org.mozilla.jss.pkcs11

Class PK11Token

public final class PK11Token extends Object implements CryptoToken

A PKCS #11 token. Currently, these can only be obtained from the CryptoManager class.

See Also: CryptoManager

Nested Class Summary
static classPK11Token.NotInitializedException
Thrown if the operation requires that the token be logged in, and it isn't.
Field Summary
protected PK11StorecryptoStore
protected booleanmIsInternalCryptoToken
protected booleanmIsInternalKeyStorageToken
protected TokenProxytokenProxy
Constructor Summary
protected PK11Token()
protected PK11Token(byte[] pointer, boolean internal, boolean keyStorage)
Creates a new PK11Token.
Method Summary
voidchangePassword(PasswordCallback oldPINcb, PasswordCallback newPINcb)
Change password.
protected voidchangePassword(byte[] oldPIN, byte[] newPIN)
Change the password on the token from the old one to the new one.
SymmetricKeycloneKey(SymmetricKey key)
Allows a SymmetricKey to be cloned on a different token.
booleandoesAlgorithm(Algorithm alg)
Determines whether this token is capable of performing the given algorithm.
booleanequals(Object obj)
Deep-comparison operator.
StringgenerateCertRequest(String subject, int keysize, String keyType, byte[] P, byte[] Q, byte[] G)
Generates a PKCS#10 certificate request including Begin/End brackets
protected StringgeneratePK10(String subject, int keysize, String keyType, byte[] P, byte[] Q, byte[] G)
CiphergetCipherContext(EncryptionAlgorithm algorithm)
CryptoStoregetCryptoStore()
JSSMessageDigestgetDigestContext(DigestAlgorithm algorithm)
KeyGeneratorgetKeyGenerator(KeyGenAlgorithm algorithm)
KeyPairGeneratorgetKeyPairGenerator(KeyPairAlgorithm algorithm)
KeyWrappergetKeyWrapper(KeyWrapAlgorithm algorithm)
intgetLoginMode()
intgetLoginTimeoutMinutes()
StringgetName()
ProvidergetProvider()
TokenProxygetProxy()
SecureRandomgetRandomGenerator()
SignaturegetSignatureContext(SignatureAlgorithm algorithm)
voidinitPassword(PasswordCallback ssopwcb, PasswordCallback userpwcb)
Initialize PIN.
protected voidinitPassword(byte[] ssopw, byte[] userpw)
booleanisInternalCryptoToken()
booleanisInternalKeyStorageToken()
booleanisLoggedIn()
booleanisPresent()
Determines if the given token is present on the system.
booleanisWritable()
voidlogin(PasswordCallback callback)
Log into the token.
voidlogout()
Log out of the token.
protected PasswordCallbackInfomakePWCBInfo()
protected voidnativeLogin(PasswordCallback callback)
booleanneedsLogin()
booleanpasswordIsInitialized()
Determine whether the token has been initialized yet.
protected booleanPWInitable()
Make sure the PIN can be initialized.
voidsetLoginMode(int mode)
voidsetLoginTimeoutMinutes(int timeoutMinutes)
protected booleanSSOPasswordIsCorrect(byte[] ssopw)
protected booleanuserPasswordIsCorrect(byte[] pw)
Check the given password, return true if it's right, false if it's wrong.

Field Detail

cryptoStore

protected PK11Store cryptoStore

mIsInternalCryptoToken

protected boolean mIsInternalCryptoToken

mIsInternalKeyStorageToken

protected boolean mIsInternalKeyStorageToken

tokenProxy

protected TokenProxy tokenProxy

Constructor Detail

PK11Token

protected PK11Token()

PK11Token

protected PK11Token(byte[] pointer, boolean internal, boolean keyStorage)
Creates a new PK11Token. Should only be called from PK11Token's native code.

Parameters: pointer A byte array containing a pointer to a PKCS #11 slot.

Method Detail

changePassword

public void changePassword(PasswordCallback oldPINcb, PasswordCallback newPINcb)
Change password. This changes the user's PIN after it has already been initialized.

Parameters: oldPIN The user's old PIN. newPIN The new PIN.

Throws: IncorrectPasswordException If the old PIN is incorrect. TokenException If some other error occurs on the token.

changePassword

protected void changePassword(byte[] oldPIN, byte[] newPIN)
Change the password on the token from the old one to the new one.

cloneKey

public SymmetricKey cloneKey(SymmetricKey key)
Allows a SymmetricKey to be cloned on a different token.

