CardMSDigitalIDMgmtInfo ("Entrust Authority Security Toolkit for the Java Platform")

java.lang.Object
- com.entrust.toolkit.asn1.cardms.CardMSDigitalIDMgmtInfo

All Implemented Interfaces:: ASN1Type

public class CardMSDigitalIDMgmtInfo
extends java.lang.Object
implements ASN1Type

This class implements the ASN.1 structure for CardMSDigitalIDMgmtInfo as defined by Entrust for use in the Card Management System (CardMS) API.

 CardMSDigitalIDMgmtInfo ::= {
     formatId        UTF8String,
     entrustId       UTF8String,
     userDN          Name,
     certTypeId      EntrustCertInfoId, 
     certStoreSynch  BOOLEAN,
     keyMgmtInfo     SEQUENCE SIZE (1..MAX) OR CardMSKeyMgmtInfo
 }

This structure contains the information necessary for a CardMS to perform a key management operation on an Entrust digital identity. It will be produced during a CardMS enabled key management check operation by an Entrust client application that supports key management via a CardMS. Currently this is only Entrust Entelligence Security Provider (ESP) version 8.0 or later. It is the responsibility of the CardMS to consume this structure and drive the key management operation through the CMPForCardMS API.

The first four components are required by the CardMS API to create the proper MS-CAPI key container names and identity the user. The remaining two components contain information about the key management operation that is required (or indicate that a key management operation is not required). A key management operation is required when the certStoreSynch flag is set to true and/or when the keyMgmtInfo list contains one or more entries with a non-null mgmtReqReason component.

The certStoreSynch flag indicates whether or not a certificate store synchronization operation is required. A certificate store synchronization operation is required when the CA has one or more newer keys/certificates for the user than exist in their digital identity. This most commonly occurs during a CA forced key update operation; setting up a user for a CA forced key update operation causes the CA to issue a new key/certificate for each certificate stream for which the key is server generated. It is also possible for a certificate store synchronization operation to be necessary when two copies of the digital identity exist (can happen with key recovery), and a key update is done using one; at this point the other copy of the digital identity is out of synch. A certificate store synchronization operation is addressed by executing a PKIX-CMP signed key recovery operation.

The keyMgmtReqInfo contains an entry for each of the user's (non-obsolete) certificate streams; this includes certificate streams under the user's current certificate type and potentially certificate streams under the user's new certificate type (during a certificate type change). These entries indicate whether a key management operation is required for the certificate stream and provides the information necessary to execute this operation. A key management operation is addressed by executing a PKIX-CMP key update/certification operation.

When a CardMS encounters a CardMSDigitalIDMgmtInfo structure that has the certStoreSynch flag set it should execute this operation using the CMPForCardMS.certStoreSynch(X509Certificate, CardMSDigitalIDMgmtInfo) API. This SHOULD be done prior to examining the keyMgmtInfo list to determine which certificate streams require a key management operation. Executing the certificate store synchronization operation MAY address some of the key management operations indicated in keyMgmtInfo. When this happens, the CardMSDigitalIDmgmtInfo will be updated (by the certificate store synchronization operation) to indicate which operations are no longer necessary.

Once the certificate store synchronization operation has been completed (or if one was not required) the CardMS can determine which certificate streams require a key management operation. For each certificate stream that requires a key management operation, an entry will exist in keyMgmtInfo that has the mgmtReqReason set. The CardMS SHOULD examine this information, along with the user's certificate type and certificate definition client policy settings, and generate a corresponding set of CardMSCertReqInfo structures. Each of these structures will be used to request a new certificate for the user. The CardMS can then use the CMPForCardMS.keyUpdateAndCertification(CardMSCertReqInfo[], X509Certificate, CardMSDigitalIDMgmtInfo) API to execute the key management operation. Following this operation, a software representation of the digital identity can be obtained via the CMPForCardMS.getMscapiDigitalIdRepresentation() API. It is the responsibility of the CardMS to ensure that the card is updated with data structures contained in the software digital identity representation.

Note:: Key management is only supported for Entrust MS-CAPI formatted digital identities through the CardMS API.

The following are examples of what the certTypeId, certStoreSynch and keyMgmtInfo components of this structure will look like for various key management scenarios:

Scenario 1 (Management Not Required)

Management is not required
2-key-pair user (ent_twokeypair: Encryption, Verification)
Each certificate stream contains 1 entry

   certTypeId = ent_twokeypair (19) 
   certStoreSynch = false
   
   keyMgmtInfo.0.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.0.certDefnId = Encryption (32) 
   keyMgmtInfo.0.mgmtReqReason = null
   keyMgmtInfo.0.latestCert = non-null
   keyMgmtInfo.0.streamIndex = 0
   
   keyMgmtInfo.1.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.1.certDefnId = Verification (33) 
   keyMgmtInfo.1.mgmtReqReason = null
   keyMgmtInfo.1.latestCert = non-null
   keyMgmtInfo.1.streamIndex = 0

Scenario 2 (Key Update Required - Certificate Near Expiration)

Key Update is required for Verification certificate
2-key-pair user (ent_twokeypair: Encryption, Verification)
Each certificate stream contains 1 entry

   certTypeId = ent_twokeypair (19) 
   certStoreSynch = false
   
   keyMgmtInfo.0.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.0.certDefnId = Encryption (32) 
   keyMgmtInfo.0.mgmtReqReason = null
   keyMgmtInfo.0.latestCert = non-null
   keyMgmtInfo.0.streamIndex = 0
   
   keyMgmtInfo.1.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.1.certDefnId = Verification (33) 
   keyMgmtInfo.1.mgmtReqReason = nearExpired (1)
   keyMgmtInfo.1.latestCert = non-null
   keyMgmtInfo.1.streamIndex = 0

Scenario 3 (Key Update Required - Certificate Expired)

Key Update is required for Encryption certificate
2-key-pair user (ent_twokeypair: Encryption, Verification)
Each certificate stream contains 3 entries

   certTypeId = ent_twokeypair (19) 
   certStoreSynch = false
   
   keyMgmtInfo.0.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.0.certDefnId = Encryption (32) 
   keyMgmtInfo.0.mgmtReqReason = expired (2)
   keyMgmtInfo.0.latestCert = non-null
   keyMgmtInfo.0.streamIndex = 2
   
   keyMgmtInfo.1.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.1.certDefnId = Verification (33) 
   keyMgmtInfo.1.mgmtReqReason = null
   keyMgmtInfo.1.latestCert = non-null
   keyMgmtInfo.1.streamIndex = 2

Scenario 4 (Key Update Required - Certificate Revoked)

Key Update is required for Nonrepudiation certificate
3-key-pair user (ent_nonrepud: Encryption, Verification, Nonrepudiation)
Each certificate stream contains 1 entry

   certTypeId = ent_nonrepud (20) 
   certStoreSynch = false
   
   keyMgmtInfo.0.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.0.certDefnId = Encryption (34) 
   keyMgmtInfo.0.mgmtReqReason = null
   keyMgmtInfo.0.latestCert = non-null
   keyMgmtInfo.0.streamIndex = 0
   
   keyMgmtInfo.1.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.1.certDefnId = Verification (35) 
   keyMgmtInfo.1.mgmtReqReason = null
   keyMgmtInfo.1.latestCert = non-null
   keyMgmtInfo.1.streamIndex = 0
   
   keyMgmtInfo.2.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.2.certDefnId = Nonrepudiation (36) 
   keyMgmtInfo.2.mgmtReqReason = revoked (3)
   keyMgmtInfo.2.latestCert = non-null
   keyMgmtInfo.2.streamIndex = 0

Scenario 5 (Key Update Required - DN Change)

Key Update is required for Encryption and Verification certificates
2-key-pair user (ent_twokeypair: Encryption, Verification)
Each certificate stream contains 10 entries

   certTypeId = ent_twokeypair (19) 
   certStoreSynch = false
   
   keyMgmtInfo.0.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.0.certDefnId = Encryption (32) 
   keyMgmtInfo.0.mgmtReqReason = dnChange (4)
   keyMgmtInfo.0.latestCert = non-null
   keyMgmtInfo.0.streamIndex = 9
   
   keyMgmtInfo.1.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.1.certDefnId = Verification (33) 
   keyMgmtInfo.1.mgmtReqReason = dnChange (4)
   keyMgmtInfo.1.latestCert = non-null
   keyMgmtInfo.1.streamIndex = 9

Scenario 6 (Key Update Required - CA Forced Update)

Key Update is required for Encryption and Verification certificates
2-key-pair user (ent_twokeypair: Encryption, Verification)
Each certificate stream contains 1 entry

   certTypeId = ent_twokeypair (19) 
   certStoreSynch = true
   
   keyMgmtInfo.0.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.0.certDefnId = Encryption (32) 
   keyMgmtInfo.0.mgmtReqReason = forcedUpdate (5)
   keyMgmtInfo.0.latestCert = non-null
   keyMgmtInfo.0.streamIndex = 0
   
   keyMgmtInfo.1.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.1.certDefnId = Verification (33) 
   keyMgmtInfo.1.mgmtReqReason = forcedUpdate (5)
   keyMgmtInfo.1.latestCert = non-null
   keyMgmtInfo.1.streamIndex = 0

Scenario 7 (Key Update Required - Certificate Definition Forced Update)

Key Update is required for Verification and Nonrepudiation certificates
3-key-pair user (ent_nonrepud: Encryption, Verification, Nonrepudiation)
Each certificate stream contains 1 entry

   certTypeId = ent_nonrepud (20) 
   certStoreSynch = false
    
   keyMgmtInfo.0.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.0.certDefnId = Encryption (34) 
   keyMgmtInfo.0.mgmtReqReason = null
   keyMgmtInfo.0.latestCert = non-null
   keyMgmtInfo.0.streamIndex = 0
   
   keyMgmtInfo.1.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.1.certDefnId = Verification (35) 
   keyMgmtInfo.1.mgmtReqReason = defnUpdate (7)
   keyMgmtInfo.1.latestCert = non-null
   keyMgmtInfo.1.streamIndex = 0
   
   keyMgmtInfo.2.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.2.certDefnId = Nonrepudiation (36) 
   keyMgmtInfo.2.mgmtReqReason = defnUpdate (7)
   keyMgmtInfo.2.latestCert = non-null
   keyMgmtInfo.2.streamIndex = 0

Scenario 8 (Key Certification Required - Certificate Type Change)

Key Certification is required for Encryption, Verification and Nonrepudiation certificate streams
Changing from 2-key-pair user (ent_twokeypair: Encryption, Verification) 3-key-pair user (ent_nonrepud: Encryption, Verification, Nonrepudiation)
Each certificate stream contains 1 entry

   certTypeId = ent_nonrepud (20) 
   certStoreSynch = false
   
   keyMgmtInfo.0.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.0.certDefnId = Encryption (32) 
   keyMgmtInfo.0.mgmtReqReason = null
   keyMgmtInfo.0.latestCert = non-null
   keyMgmtInfo.0.streamIndex = 0
   
   keyMgmtInfo.1.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.1.certDefnId = Verification (33) 
   keyMgmtInfo.1.mgmtReqReason = null
   keyMgmtInfo.1.latestCert = non-null
   keyMgmtInfo.1.streamIndex = 0
   
   keyMgmtInfo.2.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.2.certDefnId = Encryption (34) 
   keyMgmtInfo.2.mgmtReqReason = typeChange (6)
   keyMgmtInfo.2.latestCert = null
   keyMgmtInfo.2.streamIndex = null
   
   keyMgmtInfo.3.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.3.certDefnId = Verification (35) 
   keyMgmtInfo.3.mgmtReqReason = typeChange (6)
   keyMgmtInfo.3.latestCert = null
   keyMgmtInfo.3.streamIndex = null
   
   keyMgmtInfo.4.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.4.certDefnId = Nonrepudiation (36) 
   keyMgmtInfo.4.mgmtReqReason = typeChange (6)
   keyMgmtInfo.4.latestCert = null
   keyMgmtInfo.4.streamIndex = null

Scenario 9 (Key Certification Required - Certificate Definition Added)

Key Certification is required for Nonrepudiation certificate stream
2-key-pair user [Encryption, Verification] that is adding a certificate definition to become a 3-key-pair user
Each certificate stream contains 1 entry

   certTypeId = ent_twokeypair (19) 
   certStoreSynch = false
   
   keyMgmtInfo.0.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.0.certDefnId = Encryption (32) 
   keyMgmtInfo.0.mgmtReqReason = null
   keyMgmtInfo.0.latestCert = non-null
   keyMgmtInfo.0.streamIndex = 0
   
   keyMgmtInfo.1.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.1.certDefnId = Verification (33) 
   keyMgmtInfo.1.mgmtReqReason = null
   keyMgmtInfo.1.latestCert = non-null
   keyMgmtInfo.1.streamIndex = 0
   
   keyMgmtInfo.2.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.2.certDefnId = certDefnId MyNewDefn (99)
   keyMgmtInfo.2.mgmtReqReason = newCertDefn (9)
   keyMgmtInfo.2.latestCert = null
   keyMgmtInfo.2.streamIndex = null

Scenario 10 (Key Certification Required - Certificate Type Change then CA Forced Update)

Key Certification is required for Encryption, Verification and Nonrepudiation certificate streams
Changing from 2-key-pair user (ent_twokeypair: Encryption, Verification) 3-key-pair user (ent_nonrepud: Encryption, Verification, Nonrepudiation)
Certificate Type Change operation is immediately followed by a CA Forced Update operation (without the user logging into their digital identity between these operations)
Each certificate stream contains 1 entry

   certTypeId = ent_nonrepud (20) 
   certStoreSynch = true
   
   keyMgmtInfo.0.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.0.certDefnId = Encryption (32) 
   keyMgmtInfo.0.mgmtReqReason = null
   keyMgmtInfo.0.latestCert = non-null
   keyMgmtInfo.0.streamIndex = 0
   
   keyMgmtInfo.1.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.1.certDefnId = Verification (33) 
   keyMgmtInfo.1.mgmtReqReason = null
   keyMgmtInfo.1.latestCert = non-null
   keyMgmtInfo.1.streamIndex = 0
   
   keyMgmtInfo.2.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.2.certDefnId = Encryption (34) 
   keyMgmtInfo.2.mgmtReqReason = forcedUpdate (5)
   keyMgmtInfo.2.latestCert = null
   keyMgmtInfo.2.streamIndex = null
   
   keyMgmtInfo.3.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.3.certDefnId = Verification (35) 
   keyMgmtInfo.3.mgmtReqReason = forcedUpdate (5)
   keyMgmtInfo.3.latestCert = null
   keyMgmtInfo.3.streamIndex = null
   
   keyMgmtInfo.4.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.4.certDefnId = Nonrepudiation (36) 
   keyMgmtInfo.4.mgmtReqReason = forcedUpdate (5)
   keyMgmtInfo.4.latestCert = null
   keyMgmtInfo.4.streamIndex = null

Scenario 11 (Key Certification Required - CA Forced Update then Certificate Type Change)

Key Certification is required for Encryption, Verification and Nonrepudiation certificate streams
Changing from 2-key-pair user (ent_twokeypair: Encryption, Verification) 3-key-pair user (ent_nonrepud: Encryption, Verification, Nonrepudiation)
CA Forced Update operation is immediately followed by a Certificate Type Change operation (without the user logging into their digital identity between these operations)
Each certificate stream contains 1 entry

   certTypeId = ent_nonrepud (20) 
   certStoreSynch = true
   
   keyMgmtInfo.0.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.0.certDefnId = Encryption (32) 
   keyMgmtInfo.0.mgmtReqReason = null
   keyMgmtInfo.0.latestCert = non-null
   keyMgmtInfo.0.streamIndex = 0
   
   keyMgmtInfo.1.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.1.certDefnId = Verification (33) 
   keyMgmtInfo.1.mgmtReqReason = null
   keyMgmtInfo.1.latestCert = non-null
   keyMgmtInfo.1.streamIndex = 0
   
   keyMgmtInfo.2.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.2.certDefnId = Encryption (34) 
   keyMgmtInfo.2.mgmtReqReason = forcedUpdate (5)
   keyMgmtInfo.2.latestCert = null
   keyMgmtInfo.2.streamIndex = null
   
   keyMgmtInfo.3.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.3.certDefnId = Verification (35) 
   keyMgmtInfo.3.mgmtReqReason = forcedUpdate (5)
   keyMgmtInfo.3.latestCert = null
   keyMgmtInfo.3.streamIndex = null
   
   keyMgmtInfo.4.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.4.certDefnId = Nonrepudiation (36) 
   keyMgmtInfo.4.mgmtReqReason = forcedUpdate (5)
   keyMgmtInfo.4.latestCert = null
   keyMgmtInfo.4.streamIndex = null

Scenario 12 (Key Certification Required - Certificate Type Change then DN Change)

Key Certification is required for Encryption, Verification and Nonrepudiation certificate streams
Changing from 2-key-pair user (ent_twokeypair: Encryption, Verification) 3-key-pair user (ent_nonrepud: Encryption, Verification, Nonrepudiation)
Certificate Type Change operation is immediately followed by a DN Change operation (without the user logging into their digital identity between these operations)
Each certificate stream contains 1 entry

   certTypeId = ent_nonrepud (20) 
   certStoreSynch = false
   
   keyMgmtInfo.0.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.0.certDefnId = Encryption (32) 
   keyMgmtInfo.0.mgmtReqReason = null
   keyMgmtInfo.0.latestCert = non-null
   keyMgmtInfo.0.streamIndex = 0
   
   keyMgmtInfo.1.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.1.certDefnId = Verification (33) 
   keyMgmtInfo.1.mgmtReqReason = null
   keyMgmtInfo.1.latestCert = non-null
   keyMgmtInfo.1.streamIndex = 0
   
   keyMgmtInfo.2.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.2.certDefnId = Encryption (34) 
   keyMgmtInfo.2.mgmtReqReason = dnChange (4)
   keyMgmtInfo.2.latestCert = null
   keyMgmtInfo.2.streamIndex = null
   
   keyMgmtInfo.3.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.3.certDefnId = Verification (35) 
   keyMgmtInfo.3.mgmtReqReason = dnChange (4)
   keyMgmtInfo.3.latestCert = null
   keyMgmtInfo.3.streamIndex = null
   
   keyMgmtInfo.4.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.4.certDefnId = Nonrepudiation (36) 
   keyMgmtInfo.4.mgmtReqReason = dnChange (4)
   keyMgmtInfo.4.latestCert = null
   keyMgmtInfo.4.streamIndex = null

Scenario 13 (Key Certification Required - DN Change then Certificate Type Change)

Key Certification is required for Encryption, Verification and Nonrepudiation certificate streams
Changing from 2-key-pair user (ent_twokeypair: Encryption, Verification) 3-key-pair user (ent_nonrepud: Encryption, Verification, Nonrepudiation)
DN Change operation is immediately followed by a Certificate Type Change operation (without the user logging into their digital identity between these operations)
Each certificate stream contains 1 entry

   certTypeId = ent_nonrepud (20) 
   certStoreSynch = false
   
   keyMgmtInfo.0.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.0.certDefnId = Encryption (32) 
   keyMgmtInfo.0.mgmtReqReason = null
   keyMgmtInfo.0.latestCert = non-null
   keyMgmtInfo.0.streamIndex = 0
   
   keyMgmtInfo.1.certTypeId = ent_twokeypair (19) 
   keyMgmtInfo.1.certDefnId = Verification (33) 
   keyMgmtInfo.1.mgmtReqReason = null
   keyMgmtInfo.1.latestCert = non-null
   keyMgmtInfo.1.streamIndex = 0
   
   keyMgmtInfo.2.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.2.certDefnId = Encryption (34) 
   keyMgmtInfo.2.mgmtReqReason = dnChange (4)
   keyMgmtInfo.2.latestCert = null
   keyMgmtInfo.2.streamIndex = null
   
   keyMgmtInfo.3.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.3.certDefnId = Verification (35) 
   keyMgmtInfo.3.mgmtReqReason = dnChange (4)
   keyMgmtInfo.3.latestCert = null
   keyMgmtInfo.3.streamIndex = null
   
   keyMgmtInfo.4.certTypeId = ent_nonrepud (20) 
   keyMgmtInfo.4.certDefnId = Nonrepudiation (36) 
   keyMgmtInfo.4.mgmtReqReason = dnChange (4)
   keyMgmtInfo.4.latestCert = null
   keyMgmtInfo.4.streamIndex = null

Since:: 7.2

Constructor Summary

Constructors
Constructor and Description
`CardMSDigitalIDMgmtInfo(ASN1Object obj)` A constructor; creates a `CardMSDigitalIDMgmtInfo` object from an `ASN1Object`.
`CardMSDigitalIDMgmtInfo(java.lang.String formatId, java.lang.String entrustId, Name userDN, EntrustCertInfoId certTypeId, boolean certStoreSynch, java.util.List keyMgmtInfo)` A constructor; creates a `CardMSDigitalIDMgmtInfo` object that contains the specified components.

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`addKeyMgmtInfo(CardMSKeyMgmtInfo keyMgmtInfo)` Adds a key management information entry to the list of key management information.
`void`	`decode(ASN1Object obj)` Decodes a CardMSDigitalIDMgmtInfo structure from an `ASN1Object`.
`EntrustCertInfoId`	`getCertTypeId()` Returns the certificate type identifier.
`java.lang.String`	`getEntrustId()` Returns the Entrust identifier.
`java.lang.String`	`getFormatId()` Returns the digital identity format identifier.
`java.util.Iterator`	`getKeyMgmtInfo()` Returns an iterator over the list of key management information.
`Name`	`getUserDN()` Returns the user DN.
`boolean`	`isCertStoreSynch()` Indicates whether or not a certificate store synchronization operation is required for the digital identity.
`void`	`setCertStoreSynch(boolean certStoreSynch)` Sets the certificate store synchronization indicator.
`void`	`setCertTypeId(EntrustCertInfoId certTypeId)` Sets the certificate type identifier.
`void`	`setEntrustId(java.lang.String entrustId)` Sets the Entrust identifier.
`void`	`setFormatId(java.lang.String formatId)` Sets the digital identity format identifier.
`void`	`setKeyMgmtInfo(java.util.List keyMgmtInfoList)` Sets the list of key management information.
`void`	`setUserDN(Name userDN)` Sets the user DN.
`ASN1Object`	`toASN1Object()` Encodes this `CardMSDigitalIDMgmtInfo` object as an `ASN1Object`.
`java.lang.String`	`toString()` Creates a text representation of the ASN.1 structure of this `CardMSDigitalIDMgmtInfo` object.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Constructor Detail
  - CardMSDigitalIDMgmtInfo
```
public CardMSDigitalIDMgmtInfo(java.lang.String formatId,
                       java.lang.String entrustId,
                       Name userDN,
                       EntrustCertInfoId certTypeId,
                       boolean certStoreSynch,
                       java.util.List keyMgmtInfo)
```
    A constructor; creates a CardMSDigitalIDMgmtInfo object that contains the specified components.
    
    Parameters:
    formatId - the format identifier
    entrustId - the Entrust identifier
    userDN - the user's DN
    certTypeId - the certificate type identifier
    certStoreSynch - the certificate store synchronization indicator
    keyMgmtInfo - list of key management information
    
    Throws:
    
    java.lang.IllegalArgumentException - if any of the specified components are null
  - CardMSDigitalIDMgmtInfo
```
public CardMSDigitalIDMgmtInfo(ASN1Object obj)
                        throws CodingException
```
    A constructor; creates a CardMSDigitalIDMgmtInfo object from an ASN1Object.
    
    Parameters:
    obj - the ASN.1 representation of a CardMSDigitalIDMgmtInfo structure
    
    Throws:
    
    CodingException - if an errors occurs while decoding the ANS1Object
    
    java.lang.IllegalArgumentException - if the ASN.1 object is null
- Method Detail
  - getFormatId
```
public java.lang.String getFormatId()
```
    Returns the digital identity format identifier.
    The digital identity format identifier is used as one component in Entrust's MS-CAPI key container scheme. It allows Entrust applications to determine whether or not the digital identity exists in a format which they understand.
    
    Returns:
    the format identifier
  - setFormatId
```
public void setFormatId(java.lang.String formatId)
```
    Sets the digital identity format identifier.
    
    Parameters:
    formatId - the format identifier
    
    Throws:
    
    java.lang.IllegalArgumentException - if the format identifier is null
    See Also:
    getFormatId()
  - getEntrustId
```
public java.lang.String getEntrustId()
```
    Returns the Entrust identifier.
    The Entrust identifier is used as one component in Entrust's MS-CAPI key container scheme. Each digital identity has a unique Entrust identifier. It allows Entrust applications to recognize a set of key containers as a digital identity.
    
    Returns:
    the Entrust identifier
  - setEntrustId
```
public void setEntrustId(java.lang.String entrustId)
```
    Sets the Entrust identifier.
    
    Parameters:
    entrustId - the Entrust identifier
    
    Throws:
    
    java.lang.IllegalArgumentException - if the Entrust identifier is null
    See Also:
    getEntrustId()
  - getUserDN
```
public Name getUserDN()
```
    Returns the user DN.
    Identifies the user that this digital identity management information structure applies too. When a key management operation is required, this user's DN will be required as an input to the CardMS PKIX-CMP General Message API.
    
    Returns:
    the user's DN
  - setUserDN
```
public void setUserDN(Name userDN)
```
    Sets the user DN.
    
    Parameters:
    userDN - the user's DN
    
    Throws:
    
    java.lang.IllegalArgumentException - if the user DN is null
    See Also:
    getUserDN()
  - getCertTypeId
```
public EntrustCertInfoId getCertTypeId()
```
    Returns the certificate type identifier.
    The certificate type identifier is used as one component in Entrust's MS-CAPI key container scheme. The certificate type identifies the user's certificate streams and all the policy associated with them.
    
    Returns:
    the certificate type identifier
  - setCertTypeId
```
public void setCertTypeId(EntrustCertInfoId certTypeId)
```
    Sets the certificate type identifier.
    
    Parameters:
    certTypeId - the certificate type identifier
    
    Throws:
    
    java.lang.IllegalArgumentException - if the certificate type identifier is null
    See Also:
    getCertTypeId()
  - isCertStoreSynch
```
public boolean isCertStoreSynch()
```
    Indicates whether or not a certificate store synchronization operation is required for the digital identity.
    A certificate store synchronization operation is a PKIX-CMP signed key recovery; it requests all backed-up keys and certificates from the server. It is required as part of certain key management operations (forced key update). When set, this indicates that the CardMS must perform a certificate store synchronization operation using the CardMS API. Whenever required, a certificate store synchronization operation MUST be performed prior to a key update/certification operation.
    
    Returns:
    the certificate store synchronization indicator
  - setCertStoreSynch
```
public void setCertStoreSynch(boolean certStoreSynch)
```
    Sets the certificate store synchronization indicator.
    
    Parameters:
    certStoreSynch - the certificate store synchronization indicator
    See Also:
    isCertStoreSynch()
  - getKeyMgmtInfo
```
public java.util.Iterator getKeyMgmtInfo()
```
    Returns an iterator over the list of key management information.
    This list will contain an entry for each certificate stream assigned to the user. It can contain entries for new certificate streams for which a corresponding key/certificate does not yet exist in the user's digital identity (these entries will not contain a certificate or a stream index) as well as entries for existing certificate streams (these entries will contain a certificate and a stream index). Entries that correspond to certificate streams that require a key management operation will have the management request reason component set. When the CardMS detects that key management is required, it must perform a key update/certification operation using the CardMS API.
    
    Returns:
    key management information
  - setKeyMgmtInfo
```
public void setKeyMgmtInfo(java.util.List keyMgmtInfoList)
```
    Sets the list of key management information.
    
    Parameters:
    keyMgmtInfoList - list of key management information
    
    Throws:
    
    java.lang.IllegalArgumentException - if the list of key management information is null or contains less than one entry
    See Also:
    getKeyMgmtInfo()
  - addKeyMgmtInfo
```
public void addKeyMgmtInfo(CardMSKeyMgmtInfo keyMgmtInfo)
```
    Adds a key management information entry to the list of key management information.
    
    Parameters:
    keyMgmtInfo - key management information entry
    See Also:
    getKeyMgmtInfo()
  - decode
```
public void decode(ASN1Object obj)
            throws CodingException
```
    Decodes a CardMSDigitalIDMgmtInfo structure from an ASN1Object.
    
    Specified by:
    
    decode in interface ASN1Type
    
    Parameters:
    obj - an ASN.1 representation of a CardMSDigitalIDMgmtInfo structure
    
    Throws:
    
    CodingException - if an errors occurs while decoding the CardMSDigitalIDMgmtInfo
    
    java.lang.IllegalArgumentException - if the ASN.1 object is null
  - toASN1Object
```
public ASN1Object toASN1Object()
```
    Encodes this CardMSDigitalIDMgmtInfo object as an ASN1Object.
    
    Specified by:
    
    toASN1Object in interface ASN1Type
    
    Returns:
    an ASN.1 representation of this object
  - toString
```
public java.lang.String toString()
```
    Creates a text representation of the ASN.1 structure of this CardMSDigitalIDMgmtInfo object.
    
    Overrides:
    
    toString in class java.lang.Object
    
    Returns:
    a text representation of the ASN.1 structure of this object

Class CardMSDigitalIDMgmtInfo

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

CardMSDigitalIDMgmtInfo

CardMSDigitalIDMgmtInfo

Method Detail

getFormatId

setFormatId

getEntrustId

setEntrustId

getUserDN

setUserDN

getCertTypeId

setCertTypeId

isCertStoreSynch

setCertStoreSynch

getKeyMgmtInfo

setKeyMgmtInfo

addKeyMgmtInfo

decode

toASN1Object

toString