All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class semper.certificate.CertificateMan

java.lang.Object
   |
   +----semper.certificate.CertificateMan

public class CertificateMan

extends Object

implements CertificateConstants, ComPointConstants, CryptoConstants

_user

CertificateMan()

buildPrefs(boolean)

This method builds the preferences needed by the certificate block.

changeCertificate(Client)

Send changed Certificate to client.

checkCertificate(Certificate)

Check whether the Certificate is ok.

checkRegistrationStatus(ComPointAddress, long, Vector)

checkRegistrationStatus checks the status of the registration proces.

clientCall(ComPointAddress, Vector, IntObject)

A clientCall can be used to setup a communication point with the CA server.

computeFingerprint(CryptoKeyInfo, int)

Computes a fingerprint of a public key on the TINGUIN.

fillOutTemplate(Template, Document, CryptoKeyInfo)

Fill out the template.

getAllCAnames()

getAllCAnames output the distinguished names of all the CA/RAs at which the Client has registered a Certificate.

getCertificate(Certificate, boolean)

Retrieve the certificate(s) which are like the certificate given as an argument.

getChangedCertificate(Certificate, Vector)

Try to get a changed certificate from ca.

getFilledTemplate(Client)

Get filled Template from client.

getLocalCertificates(Certificate)

getLocalCertificates retrieves a selection of local certificates (from the local archive).

getNewCertificate(ComPointAddress, Vector)

getNewCertificate tries to get a newly issued certificate after issuing a sendCertificateRequest in case the certificate was not received previously.

getPublicKey(Client)

Get Public Key from client which should equal public key in template.

getRegistration(ComPointAddress, long, Vector)

getRegistration tries to obtain the issued registration from RA.

getSrvAddress(String)

getSrvAddress uses a Distinguished name of CA/RA to retrieve a ComPointAddress (this is automagically stored, when one accesses RA/CA first time).

getTrustedPK(ComPointAddress, Vector)

Get the trusted public Key of the CA.

handleRequest(ComPoint)

Handles the incoming request on the CA side.

init()

Initialises the Certification Manager.

installCertificate(Certificate)

Install certificate.

installRegistration(Registration)

Store registration in Archive under special access name.

installTrustedPK(String, CryptoKeyInfo)

Install the trusted public Key of the CA.

isInitialised()

Tells whether CertificateMan is initialised.

issueCertificate(Registration, CryptoKeyInfo, int, int, Date, Date, int)

Issue new certificate for myClient.

issueCertificateRequest(ComPointAddress, Vector, long, int, int, Date, Date, int)

After registration I can get certificates from a CA that accepts the RA I registered with and has an account there.

issueRegistration(Template)

Issue new registration based upon template.

removeCertificate(Certificate)

Remove the given Certificate from Archive.

retrieveCertificate(Object, int, boolean)

Retrieve a list of certificates.

retrieveTrustedPK(String)

Retrieve the installed trusted public Key of the CA.

sendCertificate(Client)

sendCertificate tries to send a list of certificates after receiving a request from myClient.

sendChangeCertificateRequest(Certificate, Vector)

Send a request to change the Certificate identifed by cert.getSerialNR() issued by cert.getCADN().

sendError(ComPoint, String)

Send error: Send an error to the opposite side.

sendFilledTemplate(ComPointAddress, Vector, Template, CryptoKeyInfo, int)

Send the filled-in template, returned by fillinTemplate.

sendIssuedCertificate(Client)

Send issued Certificate to client.

sendPublicKey(ComPointAddress, CryptoKeyInfo)

Send the Public Key which is also a part of the filled-in template.

sendRegistration(Client)

Send registration to client.

sendRegistrationStatus(Client)

Send status of the registration-proces to client.

sendTemplate(Client)

Send Template to myClient.

sendTemplateRequest(ComPointAddress, Vector)

Send the initial request during the Registration phase to the server indicating to server that I want a registration Template for the RA (which currently is co-located at CA).

sendTrustedPK(Client)

Send trusted public key to myClient.

showFingerprint(String, CryptoKeyInfo, int)

Shows a fingerprint of a public key on the TINGUIN.

showFingerprint(String, int)

Shows a fingerprint of the public key of a CA on the TINGUIN.

storeCertificate(Certificate)

Store certificate in Arhive.

storePublicKey(CryptoKeyInfo, String, long)

Store myClients Public Key used for the lastly issued template.client which should equal public key in template.

  public static String _user

  public CertificateMan()

  public static boolean isInitialised()

Tells whether CertificateMan is initialised. The CertificateMan is initialised when CertificateMan.init() has been sucessfully executed.

