com.entrust.toolkit.credentials

Class CertIdentityCertFilter

java.lang.Object

com.entrust.toolkit.credentials.CertIdentityCertFilter

All Implemented Interfaces:

CapiCertFilter

public class CertIdentityCertFilter
extends java.lang.Object
implements CapiCertFilter

A CertIdentityCertFilter is a CapiCertFilter that is used to find a specific identity in CAPI based on certificate criteria. The following Criteria types are supported:

• X509Certificate - uses the Subject DN of the specified certificate as the filter to find other certificates that contain that same subject DN. For example, an end user verification or encryption certificate could be specified, and only certificates containing the same DN would be acceptable.
• CapiContainerName - If the CapiContainerName is known, this can be used to find all certificates in that particular identity. The certificates are filtered by this CapiContainerName. A CapiContainerName is unique for each identity.
• CertContext - When a CertContext is specified, the CapiContainerName is extracted and used to final all certificates that match that particular identity.
• Principal - Represents the Subject Name of a Certificate as the criteria for filtering acceptable certificates. This filter will accept all certificates that contain the same Subject name.
• AlgorithmID, DigestValue - The AlgorithmID and DigestValue (hash) of an X509Certificate may be specified. In this case, the CertContext is looked up in CAPI, and the CapiContainerName is used to find all certificates of that identity.

Most Digital identities types contain two or more certificates. This filter allows an identity to be found by knowing details contained in a single certificates.

Since:

8.0

Constructor Summary

Constructors

Constructor and Description
CertIdentityCertFilter(AlgorithmID digestAlgID, byte[] digestValue) This constructor searches for an identity based on a certificate hash value of the given type.
CertIdentityCertFilter(CapiContainerName capiContainerName) This can be used to find all certificates in that particular identity.
CertIdentityCertFilter(CertContext context) Constructor used to filter out certificates that are not part of the same identity.
CertIdentityCertFilter(java.security.Principal subjectDN) This constructor takes a Principal which represents the Subject Name of a Certificate as the criteria for filtering acceptable certificates.
CertIdentityCertFilter(X509Certificate cert) This constructor takes an X509Certificate and uses the SubjectName as the criteria for filtering acceptable certificates.

Method Summary

Methods

Modifier and Type	Method and Description
boolean	acceptCertificate(CertContext certificate, CertStore certStore) This method checks whether the certificate should be accepted depending on whether it has the same subject name or CapiContainerName

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CertIdentityCertFilter

public CertIdentityCertFilter(X509Certificate cert)
                       throws CapiException

This constructor takes an X509Certificate and uses the SubjectName as the criteria for filtering acceptable certificates. This will allow all certificates for a particular identity to be acceptable.

Parameters:

cert - The X509Certificate whose subject DN is used to find acceptable certificates

Throws:

CapiException

CertIdentityCertFilter

public CertIdentityCertFilter(java.security.Principal subjectDN)
                       throws CapiException

This constructor takes a Principal which represents the Subject Name of a Certificate as the criteria for filtering acceptable certificates. This will allow all certificates for a particular identity to be acceptable.

Parameters:

subjectDN - The SubjectDN which will be used to find acceptable certificates

Throws:

CapiException

CertIdentityCertFilter

public CertIdentityCertFilter(CertContext context)
                       throws CapiException

Constructor used to filter out certificates that are not part of the same identity. When this constructor is used, only certificates that contain the same CapiContainerName will be acceptable.

Parameters:

context - The CertContext that represents one of the certificates contained in the identity.

Throws:

CapiException

CertIdentityCertFilter

public CertIdentityCertFilter(CapiContainerName capiContainerName)
                       throws CapiException

This can be used to find all certificates in that particular identity. The certificates are filtered by this CapiContainerName.

Parameters:

capiContainerName - The capiContainerName

Throws:

CapiException

CertIdentityCertFilter

public CertIdentityCertFilter(AlgorithmID digestAlgID,
                      byte[] digestValue)
                       throws CapiException

This constructor searches for an identity based on a certificate hash value of the given type.

Parameters:

digestAlgID - The AlgorithmID, for example AlgorithmID.MessageDigestAlgs.id_sha1

digestValue - The digestValue in bytes

Throws:

CapiException

Method Detail

acceptCertificate

public boolean acceptCertificate(CertContext certificate,
                        CertStore certStore)

This method checks whether the certificate should be accepted depending on whether it has the same subject name or CapiContainerName

Specified by:

acceptCertificate in interface CapiCertFilter

Parameters:

certificate - The CertContext that will be checked for acceptability.

certStore - The CertStore that was used to retrieve the certificate

Returns:

True if the certificate if acceptable, false if it is not acceptable