diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv/security')
8 files changed, 326 insertions, 314 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/security/Credential.java b/pki/base/common/src/com/netscape/certsrv/security/Credential.java index ea6ca400f..9aff49adc 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/Credential.java +++ b/pki/base/common/src/com/netscape/certsrv/security/Credential.java @@ -17,10 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; + /** - * A class represents a credential. A credential contains information that - * identifies a user. In this case, identifier and password are used. - * + * A class represents a credential. A credential contains + * information that identifies a user. In this case, + * identifier and password are used. + * * @version $Revision$, $Date$ */ public class Credential implements java.io.Serializable { @@ -34,7 +36,7 @@ public class Credential implements java.io.Serializable { /** * Constructs credential object. - * + * * @param id user id * @param password user password */ @@ -42,10 +44,10 @@ public class Credential implements java.io.Serializable { mId = id; mPassword = password; } - + /** * Retrieves identifier. - * + * * @return user id */ public String getIdentifier() { @@ -54,7 +56,7 @@ public class Credential implements java.io.Serializable { /** * Retrieves password. - * + * * @return user password */ public String getPassword() { diff --git a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java index 0f9fcdf0e..ab910b376 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java +++ b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; + import java.io.IOException; import java.security.KeyPair; import java.security.cert.CertificateException; @@ -36,10 +37,11 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.common.NameValuePairs; + /** - * This interface represents the cryptographics subsystem that provides all the - * security related functions. - * + * This interface represents the cryptographics subsystem + * that provides all the security related functions. + * * @version $Revision$, $Date$ */ public interface ICryptoSubsystem extends ISubsystem { @@ -47,9 +49,9 @@ public interface ICryptoSubsystem extends ISubsystem { public static final String ID = "jss"; /** - * Retrieves a list of nicknames of certificates that are in the installed - * tokens. - * + * Retrieves a list of nicknames of certificates that are + * in the installed tokens. + * * @return a list of comma-separated nicknames * @exception EBaseException failed to retrieve nicknames */ @@ -57,62 +59,58 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves certificate in pretty-print format by the nickname. - * + * * @param nickname nickname of certificate * @param date not after of the returned certificate must be date * @param locale user locale * @return certificate in pretty-print format * @exception EBaseException failed to retrieve certificate */ - public String getCertPrettyPrint(String nickname, String date, Locale locale) - throws EBaseException; - + public String getCertPrettyPrint(String nickname, String date, + Locale locale) throws EBaseException; public String getRootCertTrustBit(String nickname, String serialno, - String issuerName) throws EBaseException; - - public String getCertPrettyPrint(String nickname, String serialno, - String issuername, Locale locale) throws EBaseException; - - public String getCertPrettyPrintAndFingerPrint(String nickname, - String serialno, String issuername, Locale locale) - throws EBaseException; + String issuerName) throws EBaseException; + public String getCertPrettyPrint(String nickname, String serialno, + String issuername, Locale locale) throws EBaseException; + public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, + String issuername, Locale locale) throws EBaseException; /** * Retrieves the certificate in the pretty print format. - * + * * @param b64E certificate in mime-64 encoded format * @param locale end user locale * @return certificate in pretty-print format * @exception EBaseException failed to retrieve certificate */ - public String getCertPrettyPrint(String b64E, Locale locale) - throws EBaseException; + public String getCertPrettyPrint(String b64E, Locale locale) + throws EBaseException; /** * Imports certificate into the server. - * + * * @param b64E certificate in mime-64 encoded format * @param nickname nickname for the importing certificate * @param certType certificate type * @exception EBaseException failed to import certificate */ public void importCert(String b64E, String nickname, String certType) - throws EBaseException; + throws EBaseException; /** * Imports certificate into the server. - * + * * @param signedCert certificate * @param nickname nickname for the importing certificate * @param certType certificate type * @exception EBaseException failed to import certificate */ public void importCert(X509CertImpl signedCert, String nickname, - String certType) throws EBaseException; + String certType) throws EBaseException; /** * Generates a key pair based on the given parameters. - * + * * @param properties key parameters * @return key pair * @exception EBaseException failed to generate key pair @@ -121,7 +119,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves the key pair based on the given nickname. - * + * * @param nickname nickname of the public key * @exception EBaseException failed to retrieve key pair */ @@ -129,19 +127,19 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Generates a key pair based on the given parameters. - * + * * @param tokenName name of token where key is generated * @param alg key algorithm * @param keySize key size * @return key pair * @exception EBaseException failed to generate key pair */ - public KeyPair getKeyPair(String tokenName, String alg, int keySize) - throws EBaseException; + public KeyPair getKeyPair(String tokenName, String alg, + int keySize) throws EBaseException; /** * Generates