Returns:

s true if CertificateMan.init() has been executed, false otherwise.

  public static void buildPrefs(boolean isCA)

This method builds the preferences needed by the certificate block. For the moment the following preferences can be selected: when should expired registrations and certificates be removed. The CA can additionally set the conditions under which a certificate can be updated and issued automatically. Further choices are planned: the most important one is to let the user specify when a certificate must be verified on-line.

  public static void init() throws CertificateManException, RuntimeException

Initialises the Certification Manager. The initialisation reads a number of settings from the configuration. First it reads "semper.certificate.isServer" to determine if CA-functinality is required, where "0" means no, "1" means "yes" (if this is not set, it is interpreted as "0". Next the user name is set by reading "semper.configuration.username". If this is not present, the user name is read from the system.

The distinguished name and the address of the CA is read from "semper.certificate.CADN" and "semper.certificate.CAHost", respectively.

The name of the class implementing templates needed for registration is read from "semper.certificate.TempName".

The name of the class implementing registrations is read from "semper.certificate.RegName".

The name of the module implementing the registration procedure is read from "semper.certificate.RCModName" and the name of the implementation of the certificate is read from "semper.certificate.CertName".

init() also initialises the preferences set by the CA and for a CA the module is initialised. This means that the public key of the CA is recovered. See here what happens in the module implemented by SEMPER.

Throws: CertificateManException

if a requested module could not be loaded or initialised

  public static Streamable handleRequest(ComPoint cp) throws CertificateManException

Handles the incoming request on the CA side. This function reads a request on the ComPoint given as input parameter and calls a function handling the request.

Parameters:

ComPoint - cp: A client ComPoint, normally a newly accepted one

Returns:

s Streamable that the Client sent to me and has to be verified. This might either be a Filled Template which is the basis for issuing a registration or a partially filled Certificate, which either is to be used to issue a new certificate or to change an existing certificate.

Throws: CertificateManException

if an error during the Communication occurs.

  public static void sendTrustedPK(Client myClient) throws CertificateManException

Send trusted public key to myClient. The trusted public key is the public key of the CA which is not certified. This key is simply sent to the client with not protection at all. This is a reply to a call of getTrustedPK at the client side.

Parameters:

myClient: - The client, that sent a getTrustedPK request and therefore shall get my trusted public key as requested.

Throws: CertificateManException

if communication fails.

See Also:

getTrustedPK

  public static synchronized void sendTemplate(Client myClient) throws CertificateManException

Send Template to myClient. This method is synchronised in order to avoid two different templates getting the same serial number. The client request a Template using sendTemplateRequest.

Parameters:

myClient: - The client, that sent a getTemplateRequest and therefore shall get a template as requested

Throws: CertificateManException

if a send during this phase fails.

See Also:

sendTemplateRequest

  public static CryptoKeyInfo getPublicKey(Client myClient) throws CertificateManException

Get Public Key from client which should equal public key in template. Store this public key via storePublicKey(). The client can send the public key using sendPublicKey.

Parameters:

myClient - is the Client from which to receive public key.

Returns:

the public key received from the user (client)

Throws: CertificateManException

if send/receive fails.

See Also:

sendPublicKey, storePublicKey

  public static void storePublicKey(CryptoKeyInfo pkey,
                                    String userName,
                                    long templateNr) throws CertificateManException

Store myClients Public Key used for the lastly issued template.client which should equal public key in template.

Parameters:

pkey: - the Public Key to be stored.

userName: - DN of user for whom to store public key.

templateNr: - Nr of Template which has this public key as its public key.

Throws: CertificateManException

if storing fails, or the client hasn't sent the filled-out Template yet.

  public static Template getFilledTemplate(Client myClient)

Get filled Template from client. This method also verifies signature on template against the public key to be registered (to crosscheck, whether the user indeed has access to the secret key which is the counterpart to the public key in the Template). This metod also computes a designated name for the client based on the information in the template (done by module). This designated name is sent to the client. The client sends the filled out template using sendFilledTemplate.

Parameters:

myClient: - Client who filled out Template.

Returns:

the filled out template if the verification and all communication succeeded. Null otherwise.

See Also:

computeDN, sendFilledTemplate

  public static void installRegistration(Registration reg) throws CertificateManException

Store registration in Archive under special access name. This service has to be called in order to be able to retrieve the Registration later. that the registration is stored The client can use this as well in order to store the registration locally.

Parameters:

reg: - the Registration that shall be installed.

Throws: CertificateManException

if the Archive can't process the request.

  public static void sendRegistration(Client myClient) throws CertificateManException

Send registration to client. This method allows the CA/RA to send the information registered about a client to the client. The client requests this information using getRegistration.

Parameters:

myClient: - Client for which registration is (should have been) issued

Throws: CertificateManException

if send fails.

See Also:

getRegistration

  public static void sendRegistrationStatus(Client myClient) throws CertificateManException

Send status of the registration-proces to client. The client request this using checkRegistrationStatus(). The status is computed by the module.

Parameters:

myClient: - Client for which registration is or shall be issued

Throws: CertificateManException

if send fails.

See Also:

checkRegistrationStatus

  public static Registration issueRegistration(Template templ) throws CertificateManException

Issue new registration based upon template. Based on the information in a filled out template the CA registers the user.

Parameters:

templ: - Template which has to be the basis for this registration.

Returns:

the Registration object corresponding to the registered information

Throws: CertificateManException

if issuing registration isn't successful.

  public static void sendIssuedCertificate(Client myClient) throws CertificateManException

Send issued Certificate to client. A user in the process of being registered can request a certificate using issueCertificateRequest. This service first verifies that the client has registered. If not an error is sent to the client. If the user has been registered this service tries to issue a certificate. Whether this succeeds or not depends on the preferences set by the CA.

Parameters:

myClient: - Client who sent request to issue Certificate

Throws: CertificateManException

if send fails.

See Also:

issueCertificateRequest

  public static Certificate changeCertificate(Client myClient) throws CertificateManException

Send changed Certificate to client. The client can request a certificate to be changed using sendChangeCertificateRequest. In order to respond to this request, the CA does the following: get the new (unsigned) certificate from the client, verifies that the client already has a certificate with the given serial number, and if allowed by the preferences (i.e., if the requested changes are not too dramatic) issues a new certificate as requested. The new certificate is also returned. This service is stil not fully imlemented. In particular, the new certificate is not signed for the moment.

Parameters:

myClient: - Client who sent request tochange Certificate

Returns:

The new certificate (null if the change failed)

Throws: CertificateManException

if send fails.

See Also:

sendChangeCertificateRequest

  public static Certificate issueCertificate(Registration reg,
                                             CryptoKeyInfo pKey,
                                             int scope,
                                             int type,
                                             Date startValid,
                                             Date endValid,
                                             int status) throws CertificateException, CertificateManException

Issue new certificate for myClient. This service simply uses the module to issue a new certificate according to the parameters given as input. Thus this service should only be called if the CA has decided to issue the certificate. This service uses a corresponding service of the module to actually issue the certificate.

Parameters:

reg - is the registration that is the basis of the certificate

pKey: - the public Key to be certified with the new Certificate.

scope: - the scope for this Certificate (Signature, Encryption).

type: - Type of the Certificate (Key, Attribute, Hybrid).

startValid: - start of the timeperiod in which this certificate is valid.

endValid: - end of the timeperiod in which this certificate is valid.

status - the status of the new certificate

Returns:

the issued certificate is returned

Throws: CertificateException

if there weren't any serialnos for Certificates available any more, or another failure occurred during the generation of the certificate.

