Class CertificateRepository

    • Field Detail

      • logger

        public static org.slf4j.Logger logger
      • certStatusUpdateTask

        public com.netscape.cmscore.dbs.CertStatusUpdateTask certStatusUpdateTask
      • retrieveModificationsTask

        public com.netscape.cmscore.dbs.RetrieveModificationsTask retrieveModificationsTask
      • serialNumberUpdateTask

        public com.netscape.cmscore.dbs.SerialNumberUpdateTask serialNumberUpdateTask
    • Constructor Detail

      • CertificateRepository

        public CertificateRepository​(IDBSubsystem dbService,
                                     java.lang.String certRepoBaseDN,
                                     int increment,
                                     java.lang.String baseDN)
                              throws EDBException
        Constructs a certificate repository.
        Throws:
        EDBException
    • Method Detail

      • createCertRecord

        public ICertRecord createCertRecord​(java.math.BigInteger id,
                                            java.security.cert.Certificate cert,
                                            MetaInfo meta)
        Description copied from interface: ICertificateRepository
        Creates certificate record.
        Specified by:
        createCertRecord in interface ICertificateRepository
        Parameters:
        id - serial number
        cert - certificate
        meta - meta information
        Returns:
        certificate record
      • getEnableRandomSerialNumbers

        public boolean getEnableRandomSerialNumbers()
        Description copied from interface: ICertificateRepository
        Retrieves serial number management mode.
        Specified by:
        getEnableRandomSerialNumbers in interface ICertificateRepository
        Returns:
        serial number management mode, "true" indicates random serial number management, "false" indicates sequential serial number management.
      • setEnableRandomSerialNumbers

        public void setEnableRandomSerialNumbers​(boolean random,
                                                 boolean updateMode,
                                                 boolean forceModeChange)
        Description copied from interface: ICertificateRepository
        Sets serial number management mode for certificates..
        Specified by:
        setEnableRandomSerialNumbers in interface ICertificateRepository
        Parameters:
        random - "true" sets random serial number management, "false" sequential
        updateMode - "true" updates "description" attribute in certificate repository
        forceModeChange - "true" forces certificate repository mode change
      • updateCounter

        public void updateCounter()
      • removeCertRecords

        public void removeCertRecords​(java.math.BigInteger beginS,
                                      java.math.BigInteger endS)
                               throws EBaseException
        Removes all objects with this repository.
        Specified by:
        removeCertRecords in interface ICertificateRepository
        Parameters:
        beginS - BigInteger with radix 16
        endS - BigInteger with radix 16
        Throws:
        EBaseException
      • setConsistencyCheck

        public void setConsistencyCheck​(boolean ConsistencyCheck)
      • setSkipIfInConsistent

        public void setSkipIfInConsistent​(boolean SkipIfInconsistent)
      • setTransitMaxRecords

        public void setTransitMaxRecords​(int max)
      • setTransitRecordPageSize

        public void setTransitRecordPageSize​(int size)
      • addCRLIssuingPoint

        public void addCRLIssuingPoint​(java.lang.String id,
                                       ICRLIssuingPoint crlIssuingPoint)
        register CRL Issuing Point
      • setCertStatusUpdateInterval

        public void setCertStatusUpdateInterval​(IRepository requestRepository,
                                                int interval,
                                                boolean listenToCloneModifications)
        interval value: (in seconds) 0 - disable >0 - enable
        Specified by:
        setCertStatusUpdateInterval in interface ICertificateRepository
        Parameters:
        requestRepository - request repository
        interval - update interval
        listenToCloneModifications - enable listening to clone modifications
      • setSerialNumberUpdateInterval

        public void setSerialNumberUpdateInterval​(IRepository requestRepository,
                                                  int interval)
        interval value: (in seconds) 0 - disable >0 - enable
      • getDN

        public java.lang.String getDN()
        Retrieves DN of this repository.
      • setRequestDN

        public void setRequestDN​(java.lang.String requestDN)
      • getRequestDN

        public java.lang.String getRequestDN()
      • getDBSubsystem

        public IDBSubsystem getDBSubsystem()
        Retrieves backend database handle.
      • addCertificateRecord

        public void addCertificateRecord​(ICertRecord record)
                                  throws EBaseException
        Adds a certificate record to the repository. Each certificate record contains four parts: certificate, meta-attributes, issue information and reovcation information.

        Specified by:
        addCertificateRecord in interface ICertificateRepository
        Parameters:
        cert - X.509 certificate
        Throws:
        EBaseException - failed to add new certificate to the repository
      • addRevokedCertRecord

        public void addRevokedCertRecord​(CertRecord record)
                                  throws EBaseException
        Used by the Clone Master (CLA) to add a revoked certificate record to the repository.

        Parameters:
        record - a CertRecord
        Throws:
        EBaseException - failed to add new certificate to the repository
      • transitValidCertificates

        public void transitValidCertificates()
                                      throws EBaseException
        This transits a certificate status from VALID to EXPIRED if a certificate becomes expired.
        Throws:
        EBaseException
      • transitRevokedExpiredCertificates

        public void transitRevokedExpiredCertificates()
                                               throws EBaseException
        This transits a certificate status from REVOKED to REVOKED_EXPIRED if an revoked certificate becomes expired.
        Throws:
        EBaseException
      • transitInvalidCertificates

        public void transitInvalidCertificates()
                                        throws EBaseException
        This transits a certificate status from INVALID to VALID if a certificate becomes valid.
        Throws:
        EBaseException
      • getX509Certificate

        public org.mozilla.jss.netscape.security.x509.X509CertImpl getX509Certificate​(java.math.BigInteger serialNo)
                                                                               throws EBaseException
        Reads the certificate identified by the given serial no.
        Specified by:
        getX509Certificate in interface ICertificateRepository
        Parameters:
        serialNo - serial number of certificate
        Returns:
        certificate
        Throws:
        EBaseException - failed to retrieve certificate
      • checkCertificateRecord

        public boolean checkCertificateRecord​(java.math.BigInteger serialNo)
                                       throws EBaseException
        Throws:
        EBaseException
      • containsCertificate

        public boolean containsCertificate​(java.math.BigInteger serialNo)
                                    throws EBaseException
        Checks if the specified certificate is in the repository.
        Specified by:
        containsCertificate in interface ICertificateRepository
        Parameters:
        serialNo - serial number of certificate
        Returns:
        true if it exists
        Throws:
        EBaseException - failed to check
      • markAsRevoked

        public void markAsRevoked​(java.math.BigInteger id,
                                  IRevocationInfo info)
                           throws EBaseException
        Marks certificate as revoked. isAlreadyRevoked - boolean to indicate that the cert was revoked ( possibly onHold ) When a cert was originally revoked (possibly onHold), some of the ldap attributes already exist, so "MOD_REPLACE" is needed instead of "MOD_ADD"
        Specified by:
        markAsRevoked in interface ICertificateRepository
        Parameters:
        id - serial number
        info - revocation information
        Throws:
        EBaseException - failed to mark
      • unmarkRevoked

        public void unmarkRevoked​(java.math.BigInteger id,
                                  IRevocationInfo info,
                                  java.util.Date revokedOn,
                                  java.lang.String revokedBy)
                           throws EBaseException
        Unmarks revoked certificate.
        Specified by:
        unmarkRevoked in interface ICertificateRepository
        Parameters:
        id - serial number
        info - revocation information
        revokedOn - revocation date
        revokedBy - userid
        Throws:
        EBaseException - failed to unmark
      • updateStatus

        public void updateStatus​(java.math.BigInteger id,
                                 java.lang.String status)
                          throws EBaseException
        Updates the certificiate record status to the specified.
        Specified by:
        updateStatus in interface ICertificateRepository
        Parameters:
        id - serial number
        status - certificate status
        Throws:
        EBaseException - failed to update status
      • searchCertificates

        public java.util.Enumeration<java.lang.Object> searchCertificates​(java.lang.String filter,
                                                                          int maxSize,
                                                                          java.lang.String sortAttribute)
                                                                   throws EBaseException
        Description copied from interface: ICertificateRepository
        Finds a list of certificate records that satisifies the filter.
        Specified by:
        searchCertificates in interface ICertificateRepository
        Parameters:
        filter - search filter
        maxSize - max size to return
        sortAttribute - Attribute of ICertRecord to sort the results
        Returns:
        a list of certificates
        Throws:
        EBaseException - failed to search
      • searchCertificates

