com.netscape.certsrv.ca
Interface ICertificateAuthority

All Superinterfaces:
ISubsystem

public interface ICertificateAuthority
extends ISubsystem

An interface represents a Certificate Authority that is responsible for certificate specific operations.

Version:
$Revision: 1310 $, $Date: 2010-09-20 17:28:48 -0700 (Mon, 20 Sep 2010) $

Field Summary
static java.lang.String ID
           
static java.lang.String PROP_CA_CERT
           
static java.lang.String PROP_CA_CHAIN
           
static java.lang.String PROP_CA_CHAIN_NUM
           
static java.lang.String PROP_CA_NAMES
           
static java.lang.String PROP_CERT_ISSUED_SUBSTORE
           
static java.lang.String PROP_CERT_REVOKED_SUBSTORE
           
static java.lang.String PROP_CERTDB_INC
           
static java.lang.String PROP_CERTDB_TRANS_MAXRECORDS
           
static java.lang.String PROP_CERTDB_TRANS_PAGESIZE
           
static java.lang.String PROP_CLASS
           
static java.lang.String PROP_CRL_PAGE_SIZE
           
static java.lang.String PROP_CRL_SIGNING_SUBSTORE
           
static java.lang.String PROP_CRL_SUBSTORE
           
static java.lang.String PROP_CRLDB_INC
           
static java.lang.String PROP_CRLEXT_SUBSTORE
           
static java.lang.String PROP_DBS_SUBSTORE
           
static java.lang.String PROP_DEF_VALIDITY
           
static java.lang.String PROP_ENABLE_ADMIN_ENROLL
           
static java.lang.String PROP_ENABLE_LDAP_PUBLISH
           
static java.lang.String PROP_ENABLE_OCSP
           
static java.lang.String PROP_ENABLE_PAST_CATIME
           
static java.lang.String PROP_ENABLE_PUBLISH
           
static java.lang.String PROP_EXPIREDCERTS_CLASS
           
static java.lang.String PROP_FAST_SIGNING
           
static java.lang.String PROP_GATEWAY
           
static java.lang.String PROP_ID
           
static java.lang.String PROP_IMPL
           
static java.lang.String PROP_INSTANCE
           
static java.lang.String PROP_ISSUER_NAME
           
static java.lang.String PROP_ISSUING_CLASS
           
static java.lang.String PROP_LDAP_PUBLISH_SUBSTORE
           
static java.lang.String PROP_LISTENER_SUBSTORE
           
static java.lang.String PROP_MASTER_CRL
           
static java.lang.String PROP_NOTIFY_SUBSTORE
           
static java.lang.String PROP_OCSP_SIGNING_SUBSTORE
           
static java.lang.String PROP_PLUGIN
           
static java.lang.String PROP_POLICY
           
static java.lang.String PROP_PUB_QUEUE_SUBSTORE
           
static java.lang.String PROP_PUBLISH_SUBSTORE
           
static java.lang.String PROP_REGISTRATION
           
static java.lang.String PROP_REQ_IN_Q_SUBSTORE
           
static java.lang.String PROP_SIGNING_SUBSTORE
           
static java.lang.String PROP_TYPE
           
static java.lang.String PROP_X509CERT_VERSION
           
 
Method Summary
 boolean addCRLIssuingPoint(IConfigStore crlSubStore, java.lang.String id, boolean enable, java.lang.String description)
          Adds CRL issuing point with the given identifier and description.
 void deleteCRLIssuingPoint(IConfigStore crlSubStore, java.lang.String id)
          Deletes CRL issuing point with the given identifier.
 netscape.security.x509.X509CertImpl getCACert()
          Retrieves the CA certificate.
 netscape.security.x509.CertificateChain getCACertChain()
          Retrieves the CA certificate chain.
 IService getCAService()
          Retrieves the CA service object that is responsible for processing requests.
 java.lang.String[] getCASigningAlgorithms()
          Retrieves the supported signing algorithms of this certificate authority.
 org.mozilla.jss.crypto.X509Certificate getCaX509Cert()
          Retrieves the CA certificate.
 ICertificateRepository getCertificateRepository()
          Retrieves the certificate repository where all the locally issued certificates are kept.
 IRequestListener getCertIssuedListener()
          Retrieves the request listener for issued certificates.
 IRequestListener getCertRevokedListener()
          Retrieves the request listener for revoked certificates.
 ICRLIssuingPoint getCRLIssuingPoint(java.lang.String id)
          Retrieves CRL issuing point with the given identifier.
 java.util.Enumeration getCRLIssuingPoints()
          Retrieves all the CRL issuing points.
 ICRLRepository getCRLRepository()
          Retrieves the CRL repository.
