|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface ICRLIssuingPoint
This class encapsulates CRL issuing mechanism. CertificateAuthority contains a map of CRLIssuingPoint indexed by string ids. Each issuing point contains information about CRL issuing and publishing parameters as well as state information which includes last issued CRL, next CRL serial number, time of the next update etc. If autoUpdateInterval is set to non-zero value then worker thread is created that will perform CRL update at scheduled intervals. Update can also be triggered by invoking updateCRL method directly. Another parameter minUpdateInterval can be used to prevent CRL from being updated too often
Field Summary | |
---|---|
static int |
CRL_IP_INITIALIZATION_FAILED
|
static int |
CRL_IP_INITIALIZED
|
static int |
CRL_IP_NOT_INITIALIZED
|
static int |
CRL_PUBLISHING_STARTED
|
static int |
CRL_UPDATE_DONE
for manual updates - requested by agent |
static int |
CRL_UPDATE_STARTED
|
static java.lang.String |
PROP_BEGIN_SERIAL
|
static java.lang.String |
PROP_END_SERIAL
|
static java.lang.String |
PROP_MIN_UPDATE_INTERVAL
|
static java.lang.String |
PROP_PUBLISH_DN
|
static java.lang.String |
PROP_PUBLISH_ON_START
|
static java.lang.String |
SC_CRL_COUNT
|
static java.lang.String |
SC_IS_DELTA_CRL
|
static java.lang.String |
SC_ISSUING_POINT_ID
|
Method Summary | |
---|---|
void |
addExpiredCert(java.math.BigInteger serialNumber)
Adds expired and revoked certificate to delta-CRL cache. |
void |
addRevokedCert(java.math.BigInteger serialNumber,
netscape.security.x509.RevokedCertImpl revokedCert)
Adds revoked certificate to delta-CRL cache. |
void |
addRevokedCert(java.math.BigInteger serialNumber,
netscape.security.x509.RevokedCertImpl revokedCert,
java.lang.String requestId)
Adds revoked certificate to delta-CRL cache. |
void |
addUnrevokedCert(java.math.BigInteger serialNumber)
Adds unrevoked certificate to delta-CRL cache. |
void |
addUnrevokedCert(java.math.BigInteger serialNumber,
java.lang.String requestId)
Adds unrevoked certificate to delta-CRL cache. |
boolean |
areExpiredCertsIncluded()
Checks if expired certificates are included in CRL. |
boolean |
checkCurrentProfile(java.lang.String id)
Checks if CRL issuing point includes this profile. |
void |
clearCRLCache()
Clears CRL cache |
void |
clearDeltaCRLCache()
Clears delta-CRL cache |
void |
enableCRLIssuingPoint(boolean enable)
Enables or disables CRL issuing point according to parameter. |
boolean |
getAlwaysUpdate()
Returns true if CRL is updated for every change of revocation status of any certificate. |
long |
getAutoUpdateInterval()
Returns auto update interval in milliseconds. |
ISubsystem |
getCertificateAuthority()
Returns certificate authority. |
ICMSCRLExtensions |
getCRLExtensions()
Returns list of CRL extensions. |
java.math.BigInteger |
getCRLNumber()
Returns current CRL number of this CRL issuing point. |
java.lang.String |
getCrlPublishErrorStr()
Returns CRL publishing error. |
java.lang.String |
getCrlPublishStatusStr()
Returns CRL publishing status. |
int |
getCRLSchema()
Returns current CRL generation schema for this CRL issuing point. |
long |
getCRLSize()
Returns number of entries in the current CRL. |
java.lang.String |
getCrlUpdateErrorStr()
Returns CRL update error. |
java.lang.String |
getCrlUpdateStatusStr()
Returns CRL update status. |
java.math.BigInteger |
getDeltaCRLNumber()
Returns current delta CRL number of this CRL issuing point. |
long |
getDeltaCRLSize()
Returns number of entries in delta CRL |
java.lang.String |
getDescription()
Returns internal description of this CRL issuing point. |
java.lang.String |
getFilter()
Returns filter used to build CRL based on information stored in local directory. |
java.lang.String |
getId()
Returns internal id of this CRL issuing point. |
java.lang.String |
getLastSigningAlgorithm()
Returns signing algorithm used in last signing operation.. |
java.util.Date |
getLastUpdate()
Returns time of the last update. |
java.math.BigInteger |
getNextCRLNumber()
Returns next CRL number of this CRL issuing point. |
java.util.Date |
getNextDeltaUpdate()
Returns time of the next delta CRL update. |
