Package org.certificateservices.messages.autoenroll

Class AutoEnrollPayloadParser

  • All Implemented Interfaces:
    PayloadParser
    public class AutoEnrollPayloadParser
extends BasePayloadParser
    Payload Parser for generating auto enroll messages according to autoenroll_schema2_0.xsd

    • Field Detail

      • NAMESPACE

        public static java.lang.String NAMESPACE

      • AUTOENROLL_XSD_SCHEMA_2_0_RESOURCE_LOCATION

        public static final java.lang.String AUTOENROLL_XSD_SCHEMA_2_0_RESOURCE_LOCATION
        See Also:
        Constant Field Values

    • Constructor Detail

      • AutoEnrollPayloadParser

        public AutoEnrollPayloadParser()

    • Method Detail

      • getJAXBPackage

        public java.lang.String getJAXBPackage()
        Description copied from interface: PayloadParser
        Method that returns the JAXBPackage Name for the package name containing the JAXB classes. For multiple package names use a ':' without spaces.
        See Also:
        PayloadParser.getJAXBPackage()

      • getNameSpace

        public java.lang.String getNameSpace()
        Returns:
        the related pay load elements unique name space.
        See Also:
        PayloadParser.getNameSpace()

      • genCheckStatusRequest

        public byte[] genCheckStatusRequest​(java.lang.String requestId,
                                    java.lang.String destinationId,
                                    java.lang.String organisation,
                                    java.util.List<CheckStatusRequest.Type> autoEnrollmentProfileTypes,
                                    Credential originator,
                                    java.util.List<java.lang.Object> assertions)
                             throws MessageContentException,
                                    MessageProcessingException
        Method to create a CheckStatusRequest message with a list CheckStatusRequest.Type for each enabled auto enrollment profile. The message is unsigned.
        Parameters:
        requestId - the id of the request
        destinationId - the destinationId used in the CSMessage.
        organisation - the related organisation
        autoEnrollmentProfileTypes - a list profile types to check status for.
        originator - the original requester of a message, null if not applicable
        assertions - a list of related authorization assertions, or null if no authorization assertions is available.
        Returns:
        generated and signed CSMessage in byte[] format.
        Throws:
        MessageContentException - if CS message contained invalid data not conforming to the standard.
        MessageProcessingException - if internal state occurred when processing the CSMessage

      • genCheckStatusResponse

        public CSMessageResponseData genCheckStatusResponse​(java.lang.String relatedEndEntity,
                                                    CSMessage request,
                                                    java.util.List<CheckStatusResponse.Type> autoEnrollmentProfileTypes,
                                                    java.util.List<java.lang.Object> assertions)
                                             throws MessageContentException,
                                                    MessageProcessingException
        Method to a generate a CheckStatusResponse message instructing the client which actions to perform for each enabled auto enrollment profile.
        Parameters:
        relatedEndEntity - the name of the related end entity (such as username of the related user)
        request - the request to populate the response with
        autoEnrollmentProfileTypes - a list of profile types instructin the client what to do.
        assertions - a list of related authorization assertions, or null if no authorization assertions is available.
        Returns:
        a generated message.
        Throws:
        MessageContentException - if CS message contained invalid data not conforming to the standard.
        MessageProcessingException - if internal state occurred when processing the CSMessage

      • genClientActionRequest

        public byte[] genClientActionRequest​(java.lang.String requestId,
                                     java.lang.String destinationId,
                                     java.lang.String organisation,
                                     java.util.List<ClientActionRequest.Type> autoEnrollmentProfileTypes,
                                     Credential originator,
                                     java.util.List<java.lang.Object> assertions)
                              throws MessageContentException,
                                     MessageProcessingException
        Method to create a ClientActionRequest message with a list ClientActionRequest.Type for each enabled auto enrollment profile. The message is unsigned.
        Parameters:
        requestId - the id of the request
        destinationId - the destinationId used in the CSMessage.
        organisation - the related organisation
        autoEnrollmentProfileTypes - a list profile types to perform client actions for.
        originator - the original requester of a message, null if not applicable
        assertions - a list of related authorization assertions, or null if no authorization assertions is available.
        Returns:
        generated and signed CSMessage in byte[] format.
        Throws:
        MessageContentException - if CS message contained invalid data not conforming to the standard.
        MessageProcessingException - if internal state occurred when processing the CSMessage

