will
be obtained from the AIA extension in the certificate
being queried.
If this is set, you must also set ocspResponderCertNickname
passwordCallback
public PasswordCallback passwordCallback
The password callback to be used by JSS whenever a password
is needed. May be NULL, in which the library will immediately fail
to get a password if it tries to login automatically while
performing
a cryptographic operation. It will still work if the token
has been manually logged in with
CryptoToken.login
.
The default is a
ConsolePasswordCallback
.
readOnly
public boolean readOnly
To open the databases in read-only mode, set this flag to
true
. The default is false
, meaning
the databases are opened in read-write mode.
removeSunProvider
public boolean removeSunProvider
Remove the Sun crypto provider. Default is false.
secmodName
public String secmodName
InitializationValues
protected InitializationValues()
InitializationValues
public InitializationValues(String configDir)
InitializationValues
public InitializationValues(String configDir,
String certPrefix,
String keyPrefix,
String secmodName)
getFIPSKeyStorageSlotDescription
public String getFIPSKeyStorageSlotDescription()
Returns the description of the internal PKCS #11 FIPS
Key Storage slot.
The default is
"NSS FIPS 140-2 User Private Key Services"
.
getFIPSSlotDescription
public String getFIPSSlotDescription()
Returns the description of the internal PKCS #11 FIPS slot.
The default is
"NSS FIPS 140-2 User Private Key Services"
.
getInternalKeyStorageSlotDescription
public String getInternalKeyStorageSlotDescription()
Returns the description of the internal PKCS #11 key storage slot.
The default is
"NSS Internal Private Key and Certificate Storage "
.
getInternalKeyStorageTokenDescription
public String getInternalKeyStorageTokenDescription()
Returns the description of the internal PKCS #11 key storage token.
The default is
"Internal Key Storage Token "
.
getInternalSlotDescription
public String getInternalSlotDescription()
Returns the description of the internal PKCS #11 slot.
The default is
"NSS Internal Cryptographic Services "
.
getInternalTokenDescription
public String getInternalTokenDescription()
Returns the description of the internal PKCS #11 token.
The default is
"Internal Crypto Services Token "
.
getLibraryDescription
public String getLibraryDescription()
Returns the description of the internal PKCS #11 module.
The default is
"Internal Crypto Services "
.
getManufacturerID
public String getManufacturerID()
Returns the Manufacturer ID of the internal PKCS #11 module.
The default is
"mozilla.org "
.
setFIPSKeyStorageSlotDescription
public void setFIPSKeyStorageSlotDescription(String s)
throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 FIPS Key Storage slot.
This value must be exactly SLOT_LENGTH
characters
long.
setFIPSSlotDescription
public void setFIPSSlotDescription(String s)
throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 FIPS slot.
This value must be exactly SLOT_LENGTH
characters
long.
setInternalKeyStorageSlotDescription
public void setInternalKeyStorageSlotDescription(String s)
throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 key storage slot.
This value must be exactly SLOT_LENGTH
characters
long.
setInternalKeyStorageTokenDescription
public void setInternalKeyStorageTokenDescription(String s)
throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 key storage token.
This value must be exactly TOKEN_LENGTH
characters long.
setInternalSlotDescription
public void setInternalSlotDescription(String s)
throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 slot.
This value must be exactly SLOT_LENGTH
characters
long.
setInternalTokenDescription
public void setInternalTokenDescription(String s)
throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 token.
This value must be exactly TOKEN_LENGTH
characters long.
setLibraryDescription
public void setLibraryDescription(String s)
throws CryptoManager.InvalidLengthException
Sets the description of the internal PKCS #11 module.
This value must be exactly LIBRARY_LENGTH
characters long.
setManufacturerID
public void setManufacturerID(String s)
throws CryptoManager.InvalidLengthException
Sets the Manufacturer ID of the internal PKCS #11 module.
This value must be exactly MANUFACTURER_LENGTH
characters long.