public interface EjbcaWS
| Modifier and Type | Method and Description |
|---|---|
void |
addSubjectToRole(java.lang.String roleName,
java.lang.String caName,
java.lang.String matchWith,
java.lang.String matchType,
java.lang.String matchValue)
Adds an administrator to the specified role
|
void |
caCertResponse(java.lang.String caname,
byte[] cert,
java.util.List<byte[]> cachain,
java.lang.String keystorepwd)
Receives a certificate as a response to a CSR from the CA.
|
void |
caCertResponseForRollover(java.lang.String caname,
byte[] cert,
java.util.List<byte[]> cachain,
java.lang.String keystorepwd)
Receives a certificate as a response to a CSR from the CA, but does not activate the certificate yet.
|
byte[] |
caRenewCertRequest(java.lang.String caname,
java.util.List<byte[]> cachain,
boolean regenerateKeys,
boolean usenextkey,
boolean activatekey,
java.lang.String keystorepwd)
Generates a certificate request (CSP) from a CA.
|
CertificateResponse |
certificateRequest(UserDataVOWS userData,
java.lang.String requestData,
int requestType,
java.lang.String hardTokenSN,
java.lang.String responseType)
Generates a certificate for a user.
|
RevokeStatus |
checkRevokationStatus(java.lang.String issuerDN,
java.lang.String certificateSN)
Returns revocation status for given user.
|
void |
createCA(java.lang.String caname,
java.lang.String cadn,
java.lang.String catype,
long validityInDays,
java.lang.String certprofile,
java.lang.String signAlg,
int signedByCAId,
java.lang.String cryptoTokenName,
java.util.List<KeyValuePair> purposeKeyMapping,
java.util.List<KeyValuePair> caProperties)
Creates a new CA using the specified cryptotoken
|
void |
createCRL(java.lang.String caname)
Generates a CRL for the given CA.
|
void |
createCryptoToken(java.lang.String tokenName,
java.lang.String tokenType,
java.lang.String activationPin,
boolean autoActivate,
java.util.List<KeyValuePair> cryptotokenProperties)
Creates a new cryptotoken
|
CertificateResponse |
crmfRequest(java.lang.String username,
java.lang.String password,
java.lang.String crmf,
java.lang.String hardTokenSN,
java.lang.String responseType)
Generates a certificate for a user.
|
void |
customLog(int level,
java.lang.String type,
java.lang.String caName,
java.lang.String username,
Certificate certificate,
java.lang.String msg)
Generates a Custom Log event in the database.
|
java.util.List<Certificate> |
cvcRequest(java.lang.String username,
java.lang.String password,
java.lang.String cvcreq)
Generates a CV certificate for a user.
|
boolean |
deleteUserDataFromSource(java.util.List<java.lang.String> userDataSourceNames,
java.lang.String searchString,
boolean removeMultipleMatch)
Removes user data from a user data source.
|
void |
editUser(UserDataVOWS userdata)
Edits/adds a user to the EJBCA database.
|
boolean |
existsHardToken(java.lang.String hardTokenSN)
Looks up if a serial number already have been generated.
|
java.util.List<UserDataSourceVOWS> |
fetchUserData(java.util.List<java.lang.String> userDataSourceNames,
java.lang.String searchString)
Fetches userdata from an existing UserDataSource.
|
java.util.List<Certificate> |
findCerts(java.lang.String username,
boolean onlyValid)
Retrieves a collection of certificates generated for a user.
|
java.util.List<UserDataVOWS> |
findUser(UserMatch usermatch)
Retrieves information about users in the database.
|
void |
generateCryptoTokenKeys(java.lang.String cryptoTokenName,
java.lang.String keyPairAlias,
java.lang.String keySpecification)
Generates a key pair in the specified cryptotoken
|
java.util.List<TokenCertificateResponseWS> |
genTokenCertificates(UserDataVOWS userData,
java.util.List<TokenCertificateRequestWS> tokenRequests,
HardTokenDataWS hardTokenData,
boolean overwriteExistingSN,
boolean revokePreviousCards)
Adds certificates and/or data to a hardtoken.
|
java.util.List<NameAndId> |
getAuthorizedEndEntityProfiles()
Fetches the end-entity profiles that the administrator is authorized to use.
|
java.util.List<NameAndId> |
getAvailableCAs()
Fetch a list of the ids and names of available CAs.
|
java.util.List<NameAndId> |
getAvailableCAsInProfile(int entityProfileId)
Fetches the ids and names of available CAs in an end entity profile.
|
java.util.List<NameAndId> |
getAvailableCertificateProfiles(int entityProfileId)
Fetches available certificate profiles in an end entity profile.
|
Certificate |
getCertificate(java.lang.String certSNinHex,
java.lang.String issuerDN)
Fetches issued certificate.
|
java.util.List<Certificate> |
getCertificatesByExpirationTime(long days,
int maxNumberOfResults)
Retrieves the certificates whose expiration date is before the specified number of days.
|
java.util.List<Certificate> |
getCertificatesByExpirationTimeAndIssuer(long days,
java.lang.String issuerDN,
int maxNumberOfResults)
List certificates that will expire within the given number of days and issued by the given issuer
|
java.util.List<Certificate> |
getCertificatesByExpirationTimeAndType(long days,
int certificateType,
int maxNumberOfResults)
List certificates that will expire within the given number of days and of the given type
|
java.lang.String |
getEjbcaVersion()
Returns the version of the EJBCA server.
|
HardTokenDataWS |
getHardTokenData(java.lang.String hardTokenSN,
boolean viewPUKData,
boolean onlyValidCertificates)
Fetches information about a hard token.
|
java.util.List<HardTokenDataWS> |
getHardTokenDatas(java.lang.String username,
boolean viewPUKData,
boolean onlyValidCertificates)
Fetches all hard tokens for a given user.
|
java.util.List<Certificate> |
getLastCAChain(java.lang.String caname)
Retrieves the current certificate chain for a CA.
|
java.util.List<Certificate> |
getLastCertChain(java.lang.String username)
Retrieves the last certificate to expire for a given user.
|
byte[] |
getLatestCRL(java.lang.String caname,
boolean deltaCRL)
Retrieves the latest CRL issued by the given CA.
|
byte[] |
getProfile(int profileId,
java.lang.String profileType)
Fetches the profile specified by profileId and profileType in XML format.
|
int |
getPublisherQueueLength(java.lang.String name)
Returns the length of a publisher queue.
|
int |
getRemainingNumberOfApprovals(int requestId) |
void |
importCaCert(java.lang.String caname,
byte[] certbytes)
Imports a root or sub CA certificate of an external X.509 CA or CVC CA.
|
int |
isApproved(int approvalId)
Looks up if a requested action has been approved.
|
boolean |
isAuthorized(java.lang.String resource)
Checks if a user is authorized to a given resource.
