	RSA BSAFE CERT-J	Certificate Management Components for Java
	Javadoc

CertJ Class Reference

This is the Cert-J "master class".

It keeps state variables, lists of currently registered service providers, a random number object for use in Crypto-J API calls and enables FIPS-related self-testing on a FIPS-validated version of the toolkit.

CertJ has methods to allow the user run the FIPS-required power-up self-tests on demand and get their status, methods to set and query the user role, and methods to get and set the library to fips or non-fips mode. These methods are not available on a non-fips library.

The FIPS version of CryptoJ executes power-up self-tests automatically upon startup and conditional tests at runtime. Upon startup failure, the the toolkit enters a FAILED state preventing further operation.

List of all members.

Public Methods

void CertJ:: setPKCS11Sessions (JSAFE_Session[] SessionArray)

Sets the value of the opened PKCS11 sessions. More...

JSAFE_Session [] CertJ:: getPKCS11Sessions ()

Returns the PKCS11 sessions collected before. More...

CertJ () throws ProviderManagementException, InvalidUseException

Constructs an instance of CertJ and initializes it with only one service provider, a DefaultRandom provider, which is created by new DefaultRandom ("Default Random"). More...

CertJ (Provider[] providers) throws ProviderManagementException, InvalidUseException

Constructs an instance of CertJ and initializes it with a list of service handlers given in providers. More...

void CertJ:: unregisterAll ()

Unregisters all currently registered service providers.

void CertJ:: registerService (Provider provider) throws InvalidParameterException, ProviderManagementException

Registers an additional service provider given in Provider, after a CertJ object is constructed. More...

void CertJ:: registerService (Provider provider, int order) throws InvalidParameterException, ProviderManagementException

Registers an additional service provider given in Provider, after a CertJ object is constructed, using a particular ordering. More...

void CertJ:: unregisterService (int type, String name) throws InvalidParameterException

Unregisters a previously registered service provider. More...

void CertJ:: addProvider (Provider provider) throws InvalidParameterException, ProviderManagementException

Adds a provider. More...

void CertJ:: addProvider (Provider provider, int order) throws InvalidParameterException, ProviderManagementException

Adds a provider using a particular ordering. More...

void CertJ:: removeProvider (int type, String name) throws InvalidParameterException

Removes a provider. More...

Service CertJ:: bindService (int type, String name) throws InvalidParameterException, ProviderManagementException

Creates a Service of type and name that can be used as a parameter to CertJ API methods that target a specific service provider or set of service providers. More...

Service CertJ:: bindServices (int type, String[] names) throws InvalidParameterException, ProviderManagementException

Creates a Service consisting of one or more currently-registered service providers. More...

Service CertJ:: bindServices (int type) throws InvalidParameterException, ProviderManagementException

Binds all the providers of a given type to a Service. More...

void CertJ:: unbindService (Service service)

Unbinds service providers in the specified service. More...

String [] CertJ:: listAllProviders ()

Returns a String array that contains a descriptive string for each provider registered in this object. More...

String [] CertJ:: listProviderNames (int providerType)

Returns a String array that contains the names of all the providers registered for a given type. More...

JSAFE_SecureRandom CertJ:: getRandomObject () throws NoServiceException, RandomException

Returns the random object associated with this object. More...

String CertJ:: getDevice ()

Returns a String that represents a device associated with this object. More...

void CertJ:: setDevice (String device)

Keeps the device string to be used for crypto operations. More...

boolean CertJ:: verifyCertPath (CertPathCtx pathCtx, Object startObject) throws InvalidParameterException, NoServiceException, CertPathException

Verifies a certification path from startObject to one of the trusted certificates provided in pathCtx, the certification path context, without returning the path verified. More...

boolean CertJ:: buildCertPath (CertPathCtx pathCtx, Object startObject, Vector certPath, Vector crlList, Vector crlCerts, Vector policyInfoList) throws InvalidParameterException, NoServiceException, CertPathException

Constructs a path in certPath from startObject to one of the trusted certificates provided in pathCtx, the certification path context. More...

void CertJ:: getNextCertInPath (CertPathCtx pathCtx, Object baseObject, Vector certList) throws InvalidParameterException, NoServiceException, CertPathException

Collects a set of candidate certificates that have public keys that can verify the signature of baseObject, using the path-processing options and conditions in pathCtx. More...

boolean CertJ:: validateCertificate (CertPathCtx pathCtx, Certificate cert, JSAFE_PublicKey validationKey) throws InvalidParameterException, NoServiceException, CertPathException

Verifies those aspects of the certification path processing policy that can be determined from the information available in the specified cert, using any parameters specified in pathCtx. More...

