CardMSKeyMgmtInfo ("Entrust Authority Security Toolkit for the Java Platform")

java.lang.Object
- com.entrust.toolkit.asn1.cardms.CardMSKeyMgmtInfo

All Implemented Interfaces:

ASN1Type
```
public class CardMSKeyMgmtInfo
extends java.lang.Object
implements ASN1Type
```
This class implements the ASN.1 structure for CardMSKeyMgmtInfo as defined by Entrust for use in the Card Management System (CardMS) API.
```
 CardMSKeyMgmtInfo ::= {
     certTypeId            EntrustCertInfoId,
     certDefnId            EntrustCertInfoId,
     mgmtReqReason         [0] EntrustEventReason  OPTIONAL,
     derEncodedLatestCert  [1] OCTET_STRING        OPTIONAL,
     streamIndex           [2] INTEGER             OPTIONAL
 }
 
```
This structure contains information related to the key management of a certificate stream from an Entrust user's digital identity. A certificate stream consists of all the keys/certificates that have been issued to a user under a specific certificate type/definition and the policy it contains. For example a typical 2-key-pair user with the 'ent_twokeypair' certificate type will have one 'Encryption' certificate stream and one 'Verification' certificate stream.

This structure will be produced as part of a CardMSDigitalIDMgmtInfo structure by an Entrust client application that supports key management via a CardMS. Currently this is only Entrust Entelligence Security Provider (ESP) version 8.0 or later. It is the responsibility of the CardMS to consume this structure and drive the key management operation through the CMPForCardMS API.

The following are examples of what this structure will look like for a certificate stream in various key management scenarios:
Scenario 1 (Management Not Required)
- Management is not required
- Encryption certificate stream
- Certificate stream currently contains 1 entry
```
   certTypeId: ent_twokeypair (19)
   certDefnId: Encryption (32)
   mgmtReqReason: null
   derEncodedLatestCert: non-null
   streamIndex: 0
 
```
Scenario 2 (Key Update Required - Certificate Near Expiration)
- Key Update is required
- Verification certificate stream
- Certificate stream currently contains 1 entry
```
   certTypeId: ent_twokeypair (19)
   certDefnId: Verification (33)
   mgmtReqReason: nearExpired (1)
   derEncodedLatestCert: non-null
   streamIndex: 0
 
```
Scenario 3 (Key Update Required - Certificate Expired)
- Key Update is required
- Encryption certificate stream
- Certificate stream currently contains 3 entries
```
   certTypeId: ent_twokeypair (19)
   certDefnId: Encryption (32)
   mgmtReqReason: expired (2)
   derEncodedLatestCert: non-null
   streamIndex: 2
 
```
Scenario 4 (Key Update Required - Certificate Revoked)
- Key Update is required
- Encryption certificate stream
- Certificate stream currently contains 10 entries
```
   certTypeId: ent_twokeypair (19)
   certDefnId: Encryption (32)
   mgmtReqReason: revoked (3)
   derEncodedLatestCert: non-null
   streamIndex: 9
 
```
Scenario 5 (Key Update Required - DN Change)
- Key Update is required
- Verification certificate stream
- Certificate stream currently contains 2 entries
```
   certTypeId: ent_twokeypair (33)
   certDefnId: Verification (2)
   mgmtReqReason: dnChange (4)
   derEncodedLatestCert: non-null
   streamIndex: 1
 
```
Scenario 6 (Key Update Required - CA Forced Update)
- Key Update is required
- Encryption certificate stream
- Certificate stream currently contains 1 entry
```
   certTypeId: ent_twokeypair (19)
   certDefnId: Encryption (32)
   mgmtReqReason: forcedUpdate (5)
   derEncodedLatestCert: non-null
   streamIndex: 0
 
```
Scenario 7 (Key Update Required - Certificate Definition Forced Update)
- Key Update is required
- Encryption certificate stream
- Certificate stream currently contains 1 entry
```
   certTypeId: ent_twokeypair (19)
   certDefnId: Encryption (32)
   mgmtReqReason: defnUpdate (7)
   derEncodedLatestCert: non-null
   streamIndex: 0
 
```
Scenario 8 (Key Certification Required - Certificate Type Change)
- Key Certification is required
- Nonrepudiation certificate stream
- Certificate stream does not yet exist
```
   certTypeId: ent_nonrepud (20)
   certDefnId: Nonrepudiation (36)
   mgmtReqReason: typeChange (6)
   derEncodedLatestCert: null
   streamIndex: null
 
```
Scenario 9 (Key Certification Required - Certificate Definition Added)
- Key Certification is required
- MyNewDefn certificate stream
- Certificate stream does not yet exist
```
   certTypeId: ent_twokeypair (19)
   certDefnId MyNewDefn (99)
   mgmtReqReason: newCertDefn (9)
   derEncodedLatestCert: null
   streamIndex: null
 
```
Since:

7.2

Constructor Summary

Constructors
Constructor and Description
`CardMSKeyMgmtInfo(ASN1Object obj)` A constructor; creates a `CardMSKeyMgmtInfo` object from an `ASN1Object`.
`CardMSKeyMgmtInfo(EntrustCertInfoId certTypeId, EntrustCertInfoId certDefnId)` A constructor; creates a `CardMSKeyMgmtInfo` object that contains the specified components.

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`decode(ASN1Object obj)` Decodes a CardMSKeyMgmtInfo structure from an `ASN1Object`.
`EntrustCertInfoId`	`getCertDefnId()` Gets the certificate definition identifier.
`EntrustCertInfoId`	`getCertTypeId()` Gets the certificate type identifier.
`X509Certificate`	`getLatestCert()` Returns the latest certificate in the certificate stream.
`EntrustEventReason`	`getMgmtReqReason()` Gets the key management request reason.
`java.lang.Integer`	`getStreamIndex()` Returns the stream index of the latest certificate in the certificate stream.
`void`	`setCertDefnId(EntrustCertInfoId certDefnId)` Sets the certificate definition identifier.
`void`	`setCertTypeId(EntrustCertInfoId certTypeId)` Sets the certificate type identifier.
`void`	`setLatestCert(X509Certificate latestCert)` Sets the latest certificate in the certificate stream.
`void`	`setMgmtReqReason(EntrustEventReason mgmtReqReason)` Sets the key management request reason.
`void`	`setStreamIndex(java.lang.Integer streamIndex)` Sets the stream index of the latest certificate in the certificate stream.
`ASN1Object`	`toASN1Object()` Encodes this `CardMSKeyMgmtInfo` object as an `ASN1Object`.
`java.lang.String`	`toString()` Creates a text representation of the ASN.1 structure of this `CardMSKeyMgmtInfo` object.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Constructor Detail
  - CardMSKeyMgmtInfo
```
public CardMSKeyMgmtInfo(EntrustCertInfoId certTypeId,
                 EntrustCertInfoId certDefnId)
```
    A constructor; creates a CardMSKeyMgmtInfo object that contains the specified components.
    
    Parameters:
    certTypeId - the certificate type identifier
    certDefnId - the certificate definition identifier
    
    Throws:
    
    java.lang.IllegalArgumentException - if any of the parameters are null
  - CardMSKeyMgmtInfo
```
public CardMSKeyMgmtInfo(ASN1Object obj)
                  throws CodingException
```
    A constructor; creates a CardMSKeyMgmtInfo object from an ASN1Object.
    
    Parameters:
    obj - the ASN.1 representation of a CardMSKeyMgmtInfo structure
    
    Throws:
    
    CodingException - if an errors occurs while decoding the ANS1Object
    
    java.lang.IllegalArgumentException - if the ASN.1 object is null
- Method Detail
  - getCertTypeId
```
public EntrustCertInfoId getCertTypeId()
```
    Gets the certificate type identifier.
    The certificate type identifier indicates the certificate type under which the certificate stream exists that the key management information corresponds to.
    
    Returns:
    the certificate type identifier
  - setCertTypeId
```
public void setCertTypeId(EntrustCertInfoId certTypeId)
```
    Sets the certificate type identifier.
    
