Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

com.entrust.toolkit.util
Class PKIXCMP

java.lang.Object
  |
  +--com.entrust.toolkit.util.PKIX
        |
        +--com.entrust.toolkit.util.PKIXCMP
public final class PKIXCMP
extends PKIX

Fields inherited from class com.entrust.toolkit.util.PKIX
ansiRandom, m_authCode, m_caCertificate, m_cert, m_certHistories, m_encryptionCertificate, m_encryptionPrivateKeys, m_key, m_recipNonce, m_refNo, m_senderNonce, m_signingCertificate, m_signingKey, m_usagePeriodExpiryTime
 
Constructor Summary
PKIXCMP()
           
 
Method Summary
 void createUser(KeyPair signingKeys, KeyPair protocolKeys, ManagerTransport managerTransport, SecureStringBuffer authCode, SecureStringBuffer refNo)
          Creates a user's encryption keys and the verification certificate on a PKI5
 byte[] getClientSettings(ManagerTransport managerTransport, SecureStringBuffer refNo, SecureStringBuffer authCode)
          This method retrieves the client settings from the authority by PKIX-CMP.
 void parseEncryptionKeyUpdateResponse(LdapDirectory directory, SEQUENCE pkiMessage, PrivateKey protocolPrivateKey, X509Certificate origCaCert)
          Parses the response to the initialization request.
 void parseInitializationResponse(SEQUENCE pkiMessage, SecureStringBuffer authCode, PrivateKey protocolPrivateKey)
          Parses the response to the initialization request.
 void parseRecoveryResponse(SEQUENCE pkiMessage, SecureStringBuffer authCode, PrivateKey protocolPrivateKey)
          Parses the response to the recovery request.
 void parseSigningKeyUpdateResponse(LdapDirectory directory, SEQUENCE pkiMessage, PrivateKey newSigningKey, X509Certificate origCaCert)
          Parses the response to the initialization request.
 void recoverCertificates(KeyPair signingKeys, KeyPair protocolKeys, ManagerTransport managerTransport, SecureStringBuffer authCode, SecureStringBuffer refNo)
          Performs the actual communication with the manager to recover the certificates.
 void updateEncryptionKeys(ManagerTransport managerTransport, LdapDirectory directory, PrivateKey signingKey, X509Certificate signingCert, PrivateKey[] encryptionPrivateKeys, X509Certificate encryptionCert, java.lang.String[] certHistories, X509Certificate origCaCert)
          Performs the actual communication with the manager to update the singing key.
 void updateEncryptionKeysPriv(ManagerTransport t, PrivateKey k, X509Certificate c, PrivateKey[] pks, X509Certificate c2, java.lang.String[] s)
           
 void updateSigningKeys(ManagerTransport managerTransport, LdapDirectory directory, PrivateKey oldSigningKey, X509Certificate oldSigningCert, X509Certificate origCaCert)
          Performs the actual communication with the manager to update the singing key.
 void updateSigningKeysPriv(ManagerTransport t, PrivateKey k, X509Certificate c)
           
 void writeComplete(ManagerTransport managerTransport, boolean success)
          This method tells to the Entrust PKI whether the Entrust profile was successfully stored after a create, recovery or update operation.
 
Methods inherited from class com.entrust.toolkit.util.PKIX
getCaCertificate, getCertificateHistory, getDecryptionKeys, getEncryptionCertificate, getName, getNumberOfPrivateKeys, getSigningKey, getVerificationCertificate
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PKIXCMP

public PKIXCMP()
        throws NoSuchAlgorithmException
Method Detail

updateSigningKeysPriv

public void updateSigningKeysPriv(ManagerTransport t,
                                  PrivateKey k,
                                  X509Certificate c)

updateEncryptionKeysPriv

public void updateEncryptionKeysPriv(ManagerTransport t,
                                     PrivateKey k,
                                     X509Certificate c,
                                     PrivateKey[] pks,
                                     X509Certificate c2,
                                     java.lang.String[] s)

createUser

public void createUser(KeyPair signingKeys,
                       KeyPair protocolKeys,
                       ManagerTransport managerTransport,
                       SecureStringBuffer authCode,
                       SecureStringBuffer refNo)
                throws NoSuchAlgorithmException,
                       PKIXException
Creates a user's encryption keys and the verification certificate on a PKI5
Overrides:
createUser in class PKIX
Tags copied from class: PKIX
Parameters:
signingKeys - The user's RSA signing key pair.
encryptionKeys - The user's RSA encryption key pair.
managerTransport - The manager transport for the connection to the Authority.
authCode - The manager-generated authorization code.
refNo - The manager-generated reference number.
Throws:
ProfileException - If the manager responds in a way that we can't understand.
ProfileException - If we can't create the PKIX request messages.

parseInitializationResponse

public void parseInitializationResponse(SEQUENCE pkiMessage,
                                        SecureStringBuffer authCode,
                                        PrivateKey protocolPrivateKey)
                                 throws NoSuchAlgorithmException,
                                        PKIXException
Parses the response to the initialization request.
Parameters:
c - The certificates that the response should be sucked into.
response - The PKIX message representing the response.
recipIP - The IP address of the manager.
authCode - The authorization code of the user being created.
protocolPrivateKey - The private key corresponding to the public key sent to the manager in the certificate request message.
Throws:
ProfileException - Thrown if the response can't be parsed.

parseRecoveryResponse

public void parseRecoveryResponse(SEQUENCE pkiMessage,
                                  SecureStringBuffer authCode,
                                  PrivateKey protocolPrivateKey)
                           throws NoSuchAlgorithmException,
                                  PKIXException
Parses the response to the recovery request.
Parameters:
c - The certificates that the response should be sucked into.
response - The PKIX message representing the response.
recipIP - The IP address of the manager.
authCode - The authorization code of the user being created.
protocolPrivateKey - The private key corresponding to the public key sent to the manager in the certificate request message.
Throws:
ProfileException - Thrown if the response can't be parsed.

