Class semper.certificate.CertificateMan
All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class semper.certificate.CertificateMan

java.lang.Object
   |
   +----semper.certificate.CertificateMan

public class CertificateMan
extends Object
implements CertificateConstants, ComPointConstants, CryptoConstants
The certificate manager provides services for registering a public key in order to get a certificate, and handling of issued certificates both at the user side and the RA/CA side. The actual handling of certificates is done in a module, while the manager provides an interface to the module. For example, verification of a certificate is done in the module so that the manager does not need to know the details of the implementation of the certificate. Similarly handling of registration (such as details of the registration form and rules for issuing certificates) is done by the module. The present version of the certificate block only supports a single CA, but it will be upgraded to support a hierarchy of of CAs. Furthermore, it assumes that the roles of RA and CA will be played by the same party (as is the case in the initial SEMPER trials. Please see here for more information about the certificate service block.

Variable Index

 o _user

Constructor Index

 o CertificateMan()

Method Index

 o buildPrefs(boolean)
This method builds the preferences needed by the certificate block.
 o changeCertificate(Client)
Send changed Certificate to client.
 o checkCertificate(Certificate)
Check whether the Certificate is ok.
 o checkRegistrationStatus(ComPointAddress, long, Vector)
checkRegistrationStatus checks the status of the registration proces.
 o clientCall(ComPointAddress, Vector, IntObject)
A clientCall can be used to setup a communication point with the CA server.
 o computeFingerprint(CryptoKeyInfo, int)
Computes a fingerprint of a public key on the TINGUIN.
 o fillOutTemplate(Template, Document, CryptoKeyInfo)
Fill out the template.
 o getAllCAnames()
getAllCAnames output the distinguished names of all the CA/RAs at which the Client has registered a Certificate.
 o getCertificate(Certificate, boolean)
Retrieve the certificate(s) which are like the certificate given as an argument.
 o getChangedCertificate(Certificate, Vector)
Try to get a changed certificate from ca.
 o getFilledTemplate(Client)
Get filled Template from client.
 o getLocalCertificates(Certificate)
getLocalCertificates retrieves a selection of local certificates (from the local archive).
 o getNewCertificate(ComPointAddress, Vector)
getNewCertificate tries to get a newly issued certificate after issuing a sendCertificateRequest in case the certificate was not received previously.
 o getPublicKey(Client)
Get Public Key from client which should equal public key in template.
 o getRegistration(ComPointAddress, long, Vector)
getRegistration tries to obtain the issued registration from RA.
 o getSrvAddress(String)
getSrvAddress uses a Distinguished name of CA/RA to retrieve a ComPointAddress (this is automagically stored, when one accesses RA/CA first time).
 o getTrustedPK(ComPointAddress, Vector)
Get the trusted public Key of the CA.
 o handleRequest(ComPoint)
Handles the incoming request on the CA side.
 o init()
Initialises the Certification Manager.
 o installCertificate(Certificate)
Install certificate.
 o installRegistration(Registration)
Store registration in Archive under special access name.
 o installTrustedPK(String, CryptoKeyInfo)
Install the trusted public Key of the CA.
 o isInitialised()
Tells whether CertificateMan is initialised.
 o issueCertificate(Registration, CryptoKeyInfo, int, int, Date, Date, int)
Issue new certificate for myClient.
 o issueCertificateRequest(ComPointAddress, Vector, long, int, int, Date, Date, int)
After registration I can get certificates from a CA that accepts the RA I registered with and has an account there.
 o issueRegistration(Template)
Issue new registration based upon template.
 o removeCertificate(Certificate)
Remove the given Certificate from Archive.
 o retrieveCertificate(Object, int, boolean)
Retrieve a list of certificates.
 o retrieveTrustedPK(String)
Retrieve the installed trusted public Key of the CA.
 o sendCertificate(Client)
sendCertificate tries to send a list of certificates after receiving a request from myClient.
 o sendChangeCertificateRequest(Certificate, Vector)
Send a request to change the Certificate identifed by cert.getSerialNR() issued by cert.getCADN().
 o sendError(ComPoint, String)
Send error: Send an error to the opposite side.
 o sendFilledTemplate(ComPointAddress, Vector, Template, CryptoKeyInfo, int)
Send the filled-in template, returned by fillinTemplate.
 o sendIssuedCertificate(Client)
Send issued Certificate to client.
 o sendPublicKey(ComPointAddress, CryptoKeyInfo)
Send the Public Key which is also a part of the filled-in template.
 o sendRegistration(Client)
Send registration to client.
 o sendRegistrationStatus(Client)
Send status of the registration-proces to client.
 o sendTemplate(Client)
Send Template to myClient.
 o sendTemplateRequest(ComPointAddress, Vector)
Send the initial request during the Registration phase to the server indicating to server that I want a registration Template for the RA (which currently is co-located at CA).
 o sendTrustedPK(Client)
Send trusted public key to myClient.
 o showFingerprint(String, CryptoKeyInfo, int)
Shows a fingerprint of a public key on the TINGUIN.
 o showFingerprint(String, int)
Shows a fingerprint of the public key of a CA on the TINGUIN.
 o storeCertificate(Certificate)
Store certificate in Arhive.
 o storePublicKey(CryptoKeyInfo, String, long)
Store myClients Public Key used for the lastly issued template.client which should equal public key in template.

Variables

 o _user
  public static String _user

Constructors

 o CertificateMan
  public CertificateMan()

Methods

 o isInitialised
  public static boolean isInitialised()
Tells whether CertificateMan is initialised. The CertificateMan is initialised when CertificateMan.init() has been sucessfully executed.
Returns:
s true if CertificateMan.init() has been executed, false otherwise.
 o buildPrefs
  public static void buildPrefs(boolean isCA)
This method builds the preferences needed by the certificate block. For the moment the following preferences can be selected: when should expired registrations and certificates be removed. The CA can additionally set the conditions under which a certificate can be updated and issued automatically. Further choices are planned: the most important one is to let the user specify when a certificate must be verified on-line.
 o init
  public static void init() throws CertificateManException, RuntimeException
Initialises the Certification Manager. The initialisation reads a number of settings from the configuration. First it reads "semper.certificate.isServer" to determine if CA-functinality is required, where "0" means no, "1" means "yes" (if this is not set, it is interpreted as "0". Next the user name is set by reading "semper.configuration.username". If this is not present, the user name is read from the system.

The distinguished name and the address of the CA is read from "semper.certificate.CADN" and "semper.certificate.CAHost", respectively.

The name of the class implementing templates needed for registration is read from "semper.certificate.TempName".

The name of the class implementing registrations is read from "semper.certificate.RegName".

The name of the module implementing the registration procedure is read from "semper.certificate.RCModName" and the name of the implementation of the certificate is read from "semper.certificate.CertName".

init() also initialises the preferences set by the CA and for a CA the module is initialised. This means that the public key of the CA is recovered. See here what happens in the module implemented by SEMPER.

Throws: CertificateManException
if a requested module could not be loaded or initialised
 o handleRequest
  public static Streamable handleRequest(ComPoint cp) throws CertificateManException
Handles the incoming request on the CA side. This function reads a request on the ComPoint given as input parameter and calls a function handling the request.
Parameters:
ComPoint - cp: A client ComPoint, normally a newly accepted one
Returns:
s Streamable that the Client sent to me and has to be verified. This might either be a Filled Template which is the basis for issuing a registration or a partially filled Certificate, which either is to be used to issue a new certificate or to change an existing certificate.
Throws: CertificateManException
if an error during the Communication occurs.
 o sendTrustedPK
  public static void sendTrustedPK(Client myClient) throws CertificateManException
Send trusted public key to myClient. The trusted public key is the public key of the CA which is not certified. This key is simply sent to the client with not protection at all. This is a reply to a call of getTrustedPK at the client side.
Parameters:
myClient: - The client, that sent a getTrustedPK request and therefore shall get my trusted public key as requested.
Throws: CertificateManException
if communication fails.
See Also:
getTrustedPK
 o sendTemplate
  public static synchronized void sendTemplate(Client myClient) throws CertificateManException
Send Template to myClient. This method is synchronised in order to avoid two different templates getting the same serial number. The client request a Template using sendTemplateRequest.
Parameters:
myClient: - The client, that sent a getTemplateRequest and therefore shall get a template as requested
Throws: CertificateManException
if a send during this phase fails.
See Also:
sendTemplateRequest
 o getPublicKey
  public static CryptoKeyInfo getPublicKey(Client myClient) throws CertificateManException
Get Public Key from client which should equal public key in template. Store this public key via storePublicKey(). The client can send the public key using sendPublicKey.
Parameters:
myClient - is the Client from which to receive public key.
Returns:
the public key received from the user (client)
Throws: CertificateManException
if send/receive fails.
See Also:
sendPublicKey, storePublicKey
 o storePublicKey
  public static void storePublicKey(CryptoKeyInfo pkey,
                                    String userName,
                                    long templateNr) throws CertificateManException
Store myClients Public Key used for the lastly issued template.client which should equal public key in template.
Parameters:
pkey: - the Public Key to be stored.
userName: - DN of user for whom to store public key.
templateNr: - Nr of Template which has this public key as its public key.
Throws: CertificateManException
if storing fails, or the client hasn't sent the filled-out Template yet.
 o getFilledTemplate
  public static Template getFilledTemplate(Client myClient)
Get filled Template from client. This method also verifies signature on template against the public key to be registered (to crosscheck, whether the user indeed has access to the secret key which is the counterpart to the public key in the Template). This metod also computes a designated name for the client based on the information in the template (done by module). This designated name is sent to the client. The client sends the filled out template using sendFilledTemplate.
Parameters:
myClient: - Client who filled out Template.
Returns:
the filled out template if the verification and all communication succeeded. Null otherwise.
See Also:
computeDN, sendFilledTemplate
 o installRegistration
  public static void installRegistration(Registration reg) throws CertificateManException
Store registration in Archive under special access name. This service has to be called in order to be able to retrieve the Registration later. that the registration is stored The client can use this as well in order to store the registration locally.
Parameters:
reg: - the Registration that shall be installed.
Throws: CertificateManException
if the Archive can't process the request.
 o sendRegistration
  public static void sendRegistration(Client myClient) throws CertificateManException
Send registration to client. This method allows the CA/RA to send the information registered about a client to the client. The client requests this information using getRegistration.
Parameters:
myClient: - Client for which registration is (should have been) issued
Throws: CertificateManException
if send fails.
See Also:
getRegistration
 o sendRegistrationStatus
  public static void sendRegistrationStatus(Client myClient) throws CertificateManException
Send status of the registration-proces to client. The client request this using checkRegistrationStatus(). The status is computed by the module.
Parameters:
myClient: - Client for which registration is or shall be issued
Throws: CertificateManException
if send fails.
See Also:
checkRegistrationStatus
 o issueRegistration
  public static Registration issueRegistration(Template templ) throws CertificateManException
Issue new registration based upon template. Based on the information in a filled out template the CA registers the user.
Parameters:
templ: - Template which has to be the basis for this registration.
Returns:
the Registration object corresponding to the registered information
Throws: CertificateManException
if issuing registration isn't successful.
 o sendIssuedCertificate
  public static void sendIssuedCertificate(Client myClient) throws CertificateManException
Send issued Certificate to client. A user in the process of being registered can request a certificate using issueCertificateRequest. This service first verifies that the client has registered. If not an error is sent to the client. If the user has been registered this service tries to issue a certificate. Whether this succeeds or not depends on the preferences set by the CA.
Parameters:
myClient: - Client who sent request to issue Certificate
Throws: CertificateManException
if send fails.
See Also:
issueCertificateRequest
 o changeCertificate
  public static Certificate changeCertificate(Client myClient) throws CertificateManException
Send changed Certificate to client. The client can request a certificate to be changed using sendChangeCertificateRequest. In order to respond to this request, the CA does the following: get the new (unsigned) certificate from the client, verifies that the client already has a certificate with the given serial number, and if allowed by the preferences (i.e., if the requested changes are not too dramatic) issues a new certificate as requested. The new certificate is also returned. This service is stil not fully imlemented. In particular, the new certificate is not signed for the moment.
Parameters:
myClient: - Client who sent request tochange Certificate
Returns:
The new certificate (null if the change failed)
Throws: CertificateManException
if send fails.
See Also:
sendChangeCertificateRequest
 o issueCertificate
  public static Certificate issueCertificate(Registration reg,
                                             CryptoKeyInfo pKey,
                                             int scope,
                                             int type,
                                             Date startValid,
                                             Date endValid,
                                             int status) throws CertificateException, CertificateManException
Issue new certificate for myClient. This service simply uses the module to issue a new certificate according to the parameters given as input. Thus this service should only be called if the CA has decided to issue the certificate. This service uses a corresponding service of the module to actually issue the certificate.
Parameters:
reg - is the registration that is the basis of the certificate
pKey: - the public Key to be certified with the new Certificate.
scope: - the scope for this Certificate (Signature, Encryption).
type: - Type of the Certificate (Key, Attribute, Hybrid).
startValid: - start of the timeperiod in which this certificate is valid.
endValid: - end of the timeperiod in which this certificate is valid.
status - the status of the new certificate
Returns:
the issued certificate is returned
Throws: CertificateException
if there weren't any serialnos for Certificates available any more, or another failure occurred during the generation of the certificate.
Throws: CertificateManException
if the issued Certificate couldn't be stored.
See Also:
issueCertificate
 o installCertificate
  public static void installCertificate(Certificate cert) throws CertificateManException
Install certificate. A pseudonym for storeCertificate in order to maintain compatibility with previous interface. Will at some point be deleted.
Parameters:
cert: - Certificate to be stored.
Throws: CertificateManException
if store fails.
 o storeCertificate
  public static void storeCertificate(Certificate cert) throws CertificateManException
Store certificate in Arhive. Can also be used by client.
Parameters:
cert: - Certificate to be stored.
Throws: CertificateManException
if store fails.
 o sendError
  public static void sendError(ComPoint comPoint,
                               String message) throws CertificateManException
Send error: Send an error to the opposite side. This function is used to send an error, by first sending an ERROR code and then an error message.
Parameters:
comPoint: - comPoint to the other part
message: - Error Message to be sent
Throws: CertificateManException
if the error couldn't be sent
 o getLocalCertificates
  public static Vector getLocalCertificates(Certificate partialCert)
getLocalCertificates retrieves a selection of local certificates (from the local archive). A partial Certificate, containing null or 0 for unidentified fields and correct values for the other fields is used as search criteria.
Parameters:
partialCert - is the Certificate containing search criteria.
Returns:
s a Vector of certificates from the archive matching the search criteria.
 o sendCertificate
  public static void sendCertificate(Client myClient) throws CertificateManException
sendCertificate tries to send a list of certificates after receiving a request from myClient. In order to do so, the client has to send a partial Certificate, containing null or 0 for unidentified fields and correct values for the other fields.
Parameters:
Client - myClient is the client who sent a getCertificatesRequest.
Throws: CertificateManException
if the retrieved certifiactes couldn't be sent to myClient.
 o getTrustedPK
  public static CryptoKeyInfo getTrustedPK(ComPointAddress srvAddr,
                                           Vector options) throws CertificateManException
Get the trusted public Key of the CA. This call results in the CA sending the public key using sendTrustedPK.
Parameters:
srvAddr: - ComPointAddress of the CA-server.
options - can be used to st options to be used in communication
Returns:
s trustedPK: CA's public key
Throws: CertificateManException
if Certificate Manaeger couldn't get the key from CA.
See Also:
sendTrustedPK
 o installTrustedPK
  public static void installTrustedPK(String caDN,
                                      CryptoKeyInfo trustedPK) throws CertificateManException
Install the trusted public Key of the CA. This service stores the public key of the CA in the archive.
Parameters:
caDN: - Distinguished name of CA.
trustedPK: - CA's public key
Throws: CertificateManException
if the key couldn't get installed
 o computeFingerprint
  public static String computeFingerprint(CryptoKeyInfo trustedPK,
                                          int hashAlg) throws CertificateManException
Computes a fingerprint of a public key on the TINGUIN. The fingerprint is the hashvalue computed using the given hashfunction and cnverted to a hexádecimal String.
Parameters:
trustedPK - is the public key for which a fingerpring should be computed
hashAlg - is ths hashing algorithm to be used for generating the fingerprint. If 0 the default function for the CA is used.
Returns:
true if the user accepted the fingerprint of the key
Throws: CertificateManException
if, for some reason, the fingerprint could not be displayed
 o showFingerprint
  public static boolean showFingerprint(String caDN,
                                        CryptoKeyInfo trustedPK,
                                        int hashAlg) throws CertificateManException
Shows a fingerprint of a public key on the TINGUIN. This function allows the user to compare his local copy of the trusted public key with other published copies (e.g., with copies shown at the CA's home page). The fingerprint is computed using computeFingerprint. If no key is given as parameter and no key has been installed for the CA this method shows a message with no fingerpring on the TINGUIN (this may be changed later)
Parameters:
caDN - is the distinguished name of the CA
trustedPK - is the public key for which a fingerpring should be shown (if this is null a fingerpring of the installed public key of the CA will be shown)
hashAlg - is ths hashing algorithm to be used for generating the fingerprint. If 0 the default function for the CA is used.
Returns:
true if the user accepted the fingerprint of the key
Throws: CertificateManException
if, for some reason, the fingerprint could not be displayed
See Also:
computeFingerprint
 o showFingerprint
  public static boolean showFingerprint(String caDN,
                                        int hashAlg) throws CertificateManException
Shows a fingerprint of the public key of a CA on the TINGUIN. This function allows the user to compare his local copy of the trusted public key with other published copies (e.g., with copies shown at the CA's home page). The fingerprint is computed using computeFingerprint. If no public key for the CA has been installed an empty string will be depicted as fingerprint.
Parameters:
caDN - is the distinguished name of the CA
hashAlg - is ths hashing algorithm to be used for generating the fingerprint. If 0 the default function for the CA is used.
Returns:
true if the user accepted the fingerprint of the key
Throws: CertificateManException
if, for some reason, the fingerprint could not be displayed
See Also:
computeFingerprint
 o retrieveTrustedPK
  public static CryptoKeyInfo retrieveTrustedPK(String caDN) throws CertificateManException
Retrieve the installed trusted public Key of the CA.
Parameters:
caDN: - Distinguished name of CA.
Returns:
s CryptoKeyInfo pkey, which represents the CA's public Key.
Throws: CertificateManException
if the pkey of that CA hasn't been installed before (via installTrustedPK).
 o clientCall
  public static ComPoint clientCall(ComPointAddress serverAddress,
                                    Vector options,
                                    IntObject transferObject) throws CertificateManException
A clientCall can be used to setup a communication point with the CA server. This Coppoint is used for communication with the CA. The client also sends a message to the server telling the name of the client and the purpose of creating this ComPoint (i.e., an identification of the request).
Parameters:
serverAddress: - Address of server, for which to establish a ComPoint.
options: - options to be passed to communicationmodule in a call to Channel.openInitiator.
transferObject: - The Object to send to the server initially directly after establishing connection (should be an IntObject indicating type of message)
Returns:
s the ComPoint established in this initial stage of one communication. Should be closed after usage.
Throws: CertificateManException
if an error occurred during the communication.
 o sendTemplateRequest
  public static Template sendTemplateRequest(ComPointAddress serverAddress,
                                             Vector options) throws CertificateManException
Send the initial request during the Registration phase to the server indicating to server that I want a registration Template for the RA (which currently is co-located at CA). The RA/CA answers this using sendTemplate. The Template (or registration form) received from the CA contains a serial number, which is later used in registration and certificates. During this request the user identifies himself using his user name.
Parameters:
serverAddress - is the ComPointAddress of the RA-server at which I want to be registrated.
options: - option-Vector used in openInitiatorChannel.
Returns:
s ComPoint from which to receive the Template via getTemplate().
Throws: CertificateManException
if there was an error in the communcation.
See Also:
sendTemplate
 o fillOutTemplate
  public static void fillOutTemplate(Template templ,
                                     Document doc,
                                     CryptoKeyInfo pkey) throws CertificateManException
Fill out the template. This method allows a user to fill out the information requested during registration through the TINGUIN.
Parameters:
templ - is the Template to be filled out
doc - contains a description defined by the RA of the registration form
pkey - The public Key, that should be used in the Registration and later on in the certificate.
Returns:
s filled-in template.
Throws: CertificateManException
if the user did not fill out the template
 o sendFilledTemplate
  public static boolean sendFilledTemplate(ComPointAddress srvAddr,
                                           Vector options,
                                           Template templ,
                                           CryptoKeyInfo secrKey,
                                           int hashAlg) throws CertificateManException
Send the filled-in template, returned by fillinTemplate. The filled in templated identifies the which the user must use during the rest of the regstration. As part of this the client must send a signature using the secret key corresponding to the public key to be registered. Based on the information the RA sends back a designated name to the user. The uer must use this in all future communications with the CA. The client also uses this DN when storing the template in Archive.
Parameters:
srvAddr: - ComPointAddress of the RA-server.
options: - Vector of options to be used in openInitiatorChannel.
Template: - Filled-in Template returned by fillinTemplate.
secrKey: - Secret Key belonging to the Public key sent in the Certificate. This is used to create a Signature of the Template. (Not implemented yet).
Returns:
s Boolean indicating whether server received Template or not.
Throws: CertificateManException
if an error happened in the communication.
See Also:
getFilledTemplate
 o sendPublicKey
  public static void sendPublicKey(ComPointAddress srvAddr,
                                   CryptoKeyInfo pkey) throws CertificateManException
Send the Public Key which is also a part of the filled-in template. This could also be done by visting the RA and delivering the public key, together with the serial Nr. of the filled-in template sent by the client. The CA receives this using getPublicKey.
Parameters:
srvAddr: - ComPointAddress of the RA-server to which I sent the filled in template having this public key as one of its components.
pkey: - The public key to be sent to the server.
Throws: CertificateManException
if the communication failed.
See Also:
getPublicKey
 o getRegistration
  public static Registration getRegistration(ComPointAddress srvAddr,
                                             long serialNo,
                                             Vector options) throws CertificateManException
getRegistration tries to obtain the issued registration from RA. The server answers this request using sendRegistration.
Parameters:
srvAddr: - ComPointAddress of the RA-server.
serialNo - is the serial number of the template/registration for which the status must be computed
options: - The vector, that should be used in openInitiatorChannel. (currently null).
Returns:
s Registration received from RA.
Throws: CertificateManException
if an error happened during the communication or the client couldn't get the registration.
See Also:
sendRegistration
 o checkRegistrationStatus
  public static String checkRegistrationStatus(ComPointAddress srvAddr,
                                               long serialNo,
                                               Vector options) throws CertificateManException
checkRegistrationStatus checks the status of the registration proces.
Parameters:
: - srvAddr is the Address of the RA-server.
serialNo - is the serial number of the template/registration for which status is requested.
options: - Vector to use in the Communication. (null currently)
Returns:
s String describing the status of the registration.
Throws: CertificateManException
if an error happened during the communication.
See Also:
CertificateConstants, sendRegistrationStatus
 o issueCertificateRequest
  public static Certificate issueCertificateRequest(ComPointAddress caAddr,
                                                    Vector options,
                                                    long serialNr,
                                                    int scope,
                                                    int type,
                                                    Date notValidBefore,
                                                    Date notValidAfter,
                                                    int state) throws CertificateManException
After registration I can get certificates from a CA that accepts the RA I registered with and has an account there. This service sends a a request to the CA for this certificate. After getting the certificate it is stored in Arhcive using storeCertificate.
Parameters:
caAddress: - ComPointAddress of the CA-server.
options: - Option-vetor used by openInitiatorChannel.
serialNr.: - The serialNr I was registrated with, and that the certificate should contain.
scope: - Scope I would like for my certificate (signature/ encryption)
type: - Type of Certificate (Attribute / Key / Hybrid)
notValidBefore: - The certificate shouldn't be Valid before this date.
notValidAfter: - The certificate should only be valid until and includeing this date.
state: - State of this certificate (Notary/Electronic/point-and-click) etc.
Returns:
s boolean indicating whether the Request has arrived at server or not. If it returns true, the request has arrived at server, and the certificate can be retrieved later on with getNewCertificate().
Throws: CertificateManException
if an error happened during the communication.
See Also:
sendIssuedCertificate
 o getNewCertificate
  public static Certificate getNewCertificate(ComPointAddress srvAddr,
                                              Vector options) throws CertificateManException
getNewCertificate tries to get a newly issued certificate after issuing a sendCertificateRequest in case the certificate was not received previously.
Parameters:
srvAddr - is the ComPointAddress of the CA.
options - is the vector used in openInitiatorChannel (currently null).
Returns:
s the certificate issued by CA. Throws exception, if it isn't available yet.
Throws: CertificateManException
if an error happened during the communication.
See Also:
sendCertificate
 o checkCertificate
  public static boolean checkCertificate(Certificate cert) throws CertificateManException
Check whether the Certificate is ok. Later versions will use the preferences to decide whether the CA should be asked during verification. This checks, whether: a) Signature is ok. b) UserDN is ok. c) CADN is ok. d) serialNr is ok. e) scope is ok. f) notValidBefore date is ok. g) notValidAfter date is ok. h) status is ok.
Parameters:
Certificate - cert, that the CA sent.
Returns:
s true if ok, otherwise throws a CertificateManException.
Throws: CertificateManException
if an error happened during the communication.
 o removeCertificate
  public static void removeCertificate(Certificate cert) throws CertificateManException
Remove the given Certificate from Archive.
Parameters:
the - installed certificate.
Throws: CertificateManException
if an error happened while trying to remove the Certificate.
 o getSrvAddress
  public static ComPointAddress getSrvAddress(String srvDN)
getSrvAddress uses a Distinguished name of CA/RA to retrieve a ComPointAddress (this is automagically stored, when one accesses RA/CA first time).
Parameters:
String - srvDN: Distinguished Name of server, as found in a registration/certificateion.
Returns:
s ComPointAddress srvAddr reflecting the correct Address.
 o getAllCAnames
  public static String[] getAllCAnames()
getAllCAnames output the distinguished names of all the CA/RAs at which the Client has registered a Certificate. This function is not yet fully implemented.
Returns:
s String[] array of distinguished names
 o sendChangeCertificateRequest
  public static Certificate sendChangeCertificateRequest(Certificate cert,
                                                         Vector options) throws CertificateManException
Send a request to change the Certificate identifed by cert.getSerialNR() issued by cert.getCADN(). The changes are described in the certificate given as input parameter. This function is not fully implemented yet.
Parameters:
Certificate - cert representing the new certificate (though CA's signature of course isn't valid any longer)
CryptoKeyInfo - skey: the secret key which is the counterpart of the public key in the certificate.
Returns:
s new Certificate if the change is accepted, null if the Change is put on hold, and and exception is thrown if it is rejected. If the request is put on hold, the certificate can be retrieved through getChangedCertificate. This operates the same way as sendChangeCertificateRequest, ie it sends the certificate, if the change is accepted, null if the request is still on hold and throws an exception, if the request was denied.
Throws: CertificateManException
if an error happened during the communication.
See Also:
changeCertificate
 o getChangedCertificate
  public static Certificate getChangedCertificate(Certificate cert,
                                                  Vector options) throws CertificateManException
Try to get a changed certificate from ca. The ca's name is mentioned in the certificate, and the serialNr indicates which certificate I sent a change certificate request for. Again this function is not fully implemented and should not be used.
Parameters:
Certificate - cert representing the certificate to be changed
Returns:
s new Certificate if the change is accepted, null if the Change is still on hold, and and exception is thrown if it is rejected.
Throws: CertificateManException
if an error happened during the communication or the change is not accepted.
 o getCertificate
  public static Vector getCertificate(Certificate partialCert,
                                      boolean localOnly) throws CertificateManException
Retrieve the certificate(s) which are like the certificate given as an argument. In this certificate all fields which I know something about should be set via cert.setUserDN(), cert.setSerialNo() etc. An example hereof can be found in Test/TClient.java (at the bottom of this file).
Parameters:
partialCert: - Certificate generated from an empty Certificate, and only with the fields set, which I know something about.
Returns:
s Vector of all the Certificates matching this partial certificate.
Throws: CertificateManException
if an error happened during the communication.
 o retrieveCertificate
  public static Vector retrieveCertificate(Object partID,
                                           int type,
                                           boolean localOnly) throws CertificateManException
Retrieve a list of certificates. This is supposed to be a more user-friendly version of getCertificates. In order to use it, one must specify a (partial) string defining one of the String-components of a certificate. The format is: String[*], ie either "thomasj" or "thomasj*" are for instance acceptable strings. The first one will look for a specifik String, whereas the second one will look for Strings starting with "thomasj". The second parameter determines which field to set (only one field can be set with this option). the possible fields are: CertificateConstants.CADN_FIELD (ca's distinguished name) CertificateConstants.USERDN_FIELD (users distinguished name) CertificateConstants.KEYID_FIELD (keyID of the public key)
Parameters:
partID - Object identifying certificate (A string if a CADN or USERDN is given. If a KEYID is given this is an AccessName.
type - fieldtype as shown above.
localOnly - search local certificates only (in Archive).
Returns:
s a vector of certificates matching the (partial) String.
Throws: CertificateManException
if an error happens during the communication or if the Type Field was wrong.

All Packages  Class Hierarchy  This Package  Previous  Next  Index