com.entrust.toolkit.credentials

Class UserStatus

java.lang.Object

com.entrust.toolkit.credentials.UserStatus

public class UserStatus
extends java.lang.Object

This class contains a set of status codes and messages which indicate the status of a User.

The user's status can consist of non-critical failures that have occurred, operations that are required, and/or operations that have occurred. It is designed to provide additional information about a user login or key management operation.

The user status is composed of as set of unique status codes. The user's status can consist of any number of status codes, each of which can also have a corresponding status message.

All currently defined status codes are included as constants in this class.

Since:

7.0

See Also:

User

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	DIRECTORY_IS_OLD Indicates that information in the Directory is old; publication of a user certificate is pending (has not occurred yet).
static java.lang.String	DN_CHANGE_OCCURRED Indicates that the user's DN was changed.
static java.lang.String	DN_CHANGE_REQUIRED Indicates that the user requires a DN change.
static java.lang.String	ENCRYPTION_CERTIFICATE_UPDATE_OCCURRED Indicates that the user's decryption/encryption key/certificate was updated.
static java.lang.String	ENCRYPTION_CERTIFICATE_UPDATE_REQUIRED Indicates that the user's decryption/encryption key/certificate requires updating.
static java.lang.String	ISSUING_CA_CERTIFICATE_UPDATED Indicates that the user's issuing CA certificate has been updated.
static java.lang.String	KEY_MANAGEMENT_FAILED Indicates that an attempt was made to do key management, but that attempt failed.
static java.lang.String	KEY_MANAGEMENT_NOT_POSSIBLE Indicates that key management cannot be performed.
static java.lang.String	MSCAPI_CERTIFICATE_PROPERTY_REPAIR_OCCURRED Indicates that some of the user's certificates stored in Microsoft CryptoAPI (MSCAPI) had invalid or missing certificate properties that have since be repaired by restoring the correct certificate property values.
static java.lang.String	MSCAPI_CERTIFICATE_PROPERTY_REPAIR_REQUIRED Indicates that some of the user's certificates stored in Microsoft CryptoAPI (MSCAPI) have invalid or missing certificate properties and repair is required to restore the correct certificate property values.
static java.lang.String	OPTIONS_CHANGED Indicates that the 'Options' information in an Entrust file-based Digital Identity store has been tampered (modified by a third-party).
static java.lang.String	OPTIONS_NOT_AVAILABLE Indicates that the 'Options' information in an Entrust file-based or token-based Digital Identity store is not available (missing/empty or MAC protection is missing).
static java.lang.String	OPTIONS_UPDATED Indicates that the 'Options' information in an Entrust file-based Digital Identity store has been updated.
static java.lang.String	PASSWORD_EXPIRED Indicates that, according to the user's password history and password policy, the user's current password has expired and must be changed.
static java.lang.String	PASSWORD_HISTORY_NOT_AVAILABLE Indicates that the password history in an Entrust file-based Digital Identity store is not available (missing/empty).
static java.lang.String	PASSWORD_NOT_VALID Indicates that, according to the user's password policy, the user's current password is not valid.
static java.lang.String	ROOT_CA_CERTIFICATE_UPDATED When in a hierarchy, indicates that the Root CA certificate has been updated.
static java.lang.String	UAL_UPDATE_FAILED Indicates that an attempt was made to update the UAL file for Server Login, but that the attempt failed.
static java.lang.String	USER_CERTIFICATE_SYNCHRONIZATION_OCCURRED Indicates that additional user keys/certificates were received through certificate store synchronization.
static java.lang.String	USER_CERTIFICATE_SYNCHRONIZATION_REQUIRED Indicates that a certificate store synchronization operation is required.
static java.lang.String	USER_CERTIFICATE_UPDATE_OCCURRED Indicates that one or more of the user's keys/certificates was updated (including the encryption/decryption and signing/verification key/certificate.
static java.lang.String	USER_CERTIFICATE_UPDATE_REQUIRED Indicates that one or more of the user's keys/certificates requires an update (including the encryption/decryption and signing/verification key/certificate).
static java.lang.String	USER_CERTIFICATION_OCCURRED Indicates that certification occurred for one or more certificate-definitions that were added to the user's certificate-type.
static java.lang.String	USER_CERTIFICATION_REQUIRED Indicates that one or more certificate-definitions have been added to the user's certificate-type, each of which requires certification.
static java.lang.String	USER_EXPORT_COMPLETED Indicates that a user export operation has been completed, and the user now exists on a new Security Manager.
static java.lang.String	USER_EXPORT_DETECTED Indicates that the user has been exported to a new Security Manager, and that the user must contact the new Security Manager to complete the export operation.
static java.lang.String	USER_IS_BEING_EXPORTED Indicates that the user is in the process of being exported to a new Security Manager.
static java.lang.String	USER_IS_DEACTIVATED Indicates that the user has been disabled/deactivated.
static java.lang.String	V2_UPGRADE_OCCURRED Indicates that the user's Digital Identity store was upgraded from V1-key-pair format to V2-key-pair format.
static java.lang.String	V2_UPGRADE_REQUIRED Indicates that the user's Digital Identity store requires an upgrade from V1-key-pair format to V2-key-pair format.
static java.lang.String	VERIFICATION_CERTIFICATE_UPDATE_OCCURRED Indicates that the user's signing/verification key/certificate was updated.
static java.lang.String	VERIFICATION_CERTIFICATE_UPDATE_REQUIRED Indicates that the user's signing/verification key/certificate requires updating.
static java.lang.String	X500NAME_CHANGED Indicates that the 'User X.500 Name' information in an Entrust file-based Digital Identity store has been tampered (modified by a third-party).
static java.lang.String	X500NAME_NOT_AVAILABLE Indicates that the 'User X.500 Name' information in an Entrust file-based Digital Identity store is not available (missing/empty or MAC protection is missing).
static java.lang.String	XCC_READ_FAILED Indicates that an attempt was made to read a user's Cross-certificate Cache file (.xcc), but that attempt failed.
static java.lang.String	XCC_WRITE_FAILED Indicates that an attempt was made to write a user's Cross-certificate Cache file (.xcc), but that attempt failed.

