Prev Class | Next Class | Frames | No Frames |
Summary: Nested | Field | Method | Constr | Detail: Nested | Field | Method | Constr |
java.lang.Object
org.mozilla.jss.pkcs11.PK11Token
CryptoManager
Nested Class Summary | |
static class |
|
Field Summary | |
protected PK11Store | |
protected boolean | |
protected boolean | |
protected TokenProxy |
Fields inherited from interface org.mozilla.jss.crypto.CryptoToken | |
EVERY_TIME , ONE_TIME , TIMEOUT |
Constructor Summary | |
|
Method Summary | |
protected boolean |
|
protected boolean |
|
protected void |
|
void |
|
SymmetricKey |
|
boolean |
|
boolean |
|
String |
|
protected String |
|
Cipher |
|
CryptoStore |
|
JSSMessageDigest |
|
KeyGenerator |
|
KeyPairGenerator |
|
KeyWrapper |
|
int |
|
int |
|
String |
|
java.security.Provider | |
TokenProxy |
|
java.security.SecureRandom | |
Signature |
|
protected void |
|
void |
|
boolean | |
boolean | |
boolean |
|
boolean |
|
boolean | |
void |
|
void |
|
protected PasswordCallbackInfo | |
protected void |
|
boolean |
|
boolean |
|
void |
|
void |
|
protected boolean |
|
protected boolean mIsInternalCryptoToken
protected boolean mIsInternalKeyStorageToken
protected PK11Token()
protected PK11Token(byte[] pointer, boolean internal, boolean keyStorage)
Creates a new PK11Token. Should only be called from PK11Token's native code.
- Parameters:
pointer
- A byte array containing a pointer to a PKCS #11 slot.
protected boolean PWInitable() throws TokenException
Make sure the PIN can be initialized. This is mainly to check the internal module.
protected boolean SSOPasswordIsCorrect(byte[] ssopw) throws TokenException, AlreadyInitializedException
protected void changePassword(byte[] oldPIN, byte[] newPIN) throws IncorrectPasswordException, TokenException
Change the password on the token from the old one to the new one.
public void changePassword(PasswordCallback oldPINcb, PasswordCallback newPINcb) throws IncorrectPasswordException, TokenException
Change password. This changes the user's PIN after it has already been initialized.
- Specified by:
- changePassword in interface CryptoToken
- Parameters:
- Throws:
IncorrectPasswordException
- If the old PIN is incorrect.TokenException
- If some other error occurs on the token.
public SymmetricKey cloneKey(SymmetricKey key) throws SymmetricKey.NotExtractableException, InvalidKeyException, TokenException
Allows a SymmetricKey to be cloned on a different token.
- Specified by:
- cloneKey in interface CryptoToken
- Throws:
SymmetricKey.NotExtractableException
- If the key material cannot be extracted from the current token.
public boolean doesAlgorithm(Algorithm alg)
Determines whether this token is capable of performing the given algorithm.
- Specified by:
- doesAlgorithm in interface CryptoToken
public boolean equals(Object obj)
Deep-comparison operator.
- Specified by:
- equals in interface CryptoToken
- Returns:
- true if these tokens point to the same underlying native token. false otherwise, or if
compare
is null.
public String generateCertRequest(String subject, int keysize, String keyType, byte[] P, byte[] Q, byte[] G) throws TokenException, InvalidParameterException, PQGParamGenException
Generates a PKCS#10 certificate request including Begin/End brackets
- Specified by:
- generateCertRequest in interface CryptoToken
- Parameters:
subject
- subject dn of the certificatekeysize
- size of the keykeyType
- "rsa" or "dsa"P
- The DSA prime parameterQ
- The DSA sub-prime parameterG
- The DSA base parameter
- Returns:
- String that represents a PKCS#10 b64 encoded blob with begin/end brackets
protected String generatePK10(String subject, int keysize, String keyType, byte[] P, byte[] Q, byte[] G) throws TokenException, InvalidParameterException
public Cipher getCipherContext(EncryptionAlgorithm algorithm) throws NoSuchAlgorithmException, TokenException
Deprecated. Use the JCA interface instead (
javax.crypto.Cipher
)Creates a Cipher object, which can be used for encryption and decryption. Cryptographic operations will take place on this token. The keys used in the operations must be located on this token.
- Specified by:
- getCipherContext in interface CryptoToken
- Parameters:
algorithm
- The algorithm used for encryption/decryption.
public CryptoStore getCryptoStore()
Get the CryptoStore interface to this token's objects.
- Specified by:
- getCryptoStore in interface CryptoToken
public JSSMessageDigest getDigestContext(DigestAlgorithm algorithm) throws NoSuchAlgorithmException, java.security.DigestException
Deprecated. Use the JCA interface instead (
java.security.MessageDigest
)Creates a Digest object. Digesting cryptographic operations will take place on this token.
- Specified by:
- getDigestContext in interface CryptoToken
- Parameters:
algorithm
- The algorithm used for digesting.
public KeyGenerator getKeyGenerator(KeyGenAlgorithm algorithm) throws NoSuchAlgorithmException, TokenException
Deprecated. Use the JCA interface instead (
javax.crypto.KeyGenerator
)Creates a KeyGenerator object, which can be used to generate symmetric encryption keys. Any keys generated with this KeyGenerator will be generated on this token.
