IHTMFAdminWS (Hard Token Management API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.hardtokenmgmt.ws
Interface IHTMFAdminWS

All Known Implementing Classes:: HTMFAdminWS

public interface IHTMFAdminWS

Web Service interface used for administration of HTMF and EJBCA. See separate call for details.

Version:: $Id$
Author:: Philip Vendil 31 mar 2009

Field Summary
`static int`	`CUSTOMLOG_LEVEL_ERROR`
`static int`	`CUSTOMLOG_LEVEL_INFO`

Method Summary
`CAInfoVO`	`activateCA(int cAId, java.lang.String authCode)` Method used to activate a CA if the caller is authorized Required Admin rules: /administrator /ca/ /ca_functions/basic_functionality/activate_cas
`org.ejbca.core.protocol.ws.objects.RevokeStatus`	`checkRevokationStatus(java.lang.String issuerDN, java.lang.String certificateSN)` Method returning the revokestatus for given user Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ca/
`void`	`customLog(int level, java.lang.String type, java.lang.String cAName, java.lang.String username, org.ejbca.core.protocol.ws.objects.Certificate certificate, java.lang.String msg)` Generates a Custom Log event in the database.
`CAInfoVO`	`deactivateCA(int cAId)` Method used to deactivate a CA if the caller is authorized Required Admin rules: /administrator /ca/ /ca_functions/basic_functionality/activate_cas
`boolean`	`deleteUserDataFromSource(java.util.List<java.lang.String> userDataSourceNames, java.lang.String searchString, boolean removeMultipleMatch)` Special method used to remove existing used data from a user data source.
`void`	`editAdmin(AdminDataVO adminData)` Adds/edits the data of a given administrator.
`void`	`editUser(org.ejbca.core.protocol.ws.objects.UserDataVOWS userdata)` Method that should be used to edit/add a user to the EJBCA database, if the user doesn't already exists it will be added otherwise it will be overwritten.
`boolean`	`existsAdministrator(AdminDataVO adminData)` Checks if an administrator already exists.
`boolean`	`existsHardToken(java.lang.String hardTokenSN)` Looks up if a serial number already have been generated Authorization requirements: A valid certificate
`java.util.List<org.ejbca.core.protocol.ws.objects.UserDataSourceVOWS>`	`fetchUserData(java.util.List<java.lang.String> userDataSourceNames, java.lang.String searchString)` Method used to fetch userdata from an existing UserDataSource.
`java.util.List<org.ejbca.core.protocol.ws.objects.Certificate>`	`findCerts(java.lang.String username, boolean onlyValid)` Retreives a collection of certificates generated for a user.
`java.util.List<org.ejbca.core.protocol.ws.objects.UserDataVOWS>`	`findUser(org.ejbca.core.protocol.ws.objects.UserMatch usermatch)` Retreives information about a user in the database.
`java.util.List<org.ejbca.core.protocol.ws.objects.TokenCertificateResponseWS>`	`genTokenCertificates(org.ejbca.core.protocol.ws.objects.UserDataVOWS userData, java.util.List<org.ejbca.core.protocol.ws.objects.TokenCertificateRequestWS> tokenRequests, org.ejbca.core.protocol.ws.objects.HardTokenDataWS hardTokenData, boolean overwriteExistingSN, boolean revocePreviousCards)` Method used to add information about a generated hardtoken Authorization requirements: If the caller is an administrator - Administrator flag set - /administrator - /ra_functionality/create_end_entity and/or edit_end_entity - /endentityprofilesrules//create_end_entity and/or edit_end_entity - /ra_functionality/revoke_end_entity (if overwrite flag is set) - /endentityprofilesrules//revoke_end_entity (if overwrite flag is set) - /ca_functionality/create_certificate - /ca/ - /hardtoken_functionality/issue_hardtokens If the user isn't an administrator will it be added to the queue for approval.
`java.util.List<AdminDataVO>`	`getAdministrators(java.lang.String orgId)` Returns a list of administrators belonging to the given organization Required Admin rules: /administrator /system_functionality/edit_administrator_privileges Only authorized to the admin groups is returned.
`java.util.List<AdminGroupVO>`	`getAvailableAdminGroups(java.lang.String orgId)` Method used to fetch all administrator groups authorized to the administrator and belonging to the given organization Id Required Admin rules: /administrator
`org.ejbca.core.protocol.ws.objects.HardTokenDataWS`	`getHardTokenData(java.lang.String hardTokenSN, boolean viewPUKData, boolean onlyValidCertificates)` Method fetching information about a hard token given it's hard token serial number.
`java.util.List<org.ejbca.core.protocol.ws.objects.HardTokenDataWS>`	`getHardTokenDatas(java.lang.String username, boolean onlyValidCertificates)` Method fetching all hard token informations for a given user.
`HostInfoVO`	`getHostStatuses()` Method used to fetch the current status of the host.
`java.lang.String`	`getLastCRL(int caId)` Method used to fetch the latest CRL in DER format.
`java.util.List<OrganizationVO>`	`getOrganisations()` Method used to fetch a list of the name of available organization for the current administrator.
`int`	`isApproved(int approvalId)` Looks up if a requested action have been approved by an authorized administrator or not Authorization requirements: A valid certificate
`boolean`	`isAuthorized(java.lang.String resource)` Method checking if a user is authorixed to a given resource Authorization requirements: a valid client certificate
`org.ejbca.core.protocol.ws.objects.CertificateResponse`	`pkcs10Request(java.lang.String username, java.lang.String password, java.lang.String pkcs10, java.lang.String hardTokenSN, java.lang.String responseType)` Method to use to generate a certificate for a user.
`org.ejbca.core.protocol.ws.objects.KeyStore`	`pkcs12Req(java.lang.String username, java.lang.String password, java.lang.String hardTokenSN, java.lang.String keyspec, java.lang.String keyalg)` Method to use to generate a server generated keystore.
`void`	`removeAdministrator(AdminDataVO adminData)` Removes the administrator privileges from a user.
`void`	`republishCertificate(java.lang.String serialNumberInHex, java.lang.String issuerDN)` Method performing a republication of a selected certificate Authorization requirements: - Administrator flag set - /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules//view_end_entity - /ca/
`void`	`revokeCert(java.lang.String issuerDN, java.lang.String certificateSN, int reason)` Method used to revoke a certificate
`void`	`revokeToken(java.lang.String hardTokenSN, int reason)` Method used to revoke all certificates mapped to one hardtoken.
`void`	`revokeUser(java.lang.String username, int reason, boolean deleteUser)` Method used to revoke all a users certificates.

