diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv/ca')
8 files changed, 188 insertions, 198 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java b/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java index 4510c46b..dfb72d57 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java @@ -17,14 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; - import java.util.ListResourceBundle; - /** * A class represents a resource bundle for CA subsystem. * <P> - * + * * @version $Revision$ $Date$ */ public class CAResources extends ListResourceBundle { diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java b/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java index 59d8847c..a530b08a 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java @@ -17,14 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; - import com.netscape.certsrv.base.EBaseException; - /** * A class represents a CA exception. * <P> - * + * * @version $Revision$, $Date$ */ public class ECAException extends EBaseException { @@ -36,11 +34,12 @@ public class ECAException extends EBaseException { /** * CA resource class name. */ - private static final String CA_RESOURCES = CAResources.class.getName(); + private static final String CA_RESOURCES = CAResources.class.getName(); /** * Constructs a CA exception. * <P> + * * @param msgFormat constant from CAResources. */ public ECAException(String msgFormat) { @@ -50,6 +49,7 @@ public class ECAException extends EBaseException { /** * Constructs a CA exception. * <P> + * * @param msgFormat constant from CAResources. * @param param additional parameters to the message. */ @@ -60,6 +60,7 @@ public class ECAException extends EBaseException { /** * Constructs a CA exception. * <P> + * * @param msgFormat constant from CAResources. * @param e embedded exception. */ @@ -70,6 +71,7 @@ public class ECAException extends EBaseException { /** * Constructs a CA exception. * <P> + * * @param msgFormat constant from CAResources. * @param params additional parameters to the message. */ @@ -80,6 +82,7 @@ public class ECAException extends EBaseException { /** * Returns the bundle file name. * <P> + * * @return name of bundle class associated with this exception. */ protected String getBundleName() { diff --git a/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java b/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java index 0e271c21..b4c10a0c 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java @@ -17,11 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; - /** * A class represents a CA exception associated with publishing error. * <P> - * + * * @version $Revision$ $Date$ */ public class EErrorPublishCRL extends ECAException { @@ -34,9 +33,10 @@ public class EErrorPublishCRL extends ECAException { /** * Constructs a CA exception caused by publishing error. * <P> + * * @param errorString Detailed error message. */ public EErrorPublishCRL(String errorString) { - super(errorString); + super(errorString); } } diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java b/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java index cac6fc75..1edebcc8 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; - import netscape.security.x509.RevokedCertImpl; import netscape.security.x509.X509CertImpl; import netscape.security.x509.X509CertInfo; @@ -27,11 +26,10 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.connector.IConnector; import com.netscape.certsrv.request.IRequest; - /** * An interface representing a CA request services. * <P> - * + * * @version $Revision$, $Date$ */ public interface ICAService { @@ -39,54 +37,54 @@ public interface ICAService { /** * Marks certificate record as revoked by adding revocation information. * Updates CRL cache. - * + * * @param crlentry revocation information obtained from revocation request * @exception EBaseException failed to mark certificate record as revoked */ public void revokeCert(RevokedCertImpl crlentry) - throws EBaseException; + throws EBaseException; /** * Marks certificate record as revoked by adding revocation information. * Updates CRL cache. - * + * * @param crlentry revocation information obtained from revocation request * @param requestId revocation request id * @exception EBaseException failed to mark certificate record as revoked */ public void revokeCert(RevokedCertImpl crlentry, String requestId) - throws EBaseException; + throws EBaseException; /** * Issues certificate base on enrollment information, * creates certificate record, and stores all necessary data. - * + * * @param certi information obtain from revocation request * @exception EBaseException failed to issue certificate or create certificate record */ public X509CertImpl issueX509Cert(X509CertInfo certi) - throws EBaseException; + throws EBaseException; public X509CertImpl issueX509Cert(X509CertInfo certi, String profileId, String rid) - throws EBaseException; + throws EBaseException; /** * Services profile request. - * + * * @param request profile enrollment request