Package com.netscape.certsrv.kra
Interface IKeyRecoveryAuthority
-
- All Superinterfaces:
ISubsystem
public interface IKeyRecoveryAuthority extends ISubsystem
An interface represents key recovery authority. The key recovery authority is responsibile for archiving and recovering user encryption private keys.- Version:
- $Revision$, $Date$
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
ID
static java.lang.String
PROP_DBS
static java.lang.String
PROP_HTTP
static java.lang.String
PROP_KEYDB_INC
static java.lang.String
PROP_LOGGING
static java.lang.String
PROP_NAME
static java.lang.String
PROP_NEW_NICKNAME
static java.lang.String
PROP_NOTIFY_SUBSTORE
static java.lang.String
PROP_POLICY
static java.lang.String
PROP_PROTECTOR
static java.lang.String
PROP_QUEUE_REQUESTS
static java.lang.String
PROP_REQ_IN_Q_SUBSTORE
static java.lang.String
PROP_SHARE
static java.lang.String
PROP_STORAGE_KEY
static java.lang.String
PROP_TOKEN
static java.lang.String
PROP_TRANSPORT_KEY
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
addAutoRecovery(java.lang.String id, Credential[] creds)
Adds credentials to the given authorizated recovery operation.void
addEntropy(boolean logflag)
Adds entropy to the token used for supporting server-side keygen Parameters are set in the config filevoid
createError(java.lang.String recoveryID, java.lang.String error)
Creates error for a specific recovery operation.void
createPk12(java.lang.String recoveryID, byte[] pk12)
Creates PKCS12 package in memory.java.util.Hashtable<java.lang.String,java.lang.Object>
createVolatileRequest(RequestId id)
Creates a request object to store attributes that will not be serialized.void
destroyVolatileRequest(RequestId id)
Destroys the request object.java.security.KeyPair
generateKeyPair(java.lang.String alg, int keySize, java.lang.String keyCurve, org.mozilla.jss.crypto.PQGParams pqg, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usageList)
Generate an asymmetric key pair.java.util.Vector<Credential>
getAppAgents(java.lang.String recoveryID)
java.util.Enumeration<java.lang.String>
getAutoRecoveryIDs()
Returns a list of recovery identifiers.boolean
getAutoRecoveryState()
Returns the current auto recovery state.java.lang.String
getError(java.lang.String recoveryID)
Retrieves error by recovery identifier.org.mozilla.jss.crypto.CryptoToken
getKeygenToken()
Returns the token that generates user key pairs for supporting server-side keygenIKeyRepository
getKeyRepository()
Retrieves the key repository.java.lang.String
getNewNickName()
Returns the new nickname of the transport certifiate.java.lang.String
getNickname()
Returns the nickname of the transport certificate.int
getNoOfRequiredAgents()
Returns the number of required agents.byte[]
getPk12(java.lang.String recoveryID)
Retrieves PKCS12 package by recovery identifier.IPolicyProcessor
getPolicyProcessor()
Returns policy processor of the key recovery authority.java.lang.String
getRecoveryID()
Returns the current recovery identifier.IReplicaIDRepository
getReplicaRepository()
Retrieves the Replica ID repository.IRequestListener
getRequestInQListener()
Returns the request listener that listens on the request completion event.IRequestQueue
getRequestQueue()
Retrieves KRA request repository.IStorageKeyUnit
getStorageKeyUnit()
Returns the storage key unit that manages the stoarge key.org.mozilla.jss.crypto.X509Certificate
getTransportCert()
Retrieves the transport certificate.ITransportKeyUnit
getTransportKeyUnit()
Returns the transport key unit that manages the transport key.java.util.Hashtable<java.lang.String,java.lang.Object>
getVolatileRequest(RequestId id)
Retrieves the request object.X500Name
getX500Name()
Returns the name of this subsystem.boolean
isEphemeral(java.lang.String realm)
Are ephemeral requests enabled for SECURITY_DATA recovery and archivalboolean
isRetrievalSynchronous(java.lang.String realm)
Is the SECURITY_DATA retrieval synchronous?void
log(int level, java.lang.String msg)
Logs event into key recovery authority logging.void
processSynchronousRequest(IRequest request)
Process synchronous archival and recovery requestsvoid
removeAutoRecovery(java.lang.String id)
Removes a particular auto recovery operation.boolean
setAutoRecoveryState(Credential[] cs, boolean on)
Enables the auto recovery state.void
setNewNickName(java.lang.String name)
Sets the new nickname of the transport certifiate.void
setNickname(java.lang.String str)
Sets the nickname of the transport certificate.void
setNoOfRequiredAgents(int number)
Sets the number of required recovery agents-
Methods inherited from interface com.netscape.certsrv.base.ISubsystem
getConfigStore, getId, init, setId, shutdown, startup
-
-
-
-
Field Detail
-
ID
static final java.lang.String ID
- See Also:
- Constant Field Values
-
PROP_NAME
static final java.lang.String PROP_NAME
- See Also:
- Constant Field Values
