diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv/security')
8 files changed, 255 insertions, 260 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/security/Credential.java b/pki/base/common/src/com/netscape/certsrv/security/Credential.java index 9aff49ad..48038a40 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/Credential.java +++ b/pki/base/common/src/com/netscape/certsrv/security/Credential.java @@ -17,12 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - /** * A class represents a credential. A credential contains * information that identifies a user. In this case, * identifier and password are used. - * + * * @version $Revision$, $Date$ */ public class Credential implements java.io.Serializable { @@ -36,7 +35,7 @@ public class Credential implements java.io.Serializable { /** * Constructs credential object. - * + * * @param id user id * @param password user password */ @@ -44,10 +43,10 @@ public class Credential implements java.io.Serializable { mId = id; mPassword = password; } - + /** * Retrieves identifier. - * + * * @return user id */ public String getIdentifier() { @@ -56,7 +55,7 @@ public class Credential implements java.io.Serializable { /** * Retrieves password. - * + * * @return user password */ public String getPassword() { diff --git a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java index ab910b37..50a0e1a1 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java +++ b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - import java.io.IOException; import java.security.KeyPair; import java.security.cert.CertificateException; @@ -37,11 +36,10 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.common.NameValuePairs; - /** * This interface represents the cryptographics subsystem * that provides all the security related functions. - * + * * @version $Revision$, $Date$ */ public interface ICryptoSubsystem extends ISubsystem { @@ -51,7 +49,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves a list of nicknames of certificates that are * in the installed tokens. - * + * * @return a list of comma-separated nicknames * @exception EBaseException failed to retrieve nicknames */ @@ -59,7 +57,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves certificate in pretty-print format by the nickname. - * + * * @param nickname nickname of certificate * @param date not after of the returned certificate must be date * @param locale user locale @@ -67,50 +65,53 @@ public interface ICryptoSubsystem extends ISubsystem { * @exception EBaseException failed to retrieve certificate */ public String getCertPrettyPrint(String nickname, String date, - Locale locale) throws EBaseException; + Locale locale) throws EBaseException; + public String getRootCertTrustBit(String nickname, String serialno, - String issuerName) throws EBaseException; - public String getCertPrettyPrint(String nickname, String serialno, - String issuername, Locale locale) throws EBaseException; - public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, - String issuername, Locale locale) throws EBaseException; + String issuerName) throws EBaseException; + + public String getCertPrettyPrint(String nickname, String serialno, + String issuername, Locale locale) throws EBaseException; + + public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, + String issuername, Locale locale) throws EBaseException; /** * Retrieves the certificate in the pretty print format. - * + * * @param b64E certificate in mime-64 encoded format * @param locale end user locale * @return certificate in pretty-print format * @exception EBaseException failed to retrieve certificate */ - public String getCertPrettyPrint(String b64E, Locale locale) - throws EBaseException; + public String getCertPrettyPrint(String b64E, Locale locale) + throws EBaseException; /** * Imports certificate into the server. - * + * * @param b64E certificate in mime-64 encoded format * @param nickname nickname for the importing certificate * @param certType certificate type * @exception EBaseException failed to import certificate */ public void importCert(String b64E, String nickname, String certType) - throws EBaseException; + throws EBaseException; /** * Imports certificate into the server. - * + * * @param signedCert certificate * @param nickname nickname for the importing certificate * @param certType certificate type * @exception EBaseException failed to import certificate */ public void importCert(X509CertImpl signedCert, String nickname, - String certType) throws EBaseException; + String certType) throws EBaseException; /** * Generates a key pair based on the given parameters. - * + * * @param properties key parameters * @return key pair * @exception EBaseException failed to generate key pair @@ -119,7 +120,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves the key pair based on the given nickname. - * + * * @param nickname nickname of the public key * @exception EBaseException failed to retrieve key pair */ @@ -127,7 +128,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Generates a key pair based on the given parameters. - * + * * @param tokenName name of token where key is generated * @param alg key algorithm * @param keySize key size @@ -135,11 +136,11 @@ public interface ICryptoSubsystem extends ISubsystem { * @exception EBaseException failed to generate key pair */ public KeyPair getKeyPair(String tokenName, String alg, - int keySize) throws EBaseException; + int