com.netscape.certsrv.ca

Interface ICertificateAuthority

All Superinterfaces:

ISubsystem

public interface ICertificateAuthority
extends ISubsystem

An interface represents a Certificate Authority that is responsible for certificate specific operations.

Version:

$Revision$, $Date$

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	ID
static java.lang.String	PROP_CA_CERT
static java.lang.String	PROP_CA_CHAIN
static java.lang.String	PROP_CA_CHAIN_NUM
static java.lang.String	PROP_CA_NAMES
static java.lang.String	PROP_CERT_ISSUED_SUBSTORE
static java.lang.String	PROP_CERT_REVOKED_SUBSTORE
static java.lang.String	PROP_CERTDB_INC
static java.lang.String	PROP_CERTDB_TRANS_MAXRECORDS
static java.lang.String	PROP_CERTDB_TRANS_PAGESIZE
static java.lang.String	PROP_CLASS
static java.lang.String	PROP_CRL_PAGE_SIZE
static java.lang.String	PROP_CRL_SIGNING_SUBSTORE
static java.lang.String	PROP_CRL_SUBSTORE
static java.lang.String	PROP_CRLDB_INC
static java.lang.String	PROP_CRLEXT_SUBSTORE
static java.lang.String	PROP_DBS_SUBSTORE
static java.lang.String	PROP_DEF_VALIDITY
static java.lang.String	PROP_ENABLE_ADMIN_ENROLL
static java.lang.String	PROP_ENABLE_LDAP_PUBLISH
static java.lang.String	PROP_ENABLE_OCSP
static java.lang.String	PROP_ENABLE_PAST_CATIME
static java.lang.String	PROP_ENABLE_PUBLISH
static java.lang.String	PROP_EXPIREDCERTS_CLASS
static java.lang.String	PROP_FAST_SIGNING
static java.lang.String	PROP_GATEWAY
static java.lang.String	PROP_ID
static java.lang.String	PROP_IMPL
static java.lang.String	PROP_INSTANCE
static java.lang.String	PROP_ISSUER_NAME
static java.lang.String	PROP_ISSUING_CLASS
static java.lang.String	PROP_LDAP_PUBLISH_SUBSTORE
static java.lang.String	PROP_LISTENER_SUBSTORE
static java.lang.String	PROP_MASTER_CRL
static java.lang.String	PROP_NOTIFY_SUBSTORE
static java.lang.String	PROP_OCSP_SIGNING_SUBSTORE
static java.lang.String	PROP_PLUGIN
static java.lang.String	PROP_POLICY
static java.lang.String	PROP_PUB_QUEUE_SUBSTORE
static java.lang.String	PROP_PUBLISH_SUBSTORE
static java.lang.String	PROP_REGISTRATION
static java.lang.String	PROP_REQ_IN_Q_SUBSTORE
static java.lang.String	PROP_SIGNING_SUBSTORE
static java.lang.String	PROP_TYPE
static java.lang.String	PROP_X509CERT_VERSION

