Package org.xipki.ca.api.mgmt

Interface CaManager

  • public interface CaManager
    Interface to manage the CA system.
    Since:
    2.0.0
    Author:
    Lijun Liao (xipki)

    • Field Detail

      • MIN_SERIALNUMBER_SIZE

        static final int MIN_SERIALNUMBER_SIZE
        Although it is possible to configure it to 1, it is recommended to set it to at least 9. At least 64 bit entropy is required. Since the highest bit is set to 0, at least 9 bytes is recommended.
        See Also:
        Constant Field Values

      • MAX_SERIALNUMBER_SIZE

        static final int MAX_SERIALNUMBER_SIZE
        Since serial number should be positive and maximal 20 bytes.
        See Also:
        Constant Field Values

    • Method Detail

      • republishCertificates

        void republishCertificates​(String caName,
                           List<String> publisherNames,
                           int numThreads)
                    throws CaMgmtException
        Republishes certificates of the CA caName to the publishers publisherNames.
        Parameters:
        caName - CA name. Could be null.
        publisherNames - Publisher names. Could be null.
        numThreads - Number of threads
        Throws:
        CaMgmtException - if error occurs.

      • clearPublishQueue

        void clearPublishQueue​(String caName,
                       List<String> publisherNames)
                throws CaMgmtException
        Clear the publishing queue for the CA caName and publishers publisherNames.
        Parameters:
        caName - CA name. Could be null.
        publisherNames - Publisher names. Could be null.
        Throws:
        CaMgmtException - if error occurs.

      • removeCa

        void removeCa​(String caName)
       throws CaMgmtException
        Removes the CA caName from the system.
        Parameters:
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • restartCa

        void restartCa​(String caName)
        throws CaMgmtException
        Restart the given CA.
        Parameters:
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • addCaAlias

        void addCaAlias​(String aliasName,
                String caName)
         throws CaMgmtException
        Adds the alias aliasName to the given CA caName.
        Parameters:
        aliasName - CA alias name. Must not be null.
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • removeCaAlias

        void removeCaAlias​(String aliasName)
            throws CaMgmtException
        Remove the alias aliasName.
        Parameters:
        aliasName - Alias name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • getAliasesForCa

        Set<String> getAliasesForCa​(String caName)
                     throws CaMgmtException
        Gets the aliases of the given CA caName.
        Parameters:
        caName - CA name. Must not be null.
        Returns:
        the aliases of the given CA.
        Throws:
        CaMgmtException - if error occurs.

      • getCaNameForAlias

        String getCaNameForAlias​(String aliasName)
                  throws CaMgmtException
        Gets the CA name for the alias aliasName.
        Parameters:
        aliasName - CA alias name. Must not be null.
        Returns:
        the aliases of the given CA.
        Throws:
        CaMgmtException - if error occurs.

      • removeCertprofileFromCa

        void removeCertprofileFromCa​(String profileName,
                             String caName)
                      throws CaMgmtException
        Removes the support of the certprofile profileName from the CA caName.
        Parameters:
        profileName - Profile name. Must not be null.
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • addCertprofileToCa

        void addCertprofileToCa​(String profileName,
                        String caName)
                 throws CaMgmtException
        Add the certificate profile profileName the CA caName.
        Parameters:
        profileName - Profile name. Must not be null.
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • removePublisherFromCa

        void removePublisherFromCa​(String publisherName,
                           String caName)
                    throws CaMgmtException
        Removes publisher publisherName from the CA caName.
        Parameters:
        publisherName - Publisher name. Must not be null.
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • addPublisherToCa

        void addPublisherToCa​(String publisherName,
                      String caName)
               throws CaMgmtException
        Adds publisher publisherName to CA caName.
        Parameters:
        publisherName - Publisher name. Must not be null.
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • getCertprofilesForCa

        Set<String> getCertprofilesForCa​(String caName)
                          throws CaMgmtException
        Returns the Certprofile names supported by the CA caName.
        Parameters:
        caName - CA name. Must not be null.
        Returns:
        the Certprofile names.
        Throws:
        CaMgmtException - if error occurs.

      • removeRequestor

        void removeRequestor​(String requestorName)
              throws CaMgmtException
        Removes requestor named requestorName.
        Parameters:
        requestorName - Requestor name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • changeRequestor

        void changeRequestor​(String name,
                     String type,
                     String conf)
              throws CaMgmtException
        Changes the requestor name of type CERTIFCATE.
        Parameters:
        name - name of the certificate profile to be changed. Must not be null.
        type - Type to be changed. null indicates no change.
        conf - Configuration to be changed. null indicates no change.
        Throws:
        CaMgmtException - if error occurs.

