Package org.xipki.ca.api.mgmt

Interface CaManager

  • public interface CaManager
    Interface to manage the CA system.
    Since:
    2.0.0
    Author:
    Lijun Liao (xipki)

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static int MAX_SERIALNUMBER_SIZE
      Since serial number should be positive and maximal 20 bytes.
      static int MIN_SERIALNUMBER_SIZE
      Although it is possible to configure it to 1, it is recommended to set it to at least 9.
      static java.lang.String NULL  

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      void addCa​(CaEntry caEntry)
      Adds a CA.
      void addCaAlias​(java.lang.String aliasName, java.lang.String caName)
      Adds the alias aliasName to the given CA caName.
      void addCertprofile​(CertprofileEntry certprofileEntry)
      Adds a certificate profile.
      void addCertprofileToCa​(java.lang.String profileNameAliases, java.lang.String caName)
      Add the certificate profile profileName the CA caName.
      void addDbSchema​(java.lang.String name, java.lang.String value)  
      void addKeypairGen​(KeypairGenEntry keypairGenEntry)
      Adds a keypair generation entry.
      void addPublisher​(PublisherEntry entry)
      Adds a publisher.
      void addPublisherToCa​(java.lang.String publisherName, java.lang.String caName)
      Adds publisher publisherName to CA caName.
      void addRequestor​(RequestorEntry requestorEntry)
      Adds requstor.
      void addRequestorToCa​(CaHasRequestorEntry requestor, java.lang.String caName)
      Adds the requestor requestorName to the CA caName.
      void addSigner​(SignerEntry signerEntry)
      Adds a signer.
      void changeCa​(ChangeCaEntry changeCaEntry)
      Changes a CA.
      void changeCertprofile​(java.lang.String name, java.lang.String type, java.lang.String conf)
      Changes the certificate profile name.
      void changeDbSchema​(java.lang.String name, java.lang.String value)  
      void changeKeypairGen​(java.lang.String name, java.lang.String type, java.lang.String conf)
      Changes the keypair generation entry name.
      void changePublisher​(java.lang.String name, java.lang.String type, java.lang.String conf)
      Changes the publisher name.
      void changeRequestor​(java.lang.String name, java.lang.String type, java.lang.String conf)
      Changes the requestor name of type CERTIFCATE.
      void changeSigner​(java.lang.String name, java.lang.String type, java.lang.String conf, java.lang.String base64Cert)
      Changes the signer name.
      java.io.InputStream exportConf​(java.util.List<java.lang.String> caNames)
      Exports the CA system configuration to a zip-stream.
      org.xipki.security.X509Cert generateCertificate​(java.lang.String caName, java.lang.String profileName, byte[] encodedCsr, java.time.Instant notBefore, java.time.Instant notAfter)
      CA caName issues a new certificate.
      org.bouncycastle.cert.X509CRLHolder generateCrlOnDemand​(java.lang.String caName)
      Generates a new CRL for CA caName.
      org.xipki.security.X509Cert generateCrossCertificate​(java.lang.String caName, java.lang.String profileName, byte[] encodedCsr, byte[] encodedTargetCert, java.time.Instant notBefore, java.time.Instant notAfter)
      CA caName issues a new certificate.
      org.xipki.security.KeyCertBytesPair generateKeyCert​(java.lang.String caName, java.lang.String profileName, java.lang.String subject, java.time.Instant notBefore, java.time.Instant notAfter)
      CA caName issues a new certificate.
      org.xipki.security.X509Cert generateRootCa​(CaEntry caEntry, java.lang.String certprofileName, java.lang.String subject, java.lang.String serialNumber, java.time.Instant notBefore, java.time.Instant notAfter)
      Generates a self-signed CA certificate.
      java.util.Set<java.lang.String> getAliasesForCa​(java.lang.String caName)
      Gets the aliases of the given CA caName.
      CaEntry getCa​(java.lang.String caName)
      Gets the CA named caName.
      java.util.Set<java.lang.String> getCaAliasNames()  
      java.lang.String getCaNameForAlias​(java.lang.String aliasName)
      Gets the CA name for the alias aliasName.
      java.util.Set<java.lang.String> getCaNames()  
      CaSystemStatus getCaSystemStatus()  
      CertWithRevocationInfo getCert​(java.lang.String caName, java.math.BigInteger serialNumber)
      Returns certificate with status information for the CA caName and with serial number serialNumber.
      CertWithRevocationInfo getCert​(org.bouncycastle.asn1.x500.X500Name issuer, java.math.BigInteger serialNumber)
      Returns certificate with revocation information for the issuer and with serial number serialNumber.
      CertprofileEntry getCertprofile​(java.lang.String profileName)
      Returns the certificate profile named profileName.
      java.util.Set<java.lang.String> getCertprofileNames()  
      java.util.Set<CaProfileEntry> getCertprofilesForCa​(java.lang.String caName)
      Returns the Certprofile names supported by the CA caName.
