com.entrust.toolkit.util

Class SMProxyManagerTransport

java.lang.Object

com.entrust.toolkit.util.ManagerTransport

com.entrust.toolkit.util.SMProxyManagerTransport

All Implemented Interfaces:

PollableResource

public class SMProxyManagerTransport
extends ManagerTransport

Provides a ManagerTransport implementation that is able to communicate through a Security Manager Proxy.

Since:

8.1

See Also:

ManagerTransport

Field Summary

Fields inherited from class com.entrust.toolkit.util.ManagerTransport

DEFAULT_CONNECT_TIMEOUT, DEFAULT_SO_LINGER, DEFAULT_SO_TIMEOUT, in, out, recipientAddress

Constructor Summary

Constructors

Constructor and Description
SMProxyManagerTransport(IniFile entrustIniFile) Creates a SMProxyManagerTransport object using an entrust.ini file.
SMProxyManagerTransport(java.lang.String smproxyHost, int smproxyPort) Creates a SMProxyManagerTransport object with the Security Manager Proxy address, as a String, and the port number (as an integer).
SMProxyManagerTransport(java.lang.String smproxyHost, int smproxyPort, SMProxyConfig httpsConfig) Creates a SMProxyManagerTransport object with the Security Manager Proxy address, as a String, and the port number (as an integer).
SMProxyManagerTransport(java.net.URL smproxyURL) Creates a SMProxyManagerTransport object using the URL

Method Summary

Methods

Modifier and Type	Method and Description
void	beginNewSession() Called whenever a new session or request to the PKI RA is about to be made.
void	dataReady(byte[] data) Passes messages as a byte array.
void	endSession() Must be called whenever a session to the PKI RA is complete.
java.lang.String	getAddress() Returns the PKI RA's address specified by managerIP in other methods if it has not been explicitly defined.
java.security.cert.X509Certificate[]	getClientCredentials() Returns the client X509Certificate chain set by setClientCredentials.
SMProxyConfig	getSMProxyConfig() Returns the Security Manager Proxy configuration.
boolean	isAvailable() Determines whether or not the PKI Registration Authority is available.
void	setClientCredentials(java.security.cert.X509Certificate[] chain, java.security.PrivateKey signingKey) Sets the client credentials for authenticating to the Security Manager Proxy Server.
void	setSMProxyConfig(SMProxyConfig config) Sets the configuration for SSL connections

Methods inherited from class com.entrust.toolkit.util.ManagerTransport

calculateASNLength, checkStatus, DNSLookup, getGeneralMessageInfo, getInputStream, getInstance, getInstance, getOutputStream, getPort, getSoConnectTimeout, getSoLinger, getSoTimeout, getTrustRoots, periodicPoll, readManagerTransportMessage, readNegPollRep, readPKIX4Response, readPKIXCMPResponse, setClientCredentials, setSoConnectTimeout, setSoLinger, setSoTimeout, setStreams, setTrustRoots

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SMProxyManagerTransport

public SMProxyManagerTransport(IniFile entrustIniFile)
                        throws SMProxyException,
                               java.net.MalformedURLException

Creates a SMProxyManagerTransport object using an entrust.ini file.

This constructor takes an IniFile that contains the proxy URL addresses with a protocol value of either http or https. i.e http://www.proxy.entrust.com or https://www.proxy.entrust.com

If the Security Manager Proxy was not configured to use default ports, the port values must be specified in the URL. ie. http://www.proxy.entrust.com:8080 or https://www.proxy.entrust.com:4443

The Entrust Settings section of the INI file must contain one of the following settings:

SMProxyURL

The common URL for the SMProxy server. Use this if all of the proxied connections are through the same SMProxy server.

SMManagerProxyURL

The URL for the proxy server that provides the Roaming Server connection. Use this setting if the Manager Transport connections are to go through a separate SMProxy server.

Parameters:

entrustIniFile - the IniFile object that contains the proxy settings

Throws:

SMProxyException

java.net.MalformedURLException

See Also:

SMProxyDirectory.SMProxyDirectory(IniFile entrustIniFile), RoamingConfiguration.RoamingConfiguration(IniFile iniFile, boolean smProxyEnabled )

SMProxyManagerTransport

public SMProxyManagerTransport(java.net.URL smproxyURL)
                        throws SMProxyException

Creates a SMProxyManagerTransport object using the URL

This constructor takes a URL constructed with a protocol value of either http or https. i.e http://www.proxy.entrust.com or https://www.proxy.entrust.com

If the Security Manager Proxy was configured to use non-default ports, these should be specified in the URL. ie. http://www.proxy.entrust.com:8080 or https://www.proxy.entrust.com:4443

Note: If an https address is used, an SMProxyConfig object should be used to provide the TrustManager.

Parameters:

smproxyURL - a URL that represents the Security Manager Proxy resource

Throws:

SMProxyException - if smproxyURL is invalid

SMProxyManagerTransport

public SMProxyManagerTransport(java.lang.String smproxyHost,
                       int smproxyPort)
                        throws SMProxyException

Creates a SMProxyManagerTransport object with the Security Manager Proxy address, as a String, and the port number (as an integer).

Connections created with this constructor will not use SSL/TLS

Parameters:

smproxyHost - the Security Manager Proxy host name

smproxyPort - the Security Manager Proxy port number (typically, 80)

Throws:

SMProxyException - if smproxyHost value is invalid

SMProxyManagerTransport

public SMProxyManagerTransport(java.lang.String smproxyHost,
                       int smproxyPort,
                       SMProxyConfig httpsConfig)
                        throws java.io.IOException

Creates a SMProxyManagerTransport object with the Security Manager Proxy address, as a String, and the port number (as an integer).

This constructor allows the use of SSL/TLS to protect communication with the Security Manager Proxy server.

Parameters:

smproxyHost - the Security Manager Proxy host name

smproxyPort - the Security Manager Proxy port number (typically, 80 or 443)

httpsConfig - https configuration to use when connecting to the proxy via SSL/TLS. May be null if SSL/TLS is not required.

Throws:

java.io.IOException - if any of the parameters are invalid

Method Detail

endSession

public void endSession()

Description copied from class: ManagerTransport

Must be called whenever a session to the PKI RA is complete.

endSession() closes the existing socket connection.

If a sub-class of ManagerTransport is created, override this method and the dataReady() method. Reset the connection to the RA.

Overrides:

endSession in class ManagerTransport

dataReady

public void dataReady(byte[] data)
               throws java.io.IOException

Description copied from class: ManagerTransport

Passes messages as a byte array.

dataReady(byte[] data) is called when a data message is ready for the PKI RA. Sub-classes of ManagerTransport can overide this method and send the data using any method they choose, e-mail or HTTP, for example. The sub-classes must first have implemented a simliar proxy mechanism on the PKI RA's side of the connection.

A User object composes a message for the PKI RA and calls this method, passing the message in a byte array. Usually, a sub-class of ManagerTransport implements the dataReady() method and sends the message to the PKI RA. User then calls the readPKIXCMPResponse() method and expects to receive a byte array containing the RA's response.

For example, this code fragment illustrates User using ManagerTransport:

      transport.dataReady(messageForManager);
      byte[] messageFromManager = transport.read();
  

Overrides:

dataReady in class ManagerTransport

Parameters:

data - the data that is ready to be sent to the RA

Throws:

java.io.IOException - thrown if the output stream has been closed before this method is called

See Also:

ManagerTransport.beginNewSession()

beginNewSession

public void beginNewSession()

Description copied from class: ManagerTransport

Called whenever a new session or request to the PKI RA is about to be made.

beginNewSession() closes the existing socket connection, if there is one, and connects to the PKI RA again to prepare for the communication request.

If a sub-class of ManagerTransport is created, override this method and the dataReady() method. Reset the connection to the RA.

Overrides:

beginNewSession in class ManagerTransport

getAddress

public java.lang.String getAddress()

Description copied from class: ManagerTransport

Returns the PKI RA's address specified by managerIP in other methods if it has not been explicitly defined.

Overrides:

getAddress in class ManagerTransport

Returns:

The recipient address (For example, www.acme.com, pkix@acme.com)

setClientCredentials

public void setClientCredentials(java.security.cert.X509Certificate[] chain,
                        java.security.PrivateKey signingKey)

Sets the client credentials for authenticating to the Security Manager Proxy Server.

If the signingKey parameter is null, TLS client authentication will be disabled. This is the preferred configuration as a signingKey is typically not available for user create and recover operations.

Overrides:

setClientCredentials in class ManagerTransport

Parameters:

chain - users certificate chain

signingKey - users private signing key or null

getClientCredentials

public java.security.cert.X509Certificate[] getClientCredentials()

Returns the client X509Certificate chain set by setClientCredentials.

Overrides:

getClientCredentials in class ManagerTransport

Returns:

the client X509Certificate chain set by setClientCredentials

isAvailable

public boolean isAvailable()

Determines whether or not the PKI Registration Authority is available. Contacts the PKIX-CMP service of the PKI Registration Authority checking the availability of this service, including its ability to process PKIX-CMP traffic.

Note: When using TLS to protect the connection to the SMProxy server, and the TLS session has not yet been established, this method will only test the socket connection to the SMProxy server.

Overrides:

isAvailable in class ManagerTransport

Returns:

true if the PKI Registration Authority is available; false otherwise

getSMProxyConfig

public SMProxyConfig getSMProxyConfig()

Returns the Security Manager Proxy configuration.

Returns:

the Security Manager Proxy configuration

setSMProxyConfig

public void setSMProxyConfig(SMProxyConfig config)

Sets the configuration for SSL connections

Parameters:

config - the configuration to set