com.netscape.certsrv.ca

Interface ICertificateAuthority

All Superinterfaces:

ISubsystem

public interface ICertificateAuthority
extends ISubsystem

An interface represents a Certificate Authority that is responsible for certificate specific operations.

Version:

$Revision$, $Date$

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	ID
static java.lang.String	PROP_CA_CERT
static java.lang.String	PROP_CA_CHAIN
static java.lang.String	PROP_CA_CHAIN_NUM
static java.lang.String	PROP_CA_NAMES
static java.lang.String	PROP_CERT_ISSUED_SUBSTORE
static java.lang.String	PROP_CERT_REVOKED_SUBSTORE
static java.lang.String	PROP_CERTDB_INC
static java.lang.String	PROP_CERTDB_TRANS_MAXRECORDS
static java.lang.String	PROP_CERTDB_TRANS_PAGESIZE
static java.lang.String	PROP_CLASS
static java.lang.String	PROP_CRL_PAGE_SIZE
static java.lang.String	PROP_CRL_SIGNING_SUBSTORE
static java.lang.String	PROP_CRL_SUBSTORE
static java.lang.String	PROP_CRLDB_INC
static java.lang.String	PROP_CRLEXT_SUBSTORE
static java.lang.String	PROP_DBS_SUBSTORE
static java.lang.String	PROP_DEF_VALIDITY
static java.lang.String	PROP_ENABLE_ADMIN_ENROLL
static java.lang.String	PROP_ENABLE_LDAP_PUBLISH
static java.lang.String	PROP_ENABLE_OCSP
static java.lang.String	PROP_ENABLE_PAST_CATIME
static java.lang.String	PROP_ENABLE_PUBLISH
static java.lang.String	PROP_EXPIREDCERTS_CLASS
static java.lang.String	PROP_FAST_SIGNING
static java.lang.String	PROP_GATEWAY
static java.lang.String	PROP_ID
static java.lang.String	PROP_IMPL
static java.lang.String	PROP_INSTANCE
static java.lang.String	PROP_ISSUER_NAME
static java.lang.String	PROP_ISSUING_CLASS
static java.lang.String	PROP_LDAP_PUBLISH_SUBSTORE
static java.lang.String	PROP_LISTENER_SUBSTORE
static java.lang.String	PROP_MASTER_CRL
static java.lang.String	PROP_NOTIFY_SUBSTORE
static java.lang.String	PROP_OCSP_SIGNING_SUBSTORE
static java.lang.String	PROP_PLUGIN
static java.lang.String	PROP_POLICY
static java.lang.String	PROP_PUB_QUEUE_SUBSTORE
static java.lang.String	PROP_PUBLISH_SUBSTORE
static java.lang.String	PROP_REGISTRATION
static java.lang.String	PROP_REQ_IN_Q_SUBSTORE
static java.lang.String	PROP_SIGNING_SUBSTORE
static java.lang.String	PROP_TYPE
static java.lang.String	PROP_X509CERT_VERSION

Method Summary

Modifier and Type	Method and Description
boolean	addCRLIssuingPoint(IConfigStore crlSubStore, java.lang.String id, boolean enable, java.lang.String description) Adds CRL issuing point with the given identifier and description.
ICertificateAuthority	createCA(IAuthToken authToken, java.lang.String dn, AuthorityID parentAID, java.lang.String desc) Create a new sub-CA under the specified parent CA.
ICertificateAuthority	createSubCA(IAuthToken authToken, java.lang.String dn, java.lang.String desc) Create a new sub-CA IMMEDIATELY beneath this one.
void	deleteAuthority() Delete this lightweight CA.
void	deleteCRLIssuingPoint(IConfigStore crlSubStore, java.lang.String id) Deletes CRL issuing point with the given identifier.
void	ensureReady() Throw an exception if CA is not ready to perform signing operations.
java.lang.String	getAuthorityDescription() Return CA description.
boolean	getAuthorityEnabled() Return whether CA is enabled.
AuthorityID	getAuthorityID() Get the AuthorityID of this CA.
AuthorityID	getAuthorityParentID() Get the AuthorityID of this CA's parent CA, if available.
ICertificateAuthority	getCA(AuthorityID aid) Get the CA by ID.
ICertificateAuthority	getCA(netscape.security.x509.X500Name dn) Get the CA by DN.
netscape.security.x509.X509CertImpl	getCACert() Retrieves the CA certificate.
netscape.security.x509.CertificateChain	getCACertChain() Retrieves the CA certificate chain.
java.util.List<ICertificateAuthority>	getCAs() Enumerate all authorities, including host authority.
IService	getCAService() Retrieves the CA service object that is responsible for processing requests.
java.lang.String[]	getCASigningAlgorithms() Retrieves the supported signing algorithms of this certificate authority.
org.mozilla.jss.crypto.X509Certificate	getCaX509Cert() Retrieves the CA certificate.
ICertificateRepository	getCertificateRepository() Retrieves the certificate repository where all the locally issued certificates are kept.
IRequestListener	getCertIssuedListener() Retrieves the request listener for issued certificates.
IRequestListener	getCertRevokedListener() Retrieves the request listener for revoked certificates.
ICRLIssuingPoint	getCRLIssuingPoint(java.lang.String id) Retrieves CRL issuing point with the given identifier.
java.util.Enumeration<ICRLIssuingPoint>	getCRLIssuingPoints() Retrieves all the CRL issuing points.
ICRLRepository	getCRLRepository() Retrieves the CRL repository.
ISigningUnit	getCRLSigningUnit() Retrieves the signing unit that manages the CA signing key for signing CRL.
netscape.security.x509.X500Name	getCRLX500Name() Retrieves the issuer name of this certificate authority issuing point.
IDBSubsystem	getDBSubsystem() Retrieves the DB subsystem managing internal data storage.
java.lang.String	getDefaultAlgorithm() Retrieves the default signing algorithm of this certificate authority.
netscape.security.x509.CertificateVersion	getDefaultCertVersion() Retrieves the default certificate version.
org.mozilla.jss.crypto.SignatureAlgorithm	getDefaultSignatureAlgorithm() Retrieves the default signature algorithm of this certificate authority.
long	getDefaultValidity() Retrieves the default validity period.
netscape.security.x509.CertificateIssuerName	getIssuerObj()
java.lang.String	getMaxSerial() Retrieves the last serial number that can be used for certificate issuance in this certificate authority.
java.lang.String	getNickname() Returns the nickname for the CA signing certificate.
java.util.Map<java.lang.Object,java.lang.Long>	getNonces(javax.servlet.http.HttpServletRequest request, java.lang.String name)
long	getNumOCSPRequest() Returns the in-memory count of the processed OCSP requests.
long	getOCSPRequestTotalTime() Returns the in-memory time (in mini-second) of the processed time for OCSP requests.
ISigningUnit	getOCSPSigningUnit() Retrieves the signing unit that manages the CA signing key for signing OCSP response.
long	getOCSPTotalData() Returns the total data signed for OCSP requests.
long	getOCSPTotalSignTime() Returns the in-memory time (in mini-second) of the signing time for OCSP requests.
IPolicyProcessor	getPolicyProcessor() Deprecated.
IPublisherProcessor	getPublisherProcessor() Retrieves the publishing processor of this certificate authority.
IReplicaIDRepository	getReplicaRepository() Retrieves the Replica ID repository.
IRequestListener	getRequestInQListener() Retrieves the request in queue listener.
IRequestListener	getRequestListener(java.lang.String name) Retrieves the request listener by name.
java.util.Enumeration<java.lang.String>	getRequestListenerNames() Retrieves all request listeners.
IRequestNotifier	getRequestNotifier() get request notifier
IRequestQueue	getRequestQueue() Retrieves the request queue of this certificate authority.
ISigningUnit	getSigningUnit() Retrieves the signing unit that manages the CA signing key for signing certificates.
java.lang.String	getStartSerial() Retrieves the next available serial number.
netscape.security.x509.CertificateSubjectName	getSubjectObj()
netscape.security.x509.X500Name	getX500Name() Retrieves the issuer name of this certificate authority.
boolean	isClone() Is this a clone CA?
boolean	isEnablePastCATime() Is this CA allowed to issue certificate that has longer validty than the CA's.
boolean	isHostAuthority() Return whether this CA is the host authority (not a lightweight authority).
boolean	isReady() Return whether CA is ready to perform signing operations.
void	log(int level, java.lang.String msg) Logs a message to this certificate authority.
void	modifyAuthority(java.lang.Boolean enabled, java.lang.String desc) Update authority configurables.
boolean	noncesEnabled()
void	publishCRLNow() Publishes the CRL immediately for MasterCRL issuing point if it exists.
void	registerRequestListener(IRequestListener listener) Registers a request listener.
void	registerRequestListener(java.lang.String name, IRequestListener listener) Registers a request listener.
void	renewAuthority(javax.servlet.http.HttpServletRequest httpReq) Renew certificate of CA.
void	setBasicConstraintMaxLen(int num) Sets the maximium path length in the basic constraint extension.
void	setDefaultAlgorithm(java.lang.String algorithm) Sets the default signing algorithm of this certificate authority.
void	setMaxSerial(java.lang.String serial) Sets the last serial number that can be used for certificate issuance in this certificate authority.
void	setStartSerial(java.lang.String serial) Sets the next available serial number.
void	setValidity(java.lang.String enableCAPast) Allows certificates to have validities that are longer than this certificate authority's.
netscape.security.x509.X509CertImpl	sign(netscape.security.x509.X509CertInfo certInfo, java.lang.String algname) Signs a X.509 certificate template.
netscape.security.x509.X509CRLImpl	sign(netscape.security.x509.X509CRLImpl crl, java.lang.String algname) Signs the given CRL with the specific algorithm.
void	updateCRLNow() Updates the CRL immediately for MasterCRL issuing point if it exists.

