public final class P11X509CertificateObject extends P11StorageObject
A software representation of an Entrust digital identity in PKCS #11 format, as required by a Card Management System (CMS), will contain instances of these X.509 certificate objects. The CMS is responsible for writing this object to the smart card.
The following object attributes are specified, in addition to those defined by a storage object:
For X.509 certificate attributes that have not yet been specified (CKA_ISSUER, CKA_SERIAL_NUMBER), or have been specified but have not been set in the X.509 certificate object representation, default values are to be used when the object is written to the smart card by the CMS.
In addition to writing the X.509 certificate to the smart card, the CMS may also wish to import the certificate into the Microsoft CryptoAPI (CAPI). To aid in this process, the CAPI key container name for the X.509 certificate formatted according to Entrust's key container naming schema is also provided by this class. The CAPI key container name is only provided for user certificates (end entity), not for CA certificates. It is the responsibility of the CMS to import the digital identity into CAPI if necessary.
The certificate definition identifier for the certificate definition that this certificate object corresponds to is also included for user certificates (end entity), but not CA certificates. This provides the CMS with the information necessary to determine which of the user's certificates this in fact is. The certificate definition identifier SHOULD NOT be written to the smart card; it is included for certificate identification purposes only.
| Modifier and Type | Method and Description |
|---|---|
java.lang.String |
getCAPIKeyContainerName()
Returns the CAPI key container name.
|
EntrustCertInfoId |
getCertDefnId()
Returns the certificate definition identifier for the certificate definition
that this certificate corresponds to.
|
long |
getCkaCertificateType()
Returns the type of certificate.
|
byte[] |
getCkaId()
Returns the key identifier for the public/private key pair.
|
byte[] |
getCkaSubject()
Returns the DER-encoding of the certificate subject name.
|
byte[] |
getValue()
Returns the BER-encoding of the certificate.
|
getCkaClass, getCkaLabel, getCkaPrivate, getCkaToken, isDataObject, isPrivateKeyObject, isX509CertificateObjectpublic long getCkaCertificateType()
public byte[] getCkaSubject()
public byte[] getCkaId()
null
otherwisepublic byte[] getValue()
public EntrustCertInfoId getCertDefnId()
The certificate definition identifier is only provided for user certificates (end entity), not CA certificates. This allows the CMS to determine which certificate definition a user certificate corresponds too. Using this information the CMS can match user certificates with their corresponding private key. The certificate definition identifier SHOULD NOT be written to the smart card; it is included for certificate identification purposes only.
null otherwise (CA certificate)public java.lang.String getCAPIKeyContainerName()
The CAPI key container name is formatted according to Entrust's key container naming schema. It identifies the key container in CAPI the X.509 certificate should be imported into when the digital identity this certificate belongs to is being imported into CAPI. A CAPI key container is only provided for user certificates (end entity), not for CA certificates.
null otherwise (CA certificate)