diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv/ca')
8 files changed, 277 insertions, 254 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java b/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java index 162a8832..4510c46b 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java @@ -17,12 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; + import java.util.ListResourceBundle; + /** * A class represents a resource bundle for CA subsystem. * <P> - * + * * @version $Revision$ $Date$ */ public class CAResources extends ListResourceBundle { @@ -35,7 +37,8 @@ public class CAResources extends ListResourceBundle { } /** - * Constants. The suffix represents the number of possible parameters. + * Constants. The suffix represents the number of + * possible parameters. */ static final Object[][] contents = {}; } diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java b/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java index a530b08a..59d8847c 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java @@ -17,12 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; + import com.netscape.certsrv.base.EBaseException; + /** * A class represents a CA exception. * <P> - * + * * @version $Revision$, $Date$ */ public class ECAException extends EBaseException { @@ -34,12 +36,11 @@ public class ECAException extends EBaseException { /** * CA resource class name. */ - private static final String CA_RESOURCES = CAResources.class.getName(); + private static final String CA_RESOURCES = CAResources.class.getName(); /** * Constructs a CA exception. * <P> - * * @param msgFormat constant from CAResources. */ public ECAException(String msgFormat) { @@ -49,7 +50,6 @@ public class ECAException extends EBaseException { /** * Constructs a CA exception. * <P> - * * @param msgFormat constant from CAResources. * @param param additional parameters to the message. */ @@ -60,7 +60,6 @@ public class ECAException extends EBaseException { /** * Constructs a CA exception. * <P> - * * @param msgFormat constant from CAResources. * @param e embedded exception. */ @@ -71,7 +70,6 @@ public class ECAException extends EBaseException { /** * Constructs a CA exception. * <P> - * * @param msgFormat constant from CAResources. * @param params additional parameters to the message. */ @@ -82,7 +80,6 @@ public class ECAException extends EBaseException { /** * Returns the bundle file name. * <P> - * * @return name of bundle class associated with this exception. */ protected String getBundleName() { diff --git a/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java b/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java index b4c10a0c..0e271c21 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java @@ -17,10 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; + /** * A class represents a CA exception associated with publishing error. * <P> - * + * * @version $Revision$ $Date$ */ public class EErrorPublishCRL extends ECAException { @@ -33,10 +34,9 @@ public class EErrorPublishCRL extends ECAException { /** * Constructs a CA exception caused by publishing error. * <P> - * * @param errorString Detailed error message. */ public EErrorPublishCRL(String errorString) { - super(errorString); + super(errorString); } } diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java b/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java index bf745bb0..cac6fc75 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; + import netscape.security.x509.RevokedCertImpl; import netscape.security.x509.X509CertImpl; import netscape.security.x509.X509CertInfo; @@ -26,10 +27,11 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.connector.IConnector; import com.netscape.certsrv.request.IRequest; + /** * An interface representing a CA request services. * <P> - * + * * @version $Revision$, $Date$ */ public interface ICAService { @@ -37,52 +39,54 @@ public interface ICAService { /** * Marks certificate record as revoked by adding revocation information. * Updates CRL cache. - * + * * @param crlentry revocation information obtained from revocation request * @exception EBaseException failed to mark certificate record as revoked */ - public void revokeCert(RevokedCertImpl crlentry) throws EBaseException; + public void revokeCert(RevokedCertImpl crlentry) + throws EBaseException; /** * Marks certificate record as revoked by adding revocation information. * Updates CRL cache. - * + * * @param crlentry revocation information obtained from revocation request * @param requestId revocation request id * @exception EBaseException failed to mark certificate record as revoked */ public void revokeCert(RevokedCertImpl crlentry, String requestId) - throws EBaseException; + throws EBaseException; /** - * Issues certificate base on enrollment information, creates certificate - * record, and