IKeyRecoveryAuthority (pki-common)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.netscape.certsrv.kra
Interface IKeyRecoveryAuthority

All Superinterfaces:: ISubsystem

public interface IKeyRecoveryAuthority
extends ISubsystem
extends ISubsystem

An interface represents key recovery authority. The key recovery authority is responsibile for archiving and recovering user encryption private keys.

Version:: $Revision: 1295 $, $Date: 2010-09-15 09:42:56 -0700 (Wed, 15 Sep 2010) $

Field Summary
`static java.lang.String`	`ID`
`static java.lang.String`	`PROP_DBS`
`static java.lang.String`	`PROP_HTTP`
`static java.lang.String`	`PROP_KEYDB_INC`
`static java.lang.String`	`PROP_LOGGING`
`static java.lang.String`	`PROP_NAME`
`static java.lang.String`	`PROP_NEW_NICKNAME`
`static java.lang.String`	`PROP_NOTIFY_SUBSTORE`
`static java.lang.String`	`PROP_POLICY`
`static java.lang.String`	`PROP_PROTECTOR`
`static java.lang.String`	`PROP_QUEUE_REQUESTS`
`static java.lang.String`	`PROP_REQ_IN_Q_SUBSTORE`
`static java.lang.String`	`PROP_SHARE`
`static java.lang.String`	`PROP_STORAGE_KEY`
`static java.lang.String`	`PROP_TOKEN`
`static java.lang.String`	`PROP_TRANSPORT_KEY`

Method Summary
`void`	`addAutoRecovery(java.lang.String id, Credential[] creds)` Adds credentials to the given authorizated recovery operation.
`void`	`addEntropy(boolean logflag)` Adds entropy to the token used for supporting server-side keygen Parameters are set in the config file
`void`	`createError(java.lang.String recoveryID, java.lang.String error)` Creates error for a specific recovery operation.
`void`	`createPk12(java.lang.String recoveryID, byte[] pk12)` Creates PKCS12 package in memory.
`java.util.Hashtable`	`createVolatileRequest(RequestId id)` Creates a request object to store attributes that will not be serialized.
`void`	`destroyVolatileRequest(RequestId id)` Destroys the request object.
`java.util.Vector`	`getAppAgents(java.lang.String recoveryID)`
`java.util.Enumeration`	`getAutoRecoveryIDs()` Returns a list of recovery identifiers.
`boolean`	`getAutoRecoveryState()` Returns the current auto recovery state.
`java.lang.String`	`getError(java.lang.String recoveryID)` Retrieves error by recovery identifier.
`org.mozilla.jss.crypto.CryptoToken`	`getKeygenToken()` Returns the token that generates user key pairs for supporting server-side keygen
`IKeyRepository`	`getKeyRepository()` Retrieves the key repository.
`java.lang.String`	`getNewNickName()` Returns the new nickname of the transport certifiate.
`java.lang.String`	`getNickname()` Returns the nickname of the transport certificate.
`int`	`getNoOfRequiredAgents()` Returns the number of required agents.
`byte[]`	`getPk12(java.lang.String recoveryID)` Retrieves PKCS12 package by recovery identifier.
`IPolicyProcessor`	`getPolicyProcessor()` Returns policy processor of the key recovery authority.
`java.lang.String`	`getRecoveryID()` Returns the current recovery identifier.
`IReplicaIDRepository`	`getReplicaRepository()` Retrieves the Replica ID repository.
`IRequestListener`	`getRequestInQListener()` Returns the request listener that listens on the request completion event.
`IRequestQueue`	`getRequestQueue()` Retrieves KRA request repository.
`IStorageKeyUnit`	`getStorageKeyUnit()` Returns the storage key unit that manages the stoarge key.
`org.mozilla.jss.crypto.X509Certificate`	`getTransportCert()` Retrieves the transport certificate.
`ITransportKeyUnit`	`getTransportKeyUnit()` Returns the transport key unit that manages the transport key.
`java.util.Hashtable`	`getVolatileRequest(RequestId id)` Retrieves the request object.
`netscape.security.x509.X500Name`	`getX500Name()` Returns the name of this subsystem.
`void`	`log(int level, java.lang.String msg)` Logs event into key recovery authority logging.
`void`	`removeAutoRecovery(java.lang.String id)` Removes a particular auto recovery operation.
`boolean`	`setAutoRecoveryState(Credential[] cs, boolean on)` Enables the auto recovery state.
`void`	`setNewNickName(java.lang.String name)` Sets the new nickname of the transport certifiate.
`void`	`setNickname(java.lang.String str)` Sets the nickname of the transport certificate.
`void`	`setNoOfRequiredAgents(int number)` Sets the number of required recovery agents

