Interface ICRLIssuingPoint


public interface ICRLIssuingPoint
This class encapsulates CRL issuing mechanism. CertificateAuthority contains a map of CRLIssuingPoint indexed by string ids. Each issuing point contains information about CRL issuing and publishing parameters as well as state information which includes last issued CRL, next CRL serial number, time of the next update etc. If autoUpdateInterval is set to non-zero value then worker thread is created that will perform CRL update at scheduled intervals. Update can also be triggered by invoking updateCRL method directly. Another parameter minUpdateInterval can be used to prevent CRL from being updated too often
Version:
$Revision$, $Date$
  • Field Details

  • Method Details

    • isCRLIssuingPointEnabled

      boolean isCRLIssuingPointEnabled()
      Returns true if CRL issuing point is enabled.
      Returns:
      true if CRL issuing point is enabled
    • isCRLGenerationEnabled

      boolean isCRLGenerationEnabled()
      Returns true if CRL generation is enabled.
      Returns:
      true if CRL generation is enabled
    • enableCRLIssuingPoint

      void enableCRLIssuingPoint(boolean enable)
      Enables or disables CRL issuing point according to parameter.
      Parameters:
      enable - if true enables CRL issuing point
    • getCrlUpdateStatusStr

      String getCrlUpdateStatusStr()
      Returns CRL update status.
      Returns:
      CRL update status
    • getCrlUpdateErrorStr

      String getCrlUpdateErrorStr()
      Returns CRL update error.
      Returns:
      CRL update error
    • getCrlPublishStatusStr

      String getCrlPublishStatusStr()
      Returns CRL publishing status.
      Returns:
      CRL publishing status
    • getCrlPublishErrorStr

      String getCrlPublishErrorStr()
      Returns CRL publishing error.
      Returns:
      CRL publishing error
    • isCRLIssuingPointInitialized

      boolean isCRLIssuingPointInitialized()
      Returns CRL issuing point initialization status.
      Returns:
      true if CRL issuing point hsa been successfully initialized, otherwise false.
    • isManualUpdateSet

      boolean isManualUpdateSet()
      Checks if manual update is set.
      Returns:
      true if manual update is set
    • areExpiredCertsIncluded

      boolean areExpiredCertsIncluded()
      Checks if expired certificates are included in CRL.
      Returns:
      true if expired certificates are included in CRL
    • isCACertsOnly

      boolean isCACertsOnly()
      Checks if CRL includes CA certificates only.
      Returns:
      true if CRL includes CA certificates only
    • isProfileCertsOnly

      boolean isProfileCertsOnly()
      Checks if CRL includes profile certificates only.
      Returns:
      true if CRL includes profile certificates only
    • checkCurrentProfile

      boolean checkCurrentProfile(String id)
      Checks if CRL issuing point includes this profile.
      Returns:
      true if CRL issuing point includes this profile
    • init

      void init(ISubsystem ca, String id, IConfigStore config) throws EBaseException
      Initializes CRL issuing point.
      Parameters:
      ca - certificate authority that holds CRL issuing point
      id - CRL issuing point id
      config - configuration sub-store for CRL issuing point
      Throws:
      EBaseException - thrown if initialization failed
    • shutdown

      void shutdown()
      This method is called during shutdown. It updates CRL cache and stops thread controlling CRL updates.
    • getId

      String getId()
      Returns internal id of this CRL issuing point.
      Returns:
      internal id of this CRL issuing point
    • getDescription

      String getDescription()
      Returns internal description of this CRL issuing point.
      Returns:
      internal description of this CRL issuing point
    • setDescription

      void setDescription(String description)
      Sets internal description of this CRL issuing point.
      Parameters:
      description - description for this CRL issuing point.
    • getPublishDN

      String getPublishDN()
      Returns DN of the directory entry where CRLs from this issuing point are published.
      Returns:
      DN of the directory entry where CRLs are published.
    • getSigningAlgorithm

      String getSigningAlgorithm()
      Returns signing algorithm.
      Returns:
      signing algorithm
    • getLastSigningAlgorithm

      String getLastSigningAlgorithm()
      Returns signing algorithm used in last signing operation..
      Returns:
      last signing algorithm
    • getCRLSchema

      int getCRLSchema()
      Returns current CRL generation schema for this CRL issuing point.

      Returns:
      current CRL generation schema for this CRL issuing point
    • getCRLNumber

      BigInteger getCRLNumber()
      Returns current CRL number of this CRL issuing point.
      Returns:
      current CRL number of this CRL issuing point
    • getDeltaCRLNumber

      BigInteger getDeltaCRLNumber()
      Returns current delta CRL number of this CRL issuing point.