|
void |
keyRecover(java.lang.String username,
java.lang.String certSNinHex,
java.lang.String issuerDN)
Marks a user's certificate for key recovery.
|
KeyStore |
keyRecoverEnroll(java.lang.String username,
java.lang.String certSNinHex,
java.lang.String issuerDN,
java.lang.String password,
java.lang.String hardTokenSN)
Key recovers specified certificate and generates a new keystore in one
atomic operation.
|
void |
keyRecoverNewest(java.lang.String username)
Marks the user's latest certificate for key recovery.
|
CertificateResponse |
pkcs10Request(java.lang.String username,
java.lang.String password,
java.lang.String pkcs10,
java.lang.String hardTokenSN,
java.lang.String responseType)
Generates a certificate for a user.
|
KeyStore |
pkcs12Req(java.lang.String username,
java.lang.String password,
java.lang.String hardTokenSN,
java.lang.String keyspec,
java.lang.String keyalg)
Creates a server-generated keystore.
|
void |
removeSubjectFromRole(java.lang.String roleName,
java.lang.String caName,
java.lang.String matchWith,
java.lang.String matchType,
java.lang.String matchValue)
Removes an administrator from the specified role
|
void |
republishCertificate(java.lang.String serialNumberInHex,
java.lang.String issuerDN)
Republishes a selected certificate.
|
void |
revokeCert(java.lang.String issuerDN,
java.lang.String certificateSN,
int reason)
Same as
revokeCertBackdated(String, String, int, String) but revocation date is current time. |
void |
revokeCertBackdated(java.lang.String issuerDN,
java.lang.String certificateSN,
int reason,
java.lang.String sDate)
Revokes a user certificate.
|
void |
revokeToken(java.lang.String hardTokenSN,
int reason)
Revokes all certificates mapped to a hardtoken.
|
void |
revokeUser(java.lang.String username,
int reason,
boolean deleteUser)
Revokes all of a user's certificates.
|
void |
rolloverCACert(java.lang.String caname)
Performs a certificate rollover for a CA with a rollover certificate previously added with caCertResponseForRollover.
|
KeyStore |
softTokenRequest(UserDataVOWS userData,
java.lang.String hardTokenSN,
java.lang.String keyspec,
java.lang.String keyalg)
Generates a soft token certificate for a user.
|
CertificateResponse |
spkacRequest(java.lang.String username,
java.lang.String password,
java.lang.String spkac,
java.lang.String hardTokenSN,
java.lang.String responseType)
Generates a certificate for a user.
|
void |
updateCaCert(java.lang.String caname,
byte[] certbytes)
Updates a root or sub CA certificate of an external X.509 CA or CVC CA.
|
void addSubjectToRole(java.lang.String roleName,
java.lang.String caName,
java.lang.String matchWith,
java.lang.String matchType,
java.lang.String matchValue)
throws AuthorizationDeniedException_Exception,
EjbcaException_Exception
roleName - The role to add the admin tocaName - Name of the CA that issued the new administrator's certificatematchWith - Could be any of: NONE, WITH_COUNTRY, WITH_DOMAINCOMPONENT, WITH_STATEORPROVINCE, WITH_LOCALITY, WITH_ORGANIZATION,
WITH_ORGANIZATIONALUNIT, WITH_TITLE, WITH_COMMONNAME, WITH_UID, WITH_DNSERIALNUMBER, WITH_SERIALNUMBER,
WITH_DNEMAILADDRESS, WITH_RFC822NAME, WITH_UPN, WITH_FULLDNmatchType - Could be one of: TYPE_EQUALCASE, TYPE_EQUALCASEINS, TYPE_NOT_EQUALCASE, TYPE_NOT_EQUALCASEINS, TYPE_NONEmatchValue - That value to match againstEjbcaException_ExceptionAuthorizationDeniedException_Exceptionvoid caCertResponse(java.lang.String caname,
byte[] cert,
java.util.List<byte[]> cachain,
java.lang.String keystorepwd)
throws ApprovalException_Exception,
AuthorizationDeniedException_Exception,
CesecoreException_Exception,
EjbcaException_Exception,
WaitingForApprovalException_Exception
- /administrator - /ca_functionality/renew_ca - /ca/<ca to import certificate>This method auto-senses if there is a new CA key that needs to be activated, it does this by comparing the public key in cert with public keys in the CAs token
caname - The name in EJBCA for the CA that will create the CSRcert - the CA certificate to import. Certificate format is the binary certificate bytes.cachain - the certificate chain for the CA this request is targeted for, the signing CA is in pos 0, it's CA (if it exists) in pos 1 etc. Certificate format is the binary certificate bytes.keystorepwd - If there is a new CA key that must be activates the keystore password is needed. Set to null if the request was generated using the existing CA keys.CADoesntExistsException - if caname does not existAuthorizationDeniedException_Exception - if administrator is not authorized to import certificate.ApprovalException_Exception - if the operation requires approval from another CA administrator, in this case an approval request is created for another administrator to approveWaitingForApprovalException_Exception - if there is already a request waiting for approvalEjbcaException_Exception - other errors in which case an org.ejbca.core.ErrorCade is set in the EjbcaExceptionCesecoreException_Exceptionvoid caCertResponseForRollover(java.lang.String caname,
byte[] cert,
java.util.List<byte[]> cachain,
java.lang.String keystorepwd)
throws ApprovalException_Exception,
AuthorizationDeniedException_Exception,
CesecoreException_Exception,
EjbcaException_Exception,
WaitingForApprovalException_Exception
caname - The name in EJBCA for the CA that will create the CSRcert - the CA certificate to import. Certificate format is the binary certificate bytes.cachain - the certificate chain for the CA this request is targeted for, the signing CA is in pos 0, it's CA (if it exists) in pos 1 etc. Certificate format is the binary certificate bytes.keystorepwd - If there is a new CA key that must be activates the keystore password is needed. Set to null if the request was generated using the existing CA keys.CADoesntExistsExceptionAuthorizationDeniedException_ExceptionEjbcaException_ExceptionApprovalException_ExceptionWaitingForApprovalException_ExceptionCesecoreException_Exceptionbyte[] caRenewCertRequest(java.lang.String caname,
java.util.List<byte[]> cachain,
boolean regenerateKeys,
boolean usenextkey,
boolean activatekey,
java.lang.String keystorepwd)
throws ApprovalException_Exception,
AuthorizationDeniedException_Exception,
CADoesntExistsException_Exception,
EjbcaException_Exception,
WaitingForApprovalException_Exception
- /administrator - /ca_functionality/renew_ca - /ca/<ca to renew>
caname - The name in EJBCA for the CA that will create the CSRcachain - the certificate chain for the CA this request is targeted for, the signing CA is in pos 0, it's CA (if it exists) in pos 1 etc. Certificate format is the binary certificate bytes.
For DV renewals the cachain may be an empty list if there is a matching imported CVCA.
Matching means having the same mnemonic,country and sequence as well as being external.regenerateKeys - if renewing a CA this is used to also generate a new KeyPair, if this is true and activatekey is false, the new key will not be activated immediately, but added as "next" signingkey.usenextkey - if regenerateKey is true this should be false. Otherwise it makes a request using an already existing "next" signing key, perhaps from a previous call with regenerateKeys true.activatekey - if regenerateKey is true or usenextkey is true, setting this flag to true makes the new or "next" key be activated when the request is created.keystorepwd - password used when regenerating keys or activating keys, can be null if regenerateKeys and activatekey is false.CADoesntExistsException_Exception - if caname does not existAuthorizationDeniedException_Exception - if administrator is not authorized to create request, renew keys etc.ApprovalException_Exception - if a non-expired approval for this action already exists, i.e. the same action has already been requested.WaitingForApprovalException_Exception - if the operation requires approval from another CA administrator, in this case an approval request is created for another administrator to approveEjbcaException_Exception - other errors in which case an org.ejbca.core.ErrorCade is set in the EjbcaExceptionCertificateResponse certificateRequest(UserDataVOWS userData, java.lang.String requestData, int requestType, java.lang.String hardTokenSN, java.lang.String responseType) throws ApprovalException_Exception, AuthorizationDeniedException_Exception, EjbcaException_Exception, NotFoundException_Exception, UserDoesntFullfillEndEntityProfile_Exception, WaitingForApprovalException_Exception
Authorization requirements:
- /administrator - /ra_functionality/create_end_entity and/or edit_end_entity - /endentityprofilesrules/<end entity profile of user>/create_end_entity and/or edit_end_entity - /ca_functionality/create_certificate - /ca/<ca of user>When the requestType is PUBLICKEY the requestData should be an SubjectPublicKeyInfo structure either base64 encoded or in PEM format.
If the CA does not exist on the local system, then the request will be forwarded to upstream peer systems (if any).
userData - the userrequestData - the PKCS10/CRMF/SPKAC/PUBLICKEY request in base64requestType - PKCS10, CRMF, SPKAC or PUBLICKEY request as specified by
CertificateHelper.CERT_REQ_TYPE_ parameters.hardTokenSN - If the certificate should be connected with a hardtoken, it is
possible to map it by give the hardTokenSN here, this will simplify revocation of a token
certificates. Use null if no hardtokenSN should be associated with the certificate.responseType - indicating which type of answer that should be returned, on of the
CertificateHelper.RESPONSETYPE_ parameters.CADoesntExistsException - if a referenced CA does not existAuthorizationDeniedException_Exception - if client isn't authorized to requestNotFoundException_Exception - if user cannot be foundUserDoesntFullfillEndEntityProfile_ExceptionApprovalException_ExceptionWaitingForApprovalException_ExceptionEjbcaException_ExceptioneditUser(UserDataVOWS)RevokeStatus checkRevokationStatus(java.lang.String issuerDN, java.lang.String certificateSN) throws AuthorizationDeniedException_Exception, CADoesntExistsException_Exception, EjbcaException_Exception
- /administrator - /ca/<ca of certificate>
issuerDN - certificateSN - a hexa decimal stringCADoesntExistsException_Exception - if a referenced CA does not existAuthorizationDeniedException_Exception - if client isn't authorized.EjbcaException_ExceptionRevokeStatusvoid createCA(java.lang.String caname,
java.lang.String cadn,
java.lang.String catype,
long validityInDays,
java.lang.String certprofile,
java.lang.String signAlg,
int signedByCAId,
java.lang.String cryptoTokenName,
java.util.List<KeyValuePair> purposeKeyMapping,
java.util.List<KeyValuePair> caProperties)
throws AuthorizationDeniedException_Exception,
EjbcaException_Exception
caname - The CA namecadn - The CA subjectDNcatype - The CA type. It could be either 'x509' or 'cvc'validityInDays - Validity of the CA in days.certprofile - Makes the CA use the certificate profile 'certprofile' instead of the default ROOTCA or SUBCA.signAlg - Signing Algorithm may be one of the following: SHA1WithRSA, SHA256WithRSA, SHA384WithRSA, SHA512WithRSA
SHA256WithRSAAndMGF1, SHA1withECDSA, SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, SHA1WithDSA,
GOST3411withECGOST3410, GOST3411withDSTU4145signedByCAId - The ID of a CA that will sign this CA. Use '1' for self signed CA (i.e. a root CA).
CAs created using the WS cannot be signed by external CAs.cryptoTokenName - The name of the cryptotoken associated with the CApurposeKeyMapping - The mapping the the cryptotoken keys and their purpose. See CAConstantsWScaProperties - Optional CA properties. See CAConstantsWSEjbcaException_ExceptionAuthorizationDeniedException_ExceptionCAConstantsWSvoid createCRL(java.lang.String caname)
throws ApprovalException_Exception,
ApprovalRequestExpiredException_Exception,
CADoesntExistsException_Exception,
CAOfflineException_Exception,
CryptoTokenOfflineException_Exception,
EjbcaException_Exception
- /ca/<caid>
caname - the name in EJBCA of the CA that should have a new CRL generatedCADoesntExistsException_Exception - if a referenced CA does not existApprovalException_ExceptionEjbcaException_Exception - if an error occured, for example authorization deniedApprovalRequestExpiredException_ExceptionCAOfflineException_ExceptionCryptoTokenOfflineException_Exceptionvoid createCryptoToken(java.lang.String tokenName,
java.lang.String tokenType,
java.lang.String activationPin,
boolean autoActivate,
java.util.List<KeyValuePair> cryptotokenProperties)
throws AuthorizationDeniedException_Exception,
EjbcaException_Exception
tokenName - The name of the cryptotokentokenType - The type of the cryptotoken. Available types: SoftCryptoToken, PKCS11CryptoTokenactivationPin - Pin code for the cryptotokenautoActivate - Set to true|false to allow|disallow whether cryptotoken should be autoactivated or notcryptotokenProperties - as a List of KeyValuePair objects. See CryptoTokenConstantsWSEjbcaException_ExceptionAuthorizationDeniedException_ExceptionCryptoTokenConstantsWSCertificateResponse crmfRequest(java.lang.String username, java.lang.String password, java.lang.String crmf, java.lang.String hardTokenSN, java.lang.String responseType) throws AuthorizationDeniedException_Exception, CADoesntExistsException_Exception, CesecoreException_Exception, EjbcaException_Exception, NotFoundException_Exception
username - the unique usernamepassword - the password sent with editUser callcrmf - the CRMF request message (only the public key is used.)responseType - indicating which type of answer that should be returned, on of the
CertificateHelper.RESPONSETYPE_ parameters.CADoesntExistsException_Exception - if a referenced CA does not existAuthorizationDeniedException_ExceptionNotFoundException_ExceptionEjbcaException_ExceptionCesecoreException_Exceptionpkcs10Request(String, String, String, String, String)void customLog(int level,
java.lang.String type,
java.lang.String caName,
java.lang.String username,
Certificate certificate,
java.lang.String msg)
throws AuthorizationDeniedException_Exception,
CADoesntExistsException_Exception,
EjbcaException_Exception
- /administrator - /secureaudit/log_custom_events (must be configured in advanced mode when editing access rules)
level - of the event, one of IEjbcaWS.CUSTOMLOG_LEVEL_ constantstype - userdefined string used as a prefix in the log commentcaName - of the ca related to the event, use null if no specific CA is related.
