JCE provider for Utimaco CryptoServer. More...

Inherits Provider.

Public Member Functions
void	setProvider (Provider providerHashAndRng) throws CryptoServerJCEException

	CryptoServerProvider () throws IOException, NumberFormatException, Exception
	Creates a provider for a CryptoServer. More...

	CryptoServerProvider (String device, int timeout) throws IOException, NumberFormatException, CryptoServerJCEException
	Creates a provider for a CryptoServer. More...

	CryptoServerProvider (String[] devices, int timeout) throws IOException, NumberFormatException, CryptoServerJCEException
	Creates a provider for a CryptoServer cluster. More...

	CryptoServerProvider (InputStream config) throws IOException, NumberFormatException
	Creates a provider for a CryptoServer. More...

	CryptoServerProvider (String fileName) throws IOException, NumberFormatException
	Creates a provider for a CryptoServer. More...

Object	setProperty (String key, String value)
	Sets a provider property. More...

void	loginPassword (String userName, byte[] password) throws CryptoServerException, IOException
	Perform a login (Authentication) to the CryptoServer. More...

void	loginPassword (String userName, String password) throws CryptoServerException, IOException
	Perform a login (Authentication) to the CryptoServer. More...

void	loginSign (String userName, String keySpec, String pin)
	Perform a login (Authentication) to the CryptoServer. More...

void	logoff ()
	Terminates a secure messaging session (invalidates authentication).

void	close ()
	Closes the session.

void	setDefaultUserName (String userName) throws IOException, CryptoServerException
	Sets the default user name for login with the KeyStore.load() method. More...

DumyCertificate	getDumyCertificate ()
	Create a dumy certificate. More...

DumyCertificate	createSelfSignedDumyCertificate (String CN_subject_issuer, PublicKey publicKey, PrivateKey privateKey) throws Exception
	Create a dumy certificate (self signed x.509 V3). More...

DumyCertificate[]	getDumyCertificateChain ()
	Create a dumy certificate chain. More...

CryptoServerProvider	getCryptoServer ()

String	getDevice ()

void	changePassword (String userName, String userPassword)

int	getAuthState ()
	Get the AuthState of a connection getting the sum of single permissions. More...

int	getTimeout ()

String[]	getDevices ()

Static Public Attributes
static final int	ALGO_RSA = 1

static final int	ALGO_DSA = 2

static final int	ALGO_EC = 3

static final int	ALGO_ECDSA = 4

static final int	ALGO_EC_EDWARDS = 5

static final int	ALGO_DES = 20

static final int	ALGO_AES = 21

static final int	E_JCE = 0xB984

static final int	E_JCE_MISSING_KEYSTOREPATH = 0xB9840002

static final int	E_JCE_PARAM = 0xB9810000

static final int	E_JCE_NO_PROVIDER = 0xB9840003

static final int	E_JCE_USER_NAME = 0xB9840004

static final int	E_JCE_WRONG_EXPORTPOLICY = 0xB9840005

static final String	E_MECH_NOT_INITIALIZED = "The mechanism is not initialized. Please, invoke the initialization before."

Protected Member Functions
	CryptoServerProvider (CryptoServerProviderBuilder builder) throws IOException, NumberFormatException, Exception

void	finalize ()

HSM	getHsm ()

Static Protected Attributes
static final int	ALGO_NONE = 0

static final int	ALGO_SHA1 = 10

static final int	ALGO_SHA224 = 11

static final int	ALGO_SHA256 = 12

static final int	ALGO_SHA384 = 13

static final int	ALGO_SHA512 = 14

static final int	ALGO_MD5 = 15

static final int	ALGO_SHA3_224 = 16

static final int	ALGO_SHA3_256 = 17

static final int	ALGO_SHA3_384 = 18

static final int	ALGO_SHA3_512 = 19

static final int	ALGO_BSI_TR03111 = 34

static final int	ALGO_ECDH = 35

static final int	ALGO_ECDHC = 36

static final int	ALGO_DH = 37

static final String	DEFAULT_EC_CURVE = "NIST-P256"

static final String	ED25519 = "Ed25519"

static final String	ED448 = "Ed448"

static final String	ED_DSA = "EdDSA"

static final String	RSA = "RSA"

static final String	DSA = "DSA"

static final String	EC = "EC"

static String	STRING_PROVIDER_HASH_RNG = "CryptoServer"

static Provider	PROVIDER_HASH_RNG = null

static boolean	USE_HSM_FOR_HASHING = false

Detailed Description

JCE provider for Utimaco CryptoServer.

