PKI Client Java API - dogtagpki/pki GitHub Wiki
This page describes how to use PKI Client Java API to access services on PKI server.
The PKI client requires an NSS Database to store CA certificates, client certificates and their keys, and to perform certain crypto operations. The NSS database can be prepared using PKI CLI.
To access the NSS database using JSS:
String nssDatabasePath = <NSS database path>; String nssDatabasePassword = <NSS database password>; CryptoManager.initialize(nssDatabasePath); CryptoManager manager = CryptoManager.getInstance(); CryptoToken token = manager.getInternalKeyStorageToken(); Password password = new Password(nssDatabasePassword .toCharArray()); token.login(password);
The location of the PKI server can be specified as follows:
ClientConfig config = new ClientConfig(); config.setServerURL("https://localhost:8443");
By default the client will use anonymous connection.
To authenticate using client certificate stored in the above NSS database, specify the nickname of the certificate as follows:
config.setCertNickname("caadmin");
The authentication will happen when the client connects to the server using SSL connection.
See also ClientConfig.
To connect to PKI server:
PKIClient client = new PKIClient(config);
See also PKIClient.
These are the available client classes:
To see how the Java API is used, see the examples.
See also the CLI classes in com.netscape.cmstools.