001: /*
002: *
003: *
004: * Copyright 1990-2007 Sun Microsystems, Inc. All Rights Reserved.
005: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
006: *
007: * This program is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU General Public License version
009: * 2 only, as published by the Free Software Foundation.
010: *
011: * This program is distributed in the hope that it will be useful, but
012: * WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * General Public License version 2 for more details (a copy is
015: * included at /legal/license.txt).
016: *
017: * You should have received a copy of the GNU General Public License
018: * version 2 along with this work; if not, write to the Free Software
019: * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA
021: *
022: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
023: * Clara, CA 95054 or visit www.sun.com if you need additional
024: * information or have any questions.
025: */
026:
027: package javax.microedition.pki;
028:
029: import javax.microedition.securityservice.CMSMessageSignatureServiceException;
030: import javax.microedition.pki.UserCredentialManagerException;
031:
032: import com.sun.midp.main.Configuration;
033:
034: /**
035: * This class provides functionality for user credential management
036: * which includes
037: * creating certificate signing requests, adding user credentials,
038: * and removing credentials that may be used to generate digital
039: * signatures as specified in the
040: * <code>CMSMessageSignatureService</code> class.
041: * The initial version of credential management supports
042: * X.509 version 3 Certificates and URIs that resolve to X.509
043: * Certificates.
044: * <p>
045: * In a public key cryptographic system, a user has two distinct keys.
046: * One key is kept private while the other is made public. There are
047: * a number of public key cryptographic systems, some of which may
048: * be used for the creation of digital signatures (for example, DSA), while
049: * others can be used for encryption (for example, Rabin). Some systems may
050: * be used for both encryption and digital signatures (for example, RSA).
051: * Generally the private key, which is only known to the user,
052: * is used to generate a signature or to decrypt a message. The
053: * public key, as can be deduced from the name, is public knowledge
054: * and is used to verify the user's signature or to encrypt
055: * information intended for the user.
056: * </p>
057: *
058: * <p>
059: * When selecting a public key to encrypt a message or verify a
060: * digital signature, it is important to be able to link the public
061: * key either to the user for which the encrypted message is intended or to
062: * the user that generated the signature. Public key infrastructure
063: * (PKI) provides a mechanism for binding an identity to a public
064: * key. The binding is expressed in a data structure known as a
065: * certificate. The X.509 certificate format is one of the most
066: * widely adopted certificate formats. X.509 certificates generally
067: * contain at least the following information:
068: * <ul>
069: * <li>
070: * An X.500 name that can potentially be linked to the identity
071: * of the user.
072: * </li>
073: * <li>
074: * The public key associated with the X.500 name.
075: * </li>
076: * <li>
077: * A validity period for the certificate (Not Before and Not After).
078: * </li>
079: * <li>
080: * Information on the certificate issuer (an X.500 name for the
081: * issuer and a serial number). This uniquely identifies a
082: * certificate in a PKI.
083: * </li>
084: * </ul>
085: *
086: * The certificate may contain additional information. The certificate
087: * itself is signed by the certificate issuer. The certificate issuer
088: * is usually referred to as a Certificate Authority (CA).
089: * </p>
090: *
091: * <p>
092: * The process that a CA follows before issuing a certificate is
093: * governed by the certification practice statement (CPS) of the
094: * CA. This usually involves both technical and non-technical
095: * steps that need to be completed before a certificate is issued.
096: * Technical steps include obtaining the public key that must be
097: * certified, verifying that the user is in possession of the
098: * corresponding private key, and returning the certificate or a
099: * reference to the certificate once it is issued. Non-technical
100: * steps include the processes followed to establish the
101: * certificate requesters identity.
102: * Upon completion of the technical and non-technical steps of the
103: * registration process, the user is said to be enrolled into the PKI.
104: * </p>
105: *
106: * <p>
107: * The purpose of this class is to provide the technical building
108: * blocks required to enroll a user in a PKI. This will allow a
109: * user to obtain a certificate that can be used in conjunction
110: * with the <code>sign</code> and <code>authenticate</code> methods
111: * in the <code>
112: * javax.microedition.securityservice.CMSMessageSignatureService
113: * </code> class.
114: * This can also be used for
115: * renewing and deleting certificates once they have expired.
116: * With this package it is possible to:
117: * <ul>
118: * <li>
119: * Obtain a certificate signing request that can be sent to a PKI.
