Package org.dogtagpki.server.ca
Interface ICertificateAuthority
-
- All Superinterfaces:
ISubsystem
public interface ICertificateAuthority extends ISubsystem
An interface represents a Certificate Authority that is responsible for certificate specific operations.- Version:
- $Revision$, $Date$
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
ID
static java.lang.String
PROP_CA_NAMES
static java.lang.String
PROP_CERT_ISSUED_SUBSTORE
static java.lang.String
PROP_CERT_REVOKED_SUBSTORE
static java.lang.String
PROP_CLASS
static java.lang.String
PROP_CRL_PAGE_SIZE
static java.lang.String
PROP_CRL_SIGNING_SUBSTORE
static java.lang.String
PROP_CRL_SUBSTORE
static java.lang.String
PROP_CRLEXT_SUBSTORE
static java.lang.String
PROP_DEF_VALIDITY
static java.lang.String
PROP_ENABLE_ADMIN_ENROLL
static java.lang.String
PROP_ENABLE_LDAP_PUBLISH
static java.lang.String
PROP_ENABLE_OCSP
static java.lang.String
PROP_ENABLE_PAST_CATIME
static java.lang.String
PROP_ENABLE_PUBLISH
static java.lang.String
PROP_EXPIREDCERTS_CLASS
static java.lang.String
PROP_FAST_SIGNING
static java.lang.String
PROP_GATEWAY
static java.lang.String
PROP_ID
static java.lang.String
PROP_IMPL
static java.lang.String
PROP_INSTANCE
static java.lang.String
PROP_ISSUER_NAME
static java.lang.String
PROP_ISSUING_CLASS
static java.lang.String
PROP_LDAP_PUBLISH_SUBSTORE
static java.lang.String
PROP_LISTENER_SUBSTORE
static java.lang.String
PROP_MASTER_CRL
static java.lang.String
PROP_NOTIFY_SUBSTORE
static java.lang.String
PROP_OCSP_SIGNING_SUBSTORE
static java.lang.String
PROP_PLUGIN
static java.lang.String
PROP_POLICY
static java.lang.String
PROP_PUB_QUEUE_SUBSTORE
static java.lang.String
PROP_PUBLISH_SUBSTORE
static java.lang.String
PROP_REGISTRATION
static java.lang.String
PROP_REQ_IN_Q_SUBSTORE
static java.lang.String
PROP_SIGNING_SUBSTORE
static java.lang.String
PROP_TYPE
static java.lang.String
PROP_X509CERT_VERSION
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description boolean
addCRLIssuingPoint(IConfigStore crlSubStore, java.lang.String id, boolean enable, java.lang.String description)
Adds CRL issuing point with the given identifier and description.void
deleteAuthority(javax.servlet.http.HttpServletRequest httpReq)
Delete this lightweight CA.void
deleteCRLIssuingPoint(IConfigStore crlSubStore, java.lang.String id)
Deletes CRL issuing point with the given identifier.void
ensureReady()
Throw an exception if CA is not ready to perform signing operations.java.lang.String
getAuthorityDescription()
Return CA description.boolean
getAuthorityEnabled()
Return whether CA is enabled.AuthorityID
getAuthorityID()
Get the AuthorityID of this CA.AuthorityID
getAuthorityParentID()
Get the AuthorityID of this CA's parent CA, if available.org.mozilla.jss.netscape.security.x509.X509CertImpl
getCACert()
Retrieves the CA certificate.org.mozilla.jss.netscape.security.x509.CertificateChain
getCACertChain()
Retrieves the CA certificate chain.IService
getCAService()
Retrieves the CA service object that is responsible for processing requests.java.lang.String[]
getCASigningAlgorithms()
Retrieves the supported signing algorithms of this certificate authority.org.mozilla.jss.crypto.X509Certificate
getCaX509Cert()
Retrieves the CA certificate.CertificateRepository
getCertificateRepository()
Retrieves the certificate repository where all the locally issued certificates are kept.SigningUnit
getCRLSigningUnit()
Retrieves the signing unit that manages the CA signing key for signing CRL.org.mozilla.jss.netscape.security.x509.X500Name
getCRLX500Name()
Retrieves the issuer name of this certificate authority issuing point.java.lang.String