      org.bouncycastle.cert.X509CRLHolder getCrl​(java.lang.String caName, java.math.BigInteger crlNumber)
      Returns the CRL of CA caName with the CRL number crlNumber.
      org.bouncycastle.cert.X509CRLHolder getCurrentCrl​(java.lang.String caName)
      Returns the latest CRL of CA caName.
      java.util.Map<java.lang.String,​java.lang.String> getDbSchemas()  
      java.util.Set<java.lang.String> getFailedCaNames()  
      java.util.Set<java.lang.String> getInactiveCaNames()  
      KeypairGenEntry getKeypairGen​(java.lang.String name)
      Returns the keypair generation entry named profileName.
      java.util.Set<java.lang.String> getKeypairGenNames()  
      PublisherEntry getPublisher​(java.lang.String publisherName)
      Returns the publisher.
      java.util.Set<java.lang.String> getPublisherNames()  
      java.util.List<PublisherEntry> getPublishersForCa​(java.lang.String caName)
      Returns publishers for the CA caName.
      RequestorEntry getRequestor​(java.lang.String name)
      Returns the requestor named name.
      java.util.Set<java.lang.String> getRequestorNames()  
      java.util.Set<CaHasRequestorEntry> getRequestorsForCa​(java.lang.String caName)
      Returns the Requests supported by the CA caName.
      SignerEntry getSigner​(java.lang.String name)
      Returns the signer named name.
      java.util.Set<java.lang.String> getSignerNames()  
      java.util.Set<java.lang.String> getSuccessfulCaNames()  
      java.util.Set<java.lang.String> getSupportedCertprofileTypes()
      Retrieves the types of supported certificate profiles.
      java.util.Set<java.lang.String> getSupportedPublisherTypes()
      Retrieves the types of supported publishers.
      java.util.Set<java.lang.String> getSupportedSignerTypes()
      Retrieves the types of supported signers.
      java.lang.String getTokenInfoP11​(java.lang.String moduleName, java.lang.Integer slotIndex, boolean verbose)  
      java.util.List<CertListInfo> listCertificates​(java.lang.String caName, org.bouncycastle.asn1.x500.X500Name subjectPattern, java.time.Instant validFrom, java.time.Instant validTo, CertListOrderBy orderBy, int numEntries)
      Returns a sorted list of certificate meta information.
      java.util.Map<java.lang.String,​org.xipki.security.X509Cert> loadConf​(byte[] zippedConfBytes)
      Loads the CA system configuration.
      java.util.Map<java.lang.String,​org.xipki.security.X509Cert> loadConfAndClose​(java.io.InputStream zippedConfStream)
      Loads the CA system configuration.
      void notifyCaChange()  
      void removeCa​(java.lang.String caName)
      Removes the CA caName from the system.
      void removeCaAlias​(java.lang.String aliasName)
      Remove the alias aliasName.
      void removeCertificate​(java.lang.String caName, java.math.BigInteger serialNumber)
      Removes a certificate with the serial number serialNumber, and issued by the CA caName.
      void removeCertprofile​(java.lang.String profileName)
      Removes the certificate profile profileName.
      void removeCertprofileFromCa​(java.lang.String profileName, java.lang.String caName)
      Removes the support of the certprofile profileName from the CA caName.
      void removeDbSchema​(java.lang.String name)  
      void removeKeypairGen​(java.lang.String name)
      Removes the keypair generation entry name.
      void removePublisher​(java.lang.String publisherName)
      Removes the publisher publisherName.
      void removePublisherFromCa​(java.lang.String publisherName, java.lang.String caName)
      Removes publisher publisherName from the CA caName.
      void removeRequestor​(java.lang.String requestorName)
      Removes requestor named requestorName.
      void removeRequestorFromCa​(java.lang.String requestorName, java.lang.String caName)
      Removes the requestor requestorName from the CA caName.
      void removeSigner​(java.lang.String name)
      Removes the signer named name.
      void republishCertificates​(java.lang.String caName, java.util.List<java.lang.String> publisherNames, int numThreads)
      Republishes certificates of the CA caName to the publishers publisherNames.
      void restartCa​(java.lang.String caName)
      Restart the given CA.
      void restartCaSystem()
      Restart the whole CA system.
      void revokeCa​(java.lang.String caName, org.xipki.security.CertRevocationInfo revocationInfo)
      Revokes the CA caName.
      void revokeCertificate​(java.lang.String caName, java.math.BigInteger serialNumber, org.xipki.security.CrlReason reason, java.time.Instant invalidityTime)
      Revokes a certificate with the serial number serialNumber, and issued by the CA caName.
      void unlockCa()  
      void unrevokeCa​(java.lang.String caName)
      Unrevokes the CA caName.
      void unsuspendCertificate​(java.lang.String caName, java.math.BigInteger serialNumber)
      Unrevokes a certificate with the serial number serialNumber, and issued by the CA caName.

    • Field Detail

      • MIN_SERIALNUMBER_SIZE

        static final int MIN_SERIALNUMBER_SIZE
        Although it is possible to configure it to 1, it is recommended to set it to at least 9. At least 64 bit entropy is required. Since the highest bit is set to 0, at least 9 bytes is recommended.
        See Also:
        Constant Field Values

      • MAX_SERIALNUMBER_SIZE

        static final int MAX_SERIALNUMBER_SIZE
        Since serial number should be positive and maximal 20 bytes.
        See Also:
        Constant Field Values

    • Method Detail

      • republishCertificates

        void republishCertificates​(java.lang.String caName,
                           java.util.List<java.lang.String> publisherNames,
                           int numThreads)
                    throws CaMgmtException
        Republishes certificates of the CA caName to the publishers publisherNames.
        Parameters:
        caName - CA name. Could be null.
        publisherNames - Publisher names. Could be null.
        numThreads - Number of threads
        Throws:
        CaMgmtException - if error occurs.

      • removeCa

        void removeCa​(java.lang.String caName)
       throws CaMgmtException
        Removes the CA caName from the system.
        Parameters:
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • restartCa

        void restartCa​(java.lang.String caName)
        throws CaMgmtException
        Restart the given CA.
        Parameters:
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • addCaAlias

        void addCaAlias​(java.lang.String aliasName,
                java.lang.String caName)
         throws CaMgmtException
        Adds the alias aliasName to the given CA caName.
        Parameters:
        aliasName - CA alias name. Must not be null.
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • removeCaAlias

        void removeCaAlias​(java.lang.String aliasName)
            throws CaMgmtException
        Remove the alias aliasName.
        Parameters:
        aliasName - Alias name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • getAliasesForCa

        java.util.Set<java.lang.String> getAliasesForCa​(java.lang.String caName)
                                         throws CaMgmtException
        Gets the aliases of the given CA caName.
        Parameters:
        caName - CA name. Must not be null.
        Returns:
        the aliases of the given CA.
        Throws:
        CaMgmtException - if error occurs.

      • getCaNameForAlias

        java.lang.String getCaNameForAlias​(java.lang.String aliasName)
                            throws CaMgmtException
        Gets the CA name for the alias aliasName.
        Parameters:
        aliasName - CA alias name. Must not be null.
        Returns:
        the aliases of the given CA.
        Throws:
        CaMgmtException - if error occurs.

      • getCa

        CaEntry getCa​(java.lang.String caName)
       throws CaMgmtException
        Gets the CA named caName.
        Parameters:
        caName - CA name. Must not be null.
        Returns:
        the CaEntry
        Throws:
        CaMgmtException - if error occurs.

      • removeCertprofileFromCa

        void removeCertprofileFromCa​(java.lang.String profileName,
                             java.lang.String caName)
                      throws CaMgmtException
        Removes the support of the certprofile profileName from the CA caName.
        Parameters:
        profileName - Profile name. Must not be null.
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • addCertprofileToCa

        void addCertprofileToCa​(java.lang.String profileNameAliases,
                        java.lang.String caName)
                 throws CaMgmtException
        Add the certificate profile profileName the CA caName.
        Parameters:
        profileNameAliases - Profile name and aliases. Must not be null.
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • removePublisherFromCa

