Interface IKeyService


  • public interface IKeyService
    An interface representing a recovery service.

    Version:
    $Revision$, $Date$
    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      void addAgentAsyncKeyRecovery​(java.lang.String reqID, java.lang.String agentID)
      add approving agent in asynchronous key recovery
      void addDistributedCredential​(java.lang.String recoveryID, java.lang.String uid, java.lang.String pwd)
      Adds password in the distributed recovery operation.
      java.util.Hashtable<java.lang.String,​java.lang.Object> createRecoveryParams​(java.lang.String recoveryID)
      Creates recovery parameters for the given recovery operation.
      void destroyRecoveryParams​(java.lang.String recoveryID)
      Destroys recovery parameters for the given recovery operation.
      byte[] doKeyRecovery​(java.lang.String reqID, java.lang.String password)
      Async Recovers key for administrators.
      byte[] doKeyRecovery​(java.math.BigInteger kid, com.netscape.certsrv.security.Credential[] creds, java.lang.String pwd, org.mozilla.jss.netscape.security.x509.X509CertImpl cert, java.lang.String delivery, java.lang.String nickname, java.lang.String agent)
      Performs administrator-initiated key recovery.
      com.netscape.certsrv.security.Credential[] getDistributedCredentials​(java.lang.String recoveryID)
      Retrieves credentials in the distributed recovery operation.
      java.lang.String getInitAgentAsyncKeyRecovery​(java.lang.String reqID)
      get async recovery request initiating agent
      int getNoOfRequiredAgents()
      Retrieves number of agent required to perform key recovery operation.
      java.lang.String getRecoveryID()
      Retrieves recovery identifier.
      java.util.Hashtable<java.lang.String,​java.lang.Object> getRecoveryParams​(java.lang.String recoveryID)
      Retrieves recovery parameters for the given recovery operation.
      java.lang.String initAsyncKeyRecovery​(java.math.BigInteger kid, org.mozilla.jss.netscape.security.x509.X509CertImpl cert, java.lang.String agent, java.lang.String realm)
      Initiate asynchronous key recovery
      boolean isApprovedAsyncKeyRecovery​(java.lang.String reqID)
      is async recovery request status APPROVED - i.e.
    • Method Detail

      • getNoOfRequiredAgents

        int getNoOfRequiredAgents()
                           throws EBaseException
        Retrieves number of agent required to perform key recovery operation.
        Returns:
        number of required recovery agents
        Throws:
        EBaseException - failed to retrieve value
      • isApprovedAsyncKeyRecovery

        boolean isApprovedAsyncKeyRecovery​(java.lang.String reqID)
                                    throws EBaseException
        is async recovery request status APPROVED - i.e. all required # of recovery agents approved
        Parameters:
        reqID - request id
        Returns:
        true if # of recovery required agents approved; false otherwise
        Throws:
        EBaseException
      • getInitAgentAsyncKeyRecovery

        java.lang.String getInitAgentAsyncKeyRecovery​(java.lang.String reqID)
                                               throws EBaseException
        get async recovery request initiating agent
        Parameters:
        reqID - request id
        Returns:
        agentUID
        Throws:
        EBaseException
      • initAsyncKeyRecovery

        java.lang.String initAsyncKeyRecovery​(java.math.BigInteger kid,
                                              org.mozilla.jss.netscape.security.x509.X509CertImpl cert,
                                              java.lang.String agent,
                                              java.lang.String realm)
                                       throws EBaseException
        Initiate asynchronous key recovery
        Parameters:
        kid - key identifier
        cert - certificate embedded in PKCS12
        agent - agent requesting recovery
        realm - authorization realm
        Returns:
        requestId
        Throws:
        EBaseException - failed to initiate async recovery
      • addAgentAsyncKeyRecovery

        void addAgentAsyncKeyRecovery​(java.lang.String reqID,
                                      java.lang.String agentID)
                               throws EBaseException
        add approving agent in asynchronous key recovery
        Parameters:
        reqID - request id
        agentID - agent id
        Throws:
        EBaseException - failed to initiate async recovery
      • doKeyRecovery

        byte[] doKeyRecovery​(java.math.BigInteger kid,
                             com.netscape.certsrv.security.Credential[] creds,
                             java.lang.String pwd,
                             org.mozilla.jss.netscape.security.x509.X509CertImpl cert,
                             java.lang.String delivery,
                             java.lang.String nickname,
                             java.lang.String agent)
                      throws EBaseException
        Performs administrator-initiated key recovery.
        Parameters:
        kid - key identifier
        creds - list of credentials (id and password)
        pwd - password to protect PKCS12
        cert - certificate embedded in PKCS12
        delivery - delivery mechanism
        Returns:
        pkcs12
        Throws:
        EBaseException - failed to perform recovery
      • doKeyRecovery

        byte[] doKeyRecovery​(java.lang.String reqID,
                             java.lang.String password)
                      throws EBaseException
        Async Recovers key for administrators. This method is invoked by the agent operation of the key recovery servlet.

        • signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever a user private key recovery request is made (this is when the DRM receives the request)
        • signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever a user private key recovery request is processed (this is when the DRM processes the request)
        Parameters:
        reqID - request id
        password - password of the PKCS12 package subsystem
        Returns:
        a byte array containing the key
        Throws:
        EBaseException - failed to recover key
      • getRecoveryID

        java.lang.String getRecoveryID()
        Retrieves recovery identifier.
        Returns:
        recovery id
      • createRecoveryParams

        java.util.Hashtable<java.lang.String,​java.lang.Object> createRecoveryParams​(java.lang.String recoveryID)
                                                                                   throws EBaseException
        Creates recovery parameters for the given recovery operation.
        Parameters:
        recoveryID - recovery id
        Returns:
        recovery parameters
        Throws:
        EBaseException - failed to create
      • destroyRecoveryParams

        void destroyRecoveryParams​(java.lang.String recoveryID)
                            throws EBaseException
        Destroys recovery parameters for the given recovery operation.
        Parameters:
        recoveryID - recovery id
        Throws:
        EBaseException - failed to destroy
      • getRecoveryParams

        java.util.Hashtable<java.lang.String,​java.lang.Object> getRecoveryParams​(java.lang.String recoveryID)
                                                                                throws EBaseException
        Retrieves recovery parameters for the given recovery operation.
        Parameters:
        recoveryID - recovery id
        Returns:
        recovery parameters
        Throws:
        EBaseException - failed to retrieve
      • addDistributedCredential

        void addDistributedCredential​(java.lang.String recoveryID,
                                      java.lang.String uid,
                                      java.lang.String pwd)
                               throws EBaseException
        Adds password in the distributed recovery operation.
        Parameters:
        recoveryID - recovery id
        uid - agent uid
        pwd - agent password
        Throws:
        EBaseException - failed to add
      • getDistributedCredentials

        com.netscape.certsrv.security.Credential[] getDistributedCredentials​(java.lang.String recoveryID)
                                                                      throws EBaseException
        Retrieves credentials in the distributed recovery operation.
        Parameters:
        recoveryID - recovery id
        Returns:
        agent's credentials
        Throws:
        EBaseException - failed to retrieve