Field Detail

CUSTOMLOG_LEVEL_INFO

static final int CUSTOMLOG_LEVEL_INFO

See Also:: Constant Field Values

CUSTOMLOG_LEVEL_ERROR

static final int CUSTOMLOG_LEVEL_ERROR

See Also:: Constant Field Values

Method Detail

getOrganisations

java.util.List<OrganizationVO> getOrganisations()
                                                throws org.ejbca.core.EjbcaException,
                                                       org.ejbca.core.model.authorization.AuthorizationDeniedException

Method used to fetch a list of the name of available organization for the current administrator. Required Admin rules: /administrator

Returns:: a list of the name of available organization for the current administrator.
Throws:: org.ejbca.core.EjbcaException - if internal error occurred.; org.ejbca.core.model.authorization.AuthorizationDeniedException - if the caller isn't an administrator.

getHostStatuses

HostInfoVO getHostStatuses()
                           throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                  org.ejbca.core.EjbcaException

Method used to fetch the current status of the host. Information fetched is: disk usage mem usage processor usage (if supported by OS) CA status DB status SysCheck Status (if used) Required Admin rules: /administrator

Returns:: current hostInfo status
Throws:: org.ejbca.core.model.authorization.AuthorizationDeniedException; org.ejbca.core.EjbcaException

activateCA

CAInfoVO activateCA(int cAId,
                    java.lang.String authCode)
                    throws org.ejbca.core.EjbcaException,
                           org.ejbca.core.model.authorization.AuthorizationDeniedException,
                           org.ejbca.core.model.approval.WaitingForApprovalException,
                           org.ejbca.core.model.approval.ApprovalException

Method used to activate a CA if the caller is authorized Required Admin rules: /administrator /ca/ /ca_functions/basic_functionality/activate_cas

