Package com.netscape.cmscore.dbs
Class CertificateRepository
java.lang.Object
com.netscape.cmscore.dbs.Repository
com.netscape.cmscore.dbs.CertificateRepository
- All Implemented Interfaces:
IRepository
A classrepresents a certificate repository.
It stores all the issued certificate.
- Version:
- $Revision$, $Date$
- Author:
- thomask, kanda
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final int
static final int
static final int
final String
static org.slf4j.Logger
static final String
static final String
static final String
static final String
static final String
Fields inherited from class com.netscape.cmscore.dbs.Repository
dbSubsystem, idGenerator, idLength, LEGACY, maxSerialName, mBaseDN, mCounter, mIncrementNo, minSerialName, mLowWaterMarkNo, mMaxSerialNo, mMinSerialNo, mNextMaxSerialNo, mNextMinSerialNo, mRadix, nextMaxSerialName, nextMinSerialName, RANDOM, rangeDN, repositoryConfig, secureRandom
-
Constructor Summary
ConstructorsConstructorDescriptionCertificateRepository
(DBSubsystem dbSubsystem) Constructs a certificate repository. -
Method Summary
Modifier and TypeMethodDescriptionvoid
addCertificateRecord
(CertRecord record) Adds a certificate record to the repository.void
addRevokedCertRecord
(CertRecord record) Used by the Clone Master (CLA) to add a revoked certificate record to the repository.boolean
checkCertificateRecord
(BigInteger serialNo) boolean
containsCertificate
(BigInteger serialNo) Checks if the certificate exists in this repository.createCertRecord
(RequestId requestID, String profileIDMapping, org.mozilla.jss.netscape.security.x509.X509CertImpl cert) void
deleteCertificateRecord
(BigInteger serialNo) Deletes certificate from this repository.Enumeration<org.mozilla.jss.netscape.security.x509.X509CertImpl>
findCertificates
(String filter) Finds all certificates given a filter.findCertRecords
(String filter) Finds a list of certificate records that satisifies the filter.findCertRecordsInList
(String filter, String[] attrs, int pageSize) Finds certificate records.findCertRecordsInList
(String filter, String[] attrs, String jumpTo, boolean hardJumpTo, String sortKey, int pageSize) Finds a list of certificate records that satisifies the filter.findCertRecordsInList
(String filter, String[] attrs, String sortKey, int pageSize) Finds a list of certificate records that satisifies the filter.findCertRecordsInList
(String filter, String[] attrs, String jumpTo, String sortKey, int pageSize) Finds a list of certificate records that satisifies the filter.findCertRecordsInListRawJumpto
(String filter, String[] attrs, String jumpTo, String sortKey, int pageSize) Finds a list of certificate records that satisifies the filter.findCertRecs
(String filter) Deprecated.findCertRecs
(String filter, String[] attrs) Retrives all expired certificates.Retrives all expired publishedcertificates.Retrieves all revoked certificates including ones that have expired or that are not yet valid.Retrieves all revoked but not expired certificates.Retrives all revoked published certificates including ones already expired or not yet valid.Retrives all valid certificates excluding ones already revoked.Retrives all valid not published certificates excluding ones already revoked.boolean
Retrieves serial number management mode.getExpiredCertificates
(String from, String to) Retrieves expired certificates.getExpiredPublishedCertificates
(String from, String to) Retrieves expired and published certificates.getInvalidCertsByNotBeforeDate
(Date date, int pageSize) Gets Invalid certs orderes by noAfter date, jumps to records where notAfter date is greater than current.getLastSerialNumberInRange
(BigInteger serial_low_bound, BigInteger serial_upper_bound) Retrieves the next certificate serial number, and also increases the serial number by one.getRandomLimit
(BigInteger rangeLength) getRenewableCertificates
(String renewalTime) Retrieves renewable certificates.getRevokedCertificates
(String from, String to) Retrieves revoked certificates.getRevokedCertificates
(Date asOfDate) Retrieves all revoked certificates that have not expired.getRevokedCertsByNotAfterDate
(Date date, int pageSize) Gets Revoked certs orderes by noAfter date, jumps to records where notAfter date is greater than current.getRevokedPublishedCertificates
(String from, String to) Retrieves revoked and published certificates.getValidCertificates
(String from, String to) Retrieves valid certificates.getValidCertsByNotAfterDate
(Date date, int pageSize) Gets valid certs orderes by noAfter date, jumps to records where notAfter date is greater than current.getValidNotPublishedCertificates
(String from, String to) Retrieves valid and not published certificates.org.mozilla.jss.netscape.security.x509.X509CertImpl
getX509Certificate
(BigInteger serialNo) Reads the certificate identified by the given serial no.org.mozilla.jss.netscape.security.x509.X509CertImpl[]
getX509Certificates
(String filter) org.mozilla.jss.netscape.security.x509.X509CertImpl[]
getX509Certificates
(String subjectDN, int validityType) Gets all valid and unexpired certificates pertaining to a subject DN.void
init()
void
isCertificateRevoked
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) Checks if the presented certificate belongs to the repository and is revoked.void
markAsRevoked
(BigInteger id, RevocationInfo info) Marks certificate as revoked.void
markAsRevoked
(BigInteger id, RevocationInfo info, boolean isAlreadyRevoked) Marks certificate as revoked.void
Marks certificate as not renewable.void
markCertificateAsRenewable
(CertRecord record) Marks certificate as renewable.void
markCertificateAsRenewalNotified
(String serialNo) Marks certificate as renewed and notified.void
markCertificateAsRenewed
(String serialNo) Marks certificate as renewed.void
modifyCertificateRecord
(BigInteger serialNo, ModificationSet mods) Modifies certificate record.readCertificateRecord
(BigInteger serialNo) Reads certificate from repository.void
removeCertRecords
(BigInteger beginS, BigInteger endS) Removes certificate records with this repository.searchCertificates
(String filter, int maxSize) Finds a list of certificate records that satisifies the filter.searchCertificates
(String filter, int maxSize, int timeLimit) Finds a list of certificate records that satisifies the filter.searchCertificates
(String filter, int maxSize, int timeLimit, String sortAttribute) Finds a list of certificate records that satisifies the filter.searchCertificates
(String filter, int maxSize, String sortAttribute) Finds a list of certificate records that satisifies the filter.void
setConsistencyCheck
(boolean ConsistencyCheck) void
setEnableRandomSerialNumbers
(boolean random, boolean updateMode, boolean forceModeChange) Sets serial number management mode for certificates..void
shutdown()
void
unmarkRevoked
(BigInteger id, RevocationInfo info, Date revokedOn, String revokedBy) Unmark a revoked certificates.void
void
updateStatus
(BigInteger id, String status) Updates certificate status.void
updateStatus
(Vector<BigInteger> list, String status) Methods inherited from class com.netscape.cmscore.dbs.Repository
checkRange, checkRanges, getBaseDN, getIDGenerator, getMaxSerial, getMinSerial, getNextMaxSerial, getNextRange, getRadix, hasRangeConflict, initCache, peekNextSerialNumber, setEnableSerialMgmt, setIDGenerator, setLastSerialNo, setMaxSerial, setMaxSerialConfig, setMinSerialConfig, setNextMaxSerial, setNextMaxSerialConfig, setNextMinSerialConfig, setTheSerialNumber
-
Field Details
-
logger
public static org.slf4j.Logger logger -
ALL_CERTS
public static final int ALL_CERTS- See Also:
-
ALL_VALID_CERTS
public static final int ALL_VALID_CERTS- See Also:
-
ALL_UNREVOKED_CERTS
public static final int ALL_UNREVOKED_CERTS- See Also:
-
PROP_INCREMENT
- See Also:
-
PROP_TRANS_MAXRECORDS
- See Also:
-
PROP_TRANS_PAGESIZE
- See Also:
-
CERT_X509ATTRIBUTE
- See Also:
-
PROP_CERT_ID_GENERATOR
- See Also:
-
PROP_CERT_ID_LENGTH
- See Also:
-
-
Constructor Details
-
CertificateRepository
Constructs a certificate repository.
-
-
Method Details
-
init
- Overrides:
init
in classRepository
- Throws:
Exception
-
initLegacyGenerator
- Throws:
Exception
-
getEnableRandomSerialNumbers
public boolean getEnableRandomSerialNumbers()Retrieves serial number management mode.- Returns:
- serial number management mode, "true" indicates random serial number management, "false" indicates sequential serial number management.
