Previous Topic: Deleting Unsigned AttributesNext Topic: Fetching ArcotID PKI Key Bag Elements

CA Strong Authentication Web Services GuidePerforming Credential OperationsAdding Elements to ArcotID PKI Key Bag

Adding Elements to ArcotID PKI Key Bag

ArcotID PKI can also be used to securely store the Open PKI keys and certificates. These keys are typically used for different applications or operations such as, email signing (S/MIME), document signing, and certificate-based authentication (open PKI).

The location where the open PKI keys and certificates are stored in the ArcotID PKI is called key bag or key vault.

This sections explains the Web service that must be used to add keys and certificates to the ArcotID PKI key bag. It walks you through following topics:

Note: This operation is applicable only for ArcotID PKI credential.

Preparing the Request Message

The ArcotIDKeyBagAddElementsRequestMessage is used to add keys and certificates to the ArcotID PKI key bag. It contains the elements listed in the following table.

Element

Mandatory

Description

clientTxnId

No

Specifies the unique transaction identifier that the calling application can include. This identifier helps in tracking the related transactions.

userName

Yes

Specifies the unique identifier of the user whose certificates have to be added to their ArcotID PKI key bag.

orgName

No

Specifies the organization name to which the user belongs to.

profileName

No

Specifies the profile name of the credential. If it is not passed, then the default profile for the organization is used. If it is passed, then the profile name must be available at the organization level.

elementSelection

No

Contains the following elements:

  • selectCertEncoding
    If you enable this option, then AuthMinder Server returns the certEncoding in response.
  • selectCertsDetails
    If you enable this option, then AuthMinder Server returns the certDetails in response.

additionalInput

No

Specifies the extra information that must be sent to AuthMinder Server in name-value pairs.

  • name
    Indicates the name of the unsigned attribute that you want to delete.
  • value
    Indicates the corresponding value for the name.

elements

No

Specifies the PKCS#12 file elements:

  • certEncoding: The PKCS#12 file is base-64 encoded format.
  • password:The passsword for the PKCS#12 file.

Invoking the Web Service

To add the keys and certificates to the ArcotID PKI key bag, you need to implement the ArcotIDKeyBagAddElements operation.

  1. (Optional) Include the authentication and authorization details in the SOAP header or in the additionalInput element of the ArcotIDKeyBagAddElements operation. See chapter, "Managing Web Services Security" for more information on these details.
  2. Use the userName and orgName elements to fetch the details of the user whose ArcotID PKI unsigned attributes you want to add.
  3. Use the elementSelection and elements element to fetch the certificate information.
  4. (Optional) If you are implementing a plug-in, then invoke the additionalInput element type to fill the additional input.

    This type provides the additional information that is set as a name-value pair.

  5. Use ArcotIDKeyBagAddElementsRequestMessage and construct the input message by using the details obtained in preceding steps.
  6. Invoke the ArcotIDKeyBagAddElements operation of the ArcotWebFortIssuanceSvc service to add the certificates.

    This operation returns an instance of the ArcotIDKeyBagAddElementsResponseMessage that specifies the transaction details.

Interpreting the Response Message

For successful transactions, the response message, ArcotIDKeyBagAddElementsResponseMessage returns the elements explained in the following table. These elements are included in the SOAP body. If there are any errors, then the Fault response is included in the SOAP body. See appendix, "Error Codes" for more information on the SOAP error messages.

Element

Description

transactionDetails/message

A string that defines the status of the operation.

transactionDetails/reasonCode

Unique code that is sent by AuthMinder Server if the operation fails.

transactionDetails/responseCode

Unique code that is sent by AuthMinder Server if the operation fails.

transactionDetails/transactionID

Unique identifier of the transaction.

transactionDetails/additionalOutput

The output for the additionalInput that was passed to AuthMinder Server.

certificates/certEncoding

The encoding details that were requested in the input.

certificates/certsDetails

Includes the following certificate details:

  • elementId: The identifier that denotes the unsigned attribute.
  • issuerName: The name of the issuer whose issued the certificate.
  • serialNumber: The serial number of the certificate.
  • certSubject: The subject of the certificate.
  • certValidFrom: The date from when the certificate is valid.
  • certValidTo: The date when the certificate expires.
  • hasPrivatekey: Indicates if the certificate contains the private key.