a key pair based on the given parameters. - * + * * @param tokenName name of token where key is generated * @param alg key algorithm * @param keySize key size @@ -149,12 +147,12 @@ public interface ICryptoSubsystem extends ISubsystem { * @return key pair * @exception EBaseException failed to generate key pair */ - public KeyPair getKeyPair(String tokenName, String alg, int keySize, - PQGParams pqg) throws EBaseException; + public KeyPair getKeyPair(String tokenName, String alg, + int keySize, PQGParams pqg) throws EBaseException; /** * Generates an ECC key pair based on the given parameters. - * + * * @param properties key parameters * @return key pair * @exception EBaseException failed to generate key pair @@ -163,97 +161,99 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Generates an ECC key pair based on the given parameters. - * + * * @param token token name * @param curveName curve name * @param certType type of cert(sslserver etc..) * @return key pair * @exception EBaseException failed to generate key pair */ - public KeyPair getECCKeyPair(String token, String curveName, String certType) - throws EBaseException; + public KeyPair getECCKeyPair(String token, String curveName, String certType) throws EBaseException; /** - * Retrieves the signature algorithm of the certificate named by the given - * nickname. - * + * Retrieves the signature algorithm of the certificate named + * by the given nickname. + * * @param nickname nickname of the certificate * @return signature algorithm - * @exception EBaseException failed to retrieve signature + * @exception EBaseException failed to retrieve signature */ public String getSignatureAlgorithm(String nickname) throws EBaseException; /** * Checks if the given dn is a valid distinguished name. - * + * * @param dn distinguished name * @exception EBaseException failed to check */ public void isX500DN(String dn) throws EBaseException; /** - * Retrieves CA's signing algorithm id. If it is DSA algorithm, algorithm is - * constructed by reading the parameters ca.dsaP, ca.dsaQ, ca.dsaG. - * + * Retrieves CA's signing algorithm id. If it is DSA algorithm, + * algorithm is constructed by reading the parameters + * ca.dsaP, ca.dsaQ, ca.dsaG. + * * @param algname DSA or RSA * @param store configuration store. * @return algorithm id * @exception EBaseException failed to retrieve algorithm id */ - public AlgorithmId getAlgorithmId(String algname, IConfigStore store) - throws EBaseException; + public AlgorithmId getAlgorithmId(String algname, IConfigStore store) throws EBaseException; /** - * Retrieves subject name of the certificate that is identified by the given - * nickname. - * + * Retrieves subject name of the certificate that is identified by + * the given nickname. + * * @param tokenname name of token where the nickname is valid * @param nickname nickname of the certificate * @return subject name * @exception EBaseException failed to get subject name */ public String getCertSubjectName(String tokenname, String nickname) - throws EBaseException; + throws EBaseException; /** - * Retrieves extensions of the certificate that is identified by the given - * nickname. - * + * Retrieves extensions of the certificate that is identified by + * the given nickname. + * * @param tokenname name of token where the nickname is valid * @param nickname nickname of the certificate * @return certificate extensions * @exception EBaseException failed to get extensions */ - public CertificateExtensions getExtensions(String tokenname, String nickname) - throws EBaseException; + public CertificateExtensions getExtensions(String tokenname, String nickname + ) + throws EBaseException; /** * Deletes certificate of the given nickname. - * + * * @param nickname nickname of the certificate * @param pathname path where a copy of the deleted certificate is stored * @exception EBaseException failed to delete certificate */ - public void deleteTokenCertificate(String nickname, String pathname) - throws EBaseException; + public void deleteTokenCertificate(String nickname, String pathname) + throws EBaseException; /** * Delete certificate of the given nickname. - * + * * @param nickname nickname of the certificate - * @param notAfterTime The notAfter of the certificate. It is possible to ge - * t multiple certificates under the same nickname. If one of the - * certificates match the notAfterTime, then the certificate will - * get deleted. The format of the notAfterTime has to be in - * "MMMMM dd, yyyy HH:mm:ss" format. + * @param notAfterTime The notAfter of the certificate. It + * is possible to ge t multiple certificates under + * the same nickname. If one of the certificates match + * the notAfterTime, then the certificate will get + * deleted. The format of the notAfterTime has to be + * in "MMMMM dd, yyyy HH:mm:ss" format. * @exception EBaseException failed to delete certificate */ - public void deleteCert(String nickname, String notAfterTime) - throws EBaseException; + public void deleteCert(String nickname, String notAfterTime) + throws EBaseException; /** - * Retrieves the subject DN of the certificate identified by the nickname. - * + * Retrieves the subject DN of the certificate identified by + * the nickname. + * * @param nickname nickname of the certificate * @return subject distinguished name * @exception EBaseException failed to retrieve subject DN @@ -262,19 +262,19 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Trusts a certificate for all available purposes. - * + * * @param nickname nickname of the certificate * @param date certificate's not before * @param trust "Trust" or other * @exception EBaseException failed to trust certificate */ - public void trustCert(String nickname, String date, String trust) - throws EBaseException; + public void trustCert(String nickname, String date, String trust) + throws EBaseException; /** - * Checks if the given base-64 encoded string contains an extension or a - * sequence of extensions. - * + * Checks if the given base-64 encoded string contains an extension + * or a sequence of extensions. + * * @param ext extension or sequence of extension encoded in base-64 * @exception EBaseException failed to check encoding */ @@ -282,17 +282,16 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Gets all certificates on all tokens for Certificate Database Management. - * + * * @return all certificates * @exception EBaseException failed to retrieve certificates */ public NameValuePairs getAllCertsManage() throws EBaseException; - public NameValuePairs getUserCerts() throws EBaseException; /** * Gets all CA certificates on all tokens. - * + * * @return all CA certificates * @exception EBaseException failed to retrieve certificates */ @@ -301,17 +300,17 @@ public interface ICryptoSubsystem extends ISubsystem { public NameValuePairs getRootCerts() throws EBaseException; public void setRootCertTrust(String nickname, String serialno, - String issuername, String trust) throws EBaseException; + String issuername, String trust) throws EBaseException; public void deleteRootCert(String nickname, String serialno, - String issuername) throws EBaseException; + String issuername) throws EBaseException; public void deleteUserCert(String nickname, String serialno, - String issuername) throws EBaseException; + String issuername) throws EBaseException; /** * Retrieves PQG parameters based on key size. - * + * * @param keysize key size * @return pqg parameters */ @@ -319,118 +318,118 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves PQG parameters based on key size. - * + * * @param keysize key size * @param store configuration store * @return pqg parameters */ public PQGParams getCAPQG(int keysize, IConfigStore store) - throws EBaseException; + throws EBaseException; /** - * Retrieves extensions of the certificate that is identified by the given - * nickname. - * + * Retrieves extensions of the certificate that is identified by + * the given nickname. + * * @param tokenname token name * @param nickname nickname * @return certificate extensions */ - public CertificateExtensions getCertExtensions(String tokenname, - String nickname) throws NotInitializedException, TokenException, - ObjectNotFoundException, + public CertificateExtensions getCertExtensions(String tokenname, String nickname + ) + throws NotInitializedException, TokenException, ObjectNotFoundException, IOException, CertificateException; /** * Checks if the given token is logged in. - * + * * @param name token name * @return true if token is logged in - * @exception EBaseException failed to login + * @exception EBaseException failed to login */ public boolean isTokenLoggedIn(String name) throws EBaseException; /** * Logs into token. - * + * * @param tokenName name of the token * @param pwd token password * @exception EBaseException failed to login */ - public void loggedInToken(String tokenName, String pwd) - throws EBaseException; + public void loggedInToken(String tokenName, String pwd) + throws EBaseException; /** * Generates certificate request from the given key pair. - * + * * @param subjectName subject name to use in the request * @param kp key pair that contains public key material * @return certificate request in base-64 encoded format * @exception EBaseException failed to generate request */ public String getCertRequest(String subjectName, KeyPair kp) - throws EBaseException; + throws EBaseException; /** * Checks if fortezza is enabled. - * + * * @return "true" if fortezza is enabled */ public String isCipherFortezza() throws EBaseException; /** * Retrieves the SSL cipher version. - * + * * @return cipher version (i.e. "cipherdomestic") */ public String getCipherVersion() throws EBaseException; /** * Retrieves the cipher preferences. - * + * * @return cipher preferences (i.e. "rc4export,rc2export,...") */ public String getCipherPreferences() throws EBaseException; /** * Sets the current SSL cipher preferences. - * + * * @param cipherPrefs cipher preferences (i.e. "rc4export,rc2export,...") * @exception EBaseException failed to set cipher preferences */ - public void setCipherPreferences(String cipherPrefs) throws EBaseException; + public void setCipherPreferences(String cipherPrefs) + throws EBaseException; /** * Retrieves a list of currently registered token names. - * + * * @return list of token names * @exception EBaseException failed to retrieve token list */ public String getTokenList() throws EBaseException; /** - * Retrieves all certificates. The result list will not contain the token - * tag. - * + * Retrieves all certificates. The result list will not + * contain the token tag. + * * @param name token name * @return list of certificates without token tag * @exception EBaseException failed to retrieve */ - public String getCertListWithoutTokenName(String name) - throws EBaseException; + public String getCertListWithoutTokenName(String name) throws EBaseException; /** * Retrieves the token name of the internal (software) token. - * + * * @return the token name * @exception EBaseException failed to retrieve token name */ public String getInternalTokenName() throws EBaseException; /** - * Checks to see if the certificate of the given nickname is a CA - * certificate. - * + * Checks to see if the certificate of the given nickname is a + * CA certificate. + * * @param fullNickname nickname of the certificate to check * @return true if it is a CA certificate * @exception EBaseException failed to check @@ -438,34 +437,33 @@ public interface ICryptoSubsystem extends ISubsystem { public boolean isCACert(String fullNickname) throws EBaseException; /** - * Adds the specified number of bits of entropy from the system entropy - * generator to the RNG of the default PKCS#11 RNG token. The default token - * is set using the modutil command. Note that the system entropy generator - * (usually /dev/random) will block until sufficient entropy is collected. - * + * Adds the specified number of bits of entropy from the system + * entropy generator to the RNG of the default PKCS#11 RNG token. + * The default token is set using the modutil command. + * Note that the system entropy generator (usually /dev/random) + * will block until sufficient entropy is collected. + * * @param bits number of bits of entropy - * @exception org.mozilla.jss.util.NotImplementedException If the Crypto - * device does not support adding entropy - * @exception TokenException If there was some other problem with the Crypto - * device - * @exception IOException If there was a problem reading from the - * /dev/random + * @exception org.mozilla.jss.util.NotImplementedException If the Crypto device does not support + * adding entropy + * @exception TokenException If there was some other problem with the Crypto device + * @exception IOException If there was a problem reading from the /dev/random */ public void addEntropy(int bits) - throws org.mozilla.jss.util.NotImplementedException, IOException, + throws org.mozilla.jss.util.NotImplementedException, + IOException, TokenException; /** - * Signs the certificate template into the given data and returns a signed - * certificate. - * + * Signs the certificate template into the given data and returns + * a signed certificate. + * * @param data data that contains certificate template * @param certType certificate type * @param priKey CA signing key * @return certificate * @exception EBaseException failed to sign certificate template */ - public X509CertImpl getSignedCert(KeyCertData data, String certType, - java.security.PrivateKey priKey) throws EBaseException; + public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey) throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java b/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java index fdf067b57..984425a52 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java +++ b/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java @@ -17,51 +17,53 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; + import java.security.PublicKey; import org.mozilla.jss.crypto.PrivateKey; import com.netscape.certsrv.base.EBaseException; + /** * An interface represents a encryption unit. - * + * * @version $Revision$, $Date$ */ public interface IEncryptionUnit extends IToken { /** * Retrieves the public key in this unit. - * + * * @return public key */ public PublicKey getPublicKey(); /** - * Wraps data. The given key will be wrapped by the private key in this - * unit. - * + * Wraps data. The given key will be wrapped by the + * private key in this unit. + * * @param priKey private key to be wrapped - * @return wrapped data + * @return wrapped data * @exception EBaseException failed to wrap */ public byte[] wrap(PrivateKey priKey) throws EBaseException; /** - * Verifies the given key pair. - * + * Verifies the given key pair. + * * @param publicKey public key * @param privateKey private key */ - public void verify(PublicKey publicKey, PrivateKey privateKey) - throws EBaseException; + public void verify(PublicKey publicKey, PrivateKey privateKey) throws + EBaseException; /** - * Unwraps data. This method rebuilds the private key by unwrapping the - * private key data. - * + * Unwraps data. This method rebuilds the private key by + * unwrapping the private key data. + * * @param sessionKey session key that unwrap the private key - * @param symmAlgOID symmetric algorithm + * @param symmAlgOID symmetric algorithm * @param symmAlgParams symmetric algorithm parameters * @param privateKey private key data * @param pubKey public key @@ -69,54 +71,56 @@ public interface IEncryptionUnit extends IToken { * @exception EBaseException failed to unwrap */ public PrivateKey unwrap(byte sessionKey[], String symmAlgOID, - byte symmAlgParams[], byte privateKey[], PublicKey pubKey) - throws EBaseException; + byte symmAlgParams[], byte privateKey[], + PublicKey pubKey) + throws EBaseException; /** - * Unwraps data. This method rebuilds the private key by unwrapping the - * private key data. - * + * Unwraps data. This method rebuilds the private key by + * unwrapping the private key data. + * * @param privateKey private key data * @param pubKey public key object * @return private key object * @exception EBaseException failed to unwrap */ public PrivateKey unwrap(byte privateKey[], PublicKey pubKey) - throws EBaseException; - + throws EBaseException; + /** - * Encrypts the internal private key (private key to the KRA's internal - * storage). - * + * Encrypts the internal private key (private key to the KRA's + * internal storage). + * * @param rawPrivate user's private key (key to be archived) * @return encrypted data * @exception EBaseException failed to encrypt */ public byte[] encryptInternalPrivate(byte rawPrivate[]) - throws EBaseException; + throws EBaseException; /** - * Decrypts the internal private key (private key from the KRA's internal - * storage). - * - * @param wrappedPrivateData unwrapped private key data (key to be - * recovered) + * Decrypts the internal private key (private key from the KRA's + * internal storage). + * + * @param wrappedPrivateData unwrapped private key data (key to be recovered) * @return raw private key * @exception EBaseException failed to decrypt */ public byte[] decryptInternalPrivate(byte wrappedPrivateData[]) - throws EBaseException; + throws EBaseException; /** * Decrypts the external private key (private key from the end-user). - * + * * @param sessionKey session key that protects the user private - * @param symmAlgOID symmetric algorithm + * @param symmAlgOID symmetric algorithm * @param symmAlgParams symmetric algorithm parameters * @param privateKey private key data * @return private key data * @exception EBaseException failed to decrypt */ - public byte[] decryptExternalPrivate(byte sessionKey[], String symmAlgOID, - byte symmAlgParams[], byte privateKey[]) throws EBaseException; + public byte[] decryptExternalPrivate(byte sessionKey[], + String symmAlgOID, + byte symmAlgParams[], byte