|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface ICertificateAuthority
An interface represents a Certificate Authority that is responsible for certificate specific operations.
Field Summary | |
---|---|
static java.lang.String |
ID
|
static java.lang.String |
PROP_CA_CERT
|
static java.lang.String |
PROP_CA_CHAIN
|
static java.lang.String |
PROP_CA_CHAIN_NUM
|
static java.lang.String |
PROP_CA_NAMES
|
static java.lang.String |
PROP_CERT_ISSUED_SUBSTORE
|
static java.lang.String |
PROP_CERT_REVOKED_SUBSTORE
|
static java.lang.String |
PROP_CERTDB_INC
|
static java.lang.String |
PROP_CERTDB_TRANS_MAXRECORDS
|
static java.lang.String |
PROP_CERTDB_TRANS_PAGESIZE
|
static java.lang.String |
PROP_CLASS
|
static java.lang.String |
PROP_CRL_PAGE_SIZE
|
static java.lang.String |
PROP_CRL_SIGNING_SUBSTORE
|
static java.lang.String |
PROP_CRL_SUBSTORE
|
static java.lang.String |
PROP_CRLDB_INC
|
static java.lang.String |
PROP_CRLEXT_SUBSTORE
|
static java.lang.String |
PROP_DBS_SUBSTORE
|
static java.lang.String |
PROP_DEF_VALIDITY
|
static java.lang.String |
PROP_ENABLE_ADMIN_ENROLL
|
static java.lang.String |
PROP_ENABLE_LDAP_PUBLISH
|
static java.lang.String |
PROP_ENABLE_OCSP
|
static java.lang.String |
PROP_ENABLE_PAST_CATIME
|
static java.lang.String |
PROP_ENABLE_PUBLISH
|
static java.lang.String |
PROP_EXPIREDCERTS_CLASS
|
static java.lang.String |
PROP_FAST_SIGNING
|
static java.lang.String |
PROP_GATEWAY
|
static java.lang.String |
PROP_ID
|
static java.lang.String |
PROP_IMPL
|
static java.lang.String |
PROP_INSTANCE
|
static java.lang.String |
PROP_ISSUER_NAME
|
static java.lang.String |
PROP_ISSUING_CLASS
|
static java.lang.String |
PROP_LDAP_PUBLISH_SUBSTORE
|
static java.lang.String |
PROP_LISTENER_SUBSTORE
|
static java.lang.String |
PROP_MASTER_CRL
|
static java.lang.String |
PROP_NOTIFY_SUBSTORE
|
static java.lang.String |
PROP_OCSP_SIGNING_SUBSTORE
|
static java.lang.String |
PROP_PLUGIN
|
static java.lang.String |
PROP_POLICY
|
static java.lang.String |
PROP_PUB_QUEUE_SUBSTORE
|
static java.lang.String |
PROP_PUBLISH_SUBSTORE
|
static java.lang.String |
PROP_REGISTRATION
|
static java.lang.String |
PROP_REQ_IN_Q_SUBSTORE
|
static java.lang.String |
PROP_SIGNING_SUBSTORE
|
static java.lang.String |
PROP_TYPE
|
static java.lang.String |
PROP_X509CERT_VERSION
|
Method Summary | |
---|---|
boolean |
addCRLIssuingPoint(IConfigStore crlSubStore,
java.lang.String id,
boolean enable,
java.lang.String description)
Adds CRL issuing point with the given identifier and description. |
void |
deleteCRLIssuingPoint(IConfigStore crlSubStore,
java.lang.String id)
Deletes CRL issuing point with the given identifier. |
netscape.security.x509.X509CertImpl |
getCACert()
Retrieves the CA certificate. |
netscape.security.x509.CertificateChain |
getCACertChain()
Retrieves the CA certificate chain. |
IService |
getCAService()
Retrieves the CA service object that is responsible for processing requests. |
java.lang.String[] |
getCASigningAlgorithms()
Retrieves the supported signing algorithms of this certificate authority. |
org.mozilla.jss.crypto.X509Certificate |
getCaX509Cert()
Retrieves the CA certificate. |
ICertificateRepository |
getCertificateRepository()
Retrieves the certificate repository where all the locally issued certificates are kept. |
IRequestListener |
getCertIssuedListener()
Retrieves the request listener for issued certificates. |
IRequestListener |
getCertRevokedListener()
Retrieves the request listener for revoked certificates. |
ICRLIssuingPoint |
getCRLIssuingPoint(java.lang.String id)
Retrieves CRL issuing point with the given identifier. |
java.util.Enumeration |
getCRLIssuingPoints()
Retrieves all the CRL issuing points. |
ICRLRepository |
getCRLRepository()
Retrieves the CRL repository. |
ISigningUnit |
getCRLSigningUnit()
Retrieves the signing unit that manages the CA signing key for signing CRL. |
netscape.security.x509.X500Name |
getCRLX500Name()
Retrieves the issuer name of this certificate authority issuing point. |
java.lang.String |
getDefaultAlgorithm()
Retrieves the default signing algorithm of this certificate authority. |
netscape.security.x509.CertificateVersion |
getDefaultCertVersion()
Retrieves the default certificate version. |
org.mozilla.jss.crypto.SignatureAlgorithm |
getDefaultSignatureAlgorithm()
Retrieves the default signature algorithm of this certificate authority. |
long |
getDefaultValidity()
Retrieves the default validity period. |
java.lang.String |
getMaxSerial()
Retrieves the last serial number that can be used for certificate issuance in this certificate authority. |
java.lang.String |
getNickname()
Returns the nickname for the CA signing certificate. |
Nonces |
getNonces()
|
long |
getNumOCSPRequest()
Returns the in-memory count of the processed OCSP requests. |
long |
getOCSPRequestTotalTime()
Returns the in-memory time (in mini-second) of the processed time for OCSP requests. |
ISigningUnit |
getOCSPSigningUnit()
Retrieves the signing unit that manages the CA signing key for signing OCSP response. |
long |
getOCSPTotalData()
Returns the total data signed for OCSP requests. |
long |
getOCSPTotalSignTime()
Returns the in-memory time (in mini-second) of the signing time for OCSP requests. |
IPolicyProcessor |
getPolicyProcessor()
Retrieves the policy processor of this certificate authority. |
IPublisherProcessor |
getPublisherProcessor()
Retrieves the publishing processor of this certificate authority. |
IReplicaIDRepository |
getReplicaRepository()
Retrieves the Replica ID repository. |
IRequestListener |
getRequestInQListener()
Retrieves the request in queue listener. |
IRequestListener |
getRequestListener(java.lang.String name)
Retrieves the request listener by name. |
java.util.Enumeration |
getRequestListenerNames()
Retrieves all request listeners. |
IRequestNotifier |
getRequestNotifier()
get request notifier |
IRequestQueue |
getRequestQueue()
Retrieves the request queue of this certificate authority. |
ISigningUnit |
getSigningUnit()
Retrieves the signing unit that manages the CA signing key for signing certificates. |
java.lang.String |
getStartSerial()
Retrieves the next available serial number. |
netscape.security.x509.X500Name |
getX500Name()
Retrieves the issuer name of this certificate authority. |
boolean |
isClone()
Is this a clone CA? |
boolean |
isEnablePastCATime()
Is this CA allowed to issue certificate that has longer validty than the CA's. |
void |
log(int level,
java.lang.String msg)
Logs a message to this certificate authority. |
boolean |
noncesEnabled()
|
void |
publishCRLNow()
Publishes the CRL immediately for MasterCRL issuing point if it exists. |
void |
registerRequestListener(IRequestListener listener)
Registers a request listener. |
void |
registerRequestListener(java.lang.String name,
IRequestListener listener)
Registers a request listener. |
void |
setBasicConstraintMaxLen(int num)
Sets the maximium path length in the basic constraint extension. |
void |
setDefaultAlgorithm(java.lang.String algorithm)
Sets the default signing algorithm of this certificate authority. |
void |
setMaxSerial(java.lang.String serial)
Sets the last serial number that can be used for certificate issuance in this certificate authority. |
void |
setStartSerial(java.lang.String serial)
Sets the next available serial number. |
void |
setValidity(java.lang.String enableCAPast)
Allows certificates to have validities that are longer than this certificate authority's. |
netscape.security.x509.X509CertImpl |
sign(netscape.security.x509.X509CertInfo certInfo,
java.lang.String algname)
Signs a X.509 certificate template. |
netscape.security.x509.X509CRLImpl |
sign(netscape.security.x509.X509CRLImpl crl,
java.lang.String algname)
Signs the given CRL with the specific algorithm. |
void |
updateCRLNow()
Updates the CRL immediately for MasterCRL issuing point if it exists. |
Methods inherited from interface com.netscape.certsrv.base.ISubsystem |
---|
getConfigStore, getId, init, setId, shutdown, startup |
Field Detail |
---|
static final java.lang.String ID
static final java.lang.String PROP_CERTDB_INC
static final java.lang.String PROP_CRLDB_INC
static final java.lang.String PROP_REGISTRATION
static final java.lang.String PROP_POLICY
static final java.lang.String PROP_GATEWAY
static final java.lang.String PROP_CLASS
static final java.lang.String PROP_TYPE
static final java.lang.String PROP_IMPL
static final java.lang.String PROP_PLUGIN
static final java.lang.String PROP_INSTANCE
static final java.lang.String PROP_LISTENER_SUBSTORE
static final java.lang.String PROP_LDAP_PUBLISH_SUBSTORE
static final java.lang.String PROP_PUBLISH_SUBSTORE
static final java.lang.String PROP_ENABLE_PUBLISH
static final java.lang.String PROP_ENABLE_LDAP_PUBLISH
static final java.lang.String PROP_X509CERT_VERSION
static final java.lang.String PROP_ENABLE_PAST_CATIME
static final java.lang.String PROP_DEF_VALIDITY
static final java.lang.String PROP_FAST_SIGNING
static final java.lang.String PROP_ENABLE_ADMIN_ENROLL
static final java.lang.String PROP_CRL_SUBSTORE
static final java.lang.String PROP_CRL_PAGE_SIZE
static final java.lang.String PROP_MASTER_CRL
static final java.lang.String PROP_CRLEXT_SUBSTORE
static final java.lang.String PROP_ISSUING_CLASS
static final java.lang.String PROP_EXPIREDCERTS_CLASS
static final java.lang.String PROP_NOTIFY_SUBSTORE
static final java.lang.String PROP_CERT_ISSUED_SUBSTORE
static final java.lang.String PROP_CERT_REVOKED_SUBSTORE
static final java.lang.String PROP_REQ_IN_Q_SUBSTORE
static final java.lang.String PROP_PUB_QUEUE_SUBSTORE
static final java.lang.String PROP_ISSUER_NAME
static final java.lang.String PROP_CA_NAMES
static final java.lang.String PROP_DBS_SUBSTORE
static final java.lang.String PROP_SIGNING_SUBSTORE
static final java.lang.String PROP_CA_CHAIN_NUM
static final java.lang.String PROP_CA_CHAIN
static final java.lang.String PROP_CA_CERT
static final java.lang.String PROP_ENABLE_OCSP
static final java.lang.String PROP_OCSP_SIGNING_SUBSTORE
static final java.lang.String PROP_CRL_SIGNING_SUBSTORE
static final java.lang.String PROP_ID
static final java.lang.String PROP_CERTDB_TRANS_MAXRECORDS
static final java.lang.String PROP_CERTDB_TRANS_PAGESIZE
Method Detail |
---|
ICertificateRepository getCertificateRepository()
IRequestQueue getRequestQueue()
IPolicyProcessor getPolicyProcessor()
boolean noncesEnabled()
Nonces getNonces()
IPublisherProcessor getPublisherProcessor()
java.lang.String getStartSerial()
void setStartSerial(java.lang.String serial) throws EBaseException
