public final Class Secmod

extends Object
Class Inheritance
Imports*, java.util.*,*,*,,*

The Secmod class defines the interface to the native NSS library and the configuration information it stores in its secmod.db file.

Example code:

  Secmod secmod = Secmod.getInstance();
  if (secmod.isInitialized() == false) {

  Provider p = secmod.getModule(ModuleType.KEYSTORE).getProvider();
  KeyStore ks = KeyStore.getInstance("PKCS11", p);
  ks.load(null, password);
Andreas Sterbenz

Nested and Inner Type Summary

Modifier and TypeClass and Description
private static class
public static enum
public static class

A LoadStoreParameter for use with the NSS Softtoken or NSS TrustAnchor KeyStores.

public static class

A representation of one PKCS#11 slot in a PKCS#11 module.

public static enum

Constants describing the different types of NSS modules.

pack-priv static class
public static enum

Constants representing NSS trust categories.

Field Summary

Modifier and TypeField and Description
private String
private static final boolean
private static final int
private static final Secmod
private List<Secmod.Module>
private static final int
private static final String
private long
private String
private static final int
private static final String
private boolean
pack-priv static final String
pack-priv static final String
pack-priv static final String
pack-priv static final String
pack-priv static final String
private static final String

Constructor Summary

AccessConstructor and Description

Method Summary

Modifier and TypeMethod and Description
private void
pack-priv String
private static byte[]
getDigest(X509Certificate cert, String algorithm)

public static Secmod

Return the singleton Secmod instance.

pack-priv String
public Secmod.Module
getModule(Secmod.ModuleType type)

Returns the first module of the specified type.

public synchronized List<Secmod.Module>

Return an immutable list of all available modules.

private Secmod.TrustAttributes
private static Map<Secmod.Bytes, Secmod.TrustAttributes>
getTrust(SunPKCS11 provider)

public void
the directory containing the NSS configuration files such as secmod.db
the directory containing the NSS libraries ( or nss3.dll) or null if the library is on the system default shared library path

Initialize this Secmod.

public void
initialize(Secmod.DbMode dbMode, String configDir, String nssLibDir)

public synchronized void
initialize(Secmod.DbMode dbMode, String configDir, String nssLibDir, boolean nssOptimizeSpace)

public synchronized boolean

Test whether this Secmod has been initialized.

private boolean
pack-priv boolean
private static native long
private static native Object
nssGetModuleList(long handle, String libDir)

private static native boolean
nssInitialize(String functionName, long handle, String configDir, boolean nssOptimizeSpace)

private static native long
private static native boolean
nssVersionCheck(long handle, String minVersion)

Field Detail

configDir
private String configDir
DEBUG
private static final boolean DEBUG
FIPS_SLOT_ID
private static final int FIPS_SLOT_ID
INSTANCE
private static final Secmod INSTANCE
modules
private List<Secmod.Module> modules
NETSCAPE_SLOT_ID
private static final int NETSCAPE_SLOT_ID
NSS_LIB_NAME
private static final String NSS_LIB_NAME
nssHandle
private long nssHandle
nssLibDir
private String nssLibDir
PRIVATE_KEY_SLOT_ID
private static final int PRIVATE_KEY_SLOT_ID
SOFTTOKEN_LIB_NAME
private static final String SOFTTOKEN_LIB_NAME
supported
private boolean supported
TEMPLATE_CRYPTO
pack-priv static final String TEMPLATE_CRYPTO
TEMPLATE_EXTERNAL
pack-priv static final String TEMPLATE_EXTERNAL
TEMPLATE_FIPS
pack-priv static final String TEMPLATE_FIPS
TEMPLATE_KEYSTORE
pack-priv static final String TEMPLATE_KEYSTORE
pack-priv static final String TEMPLATE_TRUSTANCHOR
TRUST_LIB_NAME
private static final String TRUST_LIB_NAME

Constructor Detail

Secmod
private Secmod()

Method Detail

fetchVersions
private void fetchVersions()
getConfigDir
pack-priv String getConfigDir()
getDigest
private static byte[] getDigest(X509Certificate cert, String algorithm)
getInstance
public static Secmod getInstance()

Return the singleton Secmod instance.

getLibDir
pack-priv String getLibDir()
getModule
public Secmod.Module getModule(Secmod.ModuleType type)

Returns the first module of the specified type. If no such module exists, this method returns null.

if this Secmod is misconfigured or not initialized
getModules
public synchronized List<Secmod.Module> getModules()

Return an immutable list of all available modules.