getDefaultAlgorithm()
Retrieves the default signing algorithm of this certificate authority.org.mozilla.jss.crypto.SignatureAlgorithm
getDefaultSignatureAlgorithm()
Retrieves the default signature algorithm of this certificate authority.long
getDefaultValidity()
Retrieves the default validity period.org.mozilla.jss.crypto.X509Certificate
getIssuanceProtCert()
get Issuance Protection Certificateorg.mozilla.jss.crypto.PrivateKey
getIssuanceProtPrivKey()
get Issuance Protection Private Keyjava.security.PublicKey
getIssuanceProtPubKey()
get Issuance Protection Public Keyorg.mozilla.jss.netscape.security.x509.CertificateIssuerName
getIssuerObj()
java.lang.String
getMaxSerial()
Retrieves the last serial number that can be used for certificate issuance in this certificate authority.java.lang.String
getNickname()
Returns the nickname for the CA signing certificate.java.util.Map<java.lang.Object,java.lang.Long>
getNonces(javax.servlet.http.HttpServletRequest request, java.lang.String name)
long
getNumOCSPRequest()
Returns the in-memory count of the processed OCSP requests.long
getOCSPRequestTotalTime()
Returns the in-memory time (in mini-second) of the processed time for OCSP requests.SigningUnit
getOCSPSigningUnit()
Retrieves the signing unit that manages the CA signing key for signing OCSP response.long
getOCSPTotalData()
Returns the total data signed for OCSP requests.long
getOCSPTotalSignTime()
Returns the in-memory time (in mini-second) of the signing time for OCSP requests.IPolicyProcessor
getPolicyProcessor()
Retrieves the policy processor of this certificate authority.PublisherProcessor
getPublisherProcessor()
Retrieves the publishing processor of this certificate authority.IReplicaIDRepository
getReplicaRepository()
Retrieves the Replica ID repository.IRequestListener
getRequestListener(java.lang.String name)
Retrieves the request listener by name.java.util.Enumeration<java.lang.String>
getRequestListenerNames()
Retrieves all request listeners.IRequestNotifier
getRequestNotifier()
get request notifierIRequestQueue
getRequestQueue()
Retrieves the request queue of this certificate authority.SigningUnit
getSigningUnit()
Retrieves the signing unit that manages the CA signing key for signing certificates.java.lang.String
getStartSerial()
Retrieves the next available serial number.org.mozilla.jss.netscape.security.x509.CertificateSubjectName
getSubjectObj()
org.mozilla.jss.netscape.security.x509.X500Name
getX500Name()
Retrieves the issuer name of this certificate authority.boolean
isClone()
Is this a clone CA?boolean
isHostAuthority()
Return whether this CA is the host authority (not a lightweight authority).boolean
isReady()
Return whether CA is ready to perform signing operations.void
log(int level, java.lang.String msg)
Logs a message to this certificate authority.boolean
noncesEnabled()
void
publishCRLNow()
Publishes the CRL immediately for MasterCRL issuing point if it exists.void
registerRequestListener(IRequestListener listener)
Registers a request listener.void
registerRequestListener(java.lang.String name, IRequestListener listener)
Registers a request listener.void
renewAuthority(javax.servlet.http.HttpServletRequest httpReq)
Renew certificate of CA.void
setBasicConstraintMaxLen(int num)
Sets the maximium path length in the basic constraint extension.void
setDefaultAlgorithm(java.lang.String algorithm)
Sets the default signing algorithm of this certificate authority.void
setMaxSerial(java.lang.String serial)
Sets the last serial number that can be used for certificate issuance in this certificate authority.void
setStartSerial(java.lang.String serial)
Sets the next available serial number.org.mozilla.jss.netscape.security.x509.X509CertImpl
sign(org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo, java.lang.String algname)
Signs a X.509 certificate template.org.mozilla.jss.netscape.security.x509.X509CRLImpl
sign(org.mozilla.jss.netscape.security.x509.X509CRLImpl crl, java.lang.String algname)
Signs the given CRL with the specific algorithm.void
updateCRLNow()
Updates the CRL immediately for MasterCRL issuing point if it exists.-
Methods inherited from interface com.netscape.certsrv.base.ISubsystem
getConfigStore, getId, init, setId, shutdown, startup
-
-
-
-
Field Detail
-
ID
static final java.lang.String ID
- See Also:
- Constant Field Values
-
PROP_REGISTRATION
static final java.lang.String PROP_REGISTRATION
- See Also:
- Constant Field Values
-
PROP_POLICY
static final java.lang.String PROP_POLICY
- See Also:
- Constant Field Values
-
PROP_GATEWAY
static final java.lang.String PROP_GATEWAY
- See Also:
- Constant Field Values
-
PROP_CLASS
static final java.lang.String PROP_CLASS
- See Also:
- Constant Field Values
-
PROP_TYPE
static final java.lang.String PROP_TYPE
- See Also:
- Constant Field Values
-
PROP_IMPL
static final java.lang.String PROP_IMPL
- See Also:
- Constant Field Values
-
PROP_PLUGIN
static final java.lang.String PROP_PLUGIN
- See Also:
- Constant Field Values
-
PROP_INSTANCE
static final java.lang.String PROP_INSTANCE
- See Also:
- Constant Field Values
-
PROP_LISTENER_SUBSTORE
static final java.lang.String PROP_LISTENER_SUBSTORE
- See Also:
- Constant Field Values
-
PROP_LDAP_PUBLISH_SUBSTORE
static final java.lang.String PROP_LDAP_PUBLISH_SUBSTORE
- See Also:
- Constant Field Values
-
PROP_PUBLISH_SUBSTORE
static final java.lang.String PROP_PUBLISH_SUBSTORE
- See Also:
- Constant Field Values
-
PROP_ENABLE_PUBLISH
static final java.lang.String PROP_ENABLE_PUBLISH
- See Also:
- Constant Field Values
-
PROP_ENABLE_LDAP_PUBLISH
static final java.lang.String PROP_ENABLE_LDAP_PUBLISH
- See Also:
- Constant Field Values
-
PROP_X509CERT_VERSION
static final java.lang.String PROP_X509CERT_VERSION
- See Also:
- Constant Field Values
-
PROP_ENABLE_PAST_CATIME
static final java.lang.String PROP_ENABLE_PAST_CATIME
- See Also:
- Constant Field Values
-
PROP_DEF_VALIDITY
static final java.lang.String PROP_DEF_VALIDITY
- See Also:
- Constant Field Values
-
PROP_FAST_SIGNING
static final java.lang.String PROP_FAST_SIGNING
- See Also:
- Constant Field Values
-
PROP_ENABLE_ADMIN_ENROLL
static final java.lang.String PROP_ENABLE_ADMIN_ENROLL
- See Also:
- Constant Field Values
-
PROP_CRL_SUBSTORE
static final java.lang.String PROP_CRL_SUBSTORE
- See Also:
- Constant Field Values
-
PROP_CRL_PAGE_SIZE
static final java.lang.String PROP_CRL_PAGE_SIZE
- See Also:
- Constant Field Values
-
PROP_MASTER_CRL
static final java.lang.String PROP_MASTER_CRL
- See Also:
- Constant Field Values
-
PROP_CRLEXT_SUBSTORE
static final java.lang.String PROP_CRLEXT_SUBSTORE
- See Also:
- Constant Field Values
-
PROP_ISSUING_CLASS
static final java.lang.String PROP_ISSUING_CLASS
- See Also:
- Constant Field Values
-
PROP_EXPIREDCERTS_CLASS
static final java.lang.String PROP_EXPIREDCERTS_CLASS
- See Also:
- Constant Field Values
-
PROP_NOTIFY_SUBSTORE
static final java.lang.String PROP_NOTIFY_SUBSTORE
- See Also:
- Constant Field Values
-
PROP_CERT_ISSUED_SUBSTORE
static final java.lang.String PROP_CERT_ISSUED_SUBSTORE
- See Also:
- Constant Field Values
-
PROP_CERT_REVOKED_SUBSTORE
static final java.lang.String PROP_CERT_REVOKED_SUBSTORE
- See Also:
- Constant Field Values
-
PROP_REQ_IN_Q_SUBSTORE
static final java.lang.String PROP_REQ_IN_Q_SUBSTORE
- See Also:
- Constant Field Values
-
PROP_PUB_QUEUE_SUBSTORE
static final java.lang.String PROP_PUB_QUEUE_SUBSTORE
- See Also:
- Constant Field Values
-
PROP_ISSUER_NAME
static final java.lang.String PROP_ISSUER_NAME
- See Also:
- Constant Field Values
-
PROP_CA_NAMES
static final java.lang.String PROP_CA_NAMES
- See Also:
- Constant Field Values
-
PROP_SIGNING_SUBSTORE
static final java.lang.String PROP_SIGNING_SUBSTORE
- See Also:
- Constant Field Values
-
PROP_ENABLE_OCSP
static final java.lang.String PROP_ENABLE_OCSP
- See Also:
- Constant Field Values
-
PROP_OCSP_SIGNING_SUBSTORE
static final java.lang.String PROP_OCSP_SIGNING_SUBSTORE
- See Also:
- Constant Field Values
-
PROP_CRL_SIGNING_SUBSTORE
static final java.lang.String PROP_CRL_SIGNING_SUBSTORE
- See Also:
- Constant Field Values
-
PROP_ID
static final java.lang.String PROP_ID
- See Also:
- Constant Field Values
-
-
Method Detail
-
getCertificateRepository
CertificateRepository getCertificateRepository()
Retrieves the certificate repository where all the locally issued certificates are kept.- Returns:
- CA's certificate repository
-
getRequestQueue
IRequestQueue getRequestQueue()
Retrieves the request queue of this certificate authority.- Returns:
- CA's request queue
-
getPolicyProcessor
IPolicyProcessor getPolicyProcessor()
Retrieves the policy processor of this certificate authority.- Returns:
- CA's policy processor
-
noncesEnabled
boolean noncesEnabled()
-
getNonces
java.util.Map<java.lang.Object,java.lang.Long> getNonces(javax.servlet.http.HttpServletRequest request, java.lang.String name)
-
getPublisherProcessor
PublisherProcessor getPublisherProcessor()
Retrieves the publishing processor of this certificate authority.- Returns:
- CA's publishing processor
-
getStartSerial
java.lang.String getStartSerial()
Retrieves the next available serial number.- Returns:
- next available serial number
-
setStartSerial
void setStartSerial(java.lang.String serial) throws EBaseException
Sets the next available serial number.- Parameters:
serial
- next available serial number- Throws:
EBaseException
- failed to set next available serial number
-
getMaxSerial
java.lang.String getMaxSerial()
Retrieves the last serial number that can be used for certificate issuance in this certificate authority.- Returns:
- the last serial number
-
setMaxSerial
void setMaxSerial(java.lang.String serial) throws EBaseException
Sets the last serial number that can be used for certificate issuance in this certificate authority.- Parameters:
serial
- the last serial number- Throws:
EBaseException
- failed to set the last serial number
-
getDefaultSignatureAlgorithm
org.mozilla.jss.crypto.SignatureAlgorithm getDefaultSignatureAlgorithm()
Retrieves the default signature algorithm of this certificate authority.- Returns:
- the default signature algorithm of this CA
-
getDefaultAlgorithm
java.lang.String getDefaultAlgorithm()
Retrieves the default signing algorithm of this certificate authority.- Returns:
- the default signing algorithm of this CA
-
setDefaultAlgorithm
void setDefaultAlgorithm(java.lang.String algorithm) throws EBaseException
Sets the default signing algorithm of this certificate authority.- Parameters:
algorithm
- new default signing algorithm- Throws:
EBaseException
- failed to set the default signing algorithm
-
getCASigningAlgorithms
java.lang.String[] getCASigningAlgorithms()
Retrieves the supported signing algorithms of this certificate authority.- Returns:
- the supported signing algorithms of this CA
-
getDefaultValidity
long getDefaultValidity()
Retrieves the default validity period.- Returns:
- the default validity length in days
-
addCRLIssuingPoint
boolean addCRLIssuingPoint(IConfigStore crlSubStore, java.lang.String id, boolean enable, java.lang.String description)
Adds CRL issuing point with the given identifier and description.- Parameters:
crlSubStore
- sub-store with all CRL issuing pointsid
- CRL issuing point iddescription
- CRL issuing point description- Returns:
- true if CRL issuing point was successfully added
-
deleteCRLIssuingPoint
void deleteCRLIssuingPoint(IConfigStore crlSubStore, java.lang.String id)
Deletes CRL issuing point with the given identifier.- Parameters:
crlSubStore
- sub-store with all CRL issuing pointsid
- CRL issuing point id
-
getReplicaRepository
IReplicaIDRepository getReplicaRepository()
Retrieves the Replica ID repository.- Returns:
- CA's Replica ID repository
-
getRequestListenerNames
java.util.Enumeration<java.lang.String> getRequestListenerNames()
Retrieves all request listeners.- Returns:
- name enumeration of all request listeners
-
getCACertChain
org.mozilla.jss.netscape.security.x509.CertificateChain getCACertChain()
Retrieves the CA certificate chain.- Returns:
- the CA certificate chain
-
getCaX509Cert
org.mozilla.jss.crypto.X509Certificate getCaX509Cert()
Retrieves the CA certificate.- Returns:
- the CA certificate
-
getCACert
org.mozilla.jss.netscape.security.x509.X509CertImpl getCACert() throws EBaseException
Retrieves the CA certificate.- Returns:
- the CA certificate
- Throws:
EBaseException
-
updateCRLNow
void updateCRLNow() throws EBaseException
Updates the CRL immediately for MasterCRL issuing point if it exists.- Throws:
EBaseException
- failed to create or publish CRL
-
publishCRLNow
void publishCRLNow() throws EBaseException
Publishes the CRL immediately for MasterCRL issuing point if it exists.- Throws:
EBaseException
- failed to publish CRL
-
getSigningUnit
SigningUnit getSigningUnit()
Retrieves the signing unit that manages the CA signing key for signing certificates.- Returns:
- the CA signing unit for certificates
-
getCRLSigningUnit
SigningUnit getCRLSigningUnit()
Retrieves the signing unit that manages the CA signing key for signing CRL.- Returns:
- the CA signing unit for CRLs
-
getOCSPSigningUnit
SigningUnit getOCSPSigningUnit()
Retrieves the signing unit that manages the CA signing key for signing OCSP response.- Returns:
- the CA signing unit for OCSP responses
-
setBasicConstraintMaxLen
void setBasicConstraintMaxLen(int num)
Sets the maximium path length in the basic constraint extension.- Parameters:
num
- the maximium path length
-
isClone
boolean isClone()
Is this a clone CA?- Returns:
- true if this is a clone CA
-
getRequestListener
IRequestListener getRequestListener(java.lang.String name)
Retrieves the request listener by name.- Parameters:
name
- request listener name- Returns:
- the request listener
-
getRequestNotifier
IRequestNotifier getRequestNotifier()
get request notifier
-
registerRequestListener
void registerRequestListener(IRequestListener listener)
Registers a request listener.- Parameters:
listener
- request listener to be registered
-
registerRequestListener
void registerRequestListener(java.lang.String name, IRequestListener listener)
Registers a request listener.- Parameters:
name
- under request listener is going to be registeredlistener
- request listener to be registered
-
getX500Name
org.mozilla.jss.netscape.security.x509.X500Name getX500Name()
Retrieves the issuer name of this certificate authority.- Returns:
- the issuer name of this certificate authority
-
getCRLX500Name