Then will the ca of the administrator be used.username - of the related user, use null if no related user exists.certificate - that relates to the log event, use null if no certificate is relatedmsg - message data used in the log comment. The log comment will have
a syntax of 'type : msg'CADoesntExistsException_Exception - if a referenced CA does not existAuthorizationDeniedException_Exception - if the administrators isn't authorized to log.EjbcaException_Exception - if error occured server sidejava.util.List<Certificate> cvcRequest(java.lang.String username, java.lang.String password, java.lang.String cvcreq) throws ApprovalException_Exception, AuthorizationDeniedException_Exception, CADoesntExistsException_Exception, CertificateExpiredException_Exception, CesecoreException_Exception, EjbcaException_Exception, NotFoundException_Exception, SignRequestException_Exception, UserDoesntFullfillEndEntityProfile_Exception, WaitingForApprovalException_Exception
CertificateHelper.RESPONSETYPE_CERTIFICATE.username - the user name of the user requesting the certificate.password - the password for initial enrollment, not used for renewal requests that can be authenticated using signatures with keys with valid certificates.cvcreq - Base64 encoded CVC request message.CADoesntExistsException_Exception - if a referenced CA does not existAuthorizationDeniedException_Exception - if administrator is not authorized to edit end entity or if an authenticated request can not be verifiedSignRequestException_Exception - if the provided request is invalid, for example not containing a username or passwordUserDoesntFullfillEndEntityProfile_ExceptionNotFoundException_ExceptionEjbcaException_Exception - for other errors, an error code like ErrorCode.SIGNATURE_ERROR (popo/inner signature verification failed) is set.ApprovalException_ExceptionWaitingForApprovalException_ExceptionCertificateExpiredException_ExceptionCesecoreException_ExceptioneditUser(UserDataVOWS),
pkcs10Request(String, String, String, String, String),
ErrorCodeboolean deleteUserDataFromSource(java.util.List<java.lang.String> userDataSourceNames,
java.lang.String searchString,
boolean removeMultipleMatch)
throws AuthorizationDeniedException_Exception,
EjbcaException_Exception,
MultipleMatchException_Exception,
UserDataSourceException_Exception
- /administrator - /userdatasourcesrules/<user data source>/remove_userdata (for all the given user data sources) - /ca/<all cas defined in all the user data sources>
userDataSourceNames - the names of the userdata source to remove fromsearchString - the search string to search forremoveMultipleMatch - if multiple matches of a search string should be removed othervise is none removed.AuthorizationDeniedException_Exception - if the user isn't authorized to remove userdata from any of the specified user data sourcesMultipleMatchException_Exception - if the searchstring resulted in a multiple match and the removeMultipleMatch was set to false.UserDataSourceException_Exception - if an error occured during the communication with the user data source.EjbcaException_Exception - if error occured server sidevoid editUser(UserDataVOWS userdata) throws ApprovalException_Exception, AuthorizationDeniedException_Exception, CADoesntExistsException_Exception, EjbcaException_Exception, UserDoesntFullfillEndEntityProfile_Exception, WaitingForApprovalException_Exception
- /administrator - /ra_functionality/create_end_entity and/or edit_end_entity - /endentityprofilesrules/<end entity profile of user>/create_end_entity and/or edit_end_entity - /ca/<ca of user>
userdata - contains all the information about the user about to be added.
clearPwd indicates it the password should be stored in clear text, required
when creating server generated keystores.CADoesntExistsException_Exception - if a referenced CA does not existApprovalException_ExceptionAuthorizationDeniedException_ExceptionUserDoesntFullfillEndEntityProfile_ExceptionWaitingForApprovalException_ExceptionEjbcaException_Exceptionboolean existsHardToken(java.lang.String hardTokenSN)
throws EjbcaException_Exception
hardTokenSN - the serial number of the token to look for.EjbcaException_Exception - if error occurred server sidejava.util.List<UserDataSourceVOWS> fetchUserData(java.util.List<java.lang.String> userDataSourceNames, java.lang.String searchString) throws AuthorizationDeniedException_Exception, EjbcaException_Exception, UserDataSourceException_Exception
- /administrator - /userdatasourcesrules/<user data source>/fetch_userdata (for all the given user data sources) - /ca/<all cas defined in all the user data sources>If not turned of in jaxws.properties then only a valid certificate required
userDataSourceNames - a List of User Data Source NamessearchString - to identify the userdata.UserDataSourceException_Exception - if an error occurred connecting to one of UserDataSourcesAuthorizationDeniedException_ExceptionEjbcaException_Exceptionjava.util.List<Certificate> findCerts(java.lang.String username, boolean onlyValid) throws AuthorizationDeniedException_Exception, EjbcaException_Exception
- /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules/<end entity profile>/view_end_entity - /ca/<ca of user>
username - a unique usernameonlyValid - only return valid certs not revoked or expired ones.AuthorizationDeniedException_Exception - if client isn't authorized to requestEjbcaException_Exceptionjava.util.List<UserDataVOWS> findUser(UserMatch usermatch) throws AuthorizationDeniedException_Exception, EjbcaException_Exception, EndEntityProfileNotFoundException_Exception, IllegalQueryException_Exception
- /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules/<end entity profile of matching users>/view_end_entity - /ca/<ca of usermatch> - when matching on CA
usermatch - the unique user pattern to search forUserDataVOWS objects (Max 100) containing the information about the user or null if there are no matches.AuthorizationDeniedException_Exception - if client isn't authorized to requestIllegalQueryException_Exception - if query isn't validEjbcaException_ExceptionEndEntityProfileNotFoundException_Exceptionvoid generateCryptoTokenKeys(java.lang.String cryptoTokenName,
java.lang.String keyPairAlias,
java.lang.String keySpecification)
throws AuthorizationDeniedException_Exception,
EjbcaException_Exception
cryptoTokenName - The name of the cryptotokenkeyPairAlias - Key pair aliaskeySpecification - Key specification, for example RSA2048, secp256r1, DSA1024, gost3410, dstu4145AuthorizationDeniedException_ExceptionEjbcaException_Exceptionjava.util.List<TokenCertificateResponseWS> genTokenCertificates(UserDataVOWS userData, java.util.List<TokenCertificateRequestWS> tokenRequests, HardTokenDataWS hardTokenData, boolean overwriteExistingSN, boolean revokePreviousCards) throws ApprovalException_Exception, ApprovalRequestExecutionException_Exception, ApprovalRequestExpiredException_Exception, AuthorizationDeniedException_Exception, CADoesntExistsException_Exception, EjbcaException_Exception, HardTokenExistsException_Exception, UserDoesntFullfillEndEntityProfile_Exception, WaitingForApprovalException_Exception
If the caller is an administrator - /administrator - /ra_functionality/create_end_entity and/or edit_end_entity - /endentityprofilesrules/<end entity profile>/create_end_entity and/or edit_end_entity - /ra_functionality/revoke_end_entity (if overwrite flag is set) - /endentityprofilesrules/<end entity profile>/revoke_end_entity (if overwrite flag is set) - /ca_functionality/create_certificate - /ca/<ca of all requested certificates> - /hardtoken_functionality/issue_hardtokensIf the user isn't an administrator the request will be added to a queue for approval.
