diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv/dbs')
29 files changed, 3196 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/DBResources.java b/pki/base/common/src/com/netscape/certsrv/dbs/DBResources.java new file mode 100644 index 000000000..54e65ce30 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/DBResources.java @@ -0,0 +1,41 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; + + +/** + * A class represents a resource bundle for DBS subsystem. + * <P> + * + * @version $Revision$, $Date$ + */ +public class DBResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + */ + public Object[][] getContents() { + return contents; + } + + static final Object[][] contents = {}; +} + diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/EDBException.java b/pki/base/common/src/com/netscape/certsrv/dbs/EDBException.java new file mode 100644 index 000000000..b0fa4bff0 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/EDBException.java @@ -0,0 +1,84 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; +import com.netscape.certsrv.base.*; + + +/** + * A class represents a database exception. + * <P> + * + * @version $Revision$, $Date$ + */ +public class EDBException extends EBaseException { + + /** + * Resource class name. + */ + private static final String DB_RESOURCES = DBResources.class.getName(); + + /** + * Constructs a database exception. + * <P> + * + * @param msgFormat message format + */ + public EDBException(String msgFormat) { + super(msgFormat); + } + + /** + * Constructs a database exception. + * <P> + * + * @param msgFormat message format + * @param param parameter + */ + public EDBException(String msgFormat, String param) { + super(msgFormat, param); + } + + /** + * Constructs a database exception. + * <P> + * + * @param msgFormat message format + * @param e exception as parameter + */ + public EDBException(String msgFormat, Exception e) { + super(msgFormat, e); + } + + /** + * Constructs a database exception. + * <P> + * + * @param msgFormat message format + * @param params list of parameters + */ + public EDBException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + + protected String getBundleName() { + return DB_RESOURCES; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/EDBNotAvailException.java b/pki/base/common/src/com/netscape/certsrv/dbs/EDBNotAvailException.java new file mode 100644 index 000000000..28709b705 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/EDBNotAvailException.java @@ -0,0 +1,36 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +/** + * Indicates internal db is down. + * + * @version $Revision$, $Date$ + */ +public class EDBNotAvailException extends EDBException { + + /** + * Constructs a ldap server down exception with host & port info. + * + * @param errorString Detailed error message. + */ + public EDBNotAvailException(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java b/pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java new file mode 100644 index 000000000..28402dba7 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java @@ -0,0 +1,36 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +/** + * Indicates internal db is down. + * + * @version $Revision$, $Date$ + */ +public class EDBRecordNotFoundException extends EDBException { + + /** + * Constructs a ldap server down exception with host & port info. + * + * @param errorString Detailed error message. + */ + public EDBRecordNotFoundException(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBAttrMapper.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBAttrMapper.java new file mode 100644 index 000000000..d7b82f25d --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBAttrMapper.java @@ -0,0 +1,80 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; + + +/** + * An interface represents an attribute mapper. A mapper + * has knowledge on how to convert a db attribute into + * zero or more LDAP attribute, and vice versa. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IDBAttrMapper { + + /** + * Retrieves a list of LDAP attributes that are used + * in the mapper. By having this, the framework can + * provide search on selective attributes. + * + * @return a list of supported attribute names + */ + public Enumeration getSupportedLDAPAttributeNames(); + + /** + * Maps object attribute into LDAP attributes. + * + * @param parent parent object where the object comes from + * @param name name of db attribute + * @param obj object itself + * @param attrs LDAP attribute set where the result should be stored + * @exception EBaseException failed to map object + */ + public void mapObjectToLDAPAttributeSet(IDBObj parent, + String name, Object obj, LDAPAttributeSet attrs) + throws EBaseException; + + /** + * Maps LDAP attributes into object, and puts the object + * into 'parent'. + * + * @param attrs LDAP attribute set + * @param name name of db attribute to be processed + * @param parent parent object where the object should be added + * @exception EBaseException failed to map object + */ + public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, + String name, IDBObj parent) throws EBaseException; + + /** + * Maps search filters into LDAP search filter. + * + * @param name name of db attribute + * @param op filte operation (i.e. "=", ">=") + * @param value attribute value + * @exception EBaseException failed to map filter + */ + public String mapSearchFilter(String name, String op, + String value) throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBDynAttrMapper.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBDynAttrMapper.java new file mode 100644 index 000000000..c1c8c3b39 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBDynAttrMapper.java @@ -0,0 +1,22 @@ +package com.netscape.certsrv.dbs; + +/** + * An interface representing a dynamic attribute mapper. + * A dynamic mapper has knowledge on how to convert a set of dynamically + * assigned db attribute into zero or more dynamically assigned LDAP + * attributes, and vice versa. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IDBDynAttrMapper extends IDBAttrMapper { + + /** + * Returns true if the LDAP attribute can be mapped by this + * dynamic mapper. + * + * @param attrName LDAP attribute name to check + * @return a list of supported attribute names + */ + public boolean supportsLDAPAttributeName(String attrName); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBObj.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBObj.java new file mode 100644 index 000000000..1616e7418 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBObj.java @@ -0,0 +1,42 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; +import com.netscape.certsrv.base.*; + + +/** + * An interface represents a database object + * that is serializable. + * + * @version $Revision$, $Date$ + */ +public interface IDBObj extends IAttrSet { + + /** + * Returns a list of serializable attribute + * names. This method should return the + * attribute name even if there is no attribute + * value for the attribute. + * + * @return a list of serializable attribute names + */ + public Enumeration getSerializableAttrNames(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBRegistry.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBRegistry.java new file mode 100644 index 000000000..faf18a342 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBRegistry.java @@ -0,0 +1,171 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * A class represents a registry where all the + * schema (object classes and attribute) information + * is stored. + * + * Attribute mappers can be registered with this + * registry. + * + * Given the schema information stored, this registry + * has knowledge to convert a Java object into a + * LDAPAttributeSet or vice versa. + * + * @version $Revision$, $Date$ + */ +public interface IDBRegistry extends ISubsystem { + + /** + * Registers object class. + * + * @param className java class to create for the object classes + * @param ldapNames a list of LDAP object classes + * @exception EDBException failed to register + */ + public void registerObjectClass(String className, String ldapNames[]) + throws EDBException; + + /** + * See if an object class is registered. + * + * @param className java class to create + * @return true if object class is registered already + */ + public boolean isObjectClassRegistered(String className); + + /** + * Registers attribute mapper. + * + * @param ufName LDAP attribute name + * @param mapper mapper to invoke for the attribute + * @exception EDBException failed to register + */ + public void registerAttribute(String ufName, IDBAttrMapper mapper) + throws EDBException; + + /** + * See if an attribute is registered. + * + * @param ufName attribute name + * @return true if attribute is registered already + */ + public boolean isAttributeRegistered(String ufName); + + /** + * Registers a dynamic attribute mapper. + * @param mapper The dynamic mapper to register + */ + public void registerDynamicMapper(IDBDynAttrMapper mapper); + + /** + * Creates LDAP-based search filters with help of + * registered mappers. + * Parses filter from filter string specified in RFC1558. + * <pre> + * <filter> ::= '(' <filtercomp> ')' + * <filtercomp> ::= <and> | <or> | <not> | <item> + * <and> ::= '&' <filterlist> + * <or> ::= '|' <filterlist> + * <not> ::= '!' <filter> + * <filterlist> ::= <filter> | <filter> <filterlist> + * <item> ::= <simple> | <present> | <substring> + * <simple> ::= <attr> <filtertype> <value> + * <filtertype> ::= <equal> | <approx> | <greater> | <less> + * <equal> ::= '=' + * <approx> ::= '~=' + * <greater> ::= '>=' + * <less> ::= '<=' + * <present> ::= <attr> '=*' + * <substring> ::= <attr> '=' <initial> <any> <final> + * <initial> ::= NULL | <value> + * <any> ::= '*' <starval> + * <starval> ::= NULL | <value> '*' <starval> + * <final> ::= NULL | <value> + * </pre> + * + * @param filter CMS-based filter + * @return LDAP-based filter string + * @exception EBaseException failed to convert filter + */ + public String getFilter(String filter) throws EBaseException; + + /** + * Creates LDAP-based search filters with help of + * registered mappers. + * + * @param filter CMS-based filter + * @param c filter converter + * @return LDAP-based filter string + * @exception EBaseException failed to convert filter + */ + public String getFilter(String filter, IFilterConverter c) + throws EBaseException; + + /** + * Maps object into LDAP attribute set. + * + * @param parent object's parent + * @param name name of the object + * @param obj object to be mapped + * @param attrs LDAP attribute set + * @exception EBaseException failed to map object + */ + public void mapObject(IDBObj parent, String name, Object obj, + LDAPAttributeSet attrs) throws EBaseException; + + /** + * Retrieves a list of LDAP attributes that are associated + * with the given attributes. + * + * @param attrs attributes + * @return LDAP-based attributes + * @exception EBaseException failed to map attributes + */ + public String[] getLDAPAttributes(String attrs[]) + throws EBaseException; + + /** + * Creates attribute set from object. + * + * @param obj database object + * @return LDAP attribute set + * @exception EBaseException failed to create set + */ + public LDAPAttributeSet createLDAPAttributeSet(IDBObj obj) + throws EBaseException; + + /** + * Creates object from attribute set. + * + * @param attrs LDAP attribute set + * @return database object + * @exception EBaseException failed to create object + */ + public IDBObj createObject(LDAPAttributeSet attrs) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSSession.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSSession.java new file mode 100644 index 000000000..09364dc69 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSSession.java @@ -0,0 +1,211 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; + + +/** + * An interface represents the database session. Operations + * can be performed with a session. + * + * Transaction and Caching support can be integrated + * into session. + * + * @version $Revision$, $Date$ + */ +public interface IDBSSession { + + /** + * Returns database subsystem. + * + * @return subsystem + */ + public ISubsystem getDBSubsystem(); + + /** + * Closes this session. + * + * @exception EDBException failed to close session + */ + public void close() throws EDBException; + + /** + * Adds object to backend database. For example, + * <PRE> + * session.add("cn=123459,o=certificate repository,o=airius.com", + * certRec); + * </PRE> + * + * @param name name of the object + * @param obj object to be added + * @exception EDBException failed to add object + */ + public void add(String name, IDBObj obj) throws EBaseException; + + /** + * Reads an object from the database. + * + * @param name name of the object that is to be read + * @return database object + * @exception EBaseException failed to read object + */ + public IDBObj read(String name) throws EBaseException; + + /** + * Reads an object from the database, and only populates + * the selected attributes. + * + * @param name name of the object that is to be read + * @param attrs selected attributes + * @return database object + * @exception EBaseException failed to read object + */ + public IDBObj read(String name, String attrs[]) + throws EBaseException; + + /** + * Deletes object from database. + * + * @param name name of the object that is to be deleted + * @exception EBaseException failed to delete object + */ + public void delete(String name) throws EBaseException; + + /** + * Modify an object in the database. + * + * @param name name of the object that is to be modified + * @param mods modifications + * @exception EBaseException failed to modify + */ + public void modify(String name, ModificationSet mods) + throws EBaseException; + + /** + * Searchs for a list of objects that match the + * filter. + * + * @param base starting point of the search + * @param filter search filter + * @return search results + * @exception EBaseException failed to search + */ + public IDBSearchResults search(String base, String filter) + throws EBaseException; + + /** + * Searchs for a list of objects that match the + * filter. + * + * @param base starting point of the search + * @param filter search filter + * @param maxSize max number of entries + * @return search results + * @exception EBaseException failed to search + */ + public IDBSearchResults search(String base, String filter, int maxSize) + throws EBaseException; + + /** + * Searchs for a list of objects that match the + * filter. + * + * @param base starting point of the search + * @param filter search filter + * @param maxSize max number of entries + * @param timeLimit timeout limit + * @return search results + * @exception EBaseException failed to search + */ + public IDBSearchResults search(String base, String filter, int maxSize, + int timeLimit) throws EBaseException; + + /** + * Retrieves a list of object that satifies the given + * filter. + * + * @param base starting point of the search + * @param filter search filter + * @param attrs selected attributes + * @return search results + * @exception EBaseException failed to search + */ + public IDBSearchResults search(String base, String filter, + String attrs[]) throws EBaseException; + + /** + * Retrieves a list of objects. + * + * @param base starting point of the search + * @param filter search filter + * @param attrs selected attributes + * @return search results in virtual list + * @exception EBaseException failed to search + */ + public IDBVirtualList createVirtualList(String base, String filter, + String attrs[]) throws EBaseException; + + /** + * Sets persistent search to retrieve modified + * certificate records. + * + * @param base starting point of the search + * @param filter search filter + * @param attrs selected attributes + * @return LDAP search results + * @exception EBaseException failed to search + */ + public LDAPSearchResults persistentSearch(String base, String filter, + String attrs[]) throws EBaseException; + + /** + * Retrieves a list of objects. + * + * @param base starting point of the search + * @param filter search filter + * @param attrs selected attributes + * @param sortKey key used to sort the list + * @param pageSize page size in the virtual list + * @return search results in virtual list + * @exception EBaseException failed to search + */ + public IDBVirtualList createVirtualList(String base, String filter, + String attrs[], String sortKey, int pageSize) + throws EBaseException; + + /** + * Retrieves a list of objects. + * + * @param base starting point of the search + * @param filter search filter + * @param attrs selected attributes + * @param startFrom starting point + * @param sortKey key used to sort the list + * @param pageSize page size in the virtual list + * @return search results in virtual list + * @exception EBaseException failed to search + */ + public IDBVirtualList createVirtualList(String base, String filter, + String attrs[], String startFrom, + String sortKey, int pageSize) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSearchResults.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSearchResults.java new file mode 100644 index 000000000..71356eb4f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSearchResults.java @@ -0,0 +1,49 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * A class represents the search results. A search + * results object contain a enumeration of + * Java objects that are just read from the database. + * + * @version $Revision$, $Date$ + */ +public interface IDBSearchResults extends Enumeration { + + /** + * Checks if any element is available. + * + * @return true if there is more elements + */ + public boolean hasMoreElements(); + + /** + * Retrieves next element. + * + * @return next element + */ + public Object nextElement(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java new file mode 100644 index 000000000..e82a3a14c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java @@ -0,0 +1,213 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.math.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; + + +/** + * An interface represents certificate server + * backend database. + * <P> + * This interface separate the database subsystem + * functionalities from internal implementation. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IDBSubsystem extends ISubsystem { + + public static final String SUB_ID = "dbs"; + + + // values for repos + public static final int CERTS = 0; + public static final int REQUESTS = 1; + public static final int REPLICA_ID = 2; + public static final int NUM_REPOS = 3; + + /** + * Retrieves the base DN. + * + * @return base DN of the subsystem + */ + public String getBaseDN(); + + /** + * Retrieves the registry. + * + * @return registry + */ + public IDBRegistry getRegistry(); + + /** + * Creates a database session. + * + * @return database session + * @exception EDBException failed to create session + */ + public IDBSSession createSession() throws EDBException; + + /** + * Avoids losing serial number. + * + * @return true if serial number recovery option is enabled + */ + public boolean enableSerialNumberRecovery(); + + /** + * Records next serial number in config file + * + * @param serial next serial number + * @exception EBaseException failed to set + */ + public void setNextSerialConfig(BigInteger serial) throws EBaseException; + + /** + * Gets the next serial number in config file + * + * @return next serial number + */ + public BigInteger getNextSerialConfig(); + + /** + * Records maximum serial number limit in config file + * + * @param serial max serial number + * @param repo repo identifier + * @exception EBaseException failed to set + */ + public void setMaxSerialConfig(int repo, String serial) throws EBaseException; + + /** + * Records minimum serial number limit in config file + * + * @param serial min serial number + * @param repo repo identifier + * @exception EBaseException failed to set + */ + public void setMinSerialConfig(int repo, String serial) throws EBaseException; + + /** + * Records maximum serial number limit for the next range in config file + * + * @param serial max serial number + * @param repo repo identifier + * @exception EBaseException failed to set + */ + public void setNextMaxSerialConfig(int repo, String serial) throws EBaseException; + + /** + * Records minimum serial number limit for the next range in config file + * + * @param serial min serial number + * @param repo repo identifier + * @exception EBaseException failed to set + */ + public void setNextMinSerialConfig(int repo, String serial) throws EBaseException; + + /** + * Gets minimum serial number limit in config file + * + * @param repo repo identifier + * @return min serial number + */ + public String getMinSerialConfig(int repo); + + /** + * Gets the maximum serial number limit in config file + * + * @param repo repo identifier + * @return max serial number + */ + public String getMaxSerialConfig(int repo); + + /** + * Gets the maximum serial number limit for next range in config file + * + * @param repo repo identifier + * @return max serial number + */ + public String getNextMaxSerialConfig(int repo); + + /** + * Gets minimum serial number limit for next range in config file + * + * @param repo repo identifier + * @return min serial number + */ + public String getNextMinSerialConfig(int repo); + + /** + * Gets low water mark limit in config file + * + * @param repo repo identifier + * @return low water mark + */ + public String getLowWaterMarkConfig(int repo); + + /** + * Gets range increment limit for next range in config file + * + * @param repo repo identifier + * @return range increment + */ + public String getIncrementConfig(int repo); + + /** + * Gets number corresponding to start of next range from database + * + * @param repo repo identifier + * @return start of next range + */ + public String getNextRange(int repo); + + /** + * Determines if a range conflict has been observed in database + * + * @param repo repo identifier + * @return true if range conflict, false otherwise + */ + public boolean hasRangeConflict(int repo); + + /** + * Determines if serial number management has been enabled + * + * @return true if enabled, false otherwise + */ + public boolean getEnableSerialMgmt(); + + /** + * Sets whether serial number management is enabled for certs + * and requests. + * + * @param value true/false + * @exception EBaseException failed to set + */ + public void setEnableSerialMgmt(boolean value) throws EBaseException; + + /** + * Returns LDAP connection to connection pool. + * + * @param conn connection to be returned + */ + public void returnConn(LDAPConnection conn); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBVirtualList.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBVirtualList.java new file mode 100644 index 000000000..93b1f87fb --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBVirtualList.java @@ -0,0 +1,149 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; +import netscape.ldap.*; +import netscape.ldap.controls.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * A interface represents a virtual list of search results. + * Note that this class must be used with DS4.0. + * + * @version $Revision$, $Date$ + */ +public interface IDBVirtualList { + + /** + * Sets the paging size of this virtual list. + * The page size here is just a buffer size. A buffer is kept around + * that is three times as large as the number of visible entries. + * That way, you can scroll up/down several items(up to a page-full) + * without refetching entries from the directory. + * + * @param size the page size + */ + public void setPageSize(int size); + + /** + * Sets the sort key + * + * @param sortKey the attribute to sort by + * @exception EBaseException failed to set + */ + public void setSortKey(String sortKey) throws EBaseException; + + /** + * Sets the sort key + * + * @param sortKeys the attributes to sort by + * @exception EBaseException failed to set + */ + public void setSortKey(String[] sortKeys) throws EBaseException; + + /** + * Retrieves the size of this virtual list. + * Recommend to call getSize() before getElementAt() or getElements() + * since you'd better check if the index is out of bound first. + * + * @return current size in list + */ + public int getSize(); + + /** + * Returns current index. + * + * @return current index + */ + + public int getSizeBeforeJumpTo(); + public int getSizeAfterJumpTo(); + + public int getCurrentIndex(); + + /** + * Get a page starting at "first" (although we may also fetch + * some preceding entries) + * Recommend to call getSize() before getElementAt() or getElements() + * since you'd better check if the index is out of bound first. + * + * @param first the index of the first entry of the page you want to fetch + */ + public boolean getPage(int first); + + /** + * Called by application to scroll the list with initial letters. + * Consider text to be an initial substring of the attribute of the + * primary sorting key(the first one specified in the sort key array) + * of an entry. + * If no entries match, the one just before(or after, if none before) + * will be returned as mSelectedIndex + * + * @param text the prefix of the first entry of the page you want to fetch + */ + public boolean getPage(String text); + + /** + * Fetchs data of a single list item + * Recommend to call getSize() before getElementAt() or getElements() + * since you'd better check if the index is out of bound first. + * If the index is out of range of the virtual list, an exception + * will be thrown and return null + * + * @param index the index of the element to fetch + */ + public Object getElementAt(int index); + + /** + * Retrieves and jumps to element in the given position. + * + * @param i position + * @return object + */ + public Object getJumpToElementAt(int i); + + /** + * Processes elements as soon as it arrives. It is + * more memory-efficient. + * + * @param startidx starting index + * @param endidx ending index + * @param ep object to call + * @exception EBaseException failed to process elements + */ + public void processElements(int startidx, int endidx, IElementProcessor ep) + throws EBaseException; + + /** + * Gets the virutal selected index + * + * @return selected index + */ + public int getSelectedIndex(); + + /** + * Gets the top of the buffer + * + * @return first index + */ + public int getFirstIndex(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IElementProcessor.java b/pki/base/common/src/com/netscape/certsrv/dbs/IElementProcessor.java new file mode 100644 index 000000000..d43145d8b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IElementProcessor.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import com.netscape.certsrv.base.*; + + +/** + * Processor handles object read from the session. + * + * @version $Revision$, $Date$ + */ +public interface IElementProcessor { + + /** + * Handles object + * + * @param o object to be processed + * @exception EBaseException failed to process object + */ + public void process(Object o) throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IFilterConverter.java b/pki/base/common/src/com/netscape/certsrv/dbs/IFilterConverter.java new file mode 100644 index 000000000..d31ccd468 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IFilterConverter.java @@ -0,0 +1,53 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; + + +/** + * An interface represents a filter converter + * that understands how to convert a attribute + * type from one defintion to another. + * For example, + * <PRE> + * (1) database layer need to convert + * registered attribute type to ldap attribute + * type. + * (2) high level subsystem need to convert + * locale specific attribute type to registered + * attribute type. + * </PRE> + * + * @version $Revision$, $Date$ + */ +public interface IFilterConverter { + + /** + * Converts attribute into LDAP attribute. + * + * @param attr attribute name + * @param op attribute operation + * @param value attribute value + * @return The LDAP attribute + */ + public String convert(String attr, String op, String value); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/Modification.java b/pki/base/common/src/com/netscape/certsrv/dbs/Modification.java new file mode 100644 index 000000000..3a28b1337 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/Modification.java @@ -0,0 +1,91 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; + + +/** + * A class represents a modification. This is used by the + * database (dbs) framework for modification operations. + * It specifices the modification type and values. + * + * @version $Revision$, $Date$ + */ +public class Modification { + + /** + * Add new value. + */ + public static final int MOD_ADD = 0; + + /** + * Deletes old value. + */ + public static final int MOD_DELETE = 1; + + /** + * Replace old value. + */ + public static final int MOD_REPLACE = 2; + + private String mName = null; + private int mOp; + private Object mValue = null; + + /** + * Constructs a role modification. + * + * @param name attribute name + * @param op attribute operation (i.e. MOD_ADD, MOD_DELETE, or MOD_REPLACE) + * @param value attribute value + */ + public Modification(String name, int op, Object value) { + mName = name; + mOp = op; + mValue = value; + } + + /** + * Retrieves attribute name. + * + * @return attribute name + */ + public String getName() { + return mName; + } + + /** + * Retrieves modification operation type. + * + * @return modification type + */ + public int getOp() { + return mOp; + } + + /** + * Retrieves attribute value. + * + * @return attribute value + */ + public Object getValue() { + return mValue; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/ModificationSet.java b/pki/base/common/src/com/netscape/certsrv/dbs/ModificationSet.java new file mode 100644 index 000000000..0e3108182 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/ModificationSet.java @@ -0,0 +1,62 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; + + +/** + * A class represents a modification set. A modification + * set contains zero or more modifications. + * + * @version $Revision$, $Date$ + */ +public class ModificationSet { + + /** + * A list of modifications + */ + private Vector mods = new Vector(); + + /** + * Constructs modification set. + */ + public ModificationSet() { + } + + /** + * Adds modification to this set. + * + * @param name attribute name + * @param op modification operation + * @param value attribute value + */ + public void add(String name, int op, Object value) { + mods.addElement(new Modification(name, op, value)); + } + + /** + * Retrieves a list of modifications. + * + * @return a list of Modifications + */ + public Enumeration getModifications() { + return mods.elements(); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java new file mode 100644 index 000000000..febb684cc --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java @@ -0,0 +1,176 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.certdb; + + +import java.util.Date; +import java.math.BigInteger; +import com.netscape.certsrv.dbs.IDBObj; +import com.netscape.certsrv.base.MetaInfo; +import netscape.security.x509.X509CertImpl; + + +/** + * An interface contains constants for certificate record. + * + * @version $Revision$, $Date$ + */ +public interface ICertRecord extends IDBObj { + + public final static String ATTR_ID = "certRecordId"; + public final static String ATTR_META_INFO = "certMetaInfo"; + public final static String ATTR_REVO_INFO = "certRevoInfo"; + public final static String ATTR_CERT_STATUS = "certStatus"; + public final static String ATTR_CREATE_TIME = "certCreateTime"; + public final static String ATTR_MODIFY_TIME = "certModifyTime"; + public final static String ATTR_AUTO_RENEW = "certAutoRenew"; + public final static String ATTR_ISSUED_BY = "certIssuedBy"; + public final static String ATTR_REVOKED_BY = "certRevokedBy"; + public final static String ATTR_REVOKED_ON = "certRevokedOn"; + public final static String ATTR_X509CERT = "x509cert"; + + public static final String META_LDAPPUBLISH = "inLdapPublishDir"; + public static final String META_REQUEST_ID = "requestId"; + public static final String META_RENEWED_CERT = "renewedCertSerialNo"; + public static final String META_OLD_CERT = "oldCertSerialNo"; + public static final String META_CERT_TYPE = "certType"; + public static final String META_CRMF_REQID = "crmfReqId"; + public static final String META_CHALLENGE_PHRASE = "challengePhrase"; + public static final String META_PROFILE_ID = "profileId"; + + public final static String STATUS_VALID = "VALID"; + public final static String STATUS_INVALID = "INVALID"; + public final static String STATUS_REVOKED = "REVOKED"; + public final static String STATUS_EXPIRED = "EXPIRED"; + public final static String STATUS_REVOKED_EXPIRED = "REVOKED_EXPIRED"; + + public final static String AUTO_RENEWAL_DISABLED = "DISABLED"; + public final static String AUTO_RENEWAL_ENABLED = "ENABLED"; + public final static String AUTO_RENEWAL_DONE = "DONE"; + public final static String AUTO_RENEWAL_NOTIFIED = "NOTIFIED"; + + public final static String X509CERT_NOT_BEFORE = "notBefore"; + public final static String X509CERT_NOT_AFTER = "notAfter"; + public final static String X509CERT_DURATION = "duration"; + public final static String X509CERT_EXTENSION = "extension"; + public final static String X509CERT_SUBJECT = "subject"; + public final static String X509CERT_PUBLIC_KEY_DATA ="publicKeyData"; + public final static String X509CERT_VERSION = "version"; + public final static String X509CERT_ALGORITHM = "algorithm"; + public final static String X509CERT_SIGNING_ALGORITHM = "signingAlgorithm"; + public final static String X509CERT_SERIAL_NUMBER = "serialNumber"; + + /* attribute type used the following with search filter */ + public final static String ATTR_X509CERT_NOT_BEFORE = + ATTR_X509CERT + "." + X509CERT_NOT_BEFORE; + public final static String ATTR_X509CERT_NOT_AFTER = + ATTR_X509CERT + "." + X509CERT_NOT_AFTER; + public final static String ATTR_X509CERT_DURATION = + ATTR_X509CERT + "." + X509CERT_DURATION; + public final static String ATTR_X509CERT_EXTENSION = + ATTR_X509CERT + "." + X509CERT_EXTENSION; + public final static String ATTR_X509CERT_SUBJECT = + ATTR_X509CERT + "." + X509CERT_SUBJECT; + public final static String ATTR_X509CERT_VERSION = + ATTR_X509CERT + "." + X509CERT_VERSION; + public final static String ATTR_X509CERT_ALGORITHM = + ATTR_X509CERT + "." + X509CERT_ALGORITHM; + public final static String ATTR_X509CERT_SIGNING_ALGORITHM = + ATTR_X509CERT + "." + X509CERT_SIGNING_ALGORITHM; + public final static String ATTR_X509CERT_SERIAL_NUMBER = + ATTR_X509CERT + "." + X509CERT_SERIAL_NUMBER; + public final static String ATTR_X509CERT_PUBLIC_KEY_DATA = + ATTR_X509CERT + "." + X509CERT_PUBLIC_KEY_DATA; + + /** + * Retrieves serial number from stored certificate. + * + * @return certificate serial number + */ + public BigInteger getCertificateSerialNumber(); + + /** + * Retrieves serial number from certificate record. + * + * @return certificate serial number + */ + public BigInteger getSerialNumber(); + + /** + * Retrieves certificate from certificate record. + * + * @return certificate + */ + public X509CertImpl getCertificate(); + + /** + * Retrieves name of who issued this certificate. + * + * @return name of who issued this certificate + */ + public String getIssuedBy(); + + /** + * Retrieves name of who revoked this certificate. + * + * @return name of who revoked this certificate + */ + public String getRevokedBy(); + + /** + * Retrieves date when this certificate was revoked. + * + * @return date when this certificate was revoked + */ + public Date getRevokedOn(); + + /** + * Retrieves meta info. + * + * @return meta info + */ + public MetaInfo getMetaInfo(); + + /** + * Retrieves certificate status. + * + * @return certificate status + */ + public String getStatus(); + + /** + * Retrieves time of creation of this certificate record. + * + * @return time of creation of this certificate record + */ + public Date getCreateTime(); + + /** + * Retrieves time of modification of this certificate record. + * + * @return time of modification of this certificate record + */ + public Date getModifyTime(); + + /** + * Retrieves revocation info. + * + * @return revocation info + */ + public IRevocationInfo getRevocationInfo(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecordList.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecordList.java new file mode 100644 index 000000000..cc8c38187 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecordList.java @@ -0,0 +1,97 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.certdb; + + +import java.util.*; +import java.io.*; +import java.math.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; + + +/** + * A class represents a list of certificate records. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface ICertRecordList { + + /** + * Gets the current index. + * + * @return current index + */ + public int getCurrentIndex(); + + /** + * Retrieves the size of request list. + * + * @return size + */ + public int getSize(); + + /** + * Gets size before jump to index. + * + * @return size + */ + public int getSizeBeforeJumpTo(); + + /** + * Gets size after jump to index. + * + * @return size + */ + public int getSizeAfterJumpTo(); + + /** + * Process certificate record as soon as it is returned. + * + * @param startidx starting index + * @param endidx ending index + * @param ep element processor + * @exception EBaseException failed to process cert records + */ + public void processCertRecords(int startidx, int endidx, + IElementProcessor ep) throws EBaseException; + + /** + * Retrieves requests. + * It's no good to call this if you didnt check + * if the startidx, endidx are valid. + * + * @param startidx starting index + * @param endidx ending index + * @exception EBaseException failed to retrieve + */ + public Enumeration getCertRecords(int startidx, int endidx) + throws EBaseException; + + /** + * Gets one single record at a time similar to + * processCertRecords but no extra class needed. + * + * @param index position of the record to be retrieved + * @return object + * @exception EBaseException failed to retrieve + */ + public Object getCertRecord(int index) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java new file mode 100644 index 000000000..c036909de --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java @@ -0,0 +1,512 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.certdb; + + +import java.math.