2 * ============LICENSE_START=======================================================
3 * Copyright (C) 2020 Nordix Foundation.
4 * ================================================================================
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 * SPDX-License-Identifier: Apache-2.0
18 * ============LICENSE_END=========================================================
21 package org.onap.aaf.certservice.cmpv2client.api;
23 import java.security.cert.X509Certificate;
24 import java.util.Date;
25 import java.util.List;
27 import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
28 import org.onap.aaf.certservice.certification.model.CsrModel;
29 import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
32 * This class represent CmpV2Client Interface for obtaining X.509 Digital Certificates in a Public
33 * Key Infrastructure (PKI), making use of Certificate Management Protocol (CMPv2) operating on
34 * newest version: cmp2000(2).
36 public interface CmpClient {
39 * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped
40 * in a CSRMeta with common details, accepts self-signed certificate. Basic Authentication using
41 * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
42 * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
44 * @param caName Information about the External Root Certificate Authority (CA) performing the
45 * event CA Name. Could be {@code null}.
46 * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code
48 * @param csrModel Certificate Signing Request model. Must not be {@code null}.
49 * @param server CMPv2 Server. Must not be {@code null}.
50 * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
51 * @param notBefore An optional validity to set in the created certificate, Certificate not valid
53 * @param notAfter An optional validity to set in the created certificate, Certificate not valid
55 * @return {@link X509Certificate} The newly created Certificate.
56 * @throws CmpClientException if client error occurs.
58 List<List<X509Certificate>> createCertificate(
66 throws CmpClientException;
69 * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped
70 * in a CSRMeta with common details, accepts self-signed certificate. Basic Authentication using
71 * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
72 * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
74 * @param caName Information about the External Root Certificate Authority (CA) performing the
75 * event CA Name. Could be {@code null}.
76 * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code
78 * @param csrModel Certificate Signing Request Model. Must not be {@code null}.
79 * @param server CMPv2 server. Must not be {@code null}.
80 * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
81 * @return {@link X509Certificate} The newly created Certificate.
82 * @throws CmpClientException if client error occurs.
84 List<List<X509Certificate>> createCertificate(
90 throws CmpClientException;