Overview  Package   Class  Tree  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.ejbca.core.protocol.ws.client.gen
Interface EjbcaWS

public interface EjbcaWS

Primary interface to the EJBCA RA WebService. Observe: All methods have to be called using client authenticated https otherwise an AuthorizationDenied exception will be thrown.

Version:
$Id: IEjbcaWS.java 14975 2012-06-16 12:28:32Z primelars $
Author:
Philip Vendil et al

Method Summary
 void caCertResponse(java.lang.String caname, byte[] cert, java.util.List<byte[]> cachain, java.lang.String keystorepwd)
          Receives a certificate as a response to a CSR from the CA.
 byte[] caRenewCertRequest(java.lang.String caname, java.util.List<byte[]> cachain, boolean regenerateKeys, boolean usenextkey, boolean activatekey, java.lang.String keystorepwd)
          Generates a certificate request (CSP) from a CA.
 CertificateResponse certificateRequest(UserDataVOWS userData, java.lang.String requestData, int requestType, java.lang.String hardTokenSN, java.lang.String responseType)
          Generates a certificate for a user.
 RevokeStatus checkRevokationStatus(java.lang.String issuerDN, java.lang.String certificateSN)
          Returns revocation status for given user.
 void createCRL(java.lang.String caname)
          Generates a CRL for the given CA.
 CertificateResponse crmfRequest(java.lang.String username, java.lang.String password, java.lang.String crmf, java.lang.String hardTokenSN, java.lang.String responseType)
          Generates a certificate for a user.
 void customLog(int level, java.lang.String type, java.lang.String caName, java.lang.String username, Certificate certificate, java.lang.String msg)
          Generates a Custom Log event in the database.
 java.util.List<Certificate> cvcRequest(java.lang.String username, java.lang.String password, java.lang.String cvcreq)
          Generates a CV certificate for a user.
 boolean deleteUserDataFromSource(java.util.List<java.lang.String> userDataSourceNames, java.lang.String searchString, boolean removeMultipleMatch)
          Removes user data from a user data source.
 void editUser(UserDataVOWS userdata)
          Edits/adds a user to the EJBCA database.
 boolean existsHardToken(java.lang.String hardTokenSN)
          Looks up if a serial number already have been generated.
 java.util.List<UserDataSourceVOWS> fetchUserData(java.util.List<java.lang.String> userDataSourceNames, java.lang.String searchString)
          Fetches userdata from an existing UserDataSource.
 java.util.List<Certificate> findCerts(java.lang.String username, boolean onlyValid)
          Retrieves a collection of certificates generated for a user.
 java.util.List<UserDataVOWS> findUser(UserMatch usermatch)
          Retrieves information about users in the database.
 java.util.List<TokenCertificateResponseWS> genTokenCertificates(UserDataVOWS userData, java.util.List<TokenCertificateRequestWS> tokenRequests, HardTokenDataWS hardTokenData, boolean overwriteExistingSN, boolean revokePreviousCards)
          Adds certificates and/or data to a hardtoken.
 java.util.List<NameAndId> getAuthorizedEndEntityProfiles()
          Fetches the end-entity profiles that the administrator is authorized to use.
 java.util.List<NameAndId> getAvailableCAs()
          Fetch a list of the ids and names of available CAs.
 java.util.List<NameAndId> getAvailableCAsInProfile(int entityProfileId)
          Fetches the ids and names of available CAs in an end entity profile.
 java.util.List<NameAndId> getAvailableCertificateProfiles(int entityProfileId)
          Fetches available certificate profiles in an end entity profile.
 Certificate getCertificate(java.lang.String certSNinHex, java.lang.String issuerDN)
          Fetches issued certificate.
 java.lang.String getEjbcaVersion()
          Returns the version of the EJBCA server.
 HardTokenDataWS getHardTokenData(java.lang.String hardTokenSN, boolean viewPUKData, boolean onlyValidCertificates)
          Fetches information about a hard token.
 java.util.List<HardTokenDataWS> getHardTokenDatas(java.lang.String username, boolean viewPUKData, boolean onlyValidCertificates)
          Fetches all hard tokens for a given user.
 java.util.List<Certificate> getLastCAChain(java.lang.String caname)
          Retrieves the latest CA path Note: the whole certificate chain is returned.
 java.util.List<Certificate> getLastCertChain(java.lang.String username)
          Retrieves the latest certificate issued to the user.
 int getPublisherQueueLength(java.lang.String name)
          Returns the length of a publisher queue.
 int isApproved(int approvalId)
          Looks up if a requested action has been approved.
 boolean isAuthorized(java.lang.String resource)
          Checks if a user is authorized to a given resource.
 void keyRecoverNewest(java.lang.String username)
          Marks the user's latest certificate for key recovery.
 CertificateResponse pkcs10Request(java.lang.String username, java.lang.String password, java.lang.String pkcs10, java.lang.String hardTokenSN, java.lang.String responseType)
          Generates a certificate for a user.
 KeyStore pkcs12Req(java.lang.String username, java.lang.String password, java.lang.String hardTokenSN, java.lang.String keyspec, java.lang.String keyalg)
          Creates a server-generated keystore.
 void republishCertificate(java.lang.String serialNumberInHex, java.lang.String issuerDN)
          Republishes a selected certificate.
 void revokeCert(java.lang.String issuerDN, java.lang.String certificateSN, int reason)
          Same as revokeCertBackdated(String, String, int, String) but revocation date is current time.
 void revokeCertBackdated(java.lang.String issuerDN, java.lang.String certificateSN, int reason, java.lang.String sDate)
          Revokes a user certificate.
 void revokeToken(java.lang.String hardTokenSN, int reason)
          Revokes all certificates mapped to a hardtoken.
 void revokeUser(java.lang.String username, int reason, boolean deleteUser)
          Revokes all of a user's certificates.
 KeyStore softTokenRequest(UserDataVOWS userData, java.lang.String hardTokenSN, java.lang.String keyspec, java.lang.String keyalg)
          Generates a soft token certificate for a user.
 CertificateResponse spkacRequest(java.lang.String username, java.lang.String password, java.lang.String spkac, java.lang.String hardTokenSN, java.lang.String responseType)
          Generates a certificate for a user.
 

