-
Notifications
You must be signed in to change notification settings - Fork 137
PKI Subsystem Java API
Endi S. Dewata edited this page Dec 17, 2020
·
1 revision
The following services are available on all subsystems (ie. CA, KRA, OCSP, TKS, TPS).
String subsystem = <subsystem name>; // e.g. ca, kra SubsystemClient subsystemClient = new SubsystemClient(client, subsystem);
Each PKI subsystem has its own realm (i.e. set of users and groups). The client certificate used for SSL authentication is mapped to different users in different subsystems.
To authenticate against a subsystem in a generic way:
AccountInfo accountInfo = subsystemClient.login();
The AccountInfo contains information about the subsystem user (e.g. user ID, full name, email, roles). To remove the session:
subsystemClient.logout();
See also SubsystemClient.java.
UserClient userClient = new UserClient(subsystemClient);
UserCollection users = userClient.findUsers(filter, start, size);
for (UserData user : users.getEntries()) {
System.out.println("User ID: " + user.getID());
}
UserData user = userClient.getUser(userID); ...<modify user>... userClient.modifyUser(userID, user);
UserCertCollection userCerts = userClient.findUserCerts(userID, start, size);
for (UserCertData userCert : userCerts.getEntries()) {
System.out.println("Cert ID: " + userCert.getID());
System.out.println("Subject DN: " + userCert.getSubjectDN());
}
UserCertData userCert = userClient.getUserCert(userID, certID); System.out.println(userCert.getEncoded());
UserMembershipCollection userRoles = userClient.findUserMemberships(userID, filter, start, size);
for (UserMembershipData userRole : userRoles.getEntries()) {
System.out.println("Role ID: " + userRole.getID());
}
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |