com.netscape.certsrv.kra
Interface IKeyRecoveryAuthority

All Superinterfaces:
ISubsystem

public interface IKeyRecoveryAuthority
extends ISubsystem

An interface represents key recovery authority. The key recovery authority is responsibile for archiving and recovering user encryption private keys.

Version:
$Revision: 1295 $, $Date: 2010-09-15 09:42:56 -0700 (Wed, 15 Sep 2010) $

Field Summary
static java.lang.String ID
           
static java.lang.String PROP_DBS
           
static java.lang.String PROP_HTTP
           
static java.lang.String PROP_KEYDB_INC
           
static java.lang.String PROP_LOGGING
           
static java.lang.String PROP_NAME
           
static java.lang.String PROP_NEW_NICKNAME
           
static java.lang.String PROP_NOTIFY_SUBSTORE
           
static java.lang.String PROP_POLICY
           
static java.lang.String PROP_PROTECTOR
           
static java.lang.String PROP_QUEUE_REQUESTS
           
static java.lang.String PROP_REQ_IN_Q_SUBSTORE
           
static java.lang.String PROP_SHARE
           
static java.lang.String PROP_STORAGE_KEY
           
static java.lang.String PROP_TOKEN
           
static java.lang.String PROP_TRANSPORT_KEY
           
 
Method Summary
 void addAutoRecovery(java.lang.String id, Credential[] creds)
          Adds credentials to the given authorizated recovery operation.
 void addEntropy(boolean logflag)
          Adds entropy to the token used for supporting server-side keygen Parameters are set in the config file
 void createError(java.lang.String recoveryID, java.lang.String error)
          Creates error for a specific recovery operation.
 void createPk12(java.lang.String recoveryID, byte[] pk12)
          Creates PKCS12 package in memory.
 java.util.Hashtable createVolatileRequest(RequestId id)
          Creates a request object to store attributes that will not be serialized.
 void destroyVolatileRequest(RequestId id)
          Destroys the request object.
 java.util.Vector getAppAgents(java.lang.String recoveryID)
           
 java.util.Enumeration getAutoRecoveryIDs()
          Returns a list of recovery identifiers.
 boolean getAutoRecoveryState()
          Returns the current auto recovery state.
 java.lang.String getError(java.lang.String recoveryID)
          Retrieves error by recovery identifier.
 org.mozilla.jss.crypto.CryptoToken getKeygenToken()
          Returns the token that generates user key pairs for supporting server-side keygen
 IKeyRepository getKeyRepository()
          Retrieves the key repository.
 java.lang.String getNewNickName()
          Returns the new nickname of the transport certifiate.
 java.lang.String getNickname()
          Returns the nickname of the transport certificate.
 int getNoOfRequiredAgents()
          Returns the number of required agents.
 byte[] getPk12(java.lang.String recoveryID)
          Retrieves PKCS12 package by recovery identifier.
 IPolicyProcessor getPolicyProcessor()
          Returns policy processor of the key recovery authority.
 java.lang.String getRecoveryID()
          Returns the current recovery identifier.
 IReplicaIDRepository getReplicaRepository()
          Retrieves the Replica ID repository.
 IRequestListener getRequestInQListener()
          Returns the request listener that listens on the request completion event.
 IRequestQueue getRequestQueue()
          Retrieves KRA request repository.
 IStorageKeyUnit getStorageKeyUnit()
          Returns the storage key unit that manages the stoarge key.
 org.mozilla.jss.crypto.X509Certificate getTransportCert()
          Retrieves the transport certificate.
 ITransportKeyUnit getTransportKeyUnit()
          Returns the transport key unit that manages the transport key.
 java.util.Hashtable getVolatileRequest(RequestId id)
          Retrieves the request object.
 netscape.security.x509.X500Name getX500Name()
          Returns the name of this subsystem.
 void log(int level, java.lang.String msg)
          Logs event into key recovery authority logging.
 void removeAutoRecovery(java.lang.String id)
          Removes a particular auto recovery operation.
 boolean setAutoRecoveryState(Credential[] cs, boolean on)
          Enables the auto recovery state.
 void setNewNickName(java.lang.String name)
          Sets the new nickname of the transport certifiate.
 void setNickname(java.lang.String str)
          Sets the nickname of the transport certificate.
 void setNoOfRequiredAgents(int number)
          Sets the number of required recovery agents
 
