org.xipki.ca.api.mgmt

Interface CaManager

public interface CaManager

Interface to manage the CA system.

Since:

2.0.0

Author:

Lijun Liao

Field Summary

Fields

Modifier and Type	Field and Description
static int	MAX_SERIALNUMBER_SIZE Since serial number should be positive and maximal 20 bytes.
static int	MIN_SERIALNUMBER_SIZE Although it is possible to configure it to 1, it is recommended to set it to at least 9.
static String	NULL

Method Summary

Modifier and Type	Method and Description
void	addCa(CaEntry caEntry) Adds a CA.
void	addCaAlias(String aliasName, String caName) Adds the alias aliasName to the given CA caName.
void	addCertprofile(CertprofileEntry certprofileEntry) Adds a certificate profile.
void	addCertprofileToCa(String profileName, String caName) Add the certificate profile profileName the CA caName.
void	addDbSchema(String name, String value)
void	addKeypairGen(KeypairGenEntry keypairGenEntry) Adds a keypair generation entry.
void	addPublisher(PublisherEntry entry) Adds a publisher.
void	addPublisherToCa(String publisherName, String caName) Adds publisher publisherName to CA caName.
void	addRequestor(RequestorEntry requestorEntry) Adds requstor.
void	addRequestorToCa(CaHasRequestorEntry requestor, String caName) Adds the requestor requestorName to the CA caName.
void	addSigner(SignerEntry signerEntry) Adds a signer.
void	changeCa(ChangeCaEntry changeCaEntry) Changes a CA.
void	changeCertprofile(String name, String type, String conf) Changes the certificate profile name.
void	changeDbSchema(String name, String value)
void	changeKeypairGen(String name, String type, String conf) Changes the keypair generation entry name.
void	changePublisher(String name, String type, String conf) Changes the publisher name.
void	changeRequestor(String name, String type, String conf) Changes the requestor name of type CERTIFCATE.
void	changeSigner(String name, String type, String conf, String base64Cert) Changes the signer name.
void	clearPublishQueue(String caName, List<String> publisherNames) Clear the publishing queue for the CA caName and publishers publisherNames.
InputStream	exportConf(List<String> caNames) Exports the CA system configuration to a zip-stream.
org.xipki.security.X509Cert	generateCertificate(String caName, String profileName, byte[] encodedCsr, Date notBefore, Date notAfter) CA caName issues a new certificate.
org.bouncycastle.cert.X509CRLHolder	generateCrlOnDemand(String caName) Generates a new CRL for CA caName.
org.xipki.security.X509Cert	generateCrossCertificate(String caName, String profileName, byte[] encodedCsr, byte[] encodedTargetCert, Date notBefore, Date notAfter) CA caName issues a new certificate.
org.xipki.security.KeyCertBytesPair	generateKeyCert(String caName, String profileName, String subject, Date notBefore, Date notAfter) CA caName issues a new certificate.
org.xipki.security.X509Cert	generateRootCa(CaEntry caEntry, String certprofileName, String subject, String serialNumber, Date notBefore, Date notAfter) Generates a self-signed CA certificate.
Set<String>	getAliasesForCa(String caName) Gets the aliases of the given CA caName.
CaEntry	getCa(String caName) Gets the CA named caName.
Set<String>	getCaAliasNames()
String	getCaNameForAlias(String aliasName) Gets the CA name for the alias aliasName.
Set<String>	getCaNames()
CaSystemStatus	getCaSystemStatus()
CertWithRevocationInfo	getCert(String caName, BigInteger serialNumber) Returns certificate with status information for the CA caName and with serial number serialNumber.
CertWithRevocationInfo	getCert(org.bouncycastle.asn1.x500.X500Name issuer, BigInteger serialNumber) Returns certificate with revocation information for the issuer and with serial number serialNumber.
CertprofileEntry	getCertprofile(String profileName) Returns the certificate profile named profileName.
Set<String>	getCertprofileNames()
Set<String>	getCertprofilesForCa(String caName) Returns the Certprofile names supported by the CA caName.
org.bouncycastle.cert.X509CRLHolder	getCrl(String caName, BigInteger crlNumber) Returns the CRL of CA caName with the CRL number crlNumber.
org.bouncycastle.cert.X509CRLHolder	getCurrentCrl(String caName) Returns the latest CRL of CA caName.
Map<String,String>	getDbSchemas()
Set<String>	getFailedCaNames()
Set<String>	getInactiveCaNames()
KeypairGenEntry	getKeypairGen(String name) Returns the keypair generation entry named profileName.
Set<String>	getKeypairGenNames()
PublisherEntry	getPublisher(String publisherName) Returns the publisher.
Set<String>	getPublisherNames()
List<PublisherEntry>	getPublishersForCa(String caName) Returns publishers for the CA caName.
RequestorEntry	getRequestor(String name) Returns the requestor named name.
Set<String>	getRequestorNames()
Set<CaHasRequestorEntry>	getRequestorsForCa(String caName) Returns the Requests supported by the CA caName.
SignerEntry	getSigner(String name) Returns the signer named name.
Set<String>	getSignerNames()
Set<String>	getSuccessfulCaNames()
Set<String>	getSupportedCertprofileTypes() Retrieves the types of supported certificate profiles.
Set<String>	getSupportedPublisherTypes() Retrieves the types of supported publishers.
Set<String>	getSupportedSignerTypes() Retrieves the types of supported signers.
String	getTokenInfoP11(String moduleName, Integer slotIndex, boolean verbose)
List<CertListInfo>	listCertificates(String caName, org.bouncycastle.asn1.x500.X500Name subjectPattern, Date validFrom, Date validTo, CertListOrderBy orderBy, int numEntries) Returns a sorted list of certificate meta information.
Map<String,org.xipki.security.X509Cert>	loadConf(InputStream zippedConfStream) Loads the CA system configuration.
void	notifyCaChange()
void	removeCa(String caName) Removes the CA caName from the system.
void	removeCaAlias(String aliasName) Remove the alias aliasName.
void	removeCertificate(String caName, BigInteger serialNumber) Removes a certificate with the serial number serialNumber, and issued by the CA caName.
void	removeCertprofile(String profileName) Removes the certificate profile profileName.
void	removeCertprofileFromCa(String profileName, String caName) Removes the support of the certprofile profileName from the CA caName.
void	removeDbSchema(String name)
void	removeKeypairGen(String name) Removes the keypair generation entry name.
void	removePublisher(String publisherName) Removes the publisher publisherName.
void	removePublisherFromCa(String publisherName, String caName) Removes publisher publisherName from the CA caName.
void	removeRequestor(String requestorName) Removes requestor named requestorName.
void	removeRequestorFromCa(String requestorName, String caName) Removes the requestor requestorName from the CA caName.
void	removeSigner(String name) Removes the signer named name.
void	republishCertificates(String caName, List<String> publisherNames, int numThreads) Republishes certificates of the CA caName to the publishers publisherNames.
void	restartCa(String caName) Restart the given CA.
void	restartCaSystem() Restart the whole CA system.
void	revokeCa(String caName, org.xipki.security.CertRevocationInfo revocationInfo) Revokes the CA caName.
void	revokeCertificate(String caName, BigInteger serialNumber, org.xipki.security.CrlReason reason, Date invalidityTime) Revokes a certificate with the serial number serialNumber, and issued by the CA caName.
void	unlockCa()
void	unrevokeCa(String caName) Unrevokes the CA caName.
void	unsuspendCertificate(String caName, BigInteger serialNumber) Unrevokes a certificate with the serial number serialNumber, and issued by the CA caName.

