Class CertificateRepository

java.lang.Object
com.netscape.cmscore.dbs.Repository
com.netscape.cmscore.dbs.CertificateRepository
All Implemented Interfaces:
IRepository

public class CertificateRepository extends Repository
A classrepresents a certificate repository. It stores all the issued certificate.
Version:
$Revision$, $Date$
Author:
thomask, kanda
  • Field Details

  • Constructor Details

    • CertificateRepository

      public CertificateRepository(DBSubsystem dbSubsystem)
      Constructs a certificate repository.
  • Method Details

    • init

      public void init() throws Exception
      Overrides:
      init in class Repository
      Throws:
      Exception
    • initLegacyGenerator

      public void initLegacyGenerator() throws Exception
      Throws:
      Exception
    • getEnableRandomSerialNumbers

      public boolean getEnableRandomSerialNumbers()
      Retrieves serial number management mode.
      Returns:
      serial number management mode, "true" indicates random serial number management, "false" indicates sequential serial number management.
    • setEnableRandomSerialNumbers

      public void setEnableRandomSerialNumbers(boolean random, boolean updateMode, boolean forceModeChange)
      Sets serial number management mode for certificates..
      Parameters:
      random - "true" sets random serial number management, "false" sequential
      updateMode - "true" updates "description" attribute in certificate repository
      forceModeChange - "true" forces certificate repository mode change
    • getNextSerialNumber

      public BigInteger getNextSerialNumber() throws EBaseException
      Retrieves the next certificate serial number, and also increases the serial number by one.
      Specified by:
      getNextSerialNumber in interface IRepository
      Overrides:
      getNextSerialNumber in class Repository
      Returns:
      serial number
      Throws:
      EBaseException - failed to retrieve next serial number
    • getRangeLength

      public BigInteger getRangeLength()
      Overrides:
      getRangeLength in class Repository
    • getRandomLimit

      public BigInteger getRandomLimit(BigInteger rangeLength)
      Overrides:
      getRandomLimit in class Repository
    • getNumbersInRange

      public BigInteger getNumbersInRange()
      Overrides:
      getNumbersInRange in class Repository
    • updateCounter

      public void updateCounter()
    • getLastSerialNumberInRange

      public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound) throws EBaseException
      Specified by:
      getLastSerialNumberInRange in class Repository
      Throws:
      EBaseException
    • removeCertRecords

      public void removeCertRecords(BigInteger beginS, BigInteger endS) throws EBaseException
      Removes certificate records with this repository.
      Parameters:
      beginS - BigInteger with radix 16
      endS - BigInteger with radix 16
      Throws:
      EBaseException
    • setConsistencyCheck

      public void setConsistencyCheck(boolean ConsistencyCheck)
    • createCertRecord

      public CertRecord createCertRecord(RequestId requestID, String profileIDMapping, org.mozilla.jss.netscape.security.x509.X509CertImpl cert) throws Exception
      Throws:
      Exception
    • addCertificateRecord

      public void addCertificateRecord(CertRecord record) throws EBaseException
      Adds a certificate record to the repository. Each certificate record contains four parts: certificate, meta-attributes, issue information and revocation information.
      Parameters:
      record - X.509 certificate
      Throws:
      EBaseException - failed to add new certificate to the repository
    • addRevokedCertRecord

      public void addRevokedCertRecord(CertRecord record) throws EBaseException
      Used by the Clone Master (CLA) to add a revoked certificate record to the repository.

      Parameters:
      record - a CertRecord
      Throws:
      EBaseException - failed to add new certificate to the repository
    • updateStatus

      public void updateStatus(Vector<BigInteger> list, String status) throws EBaseException
      Throws:
      EBaseException
    • getX509Certificate

      public org.mozilla.jss.netscape.security.x509.X509CertImpl getX509Certificate(BigInteger serialNo) throws EBaseException
      Reads the certificate identified by the given serial no.
      Parameters:
      serialNo - serial number of certificate
      Returns:
      certificate
      Throws:
      EBaseException - failed to retrieve certificate
    • deleteCertificateRecord

      public void deleteCertificateRecord(BigInteger serialNo) throws EBaseException
      Deletes certificate from this repository.
      Parameters:
      serialNo - serial number of certificate
      Throws:
      EBaseException - failed to delete
    • readCertificateRecord

      public CertRecord readCertificateRecord(BigInteger serialNo) throws EBaseException
      Reads certificate from repository.
      Parameters:
      serialNo - serial number of certificate
      Returns:
      certificate record
      Throws:
      EBaseException - failed to retrieve certificate
    • checkCertificateRecord

      public boolean checkCertificateRecord(BigInteger serialNo) throws EBaseException
      Throws:
      EBaseException
    • modifyCertificateRecord

      public void modifyCertificateRecord(BigInteger serialNo, ModificationSet mods) throws EBaseException
      Modifies certificate record.
      Parameters:
      serialNo - serial number of record
      mods - modifications
      Throws:
      EBaseException - failed to modify
    • containsCertificate

      public boolean containsCertificate(BigInteger serialNo) throws EBaseException
      Checks if the certificate exists in this repository.
      Parameters:
      serialNo - serial number of certificate
      Returns:
      true if it exists
      Throws:
      EBaseException - failed to check
    • markAsRevoked

      public void markAsRevoked(BigInteger id, RevocationInfo info) throws EBaseException
      Marks certificate as revoked. isAlreadyRevoked - boolean to indicate that the cert was revoked ( possibly onHold ) When a cert was originally revoked (possibly onHold), some of the ldap attributes already exist, so "MOD_REPLACE" is needed instead of "MOD_ADD"
      Parameters:
      id - serial number
      info - revocation information
      Throws:
      EBaseException - failed to mark
    • markAsRevoked

      public void markAsRevoked(BigInteger id, RevocationInfo info, boolean isAlreadyRevoked) throws EBaseException
      Marks certificate as revoked.
      Parameters:
      id - serial number
      info - revocation information
      isAlreadyRevoked - boolean to indicate if the cert was revoked onHold
      Throws:
      EBaseException - failed to mark
    • unmarkRevoked

      public void unmarkRevoked(BigInteger id, RevocationInfo info, Date revokedOn, String revokedBy) throws EBaseException
      Unmark a revoked certificates.
      Parameters:
      id - serial number
      info - revocation information
      revokedOn - revocation date
      revokedBy - userid
      Throws:
      EBaseException - failed to unmark
    • updateStatus

      public void updateStatus(BigInteger id, String status) throws EBaseException
      Updates certificate status.
      Parameters:
      id - serial number
      status - certificate status
      Throws:
      EBaseException - failed to update status
    • searchCertificates

      public Enumeration<Object> searchCertificates(String filter, int maxSize, String sortAttribute) throws EBaseException
      Finds a list of certificate records that satisifies the filter.
      Parameters:
      filter - search filter
      maxSize - max size to return
      sortAttribute - Attribute of CertRecord to sort the results
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to search
    • searchCertificates

      public Enumeration<Object> searchCertificates(String filter, int maxSize) throws EBaseException
      Finds a list of certificate records that satisifies the filter. Here is a list of filter attribute can be used:
         certRecordId
         certMetaInfo
         certStatus
         certCreateTime
         certModifyTime
         x509Cert.notBefore
         x509Cert.notAfter
         x509Cert.subject
       
      The filter should follow RFC1558 LDAP filter syntax. For example,
      Parameters:
      filter - search filter
      maxSize - max size to return
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to search
    • searchCertificates

      public Enumeration<CertRecord> searchCertificates(String filter, int maxSize, int timeLimit) throws EBaseException
      Finds a list of certificate records that satisifies the filter.
      Parameters:
      filter - search filter
      maxSize - max size to return
      timeLimit - timeout value
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to search
    • searchCertificates

      public Enumeration<CertRecord> searchCertificates(String filter, int maxSize, int timeLimit, String sortAttribute) throws EBaseException
      Finds a list of certificate records that satisifies the filter.
      Parameters:
      filter - search filter
      maxSize - max size to return
      timeLimit - timeout value
      sortAttribute - Attribute of CertRecord to sort the results
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to search
    • findCertRecs

      @Deprecated public Enumeration<Object> findCertRecs(String filter) throws EBaseException
      Deprecated.
      replaced by findCertificatesInList
      Finds certificate records.
      Parameters:
      filter - search filter
      Returns:
      a list of certificate records
      Throws:
      EBaseException - failed to retrieve cert records
    • findCertRecs

      public Enumeration<Object> findCertRecs(String filter, String[] attrs) throws EBaseException
      Throws:
      EBaseException
    • findCertificates

      public Enumeration<org.mozilla.jss.netscape.security.x509.X509CertImpl> findCertificates(String filter) throws EBaseException
      Finds all certificates given a filter.
      Parameters:
      filter - search filter
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to search
    • findCertRecords

      public Enumeration<CertRecord> findCertRecords(String filter) throws EBaseException
      Finds a list of certificate records that satisifies the filter. If you are going to process everything in the list, use this.
      Parameters:
      filter - search filter
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to search
    • findCertRecordsInList

      public CertRecordList findCertRecordsInList(String filter, String[] attrs, int pageSize) throws EBaseException
      Finds certificate records. Here is a list of filter attribute can be used:
         certRecordId
         certMetaInfo
         certStatus
         certCreateTime
         certModifyTime
         x509Cert.notBefore
         x509Cert.notAfter
         x509Cert.subject
       
      The filter should follow RFC1558 LDAP filter syntax. For example,
      Parameters:
      filter - search filter
      attrs - selected attribute
      pageSize - page size
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to search
    • findCertRecordsInList

      public CertRecordList findCertRecordsInList(String filter, String[] attrs, String sortKey, int pageSize) throws EBaseException
      Finds a list of certificate records that satisifies the filter.
      Parameters:
      filter - search filter
      attrs - selected attribute
      sortKey - key to use for sorting the returned elements
      pageSize - page size
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to search
    • findCertRecordsInList

      public CertRecordList findCertRecordsInList(String filter, String[] attrs, String jumpTo, String sortKey, int pageSize) throws EBaseException
      Finds a list of certificate records that satisifies the filter.
      Parameters:
      filter - search filter
      attrs - selected attribute
      jumpTo - jump to index
      sortKey - key to use for sorting the returned elements
      pageSize - page size
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to search
    • findCertRecordsInList

      public CertRecordList findCertRecordsInList(String filter, String[] attrs, String jumpTo, boolean hardJumpTo, String sortKey, int pageSize) throws EBaseException
      Finds a list of certificate records that satisifies the filter.
      Parameters:
      filter - search filter
      attrs - selected attribute
      jumpTo - jump to index
      hardJumpTo -
      sortKey - key to use for sorting the returned elements
      pageSize - page size
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to search
    • findCertRecordsInListRawJumpto

      public CertRecordList findCertRecordsInListRawJumpto(String filter, String[] attrs, String jumpTo, String sortKey, int pageSize) throws EBaseException
      Finds a list of certificate records that satisifies the filter.
      Parameters:
      filter - search filter
      attrs - selected attribute
      jumpTo - jump to index
      sortKey - key to use for sorting the returned elements
      pageSize - page size
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to search
    • markCertificateAsRenewable

      public void markCertificateAsRenewable(CertRecord record) throws EBaseException
      Marks certificate as renewable.
      Parameters:
      record - certificate record to modify
      Throws:
      EBaseException - failed to update
    • markCertificateAsNotRenewable

      public void markCertificateAsNotRenewable(CertRecord record) throws EBaseException
      Marks certificate as not renewable.
      Parameters:
      record - certificate record to modify
      Throws:
      EBaseException - failed to update
    • markCertificateAsRenewed

      public void markCertificateAsRenewed(String serialNo) throws EBaseException
      Marks certificate as renewed.
      Parameters:
      serialNo - certificate record to modify
      Throws:
      EBaseException - failed to update
    • markCertificateAsRenewalNotified

      public void markCertificateAsRenewalNotified(String serialNo) throws EBaseException
      Marks certificate as renewed and notified.
      Parameters:
      serialNo - certificate record to modify
      Throws:
      EBaseException - failed to update
    • getRenewableCertificates

      public Hashtable<String,RenewableCertificateCollection> getRenewableCertificates(String renewalTime) throws EBaseException
      Retrieves renewable certificates.
      Parameters:
      renewalTime - renewal time
      Returns:
      certificates
      Throws:
      EBaseException - failed to retrieve
    • getX509Certificates

      public org.mozilla.jss.netscape.security.x509.X509CertImpl[] getX509Certificates(String subjectDN, int validityType) throws EBaseException
      Gets all valid and unexpired certificates pertaining to a subject DN.
      Parameters:
      subjectDN - The distinguished name of the subject.
      validityType - The type of certificates to get.
      Returns:
      An array of certificates.
      Throws:
      EBaseException - on error.
    • getX509Certificates

      public org.mozilla.jss.netscape.security.x509.X509CertImpl[] getX509Certificates(String filter) throws EBaseException
      Throws:
      EBaseException
    • getValidCertificates

      public Enumeration<CertRecord> getValidCertificates(String from, String to) throws EBaseException
      Retrieves valid certificates.
      Parameters:
      from - starting serial number
      to - ending serial number
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to retrieve
    • getAllValidCertificates

      public Enumeration<CertRecord> getAllValidCertificates() throws EBaseException
      Retrives all valid certificates excluding ones already revoked.
      Throws:
      EBaseException
    • getValidNotPublishedCertificates

      public Enumeration<CertRecord> getValidNotPublishedCertificates(String from, String to) throws EBaseException
      Retrieves valid and not published certificates.
      Parameters:
      from - starting serial number
      to - ending serial number
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to retrieve
    • getAllValidNotPublishedCertificates

      public Enumeration<CertRecord> getAllValidNotPublishedCertificates() throws EBaseException
      Retrives all valid not published certificates excluding ones already revoked.
      Throws:
      EBaseException
    • getExpiredCertificates

      public Enumeration<CertRecord> getExpiredCertificates(String from, String to) throws EBaseException
      Retrieves expired certificates.
      Parameters:
      from - starting serial number
      to - ending serial number
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to retrieve
    • getAllExpiredCertificates

      public Enumeration<CertRecord> getAllExpiredCertificates() throws EBaseException
      Retrives all expired certificates.
      Throws:
      EBaseException
    • getExpiredPublishedCertificates

      public Enumeration<CertRecord> getExpiredPublishedCertificates(String from, String to) throws EBaseException
      Retrieves expired and published certificates.
      Parameters:
      from - starting serial number
      to - ending serial number
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to retrieve
    • getAllExpiredPublishedCertificates

      public Enumeration<CertRecord> getAllExpiredPublishedCertificates() throws EBaseException
      Retrives all expired publishedcertificates.
      Throws:
      EBaseException
    • getInvalidCertsByNotBeforeDate

      public CertRecordList getInvalidCertsByNotBeforeDate(Date date, int pageSize) throws EBaseException
      Gets Invalid certs orderes by noAfter date, jumps to records where notAfter date is greater than current.
      Parameters:
      date - reference date
      pageSize - page size
      Returns:
      a list of certificate records
      Throws:
      EBaseException - failed to retrieve
    • getValidCertsByNotAfterDate

      public CertRecordList getValidCertsByNotAfterDate(Date date, int pageSize) throws EBaseException
      Gets valid certs orderes by noAfter date, jumps to records where notAfter date is greater than current.
      Parameters:
      date - reference date
      pageSize - page size
      Returns:
      a list of certificate records
      Throws:
      EBaseException - failed to retrieve
    • getRevokedCertsByNotAfterDate

      public CertRecordList getRevokedCertsByNotAfterDate(Date date, int pageSize) throws EBaseException
      Gets Revoked certs orderes by noAfter date, jumps to records where notAfter date is greater than current.
      Parameters:
      date - reference date
      pageSize - page size
      Returns:
      a list of certificate records
      Throws:
      EBaseException - failed to retrieve
    • getRevokedCertificates

      public Enumeration<CertRecord> getRevokedCertificates(String from, String to) throws EBaseException
      Retrieves revoked certificates.
      Parameters:
      from - starting serial number
      to - ending serial number
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to retrieve
    • getAllRevokedCertificates

      public Enumeration<CertRecord> getAllRevokedCertificates() throws EBaseException
      Retrieves all revoked certificates including ones that have expired or that are not yet valid.
      Returns:
      a list of revoked certificates
      Throws:
      EBaseException - failed to search
    • getRevokedPublishedCertificates

      public Enumeration<CertRecord> getRevokedPublishedCertificates(String from, String to) throws EBaseException
      Retrieves revoked and published certificates.
      Parameters:
      from - starting serial number
      to - ending serial number
      Returns:
      a list of certificates
      Throws:
      EBaseException - failed to retrieve
    • getAllRevokedPublishedCertificates

      public Enumeration<CertRecord> getAllRevokedPublishedCertificates() throws EBaseException
      Retrives all revoked published certificates including ones already expired or not yet valid.
      Throws:
      EBaseException
    • getRevokedCertificates

      public Enumeration<CertRecord> getRevokedCertificates(Date asOfDate) throws EBaseException
      Retrieves all revoked certificates that have not expired.
      Parameters:
      asOfDate - as of date
      Returns:
      a list of revoked certificates
      Throws:
      EBaseException - failed to retrieve
    • getAllRevokedNonExpiredCertificates

      public Enumeration<CertRecord> getAllRevokedNonExpiredCertificates() throws EBaseException
      Retrieves all revoked but not expired certificates.
      Returns:
      a list of revoked certificates
      Throws:
      EBaseException - failed to search
    • isCertificateRevoked

      public RevocationInfo isCertificateRevoked(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) throws EBaseException
      Checks if the presented certificate belongs to the repository and is revoked.
      Parameters:
      cert - certificate to verify.
      Returns:
      RevocationInfo if the presented certificate is revoked otherwise null.
      Throws:
      EBaseException
    • shutdown

      public void shutdown()