stores all necessary data. - * + * Issues certificate base on enrollment information, + * creates certificate record, and stores all necessary data. + * * @param certi information obtain from revocation request - * @exception EBaseException failed to issue certificate or create - * certificate record + * @exception EBaseException failed to issue certificate or create certificate record */ - public X509CertImpl issueX509Cert(X509CertInfo certi) throws EBaseException; + public X509CertImpl issueX509Cert(X509CertInfo certi) + throws EBaseException; - public X509CertImpl issueX509Cert(X509CertInfo certi, String profileId, - String rid) throws EBaseException; + public X509CertImpl issueX509Cert(X509CertInfo certi, String profileId, String rid) + throws EBaseException; /** * Services profile request. - * + * * @param request profile enrollment request information * @exception EBaseException failed to service profile enrollment request */ - public void serviceProfileRequest(IRequest request) throws EBaseException; + public void serviceProfileRequest(IRequest request) + throws EBaseException; /** * Returns KRA-CA connector. - * + * * @return KRA-CA connector */ public IConnector getKRAConnector(); public void setKRAConnector(IConnector c); - public IConnector getConnector(IConfigStore cs) throws EBaseException; + public IConnector getConnector(IConfigStore cs) throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java index 133b4ed4..edaea59c 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java @@ -17,52 +17,58 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; + import netscape.security.x509.Extension; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; + /** * An interface representing a CRL extension plugin. * <P> - * + * * @version $Revision$, $Date$ */ public interface ICMSCRLExtension { /** * Returns CRL extension OID string. - * + * * @return OID of CRL extension */ public String getCRLExtOID(); /** - * Sets extension criticality and returns extension with new criticality. - * + * Sets extension criticality and returns extension + * with new criticality. + * * @param ext CRL extension that will change criticality * @param critical new criticality to be assigned to CRL extension * @return extension with new criticality */ - Extension setCRLExtensionCriticality(Extension ext, boolean critical); + Extension setCRLExtensionCriticality(Extension ext, + boolean critical); /** - * Builds new CRL extension based on configuration data, issuing point - * information, and criticality. - * + * Builds new CRL extension based on configuration data, + * issuing point information, and criticality. + * * @param config configuration store * @param crlIssuingPoint CRL issuing point * @param critical criticality to be assigned to CRL extension * @return extension new CRL extension */ - Extension getCRLExtension(IConfigStore config, Object crlIssuingPoint, - boolean critical); + Extension getCRLExtension(IConfigStore config, + Object crlIssuingPoint, + boolean critical); /** * Reads configuration data and converts them to name value pairs. - * + * * @param config configuration store - * @param nvp name value pairs obtained from configuration data + * @param nvp name value pairs obtained from configuration data */ - public void getConfigParams(IConfigStore config, NameValuePairs nvp); -} + public void getConfigParams(IConfigStore config, + NameValuePairs nvp); +} diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java index 4c221d10..f6df2226 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java @@ -17,31 +17,32 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; + import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; + /** * An interface representing a list of CRL extensions. * <P> - * + * * @version $Revision$, $Date$ */ public interface ICMSCRLExtensions { /** - * Updates configuration store for extension identified by id with data - * delivered in name value pairs. - * + * Updates configuration store for extension identified by id + * with data delivered in name value pairs. + * * @param id extension id * @param nvp name value pairs with new configuration data * @param config configuration store */ - public void setConfigParams(String id, NameValuePairs nvp, - IConfigStore config); + public void setConfigParams(String id, NameValuePairs nvp, IConfigStore config); /** * Reads configuration data and returns them as name value pairs. - * + * * @param id extension id * @return name value pairs with configuration data */ @@ -49,9 +50,10 @@ public interface ICMSCRLExtensions { /** * Returns class name with its path. - * + * * @param name extension id * @return class name with its path */ public String getClassPath(String name); } + diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java b/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java