Since: API level 12

public class

SCEPProfile

extends EnrollmentProfile
implements Parcelable

java.lang.Object
↳	com.samsung.android.knox.keystore.EnrollmentProfile
	↳	com.samsung.android.knox.keystore.SCEPProfile

Class Overview

This class provides a concrete implementation of SCEP EnrollmentProfile. Simple Certificate Enrollment Protocol(SCEP) is used to enroll certificate. Please refer to SCEP Draft for more information on SCEP.

Since

API level 12

KNOX 2.1

Summary

[Expand]

Inherited Constants

From interface android.os.Parcelable

Fields
public int	challengeLength	Length of the challenge password.
public byte[]	challengePassword	TLV encoded challenge password for certificate enrollment.
public String	scepProfileName	Parameter which specifies the profile name for which certificate enrollment process is triggered.
public String	scepUrl	Parameter used to define the URL of the SCEP Server used for certificate enrollment process.
public String	subjectAlternativeName	UPN name to be specified in certificate.
public String	subjectName	Represents an X.500 principal, which holds the distinguished name of end user.
public long	validitytimeForChallenge	Parameter which specifies the validity time for the challenge in minutes.

[Expand]

Inherited Fields

From class com.samsung.android.knox.keystore.EnrollmentProfile

Public Constructors
	SCEPProfile() The constructor of the SCEPProfile object, containing the needed values to enrol and renew a certificate.

Public Methods
String	getProfileType() Returns the profile type.

[Expand]

Inherited Methods

From class com.samsung.android.knox.keystore.EnrollmentProfile

String	getCertificateAlias() Returns the Certificate alias which is used for installing certificate.
String	getKeyPairAlgorithm() Returns the keyPairAlgorithm which is used for generating key pair.
int	getKeySize() Returns the Key Size for generating key pair (Optional).
String	getKeystoreType() Returns Keystore which is used to store certificates.
abstract String	getProfileType() Returns the profile type.
void	setCertificateAlias(String certificateAlias) Sets the Certificate alias which is used for installing certificate.
void	setKeyPairAlgorithm(String keyPairAlgorithm) Sets the Algorithm for generating key pair (Optional)
void	setKeySize(int keySize) Sets the key size for generating key pair (Optional).
void	setKeystoreType(String keystoreType) Sets Keystore which is used to store certificates.

From class java.lang.Object

From interface android.os.Parcelable

Fields

public int challengeLength

Since: API level 12

Length of the challenge password. (Optional)

Since

API level 12

KNOX 2.1

public byte[] challengePassword

Since: API level 12

TLV encoded challenge password for certificate enrollment. (Optional)
The format of TLV is defined here as follows:
1st byte - Type of data
2nd and 3rd byte - Length of actual data (excluding the first 3 bytes)
4th byte onwards - Actual data
The following types are defined:






 ------------------------------------------------------------------------------------------- 





 |    TYPE             |    SIGNIFICANCE                                                   | 





 ------------------------------------------------------------------------------------------- 





 |    0x00             |  Clear challenge password                                         | 





 ------------------------------------------------------------------------------------------- 





 |    0x01             |  Encrypted challenge password. If this type is present, the parser| 





 |                     |  has to look for data of the following two types in the payload   | 





 |                     |  which are again TLV encoded. These are mentioned below.          | 





 ------------------------------------------------------------------------------------------- 





 |    0x02             |  Encrypted data. This is the actual challenge password which has  | 





 |                     |  been encrypted with a 16 byte randomly generated AES key in ECB  | 





 |                     |  mode.The AES key can be found in the next TLV element type.      | 





 ------------------------------------------------------------------------------------------- 





 |    0x03             |  Encrypted AES key. This key is encrypted with the device's       | 





 |                     |  public key. The service has to decrypt this AES key and use it to| 





 |                     |  decrypt the encrypted challenge password.                        | 





 ------------------------------------------------------------------------------------------- 





 





 General TLV diagram of Clear Challenge password 





 





  Type     Length              Value (16 byte long) 





 ------------------------------------------------------------------------------------------ 





 | 0x00 |0x00 | 0x10 |||    | ........                                                    |





 ------------------------------------------------------------------------------------------ 





 





 General TLV diagram of Encrypted Challenge password 





 





  Type     Length       Type    Length        Value        Type    Length        Value 





 ------------------------------------------------------------------------------------------ 





 | 0x01 | 0x08 | 0x16 | 0x02 | 0x00 |0x10  | ............ | 0x03 | 0x08 | 0x00 | .........| 





 ------------------------------------------------------------------------------------------

Since

API level 12

KNOX 2.1

public String scepProfileName

Since: API level 12

Parameter which specifies the profile name for which certificate enrollment process is triggered.

Since

API level 12

KNOX 2.1

public String scepUrl

Since: API level 12

Parameter used to define the URL of the SCEP Server used for certificate enrollment process.

Since

API level 12

KNOX 2.1

public String subjectAlternativeName

Since: API level 12

UPN name to be specified in certificate. (Optional)

Since

API level 12

KNOX 2.1

public String subjectName

Since: API level 12

Represents an X.500 principal, which holds the distinguished name of end user. An example of a distinguished name is "O=SomeOrg, OU=SomeOrgUnit, C=US". The class can be instantiated from a byte representation of an object identifier (OID), an ASN.1 DER-encoded version, or a simple string holding the distinguished name. The representations must follow either RFC 2253, RFC 1779, or RFC2459.

Since

API level 12

KNOX 2.1

public long validitytimeForChallenge

Since: API level 12

Parameter which specifies the validity time for the challenge in minutes. (Optional)

Since

API level 12

KNOX 2.1

Public Constructors

public SCEPProfile ()

Since: API level 12

The constructor of the SCEPProfile object, containing the needed values to enrol and renew a certificate.

Since

API level 12

KNOX 2.1

Public Methods

public String getProfileType ()

Since: API level 12

Returns the profile type.

Returns

certProfileType such as CERT_PROFILE_TYPE_SCEP for SCEP.

Since

API level 12

KNOX 2.1

Knox SDK API reference

Classes

Enums

SCEPProfile

Class Overview

Since

Summary

Fields

public int challengeLength

Since

public byte[] challengePassword

Since

public String scepProfileName

Since

public String scepUrl

Since

public String subjectAlternativeName

Since

public String subjectName

Since

public long validitytimeForChallenge

Since

Public Constructors

public SCEPProfile ()

Since

Public Methods

public String getProfileType ()

Returns

Since

See Also