information * @exception EBaseException failed to service profile enrollment request */ public void serviceProfileRequest(IRequest request) - throws EBaseException; + throws EBaseException; /** * Returns KRA-CA connector. - * + * * @return KRA-CA connector */ public IConnector getKRAConnector(); public void setKRAConnector(IConnector c); - public IConnector getConnector(IConfigStore cs) throws EBaseException; + public IConnector getConnector(IConfigStore cs) throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java index edaea59c..b3e94d02 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java @@ -17,24 +17,22 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; - import netscape.security.x509.Extension; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; - /** * An interface representing a CRL extension plugin. * <P> - * + * * @version $Revision$, $Date$ */ public interface ICMSCRLExtension { /** * Returns CRL extension OID string. - * + * * @return OID of CRL extension */ public String getCRLExtOID(); @@ -42,33 +40,33 @@ public interface ICMSCRLExtension { /** * Sets extension criticality and returns extension * with new criticality. - * + * * @param ext CRL extension that will change criticality * @param critical new criticality to be assigned to CRL extension * @return extension with new criticality */ Extension setCRLExtensionCriticality(Extension ext, - boolean critical); + boolean critical); /** * Builds new CRL extension based on configuration data, * issuing point information, and criticality. - * + * * @param config configuration store * @param crlIssuingPoint CRL issuing point * @param critical criticality to be assigned to CRL extension * @return extension new CRL extension */ Extension getCRLExtension(IConfigStore config, - Object crlIssuingPoint, - boolean critical); + Object crlIssuingPoint, + boolean critical); /** * Reads configuration data and converts them to name value pairs. - * + * * @param config configuration store - * @param nvp name value pairs obtained from configuration data + * @param nvp name value pairs obtained from configuration data */ public void getConfigParams(IConfigStore config, - NameValuePairs nvp); -} + NameValuePairs nvp); +} diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java index f6df2226..6fa520fb 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java @@ -17,15 +17,13 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; - import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; - /** * An interface representing a list of CRL extensions. * <P> - * + * * @version $Revision$, $Date$ */ public interface ICMSCRLExtensions { @@ -33,7 +31,7 @@ public interface ICMSCRLExtensions { /** * Updates configuration store for extension identified by id * with data delivered in name value pairs. - * + * * @param id extension id * @param nvp name value pairs with new configuration data * @param config configuration store @@ -42,7 +40,7 @@ public interface ICMSCRLExtensions { /** * Reads configuration data and returns them as name value pairs. - * + * * @param id extension id * @return name value pairs with configuration data */ @@ -50,10 +48,9 @@ public interface ICMSCRLExtensions { /** * Returns class name with its path. - * + * * @param name extension id * @return class name with its path */ public String getClassPath(String name); } - diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java b/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java index dab45fdb..f317db9b 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; - import java.math.BigInteger; import java.util.Date; import java.util.Set; @@ -34,19 +33,18 @@ import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.dbs.IElementProcessor; - /** - * This class encapsulates CRL issuing mechanism. CertificateAuthority - * contains a map of CRLIssuingPoint indexed by string ids. Each issuing - * point contains information about CRL issuing and publishing parameters - * as well as state information which includes last issued CRL, next CRL - * serial number, time of the next update etc. - * If autoUpdateInterval is set to non-zero value then worker thread - * is created that will perform CRL update at scheduled intervals. Update - * can also be triggered by invoking updateCRL method directly. Another + * This class encapsulates CRL issuing mechanism. CertificateAuthority + * contains a map of CRLIssuingPoint indexed by string ids. Each issuing + * point contains information about CRL issuing and publishing parameters + * as well as state information which includes last issued CRL, next CRL + * serial number, time of the next update etc. + * If autoUpdateInterval is set to non-zero value then worker thread + * is created that will perform CRL update at scheduled intervals. Update + * can also be triggered by invoking updateCRL method directly. Another * parameter minUpdateInterval can be used to prevent CRL * from being updated too often - * + * * @version $Revision$, $Date$ */ @@ -75,105 +73,105 @@ public interface ICRLIssuingPoint { /** * Returns true if CRL issuing point is enabled. - * + * * @return true if CRL issuing point is enabled */ public boolean isCRLIssuingPointEnabled(); /** * Returns true if CRL generation is enabled. - * + * * @return true if CRL generation is enabled */ public boolean isCRLGenerationEnabled(); /** * Enables or disables CRL issuing point according to parameter. - * + * * @param enable if true enables CRL issuing point */ public void enableCRLIssuingPoint(boolean enable); /** * Returns CRL update status. - * + * * @return CRL update status */ public String getCrlUpdateStatusStr(); /** * Returns CRL update error. - * + * * @return CRL update error */ public String getCrlUpdateErrorStr(); /** * Returns CRL publishing status. - * + * * @return CRL publishing status */ public String getCrlPublishStatusStr(); /** * Returns CRL publishing error. - * + * * @return CRL publishing error */ public String getCrlPublishErrorStr(); /** * Returns CRL issuing point initialization status. - * + * * @return status of CRL issuing point initialization */ public int isCRLIssuingPointInitialized(); /** * Checks if manual update is set. - * + * * @return true if manual update is set */ public boolean isManualUpdateSet(); /** * Checks if expired certificates are included in CRL. - * + * * @return true if expired certificates are included in CRL */ public boolean areExpiredCertsIncluded(); /** * Checks if CRL includes CA certificates only. - * + * * @return true if CRL includes CA certificates only */ public boolean isCACertsOnly(); /** * Checks if CRL includes profile certificates only. - * + * * @return true if CRL includes profile certificates only */ public boolean isProfileCertsOnly(); /** * Checks if CRL issuing point includes this profile. - * + * * @return true if CRL issuing point includes this profile */ public boolean checkCurrentProfile(String id); /** * Initializes CRL issuing point. - * - * @param ca certificate authority that holds CRL issuing point + * + * @param ca certificate authority that holds CRL issuing point * @param id CRL issuing point id * @param config configuration sub-store for CRL issuing point * @exception EBaseException thrown if initialization failed */ - public void init(ISubsystem ca, String id, IConfigStore config) - throws EBaseException; + public void init(ISubsystem ca, String id, IConfigStore config) + throws EBaseException; /** * This method is called during shutdown. @@ -183,21 +181,21 @@ public interface ICRLIssuingPoint { /** * Returns internal id of this CRL issuing point. - * + * * @return internal id of this CRL issuing point */ public String getId(); /** * Returns internal description of this CRL issuing point. - * + * * @return internal description of this CRL issuing point */ public String getDescription(); /** * Sets internal description of this CRL issuing point. - * + * * @param description description for this CRL issuing point. */ public void setDescription(String description); @@ -205,21 +203,21 @@ public interface ICRLIssuingPoint { /** * Returns DN of the directory entry where CRLs from this issuing point * are published. - * + * * @return DN of the directory entry where CRLs are published. */ public String getPublishDN(); /** * Returns signing algorithm. - * + * * @return signing algorithm */ public String getSigningAlgorithm(); /** * Returns signing algorithm used in last signing operation.. - * + * * @return last signing algorithm */ public String getLastSigningAlgorithm(); @@ -227,14 +225,14 @@ public interface ICRLIssuingPoint { /** * Returns current CRL generation schema for this CRL issuing point. * <P> - * + * * @return current CRL generation schema for this CRL issuing point */ public int getCRLSchema(); /** * Returns current CRL number of this CRL issuing point. - * + * * @return current CRL number of this CRL issuing point */ public BigInteger getCRLNumber(); @@ -242,56 +240,56 @@ public interface ICRLIssuingPoint { /** * Returns current delta CRL number of this CRL issuing point. * <P> - * + * * @return current delta CRL number of this CRL issuing point */ public BigInteger getDeltaCRLNumber(); /** * Returns next CRL number of this CRL issuing point. - * + * * @return next CRL number of this CRL issuing point */ public BigInteger getNextCRLNumber(); /** * Returns number of entries in the current CRL. - * + * * @return number of entries in the current CRL */ public long getCRLSize(); /** * Returns number of entries in delta CRL - * + * * @return number of entries in delta CRL */ public long getDeltaCRLSize(); /** * Returns time of the last update. - * + * * @return last CRL update time */ public Date getLastUpdate(); /** * Returns time of the next update. - * + * * @return next CRL update time */ public Date getNextUpdate(); /** * Returns time of the next delta CRL update. - * + * * @return next delta CRL update time */ public Date getNextDeltaUpdate(); /** * Returns all the revoked certificates from the CRL cache. - * + * * @param