2 * ============LICENSE_START=======================================================
3 * Copyright (C) 2020 Nordix Foundation.
4 * Copyright (C) 2021 Nokia.
5 * ================================================================================
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
18 * SPDX-License-Identifier: Apache-2.0
19 * ============LICENSE_END=========================================================
22 package org.onap.oom.certservice.cmpv2client.api;
24 import java.util.Date;
26 import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server;
27 import org.onap.oom.certservice.certification.model.CertificateUpdateModel;
28 import org.onap.oom.certservice.certification.model.CsrModel;
29 import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
30 import org.onap.oom.certservice.cmpv2client.model.Cmpv2CertificationModel;
33 * This class represent CmpV2Client Interface for obtaining X.509 Digital Certificates in a Public
34 * Key Infrastructure (PKI), making use of Certificate Management Protocol (CMPv2) operating on
35 * newest version: cmp2000(2).
37 public interface CmpClient {
40 * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped
41 * in a CSRMeta with common details, accepts self-signed certificate. Basic Authentication using
42 * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
43 * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
45 * @param csrModel Certificate Signing Request model. Must not be {@code null}.
46 * @param server CMPv2 Server. Must not be {@code null}.
47 * @param notBefore An optional validity to set in the created certificate, Certificate not valid
49 * @param notAfter An optional validity to set in the created certificate, Certificate not valid
51 * @return model for certification containing certificate chain and trusted certificates
52 * @throws CmpClientException if client error occurs.
54 Cmpv2CertificationModel createCertificate(
59 throws CmpClientException;
62 * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped
63 * in a CSRMeta with common details, accepts self-signed certificate. Basic Authentication using
64 * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
65 * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
67 * @param csrModel Certificate Signing Request Model. Must not be {@code null}.
68 * @param server CMPv2 server. Must not be {@code null}.
69 * @return model for certification containing certificate chain and trusted certificates
70 * @throws CmpClientException if client error occurs.
72 Cmpv2CertificationModel createCertificate(
75 throws CmpClientException;
78 * Requests for a External Root CA Certificate to be updated for the passed keyPair wrapped
79 * in a CSRMeta with common details. Authentication using End Entity Certificate. Old certificate and old privateKey
80 * are wrapped in CertificateUpdateModel.class
81 * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
83 * @param csrModel Certificate Signing Request Model. Must not be {@code null}.
84 * @param cmpv2Server CMPv2 server. Must not be {@code null}.
85 * @param certificateUpdateModel Model with key update parameters {@code null}.
86 * @return model for certification containing certificate chain and trusted certificates
87 * @throws CmpClientException if client error occurs.
89 Cmpv2CertificationModel updateCertificate(CsrModel csrModel, Cmpv2Server cmpv2Server,
90 CertificateUpdateModel certificateUpdateModel) throws CmpClientException;
93 * Requests for an additional External Root CA Certificate to be created for the passed keyPair wrapped
94 * in a CSRMeta with common details. Basic Authentication using IAK/RV, Verification of the signature
95 * (proof-of-possession) on the request is performed and an Exception thrown if verification fails
96 * or issue encountered in fetching certificate from CA.
98 * @param csrModel Certificate Signing Request Model. Must not be {@code null}.
99 * @param cmpv2Server CMPv2 server. Must not be {@code null}.
100 * @return model for certification containing certificate chain and trusted certificates
101 * @throws CmpClientException if client error occurs.
103 Cmpv2CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException;