Package org.dogtagpki.server.ca
Interface ICertificateAuthority
- All Superinterfaces:
ISubsystem
An interface represents a Certificate Authority that is
responsible for certificate specific operations.
- Version:
- $Revision$, $Date$
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
-
Method Summary
Modifier and TypeMethodDescriptionboolean
addCRLIssuingPoint
(ConfigStore crlSubStore, String id, boolean enable, String description) Adds CRL issuing point with the given identifier and description.boolean
void
deleteAuthority
(javax.servlet.http.HttpServletRequest httpReq) Delete this lightweight CA.void
deleteCRLIssuingPoint
(ConfigStore crlSubStore, String id) Deletes CRL issuing point with the given identifier.void
Throw an exception if CA is not ready to perform signing operations.Return CA description.boolean
Return whether CA is enabled.Get the AuthorityID of this CA.Get the AuthorityID of this CA's parent CA, if available.org.mozilla.jss.netscape.security.x509.X509CertImpl
Retrieves the CA certificate.org.mozilla.jss.netscape.security.x509.CertificateChain
Retrieves the CA certificate chain.Retrieves the CA service object that is responsible for processing requests.String[]
Retrieves the supported signing algorithms of this certificate authority.org.mozilla.jss.crypto.X509Certificate
Retrieves the CA certificate.Retrieves the certificate repository where all the locally issued certificates are kept.Retrieves the signing unit that manages the CA signing key for signing CRL.org.mozilla.jss.netscape.security.x509.X500Name
Retrieves the issuer name of this certificate authority issuing point.Retrieves the default signing algorithm of this certificate authority.org.mozilla.jss.crypto.SignatureAlgorithm
Retrieves the default signature algorithm of this certificate authority.long
Retrieves the default validity period.org.mozilla.jss.crypto.X509Certificate
get Issuance Protection Certificateorg.mozilla.jss.crypto.PrivateKey
get Issuance Protection Private Keyget Issuance Protection Public Keyorg.mozilla.jss.netscape.security.x509.CertificateIssuerName
Retrieves the last serial number that can be used for certificate issuance in this certificate authority.long
Returns the in-memory count of the processed OCSP requests.long
Returns the in-memory time (in mini-second) of the processed time for OCSP requests.Retrieves the signing unit that manages the CA signing key for signing OCSP response.long
Returns the total data signed for OCSP requests.long
Returns the in-memory time (in mini-second) of the signing time for OCSP requests.Retrieves the policy processor of this certificate authority.Retrieves the Replica ID repository.getRequestListener
(String name) Retrieves the request listener by name.Retrieves all request listeners.get request notifierRetrieves the signing unit that manages the CA signing key for signing certificates.Retrieves the next available serial number.org.mozilla.jss.netscape.security.x509.CertificateSubjectName
org.mozilla.jss.netscape.security.x509.X500Name
Retrieves the issuer name of this certificate authority.boolean
isClone()
Is this a clone CA?boolean
Return whether this CA is the host authority (not a lightweight authority).boolean
isReady()
Return whether CA is ready to perform signing operations.void
Logs a message to this certificate authority.boolean
void
Publishes the CRL immediately for MasterCRL issuing point if it exists.void
registerRequestListener
(String name, IRequestListener listener) Registers a request listener.void
removeRequestListener
(IRequestListener listener) Removes a request listener.void
renewAuthority
(javax.servlet.http.HttpServletRequest httpReq) Renew certificate of CA.void
setBasicConstraintMaxLen
(int num) Sets the maximium path length in the basic constraint extension.void
setDefaultAlgorithm
(String algorithm) Sets the default signing algorithm of this certificate authority.void
setMaxSerial
(String serial) Sets the last serial number that can be used for certificate issuance in this certificate authority.void
setStartSerial
(String serial) Sets the next available serial number.org.mozilla.jss.netscape.security.x509.X509CertImpl
Signs a X.509 certificate template.org.mozilla.jss.netscape.security.x509.X509CRLImpl
Signs the given CRL with the specific algorithm.void
Updates the CRL immediately for MasterCRL issuing point if it exists.Methods inherited from interface com.netscape.certsrv.base.ISubsystem
getConfigStore, getId, init, setId, shutdown, startup
-
Field Details
-
ID
- See Also:
-
PROP_REGISTRATION
- See Also:
-
PROP_POLICY
- See Also:
-
PROP_GATEWAY
- See Also:
-
PROP_CLASS
- See Also:
-
PROP_TYPE