Method Summary

Methods

Modifier and Type	Method and Description
int	getLoginStatus() Returns the user's status after a login.
java.lang.String	getStatusMessage(java.lang.String status) Returns the status message associated with a status that is present.
boolean	isStatusPresent(java.lang.String status) Determines whether a specified status is present.
boolean	keyUpdateOccurred() Returns whether or not any key and certificate update operation occurred.
boolean	keyUpdateRequired() Returns whether or not any key and certificate update operation is required.
java.lang.String	toString() Returns a string representation of the user's status.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

OPTIONS_CHANGED

public static final java.lang.String OPTIONS_CHANGED

Indicates that the 'Options' information in an Entrust file-based Digital Identity store has been tampered (modified by a third-party).

This can be detected during login, and usually results from someone manually modifying an entry in the 'Options' section of their EPF file (e.g. resetting the 'CertificatePublicationPending' flag). It means that the information in the 'Options' section (miscellaneous Entrust options) has been modified in an unauthorized manner. In this case, the application must decide whether or not to trust the information in the file-based Digital Identity store.

Corresponds to the User.WARNING_OPTIONS_CHANGED field.

See Also:

Constant Field Values

OPTIONS_UPDATED

public static final java.lang.String OPTIONS_UPDATED

Indicates that the 'Options' information in an Entrust file-based Digital Identity store has been updated.

This would normally occur when key management is prevented due to a policy such as "Enforce Token Usage" that prevents writing to certain credential store types. In this case the options section of the EPF file can still be updated without performing any key management.

See Also:

Constant Field Values

OPTIONS_NOT_AVAILABLE

public static final java.lang.String OPTIONS_NOT_AVAILABLE

Indicates that the 'Options' information in an Entrust file-based or token-based Digital Identity store is not available (missing/empty or MAC protection is missing).

This can be detected during login, and usually results from someone manually modifying their EPF file by removing the 'Options' section entirely or removing the 'Options MAC' entry in the 'Password Token' section. It means that the data that is normally contained in the 'Options' section is not available. In this case, the application must decide whether any action is necessary (warn user, disallow login, ignore ...).

Corresponds to the User.WARNING_OPTIONS_NOT_AVAILABLE field.

See Also:

Constant Field Values

X500NAME_CHANGED

public static final java.lang.String X500NAME_CHANGED

Indicates that the 'User X.500 Name' information in an Entrust file-based Digital Identity store has been tampered (modified by a third-party).

This can be detected during login, and usually results from someone manually modifying the 'User X.500 Name' section (e.g. changing the 'X500name entry). It means that the information in the 'User X.500 Name' section (user's DN) has been modified in an unauthorized manner. However, this section was designed to provide the user's DN in a human readable format; the information it contains is not used by the Toolkit and most (if not all) other Entrust products. Thus, in almost all cases this status can be ignored, but it is provided so that the application can decide if any action must be taken as a result.

Corresponds to the User.WARNING_X500NAME_CHANGED field.

See Also:

Constant Field Values

X500NAME_NOT_AVAILABLE

public static final java.lang.String X500NAME_NOT_AVAILABLE

Indicates that the 'User X.500 Name' information in an Entrust file-based Digital Identity store is not available (missing/empty or MAC protection is missing).

This can be detected during login, and usually results from someone manually modifying their EPF file by removing the 'User X.500 Name' section entirely or removing the 'User X.500 Name MAC' entry in the 'Password Token' section. It means that the data that is normally contained in the 'User X.500 Name' section is not available. However, this section was designed to provide the user's DN in a human readable format; the information it contains is not used by the Toolkit and most (if not all) other Entrust products. Thus, in almost all cases this status can be ignored, but it is provided so that the application can decide if any action must be taken as a result.

See Also:

Constant Field Values

PASSWORD_HISTORY_NOT_AVAILABLE

public static final java.lang.String PASSWORD_HISTORY_NOT_AVAILABLE

Indicates that the password history in an Entrust file-based Digital Identity store is not available (missing/empty).

This can be detected during login, and can result from someone manually modifying their EPF file by removing the '&pwHistory' entry from the 'Protected' section. It can also result from using an EPF that was created by an older version of an Entrust product; some early versions of Entrust software did not support this entry. It means that the user does not have a password history; no record exists of the previous passwords that have already been used by the user or when the last password change occurred.

This status can be important, since it can indicate attempt to by-pass the user's password policy. By deleting the password history entry, a user could then re-use a recently previously used password, or avoid having to change their current password. The application must decide whether any action is necessary (force password change, disallow login, ignore ...).

See Also:

Constant Field Values

PASSWORD_EXPIRED

public static final java.lang.String PASSWORD_EXPIRED

Indicates that, according to the user's password history and password policy, the user's current password has expired and must be changed.

This can be detected during login, and occurs when the user's current password has been in use for longer than is allowed by the user's password policy. The application must decide whether any action is necessary (force password change, suggest password change, ignore ...).

Corresponds to the User.WARNING_PW_EXPIRED field.

See Also:

Constant Field Values

PASSWORD_NOT_VALID

public static final java.lang.String PASSWORD_NOT_VALID

Indicates that, according to the user's password policy, the user's current password is not valid.

This can be detected during login, and occurs when the user's current password does not obey the password rules contained in the user's password policy. The application must decide whether any action is necessary (force password change, suggest password change, ignore ...).

Corresponds to the User.WARNING_PW_NOT_VALID field.

Note:

When a user is logging in without a connection to the Directory (offline), a default set of rules are automatically used. The default password rules are typically more restrictive than custom password rules. Thus, logging in offline can suggest a user's password is not valid (according to the default rules) when in fact it may be (according to the custom rules)

See Also:

Constant Field Values

DIRECTORY_IS_OLD

public static final java.lang.String DIRECTORY_IS_OLD

Indicates that information in the Directory is old; publication of a user certificate is pending (has not occurred yet). This usually indicates a problem with the Directory itself.

This can be detected during login for a V1-key-pair user. It occurs when the user's decryption/encryption key/certificate has been created or updated, but the new encryption certificate cannot be found in the Directory 24 hours after it should have been published. The application must decide whether any action is necessary (warn user, disallow login ...).

Corresponds to the User.WARNING_DIRECTORY_IS_OLD field.

Note:

If the user does not yet have any certificates published to the Directory (waiting for the first encryption certificate to be published), this will cause the user to attempt a DN change. The trigger for a DN change is a user whose Directory entry is missing or empty. This will of course fail, because at the Security Manager the user has not been set for a DN change.

See Also:

Constant Field Values

ENCRYPTION_CERTIFICATE_UPDATE_REQUIRED

public static final java.lang.String ENCRYPTION_CERTIFICATE_UPDATE_REQUIRED

Indicates that the user's decryption/encryption key/certificate requires updating.

This can be detected during any attempt to do key management (login, client forced update ...). It occurs when the user's decryption/encryption key/certificate requires update but the resulting update operation could not be done or did not complete successfully. This status will be accompanied by either KEY_MANAGEMENT_NOT_POSSIBLE or KEY_MANAGEMENT_FAILED, which will indicate why the update operation did not occur. The application must decide whether any action is necessary (warn user, force login online, force login with a credential writer ...).

Corresponds to the User.WARNING_ENCRYPTION_KEY_NEEDS_UPDATE field.

See Also:

Constant Field Values

ENCRYPTION_CERTIFICATE_UPDATE_OCCURRED

public static final java.lang.String ENCRYPTION_CERTIFICATE_UPDATE_OCCURRED

Indicates that the user's decryption/encryption key/certificate was updated.

This can be detected during any attempt to do key management (login, client forced update ...). It occurs when the user's decryption/encryption key/certificate requires update, and the resulting update operation is completed successfully. The application must decide whether any action is necessary (notify user, log status ...).

Corresponds to the User.WARNING_ENC_KEY_UPDATED field.

See Also:

Constant Field Values

VERIFICATION_CERTIFICATE_UPDATE_REQUIRED

public static final java.lang.String VERIFICATION_CERTIFICATE_UPDATE_REQUIRED

Indicates that the user's signing/verification key/certificate requires updating.

This can be detected during any attempt to do key management (login, client forced update ...). It occurs when the user's signing/verification key/certificate requires update but the resulting update operation could not be done or did not complete successfully. This status will be accompanied by either KEY_MANAGEMENT_NOT_POSSIBLE or KEY_MANAGEMENT_FAILED, which will indicate why the update operation did not occur. The application must decide whether any action is necessary (warn user, force login online, force login with a credential writer ...).

Corresponds to the User.WARNING_SIGNING_KEY_NEEDS_UPDATE field.

See Also:

Constant Field Values

VERIFICATION_CERTIFICATE_UPDATE_OCCURRED

public static final java.lang.String VERIFICATION_CERTIFICATE_UPDATE_OCCURRED

Indicates that the user's signing/verification key/certificate was updated.

This can be detected during any attempt to do key management (login, client forced update ...). It occurs when the user's signing/verification key/certificate requires update, and the resulting update operation is completed successfully. The application must decide whether any action is necessary (notify user, log status ...).

Corresponds to the User.WARNING_SIGN_KEY_UPDATED field.

See Also:

Constant Field Values

USER_CERTIFICATE_UPDATE_REQUIRED

public static final java.lang.String USER_CERTIFICATE_UPDATE_REQUIRED

Indicates that one or more of the user's keys/certificates requires an update (including the encryption/decryption and signing/verification key/certificate).