        public java.util.Enumeration<java.lang.Object> searchCertificates​(java.lang.String filter,
                                                                          int maxSize)
                                                                   throws EBaseException
        Description copied from interface: ICertificateRepository
        Finds a list of certificate records that satisifies the filter. Here is a list of filter attribute can be used:
           certRecordId
           certMetaInfo
           certStatus
           certCreateTime
           certModifyTime
           x509Cert.notBefore
           x509Cert.notAfter
           x509Cert.subject
         
        The filter should follow RFC1558 LDAP filter syntax. For example,
           (&(certRecordId=5)(x509Cert.notBefore=934398398))
         
        Specified by:
        searchCertificates in interface ICertificateRepository
        Parameters:
        filter - search filter
        maxSize - max size to return
        Returns:
        a list of certificates
        Throws:
        EBaseException - failed to search
      • searchCertificates

        public java.util.Enumeration<ICertRecord> searchCertificates​(java.lang.String filter,
                                                                     int maxSize,
                                                                     int timeLimit)
                                                              throws EBaseException
        Description copied from interface: ICertificateRepository
        Finds a list of certificate records that satisifies the filter.
        Specified by:
        searchCertificates in interface ICertificateRepository
        Parameters:
        filter - search filter
        maxSize - max size to return
        timeLimit - timeout value
        Returns:
        a list of certificates
        Throws:
        EBaseException - failed to search
      • searchCertificates

        public java.util.Enumeration<ICertRecord> searchCertificates​(java.lang.String filter,
                                                                     int maxSize,
                                                                     int timeLimit,
                                                                     java.lang.String sortAttribute)
                                                              throws EBaseException
        Description copied from interface: ICertificateRepository
        Finds a list of certificate records that satisifies the filter.
        Specified by:
        searchCertificates in interface ICertificateRepository
        Parameters:
        filter - search filter
        maxSize - max size to return
        timeLimit - timeout value
        sortAttribute - Attribute of ICertRecord to sort the results
        Returns:
        a list of certificates
        Throws:
        EBaseException - failed to search
      • findCertRecs

        public java.util.Enumeration<java.lang.Object> findCertRecs​(java.lang.String filter)
                                                             throws EBaseException
        Deprecated.
        replaced by findCertificatesInList
        Returns a list of X509CertImp that satisfies the filter.
        Specified by:
        findCertRecs in interface ICertificateRepository
        Parameters:
        filter - search filter
        Returns:
        a list of certificate records
        Throws:
        EBaseException - failed to retrieve cert records
      • findCertRecs

        public java.util.Enumeration<java.lang.Object> findCertRecs​(java.lang.String filter,
                                                                    java.lang.String[] attrs)
                                                             throws EBaseException
        Throws:
        EBaseException
      • findCertificates

        public java.util.Enumeration<org.mozilla.jss.netscape.security.x509.X509CertImpl> findCertificates​(java.lang.String filter)
                                                                                                    throws EBaseException
        Description copied from interface: ICertificateRepository
        Finds all certificates given a filter.
        Specified by:
        findCertificates in interface ICertificateRepository
        Parameters:
        filter - search filter
        Returns:
        a list of certificates
        Throws:
        EBaseException - failed to search
      • findCertRecords

        public java.util.Enumeration<ICertRecord> findCertRecords​(java.lang.String filter)
                                                           throws EBaseException
        Finds a list of certificate records that satisifies the filter. If you are going to process everything in the list, use this.
        Specified by:
        findCertRecords in interface ICertificateRepository
        Parameters:
        filter - search filter
        Returns:
        a list of certificates
        Throws:
        EBaseException - failed to search
      • findCertRecordsInList

        public ICertRecordList findCertRecordsInList​(java.lang.String filter,
                                                     java.lang.String[] attrs,
                                                     int pageSize)
                                              throws EBaseException
        Finds certificate records. Here is a list of filter attribute can be used:
           certRecordId
           certMetaInfo
           certStatus
           certCreateTime
           certModifyTime
           x509Cert.notBefore
           x509Cert.notAfter
           x509Cert.subject
         