Throws: CertificateManException

if the issued Certificate couldn't be stored.

See Also:

issueCertificate

  public static void installCertificate(Certificate cert) throws CertificateManException

Install certificate. A pseudonym for storeCertificate in order to maintain compatibility with previous interface. Will at some point be deleted.

Parameters:

cert: - Certificate to be stored.

Throws: CertificateManException

if store fails.

  public static void storeCertificate(Certificate cert) throws CertificateManException

Store certificate in Arhive. Can also be used by client.

Parameters:

cert: - Certificate to be stored.

Throws: CertificateManException

if store fails.

  public static void sendError(ComPoint comPoint,
                               String message) throws CertificateManException

Send error: Send an error to the opposite side. This function is used to send an error, by first sending an ERROR code and then an error message.

Parameters:

comPoint: - comPoint to the other part

message: - Error Message to be sent

Throws: CertificateManException

if the error couldn't be sent

  public static Vector getLocalCertificates(Certificate partialCert)

getLocalCertificates retrieves a selection of local certificates (from the local archive). A partial Certificate, containing null or 0 for unidentified fields and correct values for the other fields is used as search criteria.

Parameters:

partialCert - is the Certificate containing search criteria.

Returns:

s a Vector of certificates from the archive matching the search criteria.

  public static void sendCertificate(Client myClient) throws CertificateManException

sendCertificate tries to send a list of certificates after receiving a request from myClient. In order to do so, the client has to send a partial Certificate, containing null or 0 for unidentified fields and correct values for the other fields.

Parameters:

Client - myClient is the client who sent a getCertificatesRequest.

Throws: CertificateManException

if the retrieved certifiactes couldn't be sent to myClient.

  public static CryptoKeyInfo getTrustedPK(ComPointAddress srvAddr,
                                           Vector options) throws CertificateManException

Get the trusted public Key of the CA. This call results in the CA sending the public key using sendTrustedPK.

Parameters:

srvAddr: - ComPointAddress of the CA-server.

options - can be used to st options to be used in communication

Returns:

s trustedPK: CA's public key

Throws: CertificateManException

if Certificate Manaeger couldn't get the key from CA.

See Also:

sendTrustedPK

  public static void installTrustedPK(String caDN,
                                      CryptoKeyInfo trustedPK) throws CertificateManException

Install the trusted public Key of the CA. This service stores the public key of the CA in the archive.

Parameters:

caDN: - Distinguished name of CA.

trustedPK: - CA's public key

Throws: CertificateManException

if the key couldn't get installed

  public static String computeFingerprint(CryptoKeyInfo trustedPK,
                                          int hashAlg) throws CertificateManException

Computes a fingerprint of a public key on the TINGUIN. The fingerprint is the hashvalue computed using the given hashfunction and cnverted to a hex�decimal String.

Parameters:

trustedPK - is the public key for which a fingerpring should be computed

hashAlg - is ths hashing algorithm to be used for generating the fingerprint. If 0 the default function for the CA is used.

Returns:

true if the user accepted the fingerprint of the key

Throws: CertificateManException

if, for some reason, the fingerprint could not be displayed

  public static boolean showFingerprint(String caDN,
                                        CryptoKeyInfo trustedPK,
                                        int hashAlg) throws CertificateManException

Shows a fingerprint of a public key on the TINGUIN. This function allows the user to compare his local copy of the trusted public key with other published copies (e.g., with copies shown at the CA's home page). The fingerprint is computed using computeFingerprint. If no key is given as parameter and no key has been installed for the CA this method shows a message with no fingerpring on the TINGUIN (this may be changed later)

Parameters:

caDN - is the distinguished name of the CA

trustedPK - is the public key for which a fingerpring should be shown (if this is null a fingerpring of the installed public key of the CA will be shown)

hashAlg - is ths hashing algorithm to be used for generating the fingerprint. If 0 the default function for the CA is used.