        void removePublisherFromCa​(java.lang.String publisherName,
                           java.lang.String caName)
                    throws CaMgmtException
        Removes publisher publisherName from the CA caName.
        Parameters:
        publisherName - Publisher name. Must not be null.
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • addPublisherToCa

        void addPublisherToCa​(java.lang.String publisherName,
                      java.lang.String caName)
               throws CaMgmtException
        Adds publisher publisherName to CA caName.
        Parameters:
        publisherName - Publisher name. Must not be null.
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • getCertprofilesForCa

        java.util.Set<CaProfileEntry> getCertprofilesForCa​(java.lang.String caName)
                                            throws CaMgmtException
        Returns the Certprofile names supported by the CA caName.
        Parameters:
        caName - CA name. Must not be null.
        Returns:
        set of certprofiles name and their associated aliases.
        Throws:
        CaMgmtException - if error occurs.

      • getRequestorsForCa

        java.util.Set<CaHasRequestorEntry> getRequestorsForCa​(java.lang.String caName)
                                               throws CaMgmtException
        Returns the Requests supported by the CA caName.
        Parameters:
        caName - CA name. Must not be null.
        Returns:
        the requestors.
        Throws:
        CaMgmtException - if error occurs.

      • getRequestor

        RequestorEntry getRequestor​(java.lang.String name)
                     throws CaMgmtException
        Returns the requestor named name.
        Parameters:
        name - Requestor name. Must not be null.
        Returns:
        the requestor.
        Throws:
        CaMgmtException - if error occurs.

      • removeRequestor

        void removeRequestor​(java.lang.String requestorName)
              throws CaMgmtException
        Removes requestor named requestorName.
        Parameters:
        requestorName - Requestor name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • changeRequestor

        void changeRequestor​(java.lang.String name,
                     java.lang.String type,
                     java.lang.String conf)
              throws CaMgmtException
        Changes the requestor name of type CERTIFCATE.
        Parameters:
        name - name of the certificate profile to be changed. Must not be null.
        type - Type to be changed. null indicates no change.
        conf - Configuration to be changed. null indicates no change.
        Throws:
        CaMgmtException - if error occurs.

      • removeRequestorFromCa

        void removeRequestorFromCa​(java.lang.String requestorName,
                           java.lang.String caName)
                    throws CaMgmtException
        Removes the requestor requestorName from the CA caName.
        Parameters:
        requestorName - Requestor name. Must not be null.
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • addRequestorToCa

        void addRequestorToCa​(CaHasRequestorEntry requestor,
                      java.lang.String caName)
               throws CaMgmtException
        Adds the requestor requestorName to the CA caName.
        Parameters:
        requestor - Requestor name. Must not be null.
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • getCertprofile

        CertprofileEntry getCertprofile​(java.lang.String profileName)
                         throws CaMgmtException
        Returns the certificate profile named profileName.
        Parameters:
        profileName - certificate profile name. Must not be null.
        Returns:
        the profile
        Throws:
        CaMgmtException - if error occurs.

      • removeCertprofile

        void removeCertprofile​(java.lang.String profileName)
                throws CaMgmtException
        Removes the certificate profile profileName.
        Parameters:
        profileName - certificate profile name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • changeCertprofile

        void changeCertprofile​(java.lang.String name,
                       java.lang.String type,
                       java.lang.String conf)
                throws CaMgmtException
        Changes the certificate profile name.
        Parameters:
        name - name of the certificate profile to be changed. Must not be null.
        type - Type to be changed. null indicates no change.
        conf - Configuration to be changed. null indicates no change.
        Throws:
        CaMgmtException - if error occurs.

      • addCertprofile

        void addCertprofile​(CertprofileEntry certprofileEntry)
             throws CaMgmtException
        Adds a certificate profile.
        Parameters:
        certprofileEntry - Certificate profile entry. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • getKeypairGen

        KeypairGenEntry getKeypairGen​(java.lang.String name)
                       throws CaMgmtException
        Returns the keypair generation entry named profileName.
        Parameters:
        name - keypair generation name. Must not be null.
        Returns:
        the keypair generation entry
        Throws:
        CaMgmtException - if error occurs.

      • removeKeypairGen

        void removeKeypairGen​(java.lang.String name)
               throws CaMgmtException
        Removes the keypair generation entry name.
        Parameters:
        name - keypair generation name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • changeKeypairGen

        void changeKeypairGen​(java.lang.String name,
                      java.lang.String type,
                      java.lang.String conf)
               throws CaMgmtException
        Changes the keypair generation entry name.
        Parameters:
        name - name of the keypair generation entry to be changed. Must not be null.
        type - Type to be changed. null indicates no change.
        conf - Configuration to be changed. null indicates no change.
        Throws:
        CaMgmtException - if error occurs.

