summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java')
-rw-r--r--pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java462
1 files changed, 462 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java
new file mode 100644
index 000000000..2e4c0a9ee
--- /dev/null
+++ b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java
@@ -0,0 +1,462 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.security;
+
+
+import org.mozilla.jss.crypto.*;
+import org.mozilla.jss.*;
+import org.mozilla.jss.CryptoManager.*;
+import java.io.*;
+import java.security.*;
+import java.util.*;
+import java.security.*;
+import java.security.cert.*;
+import netscape.security.x509.*;
+import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.common.*;
+
+
+/**
+ * This interface represents the cryptographics subsystem
+ * that provides all the security related functions.
+ *
+ * @version $Revision$, $Date$
+ */
+public interface ICryptoSubsystem extends ISubsystem {
+
+ public static final String ID = "jss";
+
+ /**
+ * Retrieves a list of nicknames of certificates that are
+ * in the installed tokens.
+ *
+ * @return a list of comma-separated nicknames
+ * @exception EBaseException failed to retrieve nicknames
+ */
+ public String getAllCerts() throws EBaseException;
+
+ /**
+ * Retrieves certificate in pretty-print format by the nickname.
+ *
+ * @param nickname nickname of certificate
+ * @param date not after of the returned certificate must be date
+ * @param locale user locale
+ * @return certificate in pretty-print format
+ * @exception EBaseException failed to retrieve certificate
+ */
+ public String getCertPrettyPrint(String nickname, String date,
+ Locale locale) throws EBaseException;
+ public String getRootCertTrustBit(String nickname, String serialno,
+ String issuerName) throws EBaseException;
+ public String getCertPrettyPrint(String nickname, String serialno,
+ String issuername, Locale locale) throws EBaseException;
+ public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno,
+ String issuername, Locale locale) throws EBaseException;
+
+ /**
+ * Retrieves the certificate in the pretty print format.
+ *
+ * @param b64E certificate in mime-64 encoded format
+ * @param locale end user locale
+ * @return certificate in pretty-print format
+ * @exception EBaseException failed to retrieve certificate
+ */
+ public String getCertPrettyPrint(String b64E, Locale locale)
+ throws EBaseException;
+
+ /**
+ * Imports certificate into the server.
+ *
+ * @param b64E certificate in mime-64 encoded format
+ * @param nickname nickname for the importing certificate
+ * @param certType certificate type
+ * @exception EBaseException failed to import certificate
+ */
+ public void importCert(String b64E, String nickname, String certType)
+ throws EBaseException;
+
+ /**
+ * Imports certificate into the server.
+ *
+ * @param signedCert certificate
+ * @param nickname nickname for the importing certificate
+ * @param certType certificate type
+ * @exception EBaseException failed to import certificate
+ */
+ public void importCert(X509CertImpl signedCert, String nickname,
+ String certType) throws EBaseException;
+
+ /**
+ * Generates a key pair based on the given parameters.
+ *
+ * @param properties key parameters
+ * @return key pair
+ * @exception EBaseException failed to generate key pair
+ */
+ public KeyPair getKeyPair(KeyCertData properties) throws EBaseException;
+
+ /**
+ * Retrieves the key pair based on the given nickname.
+ *
+ * @param nickname nickname of the public key
+ * @exception EBaseException failed to retrieve key pair
+ */
+ public KeyPair getKeyPair(String nickname) throws EBaseException;
+
+ /**
+ * Generates a key pair based on the given parameters.
+ *
+ * @param tokenName name of token where key is generated
+ * @param alg key algorithm
+ * @param keySize key size
+ * @return key pair
+ * @exception EBaseException failed to generate key pair
+ */
+ public KeyPair getKeyPair(String tokenName, String alg,
+ int keySize) throws EBaseException;
+
+ /**
+ * Generates a key pair based on the given parameters.
+ *
+ * @param tokenName name of token where key is generated
+ * @param alg key algorithm
+ * @param keySize key size
+ * @param pqg pqg parameters if DSA key, otherwise null
+ * @return key pair
+ * @exception EBaseException failed to generate key pair
+ */
+ public KeyPair getKeyPair(String tokenName, String alg,
+ int keySize, PQGParams pqg) throws EBaseException;
+
+ /**
+ * Generates an ECC key pair based on the given parameters.
+ *
+ * @param properties key parameters
+ * @return key pair
+ * @exception EBaseException failed to generate key pair
+ */
+ public KeyPair getECCKeyPair(KeyCertData properties) throws EBaseException;
+
+ /**
+ * Generates an ECC key pair based on the given parameters.
+ *
+ * @param token token name
+ * @param curveName curve name
+ * @param certType type of cert(sslserver etc..)
+ * @return key pair
+ * @exception EBaseException failed to generate key pair
+ */
+ public KeyPair getECCKeyPair(String token, String curveName, String certType) throws EBaseException;
+
+ /**
+ * Retrieves the signature algorithm of the certificate named
+ * by the given nickname.
+ *
+ * @param nickname nickname of the certificate
+ * @return signature algorithm
+ * @exception EBaseException failed to retrieve signature
+ */
+ public String getSignatureAlgorithm(String nickname) throws EBaseException;
+
+ /**
+ * Checks if the given dn is a valid distinguished name.
+ *
+ * @param dn distinguished name
+ * @exception EBaseException failed to check
+ */
+ public void isX500DN(String dn) throws EBaseException;
+
+ /**
+ * Retrieves CA's signing algorithm id. If it is DSA algorithm,
+ * algorithm is constructed by reading the parameters
+ * ca.dsaP, ca.dsaQ, ca.dsaG.
+ *
+ * @param algname DSA or RSA
+ * @param store configuration store.
+ * @return algorithm id
+ * @exception EBaseException failed to retrieve algorithm id
+ */
+ public AlgorithmId getAlgorithmId(String algname, IConfigStore store) throws EBaseException;
+
+ /**
+ * Retrieves subject name of the certificate that is identified by
+ * the given nickname.
+ *
+ * @param tokenname name of token where the nickname is valid
+ * @param nickname nickname of the certificate
+ * @return subject name
+ * @exception EBaseException failed to get subject name
+ */
+ public String getCertSubjectName(String tokenname, String nickname)
+ throws EBaseException;
+
+ /**
+ * Retrieves extensions of the certificate that is identified by
+ * the given nickname.
+ *
+ * @param tokenname name of token where the nickname is valid
+ * @param nickname nickname of the certificate
+ * @return certificate extensions
+ * @exception EBaseException failed to get extensions
+ */
+ public CertificateExtensions getExtensions(String tokenname, String nickname
+ )
+ throws EBaseException;
+
+ /**
+ * Deletes certificate of the given nickname.
+ *
+ * @param nickname nickname of the certificate
+ * @param pathname path where a copy of the deleted certificate is stored
+ * @exception EBaseException failed to delete certificate
+ */
+ public void deleteTokenCertificate(String nickname, String pathname)
+ throws EBaseException;
+
+ /**
+ * Delete certificate of the given nickname.
+ *
+ * @param nickname nickname of the certificate
+ * @param notAfterTime The notAfter of the certificate. It
+ * is possible to ge t multiple certificates under
+ * the same nickname. If one of the certificates match
+ * the notAfterTime, then the certificate will get
+ * deleted. The format of the notAfterTime has to be
+ * in "MMMMM dd, yyyy HH:mm:ss" format.
+ * @exception EBaseException failed to delete certificate
+ */
+ public void deleteCert(String nickname, String notAfterTime)
+ throws EBaseException;
+
+ /**
+ * Retrieves the subject DN of the certificate identified by
+ * the nickname.
+ *
+ * @param nickname nickname of the certificate
+ * @return subject distinguished name
+ * @exception EBaseException failed to retrieve subject DN
+ */
+ public String getSubjectDN(String nickname) throws EBaseException;
+
+ /**
+ * Trusts a certificate for all available purposes.
+ *
+ * @param nickname nickname of the certificate
+ * @param date certificate's not before
+ * @param trust "Trust" or other
+ * @exception EBaseException failed to trust certificate
+ */
+ public void trustCert(String nickname, String date, String trust)
+ throws EBaseException;
+
+ /**
+ * Checks if the given base-64 encoded string contains an extension
+ * or a sequence of extensions.
+ *
+ * @param ext extension or sequence of extension encoded in base-64
+ * @exception EBaseException failed to check encoding
+ */
+ public void checkCertificateExt(String ext) throws EBaseException;
+
+ /**
+ * Gets all certificates on all tokens for Certificate Database Management.
+ *
+ * @return all certificates
+ * @exception EBaseException failed to retrieve certificates
+ */
+ public NameValuePairs getAllCertsManage() throws EBaseException;
+ public NameValuePairs getUserCerts() throws EBaseException;
+
+ /**
+ * Gets all CA certificates on all tokens.
+ *
+ * @return all CA certificates
+ * @exception EBaseException failed to retrieve certificates
+ */
+ public NameValuePairs getCACerts() throws EBaseException;
+
+ public NameValuePairs getRootCerts() throws EBaseException;
+
+ public void setRootCertTrust(String nickname, String serialno,
+ String issuername, String trust) throws EBaseException;
+
+ public void deleteRootCert(String nickname, String serialno,
+ String issuername) throws EBaseException;
+
+ public void deleteUserCert(String nickname, String serialno,
+ String issuername) throws EBaseException;
+
+ /**
+ * Retrieves PQG parameters based on key size.
