// --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation; version 2 of the License. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License along // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; import java.util.Enumeration; import netscape.security.x509.CertificateChain; import netscape.security.x509.CertificateVersion; import netscape.security.x509.X500Name; import netscape.security.x509.X509CRLImpl; import netscape.security.x509.X509CertImpl; import netscape.security.x509.X509CertInfo; import org.mozilla.jss.crypto.SignatureAlgorithm; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.base.Nonces; import com.netscape.certsrv.dbs.certdb.ICertificateRepository; import com.netscape.certsrv.dbs.crldb.ICRLRepository; import com.netscape.certsrv.dbs.replicadb.IReplicaIDRepository; import com.netscape.certsrv.policy.IPolicyProcessor; import com.netscape.certsrv.publish.IPublisherProcessor; import com.netscape.certsrv.request.IRequestListener; import com.netscape.certsrv.request.IRequestNotifier; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.IService; import com.netscape.certsrv.security.ISigningUnit; /** * An interface represents a Certificate Authority that is * responsible for certificate specific operations. *
*
* @version $Revision$, $Date$
*/
public interface ICertificateAuthority extends ISubsystem {
public static final String ID = "ca";
public static final String PROP_CERTDB_INC = "certdbInc";
public static final String PROP_CRLDB_INC = "crldbInc";
public static final String PROP_REGISTRATION = "Registration";
public static final String PROP_POLICY = "Policy";
public static final String PROP_GATEWAY = "gateway";
public static final String PROP_CLASS = "class";
public static final String PROP_TYPE = "type";
public static final String PROP_IMPL = "impl";
public static final String PROP_PLUGIN = "plugin";
public static final String PROP_INSTANCE = "instance";
public static final String PROP_LISTENER_SUBSTORE = "listener";
public final static String PROP_LDAP_PUBLISH_SUBSTORE = "ldappublish";
public final static String PROP_PUBLISH_SUBSTORE = "publish";
public final static String PROP_ENABLE_PUBLISH = "enablePublish";
public final static String PROP_ENABLE_LDAP_PUBLISH = "enableLdapPublish";
public final static String PROP_X509CERT_VERSION = "X509CertVersion";
public final static String PROP_ENABLE_PAST_CATIME = "enablePastCATime";
public final static String PROP_DEF_VALIDITY = "DefaultIssueValidity";
public final static String PROP_FAST_SIGNING = "fastSigning";
public static final String PROP_ENABLE_ADMIN_ENROLL =
"enableAdminEnroll";
public final static String PROP_CRL_SUBSTORE = "crl";
// make this public so agent gateway can access for now.
public final static String PROP_CRL_PAGE_SIZE = "pageSize";
public final static String PROP_MASTER_CRL = "MasterCRL";
public final static String PROP_CRLEXT_SUBSTORE = "extension";
public final static String PROP_ISSUING_CLASS =
"com.netscape.cmscore.ca.CRLIssuingPoint";
public final static String PROP_EXPIREDCERTS_CLASS =
"com.netscape.cmscore.ca.CRLWithExpiredCerts";
public final static String PROP_NOTIFY_SUBSTORE = "notification";
public final static String PROP_CERT_ISSUED_SUBSTORE = "certIssued";
public final static String PROP_CERT_REVOKED_SUBSTORE = "certRevoked";
public final static String PROP_REQ_IN_Q_SUBSTORE = "requestInQ";
public final static String PROP_PUB_QUEUE_SUBSTORE = "publishingQueue";
public final static String PROP_ISSUER_NAME = "name";
public final static String PROP_CA_NAMES = "CAs";
public final static String PROP_DBS_SUBSTORE = "dbs";
public final static String PROP_SIGNING_SUBSTORE = "signing";
public final static String PROP_CA_CHAIN_NUM = "certchainNum";
public final static String PROP_CA_CHAIN = "certchain";
public final static String PROP_CA_CERT = "cert";
public final static String PROP_ENABLE_OCSP = "ocsp";
public final static String PROP_OCSP_SIGNING_SUBSTORE = "ocsp_signing";
public final static String PROP_CRL_SIGNING_SUBSTORE = "crl_signing";
public final static String PROP_ID = "id";
public final static String PROP_CERTDB_TRANS_MAXRECORDS = "transitMaxRecords";
public final static String PROP_CERTDB_TRANS_PAGESIZE = "transitRecordPageSize";
/**
* Retrieves the certificate repository where all the locally
* issued certificates are kept.
*
* @return CA's certificate repository
*/
public ICertificateRepository getCertificateRepository();
/**
* Retrieves the request queue of this certificate authority.
*
* @return CA's request queue
*/
public IRequestQueue getRequestQueue();
/**
* Retrieves the policy processor of this certificate authority.
* @deprecated
* @return CA's policy processor
*/
public IPolicyProcessor getPolicyProcessor();
public boolean noncesEnabled();
public Nonces getNonces();
/**
* Retrieves the publishing processor of this certificate authority.
*
* @return CA's publishing processor
*/
public IPublisherProcessor getPublisherProcessor();
/**
* Retrieves the next available serial number.
*
* @return next available serial number
*/
public String getStartSerial();
/**
* Sets the next available serial number.
*
* @param serial next available serial number
* @exception EBaseException failed to set next available serial number
*/
public void setStartSerial(String serial) throws EBaseException;
/**
* Retrieves the last serial number that can be used for
* certificate issuance in this certificate authority.
*
* @return the last serial number
*/
public String getMaxSerial();
/**
* Sets the last serial number that can be used for
* certificate issuance in this certificate authority.
*
* @param serial the last serial number
* @exception EBaseException failed to set the last serial number
*/
public void setMaxSerial(String serial) throws EBaseException;
/**
* Retrieves the default signature algorithm of this certificate authority.
*
* @return the default signature algorithm of this CA
*/
public SignatureAlgorithm getDefaultSignatureAlgorithm();
/**
* Retrieves the default signing algorithm of this certificate authority.
*
* @return the default signing algorithm of this CA
*/
public String getDefaultAlgorithm();
/**
* Sets the default signing algorithm of this certificate authority.
*
* @param algorithm new default signing algorithm
* @exception EBaseException failed to set the default signing algorithm
*/
public void setDefaultAlgorithm(String algorithm) throws EBaseException;
/**
* Retrieves the supported signing algorithms of this certificate authority.
*
* @return the supported signing algorithms of this CA
*/
public String[] getCASigningAlgorithms();
/**
* Allows certificates to have validities that are longer
* than this certificate authority's.
*
* @param enableCAPast if equals "true", it allows certificates
* to have validity longer than CA's certificate validity
* @exception EBaseException failed to set above option
*/
public void setValidity(String enableCAPast) throws EBaseException;
/**
* Retrieves the default validity period.
*
* @return the default validity length in days
*/
public long getDefaultValidity();
/**
* Retrieves all the CRL issuing points.
*
* @return enumeration of all the CRL issuing points
*/
public Enumeration