Top Description Inners Fields Constructors Methods
sun.security.pkcs11

public final Class Secmod

extends Object
Class Inheritance
Imports
java.io.*, java.util.*, java.security.*, java.security.KeyStore.*, java.security.cert.X509Certificate, sun.security.pkcs11.wrapper.*
The Secmod class defines the interface to the native NSS library and the configuration information it stores in its secmod.db file.

Example code: 

  Secmod secmod = Secmod.getInstance();
  if (secmod.isInitialized() == false) {
      secmod.initialize("/home/myself/.mozilla");
  }

  Provider p = secmod.getModule(ModuleType.KEYSTORE).getProvider();
  KeyStore ks = KeyStore.getInstance("PKCS11", p);
  ks.load(null, password);
Author
Andreas Sterbenz
Since
1.6

Nested and Inner Type Summary

Modifier and TypeClass and Description
private static class
Secmod.Bytes

public static enum
Secmod.DbMode

public static class
Secmod.KeyStoreLoadParameter

A LoadStoreParameter for use with the NSS Softtoken or NSS TrustAnchor KeyStores.

public static class
Secmod.Module

A representation of one PKCS#11 slot in a PKCS#11 module.

public static enum
Secmod.ModuleType

Constants describing the different types of NSS modules.

pack-priv static class
Secmod.TrustAttributes

public static enum
Secmod.TrustType

Constants representing NSS trust categories.

Field Summary

Modifier and TypeField and Description
private String
configDir

private static final boolean
DEBUG

private static final int
FIPS_SLOT_ID

private static final Secmod
INSTANCE

private List<Secmod.Module>
modules

private static final int
NETSCAPE_SLOT_ID

private static final String
NSS_LIB_NAME

private long
nssHandle

private String
nssLibDir

private static final int
PRIVATE_KEY_SLOT_ID

private static final String
SOFTTOKEN_LIB_NAME

private boolean
supported

pack-priv static final String
TEMPLATE_CRYPTO

pack-priv static final String
TEMPLATE_EXTERNAL

pack-priv static final String
TEMPLATE_FIPS

pack-priv static final String
TEMPLATE_KEYSTORE

pack-priv static final String
TEMPLATE_TRUSTANCHOR

private static final String
TRUST_LIB_NAME

Constructor Summary

AccessConstructor and Description
private
Secmod()

Method Summary

Modifier and TypeMethod and Description
private void
fetchVersions()

pack-priv String
getConfigDir()

private static byte[]
getDigest(X509Certificate cert, String algorithm)

public static Secmod
getInstance()

Return the singleton Secmod instance.

pack-priv String
getLibDir()

public Secmod.Module
getModule(Secmod.ModuleType type)

Returns the first module of the specified type.

public synchronized List<Secmod.Module>
getModules()

Return an immutable list of all available modules.

private Secmod.TrustAttributes
getModuleTrust(Secmod.ModuleType type, Secmod.Bytes bytes)

private static Map<Secmod.Bytes, Secmod.TrustAttributes>
getTrust(SunPKCS11 provider)

public void
initialize(String
the directory containing the NSS configuration files such as secmod.db
configDir, String
the directory containing the NSS libraries (libnss3.so or nss3.dll) or null if the library is on the system default shared library path
nssLibDir)

Initialize this Secmod.

public void
initialize(Secmod.DbMode dbMode, String configDir, String nssLibDir)

public synchronized void
initialize(Secmod.DbMode dbMode, String configDir, String nssLibDir, boolean nssOptimizeSpace)

public synchronized boolean
isInitialized()

Test whether this Secmod has been initialized.

private boolean
isLoaded()

pack-priv boolean
isTrusted(X509Certificate cert, Secmod.TrustType trustType)

private static native long
nssGetLibraryHandle(String libraryName)

private static native Object
nssGetModuleList(long handle, String libDir)

private static native boolean
nssInitialize(String functionName, long handle, String configDir, boolean nssOptimizeSpace)

private static native long
nssLoadLibrary(String name)

private static native boolean
nssVersionCheck(long handle, String minVersion)

