JCE provider for Utimaco CryptoServer. More...

Inherits Provider.

Public Member Functions
	CryptoServerProvider () throws IOException, NumberFormatException, CryptoServerException
	Creates a provider for a CryptoServer. More...

	CryptoServerProvider (String device, int timeout) throws IOException, NumberFormatException, CryptoServerException
	Creates a provider for a CryptoServer. More...

	CryptoServerProvider (String[] devices, int timeout) throws IOException, NumberFormatException, CryptoServerException
	Creates a provider for a CryptoServer cluster. More...

	CryptoServerProvider (InputStream config) throws IOException, NumberFormatException, CryptoServerException
	Creates a provider for a CryptoServer. More...

	CryptoServerProvider (String fileName) throws IOException, NumberFormatException, CryptoServerException
	Creates a provider for a CryptoServer. More...

Object	setProperty (String key, String value)
	Sets a provider property. More...

CryptoServerCXI	getCryptoServer ()
	Returns the CryptoServer object for this provider.

void	loginPassword (String userName, byte[] password) throws IOException, CryptoServerException
	Perform a login (Authentication) to the CryptoServer. More...

void	loginPassword (String userName, String password) throws IOException, CryptoServerException
	Perform a login (Authentication) to the CryptoServer. More...

void	changePassword (String userName, String password) throws IOException, CryptoServerException, UnsupportedEncodingException
	Changes the password of a user. More...

void	loginSign (String userName, String keySpec, String pin) throws IOException, CryptoServerException
	Perform a login (Authentication) to the CryptoServer. More...

void	logoff () throws IOException, CryptoServerException
	Terminates a secure messaging session (invalidates authentication).

void	setDefaultUserName (String userName) throws IOException, CryptoServerException
	Sets the default user name for login with the KeyStore.load() method. More...

DumyCertificate	getDumyCertificate ()
	Create a dumy certificate. More...

DumyCertificate	getDumyCertificate (PublicKey key)
	Create a dumy certificate. More...

DumyCertificate[]	getDumyCertificateChain ()
	Create a dumy certificate chain. More...

Static Public Attributes
static final int	E_JCE = 0xB984

static final int	E_JCE_MISSING_KEYSTOREPATH = 0xB9840002

Protected Member Functions
void	finalize ()

CryptoServerKey	setFipsUsage (CryptoServerKey key, FipsUsage usage, int mechPadding) throws IOException, CryptoServerException

Protected Attributes
CryptoServerCXI	cs

String	defaultUser = "JCE"

String	keyGroup = ""

int	keySpecifier = -1

boolean	keysExternal = false

String	keyStorePath = ""

int	export = 0

int	usage = 0xffffffff

Static Protected Attributes
static final int	ALGO_NONE = 0

static final int	ALGO_RSA = 1

static final int	ALGO_DSA = 2

static final int	ALGO_EC = 3

static final int	ALGO_ECDSA = 4

static final int	ALGO_SHA1 = 10

static final int	ALGO_SHA224 = 11

static final int	ALGO_SHA256 = 12

static final int	ALGO_SHA384 = 13

static final int	ALGO_SHA512 = 14

static final int	ALGO_MD5 = 15

static final int	ALGO_SHA3_224 = 16

static final int	ALGO_SHA3_256 = 17

static final int	ALGO_SHA3_384 = 18

static final int	ALGO_SHA3_512 = 19

static final int	ALGO_DES = 20

static final int	ALGO_AES = 21

static final int	ALGO_BSI_TR03111 = 34

static final int	ALGO_ECDH = 35

static final int	ALGO_ECDHC = 36

static final int	ALGO_DH = 37

static final String	DEFAULT_EC_CURVE = "NIST-P256"

static String	PROVIDER_HASH = "SUN"

static String	PROVIDER_RNG = "SUN"

Detailed Description

JCE provider for Utimaco CryptoServer.

Constructor & Destructor Documentation

◆ CryptoServerProvider() [1/5]

CryptoServerProvider ( ) throws IOException, NumberFormatException, CryptoServerException

Creates a provider for a CryptoServer.

The configuration file is read from one of the following locations:

1. the environment variable "CRYPTOSERVER_JCE_CONFIG" contains the path to a configuration file
2. the file 'CryptoServer.cfg' is placed into the users home directory

◆ CryptoServerProvider() [2/5]

CryptoServerProvider	(	String	device,
		int	timeout
	)		throws IOException, NumberFormatException, CryptoServerException

Creates a provider for a CryptoServer.

Parameters

device	Address of the CryptoServer. May contain the prefix "TCP:" followed by the IP address or port number and IP address (seperated by a '@'), or the prefix "PCI:" followed by the device name of a PCI device. Examples: "TCP:192.168.4.99", "TCP:288@192.168.4.201", "PCI:0", "PCI:/dev/cs2.0".
timeout	Timeout in milliseconds to establish the connection.

◆ CryptoServerProvider() [3/5]

CryptoServerProvider	(	String[]	devices,
		int	timeout
	)		throws IOException, NumberFormatException, CryptoServerException

Creates a provider for a CryptoServer cluster.

Parameters

devices	Array of the CryptoServer device addresses. Each address may contain the prefix "TCP:" followed by the IP address or port number and IP address (seperated by a '@'), or the prefix "PCI:" followed by the device name of a PCI device. Examples: "TCP:192.168.4.99", "TCP:288@192.168.4.201", "PCI:0", "PCI:/dev/cs2.0".
timeout	Timeout in milliseconds to establich the connection to a CryptoServer.

◆ CryptoServerProvider() [4/5]

CryptoServerProvider ( InputStream config ) throws IOException, NumberFormatException, CryptoServerException

Creates a provider for a CryptoServer.

This method reads the configuration of the provider from an InputStream that should contain a property list, that can processed by the Properties.load() method.

Valid configuration items (keys) are

Device - Address of the CryptoServer (mandatory). See CryptoServerProvider(String,int)
ConnectionTimeout - Timeout in milliseconds to establish a connection to the CryptoServer (optional).
Timeout - Timeout in milliseconds (optional).
EndSessionOnShutdown - Enables or disables a ShutdownHook for terminating active sessions.
KeepSessionAlive - A secure messaging session is kept alive even if idle for more than 15 minutes ([0|1], optional).
DefaultUser - Default user name for login with the KeyStore.load() method (optional).
KeyGroup - Key group property to be used on generation and import of keys.

Parameters

config Configuration is read from this InputStream (property list).

◆ CryptoServerProvider() [5/5]

CryptoServerProvider ( String fileName ) throws IOException, NumberFormatException, CryptoServerException

Creates a provider for a CryptoServer.

This method reads the configuration of the provider from a file that should contain a property list, that can processed by the Properties.load() method. For a description of the config file, see CryptoServerProvider(InputStream).

Parameters

fileName Pathname of the file containing the configuration.

Member Function Documentation

◆ changePassword()

void changePassword	(	String	userName,
		String	password
	)		throws IOException, CryptoServerException, UnsupportedEncodingException

Changes the password of a user.

Note: The user must be logged in using a loginPassword method.

Parameters

userName	Name of the user the password should be changed for.
password	New password of the user. Should contain ISO8859-15 characters only.

◆ getDumyCertificate() [1/2]

DumyCertificate getDumyCertificate ( )

Create a dumy certificate.

This method creates a dumy certificate that can be used for KeyStore operations, if the private key does not have certificates.

Returns: Dumy object of type java.security.Certificate.

◆ getDumyCertificate() [2/2]

DumyCertificate getDumyCertificate ( PublicKey key )

Create a dumy certificate.

This method creates a dumy certificate that can be used for KeyStore operations, if the private key does not have certificates.

Parameters

key	CryptoServerPublic key to be stored in DumyCertificate.

Returns: Dumy object of type java.security.Certificate.

◆ getDumyCertificateChain()

DumyCertificate[] getDumyCertificateChain ( )

Create a dumy certificate chain.

This method creates a dumy certificate chain that can be used for the KeyStore.setKeyEntry() method, if the private key does not have certificates.

Returns: Dumy object of type java.security.Certificate[].

◆ loginPassword() [1/2]

void loginPassword	(	String	userName,
		byte[]	password
	)		throws IOException, CryptoServerException

Perform a login (Authentication) to the CryptoServer.

Authentication is necessary, before the CryptoServer can be used.

This method authenticates using a HMAC password mechanism.

Parameters

userName	Name of the user registered in the CryptoServer. The user must be configured with HMAC password mechanism.
password	Password of the user. May contain binary data.

◆ loginPassword() [2/2]

void loginPassword	(	String	userName,
		String	password
	)		throws IOException, CryptoServerException

Perform a login (Authentication) to the CryptoServer.

This method authenticates using a HMAC password mechanism. Authentication is necessary, before the CryptoServer can be used.

Parameters

userName	Name of the user registered in the CryptoServer. The user must be configured with HMAC password mechanism.
password	Password of the user. Should contain ISO8859-15 characters only..

◆ loginSign()

void loginSign	(	String	userName,
		String	keySpec,
		String	pin
	)		throws IOException, CryptoServerException

Perform a login (Authentication) to the CryptoServer.

Authentication is necessary, before the CryptoServer can be used.

This method authenticates using a (RSA) signature mechanism.

Parameters

userName	Name of the user registered in the CryptoServer. The user must be configured with RSA signature mechanism.
keySpec	Name of the file that contains the private key of the user.
pin	Password, if the key file is encrypted, or null.

◆ setDefaultUserName()

void setDefaultUserName ( String userName ) throws IOException, CryptoServerException

Sets the default user name for login with the KeyStore.load() method.

Parameters

userName Name of the user registered in the CryptoServer. The user must be configured with HMAC password mechanism.

◆ setProperty()

Object setProperty	(	String	key,
		String	value
	)

Sets a provider property.

Parameters

key

the property to be set. The following properties are currently handled by the CryptoServer Provider:

Timeout - Device timeout in milliseconds.
KeepSessionAlive - A secure messaging session is kept alive even if idle for more than 15 minutes ([0|1], optional).
DefaultUser - Default user name for login with the KeyStore.load() method. The user must be configured with HMAC password mechanism.
KeyGroup - Key Group to be accessed.

Setting a property overrides the default property settings made in the configuration file.

value the property value to be set

Public Member Functions

Static Public Attributes

Protected Member Functions

Protected Attributes

Static Protected Attributes

Detailed Description

Constructor & Destructor Documentation

◆ CryptoServerProvider() [1/5]

◆ CryptoServerProvider() [2/5]

◆ CryptoServerProvider() [3/5]

◆ CryptoServerProvider() [4/5]

◆ CryptoServerProvider() [5/5]

Member Function Documentation

◆ changePassword()

◆ getDumyCertificate() [1/2]

◆ getDumyCertificate() [2/2]

◆ getDumyCertificateChain()

◆ loginPassword() [1/2]

◆ loginPassword() [2/2]

◆ loginSign()

◆ setDefaultUserName()

◆ setProperty()