com.entrust.toolkit.keystore

Class KSIniFileCreator

java.lang.Object

com.entrust.toolkit.keystore.KSIniFileCreator

public class KSIniFileCreator
extends java.lang.Object

This class reads and writes KeyStore-Ini-Files.

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	ALG_STRING_3DES
static java.lang.String	ALG_STRING_CAST
static java.lang.String	ALG_STRING_DES
static java.lang.String	ALG_STRING_IDEA

Constructor Summary

Constructors

Constructor and Description
KSIniFileCreator(java.io.InputStream ksIniFile, SecureStringBuffer password) Creating a KSIniFileCreator by reading an already existing KeyStore-Ini-File.
KSIniFileCreator(java.lang.String path) Creating a new KSIniFileCreator.
KSIniFileCreator(java.lang.String pkcs11Library, int slotNr) Deprecated. used KSIniFileCreator(String, long) because a slot ID is represented by a long in the PKCS#11 specification
KSIniFileCreator(java.lang.String pkcs11Library, long slotNr) Creating a new KSIniFileCreator.
KSIniFileCreator(java.lang.String ksIniFile, SecureStringBuffer password) Creating a KSIniFileCreator by reading an already existing KeyStore-Ini-File.

Method Summary

Methods

Modifier and Type	Method and Description
void	addReadCertificateStore(java.lang.String path, SecureStringBuffer password) Adds a read-only certificate store to this KeyStore-Ini-File.
void	addWriteCertificateStore(java.lang.String path, SecureStringBuffer password) Adds a read/write certificate store to this KeyStore-Ini-File.
java.lang.String	getAuthorityAddress() Returns the IP address of the authority.
int	getAuthorityPort() Returns the port number of the authority.
static LdapDirectory	getDirectoryFromKeystore(IniFile iniFile) Reads the Directory Information from the Keystore INI file.
static LdapDirectory	getDirectoryFromKeystore(java.lang.String iniFile) Reads the Directory Information from the Keystore INI file.
int	getHashCount() Returns the hash count.
java.lang.String	getLdapAddress() Returns the IP address of the ldap directory.
int	getLdapPort() Returns the port number of the ldap directory.
static ManagerTransport	getManagerFromKeystore(IniFile iniFile) Reads the Manager Information from the Keystore INI file.
static ManagerTransport	getManagerFromKeystore(java.lang.String iniFile) Reads the Manager Information from the Keystore INI file.
java.lang.String	getProtectionAlgorithm() Returns the protection algorithm.
java.lang.String[]	getReadCertificateStores() Returns the full pathnames of the read-only certificate stores.
java.lang.String[]	getWriteCertificateStores() Returns the full pathnames of the read/write certificate stores.
static SecureStringBuffer	readPasswordFromKeystore(IniFile iniFile) This is a convenience method that reads the Password bound to the KeyStore INI file.
void	removeAllReadCertificateStores() Removes all read-only certificate stores.
void	removeAllWriteCertificateStores() Removes all read/write certificate stores.
void	removeAuthority() Removes the authority.
void	removeLdap() Removes the ldap.
void	removeReadCertificateStore(java.lang.String path) Removes the read-only certificate store with the given path.
void	removeWriteCertificateStore(java.lang.String path) Removes the read/write certificate store with the given path.
void	setAuthority(java.lang.String ipAddress, int portNumber) Sets a new authority.
void	setAuthorityTunnel(java.lang.String urlString) Sets a new authority.
void	setHashCount(int hashCount) Sets the hash count.
void	setLdap(java.lang.String ipAddress, int portNumber) Sets a new ldap directory.
void	setLdapTunnel(java.lang.String urlString) Sets a new authority.
void	setProtectionAlgorithm(java.lang.String protectionAlg) Sets the protection algorithm.
void	store(java.io.OutputStream ksIniFile, SecureStringBuffer password) Stores the current settings to a KeyStore-Ini-file.
void	store(java.io.OutputStream ksIniFile, java.lang.String ualFile) Method store.
void	store(java.lang.String ksIniFile, ProtectedPassword password) Method store.
void	store(java.lang.String ksIniFile, SecureStringBuffer password) Stores the current settings to a KeyStore-Ini-file.
void	store(java.lang.String ksIniFile, java.lang.String ualFile) Method store.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ALG_STRING_CAST

public static final java.lang.String ALG_STRING_CAST

See Also:

Constant Field Values

ALG_STRING_DES

public static final java.lang.String ALG_STRING_DES

See Also:

Constant Field Values

ALG_STRING_3DES

public static final java.lang.String ALG_STRING_3DES

See Also:

Constant Field Values

ALG_STRING_IDEA

public static final java.lang.String ALG_STRING_IDEA

See Also:

Constant Field Values

Constructor Detail

KSIniFileCreator

public KSIniFileCreator(java.lang.String path)

Creating a new KSIniFileCreator.

This constructor is used to create a KeyStore-Ini-File for either an Entrust Profile (*.epf), or a PKCS12 (*.p12) credential store.

NOTE: The KSIniFileCreator does not check if the given credential store exists.

Parameters:

path - The full pathname to the credential store (*.epf or *.p12)

Throws:

java.lang.IllegalArgumentException - If path does not point to an *.epf or a *.p12 file.

KSIniFileCreator

public KSIniFileCreator(java.lang.String pkcs11Library,
                int slotNr)

Deprecated. used KSIniFileCreator(String, long) because a slot ID is represented by a long in the PKCS#11 specification

Creating a new KSIniFileCreator.

This constructor is used to create a KeyStore-Ini-File for a PKCS11 credential store. Note that the KSIniFileCreator does not check if the given pkcs11 Library does exist.

Parameters:

pkcs11Library - The pkcs11 library name.

slotNr - The slotNr to the token

KSIniFileCreator

public KSIniFileCreator(java.lang.String pkcs11Library,
                long slotNr)

Creating a new KSIniFileCreator.

This constructor is used to create a KeyStore-Ini-File for a PKCS11 credential store. Note that the KSIniFileCreator does not check if the given pkcs11 Library does exist.

Parameters:

pkcs11Library - The pkcs11 library name.

slotNr - The slotNr as a long

KSIniFileCreator

public KSIniFileCreator(java.lang.String ksIniFile,
                SecureStringBuffer password)
                 throws java.io.FileNotFoundException,
                        java.io.IOException,
                        java.security.NoSuchAlgorithmException

Creating a KSIniFileCreator by reading an already existing KeyStore-Ini-File.

Parameters:

ksIniFile - The full path name to the KeyStore-Ini-file.

password - The password that was used to write the KeyStore-Ini-file.

Throws:

java.io.IOException - Thrown if a problem occurs when reading the KeyStore-Ini-file.

java.security.NoSuchAlgorithmException - Thrown if one of the needed algorithms is not installed.

java.io.FileNotFoundException

KSIniFileCreator

public KSIniFileCreator(java.io.InputStream ksIniFile,
                SecureStringBuffer password)
                 throws java.io.IOException,
                        java.security.NoSuchAlgorithmException

Creating a KSIniFileCreator by reading an already existing KeyStore-Ini-File.

Parameters:

ksIniFile - An input stream to the KeyStore-Ini-File

password - The password used in case the KeyStore-Ini-File contains protected certificate store passwords.

Throws:

java.lang.IllegalArgumentException - If the pkcs11Library does not point to a *.dll

java.io.IOException

java.security.NoSuchAlgorithmException

Method Detail

getDirectoryFromKeystore

public static LdapDirectory getDirectoryFromKeystore(java.lang.String iniFile)
                                              throws java.io.IOException

Reads the Directory Information from the Keystore INI file. If the Keystore INI file contains 'Ldap' or 'LdapTunnel' information, the associated LdapDirectory object will be returned.

Parameters:

iniFile - the path to the Keystore INI File

Returns:

The LdapDirectory specified in the IniFile

Throws:

java.io.IOException

Since:

7.2 SP2 Patch

readPasswordFromKeystore

public static SecureStringBuffer readPasswordFromKeystore(IniFile iniFile)
                                                   throws java.io.IOException

This is a convenience method that reads the Password bound to the KeyStore INI file. It will decode the password from either a UAL or ProtectedPassword that was set when the KSIniFile was created. If no password UAL or ProtectedPassword was used to protect the KeyStore INI file, it will return null;

Parameters:

iniFile - The KeystoreINI file

Returns:

The SecureStringBuffer represeting the UAL or ProtectedPassword password

Throws:

java.io.IOException

Since:

7.2 SP2 Patch

getDirectoryFromKeystore

public static LdapDirectory getDirectoryFromKeystore(IniFile iniFile)
                                              throws java.io.IOException

Reads the Directory Information from the Keystore INI file. If the Keystore INI file contains 'Ldap' or 'LdapTunnel' information, the associated LdapDirectory object will be returned.

Parameters:

iniFile - The IniFile used to read the Ldap or LdapTunnel information

Returns:

The LdapDirectory specified in the IniFile

Throws:

java.io.IOException

Since:

7.2 SP2 Patch

getManagerFromKeystore

public static ManagerTransport getManagerFromKeystore(java.lang.String iniFile)
                                               throws java.io.IOException

Reads the Manager Information from the Keystore INI file. If the Keystore INI file contains 'Authority' or 'AuthorityTunnel' information, the associated ManagerTransport object will be returned.

Parameters:

iniFile - The path to the Keystore IniFile used to read the Authority or AuthorityTunnel information

Returns:

The ManagerTransport specified in the IniFile

Throws:

java.io.IOException

Since:

7.2 SP2 Patch

getManagerFromKeystore

public static ManagerTransport getManagerFromKeystore(IniFile iniFile)
                                               throws java.io.IOException

Reads the Manager Information from the Keystore INI file. If the Keystore INI file contains 'Authority' or 'AuthorityTunnel' information, the associated ManagerTransport object will be returned.

Parameters:

iniFile - The IniFile used to read the Authority or AuthorityTunnel information

Returns:

The ManagerTransport specified in the IniFile

Throws:

java.io.IOException

Since:

7.2 SP2 Patch

getHashCount

public final int getHashCount()

Returns the hash count.

Returns:

The hash count

setHashCount

public final void setHashCount(int hashCount)

Sets the hash count.

The hash count must be in the range between 1000 and 10000.

Parameters:

hashCount - The hash count

Throws:

java.lang.IllegalArgumentException - If the hashCount is not between 1000 and 10000

getProtectionAlgorithm

public final java.lang.String getProtectionAlgorithm()

Returns the protection algorithm.

Returns:

The protection algorithm

setProtectionAlgorithm

public final void setProtectionAlgorithm(java.lang.String protectionAlg)

Sets the protection algorithm.

The protection algorithm must be one of:

• ALG_STRING_CAST
• ALG_STRING_DES
• ALG_STRING_3DES
• ALG_STRING_IDEA

Parameters:

protectionAlg - The protection algorithm

Throws:

java.lang.IllegalArgumentException - If the delivered protection algorithm is unknown.

addWriteCertificateStore

public final void addWriteCertificateStore(java.lang.String path,
                            SecureStringBuffer password)

Adds a read/write certificate store to this KeyStore-Ini-File.

The provided password is the one used to protect this certificate store. If the given certificate store already exists, it will be overwritten.

Parameters:

path - The full pathname to the certificate store (*.p12).

Throws:

java.lang.IllegalArgumentException - If the delivered path does not point to a p12 file.

addReadCertificateStore

public final void addReadCertificateStore(java.lang.String path,
                           SecureStringBuffer password)

Adds a read-only certificate store to this KeyStore-Ini-File.

The provided password is the one used to protect this certificate store. If the given certificate store already exists, it will be overwritten.

Parameters:

path - The full pathname to the certificate store (*.p12).

Throws:

java.lang.IllegalArgumentException - If the delivered path does not point to a p12 file.

getWriteCertificateStores

public final java.lang.String[] getWriteCertificateStores()

Returns the full pathnames of the read/write certificate stores.

Returns:

The read/write certificate stores

getReadCertificateStores

public final java.lang.String[] getReadCertificateStores()

Returns the full pathnames of the read-only certificate stores.

Returns:

The read-only certificate stores

removeWriteCertificateStore

public final void removeWriteCertificateStore(java.lang.String path)

Removes the read/write certificate store with the given path.

If the given certificate store doesn't exist, the method returns without doing anything.

Parameters:

path - The full pathname to the certificate store

removeAllWriteCertificateStores

public final void removeAllWriteCertificateStores()

Removes all read/write certificate stores.

removeReadCertificateStore

public final void removeReadCertificateStore(java.lang.String path)

Removes the read-only certificate store with the given path.

If the given certificate store doesn't exist, the method returns without doing anything.

Parameters:

path - The full pathname to the certificate store

removeAllReadCertificateStores

public final void removeAllReadCertificateStores()

Removes all read-only certificate stores.

setLdap

public final void setLdap(java.lang.String ipAddress,
           int portNumber)

Sets a new ldap directory.

Parameters:

ipAddress - the ip address to the ldap directory

portNumber - the port number to the ldap directory

setLdapTunnel

public final void setLdapTunnel(java.lang.String urlString)
                         throws java.net.MalformedURLException

Sets a new authority.

Parameters:

urlString - the URL string referring to the Directory Servlet that will be used to for tunneling through a firewall.

Throws:

java.net.MalformedURLException - if urlString is not a valid URL.

Since:

7.2 SP2 Patch

See Also:

HttpDirectoryServlet}

setAuthorityTunnel

public final void setAuthorityTunnel(java.lang.String urlString)
                              throws java.net.MalformedURLException

Sets a new authority.

Parameters:

urlString - the URL string referring to the Manager servlet that will be used to for tunneling through a firewall.

Throws:

java.net.MalformedURLException - if urlString is not a valid URL.

