Source Code Cross Referenced for UserCredentialManager.java in  » 6.0-JDK-Modules » j2me » javax » microedition » pki » Java Source Code / Java DocumentationJava Source Code and Java Documentation

Java Source Code / Java Documentation
1. 6.0 JDK Core
2. 6.0 JDK Modules
3. 6.0 JDK Modules com.sun
4. 6.0 JDK Modules com.sun.java
5. 6.0 JDK Modules sun
6. 6.0 JDK Platform
7. Ajax
8. Apache Harmony Java SE
9. Aspect oriented
10. Authentication Authorization
11. Blogger System
12. Build
13. Byte Code
14. Cache
15. Chart
16. Chat
17. Code Analyzer
18. Collaboration
19. Content Management System
20. Database Client
21. Database DBMS
22. Database JDBC Connection Pool
23. Database ORM
24. Development
25. EJB Server geronimo
26. EJB Server GlassFish
27. EJB Server JBoss 4.2.1
28. EJB Server resin 3.1.5
29. ERP CRM Financial
30. ESB
31. Forum
32. GIS
33. Graphic Library
34. Groupware
35. HTML Parser
36. IDE
37. IDE Eclipse
38. IDE Netbeans
39. Installer
40. Internationalization Localization
41. Inversion of Control
42. Issue Tracking
43. J2EE
44. JBoss
45. JMS
46. JMX
47. Library
48. Mail Clients
49. Net
50. Parser
51. PDF
52. Portal
53. Profiler
54. Project Management
55. Report
56. RSS RDF
57. Rule Engine
58. Science
59. Scripting
60. Search Engine
61. Security
62. Sevlet Container
63. Source Control
64. Swing Library
65. Template Engine
66. Test Coverage
67. Testing
68. UML
69. Web Crawler
70. Web Framework
71. Web Mail
72. Web Server
73. Web Services
74. Web Services apache cxf 2.0.1
75. Web Services AXIS2
76. Wiki Engine
77. Workflow Engines
78. XML
79. XML UI
Java
Java Tutorial
Java Open Source
Jar File Download
Java Articles
Java Products
Java by API
Photoshop Tutorials
Maya Tutorials
Flash Tutorials
3ds-Max Tutorials
Illustrator Tutorials
GIMP Tutorials
C# / C Sharp
C# / CSharp Tutorial
C# / CSharp Open Source
ASP.Net
ASP.NET Tutorial
JavaScript DHTML
JavaScript Tutorial
JavaScript Reference
HTML / CSS
HTML CSS Reference
C / ANSI-C
C Tutorial
C++
C++ Tutorial
Ruby
PHP
Python
Python Tutorial
Python Open Source
SQL Server / T-SQL
SQL Server / T-SQL Tutorial
Oracle PL / SQL
Oracle PL/SQL Tutorial
PostgreSQL
SQL / MySQL
MySQL Tutorial
VB.Net
VB.Net Tutorial
Flash / Flex / ActionScript
VBA / Excel / Access / Word
XML
XML Tutorial
Microsoft Office PowerPoint 2007 Tutorial
Microsoft Office Excel 2007 Tutorial
Microsoft Office Word 2007 Tutorial
Java Source Code / Java Documentation » 6.0 JDK Modules » j2me » javax.microedition.pki 
Source Cross Referenced  Class Diagram Java Document (Java Doc) 


001:        /*
002:         *   
003:         *
004:         * Copyright  1990-2007 Sun Microsystems, Inc. All Rights Reserved.
005:         * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
006:         * 
007:         * This program is free software; you can redistribute it and/or
008:         * modify it under the terms of the GNU General Public License version
009:         * 2 only, as published by the Free Software Foundation.
010:         * 
011:         * This program is distributed in the hope that it will be useful, but
012:         * WITHOUT ANY WARRANTY; without even the implied warranty of
013:         * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014:         * General Public License version 2 for more details (a copy is
015:         * included at /legal/license.txt).
