From a4682ceae6774956461edd03b2485bbacea445f4 Mon Sep 17 00:00:00 2001 From: mharmsen Date: Tue, 4 Oct 2011 01:17:41 +0000 Subject: Bugzilla Bug #688225 - (dogtagIPAv2.1) TRACKER: of the Dogtag fixes for freeIPA 2.1 git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/tags/IPA_v2_RHEL_6_2_20111003@2252 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- .../certsrv/security/ICryptoSubsystem.java | 462 +++++++++++++++++++++ 1 file changed, 462 insertions(+) create mode 100644 pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java (limited to 'pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java') diff --git a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java new file mode 100644 index 000000000..2e4c0a9ee --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java @@ -0,0 +1,462 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.security; + + +import org.mozilla.jss.crypto.*; +import org.mozilla.jss.*; +import org.mozilla.jss.CryptoManager.*; +import java.io.*; +import java.security.*; +import java.util.*; +import java.security.*; +import java.security.cert.*; +import netscape.security.x509.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.common.*; + + +/** + * This interface represents the cryptographics subsystem + * that provides all the security related functions. + * + * @version $Revision$, $Date$ + */ +public interface ICryptoSubsystem extends ISubsystem { + + public static final String ID = "jss"; + + /** + * Retrieves a list of nicknames of certificates that are + * in the installed tokens. + * + * @return a list of comma-separated nicknames + * @exception EBaseException failed to retrieve nicknames + */ + public String getAllCerts() throws EBaseException; + + /** + * Retrieves certificate in pretty-print format by the nickname. + * + * @param nickname nickname of certificate + * @param date not after of the returned certificate must be date + * @param locale user locale + * @return certificate in pretty-print format + * @exception EBaseException failed to retrieve certificate + */ + public String getCertPrettyPrint(String nickname, String date, + Locale locale) throws EBaseException; + public String getRootCertTrustBit(String nickname, String serialno, + String issuerName) throws EBaseException; + public String getCertPrettyPrint(String nickname, String serialno, + String issuername, Locale locale) throws EBaseException; + public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, + String issuername, Locale locale) throws EBaseException; + + /** + * Retrieves the certificate in the pretty print format. + * + * @param b64E certificate in mime-64 encoded format + * @param locale end user locale + * @return certificate in pretty-print format + * @exception EBaseException failed to retrieve certificate + */ + public String getCertPrettyPrint(String b64E, Locale locale) + throws EBaseException; + + /** + * Imports certificate into the server. + * + * @param b64E certificate in mime-64 encoded format + * @param nickname nickname for the importing certificate + * @param certType certificate type + * @exception EBaseException failed to import certificate + */ + public void importCert(String b64E, String nickname, String certType) + throws EBaseException; + + /** + * Imports certificate into the server. + * + * @param signedCert certificate + * @param nickname nickname for the importing certificate + * @param certType certificate type + * @exception EBaseException failed to import certificate + */ + public void importCert(X509CertImpl signedCert, String nickname, + String certType) throws EBaseException; + + /** + * Generates a key pair based on the given parameters. + * + * @param properties key parameters + * @return key pair + * @exception EBaseException failed to generate key pair + */ + public KeyPair getKeyPair(KeyCertData properties) throws EBaseException; + + /** + * Retrieves the key pair based on the given nickname. + * + * @param nickname nickname of the public key + * @exception EBaseException failed to retrieve key pair + */ + public KeyPair getKeyPair(String nickname) throws EBaseException; + + /** + * Generates a key pair based on the given parameters. + * + * @param tokenName name of token where key is generated + * @param alg key algorithm + * @param keySize key size + * @return key pair + * @exception EBaseException failed to generate key pair + */ + public KeyPair getKeyPair(String tokenName, String alg, + int keySize) throws EBaseException; + + /** + * Generates a key pair based on the given parameters. + * + * @param tokenName name of token where key is generated + * @param alg key algorithm + * @param keySize key size + * @param pqg pqg parameters if DSA key, otherwise null + * @return key pair + * @exception EBaseException failed to generate key pair + */ + public KeyPair getKeyPair(String tokenName, String alg, + int keySize, PQGParams pqg) throws EBaseException; + + /** + * Generates an ECC key pair based on the given parameters. + * + * @param properties key parameters + * @return key pair + * @exception EBaseException failed to generate key pair + */ + public KeyPair getECCKeyPair(KeyCertData properties) throws EBaseException; + + /** + * Generates an ECC key pair based on the given parameters. + * + * @param token token name + * @param curveName curve name + * @param certType type of cert(sslserver etc..) + * @return key pair + * @exception EBaseException failed to generate key pair + */ + public KeyPair getECCKeyPair(String token, String curveName, String certType) throws EBaseException; + + /** + * Retrieves the signature algorithm of the certificate named + * by the given nickname. + * + * @param nickname nickname of the certificate + * @return signature algorithm + * @exception EBaseException failed to retrieve signature + */ + public String getSignatureAlgorithm(String nickname) throws EBaseException; + + /** + * Checks if the given dn is a valid distinguished name. + * + * @param dn distinguished name + * @exception EBaseException failed to check + */ + public void isX500DN(String dn) throws EBaseException; + + /** + * Retrieves CA's signing algorithm id. If it is DSA algorithm, + * algorithm is constructed by reading the parameters + * ca.dsaP, ca.dsaQ, ca.dsaG. + * + * @param algname DSA or RSA + * @param store configuration store. + * @return algorithm id + * @exception EBaseException failed to retrieve algorithm id + */ + public AlgorithmId getAlgorithmId(String algname, IConfigStore store) throws EBaseException; + + /** + * Retrieves subject name of the certificate that is identified by + * the given nickname. + * + * @param tokenname name of token where the nickname is valid + * @param nickname nickname of the certificate + * @return subject name + * @exception EBaseException failed to get subject name + */ + public String getCertSubjectName(String tokenname, String nickname) + throws EBaseException; + + /** + * Retrieves extensions of the certificate that is identified by + * the given nickname. + * + * @param tokenname name of token where the nickname is valid + * @param nickname nickname of the certificate + * @return certificate extensions + * @exception EBaseException failed to get extensions + */ + public CertificateExtensions getExtensions(String tokenname, String nickname + ) + throws EBaseException; + + /** + * Deletes certificate of the given nickname. + * + * @param nickname nickname of the certificate + * @param pathname path where a copy of the deleted certificate is stored + * @exception EBaseException failed to delete certificate + */ + public void deleteTokenCertificate(String nickname, String pathname) + throws EBaseException; + + /** + * Delete certificate of the given nickname. + * + * @param nickname nickname of the certificate + * @param notAfterTime The notAfter of the certificate. It + * is possible to ge t multiple certificates under + * the same nickname. If one of the certificates match + * the notAfterTime, then the certificate will get + * deleted. The format of the notAfterTime has to be + * in "MMMMM dd, yyyy HH:mm:ss" format. + * @exception EBaseException failed to delete certificate + */ + public void deleteCert(String nickname, String notAfterTime) + throws EBaseException; + + /** + * Retrieves the subject DN of the certificate identified by + * the nickname. + * + * @param nickname nickname of the certificate + * @return subject distinguished name + * @exception EBaseException failed to retrieve subject DN + */ + public String getSubjectDN(String nickname) throws EBaseException; + + /** + * Trusts a certificate for all available purposes. + * + * @param nickname nickname of the certificate + * @param date certificate's not before + * @param trust "Trust" or other + * @exception EBaseException failed to trust certificate + */ + public void trustCert(String nickname, String date, String trust) + throws EBaseException; + + /** + * Checks if the given base-64 encoded string contains an extension + * or a sequence of extensions. + * + * @param ext extension or sequence of extension encoded in base-64 + * @exception EBaseException failed to check encoding + */ + public void checkCertificateExt(String ext) throws EBaseException; + + /** + * Gets all certificates on all tokens for Certificate Database Management. + * + * @return all certificates + * @exception EBaseException failed to retrieve certificates + */ + public NameValuePairs getAllCertsManage() throws EBaseException; + public NameValuePairs getUserCerts() throws EBaseException; + + /** + * Gets all CA certificates on all tokens. + * + * @return all CA certificates + * @exception EBaseException failed to retrieve certificates + */ + public NameValuePairs getCACerts() throws EBaseException; + + public NameValuePairs getRootCerts() throws EBaseException; + + public void setRootCertTrust(String nickname, String serialno, + String issuername, String trust) throws EBaseException; + + public void deleteRootCert(String nickname, String serialno, + String issuername) throws EBaseException; + + public void deleteUserCert(String nickname, String serialno, + String issuername) throws EBaseException; + + /** + * Retrieves PQG parameters based on key size. + * + * @param keysize key size + * @return pqg parameters + */ + public PQGParams getPQG(int keysize); + + /** + * Retrieves PQG parameters based on key size. + * + * @param keysize key size + * @param store configuration store + * @return pqg parameters + */ + public PQGParams getCAPQG(int keysize, IConfigStore store) + throws EBaseException; + + /** + * Retrieves extensions of the certificate that is identified by + * the given nickname. + * + * @param tokenname token name + * @param nickname nickname + * @return certificate extensions + */ + public CertificateExtensions getCertExtensions(String tokenname, String nickname + ) + throws NotInitializedException, TokenException, ObjectNotFoundException, + + IOException, CertificateException; + + /** + * Checks if the given token is logged in. + * + * @param name token name + * @return true if token is logged in + * @exception EBaseException failed to login + */ + public boolean isTokenLoggedIn(String name) throws EBaseException; + + /** + * Logs into token. + * + * @param tokenName name of the token + * @param pwd token password + * @exception EBaseException failed to login + */ + public void loggedInToken(String tokenName, String pwd) + throws EBaseException; + + /** + * Generates certificate request from the given key pair. + * + * @param subjectName subject name to use in the request + * @param kp key pair that contains public key material + * @return certificate request in base-64 encoded format + * @exception EBaseException failed to generate request + */ + public String getCertRequest(String subjectName, KeyPair kp) + throws EBaseException; + + /** + * Checks if fortezza is enabled. + * + * @return "true" if fortezza is enabled + */ + public String isCipherFortezza() throws EBaseException; + + /** + * Retrieves the SSL cipher version. + * + * @return cipher version (i.e. "cipherdomestic") + */ + public String getCipherVersion() throws EBaseException; + + /** + * Retrieves the cipher preferences. + * + * @return cipher preferences (i.e. "rc4export,rc2export,...") + */ + public String getCipherPreferences() throws EBaseException; + + /** + * Sets the current SSL cipher preferences. + * + * @param cipherPrefs cipher preferences (i.e. "rc4export,rc2export,...") + * @exception EBaseException failed to set cipher preferences + */ + public void setCipherPreferences(String cipherPrefs) + throws EBaseException; + + /** + * Retrieves a list of currently registered token names. + * + * @return list of token names + * @exception EBaseException failed to retrieve token list + */ + public String getTokenList() throws EBaseException; + + /** + * Retrieves all certificates. The result list will not + * contain the token tag. + * + * @param name token name + * @return list of certificates without token tag + * @exception EBaseException failed to retrieve + */ + public String getCertListWithoutTokenName(String name) throws EBaseException; + + /** + * Retrieves the token name of the internal (software) token. + * + * @return the token name + * @exception EBaseException failed to retrieve token name + */ + public String getInternalTokenName() throws EBaseException; + + /** + * Checks to see if the certificate of the given nickname is a + * CA certificate. + * + * @param fullNickname nickname of the certificate to check + * @return true if it is a CA certificate + * @exception EBaseException failed to check + */ + public boolean isCACert(String fullNickname) throws EBaseException; + + /** + * Adds the specified number of bits of entropy from the system + * entropy generator to the RNG of the default PKCS#11 RNG token. + * The default token is set using the modutil command. + * Note that the system entropy generator (usually /dev/random) + * will block until sufficient entropy is collected. + * + * @param bits number of bits of entropy + * @exception org.mozilla.jss.util.NotImplementedException If the Crypto device does not support + * adding entropy + * @exception TokenException If there was some other problem with the Crypto device + * @exception IOException If there was a problem reading from the /dev/random + */ + + public void addEntropy(int bits) + throws org.mozilla.jss.util.NotImplementedException, + IOException, + TokenException; + + /** + * Signs the certificate template into the given data and returns + * a signed certificate. + * + * @param data data that contains certificate template + * @param certType certificate type + * @param priKey CA signing key + * @return certificate + * @exception EBaseException failed to sign certificate template + */ + public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey) throws EBaseException; +} -- cgit