- See Also:
-
PROP_IMPL
- See Also:
-
PROP_PLUGIN
- See Also:
-
PROP_INSTANCE
- See Also:
-
PROP_LISTENER_SUBSTORE
- See Also:
-
PROP_LDAP_PUBLISH_SUBSTORE
- See Also:
-
PROP_ENABLE_PUBLISH
- See Also:
-
PROP_ENABLE_LDAP_PUBLISH
- See Also:
-
PROP_X509CERT_VERSION
- See Also:
-
PROP_ENABLE_PAST_CATIME
- See Also:
-
PROP_ENABLE_PAST_CATIME_CACERT
- See Also:
-
PROP_DEF_VALIDITY
- See Also:
-
PROP_FAST_SIGNING
- See Also:
-
PROP_ENABLE_ADMIN_ENROLL
- See Also:
-
PROP_CRL_SUBSTORE
- See Also:
-
PROP_CRL_PAGE_SIZE
- See Also:
-
PROP_MASTER_CRL
- See Also:
-
PROP_CRLEXT_SUBSTORE
- See Also:
-
PROP_ISSUING_CLASS
- See Also:
-
PROP_EXPIREDCERTS_CLASS
- See Also:
-
PROP_NOTIFY_SUBSTORE
- See Also:
-
PROP_CERT_ISSUED_SUBSTORE
- See Also:
-
PROP_CERT_REVOKED_SUBSTORE
- See Also:
-
PROP_REQ_IN_Q_SUBSTORE
- See Also:
-
PROP_PUB_QUEUE_SUBSTORE
- See Also:
-
PROP_ISSUER_NAME
- See Also:
-
PROP_CA_NAMES
- See Also:
-
PROP_SIGNING_SUBSTORE
- See Also:
-
PROP_ENABLE_OCSP
- See Also:
-
PROP_OCSP_SIGNING_SUBSTORE
- See Also:
-
PROP_CRL_SIGNING_SUBSTORE
- See Also:
-
PROP_ID
- See Also:
-
-
Method Details
-
getCertificateRepository
CertificateRepository getCertificateRepository()Retrieves the certificate repository where all the locally issued certificates are kept.- Returns:
- CA's certificate repository
-
getPolicyProcessor
IPolicyProcessor getPolicyProcessor()Retrieves the policy processor of this certificate authority.- Returns:
- CA's policy processor
-
allowExtCASignedAgentCerts
boolean allowExtCASignedAgentCerts() -
noncesEnabled
boolean noncesEnabled() -
getNonces
-
getStartSerial
String getStartSerial()Retrieves the next available serial number.- Returns:
- next available serial number
-
setStartSerial
Sets the next available serial number.- Parameters:
serial
- next available serial number- Throws:
EBaseException
- failed to set next available serial number
-
getMaxSerial
String getMaxSerial()Retrieves the last serial number that can be used for certificate issuance in this certificate authority.- Returns:
- the last serial number
-
setMaxSerial
Sets the last serial number that can be used for certificate issuance in this certificate authority.- Parameters:
serial
- the last serial number- Throws:
EBaseException
- failed to set the last serial number
-
getDefaultSignatureAlgorithm
org.mozilla.jss.crypto.SignatureAlgorithm getDefaultSignatureAlgorithm()Retrieves the default signature algorithm of this certificate authority.- Returns:
- the default signature algorithm of this CA
-
getDefaultAlgorithm
String getDefaultAlgorithm()Retrieves the default signing algorithm of this certificate authority.- Returns:
- the default signing algorithm of this CA
-
setDefaultAlgorithm
Sets the default signing algorithm of this certificate authority.- Parameters:
algorithm
- new default signing algorithm- Throws:
EBaseException
- failed to set the default signing algorithm
-
getCASigningAlgorithms
String[] getCASigningAlgorithms()Retrieves the supported signing algorithms of this certificate authority.- Returns:
- the supported signing algorithms of this CA
-
getDefaultValidity
long getDefaultValidity()Retrieves the default validity period.- Returns:
- the default validity length in days
-
addCRLIssuingPoint
Adds CRL issuing point with the given identifier and description.- Parameters:
crlSubStore
- sub-store with all CRL issuing pointsid
- CRL issuing point iddescription
- CRL issuing point description- Returns:
- true if CRL issuing point was successfully added
-
deleteCRLIssuingPoint
Deletes CRL issuing point with the given identifier.- Parameters:
crlSubStore
- sub-store with all CRL issuing pointsid
- CRL issuing point id
-
getReplicaRepository
ReplicaIDRepository getReplicaRepository()Retrieves the Replica ID repository.- Returns:
- CA's Replica ID repository
-
getRequestListenerNames
Enumeration<String> getRequestListenerNames()Retrieves all request listeners.- Returns:
- name enumeration of all request listeners
-
getCACertChain
org.mozilla.jss.netscape.security.x509.CertificateChain getCACertChain()Retrieves the CA certificate chain.- Returns:
- the CA certificate chain
-
getCaX509Cert
org.mozilla.jss.crypto.X509Certificate getCaX509Cert()Retrieves the CA certificate.- Returns:
- the CA certificate
-
getCACert
Retrieves the CA certificate.- Returns:
- the CA certificate
- Throws:
EBaseException
-
updateCRLNow
Updates the CRL immediately for MasterCRL issuing point if it exists.- Throws:
EBaseException
- failed to create or publish CRL
-
publishCRLNow
Publishes the CRL immediately for MasterCRL issuing point if it exists.- Throws:
EBaseException
- failed to publish CRL
-