Method Summary

Methods

Modifier and Type	Method and Description
boolean	addCRLIssuingPoint(IConfigStore crlSubStore, java.lang.String id, boolean enable, java.lang.String description) Adds CRL issuing point with the given identifier and description.
void	deleteCRLIssuingPoint(IConfigStore crlSubStore, java.lang.String id) Deletes CRL issuing point with the given identifier.
netscape.security.x509.X509CertImpl	getCACert() Retrieves the CA certificate.
netscape.security.x509.CertificateChain	getCACertChain() Retrieves the CA certificate chain.
IService	getCAService() Retrieves the CA service object that is responsible for processing requests.
java.lang.String[]	getCASigningAlgorithms() Retrieves the supported signing algorithms of this certificate authority.
org.mozilla.jss.crypto.X509Certificate	getCaX509Cert() Retrieves the CA certificate.
ICertificateRepository	getCertificateRepository() Retrieves the certificate repository where all the locally issued certificates are kept.
IRequestListener	getCertIssuedListener() Retrieves the request listener for issued certificates.
IRequestListener	getCertRevokedListener() Retrieves the request listener for revoked certificates.
ICRLIssuingPoint	getCRLIssuingPoint(java.lang.String id) Retrieves CRL issuing point with the given identifier.
java.util.Enumeration	getCRLIssuingPoints() Retrieves all the CRL issuing points.
ICRLRepository	getCRLRepository() Retrieves the CRL repository.
ISigningUnit	getCRLSigningUnit() Retrieves the signing unit that manages the CA signing key for signing CRL.
netscape.security.x509.X500Name	getCRLX500Name() Retrieves the issuer name of this certificate authority issuing point.
IDBSubsystem	getDBSubsystem() Retrieves the DB subsystem managing internal data storage.
java.lang.String	getDefaultAlgorithm() Retrieves the default signing algorithm of this certificate authority.
netscape.security.x509.CertificateVersion	getDefaultCertVersion() Retrieves the default certificate version.
org.mozilla.jss.crypto.SignatureAlgorithm	getDefaultSignatureAlgorithm() Retrieves the default signature algorithm of this certificate authority.
long	getDefaultValidity() Retrieves the default validity period.
java.lang.String	getMaxSerial() Retrieves the last serial number that can be used for certificate issuance in this certificate authority.
java.lang.String	getNickname() Returns the nickname for the CA signing certificate.
Nonces	getNonces()
long	getNumOCSPRequest() Returns the in-memory count of the processed OCSP requests.
long	getOCSPRequestTotalTime() Returns the in-memory time (in mini-second) of the processed time for OCSP requests.
ISigningUnit	getOCSPSigningUnit() Retrieves the signing unit that manages the CA signing key for signing OCSP response.
long	getOCSPTotalData() Returns the total data signed for OCSP requests.
long	getOCSPTotalSignTime() Returns the in-memory time (in mini-second) of the signing time for OCSP requests.
IPolicyProcessor	getPolicyProcessor() Retrieves the policy processor of this certificate authority.
IPublisherProcessor	getPublisherProcessor() Retrieves the publishing processor of this certificate authority.
IReplicaIDRepository	getReplicaRepository() Retrieves the Replica ID repository.
IRequestListener	getRequestInQListener() Retrieves the request in queue listener.
IRequestListener	getRequestListener(java.lang.String name) Retrieves the request listener by name.
java.util.Enumeration	getRequestListenerNames() Retrieves all request listeners.
IRequestNotifier	getRequestNotifier() get request notifier
IRequestQueue	getRequestQueue() Retrieves the request queue of this certificate authority.
ISigningUnit	getSigningUnit() Retrieves the signing unit that manages the CA signing key for signing certificates.
java.lang.String	getStartSerial() Retrieves the next available serial number.
netscape.security.x509.X500Name	getX500Name() Retrieves the issuer name of this certificate authority.
boolean	isClone() Is this a clone CA?
boolean	isEnablePastCATime() Is this CA allowed to issue certificate that has longer validty than the CA's.
void	log(int level, java.lang.String msg) Logs a message to this certificate authority.
boolean	noncesEnabled()
void	publishCRLNow() Publishes the CRL immediately for MasterCRL issuing point if it exists.
void	registerRequestListener(IRequestListener listener) Registers a request listener.
void	registerRequestListener(java.lang.String name, IRequestListener listener) Registers a request listener.
void	setBasicConstraintMaxLen(int num) Sets the maximium path length in the basic constraint extension.
void	setDefaultAlgorithm(java.lang.String algorithm) Sets the default signing algorithm of this certificate authority.
void	setMaxSerial(java.lang.String serial) Sets the last serial number that can be used for certificate issuance in this certificate authority.
void	setStartSerial(java.lang.String serial) Sets the next available serial number.
void	setValidity(java.lang.String enableCAPast) Allows certificates to have validities that are longer than this certificate authority's.
netscape.security.x509.X509CertImpl	sign(netscape.security.x509.X509CertInfo certInfo, java.lang.String algname) Signs a X.509 certificate template.
netscape.security.x509.X509CRLImpl	sign(netscape.security.x509.X509CRLImpl crl, java.lang.String algname) Signs the given CRL with the specific algorithm.
void	updateCRLNow() Updates the CRL immediately for MasterCRL issuing point if it exists.