Method Detail

caCertResponse

void caCertResponse(java.lang.String caname,
                    byte[] cert,
                    java.util.List<byte[]> cachain,
                    java.lang.String keystorepwd)
                    throws ApprovalException_Exception,
                           AuthorizationDeniedException_Exception,
                           CADoesntExistsException_Exception,
                           EjbcaException_Exception,
                           WaitingForApprovalException_Exception
Receives a certificate as a response to a CSR from the CA. The CSR might have been generated using the caRenewCertRequest. When the certificate is imported it is verified that the CA keys match the received certificate. This can be used to activate a new key pair on the CA. If the certificate does not match the existing key pair, but another key pair on the CAs token, this key pair can be activated and used as the CAs operational signature key pair. Authorization requirements: the client certificate must have the following privileges set
 - Administrator flag set
 - /administrator
 - /ca_functionality/renew_ca
 - /ca/<ca to import certificate>
This method auto-senses if there is a new CA key that needs to be activated, it does this by comparing the public key in cert with public keys in the CAs token

Parameters:
caname - The name in EJBCA for the CA that will create the CSR
cert - the CA certificate to import. Certificate format is the binary certificate bytes.
cachain - the certificate chain for the CA this request is targeted for, the signing CA is in pos 0, it's CA (if it exists) in pos 1 etc. Certificate format is the binary certificate bytes.
keystorepwd - If there is a new CA key that must be activates the keystore password is needed. Set to null if the request was generated using the existing CA keys.
Throws:
CADoesntExistsException_Exception - if caname does not exist
AuthorizationDeniedException_Exception - if administrator is not authorized to import certificate.
ApprovalException_Exception - if the operation requires approval from another CA administrator, in this case an approval request is created for another administrator to approve
WaitingForApprovalException_Exception - if there is already a request waiting for approval
EjbcaException_Exception - other errors in which case an org.ejbca.core.ErrorCade is set in the EjbcaException

caRenewCertRequest

byte[] caRenewCertRequest(java.lang.String caname,
                          java.util.List<byte[]> cachain,
                          boolean regenerateKeys,
                          boolean usenextkey,
                          boolean activatekey,
                          java.lang.String keystorepwd)
                          throws ApprovalException_Exception,
                                 AuthorizationDeniedException_Exception,
                                 CADoesntExistsException_Exception,
                                 EjbcaException_Exception,
                                 WaitingForApprovalException_Exception
Generates a certificate request (CSP) from a CA. The CSR can be sent to another CA to be signed, thus making the CA a sub CA of the signing CA. Can also be used for cross-certification. The method can use an existing key pair of the CA or generate a new key pair. The new key pair does not have to be activated and used as the CAs operational signature keys. Authorization requirements: the client certificate must have the following privileges set
 - Administrator flag set
 - /administrator
 - /ca_functionality/renew_ca
 - /ca/<ca to renew>

Parameters:
caname - The name in EJBCA for the CA that will create the CSR
cachain - the certificate chain for the CA this request is targeted for, the signing CA is in pos 0, it's CA (if it exists) in pos 1 etc. Certificate format is the binary certificate bytes. For DV renewals the cachain may be an empty list if there is a matching imported CVCA. Matching means having the same mnemonic,country and sequence as well as being external.
regenerateKeys - if renewing a CA this is used to also generate a new KeyPair, if this is true and activatekey is false, the new key will not be activated immediately, but added as "next" signingkey.
usenextkey - if regenerateKey is true this should be false. Otherwise it makes a request using an already existing "next" signing key, perhaps from a previous call with regenerateKeys true.
activatekey - if regenerateKey is true or usenextkey is true, setting this flag to true makes the new or "next" key be activated when the request is created.
keystorepwd - password used when regenerating keys or activating keys, can be null if regenerateKeys and activatekey is false.
Returns:
byte array with binary encoded certificate request to be sent to signing CA.
Throws:
CADoesntExistsException_Exception - if caname does not exist
AuthorizationDeniedException_Exception - if administrator is not authorized to create request, renew keys etc.
ApprovalException_Exception - if a non-expired approval for this action already exists, i.e. the same action has already been requested.
WaitingForApprovalException_Exception - if the operation requires approval from another CA administrator, in this case an approval request is created for another administrator to approve
EjbcaException_Exception - other errors in which case an org.ejbca.core.ErrorCade is set in the EjbcaException

certificateRequest

CertificateResponse certificateRequest(UserDataVOWS userData,
                                       java.lang.String requestData,
                                       int requestType,
                                       java.lang.String hardTokenSN,
                                       java.lang.String responseType)
                                       throws ApprovalException_Exception,
                                              AuthorizationDeniedException_Exception,
                                              CADoesntExistsException_Exception,
                                              EjbcaException_Exception,
                                              NotFoundException_Exception,
                                              UserDoesntFullfillEndEntityProfile_Exception,
                                              WaitingForApprovalException_Exception
Generates a certificate for a user. If the user is not already present in the database, the user is added.
Status is automatically set to STATUS_NEW.

Authorization requirements:

 - Administrator flag set
 - /administrator
 - /ra_functionality/create_end_entity and/or edit_end_entity
 - /endentityprofilesrules/<end entity profile of user>/create_end_entity and/or edit_end_entity
 - /ca_functionality/create_certificate
 - /ca/<ca of user>
When the requestType is PUBLICKEY the requestData should be an SubjectPublicKeyInfo structure either base64 encoded or in PEM format.

