isignsessionremote.java

一套JAVA的CA证书签发系统.

    
    /**
     * Requests for a certificate of the specified type to be created for the passed public key.
     * The method queries the user database for authorization of the user.
     *
     * @param admin Information about the administrator or admin preforming the event.
     * @param username unique username within the instance.
     * @param password password for the user.
     * @param certType integer type of certificate taken from CertificateData.CERT_TYPE_XXX. the
     *        type CertificateData.CERT_TYPE_ENCRYPTION gives keyUsage keyEncipherment,
     *        dataEncipherment. the type CertificateData.CERT_TYPE_SIGNATURE gives keyUsage
     *        digitalSignature, non-repudiation. all other CERT_TYPES gives the default keyUsage
     *        digitalSignature, keyEncipherment
     * @param pk the public key to be put in the created certificate.
     *
     * @return The newly created certificate or null.
     *
     * @throws ObjectNotFoundException if the user does not exist.
     * @throws AuthStatusException If the users status is incorrect.
     * @throws AuthLoginException If the password is incorrect.
     * @throws IllegalKeyException if the public key is of wrong type.
     * @throws RemoteException if a communication or other error occurs.
     *
     * @see se.anatom.ejbca.ca.store.CertificateData
     */
    public Certificate createCertificate(Admin admin, String username, String password,
        int certType, PublicKey pk)
        throws RemoteException, ObjectNotFoundException, AuthStatusException, AuthLoginException, 
            IllegalKeyException, CADoesntExistsException;

    /**
     * Requests for a certificate to be created for the passed public key wrapped in a self-signed
     * certificate. Verification of the signature (proof-of-possesion) on the request is
     * performed, and an exception thrown if verification fails. The method queries the user
     * database for authorization of the user.
     *
     * @param admin Information about the administrator or admin preforming the event.
     * @param username unique username within the instance.
     * @param password password for the user.
     * @param incert a certificate containing the public key to be put in the created certificate.
     *        Other (requested) parameters in the passed certificate can be used, such as DN,
     *        Validity, KeyUsage etc. Currently only KeyUsage is considered!
     *
     * @return The newly created certificate or null.
     *
     * @throws ObjectNotFoundException if the user does not exist.
     * @throws AuthStatusException If the users status is incorrect.
     * @throws AuthLoginException If the password is incorrect.
     * @throws IllegalKeyException if the public key is of wrong type.
     * @throws SignRequestSignatureException if the provided client certificate was not signed by
     *         the CA.
     * @throws RemoteException if a communication or other error occurs.
     */
    public Certificate createCertificate(Admin admin, String username, String password,
        Certificate incert)
        throws RemoteException, ObjectNotFoundException, AuthStatusException, AuthLoginException, 
            IllegalKeyException, CADoesntExistsException, SignRequestSignatureException;

    /**
     * Requests for a certificate to be created for the passed public key wrapped in a
     * certification request message (ex PKCS10). Verification of the signature
     * (proof-of-possesion) on the request is performed, and an exception thrown if verification
     * fails. The method queries the user database for authorization of the user.
     *
     * @param admin Information about the administrator or admin preforming the event.
     * @param req a Certification Request message, containing the public key to be put in the
     *        created certificate. Currently no additional parameters in requests are considered!
     *        Currently no additional parameters in the PKCS10 request is considered!
     * @param responseClass The implementation class that will be used as the response message.
     *
     * @return The newly created response message or null.
     *
     * @throws ObjectNotFoundException if the user does not exist.
     * @throws AuthStatusException If the users status is incorrect.
     * @throws AuthLoginException If the password is incorrect.
     * @throws IllegalKeyException if the public key is of wrong type.
     * @throws SignRequestException if the provided request is invalid.
     * @throws SignRequestSignatureException if the provided client certificate was not signed by
     *         the CA.
     * @throws RemoteException if a communication or other error occurs.
     *
     * @see se.anatom.ejbca.protocol.IRequestMessage
     */
    public IResponseMessage createCertificate(Admin admin, IRequestMessage req, Class responseClass)
        throws RemoteException, ObjectNotFoundException, AuthStatusException, AuthLoginException, 
            IllegalKeyException, CADoesntExistsException, SignRequestException, SignRequestSignatureException;