120: * </li>
121: * <li>
122: * Add a certificate or certificate URI to a certificate store.
123: * </li>
124: * <li>
125: * Remove a certificate or certificate URI from a certificate store.
126: * </li>
127: * </ul>
128: * </p>
129: *
130: * <h2>Example</h2>
131: *
132: * <pre>
133: * // Parameters for certificate request message.
134: * String nameInfo = new String("CN=User Name");
135: * byte[] enrollmentRequest = null;
136: * int keyLength = 1024;
137: *
138: * // User friendly names and prompts.
139: * String securityElementID = new String("Bank XYZ");
140: * String securityElementPrompt = new String
141: * ("Please insert bank XYZ security element before proceeding");
142: * String friendlyName = new String("My Credential");
143: *
144: * // Certificate chain and URI from registration response.
145: * byte[] pkiPath;
146: * String uri;
147: *
148: *
149: * // Obtain a certificate enrollment request message.
150: * try {
151: * enrollmentRequest = UserCredentialManager.generateCSR
152: * (nameInfo, UserCredentialManager.ALGORITHM_RSA, keyLength,
153: * UserCredentialManager.KEY_USAGE_NON_REPUDIATION,
154: * securityElementID, securityElementPrompt, false);
155: *
156: * // Send it to a registration server.
157: * ...
158: * // Assign values for pkipath and certificate uri
159: * // from the registration response.
160: * ...
161: *
162: * // Store the certificate on the security element.
163: * UserCredentialManager.addCredential(friendlyName,
164: * pkiPath, uri);
165: * } catch (IllegalArgumentException iae) {
166: * iae.printStackTrace();
167: * } catch (NullPointerException npe) {
168: * npe.printStackTrace();
169: * } catch (CMSMessageSignatureServiceException cmse) {
170: * cmse.printStackTrace();
171: * } catch (UserCredentialManagerException pkie) {
172: * pkie.printStackTrace();
173: * }
174: *
175: * </pre>
176: * <p>
177: * <h2>Note regarding UI implementations</h2>
178: * </p>
179: * <p>
180: * User prompts and notifications should be implemented in such a way that:
181: * <ul>
182: * <li>
183: * the UI is distinguishable from a UI generated by external sources
184: * (for example J2ME applications).
185: * </li>
186: * <li>
187: * external sources are not able to modify the data presented to the user.
188: * </li>
189: * <li>
190: * external sources are not able to retrieve the PIN data.
191: * </li>
192: * </ul>
193: * </p>
194: */
195: final public class UserCredentialManager {
196: /**
197: * Algorithm identifier for an RSA signature key.
198: * This is the <code>String</code> representation of the
199: * OID identifying the RSA algorithm.
200: */
201: public final static String ALGORITHM_RSA = "1.2.840.113549.1.1";
202:
203: /**
204: * Algorithm identifier for a DSA signature key.
205: * This is the <code>String</code> representation of the
206: * OID identifying a DSA signature key.
207: */
208: public final static String ALGORITHM_DSA = "1.2.840.10040.4.1";
209:
210: /**
211: * Indicates a key used for authentication.
212: */
213: public final static int KEY_USAGE_AUTHENTICATION = 0;
214:
215: /**
216: * Indicates a key used for digital signatures.
217: */
218: public final static int KEY_USAGE_NON_REPUDIATION = 1;
219:
220: /**
221: * Indicates that key generation is supported
222: * on the platform.
223: */
224: private static boolean keygen = false;
225:
226: static {
227: String generation = Configuration
228: .getProperty("com.sun.satsa.keygen");
229: if (generation != null) {
230: keygen = generation.equals("true");
231: }
232: }
233:
234: /**
235: * Constructor for the <code>UserCredentialManager</code> class.
236: */
237: private UserCredentialManager() {
238: }
239:
240: /**
241: * Creates a DER encoded PKCS#10 certificate enrollment request.
242: * <p>
243: * The implementation uses the <code>securityElementID</code>
244: * and the <code>securityElementPrompt</code> to
245: * choose an appropriate security element.
246: * If an appropriate
247: * security element cannot be found, a
248: * <code>UserCredentialManagerException</code> is thrown and
249: * the <code>getReason</code> method MUST return
250: * <code>SE_NOT_FOUND</code>.