*; +import java.util.*; +import java.io.*; +import java.security.*; +import java.security.cert.*; +import java.security.cert.Certificate; +import netscape.security.x509.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; +import com.netscape.certsrv.dbs.repository.*; + + +/** + * An interface represents a CMS certificate repository. + * It stores all the issued certificate. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface ICertificateRepository extends IRepository { + + /** + * Adds a certificate record to the repository. Each certificate + * record contains four parts: certificate, meta-attributes, + * issue information and reovcation information. + * <P> + * + * @param record X.509 certificate + * @exception EBaseException failed to add new certificate to + * the repository + */ + public void addCertificateRecord(ICertRecord record) + throws EBaseException; + + /** + * Reads the certificate identified by the given serial no. + * + * @param serialNo serial number of certificate + * @return certificate + * @exception EBaseException failed to retrieve certificate + */ + public X509CertImpl getX509Certificate(BigInteger serialNo) + throws EBaseException; + + /** + * Reads certificate from repository. + * + * @param serialNo serial number of certificate + * @return certificate record + * @exception EBaseException failed to retrieve certificate + */ + public ICertRecord readCertificateRecord(BigInteger serialNo) + throws EBaseException; + + /** + * Sets certificate status update internal + * + * @param requestRepo request repository + * @param interval update interval + * @param listenToCloneModifications enable listening to clone modifications + */ + public void setCertStatusUpdateInterval(IRepository requestRepo, + int interval, + boolean listenToCloneModifications); + + /** + * Updates certificate status now. This is a blocking method. + * + * @exception EBaseException failed to update + */ + public void updateCertStatus() throws EBaseException; + + /** + * Modifies certificate record. + * + * @param serialNo serial number of record + * @param mods modifications + * @exception EBaseException failed to modify + */ + public void modifyCertificateRecord(BigInteger serialNo, + ModificationSet mods) throws EBaseException; + + /** + * Checks if the certificate exists in this repository. + * + * @param serialNo serial number of certificate + * @return true if it exists + * @exception EBaseException failed to check + */ + public boolean containsCertificate(BigInteger serialNo) + throws EBaseException; + + /** + * Deletes certificate from this repository. + * + * @param serialNo serial number of certificate + * @exception EBaseException failed to delete + */ + public void deleteCertificateRecord(BigInteger serialNo) + throws EBaseException; + + /** + * Marks certificate as revoked. + * + * @param id serial number + * @param info revocation information + * @exception EBaseException failed to mark + */ + public void markAsRevoked(BigInteger id, IRevocationInfo info) + throws EBaseException; + + /** + * Updates certificate status. + * + * @param id serial number + * @param status certificate status + * @exception EBaseException failed to update status + */ + public void updateStatus(BigInteger id, String status) + throws EBaseException; + + /** + * Marks certificate as renewable. + * + * @param record certificate record to modify + * @exception EBaseException failed to update + */ + public void markCertificateAsRenewable(ICertRecord record) + throws EBaseException; + + /** + * Marks certificate as not renewable. + * + * @param record certificate record to modify + * @exception EBaseException failed to update + */ + public void markCertificateAsNotRenewable(ICertRecord record) + throws EBaseException; + + /** + * Marks certificate as renewed. + * + * @param serialNo certificate record to modify + * @exception EBaseException failed to update + */ + public void markCertificateAsRenewed(String serialNo) + throws EBaseException; + + /** + * Marks certificate as renewed and notified. + * + * @param serialNo certificate record to modify + * @exception EBaseException failed to update + */ + public void markCertificateAsRenewalNotified(String serialNo) + throws EBaseException; + + /** + * Finds a list of certificate records that satisifies + * the filter. + * Here is a list of filter + * attribute can be used: + * <pre> + * certRecordId + * certMetaInfo + * certStatus + * certCreateTime + * certModifyTime + * x509Cert.notBefore + * x509Cert.notAfter + * x509Cert.subject + * </pre> + * The filter should follow RFC1558 LDAP filter syntax. + * For example, + * <pre> + * (&(certRecordId=5)(x509Cert.notBefore=934398398)) + * </pre> + * + * @param filter search filter + * @param maxSize max size to return + * @return a list of certificates + * @exception EBaseException failed to search + */ + public Enumeration searchCertificates(String filter, int maxSize) + throws EBaseException; + + /** + * Finds a list of certificate records that satisifies + * the filter. + * + * @param filter search filter + * @param maxSize max size to return + * @param timeLimit timeout value + * @return a list of certificates + * @exception EBaseException failed to search + */ + public Enumeration searchCertificates(String filter, int maxSize, + int timeLimit) throws EBaseException; + + /** + * Finds a list of certificate records that satisifies + * the filter. + * + * @param filter search filter + * @param attrs selected attribute + * @param pageSize page size + * @return a list of certificates + * @exception EBaseException failed to search + */ + public ICertRecordList findCertRecordsInList(String filter, + String attrs[], int pageSize) throws EBaseException; + + /** + * Finds a list of certificate records that satisifies + * the filter. + * + * @param filter search filter + * @param attrs selected attribute + * @param sortKey key to use for sorting the returned elements + * @param pageSize page size + * @return a list of certificates + * @exception EBaseException failed to search + */ + public ICertRecordList findCertRecordsInList(String filter, + String attrs[], String sortKey, int pageSize) + throws EBaseException; + + /** + * Finds a list of certificate records that satisifies + * the filter. + * + * @param filter search filter + * @param attrs selected attribute + * @param jumpTo jump to index + * @param sortKey key to use for sorting the returned elements + * @param pageSize page size + * @return a list of certificates + * @exception EBaseException failed to search + */ + public ICertRecordList findCertRecordsInList(String filter, + String attrs[], String jumpTo, String sortKey, int pageSize) + throws EBaseException; + + public ICertRecordList findCertRecordsInList(String filter, + String attrs[], String jumpTo, boolean hardJumpTo, String sortKey, int pageSize) + throws EBaseException; + + /** + * Finds a list of certificate records that satisifies + * the filter. + * + * @param filter search filter + * @param attrs selected attribute + * @param jumpTo jump to index + * @param sortKey key to use for sorting the returned elements + * @param pageSize page size + * @return a list of certificates + * @exception EBaseException failed to search + */ + public ICertRecordList findCertRecordsInListRawJumpto(String filter, + String attrs[], String jumpTo, String sortKey, int pageSize) + throws EBaseException; + + public static final int ALL_CERTS = 0; + public static final int ALL_VALID_CERTS = 1; + public static final int ALL_UNREVOKED_CERTS = 2; + + /** + * Gets all valid and unexpired certificates pertaining + * to a subject DN. + * + * @param subjectDN The distinguished name of the subject. + * @param validityType The type of certificatese to retrieve. + * @return An array of certificates. + * @throws EBaseException on error. + */ + public X509CertImpl[] getX509Certificates(String subjectDN, + int validityType) throws EBaseException; + + /** + * Retrieves all the revoked certificates that have not expired. + * + * @param asOfDate as of date + * @return a list of revoked certificates + * @exception EBaseException failed to retrieve + */ + public Enumeration getRevokedCertificates(Date asOfDate) + throws EBaseException; + + /** + * Retrieves all revoked certificates including ones that have expired + * or that are not yet valid. + * + * @return a list of revoked certificates + * @exception EBaseException failed to search + */ + public Enumeration getAllRevokedCertificates() + throws EBaseException; + + /** + * Retrieves all revoked but not expired certificates. + * + * @return a list of revoked certificates + * @exception EBaseException failed to search + */ + public Enumeration getAllRevokedNonExpiredCertificates() + throws EBaseException; + + /** + * Finds all certificates given a filter. + * + * @param filter search filter + * @return a list of certificates + * @exception EBaseException failed to search + */ + public Enumeration findCertificates(String filter) + throws EBaseException; + + /** + * Finds all certificate records given a filter. + * + * @param filter search filter + * @return a list of certificates + * @exception EBaseException failed to search + */ + public Enumeration findCertRecords(String filter) + throws EBaseException; + + /** + * Gets