CMPCredentialReader ("Entrust Authority Security Toolkit for the Java Platform")

java.lang.Object
- com.entrust.toolkit.credentials.CredentialReader
- - com.entrust.toolkit.credentials.CMPCredentialReader

Direct Known Subclasses:

CapiCmpCredentialReader, CMPSoftwareCredentialReader, CMPTokenCredentialReader
```
public abstract class CMPCredentialReader
extends CredentialReader
```
This is the abstract super class of credential readers that can be used for creating/recovering Entrust Digital Identities using PKIX-CMP. Its purpose is to provide the common functionality required by its sub-classes.

Since:

7.0

Field Summary

Fields
Modifier and Type	Field and Description
`static int`	`DSASignature` Deprecated. as of JTK 7.0 the algorithm of the signing key pair is always extracted from the user's policy settings.
`static int`	`ECDSASignature` Deprecated. as of JTK 7.0 the algorithm of the signing key pair is always extracted from the user's policy settings.
`static int`	`PKIX4Version` Deprecated. as of JTK 7.0 proto-PKIX is no longer supported; instead PKIX-CMP is always used for communication with the Security Manager
`static int`	`PKIX5Version` Deprecated. as of JTK 7.0 proto-PKIX is no longer supported; instead PKIX-CMP is always used for communication with the Security Manager
`static int`	`RSASignature` Deprecated. as of JTK 7.0 the algorithm of the signing key pair is always extracted from the user's policy settings.

Constructor Summary

Constructors
Constructor and Description

CMPCredentialReader()

Constructors
Constructor and Description
`CMPCredentialReader()`

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`setClientKeyGenParams(java.security.spec.AlgorithmParameterSpec params)` Sets the client key generation parameters.
`void`	`setForceV1KeyPair(boolean v1KeyPair)` Allows the caller to force the PKIX-CMP user creation or recovery operation to be done using the V1-key-pair implementation of the protocol (typically used by V1-key-pair clients).

Methods inherited from class com.entrust.toolkit.credentials.CredentialReader
checkPwd, getType

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - RSASignature
```
public static final int RSASignature
```
    Deprecated. as of JTK 7.0 the algorithm of the signing key pair is always extracted from the user's policy settings.
    
    Specifies a RSA signing key pair.
    
    See Also:
    Constant Field Values
  - DSASignature
```
public static final int DSASignature
```
    Deprecated. as of JTK 7.0 the algorithm of the signing key pair is always extracted from the user's policy settings.
    
    Specifies a DSA signing key pair.
    
    See Also:
    Constant Field Values
  - ECDSASignature
```
public static final int ECDSASignature
```
    Deprecated. as of JTK 7.0 the algorithm of the signing key pair is always extracted from the user's policy settings.
    
    Specifies an ECDSA signing key pair.
    
    See Also:
    Constant Field Values
  - PKIX4Version
```
public static final int PKIX4Version
```
    Deprecated. as of JTK 7.0 proto-PKIX is no longer supported; instead PKIX-CMP is always used for communication with the Security Manager
    
    Specifies the PKIX version for PKI 4.x (proto-PKIX).
    
    See Also:
    Constant Field Values
  - PKIX5Version
```
public static final int PKIX5Version
```
    Deprecated. as of JTK 7.0 proto-PKIX is no longer supported; instead PKIX-CMP is always used for communication with the Security Manager
    
    Specifies the PKIX version for PKI 5.x and up (PKIX_CMP).
    
    See Also:
    Constant Field Values
- Constructor Detail
  - CMPCredentialReader
```
public CMPCredentialReader()
```
- Method Detail
  - setForceV1KeyPair
```
public final void setForceV1KeyPair(boolean v1KeyPair)
```
    Allows the caller to force the PKIX-CMP user creation or recovery operation to be done using the V1-key-pair implementation of the protocol (typically used by V1-key-pair clients).
    The terminology V1-key-pair and V2-key-pair only applies to users created against an Entrust Authority Security Manager (EASM), whose digital identity exists in Entrust format (Entrust Profile (EPF), Entrust format on a smart card or token, or Entrust format in the Microsoft CryptoAPI repository). These terms are defined as follows:
    
    V1-key-pair user
    
    An Entrust user that has client policy settings attached to their role; users have either 1 or 2 key pairs. This type of user is created using either a pre-7.0 client OR a pre-7.0 EASM.
    
    V2-key-pair user
    
    An Entrust user that has certificate definition policy attached to each certificate; users have 1 to 4 key pairs. This type of user is created only when using a 7.0 (or later) client AND a 7.0 (or later) EASM.
    
    By default, with this version of the Toolkit, user creation and recovery is always done as V2-key-pair when communicating with a 7.0 (or later) EASM and as V1-key-pair when communicating with a pre-7.0 EASM. Thus, this version of the Toolkit is considered a V2-key-pair client. However, this API permits the default behaviour to be over-ridden.
    
    For creation, this API will force the user to be created as a V1-key-pair user. However, for recovery, this API can only attempt to force the user to be recovered as a V1-key-pair user. The EASM will not permit a user that exists as V2-key-pair to be recovered as a V1-key-pair user. If this is attempted with a V2-key-pair user, the recovery operation will fail with an exception whose root cause message will look something similar to the following:
    
    "The CA returned the following error message: (-1685) rejection - badMessageCheck - Parsing general request (genm) : A V1 client (received protocol PKIX-CMP profile (V1 client)) can no longer be used to manage user 'cn=MyUser,o=MyRoot,c=ca'. The data has been upgraded to work with V2 clients only."
    
    If the intention is to simply recover the user while maintaining the existing key pair version, setPreserveUserKeyPairVersion should be used.
    
    Parameters:
    v1KeyPair - indicates whether or not the PKIX-CMP creation or recovery operation must be done as V1-key-pair
    See Also:
    setPreserveUserType
  - setClientKeyGenParams
```
public final void setClientKeyGenParams(java.security.spec.AlgorithmParameterSpec params)
```
    Sets the client key generation parameters.
    When set, the indicated client key generation parameters will be used during the generation of any client-generated user keys for which the parameters match the key type (algorithm) For example, users with client-generated elliptic curve (EC) key pairs may wish to specify a custom curve. This can done by calling this method with a set of EC parameters, indicating the custom curve to be used. However, these parameters will apply to all the user's EC key pairs; if the user has two client-generated EC key pairs, both will be generated using the provided EC parameters.
    
    Currently, this is only supported for the following key types (as indicated by Entrust policy at the Security Manager):
    
    ECDSA-192
    
    An instance of ECParameters, EcParameterSpecWithName, or java.security.spec.ECGenParameterSpec
    
    Parameters:
    params - client specified key generation parameters
    
    Throws:
    
    java.lang.IllegalArgumentException - if the key generation parameters are an unsupported type

Class CMPCredentialReader

Field Summary

Constructor Summary

Method Summary

Methods inherited from class com.entrust.toolkit.credentials.CredentialReader

Methods inherited from class java.lang.Object

Field Detail

RSASignature

DSASignature

ECDSASignature

PKIX4Version

PKIX5Version

Constructor Detail

CMPCredentialReader

Method Detail

setForceV1KeyPair

setClientKeyGenParams