016:         * 
017:         * You should have received a copy of the GNU General Public License
018:         * version 2 along with this work; if not, write to the Free Software
019:         * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020:         * 02110-1301 USA
021:         * 
022:         * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
023:         * Clara, CA 95054 or visit www.sun.com if you need additional
024:         * information or have any questions.
025:         */
026:
027:        package javax.microedition.pki;
028:
029:        import javax.microedition.securityservice.CMSMessageSignatureServiceException;
030:        import javax.microedition.pki.UserCredentialManagerException;
031:
032:        import com.sun.midp.main.Configuration;
033:
034:        /**
035:         * This class provides functionality for user credential management
036:         * which includes 
037:         * creating certificate signing requests, adding user credentials,
038:         * and removing credentials that may be used to generate digital
039:         * signatures as specified in the 
040:         * <code>CMSMessageSignatureService</code> class.
041:         * The initial version of credential management supports
042:         * X.509 version 3 Certificates and URIs that resolve to X.509
043:         * Certificates.
044:         * <p>
045:         * In a public key cryptographic system, a user has two distinct keys.
046:         * One key is kept private while the other is made public. There are
047:         * a number of public key cryptographic systems, some of which may
048:         * be used for the creation of digital signatures (for example, DSA), while
049:         * others can be used for encryption (for example, Rabin). Some systems may
050:         * be used for both encryption and digital signatures (for example, RSA).
051:         * Generally the private key, which is only known to the user,
052:         * is used to generate a signature or to decrypt a message. The
053:         * public key, as can be deduced from the name, is public knowledge
054:         * and is used to verify the user's signature or to encrypt
055:         * information intended for the user.
056:         * </p>
057:         *
058:         * <p>
059:         * When selecting a public key to encrypt a message or verify a
060:         * digital signature, it is important to be able to link the public
061:         * key either to the user for which the encrypted message is intended or to
062:         * the user that generated the signature. Public key infrastructure
063:         * (PKI) provides a mechanism for binding an identity to a public
064:         * key. The binding is expressed in a data structure known as a
065:         * certificate. The X.509 certificate format is one of the most
066:         * widely adopted certificate formats. X.509 certificates generally
067:         * contain at least the following information:
068:         * <ul>
069:         * <li>
070:         * An X.500 name that can potentially be linked to the identity
071:         * of the user.
072:         * </li>
073:         * <li>
074:         * The public key associated with the X.500 name.
075:         * </li>
076:         * <li>
077:         * A validity period for the certificate (Not Before and Not After).
078:         * </li>
079:         * <li>
080:         * Information on the certificate issuer (an X.500 name for the
081:         * issuer and a serial number). This uniquely identifies a
082:         * certificate in a PKI.
083:         * </li>
084:         * </ul>
085:         *
086:         * The certificate may contain additional information. The certificate
087:         * itself is signed by the certificate issuer. The certificate issuer
088:         * is usually referred to as a Certificate Authority (CA).
089:         * </p>
090:         *
091:         * <p>
092:         * The process that a CA follows before issuing a certificate is
093:         * governed by the certification practice statement (CPS) of the
094:         * CA. This usually involves both technical and non-technical
095:         * steps that need to be completed before a certificate is issued.
096:         * Technical steps include obtaining the public key that must be
097:         * certified, verifying that the user is in possession of the
098:         * corresponding private key, and returning the certificate or a
099:         * reference to the certificate once it is issued. Non-technical
100:         * steps include the processes followed to establish the
101:         * certificate requesters identity.
102:         * Upon completion of the technical and non-technical steps of the
103:         * registration process, the user is said to be enrolled into the PKI.
104:         * </p>
105:         *
106:         * <p>
107:         * The purpose of this class is to provide the technical building
108:         * blocks required to enroll a user in a PKI. This will allow a
109:         * user to obtain a certificate that can be used in conjunction
110:         * with the <code>sign</code> and <code>authenticate</code> methods
111:         * in the <code>
112:         * javax.microedition.securityservice.CMSMessageSignatureService
113:         * </code> class.
