public final class MscapiKeyContainer
extends java.lang.Object
The purpose of this class is to provide a Card Management System (CardMS) with a representation of how the key/certificate of an Entrust user should be stored in MS-CAPI in order for Entrust MS-CAPI enabled applications to be able to use the digital identity they belong to. These objects are produced when the CardMS API is used to execute a key management operation for an Entrust user. It is the responsibility of the CardMS to write these structures to MS-CAPI following the key management operation.
An MS-CAPI key container consists of the following components, all of which must be stored in MS-CAPI by the CardMS:
In addition to these components, the software representation also provides the following (for informational purposes; these components are not stored in MS-CAPI):
| Modifier and Type | Method and Description |
|---|---|
X509Certificate |
getCert()
Returns the user certificate that is to be stored in the MS-CAPI key
container.
|
EntrustCertInfoId |
getCertDefnId()
Returns the Entrust certificate definition identifier associated with the
key/certificate in this MS-CAPI key container.
|
EntrustCertInfoId |
getCertTypeId()
Returns the Entrust certificate type identifier associated with the
key/certificate in this MS-CAPI key container.
|
EncryptedValue |
getEncryptedPrivateKey()
Returns the user private key in encrypted format that is to be stored in
the MS-CAPI key container.
|
java.lang.String |
getKeyContainerName()
Returns the Entrust format MS-CAPI key container name.
|
java.lang.String |
toString() |
public EntrustCertInfoId getCertTypeId()
The certificate type identifier is not written to MS-CAPI; it is provided for informational purpose only.
public EntrustCertInfoId getCertDefnId()
The certificate definition identifier is not written to MS-CAPI; it is provided for informational purpose only.
public java.lang.String getKeyContainerName()
Entrust application uses a special key container naming format to group key containers into a digital identity. In order for Entrust applications to be able to recognize this key/certificate as part of an Entrust digital identity, the specified key container name must be used.
public X509Certificate getCert()
public EncryptedValue getEncryptedPrivateKey()
This component will only be set for keys that are server generated or being returned from backup. The private key will be encrypted with the client protocol encryption key that was provided during the CMP key management transaction. The private key must be decrypted by the CardMS prior to being stored in MS-CAPI.
For keys that are client generated, this private key will not be set. In this case, the key has already been generated by the CardMS. It is the responsibility of the CardMS to make sure the private key is stored in MS-CAPI as part of this key container.
null otherwisepublic java.lang.String toString()
toString in class java.lang.Object