start first requested CRL entry * @param end next after last requested CRL entry * @return set of all the revoked certificates or null if there are none. @@ -300,7 +298,7 @@ public interface ICRLIssuingPoint { /** * Returns certificate authority. - * + * * @return certificate authority */ public ISubsystem getCertificateAuthority(); @@ -308,14 +306,14 @@ public interface ICRLIssuingPoint { /** * Schedules immediate CRL manual-update * and sets signature algorithm to be used for signing. - * + * * @param signatureAlgorithm signature algorithm to be used for signing */ - public void setManualUpdate(String signatureAlgorithm); + public void setManualUpdate(String signatureAlgorithm); /** * Returns auto update interval in milliseconds. - * + * * @return auto update interval in milliseconds */ public long getAutoUpdateInterval(); @@ -323,14 +321,14 @@ public interface ICRLIssuingPoint { /** * Returns true if CRL is updated for every change * of revocation status of any certificate. - * + * * @return true if CRL update is always triggered by revocation operation */ public boolean getAlwaysUpdate(); /** * Returns next update grace period in minutes. - * + * * @return next update grace period in minutes */ public long getNextUpdateGracePeriod(); @@ -338,7 +336,7 @@ public interface ICRLIssuingPoint { /** * Returns filter used to build CRL based on information stored * in local directory. - * + * * @return filter used to search local directory */ public String getFilter(); @@ -348,30 +346,31 @@ public interface ICRLIssuingPoint { * Calls certificate record processor to get necessary data * from certificate records. * This also regenerates CRL cache. - * + * * @param cp certificate record processor * @exception EBaseException if an error occurred in the database. */ public void processRevokedCerts(IElementProcessor cp) - throws EBaseException; + throws EBaseException; /** * Returns date of revoked certificate or null * if certificated is not listed as revoked. - * + * * @param serialNumber serial number of certificate to be checked * @param checkDeltaCache true if delta CRL cache suppose to be - * included in checking process + * included in checking process * @param includeExpiredCerts true if delta CRL cache with expired - * certificates suppose to be included in checking process + * certificates suppose to be included in checking process * @return date of revoked certificate or null */ public Date getRevocationDateFromCache(BigInteger serialNumber, boolean checkDeltaCache, boolean includeExpiredCerts); + /** * Returns split times from CRL generation. - * + * * @return split times from CRL generation in milliseconds */ public Vector<Long> getSplitTimes(); @@ -379,13 +378,13 @@ public interface ICRLIssuingPoint { /** * Generates CRL now based on cache or local directory if cache * is not available. It also publishes CRL if it is required. - * + * * @param signingAlgorithm signing algorithm to be used for CRL signing * @exception EBaseException if an error occurred during - * CRL generation or publishing + * CRL generation or publishing */ - public void updateCRLNow(String signingAlgorithm) - throws EBaseException; + public void updateCRLNow(String signingAlgorithm) + throws EBaseException; /** * Clears CRL cache @@ -399,21 +398,21 @@ public interface ICRLIssuingPoint { /** * Returns number of recently revoked certificates. - * + * * @return number of recently revoked certificates */ public int getNumberOfRecentlyRevokedCerts(); /** * Returns number of recently unrevoked certificates. - * + * * @return number of recently unrevoked certificates */ public int getNumberOfRecentlyUnrevokedCerts(); /** * Returns number of recently expired and revoked certificates. - * + * * @return number of recently expired and revoked certificates */ public int getNumberOfRecentlyExpiredCerts(); @@ -421,7 +420,7 @@ public interface ICRLIssuingPoint { /** * Converts list of extensions supplied by revocation request * to list of extensions required to be placed in CRL. - * + * * @param exts list of extensions supplied by revocation request * @return list of extensions required to be placed in CRL */ @@ -429,7 +428,7 @@ public interface ICRLIssuingPoint { /** * Adds revoked certificate to delta-CRL cache. - * + * * @param serialNumber serial number of revoked certificate * @param revokedCert revocation information supplied by revocation request */ @@ -437,7 +436,7 @@ public interface ICRLIssuingPoint { /** * Adds revoked certificate to delta-CRL cache. - * + * * @param serialNumber serial number of revoked certificate * @param revokedCert revocation information supplied by revocation request * @param requestId revocation request id @@ -447,14 +446,14 @@ public interface ICRLIssuingPoint { /** * Adds unrevoked certificate to delta-CRL cache. - * + * * @param serialNumber serial number of unrevoked certificate */ public void addUnrevokedCert(BigInteger serialNumber); /** * Adds unrevoked certificate to delta-CRL cache. - * + * * @param serialNumber