      • genClientActionResponse

        public CSMessageResponseData genClientActionResponse​(java.lang.String relatedEndEntity,
                                                     CSMessage request,
                                                     java.util.List<ClientActionResponse.Type> autoEnrollmentProfileTypes,
                                                     java.util.List<java.lang.Object> assertions)
                                              throws MessageContentException,
                                                     MessageProcessingException
        Method to a generate a ClientActionResponse message returning resulting data for the related client action request for each requested profile.
        Parameters:
        relatedEndEntity - the name of the related end entity (such as username of the related user)
        request - the request to populate the response with
        autoEnrollmentProfileTypes - a list of profile types for each requested profile-
        assertions - a list of related authorization assertions, or null if no authorization assertions is available.
        Returns:
        a generated message.
        Throws:
        MessageContentException - if CS message contained invalid data not conforming to the standard.
        MessageProcessingException - if internal state occurred when processing the CSMessage

      • genCheckStatusRequestType

        public CheckStatusRequest.Type genCheckStatusRequestType​(java.lang.String autoEnrollmentProfile,
                                                         java.util.List<Credential> currentCredentials)
        Help method to create a check status request for a specific autoEnrollmentProfile type.
        Parameters:
        autoEnrollmentProfile - the types related profile
        currentCredentials - the current credentials that exists on current computer for given type.
        Returns:
        a new CheckStatusRequest.Type object.

      • genCheckStatusResponseType

        public CheckStatusResponse.Type genCheckStatusResponseType​(java.lang.String autoEnrollmentProfile,
                                                           CheckStatusResponse.Type.PerformActions performActions)
        Help method to create a check status response for a specific autoEnrollmentProfile type.
        Parameters:
        autoEnrollmentProfile - the types related profile
        performActions - perform actions that specifies all the actions the client should perform.
        Returns:
        a new CheckStatusResponse.Type object.

      • genClientActionRequestType

        public ClientActionRequest.Type genClientActionRequestType​(java.lang.String autoEnrollmentProfile,
                                                           java.util.List<Credential> currentCredentials,
                                                           ClientActionRequest.Type.Actions actions)
        Help method to create a client action request for a specific autoEnrollmentProfile type.
        Parameters:
        autoEnrollmentProfile - the types related profile
        currentCredentials - the current credentials that exists on current computer for given type.
        actions - specifies the given actions the client what to perform.
        Returns:
        a new ClientActionRequest.Type object.

      • genClientActionResponseType

        public ClientActionResponse.Type genClientActionResponseType​(java.lang.String autoEnrollmentProfile,
                                                             java.util.List<TokenData> tokenDatas)
        Help method to create a client action request for a specific autoEnrollmentProfile type.
        Parameters:
        autoEnrollmentProfile - the types related profile
        tokenDatas - a list of token data of related credentials and optionally keys, use null of response doesn't require any token datas.
        Returns:
        a new ClientActionResponse.Type object.

      • genPerformFetchExistingTokensAction

        public PerformFetchExistingTokensAction genPerformFetchExistingTokensAction()
        Method to create a PerformFetchExistingTokensAction
        Returns:
        a new PerformFetchExistingTokensAction

      • genPerformGenerateCredentialRequestAction

        public PerformGenerateCredentialRequestAction genPerformGenerateCredentialRequestAction​(boolean keyRecoverable,
                                                                                        Credential wrappingCredential,
                                                                                        java.lang.String credentialSubType,
                                                                                        java.util.Map<java.lang.String,​java.lang.String> tokenRequestAttributes)
                                                                                 throws MessageContentException
        Method to create a PerformGenerateCredentialRequestAction
        Parameters:
        keyRecoverable - to indicate to the client that it should backup the generated private key by including it along with the credential request.
        wrappingCredential - the credential that should be used to encrypt the key towards the frontend service. required in keyRecoverable is set to true.
        credentialSubType - the related credential subtype to generate.
        tokenRequestAttributes - map of used token request attributes used to construct the pkcs10, usually values from AvailableSubjectDNFields or AvailableSubjectAlternativeNames (cs-common) such as x509dn_cn or x509altname_dnsname
        Returns:
        a new PerformGenerateCredentialRequestAction
        Throws:
        MessageContentException - if invalid arguments such as set keyRecoverable to true but not supplied any wrapping credential.

      • genPerformRemoveCredentialsAction

        public PerformRemoveCredentialsAction genPerformRemoveCredentialsAction​(java.util.List<Credential> credentials)
                                                                 throws MessageContentException
        Method to create a PerformRemoveCredentialsAction
        Parameters:
        credentials - list of credentials to remove, not null or empty list.
        Returns:
        a new PerformRemoveCredentialsAction
        Throws:
        MessageContentException - if invalid arguments such as empty credentials list.

      • genPerformedFetchExistingTokensAction

        public PerformedFetchExistingTokensAction genPerformedFetchExistingTokensAction​(Credential wrappingCredential)
        Method to generate a PerformedFetchExistingTokensAction for advanced use cases where a transport key exists in the clients computer
        Parameters:
        wrappingCredential - certificate that the client want's the proxy to wrap the returned private keys with. This is used in advanced use cases when the client might use TMP chip with an existing wrapping key. If not set should the proxy return the keys unencrypted.

      • genPerformedGenerateCredentialRequestAction

        public PerformedGenerateCredentialRequestAction genPerformedGenerateCredentialRequestAction​(CredentialRequest credentialRequest,
                                                                                            byte[] encryptedKey)
                                                                                     throws MessageContentException
        Method to create a PerformedGenerateCredentialRequestAction
        Parameters:
        credentialRequest - the generated credential request, never null
        encryptedKey - if key should be key recoverable should the key data be sent as an XML ENC encrypted key according to the sensitive key specification. Otherwise use null.
        Returns:
        a new PerformedGenerateCredentialRequestAction
        Throws:
        MessageContentException - if invalid arguments such as set keyRecoverable to true but not supplied any wrapping credential.

      • genPerformedRemoveCredentialsAction

        public PerformedRemoveCredentialsAction genPerformedRemoveCredentialsAction​(java.util.List<Credential> credentials)
                                                                     throws MessageContentException
        Method to create a PerformedRemoveCredentialsAction
        Parameters:
        credentials - list of credentials removed, not null or empty list.
        Returns:
        a new PerformedRemoveCredentialsAction
        Throws:
        MessageContentException - if invalid arguments such as empty credentials list.

      • genTokenData

        public TokenData genTokenData​(Credential credential)
                       throws MessageContentException
        Method to generate a TokenData without any recovered key. Used for credentials that doesn't need key recovery.
        Parameters:
        credential - the credential related to a token.
        Returns:
        newly generated TokenData
        Throws:
        MessageContentException - if arguments was invalid, such as null credential.

      • genTokenData

        public TokenData genTokenData​(Credential credential,
                              KeyDataType keyData)
                       throws MessageContentException
        Method to generate a TokenData with a recovered key. Used for credentials that need key recovery.
        Parameters:
        credential - the credential related to a token.
        keyData - the recovered key, unencrypted.
        Returns:
        newly generated TokenData
        Throws:
        MessageContentException - if arguments was invalid, such as null credential.

      • genTokenData

        public TokenData genTokenData​(Credential credential,
                              byte[] encryptedKey)
                       throws MessageContentException
        Method to generate a TokenData with a recovered key. Used for credentials that need key recovery and where client supports the advanced use case where it has transport key to wrap encryption keys with, such as a TPM chip.
        Parameters:
        credential - the credential related to a token.
        encryptedKey - the recovered key, encrypted XMLEnc of Senstive Key specification.
        Returns:
        newly generated TokenData
        Throws:
        MessageContentException - if arguments was invalid, such as null credential.