index.rst (13022B)
1 .. _mozilla_projects_nss_jss: 2 3 JSS 4 === 5 6 `Documentation <#documentation>`__ 7 ---------------------------------- 8 9 .. container:: 10 11 .. warning:: 12 13 **The JSS project has been relocated!** 14 15 As of April 6, 2018, JSS has been migrated from Mercurial on Mozilla to Git on Github. 16 17 JSS source should now be checked out from the Github: 18 19 - git clone git@github.com:dogtagpki/jss.git 20 -- OR -- 21 - git clone https://github.com/dogtagpki/jss.git 22 23 All future upstream enquiries to JSS should now use the Pagure Issue Tracker system: 24 25 - https://pagure.io/jss/issues 26 27 Documentation regarding the JSS project should now be viewed at: 28 29 - http://www.dogtagpki.org/wiki/JSS 30 31 **NOTE: As much of the JSS documentation is sorely out-of-date, updated information will be a 32 work in progress, and many portions of any legacy documentation will be re-written over the 33 course of time. Stay tuned!** 34 35 Legacy JSS information can still be found at: 36 37 - SOURCE: https://hg.mozilla.org/projects/jss 38 - ISSUES: https://bugzilla.mozilla.org/buglist.cgi?product=JSS 39 - WIKI: :ref:`mozilla_projects_nss_jss` 40 41 Network Security Services for Java (JSS) is a Java interface to 42 `NSS <https://developer.mozilla.org/en-US/docs/NSS>`__. JSS supports most of the security 43 standards and encryption technologies supported by :ref:`mozilla_projects_nss_reference`. JSS 44 also provides a pure Java interface for ASN.1 types and BER/DER encoding. 45 46 JSS offers a implementation of Java SSL sockets that uses NSS's SSL/TLS implementation rather 47 than Sun's JSSE implementation. You might want to use JSS's own `SSL 48 classes <ftp://ftp.mozilla.org/pub/mozilla.org/security/jss/releases>`__ if you want to use some 49 of the capabilities found in NSS's SSL/TLS library but not found in JSSE. 50 51 NSS is the cryptographic module where all cryptographic operations are performed. JSS essentially 52 provides a Java JNI bridge to NSS C shared libraries. When NSS is put in FIPS mode, JSS ensures 53 FIPS compliance by ensuring that all cryptographic operations are performed by the NSS 54 cryptographic module. 55 56 JSS offers a JCE provider, `"Mozilla-JSS" JCA Provider notes <JSS/JSS_Provider_Notes>`__. 57 58 JSS, jss4.jar, is still built with JDK 1.4.2. While JDK 1.4.2 is EOL'd and all new product 59 development should be using the latest 60 `JavaSE <http://java.sun.com/javase/downloads/index.jsp>`__, legacy business products that must 61 use JDK 1.4 or 1.5 can continue to add NSS/JSS security fixes/enhancements. 62 63 JSS is used by Red Hat and Sun products that do crypto in Java. JSS is available under the 64 Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public 65 License. JSS requires `NSPR <https://developer.mozilla.org/en-US/docs/NSPR>`__ and 66 `NSS <https://developer.mozilla.org/en-US/docs/NSS>`__. 67 68 Java provides a JCE provider called SunPKCS11 (see `Java PKCS#11 Reference 69 Guide <http://download.java.net/jdk7/docs/technotes/guides/security/p11guide.html>`__.) SunPKCS11 70 can be configured to use the NSS module as the crytographic provider. If you are planning to just 71 use JSS JCE provider as a bridge to NSS's FIPS validated PKCS#11 module, then the SunPKCS11 JCE 72 provider may do all that you need. Note that Java 1.5 claimed no FIPS compliance, and `Java 73 1.6 <http://java.sun.com/javase/6/docs/technotes/guides/security/enhancements.html>`__ or higher 74 needs to be used. A current limitation to the configured SunPKCS11-NSS bridge configuration is if 75 you add a PKCS#11 module to the NSS database such as for a smartcard, you won't be able to access 76 that smartcard through the SunPKCS11-NSS bridge. If you use JSS, you can easily get lists of 77 modules and tokens that are configured in the NSS DB and freely access all of it. 78 79 +-------------------------------------------------+-------------------------------------------------+ 80 | Before you use JSS, you should have a good | .. rubric:: Community | 81 | understanding of the crypto technologies it | :name: Community | 82 | uses. You might want to read these documents: | | 83 | | - View Mozilla Cryptography forums... | 84 | - `Introduction to Public-Key | | 85 | Crypt | - `Mailing | 86 | ography <https://developer.mozilla.org/en-US/do | list <https:/ | 87 | cs/Introduction_to_Public-Key_Cryptography>`__. | /lists.mozilla.org/listinfo/dev-tech-crypto>`__ | 88 | Explains the basic concepts of public-key | - `Newsgroup <http://grou | 89 | cryptography that underlie NSS and JSS. | ps.google.com/group/mozilla.dev.tech.crypto>`__ | 90 | - `Introduction to | - `RSS | 91 | SSL <https://developer. | feed <http://groups.goo | 92 | mozilla.org/en-US/docs/Introduction_to_SSL>`__. | gle.com/group/mozilla.dev.tech.crypto/feeds>`__ | 93 | Introduces the SSL protocol, including | | 94 | information about cryptographic ciphers | .. rubric:: Related Topics | 95 | supported by SSL and the steps involved in | :name: Related_Topics | 96 | the SSL handshake. | | 97 | | - `Security <https: | 98 | For information on downloading NSS releases, | //developer.mozilla.org/en-US/docs/Security>`__ | 99 | see `NSS sources building | | 100 | testing <NSS_Sources_Building_Te | | 101 | sting>`__\ `. <NSS_Sources_Building_Testing>`__ | | 102 | | | 103 | Read `Using JSS <JSS/Using_JSS>`__ to get you | | 104 | started with development after you've built and | | 105 | downloaded it. | | 106 | | | 107 | .. rubric:: Release Notes | | 108 | :name: Release_Notes | | 109 | | | 110 | - `4.3.1 Release | | 111 | Notes </4.3.1_Release_Notes>`__ | | 112 | - `4.3 Release | | 113 | Notes <https://developer. | | 114 | mozilla.org/en-US/docs/JSS/4_3_ReleaseNotes>`__ | | 115 | - `Older Release | | 116 | Notes <http://www-archive.mozil | | 117 | la.org/projects/security/pki/jss/index.html>`__ | | 118 | | | 119 | .. rubric:: Build Instructions | | 120 | :name: Build_Instructions | | 121 | | | 122 | - :re | | 123 | f:`mozilla_projects_nss_jss_build_instructions_ | | 124 | for_jss_4_4_x#build_instructions_for_jss_4_4_x` | | 125 | - `Building JSS | | 126 | 4.3.x <https://developer.mozilla.org/en-U | | 127 | S/docs/JSS/Build_instructions_for_JSS_4.3.x>`__ | | 128 | - `Older Build | | 129 | Instructions <http://www-archive.mozil | | 130 | la.org/projects/security/pki/jss/index.html>`__ | | 131 | | | 132 | .. rubric:: Download or View Source | | 133 | :name: Download_or_View_Source | | 134 | | | 135 | - `Download binaries, source, and | | 136 | javadoc <ftp://ftp.mozilla | | 137 | .org/pub/mozilla.org/security/jss/releases/>`__ | | 138 | - `View the source | | 139 | online <http://m | | 140 | xr.mozilla.org/mozilla/source/security/jss/>`__ | | 141 | | | 142 | .. rubric:: Testing | | 143 | :name: Testing | | 144 | | | 145 | - `JSS | | 146 | tests <https:// | | 147 | hg.mozilla.org/projects/jss/file/tip/README>`__ | | 148 | | | 149 | .. rubric:: Frequently Asked Questions | | 150 | :name: Frequently_Asked_Questions | | 151 | | | 152 | - `JSS FAQ <JSS/JSS_FAQ>`__ | | 153 | | | 154 | Information on JSS planning can be found at | | 155 | `wik | | 156 | i.mozilla.org <http://wiki.mozilla.org/NSS>`__, | | 157 | including: | | 158 | | | 159 | - `NSS FIPS | | 160 | Validati | | 161 | on <http://wiki.mozilla.org/FIPS_Validation>`__ | | 162 | - `NSS Roadmap | | 163 | | | 164 | page <http://wiki.mozilla.org/NSS:Roadmap>`__ | | 165 +-------------------------------------------------+-------------------------------------------------+