All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class semper.certificate.CertificateMan

java.lang.Object
   |
   +----semper.certificate.CertificateMan

public class CertificateMan

extends Object

implements CertificateConstants, ComPointConstants, CryptoConstants

_user

CertificateMan()

changeCertificate(Client)

Send changed Certificate to client.

checkCertificate(Certificate)

Check whether the Certificate is ok.

checkRegistrationStatus(ComPointAddress, Vector)

checkRegistrationStatus checks the status of the registration proces.

clientCall(ComPointAddress, Vector, IntObject)

Create a Client call, check whether status is high enough (which means whether we've reached long enough in Protocol to send this request/object/whatever.

fillinTemplate(Template, CryptoKeyInfo)

Fill in the template.

getAllCAnames()

getAllCAnames output the distinguished names of all the CA/RAs at which the Client has registered a Certificate.

getCertificate(Certificate)

Retrieve the certificate(s) which are like the certificate given as an argument.

getChangedCertificate(Certificate, Vector)

Try to get a changed certificate from ca.

getFilledTemplate(Client)

Get Filled Template from client.

getNewCertificate(ComPointAddress, Vector)

getNewCertificate tries to Get a newly issued certificate after issuing a sendCertificateRequest.

getPublicKey(Client)

Get Public Key from client which should equal public key in template.

getRegistration(ComPointAddress, Vector)

getRegistration Tries to receive the issued registration from RA.

getSrvAddress(String)

getSrvAddress uses a Distinguished name of CA/RA to retrieve a ComPointAddress (this is automagically stored, when one accesses RA/CA first time).

getTrustedPK(ComPointAddress, Vector)

Get the trusted public Key of the RA.

handleRequest(ComPoint)

Handles the incoming request on the CA side.

init()

Initialises the Certification Manager: Sets userName, decides whether the CA-functionality is used or not and if this is CA retrieves Certificates from Archive Manager.

installCertificate(Certificate)

Install the received Certificate

installRegistration(Registration)

Install registration (has to be called in order for the client to be able to retrieve the Registration).

installTrustedPK(String, CryptoKeyInfo)

Install the trusted public Key of the RA.

isInitialised()

Tells whether CertificateMan is initialised.

issueCertificate(Client, CryptoKeyInfo, int, int, Date, Date, int)

Issue new certificate for myClient.

issueCertificateRequest(ComPointAddress, Vector, long, int, int, Date, Date, int)

After registration I can get certificates from a CA that accepts the RA i registered with and has an account there.

issueNewTemplate()

Issue a new template (means: add one to lastTempSN and store it)

issueRegistration(Template)

Issue new registration based upon template.

removeCertificate(Certificate)

Remove the installed Certificate

retrieveCertificate(String, int)

Retrieve a list of certificates.

retrieveTrustedPK(String)

Retrieve the installed trusted public Key of the RA.

sendCertificate(Client)

sendCertificate tries to send a list of certificates after receiving a getCertificatesRequest from myClient.

sendChangeCertificateRequest(Certificate, Vector)

Send a request to change the Certificate nr.

sendError(ComPoint, String)

Send error: Send an error to the opposite side

sendFilledTemplate(ComPointAddress, Vector, Template, CryptoKeyInfo, int)

Send the filled-in template, returned by fillinTemplate.

sendIssuedCertificate(Client)

Send issued Certificate to client.

sendPublicKey(ComPointAddress, CryptoKeyInfo)

Send the Public Key which is also a part of the filled-in template.

sendRegistration(Client)

Send registration to client.

sendRegistrationStatus(Client)

Send registration-proces' status to client.

sendTemplate(Client)

Send Template to myClient

sendTemplateRequest(ComPointAddress, Vector)

Send the initial request during the Registration phase to the server indicating to server that I want a registration Template for the RA (which currently is co-located at CA).

sendTrustedPK(Client)

Send trusted public key to myClient

storeCertificate(Certificate)

store certificate.

storePublicKey(CryptoKeyInfo, String, long)

Store myClients Public Key used for the lastly issued template.client which should equal public key in template.

  public static String _user

  public CertificateMan()

  public static boolean isInitialised()

Tells whether CertificateMan is initialised. The CertificateMan is initialised when CertificateMan.init() has been called

Returns:

s true if CertificateMan.init() has been called, false otherwise.

