001    /**
002     *
003     *  Licensed to the Apache Software Foundation (ASF) under one or more
004     *  contributor license agreements.  See the NOTICE file distributed with
005     *  this work for additional information regarding copyright ownership.
006     *  The ASF licenses this file to You under the Apache License, Version 2.0
007     *  (the "License"); you may not use this file except in compliance with
008     *  the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     *  Unless required by applicable law or agreed to in writing, software
013     *  distributed under the License is distributed on an "AS IS" BASIS,
014     *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015     *  See the License for the specific language governing permissions and
016     *  limitations under the License.
017     */
018    package org.apache.geronimo.management.geronimo;
019    
020    import java.math.BigInteger;
021    import java.security.PublicKey;
022    import java.security.cert.Certificate;
023    import java.util.Date;
024    
025    import javax.security.auth.x500.X500Principal;
026    
027    import org.apache.geronimo.management.geronimo.CertificationAuthorityException;
028    
029    /**
030     * Management interface for dealing with a specific CertificationAuthority.
031     *
032     * @version $Rev: 706640 $ $Date: 2008-10-21 14:44:05 +0000 (Tue, 21 Oct 2008) $
033     */
034    public interface CertificationAuthority {
035    
036        /**
037         * This method checks if the CA is locked.
038         * @return true if CA is locked, false otherwise.
039         */
040        public abstract boolean isLocked();
041    
042        /**
043         * This method locks the CA.
044         */
045        public abstract void lock();
046    
047        /**
048         * This method unlocks the CA.
049         * @param password Password to unlock the CA.
050         */
051        public abstract void unlock(char[] password) throws CertificationAuthorityException;
052    
053        /**
054         * This method returns CA's name.
055         * @throws Exception if CA is locked.
056         */
057        public abstract X500Principal getName() throws CertificationAuthorityException;
058    
059        /**
060         * This method returns CA's own certificate.
061         * @throws Exception if CA is locked.
062         */
063        public abstract Certificate getCertificate() throws CertificationAuthorityException;
064    
065        /**
066         * This method makes the CA issue a self-signed certificate with given details.  This method is usually
067         * called while initializing the CA.
068         * 
069         * @param sNo Serial number for self-signed certificate
070         * @param validFromDate Certificate validity period start date
071         * @param validToDate Certificate validity period end date
072         * @param algorithm Signature algorithm for self-signed certificate
073         */
074        public abstract void issueOwnCertificate(BigInteger sNo, Date validFromDate, Date validToDate, String algorithm) throws CertificationAuthorityException;
075    
076        /**
077         * This method issues a certificate.
078         * 
079         * @param subject Subject name
080         * @param publicKey Subject's public key 
081         * @param sNo Serial number for the certificate to be issued
082         * @param validFromDate Certificate validity period start date
083         * @param validToDate Certificate validity period end date
084         * @param algorithm Signature algorithm for the certificate
085         * @return newly issued certificate
086         */
087        public abstract Certificate issueCertificate(X500Principal subject, PublicKey publicKey, BigInteger sNo, Date validFromDate, Date validToDate, String algorithm) throws CertificationAuthorityException;
088    
089        /**
090         * This method returns the highest serial number used by the CA.
091         */
092        public abstract BigInteger getHighestSerialNumber() throws CertificationAuthorityException;
093    
094        /**
095         * This method checks if a Certificate with a given serial number is already issued.
096         * @param sNo The serial number of the the certificate to be looked for
097         * @return true if a certificate with the specified serial number has already been issued
098         */
099        public abstract boolean isCertificateIssued(BigInteger sNo) throws CertificationAuthorityException;
100    
101        /**
102         * This method returns the next serial number that can be used to issue a certificate and increments the
103         * highest serial number.
104         */
105        public abstract BigInteger getNextSerialNumber() throws CertificationAuthorityException;
106    
107        /**
108         * This method retrieves a certificate with the specified serial number.
109         * @param sNo The serial number of the certificate to be retrieved
110         * @return java.security.cert.Certificate instance of the certificate
111         */
112        public abstract Certificate getCertificate(BigInteger sNo) throws CertificationAuthorityException;
113    
114        /**
115         * This method retrieves a certificate with the specified serial number.
116         * @param sNo The serial number of the certificate to be retrieved
117         * @return base64 encoded certificate text
118         */
119        public abstract String getCertificateBase64Text(BigInteger sNo) throws CertificationAuthorityException;
120    }