public interface ICRLIssuingPoint
Modifier and Type | Field and Description |
---|---|
static int |
CRL_IP_INITIALIZATION_FAILED |
static int |
CRL_IP_INITIALIZED |
static int |
CRL_IP_NOT_INITIALIZED |
static int |
CRL_PUBLISHING_STARTED |
static int |
CRL_UPDATE_DONE
for manual updates - requested by agent
|
static int |
CRL_UPDATE_STARTED |
static java.lang.String |
PROP_BEGIN_SERIAL |
static java.lang.String |
PROP_END_SERIAL |
static java.lang.String |
PROP_MIN_UPDATE_INTERVAL |
static java.lang.String |
PROP_PUBLISH_DN |
static java.lang.String |
PROP_PUBLISH_ON_START |
static java.lang.String |
SC_CRL_COUNT |
static java.lang.String |
SC_IS_DELTA_CRL |
static java.lang.String |
SC_ISSUING_POINT_ID |
Modifier and Type | Method and Description |
---|---|
void |
addExpiredCert(java.math.BigInteger serialNumber)
Adds expired and revoked certificate to delta-CRL cache.
|
void |
addRevokedCert(java.math.BigInteger serialNumber,
netscape.security.x509.RevokedCertImpl revokedCert)
Adds revoked certificate to delta-CRL cache.
|
void |
addRevokedCert(java.math.BigInteger serialNumber,
netscape.security.x509.RevokedCertImpl revokedCert,
java.lang.String requestId)
Adds revoked certificate to delta-CRL cache.
|
void |
addUnrevokedCert(java.math.BigInteger serialNumber)
Adds unrevoked certificate to delta-CRL cache.
|
void |
addUnrevokedCert(java.math.BigInteger serialNumber,
java.lang.String requestId)
Adds unrevoked certificate to delta-CRL cache.
|
boolean |
areExpiredCertsIncluded()
Checks if expired certificates are included in CRL.
|
boolean |
checkCurrentProfile(java.lang.String id)
Checks if CRL issuing point includes this profile.
|
void |
clearCRLCache()
Clears CRL cache
|
void |
clearDeltaCRLCache()
Clears delta-CRL cache
|
void |
enableCRLIssuingPoint(boolean enable)
Enables or disables CRL issuing point according to parameter.
|
boolean |
getAlwaysUpdate()
Returns true if CRL is updated for every change
of revocation status of any certificate.
|
long |
getAutoUpdateInterval()
Returns auto update interval in milliseconds.
|
ISubsystem |
getCertificateAuthority()
Returns certificate authority.
|
ICMSCRLExtensions |
getCRLExtensions()
Returns list of CRL extensions.
|
java.math.BigInteger |
getCRLNumber()
Returns current CRL number of this CRL issuing point.
|
java.lang.String |
getCrlPublishErrorStr()
Returns CRL publishing error.
|
java.lang.String |
getCrlPublishStatusStr()
Returns CRL publishing status.
|
int |
getCRLSchema()
Returns current CRL generation schema for this CRL issuing point.
|
long |
getCRLSize()
Returns number of entries in the current CRL.
|
java.lang.String |
getCrlUpdateErrorStr()
Returns CRL update error.
|
java.lang.String |
getCrlUpdateStatusStr()
Returns CRL update status.
|
java.math.BigInteger |
getDeltaCRLNumber()
Returns current delta CRL number of this CRL issuing point.
|
long |
getDeltaCRLSize()
Returns number of entries in delta CRL
|
java.lang.String |
getDescription()
Returns internal description of this CRL issuing point.
|
java.lang.String |
getFilter()
Returns filter used to build CRL based on information stored
in local directory.
|
java.lang.String |
getId()
Returns internal id of this CRL issuing point.
|
java.lang.String |
getLastSigningAlgorithm()
Returns signing algorithm used in last signing operation..
|
java.util.Date |
getLastUpdate()
Returns time of the last update.
|
java.math.BigInteger |
getNextCRLNumber()
Returns next CRL number of this CRL issuing point.
|
java.util.Date |
getNextDeltaUpdate()
Returns time of the next delta CRL update.
|
java.util.Date |
getNextUpdate()
Returns time of the next update.
|
long |
getNextUpdateGracePeriod()
Returns next update grace period in minutes.
|
int |
getNumberOfRecentlyExpiredCerts()
Returns number of recently expired and revoked certificates.
