All Classes and Interfaces
Class
Description
An abstract class represents an authorization manager that governs the
access of internal resources such as servlets.
A class represents an evaluator.
A class represents an access control list (ACL).
Manage Access Control List configuration
A class represents an ACI entry of an access control list.
A class represents a resource bundle for the remote admin.
A class represents an administration servlet that
is responsible to serve administrative
operation such as configuration parameter updates.
The AgentApproval class contains the record of a
single agent approval.
A collection of AgentApproval objects.
Certificate server agent authentication.
This class represents an expression of the form
.
The abstract policy rule that concrete implementations will
extend.
This class represents a set of indexed arguments.
Assertion exceptions are thrown when assertion code is invoked
and fails to operate properly.
A locking mechanism for loading or reloading an initially
unknown number of items.
The AtoB class is a utility program designed to "translate" an ASCII
BASE 64 encoded blob into a BINARY BASE 64 encoded blob.
AttributeNameHelper.
The log event object that carries message detail of a log event
that goes into the Transaction log.
A log event object for handling audit messages
Define audit log message format.
Tool for verifying signed audit logs
A class representing an administration servlet for the
Authentication Management subsystem.
Authentication Credentials as input to the authMgr.
Provides auths.* parameters.
Authentication Manager interface.
Provides auths.instance..* parameters.
A class represents an authentication manager.
Provides auths.instance.* parameters.
This class represents a registered authentication manager plugin.
Identifier for a CertificateAuthority.
Provides authz.* parameters.
Default authentication subsystem
Authentication token returned by Authentication Managers.
Authorization Manager interface needs to be implemented by all
authorization managers.
Provides authz.instance..* parameters.
A class represents an authorization manager.
Provides authz.instance.* parameters.
This class represents a registered authorization manager plugin.
Default authorization subsystem
Authorization token returned by Authorization Managers.
A class represents a resource bundle for the entire
system.
A class for basic acls authorization manager
RFC 2560:
A Template for decoding
ResponseBytes
.A class represents ann attribute mapper that maps
a Java BigInteger object into LDAP attribute,
and vice versa.
The BtoA class is a utility program designed to "translate" a BINARY
BASE 64 encoded blob into an ASCII BASE 64 encoded blob.
A class represents ann attribute mapper that maps
a Java byte array object into LDAP attribute,
and vice versa.
Exception to throw when a (sub-)CA cannot perform an operation
because it is disabled.
Exception to throw when an operation cannot be performed because
the CA to which the operation pertains is enabled.
Exception to throw when a (sub-)CA's signing certificate is not
(yet) present in the local NSSDB.
Exception to throw when a (sub-)CA's signing key is not (yet)
present in the local NSSDB.
Exception to throw when a (sub-)CA cannot be found.
Exception to throw when an operation cannot be performed because
the CA to which the operation pertains is not a leaf CA (ie, has
sub-CAs).
A class represents a resource bundle for CA subsystem.
CA signing certificate.
Exception to throw when an operation cannot be completed
because the CA is the wrong type (e.g., an operation that
only applies to lightweight CAs).
Compares validity dates for use in sorting.
A class represents a collection of certificate record
specific schema information.
This interface defines a strategy on how to match
the incoming certificate(s) with the certificate(s)
in the scope.
The CertId class represents the identifier for a particular
cert record.
RFC 2560:
A Template for decoding a
CertID
.This base class provides methods to import CA signing cert or get certificate
request.
This class defines the strong authentication basic elements,
the X509 certificates.
A class represents a serializable certificate record.
A class represents a list of certificate records.
RFC 2560:
Certificate server agent authentication.
This class defines a certificate mapping strategy to locate
a user
Utility class with assorted methods to check for
smime pairs, determining the type of cert - signature
or encryption ..etc.
Deprecated.
Replaced by NSSCertRemoveCLI.
Clone servlet - part of the Clone Authority (CLA)
processes Revoked certs from its dependant clone CAs
service request and return status.
Tool for signing PKCS #10 , return CMC enrollment request
Process CMC messages according to RFC 2797
See http://www.ietf.org/rfc/rfc2797.txt
Tool for creating CMC full request
Tool for parsing a CMC response
Tool for signing a CMC revocation request with an agent's certificate.
A command-line utility used to take a passphrase as an input and
generate an encrypted entry for ldap entry
This represents the CMS server.
A class representings an administration servlet.
CMS extension class, for creating extensions from http input and
displaying extensions to html forms.
Loads extension classes from configuration file and return
for a given extension name or OID.
CMSFile represents a file from the filesystem cached in memory
CMSFileLoader - file cache.
This class is to hold some general method for servlets.
A class represents a resource bundle for cms gateway.
handy class containing cms templates to load and fill.
This represents a user request.
This is the base class of all CS servlet.
File templates.
Holds template parameters
Command queue for registration and unregistration process for clean shutdown.
This interface contains constants that are used
in the protocol between the configuration daemon
and UI configuration wizard.
A class represents a in-memory configuration store.
Utility class for functions to be used by the RESTful installer.
This interface represents a connector that forwards
CMS requests to a remote authority.
Provides .connector..* parameters.
Provides .connector.* parameters.
Connector servlet
process requests from remote authority -
service request or return status.
This interface contains constants that are shared
by certificate server and its client SDK.
A class represents a credential.
A class represents a collection of schema information
for CRL.
A class represents a CRL issuing point record.
A command-line utility used to generate a Certificate Request Message
Format (CRMF) request with proof of possesion (POP).
Process CRMF requests, according to RFC 2511
See http://www.ietf.org/rfc/rfc2511.txt
class representing one Job cron item
class representing one Job cron element
An abstract class defining the functionality to be provided by
sub classes to perform cryptographic operations.
This class implements in-memory database which is stored in CS.cfg.
This class implements in-memory database.
Provides dbs.* parameters.
A class represents ann attribute mapper that maps
a Java Date array object into LDAP attribute,
and vice versa.
A class represents ann attribute mapper that maps
a Java Date object into LDAP attribute,
and vice versa.
A class represents an attribute mapper.
A class representing a dynamic attribute mapper.
A class represents a paged search.
A class represents a registry where all the
schema (object classes and attribute) information
is stored.
A class represents a resource bundle for DBS subsystem.
A class represents the search results.
An interface represents the database session.
A class represents the database subsystem that manages
the backend data storage.
A class represents ann attribute mapper that maps
a Java BigInteger object into LDAP attribute,
and vice versa.
A class represents a virtual list of search results.
This interface represents a property descriptor.
This interface defines all the operation destination
used in the administration protocol between the
console and the server.
A class for ldap acls based authorization manager
The ldap server used for acls is the cms internal ldap db.
'Face-to-face' certificate enrollment.
Abstract class for directory based authentication managers
Uses a pattern for formulating subject names.
For Face-to-face enrollment, disable EE enrollment feature
Servlet to report the status, ie, the agent-initiated user
enrollment is enabled or disabled.
This is the servlet that displays the html page for the corresponding input id.
class for parsing a DN pattern used to construct a certificate
subject name from ldap attributes and dn.
Return some javascript to the request which contains the list of
dynamic data in the CMS system.
A class represents an acls exception.
This class represents authentication exceptions.
An exception for authentication internal error.
Exception for authentication manager not found.
Exception for authentication manager not found.
Exception for invalid attribute value
Exception for authorization failure
This class represents authorization exceptions.
An exception for internal error for authorization.
Exception for authorization manager not found.
Exception for authorization manager plugin not found.
Exception for operation unknown to the authorization manager
Exception for protected resource unknown to the authorization manager
An exception with localizable error messages.
A class represents a CA exception.
This represents a profile specific exception for handling
CMC badIdentity condition.
This represents a profile specific exception for handling
CMC badMessageCheck condition.
This represents a profile specific exception for handling
CMC badRequest condition.
This represents a profile specific exception for handling
CMC popFailed condition.
This represents a profile specific exception for handling
CMC popRequired condition.
This represents a profile specific exception for handling
CMC unsupportedExt condition.
A class represents a CMS gateway exception.
An exception for DN component syntax error.
This type of exception is thrown in cases where an parsing
error is found while evaluating a PKI component.
A class represents a database exception.
Indicates internal db is down.
Indicates internal db is down.
This represents a profile specific exception.
This class implements a duplicate self test exception.
A class represents a CA exception associated with publishing error.
This represents the extensions exception.
An exception for Error formulating the subject name (X500Name)
An exception for invalid credentials.
This class implements an invalid self test exception.
A class represents a jobs exception.
A class represents a KRA exception.
A class that represents a Ldap exception.
This represents exception which indicates Ldap server is down.
Processor handles object read from the session.
A class represents a listener exception.
This class implements a Log exception.
Exception for log not found.
Exception for log plugin not found.
formulates the final email.
Email resolver (ordered) keys as input to email for resolving emails,
e.g.
Files to be processed and returned to the requested parties.
Exception for Publish Mapper not found.
Exception for Mapper Plugin not found.
Exception for missing a required authentication credential.
This class implements a missing self test exception.
For Face-to-face enrollment, enable EE enrollment feature
A class represents a notification exception.
A class represents a password checker exception.
This class represents Exceptions used by the policy package.
This represents a generic profile exception.
This is the base exception for property handling.
This class represents an exception thrown when a
property is not defined (empty string) the configuration store.
This class represents an exception thrown when a
property is not found in the configuration store.
Exception for Publisher not found.
Exception for Publisher Plugin not found.
This represents a registry exception.
This represents a profile specific exception.
Exception for Ldap Publishing Rule not found.
Exception for Publisher Rule plugin not found.
This class implements a self test exception.
A class represents a Identity exception.
This interface defines a strategy on how to match
the incoming certificate(s) with the certificate(s)
in the scope.
Maps dynamic data for the extData- prefix to and from the extData Hashtable
in RequestRecord.
Subclass of Hashtable returned by Request.getExtDataInHashtable.
Plugin which can return extended information to console
This represents the resources for extensions.
Authentication token that wraps an externally authenticated
principal to return.
This program joins a sequence of extensions together
so that the final output can be used in configuration
wizard for specifing extra extensions in default
certificates (i.e.
FileConfigStorage:
Extends ConfigStore with methods to load/save from/to file for
persistent storage.
checks the filename and directory with the specified filter
checks with multiple "*".
An interface represents a filter converter
that understands how to convert a attribute
type from one defintion to another.
convenience class for policies use.
convenience class for policies use.
Class that can be used to form general names from configuration file.
This is a Generic policy processor.
Default error template filler
Generates a DER-encoded Extended Key Usage extension.
This program generates an issuer alternative name extension
in base-64 encoding.
default Pending template filler
default Service Pending template filler
This program generates an subject alternative name extension
in base-64 encoding.
default Success template filler
default Service Pending template filler
default Unauthorized template filler
default unexpected error template filler
Retrieve information about the number of OCSP requests the OCSP
has serviced
Retrieve information.
RFC 2560:
A Template for decoding
ResponseBytes
.A class represents a group.
A class represents a group acls evaluator.
The structure stores the information of which machine is enabled for
the agent-initiated user enrollment, and whom agents enable this feature,
and the value of the timeout.
Hash uid/pwd directory based authentication manager
This class implements a CMC Enroll client for testing.
basic http client.
This represents a HTTP connection to a remote authority.
Factory for getting HTTP Connections to a HTTPO server
Basic HTTP Message, excluding message body.
simple name/value pair message.
Basic HTTP Request.
This represents a rquest encoder that serializes and
deserializes a request to a Remote Authority so that it can be sent through
the connector.
Basic HTTP Response.
This interface defines the abstraction for the generic collection
of attributes indexed by string names.
Authority interface.
This interface represents a template filler.
This interface provides a standard way to describe
a set of configuration parameters and its associated syntax.
This interface represents the cryptographics subsystem
that provides all the security related functions.
this class represents the callback interface between
the client package and the data storage object (data model)
An interface represents a database object
that is serializable.
This interface represents a property descriptor.
An interface represents a encryption unit.
Interface for an enrollment policy rule.
Interface for a policy expression.
Plugin which can return extended information to console
Class that can be used to form general names from configuration file.
Class that can be used to form general names from configuration file.
Class that can be used to form general names from configuration file.
Class that can be used to form general names from configuration file.
Class that can be used to form general names from configuration file.
This represents a Http PKI message.
An interface represents a logger for certificate server.
This is the servlet that builds the index page in
various ports.
A class represents a certificate server kernel.
A class represents ann attribute mapper that maps
a Java Integer object into LDAP attribute,
and vice versa.
This class represents the servlet that serves the Online Certificate
Status Protocol (OCSP) requests.
A class represents a IP address acls evaluator.
Messages that are serialized and go over the wire.
Interface to a policy.
Interface for policy predicate parsers.
Interface for a policy rule.
Represents a set of policy rules.
This represents raw JS parameters.
IRemoteRequest is the interface class for the remote
requests and responses
Interface for a renewal policy rule.
This interface defines access to request virtual list.
Interface for a revocation policy rule.
This interface defines how requests are serviced.
Shared Token interface.
This interface represents an object that captures the
SSL client certificate in a SSL session.
Exception to throw during CA creation when requested CA
(issuer DN) already exists.
An interface represents a storage key unit.
Class that can be used to form general names from configuration file.
An interface represents a generic token unit.
A class to retrieve passwords through a modal Java dialog box
This abstract class is a base job for real job extensions for the
Jobs Scheduler.
Provides jobsScheduler.job..* parameters.
class representing one Job cron information
This class represents a job plugin registered with the
JobScheduler.
Provides jobsScheduler.impl.* parameters.
A class representing an administration servlet for the
Jobs Scheduler and it's scheduled jobs.
Provides jobsScheduler.job.* parameters.
A class represents a resource bundle for the
Jobs package
This is a daemon thread that handles scheduled jobs like cron would
do with different jobs.
Provides jobsScheduler.* parameters.
Implement this interface to provide default methods to serialize an object to/from JSON
Uses NSS ssl socket.
Subsystem for initializing JSS
Represents a Key stored in the DRM.
This class represents a container for storaging
data in the security package.
This class provides all the base methods to generate the key for different
kinds of certificates.
A class represents a collection of key record
specific schema information.
Class to define the common attributes and methods used by
SymKeyGenerationRequest and AsymKeyGenerationRequest
The
KeyGenInfo
represents the information generated by
the KeyGen tag of the HTML forms.KeyGenProcess parses Certificate request matching the
KEYGEN tag format used by Netscape Communicator 4.x
RFC 2560:
A Template for decoding
ResponseBytes
.The KeyId class represents the identifier for a particular
key record.
A class represents a Key record.
A class represents a list of key records.
Output a 'pretty print' of a Key Archival record
A class represents key state.
A class represents a key state mapper.
A class represents a resource bundle for KRA subsystem.
The KRATool class is a utility program designed to operate on an LDIF file
to perform one or more of the following tasks:
KRA transport certificate
A LDAP connection that is bound to a server host, port and secure type.
Factory for getting LDAP Connections to a LDAP server
each connection is a seperate thread that can be bound to a different
authentication dn and password.
Provides .ldapauth.* parameters.
class for reading ldap authentication info from config store
A LDAP connection that is bound to a server host, port, secure type.
Factory for getting LDAP Connections to a LDAP server with the same
LDAP authentication.
Provides .* parameters.
LDAPConfigStorage:
Extends ConfigStore with methods to load/save from/to file for
persistent storage.
Provides .ldapconn.* parameters.
Maintains a pool of connections to the LDAP server.
class for reading ldap connection from the config store.
This class implements LDAP database.
A class represents a filter converter
that understands how to convert a attribute
type from one defintion to another.
Perform consecutive paged search until entries are available.
A class represents a registry where all the
schema (object classes and attribute) information
is stored.
A resource bundle for ldap subsystem.
This object stores the values for IP, uid and group based on the cookie id in LDAP.
A class represents the database session.
A class represents a virtual list of search results.
This class represents a registered listener plugin.
A class represents a resource bundle for the
listeners package.
A class representings an administration servlet for logging
subsystem.
A log entry of LogFile
A class which all loggable events must extend.
A class representing a log event factory.
A class representing a log event listener.
A log event listener which write logs to log files
A class represents certificate server logger
implementation.
Provides log.instance..* parameters.
Provides log.impl.* parameters.
Provides log.instance.* parameters.
Provides log.* parameters.
This class represents a registered logger plugin.
A class represents a log queue.
This is the fallback resource bundle for all log events.
A class representing a log subsystem.
A class represents ann attribute mapper that maps
a Java Long object into LDAP attribute,
and vice versa.
This class handles mail notification via SMTP.
ManualAuthentication is an enrollment policy that queues
all requests for issuing agent's approval if no authentication
is present.
Class for mapping a X509 certificate to a LDAP entry.
This class represents a registered mapper plugin.
Class representing a LdapMapper.
This object stores the values for IP, uid and group based on the cookie id.
Factors out common function of formatting internatinalized
messages taking arguments and using java.util.ResourceBundle
and java.text.MessageFormat mechanism.
A class representing a meta attribute defintion.
A class represents meta information.
A class represent mapper for metainfo attribute.
A class represents a modification.
A class represents a modification set.
RFC 2560:
A Template for decoding
ResponseBytes
.A class represents an ordered list of name
value pairs.
This is the base class for network clients.
This class provides a limited storage for nonces.
A class represents a resource bundle for the
Mail Notification package
This authentication does nothing but just returns an empty authToken.
A class represents ann attribute mapper that maps
a Java object into LDAP attribute,
and vice versa.
This class implements an OCSP command line interface.
This class implements an OCSP utility.
RFC 2560:
A Template for decoding OCSPRequest.
RFC 2560:
A Template for decoding an
OCSPResponse
.RFC 2560:
A Template for decoding an
OCSPResponseStatus
.Process OCSP messages, According to RFC 2560
See http://www.ietf.org/rfc/rfc2560.txt
OCSP signing certificate.
This interface defines all the administration operations
used in the administration protocol between the console
and the server.
This class represents an Or expression of the form
(var1 op val1 OR var2 op val2).
Certificate Server admin authentication.
Tool for interacting with the PWcache
This class checks the given password if it meets the specific requirements.
A class represents a resource bundle for the password checker.
http://brianoneill.blogspot.in/2011/11/patch-methods-on-jax-rs.html
This represnets a listener that removes pin from LDAP directory.
Generates an ECC or RSA key pair in the security database, constructs a
PKCS#10 certificate request with the public key, and outputs the request
to a file.
PKCS10Processor process Certificate Requests in
PKCS10 format, as defined here:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html
Deprecated.
Replaced by PKCS12CertImportCLI.
Tool for creating PKCS12 file
Tool for exporting NSS database into PKCS #12 file
Tool for importing NSS database from PKCS #12 file
Process Certificate Requests
PKI Realm
This realm provides an authentication service against PKI user database.
A class represents a PKIServer event.
A class represents a listener that listens to
PKIServer event.
Base class for CMS RESTful resources
Uses HCL ssl socket.
This represents a generici CMS plugin.
The plugin information includes name,
class name, and description.
This represents the registry subsystem that manages
mulitple types of plugin information.
This class is an administration servlet for policy management.
A (localizable) message recorded by a policy module that describes
the reason for rejecting a request.
Default implementation of predicate parser.
A generic interface for a policy processor.
This class defines results for policy actions.
Implements a policy set per IPolicySet interface.
uid/pwd directory based authentication manager
This servlet returns port information.
This interface defines all the prefix tags
used in the administration protocol between
the console and the server.
The PrettyPrintCert class is a utility program designed to "pretty print"
a certificate.
The PrettyPrintCrl class is a utility program designed to "pretty print"
a CRL.
Resource Boundle for the Pretty Print
Display Generic Request detail to the user.
A set of properties.
This class provides a mechanism to authenticate against
the appropriate subsystem for the CLI command.
This is a servlet that proxies request to another servlet.
This class will display the certificate content in predefined
format.
A class represents an attribute mapper that maps
a public key data into LDAP attribute and
vice versa.
Class for publishing certificate or crl to database store.
This class represents a registered publisher plugin.
Class representing a proxy for a Publisher.
Show paged list of requests matching search criteria.
RA signing certificate
This represents raw JS parameters.
Contain all records in a page for a paged search.
This servlet creates a TPS user in the CA,
and it associates TPS's server certificate to
the user.
Allow agent to turn on/off authentication managers
This represents a remote authority that can be
a certificate manager, or key recovery manager or
some other manager.
A class represents a replica repository.
A class represents a generic repository.
A class represents a repository record.
A class represents a collection of repository-specific
schema information.
A class representing a request parser which
converts Java request object into name value
pairs and vice versa.
RFC 2560:
A Template for decoding Request.
Deprecated.
The RequestId class represents the identifier for a particular
request within a request queue.
A mapper between an request id object and
its LDAP attribute representation
A job for the Jobs Scheduler.
An class that defines abilities of request listener,
The RequestNotifier can be registered with a RequestQueue,
so it will be invoked when a request is completely serviced
by the IService object, then it will notify all registered
request listeners.
This class represents the request queue within the
certificate server.
A request record is the stored version of a request.
TODO: what does this class provide beyond the Repository
base class??
This class represents a request scheduler that prioritizes
the threads based on the request processing order.
A mapper between an request state object and
its LDAP attribute representation
The RequestStatus class represents the current state of a request
in a request queue.
RequestSubsystem
Resend requests at intervals to the server to ensure completion of requests.
RFC 2560:
RFC 2560:
RFC 2560:
A Template for decoding
ResponseBytes
.RFC 2560:
A Template for decoding
ResponseBytes
.This is a base class for some REST request/response messages.
Provides auths.revocationChecking.* parameters.
A class represents a certificate revocation info.
A class represents a mapper to serialize
revocation information into database.
RFC 2560:
A Template for decoding
ResponseBytes
.A rotating log file for Certificate log events.
This class represents a registered Publishing Rule plugin.
The RunListeners class implements Runnable interface.
This interface defines all the operation scope
used in the administration protocol between the
console and the server.
Search for requests matching complex query filter.
This class defines the abstraction for the cookie table.
This class implements an individual self test.
This class implements a single element in
an ordered list of self test instances.
Provides selftests.plugin..* parameters.
A class represents a resource bundle for Self Tests.
This class implements a container for self tests.
Pull any existing auth token from the session context.
This class specifies the context object that includes
authentication environment and connection information.
RFC 2560:
A Template for decoding Request.
The log event object that carries message detail of a log event
that goes into the Signed Audit Event log.
A log event object for handling system messages
A class represents certificate server logger
implementation.
A class represents the signing unit which is
capable of signing data.
This class represents an expression of the form var = val,
var val, var val, var val, var val, var val.
The
Properties
class represents a persistent set of
properties.RFC 2560:
A Template for decoding
ResponseBytes
.This class implements the SMTP client.
This exeception is thrown when unexpected results are returned during
an SMTP session.
SSL server certificate
Certificate server SSL client authentication.
SSL server certificate
A statistics transaction.
A class represents a internal subsystem.
A class represents ann attribute mapper that maps
a Java String object into LDAP attribute,
and vice versa.
A class represents ann attribute mapper that maps
a Java String object into LDAP attribute,
and vice versa.
This class represents a basic subsystem.
Subsystem certificate.
A class represents a subsystem loader.
This class implements a self test to check the system certs
of the subsystem
Notify of startup when systemd notification socket is available.
Displays detailed information about java VM internals, including
current JVM memory usage, and detailed information about each
thread.
This interface defines all the tasks used in
the configuration protocol between the
configuration wizard and the configuration
daemon.
RFC 2560:
A Template for decoding TBSRequest.
Tool used to test out signing a CRL
Token authentication.
Tool used to determine which external hardware tokens are visible to the
Certificate System subsystem.
This class implements that basic intefaces of transfer protocols.
This class defines low-level LDAP usr/grp management
usr/grp information is located remotely on another
LDAP server.
uid/pwd directory based authentication manager
uid/pwd/pin directory based authentication manager
RFC 2560:
A Template for decoding
ResponseBytes
.A class represents a user.
A class represents a user acls evaluator.
This class represents information about the client e.g.
A class represents a user-origreq user mapping acls evaluator.
uid/pwd directory based authentication manager
A class representing an administration servlet for
User/Group Manager.
This object is used to easily create I18N messages for utility
classes and standalone programs.
A class represents a resource bundle for miscellanous utilities
class storing verified certificate.
class storing verified certificates.
A class represents ann attribute mapper that maps
a Java X500Name object into LDAP attribute,
and vice versa.
Subsystem for configuring X500Name related things.
A class represents a mapper to serialize
x509 certificate into database.
Deprecated, for removal: This API element is subject to removal in a future version.