userData - of the user that should be generatedtokenRequests - a list of certificate requestshardTokenData - data containing PIN/PUK infooverwriteExistingSN - if the the current hardtoken should be overwritten instead of throwing HardTokenExists exception.
If a card is overwritten, all previous certificates on the card is revoked.revokePreviousCards - tells the service to revoke old cards issued to this user. If the present card have the label TEMPORARY_CARD
old cards is set to CERTIFICATE_ONHOLD otherwise UNSPECIFIED.CADoesntExistsException_Exception - if a referenced CA does not existAuthorizationDeniedException_Exception - if the administrator isn't authorized.WaitingForApprovalException_Exception - if the caller is a non-admin a must be approved before it is executed.HardTokenExistsException_Exception - if the given hardtoken serial number already exists.ApprovalRequestExpiredException_Exception - if the request for approval have expired.ApprovalException_Exception - if error happened with the approval mechanismsWaitingForApprovalException - if the request haven't been processed yet.ApprovalRequestExecutionException_Exception - if the approval request was rejectedUserDoesntFullfillEndEntityProfile_ExceptionEjbcaException_Exceptionjava.util.List<NameAndId> getAuthorizedEndEntityProfiles() throws AuthorizationDeniedException_Exception, EjbcaException_Exception
- /administrator - /endentityprofilesrules/<end entity profile>Authored by Sebastien Levesque, Linagora. Javadoced by Tomas Gustavsson
EjbcaException_Exception - if an error occuredAuthorizationDeniedException_Exceptionjava.util.List<NameAndId> getAvailableCAs() throws AuthorizationDeniedException_Exception, EjbcaException_Exception
- /administratorIf not turned of in jaxws.properties then only a valid certificate required Authored by Sebastien Levesque, Linagora. Javadoced by Tomas Gustavsson
EjbcaException_Exception - if an error occuredAuthorizationDeniedException_Exceptionjava.util.List<NameAndId> getAvailableCAsInProfile(int entityProfileId) throws AuthorizationDeniedException_Exception, EjbcaException_Exception
- /administrator - /endentityprofilesrules/<end entity profile>If not turned of in jaxws.properties then only a valid certificate required Authorws by Sebastien Levesque, Linagora. Javadoced by Tomas Gustavsson
entityProfileId - id of an end entity profile where we want to find which CAs are availableEjbcaException_Exception - if an error occuredAuthorizationDeniedException_Exceptionjava.util.List<NameAndId> getAvailableCertificateProfiles(int entityProfileId) throws AuthorizationDeniedException_Exception, EjbcaException_Exception
- /administrator - /endentityprofilesrules/<end entity profile>Authored by Sebastien Levesque, Linagora. Javadoced by Tomas Gustavsson
entityProfileId - id of an end entity profile where we want to find which certificate profiles are availableEjbcaException_Exception - if an error occuredAuthorizationDeniedException_ExceptionCertificate getCertificate(java.lang.String certSNinHex, java.lang.String issuerDN) throws AuthorizationDeniedException_Exception, CADoesntExistsException_Exception, EjbcaException_Exception
- A valid certificate - /ca_functionality/view_certificate - /ca/<of the issing CA>
certSNinHex - the certificate serial number in hexadecimal representationissuerDN - the issuer of the certificateCADoesntExistsException_Exception - if a referenced CA does not existAuthorizationDeniedException_Exception - if the calling administrator isn't authorized to view the certificateEjbcaException_Exception - if error occured server sidejava.util.List<Certificate> getCertificatesByExpirationTime(long days, int maxNumberOfResults) throws EjbcaException_Exception
- /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules/<end entity profile>/view_end_entity - /ca/<ca of user>
days - the number of days before the certificates will expiremaxNumberOfResults - the maximum number of returned certificatesEjbcaException_Exception - if at least one of the certificates is unreadablejava.util.List<Certificate> getCertificatesByExpirationTimeAndIssuer(long days, java.lang.String issuerDN, int maxNumberOfResults) throws EjbcaException_Exception
days - Expire time in daysissuerDN - The issuerDN of the certificatesmaxNumberOfResults - the maximum number of returned certificatesEjbcaException_Exception - if at least one of the certificates is unreadablejava.util.List<Certificate> getCertificatesByExpirationTimeAndType(long days, int certificateType, int maxNumberOfResults) throws EjbcaException_Exception
days - Expire time in dayscertificateType - The type of the certificates. Use 0=Unknown 1=EndEntity 2=SUBCA 8=ROOTCA 16=HardTokenmaxNumberOfResults - the maximum number of returned certificatesEjbcaException_Exception - if at least one of the certificates is unreadablejava.lang.String getEjbcaVersion()
HardTokenDataWS getHardTokenData(java.lang.String hardTokenSN, boolean viewPUKData, boolean onlyValidCertificates) throws ApprovalRequestExecutionException_Exception, ApprovalRequestExpiredException_Exception, AuthorizationDeniedException_Exception, CADoesntExistsException_Exception, EjbcaException_Exception, HardTokenDoesntExistsException_Exception, NotFoundException_Exception, WaitingForApprovalException_Exception
- /administrator - /ra_functionality/view_hardtoken - /endentityprofilesrules/<end entity profile>/view_hardtoken - /endentityprofilesrules/<end entity profile>/view_hardtoken/puk_data (if viewPUKData = true) - /ca/<ca of user>If the user isn't an administrator the request will be added to a queue for approval.
hardTokenSN - of the token to look for.viewPUKData - if PUK data of the hard token should be returned.onlyValidCertificates - of all revoked and expired certificates should be filtered.CADoesntExistsException_Exception - if a referenced CA does not existHardTokenDoesntExistsException_Exception - if the hardtokensn don't exist in database.NotFoundException_Exception - if user for wich the hard token is registered does not existApprovalRequestExpiredException_Exception - if the request for approval have expired.ApprovalException - if error happened with the approval mechanismsWaitingForApprovalException_Exception - if the request haven't been processed yet.ApprovalRequestExecutionException_Exception - if the approval request was rejectedAuthorizationDeniedException_ExceptionEjbcaException_Exception - if an exception occurred on server side.java.util.List<HardTokenDataWS> getHardTokenDatas(java.lang.String username, boolean viewPUKData, boolean onlyValidCertificates) throws AuthorizationDeniedException_Exception, CADoesntExistsException_Exception, EjbcaException_Exception
- /administrator - /ra_functionality/view_hardtoken - /endentityprofilesrules/<end entity profile>/view_hardtoken - /endentityprofilesrules/<end entity profile>/view_hardtoken/puk_data (if viewPUKData = true)
username - to look for.viewPUKData - if PUK data of the hard token should be returned.onlyValidCertificates - of all revoked and expired certificates should be filtered.EjbcaException_Exception - if an exception occurred on server side.CADoesntExistsException_ExceptionAuthorizationDeniedException_Exceptionjava.util.List<Certificate> getLastCAChain(java.lang.String caname) throws AuthorizationDeniedException_Exception, CADoesntExistsException_Exception, EjbcaException_Exception
Authorization requirements: - /administrator - /ca/<ca in question>
caname - the unique name of the CA whose certificate chain should be returnedAuthorizationDeniedException_Exception - if the client does not fulfill the authorization requirements specified aboveCADoesntExistsException_Exception - if the CA with the CA name given as input does not existEjbcaException_Exception - on internal errors, such as badly encoded certificatejava.util.List<Certificate> getLastCertChain(java.lang.String username) throws AuthorizationDeniedException_Exception, EjbcaException_Exception
This method does not check whether the certificate to be returned has been revoked.
If the user is not found on the local system, then the query will be forwarded to upstream peer systems (if any).
Prior to EJBCA 6.8.0, the documentation incorrectly stated that this method could return null when it actually returns an empty list.
Authorization requirements: - /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules/<end entity profile>/view_end_entity - /ca/<ca of user>
username - the unique username of the user whose certificate should be returnedAuthorizationDeniedException_Exception - if the client does not fulfill the authorization requirements specified aboveEjbcaException_Exception - on internal errors, such as badly encoded certificatebyte[] getLatestCRL(java.lang.String caname,
boolean deltaCRL)
throws CADoesntExistsException_Exception,
EjbcaException_Exception
- /ca/<caid>
caname - the name in EJBCA of the CA that issued the desired CRLdeltaCRL - false to fetch a full CRL, true to fetch a deltaCRL (if issued)CADoesntExistsException_Exception - if a referenced CA does not existEjbcaException_Exception - if an error occured, for example authorization deniedbyte[] getProfile(int profileId,
java.lang.String profileType)
throws AuthorizationDeniedException_Exception,
EjbcaException_Exception,
UnknownProfileTypeException_Exception
- /administrator - /endentityprofilesrules/<end entity profile>For detailed documentation for how to parse an End Entity Profile XML, see the org.ejbca.core.model.ra.raadmin.EndEntity class.
profileId - ID of the profile we want to retrieve.profileType - The type of the profile we want to retrieve. 'eep' for End Entity Profiles and 'cp' for Certificate ProfilesEjbcaException_Exception - if an error occuredAuthorizationDeniedException_ExceptionUnknownProfileTypeException_Exceptionint getPublisherQueueLength(java.lang.String name)
throws EjbcaException_Exception
name - of the queueEjbcaException_Exceptionint getRemainingNumberOfApprovals(int requestId)
throws ApprovalException_Exception,
AuthorizationDeniedException_Exception,
ApprovalRequestExpiredException_Exception
requestId - the ID of an approval requestApprovalException_Exception - if a request of the given ID didn't existAuthorizationDeniedException_Exception - if the current requester wasn't authorized.ApprovalRequestExpiredException_Exception - if sought approval request has expiredvoid importCaCert(java.lang.String caname,
byte[] certbytes)
throws AuthorizationDeniedException_Exception,
CAExistsException_Exception,
EjbcaException_Exception
caname - the logical name of the CA in EJBCA.certbytes - a byte array containing the CA certificate, and optional it's CA certificate chain.AuthorizationDeniedException_ExceptionCAExistsException_Exception - if a CA with that logical name or CA certificate subject DN already exists.EjbcaException_Exception - if an other exception occurs.int isApproved(int approvalId)
throws ApprovalException_Exception,
ApprovalRequestExpiredException_Exception,
EjbcaException_Exception
approvalId - unique id for the actionApprovalException_Exception - if approvalId does not existApprovalRequestExpiredException_Exception - Throws this exception one time if one of the approvals have expired, once notified it won't throw it anymore.EjbcaException_Exception - if error occurred server sideboolean isAuthorized(java.lang.String resource)
throws EjbcaException_Exception
resource - the access rule to testEjbcaException_ExceptionRevokeStatusvoid keyRecover(java.lang.String username,
java.lang.String certSNinHex,
java.lang.String issuerDN)
throws ApprovalException_Exception,
AuthorizationDeniedException_Exception,
CADoesntExistsException_Exception,
EjbcaException_Exception,
NotFoundException_Exception,
WaitingForApprovalException_Exception
- /administrator - /endentityprofilesrules/<end entity profile>/keyrecovery - /endentityprofilesrules/<end entity profile>/view_end_entity - /ca/<ca of users certificate> - /ca_functionality/view_certificate - /ra_functionality/keyrecovery - /ra_functionality/view_end_entity
username - unique username in EJBCAcertSNinHex - unique certificate serialnumber in EJBCA, hex encodedissuerDN - DN of CA, in EJBCA, that issued the certificateCADoesntExistsException_Exception - if a referenced CA does not existAuthorizationDeniedException_Exception - if client isn't authorized.NotFoundException_Exception - if user doesn't existWaitingForApprovalException_Exception - if request has bean added to list of tasks to be approvedApprovalException_Exception - if there already exists an approval request for this taskEjbcaException_Exception - if there is a configuration or other errorKeyStore keyRecoverEnroll(java.lang.String username, java.lang.String certSNinHex, java.lang.String issuerDN, java.lang.String password, java.lang.String hardTokenSN) throws AuthorizationDeniedException_Exception, EjbcaException_Exception, CADoesntExistsException_Exception, WaitingForApprovalException_Exception
- /administrator - /endentityprofilesrules/<end entity profile>/keyrecovery - /endentityprofilesrules/<end entity profile>/view_end_entity - /ca/<ca of users certificate> - /ca_functionality/view_certificate - /ca_functionality/create_certificate - /ra_functionality/view_end_entity - /ra_functionality/keyrecovery
username - unique username (end entity) in EJBCAcertSNinHex - unique certificate serialnumber in EJBCA, hex encodedissuerDN - DN of CA, in EJBCA, that issued the certificatepassword - new passwordhardTokenSN - of the hardTokenAuthorizationDeniedException_Exception - if the requesting administrator is unauthorized to perform this operationCADoesntExistsException_Exception - referenced CA cannot be found in any EJBCA instanceWaitingForApprovalException_Exception - request has bean added to list of tasks to be approvedEjbcaException_Exception - other exceptionsvoid keyRecoverNewest(java.lang.String username)
throws ApprovalException_Exception,
AuthorizationDeniedException_Exception,
CADoesntExistsException_Exception,
EjbcaException_Exception,
NotFoundException_Exception,
WaitingForApprovalException_Exception
- /administrator - /ra_functionality/keyrecovery - /endentityprofilesrules/<end entity profile>/keyrecovery - /ca/
username - unique username in EJBCACADoesntExistsException_Exception - if a referenced CA does not existAuthorizationDeniedException_Exception - if client isn't authorized.NotFoundException_Exception - if user doesn't existWaitingForApprovalException_Exception - if request has bean added to list of tasks to be approvedApprovalException_Exception - if there already exists an approval request for this taskEjbcaException_Exception - if there is a configuration or other errorCertificateResponse pkcs10Request(java.lang.String username, java.lang.String password, java.lang.String pkcs10, java.lang.String hardTokenSN, java.lang.String responseType) throws AuthorizationDeniedException_Exception, CADoesntExistsException_Exception, CesecoreException_Exception, EjbcaException_Exception, NotFoundException_Exception
- /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules/<end entity profile>/view_end_entity - /ca_functionality/create_certificate - /ca/<ca of user>
username - the unique usernamepassword - the password sent with editUser callpkcs10 - the base64 encoded PKCS10 (only the public key is used.)hardTokenSN - If the certificate should be connected with a hardtoken, it is
possible to map it by give the hardTokenSN here, this will simplify revocation of a tokens
certificates. Use null if no hardtokenSN should be associated with the certificate.responseType - indicating which type of answer that should be returned, on of the
CertificateHelper.RESPONSETYPE_ parameters.CADoesntExistsException_Exception - if a referenced CA does not existAuthorizationDeniedException_Exception - if client isn't authorized to requestNotFoundException_Exception - if user cannot be foundEjbcaException_ExceptionCesecoreException_ExceptionKeyStore pkcs12Req(java.lang.String username, java.lang.String password, java.lang.String hardTokenSN, java.lang.String keyspec, java.lang.String keyalg) throws AuthorizationDeniedException_Exception, CADoesntExistsException_Exception, EjbcaException_Exception, NotFoundException_Exception
UserDataVOWS.TOKEN_TYPE_P12.- /administrator - /ca/<ca of user> - /ca_functionality/create_certificate - /endentityprofilesrules/<end entity profile>/view_end_entity - /ra_functionality/view_end_entityAdditional authorization requirements for (non key recovery) clearing of password:
- /endentityprofilesrules/<end entity profile>/edit_end_entity - /ra_functionality/edit_end_entityAdditional authorization requirements for key recovery:
- /endentityprofilesrules/<end entity profile>/keyrecovery - /ra_functionality/keyrecovery
username - the unique usernamepassword - the password sent with editUser callhardTokenSN - If the certificate should be connected with a hardtoken, it is
possible to map it by give the hardTokenSN here, this will simplify revocation of a tokens
certificates. Use null if no hardtokenSN should be associated with the certificate.keyspec - that the generated key should have, examples are 2048 for RSA or secp256r1 for ECDSA.keyalg - that the generated key should have, RSA, ECDSA. Use one of the constants in
AlgorithmConstants.KEYALGORITHM_...CADoesntExistsException_Exception - if a referenced CA does not existAuthorizationDeniedException_Exception - if client isn't authorized to requestNotFoundException_Exception - if user cannot be foundEjbcaException_Exceptionvoid removeSubjectFromRole(java.lang.String roleName,
java.lang.String caName,
java.lang.String matchWith,
java.lang.String matchType,
java.lang.String matchValue)
throws AuthorizationDeniedException_Exception,
EjbcaException_Exception
roleName - The role to remove the admin fromcaName - Name of the CA that issued the administrator's certificatematchWith - Could be any of: NONE, WITH_COUNTRY, WITH_DOMAINCOMPONENT, WITH_STATEORPROVINCE, WITH_LOCALITY, WITH_ORGANIZATION,
WITH_ORGANIZATIONALUNIT, WITH_TITLE, WITH_COMMONNAME, WITH_UID, WITH_DNSERIALNUMBER, WITH_SERIALNUMBER,
WITH_DNEMAILADDRESS, WITH_RFC822NAME, WITH_UPN, WITH_FULLDNmatchType - Could be one of: TYPE_EQUALCASE, TYPE_EQUALCASEINS, TYPE_NOT_EQUALCASE, TYPE_NOT_EQUALCASEINS, TYPE_NONEmatchValue - The value to match againstEjbcaException_ExceptionAuthorizationDeniedException_Exceptionvoid republishCertificate(java.lang.String serialNumberInHex,
java.lang.String issuerDN)
throws AuthorizationDeniedException_Exception,
CADoesntExistsException_Exception,
EjbcaException_Exception,
PublisherException_Exception
- /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules/<end entity profile>/view_end_entity - /ca/<ca of user>
serialNumberInHex - of the certificate to republishissuerDN - of the certificate to republishCADoesntExistsException_Exception - if a referenced CA does not existAuthorizationDeniedException_Exception - if the administratior isn't authorized to republishPublisherException_Exception - if something went wrong during publicationEjbcaException_Exception - if other error occured on the server side.void revokeCert(java.lang.String issuerDN,
java.lang.String certificateSN,
int reason)
throws AlreadyRevokedException_Exception,
ApprovalException_Exception,
AuthorizationDeniedException_Exception,
CADoesntExistsException_Exception,
EjbcaException_Exception,
NotFoundException_Exception,
WaitingForApprovalException_Exception
revokeCertBackdated(String, String, int, String) but revocation date is current time.issuerDN - certificateSN - reason - CADoesntExistsException_ExceptionAuthorizationDeniedException_ExceptionNotFoundException_ExceptionEjbcaException_ExceptionApprovalException_ExceptionWaitingForApprovalException_ExceptionAlreadyRevokedException_Exceptionvoid revokeCertBackdated(java.lang.String issuerDN,
java.lang.String certificateSN,
int reason,
java.lang.String sDate)
throws AlreadyRevokedException_Exception,
ApprovalException_Exception,
AuthorizationDeniedException_Exception,
CADoesntExistsException_Exception,
DateNotValidException_Exception,
EjbcaException_Exception,
NotFoundException_Exception,
RevokeBackDateNotAllowedForProfileException_Exception,
WaitingForApprovalException_Exception
- Administrator flag set - /administrator - /ra_functionality/revoke_end_entity - /endentityprofilesrules//revoke_end_entity - /ca/<ca of certificate>
To use this call the certificate to be used must be from a certificate profile that has 'Allow back dated revocation' enabled.