java.util.Date |
getNextUpdate()
Returns time of the next update. |
long |
getNextUpdateGracePeriod()
Returns next update grace period in minutes. |
int |
getNumberOfRecentlyExpiredCerts()
Returns number of recently expired and revoked certificates. |
int |
getNumberOfRecentlyRevokedCerts()
Returns number of recently revoked certificates. |
int |
getNumberOfRecentlyUnrevokedCerts()
Returns number of recently unrevoked certificates. |
java.lang.String |
getPublishDN()
Returns DN of the directory entry where CRLs from this issuing point are published. |
netscape.security.x509.CRLExtensions |
getRequiredEntryExtensions(netscape.security.x509.CRLExtensions exts)
Converts list of extensions supplied by revocation request to list of extensions required to be placed in CRL. |
java.util.Date |
getRevocationDateFromCache(java.math.BigInteger serialNumber,
boolean checkDeltaCache,
boolean includeExpiredCerts)
Returns date of revoked certificate or null if certificated is not listed as revoked. |
java.util.Set |
getRevokedCertificates(int start,
int end)
Returns all the revoked certificates from the CRL cache. |
java.lang.String |
getSigningAlgorithm()
Returns signing algorithm. |
java.util.Vector |
getSplitTimes()
Returns split times from CRL generation. |
void |
init(ISubsystem ca,
java.lang.String id,
IConfigStore config)
Initializes CRL issuing point. |
boolean |
isCACertsOnly()
Checks if CRL includes CA certificates only. |
boolean |
isCRLCacheEmpty()
Returns true if CRL cache is empty. |
boolean |
isCRLCacheEnabled()
Returns true if CRL cache is enabled. |
boolean |
isCRLCacheTestingEnabled()
Returns true if CRL cache testing is enabled. |
boolean |
isCRLGenerationEnabled()
Returns true if CRL generation is enabled. |
boolean |
isCRLIssuingPointEnabled()
Returns true if CRL issuing point is enabled. |
int |
isCRLIssuingPointInitialized()
Returns CRL issuing point initialization status. |
int |
isCRLUpdateInProgress()
Returns status of CRL generation. |
boolean |
isDeltaCRLEnabled()
Returns true if delta-CRL is enabled. |
boolean |
isManualUpdateSet()
Checks if manual update is set. |
boolean |
isProfileCertsOnly()
Checks if CRL includes profile certificates only. |
boolean |
isThisCurrentDeltaCRL(netscape.security.x509.X509CRLImpl deltaCRL)
Returns true if supplied delta-CRL is matching current delta-CRL. |
void |
processRevokedCerts(IElementProcessor cp)
Builds a list of revoked certificates to put them into CRL. |
void |
setDescription(java.lang.String description)
Sets internal description of this CRL issuing point. |
void |
setManualUpdate(java.lang.String signatureAlgorithm)
Schedules immediate CRL manual-update and sets signature algorithm to be used for signing. |
void |
shutdown()
This method is called during shutdown. |
boolean |
updateConfig(NameValuePairs params)
Updates issuing point configuration according to supplied data in name value pairs. |
void |
updateCRLCacheRepository()
Updates CRL cache into local directory. |
void |
updateCRLNow()
Generates CRL now based on cache or local directory if cache is not available. |
void |
updateCRLNow(java.lang.String signingAlgorithm)
Generates CRL now based on cache or local directory if cache is not available. |
Field Detail |
---|
static final java.lang.String PROP_PUBLISH_DN
static final java.lang.String PROP_PUBLISH_ON_START
static final java.lang.String PROP_MIN_UPDATE_INTERVAL
static final java.lang.String PROP_BEGIN_SERIAL
static final java.lang.String PROP_END_SERIAL
static final java.lang.String SC_ISSUING_POINT_ID
static final java.lang.String SC_IS_DELTA_CRL
static final java.lang.String SC_CRL_COUNT
static final int CRL_UPDATE_DONE
static final int CRL_UPDATE_STARTED
static final int CRL_PUBLISHING_STARTED
static final int CRL_IP_NOT_INITIALIZED
static final int CRL_IP_INITIALIZED
static final int CRL_IP_INITIALIZATION_FAILED
Method Detail |
---|
boolean isCRLIssuingPointEnabled()
boolean isCRLGenerationEnabled()
void enableCRLIssuingPoint(boolean enable)
enable
- if true enables CRL issuing pointjava.lang.String getCrlUpdateStatusStr()
java.lang.String getCrlUpdateErrorStr()
java.lang.String getCrlPublishStatusStr()
java.lang.String getCrlPublishErrorStr()
int isCRLIssuingPointInitialized()
boolean isManualUpdateSet()
boolean areExpiredCertsIncluded()
boolean isCACertsOnly()
boolean isProfileCertsOnly()
boolean checkCurrentProfile(java.lang.String id)
void init(ISubsystem ca, java.lang.String id, IConfigStore config) throws EBaseException
ca
- certificate authority that holds CRL issuing pointid
- CRL issuing point idconfig
- configuration sub-store for CRL issuing point
EBaseException
- thrown if initialization failedvoid shutdown()
java.lang.String getId()
java.lang.String getDescription()
void setDescription(java.lang.String description)
description
- description for this CRL issuing point.java.lang.String getPublishDN()
java.lang.String getSigningAlgorithm()
java.lang.String getLastSigningAlgorithm()
int getCRLSchema()
java.math.BigInteger getCRLNumber()
java.math.BigInteger getDeltaCRLNumber()
java.math.BigInteger getNextCRLNumber()
long getCRLSize()
long getDeltaCRLSize()
java.util.Date getLastUpdate()
java.util.Date getNextUpdate()
java.util.Date getNextDeltaUpdate()
java.util.Set getRevokedCertificates(int start, int end)
start
- first requested CRL entryend
- next after last requested CRL entry
ISubsystem getCertificateAuthority()
void setManualUpdate(java.lang.String signatureAlgorithm)
signatureAlgorithm
- signature algorithm to be used for signinglong getAutoUpdateInterval()
boolean getAlwaysUpdate()
long getNextUpdateGracePeriod()
java.lang.String getFilter()
void processRevokedCerts(IElementProcessor cp) throws EBaseException
cp
- certificate record processor
EBaseException
- if an error occurred in the database.java.util.Date getRevocationDateFromCache(java.math.BigInteger serialNumber, boolean checkDeltaCache, boolean includeExpiredCerts)
serialNumber
- serial number of certificate to be checkedcheckDeltaCache
- true if delta CRL cache suppose to be
included in checking processincludeExpiredCerts
- true if delta CRL cache with expired
certificates suppose to be included in checking process
java.util.Vector getSplitTimes()
void updateCRLNow(java.lang.String signingAlgorithm) throws EBaseException
signingAlgorithm
- signing algorithm to be used for CRL signing
EBaseException
- if an error occurred during
CRL generation or publishingvoid clearCRLCache()
void clearDeltaCRLCache()
int getNumberOfRecentlyRevokedCerts()
int getNumberOfRecentlyUnrevokedCerts()
int getNumberOfRecentlyExpiredCerts()
netscape.security.x509.CRLExtensions getRequiredEntryExtensions(netscape.security.x509.CRLExtensions exts)
exts
- list of extensions supplied by revocation request
void addRevokedCert(java.math.BigInteger serialNumber, netscape.security.x509.RevokedCertImpl revokedCert)
serialNumber
- serial number of revoked certificaterevokedCert
- revocation information supplied by revocation requestvoid addRevokedCert(java.math.BigInteger serialNumber, netscape.security.x509.RevokedCertImpl revokedCert, java.lang.String requestId)
serialNumber
- serial number of revoked certificaterevokedCert
- revocation information supplied by revocation requestrequestId
- revocation request idvoid addUnrevokedCert(java.math.BigInteger serialNumber)
serialNumber
- serial number of unrevoked certificatevoid addUnrevokedCert(java.math.BigInteger serialNumber, java.lang.String requestId)
serialNumber
- serial number of unrevoked certificaterequestId
- unrevocation request idvoid addExpiredCert(java.math.BigInteger serialNumber)
serialNumber
- serial number of expired and revoked certificatevoid updateCRLCacheRepository()
boolean updateConfig(NameValuePairs params)
params
- name value pairs defining new issuing point configuration
boolean isDeltaCRLEnabled()
boolean isCRLCacheEnabled()
boolean isCRLCacheEmpty()
boolean isCRLCacheTestingEnabled()
boolean isThisCurrentDeltaCRL(netscape.security.x509.X509CRLImpl deltaCRL)
deltaCRL
- delta-CRL to verify against current delta-CRL
int isCRLUpdateInProgress()
void updateCRLNow() throws EBaseException
EBaseException
- if an error occurred during
CRL generation or publishingICMSCRLExtensions getCRLExtensions()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |