Class CryptoUtil


  • public class CryptoUtil
    extends java.lang.Object
    • Constructor Summary

      Constructors 
      Constructor Description
      CryptoUtil()  
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static boolean arraysEqual​(byte[] bytes, byte[] ints)  
      static byte[] base64Decode​(java.lang.String s)  
      static java.lang.String base64Encode​(byte[] bytes)  
      static org.mozilla.jss.ssl.SSLVersionRange boundSSLDatagramVersionRange​(org.mozilla.jss.ssl.SSLVersion min, org.mozilla.jss.ssl.SSLVersion max)  
      static org.mozilla.jss.ssl.SSLVersionRange boundSSLStreamVersionRange​(org.mozilla.jss.ssl.SSLVersion min, org.mozilla.jss.ssl.SSLVersion max)  
      static java.lang.String byte2string​(byte[] id)
      Converts any length byte array into a signed, variable-length hexadecimal number.
      static char[] bytesToChars​(byte[] bytes)  
      static java.lang.String certFormat​(java.lang.String content)  
      static byte[] charsToBytes​(char[] chars)  
      static boolean compare​(byte[] src, byte[] dest)
      Compares 2 byte arrays to see if they are the same.
      static org.mozilla.jss.netscape.security.pkcs.PKCS10 createCertificationRequest​(java.lang.String subjectName, java.security.KeyPair keyPair)
      Creates a PKCS#10 request.
      static org.mozilla.jss.netscape.security.pkcs.PKCS10 createCertificationRequest​(java.lang.String subjectName, java.security.KeyPair keyPair, java.lang.String alg)  
      static org.mozilla.jss.netscape.security.pkcs.PKCS10 createCertificationRequest​(java.lang.String subjectName, org.mozilla.jss.netscape.security.x509.X509Key pubk, java.security.PrivateKey prik, java.lang.String alg, org.mozilla.jss.netscape.security.x509.Extensions exts)  
      static org.mozilla.jss.crypto.SymmetricKey createDes3SessionKeyOnInternal()  
      static byte[] createEncodedPKIArchiveOptions​(org.mozilla.jss.crypto.CryptoToken token, java.security.PublicKey wrappingKey, char[] data, org.mozilla.jss.netscape.security.util.WrappingParams params, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)  
      static byte[] createEncodedPKIArchiveOptions​(org.mozilla.jss.crypto.CryptoToken token, java.security.PublicKey wrappingKey, org.mozilla.jss.crypto.PrivateKey data, org.mozilla.jss.netscape.security.util.WrappingParams params, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)  
      static byte[] createEncodedPKIArchiveOptions​(org.mozilla.jss.crypto.CryptoToken token, java.security.PublicKey wrappingKey, org.mozilla.jss.crypto.SymmetricKey data, org.mozilla.jss.netscape.security.util.WrappingParams params, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)  
      static org.mozilla.jss.pkix.cms.EnvelopedData createEnvelopedData​(byte[] encContent, byte[] encSymKey)
      for CMC encryptedPOP
      static org.mozilla.jss.netscape.security.x509.KeyIdentifier createKeyIdentifier​(java.security.KeyPair keypair)  
      static org.mozilla.jss.util.Password createPasswordFromBytes​(byte[] bytes)
      Create a jss Password object from a provided byte array.
      static org.mozilla.jss.pkix.crmf.PKIArchiveOptions createPKIArchiveOptions​(byte[] session_data, byte[] key_data, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)  
      static org.mozilla.jss.pkix.crmf.PKIArchiveOptions createPKIArchiveOptions​(org.mozilla.jss.crypto.CryptoToken token, java.security.PublicKey wrappingKey, char[] data, org.mozilla.jss.netscape.security.util.WrappingParams params, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)  
      static org.mozilla.jss.pkix.crmf.PKIArchiveOptions createPKIArchiveOptions​(org.mozilla.jss.crypto.CryptoToken token, java.security.PublicKey wrappingKey, org.mozilla.jss.crypto.PrivateKey data, org.mozilla.jss.netscape.security.util.WrappingParams params, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)  
      static void createSharedSecret​(java.lang.String nickname)  
      static org.mozilla.jss.netscape.security.x509.X509CertInfo createX509CertInfo​(org.mozilla.jss.netscape.security.x509.X509Key x509key, java.math.BigInteger serialno, org.mozilla.jss.netscape.security.x509.CertificateIssuerName issuerName, java.lang.String subjname, java.util.Date notBefore, java.util.Date notAfter, java.lang.String alg)
      Creates a Certificate template.
      static org.mozilla.jss.netscape.security.x509.X509Key createX509Key​(java.security.PublicKey publicKey)  
      static byte[] decodeKeyID​(java.lang.String id)
      Converts NSS key ID from a signed, variable-length hexadecimal number into a 20 byte array, which will be identical to the original byte array.
      static byte[] decryptUsingSymmetricKey​(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.IVParameterSpec ivspec, byte[] encryptedData, org.mozilla.jss.crypto.SymmetricKey wrappingKey, org.mozilla.jss.crypto.EncryptionAlgorithm encryptionAlgorithm)  
      static void deleteCertificates​(java.lang.String nickname)
      Deletes all certificates by a nickname.
      static void deletePrivateKey​(org.mozilla.jss.crypto.PrivateKey prikey)
      Deletes a private key.
      static void deleteSharedSecret​(java.lang.String nickname)  
      static void deleteUserCertificates​(java.lang.String nickname)
      Deletes user certificates by a nickname.
      static java.lang.String encodeKeyID​(byte[] keyID)
      Converts NSS key ID from a 20 byte array into a signed, variable-length hexadecimal number (to maintain compatibility with byte2string()).
      static byte[] encodePKIArchiveOptions​(org.mozilla.jss.pkix.crmf.PKIArchiveOptions opts)  
      static byte[] encryptSecret​(org.mozilla.jss.crypto.CryptoToken token, byte[] secret, org.mozilla.jss.crypto.IVParameterSpec iv, org.mozilla.jss.crypto.SymmetricKey key, org.mozilla.jss.crypto.EncryptionAlgorithm algorithm)  
      static byte[] encryptUsingSymmetricKey​(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.SymmetricKey wrappingKey, byte[] data, org.mozilla.jss.crypto.EncryptionAlgorithm alg, org.mozilla.jss.crypto.IVParameterSpec ivspec)  
      static java.util.List<byte[]> exportSharedSecret​(java.lang.String nickname, java.security.cert.X509Certificate wrappingCert, org.mozilla.jss.crypto.SymmetricKey wrappingKey)  
      static org.mozilla.jss.crypto.PrivateKey findPrivateKeyFromID​(byte[] id)
      Retrieves a private key from a unique key ID.
      static java.security.KeyPair generateECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token, int keysize)
      Generates an ecc key pair.
      static java.security.KeyPair generateECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token, int keysize, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask)  
      static java.security.KeyPair generateECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token, int keysize, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask, boolean temporary, int sensitive, int extractable)  
      static java.security.KeyPair generateECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token, java.lang.String curveName)
      Generates an ecc key pair by curve name
      static java.security.KeyPair generateECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token, java.lang.String curveName, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask)  
      static java.security.KeyPair generateECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token, java.lang.String curveName, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask, boolean temporary, int sensitive, int extractable)  
      static org.mozilla.jss.crypto.SymmetricKey generateKey​(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.KeyGenAlgorithm alg, int keySize, org.mozilla.jss.crypto.SymmetricKey.Usage[] usages, boolean temporary)  
      static byte[] generateKeyIdentifier​(byte[] rawKey)  
      static byte[] generateKeyIdentifier​(byte[] rawKey, java.lang.String alg)  
      static java.security.KeyPair generateRSAKeyPair​(org.mozilla.jss.crypto.CryptoToken token, int keysize)
      Generates a RSA key pair.
      static java.security.KeyPair generateRSAKeyPair​(org.mozilla.jss.crypto.CryptoToken token, int keysize, boolean temporary)  
      static org.mozilla.jss.netscape.security.x509.X509CertImpl[] getAllUserCerts()
      Retrieves all user certificates from all tokens.
      static org.mozilla.jss.crypto.CryptoToken getCryptoToken​(java.lang.String name)
      Retrieves handle to a crypto token.
      static org.mozilla.jss.pkix.primitive.AlgorithmIdentifier getDefaultHashAlg()  
      static java.lang.String getDefaultHashAlgName()
      The following are convenience routines for quick preliminary feature development or test programs that would just take the defaults
      static java.lang.String[] getECcurves()  
      static java.util.Vector<java.lang.String> getECKeyCurve​(org.mozilla.jss.netscape.security.x509.X509Key key)  
      static org.mozilla.jss.netscape.security.x509.Extension getExtensionFromCertTemplate​(org.mozilla.jss.pkix.crmf.CertTemplate certTemplate, org.mozilla.jss.netscape.security.util.ObjectIdentifier csOID)  
      static org.mozilla.jss.netscape.security.x509.Extension getExtensionFromPKCS10​(org.mozilla.jss.netscape.security.pkcs.PKCS10 pkcs10, java.lang.String extnName)  
      static org.mozilla.jss.asn1.OBJECT_IDENTIFIER getHashAlgorithmOID​(java.lang.String name)
      getHashAlgorithmOID returns OID of the hashing algorithm name
      static java.lang.String getHMACAlgName​(java.lang.String name)
      Maps from HMACAlgorithm name to JSS Provider HMAC Alg name.
      static org.mozilla.jss.asn1.OBJECT_IDENTIFIER getHMACAlgorithmOID​(java.lang.String name)
      getHMACAlgorithmOID returns OID of the HMAC algorithm name
      static java.lang.String getHMACtoMessageDigestName​(java.lang.String name)
      maps from HMACAlgorithm name to FIPS 180-2 MessageDigest algorithm name
      static org.mozilla.jss.crypto.CryptoToken getKeyStorageToken​(java.lang.String name)
      Retrieves handle to a key store token.
      static byte[] getModulus​(java.security.PublicKey pubk)  
      static java.lang.String getNameFromHashAlgorithm​(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier ai)
      getNameFromHashAlgorithm returns the hashing algorithm name from input Algorithm
      static byte[] getNonceData​(int size)
      Generates a nonce_iv for padding.
      static org.mozilla.jss.asn1.OBJECT_IDENTIFIER getOID​(org.mozilla.jss.crypto.KeyWrapAlgorithm kwAlg)  
      static org.mozilla.jss.crypto.PrivateKey getPrivateKey​(java.lang.String nickname)
      Retrieves a private key by nickname.
      static byte[] getPublicExponent​(java.security.PublicKey pubk)  
      static java.security.SecureRandom getRandomNumberGenerator()  
      static java.lang.String getSKIString​(org.mozilla.jss.netscape.security.x509.X509CertImpl cert)  
      static java.lang.String getSubjectName​(org.mozilla.jss.asn1.SEQUENCE crmfMsgs)  
      static org.mozilla.jss.crypto.SymmetricKey getSymKeyByName​(org.mozilla.jss.crypto.CryptoToken token, java.lang.String name)  
      static java.security.cert.X509Certificate[] getX509CertificateFromPKCS7​(byte[] b)  
      static org.mozilla.jss.netscape.security.x509.X509Key getX509KeyFromCRMFMsg​(org.mozilla.jss.pkix.crmf.CertReqMsg crmfMsg)  
      static org.mozilla.jss.netscape.security.x509.X509Key getX509KeyFromCRMFMsgs​(org.mozilla.jss.asn1.SEQUENCE crmfMsgs)  
      static byte[] hexString2Bytes​(java.lang.String string)
      Converts string containing pairs of characters in the range of '0' to '9', 'a' to 'f' to an array of bytes such that each pair of characters in the string represents an individual byte
      static void importCertificateChain​(byte[] bytes)  
      static java.security.Key importHmacSha1Key​(byte[] key)
      importHmacSha1Key returns a key based on a byte array, which is originally a password.
      static org.mozilla.jss.crypto.X509Certificate[] importPKCS7​(org.mozilla.jss.netscape.security.pkcs.PKCS7 pkcs7)  
      static org.mozilla.jss.crypto.X509Certificate[] importPKCS7​(org.mozilla.jss.netscape.security.pkcs.PKCS7 pkcs7, java.lang.String nickname, java.lang.String trustFlags)  
      static org.mozilla.jss.crypto.PrivateKey importPKIArchiveOptions​(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.PrivateKey unwrappingKey, java.security.PublicKey pubkey, byte[] data)  
      static void importSharedSecret​(byte[] wrappedSessionKey, byte[] wrappedSharedSecret, java.lang.String subsystemCertNickname, java.lang.String sharedSecretNickname)  
      static org.mozilla.jss.crypto.X509Certificate importUserCertificate​(byte[] bytes, java.lang.String nickname)
      Imports a user certificate.
      static org.mozilla.jss.crypto.X509Certificate importUserCertificateChain​(java.lang.String c, java.lang.String nickname)
      Imports a PKCS#7 certificate chain that includes the user certificate, and trusts the certificate.
      static boolean isCertTrusted​(org.mozilla.jss.crypto.InternalCertificate cert)
      To certificate server point of view, SSL trust is what we referring.
      static boolean isECCKey​(org.mozilla.jss.netscape.security.x509.X509Key key)  
      static boolean isInternalToken​(java.lang.String name)  
      static boolean isTrust​(int flag)  
      static java.lang.String mapSignatureAlgorithmToInternalName​(org.mozilla.jss.crypto.SignatureAlgorithm alg)  
      static java.lang.String normalizeCertAndReq​(java.lang.String s)  
      static java.lang.String normalizeCertStr​(java.lang.String s)  
      static void obscureBytes​(byte[] memory, java.lang.String method)  
      static void obscureChars​(char[] memory)  
      static org.mozilla.jss.asn1.SEQUENCE parseCRMFMsgs​(byte[] cert_request)  
      static java.lang.String reqFormat​(java.lang.String content)  
      static void setClientCiphers​(java.lang.String list)  
      static void setDefaultSSLCiphers()  
      static void setSSLCipher​(java.lang.String name, boolean enabled)  
      static void setSSLCiphers​(java.lang.String ciphers)  
      static void setSSLDatagramVersionRange​(org.mozilla.jss.ssl.SSLVersion min, org.mozilla.jss.ssl.SSLVersion max)  
      static void setSSLStreamVersionRange​(org.mozilla.jss.ssl.SSLVersion min, org.mozilla.jss.ssl.SSLVersion max)  
      static void setTrustFlags​(org.mozilla.jss.crypto.X509Certificate cert, java.lang.String trustFlags)  
      static boolean sharedSecretExists​(java.lang.String nickname)  
      static org.mozilla.jss.netscape.security.x509.X509CertImpl signCert​(java.security.PrivateKey privateKey, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo, java.lang.String alg)
      Signs certificate.
      static org.mozilla.jss.netscape.security.x509.X509CertImpl signCert​(java.security.PrivateKey privateKey, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo, org.mozilla.jss.crypto.SignatureAlgorithm sigAlg)  
      static org.mozilla.jss.netscape.security.x509.X509CertImpl signECCCert​(java.security.PrivateKey privateKey, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)  
      static java.security.cert.X509Certificate[] sortCertificateChain​(java.security.cert.X509Certificate[] certs)
      Sorts certificate chain from root to leaf.
      static java.security.cert.X509Certificate[] sortCertificateChain​(java.security.cert.X509Certificate[] certs, boolean reverse)  
      static byte[] string2byte​(java.lang.String id)
      Converts a signed, variable-length hexadecimal number into a byte array, which may not be identical to the original byte array.
      static java.lang.String stripCertBrackets​(java.lang.String s)
      strips out the begin and end certificate brackets
      static void trustAuditSigningCert​(org.mozilla.jss.crypto.X509Certificate cert)  
      static void trustCACert​(org.mozilla.jss.crypto.X509Certificate cert)  
      static void trustCert​(org.mozilla.jss.crypto.InternalCertificate cert)
      Trusts a certificate.
      static void trustCertByNickname​(java.lang.String nickname)
      Trusts a certificate by nickname.
      static void unsetSSLCiphers()  
      static void unTrustCert​(org.mozilla.jss.crypto.InternalCertificate cert)  
      static org.mozilla.jss.crypto.PrivateKey unwrap​(org.mozilla.jss.crypto.CryptoToken token, java.security.PublicKey pubKey, boolean temporary, org.mozilla.jss.crypto.SymmetricKey wrappingKey, byte[] wrappedData, org.mozilla.jss.crypto.KeyWrapAlgorithm wrapAlgorithm, org.mozilla.jss.crypto.IVParameterSpec wrapIV)  
      static org.mozilla.jss.crypto.SymmetricKey unwrap​(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.SymmetricKey.Type keyType, int strength, org.mozilla.jss.crypto.SymmetricKey.Usage usage, org.mozilla.jss.crypto.PrivateKey wrappingKey, byte[] wrappedData, org.mozilla.jss.crypto.KeyWrapAlgorithm wrapAlgorithm)  
      static org.mozilla.jss.crypto.SymmetricKey unwrap​(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.SymmetricKey.Type keyType, int strength, org.mozilla.jss.crypto.SymmetricKey.Usage usage, org.mozilla.jss.crypto.SymmetricKey wrappingKey, byte[] wrappedData, org.mozilla.jss.crypto.KeyWrapAlgorithm wrapAlgorithm, org.mozilla.jss.crypto.IVParameterSpec wrappingIV)  
      static byte[] unwrapUsingPassphrase​(byte[] wrappedRecoveredKey, java.lang.String recoveryPassphrase)  
      static byte[] wrapSymmetricKey​(org.mozilla.jss.crypto.CryptoToken token, java.security.PublicKey wrappingKey, org.mozilla.jss.crypto.SymmetricKey sk)  
      static byte[] wrapUsingPublicKey​(org.mozilla.jss.crypto.CryptoToken token, java.security.PublicKey wrappingKey, org.mozilla.jss.crypto.SymmetricKey data, org.mozilla.jss.crypto.KeyWrapAlgorithm alg)  
      static byte[] wrapUsingSymmetricKey​(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.SymmetricKey wrappingKey, org.mozilla.jss.crypto.PrivateKey data, org.mozilla.jss.crypto.IVParameterSpec ivspec, org.mozilla.jss.crypto.KeyWrapAlgorithm alg)  
      static byte[] wrapUsingSymmetricKey​(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.SymmetricKey wrappingKey, org.mozilla.jss.crypto.SymmetricKey data, org.mozilla.jss.crypto.IVParameterSpec ivspec, org.mozilla.jss.crypto.KeyWrapAlgorithm alg)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • INTERNAL_TOKEN_NAME