Returns:

true if the user accepted the fingerprint of the key

Throws: CertificateManException

if, for some reason, the fingerprint could not be displayed

See Also:

computeFingerprint

  public static boolean showFingerprint(String caDN,
                                        int hashAlg) throws CertificateManException

Shows a fingerprint of the public key of a CA on the TINGUIN. This function allows the user to compare his local copy of the trusted public key with other published copies (e.g., with copies shown at the CA's home page). The fingerprint is computed using computeFingerprint. If no public key for the CA has been installed an empty string will be depicted as fingerprint.

Parameters:

caDN - is the distinguished name of the CA

hashAlg - is ths hashing algorithm to be used for generating the fingerprint. If 0 the default function for the CA is used.

Returns:

true if the user accepted the fingerprint of the key

Throws: CertificateManException

if, for some reason, the fingerprint could not be displayed

See Also:

computeFingerprint

  public static CryptoKeyInfo retrieveTrustedPK(String caDN) throws CertificateManException

Retrieve the installed trusted public Key of the CA.

Parameters:

caDN: - Distinguished name of CA.

Returns:

s CryptoKeyInfo pkey, which represents the CA's public Key.

Throws: CertificateManException

if the pkey of that CA hasn't been installed before (via installTrustedPK).

  public static ComPoint clientCall(ComPointAddress serverAddress,
                                    Vector options,
                                    IntObject transferObject) throws CertificateManException

A clientCall can be used to setup a communication point with the CA server. This Coppoint is used for communication with the CA. The client also sends a message to the server telling the name of the client and the purpose of creating this ComPoint (i.e., an identification of the request).

Parameters:

serverAddress: - Address of server, for which to establish a ComPoint.

options: - options to be passed to communicationmodule in a call to Channel.openInitiator.

transferObject: - The Object to send to the server initially directly after establishing connection (should be an IntObject indicating type of message)

Returns:

s the ComPoint established in this initial stage of one communication. Should be closed after usage.

Throws: CertificateManException

if an error occurred during the communication.

  public static Template sendTemplateRequest(ComPointAddress serverAddress,
                                             Vector options) throws CertificateManException

Send the initial request during the Registration phase to the server indicating to server that I want a registration Template for the RA (which currently is co-located at CA). The RA/CA answers this using sendTemplate. The Template (or registration form) received from the CA contains a serial number, which is later used in registration and certificates. During this request the user identifies himself using his user name.

Parameters:

serverAddress - is the ComPointAddress of the RA-server at which I want to be registrated.

options: - option-Vector used in openInitiatorChannel.

Returns:

s ComPoint from which to receive the Template via getTemplate().

Throws: CertificateManException

if there was an error in the communcation.

See Also:

sendTemplate

  public static void fillOutTemplate(Template templ,
                                     Document doc,
                                     CryptoKeyInfo pkey) throws CertificateManException

Fill out the template. This method allows a user to fill out the information requested during registration through the TINGUIN.

Parameters:

templ - is the Template to be filled out

doc - contains a description defined by the RA of the registration form

pkey - The public Key, that should be used in the Registration and later on in the certificate.

Returns:

s filled-in template.

Throws: CertificateManException

if the user did not fill out the template

  public static boolean sendFilledTemplate(ComPointAddress srvAddr,
                                           Vector options,
                                           Template templ,
                                           CryptoKeyInfo secrKey,
                                           int hashAlg) throws CertificateManException

Send the filled-in template, returned by fillinTemplate. The filled in templated identifies the which the user must use during the rest of the regstration. As part of this the client must send a signature using the secret key corresponding to the public key to be registered. Based on the information the RA sends back a designated name to the user. The uer must use this in all future communications with the CA. The client also uses this DN when storing the template in Archive.

Parameters:

srvAddr: - ComPointAddress of the RA-server.

options: - Vector of options to be used in openInitiatorChannel.

Template: - Filled-in Template returned by fillinTemplate.

secrKey: - Secret Key belonging to the Public key sent in the Certificate. This is used to create a Signature of the Template. (Not implemented yet).

