public interface ICertificateAuthority extends ISubsystem
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
ID |
static java.lang.String |
PROP_CA_CERT |
static java.lang.String |
PROP_CA_CHAIN |
static java.lang.String |
PROP_CA_CHAIN_NUM |
static java.lang.String |
PROP_CA_NAMES |
static java.lang.String |
PROP_CERT_ISSUED_SUBSTORE |
static java.lang.String |
PROP_CERT_REVOKED_SUBSTORE |
static java.lang.String |
PROP_CERTDB_INC |
static java.lang.String |
PROP_CERTDB_TRANS_MAXRECORDS |
static java.lang.String |
PROP_CERTDB_TRANS_PAGESIZE |
static java.lang.String |
PROP_CLASS |
static java.lang.String |
PROP_CRL_PAGE_SIZE |
static java.lang.String |
PROP_CRL_SIGNING_SUBSTORE |
static java.lang.String |
PROP_CRL_SUBSTORE |
static java.lang.String |
PROP_CRLDB_INC |
static java.lang.String |
PROP_CRLEXT_SUBSTORE |
static java.lang.String |
PROP_DBS_SUBSTORE |
static java.lang.String |
PROP_DEF_VALIDITY |
static java.lang.String |
PROP_ENABLE_ADMIN_ENROLL |
static java.lang.String |
PROP_ENABLE_LDAP_PUBLISH |
static java.lang.String |
PROP_ENABLE_OCSP |
static java.lang.String |
PROP_ENABLE_PAST_CATIME |
static java.lang.String |
PROP_ENABLE_PUBLISH |
static java.lang.String |
PROP_EXPIREDCERTS_CLASS |
static java.lang.String |
PROP_FAST_SIGNING |
static java.lang.String |
PROP_GATEWAY |
static java.lang.String |
PROP_ID |
static java.lang.String |
PROP_IMPL |
static java.lang.String |
PROP_INSTANCE |
static java.lang.String |
PROP_ISSUER_NAME |
static java.lang.String |
PROP_ISSUING_CLASS |
static java.lang.String |
PROP_LDAP_PUBLISH_SUBSTORE |
static java.lang.String |
PROP_LISTENER_SUBSTORE |
static java.lang.String |
PROP_MASTER_CRL |
static java.lang.String |
PROP_NOTIFY_SUBSTORE |
static java.lang.String |
PROP_OCSP_SIGNING_SUBSTORE |
static java.lang.String |
PROP_PLUGIN |
static java.lang.String |
PROP_POLICY |
static java.lang.String |
PROP_PUB_QUEUE_SUBSTORE |
static java.lang.String |
PROP_PUBLISH_SUBSTORE |
static java.lang.String |
PROP_REGISTRATION |
static java.lang.String |
PROP_REQ_IN_Q_SUBSTORE |
static java.lang.String |
PROP_SIGNING_SUBSTORE |
static java.lang.String |
PROP_TYPE |
static java.lang.String |
PROP_X509CERT_VERSION |
Modifier and Type | Method and Description |
---|---|
boolean |
addCRLIssuingPoint(IConfigStore crlSubStore,
java.lang.String id,
boolean enable,
java.lang.String description)
Adds CRL issuing point with the given identifier and description.
|
void |
deleteCRLIssuingPoint(IConfigStore crlSubStore,
java.lang.String id)
Deletes CRL issuing point with the given identifier.
|
netscape.security.x509.X509CertImpl |
getCACert()
Retrieves the CA certificate.
|
netscape.security.x509.CertificateChain |
getCACertChain()
Retrieves the CA certificate chain.
|
IService |
getCAService()
Retrieves the CA service object that is responsible for
processing requests.
|
java.lang.String[] |
getCASigningAlgorithms()
Retrieves the supported signing algorithms of this certificate authority.
|
org.mozilla.jss.crypto.X509Certificate |
getCaX509Cert()
Retrieves the CA certificate.
|
ICertificateRepository |
getCertificateRepository()
Retrieves the certificate repository where all the locally
issued certificates are kept.
|
IRequestListener |
getCertIssuedListener()
Retrieves the request listener for issued certificates.
|
IRequestListener |
getCertRevokedListener()
Retrieves the request listener for revoked certificates.
|
ICRLIssuingPoint |
getCRLIssuingPoint(java.lang.String id)
Retrieves CRL issuing point with the given identifier.
|
java.util.Enumeration |
getCRLIssuingPoints()
Retrieves all the CRL issuing points.
|
ICRLRepository |
getCRLRepository()
Retrieves the CRL repository.
|
ISigningUnit |
getCRLSigningUnit()
Retrieves the signing unit that manages the CA signing key for
signing CRL.
|
netscape.security.x509.X500Name |
getCRLX500Name()
Retrieves the issuer name of this certificate authority issuing point.
|
IDBSubsystem |
getDBSubsystem()
Retrieves the DB subsystem managing internal data storage.
|
java.lang.String |
getDefaultAlgorithm()
Retrieves the default signing algorithm of this certificate authority.
|
netscape.security.x509.CertificateVersion |
getDefaultCertVersion()
Retrieves the default certificate version.
|
org.mozilla.jss.crypto.SignatureAlgorithm |
getDefaultSignatureAlgorithm()
Retrieves the default signature algorithm of this certificate authority.
|
long |
getDefaultValidity()
Retrieves the default validity period.
|
java.lang.String |
getMaxSerial()
Retrieves the last serial number that can be used for
certificate issuance in this certificate authority.
|
java.lang.String |
getNickname()
Returns the nickname for the CA signing certificate.
|
Nonces |
getNonces() |
long |
getNumOCSPRequest()
Returns the in-memory count of the processed OCSP requests.
|
long |
getOCSPRequestTotalTime()
Returns the in-memory time (in mini-second) of
the processed time for OCSP requests.
|
ISigningUnit |
getOCSPSigningUnit()
Retrieves the signing unit that manages the CA signing key for
signing OCSP response.
|
long |
getOCSPTotalData()
Returns the total data signed
for OCSP requests.
|
long |
getOCSPTotalSignTime()
Returns the in-memory time (in mini-second) of
the signing time for OCSP requests.
|
IPolicyProcessor |
getPolicyProcessor()
Retrieves the policy processor of this certificate authority.
|
IPublisherProcessor |
getPublisherProcessor()
Retrieves the publishing processor of this certificate authority.
|
IReplicaIDRepository |
getReplicaRepository()
Retrieves the Replica ID repository.
|
IRequestListener |
getRequestInQListener()
Retrieves the request in queue listener.
|
IRequestListener |
getRequestListener(java.lang.String name)
Retrieves the request listener by name.
|
java.util.Enumeration |
getRequestListenerNames()
Retrieves all request listeners.
|
IRequestNotifier |
getRequestNotifier()
get request notifier
|
IRequestQueue |
getRequestQueue()
Retrieves the request queue of this certificate authority.
|
ISigningUnit |
getSigningUnit()
Retrieves the signing unit that manages the CA signing key for
signing certificates.
|
java.lang.String |
getStartSerial()
Retrieves the next available serial number.
|
netscape.security.x509.X500Name |
getX500Name()
Retrieves the issuer name of this certificate authority.
|
boolean |
isClone()
Is this a clone CA?
|
boolean |
isEnablePastCATime()
Is this CA allowed to issue certificate that has longer
validty than the CA's.
|
void |
log(int level,
java.lang.String msg)
Logs a message to this certificate authority.
|
boolean |
noncesEnabled() |
void |
publishCRLNow()
Publishes the CRL immediately for MasterCRL issuing point if it exists.
|
void |
registerRequestListener(IRequestListener listener)
Registers a request listener.
|
void |
registerRequestListener(java.lang.String name,
IRequestListener listener)
Registers a request listener.