Methods inherited from interface com.netscape.certsrv.base.ISubsystem
`getConfigStore, getId, init, setId, shutdown, startup`

Field Detail

ID

static final java.lang.String ID

See Also:: Constant Field Values

PROP_NAME

static final java.lang.String PROP_NAME

See Also:: Constant Field Values

PROP_HTTP

static final java.lang.String PROP_HTTP

See Also:: Constant Field Values

PROP_POLICY

static final java.lang.String PROP_POLICY

See Also:: Constant Field Values

PROP_DBS

static final java.lang.String PROP_DBS

See Also:: Constant Field Values

PROP_TOKEN

static final java.lang.String PROP_TOKEN

See Also:: Constant Field Values

PROP_SHARE

static final java.lang.String PROP_SHARE

See Also:: Constant Field Values

PROP_PROTECTOR

static final java.lang.String PROP_PROTECTOR

See Also:: Constant Field Values

PROP_LOGGING

static final java.lang.String PROP_LOGGING

See Also:: Constant Field Values

PROP_QUEUE_REQUESTS

static final java.lang.String PROP_QUEUE_REQUESTS

See Also:: Constant Field Values

PROP_STORAGE_KEY

static final java.lang.String PROP_STORAGE_KEY

See Also:: Constant Field Values

PROP_TRANSPORT_KEY

static final java.lang.String PROP_TRANSPORT_KEY

See Also:: Constant Field Values

PROP_NEW_NICKNAME

static final java.lang.String PROP_NEW_NICKNAME

See Also:: Constant Field Values

PROP_KEYDB_INC

static final java.lang.String PROP_KEYDB_INC

See Also:: Constant Field Values

PROP_NOTIFY_SUBSTORE

static final java.lang.String PROP_NOTIFY_SUBSTORE

See Also:: Constant Field Values

PROP_REQ_IN_Q_SUBSTORE

static final java.lang.String PROP_REQ_IN_Q_SUBSTORE

See Also:: Constant Field Values

Method Detail

getX500Name

netscape.security.x509.X500Name getX500Name()

Returns the name of this subsystem.

Returns:: KRA name

getRequestQueue

IRequestQueue getRequestQueue()

Retrieves KRA request repository.

Returns:: request repository

getKeyRepository

IKeyRepository getKeyRepository()

Retrieves the key repository. The key repository stores archived keys.

getReplicaRepository

IReplicaIDRepository getReplicaRepository()

Retrieves the Replica ID repository.

Returns:: KRA's Replica ID repository

setAutoRecoveryState

boolean setAutoRecoveryState(Credential[] cs,
                             boolean on)

Enables the auto recovery state. Once KRA is in the auto recovery state, no recovery agents need to be present for providing credentials. This feature is for enabling user-based recovery operation.

Parameters:: cs - list of agent credentials; on - true if auto recovery state is on
Returns:: current auto recovery state

getAutoRecoveryState

boolean getAutoRecoveryState()

Returns the current auto recovery state.

Returns:: true if auto recvoery state is on

addAutoRecovery

void addAutoRecovery(java.lang.String id,
                     Credential[] creds)

Adds credentials to the given authorizated recovery operation. In distributed recovery mode, recovery agent login to the agent interface and submit its credential for a particular recovery operation.

Parameters:: id - authorization identifier; creds - list of credentials

removeAutoRecovery

void removeAutoRecovery(java.lang.String id)

Removes a particular auto recovery operation.

