diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv/ca')
8 files changed, 0 insertions, 1439 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java b/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java deleted file mode 100644 index dfb72d57d..000000000 --- a/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java +++ /dev/null @@ -1,42 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.certsrv.ca; - -import java.util.ListResourceBundle; - -/** - * A class represents a resource bundle for CA subsystem. - * <P> - * - * @version $Revision$ $Date$ - */ -public class CAResources extends ListResourceBundle { - - /** - * Returns the content of this resource. - */ - public Object[][] getContents() { - return contents; - } - - /** - * Constants. The suffix represents the number of - * possible parameters. - */ - static final Object[][] contents = {}; -} diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java b/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java deleted file mode 100644 index a530b08a5..000000000 --- a/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java +++ /dev/null @@ -1,91 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.certsrv.ca; - -import com.netscape.certsrv.base.EBaseException; - -/** - * A class represents a CA exception. - * <P> - * - * @version $Revision$, $Date$ - */ -public class ECAException extends EBaseException { - - /** - * - */ - private static final long serialVersionUID = -2963412888833532478L; - /** - * CA resource class name. - */ - private static final String CA_RESOURCES = CAResources.class.getName(); - - /** - * Constructs a CA exception. - * <P> - * - * @param msgFormat constant from CAResources. - */ - public ECAException(String msgFormat) { - super(msgFormat); - } - - /** - * Constructs a CA exception. - * <P> - * - * @param msgFormat constant from CAResources. - * @param param additional parameters to the message. - */ - public ECAException(String msgFormat, String param) { - super(msgFormat, param); - } - - /** - * Constructs a CA exception. - * <P> - * - * @param msgFormat constant from CAResources. - * @param e embedded exception. - */ - public ECAException(String msgFormat, Exception e) { - super(msgFormat, e); - } - - /** - * Constructs a CA exception. - * <P> - * - * @param msgFormat constant from CAResources. - * @param params additional parameters to the message. - */ - public ECAException(String msgFormat, Object params[]) { - super(msgFormat, params); - } - - /** - * Returns the bundle file name. - * <P> - * - * @return name of bundle class associated with this exception. - */ - protected String getBundleName() { - return CA_RESOURCES; - } -} diff --git a/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java b/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java deleted file mode 100644 index b4c10a0c5..000000000 --- a/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java +++ /dev/null @@ -1,42 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.certsrv.ca; - -/** - * A class represents a CA exception associated with publishing error. - * <P> - * - * @version $Revision$ $Date$ - */ -public class EErrorPublishCRL extends ECAException { - - /** - * - */ - private static final long serialVersionUID = -5773392283237284399L; - - /** - * Constructs a CA exception caused by publishing error. - * <P> - * - * @param errorString Detailed error message. - */ - public EErrorPublishCRL(String errorString) { - super(errorString); - } -} diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java b/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java deleted file mode 100644 index 1edebcc8b..000000000 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java +++ /dev/null @@ -1,90 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.certsrv.ca; - -import netscape.security.x509.RevokedCertImpl; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.connector.IConnector; -import com.netscape.certsrv.request.IRequest; - -/** - * An interface representing a CA request services. - * <P> - * - * @version $Revision$, $Date$ - */ -public interface ICAService { - - /** - * Marks certificate record as revoked by adding revocation information. - * Updates CRL cache. - * - * @param crlentry revocation information obtained from revocation request - * @exception EBaseException failed to mark certificate record as revoked - */ - public void revokeCert(RevokedCertImpl crlentry) - throws EBaseException; - - /** - * Marks certificate record as revoked by adding revocation information. - * Updates CRL cache. - * - * @param crlentry revocation information obtained from revocation request - * @param requestId revocation request id - * @exception