-
PROP_HTTP
static final java.lang.String PROP_HTTP
- See Also:
- Constant Field Values
-
PROP_POLICY
static final java.lang.String PROP_POLICY
- See Also:
- Constant Field Values
-
PROP_DBS
static final java.lang.String PROP_DBS
- See Also:
- Constant Field Values
-
PROP_TOKEN
static final java.lang.String PROP_TOKEN
- See Also:
- Constant Field Values
-
PROP_SHARE
static final java.lang.String PROP_SHARE
- See Also:
- Constant Field Values
-
PROP_PROTECTOR
static final java.lang.String PROP_PROTECTOR
- See Also:
- Constant Field Values
-
PROP_LOGGING
static final java.lang.String PROP_LOGGING
- See Also:
- Constant Field Values
-
PROP_QUEUE_REQUESTS
static final java.lang.String PROP_QUEUE_REQUESTS
- See Also:
- Constant Field Values
-
PROP_STORAGE_KEY
static final java.lang.String PROP_STORAGE_KEY
- See Also:
- Constant Field Values
-
PROP_TRANSPORT_KEY
static final java.lang.String PROP_TRANSPORT_KEY
- See Also:
- Constant Field Values
-
PROP_NEW_NICKNAME
static final java.lang.String PROP_NEW_NICKNAME
- See Also:
- Constant Field Values
-
PROP_KEYDB_INC
static final java.lang.String PROP_KEYDB_INC
- See Also:
- Constant Field Values
-
PROP_NOTIFY_SUBSTORE
static final java.lang.String PROP_NOTIFY_SUBSTORE
- See Also:
- Constant Field Values
-
PROP_REQ_IN_Q_SUBSTORE
static final java.lang.String PROP_REQ_IN_Q_SUBSTORE
- See Also:
- Constant Field Values
-
-
Method Detail
-
getX500Name
X500Name getX500Name()
Returns the name of this subsystem.- Returns:
- KRA name
-
getRequestQueue
IRequestQueue getRequestQueue()
Retrieves KRA request repository.- Returns:
- request repository
-
getKeyRepository
IKeyRepository getKeyRepository()
Retrieves the key repository. The key repository stores archived keys.
-
getReplicaRepository
IReplicaIDRepository getReplicaRepository()
Retrieves the Replica ID repository.- Returns:
- KRA's Replica ID repository
-
setAutoRecoveryState
boolean setAutoRecoveryState(Credential[] cs, boolean on)
Enables the auto recovery state. Once KRA is in the auto recovery state, no recovery agents need to be present for providing credentials. This feature is for enabling user-based recovery operation.- Parameters:
cs
- list of agent credentialson
- true if auto recovery state is on- Returns:
- current auto recovery state
-
getAutoRecoveryState
boolean getAutoRecoveryState()
Returns the current auto recovery state.- Returns:
- true if auto recvoery state is on
-
addAutoRecovery
void addAutoRecovery(java.lang.String id, Credential[] creds)
Adds credentials to the given authorizated recovery operation. In distributed recovery mode, recovery agent login to the agent interface and submit its credential for a particular recovery operation.- Parameters:
id
- authorization identifiercreds
- list of credentials
-
removeAutoRecovery
void removeAutoRecovery(java.lang.String id)
Removes a particular auto recovery operation.- Parameters:
id
- authorization identifier
-
getNoOfRequiredAgents
int getNoOfRequiredAgents() throws EBaseException
Returns the number of required agents. In M-out-of-N recovery schema, only M agents are required even there are N agents. This method returns M.- Returns:
- number of required agents
- Throws:
EBaseException
-
setNoOfRequiredAgents
void setNoOfRequiredAgents(int number) throws EBaseException
Sets the number of required recovery agents- Parameters:
number
- number of agents- Throws:
EBaseException
-
getRecoveryID
java.lang.String getRecoveryID()
Returns the current recovery identifier.- Returns:
- recovery identifier
-
getAutoRecoveryIDs
java.util.Enumeration<java.lang.String> getAutoRecoveryIDs()
Returns a list of recovery identifiers.- Returns:
- list of auto recovery identifiers
-
getStorageKeyUnit
IStorageKeyUnit getStorageKeyUnit()
Returns the storage key unit that manages the stoarge key.- Returns:
- storage key unit
-
getTransportKeyUnit
ITransportKeyUnit getTransportKeyUnit()
Returns the transport key unit that manages the transport key.- Returns:
- transport key unit
-
getKeygenToken
org.mozilla.jss.crypto.CryptoToken getKeygenToken()
Returns the token that generates user key pairs for supporting server-side keygen- Returns:
- keygen token
-
addEntropy
void addEntropy(boolean logflag)
Adds entropy to the token used for supporting server-side keygen Parameters are set in the config file- Parameters:
logflag
- create log messages at info level to report entropy shortage
-
getRequestInQListener
IRequestListener getRequestInQListener()
Returns the request listener that listens on the request completion event.- Returns:
- request listener
-
getPolicyProcessor
IPolicyProcessor getPolicyProcessor()
Returns policy processor of the key recovery authority.- Returns:
- policy processor
-
getNickname
java.lang.String getNickname()
Returns the nickname of the transport certificate.- Returns:
- transport certificate nickname.
-
setNickname
void setNickname(java.lang.String str)
Sets the nickname of the transport certificate.- Parameters:
str
- nickname
-
getNewNickName
java.lang.String getNewNickName() throws EBaseException
Returns the new nickname of the transport certifiate.- Returns:
- new nickname
- Throws:
EBaseException
-
setNewNickName
void setNewNickName(java.lang.String name)
Sets the new nickname of the transport certifiate.- Parameters:
name
- new nickname
-
log
void log(int level, java.lang.String msg)
Logs event into key recovery authority logging.- Parameters:
level
- log levelmsg
- log message
-
createVolatileRequest
java.util.Hashtable<java.lang.String,java.lang.Object> createVolatileRequest(RequestId id)
Creates a request object to store attributes that will not be serialized. Currently, request queue framework will try to serialize all the attribute into persistent storage. Things like passwords are not desirable to be stored.- Parameters:
id
- request id- Returns:
- volatile requests
-
getVolatileRequest
java.util.Hashtable<java.lang.String,java.lang.Object> getVolatileRequest(RequestId id)
Retrieves the request object.- Parameters:
id
- request id- Returns:
- volatile requests
-
destroyVolatileRequest
void destroyVolatileRequest(RequestId id)
Destroys the request object.- Parameters:
id
- request id
-
getAppAgents
java.util.Vector<Credential> getAppAgents(java.lang.String recoveryID) throws EBaseException
- Throws:
EBaseException
-
createError
void createError(java.lang.String recoveryID, java.lang.String error) throws EBaseException
Creates error for a specific recovery operation.- Parameters:
recoveryID
- recovery iderror
- error- Throws:
EBaseException
- failed to create error
-
getError
java.lang.String getError(java.lang.String recoveryID) throws EBaseException
Retrieves error by recovery identifier.- Parameters:
recoveryID
- recovery id- Returns:
- error message
- Throws:
EBaseException
-
getPk12
byte[] getPk12(java.lang.String recoveryID) throws EBaseException
Retrieves PKCS12 package by recovery identifier.- Parameters:
recoveryID
- recovery id- Returns:
- pkcs12 package in bytes
- Throws:
EBaseException
-
createPk12
void createPk12(java.lang.String recoveryID, byte[] pk12) throws EBaseException
Creates PKCS12 package in memory.- Parameters:
recoveryID
- recovery idpk12
- package in bytes- Throws:
EBaseException
-
getTransportCert
org.mozilla.jss.crypto.X509Certificate getTransportCert()
Retrieves the transport certificate.
-
processSynchronousRequest
void processSynchronousRequest(IRequest request) throws EBaseException
Process synchronous archival and recovery requests- Throws:
EBaseException
-
isEphemeral
boolean isEphemeral(java.lang.String realm)
Are ephemeral requests enabled for SECURITY_DATA recovery and archival- Parameters:
realm
- authz realm
-
isRetrievalSynchronous
boolean isRetrievalSynchronous(java.lang.String realm)
Is the SECURITY_DATA retrieval synchronous?- Parameters:
realm
-
-
generateKeyPair
java.security.KeyPair generateKeyPair(java.lang.String alg, int keySize, java.lang.String keyCurve, org.mozilla.jss.crypto.PQGParams pqg, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usageList) throws EBaseException
Generate an asymmetric key pair.- Parameters:
alg
-keySize
-keyCurve
-pqg
-usageList
- - RSA only for now- Returns:
- key pair
- Throws:
EBaseException
-
-