Parameters:: cAId - the id of CA to activate; authCode - authentication code to use
Returns:: a CAInfoVO containing information about the current status if this CA
Throws:: org.ejbca.core.EjbcaException - if internal error occurred.; org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrator haven't got privileges for activation of this CA.; org.ejbca.core.model.approval.WaitingForApprovalException; org.ejbca.core.model.approval.ApprovalException

deactivateCA

CAInfoVO deactivateCA(int cAId)
                      throws org.ejbca.core.EjbcaException,
                             org.ejbca.core.model.authorization.AuthorizationDeniedException,
                             org.ejbca.core.model.approval.WaitingForApprovalException,
                             org.ejbca.core.model.approval.ApprovalException

Method used to deactivate a CA if the caller is authorized Required Admin rules: /administrator /ca/ /ca_functions/basic_functionality/activate_cas

Parameters:: cAId - the id of CA to deactivate
Returns:: a CAInfoVO containing information about the current status if this CA
Throws:: org.ejbca.core.EjbcaException - if internal error occurred.; org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrator haven't got privileges for deactivation of this CA.; org.ejbca.core.model.approval.WaitingForApprovalException; org.ejbca.core.model.approval.ApprovalException

getAvailableAdminGroups

java.util.List<AdminGroupVO> getAvailableAdminGroups(java.lang.String orgId)
                                                     throws org.ejbca.core.EjbcaException,
                                                            org.ejbca.core.model.authorization.AuthorizationDeniedException

Method used to fetch all administrator groups authorized to the administrator and belonging to the given organization Id Required Admin rules: /administrator

Parameters:: orgId - the id of the organization
Returns:: a list of AdminGroupVO of authorized administration groups belonging to the organization.
Throws:: org.ejbca.core.EjbcaException - if internal error occurred.; org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrator haven't got privileges for deactivation of this CA.

editAdmin

void editAdmin(AdminDataVO adminData)
               throws org.ejbca.core.EjbcaException,
                      org.ejbca.core.model.authorization.AuthorizationDeniedException,
                      AdminDataException

Adds/edits the data of a given administrator. Required Admin rules: /administrator /system_functionality/edit_administrator_privileges Edit end entity rights Then authorized to the admin groups that is specified.

Parameters:: adminData - information about the administrator and the administration groups he should belong to.
Throws:: org.ejbca.core.EjbcaException - if internal error occurred.; org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrator wasn't authorized to perform the given operation.; AdminDataException - if the adminData parameter contained erroneous data.

getAdministrators

java.util.List<AdminDataVO> getAdministrators(java.lang.String orgId)
                                              throws org.ejbca.core.EjbcaException,
                                                     org.ejbca.core.model.authorization.AuthorizationDeniedException

Returns a list of administrators belonging to the given organization Required Admin rules: /administrator /system_functionality/edit_administrator_privileges Only authorized to the admin groups is returned.

Parameters:: orgId - the unique id of the organization
Returns:: all administrators belonging to the organization.
Throws:: org.ejbca.core.EjbcaException - if internal error occurred.; org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrator wasn't authorized to perform the given operation.

removeAdministrator

void removeAdministrator(AdminDataVO adminData)
                         throws org.ejbca.core.EjbcaException,
                                org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                AdminDataException

Removes the administrator privileges from a user. (does not remove the end entity) Required Admin rules: /administrator /system_functionality/edit_administrator_privileges Edit end entity rights Then authorized to the admin groups that is specified.

Parameters:: adminData - information about the administrator.
Throws:: org.ejbca.core.EjbcaException - if internal error occurred.; org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrator wasn't authorized to perform the given operation.; AdminDataException - if the adminData parameter contained erroneous data.

existsAdministrator

boolean existsAdministrator(AdminDataVO adminData)
                            throws org.ejbca.core.EjbcaException,
                                   org.ejbca.core.model.authorization.AuthorizationDeniedException

Checks if an administrator already exists.

Parameters:: adminData - information about the administrator.
Returns:: true if the given administrator already exists
Throws:: org.ejbca.core.EjbcaException - if internal error occurred.; org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrator wasn't authorized to perform the given operation.

editUser

void editUser(org.ejbca.core.protocol.ws.objects.UserDataVOWS userdata)
              throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                     org.ejbca.core.model.ra.raadmin.UserDoesntFullfillEndEntityProfile,
                     org.ejbca.core.EjbcaException,
                     org.ejbca.core.model.approval.ApprovalException,
                     org.ejbca.core.model.approval.WaitingForApprovalException

Method that should be used to edit/add a user to the EJBCA database, if the user doesn't already exists it will be added otherwise it will be overwritten. The difference between this call and EJBCAWS is that the administration flag is not set to false automatically. Observe: if the user doesn't already exists, it's status will always be set to 'New' if status doesn't exist. Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ra_functionality/create_end_entity and/or edit_end_entity - /endentityprofilesrules//create_end_entity and/or edit_end_entity - /ca/

Parameters:: userdata - contains all the information about the user about to be added.
Throws:: org.ejbca.core.model.authorization.AuthorizationDeniedException; org.ejbca.core.model.ra.raadmin.UserDoesntFullfillEndEntityProfile; org.ejbca.core.EjbcaException; org.ejbca.core.model.approval.ApprovalException; org.ejbca.core.model.approval.WaitingForApprovalException

findUser

java.util.List<org.ejbca.core.protocol.ws.objects.UserDataVOWS> findUser(org.ejbca.core.protocol.ws.objects.UserMatch usermatch)
                                                                         throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                                                                org.ejbca.util.query.IllegalQueryException,
                                                                                org.ejbca.core.EjbcaException

Retreives information about a user in the database. Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules//view_end_entity - /ca/

Parameters:: usermatch - the specification about which users to find.
Returns:: a array of UserDataVOWS objects (Max 100) containing the information about the user or null if user doesn't exists.
Throws:: org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized to request; org.ejbca.util.query.IllegalQueryException - if query isn't valid; org.ejbca.core.EjbcaException

findCerts

java.util.List<org.ejbca.core.protocol.ws.objects.Certificate> findCerts(java.lang.String username,
                                                                         boolean onlyValid)
                                                                         throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                                                                org.ejbca.core.model.ra.NotFoundException,
                                                                                org.ejbca.core.EjbcaException

Retreives a collection of certificates generated for a user. Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules//view_end_entity - /ca/

Parameters:: username - a unique username; onlyValid - only return valid certs not revoked or expired ones.
Returns:: a collection of X509Certificates or null if no certificates could be found
Throws:: org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized to request; org.ejbca.core.model.ra.NotFoundException - if user cannot be found; org.ejbca.core.EjbcaException

getLastCRL

java.lang.String getLastCRL(int caId)
                            throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                   org.ejbca.core.EjbcaException

Method used to fetch the latest CRL in DER format. Authorization requirements: the client certificate must have the following priviledges set - /ca/

Parameters:: caId - the caId of the CRL
Returns:: the CRL in Base64 format, null if caId doesn't exist.
Throws:: org.ejbca.core.model.authorization.AuthorizationDeniedException; org.ejbca.core.EjbcaException

revokeCert

void revokeCert(java.lang.String issuerDN,
                java.lang.String certificateSN,
                int reason)
                throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                       org.ejbca.core.model.ra.NotFoundException,
                       org.ejbca.core.EjbcaException,
                       org.ejbca.core.model.approval.ApprovalException,
                       org.ejbca.core.model.approval.WaitingForApprovalException,
                       org.ejbca.core.model.ra.AlreadyRevokedException

Method used to revoke a certificate. * Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ra_functionality/revoke_end_entity - /endentityprofilesrules//revoke_end_entity - /ca/

Parameters:: issuerDN - of the certificate to revoke; certificateSN - of the certificate to revoke; reason - for revokation, one of RevokedCertInfo.REVOKATION_REASON_ constants, or use RevokedCertInfo.NOT_REVOKED to unrevoke a certificate on hold.
Throws:: org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized.; org.ejbca.core.model.ra.NotFoundException - if certificate doesn't exist; org.ejbca.core.model.approval.WaitingForApprovalException - If request has bean added to list of tasks to be approved; org.ejbca.core.model.approval.ApprovalException - There already exists an approval request for this task; org.ejbca.core.model.ra.AlreadyRevokedException - The certificate was already revoked; org.ejbca.core.EjbcaException

revokeUser

void revokeUser(java.lang.String username,
                int reason,
                boolean deleteUser)
                throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                       org.ejbca.core.model.ra.NotFoundException,
                       org.ejbca.core.EjbcaException,
                       org.ejbca.core.model.approval.ApprovalException,
                       org.ejbca.core.model.approval.WaitingForApprovalException,
                       org.ejbca.core.model.ra.AlreadyRevokedException

Method used to revoke all a users certificates. It is also possible to delete a user after all certificates have been revoked. Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ra_functionality/revoke_end_entity - /endentityprofilesrules//revoke_end_entity - /ca/

Parameters:: username - unique username i EJBCA; reason - for revokation, one of RevokedCertInfo.REVOKATION_REASON_ constants or use RevokedCertInfo.NOT_REVOKED to unrevoke a certificate on hold.; deleteUser - deletes the users after all the certificates have been revoked.
Throws:: org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized.; org.ejbca.core.model.ra.NotFoundException - if user doesn't exist; org.ejbca.core.model.approval.WaitingForApprovalException - if request has bean added to list of tasks to be approved; org.ejbca.core.model.approval.ApprovalException - if there already exists an approval request for this task; org.ejbca.core.model.ra.AlreadyRevokedException - if the user already was revoked; org.ejbca.core.EjbcaException

revokeToken

void revokeToken(java.lang.String hardTokenSN,
                 int reason)
                 throws java.rmi.RemoteException,
                        org.ejbca.core.model.authorization.AuthorizationDeniedException,
                        org.ejbca.core.model.ra.NotFoundException,
                        org.ejbca.core.EjbcaException,
                        org.ejbca.core.model.approval.ApprovalException,
                        org.ejbca.core.model.approval.WaitingForApprovalException,
                        org.ejbca.core.model.ra.AlreadyRevokedException

Method used to revoke all certificates mapped to one hardtoken. Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ra_functionality/revoke_end_entity - /endentityprofilesrules//revoke_end_entity - /ca/

Parameters:: hardTokenSN - of the hardTokenSN; reason - for revokation, one of RevokedCertInfo.REVOKATION_REASON_ constants
Throws:: org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized.; org.ejbca.core.model.ra.NotFoundException - if token doesn't exist; org.ejbca.core.model.approval.WaitingForApprovalException - If request has bean added to list of tasks to be approved; org.ejbca.core.model.approval.ApprovalException - There already exists an approval request for this task; org.ejbca.core.model.ra.AlreadyRevokedException - The token was already revoked.; java.rmi.RemoteException; org.ejbca.core.EjbcaException

genTokenCertificates

java.util.List<org.ejbca.core.protocol.ws.objects.TokenCertificateResponseWS> genTokenCertificates(org.ejbca.core.protocol.ws.objects.UserDataVOWS userData,
                                                                                                   java.util.List<org.ejbca.core.protocol.ws.objects.TokenCertificateRequestWS> tokenRequests,
                                                                                                   org.ejbca.core.protocol.ws.objects.HardTokenDataWS hardTokenData,
                                                                                                   boolean overwriteExistingSN,
                                                                                                   boolean revocePreviousCards)
                                                                                                   throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                                                                                          org.ejbca.core.model.approval.WaitingForApprovalException,
                                                                                                          org.ejbca.core.model.hardtoken.HardTokenExistsException,
                                                                                                          org.ejbca.core.model.ra.raadmin.UserDoesntFullfillEndEntityProfile,
                                                                                                          org.ejbca.core.model.approval.ApprovalException,
                                                                                                          org.ejbca.core.EjbcaException,
                                                                                                          org.ejbca.core.model.approval.ApprovalRequestExpiredException,
                                                                                                          org.ejbca.core.model.approval.ApprovalRequestExecutionException

Method used to add information about a generated hardtoken Authorization requirements: If the caller is an administrator - Administrator flag set - /administrator - /ra_functionality/create_end_entity and/or edit_end_entity - /endentityprofilesrules//create_end_entity and/or edit_end_entity - /ra_functionality/revoke_end_entity (if overwrite flag is set) - /endentityprofilesrules//revoke_end_entity (if overwrite flag is set) - /ca_functionality/create_certificate - /ca/ - /hardtoken_functionality/issue_hardtokens If the user isn't an administrator will it be added to the queue for approval.

Parameters:: userData - of the user that should be generated; tokenRequests - a list of certificate requests; hardTokenData - data containing PIN/PUK info; overwriteExistingSN - if the the current hard token should be overwritten instead of throwing HardTokenExists exception. If a card is overwritten, all previous certificates on the card is revoked.; revocePreviousCards - tells the service to revoke old cards issued to this user. If the present card have the label TEMPORARY_CARD old cards is set to CERTIFICATE_ONHOLD otherwise UNSPECIFIED.
Returns:: a List of the generated certificates.
Throws:: org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrator isn't authorized.; org.ejbca.core.model.approval.WaitingForApprovalException - if the caller is a non-admin a must be approved before it is executed.; org.ejbca.core.model.hardtoken.HardTokenExistsException - if the given hard token sn already exists.; org.ejbca.core.model.approval.ApprovalRequestExpiredException - if the request for approval have expired.; org.ejbca.core.model.approval.ApprovalException - if error happened with the approval mechanisms; org.ejbca.core.model.approval.WaitingForApprovalException - if the request haven't been processed yet.; org.ejbca.core.model.approval.ApprovalRequestExecutionException - if the approval request was rejected; org.ejbca.core.model.ra.raadmin.UserDoesntFullfillEndEntityProfile; org.ejbca.core.EjbcaException

getHardTokenData

org.ejbca.core.protocol.ws.objects.HardTokenDataWS getHardTokenData(java.lang.String hardTokenSN,
                                                                    boolean viewPUKData,
                                                                    boolean onlyValidCertificates)
                                                                    throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                                                           org.ejbca.core.model.hardtoken.HardTokenDoesntExistsException,
                                                                           org.ejbca.core.EjbcaException,
                                                                           org.ejbca.core.model.approval.ApprovalException,
                                                                           org.ejbca.core.model.approval.ApprovalRequestExpiredException,
                                                                           org.ejbca.core.model.approval.WaitingForApprovalException,
                                                                           org.ejbca.core.model.approval.ApprovalRequestExecutionException

Method fetching information about a hard token given it's hard token serial number. If the caller is an administrator - Administrator flag set - /administrator - /ra_functionality/view_hardtoken - /endentityprofilesrules//view_hardtoken - /endentityprofilesrules//view_hardtoken/puk_data (if viewPUKData = true) - /ca/ If the user isn't an administrator will it be added to the queue for approval.

Parameters:: hardTokenSN - of the token to look for.; viewPUKData - if PUK data of the hard token should be returned.; onlyValidCertificates - of all revoked and expired certificates should be filtered.
Returns:: the HardTokenData
Throws:: org.ejbca.core.model.hardtoken.HardTokenDoesntExistsException - if the hardtokensn don't exist in database.; org.ejbca.core.EjbcaException - if an exception occured on server side.; org.ejbca.core.model.approval.ApprovalRequestExpiredException - if the request for approval have expired.; org.ejbca.core.model.approval.ApprovalException - if error happended with the approval mechanisms; org.ejbca.core.model.approval.WaitingForApprovalException - if the request haven't been processed yet.; org.ejbca.core.model.approval.ApprovalRequestExecutionException - if the approval request was rejected; org.ejbca.core.model.authorization.AuthorizationDeniedException

getHardTokenDatas

java.util.List<org.ejbca.core.protocol.ws.objects.HardTokenDataWS> getHardTokenDatas(java.lang.String username,
                                                                                     boolean onlyValidCertificates)
                                                                                     throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                                                                            org.ejbca.core.EjbcaException

Method fetching all hard token informations for a given user. If the caller is an administrator - Administrator flag set - /administrator - /ra_functionality/view_hardtoken - /endentityprofilesrules//view_hardtoken - /endentityprofilesrules//view_hardtoken/puk_data (if viewPUKData = true)

Parameters:: username - to look for.; onlyValidCertificates - of all revoked and expired certificates should be filtered.
Returns:: a list of the HardTokenData generated for the user never null.
Throws:: org.ejbca.core.EjbcaException - if an exception occured on server side.; org.ejbca.core.model.authorization.AuthorizationDeniedException

republishCertificate

void republishCertificate(java.lang.String serialNumberInHex,
                          java.lang.String issuerDN)
                          throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                 org.ejbca.core.model.ca.publisher.PublisherException,
                                 org.ejbca.core.EjbcaException

Method performing a republication of a selected certificate Authorization requirements: - Administrator flag set - /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules//view_end_entity - /ca/