  public static void init() throws CertificateManException, RuntimeException

Initialises the Certification Manager: Sets userName, decides whether the CA-functionality is used or not and if this is CA retrieves Certificates from Archive Manager. isCA determines whether this is the Certificate Manager on the CA-client or CA-server side raTemplate is the template, that the ra-server should send upon SEND_TEMPLATE_REQUEST. Ignored by CertificateMan on the CA-client side. RCModName is the name of the RCModule to be used as an implementation of RCModuleInterface, fx semper.certificate.DummyRCModule. init throws an Exception if the class isn't found, isn't accessible or doesn't implement RCModuleInterface. CertName is the name of the Certificates to be used as an implementation of Certificate, fx semper.certificate.DummyCertificate. Init throws an Exception if the class isn't found, isn't accessible or doesn't implement Certificate.

Throws: CertificateManException

if the initialization of the Manager fails (variety of possible reasons).

  public static Streamable handleRequest(ComPoint cp) throws CertificateManException

Handles the incoming request on the CA side.

Parameters:

ComPoint - cp: A client ComPoint, normally a newly accepted one (see Test/TClient.java).

Returns:

s Streamable that the Client sent to me and has to be verified. This might either be a Filled Template which is the basis for issuing a registration or a partially filled Certificate, which either is to be used to issue a new certificate or to change an existing certificate.

Throws: CertificateManException

if an error during the Communication occurs.

  public static void sendTrustedPK(Client myClient) throws CertificateManException

Send trusted public key to myClient

Parameters:

myClient: - The client, that sent a getTrustedPK request and therefore shall get my trusted public key as requested.

Throws: CertificateManException

if a send during this phase fails.

  public static void issueNewTemplate() throws CertificateManException

Issue a new template (means: add one to lastTempSN and store it)

Throws: CertificateManException

if storage fails.

  public static void sendTemplate(Client myClient) throws CertificateManException

Send Template to myClient

Parameters:

myClient: - The client, that sent a getTemplateRequest and therefore shall get a template as requested

Throws: CertificateManException

if a send during this phase fails.

  public static CryptoKeyInfo getPublicKey(Client myClient) throws CertificateManException

Get Public Key from client which should equal public key in template. Store this public key via storePublicKey()

Parameters:

myClient: - Client from which to receive public key.

Throws: CertificateManException

if send/receive fails.

  public static void storePublicKey(CryptoKeyInfo pkey,
                                    String userName,
                                    long templateNr) throws CertificateManException

Store myClients Public Key used for the lastly issued template.client which should equal public key in template.

Parameters:

pkey: - the Public Key to be stored.

userName: - DN of user for whom to store public key.

templateNr: - Nr of Template which has this public key as its public key.

Throws: CertificateManException

if storing fails, or the client hasn't sent the filled-out Template yet.

  public static Template getFilledTemplate(Client myClient)

Get Filled Template from client. Also retrieves signature on template (to crosscheck, whether user indeed has access to the secret key which is the counterpart to the public key in the Template.

Parameters:

myClient: - Client who filled out Template.

  public static void installRegistration(Registration reg) throws CertificateManException

Install registration (has to be called in order for the client to be able to retrieve the Registration). Client can use this as well.

Parameters:

reg: - the Registration that shall be installed.

Throws: CertificateManException

if the Archive can't process the request.

  public static void sendRegistration(Client myClient) throws CertificateManException

Send registration to client.

Parameters:

myClient: - Client for which registration is (should have been) issued

Throws: CertificateManException

if send fails.

  public static void sendRegistrationStatus(Client myClient) throws CertificateManException

Send registration-proces' status to client.

Parameters:

myClient: - Client for which registration is or shall be issued

Throws: CertificateManException

if send fails.

  public static Registration issueRegistration(Template templ) throws CertificateManException

Issue new registration based upon template.

Parameters:

templ: - Template which has to be the basis for this registration.

Throws: CertificateManException

if issuing registration isn't successful.

  public static void sendIssuedCertificate(Client myClient) throws CertificateManException

Send issued Certificate to client.

Parameters:

myClient: - Client who sent request to issue Certificate

Throws: CertificateManException

if send fails.

  public static Certificate changeCertificate(Client myClient) throws CertificateManException

Send changed Certificate to client.

Parameters:

myClient: - Client who sent request tochange Certificate

Throws: CertificateManException

if send fails.

  public static Certificate issueCertificate(Client myClient,
                                             CryptoKeyInfo pKey,
                                             int scope,
                                             int type,
                                             Date startValid,
                                             Date endValid,
                                             int status) throws CertificateException, CertificateManException

Issue new certificate for myClient.

Parameters:

myClient: - Client structure, consisting of Distinguished Name of user, and status of the clientchannel.

pKey: - the public Key to be certified with the new Certificate.

scope: - the scope for this Certificate (Signature, Encryption).

type: - Type of the Certificate (Key, Attribute, Hybrid).

startValid: - start of the timeperiod in which this certificate is valid.

endValid: - end of the timeperiod in which this certificate is valid.

Throws: CertificateException

if there weren't any serialnos for Certificates available any more, or another failure occurred during the generation of the certificate.

Throws: CertificateManException

if the issued Certificate couldn't be stored.

  public static void storeCertificate(Certificate cert) throws CertificateManException

store certificate.

Parameters:

Certificat - cert: Certificate to be sroed.

Throws: CertificateManException

if store fails.

  public static void sendError(ComPoint comPoint,
                               String message) throws CertificateManException

Send error: Send an error to the opposite side

Parameters:

comPoint: - comPoint to the other part

message: - Error Message to be sent

Throws: CertificateManException

if the error couldn't be sent to the comPoint.

  public static void sendCertificate(Client myClient) throws CertificateManException

sendCertificate tries to send a list of certificates after receiving a getCertificatesRequest from myClient. In order to do so, the client has to send a partial Certificate, containing null or 0 for unidentified fields and correct values for the other fields.

Parameters:

Client - myClient is the client who sent a getCertificatesRequest.

Throws: CertificateManException

if the retrieved certifiactes couldn't be sent to myClient.

  public static CryptoKeyInfo getTrustedPK(ComPointAddress srvAddr,
                                           Vector options) throws CertificateManException

Get the trusted public Key of the RA.

Parameters:

srvAddr: - ComPointAddress of the RA-server.

Returns:

s trustedPK: RA's public key

Throws: CertificateManException

if Certificate Manaeger couldn't get the key from RA.

  public static void installTrustedPK(String raDN,
                                      CryptoKeyInfo trustedPK) throws CertificateManException

Install the trusted public Key of the RA.

Parameters:

raDN: - Distinguished name of RA.

trustedPK: - RA's public key

Throws: CertificateManException

if the key couldn't get installed (either a key has been installed before for that RA, or the Archive couldn't store it out of other reasons).

  public static CryptoKeyInfo retrieveTrustedPK(String raDN) throws CertificateManException

Retrieve the installed trusted public Key of the RA.

Parameters:

raDN: - Distinguished name of RA.

Returns:

s CryptoKeyInfo pkey, which represents the RA's public Key.

Throws: CertificateManException

if the pkey of that RA hasn't been installed before (via installTrustedPK).

  public static ComPoint clientCall(ComPointAddress serverAddress,
                                    Vector options,
                                    IntObject transferObject) throws CertificateManException

Create a Client call, check whether status is high enough (which means whether we've reached long enough in Protocol to send this request/object/whatever. Tell CA my name, and return the ComPoint which to use for further messages or receiving responses from server.

Parameters:

serverAddress: - Addres of server, for which to establish a ComPoint.

options: - options to be passed to communicationmodule in a call to Channel.openInitiator.

transferObject: - The Object to send to the server initially directly after establishment of connection (should be an IntObject indicating type of message)

requiredStatus: - which minimal status should we have reached in the protocol in order to make this call.

Returns:

s the ComPoint established in this initial stage of one communication. should be closed after usage.

Throws: CertificateManException

if there occurred an error during the communication.

  public static Template sendTemplateRequest(ComPointAddress serverAddress,
                                             Vector options) throws CertificateManException

Send the initial request during the Registration phase to the server indicating to server that I want a registration Template for the RA (which currently is co-located at CA).

Parameters:

serverAddress - is the ComPointAddress of the RA-server at which I want to be registrated.

options: - option-Vector used in openInitiatorChannel.

Returns:

s ComPoint from which to receive the Template via getTemplate().

Throws: CertificateManException

if there was an error in the communcation.

  public static Template fillinTemplate(Template templ,
                                        CryptoKeyInfo pkey) throws CertificateManException

Fill in the template. This uses a method in the RCModule, as specified in the RCModuleInterface.java

Parameters:

Template - to be used for fill-in.

pkey: - The public Key, that should be used in the Registration and later on in the certificate.

Returns:

s filled-in template.

Throws: CertificateManException

if the RCModules fillinTemplate throwed an exception.

  public static boolean sendFilledTemplate(ComPointAddress srvAddr,
                                           Vector options,
                                           Template templ,
                                           CryptoKeyInfo secrKey,
                                           int hashAlg) throws CertificateManException

Send the filled-in template, returned by fillinTemplate.

Parameters:

srvAddr: - ComPointAddress of the RA-server.

options: - Vector of options to be used in openInitiatorChannel.

Template: - Filled-in Template returned by fillinTemplate.

secrKey: - Secret Key belonging to the Public key sent in the Certificate. This is used to create a Signature of the Template. (Not implemented yet).

Returns:

s Boolean indicating whether server received Template or not.

Throws: CertificateManException

if an error happenede in the communication.

  public static void sendPublicKey(ComPointAddress srvAddr,
                                   CryptoKeyInfo pkey) throws CertificateManException

Send the Public Key which is also a part of the filled-in template. This could also be done by visting the RA and delivering the public key, together with the serial Nr. of the filled-in template sent by the client. These two things together with a unique userID (Distinguished Name) can be used by RA by means of calling installPublicKey() with this info and thereby making a registration possible for the user.

Parameters:

srvAddr: - ComPointAddress of the RA-server to which I sent the filled in template having this public key as one of its components.

pkey: - The public key to be sent to the server.

Throws: CertificateManException

if the communication failed.

  public static Registration getRegistration(ComPointAddress srvAddr,
                                             Vector options) throws CertificateManException

getRegistration Tries to receive the issued registration from RA. Throws an exception, if the registration isn't available yet.

Parameters:

srvAddr: - ComPointAddress of the RA-server.

options: - The vector, that should be used in openInitiatorChannel. (currently null).

Returns:

s Registration received from RA.

Throws: CertificateManException

if an error happened during the communication.

  public static int checkRegistrationStatus(ComPointAddress srvAddr,
                                            Vector options) throws CertificateManException

checkRegistrationStatus checks the status of the registration proces.

Parameters:

: - srvAddr is the Address of the RA-server.

options: - Vector to use in the Communication. (null currently)

Returns:

s integer telling which status Registration is in.

Throws: CertificateManException

if an error happened during the communication.

  public static Certificate issueCertificateRequest(ComPointAddress caAddr,
                                                    Vector options,
                                                    long serialNr,
                                                    int scope,
                                                    int type,
                                                    Date notValidBefore,
                                                    Date notValidAfter,
                                                    int state) throws CertificateManException

After registration I can get certificates from a CA that accepts the RA i registered with and has an account there.

Parameters:

caAddress: - ComPointAddress of the CA-server.

options: - Option-vetor used by openInitiatorChannel.

serialNr.: - The serialNr I was registrated with, and that the certificate should contain.

scope: - Scope I would like for my certificate (signature/ encryption)

type: - Type of Certificate (Attribute / Key / Hybrid)

notValidBefore: - The certificate shouldn't be Valid before this date.

notValidAfter: - The certificate should only be valid until and includeing this date.

state: - State of this certificate (Notary/Electronic/point-and-click) etc.

Returns:

s boolean indicating whether the Request has arrived at server or not. If it returns true, the request has arrived at server, and the certificate can be retrieved later on with getNewCertificate().

Throws: CertificateManException

if an error happened during the communication.

  public static Certificate getNewCertificate(ComPointAddress srvAddr,
                                              Vector options) throws CertificateManException

getNewCertificate tries to Get a newly issued certificate after issuing a sendCertificateRequest.

Parameters:

srvAddr - is the ComPointAddress of the CA.

options - is the vector used in openInitiatorChannel (currently null).

Returns:

s the certificate issued by CA. Throws exception, if it isn't available yet.

Throws: CertificateManException

if an error happened during the communication.

  public static boolean checkCertificate(Certificate cert) throws CertificateManException

Check whether the Certificate is ok. This checks, whether: a) Signature is ok. b) UserDN is ok. c) CADN is ok. d) serialNr is ok. e) scope is ok. f) notValidBefore date is ok. g) notValidAfter date is ok. h) status is ok.

Parameters:

Certificate - cert, that the CA sent.

Returns:

s true if ok, otherwise throws a CertificateManException.

Throws: CertificateManException

if an error happened during the communication.

  public static void installCertificate(Certificate cert) throws CertificateManException

Install the received Certificate

Parameters:

the - certificate received from CA.

Throws: CertificateManException

if an error happened while trying to store the Certificate.

  public static void removeCertificate(Certificate cert) throws CertificateManException

Remove the installed Certificate

Parameters:

the - installed certificate.

Throws: CertificateManException

if an error happened while trying to remove the Certificate.

  public static ComPointAddress getSrvAddress(String srvDN)

getSrvAddress uses a Distinguished name of CA/RA to retrieve a ComPointAddress (this is automagically stored, when one accesses RA/CA first time).

Parameters:

String - srvDN: Distinguished Name of server, as found in a registration/certificateion.

Returns:

s ComPointAddress srvAddr reflecting the correct Address.

  public static String[] getAllCAnames()

getAllCAnames output the distinguished names of all the CA/RAs at which the Client has registered a Certificate.

Returns:

s String[] array of distinguished names

  public static Certificate sendChangeCertificateRequest(Certificate cert,
                                                         Vector options) throws CertificateManException

Send a request to change the Certificate nr. cert.getSerialNR() issued by cert.getCADN() to the newly Certificate.

Parameters:

Certificate - cert representing the new certificate (though CA's signature of course isn't valid any longer)

CryptoKeyInfo - skey: the secret key which is the counterpart of the public key in the certificate.

Returns:

s new Certificate if the change is accepted, null if the Change is put on hold, and and exception is thrown if it is rejected. If the request is put on hold, the certificate can be retrieved through getChangedCertificate. This operates the same way as sendChangeCertificateRequest, ie it sends the certificate, if the change is accepted, null if the request is still on hold and throws an exception, if the request was denied.

Throws: CertificateManException

if an error happened during the communication.

  public static Certificate getChangedCertificate(Certificate cert,
                                                  Vector options) throws CertificateManException

Try to get a changed certificate from ca. The ca's name is mentioned in the certificate, and the serialNr indicates which certificate I sent a change certificate request for.

Parameters:

Certificate - cert representing the certificate to be changed

Returns:

s new Certificate if the change is accepted, null if the Change is still on hold, and and exception is thrown if it is rejected.

Throws: CertificateManException

if an error happened during the communication or the change is not accepted.

  public static Vector getCertificate(Certificate partialCert) throws CertificateManException

Retrieve the certificate(s) which are like the certificate given as an argument. In this certificate all fields which I know something about should be set via cert.setUserDN(), cert.setSerialNo() etc. An example hereof can be found in Test/TClient.java (at the bottom of this file).

Parameters:

partialCert: - Certificate generated from an empty Certificate, and only with the fields set, which I know something about.

Returns:

s Vector of all the Certificates matching this partial certificate.

Throws: CertificateManException

if an error happened during the communication.

  public static Vector retrieveCertificate(String partID,
                                           int type) throws CertificateManException

Retrieve a list of certificates. This is supposed to be a more user-friendly version of getCertificates. In order to use it, one must specify a (partial) string defining one of the String-components of a certificate. The format is: String[*], ie either "thomasj" or "thomasj*" are for instance acceptable strings. The first one will look for a specifik String, whereas the second one will look for Strings starting with "thomasj". The second parameter determines which field to set (only one field can be set with this option). the possible fields are: CertificateConstants.CADN_FIELD (ca's distinguished name) CertificateConstants.USERDN_FIELD (users distinguished name) CertificateConstants.KEYID_FIELD (keyID of the public key)

Parameters:

partID: - (partial) String identifying certificate

type: - fieldtype as shown above.

Returns:

s a vector of certificates matching the (partial) String.

Throws: CertificateManException,

if an error happens during the communication or if the Type Field was wrong.

All Packages  Class Hierarchy  This Package  Previous  Next  Index