diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java | 230 |
1 files changed, 112 insertions, 118 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java b/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java index 82e0961c..e7e8ab93 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; - import java.math.BigInteger; import java.util.Date; import java.util.Set; @@ -33,19 +32,17 @@ import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.dbs.IElementProcessor; - /** - * This class encapsulates CRL issuing mechanism. CertificateAuthority - * contains a map of CRLIssuingPoint indexed by string ids. Each issuing - * point contains information about CRL issuing and publishing parameters - * as well as state information which includes last issued CRL, next CRL - * serial number, time of the next update etc. - * If autoUpdateInterval is set to non-zero value then worker thread - * is created that will perform CRL update at scheduled intervals. Update - * can also be triggered by invoking updateCRL method directly. Another - * parameter minUpdateInterval can be used to prevent CRL - * from being updated too often - * + * This class encapsulates CRL issuing mechanism. CertificateAuthority contains + * a map of CRLIssuingPoint indexed by string ids. Each issuing point contains + * information about CRL issuing and publishing parameters as well as state + * information which includes last issued CRL, next CRL serial number, time of + * the next update etc. If autoUpdateInterval is set to non-zero value then + * worker thread is created that will perform CRL update at scheduled intervals. + * Update can also be triggered by invoking updateCRL method directly. Another + * parameter minUpdateInterval can be used to prevent CRL from being updated too + * often + * * @version $Revision$, $Date$ */ @@ -74,151 +71,151 @@ public interface ICRLIssuingPoint { /** * Returns true if CRL issuing point is enabled. - * + * * @return true if CRL issuing point is enabled */ public boolean isCRLIssuingPointEnabled(); /** * Returns true if CRL generation is enabled. - * + * * @return true if CRL generation is enabled */ public boolean isCRLGenerationEnabled(); /** * Enables or disables CRL issuing point according to parameter. - * + * * @param enable if true enables CRL issuing point */ public void enableCRLIssuingPoint(boolean enable); /** * Returns CRL update status. - * + * * @return CRL update status */ public String getCrlUpdateStatusStr(); /** * Returns CRL update error. - * + * * @return CRL update error */ public String getCrlUpdateErrorStr(); /** * Returns CRL publishing status. - * + * * @return CRL publishing status */ public String getCrlPublishStatusStr(); /** * Returns CRL publishing error. - * + * * @return CRL publishing error */ public String getCrlPublishErrorStr(); /** * Returns CRL issuing point initialization status. - * + * * @return status of CRL issuing point initialization */ public int isCRLIssuingPointInitialized(); /** * Checks if manual update is set. - * + * * @return true if manual update is set */ public boolean isManualUpdateSet(); /** * Checks if expired certificates are included in CRL. - * + * * @return true if expired certificates are included in CRL */ public boolean areExpiredCertsIncluded(); /** * Checks if CRL includes CA certificates only. - * + * * @return true if CRL includes CA certificates only */ public boolean isCACertsOnly(); /** * Checks if CRL includes profile certificates only. - * + * * @return true if CRL includes profile certificates only */ public boolean isProfileCertsOnly(); /** * Checks if CRL issuing point includes this profile. - * + * * @return true if CRL issuing point includes this profile */ public boolean checkCurrentProfile(String id); /** * Initializes CRL issuing point. - * - * @param ca certificate authority that holds CRL issuing point + * + * @param ca certificate authority that holds CRL issuing point * @param id CRL issuing point id * @param config configuration sub-store for CRL issuing point * @exception EBaseException thrown if initialization failed */ - public void init(ISubsystem ca, String id, IConfigStore config) - throws EBaseException; + public void init(ISubsystem ca, String id, IConfigStore config) + throws EBaseException; /** - * This method is called during shutdown. - * It updates CRL cache and stops thread controlling CRL updates. + * This method is called during shutdown. It updates CRL cache and stops + * thread controlling CRL updates. */ public void shutdown(); /** * Returns internal id of this CRL issuing point. - * + * * @return internal id of this CRL issuing point */ public String getId(); /** * Returns internal description of this CRL issuing point. - * + * * @return internal description of this CRL issuing point */ public String getDescription(); /** * Sets internal description of this CRL issuing point. - * + * * @param description description for this CRL issuing point. */ public void setDescription(String description); /** - * Returns DN of the directory entry where CRLs from this issuing point - * are published. - * + * Returns DN of the directory entry where CRLs from this issuing point are + * published. + * * @return DN of the directory entry where CRLs are