public final class InitializationValues
extends java.lang.Object
Modifier and Type | Class and Description |
---|---|
static class |
InitializationValues.FIPSMode
This class enumerates the possible modes for FIPS compliance.
|
Modifier and Type | Field and Description |
---|---|
java.lang.String |
certPrefix |
java.lang.String |
configDir |
boolean |
cooperate
Sets 4 recommended options for applications that
use both NSS and the Java SunPKCS11 provider.
|
InitializationValues.FIPSMode |
fipsMode
The FIPS mode of the security library.
|
boolean |
forceOpen
Continue to force initializations even if the
databases cannot be opened.
|
boolean |
initializeJavaOnly
If
true , none of the underlying NSS components will
be initialized. |
boolean |
installJSSProvider
Install the JSS crypto provider.
|
boolean |
installJSSProviderFirst
Whether or not to initialize the JSS provider first.
|
java.lang.String |
keyPrefix |
int |
LIBRARY_LENGTH
Library description must be this length exactly.
|
int |
MANUFACTURER_LENGTH
ManufacturerID must be this length exactly.
|
boolean |
noCertDB
Don't open the cert DB and key DB's, just
initialize the volatile certdb.
|
boolean |
noModDB
Don't open the security module DB,
just initialize the PKCS #11 module.
|
boolean |
noPK11Finalize
never call C_Finalize on any
PKCS#11 module.
|
boolean |
noRootInit
Don't try to look for the root certs module
automatically.
|
boolean |
ocspCheckingEnabled
To have NSS check the OCSP responder for when verifying
certificates, set this flags to true.
|
java.lang.String |
ocspResponderCertNickname
The nickname of the cert to trust (expected) to
sign the OCSP responses.
|
java.lang.String |
ocspResponderURL
Specify the location and cert of the responder.
|
boolean |
optimizeSpace
Use smaller tables and caches.
|
PasswordCallback |
passwordCallback
The password callback to be used by JSS whenever a password
is needed.
|
boolean |
PK11Reload
Init PK11Reload to ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED
error when loading PKCS#11 modules.
|
boolean |
PK11ThreadSafe
only load PKCS#11 modules that are
thread-safe, ie. that support locking - either OS
locking or NSS-provided locks .
|
boolean |
PKIXVerify
Enable PKIX verify rather than the old cert library,
to verify certificates.
|
boolean |
readOnly
To open the databases in read-only mode, set this flag to
true . |
boolean |
removeSunProvider
Remove the Sun crypto provider.
|
java.lang.String |
secmodName |
int |
SLOT_LENGTH
Slot names must be this length exactly.
|
int |
TOKEN_LENGTH
Token names must be this length exactly.
|
Modifier | Constructor and Description |
---|---|
protected |
InitializationValues() |
|
InitializationValues(java.lang.String configDir) |
|
InitializationValues(java.lang.String configDir,
java.lang.String certPrefix,
java.lang.String keyPrefix,
java.lang.String secmodName) |
Modifier and Type | Method and Description |
---|---|
java.lang.String |
getFIPSKeyStorageSlotDescription()
Returns the description of the internal PKCS #11 FIPS
Key Storage slot.
|
java.lang.String |
getFIPSSlotDescription()
Returns the description of the internal PKCS #11 FIPS slot.
|
java.lang.String |
getInternalKeyStorageSlotDescription()
Returns the description of the internal PKCS #11 key storage slot.
|
java.lang.String |
getInternalKeyStorageTokenDescription()
Returns the description of the internal PKCS #11 key storage token.
|
java.lang.String |
getInternalSlotDescription()
Returns the description of the internal PKCS #11 slot.
|
java.lang.String |
getInternalTokenDescription()
Returns the description of the internal PKCS #11 token.
|
java.lang.String |
getLibraryDescription()
Returns the description of the internal PKCS #11 module.
|
java.lang.String |
getManufacturerID()
Returns the Manufacturer ID of the internal PKCS #11 module.
|
void |
setFIPSKeyStorageSlotDescription(java.lang.String s)
Sets the description of the internal PKCS #11 FIPS Key Storage slot.
|
void |
setFIPSSlotDescription(java.lang.String s)
Sets the description of the internal PKCS #11 FIPS slot.
|
void |
setInternalKeyStorageSlotDescription(java.lang.String s)
Sets the description of the internal PKCS #11 key storage slot.
|
void |
setInternalKeyStorageTokenDescription(java.lang.String s)
Sets the description of the internal PKCS #11 key storage token.
|
void |
setInternalSlotDescription(java.lang.String s)
Sets the description of the internal PKCS #11 slot.
|
void |
setInternalTokenDescription(java.lang.String s)
Sets the description of the internal PKCS #11 token.
|
void |
setLibraryDescription(java.lang.String s)
Sets the description of the internal PKCS #11 module.
|
void |
setManufacturerID(java.lang.String s)
Sets the Manufacturer ID of the internal PKCS #11 module.
|
public final int TOKEN_LENGTH
public final int SLOT_LENGTH
public final int MANUFACTURER_LENGTH
public final int LIBRARY_LENGTH
public java.lang.String configDir
public java.lang.String certPrefix
public java.lang.String keyPrefix
public java.lang.String secmodName
public PasswordCallback passwordCallback
CryptoToken.login
.
