Jss And The Jni Layer; Nss - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual

Chapter 1. Overview
NOTE
The OCSP, DRM, TKS, and TPS subsystems do not have end-entity pages.
• Agent Services Interface . The agent services page java servlets process HTML form submitted
through the agent services HTTP pages. From the information in each submitted form, the agent
servlets allow agents to perform agent tasks, such as editing and approving requests for issuing or
revoking certificates and approving certificate profiles.
NOTE
The TPS interface is different than the agent services pages for the other three
subsystems. This HTML interface also functions as the administrative interface in place
of a Java™ console.
• Administrative Interface (Subsystem Console) . The administrative java servlets process
commands from the administrative entry-point. From the information supplied in the commands, the
administration servlets allow administrators to perform administrative tasks and configure plug-in
modules. This interface is similar for the CA, DRM, OCSP, and TKS subsystems. While there are
some common configuration types, there are different plug-ins available, depending on the kind of
subsystem. The auditor shares the same interface with the administrator, except with the ability to
view all configurations and logs, including audit logs; administrators cannot view audit logs.
NOTE
The TPS subsystem does not have an administrative console; administrator tasks are
performed through an HTML interface accessed through the agent services URL.
These servlets can return data in HTML or XML formats, making it easier for system administrators
to write scripts which interact with these servlets. For more information, see
Servlets".

1.4.4. JSS and the JNI Layer

JSS provides a Java™ interface for security operations performed by NSS. JSS and higher levels of
the Certificate System architecture are built with the Java™ Native Interface (JNI), which provides
binary compatibility across different versions of the Java™ Virtual Machine (JVM). This design allows
customized subsystem services to be compiled and built once and run on a range of platforms. JSS
supports most of the security standards and encryption technologies supported by NSS. JSS also
provides a pure Java™ interface for ASN.1 types and BER-DER encoding. JSS documentation is
available on-line at http://www.mozilla.org/projects/security/pki/jss/index.html.

1.4.5. NSS

Network Security Services (NSS) is a set of libraries designed to support cross-platform development
of security-enabled communications applications. Applications built with the NSS libraries support
the SSL protocol for authentication, tamper detection, and encryption, as well as PKCS #11 for
18
Section 3.8, "Using Java