114:         * This can also be used for
115:         * renewing and deleting certificates once they have expired. 
116:         * With this package it is possible to:
117:         * <ul>
118:         * <li>
119:         * Obtain a certificate signing request that can be sent to a PKI.
120:         * </li>
121:         * <li>
122:         * Add a certificate or certificate URI to a certificate store.
123:         * </li>
124:         * <li>
125:         * Remove a certificate or certificate URI from a certificate store.
126:         * </li>
127:         * </ul>
128:         * </p>
129:         *
130:         * <h2>Example</h2>
131:         *
132:         * <pre>
133:         *    // Parameters for certificate request message.
134:         *    String nameInfo = new String("CN=User Name");
135:         *    byte[] enrollmentRequest = null;
136:         *    int keyLength = 1024;
137:         *
138:         *    // User friendly names and prompts.
139:         *    String securityElementID = new String("Bank XYZ");
140:         *    String securityElementPrompt = new String
141:         *        ("Please insert bank XYZ security element before proceeding");
142:         *    String friendlyName = new String("My Credential");
143:         *
144:         *    // Certificate chain and URI from registration response.
145:         *    byte[] pkiPath; 
146:         *    String uri;     
147:         * 
148:         * 
149:         *    // Obtain a certificate enrollment request message.
150:         *    try {
151:         *        enrollmentRequest = UserCredentialManager.generateCSR
152:         *            (nameInfo, UserCredentialManager.ALGORITHM_RSA, keyLength,
153:         *             UserCredentialManager.KEY_USAGE_NON_REPUDIATION, 
154:         *             securityElementID, securityElementPrompt, false);
155:         * 
156:         *        // Send it to a registration server.
157:         *         ...
158:         *        // Assign values for pkipath and certificate uri
159:         *        // from the registration response.
160:         *         ...
161:         * 
162:         *        // Store the certificate on the security element.
163:         *        UserCredentialManager.addCredential(friendlyName,
164:         *                                            pkiPath, uri);
165:         *    } catch (IllegalArgumentException iae) {
166:         *        iae.printStackTrace();
167:         *    } catch (NullPointerException npe) {
168:         *        npe.printStackTrace();
169:         *    } catch (CMSMessageSignatureServiceException cmse) {
170:         *        cmse.printStackTrace();
171:         *    } catch (UserCredentialManagerException pkie) {
172:         *        pkie.printStackTrace();
173:         *    }
174:         *
175:         * </pre>
176:         * <p>
177:         * <h2>Note regarding UI implementations</h2>
178:         * </p>
179:         * <p>
180:         * User prompts and notifications should be implemented in such a way that:
181:         * <ul>
182:         * <li>
183:         * the UI is distinguishable from a UI generated by external sources 
184:         * (for example J2ME applications).
185:         * </li>
186:         * <li>
187:         * external sources are not able to modify the data presented to the user.
188:         * </li>
189:         * <li>
190:         * external sources are not able to retrieve the PIN data.
191:         * </li>
192:         * </ul>
193:         * </p>
194:         */
195:        final public class UserCredentialManager {
196:            /**
197:             * Algorithm identifier for an RSA signature key.
198:             * This is the <code>String</code> representation of the
199:             * OID identifying the RSA algorithm.
200:             */
201:            public final static String ALGORITHM_RSA = "1.2.840.113549.1.1";
202:
203:            /**
204:             * Algorithm identifier for a DSA signature key.
205:             * This is the <code>String</code> representation of the
206:             * OID identifying a DSA signature key.
207:             */
208:            public final static String ALGORITHM_DSA = "1.2.840.10040.4.1";
209:
210:            /**
211:             * Indicates a key used for authentication.
212:             */
213:            public final static int KEY_USAGE_AUTHENTICATION = 0;
214:
215:            /**
216:             * Indicates a key used for digital signatures.