Since:

7.2 SP2 Patch

See Also:

HttpManagerServlet}

getLdapAddress

public final java.lang.String getLdapAddress()

Returns the IP address of the ldap directory.

Returns:

the ip address of the ldap directory

getLdapPort

public final int getLdapPort()

Returns the port number of the ldap directory.

Returns:

the port number of the ldap directory

removeLdap

public final void removeLdap()

Removes the ldap.

setAuthority

public final void setAuthority(java.lang.String ipAddress,
                int portNumber)

Sets a new authority.

Parameters:

ipAddress - the ip address to the manager

portNumber - the port number to the manager

getAuthorityAddress

public final java.lang.String getAuthorityAddress()

Returns the IP address of the authority.

Returns:

the ip address of the authority

getAuthorityPort

public final int getAuthorityPort()

Returns the port number of the authority.

Returns:

the port number of the authority

removeAuthority

public final void removeAuthority()

Removes the authority.

store

public final void store(java.lang.String ksIniFile,
         SecureStringBuffer password)
                 throws java.io.IOException,
                        java.security.NoSuchAlgorithmException

Stores the current settings to a KeyStore-Ini-file.

Neither the credentialstore, set in the constructor, nor the given password will be checked when writing the KeyStore-Ini-file.

Parameters:

ksIniFile - The full path name where to store the KeyStore-Ini-file

password - The password used to protect the certificate store's password. Use the password that belongs to the credential store (epf, p11, p12) set in this KeyStore-Ini-file.

Throws:

java.io.IOException - Thrown if a problem occurs when writing the KeyStore-Ini-file.

java.security.NoSuchAlgorithmException - Thrown if one of the needed algorithms is not installed.

store

public final void store(java.io.OutputStream ksIniFile,
         SecureStringBuffer password)
                 throws java.io.IOException,
                        java.security.NoSuchAlgorithmException

Stores the current settings to a KeyStore-Ini-file.

Neither the credentialstore, set in the constructor, nor the given password will be checked when writing the KeyStore-Ini-file.

Parameters:

ksIniFile - The output stream used to store the KeyStore-Ini-file

password - The password used to protect the certificate store's password. Use the password that belongs to the credential store (epf, p11, p12) set in this KeyStore-Ini-file.

Throws:

java.io.IOException - Thrown if a problem occurs when writing the KeyStore-Ini-file.

java.security.NoSuchAlgorithmException - Thrown if one of the needed algorithms is not installed.

store

public final void store(java.lang.String ksIniFile,
         java.lang.String ualFile)
                 throws UserFatalException,
                        java.security.NoSuchAlgorithmException,
                        java.io.IOException

Method store. Creates a key-store protected by a UAL file to support unattended key-store login .

Parameters:

ksIniFile - the file path where the key-store is written.

ualFile - the path of the UAL file used to protect the key-store.

Throws:

UserFatalException - Thrown if it fails decoding the UAL file.

java.io.IOException - Thrown if a problem occurs when either reading the UAL file or writing the KeyStore-Ini-file.

java.security.NoSuchAlgorithmException - Thrown if one of the needed algorithms is not installed.

store

public final void store(java.lang.String ksIniFile,
         ProtectedPassword password)
                 throws UserFatalException,
                        java.security.NoSuchAlgorithmException,
                        java.io.IOException

Method store. Creates a key-store protected by a ProtectedPassword which can be defined by any class that implements the ProtectedPassword interface. This KSIniFile will store the fully qualified class name in the [Password Token] section with entry External=.

Parameters:

ksIniFile - the file path where the key-store is written.

password - the ProtectedPassword used to protect the Keystore

Throws:

UserFatalException - Thrown if the password is null, or if it fails decoding the UAL file

java.io.IOException - Thrown if a problem occurs when either reading the UAL file or writing the KeyStore-Ini-file.

java.security.NoSuchAlgorithmException - Thrown if one of the needed algorithms is not installed.

Since:

7.2 SP2 Patch

store

public final void store(java.io.OutputStream ksIniFile,
         java.lang.String ualFile)
                 throws UserFatalException,
                        java.security.NoSuchAlgorithmException,
                        java.io.IOException

Method store. This is to create a key-store protected by a UAL file to support unattended key-store login .

Parameters:

ksIniFile - the output stream to which the key-store is written to.

ualFile - the path of the UAL file used to protect the key-store.

Throws:

UserFatalException - Thrown if it fails decoding the UAL file.

java.io.IOException - Thrown if a problem occurs when either reading the UAL file or writing the KeyStore-Ini-file.

java.security.NoSuchAlgorithmException - Thrown if one of the needed algorithms is not installed.