Package org.dogtagpki.server.ca

Interface ICertificateAuthority

  • All Superinterfaces:
    ISubsystem
    public interface ICertificateAuthority
extends ISubsystem
    An interface represents a Certificate Authority that is responsible for certificate specific operations.

    Version:
    $Revision$, $Date$

    • Method Detail

      • getCertificateRepository

        CertificateRepository getCertificateRepository()
        Retrieves the certificate repository where all the locally issued certificates are kept.
        Returns:
        CA's certificate repository

      • getRequestQueue

        IRequestQueue getRequestQueue()
        Retrieves the request queue of this certificate authority.
        Returns:
        CA's request queue

      • getPolicyProcessor

        IPolicyProcessor getPolicyProcessor()
        Retrieves the policy processor of this certificate authority.
        Returns:
        CA's policy processor

      • noncesEnabled

        boolean noncesEnabled()

      • getNonces

        java.util.Map<java.lang.Object,​java.lang.Long> getNonces​(javax.servlet.http.HttpServletRequest request,
                                                               java.lang.String name)

      • getPublisherProcessor

        PublisherProcessor getPublisherProcessor()
        Retrieves the publishing processor of this certificate authority.
        Returns:
        CA's publishing processor

      • getStartSerial

        java.lang.String getStartSerial()
        Retrieves the next available serial number.
        Returns:
        next available serial number

      • setStartSerial

        void setStartSerial​(java.lang.String serial)
             throws EBaseException
        Sets the next available serial number.
        Parameters:
        serial - next available serial number
        Throws:
        EBaseException - failed to set next available serial number

      • getMaxSerial

        java.lang.String getMaxSerial()
        Retrieves the last serial number that can be used for certificate issuance in this certificate authority.
        Returns:
        the last serial number

      • setMaxSerial

        void setMaxSerial​(java.lang.String serial)
           throws EBaseException
        Sets the last serial number that can be used for certificate issuance in this certificate authority.
        Parameters:
        serial - the last serial number
        Throws:
        EBaseException - failed to set the last serial number

      • getDefaultSignatureAlgorithm

        org.mozilla.jss.crypto.SignatureAlgorithm getDefaultSignatureAlgorithm()
        Retrieves the default signature algorithm of this certificate authority.
        Returns:
        the default signature algorithm of this CA

      • getDefaultAlgorithm

        java.lang.String getDefaultAlgorithm()
        Retrieves the default signing algorithm of this certificate authority.
        Returns:
        the default signing algorithm of this CA

      • setDefaultAlgorithm

        void setDefaultAlgorithm​(java.lang.String algorithm)
                  throws EBaseException
        Sets the default signing algorithm of this certificate authority.
        Parameters:
        algorithm - new default signing algorithm
        Throws:
        EBaseException - failed to set the default signing algorithm

      • getCASigningAlgorithms

        java.lang.String[] getCASigningAlgorithms()
        Retrieves the supported signing algorithms of this certificate authority.
        Returns:
        the supported signing algorithms of this CA

      • getDefaultValidity

        long getDefaultValidity()
        Retrieves the default validity period.
        Returns:
        the default validity length in days

      • addCRLIssuingPoint

        boolean addCRLIssuingPoint​(IConfigStore crlSubStore,
                           java.lang.String id,
                           boolean enable,
                           java.lang.String description)
        Adds CRL issuing point with the given identifier and description.
        Parameters:
        crlSubStore - sub-store with all CRL issuing points
        id - CRL issuing point id
        description - CRL issuing point description
        Returns:
        true if CRL issuing point was successfully added

      • deleteCRLIssuingPoint

        void deleteCRLIssuingPoint​(IConfigStore crlSubStore,
                           java.lang.String id)
        Deletes CRL issuing point with the given identifier.
        Parameters:
        crlSubStore - sub-store with all CRL issuing points
        id - CRL issuing point id

      • getReplicaRepository

        IReplicaIDRepository getReplicaRepository()
        Retrieves the Replica ID repository.
        Returns:
        CA's Replica ID repository

      • getRequestListenerNames

        java.util.Enumeration<java.lang.String> getRequestListenerNames()
        Retrieves all request listeners.
        Returns:
        name enumeration of all request listeners

      • getCACertChain

        org.mozilla.jss.netscape.security.x509.CertificateChain getCACertChain()
        Retrieves the CA certificate chain.
        Returns:
        the CA certificate chain

      • getCaX509Cert

        org.mozilla.jss.crypto.X509Certificate getCaX509Cert()
        Retrieves the CA certificate.
        Returns:
        the CA certificate

      • getCACert

        org.mozilla.jss.netscape.security.x509.X509CertImpl getCACert()
                                                       throws EBaseException
        Retrieves the CA certificate.
        Returns:
        the CA certificate
        Throws:
        EBaseException

      • updateCRLNow

        void updateCRLNow()
           throws EBaseException
        Updates the CRL immediately for MasterCRL issuing point if it exists.
        Throws:
        EBaseException - failed to create or publish CRL

      • publishCRLNow

        void publishCRLNow()
            throws EBaseException
        Publishes the CRL immediately for MasterCRL issuing point if it exists.
        Throws:
        EBaseException - failed to publish CRL

      • getSigningUnit

        ISigningUnit getSigningUnit()
        Retrieves the signing unit that manages the CA signing key for signing certificates.
        Returns:
        the CA signing unit for certificates

      • getCRLSigningUnit

        ISigningUnit getCRLSigningUnit()
        Retrieves the signing unit that manages the CA signing key for signing CRL.
        Returns:
        the CA signing unit for CRLs

      • getOCSPSigningUnit

        ISigningUnit getOCSPSigningUnit()
        Retrieves the signing unit that manages the CA signing key for signing OCSP response.
        Returns:
        the CA signing unit for OCSP responses

      • setBasicConstraintMaxLen

        void setBasicConstraintMaxLen​(int num)
        Sets the maximium path length in the basic constraint extension.
        Parameters:
        num - the maximium path length

      • isClone

        boolean isClone()
        Is this a clone CA?
        Returns:
        true if this is a clone CA

      • getRequestListener

        IRequestListener getRequestListener​(java.lang.String name)
        Retrieves the request listener by name.
        Parameters:
        name - request listener name
        Returns:
        the request listener

      • getRequestNotifier

        IRequestNotifier getRequestNotifier()
        get request notifier

      • registerRequestListener

        void registerRequestListener​(IRequestListener listener)
        Registers a request listener.
        Parameters:
        listener - request listener to be registered

      • registerRequestListener

        void registerRequestListener​(java.lang.String name,
                             IRequestListener listener)
        Registers a request listener.
        Parameters:
        name - under request listener is going to be registered
        listener - request listener to be registered

      • getX500Name

        org.mozilla.jss.netscape.security.x509.X500Name getX500Name()
        Retrieves the issuer name of this certificate authority.
        Returns:
        the issuer name of this certificate authority

      • getCRLX500Name

        org.mozilla.jss.netscape.security.x509.X500Name getCRLX500Name()
        Retrieves the issuer name of this certificate authority issuing point.
        Returns:
        the issuer name of this certificate authority issuing point

      • sign

        org.mozilla.jss.netscape.security.x509.X509CRLImpl sign​(org.mozilla.jss.netscape.security.x509.X509CRLImpl crl,
                                                        java.lang.String algname)
                                                 throws EBaseException
        Signs the given CRL with the specific algorithm.
        Parameters:
        crl - CRL to be signed
        algname - algorithm used for signing
        Returns:
        signed CRL
        Throws:
        EBaseException - failed to sign CRL

      • log

        void log​(int level,
         java.lang.String msg)
        Logs a message to this certificate authority.
        Parameters:
        level - logging level
        msg - logged message

      • getNickname

        java.lang.String getNickname()
        Returns the nickname for the CA signing certificate.
        Returns:
        the nickname for the CA signing certificate

      • sign

        org.mozilla.jss.netscape.security.x509.X509CertImpl sign​(org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo,
                                                         java.lang.String algname)
                                                  throws EBaseException
        Signs a X.509 certificate template.
        Parameters:
        certInfo - X.509 certificate template
        algname - algorithm used for signing
        Returns:
        signed certificate
        Throws:
        EBaseException - failed to sign certificate

      • getCAService

        IService getCAService()
        Retrieves the CA service object that is responsible for processing requests.
        Returns:
        CA service object

      • getNumOCSPRequest

        long getNumOCSPRequest()
        Returns the in-memory count of the processed OCSP requests.
        Returns:
        number of processed OCSP requests in memory

      • getOCSPRequestTotalTime

        long getOCSPRequestTotalTime()
        Returns the in-memory time (in mini-second) of the processed time for OCSP requests.
        Returns:
        processed times for OCSP requests

      • getOCSPTotalSignTime

        long getOCSPTotalSignTime()
        Returns the in-memory time (in mini-second) of the signing time for OCSP requests.
        Returns:
        processed times for OCSP requests

      • getOCSPTotalData

        long getOCSPTotalData()
        Returns the total data signed for OCSP requests.
        Returns:
        processed times for OCSP requests

      • getIssuerObj

        org.mozilla.jss.netscape.security.x509.CertificateIssuerName getIssuerObj()

      • getSubjectObj

        org.mozilla.jss.netscape.security.x509.CertificateSubjectName getSubjectObj()

      • isHostAuthority

        boolean isHostAuthority()
        Return whether this CA is the host authority (not a lightweight authority).

      • getAuthorityID

        AuthorityID getAuthorityID()
        Get the AuthorityID of this CA.

      • getAuthorityParentID

        AuthorityID getAuthorityParentID()
        Get the AuthorityID of this CA's parent CA, if available.

      • getAuthorityEnabled

        boolean getAuthorityEnabled()
        Return whether CA is enabled.

      • isReady

        boolean isReady()
        Return whether CA is ready to perform signing operations.

      • ensureReady

        void ensureReady()
          throws ECAException
        Throw an exception if CA is not ready to perform signing operations.
        Throws:
        ECAException

      • getAuthorityDescription

        java.lang.String getAuthorityDescription()
        Return CA description. May be null.

      • renewAuthority

        void renewAuthority​(javax.servlet.http.HttpServletRequest httpReq)
             throws java.lang.Exception
        Renew certificate of CA.
        Throws:
        java.lang.Exception

      • deleteAuthority

        void deleteAuthority​(javax.servlet.http.HttpServletRequest httpReq)
              throws EBaseException
        Delete this lightweight CA.
        Throws:
        EBaseException

      • getIssuanceProtPubKey

        java.security.PublicKey getIssuanceProtPubKey()
        get Issuance Protection Public Key

      • getIssuanceProtPrivKey

        org.mozilla.jss.crypto.PrivateKey getIssuanceProtPrivKey()
        get Issuance Protection Private Key

      • getIssuanceProtCert

        org.mozilla.jss.crypto.X509Certificate getIssuanceProtCert()
        get Issuance Protection Certificate