Recovering credentials

If a user loses or corrupts his credentials, your application should be able to perform a recovery operation. From your application's point of view, the processes of recovering and creating credentials are similar.

Requesting an authorization code

Request an authorization code from the PKI Administrator.

AuthorizationCode authCode = new AuthorizationCode(...);

Requesting a reference number

Request a reference number from the PKI Administrator.

SecureStringBuffer refNo = new SecureStringBuffer(...);

Obtaining the user password

Prompt the user for the password.

SecureStringBuffer pwd = new SecureStringBuffer(...);

A user's password must contain the following.

  • at least 8 characters

  • at least one uppercase character

  • at least one lowercase character

  • at least one numeric character

A user's password may contain the following.

  • non-alpha-numeric characters

  • uppercase and lowercase characters

  • spaces

  • repeated characters

By default, a user's password has no expiry date, but if a user changes a password, it cannot be the same as one of the previous eight passwords chosen by that user.

Instantiating the credential recoverer

Instantiate a CredentialRecoverer object, using the authorization code and reference number previously obtained.

CredentialRecoverer credRecoverer = new CredentialRecoverer(refNo, authCode);

Creating a user

Create a user object.

com.entrust.toolkit.User user = new User();

Connecting to the key management server

Connect to the CA key management server and the Directory, specifying IP addresses and port numbers for both entities.

ManagerTransport mt = new ManagerTransport(<ip>, <port>);
JNDIDirectory jndiDir = new JNDIDirectory(<ip>, <port>);
user.setConnections(jndiDir, mt);

The default timers are set to 0 (no limit). This can cause long wait times if your environment has network-related issues. Use the setters to set reasonable timer values for your network.

Setting the credential writer

Set a credential writer object, in this case, the FilenameProfileWriter.

FilenameProfileWriter profileWriter = new FilenameProfileWriter(<profile_path>);
user.setCredentialWriter(profileWriter);

Logging the user

Log in the user with the selected credentials.

user.login(credReader, <password>);