Parameters:: id - authorization identifier

getNoOfRequiredAgents

int getNoOfRequiredAgents()
                          throws EBaseException

Returns the number of required agents. In M-out-of-N recovery schema, only M agents are required even there are N agents. This method returns M.

Returns:: number of required agents
Throws:: EBaseException

setNoOfRequiredAgents

void setNoOfRequiredAgents(int number)
                           throws EBaseException

Sets the number of required recovery agents

Parameters:: number - number of agents
Throws:: EBaseException

getRecoveryID

java.lang.String getRecoveryID()

Returns the current recovery identifier.

Returns:: recovery identifier

getAutoRecoveryIDs

java.util.Enumeration getAutoRecoveryIDs()

Returns a list of recovery identifiers.

Returns:: list of auto recovery identifiers

getStorageKeyUnit

IStorageKeyUnit getStorageKeyUnit()

Returns the storage key unit that manages the stoarge key.

Returns:: storage key unit

getTransportKeyUnit

ITransportKeyUnit getTransportKeyUnit()

Returns the transport key unit that manages the transport key.

Returns:: transport key unit

getKeygenToken

org.mozilla.jss.crypto.CryptoToken getKeygenToken()

Returns the token that generates user key pairs for supporting server-side keygen

Returns:: keygen token

addEntropy

void addEntropy(boolean logflag)

Adds entropy to the token used for supporting server-side keygen Parameters are set in the config file

Parameters:: logflag - create log messages at info level to report entropy shortage

getRequestInQListener

IRequestListener getRequestInQListener()

Returns the request listener that listens on the request completion event.

Returns:: request listener

getPolicyProcessor

IPolicyProcessor getPolicyProcessor()

Returns policy processor of the key recovery authority.

Returns:: policy processor

getNickname

java.lang.String getNickname()

Returns the nickname of the transport certificate.

Returns:: transport certificate nickname.

setNickname

void setNickname(java.lang.String str)

Sets the nickname of the transport certificate.

Parameters:: str - nickname

getNewNickName

java.lang.String getNewNickName()
                                throws EBaseException

Returns the new nickname of the transport certifiate.

Returns:: new nickname
Throws:: EBaseException

setNewNickName

void setNewNickName(java.lang.String name)

Sets the new nickname of the transport certifiate.

Parameters:: name - new nickname

log

void log(int level,
         java.lang.String msg)

Logs event into key recovery authority logging.

Parameters:: level - log level; msg - log message

createVolatileRequest

java.util.Hashtable createVolatileRequest(RequestId id)

Creates a request object to store attributes that will not be serialized. Currently, request queue framework will try to serialize all the attribute into persistent storage. Things like passwords are not desirable to be stored.

Parameters:: id - request id
Returns:: volatile requests

getVolatileRequest

java.util.Hashtable getVolatileRequest(RequestId id)

Retrieves the request object.

Parameters:: id - request id
Returns:: volatile requests

destroyVolatileRequest

void destroyVolatileRequest(RequestId id)

Destroys the request object.

Parameters:: id - request id

getAppAgents

java.util.Vector getAppAgents(java.lang.String recoveryID)
                              throws EBaseException

Throws:: EBaseException

createError

void createError(java.lang.String recoveryID,
                 java.lang.String error)
                 throws EBaseException

Creates error for a specific recovery operation.

Parameters:: recoveryID - recovery id; error - error
Throws:: EBaseException - failed to create error

getError

java.lang.String getError(java.lang.String recoveryID)
                          throws EBaseException

Retrieves error by recovery identifier.

Parameters:: recoveryID - recovery id
Returns:: error message
Throws:: EBaseException

getPk12

byte[] getPk12(java.lang.String recoveryID)
               throws EBaseException

Retrieves PKCS12 package by recovery identifier.

Parameters:: recoveryID - recovery id
Returns:: pkcs12 package in bytes
Throws:: EBaseException

createPk12

void createPk12(java.lang.String recoveryID,
                byte[] pk12)
                throws EBaseException

Creates PKCS12 package in memory.

Parameters:: recoveryID - recovery id; pk12 - package in bytes
Throws:: EBaseException

getTransportCert

org.mozilla.jss.crypto.X509Certificate getTransportCert()

Retrieves the transport certificate.