|
int |
getNumberOfRecentlyRevokedCerts()
Returns number of recently revoked certificates.
|
int |
getNumberOfRecentlyUnrevokedCerts()
Returns number of recently unrevoked certificates.
|
java.lang.String |
getPublishDN()
Returns DN of the directory entry where CRLs from this issuing point
are published.
|
netscape.security.x509.CRLExtensions |
getRequiredEntryExtensions(netscape.security.x509.CRLExtensions exts)
Converts list of extensions supplied by revocation request
to list of extensions required to be placed in CRL.
|
java.util.Date |
getRevocationDateFromCache(java.math.BigInteger serialNumber,
boolean checkDeltaCache,
boolean includeExpiredCerts)
Returns date of revoked certificate or null
if certificated is not listed as revoked.
|
java.util.Set |
getRevokedCertificates(int start,
int end)
Returns all the revoked certificates from the CRL cache.
|
java.lang.String |
getSigningAlgorithm()
Returns signing algorithm.
|
java.util.Vector |
getSplitTimes()
Returns split times from CRL generation.
|
void |
init(ISubsystem ca,
java.lang.String id,
IConfigStore config)
Initializes CRL issuing point.
|
boolean |
isCACertsOnly()
Checks if CRL includes CA certificates only.
|
boolean |
isCRLCacheEmpty()
Returns true if CRL cache is empty.
|
boolean |
isCRLCacheEnabled()
Returns true if CRL cache is enabled.
|
boolean |
isCRLCacheTestingEnabled()
Returns true if CRL cache testing is enabled.
|
boolean |
isCRLGenerationEnabled()
Returns true if CRL generation is enabled.
|
boolean |
isCRLIssuingPointEnabled()
Returns true if CRL issuing point is enabled.
|
int |
isCRLIssuingPointInitialized()
Returns CRL issuing point initialization status.
|
int |
isCRLUpdateInProgress()
Returns status of CRL generation.
|
boolean |
isDeltaCRLEnabled()
Returns true if delta-CRL is enabled.
|
boolean |
isManualUpdateSet()
Checks if manual update is set.
|
boolean |
isProfileCertsOnly()
Checks if CRL includes profile certificates only.
|
boolean |
isThisCurrentDeltaCRL(netscape.security.x509.X509CRLImpl deltaCRL)
Returns true if supplied delta-CRL is matching current delta-CRL.
|
void |
processRevokedCerts(IElementProcessor cp)
Builds a list of revoked certificates to put them into CRL.
|
void |
setDescription(java.lang.String description)
Sets internal description of this CRL issuing point.
|
void |
setManualUpdate(java.lang.String signatureAlgorithm)
Schedules immediate CRL manual-update
and sets signature algorithm to be used for signing.
|
void |
shutdown()
This method is called during shutdown.
|
boolean |
updateConfig(NameValuePairs params)
Updates issuing point configuration according to supplied data
in name value pairs.
|
void |
updateCRLCacheRepository()
Updates CRL cache into local directory.
|
void |
updateCRLNow()
Generates CRL now based on cache or local directory if cache
is not available.
|
void |
updateCRLNow(java.lang.String signingAlgorithm)
Generates CRL now based on cache or local directory if cache
is not available.
