com.entrust.toolkit.credentials

Class CapiCredentialCreator

java.lang.Object

com.entrust.toolkit.credentials.CredentialReader

com.entrust.toolkit.credentials.CMPCredentialReader

com.entrust.toolkit.credentials.CapiCmpCredentialReader

com.entrust.toolkit.credentials.CapiCredentialCreator

public final class CapiCredentialCreator
extends CapiCmpCredentialReader

This credential reader is designed for creating an Entrust user's Digital Identity in Microsoft CryptoAPI (MSCAPI) using Entrust format.

All communication with the Entrust Security Manager is done using the PKIX-CMP protocol.

Creating an Entrust Digital Identity involves generating all client generated key pairs in MSCAPI, requesting all server generated key pairs from the Security Manager, and securely storing all information in an MSCAPI-based Digital Identity store.

When creating an Entrust Digital Identity, the user must have a connection to the Security Manager and Directory set, and must have a credential writer set. The following credential writers can all be used with this credential reader:

• CapiCredentialWriter

Below is an example of how a user's Digital Identity can be created (all capitalized values must be provided by the user):

 User user = new User();
 
 JNDIDirectory directory = new JNDIDirectory(DIRECTORY_IP, DIRECTORY_PORT);
 ManagerTransport transport = new ManagerTransport(MANAGER_IP, MANAGER_PORT);
 user.setConnections(directory, transport);
 
 SecureStringBuffer secureRefNum = new SecureStringBuffer(REF_NUM);
 AuthorizationCode secureAuthCode = new AuthorizationCode(AUTH_CODE);
 SecureStringBuffer securePassword = new SecureStringBuffer(PASSWORD);
 CredentialReader credentialReader = new CapiCredentialCreator(secureRefNum, secureAuthCode);
 CredentialWriter credentialWriter = new CapiCredentialWriter();
 user.setCredentialWriter(credentialWriter);
 user.login(credentialReader, securePassword);
 

Since:

8.0

Field Summary

Fields inherited from class com.entrust.toolkit.credentials.CMPCredentialReader

DSASignature, ECDSASignature, PKIX4Version, PKIX5Version, RSASignature

Constructor Summary

Constructors

Constructor and Description
CapiCredentialCreator(SecureStringBuffer referenceNumber, AuthorizationCode authorizationCode) A constructor; creates a new CapiCredentialCreator object.

Method Summary

Methods

Modifier and Type	Method and Description
java.lang.String	getType() Returns the type (name) of this specific credential reader.

Methods inherited from class com.entrust.toolkit.credentials.CMPCredentialReader

setClientKeyGenParams, setForceV1KeyPair

Methods inherited from class com.entrust.toolkit.credentials.CredentialReader

checkPwd

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CapiCredentialCreator

public CapiCredentialCreator(SecureStringBuffer referenceNumber,
                     AuthorizationCode authorizationCode)

A constructor; creates a new CapiCredentialCreator object.

Using the reference number and authentication code, the user's Digital Identity is created using the PKIX-CMP protocol. Any keys that are to be client generated are generated in MSCAPI. All other information is retrieved from the Security Manager and written to the MSCAPI-based Digital Identity store.

Parameters:

referenceNumber - the reference number assigned to the user; an 8 digit integer obtained from the Security Manager by the PKI Administrator

authorizationCode - the authorization code assigned to the user; an alphanumeric string (of the form ABCD-EFGH-IJKL) obtained from the Security Manager by the PKI Administrator

Throws:

java.lang.IllegalArgumentException - thrown if any of the required parameters are null

Method Detail

getType

public java.lang.String getType()

Description copied from class: CredentialReader

Returns the type (name) of this specific credential reader.

Specified by:

getType in class CredentialReader

Returns:

the type (name) of credential reader