If RevokeBackDateNotAllowedForProfileException is throwed then the CA is not
allowing back date and you could then revoke with revokeCert(String, String, int).
DateNotValidException means that the date parameter can't be parsed and in this case it might also
be better with a fall back to revokeCert(String, String, int).
issuerDN - of the certificate to revokecertificateSN - Certificate serial number in hex format of the certificate to revoke (without any "0x", "h" or similar)reason - for revocation, one of RevokeStatus.REVOKATION_REASON_ constants,
or use RevokeStatus.NOT_REVOKED to un-revoke a certificate on hold.sDate - The revocation date. If null then the current date is used. If specified then the profile of the certificate must allow
"back dating" and the date must be i the past. The parameter is specified as an
ISO 8601 string.
An example: 2012-06-07T23:55:59+02:00CADoesntExistsException_Exception - if a referenced CA does not existAuthorizationDeniedException_Exception - if client isn't authorized.NotFoundException_Exception - if certificate doesn't existWaitingForApprovalException_Exception - If request has bean added to list of tasks to be approvedApprovalException_Exception - There already exists an approval request for this taskAlreadyRevokedException_Exception - The certificate was already revoked, or you tried to unrevoke a permanently revoked certificateEjbcaException_Exception - internal errorRevokeBackDateNotAllowedForProfileException_Exception - if back date is not allowed in the certificate profileDateNotValidException_Exception - if the date is not a valid ISO 8601 string or if it is in the future.void revokeToken(java.lang.String hardTokenSN,
int reason)
throws AlreadyRevokedException_Exception,
ApprovalException_Exception,
AuthorizationDeniedException_Exception,
CADoesntExistsException_Exception,
EjbcaException_Exception,
NotFoundException_Exception,
WaitingForApprovalException_Exception
- /administrator - /ra_functionality/revoke_end_entity - /endentityprofilesrules//revoke_end_entity - /ca/<ca of certificates on token>
hardTokenSN - of the hardTokenSNreason - for revocation, one of RevokeStatus.REVOKATION_REASON_ constantsCADoesntExistsException_Exception - if a referenced CA does not existAuthorizationDeniedException_Exception - if client isn't authorized.NotFoundException_Exception - if token doesn't existWaitingForApprovalException_Exception - If request has bean added to list of tasks to be approvedApprovalException_Exception - There already exists an approval request for this taskAlreadyRevokedException_Exception - The token was already revoked.EjbcaException_Exceptionvoid revokeUser(java.lang.String username,
int reason,
boolean deleteUser)
throws AlreadyRevokedException_Exception,
ApprovalException_Exception,
AuthorizationDeniedException_Exception,
CADoesntExistsException_Exception,
EjbcaException_Exception,
NotFoundException_Exception,
WaitingForApprovalException_Exception
- /administrator - /ra_functionality/revoke_end_entity - /endentityprofilesrules/<end entity profile>/revoke_end_entity - /ca/
username - unique username in EJBCAreason - for revocation, one of RevokeStatus.REVOKATION_REASON_ constants
or use RevokeStatus.NOT_REVOKED to un-revoke a certificate on hold.deleteUser - deletes the users after all the certificates have been revoked.CADoesntExistsException_Exception - if a referenced CA does not existAuthorizationDeniedException_Exception - if client isn't authorized.NotFoundException_Exception - if user doesn't existWaitingForApprovalException_Exception - if request has bean added to list of tasks to be approvedApprovalException_Exception - if there already exists an approval request for this taskAlreadyRevokedException_Exception - if the user already was revokedEjbcaException_Exceptionvoid rolloverCACert(java.lang.String caname)
throws AuthorizationDeniedException_Exception,
CADoesntExistsException_Exception,
EjbcaException_Exception
AuthorizationDeniedException_Exception - if administrator is not authorized to import certificate.CADoesntExistsException_Exception - if caname does not existEjbcaException_Exception - other errors in which case an org.ejbca.core.ErrorCode is set in the EjbcaExceptionKeyStore softTokenRequest(UserDataVOWS userData, java.lang.String hardTokenSN, java.lang.String keyspec, java.lang.String keyalg) throws ApprovalException_Exception, AuthorizationDeniedException_Exception, CADoesntExistsException_Exception, EjbcaException_Exception, NotFoundException_Exception, UserDoesntFullfillEndEntityProfile_Exception, WaitingForApprovalException_Exception
UserDataVOWS.TOKEN_TYPE_ (JKS or P12).
A token password must also be defined.Authorization requirements:
- /administrator - /ra_functionality/create_end_entity and/or edit_end_entity - /endentityprofilesrules/<end entity profile of user>/create_end_entity and/or edit_end_entity - /ca_functionality/create_certificate - /ca/<ca of user>
userData - the userhardTokenSN - If the certificate should be connected with a hardtoken, it is
possible to map it by give the hardTokenSN here, this will simplify revocation of a token
certificates. Use null if no hardtokenSN should be associated with the certificate.keyspec - that the generated key should have, examples are 2048 for RSA or secp256r1 for ECDSA.keyalg - that the generated key should have, RSA, ECDSA. Use one of the constants in
AlgorithmConstants.KEYALGORITHM_...CADoesntExistsException_Exception - if a referenced CA does not existAuthorizationDeniedException_Exception - if client isn't authorized to requestNotFoundException_Exception - if user cannot be foundUserDoesntFullfillEndEntityProfile_ExceptionApprovalException_ExceptionWaitingForApprovalException_ExceptionEjbcaException_ExceptioneditUser(UserDataVOWS)CertificateResponse spkacRequest(java.lang.String username, java.lang.String password, java.lang.String spkac, java.lang.String hardTokenSN, java.lang.String responseType) throws AuthorizationDeniedException_Exception, CADoesntExistsException_Exception, CesecoreException_Exception, EjbcaException_Exception, NotFoundException_Exception
username - the unique usernamepassword - the password sent with editUser callspkac - the SPKAC (netscape) request message (only the public key is used.)responseType - indicating which type of answer that should be returned, on of the
CertificateHelper.RESPONSETYPE_ parameters.CADoesntExistsException_Exception - if a referenced CA does not existAuthorizationDeniedException_ExceptionNotFoundException_ExceptionEjbcaException_ExceptionCesecoreException_Exceptionpkcs10Request(String, String, String, String, String)void updateCaCert(java.lang.String caname,
byte[] certbytes)
throws AuthorizationDeniedException_Exception,
CADoesntExistsException_Exception,
EjbcaException_Exception
caname - the logical name of the CA in EJBCAcertbytes - a byte array containing the CA certificate, and optional it's CA certificate chain.AuthorizationDeniedException_ExceptionCADoesntExistsException_Exception - if a CA with that logical name does not exists in EJBCA.EjbcaException_Exception - if an other exception occurs.2019 PrimeKey Solutions AB.