Certificate manager is the main point through which you can execute active operations on managed certification authorities. The most important method is execute, which accepts CrtRequestDo. This method invokes (in a new transaction) the RequestEventType.EXECUTE event.
By default, the following processors are called after execute method was invoked:
By default, the following processors are called after execute method was invoked:
Because the request was not executed yet (is in the state In progress), the we have to invoke the refresh method on the CertificateManager.
By default, the following processors are called after refresh method was invoked:
/** * Execute given persisted request - saves request and publish event * * @param request * persisted requests * @return persisted request - with appropriate state */ CrtRequestDto execute(CrtRequestDto request); /** * Refresh given persisted request - saves request and publish event * * @param request * persisted requests * @return persisted request - with appropriate state */ CrtRequestDto refresh(CrtRequestDto request); /** * Generate certificate from the request * * @param request * @return */ CrtDriverResponseDto generate(CrtRequestDto request); /** * Method generate certificate by CSR (connected to the given request) * * @param request * @return */ CrtDriverResponseDto generateByCsr(CrtRequestDto request); /** * Revocate certificate by given request. Request must have filled serial * number, revocation reason and request type must be * CertficateRequestType.REVOCATION. * * @param serialNumber * @return */ CrtDriverResponseDto revocate(CrtRequestDto request); /** * Renew certificate. Request must have filled serial number and request type * must be CertficateRequestType.RENEW. * * @param serialNumber * @return */ CrtDriverResponseDto renew(CrtRequestDto request); /** * Validate certificate. Request must have filled serial number and request type * must be CertficateRequestType.VALIDATE. If certificate isn't valid, then * exception is throws. * * @param validateRequest * @return */ void validate(CrtRequestDto request); /** * Return pair of certificate keys and certificate * * @param request * @return */ CrtKeyPairWithCertDto getKeyPairByRequest(CrtRequestDto request); /** * Find certificate. Result may be filter by parameters. * * @param parameters * @param pageable * @return */ Page<CrtCertificateDto> findCertificate(CrtCertificateFilter filter, Pageable pageable, CrtAuthorityDto authority); /** * Return all supported drivers * * @return */ List<CrtDriverDto> supportedDrivers(); /** * Find and return default instance of BaseDriver. This instance is not * initialized (without setting configuration) * * @param driverDto * @return */ BaseDriver<DriverConfigurationClass> getDriver(CrtDriverDto driverDto); /** * Upload public certificate * * @param ownerId * @param type * @param fileName * @param data * PEM data * @return */ CrtCertificateDto upload(UUID ownerId, CertificateType type, String fileName, InputStream data); /** * CSR file preview * * @param requestId * @return */ CsrPreviewDto getCsrPreview(UUID requestId); /** * Check if was generate request already processed. * * @param request * @return */ CrtDriverResponseDto checkGenerateRequest(CrtRequestDto request); /** * Check if was generate request already processed. * * @param request * @return */ CrtDriverResponseDto checkGenerateByCsrRequest(CrtRequestDto request); /** * Check if was renew request already processed. * * @param request * @return */ CrtDriverResponseDto checkRenewRequest(CrtRequestDto request); /** * Check if was revocate request already processed. * * @param request * @return */ CrtDriverResponseDto checkRevocateRequest(CrtRequestDto request); /** * Parse and persist certificate (pem) and private key (pkcs12) to attachments * * @param certificate * @param keys * @param request */ void uploadKeys(CrtCertificateDto certificate, CrtKeyPairWithCertDto keys, CrtRequestDto request); /** * Upload certificate. Given certificate transforms to PEM format and persist * him as certificate attachment. * * @param certificate * @param keys * @return */ CrtCertificateDto uploadCertificate(CrtCertificateDto certificateDto, Certificate certificate); /** * Return state of the certificate from the external CA. * * @param request * @param certificate * @return */ CertificateState status(CrtRequestDto request, CrtCertificateDto certificate); /** * Find initialised driver by certificate request * * @param request * @return */ BaseDriver<DriverConfigurationClass> findDriver(CrtRequestDto request); /** * Find and return all approvers with a roles defined in the CA configuration. * * @param request * @return */ List<IdmIdentityDto> findApprovers(CrtRequestDto request); /** * Validate certificate. First find the authority with same issuer, then check * if is certificate signed by that authority and if is valid. Only if is * certificate trusted and valid and is not revoked isn't throw exception. * * @param data */ void validateByInputStream(InputStream data); /** * Validate certificate. First find the authority with same issuer, then check * if is certificate signed by that authority and if is valid. Only if is * certificate trusted and valid and is not revoked isn't throw exception. * * @param cert * Certificate to validate * @param validateOnAuthority * If true, then will be call validate on the authority. Generally * it means, the validity will be check and CRL too. It means, if the * certificate is expired or is revocated, then exception will be * throw. * @param validateValidity * If true and certificate is expired, then exception will be throws. */ void validateByX509Certificate(X509Certificate cert, boolean validateOnAuthority, boolean validateValidity); /** * Get certificate from the authority. * @param authority * @return */ InputStream getAuthorityCertificate(CrtAuthorityDto authority);