EBaseException failed to mark certificate record as revoked - */ - public void revokeCert(RevokedCertImpl crlentry, String requestId) - throws EBaseException; - - /** - * Issues certificate base on enrollment information, - * creates certificate record, and stores all necessary data. - * - * @param certi information obtain from revocation request - * @exception EBaseException failed to issue certificate or create certificate record - */ - public X509CertImpl issueX509Cert(X509CertInfo certi) - throws EBaseException; - - public X509CertImpl issueX509Cert(X509CertInfo certi, String profileId, String rid) - throws EBaseException; - - /** - * Services profile request. - * - * @param request profile enrollment request information - * @exception EBaseException failed to service profile enrollment request - */ - public void serviceProfileRequest(IRequest request) - throws EBaseException; - - /** - * Returns KRA-CA connector. - * - * @return KRA-CA connector - */ - public IConnector getKRAConnector(); - - public void setKRAConnector(IConnector c); - - public IConnector getConnector(IConfigStore cs) throws EBaseException; -} diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java deleted file mode 100644 index b3e94d02e..000000000 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java +++ /dev/null @@ -1,72 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.certsrv.ca; - -import netscape.security.x509.Extension; - -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; - -/** - * An interface representing a CRL extension plugin. - * <P> - * - * @version $Revision$, $Date$ - */ -public interface ICMSCRLExtension { - - /** - * Returns CRL extension OID string. - * - * @return OID of CRL extension - */ - public String getCRLExtOID(); - - /** - * Sets extension criticality and returns extension - * with new criticality. - * - * @param ext CRL extension that will change criticality - * @param critical new criticality to be assigned to CRL extension - * @return extension with new criticality - */ - Extension setCRLExtensionCriticality(Extension ext, - boolean critical); - - /** - * Builds new CRL extension based on configuration data, - * issuing point information, and criticality. - * - * @param config configuration store - * @param crlIssuingPoint CRL issuing point - * @param critical criticality to be assigned to CRL extension - * @return extension new CRL extension - */ - Extension getCRLExtension(IConfigStore config, - Object crlIssuingPoint, - boolean critical); - - /** - * Reads configuration data and converts them to name value pairs. - * - * @param config configuration store - * @param nvp name value pairs obtained from configuration data - */ - public void getConfigParams(IConfigStore config, - NameValuePairs nvp); -} diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java deleted file mode 100644 index 6fa520fbf..000000000 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java +++ /dev/null @@ -1,56 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.certsrv.ca; - -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; - -/** - * An interface representing a list of CRL extensions. - * <P> - * - * @version $Revision$, $Date$ - */ -public interface ICMSCRLExtensions { - - /** - * Updates configuration store for extension identified by id - * with data delivered in name value pairs. - * - * @param id extension id - * @param nvp name value pairs with new configuration data - * @param config configuration store - */ - public void setConfigParams(String id, NameValuePairs nvp, IConfigStore config); - - /** - * Reads configuration data and returns them as name value pairs. - * - * @param id extension id - * @return name value pairs with configuration data - */ - public NameValuePairs getConfigParams(String id); - - /** - * Returns class name with its path. - * - * @param name extension id - * @return class name with its path - */ - public String getClassPath(String name); -} diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java b/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java deleted file mode 100644 index f317db9b1..000000000 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java +++ /dev/null @@ -1,543 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.certsrv.ca; - -import java.math.BigInteger; -import java.util.Date; -import java.util.Set; -import java.util.Vector; - -import netscape.security.x509.CRLExtensions; -import netscape.security.x509.RevokedCertImpl; -import netscape.security.x509.RevokedCertificate; -import netscape.security.x509.X509CRLImpl; - -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.base.ISubsystem; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.dbs.IElementProcessor; - -/** - * This class encapsulates CRL issuing mechanism. CertificateAuthority - * contains a map of CRLIssuingPoint indexed by string ids. Each issuing - * point contains information about CRL issuing and publishing parameters - * as well as state information which includes last issued CRL, next CRL - * serial number, time of the next update etc. - * If autoUpdateInterval is set to non-zero value then worker thread - * is created that will perform CRL update at scheduled intervals. Update - * can also be triggered by invoking updateCRL method directly. Another - * parameter minUpdateInterval can be used to prevent CRL - * from being updated too often - * - * @version $Revision$, $Date$ - */ - -public interface ICRLIssuingPoint { - - public static final String PROP_PUBLISH_DN = "publishDN"; - public static final String PROP_PUBLISH_ON_START = "publishOnStart"; - public static final String PROP_MIN_UPDATE_INTERVAL = "minUpdateInterval"; - public static final String PROP_BEGIN_SERIAL = "crlBeginSerialNo"; - public static final String PROP_END_SERIAL = "crlEndSerialNo"; - - public static final String SC_ISSUING_POINT_ID = "issuingPointId"; - public static final String SC_IS_DELTA_CRL = "isDeltaCRL"; - public static final String SC_CRL_COUNT = "crlCount"; - - /** - * for manual updates - requested by agent - */ - public static final int CRL_UPDATE_DONE = 0; - public static final int CRL_UPDATE_STARTED = 1; - public static final int CRL_PUBLISHING_STARTED = 2; - - public static final int CRL_IP_NOT_INITIALIZED = 0; - public static final int CRL_IP_INITIALIZED = 1; - public static final int CRL_IP_INITIALIZATION_FAILED = -1; - - /** - * Returns true if CRL issuing point is enabled. - * - * @return true if CRL issuing point is enabled - */ - public boolean isCRLIssuingPointEnabled(); - - /** - * Returns true if CRL generation is enabled. - * - * @return true if CRL generation is enabled - */ - public boolean isCRLGenerationEnabled(); - - /** - * Enables or disables CRL issuing point according to parameter. - * - * @param enable if true enables CRL issuing point - */ - public void enableCRLIssuingPoint(boolean enable); - - /** - * Returns CRL update status. - * - * @return CRL update status - */ - public String getCrlUpdateStatusStr(); - - /** - * Returns CRL update error. - * - * @return CRL update error - */ - public String getCrlUpdateErrorStr(); - - /** - * Returns CRL publishing status. - * - * @return CRL publishing status - */ - public String getCrlPublishStatusStr(); - - /** - * Returns CRL publishing error. - * - * @return CRL publishing error - */ - public String getCrlPublishErrorStr(); - - /** - * Returns CRL issuing point initialization status. - * - * @return status of CRL issuing point initialization - */ - public int isCRLIssuingPointInitialized(); - - /** - * Checks if manual update is set. - * - * @return true if manual update is set - */ - public boolean isManualUpdateSet(); - - /** - * Checks if expired certificates are included in CRL. - * - * @return true if expired certificates are included in CRL - */ - public boolean areExpiredCertsIncluded(); - - /** - * Checks if CRL includes CA certificates only. - * - * @return true if CRL includes CA certificates only - */ - public boolean isCACertsOnly(); - - /** - * Checks if CRL includes profile certificates only. - * - * @return true if CRL includes profile certificates only - */ - public boolean isProfileCertsOnly(); - - /** - * Checks if CRL issuing point includes this profile. - * - * @return true if CRL issuing point includes this profile - */ - public boolean checkCurrentProfile(String id); - - /** - * Initializes CRL issuing point. - * - * @param ca certificate authority that holds CRL issuing point - * @param id CRL issuing point id - * @param config configuration sub-store for CRL issuing point - * @exception EBaseException thrown if initialization failed - */ - public void init(ISubsystem ca, String id, IConfigStore config) - throws EBaseException; - - /** - * This method is called during shutdown. - * It updates CRL cache and stops thread controlling CRL updates. - */ - public void shutdown(); - - /** - * Returns internal id of this CRL issuing point. - * - * @return internal id of this CRL issuing point - */ - public String getId(); - - /** - * Returns internal description of this CRL issuing point. - * - * @return internal description of this CRL issuing point - */ - public String getDescription(); - - /** - * Sets internal description of this CRL issuing point. - * - * @param description description for this CRL issuing point. - */ - public void setDescription(String description); - - /** - * Returns DN of the directory entry where CRLs from this issuing point - * are published. - * - * @return DN of the directory entry where CRLs are published. - */ - public String getPublishDN(); - - /** - * Returns signing algorithm. - * - * @return signing algorithm - */ - public String getSigningAlgorithm(); - - /** - * Returns signing algorithm used in last signing operation.. - * - * @return last signing algorithm - */ - public String getLastSigningAlgorithm(); - - /** - * Returns current CRL generation schema for this CRL issuing point. - * <P> - * - * @return current CRL generation schema for this CRL issuing point - */ - public int getCRLSchema(); - - /** - * Returns current CRL number of this CRL issuing point. - * - * @return current CRL number of this CRL issuing point - */ - public BigInteger getCRLNumber(); - - /** - * Returns current delta CRL number of this CRL issuing point. - * <P> - * - * @return current delta CRL number of this CRL issuing point - */ - public BigInteger getDeltaCRLNumber(); - - /** - * Returns next CRL number of this CRL issuing point. - * - * @return next CRL number of this CRL issuing point - */ - public BigInteger getNextCRLNumber(); - - /** - * Returns number of entries in the current CRL. - * - * @return number of entries in the current CRL - */ - public long getCRLSize(); - - /** - * Returns number of entries in delta CRL - * - * @return number of entries in delta CRL - */ - public long getDeltaCRLSize(); - - /** - * Returns time of the last update. - * - * @return last CRL update time - */ - public Date getLastUpdate(); - - /** - * Returns time of the next update. - * - * @return next CRL update time - */ - public Date getNextUpdate(); - - /** - * Returns time of the next delta CRL update. - * - * @return next delta CRL update time - */ - public Date getNextDeltaUpdate(); - - /** - * Returns all the revoked certificates from the CRL cache. - * - * @param start first requested CRL entry - * @param end next after last requested CRL entry - * @return set of all the revoked certificates or null if there are none. - */ - public Set<RevokedCertificate> getRevokedCertificates(int start, int end); - - /** - * Returns certificate authority. - * - * @return certificate authority - */ - public ISubsystem getCertificateAuthority(); - - /** - * Schedules immediate CRL manual-update - * and sets signature algorithm to be used for signing. - * - * @param signatureAlgorithm signature algorithm to be used for signing - */ - public void setManualUpdate(String signatureAlgorithm); - - /** - * Returns auto update interval in milliseconds. - * - * @return auto update interval in milliseconds - */ - public long getAutoUpdateInterval(); - - /** - * Returns true if CRL is updated for every change - * of revocation status of any certificate. - * - * @return true if CRL update is always triggered by revocation operation - */ - public boolean getAlwaysUpdate(); - - /** - * Returns next update grace period in minutes. - * - * @return next update grace period in minutes - */ - public long getNextUpdateGracePeriod(); - - /** - * Returns filter used to build CRL based on information stored - * in local directory. - * - * @return filter used to search local directory - */ - public String getFilter(); - - /** - * Builds a list of revoked certificates to put them into CRL. - * Calls certificate record processor to get necessary data - * from certificate records. - * This also regenerates CRL cache. - * - * @param cp certificate record processor - * @exception EBaseException if an error occurred in the database. - */ - public void processRevokedCerts(IElementProcessor cp) - throws EBaseException; - - /** - * Returns date of revoked certificate or null - * if certificated is not listed as revoked. - * - * @param serialNumber serial number of certificate to be checked - * @param checkDeltaCache true if delta CRL cache suppose to be - * included in checking process - * @param includeExpiredCerts true if delta CRL cache with expired - * certificates suppose to be included in checking process - * @return date of revoked certificate or null - */ - public Date getRevocationDateFromCache(BigInteger serialNumber, - boolean checkDeltaCache, - boolean includeExpiredCerts); - - /** - * Returns split times from CRL generation. - * - * @return split times from CRL generation in milliseconds - */ - public Vector<Long> getSplitTimes(); - - /** - * Generates CRL now based on cache or local directory if cache - * is not available. It also publishes CRL if it is required. - * - * @param signingAlgorithm signing algorithm to be used for CRL signing - * @exception EBaseException if an error occurred during - * CRL generation or publishing - */ - public void updateCRLNow(String signingAlgorithm) - throws EBaseException; - - /** - * Clears CRL cache - */ - public void clearCRLCache(); - - /** - * Clears delta-CRL cache - */ - public void clearDeltaCRLCache(); - - /** - * Returns number of recently revoked certificates. - * - * @return number of recently revoked certificates - */ - public int getNumberOfRecentlyRevokedCerts(); - - /** - * Returns number of recently unrevoked certificates. - * - * @return number of recently unrevoked certificates - */ - public int getNumberOfRecentlyUnrevokedCerts(); - - /** - * Returns number of recently expired and revoked certificates. - * - * @return number of recently expired and revoked certificates - */ - public int getNumberOfRecentlyExpiredCerts(); - - /** - * Converts list of extensions supplied by revocation request - * to list of extensions required to be placed in CRL. - * - * @param exts list of extensions supplied by revocation request - * @return list of extensions required to be placed in CRL - */ - public CRLExtensions getRequiredEntryExtensions(CRLExtensions exts); - - /** - * Adds revoked certificate to delta-CRL cache. - * - * @param serialNumber serial number of revoked certificate - * @param revokedCert revocation information supplied by revocation request - */ - public void addRevokedCert(BigInteger serialNumber, RevokedCertImpl revokedCert); - - /** - * Adds revoked certificate to delta-CRL cache. - * - * @param serialNumber serial number of revoked certificate - * @param revokedCert revocation information supplied by revocation request - * @param requestId revocation request id - */ - public void addRevokedCert(BigInteger serialNumber, RevokedCertImpl revokedCert, - String requestId); - - /** - * Adds unrevoked certificate to delta-CRL cache. - * - * @param serialNumber serial number of unrevoked certificate - */ - public void addUnrevokedCert(BigInteger serialNumber); - - /** - * Adds unrevoked certificate to delta-CRL cache. - * - * @param serialNumber serial number of unrevoked certificate - * @param requestId unrevocation request id - */ - public void addUnrevokedCert(BigInteger serialNumber, String requestId); - - /** - * Adds expired and revoked certificate to delta-CRL cache. - * - * @param serialNumber serial number of expired and revoked certificate - */ - public void addExpiredCert(BigInteger serialNumber); - - /** - * Updates CRL cache into local directory. - */ - public void updateCRLCacheRepository(); - - /** - * Updates issuing point configuration according to supplied data - * in name value pairs. - * - * @param params name value pairs defining new issuing point configuration - * @return true if configuration is updated successfully - */ - public boolean updateConfig(NameValuePairs params); - - /** - * Returns true if delta-CRL is enabled. - * - * @return true if delta-CRL is enabled - */ - public boolean isDeltaCRLEnabled(); - - /** - * Returns true if CRL cache is enabled. - * - * @return true if CRL cache is enabled - */ - public boolean isCRLCacheEnabled(); - - /** - * Returns true if CRL cache is empty. - * - * @return true if CRL cache is empty - */ - public boolean isCRLCacheEmpty(); - - /** - * Returns true if CRL cache testing is enabled. - * - * @return true if CRL cache testing is enabled - */ - public boolean isCRLCacheTestingEnabled(); - - /** - * Returns true if supplied delta-CRL is matching current delta-CRL. - * - * @param deltaCRL delta-CRL to verify against current delta-CRL - * @return true if supplied delta-CRL is matching current delta-CRL - */ - public boolean isThisCurrentDeltaCRL(X509CRLImpl deltaCRL); - - /** - * Returns status of CRL generation. - * - * @return one of the following according to CRL generation status: - * CRL_UPDATE_DONE, CRL_UPDATE_STARTED, and CRL_PUBLISHING_STARTED - */ - public int isCRLUpdateInProgress(); - - /** - * Generates CRL now based on cache or local directory if cache - * is not available. It also publishes CRL if it is required. - * CRL is signed by default signing algorithm. - * - * @exception EBaseException if an error occurred during - * CRL generation or publishing - */ - public void updateCRLNow() throws EBaseException; - - /** - * Returns list of CRL extensions. - * - * @return list of CRL extensions - */ - public ICMSCRLExtensions getCRLExtensions(); -} diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java deleted file mode 100644 index 25bc9cabe..000000000 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java +++ /dev/null @@ -1,503 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.certsrv.ca; - -import java.util.Enumeration; - -import netscape.security.x509.CertificateChain; -import netscape.security.x509.CertificateVersion; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CRLImpl; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - -import org.mozilla.jss.crypto.SignatureAlgorithm; - -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.base.ISubsystem; -import com.netscape.certsrv.base.Nonces; -import com.netscape.certsrv.dbs.certdb.ICertificateRepository; -import com.netscape.certsrv.dbs.crldb.ICRLRepository; -import com.netscape.certsrv.dbs.replicadb.IReplicaIDRepository; -import com.netscape.certsrv.policy.IPolicyProcessor; -import com.netscape.certsrv.publish.IPublisherProcessor; -import com.netscape.certsrv.request.IRequestListener; -import com.netscape.certsrv.request.IRequestNotifier; -import com.netscape.certsrv.request.IRequestQueue; -import com.netscape.certsrv.request.IService; -import com.netscape.certsrv.security.ISigningUnit; - -/** - * An interface represents a Certificate Authority that is - * responsible for certificate specific operations. - * <P> - * - * @version $Revision$, $Date$ - */ -public interface ICertificateAuthority extends ISubsystem { - - public static final String ID = "ca"; - - public static final String PROP_CERTDB_INC = "certdbInc"; - public static final String PROP_CRLDB_INC = "crldbInc"; - public static final String PROP_REGISTRATION = "Registration"; - public static final String PROP_POLICY = "Policy"; - public static final String PROP_GATEWAY = "gateway"; - public static final String PROP_CLASS = "class"; - public static final String PROP_TYPE = "type"; - public static final String PROP_IMPL = "impl"; - public static final String PROP_PLUGIN = "plugin"; - public static final String PROP_INSTANCE = "instance"; - public static final String PROP_LISTENER_SUBSTORE = "listener"; - public final static String PROP_LDAP_PUBLISH_SUBSTORE = "ldappublish"; - public final static String PROP_PUBLISH_SUBSTORE = "publish"; - public final static String PROP_ENABLE_PUBLISH = "enablePublish"; - public final static String PROP_ENABLE_LDAP_PUBLISH = "enableLdapPublish"; - - public final static String PROP_X509CERT_VERSION = "X509CertVersion"; - public final static String PROP_ENABLE_PAST_CATIME = "enablePastCATime"; - public final static String PROP_DEF_VALIDITY = "DefaultIssueValidity"; - public final static String PROP_FAST_SIGNING = "fastSigning"; - public static final String PROP_ENABLE_ADMIN_ENROLL = - "enableAdminEnroll"; - - public final static String PROP_CRL_SUBSTORE = "crl"; - // make this public so agent gateway can access for now. - public final static String PROP_CRL_PAGE_SIZE = "pageSize"; - public final static String PROP_MASTER_CRL = "MasterCRL"; - public final static String PROP_CRLEXT_SUBSTORE = "extension"; - public final static String PROP_ISSUING_CLASS = - "com.netscape.cmscore.ca.CRLIssuingPoint"; - public final static String PROP_EXPIREDCERTS_CLASS = - "com.netscape.cmscore.ca.CRLWithExpiredCerts"; - - public final static String PROP_NOTIFY_SUBSTORE = "notification"; - public final static String PROP_CERT_ISSUED_SUBSTORE = "certIssued"; - public final static String PROP_CERT_REVOKED_SUBSTORE = "certRevoked"; - public final static String PROP_REQ_IN_Q_SUBSTORE = "requestInQ"; - public final static String PROP_PUB_QUEUE_SUBSTORE = "publishingQueue"; - - public final static String PROP_ISSUER_NAME = "name"; - public final static String PROP_CA_NAMES = "CAs"; - public final static String PROP_DBS_SUBSTORE = "dbs"; - public final static String PROP_SIGNING_SUBSTORE = "signing"; - public final static String PROP_CA_CHAIN_NUM = "certchainNum"; - public final static String PROP_CA_CHAIN = "certchain"; - public final static String PROP_CA_CERT = "cert"; - public final static String PROP_ENABLE_OCSP = "ocsp"; - public final static String PROP_OCSP_SIGNING_SUBSTORE = "ocsp_signing"; - public final static String PROP_CRL_SIGNING_SUBSTORE = "crl_signing"; - public final static String PROP_ID = "id"; - - public final static String PROP_CERTDB_TRANS_MAXRECORDS = "transitMaxRecords"; - public final static String PROP_CERTDB_TRANS_PAGESIZE = "transitRecordPageSize"; - - /** - * Retrieves the certificate repository where all the locally - * issued certificates are kept. - * - * @return CA's certificate repository - */ - public ICertificateRepository getCertificateRepository(); - - /** - * Retrieves the request queue of this certificate authority. - * - * @return CA's request queue - */ - public IRequestQueue getRequestQueue(); - - /** - * Retrieves the policy processor of this certificate authority. - * @deprecated - * @return CA's policy processor - */ - public IPolicyProcessor getPolicyProcessor(); - - public boolean noncesEnabled(); - - public Nonces getNonces(); - - /** - * Retrieves the publishing processor of this certificate authority. - * - * @return CA's publishing processor - */ - public IPublisherProcessor getPublisherProcessor(); - - /** - * Retrieves the next available serial number. - * - * @return next available serial number - */ - public String getStartSerial(); - - /** - * Sets the next available serial number. - * - * @param serial next available serial number - * @exception EBaseException failed to set next available serial number - */ - public void setStartSerial(String serial) throws EBaseException; - - /** - * Retrieves the last serial number that can be used for - * certificate issuance in this certificate authority. - * - * @return the last serial number - */ - public String getMaxSerial(); - - /** - * Sets the last serial number that can be used for - * certificate issuance in this certificate authority. - * - * @param serial the last serial number - * @exception EBaseException failed to set the last serial number - */ - public void setMaxSerial(String serial) throws EBaseException; - - /** - * Retrieves the default signature algorithm of this certificate authority. - * - * @return the default signature algorithm of this CA - */ - public SignatureAlgorithm getDefaultSignatureAlgorithm(); - - /** - * Retrieves the default signing algorithm of this certificate authority. - * - * @return the default signing algorithm of this CA - */ - public String getDefaultAlgorithm(); - - /** - * Sets the default signing algorithm of this certificate authority. - * - * @param algorithm new default signing algorithm - * @exception EBaseException failed to set the default signing algorithm - */ - public void setDefaultAlgorithm(String algorithm) throws EBaseException; - - /** - * Retrieves the supported signing algorithms of this certificate authority. - * - * @return the supported signing algorithms of this CA - */ - public String[] getCASigningAlgorithms(); - - /** - * Allows certificates to have validities that are longer - * than this certificate authority's. - * - * @param enableCAPast if equals "true", it allows certificates - * to have validity longer than CA's certificate validity - * @exception EBaseException failed to set above option - */ - public void setValidity(String enableCAPast) throws EBaseException; - - /** - * Retrieves the default validity period. - * - * @return the default validity length in days - */ - public long getDefaultValidity(); - - /** - * Retrieves all the CRL issuing points. - * - * @return enumeration of all the CRL issuing points - */ - public Enumeration<ICRLIssuingPoint> getCRLIssuingPoints(); - - /** - * Retrieves CRL issuing point with the given identifier. - * - * @param id CRL issuing point id - * @return CRL issuing point with given id - */ - public ICRLIssuingPoint getCRLIssuingPoint(String id); - - /** - * Adds CRL issuing point with the given identifier and description. - * - * @param crlSubStore sub-store with all CRL issuing points - * @param id CRL issuing point id - * @param description CRL issuing point description - * @return true if CRL issuing point was successfully added - */ - public boolean addCRLIssuingPoint(IConfigStore crlSubStore, String id, - boolean enable, String description); - - /** - * Deletes CRL issuing point with the given identifier. - * - * @param crlSubStore sub-store with all CRL issuing points - * @param id CRL issuing point id - */ - public void deleteCRLIssuingPoint(IConfigStore crlSubStore, String id); - - /** - * Retrieves the CRL repository. - * - * @return CA's CRL repository - */ - public ICRLRepository getCRLRepository(); - - /** - * Retrieves the Replica ID repository. - * - * @return CA's Replica ID repository - */ - public IReplicaIDRepository getReplicaRepository(); - - /** - * Retrieves the request in queue listener. - * - * @return the request in queue listener - */ - public IRequestListener getRequestInQListener(); - - /** - * Retrieves all request listeners. - * - * @return name enumeration of all request listeners - */ - public Enumeration<String> getRequestListenerNames(); - - /** - * Retrieves the request listener for issued certificates. - * - * @return the request listener for issued certificates - */ - public IRequestListener getCertIssuedListener(); - - /** - * Retrieves the request listener for revoked certificates. - * - * @return the request listener for revoked certificates - */ - public IRequestListener getCertRevokedListener(); - - /** - * Retrieves the CA certificate chain. - * - * @return the CA certificate chain - */ - public CertificateChain getCACertChain(); - - /** - * Retrieves the CA certificate. - * - * @return the CA certificate - */ - public org.mozilla.jss.crypto.X509Certificate getCaX509Cert(); - - /** - * Retrieves the CA certificate. - * - * @return the CA certificate - */ - public X509CertImpl getCACert(); - - /** - * Updates the CRL immediately for MasterCRL issuing point if it exists. - * - * @exception EBaseException failed to create or publish CRL - */ - public void updateCRLNow() throws EBaseException; - - /** - * Publishes the CRL immediately for MasterCRL issuing point if it exists. - * - * @exception EBaseException failed to publish CRL - */ - public void publishCRLNow() throws EBaseException; - - /** - * Retrieves the signing unit that manages the CA signing key for - * signing certificates. - * - * @return the CA signing unit for certificates - */ - public ISigningUnit getSigningUnit(); - - /** - * Retrieves the signing unit that manages the CA signing key for - * signing CRL. - * - * @return the CA signing unit for CRLs - */ - public ISigningUnit getCRLSigningUnit(); - - /** - * Retrieves the signing unit that manages the CA signing key for - * signing OCSP response. - * - * @return the CA signing unit for OCSP responses - */ - public ISigningUnit getOCSPSigningUnit(); - - /** - * Sets the maximium path length in the basic constraint extension. - * - * @param num the maximium path length - */ - public void setBasicConstraintMaxLen(int num); - - /** - * Is this a clone CA? - * - * @return true if this is a clone CA - */ - public boolean isClone(); - - /** - * Retrieves the request listener by name. - * - * @param name request listener name - * @return the request listener - */ - public IRequestListener getRequestListener(String name); - - /** - * get request notifier - */ - public IRequestNotifier getRequestNotifier(); - - /** - * Registers a request listener. - * - * @param listener request listener to be registered - */ - public void registerRequestListener(IRequestListener listener); - - /** - * Registers a request listener. - * - * @param name under request listener is going to be registered - * @param listener request listener to be registered - */ - public void registerRequestListener(String name, IRequestListener listener); - - /** - * Retrieves the issuer name of this certificate authority. - * - * @return the issuer name of this certificate authority - */ - public X500Name getX500Name(); - - /** - * Retrieves the issuer name of this certificate authority issuing point. - * - * @return the issuer name of this certificate authority issuing point - */ - public X500Name getCRLX500Name(); - - /** - * Signs the given CRL with the specific algorithm. - * - * @param crl CRL to be signed - * @param algname algorithm used for signing - * @return signed CRL - * @exception EBaseException failed to sign CRL - */ - public X509CRLImpl sign(X509CRLImpl crl, String algname) - throws EBaseException; - - /** - * Logs a message to this certificate authority. - * - * @param level logging level - * @param msg logged message - */ - public void log(int level, String msg); - - /** - * Returns the nickname for the CA signing certificate. - * - * @return the nickname for the CA signing certificate - */ - public String getNickname(); - - /** - * Signs a X.509 certificate template. - * - * @param certInfo X.509 certificate template - * @param algname algorithm used for signing - * @return signed certificate - * @exception EBaseException failed to sign certificate - */ - public X509CertImpl sign(X509CertInfo certInfo, String algname) - throws EBaseException; - - /** - * Retrieves the default certificate version. - * - * @return the default version certificate - */ - public CertificateVersion getDefaultCertVersion(); - - /** - * Is this CA allowed to issue certificate that has longer - * validty than the CA's. - * - * @return true if allows certificates to have validity longer than CA's - */ - public boolean isEnablePastCATime(); - - /** - * Retrieves the CA service object that is responsible for - * processing requests. - * - * @return CA service object - */ - public IService getCAService(); - - /** - * Returns the in-memory count of the processed OCSP requests. - * - * @return number of processed OCSP requests in memory - */ - public long getNumOCSPRequest(); - - /** - * Returns the in-memory time (in mini-second) of - * the processed time for OCSP requests. - * - * @return processed times for OCSP requests - */ - public long getOCSPRequestTotalTime(); - - /** - * Returns the in-memory time (in mini-second) of - * the signing time for OCSP requests. - * - * @return processed times for OCSP requests - */ - public long getOCSPTotalSignTime(); - - /** - * Returns the total data signed - * for OCSP requests. - * - * @return processed times for OCSP requests - */ - public long getOCSPTotalData(); -} |