Package org.dogtagpki.server.ca

Interface ICRLIssuingPoint

  • public interface ICRLIssuingPoint
    This class encapsulates CRL issuing mechanism. CertificateAuthority contains a map of CRLIssuingPoint indexed by string ids. Each issuing point contains information about CRL issuing and publishing parameters as well as state information which includes last issued CRL, next CRL serial number, time of the next update etc. If autoUpdateInterval is set to non-zero value then worker thread is created that will perform CRL update at scheduled intervals. Update can also be triggered by invoking updateCRL method directly. Another parameter minUpdateInterval can be used to prevent CRL from being updated too often
    Version:
    $Revision$, $Date$

    • Method Detail

      • isCRLIssuingPointEnabled

        boolean isCRLIssuingPointEnabled()
        Returns true if CRL issuing point is enabled.
        Returns:
        true if CRL issuing point is enabled

      • isCRLGenerationEnabled

        boolean isCRLGenerationEnabled()
        Returns true if CRL generation is enabled.
        Returns:
        true if CRL generation is enabled

      • enableCRLIssuingPoint

        void enableCRLIssuingPoint​(boolean enable)
        Enables or disables CRL issuing point according to parameter.
        Parameters:
        enable - if true enables CRL issuing point

      • getCrlUpdateStatusStr

        java.lang.String getCrlUpdateStatusStr()
        Returns CRL update status.
        Returns:
        CRL update status

      • getCrlUpdateErrorStr

        java.lang.String getCrlUpdateErrorStr()
        Returns CRL update error.
        Returns:
        CRL update error

      • getCrlPublishStatusStr

        java.lang.String getCrlPublishStatusStr()
        Returns CRL publishing status.
        Returns:
        CRL publishing status

      • getCrlPublishErrorStr

        java.lang.String getCrlPublishErrorStr()
        Returns CRL publishing error.
        Returns:
        CRL publishing error

      • isCRLIssuingPointInitialized

        boolean isCRLIssuingPointInitialized()
        Returns CRL issuing point initialization status.
        Returns:
        true if CRL issuing point hsa been successfully initialized, otherwise false.

      • isManualUpdateSet

        boolean isManualUpdateSet()
        Checks if manual update is set.
        Returns:
        true if manual update is set

      • areExpiredCertsIncluded

        boolean areExpiredCertsIncluded()
        Checks if expired certificates are included in CRL.
        Returns:
        true if expired certificates are included in CRL

      • isCACertsOnly

        boolean isCACertsOnly()
        Checks if CRL includes CA certificates only.
        Returns:
        true if CRL includes CA certificates only

      • isProfileCertsOnly

        boolean isProfileCertsOnly()
        Checks if CRL includes profile certificates only.
        Returns:
        true if CRL includes profile certificates only

      • checkCurrentProfile

        boolean checkCurrentProfile​(java.lang.String id)
        Checks if CRL issuing point includes this profile.
        Returns:
        true if CRL issuing point includes this profile

      • init

        void init​(ISubsystem ca,
          java.lang.String id,
          IConfigStore config)
   throws EBaseException
        Initializes CRL issuing point.
        Parameters:
        ca - certificate authority that holds CRL issuing point
        id - CRL issuing point id
        config - configuration sub-store for CRL issuing point
        Throws:
        EBaseException - thrown if initialization failed

      • shutdown

        void shutdown()
        This method is called during shutdown. It updates CRL cache and stops thread controlling CRL updates.

      • getId

        java.lang.String getId()
        Returns internal id of this CRL issuing point.
        Returns:
        internal id of this CRL issuing point

      • getDescription

        java.lang.String getDescription()
        Returns internal description of this CRL issuing point.
        Returns:
        internal description of this CRL issuing point

      • setDescription

        void setDescription​(java.lang.String description)
        Sets internal description of this CRL issuing point.
        Parameters:
        description - description for this CRL issuing point.

      • getPublishDN

        java.lang.String getPublishDN()
        Returns DN of the directory entry where CRLs from this issuing point are published.
        Returns:
        DN of the directory entry where CRLs are published.

      • getSigningAlgorithm

        java.lang.String getSigningAlgorithm()
        Returns signing algorithm.
        Returns:
        signing algorithm

      • getLastSigningAlgorithm

        java.lang.String getLastSigningAlgorithm()
        Returns signing algorithm used in last signing operation..
        Returns:
        last signing algorithm

      • getCRLSchema

        int getCRLSchema()
        Returns current CRL generation schema for this CRL issuing point.

        Returns:
        current CRL generation schema for this CRL issuing point

      • getCRLNumber

        java.math.BigInteger getCRLNumber()
        Returns current CRL number of this CRL issuing point.
        Returns:
        current CRL number of this CRL issuing point

      • getDeltaCRLNumber

        java.math.BigInteger getDeltaCRLNumber()
        Returns current delta CRL number of this CRL issuing point.

        Returns:
        current delta CRL number of this CRL issuing point

      • getNextCRLNumber

        java.math.BigInteger getNextCRLNumber()
        Returns next CRL number of this CRL issuing point.
        Returns:
        next CRL number of this CRL issuing point

      • getCRLSize

        long getCRLSize()
        Returns number of entries in the current CRL.
        Returns:
        number of entries in the current CRL

      • getDeltaCRLSize

        long getDeltaCRLSize()
        Returns number of entries in delta CRL
        Returns:
        number of entries in delta CRL

      • getLastUpdate

        java.util.Date getLastUpdate()
        Returns time of the last update.
        Returns:
        last CRL update time

      • getNextUpdate

        java.util.Date getNextUpdate()
        Returns time of the next update.
        Returns:
        next CRL update time

      • getNextDeltaUpdate

        java.util.Date getNextDeltaUpdate()
        Returns time of the next delta CRL update.
        Returns:
        next delta CRL update time

      • getRevokedCertificates

        java.util.Set<org.mozilla.jss.netscape.security.x509.RevokedCertificate> getRevokedCertificates​(int start,
                                                                                                int end)
        Returns all the revoked certificates from the CRL cache.
        Parameters:
        start - first requested CRL entry
        end - next after last requested CRL entry
        Returns:
        set of all the revoked certificates or null if there are none.

      • getCertificateAuthority

        ISubsystem getCertificateAuthority()
        Returns certificate authority.
        Returns:
        certificate authority

      • setManualUpdate

        void setManualUpdate​(java.lang.String signatureAlgorithm)
        Schedules immediate CRL manual-update and sets signature algorithm to be used for signing.
        Parameters:
        signatureAlgorithm - signature algorithm to be used for signing

      • getAutoUpdateInterval

        long getAutoUpdateInterval()
        Returns auto update interval in milliseconds.
        Returns:
        auto update interval in milliseconds

      • getAlwaysUpdate

        boolean getAlwaysUpdate()
        Returns true if CRL is updated for every change of revocation status of any certificate.
        Returns:
        true if CRL update is always triggered by revocation operation

      • getNextUpdateGracePeriod

        long getNextUpdateGracePeriod()
        Returns next update grace period in minutes.
        Returns:
        next update grace period in minutes

      • getFilter

        java.lang.String getFilter()
        Returns filter used to build CRL based on information stored in local directory.
        Returns:
        filter used to search local directory

      • processRevokedCerts

        void processRevokedCerts​(IElementProcessor cp)
                  throws EBaseException
        Builds a list of revoked certificates to put them into CRL. Calls certificate record processor to get necessary data from certificate records. This also regenerates CRL cache.
        Parameters:
        cp - certificate record processor
        Throws:
        EBaseException - if an error occurred in the database.

      • getRevocationDateFromCache

        java.util.Date getRevocationDateFromCache​(java.math.BigInteger serialNumber,
                                          boolean checkDeltaCache,
                                          boolean includeExpiredCerts)
        Returns date of revoked certificate or null if certificated is not listed as revoked.
        Parameters:
        serialNumber - serial number of certificate to be checked
        checkDeltaCache - true if delta CRL cache suppose to be included in checking process
        includeExpiredCerts - true if delta CRL cache with expired certificates suppose to be included in checking process
        Returns:
        date of revoked certificate or null

      • getSplitTimes

        java.util.Vector<java.lang.Long> getSplitTimes()
        Returns split times from CRL generation.
        Returns:
        split times from CRL generation in milliseconds

      • updateCRLNow

        void updateCRLNow​(java.lang.String signingAlgorithm)
           throws EBaseException
        Generates CRL now based on cache or local directory if cache is not available. It also publishes CRL if it is required.
        Parameters:
        signingAlgorithm - signing algorithm to be used for CRL signing
        Throws:
        EBaseException - if an error occurred during CRL generation or publishing

      • clearCRLCache

        void clearCRLCache()
        Clears CRL cache

      • clearDeltaCRLCache

        void clearDeltaCRLCache()
        Clears delta-CRL cache

      • getNumberOfRecentlyRevokedCerts

        int getNumberOfRecentlyRevokedCerts()
        Returns number of recently revoked certificates.
        Returns:
        number of recently revoked certificates

      • getNumberOfRecentlyUnrevokedCerts

        int getNumberOfRecentlyUnrevokedCerts()
        Returns number of recently unrevoked certificates.
        Returns:
        number of recently unrevoked certificates

      • getNumberOfRecentlyExpiredCerts

        int getNumberOfRecentlyExpiredCerts()
        Returns number of recently expired and revoked certificates.
        Returns:
        number of recently expired and revoked certificates

      • getRequiredEntryExtensions

        org.mozilla.jss.netscape.security.x509.CRLExtensions getRequiredEntryExtensions​(org.mozilla.jss.netscape.security.x509.CRLExtensions exts)
        Converts list of extensions supplied by revocation request to list of extensions required to be placed in CRL.
        Parameters:
        exts - list of extensions supplied by revocation request
        Returns:
        list of extensions required to be placed in CRL

      • addRevokedCert

        void addRevokedCert​(java.math.BigInteger serialNumber,
                    org.mozilla.jss.netscape.security.x509.RevokedCertImpl revokedCert)
        Adds revoked certificate to delta-CRL cache.
        Parameters:
        serialNumber - serial number of revoked certificate
        revokedCert - revocation information supplied by revocation request

      • addRevokedCert

        void addRevokedCert​(java.math.BigInteger serialNumber,
                    org.mozilla.jss.netscape.security.x509.RevokedCertImpl revokedCert,
                    java.lang.String requestId)
        Adds revoked certificate to delta-CRL cache.
        Parameters:
        serialNumber - serial number of revoked certificate
        revokedCert - revocation information supplied by revocation request
        requestId - revocation request id

      • addUnrevokedCert

        void addUnrevokedCert​(java.math.BigInteger serialNumber)
        Adds unrevoked certificate to delta-CRL cache.
        Parameters:
        serialNumber - serial number of unrevoked certificate

      • addUnrevokedCert

        void addUnrevokedCert​(java.math.BigInteger serialNumber,
                      java.lang.String requestId)
        Adds unrevoked certificate to delta-CRL cache.
        Parameters:
        serialNumber - serial number of unrevoked certificate
        requestId - unrevocation request id

      • addExpiredCert

        void addExpiredCert​(java.math.BigInteger serialNumber)
        Adds expired and revoked certificate to delta-CRL cache.
        Parameters:
        serialNumber - serial number of expired and revoked certificate

      • updateCRLCacheRepository

        void updateCRLCacheRepository()
        Updates CRL cache into local directory.

      • updateConfig

        boolean updateConfig​(NameValuePairs params)
        Updates issuing point configuration according to supplied data in name value pairs.
        Parameters:
        params - name value pairs defining new issuing point configuration
        Returns:
        true if configuration is updated successfully

      • isDeltaCRLEnabled

        boolean isDeltaCRLEnabled()
        Returns true if delta-CRL is enabled.
        Returns:
        true if delta-CRL is enabled

      • isCRLCacheEnabled

        boolean isCRLCacheEnabled()
        Returns true if CRL cache is enabled.
        Returns:
        true if CRL cache is enabled

      • isCRLCacheEmpty

        boolean isCRLCacheEmpty()
        Returns true if CRL cache is empty.
        Returns:
        true if CRL cache is empty

      • isCRLCacheTestingEnabled

        boolean isCRLCacheTestingEnabled()
        Returns true if CRL cache testing is enabled.
        Returns:
        true if CRL cache testing is enabled

      • isThisCurrentDeltaCRL

        boolean isThisCurrentDeltaCRL​(org.mozilla.jss.netscape.security.x509.X509CRLImpl deltaCRL)
        Returns true if supplied delta-CRL is matching current delta-CRL.
        Parameters:
        deltaCRL - delta-CRL to verify against current delta-CRL
        Returns:
        true if supplied delta-CRL is matching current delta-CRL

      • isCRLUpdateInProgress

        int isCRLUpdateInProgress()
        Returns status of CRL generation.
        Returns:
        one of the following according to CRL generation status: CRL_UPDATE_DONE, CRL_UPDATE_STARTED, and CRL_PUBLISHING_STARTED

      • updateCRLNow

        void updateCRLNow()
           throws EBaseException
        Generates CRL now based on cache or local directory if cache is not available. It also publishes CRL if it is required. CRL is signed by default signing algorithm.
        Throws:
        EBaseException - if an error occurred during CRL generation or publishing

      • getCRLExtensions

        ICMSCRLExtensions getCRLExtensions()
        Returns list of CRL extensions.
        Returns:
        list of CRL extensions

      • setCustomFutureThisUpdateValue

        void setCustomFutureThisUpdateValue​(java.util.Date futureThisUpdate)
        Set Optional Future thsUpdateValue to go into the CRL

      • setCancelCurFutureThisUpdateValue

        void setCancelCurFutureThisUpdateValue​(boolean b)