Inherited from java.lang.Object:
cloneequalsfinalizegetClasshashCodenotifynotifyAlltoStringwaitwaitwait

Field Detail

configDirback to summary
private String configDir
DEBUGback to summary
private static final boolean DEBUG
FIPS_SLOT_IDback to summary
private static final int FIPS_SLOT_ID
INSTANCEback to summary
private static final Secmod INSTANCE
modulesback to summary
private List<Secmod.Module> modules
NETSCAPE_SLOT_IDback to summary
private static final int NETSCAPE_SLOT_ID
NSS_LIB_NAMEback to summary
private static final String NSS_LIB_NAME
nssHandleback to summary
private long nssHandle
nssLibDirback to summary
private String nssLibDir
PRIVATE_KEY_SLOT_IDback to summary
private static final int PRIVATE_KEY_SLOT_ID
SOFTTOKEN_LIB_NAMEback to summary
private static final String SOFTTOKEN_LIB_NAME
supportedback to summary
private boolean supported
TEMPLATE_CRYPTOback to summary
pack-priv static final String TEMPLATE_CRYPTO
TEMPLATE_EXTERNALback to summary
pack-priv static final String TEMPLATE_EXTERNAL
TEMPLATE_FIPSback to summary
pack-priv static final String TEMPLATE_FIPS
TEMPLATE_KEYSTOREback to summary
pack-priv static final String TEMPLATE_KEYSTORE
TEMPLATE_TRUSTANCHORback to summary
pack-priv static final String TEMPLATE_TRUSTANCHOR
TRUST_LIB_NAMEback to summary
private static final String TRUST_LIB_NAME

Constructor Detail

Secmodback to summary
private Secmod()

Method Detail

fetchVersionsback to summary
private void fetchVersions()
getConfigDirback to summary
pack-priv String getConfigDir()
getDigestback to summary
private static byte[] getDigest(X509Certificate cert, String algorithm)
getInstanceback to summary
public static Secmod getInstance()

Return the singleton Secmod instance.

getLibDirback to summary
pack-priv String getLibDir()
getModuleback to summary
public Secmod.Module getModule(Secmod.ModuleType type)

Returns the first module of the specified type. If no such module exists, this method returns null.

Exceptions
IllegalStateException:
if this Secmod is misconfigured or not initialized
getModulesback to summary
public synchronized List<Secmod.Module> getModules()

Return an immutable list of all available modules.

Exceptions
IllegalStateException:
if this Secmod is misconfigured or not initialized
getModuleTrustback to summary
private Secmod.TrustAttributes getModuleTrust(Secmod.ModuleType type, Secmod.Bytes bytes)
getTrustback to summary
private static Map<Secmod.Bytes, Secmod.TrustAttributes> getTrust(SunPKCS11 provider) throws PKCS11Exception
initializeback to summary
public void initialize(String configDir, String nssLibDir) throws IOException

Initialize this Secmod.

Parameters
configDir:String

the directory containing the NSS configuration files such as secmod.db

nssLibDir:String

the directory containing the NSS libraries (libnss3.so or nss3.dll) or null if the library is on the system default shared library path

Exceptions
IOException:
if NSS has already been initialized, the specified directories are invalid, or initialization fails for any other reason
initializeback to summary
public void initialize(Secmod.DbMode dbMode, String configDir, String nssLibDir) throws IOException
initializeback to summary
public synchronized void initialize(Secmod.DbMode dbMode, String configDir, String nssLibDir, boolean nssOptimizeSpace) throws IOException
isInitializedback to summary
public synchronized boolean isInitialized() throws IOException

Test whether this Secmod has been initialized. Returns true if NSS has been initialized using either the initialize() method or by directly calling the native NSS APIs. The latter may be the case if the current process contains components that use NSS directly.

