Class InitializationValues

java.lang.Object
org.mozilla.jss.InitializationValues

public final class InitializationValues extends Object
The various options that can be used to initialize CryptoManager.
  • Field Details

    • TOKEN_LENGTH

      public final int TOKEN_LENGTH
      Token names must be this length exactly.
      See Also:
    • SLOT_LENGTH

      public final int SLOT_LENGTH
      Slot names must be this length exactly.
      See Also:
    • MANUFACTURER_LENGTH

      public final int MANUFACTURER_LENGTH
      ManufacturerID must be this length exactly.
      See Also:
    • LIBRARY_LENGTH

      public final int LIBRARY_LENGTH
      Library description must be this length exactly.
      See Also:
    • configDir

      public String configDir
    • certPrefix

      public String certPrefix
    • keyPrefix

      public String keyPrefix
    • secmodName

      public String secmodName
    • passwordCallback

      public PasswordCallback passwordCallback
      The password callback to be used by JSS whenever a password is needed. May be NULL, in which the library will immediately fail to get a password if it tries to login automatically while performing a cryptographic operation. It will still work if the token has been manually logged in with CryptoToken.login.

      The default is a ConsolePasswordCallback.

    • fipsMode

      The FIPS mode of the security library. Servers should use FIPSMode.UNCHANGED, since only Admin Server is supposed to alter this value.

      The default is FIPSMode.UNCHANGED.

    • readOnly

      public boolean readOnly
      To open the databases in read-only mode, set this flag to true. The default is false, meaning the databases are opened in read-write mode.
    • initializeContext

      public boolean initializeContext
    • manufacturerID

      private String manufacturerID
    • libraryDescription

      private String libraryDescription
    • internalTokenDescription

      private String internalTokenDescription
    • internalKeyStorageTokenDescription

      private String internalKeyStorageTokenDescription
    • internalSlotDescription

      private String internalSlotDescription
    • internalKeyStorageSlotDescription

      private String internalKeyStorageSlotDescription
    • FIPSSlotDescription

      private String FIPSSlotDescription
    • FIPSKeyStorageSlotDescription

      private String FIPSKeyStorageSlotDescription
    • ocspCheckingEnabled

      public boolean ocspCheckingEnabled
      To have NSS check the OCSP responder for when verifying certificates, set this flags to true. It is false by default.
    • ocspResponderURL

      public String ocspResponderURL
      Specify the location and cert of the responder. If OCSP checking is enabled *and* this variable is set to some URL, all OCSP checking will be done via this URL. If this variable is null, the OCSP responder URL will be obtained from the AIA extension in the certificate being queried. If this is set, you must also set ocspResponderCertNickname
    • ocspResponderCertNickname

      public String ocspResponderCertNickname
      The nickname of the cert to trust (expected) to sign the OCSP responses. Only checked when the OCSPResponder value is set.
    • installJSSProvider

      public boolean installJSSProvider
      Install the JSS crypto provider. Default is true.
    • removeSunProvider

      public boolean removeSunProvider
      Remove the Sun crypto provider. Default is false.
    • installJSSProviderFirst

      public boolean installJSSProviderFirst
      Whether or not to initialize the JSS provider first. Default is true.
    • initializeJavaOnly

      public boolean initializeJavaOnly
      If true, none of the underlying NSS components will be initialized. Only the Java portions of JSS will be initialized. This should only be used if NSS has been initialized elsewhere.

      Specifically, the following components will not be configured by CryptoManager.initialize if this flag is set:

      • The NSS databases.
      • OCSP checking.
      • The NSS password callback.
      • The internal PKCS #11 software token's identifier labels: slot, token, module, and manufacturer.
      • The minimum PIN length for the software token.
      • The frequency with which the user must login to the software token.
      • The cipher strength policy (export/domestic).

      The default is false.

    • PKIXVerify

      public boolean PKIXVerify
      Enable PKIX verify rather than the old cert library, to verify certificates. Default is false.
    • noCertDB

      public boolean noCertDB
      Don't open the cert DB and key DB's, just initialize the volatile certdb. Default is false.
    • noModDB

      public boolean noModDB
      Don't open the security module DB, just initialize the PKCS #11 module. Default is false.
    • forceOpen

      public boolean forceOpen
      Continue to force initializations even if the databases cannot be opened. Default is false.
    • noRootInit

      public boolean noRootInit
      Don't try to look for the root certs module automatically. Default is false.
    • optimizeSpace

      public boolean optimizeSpace
      Use smaller tables and caches. Default is false.
    • PK11ThreadSafe

      public boolean PK11ThreadSafe
      only load PKCS#11 modules that are thread-safe, ie. that support locking - either OS locking or NSS-provided locks . If a PKCS#11 module isn't thread-safe, don't serialize its calls; just don't load it instead. This is necessary if another piece of code is using the same PKCS#11 modules that NSS is accessing without going through NSS, for example the Java SunPKCS11 provider. Default is false.
    • PK11Reload

      public boolean PK11Reload
      Init PK11Reload to ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED error when loading PKCS#11 modules. This is necessary if another piece of code is using the same PKCS#11 modules that NSS is accessing without going through NSS, for example Java SunPKCS11 provider. Default is false.
    • noPK11Finalize

      public boolean noPK11Finalize
      never call C_Finalize on any PKCS#11 module. This may be necessary in order to ensure continuous operation and proper shutdown sequence if another piece of code is using the same PKCS#11 modules that NSS is accessing without going through NSS, for example Java SunPKCS11 provider. The following limitation applies when this is set : SECMOD_WaitForAnyTokenEvent will not use C_WaitForSlotEvent, in order to prevent the need for C_Finalize. This call will be emulated instead. Default is false.
    • cooperate

      public boolean cooperate
      Sets 4 recommended options for applications that use both NSS and the Java SunPKCS11 provider. Default is false.
  • Constructor Details

    • InitializationValues

      protected InitializationValues()
    • InitializationValues

      public InitializationValues(String configDir)
      Default constructor taking only the path to the NSS DB directory.
    • InitializationValues

      public InitializationValues(String configDir, String certPrefix, String keyPrefix, String secmodName)
      Optional constructor taking the path to the NSS DB directory, the prefix of the cert database, the prefix of the key database, and the name of the secmod/pkcs11 database.
  • Method Details

    • getInitializeContext

      public boolean getInitializeContext()
      Returns boolean value of initializeContext.

      The default is "false ".

      Returns:
      initializeContext.
    • setInitializeContext

      public void setInitializeContext(boolean value)
      Sets boolean value of initializeContext.
      Parameters:
      value - of initializeContext.
    • getManufacturerID

      public String getManufacturerID()
      Returns the Manufacturer ID of the internal PKCS #11 module.

      The default is "mozilla.org ".

      Returns:
      Manufacturer ID.
    • setManufacturerID

      public void setManufacturerID(String s) throws InvalidLengthException
      Sets the Manufacturer ID of the internal PKCS #11 module. This value must be exactly MANUFACTURER_LENGTH characters long.
      Parameters:
      s - Manufacturer ID.
      Throws:
      InvalidLengthException - If s.length() is not exactly MANUFACTURER_LENGTH.
    • getLibraryDescription

      public String getLibraryDescription()
      Returns the description of the internal PKCS #11 module.

      The default is "Internal Crypto Services ".

      Returns:
      Library description.
    • setLibraryDescription

      public void setLibraryDescription(String s) throws InvalidLengthException
      Sets the description of the internal PKCS #11 module. This value must be exactly LIBRARY_LENGTH characters long.
      Parameters:
      s - Library description.
      Throws:
      InvalidLengthException - If s.length() is not exactly LIBRARY_LENGTH.
    • getInternalTokenDescription

      public String getInternalTokenDescription()
      Returns the description of the internal PKCS #11 token.