 ISigningUnit getCRLSigningUnit()
          Retrieves the signing unit that manages the CA signing key for signing CRL.
 netscape.security.x509.X500Name getCRLX500Name()
          Retrieves the issuer name of this certificate authority issuing point.
 java.lang.String getDefaultAlgorithm()
          Retrieves the default signing algorithm of this certificate authority.
 netscape.security.x509.CertificateVersion getDefaultCertVersion()
          Retrieves the default certificate version.
 org.mozilla.jss.crypto.SignatureAlgorithm getDefaultSignatureAlgorithm()
          Retrieves the default signature algorithm of this certificate authority.
 long getDefaultValidity()
          Retrieves the default validity period.
 java.lang.String getMaxSerial()
          Retrieves the last serial number that can be used for certificate issuance in this certificate authority.
 java.lang.String getNickname()
          Returns the nickname for the CA signing certificate.
 Nonces getNonces()
           
 long getNumOCSPRequest()
          Returns the in-memory count of the processed OCSP requests.
 long getOCSPRequestTotalTime()
          Returns the in-memory time (in mini-second) of the processed time for OCSP requests.
 ISigningUnit getOCSPSigningUnit()
          Retrieves the signing unit that manages the CA signing key for signing OCSP response.
 long getOCSPTotalData()
          Returns the total data signed for OCSP requests.
 long getOCSPTotalSignTime()
          Returns the in-memory time (in mini-second) of the signing time for OCSP requests.
 IPolicyProcessor getPolicyProcessor()
          Retrieves the policy processor of this certificate authority.
 IPublisherProcessor getPublisherProcessor()
          Retrieves the publishing processor of this certificate authority.
 IReplicaIDRepository getReplicaRepository()
          Retrieves the Replica ID repository.
 IRequestListener getRequestInQListener()
          Retrieves the request in queue listener.
 IRequestListener getRequestListener(java.lang.String name)
          Retrieves the request listener by name.
 java.util.Enumeration getRequestListenerNames()
          Retrieves all request listeners.
 IRequestNotifier getRequestNotifier()
          get request notifier
 IRequestQueue getRequestQueue()
          Retrieves the request queue of this certificate authority.
 ISigningUnit getSigningUnit()
          Retrieves the signing unit that manages the CA signing key for signing certificates.
 java.lang.String getStartSerial()
          Retrieves the next available serial number.
 netscape.security.x509.X500Name getX500Name()
          Retrieves the issuer name of this certificate authority.
 boolean isClone()
          Is this a clone CA?
 boolean isEnablePastCATime()
          Is this CA allowed to issue certificate that has longer validty than the CA's.
 void log(int level, java.lang.String msg)
          Logs a message to this certificate authority.
 boolean noncesEnabled()
           
 void publishCRLNow()
          Publishes the CRL immediately for MasterCRL issuing point if it exists.
 void registerRequestListener(IRequestListener listener)
          Registers a request listener.
 void registerRequestListener(java.lang.String name, IRequestListener listener)
          Registers a request listener.
 void setBasicConstraintMaxLen(int num)
          Sets the maximium path length in the basic constraint extension.
 void setDefaultAlgorithm(java.lang.String algorithm)
          Sets the default signing algorithm of this certificate authority.
 void setMaxSerial(java.lang.String serial)
          Sets the last serial number that can be used for certificate issuance in this certificate authority.
 void setStartSerial(java.lang.String serial)
          Sets the next available serial number.
 void setValidity(java.lang.String enableCAPast)
          Allows certificates to have validities that are longer than this certificate authority's.
 netscape.security.x509.X509CertImpl sign(netscape.security.x509.X509CertInfo certInfo, java.lang.String algname)
          Signs a X.509 certificate template.
 netscape.security.x509.X509CRLImpl sign(netscape.security.x509.X509CRLImpl crl, java.lang.String algname)
          Signs the given CRL with the specific algorithm.
 void updateCRLNow()
          Updates the CRL immediately for MasterCRL issuing point if it exists.
 
