com.entrust.toolkit.credentials

Class KeychainIdentities

java.lang.Object

java.util.AbstractCollection<KeychainIdentity>

com.entrust.toolkit.credentials.KeychainIdentities

All Implemented Interfaces:

IdentityFilter, java.lang.Iterable<KeychainIdentity>, java.util.Collection<KeychainIdentity>

public class KeychainIdentities
extends java.util.AbstractCollection<KeychainIdentity>
implements IdentityFilter

Method Summary

Modifier and Type	Method and Description
static KeychainIdentities	findIdentities() Searches the KeyChain for certificates that can be used to log in to a User object.
static KeychainIdentities	findIdentities(KeychainCertFilter filter) Searches the Keychain for certificates that can be used to log in to a User object.
static KeychainIdentities	findIdentities(KeychainCertFilter filter, IdentityFilter idfilter) Searches the Keychain for certificates that can be used to log in to a User object.
static KeychainIdentity	findIdentity(KeychainCertFilter filter) This method returns the first KeychainIdentity found after searching for identities with the specific filter.
KeychainIdentity	findMatchingIdentity(ContainerName containerName) Finds the identity to which the given key container name belongs.
KeychainIdentity	findMatchingIdentity(KeychainCertificateAndKeyInfo kcaki, IdentityFilter filter) Finds the identity to which the given KeychainCertificateAndKeyInfo matches by calling the KeychainIdentityFilter#matchIdentity(KeychainIdentity, KeychainCertificateAndKeyInfo) method.
java.util.Iterator<KeychainIdentity>	iterator() Returns an Iterator that can be used to iterate through all identities stored in this set.
boolean	matchIdentity(Identity identity, CertificateAndKeyInfo caki) Check if the passed in KeychainCerticateAndKeyInfo belongs to the specified KeychainIdentity.
int	size() Returns the number of identities in this collection.

Methods inherited from class java.util.AbstractCollection

add, addAll, clear, contains, containsAll, isEmpty, remove, removeAll, retainAll, toArray, toArray, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.util.Collection

equals, hashCode, parallelStream, removeIf, spliterator, stream

Methods inherited from interface java.lang.Iterable

forEach

Method Detail

findMatchingIdentity

public KeychainIdentity findMatchingIdentity(ContainerName containerName)

Finds the identity to which the given key container name belongs.

Parameters:

containerName - The name of the key container for which to find a matching identity

Returns:

The identity matching the container, or null if no matching identity is found.

findMatchingIdentity

public KeychainIdentity findMatchingIdentity(KeychainCertificateAndKeyInfo kcaki,
                                             IdentityFilter filter)

Finds the identity to which the given KeychainCertificateAndKeyInfo matches by calling the KeychainIdentityFilter#matchIdentity(KeychainIdentity, KeychainCertificateAndKeyInfo) method.

Parameters:

kcaki - The KeychainCertificateAndKeyInfo which will be used to find certificates and key that belong to this identity.

filter - The KeychainIdentityFilter used to find the certificates and keys that belong to this identity.

Returns:

The identity matching the container, or null if no matching identity is found.

findIdentities

public static KeychainIdentities findIdentities()
                                         throws KeychainException

Searches the KeyChain for certificates that can be used to log in to a User object. To be acceptable, a certificate must:

• have a matching private key available
• have a chain to a root certificate available

Returns:

a collection of KeychainIdentity objects that may be used to construct a KeychainCredentialReader to log in to a User

Throws:

KeychainException - if any non-recoverable error occurs searching for certificates, such as not being able to read keys from the Keychain

findIdentity

public static KeychainIdentity findIdentity(KeychainCertFilter filter)
                                     throws KeychainException

This method returns the first KeychainIdentity found after searching for identities with the specific filter. This is useful when using a filter that should only return 1 identity such as the CertIdentityCertFilter.

Parameters:

filter - The KeychainCertFilter used to filter out acceptable certificates used to find identities

Returns:

The first KeychainIdentity in the list of identities returned, or none if no identites are returned

Throws:

KeychainException - if an error occurs

See Also:

KeychainCertFilter

findIdentities

public static KeychainIdentities findIdentities(KeychainCertFilter filter)
                                         throws KeychainException

Searches the Keychain for certificates that can be used to log in to a User object.

The KeychainCertFilter is used to filter out certificates that should not be considered for use when searching for identities

Parameters:

filter - The KeychainCertFilter used to filter out certificates which should be considered acceptable.

Returns:

a collection of KeychainIdentity objects that may be used to construct a KeychainCredentialReader to log in to a User

Throws:

KeychainException - if any non-recoverable error occurs searching for certificates,

See Also:

KeychainIdentityCertFilter, UnverifiedCertFilter, KeychainSearchFilter

findIdentities

public static KeychainIdentities findIdentities(KeychainCertFilter filter,
                                                IdentityFilter idfilter)
                                         throws KeychainException

Searches the Keychain for certificates that can be used to log in to a User object.

The KeychainCertFilter is used to filter out certificates that should not be considered for use when searching for identities

The KeychainIdentityFilter is used to identify certificates which should belong to the same identity. Null may be specified to indicate the default matchIdentity(Identity, CertificateAndKeyInfo) filter will be used.

Parameters:

filter - The KeychainCertFilter used to filter out certificates which should not be considered acceptable.

idfilter - The KeychainIdentityFilter used to match the certificates and keys that belong to the same identity.

Returns:

a collection of KeychainIdentity objects that may be used to construct a KeychainCredentialReader to log in to a User

Throws:

KeychainException - if any non-recoverable error occurs searching for certificates,

See Also:

KeychainIdentityCertFilter, UnverifiedCertFilter, KeychainSearchFilter

matchIdentity

public boolean matchIdentity(Identity identity,
                             CertificateAndKeyInfo caki)

Check if the passed in KeychainCerticateAndKeyInfo belongs to the specified KeychainIdentity.

In an Entrust Identity, there can be multiple certificates and keys. For example, encryption, verification and non-repudiation. When these certificates are stored in the Keychain using Entrust, the ContainerName is used to find other certificates that may be associated with that identity. However, if the Entrust certificates were added into Keychain using a third-party mechanism, such as a P11 driver, or an export from P12, then the Entrust container format will not be used. Therefore, this identity will be considered an unknown identity and the toolkit will use the SubjectDN and IssuerDN of the certificates in Keychain to find the certificates that belong to the same identity.

Note: Because the Entrust container format was not used when writing the certificates into Keychain, this identity will not be able to be managed by the toolkit. Attempting to manage such an identity may result in undefined behaviour, and is not supported by the toolkit.

Specified by:

matchIdentity in interface IdentityFilter

Parameters:

identity - The KeychainIdentity

ccaki - The KeychainCertificateAndKeyInfo

Returns:

true if the KeychainCertificateAndKeyInfo belong to the KeychainIdentity, false if KeychainCertificateAndKeyInfo do not belong.

iterator

public java.util.Iterator<KeychainIdentity> iterator()

Returns an Iterator that can be used to iterate through all identities stored in this set. The object returned by calling the next() method of the iterator should be cast to a KeychainIdentity.

Specified by:

iterator in interface java.lang.Iterable<KeychainIdentity>

Specified by:

iterator in interface java.util.Collection<KeychainIdentity>

Specified by:

iterator in class java.util.AbstractCollection<KeychainIdentity>

Returns:

an Iterator that can be used to iterate through all identities stored in this set.

size

public int size()

Returns the number of identities in this collection.

Specified by:

size in interface java.util.Collection<KeychainIdentity>

Specified by:

size in class java.util.AbstractCollection<KeychainIdentity>

Returns:

the number of identities in this collection.