keySize) throws EBaseException; /** * Generates a key pair based on the given parameters. - * + * * @param tokenName name of token where key is generated * @param alg key algorithm * @param keySize key size @@ -148,11 +149,11 @@ public interface ICryptoSubsystem extends ISubsystem { * @exception EBaseException failed to generate key pair */ public KeyPair getKeyPair(String tokenName, String alg, - int keySize, PQGParams pqg) throws EBaseException; + int keySize, PQGParams pqg) throws EBaseException; /** * Generates an ECC key pair based on the given parameters. - * + * * @param properties key parameters * @return key pair * @exception EBaseException failed to generate key pair @@ -161,7 +162,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Generates an ECC key pair based on the given parameters. - * + * * @param token token name * @param curveName curve name * @param certType type of cert(sslserver etc..) @@ -173,16 +174,16 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves the signature algorithm of the certificate named * by the given nickname. - * + * * @param nickname nickname of the certificate * @return signature algorithm - * @exception EBaseException failed to retrieve signature + * @exception EBaseException failed to retrieve signature */ public String getSignatureAlgorithm(String nickname) throws EBaseException; /** * Checks if the given dn is a valid distinguished name. - * + * * @param dn distinguished name * @exception EBaseException failed to check */ @@ -192,7 +193,7 @@ public interface ICryptoSubsystem extends ISubsystem { * Retrieves CA's signing algorithm id. If it is DSA algorithm, * algorithm is constructed by reading the parameters * ca.dsaP, ca.dsaQ, ca.dsaG. - * + * * @param algname DSA or RSA * @param store configuration store. * @return algorithm id @@ -203,57 +204,57 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves subject name of the certificate that is identified by * the given nickname. - * + * * @param tokenname name of token where the nickname is valid * @param nickname nickname of the certificate * @return subject name * @exception EBaseException failed to get subject name */ public String getCertSubjectName(String tokenname, String nickname) - throws EBaseException; + throws EBaseException; /** * Retrieves extensions of the certificate that is identified by * the given nickname. - * + * * @param tokenname name of token where the nickname is valid * @param nickname nickname of the certificate * @return certificate extensions * @exception EBaseException failed to get extensions */ public CertificateExtensions getExtensions(String tokenname, String nickname - ) - throws EBaseException; + ) + throws EBaseException; /** * Deletes certificate of the given nickname. - * + * * @param nickname nickname of the certificate * @param pathname path where a copy of the deleted certificate is stored * @exception EBaseException failed to delete certificate */ - public void deleteTokenCertificate(String nickname, String pathname) - throws EBaseException; + public void deleteTokenCertificate(String nickname, String pathname) + throws EBaseException; /** * Delete certificate of the given nickname. - * + * * @param nickname nickname of the certificate - * @param notAfterTime The notAfter of the certificate. It - * is possible to ge t multiple certificates under - * the same nickname. If one of the certificates match - * the notAfterTime, then the certificate will get - * deleted. The format of the notAfterTime has to be - * in "MMMMM dd, yyyy HH:mm:ss" format. + * @param notAfterTime The notAfter of the certificate. It + * is possible to ge t multiple certificates under + * the same nickname. If one of the certificates match + * the notAfterTime, then the certificate will get + * deleted. The format of the notAfterTime has to be + * in "MMMMM dd, yyyy HH:mm:ss" format. * @exception EBaseException failed to delete certificate */ - public void deleteCert(String nickname, String notAfterTime) - throws EBaseException; + public void deleteCert(String nickname, String notAfterTime) + throws EBaseException; /** * Retrieves the subject DN of the certificate identified by * the nickname. - * + * * @param nickname nickname of the certificate * @return subject distinguished name * @exception EBaseException failed to retrieve subject DN @@ -262,19 +263,19 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Trusts a certificate for all available purposes. - * + * * @param nickname nickname of the certificate * @param date certificate's not before * @param trust "Trust" or other * @exception EBaseException failed to trust certificate */ - public void trustCert(String nickname, String date, String trust) - throws EBaseException; + public void trustCert(String nickname, String date, String trust) + throws EBaseException; /** * Checks if the given base-64 encoded string contains an extension * or a sequence of extensions. - * + * * @param ext extension or sequence of extension encoded in base-64 * @exception EBaseException failed to check encoding */ @@ -282,16 +283,17 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Gets all certificates on all tokens for Certificate Database Management. - * + * * @return all certificates * @exception EBaseException failed to retrieve certificates */ public NameValuePairs getAllCertsManage() throws EBaseException; + public NameValuePairs getUserCerts() throws