Fetching ArcotID PKI Key Bag Elements

CA Strong Authentication Web Services Guide › Performing Credential Operations › Fetching ArcotID PKI Key Bag Elements

Fetching ArcotID PKI Key Bag Elements

This section walks you through the following topics for fetching the certificate details that are stored in the key bag:

Preparing the Request Message
Invoking the Web Service
Interpreting the Response Message

Note: This operation is applicable only for ArcotID PKI credential.

Preparing the Request Message

The ArcotIDKeyBagGetElementsRequestMessage is used to fetch the details of keys and certificates that are stored in the ArcotID PKI key bag. It contains the elements listed in the following table.

Element	Mandatory	Description
clientTxnId	No	Specifies the unique transaction identifier that the calling application can include. This identifier helps in tracking the related transactions.
userName	Yes	Specifies the unique identifier of the user whose ArcotID PKI key bag elements have to be fetched.
orgName	No	Specifies the organization name to which the user belongs to.
profileName	No	Specifies the profile name of the credential. If it is not passed, then the default profile for the organization is used. If it is passed, then the profile name must be available at the organization level.
elementSelection	No	Contains the following elements: selectCertEncoding If you enable this option, then AuthMinder Server returns the certEncoding in response. selectCertsDetails If you enable this option, then AuthMinder Server returns the certDetails in response.
additionalInput	No	Specifies the extra information that must be sent to AuthMinder Server in name-value pairs. name Indicates the name of the unsigned attribute that you want to delete. value Indicates the corresponding value for the name.

Invoking the Web Service

To fetch the keys and certificates stored in the ArcotID PKI key bag, you need to implement the ArcotIDKeyBagGetElements operation.

(Optional) Include the authentication and authorization details in the SOAP header or in the additionalInput element of the ArcotIDKeyBagGetElements operation. See chapter, "Managing Web Services Security" for more information on these details.
Use the userName and orgName elements to fetch the details of the user whose ArcotID PKI unsigned attributes you want to delete.
Use the elementSelection element to identify the certificate elements that you want to fetch.
(Optional) If you are implementing a plug-in, then invoke the additionalInput element type to fill the additional input.
This type provides the additional information that is set as a name-value pair.
Use ArcotIDKeyBagGetElementsRequestMessage and construct the input message by using the details obtained in preceding steps.
Invoke the ArcotIDKeyBagGetElements operation of the ArcotWebFortIssuanceSvc service to add the certificates.
This operation returns an instance of the ArcotIDKeyBagGetElementsResponseMessage that specifies the transaction details.

Interpreting the Response Message

For successful transactions, the response message, ArcotIDKeyBagGetElementsResponseMessage returns the elements explained in the following table. These elements are included in the SOAP body. If there are any errors, then the Fault response is included in the SOAP body. See appendix, "Error Codes" for more information on the SOAP error messages.

Element	Description
transactionDetails/message	A string that defines the status of the operation.
transactionDetails/reasonCode	Unique code that is sent by AuthMinder Server if the operation fails.
transactionDetails/responseCode	Unique code that is sent by AuthMinder Server if the operation fails.
transactionDetails/transactionID	Unique identifier of the transaction.
transactionDetails/additionalOutput	The output for the additionalInput that was passed to AuthMinder Server.
certificates/certEncoding	The encoding details that were requested in the input.
certificates/certsDetails	Includes the following certificate details: elementId: The identifier that denotes the unsigned attribute. issuerName: The name of the issuer whose issued the certificate. serialNumber: The serial number of the certificate. certSubject: The subject of the certificate. certValidFrom: The date from when the certificate is valid. certValidTo: The date when the certificate expires. hasPrivatekey: Indicates if the certificate contains the private key.