Class Overview
Certificate Management Protocol(CMP) Profile to enroll certificate.
CMP protocol is used to enroll certificate.
Please refer to
RFC 4210 - Certificate Management Protocol for more information on
CMP.
Summary
|
[Expand]
Inherited Constants |
|---|
 From interface
android.os.Parcelable
| int |
CONTENTS_FILE_DESCRIPTOR |
|
| int |
PARCELABLE_WRITE_RETURN_VALUE |
|
|
| Fields |
|---|
|
public
String |
cmpServerURL |
CMP Server URL
|
|
public
long |
iakLength |
Length of the initial authentication key. |
|
public
byte[] |
initialAuthenticationKey |
TLV encoded initial authentication key for certificate enrollment. |
|
public
String |
issuerDN |
Represents an X.500 principal, which holds the distinguished
name of CA server. |
|
public
int |
keyUsage |
Specifies the key usage type. |
|
public
long |
notAfterDate |
Specifies the end time of the validity period in milliseconds |
|
public
long |
notBeforeDate |
Specifies the starting time of the validity period in milliseconds |
|
public
int |
popType |
Represents proof of possession method used. |
|
public
String |
subjectDN |
Represents an X.500 principal, which holds the distinguished
name of some network entity. |
|
public
int |
transport |
Specifies the transmission protocol to be used. |
|
public
String |
userName |
Username for enrollment authentication. |
Constants
public
static
final
int
CMP_HTTP
Since: API level 12
HTTP transport to be used for CMP.
Constant Value:
0
(0x00000000)
public
static
final
int
CMP_POP_CHALLENGERESP
Since: API level 12
Indicates the challenge response based proof of possession.
Constant Value:
1
(0x00000001)
public
static
final
int
CMP_POP_INDIRECTENCRYPTCERT
Since: API level 12
Indicates indirect proof of possession based on encrypted certificate.
Constant Value:
2
(0x00000002)
public
static
final
int
CMP_POP_SIGNATURE
Since: API level 12
Indicates Signature based proof of possession.
Constant Value:
0
(0x00000000)
public
static
final
int
CMP_TCP
Since: API level 12
TCP transport type to be used for CMP.
Constant Value:
1
(0x00000001)
Fields
public
String
cmpServerURL
Since: API level 28
public
long
iakLength
Since: API level 12
Length of the initial authentication key. (Optional)
public
byte[]
initialAuthenticationKey
Since: API level 12
TLV encoded initial authentication key for certificate enrollment. (Optional)
The format of TLV is defined here as follows:
1st byte - Type of data
2nd and 3rd byte - Length of actual data (excluding the first 3 bytes)
4th byte onwards - Actual data
The following types are defined:
-------------------------------------------------------------------------------------------
| TYPE | SIGNIFICANCE |
-------------------------------------------------------------------------------------------
| 0x00 | Clear challenge password |
-------------------------------------------------------------------------------------------
| 0x01 | Encrypted challenge password. If this type is present, the parser|
| | has to look for data of the following two types in the payload |
| | which are again TLV encoded. These are mentioned below. |
-------------------------------------------------------------------------------------------
| 0x02 | Encrypted data. This is the actual challenge password which has |
| | been encrypted with a 16 byte randomly generated AES key in ECB |
| | mode.The AES key can be found in the next TLV element type. |
-------------------------------------------------------------------------------------------
| 0x03 | Encrypted AES key. This key is encrypted with the device's |
| | public key. The service has to decrypt this AES key and use it to|
| | decrypt the encrypted challenge password. |
-------------------------------------------------------------------------------------------
General TLV diagram of Clear Challenge password
Type Length Value (16 byte long)
------------------------------------------------------------------------------------------
| 0x00 |0x00 | 0x10 ||| | ........ |
------------------------------------------------------------------------------------------
General TLV diagram of Encrypted Challenge password
Type Length Type Length Value Type Length Value
------------------------------------------------------------------------------------------
| 0x01 | 0x08 | 0x16 | 0x02 | 0x00 |0x10 | ............ | 0x03 | 0x08 | 0x00 | .........|
------------------------------------------------------------------------------------------
public
String
issuerDN
Since: API level 12
Represents an X.500 principal, which holds the distinguished
name of CA server.
public
int
keyUsage
Since: API level 12
Specifies the key usage type.
public
long
notAfterDate
Since: API level 12
Specifies the end time of the validity period in milliseconds
public
long
notBeforeDate
Since: API level 12
Specifies the starting time of the validity period in milliseconds
public
int
popType
Since: API level 12
Represents proof of possession method used.
public
String
subjectDN
Since: API level 12
Represents an X.500 principal, which holds the distinguished
name of some network entity. An example of a distinguished
name is "O=SomeOrg, OU=SomeOrgUnit, C=US". The class
can be instantiated from a byte representation of an object
identifier (OID), an ASN.1 DER-encoded version, or a simple
string holding the distinguished name. The representations
must follow either RFC 2253, RFC 1779, or RFC2459.
public
int
transport
Since: API level 12
Specifies the transmission protocol to be used.
public
String
userName
Since: API level 12
Username for enrollment authentication. This field is required only if
Server mandates senderKID for authentication.
Public Constructors
Public Methods
public
String
getProfileType
()
Returns the profile type.
