Summary: Recent Updates of the CCM API

Update in ActivID CMS API 5.9

ActivID CMS API 5.9 introduced support for the Virtual Contact Interface (VCI). This support adds some new credentials, including the VCI Pairing Code.

Update in ActivID CMS API 5.0

ActivID CMS API 5.0 introduced support for multiple devices: smart cards, virtual smart cards (VSC) or mobile devices.

If the ActivID CMS is configured to manage only one device per user, then there is no change in the application using the CCM API. However, if the ActivID CMS is configured to manage several devices per user, for instance a card and a mobile device, then the application must be updated and use new optional parameters for CCM actions in order to determine to which device an action is to be applied.

Interfaces, Classes, Methods Added or Updated

• New ActionId runtime paramater in synchronize method for Synchronization manager. For details, see synchronize in the SyncManager Methods.

• setSecurityModuleIds method must be called for action with type ACTION_TYPE_ISSUANCE to specify the replaced device and the new device if it is known. For details, see Requesting a Replacement Device.

• New CRITERIA_CRED_PARENT_SMID criterion in findCredentialIds method. For details, see findCredentialIds.

• New CRITERIA_CRED_PARENT_SMID criterion in findCredentialProfileIds method. For details, see findCredentialProfileIds.

Update in ActivID CMS API 4.2 Update 3

ActivID CMS API 4.2 Update 3 introduced support for updating the Distinguished Name (DN) of an Entrust^® user through the User Manager.

Interfaces, Classes, Methods Added or Updated

• User Manager: Added the updateDn method. For details, see findUserIds in User Manager Methods.

Previous Conceptual/Paradigm Changes

This section provides factory abstraction sample code and methods that replaced lifecycle management (LCM) methods from earlier releases.

Support for Client Plug-Ins

The CCM API Client (SyncManager) component relies on the standard smart card access interface, the Basic Standard Interface (BSI) Client API that is available in ActivClient for Windows, to communicate (and synchronize) with the card.

In implementations of the CCM API in which the client runs on a computer with a 64-bit operating system, the client requires ActivClient x64. ActivID CMS also supports using standard PKCS#11 libraries to communicate with the card.

Factory Abstraction

All CCM API managers have factory implementations. Sample code demonstrating the use of the CCM API factory classes is provided. To facilitate portability and maintenance of CCM API applications, the use of factories rather than constructors is highly recommended.

Java Example of Factory Use

KeyStore keyStore = KeyStore.getInstance("PKCS12", "SunJSSE");
KeyStore trustStore = KeyStore.getInstance("jks", "SUN");
InputStream inputStream = new FileInputStream(client);
keyStore.load(inputStream, pwd.toCharArray());
inputStream.close(); trustStore.load(null, null); inputStream = new FileInputStream(CA);
Certificate caCert = CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
trustStore.setCertificateEntry("cert-0", caCert);
inputStream.close();
Map config = new HashMap();
config.put(CCMConstants.CONFIG_KEYSTORE, keyStore); config.put(CCMConstants.CONFIG_KEYSTORE_PWD, pwd); config.put(CCMConstants.CONFIG_TRUSTSTORE, trustStore); config.put(CCMConstants.CONFIG_HOST_NAME, host); config.put(CCMConstants.CONFIG_HOST_PORT, port);
userMgr = UserManagerFactory.newInstance(config);
userMgr.openSession(null);
smMgr = SecurityModuleManagerFactory.newInstance(config);
        smMgr.openSession(null);
        syncMgr = SyncManagerFactory.newInstance(config);
        syncMgr.openSession(null);
        walletMgr = WalletManagerFactory.newInstance(config);
        walletMgr.openSession(null);
        credMgr = CredentialManagerFactory.newInstance(config);
        credMgr.openSession(null);

C++ Example of Factory Use

ParameterVector config; config.push_back(Parameter(CONFIG_HOST_NAME, host)); config.push_back(Parameter(CONFIG_HOST_PORT, port)); if (certIssuer.size() > 0) { config.push_back(Parameter(CONFIG_CERTSERIAL, certSerial));
config.push_back(Parameter(CONFIG_CERTISSUER, certIssuer));
}
SyncManager* syncMgr = SyncManagerFactory::newInstance(&config); syncMgr->openSession(NULL);
if(syncMgr->isSessionOpen()) {
tcout << _T("Opened SyncManager Session.") << endl; TString    version = syncMgr->getVersion();
tcout << _T("SyncManager Version: ") << version <<
_T(".") << endl;
}

For more information, see the code samples listed in this guide.

Exposing Security Module Content

The Lifecycle Management (LCM) method GetDeviceContentInfo() has been replaced with SecurityModuleManager.getSecurityModule. This method is used to expose applications, security module type, and interface status information.

Application Set Management

The WalletManager.findApplicationSets replaces the following three LCM methods:

• GetPoliciesForDevice()

• GetPoliciesForPostIssuance()

• GetPoliciesForReissuance()

Support for LDAP Multi-Valued Attributes

LDAP supports a concept called a multi-valued attribute. A multi-valued attribute is essentially a directory attribute that can contain multiple values. The CCM API UserManager methods now handle multi-valued attributes.

Removal of Deprecations

The LCM API has been removed. Its functionality is now available within the CCM API.

The getAvailableActions() method has been removed. Instead, you should use walletManager.findActions().