251: * The implementation MUST use the <code>algorithm</code>,
252: * <code>keyLen</code>, and <code>keyUsage</code> parameters
253: * to select a specific key to use in signing the
254: * certificate request.
255: * If the algorithm is not supported or the specific key
256: * parameters can not be fulfilled, then a
257: * <code>UserCredentialManagerException</code> MUST be thrown
258: * and the <code>getReason</code> method MUST return
259: * <code>SE_NO_KEYS</code>.
260: * </p>
261: *
262: * <p>
263: * If the platform can select a security element and the security
264: * element contains multiple keys, it is up to the platform to
265: * select an appropriate key
266: * (when key generation is not forced).
267: *
268: * If a key is found that is not yet associated with a user
269: * certificate or a user certificate request, the platform MUST
270: * select such a key in preference to keys that are already
271: * associated with a user certificate or certificate request.
272: *
273: * If all keys are associated with a certificate or a certificate
274: * request, the implementation MUST select the key associated with
275: * a certificate request in preference to keys that are
276: * associated with a certificate.
277: *
278: * If all keys are already associated with a user certificate and
279: * key generation was not forced, the platform MAY select one
280: * of the existing keys for inclusion in the certificate signing
281: * request, depending on the security element policy.
282: * </p>
283: *
284: * <p>
285: * The application requests key generation by setting the
286: * <code>forceKeyGen</code> flag.
287: * If a key is requested of a security element that is not
288: * capable of key generation, a
289: * <code>UserCredentialManagerException</code> MUST be thrown
290: * and the <code>getReason</code> method MUST return
291: * <code>SE_NO_KEYGEN</code>. If the key can not be
292: * generated with the requested key parameters, a
293: * <code>UserCredentialManagerException</code> MUST be thrown
294: * and the <code>getReason</code> method MUST return
295: * <code>SE_NO_KEYS</code>.
296: * If the security element requires the user to specify a new PIN
297: * that is used to protect the keys to be generated, the implementation
298: * of this method is responsible for collecting the new PIN from the user.
299: * </p>
300: *
301: * <p>
302: * If a security element is found, but it contains no
303: * keys that can be used, then a
304: * <code>UserCredentialManagerException</code> MUST be thrown
305: * and the <code>getReason</code> method MUST return
306: * <code>SE_NO_KEYS</code>.
307: * If a security element is found, but all available
308: * keys have been associated with certificates and
309: * if the platform does not allow selection of keys already
310: * associated with certificates, then a
311: * <code>UserCredentialManagerException</code> MUST be thrown
312: * and the <code>getReason</code> method MUST return
313: * <code>SE_NO_UNASSOCIATED_KEYS</code>.
314: * </p>
315: * <p>
316: * If a security element can be selected and an appropriate
317: * key is available (either generated or already existing)
318: * the certification request is generated and formatted. The
319: * certification request will be formatted as a PKCS#10
320: * certificate request. The request may contain
321: * additional attributes.
322: * </p>
323: * <p>
324: * See "X.690 - Information technology - ASN.1 encoding rules:
325: * Specification of Basic Encoding Rules (BER),
326: * Canonical Encoding Rules (CER) and
327: * Distinguished Encoding Rules (DER)" at
328: * <a href=
329: * "http://www.itu.int/ITU-T/studygroups/com17/languages/">
330: * http://www.itu.int/ITU-T/studygroups/com17/languages/
331: * </a> for details about ASN.1 encoding rules.
332: *
333: * </p>
334: * <p>
335: * Generation of the certificate enrollment request and the key pair
336: * must be confirmed by the user. The user should have the option
337: * to view the detailed information of the key used in signing the
338: * certificate request, such as
339: * the key usage, key length, public key algorithm.
340: * This method returns <code>null</code> if the user cancels the
341: * certificate enrollment request.
342: * </p>
343: * <p>
344: * Authorization to generate certificate enrollment request is
345: * also subject to the policy
346: * of the underlying security element. If user authorization is required
347: * through the entry of PIN, the implementation of this method
348: * is responsible for collecting the PIN from the user. Incorrect
349: * PIN entry is handled by
350: * the implementation. The number of retries following incorrect
351: * PIN entry is
352: * governed by the security element policy. If the PIN is blocked due to an
353: * excessive number of incorrect PIN entries, the implementation
354: * must throw a
355: * <code>SecurityException</code> exception.
356: * </p>
357: * @param nameInfo the distinguished name
358: * to be included in the PKCS#10 certificate signing request.