      • addKeypairGen

        void addKeypairGen​(KeypairGenEntry keypairGenEntry)
            throws CaMgmtException
        Adds a keypair generation entry.
        Parameters:
        keypairGenEntry - Keypair generation entry. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • removeSigner

        void removeSigner​(java.lang.String name)
           throws CaMgmtException
        Removes the signer named name.
        Parameters:
        name - Signer name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • getSigner

        SignerEntry getSigner​(java.lang.String name)
               throws CaMgmtException
        Returns the signer named name.
        Parameters:
        name - Signer name. Must not be null.
        Returns:
        the signer.
        Throws:
        CaMgmtException - if error occurs.

      • changeSigner

        void changeSigner​(java.lang.String name,
                  java.lang.String type,
                  java.lang.String conf,
                  java.lang.String base64Cert)
           throws CaMgmtException
        Changes the signer name.
        Parameters:
        name - name of the signer to be changed. Must not be null.
        type - Type to be changed. null indicates no change.
        conf - Configuration to be changed. null indicates no change.
        base64Cert - Base64 encoded certificate of the signer. null indicates no change.
        Throws:
        CaMgmtException - if error occurs.

      • getPublishersForCa

        java.util.List<PublisherEntry> getPublishersForCa​(java.lang.String caName)
                                           throws CaMgmtException
        Returns publishers for the CA caName.
        Parameters:
        caName - CA name. Must not be null.
        Returns:
        publishers for the given CA.
        Throws:
        CaMgmtException - if error occurs.

      • getPublisher

        PublisherEntry getPublisher​(java.lang.String publisherName)
                     throws CaMgmtException
        Returns the publisher.
        Parameters:
        publisherName - Publisher name. Must not be null.
        Returns:
        the publisher.
        Throws:
        CaMgmtException - if error occurs.

      • removePublisher

        void removePublisher​(java.lang.String publisherName)
              throws CaMgmtException
        Removes the publisher publisherName.
        Parameters:
        publisherName - Publisher name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • changePublisher

        void changePublisher​(java.lang.String name,
                     java.lang.String type,
                     java.lang.String conf)
              throws CaMgmtException
        Changes the publisher name.
        Parameters:
        name - name of the publisher to be changed. Must not be null.
        type - Type to be changed. null indicates no change.
        conf - Configuration to be changed. null indicates no change.
        Throws:
        CaMgmtException - if error occurs.

      • revokeCa

        void revokeCa​(java.lang.String caName,
              org.xipki.security.CertRevocationInfo revocationInfo)
       throws CaMgmtException
        Revokes the CA caName.
        Parameters:
        caName - CA name. Must not be null.
        revocationInfo - Revocation information. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • unrevokeCa

        void unrevokeCa​(java.lang.String caName)
         throws CaMgmtException
        Unrevokes the CA caName.
        Parameters:
        caName - CA name. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • revokeCertificate

        void revokeCertificate​(java.lang.String caName,
                       java.math.BigInteger serialNumber,
                       org.xipki.security.CrlReason reason,
                       java.time.Instant invalidityTime)
                throws CaMgmtException
        Revokes a certificate with the serial number serialNumber, and issued by the CA caName.
        Parameters:
        caName - CA name. Must not be null.
        serialNumber - Serial number. Must not be null.
        reason - Revocation reason. Must not be null.
        invalidityTime - Invalidity time. Could be null.
        Throws:
        CaMgmtException - if error occurs.

      • unsuspendCertificate

        void unsuspendCertificate​(java.lang.String caName,
                          java.math.BigInteger serialNumber)
                   throws CaMgmtException
        Unrevokes a certificate with the serial number serialNumber, and issued by the CA caName.
        Parameters:
        caName - CA name. Must not be null.
        serialNumber - Serial number. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • removeCertificate

        void removeCertificate​(java.lang.String caName,
                       java.math.BigInteger serialNumber)
                throws CaMgmtException
        Removes a certificate with the serial number serialNumber, and issued by the CA caName.
        Parameters:
        caName - CA name. Must not be null.
        serialNumber - Serial number. Must not be null.
        Throws:
        CaMgmtException - if error occurs.

      • generateCertificate

        org.xipki.security.X509Cert generateCertificate​(java.lang.String caName,
                                                java.lang.String profileName,
                                                byte[] encodedCsr,
                                                java.time.Instant notBefore,
                                                java.time.Instant notAfter)
                                         throws CaMgmtException
        CA caName issues a new certificate.
        Parameters:
        caName - CA name. Must not be null.
        profileName - Name of the certificate profile. Must not be null.
        encodedCsr - CSR. Must not be null.
        notBefore - NotBefore. Could be null.
        notAfter - NotAfter. Could be null.
        Returns:
        the issued certificate
        Throws:
        CaMgmtException - if error occurs.

      • generateKeyCert

        org.xipki.security.KeyCertBytesPair generateKeyCert​(java.lang.String caName,
                                                    java.lang.String profileName,
                                                    java.lang.String subject,
                                                    java.time.Instant notBefore,
                                                    java.time.Instant notAfter)
                                             throws CaMgmtException
        CA caName issues a new certificate.
        Parameters:
        caName - CA name. Must not be null.
        profileName - Name of the certificate profile. Must not be null.
        subject - Subject. Must not be null.
        notBefore - NotBefore. Could be null.
        notAfter - NotAfter. Could be null.
        Returns:
        the generated key and issued certificate
        Throws:
        CaMgmtException - if error occurs.

      • generateCrossCertificate

        org.xipki.security.X509Cert generateCrossCertificate​(java.lang.String caName,
                                                     java.lang.String profileName,
                                                     byte[] encodedCsr,
                                                     byte[] encodedTargetCert,
                                                     java.time.Instant notBefore,
                                                     java.time.Instant notAfter)
                                              throws CaMgmtException
        CA caName issues a new certificate.
        Parameters:
        caName - CA name. Must not be null.
        profileName - Name of the certificate profile. Must not be null.
        encodedCsr - CSR. Must not be null.
        encodedTargetCert - certificate file, for which the cross certificate will be generated. There shall be not different in subject and public key between #encodedCsr and #encodedCert.
        notBefore - NotBefore.
        notAfter - NotAfter
        Returns:
        the issued certificate
        Throws:
        CaMgmtException - if error occurs.

      • generateRootCa

        org.xipki.security.X509Cert generateRootCa​(CaEntry caEntry,
                                           java.lang.String certprofileName,
                                           java.lang.String subject,
                                           java.lang.String serialNumber,
                                           java.time.Instant notBefore,
                                           java.time.Instant notAfter)
                                    throws CaMgmtException
        Generates a self-signed CA certificate.
        Parameters:
        caEntry - CA entry. Must not be null.
        certprofileName - Profile name of the root CA certificate. Must not be null.
        subject - Subject. Must not be null.
        serialNumber - Serial number. null: lets CA choose the serial number; fixed serialnumber: decimal or heximal (beginning with 0x) number; RANDOM:<size in bytes> random number with given length.
        notBefore - NotBefore.
        notAfter - NotAfter
        Returns:
        the generated certificate
        Throws:
        CaMgmtException - if error occurs.

      • generateCrlOnDemand

        org.bouncycastle.cert.X509CRLHolder generateCrlOnDemand​(java.lang.String caName)
                                                 throws CaMgmtException
        Generates a new CRL for CA caName.
        Parameters:
        caName - CA name. Must not be null.
        Returns:
        the generated CRL.
        Throws:
        CaMgmtException - if error occurs.

      • getCrl

        org.bouncycastle.cert.X509CRLHolder getCrl​(java.lang.String caName,
                                           java.math.BigInteger crlNumber)
                                    throws CaMgmtException
        Returns the CRL of CA caName with the CRL number crlNumber.
        Parameters:
        caName - CA name. Must not be null.
        crlNumber - CRL number. Must not be null.
        Returns:
        the CRL.
        Throws:
        CaMgmtException - if error occurs.

      • getCurrentCrl

        org.bouncycastle.cert.X509CRLHolder getCurrentCrl​(java.lang.String caName)
                                           throws CaMgmtException
        Returns the latest CRL of CA caName.
        Parameters:
        caName - CA name. Must not be null.
        Returns:
        the CRL.
        Throws:
        CaMgmtException - if error occurs.

      • getCert

        CertWithRevocationInfo getCert​(java.lang.String caName,
                               java.math.BigInteger serialNumber)
                        throws CaMgmtException
        Returns certificate with status information for the CA caName and with serial number serialNumber.
        Parameters:
        caName - CA name. Must not be null.
        serialNumber - Serial number. Must not be null.
        Returns:
        the certificate with status information.
        Throws:
        CaMgmtException - if error occurs.

      • getCert

        CertWithRevocationInfo getCert​(org.bouncycastle.asn1.x500.X500Name issuer,
                               java.math.BigInteger serialNumber)
                        throws CaMgmtException
        Returns certificate with revocation information for the issuer and with serial number serialNumber.
        Parameters:
        issuer - Issuer of the certificate. Must not be null.
        serialNumber - Serial number. Must not be null.
        Returns:
        the certificate with status information.
        Throws:
        CaMgmtException - if error occurs.

      • loadConf

        java.util.Map<java.lang.String,​org.xipki.security.X509Cert> loadConf​(byte[] zippedConfBytes)
                                                                    throws CaMgmtException,
                                                                           java.io.IOException
        Loads the CA system configuration. The specified stream is closed after this method call.
        Parameters:
        zippedConfBytes - Byte array of the zipped Configuration the CA system. Must not be null.
        Returns:
        map of generated root certificates, if newly generated. The key is the CA name.
        Throws:
        java.io.IOException - If read the ZIP stream fails.
        CaMgmtException - if other error occurs.

      • loadConfAndClose

        java.util.Map<java.lang.String,​org.xipki.security.X509Cert> loadConfAndClose​(java.io.InputStream zippedConfStream)
                                                                            throws CaMgmtException,
                                                                                   java.io.IOException
        Loads the CA system configuration. The specified stream is closeds after this method call.
        Parameters:
        zippedConfStream - Inputstream of the zipped Configuration the CA system. Must not be null.
        Returns:
        map of generated root certificates, if newly generated. The key is the CA name.
        Throws:
        java.io.IOException - If read the ZIP stream fails.
        CaMgmtException - if other error occurs.

      • exportConf

        java.io.InputStream exportConf​(java.util.List<java.lang.String> caNames)
                        throws CaMgmtException,
                               java.io.IOException
        Exports the CA system configuration to a zip-stream.
        Parameters:
        caNames - List of the names of CAs to be exported. null to export all CAs.
        Returns:
        ZIP stream of the CA system configuration.
        Throws:
        java.io.IOException - If read the ZIP file fails.
        CaMgmtException - if non-IO error occurs.

      • listCertificates

        java.util.List<CertListInfo> listCertificates​(java.lang.String caName,
                                              org.bouncycastle.asn1.x500.X500Name subjectPattern,
                                              java.time.Instant validFrom,
                                              java.time.Instant validTo,
                                              CertListOrderBy orderBy,
                                              int numEntries)
                                       throws CaMgmtException
        Returns a sorted list of certificate meta information.
        Parameters:
        caName - CA name. Must not be null.
        subjectPattern - Subject pattern. Could be null.
        validFrom - Valid from. Could be null.
        validTo - Valid to. Could be null.
        orderBy - How the result is ordered. Could be null.
        numEntries - Maximal number of entries in the returned list.
        Returns:
        a sorted list of certificate meta information.
        Throws:
        CaMgmtException - if error occurs.

      • getSupportedSignerTypes

        java.util.Set<java.lang.String> getSupportedSignerTypes()
                                                 throws CaMgmtException
        Retrieves the types of supported signers.
        Returns:
        lower-case types of supported signers, never null.
        Throws:
        CaMgmtException - if error occurs.

      • getSupportedCertprofileTypes

        java.util.Set<java.lang.String> getSupportedCertprofileTypes()
                                                      throws CaMgmtException
        Retrieves the types of supported certificate profiles.
        Returns:
        types of supported certificate profiles, never null.
        Throws:
        CaMgmtException - if error occurs.

      • getSupportedPublisherTypes

        java.util.Set<java.lang.String> getSupportedPublisherTypes()
                                                    throws CaMgmtException
        Retrieves the types of supported publishers.
        Returns:
        lower-case types of supported publishers, never null.
        Throws:
        CaMgmtException - if error occurs.

      • getTokenInfoP11

        java.lang.String getTokenInfoP11​(java.lang.String moduleName,
                                 java.lang.Integer slotIndex,
                                 boolean verbose)
                          throws CaMgmtException
        Throws:
        CaMgmtException