Creating a key store initialization file

See below for creating a key store initialization file using the toolkit methods.

Obtaining the user password

Prompt the user for the password.

SecureStringBuffer pwd = new SecureStringBuffer(...);

A user's password must contain the following.

  • at least 8 characters

  • at least one uppercase character

  • at least one lowercase character

  • at least one numeric character

A user's password may contain the following.

  • non-alpha-numeric characters

  • uppercase and lowercase characters

  • spaces

  • repeated characters

By default, a user's password has no expiry date, but if a user changes a password, it cannot be the same as one of the previous eight passwords chosen by that user.

Creating a user

Create a user object.

com.entrust.toolkit.User user = new User();

Connecting to the key management server

Connect to the CA key management server and the Directory, specifying IP addresses and port numbers for both entities.

ManagerTransport mt = new ManagerTransport(<ip>, <port>);
JNDIDirectory jndiDir = new JNDIDirectory(<ip>, <port>);
user.setConnections(jndiDir, mt);

The default timers are set to 0 (no limit). This can cause long wait times if your environment has network-related issues. Use the setters to set reasonable timer values for your network.

Logging the user

Log in the user with the selected credentials.

user.login(credReader, <password>);

Creating the key store initialization file

Create an instance of the key store initialization file.

KSIniFileCreator ksIniFileCreator = new KSIniFileCreator(<credentials_file_path>);

Use the following constructor to create the key store initialization file from an Entrust profile (.epf) or a PKCS #12 (.p12) file.

KSIniFileCreator(java.lang.String path)

Use the following constructor to create the key store initialization file from a PKCS #11 credential store.

KSIniFileCreator(java.lang.String pkcs11Library, int slotNr)

Use the following constructor to create the key store initialization file from an existing key store initialization file.

KSIniFileCreator(java.lang.String ksIniFile, SecureStringBuffer password)

Adding certificate stores

Add any number of read-and-write certificate stores to the key store initialization file.

ksIniFileCreator.addWriteCertificateStore(<p12_path>, <password>);

Setting connections

Establish a connection to a CA and a certificate repository. Use the following method to establish a direct connection.

ksIniFileCreator.setLdap(<IP>, <port>);

Use the following methods to establish a tunneled connection.

ksIniFileCreator.setLdapTunnel(<URL_or_Ldap_directory_servlet>);
ksIniFileCreator.setAuthority(<ip>, <port>);

Use the following method to establish a tunneled connection.

ksIniFileCreator.setAuthTunnel(<URL_or_Ldap_directory_servlet>);

Saving the key store initialization file

Save the new key store initialization file.

ksIniFileCreator.store(new FileOutputStream(<path>, <password>);

To avoid confusion between key store initialization files and other configuration files used by the Toolkit, give the key store initialization file a .kst extension and a name that associates the key store with its user.