parseSigningKeyUpdateResponse

public void parseSigningKeyUpdateResponse(LdapDirectory directory,
                                          SEQUENCE pkiMessage,
                                          PrivateKey newSigningKey,
                                          X509Certificate origCaCert)
                                   throws NoSuchAlgorithmException,
                                          PKIXException
Parses the response to the initialization request.
Parameters:
c - The certificates that the response should be sucked into.
response - The PKIX message representing the response.
recipIP - The IP address of the manager.
authCode - The authorization code of the user being created.
protocolPrivateKey - The private key corresponding to the public key sent to the manager in the certificate request message.
Throws:
ProfileException - Thrown if the response can't be parsed.

parseEncryptionKeyUpdateResponse

public void parseEncryptionKeyUpdateResponse(LdapDirectory directory,
                                             SEQUENCE pkiMessage,
                                             PrivateKey protocolPrivateKey,
                                             X509Certificate origCaCert)
                                      throws NoSuchAlgorithmException,
                                             PKIXException
Parses the response to the initialization request.
Parameters:
c - The certificates that the response should be sucked into.
response - The PKIX message representing the response.
recipIP - The IP address of the manager.
authCode - The authorization code of the user being created.
protocolPrivateKey - The private key corresponding to the public key sent to the manager in the certificate request message.
Throws:
ProfileException - Thrown if the response can't be parsed.

recoverCertificates

public void recoverCertificates(KeyPair signingKeys,
                                KeyPair protocolKeys,
                                ManagerTransport managerTransport,
                                SecureStringBuffer authCode,
                                SecureStringBuffer refNo)
                         throws NoSuchAlgorithmException,
                                PKIXException
Description copied from class: PKIX
Performs the actual communication with the manager to recover the certificates.
Overrides:
recoverCertificates in class PKIX
Tags copied from class: PKIX
Parameters:
signingKeys - The user's RSA signing key pair.
protocolKeys - The keys used to secure the transmitted data
managerTransport - The manager transport for the connection to the Authority.
authCode - The manager-generated authorization code.
refNo - The manager-generated reference number.
Throws:
ProfileException - If the manager responds in a way that we can't understand.
ProfileException - If we can't create the PKIX request messages.

updateSigningKeys

public void updateSigningKeys(ManagerTransport managerTransport,
                              LdapDirectory directory,
                              PrivateKey oldSigningKey,
                              X509Certificate oldSigningCert,
                              X509Certificate origCaCert)
                       throws PKIXException,
                              NoSuchAlgorithmException
Description copied from class: PKIX
Performs the actual communication with the manager to update the singing key.
Overrides:
updateSigningKeys in class PKIX
Tags copied from class: PKIX
Parameters:
managerTransport - The manager transport for the connection to the Authority.
oldSigningKey - The old signing key.
oldSigningCertificate - The old signing certificate.
Throws:
ProfileException - If the manager responds in a way that we can't understand.
ProfileException - If we can't create the PKIX request messages.

updateEncryptionKeys

public void updateEncryptionKeys(ManagerTransport managerTransport,
                                 LdapDirectory directory,
                                 PrivateKey signingKey,
                                 X509Certificate signingCert,
                                 PrivateKey[] encryptionPrivateKeys,
                                 X509Certificate encryptionCert,
                                 java.lang.String[] certHistories,
                                 X509Certificate origCaCert)
                          throws PKIXException,
                                 NoSuchAlgorithmException
Description copied from class: PKIX
Performs the actual communication with the manager to update the singing key.
Overrides:
updateEncryptionKeys in class PKIX
Tags copied from class: PKIX
Parameters:
managerTransport - The manager transport for the connection to the Authority.
signingKey - The signing key.
signingCertificate - The signing certificate.
encryptionPrivateKeys - The encryption private keys.
encryptionCert - The encryption certificate.
certHistories - The certificate history.
Throws:
ProfileException - If the manager responds in a way that we can't understand.
ProfileException - If we can't create the PKIX request messages.

getClientSettings

public byte[] getClientSettings(ManagerTransport managerTransport,
                                SecureStringBuffer refNo,
                                SecureStringBuffer authCode)
                         throws PKIXException
This method retrieves the client settings from the authority by PKIX-CMP.

writeComplete

public void writeComplete(ManagerTransport managerTransport,
                          boolean success)
                   throws NoSuchAlgorithmException,
                          PKIXException
This method tells to the Entrust PKI whether the Entrust profile was successfully stored after a create, recovery or update operation. This method must be called after one of these operations (and should not be called otherwise).

NOTE: The same EntrustManagerTransport transport that was provided to create, recover or key update must be supplied, as well as whether the profile was successfully stored or not.

NOTE: writeComplete() must be called within N seconds of the completion of the call to create(), recover() or updateSigning/EncryptionKeys, where N is 30 for an Entrust 3.0 infrastructure and 60 for an Entrust 4.0 infrastructure. If this time is exceeded, then the keys will automatically be revoked.

NOTE: Failing to call this method after a create, recover or key update operation (all the operations that communicate with the Entrust Manager) or passing false as the success parameter will cause the newly retrieved certificates to be revoked (thus making them unusable). Passing true as the success parameter completes the PKIX create/update/recover PKIX message exchange.

Overrides:
writeComplete in class PKIX
Parameters:
managerTransport - A transport object through which PKIX messages will be relayed to and from the Entrust Manager.
success - Whether the profile was successfully stored (written).
Throws:
ProfileException - Thrown if a create/update/recover has not been initiated or the PKIX acknowledgement could not be send to the Entrust Manager.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD