Package com.netscape.certsrv.kra

Interface IKeyRecoveryAuthority

  • All Superinterfaces:
    ISubsystem
    public interface IKeyRecoveryAuthority
extends ISubsystem
    An interface represents key recovery authority. The key recovery authority is responsibile for archiving and recovering user encryption private keys.

    Version:
    $Revision$, $Date$

    • Method Detail

      • getX500Name

        org.mozilla.jss.netscape.security.x509.X500Name getX500Name()
        Returns the name of this subsystem.

        Returns:
        KRA name

      • getRequestQueue

        IRequestQueue getRequestQueue()
        Retrieves KRA request repository.

        Returns:
        request repository

      • getKeyRepository

        IKeyRepository getKeyRepository()
        Retrieves the key repository. The key repository stores archived keys.

      • getReplicaRepository

        IReplicaIDRepository getReplicaRepository()
        Retrieves the Replica ID repository.
        Returns:
        KRA's Replica ID repository

      • setAutoRecoveryState

        boolean setAutoRecoveryState​(Credential[] cs,
                             boolean on)
        Enables the auto recovery state. Once KRA is in the auto recovery state, no recovery agents need to be present for providing credentials. This feature is for enabling user-based recovery operation.

        Parameters:
        cs - list of agent credentials
        on - true if auto recovery state is on
        Returns:
        current auto recovery state

      • getAutoRecoveryState

        boolean getAutoRecoveryState()
        Returns the current auto recovery state.
        Returns:
        true if auto recvoery state is on

      • addAutoRecovery

        void addAutoRecovery​(java.lang.String id,
                     Credential[] creds)
        Adds credentials to the given authorizated recovery operation. In distributed recovery mode, recovery agent login to the agent interface and submit its credential for a particular recovery operation.
        Parameters:
        id - authorization identifier
        creds - list of credentials

      • removeAutoRecovery

        void removeAutoRecovery​(java.lang.String id)
        Removes a particular auto recovery operation.
        Parameters:
        id - authorization identifier

      • getNoOfRequiredAgents

        int getNoOfRequiredAgents()
                   throws EBaseException
        Returns the number of required agents. In M-out-of-N recovery schema, only M agents are required even there are N agents. This method returns M.
        Returns:
        number of required agents
        Throws:
        EBaseException

      • setNoOfRequiredAgents

        void setNoOfRequiredAgents​(int number)
                    throws EBaseException
        Sets the number of required recovery agents
        Parameters:
        number - number of agents
        Throws:
        EBaseException

      • getRecoveryID

        java.lang.String getRecoveryID()
        Returns the current recovery identifier.
        Returns:
        recovery identifier

      • getAutoRecoveryIDs

        java.util.Enumeration<java.lang.String> getAutoRecoveryIDs()
        Returns a list of recovery identifiers.
        Returns:
        list of auto recovery identifiers

      • getStorageKeyUnit

        IStorageKeyUnit getStorageKeyUnit()
        Returns the storage key unit that manages the stoarge key.
        Returns:
        storage key unit

      • getTransportKeyUnit

        ITransportKeyUnit getTransportKeyUnit()
        Returns the transport key unit that manages the transport key.
        Returns:
        transport key unit

      • getKeygenToken

        org.mozilla.jss.crypto.CryptoToken getKeygenToken()
        Returns the token that generates user key pairs for supporting server-side keygen
        Returns:
        keygen token

      • addEntropy

        void addEntropy​(boolean logflag)
        Adds entropy to the token used for supporting server-side keygen Parameters are set in the config file
        Parameters:
        logflag - create log messages at info level to report entropy shortage

      • getRequestInQListener

        IRequestListener getRequestInQListener()
        Returns the request listener that listens on the request completion event.
        Returns:
        request listener

      • getPolicyProcessor

        IPolicyProcessor getPolicyProcessor()
        Returns policy processor of the key recovery authority.
        Returns:
        policy processor

      • getNickname

        java.lang.String getNickname()
        Returns the nickname of the transport certificate.
        Returns:
        transport certificate nickname.

      • setNickname

        void setNickname​(java.lang.String str)
        Sets the nickname of the transport certificate.
        Parameters:
        str - nickname

      • getNewNickName

        java.lang.String getNewNickName()
                         throws EBaseException
        Returns the new nickname of the transport certifiate.
        Returns:
        new nickname
        Throws:
        EBaseException

      • setNewNickName

        void setNewNickName​(java.lang.String name)
        Sets the new nickname of the transport certifiate.
        Parameters:
        name - new nickname

      • log

        void log​(int level,
         java.lang.String msg)
        Logs event into key recovery authority logging.
        Parameters:
        level - log level
        msg - log message

      • createVolatileRequest

        java.util.Hashtable<java.lang.String,​java.lang.Object> createVolatileRequest​(RequestId id)
        Creates a request object to store attributes that will not be serialized. Currently, request queue framework will try to serialize all the attribute into persistent storage. Things like passwords are not desirable to be stored.
        Parameters:
        id - request id
        Returns:
        volatile requests

      • getVolatileRequest

        java.util.Hashtable<java.lang.String,​java.lang.Object> getVolatileRequest​(RequestId id)
        Retrieves the request object.
        Parameters:
        id - request id
        Returns:
        volatile requests

      • destroyVolatileRequest

        void destroyVolatileRequest​(RequestId id)
        Destroys the request object.
        Parameters:
        id - request id

      • createError

        void createError​(java.lang.String recoveryID,
                 java.lang.String error)
          throws EBaseException
        Creates error for a specific recovery operation.
        Parameters:
        recoveryID - recovery id
        error - error
        Throws:
        EBaseException - failed to create error

      • getError

        java.lang.String getError​(java.lang.String recoveryID)
                   throws EBaseException
        Retrieves error by recovery identifier.
        Parameters:
        recoveryID - recovery id
        Returns:
        error message
        Throws:
        EBaseException

      • getPk12

        byte[] getPk12​(java.lang.String recoveryID)
        throws EBaseException
        Retrieves PKCS12 package by recovery identifier.
        Parameters:
        recoveryID - recovery id
        Returns:
        pkcs12 package in bytes
        Throws:
        EBaseException

      • createPk12

        void createPk12​(java.lang.String recoveryID,
                byte[] pk12)
         throws EBaseException
        Creates PKCS12 package in memory.
        Parameters:
        recoveryID - recovery id
        pk12 - package in bytes
        Throws:
        EBaseException

      • getTransportCert

        org.mozilla.jss.crypto.X509Certificate getTransportCert()
        Retrieves the transport certificate.

      • isEphemeral

        boolean isEphemeral​(java.lang.String realm)
        Are ephemeral requests enabled for SECURITY_DATA recovery and archival
        Parameters:
        realm - authz realm

      • isRetrievalSynchronous

        boolean isRetrievalSynchronous​(java.lang.String realm)
        Is the SECURITY_DATA retrieval synchronous?
        Parameters:
        realm -

      • generateKeyPair

        java.security.KeyPair generateKeyPair​(java.lang.String alg,
                                      int keySize,
                                      java.lang.String keyCurve,
                                      org.mozilla.jss.crypto.PQGParams pqg,
                                      org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usageList)
                               throws EBaseException
        Generate an asymmetric key pair.
        Parameters:
        alg -
        keySize -
        keyCurve -
        pqg -
        usageList - - RSA only for now
        Returns:
        key pair
        Throws:
        EBaseException

      • generateKeyPair

        java.security.KeyPair generateKeyPair​(java.lang.String alg,
                                      int keySize,
                                      java.lang.String keyCurve,
                                      org.mozilla.jss.crypto.PQGParams pqg,
                                      org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usageList,
                                      boolean temporary)
                               throws EBaseException
        Throws:
        EBaseException