privateKey[]) + throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java b/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java index 93b3c8003..664d5c1f8 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java +++ b/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; + import java.security.PublicKey; import netscape.security.x509.X509CertImpl; @@ -27,8 +28,9 @@ import org.mozilla.jss.crypto.X509Certificate; import com.netscape.certsrv.base.EBaseException; /** - * A class represents the signing unit which is capable of signing data. - * + * A class represents the signing unit which is + * capable of signing data. + * * @version $Revision$, $Date$ */ public interface ISigningUnit { @@ -44,11 +46,11 @@ public interface ISigningUnit { /** * Retrieves the nickname of the signing certificate. */ - public String getNickname(); + public String getNickname(); /** * Retrieves the new nickname in the renewal process. - * + * * @return new nickname * @exception EBaseException failed to get new nickname */ @@ -56,38 +58,39 @@ public interface ISigningUnit { /** * Sets new nickname of the signing certificate. - * + * * @param name nickname */ public void setNewNickName(String name); /** * Retrieves the signing certificate. - * + * * @return signing certificate */ public X509Certificate getCert(); /** * Retrieves the signing certificate. - * + * * @return signing certificate */ public X509CertImpl getCertImpl(); /** * Signs the given data in specific algorithm. - * + * * @param data data to be signed * @param algname signing algorithm to be used * @return signed data * @exception EBaseException failed to sign */ - public byte[] sign(byte[] data, String algname) throws EBaseException; - + public byte[] sign(byte[] data, String algname) + throws EBaseException; + /** * Verifies the signed data. - * + * * @param data signed data * @param signature signature * @param algname signing algorithm @@ -95,18 +98,18 @@ public interface ISigningUnit { * @exception EBaseException failed to verify */ public boolean verify(byte[] data, byte[] signature, String algname) - throws EBaseException; + throws EBaseException; /** * Retrieves the default algorithm. - * + * * @return default signing algorithm */ public SignatureAlgorithm getDefaultSignatureAlgorithm(); /** * Retrieves the default algorithm name. - * + * * @return default signing algorithm name */ public String getDefaultAlgorithm(); @@ -121,15 +124,15 @@ public interface ISigningUnit { /** * Retrieves all supported signing algorithm of this unit. - * + * * @return a list of signing algorithms * @exception EBaseException failed to list - */ + */ public String[] getAllAlgorithms() throws EBaseException; /** * Retrieves the token name of this unit. - * + * * @return token name * @exception EBaseException failed to retrieve name */ @@ -137,7 +140,7 @@ public interface ISigningUnit { /** * Updates new nickname and tokename in the configuration file. - * + * * @param nickname new nickname * @param tokenname new tokenname */ @@ -145,18 +148,19 @@ public interface ISigningUnit { /** * Checks if the given algorithm name is supported. - * + * * @param algname algorithm name * @return signing algorithm * @exception EBaseException failed to check signing algorithm */ public SignatureAlgorithm checkSigningAlgorithmFromName(String algname) - throws EBaseException; + throws EBaseException; /** * Retrieves the public key associated in this unit. - * + * * @return public key */ public PublicKey getPublicKey(); } + diff --git a/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java b/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java index 0c741c71f..02ebc616b 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java +++ b/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java @@ -17,31 +17,33 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; + import java.util.Enumeration; import org.mozilla.jss.crypto.CryptoToken; import com.netscape.certsrv.base.EBaseException; + /** - * An interface represents a storage key unit. This storage unit contains a - * storage key pair that is used for encrypting the user private key for long - * term storage. - * + * An interface represents a storage key unit. This storage + * unit contains a storage key pair that is used for + * encrypting the user private key for long term storage. + * * @version $Revision$, $Date$ */ public interface IStorageKeyUnit extends IEncryptionUnit { /** * Retrieves total number of recovery agents. - * + * * @return total number of recovery agents */ public int getNoOfAgents() throws EBaseException; /** - * Retrieves number of recovery agents required to perform recovery - * operation. + * Retrieves number of recovery agents required to + * perform recovery operation. * * @return required number of recovery agents for recovery operation */ @@ -49,33 +51,33 @@ public interface IStorageKeyUnit extends IEncryptionUnit { /** * Sets the numer of required recovery agents - * + * * @param number number of required agents */ public void setNoOfRequiredAgents(int number); /** * Retrieves a list of agents in this unit. - * + * * @return a list of string-based agent identifiers */ public Enumeration getAgentIdentifiers(); /** * Changes agent password. - * + * * @param id agent id * @param oldpwd old password * @param newpwd new password * @return true if operation successful * @exception EBaseException failed to change password */ - public boolean changeAgentPassword(String id, String oldpwd, String newpwd) - throws EBaseException; + public boolean changeAgentPassword(String id, String oldpwd, + String newpwd) throws EBaseException; /** * Changes M-N recovery scheme. - * + * * @param n total number of agents * @param m required number of agents for recovery operation * @param oldcreds all old credentials @@ -84,11 +86,11 @@ public interface IStorageKeyUnit extends IEncryptionUnit { * @exception EBaseException failed to change schema */ public boolean changeAgentMN(int n, int m, Credential