com.entrust.toolkit.util

Class ManagerTransport

java.lang.Object

com.entrust.toolkit.util.ManagerTransport

All Implemented Interfaces:

PollableResource

Direct Known Subclasses:

HttpManagerClient, HttpsManagerClientJSSE, ManagerTransportWithSMProxy, SMProxyManagerTransport

public class ManagerTransport
extends java.lang.Object
implements PollableResource

Provides the means to transfer PKIX messages to and from the PKI Registration Authority (CA key management server).

Typically, an application opens a TCP/IP socket from a client to the PKI RA. PKIX messages for the creation, recovery, and update of credentials are transferred using the TCP/IP socket.

If a firewall blocks the communication between client and RA, or if you prefer not to use sockets, the ManagerTransport class allows for the transfer of messages by whatever means the caller specifies. The PKI RA communicates only using TCP/IP. Therefore, if a transport protocol other than TCP/IP is used on the client side, a corresponding transport conversion must be made on the RA side to convert back to TCP/IP.

You can use the following techniques to transfer the messages between client and PKI RA:

Sockets

You must provide the IP address and port number of the RA to the class.

Streams

Using the Java stream libraries, provide an arbitrary pair of input and output streams that you can use to communicate with the RA.

Byte arrays

Create a sub-class of ManagerTransport and override the readPKIXCMPResponse(boolean) and beginNewSession() methods. PKIX messages will then be passed in byte arrays to the subclass. The subclass can transfer the messages to the RA — using HTTP or e-mail, for example.

Notes

Some constructors take a String managerIP argument, representing the PKI RA's IP address. These methods are intended for situations where you are indirectly transferring the PKIX messages through another host, or proxy, to the PKI RA. The managerIP parameter is required by the PKIX protocol even in those cases when your application is not connecting to the RA.

If the address supplied by the application does not match the IP address of the PKI RA, the protocol will fail. The address should be specified in numeric IP address 'dot' format, 47.97.222.11 for example, and not as a symbolic name.

Field Summary

Fields

Modifier and Type	Field and Description
static int	DEFAULT_CONNECT_TIMEOUT The default value of Socket connection timeout.
static int	DEFAULT_SO_LINGER The default value of SO_LINGER for socket based transports.
static int	DEFAULT_SO_TIMEOUT The default value of SO_TIMEOUT for socket based transports.
protected java.io.InputStream	in
protected java.io.OutputStream	out
protected java.lang.String	recipientAddress

Constructor Summary

Constructors

Constructor and Description
ManagerTransport() The default constructor.
ManagerTransport(java.io.InputStream input, java.io.OutputStream output, java.lang.String managerIP) Takes two arbitrary input streams and the PKI RA's IP address as arguments to create a ManagerTransport object.
ManagerTransport(java.lang.String address, int port) Creates a ManagerTransport object with the PKI RA's IP address, as a String, and the port number (as an integer).
ManagerTransport(java.lang.String address, int port, java.lang.String managerIP) Takes a host address, a port number (as an integer), and the PKI RA's IP address as arguments to create a ManagerTransport object.
ManagerTransport(java.lang.String address, java.lang.String port) Creates a ManagerTransport object with the PKI Manager's host address and port number.
ManagerTransport(java.lang.String address, java.lang.String port, java.lang.String managerIP) Creates a ManagerTransport object with the PKI RA's host address, IP address, and port number as String objects.

Method Summary

Modifier and Type	Method and Description
void	beginNewSession() Called whenever a new session or request to the PKI RA is about to be made.
static int	calculateASNLength(byte[] ba) Calculates the length of an ASN.1 DER-encoded object from the DER encoding, and returns it.
ResourceEvent	checkStatus(Resource resource) This method checks if the CA services provided by the ManagerTransport object are available.
void	dataReady(byte[] data) Passes messages as a byte array.
protected void	DNSLookup()
void	endSession() Must be called whenever a session to the PKI RA is complete.
java.lang.String	getAddress() Returns the PKI RA's address specified by managerIP in other methods if it has not been explicitly defined.
java.security.cert.X509Certificate[]	getClientCredentials() Returns the client X509Certificate chain set by the object that implements this interface.
GeneralMessageInfo	getGeneralMessageInfo(SecureStringBuffer refNum, AuthorizationCode authCode) This is a convenience method used to retrieve information about a User that has not yet been created.
java.io.InputStream	getInputStream() Returns the input stream to read information from the PKI RA.
static ManagerTransport	getInstance(java.lang.String endPoint, int port, java.lang.Object parms) Returns a ManagerTransport object based on the type of ManagerTransport used.
static ManagerTransport	getInstance(java.lang.String endPoint, int port, java.lang.Object parms, boolean useSMProxy) Returns a ManagerTransport object based on the type of ManagerTransport used.
java.io.OutputStream	getOutputStream() Returns the output stream to write information to the PKI RA.
AlgorithmID	getPasswordBasedMacAlgorithm() Get the Password Based MAC algorithm to use with the CA.
boolean	getPasswordBasedMacAlgorithmWorks() Get the flag specifying whether the Password Based MAC algorithm has been verified with the CA TODO Remove when SM 8.3 is no longer supported (PKI-37444)
int	getPort() Returns the PKI RA's port
int	getSoConnectTimeout() Returns the setting for the connection timeout property of the underlying socket, in milliseconds, for socket based transports.
int	getSoLinger() Returns the setting for the SO_LINGER property of the underlying socket, in seconds, for socket based transports.
int	getSoTimeout() Returns the setting for the SO_TIMEOUT property of the underlying socket, in milliseconds, for socket based transports.
java.security.cert.X509Certificate[]	getTrustRoots() Returns the roots of trust that were set in this object, or null if no roots of trust were set.
boolean	isAvailable() Determines whether or not the PKI Registration Authority is available.
ResourceMonitor	periodicPoll(int seconds, ResourceEventHandler handler, int trigger) A convienance method that sets up the ManagerTransport object for polling to ensure PKI service availability.
static byte[]	readManagerTransportMessage(java.io.InputStream inputSream) This method was used to retrieve a proto PKIX (PKIX4) message from the given input stream and return it as a byte array.
void	readNegPollRep() Reads a 'negPollRep' TCP-based PKI message from the underlying transport.
byte[]	readPKIX4Response(boolean getResponse) Deprecated. proto-PKIX protocol is no longer supported in the Toolkit. Always use PKIX-CMP.
byte[]	readPKIXCMPResponse(boolean getResponse) This method reads a PKIXCMP message with a TCP stream header.
void	setClientCredentials(java.security.cert.X509Certificate[] chain, java.security.PrivateKey signingKey) Set client credentials for authenticating to a server.
void	setClientCredentials(java.security.cert.X509Certificate verificationCertificate, java.security.cert.X509Certificate caCertificate, java.security.PrivateKey signingKey) Deprecated. use setClientCredentials(X509Certificate[], PrivateKey) instead
void	setPasswordBasedMacAlgorithm(AlgorithmID macAlgorithm) Set the algorithm to use for password based MACs to the associated CA TODO Remove when SM 8.3 is no longer supported (PKI-37444)
void	setPasswordBasedMacCurrentAlgorithmWorks() Specify that the current Password Based MAC algorithm has been verified to work with the CA TODO Remove when SM 8.3 is no longer supported (PKI-37444)
void	setSoConnectTimeout(int timeout) Sets the Connection Timeout property of the underlying socket, with the specified timeout in milliseconds, for socket based transports.
void	setSoLinger(boolean on, int linger) Enables/Disables the SO_LINGER property of the underlying socket, with the specified linger time in seconds, for socket based transports.
void	setSoTimeout(int timeout) Sets the SO_TIMEOUT property of the underlying socket, with the specified timeout in milliseconds, for socket based transports.
void	setStreams(java.io.InputStream input, java.io.OutputStream output, java.lang.String managerIP) Sets the streams for communication to and from the PKI RA.
void	setTrustRoots(java.security.cert.X509Certificate[] roots, LdapDirectory directory, ClientSettings cs) Sets the TrustRoots used for SSL Authentication.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

in

protected java.io.InputStream in

out

protected java.io.OutputStream out

recipientAddress

protected java.lang.String recipientAddress

DEFAULT_SO_TIMEOUT

public static final int DEFAULT_SO_TIMEOUT

The default value of SO_TIMEOUT for socket based transports.

Since:

7.0

See Also:

Constant Field Values

DEFAULT_SO_LINGER

public static final int DEFAULT_SO_LINGER

The default value of SO_LINGER for socket based transports.

Since:

7.0

See Also:

Constant Field Values

DEFAULT_CONNECT_TIMEOUT

public static final int DEFAULT_CONNECT_TIMEOUT

The default value of Socket connection timeout.

Since:

7.2 SP1

See Also:

Constant Field Values

Constructor Detail

ManagerTransport

public ManagerTransport()

The default constructor.

Call setStreams() before providing the object to the User class.

ManagerTransport

public ManagerTransport(java.lang.String address,
                        java.lang.String port)

Creates a ManagerTransport object with the PKI Manager's host address and port number.

Parameters:

address - the PKI RA's host address.

port - the PKI RA's port number (typically, 829).

ManagerTransport

public ManagerTransport(java.lang.String address,
                        java.lang.String port,
                        java.lang.String managerIP)

Creates a ManagerTransport object with the PKI RA's host address, IP address, and port number as String objects.

This constructor is used if the address or port used for the connection is not the same as that of the PKI RA. This would be the case if there were a proxy to the RA.

Parameters:

address - the host address for connection

port - the port number on the host

managerIP - the RA's IP address

ManagerTransport

public ManagerTransport(java.lang.String address,
                        int port)

Creates a ManagerTransport object with the PKI RA's IP address, as a String, and the port number (as an integer).

Parameters:

address - the PKI RA host address

port - the PKI RA port number (typically, 829).

ManagerTransport

public ManagerTransport(java.lang.String address,
                        int port,
                        java.lang.String managerIP)

Takes a host address, a port number (as an integer), and the PKI RA's IP address as arguments to create a ManagerTransport object.

Use this constructor when the address or port you want to connect to is not the same as the PKI RA. This would be the case if there were a proxy to the RA.

Parameters:

address - the host address

port - the port on the host

managerIP - the PKI RA's IP address

ManagerTransport

public ManagerTransport(java.io.InputStream input,
                        java.io.OutputStream output,
                        java.lang.String managerIP)

Takes two arbitrary input streams and the PKI RA's IP address as arguments to create a ManagerTransport object.

Regardless of whether or not the streams use TCP/IP, the PKIX protocol requires that the address specified here match the address the PKI RA puts into the message.

Parameters:

input - the input stream to read information from the RA

output - the output stream to write information to the RA

managerIP - the PKI RA's IP address

Method Detail

getInstance

public static ManagerTransport getInstance(java.lang.String endPoint,
                                           int port,
                                           java.lang.Object parms)
                                    throws java.lang.ClassNotFoundException,
                                           java.lang.SecurityException,
                                           java.lang.NoSuchMethodException,
                                           java.lang.IllegalArgumentException,
                                           java.lang.InstantiationException,
                                           java.lang.IllegalAccessException,
                                           java.lang.reflect.InvocationTargetException

Returns a ManagerTransport object based on the type of ManagerTransport used. The Java toolkit contains three types of ManagerTransportObjects which can be created by this method based on the type of data passed in:

• ManagerTransport - The regular ManagerTransport object, which will use the constructor which takes an IPAdress and Port.
• HttpManagerClient - The HttpManagerClient which takes a String URL, and a port number. If no port number is supplied in the URL then it will use a default of port 80
• HttpsManagerClient - The HttpsManagerClient takes a String URL, and a port number. If no port number is supplied in the URL it will use a default of port 443. If a third parameter is supplied it is expected it would be the SSLClientContext to configure the SSL parameters

Returns:

A ManagerTransport object or null if one could not be created

Throws:

java.lang.ClassNotFoundException

java.lang.NoSuchMethodException

java.lang.SecurityException

java.lang.reflect.InvocationTargetException

java.lang.IllegalAccessException

java.lang.InstantiationException

java.lang.IllegalArgumentException

Since:

7.2 SP2 Patch

getInstance

public static ManagerTransport getInstance(java.lang.String endPoint,
                                           int port,
                                           java.lang.Object parms,
                                           boolean useSMProxy)
                                    throws java.lang.ClassNotFoundException,
                                           java.lang.SecurityException,
                                           java.lang.NoSuchMethodException,
                                           java.lang.IllegalArgumentException,
                                           java.lang.InstantiationException,
                                           java.lang.IllegalAccessException,
                                           java.lang.reflect.InvocationTargetException

Returns a ManagerTransport object based on the type of ManagerTransport used. The Java toolkit contains four types of ManagerTransportObjects which can be created by this method based on the type of data passed in:

• ManagerTransport - The regular ManagerTransport object, which will use the constructor which takes an IPAdress and Port.
• HttpManagerClient - The HttpManagerClient which takes a String URL, and a port number. If no port number is supplied in the URL then it will use a default of port 80
• HttpsManagerClient - The HttpsManagerClient takes a String URL, and a port number. If no port number is supplied in the URL it will use a default of port 443. If a third parameter is supplied it is expected it would be the SSLClientContext to configure the SSL parameters
• SMProxyManagerTransport - The SMProxyManagerTransport takes a String URL and a port number. If no port number is supplied in the URL it will default to port 80 for http and 443 for https. If a third parameter is supplied it is expected to be the SMProxyConfig to configure the SSL parameters. This type is returned when the useSMProxy value is true.

Returns:

A ManagerTransport object or null if one could not be created

Throws:

java.lang.ClassNotFoundException

java.lang.NoSuchMethodException

java.lang.SecurityException

java.lang.reflect.InvocationTargetException

java.lang.IllegalAccessException

java.lang.InstantiationException

java.lang.IllegalArgumentException

Since:

8.1

checkStatus

public ResourceEvent checkStatus(Resource resource)

This method checks if the CA services provided by the ManagerTransport object are available. To do this, this method sends an Event Server Status Request (ESSR) to request the event certificate. If the request is received and is a general PKIX message, then this is confirmation that the PKI service is available

Specified by:

checkStatus in interface PollableResource

Returns:

the status of the ManagerTransport as a ResourceEvent

See Also:

ResourceEvent, Resource

periodicPoll

public ResourceMonitor periodicPoll(int seconds,
                                    ResourceEventHandler handler,
                                    int trigger)

A convienance method that sets up the ManagerTransport object for polling to ensure PKI service availability. This method will return a ResourceMonitor object which can be used to monitor the ManagerTransport. If a ResourceEventHandler is specified, it will be used to handle events for this ManagerTransport. The ResourceEvent trigger threshold value must also be specified as one of the following:

• OKAY (0) - Resource is operating normally
• WARNING (100) - There may be a problem with the resource
• BUSY (200) - The resource is busy, and cannot respond
• FAILURE (300) - Some type of failure occured

If ResourceEventHandler is null then the default ResourceOutputHandler which simply outputs events using the System.out will be used. The ResourceEventHandler will be added using the ResourceEventProcessor.setEventHandler(ResourceEventHandler) method.

If the ResourceEvent trigger value is less than 0, then the default value of OKAY (0) will be used.

Parameters:

seconds - the length of time between each poll

handler - a ResourceEventHandler used when this Resource is notified of an event

trigger - Sets the level at which event notification is triggered by the HeartbeatEvent

Returns:

A ResourceMonitor which can be used to monitor this ManagerTransport object

See Also:

Resource, ResourceEvent, HttpManagerClient, HttpsManagerClient

setStreams

public void setStreams(java.io.InputStream input,
                       java.io.OutputStream output,
                       java.lang.String managerIP)

Sets the streams for communication to and from the PKI RA.

Parameters:

input - the input stream to read information from the RA

output - the output stream to write information to the RA

managerIP - the PKI RA's IP address

getAddress

public java.lang.String getAddress()

Returns the PKI RA's address specified by managerIP in other methods if it has not been explicitly defined.

Returns:

The recipient address (For example, www.acme.com, pkix@acme.com)

getPort

public int getPort()

Returns the PKI RA's port

Returns:

The port used to connect to the PKI

getOutputStream

public java.io.OutputStream getOutputStream()

Returns the output stream to write information to the PKI RA.

Returns:

The RA output stream.

getInputStream

public java.io.InputStream getInputStream()

Returns the input stream to read information from the PKI RA.

Returns:

The RA input stream.

beginNewSession

public void beginNewSession()

Called whenever a new session or request to the PKI RA is about to be made.

beginNewSession() closes the existing socket connection, if there is one, and connects to the PKI RA again to prepare for the communication request.

If a sub-class of ManagerTransport is created, override this method and the dataReady() method. Reset the connection to the RA.

DNSLookup

protected void DNSLookup()

endSession

public void endSession()

Must be called whenever a session to the PKI RA is complete.

endSession() closes the existing socket connection.

If a sub-class of ManagerTransport is created, override this method and the dataReady() method. Reset the connection to the RA.

dataReady

public void dataReady(byte[] data)
               throws java.io.IOException

Passes messages as a byte array.

dataReady(byte[] data) is called when a data message is ready for the PKI RA. Sub-classes of ManagerTransport can overide this method and send the data using any method they choose, e-mail or HTTP, for example. The sub-classes must first have implemented a simliar proxy mechanism on the PKI RA's side of the connection.

A User object composes a message for the PKI RA and calls this method, passing the message in a byte array. Usually, a sub-class of ManagerTransport implements the dataReady() method and sends the message to the PKI RA. User then calls the readPKIXCMPResponse() method and expects to receive a byte array containing the RA's response.

For example, this code fragment illustrates User using ManagerTransport:

      transport.dataReady(messageForManager);
      byte[] messageFromManager = transport.read();
  

Parameters:

data - the data that is ready to be sent to the RA

Throws:

java.io.IOException - thrown if the output stream has been closed before this method is called

See Also:

beginNewSession()

readManagerTransportMessage

public static final byte[] readManagerTransportMessage(java.io.InputStream inputSream)
                                                throws java.io.IOException,
                                                       java.security.GeneralSecurityException

This method was used to retrieve a proto PKIX (PKIX4) message from the given input stream and return it as a byte array. However, the Proto-PKIX protocol is no longer supported by the Toolkit, and this method always throws a GeneralSecurityException.

Parameters:

inputSream - ignored.

Returns:

this method always throws an exception and never returns anything.

Throws:

java.io.IOException - never, maintained for compatibility purposes.

java.security.GeneralSecurityException - always

readPKIX4Response

public byte[] readPKIX4Response(boolean getResponse)
                         throws java.security.GeneralSecurityException

Deprecated. proto-PKIX protocol is no longer supported in the Toolkit. Always use PKIX-CMP.

This method always throws an exception as the proto-PKIX protocol is no longer supported in the Toolkit.

Returns:

This method always throws a GeneralSecurityException

Throws:

java.security.GeneralSecurityException - always

setClientCredentials

public void setClientCredentials(java.security.cert.X509Certificate verificationCertificate,
                                 java.security.cert.X509Certificate caCertificate,
                                 java.security.PrivateKey signingKey)

Deprecated. use setClientCredentials(X509Certificate[], PrivateKey) instead

Set client credentials for authenticating to a server. This implementation does nothing; it is intended to be overridden by subclasses that need to provide additional authentication, such as for SSL client authentication.

setClientCredentials

public void setClientCredentials(java.security.cert.X509Certificate[] chain,
                                 java.security.PrivateKey signingKey)

Set client credentials for authenticating to a server. This implementation does nothing; it is intended to be overridden by subclasses that need to provide additional authentication, such as for SSL client authentication.

setTrustRoots

public void setTrustRoots(java.security.cert.X509Certificate[] roots,
                          LdapDirectory directory,
                          ClientSettings cs)
                   throws java.security.cert.CertificateException,
                          CertificationRootException

Sets the TrustRoots used for SSL Authentication. This implementation does nothing; it is intended to be overridden by subclasses that need to provide additional authentication, such as for SSL client authentication.