Methods inherited from interface com.netscape.certsrv.base.ISubsystem
getConfigStore, getId, init, setId, shutdown, startup
 

Field Detail

ID

static final java.lang.String ID
See Also:
Constant Field Values

PROP_CERTDB_INC

static final java.lang.String PROP_CERTDB_INC
See Also:
Constant Field Values

PROP_CRLDB_INC

static final java.lang.String PROP_CRLDB_INC
See Also:
Constant Field Values

PROP_REGISTRATION

static final java.lang.String PROP_REGISTRATION
See Also:
Constant Field Values

PROP_POLICY

static final java.lang.String PROP_POLICY
See Also:
Constant Field Values

PROP_GATEWAY

static final java.lang.String PROP_GATEWAY
See Also:
Constant Field Values

PROP_CLASS

static final java.lang.String PROP_CLASS
See Also:
Constant Field Values

PROP_TYPE

static final java.lang.String PROP_TYPE
See Also:
Constant Field Values

PROP_IMPL

static final java.lang.String PROP_IMPL
See Also:
Constant Field Values

PROP_PLUGIN

static final java.lang.String PROP_PLUGIN
See Also:
Constant Field Values

PROP_INSTANCE

static final java.lang.String PROP_INSTANCE
See Also:
Constant Field Values

PROP_LISTENER_SUBSTORE

static final java.lang.String PROP_LISTENER_SUBSTORE
See Also:
Constant Field Values

PROP_LDAP_PUBLISH_SUBSTORE

static final java.lang.String PROP_LDAP_PUBLISH_SUBSTORE
See Also:
Constant Field Values

PROP_PUBLISH_SUBSTORE

static final java.lang.String PROP_PUBLISH_SUBSTORE
See Also:
Constant Field Values

PROP_ENABLE_PUBLISH

static final java.lang.String PROP_ENABLE_PUBLISH
See Also:
Constant Field Values

PROP_ENABLE_LDAP_PUBLISH

static final java.lang.String PROP_ENABLE_LDAP_PUBLISH
See Also:
Constant Field Values

PROP_X509CERT_VERSION

static final java.lang.String PROP_X509CERT_VERSION
See Also:
Constant Field Values

PROP_ENABLE_PAST_CATIME

static final java.lang.String PROP_ENABLE_PAST_CATIME
See Also:
Constant Field Values

PROP_DEF_VALIDITY

static final java.lang.String PROP_DEF_VALIDITY
See Also:
Constant Field Values

PROP_FAST_SIGNING

static final java.lang.String PROP_FAST_SIGNING
See Also:
Constant Field Values

PROP_ENABLE_ADMIN_ENROLL

static final java.lang.String PROP_ENABLE_ADMIN_ENROLL
See Also:
Constant Field Values

PROP_CRL_SUBSTORE

static final java.lang.String PROP_CRL_SUBSTORE
See Also:
Constant Field Values

PROP_CRL_PAGE_SIZE

static final java.lang.String PROP_CRL_PAGE_SIZE
See Also:
Constant Field Values

PROP_MASTER_CRL

static final java.lang.String PROP_MASTER_CRL
See Also:
Constant Field Values

PROP_CRLEXT_SUBSTORE

static final java.lang.String PROP_CRLEXT_SUBSTORE
See Also:
Constant Field Values

PROP_ISSUING_CLASS

static final java.lang.String PROP_ISSUING_CLASS
See Also:
Constant Field Values

PROP_EXPIREDCERTS_CLASS

static final java.lang.String PROP_EXPIREDCERTS_CLASS
See Also:
Constant Field Values