The default is a ConsolePasswordCallback
.
public InitializationValues.FIPSMode fipsMode
FIPSMode.UNCHANGED
, since only
Admin Server is supposed to alter this value.
The default is FIPSMode.UNCHANGED
.
public boolean readOnly
true
. The default is false
, meaning
the databases are opened in read-write mode.public boolean ocspCheckingEnabled
public java.lang.String ocspResponderURL
public java.lang.String ocspResponderCertNickname
public boolean installJSSProvider
public boolean removeSunProvider
public boolean installJSSProviderFirst
public boolean initializeJavaOnly
true
, none of the underlying NSS components will
be initialized. Only the Java portions of JSS will be
initialized. This should only be used if NSS has been initialized
elsewhere.
Specifically, the following components will not be
configured by CryptoManager.initialize
if this flag is set:
The default is false
.
public boolean PKIXVerify
public boolean noCertDB
public boolean noModDB
public boolean forceOpen
public boolean noRootInit
public boolean optimizeSpace
public boolean PK11ThreadSafe
public boolean PK11Reload
public boolean noPK11Finalize
public boolean cooperate
protected InitializationValues()
public InitializationValues(java.lang.String configDir)
public InitializationValues(java.lang.String configDir, java.lang.String certPrefix, java.lang.String keyPrefix, java.lang.String secmodName)
public java.lang.String getManufacturerID()
The default is "mozilla.org "
.
public void setManufacturerID(java.lang.String s) throws InvalidLengthException
MANUFACTURER_LENGTH
characters long.s
- Manufacturer ID.InvalidLengthException
- If s.length()
is not
exactly MANUFACTURER_LENGTH
.public java.lang.String getLibraryDescription()
The default is "Internal Crypto Services "
.
public void setLibraryDescription(java.lang.String s) throws InvalidLengthException
LIBRARY_LENGTH
characters long.s
- Library description.InvalidLengthException
- If s.length()
is
not exactly LIBRARY_LENGTH
.public java.lang.String getInternalTokenDescription()
The default is "Internal Crypto Services Token "
.
public void setInternalTokenDescription(java.lang.String s) throws InvalidLengthException
TOKEN_LENGTH
characters long.s
- Description of internal PKCS #11 token.InvalidLengthException
- If s.length()
is
not exactly TOKEN_LENGTH
.public java.lang.String getInternalKeyStorageTokenDescription()
The default is "Internal Key Storage Token "
.
public void setInternalKeyStorageTokenDescription(java.lang.String s) throws InvalidLengthException
TOKEN_LENGTH
characters long.s
- Description of internal PKCS #11 key storage token.InvalidLengthException
- If s.length()
is
not exactly TOKEN_LENGTH
.public java.lang.String getInternalSlotDescription()
The default is "NSS Internal Cryptographic Services "
.
public void setInternalSlotDescription(java.lang.String s) throws InvalidLengthException
SLOT_LENGTH
characters
long.s
- Description of internal PKCS #11 slot.InvalidLengthException
- If s.length()
is
not exactly SLOT_LENGTH
.public java.lang.String getInternalKeyStorageSlotDescription()
The default is "NSS Internal Private Key and Certificate Storage "
.
public void setInternalKeyStorageSlotDescription(java.lang.String s) throws InvalidLengthException
SLOT_LENGTH
characters
long.s
- Description of internal PKCS #11 key storage slot.InvalidLengthException
- If s.length()
is
not exactly SLOT_LENGTH
.public java.lang.String getFIPSSlotDescription()
The default is
"NSS FIPS 140-2 User Private Key Services"
.
public void setFIPSSlotDescription(java.lang.String s) throws InvalidLengthException
SLOT_LENGTH
characters
long.s
- Description of internal PKCS #11 FIPS slot.InvalidLengthException
- If s.length()
is
not exactly SLOT_LENGTH
.public java.lang.String getFIPSKeyStorageSlotDescription()
The default is
"NSS FIPS 140-2 User Private Key Services"
.
public void setFIPSKeyStorageSlotDescription(java.lang.String s) throws InvalidLengthException
SLOT_LENGTH
characters
long.s
- Description of internal PKCS #11 FIPS key storage slot.InvalidLengthException
- If s.length()
is
not exactly SLOT_LENGTH
.