com.entrust.toolkit.credentials

Class CredentialCreator

java.lang.Object

com.entrust.toolkit.credentials.CredentialReader

com.entrust.toolkit.credentials.CMPCredentialReader

com.entrust.toolkit.credentials.CMPSoftwareCredentialReader

com.entrust.toolkit.credentials.CredentialCreator

public final class CredentialCreator
extends CMPSoftwareCredentialReader

This credential reader is designed for creating an Entrust user's Digital Identity in software (not on a PKCS#11 device) using Entrust profile format version 4.

All communication with the Entrust Security Manager is done using the PKIX-CMP protocol.

Creating an Entrust Digital Identity involves generating all client generated key pairs in software, requesting all server generated key pairs from the Security Manager, and securely storing all information in a software based Digital Identity store.

When creating an Entrust Digital Identity, the user must have a connection to the Security Manager and Directory set, and must have a credential writer set. The following credential writers can all be used with this credential reader:

• FilenameProfileWriter
• StreamProfileWriter
• RoamingCredentialWriter

Below is an example of how a user's Digital Identity can be created (all capitalized values must be provided by the user):

 User user = new User();
 
 JNDIDirectory directory = new JNDIDirectory(DIRECTORY_IP, DIRECTORY_PORT);
 ManagerTransport transport = new ManagerTransport(MANAGER_IP, MANAGER_PORT);
 user.setConnections(directory, transport);
 
 SecureStringBuffer secureRefNum = new SecureStringBuffer(REF_NUM);
 AuthorizationCode secureAuthCode = new AuthorizationCode(AUTH_CODE);
 SecureStringBuffer securePassword = new SecureStringBuffer(PASSWORD);
 CredentialReader credentialReader = new CredentialCreator(secureRefNum, secureAuthCode);
 CredentialWriter credentialWriter = new FilenameProfileWriter(EPF_FILE_NAME);
 user.setCredentialWriter(credentialWriter);
 user.login(credentialReader, securePassword);
 

Field Summary

Fields inherited from class com.entrust.toolkit.credentials.CMPCredentialReader

DSASignature, ECDSASignature, PKIX4Version, PKIX5Version, RSASignature

Constructor Summary

Constructors

Constructor and Description
CredentialCreator(SecureStringBuffer referenceNumber, AuthorizationCode authorizationCode) A constructor; create a new CredentialCreator object.
CredentialCreator(SecureStringBuffer referenceNumber, AuthorizationCode authorizationCode, java.security.spec.AlgorithmParameterSpec clientKeyGenerationParameter) A constructor; creates a new CredentialCreator object and configures it for operation with custom key generation parameters.
CredentialCreator(SecureStringBuffer referenceNumber, AuthorizationCode authorizationCode, int signingKeyAlgorithm, java.security.spec.AlgorithmParameterSpec clientKeyGenerationParameter, int pkixVersion) Deprecated. this constructor contains obsolete parameters; use another constructor that does not
CredentialCreator(SecureStringBuffer referenceNumber, AuthorizationCode authorizationCode, int signingKeyAlgorithm, int signingKeyStrength, int pkixVersion) Deprecated. this constructor contains obsolete parameters; use another constructor that does not

Method Summary

Methods

Modifier and Type	Method and Description
java.lang.String	getType() Returns the type (name) of this specific credential reader.

Methods inherited from class com.entrust.toolkit.credentials.CMPSoftwareCredentialReader

setClientKeyGenerationUtil

Methods inherited from class com.entrust.toolkit.credentials.CMPCredentialReader

setClientKeyGenParams, setForceV1KeyPair

Methods inherited from class com.entrust.toolkit.credentials.CredentialReader

checkPwd

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CredentialCreator

public CredentialCreator(SecureStringBuffer referenceNumber,
                 AuthorizationCode authorizationCode)

A constructor; create a new CredentialCreator object.

Using the reference number and authentication code, the user's Digital Identity is created using the PKIX-CMP protocol. Any keys that are to be client generated are generated in software. All other information is retrieved from the Security Manager and written to the software-based Digital Identity store.

Parameters:

referenceNumber - the reference number assigned to the user; an 8 digit integer obtained from the Security Manager by the PKI Administrator

authorizationCode - the authorization code assigned to the user; an alphanumeric string (of the form ABCD-EFGH-IJKL) obtained from the Security Manager by the PKI Administrator

Throws:

java.lang.IllegalArgumentException - thrown if any of the required parameters are null

Since:

7.0

CredentialCreator

public CredentialCreator(SecureStringBuffer referenceNumber,
                 AuthorizationCode authorizationCode,
                 int signingKeyAlgorithm,
                 int signingKeyStrength,
                 int pkixVersion)

Deprecated. this constructor contains obsolete parameters; use another constructor that does not

A constructor; create a new CredentialCreator object (legacy).

Using the reference number and authentication code, the user's Digital Identity is created using the PKIX-CMP protocol. Any keys that are to be client generated are generated in software. All other information is retrieved from the Security Manager and written to the software-based Digital Identity store.

Parameters:

referenceNumber - the reference number assigned to the user; an 8 digit integer obtained from the Security Manager by the PKI Administrator

authorizationCode - the authorization code assigned to the user; an alphanumeric string (of the form ABCD-EFGH-IJKL) obtained from the Security Manager by the PKI Administrator

signingKeyAlgorithm - this parameter is no longer used; as of JTK 7.0 the algorithm of the signing key pair is always extracted from the user's policy settings

signingKeyStrength - this parameter is no longer used; as of JTK 7.0 the strength of the signing key pair is always extracted from the user's policy settings

pkixVersion - this parameter is no longer used; as of JTK 7.0 proto-PKIX is not supported and instead PKIX-CMP is always used for communication with the Security Manager

Throws:

java.lang.IllegalArgumentException - thrown if any of the required parameters are null

CredentialCreator

public CredentialCreator(SecureStringBuffer referenceNumber,
                 AuthorizationCode authorizationCode,
                 java.security.spec.AlgorithmParameterSpec clientKeyGenerationParameter)

A constructor; creates a new CredentialCreator object and configures it for operation with custom key generation parameters.

Using the reference number and authentication code, the user's Digital Identity is created using the PKIX-CMP protocol. Any keys that are to be client generated are generated in software. All other information is retrieved from the Security Manager and written to the software-based Digital Identity store.

For details on the client specified key generation parameter, refer to CMPCredentialReader.setClientKeyGenParams(AlgorithmParameterSpec) .

Parameters:

referenceNumber - the reference number assigned to the user; an 8 digit integer obtained from the Security Manager by the PKI Administrator

authorizationCode - the authorization code assigned to the user; an alphanumeric string (of the form ABCD-EFGH-IJKL) obtained from the Security Manager by the PKI Administrator

clientKeyGenerationParameter - client specified key generation parameters

Throws:

java.lang.IllegalArgumentException - thrown if any of the required parameters are null

Since:

7.0

CredentialCreator

public CredentialCreator(SecureStringBuffer referenceNumber,
                 AuthorizationCode authorizationCode,
                 int signingKeyAlgorithm,
                 java.security.spec.AlgorithmParameterSpec clientKeyGenerationParameter,
                 int pkixVersion)

Deprecated. this constructor contains obsolete parameters; use another constructor that does not

A constructor; creates a new CredentialCreator object and configures it for operation with custom key generation parameters (legacy).

Using the reference number and authentication code, the user's Digital Identity is created using the PKIX-CMP protocol. Any keys that are to be client generated are generated in software. All other information is retrieved from the Security Manager and written to a software-based Digital Identity store.

For details on the client specified key generation parameter, refer to CMPCredentialReader.setClientKeyGenParams(AlgorithmParameterSpec) .

Parameters:

referenceNumber - the reference number assigned to the user; an 8 digit integer obtained from the Security Manager by the PKI Administrator

authorizationCode - the authorization code assigned to the user; an alphanumeric string (of the form ABCD-EFGH-IJKL) obtained from the Security Manager by the PKI Administrator

signingKeyAlgorithm - this parameter is no longer used; as of JTK 7.0 the algorithm of the signing key pair is always extracted from the user's policy settings

clientKeyGenerationParameter - client specified key generation parameters

pkixVersion - this parameter is no longer used; as of JTK 7.0 proto-PKIX is not supported and instead PKIX-CMP is always used for communication with the Security Manager

Throws:

java.lang.IllegalArgumentException - thrown if any of the required parameters are null

Method Detail

getType

public java.lang.String getType()

Description copied from class: CredentialReader

Returns the type (name) of this specific credential reader.

Specified by:

getType in class CredentialReader

Returns:

the type (name) of credential reader