CertRevocationInfo CertJ:: checkCertRevocation (CertPathCtx pathCtx, Certificate cert) throws InvalidParameterException, NoServiceException, CertStatusException

Determines whether a particular certificate is revoked or not based on the information provided in pathCtx. More...

void CertJ:: importPKCS12 (String pkcs12File, char[] password, DatabaseService database) throws PKCS12Exception

Reads the contents of the PKCS #12 file, pkcs12File, using password as the password and stores it in the specified database service, database. More...

void CertJ:: importPKCS12 (File pkcs12File, char[] password, DatabaseService database) throws PKCS12Exception

Reads the contents of the PKCS #12 file, pkcs12File, using password as the password and stores it in the specified database service, database. More...

Static Public Methods

String CertJ:: getDefaultDevice ()

Returns the device string that will be used when an object of this class is instantiated. More...

void CertJ:: setDefaultDevice (String device)

Sets the value of the default device string associated with this class. More...

String CertJ:: serviceTypeToString (int type)

Returns a String describing the specified service type. More...

void CertJ:: addCompatibilityType (CompatibilityType property)

Adds the compatibility type option. More...

void CertJ:: removeCompatibilityType (CompatibilityType property)

Removes the compatibility type option. More...

boolean CertJ:: isCompatibilityTypeSet (CompatibilityType type)

Indicates whether the specified compatibility type option is set. More...

final boolean CertJ:: isFIPS140Compliant () throws InvalidUseException

Indicates whether this toolkit is FIPS 140-2 compliant. More...

int CertJ:: getState ()

Queries the toolkit execution state on a FIPS-validated toolkit. More...

int CertJ:: getMode ()

Returns the mode, either FIPS or NON-FIPS. More...

void CertJ:: setMode (int newMode) throws InvalidUseException

Sets the FIPS mode to newMode. More...

int CertJ:: getRole ()

Returns the user role. More...

void CertJ:: setRole (int newRole) throws InvalidUseException

Sets the user mode to newRole. More...

boolean CertJ:: selfTestPassed ()

Retrieves the results of last execution of the power-up self-tests. More...

synchronized boolean CertJ:: runSelfTests () throws InvalidUseException

Runs the FIPS 140 required power-up self-tests on demand. More...

Static Public Attributes

final int CertJ:: SPT_RANDOM

Denotes a random service provider.

final int CertJ:: SPT_DATABASE

Denotes a database service provider.

final int CertJ:: SPT_CERT_STATUS

Denotes a certificate revocation status service provider.

final int CertJ:: SPT_CERT_PATH

Denotes a certification path processing service provider.

final int CertJ:: SPT_PKI

Denotes a PKI service provider.

final int CertJ:: SERVICE_ORDER_FIRST

Indicates that the service provider should be inserted before others of the same type.

final int CertJ:: SERVICE_ORDER_LAST

Indicates that the service provider should be inserted after others of the same type. More...

final String CertJ:: CERT_J_VERSION

Indicates the current version of Cert-J.

final int CertJ:: NOT_INITIALIZED

Indicates that the Crypto-J toolkit has not been verified.

final int CertJ:: UNDER_SELF_TEST

Indicates that the Crypto-J toolkit is under self test.

final int CertJ:: OPERATIONAL

Indicates that the Crypto-J toolkit passed verification.

final int CertJ:: FAILED

Indicates that the Crypto-J toolkit failed verification; a powerup or a conditional self test has failed.

final int CertJ:: FIPS_MODE

Indicates that the toolkit is running in FIPS mode.

final int CertJ:: NON_FIPS_MODE

Indicates that the toolkit is running in non-FIPS mode.

final int CertJ:: FIPS_TESTING_MODE

Indicates that the toolkit is running in FIPS testing mode.

final int CertJ:: CRYPTO_OFFICER_ROLE

Denotes the Crypto Officer role.

final int CertJ:: USER_ROLE

Denotes the normal user role.

Constructor & Destructor Documentation

CertJ::CertJ ( ) throws ProviderManagementException, InvalidUseException [inline];

Constructs an instance of CertJ and initializes it with only one service provider, a DefaultRandom provider, which is created by new DefaultRandom ("Default Random").
Exceptions:

ProviderManagementException If any service provider management API fails.

InvalidUseException if the Cert-J library is FIPS compliant and the Crypto-J library is not, or visa-versa. Ensure certj.jar is used with jsafe.jar, certjFIPS.jar is used with jsafeFIPS.jar and certjWithNative.jar is used with jsafeWithNative.jar.

CertJ::CertJ ( Provider providers[] ) throws ProviderManagementException, InvalidUseException [inline];

Constructs an instance of CertJ and initializes it with a list of service handlers given in providers.
Parameters:

providers A Provider array that contains definitions of service handlers to register. If it does not contain a random number provider, it will register a DefaultRandom provider, which is created by new DefaultRandom ("Default Random").

Exceptions:

ProviderManagementException If registering any service provider fails.

