2 * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
16 package org.onap.aaf.auth.cm.cmpv2client.api;
18 import java.security.cert.Certificate;
19 import java.util.Date;
20 import org.onap.aaf.auth.cm.cert.CSRMeta;
21 import org.onap.aaf.auth.cm.cmpv2client.impl.CAOfflineException;
22 import org.onap.aaf.auth.cm.cmpv2client.impl.CmpClientException;
25 * This class represent CmpV2Client Interface for obtaining X.509 Digital Certificates in a Public Key Infrastructure
26 * (PKI), making use of Certificate Management Protocol (CMPv2) operating on newest version: cmp2000(2).
28 public interface CmpClient {
31 * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped in a CSRMeta with
32 * common details, accepts self-signed certificate. Basic Authentication using IAK/RV, Verification of the signature
33 * (proof-of-possession) on the request is performed and an Exception thrown if verification fails or issue
34 * encountered in fetching certificate from CA.
36 * @param caName Information about the External Root Certificate Authority (CA) performing the event CA Name.
37 * Could be {@code null}.
38 * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code null}.
39 * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}.
40 * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
41 * @param notBefore An optional validity to set in the created certificate, Certificate not valid before this date.
42 * @param notAfter An optional validity to set in the created certificate, Certificate not valid after this date.
43 * @return The newly created Certificate.
45 * @throws CAOfflineException if External CA that is offline
46 * @throws CmpClientException if client error occurs.
48 Certificate createCertRequest(String caName, String profile, CSRMeta csrMeta, Certificate csr,
49 Date notBefore, Date notAfter)
50 throws CAOfflineException, CmpClientException;
53 * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped in a CSRMeta with
54 * common details, accepts self-signed certificate. Basic Authentication using IAK/RV, Verification of the signature
55 * (proof-of-possession) on the request is performed and an Exception thrown if verification fails or issue
56 * encountered in fetching certificate from CA.
58 * @param caName Information about the External Root Certificate Authority (CA) performing the event CA Name. Could
60 * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}.
61 * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
62 * @return The newly created Certificate.
64 * @throws CAOfflineException if External CA that is offline
65 * @throws CmpClientException if client error occurs.
67 Certificate createCertRequest(String caName, String profile, CSRMeta csrMeta, Certificate csr)
68 throws CAOfflineException, CmpClientException;
71 * Requests to Revoke a Certificate. If the certificate is deemed to be no longer trustable prior to its expiration
72 * date, it can be revoked by the issuing Certificate Authority (CA). Methods of revocation to be used, Certificate
73 * Revocation List (CRL) Or Online Certificate Status Protocol (OCSP) responses.
75 * @param caName CA name. Could be {@code null}.
76 * @param cert Target certificate. Must not be {@code null}.
77 * @param reason Revocation reason.
78 * @param invalidityTime Invalidity time. Could be {@code null}.
79 * @return return Certificate.
81 * @throws CmpClientException if client error occurs.
83 Certificate revokeCertRequest(String caName, Certificate cert, int reason, Date invalidityTime)
84 throws CAOfflineException, CmpClientException;