if this Secmod is misconfigured or not initialized
getModuleTrust
private Secmod.TrustAttributes getModuleTrust(Secmod.ModuleType type, Secmod.Bytes bytes)
getTrust
private static Map<Secmod.Bytes, Secmod.TrustAttributes> getTrust(SunPKCS11 provider) throws PKCS11Exception
initialize
public void initialize(String configDir, String nssLibDir) throws IOException

Initialize this Secmod.


the directory containing the NSS configuration files such as secmod.db


the directory containing the NSS libraries ( or nss3.dll) or null if the library is on the system default shared library path

if NSS has already been initialized, the specified directories are invalid, or initialization fails for any other reason
initialize
public void initialize(Secmod.DbMode dbMode, String configDir, String nssLibDir) throws IOException
initialize
public synchronized void initialize(Secmod.DbMode dbMode, String configDir, String nssLibDir, boolean nssOptimizeSpace) throws IOException
isInitialized
public synchronized boolean isInitialized() throws IOException

Test whether this Secmod has been initialized. Returns true if NSS has been initialized using either the initialize() method or by directly calling the native NSS APIs. The latter may be the case if the current process contains components that use NSS directly.

if an incompatible version of NSS has been loaded
isLoaded
private boolean isLoaded()
isTrusted
pack-priv boolean isTrusted(X509Certificate cert, Secmod.TrustType trustType)
nssGetLibraryHandle
private static native long nssGetLibraryHandle(String libraryName)
nssGetModuleList
private static native Object nssGetModuleList(long handle, String libDir)
nssInitialize
private static native boolean nssInitialize(String functionName, long handle, String configDir, boolean nssOptimizeSpace)
nssLoadLibrary
private static native long nssLoadLibrary(String name) throws IOException
nssVersionCheck
private static native boolean nssVersionCheck(long handle, String minVersion) back to summary

private Class Secmod.Bytes

extends Object
Class Inheritance

Field Summary

Modifier and TypeField and Description
pack-priv final byte[]

Constructor Summary

AccessConstructor and Description
Bytes(byte[] b)

Method Summary

Modifier and TypeMethod and Description
public boolean
the reference object with which to compare.

Overrides java.lang.Object.equals.

Indicates whether some other object is "equal to" this one.

public int

Overrides java.lang.Object.hashCode.

Returns a hash code value for this object.

Field Detail

b
pack-priv final byte[] b

Constructor Detail

Bytes
pack-priv Bytes(byte[] b)

Method Detail

equals
public boolean equals(Object o)

Overrides java.lang.Object.equals.

Doc from java.lang.Object.equals.

Indicates whether some other object is "equal to" this one.

The equals method implements an equivalence relation on non-null object references:

  • It is reflexive: for any non-null reference value x, x.equals(x) should return true.
  • It is symmetric: for any non-null reference values x and y, x.equals(y) should return true if and only if y.equals(x) returns true.
  • It is transitive: for any non-null reference values x, y, and z, if x.equals(y) returns true and y.equals(z) returns true, then x.equals(z) should return true.
  • It is consistent: for any non-null reference values x and y, multiple invocations of x.equals(y) consistently return true or consistently return false, provided no information used in equals comparisons on the objects is modified.
  • For any non-null reference value x, x.equals(null) should return false.

An equivalence relation partitions the elements it operates on into equivalence classes; all the members of an equivalence class are equal to each other. Members of an equivalence class are substitutable for each other, at least for some purposes.


the reference object with which to compare.


true if this object is the same as the obj argument; false otherwise.

hashCode
public int hashCode()

Overrides java.lang.Object.hashCode.

Doc from java.lang.Object.hashCode.

Returns a hash code value for this object. This method is supported for the benefit of hash tables such as those provided by java.util.HashMap.

The general contract of hashCode is:

  • Whenever it is invoked on the same object more than once during an execution of a Java application, the hashCode method must consistently return the same integer, provided no information used in equals comparisons on the object is modified. This integer need not remain consistent from one execution of an application to another execution of the same application.
  • If two objects are equal according to the equals method, then calling the hashCode method on each of the two objects must produce the same integer result.
  • It is not required that if two objects are unequal according to the equals method, then calling the hashCode method on each of the two objects must produce distinct integer results. However, the programmer should be aware that producing distinct integer results for unequal objects may improve the performance of hash tables.

a hash code value for this object back to summary

public final Enum Secmod.DbMode

extends Enum<Secmod.DbMode>
Class Inheritance

Field Summary

Modifier and TypeField and Description
pack-priv final String
public static final Secmod.DbMode
public static final Secmod.DbMode
public static final Secmod.DbMode

Constructor Summary

AccessConstructor and Description
DbMode(String functionName)

Method Summary

Modifier and TypeMethod and Description
public static Secmod.DbMode
public static Secmod.DbMode[]
Field Detail

functionName
pack-priv final String functionName
NO_DB
public static final Secmod.DbMode NO_DB
READ_ONLY
public static final Secmod.DbMode READ_ONLY
READ_WRITE
public static final Secmod.DbMode READ_WRITE

Constructor Detail

DbMode
private DbMode(String functionName)

Method Detail

valueOf
public static Secmod.DbMode valueOf(String name)
values
public static Secmod.DbMode[] values() back to summary

public final Class Secmod.KeyStoreLoadParameter

extends Object
implements LoadStoreParameter
Class Inheritance
All Implemented Interfaces

A LoadStoreParameter for use with the NSS Softtoken or NSS TrustAnchor KeyStores.