217:             */
218:            public final static int KEY_USAGE_NON_REPUDIATION = 1;
219:
220:            /**
221:             * Indicates that key generation is supported
222:             * on the platform.
223:             */
224:            private static boolean keygen = false;
225:
226:            static {
227:                String generation = Configuration
228:                        .getProperty("com.sun.satsa.keygen");
229:                if (generation != null) {
230:                    keygen = generation.equals("true");
231:                }
232:            }
233:
234:            /**
235:             * Constructor for the <code>UserCredentialManager</code> class.
236:             */
237:            private UserCredentialManager() {
238:            }
239:
240:            /**
241:             * Creates a DER encoded PKCS#10 certificate enrollment request.
242:             * <p>
243:             * The implementation uses the <code>securityElementID</code>
244:             * and the <code>securityElementPrompt</code> to
245:             * choose an appropriate security element. 
246:             * If an appropriate
247:             * security element cannot be found, a
248:             * <code>UserCredentialManagerException</code> is thrown and
249:             * the <code>getReason</code> method MUST return
250:             * <code>SE_NOT_FOUND</code>.
251:             * The implementation MUST use the <code>algorithm</code>,
252:             * <code>keyLen</code>, and <code>keyUsage</code> parameters
253:             * to select a specific key to use in signing the 
254:             * certificate request.
255:             * If the algorithm is not supported or the specific key
256:             * parameters can not be fulfilled,  then a
257:             * <code>UserCredentialManagerException</code> MUST be thrown
258:             * and the <code>getReason</code> method MUST return
259:             * <code>SE_NO_KEYS</code>. 
260:             * </p>
261:             *
262:             * <p>
263:             * If the platform can select a security element and the security
264:             * element contains multiple keys, it is up to the platform to
265:             * select an appropriate key
266:             * (when key generation is not forced). 
267:             *
268:             * If a key is found that is not yet associated with a user
269:             * certificate or a user certificate request, the platform MUST
270:             * select such a key in preference to keys that are already
271:             * associated with a user certificate or certificate request. 
272:             *
273:             * If all keys are associated with a certificate or a certificate
274:             * request, the implementation MUST select the key associated with
275:             * a certificate request in preference to keys that are 
276:             * associated with a certificate.
277:             *
278:             * If all keys are already associated with a user certificate and
279:             * key generation was not forced, the platform MAY select one
280:             * of the existing keys for inclusion in the certificate signing
281:             * request, depending on the security element policy.
282:             * </p>
283:             *
284:             * <p>
285:             * The application requests key generation by setting the
286:             * <code>forceKeyGen</code> flag. 
287:             * If a key is requested of a security element that is not 
288:             * capable of key generation, a
289:             * <code>UserCredentialManagerException</code> MUST be thrown
290:             * and the <code>getReason</code> method MUST return
291:             * <code>SE_NO_KEYGEN</code>. If the key can not be 
292:             * generated with the requested key parameters, a
293:             * <code>UserCredentialManagerException</code> MUST be thrown
294:             * and the <code>getReason</code> method MUST return
295:             * <code>SE_NO_KEYS</code>.
296:             * If the security element requires the user to specify a new PIN
297:             * that is used to protect the keys to be generated, the implementation
298:             * of this method is responsible for collecting the new PIN from the user.
299:             * </p>
300:             *
301:             * <p>
302:             * If a security element is found, but it contains no 
303:             * keys that can be used, then a
304:             * <code>UserCredentialManagerException</code> MUST be thrown
305:             * and the <code>getReason</code> method MUST return
306:             * <code>SE_NO_KEYS</code>.
307:             * If a security element is found, but all available 
308:             * keys have been associated with certificates and
309:             * if the platform does not allow selection of keys already
310:             * associated with certificates, then a
311:             * <code>UserCredentialManagerException</code> MUST be thrown
312:             * and the <code>getReason</code> method MUST return
313:             * <code>SE_NO_UNASSOCIATED_KEYS</code>.