+ *
+ * @param keysize key size
+ * @return pqg parameters
+ */
+ public PQGParams getPQG(int keysize);
+
+ /**
+ * Retrieves PQG parameters based on key size.
+ *
+ * @param keysize key size
+ * @param store configuration store
+ * @return pqg parameters
+ */
+ public PQGParams getCAPQG(int keysize, IConfigStore store)
+ throws EBaseException;
+
+ /**
+ * Retrieves extensions of the certificate that is identified by
+ * the given nickname.
+ *
+ * @param tokenname token name
+ * @param nickname nickname
+ * @return certificate extensions
+ */
+ public CertificateExtensions getCertExtensions(String tokenname, String nickname
+ )
+ throws NotInitializedException, TokenException, ObjectNotFoundException,
+
+ IOException, CertificateException;
+
+ /**
+ * Checks if the given token is logged in.
+ *
+ * @param name token name
+ * @return true if token is logged in
+ * @exception EBaseException failed to login
+ */
+ public boolean isTokenLoggedIn(String name) throws EBaseException;
+
+ /**
+ * Logs into token.
+ *
+ * @param tokenName name of the token
+ * @param pwd token password
+ * @exception EBaseException failed to login
+ */
+ public void loggedInToken(String tokenName, String pwd)
+ throws EBaseException;
+
+ /**
+ * Generates certificate request from the given key pair.
+ *
+ * @param subjectName subject name to use in the request
+ * @param kp key pair that contains public key material
+ * @return certificate request in base-64 encoded format
+ * @exception EBaseException failed to generate request
+ */
+ public String getCertRequest(String subjectName, KeyPair kp)
+ throws EBaseException;
+
+ /**
+ * Checks if fortezza is enabled.
+ *
+ * @return "true" if fortezza is enabled
+ */
+ public String isCipherFortezza() throws EBaseException;
+
+ /**
+ * Retrieves the SSL cipher version.
+ *
+ * @return cipher version (i.e. "cipherdomestic")
+ */
+ public String getCipherVersion() throws EBaseException;
+
+ /**
+ * Retrieves the cipher preferences.
+ *
+ * @return cipher preferences (i.e. "rc4export,rc2export,...")
+ */
+ public String getCipherPreferences() throws EBaseException;
+
+ /**
+ * Sets the current SSL cipher preferences.
+ *
+ * @param cipherPrefs cipher preferences (i.e. "rc4export,rc2export,...")
+ * @exception EBaseException failed to set cipher preferences
+ */
+ public void setCipherPreferences(String cipherPrefs)
+ throws EBaseException;
+
+ /**
+ * Retrieves a list of currently registered token names.
+ *
+ * @return list of token names
+ * @exception EBaseException failed to retrieve token list
+ */
+ public String getTokenList() throws EBaseException;
+
+ /**
+ * Retrieves all certificates. The result list will not
+ * contain the token tag.
+ *
+ * @param name token name
+ * @return list of certificates without token tag
+ * @exception EBaseException failed to retrieve
+ */
+ public String getCertListWithoutTokenName(String name) throws EBaseException;
+
+ /**
+ * Retrieves the token name of the internal (software) token.
+ *
+ * @return the token name
+ * @exception EBaseException failed to retrieve token name
+ */
+ public String getInternalTokenName() throws EBaseException;
+
+ /**
+ * Checks to see if the certificate of the given nickname is a
+ * CA certificate.
+ *
+ * @param fullNickname nickname of the certificate to check
+ * @return true if it is a CA certificate
+ * @exception EBaseException failed to check
+ */
+ public boolean isCACert(String fullNickname) throws EBaseException;
+
+ /**
+ * Adds the specified number of bits of entropy from the system
+ * entropy generator to the RNG of the default PKCS#11 RNG token.
+ * The default token is set using the modutil command.
+ * Note that the system entropy generator (usually /dev/random)
+ * will block until sufficient entropy is collected.
+ *
+ * @param bits number of bits of entropy
+ * @exception org.mozilla.jss.util.NotImplementedException If the Crypto device does not support
+ * adding entropy
+ * @exception TokenException If there was some other problem with the Crypto device
+ * @exception IOException If there was a problem reading from the /dev/random
+ */
+
+ public void addEntropy(int bits)
+ throws org.mozilla.jss.util.NotImplementedException,
+ IOException,
+ TokenException;
+
+ /**
+ * Signs the certificate template into the given data and returns
+ * a signed certificate.
+ *
+ * @param data data that contains certificate template
+ * @param certType certificate type
+ * @param priKey CA signing key
+ * @return certificate
+ * @exception EBaseException failed to sign certificate template
+ */
+ public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey) throws EBaseException;
+}