Field Detail

NULL

static final String NULL

See Also:

Constant Field Values

MIN_SERIALNUMBER_SIZE

static final int MIN_SERIALNUMBER_SIZE

Although it is possible to configure it to 1, it is recommended to set it to at least 9. At least 64 bit entropy is required. Since the highest bit is set to 0, at least 9 bytes is recommended.

See Also:

Constant Field Values

MAX_SERIALNUMBER_SIZE

static final int MAX_SERIALNUMBER_SIZE

Since serial number should be positive and maximal 20 bytes.

See Also:

Constant Field Values

Method Detail

getCaSystemStatus

CaSystemStatus getCaSystemStatus()
                          throws CaMgmtException

Throws:

CaMgmtException

unlockCa

void unlockCa()
       throws CaMgmtException

Throws:

CaMgmtException

notifyCaChange

void notifyCaChange()
             throws CaMgmtException

Throws:

CaMgmtException

addDbSchema

void addDbSchema(String name,
                 String value)
          throws CaMgmtException

Throws:

CaMgmtException

changeDbSchema

void changeDbSchema(String name,
                    String value)
             throws CaMgmtException

Throws:

CaMgmtException

removeDbSchema

void removeDbSchema(String name)
             throws CaMgmtException

Throws:

CaMgmtException

getDbSchemas

Map<String,String> getDbSchemas()
                         throws CaMgmtException

Throws:

CaMgmtException

republishCertificates

void republishCertificates(String caName,
                           List<String> publisherNames,
                           int numThreads)
                    throws CaMgmtException

Republishes certificates of the CA caName to the publishers publisherNames.

Parameters:

caName - CA name. Could be null.

publisherNames - Publisher names. Could be null.

numThreads - Number of threads

Throws:

CaMgmtException - if error occurs.

clearPublishQueue

void clearPublishQueue(String caName,
                       List<String> publisherNames)
                throws CaMgmtException

Clear the publishing queue for the CA caName and publishers publisherNames.

Parameters:

caName - CA name. Could be null.

publisherNames - Publisher names. Could be null.

Throws:

CaMgmtException - if error occurs.

removeCa

void removeCa(String caName)
       throws CaMgmtException

Removes the CA caName from the system.

Parameters:

caName - CA name. Must not be null.

Throws:

CaMgmtException - if error occurs.

restartCa

void restartCa(String caName)
        throws CaMgmtException

Restart the given CA.

Parameters:

caName - CA name. Must not be null.

Throws:

CaMgmtException - if error occurs.

restartCaSystem

void restartCaSystem()
              throws CaMgmtException

Restart the whole CA system.

Throws:

CaMgmtException - if error occurs.

addCaAlias

void addCaAlias(String aliasName,
                String caName)
         throws CaMgmtException

Adds the alias aliasName to the given CA caName.

Parameters:

aliasName - CA alias name. Must not be null.

caName - CA name. Must not be null.

Throws:

CaMgmtException - if error occurs.

removeCaAlias

void removeCaAlias(String aliasName)
            throws CaMgmtException

Remove the alias aliasName.

Parameters:

aliasName - Alias name. Must not be null.

Throws:

CaMgmtException - if error occurs.

getAliasesForCa

Set<String> getAliasesForCa(String caName)
                     throws CaMgmtException

Gets the aliases of the given CA caName.

Parameters:

caName - CA name. Must not be null.

Returns:

the aliases of the given CA.

Throws:

CaMgmtException - if error occurs.

getCaNameForAlias

String getCaNameForAlias(String aliasName)
                  throws CaMgmtException

Gets the CA name for the alias aliasName.

Parameters:

aliasName - CA alias name. Must not be null.

Returns:

the aliases of the given CA.

Throws:

CaMgmtException - if error occurs.

getCaAliasNames

Set<String> getCaAliasNames()
                     throws CaMgmtException

Throws:

CaMgmtException

getCertprofileNames

Set<String> getCertprofileNames()
                         throws CaMgmtException

Throws:

CaMgmtException

getKeypairGenNames

Set<String> getKeypairGenNames()
                        throws CaMgmtException

Throws:

CaMgmtException

getPublisherNames

Set<String> getPublisherNames()
                       throws CaMgmtException

Throws:

CaMgmtException

getRequestorNames

Set<String> getRequestorNames()
                       throws CaMgmtException

Throws:

CaMgmtException

getSignerNames

Set<String> getSignerNames()
                    throws CaMgmtException

Throws:

CaMgmtException

getCaNames

Set<String> getCaNames()
                throws CaMgmtException

Throws:

CaMgmtException

getSuccessfulCaNames

Set<String> getSuccessfulCaNames()
                          throws CaMgmtException

Throws:

CaMgmtException

getFailedCaNames

Set<String> getFailedCaNames()
                      throws CaMgmtException

Throws:

CaMgmtException

getInactiveCaNames

Set<String> getInactiveCaNames()
                        throws CaMgmtException

Throws:

CaMgmtException

addCa

void addCa(CaEntry caEntry)
    throws CaMgmtException

Adds a CA.

Parameters:

caEntry - CA to be added. Must not be null.

Throws:

CaMgmtException - if error occurs.

getCa

CaEntry getCa(String caName)
       throws CaMgmtException

Gets the CA named caName.

Parameters:

caName - CA name. Must not be null.