        The filter should follow RFC1558 LDAP filter syntax. For example,
           (&(certRecordId=5)(x509Cert.notBefore=934398398))
         
        Specified by:
        findCertRecordsInList in interface ICertificateRepository
        Parameters:
        filter - search filter
        attrs - selected attribute
        pageSize - page size
        Returns:
        a list of certificates
        Throws:
        EBaseException - failed to search
      • findCertRecordsInList

        public ICertRecordList findCertRecordsInList​(java.lang.String filter,
                                                     java.lang.String[] attrs,
                                                     java.lang.String sortKey,
                                                     int pageSize)
                                              throws EBaseException
        Description copied from interface: ICertificateRepository
        Finds a list of certificate records that satisifies the filter.
        Specified by:
        findCertRecordsInList in interface ICertificateRepository
        Parameters:
        filter - search filter
        attrs - selected attribute
        sortKey - key to use for sorting the returned elements
        pageSize - page size
        Returns:
        a list of certificates
        Throws:
        EBaseException - failed to search
      • findCertRecordsInList

        public ICertRecordList findCertRecordsInList​(java.lang.String filter,
                                                     java.lang.String[] attrs,
                                                     java.lang.String jumpTo,
                                                     java.lang.String sortKey,
                                                     int pageSize)
                                              throws EBaseException
        Description copied from interface: ICertificateRepository
        Finds a list of certificate records that satisifies the filter.
        Specified by:
        findCertRecordsInList in interface ICertificateRepository
        Parameters:
        filter - search filter
        attrs - selected attribute
        jumpTo - jump to index
        sortKey - key to use for sorting the returned elements
        pageSize - page size
        Returns:
        a list of certificates
        Throws:
        EBaseException - failed to search
      • findCertRecordsInListRawJumpto

        public ICertRecordList findCertRecordsInListRawJumpto​(java.lang.String filter,
                                                              java.lang.String[] attrs,
                                                              java.lang.String jumpTo,
                                                              java.lang.String sortKey,
                                                              int pageSize)
                                                       throws EBaseException
        Description copied from interface: ICertificateRepository
        Finds a list of certificate records that satisifies the filter.
        Specified by:
        findCertRecordsInListRawJumpto in interface ICertificateRepository
        Parameters:
        filter - search filter
        attrs - selected attribute
        jumpTo - jump to index
        sortKey - key to use for sorting the returned elements
        pageSize - page size
        Returns:
        a list of certificates
        Throws:
        EBaseException - failed to search
      • getX509Certificates

        public org.mozilla.jss.netscape.security.x509.X509CertImpl[] getX509Certificates​(java.lang.String subjectDN,
                                                                                         int validityType)
                                                                                  throws EBaseException
        Gets all valid and unexpired certificates pertaining to a subject DN.
        Specified by:
        getX509Certificates in interface ICertificateRepository
        Parameters:
        subjectDN - The distinguished name of the subject.
        validityType - The type of certificates to get.
        Returns:
        An array of certificates.
        Throws:
        EBaseException - on error.
      • getX509Certificates

        public org.mozilla.jss.netscape.security.x509.X509CertImpl[] getX509Certificates​(java.lang.String filter)
                                                                                  throws EBaseException
        Throws:
        EBaseException
      • getValidCertificates

        public java.util.Enumeration<ICertRecord> getValidCertificates​(java.lang.String from,
                                                                       java.lang.String to)
                                                                throws EBaseException
        Retrives all valid certificates excluding ones already revoked.
        Specified by:
        getValidCertificates in interface ICertificateRepository
        Parameters:
        from - The starting point of the serial number range.
        to - The ending point of the serial number range.
        Returns:
        a list of certificates
        Throws:
        EBaseException - failed to retrieve
      • getAllValidCertificates

        public java.util.Enumeration<ICertRecord> getAllValidCertificates()
                                                                   throws EBaseException
        Retrives all valid certificates excluding ones already revoked.
        Throws:
        EBaseException
      • getValidNotPublishedCertificates