Parameters:
userData - the user
requestData - the PKCS10/CRMF/SPKAC/PUBLICKEY request in base64
requestType - PKCS10, CRMF, SPKAC or PUBLICKEY request as specified by CertificateHelper.CERT_REQ_TYPE_ parameters.
hardTokenSN - If the certificate should be connected with a hardtoken, it is possible to map it by give the hardTokenSN here, this will simplify revocation of a token certificates. Use null if no hardtokenSN should be associated with the certificate.
responseType - indicating which type of answer that should be returned, on of the CertificateHelper.RESPONSETYPE_ parameters.
Returns:
the generated certificate, in either just X509Certificate or PKCS7
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
AuthorizationDeniedException_Exception - if client isn't authorized to request
NotFoundException_Exception - if user cannot be found
UserDoesntFullfillEndEntityProfile_Exception
ApprovalException_Exception
WaitingForApprovalException_Exception
EjbcaException_Exception
IllegalQueryException
See Also:
editUser(UserDataVOWS)

checkRevokationStatus

RevokeStatus checkRevokationStatus(java.lang.String issuerDN,
                                   java.lang.String certificateSN)
                                   throws AuthorizationDeniedException_Exception,
                                          CADoesntExistsException_Exception,
                                          EjbcaException_Exception
Returns revocation status for given user. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /ca/<ca of certificate>

Parameters:
issuerDN -
certificateSN - a hexa decimal string
Returns:
the revocation status or null i certificate doesn't exists.
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
AuthorizationDeniedException_Exception - if client isn't authorized.
EjbcaException_Exception
See Also:
RevokeStatus

createCRL

void createCRL(java.lang.String caname)
               throws ApprovalException_Exception,
                      ApprovalRequestExpiredException_Exception,
                      CADoesntExistsException_Exception,
                      EjbcaException_Exception
Generates a CRL for the given CA. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /ca/<caid>

Parameters:
caname - the name in EJBCA of the CA that should have a new CRL generated
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
ApprovalException_Exception
EjbcaException_Exception - if an error occured
ApprovalRequestExpiredException_Exception

crmfRequest

CertificateResponse crmfRequest(java.lang.String username,
                                java.lang.String password,
                                java.lang.String crmf,
                                java.lang.String hardTokenSN,
                                java.lang.String responseType)
                                throws AuthorizationDeniedException_Exception,
                                       CADoesntExistsException_Exception,
                                       EjbcaException_Exception,
                                       NotFoundException_Exception
Generates a certificate for a user. Works the same as pkcs10Request.

Parameters:
username - the unique username
password - the password sent with editUser call
crmf - the CRMF request message (only the public key is used.)
responseType - indicating which type of answer that should be returned, on of the CertificateHelper.RESPONSETYPE_ parameters.
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
AuthorizationDeniedException_Exception
NotFoundException_Exception
EjbcaException_Exception
See Also:
pkcs10Request(String, String, String, String, String)

customLog

void customLog(int level,
               java.lang.String type,
               java.lang.String caName,
               java.lang.String username,
               Certificate certificate,
               java.lang.String msg)
               throws AuthorizationDeniedException_Exception,
                      CADoesntExistsException_Exception,
                      EjbcaException_Exception
Generates a Custom Log event in the database. Authorization requirements: 
 - Administrator flag set
 - /administrator
 - /log_functionality/log_custom_events (must be configured in advanced mode when editing access rules)

Parameters:
level - of the event, one of IEjbcaWS.CUSTOMLOG_LEVEL_ constants
type - userdefined string used as a prefix in the log comment
caName - of the ca related to the event, use null if no specific CA is related. Then will the ca of the administrator be used.
username - of the related user, use null if no related user exists.
certificate - that relates to the log event, use null if no certificate is related
msg - message data used in the log comment. The log comment will have a syntax of 'type : msg'
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
AuthorizationDeniedException_Exception - if the administrators isn't authorized to log.
EjbcaException_Exception - if error occured server side

cvcRequest

java.util.List<Certificate> cvcRequest(java.lang.String username,
                                       java.lang.String password,
                                       java.lang.String cvcreq)
                                       throws ApprovalException_Exception,
                                              AuthorizationDeniedException_Exception,
                                              CADoesntExistsException_Exception,
                                              CertificateExpiredException_Exception,
                                              EjbcaException_Exception,
                                              NotFoundException_Exception,
                                              SignRequestException_Exception,
                                              UserDoesntFullfillEndEntityProfile_Exception,
                                              WaitingForApprovalException_Exception
Generates a CV certificate for a user. Uses the same authorizations as editUser and pkcs10Request responseType is always CertificateHelper.RESPONSETYPE_CERTIFICATE.

Parameters:
username - the user name of the user requesting the certificate.
password - the password for initial enrollment, not used for renewal requests that can be authenticated using signatures with keys with valid certificates.
cvcreq - Base64 encoded CVC request message.
Returns:
the full certificate chain for the IS, with IS certificate in pos 0, DV in 1, CVCA in 2.
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
AuthorizationDeniedException_Exception - if administrator is not authorized to edit end entity or if an authenticated request can not be verified
SignRequestException_Exception - if the provided request is invalid, for example not containing a username or password
UserDoesntFullfillEndEntityProfile_Exception
NotFoundException_Exception
EjbcaException_Exception - for other errors, an error code like ErrorCode.SIGNATURE_ERROR (popo/inner signature verification failed) is set.
ApprovalException_Exception
WaitingForApprovalException_Exception
CertificateExpiredException_Exception
See Also:
editUser(UserDataVOWS), pkcs10Request(String, String, String, String, String), ErrorCode

deleteUserDataFromSource

boolean deleteUserDataFromSource(java.util.List<java.lang.String> userDataSourceNames,
                                 java.lang.String searchString,
                                 boolean removeMultipleMatch)
                                 throws AuthorizationDeniedException_Exception,
                                        EjbcaException_Exception,
                                        MultipleMatchException_Exception,
                                        UserDataSourceException_Exception
Removes user data from a user data source. Important removal functionality of a user data source is optional to implement so it isn't certain that this method works with the given user data source. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /userdatasourcesrules/<user data source>/remove_userdata (for all the given user data sources)
 - /ca/<all cas defined in all the user data sources>