314:             * </p>
315:             * <p>
316:             * If a security element can be selected and an appropriate
317:             * key is available (either generated or already existing)
318:             * the certification request is generated and formatted. The
319:             * certification request will be formatted as a PKCS#10
320:             * certificate request. The request may contain
321:             * additional attributes.
322:             * </p>
323:             * <p>
324:             * See "X.690 - Information technology - ASN.1 encoding rules:
325:             * Specification of Basic Encoding Rules (BER),
326:             * Canonical Encoding Rules (CER) and
327:             * Distinguished Encoding Rules (DER)" at
328:             * <a href=
329:             * "http://www.itu.int/ITU-T/studygroups/com17/languages/">
330:             * http://www.itu.int/ITU-T/studygroups/com17/languages/
331:             * </a> for details about ASN.1 encoding rules.
332:             * 
333:             * </p>
334:             * <p>
335:             * Generation of the certificate enrollment request and the key pair 
336:             * must be confirmed by the user. The user should have the option
337:             * to view the detailed information of the key used in signing the
338:             * certificate request, such as
339:             * the key usage, key length, public key algorithm.
340:             * This method returns <code>null</code> if the user cancels the
341:             * certificate enrollment request.
342:             * </p>
343:             * <p>
344:             * Authorization to generate certificate enrollment request is
345:             * also subject to the policy
346:             * of the underlying security element. If user authorization is required 
347:             * through the entry of PIN, the implementation of this method 
348:             * is responsible for collecting the PIN from the user. Incorrect
349:             * PIN entry is handled by
350:             * the implementation. The number of retries following incorrect
351:             * PIN entry is
352:             * governed by the security element policy. If the PIN is blocked due to an 
353:             * excessive number of incorrect PIN entries, the implementation
354:             * must throw a
355:             * <code>SecurityException</code> exception.
356:             * </p>
357:             * @param nameInfo the distinguished name
358:             * to be included in the PKCS#10 certificate signing request.
359:             * The distinguished name MUST follow the encoding rules of
360:             * <a href="http://www.ietf.org/rfc/rfc2253.txt">
361:             * RFC2253</a>. If <code>null</code> is passed as the
362:             * parameter value, it is up to the implementation to
363:             * choose an appropriate distinguished name (for example, the WIM
364:             * serial number).
365:             * If <code>nameInfo</code> is empty or not formatted according
366:             * RFC2253 an <code>IllegalArgumentException</code> is thrown.
367:             *
368:             * @param algorithm the Object Identifier (OID) for the public key
369:             * algorithm to use. (see     
370:             * <a href="http://www.ietf.org/rfc/rfc1778.txt">RFC 1778</a>)
371:             * The static variables
372:             * <code>UserCredentialManager.ALGORITHM_RSA</code> and
373:             * <code>UserCredentialManager.ALGORITHM_DSA</code> may
374:             * be used to indicate either RSA or DSA signature keys.
375:             * If <code>algorithm</code> is empty or not formatted according
376:             * RFC1778 an <code>IllegalArgumentException</code> is thrown.
377:             * If the requested <code>algorithm</code> is not supported
378:             * on the platform then a
379:             * <code>UserCredentialManagerException</code> MUST be thrown
380:             * and the <code>getReason</code> method MUST return
381:             * <code>SE_NO_KEYS</code>.  
382:             *
383:             * @param keyLen  the key length (typically 1024 for RSA)
384:             * If <code>keyLen</code> is incorrect an 
385:             * <code>IllegalArgumentException</code> is thrown.
386:             *
387:             * @param keyUsage the functionality for which the key is marked
388:             * inside the security element. This may be one of
389:             * <code>UserCredentialManager.KEY_USAGE_AUTHENTICATION</code>
390:             * or
391:             * <code>UserCredentialManager.KEY_USAGE_NON_REPUDIATION</code>.
392:             * If <code>keyUsage</code> is incorrect an 
393:             * <code>IllegalArgumentException</code> is thrown.
394:             *
395:             * @param securityElementID  identifies the security element on
396:             * which the key resides or will be generated. 