InvalidUseException if the Cert-J library is FIPS compliant and the Crypto-J library is not, or visa-versa. Ensure certj.jar is used with jsafe.jar, certjFIPS.jar is used with jsafeFIPS.jar and certjWithNative.jar is used with jsafeWithNative.jar.

Member Function Documentation

void CertJ::addCompatibilityType ( CompatibilityType property ) [inline, static];

Adds the compatibility type option. Note: Changing compatibility types affects all threads.
Parameters:

property the CompatibilityType option to be added.

See also:
isCompatibilityTypeSet(CompatibilityType)

void CertJ::addProvider ( Provider provider,

int order

) throws InvalidParameterException, ProviderManagementException [inline];

Adds a provider using a particular ordering. It performs the same task as registerService(Provider, int).
Parameters:

provider A Provider that defines the service provider to be added.

order An int that specifies whether the service provider should be placed before or after other service providers of the same type in the provider list.

Exceptions:

InvalidParameterException If some of the parameters are invalid.

ProviderManagementException If any service provider management API fails.

See also:
registerService(com.rsa.certj.Provider, int)

void CertJ::addProvider ( Provider provider ) throws InvalidParameterException, ProviderManagementException [inline];

Adds a provider. It performs the same task as registerService(Provider).
Parameters:

provider A Provider that defines the service provider to be added.

Exceptions:

InvalidParameterException If some of the parameters are invalid.

ProviderManagementException If any service provider management API fails.

See also:
registerService(com.rsa.certj.Provider)

Service CertJ::bindService ( int type,

String name

) throws InvalidParameterException, ProviderManagementException [inline];

Creates a Service of type and name that can be used as a parameter to CertJ API methods that target a specific service provider or set of service providers. Certain Cert-J API methods, such as database operations, are defined for an object of a Service class. To use those API methods, call this method to create an appropriate service.
Parameters:

type An int that denotes the service provider type. It should contain one of the SPT_* constants.

name A String that contains the service provider instance name. The method uses this string to identify the specific service provider instance to be bound to a Service. The application may pass null in place of the service name. This will cause bindService to bind to the first service provider of the given type.

Returns:
A Service consisting of a provider of given type and name.

Exceptions:

InvalidParameterException If some of the parameters are invalid.

ProviderManagementException If any service provider management API fails.

See also:
bindServices(int, java.lang.String[])

Service CertJ::bindServices ( int type ) throws InvalidParameterException, ProviderManagementException [inline];

Binds all the providers of a given type to a Service.
Parameters:

type An int that denotes the service provider type. It should be one of the SPT_* constants.

Returns:
A Service consisting of all the registered providers of given type.
Exceptions:

InvalidParameterException If some of the parameters are invalid.

ProviderManagementException If any service provider management API fails.

See also:
bindService(int, java.lang.String) , bindServices(int, java.lang.String[])

Service CertJ::bindServices ( int type,

String names[]

) throws InvalidParameterException, ProviderManagementException [inline];

Creates a Service consisting of one or more currently-registered service providers. The type of service is type and names contains a list of provider names to be bound to the service. Certain Cert-J API methods, such as database operations, are definedfor an object of a Service class. To use those API methods, call this method to create an appropriate service. Some service types (for example, SPT_DATABASE) allow an ordered list of instances to be specified in the service provider name array. If null is specified for names, all of the provider instances of the given type are bound in registration order.
Parameters:

type An int that denotes the service provider type. It should contain one of the SPT_* constants.

names A String array giving the service provider instance names. The method uses this array to identify the specific service provider instances to be bound to the Service, and the order in which they should be called by methods referencing this Service. The application may pass null in place of the service name array. This will induce this method to bind to all service providers of the given type, in the order in which the service providers are registered.

Returns:
A Service consisting of providers of the giventype and names.
Exceptions:

InvalidParameterException If some of the parameters are invalid.

ProviderManagementException If any service provider management API fails.

See also:
bindService(int, java.lang.String) , bindServices(int)

boolean CertJ::buildCertPath ( CertPathCtx pathCtx,

Object startObject,

Vector certPath,

Vector crlList,

Vector crlCerts,

Vector policyInfoList

) throws InvalidParameterException, NoServiceException, CertPathException [inline];

Constructs a path in certPath from startObject to one of the trusted certificates provided in pathCtx, the certification path context. The CRLs that need to verify the path are stored in crlList. The certificates needed to verify the CRLs are stored in crlCerts. The policy information found in the path is stored in policyInfoList.
This method can be used for path validation by passing null values for the certPath, crlList, crlCerts, and policyInfoList parameters, because this method will throw an exception if the path is not valid. Doing this is equivalent to calling the verifyCertPath method.
Parameters:

pathCtx A CertPathCtx that is used to ensure that the constructed certification path is valid. Less strict checking during path construction can be requested by the appropriate use of pathOptions associated with this object.

startObject Either a Certificate or a CRL. If startObject is a certificate, the resulting path will include the startObject as the first certificate in the path. If startObject is a CRL, the first certificate in the path will be the CRL issuer.

certPath A Vector that holds a valid certification path. This parameter is optional, and may be set to null if not used. On output, a set of certificates that consist of the certification path for startObject will be added to this list unless they are already on the list.

crlList A Vector that will hold a list of CRLs that need to verify certPath. This parameter is optional, and may be set to null if not used. On output, the list will contain any CRLs needed to verify the resulting certification path. Note that some certificate revocation status services may not use or return CRLs.

crlCerts A Vector that will hold a list of Certificates that are needed to verify crlList. This parameter is optional, and may be set to null if not used. On output, the list will contain any additional certificates not included in certPath that may be required to validate CRLs returned in crlList. If the crlList parameter is set to null, this parameter will be ignored. The certificates returned in this parameter are essentially the union of certificate paths extending from the returned CRLs to the trusted certificates in pathCtx except that the certificates returned in certPath may or may not be included in this list.

policyInfoList A Vector that will hold a list of PolicyInformation that are found in certPath. This parameter is optional and may be set to null if not used. On output, the policy information list will contain an entry for each policy under which the certificate was issued. Each entry in the list is a PolicyInformation object.

Returns:
true if valid path is built, false otherwise.

Exceptions:

InvalidParameterException If some of the parameters are invalid.

NoServiceException If no provider is found for Certification Path Processing Service.

CertPathException If a certification path processing provider fails.

See also:
verifyCertPath(com.rsa.certj.spi.path.CertPathCtx, java.lang.Object)

CertRevocationInfo CertJ::checkCertRevocation ( CertPathCtx pathCtx,

Certificate cert

) throws InvalidParameterException, NoServiceException, CertStatusException [inline];

Determines whether a particular certificate is revoked or not based on the information provided in pathCtx. The method returns the the revocation status and related information.
Parameters:

pathCtx A CertPathCtx object that is used to ensure that the constructed certification path is valid. This method uses the certification path-processing context to determine the status checking mechanism.

cert A Certificate to be checked.

Returns:
A CertRevocationInfo object that holds information about the status of cert.
Exceptions:

InvalidParameterException If any of the parameters are invalid or null.

NoServiceException If no provider is found for Certificate Revocation Status Service.

CertStatusException If a certificate revocation status provider fails.

String CertJ::getDefaultDevice ( ) [inline, static];

Returns the device string that will be used when an object of this class is instantiated.
Returns:
A String indicating the default device string.

String CertJ::getDevice ( ) [inline];

Returns a String that represents a device associated with this object.
Returns:
A String that represents a device.

int CertJ::getMode ( ) [inline, static];

Returns the mode, either FIPS or NON-FIPS. The FIPS mode is meaningful only in a FIPS-validated library.

Returns:
The mode: FIPS_MODE or NON_FIPS_MODE.
See also:
isFIPS140Compliant , setMode

void CertJ::getNextCertInPath ( CertPathCtx pathCtx,

Object baseObject,

Vector certList

) throws InvalidParameterException, NoServiceException, CertPathException [inline];

Collects a set of candidate certificates that have public keys that can verify the signature of baseObject, using the path-processing options and conditions in pathCtx. The returned candidate certificates are stored in certList.
Parameters:

pathCtx A CertPathCtx object that is used to determine the validation time and other path building options.

baseObject An Object object that is used to locate one or more certificates that may contain the public key needed to verify the base certificate's signature. Information contained in the base object (typically the issuer name or the authority key identifier) is used to select a set of certificates. Currently the object is either a Certificate or a CRL.

certList A Vector that will contain certificates that might be able to verify baseObject's signature. This method may (but need not) apply additional criteria from the path processing algorithm and options to reduce the set of candidate certificates. The caller is responsible for the actual validation of baseObject, the candidate certificates, and any relationship between baseObject and candidate certificates required by the certification path processing algorithm.

Exceptions:

InvalidParameterException If some of the parameters are invalid.

NoServiceException If no provider is found for Certification Path Processing Service.

CertPathException If a certification path processing provider fails.

JSAFE_Session [] CertJ::getPKCS11Sessions ( ) [inline];

Returns the PKCS11 sessions collected before.
Returns:
An array of JSAFE_Session indicating the PKCS11 sessions used for sign/verify or encrypt/decrypt. null can be returned.
See also:
com.rsa.certj.CertJsetPKCS11Sessions(JSAFE_Session[])

JSAFE_SecureRandom CertJ::getRandomObject ( ) throws NoServiceException, RandomException [inline];

Returns the random object associated with this object.
Returns:
the JSAFE_SecureRandom object associated with this object.
Exceptions:

NoServiceException If unable to get random object.

int CertJ::getRole ( ) [inline, static];

Returns the user role. The user role is meaninful only on a FIPS-validated library.

Returns:
The user role: USER_ROLE or CRYPTO_OFFICER_ROLE.
See also:
isFIPS140Compliant , setRole

int CertJ::getState ( ) [inline, static];

Queries the toolkit execution state on a FIPS-validated toolkit.
Returns:
The execution state: NOT_INITIALIZED, UNDER_SELF_TEST, OPERATIONAL, or FAILED.
See also:
isFIPS140Compliant

void CertJ::importPKCS12 ( File pkcs12File,

char password[],

DatabaseService database

) throws PKCS12Exception [inline];

Reads the contents of the PKCS #12 file, pkcs12File, using password as the password and stores it in the specified database service, database.
Parameters:

pkcs12File A File identifying the PKCS #12 file to read.

password A char array that contains the password for the PKCS #12 file.

database A DatabaseService representing the database or databases where the contents of the PKCS #12 file will be stored.

Exceptions:

PKCS12Exception If any PKCS #12 operation fails.

void CertJ::importPKCS12 ( String pkcs12File,

char password[],

DatabaseService database

) throws PKCS12Exception [inline];

Reads the contents of the PKCS #12 file, pkcs12File, using password as the password and stores it in the specified database service, database.
Parameters:

pkcs12File A String indicating the name of the PKCS #12 file to read.

password A char array that contains the password for the PKCS #12 file.

database A DatabaseService representing the database or databases where the contents of the PKCS #12 file will be stored.

Exceptions:

PKCS12Exception If any PKCS #12 operation fails.

boolean CertJ::isCompatibilityTypeSet ( CompatibilityType type ) [inline, static];

Indicates whether the specified compatibility type option is set.
Parameters:

type the Compatibility property to be retrieved.

Returns:
The boolean option that has been set on the CompatibilityType.
See also:
addCompatibilityType(CompatibilityType) , removeCompatibilityType(CompatibilityType)

final boolean CertJ::isFIPS140Compliant ( ) throws InvalidUseException [inline, static];

Indicates whether this toolkit is FIPS 140-2 compliant. If it is compliant, then methods to query and set the FIPS mode, the user role, and run the power-up tests are available; otherwise, these methods are not available.
There is no enforcement of algorithm selection in FIPS_MODE. The caller is responsible for choosing the proper algorithms.

Returns:
true if this is a FIPS 140-2 compliant library; false otherwise.
Exceptions:

InvalidUseException if the Cert-J library is FIPS compliant and the Crypto-J library is not, or visa-versa. Ensure certj.jar is used with jsafe.jar, certjFIPS.jar is used with jsafeFIPS.jar and certjWithNative.jar is used with jsafeWithNative.jar.

See also:
getState , getMode , setMode , getRole , setRole , selfTestPassed , runSelfTests

String [] CertJ::listAllProviders ( ) [inline];

Returns a String array that contains a descriptive string for each provider registered in this object.
Returns:
A String array that contains a descriptive string for each provider.

String [] CertJ::listProviderNames ( int providerType ) [inline];

Returns a String array that contains the names of all the providers registered for a given type.
Parameters:

providerType An int indicating the type of provider. It is one of SPT_* constant.

Returns:
A String array that contains the names of the providers registered for a given type.

void CertJ::registerService ( Provider provider,

int order

) throws InvalidParameterException, ProviderManagementException [inline];

Registers an additional service provider given in Provider, after a CertJ object is constructed, using a particular ordering. It adds an entry for the service provider in the list of service providers in the order specified in order, either, SERVICE_ORDER_FIRST or SERVICE_ORDER_LAST. If the provider is a random number provider and if there is already a random number provider being registered, it will throw a ProviderManagementException. Use unregisterSerive first to remove the existing random number provider.
Parameters:

provider A Provider that defines a provider object to be registered.

order An int that specifies whether the service provider should be placed before or after other service providers of the same type in the provider list. Possible values are SERVICE_ORDER_FIRST and SERVICE_ORDER_LAST.

Exceptions:

InvalidParameterException If some of the parameters are invalid.

ProviderManagementException If any service provider management operation fails.

void CertJ::registerService ( Provider provider ) throws InvalidParameterException, ProviderManagementException [inline];

Registers an additional service provider given in Provider, after a CertJ object is constructed. It adds an entry for the service provider at the end of the list of service providers. If the provider is a random number provider and if there is already a random number provider being registered, it will throw a ProviderManagementException. Use unregisterSerive first to remove the existing random number provider.
Parameters:

provider A Provider that defines a provider object to be registered.

Exceptions:

InvalidParameterException If some of the parameters are invalid.

ProviderManagementException If any service provider management API fails.

void CertJ::removeCompatibilityType ( CompatibilityType property ) [inline, static];

Removes the compatibility type option. Note: Changing compatibility types affects all threads.
Parameters:

property the CompatibilityType option to be removed.

See also:
addCompatibilityType(CompatibilityType)

void CertJ::removeProvider ( int type,

String name

) throws InvalidParameterException [inline];

Removes a provider. It performs the same task as unregisterService(int, Sting).
Parameters:

type An int that denotes the service provider type. It should contain one of the SPT_* constants.

name A String that contains the service provider instance name. The method uses this string to identify the specific service provider instance to be removed.

Exceptions:

InvalidParameterException If some of the parameters are invalid.

See also:
unregisterService(int, java.lang.String)

synchronized boolean CertJ::runSelfTests ( ) throws InvalidUseException [inline, static];

Runs the FIPS 140 required power-up self-tests on demand. For use by the Crypto Officer with a FIPS-validated toolkit.
These tests consist of the algorithm known answer tests plus pairwise consisency checks on DSA and RSA key pair generation.

Returns:
true if all the self-tests passed, false otherwise.
Exceptions:

InvalidUseException if the role has not been set to CRYPTO_OFFICER_ROLE.

See also:
isFIPS140Compliant , selfTestPassed

boolean CertJ::selfTestPassed ( ) [inline, static];

Retrieves the results of last execution of the power-up self-tests. This method should be called on a FIPS-compliant library only.

Returns:
true if all the self-tests passed, false otherwise.
See also:
isFIPS140Compliant

String CertJ::serviceTypeToString ( int type ) [inline, static];

Returns a String describing the specified service type.
Parameters:

type An int indicating the type of service.

Returns:
A String describing the specified service type.

void CertJ::setDefaultDevice ( String device ) [inline, static];

Sets the value of the default device string associated with this class. A future object of this class will use this string as the device string.
Parameters:

device A String indicating the new value to be used for the default device string.

void CertJ::setDevice ( String device ) [inline];

Keeps the device string to be used for crypto operations.
Parameters:

device A String that represents a device.

void CertJ::setMode ( int newMode ) throws InvalidUseException [inline, static];

Sets the FIPS mode to newMode. The paramater newMode must be one of FIPS_MODE or NON_FIPS_MODE and the library must be a FIPS validated library. There is no enforcement of algorithm selection on FIPS_MODE, the caller is resposible for choosing the proper algorithms.
Parameters:

newMode The desired mode, FIPS_MODE or NON_FIPS_MODE

Exceptions:

InvalidUseException If newMode is not an allowed value or the library is not a FIPS-compliant library.

See also:
isFIPS140Compliant , getMode

void CertJ::setPKCS11Sessions ( JSAFE_Session SessionArray[] ) [inline];

Sets the value of the opened PKCS11 sessions.
Parameters:

SessionArray an array of JSAFE_Session to be used for Asymmetric encryption/decryption and sigature/verification.

See also:
com.rsa.certj.CertJgetPKCS11Sessions()

void CertJ::setRole ( int newRole ) throws InvalidUseException [inline, static];

Sets the user mode to newRole. For use with a FIPS-validated toolkit.
Parameters:

newRole The desired role: USER_ROLE or CRYPTO_OFFICER_ROLE.

Exceptions:

InvalidUseException If newRole is not an allowed value or the library is not FIPS-compliant.

See also:
isFIPS140Compliant , getRole

void CertJ::unbindService ( Service service ) [inline];

Unbinds service providers in the specified service.
Parameters:

service A Service returned by a previous call to bindService or bindServices.

void CertJ::unregisterService ( int type,

String name

) throws InvalidParameterException [inline];

Unregisters a previously registered service provider. The service handler with the specified type and name is removed and the provider's unregister method is called. Since CertJ automatically unregisters all currently registered service providers when the CertJ is shut down by unregisterAll, the application does not need to call this method if the next CertJ call will be unregisterAll. The application must be careful to ensure that the service provider being unregistered is not bound to any service handles.
Parameters:

type An int that denotes the service provider type. It should contain one of the SPT_* constants.

name A String that contains the service provider instance name. The method uses this string to identify the specific service provider instance to be unregistered.

Exceptions:

InvalidParameterException If some of the parameters are invalid.

boolean CertJ::validateCertificate ( CertPathCtx pathCtx,

Certificate cert,

JSAFE_PublicKey validationKey

) throws InvalidParameterException, NoServiceException, CertPathException [inline];

Verifies those aspects of the certification path processing policy that can be determined from the information available in the specified cert, using any parameters specified in pathCtx. This method will not look at any information that is contained in other certificates in the certification path. That is, unlike buildCertPath, this method does not take the entire certificate chain into account. It only looks at the provider information contained in the cert and verifies the certificate based it. Examples of certificate fields that may be validated by this routine include:

Validity Period  The certificate was signed using the private key corresponding to the public key specified in the validationKey.

Validation Key  The certificate validity period includes the validation time specified in the pathCtx.

The pathOptions field of the pathCtx can selectively disable the above checks or any others that are implemented by the service provider.
Parameters:

pathCtx A CertPathCtx that is used to determine the validation time and path validation options. Some fields may not be applicable to single-certificate validation.

cert A Certificate to be validated.

validationKey A JSAFE_PublicKey used to validate the certificate signature.

Returns:
true if validation of the certificate succeeds, false otherwise.
Exceptions:

InvalidParameterException If any of the parameters are invalid or null.

NoServiceException If no provider is found for certification path processing service.

CertPathException If a certification path processing provider fails.

boolean CertJ::verifyCertPath ( CertPathCtx pathCtx,

Object startObject

) throws InvalidParameterException, NoServiceException, CertPathException [inline];

Verifies a certification path from startObject to one of the trusted certificates provided in pathCtx, the certification path context, without returning the path verified.
Parameters:

pathCtx A CertPathCtx that is used to ensure that the constructed certification path is valid. Less strict checking during path construction can be requested by the appropriate use of pathOptions of this object.

startObject Either a Certificate or a CRL.

Returns:
true if valid path is verified, or false otherwise.
Exceptions:

InvalidParameterException If some of the parameters are invalid.

NoServiceException If no provider is found for Certification Path Processing Service.

CertPathException If a certification path processing provider fails.

See also:
buildCertPath(com.rsa.certj.spi.path.CertPathCtx, java.lang.Object, java.util.Vector, java.util.Vector, java.util.Vector, java.util.Vector)

Member Data Documentation

final int CertJ::SERVICE_ORDER_LAST [static]

Indicates that the service provider should be inserted after others of the same type. CertJ.registerService uses this value as the default when the order is not specified.

Public Methods
void CertJ::	setPKCS11Sessions (JSAFE_Session[] SessionArray)
	Sets the value of the opened PKCS11 sessions. More...
JSAFE_Session [] CertJ::	getPKCS11Sessions ()
	Returns the PKCS11 sessions collected before. More...
	CertJ () throws ProviderManagementException, InvalidUseException
	Constructs an instance of `CertJ` and initializes it with only one service provider, a `DefaultRandom` provider, which is created by `new DefaultRandom ("Default Random")`. More...
	CertJ (Provider[] providers) throws ProviderManagementException, InvalidUseException
	Constructs an instance of `CertJ` and initializes it with a list of service handlers given in providers. More...
void CertJ::	unregisterAll ()
	Unregisters all currently registered service providers.
void CertJ::	registerService (Provider provider) throws InvalidParameterException, ProviderManagementException
	Registers an additional service provider given in Provider, after a `CertJ` object is constructed. More...
void CertJ::	registerService (Provider provider, int order) throws InvalidParameterException, ProviderManagementException
	Registers an additional service provider given in Provider, after a `CertJ` object is constructed, using a particular ordering. More...
void CertJ::	unregisterService (int type, String name) throws InvalidParameterException
	Unregisters a previously registered service provider. More...
void CertJ::	addProvider (Provider provider) throws InvalidParameterException, ProviderManagementException
	Adds a provider. More...
void CertJ::	addProvider (Provider provider, int order) throws InvalidParameterException, ProviderManagementException
	Adds a provider using a particular ordering. More...
void CertJ::	removeProvider (int type, String name) throws InvalidParameterException
	Removes a provider. More...
Service CertJ::	bindService (int type, String name) throws InvalidParameterException, ProviderManagementException
	Creates a `Service` of type and name that can be used as a parameter to `CertJ` API methods that target a specific service provider or set of service providers. More...
Service CertJ::	bindServices (int type, String[] names) throws InvalidParameterException, ProviderManagementException
	Creates a `Service` consisting of one or more currently-registered service providers. More...
Service CertJ::	bindServices (int type) throws InvalidParameterException, ProviderManagementException
	Binds all the providers of a given type to a `Service`. More...
void CertJ::	unbindService (Service service)
	Unbinds service providers in the specified service. More...
String [] CertJ::	listAllProviders ()
	Returns a `String` array that contains a descriptive string for each provider registered in this object. More...
String [] CertJ::	listProviderNames (int providerType)
	Returns a `String` array that contains the names of all the providers registered for a given type. More...
JSAFE_SecureRandom CertJ::	getRandomObject () throws NoServiceException, RandomException
	Returns the random object associated with this object. More...
String CertJ::	getDevice ()
	Returns a `String` that represents a device associated with this object. More...
void CertJ::	setDevice (String device)
	Keeps the `device` string to be used for crypto operations. More...
boolean CertJ::	verifyCertPath (CertPathCtx pathCtx, Object startObject) throws InvalidParameterException, NoServiceException, CertPathException
	Verifies a certification path from startObject to one of the trusted certificates provided in pathCtx, the certification path context, without returning the path verified. More...
boolean CertJ::	buildCertPath (CertPathCtx pathCtx, Object startObject, Vector certPath, Vector crlList, Vector crlCerts, Vector policyInfoList) throws InvalidParameterException, NoServiceException, CertPathException
	Constructs a path in certPath from startObject to one of the trusted certificates provided in pathCtx, the certification path context. More...
void CertJ::	getNextCertInPath (CertPathCtx pathCtx, Object baseObject, Vector certList) throws InvalidParameterException, NoServiceException, CertPathException
	Collects a set of candidate certificates that have public keys that can verify the signature of baseObject, using the path-processing options and conditions in pathCtx. More...
boolean CertJ::	validateCertificate (CertPathCtx pathCtx, Certificate cert, JSAFE_PublicKey validationKey) throws InvalidParameterException, NoServiceException, CertPathException
	Verifies those aspects of the certification path processing policy that can be determined from the information available in the specified cert, using any parameters specified in pathCtx. More...
CertRevocationInfo CertJ::	checkCertRevocation (CertPathCtx pathCtx, Certificate cert) throws InvalidParameterException, NoServiceException, CertStatusException
	Determines whether a particular certificate is revoked or not based on the information provided in pathCtx. More...
void CertJ::	importPKCS12 (String pkcs12File, char[] password, DatabaseService database) throws PKCS12Exception
	Reads the contents of the PKCS #12 file, pkcs12File, using password as the password and stores it in the specified database service, database. More...
void CertJ::	importPKCS12 (File pkcs12File, char[] password, DatabaseService database) throws PKCS12Exception
	Reads the contents of the PKCS #12 file, pkcs12File, using password as the password and stores it in the specified database service, database. More...
Static Public Methods
String CertJ::	getDefaultDevice ()
	Returns the device string that will be used when an object of this class is instantiated. More...
void CertJ::	setDefaultDevice (String device)
	Sets the value of the default device string associated with this class. More...
String CertJ::	serviceTypeToString (int type)
	Returns a `String` describing the specified service type. More...
void CertJ::	addCompatibilityType (CompatibilityType property)
	Adds the compatibility type option. More...
void CertJ::	removeCompatibilityType (CompatibilityType property)
	Removes the compatibility type option. More...
boolean CertJ::	isCompatibilityTypeSet (CompatibilityType type)
	Indicates whether the specified compatibility type option is set. More...
final boolean CertJ::	isFIPS140Compliant () throws InvalidUseException
	Indicates whether this toolkit is FIPS 140-2 compliant. More...
int CertJ::	getState ()
	Queries the toolkit execution state on a FIPS-validated toolkit. More...
int CertJ::	getMode ()
	Returns the mode, either FIPS or NON-FIPS. More...
void CertJ::	setMode (int newMode) throws InvalidUseException
	Sets the FIPS mode to newMode. More...
int CertJ::	getRole ()
	Returns the user role. More...
void CertJ::	setRole (int newRole) throws InvalidUseException
	Sets the user mode to `newRole`. More...
boolean CertJ::	selfTestPassed ()
	Retrieves the results of last execution of the power-up self-tests. More...
synchronized boolean CertJ::	runSelfTests () throws InvalidUseException
	Runs the FIPS 140 required power-up self-tests on demand. More...
Static Public Attributes
final int CertJ::	SPT_RANDOM
	Denotes a random service provider.
final int CertJ::	SPT_DATABASE
	Denotes a database service provider.
final int CertJ::	SPT_CERT_STATUS
	Denotes a certificate revocation status service provider.
final int CertJ::	SPT_CERT_PATH
	Denotes a certification path processing service provider.
final int CertJ::	SPT_PKI
	Denotes a PKI service provider.
final int CertJ::	SERVICE_ORDER_FIRST
	Indicates that the service provider should be inserted before others of the same type.
final int CertJ::	SERVICE_ORDER_LAST
	Indicates that the service provider should be inserted after others of the same type. More...
final String CertJ::	CERT_J_VERSION
	Indicates the current version of Cert-J.
final int CertJ::	NOT_INITIALIZED
	Indicates that the Crypto-J toolkit has not been verified.
final int CertJ::	UNDER_SELF_TEST
	Indicates that the Crypto-J toolkit is under self test.
final int CertJ::	OPERATIONAL
	Indicates that the Crypto-J toolkit passed verification.
final int CertJ::	FAILED
	Indicates that the Crypto-J toolkit failed verification; a powerup or a conditional self test has failed.
final int CertJ::	FIPS_MODE
	Indicates that the toolkit is running in FIPS mode.
final int CertJ::	NON_FIPS_MODE
	Indicates that the toolkit is running in non-FIPS mode.
final int CertJ::	FIPS_TESTING_MODE
	Indicates that the toolkit is running in FIPS testing mode.
final int CertJ::	CRYPTO_OFFICER_ROLE
	Denotes the Crypto Officer role.
final int CertJ::	USER_ROLE
	Denotes the normal user role.