Returns:

the CaEntry

Throws:

CaMgmtException - if error occurs.

changeCa

void changeCa(ChangeCaEntry changeCaEntry)
       throws CaMgmtException

Changes a CA.

Parameters:

changeCaEntry - ChangeCA entry. Must not be null.

Throws:

CaMgmtException - if error occurs.

removeCertprofileFromCa

void removeCertprofileFromCa(String profileName,
                             String caName)
                      throws CaMgmtException

Removes the support of the certprofile profileName from the CA caName.

Parameters:

profileName - Profile name. Must not be null.

caName - CA name. Must not be null.

Throws:

CaMgmtException - if error occurs.

addCertprofileToCa

void addCertprofileToCa(String profileName,
                        String caName)
                 throws CaMgmtException

Add the certificate profile profileName the CA caName.

Parameters:

profileName - Profile name. Must not be null.

caName - CA name. Must not be null.

Throws:

CaMgmtException - if error occurs.

removePublisherFromCa

void removePublisherFromCa(String publisherName,
                           String caName)
                    throws CaMgmtException

Removes publisher publisherName from the CA caName.

Parameters:

publisherName - Publisher name. Must not be null.

caName - CA name. Must not be null.

Throws:

CaMgmtException - if error occurs.

addPublisherToCa

void addPublisherToCa(String publisherName,
                      String caName)
               throws CaMgmtException

Adds publisher publisherName to CA caName.

Parameters:

publisherName - Publisher name. Must not be null.

caName - CA name. Must not be null.

Throws:

CaMgmtException - if error occurs.

getCertprofilesForCa

Set<String> getCertprofilesForCa(String caName)
                          throws CaMgmtException

Returns the Certprofile names supported by the CA caName.

Parameters:

caName - CA name. Must not be null.

Returns:

the Certprofile names.

Throws:

CaMgmtException - if error occurs.

getRequestorsForCa

Set<CaHasRequestorEntry> getRequestorsForCa(String caName)
                                     throws CaMgmtException

Returns the Requests supported by the CA caName.

Parameters:

caName - CA name. Must not be null.

Returns:

the requestors.

Throws:

CaMgmtException - if error occurs.

getRequestor

RequestorEntry getRequestor(String name)
                     throws CaMgmtException

Returns the requestor named name.

Parameters:

name - Requestor name. Must not be null.

Returns:

the requestor.

Throws:

CaMgmtException - if error occurs.

addRequestor

void addRequestor(RequestorEntry requestorEntry)
           throws CaMgmtException

Adds requstor.

Parameters:

requestorEntry - Requestor entry. Must not be null.

Throws:

CaMgmtException - if error occurs.

removeRequestor

void removeRequestor(String requestorName)
              throws CaMgmtException

Removes requestor named requestorName.

Parameters:

requestorName - Requestor name. Must not be null.

Throws:

CaMgmtException - if error occurs.

changeRequestor

void changeRequestor(String name,
                     String type,
                     String conf)
              throws CaMgmtException

Changes the requestor name of type CERTIFCATE.

Parameters:

name - name of the certificate profile to be changed. Must not be null.

type - Type to be changed. null indicates no change.

conf - Configuration to be changed. null indicates no change.

Throws:

CaMgmtException - if error occurs.

removeRequestorFromCa

void removeRequestorFromCa(String requestorName,
                           String caName)
                    throws CaMgmtException

Removes the requestor requestorName from the CA caName.

Parameters:

requestorName - Requestor name. Must not be null.

caName - CA name. Must not be null.

Throws:

CaMgmtException - if error occurs.

addRequestorToCa

void addRequestorToCa(CaHasRequestorEntry requestor,
                      String caName)
               throws CaMgmtException

Adds the requestor requestorName to the CA caName.

Parameters:

requestor - Requestor name. Must not be null.

caName - CA name. Must not be null.

Throws:

CaMgmtException - if error occurs.

getCertprofile

CertprofileEntry getCertprofile(String profileName)
                         throws CaMgmtException

Returns the certificate profile named profileName.

Parameters:

profileName - certificate profile name. Must not be null.

Returns:

the profile

Throws:

CaMgmtException - if error occurs.

removeCertprofile

void removeCertprofile(String profileName)
                throws CaMgmtException

Removes the certificate profile profileName.

Parameters:

profileName - certificate profile name. Must not be null.