397:             * If this parameter is
398:             * <code>null</code> the implementation MUST choose the first
399:             * available security element that meets the specified requirements.
400:             * If no appropriate security element is found, the
401:             * <code>securityElementPrompt</code> parameter MUST be used
402:             * to guide the user on selecting the correct security element.
403:             * If no security element can be selected, a
404:             * <code>UserCredentialManagerException</code> is thrown and
405:             * the <code>getReason</code> method MUST return
406:             * <code>SE_NOT_FOUND</code>.
407:             *
408:             * @param securityElementPrompt guides a user to insert the
409:             * correct security element, if the suitable security element is
410:             * removable and not detected. 
411:             * If this parameter is set to <code>null</code>, a user prompt is not
412:             * used to guide the user to select an appropriate security element.
413:             *
414:             * @param forceKeyGen if set to <code>true</code> a new key MUST be
415:             * generated. If the security element does not support key generation
416:             * it MUST throw an <code>UserCredentialManagerException</code> and
417:             * the <code>getReason</code> method MUST return a
418:             * <code>SE_NO_KEYGEN</code> error code.
419:             * If set to <code>false</code> no key
420:             * generation is required and an existing key may be used.
421:             *
422:             * @return DER encoded PKCS#10 certificate enrollment request, or
423:             * <code>null</code> if the certificate
424:             * enrollment request was cancelled by the user before completion.
425:             * @throws IllegalArgumentException if the parameters are not valid
426:             * @throws UserCredentialManagerException if an error occurs while
427:             * generating the certificate request
428:             * @throws SecurityException if the caller is not
429:             * authorized to access the user certificate store
430:             * @throws  CMSMessageSignatureServiceException if an
431:             * error occurs while signing the certificate request
432:             */
433:            public static final byte[] generateCSR(String nameInfo,
434:                    String algorithm, int keyLen, int keyUsage,
435:                    String securityElementID, String securityElementPrompt,
436:                    boolean forceKeyGen) throws UserCredentialManagerException,
437:                    CMSMessageSignatureServiceException {
438:
439:                /* User requested a new key be generated. */
440:                if (forceKeyGen) {
441:                    if (!UserCredentialManager.keygen) {
442:                        // Configuration parameter disabled key generation.
443:                        throw new UserCredentialManagerException(
444:                                UserCredentialManagerException.SE_NO_KEYGEN);
445:                    }
446:                }
447:
448:                return com.sun.satsa.pki.PKIManager.generateCSR(nameInfo,
449:                        algorithm, keyLen, keyUsage, securityElementID,
450:                        securityElementPrompt, forceKeyGen);
451:            }
452:
453:            /**
454:             * Adds a user certificate or certificate
455:             * URI to a certificate store.
456:             * <p>
457:             * A credential is registered using an ordered sequence of
458:             * certificates, called a PKI Path.
459:             * The PKI Path is defined in <A HREF=
460:             * "ftp://ftp.bull.com/pub/OSIdirectory/DefectResolution/TechnicalCorrigenda/ApprovedTechnicalCorrigendaToX.509/8%7CX.509-TC3%284th%29.pdf">
461:             * ITU-T RECOMMENDATION X.509 (2000) | ISO/IEC 9594-8:2001, 
462:             * Technical Corrigendum 1 (DTC 2) </A> and is used
463:             * by the J2SE <A HREF=
464:             * "http://java.sun.com/j2se/1.4.1/docs/guide/security/certpath/CertPathProgGuide.html#AppA">
465:             * CertPath Encodings</A>.</p>
466:             * <p>
467:             * <strong>PkiPath:</strong> an ASN.1 DER encoded sequence of
468:             * certificates, defined as follows:<pre>
469:             *      <code>PkiPath ::= SEQUENCE OF Certificate</code>
470:             * </pre>
471:             * Within the sequence, the order of certificates is such that the
472:             * subject of the first certificate is the issuer of the second
473:             * certificate, etc. Each certificate in PkiPath shall be
474:             * unique. No certificate may appear more than once in a value of
475:             * Certificate in PkiPath. The last certificate is the end entity
476:             * user certificate.