Revoked certs orderes by noAfter date, jumps to records + * where notAfter date is greater than current. + * + * @param date reference date + * @param pageSize page size + * @return a list of certificate records + * @exception EBaseException failed to retrieve + */ + public ICertRecordList getRevokedCertsByNotAfterDate(Date date, + int pageSize) throws EBaseException; + + /** + * Gets Invalid certs orderes by noAfter date, jumps to records + * where notAfter date is greater than current. + * + * @param date reference date + * @param pageSize page size + * @return a list of certificate records + * @exception EBaseException failed to retrieve + */ + public ICertRecordList getInvalidCertsByNotBeforeDate(Date date, + int pageSize) throws EBaseException; + + /** + * Gets valid certs orderes by noAfter date, jumps to records + * where notAfter date is greater than current. + * + * @param date reference date + * @param pageSize page size + * @return a list of certificate records + * @exception EBaseException failed to retrieve + */ + public ICertRecordList getValidCertsByNotAfterDate(Date date, + int pageSize) throws EBaseException; + + /** + * Creates certificate record. + * + * @param id serial number + * @param cert certificate + * @param meta meta information + * @return certificate record + */ + public ICertRecord createCertRecord(BigInteger id, + Certificate cert, MetaInfo meta); + + /** + * Finds certificate records. + * + * @param filter search filter + * @return a list of certificate records + * @exception EBaseException failed to retrieve cert records + */ + public Enumeration findCertRecs(String filter) + throws EBaseException; + + /** + * Retrieves renewable certificates. + * + * @param renewalTime renewal time + * @return certificates + * @exception EBaseException failed to retrieve + */ + public Hashtable getRenewableCertificates(String renewalTime) + throws EBaseException; + + /** + * Unmark a revoked certificates. + * + * @param id serial number + * @param info revocation information + * @param revokedOn revocation date + * @param revokedBy userid + * @exception EBaseException failed to unmark + */ + public void unmarkRevoked(BigInteger id, IRevocationInfo info, + Date revokedOn, String revokedBy) + throws EBaseException; + + /** + * Retrieves valid and not published certificates. + * + * @param from starting serial number + * @param to ending serial number + * @return a list of certificates + * @exception EBaseException failed to retrieve + */ + public Enumeration getValidNotPublishedCertificates(String from, String to) + throws EBaseException; + + /** + * Retrieves expired and published certificates. + * + * @param from starting serial number + * @param to ending serial number + * @return a list of certificates + * @exception EBaseException failed to retrieve + */ + public Enumeration getExpiredPublishedCertificates(String from, String to) + throws EBaseException; + + /** + * Retrieves revoked and published certificates. + * + * @param from starting serial number + * @param to ending serial number + * @return a list of certificates + * @exception EBaseException failed to retrieve + */ + public Enumeration getRevokedPublishedCertificates(String from, String to) + throws EBaseException; + + /** + * Retrieves valid certificates. + * + * @param from starting serial number + * @param to ending serial number + * @return a list of certificates + * @exception EBaseException failed to retrieve + */ + public Enumeration getValidCertificates(String from, String to) + throws EBaseException; + + /** + * Retrieves expired certificates. + * + * @param from starting serial number + * @param to ending serial number + * @return a list of certificates + * @exception EBaseException failed to retrieve + */ + public Enumeration getExpiredCertificates(String from, String to) + throws EBaseException; + + /** + * Retrieves revoked certificates. + * + * @param from starting serial number + * @param to ending serial number + * @return a list of certificates + * @exception EBaseException failed to retrieve + */ + public Enumeration getRevokedCertificates(String from, String to) + throws EBaseException; + + /** + * Retrieves modified certificate records. + * + * @param entry LDAPEntry with modified data + */ + public void getModifications(LDAPEntry entry); + + /** + * Removes certificate records with this repository. + * + * @param beginS BigInteger with radix 16 + * @param endS BigInteger with radix 16 + */ + public void removeCertRecords(BigInteger beginS, BigInteger endS) throws EBaseException; + + public void shutdown(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/IRevocationInfo.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/IRevocationInfo.java new file mode 100644 index 000000000..15e396943 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/IRevocationInfo.java @@ -0,0 +1,54 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.certdb; + + +import java.util.*; +import java.io.*; +import java.math.*; +import java.security.cert.*; +import netscape.security.x509.*; +import netscape.security.util.*; +import netscape.security.pkcs.*; +import com.netscape.certsrv.base.*; + + +/** + * A class represents a certificate revocation info. This + * object is written as an attribute of certificate record + * which essentially signifies a revocation act. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IRevocationInfo { + + /** + * Retrieves revocation date. + * + * @return revocation date + */ + public Date getRevocationDate(); + + /** + * Retrieves CRL entry extensions. + * + * @return CRL entry extensions + */ + public CRLExtensions getCRLEntryExtensions(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLIssuingPointRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLIssuingPointRecord.java new file mode 100644 index 000000000..f0d98fd59 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLIssuingPointRecord.java @@ -0,0 +1,165 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.crldb; + + +import java.util.*; +import java.math.*; +import java.io.*; +import java.security.cert.*; +import netscape.ldap.*; +import netscape.security.x509.*; +import netscape.security.util.*; +import netscape.security.pkcs.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; + + +/** + * An interface that defines abilities of + * a CRL issuing point record. + * + * @version $Revision$, $Date$ + */ +public interface ICRLIssuingPointRecord extends IDBObj { + + public static final String ATTR_ID = "id"; + public static final String ATTR_CRL_NUMBER = "crlNumber"; + public static final String ATTR_DELTA_NUMBER = "deltaNumber"; + public static final String ATTR_CRL_SIZE = "crlSize"; + public static final String ATTR_DELTA_SIZE = "deltaSize"; + public static final String ATTR_THIS_UPDATE = "thisUpdate"; + public static final String ATTR_NEXT_UPDATE = "nextUpdate"; + public static final String ATTR_FIRST_UNSAVED = "firstUnsaved"; + public static final String ATTR_CRL = "certificaterevocationlist"; + public static final String ATTR_CRL_CACHE = "crlCache"; + public static final String ATTR_CA_CERT = "cACertificate"; + public static final String ATTR_REVOKED_CERTS = "revokedCerts"; + public static final String ATTR_UNREVOKED_CERTS = "unrevokedCerts"; + public static final String ATTR_EXPIRED_CERTS = "expiredCerts"; + public static final String ATTR_DELTA_CRL = "deltaRevocationList"; + + public static final String CLEAN_CACHE = "-1"; + public static final String NEW_CACHE = "-2"; + + /** + * Retrieve unique CRL identifier. + * + * @return unique CRL identifier + */ + public String getId(); + + /** + * Retrieves current CRL number out of CRL issuing point record. + * + * @return current CRL number + */ + public BigInteger getCRLNumber(); + + /** + * Retrieves CRL size measured by the number of entries. + * + * @return CRL size + */ + public Long getCRLSize(); + + /** + * Retrieves this update time. + * + * @return time of this update + */ + public Date getThisUpdate(); + + /** + * Retrieves next update time. + * + * @return time of next update + */ + public Date getNextUpdate(); + + /** + * Retrieves current delta CRL number out of CRL issuing point record. + * + * @return current delta CRL number + */ + public BigInteger getDeltaCRLNumber(); + + /** + * Retrieves delta CRL size measured by the number of entries. + * + * @return delta CRL size + */ + public Long getDeltaCRLSize(); + + /** + * Retrieve Retrieve reference to the first unsaved data. + * + * @return reference to the first unsaved data + */ + public String getFirstUnsaved(); + + /** + * Retrieves encoded CRL. + * + * @return encoded CRL + */ + public byte[] getCRL(); + + /** + * Retrieves encoded delta CRL. + * + * @return encoded delta CRL + */ + public byte[] getDeltaCRL(); + + /** + * Retrieves encoded CA certificate. + * + * @return encoded CA certificate + */ + public byte[] getCACert(); + + /** + * Retrieves cache information about CRL. + * + * @return list of recently revoked certificates + */ + public Hashtable getCRLCacheNoClone(); + public Hashtable getCRLCache(); + + /** + * Retrieves cache information about revoked certificates. + * + * @return list of recently revoked certificates + */ + public Hashtable getRevokedCerts(); + + /** + * Retrieves cache information about certificates released from hold. + * + * @return list of certificates recently released from hold + */ + public Hashtable getUnrevokedCerts(); + + /** + * Retrieves cache information about expired certificates. + * + * @return list of recently expired certificates + */ + public Hashtable getExpiredCerts(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLRepository.java new file mode 100644 index 000000000..ffac9b37b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLRepository.java @@ -0,0 +1,183 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.crldb; + + +import java.math.