Interface ICertificateAuthority

All Superinterfaces:
ISubsystem

public interface ICertificateAuthority extends ISubsystem
An interface represents a Certificate Authority that is responsible for certificate specific operations.

Version:
$Revision$, $Date$
  • Field Details

  • Method Details

    • getCertificateRepository

      CertificateRepository getCertificateRepository()
      Retrieves the certificate repository where all the locally issued certificates are kept.
      Returns:
      CA's certificate repository
    • getPolicyProcessor

      IPolicyProcessor getPolicyProcessor()
      Retrieves the policy processor of this certificate authority.
      Returns:
      CA's policy processor
    • allowExtCASignedAgentCerts

      boolean allowExtCASignedAgentCerts()
    • noncesEnabled

      boolean noncesEnabled()
    • getNonces

      Map<Object,Long> getNonces(javax.servlet.http.HttpServletRequest request, String name)
    • getStartSerial

      String getStartSerial()
      Retrieves the next available serial number.
      Returns:
      next available serial number
    • setStartSerial

      void setStartSerial(String serial) throws EBaseException
      Sets the next available serial number.
      Parameters:
      serial - next available serial number
      Throws:
      EBaseException - failed to set next available serial number
    • getMaxSerial

      String getMaxSerial()
      Retrieves the last serial number that can be used for certificate issuance in this certificate authority.
      Returns:
      the last serial number
    • setMaxSerial

      void setMaxSerial(String serial) throws EBaseException
      Sets the last serial number that can be used for certificate issuance in this certificate authority.
      Parameters:
      serial - the last serial number
      Throws:
      EBaseException - failed to set the last serial number
    • getDefaultSignatureAlgorithm

      org.mozilla.jss.crypto.SignatureAlgorithm getDefaultSignatureAlgorithm()
      Retrieves the default signature algorithm of this certificate authority.
      Returns:
      the default signature algorithm of this CA
    • getDefaultAlgorithm

      String getDefaultAlgorithm()
      Retrieves the default signing algorithm of this certificate authority.
      Returns:
      the default signing algorithm of this CA
    • setDefaultAlgorithm

      void setDefaultAlgorithm(String algorithm) throws EBaseException
      Sets the default signing algorithm of this certificate authority.
      Parameters:
      algorithm - new default signing algorithm
      Throws:
      EBaseException - failed to set the default signing algorithm
    • getCASigningAlgorithms

      String[] getCASigningAlgorithms()
      Retrieves the supported signing algorithms of this certificate authority.
      Returns:
      the supported signing algorithms of this CA
    • getDefaultValidity

      long getDefaultValidity()
      Retrieves the default validity period.
      Returns:
      the default validity length in days
    • addCRLIssuingPoint

      boolean addCRLIssuingPoint(ConfigStore crlSubStore, String id, boolean enable, String description)
      Adds CRL issuing point with the given identifier and description.
      Parameters:
      crlSubStore - sub-store with all CRL issuing points
      id - CRL issuing point id
      description - CRL issuing point description
      Returns:
      true if CRL issuing point was successfully added
    • deleteCRLIssuingPoint

      void deleteCRLIssuingPoint(ConfigStore crlSubStore, String id)
      Deletes CRL issuing point with the given identifier.
      Parameters:
      crlSubStore - sub-store with all CRL issuing points
      id - CRL issuing point id
    • getReplicaRepository

      ReplicaIDRepository getReplicaRepository()
      Retrieves the Replica ID repository.
      Returns:
      CA's Replica ID repository
    • getRequestListenerNames

      Enumeration<String> getRequestListenerNames()
      Retrieves all request listeners.
      Returns:
      name enumeration of all request listeners
    • getCACertChain

      org.mozilla.jss.netscape.security.x509.CertificateChain getCACertChain()
      Retrieves the CA certificate chain.
      Returns:
      the CA certificate chain
    • getCaX509Cert

      org.mozilla.jss.crypto.X509Certificate getCaX509Cert()
      Retrieves the CA certificate.
      Returns:
      the CA certificate
    • getCACert

      org.mozilla.jss.netscape.security.x509.X509CertImpl getCACert() throws EBaseException
      Retrieves the CA certificate.
      Returns:
      the CA certificate
      Throws:
      EBaseException
    • updateCRLNow

      void updateCRLNow() throws EBaseException
      Updates the CRL immediately for MasterCRL issuing point if it exists.
      Throws:
      EBaseException - failed to create or publish CRL
    • publishCRLNow

      void publishCRLNow() throws EBaseException
      Publishes the CRL immediately for MasterCRL issuing point if it exists.
      Throws:
      EBaseException - failed to publish CRL
    • getSigningUnit

      SigningUnit getSigningUnit()
      Retrieves the signing unit that manages the CA signing key for signing certificates.
      Returns:
      the CA signing unit for certificates
    • getCRLSigningUnit

      SigningUnit getCRLSigningUnit()
      Retrieves the signing unit that manages the CA signing key for signing CRL.
      Returns:
      the CA signing unit for CRLs
    • getOCSPSigningUnit

