Interface ICertificateAuthority

  • All Superinterfaces:
    ISubsystem

    public interface ICertificateAuthority
    extends ISubsystem
    An interface represents a Certificate Authority that is responsible for certificate specific operations.

    Version:
    $Revision$, $Date$
    • Method Detail

      • getCertificateRepository

        CertificateRepository getCertificateRepository()
        Retrieves the certificate repository where all the locally issued certificates are kept.
        Returns:
        CA's certificate repository
      • getRequestQueue

        IRequestQueue getRequestQueue()
        Retrieves the request queue of this certificate authority.
        Returns:
        CA's request queue
      • getPolicyProcessor

        IPolicyProcessor getPolicyProcessor()
        Retrieves the policy processor of this certificate authority.
        Returns:
        CA's policy processor
      • noncesEnabled

        boolean noncesEnabled()
      • getNonces

        java.util.Map<java.lang.Object,​java.lang.Long> getNonces​(javax.servlet.http.HttpServletRequest request,
                                                                       java.lang.String name)
      • getPublisherProcessor

        PublisherProcessor getPublisherProcessor()
        Retrieves the publishing processor of this certificate authority.
        Returns:
        CA's publishing processor
      • getStartSerial

        java.lang.String getStartSerial()
        Retrieves the next available serial number.
        Returns:
        next available serial number
      • setStartSerial

        void setStartSerial​(java.lang.String serial)
                     throws EBaseException
        Sets the next available serial number.
        Parameters:
        serial - next available serial number
        Throws:
        EBaseException - failed to set next available serial number
      • getMaxSerial

        java.lang.String getMaxSerial()
        Retrieves the last serial number that can be used for certificate issuance in this certificate authority.
        Returns:
        the last serial number
      • setMaxSerial

        void setMaxSerial​(java.lang.String serial)
                   throws EBaseException
        Sets the last serial number that can be used for certificate issuance in this certificate authority.
        Parameters:
        serial - the last serial number
        Throws:
        EBaseException - failed to set the last serial number
      • getDefaultSignatureAlgorithm

        org.mozilla.jss.crypto.SignatureAlgorithm getDefaultSignatureAlgorithm()
        Retrieves the default signature algorithm of this certificate authority.
        Returns:
        the default signature algorithm of this CA
      • getDefaultAlgorithm

        java.lang.String getDefaultAlgorithm()
        Retrieves the default signing algorithm of this certificate authority.
        Returns:
        the default signing algorithm of this CA
      • setDefaultAlgorithm

        void setDefaultAlgorithm​(java.lang.String algorithm)
                          throws EBaseException
        Sets the default signing algorithm of this certificate authority.
        Parameters:
        algorithm - new default signing algorithm
        Throws:
        EBaseException - failed to set the default signing algorithm
      • getCASigningAlgorithms

        java.lang.String[] getCASigningAlgorithms()
        Retrieves the supported signing algorithms of this certificate authority.
        Returns:
        the supported signing algorithms of this CA
      • getDefaultValidity

        long getDefaultValidity()
        Retrieves the default validity period.
        Returns:
        the default validity length in days
      • addCRLIssuingPoint

        boolean addCRLIssuingPoint​(IConfigStore crlSubStore,
                                   java.lang.String id,
                                   boolean enable,
                                   java.lang.String description)
        Adds CRL issuing point with the given identifier and description.
        Parameters:
        crlSubStore - sub-store with all CRL issuing points
        id - CRL issuing point id
        description - CRL issuing point description
        Returns:
        true if CRL issuing point was successfully added
      • deleteCRLIssuingPoint

        void deleteCRLIssuingPoint​(IConfigStore crlSubStore,
                                   java.lang.String id)
        Deletes CRL issuing point with the given identifier.
        Parameters:
        crlSubStore - sub-store with all CRL issuing points
        id - CRL issuing point id
      • getReplicaRepository

        IReplicaIDRepository getReplicaRepository()
        Retrieves the Replica ID repository.
        Returns:
        CA's Replica ID repository
      • getRequestListenerNames

        java.util.Enumeration<java.lang.String> getRequestListenerNames()
        Retrieves all request listeners.
        Returns:
        name enumeration of all request listeners
      • getCACertChain

        org.mozilla.jss.netscape.security.x509.CertificateChain getCACertChain()
        Retrieves the CA certificate chain.
        Returns:
        the CA certificate chain
      • getCaX509Cert

        org.mozilla.jss.crypto.X509Certificate getCaX509Cert()
        Retrieves the CA certificate.
        Returns:
        the CA certificate
      • getCACert

        org.mozilla.jss.netscape.security.x509.X509CertImpl getCACert()
                                                               throws EBaseException
        Retrieves the CA certificate.
        Returns:
        the CA certificate
        Throws:
        EBaseException
      • updateCRLNow

        void updateCRLNow()
                   throws EBaseException
        Updates the CRL immediately for MasterCRL issuing point if it exists.
        Throws:
        EBaseException - failed to create or publish CRL
      • publishCRLNow

        void publishCRLNow()
                    throws EBaseException
        Publishes the CRL immediately for MasterCRL issuing point if it exists.
        Throws:
        EBaseException - failed to publish CRL
      • getSigningUnit

        SigningUnit getSigningUnit()
        Retrieves the signing unit that manages the CA signing key for signing certificates.
        Returns:
        the CA signing unit for certificates
      • getCRLSigningUnit

        SigningUnit getCRLSigningUnit()
        Retrieves the signing unit that manages the CA signing key for signing CRL.
        Returns:
        the CA signing unit for CRLs
      • getOCSPSigningUnit

        SigningUnit getOCSPSigningUnit()
        Retrieves the signing unit that manages the CA signing key for signing OCSP response.
        Returns:
        the CA signing unit for OCSP responses
      • setBasicConstraintMaxLen

        void setBasicConstraintMaxLen​(int num)
        Sets the maximium path length in the basic constraint extension.
        Parameters:
        num - the maximium path length
      • isClone

        boolean isClone()
        Is this a clone CA?
        Returns:
        true if this is a clone CA
      • getRequestListener

        IRequestListener getRequestListener​(java.lang.String name)
        Retrieves the request listener by name.
        Parameters:
        name - request listener name
        Returns:
        the request listener
      • getRequestNotifier

        IRequestNotifier getRequestNotifier()
        get request notifier
      • registerRequestListener

        void registerRequestListener​(IRequestListener listener)
        Registers a request listener.
        Parameters:
        listener - request listener to be registered
      • registerRequestListener

        void registerRequestListener​(java.lang.String name,
                                     IRequestListener listener)
        Registers a request listener.
        Parameters:
        name - under request listener is going to be registered
        listener - request listener to be registered
      • getX500Name

        org.mozilla.jss.netscape.security.x509.X500Name getX500Name()
        Retrieves the issuer name of this certificate authority.
        Returns:
        the issuer name of this certificate authority
      • getCRLX500Name

        org.mozilla.jss.netscape.security.x509.X500Name getCRLX500Name()
        Retrieves the issuer name of this certificate authority issuing point.
        Returns:
        the issuer name of this certificate authority issuing point
      • sign

        org.mozilla.jss.netscape.security.x509.X509CRLImpl sign​(org.mozilla.jss.netscape.security.x509.X509CRLImpl crl,
                                                                java.lang.String algname)
                                                         throws EBaseException
        Signs the given CRL with the specific algorithm.
        Parameters:
        crl - CRL to be signed
        algname - algorithm used for signing
        Returns:
        signed CRL
        Throws:
        EBaseException - failed to sign CRL
      • log

        void log​(int level,
                 java.lang.String msg)
        Logs a message to this certificate authority.
        Parameters:
        level - logging level
        msg - logged message
      • getNickname

        java.lang.String getNickname()
        Returns the nickname for the CA signing certificate.
        Returns:
        the nickname for the CA signing certificate
      • sign

        org.mozilla.jss.netscape.security.x509.X509CertImpl sign​(org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo,
                                                                 java.lang.String algname)
                                                          throws EBaseException
        Signs a X.509 certificate template.
        Parameters:
        certInfo - X.509 certificate template
        algname - algorithm used for signing
        Returns:
        signed certificate
        Throws:
        EBaseException - failed to sign certificate
      • getCAService

        IService getCAService()
        Retrieves the CA service object that is responsible for processing requests.
        Returns:
        CA service object
      • getNumOCSPRequest

        long getNumOCSPRequest()
        Returns the in-memory count of the processed OCSP requests.
        Returns:
        number of processed OCSP requests in memory
      • getOCSPRequestTotalTime

        long getOCSPRequestTotalTime()
        Returns the in-memory time (in mini-second) of the processed time for OCSP requests.
        Returns:
        processed times for OCSP requests
      • getOCSPTotalSignTime

        long getOCSPTotalSignTime()
        Returns the in-memory time (in mini-second) of the signing time for OCSP requests.
        Returns:
        processed times for OCSP requests
      • getOCSPTotalData

        long getOCSPTotalData()
        Returns the total data signed for OCSP requests.
        Returns:
        processed times for OCSP requests
      • getIssuerObj

        org.mozilla.jss.netscape.security.x509.CertificateIssuerName getIssuerObj()
      • getSubjectObj

        org.mozilla.jss.netscape.security.x509.CertificateSubjectName getSubjectObj()
      • isHostAuthority

        boolean isHostAuthority()
        Return whether this CA is the host authority (not a lightweight authority).
      • getAuthorityID

        AuthorityID getAuthorityID()
        Get the AuthorityID of this CA.
      • getAuthorityParentID

        AuthorityID getAuthorityParentID()
        Get the AuthorityID of this CA's parent CA, if available.
      • getAuthorityEnabled

        boolean getAuthorityEnabled()
        Return whether CA is enabled.
      • isReady

        boolean isReady()
        Return whether CA is ready to perform signing operations.
      • ensureReady

        void ensureReady()
                  throws ECAException
        Throw an exception if CA is not ready to perform signing operations.
        Throws:
        ECAException
      • getAuthorityDescription

        java.lang.String getAuthorityDescription()
        Return CA description. May be null.
      • renewAuthority

        void renewAuthority​(javax.servlet.http.HttpServletRequest httpReq)
                     throws java.lang.Exception
        Renew certificate of CA.
        Throws:
        java.lang.Exception
      • deleteAuthority

        void deleteAuthority​(javax.servlet.http.HttpServletRequest httpReq)
                      throws EBaseException
        Delete this lightweight CA.
        Throws:
        EBaseException
      • getIssuanceProtPubKey

        java.security.PublicKey getIssuanceProtPubKey()
        get Issuance Protection Public Key
      • getIssuanceProtPrivKey

        org.mozilla.jss.crypto.PrivateKey getIssuanceProtPrivKey()
        get Issuance Protection Private Key
      • getIssuanceProtCert

        org.mozilla.jss.crypto.X509Certificate getIssuanceProtCert()
        get Issuance Protection Certificate