Parameters:
userDataSourceNames - the names of the userdata source to remove from
searchString - the search string to search for
removeMultipleMatch - if multiple matches of a search string should be removed othervise is none removed.
Returns:
true if the user was remove successfully from at least one of the user data sources.
Throws:
AuthorizationDeniedException_Exception - if the user isn't authorized to remove userdata from any of the specified user data sources
MultipleMatchException_Exception - if the searchstring resulted in a multiple match and the removeMultipleMatch was set to false.
UserDataSourceException_Exception - if an error occured during the communication with the user data source.
EjbcaException_Exception - if error occured server side

editUser

void editUser(UserDataVOWS userdata)
              throws ApprovalException_Exception,
                     AuthorizationDeniedException_Exception,
                     CADoesntExistsException_Exception,
                     EjbcaException_Exception,
                     UserDoesntFullfillEndEntityProfile_Exception,
                     WaitingForApprovalException_Exception
Edits/adds a user to the EJBCA database. If the user doesn't already exists it will be added otherwise it will be overwritten. Observe: if the user doesn't already exists, it's status will always be set to 'New'. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /ra_functionality/create_end_entity and/or edit_end_entity
 - /endentityprofilesrules/<end entity profile of user>/create_end_entity and/or edit_end_entity
 - /ca/<ca of user>

Parameters:
userdata - contains all the information about the user about to be added. clearPwd indicates it the password should be stored in clear text, required when creating server generated keystores.
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
ApprovalException_Exception
AuthorizationDeniedException_Exception
UserDoesntFullfillEndEntityProfile_Exception
WaitingForApprovalException_Exception
EjbcaException_Exception
IllegalQueryException

existsHardToken

boolean existsHardToken(java.lang.String hardTokenSN)
                        throws EjbcaException_Exception
Looks up if a serial number already have been generated. Authorization requirements: A valid certificate

Parameters:
hardTokenSN - the serial number of the token to look for.
Returns:
true if hard token exists
Throws:
EjbcaException_Exception - if error occurred server side

fetchUserData

java.util.List<UserDataSourceVOWS> fetchUserData(java.util.List<java.lang.String> userDataSourceNames,
                                                 java.lang.String searchString)
                                                 throws AuthorizationDeniedException_Exception,
                                                        EjbcaException_Exception,
                                                        UserDataSourceException_Exception
Fetches userdata from an existing UserDataSource. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /userdatasourcesrules/<user data source>/fetch_userdata (for all the given user data sources)
 - /ca/<all cas defined in all the user data sources>
If not turned of in jaxws.properties then only a valid certificate required

Parameters:
userDataSourceNames - a List of User Data Source Names
searchString - to identify the userdata.
Returns:
a List of UserDataSourceVOWS of the data in the specified UserDataSources, if no user data is found will an empty list be returned.
Throws:
UserDataSourceException_Exception - if an error occurred connecting to one of UserDataSources
AuthorizationDeniedException_Exception
EjbcaException_Exception

findCerts

java.util.List<Certificate> findCerts(java.lang.String username,
                                      boolean onlyValid)
                                      throws AuthorizationDeniedException_Exception,
                                             EjbcaException_Exception
Retrieves a collection of certificates generated for a user. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /ra_functionality/view_end_entity
 - /endentityprofilesrules/<end entity profile>/view_end_entity
 - /ca/<ca of user>

Parameters:
username - a unique username
onlyValid - only return valid certs not revoked or expired ones.
Returns:
a collection of Certificates or an empty list if no certificates, or no user, could be found
Throws:
AuthorizationDeniedException_Exception - if client isn't authorized to request
EjbcaException_Exception

findUser

java.util.List<UserDataVOWS> findUser(UserMatch usermatch)
                                      throws AuthorizationDeniedException_Exception,
                                             EjbcaException_Exception,
                                             IllegalQueryException_Exception
Retrieves information about users in the database. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /ra_functionality/view_end_entity
 - /endentityprofilesrules//view_end_entity
 - /ca/

Parameters:
usermatch - the unique user pattern to search for
Returns:
a array of UserDataVOWS objects (Max 100) containing the information about the user or null if there are no matches.
Throws:
AuthorizationDeniedException_Exception - if client isn't authorized to request
IllegalQueryException_Exception - if query isn't valid
EjbcaException_Exception

genTokenCertificates

java.util.List<TokenCertificateResponseWS> genTokenCertificates(UserDataVOWS userData,
                                                                java.util.List<TokenCertificateRequestWS> tokenRequests,
                                                                HardTokenDataWS hardTokenData,
                                                                boolean overwriteExistingSN,
                                                                boolean revokePreviousCards)
                                                                throws ApprovalException_Exception,
                                                                       ApprovalRequestExecutionException_Exception,
                                                                       ApprovalRequestExpiredException_Exception,
                                                                       AuthorizationDeniedException_Exception,
                                                                       CADoesntExistsException_Exception,
                                                                       EjbcaException_Exception,
                                                                       HardTokenExistsException_Exception,
                                                                       UserDoesntFullfillEndEntityProfile_Exception,
                                                                       WaitingForApprovalException_Exception
Adds certificates and/or data to a hardtoken. Authorization requirements:
 If the caller is an administrator
 - Administrator flag set
 - /administrator
 - /ra_functionality/create_end_entity and/or edit_end_entity
 - /endentityprofilesrules/<end entity profile>/create_end_entity and/or edit_end_entity
 - /ra_functionality/revoke_end_entity (if overwrite flag is set)
 - /endentityprofilesrules/<end entity profile>/revoke_end_entity (if overwrite flag is set)
 - /ca_functionality/create_certificate
 - /ca/<ca of all requested certificates>
 - /hardtoken_functionality/issue_hardtokens
If the user isn't an administrator the request will be added to a queue for approval.

Parameters:
userData - of the user that should be generated
tokenRequests - a list of certificate requests
hardTokenData - data containing PIN/PUK info
overwriteExistingSN - if the the current hardtoken should be overwritten instead of throwing HardTokenExists exception. If a card is overwritten, all previous certificates on the card is revoked.
revokePreviousCards - tells the service to revoke old cards issued to this user. If the present card have the label TEMPORARY_CARD old cards is set to CERTIFICATE_ONHOLD otherwise UNSPECIFIED.
Returns:
a List of the generated certificates.
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
AuthorizationDeniedException_Exception - if the administrator isn't authorized.
WaitingForApprovalException_Exception - if the caller is a non-admin a must be approved before it is executed.
HardTokenExistsException_Exception - if the given hardtoken serial number already exists.
ApprovalRequestExpiredException_Exception - if the request for approval have expired.
ApprovalException_Exception - if error happened with the approval mechanisms
WaitingForApprovalException - if the request haven't been processed yet.
ApprovalRequestExecutionException_Exception - if the approval request was rejected
UserDoesntFullfillEndEntityProfile_Exception
EjbcaException_Exception

getAuthorizedEndEntityProfiles

java.util.List<NameAndId> getAuthorizedEndEntityProfiles()
                                                         throws AuthorizationDeniedException_Exception,
                                                                EjbcaException_Exception
Fetches the end-entity profiles that the administrator is authorized to use. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /endentityprofilesrules/<end entity profile>
Authored by Sebastien Levesque, Linagora. Javadoced by Tomas Gustavsson

Returns:
array of NameAndId of available end entity profiles, if no profiles are found will an empty array be returned of size 0, never null.
Throws:
EjbcaException_Exception - if an error occured
AuthorizationDeniedException_Exception
See Also:
"IRaAdminSessionLocal#getAuthorizedEndEntityProfileIds()"

getAvailableCAs

java.util.List<NameAndId> getAvailableCAs()
                                          throws AuthorizationDeniedException_Exception,
                                                 EjbcaException_Exception
Fetch a list of the ids and names of available CAs. Note: available means not having status "external" or "waiting for certificate response". Authorization requirements:
 - Administrator flag set
 - /administrator
If not turned of in jaxws.properties then only a valid certificate required Authored by Sebastien Levesque, Linagora. Javadoced by Tomas Gustavsson

Returns:
array of NameAndId of available CAs, if no CAs are found will an empty array be returned of size 0, never null.
Throws:
EjbcaException_Exception - if an error occured
AuthorizationDeniedException_Exception
See Also:
"ICAAdminSessionLocal#getAvailableCAs()"

getAvailableCAsInProfile

java.util.List<NameAndId> getAvailableCAsInProfile(int entityProfileId)
                                                   throws AuthorizationDeniedException_Exception,
                                                          EjbcaException_Exception
Fetches the ids and names of available CAs in an end entity profile. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /endentityprofilesrules/<end entity profile>
If not turned of in jaxws.properties then only a valid certificate required Authorws by Sebastien Levesque, Linagora. Javadoced by Tomas Gustavsson

Parameters:
entityProfileId - id of an end entity profile where we want to find which CAs are available
Returns:
array of NameAndId of available CAs in the specified end entity profile, if no CAs are found will an empty array be returned of size 0, never null.
Throws:
EjbcaException_Exception - if an error occured
AuthorizationDeniedException_Exception

getAvailableCertificateProfiles

java.util.List<NameAndId> getAvailableCertificateProfiles(int entityProfileId)
                                                          throws AuthorizationDeniedException_Exception,
                                                                 EjbcaException_Exception
Fetches available certificate profiles in an end entity profile. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /endentityprofilesrules/<end entity profile>
Authored by Sebastien Levesque, Linagora. Javadoced by Tomas Gustavsson

Parameters:
entityProfileId - id of an end entity profile where we want to find which certificate profiles are available
Returns:
array of NameAndId of available certificate profiles, if no profiles are found will an empty array be returned of size 0, never null.
Throws:
EjbcaException_Exception - if an error occured
AuthorizationDeniedException_Exception

getCertificate

Certificate getCertificate(java.lang.String certSNinHex,
                           java.lang.String issuerDN)
                           throws AuthorizationDeniedException_Exception,
                                  CADoesntExistsException_Exception,
                                  EjbcaException_Exception
Fetches issued certificate. Authorization requirements:
 - A valid certificate
 - /ca_functionality/view_certificate
 - /ca/<of the issing CA>

Parameters:
certSNinHex - the certificate serial number in hexadecimal representation
issuerDN - the issuer of the certificate
Returns:
the certificate (in WS representation) or null if certificate couldn't be found.
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
AuthorizationDeniedException_Exception - if the calling administrator isn't authorized to view the certificate
EjbcaException_Exception - if error occured server side

getEjbcaVersion

java.lang.String getEjbcaVersion()
Returns the version of the EJBCA server. Authorization requirements: - none

Returns:
String with the version of EJBCA, i.e. "EJBCA 3.6.2"

getHardTokenData

HardTokenDataWS getHardTokenData(java.lang.String hardTokenSN,
                                 boolean viewPUKData,
                                 boolean onlyValidCertificates)
                                 throws ApprovalRequestExecutionException_Exception,
                                        ApprovalRequestExpiredException_Exception,
                                        AuthorizationDeniedException_Exception,
                                        CADoesntExistsException_Exception,
                                        EjbcaException_Exception,
                                        HardTokenDoesntExistsException_Exception,
                                        NotFoundException_Exception,
                                        WaitingForApprovalException_Exception
Fetches information about a hard token. If the caller is an administrator
 - Administrator flag set
 - /administrator
 - /ra_functionality/view_hardtoken
 - /endentityprofilesrules/<end entity profile>/view_hardtoken
 - /endentityprofilesrules/<end entity profile>/view_hardtoken/puk_data (if viewPUKData = true)
 - /ca/<ca of user>
If the user isn't an administrator the request willbe added to a queue for approval.

