diff options
Diffstat (limited to 'base/common/src/com/netscape/certsrv/security/ISigningUnit.java')
-rw-r--r-- | base/common/src/com/netscape/certsrv/security/ISigningUnit.java | 164 |
1 files changed, 164 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/certsrv/security/ISigningUnit.java b/base/common/src/com/netscape/certsrv/security/ISigningUnit.java new file mode 100644 index 000000000..7fbed0b6c --- /dev/null +++ b/base/common/src/com/netscape/certsrv/security/ISigningUnit.java @@ -0,0 +1,164 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.security; + +import java.security.PublicKey; + +import netscape.security.x509.X509CertImpl; + +import org.mozilla.jss.crypto.SignatureAlgorithm; +import org.mozilla.jss.crypto.X509Certificate; + +import com.netscape.certsrv.base.EBaseException; + +/** + * A class represents the signing unit which is + * capable of signing data. + * + * @version $Revision$, $Date$ + */ +public interface ISigningUnit { + + public static final String PROP_DEFAULT_SIGNALG = "defaultSigningAlgorithm"; + public static final String PROP_CERT_NICKNAME = "cacertnickname"; + // This signing unit is being used in OCSP and CRL also. So + // it is better to have a more generic name + public static final String PROP_RENAMED_CERT_NICKNAME = "certnickname"; + public static final String PROP_TOKEN_NAME = "tokenname"; + public static final String PROP_NEW_NICKNAME = "newNickname"; + + /** + * Retrieves the nickname of the signing certificate. + */ + public String getNickname(); + + /** + * Retrieves the new nickname in the renewal process. + * + * @return new nickname + * @exception EBaseException failed to get new nickname + */ + public String getNewNickName() throws EBaseException; + + /** + * Sets new nickname of the signing certificate. + * + * @param name nickname + */ + public void setNewNickName(String name); + + /** + * Retrieves the signing certificate. + * + * @return signing certificate + */ + public X509Certificate getCert(); + + /** + * Retrieves the signing certificate. + * + * @return signing certificate + */ + public X509CertImpl getCertImpl(); + + /** + * Signs the given data in specific algorithm. + * + * @param data data to be signed + * @param algname signing algorithm to be used + * @return signed data + * @exception EBaseException failed to sign + */ + public byte[] sign(byte[] data, String algname) + throws EBaseException; + + /** + * Verifies the signed data. + * + * @param data signed data + * @param signature signature + * @param algname signing algorithm + * @return true if verification is good + * @exception EBaseException failed to verify + */ + public boolean verify(byte[] data, byte[] signature, String algname) + throws EBaseException; + + /** + * Retrieves the default algorithm. + * + * @return default signing algorithm + */ + public SignatureAlgorithm getDefaultSignatureAlgorithm(); + + /** + * Retrieves the default algorithm name. + * + * @return default signing algorithm name + */ + public String getDefaultAlgorithm(); + + /** + * Set default signing algorithm. + * + * @param algorithm signing algorithm + * @exception EBaseException failed to set default signing algorithm + */ + public void setDefaultAlgorithm(String algorithm) throws EBaseException; + + /** + * Retrieves all supported signing algorithm of this unit. + * + * @return a list of signing algorithms + * @exception EBaseException failed to list + */ + public String[] getAllAlgorithms() throws EBaseException; + + /** + * Retrieves the token name of this unit. + * + * @return token name + * @exception EBaseException failed to retrieve name + */ + public String getTokenName() throws EBaseException; + + /** + * Updates new nickname and tokename in the configuration file. + * + * @param nickname new nickname + * @param tokenname new tokenname + */ + public void updateConfig(String nickname, String tokenname); + + /** + * Checks if the given algorithm name is supported. + * + * @param algname algorithm name + * @return signing algorithm + * @exception EBaseException failed to check signing algorithm + */ + public SignatureAlgorithm checkSigningAlgorithmFromName(String algname) + throws EBaseException; + + /** + * Retrieves the public key associated in this unit. + * + * @return public key + */ + public PublicKey getPublicKey(); +} |