published. */ public String getPublishDN(); /** * Returns signing algorithm. - * + * * @return signing algorithm */ public String getSigningAlgorithm(); /** * Returns signing algorithm used in last signing operation.. - * + * * @return last signing algorithm */ public String getLastSigningAlgorithm(); @@ -226,14 +223,14 @@ public interface ICRLIssuingPoint { /** * Returns current CRL generation schema for this CRL issuing point. * <P> - * + * * @return current CRL generation schema for this CRL issuing point */ public int getCRLSchema(); /** * Returns current CRL number of this CRL issuing point. - * + * * @return current CRL number of this CRL issuing point */ public BigInteger getCRLNumber(); @@ -241,56 +238,56 @@ public interface ICRLIssuingPoint { /** * Returns current delta CRL number of this CRL issuing point. * <P> - * + * * @return current delta CRL number of this CRL issuing point */ public BigInteger getDeltaCRLNumber(); /** * Returns next CRL number of this CRL issuing point. - * + * * @return next CRL number of this CRL issuing point */ public BigInteger getNextCRLNumber(); /** * Returns number of entries in the current CRL. - * + * * @return number of entries in the current CRL */ public long getCRLSize(); /** * Returns number of entries in delta CRL - * + * * @return number of entries in delta CRL */ public long getDeltaCRLSize(); /** * Returns time of the last update. - * + * * @return last CRL update time */ public Date getLastUpdate(); /** * Returns time of the next update. - * + * * @return next CRL update time */ public Date getNextUpdate(); /** * Returns time of the next delta CRL update. - * + * * @return next delta CRL update time */ public Date getNextDeltaUpdate(); /** * Returns all the revoked certificates from the CRL cache. - * + * * @param start first requested CRL entry * @param end next after last requested CRL entry * @return set of all the revoked certificates or null if there are none. @@ -299,92 +296,89 @@ public interface ICRLIssuingPoint { /** * Returns certificate authority. - * + * * @return certificate authority */ public ISubsystem getCertificateAuthority(); /** - * Schedules immediate CRL manual-update - * and sets signature algorithm to be used for signing. - * + * Schedules immediate CRL manual-update and sets signature algorithm to be + * used for signing. + * * @param signatureAlgorithm signature algorithm to be used for signing */ - public void setManualUpdate(String signatureAlgorithm); + public void setManualUpdate(String signatureAlgorithm); /** * Returns auto update interval in milliseconds. - * + * * @return auto update interval in milliseconds */ public long getAutoUpdateInterval(); /** - * Returns true if CRL is updated for every change - * of revocation status of any certificate. - * + * Returns true if CRL is updated for every change of revocation status of + * any certificate. + * * @return true if CRL update is always triggered by revocation operation */ public boolean getAlwaysUpdate(); /** * Returns next update grace period in minutes. - * + * * @return next update grace period in minutes */ public long getNextUpdateGracePeriod(); /** - * Returns filter used to build CRL based on information stored - * in local directory. - * + * Returns filter used to build CRL based on information stored in local + * directory. + * * @return filter used to search local directory */ public String getFilter(); /** - * Builds a list of revoked certificates to put them into CRL. - * Calls certificate record processor to get necessary data - * from certificate records. - * This also regenerates CRL cache. - * + * Builds a list of revoked certificates to put them into CRL. Calls + * certificate record processor to get necessary data from certificate + * records. This also regenerates CRL cache. + * * @param cp certificate record processor * @exception EBaseException if an error occurred in the database. */ - public void processRevokedCerts(IElementProcessor cp) - throws EBaseException; + public void processRevokedCerts(IElementProcessor cp) throws EBaseException; /** - * Returns date of revoked certificate or null - * if certificated is not listed as revoked. - * + * Returns date of revoked certificate or null if certificated is not listed + * as revoked. + * * @param serialNumber serial number of certificate to be checked - * @param checkDeltaCache true if delta CRL cache suppose to be - * included in checking process + * @param checkDeltaCache true if delta CRL cache suppose to be included in + * checking process * @param includeExpiredCerts true if delta CRL cache with expired - * certificates suppose to be included in checking process + * certificates suppose to be included in checking process * @return date of revoked certificate or null */ public Date getRevocationDateFromCache(BigInteger serialNumber, - boolean checkDeltaCache, - boolean includeExpiredCerts); + boolean checkDeltaCache, boolean includeExpiredCerts); + /** * Returns split times from CRL generation. - * + * * @return split times from CRL generation in milliseconds */ public Vector getSplitTimes(); /** - * Generates CRL now based on cache or local directory if cache - * is not available. It also publishes CRL if it is required. - * + * Generates CRL now