      Returns:
      current delta CRL number of this CRL issuing point
    • getNextCRLNumber

      BigInteger getNextCRLNumber()
      Returns next CRL number of this CRL issuing point.
      Returns:
      next CRL number of this CRL issuing point
    • getCRLSize

      long getCRLSize()
      Returns number of entries in the current CRL.
      Returns:
      number of entries in the current CRL
    • getDeltaCRLSize

      long getDeltaCRLSize()
      Returns number of entries in delta CRL
      Returns:
      number of entries in delta CRL
    • getLastUpdate

      Date getLastUpdate()
      Returns time of the last update.
      Returns:
      last CRL update time
    • getNextUpdate

      Date getNextUpdate()
      Returns time of the next update.
      Returns:
      next CRL update time
    • getNextDeltaUpdate

      Date getNextDeltaUpdate()
      Returns time of the next delta CRL update.
      Returns:
      next delta CRL update time
    • getRevokedCertificates

      Set<org.mozilla.jss.netscape.security.x509.RevokedCertificate> getRevokedCertificates(int start, int end)
      Returns all the revoked certificates from the CRL cache.
      Parameters:
      start - first requested CRL entry
      end - next after last requested CRL entry
      Returns:
      set of all the revoked certificates or null if there are none.
    • getCertificateAuthority

      ISubsystem getCertificateAuthority()
      Returns certificate authority.
      Returns:
      certificate authority
    • setManualUpdate

      void setManualUpdate(String signatureAlgorithm)
      Schedules immediate CRL manual-update and sets signature algorithm to be used for signing.
      Parameters:
      signatureAlgorithm - signature algorithm to be used for signing
    • getAutoUpdateInterval

      long getAutoUpdateInterval()
      Returns auto update interval in milliseconds.
      Returns:
      auto update interval in milliseconds
    • getAlwaysUpdate

      boolean getAlwaysUpdate()
      Returns true if CRL is updated for every change of revocation status of any certificate.
      Returns:
      true if CRL update is always triggered by revocation operation
    • getNextUpdateGracePeriod

      long getNextUpdateGracePeriod()
      Returns next update grace period in minutes.
      Returns:
      next update grace period in minutes
    • getFilter

      String getFilter()
      Returns filter used to build CRL based on information stored in local directory.
      Returns:
      filter used to search local directory
    • processRevokedCerts

      void processRevokedCerts(IElementProcessor cp) throws EBaseException
      Builds a list of revoked certificates to put them into CRL. Calls certificate record processor to get necessary data from certificate records. This also regenerates CRL cache.
      Parameters:
      cp - certificate record processor
      Throws:
      EBaseException - if an error occurred in the database.
    • getRevocationDateFromCache

      Date getRevocationDateFromCache(BigInteger serialNumber, boolean checkDeltaCache, boolean includeExpiredCerts)
      Returns date of revoked certificate or null if certificated is not listed as revoked.
      Parameters:
      serialNumber - serial number of certificate to be checked
      checkDeltaCache - true if delta CRL cache suppose to be included in checking process
      includeExpiredCerts - true if delta CRL cache with expired certificates suppose to be included in checking process
      Returns:
      date of revoked certificate or null
    • getSplitTimes

      Vector<Long> getSplitTimes()
      Returns split times from CRL generation.
      Returns:
      split times from CRL generation in milliseconds
    • updateCRLNow

      void updateCRLNow(String signingAlgorithm) throws EBaseException
      Generates CRL now based on cache or local directory if cache is not available. It also publishes CRL if it is required.
      Parameters:
      signingAlgorithm - signing algorithm to be used for CRL signing
      Throws:
      EBaseException - if an error occurred during CRL generation or publishing
    • clearCRLCache

      void clearCRLCache()
      Clears CRL cache
    • clearDeltaCRLCache

      void clearDeltaCRLCache()
      Clears delta-CRL cache
    • getNumberOfRecentlyRevokedCerts

      int getNumberOfRecentlyRevokedCerts()
      Returns number of recently revoked certificates.
      Returns:
      number of recently revoked certificates
    • getNumberOfRecentlyUnrevokedCerts

      int getNumberOfRecentlyUnrevokedCerts()
      Returns number of recently unrevoked certificates.
      Returns:
      number of recently unrevoked certificates
    • getNumberOfRecentlyExpiredCerts

      int getNumberOfRecentlyExpiredCerts()
      Returns number of recently expired and revoked certificates.
      Returns:
      number of recently expired and revoked certificates
    • getRequiredEntryExtensions

      org.mozilla.jss.netscape.security.x509.CRLExtensions getRequiredEntryExtensions(org.mozilla.jss.netscape.security.x509.CRLExtensions exts)
      Converts list of extensions supplied by revocation request to list of extensions required to be placed in CRL.
      Parameters:
      exts - list of extensions supplied by revocation request
      Returns:
      list of extensions required to be placed in CRL
    • addRevokedCert

      void addRevokedCert(BigInteger serialNumber, org.mozilla.jss.netscape.security.x509.RevokedCertImpl revokedCert)
      Adds revoked certificate to delta-CRL cache.
      Parameters:
      serialNumber - serial number of revoked certificate
      revokedCert - revocation information supplied by revocation request
    • addRevokedCert

      void addRevokedCert(BigInteger serialNumber, org.mozilla.jss.netscape.security.x509.RevokedCertImpl revokedCert, String requestId)
      Adds revoked certificate to delta-CRL cache.
      Parameters:
      serialNumber - serial number of revoked certificate
      revokedCert - revocation information supplied by revocation request
      requestId - revocation request id
    • addUnrevokedCert

      void addUnrevokedCert(BigInteger serialNumber)
      Adds unrevoked certificate to delta-CRL cache.
      Parameters:
      serialNumber - serial number of unrevoked certificate
    • addUnrevokedCert

      void addUnrevokedCert(BigInteger serialNumber, String requestId)
      Adds unrevoked certificate to delta-CRL cache.
      Parameters:
      serialNumber - serial number of unrevoked certificate
      requestId - unrevocation request id
    • addExpiredCert

      void addExpiredCert(BigInteger serialNumber)
      Adds expired and revoked certificate to delta-CRL cache.
      Parameters:
      serialNumber - serial number of expired and revoked certificate
    • updateCRLCacheRepository

      void updateCRLCacheRepository()
      Updates CRL cache into local directory.
    • updateConfig

      boolean updateConfig(NameValuePairs params)
      Updates issuing point configuration according to supplied data in name value pairs.
      Parameters:
      params - name value pairs defining new issuing point configuration
      Returns:
      true if configuration is updated successfully
    • isDeltaCRLEnabled

      boolean isDeltaCRLEnabled()
      Returns true if delta-CRL is enabled.
      Returns:
      true if delta-CRL is enabled
    • isCRLCacheEnabled

      boolean isCRLCacheEnabled()
      Returns true if CRL cache is enabled.
      Returns:
      true if CRL cache is enabled
    • isCRLCacheEmpty

      boolean isCRLCacheEmpty()
      Returns true if CRL cache is empty.
      Returns:
      true if CRL cache is empty
    • isCRLCacheTestingEnabled

      boolean isCRLCacheTestingEnabled()
      Returns true if CRL cache testing is enabled.
      Returns:
      true if CRL cache testing is enabled
    • isThisCurrentDeltaCRL

      boolean isThisCurrentDeltaCRL(org.mozilla.jss.netscape.security.x509.X509CRLImpl deltaCRL)
      Returns true if supplied delta-CRL is matching current delta-CRL.
      Parameters:
      deltaCRL - delta-CRL to verify against current delta-CRL
      Returns:
      true if supplied delta-CRL is matching current delta-CRL
    • isCRLUpdateInProgress

      int isCRLUpdateInProgress()
      Returns status of CRL generation.
      Returns:
      one of the following according to CRL generation status: CRL_UPDATE_DONE, CRL_UPDATE_STARTED, and CRL_PUBLISHING_STARTED
    • updateCRLNow

      void updateCRLNow() throws EBaseException
      Generates CRL now based on cache or local directory if cache is not available. It also publishes CRL if it is required. CRL is signed by default signing algorithm.
      Throws:
      EBaseException - if an error occurred during CRL generation or publishing
    • getCRLExtensions

      ICMSCRLExtensions getCRLExtensions()
      Returns list of CRL extensions.
      Returns:
      list of CRL extensions
    • setCustomFutureThisUpdateValue

      void setCustomFutureThisUpdateValue(Date futureThisUpdate)
      Set Optional Future thsUpdateValue to go into the CRL
    • setCancelCurFutureThisUpdateValue

      void setCancelCurFutureThisUpdateValue(boolean b)