Websphere MQ Everyplace

com.ibm.mqe.registry
Class MQeMiniCertSvrRegistry

java.lang.Object
  |
  +--com.ibm.mqe.MQe
        |
        +--com.ibm.mqe.registry.MQeRegistry
              |
              +--com.ibm.mqe.registry.MQeMiniCertSvrRegistry
All Implemented Interfaces:
MQeExceptionCodes

public class MQeMiniCertSvrRegistry
extends MQeRegistry

This class is used by the MQeMiniCertificateServer class to access the one-time request PINs that are used to authorize certificate requests and to store the mini-certificates that it generates.

This class is a descendant of MQeRegistry.


Field Summary
 
Fields inherited from class com.ibm.mqe.registry.MQeRegistry
Adapter, CAIPAddrPort, CertReqPIN, DirName, FileRegistry, KeyRingPassword, LocalRegType, PIN, PrivateRegistry, Separator
 
Fields inherited from class com.ibm.mqe.MQe
Admin_Queue_Name, Admin_Reply_Queue_Name, copyright, DeadLetter_Queue_Name, Event_Activate, Event_Attribute, Event_Authenticate, Event_Close, Event_Logoff, Event_Logon, Event_MiniCert_Validate, Event_Queue, Event_QueueManager, Event_UserBase, JMS_Version, MQ_Headers, MQe_Log_Audit_Failure, MQe_Log_Audit_Success, MQe_Log_Error, MQe_Log_Information, MQe_Log_Success, MQe_Log_Warning, Msg_BackoutCount, Msg_CorrelID, Msg_ExpireTime, Msg_LockID, Msg_MsgID, Msg_OriginQMgr, Msg_Priority, Msg_ReplyToQ, Msg_ReplyToQMgr, Msg_Resend, Msg_Style, Msg_Style_Datagram, Msg_Style_Reply, Msg_Style_Request, Msg_Time, Msg_WrapMsg, sccsid, System_Default_Queue_Name, version
 
Fields inherited from interface com.ibm.mqe.MQeExceptionCodes
Except_Active, Except_AdapterException, Except_AdapterMissingRemoteAddress, Except_Admin_ActionNotSupported, Except_Admin_InvalidField, Except_Admin_NotAdminMsg, Except_AdminAction, Except_Authenticate, Except_BadRequest, Except_BridgeListener, Except_Chnl_Attributes, Except_Chnl_ID, Except_Chnl_Limit, Except_Chnl_Overrun, Except_Closed, Except_Con_AdapterRequired, Except_Con_AliasAlreadyExists, Except_Con_AlreadyExists, Except_Con_InvalidName, Except_Connect_Failure, Except_ConnectonType, Except_Cryptor, Except_Data, Except_Duplicate, Except_JmxProperties, Except_Listener, Except_MessageStore, Except_MiniCertReg_ActivateFailed, Except_MiniCertReg_BadPIN, Except_MiniCertReg_NotOpen, Except_NotActive, Except_NotAllowed, Except_NotFound, Except_NotSupported, Except_PrivateReg_ActivateFailed, Except_PrivateReg_BadPIN, Except_PrivateReg_NotOpen, Except_PublicReg_ActivateFailed, Except_PublicReg_InvalidAddress, Except_PublicReg_InvalidRequest, Except_Q_Full, Except_Q_InvalidName, Except_Q_InvalidPriority, Except_Q_MsgTooLarge, Except_Q_NoMatchingMsg, Except_Q_TargetRegistryRequired, Except_QMgr_Activated, Except_QMgr_AlreadyExists, Except_QMgr_InvalidQMgrName, Except_QMgr_InvalidQName, Except_QMgr_NotActive, Except_QMgr_NotBridgeEnabled, Except_QMgr_NotConfigured, Except_QMgr_QDoesNotExist, Except_QMgr_QExists, Except_QMgr_QNotEmpty, Except_QMgr_RegistryDataVersion, Except_QMgr_UnknownQMgr, Except_QMgr_WrongQType, Except_Reg_AddFailed, Except_Reg_AlreadyExists, Except_Reg_AlreadyOpen, Except_Reg_CRTKeyDecFailed, Except_Reg_CRTKeySignFailed, Except_Reg_DeleteFailed, Except_Reg_DeleteRegistryFailed, Except_Reg_DoesNotExist, Except_Reg_InvalidSession, Except_Reg_ListFailed, Except_Reg_NotDefined, Except_Reg_NotSecure, Except_Reg_NullName, Except_Reg_OpenFailed, Except_Reg_ReadFailed, Except_Reg_RenameFailed, Except_Reg_ResetPINFailed, Except_Reg_SearchFailed, Except_Reg_UpdateFailed, Except_RemoteException, Except_Rule, Except_S_BadIntegrity, Except_S_BadSubject, Except_S_CertificateExpired, Except_S_Cipher, Except_S_InvalidAttribute, Except_S_InvalidSignature, Except_S_MiniCertNotAvailable, Except_S_MissingSection, Except_S_NoPresetKeyAvailable, Except_S_RegistryNotAvailable, Except_Stopped, Except_Syntax, Except_TimeOut, Except_Transporter, Except_TriggerTransmission, Except_Trnsport_QMgr, Except_Trnsport_Request, Except_Type, Except_UdpipAdapterStateException, Except_UdpipAdapterTimeOut, Except_UdpipAdapterUnableToConfirmSuccess, Except_UnCoded, Except_Uncontactable_DontTransmit
 
Constructor Summary
MQeMiniCertSvrRegistry()
          This constructs a MQeMiniCertSvrRegistry object.
 
Method Summary
 void activate(java.lang.String pin, java.lang.String keyRingPassword, java.lang.String startDir)
          Opens and initializes the registry.
 void addAuthEntity(java.lang.String entityName, java.lang.String certReqPIN)
          Adds a one-time request PIN for an entity.
 void addEntityAddr(java.lang.String entityName, MQeFields entityRegAddr)
          Adds an address for an entity.
 boolean authoriseMiniCertRequest(java.lang.String entityName, java.lang.String certReqPIN)
          Checks whether a certificate request has been authorized.
 void deleteAuthEntity(java.lang.String entityName)
          Deletes an entity’s one-time request PIN.
 void deleteEntityAddr(java.lang.String entityName)
          Deletes an entity’s address.
 byte[] readAuthEntity(java.lang.String entityName)
          Reads an entity’s one-time request PIN.
 MQeFields readEntityAddr(java.lang.String entityName)
          Reads an entity’s address.
 boolean updateAuthEntity(java.lang.String entityName, java.lang.String newCertReqPIN)
          Updates an entity’s one-time request PIN.
 boolean updateEntityAddr(java.lang.String entityName, MQeFields entityRegAddr)
          Updates an entity’s address.
 
Methods inherited from class com.ibm.mqe.MQe
abbreviate, alias, asciiToByte, byteToAscii, byteToHex, byteToHex, byteToInt, byteToLong, byteToShort, byteToUnicode, fileSeparator, getEventLogHandler, hexToAscii, hexToByte, intToByte, isCLDC, loadClass, loadObject, log, setEventLogHandler, setLoader, sliceByteArray, type, unicodeToByte, uniqueValue
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

MQeMiniCertSvrRegistry

public MQeMiniCertSvrRegistry()

This constructs a MQeMiniCertSvrRegistry object.

Method Detail

activate

public void activate(java.lang.String pin,
                     java.lang.String keyRingPassword,
                     java.lang.String startDir)
              throws java.lang.Exception

Opens and initializes the registry.

This opens a registry for the mini-certificate server, creating the registry if it does not exist.

Parameters:
pin - The passphrase (PIN) that is required in order to access the registry. This is set when the registry is created (the first time it is activated), and it is checked every time that the registry is activated subsequently.
keyRingPassword - The password used to protect the mini-certificate server's own private key.
startDir - The base directory in the file system that holds the registry. This is usually the current directory.
Returns:
void
Throws:
java.lang.Exception - Thrown on any error.

authoriseMiniCertRequest

public boolean authoriseMiniCertRequest(java.lang.String entityName,
                                        java.lang.String certReqPIN)

Checks whether a certificate request has been authorized.

This is used by the mini-certificate server to check whether a request for a certificate has been authorised. It checks whether the certificate request PIN supplied as a parameter matches that stored in the registry for the entity. If it matches, the method returns true to authorise the request. If it does not match, or if there is no PIN for the entity in the registry, the method returns false. This method should not be called by the user, but a use can override this method to change the way that the mini-certificate server checks for authorisation.

Parameters:
entityName - The name of the entity making the request.
certReqPIN - The certificate request PIN supplied by the entity.
Returns:
true if the request is authorised, false if it is refused.

addAuthEntity

public void addAuthEntity(java.lang.String entityName,
                          java.lang.String certReqPIN)
                   throws MQeException

Adds a one-time request PIN for an entity.

This adds a certificate request PIN to the registry. The request PIN is used by the mini-certificate server to authorize a request for a certificate. An exception is thrown if the entity already has a request PIN.