This can be detected during any attempt to do key management (login, client forced update ...). It occurs when one or more of the user's keys/certificates require updates, but, the resulting update operation could not be done or did not complete successfully. This status will be accompanied by either KEY_MANAGEMENT_NOT_POSSIBLE or KEY_MANAGEMENT_FAILED, which will indicate why the update operation did not occur. The application must decide whether any action is necessary (warn user, force login online, force login with a credential writer ...).

See Also:

Constant Field Values

USER_CERTIFICATE_UPDATE_OCCURRED

public static final java.lang.String USER_CERTIFICATE_UPDATE_OCCURRED

Indicates that one or more of the user's keys/certificates was updated (including the encryption/decryption and signing/verification key/certificate.

This can be detected during any attempt to do key management (login, client forced update ...). It occurs when one or more of the user's keys/certificates require updates, and the resulting update operation is completed successfully. The application must decide whether any action is necessary (notify user, log status ...).

See Also:

Constant Field Values

DN_CHANGE_REQUIRED

public static final java.lang.String DN_CHANGE_REQUIRED

Indicates that the user requires a DN change.

This can be detected during any attempt to do key management (login, client forced update ...). It occurs when the user requires a DN change but the resulting DN change operation could not be done or did not complete successfully. This status will be accompanied by either KEY_MANAGEMENT_NOT_POSSIBLE or KEY_MANAGEMENT_FAILED, which will indicate why the DN change operation did not occur. The application must decide whether any action is necessary (warn user, force login online, force login with a credential writer ...).

Corresponds to the User.WARNING_DN_CHANGE_REQUIRED field.

See Also:

Constant Field Values

DN_CHANGE_OCCURRED

public static final java.lang.String DN_CHANGE_OCCURRED

Indicates that the user's DN was changed.

This can be detected during any attempt to do key management (login, client forced update ...). It occurs when the user requires a DN change, and the resulting DN change operation is completed successfully. The application must decide whether any action is necessary (notify user, log status ...).

Corresponds to the User.WARNING_DN_CHANGED field.

See Also:

Constant Field Values

USER_CERTIFICATE_SYNCHRONIZATION_REQUIRED

public static final java.lang.String USER_CERTIFICATE_SYNCHRONIZATION_REQUIRED

Indicates that a certificate store synchronization operation is required.

This can be detected for V2-key-pair users during any attempt to do key management (login, client forced update ...). It occurs when the Security Manager has backed-up keys/certificate for the user that the user does not have in their Digital Identity store but the resulting certificate store synchronization operation could not be done or did not complete successfully. This status will be accompanied by either KEY_MANAGEMENT_NOT_POSSIBLE or KEY_MANAGEMENT_FAILED, which will indicate why the certificate store synchronization operation did not occur. The application must decide whether any action is necessary (warn user, force login online, force login with a credential writer ...).

See Also:

Constant Field Values

USER_CERTIFICATE_SYNCHRONIZATION_OCCURRED

public static final java.lang.String USER_CERTIFICATE_SYNCHRONIZATION_OCCURRED

Indicates that additional user keys/certificates were received through certificate store synchronization.

This can be detected for V2-key-pair users in any attempt to do key management (login, client initiated update ...). It occurs when the Security Manager has backed-up keys/certificate for the user that the user does not have in their Digital Identity store, and the resulting certificate store synchronization is completed successfully. The application must decide whether any action is necessary (notify user, log status ...).

See Also:

Constant Field Values

USER_CERTIFICATION_REQUIRED

public static final java.lang.String USER_CERTIFICATION_REQUIRED

Indicates that one or more certificate-definitions have been added to the user's certificate-type, each of which requires certification.

This can be detected for V2-key-pair users in any attempt to do key management (login, client initiated update ...). It occurs when the user's certificate-type contains one or more certificate-definitions for which the user does not have keys/certificate in their Digital Identity store but the resulting key certification operation could not be done or did not complete successfully. This status will be accompanied by either KEY_MANAGEMENT_NOT_POSSIBLE or KEY_MANAGEMENT_FAILED, which will indicate why the key certification operation did not occur. The application must decide whether any action is necessary (warn user, force login online, force login with a credential writer ...).

See Also:

Constant Field Values

USER_CERTIFICATION_OCCURRED

public static final java.lang.String USER_CERTIFICATION_OCCURRED

Indicates that certification occurred for one or more certificate-definitions that were added to the user's certificate-type.

This can be detected for V2-key-pair users in any attempt to do key management (login, client initiated update ...). It occurs when the user's certificate-type contains one or more certificate-definitions for which the user does not have keys/certificate in their Digital Identity store, and the resulting key certification operation is completed successfully. The application must decide whether any action is necessary (notify user, log status ...).

See Also:

Constant Field Values

V2_UPGRADE_REQUIRED

public static final java.lang.String V2_UPGRADE_REQUIRED

Indicates that the user's Digital Identity store requires an upgrade from V1-key-pair format to V2-key-pair format.

This can be detected for V1-key-pair users in any attempt to do key management (login, client initiated update ...). It occurs when the user's Digital Identity store exists in V1-key-pair format and the Security Manger supports V2-key-pair but the resulting V2 upgrade operation was not done, could not be done, or did not complete successfully.

A V2 upgrade operation will only be executed when detected during login where other key management operations are required, or when detected during a client initiated key management operation. When the V2 upgrade operation was not executed for some other reason, this status will be accompanied by either KEY_MANAGEMENT_NOT_POSSIBLE or KEY_MANAGEMENT_FAILED, which will indicate why the key V2 upgrade operation did not occur. The application must decide whether any action is necessary (warn user, initiate key management, ...).

See Also:

Constant Field Values

V2_UPGRADE_OCCURRED

public static final java.lang.String V2_UPGRADE_OCCURRED

Indicates that the user's Digital Identity store was upgraded from V1-key-pair format to V2-key-pair format.

This can be detected for V1-key-pair users in any attempt to do key management (login, client initiated update ...). It occurs when the user's Digital Identity store exists in V1-key-pair format and the Security Manger supports V2-key-pair, and the resulting V2 upgrade operation was completed successfully. The application must decide whether any action is necessary (notify user, log status ...).

See Also:

Constant Field Values

USER_IS_BEING_EXPORTED

public static final java.lang.String USER_IS_BEING_EXPORTED

Indicates that the user is in the process of being exported to a new Security Manager.

This can be detected for users in any attempt to do key management (login, client initiated update ...). It occurs when an administrator has begun an export operation for a user; the user exists in the 'export hold' state at their old Security Manager. The user can continue to work on the old Security Manager, meaning that their work is not interrupted by the export. However, to ensure that the exported information is complete (that is, no more decryption private keys or verification certificates are created after the user is exported), the old Security Manager will not allow any more key management.

When this status is present, key management operations are not possible. Any attempt to contact the Security Manager requesting key management will result in failure, and the KEY_MANAGEMENT_NOT_POSSIBLE status will be set. The application must decide whether any action is necessary (notify user, log status ...). Typically, the user must simply wait until they have been imported into the new Security Manager before any action is required.

See Also:

Constant Field Values

USER_EXPORT_DETECTED

public static final java.lang.String USER_EXPORT_DETECTED

Indicates that the user has been exported to a new Security Manager, and that the user must contact the new Security Manager to complete the export operation.

This can be detected for users in any attempt to do key management (login, client initiated update ...). It occurs when an administrator has exported a user from their current Security Manager and imported them into a new Security Manager. The user will exist in the 'exported' state at their old Security Manager and exist in the 'import key recovery' state at their new Security Manager.

While administrators at the old and new Security Manager are exporting and importing a user, the user can continue to work on the old Security Manager so that their work is not interrupted by the export. When this status is present, key management operations with the old Security Manager are not possible, and the user should contact the new Security Manager (as soon as possible) to complete the export process. The application must decide whether or not to complete the user export operation, which may require requesting the address of the new Security Manager and Directory from the user.

