Internal Architecture
For developers and other interested parties, the following diagrams show an outline of the internal architecture of EJBCA, and dependencies between different modules.
EJBCA Module Descriptions
This is a list of all modules in the modules directory. Unit tests directories (src-test) are excluded from this list.
|
Module |
Build artifacts, by source directory |
Edition |
Description |
|
acme |
src: JAR file with implementation |
Enterprise |
ACME protocol (RFC 8555) service. |
|
src-common: WAR file |
|||
|
admin-gui |
src: WAR file |
|
Admin Web interface. |
|
appserver-ext |
src: Two JAR files with log classes |
|
App server "extensions". Currently, it contains classes that extend log4j. |
|
batchenrollment-gui |
src: Standalone application |
|
A GUI application to mass enroll certificates. |
|
caa |
src: JAR file with implementation |
Enterprise |
Certification Authority Authorization (RFC 6844) validation. |
|
src-cli: Standalone application |
|||
|
certificatestore |
src: WAR file |
|
The certificate store servlet, allowing certificates to be downloaded. |
|
cesecore-common |
src: Common classes JAR |
|
Common classes for the CESeCore framework. |
|
cesecore-cvca |
src: JAR file with implementation |
|
Implementation of CVC CA. Excluded in RA-only and VA-only builds. |
|
cesecore-ejb |
src: EJB SSBs |
|
Implementations of CESeCore Statless Session Beans. |
|
cesecore-ejb-interface |
src: EJB SSB interfaces |
|
Interfaces for cesecore-ejb |
|
cesecore-entity |
src: JAR file with entity classes |
|
Entity classes for the CESeCore framework. These correspond to tables in the database. |
|
cesecore-p11 |
src: JAR file |
|
Security fix for old versions of the SunPKCS11 implementation. |
|
cesecore-x509ca |
src: JAR file with implementation |
|
Implementation of X509CA. Excluded in RA-only and VA-only builds. |
|
clearcache-war |
src: WAR file |
|
WAR file that allows clearing caches by an HTTP request from localhost. |
|
clientToolBox |
src: Standalone application |
|
Command line utility to manage HSM keys, send Web Service requests, run stress test, etc. |
|
cli-util |
src: JAR file with common classes |
|
Common classes shared by the command line utilities in EJBCA. |
|
cmpclient |
src: Standalone application |
Enterprise |
Command line CMP client. |
|
cmpProxy |
src: Standalone WAR file (HTTP or TCP) |
Enterprise |
Standaone WAR file. |
|
common |
No build artifact |
|
Default log4j configuration for CLI utilities and tests. |
|
configdump |
src-cli: Standalone application |
Enterprise |
Configdump lets you export a YAML file of your EJBCA configuration. Certificates or keys are not exported. |
|
src-common: JAR file with interfaces |
|||
|
src-ejb: EJB SSBs |
|||
|
crlstore |
src: WAR file |
|
The CRL store servlet. It allows CRLs to be downloaded. |
|
ct |
src: JAR with implementation and OCSP extension |
Enterprise |
Certificate Transparency (RFC 6962) submission. |
|
editition-specific |
src-ejb: EJB SSBs (placeholders for CE) |
|
Interfaces and placeholders for Enterprise Edition specific functionality. |
|
src-interface: EJB SSB interfaces |
|
||
|
editition-specific-ee |
src-ejb: EJB SSBs (actual implementations) |
Enterprise |
Enterprise Edition only EJBs. |
|
ejbca-cmp-tcp |
src: WAR file |
|
CMP TCP server. Runs inside the app server if configured. |
|
ejbca-cmp-war |
src: WAR file |
|
CMP HTTP interface. Contains a servlet. |
|
ejbca-common |
src: JAR file with utility classes |
|
Utility classes specific to EJBCA, and not used in other products that use CESeCore. |
|
ejbca-common-web |
src: JAR file with utility classes |
|
Utility classes that are specific to the EJBCA web interfaces. |
|
ejbca-ejb |
src: EJB SSBs |
|
Implementations of EJBCA specific Stateless Session Beans. |
|
ejbca-ejb-cli |
src: Standalone application |
|
Command line utility to operate EJBCA via the Remote EJB interface. |
|
ejbca-ejb-interface |
src: EJB SSB interfaces |
|
Interfaces for ejbca-ejb. |
|
ejbca-entity |
src: JAR file with entity classes |
|
Entity classes specific to EJBCA. These correspond to tables in the database. |
|
src-cli: Standalone application (ejbca-db-cli.jar) |
Enterprise |
Database CLI tool for migrating between databases and for handling database protection. |
|
|
ejbca-properties |
JAR file with properties |
|
The properties files from conf/, conf/plugins/ and src/upgrade/ |
|
ejbca-renew-war |
src: WAR file |
|
Self-service certificate renewal in public web. |
|
ejbca-rest-api |
src: WAR file |
Enterprise |
WAR with entry point for the REST API. |
|
ejbca-rest-* |
src: JAR file with REST Resource |
Enterprise |
REST Resource for different parts of the API (common, camanagement, cryptotoken). |
|
ejbca-scep-war |
src: WAR file |
|
SCEP protocol for creating and renewing certificate. |
|
ejbca-webdist-war |
src: WAR file |
|
CertDistServlet which implements download of certificates and CRL. |
|
ejbca-webtest |
No build artifact |
|
This module contains Selenium tests for the AdminWeb, PublicWeb and RA Web. |
|
ejbca-ws |
src: JAR files with interface and implementation |
|
This is the module for the WebService (SOAP) interface. |
|
ejbca-ws-cli |
src: JAR files with WS module of ClientToolBox |
|
This module is included in ClientToolBox, and provides a WebService (SOAP) client. |
|
est |
src-war: WAR file |
Enterprise |
Provides an EST protocol interface to EJBCA. |
|
externalra |
src: JAR files for client and service |
Enterprise |
The ExternalRA is a legacy module for running an external Registration Authority. It consists of a service built into EJBCA, and an external web GUI. |
|
src: Standalone application (externalra-cli.jar) |
|||
|
externalra-gui |
src: WAR file |
Enterprise |
The web GUI part of ExternalRA, to be deployed on a remote server. |
|
externalra-scep |
src: Standalone application |
Enterprise |
SCEP client for ExternalRA. |
|
healthcheck-war |
src: WAR file |
|
Provides a Health Check URL to check CA status. |
|
oldlogexport-cli |
src: Standalone application |
|
Tool to export legacy LogEntryData database table to a file. |
|
peerconnector |
src-cli: JAR files with subcommands for ejbca-ejb-cli |
Enterprise |
Module for handling peer connections, such as CA-RA or CA-VA. |
|
src-common: JAR file with common classes |
|||
|
src-ejb: EJB SSBs |
|||
|
src-interface: EJB SSB interface |
|||
|
src-publ: JAR file with classes for handling peer publisher communication |
|||
|
src-ra: JAR file with classes for handling RA peer communication |
|||
|
src-rar: RAR file |
|||
|
src-war: WAR file |
|||
|
plugins-ee |
src: JAR file |
|
Extra plugins, such as Publishers, included in Enterprise Edition only. |
|
publicweb-gui |
src: WAR file |
|
The EJBCA Public Web pages (/ejbca/ URL). |
|
ra-gui |
src: WAR file |
|
The EJBCA RA Web pages (/ejbca/ra/ URL). |
|
statedump |
src-cli: Standalone application |
Internal |
Statedump is a PrimeKey internal tool, not included in EJBCA releases. It is the predecessor of Configdump. |
|
src-common: JAR file with common classes |
|||
|
src-ejb: EJB SSB |
|||
|
systemtests |
src: EJB SSBs |
|
Contains functional tests of EJBCA. These require an app server to be running. The EJBs provide additional Remote EJB access that is required by the test, and are only built into the app server when productionmode is set to false. |
|
src-interface: EJB SSB interfaces |
|
||
|
unidfnr |
src-ejb: EJB SSB and entity |
Enterprise |
UNID-FNR allows authenticated OCSP clients to obtain personal information from a certificate identifier. |
|
va |
src-war: WAR file |
|
OCSP responder servlet. |
|
validationtool |
src: Standalone application |
Enterprise |
Command line application for validating certificates. |
Public Web is deprecated as of EJBCA 7.9 and will no longer be supported as of the next major version of EJBCA.Database Diagram
Note: This diagram is current as of EJBCA 7.8.1
