PKI Subsystem Java API - dogtagpki/pki GitHub Wiki
The following services are available on all subsystems (ie. CA, KRA, OCSP, TKS, TPS).
String subsystem = <subsystem name>; // e.g. ca, kra SubsystemClient subsystemClient = new SubsystemClient(client, subsystem);
Each PKI subsystem has its own realm (i.e. set of users and groups). The client certificate used for SSL authentication is mapped to different users in different subsystems.
To authenticate against a subsystem in a generic way:
AccountInfo accountInfo = subsystemClient.login();
The AccountInfo contains information about the subsystem user (e.g. user ID, full name, email, roles). To remove the session:
subsystemClient.logout();
See also SubsystemClient.java.
UserClient userClient = new UserClient(subsystemClient);
UserCollection users = userClient.findUsers(filter, start, size);
for (UserData user : users.getEntries()) {
System.out.println("User ID: " + user.getID());
}
UserData user = userClient.getUser(userID); ...<modify user>... userClient.modifyUser(userID, user);
UserCertCollection userCerts = userClient.findUserCerts(userID, start, size);
for (UserCertData userCert : userCerts.getEntries()) {
System.out.println("Cert ID: " + userCert.getID());
System.out.println("Subject DN: " + userCert.getSubjectDN());
}
UserCertData userCert = userClient.getUserCert(userID, certID); System.out.println(userCert.getEncoded());
UserMembershipCollection userRoles = userClient.findUserMemberships(userID, filter, start, size);
for (UserMembershipData userRole : userRoles.getEntries()) {
System.out.println("Role ID: " + userRole.getID());
}