|
void |
setBasicConstraintMaxLen(int num)
Sets the maximium path length in the basic constraint extension.
|
void |
setDefaultAlgorithm(java.lang.String algorithm)
Sets the default signing algorithm of this certificate authority.
|
void |
setMaxSerial(java.lang.String serial)
Sets the last serial number that can be used for
certificate issuance in this certificate authority.
|
void |
setStartSerial(java.lang.String serial)
Sets the next available serial number.
|
void |
setValidity(java.lang.String enableCAPast)
Allows certificates to have validities that are longer
than this certificate authority's.
|
netscape.security.x509.X509CertImpl |
sign(netscape.security.x509.X509CertInfo certInfo,
java.lang.String algname)
Signs a X.509 certificate template.
|
netscape.security.x509.X509CRLImpl |
sign(netscape.security.x509.X509CRLImpl crl,
java.lang.String algname)
Signs the given CRL with the specific algorithm.
|
void |
updateCRLNow()
Updates the CRL immediately for MasterCRL issuing point if it exists.
|
getConfigStore, getId, init, setId, shutdown, startup
static final java.lang.String ID
static final java.lang.String PROP_CERTDB_INC
static final java.lang.String PROP_CRLDB_INC
static final java.lang.String PROP_REGISTRATION
static final java.lang.String PROP_POLICY
static final java.lang.String PROP_GATEWAY
static final java.lang.String PROP_CLASS
static final java.lang.String PROP_TYPE
static final java.lang.String PROP_IMPL
static final java.lang.String PROP_PLUGIN
static final java.lang.String PROP_INSTANCE
static final java.lang.String PROP_LISTENER_SUBSTORE
static final java.lang.String PROP_LDAP_PUBLISH_SUBSTORE
static final java.lang.String PROP_PUBLISH_SUBSTORE
static final java.lang.String PROP_ENABLE_PUBLISH
static final java.lang.String PROP_ENABLE_LDAP_PUBLISH
static final java.lang.String PROP_X509CERT_VERSION
static final java.lang.String PROP_ENABLE_PAST_CATIME
static final java.lang.String PROP_DEF_VALIDITY
static final java.lang.String PROP_FAST_SIGNING
static final java.lang.String PROP_ENABLE_ADMIN_ENROLL
static final java.lang.String PROP_CRL_SUBSTORE
static final java.lang.String PROP_CRL_PAGE_SIZE
static final java.lang.String PROP_MASTER_CRL
static final java.lang.String PROP_CRLEXT_SUBSTORE
static final java.lang.String PROP_ISSUING_CLASS
static final java.lang.String PROP_EXPIREDCERTS_CLASS
static final java.lang.String PROP_NOTIFY_SUBSTORE
static final java.lang.String PROP_CERT_ISSUED_SUBSTORE
static final java.lang.String PROP_CERT_REVOKED_SUBSTORE
static final java.lang.String PROP_REQ_IN_Q_SUBSTORE
static final java.lang.String PROP_PUB_QUEUE_SUBSTORE
static final java.lang.String PROP_ISSUER_NAME
static final java.lang.String PROP_CA_NAMES
static final java.lang.String PROP_DBS_SUBSTORE
static final java.lang.String PROP_SIGNING_SUBSTORE
static final java.lang.String PROP_CA_CHAIN_NUM
static final java.lang.String PROP_CA_CHAIN
static final java.lang.String PROP_CA_CERT
static final java.lang.String PROP_ENABLE_OCSP
static final java.lang.String PROP_OCSP_SIGNING_SUBSTORE
static final java.lang.String PROP_CRL_SIGNING_SUBSTORE
static final java.lang.String PROP_ID
static final java.lang.String PROP_CERTDB_TRANS_MAXRECORDS
static final java.lang.String PROP_CERTDB_TRANS_PAGESIZE
ICertificateRepository getCertificateRepository()
IRequestQueue getRequestQueue()
IPolicyProcessor getPolicyProcessor()
boolean noncesEnabled()
Nonces getNonces()
IPublisherProcessor getPublisherProcessor()
java.lang.String getStartSerial()
