com.entrust.toolkit.credentials

Class TokenReader

java.lang.Object

com.entrust.toolkit.credentials.CredentialReader

com.entrust.toolkit.credentials.TokenReader

public final class TokenReader
extends CredentialReader

This credential reader is designed for reading an Entrust Digital Identity from a PKCS#11 device (token).

All communication with the token is done using the PKCS#11 version 2.01 API. Reading a token based Digital Identity involves reading all Entrust Digital Identity information contained on the token, and also in an auxiliary profile (APF) if it exists.

When reading a Digital Identity, the user may optionally have a connection to the Security Manager and Directory set. When these connections are not provided, key management operations are not possible (key update, DN change, ...). The user may also optionally have a credential writer set. The only credential writer that can be used with this credential reader is a TokenWriter. When a credential writer is not provided, the user's Digital Identity CANNOT be written. Below is an example of how a user's Digital Identity can be logged into (all capitalized values must be provided by the user):

 User user = new User();
 
 JNDIDirectory directory = new JNDIDirectory(DIRECTORY_IP, DIRECTORY_PORT);
 ManagerTransport transport = new ManagerTransport(MANAGER_IP, MANAGER_PORT);
 user.setConnections(directory, transport);

 PKCS11LibraryConnection p11LibConn = new PKCS11LibraryConnection(P11_LIB);
 long slotId = new PKCS11Information(p11LibConn).getSlotList(true).getSlotIDs()[0];

 SecureStringBuffer securePassword = new SecureStringBuffer(PASSWORD);
 CredentialReader credentialReader = new TokenReader(p11LibConn, slotId);
 CredentialWriter credentialWriter = new TokenWriter(ENTRUST_PATH, ENTRUST_USER, null, 0);
 user.setCredentialWriter(credentialWriter);
 user.login(credentialReader, securePassword);
 

Constructor Summary

Constructors

Constructor and Description
TokenReader(PKCS11LibraryConnection pkcs11LibraryConnection, long slotID) Creates a TokenReader object.

Method Summary

Methods

Modifier and Type	Method and Description
java.lang.String	getType() Returns the type (name) of this specific credential reader, which is "TokenReader".

Methods inherited from class com.entrust.toolkit.credentials.CredentialReader

checkPwd

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TokenReader

public TokenReader(PKCS11LibraryConnection pkcs11LibraryConnection,
           long slotID)

Creates a TokenReader object.

When the user logs in, the token located at the indicated slot ID will be connected to using the PKCS#11 library provided. All information related to the Entrust Digital Identity is then read from the token. If the information read from token indicates that an auxiliary Profile (APF) exists, all information in the APF is also read.

Parameters:

slotID - the slot ID indicating the location on the token where the user's Digital Identity will be stored

Note

A list of slot IDs can be retrieved from the token by calling the getSlotList() method from the PKCS11Information class.

pkcs11LibraryConnection - a connection to the PKCS#11 library of the token

Method Detail

getType

public java.lang.String getType()

Returns the type (name) of this specific credential reader, which is "TokenReader".

Specified by:

getType in class CredentialReader

Returns:

the type (name) of credential reader