diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv/security')
8 files changed, 302 insertions, 312 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/security/Credential.java b/pki/base/common/src/com/netscape/certsrv/security/Credential.java index 9aff49ad..ea6ca400 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/Credential.java +++ b/pki/base/common/src/com/netscape/certsrv/security/Credential.java @@ -17,12 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - /** - * A class represents a credential. A credential contains - * information that identifies a user. In this case, - * identifier and password are used. - * + * A class represents a credential. A credential contains information that + * identifies a user. In this case, identifier and password are used. + * * @version $Revision$, $Date$ */ public class Credential implements java.io.Serializable { @@ -36,7 +34,7 @@ public class Credential implements java.io.Serializable { /** * Constructs credential object. - * + * * @param id user id * @param password user password */ @@ -44,10 +42,10 @@ public class Credential implements java.io.Serializable { mId = id; mPassword = password; } - + /** * Retrieves identifier. - * + * * @return user id */ public String getIdentifier() { @@ -56,7 +54,7 @@ public class Credential implements java.io.Serializable { /** * Retrieves password. - * + * * @return user password */ public String getPassword() { diff --git a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java index ab910b37..09ac7342 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java +++ b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - import java.io.IOException; import java.security.KeyPair; import java.security.cert.CertificateException; @@ -37,11 +36,10 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.common.NameValuePairs; - /** - * This interface represents the cryptographics subsystem - * that provides all the security related functions. - * + * This interface represents the cryptographics subsystem that provides all the + * security related functions. + * * @version $Revision$, $Date$ */ public interface ICryptoSubsystem extends ISubsystem { @@ -49,9 +47,9 @@ public interface ICryptoSubsystem extends ISubsystem { public static final String ID = "jss"; /** - * Retrieves a list of nicknames of certificates that are - * in the installed tokens. - * + * Retrieves a list of nicknames of certificates that are in the installed + * tokens. + * * @return a list of comma-separated nicknames * @exception EBaseException failed to retrieve nicknames */ @@ -59,7 +57,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves certificate in pretty-print format by the nickname. - * + * * @param nickname nickname of certificate * @param date not after of the returned certificate must be date * @param locale user locale @@ -67,50 +65,53 @@ public interface ICryptoSubsystem extends ISubsystem { * @exception EBaseException failed to retrieve certificate */ public String getCertPrettyPrint(String nickname, String date, - Locale locale) throws EBaseException; + Locale locale) throws EBaseException; + public String getRootCertTrustBit(String nickname, String serialno, - String issuerName) throws EBaseException; - public String getCertPrettyPrint(String nickname, String serialno, - String issuername, Locale locale) throws EBaseException; - public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, - String issuername, Locale locale) throws EBaseException; + String issuerName) throws EBaseException; + + public String getCertPrettyPrint(String nickname, String serialno, + String issuername, Locale locale) throws EBaseException; + + public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, + String issuername, Locale locale) throws EBaseException; /** * Retrieves the certificate in the pretty print format. - * + * * @param b64E certificate in mime-64 encoded format * @param locale end user locale * @return certificate in pretty-print format * @exception EBaseException failed to retrieve certificate */ - public String getCertPrettyPrint(String b64E, Locale locale) - throws EBaseException; + public String getCertPrettyPrint(String b64E, Locale locale) + throws EBaseException; /** * Imports certificate into the server. - * + * * @param b64E certificate in mime-64 encoded format * @param nickname nickname for the importing certificate * @param certType certificate type * @exception EBaseException failed to import certificate */ public void importCert(String b64E, String nickname, String certType) - throws EBaseException; + throws EBaseException; /** * Imports certificate into the server. - * + * * @param signedCert certificate * @param nickname nickname for the importing certificate * @param certType certificate type * @exception EBaseException failed to import certificate */ public void importCert(X509CertImpl signedCert, String nickname, - String certType) throws EBaseException; + String certType) throws EBaseException; /** * Generates a key pair based on the given parameters. - * + * * @param properties key parameters * @return key pair * @exception EBaseException failed to generate key pair @@ -119,7 +120,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves the key pair based on the given nickname. - * + * * @param nickname nickname of the public key * @exception EBaseException failed to retrieve key pair */ @@ -127,7 +128,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Generates a key pair based on the given parameters. - * + * * @param tokenName name of token where key is generated * @param alg key algorithm * @param keySize key size @@ -135,11 +136,11 @@ public interface ICryptoSubsystem extends ISubsystem { * @exception EBaseException failed to generate key pair */ public KeyPair getKeyPair(String tokenName, String alg, - int keySize) throws EBaseException; + int keySize) throws EBaseException; /** * Generates a key pair based on the given parameters. - * + * * @param tokenName name of token where key is generated * @param alg key algorithm * @param keySize key size @@ -148,11 +149,11 @@ public interface ICryptoSubsystem extends ISubsystem { * @exception EBaseException failed to generate key pair */ public KeyPair getKeyPair(String tokenName, String alg, - int keySize, PQGParams pqg) throws EBaseException; + int keySize, PQGParams pqg) throws EBaseException; /** * Generates an ECC key pair based on the given parameters. - * + * * @param properties key parameters * @return key pair * @exception EBaseException failed to generate key pair @@ -161,7 +162,7 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Generates an ECC key pair based on the given parameters. - * + * * @param token token name * @param curveName curve name * @param certType type of cert(sslserver etc..) @@ -171,28 +172,27 @@ public interface ICryptoSubsystem extends ISubsystem { public KeyPair getECCKeyPair(String token, String curveName, String certType) throws EBaseException; /** - * Retrieves the signature algorithm of the certificate named - * by the given nickname. - * + * Retrieves the signature algorithm of the certificate named by the given + * nickname. + * * @param nickname nickname of the certificate * @return signature algorithm - * @exception EBaseException failed to retrieve signature + * @exception EBaseException failed to retrieve signature */ public String getSignatureAlgorithm(String nickname) throws EBaseException; /** * Checks if the given dn is a valid distinguished name. - * + * * @param dn distinguished name * @exception EBaseException failed to check */ public void isX500DN(String dn) throws EBaseException; /** - * Retrieves CA's signing algorithm id. If it is DSA algorithm, - * algorithm is constructed by reading the parameters - * ca.dsaP, ca.dsaQ, ca.dsaG. - * + * Retrieves CA's signing algorithm id. If it is DSA algorithm, algorithm is + * constructed by reading the parameters ca.dsaP, ca.dsaQ, ca.dsaG. + * * @param algname DSA or RSA * @param store configuration store. * @return algorithm id @@ -201,59 +201,57 @@ public interface ICryptoSubsystem extends ISubsystem { public AlgorithmId getAlgorithmId(String algname, IConfigStore store) throws EBaseException; /** - * Retrieves subject name of the certificate that is identified by - * the given nickname. - * + * Retrieves subject name of the certificate that is identified by the given + * nickname. + * * @param tokenname name of token where the nickname is valid * @param nickname nickname of the certificate * @return subject name * @exception EBaseException failed to get subject name */ public String getCertSubjectName(String tokenname, String nickname) - throws EBaseException; + throws EBaseException; /** - * Retrieves extensions of the certificate that is identified by - * the given nickname. - * + * Retrieves extensions of the certificate that is identified by the given + * nickname. + * * @param tokenname name of token where the nickname is valid * @param nickname nickname of the certificate * @return certificate extensions * @exception EBaseException failed to get extensions */ public CertificateExtensions getExtensions(String tokenname, String nickname - ) - throws EBaseException; + ) + throws EBaseException; /** * Deletes certificate of the given nickname. - * + * * @param nickname nickname of the certificate * @param pathname path where a copy of the deleted certificate is stored * @exception EBaseException failed to delete certificate */ - public void deleteTokenCertificate(String nickname, String pathname) - throws EBaseException; + public void deleteTokenCertificate(String nickname, String pathname) + throws EBaseException; /** * Delete certificate of the given nickname. - * + * * @param nickname nickname of the certificate - * @param notAfterTime The notAfter of the certificate. It - * is possible to ge t multiple certificates under - * the same nickname. If one of the certificates match - * the notAfterTime, then the certificate will get - * deleted. The format of the notAfterTime has to be - * in "MMMMM dd, yyyy HH:mm:ss" format. + * @param notAfterTime The notAfter of the certificate. It is possible to ge + * t multiple certificates under the same nickname. If one of the + * certificates match the notAfterTime, then the certificate will + * get deleted. The format of the notAfterTime has to be in + * "MMMMM dd, yyyy HH:mm:ss" format. * @exception EBaseException failed to delete certificate */ - public void deleteCert(String nickname, String notAfterTime) - throws EBaseException; + public void deleteCert(String nickname, String notAfterTime) + throws EBaseException; /** - * Retrieves the subject DN of the certificate identified by - * the nickname. - * + * Retrieves the subject DN of the certificate identified by the nickname. + * * @param nickname nickname of the certificate * @return subject distinguished name * @exception EBaseException failed to retrieve subject DN @@ -262,19 +260,19 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Trusts a certificate for all available purposes. - * + * * @param nickname nickname of the certificate * @param date certificate's not before * @param trust "Trust" or other * @exception EBaseException failed to trust certificate */ - public void trustCert(String nickname, String date, String trust) - throws EBaseException; + public void trustCert(String nickname, String date, String trust) + throws EBaseException; /** - * Checks if the given base-64 encoded string contains an extension - * or a sequence of extensions. - * + * Checks if the given base-64 encoded string contains an extension or a + * sequence of extensions. + * * @param ext extension or sequence of extension encoded in base-64 * @exception EBaseException failed to check encoding */ @@ -282,16 +280,17 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Gets all certificates on all tokens for Certificate Database Management. - * + * * @return all certificates * @exception EBaseException failed to retrieve certificates */ public NameValuePairs getAllCertsManage() throws EBaseException; + public NameValuePairs getUserCerts() throws EBaseException; /** * Gets all CA certificates on all tokens. - * + * * @return all CA certificates * @exception EBaseException failed to retrieve certificates */ @@ -300,17 +299,17 @@ public interface ICryptoSubsystem extends ISubsystem { public NameValuePairs getRootCerts() throws EBaseException; public void setRootCertTrust(String nickname, String serialno, - String issuername, String trust) throws EBaseException; + String issuername, String trust) throws EBaseException; public void deleteRootCert(String nickname, String serialno, - String issuername) throws EBaseException; + String issuername) throws EBaseException; public void deleteUserCert(String nickname, String serialno, - String issuername) throws EBaseException; + String issuername) throws EBaseException; /** * Retrieves PQG parameters based on key size. - * + * * @param keysize key size * @return pqg parameters */ @@ -318,100 +317,100 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves PQG parameters based on key size. - * + * * @param keysize key size * @param store configuration store * @return pqg parameters */ public PQGParams getCAPQG(int keysize, IConfigStore store) - throws EBaseException; + throws EBaseException; /** - * Retrieves extensions of the certificate that is identified by - * the given nickname. - * + * Retrieves extensions of the certificate that is identified by the given + * nickname. + * * @param tokenname token name * @param nickname nickname * @return certificate extensions */ public CertificateExtensions getCertExtensions(String tokenname, String nickname - ) - throws NotInitializedException, TokenException, ObjectNotFoundException, + ) + throws NotInitializedException, TokenException, ObjectNotFoundException, - IOException, CertificateException; + IOException, CertificateException; /** * Checks if the given token is logged in. - * + * * @param name token name * @return true if token is logged in - * @exception EBaseException failed to login + * @exception EBaseException failed to login */ public boolean isTokenLoggedIn(String name) throws EBaseException; /** * Logs into token. - * + * * @param tokenName name of the token * @param pwd token password * @exception EBaseException failed to login */ - public void loggedInToken(String tokenName, String pwd) - throws EBaseException; + public void loggedInToken(String tokenName, String pwd) + throws EBaseException; /** * Generates certificate request from the given key pair. - * + * * @param subjectName subject name to use in the request * @param kp key pair that contains public key material * @return certificate request in base-64 encoded format * @exception EBaseException failed to generate request */ public String getCertRequest(String subjectName, KeyPair kp) - throws EBaseException; + throws EBaseException; /** * Checks if fortezza is enabled. - * + * * @return "true" if fortezza is enabled */ public String isCipherFortezza() throws EBaseException; /** * Retrieves the SSL cipher version. - * + * * @return cipher version (i.e. "cipherdomestic") */ public String getCipherVersion() throws EBaseException; /** * Retrieves the cipher preferences. - * + * * @return cipher preferences (i.e. "rc4export,rc2export,...") */ public String getCipherPreferences() throws EBaseException; /** * Sets the current SSL cipher preferences. - * + * * @param cipherPrefs cipher preferences (i.e. "rc4export,rc2export,...") * @exception EBaseException failed to set cipher preferences */ public void setCipherPreferences(String cipherPrefs) - throws EBaseException; + throws EBaseException; /** * Retrieves a list of currently registered token names. - * + * * @return list of token names * @exception EBaseException failed to retrieve token list */ public String getTokenList() throws EBaseException; /** - * Retrieves all certificates. The result list will not - * contain the token tag. - * + * Retrieves all certificates. The result list will not contain the token + * tag. + * * @param name token name * @return list of certificates without token tag * @exception EBaseException failed to retrieve @@ -420,16 +419,16 @@ public interface ICryptoSubsystem extends ISubsystem { /** * Retrieves the token name of the internal (software) token. - * + * * @return the token name * @exception EBaseException failed to retrieve token name */ public String getInternalTokenName() throws EBaseException; /** - * Checks to see if the certificate of the given nickname is a - * CA certificate. - * + * Checks to see if the certificate of the given nickname is a CA + * certificate. + * * @param fullNickname nickname of the certificate to check * @return true if it is a CA certificate * @exception EBaseException failed to check @@ -437,28 +436,29 @@ public interface ICryptoSubsystem extends ISubsystem { public boolean isCACert(String fullNickname) throws EBaseException; /** - * Adds the specified number of bits of entropy from the system - * entropy generator to the RNG of the default PKCS#11 RNG token. - * The default token is set using the modutil command. - * Note that the system entropy generator (usually /dev/random) - * will block until sufficient entropy is collected. - * + * Adds the specified number of bits of entropy from the system entropy + * generator to the RNG of the default PKCS#11 RNG token. The default token + * is set using the modutil command. Note that the system entropy generator + * (usually /dev/random) will block until sufficient entropy is collected. + * * @param bits number of bits of entropy - * @exception org.mozilla.jss.util.NotImplementedException If the Crypto device does not support - * adding entropy - * @exception TokenException If there was some other problem with the Crypto device - * @exception IOException If there was a problem reading from the /dev/random + * @exception org.mozilla.jss.util.NotImplementedException If the Crypto + * device does not support adding entropy + * @exception TokenException If there was some other problem with the Crypto + * device + * @exception IOException If there was a problem reading from the + * /dev/random */ public void addEntropy(int bits) - throws org.mozilla.jss.util.NotImplementedException, + throws org.mozilla.jss.util.NotImplementedException, IOException, TokenException; /** - * Signs the certificate template into the given data and returns - * a signed certificate. - * + * Signs the certificate template into the given data and returns a signed + * certificate. + * * @param data data that contains certificate template * @param certType certificate type * @param priKey CA signing key diff --git a/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java b/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java index 984425a5..c98a1821 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java +++ b/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java @@ -17,41 +17,39 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - import java.security.PublicKey; import org.mozilla.jss.crypto.PrivateKey; import com.netscape.certsrv.base.EBaseException; - /** * An interface represents a encryption unit. - * + * * @version $Revision$, $Date$ */ public interface IEncryptionUnit extends IToken { /** * Retrieves the public key in this unit. - * + * * @return public key */ public PublicKey getPublicKey(); /** - * Wraps data. The given key will be wrapped by the - * private key in this unit. - * + * Wraps data. The given key will be wrapped by the private key in this + * unit. + * * @param priKey private key to be wrapped - * @return wrapped data + * @return wrapped data * @exception EBaseException failed to wrap */ public byte[] wrap(PrivateKey priKey) throws EBaseException; /** - * Verifies the given key pair. - * + * Verifies the given key pair. + * * @param publicKey public key * @param privateKey private key */ @@ -59,11 +57,11 @@ public interface IEncryptionUnit extends IToken { EBaseException; /** - * Unwraps data. This method rebuilds the private key by - * unwrapping the private key data. - * + * Unwraps data. This method rebuilds the private key by unwrapping the + * private key data. + * * @param sessionKey session key that unwrap the private key - * @param symmAlgOID symmetric algorithm + * @param symmAlgOID symmetric algorithm * @param symmAlgParams symmetric algorithm parameters * @param privateKey private key data * @param pubKey public key @@ -71,56 +69,57 @@ public interface IEncryptionUnit extends IToken { * @exception EBaseException failed to unwrap */ public PrivateKey unwrap(byte sessionKey[], String symmAlgOID, - byte symmAlgParams[], byte privateKey[], - PublicKey pubKey) - throws EBaseException; + byte symmAlgParams[], byte privateKey[], + PublicKey pubKey) + throws EBaseException; /** - * Unwraps data. This method rebuilds the private key by - * unwrapping the private key data. - * + * Unwraps data. This method rebuilds the private key by unwrapping the + * private key data. + * * @param privateKey private key data * @param pubKey public key object * @return private key object * @exception EBaseException failed to unwrap */ public PrivateKey unwrap(byte privateKey[], PublicKey pubKey) - throws EBaseException; - + throws EBaseException; + /** - * Encrypts the internal private key (private key to the KRA's - * internal storage). - * + * Encrypts the internal private key (private key to the KRA's internal + * storage). + * * @param rawPrivate user's private key (key to be archived) * @return encrypted data * @exception EBaseException failed to encrypt */ public byte[] encryptInternalPrivate(byte rawPrivate[]) - throws EBaseException; + throws EBaseException; /** - * Decrypts the internal private key (private key from the KRA's - * internal storage). - * - * @param wrappedPrivateData unwrapped private key data (key to be recovered) + * Decrypts the internal private key (private key from the KRA's internal + * storage). + * + * @param wrappedPrivateData unwrapped private key data (key to be + * recovered) * @return raw private key * @exception EBaseException failed to decrypt */ public byte[] decryptInternalPrivate(byte wrappedPrivateData[]) - throws EBaseException; + throws EBaseException; /** * Decrypts the external private key (private key from the end-user). - * + * * @param sessionKey session key that protects the user private - * @param symmAlgOID symmetric algorithm + * @param symmAlgOID symmetric algorithm * @param symmAlgParams symmetric algorithm parameters * @param privateKey private key data * @return private key data * @exception EBaseException failed to decrypt */ - public byte[] decryptExternalPrivate(byte sessionKey[], - String symmAlgOID, - byte symmAlgParams[], byte privateKey[]) - throws EBaseException; + public byte[] decryptExternalPrivate(byte sessionKey[], + String symmAlgOID, + byte symmAlgParams[], byte privateKey[]) + throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java b/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java index 664d5c1f..0cc245f1 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java +++ b/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - import java.security.PublicKey; import netscape.security.x509.X509CertImpl; @@ -28,9 +27,8 @@ import org.mozilla.jss.crypto.X509Certificate; import com.netscape.certsrv.base.EBaseException; /** - * A