org.mozilla.jss.pkcs11
public final class PK11Token extends Object implements CryptoToken
See Also: CryptoManager
Nested Class Summary | |
---|---|
static class | PK11Token.NotInitializedException
Thrown if the operation requires that the token be logged in, and it
isn't. |
Field Summary | |
---|---|
protected PK11Store | cryptoStore |
protected boolean | mIsInternalCryptoToken |
protected boolean | mIsInternalKeyStorageToken |
protected TokenProxy | tokenProxy |
Constructor Summary | |
---|---|
protected | PK11Token() |
protected | PK11Token(byte[] pointer, boolean internal, boolean keyStorage)
Creates a new PK11Token. |
Method Summary | |
---|---|
void | changePassword(PasswordCallback oldPINcb, PasswordCallback newPINcb)
Change password. |
protected void | changePassword(byte[] oldPIN, byte[] newPIN)
Change the password on the token from the old one to the new one. |
SymmetricKey | cloneKey(SymmetricKey key)
Allows a SymmetricKey to be cloned on a different token.
|
boolean | doesAlgorithm(Algorithm alg)
Determines whether this token is capable of performing the given
algorithm. |
boolean | equals(Object obj)
Deep-comparison operator.
|
String | generateCertRequest(String subject, int keysize, String keyType, byte[] P, byte[] Q, byte[] G)
Generates a PKCS#10 certificate request including Begin/End brackets |
protected String | generatePK10(String subject, int keysize, String keyType, byte[] P, byte[] Q, byte[] G) |
Cipher | getCipherContext(EncryptionAlgorithm algorithm) |
CryptoStore | getCryptoStore() |
JSSMessageDigest | getDigestContext(DigestAlgorithm algorithm) |
KeyGenerator | getKeyGenerator(KeyGenAlgorithm algorithm) |
KeyPairGenerator | getKeyPairGenerator(KeyPairAlgorithm algorithm) |
KeyWrapper | getKeyWrapper(KeyWrapAlgorithm algorithm) |
int | getLoginMode() |
int | getLoginTimeoutMinutes() |
String | getName() |
Provider | getProvider() |
TokenProxy | getProxy() |
SecureRandom | getRandomGenerator() |
Signature | getSignatureContext(SignatureAlgorithm algorithm) |
void | initPassword(PasswordCallback ssopwcb, PasswordCallback userpwcb)
Initialize PIN. |
protected void | initPassword(byte[] ssopw, byte[] userpw) |
boolean | isInternalCryptoToken() |
boolean | isInternalKeyStorageToken() |
boolean | isLoggedIn() |
boolean | isPresent()
Determines if the given token is present on the system.
|
boolean | isWritable() |
void | login(PasswordCallback callback)
Log into the token. |
void | logout()
Log out of the token.
|
protected PasswordCallbackInfo | makePWCBInfo() |
protected void | nativeLogin(PasswordCallback callback) |
boolean | needsLogin() |
boolean | passwordIsInitialized()
Determine whether the token has been initialized yet. |
protected boolean | PWInitable()
Make sure the PIN can be initialized. |
void | setLoginMode(int mode) |
void | setLoginTimeoutMinutes(int timeoutMinutes) |
protected boolean | SSOPasswordIsCorrect(byte[] ssopw) |
protected boolean | userPasswordIsCorrect(byte[] pw)
Check the given password, return true if it's right, false if it's
wrong. |
Parameters: pointer A byte array containing a pointer to a PKCS #11 slot.
Parameters: oldPIN The user's old PIN. newPIN The new PIN.
Throws: IncorrectPasswordException If the old PIN is incorrect. TokenException If some other error occurs on the token.
Throws: SymmetricKey.NotExtractableException If the key material cannot be extracted from the current token. InvalidKeyException If the owning token cannot process the key to be cloned.
Returns: true if these tokens point to the same underlying native token.
false otherwise, or if compare
is null.
Parameters: subject subject dn of the certificate keysize size of the key keyType "rsa" or "dsa" P The DSA prime parameter Q The DSA sub-prime parameter G The DSA base parameter
Returns: String that represents a PKCS#10 b64 encoded blob with begin/end brackets
Parameters: ssopw The security officer's current password. userpw The user's new password.
Throws: IncorrectPinException If the security officer PIN is incorrect. TokenException If the PIN was already initialized, or there was an unspecified error in the token.
Returns: true if this is the internal token used for bulk crypto.
Returns: true if this is the internal key storage token.
Returns: true if the token is writable, false if it is read-only. Writable tokens can have their keys generated on the internal token and then moved out.
Parameters: callback A callback to use to obtain the password, or a Password object.
Throws: NotInitializedException The token has not yet been initialized. IncorrectPasswordException The specified password was incorrect.
Throws: TokenException If you are already logged in, or an unspecified error occurs.