EBaseException; /** * Gets all CA certificates on all tokens. - * + * * @return all CA certificates * @exception EBaseException failed to retrieve certificates */ @@ -300,17 +302,17 @@ public interface ICryptoSubsystem extends ISubsystem { public NameValuePairs getRootCerts() throws EBaseException; public void setRootCertTrust(String nickname, String serialno, - String issuername, String trust) throws EBaseException; + String issuername, String trust) throws EBaseException; public void deleteRootCert(String nickname, String serialno, - String issuername) throws EBaseException; + String issuername) throws EBaseException; public void deleteUserCert(String nickname, String serialno, - String issuername) throws EBaseException; + String issuername) throws EBaseException; /** * Retrieves PQG parameters based on key size. - * + * * @param keysize key size * @return pqg parameters */ @@ -318,91 +320,91 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves PQG parameters based on key size. - * + * * @param keysize key size * @param store configuration store * @return pqg parameters */ public PQGParams getCAPQG(int keysize, IConfigStore store) - throws EBaseException; + throws EBaseException; /** * Retrieves extensions of the certificate that is identified by * the given nickname. - * + * * @param tokenname token name * @param nickname nickname * @return certificate extensions */ public CertificateExtensions getCertExtensions(String tokenname, String nickname - ) - throws NotInitializedException, TokenException, ObjectNotFoundException, + ) + throws NotInitializedException, TokenException, ObjectNotFoundException, - IOException, CertificateException; + IOException, CertificateException; /** * Checks if the given token is logged in. - * + * * @param name token name * @return true if token is logged in - * @exception EBaseException failed to login + * @exception EBaseException failed to login */ public boolean isTokenLoggedIn(String name) throws EBaseException; /** * Logs into token. - * + * * @param tokenName name of the token * @param pwd token password * @exception EBaseException failed to login */ - public void loggedInToken(String tokenName, String pwd) - throws EBaseException; + public void loggedInToken(String tokenName, String pwd) + throws EBaseException; /** * Generates certificate request from the given key pair. - * + * * @param subjectName subject name to use in the request * @param kp key pair that contains public key material * @return certificate request in base-64 encoded format * @exception EBaseException failed to generate request */ public String getCertRequest(String subjectName, KeyPair kp) - throws EBaseException; + throws EBaseException; /** * Checks if fortezza is enabled. - * + * * @return "true" if fortezza is enabled */ public String isCipherFortezza() throws EBaseException; /** * Retrieves the SSL cipher version. - * + * * @return cipher version (i.e. "cipherdomestic") */ public String getCipherVersion() throws EBaseException; /** * Retrieves the cipher preferences. - * + * * @return cipher preferences (i.e. "rc4export,rc2export,...") */ public String getCipherPreferences() throws EBaseException; /** * Sets the current SSL cipher preferences. - * + * * @param cipherPrefs cipher preferences (i.e. "rc4export,rc2export,...") * @exception EBaseException failed to set cipher preferences */ public void setCipherPreferences(String cipherPrefs) - throws EBaseException; + throws EBaseException; /** * Retrieves a list of currently registered token names. - * + * * @return list of token names * @exception EBaseException failed to retrieve token list */ @@ -411,7 +413,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves all certificates. The result list will not * contain the token tag. - * + * * @param name token name * @return list of certificates without token tag * @exception EBaseException failed to retrieve @@ -420,7 +422,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves the token name of the internal (software) token. - * + * * @return the token name * @exception EBaseException failed to retrieve token name */ @@ -429,7 +431,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Checks to see if the certificate of the given nickname is a * CA certificate. - * + * * @param fullNickname nickname of the certificate to check * @return true if it is a CA certificate * @exception EBaseException failed to check @@ -438,27 +440,27 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Adds the specified number of bits of entropy from the system - * entropy generator to the RNG of the default PKCS#11 RNG token. + * entropy generator to the RNG of the default PKCS#11 RNG token. * The default token is set using the modutil command. - * Note that the system entropy generator (usually /dev/random) - * will block until sufficient entropy is collected. - * + * Note that the system entropy generator (usually /dev/random) + * will block until sufficient entropy is collected. + * * @param bits number of bits of entropy * @exception org.mozilla.jss.util.NotImplementedException If the Crypto device does not support - * adding entropy - * @exception TokenException If there was some other problem with the Crypto device - * @exception IOException If there was a problem reading from the /dev/random + * adding entropy + * @exception TokenException If there was some other problem with the Crypto device + * @exception IOException If there was a problem reading from the /dev/random */ public void addEntropy(int bits) - throws org.mozilla.jss.util.NotImplementedException, + throws org.mozilla.jss.util.NotImplementedException, IOException, TokenException; /** * Signs the certificate template into the given data and returns * a signed certificate. - * + * * @param data data that contains certificate template * @param certType certificate type * @param priKey CA signing key diff --git a/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java b/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java index 984425a5..e318188a 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java +++ b/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java @@ -17,24 +17,22 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - import java.security.PublicKey; import org.mozilla.jss.crypto.PrivateKey; import com.netscape.certsrv.base.EBaseException; - /** * An interface represents a encryption unit. - * + * * @version $Revision$, $Date$ */ public interface IEncryptionUnit extends IToken { /** * Retrieves the public key in this unit. - * + * * @return public key */ public PublicKey getPublicKey(); @@ -42,16 +40,16 @@ public interface IEncryptionUnit extends IToken { /** * Wraps data. The given key will be wrapped by the * private key in this unit. - * + * * @param priKey private key to be wrapped - * @return wrapped data + * @return wrapped data * @exception EBaseException failed to wrap */ public byte[] wrap(PrivateKey priKey) throws EBaseException; /** - * Verifies the given key pair. - * + * Verifies the given key pair. + * * @param publicKey public key * @param privateKey private key */ @@ -61,9 +59,9 @@ public interface IEncryptionUnit extends IToken { /** * Unwraps data. This method rebuilds the private key by * unwrapping the private key data. - * + * * @param sessionKey session key that unwrap the private key - * @param symmAlgOID symmetric algorithm + * @param symmAlgOID symmetric algorithm * @param symmAlgParams symmetric algorithm parameters * @param privateKey private key data * @param pubKey public key @@ -71,56 +69,56 @@ public interface IEncryptionUnit extends IToken { * @exception EBaseException failed to unwrap */ public PrivateKey unwrap(byte sessionKey[], String symmAlgOID, - byte symmAlgParams[], byte privateKey[], - PublicKey pubKey) - throws EBaseException; + byte symmAlgParams[], byte privateKey[], + PublicKey pubKey) + throws EBaseException; /** * Unwraps data. This method rebuilds the private key by * unwrapping the private key data. - * + * * @param privateKey private key data * @param pubKey public key object * @return private key object * @exception EBaseException failed to unwrap */ public PrivateKey unwrap(byte privateKey[], PublicKey pubKey) - throws EBaseException; - + throws EBaseException; + /** * Encrypts the internal private key (private key to the KRA's * internal storage). - * + * * @param rawPrivate user's private key (key to be archived) * @return encrypted data * @exception EBaseException failed to encrypt */ public byte[] encryptInternalPrivate(byte rawPrivate[]) - throws EBaseException; + throws EBaseException; /** * Decrypts the internal private key (private key from the KRA's * internal storage). - * + * * @param wrappedPrivateData unwrapped private key data (key to be recovered) * @return raw private key * @exception EBaseException failed to decrypt */ public byte[] decryptInternalPrivate(byte wrappedPrivateData[]) - throws EBaseException; + throws EBaseException; /** * Decrypts the external private key (private key from the end-user). - * + * * @param sessionKey session key that protects the user private - * @param symmAlgOID symmetric algorithm + * @param symmAlgOID symmetric algorithm * @param symmAlgParams symmetric algorithm parameters * @param privateKey private key data * @return private key data * @exception EBaseException failed to decrypt */ - public byte[] decryptExternalPrivate(byte sessionKey[], - String symmAlgOID, - byte symmAlgParams[], byte privateKey[]) - throws EBaseException; + public byte[] decryptExternalPrivate(byte sessionKey[], + String symmAlgOID, + byte symmAlgParams[], byte privateKey[]) + throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java b/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java index 664d5c1f..7fbed0b6 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java +++ b/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - import java.security.PublicKey; import netscape.security.x509.X509CertImpl; @@ -30,7 +29,7 @@ import com.netscape.certsrv.base.EBaseException; /** * A class represents the signing unit which is * capable of signing data. - * + * * @version $Revision$, $Date$ */ public interface ISigningUnit { @@ -46,11 +45,11 @@ public interface ISigningUnit { /** * Retrieves the nickname of the signing certificate. */ - public String getNickname(); + public String getNickname(); /** * Retrieves the new nickname in the renewal process. - * + * * @return new nickname * @exception EBaseException failed to get new nickname */ @@ -58,39 +57,39 @@ public interface ISigningUnit { /** * Sets new nickname of the signing certificate. - * + * * @param name nickname */ public void setNewNickName(String name); /** * Retrieves the signing certificate. - * + * * @return signing certificate */ public X509Certificate getCert(); /** * Retrieves the signing certificate. - * + * * @return