Throws:

java.security.cert.CertificateException

CertificationRootException

getClientCredentials

public java.security.cert.X509Certificate[] getClientCredentials()

Returns the client X509Certificate chain set by the object that implements this interface. This method always returns null in this class because it will never be used.

Returns:

the client X509Certificate chain set by the object that implements this interface

getTrustRoots

public java.security.cert.X509Certificate[] getTrustRoots()

Returns the roots of trust that were set in this object, or null if no roots of trust were set. This method always returns null in this class because it will never be used.

Returns:

the roots of trust that were set in this object, or null if no roots of trust were set.

getGeneralMessageInfo

public GeneralMessageInfo getGeneralMessageInfo(SecureStringBuffer refNum,
                                                AuthorizationCode authCode)
                                         throws EntrustPKIXCMPException

This is a convenience method used to retrieve information about a User that has not yet been created. This method simply makes a call to PKIXCMPUtils.getGeneralMessageInfo(SecureStringBuffer, AuthorizationCode)

For example:

 ManagerTransport man = new ManagerTransport("myPkI",829);
 GeneralMessageInfo info = man.getGeneralMessageInfo(refNum, authCode);
 ClientSettings settings = info.getClientSettings();  
 

Parameters:

refNum - The reference number

authCode - The Authorization code

Returns:

The GeneralMessageInfo object that encapsulated PKIX GeneralMessage Information

Throws:

EntrustPKIXCMPException

Since:

8.0

calculateASNLength

public static final int calculateASNLength(byte[] ba)

Calculates the length of an ASN.1 DER-encoded object from the DER encoding, and returns it. Note: this method was moved from the ByteArray class.

Parameters:

ba - The byte array to calculate the ANS1 length of

Returns:

The value of the length bits

isAvailable

public boolean isAvailable()

Determines whether or not the PKI Registration Authority is available.

Contacts the PKIX-CMP service of the PKI Registration Authority checking the availability of this service, including its ability to process PKIX-CMP traffic.

Returns:

true if the PKI Registration Authority is available; false otherwise

Since:

8.0

getSoLinger

public int getSoLinger()

Returns the setting for the SO_LINGER property of the underlying socket, in seconds, for socket based transports.

This property specifies the number of seconds to linger after the socket is closed. A value greater than zero indicates that when a call to ManagerTransport.endSession() is made, the underlying socket should wait up to the specified number of seconds for any data on the socket to be written before it is actually closed. A value of zero indicates that the socket should be closed immediately (but gracefully, without data loss). A value of -1 indicates that this property is disabled.

By default the SO_LINGER property is enabled with a value of DEFAULT_SO_LINGER.

Returns:

the value of SO_LINGER in seconds

Since:

7.0

getSoTimeout

public int getSoTimeout()

Returns the setting for the SO_TIMEOUT property of the underlying socket, in milliseconds, for socket based transports.

This property specifies the number of milliseconds until a blocking operation fails and the control returns an error. A value of zero indicates that the blocking operation should wait indefinitely. A blocking operation can occur when a read operation is done on the InputStream associated with the underlying socket.

By default the SO_TIMEOUT property is enabled with a value of DEFAULT_SO_TIMEOUT.

Returns:

the value of SO_TIMEOUT in milliseconds

Since:

7.0

getSoConnectTimeout

public int getSoConnectTimeout()

Returns the setting for the connection timeout property of the underlying socket, in milliseconds, for socket based transports.

This property specifies the number of milliseconds until a blocking operation fails and the control returns an error. A value of zero indicates that the blocking operation should wait indefinitely. A blocking operation can occur when a connection attempt is made on the InputStream associated with the underlying socket.

By default the connection timeout property is enabled with a value of DEFAULT_CONNECT_TIMEOUT.

Returns:

the value of connection timeout in milliseconds

Since:

7.2 SP1

setSoLinger

public void setSoLinger(boolean on,
                        int linger)
                 throws java.lang.IllegalArgumentException

Enables/Disables the SO_LINGER property of the underlying socket, with the specified linger time in seconds, for socket based transports.

This property specifies the number of seconds to linger after the socket is closed. A a value greater than zero indicates that when a call to ManagerTransport.endSession() is made, the underlying socket should wait up to the specified number of seconds for any data on the socket to be written before it is actually closed. A value of zero indicates that the socket should be closed immediately (but gracefully, without data loss).

By default the SO_LINGER property is enabled with a value of DEFAULT_SO_LINGER.

Parameters:

on - whether or not the SO_LINGER property is enabled

linger - how long to linger for in seconds, if on is true

Throws:

java.lang.IllegalArgumentException - if the linger value is negative

Since:

7.0

setSoTimeout

public void setSoTimeout(int timeout)
                  throws java.lang.IllegalArgumentException

Sets the SO_TIMEOUT property of the underlying socket, with the specified timeout in milliseconds, for socket based transports.

This property specifies the number of milliseconds until a blocking operation fails and the control returns an error. A value of zero indicates that the blocking operation should wait indefinitely. A blocking operation can occur when a read operation is done on the InputStream associated with the underlying socket.

By default the SO_TIMEOUT property is enabled with a value of DEFAULT_SO_LINGER.

Parameters:

timeout - the specified timeout in milliseconds

Throws:

java.lang.IllegalArgumentException - if the timout is negative

Since:

7.0

setSoConnectTimeout

public void setSoConnectTimeout(int timeout)
                         throws java.lang.IllegalArgumentException

Sets the Connection Timeout property of the underlying socket, with the specified timeout in milliseconds, for socket based transports.

This property specifies the number of milliseconds until a blocking operation fails and the control returns an error. A value of zero indicates that the blocking operation should wait indefinitely. A blocking operation can occur when a connection is done on the InputStream associated with the underlying socket.

By default the connection timeout property is enabled with a value of DEFAULT_CONNECT_TIMEOUT.

Parameters:

timeout - the specified timeout in milliseconds

Throws:

java.lang.IllegalArgumentException - if the timout is negative

Since:

7.2 SP1

readPKIXCMPResponse

public byte[] readPKIXCMPResponse(boolean getResponse)
                           throws java.io.IOException,
                                  java.security.GeneralSecurityException

This method reads a PKIXCMP message with a TCP stream header.

Returns:

the raw PKIX CMP message

Throws:

java.io.IOException

java.security.GeneralSecurityException

readNegPollRep

public void readNegPollRep()
                    throws java.io.IOException

Reads a 'negPollRep' TCP-based PKI message from the underlying transport.

A 'negPollRep' is returned by the responder after a 'pkiMsg' containing PKIX-CMP confirmation message has been transported from initiator to responder. Receiving a 'negPollRep' indicates that the transaction has been successfully completed.

Throws:

java.io.IOException - if an error occurs while reading the 'negPollRep' (i.e. unexpected end of data, incorrect message flag, invalid message length...)

getPasswordBasedMacAlgorithm

public AlgorithmID getPasswordBasedMacAlgorithm()

Get the Password Based MAC algorithm to use with the CA. This will vary depending on what the CA supports. TODO Remove when SM 8.3 is no longer supported (PKI-37444)

Returns:

password based MAC algorithm to use for this CA.

setPasswordBasedMacAlgorithm

public void setPasswordBasedMacAlgorithm(AlgorithmID macAlgorithm)
                                  throws java.security.NoSuchAlgorithmException

Set the algorithm to use for password based MACs to the associated CA TODO Remove when SM 8.3 is no longer supported (PKI-37444)

Parameters:

macAlgorithm - MAC algorithm to use with our associated CA

Throws:

java.security.NoSuchAlgorithmException - macAlgorithm isn't a valid MAC algorithm

setPasswordBasedMacCurrentAlgorithmWorks

public void setPasswordBasedMacCurrentAlgorithmWorks()

Specify that the current Password Based MAC algorithm has been verified to work with the CA TODO Remove when SM 8.3 is no longer supported (PKI-37444)

getPasswordBasedMacAlgorithmWorks

public boolean getPasswordBasedMacAlgorithmWorks()

Get the flag specifying whether the Password Based MAC algorithm has been verified with the CA TODO Remove when SM 8.3 is no longer supported (PKI-37444)

Returns:

flag indicating whether the current PB MAC algorithm has been verified with the CA