        public static final java.lang.String INTERNAL_TOKEN_NAME
        See Also:
        Constant Field Values
      • INTERNAL_TOKEN_FULL_NAME

        public static final java.lang.String INTERNAL_TOKEN_FULL_NAME
        See Also:
        Constant Field Values
      • clientECCiphers

        public static final java.lang.Integer[] clientECCiphers
      • clientECCipherList

        public static java.util.List<java.lang.Integer> clientECCipherList
      • RSA_ENCRYPTION

        public static org.mozilla.jss.asn1.OBJECT_IDENTIFIER RSA_ENCRYPTION
    • Constructor Detail

      • CryptoUtil

        public CryptoUtil()
    • Method Detail

      • arraysEqual

        public static boolean arraysEqual​(byte[] bytes,
                                          byte[] ints)
      • isInternalToken

        public static boolean isInternalToken​(java.lang.String name)
      • getCryptoToken

        public static org.mozilla.jss.crypto.CryptoToken getCryptoToken​(java.lang.String name)
                                                                 throws org.mozilla.jss.NotInitializedException,
                                                                        org.mozilla.jss.NoSuchTokenException
        Retrieves handle to a crypto token.
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.NoSuchTokenException
      • getKeyStorageToken

        public static org.mozilla.jss.crypto.CryptoToken getKeyStorageToken​(java.lang.String name)
                                                                     throws org.mozilla.jss.NotInitializedException,
                                                                            org.mozilla.jss.NoSuchTokenException
        Retrieves handle to a key store token.
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.NoSuchTokenException
      • generateRSAKeyPair

        public static java.security.KeyPair generateRSAKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                                               int keysize)
                                                        throws java.lang.Exception
        Generates a RSA key pair.
        Throws:
        java.lang.Exception
      • generateRSAKeyPair

        public static java.security.KeyPair generateRSAKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                                               int keysize,
                                                               boolean temporary)
                                                        throws java.lang.Exception
        Throws:
        java.lang.Exception
      • isECCKey

        public static boolean isECCKey​(org.mozilla.jss.netscape.security.x509.X509Key key)
      • generateECCKeyPair

        public static java.security.KeyPair generateECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                                               int keysize)
                                                        throws org.mozilla.jss.NotInitializedException,
                                                               org.mozilla.jss.NoSuchTokenException,
                                                               java.security.NoSuchAlgorithmException,
                                                               org.mozilla.jss.crypto.TokenException
        Generates an ecc key pair.
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.NoSuchTokenException
        java.security.NoSuchAlgorithmException
        org.mozilla.jss.crypto.TokenException
      • generateECCKeyPair

        public static java.security.KeyPair generateECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                                               int keysize,
                                                               org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops,
                                                               org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask)
                                                        throws org.mozilla.jss.NotInitializedException,
                                                               org.mozilla.jss.NoSuchTokenException,
                                                               java.security.NoSuchAlgorithmException,
                                                               org.mozilla.jss.crypto.TokenException
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.NoSuchTokenException
        java.security.NoSuchAlgorithmException
        org.mozilla.jss.crypto.TokenException
      • generateECCKeyPair

        public static java.security.KeyPair generateECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                                               int keysize,
                                                               org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops,
                                                               org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask,
                                                               boolean temporary,
                                                               int sensitive,
                                                               int extractable)
                                                        throws org.mozilla.jss.NotInitializedException,
                                                               org.mozilla.jss.NoSuchTokenException,
                                                               java.security.NoSuchAlgorithmException,
                                                               org.mozilla.jss.crypto.TokenException
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.NoSuchTokenException
        java.security.NoSuchAlgorithmException
        org.mozilla.jss.crypto.TokenException
      • generateECCKeyPair

        public static java.security.KeyPair generateECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                                               java.lang.String curveName)
                                                        throws org.mozilla.jss.NotInitializedException,
                                                               org.mozilla.jss.NoSuchTokenException,
                                                               java.security.NoSuchAlgorithmException,
                                                               org.mozilla.jss.crypto.TokenException
        Generates an ecc key pair by curve name
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.NoSuchTokenException
        java.security.NoSuchAlgorithmException
        org.mozilla.jss.crypto.TokenException
      • generateECCKeyPair

        public static java.security.KeyPair generateECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                                               java.lang.String curveName,
                                                               org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops,
                                                               org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask)
                                                        throws org.mozilla.jss.NotInitializedException,
                                                               org.mozilla.jss.NoSuchTokenException,
                                                               java.security.NoSuchAlgorithmException,
                                                               org.mozilla.jss.crypto.TokenException
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.NoSuchTokenException
        java.security.NoSuchAlgorithmException
        org.mozilla.jss.crypto.TokenException
      • generateECCKeyPair