Parameters:
hardTokenSN - of the token to look for.
viewPUKData - if PUK data of the hard token should be returned.
onlyValidCertificates - of all revoked and expired certificates should be filtered.
Returns:
the HardTokenData
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
HardTokenDoesntExistsException_Exception - if the hardtokensn don't exist in database.
NotFoundException_Exception - if user for wich the hard token is registered does not exist
ApprovalRequestExpiredException_Exception - if the request for approval have expired.
ApprovalException - if error happened with the approval mechanisms
WaitingForApprovalException_Exception - if the request haven't been processed yet.
ApprovalRequestExecutionException_Exception - if the approval request was rejected
AuthorizationDeniedException_Exception
EjbcaException_Exception - if an exception occurred on server side.

getHardTokenDatas

java.util.List<HardTokenDataWS> getHardTokenDatas(java.lang.String username,
                                                  boolean viewPUKData,
                                                  boolean onlyValidCertificates)
                                                  throws AuthorizationDeniedException_Exception,
                                                         CADoesntExistsException_Exception,
                                                         EjbcaException_Exception
Fetches all hard tokens for a given user. If the caller is an administrator
 - Administrator flag set
 - /administrator
 - /ra_functionality/view_hardtoken
 - /endentityprofilesrules/<end entity profile>/view_hardtoken
 - /endentityprofilesrules/<end entity profile>/view_hardtoken/puk_data (if viewPUKData = true)

Parameters:
username - to look for.
viewPUKData - if PUK data of the hard token should be returned.
onlyValidCertificates - of all revoked and expired certificates should be filtered.
Returns:
a list of the HardTokenData generated for the user never null.
Throws:
EjbcaException_Exception - if an exception occurred on server side.
CADoesntExistsException_Exception
AuthorizationDeniedException_Exception

getLastCAChain

java.util.List<Certificate> getLastCAChain(java.lang.String caname)
                                           throws AuthorizationDeniedException_Exception,
                                                  CADoesntExistsException_Exception,
                                                  EjbcaException_Exception
Retrieves the latest CA path Note: the whole certificate chain is returned. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /ca/<ca in question>

Parameters:
caname - a unique caname
Returns:
a collection of X509Certificates or CVCCertificates with CA certificate in pos 0, and possible higer-level CA in pos 1 and upwards. If CA status is CA_WAITING_CERTIFICATE_RESPONSE the list will be of zero length
Throws:
AuthorizationDeniedException_Exception - if client isn't authorized to request
CADoesntExistsException_Exception
EjbcaException_Exception

getLastCertChain

java.util.List<Certificate> getLastCertChain(java.lang.String username)
                                             throws AuthorizationDeniedException_Exception,
                                                    EjbcaException_Exception
Retrieves the latest certificate issued to the user. Note the whole certificate chain is returned. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /ra_functionality/view_end_entity
 - /endentityprofilesrules/<end entity profile>/view_end_entity
 - /ca/<ca of user>

Parameters:
username - a unique username
Returns:
a collection of X509Certificates or null if no certificates could be found with user certificate in pos 0, SubCA in 1, RootCA in 2 etc, or if user does not exist
Throws:
AuthorizationDeniedException_Exception - if client isn't authorized to request
EjbcaException_Exception

getPublisherQueueLength

int getPublisherQueueLength(java.lang.String name)
                            throws EjbcaException_Exception
Returns the length of a publisher queue.

Parameters:
name - of the queue
Returns:
the length or -4 if the publisher does not exist
Throws:
EjbcaException_Exception

isApproved

int isApproved(int approvalId)
               throws ApprovalException_Exception,
                      ApprovalRequestExpiredException_Exception,
                      EjbcaException_Exception
Looks up if a requested action has been approved. Authorization requirements: A valid certificate

Parameters:
approvalId - unique id for the action
Returns:
the number of approvals left, 0 if approved othervis is the ApprovalDataVO.STATUS constants returned indicating the statys.
Throws:
ApprovalException_Exception - if approvalId doesn't exists
ApprovalRequestExpiredException_Exception - Throws this exception one time if one of the approvals have expired, once notified it wount throw it anymore.
EjbcaException_Exception - if error occured server side

isAuthorized

boolean isAuthorized(java.lang.String resource)
                     throws EjbcaException_Exception
Checks if a user is authorized to a given resource. Authorization requirements: a valid client certificate

Parameters:
resource - the access rule to test
Returns:
true if the user is authorized to the resource otherwise false.
Throws:
EjbcaException_Exception
See Also:
RevokeStatus

keyRecoverNewest

void keyRecoverNewest(java.lang.String username)
                      throws ApprovalException_Exception,
                             AuthorizationDeniedException_Exception,
                             CADoesntExistsException_Exception,
                             EjbcaException_Exception,
                             NotFoundException_Exception,
                             WaitingForApprovalException_Exception
Marks the user's latest certificate for key recovery. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /ra_functionality/keyrecovery
 - /endentityprofilesrules/<end entity profile>/keyrecovery
 - /ca/

Parameters:
username - unique username i EJBCA
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
AuthorizationDeniedException_Exception - if client isn't authorized.
NotFoundException_Exception - if user doesn't exist
WaitingForApprovalException_Exception - if request has bean added to list of tasks to be approved
ApprovalException_Exception - if there already exists an approval request for this task
EjbcaException_Exception - if there is a configuration or other error

pkcs10Request

CertificateResponse pkcs10Request(java.lang.String username,
                                  java.lang.String password,
                                  java.lang.String pkcs10,
                                  java.lang.String hardTokenSN,
                                  java.lang.String responseType)
                                  throws AuthorizationDeniedException_Exception,
                                         CADoesntExistsException_Exception,
                                         EjbcaException_Exception,
                                         NotFoundException_Exception
Generates a certificate for a user. The method must be preceded by a editUser call, either to set the userstatus to 'new' or to add non-existing users. Observe, the user must first have added/set the status to new with edituser command Authorization requirements:
 - Administrator flag set
 - /administrator
 - /ra_functionality/view_end_entity
 - /endentityprofilesrules/<end entity profile>/view_end_entity
 - /ca_functionality/create_certificate
 - /ca/<ca of user>

Parameters:
username - the unique username
password - the password sent with editUser call
pkcs10 - the base64 encoded PKCS10 (only the public key is used.)
hardTokenSN - If the certificate should be connected with a hardtoken, it is possible to map it by give the hardTokenSN here, this will simplify revocation of a tokens certificates. Use null if no hardtokenSN should be associated with the certificate.
responseType - indicating which type of answer that should be returned, on of the CertificateHelper.RESPONSETYPE_ parameters.
Returns:
the generated certificate, in either just X509Certificate or PKCS7
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
AuthorizationDeniedException_Exception - if client isn't authorized to request
NotFoundException_Exception - if user cannot be found
EjbcaException_Exception

pkcs12Req

KeyStore pkcs12Req(java.lang.String username,
                   java.lang.String password,
                   java.lang.String hardTokenSN,
                   java.lang.String keyspec,
                   java.lang.String keyalg)
                   throws AuthorizationDeniedException_Exception,
                          CADoesntExistsException_Exception,
                          EjbcaException_Exception,
                          NotFoundException_Exception
Creates a server-generated keystore. The method must be preceded by a editUser call, either to set the userstatus to 'new' or to add non-existing users and the user's token must be set to UserDataVOWS.TOKEN_TYPE_P12.
Authorization requirements: 
 - Administrator flag set
 - /administrator
 - /ra_functionality/view_end_entity
 - /endentityprofilesrules/<end entity profile>/view_end_entity
 - /ca_functionality/create_certificate
 - /ca/<ca of user>

Parameters:
username - the unique username
password - the password sent with editUser call
hardTokenSN - If the certificate should be connected with a hardtoken, it is possible to map it by give the hardTokenSN here, this will simplify revocation of a tokens certificates. Use null if no hardtokenSN should be associated with the certificate.
keyspec - that the generated key should have, examples are 1024 for RSA or prime192v1 for ECDSA.
keyalg - that the generated key should have, RSA, ECDSA. Use one of the constants in AlgorithmConstants.KEYALGORITHM_...
Returns:
the generated keystore
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
AuthorizationDeniedException_Exception - if client isn't authorized to request
NotFoundException_Exception - if user cannot be found
EjbcaException_Exception

republishCertificate

void republishCertificate(java.lang.String serialNumberInHex,
                          java.lang.String issuerDN)
                          throws AuthorizationDeniedException_Exception,
                                 CADoesntExistsException_Exception,
                                 EjbcaException_Exception,
                                 PublisherException_Exception
Republishes a selected certificate. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /ra_functionality/view_end_entity
 - /endentityprofilesrules/<end entity profile>/view_end_entity
 - /ca/<ca of user>

Parameters:
serialNumberInHex - of the certificate to republish
issuerDN - of the certificate to republish
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
AuthorizationDeniedException_Exception - if the administratior isn't authorized to republish
PublisherException_Exception - if something went wrong during publication
EjbcaException_Exception - if other error occured on the server side.

revokeCert

void revokeCert(java.lang.String issuerDN,
                java.lang.String certificateSN,
                int reason)
                throws AlreadyRevokedException_Exception,
                       ApprovalException_Exception,
                       AuthorizationDeniedException_Exception,
                       CADoesntExistsException_Exception,
                       EjbcaException_Exception,
                       NotFoundException_Exception,
                       WaitingForApprovalException_Exception
Same as revokeCertBackdated(String, String, int, String) but revocation date is current time.

Parameters:
issuerDN -
certificateSN -
reason -
Throws:
CADoesntExistsException_Exception
AuthorizationDeniedException_Exception
NotFoundException_Exception
EjbcaException_Exception
ApprovalException_Exception
WaitingForApprovalException_Exception
AlreadyRevokedException_Exception

revokeCertBackdated

void revokeCertBackdated(java.lang.String issuerDN,
                         java.lang.String certificateSN,
                         int reason,
                         java.lang.String sDate)
                         throws AlreadyRevokedException_Exception,
                                ApprovalException_Exception,
                                AuthorizationDeniedException_Exception,
                                CADoesntExistsException_Exception,
                                DateNotValidException_Exception,
                                EjbcaException_Exception,
                                NotFoundException_Exception,
                                RevokeBackDateNotAllowedForProfileException_Exception,
                                WaitingForApprovalException_Exception
Revokes a user certificate. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /ra_functionality/revoke_end_entity
 - /endentityprofilesrules//revoke_end_entity
 - /ca/<ca of certificate>

To use this call the certificate to be used must be from a certificate profile that has 'Allow back dated revocation' enabled.

If RevokeBackDateNotAllowedForProfileException is throwed then the CA is not allowing back date and you could then revoke with revokeCert(String, String, int). DateNotValidException means that the date parameter can't be parsed and in this case it might also be better with a fall back to revokeCert(String, String, int).

