diff options
author | Ade Lee <alee@redhat.com> | 2012-01-11 12:57:53 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-01-11 13:49:04 -0500 |
commit | 10cfe7756e967ac91c66d33b392aeab9cf3780fb (patch) | |
tree | d5ac9b58442265d2ce5ef60e31f041ddacba1b4f /pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java | |
parent | edcb24f65cc3700e75d0a1d14dc2483f210b0ee4 (diff) | |
download | pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.tar.gz pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.tar.xz pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.zip |
Formatting (no line wrap in comments or code)
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java')
-rw-r--r-- | pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java | 180 |
1 files changed, 91 insertions, 89 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java index ab910b376..50a0e1a16 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java +++ b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - import java.io.IOException; import java.security.KeyPair; import java.security.cert.CertificateException; @@ -37,11 +36,10 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.common.NameValuePairs; - /** * This interface represents the cryptographics subsystem * that provides all the security related functions. - * + * * @version $Revision$, $Date$ */ public interface ICryptoSubsystem extends ISubsystem { @@ -51,7 +49,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves a list of nicknames of certificates that are * in the installed tokens. - * + * * @return a list of comma-separated nicknames * @exception EBaseException failed to retrieve nicknames */ @@ -59,7 +57,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves certificate in pretty-print format by the nickname. - * + * * @param nickname nickname of certificate * @param date not after of the returned certificate must be date * @param locale user locale @@ -67,50 +65,53 @@ public interface ICryptoSubsystem extends ISubsystem { * @exception EBaseException failed to retrieve certificate */ public String getCertPrettyPrint(String nickname, String date, - Locale locale) throws EBaseException; + Locale locale) throws EBaseException; + public String getRootCertTrustBit(String nickname, String serialno, - String issuerName) throws EBaseException; - public String getCertPrettyPrint(String nickname, String serialno, - String issuername, Locale locale) throws EBaseException; - public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, - String issuername, Locale locale) throws EBaseException; + String issuerName) throws EBaseException; + + public String getCertPrettyPrint(String nickname, String serialno, + String issuername, Locale locale) throws EBaseException; + + public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, + String issuername, Locale locale) throws EBaseException; /** * Retrieves the certificate in the pretty print format. - * + * * @param b64E certificate in mime-64 encoded format * @param locale end user locale * @return certificate in pretty-print format * @exception EBaseException failed to retrieve certificate */ - public String getCertPrettyPrint(String b64E, Locale locale) - throws EBaseException; + public String getCertPrettyPrint(String b64E, Locale locale) + throws EBaseException; /** * Imports certificate into the server. - * + * * @param b64E certificate in mime-64 encoded format * @param nickname nickname for the importing certificate * @param certType certificate type * @exception EBaseException failed to import certificate */ public void importCert(String b64E, String nickname, String certType) - throws EBaseException; + throws EBaseException; /** * Imports certificate into the server. - * + * * @param signedCert certificate * @param nickname nickname for the importing certificate * @param certType certificate type * @exception EBaseException failed to import certificate */ public void importCert(X509CertImpl signedCert, String nickname, - String certType) throws EBaseException; + String certType) throws EBaseException; /** * Generates a key pair based on the given parameters. - * + * * @param properties key parameters * @return key pair * @exception EBaseException failed to generate key pair @@ -119,7 +120,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves the key pair based on the given nickname. - * + * * @param nickname nickname of the public key * @exception EBaseException failed to retrieve key pair */ @@ -127,7 +128,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Generates a key pair based on the given parameters. - * + * * @param tokenName name of token where key is generated * @param alg key algorithm * @param keySize key size @@ -135,11 +136,11 @@ public interface ICryptoSubsystem extends ISubsystem { * @exception EBaseException failed to generate key pair */ public KeyPair getKeyPair(String tokenName, String alg, - int keySize) throws EBaseException; + int keySize) throws EBaseException; /** * Generates a key pair based on the given parameters. - * + * * @param tokenName name of token where key is generated * @param alg key algorithm * @param keySize key size @@ -148,11 +149,11 @@ public interface ICryptoSubsystem extends ISubsystem { * @exception EBaseException failed to generate key pair */ public KeyPair getKeyPair(String tokenName, String alg, - int keySize, PQGParams pqg) throws EBaseException; + int keySize, PQGParams pqg) throws EBaseException; /** * Generates an ECC key pair based on the given parameters. - * + * * @param properties key parameters * @return key pair * @exception EBaseException failed to generate key pair @@ -161,7 +162,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Generates an ECC key pair based on the given parameters. - * + * * @param token token name * @param curveName curve name * @param certType type of cert(sslserver etc..) @@ -173,16 +174,16 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves the signature algorithm of the certificate named * by the given nickname. - * + * * @param nickname nickname of the certificate * @return signature algorithm - * @exception EBaseException failed to retrieve signature + * @exception EBaseException failed to retrieve signature */ public String getSignatureAlgorithm(String nickname) throws EBaseException; /** * Checks if the given dn is a valid distinguished name. - * + * * @param dn distinguished name * @exception EBaseException failed to check */ @@ -192,7 +193,7 @@ public interface ICryptoSubsystem extends ISubsystem { * Retrieves CA's signing algorithm id. If it is DSA algorithm, * algorithm is constructed by reading the parameters * ca.dsaP, ca.dsaQ, ca.dsaG. - * + * * @param algname DSA or RSA * @param store configuration store. * @return algorithm id @@ -203,57 +204,57 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves subject name of the certificate that is identified by * the given nickname. - * + * * @param tokenname name of token where the nickname is valid * @param nickname nickname of the certificate * @return subject name * @exception EBaseException failed to get subject name */ public String getCertSubjectName(String tokenname, String nickname) - throws EBaseException; + throws EBaseException; /** * Retrieves extensions of the certificate that is identified by * the given nickname. - * + * * @param tokenname name of token where the nickname is valid * @param nickname nickname of the certificate * @return certificate extensions * @exception EBaseException failed to get extensions */ public CertificateExtensions getExtensions(String tokenname, String nickname - ) - throws EBaseException; + ) + throws EBaseException; /** * Deletes certificate of the given nickname. - * + * * @param nickname nickname of the certificate * @param pathname path where a copy of the deleted certificate is stored * @exception EBaseException failed to delete certificate */ - public void deleteTokenCertificate(String nickname, String pathname) - throws EBaseException; + public void deleteTokenCertificate(String nickname, String pathname) + throws EBaseException; /** * Delete certificate of the given nickname. - * + * * @param nickname nickname of the certificate - * @param notAfterTime The notAfter of the certificate. It - * is possible to ge t multiple certificates under - * the same nickname. If one of the certificates match - * the notAfterTime, then the certificate will get - * deleted. The format of the notAfterTime has to be - * in "MMMMM dd, yyyy HH:mm:ss" format. + * @param notAfterTime The notAfter of the certificate. It + * is possible to ge t multiple certificates under + * the same nickname. If one of the certificates match + * the notAfterTime, then the certificate will get + * deleted. The format of the notAfterTime has to be + * in "MMMMM dd, yyyy HH:mm:ss" format. * @exception EBaseException failed to delete certificate */ - public void deleteCert(String nickname, String notAfterTime) - throws EBaseException; + public void deleteCert(String nickname, String notAfterTime) + throws EBaseException; /** * Retrieves the subject DN of the certificate identified by * the nickname. - * + * * @param nickname nickname of the certificate * @return subject distinguished name * @exception EBaseException failed to retrieve subject DN @@ -262,19 +263,19 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Trusts a certificate for all available purposes. - * + * * @param nickname nickname of the certificate * @param date certificate's not before * @param trust "Trust" or other * @exception EBaseException failed to trust certificate */ - public void trustCert(String nickname, String date, String trust) - throws EBaseException; + public void trustCert(String nickname, String date, String trust) + throws EBaseException; /** * Checks if the given base-64 encoded string contains an extension * or a sequence of extensions. - * + * * @param ext extension or sequence of extension encoded in base-64 * @exception EBaseException failed to check encoding */ @@ -282,16 +283,17 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Gets all certificates on all tokens for Certificate Database Management. - * + * * @return all certificates * @exception EBaseException failed to retrieve certificates */ public NameValuePairs getAllCertsManage() throws EBaseException; + public NameValuePairs getUserCerts() throws EBaseException; /** * Gets all CA certificates on all tokens. - * + * * @return all CA certificates * @exception EBaseException failed to retrieve certificates */ @@ -300,17 +302,17 @@ public interface ICryptoSubsystem extends ISubsystem { public NameValuePairs getRootCerts() throws EBaseException; public void setRootCertTrust(String nickname, String serialno, - String issuername, String trust) throws EBaseException; + String issuername, String trust) throws