signing certificate */ public X509CertImpl getCertImpl(); /** * Signs the given data in specific algorithm. - * + * * @param data data to be signed * @param algname signing algorithm to be used * @return signed data * @exception EBaseException failed to sign */ public byte[] sign(byte[] data, String algname) - throws EBaseException; - + throws EBaseException; + /** * Verifies the signed data. - * + * * @param data signed data * @param signature signature * @param algname signing algorithm @@ -98,18 +97,18 @@ public interface ISigningUnit { * @exception EBaseException failed to verify */ public boolean verify(byte[] data, byte[] signature, String algname) - throws EBaseException; + throws EBaseException; /** * Retrieves the default algorithm. - * + * * @return default signing algorithm */ public SignatureAlgorithm getDefaultSignatureAlgorithm(); /** * Retrieves the default algorithm name. - * + * * @return default signing algorithm name */ public String getDefaultAlgorithm(); @@ -124,15 +123,15 @@ public interface ISigningUnit { /** * Retrieves all supported signing algorithm of this unit. - * + * * @return a list of signing algorithms * @exception EBaseException failed to list - */ + */ public String[] getAllAlgorithms() throws EBaseException; /** * Retrieves the token name of this unit. - * + * * @return token name * @exception EBaseException failed to retrieve name */ @@ -140,7 +139,7 @@ public interface ISigningUnit { /** * Updates new nickname and tokename in the configuration file. - * + * * @param nickname new nickname * @param tokenname new tokenname */ @@ -148,19 +147,18 @@ public interface ISigningUnit { /** * Checks if the given algorithm name is supported. - * + * * @param algname algorithm name * @return signing algorithm * @exception EBaseException failed to check signing algorithm */ public SignatureAlgorithm checkSigningAlgorithmFromName(String algname) - throws EBaseException; + throws EBaseException; /** * Retrieves the public key associated in this unit. - * + * * @return public key */ public PublicKey getPublicKey(); } - diff --git a/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java b/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java index 02ebc616..336bf57a 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java +++ b/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java @@ -17,26 +17,24 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - import java.util.Enumeration; import org.mozilla.jss.crypto.CryptoToken; import com.netscape.certsrv.base.EBaseException; - /** * An interface represents a storage key unit. This storage * unit contains a storage key pair that is used for * encrypting the user private key for long term storage. - * + * * @version $Revision$, $Date$ */ public interface IStorageKeyUnit extends IEncryptionUnit { /** * Retrieves total number of recovery agents. - * + * * @return total number of recovery agents */ public int getNoOfAgents() throws EBaseException; @@ -51,33 +49,33 @@ public interface IStorageKeyUnit extends IEncryptionUnit { /** * Sets the numer of required recovery agents - * + * * @param number number of required agents */ public void setNoOfRequiredAgents(int number); /** * Retrieves a list of agents in this unit. - * + * * @return a list of string-based agent identifiers */ public Enumeration getAgentIdentifiers(); /** * Changes agent password. - * + * * @param id agent id * @param oldpwd old password * @param newpwd new password * @return true if operation successful * @exception EBaseException failed to change password */ - public boolean changeAgentPassword(String id, String oldpwd, - String newpwd) throws EBaseException; + public boolean changeAgentPassword(String id, String oldpwd, + String newpwd) throws EBaseException; /** * Changes M-N recovery scheme. - * + * * @param n total number of agents * @param m required number of agents for recovery operation * @param oldcreds all old credentials @@ -86,11 +84,11 @@ public interface IStorageKeyUnit extends IEncryptionUnit { * @exception EBaseException failed to change schema */ public boolean changeAgentMN(int n, int m, Credential oldcreds[], - Credential newcreds[]) throws EBaseException; - + Credential newcreds[]) throws EBaseException; + /** * Logins to this unit. - * + * * @param ac agent's credentials * @exception EBaseException failed to login */ diff --git a/pki/base/common/src/com/netscape/certsrv/security/IToken.java b/pki/base/common/src/com/netscape/certsrv/security/IToken.java index 0b79cfcf..05aff64f 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/IToken.java +++ b/pki/base/common/src/com/netscape/certsrv/security/IToken.java @@ -17,20 +17,18 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - import com.netscape.certsrv.base.EBaseException; - /** * An interface represents a generic token unit. - * + * * @version $Revision$, $Date$ */ public interface IToken { /** * Logins to the token unit. - * + * * @param pin password to access the token * @exception EBaseException failed to login to this token */ diff --git a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java index 2edfa12a..0a012e8a 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java +++ b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - import java.security.PublicKey; import org.mozilla.jss.crypto.CryptoToken; @@ -26,27 +25,32 @@ import org.mozilla.jss.crypto.SymmetricKey; import com.netscape.certsrv.base.EBaseException; - /** - * An interface represents the transport key pair. - * This key pair is used to protected EE's private + * An interface represents the transport key pair. + * This key pair is used to protected EE's private * key in transit. - * + * * @version $Revision$, $Date$ */ public interface ITransportKeyUnit extends IEncryptionUnit { /** * Retrieves public key. - * + * * @return certificate */ public org.mozilla.jss.crypto.X509Certificate getCertificate(); + public SymmetricKey unwrap_sym(byte encSymmKey[]); + public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[]); + public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey - pubKey) throws EBaseException; + pubKey) throws EBaseException; + public CryptoToken getToken(); - public String getSigningAlgorithm() throws EBaseException; - public void setSigningAlgorithm(String str) throws EBaseException; + + public String getSigningAlgorithm() throws EBaseException; + + public void setSigningAlgorithm(String str) throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java b/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java index 484e5e73..dbcc0118 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java +++ b/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - import java.math.BigInteger; import java.security.KeyPair; import java.util.Properties; @@ -53,7 +52,7 @@ public class KeyCertData extends Properties { /** * Retrieves the key pair from this container. - * + * * @return key pair */ public KeyPair getKeyPair() { @@ -62,7 +61,7 @@ public class KeyCertData extends Properties { /** * Sets key pair into this container. - * + * * @param keypair key pair */ public void setKeyPair(KeyPair keypair) { @@ -71,7 +70,7 @@ public class KeyCertData extends Properties { /** * Retrieves the issuer name from this container. - * + * * @return issuer name */ public String getIssuerName() { @@ -80,7 +79,7 @@ public class KeyCertData extends Properties { /** * Sets the issuer name in this container. - * + * * @param name issuer name */ public void setIssuerName(String name) { @@ -89,7 +88,7 @@ public class KeyCertData extends Properties { /** * Retrieves certificate server instance name. - * + * * @return instance name */ public String getCertInstanceName() { @@ -98,7 +97,7 @@ public class KeyCertData extends Properties { /** * Sets certificate server instance name. - * + * * @param name instance name */ public void setCertInstanceName(String name) { @@ -107,16 +106,16 @@ public class KeyCertData extends Properties { /** * Retrieves certificate nickname. - * + * * @return certificate nickname */ public String getCertNickname() { return (String) get(Constants.PR_NICKNAME); } - + /** * Sets certificate nickname. - * + * * @param nickname certificate nickname */ public void setCertNickname(String nickname) { @@ -125,7 +124,7 @@ public class KeyCertData extends Properties { /** * Retrieves key length. - * + * * @return key length */ public String getKeyLength() { @@ -134,7 +133,7 @@ public class KeyCertData extends Properties { /** * Sets key length. - * + * * @param len key length */ public void setKeyLength(String len) { @@ -143,7 +142,7 @@ public class KeyCertData extends Properties { /** * Retrieves key type. - * + * * @return key type */ public String getKeyType() { @@ -152,7 +151,7 @@ public class KeyCertData extends Properties { /** * Sets key type. - * + * * @param type key type */ public void setKeyType(String type) { @@ -161,7 +160,7 @@ public class KeyCertData extends Properties { /** * Retrieves key curve name. - * + * * @return key curve name */ public String getKeyCurveName() { @@ -170,7 +169,7 @@ public class KeyCertData extends Properties { /** * Sets key curvename. - * + * * @param len key curvename */ public void setKeyCurveName(String len) { @@ -179,7 +178,7 @@ public class KeyCertData extends Properties { /** * Retrieves signature algorithm. - * + * * @return signature algorithm */ public SignatureAlgorithm getSignatureAlgorithm() { @@ -188,7 +187,7 @@ public class KeyCertData extends Properties { /** * Sets signature algorithm - * + * * @param alg signature algorithm */ public void setSignatureAlgorithm(SignatureAlgorithm alg) { @@ -197,7 +196,7 @@ public class KeyCertData extends Properties { /** * Retrieves algorithm used to sign the root CA Cert. - * + * * @return signature algorithm */ public String getSignedBy() { @@ -206,7 +205,7 @@ public class KeyCertData extends Properties { /** * Sets signature algorithm used to sign root CA cert - * + * * @param alg signature algorithm */ public void setSignedBy(String alg) { @@ -215,7 +214,7 @@ public class KeyCertData extends Properties { /** * Retrieves signature algorithm. - * + * * @return signature algorithm */ public AlgorithmId getAlgorithmId() { @@ -224,7 +223,7 @@ public class KeyCertData extends Properties { /** * Sets algorithm identifier - * + * * @param id signature algorithm */ public void setAlgorithmId(AlgorithmId id) { @@ -233,7 +232,7 @@ public class KeyCertData extends Properties { /** * Retrieves serial number. - * + * * @return serial number */ public BigInteger getSerialNumber() { @@ -242,7 +241,7 @@ public class KeyCertData extends Properties { /** * Sets serial number. - * + * * @param num serial number */ public void setSerialNumber(BigInteger num) { @@ -251,16 +250,16 @@ public class KeyCertData extends Properties { /** * Retrieves configuration file. - * + * * @return