        public static java.security.KeyPair generateECCKeyPair​(org.mozilla.jss.crypto.CryptoToken token,
                                                               java.lang.String curveName,
                                                               org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops,
                                                               org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask,
                                                               boolean temporary,
                                                               int sensitive,
                                                               int extractable)
                                                        throws org.mozilla.jss.NotInitializedException,
                                                               org.mozilla.jss.NoSuchTokenException,
                                                               java.security.NoSuchAlgorithmException,
                                                               org.mozilla.jss.crypto.TokenException
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.NoSuchTokenException
        java.security.NoSuchAlgorithmException
        org.mozilla.jss.crypto.TokenException
      • boundSSLStreamVersionRange

        public static org.mozilla.jss.ssl.SSLVersionRange boundSSLStreamVersionRange​(org.mozilla.jss.ssl.SSLVersion min,
                                                                                     org.mozilla.jss.ssl.SSLVersion max)
                                                                              throws java.net.SocketException
        Throws:
        java.net.SocketException
      • boundSSLDatagramVersionRange

        public static org.mozilla.jss.ssl.SSLVersionRange boundSSLDatagramVersionRange​(org.mozilla.jss.ssl.SSLVersion min,
                                                                                       org.mozilla.jss.ssl.SSLVersion max)
                                                                                throws java.net.SocketException
        Throws:
        java.net.SocketException
      • setSSLStreamVersionRange

        public static void setSSLStreamVersionRange​(org.mozilla.jss.ssl.SSLVersion min,
                                                    org.mozilla.jss.ssl.SSLVersion max)
                                             throws java.net.SocketException
        Throws:
        java.net.SocketException
      • setSSLDatagramVersionRange

        public static void setSSLDatagramVersionRange​(org.mozilla.jss.ssl.SSLVersion min,
                                                      org.mozilla.jss.ssl.SSLVersion max)
                                               throws java.net.SocketException
        Throws:
        java.net.SocketException
      • setClientCiphers

        public static void setClientCiphers​(java.lang.String list)
                                     throws java.net.SocketException
        Throws:
        java.net.SocketException
      • setSSLCiphers

        public static void setSSLCiphers​(java.lang.String ciphers)
                                  throws java.net.SocketException
        Throws:
        java.net.SocketException
      • setSSLCipher

        public static void setSSLCipher​(java.lang.String name,
                                        boolean enabled)
                                 throws java.net.SocketException
        Throws:
        java.net.SocketException
      • setDefaultSSLCiphers

        public static void setDefaultSSLCiphers()
                                         throws java.net.SocketException
        Throws:
        java.net.SocketException
      • unsetSSLCiphers

        public static void unsetSSLCiphers()
                                    throws java.net.SocketException
        Throws:
        java.net.SocketException
      • getModulus

        public static byte[] getModulus​(java.security.PublicKey pubk)
      • getPublicExponent

        public static byte[] getPublicExponent​(java.security.PublicKey pubk)
      • base64Encode

        public static java.lang.String base64Encode​(byte[] bytes)
                                             throws java.io.IOException
        Throws:
        java.io.IOException
      • base64Decode

        public static byte[] base64Decode​(java.lang.String s)
                                   throws java.io.IOException
        Throws:
        java.io.IOException
      • reqFormat

        public static java.lang.String reqFormat​(java.lang.String content)
      • certFormat

        public static java.lang.String certFormat​(java.lang.String content)
      • stripCertBrackets

        public static java.lang.String stripCertBrackets​(java.lang.String s)
        strips out the begin and end certificate brackets
        Parameters:
        s - the string potentially bracketed with "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
        Returns:
        string without the brackets
      • normalizeCertAndReq

        public static java.lang.String normalizeCertAndReq​(java.lang.String s)
      • normalizeCertStr

        public static java.lang.String normalizeCertStr​(java.lang.String s)
      • sortCertificateChain

        public static java.security.cert.X509Certificate[] sortCertificateChain​(java.security.cert.X509Certificate[] certs)
                                                                         throws java.lang.Exception
        Sorts certificate chain from root to leaf. This method sorts an array of certificates (e.g. from a PKCS #7 data) that represents a certificate chain from root to leaf according to the subject DNs and issuer DNs. The input array is a set of certificates that are part of a chain but not in specific order. The result is a new array that contains the certificate chain sorted from root to leaf. The input array is unchanged.
        Parameters:
        certs - input array of certificates
        Returns:
        new array containing sorted certificates
        Throws:
        java.lang.Exception
      • sortCertificateChain

        public static java.security.cert.X509Certificate[] sortCertificateChain​(java.security.cert.X509Certificate[] certs,
                                                                                boolean reverse)
                                                                         throws java.lang.Exception
        Throws:
        java.lang.Exception
      • importPKCS7

        public static org.mozilla.jss.crypto.X509Certificate[] importPKCS7​(org.mozilla.jss.netscape.security.pkcs.PKCS7 pkcs7,
                                                                           java.lang.String nickname,
                                                                           java.lang.String trustFlags)
                                                                    throws java.lang.Exception
        Throws:
        java.lang.Exception
      • importPKCS7

        public static org.mozilla.jss.crypto.X509Certificate[] importPKCS7​(org.mozilla.jss.netscape.security.pkcs.PKCS7 pkcs7)
                                                                    throws java.lang.Exception
        Throws:
        java.lang.Exception
      • importCertificateChain

        public static void importCertificateChain​(byte[] bytes)
                                           throws java.lang.Exception
        Throws:
        java.lang.Exception
      • parseCRMFMsgs

        public static org.mozilla.jss.asn1.SEQUENCE parseCRMFMsgs​(byte[] cert_request)
                                                           throws java.io.IOException,
                                                                  org.mozilla.jss.asn1.InvalidBERException
        Throws:
        java.io.IOException
        org.mozilla.jss.asn1.InvalidBERException
      • getX509KeyFromCRMFMsgs

        public static org.mozilla.jss.netscape.security.x509.X509Key getX509KeyFromCRMFMsgs​(org.mozilla.jss.asn1.SEQUENCE crmfMsgs)
                                                                                     throws java.io.IOException,
                                                                                            java.security.NoSuchAlgorithmException,
                                                                                            java.security.InvalidKeyException,
                                                                                            org.mozilla.jss.crypto.InvalidKeyFormatException
        Throws:
        java.io.IOException
        java.security.NoSuchAlgorithmException
        java.security.InvalidKeyException
        org.mozilla.jss.crypto.InvalidKeyFormatException
      • getX509KeyFromCRMFMsg

        public static org.mozilla.jss.netscape.security.x509.X509Key getX509KeyFromCRMFMsg​(org.mozilla.jss.pkix.crmf.CertReqMsg crmfMsg)
                                                                                    throws java.io.IOException,
                                                                                           java.security.NoSuchAlgorithmException,
                                                                                           java.security.InvalidKeyException,
                                                                                           org.mozilla.jss.crypto.InvalidKeyFormatException
        Throws:
        java.io.IOException
        java.security.NoSuchAlgorithmException
        java.security.InvalidKeyException
        org.mozilla.jss.crypto.InvalidKeyFormatException
      • createX509Key

        public static org.mozilla.jss.netscape.security.x509.X509Key createX509Key​(java.security.PublicKey publicKey)
                                                                            throws java.security.InvalidKeyException
        Throws:
        java.security.InvalidKeyException
      • getSubjectName

        public static java.lang.String getSubjectName​(org.mozilla.jss.asn1.SEQUENCE crmfMsgs)
                                               throws java.io.IOException
        Throws:
        java.io.IOException
      • createX509CertInfo

        public static org.mozilla.jss.netscape.security.x509.X509CertInfo createX509CertInfo​(org.mozilla.jss.netscape.security.x509.X509Key x509key,
                                                                                             java.math.BigInteger serialno,
                                                                                             org.mozilla.jss.netscape.security.x509.CertificateIssuerName issuerName,
                                                                                             java.lang.String subjname,
                                                                                             java.util.Date notBefore,
                                                                                             java.util.Date notAfter,
                                                                                             java.lang.String alg)
                                                                                      throws java.io.IOException,
                                                                                             java.security.cert.CertificateException,
                                                                                             java.security.InvalidKeyException,
                                                                                             java.security.NoSuchAlgorithmException
        Creates a Certificate template.
        Throws:
        java.io.IOException
        java.security.cert.CertificateException
        java.security.InvalidKeyException
        java.security.NoSuchAlgorithmException
      • signECCCert