getSigningUnit
SigningUnit getSigningUnit()Retrieves the signing unit that manages the CA signing key for signing certificates.- Returns:
- the CA signing unit for certificates
-
getCRLSigningUnit
SigningUnit getCRLSigningUnit()Retrieves the signing unit that manages the CA signing key for signing CRL.- Returns:
- the CA signing unit for CRLs
-
getOCSPSigningUnit
SigningUnit getOCSPSigningUnit()Retrieves the signing unit that manages the CA signing key for signing OCSP response.- Returns:
- the CA signing unit for OCSP responses
-
setBasicConstraintMaxLen
void setBasicConstraintMaxLen(int num) Sets the maximium path length in the basic constraint extension.- Parameters:
num
- the maximium path length
-
isClone
boolean isClone()Is this a clone CA?- Returns:
- true if this is a clone CA
-
getRequestListener
Retrieves the request listener by name.- Parameters:
name
- request listener name- Returns:
- the request listener
-
getRequestNotifier
IRequestNotifier getRequestNotifier()get request notifier -
removeRequestListener
Removes a request listener.- Parameters:
listener
- request listener to be removed
-
registerRequestListener
Registers a request listener.- Parameters:
name
- under request listener is going to be registeredlistener
- request listener to be registered
-
getX500Name
org.mozilla.jss.netscape.security.x509.X500Name getX500Name()Retrieves the issuer name of this certificate authority.- Returns:
- the issuer name of this certificate authority
-
getCRLX500Name
org.mozilla.jss.netscape.security.x509.X500Name getCRLX500Name()Retrieves the issuer name of this certificate authority issuing point.- Returns:
- the issuer name of this certificate authority issuing point
-
sign
org.mozilla.jss.netscape.security.x509.X509CRLImpl sign(org.mozilla.jss.netscape.security.x509.X509CRLImpl crl, String algname) throws EBaseException Signs the given CRL with the specific algorithm.- Parameters:
crl
- CRL to be signedalgname
- algorithm used for signing- Returns:
- signed CRL
- Throws:
EBaseException
- failed to sign CRL
-
log
Logs a message to this certificate authority.- Parameters:
level
- logging levelmsg
- logged message
-
sign
org.mozilla.jss.netscape.security.x509.X509CertImpl sign(org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo, String algname) throws EBaseException Signs a X.509 certificate template.- Parameters:
certInfo
- X.509 certificate templatealgname
- algorithm used for signing- Returns:
- signed certificate
- Throws:
EBaseException
- failed to sign certificate
-
getCAService
IService getCAService()Retrieves the CA service object that is responsible for processing requests.- Returns:
- CA service object
-
getNumOCSPRequest
long getNumOCSPRequest()Returns the in-memory count of the processed OCSP requests.- Returns:
- number of processed OCSP requests in memory
-
getOCSPRequestTotalTime
long getOCSPRequestTotalTime()Returns the in-memory time (in mini-second) of the processed time for OCSP requests.- Returns:
- processed times for OCSP requests
-
getOCSPTotalSignTime
long getOCSPTotalSignTime()Returns the in-memory time (in mini-second) of the signing time for OCSP requests.- Returns:
- processed times for OCSP requests
-
getOCSPTotalData
long getOCSPTotalData()Returns the total data signed for OCSP requests.- Returns:
- processed times for OCSP requests
-
getIssuerObj
org.mozilla.jss.netscape.security.x509.CertificateIssuerName getIssuerObj() -
getSubjectObj
org.mozilla.jss.netscape.security.x509.CertificateSubjectName getSubjectObj() -
isHostAuthority
boolean isHostAuthority()Return whether this CA is the host authority (not a lightweight authority). -
getAuthorityID
AuthorityID getAuthorityID()Get the AuthorityID of this CA. -
getAuthorityParentID
AuthorityID getAuthorityParentID()Get the AuthorityID of this CA's parent CA, if available. -
getAuthorityEnabled
boolean getAuthorityEnabled()Return whether CA is enabled. -
isReady
boolean isReady()Return whether CA is ready to perform signing operations. -
ensureReady
Throw an exception if CA is not ready to perform signing operations.- Throws:
ECAException
-
getAuthorityDescription
String getAuthorityDescription()Return CA description. May be null. -
renewAuthority
Renew certificate of CA.- Throws:
Exception
-
deleteAuthority
Delete this lightweight CA.- Throws:
EBaseException
-
getIssuanceProtPubKey
PublicKey getIssuanceProtPubKey()get Issuance Protection Public Key -
getIssuanceProtPrivKey
org.mozilla.jss.crypto.PrivateKey getIssuanceProtPrivKey()get Issuance Protection Private Key -
getIssuanceProtCert
org.mozilla.jss.crypto.X509Certificate getIssuanceProtCert()get Issuance Protection Certificate
-