Exceptions
IOException:
if an incompatible version of NSS has been loaded
isLoadedback to summary
private boolean isLoaded()
isTrustedback to summary
pack-priv boolean isTrusted(X509Certificate cert, Secmod.TrustType trustType)
nssGetLibraryHandleback to summary
private static native long nssGetLibraryHandle(String libraryName)
nssGetModuleListback to summary
private static native Object nssGetModuleList(long handle, String libDir)
nssInitializeback to summary
private static native boolean nssInitialize(String functionName, long handle, String configDir, boolean nssOptimizeSpace)
nssLoadLibraryback to summary
private static native long nssLoadLibrary(String name) throws IOException
nssVersionCheckback to summary
private static native boolean nssVersionCheck(long handle, String minVersion)
sun.security.pkcs11 back to summary

private Class Secmod.Bytes

extends Object
Class Inheritance

Field Summary

Modifier and TypeField and Description
pack-priv final byte[]
b

Constructor Summary

AccessConstructor and Description
pack-priv
Bytes(byte[] b)

Method Summary

Modifier and TypeMethod and Description
public boolean
equals(Object
the reference object with which to compare.
o)

Overrides java.lang.Object.equals.

Indicates whether some other object is "equal to" this one.

public int
hashCode()

Overrides java.lang.Object.hashCode.

Returns a hash code value for this object.

Inherited from java.lang.Object:
clonefinalizegetClassnotifynotifyAlltoStringwaitwaitwait

Field Detail

bback to summary
pack-priv final byte[] b

Constructor Detail

Bytesback to summary
pack-priv Bytes(byte[] b)

Method Detail

equalsback to summary
public boolean equals(Object o)

Overrides java.lang.Object.equals.

Doc from java.lang.Object.equals.

Indicates whether some other object is "equal to" this one.

The equals method implements an equivalence relation on non-null object references:

  • It is reflexive: for any non-null reference value x, x.equals(x) should return true.
  • It is symmetric: for any non-null reference values x and y, x.equals(y) should return true if and only if y.equals(x) returns true.
  • It is transitive: for any non-null reference values x, y, and z, if x.equals(y) returns true and y.equals(z) returns true, then x.equals(z) should return true.
  • It is consistent: for any non-null reference values x and y, multiple invocations of x.equals(y) consistently return true or consistently return false, provided no information used in equals comparisons on the objects is modified.
  • For any non-null reference value x, x.equals(null) should return false.

An equivalence relation partitions the elements it operates on into equivalence classes; all the members of an equivalence class are equal to each other. Members of an equivalence class are substitutable for each other, at least for some purposes.

Parameters
o:Object

the reference object with which to compare.

Returns:boolean

true if this object is the same as the obj argument; false otherwise.

hashCodeback to summary
public int hashCode()

Overrides java.lang.Object.hashCode.

Doc from java.lang.Object.hashCode.

Returns a hash code value for this object. This method is supported for the benefit of hash tables such as those provided by java.util.HashMap.

The general contract of hashCode is:

  • Whenever it is invoked on the same object more than once during an execution of a Java application, the hashCode method must consistently return the same integer, provided no information used in equals comparisons on the object is modified. This integer need not remain consistent from one execution of an application to another execution of the same application.
  • If two objects are equal according to the equals method, then calling the hashCode method on each of the two objects must produce the same integer result.
  • It is not required that if two objects are unequal according to the equals method, then calling the hashCode method on each of the two objects must produce distinct integer results. However, the programmer should be aware that producing distinct integer results for unequal objects may improve the performance of hash tables.
Returns:int

a hash code value for this object

sun.security.pkcs11 back to summary

public final Enum Secmod.DbMode

extends Enum<Secmod.DbMode>
Class Inheritance

Field Summary

Modifier and TypeField and Description
pack-priv final String
functionName

public static final Secmod.DbMode
NO_DB

public static final Secmod.DbMode
READ_ONLY

public static final Secmod.DbMode
READ_WRITE

Constructor Summary

AccessConstructor and Description
private
DbMode(String functionName)

Method Summary

Modifier and TypeMethod and Description
public static Secmod.DbMode
valueOf(String name)

public static Secmod.DbMode[]
values()

Inherited from java.lang.Enum:
clonecompareTodescribeConstableequalsfinalizegetDeclaringClasshashCodenameordinaltoStringvalueOf

Field Detail

functionNameback to summary
pack-priv final String functionName
NO_DBback to summary
public static final Secmod.DbMode NO_DB
READ_ONLYback to summary
public static final Secmod.DbMode READ_ONLY
READ_WRITEback to summary
public static final Secmod.DbMode READ_WRITE

Constructor Detail

DbModeback to summary
private DbMode(String functionName)

Method Detail

valueOfback to summary
public static Secmod.DbMode valueOf(String name)
valuesback to summary
public static Secmod.DbMode[] values()
sun.security.pkcs11 back to summary

public final Class Secmod.KeyStoreLoadParameter

extends Object
implements LoadStoreParameter
Class Inheritance
All Implemented Interfaces
java.security.KeyStore.LoadStoreParameter
A LoadStoreParameter for use with the NSS Softtoken or NSS TrustAnchor KeyStores.

It allows the set of trusted certificates that are returned by the KeyStore to be specified.

Field Summary

Modifier and TypeField and Description
pack-priv final KeyStore.ProtectionParameter
protection

pack-priv final Secmod.TrustType
trustType

Constructor Summary

AccessConstructor and Description
public
KeyStoreLoadParameter(Secmod.TrustType trustType, char[] password)

public
KeyStoreLoadParameter(Secmod.TrustType trustType, KeyStore.ProtectionParameter prot)

Method Summary

Modifier and TypeMethod and Description
public KeyStore.ProtectionParameter
getProtectionParameter()

Implements java.security.KeyStore.LoadStoreParameter.getProtectionParameter.

Gets the parameter used to protect keystore data.

public Secmod.TrustType
getTrustType()

Inherited from java.lang.Object:
cloneequalsfinalizegetClasshashCodenotifynotifyAlltoStringwaitwaitwait

Field Detail

protectionback to summary
pack-priv final KeyStore.ProtectionParameter protection
trustTypeback to summary
pack-priv final Secmod.TrustType trustType

Constructor Detail

KeyStoreLoadParameterback to summary
public KeyStoreLoadParameter(Secmod.TrustType trustType, char[] password)
KeyStoreLoadParameterback to summary
public KeyStoreLoadParameter(Secmod.TrustType trustType, KeyStore.ProtectionParameter prot)

Method Detail

getProtectionParameterback to summary
public KeyStore.ProtectionParameter getProtectionParameter()

Implements java.security.KeyStore.LoadStoreParameter.getProtectionParameter.

Doc from java.security.KeyStore.LoadStoreParameter.getProtectionParameter.

Gets the parameter used to protect keystore data.

Returns:KeyStore.ProtectionParameter

the parameter used to protect keystore data, or null

getTrustTypeback to summary
public Secmod.TrustType getTrustType()
sun.security.pkcs11 back to summary

public final Class Secmod.Module

extends Object
Class Inheritance
A representation of one PKCS#11 slot in a PKCS#11 module.

Field Summary

Modifier and TypeField and Description
pack-priv final String
commonName

private String
config

pack-priv final String
libraryName

private SunPKCS11
provider

pack-priv final int
slot

private Map<Secmod.Bytes, Secmod.TrustAttributes>
trust

pack-priv final Secmod.ModuleType
type

Constructor Summary

AccessConstructor and Description
pack-priv
Module(String libraryDir, String libraryName, String commonName, int slotIndex, int slotId)

Method Summary

Modifier and TypeMethod and Description
public synchronized String
getConfiguration()
Deprecated

Get the configuration for this module.

public String
getLibraryName()

Return the pathname of the native library that implements this module.

public synchronized Provider
getProvider()
Deprecated

Returns the provider instance that is associated with this module.

pack-priv Secmod.TrustAttributes
getTrust(Secmod.Bytes hash)

public Secmod.ModuleType
getType()

Returns the type of this module.

pack-priv synchronized boolean
hasInitializedProvider()

private void
initConfiguration()

private SunPKCS11
newProvider()

public synchronized void
setConfiguration(String config)
Deprecated

Set the configuration for this module.

pack-priv void
setProvider(SunPKCS11 p)

pack-priv synchronized void
setTrust(Token token, X509Certificate cert)

public String
toString()

Overrides java.lang.Object.toString.

Returns a string representation of the object.