- Specified by:
- getKeyGenerator in interface CryptoToken
- Parameters:
algorithm
- The algorithm that the keys will be used with.
public KeyPairGenerator getKeyPairGenerator(KeyPairAlgorithm algorithm) throws NoSuchAlgorithmException, TokenException
Deprecated. Use the JCA interface instead (
java.security.KeyPairGenerator
)Creates a KeyPairGenerator object, which can be used to generate key pairs. Any keypairs generated with this generator will be generated on this token.
- Specified by:
- getKeyPairGenerator in interface CryptoToken
- Parameters:
algorithm
- The algorithm that the keys will be used with (RSA, DSA, EC, etc.)
public KeyWrapper getKeyWrapper(KeyWrapAlgorithm algorithm) throws NoSuchAlgorithmException, TokenException
Deprecated. Use the JCA interface instead (
javax.crypto.Cipher
)
- Specified by:
- getKeyWrapper in interface CryptoToken
public int getLoginMode() throws TokenException
Returns the login mode of this token: ONE_TIME, TIMEOUT, or EVERY_TIME. The default is ONE_TIME.
- Specified by:
- getLoginMode in interface CryptoToken
- Throws:
TokenException
- If an error occurs on the token.
- See Also:
CryptoToken.getLoginTimeoutMinutes()
public int getLoginTimeoutMinutes() throws TokenException
Returns the login timeout period. The timeout is only used if the login mode is TIMEOUT.
- Specified by:
- getLoginTimeoutMinutes in interface CryptoToken
- Throws:
TokenException
- If an error occurs on the token.
- See Also:
CryptoToken.getLoginMode()
public String getName()
Obtain the nickname, or label, of this token.
- Specified by:
- getName in interface CryptoToken
public java.security.Provider getProvider()
public java.security.SecureRandom getRandomGenerator() throws NotImplementedException, TokenException
public Signature getSignatureContext(SignatureAlgorithm algorithm) throws NoSuchAlgorithmException, TokenException
Deprecated. Use the JCA interface instead (
java.security.Signature
)Creates a Signature object, which can perform signing and signature verification. Signing and verification cryptographic operations will take place on this token. The signing key must be located on this token.
- Specified by:
- getSignatureContext in interface CryptoToken
- Parameters:
algorithm
- The algorithm used for the signing/verification.
protected void initPassword(byte[] ssopw, byte[] userpw) throws IncorrectPasswordException, AlreadyInitializedException, TokenException
public void initPassword(PasswordCallback ssopwcb, PasswordCallback userpwcb) throws IncorrectPasswordException, AlreadyInitializedException, TokenException
Initialize PIN. This sets the user's new PIN, using the current security officer PIN for authentication.
- Specified by:
- initPassword in interface CryptoToken
- Parameters:
- Throws:
TokenException
- If the PIN was already initialized, or there was an unspecified error in the token.
public boolean isInternalCryptoToken()
- Returns:
- true if this is the internal token used for bulk crypto.
public boolean isInternalKeyStorageToken()
- Returns:
- true if this is the internal key storage token.
public boolean isLoggedIn() throws TokenException
Find out if the token is currently logged in.
- Specified by:
- isLoggedIn in interface CryptoToken
public boolean isPresent()
Determines if the given token is present on the system. This would return false, for example, for a smart card reader that didn't have a card inserted.
- Specified by:
- isPresent in interface CryptoToken
public boolean isWritable()
- Returns:
- true if the token is writable, false if it is read-only. Writable tokens can have their keys generated on the internal token and then moved out.
public void login(PasswordCallback callback) throws PK11Token.NotInitializedException, IncorrectPasswordException, TokenException
Log into the token. If you are already logged in, this method has no effect, even if the PIN is wrong.
- Specified by:
- login in interface CryptoToken
- Parameters:
callback
- A callback to use to obtain the password, or a Password object.
- Throws:
PK11Token.NotInitializedException
- The token has not yet been initialized.IncorrectPasswordException
- The specified password was incorrect.
public void logout() throws TokenException
Log out of the token.
- Specified by:
- logout in interface CryptoToken
- Throws:
TokenException
- If you are already logged in, or an unspecified error occurs.
protected void nativeLogin(PasswordCallback callback) throws PK11Token.NotInitializedException, IncorrectPasswordException, TokenException
public boolean needsLogin() throws TokenException
returns true if this token needs to be logged into before it can be used.
- Specified by:
- needsLogin in interface CryptoToken
public boolean passwordIsInitialized() throws TokenException
Determine whether the token has been initialized yet.
- Specified by:
- passwordIsInitialized in interface CryptoToken
public void setLoginMode(int mode) throws TokenException
Sets the login mode of this token.
- Specified by:
- setLoginMode in interface CryptoToken
- Parameters:
mode
- ONE_TIME, TIMEOUT, or EVERY_TIME
- Throws:
TokenException
- If this mode is not supported by this token, or an error occurs on the token.
public void setLoginTimeoutMinutes(int timeoutMinutes) throws TokenException
Sets the timeout period for logging in. This will only be used if the login mode is TIMEOUT.
- Specified by:
- setLoginTimeoutMinutes in interface CryptoToken
- Throws:
TokenException
- If timeouts are not supported by this token, or an error occurs on the token.
- See Also:
CryptoToken.setLoginMode(int)
protected boolean userPasswordIsCorrect(byte[] pw) throws TokenException
Check the given password, return true if it's right, false if it's wrong.