PROP_NOTIFY_SUBSTORE

static final java.lang.String PROP_NOTIFY_SUBSTORE
See Also:
Constant Field Values

PROP_CERT_ISSUED_SUBSTORE

static final java.lang.String PROP_CERT_ISSUED_SUBSTORE
See Also:
Constant Field Values

PROP_CERT_REVOKED_SUBSTORE

static final java.lang.String PROP_CERT_REVOKED_SUBSTORE
See Also:
Constant Field Values

PROP_REQ_IN_Q_SUBSTORE

static final java.lang.String PROP_REQ_IN_Q_SUBSTORE
See Also:
Constant Field Values

PROP_PUB_QUEUE_SUBSTORE

static final java.lang.String PROP_PUB_QUEUE_SUBSTORE
See Also:
Constant Field Values

PROP_ISSUER_NAME

static final java.lang.String PROP_ISSUER_NAME
See Also:
Constant Field Values

PROP_CA_NAMES

static final java.lang.String PROP_CA_NAMES
See Also:
Constant Field Values

PROP_DBS_SUBSTORE

static final java.lang.String PROP_DBS_SUBSTORE
See Also:
Constant Field Values

PROP_SIGNING_SUBSTORE

static final java.lang.String PROP_SIGNING_SUBSTORE
See Also:
Constant Field Values

PROP_CA_CHAIN_NUM

static final java.lang.String PROP_CA_CHAIN_NUM
See Also:
Constant Field Values

PROP_CA_CHAIN

static final java.lang.String PROP_CA_CHAIN
See Also:
Constant Field Values

PROP_CA_CERT

static final java.lang.String PROP_CA_CERT
See Also:
Constant Field Values

PROP_ENABLE_OCSP

static final java.lang.String PROP_ENABLE_OCSP
See Also:
Constant Field Values

PROP_OCSP_SIGNING_SUBSTORE

static final java.lang.String PROP_OCSP_SIGNING_SUBSTORE
See Also:
Constant Field Values

PROP_CRL_SIGNING_SUBSTORE

static final java.lang.String PROP_CRL_SIGNING_SUBSTORE
See Also:
Constant Field Values

PROP_ID

static final java.lang.String PROP_ID
See Also:
Constant Field Values

PROP_CERTDB_TRANS_MAXRECORDS

static final java.lang.String PROP_CERTDB_TRANS_MAXRECORDS
See Also:
Constant Field Values

PROP_CERTDB_TRANS_PAGESIZE

static final java.lang.String PROP_CERTDB_TRANS_PAGESIZE
See Also:
Constant Field Values
Method Detail

getCertificateRepository

ICertificateRepository getCertificateRepository()
Retrieves the certificate repository where all the locally issued certificates are kept.

Returns:
CA's certificate repository

getRequestQueue

IRequestQueue getRequestQueue()
Retrieves the request queue of this certificate authority.

Returns:
CA's request queue

getPolicyProcessor

IPolicyProcessor getPolicyProcessor()
Retrieves the policy processor of this certificate authority.

Returns:
CA's policy processor

noncesEnabled

boolean noncesEnabled()

getNonces

Nonces getNonces()

getPublisherProcessor

IPublisherProcessor getPublisherProcessor()
Retrieves the publishing processor of this certificate authority.

Returns:
CA's publishing processor

getStartSerial

java.lang.String getStartSerial()
Retrieves the next available serial number.

Returns:
next available serial number

setStartSerial

void setStartSerial(java.lang.String serial)
                    throws EBaseException
Sets the next available serial number.

Parameters:
serial - next available serial number
Throws:
EBaseException - failed to set next available serial number

getMaxSerial

java.lang.String getMaxSerial()
Retrieves the last serial number that can be used for certificate issuance in this certificate authority.

Returns:
the last serial number

setMaxSerial

void setMaxSerial(java.lang.String serial)
                  throws EBaseException
Sets the last serial number that can be used for certificate issuance in this certificate authority.

Parameters:
serial - the last serial number
Throws:
EBaseException - failed to set the last serial number

getDefaultSignatureAlgorithm

org.mozilla.jss.crypto.SignatureAlgorithm getDefaultSignatureAlgorithm()
Retrieves the default signature algorithm of this certificate authority.

Returns:
the default signature algorithm of this CA

getDefaultAlgorithm

java.lang.String getDefaultAlgorithm()
Retrieves the default signing algorithm of this certificate authority.

Returns:
the default signing algorithm of this CA

setDefaultAlgorithm

void setDefaultAlgorithm(java.lang.String algorithm)
                         throws EBaseException
Sets the default signing algorithm of this certificate authority.

Parameters:
algorithm - new default signing algorithm
Throws:
EBaseException - failed to set the default signing algorithm

getCASigningAlgorithms

java.lang.String[] getCASigningAlgorithms()
Retrieves the supported signing algorithms of this certificate authority.

Returns:
the supported signing algorithms of this CA

setValidity

void setValidity(java.lang.String enableCAPast)
                 throws EBaseException
Allows certificates to have validities that are longer than this certificate authority's.

Parameters:
enableCAPast - if equals "true", it allows certificates to have validity longer than CA's certificate validity
Throws:
EBaseException - failed to set above option

getDefaultValidity

long getDefaultValidity()
Retrieves the default validity period.

Returns:
the default validity length in days

getCRLIssuingPoints

java.util.Enumeration getCRLIssuingPoints()
Retrieves all the CRL issuing points.

Returns:
enumeration of all the CRL issuing points

getCRLIssuingPoint

ICRLIssuingPoint getCRLIssuingPoint(java.lang.String id)
Retrieves CRL issuing point with the given identifier.

Parameters:
id - CRL issuing point id
Returns:
CRL issuing point with given id

addCRLIssuingPoint

boolean addCRLIssuingPoint(IConfigStore crlSubStore,
                           java.lang.String id,
                           boolean enable,
                           java.lang.String description)
Adds CRL issuing point with the given identifier and description.

Parameters:
crlSubStore - sub-store with all CRL issuing points
id - CRL issuing point id
description - CRL issuing point description
Returns:
true if CRL issuing point was successfully added

deleteCRLIssuingPoint

void deleteCRLIssuingPoint(IConfigStore crlSubStore,
                           java.lang.String id)
Deletes CRL issuing point with the given identifier.

Parameters:
crlSubStore - sub-store with all CRL issuing points
id - CRL issuing point id

getCRLRepository

ICRLRepository getCRLRepository()
Retrieves the CRL repository.

Returns:
CA's CRL repository

getReplicaRepository

IReplicaIDRepository getReplicaRepository()
Retrieves the Replica ID repository.

Returns:
CA's Replica ID repository

getRequestInQListener

IRequestListener getRequestInQListener()
Retrieves the request in queue listener.

Returns:
the request in queue listener

getRequestListenerNames

java.util.Enumeration getRequestListenerNames()
Retrieves all request listeners.

Returns:
name enumeration of all request listeners

getCertIssuedListener

IRequestListener getCertIssuedListener()
Retrieves the request listener for issued certificates.

Returns:
the request listener for issued certificates

getCertRevokedListener

IRequestListener getCertRevokedListener()
Retrieves the request listener for revoked certificates.

Returns:
the request listener for revoked certificates

getCACertChain

netscape.security.x509.CertificateChain getCACertChain()
Retrieves the CA certificate chain.

Returns:
the CA certificate chain

getCaX509Cert

org.mozilla.jss.crypto.X509Certificate getCaX509Cert()
Retrieves the CA certificate.

Returns:
the CA certificate

getCACert

netscape.security.x509.X509CertImpl getCACert()
Retrieves the CA certificate.

Returns:
the CA certificate

updateCRLNow

void updateCRLNow()
                  throws EBaseException
Updates the CRL immediately for MasterCRL issuing point if it exists.