configuration file */ public IConfigStore getConfigFile() { - return (IConfigStore)(get("cmsFile")); + return (IConfigStore) (get("cmsFile")); } /** * Sets configuration file. - * + * * @param file configuration file */ public void setConfigFile(IConfigStore file) { @@ -269,7 +268,7 @@ public class KeyCertData extends Properties { /** * Retrieves begining year of validity. - * + * * @return begining year */ public String getBeginYear() { @@ -278,7 +277,7 @@ public class KeyCertData extends Properties { /** * Sets begining year of validity. - * + * * @param year begining year */ public void setBeginYear(String year) { @@ -287,7 +286,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending year of validity. - * + * * @return ending year */ public String getAfterYear() { @@ -296,7 +295,7 @@ public class KeyCertData extends Properties { /** * Sets ending year of validity. - * + * * @param year ending year */ public void setAfterYear(String year) { @@ -305,7 +304,7 @@ public class KeyCertData extends Properties { /** * Retrieves begining month of validity. - * + * * @return begining month */ public String getBeginMonth() { @@ -314,7 +313,7 @@ public class KeyCertData extends Properties { /** * Sets begining month of validity. - * + * * @param month begining month */ public void setBeginMonth(String month) { @@ -323,7 +322,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending month of validity. - * + * * @return ending month */ public String getAfterMonth() { @@ -332,7 +331,7 @@ public class KeyCertData extends Properties { /** * Sets ending month of validity. - * + * * @param month ending month */ public void setAfterMonth(String month) { @@ -341,7 +340,7 @@ public class KeyCertData extends Properties { /** * Retrieves begining date of validity. - * + * * @return begining date */ public String getBeginDate() { @@ -350,7 +349,7 @@ public class KeyCertData extends Properties { /** * Sets begining date of validity. - * + * * @param date begining date */ public void setBeginDate(String date) { @@ -359,7 +358,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending date of validity. - * + * * @return ending date */ public String getAfterDate() { @@ -368,7 +367,7 @@ public class KeyCertData extends Properties { /** * Sets ending date of validity. - * + * * @param date ending date */ public void setAfterDate(String date) { @@ -377,7 +376,7 @@ public class KeyCertData extends Properties { /** * Retrieves starting hour of validity. - * + * * @return starting hour */ public String getBeginHour() { @@ -386,7 +385,7 @@ public class KeyCertData extends Properties { /** * Sets starting hour of validity. - * + * * @param hour starting hour */ public void setBeginHour(String hour) { @@ -395,7 +394,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending hour of validity. - * + * * @return ending hour */ public String getAfterHour() { @@ -404,7 +403,7 @@ public class KeyCertData extends Properties { /** * Sets ending hour of validity. - * + * * @param hour ending hour */ public void setAfterHour(String hour) { @@ -413,16 +412,16 @@ public class KeyCertData extends Properties { /** * Retrieves starting minute of validity. - * + * * @return starting minute */ public String getBeginMin() { return (String) get(Constants.PR_BEGIN_MIN); } - + /** * Sets starting minute of validity. - * + * * @param min starting minute */ public void setBeginMin(String min) { @@ -431,7 +430,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending minute of validity. - * + * * @return ending minute */ public String getAfterMin() { @@ -440,7 +439,7 @@ public class KeyCertData extends Properties { /** * Sets ending minute of validity. - * + * * @param min ending minute */ public void setAfterMin(String min) { @@ -449,7 +448,7 @@ public class KeyCertData extends Properties { /** * Retrieves starting second of validity. - * + * * @return starting second */ public String getBeginSec() { @@ -458,7 +457,7 @@ public class KeyCertData extends Properties { /** * Sets starting second of validity. - * + * * @param sec starting second */ public void setBeginSec(String sec) { @@ -467,7 +466,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending second of validity. - * + * * @return ending second */ public String getAfterSec() { @@ -476,7 +475,7 @@ public class KeyCertData extends Properties { /** * Sets ending second of validity. - * + * * @param sec ending second */ public void setAfterSec(String sec) { @@ -485,7 +484,7 @@ public class KeyCertData extends Properties { /** * Retrieves CA key pair - * + * * @return CA key pair */ public KeyPair getCAKeyPair() { @@ -494,7 +493,7 @@ public class KeyCertData extends Properties { /** * Sets CA key pair - * + * * @param keypair key pair */ public void setCAKeyPair(KeyPair keypair) { @@ -503,7 +502,7 @@ public class KeyCertData extends Properties { /** * Retrieves extensions - * + * * @return extensions */ public String getDerExtension() { @@ -512,7 +511,7 @@ public class KeyCertData extends Properties { /** * Sets extensions - * + * * @param ext extensions */ public void setDerExtension(String ext) { @@ -521,7 +520,7 @@ public class KeyCertData extends Properties { /** * Retrieves isCA - * + * * @return "true" if it is CA */ public String isCA() { @@ -530,7 +529,7 @@ public class KeyCertData extends Properties { /** * Sets isCA - * + * * @param ext "true" if it is CA */ public void setCA(String ext) { @@ -539,7 +538,7 @@ public class KeyCertData extends Properties { /** * Retrieves key length - * + * * @return certificate's key length */ public String getCertLen() { @@ -548,7 +547,7 @@ public class KeyCertData extends Properties { /** * Sets key length - * + * * @param len certificate's key length */ public void setCertLen(String len) { @@ -557,7 +556,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Client bit - * + * * @return SSL Client bit */ public String getSSLClientBit() { @@ -566,7 +565,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Client bit - * + * * @param sslClientBit SSL Client bit */ public void setSSLClientBit(String sslClientBit) { @@ -575,7 +574,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Server bit - * + * * @return SSL Server bit */ public String getSSLServerBit() { @@ -584,7 +583,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Server bit - * + * * @param sslServerBit SSL Server bit */ public void setSSLServerBit(String sslServerBit) { @@ -593,7 +592,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Mail bit - * + * * @return SSL Mail bit */ public String getSSLMailBit() { @@ -602,7 +601,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Mail bit - * + * * @param sslMailBit SSL Mail bit */ public void setSSLMailBit(String sslMailBit) { @@ -611,7 +610,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL CA bit - * + * * @return SSL CA bit */ public String getSSLCABit() { @@ -620,7 +619,7 @@ public class KeyCertData extends Properties { /** * Sets SSL CA bit - * + * * @param cabit SSL CA bit */ public void setSSLCABit(String cabit) { @@ -629,16 +628,16 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Signing bit - * + * * @return SSL Signing bit */ public String getObjectSigningBit() { return (String) get(Constants.PR_OBJECT_SIGNING_BIT); } - /** + /** * Retrieves Time Stamping bit - * + * * @return Time Stamping bit */ public String getTimeStampingBit() { @@ -647,7 +646,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Signing bit - * + * * @param objectSigningBit SSL Signing bit */ public void setObjectSigningBit(String objectSigningBit) { @@ -656,7 +655,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Mail CA bit - * + * * @return SSL Mail CA bit */ public String getMailCABit() { @@ -665,7 +664,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Mail CA bit - * + * * @param mailCABit SSL Mail CA bit */ public void setMailCABit(String mailCABit) { @@ -674,7 +673,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Object Signing bit - * + * * @return SSL Object Signing bit */ public String getObjectSigningCABit() { @@ -683,7 +682,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Object Signing bit - * + * * @param bit SSL Object Signing bit */ public void setObjectSigningCABit(String bit) { @@ -692,7 +691,7 @@ public class KeyCertData extends Properties { /** * Retrieves OCSP Signing flag - * + * * @return OCSP Signing flag */ public String getOCSPSigning() { @@ -701,7 +700,7 @@ public class KeyCertData extends Properties { /** * Sets OCSP Signing flag - * + * * @param aki OCSP Signing flag */ public void setOCSPSigning(String aki) { @@ -710,7 +709,7 @@ public class KeyCertData extends Properties { /** * Retrieves OCSP No Check flag - * + * * @return OCSP No Check flag */ public String getOCSPNoCheck() { @@ -719,7 +718,7 @@ public class KeyCertData extends Properties { /** * Sets OCSP No Check flag - * + * * @param noCheck OCSP No Check flag */ public void setOCSPNoCheck(String noCheck) { @@ -728,7 +727,7 @@ public class KeyCertData extends Properties { /** * Retrieves Authority Information Access flag - * + * * @return Authority Information Access flag */ public String getAIA() { @@ -737,7 +736,7 @@ public class KeyCertData extends Properties { /** * Sets Authority Information Access flag - * + * * @param aia Authority Information Access flag */ public void setAIA(String aia) { @@ -746,7 +745,7 @@ public class KeyCertData extends Properties { /** * Retrieves Authority Key Identifier flag - * + * * @return Authority Key Identifier flag */ public String getAKI() { @@ -755,7 +754,7 @@ public class KeyCertData extends Properties { /** * Sets Authority Key Identifier flag - * + * * @param aki Authority Key Identifier flag */ public void setAKI(String aki) { @@ -764,7 +763,7 @@ public class KeyCertData extends Properties { /** * Retrieves Subject Key Identifier flag - * + * * @return Subject Key Identifier flag */ public String getSKI() { @@ -773,7 +772,7 @@ public class KeyCertData extends Properties { /** * Sets Subject Key Identifier flag - * + * * @param ski Subject Key Identifier flag */ public void setSKI(String ski) { @@ -782,7 +781,7 @@ public class KeyCertData extends Properties { /** * Retrieves key usage extension - * + * * @return true if key usage extension set */ public boolean getKeyUsageExtension() { @@ -795,7 +794,7 @@ public class KeyCertData extends Properties { /** * Sets CA extensions - * + * * @param ext CA extensions */ public void setCAExtensions(CertificateExtensions ext) { @@ -804,7 +803,7 @@ public class KeyCertData extends Properties { /** * Retrieves CA extensions - * + * * @return CA extensions */ public CertificateExtensions getCAExtensions() { @@ -813,11 +812,10 @@ public class KeyCertData extends Properties { /** * Retrieves hash type - * + * * @return hash type */ public String getHashType() { return (String) get(ConfigConstants.PR_HASH_TYPE); } } - |