index e7e8ab93..82e0961c 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; + import java.math.BigInteger; import java.util.Date; import java.util.Set; @@ -32,17 +33,19 @@ import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.dbs.IElementProcessor; + /** - * This class encapsulates CRL issuing mechanism. CertificateAuthority contains - * a map of CRLIssuingPoint indexed by string ids. Each issuing point contains - * information about CRL issuing and publishing parameters as well as state - * information which includes last issued CRL, next CRL serial number, time of - * the next update etc. If autoUpdateInterval is set to non-zero value then - * worker thread is created that will perform CRL update at scheduled intervals. - * Update can also be triggered by invoking updateCRL method directly. Another - * parameter minUpdateInterval can be used to prevent CRL from being updated too - * often - * + * This class encapsulates CRL issuing mechanism. CertificateAuthority + * contains a map of CRLIssuingPoint indexed by string ids. Each issuing + * point contains information about CRL issuing and publishing parameters + * as well as state information which includes last issued CRL, next CRL + * serial number, time of the next update etc. + * If autoUpdateInterval is set to non-zero value then worker thread + * is created that will perform CRL update at scheduled intervals. Update + * can also be triggered by invoking updateCRL method directly. Another + * parameter minUpdateInterval can be used to prevent CRL + * from being updated too often + * * @version $Revision$, $Date$ */ @@ -71,151 +74,151 @@ public interface ICRLIssuingPoint { /** * Returns true if CRL issuing point is enabled. - * + * * @return true if CRL issuing point is enabled */ public boolean isCRLIssuingPointEnabled(); /** * Returns true if CRL generation is enabled. - * + * * @return true if CRL generation is enabled */ public boolean isCRLGenerationEnabled(); /** * Enables or disables CRL issuing point according to parameter. - * + * * @param enable if true enables CRL issuing point */ public void enableCRLIssuingPoint(boolean enable); /** * Returns CRL update status. - * + * * @return CRL update status */ public String getCrlUpdateStatusStr(); /** * Returns CRL update error. - * + * * @return CRL update error */ public String getCrlUpdateErrorStr(); /** * Returns CRL publishing status. - * + * * @return CRL publishing status */ public String getCrlPublishStatusStr(); /** * Returns CRL publishing error. - * + * * @return CRL publishing error */ public String getCrlPublishErrorStr(); /** * Returns CRL issuing point initialization status. - * + * * @return status of CRL issuing point initialization */ public int isCRLIssuingPointInitialized(); /** * Checks if manual update is set. - * + * * @return true if manual update is set */ public boolean isManualUpdateSet(); /** * Checks if expired certificates are included in CRL. - * + * * @return true if expired certificates are included in CRL */ public boolean areExpiredCertsIncluded(); /** * Checks if CRL includes CA certificates only. - * + * * @return true if CRL includes CA certificates only */ public boolean isCACertsOnly(); /** * Checks if CRL includes profile certificates only. - * + * * @return true if CRL includes profile certificates only */ public boolean isProfileCertsOnly(); /** * Checks if CRL issuing point includes this profile. - * + * * @return true if CRL issuing point includes this profile */ public boolean checkCurrentProfile(String id); /** * Initializes CRL issuing point. - * - * @param ca certificate authority that holds CRL issuing point + * + * @param ca certificate authority that holds CRL issuing point * @param id CRL issuing point id * @param config configuration sub-store for CRL issuing point * @exception EBaseException thrown if initialization failed */ - public void init(ISubsystem ca, String id, IConfigStore config) - throws EBaseException; + public void init(ISubsystem ca, String id, IConfigStore config) + throws EBaseException; /** - * This method is called during shutdown. It updates CRL cache and stops - * thread controlling CRL updates. + * This method is called during shutdown. + * It updates CRL cache and stops thread controlling CRL updates. */ public void shutdown(); /** * Returns internal id of this CRL issuing point. - * + * * @return internal id of this CRL issuing point */ public String getId(); /** * Returns internal description of this CRL issuing point. - * + * * @return internal description of this CRL issuing point */ public String getDescription(); /** * Sets internal description of this CRL issuing point. - * + * * @param description description for this CRL issuing point. */ public void setDescription(String description); /** - * Returns DN of the directory entry where CRLs from this issuing point are - * published. - * + * Returns DN of the directory entry where CRLs from this issuing point + * are published. + * * @return DN of the directory entry where CRLs are published. */ public String getPublishDN(); /** * Returns signing algorithm. - * + * * @return signing algorithm */ public String getSigningAlgorithm(); /** * Returns signing algorithm used in last signing operation.. - * + * * @return last signing algorithm */ public String getLastSigningAlgorithm(); @@ -223,14 +226,14 @@ public interface ICRLIssuingPoint { /** * Returns current CRL generation schema for this CRL issuing point. * <P> - * + * * @return current CRL generation schema for this CRL issuing point */ public int getCRLSchema(); /** * Returns current CRL number of this CRL issuing point. - * + * * @return current CRL number of this CRL issuing point */ public BigInteger getCRLNumber(); @@ -238,56 +241,56 @@ public interface ICRLIssuingPoint { /** * Returns current delta CRL number of this CRL issuing point. * <P> - * + * * @return current delta CRL number of this CRL issuing point */ public BigInteger getDeltaCRLNumber(); /** * Returns next CRL number of this CRL issuing point. - * + * * @return next CRL number of this CRL issuing point */ public BigInteger getNextCRLNumber(); /** * Returns number of entries in the current CRL. - * + * * @return number of entries in the current CRL */ public long getCRLSize(); /** * Returns number of entries in delta CRL - * + * * @return number of entries in delta CRL */ public long getDeltaCRLSize(); /** * Returns time of the last update. - * + * * @return last CRL update time */ public Date getLastUpdate(); /** * Returns time of the next update. - * + * * @return next CRL update time */ public Date getNextUpdate(); /** * Returns time of the next delta CRL update. - * + * * @return next delta CRL update time */ public Date getNextDeltaUpdate(); /** * Returns all the revoked certificates from the CRL cache. - * + * * @param start first requested CRL entry * @param end next after last requested CRL entry * @return set of all the revoked certificates or null if there are none. @@ -296,89 +299,92 @@ public interface ICRLIssuingPoint { /** * Returns certificate authority. - * + * * @return certificate authority */ public ISubsystem getCertificateAuthority(); /** - * Schedules immediate CRL manual-update and sets signature algorithm to be - * used for signing. - * + * Schedules immediate CRL manual-update + * and sets signature algorithm to be used for signing. + * * @param signatureAlgorithm signature algorithm to be used for signing */ - public void setManualUpdate(String signatureAlgorithm); + public void setManualUpdate(String signatureAlgorithm); /** * Returns auto update interval in milliseconds. - * + * * @return auto update interval in milliseconds */ public long getAutoUpdateInterval(); /** - * Returns true if CRL is updated for every change of revocation status of - * any certificate. - * + * Returns true if CRL is updated for every change + * of revocation status of any certificate. + * * @return true if CRL update is always triggered by revocation operation */ public boolean getAlwaysUpdate(); /** * Returns next update grace period in minutes. - * + * * @return next update grace period in minutes */ public long getNextUpdateGracePeriod(); /** - * Returns filter used to build CRL based on information stored in local - * directory. - * + * Returns filter used to build CRL based on information stored + * in local directory. + * * @return filter used to search local directory */ public String getFilter(); /** - * Builds a list of revoked certificates to put them into CRL. Calls - * certificate record processor to get necessary data from certificate - * records. This also regenerates CRL cache. - * + * Builds a list of revoked certificates to put them into CRL. + * Calls certificate record processor to get necessary data + * from certificate records. + * This also regenerates CRL cache. + * * @param cp certificate record processor * @exception EBaseException if an error occurred in the database. */ - public void processRevokedCerts(IElementProcessor cp) throws EBaseException; + public void processRevokedCerts(IElementProcessor cp) + throws EBaseException; /** - * Returns date of revoked certificate or null if certificated is not listed - * as revoked. - * + * Returns date of revoked certificate or null + * if certificated is not listed as revoked. + * * @param serialNumber serial number of certificate to be checked - * @param checkDeltaCache true if delta CRL cache suppose to be included in - * checking process + * @param checkDeltaCache true if delta CRL cache suppose to be + * included in checking process * @param includeExpiredCerts true if delta CRL cache with expired - * certificates suppose to be included in checking process + * certificates suppose to be included in checking process * @return date of revoked certificate or null */ public Date getRevocationDateFromCache(BigInteger serialNumber, - boolean checkDeltaCache, boolean includeExpiredCerts); - + boolean checkDeltaCache, + boolean includeExpiredCerts); /** * Returns split times from CRL generation. - * + * * @return split times from CRL generation in milliseconds */ public Vector getSplitTimes(); /** - * Generates CRL now based on cache or local directory if cache is not - * available. It also publishes CRL if it is required. - * + * Generates CRL now based on cache or local directory if cache + * is not available. It also publishes CRL if it is required. + * * @param signingAlgorithm signing algorithm to be used for CRL signing - * @exception EBaseException if an error occurred during CRL generation or - * publishing + * @exception EBaseException if an error occurred during + * CRL generation or publishing */ - public void updateCRLNow(String signingAlgorithm) throws EBaseException; + public void updateCRLNow(String signingAlgorithm) + throws EBaseException; /** * Clears CRL cache @@ -392,29 +398,29 @@ public interface ICRLIssuingPoint { /** * Returns number of recently revoked certificates. - * + * * @return number of recently revoked certificates */ public int getNumberOfRecentlyRevokedCerts(); /** * Returns number of recently unrevoked certificates. - * + * * @return number of recently unrevoked certificates */ public int getNumberOfRecentlyUnrevokedCerts(); /** * Returns number of recently expired and revoked certificates. - * + * * @return number of recently expired and revoked certificates */ public int getNumberOfRecentlyExpiredCerts(); /** - * Converts list of extensions supplied by revocation request to list of - * extensions required to be placed in CRL. - * + * Converts list of extensions supplied by revocation request + * to list of extensions required to be placed in CRL. + * * @param exts list of extensions supplied by revocation request * @return list of extensions required to be placed in CRL */ @@ -422,33 +428,32 @@ public interface ICRLIssuingPoint { /** * Adds revoked certificate to delta-CRL cache. - * + * * @param serialNumber serial number of revoked certificate * @param revokedCert revocation information supplied by revocation request */ - public void addRevokedCert(BigInteger serialNumber, - RevokedCertImpl revokedCert); + public void addRevokedCert(BigInteger serialNumber, RevokedCertImpl revokedCert); /** * Adds revoked certificate to delta-CRL cache. - * + * * @param serialNumber serial number of revoked certificate * @param revokedCert revocation information supplied by revocation request * @param requestId revocation request id */ - public void addRevokedCert(BigInteger serialNumber, - RevokedCertImpl revokedCert, String requestId); + public void addRevokedCert(BigInteger serialNumber, RevokedCertImpl revokedCert, + String requestId); /** * Adds unrevoked certificate to delta-CRL cache. - * + * * @param serialNumber serial number of unrevoked certificate */ public void addUnrevokedCert(BigInteger serialNumber); /** * Adds unrevoked certificate to delta-CRL cache. - * + * * @param serialNumber serial number of unrevoked certificate * @param requestId unrevocation request id */ @@ -456,7 +461,7 @@ public interface ICRLIssuingPoint { /** * Adds expired and revoked certificate to delta-CRL cache. - * + * * @param serialNumber serial number of expired and revoked certificate */ public void addExpiredCert(BigInteger serialNumber); @@ -467,9 +472,9 @@ public interface ICRLIssuingPoint { public void updateCRLCacheRepository(); /** - * Updates issuing point configuration according to supplied data in name - * value pairs. - * + * Updates issuing point configuration according to supplied data + * in name value pairs. + * * @param params name value pairs defining new issuing point configuration * @return true if configuration is updated successfully */ @@ -477,35 +482,35 @@ public interface ICRLIssuingPoint { /** * Returns true if delta-CRL is enabled. - * + * * @return true if delta-CRL is enabled */ public boolean isDeltaCRLEnabled(); /** * Returns true if CRL cache is enabled. - * + * * @return true if CRL cache is enabled */ public boolean isCRLCacheEnabled(); /** * Returns true if CRL cache is empty. - * + * * @return true if CRL cache is empty */ public boolean isCRLCacheEmpty(); /** * Returns true if CRL cache testing is enabled. - * + * * @return true if CRL cache testing is enabled */ public boolean isCRLCacheTestingEnabled(); /** * Returns true if supplied delta-CRL is matching current delta-CRL. - * + * * @param deltaCRL delta-CRL to verify against current delta-CRL * @return true if supplied delta-CRL is matching current delta-CRL */ @@ -513,26 +518,27 @@ public interface ICRLIssuingPoint { /** * Returns status of CRL generation. - * + * * @return one of the following according to CRL generation status: * CRL_UPDATE_DONE, CRL_UPDATE_STARTED, and CRL_PUBLISHING_STARTED */ public int isCRLUpdateInProgress(); /** - * Generates CRL now based on cache or local directory if cache is not - * available. It also publishes CRL if it is required. CRL is signed by - * default signing algorithm. - * - * @exception EBaseException if an error occurred during CRL generation or - * publishing + * Generates CRL now based on cache or local directory if cache + * is not available. It also publishes CRL if it is required. + * CRL is signed by default signing algorithm. + * + * @exception EBaseException if an error occurred during + * CRL generation or publishing */ - public void updateCRLNow() throws EBaseException; + public void updateCRLNow() throws EBaseException; /** * Returns list of CRL extensions. - * + * * @return list of CRL extensions */ public ICMSCRLExtensions getCRLExtensions(); } + diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java index 161328b9..6f7a4961 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; + import java.util.Enumeration; import netscape.security.x509.CertificateChain; @@ -43,11 +44,12 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.IService; import com.netscape.certsrv.security.ISigningUnit; + /** - * An interface represents a Certificate Authority that is responsible for - * certificate specific operations. + * An interface represents a Certificate Authority that is + * responsible for certificate specific operations. * <P> - * + * * @version $Revision$, $Date$ */ public interface ICertificateAuthority extends ISubsystem { @@ -74,15 +76,18 @@ public interface ICertificateAuthority extends ISubsystem { public final static String PROP_ENABLE_PAST_CATIME = "enablePastCATime"; public final static String PROP_DEF_VALIDITY = "DefaultIssueValidity"; public final static String PROP_FAST_SIGNING = "fastSigning"; - public static final String PROP_ENABLE_ADMIN_ENROLL = "enableAdminEnroll"; + public static final String PROP_ENABLE_ADMIN_ENROLL = + "enableAdminEnroll"; public final static String PROP_CRL_SUBSTORE = "crl"; // make this public so agent gateway can access for now. public final static String PROP_CRL_PAGE_SIZE = "pageSize"; public final static String PROP_MASTER_CRL = "MasterCRL"; public final static String PROP_CRLEXT_SUBSTORE = "extension"; - public final static String PROP_ISSUING_CLASS = "com.netscape.cmscore.ca.CRLIssuingPoint"; - public final static String PROP_EXPIREDCERTS_CLASS = "com.netscape.cmscore.ca.CRLWithExpiredCerts"; + public final static String PROP_ISSUING_CLASS = + "com.netscape.cmscore.ca.CRLIssuingPoint"; + public final static String PROP_EXPIREDCERTS_CLASS = + "com.netscape.cmscore.ca.CRLWithExpiredCerts"; public final static String PROP_NOTIFY_SUBSTORE = "notification"; public final static String PROP_CERT_ISSUED_SUBSTORE = "certIssued"; @@ -103,68 +108,67 @@ public interface ICertificateAuthority extends ISubsystem { public final static String PROP_ID = "id"; public final static String PROP_CERTDB_TRANS_MAXRECORDS = "transitMaxRecords"; - public final static String PROP_CERTDB_TRANS_PAGESIZE = "transitRecordPageSize"; + public final static String PROP_CERTDB_TRANS_PAGESIZE = "transitRecordPageSize"; /** - * Retrieves the certificate repository where all the locally issued - * certificates are kept. - * + * Retrieves the certificate repository where all the locally + * issued certificates are kept. + * * @return CA's certificate repository */ public ICertificateRepository getCertificateRepository(); /** * Retrieves the request queue of this certificate authority. - * + * * @return CA's request queue */ public IRequestQueue getRequestQueue(); /** * Retrieves the policy processor of this certificate authority. - * + * * @return CA's policy processor */ public IPolicyProcessor getPolicyProcessor(); public boolean noncesEnabled(); - - public Nonces getNonces(); + public Nonces getNonces(); /** * Retrieves the publishing processor of this certificate authority. - * + * * @return CA's publishing processor */ public IPublisherProcessor getPublisherProcessor(); /** * Retrieves the next available serial number. - * + * * @return next available serial number */ public String getStartSerial(); /** * Sets the next available serial number. - * + * * @param serial next available serial number * @exception EBaseException failed to set next available serial number */ public void setStartSerial(String serial) throws EBaseException; /** - * Retrieves the last serial number that can be used for certificate - * issuance in this certificate authority. - * + * Retrieves the last serial number that can be used for + * certificate issuance in this certificate authority. + * * @return the last serial number */ public String getMaxSerial(); /** - * Sets the last serial number that can be used for certificate issuance in - * this certificate authority. - * + * Sets the last serial number that can be used for + * certificate issuance in this certificate authority. + * * @param serial the last serial number * @exception EBaseException failed to set the last serial number */ @@ -172,21 +176,21 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the default signature algorithm of this certificate authority. - * + * * @return the default signature algorithm of this CA */ public SignatureAlgorithm getDefaultSignatureAlgorithm(); /** * Retrieves the default signing algorithm of this certificate authority. - * + * * @return the default signing algorithm of this CA */ public String getDefaultAlgorithm(); /** * Sets the default signing algorithm of this certificate authority. - * + * * @param algorithm new default signing algorithm * @exception EBaseException failed to set the default signing algorithm */ @@ -194,38 +198,38 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the supported signing algorithms of this certificate authority. - * + * * @return the supported signing algorithms of this CA */ public String[] getCASigningAlgorithms(); /** - * Allows certificates to have validities that are longer than this - * certificate authority's. - * - * @param enableCAPast if equals "true", it allows certificates to have - * validity longer than CA's certificate validity + * Allows certificates to have validities that are longer + * than this certificate authority's. + * + * @param enableCAPast if equals "true", it allows certificates + * to have validity longer than CA's certificate validity * @exception EBaseException failed to set above option */ - public void setValidity(String enableCAPast) throws EBaseException; + public void setValidity(String enableCAPast) throws EBaseException; /** * Retrieves the default validity period. - * + * * @return the default validity length in days */ public long getDefaultValidity(); /** * Retrieves all the CRL issuing points. - * + * * @return enumeration of all the CRL issuing points */ public Enumeration getCRLIssuingPoints(); /** * Retrieves CRL issuing point with the given identifier. - * + * * @param id CRL issuing point id * @return CRL issuing point with given id */ @@ -233,18 +237,18 @@ public interface ICertificateAuthority extends ISubsystem { /** * Adds CRL issuing point with the given identifier and description. - * + * * @param crlSubStore sub-store with all CRL issuing points * @param id CRL issuing point id * @param description CRL issuing point description * @return true if CRL issuing point was successfully added */ public boolean addCRLIssuingPoint(IConfigStore crlSubStore, String id, - boolean enable, String description); + boolean enable, String description); /** * Deletes CRL issuing point with the given identifier. - * + * * @param crlSubStore sub-store with all CRL issuing points * @param id CRL issuing point id */ @@ -252,122 +256,122 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the CRL repository. - * + * * @return CA's CRL repository */ public ICRLRepository getCRLRepository(); /** * Retrieves the Replica ID repository. - * + * * @return CA's Replica ID repository */ public IReplicaIDRepository getReplicaRepository(); /** * Retrieves the request in queue listener. - * + * * @return the request in queue listener */ public IRequestListener getRequestInQListener(); /** * Retrieves all request listeners. - * + * * @return name enumeration of all request listeners */ public Enumeration getRequestListenerNames(); /** * Retrieves the request listener for issued certificates. - * + * * @return the request listener for issued certificates */ public IRequestListener getCertIssuedListener(); /** * Retrieves the request listener for revoked certificates. - * + * * @return the request listener for revoked certificates */ public IRequestListener getCertRevokedListener(); /** * Retrieves the CA certificate chain. - * + * * @return the CA certificate chain */ - public CertificateChain getCACertChain(); + public CertificateChain getCACertChain(); /** * Retrieves the CA certificate. - * + * * @return the CA certificate */ public org.mozilla.jss.crypto.X509Certificate getCaX509Cert(); /** * Retrieves the CA certificate. - * + * * @return the CA certificate */ public X509CertImpl getCACert(); /** * Updates the CRL immediately for MasterCRL issuing point if it exists. - * + * * @exception EBaseException failed to create or publish CRL */ public void updateCRLNow() throws EBaseException; /** * Publishes the CRL immediately for MasterCRL issuing point if it exists. - * + * * @exception EBaseException failed to publish CRL */ public void publishCRLNow() throws EBaseException; /** - * Retrieves the signing unit that manages the CA signing key for signing - * certificates. - * + * Retrieves the signing unit that manages the CA signing key for + * signing certificates. + * * @return the CA signing unit for certificates */ public ISigningUnit getSigningUnit(); /** - * Retrieves the signing unit that manages the CA signing key for signing - * CRL. - * + * Retrieves the signing unit that manages the CA signing key for + * signing CRL. + * * @return the CA signing unit for CRLs */ public ISigningUnit getCRLSigningUnit(); /** - * Retrieves the signing unit that manages the CA signing key for signing - * OCSP response. - * + * Retrieves the signing unit that manages the CA signing key for + * signing OCSP response. + * * @return the CA signing unit for OCSP responses */ public ISigningUnit getOCSPSigningUnit(); /** * Sets the maximium path length in the basic constraint extension. - * + * * @param num the maximium path length */ public void setBasicConstraintMaxLen(int num); /** * Is this a clone CA? - * + * * @return true if this is a clone CA */ public boolean isClone(); /** * Retrieves the request listener by name. - * + * * @param name request listener name * @return the request listener */ @@ -377,17 +381,17 @@ public interface ICertificateAuthority extends ISubsystem { * get request notifier */ public IRequestNotifier getRequestNotifier(); - + /** * Registers a request listener. - * + * * @param listener request listener to be registered */ public void registerRequestListener(IRequestListener listener); /** * Registers a request listener. - * + * * @param name under request listener is going to be registered * @param listener request listener to be registered */ @@ -395,32 +399,32 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the issuer name of this certificate authority. - * + * * @return the issuer name of this certificate authority */ public X500Name getX500Name(); /** * Retrieves the issuer name of this certificate authority issuing point. - * + * * @return the issuer name of this certificate authority issuing point */ - public X500Name getCRLX500Name(); + public X500Name getCRLX500Name(); /** * Signs the given CRL with the specific algorithm. - * + * * @param crl CRL to be signed * @param algname algorithm used for signing * @return signed CRL * @exception EBaseException failed to sign CRL */ public X509CRLImpl sign(X509CRLImpl crl, String algname) - throws EBaseException; + throws EBaseException; /** * Logs a message to this certificate authority. - * + * * @param level logging level * @param msg logged message */ @@ -428,71 +432,72 @@ public interface ICertificateAuthority extends ISubsystem { /** * Returns the nickname for the CA signing certificate. - * + * * @return the nickname for the CA signing certificate */ public String getNickname(); /** * Signs a X.509 certificate template. - * + * * @param certInfo X.509 certificate template * @param algname algorithm used for signing * @return signed certificate * @exception EBaseException failed to sign certificate */ public X509CertImpl sign(X509CertInfo certInfo, String algname) - throws EBaseException; + throws EBaseException; /** * Retrieves the default certificate version. - * + * * @return the default version certificate */ public CertificateVersion getDefaultCertVersion(); /** - * Is this CA allowed to issue certificate that has longer validty than the - * CA's. - * + * Is this CA allowed to issue certificate that has longer + * validty than the CA's. + * * @return true if allows certificates to have validity longer than CA's */ public boolean isEnablePastCATime(); /** - * Retrieves the CA service object that is responsible for processing - * requests. - * + * Retrieves the CA service object that is responsible for + * processing requests. + * * @return CA service object */ public IService getCAService(); /** * Returns the in-memory count of the processed OCSP requests. - * + * * @return number of processed OCSP requests in memory */ public long getNumOCSPRequest(); /** - * Returns the in-memory time (in mini-second) of the processed time for - * OCSP requests. - * + * Returns the in-memory time (in mini-second) of + * the processed time for OCSP requests. + * * @return processed times for OCSP requests */ public long getOCSPRequestTotalTime(); /** - * Returns the in-memory time (in mini-second) of the signing time for OCSP - * requests. - * + * Returns the in-memory time (in mini-second) of + * the signing time for OCSP requests. + * * @return processed times for OCSP requests */ public long getOCSPTotalSignTime(); /** - * Returns the total data signed for OCSP requests. - * + * Returns the total data signed + * for OCSP requests. + * * @return processed times for OCSP requests */ public long getOCSPTotalData(); |