4320N/A * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * The Secmod class defines the interface to the native NSS 0N/A * library and the configuration information it stores in its 0N/A * Secmod secmod = Secmod.getInstance(); 0N/A * if (secmod.isInitialized() == false) { 0N/A * Provider p = secmod.getModule(ModuleType.KEYSTORE).getProvider(); 0N/A * KeyStore ks = KeyStore.getInstance("PKCS11", p); 0N/A * ks.load(null, password); 0N/A * @author Andreas Sterbenz 0N/A private final static boolean DEBUG =
false;
0N/A // handle to be passed to the native code, 0 means not initialized 0N/A // whether this is a supported version of NSS 0N/A // list of the modules 0N/A * Return the singleton Secmod instance. 0N/A * Test whether this Secmod has been initialized. Returns true 0N/A * if NSS has been initialized using either the initialize() method 0N/A * or by directly calling the native NSS APIs. The latter may be 0N/A * the case if the current process contains components that use 0N/A * @throws IOException if an incompatible version of NSS 0N/A // NSS does not allow us to check if it is initialized already 0N/A // assume that if it is loaded it is also initialized 0N/A (
"An incompatible version of NSS is already loaded, " 0N/A +
"3.7 or later required");
0N/A * Initialize this Secmod. 0N/A * @param configDir the directory containing the NSS configuration 0N/A * files such as secmod.db 0N/A * @param nssLibDir the directory containing the NSS libraries 0N/A * (libnss3.so or nss3.dll) or null if the library is on 0N/A * the system default shared library path 0N/A * @throws IOException if NSS has already been initialized, 0N/A * the specified directories are invalid, or initialization 0N/A * fails for any other reason 0N/A (
"The specified version of NSS is incompatible, " 0N/A +
"3.7 or later required");
0N/A * Return an immutable list of all available modules. 0N/A * @throws IllegalStateException if this Secmod is misconfigured 0N/A * or not initialized 0N/A // IOException if misconfigured 0N/A * Constants describing the different types of NSS modules. 0N/A * For this API, NSS modules are classified as either one 0N/A * of the internal modules delivered as part of NSS or 0N/A * as an external module provided by a 3rd party. 0N/A * The NSS Softtoken crypto module. This is the first 0N/A * slot of the softtoken object. 0N/A * This module provides 0N/A * implementations for cryptographic algorithms but no KeyStore. 0N/A * The NSS Softtoken KeyStore module. This is the second 0N/A * slot of the softtoken object. 0N/A * This module provides 0N/A * implementations for cryptographic algorithms (after login) 0N/A * The NSS Softtoken module in FIPS mode. Note that in FIPS mode the 0N/A * softtoken presents only one slot, not separate CRYPTO and KEYSTORE 0N/A * slots as in non-FIPS mode. 0N/A * The NSS builtin trust anchor module. This is the 0N/A * NSSCKBI object. It provides no crypto functions. 0N/A * An external module. 0N/A * Returns the first module of the specified type. If no such 0N/A * module exists, this method returns null. 0N/A * @throws IllegalStateException if this Secmod is misconfigured 0N/A * or not initialized 0N/A +
"slotListIndex = %d\n";
0N/A +
"name = \"NSS Trust Anchors\"\n" 0N/A +
"slotListIndex = 0\n" 0N/A +
"enabledMechanisms = { KeyStore }\n" 0N/A +
"nssUseSecmodTrust = true\n";
0N/A +
"name = \"NSS SoftToken Crypto\"\n" 0N/A +
"slotListIndex = 0\n" 0N/A +
"disabledMechanisms = { KeyStore }\n";
0N/A +
"name = \"NSS SoftToken KeyStore\"\n" 0N/A +
"slotListIndex = 1\n" 0N/A +
"nssUseSecmodTrust = true\n";
0N/A +
"name = \"NSS FIPS SoftToken\"\n" 0N/A +
"slotListIndex = 0\n" 0N/A +
"nssUseSecmodTrust = true\n";
0N/A * A representation of one PKCS#11 slot in a PKCS#11 module. 4320N/A // path of the native library 0N/A // descriptive name used by NSS 0N/A // trust attributes. Used for the KEYSTORE and TRUSTANCHOR modules only 0N/A // must be softtoken 0N/A (
"Slot index should be 0 for FIPS slot");
0N/A * Get the configuration for this module. This is a string 0N/A * in the SunPKCS11 configuration format. It can be 0N/A * customized with additional options and then made 0N/A * current using the setConfiguration() method. 0N/A * Set the configuration for this module. 0N/A * @throws IllegalStateException if the associated provider 0N/A * instance has already been created. 0N/A * Return the pathname of the native library that implements 0N/A * Returns the type of this module. 0N/A * Returns the provider instance that is associated with this 0N/A * module. The first call to this method creates the provider 0N/A // does it already have the correct trust settings? 0N/A // XXX not yet implemented 0N/A // If provider is not set, create a temporary provider to 0N/A // retrieve the trust information. This can happen if we need 0N/A // to get the trust information for the trustanchor module 0N/A // because we need to look for user customized settings in the 0N/A // keystore module (which may not have a provider created yet). 0N/A // Creating a temporary provider and then dropping it on the 0N/A // floor immediately is flawed, but it's the best we can do 0N/A synchronized (
this) {
0N/A * Constants representing NSS trust categories. 0N/A /** Trusted for all purposes */ 0N/A /** Trusted for SSL client authentication */ 0N/A /** Trusted for SSL server authentication */ 0N/A /** Trusted for code signing */ 0N/A /** Trusted for email protection */ 0N/A * A LoadStoreParameter for use with the NSS Softtoken or 0N/A * NSS TrustAnchor KeyStores. 0N/A * It allows the set of trusted certificates that are returned by 0N/A * the KeyStore to be specified. 0N/A // XXX use KeyStore TrustType settings to determine which 0N/A // attributes to set 0N/A // XXX per PKCS#11 spec, the serial number should be in ASN.1 0N/A // trust anchor module does not support this attribute