Update in ActivID CMS API 4.2 Update 3
ActivID CMS API 4.2 Update 3 introduced support for updating the Distinguished Name (DN) of an Entrust® user through the User Manager.
Interfaces, Classes, Methods Added or Updated
-
User Manager: Added the updateDn method. For details, see findUserIds in User Manager Methods.
Previous Conceptual/Paradigm Changes
This section provides factory abstraction sample code and methods that replaced lifecycle management (LCM) methods from earlier releases.
Support for Client Plug-Ins
The CCM API Client (SyncManager) component relies on the standard smart card access interface, the Basic Standard Interface (BSI) Client API that is available in ActivClient for Windows, to communicate (and synchronize) with the card.
In implementations of the CCM API in which the client runs on a computer with a 64-bit operating system, the client requires ActivClient x64. ActivID CMS also supports using standard PKCS#11 libraries to communicate with the card.
Factory Abstraction
All CCM API managers have factory implementations. Sample code demonstrating the use of the CCM API factory classes is provided. To facilitate portability and maintenance of CCM API applications, the use of factories rather than constructors is highly recommended.
Java Example of Factory Use
KeyStore keyStore = KeyStore.getInstance("PKCS12", "SunJSSE");
KeyStore trustStore = KeyStore.getInstance("jks", "SUN");
InputStream inputStream = new FileInputStream(client);
keyStore.load(inputStream, pwd.toCharArray());
inputStream.close(); trustStore.load(null, null); inputStream = new FileInputStream(CA);
Certificate caCert = CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
trustStore.setCertificateEntry("cert-0", caCert);
inputStream.close();
Map config = new HashMap();
config.put(CCMConstants.CONFIG_KEYSTORE, keyStore); config.put(CCMConstants.CONFIG_KEYSTORE_PWD, pwd); config.put(CCMConstants.CONFIG_TRUSTSTORE, trustStore); config.put(CCMConstants.CONFIG_HOST_NAME, host); config.put(CCMConstants.CONFIG_HOST_PORT, port);
userMgr = UserManagerFactory.newInstance(config);
userMgr.openSession(null);
smMgr = SecurityModuleManagerFactory.newInstance(config);
smMgr.openSession(null);
syncMgr = SyncManagerFactory.newInstance(config);
syncMgr.openSession(null);
walletMgr = WalletManagerFactory.newInstance(config);
walletMgr.openSession(null);
credMgr = CredentialManagerFactory.newInstance(config);
credMgr.openSession(null);C++ Example of Factory Use
ParameterVector config; config.push_back(Parameter(CONFIG_HOST_NAME, host)); config.push_back(Parameter(CONFIG_HOST_PORT, port)); if (certIssuer.size() > 0) { config.push_back(Parameter(CONFIG_CERTSERIAL, certSerial));
config.push_back(Parameter(CONFIG_CERTISSUER, certIssuer));
}
SyncManager* syncMgr = SyncManagerFactory::newInstance(&config); syncMgr->openSession(NULL);
if(syncMgr->isSessionOpen()) {
tcout << _T("Opened SyncManager Session.") << endl; TString version = syncMgr->getVersion();
tcout << _T("SyncManager Version: ") << version <<
_T(".") << endl;
}For more information, see the code samples listed in this guide.
Exposing Security Module Content
The Lifecycle Management (LCM) method GetDeviceContentInfo() has been replaced with SecurityModuleManager.getSecurityModule. This method is used to expose applications, security module type, and interface status information.
Application Set Management
The WalletManager.findApplicationSets replaces the following three LCM methods:
-
GetPoliciesForDevice()
-
GetPoliciesForPostIssuance()
-
GetPoliciesForReissuance()
Support for LDAP Multi-Valued Attributes
LDAP supports a concept called a multi-valued attribute. A multi-valued attribute is essentially a directory attribute that can contain multiple values. The CCM API UserManager methods now handle multi-valued attributes.
Removal of Deprecations
The LCM API has been removed. Its functionality is now available within the CCM API.
The getAvailableActions() method has been removed. Instead, you should use walletManager.findActions().
