2 * ============LICENSE_START=======================================================
3 * Copyright (C) 2020 Nordix Foundation.
4 * ================================================================================
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 * SPDX-License-Identifier: Apache-2.0
18 * ============LICENSE_END=========================================================
21 package org.onap.aaf.certservice.cmpv2client.api;
23 import java.security.cert.X509Certificate;
24 import java.util.Date;
25 import java.util.List;
27 import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
28 import org.onap.aaf.certservice.certification.model.CsrModel;
29 import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
32 * This class represent CmpV2Client Interface for obtaining X.509 Digital Certificates in a Public
33 * Key Infrastructure (PKI), making use of Certificate Management Protocol (CMPv2) operating on
34 * newest version: cmp2000(2).
36 public interface CmpClient {
39 * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped
40 * in a CSRMeta with common details, accepts self-signed certificate. Basic Authentication using
41 * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
42 * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
44 * @param csrModel Certificate Signing Request model. Must not be {@code null}.
45 * @param server CMPv2 Server. Must not be {@code null}.
46 * @param notBefore An optional validity to set in the created certificate, Certificate not valid
48 * @param notAfter An optional validity to set in the created certificate, Certificate not valid
50 * @return {@link X509Certificate} The newly created Certificate.
51 * @throws CmpClientException if client error occurs.
53 List<List<X509Certificate>> createCertificate(
58 throws CmpClientException;
61 * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped
62 * in a CSRMeta with common details, accepts self-signed certificate. Basic Authentication using
63 * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
64 * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
66 * @param csrModel Certificate Signing Request Model. Must not be {@code null}.
67 * @param server CMPv2 server. Must not be {@code null}.
68 * @return {@link X509Certificate} The newly created Certificate.
69 * @throws CmpClientException if client error occurs.
71 List<List<X509Certificate>> createCertificate(
74 throws CmpClientException;