Parameters:: serialNumberInHex - of the certificate to republish; issuerDN - of the certificate to republish
Throws:: org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administratior isn't authorized to republish; org.ejbca.core.model.ca.publisher.PublisherException - if something went wrong during publication; org.ejbca.core.EjbcaException - if other error occured on the server side.

isApproved

int isApproved(int approvalId)
               throws org.ejbca.core.model.approval.ApprovalException,
                      org.ejbca.core.EjbcaException,
                      org.ejbca.core.model.approval.ApprovalRequestExpiredException

Looks up if a requested action have been approved by an authorized administrator or not Authorization requirements: A valid certificate

Parameters:: approvalId - unique id for the action
Returns:: the number of approvals left, 0 if approved othervis is the ApprovalDataVO.STATUS constants returned indicating the statys.
Throws:: org.ejbca.core.model.approval.ApprovalException - if approvalId doesn't exists; org.ejbca.core.model.approval.ApprovalRequestExpiredException - Throws this exception one time if one of the approvals have expired, once notified it wount throw it anymore.; org.ejbca.core.EjbcaException - if error occured server side

customLog

void customLog(int level,
               java.lang.String type,
               java.lang.String cAName,
               java.lang.String username,
               org.ejbca.core.protocol.ws.objects.Certificate certificate,
               java.lang.String msg)
               throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                      org.ejbca.core.EjbcaException

Generates a Custom Log event in the database. Authorization requirements: - Administrator flag set - /administrator - /log_functionality/log_custom_events

Parameters:: level - of the event, one of IEjbcaWS.CUSTOMLOG_LEVEL_ constants; type - userdefined string used as a prefix in the log comment; cAName - of the ca related to the event, use null if no specific CA is related. Then will the ca of the administrator be used.; username - of the related user, use null if no related user exists.; certificate - that relates to the log event, use null if no certificate is related; msg - message data used in the log comment. The log comment will have a syntax of ' : Throws:; org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrators isn't authorized to log.; org.ejbca.core.EjbcaException - if error occured server side

deleteUserDataFromSource

boolean deleteUserDataFromSource(java.util.List<java.lang.String> userDataSourceNames,
                                 java.lang.String searchString,
                                 boolean removeMultipleMatch)
                                 throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                        org.ejbca.core.model.ra.userdatasource.MultipleMatchException,
                                        org.ejbca.core.model.ra.userdatasource.UserDataSourceException,
                                        org.ejbca.core.EjbcaException

Special method used to remove existing used data from a user data source. Important removal functionality of a user data source is optional to implement so it isn't certain that this method works with the given user data source. Authorization requirements - Administrator flag set - /administrator - /userdatasourcesrules//remove_userdata (for all the given user data sources) - /ca/

Parameters:: userDataSourceNames - the names of the userdata source to remove from; searchString - the search string to search for; removeMultipleMatch - if multiple matches of a search string should be removed othervise is none removed.
Returns:: true if the user was remove successfully from at least one of the user data sources.
Throws:: org.ejbca.core.model.authorization.AuthorizationDeniedException - if the user isn't authorized to remove userdata from any of the specified user data sources; org.ejbca.core.model.ra.userdatasource.MultipleMatchException - if the searchstring resulted in a multiple match and the removeMultipleMatch was set to false.; org.ejbca.core.model.ra.userdatasource.UserDataSourceException - if an error occured during the communication with the user data source.; org.ejbca.core.EjbcaException - if error occured server side

existsHardToken

boolean existsHardToken(java.lang.String hardTokenSN)
                        throws org.ejbca.core.EjbcaException

Looks up if a serial number already have been generated Authorization requirements: A valid certificate

Parameters:: hardTokenSN - the serial number of the token to look for.
Returns:: true if hard token exists
Throws:: org.ejbca.core.EjbcaException - if error occured server side

pkcs10Request

org.ejbca.core.protocol.ws.objects.CertificateResponse pkcs10Request(java.lang.String username,
                                                                     java.lang.String password,
                                                                     java.lang.String pkcs10,
                                                                     java.lang.String hardTokenSN,
                                                                     java.lang.String responseType)
                                                                     throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                                                            org.ejbca.core.model.ra.NotFoundException,
                                                                            org.ejbca.core.EjbcaException