serial number of unrevoked certificate * @param requestId unrevocation request id */ @@ -462,7 +461,7 @@ public interface ICRLIssuingPoint { /** * Adds expired and revoked certificate to delta-CRL cache. - * + * * @param serialNumber serial number of expired and revoked certificate */ public void addExpiredCert(BigInteger serialNumber); @@ -475,7 +474,7 @@ public interface ICRLIssuingPoint { /** * Updates issuing point configuration according to supplied data * in name value pairs. - * + * * @param params name value pairs defining new issuing point configuration * @return true if configuration is updated successfully */ @@ -483,35 +482,35 @@ public interface ICRLIssuingPoint { /** * Returns true if delta-CRL is enabled. - * + * * @return true if delta-CRL is enabled */ public boolean isDeltaCRLEnabled(); /** * Returns true if CRL cache is enabled. - * + * * @return true if CRL cache is enabled */ public boolean isCRLCacheEnabled(); /** * Returns true if CRL cache is empty. - * + * * @return true if CRL cache is empty */ public boolean isCRLCacheEmpty(); /** * Returns true if CRL cache testing is enabled. - * + * * @return true if CRL cache testing is enabled */ public boolean isCRLCacheTestingEnabled(); /** * Returns true if supplied delta-CRL is matching current delta-CRL. - * + * * @param deltaCRL delta-CRL to verify against current delta-CRL * @return true if supplied delta-CRL is matching current delta-CRL */ @@ -519,7 +518,7 @@ public interface ICRLIssuingPoint { /** * Returns status of CRL generation. - * + * * @return one of the following according to CRL generation status: * CRL_UPDATE_DONE, CRL_UPDATE_STARTED, and CRL_PUBLISHING_STARTED */ @@ -528,18 +527,17 @@ public interface ICRLIssuingPoint { /** * Generates CRL now based on cache or local directory if cache * is not available. It also publishes CRL if it is required. - * CRL is signed by default signing algorithm. - * + * CRL is signed by default signing algorithm. + * * @exception EBaseException if an error occurred during - * CRL generation or publishing + * CRL generation or publishing */ - public void updateCRLNow() throws EBaseException; + public void updateCRLNow() throws EBaseException; /** * Returns list of CRL extensions. - * + * * @return list of CRL extensions */ public ICMSCRLExtensions getCRLExtensions(); } - diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java index d86a37dd..a49653c1 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; - import java.util.Enumeration; import netscape.security.x509.CertificateChain; @@ -29,7 +28,6 @@ import netscape.security.x509.X509CertInfo; import org.mozilla.jss.crypto.SignatureAlgorithm; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; @@ -45,12 +43,11 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.IService; import com.netscape.certsrv.security.ISigningUnit; - /** * An interface represents a Certificate Authority that is * responsible for certificate specific operations. * <P> - * + * * @version $Revision$, $Date$ */ public interface ICertificateAuthority extends ISubsystem { @@ -78,7 +75,7 @@ public interface ICertificateAuthority extends ISubsystem { public final static String PROP_DEF_VALIDITY = "DefaultIssueValidity"; public final static String PROP_FAST_SIGNING = "fastSigning"; public static final String PROP_ENABLE_ADMIN_ENROLL = - "enableAdminEnroll"; + "enableAdminEnroll"; public final static String PROP_CRL_SUBSTORE = "crl"; // make this public so agent gateway can access for now. @@ -86,9 +83,9 @@ public interface ICertificateAuthority extends ISubsystem { public final static String PROP_MASTER_CRL = "MasterCRL"; public final static String PROP_CRLEXT_SUBSTORE = "extension"; public final static String PROP_ISSUING_CLASS = - "com.netscape.cmscore.ca.CRLIssuingPoint"; + "com.netscape.cmscore.ca.CRLIssuingPoint"; public final static String PROP_EXPIREDCERTS_CLASS = - "com.netscape.cmscore.ca.CRLWithExpiredCerts"; + "com.netscape.cmscore.ca.CRLWithExpiredCerts"; public final static String PROP_NOTIFY_SUBSTORE = "notification"; public final static String PROP_CERT_ISSUED_SUBSTORE = "certIssued"; @@ -109,67 +106,68 @@ public interface ICertificateAuthority extends ISubsystem { public final static String PROP_ID = "id"; public final static String PROP_CERTDB_TRANS_MAXRECORDS = "transitMaxRecords"; - public final static String PROP_CERTDB_TRANS_PAGESIZE = "transitRecordPageSize"; + public final static String PROP_CERTDB_TRANS_PAGESIZE = "transitRecordPageSize"; /** * Retrieves the certificate repository where all the locally * issued certificates are kept. - * + * * @return CA's certificate repository */ public ICertificateRepository getCertificateRepository(); /** * Retrieves the request queue of this certificate authority. - * + * * @return CA's request queue */ public IRequestQueue getRequestQueue(); /** * Retrieves the policy processor of this certificate authority. - * + * * @return CA's policy processor */ public IPolicyProcessor getPolicyProcessor(); public boolean noncesEnabled(); - public Nonces getNonces(); + + public Nonces getNonces(); /** * Retrieves the publishing processor of this certificate authority. - * + * * @return CA's publishing processor */ public IPublisherProcessor getPublisherProcessor(); /** * Retrieves the next available serial number. - * + * * @return next available serial number */ public String getStartSerial(); /** * Sets the next available serial number. - * + * * @param serial next available serial number * @exception EBaseException failed to set next available serial number */ public void setStartSerial(String serial) throws EBaseException; /** - * Retrieves the last serial number that can be used for + * Retrieves the last serial number that can be used for * certificate issuance in this certificate authority. - * + * * @return the last serial number */ public String getMaxSerial(); /** - * Sets the last serial number that can be used for + * Sets the last serial number that can be used for * certificate issuance in this certificate authority. - * + * * @param serial the last serial number * @exception EBaseException failed to set the last serial number */ @@ -177,21 +175,21 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the default signature algorithm of this certificate authority. - * + * * @return the default signature algorithm of this CA */ public SignatureAlgorithm getDefaultSignatureAlgorithm(); /** * Retrieves the default signing algorithm of this certificate authority. - * + * * @return the default signing algorithm of this CA */ public String getDefaultAlgorithm(); /** * Sets the default signing algorithm of this certificate authority. - * + * * @param algorithm new default signing algorithm * @exception EBaseException failed to set the default signing algorithm */ @@ -199,7 +197,7 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the supported signing algorithms of this certificate authority. - * + * * @return the supported signing algorithms of this CA */ public String[] getCASigningAlgorithms(); @@ -207,30 +205,30 @@ public interface ICertificateAuthority extends ISubsystem { /** * Allows certificates to have validities that are longer * than this certificate authority's. - * + * * @param enableCAPast if equals "true", it allows certificates - * to have validity longer than CA's certificate validity + * to have validity longer than CA's certificate validity * @exception EBaseException failed to set above option */ - public void setValidity(String enableCAPast) throws EBaseException; + public void setValidity(String enableCAPast) throws EBaseException; /** * Retrieves the default validity period. - * + * * @return the default validity length in days */ public long getDefaultValidity(); /** * Retrieves all the CRL issuing points. - * + * * @return enumeration of all the CRL issuing points */ public Enumeration<ICRLIssuingPoint> getCRLIssuingPoints(); /** * Retrieves CRL issuing point with the given identifier. - * + * * @param id CRL issuing point id * @return CRL issuing point with given id */ @@ -238,7 +236,7 @@ public interface ICertificateAuthority extends ISubsystem { /** * Adds CRL issuing point with the given identifier and description. - * + * * @param crlSubStore sub-store with all CRL issuing points * @param id CRL issuing point id * @param description CRL issuing point description @@ -249,7 +247,7 @@ public interface ICertificateAuthority extends ISubsystem { /** * Deletes CRL issuing point with the given identifier. - * + * * @param crlSubStore sub-store with all CRL issuing points * @param id CRL issuing point id */ @@ -257,77 +255,77 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the CRL repository. - * + * * @return CA's CRL repository */ public ICRLRepository getCRLRepository(); /** * Retrieves the Replica ID repository. - * + * * @return CA's Replica ID repository */ public IReplicaIDRepository getReplicaRepository(); /** * Retrieves the request in queue listener. - * + * * @return the request in queue listener */ public IRequestListener getRequestInQListener(); /** * Retrieves all request listeners. - * + * * @return name enumeration of all request listeners */ - public Enumeration<String> getRequestListenerNames(); + public Enumeration<String> getRequestListenerNames(); /** * Retrieves the request listener for issued certificates. - * + * * @return the request listener for issued certificates */ public IRequestListener getCertIssuedListener(); /** * Retrieves the request listener for revoked certificates. - * + * * @return the request listener for revoked certificates */ public IRequestListener getCertRevokedListener(); /** * Retrieves the CA certificate chain. - * + * * @return the CA certificate chain */ - public CertificateChain getCACertChain(); + public CertificateChain getCACertChain(); /** * Retrieves the CA certificate. - * + * * @return the CA certificate */ public org.mozilla.jss.crypto.X509Certificate getCaX509Cert(); /** * Retrieves the CA certificate. - * + * * @return the CA certificate */ public