Parameters:
issuerDN - of the certificate to revoke
certificateSN - of the certificate to revoke
reason - for revocation, one of RevokeStatus.REVOKATION_REASON_ constants.
sDate - The revocation date. If null then the current date is used. If specified then the profile of the certificate must allow "back dating" and the date must be i the past. The parameter is specified as an ISO 8601 string. An example: 2012-06-07T23:55:59+02:00
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
AuthorizationDeniedException_Exception - if client isn't authorized.
NotFoundException_Exception - if certificate doesn't exist
WaitingForApprovalException_Exception - If request has bean added to list of tasks to be approved
ApprovalException_Exception - There already exists an approval request for this task
AlreadyRevokedException_Exception - The certificate was already revoked, or you tried to unrevoke a permanently revoked certificate
EjbcaException_Exception - internal error
RevokeBackDateNotAllowedForProfileException_Exception - if back date is not allowed in the certificate profile
DateNotValidException_Exception - if the date is not a valid ISO 8601 string or if it is in the future.

revokeToken

void revokeToken(java.lang.String hardTokenSN,
                 int reason)
                 throws AlreadyRevokedException_Exception,
                        ApprovalException_Exception,
                        AuthorizationDeniedException_Exception,
                        CADoesntExistsException_Exception,
                        EjbcaException_Exception,
                        NotFoundException_Exception,
                        WaitingForApprovalException_Exception
Revokes all certificates mapped to a hardtoken. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /ra_functionality/revoke_end_entity
 - /endentityprofilesrules//revoke_end_entity
 - /ca/<ca of certificates on token>

Parameters:
hardTokenSN - of the hardTokenSN
reason - for revocation, one of RevokeStatus.REVOKATION_REASON_ constants
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
AuthorizationDeniedException_Exception - if client isn't authorized.
NotFoundException_Exception - if token doesn't exist
WaitingForApprovalException_Exception - If request has bean added to list of tasks to be approved
ApprovalException_Exception - There already exists an approval request for this task
AlreadyRevokedException_Exception - The token was already revoked.
EjbcaException_Exception

revokeUser

void revokeUser(java.lang.String username,
                int reason,
                boolean deleteUser)
                throws AlreadyRevokedException_Exception,
                       ApprovalException_Exception,
                       AuthorizationDeniedException_Exception,
                       CADoesntExistsException_Exception,
                       EjbcaException_Exception,
                       NotFoundException_Exception,
                       WaitingForApprovalException_Exception
Revokes all of a user's certificates. It is also possible to delete a user after all certificates have been revoked. Authorization requirements:
 - Administrator flag set
 - /administrator
 - /ra_functionality/revoke_end_entity
 - /endentityprofilesrules/<end entity profile>/revoke_end_entity
 - /ca/

Parameters:
username - unique username i EJBCA
reason - for revocation, one of RevokeStatus.REVOKATION_REASON_ constants or use RevokeStatus.NOT_REVOKED to un-revoke a certificate on hold.
deleteUser - deletes the users after all the certificates have been revoked.
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
AuthorizationDeniedException_Exception - if client isn't authorized.
NotFoundException_Exception - if user doesn't exist
WaitingForApprovalException_Exception - if request has bean added to list of tasks to be approved
ApprovalException_Exception - if there already exists an approval request for this task
AlreadyRevokedException_Exception - if the user already was revoked
EjbcaException_Exception

softTokenRequest

KeyStore softTokenRequest(UserDataVOWS userData,
                          java.lang.String hardTokenSN,
                          java.lang.String keyspec,
                          java.lang.String keyalg)
                          throws ApprovalException_Exception,
                                 AuthorizationDeniedException_Exception,
                                 CADoesntExistsException_Exception,
                                 EjbcaException_Exception,
                                 NotFoundException_Exception,
                                 UserDoesntFullfillEndEntityProfile_Exception,
                                 WaitingForApprovalException_Exception
Generates a soft token certificate for a user. If the user is not already present in the database, the user is added.
Status is automatically set to STATUS_NEW.
The user's token type must be set to UserDataVOWS.TOKEN_TYPE_ (JKS or P12). A token password must also be defined.

Authorization requirements:

 - Administrator flag set
 - /administrator
 - /ra_functionality/create_end_entity and/or edit_end_entity
 - /endentityprofilesrules/<end entity profile of user>/create_end_entity and/or edit_end_entity
 - /ca_functionality/create_certificate
 - /ca/<ca of user>

Parameters:
userData - the user
hardTokenSN - If the certificate should be connected with a hardtoken, it is possible to map it by give the hardTokenSN here, this will simplify revocation of a token certificates. Use null if no hardtokenSN should be associated with the certificate.
keyspec - that the generated key should have, examples are 1024 for RSA or prime192v1 for ECDSA.
keyalg - that the generated key should have, RSA, ECDSA. Use one of the constants in AlgorithmConstants.KEYALGORITHM_...
Returns:
the generated token data
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
AuthorizationDeniedException_Exception - if client isn't authorized to request
NotFoundException_Exception - if user cannot be found
UserDoesntFullfillEndEntityProfile_Exception
ApprovalException_Exception
WaitingForApprovalException_Exception
EjbcaException_Exception
IllegalQueryException
See Also:
editUser(UserDataVOWS)

spkacRequest

CertificateResponse spkacRequest(java.lang.String username,
                                 java.lang.String password,
                                 java.lang.String spkac,
                                 java.lang.String hardTokenSN,
                                 java.lang.String responseType)
                                 throws AuthorizationDeniedException_Exception,
                                        CADoesntExistsException_Exception,
                                        EjbcaException_Exception,
                                        NotFoundException_Exception
Generates a certificate for a user. Works the same as pkcs10Request.

Parameters:
username - the unique username
password - the password sent with editUser call
spkac - the SPKAC (netscape) request message (only the public key is used.)
responseType - indicating which type of answer that should be returned, on of the CertificateHelper.RESPONSETYPE_ parameters.
Throws:
CADoesntExistsException_Exception - if a referenced CA does not exist
AuthorizationDeniedException_Exception
NotFoundException_Exception
EjbcaException_Exception
See Also:
pkcs10Request(String, String, String, String, String)
Overview  Package   Class  Tree  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
2011 PrimeKey Solutions AB.