diff options
| author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-03-22 21:58:54 +0000 |
|---|---|---|
| committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-03-22 21:58:54 +0000 |
| commit | 154f27d2fc07bb7f3b70ea72483952fc442b310a (patch) | |
| tree | 03f8cd9b793d1fa136a14545b7ccd48acccf45ee /pki/base/common/src/com/netscape/certsrv | |
| parent | c089ef29c921947d1828b1932b5543789b4aa135 (diff) | |
| download | pki-154f27d2fc07bb7f3b70ea72483952fc442b310a.tar.gz pki-154f27d2fc07bb7f3b70ea72483952fc442b310a.tar.xz pki-154f27d2fc07bb7f3b70ea72483952fc442b310a.zip | |
Bugzilla Bug #522343 Add asynchronous key recovery mode
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1027 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv')
| -rw-r--r-- | pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java | 63 |
1 files changed, 62 insertions, 1 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java b/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java index e90a992df..5c2da2d08 100644 --- a/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java +++ b/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java @@ -43,6 +43,43 @@ public interface IKeyService { */ public int getNoOfRequiredAgents() throws EBaseException; + /** + * is async recovery request status APPROVED - + * i.e. all required # of recovery agents approved + * @param reqID request id + * @return true if # of recovery required agents approved; false otherwise + */ + public boolean isApprovedAsyncKeyRecovery(String reqID) + throws EBaseException; + + /** + * get async recovery request initiating agent + * @param reqID request id + * @return agentUID + */ + public String getInitAgentAsyncKeyRecovery(String reqID) + throws EBaseException; + + /** + * Initiate asynchronous key recovery + * @param kid key identifier + * @param cert certificate embedded in PKCS12 + * @return requestId + * @exception EBaseException failed to initiate async recovery + */ + public String initAsyncKeyRecovery(BigInteger kid, X509CertImpl cert, String agent) + throws EBaseException; + + /** + * add approving agent in asynchronous key recovery + * @param reqID request id + * @param agentID agent id + * @return requestId + * @exception EBaseException failed to initiate async recovery + */ + public void addAgentAsyncKeyRecovery(String reqID, String agentID) + throws EBaseException; + /** * Performs administrator-initiated key recovery. * @@ -56,7 +93,31 @@ public interface IKeyService { */ public byte[] doKeyRecovery(BigInteger kid, Credential creds[], String pwd, X509CertImpl cert, - String delivery, String nickname) throws EBaseException; + String delivery, String nickname, String agent) throws EBaseException; + + /** + * Async Recovers key for administrators. This method is + * invoked by the agent operation of the key recovery servlet. + * <P> + * + * <ul> + * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever + * a user private key recovery request is made (this is when the DRM + * receives the request) + * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED used whenever + * a user private key recovery request is processed (this is when the DRM + * processes the request) + * </ul> + * @param reqID request id + * @param password password of the PKCS12 package + * subsystem + * @exception EBaseException failed to recover key + * @return a byte array containing the key + */ + public byte[] doKeyRecovery( + String reqID, + String password) + throws EBaseException; /** * Retrieves recovery identifier. |