// --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation; version 2 of the License. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License along // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.kra; import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; import netscape.security.x509.X500Name; import org.mozilla.jss.crypto.CryptoToken; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.dbs.keydb.IKeyRepository; import com.netscape.certsrv.dbs.replicadb.IReplicaIDRepository; import com.netscape.certsrv.policy.IPolicyProcessor; import com.netscape.certsrv.request.IRequestListener; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.security.Credential; import com.netscape.certsrv.security.IStorageKeyUnit; import com.netscape.certsrv.security.ITransportKeyUnit; /** * An interface represents key recovery authority. The * key recovery authority is responsibile for archiving * and recovering user encryption private keys. *
* * @version $Revision$, $Date$ */ public interface IKeyRecoveryAuthority extends ISubsystem { public static final String ID = "kra"; public final static String PROP_NAME = "name"; public final static String PROP_HTTP = "http"; public final static String PROP_POLICY = "policy"; public final static String PROP_DBS = "dbs"; public final static String PROP_TOKEN = "token"; public final static String PROP_SHARE = "share"; public final static String PROP_PROTECTOR = "protector"; public final static String PROP_LOGGING = "logging"; public final static String PROP_QUEUE_REQUESTS = "queueRequests"; public final static String PROP_STORAGE_KEY = "storageUnit"; public final static String PROP_TRANSPORT_KEY = "transportUnit"; public static final String PROP_NEW_NICKNAME = "newNickname"; public static final String PROP_KEYDB_INC = "keydbInc"; public final static String PROP_NOTIFY_SUBSTORE = "notification"; public final static String PROP_REQ_IN_Q_SUBSTORE = "requestInQ"; /** * Returns the name of this subsystem. *
* * @return KRA name */ public X500Name getX500Name(); /** * Retrieves KRA request repository. *
* * @return request repository */ public IRequestQueue getRequestQueue(); /** * Retrieves the key repository. The key repository * stores archived keys. *
*/ public IKeyRepository getKeyRepository(); /** * Retrieves the Replica ID repository. * * @return KRA's Replica ID repository */ public IReplicaIDRepository getReplicaRepository(); /** * Enables the auto recovery state. Once KRA is in the auto * recovery state, no recovery agents need to be present for * providing credentials. This feature is for enabling * user-based recovery operation. *
*
* @param cs list of agent credentials
* @param on true if auto recovery state is on
* @return current auto recovery state
*/
public boolean setAutoRecoveryState(Credential cs[], boolean on);
/**
* Returns the current auto recovery state.
*
* @return true if auto recvoery state is on
*/
public boolean getAutoRecoveryState();
/**
* Adds credentials to the given authorizated recovery operation.
* In distributed recovery mode, recovery agent login to the
* agent interface and submit its credential for a particular
* recovery operation.
*
* @param id authorization identifier
* @param creds list of credentials
*/
public void addAutoRecovery(String id, Credential creds[]);
/**
* Removes a particular auto recovery operation.
*
* @param id authorization identifier
*/
public void removeAutoRecovery(String id);
/**
* Returns the number of required agents. In M-out-of-N
* recovery schema, only M agents are required even there
* are N agents. This method returns M.
*
* @return number of required agents
*/
public int getNoOfRequiredAgents() throws EBaseException;
/**
* Sets the number of required recovery agents
*
* @param number number of agents
*/
public void setNoOfRequiredAgents(int number) throws EBaseException;
/**
* Returns the current recovery identifier.
*
* @return recovery identifier
*/
public String getRecoveryID();
/**
* Returns a list of recovery identifiers.
*
* @return list of auto recovery identifiers
*/
public Enumeration