Returns:

s Boolean indicating whether server received Template or not.

Throws: CertificateManException

if an error happened in the communication.

See Also:

getFilledTemplate

  public static void sendPublicKey(ComPointAddress srvAddr,
                                   CryptoKeyInfo pkey) throws CertificateManException

Send the Public Key which is also a part of the filled-in template. This could also be done by visting the RA and delivering the public key, together with the serial Nr. of the filled-in template sent by the client. The CA receives this using getPublicKey.

Parameters:

srvAddr: - ComPointAddress of the RA-server to which I sent the filled in template having this public key as one of its components.

pkey: - The public key to be sent to the server.

Throws: CertificateManException

if the communication failed.

See Also:

getPublicKey

  public static Registration getRegistration(ComPointAddress srvAddr,
                                             long serialNo,
                                             Vector options) throws CertificateManException

getRegistration tries to obtain the issued registration from RA. The server answers this request using sendRegistration.

Parameters:

srvAddr: - ComPointAddress of the RA-server.

serialNo - is the serial number of the template/registration for which the status must be computed

options: - The vector, that should be used in openInitiatorChannel. (currently null).

Returns:

s Registration received from RA.

Throws: CertificateManException

if an error happened during the communication or the client couldn't get the registration.

See Also:

sendRegistration

  public static String checkRegistrationStatus(ComPointAddress srvAddr,
                                               long serialNo,
                                               Vector options) throws CertificateManException

checkRegistrationStatus checks the status of the registration proces.

Parameters:

: - srvAddr is the Address of the RA-server.

serialNo - is the serial number of the template/registration for which status is requested.

options: - Vector to use in the Communication. (null currently)

Returns:

s String describing the status of the registration.

Throws: CertificateManException

if an error happened during the communication.

See Also:

CertificateConstants, sendRegistrationStatus

  public static Certificate issueCertificateRequest(ComPointAddress caAddr,
                                                    Vector options,
                                                    long serialNr,
                                                    int scope,
                                                    int type,
                                                    Date notValidBefore,
                                                    Date notValidAfter,
                                                    int state) throws CertificateManException

After registration I can get certificates from a CA that accepts the RA I registered with and has an account there. This service sends a a request to the CA for this certificate. After getting the certificate it is stored in Arhcive using storeCertificate.

Parameters:

caAddress: - ComPointAddress of the CA-server.

options: - Option-vetor used by openInitiatorChannel.

serialNr.: - The serialNr I was registrated with, and that the certificate should contain.

scope: - Scope I would like for my certificate (signature/ encryption)

type: - Type of Certificate (Attribute / Key / Hybrid)

notValidBefore: - The certificate shouldn't be Valid before this date.

notValidAfter: - The certificate should only be valid until and includeing this date.

state: - State of this certificate (Notary/Electronic/point-and-click) etc.

Returns:

s boolean indicating whether the Request has arrived at server or not. If it returns true, the request has arrived at server, and the certificate can be retrieved later on with getNewCertificate().

Throws: CertificateManException

if an error happened during the communication.

See Also:

sendIssuedCertificate

  public static Certificate getNewCertificate(ComPointAddress srvAddr,
                                              Vector options) throws CertificateManException

getNewCertificate tries to get a newly issued certificate after issuing a sendCertificateRequest in case the certificate was not received previously.

Parameters:

srvAddr - is the ComPointAddress of the CA.

options - is the vector used in openInitiatorChannel (currently null).

Returns:

s the certificate issued by CA. Throws exception, if it isn't available yet.

Throws: CertificateManException

if an error happened during the communication.

See Also:

sendCertificate

  public static boolean checkCertificate(Certificate cert) throws CertificateManException

Check whether the Certificate is ok. Later versions will use the preferences to decide whether the CA should be asked during verification. This checks, whether: a) Signature is ok. b) UserDN is ok. c) CADN is ok. d) serialNr is ok. e) scope is ok. f) notValidBefore date is ok. g) notValidAfter date is ok. h) status is ok.

Parameters:

Certificate - cert, that the CA sent.

Returns:

s true if ok, otherwise throws a CertificateManException.

Throws: CertificateManException

if an error happened during the communication.

  public static void removeCertificate(Certificate cert) throws CertificateManException

Remove the given Certificate from Archive.

Parameters:

the - installed certificate.

Throws: CertificateManException

if an error happened while trying to remove the Certificate.

  public static ComPointAddress getSrvAddress(String srvDN)

getSrvAddress uses a Distinguished name of CA/RA to retrieve a ComPointAddress (this is automagically stored, when one accesses RA/CA first time).

Parameters:

String - srvDN: Distinguished Name of server, as found in a registration/certificateion.

Returns:

s ComPointAddress srvAddr reflecting the correct Address.

  public static String[] getAllCAnames()

getAllCAnames output the distinguished names of all the CA/RAs at which the Client has registered a Certificate. This function is not yet fully implemented.

Returns:

s String[] array of distinguished names

  public static Certificate sendChangeCertificateRequest(Certificate cert,
                                                         Vector options) throws CertificateManException

Send a request to change the Certificate identifed by cert.getSerialNR() issued by cert.getCADN(). The changes are described in the certificate given as input parameter. This function is not fully implemented yet.

Parameters:

Certificate - cert representing the new certificate (though CA's signature of course isn't valid any longer)

CryptoKeyInfo - skey: the secret key which is the counterpart of the public key in the certificate.

Returns:

s new Certificate if the change is accepted, null if the Change is put on hold, and and exception is thrown if it is rejected. If the request is put on hold, the certificate can be retrieved through getChangedCertificate. This operates the same way as sendChangeCertificateRequest, ie it sends the certificate, if the change is accepted, null if the request is still on hold and throws an exception, if the request was denied.

Throws: CertificateManException

if an error happened during the communication.

See Also:

changeCertificate

  public static Certificate getChangedCertificate(Certificate cert,
                                                  Vector options) throws CertificateManException

Try to get a changed certificate from ca. The ca's name is mentioned in the certificate, and the serialNr indicates which certificate I sent a change certificate request for. Again this function is not fully implemented and should not be used.

Parameters:

Certificate - cert representing the certificate to be changed

Returns:

s new Certificate if the change is accepted, null if the Change is still on hold, and and exception is thrown if it is rejected.

Throws: CertificateManException

if an error happened during the communication or the change is not accepted.

  public static Vector getCertificate(Certificate partialCert,
                                      boolean localOnly) throws CertificateManException

Retrieve the certificate(s) which are like the certificate given as an argument. In this certificate all fields which I know something about should be set via cert.setUserDN(), cert.setSerialNo() etc. An example hereof can be found in Test/TClient.java (at the bottom of this file).

Parameters:

partialCert: - Certificate generated from an empty Certificate, and only with the fields set, which I know something about.

Returns:

s Vector of all the Certificates matching this partial certificate.

Throws: CertificateManException

if an error happened during the communication.

  public static Vector retrieveCertificate(Object partID,
                                           int type,
                                           boolean localOnly) throws CertificateManException

Retrieve a list of certificates. This is supposed to be a more user-friendly version of getCertificates. In order to use it, one must specify a (partial) string defining one of the String-components of a certificate. The format is: String[*], ie either "thomasj" or "thomasj*" are for instance acceptable strings. The first one will look for a specifik String, whereas the second one will look for Strings starting with "thomasj". The second parameter determines which field to set (only one field can be set with this option). the possible fields are: CertificateConstants.CADN_FIELD (ca's distinguished name) CertificateConstants.USERDN_FIELD (users distinguished name) CertificateConstants.KEYID_FIELD (keyID of the public key)

Parameters:

partID - Object identifying certificate (A string if a CADN or USERDN is given. If a KEYID is given this is an AccessName.

type - fieldtype as shown above.

localOnly - search local certificates only (in Archive).

Returns:

s a vector of certificates matching the (partial) String.

Throws: CertificateManException

if an error happens during the communication or if the Type Field was wrong.

All Packages  Class Hierarchy  This Package  Previous  Next  Index