-
setEnableRandomSerialNumbers
public void setEnableRandomSerialNumbers(boolean random, boolean updateMode, boolean forceModeChange) Sets serial number management mode for certificates..- Parameters:
random
- "true" sets random serial number management, "false" sequentialupdateMode
- "true" updates "description" attribute in certificate repositoryforceModeChange
- "true" forces certificate repository mode change
-
getNextSerialNumber
Retrieves the next certificate serial number, and also increases the serial number by one.- Specified by:
getNextSerialNumber
in interfaceIRepository
- Overrides:
getNextSerialNumber
in classRepository
- Returns:
- serial number
- Throws:
EBaseException
- failed to retrieve next serial number
-
getRangeLength
- Overrides:
getRangeLength
in classRepository
-
getRandomLimit
- Overrides:
getRandomLimit
in classRepository
-
getNumbersInRange
- Overrides:
getNumbersInRange
in classRepository
-
updateCounter
public void updateCounter() -
getLastSerialNumberInRange
public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound) throws EBaseException - Specified by:
getLastSerialNumberInRange
in classRepository
- Throws:
EBaseException
-
removeCertRecords
Removes certificate records with this repository.- Parameters:
beginS
- BigInteger with radix 16endS
- BigInteger with radix 16- Throws:
EBaseException
-
setConsistencyCheck
public void setConsistencyCheck(boolean ConsistencyCheck) -
createCertRecord
public CertRecord createCertRecord(RequestId requestID, String profileIDMapping, org.mozilla.jss.netscape.security.x509.X509CertImpl cert) throws Exception - Throws:
Exception
-
addCertificateRecord
Adds a certificate record to the repository. Each certificate record contains four parts: certificate, meta-attributes, issue information and revocation information.- Parameters:
record
- X.509 certificate- Throws:
EBaseException
- failed to add new certificate to the repository
-
addRevokedCertRecord
Used by the Clone Master (CLA) to add a revoked certificate record to the repository.- Parameters:
record
- a CertRecord- Throws:
EBaseException
- failed to add new certificate to the repository
-
updateStatus
- Throws:
EBaseException
-
getX509Certificate
public org.mozilla.jss.netscape.security.x509.X509CertImpl getX509Certificate(BigInteger serialNo) throws EBaseException Reads the certificate identified by the given serial no.- Parameters:
serialNo
- serial number of certificate- Returns:
- certificate
- Throws:
EBaseException
- failed to retrieve certificate
-
deleteCertificateRecord
Deletes certificate from this repository.- Parameters:
serialNo
- serial number of certificate- Throws:
EBaseException
- failed to delete
-
readCertificateRecord
Reads certificate from repository.- Parameters:
serialNo
- serial number of certificate- Returns:
- certificate record
- Throws:
EBaseException
- failed to retrieve certificate
-
checkCertificateRecord
- Throws:
EBaseException
-
modifyCertificateRecord
public void modifyCertificateRecord(BigInteger serialNo, ModificationSet mods) throws EBaseException Modifies certificate record.- Parameters:
serialNo
- serial number of recordmods
- modifications- Throws:
EBaseException
- failed to modify
-
containsCertificate
Checks if the certificate exists in this repository.- Parameters:
serialNo
- serial number of certificate- Returns:
- true if it exists
- Throws:
EBaseException
- failed to check
-
markAsRevoked
Marks certificate as revoked. isAlreadyRevoked - boolean to indicate that the cert was revoked ( possibly onHold ) When a cert was originally revoked (possibly onHold), some of the ldap attributes already exist, so "MOD_REPLACE" is needed instead of "MOD_ADD"- Parameters:
id
- serial numberinfo
- revocation information- Throws:
EBaseException
- failed to mark
-
markAsRevoked
public void markAsRevoked(BigInteger id, RevocationInfo info, boolean isAlreadyRevoked) throws EBaseException Marks certificate as revoked.- Parameters:
id
- serial numberinfo
- revocation informationisAlreadyRevoked
- boolean to indicate if the cert was revoked onHold- Throws:
EBaseException
- failed to mark
-
unmarkRevoked
public void unmarkRevoked(BigInteger id, RevocationInfo info, Date revokedOn, String revokedBy) throws EBaseException Unmark a revoked certificates.- Parameters:
id
- serial numberinfo
- revocation informationrevokedOn
- revocation daterevokedBy
- userid- Throws:
EBaseException
- failed to unmark
-
updateStatus
Updates certificate status.- Parameters:
id
- serial numberstatus
- certificate status- Throws:
EBaseException
- failed to update status
-
searchCertificates
public Enumeration<Object> searchCertificates(String filter, int maxSize, String sortAttribute) throws EBaseException Finds a list of certificate records that satisifies the filter.- Parameters:
filter
- search filtermaxSize
- max size to returnsortAttribute
- Attribute of CertRecord to sort the results- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to search
-
searchCertificates
Finds a list of certificate records that satisifies the filter. Here is a list of filter attribute can be used:certRecordId certMetaInfo certStatus certCreateTime certModifyTime x509Cert.notBefore x509Cert.notAfter x509Cert.subject
The filter should follow RFC1558 LDAP filter syntax. For example,- Parameters:
filter
- search filtermaxSize
- max size to return- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to search
-
searchCertificates
public Enumeration<CertRecord> searchCertificates(String filter, int maxSize, int timeLimit) throws EBaseException Finds a list of certificate records that satisifies the filter.- Parameters:
filter
- search filtermaxSize
- max size to returntimeLimit
- timeout value- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to search
-
searchCertificates
public Enumeration<CertRecord> searchCertificates(String filter, int maxSize, int timeLimit, String sortAttribute) throws EBaseException Finds a list of certificate records that satisifies the filter.- Parameters:
filter
- search filtermaxSize
- max size to returntimeLimit
- timeout valuesortAttribute
- Attribute of CertRecord to sort the results- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to search
-
findCertRecs
Deprecated.replaced byfindCertificatesInList
Finds certificate records.- Parameters:
filter
- search filter- Returns:
- a list of certificate records
- Throws:
EBaseException
- failed to retrieve cert records
-
findCertRecs
- Throws:
EBaseException
-
findCertificates
public Enumeration<org.mozilla.jss.netscape.security.x509.X509CertImpl> findCertificates(String filter) throws EBaseException Finds all certificates given a filter.- Parameters:
filter
- search filter- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to search
-
findCertRecords
Finds a list of certificate records that satisifies the filter. If you are going to process everything in the list, use this.- Parameters:
filter
- search filter- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to search
-
findCertRecordsInList
public CertRecordList findCertRecordsInList(String filter, String[] attrs, int pageSize) throws EBaseException Finds certificate records. Here is a list of filter attribute can be used:certRecordId certMetaInfo certStatus certCreateTime certModifyTime x509Cert.notBefore x509Cert.notAfter x509Cert.subject
The filter should follow RFC1558 LDAP filter syntax. For example,- Parameters:
filter
- search filterattrs
- selected attributepageSize
- page size- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to search
-
findCertRecordsInList
public CertRecordList findCertRecordsInList(String filter, String[] attrs, String sortKey, int pageSize) throws EBaseException Finds a list of certificate records that satisifies the filter.- Parameters:
filter
- search filterattrs
- selected attributesortKey
- key to use for sorting the returned elementspageSize
- page size- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to search
-
findCertRecordsInList
public CertRecordList findCertRecordsInList(String filter, String[] attrs, String jumpTo, String sortKey, int pageSize) throws EBaseException Finds a list of certificate records that satisifies the filter.- Parameters:
filter
- search filterattrs
- selected attributejumpTo
- jump to indexsortKey
- key to use for sorting the returned elementspageSize
- page size- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to search
-
findCertRecordsInList
public CertRecordList findCertRecordsInList(String filter, String[] attrs, String jumpTo, boolean hardJumpTo, String sortKey, int pageSize) throws EBaseException Finds a list of certificate records that satisifies the filter.- Parameters:
filter
- search filterattrs
- selected attributejumpTo
- jump to indexhardJumpTo
-sortKey
- key to use for sorting the returned elementspageSize
- page size- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to search
-
findCertRecordsInListRawJumpto
public CertRecordList findCertRecordsInListRawJumpto(String filter, String[] attrs, String jumpTo, String sortKey, int pageSize) throws EBaseException Finds a list of certificate records that satisifies the filter.- Parameters:
filter
- search filterattrs
- selected attributejumpTo
- jump to indexsortKey
- key to use for sorting the returned elementspageSize
- page size- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to search
-
markCertificateAsRenewable
Marks certificate as renewable.- Parameters:
record
- certificate record to modify- Throws:
EBaseException
- failed to update
-
markCertificateAsNotRenewable
Marks certificate as not renewable.- Parameters:
record
- certificate record to modify- Throws:
EBaseException
- failed to update
-
markCertificateAsRenewed
Marks certificate as renewed.- Parameters:
serialNo
- certificate record to modify- Throws:
EBaseException
- failed to update
-
markCertificateAsRenewalNotified
Marks certificate as renewed and notified.- Parameters:
serialNo
- certificate record to modify- Throws:
EBaseException
- failed to update
-
getRenewableCertificates
public Hashtable<String,RenewableCertificateCollection> getRenewableCertificates(String renewalTime) throws EBaseException Retrieves renewable certificates.- Parameters:
renewalTime
- renewal time- Returns:
- certificates
- Throws:
EBaseException
- failed to retrieve
-
getX509Certificates
public org.mozilla.jss.netscape.security.x509.X509CertImpl[] getX509Certificates(String subjectDN, int validityType) throws EBaseException Gets all valid and unexpired certificates pertaining to a subject DN.- Parameters:
subjectDN
- The distinguished name of the subject.validityType
- The type of certificates to get.- Returns:
- An array of certificates.
- Throws:
EBaseException
- on error.
-
getX509Certificates
public org.mozilla.jss.netscape.security.x509.X509CertImpl[] getX509Certificates(String filter) throws EBaseException - Throws:
EBaseException
-
getValidCertificates
Retrieves valid certificates.- Parameters:
from
- starting serial numberto
- ending serial number- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to retrieve
-
getAllValidCertificates
Retrives all valid certificates excluding ones already revoked.- Throws:
EBaseException
-
getValidNotPublishedCertificates
public Enumeration<CertRecord> getValidNotPublishedCertificates(String from, String to) throws EBaseException Retrieves valid and not published certificates.- Parameters:
from
- starting serial numberto
- ending serial number- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to retrieve
-
getAllValidNotPublishedCertificates
Retrives all valid not published certificates excluding ones already revoked.- Throws:
EBaseException
-
getExpiredCertificates
Retrieves expired certificates.- Parameters:
from
- starting serial numberto
- ending serial number- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to retrieve
-
getAllExpiredCertificates
Retrives all expired certificates.- Throws:
EBaseException
-
getExpiredPublishedCertificates
public Enumeration<CertRecord> getExpiredPublishedCertificates(String from, String to) throws EBaseException Retrieves expired and published certificates.- Parameters:
from
- starting serial numberto
- ending serial number- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to retrieve
-
getAllExpiredPublishedCertificates
Retrives all expired publishedcertificates.- Throws:
EBaseException
-
getInvalidCertsByNotBeforeDate
Gets Invalid certs orderes by noAfter date, jumps to records where notAfter date is greater than current.- Parameters:
date
- reference datepageSize
- page size- Returns:
- a list of certificate records
- Throws:
EBaseException
- failed to retrieve
-
getValidCertsByNotAfterDate
Gets valid certs orderes by noAfter date, jumps to records where notAfter date is greater than current.- Parameters:
date
- reference datepageSize
- page size- Returns:
- a list of certificate records
- Throws:
EBaseException
- failed to retrieve
-
getRevokedCertsByNotAfterDate
Gets Revoked certs orderes by noAfter date, jumps to records where notAfter date is greater than current.- Parameters:
date
- reference datepageSize
- page size- Returns:
- a list of certificate records
- Throws:
EBaseException
- failed to retrieve
-
getRevokedCertificates
Retrieves revoked certificates.- Parameters:
from
- starting serial numberto
- ending serial number- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to retrieve
-
getAllRevokedCertificates
Retrieves all revoked certificates including ones that have expired or that are not yet valid.- Returns:
- a list of revoked certificates
- Throws:
EBaseException
- failed to search
-
getRevokedPublishedCertificates
public Enumeration<CertRecord> getRevokedPublishedCertificates(String from, String to) throws EBaseException Retrieves revoked and published certificates.- Parameters:
from
- starting serial numberto
- ending serial number- Returns:
- a list of certificates
- Throws:
EBaseException
- failed to retrieve
-
getAllRevokedPublishedCertificates
Retrives all revoked published certificates including ones already expired or not yet valid.- Throws:
EBaseException
-
getRevokedCertificates
Retrieves all revoked certificates that have not expired.- Parameters:
asOfDate
- as of date- Returns:
- a list of revoked certificates
- Throws:
EBaseException
- failed to retrieve
-
getAllRevokedNonExpiredCertificates
Retrieves all revoked but not expired certificates.- Returns:
- a list of revoked certificates
- Throws:
EBaseException
- failed to search
-
isCertificateRevoked
public RevocationInfo isCertificateRevoked(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) throws EBaseException Checks if the presented certificate belongs to the repository and is revoked.- Parameters:
cert
- certificate to verify.- Returns:
- RevocationInfo if the presented certificate is revoked otherwise null.
- Throws:
EBaseException
-
shutdown
public void shutdown()
-
findCertificatesInList