based on cache or local directory if cache is not + * available. It also publishes CRL if it is required. + * * @param signingAlgorithm signing algorithm to be used for CRL signing - * @exception EBaseException if an error occurred during - * CRL generation or publishing + * @exception EBaseException if an error occurred during CRL generation or + * publishing */ - public void updateCRLNow(String signingAlgorithm) - throws EBaseException; + public void updateCRLNow(String signingAlgorithm) throws EBaseException; /** * Clears CRL cache @@ -398,29 +392,29 @@ public interface ICRLIssuingPoint { /** * Returns number of recently revoked certificates. - * + * * @return number of recently revoked certificates */ public int getNumberOfRecentlyRevokedCerts(); /** * Returns number of recently unrevoked certificates. - * + * * @return number of recently unrevoked certificates */ public int getNumberOfRecentlyUnrevokedCerts(); /** * Returns number of recently expired and revoked certificates. - * + * * @return number of recently expired and revoked certificates */ public int getNumberOfRecentlyExpiredCerts(); /** - * Converts list of extensions supplied by revocation request - * to list of extensions required to be placed in CRL. - * + * Converts list of extensions supplied by revocation request to list of + * extensions required to be placed in CRL. + * * @param exts list of extensions supplied by revocation request * @return list of extensions required to be placed in CRL */ @@ -428,32 +422,33 @@ public interface ICRLIssuingPoint { /** * Adds revoked certificate to delta-CRL cache. - * + * * @param serialNumber serial number of revoked certificate * @param revokedCert revocation information supplied by revocation request */ - public void addRevokedCert(BigInteger serialNumber, RevokedCertImpl revokedCert); + public void addRevokedCert(BigInteger serialNumber, + RevokedCertImpl revokedCert); /** * Adds revoked certificate to delta-CRL cache. - * + * * @param serialNumber serial number of revoked certificate * @param revokedCert revocation information supplied by revocation request * @param requestId revocation request id */ - public void addRevokedCert(BigInteger serialNumber, RevokedCertImpl revokedCert, - String requestId); + public void addRevokedCert(BigInteger serialNumber, + RevokedCertImpl revokedCert, String requestId); /** * Adds unrevoked certificate to delta-CRL cache. - * + * * @param serialNumber serial number of unrevoked certificate */ public void addUnrevokedCert(BigInteger serialNumber); /** * Adds unrevoked certificate to delta-CRL cache. - * + * * @param serialNumber serial number of unrevoked certificate * @param requestId unrevocation request id */ @@ -461,7 +456,7 @@ public interface ICRLIssuingPoint { /** * Adds expired and revoked certificate to delta-CRL cache. - * + * * @param serialNumber serial number of expired and revoked certificate */ public void addExpiredCert(BigInteger serialNumber); @@ -472,9 +467,9 @@ public interface ICRLIssuingPoint { public void updateCRLCacheRepository(); /** - * Updates issuing point configuration according to supplied data - * in name value pairs. - * + * Updates issuing point configuration according to supplied data in name + * value pairs. + * * @param params name value pairs defining new issuing point configuration * @return true if configuration is updated successfully */ @@ -482,35 +477,35 @@ public interface ICRLIssuingPoint { /** * Returns true if delta-CRL is enabled. - * + * * @return true if delta-CRL is enabled */ public boolean isDeltaCRLEnabled(); /** * Returns true if CRL cache is enabled. - * + * * @return true if CRL cache is enabled */ public boolean isCRLCacheEnabled(); /** * Returns true if CRL cache is empty. - * + * * @return true if CRL cache is empty */ public boolean isCRLCacheEmpty(); /** * Returns true if CRL cache testing is enabled. - * + * * @return true if CRL cache testing is enabled */ public boolean isCRLCacheTestingEnabled(); /** * Returns true if supplied delta-CRL is matching current delta-CRL. - * + * * @param deltaCRL delta-CRL to verify against current delta-CRL * @return true if supplied delta-CRL is matching current delta-CRL */ @@ -518,27 +513,26 @@ public interface ICRLIssuingPoint { /** * Returns status of CRL generation. - * + * * @return one of the following according to CRL generation status: * CRL_UPDATE_DONE, CRL_UPDATE_STARTED, and CRL_PUBLISHING_STARTED */ public int isCRLUpdateInProgress(); /** - * Generates CRL now based on cache or local directory if cache - * is not available. It also publishes CRL if it is required. - * CRL is signed by default signing algorithm. - * - * @exception EBaseException if an error occurred during - * CRL generation or publishing + * Generates CRL now based on cache or local directory if cache is not + * available. It also publishes CRL if it is required. CRL is signed by + * default signing algorithm. + * + * @exception EBaseException if an error occurred during CRL generation or + * publishing */ - public void updateCRLNow() throws EBaseException; + public void updateCRLNow() throws EBaseException; /** * Returns list of CRL extensions. - * + * * @return list of CRL extensions */ public ICMSCRLExtensions getCRLExtensions(); } - |