001/*
002 * (C) Copyright 2011 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *    Wojciech Sulejman
018 */
019package org.nuxeo.ecm.platform.signature.api.user;
020
021import java.security.KeyStore;
022
023import org.nuxeo.ecm.core.api.DocumentModel;
024import org.nuxeo.ecm.platform.signature.api.exception.CertException;
025
026/**
027 * High-level user certificate and keystore operations. These services help retrieving certificates, keystores and other
028 * information related to specific users.
029 *
030 * @author <a href="mailto:ws@nuxeo.com">Wojciech Sulejman</a>
031 */
032public interface CUserService {
033
034    /**
035     * Generates user certificate and user keys, saves them to a user store, and persists the store in the directory.
036     */
037    DocumentModel createCertificate(DocumentModel user, String userKeyPassword) throws CertException;
038
039    /**
040     * Retrieves a UserInfo object containing information needed for certificate generation.
041     */
042    UserInfo getUserInfo(DocumentModel userModel) throws CertException;
043
044    /**
045     * Returns simplified textual representation of a certificate's contents.
046     *
047     * @return Simple certificate string.
048     */
049    String getUserCertInfo(DocumentModel user, String userKeyPassword) throws CertException;
050
051    /**
052     * Retrieves user keystore from the directory.
053     *
054     * @return User KeyStore object
055     */
056    KeyStore getUserKeystore(String userID, String userKeyPassword) throws CertException;
057
058    /**
059     * Retrieves a user certificate from the directory.
060     *
061     * @return certificate document model
062     */
063    DocumentModel getCertificate(String userID);
064
065    /**
066     * Retrieves the public root certificate.
067     *
068     * @return certificate document model
069     */
070    byte[] getRootCertificateData();
071
072    /**
073     * Checks if the user is present in the certificate directory.
074     */
075    boolean hasCertificate(String userID) throws CertException;
076
077    /**
078     * Deletes user entry from the certificate directory.
079     * <p>
080     * This is a high-level operation. The following containers/entries are removed:
081     * <ul>
082     * <li>a certificate directory entry related to the userID
083     * <li>a keystore (which was saved as a field in the directory entry)
084     * <li>a private key and a public certificate (which were contained in the keystore)
085     * </ul>
086     */
087    void deleteCertificate(String userID) throws CertException;
088
089}