EBaseException; public void deleteRootCert(String nickname, String serialno, - String issuername) throws EBaseException; + String issuername) throws EBaseException; public void deleteUserCert(String nickname, String serialno, - String issuername) throws EBaseException; + String issuername) throws EBaseException; /** * Retrieves PQG parameters based on key size. - * + * * @param keysize key size * @return pqg parameters */ @@ -318,91 +320,91 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves PQG parameters based on key size. - * + * * @param keysize key size * @param store configuration store * @return pqg parameters */ public PQGParams getCAPQG(int keysize, IConfigStore store) - throws EBaseException; + throws EBaseException; /** * Retrieves extensions of the certificate that is identified by * the given nickname. - * + * * @param tokenname token name * @param nickname nickname * @return certificate extensions */ public CertificateExtensions getCertExtensions(String tokenname, String nickname - ) - throws NotInitializedException, TokenException, ObjectNotFoundException, + ) + throws NotInitializedException, TokenException, ObjectNotFoundException, - IOException, CertificateException; + IOException, CertificateException; /** * Checks if the given token is logged in. - * + * * @param name token name * @return true if token is logged in - * @exception EBaseException failed to login + * @exception EBaseException failed to login */ public boolean isTokenLoggedIn(String name) throws EBaseException; /** * Logs into token. - * + * * @param tokenName name of the token * @param pwd token password * @exception EBaseException failed to login */ - public void loggedInToken(String tokenName, String pwd) - throws EBaseException; + public void loggedInToken(String tokenName, String pwd) + throws EBaseException; /** * Generates certificate request from the given key pair. - * + * * @param subjectName subject name to use in the request * @param kp key pair that contains public key material * @return certificate request in base-64 encoded format * @exception EBaseException failed to generate request */ public String getCertRequest(String subjectName, KeyPair kp) - throws EBaseException; + throws EBaseException; /** * Checks if fortezza is enabled. - * + * * @return "true" if fortezza is enabled */ public String isCipherFortezza() throws EBaseException; /** * Retrieves the SSL cipher version. - * + * * @return cipher version (i.e. "cipherdomestic") */ public String getCipherVersion() throws EBaseException; /** * Retrieves the cipher preferences. - * + * * @return cipher preferences (i.e. "rc4export,rc2export,...") */ public String getCipherPreferences() throws EBaseException; /** * Sets the current SSL cipher preferences. - * + * * @param cipherPrefs cipher preferences (i.e. "rc4export,rc2export,...") * @exception EBaseException failed to set cipher preferences */ public void setCipherPreferences(String cipherPrefs) - throws EBaseException; + throws EBaseException; /** * Retrieves a list of currently registered token names. - * + * * @return list of token names * @exception EBaseException failed to retrieve token list */ @@ -411,7 +413,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves all certificates. The result list will not * contain the token tag. - * + * * @param name token name * @return list of certificates without token tag * @exception EBaseException failed to retrieve @@ -420,7 +422,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves the token name of the internal (software) token. - * + * * @return the token name * @exception EBaseException failed to retrieve token name */ @@ -429,7 +431,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Checks to see if the certificate of the given nickname is a * CA certificate. - * + * * @param fullNickname nickname of the certificate to check * @return true if it is a CA certificate * @exception EBaseException failed to check @@ -438,27 +440,27 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Adds the specified number of bits of entropy from the system - * entropy generator to the RNG of the default PKCS#11 RNG token. + * entropy generator to the RNG of the default PKCS#11 RNG token. * The default token is set using the modutil command. - * Note that the system entropy generator (usually /dev/random) - * will block until sufficient entropy is collected. - * + * Note that the system entropy generator (usually /dev/random) + * will block until sufficient entropy is collected. + * * @param bits number of bits of entropy * @exception org.mozilla.jss.util.NotImplementedException If the Crypto device does not support - * adding entropy - * @exception TokenException If there was some other problem with the Crypto device - * @exception IOException If there was a problem reading from the /dev/random + * adding entropy + * @exception TokenException If there was some other problem with the Crypto device + * @exception IOException If there was a problem reading from the /dev/random */ public void addEntropy(int bits) - throws org.mozilla.jss.util.NotImplementedException, + throws org.mozilla.jss.util.NotImplementedException, IOException, TokenException; /** * Signs the certificate template into the given data and returns * a signed certificate. - * + * * @param data data that contains certificate template * @param certType certificate type * @param priKey CA signing key |