X509CertImpl getCACert(); /** * Updates the CRL immediately for MasterCRL issuing point if it exists. - * + * * @exception EBaseException failed to create or publish CRL */ public void updateCRLNow() throws EBaseException; /** * Publishes the CRL immediately for MasterCRL issuing point if it exists. - * + * * @exception EBaseException failed to publish CRL */ public void publishCRLNow() throws EBaseException; @@ -335,7 +333,7 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the signing unit that manages the CA signing key for * signing certificates. - * + * * @return the CA signing unit for certificates */ public ISigningUnit getSigningUnit(); @@ -343,7 +341,7 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the signing unit that manages the CA signing key for * signing CRL. - * + * * @return the CA signing unit for CRLs */ public ISigningUnit getCRLSigningUnit(); @@ -351,28 +349,28 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the signing unit that manages the CA signing key for * signing OCSP response. - * + * * @return the CA signing unit for OCSP responses */ public ISigningUnit getOCSPSigningUnit(); /** * Sets the maximium path length in the basic constraint extension. - * + * * @param num the maximium path length */ public void setBasicConstraintMaxLen(int num); /** * Is this a clone CA? - * + * * @return true if this is a clone CA */ public boolean isClone(); /** * Retrieves the request listener by name. - * + * * @param name request listener name * @return the request listener */ @@ -382,17 +380,17 @@ public interface ICertificateAuthority extends ISubsystem { * get request notifier */ public IRequestNotifier getRequestNotifier(); - + /** * Registers a request listener. - * + * * @param listener request listener to be registered */ public void registerRequestListener(IRequestListener listener); /** * Registers a request listener. - * + * * @param name under request listener is going to be registered * @param listener request listener to be registered */ @@ -400,32 +398,32 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the issuer name of this certificate authority. - * + * * @return the issuer name of this certificate authority */ public X500Name getX500Name(); /** * Retrieves the issuer name of this certificate authority issuing point. - * + * * @return the issuer name of this certificate authority issuing point */ - public X500Name getCRLX500Name(); + public X500Name getCRLX500Name(); /** * Signs the given CRL with the specific algorithm. - * + * * @param crl CRL to be signed * @param algname algorithm used for signing * @return signed CRL * @exception EBaseException failed to sign CRL */ public X509CRLImpl sign(X509CRLImpl crl, String algname) - throws EBaseException; + throws EBaseException; /** * Logs a message to this certificate authority. - * + * * @param level logging level * @param msg logged message */ @@ -433,25 +431,25 @@ public interface ICertificateAuthority extends ISubsystem { /** * Returns the nickname for the CA signing certificate. - * + * * @return the nickname for the CA signing certificate */ public String getNickname(); /** * Signs a X.509 certificate template. - * + * * @param certInfo X.509 certificate template * @param algname algorithm used for signing * @return signed certificate * @exception EBaseException failed to sign certificate */ public X509CertImpl sign(X509CertInfo certInfo, String algname) - throws EBaseException; + throws EBaseException; /** * Retrieves the default certificate version. - * + * * @return the default version certificate */ public CertificateVersion getDefaultCertVersion(); @@ -459,7 +457,7 @@ public interface ICertificateAuthority extends ISubsystem { /** * Is this CA allowed to issue certificate that has longer * validty than the CA's. - * + * * @return true if allows certificates to have validity longer than CA's */ public boolean isEnablePastCATime(); @@ -467,30 +465,30 @@ public interface ICertificateAuthority extends ISubsystem { /** * Retrieves the CA service object that is responsible for * processing requests. - * + * * @return CA service object */ public IService getCAService(); /** * Returns the in-memory count of the processed OCSP requests. - * + * * @return number of processed OCSP requests in memory */ public long getNumOCSPRequest(); /** - * Returns the in-memory time (in mini-second) of + * Returns the in-memory time (in mini-second) of * the processed time for OCSP requests. - * + * * @return processed times for OCSP requests */ public long getOCSPRequestTotalTime(); /** - * Returns the in-memory time (in mini-second) of + * Returns the in-memory time (in mini-second) of * the signing time for OCSP requests. - * + * * @return processed times for OCSP requests */ public long getOCSPTotalSignTime(); @@ -498,7 +496,7 @@ public interface ICertificateAuthority extends ISubsystem { /** * Returns the total data signed * for OCSP requests. - * + * * @return processed times for OCSP requests */ public long getOCSPTotalData(); |