serial
- next available serial number
EBaseException
- failed to set next available serial numberjava.lang.String getMaxSerial()
void setMaxSerial(java.lang.String serial) throws EBaseException
serial
- the last serial number
EBaseException
- failed to set the last serial numberorg.mozilla.jss.crypto.SignatureAlgorithm getDefaultSignatureAlgorithm()
java.lang.String getDefaultAlgorithm()
void setDefaultAlgorithm(java.lang.String algorithm) throws EBaseException
algorithm
- new default signing algorithm
EBaseException
- failed to set the default signing algorithmjava.lang.String[] getCASigningAlgorithms()
void setValidity(java.lang.String enableCAPast) throws EBaseException
enableCAPast
- if equals "true", it allows certificates
to have validity longer than CA's certificate validity
EBaseException
- failed to set above optionlong getDefaultValidity()
java.util.Enumeration getCRLIssuingPoints()
ICRLIssuingPoint getCRLIssuingPoint(java.lang.String id)
id
- CRL issuing point id
boolean addCRLIssuingPoint(IConfigStore crlSubStore, java.lang.String id, boolean enable, java.lang.String description)
crlSubStore
- sub-store with all CRL issuing pointsid
- CRL issuing point iddescription
- CRL issuing point description
void deleteCRLIssuingPoint(IConfigStore crlSubStore, java.lang.String id)
crlSubStore
- sub-store with all CRL issuing pointsid
- CRL issuing point idICRLRepository getCRLRepository()
IReplicaIDRepository getReplicaRepository()
IRequestListener getRequestInQListener()
java.util.Enumeration getRequestListenerNames()
IRequestListener getCertIssuedListener()
IRequestListener getCertRevokedListener()
netscape.security.x509.CertificateChain getCACertChain()
org.mozilla.jss.crypto.X509Certificate getCaX509Cert()
netscape.security.x509.X509CertImpl getCACert()
void updateCRLNow() throws EBaseException
EBaseException
- failed to create or publish CRLvoid publishCRLNow() throws EBaseException
EBaseException
- failed to publish CRLISigningUnit getSigningUnit()
ISigningUnit getCRLSigningUnit()
ISigningUnit getOCSPSigningUnit()
void setBasicConstraintMaxLen(int num)
num
- the maximium path lengthboolean isClone()
IRequestListener getRequestListener(java.lang.String name)
name
- request listener name
IRequestNotifier getRequestNotifier()
void registerRequestListener(IRequestListener listener)
listener
- request listener to be registeredvoid registerRequestListener(java.lang.String name, IRequestListener listener)
name
- under request listener is going to be registeredlistener
- request listener to be registerednetscape.security.x509.X500Name getX500Name()
netscape.security.x509.X500Name getCRLX500Name()
netscape.security.x509.X509CRLImpl sign(netscape.security.x509.X509CRLImpl crl, java.lang.String algname) throws EBaseException
crl
- CRL to be signedalgname
- algorithm used for signing
EBaseException
- failed to sign CRLvoid log(int level, java.lang.String msg)
level
- logging levelmsg
- logged messagejava.lang.String getNickname()
netscape.security.x509.X509CertImpl sign(netscape.security.x509.X509CertInfo certInfo, java.lang.String algname) throws EBaseException
certInfo
- X.509 certificate templatealgname
- algorithm used for signing
EBaseException
- failed to sign certificatenetscape.security.x509.CertificateVersion getDefaultCertVersion()
boolean isEnablePastCATime()
IService getCAService()
long getNumOCSPRequest()
long getOCSPRequestTotalTime()
long getOCSPTotalSignTime()
long getOCSPTotalData()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |