Class semper.certificate.CertificateMan
All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class semper.certificate.CertificateMan

java.lang.Object
   |
   +----semper.certificate.CertificateMan

public class CertificateMan
extends Object
implements CertificateConstants, ComPointConstants, CryptoConstants

Variable Index

 o _user

Constructor Index

 o CertificateMan()

Method Index

 o changeCertificate(Client)
Send changed Certificate to client.
 o checkCertificate(Certificate)
Check whether the Certificate is ok.
 o checkRegistrationStatus(ComPointAddress, Vector)
checkRegistrationStatus checks the status of the registration proces.
 o clientCall(ComPointAddress, Vector, IntObject)
Create a Client call, check whether status is high enough (which means whether we've reached long enough in Protocol to send this request/object/whatever.
 o fillinTemplate(Template, CryptoKeyInfo)
Fill in the template.
 o getAllCAnames()
getAllCAnames output the distinguished names of all the CA/RAs at which the Client has registered a Certificate.
 o getCertificate(Certificate)
Retrieve the certificate(s) which are like the certificate given as an argument.
 o getChangedCertificate(Certificate, Vector)
Try to get a changed certificate from ca.
 o getFilledTemplate(Client)
Get Filled Template from client.
 o getNewCertificate(ComPointAddress, Vector)
getNewCertificate tries to Get a newly issued certificate after issuing a sendCertificateRequest.
 o getPublicKey(Client)
Get Public Key from client which should equal public key in template.
 o getRegistration(ComPointAddress, Vector)
getRegistration Tries to receive the issued registration from RA.
 o getSrvAddress(String)
getSrvAddress uses a Distinguished name of CA/RA to retrieve a ComPointAddress (this is automagically stored, when one accesses RA/CA first time).
 o getTrustedPK(ComPointAddress, Vector)
Get the trusted public Key of the RA.
 o handleRequest(ComPoint)
Handles the incoming request on the CA side.
 o init()
Initialises the Certification Manager: Sets userName, decides whether the CA-functionality is used or not and if this is CA retrieves Certificates from Archive Manager.
 o installCertificate(Certificate)
Install the received Certificate
 o installRegistration(Registration)
Install registration (has to be called in order for the client to be able to retrieve the Registration).
 o installTrustedPK(String, CryptoKeyInfo)
Install the trusted public Key of the RA.
 o isInitialised()
Tells whether CertificateMan is initialised.
 o issueCertificate(Client, CryptoKeyInfo, int, int, Date, Date, int)
Issue new certificate for myClient.
 o issueCertificateRequest(ComPointAddress, Vector, long, int, int, Date, Date, int)
After registration I can get certificates from a CA that accepts the RA i registered with and has an account there.
 o issueNewTemplate()
Issue a new template (means: add one to lastTempSN and store it)
 o issueRegistration(Template)
Issue new registration based upon template.
 o removeCertificate(Certificate)
Remove the installed Certificate
 o retrieveCertificate(String, int)
Retrieve a list of certificates.
 o retrieveTrustedPK(String)
Retrieve the installed trusted public Key of the RA.
 o sendCertificate(Client)
sendCertificate tries to send a list of certificates after receiving a getCertificatesRequest from myClient.
 o sendChangeCertificateRequest(Certificate, Vector)
Send a request to change the Certificate nr.
 o sendError(ComPoint, String)
Send error: Send an error to the opposite side
 o sendFilledTemplate(ComPointAddress, Vector, Template, CryptoKeyInfo, int)
Send the filled-in template, returned by fillinTemplate.
 o sendIssuedCertificate(Client)
Send issued Certificate to client.
 o sendPublicKey(ComPointAddress, CryptoKeyInfo)
Send the Public Key which is also a part of the filled-in template.
 o sendRegistration(Client)
Send registration to client.
 o sendRegistrationStatus(Client)
Send registration-proces' status to client.
 o sendTemplate(Client)
Send Template to myClient
 o sendTemplateRequest(ComPointAddress, Vector)
Send the initial request during the Registration phase to the server indicating to server that I want a registration Template for the RA (which currently is co-located at CA).
 o sendTrustedPK(Client)
Send trusted public key to myClient
 o storeCertificate(Certificate)
store certificate.
 o storePublicKey(CryptoKeyInfo, String, long)
Store myClients Public Key used for the lastly issued template.client which should equal public key in template.

Variables

 o _user
  public static String _user

Constructors

 o CertificateMan
  public CertificateMan()

Methods

 o isInitialised
  public static boolean isInitialised()
Tells whether CertificateMan is initialised. The CertificateMan is initialised when CertificateMan.init() has been called
Returns:
s true if CertificateMan.init() has been called, false otherwise.
 o init
  public static void init() throws CertificateManException, RuntimeException
Initialises the Certification Manager: Sets userName, decides whether the CA-functionality is used or not and if this is CA retrieves Certificates from Archive Manager. isCA determines whether this is the Certificate Manager on the CA-client or CA-server side raTemplate is the template, that the ra-server should send upon SEND_TEMPLATE_REQUEST. Ignored by CertificateMan on the CA-client side. RCModName is the name of the RCModule to be used as an implementation of RCModuleInterface, fx semper.certificate.DummyRCModule. init throws an Exception if the class isn't found, isn't accessible or doesn't implement RCModuleInterface. CertName is the name of the Certificates to be used as an implementation of Certificate, fx semper.certificate.DummyCertificate. Init throws an Exception if the class isn't found, isn't accessible or doesn't implement Certificate.
Throws: CertificateManException
if the initialization of the Manager fails (variety of possible reasons).
 o handleRequest
  public static Streamable handleRequest(ComPoint cp) throws CertificateManException
Handles the incoming request on the CA side.
Parameters:
ComPoint - cp: A client ComPoint, normally a newly accepted one (see Test/TClient.java).
Returns:
s Streamable that the Client sent to me and has to be verified. This might either be a Filled Template which is the basis for issuing a registration or a partially filled Certificate, which either is to be used to issue a new certificate or to change an existing certificate.
Throws: CertificateManException
if an error during the Communication occurs.
 o sendTrustedPK
  public static void sendTrustedPK(Client myClient) throws CertificateManException
Send trusted public key to myClient
Parameters:
myClient: - The client, that sent a getTrustedPK request and therefore shall get my trusted public key as requested.
Throws: CertificateManException
if a send during this phase fails.
 o issueNewTemplate
  public static void issueNewTemplate() throws CertificateManException
Issue a new template (means: add one to lastTempSN and store it)
Throws: CertificateManException
if storage fails.
 o sendTemplate
  public static void sendTemplate(Client myClient) throws CertificateManException
Send Template to myClient
Parameters:
myClient: - The client, that sent a getTemplateRequest and therefore shall get a template as requested
Throws: CertificateManException
if a send during this phase fails.
 o getPublicKey
  public static CryptoKeyInfo getPublicKey(Client myClient) throws CertificateManException
Get Public Key from client which should equal public key in template. Store this public key via storePublicKey()
Parameters:
myClient: - Client from which to receive public key.
Throws: CertificateManException
if send/receive fails.
 o storePublicKey
  public static void storePublicKey(CryptoKeyInfo pkey,
                                    String userName,
                                    long templateNr) throws CertificateManException
Store myClients Public Key used for the lastly issued template.client which should equal public key in template.
Parameters:
pkey: - the Public Key to be stored.
userName: - DN of user for whom to store public key.
templateNr: - Nr of Template which has this public key as its public key.
Throws: CertificateManException
if storing fails, or the client hasn't sent the filled-out Template yet.
 o getFilledTemplate
  public static Template getFilledTemplate(Client myClient)
Get Filled Template from client. Also retrieves signature on template (to crosscheck, whether user indeed has access to the secret key which is the counterpart to the public key in the Template.
Parameters:
myClient: - Client who filled out Template.
 o installRegistration
  public static void installRegistration(Registration reg) throws CertificateManException
Install registration (has to be called in order for the client to be able to retrieve the Registration). Client can use this as well.
Parameters:
reg: - the Registration that shall be installed.
Throws: CertificateManException
if the Archive can't process the request.
 o sendRegistration
  public static void sendRegistration(Client myClient) throws CertificateManException
Send registration to client.
Parameters:
myClient: - Client for which registration is (should have been) issued
Throws: CertificateManException
if send fails.
 o sendRegistrationStatus
  public static void sendRegistrationStatus(Client myClient) throws CertificateManException
Send registration-proces' status to client.
Parameters:
myClient: - Client for which registration is or shall be issued
Throws: CertificateManException
if send fails.
 o issueRegistration
  public static Registration issueRegistration(Template templ) throws CertificateManException
Issue new registration based upon template.
Parameters:
templ: - Template which has to be the basis for this registration.
Throws: CertificateManException
if issuing registration isn't successful.
 o sendIssuedCertificate
  public static void sendIssuedCertificate(Client myClient) throws CertificateManException
Send issued Certificate to client.
Parameters:
myClient: - Client who sent request to issue Certificate
Throws: CertificateManException
if send fails.
 o changeCertificate
  public static Certificate changeCertificate(Client myClient) throws CertificateManException
Send changed Certificate to client.
Parameters:
myClient: - Client who sent request tochange Certificate
Throws: CertificateManException
if send fails.
 o issueCertificate
  public static Certificate issueCertificate(Client myClient,
                                             CryptoKeyInfo pKey,
                                             int scope,
                                             int type,
                                             Date startValid,
                                             Date endValid,
                                             int status) throws CertificateException, CertificateManException
Issue new certificate for myClient.
Parameters:
myClient: - Client structure, consisting of Distinguished Name of user, and status of the clientchannel.
pKey: - the public Key to be certified with the new Certificate.
scope: - the scope for this Certificate (Signature, Encryption).
type: - Type of the Certificate (Key, Attribute, Hybrid).
startValid: - start of the timeperiod in which this certificate is valid.
endValid: - end of the timeperiod in which this certificate is valid.
Throws: CertificateException
if there weren't any serialnos for Certificates available any more, or another failure occurred during the generation of the certificate.
Throws: CertificateManException
if the issued Certificate couldn't be stored.
 o storeCertificate
  public static void storeCertificate(Certificate cert) throws CertificateManException
store certificate.
Parameters:
Certificat - cert: Certificate to be sroed.
Throws: CertificateManException
if store fails.
 o sendError
  public static void sendError(ComPoint comPoint,
                               String message) throws CertificateManException
Send error: Send an error to the opposite side
Parameters:
comPoint: - comPoint to the other part
message: - Error Message to be sent
Throws: CertificateManException
if the error couldn't be sent to the comPoint.
 o sendCertificate
  public static void sendCertificate(Client myClient) throws CertificateManException
sendCertificate tries to send a list of certificates after receiving a getCertificatesRequest from myClient. In order to do so, the client has to send a partial Certificate, containing null or 0 for unidentified fields and correct values for the other fields.
Parameters:
Client - myClient is the client who sent a getCertificatesRequest.
Throws: CertificateManException
if the retrieved certifiactes couldn't be sent to myClient.
 o getTrustedPK
  public static CryptoKeyInfo getTrustedPK(ComPointAddress srvAddr,
                                           Vector options) throws CertificateManException
Get the trusted public Key of the RA.
Parameters:
srvAddr: - ComPointAddress of the RA-server.
Returns:
s trustedPK: RA's public key
Throws: CertificateManException
if Certificate Manaeger couldn't get the key from RA.
 o installTrustedPK
  public static void installTrustedPK(String raDN,
                                      CryptoKeyInfo trustedPK) throws CertificateManException
Install the trusted public Key of the RA.
Parameters:
raDN: - Distinguished name of RA.
trustedPK: - RA's public key
Throws: CertificateManException
if the key couldn't get installed (either a key has been installed before for that RA, or the Archive couldn't store it out of other reasons).
 o retrieveTrustedPK
  public static CryptoKeyInfo retrieveTrustedPK(String raDN) throws CertificateManException
Retrieve the installed trusted public Key of the RA.
Parameters:
raDN: - Distinguished name of RA.
Returns:
s CryptoKeyInfo pkey, which represents the RA's public Key.
Throws: CertificateManException
if the pkey of that RA hasn't been installed before (via installTrustedPK).
 o clientCall
  public static ComPoint clientCall(ComPointAddress serverAddress,
                                    Vector options,
                                    IntObject transferObject) throws CertificateManException
Create a Client call, check whether status is high enough (which means whether we've reached long enough in Protocol to send this request/object/whatever. Tell CA my name, and return the ComPoint which to use for further messages or receiving responses from server.
Parameters:
serverAddress: - Addres of server, for which to establish a ComPoint.
options: - options to be passed to communicationmodule in a call to Channel.openInitiator.
transferObject: - The Object to send to the server initially directly after establishment of connection (should be an IntObject indicating type of message)
requiredStatus: - which minimal status should we have reached in the protocol in order to make this call.
Returns:
s the ComPoint established in this initial stage of one communication. should be closed after usage.
Throws: CertificateManException
if there occurred an error during the communication.
 o sendTemplateRequest
  public static Template sendTemplateRequest(ComPointAddress serverAddress,
                                             Vector options) throws CertificateManException
Send the initial request during the Registration phase to the server indicating to server that I want a registration Template for the RA (which currently is co-located at CA).
Parameters:
serverAddress - is the ComPointAddress of the RA-server at which I want to be registrated.
options: - option-Vector used in openInitiatorChannel.
Returns:
s ComPoint from which to receive the Template via getTemplate().
Throws: CertificateManException
if there was an error in the communcation.
 o fillinTemplate
  public static Template fillinTemplate(Template templ,
                                        CryptoKeyInfo pkey) throws CertificateManException
Fill in the template. This uses a method in the RCModule, as specified in the RCModuleInterface.java
Parameters:
Template - to be used for fill-in.
pkey: - The public Key, that should be used in the Registration and later on in the certificate.
Returns:
s filled-in template.
Throws: CertificateManException
if the RCModules fillinTemplate throwed an exception.
 o sendFilledTemplate
  public static boolean sendFilledTemplate(ComPointAddress srvAddr,
                                           Vector options,
                                           Template templ,
                                           CryptoKeyInfo secrKey,
                                           int hashAlg) throws CertificateManException
Send the filled-in template, returned by fillinTemplate.
Parameters:
srvAddr: - ComPointAddress of the RA-server.
options: - Vector of options to be used in openInitiatorChannel.
Template: - Filled-in Template returned by fillinTemplate.
secrKey: - Secret Key belonging to the Public key sent in the Certificate. This is used to create a Signature of the Template. (Not implemented yet).
Returns:
s Boolean indicating whether server received Template or not.
Throws: CertificateManException
if an error happenede in the communication.
 o sendPublicKey
  public static void sendPublicKey(ComPointAddress srvAddr,
                                   CryptoKeyInfo pkey) throws CertificateManException
Send the Public Key which is also a part of the filled-in template. This could also be done by visting the RA and delivering the public key, together with the serial Nr. of the filled-in template sent by the client. These two things together with a unique userID (Distinguished Name) can be used by RA by means of calling installPublicKey() with this info and thereby making a registration possible for the user.
Parameters:
srvAddr: - ComPointAddress of the RA-server to which I sent the filled in template having this public key as one of its components.
pkey: - The public key to be sent to the server.
Throws: CertificateManException
if the communication failed.
 o getRegistration
  public static Registration getRegistration(ComPointAddress srvAddr,
                                             Vector options) throws CertificateManException
getRegistration Tries to receive the issued registration from RA. Throws an exception, if the registration isn't available yet.
Parameters:
srvAddr: - ComPointAddress of the RA-server.
options: - The vector, that should be used in openInitiatorChannel. (currently null).
Returns:
s Registration received from RA.
Throws: CertificateManException
if an error happened during the communication.
 o checkRegistrationStatus
  public static int checkRegistrationStatus(ComPointAddress srvAddr,
                                            Vector options) throws CertificateManException
checkRegistrationStatus checks the status of the registration proces.
Parameters:
: - srvAddr is the Address of the RA-server.
options: - Vector to use in the Communication. (null currently)
Returns:
s integer telling which status Registration is in.
Throws: CertificateManException
if an error happened during the communication.
 o issueCertificateRequest
  public static Certificate issueCertificateRequest(ComPointAddress caAddr,
                                                    Vector options,
                                                    long serialNr,
                                                    int scope,
                                                    int type,
                                                    Date notValidBefore,
                                                    Date notValidAfter,
                                                    int state) throws CertificateManException
After registration I can get certificates from a CA that accepts the RA i registered with and has an account there.
Parameters:
caAddress: - ComPointAddress of the CA-server.
options: - Option-vetor used by openInitiatorChannel.
serialNr.: - The serialNr I was registrated with, and that the certificate should contain.
scope: - Scope I would like for my certificate (signature/ encryption)
type: - Type of Certificate (Attribute / Key / Hybrid)
notValidBefore: - The certificate shouldn't be Valid before this date.
notValidAfter: - The certificate should only be valid until and includeing this date.
state: - State of this certificate (Notary/Electronic/point-and-click) etc.
Returns:
s boolean indicating whether the Request has arrived at server or not. If it returns true, the request has arrived at server, and the certificate can be retrieved later on with getNewCertificate().
Throws: CertificateManException
if an error happened during the communication.
 o getNewCertificate
  public static Certificate getNewCertificate(ComPointAddress srvAddr,
                                              Vector options) throws CertificateManException
getNewCertificate tries to Get a newly issued certificate after issuing a sendCertificateRequest.
Parameters:
srvAddr - is the ComPointAddress of the CA.
options - is the vector used in openInitiatorChannel (currently null).
Returns:
s the certificate issued by CA. Throws exception, if it isn't available yet.
Throws: CertificateManException
if an error happened during the communication.
 o checkCertificate
  public static boolean checkCertificate(Certificate cert) throws CertificateManException
Check whether the Certificate is ok. This checks, whether: a) Signature is ok. b) UserDN is ok. c) CADN is ok. d) serialNr is ok. e) scope is ok. f) notValidBefore date is ok. g) notValidAfter date is ok. h) status is ok.
Parameters:
Certificate - cert, that the CA sent.
Returns:
s true if ok, otherwise throws a CertificateManException.
Throws: CertificateManException
if an error happened during the communication.
 o installCertificate
  public static void installCertificate(Certificate cert) throws CertificateManException
Install the received Certificate
Parameters:
the - certificate received from CA.
Throws: CertificateManException
if an error happened while trying to store the Certificate.
 o removeCertificate
  public static void removeCertificate(Certificate cert) throws CertificateManException
Remove the installed Certificate
Parameters:
the - installed certificate.
Throws: CertificateManException
if an error happened while trying to remove the Certificate.
 o getSrvAddress
  public static ComPointAddress getSrvAddress(String srvDN)
getSrvAddress uses a Distinguished name of CA/RA to retrieve a ComPointAddress (this is automagically stored, when one accesses RA/CA first time).
Parameters:
String - srvDN: Distinguished Name of server, as found in a registration/certificateion.
Returns:
s ComPointAddress srvAddr reflecting the correct Address.
 o getAllCAnames
  public static String[] getAllCAnames()
getAllCAnames output the distinguished names of all the CA/RAs at which the Client has registered a Certificate.
Returns:
s String[] array of distinguished names
 o sendChangeCertificateRequest
  public static Certificate sendChangeCertificateRequest(Certificate cert,
                                                         Vector options) throws CertificateManException
Send a request to change the Certificate nr. cert.getSerialNR() issued by cert.getCADN() to the newly Certificate.
Parameters:
Certificate - cert representing the new certificate (though CA's signature of course isn't valid any longer)
CryptoKeyInfo - skey: the secret key which is the counterpart of the public key in the certificate.
Returns:
s new Certificate if the change is accepted, null if the Change is put on hold, and and exception is thrown if it is rejected. If the request is put on hold, the certificate can be retrieved through getChangedCertificate. This operates the same way as sendChangeCertificateRequest, ie it sends the certificate, if the change is accepted, null if the request is still on hold and throws an exception, if the request was denied.
Throws: CertificateManException
if an error happened during the communication.
 o getChangedCertificate
  public static Certificate getChangedCertificate(Certificate cert,
                                                  Vector options) throws CertificateManException
Try to get a changed certificate from ca. The ca's name is mentioned in the certificate, and the serialNr indicates which certificate I sent a change certificate request for.
Parameters:
Certificate - cert representing the certificate to be changed
Returns:
s new Certificate if the change is accepted, null if the Change is still on hold, and and exception is thrown if it is rejected.
Throws: CertificateManException
if an error happened during the communication or the change is not accepted.
 o getCertificate
  public static Vector getCertificate(Certificate partialCert) throws CertificateManException
Retrieve the certificate(s) which are like the certificate given as an argument. In this certificate all fields which I know something about should be set via cert.setUserDN(), cert.setSerialNo() etc. An example hereof can be found in Test/TClient.java (at the bottom of this file).
Parameters:
partialCert: - Certificate generated from an empty Certificate, and only with the fields set, which I know something about.
Returns:
s Vector of all the Certificates matching this partial certificate.
Throws: CertificateManException
if an error happened during the communication.
 o retrieveCertificate
  public static Vector retrieveCertificate(String partID,
                                           int type) throws CertificateManException
Retrieve a list of certificates. This is supposed to be a more user-friendly version of getCertificates. In order to use it, one must specify a (partial) string defining one of the String-components of a certificate. The format is: String[*], ie either "thomasj" or "thomasj*" are for instance acceptable strings. The first one will look for a specifik String, whereas the second one will look for Strings starting with "thomasj". The second parameter determines which field to set (only one field can be set with this option). the possible fields are: CertificateConstants.CADN_FIELD (ca's distinguished name) CertificateConstants.USERDN_FIELD (users distinguished name) CertificateConstants.KEYID_FIELD (keyID of the public key)
Parameters:
partID: - (partial) String identifying certificate
type: - fieldtype as shown above.
Returns:
s a vector of certificates matching the (partial) String.
Throws: CertificateManException,
if an error happens during the communication or if the Type Field was wrong.

All Packages  Class Hierarchy  This Package  Previous  Next  Index