com.entrust.toolkit

Class Trustmanager

java.lang.Object

com.entrust.toolkit.Trustmanager

All Implemented Interfaces:

X509TrustManagerInterface

public class Trustmanager
extends java.lang.Object
implements X509TrustManagerInterface

The Trustmanager class implements an X509TrustManagerInterface used by the Toolkit when verifying certificates in XML signatures and encrypting XML elements.

Constructor Summary

Constructors

Constructor and Description
Trustmanager() Instantiates a Trustmanager object.
Trustmanager(KeyAndCertificateSource source) Initializes a Trustmanager from a KeyAndCertificateSource.
Trustmanager(User user) Deprecated. use the Trustmanager(KeyAndCertificateSource source) constructor instead. You could construct that KeyAndCertificateSource from a User.

Method Summary

Modifier and Type	Method and Description
java.security.cert.X509Certificate	getCertificate(byte[] subjectKeyIdentifierValue) Searches the memory cache for the verification certificate that is unambigously identified by SubjectKeyIdentifier.
java.security.cert.X509Certificate	getCertificate(java.security.Principal issuer, java.math.BigInteger serialNumber) Searches the memory cache for the verification certificate that is unambigously identified by the issuer and serial number.
java.security.cert.X509Certificate[]	getCertificates(java.security.Principal principal) Searches the trust manager for all verification certificates that have a particular Principal as the certificate subject.
boolean	isTrusted(java.security.cert.X509Certificate trustCandidate) Determines whether a specified certificate is to be trusted by the trust management system.
void	load(User user) Deprecated. use the Trustmanager(KeyAndCertificateSource source) constructor instead.
void	putCertificates(java.security.cert.X509Certificate[] certs) Adds certificates into the trust manager.
void	putCRL(java.security.cert.X509CRL cRL) Puts a CRL in the trust management system.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Trustmanager

public Trustmanager()

Instantiates a Trustmanager object.

Trustmanager

public Trustmanager(User user)
             throws UserNotLoggedInException

Deprecated. use the Trustmanager(KeyAndCertificateSource source) constructor instead. You could construct that KeyAndCertificateSource from a User.

Initializes a Trustmanager.

Through the User, the Toolkit has secure access to a root of trust. It can then validate the verification certificates it receives in XML signatures and the encryption certificates it needs to encrypt XML elements.

Parameters:

user - is a logged in User object

Throws:

UserNotLoggedInException - user must be logged in

Trustmanager

public Trustmanager(KeyAndCertificateSource source)

Initializes a Trustmanager from a KeyAndCertificateSource.

Through the KeyAndCertificateSource, the Toolkit has secure access to a CertVerifier, with which it validates the verification certificates it receives in XML signatures and the encryption certificates it uses to encrypt XML documents.

Parameters:

source - is a KeyAndCertificateSource object

See Also:

CertVerifier

Method Detail

load

public void load(User user)
          throws UserNotLoggedInException

Deprecated. use the Trustmanager(KeyAndCertificateSource source) constructor instead.

Initializes a Trustmanager.

Parameters:

user - is a User object that must already be logged in

Throws:

UserNotLoggedInException - user must already logged in

putCertificates

public void putCertificates(java.security.cert.X509Certificate[] certs)

Adds certificates into the trust manager.

Specified by:

putCertificates in interface X509TrustManagerInterface

Parameters:

certs - the certificates to be added

getCertificates

public java.security.cert.X509Certificate[] getCertificates(java.security.Principal principal)
                                                     throws X509TrustManagerException

Searches the trust manager for all verification certificates that have a particular Principal as the certificate subject. The verification certificates must have been put into the trust manager by a prior invocation of putCertificates(X509Certificate[]).

The method does not validate the returned certificates -- you must invoke isTrusted(X509Certificate).

Specified by:

getCertificates in interface X509TrustManagerInterface

Parameters:

principal - identifies the subject DN of the certificate

Returns:

X509Certificate[] has the certificates

Throws:

X509TrustManagerException - if getting the requested certificates fails for any reason.

See Also:

putCertificates(java.security.cert.X509Certificate[] certs)

putCRL

public void putCRL(java.security.cert.X509CRL cRL)

Puts a CRL in the trust management system.

Specified by:

putCRL in interface X509TrustManagerInterface

Parameters:

cRL - the certificate revocation list — can be null

isTrusted

public boolean isTrusted(java.security.cert.X509Certificate trustCandidate)
                  throws X509TrustManagerException

Determines whether a specified certificate is to be trusted by the trust management system.

Specified by:

isTrusted in interface X509TrustManagerInterface

Parameters:

trustCandidate - the certificate to be tested — must not be null

Returns:

true if the certificate is trusted

Throws:

X509TrustManagerException - if obtaining the trust decision fails for any reason

getCertificate

public java.security.cert.X509Certificate getCertificate(java.security.Principal issuer,
                                                         java.math.BigInteger serialNumber)
                                                  throws X509TrustManagerException

Searches the memory cache for the verification certificate that is unambigously identified by the issuer and serial number.

Specified by:

getCertificate in interface X509TrustManagerInterface

Parameters:

issuer - the issuer of the certificate — must not be null

serialNumber - the serial number of the certificate — must not be null

Returns:

the certificate that matches the specified parameters, or null

Throws:

X509TrustManagerException - if getting the requested certificate fails for any reason

getCertificate

public java.security.cert.X509Certificate getCertificate(byte[] subjectKeyIdentifierValue)
                                                  throws X509TrustManagerException

Searches the memory cache for the verification certificate that is unambigously identified by SubjectKeyIdentifier.

Specified by:

getCertificate in interface X509TrustManagerInterface

Parameters:

subjectKeyIdentifierValue - the plain (non-DER-encoded) value of the X509.V3 certificate extension named SubjectKeyIdentifer (OID 2.5.29.14). Must not be null.

Returns:

the certificate that matches the specified parameters, or null

Throws:

X509TrustManagerException - certificate cannot be verified