diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java')
-rw-r--r-- | pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java | 187 |
1 files changed, 91 insertions, 96 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java index 6f7a4961..161328b9 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; - import java.util.Enumeration; import netscape.security.x509.CertificateChain; @@ -44,12 +43,11 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.IService; import com.netscape.certsrv.security.ISigningUnit; - /** - * An interface represents a Certificate Authority that is - * responsible for certificate specific operations. + * An interface represents a Certificate Authority that is responsible for + * certificate specific operations. * <P> - * + * * @version $Revision$, $Date$ */ public interface ICertificateAuthority extends ISubsystem { @@ -76,18 +74,15 @@ public interface ICertificateAuthority extends ISubsystem { public final static String PROP_ENABLE_PAST_CATIME = "enablePastCATime"; public final static String PROP_DEF_VALIDITY = "DefaultIssueValidity"; public final static String PROP_FAST_SIGNING = "fastSigning"; - public static final String PROP_ENABLE_ADMIN_ENROLL = - "enableAdminEnroll"; + public static final String PROP_ENABLE_ADMIN_ENROLL = "enableAdminEnroll"; public final static String PROP_CRL_SUBSTORE = "crl"; // make this public so agent gateway can access for now. public final static String PROP_CRL_PAGE_SIZE = "pageSize"; public final static String PROP_MASTER_CRL = "MasterCRL"; public final static String PROP_CRLEXT_SUBSTORE = "extension"; - public final static String PROP_ISSUING_CLASS = - "com.netscape.cmscore.ca.CRLIssuingPoint"; - public final static String PROP_EXPIREDCERTS_CLASS = - "com.netscape.cmscore.ca.CRLWithExpiredCerts"; + public final static String PROP_ISSUING_CLASS = "com.netscape.cmscore.ca.CRLIssuingPoint"; + public final static String PROP_EXPIREDCERTS_CLASS = "com.netscape.cmscore.ca.CRLWithExpiredCerts"; public final static String PROP_NOTIFY_SUBSTORE = "notification"; public final static String PROP_CERT_ISSUED_SUBSTORE = "certIssued"; @@ -108,67 +103,68 @@ public interface ICertificateAuthority extends ISubsystem { public final static String PROP_ID = "id"; public final static String PROP_CERTDB_TRANS_MAXRECORDS = "transitMaxRecords"; - public final static String PROP_CERTDB_TRANS_PAGESIZE = "transitRecordPageSize"; + public final static String PROP_CERTDB_TRANS_PAGESIZE = "transitRecordPageSize"; /** - * Retrieves the certificate repository where all the locally - * issued certificates are kept. - * + * Retrieves the certificate repository where all the locally issued + * certificates are kept. + * * @return CA's certificate repository */ public ICertificateRepository getCertificateRepository(); /** * Retrieves the request queue of this certificate authority. - * + * * @return CA's request queue */ public IRequestQueue getRequestQueue(); /** * Retrieves the policy processor of this certificate authority. - * + * * @return CA's policy processor */ public IPolicyProcessor getPolicyProcessor(); public boolean noncesEnabled(); - public Nonces getNonces(); + + public Nonces getNonces(); /** * Retrieves the publishing processor of this certificate authority. - * + * * @return CA's publishing processor */ public IPublisherProcessor getPublisherProcessor(); /** * Retrieves the next available serial number. - * + * * @return next available serial number */ public String getStartSerial(); /** * Sets the next available serial number. - * + * * @param serial next available serial number * @exception EBaseException failed to set next available serial number */ public void setStartSerial(String serial) throws EBaseException; /** - * Retrieves the last serial number that can be used for - * certificate issuance in this certificate authority. - * + * Retrieves the last serial number that can be used for certificate + * issuance in this certificate authority. + * * @return the last serial number */ public String getMaxSerial(); /** - * Sets the last serial number that can be used for - * certificate issuance in this certificate authority. - * + * Sets the last serial number that can be used for certificate issuance in + * this certificate authority. + * * @param serial the last serial number * @exception EBaseException failed to set the last serial number */ @@ -176,21 +172,21 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the default signature algorithm of this certificate authority. - * + * * @return the default signature algorithm of this CA */ public SignatureAlgorithm getDefaultSignatureAlgorithm(); /** * Retrieves the default signing algorithm of this certificate authority. - * + * * @return the default signing algorithm of this CA */ public String getDefaultAlgorithm(); /** * Sets the default signing algorithm of this certificate authority. - * + * * @param algorithm new default signing algorithm * @exception EBaseException failed to set the default signing algorithm */ @@ -198,38 +194,38 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the supported signing algorithms of this certificate authority. - * + * * @return the supported signing algorithms of this CA */ public String[] getCASigningAlgorithms(); /** - * Allows certificates to have validities that are longer - * than this certificate authority's. - * - * @param enableCAPast if equals "true", it allows certificates - * to have validity longer than CA's certificate validity + * Allows certificates to have validities that are longer than this + * certificate authority's. + * + * @param enableCAPast if equals "true", it allows certificates to have + * validity longer than CA's certificate validity * @exception EBaseException failed to set above option */ - public void setValidity(String enableCAPast) throws EBaseException; + public void setValidity(String enableCAPast) throws EBaseException; /** * Retrieves the default validity period. - * + * * @return the default validity length in days */ public long getDefaultValidity(); /** * Retrieves all the CRL issuing points. - * + * * @return enumeration of all the CRL issuing points */ public Enumeration getCRLIssuingPoints(); /** * Retrieves CRL issuing point with the given identifier. - * + * * @param id CRL issuing point id * @return CRL issuing point with given id */ @@ -237,18 +233,18 @@ public interface ICertificateAuthority extends ISubsystem { /** * Adds CRL issuing point with the given identifier and description. - * + * * @param crlSubStore sub-store with all CRL issuing points * @param id CRL issuing point id * @param description CRL issuing point description * @return true if CRL issuing point was successfully added */ public boolean addCRLIssuingPoint(IConfigStore crlSubStore, String id, - boolean enable, String description); + boolean enable, String description); /** * Deletes CRL issuing point with the given identifier. - * + * * @param crlSubStore sub-store with all CRL issuing points * @param id CRL issuing point id */ @@ -256,122 +252,122 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the CRL repository. - * + * * @return CA's CRL repository */ public ICRLRepository getCRLRepository(); /** * Retrieves the Replica ID repository. - * + * * @return CA's Replica ID repository */ public IReplicaIDRepository getReplicaRepository(); /** * Retrieves the request in queue listener. - * + * * @return the request in queue listener */ public IRequestListener getRequestInQListener(); /** * Retrieves all request listeners. - * + * * @return name enumeration of all request listeners */ public Enumeration getRequestListenerNames(); /** * Retrieves the request listener for issued certificates. - * + * * @return the request listener for issued certificates */ public IRequestListener getCertIssuedListener(); /** * Retrieves the request listener for revoked certificates. - * + * * @return the request listener for revoked certificates */ public IRequestListener getCertRevokedListener(); /** * Retrieves the CA certificate chain. - * + * * @return the CA certificate chain */ - public CertificateChain getCACertChain(); + public CertificateChain getCACertChain(); /** * Retrieves the CA certificate. - * + * * @return the CA certificate */ public org.mozilla.jss.crypto.X509Certificate getCaX509Cert(); /** * Retrieves the CA certificate. - * + * * @return the CA certificate */ public X509CertImpl getCACert(); /** * Updates the CRL immediately for MasterCRL issuing point if it exists. - * + * * @exception EBaseException failed to create or publish CRL */ public void updateCRLNow() throws EBaseException; /** * Publishes the CRL immediately for MasterCRL issuing point if it exists. - * + * * @exception EBaseException failed to publish CRL */ public void publishCRLNow() throws EBaseException; /** - * Retrieves the signing unit that manages the CA signing key for - * signing certificates. - * + * Retrieves the signing unit that manages the CA signing key for signing + * certificates. + * * @return the CA signing unit for certificates */ public ISigningUnit getSigningUnit(); /** - * Retrieves the signing unit that manages the CA signing key for - * signing CRL. - * + * Retrieves the signing unit that manages the CA signing key for signing + * CRL. + * * @return the CA signing unit for CRLs */ public ISigningUnit getCRLSigningUnit(); /** - * Retrieves the signing unit that manages the CA signing key for - * signing OCSP response. - * + * Retrieves the signing unit that manages the CA signing key for signing + * OCSP response. + * * @return the CA signing unit for OCSP responses */ public ISigningUnit getOCSPSigningUnit(); /** * Sets the maximium path length in the basic constraint extension. - * + * * @param num the maximium path length */ public void setBasicConstraintMaxLen(int num); /** * Is this a clone CA? - * + * * @return true if this is a clone CA */ public boolean isClone(); /** * Retrieves the request listener by name. - * + * * @param name request listener name * @return the request listener */ @@ -381,17 +377,17 @@ public interface ICertificateAuthority extends ISubsystem { * get request notifier */ public IRequestNotifier getRequestNotifier(); - + /** * Registers a request listener. - * + * * @param listener request listener to be registered */ public void registerRequestListener(IRequestListener listener); /** * Registers a request listener. - * + * * @param name under request listener is going to be registered * @param listener request listener to be registered */ @@ -399,32 +395,32 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the issuer name of this certificate authority. - * + * * @return the issuer name of this certificate authority */ public X500Name getX500Name(); /** * Retrieves the issuer name of this certificate authority issuing point. - * + * * @return the issuer name of this certificate authority issuing point */ - public X500Name getCRLX500Name(); + public X500Name getCRLX500Name(); /** * Signs the given CRL with the specific algorithm. - * + * * @param crl CRL to be signed * @param algname algorithm used for signing * @return signed CRL * @exception EBaseException failed to sign CRL */ public X509CRLImpl sign(X509CRLImpl crl, String algname) - throws EBaseException; + throws EBaseException; /** * Logs a message to this certificate authority. - * + * * @param level logging level * @param msg logged message */ @@ -432,72 +428,71 @@ public interface ICertificateAuthority extends ISubsystem { /** * Returns the nickname for the CA signing certificate. - * + * * @return the nickname for the CA signing certificate */ public String getNickname(); /** * Signs a X.509 certificate template. - * + * * @param certInfo X.509 certificate template * @param algname algorithm used for signing * @return signed certificate * @exception EBaseException failed to sign certificate */ public X509CertImpl sign(X509CertInfo certInfo, String algname) - throws EBaseException; + throws EBaseException; /** * Retrieves the default certificate version. - * + * * @return the default version certificate */ public CertificateVersion getDefaultCertVersion(); /** - * Is this CA allowed to issue certificate that has longer - * validty than the CA's. - * + * Is this CA allowed to issue certificate that has longer validty than the + * CA's. + * * @return true if allows certificates to have validity longer than CA's */ public boolean isEnablePastCATime(); /** - * Retrieves the CA service object that is responsible for - * processing requests. - * + * Retrieves the CA service object that is responsible for processing + * requests. + * * @return CA service object */ public IService getCAService(); /** * Returns the in-memory count of the processed OCSP requests. - * + * * @return number of processed OCSP requests in memory */ public long getNumOCSPRequest(); /** - * Returns the in-memory time (in mini-second) of - * the processed time for OCSP requests. - * + * Returns the in-memory time (in mini-second) of the processed time for + * OCSP requests. + * * @return processed times for OCSP requests */ public long getOCSPRequestTotalTime(); /** - * Returns the in-memory time (in mini-second) of - * the signing time for OCSP requests. - * + * Returns the in-memory time (in mini-second) of the signing time for OCSP + * requests. + * * @return processed times for OCSP requests */ public long getOCSPTotalSignTime(); /** - * Returns the total data signed - * for OCSP requests. - * + * Returns the total data signed for OCSP requests. + * * @return processed times for OCSP requests */ public long getOCSPTotalData(); |