      The default is "Internal Crypto Services Token ".

      Returns:
      Description of internal PKCS #11 token.
    • setInternalTokenDescription

      public void setInternalTokenDescription(String s) throws InvalidLengthException
      Sets the description of the internal PKCS #11 token. This value must be exactly TOKEN_LENGTH characters long.
      Parameters:
      s - Description of internal PKCS #11 token.
      Throws:
      InvalidLengthException - If s.length() is not exactly TOKEN_LENGTH.
    • getInternalKeyStorageTokenDescription

      public String getInternalKeyStorageTokenDescription()
      Returns the description of the internal PKCS #11 key storage token.

      The default is "Internal Key Storage Token ".

      Returns:
      Description of internal PKCS #11 key storage token.
    • setInternalKeyStorageTokenDescription

      public void setInternalKeyStorageTokenDescription(String s) throws InvalidLengthException
      Sets the description of the internal PKCS #11 key storage token. This value must be exactly TOKEN_LENGTH characters long.
      Parameters:
      s - Description of internal PKCS #11 key storage token.
      Throws:
      InvalidLengthException - If s.length() is not exactly TOKEN_LENGTH.
    • getInternalSlotDescription

      public String getInternalSlotDescription()
      Returns the description of the internal PKCS #11 slot.

      The default is "NSS Internal Cryptographic Services ".

      Returns:
      Description of internal PKCS #11 slot.
    • setInternalSlotDescription

      public void setInternalSlotDescription(String s) throws InvalidLengthException
      Sets the description of the internal PKCS #11 slot. This value must be exactly SLOT_LENGTH characters long.
      Parameters:
      s - Description of internal PKCS #11 slot.
      Throws:
      InvalidLengthException - If s.length() is not exactly SLOT_LENGTH.
    • getInternalKeyStorageSlotDescription

      public String getInternalKeyStorageSlotDescription()
      Returns the description of the internal PKCS #11 key storage slot.

      The default is "NSS Internal Private Key and Certificate Storage ".

      Returns:
      Description of internal PKCS #11 key storage slot.
    • setInternalKeyStorageSlotDescription

      public void setInternalKeyStorageSlotDescription(String s) throws InvalidLengthException
      Sets the description of the internal PKCS #11 key storage slot. This value must be exactly SLOT_LENGTH characters long.
      Parameters:
      s - Description of internal PKCS #11 key storage slot.
      Throws:
      InvalidLengthException - If s.length() is not exactly SLOT_LENGTH.
    • getFIPSSlotDescription

      public String getFIPSSlotDescription()
      Returns the description of the internal PKCS #11 FIPS slot.

      The default is "NSS FIPS 140-2 User Private Key Services".

      Returns:
      Description of internal PKCS #11 FIPS slot.
    • setFIPSSlotDescription

      public void setFIPSSlotDescription(String s) throws InvalidLengthException
      Sets the description of the internal PKCS #11 FIPS slot. This value must be exactly SLOT_LENGTH characters long.
      Parameters:
      s - Description of internal PKCS #11 FIPS slot.
      Throws:
      InvalidLengthException - If s.length() is not exactly SLOT_LENGTH.
    • getFIPSKeyStorageSlotDescription

      public String getFIPSKeyStorageSlotDescription()
      Returns the description of the internal PKCS #11 FIPS Key Storage slot.

      The default is "NSS FIPS 140-2 User Private Key Services".

      Returns:
      Description of internal PKCS #11 FIPS key storage slot.
    • setFIPSKeyStorageSlotDescription

      public void setFIPSKeyStorageSlotDescription(String s) throws InvalidLengthException
      Sets the description of the internal PKCS #11 FIPS Key Storage slot. This value must be exactly SLOT_LENGTH characters long.
      Parameters:
      s - Description of internal PKCS #11 FIPS key storage slot.
      Throws:
      InvalidLengthException - If s.length() is not exactly SLOT_LENGTH.