477:             * </p>
478:             * <p>
479:             * The use of the certificate URI is platform dependent.
480:             * Some platforms may not store the user certificate, but may
481:             * instead keep a copy of the URI. 
482:             * If only the URI is retained instead of the certificates
483:             * included in the pkiPath, the implementation MUST parse the user
484:             * certificate in the pkiPath to obtain relevant information such
485:             * as the issuing CA name, the user certificate serial number, the
486:             * public key, and user distinguished name. Some of these fields
487:             * may be required by the underlying security element.
488:             * The certificate URI parameter can be
489:             * <code>null</code> in deployments where off device access to
490:             * certificate storage is not supported.
491:             * </p>
492:             * <p>
493:             * Some platforms MAY store the credential information with
494:             * a specific security element, while other platforms MAY
495:             * have a central repository for credentials. It is platform
496:             * dependent where the information is maintained.
497:             * </p>
498:             * <p> 
499:             * Storing the requested credential must be confirmed by the
500:             * user. The implementation must display the user friendly
501:             * name of the certificate or the certificate URL. The user should
502:             * have the option
503:             * to view the detailed information of the credential, such as the
504:             * certificate issuer, certificate subject, and certificate
505:             * validity period.
506:             * This method returns <code>false</code> if the user cancels the
507:             * request to add the credential.
508:             * </p>
509:             * <p>
510:             * Authorization to store the requested credential is also subject
511:             * to the policy
512:             * of the underlying security element or the platform. If user
513:             * authorization is required
514:             * through the entry of PIN, the implementation of this method 
515:             * is responsible for collecting the PIN from the user. Incorrect
516:             * PIN entry is handled by
517:             * the implementation. The number of retries following incorrect
518:             * PIN entry is
519:             * governed by the policy of the security element or the
520:             * platform. If the PIN is blocked due to an
521:             * excessive number of incorrect PIN entries, the implementation
522:             * must throw a
523:             * <code>SecurityException</code> exception.
524:             * </p>
525:             * If the requested certificate can not be stored, a
526:             * <code>UserCredentialManagerException</code> is thrown and
527:             * the <code>getReason</code> method MUST return
528:             * <code>CREDENTIAL_NOT_SAVED</code>.
529:             * @param certDisplayName the user friendly
530:             * name associated with the certificate.
531:             * If <code>certDisplayName</code> is <code>null</code> or
532:             * an empty string an <code>IllegalArgumentException</code>
533:             * is thrown. Applications MUST use unique user
534:             * friendly names to make selection easier.
535:             * If the <code>certDisplayName</code> is already
536:             * registered, an <code>IllegalArgumentException</code>
537:             * is thrown.
538:             *
539:             * @param pkiPath the DER encoded PKIPath containing user
540:             * certificate and certificate authority certificates.
541:             * If <code>pkiPath</code> is <code>null</code> or
542:             * incorrectly formatted an <code>IllegalArgumentException</code>
543:             * is thrown. 
544:             * If <code>pkiPath</code> is already registered, 
545:             * an <code>IllegalArgumentException</code> is thrown. 
546:             *
547:             * @param uri a URI that resolves to a X.509v3 certificate.
548:             * The uri can be <code>null</code>.
549:             *
550:             * @throws IllegalArgumentException if parameters are not
551:             *  valid
552:             * @throws UserCredentialManagerException if an error occurs
553:             * while adding a user credential
554:             * @throws SecurityException if the caller is not
555:             * authorized to add to the user certificate store
556:             *
557:             * @return <code>false</code> if the operation to add the
558:             * credential was cancelled by the user
559:             * before completion. 
560:             */
561:            public static final boolean addCredential(String certDisplayName,
562:                    byte[] pkiPath, String uri)
563:                    throws UserCredentialManagerException {
564:                return com.sun.satsa.pki.PKIManager.addCredential(
565:                        certDisplayName, pkiPath, uri);
566:            }
567:
568:            /**
569:             * Removes a certificate or certificate
570:             * URI from a certificate store.
571:             * <p>
572:             * Removal of the credential from the certificate store
573:             * must be confirmed by the user. The implementation must display
574:             * the user friendly
575:             * name of the certificate or the certificate URL. The user should
576:             * have the option
577:             * to view the detailed information of the credential, such as the
578:             * certificate issuer, certificate subject, and certificate
579:             * validity period.
580:             * This method returns <code>false</code> if the user cancels the
581:             * request to remove the credential.
582:             * </p>
583:             * <p>
584:             * Authorization to remove the requested credential is also
585:             * subject to the policy
586:             * of the underlying security element or the platform. If user
587:             * authorization is required
588:             * through the entry of PIN, the implementation of this method 
589:             * is responsible for collecting the PIN from the user. Incorrect
590:             * PIN entry is handled
591:             * by the implementation. The number of retries following
592:             * incorrect PIN entry is
593:             * governed by the policy of the security element or the
594:             * platform. If the PIN is blocked due to an
595:             * excessive number of incorrect PIN entries, the implementation
596:             * must throw a
597:             * <code>SecurityException</code> exception.
598:             * </p>
599:             * @param certDisplayName the user friendly
600:             * name associated with the certificate.
601:             * If <code>certDisplayName</code> is <code>null</code> or
602:             * an empty string an <code>IllegalArgumentException</code>
603:             * is thrown.
604:             *
605:             * @param issuerAndSerialNumber the DER encoded ASN.1 structure
606:             * that contains the certificate issuer and serial number as
607:             * defined in <a href="http://www.ietf.org/rfc/rfc3369.txt">
608:             * RFC 3369</a>.
609:             * If <code>issuerAndSerialNumber</code> is <code>null</code> or
610:             * not properly formatted according to RFC3369
611:             * an <code>IllegalArgumentException</code> is thrown.
612:             * If the requested certificate is not found, a
613:             * <code>UserCredentialManagerException</code> is thrown and
614:             * the <code>getReason</code> method MUST return
615:             * <code>CREDENTIAL_NOT_FOUND</code>.
616:             *
617:             * @param securityElementID identifies the security element on
618:             * which the key resides.  If this parameter is
619:             * <code>null</code> the implementation MUST choose the first
620:             * available security element that meets the specified requirements.
621:             * If no appropriate security element is found, the
622:             * <code>securityElementPrompt</code> parameter MUST be used
623:             * to guide the user on selecting the correct security element.
624:             * If no security element can be selected, a
625:             * <code>UserCredentialManagerException</code> is thrown and
626:             * the <code>getReason</code> method MUST return
627:             * <code>SE_NOT_FOUND</code>.
628:             *
629:             * @param securityElementPrompt  guides the user to insert 
630:             * the correct security element if the security element is
631:             * removable and not detected. 
632:             * If this parameter is set to <code>null</code>, no information
633:             * regarding which security element to use is displayed to
634:             * the user.
635:             *
636:             * @throws IllegalArgumentException if the parameters are not valid
637:             * @throws UserCredentialManagerException if an error occurs
638:             * while removing the credential
639:             * @throws SecurityException if the caller is not
640:             * authorized to remove from the user certificate store
641:             * @return <code>false</code> if the operation to remove the 
642:             * credential was cancelled by the user
643:             * before completion. 
644:             */
645:            public static final boolean removeCredential(
646:                    String certDisplayName, byte[] issuerAndSerialNumber,
647:                    String securityElementID, String securityElementPrompt)
648:                    throws UserCredentialManagerException {
649:
650:                return com.sun.satsa.pki.PKIManager.removeCredential(
651:                        certDisplayName, issuerAndSerialNumber,
652:                        securityElementID, securityElementPrompt);
653:            }
654:        }
www.java2java.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.