Parameters:
entityName - The name of the entity whose certificate request PIN is to be stored.
certReqPIN - The one-time certificate request PIN to be stored for this entity.
Returns:
void
Throws:
MQeException -
  • Except_Data : Thrown if there is an error constructing the data to store in the registry.
  • Except_Reg_AlreadyExists: Thrown if the registry entry already exists.

updateAuthEntity

public boolean updateAuthEntity(java.lang.String entityName,
                                java.lang.String newCertReqPIN)
                         throws MQeException

Updates an entity’s one-time request PIN.

This updates a certificate request PIN in the registry. The request PIN is used by the mini-certificate server to authorize a request for a certificate. A PIN for the entity should already exist in the registry.

Parameters:
entityName - The name of the entity whose PIN is to be updated
newCertReqPIN - The new value for the certificate request PIN to be stored for this entity. If this is null the request PIN is invalidated, (it is not removed but it can no longer be used). The mini-certificate server invalidates the PIN once it has successfully used it to return a certificate.
Returns:
true if the update was successful, false if the update failed because the entry could not be found.
Throws:
MQeException - Thrown if there is an error constructing the data to store in the registry.

readAuthEntity

public byte[] readAuthEntity(java.lang.String entityName)
                      throws MQeException

Reads an entity’s one-time request PIN.

This method can be used to check whether a request PIN exists for an entity. It returns a byte array containing an encoded form of the PIN.

Parameters:
entityName - The name of the entity whose PIN is to be checked.
Returns:
A 20-byte array holding an encoded form of the PIN, or 'null'. If 'null' is returned, a certificate request PIN does not exist for this entity. If a non-null byte array is returned, a certificate request PIN does exist. If the byte array is all zeroes, the PIN has been invalidated, which typically means that the PIN has already been used by te mini-certificate server to issue a certificate. If the byte array contains non-zero values, the PIN is valid and has not yet been used.
Throws:
MQeException -
  • Except_Reg_ReadFailed : Thrown if there was an error reading the registry.
  • Except_Data : Thrown if there was an error extracting the data from the registry entry.

deleteAuthEntity

public void deleteAuthEntity(java.lang.String entityName)
                      throws MQeException

Deletes an entity’s one-time request PIN.

Parameters:
entityName - The name of the entity whose PIN is to be deleted.
Returns:
void
Throws:
MQeException - Except_Reg_DeleteFailed : Thrown if there is an error deleting the entry.

addEntityAddr

public void addEntityAddr(java.lang.String entityName,
                          MQeFields entityRegAddr)
                   throws MQeException

Adds an address for an entity.

This adds an address for an entity to the registry. The address can take any form, as long as it can be stored in an MQeFields object. The address is not used by the mini-certificate server, it is designed to provide additional information to identify the entity requesting a certificate. An exception is thrown if the entity already has an address stored in the registry.

Parameters:
entityName - The name of the entity whose address is to be stored.
entityRegAddr - An MQeFields object holding the address for the entity. The address can be in any format as long as it can be stored in an MQeFields object.
Returns:
void
Throws:
MQeException -
  • Except_Reg_AlreadyExists: Thrown if the registry entry already exists.
  • Except_Reg_AddFailed: Thrown if there is a error storing the data in the registry.

updateEntityAddr

public boolean updateEntityAddr(java.lang.String entityName,
                                MQeFields entityRegAddr)
                         throws MQeException

Updates an entity’s address.

This updates an address for an entity in the registry. The address can take any form as long as it can be stored in a MQeFields object. The address is not used by the mini-certificate server, it is designed to provide additional information to identify the entity requesting a certificate. An address for the entity should already exist in the registry.

Parameters:
entityName - The name of the entity whose address is to be updated.
entityRegAddr - An MQeFields object holding the updated address for the entity. The address can be in any format as long as it can be stored in an MQeFields object.
Returns:
true if the update was successful, false if the entry could not be found.
Throws:
MQeException - Except_Reg_UpdateFailed : Thrown if there is an error updating the registry.

readEntityAddr

public MQeFields readEntityAddr(java.lang.String entityName)
                         throws MQeException

Reads an entity’s address.

This reads an address for an entity from the registry. The address is designed to provide additional information to identify the entity requesting a certificate.

Parameters:
entityName - The name of the entity whose address is to be read.
Returns:
An MQeFields object holding the address of the entity, or null if the address could not be found.
Throws:
MQeException -
  • Except_Reg_AlreadyExists : Thrown if the registry entry already exists.
  • Except_Reg_ReadFailed : Thrown if there was an error reading the registry.

deleteEntityAddr

public void deleteEntityAddr(java.lang.String entityName)
                      throws MQeException

Deletes an entity’s address.

This deletes an address for an entity from the registry.

Parameters:
entityName - The name of the entity whose address is to be deleted.
Returns:
void
Throws:
MQeException - Except_Reg_DeleteFailed : Thrown if there is an error deleting the entry.

Websphere MQ Everyplace