359: * The distinguished name MUST follow the encoding rules of
360: * <a href="http://www.ietf.org/rfc/rfc2253.txt">
361: * RFC2253</a>. If <code>null</code> is passed as the
362: * parameter value, it is up to the implementation to
363: * choose an appropriate distinguished name (for example, the WIM
364: * serial number).
365: * If <code>nameInfo</code> is empty or not formatted according
366: * RFC2253 an <code>IllegalArgumentException</code> is thrown.
367: *
368: * @param algorithm the Object Identifier (OID) for the public key
369: * algorithm to use. (see
370: * <a href="http://www.ietf.org/rfc/rfc1778.txt">RFC 1778</a>)
371: * The static variables
372: * <code>UserCredentialManager.ALGORITHM_RSA</code> and
373: * <code>UserCredentialManager.ALGORITHM_DSA</code> may
374: * be used to indicate either RSA or DSA signature keys.
375: * If <code>algorithm</code> is empty or not formatted according
376: * RFC1778 an <code>IllegalArgumentException</code> is thrown.
377: * If the requested <code>algorithm</code> is not supported
378: * on the platform then a
379: * <code>UserCredentialManagerException</code> MUST be thrown
380: * and the <code>getReason</code> method MUST return
381: * <code>SE_NO_KEYS</code>.
382: *
383: * @param keyLen the key length (typically 1024 for RSA)
384: * If <code>keyLen</code> is incorrect an
385: * <code>IllegalArgumentException</code> is thrown.
386: *
387: * @param keyUsage the functionality for which the key is marked
388: * inside the security element. This may be one of
389: * <code>UserCredentialManager.KEY_USAGE_AUTHENTICATION</code>
390: * or
391: * <code>UserCredentialManager.KEY_USAGE_NON_REPUDIATION</code>.
392: * If <code>keyUsage</code> is incorrect an
393: * <code>IllegalArgumentException</code> is thrown.
394: *
395: * @param securityElementID identifies the security element on
396: * which the key resides or will be generated.
397: * If this parameter is
398: * <code>null</code> the implementation MUST choose the first
399: * available security element that meets the specified requirements.
400: * If no appropriate security element is found, the
401: * <code>securityElementPrompt</code> parameter MUST be used
402: * to guide the user on selecting the correct security element.
403: * If no security element can be selected, a
404: * <code>UserCredentialManagerException</code> is thrown and
405: * the <code>getReason</code> method MUST return
406: * <code>SE_NOT_FOUND</code>.
407: *
408: * @param securityElementPrompt guides a user to insert the
409: * correct security element, if the suitable security element is
410: * removable and not detected.
411: * If this parameter is set to <code>null</code>, a user prompt is not
412: * used to guide the user to select an appropriate security element.
413: *
414: * @param forceKeyGen if set to <code>true</code> a new key MUST be
415: * generated. If the security element does not support key generation
416: * it MUST throw an <code>UserCredentialManagerException</code> and
417: * the <code>getReason</code> method MUST return a
418: * <code>SE_NO_KEYGEN</code> error code.
419: * If set to <code>false</code> no key
420: * generation is required and an existing key may be used.
421: *
422: * @return DER encoded PKCS#10 certificate enrollment request, or
423: * <code>null</code> if the certificate
424: * enrollment request was cancelled by the user before completion.
425: * @throws IllegalArgumentException if the parameters are not valid
426: * @throws UserCredentialManagerException if an error occurs while
427: * generating the certificate request
428: * @throws SecurityException if the caller is not
429: * authorized to access the user certificate store
430: * @throws CMSMessageSignatureServiceException if an
431: * error occurs while signing the certificate request
432: */
433: public static final byte[] generateCSR(String nameInfo,
434: String algorithm, int keyLen, int keyUsage,
435: String securityElementID, String securityElementPrompt,
436: boolean forceKeyGen) throws UserCredentialManagerException,
437: CMSMessageSignatureServiceException {
438:
439: /* User requested a new key be generated. */
440: if (forceKeyGen) {
441: if (!UserCredentialManager.keygen) {
442: // Configuration parameter disabled key generation.
443: throw new UserCredentialManagerException(
444: UserCredentialManagerException.SE_NO_KEYGEN);
445: }
446: }
447:
448: return com.sun.satsa.pki.PKIManager.generateCSR(nameInfo,
449: algorithm, keyLen, keyUsage, securityElementID,
450: securityElementPrompt, forceKeyGen);
451: }
452:
453: /**
454: * Adds a user certificate or certificate
455: * URI to a certificate store.
456: * <p>
457: * A credential is registered using an ordered sequence of
458: * certificates, called a PKI Path.
459: * The PKI Path is defined in <A HREF=
460: * "ftp://ftp.bull.com/pub/OSIdirectory/DefectResolution/TechnicalCorrigenda/ApprovedTechnicalCorrigendaToX.509/8%7CX.509-TC3%284th%29.pdf">
461: * ITU-T RECOMMENDATION X.509 (2000) | ISO/IEC 9594-8:2001,
462: * Technical Corrigendum 1 (DTC 2) </A> and is used
463: * by the J2SE <A HREF=
464: * "http://java.sun.com/j2se/1.4.1/docs/guide/security/certpath/CertPathProgGuide.html#AppA">
465: * CertPath Encodings</A>.</p>
466: * <p>
467: * <strong>PkiPath:</strong> an ASN.1 DER encoded sequence of
468: * certificates, defined as follows:<pre>
469: * <code>PkiPath ::= SEQUENCE OF Certificate</code>
470: * </pre>
471: * Within the sequence, the order of certificates is such that the
472: * subject of the first certificate is the issuer of the second
473: * certificate, etc. Each certificate in PkiPath shall be
474: * unique. No certificate may appear more than once in a value of
475: * Certificate in PkiPath. The last certificate is the end entity
476: * user certificate.
477: * </p>
478: * <p>
479: * The use of the certificate URI is platform dependent.
480: * Some platforms may not store the user certificate, but may
481: * instead keep a copy of the URI.
482: * If only the URI is retained instead of the certificates
483: * included in the pkiPath, the implementation MUST parse the user
484: * certificate in the pkiPath to obtain relevant information such
485: * as the issuing CA name, the user certificate serial number, the
486: * public key, and user distinguished name. Some of these fields
487: * may be required by the underlying security element.
488: * The certificate URI parameter can be
489: * <code>null</code> in deployments where off device access to
490: * certificate storage is not supported.
491: * </p>
492: * <p>
493: * Some platforms MAY store the credential information with
494: * a specific security element, while other platforms MAY
495: * have a central repository for credentials. It is platform
496: * dependent where the information is maintained.
497: * </p>
498: * <p>
499: * Storing the requested credential must be confirmed by the
500: * user. The implementation must display the user friendly
501: * name of the certificate or the certificate URL. The user should
502: * have the option
503: * to view the detailed information of the credential, such as the
504: * certificate issuer, certificate subject, and certificate
505: * validity period.
506: * This method returns <code>false</code> if the user cancels the
507: * request to add the credential.
508: * </p>
509: * <p>
510: * Authorization to store the requested credential is also subject
511: * to the policy
512: * of the underlying security element or the platform. If user
513: * authorization is required
514: * through the entry of PIN, the implementation of this method
515: * is responsible for collecting the PIN from the user. Incorrect
516: * PIN entry is handled by
517: * the implementation. The number of retries following incorrect
518: * PIN entry is
519: * governed by the policy of the security element or the
520: * platform. If the PIN is blocked due to an
521: * excessive number of incorrect PIN entries, the implementation
522: * must throw a
523: * <code>SecurityException</code> exception.
524: * </p>
525: * If the requested certificate can not be stored, a
526: * <code>UserCredentialManagerException</code> is thrown and
527: * the <code>getReason</code> method MUST return
528: * <code>CREDENTIAL_NOT_SAVED</code>.
529: * @param certDisplayName the user friendly
530: * name associated with the certificate.
531: * If <code>certDisplayName</code> is <code>null</code> or
532: * an empty string an <code>IllegalArgumentException</code>
533: * is thrown. Applications MUST use unique user
534: * friendly names to make selection easier.
535: * If the <code>certDisplayName</code> is already
536: * registered, an <code>IllegalArgumentException</code>
537: * is thrown.
538: *
539: * @param pkiPath the DER encoded PKIPath containing user
540: * certificate and certificate authority certificates.
541: * If <code>pkiPath</code> is <code>null</code> or
542: * incorrectly formatted an <code>IllegalArgumentException</code>
543: * is thrown.
544: * If <code>pkiPath</code> is already registered,
545: * an <code>IllegalArgumentException</code> is thrown.
