diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java')
-rw-r--r-- | pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java | 187 |
1 files changed, 96 insertions, 91 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java index 161328b9e..6f7a49615 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; + import java.util.Enumeration; import netscape.security.x509.CertificateChain; @@ -43,11 +44,12 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.IService; import com.netscape.certsrv.security.ISigningUnit; + /** - * An interface represents a Certificate Authority that is responsible for - * certificate specific operations. + * An interface represents a Certificate Authority that is + * responsible for certificate specific operations. * <P> - * + * * @version $Revision$, $Date$ */ public interface ICertificateAuthority extends ISubsystem { @@ -74,15 +76,18 @@ public interface ICertificateAuthority extends ISubsystem { public final static String PROP_ENABLE_PAST_CATIME = "enablePastCATime"; public final static String PROP_DEF_VALIDITY = "DefaultIssueValidity"; public final static String PROP_FAST_SIGNING = "fastSigning"; - public static final String PROP_ENABLE_ADMIN_ENROLL = "enableAdminEnroll"; + public static final String PROP_ENABLE_ADMIN_ENROLL = + "enableAdminEnroll"; public final static String PROP_CRL_SUBSTORE = "crl"; // make this public so agent gateway can access for now. public final static String PROP_CRL_PAGE_SIZE = "pageSize"; public final static String PROP_MASTER_CRL = "MasterCRL"; public final static String PROP_CRLEXT_SUBSTORE = "extension"; - public final static String PROP_ISSUING_CLASS = "com.netscape.cmscore.ca.CRLIssuingPoint"; - public final static String PROP_EXPIREDCERTS_CLASS = "com.netscape.cmscore.ca.CRLWithExpiredCerts"; + public final static String PROP_ISSUING_CLASS = + "com.netscape.cmscore.ca.CRLIssuingPoint"; + public final static String PROP_EXPIREDCERTS_CLASS = + "com.netscape.cmscore.ca.CRLWithExpiredCerts"; public final static String PROP_NOTIFY_SUBSTORE = "notification"; public final static String PROP_CERT_ISSUED_SUBSTORE = "certIssued"; @@ -103,68 +108,67 @@ public interface ICertificateAuthority extends ISubsystem { public final static String PROP_ID = "id"; public final static String PROP_CERTDB_TRANS_MAXRECORDS = "transitMaxRecords"; - public final static String PROP_CERTDB_TRANS_PAGESIZE = "transitRecordPageSize"; + public final static String PROP_CERTDB_TRANS_PAGESIZE = "transitRecordPageSize"; /** - * Retrieves the certificate repository where all the locally issued - * certificates are kept. - * + * Retrieves the certificate repository where all the locally + * issued certificates are kept. + * * @return CA's certificate repository */ public ICertificateRepository getCertificateRepository(); /** * Retrieves the request queue of this certificate authority. - * + * * @return CA's request queue */ public IRequestQueue getRequestQueue(); /** * Retrieves the policy processor of this certificate authority. - * + * * @return CA's policy processor */ public IPolicyProcessor getPolicyProcessor(); public boolean noncesEnabled(); - - public Nonces getNonces(); + public Nonces getNonces(); /** * Retrieves the publishing processor of this certificate authority. - * + * * @return CA's publishing processor */ public IPublisherProcessor getPublisherProcessor(); /** * Retrieves the next available serial number. - * + * * @return next available serial number */ public String getStartSerial(); /** * Sets the next available serial number. - * + * * @param serial next available serial number * @exception EBaseException failed to set next available serial number */ public void setStartSerial(String serial) throws EBaseException; /** - * Retrieves the last serial number that can be used for certificate - * issuance in this certificate authority. - * + * Retrieves the last serial number that can be used for + * certificate issuance in this certificate authority. + * * @return the last serial number */ public String getMaxSerial(); /** - * Sets the last serial number that can be used for certificate issuance in - * this certificate authority. - * + * Sets the last serial number that can be used for + * certificate issuance in this certificate authority. + * * @param serial the last serial number * @exception EBaseException failed to set the last serial number */ @@ -172,21 +176,21 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the default signature algorithm of this certificate authority. - * + * * @return