class represents the signing unit which is - * capable of signing data. - * + * A class represents the signing unit which is capable of signing data. + * * @version $Revision$, $Date$ */ public interface ISigningUnit { @@ -46,11 +44,11 @@ public interface ISigningUnit { /** * Retrieves the nickname of the signing certificate. */ - public String getNickname(); + public String getNickname(); /** * Retrieves the new nickname in the renewal process. - * + * * @return new nickname * @exception EBaseException failed to get new nickname */ @@ -58,39 +56,39 @@ public interface ISigningUnit { /** * Sets new nickname of the signing certificate. - * + * * @param name nickname */ public void setNewNickName(String name); /** * Retrieves the signing certificate. - * + * * @return signing certificate */ public X509Certificate getCert(); /** * Retrieves the signing certificate. - * + * * @return signing certificate */ public X509CertImpl getCertImpl(); /** * Signs the given data in specific algorithm. - * + * * @param data data to be signed * @param algname signing algorithm to be used * @return signed data * @exception EBaseException failed to sign */ public byte[] sign(byte[] data, String algname) - throws EBaseException; - + throws EBaseException; + /** * Verifies the signed data. - * + * * @param data signed data * @param signature signature * @param algname signing algorithm @@ -98,18 +96,18 @@ public interface ISigningUnit { * @exception EBaseException failed to verify */ public boolean verify(byte[] data, byte[] signature, String algname) - throws EBaseException; + throws EBaseException; /** * Retrieves the default algorithm. - * + * * @return default signing algorithm */ public SignatureAlgorithm getDefaultSignatureAlgorithm(); /** * Retrieves the default algorithm name. - * + * * @return default signing algorithm name */ public String getDefaultAlgorithm(); @@ -124,15 +122,15 @@ public interface ISigningUnit { /** * Retrieves all supported signing algorithm of this unit. - * + * * @return a list of signing algorithms * @exception EBaseException failed to list - */ + */ public String[] getAllAlgorithms() throws EBaseException; /** * Retrieves the token name of this unit. - * + * * @return token name * @exception EBaseException failed to retrieve name */ @@ -140,7 +138,7 @@ public interface ISigningUnit { /** * Updates new nickname and tokename in the configuration file. - * + * * @param nickname new nickname * @param tokenname new tokenname */ @@ -148,19 +146,18 @@ public interface ISigningUnit { /** * Checks if the given algorithm name is supported. - * + * * @param algname algorithm name * @return signing algorithm * @exception EBaseException failed to check signing algorithm */ public SignatureAlgorithm checkSigningAlgorithmFromName(String algname) - throws EBaseException; + throws EBaseException; /** * Retrieves the public key associated in this unit. - * + * * @return public key */ public PublicKey getPublicKey(); } - diff --git a/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java b/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java index 02ebc616..008d6384 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java +++ b/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java @@ -17,33 +17,31 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - import java.util.Enumeration; import org.mozilla.jss.crypto.CryptoToken; import com.netscape.certsrv.base.EBaseException; - /** - * An interface represents a storage key unit. This storage - * unit contains a storage key pair that is used for - * encrypting the user private key for long term storage. - * + * An interface represents a storage key unit. This storage unit contains a + * storage key pair that is used for encrypting the user private key for long + * term storage. + * * @version $Revision$, $Date$ */ public interface IStorageKeyUnit extends IEncryptionUnit { /** * Retrieves total number of recovery agents. - * + * * @return total number of recovery agents */ public int getNoOfAgents() throws EBaseException; /** - * Retrieves number of recovery agents required to - * perform recovery operation. + * Retrieves number of recovery agents required to perform recovery + * operation. * * @return required number of recovery agents for recovery operation */ @@ -51,33 +49,33 @@ public interface IStorageKeyUnit extends IEncryptionUnit { /** * Sets the numer of required recovery agents - * + * * @param number number of required agents */ public void setNoOfRequiredAgents(int number); /** * Retrieves a list of agents in this unit. - * + * * @return a list of string-based agent identifiers */ public Enumeration getAgentIdentifiers(); /** * Changes agent password. - * + * * @param id agent id * @param oldpwd old password * @param newpwd new password * @return true if operation successful * @exception EBaseException failed to change password */ - public boolean changeAgentPassword(String id, String oldpwd, - String newpwd) throws EBaseException; + public boolean changeAgentPassword(String id, String oldpwd, + String newpwd) throws EBaseException; /** * Changes M-N recovery scheme. - * + * * @param n total number of agents * @param m required number of agents for recovery operation * @param oldcreds all old credentials @@ -86,11 +84,11 @@ public interface IStorageKeyUnit extends IEncryptionUnit { * @exception EBaseException failed to change schema */ public boolean changeAgentMN(int n, int m, Credential oldcreds[], - Credential newcreds[]) throws EBaseException; - + Credential newcreds[]) throws EBaseException; + /** * Logins to this unit. - * + * * @param ac agent's credentials * @exception EBaseException failed to login */ diff --git a/pki/base/common/src/com/netscape/certsrv/security/IToken.java b/pki/base/common/src/com/netscape/certsrv/security/IToken.java index 0b79cfcf..05aff64f 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/IToken.java +++ b/pki/base/common/src/com/netscape/certsrv/security/IToken.java @@ -17,20 +17,18 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - import com.netscape.certsrv.base.EBaseException; - /** * An interface represents a generic token unit. - * + * * @version $Revision$, $Date$ */ public interface IToken { /** * Logins to the token unit. - * + * * @param pin password to access the token * @exception EBaseException failed to login to this token */ diff --git a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java index 2edfa12a..dc09c885 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java +++ b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - import java.security.PublicKey; import org.mozilla.jss.crypto.CryptoToken; @@ -26,27 +25,31 @@ import org.mozilla.jss.crypto.SymmetricKey; import com.netscape.certsrv.base.EBaseException; - /** - * An interface represents the transport key pair. - * This key pair is used to protected EE's private - * key in transit. - * + * An interface represents the transport key pair. This key pair is used to + * protected EE's private key in transit. + * * @version $Revision$, $Date$ */ public interface ITransportKeyUnit extends IEncryptionUnit { /** * Retrieves public key. - * + * * @return certificate */ public org.mozilla.jss.crypto.X509Certificate getCertificate(); + public SymmetricKey unwrap_sym(byte encSymmKey[]); + public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[]); + public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey - pubKey) throws EBaseException; + pubKey) throws EBaseException; + public CryptoToken getToken(); - public String getSigningAlgorithm() throws EBaseException; - public void setSigningAlgorithm(String str) throws EBaseException; + + public String getSigningAlgorithm() throws EBaseException; + + public void setSigningAlgorithm(String str) throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java b/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java index 484e5e73..18cc98be 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java +++ b/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.security; - import java.math.BigInteger; import java.security.KeyPair; import java.util.Properties; @@ -32,8 +31,7 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; /** - * This class represents a container for storaging - * data in the security package. + * This class represents a container for storaging data in the security package. * * @version $Revision$, $Date$ */ @@ -53,7 +51,7 @@ public class KeyCertData extends Properties { /** * Retrieves the key pair from this container. - * + * * @return key pair */ public KeyPair getKeyPair() { @@ -62,7 +60,7 @@ public class KeyCertData extends Properties { /** * Sets key pair into this container. - * + * * @param keypair key pair */ public void setKeyPair(KeyPair keypair) { @@ -71,7 +69,7 @@ public class KeyCertData extends Properties { /** * Retrieves the issuer name from this container. - * + * * @return issuer name */ public String getIssuerName() { @@ -80,7 +78,7 @@ public class KeyCertData extends Properties { /** * Sets the issuer name in this container. - * + * * @param name issuer name */ public void setIssuerName(String name) { @@ -89,7 +87,7 @@ public class KeyCertData extends Properties { /** * Retrieves certificate server instance name. - * + * * @return instance name */ public String getCertInstanceName() { @@ -98,7 +96,7 @@ public class KeyCertData extends Properties { /** * Sets certificate server instance name. - * + * * @param name instance name */ public void setCertInstanceName(String name) { @@ -107,16 +105,16 @@ public class KeyCertData extends Properties { /** * Retrieves certificate nickname. - * + * * @return certificate nickname */ public String getCertNickname() { return (String) get(Constants.PR_NICKNAME); } - + /** * Sets certificate nickname. - * + * * @param nickname certificate nickname */ public void setCertNickname(String nickname) { @@ -125,7 +123,7 @@ public class KeyCertData extends Properties { /** * Retrieves key length. - * + * * @return key length */ public String getKeyLength() { @@ -134,7 +132,7 @@ public class KeyCertData extends Properties { /** * Sets key length. - * + * * @param len key length */ public void setKeyLength(String len) { @@ -143,7 +141,7 @@ public class KeyCertData extends Properties { /** * Retrieves key type. - * + * * @return key type */ public String getKeyType() { @@ -152,7 +150,7 @@ public class KeyCertData extends Properties { /** * Sets key type. - * + * * @param type key type */ public void setKeyType(String type) { @@ -161,7 +159,7 @@ public class KeyCertData extends Properties { /** * Retrieves key curve name. - * + * * @return key curve name */ public String getKeyCurveName() { @@ -170,7 +168,7 @@ public class KeyCertData extends Properties { /** * Sets key curvename. - * + * * @param len key curvename */ public void setKeyCurveName(String len) { @@ -179,7 +177,7 @@ public class KeyCertData extends Properties { /** * Retrieves signature algorithm. - * + * * @return signature algorithm */ public SignatureAlgorithm getSignatureAlgorithm() { @@ -188,7 +186,7 @@ public class KeyCertData extends Properties { /** * Sets signature algorithm - * + * * @param alg signature algorithm */ public void setSignatureAlgorithm(SignatureAlgorithm alg) { @@ -197,7 +195,7 @@ public class KeyCertData extends Properties { /** * Retrieves algorithm used to sign the root CA Cert. - * + * * @return signature algorithm */ public String getSignedBy() { @@ -206,7 +204,7 @@ public class KeyCertData extends Properties { /** * Sets signature algorithm used to sign root CA cert - * + * * @param alg signature algorithm */ public void setSignedBy(String alg) { @@ -215,7 +213,7 @@ public class KeyCertData extends Properties { /** * Retrieves signature algorithm. - * + * * @return signature algorithm */ public AlgorithmId getAlgorithmId() { @@ -224,7 +222,7 @@ public class KeyCertData extends Properties { /** * Sets algorithm identifier - * + * * @param id signature algorithm */ public void setAlgorithmId(AlgorithmId id) { @@ -233,7 +231,7 @@ public class KeyCertData extends Properties { /** * Retrieves serial number. - * + * * @return serial number */ public BigInteger getSerialNumber() { @@ -242,7 +240,7 @@ public class KeyCertData extends Properties { /** * Sets serial number. - * + * * @param num serial number */ public void setSerialNumber(BigInteger num) { @@ -251,16 +249,16 @@ public class KeyCertData extends Properties { /** * Retrieves configuration file. - * + * * @return configuration file */ public IConfigStore getConfigFile() { - return (IConfigStore)(get("cmsFile")); + return (IConfigStore) (get("cmsFile")); } /** * Sets configuration file. - * + * * @param file configuration file */ public void setConfigFile(IConfigStore file) { @@ -269,7 +267,7 @@ public class KeyCertData extends Properties { /** * Retrieves begining year of validity. - * + * * @return begining year */ public String getBeginYear() { @@ -278,7 +276,7 @@ public class KeyCertData extends Properties { /** * Sets begining year of validity. - * + * * @param year begining year */ public void setBeginYear(String year) { @@ -287,7 +285,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending year of validity. - * + * * @return ending year */ public String getAfterYear() { @@ -296,7 +294,7 @@ public class KeyCertData extends Properties { /** * Sets ending year of validity. - * + * * @param year ending year */ public void setAfterYear(String year) { @@ -305,7 +303,7 @@ public class KeyCertData extends Properties { /** * Retrieves begining month of validity. - * + * * @return begining month */ public String getBeginMonth() { @@ -314,7 +312,7 @@ public class KeyCertData extends Properties { /** * Sets begining month of validity. - * + * * @param month begining month */ public void setBeginMonth(String month) { @@ -323,7 +321,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending month of validity. - * + * * @return ending month */ public String getAfterMonth() { @@ -332,7 +330,7 @@ public class KeyCertData extends Properties { /** * Sets ending month of validity. - * + * * @param month ending month */ public void setAfterMonth(String month) { @@ -341,7 +339,7 @@ public class KeyCertData extends Properties { /** * Retrieves begining date of validity. - * + * * @return begining date */ public String getBeginDate() { @@ -350,7 +348,7 @@ public class KeyCertData extends Properties { /** * Sets begining date of validity. - * + * * @param date begining date */ public void setBeginDate(String date) { @@ -359,7 +357,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending date of validity. - * + * * @return ending date */ public String getAfterDate() { @@ -368,7 +366,7 @@ public class KeyCertData extends Properties { /** * Sets ending date of validity. - * + * * @param date ending date */ public void setAfterDate(String date) { @@ -377,7 +375,7 @@ public class KeyCertData extends Properties { /** * Retrieves starting hour of validity. - * + * * @return starting hour */ public String getBeginHour() { @@ -386,7 +384,7 @@ public class KeyCertData extends Properties { /** * Sets starting hour of validity. - * + * * @param hour starting hour */ public void setBeginHour(String hour) { @@ -395,7 +393,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending hour of validity. - * + * * @return ending hour */ public String getAfterHour() { @@ -404,7 +402,7 @@ public class KeyCertData extends Properties { /** * Sets ending hour of validity. - * + * * @param hour ending hour */ public void setAfterHour(String hour) { @@ -413,16 +411,16 @@ public class KeyCertData extends Properties { /** * Retrieves starting minute of validity. - * + * * @return starting minute */ public String getBeginMin() { return (String) get(Constants.PR_BEGIN_MIN); } - + /** * Sets starting minute of validity. - * + * * @param min starting minute */ public void setBeginMin(String min) { @@ -431,7 +429,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending minute of validity. - * + * * @return ending minute */ public String getAfterMin() { @@ -440,7 +438,7 @@ public class KeyCertData extends Properties { /** * Sets ending minute of validity. - * + * * @param min ending minute */ public void setAfterMin(String min) { @@ -449,7 +447,7 @@ public class KeyCertData extends Properties { /** * Retrieves starting second of validity. - * + * * @return starting second */ public String getBeginSec() { @@ -458,7 +456,7 @@ public class KeyCertData extends Properties { /** * Sets starting second of validity. - * + * * @param sec starting second */ public void setBeginSec(String sec) { @@ -467,7 +465,7 @@ public class KeyCertData extends Properties { /** * Retrieves ending second of validity. - * + * * @return ending second */ public String getAfterSec() { @@ -476,7 +474,7 @@ public class KeyCertData extends Properties { /** * Sets ending second of validity. - * + * * @param sec ending second */ public void setAfterSec(String sec) { @@ -485,7 +483,7 @@ public class KeyCertData extends Properties { /** * Retrieves CA key pair - * + * * @return CA key pair */ public KeyPair getCAKeyPair() { @@ -494,7 +492,7 @@ public class KeyCertData extends Properties { /** * Sets CA key pair - * + * * @param keypair key pair */ public void setCAKeyPair(KeyPair keypair) { @@ -503,7 +501,7 @@ public class KeyCertData extends Properties { /** * Retrieves extensions - * + * * @return extensions */ public String getDerExtension() { @@ -512,7 +510,7 @@ public class KeyCertData extends Properties { /** * Sets extensions - * + * * @param ext extensions */ public void setDerExtension(String ext) { @@ -521,7 +519,7 @@ public class KeyCertData extends Properties { /** * Retrieves isCA - * + * * @return "true" if it is CA */ public String isCA() { @@ -530,7 +528,7 @@ public class KeyCertData extends Properties { /** * Sets isCA - * + * * @param ext "true" if it is CA */ public void setCA(String ext) { @@ -539,7 +537,7 @@ public class KeyCertData extends Properties { /** * Retrieves key length - * + * * @return certificate's key length */ public String getCertLen() { @@ -548,7 +546,7 @@ public class KeyCertData extends Properties { /** * Sets key length - * + * * @param len certificate's key length */ public void setCertLen(String len) { @@ -557,7 +555,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Client bit - * + * * @return SSL Client bit */ public String getSSLClientBit() { @@ -566,7 +564,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Client bit - * + * * @param sslClientBit SSL Client bit */ public void setSSLClientBit(String sslClientBit) { @@ -575,7 +573,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Server bit - * + * * @return SSL Server bit */ public String getSSLServerBit() { @@ -584,7 +582,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Server bit - * + * * @param sslServerBit SSL Server bit */ public void setSSLServerBit(String sslServerBit) { @@ -593,7 +591,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Mail bit - * + * * @return SSL Mail bit */ public String getSSLMailBit() { @@ -602,7 +600,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Mail bit - * + * * @param sslMailBit SSL Mail bit */ public void setSSLMailBit(String sslMailBit) { @@ -611,7 +609,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL CA bit - * + * * @return SSL CA bit */ public String getSSLCABit() { @@ -620,7 +618,7 @@ public class KeyCertData extends Properties { /** * Sets SSL CA bit - * + * * @param cabit SSL CA bit */ public void setSSLCABit(String cabit) { @@ -629,16 +627,16 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Signing bit - * + * * @return SSL Signing bit */ public String getObjectSigningBit() { return (String) get(Constants.PR_OBJECT_SIGNING_BIT); } - /** + /** * Retrieves Time Stamping bit - * + * * @return Time Stamping bit */ public String getTimeStampingBit() { @@ -647,7 +645,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Signing bit - * + * * @param objectSigningBit SSL Signing bit */ public void setObjectSigningBit(String objectSigningBit) { @@ -656,7 +654,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Mail CA bit - * + * * @return SSL Mail CA bit */ public String getMailCABit() { @@ -665,7 +663,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Mail CA bit - * + * * @param mailCABit SSL Mail CA bit */ public void setMailCABit(String mailCABit) { @@ -674,7 +672,7 @@ public class KeyCertData extends Properties { /** * Retrieves SSL Object Signing bit - * + * * @return SSL Object Signing bit */ public String getObjectSigningCABit() { @@ -683,7 +681,7 @@ public class KeyCertData extends Properties { /** * Sets SSL Object Signing bit - * + * * @param bit SSL Object Signing bit */ public void setObjectSigningCABit(String bit) { @@ -692,7 +690,7 @@ public class KeyCertData extends Properties { /** * Retrieves OCSP Signing flag - * + * * @return OCSP Signing flag */ public String getOCSPSigning() { @@ -701,7 +699,7 @@ public class KeyCertData extends Properties { /** * Sets OCSP Signing flag - * + * * @param aki OCSP Signing flag */ public void setOCSPSigning(String aki) { @@ -710,7 +708,7 @@ public class KeyCertData extends Properties { /** * Retrieves OCSP No Check flag - * + * * @return OCSP No Check flag */ public String getOCSPNoCheck() { @@ -719,7 +717,7 @@ public class KeyCertData extends Properties { /** * Sets OCSP No Check flag - * + * * @param noCheck OCSP No Check flag */ public void setOCSPNoCheck(String noCheck) { @@ -728,7 +726,7 @@ public class KeyCertData extends Properties { /** * Retrieves Authority Information Access flag - * + * * @return Authority Information Access flag */ public String getAIA() { @@ -737,7 +735,7 @@ public class KeyCertData extends Properties { /** * Sets Authority Information Access flag - * + * * @param aia Authority Information Access flag */ public void setAIA(String aia) { @@ -746,7 +744,7 @@ public class KeyCertData extends Properties { /** * Retrieves Authority Key Identifier flag - * + * * @return Authority Key Identifier flag */ public String getAKI() { @@ -755,7 +753,7 @@ public class KeyCertData extends Properties { /** * Sets Authority Key Identifier flag - * + * * @param aki Authority Key Identifier flag */ public void setAKI(String aki) { @@ -764,7 +762,7 @@ public class KeyCertData extends Properties { /** * Retrieves Subject Key Identifier flag - * + * * @return Subject Key Identifier flag */ public String getSKI() { @@ -773,7 +771,7 @@ public class KeyCertData extends Properties { /** * Sets Subject Key Identifier flag - * + * * @param ski Subject Key Identifier flag */ public void setSKI(String ski) { @@ -782,7 +780,7 @@ public class KeyCertData extends Properties { /** * Retrieves key usage extension - * + * * @return true if key usage extension set */ public boolean getKeyUsageExtension() { @@ -795,7 +793,7 @@ public class KeyCertData extends Properties { /** * Sets CA extensions - * + * * @param ext CA extensions */ public void setCAExtensions(CertificateExtensions ext) { @@ -804,7 +802,7 @@ public class KeyCertData extends Properties { /** * Retrieves CA extensions - * + * * @return CA extensions */ public CertificateExtensions getCAExtensions() { @@ -813,11 +811,10 @@ public class KeyCertData extends Properties { /** * Retrieves hash type - * + * * @return hash type */ public String getHashType() { return (String) get(ConfigConstants.PR_HASH_TYPE); } } - |