    /**
     * Requests for a certificate to be created for the passed public key wrapped in a
     * certification request message (ex PKCS10).  The username and password used to authorize is
     * taken from the request message. Verification of the signature (proof-of-possesion) on the
     * request is performed, and an exception thrown if verification fails. The method queries the
     * user database for authorization of the user.
     *
     * @param admin Information about the administrator or admin preforming the event.
     * @param req a Certification Request message, containing the public key to be put in the
     *        created certificate. Currently no additional parameters in requests are considered!
     * @param keyUsage integer with bit mask describing desired keys usage. Bit mask is packed in
     *        in integer using contants from CertificateData. ex. int keyusage =
     *        CertificateData.digitalSignature | CertificateData.nonRepudiation; gives
     *        digitalSignature and nonRepudiation. ex. int keyusage = CertificateData.keyCertSign
     *        | CertificateData.cRLSign; gives keyCertSign and cRLSign. Keyusage < 0 means that default 
     *        keyUsage should be used.
     * @param responseClass The implementation class that will be used as the response message.
     *
     * @return The newly created response or null.
     *
     * @throws ObjectNotFoundException if the user does not exist.
     * @throws AuthStatusException If the users status is incorrect.
     * @throws AuthLoginException If the password is incorrect.
     * @throws IllegalKeyException if the public key is of wrong type.
     * @throws CADoesntExistsException if the targeted CA does not exist
     * @throws SignRequestException if the provided request is invalid.
     * @throws SignRequestSignatureException if the provided client certificate was not signed by
     *         the CA.
     * @throws RemoteException if a communication or other error occurs.
     *
     * @see se.anatom.ejbca.ca.store.CertificateData
     * @see se.anatom.ejbca.protocol.IRequestMessage
     * @see se.anatom.ejbca.protocol.IResponseMessage
     * @see se.anatom.ejbca.protocol.X509ResponseMessage
     */
    public IResponseMessage createCertificate(Admin admin, IRequestMessage req, int keyUsage,
        Class responseClass)
        throws RemoteException, ObjectNotFoundException, AuthStatusException, AuthLoginException, 
            IllegalKeyException, CADoesntExistsException, SignRequestException, SignRequestSignatureException;

    /**
     * Requests for a CRL to be sent back in the requested response format (ex SCEP).  
     * The information used to find out which CRL is taken from the request message. 
     * Verification of the signature (proof-of-possesion) on the request is performed, 
     * and an exception thrown if verification fails. 
     *
     * @param admin Information about the administrator or admin preforming the event.
     * @param req a CRL Request message
     * @param responseClass The implementation class that will be used as the response message.
     *
     * @return The newly created response or null.
     *
     * @throws ObjectNotFoundException if the user does not exist.
     * @throws AuthStatusException If the users status is incorrect.
     * @throws AuthLoginException If the password is incorrect.
     * @throws IllegalKeyException if the public key is of wrong type.
     * @throws CADoesntExistsException if the targeted CA does not exist
     * @throws SignRequestException if the provided request is invalid.
     * @throws SignRequestSignatureException if the provided client certificate was not signed by
     *         the CA.
     * @throws RemoteException if a communication or other error occurs.
     *
     * @see se.anatom.ejbca.ca.store.CertificateData
     * @see se.anatom.ejbca.protocol.IRequestMessage
     * @see se.anatom.ejbca.protocol.IResponseMessage
     * @see se.anatom.ejbca.protocol.X509ResponseMessage
     */
    public IResponseMessage getCRL(Admin admin, IRequestMessage req, Class responseClass)
        throws RemoteException, IllegalKeyException, CADoesntExistsException, SignRequestException, SignRequestSignatureException;

    /**
	 * Requests for a CRL to be created with the passed (revoked) certificates.
	 *
	 * @param admin Information about the administrator or admin preforming the event.
	 * @param certs vector of RevokedCertInfo object.
	 *
	 * @return The newly created CRL or null.
	 *
	 * @throws RemoteException if a communication or other error occurs.
	 */
    public X509CRL createCRL(Admin admin, int caid, Vector certs) throws RemoteException;
    
    /**
     * Method used to perform a extended CA Service, like OCSP CA Service.
     * 
     * 
     * @param admin Information about the administrator or admin preforming the event. 
     * @param caid the ca that should perform the service
     * @param request a service request.
     * @return A corresponding response.
     * @throws IllegalExtendedCAServiceRequestException if the request was invalid.
     * @throws ExtendedCAServiceNotActiveException thrown when the service for the given CA isn't activated
     * @throws CADoesntExistsException The given caid doesn't exists.
     */
    
	public ExtendedCAServiceResponse extendedService(Admin admin, int caid, ExtendedCAServiceRequest request) 
	  throws RemoteException, ExtendedCAServiceRequestException, IllegalExtendedCAServiceRequestException, ExtendedCAServiceNotActiveException, CADoesntExistsException;
    
    
   /**
    * Method that publishes the given CA certificate chain to the list of publishers.
    * Is mainly used by CAAdminSessionBean when CA is created.
    * 
    *  @param admin Information about the administrator or admin preforming the event.
    *  @param certificatechain certchain of certificate to publish
    *  @param publishers a collection if publisher id's (Integer) indicating which publisher that should be used.
    *  @param certtype is one of SecConst.CERTTYPE_ constants
    */
    public void publishCACertificate(Admin admin, Collection certificatechain, Collection publishers, int certtype) throws RemoteException;
    
}