Methods inherited from interface com.netscape.certsrv.base.ISubsystem

getConfigStore, getId, init, setId, shutdown, startup

Field Detail

ID

static final java.lang.String ID

See Also:

Constant Field Values

PROP_CERTDB_INC

static final java.lang.String PROP_CERTDB_INC

See Also:

Constant Field Values

PROP_CRLDB_INC

static final java.lang.String PROP_CRLDB_INC

See Also:

Constant Field Values

PROP_REGISTRATION

static final java.lang.String PROP_REGISTRATION

See Also:

Constant Field Values

PROP_POLICY

static final java.lang.String PROP_POLICY

See Also:

Constant Field Values

PROP_GATEWAY

static final java.lang.String PROP_GATEWAY

See Also:

Constant Field Values

PROP_CLASS

static final java.lang.String PROP_CLASS

See Also:

Constant Field Values

PROP_TYPE

static final java.lang.String PROP_TYPE

See Also:

Constant Field Values

PROP_IMPL

static final java.lang.String PROP_IMPL

See Also:

Constant Field Values

PROP_PLUGIN

static final java.lang.String PROP_PLUGIN

See Also:

Constant Field Values

PROP_INSTANCE

static final java.lang.String PROP_INSTANCE

See Also:

Constant Field Values

PROP_LISTENER_SUBSTORE

static final java.lang.String PROP_LISTENER_SUBSTORE

See Also:

Constant Field Values

PROP_LDAP_PUBLISH_SUBSTORE

static final java.lang.String PROP_LDAP_PUBLISH_SUBSTORE

See Also:

Constant Field Values

PROP_PUBLISH_SUBSTORE

static final java.lang.String PROP_PUBLISH_SUBSTORE

See Also:

Constant Field Values

PROP_ENABLE_PUBLISH

static final java.lang.String PROP_ENABLE_PUBLISH

See Also:

Constant Field Values

PROP_ENABLE_LDAP_PUBLISH

static final java.lang.String PROP_ENABLE_LDAP_PUBLISH

See Also:

Constant Field Values

PROP_X509CERT_VERSION

static final java.lang.String PROP_X509CERT_VERSION

See Also:

Constant Field Values

PROP_ENABLE_PAST_CATIME

static final java.lang.String PROP_ENABLE_PAST_CATIME

See Also:

Constant Field Values

PROP_DEF_VALIDITY

static final java.lang.String PROP_DEF_VALIDITY

See Also:

Constant Field Values

PROP_FAST_SIGNING

static final java.lang.String PROP_FAST_SIGNING

See Also:

Constant Field Values

PROP_ENABLE_ADMIN_ENROLL

static final java.lang.String PROP_ENABLE_ADMIN_ENROLL

See Also:

Constant Field Values

PROP_CRL_SUBSTORE

static final java.lang.String PROP_CRL_SUBSTORE

See Also:

Constant Field Values

PROP_CRL_PAGE_SIZE

static final java.lang.String PROP_CRL_PAGE_SIZE

See Also:

Constant Field Values

PROP_MASTER_CRL

static final java.lang.String PROP_MASTER_CRL

See Also:

Constant Field Values

PROP_CRLEXT_SUBSTORE

static final java.lang.String PROP_CRLEXT_SUBSTORE

See Also:

Constant Field Values

PROP_ISSUING_CLASS

static final java.lang.String PROP_ISSUING_CLASS

See Also:

Constant Field Values

PROP_EXPIREDCERTS_CLASS

static final java.lang.String PROP_EXPIREDCERTS_CLASS

See Also:

Constant Field Values

PROP_NOTIFY_SUBSTORE

static final java.lang.String PROP_NOTIFY_SUBSTORE

See Also:

Constant Field Values

PROP_CERT_ISSUED_SUBSTORE

static final java.lang.String PROP_CERT_ISSUED_SUBSTORE

See Also:

Constant Field Values

PROP_CERT_REVOKED_SUBSTORE

static final java.lang.String PROP_CERT_REVOKED_SUBSTORE

See Also:

Constant Field Values

PROP_REQ_IN_Q_SUBSTORE

static final java.lang.String PROP_REQ_IN_Q_SUBSTORE

See Also:

Constant Field Values

PROP_PUB_QUEUE_SUBSTORE

static final java.lang.String PROP_PUB_QUEUE_SUBSTORE

See Also:

Constant Field Values

PROP_ISSUER_NAME

static final java.lang.String PROP_ISSUER_NAME

See Also:

Constant Field Values

PROP_CA_NAMES

static final java.lang.String PROP_CA_NAMES

See Also:

Constant Field Values

PROP_DBS_SUBSTORE

static final java.lang.String PROP_DBS_SUBSTORE

See Also:

Constant Field Values

PROP_SIGNING_SUBSTORE

static final java.lang.String PROP_SIGNING_SUBSTORE

See Also:

Constant Field Values

PROP_CA_CHAIN_NUM

static final java.lang.String PROP_CA_CHAIN_NUM

See Also:

Constant Field Values

PROP_CA_CHAIN

static final java.lang.String PROP_CA_CHAIN

See Also:

Constant Field Values

PROP_CA_CERT

static final java.lang.String PROP_CA_CERT

See Also:

Constant Field Values

PROP_ENABLE_OCSP

static final java.lang.String PROP_ENABLE_OCSP

See Also:

Constant Field Values

PROP_OCSP_SIGNING_SUBSTORE

static final java.lang.String PROP_OCSP_SIGNING_SUBSTORE

See Also:

Constant Field Values

PROP_CRL_SIGNING_SUBSTORE

static final java.lang.String PROP_CRL_SIGNING_SUBSTORE

See Also:

Constant Field Values

PROP_ID

static final java.lang.String PROP_ID

See Also:

Constant Field Values

PROP_CERTDB_TRANS_MAXRECORDS

static final java.lang.String PROP_CERTDB_TRANS_MAXRECORDS

See Also:

Constant Field Values

PROP_CERTDB_TRANS_PAGESIZE

static final java.lang.String PROP_CERTDB_TRANS_PAGESIZE

See Also:

Constant Field Values

Method Detail

getCertificateRepository

ICertificateRepository getCertificateRepository()

Retrieves the certificate repository where all the locally issued certificates are kept.

Returns:

CA's certificate repository

getRequestQueue

IRequestQueue getRequestQueue()

Retrieves the request queue of this certificate authority.

Returns:

CA's request queue

getPolicyProcessor

IPolicyProcessor getPolicyProcessor()

Retrieves the policy processor of this certificate authority.

Returns:

CA's policy processor

noncesEnabled

boolean noncesEnabled()

getNonces

Nonces getNonces()

getPublisherProcessor

IPublisherProcessor getPublisherProcessor()

Retrieves the publishing processor of this certificate authority.

Returns:

CA's publishing processor

getStartSerial

java.lang.String getStartSerial()

Retrieves the next available serial number.

Returns:

next available serial number

setStartSerial

void setStartSerial(java.lang.String serial)
                    throws EBaseException

Sets the next available serial number.

Parameters:

serial - next available serial number

Throws:

EBaseException - failed to set next available serial number

getMaxSerial

java.lang.String getMaxSerial()

Retrieves the last serial number that can be used for certificate issuance in this certificate authority.

Returns:

the last serial number

setMaxSerial

void setMaxSerial(java.lang.String serial)
                  throws EBaseException

Sets the last serial number that can be used for certificate issuance in this certificate authority.

Parameters:

serial - the last serial number

Throws:

EBaseException - failed to set the last serial number

getDefaultSignatureAlgorithm

org.mozilla.jss.crypto.SignatureAlgorithm getDefaultSignatureAlgorithm()

Retrieves the default signature algorithm of this certificate authority.

Returns:

the default signature algorithm of this CA

getDefaultAlgorithm

java.lang.String getDefaultAlgorithm()

Retrieves the default signing algorithm of this certificate authority.

Returns:

the default signing algorithm of this CA

setDefaultAlgorithm

void setDefaultAlgorithm(java.lang.String algorithm)
                         throws EBaseException

Sets the default signing algorithm of this certificate authority.

Parameters:

algorithm - new default signing algorithm

Throws:

EBaseException - failed to set the default signing algorithm

getCASigningAlgorithms

java.lang.String[] getCASigningAlgorithms()

Retrieves the supported signing algorithms of this certificate authority.

Returns:

the supported signing algorithms of this CA

setValidity

void setValidity(java.lang.String enableCAPast)
                 throws EBaseException

Allows certificates to have validities that are longer than this certificate authority's.

Parameters:

enableCAPast - if equals "true", it allows certificates to have validity longer than CA's certificate validity

Throws:

EBaseException - failed to set above option

getDefaultValidity

long getDefaultValidity()

Retrieves the default validity period.

Returns:

the default validity length in days

getCRLIssuingPoints

java.util.Enumeration getCRLIssuingPoints()

Retrieves all the CRL issuing points.

Returns:

enumeration of all the CRL issuing points

getCRLIssuingPoint

ICRLIssuingPoint getCRLIssuingPoint(java.lang.String id)

Retrieves CRL issuing point with the given identifier.

Parameters:

id - CRL issuing point id

Returns:

CRL issuing point with given id

addCRLIssuingPoint

boolean addCRLIssuingPoint(IConfigStore crlSubStore,
                         java.lang.String id,
                         boolean enable,
                         java.lang.String description)

Adds CRL issuing point with the given identifier and description.

Parameters:

crlSubStore - sub-store with all CRL issuing points

id - CRL issuing point id

description - CRL issuing point description

Returns:

true if CRL issuing point was successfully added

deleteCRLIssuingPoint

void deleteCRLIssuingPoint(IConfigStore crlSubStore,
                         java.lang.String id)

Deletes CRL issuing point with the given identifier.

Parameters:

crlSubStore - sub-store with all CRL issuing points

id - CRL issuing point id

getCRLRepository

ICRLRepository getCRLRepository()

Retrieves the CRL repository.

Returns:

CA's CRL repository

getReplicaRepository

IReplicaIDRepository getReplicaRepository()

Retrieves the Replica ID repository.

Returns:

CA's Replica ID repository

getRequestInQListener

IRequestListener getRequestInQListener()

Retrieves the request in queue listener.

Returns:

the request in queue listener

getRequestListenerNames

java.util.Enumeration getRequestListenerNames()

Retrieves all request listeners.

Returns:

name enumeration of all request listeners

getCertIssuedListener

IRequestListener getCertIssuedListener()

Retrieves the request listener for issued certificates.

Returns:

the request listener for issued certificates

getCertRevokedListener

IRequestListener getCertRevokedListener()

Retrieves the request listener for revoked certificates.

Returns:

the request listener for revoked certificates

getCACertChain

netscape.security.x509.CertificateChain getCACertChain()

Retrieves the CA certificate chain.

Returns:

the CA certificate chain

getCaX509Cert

org.mozilla.jss.crypto.X509Certificate getCaX509Cert()

Retrieves the CA certificate.

Returns:

the CA certificate

getCACert

netscape.security.x509.X509CertImpl getCACert()

Retrieves the CA certificate.

Returns:

the CA certificate

updateCRLNow

void updateCRLNow()
                  throws EBaseException

Updates the CRL immediately for MasterCRL issuing point if it exists.

Throws:

EBaseException - failed to create or publish CRL

publishCRLNow

void publishCRLNow()
                   throws EBaseException

Publishes the CRL immediately for MasterCRL issuing point if it exists.

Throws:

EBaseException - failed to publish CRL

getSigningUnit

ISigningUnit getSigningUnit()

Retrieves the signing unit that manages the CA signing key for signing certificates.

Returns:

the CA signing unit for certificates

getCRLSigningUnit

ISigningUnit getCRLSigningUnit()

Retrieves the signing unit that manages the CA signing key for signing CRL.

Returns:

the CA signing unit for CRLs

getOCSPSigningUnit

ISigningUnit getOCSPSigningUnit()

Retrieves the signing unit that manages the CA signing key for signing OCSP response.

Returns:

the CA signing unit for OCSP responses

setBasicConstraintMaxLen

void setBasicConstraintMaxLen(int num)

Sets the maximium path length in the basic constraint extension.

Parameters:

num - the maximium path length

isClone

boolean isClone()

Is this a clone CA?

Returns:

true if this is a clone CA

getRequestListener

IRequestListener getRequestListener(java.lang.String name)

Retrieves the request listener by name.

Parameters:

name - request listener name

Returns:

the request listener

getRequestNotifier

IRequestNotifier getRequestNotifier()

get request notifier

registerRequestListener

void registerRequestListener(IRequestListener listener)

Registers a request listener.

Parameters:

listener - request listener to be registered

registerRequestListener

void registerRequestListener(java.lang.String name,
                           IRequestListener listener)

Registers a request listener.

Parameters:

name - under request listener is going to be registered

listener - request listener to be registered

getX500Name

netscape.security.x509.X500Name getX500Name()

Retrieves the issuer name of this certificate authority.

Returns:

the issuer name of this certificate authority

getCRLX500Name

netscape.security.x509.X500Name getCRLX500Name()

Retrieves the issuer name of this certificate authority issuing point.

Returns:

the issuer name of this certificate authority issuing point

sign

netscape.security.x509.X509CRLImpl sign(netscape.security.x509.X509CRLImpl crl,
                                      java.lang.String algname)
                                        throws EBaseException

Signs the given CRL with the specific algorithm.

Parameters:

crl - CRL to be signed

algname - algorithm used for signing

Returns:

signed CRL

Throws:

EBaseException - failed to sign CRL

log

void log(int level,
       java.lang.String msg)

Logs a message to this certificate authority.

Parameters:

level - logging level

msg - logged message

getNickname

java.lang.String getNickname()

Returns the nickname for the CA signing certificate.

Returns:

the nickname for the CA signing certificate

sign

netscape.security.x509.X509CertImpl sign(netscape.security.x509.X509CertInfo certInfo,
                                       java.lang.String algname)
                                         throws EBaseException

Signs a X.509 certificate template.

Parameters:

certInfo - X.509 certificate template

algname - algorithm used for signing

Returns:

signed certificate

Throws:

EBaseException - failed to sign certificate

getDefaultCertVersion

netscape.security.x509.CertificateVersion getDefaultCertVersion()

Retrieves the default certificate version.

Returns:

the default version certificate

isEnablePastCATime

boolean isEnablePastCATime()

Is this CA allowed to issue certificate that has longer validty than the CA's.

Returns:

true if allows certificates to have validity longer than CA's

getCAService

IService getCAService()

Retrieves the CA service object that is responsible for processing requests.

Returns:

CA service object

getDBSubsystem

IDBSubsystem getDBSubsystem()

Retrieves the DB subsystem managing internal data storage.

Returns:

DB subsystem object

getNumOCSPRequest

long getNumOCSPRequest()

Returns the in-memory count of the processed OCSP requests.

Returns:

number of processed OCSP requests in memory

getOCSPRequestTotalTime

long getOCSPRequestTotalTime()

Returns the in-memory time (in mini-second) of the processed time for OCSP requests.

Returns:

processed times for OCSP requests

getOCSPTotalSignTime

long getOCSPTotalSignTime()

Returns the in-memory time (in mini-second) of the signing time for OCSP requests.

Returns:

processed times for OCSP requests

getOCSPTotalData

long getOCSPTotalData()

Returns the total data signed for OCSP requests.

Returns:

processed times for OCSP requests