diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java')
-rw-r--r-- | pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java | 256 |
1 files changed, 129 insertions, 127 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java index ab910b376..0f9fcdf0e 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java +++ b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - import java.io.IOException; import java.security.KeyPair; import java.security.cert.CertificateException; @@ -37,11 +36,10 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.common.NameValuePairs; - /** - * This interface represents the cryptographics subsystem - * that provides all the security related functions. - * + * This interface represents the cryptographics subsystem that provides all the + * security related functions. + * * @version $Revision$, $Date$ */ public interface ICryptoSubsystem extends ISubsystem { @@ -49,9 +47,9 @@ public interface ICryptoSubsystem extends ISubsystem { public static final String ID = "jss"; /** - * Retrieves a list of nicknames of certificates that are - * in the installed tokens. - * + * Retrieves a list of nicknames of certificates that are in the installed + * tokens. + * * @return a list of comma-separated nicknames * @exception EBaseException failed to retrieve nicknames */ @@ -59,58 +57,62 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves certificate in pretty-print format by the nickname. - * + * * @param nickname nickname of certificate * @param date not after of the returned certificate must be date * @param locale user locale * @return certificate in pretty-print format * @exception EBaseException failed to retrieve certificate */ - public String getCertPrettyPrint(String nickname, String date, - Locale locale) throws EBaseException; + public String getCertPrettyPrint(String nickname, String date, Locale locale) + throws EBaseException; + public String getRootCertTrustBit(String nickname, String serialno, - String issuerName) throws EBaseException; - public String getCertPrettyPrint(String nickname, String serialno, - String issuername, Locale locale) throws EBaseException; - public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, - String issuername, Locale locale) throws EBaseException; + String issuerName) throws EBaseException; + + public String getCertPrettyPrint(String nickname, String serialno, + String issuername, Locale locale) throws EBaseException; + + public String getCertPrettyPrintAndFingerPrint(String nickname, + String serialno, String issuername, Locale locale) + throws EBaseException; /** * Retrieves the certificate in the pretty print format. - * + * * @param b64E certificate in mime-64 encoded format * @param locale end user locale * @return certificate in pretty-print format * @exception EBaseException failed to retrieve certificate */ - public String getCertPrettyPrint(String b64E, Locale locale) - throws EBaseException; + public String getCertPrettyPrint(String b64E, Locale locale) + throws EBaseException; /** * Imports certificate into the server. - * + * * @param b64E certificate in mime-64 encoded format * @param nickname nickname for the importing certificate * @param certType certificate type * @exception EBaseException failed to import certificate */ public void importCert(String b64E, String nickname, String certType) - throws EBaseException; + throws EBaseException; /** * Imports certificate into the server. - * + * * @param signedCert certificate * @param nickname nickname for the importing certificate * @param certType certificate type * @exception EBaseException failed to import certificate */ public void importCert(X509CertImpl signedCert, String nickname, - String certType) throws EBaseException; + String certType) throws EBaseException; /** * Generates a key pair based on the given parameters. - * + * * @param properties key parameters * @return key pair * @exception EBaseException failed to generate key pair @@ -119,7 +121,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves the key pair based on the given nickname. - * + * * @param nickname nickname of the public key * @exception EBaseException failed to retrieve key pair */ @@ -127,19 +129,19 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Generates a key pair based on the given parameters. - * + * * @param tokenName name of token where key is generated * @param alg key algorithm * @param keySize key size * @return key pair * @exception EBaseException failed to generate key pair */ - public KeyPair getKeyPair(String tokenName, String alg, - int keySize) throws EBaseException; + public KeyPair getKeyPair(String tokenName, String alg, int keySize) + throws EBaseException; /** * Generates a key pair based on the given parameters. - * + * * @param tokenName name of token where key is generated * @param alg key algorithm * @param keySize key size @@ -147,12 +149,12 @@ public interface ICryptoSubsystem extends ISubsystem { * @return key pair * @exception EBaseException failed to generate key pair */ - public KeyPair getKeyPair(String tokenName, String alg, - int keySize, PQGParams pqg) throws EBaseException; + public KeyPair getKeyPair(String tokenName, String alg, int keySize, + PQGParams pqg) throws EBaseException; /** * Generates an ECC key pair based on the given parameters. - * + * * @param properties key parameters * @return key pair * @exception EBaseException failed to generate key pair @@ -161,99 +163,97 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Generates an ECC key pair based on the given parameters. - * + * * @param token token name * @param curveName curve name * @param certType type of cert(sslserver etc..) * @return key pair * @exception EBaseException failed to generate key pair */ - public KeyPair getECCKeyPair(String token, String curveName, String certType) throws EBaseException; + public KeyPair getECCKeyPair(String token, String curveName, String certType) + throws EBaseException; /** - * Retrieves the signature algorithm of the certificate named - * by the given nickname. - * + * Retrieves the signature algorithm of the certificate named by the given + * nickname. + * * @param nickname nickname of the certificate * @return signature algorithm - * @exception EBaseException failed to retrieve signature + * @exception EBaseException failed to retrieve signature */ public String getSignatureAlgorithm(String nickname) throws EBaseException; /** * Checks if the given dn is a valid distinguished name. - * + * * @param dn distinguished name * @exception EBaseException failed to check */ public void isX500DN(String dn) throws EBaseException; /** - * Retrieves CA's signing algorithm id. If it is DSA algorithm, - * algorithm is constructed by reading the parameters - * ca.dsaP, ca.dsaQ, ca.dsaG. - * + * Retrieves CA's signing algorithm id. If it is DSA algorithm, algorithm is + * constructed by reading the parameters ca.dsaP, ca.dsaQ, ca.dsaG. + * * @param algname DSA or RSA * @param store configuration store. * @return algorithm id * @exception EBaseException failed to retrieve algorithm id */ - public AlgorithmId getAlgorithmId(String algname, IConfigStore store) throws EBaseException; + public AlgorithmId getAlgorithmId(String algname, IConfigStore store) + throws EBaseException; /** - * Retrieves subject name of the certificate that is identified by - * the given nickname. - * + * Retrieves subject name of the certificate that is identified by the given + * nickname. + * * @param tokenname name of token where the nickname is valid * @param nickname nickname of the certificate * @return subject name * @exception EBaseException failed to get subject name */ public String getCertSubjectName(String tokenname, String nickname) - throws EBaseException; + throws EBaseException; /** - * Retrieves extensions of the certificate that is identified by - * the given nickname. - * + * Retrieves extensions of the certificate that is identified by the given + * nickname. + * * @param tokenname name of token where the nickname is valid * @param nickname nickname of the certificate * @return certificate extensions * @exception EBaseException failed to get extensions */ - public CertificateExtensions getExtensions(String tokenname, String nickname - ) - throws EBaseException; + public CertificateExtensions getExtensions(String tokenname, String nickname) + throws EBaseException; /** * Deletes certificate of the given nickname. - * + * * @param nickname nickname of the certificate * @param pathname path where a copy of the deleted certificate is stored * @exception EBaseException failed to delete certificate */ - public void deleteTokenCertificate(String nickname, String pathname) - throws EBaseException; + public void deleteTokenCertificate(String nickname, String pathname) + throws EBaseException; /** * Delete certificate of the given nickname. - * + * * @param nickname nickname of the certificate - * @param notAfterTime The notAfter of the certificate. It - * is possible to ge t multiple certificates under - * the same nickname. If one of the certificates match - * the notAfterTime, then the certificate will get - * deleted. The format of the notAfterTime has to be - * in "MMMMM dd, yyyy HH:mm:ss" format. + * @param notAfterTime The notAfter of the certificate. It is possible to ge + * t multiple certificates under the same nickname. If one of the + * certificates match the notAfterTime, then the certificate will + * get deleted. The format of the notAfterTime has to be in + * "MMMMM dd, yyyy HH:mm:ss" format. * @exception EBaseException failed to delete certificate */ - public void deleteCert(String nickname, String notAfterTime) - throws EBaseException; + public void deleteCert(String nickname, String notAfterTime) + throws EBaseException; /** - * Retrieves the subject DN of the certificate identified by - * the nickname. - * + * Retrieves the subject DN of the certificate identified by the nickname. + * * @param nickname nickname of the certificate * @return subject distinguished name * @exception EBaseException failed to retrieve subject DN @@ -262,19 +262,19 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Trusts a certificate for all available purposes. - * + * * @param nickname nickname of the certificate * @param date certificate's not before * @param trust "Trust" or other * @exception EBaseException failed to trust certificate */ - public void trustCert(String nickname, String date, String trust) - throws EBaseException; + public void trustCert(String nickname, String date, String trust) + throws EBaseException; /** - * Checks if the given base-64 encoded string contains an extension - * or a sequence of extensions. - * + * Checks if the given base-64 encoded string contains an extension or a + * sequence of extensions. + * * @param ext extension or sequence of extension encoded in base-64 * @exception EBaseException failed to check encoding */ @@ -282,16 +282,17 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Gets all certificates on all tokens for Certificate Database Management. - * + * * @return all certificates * @exception EBaseException failed to retrieve certificates */ public NameValuePairs getAllCertsManage() throws EBaseException; + public NameValuePairs getUserCerts() throws EBaseException; /** * Gets all CA certificates on all tokens. - * + * * @return all CA certificates * @exception EBaseException failed to retrieve certificates */ @@ -300,17 +301,17 @@ public interface ICryptoSubsystem extends ISubsystem { public NameValuePairs getRootCerts() throws EBaseException; public void setRootCertTrust(String nickname, String serialno, - String issuername, String trust) throws EBaseException; + String issuername, String trust) throws EBaseException; public void deleteRootCert(String nickname, String serialno, - String issuername) throws EBaseException; + String issuername) throws EBaseException; public void deleteUserCert(String nickname, String serialno, - String issuername) throws EBaseException; + String issuername) throws EBaseException; /** * Retrieves PQG parameters based on key size. - * + * * @param keysize key size * @return pqg parameters */ @@ -318,118 +319,118 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves PQG parameters based on key size. - * + * * @param keysize key size * @param store configuration store * @return pqg parameters */ public PQGParams getCAPQG(int keysize, IConfigStore store) - throws EBaseException; + throws EBaseException; /** - * Retrieves extensions of the certificate that is identified by - * the given nickname. - * + * Retrieves extensions of the certificate that is identified by the given + * nickname. + * * @param tokenname token name * @param nickname nickname * @return certificate extensions */ - public CertificateExtensions getCertExtensions(String tokenname, String nickname - ) - throws NotInitializedException, TokenException, ObjectNotFoundException, + public CertificateExtensions getCertExtensions(String tokenname, + String nickname) throws NotInitializedException, TokenException, + ObjectNotFoundException, IOException, CertificateException; /** * Checks if the given token is logged in. - * + * * @param name token name * @return true if token is logged in - * @exception EBaseException failed to login + * @exception EBaseException failed to login */ public boolean isTokenLoggedIn(String name) throws EBaseException; /** * Logs into token. - * + * * @param tokenName name of the token * @param pwd token password * @exception EBaseException failed to login */ - public void loggedInToken(String tokenName, String pwd) - throws EBaseException; + public void loggedInToken(String tokenName, String pwd) + throws EBaseException; /** * Generates certificate request from the given key pair. - * + * * @param subjectName subject name to use in the request * @param kp key pair that contains public key material * @return certificate request in base-64 encoded format * @exception EBaseException failed to generate request */ public String getCertRequest(String subjectName, KeyPair kp) - throws EBaseException; + throws EBaseException; /** * Checks if fortezza is enabled. - * + * * @return "true" if fortezza is enabled */ public String isCipherFortezza() throws EBaseException; /** * Retrieves the SSL cipher version. - * + * * @return cipher version (i.e. "cipherdomestic") */ public String getCipherVersion() throws EBaseException; /** * Retrieves the cipher preferences. - * + * * @return cipher preferences (i.e. "rc4export,rc2export,...") */ public String getCipherPreferences() throws EBaseException; /** * Sets the current SSL cipher preferences. - * + * * @param cipherPrefs cipher preferences (i.e. "rc4export,rc2export,...") * @exception EBaseException failed to set cipher preferences */ - public void setCipherPreferences(String cipherPrefs) - throws EBaseException; + public void setCipherPreferences(String cipherPrefs) throws EBaseException; /** * Retrieves a list of currently registered token names. - * + * * @return list of token names * @exception EBaseException failed to retrieve token list */ public String getTokenList() throws EBaseException; /** - * Retrieves all certificates. The result list will not - * contain the token tag. - * + * Retrieves all certificates. The result list will not contain the token + * tag. + * * @param name token name * @return list of certificates without token tag * @exception EBaseException failed to retrieve */ - public String getCertListWithoutTokenName(String name) throws EBaseException; + public String getCertListWithoutTokenName(String name) + throws EBaseException; /** * Retrieves the token name of the internal (software) token. - * + * * @return the token name * @exception EBaseException failed to retrieve token name */ public String getInternalTokenName() throws EBaseException; /** - * Checks to see if the certificate of the given nickname is a - * CA certificate. - * + * Checks to see if the certificate of the given nickname is a CA + * certificate. + * * @param fullNickname nickname of the certificate to check * @return true if it is a CA certificate * @exception EBaseException failed to check @@ -437,33 +438,34 @@ public interface ICryptoSubsystem extends ISubsystem { public boolean isCACert(String fullNickname) throws EBaseException; /** - * Adds the specified number of bits of entropy from the system - * entropy generator to the RNG of the default PKCS#11 RNG token. - * The default token is set using the modutil command. - * Note that the system entropy generator (usually /dev/random) - * will block until sufficient entropy is collected. - * + * Adds the specified number of bits of entropy from the system entropy + * generator to the RNG of the default PKCS#11 RNG token. The default token + * is set using the modutil command. Note that the system entropy generator + * (usually /dev/random) will block until sufficient entropy is collected. + * * @param bits number of bits of entropy - * @exception org.mozilla.jss.util.NotImplementedException If the Crypto device does not support - * adding entropy - * @exception TokenException If there was some other problem with the Crypto device - * @exception IOException If there was a problem reading from the /dev/random + * @exception org.mozilla.jss.util.NotImplementedException If the Crypto + * device does not support adding entropy + * @exception TokenException If there was some other problem with the Crypto + * device + * @exception IOException If there was a problem reading from the + * /dev/random */ public void addEntropy(int bits) - throws org.mozilla.jss.util.NotImplementedException, - IOException, + throws org.mozilla.jss.util.NotImplementedException, IOException, TokenException; /** - * Signs the certificate template into the given data and returns - * a signed certificate. - * + * Signs the certificate template into the given data and returns a signed + * certificate. + * * @param data data that contains certificate template * @param certType certificate type * @param priKey CA signing key * @return certificate * @exception EBaseException failed to sign certificate template */ - public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey) throws EBaseException; + public X509CertImpl getSignedCert(KeyCertData data, String certType, + java.security.PrivateKey priKey) throws EBaseException; } |