Methods inherited from interface com.netscape.certsrv.base.ISubsystem

getConfigStore, getId, init, setId, shutdown, startup

Field Detail

ID

static final java.lang.String ID

See Also:

Constant Field Values

PROP_CERTDB_INC

static final java.lang.String PROP_CERTDB_INC

See Also:

Constant Field Values

PROP_CRLDB_INC

static final java.lang.String PROP_CRLDB_INC

See Also:

Constant Field Values

PROP_REGISTRATION

static final java.lang.String PROP_REGISTRATION

See Also:

Constant Field Values

PROP_POLICY

static final java.lang.String PROP_POLICY

See Also:

Constant Field Values

PROP_GATEWAY

static final java.lang.String PROP_GATEWAY

See Also:

Constant Field Values

PROP_CLASS

static final java.lang.String PROP_CLASS

See Also:

Constant Field Values

PROP_TYPE

static final java.lang.String PROP_TYPE

See Also:

Constant Field Values

PROP_IMPL

static final java.lang.String PROP_IMPL

See Also:

Constant Field Values

PROP_PLUGIN

static final java.lang.String PROP_PLUGIN

See Also:

Constant Field Values

PROP_INSTANCE

static final java.lang.String PROP_INSTANCE

See Also:

Constant Field Values

PROP_LISTENER_SUBSTORE

static final java.lang.String PROP_LISTENER_SUBSTORE

See Also:

Constant Field Values

PROP_LDAP_PUBLISH_SUBSTORE

static final java.lang.String PROP_LDAP_PUBLISH_SUBSTORE

See Also:

Constant Field Values

PROP_PUBLISH_SUBSTORE

static final java.lang.String PROP_PUBLISH_SUBSTORE

See Also:

Constant Field Values

PROP_ENABLE_PUBLISH

static final java.lang.String PROP_ENABLE_PUBLISH

See Also:

Constant Field Values

PROP_ENABLE_LDAP_PUBLISH

static final java.lang.String PROP_ENABLE_LDAP_PUBLISH

See Also:

Constant Field Values

PROP_X509CERT_VERSION

static final java.lang.String PROP_X509CERT_VERSION

See Also:

Constant Field Values

PROP_ENABLE_PAST_CATIME

static final java.lang.String PROP_ENABLE_PAST_CATIME

See Also:

Constant Field Values

PROP_DEF_VALIDITY

static final java.lang.String PROP_DEF_VALIDITY

See Also:

Constant Field Values

PROP_FAST_SIGNING

static final java.lang.String PROP_FAST_SIGNING

See Also:

Constant Field Values

PROP_ENABLE_ADMIN_ENROLL

static final java.lang.String PROP_ENABLE_ADMIN_ENROLL

See Also:

Constant Field Values

PROP_CRL_SUBSTORE

static final java.lang.String PROP_CRL_SUBSTORE

See Also:

Constant Field Values

PROP_CRL_PAGE_SIZE

static final java.lang.String PROP_CRL_PAGE_SIZE

See Also:

Constant Field Values

PROP_MASTER_CRL

static final java.lang.String PROP_MASTER_CRL

See Also:

Constant Field Values

PROP_CRLEXT_SUBSTORE

static final java.lang.String PROP_CRLEXT_SUBSTORE

See Also:

Constant Field Values

PROP_ISSUING_CLASS

static final java.lang.String PROP_ISSUING_CLASS

See Also:

Constant Field Values

PROP_EXPIREDCERTS_CLASS

static final java.lang.String PROP_EXPIREDCERTS_CLASS

See Also:

Constant Field Values

PROP_NOTIFY_SUBSTORE

static final java.lang.String PROP_NOTIFY_SUBSTORE

See Also:

Constant Field Values

PROP_CERT_ISSUED_SUBSTORE

static final java.lang.String PROP_CERT_ISSUED_SUBSTORE

See Also:

Constant Field Values

PROP_CERT_REVOKED_SUBSTORE

static final java.lang.String PROP_CERT_REVOKED_SUBSTORE

See Also:

Constant Field Values

PROP_REQ_IN_Q_SUBSTORE

static final java.lang.String PROP_REQ_IN_Q_SUBSTORE

See Also:

Constant Field Values

PROP_PUB_QUEUE_SUBSTORE

static final java.lang.String PROP_PUB_QUEUE_SUBSTORE

See Also:

Constant Field Values

PROP_ISSUER_NAME

static final java.lang.String PROP_ISSUER_NAME

See Also:

Constant Field Values

PROP_CA_NAMES

static final java.lang.String PROP_CA_NAMES

See Also:

Constant Field Values

PROP_DBS_SUBSTORE

static final java.lang.String PROP_DBS_SUBSTORE

See Also:

Constant Field Values

PROP_SIGNING_SUBSTORE

static final java.lang.String PROP_SIGNING_SUBSTORE

See Also:

Constant Field Values

PROP_CA_CHAIN_NUM

static final java.lang.String PROP_CA_CHAIN_NUM

See Also:

Constant Field Values

PROP_CA_CHAIN

static final java.lang.String PROP_CA_CHAIN

See Also:

Constant Field Values

PROP_CA_CERT

static final java.lang.String PROP_CA_CERT

See Also:

Constant Field Values

PROP_ENABLE_OCSP

static final java.lang.String PROP_ENABLE_OCSP

See Also:

Constant Field Values

PROP_OCSP_SIGNING_SUBSTORE

static final java.lang.String PROP_OCSP_SIGNING_SUBSTORE

See Also:

Constant Field Values

PROP_CRL_SIGNING_SUBSTORE

static final java.lang.String PROP_CRL_SIGNING_SUBSTORE

See Also:

Constant Field Values

PROP_ID

static final java.lang.String PROP_ID

See Also:

Constant Field Values

PROP_CERTDB_TRANS_MAXRECORDS

static final java.lang.String PROP_CERTDB_TRANS_MAXRECORDS

See Also:

Constant Field Values

PROP_CERTDB_TRANS_PAGESIZE

static final java.lang.String PROP_CERTDB_TRANS_PAGESIZE

See Also:

Constant Field Values

Method Detail

getCertificateRepository

ICertificateRepository getCertificateRepository()

Retrieves the certificate repository where all the locally issued certificates are kept.

Returns:

CA's certificate repository

getRequestQueue

IRequestQueue getRequestQueue()

Retrieves the request queue of this certificate authority.

Returns:

CA's request queue

getPolicyProcessor

IPolicyProcessor getPolicyProcessor()

Deprecated.

Retrieves the policy processor of this certificate authority.

Returns:

CA's policy processor

noncesEnabled

boolean noncesEnabled()

getNonces

java.util.Map<java.lang.Object,java.lang.Long> getNonces(javax.servlet.http.HttpServletRequest request,
                                                         java.lang.String name)

getPublisherProcessor

IPublisherProcessor getPublisherProcessor()

Retrieves the publishing processor of this certificate authority.

Returns:

CA's publishing processor

getStartSerial

java.lang.String getStartSerial()

Retrieves the next available serial number.

Returns:

next available serial number

setStartSerial

void setStartSerial(java.lang.String serial)
             throws EBaseException

Sets the next available serial number.

Parameters:

serial - next available serial number

Throws:

EBaseException - failed to set next available serial number

getMaxSerial

java.lang.String getMaxSerial()

Retrieves the last serial number that can be used for certificate issuance in this certificate authority.

Returns:

the last serial number

setMaxSerial

void setMaxSerial(java.lang.String serial)
           throws EBaseException

Sets the last serial number that can be used for certificate issuance in this certificate authority.

Parameters:

serial - the last serial number

Throws:

EBaseException - failed to set the last serial number

getDefaultSignatureAlgorithm

org.mozilla.jss.crypto.SignatureAlgorithm getDefaultSignatureAlgorithm()

Retrieves the default signature algorithm of this certificate authority.

Returns:

the default signature algorithm of this CA

getDefaultAlgorithm

java.lang.String getDefaultAlgorithm()

Retrieves the default signing algorithm of this certificate authority.

Returns:

the default signing algorithm of this CA

setDefaultAlgorithm

void setDefaultAlgorithm(java.lang.String algorithm)
                  throws EBaseException

Sets the default signing algorithm of this certificate authority.

Parameters:

algorithm - new default signing algorithm

Throws:

EBaseException - failed to set the default signing algorithm

getCASigningAlgorithms

java.lang.String[] getCASigningAlgorithms()

Retrieves the supported signing algorithms of this certificate authority.

Returns:

the supported signing algorithms of this CA

setValidity

void setValidity(java.lang.String enableCAPast)
          throws EBaseException

Allows certificates to have validities that are longer than this certificate authority's.

Parameters:

enableCAPast - if equals "true", it allows certificates to have validity longer than CA's certificate validity

Throws:

EBaseException - failed to set above option

getDefaultValidity

long getDefaultValidity()

Retrieves the default validity period.

Returns:

the default validity length in days

getCRLIssuingPoints

java.util.Enumeration<ICRLIssuingPoint> getCRLIssuingPoints()

Retrieves all the CRL issuing points.

Returns:

enumeration of all the CRL issuing points

getCRLIssuingPoint

ICRLIssuingPoint getCRLIssuingPoint(java.lang.String id)

Retrieves CRL issuing point with the given identifier.

Parameters:

id - CRL issuing point id

Returns:

CRL issuing point with given id

addCRLIssuingPoint

boolean addCRLIssuingPoint(IConfigStore crlSubStore,
                           java.lang.String id,
                           boolean enable,
                           java.lang.String description)

Adds CRL issuing point with the given identifier and description.

Parameters:

crlSubStore - sub-store with all CRL issuing points

id - CRL issuing point id

description - CRL issuing point description

Returns:

true if CRL issuing point was successfully added

deleteCRLIssuingPoint

void deleteCRLIssuingPoint(IConfigStore crlSubStore,
                           java.lang.String id)

Deletes CRL issuing point with the given identifier.

Parameters:

crlSubStore - sub-store with all CRL issuing points

id - CRL issuing point id

getCRLRepository

ICRLRepository getCRLRepository()

Retrieves the CRL repository.

Returns:

CA's CRL repository

getReplicaRepository

IReplicaIDRepository getReplicaRepository()

Retrieves the Replica ID repository.

Returns:

CA's Replica ID repository

getRequestInQListener

IRequestListener getRequestInQListener()

Retrieves the request in queue listener.

Returns:

the request in queue listener

getRequestListenerNames

java.util.Enumeration<java.lang.String> getRequestListenerNames()

Retrieves all request listeners.

Returns:

name enumeration of all request listeners

getCertIssuedListener

IRequestListener getCertIssuedListener()

Retrieves the request listener for issued certificates.

Returns:

the request listener for issued certificates

getCertRevokedListener

IRequestListener getCertRevokedListener()

Retrieves the request listener for revoked certificates.

Returns:

the request listener for revoked certificates

getCACertChain

netscape.security.x509.CertificateChain getCACertChain()

Retrieves the CA certificate chain.

Returns:

the CA certificate chain

getCaX509Cert

org.mozilla.jss.crypto.X509Certificate getCaX509Cert()

Retrieves the CA certificate.

Returns:

the CA certificate

getCACert

netscape.security.x509.X509CertImpl getCACert()
                                       throws EBaseException

Retrieves the CA certificate.

Returns:

the CA certificate

Throws:

EBaseException

updateCRLNow

void updateCRLNow()
           throws EBaseException

Updates the CRL immediately for MasterCRL issuing point if it exists.

Throws:

EBaseException - failed to create or publish CRL

publishCRLNow

void publishCRLNow()
            throws EBaseException

Publishes the CRL immediately for MasterCRL issuing point if it exists.

Throws:

EBaseException - failed to publish CRL

getSigningUnit

ISigningUnit getSigningUnit()

Retrieves the signing unit that manages the CA signing key for signing certificates.

Returns:

the CA signing unit for certificates

getCRLSigningUnit

ISigningUnit getCRLSigningUnit()

Retrieves the signing unit that manages the CA signing key for signing CRL.

Returns:

the CA signing unit for CRLs

getOCSPSigningUnit

ISigningUnit getOCSPSigningUnit()

Retrieves the signing unit that manages the CA signing key for signing OCSP response.

Returns:

the CA signing unit for OCSP responses

setBasicConstraintMaxLen

void setBasicConstraintMaxLen(int num)

Sets the maximium path length in the basic constraint extension.

Parameters:

num - the maximium path length

isClone

boolean isClone()

Is this a clone CA?

Returns:

true if this is a clone CA

getRequestListener

IRequestListener getRequestListener(java.lang.String name)

Retrieves the request listener by name.

Parameters:

name - request listener name

Returns:

the request listener

getRequestNotifier

IRequestNotifier getRequestNotifier()

get request notifier

registerRequestListener

void registerRequestListener(IRequestListener listener)

Registers a request listener.

Parameters:

listener - request listener to be registered

registerRequestListener

void registerRequestListener(java.lang.String name,
                             IRequestListener listener)

Registers a request listener.

Parameters:

name - under request listener is going to be registered

listener - request listener to be registered

getX500Name

netscape.security.x509.X500Name getX500Name()

Retrieves the issuer name of this certificate authority.

Returns:

the issuer name of this certificate authority

getCRLX500Name

netscape.security.x509.X500Name getCRLX500Name()

Retrieves the issuer name of this certificate authority issuing point.

Returns:

the issuer name of this certificate authority issuing point

sign

netscape.security.x509.X509CRLImpl sign(netscape.security.x509.X509CRLImpl crl,
                                        java.lang.String algname)
                                 throws EBaseException

Signs the given CRL with the specific algorithm.

Parameters:

crl - CRL to be signed

algname - algorithm used for signing

Returns:

signed CRL

Throws:

EBaseException - failed to sign CRL

log

void log(int level,
         java.lang.String msg)

Logs a message to this certificate authority.

Parameters:

level - logging level

msg - logged message

getNickname

java.lang.String getNickname()

Returns the nickname for the CA signing certificate.

Returns:

the nickname for the CA signing certificate

sign

netscape.security.x509.X509CertImpl sign(netscape.security.x509.X509CertInfo certInfo,
                                         java.lang.String algname)
                                  throws EBaseException

Signs a X.509 certificate template.

Parameters:

certInfo - X.509 certificate template

algname - algorithm used for signing

Returns:

signed certificate

Throws:

EBaseException - failed to sign certificate

getDefaultCertVersion

netscape.security.x509.CertificateVersion getDefaultCertVersion()

Retrieves the default certificate version.

Returns:

the default version certificate

isEnablePastCATime

boolean isEnablePastCATime()

Is this CA allowed to issue certificate that has longer validty than the CA's.

Returns:

true if allows certificates to have validity longer than CA's

getCAService

IService getCAService()

Retrieves the CA service object that is responsible for processing requests.

Returns:

CA service object

getDBSubsystem

IDBSubsystem getDBSubsystem()

Retrieves the DB subsystem managing internal data storage.

Returns:

DB subsystem object

getNumOCSPRequest

long getNumOCSPRequest()

Returns the in-memory count of the processed OCSP requests.

Returns:

number of processed OCSP requests in memory

getOCSPRequestTotalTime

long getOCSPRequestTotalTime()

Returns the in-memory time (in mini-second) of the processed time for OCSP requests.

Returns:

processed times for OCSP requests

getOCSPTotalSignTime

long getOCSPTotalSignTime()

Returns the in-memory time (in mini-second) of the signing time for OCSP requests.

Returns:

processed times for OCSP requests

getOCSPTotalData

long getOCSPTotalData()

Returns the total data signed for OCSP requests.

Returns:

processed times for OCSP requests

getIssuerObj

netscape.security.x509.CertificateIssuerName getIssuerObj()

getSubjectObj

netscape.security.x509.CertificateSubjectName getSubjectObj()

getCAs

java.util.List<ICertificateAuthority> getCAs()

Enumerate all authorities, including host authority.

isHostAuthority

boolean isHostAuthority()

Return whether this CA is the host authority (not a lightweight authority).

getAuthorityID

AuthorityID getAuthorityID()

Get the AuthorityID of this CA.

getAuthorityParentID

AuthorityID getAuthorityParentID()

Get the AuthorityID of this CA's parent CA, if available.

getAuthorityEnabled

boolean getAuthorityEnabled()

Return whether CA is enabled.

isReady

boolean isReady()

Return whether CA is ready to perform signing operations.

ensureReady

void ensureReady()
          throws ECAException

Throw an exception if CA is not ready to perform signing operations.

Throws:

ECAException

getAuthorityDescription

java.lang.String getAuthorityDescription()

Return CA description. May be null.

getCA

ICertificateAuthority getCA(AuthorityID aid)

Get the CA by ID. Returns null if CA not found.

getCA

ICertificateAuthority getCA(netscape.security.x509.X500Name dn)

Get the CA by DN. Returns null if CA not found.

createCA

ICertificateAuthority createCA(IAuthToken authToken,
                               java.lang.String dn,
                               AuthorityID parentAID,
                               java.lang.String desc)
                        throws EBaseException

Create a new sub-CA under the specified parent CA.

Throws:

EBaseException

createSubCA

ICertificateAuthority createSubCA(IAuthToken authToken,
                                  java.lang.String dn,
                                  java.lang.String desc)
                           throws EBaseException

Create a new sub-CA IMMEDIATELY beneath this one. This method DOES NOT add the new CA to caMap; it is the caller's responsibility.

Throws:

EBaseException

modifyAuthority

void modifyAuthority(java.lang.Boolean enabled,
                     java.lang.String desc)
              throws EBaseException

Update authority configurables.

Parameters:

enabled - Whether CA is enabled or disabled

desc - Description; null or empty removes it

Throws:

EBaseException

renewAuthority

void renewAuthority(javax.servlet.http.HttpServletRequest httpReq)
             throws EBaseException

Renew certificate of CA.

Throws:

EBaseException

deleteAuthority

void deleteAuthority()
              throws EBaseException

Delete this lightweight CA.

Throws:

EBaseException