public final class StreamProfileWriter extends CredentialWriter
The following credential readers can all be used with this credential writer:
CredentialCreatorCredentialRecovererFilenameProfileReaderPKCS12ReaderStreamProfileReaderRoamingCredentialReaderBelow is an example of how a user's Digital Identity can be logged into and then written (all capitalized values must be provided by the user):
User user = new User();
JNDIDirectory directory = new JNDIDirectory(DIRECTORY_IP, DIRECTORY_PORT);
ManagerTransport transport = new ManagerTransport(MANAGER_IP, MANAGER_PORT);
user.setConnections(directory, transport);
SecureStringBuffer securePassword = new SecureStringBuffer(PASSWORD);
CredentialReader credentialReader = new StreamProfileReader(EPF_INPUT_STREAM);
CredentialWriter credentialWriter = new StreamProfileWriter(EPF_OUTPUT_STREAM);
user.setCredentialWriter(credentialWriter);
user.login(credentialReader, securePassword);
// A write operation may have already occurred automatically in the call to
// login (automatic key management). Since a StreamProfileWriter instance
// is only capable of a single write operation, in this case, a second
// instance must be used in order for the manual write operation to be
// successful.
if(!credentialWriter.writePossible()) {
credentialWriter = new StreamProfileWriter(EPF_OUTPUT_STREAM);
user.setCredentialWriter(credentialWriter);
}
user.write();
StreamProfileReader attached to a
FileInputStream and written using a
StreamProfileWriter attached to a
FileOutpuStream, ensure that the files being read from
and written to have different names, otherwise the original file will
be overwritten with an empty file when the
StreamProfileWriter constructor is called. This will cause
the read to fail; FilenameProfileReader and
FilenameProfileWriter should be used in this case as they
do not suffer from this problem.StreamProfileWriter is only capable of a single digital
identity write operation. Multiple attempts to write using the same
StreamProfileWriter instance will fail and result in a
UserFatalException being thrown. Since every successful
key management operation (key update, DN change, ...) includes a digital
identity write operation, multiple key management operations cannot be
done using the same StreamProfileWriter instance. Instead,
each key management operation requires its own
StreamProfileWriter instance. This is important because
every user login that has a credential writer set will automatically
execute any required key management (meaning a write operation could
occur during a login). To determine if a
StreamProfileWriter instance is capable of writing (it has
not yet been used to write), call CredentialWriter.writePossible(). This should
be called before every manual attempt to write (User.write())
to ensure that the write operation is possible with the current credential
writer.| Modifier and Type | Field and Description |
|---|---|
static int |
DEFAULT_HASH_COUNT
The default hash count; this is the number of iterations used by default
when deriving the Entrust Digital Identity protection key.
|
static java.lang.String |
DEFAULT_PROTECTION_ALGORITHM
The default EPF protection algorithm.
|
static int |
MINIMUM_HASH_COUNT
The minimum hash count; this is the minimum number of iterations allowed
when deriving the Entrust Digital Identity protection key.
|
| Modifier | Constructor and Description |
|---|---|
|
StreamProfileWriter(java.io.OutputStream outputStream)
A constructor; creates a new
StreamProfileWriter from the
provided values. |
|
StreamProfileWriter(java.io.OutputStream outputStream,
int hashCount)
A constructor; creates a new
StreamProfileWriter from the
provided values. |
|
StreamProfileWriter(java.io.OutputStream outputStream,
int hashCount,
java.lang.String entrustPath,
java.lang.String entrustUser)
A constructor; creates a new
StreamProfileWriter from the
provided values. |
protected |
StreamProfileWriter(java.io.OutputStream outputStream,
java.lang.String protectionAlgorithm,
int hashCount)
Deprecated.
use
StreamProfileWriter(OutputStream, int) instead. |
protected |
StreamProfileWriter(java.io.OutputStream outputStream,
java.lang.String protectionAlgorithm,
int hashCount,
java.lang.String entrustPath,
java.lang.String entrustUser)
Deprecated.
|
| Modifier and Type | Method and Description |
|---|---|
java.lang.String |
getType()
Returns the type (name) of this specific credential writer, which is
"StreamProfileWriter".
|
addConfiguration, writePossiblepublic static final java.lang.String DEFAULT_PROTECTION_ALGORITHM
public static final int DEFAULT_HASH_COUNT
public static final int MINIMUM_HASH_COUNT
public StreamProfileWriter(java.io.OutputStream outputStream)
StreamProfileWriter from the
provided values.
When used to create a credential writer that will be used for writing an
existing Digital Identity store that already contains EPF protection values
(read using a FilenameProfileReader or
StreamProfileReader), the EPF will be protected with the values
read from the EPF.
When used to create a credential writer that will be used for writing a
new Digital Identity store (read using a CredentialCreator or
CredentialRecoverer) or an existing Digital Identity store that
does not contain EPF protection values (read using a
PKCS12Reader), the EPF is automatically protected using the
default protection values (DEFAULT_PROTECTION_ALGORITHM,
DEFAULT_HASH_COUNT).
OutputStream once
the Digital Identity store has been writtenoutputStream - the output stream the user's Digital Identity will be writtenjava.lang.IllegalArgumentException - thrown if any of the required parameters are nullprotected StreamProfileWriter(java.io.OutputStream outputStream,
java.lang.String protectionAlgorithm,
int hashCount)
StreamProfileWriter(OutputStream, int) instead.StreamProfileWriter(OutputStream, int).outputStream - the output stream the user's Digital Identity will
be writtenprotectionAlgorithm - the algorithm used to protect the EPF.hashCount - the number of iterations used by when deriving the
EPF protection key; must be no less than
MINIMUM_HASH_COUNT (OPTIONAL)java.lang.IllegalArgumentException - thrown if any of the required parameters
are null or the EPF
protection parameters are invalidEntrustProfileProtectionAlgorithmspublic StreamProfileWriter(java.io.OutputStream outputStream,
int hashCount)
StreamProfileWriter from the
provided values.
When used to create a credential writer that will be used for writing an
existing Digital Identity store that already contains EPF protection values
(read using a FilenameProfileReader or
StreamProfileReader), and the EPF protection values
(protectionAlgorithm, hashCount) are not set, the EPF will be protected with
the values read from the EPF. However, when set, the EPF will be protected
with the values indicated. Thus, setting these values differently than the
values in the EPF will cause the EPF to be written using a different type of
protection.
When used to create a credential writer that will be used for writing a
new Digital Identity store (read using a CredentialCreator or
CredentialRecoverer) or an existing Digital Identity store that
does not contain EPF protection values (read using a
PKCS12Reader), the EPF is automatically protected using the
protection value specified in the Client Settings
profile protection policy. The hash count is not required, and when missing
or zero, DEFAULT_HASH_COUNT) is automatically used.
OutputStream once
the Digital Identity store has been writtenoutputStream - the output stream the user's Digital Identity will be writtenhashCount - the number of iterations used by when deriving the EPF protection key;
must be no less than MINIMUM_HASH_COUNT (OPTIONAL)java.lang.IllegalArgumentException - thrown if any of the required parameters are null or the
EPF protection parameters are invalidprotected StreamProfileWriter(java.io.OutputStream outputStream,
java.lang.String protectionAlgorithm,
int hashCount,
java.lang.String entrustPath,
java.lang.String entrustUser)
StreamProfileWriter(OutputStream, int, String, String) instead.StreamProfileWriter(OutputStream, int, String, String)outputStream - the output stream the user's Digital Identity will be writtenprotectionAlgorithm - the algorithm used to protect the EPF; the value specified here
is not used. It is read from the Client Settings policy.hashCount - the number of iterations used by when deriving the EPF
protection key; must be no less than
MINIMUM_HASH_COUNT [OPTIONAL]entrustPath - the Entrust path value; identifies the folder in which files
related to this digital identity are stored (i.e. .epf, .xcc
...) [OPTIONAL]entrustUser - the Entrust user value; contains the name of the digital
identity. Files related to this digital identity are
identified with this name (i.e. <Entrust User>.epf,
<Entrust User>.xcc ...) [OPTIONAL]java.lang.IllegalArgumentException - thrown if any of the required parameters are
null or the EPF protection parameters are
invalidpublic StreamProfileWriter(java.io.OutputStream outputStream,
int hashCount,
java.lang.String entrustPath,
java.lang.String entrustUser)
StreamProfileWriter from the
provided values.
When used to create a credential writer that will be used for writing an
existing Digital Identity store that already contains EPF protection
values (read using a FilenameProfileReader or
StreamProfileReader), and the EPF protection values
(protectionAlgorithm, hashCount) are not set, the EPF will be protected
with the values read from the EPF. However, when set, the EPF will be
protected with the values indicated. Thus, setting these values
differently than the values in the EPF will cause the EPF to be written
using a different type of protection.
When used to create a credential writer that will be used for writing a
new Digital Identity store (read using a CredentialCreator
or CredentialRecoverer) or an existing Digital Identity
store that does not contain EPF protection values (read using a
PKCS12Reader), the EPF is automatically protected using the
protection value specified in the Client Settings profile protection policy.
The hash count is not required, and when missing
or zero, DEFAULT_HASH_COUNT) is automatically used.
The Entrust path and Entrust user values are used to identity files related to an Entrust digital identity (i.e. .epf, .xcc ...). If the Entrust path value is not provided, the current folder is used instead. If the Entrust user value is not provided, then none of the files that accompany the digital identity can be automatically written during logout.
OutputStream once
the Digital Identity store has been writtenoutputStream - the output stream the user's Digital Identity will be writtenhashCount - the number of iterations used by when deriving the EPF
protection key; must be no less than
MINIMUM_HASH_COUNT [OPTIONAL]entrustPath - the Entrust path value; identifies the folder in which files
related to this digital identity are stored (i.e. .epf, .xcc
...) [OPTIONAL]entrustUser - the Entrust user value; contains the name of the digital
identity. Files related to this digital identity are
identified with this name (i.e. <Entrust User>.epf,
<Entrust User>.xcc ...) [OPTIONAL]java.lang.IllegalArgumentException - thrown if any of the required parameters are
null or the EPF protection parameters are
invalidEntrustProfileProtectionAlgorithmspublic java.lang.String getType()
getType in class CredentialWriter