oldcreds[], - Credential newcreds[]) throws EBaseException; - + Credential newcreds[]) throws EBaseException; + /** * Logins to this unit. - * + * * @param ac agent's credentials * @exception EBaseException failed to login */ diff --git a/pki/base/common/src/com/netscape/certsrv/security/IToken.java b/pki/base/common/src/com/netscape/certsrv/security/IToken.java index 05aff64f9..0b79cfcf3 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/IToken.java +++ b/pki/base/common/src/com/netscape/certsrv/security/IToken.java @@ -17,18 +17,20 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; + import com.netscape.certsrv.base.EBaseException; + /** * An interface represents a generic token unit. - * + * * @version $Revision$, $Date$ */ public interface IToken { /** * Logins to the token unit. - * + * * @param pin password to access the token * @exception EBaseException failed to login to this token */ diff --git a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java index 96fa74f41..2edfa12a9 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java +++ b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; + import java.security.PublicKey; import org.mozilla.jss.crypto.CryptoToken; @@ -25,31 +26,27 @@ import org.mozilla.jss.crypto.SymmetricKey; import com.netscape.certsrv.base.EBaseException; + /** - * An interface represents the transport key pair. This key pair is used to - * protected EE's private key in transit. - * + * An interface represents the transport key pair. + * This key pair is used to protected EE's private + * key in transit. + * * @version $Revision$, $Date$ */ public interface ITransportKeyUnit extends IEncryptionUnit { /** * Retrieves public key. - * + * * @return certificate */ public org.mozilla.jss.crypto.X509Certificate getCertificate(); - public SymmetricKey unwrap_sym(byte encSymmKey[]); - public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[]); - - public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey pubKey) - throws EBaseException; - + public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey + pubKey) throws EBaseException; public CryptoToken getToken(); - - public String getSigningAlgorithm() throws EBaseException; - - public void setSigningAlgorithm(String str) throws EBaseException; + public String getSigningAlgorithm() throws EBaseException; + public void setSigningAlgorithm(String str) throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java b/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java index 18cc98be9..484e5e73b 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java +++ b/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; + import java.math.BigInteger; import java.security.KeyPair; import java.util.Properties; @@ -31,7 +32,8 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; /** - * This class represents a container for storaging data in the security package. + * This class represents a container for storaging + * data in the security package. * * @version $Revision$, $Date$ */ @@ -51,7 +53,7 @@ public class KeyCertData extends Properties { /** * Retrieves the key pair from this container. - * + * * @return key pair */ public KeyPair getKeyPair() { @@ -60,7 +62,7 @@ public class KeyCertData extends Properties { /** * Sets key pair into this container. - * + * * @param keypair key pair */ public void setKeyPair(KeyPair keypair) { @@ -69,7 +71,7 @@ public class KeyCertData extends Properties { /** * Retrieves the issuer name from this container. - * + * * @return issuer name */ public String getIssuerName() { @@ -78,7 +80,7 @@ public class KeyCertData extends Properties { /** * Sets the issuer name in this container. - * + * * @param name issuer name */ public void setIssuerName(String name) { @@ -87,7 +89,7 @@ public class KeyCertData extends Properties { /** * Retrieves certificate server instance name. - * + * * @return instance name */ public String getCertInstanceName() { @@ -96,7 +98,7 @@ public class KeyCertData extends Properties { /** * Sets certificate server instance name. - * + * * @param name instance name */ public void setCertInstanceName(String name) { @@ -105,16 +107,16 @@ public class KeyCertData extends Properties { /** * Retrieves certificate nickname. - * + * * @return certificate nickname */ public String getCertNickname() { return (String) get(Constants.PR_NICKNAME); } - + /** * Sets certificate nickname. - * + * * @param nickname certificate nickname */ public void setCertNickname(String nickname) { @@ -123,7 +125,7 @@ public class KeyCertData extends Properties { /** * Retrieves key length. - * + * * @return key length */ public String getKeyLength() { @@ -132,7 +134,7 @@ public class KeyCertData extends Properties { /** * Sets key length. - * + * * @param len key length */ public void setKeyLength(String len) { @@ -141,7 +143,7 @@ public class KeyCertData extends Properties { /** * Retrieves key type. - * + * * @return key type */ public String getKeyType() { @@ -150,7 +152,7 @@ public class KeyCertData extends Properties { /** * Sets key type. - * + * * @param type key type */ public void setKeyType(String type) { @@ -159,7 +161,7 @@ public class KeyCertData extends Properties { /** * Retrieves key curve name. - * + * * @return key curve name */ public String getKeyCurveName() { @@ -168,7 +170,7 @@ public class KeyCertData extends Properties { /** * Sets key curvename. - * + * * @param len key curvename */ public void setKeyCurveName(String len) { @@ -177,7 +179,7 @@ public class KeyCertData extends Properties { /** * Retrieves signature algorithm. - * + * * @return signature algorithm */ public SignatureAlgorithm getSignatureAlgorithm() { @@ -186,7 +188,7 @@ public class KeyCertData extends Properties { /** * Sets signature algorithm - * + * * @param alg signature algorithm */ public void setSignatureAlgorithm(SignatureAlgorithm alg) { @@ -195,7 +197,7 @@ public class KeyCertData extends Properties { /** * Retrieves algorithm used to sign the root CA Cert. - * + * * @return signature algorithm */ public String getSignedBy() { @@ -204,7 +206,7 @@ public class KeyCertData extends Properties { /** * Sets signature algorithm used to sign root CA cert - * + * * @param alg signature algorithm */ public void setSignedBy(String alg) { @@ -213,7 +215,7 @@ public class KeyCertData extends Properties { /** * Retrieves signature algorithm. - * + * * @return signature algorithm */ public AlgorithmId getAlgorithmId() { @@ -222,7 +224,7 @@ public class KeyCertData extends Properties { /** * Sets algorithm identifier - * + * * @param id signature algorithm */ public void setAlgorithmId(AlgorithmId id) { @@ -231,7 +233,7 @@ public class KeyCertData extends Properties { /** * Retrieves serial number. - * + * * @return serial number */ public BigInteger getSerialNumber() { @@ -240,7 +242,7 @@ public class KeyCertData extends Properties { /** * Sets serial number. - * + * * @param num serial number */ public void setSerialNumber(BigInteger num) { @@ -249,16 +251,16 @@ public class KeyCertData extends Properties { /** * Retrieves configuration file. - * + * * @return configuration file */ public IConfigStore getConfigFile() { - return (IConfigStore) (get("cmsFile")); + return (IConfigStore)(get("cmsFile")); } /** * Sets configuration file. - * + * * @param file configuration file */ public void setConfigFile(IConfigStore file) { @@ -267,7 +269,7 @@ public class KeyCertData extends Properties { /** * Retrieves begining year of validity. - * + * * @return begining year */ public String getBeginYear() { @@ -276,7 +278,7 @@ public class KeyCertData extends Properties { /** * Sets begining year of validity. - * + * * @param year begining year */ public void setBeginYear(String year) { @@ -285,7 +287,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending year of validity. - * + * * @return ending year */ public String getAfterYear() { @@ -294,7 +296,7 @@ public class KeyCertData extends Properties { /** * Sets ending year of validity. - * + * * @param year ending year */ public void setAfterYear(String year) { @@ -303,7 +305,7 @@ public class KeyCertData extends Properties { /** * Retrieves begining month of validity. - * + * * @return begining month */ public String getBeginMonth() { @@ -312,7 +314,7 @@ public class KeyCertData extends Properties { /** * Sets begining month of validity. - * + * * @param month begining month */ public void setBeginMonth(String month) { @@ -321,7 +323,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending month of validity. - * + * * @return ending month */ public String getAfterMonth() { @@ -330,7 +332,7 @@ public class KeyCertData extends Properties { /** * Sets ending month of validity. - * + * * @param month ending month */ public void setAfterMonth(String month) { @@ -339,7 +341,7 @@ public class KeyCertData extends Properties { /** * Retrieves begining date of validity. - * + * * @return begining date */ public String getBeginDate() { @@ -348,7 +350,7 @@ public class KeyCertData extends Properties { /** * Sets begining date of validity. - * + * * @param date begining date */ public void setBeginDate(String date) { @@ -357,7 +359,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending date of validity. - * + * * @return ending date */ public String getAfterDate() { @@ -366,7 +368,7 @@ public class KeyCertData extends Properties { /** * Sets ending date of validity. - * + * * @param date ending date */ public void setAfterDate(String date) { @@ -375,7 +377,7 @@ public class KeyCertData extends Properties { /** * Retrieves starting hour of validity. - * + * * @return starting hour */ public String getBeginHour() { @@ -384,7 +386,7 @@ public class KeyCertData extends Properties { /** * Sets starting hour of validity. - * + * * @param hour starting hour */ public void setBeginHour(String hour) { @@ -393,7 +395,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending hour of validity. - * + * * @return ending hour */ public String getAfterHour() { @@ -402,7 +404,7 @@ public class KeyCertData extends Properties { /** * Sets ending hour of validity. - * + * * @param hour ending hour */ public void setAfterHour(String hour) { @@ -411,16 +413,16 @@ public class KeyCertData extends Properties { /** * Retrieves starting minute of validity. - * + * * @return starting minute */ public String getBeginMin() { return (String) get(Constants.PR_BEGIN_MIN); } - + /** * Sets starting minute of validity. - * + * * @param min starting minute */ public void setBeginMin(String min) { @@ -429,7 +431,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending minute of validity. - * + * * @return ending minute */ public String getAfterMin() { @@ -438,7 +440,7 @@ public class KeyCertData extends Properties { /** * Sets ending minute of validity. - * + * * @param min ending minute */ public void setAfterMin(String min) { @@ -447,7 +449,7 @@ public class KeyCertData extends Properties { /** * Retrieves starting second of validity. - * + * * @return starting second */ public String getBeginSec() { @@ -456,7 +458,7 @@ public class KeyCertData extends Properties { /** * Sets starting second of validity. - * + * * @param sec starting second */ public void setBeginSec(String sec) { @@ -465,7 +467,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending second of validity. - * + * * @return ending second */ public String getAfterSec() { @@ -474,7 +476,7 @@ public class KeyCertData extends Properties { /** * Sets ending second of validity. - * + * * @param sec ending second */ public void setAfterSec(String sec) { @@ -483,7 +485,7 @@ public class KeyCertData extends Properties { /** * Retrieves CA key pair - * + * * @return CA key pair */ public KeyPair getCAKeyPair() { @@ -492,7 +494,7 @@ public class KeyCertData extends Properties { /** * Sets CA key pair - * + * * @param keypair key pair */ public void setCAKeyPair(KeyPair keypair) { @@ -501,7 +503,7 @@ public class KeyCertData extends Properties { /** * Retrieves extensions - * + * * @return extensions */ public String getDerExtension() { @@ -510,7 +512,7 @@ public class KeyCertData extends Properties { /** * Sets extensions - * + * * @param ext extensions */ public void setDerExtension(String ext) { @@ -519,7 +521,7 @@ public class KeyCertData extends Properties { /** * Retrieves isCA - * + * * @return "true" if it is CA */ public String isCA() { @@ -528,7 +530,7 @@ public class KeyCertData extends Properties { /** * Sets isCA - * + * * @param ext "true" if it is CA */ public void setCA(String ext) { @@ -537,7 +539,7 @@ public class KeyCertData extends Properties { /** * Retrieves key length - * + * * @return certificate's key length */ public String getCertLen() { @@ -546,7 +548,7 @@ public class KeyCertData extends Properties { /** * Sets key length - * + * * @param len certificate's key length */ public void setCertLen(String len) { @@ -555,7 +557,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Client bit - * + * * @return SSL Client bit */ public String getSSLClientBit() { @@ -564,7 +566,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Client bit - * + * * @param sslClientBit SSL Client bit */ public void setSSLClientBit(String sslClientBit) { @@ -573,7 +575,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Server bit - * + * * @return SSL Server bit */ public String getSSLServerBit() { @@ -582,7 +584,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Server bit - * + * * @param sslServerBit SSL Server bit */ public void setSSLServerBit(String sslServerBit) { @@ -591,7 +593,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Mail bit - * + * * @return SSL Mail bit */ public String getSSLMailBit() { @@ -600,7 +602,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Mail bit - * + * * @param sslMailBit SSL Mail bit */ public void setSSLMailBit(String sslMailBit) { @@ -609,7 +611,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL CA bit - * + * * @return SSL CA bit */ public String getSSLCABit() { @@ -618,7 +620,7 @@ public class KeyCertData extends Properties { /** * Sets SSL CA bit - * + * * @param cabit SSL CA bit */ public void setSSLCABit(String cabit) { @@ -627,16 +629,16 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Signing bit - * + * * @return SSL Signing bit */ public String getObjectSigningBit() { return (String) get(Constants.PR_OBJECT_SIGNING_BIT); } - /** + /** * Retrieves Time Stamping bit - * + * * @return Time Stamping bit */ public String getTimeStampingBit() { @@ -645,7 +647,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Signing bit - * + * * @param objectSigningBit SSL Signing bit */ public void setObjectSigningBit(String objectSigningBit) { @@ -654,7 +656,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Mail CA bit - * + * * @return SSL Mail CA bit */ public String getMailCABit() { @@ -663,7 +665,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Mail CA bit - * + * * @param mailCABit SSL Mail CA bit */ public void setMailCABit(String mailCABit) { @@ -672,7 +674,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Object Signing bit - * + * * @return SSL Object Signing bit */ public String getObjectSigningCABit() { @@ -681,7 +683,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Object Signing bit - * + * * @param bit SSL Object Signing bit */ public void setObjectSigningCABit(String bit) { @@ -690,7 +692,7 @@ public class KeyCertData extends Properties { /** * Retrieves OCSP Signing flag - * + * * @return OCSP Signing flag */ public String getOCSPSigning() { @@ -699,7 +701,7 @@ public class KeyCertData extends Properties { /** * Sets OCSP Signing flag - * + * * @param aki OCSP Signing flag */ public void setOCSPSigning(String aki) { @@ -708,7 +710,7 @@ public class KeyCertData extends Properties { /** * Retrieves OCSP No Check flag - * + * * @return OCSP No Check flag */ public String getOCSPNoCheck() { @@ -717,7 +719,7 @@ public class KeyCertData extends Properties { /** * Sets OCSP No Check flag - * + * * @param noCheck OCSP No Check flag */ public void setOCSPNoCheck(String noCheck) { @@ -726,7 +728,7 @@ public class KeyCertData extends Properties { /** * Retrieves Authority Information Access flag - * + * * @return Authority Information Access flag */ public String getAIA() { @@ -735,7 +737,7 @@ public class KeyCertData extends Properties { /** * Sets Authority Information Access flag - * + * * @param aia Authority Information Access flag */ public void setAIA(String aia) { @@ -744,7 +746,7 @@ public class KeyCertData extends Properties { /** * Retrieves Authority Key Identifier flag - * + * * @return Authority Key Identifier flag */ public String getAKI() { @@ -753,7 +755,7 @@ public class KeyCertData extends Properties { /** * Sets Authority Key Identifier flag - * + * * @param aki Authority Key Identifier flag */ public void setAKI(String aki) { @@ -762,7 +764,7 @@ public class KeyCertData extends Properties { /** * Retrieves Subject Key Identifier flag - * + * * @return Subject Key Identifier flag */ public String getSKI() { @@ -771,7 +773,7 @@ public class KeyCertData extends Properties { /** * Sets Subject Key Identifier flag - * + * * @param ski Subject Key Identifier flag */ public void setSKI(String ski) { @@ -780,7 +782,7 @@ public class KeyCertData extends Properties { /** * Retrieves key usage extension - * + * * @return true if key usage extension set */ public boolean getKeyUsageExtension() { @@ -793,7 +795,7 @@ public class KeyCertData extends Properties { /** * Sets CA extensions - * + * * @param ext CA extensions */ public void setCAExtensions(CertificateExtensions ext) { @@ -802,7 +804,7 @@ public class KeyCertData extends Properties { /** * Retrieves CA extensions - * + * * @return CA extensions */ public CertificateExtensions getCAExtensions() { @@ -811,10 +813,11 @@ public class KeyCertData extends Properties { /** * Retrieves hash type - * + * * @return hash type */ public String getHashType() { return (String) get(ConfigConstants.PR_HASH_TYPE); } } + |