|
static final java.lang.String PROP_PUBLISH_DN
static final java.lang.String PROP_PUBLISH_ON_START
static final java.lang.String PROP_MIN_UPDATE_INTERVAL
static final java.lang.String PROP_BEGIN_SERIAL
static final java.lang.String PROP_END_SERIAL
static final java.lang.String SC_ISSUING_POINT_ID
static final java.lang.String SC_IS_DELTA_CRL
static final java.lang.String SC_CRL_COUNT
static final int CRL_UPDATE_DONE
static final int CRL_UPDATE_STARTED
static final int CRL_PUBLISHING_STARTED
static final int CRL_IP_NOT_INITIALIZED
static final int CRL_IP_INITIALIZED
static final int CRL_IP_INITIALIZATION_FAILED
boolean isCRLIssuingPointEnabled()
boolean isCRLGenerationEnabled()
void enableCRLIssuingPoint(boolean enable)
enable
- if true enables CRL issuing pointjava.lang.String getCrlUpdateStatusStr()
java.lang.String getCrlUpdateErrorStr()
java.lang.String getCrlPublishStatusStr()
java.lang.String getCrlPublishErrorStr()
int isCRLIssuingPointInitialized()
boolean isManualUpdateSet()
boolean areExpiredCertsIncluded()
boolean isCACertsOnly()
boolean isProfileCertsOnly()
boolean checkCurrentProfile(java.lang.String id)
void init(ISubsystem ca, java.lang.String id, IConfigStore config) throws EBaseException
ca
- certificate authority that holds CRL issuing pointid
- CRL issuing point idconfig
- configuration sub-store for CRL issuing pointEBaseException
- thrown if initialization failedvoid shutdown()
java.lang.String getId()
java.lang.String getDescription()
void setDescription(java.lang.String description)
description
- description for this CRL issuing point.java.lang.String getPublishDN()
java.lang.String getSigningAlgorithm()
java.lang.String getLastSigningAlgorithm()
int getCRLSchema()
java.math.BigInteger getCRLNumber()
java.math.BigInteger getDeltaCRLNumber()
java.math.BigInteger getNextCRLNumber()
long getCRLSize()
long getDeltaCRLSize()
java.util.Date getLastUpdate()
java.util.Date getNextUpdate()
java.util.Date getNextDeltaUpdate()
java.util.Set getRevokedCertificates(int start, int end)
start
- first requested CRL entryend
- next after last requested CRL entryISubsystem getCertificateAuthority()
void setManualUpdate(java.lang.String signatureAlgorithm)
signatureAlgorithm
- signature algorithm to be used for signinglong getAutoUpdateInterval()
boolean getAlwaysUpdate()
long getNextUpdateGracePeriod()
java.lang.String getFilter()
void processRevokedCerts(IElementProcessor cp) throws EBaseException
cp
- certificate record processorEBaseException
- if an error occurred in the database.java.util.Date getRevocationDateFromCache(java.math.BigInteger serialNumber, boolean checkDeltaCache, boolean includeExpiredCerts)
serialNumber
- serial number of certificate to be checkedcheckDeltaCache
- true if delta CRL cache suppose to be
included in checking processincludeExpiredCerts
- true if delta CRL cache with expired
certificates suppose to be included in checking processjava.util.Vector getSplitTimes()
void updateCRLNow(java.lang.String signingAlgorithm) throws EBaseException
signingAlgorithm
- signing algorithm to be used for CRL signingEBaseException
- if an error occurred during
CRL generation or publishingvoid clearCRLCache()
void clearDeltaCRLCache()
int getNumberOfRecentlyRevokedCerts()
int getNumberOfRecentlyUnrevokedCerts()
int getNumberOfRecentlyExpiredCerts()
netscape.security.x509.CRLExtensions getRequiredEntryExtensions(netscape.security.x509.CRLExtensions exts)
exts
- list of extensions supplied by revocation requestvoid addRevokedCert(java.math.BigInteger serialNumber, netscape.security.x509.RevokedCertImpl revokedCert)
serialNumber
- serial number of revoked certificaterevokedCert
- revocation information supplied by revocation requestvoid addRevokedCert(java.math.BigInteger serialNumber, netscape.security.x509.RevokedCertImpl revokedCert, java.lang.String requestId)
serialNumber
- serial number of revoked certificaterevokedCert
- revocation information supplied by revocation requestrequestId
- revocation request idvoid addUnrevokedCert(java.math.BigInteger serialNumber)
serialNumber
- serial number of unrevoked certificatevoid addUnrevokedCert(java.math.BigInteger serialNumber, java.lang.String requestId)
serialNumber
- serial number of unrevoked certificaterequestId
- unrevocation request idvoid addExpiredCert(java.math.BigInteger serialNumber)
serialNumber
- serial number of expired and revoked certificatevoid updateCRLCacheRepository()
boolean updateConfig(NameValuePairs params)
params
- name value pairs defining new issuing point configurationboolean isDeltaCRLEnabled()
boolean isCRLCacheEnabled()
boolean isCRLCacheEmpty()
boolean isCRLCacheTestingEnabled()
boolean isThisCurrentDeltaCRL(netscape.security.x509.X509CRLImpl deltaCRL)
deltaCRL
- delta-CRL to verify against current delta-CRLint isCRLUpdateInProgress()
void updateCRLNow() throws EBaseException
EBaseException
- if an error occurred during
CRL generation or publishingICMSCRLExtensions getCRLExtensions()