*; +import java.util.*; +import java.io.*; +import java.security.*; +import java.security.cert.*; +import netscape.security.x509.*; +import netscape.ldap.*; +import com.netscape.certsrv.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; +import com.netscape.certsrv.dbs.repository.*; + + +/** + * An interface represents a CMS CRL repository. It stores + * all the CRL issuing points. + * + * @version $Revision$, $Date$ + */ +public interface ICRLRepository { + + /** + * Adds CRL issuing point record. + * + * @param rec issuing point record + * @exception EBaseException failed to add new issuing point record + */ + public void addCRLIssuingPointRecord(ICRLIssuingPointRecord rec) + throws EBaseException; + + /** + * Retrieves all the issuing points' names. + * + * @return A list of issuing points' names. + * @exception EBaseException failed to retrieve all the issuing points' names. + */ + public Vector getIssuingPointsNames() throws EBaseException; + + /** + * Reads issuing point record. + * + * @return issuing point record + * @exception EBaseException failed to read issuing point record + */ + public ICRLIssuingPointRecord readCRLIssuingPointRecord(String id) + throws EBaseException; + + /** + * Deletes issuing point record. + * + * @param id issuing point record id + * @exception EBaseException failed to delete issuing point record + */ + public void deleteCRLIssuingPointRecord(String id) + throws EBaseException; + + /** + * Modifies issuing point record. + * + * @param id issuing point record id + * @param mods set of modifications + * @exception EBaseException failed to modify issuing point record + */ + public void modifyCRLIssuingPointRecord(String id, ModificationSet mods) + throws EBaseException; + + /** + * Updates CRL issuing point record. + * + * @param id issuing point record id + * @param newCRL encoded binary CRL + * @param thisUpdate time of this update + * @param nextUpdate time of next update + * @param crlNumber CRL number + * @param crlSize CRL size + * @exception EBaseException failed to update issuing point record + */ + public void updateCRLIssuingPointRecord(String id, byte[] newCRL, + Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize) + throws EBaseException; + + /** + * Updates CRL issuing point record. + * + * @param id issuing point record id + * @param newCRL encoded binary CRL + * @param thisUpdate time of this update + * @param nextUpdate time of next update + * @param crlNumber CRL number + * @param crlSize CRL size + * @param revokedCerts list of revoked certificates + * @param unrevokedCerts list of released from hold certificates + * @param expiredCerts list of expired certificates + * @exception EBaseException failed to update issuing point record + */ + public void updateCRLIssuingPointRecord(String id, byte[] newCRL, + Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize, + Hashtable revokedCerts, Hashtable unrevokedCerts, Hashtable expiredCerts) + throws EBaseException; + + /** + * Updates CRL issuing point record. + * + * @param id issuing point record id + * @param revokedCerts list of revoked certificates + * @param unrevokedCerts list of released from hold certificates + * @exception EBaseException failed to update issuing point record + */ + public void updateRevokedCerts(String id, Hashtable revokedCerts, Hashtable unrevokedCerts) + throws EBaseException; + + /** + * Updates CRL issuing point record. + * + * @param id issuing point record id + * @param expiredCerts list of expired certificates + * @exception EBaseException failed to update issuing point record + */ + public void updateExpiredCerts(String id, Hashtable expiredCerts) + throws EBaseException; + + /** + * Updates CRL issuing point record. + * + * @param id issuing point record id + * @param crlSize CRL size + * @param revokedCerts list of revoked certificates + * @param unrevokedCerts list of released from hold certificates + * @param expiredCerts list of expired certificates + * @exception EBaseException failed to update issuing point record + */ + public void updateCRLCache(String id, Long crlSize, + Hashtable revokedCerts, + Hashtable unrevokedCerts, + Hashtable expiredCerts) + throws EBaseException; + + /** + * Updates CRL issuing point record with delta-CRL. + * + * @param id issuing point record id + * @param deltaCRLNumber delta CRL number + * @param deltaCRLSize delta CRL size + * @param nextUpdate time of next update + * @param deltaCRL delta CRL in binary form + * @exception EBaseException failed to update issuing point record + */ + public void updateDeltaCRL(String id, BigInteger deltaCRLNumber, + Long deltaCRLSize, Date nextUpdate, + byte[] deltaCRL) + throws EBaseException; + + /** + * Updates CRL issuing point record with reference to the first + * unsaved data. + * + * @param id issuing point record id + * @param firstUnsaved reference to the first unsaved data + * @exception EBaseException failed to update issuing point record + */ + public void updateFirstUnsaved(String id, String firstUnsaved) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java new file mode 100644 index 000000000..f795ff9a6 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java @@ -0,0 +1,125 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.keydb; + + +import java.util.*; +import java.math.*; +import com.netscape.certsrv.base.*; + + +/** + * An interface contains constants for key record. + * + * @version $Revision$, $Date$ + */ +public interface IKeyRecord { + public static final String ATTR_ID = "keySerialNumber"; + public static final String ATTR_STATE = "keyState"; + public static final String ATTR_ALGORITHM = "algorithm"; + public static final String ATTR_KEY_SIZE = "keySize"; + public static final String ATTR_OWNER_NAME = "keyOwnerName"; + public static final String ATTR_PRIVATE_KEY_DATA = "privateKey"; + public static final String ATTR_PUBLIC_KEY_DATA = "publicKey"; + public static final String ATTR_DATE_OF_RECOVERY = "dateOfRecovery"; + public static final String ATTR_CREATE_TIME = "keyCreateTime"; + public static final String ATTR_MODIFY_TIME = "keyModifyTime"; + public static final String ATTR_META_INFO = "keyMetaInfo"; + public static final String ATTR_ARCHIVED_BY = "keyArchivedBy"; + + // key state + public static final String STATUS_ANY = "ANY"; + public static final String STATUS_VALID = "VALID"; + public static final String STATUS_INVALID = "INVALID"; + + /** + * Retrieves the state of the key. + * + * @return key state + * @exception EBaseException failed to retrieve state of the key + */ + public KeyState getState() throws EBaseException; + + /** + * Retrieves key identifier. + * + * @return key id + * @exception EBaseException failed to retrieve key id + */ + public BigInteger getSerialNumber() throws EBaseException; + + /** + * Retrieves key owner name. + * + * @return key owner name + * @exception EBaseException failed to retrieve key owner name + */ + public String getOwnerName() throws EBaseException; + + /** + * Retrieves key algorithm. + * + * @return key algorithm + */ + public String getAlgorithm(); + + /** + * Retrieves key length. + * + * @return key length + * @exception EBaseException failed to retrieve key length + */ + public Integer getKeySize() throws EBaseException; + + /** + * Retrieves archiver identifier. + * + * @return archiver uid + */ + public String getArchivedBy(); + + /** + * Retrieves creation time. + * + * @return creation time + */ + public Date getCreateTime(); + + /** + * Retrieves last modification time. + * + * @return modification time + */ + public Date getModifyTime(); + + /** + * Retrieves dates of recovery. + * + * @return recovery history + * @exception EBaseException failed to retrieve recovery history + */ + public Date[] getDateOfRevocation() throws EBaseException; + + /** + * Retrieves public key data. + * + * @return public key data + * @exception EBaseException failed to retrieve public key data + */ + public byte[] getPublicKeyData() throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecordList.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecordList.java new file mode 100644 index 000000000..aced5cc1f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecordList.java @@ -0,0 +1,54 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.keydb; + + +import java.util.*; +import java.io.*; +import java.math.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; +import com.netscape.certsrv.dbs.repository.*; + + +/** + * A class represents a list of key records. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IKeyRecordList { + + /** + * Retrieves the size of key list. + * + * @return size of key list + */ + public int getSize(); + + /** + * Retrieves key records. + * + * @param startidx start index + * @param endidx end index + * @return key records + * @exception EBaseException failed to retrieve key records + */ + public Enumeration getKeyRecords(int startidx, int endidx) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRepository.java new file mode 100644 index 000000000..324a7df17 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRepository.java @@ -0,0 +1,177 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.keydb; + + +import java.math.*; +import java.io.*; +import java.util.*; +import java.security.*; +import java.security.cert.