void setStartSerial(java.lang.String serial) throws EBaseException
serial
- next available serial numberEBaseException
- failed to set next available serial numberjava.lang.String getMaxSerial()
void setMaxSerial(java.lang.String serial) throws EBaseException
serial
- the last serial numberEBaseException
- failed to set the last serial numberorg.mozilla.jss.crypto.SignatureAlgorithm getDefaultSignatureAlgorithm()
java.lang.String getDefaultAlgorithm()
void setDefaultAlgorithm(java.lang.String algorithm) throws EBaseException
algorithm
- new default signing algorithmEBaseException
- failed to set the default signing algorithmjava.lang.String[] getCASigningAlgorithms()
void setValidity(java.lang.String enableCAPast) throws EBaseException
enableCAPast
- if equals "true", it allows certificates
to have validity longer than CA's certificate validityEBaseException
- failed to set above optionlong getDefaultValidity()
java.util.Enumeration getCRLIssuingPoints()
ICRLIssuingPoint getCRLIssuingPoint(java.lang.String id)
id
- CRL issuing point idboolean addCRLIssuingPoint(IConfigStore crlSubStore, java.lang.String id, boolean enable, java.lang.String description)
crlSubStore
- sub-store with all CRL issuing pointsid
- CRL issuing point iddescription
- CRL issuing point descriptionvoid deleteCRLIssuingPoint(IConfigStore crlSubStore, java.lang.String id)
crlSubStore
- sub-store with all CRL issuing pointsid
- CRL issuing point idICRLRepository getCRLRepository()
IReplicaIDRepository getReplicaRepository()
IRequestListener getRequestInQListener()
java.util.Enumeration getRequestListenerNames()
IRequestListener getCertIssuedListener()
IRequestListener getCertRevokedListener()
netscape.security.x509.CertificateChain getCACertChain()
org.mozilla.jss.crypto.X509Certificate getCaX509Cert()
netscape.security.x509.X509CertImpl getCACert()
void updateCRLNow() throws EBaseException
EBaseException
- failed to create or publish CRLvoid publishCRLNow() throws EBaseException
EBaseException
- failed to publish CRLISigningUnit getSigningUnit()
ISigningUnit getCRLSigningUnit()
ISigningUnit getOCSPSigningUnit()
void setBasicConstraintMaxLen(int num)
num
- the maximium path lengthboolean isClone()
IRequestListener getRequestListener(java.lang.String name)
name
- request listener nameIRequestNotifier getRequestNotifier()
void registerRequestListener(IRequestListener listener)
listener
- request listener to be registeredvoid registerRequestListener(java.lang.String name, IRequestListener listener)
name
- under request listener is going to be registeredlistener
- request listener to be registerednetscape.security.x509.X500Name getX500Name()
netscape.security.x509.X500Name getCRLX500Name()
netscape.security.x509.X509CRLImpl sign(netscape.security.x509.X509CRLImpl crl, java.lang.String algname) throws EBaseException
crl
- CRL to be signedalgname
- algorithm used for signingEBaseException
- failed to sign CRLvoid log(int level, java.lang.String msg)
level
- logging levelmsg
- logged messagejava.lang.String getNickname()
netscape.security.x509.X509CertImpl sign(netscape.security.x509.X509CertInfo certInfo, java.lang.String algname) throws EBaseException
certInfo
- X.509 certificate templatealgname
- algorithm used for signingEBaseException
- failed to sign certificatenetscape.security.x509.CertificateVersion getDefaultCertVersion()
boolean isEnablePastCATime()
IService getCAService()
IDBSubsystem getDBSubsystem()
long getNumOCSPRequest()
long getOCSPRequestTotalTime()
long getOCSPTotalSignTime()
long getOCSPTotalData()