        public static org.mozilla.jss.netscape.security.x509.X509CertImpl signECCCert​(java.security.PrivateKey privateKey,
                                                                                      org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)
                                                                               throws org.mozilla.jss.NoSuchTokenException,
                                                                                      org.mozilla.jss.NotInitializedException,
                                                                                      java.security.NoSuchAlgorithmException,
                                                                                      org.mozilla.jss.NoSuchTokenException,
                                                                                      org.mozilla.jss.crypto.TokenException,
                                                                                      java.security.InvalidKeyException,
                                                                                      java.security.SignatureException,
                                                                                      java.io.IOException,
                                                                                      java.security.cert.CertificateException
        Throws:
        org.mozilla.jss.NoSuchTokenException
        org.mozilla.jss.NotInitializedException
        java.security.NoSuchAlgorithmException
        org.mozilla.jss.crypto.TokenException
        java.security.InvalidKeyException
        java.security.SignatureException
        java.io.IOException
        java.security.cert.CertificateException
      • signCert

        public static org.mozilla.jss.netscape.security.x509.X509CertImpl signCert​(java.security.PrivateKey privateKey,
                                                                                   org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo,
                                                                                   java.lang.String alg)
                                                                            throws org.mozilla.jss.NoSuchTokenException,
                                                                                   org.mozilla.jss.NotInitializedException,
                                                                                   java.security.NoSuchAlgorithmException,
                                                                                   org.mozilla.jss.NoSuchTokenException,
                                                                                   org.mozilla.jss.crypto.TokenException,
                                                                                   java.security.InvalidKeyException,
                                                                                   java.security.SignatureException,
                                                                                   java.io.IOException,
                                                                                   java.security.cert.CertificateException
        Signs certificate.
        Throws:
        org.mozilla.jss.NoSuchTokenException
        org.mozilla.jss.NotInitializedException
        java.security.NoSuchAlgorithmException
        org.mozilla.jss.crypto.TokenException
        java.security.InvalidKeyException
        java.security.SignatureException
        java.io.IOException
        java.security.cert.CertificateException
      • signCert

        public static org.mozilla.jss.netscape.security.x509.X509CertImpl signCert​(java.security.PrivateKey privateKey,
                                                                                   org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo,
                                                                                   org.mozilla.jss.crypto.SignatureAlgorithm sigAlg)
                                                                            throws org.mozilla.jss.NoSuchTokenException,
                                                                                   org.mozilla.jss.NotInitializedException,
                                                                                   java.security.NoSuchAlgorithmException,
                                                                                   org.mozilla.jss.NoSuchTokenException,
                                                                                   org.mozilla.jss.crypto.TokenException,
                                                                                   java.security.InvalidKeyException,
                                                                                   java.security.SignatureException,
                                                                                   java.io.IOException,
                                                                                   java.security.cert.CertificateException
        Throws:
        org.mozilla.jss.NoSuchTokenException
        org.mozilla.jss.NotInitializedException
        java.security.NoSuchAlgorithmException
        org.mozilla.jss.crypto.TokenException
        java.security.InvalidKeyException
        java.security.SignatureException
        java.io.IOException
        java.security.cert.CertificateException
      • createCertificationRequest

        public static org.mozilla.jss.netscape.security.pkcs.PKCS10 createCertificationRequest​(java.lang.String subjectName,
                                                                                               org.mozilla.jss.netscape.security.x509.X509Key pubk,
                                                                                               java.security.PrivateKey prik,
                                                                                               java.lang.String alg,
                                                                                               org.mozilla.jss.netscape.security.x509.Extensions exts)
                                                                                        throws java.security.NoSuchAlgorithmException,
                                                                                               java.security.NoSuchProviderException,
                                                                                               java.security.InvalidKeyException,
                                                                                               java.io.IOException,
                                                                                               java.security.cert.CertificateException,
                                                                                               java.security.SignatureException
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.NoSuchProviderException
        java.security.InvalidKeyException
        java.io.IOException
        java.security.cert.CertificateException
        java.security.SignatureException
      • createKeyIdentifier

        public static org.mozilla.jss.netscape.security.x509.KeyIdentifier createKeyIdentifier​(java.security.KeyPair keypair)
                                                                                        throws java.security.NoSuchAlgorithmException,
                                                                                               java.security.InvalidKeyException
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.InvalidKeyException
      • generateKeyIdentifier

        public static byte[] generateKeyIdentifier​(byte[] rawKey)
      • generateKeyIdentifier

        public static byte[] generateKeyIdentifier​(byte[] rawKey,
                                                   java.lang.String alg)
      • getSKIString

        public static java.lang.String getSKIString​(org.mozilla.jss.netscape.security.x509.X509CertImpl cert)
                                             throws java.io.IOException
        Throws:
        java.io.IOException
      • createCertificationRequest

        public static org.mozilla.jss.netscape.security.pkcs.PKCS10 createCertificationRequest​(java.lang.String subjectName,
                                                                                               java.security.KeyPair keyPair)
                                                                                        throws java.security.NoSuchAlgorithmException,
                                                                                               java.security.NoSuchProviderException,
                                                                                               java.security.InvalidKeyException,
                                                                                               java.io.IOException,
                                                                                               java.security.cert.CertificateException,
                                                                                               java.security.SignatureException
        Creates a PKCS#10 request.
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.NoSuchProviderException
        java.security.InvalidKeyException
        java.io.IOException
        java.security.cert.CertificateException
        java.security.SignatureException
      • createCertificationRequest

        public static org.mozilla.jss.netscape.security.pkcs.PKCS10 createCertificationRequest​(java.lang.String subjectName,
                                                                                               java.security.KeyPair keyPair,
                                                                                               java.lang.String alg)
                                                                                        throws java.security.NoSuchAlgorithmException,
                                                                                               java.security.NoSuchProviderException,
                                                                                               java.security.InvalidKeyException,
                                                                                               java.io.IOException,
                                                                                               java.security.cert.CertificateException,
                                                                                               java.security.SignatureException
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.NoSuchProviderException
        java.security.InvalidKeyException
        java.io.IOException
        java.security.cert.CertificateException
        java.security.SignatureException
      • getExtensionFromPKCS10

        public static org.mozilla.jss.netscape.security.x509.Extension getExtensionFromPKCS10​(org.mozilla.jss.netscape.security.pkcs.PKCS10 pkcs10,
                                                                                              java.lang.String extnName)
                                                                                       throws java.io.IOException,
                                                                                              java.security.cert.CertificateException
        Throws:
        java.io.IOException
        java.security.cert.CertificateException
      • getExtensionFromCertTemplate

        public static org.mozilla.jss.netscape.security.x509.Extension getExtensionFromCertTemplate​(org.mozilla.jss.pkix.crmf.CertTemplate certTemplate,
                                                                                                    org.mozilla.jss.netscape.security.util.ObjectIdentifier csOID)
      • unTrustCert

        public static void unTrustCert​(org.mozilla.jss.crypto.InternalCertificate cert)
      • trustCertByNickname

        public static void trustCertByNickname​(java.lang.String nickname)
                                        throws org.mozilla.jss.NotInitializedException,
                                               org.mozilla.jss.crypto.TokenException
        Trusts a certificate by nickname.
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.crypto.TokenException
      • trustCert

        public static void trustCert​(org.mozilla.jss.crypto.InternalCertificate cert)
        Trusts a certificate.
      • setTrustFlags

        public static void setTrustFlags​(org.mozilla.jss.crypto.X509Certificate cert,
                                         java.lang.String trustFlags)
                                  throws java.lang.Exception
        Throws:
        java.lang.Exception
      • trustCACert