*; +import netscape.security.x509.*; +import netscape.ldap.*; +import com.netscape.certsrv.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; +import com.netscape.certsrv.dbs.repository.*; + + +/** + * An interface represents a Key repository. This is the + * container of archived keys. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IKeyRepository extends IRepository { + + /** + * Archives a key to the repository. + * <P> + * + * @param record key record + * @exception EBaseException failed to archive key + */ + public void addKeyRecord(IKeyRecord record) throws EBaseException; + + /** + * Reads an archived key by serial number. + * <P> + * + * @param serialNo serial number + * @return key record + * @exception EBaseException failed to recover key + */ + public IKeyRecord readKeyRecord(BigInteger serialNo) + throws EBaseException; + + /** + * Reads an archived key by b64 encoded cert. + * <P> + * + * @param cert b64 encoded cert + * @return key record + * @exception EBaseException failed to recover key + */ + public IKeyRecord readKeyRecord(String cert) + throws EBaseException; + + /** + * Reads an archived key by owner name. + * <P> + * + * @param ownerName owner name + * @return key record + * @exception EBaseException failed to recover key + */ + public IKeyRecord readKeyRecord(X500Name ownerName) + throws EBaseException; + + /** + * Reads archived key using public key. + * + * @param publicKey public key that is corresponding + * to the private key + * @return key record + * @exception EBaseException failed to read key + */ + public IKeyRecord readKeyRecord(PublicKey publicKey) + throws EBaseException; + + /** + * Searches for private keys. + * + * @param filter LDAP filter for the search + * @param maxSize maximium number of entries to be returned + * @return a list of private key records + * @exception EBaseException failed to search keys + */ + public Enumeration searchKeys(String filter, int maxSize) + throws EBaseException; + + /** + * Searches for private keys. + * + * @param filter LDAP filter for the search + * @param maxSize maximium number of entries to be returned + * @param timeLimt timeout value + * @return a list of private key records + * @exception EBaseException failed to search keys + */ + public Enumeration searchKeys(String filter, int maxSize, int timeLimt) + throws EBaseException; + + /** + * Deletes a key record. + * + * @param serialno key identifier + * @exception EBaseException failed to delete key record + */ + public void deleteKeyRecord(BigInteger serialno) + throws EBaseException; + + /** + * Modifies key record in this repository. + * + * @param serialNo key identifier + * @param mods modification of key records + * @exception EBaseException failed to modify key record + */ + public void modifyKeyRecord(BigInteger serialNo, + ModificationSet mods) throws EBaseException; + + /** + * Searchs for a list of key records. + * Here is a list of supported filter attributes: + * <pre> + * keySerialNumber + * keyState + * algorithm + * keySize + * keyOwnerName + * privateKey + * publicKey + * dateOfRecovery + * keyCreateTime + * keyModifyTime + * keyMetaInfo + * </pre> + * + * @param filter search filter + * @param attrs list of attributes to be returned + * @param pageSize virtual list page size + * @return list of key records + * @exception EBaseException failed to search key records + */ + public IKeyRecordList findKeyRecordsInList(String filter, + String attrs[], int pageSize) throws EBaseException; + + /** + * Searchs for a list of key records. + * + * @param filter search filter + * @param attrs list of attributes to be returned + * @param sortKey name of attribute that the list should be sorted by + * @param pageSize virtual list page size + * @return list of key records + * @exception EBaseException failed to search key records + */ + public IKeyRecordList findKeyRecordsInList(String filter, + String attrs[], String sortKey, int pageSize) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/KeyState.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/KeyState.java new file mode 100644 index 000000000..a6b7fa031 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/KeyState.java @@ -0,0 +1,102 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.keydb; + + +import java.util.*; +import java.io.*; +import netscape.security.x509.*; +import com.netscape.certsrv.base.*; + + +/** + * A class represents key state. This object is to + * encapsulate the life cycle of a key. + * <P> + * + * @version $Revision$, $Date$ + */ +public final class KeyState implements Serializable { + + private int mStateCode; + + /** + * Constructs a key state. + */ + private KeyState(int code) { + mStateCode = code; + } + + /** + * Request state. + */ + public final static KeyState ANY = new KeyState(-1); + public final static KeyState VALID = new KeyState(0); + public final static KeyState INVALID = new KeyState(1); + + /** + * Checks if the given object equals to this object. + * + * @param other object to be compared + * @return true if both objects are the same + */ + public boolean equals(Object other) { + if (this == other) + return true; + else if (other instanceof KeyState) + return ((KeyState) other).mStateCode == mStateCode; + else + return false; + } + + /** + * Returns the hash code. + * + * @return hash code + */ + public int hashCode() { + return mStateCode; + } + + /** + * Return the string-representation of this object. + * + * @return string value + */ + public String toString() { + if (mStateCode == -1) return "ANY"; + if (mStateCode == 0) return "VALID"; + if (mStateCode == 1) return "INVAILD"; + return "[UNDEFINED]"; + + } + + /** + * Converts a string into a key state object. + * + * @param state state in string-representation + * @return key state object + */ + public static KeyState toKeyState(String state) { + if (state.equalsIgnoreCase("ANY")) return ANY; + if (state.equalsIgnoreCase("VALID")) return VALID; + if (state.equalsIgnoreCase("INVALID")) return INVALID; + return null; + } +} + diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java new file mode 100644 index 000000000..e92d13a16 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.replicadb; + +import com.netscape.certsrv.dbs.*; +import com.netscape.certsrv.dbs.repository.*; + + +/** + * An interface represents a ReplicaID Repository. + * It provides unique managed replica IDs. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IReplicaIDRepository extends IRepository { +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java new file mode 100644 index 000000000..7ee01b3f1 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java @@ -0,0 +1,92 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.repository; + +import java.util.*; +import java.io.*; +import java.math.*; +import netscape.ldap.*; +import netscape.security.x509.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; + +/** + * An interface represents a generic repository. It maintains unique + * serial number within repository. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IRepository { + + /** + * Retrieves the next serial number, and also increase the + * serial number by one. + * + * @return serial number + * @exception EBaseException failed to retrieve next serial number + */ + public BigInteger getNextSerialNumber() throws EBaseException; + + /** + * Resets serial number. + */ + public void resetSerialNumber(BigInteger serial) throws EBaseException; + + /** + * Retrieves the next serial number without increasing the serial number. + * + * @return serial number + * @exception EBaseException failed to retrieve next serial number + */ + public BigInteger getTheSerialNumber() throws EBaseException; + + /** + * Set the maximum serial number. + * + * @param serial maximum number + * @exception EBaseException failed to set maximum serial number + */ + public void setMaxSerial (String serial) throws EBaseException; + + /** + * Set the maximum serial number in next range. + * + * @param serial maximum number + * @exception EBaseException failed to set maximum serial number in next range + */ + public void setNextMaxSerial(String serial) throws EBaseException; + + /** + * Checks to see if a new range is needed, or if we have reached the end of the + * current range, or if a range conflict has occurred. + * + * @exception EBaseException failed to check next range for conflicts + */ + public void checkRanges() throws EBaseException; + + /** + * Sets whether serial number management is enabled for certs + * and requests. + * + * @param value true/false + * @exception EBaseException failed to set + */ + public void setEnableSerialMgmt(boolean value) throws EBaseException; + +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java new file mode 100644 index 000000000..5e6db669f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java @@ -0,0 +1,49 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.repository; + +import java.util.*; +import java.io.*; +import java.math.*; +import netscape.ldap.*; +import netscape.security.x509.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.dbs.*; + +/** + * An interface represents a generic repository record. + * It maintains unique serial number within repository. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IRepositoryRecord extends IDBObj { + + public final static String ATTR_SERIALNO = "serialNo"; + public final static String ATTR_PUB_STATUS = "publishingStatus"; + + /** + * Retrieves serial number. + * + * @return serial number + */ + public BigInteger getSerialNumber(); + + public String getPublishingStatus(); +} |