Package com.netscape.certsrv.kra
Interface IKeyRecoveryAuthority
- All Superinterfaces:
ISubsystem
An interface represents key recovery authority. The
key recovery authority is responsibile for archiving
and recovering user encryption private keys.
- Version:
- $Revision$, $Date$
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
-
Method Summary
Modifier and TypeMethodDescriptionvoid
addAutoRecovery
(String id, Credential[] creds) Adds credentials to the given authorizated recovery operation.void
addEntropy
(boolean logflag) Adds entropy to the token used for supporting server-side keygen Parameters are set in the config filevoid
createError
(String recoveryID, String error) Creates error for a specific recovery operation.void
createPk12
(String recoveryID, byte[] pk12) Creates PKCS12 package in memory.Creates a request object to store attributes that will not be serialized.void
Destroys the request object.generateKeyPair
(String alg, int keySize, String keyCurve, org.mozilla.jss.crypto.PQGParams pqg, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usageList) Generate an asymmetric key pair.generateKeyPair
(String alg, int keySize, String keyCurve, org.mozilla.jss.crypto.PQGParams pqg, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usageList, boolean temporary) getAppAgents
(String recoveryID) Returns a list of recovery identifiers.boolean
Returns the current auto recovery state.Retrieves error by recovery identifier.org.mozilla.jss.crypto.CryptoToken
Returns the token that generates user key pairs for supporting server-side keygenRetrieves the key repository.Returns the new nickname of the transport certifiate.Returns the nickname of the transport certificate.int
Returns the number of required agents.byte[]
Retrieves PKCS12 package by recovery identifier.Returns policy processor of the key recovery authority.Returns the current recovery identifier.Retrieves the Replica ID repository.Returns the request listener that listens on the request completion event.Returns the storage key unit that manages the stoarge key.org.mozilla.jss.crypto.X509Certificate
Retrieves the transport certificate.Returns the transport key unit that manages the transport key.Retrieves the request object.org.mozilla.jss.netscape.security.x509.X500Name
Returns the name of this subsystem.boolean
isEphemeral
(String realm) Are ephemeral requests enabled for SECURITY_DATA recovery and archivalboolean
isRetrievalSynchronous
(String realm) Is the SECURITY_DATA retrieval synchronous?void
processSynchronousRequest
(Request request) Process synchronous archival and recovery requestsvoid
Removes a particular auto recovery operation.boolean
setAutoRecoveryState
(Credential[] cs, boolean on) Enables the auto recovery state.void
setNewNickName
(String name) Sets the new nickname of the transport certifiate.void
setNickname
(String str) Sets the nickname of the transport certificate.void
setNoOfRequiredAgents
(int number) Sets the number of required recovery agentsMethods inherited from interface com.netscape.certsrv.base.ISubsystem
getConfigStore, getId, init, setId, shutdown, startup
-
Field Details
-
ID
- See Also:
-
PROP_NAME
- See Also:
-
PROP_HTTP
- See Also:
-
PROP_POLICY
- See Also:
-
PROP_TOKEN
- See Also:
-
PROP_SHARE
- See Also:
-
PROP_PROTECTOR
- See Also:
-
PROP_LOGGING
- See Also:
-
PROP_QUEUE_REQUESTS
- See Also:
-
PROP_STORAGE_KEY
- See Also:
-
PROP_TRANSPORT_KEY
- See Also:
-
PROP_NEW_NICKNAME
- See Also:
-
PROP_KEYDB_INC
- See Also:
-
PROP_NOTIFY_SUBSTORE
- See Also:
-
PROP_REQ_IN_Q_SUBSTORE
- See Also:
-
-
Method Details
-
getX500Name
org.mozilla.jss.netscape.security.x509.X500Name getX500Name()Returns the name of this subsystem.- Returns:
- KRA name
-
getKeyRepository
IKeyRepository getKeyRepository()Retrieves the key repository. The key repository stores archived keys. -
getReplicaRepository
ReplicaIDRepository getReplicaRepository()Retrieves the Replica ID repository.- Returns:
- KRA's Replica ID repository
-
setAutoRecoveryState
Enables the auto recovery state. Once KRA is in the auto recovery state, no recovery agents need to be present for providing credentials. This feature is for enabling user-based recovery operation.- Parameters:
cs
- list of agent credentialson
- true if auto recovery state is on- Returns:
- current auto recovery state
-
getAutoRecoveryState
boolean getAutoRecoveryState()Returns the current auto recovery state.- Returns:
- true if auto recvoery state is on
-
addAutoRecovery
Adds credentials to the given authorizated recovery operation. In distributed recovery mode, recovery agent login to the agent interface and submit its credential for a particular recovery operation.- Parameters:
id
- authorization identifiercreds
- list of credentials
-
removeAutoRecovery
Removes a particular auto recovery operation.- Parameters:
id
- authorization identifier
-
getNoOfRequiredAgents
Returns the number of required agents. In M-out-of-N recovery schema, only M agents are required even there are N agents. This method returns M.- Returns:
- number of required agents
- Throws:
EBaseException
-
setNoOfRequiredAgents
Sets the number of required recovery agents- Parameters:
number
- number of agents- Throws:
EBaseException
-
getRecoveryID
String getRecoveryID()Returns the current recovery identifier.- Returns:
- recovery identifier
-
getAutoRecoveryIDs
Enumeration<String> getAutoRecoveryIDs()Returns a list of recovery identifiers.- Returns:
- list of auto recovery identifiers
-
getStorageKeyUnit
IStorageKeyUnit getStorageKeyUnit()Returns the storage key unit that manages the stoarge key.- Returns:
- storage key unit
-
getTransportKeyUnit
ITransportKeyUnit getTransportKeyUnit()Returns the transport key unit that manages the transport key.- Returns:
- transport key unit
-
getKeygenToken
org.mozilla.jss.crypto.CryptoToken getKeygenToken()Returns the token that generates user key pairs for supporting server-side keygen- Returns:
- keygen token
-
addEntropy
void addEntropy(boolean logflag) Adds entropy to the token used for supporting server-side keygen Parameters are set in the config file- Parameters:
logflag
- create log messages at info level to report entropy shortage
-
getRequestInQListener
IRequestListener getRequestInQListener()Returns the request listener that listens on the request completion event.- Returns:
- request listener
-
getPolicyProcessor
IPolicyProcessor getPolicyProcessor()Returns policy processor of the key recovery authority.- Returns:
- policy processor
-
getNickname
String getNickname()Returns the nickname of the transport certificate.- Returns:
- transport certificate nickname.
-
setNickname
Sets the nickname of the transport certificate.- Parameters:
str
- nickname
-
getNewNickName
Returns the new nickname of the transport certifiate.- Returns:
- new nickname
- Throws:
EBaseException
-
setNewNickName
Sets the new nickname of the transport certifiate.- Parameters:
name
- new nickname
-
createVolatileRequest
Creates a request object to store attributes that will not be serialized. Currently, request queue framework will try to serialize all the attribute into persistent storage. Things like passwords are not desirable to be stored.- Parameters:
id
- request id- Returns:
- volatile requests
-
getVolatileRequest
Retrieves the request object.- Parameters:
id
- request id- Returns:
- volatile requests
-
destroyVolatileRequest
Destroys the request object.- Parameters:
id
- request id
-
getAppAgents
- Throws:
EBaseException
-
createError
Creates error for a specific recovery operation.- Parameters:
recoveryID
- recovery iderror
- error- Throws:
EBaseException
- failed to create error
-
getError
Retrieves error by recovery identifier.- Parameters:
recoveryID
- recovery id- Returns:
- error message
- Throws:
EBaseException
-
getPk12
Retrieves PKCS12 package by recovery identifier.- Parameters:
recoveryID
- recovery id- Returns:
- pkcs12 package in bytes
- Throws:
EBaseException
-
createPk12
Creates PKCS12 package in memory.- Parameters:
recoveryID
- recovery idpk12
- package in bytes- Throws:
EBaseException
-
getTransportCert
org.mozilla.jss.crypto.X509Certificate getTransportCert()Retrieves the transport certificate. -
processSynchronousRequest
Process synchronous archival and recovery requests- Throws:
EBaseException
-
isEphemeral
Are ephemeral requests enabled for SECURITY_DATA recovery and archival- Parameters:
realm
- authz realm
-
isRetrievalSynchronous
Is the SECURITY_DATA retrieval synchronous?- Parameters:
realm
-
-
generateKeyPair
KeyPair generateKeyPair(String alg, int keySize, String keyCurve, org.mozilla.jss.crypto.PQGParams pqg, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usageList) throws EBaseException Generate an asymmetric key pair.- Parameters:
alg
-keySize
-keyCurve
-pqg
-usageList
- - RSA only for now- Returns:
- key pair
- Throws:
EBaseException
-
generateKeyPair
KeyPair generateKeyPair(String alg, int keySize, String keyCurve, org.mozilla.jss.crypto.PQGParams pqg, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usageList, boolean temporary) throws EBaseException - Throws:
EBaseException
-