The export user operation is completed by calling the User.completeUserExport(LdapDirectory, ManagerTransport) API. During this call the user's Digital Identity store is updated to contain the user's keys/certificate known to the new Security Manager, the user's state is changed to 'active' at the new Security Manager, and the USER_EXPORT_COMPLETE status will be set. The old Seucrity Manager should not be contacted any further by the user; future login should always be done supplying a connection to the new Security Manager.

See Also:

Constant Field Values

USER_EXPORT_COMPLETED

public static final java.lang.String USER_EXPORT_COMPLETED

Indicates that a user export operation has been completed, and the user now exists on a new Security Manager.

The status is set following a successful call to the User.completeUserExport(LdapDirectory, ManagerTransport) API. It indicates that the old Security Manager should not be contacted any further by the user; future login should always be done supplying a connection to the new Security Manager. The application must decide whether any action is necessary (notify user, log status ...).

See Also:

Constant Field Values

KEY_MANAGEMENT_NOT_POSSIBLE

public static final java.lang.String KEY_MANAGEMENT_NOT_POSSIBLE

Indicates that key management cannot be performed.

This can be detected during any attempt to do key management (login, client forced update ...). It occurs when the key management routine is aborted because the user does not have a connection to a Directory or no credential writer has been set. The application must decide whether any action is necessary (warn user, force login online, ...).

See Also:

Constant Field Values

KEY_MANAGEMENT_FAILED

public static final java.lang.String KEY_MANAGEMENT_FAILED

Indicates that an attempt was made to do key management, but that attempt failed.

This can be detected during any attempt to do key management (login, client forced update ...). It occurs when the key management routine is aborted because a failure occurred internally. The application must decide whether any action is necessary (warn user, force login with a credential writer, re-attempt login ...).

See Also:

Constant Field Values

USER_IS_DEACTIVATED

public static final java.lang.String USER_IS_DEACTIVATED

Indicates that the user has been disabled/deactivated.

This can be detected during any attempt to do key management (login, client forced update ...). It occurs when the user has be disabled/deactivated at the Security Manager; in this state key management cannot be done. The application must decide whether any action is necessary (warn user, deny login ...).

See Also:

Constant Field Values

UAL_UPDATE_FAILED

public static final java.lang.String UAL_UPDATE_FAILED

Indicates that an attempt was made to update the UAL file for Server Login, but that the attempt failed. This flag will only be set when logging in using a UALCredentialReader and there is a failure updating the UAL file.

The UAL file needs to be updated when one of the computer-specific parameters used to create the password encryption key changes. Failure to update it is not fatal, but if more computer-specific parameters change in the future then Server Login will stop working. It would be a good idea to run the UALCreator procedure again to re-bind the user's password to the computer.

See Also:

UALCreator, Constant Field Values

ISSUING_CA_CERTIFICATE_UPDATED

public static final java.lang.String ISSUING_CA_CERTIFICATE_UPDATED

Indicates that the user's issuing CA certificate has been updated.

This can occur during the first time a user logs in after a CA key update. No action is required, although the application may choose to inform the user that this occurred.

See Also:

Constant Field Values

ROOT_CA_CERTIFICATE_UPDATED

public static final java.lang.String ROOT_CA_CERTIFICATE_UPDATED

When in a hierarchy, indicates that the Root CA certificate has been updated.

This can occur during the first time a user logs in after a Root CA key update. No action is required, although the application may choose to inform the user that this occurred.

See Also:

Constant Field Values

XCC_READ_FAILED

public static final java.lang.String XCC_READ_FAILED

Indicates that an attempt was made to read a user's Cross-certificate Cache file (.xcc), but that attempt failed.

This is considered a non-fatal failure that can happen during user login. The user login operation will still succeed, however, if the user has logged in offline and a subsequent attempt is made to perform certificate validation, that attempt could fail (the certificates necessary to build a certificate chain that would have been provided by the .xcc file may not be available from any other source).

Since:

8.0

See Also:

Constant Field Values

XCC_WRITE_FAILED

public static final java.lang.String XCC_WRITE_FAILED

Indicates that an attempt was made to write a user's Cross-certificate Cache file (.xcc), but that attempt failed.

This is considered a non-fatal failure that can happen during user login and/or user logout. The user operation will still succeed, however, if a subsequent attempt is made to perform certificate validation with this user while logged in offline, that attempt could fail (the certificates necessary to build a certificate chain that would have been provided by the .xcc file may not be available from any other source).

Since:

8.0

See Also:

Constant Field Values

MSCAPI_CERTIFICATE_PROPERTY_REPAIR_REQUIRED

public static final java.lang.String MSCAPI_CERTIFICATE_PROPERTY_REPAIR_REQUIRED

Indicates that some of the user's certificates stored in Microsoft CryptoAPI (MSCAPI) have invalid or missing certificate properties and repair is required to restore the correct certificate property values.

Repair is supported for following MSCAPI certificate properties:

• CERT_FRIENDLY_NAME_PROP_ID
• CERT_ARCHIVED_PROP_ID

Since:

8.0

See Also:

Constant Field Values

MSCAPI_CERTIFICATE_PROPERTY_REPAIR_OCCURRED

public static final java.lang.String MSCAPI_CERTIFICATE_PROPERTY_REPAIR_OCCURRED

Indicates that some of the user's certificates stored in Microsoft CryptoAPI (MSCAPI) had invalid or missing certificate properties that have since be repaired by restoring the correct certificate property values.

See MSCAPI_CERTIFICATE_PROPERTY_REPAIR_REQUIRED for a list of MSCAPI certificate properties for which repair is supported.

Since:

8.0

See Also:

Constant Field Values

Method Detail

getLoginStatus

public int getLoginStatus()

Returns the user's status after a login. This only returns the bits that would be returned by a call to User.login, which is a subset of the full set of status codes. As such, use of this method is not recommended, it is mostly for internal Toolkit use.

Returns:

the user's status as it would be returned from User.login

See Also:

User.login()

isStatusPresent

public boolean isStatusPresent(java.lang.String status)

Determines whether a specified status is present.

The specified status can be any of the fields defined in this class.

Parameters:

status - the status to check for

Returns:

boolean true it the user's status contains the specified status, false otherwise

keyUpdateOccurred

public boolean keyUpdateOccurred()

Returns whether or not any key and certificate update operation occurred. A key and certificate update occurred if any of the ENCRYPTION_CERTIFICATE_UPDATE_OCCURRED, VERIFICATION_CERTIFICATE_UPDATE_OCCURRED, USER_CERTIFICATE_UPDATE_OCCURRED, USER_CERTIFICATE_SYNCHRONIZATION_OCCURRED, USER_CERTIFICATION_OCCURRED, DN_CHANGE_OCCURRED, or USER_EXPORT_COMPLETED status fields are set.

Returns:

whether or not any key and certificate update operation occurred.

keyUpdateRequired

public boolean keyUpdateRequired()

Returns whether or not any key and certificate update operation is required. A key and certificate update is required if any of the ENCRYPTION_CERTIFICATE_UPDATE_REQUIRED, VERIFICATION_CERTIFICATE_UPDATE_REQUIRED, USER_CERTIFICATE_UPDATE_REQUIRED, USER_CERTIFICATE_SYNCHRONIZATION_REQUIRED, USER_CERTIFICATION_REQUIRED, DN_CHANGE_REQUIRED, or USER_EXPORT_DETECTED status fields are set.

Returns:

whether or not any key and certificate update operation is required.

getStatusMessage

public java.lang.String getStatusMessage(java.lang.String status)

Returns the status message associated with a status that is present.

The status message is only returned if the status is present and has a status message associated with it. The status message simply provides an indication of why the status exists. It is intended to be used for logging purposes.

Parameters:

status - the status whose message is being requested

Returns:

the status message if the status exists and has a message associated with it; otherwise null is returned

toString

public java.lang.String toString()

Returns a string representation of the user's status.

This string contains each individual status code it contains and a status message that may be associated with it.

Overrides:

toString in class java.lang.Object

Returns:

String a string representation of the user's status