Method to use to generate a certificate for a user. The method must be preceded by a editUser call, either to set the userstatus to 'new' or to add nonexisting users. Observe, the user must first have added/set the status to new with edituser command Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules//view_end_entity - /ca_functionality/create_certificate - /ca/

Parameters:: username - the unique username; password - the password sent with editUser call; pkcs10 - the PKCS10 (only the public key is used.); hardTokenSN - If the certificate should be connected with a hardtoken, it is possible to map it by give the hardTokenSN here, this will simplyfy revokation of a tokens certificates. Use null if no hardtokenSN should be assiciated with the certificate.; responseType - indicating which type of answer that should be returned, on of the CertificateHelper.RESPONSETYPE_ parameters.
Returns:: the generated certificate, in either just X509Certificate or PKCS7
Throws:: org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized to request; org.ejbca.core.model.ra.NotFoundException - if user cannot be found; org.ejbca.core.EjbcaException

fetchUserData

java.util.List<org.ejbca.core.protocol.ws.objects.UserDataSourceVOWS> fetchUserData(java.util.List<java.lang.String> userDataSourceNames,
                                                                                    java.lang.String searchString)
                                                                                    throws org.ejbca.core.model.ra.userdatasource.UserDataSourceException,
                                                                                           org.ejbca.core.EjbcaException,
                                                                                           org.ejbca.core.model.authorization.AuthorizationDeniedException

Method used to fetch userdata from an existing UserDataSource. Authorization requirements: - Administrator flag set - /administrator - /userdatasourcesrules//fetch_userdata (for all the given user data sources) - /ca/ If not turned of in jaxws.properties then only a valid certificate required

Parameters:: userDataSourceNames - a List of User Data Source Names; searchString - to identify the userdata.
Returns:: a List of UserDataSourceVOWS of the data in the specified UserDataSources, if no user data is found will an empty list be returned.
Throws:: org.ejbca.core.model.ra.userdatasource.UserDataSourceException - if an error occured connecting to one of UserDataSources.; org.ejbca.core.EjbcaException; org.ejbca.core.model.authorization.AuthorizationDeniedException

checkRevokationStatus

org.ejbca.core.protocol.ws.objects.RevokeStatus checkRevokationStatus(java.lang.String issuerDN,
                                                                      java.lang.String certificateSN)
                                                                      throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                                                             org.ejbca.core.EjbcaException

Method returning the revokestatus for given user Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ca/

Parameters:: issuerDN -; certificateSN - a hexadecimal string
Returns:: the revokestatus of null i certificate doesn't exists.
Throws:: org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized.; org.ejbca.core.EjbcaException

isAuthorized

boolean isAuthorized(java.lang.String resource)
                     throws org.ejbca.core.EjbcaException

Method checking if a user is authorixed to a given resource Authorization requirements: a valid client certificate

Parameters:: resource - the access rule to test
Returns:: true if the user is authorized to the resource othervise false.
Throws:: org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized.; org.ejbca.core.EjbcaException

pkcs12Req

org.ejbca.core.protocol.ws.objects.KeyStore pkcs12Req(java.lang.String username,
                                                      java.lang.String password,
                                                      java.lang.String hardTokenSN,
                                                      java.lang.String keyspec,
                                                      java.lang.String keyalg)
                                                      throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                                             org.ejbca.core.model.ra.NotFoundException,
                                                             org.ejbca.core.EjbcaException

Method to use to generate a server generated keystore. The method must be preceded by a editUser call, either to set the userstatus to 'new' or to add nonexisting users and the users token should be set to SecConst.TOKEN_SOFT_P12. Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules//view_end_entity - /ca_functionality/create_certificate - /ca/

Parameters:: username - the unique username; password - the password sent with editUser call; hardTokenSN - If the certificate should be connected with a hardtoken, it is possible to map it by give the hardTokenSN here, this will simplyfy revokation of a tokens certificates. Use null if no hardtokenSN should be assiciated with the certificate.; keyspec - that the generated key should have, examples are 1024 for RSA or prime192v1 for ECDSA.; keyalg - that the generated key should have, RSA, ECDSA. Use one of the constants in CATokenConstants.org.ejbca.core.model.ca.catoken.KEYALGORITHM_XX.
Returns:: the generated keystore
Throws:: org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized to request; org.ejbca.core.model.ra.NotFoundException - if user cannot be found; org.ejbca.core.EjbcaException