It allows the set of trusted certificates that are returned by the KeyStore to be specified.

Field Summary

Modifier and TypeField and Description
pack-priv final KeyStore.ProtectionParameter
pack-priv final Secmod.TrustType

Constructor Summary

AccessConstructor and Description
KeyStoreLoadParameter(Secmod.TrustType trustType, char[] password)


Method Summary

Modifier and TypeMethod and Description
public KeyStore.ProtectionParameter


Gets the parameter used to protect keystore data.

public Secmod.TrustType
Field Detail

protection
pack-priv final KeyStore.ProtectionParameter protection
trustType
pack-priv final Secmod.TrustType trustType

Constructor Detail

KeyStoreLoadParameter
public KeyStoreLoadParameter(Secmod.TrustType trustType, char[] password)
KeyStoreLoadParameter
public KeyStoreLoadParameter(Secmod.TrustType trustType, KeyStore.ProtectionParameter prot)

Method Detail

getProtectionParameter
public KeyStore.ProtectionParameter getProtectionParameter()


Doc from

Gets the parameter used to protect keystore data.


the parameter used to protect keystore data, or null

getTrustType
public Secmod.TrustType getTrustType() back to summary

public final Class Secmod.Module

extends Object
Class Inheritance

A representation of one PKCS#11 slot in a PKCS#11 module.

Field Summary

Modifier and TypeField and Description
pack-priv final String
private String
pack-priv final String
private SunPKCS11
pack-priv final int
private Map<Secmod.Bytes, Secmod.TrustAttributes>
pack-priv final Secmod.ModuleType

Constructor Summary

AccessConstructor and Description
Module(String libraryDir, String libraryName, String commonName, int slotIndex, int slotId)

Method Summary

Modifier and TypeMethod and Description
public synchronized String

Get the configuration for this module.

public String

Return the pathname of the native library that implements this module.

public synchronized Provider

Returns the provider instance that is associated with this module.

pack-priv Secmod.TrustAttributes
public Secmod.ModuleType

Returns the type of this module.

pack-priv synchronized boolean
private void
private SunPKCS11
public synchronized void
setConfiguration(String config)

Set the configuration for this module.

pack-priv void
pack-priv synchronized void
public String

Overrides java.lang.Object.toString.

Returns a string representation of the object.

Field Detail

commonName
pack-priv final String commonName
config
private String config
libraryName
pack-priv final String libraryName
provider
private SunPKCS11 provider
slot
pack-priv final int slot
trust
private Map<Secmod.Bytes, Secmod.TrustAttributes> trust
type
pack-priv final Secmod.ModuleType type

Constructor Detail

Module
pack-priv Module(String libraryDir, String libraryName, String commonName, int slotIndex, int slotId)

Method Detail

getConfiguration
public synchronized String getConfiguration()


Get the configuration for this module. This is a string in the SunPKCS11 configuration format. It can be customized with additional options and then made current using the setConfiguration() method.

getLibraryName
public String getLibraryName()

Return the pathname of the native library that implements this module. For example, /usr/lib/

getProvider
public synchronized Provider getProvider()


Returns the provider instance that is associated with this module. The first call to this method creates the provider instance.

getTrust
pack-priv Secmod.TrustAttributes getTrust(Secmod.Bytes hash)
getType
public Secmod.ModuleType getType()

Returns the type of this module.

hasInitializedProvider
pack-priv synchronized boolean hasInitializedProvider()
initConfiguration
private void initConfiguration()
newProvider
private SunPKCS11 newProvider()
setConfiguration
public synchronized void setConfiguration(String config)


Set the configuration for this module.

if the associated provider instance has already been created.
setProvider
pack-priv void setProvider(SunPKCS11 p)
setTrust
pack-priv synchronized void setTrust(Token token, X509Certificate cert)
toString
public String toString()

Overrides java.lang.Object.toString.

Doc from java.lang.Object.toString.

Returns a string representation of the object.


a string representation of the object back to summary

public final Enum Secmod.ModuleType

extends Enum<Secmod.ModuleType>
Class Inheritance

Constants describing the different types of NSS modules. For this API, NSS modules are classified as either one of the internal modules delivered as part of NSS or as an external module provided by a 3rd party.

Field Summary

Modifier and TypeField and Description
public static final Secmod.ModuleType

The NSS Softtoken crypto module.

public static final Secmod.ModuleType

An external module.

public static final Secmod.ModuleType

The NSS Softtoken module in FIPS mode.

public static final Secmod.ModuleType

The NSS Softtoken KeyStore module.

public static final Secmod.ModuleType

The NSS builtin trust anchor module.

Constructor Summary

AccessConstructor and Description

Method Summary

Modifier and TypeMethod and Description
public static Secmod.ModuleType
public static Secmod.ModuleType[]
Field Detail

CRYPTO
public static final Secmod.ModuleType CRYPTO

The NSS Softtoken crypto module. This is the first slot of the softtoken object. This module provides implementations for cryptographic algorithms but no KeyStore.

EXTERNAL
public static final Secmod.ModuleType EXTERNAL

An external module.

FIPS
public static final Secmod.ModuleType FIPS

The NSS Softtoken module in FIPS mode. Note that in FIPS mode the softtoken presents only one slot, not separate CRYPTO and KEYSTORE slots as in non-FIPS mode.

KEYSTORE
public static final Secmod.ModuleType KEYSTORE

The NSS Softtoken KeyStore module. This is the second slot of the softtoken object. This module provides implementations for cryptographic algorithms (after login) and the KeyStore.

TRUSTANCHOR
public static final Secmod.ModuleType TRUSTANCHOR

The NSS builtin trust anchor module. This is the NSSCKBI object. It provides no crypto functions.

Constructor Detail

ModuleType
private ModuleType()

Method Detail

valueOf
public static Secmod.ModuleType valueOf(String name)
values
public static Secmod.ModuleType[] values() back to summary

pack-priv Class Secmod.TrustAttributes

extends Object
Class Inheritance

Field Summary

Modifier and TypeField and Description
pack-priv final long
pack-priv final long
pack-priv final long
pack-priv final long
pack-priv final long
pack-priv final byte[]

Constructor Summary

AccessConstructor and Description
TrustAttributes(Token token, X509Certificate cert, Secmod.Bytes bytes, long trustValue)

TrustAttributes(Token token, Session session, long handle)

Method Summary

Modifier and TypeMethod and Description
pack-priv Secmod.Bytes
pack-priv boolean
private boolean
isTrusted(long l)

Field Detail

clientAuth
pack-priv final long clientAuth
codeSigning
pack-priv final long codeSigning
emailProtection
pack-priv final long emailProtection
handle
pack-priv final long handle
serverAuth
pack-priv final long serverAuth
shaHash
pack-priv final byte[] shaHash

Constructor Detail

TrustAttributes
pack-priv TrustAttributes(Token token, X509Certificate cert, Secmod.Bytes bytes, long trustValue)
TrustAttributes
pack-priv TrustAttributes(Token token, Session session, long handle) throws PKCS11Exception

Method Detail

getHash
pack-priv Secmod.Bytes getHash()
isTrusted
pack-priv boolean isTrusted(Secmod.TrustType type)
isTrusted
private boolean isTrusted(long l) back to summary

public final Enum Secmod.TrustType

extends Enum<Secmod.TrustType>
Class Inheritance

Constants representing NSS trust categories.

Field Summary

Modifier and TypeField and Description
public static final Secmod.TrustType

Trusted for all purposes

public static final Secmod.TrustType

Trusted for SSL client authentication

public static final Secmod.TrustType

Trusted for code signing

public static final Secmod.TrustType

Trusted for email protection

public static final Secmod.TrustType

Trusted for SSL server authentication

Constructor Summary

AccessConstructor and Description

Method Summary

Modifier and TypeMethod and Description
public static Secmod.TrustType
public static Secmod.TrustType[]
Field Detail

ALL
public static final Secmod.TrustType ALL

Trusted for all purposes

CLIENT_AUTH
public static final Secmod.TrustType CLIENT_AUTH

Trusted for SSL client authentication

CODE_SIGNING
public static final Secmod.TrustType CODE_SIGNING

Trusted for code signing

EMAIL_PROTECTION
public static final Secmod.TrustType EMAIL_PROTECTION

Trusted for email protection

SERVER_AUTH
public static final Secmod.TrustType SERVER_AUTH

Trusted for SSL server authentication

Constructor Detail

TrustType
private TrustType()

Method Detail

valueOf
public static Secmod.TrustType valueOf(String name)
values
public static Secmod.TrustType[] values()