org.mozilla.jss.netscape.security.x509.X500Name getCRLX500Name()
Retrieves the issuer name of this certificate authority issuing point.- Returns:
- the issuer name of this certificate authority issuing point
-
sign
org.mozilla.jss.netscape.security.x509.X509CRLImpl sign(org.mozilla.jss.netscape.security.x509.X509CRLImpl crl, java.lang.String algname) throws EBaseException
Signs the given CRL with the specific algorithm.- Parameters:
crl
- CRL to be signedalgname
- algorithm used for signing- Returns:
- signed CRL
- Throws:
EBaseException
- failed to sign CRL
-
log
void log(int level, java.lang.String msg)
Logs a message to this certificate authority.- Parameters:
level
- logging levelmsg
- logged message
-
getNickname
java.lang.String getNickname()
Returns the nickname for the CA signing certificate.- Returns:
- the nickname for the CA signing certificate
-
sign
org.mozilla.jss.netscape.security.x509.X509CertImpl sign(org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo, java.lang.String algname) throws EBaseException
Signs a X.509 certificate template.- Parameters:
certInfo
- X.509 certificate templatealgname
- algorithm used for signing- Returns:
- signed certificate
- Throws:
EBaseException
- failed to sign certificate
-
getCAService
IService getCAService()
Retrieves the CA service object that is responsible for processing requests.- Returns:
- CA service object
-
getNumOCSPRequest
long getNumOCSPRequest()
Returns the in-memory count of the processed OCSP requests.- Returns:
- number of processed OCSP requests in memory
-
getOCSPRequestTotalTime
long getOCSPRequestTotalTime()
Returns the in-memory time (in mini-second) of the processed time for OCSP requests.- Returns:
- processed times for OCSP requests
-
getOCSPTotalSignTime
long getOCSPTotalSignTime()
Returns the in-memory time (in mini-second) of the signing time for OCSP requests.- Returns:
- processed times for OCSP requests
-
getOCSPTotalData
long getOCSPTotalData()
Returns the total data signed for OCSP requests.- Returns:
- processed times for OCSP requests
-
getIssuerObj
org.mozilla.jss.netscape.security.x509.CertificateIssuerName getIssuerObj()
-
getSubjectObj
org.mozilla.jss.netscape.security.x509.CertificateSubjectName getSubjectObj()
-
isHostAuthority
boolean isHostAuthority()
Return whether this CA is the host authority (not a lightweight authority).
-
getAuthorityID
AuthorityID getAuthorityID()
Get the AuthorityID of this CA.
-
getAuthorityParentID
AuthorityID getAuthorityParentID()
Get the AuthorityID of this CA's parent CA, if available.
-
getAuthorityEnabled
boolean getAuthorityEnabled()
Return whether CA is enabled.
-
isReady
boolean isReady()
Return whether CA is ready to perform signing operations.
-
ensureReady
void ensureReady() throws ECAException
Throw an exception if CA is not ready to perform signing operations.- Throws:
ECAException
-
getAuthorityDescription
java.lang.String getAuthorityDescription()
Return CA description. May be null.
-
renewAuthority
void renewAuthority(javax.servlet.http.HttpServletRequest httpReq) throws java.lang.Exception
Renew certificate of CA.- Throws:
java.lang.Exception
-
deleteAuthority
void deleteAuthority(javax.servlet.http.HttpServletRequest httpReq) throws EBaseException
Delete this lightweight CA.- Throws:
EBaseException
-
getIssuanceProtPubKey
java.security.PublicKey getIssuanceProtPubKey()
get Issuance Protection Public Key
-
getIssuanceProtPrivKey
org.mozilla.jss.crypto.PrivateKey getIssuanceProtPrivKey()
get Issuance Protection Private Key
-
getIssuanceProtCert
org.mozilla.jss.crypto.X509Certificate getIssuanceProtCert()
get Issuance Protection Certificate
-
-