        public static void trustCACert​(org.mozilla.jss.crypto.X509Certificate cert)
      • trustAuditSigningCert

        public static void trustAuditSigningCert​(org.mozilla.jss.crypto.X509Certificate cert)
      • isCertTrusted

        public static boolean isCertTrusted​(org.mozilla.jss.crypto.InternalCertificate cert)
        To certificate server point of view, SSL trust is what we referring.
      • isTrust

        public static boolean isTrust​(int flag)
      • generateKey

        public static org.mozilla.jss.crypto.SymmetricKey generateKey​(org.mozilla.jss.crypto.CryptoToken token,
                                                                      org.mozilla.jss.crypto.KeyGenAlgorithm alg,
                                                                      int keySize,
                                                                      org.mozilla.jss.crypto.SymmetricKey.Usage[] usages,
                                                                      boolean temporary)
                                                               throws java.lang.Exception
        Throws:
        java.lang.Exception
      • compare

        public static boolean compare​(byte[] src,
                                      byte[] dest)
        Compares 2 byte arrays to see if they are the same.
      • byte2string

        public static java.lang.String byte2string​(byte[] id)
        Converts any length byte array into a signed, variable-length hexadecimal number.
      • string2byte

        public static byte[] string2byte​(java.lang.String id)
        Converts a signed, variable-length hexadecimal number into a byte array, which may not be identical to the original byte array.
      • encodeKeyID

        public static java.lang.String encodeKeyID​(byte[] keyID)
        Converts NSS key ID from a 20 byte array into a signed, variable-length hexadecimal number (to maintain compatibility with byte2string()).
      • decodeKeyID

        public static byte[] decodeKeyID​(java.lang.String id)
        Converts NSS key ID from a signed, variable-length hexadecimal number into a 20 byte array, which will be identical to the original byte array.
      • hexString2Bytes

        public static byte[] hexString2Bytes​(java.lang.String string)
        Converts string containing pairs of characters in the range of '0' to '9', 'a' to 'f' to an array of bytes such that each pair of characters in the string represents an individual byte
      • bytesToChars

        public static char[] bytesToChars​(byte[] bytes)
      • charsToBytes

        public static byte[] charsToBytes​(char[] chars)
      • createPasswordFromBytes

        public static org.mozilla.jss.util.Password createPasswordFromBytes​(byte[] bytes)
        Create a jss Password object from a provided byte array.
      • findPrivateKeyFromID

        public static org.mozilla.jss.crypto.PrivateKey findPrivateKeyFromID​(byte[] id)
                                                                      throws org.mozilla.jss.NotInitializedException,
                                                                             org.mozilla.jss.crypto.TokenException
        Retrieves a private key from a unique key ID.
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.crypto.TokenException
      • getAllUserCerts

        public static org.mozilla.jss.netscape.security.x509.X509CertImpl[] getAllUserCerts()
                                                                                     throws org.mozilla.jss.NotInitializedException,
                                                                                            org.mozilla.jss.crypto.TokenException
        Retrieves all user certificates from all tokens.
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.crypto.TokenException
      • deletePrivateKey

        public static void deletePrivateKey​(org.mozilla.jss.crypto.PrivateKey prikey)
                                     throws org.mozilla.jss.NotInitializedException,
                                            org.mozilla.jss.crypto.TokenException
        Deletes a private key.
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.crypto.TokenException
      • getPrivateKey

        public static org.mozilla.jss.crypto.PrivateKey getPrivateKey​(java.lang.String nickname)
                                                               throws org.mozilla.jss.NotInitializedException,
                                                                      org.mozilla.jss.crypto.TokenException
        Retrieves a private key by nickname.
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.crypto.TokenException
      • deleteCertificates

        public static void deleteCertificates​(java.lang.String nickname)
                                       throws org.mozilla.jss.crypto.TokenException,
                                              org.mozilla.jss.crypto.ObjectNotFoundException,
                                              org.mozilla.jss.crypto.NoSuchItemOnTokenException,
                                              org.mozilla.jss.NotInitializedException
        Deletes all certificates by a nickname.
        Throws:
        org.mozilla.jss.crypto.TokenException
        org.mozilla.jss.crypto.ObjectNotFoundException
        org.mozilla.jss.crypto.NoSuchItemOnTokenException
        org.mozilla.jss.NotInitializedException
      • deleteUserCertificates

        public static void deleteUserCertificates​(java.lang.String nickname)
                                           throws org.mozilla.jss.NotInitializedException,
                                                  org.mozilla.jss.crypto.TokenException
        Deletes user certificates by a nickname.
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.crypto.TokenException
      • importUserCertificateChain

        public static org.mozilla.jss.crypto.X509Certificate importUserCertificateChain​(java.lang.String c,
                                                                                        java.lang.String nickname)
                                                                                 throws org.mozilla.jss.NotInitializedException,
                                                                                        org.mozilla.jss.NicknameConflictException,
                                                                                        org.mozilla.jss.UserCertConflictException,
                                                                                        org.mozilla.jss.crypto.NoSuchItemOnTokenException,
                                                                                        org.mozilla.jss.crypto.TokenException,
                                                                                        java.security.cert.CertificateEncodingException
        Imports a PKCS#7 certificate chain that includes the user certificate, and trusts the certificate.
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.NicknameConflictException
        org.mozilla.jss.UserCertConflictException
        org.mozilla.jss.crypto.NoSuchItemOnTokenException
        org.mozilla.jss.crypto.TokenException
        java.security.cert.CertificateEncodingException
      • importUserCertificate

        public static org.mozilla.jss.crypto.X509Certificate importUserCertificate​(byte[] bytes,
                                                                                   java.lang.String nickname)
                                                                            throws org.mozilla.jss.NotInitializedException,
                                                                                   java.security.cert.CertificateEncodingException,
                                                                                   org.mozilla.jss.crypto.NoSuchItemOnTokenException,
                                                                                   org.mozilla.jss.crypto.TokenException,
                                                                                   org.mozilla.jss.NicknameConflictException,
                                                                                   org.mozilla.jss.UserCertConflictException
        Imports a user certificate.
        Throws:
        org.mozilla.jss.NotInitializedException
        java.security.cert.CertificateEncodingException
        org.mozilla.jss.crypto.NoSuchItemOnTokenException
        org.mozilla.jss.crypto.TokenException
        org.mozilla.jss.NicknameConflictException
        org.mozilla.jss.UserCertConflictException
      • getX509CertificateFromPKCS7

        public static java.security.cert.X509Certificate[] getX509CertificateFromPKCS7​(byte[] b)
                                                                                throws java.io.IOException
        Throws:
        java.io.IOException
      • getNonceData

        public static byte[] getNonceData​(int size)
                                   throws java.security.GeneralSecurityException
        Generates a nonce_iv for padding.
        Throws:
        java.security.GeneralSecurityException
      • getRandomNumberGenerator

        public static java.security.SecureRandom getRandomNumberGenerator()
                                                                   throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException
      • obscureChars

        public static void obscureChars​(char[] memory)
      • obscureBytes

        public static void obscureBytes​(byte[] memory,
                                        java.lang.String method)
      • unwrapUsingPassphrase

        public static byte[] unwrapUsingPassphrase​(byte[] wrappedRecoveredKey,
                                                   java.lang.String recoveryPassphrase)
                                            throws java.io.IOException,
                                                   org.mozilla.jss.asn1.InvalidBERException,
                                                   java.security.InvalidKeyException,
                                                   java.lang.IllegalStateException,
                                                   java.security.NoSuchAlgorithmException,
                                                   java.security.InvalidAlgorithmParameterException,
                                                   org.mozilla.jss.NotInitializedException,
                                                   org.mozilla.jss.crypto.TokenException,
                                                   org.mozilla.jss.crypto.IllegalBlockSizeException,
                                                   javax.crypto.BadPaddingException
        Throws:
        java.io.IOException
        org.mozilla.jss.asn1.InvalidBERException
        java.security.InvalidKeyException
        java.lang.IllegalStateException
        java.security.NoSuchAlgorithmException
        java.security.InvalidAlgorithmParameterException
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.crypto.TokenException
        org.mozilla.jss.crypto.IllegalBlockSizeException
        javax.crypto.BadPaddingException
      • encryptSecret

        public static byte[] encryptSecret​(org.mozilla.jss.crypto.CryptoToken token,
                                           byte[] secret,
                                           org.mozilla.jss.crypto.IVParameterSpec iv,
                                           org.mozilla.jss.crypto.SymmetricKey key,
                                           org.mozilla.jss.crypto.EncryptionAlgorithm algorithm)
                                    throws java.security.NoSuchAlgorithmException,
                                           org.mozilla.jss.crypto.TokenException,
                                           java.security.InvalidKeyException,
                                           java.security.InvalidAlgorithmParameterException,
                                           org.mozilla.jss.crypto.IllegalBlockSizeException,
                                           javax.crypto.BadPaddingException
        Throws:
        java.security.NoSuchAlgorithmException
        org.mozilla.jss.crypto.TokenException
        java.security.InvalidKeyException
        java.security.InvalidAlgorithmParameterException
        org.mozilla.jss.crypto.IllegalBlockSizeException
        javax.crypto.BadPaddingException
      • wrapSymmetricKey

        public static byte[] wrapSymmetricKey​(org.mozilla.jss.crypto.CryptoToken token,
                                              java.security.PublicKey wrappingKey,
                                              org.mozilla.jss.crypto.SymmetricKey sk)
                                       throws java.lang.Exception
        Throws:
        java.lang.Exception
      • createPKIArchiveOptions

        public static org.mozilla.jss.pkix.crmf.PKIArchiveOptions createPKIArchiveOptions​(org.mozilla.jss.crypto.CryptoToken token,
                                                                                          java.security.PublicKey wrappingKey,
                                                                                          org.mozilla.jss.crypto.PrivateKey data,
                                                                                          org.mozilla.jss.netscape.security.util.WrappingParams params,
                                                                                          org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)
                                                                                   throws java.lang.Exception
        Throws:
        java.lang.Exception
      • createEncodedPKIArchiveOptions

        public static byte[] createEncodedPKIArchiveOptions​(org.mozilla.jss.crypto.CryptoToken token,
                                                            java.security.PublicKey wrappingKey,
                                                            org.mozilla.jss.crypto.PrivateKey data,
                                                            org.mozilla.jss.netscape.security.util.WrappingParams params,
                                                            org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)
                                                     throws java.lang.Exception
        Throws:
        java.lang.Exception
      • createEncodedPKIArchiveOptions

        public static byte[] createEncodedPKIArchiveOptions​(org.mozilla.jss.crypto.CryptoToken token,
                                                            java.security.PublicKey wrappingKey,
                                                            org.mozilla.jss.crypto.SymmetricKey data,
                                                            org.mozilla.jss.netscape.security.util.WrappingParams params,
                                                            org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)
                                                     throws java.lang.Exception
        Throws:
        java.lang.Exception
      • createPKIArchiveOptions

        public static org.mozilla.jss.pkix.crmf.PKIArchiveOptions createPKIArchiveOptions​(org.mozilla.jss.crypto.CryptoToken token,
                                                                                          java.security.PublicKey wrappingKey,
                                                                                          char[] data,
                                                                                          org.mozilla.jss.netscape.security.util.WrappingParams params,
                                                                                          org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)
                                                                                   throws java.lang.Exception
        Throws:
        java.lang.Exception
      • createEncodedPKIArchiveOptions

        public static byte[] createEncodedPKIArchiveOptions​(org.mozilla.jss.crypto.CryptoToken token,
                                                            java.security.PublicKey wrappingKey,
                                                            char[] data,
                                                            org.mozilla.jss.netscape.security.util.WrappingParams params,
                                                            org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)
                                                     throws java.lang.Exception
        Throws:
        java.lang.Exception
      • createPKIArchiveOptions

        public static org.mozilla.jss.pkix.crmf.PKIArchiveOptions createPKIArchiveOptions​(byte[] session_data,
                                                                                          byte[] key_data,
                                                                                          org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)
      • encodePKIArchiveOptions

        public static byte[] encodePKIArchiveOptions​(org.mozilla.jss.pkix.crmf.PKIArchiveOptions opts)
                                              throws java.lang.Exception
        Throws:
        java.lang.Exception
      • importPKIArchiveOptions

        public static org.mozilla.jss.crypto.PrivateKey importPKIArchiveOptions​(org.mozilla.jss.crypto.CryptoToken token,
                                                                                org.mozilla.jss.crypto.PrivateKey unwrappingKey,
                                                                                java.security.PublicKey pubkey,
                                                                                byte[] data)
                                                                         throws org.mozilla.jss.asn1.InvalidBERException,
                                                                                java.lang.Exception
        Throws:
        org.mozilla.jss.asn1.InvalidBERException
        java.lang.Exception
      • sharedSecretExists

        public static boolean sharedSecretExists​(java.lang.String nickname)
                                          throws org.mozilla.jss.NotInitializedException,
                                                 org.mozilla.jss.crypto.TokenException
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.crypto.TokenException
      • createSharedSecret

        public static void createSharedSecret​(java.lang.String nickname)
                                       throws org.mozilla.jss.NotInitializedException,
                                              org.mozilla.jss.crypto.TokenException
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.crypto.TokenException
      • deleteSharedSecret

        public static void deleteSharedSecret​(java.lang.String nickname)
                                       throws org.mozilla.jss.NotInitializedException,
                                              org.mozilla.jss.crypto.TokenException,
                                              java.security.InvalidKeyException
        Throws:
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.crypto.TokenException
        java.security.InvalidKeyException
      • createDes3SessionKeyOnInternal

        public static org.mozilla.jss.crypto.SymmetricKey createDes3SessionKeyOnInternal()
                                                                                  throws java.lang.Exception
        Throws:
        java.lang.Exception
      • exportSharedSecret

        public static java.util.List<byte[]> exportSharedSecret​(java.lang.String nickname,
                                                                java.security.cert.X509Certificate wrappingCert,
                                                                org.mozilla.jss.crypto.SymmetricKey wrappingKey)
                                                         throws java.lang.Exception
        Throws:
        java.lang.Exception
      • importSharedSecret

        public static void importSharedSecret​(byte[] wrappedSessionKey,
                                              byte[] wrappedSharedSecret,
                                              java.lang.String subsystemCertNickname,
                                              java.lang.String sharedSecretNickname)
                                       throws java.lang.Exception,
                                              org.mozilla.jss.NotInitializedException,
                                              org.mozilla.jss.crypto.TokenException,
                                              java.security.NoSuchAlgorithmException,
                                              org.mozilla.jss.crypto.ObjectNotFoundException,
                                              java.security.InvalidKeyException,
                                              java.security.InvalidAlgorithmParameterException,
                                              java.io.IOException
        Throws:
        java.lang.Exception
        org.mozilla.jss.NotInitializedException
        org.mozilla.jss.crypto.TokenException
        java.security.NoSuchAlgorithmException
        org.mozilla.jss.crypto.ObjectNotFoundException
        java.security.InvalidKeyException
        java.security.InvalidAlgorithmParameterException
        java.io.IOException
      • getSymKeyByName

        public static org.mozilla.jss.crypto.SymmetricKey getSymKeyByName​(org.mozilla.jss.crypto.CryptoToken token,
                                                                          java.lang.String name)
                                                                   throws java.lang.Exception
        Throws:
        java.lang.Exception
      • getECcurves

        public static java.lang.String[] getECcurves()
      • getECKeyCurve

        public static java.util.Vector<java.lang.String> getECKeyCurve​(org.mozilla.jss.netscape.security.x509.X509Key key)
                                                                throws java.lang.Exception
        Throws:
        java.lang.Exception
      • decryptUsingSymmetricKey

        public static byte[] decryptUsingSymmetricKey​(org.mozilla.jss.crypto.CryptoToken token,
                                                      org.mozilla.jss.crypto.IVParameterSpec ivspec,
                                                      byte[] encryptedData,
                                                      org.mozilla.jss.crypto.SymmetricKey wrappingKey,
                                                      org.mozilla.jss.crypto.EncryptionAlgorithm encryptionAlgorithm)
                                               throws java.lang.Exception
        Throws:
        java.lang.Exception
      • encryptUsingSymmetricKey

        public static byte[] encryptUsingSymmetricKey​(org.mozilla.jss.crypto.CryptoToken token,
                                                      org.mozilla.jss.crypto.SymmetricKey wrappingKey,
                                                      byte[] data,
                                                      org.mozilla.jss.crypto.EncryptionAlgorithm alg,
                                                      org.mozilla.jss.crypto.IVParameterSpec ivspec)
                                               throws java.lang.Exception
        Throws:
        java.lang.Exception
      • wrapUsingSymmetricKey

        public static byte[] wrapUsingSymmetricKey​(org.mozilla.jss.crypto.CryptoToken token,
                                                   org.mozilla.jss.crypto.SymmetricKey wrappingKey,
                                                   org.mozilla.jss.crypto.SymmetricKey data,
                                                   org.mozilla.jss.crypto.IVParameterSpec ivspec,
                                                   org.mozilla.jss.crypto.KeyWrapAlgorithm alg)
                                            throws java.lang.Exception
        Throws:
        java.lang.Exception
      • wrapUsingSymmetricKey

        public static byte[] wrapUsingSymmetricKey​(org.mozilla.jss.crypto.CryptoToken token,
                                                   org.mozilla.jss.crypto.SymmetricKey wrappingKey,
                                                   org.mozilla.jss.crypto.PrivateKey data,
                                                   org.mozilla.jss.crypto.IVParameterSpec ivspec,
                                                   org.mozilla.jss.crypto.KeyWrapAlgorithm alg)
                                            throws java.lang.Exception
        Throws:
        java.lang.Exception
      • wrapUsingPublicKey

        public static byte[] wrapUsingPublicKey​(org.mozilla.jss.crypto.CryptoToken token,
                                                java.security.PublicKey wrappingKey,
                                                org.mozilla.jss.crypto.SymmetricKey data,
                                                org.mozilla.jss.crypto.KeyWrapAlgorithm alg)
                                         throws java.lang.Exception
        Throws:
        java.lang.Exception
      • unwrap

        public static org.mozilla.jss.crypto.SymmetricKey unwrap​(org.mozilla.jss.crypto.CryptoToken token,
                                                                 org.mozilla.jss.crypto.SymmetricKey.Type keyType,
                                                                 int strength,
                                                                 org.mozilla.jss.crypto.SymmetricKey.Usage usage,
                                                                 org.mozilla.jss.crypto.SymmetricKey wrappingKey,
                                                                 byte[] wrappedData,
                                                                 org.mozilla.jss.crypto.KeyWrapAlgorithm wrapAlgorithm,
                                                                 org.mozilla.jss.crypto.IVParameterSpec wrappingIV)
                                                          throws java.lang.Exception
        Throws:
        java.lang.Exception
      • unwrap

        public static org.mozilla.jss.crypto.SymmetricKey unwrap​(org.mozilla.jss.crypto.CryptoToken token,
                                                                 org.mozilla.jss.crypto.SymmetricKey.Type keyType,
                                                                 int strength,
                                                                 org.mozilla.jss.crypto.SymmetricKey.Usage usage,
                                                                 org.mozilla.jss.crypto.PrivateKey wrappingKey,
                                                                 byte[] wrappedData,
                                                                 org.mozilla.jss.crypto.KeyWrapAlgorithm wrapAlgorithm)
                                                          throws java.lang.Exception
        Throws:
        java.lang.Exception
      • unwrap

        public static org.mozilla.jss.crypto.PrivateKey unwrap​(org.mozilla.jss.crypto.CryptoToken token,
                                                               java.security.PublicKey pubKey,
                                                               boolean temporary,
                                                               org.mozilla.jss.crypto.SymmetricKey wrappingKey,
                                                               byte[] wrappedData,
                                                               org.mozilla.jss.crypto.KeyWrapAlgorithm wrapAlgorithm,
                                                               org.mozilla.jss.crypto.IVParameterSpec wrapIV)
                                                        throws java.lang.Exception
        Throws:
        java.lang.Exception
      • createEnvelopedData

        public static org.mozilla.jss.pkix.cms.EnvelopedData createEnvelopedData​(byte[] encContent,
                                                                                 byte[] encSymKey)
                                                                          throws java.lang.Exception
        for CMC encryptedPOP
        Throws:
        java.lang.Exception
      • getDefaultHashAlgName

        public static java.lang.String getDefaultHashAlgName()
        The following are convenience routines for quick preliminary feature development or test programs that would just take the defaults
      • getDefaultHashAlg

        public static org.mozilla.jss.pkix.primitive.AlgorithmIdentifier getDefaultHashAlg()
                                                                                    throws java.lang.Exception
        Throws:
        java.lang.Exception
      • importHmacSha1Key

        public static java.security.Key importHmacSha1Key​(byte[] key)
                                                   throws java.lang.Exception
        importHmacSha1Key returns a key based on a byte array, which is originally a password. Used for the HMAC Digest algorithms.
        Parameters:
        key - the byte array representing the original password or secret.
        Returns:
        The JSS SymKey
        Throws:
        java.lang.Exception
      • getHMACtoMessageDigestName

        public static java.lang.String getHMACtoMessageDigestName​(java.lang.String name)
        maps from HMACAlgorithm name to FIPS 180-2 MessageDigest algorithm name
      • getHMACAlgorithmOID

        public static org.mozilla.jss.asn1.OBJECT_IDENTIFIER getHMACAlgorithmOID​(java.lang.String name)
                                                                          throws java.security.NoSuchAlgorithmException
        getHMACAlgorithmOID returns OID of the HMAC algorithm name
        Parameters:
        name - name of the HMAC algorithm
        Returns:
        OID of the HMAC algorithm
        Throws:
        java.security.NoSuchAlgorithmException
      • getHashAlgorithmOID

        public static org.mozilla.jss.asn1.OBJECT_IDENTIFIER getHashAlgorithmOID​(java.lang.String name)
                                                                          throws java.security.NoSuchAlgorithmException
        getHashAlgorithmOID returns OID of the hashing algorithm name
        Parameters:
        name - name of the hashing algorithm
        Returns:
        OID of the hashing algorithm
        Throws:
        java.security.NoSuchAlgorithmException
      • getNameFromHashAlgorithm

        public static java.lang.String getNameFromHashAlgorithm​(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier ai)
                                                         throws java.security.NoSuchAlgorithmException
        getNameFromHashAlgorithm returns the hashing algorithm name from input Algorithm
        Parameters:
        ai - the hashing algorithm AlgorithmIdentifier
        Returns:
        name of the hashing algorithm
        Throws:
        java.security.NoSuchAlgorithmException
      • getHMACAlgName

        public static java.lang.String getHMACAlgName​(java.lang.String name)
        Maps from HMACAlgorithm name to JSS Provider HMAC Alg name.
      • getOID

        public static org.mozilla.jss.asn1.OBJECT_IDENTIFIER getOID​(org.mozilla.jss.crypto.KeyWrapAlgorithm kwAlg)
                                                             throws java.security.NoSuchAlgorithmException
        Throws:
        java.security.NoSuchAlgorithmException
      • mapSignatureAlgorithmToInternalName

        public static java.lang.String mapSignatureAlgorithmToInternalName​(org.mozilla.jss.crypto.SignatureAlgorithm alg)
                                                                    throws java.security.NoSuchAlgorithmException
        Throws:
        java.security.NoSuchAlgorithmException