      SigningUnit getOCSPSigningUnit()
      Retrieves the signing unit that manages the CA signing key for signing OCSP response.
      Returns:
      the CA signing unit for OCSP responses
    • setBasicConstraintMaxLen

      void setBasicConstraintMaxLen(int num)
      Sets the maximium path length in the basic constraint extension.
      Parameters:
      num - the maximium path length
    • isClone

      boolean isClone()
      Is this a clone CA?
      Returns:
      true if this is a clone CA
    • getRequestListener

      IRequestListener getRequestListener(String name)
      Retrieves the request listener by name.
      Parameters:
      name - request listener name
      Returns:
      the request listener
    • getRequestNotifier

      IRequestNotifier getRequestNotifier()
      get request notifier
    • removeRequestListener

      void removeRequestListener(IRequestListener listener)
      Removes a request listener.
      Parameters:
      listener - request listener to be removed
    • registerRequestListener

      void registerRequestListener(String name, IRequestListener listener)
      Registers a request listener.
      Parameters:
      name - under request listener is going to be registered
      listener - request listener to be registered
    • getX500Name

      org.mozilla.jss.netscape.security.x509.X500Name getX500Name()
      Retrieves the issuer name of this certificate authority.
      Returns:
      the issuer name of this certificate authority
    • getCRLX500Name

      org.mozilla.jss.netscape.security.x509.X500Name getCRLX500Name()
      Retrieves the issuer name of this certificate authority issuing point.
      Returns:
      the issuer name of this certificate authority issuing point
    • sign

      org.mozilla.jss.netscape.security.x509.X509CRLImpl sign(org.mozilla.jss.netscape.security.x509.X509CRLImpl crl, String algname) throws EBaseException
      Signs the given CRL with the specific algorithm.
      Parameters:
      crl - CRL to be signed
      algname - algorithm used for signing
      Returns:
      signed CRL
      Throws:
      EBaseException - failed to sign CRL
    • log

      void log(int level, String msg)
      Logs a message to this certificate authority.
      Parameters:
      level - logging level
      msg - logged message
    • sign

      org.mozilla.jss.netscape.security.x509.X509CertImpl sign(org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo, String algname) throws EBaseException
      Signs a X.509 certificate template.
      Parameters:
      certInfo - X.509 certificate template
      algname - algorithm used for signing
      Returns:
      signed certificate
      Throws:
      EBaseException - failed to sign certificate
    • getCAService

      IService getCAService()
      Retrieves the CA service object that is responsible for processing requests.
      Returns:
      CA service object
    • getNumOCSPRequest

      long getNumOCSPRequest()
      Returns the in-memory count of the processed OCSP requests.
      Returns:
      number of processed OCSP requests in memory
    • getOCSPRequestTotalTime

      long getOCSPRequestTotalTime()
      Returns the in-memory time (in mini-second) of the processed time for OCSP requests.
      Returns:
      processed times for OCSP requests
    • getOCSPTotalSignTime

      long getOCSPTotalSignTime()
      Returns the in-memory time (in mini-second) of the signing time for OCSP requests.
      Returns:
      processed times for OCSP requests
    • getOCSPTotalData

      long getOCSPTotalData()
      Returns the total data signed for OCSP requests.
      Returns:
      processed times for OCSP requests
    • getIssuerObj

      org.mozilla.jss.netscape.security.x509.CertificateIssuerName getIssuerObj()
    • getSubjectObj

      org.mozilla.jss.netscape.security.x509.CertificateSubjectName getSubjectObj()
    • isHostAuthority

      boolean isHostAuthority()
      Return whether this CA is the host authority (not a lightweight authority).
    • getAuthorityID

      AuthorityID getAuthorityID()
      Get the AuthorityID of this CA.
    • getAuthorityParentID

      AuthorityID getAuthorityParentID()
      Get the AuthorityID of this CA's parent CA, if available.
    • getAuthorityEnabled

      boolean getAuthorityEnabled()
      Return whether CA is enabled.
    • isReady

      boolean isReady()
      Return whether CA is ready to perform signing operations.
    • ensureReady

      void ensureReady() throws ECAException
      Throw an exception if CA is not ready to perform signing operations.
      Throws:
      ECAException
    • getAuthorityDescription

      String getAuthorityDescription()
      Return CA description. May be null.
    • renewAuthority

      void renewAuthority(javax.servlet.http.HttpServletRequest httpReq) throws Exception
      Renew certificate of CA.
      Throws:
      Exception
    • deleteAuthority

      void deleteAuthority(javax.servlet.http.HttpServletRequest httpReq) throws EBaseException
      Delete this lightweight CA.
      Throws:
      EBaseException
    • getIssuanceProtPubKey

      PublicKey getIssuanceProtPubKey()
      get Issuance Protection Public Key
    • getIssuanceProtPrivKey

      org.mozilla.jss.crypto.PrivateKey getIssuanceProtPrivKey()
      get Issuance Protection Private Key
    • getIssuanceProtCert

      org.mozilla.jss.crypto.X509Certificate getIssuanceProtCert()
      get Issuance Protection Certificate