the default signature algorithm of this CA */ public SignatureAlgorithm getDefaultSignatureAlgorithm(); /** * Retrieves the default signing algorithm of this certificate authority. - * + * * @return the default signing algorithm of this CA */ public String getDefaultAlgorithm(); /** * Sets the default signing algorithm of this certificate authority. - * + * * @param algorithm new default signing algorithm * @exception EBaseException failed to set the default signing algorithm */ @@ -194,38 +198,38 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the supported signing algorithms of this certificate authority. - * + * * @return the supported signing algorithms of this CA */ public String[] getCASigningAlgorithms(); /** - * Allows certificates to have validities that are longer than this - * certificate authority's. - * - * @param enableCAPast if equals "true", it allows certificates to have - * validity longer than CA's certificate validity + * Allows certificates to have validities that are longer + * than this certificate authority's. + * + * @param enableCAPast if equals "true", it allows certificates + * to have validity longer than CA's certificate validity * @exception EBaseException failed to set above option */ - public void setValidity(String enableCAPast) throws EBaseException; + public void setValidity(String enableCAPast) throws EBaseException; /** * Retrieves the default validity period. - * + * * @return the default validity length in days */ public long getDefaultValidity(); /** * Retrieves all the CRL issuing points. - * + * * @return enumeration of all the CRL issuing points */ public Enumeration getCRLIssuingPoints(); /** * Retrieves CRL issuing point with the given identifier. - * + * * @param id CRL issuing point id * @return CRL issuing point with given id */ @@ -233,18 +237,18 @@ public interface ICertificateAuthority extends ISubsystem { /** * Adds CRL issuing point with the given identifier and description. - * + * * @param crlSubStore sub-store with all CRL issuing points * @param id CRL issuing point id * @param description CRL issuing point description * @return true if CRL issuing point was successfully added */ public boolean addCRLIssuingPoint(IConfigStore crlSubStore, String id, - boolean enable, String description); + boolean enable, String description); /** * Deletes CRL issuing point with the given identifier. - * + * * @param crlSubStore sub-store with all CRL issuing points * @param id CRL issuing point id */ @@ -252,122 +256,122 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the CRL repository. - * + * * @return CA's CRL repository */ public ICRLRepository getCRLRepository(); /** * Retrieves the Replica ID repository. - * + * * @return CA's Replica ID repository */ public IReplicaIDRepository getReplicaRepository(); /** * Retrieves the request in queue listener. - * + * * @return the request in queue listener */ public IRequestListener getRequestInQListener(); /** * Retrieves all request listeners. - * + * * @return name enumeration of all request listeners */ public Enumeration getRequestListenerNames(); /** * Retrieves the request listener for issued certificates. - * + * * @return the request listener for issued certificates */ public IRequestListener getCertIssuedListener(); /** * Retrieves the request listener for revoked certificates. - * + * * @return the request listener for revoked certificates */ public IRequestListener getCertRevokedListener(); /** * Retrieves the CA certificate chain. - * + * * @return the CA certificate chain */ - public CertificateChain getCACertChain(); + public CertificateChain getCACertChain(); /** * Retrieves the CA certificate. - * + * * @return the CA certificate */ public org.mozilla.jss.crypto.X509Certificate getCaX509Cert(); /** * Retrieves the CA certificate. - * + * * @return the CA certificate */ public X509CertImpl getCACert(); /** * Updates the CRL immediately for MasterCRL issuing point if it exists. - * + * * @exception EBaseException failed to create or publish CRL */ public void updateCRLNow() throws EBaseException; /** * Publishes the CRL immediately for MasterCRL issuing point if it exists. - * + * * @exception EBaseException failed to publish CRL */ public void publishCRLNow() throws EBaseException; /** - * Retrieves the signing unit that manages the CA signing key for signing - * certificates. - * + * Retrieves the signing unit that manages the CA signing key for + * signing certificates. + * * @return the CA signing unit for certificates */ public