CapiCredentialRecoverer ("Entrust Authority Security Toolkit for the Java Platform")

java.lang.Object
- com.entrust.toolkit.credentials.CredentialReader
- - com.entrust.toolkit.credentials.CMPCredentialReader
  - - com.entrust.toolkit.credentials.CapiCmpCredentialReader
    - - com.entrust.toolkit.credentials.CapiCredentialRecoverer

```
public final class CapiCredentialRecoverer
extends CapiCmpCredentialReader
```
This credential reader is designed for recovering an Entrust user's Digital Identity in Microsoft CryptoAPI (MSCAPI) using Entrust format.
All communication with the Entrust Security Manager is done using the PKIX-CMP protocol.

Recovering an Entrust Digital Identity involves generating all client generated key pairs in MSCAPI, requesting all server generated key pairs from the Security Manager, and securely storing all in an MSCAPI-based Digital Identity store.

When recovering an Entrust Digital Identity, the user must have a connection to the Security Manager and Directory set, and must have a credential writer set. The following credential writers can all be used with this credential reader:
- CapiCredentialWriter
Below is an example of how a user's Digital Identity can be recovered (all capitalized values must be provided by the user):
```
 User user = new User();
 
 JNDIDirectory directory = new JNDIDirectory(DIRECTORY_IP, DIRECTORY_PORT);
 ManagerTransport transport = new ManagerTransport(MANAGER_IP, MANAGER_PORT);
 user.setConnections(directory, transport);
 
 SecureStringBuffer secureRefNum = new SecureStringBuffer(REF_NUM);
 AuthorizationCode secureAuthCode = new AuthorizationCode(AUTH_CODE);
 SecureStringBuffer securePassword = new SecureStringBuffer(PASSWORD);
 CredentialReader credentialReader = new CapiCredentialRecoverer(secureRefNum, secureAuthCode);
 CredentialWriter credentialWriter = new CapiCredentialWriter();
 user.setCredentialWriter(credentialWriter);
 user.login(credentialReader, securePassword);
 
```
Since:

8.0

Field Summary
- Fields inherited from class com.entrust.toolkit.credentials.CMPCredentialReader
  DSASignature, ECDSASignature, PKIX4Version, PKIX5Version, RSASignature

Constructor Summary

Constructors
Constructor and Description
`CapiCredentialRecoverer(SecureStringBuffer referenceNumber, AuthorizationCode authorizationCode)` A constructor; creates a new `CapiCredentialRecoverer` object.

Method Summary

Methods
Modifier and Type	Method and Description
`java.lang.String`	`getType()` Returns the type (name) of this specific credential reader.
`void`	`setPreserveUserKeyPairVersion(boolean preserveUserKeyPairVersion)` Allows the caller to maintain the client key-pair version during a recover operation.

Methods inherited from class com.entrust.toolkit.credentials.CMPCredentialReader
setClientKeyGenParams, setForceV1KeyPair

Methods inherited from class com.entrust.toolkit.credentials.CredentialReader
checkPwd

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - CapiCredentialRecoverer
```
public CapiCredentialRecoverer(SecureStringBuffer referenceNumber,
                       AuthorizationCode authorizationCode)
```
    A constructor; creates a new CapiCredentialRecoverer object.
    Using the reference number and authentication code, the user's Digital Identity is recovered using the PKIX-CMP protocol. Any keys that are to be client generated are generated in MSCAPI. All other information is retrieved from the Security Manager and written to the MSCAPI-based Digital Identity store.
    
    Parameters:
    referenceNumber - the reference number assigned to the user; an 8 digit integer obtained from the Security Manager by the PKI Administrator
    authorizationCode - the authorization code assigned to the user; an alphanumeric string (of the form ABCD-EFGH-IJKL) obtained from the Security Manager by the PKI Administrator
    
    Throws:
    
    java.lang.IllegalArgumentException - thrown if any of the required parameters are null
- Method Detail
  - getType
```
public java.lang.String getType()
```
    Description copied from class: CredentialReader
    
    Returns the type (name) of this specific credential reader.
    
    Specified by:
    
    getType in class CredentialReader
    
    Returns:
    the type (name) of credential reader
  - setPreserveUserKeyPairVersion
```
public void setPreserveUserKeyPairVersion(boolean preserveUserKeyPairVersion)
```
    Allows the caller to maintain the client key-pair version during a recover operation.
    The user will be recovered using the protocol version that matches the users key-pair type.
    
    Parameters:
    preserveUserKeyPairVersion - when true the user key-pair version will not change. When false the user key-pair version will be handled as described in setForceV1KeyPair. This setting takes precedence over the setForceV1KeyPair setting.
    Since:
    
    8.0 patch
    
    See Also:
    setForceV1KeyPair

Class CapiCredentialRecoverer

Field Summary

Fields inherited from class com.entrust.toolkit.credentials.CMPCredentialReader

Constructor Summary

Method Summary

Methods inherited from class com.entrust.toolkit.credentials.CMPCredentialReader

Methods inherited from class com.entrust.toolkit.credentials.CredentialReader

Methods inherited from class java.lang.Object

Constructor Detail

CapiCredentialRecoverer

Method Detail

getType

setPreserveUserKeyPairVersion