      • removeRequestorFromCa

        void removeRequestorFromCa​(String requestorName,
                           String caName)
                    throws CaMgmtException
        Removes the requestor requestorName from the CA caName.
        Parameters:
        requestorName - Requestor name. Must not be null.
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • addRequestorToCa

        void addRequestorToCa​(CaHasRequestorEntry requestor,
                      String caName)
               throws CaMgmtException
        Adds the requestor requestorName to the CA caName.
        Parameters:
        requestor - Requestor name. Must not be null.
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • getCertprofile

        CertprofileEntry getCertprofile​(String profileName)
                         throws CaMgmtException
        Returns the certificate profile named profileName.
        Parameters:
        profileName - certificate profile name. Must not be null.
        Returns:
        the profile
        Throws:
        CaMgmtException - if error occurs.

      • removeCertprofile

        void removeCertprofile​(String profileName)
                throws CaMgmtException
        Removes the certificate profile profileName.
        Parameters:
        profileName - certificate profile name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • changeCertprofile

        void changeCertprofile​(String name,
                       String type,
                       String conf)
                throws CaMgmtException
        Changes the certificate profile name.
        Parameters:
        name - name of the certificate profile to be changed. Must not be null.
        type - Type to be changed. null indicates no change.
        conf - Configuration to be changed. null indicates no change.
        Throws:
        CaMgmtException - if error occurs.

      • addCertprofile

        void addCertprofile​(CertprofileEntry certprofileEntry)
             throws CaMgmtException
        Adds a certificate profile.
        Parameters:
        certprofileEntry - Certificate profile entry. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • getKeypairGen

        KeypairGenEntry getKeypairGen​(String name)
                       throws CaMgmtException
        Returns the keypair generation entry named profileName.
        Parameters:
        name - keypair generation name. Must not be null.
        Returns:
        the keypair generation entry
        Throws:
        CaMgmtException - if error occurs.

      • removeKeypairGen

        void removeKeypairGen​(String name)
               throws CaMgmtException
        Removes the keypair generation entry name.
        Parameters:
        name - keypair generation name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • changeKeypairGen

        void changeKeypairGen​(String name,
                      String type,
                      String conf)
               throws CaMgmtException
        Changes the keypair generation entry name.
        Parameters:
        name - name of the keypair generation entry to be changed. Must not be null.
        type - Type to be changed. null indicates no change.
        conf - Configuration to be changed. null indicates no change.
        Throws:
        CaMgmtException - if error occurs.

      • addKeypairGen

        void addKeypairGen​(KeypairGenEntry keypairGenEntry)
            throws CaMgmtException
        Adds a keypair generation entry.
        Parameters:
        keypairGenEntry - Keypair generation entry. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • removeSigner

        void removeSigner​(String name)
           throws CaMgmtException
        Removes the signer named name.
        Parameters:
        name - Signer name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • changeSigner

        void changeSigner​(String name,
                  String type,
                  String conf,
                  String base64Cert)
           throws CaMgmtException
        Changes the signer name.
        Parameters:
        name - name of the signer to be changed. Must not be null.
        type - Type to be changed. null indicates no change.
        conf - Configuration to be changed. null indicates no change.
        base64Cert - Base64 encoded certificate of the signer. null indicates no change.
        Throws:
        CaMgmtException - if error occurs.

      • getPublishersForCa

        List<PublisherEntry> getPublishersForCa​(String caName)
                                 throws CaMgmtException
        Returns publishers for the CA caName.
        Parameters:
        caName - CA name. Must not be null.
        Returns:
        publishers for the given CA.
        Throws:
        CaMgmtException - if error occurs.

      • removePublisher

        void removePublisher​(String publisherName)
              throws CaMgmtException
        Removes the publisher publisherName.
        Parameters:
        publisherName - Publisher name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • changePublisher

        void changePublisher​(String name,
                     String type,
                     String conf)
              throws CaMgmtException
        Changes the publisher name.
        Parameters:
        name - name of the publisher to be changed. Must not be null.
        type - Type to be changed. null indicates no change.
        conf - Configuration to be changed. null indicates no change.
        Throws:
        CaMgmtException - if error occurs.

      • revokeCa

        void revokeCa​(String caName,
              org.xipki.security.CertRevocationInfo revocationInfo)
       throws CaMgmtException
        Revokes the CA caName.
        Parameters:
        caName - CA name. Must not be null.
        revocationInfo - Revocation information. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • unrevokeCa

        void unrevokeCa​(String caName)
         throws CaMgmtException
        Unrevokes the CA caName.
        Parameters:
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • revokeCertificate

        void revokeCertificate​(String caName,
                       BigInteger serialNumber,
                       org.xipki.security.CrlReason reason,
                       Instant invalidityTime)
                throws CaMgmtException
        Revokes a certificate with the serial number serialNumber, and issued by the CA caName.
        Parameters:
        caName - CA name. Must not be null.
        serialNumber - Serial number. Must not be null.
        reason - Revocation reason. Must not be null.
        invalidityTime - Invalidity time. Could be null.
        Throws:
        CaMgmtException - if error occurs.

      • unsuspendCertificate

        void unsuspendCertificate​(String caName,
                          BigInteger serialNumber)
                   throws CaMgmtException
        Unrevokes a certificate with the serial number serialNumber, and issued by the CA caName.
        Parameters:
        caName - CA name. Must not be null.
        serialNumber - Serial number. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • removeCertificate

        void removeCertificate​(String caName,
                       BigInteger serialNumber)
                throws CaMgmtException
        Removes a certificate with the serial number serialNumber, and issued by the CA caName.
        Parameters:
        caName - CA name. Must not be null.
        serialNumber - Serial number. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • generateCertificate

        org.xipki.security.X509Cert generateCertificate​(String caName,
                                                String profileName,
                                                byte[] encodedCsr,
                                                Instant notBefore,
                                                Instant notAfter)
                                         throws CaMgmtException
        CA caName issues a new certificate.
        Parameters:
        caName - CA name. Must not be null.
        profileName - Name of the certificate profile. Must not be null.
        encodedCsr - CSR. Must not be null.
        notBefore - NotBefore. Could be null.
        notAfter - NotAfter. Could be null.
        Returns:
        the issued certificate
        Throws:
        CaMgmtException - if error occurs.

      • generateKeyCert

        org.xipki.security.KeyCertBytesPair generateKeyCert​(String caName,
                                                    String profileName,
                                                    String subject,
                                                    Instant notBefore,
                                                    Instant notAfter)
                                             throws CaMgmtException
        CA caName issues a new certificate.
        Parameters:
        caName - CA name. Must not be null.
        profileName - Name of the certificate profile. Must not be null.
        subject - Subject. Must not be null.
        notBefore - NotBefore. Could be null.
        notAfter - NotAfter. Could be null.
        Returns:
        the generated key and issued certificate
        Throws:
        CaMgmtException - if error occurs.

      • generateCrossCertificate

        org.xipki.security.X509Cert generateCrossCertificate​(String caName,
                                                     String profileName,
                                                     byte[] encodedCsr,
                                                     byte[] encodedTargetCert,
                                                     Instant notBefore,
                                                     Instant notAfter)
                                              throws CaMgmtException
        CA caName issues a new certificate.
        Parameters:
        caName - CA name. Must not be null.
        profileName - Name of the certificate profile. Must not be null.
        encodedCsr - CSR. Must not be null.
        encodedTargetCert - certificate file, for which the cross certificate will be generated. There shall be not different in subject and public key between #encodedCsr and #encodedCert.
        notBefore - NotBefore.
        notAfter - NotAfter
        Returns:
        the issued certificate
        Throws:
        CaMgmtException - if error occurs.

      • generateRootCa

        org.xipki.security.X509Cert generateRootCa​(CaEntry caEntry,
                                           String certprofileName,
                                           String subject,
                                           String serialNumber,
                                           Instant notBefore,
                                           Instant notAfter)
                                    throws CaMgmtException
        Generates a self-signed CA certificate.
        Parameters:
        caEntry - CA entry. Must not be null.
        certprofileName - Profile name of the root CA certificate. Must not be null.
        subject - Subject. Must not be null.
        serialNumber - Serial number. null: lets CA choose the serial number; fixed serialnumber: decimal or heximal (beginning with 0x) number; RANDOM:<size in bytes> random number with given length.
        notBefore - NotBefore.
        notAfter - NotAfter
        Returns:
        the generated certificate
        Throws:
        CaMgmtException - if error occurs.

      • generateCrlOnDemand

        org.bouncycastle.cert.X509CRLHolder generateCrlOnDemand​(String caName)
                                                 throws CaMgmtException
        Generates a new CRL for CA caName.
        Parameters:
        caName - CA name. Must not be null.
        Returns:
        the generated CRL.
        Throws:
        CaMgmtException - if error occurs.

      • getCrl

        org.bouncycastle.cert.X509CRLHolder getCrl​(String caName,
                                           BigInteger crlNumber)
                                    throws CaMgmtException
        Returns the CRL of CA caName with the CRL number crlNumber.
        Parameters:
        caName - CA name. Must not be null.
        crlNumber - CRL number. Must not be null.
        Returns:
        the CRL.
        Throws:
        CaMgmtException - if error occurs.

      • getCurrentCrl

        org.bouncycastle.cert.X509CRLHolder getCurrentCrl​(String caName)
                                           throws CaMgmtException
        Returns the latest CRL of CA caName.
        Parameters:
        caName - CA name. Must not be null.
        Returns:
        the CRL.
        Throws:
        CaMgmtException - if error occurs.

      • getCert

        CertWithRevocationInfo getCert​(String caName,
                               BigInteger serialNumber)
                        throws CaMgmtException
        Returns certificate with status information for the CA caName and with serial number serialNumber.
        Parameters:
        caName - CA name. Must not be null.
        serialNumber - Serial number. Must not be null.
        Returns:
        the certificate with status information.
        Throws:
        CaMgmtException - if error occurs.

      • getCert

        CertWithRevocationInfo getCert​(org.bouncycastle.asn1.x500.X500Name issuer,
                               BigInteger serialNumber)
                        throws CaMgmtException
        Returns certificate with revocation information for the issuer and with serial number serialNumber.
        Parameters:
        issuer - Issuer of the certificate. Must not be null.
        serialNumber - Serial number. Must not be null.
        Returns:
        the certificate with status information.
        Throws:
        CaMgmtException - if error occurs.

      • loadConf

        Map<String,​org.xipki.security.X509Cert> loadConf​(InputStream zippedConfStream)
                                                throws CaMgmtException,
                                                       IOException
        Loads the CA system configuration.
        Parameters:
        zippedConfStream - Inputstream of the zipped Configuration the CA system. Must not be null.
        Returns:
        map of generated root certificates, if newly generated. The key is the CA name.
        Throws:
        IOException - If read the ZIP stream fails.
        CaMgmtException - if other error occurs.

      • exportConf

        InputStream exportConf​(List<String> caNames)
                throws CaMgmtException,
                       IOException
        Exports the CA system configuration to a zip-stream.
        Parameters:
        caNames - List of the names of CAs to be exported. null to export all CAs.
        Returns:
        ZIP stream of the CA system configuration.
        Throws:
        IOException - If read the ZIP file fails.
        CaMgmtException - if non-IO error occurs.

      • listCertificates

        List<CertListInfo> listCertificates​(String caName,
                                    org.bouncycastle.asn1.x500.X500Name subjectPattern,
                                    Instant validFrom,
                                    Instant validTo,
                                    CertListOrderBy orderBy,
                                    int numEntries)
                             throws CaMgmtException
        Returns a sorted list of certificate meta information.
        Parameters:
        caName - CA name. Must not be null.
        subjectPattern - Subject pattern. Could be null.
        validFrom - Valid from. Could be null.
        validTo - Valid to. Could be null.
        orderBy - How the result is ordered. Could be null.
        numEntries - Maximal number of entries in the returned list.
        Returns:
        a sorted list of certificate meta information.
        Throws:
        CaMgmtException - if error occurs.

      • getSupportedSignerTypes

        Set<String> getSupportedSignerTypes()
                             throws CaMgmtException
        Retrieves the types of supported signers.
        Returns:
        lower-case types of supported signers, never null.
        Throws:
        CaMgmtException - if error occurs.

      • getSupportedCertprofileTypes

        Set<String> getSupportedCertprofileTypes()
                                  throws CaMgmtException
        Retrieves the types of supported certificate profiles.
        Returns:
        types of supported certificate profiles, never null.
        Throws:
        CaMgmtException - if error occurs.

      • getSupportedPublisherTypes

        Set<String> getSupportedPublisherTypes()
                                throws CaMgmtException
        Retrieves the types of supported publishers.
        Returns:
        lower-case types of supported publishers, never null.
        Throws:
        CaMgmtException - if error occurs.