Throws:

CaMgmtException - if error occurs.

changeCertprofile

void changeCertprofile(String name,
                       String type,
                       String conf)
                throws CaMgmtException

Changes the certificate profile name.

Parameters:

name - name of the certificate profile to be changed. Must not be null.

type - Type to be changed. null indicates no change.

conf - Configuration to be changed. null indicates no change.

Throws:

CaMgmtException - if error occurs.

addCertprofile

void addCertprofile(CertprofileEntry certprofileEntry)
             throws CaMgmtException

Adds a certificate profile.

Parameters:

certprofileEntry - Certificate profile entry. Must not be null.

Throws:

CaMgmtException - if error occurs.

getKeypairGen

KeypairGenEntry getKeypairGen(String name)
                       throws CaMgmtException

Returns the keypair generation entry named profileName.

Parameters:

name - keypair generation name. Must not be null.

Returns:

the keypair generation entry

Throws:

CaMgmtException - if error occurs.

removeKeypairGen

void removeKeypairGen(String name)
               throws CaMgmtException

Removes the keypair generation entry name.

Parameters:

name - keypair generation name. Must not be null.

Throws:

CaMgmtException - if error occurs.

changeKeypairGen

void changeKeypairGen(String name,
                      String type,
                      String conf)
               throws CaMgmtException

Changes the keypair generation entry name.

Parameters:

name - name of the keypair generation entry to be changed. Must not be null.

type - Type to be changed. null indicates no change.

conf - Configuration to be changed. null indicates no change.

Throws:

CaMgmtException - if error occurs.

addKeypairGen

void addKeypairGen(KeypairGenEntry keypairGenEntry)
            throws CaMgmtException

Adds a keypair generation entry.

Parameters:

keypairGenEntry - Keypair generation entry. Must not be null.

Throws:

CaMgmtException - if error occurs.

addSigner

void addSigner(SignerEntry signerEntry)
        throws CaMgmtException

Adds a signer.

Parameters:

signerEntry - Signer entry. Must not be null.

Throws:

CaMgmtException - if error occurs.

removeSigner

void removeSigner(String name)
           throws CaMgmtException

Removes the signer named name.

Parameters:

name - Signer name. Must not be null.

Throws:

CaMgmtException - if error occurs.

getSigner

SignerEntry getSigner(String name)
               throws CaMgmtException

Returns the signer named name.

Parameters:

name - Signer name. Must not be null.

Returns:

the signer.

Throws:

CaMgmtException - if error occurs.

changeSigner

void changeSigner(String name,
                  String type,
                  String conf,
                  String base64Cert)
           throws CaMgmtException

Changes the signer name.

Parameters:

name - name of the signer to be changed. Must not be null.

type - Type to be changed. null indicates no change.

conf - Configuration to be changed. null indicates no change.

base64Cert - Base64 encoded certificate of the signer. null indicates no change.

Throws:

CaMgmtException - if error occurs.

addPublisher

void addPublisher(PublisherEntry entry)
           throws CaMgmtException

Adds a publisher.

Parameters:

entry - Publisher entry.

Throws:

CaMgmtException - if error occurs.

getPublishersForCa

List<PublisherEntry> getPublishersForCa(String caName)
                                 throws CaMgmtException

Returns publishers for the CA caName.

Parameters:

caName - CA name. Must not be null.

Returns:

publishers for the given CA.

Throws:

CaMgmtException - if error occurs.

getPublisher

PublisherEntry getPublisher(String publisherName)
                     throws CaMgmtException

Returns the publisher.

Parameters:

publisherName - Publisher name. Must not be null.

Returns:

the publisher.

Throws:

CaMgmtException - if error occurs.

removePublisher

void removePublisher(String publisherName)
              throws CaMgmtException

Removes the publisher publisherName.

Parameters:

publisherName - Publisher name. Must not be null.

Throws:

CaMgmtException - if error occurs.

changePublisher

void changePublisher(String name,
                     String type,
                     String conf)
              throws CaMgmtException

Changes the publisher name.

Parameters:

name - name of the publisher to be changed. Must not be null.

type - Type to be changed. null indicates no change.

conf - Configuration to be changed. null indicates no change.

Throws:

CaMgmtException - if error occurs.

revokeCa

void revokeCa(String caName,
              org.xipki.security.CertRevocationInfo revocationInfo)
       throws CaMgmtException

Revokes the CA caName.