    Throws:
    
    java.lang.IllegalArgumentException - if the certificate type identifier is null
    See Also:
    getCertTypeId()
  - getCertDefnId
```
public EntrustCertInfoId getCertDefnId()
```
    Gets the certificate definition identifier.
    The certificate definition identifier indicates the certificate stream that the key management information corresponds to.
    
    Returns:
    the certificate definition identifier
  - setCertDefnId
```
public void setCertDefnId(EntrustCertInfoId certDefnId)
```
    Sets the certificate definition identifier.
    
    Throws:
    
    java.lang.IllegalArgumentException - if the certificate definition identifier is null
    See Also:
    getCertDefnId()
  - getMgmtReqReason
```
public EntrustEventReason getMgmtReqReason()
```
    Gets the key management request reason.
    The key management request reason, when set, indicates that a key update/certification operation is required on the certificate stream.
    
    Returns:
    the key management request reason if it has been set; null otherwise
  - setMgmtReqReason
```
public void setMgmtReqReason(EntrustEventReason mgmtReqReason)
```
    Sets the key management request reason.
    
    Parameters:
    mgmtReqReason - the key management request reason (OPTIONAL)
    See Also:
    getMgmtReqReason()
  - getLatestCert
```
public X509Certificate getLatestCert()
```
    Returns the latest certificate in the certificate stream.
    The latest certificate will be present for current (non-obsolete) certificate streams for which a key/certificate exists in the user's digital identity. The latest certificate will not be present when a key certification operation is necessary (requesting the first certificate in a certificate stream).
    
    Returns:
    the latest certificate if it has been set; null otherwise
  - setLatestCert
```
public void setLatestCert(X509Certificate latestCert)
```
    Sets the latest certificate in the certificate stream.
    
    Parameters:
    latestCert - the latest certificate (OPTIONAL)
    See Also:
    getLatestCert()
  - getStreamIndex
```
public java.lang.Integer getStreamIndex()
```
    Returns the stream index of the latest certificate in the certificate stream.
    The stream index will be present for current (non-obsolete) certificate streams for which a key/certificate exists in the user's digital identity. The stream index will not be present when a key certification operation is necessary (requesting the first certificate in a certificate stream).
    
    Returns:
    the stream index if it has been set; null otherwise
  - setStreamIndex
```
public void setStreamIndex(java.lang.Integer streamIndex)
```
    Sets the stream index of the latest certificate in the certificate stream.
    
    Parameters:
    streamIndex - the stream index (OPTIONAL)
    See Also:
    getStreamIndex()
  - decode
```
public void decode(ASN1Object obj)
            throws CodingException
```
    Decodes a CardMSKeyMgmtInfo structure from an ASN1Object.
    
    Specified by:
    
    decode in interface ASN1Type
    
    Parameters:
    obj - an ASN.1 representation of a CardMSKeyMgmtInfo structure
    
    Throws:
    
    CodingException - if an errors occurs while decoding the CardMSKeyMgmtInfo
    
    java.lang.IllegalArgumentException - if the ASN.1 object is null
  - toASN1Object
```
public ASN1Object toASN1Object()
```
    Encodes this CardMSKeyMgmtInfo object as an ASN1Object.
    
    Specified by:
    
    toASN1Object in interface ASN1Type
    
    Returns:
    an ASN.1 representation of this object
  - toString
```
public java.lang.String toString()
```
    Creates a text representation of the ASN.1 structure of this CardMSKeyMgmtInfo object.
    
    Overrides:
    
    toString in class java.lang.Object
    
    Returns:
    a text representation of the ASN.1 structure of this object

Class CardMSKeyMgmtInfo

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

CardMSKeyMgmtInfo

CardMSKeyMgmtInfo

Method Detail

getCertTypeId

setCertTypeId

getCertDefnId

setCertDefnId

getMgmtReqReason

setMgmtReqReason

getLatestCert

setLatestCert

getStreamIndex

setStreamIndex

decode

toASN1Object

toString