Throws:
EBaseException - failed to create or publish CRL

publishCRLNow

void publishCRLNow()
                   throws EBaseException
Publishes the CRL immediately for MasterCRL issuing point if it exists.

Throws:
EBaseException - failed to publish CRL

getSigningUnit

ISigningUnit getSigningUnit()
Retrieves the signing unit that manages the CA signing key for signing certificates.

Returns:
the CA signing unit for certificates

getCRLSigningUnit

ISigningUnit getCRLSigningUnit()
Retrieves the signing unit that manages the CA signing key for signing CRL.

Returns:
the CA signing unit for CRLs

getOCSPSigningUnit

ISigningUnit getOCSPSigningUnit()
Retrieves the signing unit that manages the CA signing key for signing OCSP response.

Returns:
the CA signing unit for OCSP responses

setBasicConstraintMaxLen

void setBasicConstraintMaxLen(int num)
Sets the maximium path length in the basic constraint extension.

Parameters:
num - the maximium path length

isClone

boolean isClone()
Is this a clone CA?

Returns:
true if this is a clone CA

getRequestListener

IRequestListener getRequestListener(java.lang.String name)
Retrieves the request listener by name.

Parameters:
name - request listener name
Returns:
the request listener

getRequestNotifier

IRequestNotifier getRequestNotifier()
get request notifier


registerRequestListener

void registerRequestListener(IRequestListener listener)
Registers a request listener.

Parameters:
listener - request listener to be registered

registerRequestListener

void registerRequestListener(java.lang.String name,
                             IRequestListener listener)
Registers a request listener.

Parameters:
name - under request listener is going to be registered
listener - request listener to be registered

getX500Name

netscape.security.x509.X500Name getX500Name()
Retrieves the issuer name of this certificate authority.

Returns:
the issuer name of this certificate authority

getCRLX500Name

netscape.security.x509.X500Name getCRLX500Name()
Retrieves the issuer name of this certificate authority issuing point.

Returns:
the issuer name of this certificate authority issuing point

sign

netscape.security.x509.X509CRLImpl sign(netscape.security.x509.X509CRLImpl crl,
                                        java.lang.String algname)
                                        throws EBaseException
Signs the given CRL with the specific algorithm.

Parameters:
crl - CRL to be signed
algname - algorithm used for signing
Returns:
signed CRL
Throws:
EBaseException - failed to sign CRL

log

void log(int level,
         java.lang.String msg)
Logs a message to this certificate authority.

Parameters:
level - logging level
msg - logged message

getNickname

java.lang.String getNickname()
Returns the nickname for the CA signing certificate.

Returns:
the nickname for the CA signing certificate

sign

netscape.security.x509.X509CertImpl sign(netscape.security.x509.X509CertInfo certInfo,
                                         java.lang.String algname)
                                         throws EBaseException
Signs a X.509 certificate template.

Parameters:
certInfo - X.509 certificate template
algname - algorithm used for signing
Returns:
signed certificate
Throws:
EBaseException - failed to sign certificate

getDefaultCertVersion

netscape.security.x509.CertificateVersion getDefaultCertVersion()
Retrieves the default certificate version.

Returns:
the default version certificate

isEnablePastCATime

boolean isEnablePastCATime()
Is this CA allowed to issue certificate that has longer validty than the CA's.

Returns:
true if allows certificates to have validity longer than CA's

getCAService

IService getCAService()
Retrieves the CA service object that is responsible for processing requests.

Returns:
CA service object

getNumOCSPRequest

long getNumOCSPRequest()
Returns the in-memory count of the processed OCSP requests.

Returns:
number of processed OCSP requests in memory

getOCSPRequestTotalTime

long getOCSPRequestTotalTime()
Returns the in-memory time (in mini-second) of the processed time for OCSP requests.

Returns:
processed times for OCSP requests

getOCSPTotalSignTime

long getOCSPTotalSignTime()
Returns the in-memory time (in mini-second) of the signing time for OCSP requests.

Returns:
processed times for OCSP requests

getOCSPTotalData

long getOCSPTotalData()
Returns the total data signed for OCSP requests.

Returns:
processed times for OCSP requests