Parameters:

caName - CA name. Must not be null.

revocationInfo - Revocation information. Must not be null.

Throws:

CaMgmtException - if error occurs.

unrevokeCa

void unrevokeCa(String caName)
         throws CaMgmtException

Unrevokes the CA caName.

Parameters:

caName - CA name. Must not be null.

Throws:

CaMgmtException - if error occurs.

revokeCertificate

void revokeCertificate(String caName,
                       BigInteger serialNumber,
                       org.xipki.security.CrlReason reason,
                       Date invalidityTime)
                throws CaMgmtException

Revokes a certificate with the serial number serialNumber, and issued by the CA caName.

Parameters:

caName - CA name. Must not be null.

serialNumber - Serial number. Must not be null.

reason - Revocation reason. Must not be null.

invalidityTime - Invalidity time. Could be null.

Throws:

CaMgmtException - if error occurs.

unsuspendCertificate

void unsuspendCertificate(String caName,
                          BigInteger serialNumber)
                   throws CaMgmtException

Unrevokes a certificate with the serial number serialNumber, and issued by the CA caName.

Parameters:

caName - CA name. Must not be null.

serialNumber - Serial number. Must not be null.

Throws:

CaMgmtException - if error occurs.

removeCertificate

void removeCertificate(String caName,
                       BigInteger serialNumber)
                throws CaMgmtException

Removes a certificate with the serial number serialNumber, and issued by the CA caName.

Parameters:

caName - CA name. Must not be null.

serialNumber - Serial number. Must not be null.

Throws:

CaMgmtException - if error occurs.

generateCertificate

org.xipki.security.X509Cert generateCertificate(String caName,
                                                String profileName,
                                                byte[] encodedCsr,
                                                Date notBefore,
                                                Date notAfter)
                                         throws CaMgmtException

CA caName issues a new certificate.

Parameters:

caName - CA name. Must not be null.

profileName - Name of the certificate profile. Must not be null.

encodedCsr - CSR. Must not be null.

notBefore - NotBefore. Could be null.

notAfter - NotAfter. Could be null.

Returns:

the issued certificate

Throws:

CaMgmtException - if error occurs.

generateKeyCert

org.xipki.security.KeyCertBytesPair generateKeyCert(String caName,
                                                    String profileName,
                                                    String subject,
                                                    Date notBefore,
                                                    Date notAfter)
                                             throws CaMgmtException

CA caName issues a new certificate.

Parameters:

caName - CA name. Must not be null.

profileName - Name of the certificate profile. Must not be null.

subject - Subject. Must not be null.

notBefore - NotBefore. Could be null.

notAfter - NotAfter. Could be null.

Returns:

the generated key and issued certificate

Throws:

CaMgmtException - if error occurs.

generateCrossCertificate

org.xipki.security.X509Cert generateCrossCertificate(String caName,
                                                     String profileName,
                                                     byte[] encodedCsr,
                                                     byte[] encodedTargetCert,
                                                     Date notBefore,
                                                     Date notAfter)
                                              throws CaMgmtException

CA caName issues a new certificate.

Parameters:

caName - CA name. Must not be null.

profileName - Name of the certificate profile. Must not be null.

encodedCsr - CSR. Must not be null.

encodedTargetCert - certificate file, for which the cross certificate will be generated. There shall be not different in subject and public key between #encodedCsr and #encodedCert.

notBefore - NotBefore.

notAfter - NotAfter

Returns:

the issued certificate

Throws:

CaMgmtException - if error occurs.

generateRootCa

org.xipki.security.X509Cert generateRootCa(CaEntry caEntry,
                                           String certprofileName,
                                           String subject,
                                           String serialNumber,
                                           Date notBefore,
                                           Date notAfter)
                                    throws CaMgmtException

Generates a self-signed CA certificate.

Parameters:

caEntry - CA entry. Must not be null.

certprofileName - Profile name of the root CA certificate. Must not be null.

subject - Subject. Must not be null.

serialNumber - Serial number. null: lets CA choose the serial number; fixed serialnumber: decimal or heximal (beginning with 0x) number; RANDOM:<size in bytes> random number with given length.

notBefore - NotBefore.

notAfter - NotAfter

Returns:

the generated certificate

Throws:

CaMgmtException - if error occurs.

generateCrlOnDemand

org.bouncycastle.cert.X509CRLHolder generateCrlOnDemand(String caName)
                                                 throws CaMgmtException

Generates a new CRL for CA caName.