        public java.util.Enumeration<ICertRecord> getValidNotPublishedCertificates​(java.lang.String from,
                                                                                   java.lang.String to)
                                                                            throws EBaseException
        Retrives all valid not published certificates excluding ones already revoked.
        Specified by:
        getValidNotPublishedCertificates in interface ICertificateRepository
        Parameters:
        from - The starting point of the serial number range.
        to - The ending point of the serial number range.
        Returns:
        a list of certificates
        Throws:
        EBaseException - failed to retrieve
      • getAllValidNotPublishedCertificates

        public java.util.Enumeration<ICertRecord> getAllValidNotPublishedCertificates()
                                                                               throws EBaseException
        Retrives all valid not published certificates excluding ones already revoked.
        Throws:
        EBaseException
      • getExpiredCertificates

        public java.util.Enumeration<ICertRecord> getExpiredCertificates​(java.lang.String from,
                                                                         java.lang.String to)
                                                                  throws EBaseException
        Retrives all expired certificates.
        Specified by:
        getExpiredCertificates in interface ICertificateRepository
        Parameters:
        from - The starting point of the serial number range.
        to - The ending point of the serial number range.
        Returns:
        a list of certificates
        Throws:
        EBaseException - failed to retrieve
      • getExpiredPublishedCertificates

        public java.util.Enumeration<ICertRecord> getExpiredPublishedCertificates​(java.lang.String from,
                                                                                  java.lang.String to)
                                                                           throws EBaseException
        Retrives all expired published certificates.
        Specified by:
        getExpiredPublishedCertificates in interface ICertificateRepository
        Parameters:
        from - The starting point of the serial number range.
        to - The ending point of the serial number range.
        Returns:
        a list of certificates
        Throws:
        EBaseException - failed to retrieve
      • getAllExpiredPublishedCertificates

        public java.util.Enumeration<ICertRecord> getAllExpiredPublishedCertificates()
                                                                              throws EBaseException
        Retrives all expired publishedcertificates.
        Throws:
        EBaseException
      • getRevokedCertificates

        public java.util.Enumeration<ICertRecord> getRevokedCertificates​(java.lang.String from,
                                                                         java.lang.String to)
                                                                  throws EBaseException
        Retrieves all revoked certificates in the serial number range.
        Specified by:
        getRevokedCertificates in interface ICertificateRepository
        Parameters:
        from - The starting point of the serial number range.
        to - The ending point of the serial number range.
        Returns:
        a list of certificates
        Throws:
        EBaseException - failed to retrieve
      • getRevokedPublishedCertificates

        public java.util.Enumeration<ICertRecord> getRevokedPublishedCertificates​(java.lang.String from,
                                                                                  java.lang.String to)
                                                                           throws EBaseException
        Retrieves all revoked publishedcertificates in the serial number range.
        Specified by:
        getRevokedPublishedCertificates in interface ICertificateRepository
        Parameters:
        from - The starting point of the serial number range.
        to - The ending point of the serial number range.
        Returns:
        a list of certificates
        Throws:
        EBaseException - failed to retrieve
      • getAllRevokedPublishedCertificates

        public java.util.Enumeration<ICertRecord> getAllRevokedPublishedCertificates()
                                                                              throws EBaseException
        Retrives all revoked published certificates including ones already expired or not yet valid.
        Throws:
        EBaseException
      • getModifications

        public void getModifications​(netscape.ldap.LDAPEntry entry)
        Description copied from interface: ICertificateRepository
        Retrieves modified certificate records.
        Specified by:
        getModifications in interface ICertificateRepository
        Parameters:
        entry - LDAPEntry with modified data
      • isCertificateRevoked

        public RevocationInfo isCertificateRevoked​(org.mozilla.jss.netscape.security.x509.X509CertImpl cert)
                                            throws EBaseException
        Checks if the presented certificate belongs to the repository and is revoked.
        Parameters:
        cert - certificate to verify.
        Returns:
        RevocationInfo if the presented certificate is revoked otherwise null.
        Throws:
        EBaseException