546: *
547: * @param uri a URI that resolves to a X.509v3 certificate.
548: * The uri can be <code>null</code>.
549: *
550: * @throws IllegalArgumentException if parameters are not
551: * valid
552: * @throws UserCredentialManagerException if an error occurs
553: * while adding a user credential
554: * @throws SecurityException if the caller is not
555: * authorized to add to the user certificate store
556: *
557: * @return <code>false</code> if the operation to add the
558: * credential was cancelled by the user
559: * before completion.
560: */
561: public static final boolean addCredential(String certDisplayName,
562: byte[] pkiPath, String uri)
563: throws UserCredentialManagerException {
564: return com.sun.satsa.pki.PKIManager.addCredential(
565: certDisplayName, pkiPath, uri);
566: }
567:
568: /**
569: * Removes a certificate or certificate
570: * URI from a certificate store.
571: * <p>
572: * Removal of the credential from the certificate store
573: * must be confirmed by the user. The implementation must display
574: * the user friendly
575: * name of the certificate or the certificate URL. The user should
576: * have the option
577: * to view the detailed information of the credential, such as the
578: * certificate issuer, certificate subject, and certificate
579: * validity period.
580: * This method returns <code>false</code> if the user cancels the
581: * request to remove the credential.
582: * </p>
583: * <p>
584: * Authorization to remove the requested credential is also
585: * subject to the policy
586: * of the underlying security element or the platform. If user
587: * authorization is required
588: * through the entry of PIN, the implementation of this method
589: * is responsible for collecting the PIN from the user. Incorrect
590: * PIN entry is handled
591: * by the implementation. The number of retries following
592: * incorrect PIN entry is
593: * governed by the policy of the security element or the
594: * platform. If the PIN is blocked due to an
595: * excessive number of incorrect PIN entries, the implementation
596: * must throw a
597: * <code>SecurityException</code> exception.
598: * </p>
599: * @param certDisplayName the user friendly
600: * name associated with the certificate.
601: * If <code>certDisplayName</code> is <code>null</code> or
602: * an empty string an <code>IllegalArgumentException</code>
603: * is thrown.
604: *
605: * @param issuerAndSerialNumber the DER encoded ASN.1 structure
606: * that contains the certificate issuer and serial number as
607: * defined in <a href="http://www.ietf.org/rfc/rfc3369.txt">
608: * RFC 3369</a>.
609: * If <code>issuerAndSerialNumber</code> is <code>null</code> or
610: * not properly formatted according to RFC3369
611: * an <code>IllegalArgumentException</code> is thrown.
612: * If the requested certificate is not found, a
613: * <code>UserCredentialManagerException</code> is thrown and
614: * the <code>getReason</code> method MUST return
615: * <code>CREDENTIAL_NOT_FOUND</code>.
616: *
617: * @param securityElementID identifies the security element on
618: * which the key resides. If this parameter is
619: * <code>null</code> the implementation MUST choose the first
620: * available security element that meets the specified requirements.
621: * If no appropriate security element is found, the
622: * <code>securityElementPrompt</code> parameter MUST be used
623: * to guide the user on selecting the correct security element.
624: * If no security element can be selected, a
625: * <code>UserCredentialManagerException</code> is thrown and
626: * the <code>getReason</code> method MUST return
627: * <code>SE_NOT_FOUND</code>.
628: *
629: * @param securityElementPrompt guides the user to insert
630: * the correct security element if the security element is
631: * removable and not detected.
632: * If this parameter is set to <code>null</code>, no information
633: * regarding which security element to use is displayed to
634: * the user.
635: *
636: * @throws IllegalArgumentException if the parameters are not valid
637: * @throws UserCredentialManagerException if an error occurs
638: * while removing the credential
639: * @throws SecurityException if the caller is not
640: * authorized to remove from the user certificate store
641: * @return <code>false</code> if the operation to remove the
642: * credential was cancelled by the user
643: * before completion.
644: */
645: public static final boolean removeCredential(
646: String certDisplayName, byte[] issuerAndSerialNumber,
647: String securityElementID, String securityElementPrompt)
648: throws UserCredentialManagerException {
649:
650: return com.sun.satsa.pki.PKIManager.removeCredential(
651: certDisplayName, issuerAndSerialNumber,
652: securityElementID, securityElementPrompt);
653: }
654: }
|