Methods inherited from interface com.netscape.certsrv.base.ISubsystem
getConfigStore, getId, init, setId, shutdown, startup
 

Field Detail

ID

static final java.lang.String ID
See Also:
Constant Field Values

PROP_NAME

static final java.lang.String PROP_NAME
See Also:
Constant Field Values

PROP_HTTP

static final java.lang.String PROP_HTTP
See Also:
Constant Field Values

PROP_POLICY

static final java.lang.String PROP_POLICY
See Also:
Constant Field Values

PROP_DBS

static final java.lang.String PROP_DBS
See Also:
Constant Field Values

PROP_TOKEN

static final java.lang.String PROP_TOKEN
See Also:
Constant Field Values

PROP_SHARE

static final java.lang.String PROP_SHARE
See Also:
Constant Field Values

PROP_PROTECTOR

static final java.lang.String PROP_PROTECTOR
See Also:
Constant Field Values

PROP_LOGGING

static final java.lang.String PROP_LOGGING
See Also:
Constant Field Values

PROP_QUEUE_REQUESTS

static final java.lang.String PROP_QUEUE_REQUESTS
See Also:
Constant Field Values

PROP_STORAGE_KEY

static final java.lang.String PROP_STORAGE_KEY
See Also:
Constant Field Values

PROP_TRANSPORT_KEY

static final java.lang.String PROP_TRANSPORT_KEY
See Also:
Constant Field Values

PROP_NEW_NICKNAME

static final java.lang.String PROP_NEW_NICKNAME
See Also:
Constant Field Values

PROP_KEYDB_INC

static final java.lang.String PROP_KEYDB_INC
See Also:
Constant Field Values

PROP_NOTIFY_SUBSTORE

static final java.lang.String PROP_NOTIFY_SUBSTORE
See Also:
Constant Field Values

PROP_REQ_IN_Q_SUBSTORE

static final java.lang.String PROP_REQ_IN_Q_SUBSTORE
See Also:
Constant Field Values
Method Detail

getX500Name

netscape.security.x509.X500Name getX500Name()
Returns the name of this subsystem.

Returns:
KRA name

getRequestQueue

IRequestQueue getRequestQueue()
Retrieves KRA request repository.

Returns:
request repository

getKeyRepository

IKeyRepository getKeyRepository()
Retrieves the key repository. The key repository stores archived keys.


getReplicaRepository

IReplicaIDRepository getReplicaRepository()
Retrieves the Replica ID repository.

Returns:
KRA's Replica ID repository

setAutoRecoveryState

boolean setAutoRecoveryState(Credential[] cs,
                             boolean on)
Enables the auto recovery state. Once KRA is in the auto recovery state, no recovery agents need to be present for providing credentials. This feature is for enabling user-based recovery operation.

Parameters:
cs - list of agent credentials
on - true if auto recovery state is on
Returns:
current auto recovery state

getAutoRecoveryState

boolean getAutoRecoveryState()
Returns the current auto recovery state.

Returns:
true if auto recvoery state is on

addAutoRecovery

void addAutoRecovery(java.lang.String id,
                     Credential[] creds)
Adds credentials to the given authorizated recovery operation. In distributed recovery mode, recovery agent login to the agent interface and submit its credential for a particular recovery operation.

Parameters:
id - authorization identifier
creds - list of credentials

removeAutoRecovery

void removeAutoRecovery(java.lang.String id)
Removes a particular auto recovery operation.

Parameters:
id - authorization identifier

getNoOfRequiredAgents

int getNoOfRequiredAgents()
                          throws EBaseException
Returns the number of required agents. In M-out-of-N recovery schema, only M agents are required even there are N agents. This method returns M.

Returns:
number of required agents
Throws:
EBaseException

setNoOfRequiredAgents

void setNoOfRequiredAgents(int number)
                           throws EBaseException
Sets the number of required recovery agents

Parameters:
number - number of agents
Throws:
EBaseException

getRecoveryID

java.lang.String getRecoveryID()
Returns the current recovery identifier.

Returns:
recovery identifier

getAutoRecoveryIDs

java.util.Enumeration getAutoRecoveryIDs()
Returns a list of recovery identifiers.

Returns:
list of auto recovery identifiers

getStorageKeyUnit

IStorageKeyUnit getStorageKeyUnit()
Returns the storage key unit that manages the stoarge key.

Returns:
storage key unit

getTransportKeyUnit

ITransportKeyUnit getTransportKeyUnit()
Returns the transport key unit that manages the transport key.

Returns:
transport key unit

getKeygenToken

org.mozilla.jss.crypto.CryptoToken getKeygenToken()
Returns the token that generates user key pairs for supporting server-side keygen

Returns:
keygen token

addEntropy

void addEntropy(boolean logflag)
Adds entropy to the token used for supporting server-side keygen Parameters are set in the config file

Parameters:
logflag - create log messages at info level to report entropy shortage

getRequestInQListener

IRequestListener getRequestInQListener()
Returns the request listener that listens on the request completion event.

Returns:
request listener

getPolicyProcessor

IPolicyProcessor getPolicyProcessor()
Returns policy processor of the key recovery authority.

Returns:
policy processor

getNickname

java.lang.String getNickname()
Returns the nickname of the transport certificate.

Returns:
transport certificate nickname.

setNickname

void setNickname(java.lang.String str)
Sets the nickname of the transport certificate.

Parameters:
str - nickname

getNewNickName

java.lang.String getNewNickName()
                                throws EBaseException
Returns the new nickname of the transport certifiate.

Returns:
new nickname
Throws:
EBaseException

setNewNickName

void setNewNickName(java.lang.String name)
Sets the new nickname of the transport certifiate.

Parameters:
name - new nickname

log

void log(int level,
         java.lang.String msg)
Logs event into key recovery authority logging.

Parameters:
level - log level
msg - log message

createVolatileRequest

java.util.Hashtable createVolatileRequest(RequestId id)
Creates a request object to store attributes that will not be serialized. Currently, request queue framework will try to serialize all the attribute into persistent storage. Things like passwords are not desirable to be stored.

Parameters:
id - request id
Returns:
volatile requests

getVolatileRequest

java.util.Hashtable getVolatileRequest(RequestId id)
Retrieves the request object.

Parameters:
id - request id
Returns:
volatile requests

destroyVolatileRequest

void destroyVolatileRequest(RequestId id)
Destroys the request object.

Parameters:
id - request id

getAppAgents

java.util.Vector getAppAgents(java.lang.String recoveryID)
                              throws EBaseException
Throws:
EBaseException

createError

void createError(java.lang.String recoveryID,
                 java.lang.String error)
                 throws EBaseException
Creates error for a specific recovery operation.

Parameters:
recoveryID - recovery id
error - error
Throws:
EBaseException - failed to create error

getError

java.lang.String getError(java.lang.String recoveryID)
                          throws EBaseException
Retrieves error by recovery identifier.

Parameters:
recoveryID - recovery id
Returns:
error message
Throws:
EBaseException

getPk12

byte[] getPk12(java.lang.String recoveryID)
               throws EBaseException
Retrieves PKCS12 package by recovery identifier.

Parameters:
recoveryID - recovery id
Returns:
pkcs12 package in bytes
Throws:
EBaseException

createPk12

void createPk12(java.lang.String recoveryID,
                byte[] pk12)
                throws EBaseException
Creates PKCS12 package in memory.

Parameters:
recoveryID - recovery id
pk12 - package in bytes
Throws:
EBaseException

getTransportCert

org.mozilla.jss.crypto.X509Certificate getTransportCert()
Retrieves the transport certificate.