com.entrust.toolkit.credentials

Class UALCreator

java.lang.Object

com.entrust.toolkit.credentials.UALCreator

public class UALCreator
extends java.lang.Object

Implements a server login binder that binds a password to a set of machine information to create a .ual file.

The class requires the following files to perform the binding operation:

• An Entrust User that has client policy which permits the use of the Server Login feature.
• The Toolkit's native application extension or shared library.

The bind operation can be performed when the user is online or offline.

UAL requires native code contained in the UALJNI library; this library must be installed on the machine in order to use this class. UAL should only be used on machines that are physically secured.

Constructor Summary

Constructors

Constructor and Description
UALCreator(CredentialReader credentialReader, SecureStringBuffer password) Instantiates a UALCreator using a user's credential reader.
UALCreator(java.lang.String entrustIniFile, java.lang.String epf, SecureStringBuffer password) Instantiates a UALCreator using a user's EPF and Entrust INI file.
UALCreator(User user, SecureStringBuffer password) Instantiates a UALCreator using an already logged in user.

Method Summary

Methods

Modifier and Type	Method and Description
void	bind(java.io.OutputStream ual) Binds the user's password and writes the .ual credentials file to the given output stream.
void	setConnections(LdapDirectory directory, ManagerTransport managerTransport) Sets the connections to a Public Key Infrastructure (PKI).
void	setConnections(java.lang.String entrustIniFile) Sets the connections to the Entrust Authority Security Manager (EASM) using settings retrieved from the user's entrust.ini file.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

UALCreator

public UALCreator(CredentialReader credentialReader,
          SecureStringBuffer password)

Instantiates a UALCreator using a user's credential reader.

The user is not logged in by this constructor; login will automatically occur at the first attempt to bind the password to the machine. This constructor can be followed by a call to set the user's connections to their Public Key Infrastructure (PKI) via either of the following:

• setConnections(LdapDirectory, ManagerTransport)
• setConnections(String)

Parameters:

credentialReader - the credential reader that will be used to read the user's digital identity

password - the user's password

Throws:

java.lang.IllegalArgumentException - if any of the parameters are not set (null)

UALCreator

public UALCreator(User user,
          SecureStringBuffer password)
           throws UserNotLoggedInException

Instantiates a UALCreator using an already logged in user.

The setConnection method does not need to be called if this constructor is used.

Parameters:

user - the user that will performing the UAL password bind action (must be logged in)

password - the user's password

Throws:

UserNotLoggedInException - if user is not logged in

java.lang.IllegalArgumentException - if any of the parameters are not set (null)

Since:

7.0

UALCreator

public UALCreator(java.lang.String entrustIniFile,
          java.lang.String epf,
          SecureStringBuffer password)
           throws UserFatalException,
                  java.io.FileNotFoundException,
                  UserBadPasswordException

Instantiates a UALCreator using a user's EPF and Entrust INI file.

The user is automatically logged in by this call. The setConnection method does not need to be called if this constructor is used; the connections are parsed from the INI file and automatically setup.

Parameters:

entrustIniFile - path to the entrust.ini file

epf - path to the user's .epf file

password - the user's password

Throws:

java.io.FileNotFoundException - if either the user's EPF or Entrust INI file could not be found at the location indicated

UserBadPasswordException - if the password provided for the user is incorrect

UserFatalException - if login fails for any other reason, such as being unable to find a valid CA certificate.

Method Detail

setConnections

public void setConnections(LdapDirectory directory,
                  ManagerTransport managerTransport)
                    throws UserFatalException

Sets the connections to a Public Key Infrastructure (PKI).

Parameters:

directory - the connection to the Directory (OPTIONAL)

managerTransport - the connection to the CA (OPTIONAL)

Throws:

UserFatalException - if the connection to the CA and/or Directory, when provided, cannot be used (incorrect IP/Port, service down or not available)

See Also:

User.setConnections(LdapDirectory, ManagerTransport)

setConnections

public void setConnections(java.lang.String entrustIniFile)
                    throws java.io.FileNotFoundException,
                           UserFatalException

Sets the connections to the Entrust Authority Security Manager (EASM) using settings retrieved from the user's entrust.ini file.

Parameters:

entrustIniFile - the location of the user's entrust.ini file

Throws:

java.io.FileNotFoundException - if the entrust.ini file could not be found

UserFatalException - if the connections could not be set properly (entrust.ini not correctly formatted or missing entries, Directory not available)

See Also:

User.setConnections(String)

bind

public void bind(java.io.OutputStream ual)
          throws UserFatalException

Binds the user's password and writes the .ual credentials file to the given output stream.

Parameters:

ual - output stream to which the generated .ual file is written

Throws:

UserFatalException - thrown if Server Login is not permitted for this user, or if binding fails