Interface ICertificateAuthority

All Superinterfaces:
ISubsystem
public interface ICertificateAuthority extends ISubsystem
An interface represents a Certificate Authority that is responsible for certificate specific operations.

Version:
$Revision$, $Date$

  • Field Details

  • Method Details

    • getCertificateRepository

      CertificateRepository getCertificateRepository()
      Retrieves the certificate repository where all the locally issued certificates are kept.
      Returns:
      CA's certificate repository

    • getPolicyProcessor

      IPolicyProcessor getPolicyProcessor()
      Retrieves the policy processor of this certificate authority.
      Returns:
      CA's policy processor

    • allowExtCASignedAgentCerts

      boolean allowExtCASignedAgentCerts()

    • noncesEnabled

      boolean noncesEnabled()

    • getNonces

      Map<Object,Long> getNonces(javax.servlet.http.HttpServletRequest request, String name)

    • getStartSerial

      String getStartSerial()
      Retrieves the next available serial number.
      Returns:
      next available serial number

    • setStartSerial

      void setStartSerial(String serial) throws EBaseException
      Sets the next available serial number.
      Parameters:
      serial - next available serial number
      Throws:
      EBaseException - failed to set next available serial number

    • getMaxSerial

      String getMaxSerial()
      Retrieves the last serial number that can be used for certificate issuance in this certificate authority.
      Returns:
      the last serial number

    • setMaxSerial

      void setMaxSerial(String serial) throws EBaseException
      Sets the last serial number that can be used for certificate issuance in this certificate authority.
      Parameters:
      serial - the last serial number
      Throws:
      EBaseException - failed to set the last serial number

    • getDefaultSignatureAlgorithm

      org.mozilla.jss.crypto.SignatureAlgorithm getDefaultSignatureAlgorithm()
      Retrieves the default signature algorithm of this certificate authority.
      Returns:
      the default signature algorithm of this CA

    • getDefaultAlgorithm

      String getDefaultAlgorithm()
      Retrieves the default signing algorithm of this certificate authority.
      Returns:
      the default signing algorithm of this CA

    • setDefaultAlgorithm

      void setDefaultAlgorithm(String algorithm) throws EBaseException
      Sets the default signing algorithm of this certificate authority.
      Parameters:
      algorithm - new default signing algorithm
      Throws:
      EBaseException - failed to set the default signing algorithm

    • getCASigningAlgorithms

      String[] getCASigningAlgorithms()
      Retrieves the supported signing algorithms of this certificate authority.
      Returns:
      the supported signing algorithms of this CA

    • getDefaultValidity

      long getDefaultValidity()
      Retrieves the default validity period.
      Returns:
      the default validity length in days

    • addCRLIssuingPoint

      boolean addCRLIssuingPoint(IConfigStore crlSubStore, String id, boolean enable, String description)
      Adds CRL issuing point with the given identifier and description.
      Parameters:
      crlSubStore - sub-store with all CRL issuing points
      id - CRL issuing point id
      description - CRL issuing point description
      Returns:
      true if CRL issuing point was successfully added

    • deleteCRLIssuingPoint

      void deleteCRLIssuingPoint(IConfigStore crlSubStore, String id)
      Deletes CRL issuing point with the given identifier.
      Parameters:
      crlSubStore - sub-store with all CRL issuing points
      id - CRL issuing point id

    • getReplicaRepository

      ReplicaIDRepository getReplicaRepository()
      Retrieves the Replica ID repository.
      Returns:
      CA's Replica ID repository

    • getRequestListenerNames

      Enumeration<String> getRequestListenerNames()
      Retrieves all request listeners.
      Returns:
      name enumeration of all request listeners

    • getCACertChain

      org.mozilla.jss.netscape.security.x509.CertificateChain getCACertChain()
      Retrieves the CA certificate chain.
      Returns:
      the CA certificate chain

    • getCaX509Cert

      org.mozilla.jss.crypto.X509Certificate getCaX509Cert()
      Retrieves the CA certificate.
      Returns:
      the CA certificate

    • getCACert

      org.mozilla.jss.netscape.security.x509.X509CertImpl getCACert() throws EBaseException
      Retrieves the CA certificate.
      Returns:
      the CA certificate
      Throws:
      EBaseException

    • updateCRLNow

      void updateCRLNow() throws EBaseException
      Updates the CRL immediately for MasterCRL issuing point if it exists.
      Throws:
      EBaseException - failed to create or publish CRL

    • publishCRLNow

      void publishCRLNow() throws EBaseException
      Publishes the CRL immediately for MasterCRL issuing point if it exists.
      Throws:
      EBaseException - failed to publish CRL

    • getSigningUnit

      SigningUnit getSigningUnit()
      Retrieves the signing unit that manages the CA signing key for signing certificates.
      Returns:
      the CA signing unit for certificates

    • getCRLSigningUnit

      SigningUnit getCRLSigningUnit()
      Retrieves the signing unit that manages the CA signing key for signing CRL.
      Returns:
      the CA signing unit for CRLs

    • getOCSPSigningUnit

      SigningUnit getOCSPSigningUnit()
      Retrieves the signing unit that manages the CA signing key for signing OCSP response.
      Returns:
      the CA signing unit for OCSP responses

    • setBasicConstraintMaxLen

      void setBasicConstraintMaxLen(int num)
      Sets the maximium path length in the basic constraint extension.
      Parameters:
      num - the maximium path length

    • isClone

      boolean isClone()
      Is this a clone CA?
      Returns:
      true if this is a clone CA

    • getRequestListener

      IRequestListener getRequestListener(String name)
      Retrieves the request listener by name.
      Parameters:
      name - request listener name
      Returns:
      the request listener

    • getRequestNotifier

      IRequestNotifier getRequestNotifier()
      get request notifier

    • registerRequestListener

      void registerRequestListener(IRequestListener listener)
      Registers a request listener.
      Parameters:
      listener - request listener to be registered

    • registerRequestListener

      void registerRequestListener(String name, IRequestListener listener)
      Registers a request listener.
      Parameters:
      name - under request listener is going to be registered
      listener - request listener to be registered

    • getX500Name

      org.mozilla.jss.netscape.security.x509.X500Name getX500Name()
      Retrieves the issuer name of this certificate authority.
      Returns:
      the issuer name of this certificate authority

    • getCRLX500Name

      org.mozilla.jss.netscape.security.x509.X500Name getCRLX500Name()
      Retrieves the issuer name of this certificate authority issuing point.
      Returns:
      the issuer name of this certificate authority issuing point

    • sign

      org.mozilla.jss.netscape.security.x509.X509CRLImpl sign(org.mozilla.jss.netscape.security.x509.X509CRLImpl crl, String algname) throws EBaseException
      Signs the given CRL with the specific algorithm.
      Parameters:
      crl - CRL to be signed
      algname - algorithm used for signing
      Returns:
      signed CRL
      Throws:
      EBaseException - failed to sign CRL

    • log

      void log(int level, String msg)
      Logs a message to this certificate authority.
      Parameters:
      level - logging level
      msg - logged message

    • getNickname

      String getNickname()
      Returns the nickname for the CA signing certificate.
      Returns:
      the nickname for the CA signing certificate

    • sign

      org.mozilla.jss.netscape.security.x509.X509CertImpl sign(org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo, String algname) throws EBaseException
      Signs a X.509 certificate template.
      Parameters:
      certInfo - X.509 certificate template
      algname - algorithm used for signing
      Returns:
      signed certificate
      Throws:
      EBaseException - failed to sign certificate

    • getCAService

      IService getCAService()
      Retrieves the CA service object that is responsible for processing requests.
      Returns:
      CA service object

    • getNumOCSPRequest

      long getNumOCSPRequest()
      Returns the in-memory count of the processed OCSP requests.
      Returns:
      number of processed OCSP requests in memory

    • getOCSPRequestTotalTime

      long getOCSPRequestTotalTime()
      Returns the in-memory time (in mini-second) of the processed time for OCSP requests.
      Returns:
      processed times for OCSP requests

    • getOCSPTotalSignTime

      long getOCSPTotalSignTime()
      Returns the in-memory time (in mini-second) of the signing time for OCSP requests.
      Returns:
      processed times for OCSP requests

    • getOCSPTotalData

      long getOCSPTotalData()
      Returns the total data signed for OCSP requests.
      Returns:
      processed times for OCSP requests

    • getIssuerObj

      org.mozilla.jss.netscape.security.x509.CertificateIssuerName getIssuerObj()

    • getSubjectObj

      org.mozilla.jss.netscape.security.x509.CertificateSubjectName getSubjectObj()

    • isHostAuthority

      boolean isHostAuthority()
      Return whether this CA is the host authority (not a lightweight authority).

    • getAuthorityID

      AuthorityID getAuthorityID()
      Get the AuthorityID of this CA.

    • getAuthorityParentID

      AuthorityID getAuthorityParentID()
      Get the AuthorityID of this CA's parent CA, if available.

    • getAuthorityEnabled

      boolean getAuthorityEnabled()
      Return whether CA is enabled.

    • isReady

      boolean isReady()
      Return whether CA is ready to perform signing operations.

    • ensureReady

      void ensureReady() throws ECAException
      Throw an exception if CA is not ready to perform signing operations.
      Throws:
      ECAException

    • getAuthorityDescription

      String getAuthorityDescription()
      Return CA description. May be null.

    • renewAuthority

      void renewAuthority(javax.servlet.http.HttpServletRequest httpReq) throws Exception
      Renew certificate of CA.
      Throws:
      Exception

    • deleteAuthority

      void deleteAuthority(javax.servlet.http.HttpServletRequest httpReq) throws EBaseException
      Delete this lightweight CA.
      Throws:
      EBaseException

    • getIssuanceProtPubKey

      PublicKey getIssuanceProtPubKey()
      get Issuance Protection Public Key

    • getIssuanceProtPrivKey

      org.mozilla.jss.crypto.PrivateKey getIssuanceProtPrivKey()
      get Issuance Protection Private Key

    • getIssuanceProtCert

      org.mozilla.jss.crypto.X509Certificate getIssuanceProtCert()
      get Issuance Protection Certificate