Interface IKeyRecoveryAuthority

All Superinterfaces:
ISubsystem

public interface IKeyRecoveryAuthority extends ISubsystem
An interface represents key recovery authority. The key recovery authority is responsibile for archiving and recovering user encryption private keys.

Version:
$Revision$, $Date$
  • Field Details

  • Method Details

    • getX500Name

      org.mozilla.jss.netscape.security.x509.X500Name getX500Name()
      Returns the name of this subsystem.

      Returns:
      KRA name
    • getKeyRepository

      IKeyRepository getKeyRepository()
      Retrieves the key repository. The key repository stores archived keys.

    • getReplicaRepository

      ReplicaIDRepository getReplicaRepository()
      Retrieves the Replica ID repository.
      Returns:
      KRA's Replica ID repository
    • setAutoRecoveryState

      boolean setAutoRecoveryState(Credential[] cs, boolean on)
      Enables the auto recovery state. Once KRA is in the auto recovery state, no recovery agents need to be present for providing credentials. This feature is for enabling user-based recovery operation.

      Parameters:
      cs - list of agent credentials
      on - true if auto recovery state is on
      Returns:
      current auto recovery state
    • getAutoRecoveryState

      boolean getAutoRecoveryState()
      Returns the current auto recovery state.
      Returns:
      true if auto recvoery state is on
    • addAutoRecovery

      void addAutoRecovery(String id, Credential[] creds)
      Adds credentials to the given authorizated recovery operation. In distributed recovery mode, recovery agent login to the agent interface and submit its credential for a particular recovery operation.
      Parameters:
      id - authorization identifier
      creds - list of credentials
    • removeAutoRecovery

      void removeAutoRecovery(String id)
      Removes a particular auto recovery operation.
      Parameters:
      id - authorization identifier
    • getNoOfRequiredAgents

      int getNoOfRequiredAgents() throws EBaseException
      Returns the number of required agents. In M-out-of-N recovery schema, only M agents are required even there are N agents. This method returns M.
      Returns:
      number of required agents
      Throws:
      EBaseException
    • setNoOfRequiredAgents

      void setNoOfRequiredAgents(int number) throws EBaseException
      Sets the number of required recovery agents
      Parameters:
      number - number of agents
      Throws:
      EBaseException
    • getRecoveryID

      String getRecoveryID()
      Returns the current recovery identifier.
      Returns:
      recovery identifier
    • getAutoRecoveryIDs

      Enumeration<String> getAutoRecoveryIDs()
      Returns a list of recovery identifiers.
      Returns:
      list of auto recovery identifiers
    • getStorageKeyUnit

      IStorageKeyUnit getStorageKeyUnit()
      Returns the storage key unit that manages the stoarge key.
      Returns:
      storage key unit
    • getTransportKeyUnit

      ITransportKeyUnit getTransportKeyUnit()
      Returns the transport key unit that manages the transport key.
      Returns:
      transport key unit
    • getKeygenToken

      org.mozilla.jss.crypto.CryptoToken getKeygenToken()
      Returns the token that generates user key pairs for supporting server-side keygen
      Returns:
      keygen token
    • addEntropy

      void addEntropy(boolean logflag)
      Adds entropy to the token used for supporting server-side keygen Parameters are set in the config file
      Parameters:
      logflag - create log messages at info level to report entropy shortage
    • getRequestInQListener

      IRequestListener getRequestInQListener()
      Returns the request listener that listens on the request completion event.
      Returns:
      request listener
    • getPolicyProcessor

      IPolicyProcessor getPolicyProcessor()
      Returns policy processor of the key recovery authority.
      Returns:
      policy processor
    • getNickname

      String getNickname()
      Returns the nickname of the transport certificate.
      Returns:
      transport certificate nickname.
    • setNickname

      void setNickname(String str)
      Sets the nickname of the transport certificate.
      Parameters:
      str - nickname
    • getNewNickName

      String getNewNickName() throws EBaseException
      Returns the new nickname of the transport certifiate.
      Returns:
      new nickname
      Throws:
      EBaseException
    • setNewNickName

      void setNewNickName(String name)
      Sets the new nickname of the transport certifiate.
      Parameters:
      name - new nickname
    • createVolatileRequest

      Hashtable<String,Object> createVolatileRequest(RequestId id)
      Creates a request object to store attributes that will not be serialized. Currently, request queue framework will try to serialize all the attribute into persistent storage. Things like passwords are not desirable to be stored.
      Parameters:
      id - request id
      Returns:
      volatile requests
    • getVolatileRequest

      Hashtable<String,Object> getVolatileRequest(RequestId id)
      Retrieves the request object.
      Parameters:
      id - request id
      Returns:
      volatile requests
    • destroyVolatileRequest

      void destroyVolatileRequest(RequestId id)
      Destroys the request object.
      Parameters:
      id - request id
    • getAppAgents

      Vector<Credential> getAppAgents(String recoveryID) throws EBaseException
      Throws:
      EBaseException
    • createError

      void createError(String recoveryID, String error) throws EBaseException
      Creates error for a specific recovery operation.
      Parameters:
      recoveryID - recovery id
      error - error
      Throws:
      EBaseException - failed to create error
    • getError

      String getError(String recoveryID) throws EBaseException
      Retrieves error by recovery identifier.
      Parameters:
      recoveryID - recovery id
      Returns:
      error message
      Throws:
      EBaseException
    • getPk12

      byte[] getPk12(String recoveryID) throws EBaseException
      Retrieves PKCS12 package by recovery identifier.
      Parameters:
      recoveryID - recovery id
      Returns:
      pkcs12 package in bytes
      Throws:
      EBaseException
    • createPk12

      void createPk12(String recoveryID, byte[] pk12) throws EBaseException
      Creates PKCS12 package in memory.
      Parameters:
      recoveryID - recovery id
      pk12 - package in bytes
      Throws:
      EBaseException
    • getTransportCert

      org.mozilla.jss.crypto.X509Certificate getTransportCert()
      Retrieves the transport certificate.
    • processSynchronousRequest

      void processSynchronousRequest(Request request) throws EBaseException
      Process synchronous archival and recovery requests
      Throws:
      EBaseException
    • isEphemeral

      boolean isEphemeral(String realm)
      Are ephemeral requests enabled for SECURITY_DATA recovery and archival
      Parameters:
      realm - authz realm
    • isRetrievalSynchronous

      boolean isRetrievalSynchronous(String realm)
      Is the SECURITY_DATA retrieval synchronous?
      Parameters:
      realm -
    • generateKeyPair

      KeyPair generateKeyPair(String alg, int keySize, String keyCurve, org.mozilla.jss.crypto.PQGParams pqg, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usageList) throws EBaseException
      Generate an asymmetric key pair.
      Parameters:
      alg -
      keySize -
      keyCurve -
      pqg -
      usageList - - RSA only for now
      Returns:
      key pair
      Throws:
      EBaseException
    • generateKeyPair

      KeyPair generateKeyPair(String alg, int keySize, String keyCurve, org.mozilla.jss.crypto.PQGParams pqg, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usageList, boolean temporary) throws EBaseException
      Throws:
      EBaseException