Inherited from java.lang.Object:
cloneequalsfinalizegetClasshashCodenotifynotifyAllwaitwaitwait

Field Detail

commonNameback to summary
pack-priv final String commonName
configback to summary
private String config
libraryNameback to summary
pack-priv final String libraryName
providerback to summary
private SunPKCS11 provider
slotback to summary
pack-priv final int slot
trustback to summary
private Map<Secmod.Bytes, Secmod.TrustAttributes> trust
typeback to summary
pack-priv final Secmod.ModuleType type

Constructor Detail

Moduleback to summary
pack-priv Module(String libraryDir, String libraryName, String commonName, int slotIndex, int slotId)

Method Detail

getConfigurationback to summary
public synchronized String getConfiguration()

Deprecated

Get the configuration for this module. This is a string in the SunPKCS11 configuration format. It can be customized with additional options and then made current using the setConfiguration() method.

Annotations
@Deprecated
getLibraryNameback to summary
public String getLibraryName()

Return the pathname of the native library that implements this module. For example, /usr/lib/libpkcs11.so.

getProviderback to summary
public synchronized Provider getProvider()

Deprecated

Returns the provider instance that is associated with this module. The first call to this method creates the provider instance.

Annotations
@Deprecated
getTrustback to summary
pack-priv Secmod.TrustAttributes getTrust(Secmod.Bytes hash)
getTypeback to summary
public Secmod.ModuleType getType()

Returns the type of this module.

hasInitializedProviderback to summary
pack-priv synchronized boolean hasInitializedProvider()
initConfigurationback to summary
private void initConfiguration()
newProviderback to summary
private SunPKCS11 newProvider()
setConfigurationback to summary
public synchronized void setConfiguration(String config)

Deprecated

Set the configuration for this module.

Annotations
@Deprecated
Exceptions
IllegalStateException:
if the associated provider instance has already been created.
setProviderback to summary
pack-priv void setProvider(SunPKCS11 p)
setTrustback to summary
pack-priv synchronized void setTrust(Token token, X509Certificate cert)
toStringback to summary
public String toString()

Overrides java.lang.Object.toString.

Doc from java.lang.Object.toString.

Returns a string representation of the object. Satisfying this method's contract implies a non-null result must be returned.

Returns:String

a string representation of the object

sun.security.pkcs11 back to summary

public final Enum Secmod.ModuleType

extends Enum<Secmod.ModuleType>
Class Inheritance
Constants describing the different types of NSS modules. For this API, NSS modules are classified as either one of the internal modules delivered as part of NSS or as an external module provided by a 3rd party.

Field Summary

Modifier and TypeField and Description
public static final Secmod.ModuleType
CRYPTO

The NSS Softtoken crypto module.

public static final Secmod.ModuleType
EXTERNAL

An external module.

public static final Secmod.ModuleType
FIPS

The NSS Softtoken module in FIPS mode.

public static final Secmod.ModuleType
KEYSTORE

The NSS Softtoken KeyStore module.

public static final Secmod.ModuleType
TRUSTANCHOR

The NSS builtin trust anchor module.

Constructor Summary

AccessConstructor and Description
private
ModuleType()

Method Summary

Modifier and TypeMethod and Description
public static Secmod.ModuleType
valueOf(String name)

public static Secmod.ModuleType[]
values()

Inherited from java.lang.Enum:
clonecompareTodescribeConstableequalsfinalizegetDeclaringClasshashCodenameordinaltoStringvalueOf

Field Detail

CRYPTOback to summary
public static final Secmod.ModuleType CRYPTO

The NSS Softtoken crypto module. This is the first slot of the softtoken object. This module provides implementations for cryptographic algorithms but no KeyStore.

EXTERNALback to summary
public static final Secmod.ModuleType EXTERNAL

An external module.

FIPSback to summary
public static final Secmod.ModuleType FIPS

The NSS Softtoken module in FIPS mode. Note that in FIPS mode the softtoken presents only one slot, not separate CRYPTO and KEYSTORE slots as in non-FIPS mode.

KEYSTOREback to summary
public static final Secmod.ModuleType KEYSTORE

The NSS Softtoken KeyStore module. This is the second slot of the softtoken object. This module provides implementations for cryptographic algorithms (after login) and the KeyStore.