ISigningUnit getSigningUnit(); /** - * Retrieves the signing unit that manages the CA signing key for signing - * CRL. - * + * Retrieves the signing unit that manages the CA signing key for + * signing CRL. + * * @return the CA signing unit for CRLs */ public ISigningUnit getCRLSigningUnit(); /** - * Retrieves the signing unit that manages the CA signing key for signing - * OCSP response. - * + * Retrieves the signing unit that manages the CA signing key for + * signing OCSP response. + * * @return the CA signing unit for OCSP responses */ public ISigningUnit getOCSPSigningUnit(); /** * Sets the maximium path length in the basic constraint extension. - * + * * @param num the maximium path length */ public void setBasicConstraintMaxLen(int num); /** * Is this a clone CA? - * + * * @return true if this is a clone CA */ public boolean isClone(); /** * Retrieves the request listener by name. - * + * * @param name request listener name * @return the request listener */ @@ -377,17 +381,17 @@ public interface ICertificateAuthority extends ISubsystem { * get request notifier */ public IRequestNotifier getRequestNotifier(); - + /** * Registers a request listener. - * + * * @param listener request listener to be registered */ public void registerRequestListener(IRequestListener listener); /** * Registers a request listener. - * + * * @param name under request listener is going to be registered * @param listener request listener to be registered */ @@ -395,32 +399,32 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the issuer name of this certificate authority. - * + * * @return the issuer name of this certificate authority */ public X500Name getX500Name(); /** * Retrieves the issuer name of this certificate authority issuing point. - * + * * @return the issuer name of this certificate authority issuing point */ - public X500Name getCRLX500Name(); + public X500Name getCRLX500Name(); /** * Signs the given CRL with the specific algorithm. - * + * * @param crl CRL to be signed * @param algname algorithm used for signing * @return signed CRL * @exception EBaseException failed to sign CRL */ public X509CRLImpl sign(X509CRLImpl crl, String algname) - throws EBaseException; + throws EBaseException; /** * Logs a message to this certificate authority. - * + * * @param level logging level * @param msg logged message */ @@ -428,71 +432,72 @@ public interface ICertificateAuthority extends ISubsystem { /** * Returns the nickname for the CA signing certificate. - * + * * @return the nickname for the CA signing certificate */ public String getNickname(); /** * Signs a X.509 certificate template. - * + * * @param certInfo X.509 certificate template * @param algname algorithm used for signing * @return signed certificate * @exception EBaseException failed to sign certificate */ public X509CertImpl sign(X509CertInfo certInfo, String algname) - throws EBaseException; + throws EBaseException; /** * Retrieves the default certificate version. - * + * * @return the default version certificate */ public CertificateVersion getDefaultCertVersion(); /** - * Is this CA allowed to issue certificate that has longer validty than the - * CA's. - * + * Is this CA allowed to issue certificate that has longer + * validty than the CA's. + * * @return true if allows certificates to have validity longer than CA's */ public boolean isEnablePastCATime(); /** - * Retrieves the CA service object that is responsible for processing - * requests. - * + * Retrieves the CA service object that is responsible for + * processing requests. + * * @return CA service object */ public IService getCAService(); /** * Returns the in-memory count of the processed OCSP requests. - * + * * @return number of processed OCSP requests in memory */ public long getNumOCSPRequest(); /** - * Returns the in-memory time (in mini-second) of the processed time for - * OCSP requests. - * + * Returns the in-memory time (in mini-second) of + * the processed time for OCSP requests. + * * @return processed times for OCSP requests */ public long getOCSPRequestTotalTime(); /** - * Returns the in-memory time (in mini-second) of the signing time for OCSP - * requests. - * + * Returns the in-memory time (in mini-second) of + * the signing time for OCSP requests. + * * @return processed times for OCSP requests */ public long getOCSPTotalSignTime(); /** - * Returns the total data signed for OCSP requests. - * + * Returns the total data signed + * for OCSP requests. + * * @return processed times for OCSP requests */ public long getOCSPTotalData(); |