com.entrust.toolkit.credentials

Class PKIXCMPUtils

java.lang.Object

com.entrust.toolkit.credentials.PKIXCMPUtils

public class PKIXCMPUtils
extends java.lang.Object

Constructor Summary

Constructors

Constructor and Description
PKIXCMPUtils(ManagerTransport mantransport) Construct an EntrustPKIXCMP message given a ManagerTransport object.

Method Summary

Methods

Modifier and Type	Method and Description
static byte[]	createPasswordBasedMac(byte[] data, byte[] password, AlgorithmID passwordBasedMac) Creates a password based MAC over the specified data.
GeneralMessageInfo	getGeneralMessageInfo(SecureStringBuffer refNum, AuthorizationCode authCode) This API performs a PKIX general message transaction using the supplied reference number and authorization code.
GeneralMessageInfo	getGeneralMessageInfo(User user) This API performs a PKIX general message transaction using the supplied User object.
PKIMessage	receive() Receives a PKIX-CMP response message over the Manager Transport.
void	send(PKIMessage request) Sends a PKIX-CMP request over the Manager Transport.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PKIXCMPUtils

public PKIXCMPUtils(ManagerTransport mantransport)

Construct an EntrustPKIXCMP message given a ManagerTransport object. This method will create an Entrust70PKIXCMPv1 object suitable for sending and receiving PKIX messages.

Parameters:

mantransport -

Method Detail

send

public void send(PKIMessage request)
          throws EntrustPKIXCMPException

Sends a PKIX-CMP request over the Manager Transport. This is done as follows:

• DER encode the request message
• Create a TCP message by adding a TCP header to the DER encoded request message
• Send the TCP request message over the ManagerTransport

If this class has been set to operate in DEBUG mode, a file containing the DER encoded request message will be written to the working directory.

Parameters:

request - the request message to be sent to the CA

Throws:

EntrustPKIXCMPException - thrown if there was a problem sending the PKIX-CMP request

receive

public PKIMessage receive()
                   throws EntrustPKIXCMPException

Receives a PKIX-CMP response message over the Manager Transport. This is done as follows:

• Receive a TCP response message over the ManagerTransport
• Remove the TCP header creating a DER encoded response message
• DER decode the response message to a PKIMessage

If this class has been set to operate in DEBUG mode, a file containing the DER encoded response message will be written to the working directory.

Returns:

PKIMessage the response message received from the CA

Throws:

EntrustPKIXCMPException - thrown if there was a problem receiving the PKIX-CMP response

getGeneralMessageInfo

public GeneralMessageInfo getGeneralMessageInfo(SecureStringBuffer refNum,
                                       AuthorizationCode authCode)
                                         throws EntrustPKIXCMPException

This API performs a PKIX general message transaction using the supplied reference number and authorization code. This method returns a GeneralMessageInfo object whose purpose is to encapsulate information contained in a PKIX CMP General Message.

Note: If this API is called by a V2 key pair user, the manager log at the PKI may generate an error that says "A V1 client can no longer be used to manage user". This error message can be ignored.

Parameters:

refNum - The reference number

authCode - The authorization code

Returns:

The GeneralMessageInfo object that encapsulated PKIX GeneralMessage Information

Throws:

EntrustPKIXCMPException

Since:

8.0

getGeneralMessageInfo

public GeneralMessageInfo getGeneralMessageInfo(User user)
                                         throws EntrustPKIXCMPException,
                                                UserNotLoggedInException

This API performs a PKIX general message transaction using the supplied User object. This method returns a GeneralMessageInfo object whose purpose is to encapsulate information contained in a PKIX CMP General Message.

Parameters:

user - The User object

Returns:

The GeneralMessageInfo object that encapsulated PKIX GeneralMessage Information

Throws:

EntrustPKIXCMPException

UserNotLoggedInException

Since:

8.0 patch

createPasswordBasedMac

public static byte[] createPasswordBasedMac(byte[] data,
                            byte[] password,
                            AlgorithmID passwordBasedMac)
                                     throws EntrustPKIXCMPException

Creates a password based MAC over the specified data.

The MAC is calculated as a PasswordBasedMac with the salt, iteration count, one-way function algorithm, and MAC algorithm all extracted from the algorithm parameters. The password used is created from the authorization code provided.

First a key is created by appending the salt to the password and hashing this value with the one-way function the number of times specified in iteration count. Then the MAC using this key and the specified MAC algorithm.

Parameters:

data - the data to protect with the password based MAC

password - the password to MAC with (authorization code, ...)

passwordBasedMac - the password based MAC algorithm identifier that the MAC will be created for

Returns:

the MAC value

Throws:

EntrustPKIXCMPException - if an error occurs during MAC creation