Throws: SymmetricKey.NotExtractableException If the key material cannot be extracted from the current token. InvalidKeyException If the owning token cannot process the key to be cloned.

doesAlgorithm

public boolean doesAlgorithm(Algorithm alg)
Determines whether this token is capable of performing the given algorithm.

equals

public boolean equals(Object obj)
Deep-comparison operator.

Returns: true if these tokens point to the same underlying native token. false otherwise, or if compare is null.

generateCertRequest

public String generateCertRequest(String subject, int keysize, String keyType, byte[] P, byte[] Q, byte[] G)
Generates a PKCS#10 certificate request including Begin/End brackets

Parameters: subject subject dn of the certificate keysize size of the key keyType "rsa" or "dsa" P The DSA prime parameter Q The DSA sub-prime parameter G The DSA base parameter

Returns: String that represents a PKCS#10 b64 encoded blob with begin/end brackets

generatePK10

protected String generatePK10(String subject, int keysize, String keyType, byte[] P, byte[] Q, byte[] G)

getCipherContext

public Cipher getCipherContext(EncryptionAlgorithm algorithm)

getCryptoStore

public CryptoStore getCryptoStore()

getDigestContext

public JSSMessageDigest getDigestContext(DigestAlgorithm algorithm)

getKeyGenerator

public KeyGenerator getKeyGenerator(KeyGenAlgorithm algorithm)

getKeyPairGenerator

public KeyPairGenerator getKeyPairGenerator(KeyPairAlgorithm algorithm)

getKeyWrapper

public KeyWrapper getKeyWrapper(KeyWrapAlgorithm algorithm)

getLoginMode

public int getLoginMode()

getLoginTimeoutMinutes

public int getLoginTimeoutMinutes()

getName

public String getName()

getProvider

public Provider getProvider()

getProxy

public TokenProxy getProxy()

getRandomGenerator

public SecureRandom getRandomGenerator()

getSignatureContext

public Signature getSignatureContext(SignatureAlgorithm algorithm)

initPassword

public void initPassword(PasswordCallback ssopwcb, PasswordCallback userpwcb)
Initialize PIN. This sets the user's new PIN, using the current security officer PIN for authentication.

Parameters: ssopw The security officer's current password. userpw The user's new password.

Throws: IncorrectPinException If the security officer PIN is incorrect. TokenException If the PIN was already initialized, or there was an unspecified error in the token.

initPassword

protected void initPassword(byte[] ssopw, byte[] userpw)

isInternalCryptoToken

public boolean isInternalCryptoToken()

Returns: true if this is the internal token used for bulk crypto.

isInternalKeyStorageToken

public boolean isInternalKeyStorageToken()

Returns: true if this is the internal key storage token.

isLoggedIn

public boolean isLoggedIn()

isPresent

public boolean isPresent()
Determines if the given token is present on the system. This would return false, for example, for a smart card reader that didn't have a card inserted.

isWritable

public boolean isWritable()

Returns: true if the token is writable, false if it is read-only. Writable tokens can have their keys generated on the internal token and then moved out.

login

public void login(PasswordCallback callback)
Log into the token. If you are already logged in, this method has no effect, even if the PIN is wrong.

Parameters: callback A callback to use to obtain the password, or a Password object.

Throws: NotInitializedException The token has not yet been initialized. IncorrectPasswordException The specified password was incorrect.

logout

public void logout()
Log out of the token.

Throws: TokenException If you are already logged in, or an unspecified error occurs.

makePWCBInfo

protected PasswordCallbackInfo makePWCBInfo()

nativeLogin

protected void nativeLogin(PasswordCallback callback)

needsLogin

public boolean needsLogin()

passwordIsInitialized

public boolean passwordIsInitialized()
Determine whether the token has been initialized yet.

PWInitable

protected boolean PWInitable()
Make sure the PIN can be initialized. This is mainly to check the internal module.

setLoginMode

public void setLoginMode(int mode)

setLoginTimeoutMinutes

public void setLoginTimeoutMinutes(int timeoutMinutes)

SSOPasswordIsCorrect

protected boolean SSOPasswordIsCorrect(byte[] ssopw)

userPasswordIsCorrect

protected boolean userPasswordIsCorrect(byte[] pw)
Check the given password, return true if it's right, false if it's wrong.