Constructor & Destructor Documentation

◆ CryptoServerProvider() [1/5]

CryptoServerProvider ( ) throws IOException, NumberFormatException, Exception

Creates a provider for a CryptoServer.

The configuration file is read from one of the following locations:

1. the environment variable "CRYPTOSERVER_JCE_CONFIG" contains the path to a configuration file
2. the file 'CryptoServer.cfg' is placed into the users home directory

◆ CryptoServerProvider() [2/5]

CryptoServerProvider	(	String	device,
		int	timeout
	)		throws IOException, NumberFormatException, CryptoServerJCEException

Creates a provider for a CryptoServer.

Parameters

device	Address of the CryptoServer. May contain the prefix "TCP:" followed by the IP address or port number and IP address (separated by a '@'), or the prefix "PCI:" followed by the device name of a PCI device. Examples: "TCP:192.168.4.99", "TCP:288@192.168.4.201", "PCI:0", "PCI:/dev/cs2.0".
timeout	Timeout in milliseconds to establish the connection.

◆ CryptoServerProvider() [3/5]

CryptoServerProvider	(	String[]	devices,
		int	timeout
	)		throws IOException, NumberFormatException, CryptoServerJCEException

Creates a provider for a CryptoServer cluster.

Parameters

devices	Array of the CryptoServer device addresses. Each address may contain the prefix "TCP:" followed by the IP address or port number and IP address (separated by a '@'), or the prefix "PCI:" followed by the device name of a PCI device. Examples: "TCP:192.168.4.99", "TCP:288@192.168.4.201", "PCI:0", "PCI:/dev/cs2.0".
timeout	Timeout in milliseconds to establish the connection to a CryptoServer.

◆ CryptoServerProvider() [4/5]

CryptoServerProvider ( InputStream config ) throws IOException, NumberFormatException

Creates a provider for a CryptoServer.

This method reads the configuration of the provider from an InputStream that should contain a property list, that can processed by the Properties.load() method.

Valid configuration items (keys) are

Device - Address of the CryptoServer (mandatory). See CryptoServerProvider(String, int)
ConnectionTimeout - Timeout in milliseconds to establish a connection to the CryptoServer (optional).
Timeout - Timeout in milliseconds (optional).
EndSessionOnShutdown - Enables or disables a ShutdownHook for terminating active sessions.
KeepSessionAlive - A secure messaging session is kept alive even if idle for more than 15 minutes ([0|1], optional).
DefaultUser - Default user name for login with the KeyStore.load() method (optional).
KeyGroup - Key group property to be used on generation and import of keys.

Parameters

config Configuration is read from this InputStream (property list).

◆ CryptoServerProvider() [5/5]

CryptoServerProvider ( String fileName ) throws IOException, NumberFormatException

Creates a provider for a CryptoServer.

This method reads the configuration of the provider from a file that should contain a property list, that can processed by the Properties.load() method. For a description of the config file, see CryptoServerProvider(InputStream).

Parameters

fileName Pathname of the file containing the configuration.

Member Function Documentation

◆ createSelfSignedDumyCertificate()

DumyCertificate createSelfSignedDumyCertificate	(	String	CN_subject_issuer,
		PublicKey	publicKey,
		PrivateKey	privateKey
	)		throws Exception

Create a dumy certificate (self signed x.509 V3).

This method creates a dumy certificate that can be used for KeyStore operations, if the private key does not have certificates.

Parameters

CN_subject_issuer	String value for CN issuer and CN subject.
publicKey	PublicKey key to generate the DumyCertificate.
privateKey	PrivateKey key to sign the certificate.

Returns: Dumy object of type java.security.Certificate.

Exceptions

Exception

◆ getAuthState()

int getAuthState ( )

Get the AuthState of a connection getting the sum of single permissions.

Returns

◆ getDumyCertificate()

DumyCertificate getDumyCertificate ( )

Create a dumy certificate.

This method creates a dumy certificate that can be used for KeyStore operations, if the private key does not have certificates.

Returns: Dumy object of type java.security.Certificate.

◆ getDumyCertificateChain()

DumyCertificate[] getDumyCertificateChain ( )

Create a dumy certificate chain.

This method creates a dumy certificate chain that can be used for the KeyStore.setKeyEntry() method, if the private key does not have certificates.

Returns: Dumy object of type java.security.Certificate[].

◆ loginPassword() [1/2]

void loginPassword	(	String	userName,
		byte[]	password
	)		throws CryptoServerException, IOException

Perform a login (Authentication) to the CryptoServer.

Authentication is necessary, before the CryptoServer can be used.

This method authenticates using a HMAC password mechanism.

Parameters

userName	Name of the user registered in the CryptoServer. The user must be configured with HMAC password mechanism.
password	Password of the user. May contain binary data.

Exceptions

CryptoServerException

◆ loginPassword() [2/2]

void loginPassword	(	String	userName,
		String	password
	)		throws CryptoServerException, IOException

Perform a login (Authentication) to the CryptoServer.

This method authenticates using a HMAC password mechanism. Authentication is necessary, before the CryptoServer can be used.

Parameters

userName	Name of the user registered in the CryptoServer. The user must be configured with HMAC password mechanism.
password	Password of the user. Should contain ISO8859-15 characters only..

Exceptions

CryptoServerException

◆ loginSign()

void loginSign	(	String	userName,
		String	keySpec,
		String	pin
	)

Perform a login (Authentication) to the CryptoServer.

Authentication is necessary, before the CryptoServer can be used.

This method authenticates using a (RSA) signature mechanism.

Parameters

userName	Name of the user registered in the CryptoServer. The user must be configured with RSA signature mechanism.
keySpec	Name of the file that contains the private key of the user.
pin	Password, if the key file is encrypted, or null.

◆ setDefaultUserName()

void setDefaultUserName ( String userName ) throws IOException, CryptoServerException

Sets the default user name for login with the KeyStore.load() method.

Parameters

userName Name of the user registered in the CryptoServer. The user must be configured with HMAC password mechanism.

◆ setProperty()

Object setProperty	(	String	key,
		String	value
	)

Sets a provider property.

Parameters

key

the property to be set. The following properties are currently handled by the CryptoServer Provider:

Timeout - Device timeout in milliseconds.
KeepSessionAlive - A secure messaging session is kept alive even if idle for more than 15 minutes ([0|1], optional).
DefaultUser - Default user name for login with the KeyStore.load() method. The user must be configured with HMAC password mechanism.
KeyGroup - Key Group to be accessed.

Setting a property overrides the default property settings made in the configuration file.

value the property value to be set

Public Member Functions

Static Public Attributes

Protected Member Functions

Static Protected Attributes

Detailed Description

Constructor & Destructor Documentation

◆ CryptoServerProvider() [1/5]

◆ CryptoServerProvider() [2/5]

◆ CryptoServerProvider() [3/5]

◆ CryptoServerProvider() [4/5]

◆ CryptoServerProvider() [5/5]

Member Function Documentation

◆ createSelfSignedDumyCertificate()

◆ getAuthState()

◆ getDumyCertificate()

◆ getDumyCertificateChain()

◆ loginPassword() [1/2]

◆ loginPassword() [2/2]

◆ loginSign()

◆ setDefaultUserName()

◆ setProperty()