Parameters:

caName - CA name. Must not be null.

Returns:

the generated CRL.

Throws:

CaMgmtException - if error occurs.

getCrl

org.bouncycastle.cert.X509CRLHolder getCrl(String caName,
                                           BigInteger crlNumber)
                                    throws CaMgmtException

Returns the CRL of CA caName with the CRL number crlNumber.

Parameters:

caName - CA name. Must not be null.

crlNumber - CRL number. Must not be null.

Returns:

the CRL.

Throws:

CaMgmtException - if error occurs.

getCurrentCrl

org.bouncycastle.cert.X509CRLHolder getCurrentCrl(String caName)
                                           throws CaMgmtException

Returns the latest CRL of CA caName.

Parameters:

caName - CA name. Must not be null.

Returns:

the CRL.

Throws:

CaMgmtException - if error occurs.

getCert

CertWithRevocationInfo getCert(String caName,
                               BigInteger serialNumber)
                        throws CaMgmtException

Returns certificate with status information for the CA caName and with serial number serialNumber.

Parameters:

caName - CA name. Must not be null.

serialNumber - Serial number. Must not be null.

Returns:

the certificate with status information.

Throws:

CaMgmtException - if error occurs.

getCert

CertWithRevocationInfo getCert(org.bouncycastle.asn1.x500.X500Name issuer,
                               BigInteger serialNumber)
                        throws CaMgmtException

Returns certificate with revocation information for the issuer and with serial number serialNumber.

Parameters:

issuer - Issuer of the certificate. Must not be null.

serialNumber - Serial number. Must not be null.

Returns:

the certificate with status information.

Throws:

CaMgmtException - if error occurs.

loadConf

Map<String,org.xipki.security.X509Cert> loadConf(InputStream zippedConfStream)
                                          throws CaMgmtException,
                                                 IOException

Loads the CA system configuration.

Parameters:

zippedConfStream - Inputstream of the zipped Configuration the CA system. Must not be null.

Returns:

map of generated root certificates, if newly generated. The key is the CA name.

Throws:

IOException - If read the ZIP stream fails.

CaMgmtException - if other error occurs.

exportConf

InputStream exportConf(List<String> caNames)
                throws CaMgmtException,
                       IOException

Exports the CA system configuration to a zip-stream.

Parameters:

caNames - List of the names of CAs to be exported. null to export all CAs.

Returns:

ZIP stream of the CA system configuration.

Throws:

IOException - If read the ZIP file fails.

CaMgmtException - if non-IO error occurs.

listCertificates

List<CertListInfo> listCertificates(String caName,
                                    org.bouncycastle.asn1.x500.X500Name subjectPattern,
                                    Date validFrom,
                                    Date validTo,
                                    CertListOrderBy orderBy,
                                    int numEntries)
                             throws CaMgmtException

Returns a sorted list of certificate meta information.

Parameters:

caName - CA name. Must not be null.

subjectPattern - Subject pattern. Could be null.

validFrom - Valid from. Could be null.

validTo - Valid to. Could be null.

orderBy - How the result is ordered. Could be null.

numEntries - Maximal number of entries in the returned list.

Returns:

a sorted list of certificate meta information.

Throws:

CaMgmtException - if error occurs.

getSupportedSignerTypes

Set<String> getSupportedSignerTypes()
                             throws CaMgmtException

Retrieves the types of supported signers.

Returns:

lower-case types of supported signers, never null.

Throws:

CaMgmtException - if error occurs.

getSupportedCertprofileTypes

Set<String> getSupportedCertprofileTypes()
                                  throws CaMgmtException

Retrieves the types of supported certificate profiles.

Returns:

types of supported certificate profiles, never null.

Throws:

CaMgmtException - if error occurs.

getSupportedPublisherTypes

Set<String> getSupportedPublisherTypes()
                                throws CaMgmtException

Retrieves the types of supported publishers.

Returns:

lower-case types of supported publishers, never null.

Throws:

CaMgmtException - if error occurs.

getTokenInfoP11

String getTokenInfoP11(String moduleName,
                       Integer slotIndex,
                       boolean verbose)
                throws CaMgmtException

Throws:

CaMgmtException