TRUSTANCHORback to summary
public static final Secmod.ModuleType TRUSTANCHOR

The NSS builtin trust anchor module. This is the NSSCKBI object. It provides no crypto functions.

Constructor Detail

ModuleTypeback to summary
private ModuleType()

Method Detail

valueOfback to summary
public static Secmod.ModuleType valueOf(String name)
valuesback to summary
public static Secmod.ModuleType[] values()
sun.security.pkcs11 back to summary

pack-priv Class Secmod.TrustAttributes

extends Object
Class Inheritance

Field Summary

Modifier and TypeField and Description
pack-priv final long
clientAuth

pack-priv final long
codeSigning

pack-priv final long
emailProtection

pack-priv final long
handle

pack-priv final long
serverAuth

pack-priv final byte[]
shaHash

Constructor Summary

AccessConstructor and Description
pack-priv
TrustAttributes(Token token, X509Certificate cert, Secmod.Bytes bytes, long trustValue)

pack-priv
TrustAttributes(Token token, Session session, long handle)

Method Summary

Modifier and TypeMethod and Description
pack-priv Secmod.Bytes
getHash()

pack-priv boolean
isTrusted(Secmod.TrustType type)

private boolean
isTrusted(long l)

Inherited from java.lang.Object:
cloneequalsfinalizegetClasshashCodenotifynotifyAlltoStringwaitwaitwait

Field Detail

clientAuthback to summary
pack-priv final long clientAuth
codeSigningback to summary
pack-priv final long codeSigning
emailProtectionback to summary
pack-priv final long emailProtection
handleback to summary
pack-priv final long handle
serverAuthback to summary
pack-priv final long serverAuth
shaHashback to summary
pack-priv final byte[] shaHash

Constructor Detail

TrustAttributesback to summary
pack-priv TrustAttributes(Token token, X509Certificate cert, Secmod.Bytes bytes, long trustValue)
TrustAttributesback to summary
pack-priv TrustAttributes(Token token, Session session, long handle) throws PKCS11Exception

Method Detail

getHashback to summary
pack-priv Secmod.Bytes getHash()
isTrustedback to summary
pack-priv boolean isTrusted(Secmod.TrustType type)
isTrustedback to summary
private boolean isTrusted(long l)
sun.security.pkcs11 back to summary

public final Enum Secmod.TrustType

extends Enum<Secmod.TrustType>
Class Inheritance
Constants representing NSS trust categories.

Field Summary

Modifier and TypeField and Description
public static final Secmod.TrustType
ALL

Trusted for all purposes

public static final Secmod.TrustType
CLIENT_AUTH

Trusted for SSL client authentication

public static final Secmod.TrustType
CODE_SIGNING

Trusted for code signing

public static final Secmod.TrustType
EMAIL_PROTECTION

Trusted for email protection

public static final Secmod.TrustType
SERVER_AUTH

Trusted for SSL server authentication

Constructor Summary

AccessConstructor and Description
private
TrustType()

Method Summary

Modifier and TypeMethod and Description
public static Secmod.TrustType
valueOf(String name)

public static Secmod.TrustType[]
values()

Inherited from java.lang.Enum:
clonecompareTodescribeConstableequalsfinalizegetDeclaringClasshashCodenameordinaltoStringvalueOf

Field Detail

ALLback to summary
public static final Secmod.TrustType ALL

Trusted for all purposes

CLIENT_AUTHback to summary
public static final Secmod.TrustType CLIENT_AUTH

Trusted for SSL client authentication

CODE_SIGNINGback to summary
public static final Secmod.TrustType CODE_SIGNING

Trusted for code signing

EMAIL_PROTECTIONback to summary
public static final Secmod.TrustType EMAIL_PROTECTION

Trusted for email protection

SERVER_AUTHback to summary
public static final Secmod.TrustType SERVER_AUTH

Trusted for SSL server authentication

Constructor Detail

TrustTypeback to summary
private TrustType()

Method Detail

valueOfback to summary
public static Secmod.TrustType valueOf(String name)
valuesback to summary
public static Secmod.TrustType[] values()