Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

KMIP Fundamentals

KMIP States and Dates

search

Please Note:

KMIP States and Dates

A KMIP Server transitions the states based on operations on the managed object and records the dates when the managed object state has changed. State can be transitioned by a client by activating, revoking, or destroying an object or by setting the activation, process start and protect stop, and deactivation dates.

States and dates do not apply to template objects. State is a read-only attribute and is only managed by the server. It cannot be added, modified, or deleted by a KMIP client.

States

CADP for Java provides the following functionality to manage KMIP States.

  • There is a KMIPAttributeNames enumeration value for state, KMIPAttributeNames.State.

  • There is a new object KMIPStates that is a Java enumeration of the valid states for a KMIP Managed Object on the server. It is defined below:

    
public enum KMIPStates {
PreActive ("Pre-Active", 1),
Active ("Active", 2),
Deactivated ("Deactivated", 3),
Compromised ("Compromised", 4),
Destroyed ("Destroyed", 5),
DestroyedCompromised ("Destroyed Compromised", 6);
}

  • Use the method getState() for accessing the state from a KMIPAttribute list, as shown below.

    
KMIPStates state = KMIPAttribute.getState();

  • To fetch the KMIP objects on the basis of the state in which they are, do the following:

    
KMIPAttributes queryAttributes = new KMIPAttributes();
queryAttributes.add(KMIPAttribute.State,0,KMIPStates.Active);Dates

Dates

There is a KMIPAttributeNames enumeration value for date to access dates attributes from a KMIPAttributes list. The values are shown below.


KMIPAttributeNames.InitialDate
KMIPAttributeNames.ActivationDate
KMIPAttributeNames.ProcessStartDate
KMIPAttributeNames.ProtectStopDate
KMIPAttributeNames.DeactivationDate
KMIPAttributeNames.CompromiseDate
KMIPAttributeNames.ArchiveDate
KMIPAttributeNames.LastChangeDate

State and date functionality

Use State and Date attributes just like other KMIP Attributes; for example, use them for Locate() operations or access them from the server for a Secret Data, NAECertificate, or a Key such as NAESecretKey, NAEPublicKey, or NAEPrivateKey. In general, use them as needed to extend NAEKey getAttributes(). They are all read only attributes, and they are unique values.

These attributes are not indexed on the server. Consequently, an object can have only one value for each date attribute, such as KMIPAttribute.InitialDate.

You can use KMIPAttributes.getDate(KMIPAttribute) to read any of the dates once they are retrieved from the server. These KMIP attributes are only managed by the server. The server returns an error to the client program if a client tries to add, modify, or delete any of these attributes from an object. The client does not guard against this type of error. It only conveys the server error message. The text of the Exception thrown varies from KMIP server to KMIP server, as server error messages are server specific.

You can use KMIPAttributes.addDate(KMIPAttribute, java.util.Calendar) to add a date to a KMIPAttributes and modify or add the value of the Attribute for the managed object on the server. You can only add the KMIP date attributes that are currently supported by the server. An NAEException is thrown for a date not that is not supported. You can modify or add dates in the same way you modify or add any KMIP attributes for any object. The server can return an error if the date value set is incorrect.

The following example queries three dates attributes for a key by adding them to a KMIPAttributes object and invoking the key.getKMIIPAttributes() method.


SimpleDateFormat sdf = new SimpleDateFormat("MM.dd.yyyy HH:mm:ss");
key = ((NAEKey) secretKey);
KMIPAttributes getState = new KMIPAttributes();
getState.add(KMIPAttribute.State);
getState.add(KMIPAttribute.ActivationDate);
getState.add(KMIPAttribute.InitialDate);
KMIPAttributes gotState = key.getKMIPAttributes(getState);
System.out.println("State = " + gotState.getState());
System.out.println("InitialDate = " +sdf.format(gotState.getDate(KMIPAttribute.InitialDate).getTime()));
System.out.println("ActivationDate = " + ( (gotState.getDate(KMIPAttribute.ActivationDate) != null ) ?sdf.format(gotState.getDate(KMIPAttribute.ActivationDate).getTime()) : "null"));

Transitioning managed object states

NAESecretKey, NAEPublicKey, NAEPrivateKey, and NAESecretData have a new activate() method that is used to activate a Certificate Managed Object via a KMIP request. The operation is only applicable on an object in the Pre-Active state and has the effect of changing its state attribute (KMIPAttribute.State) to Active (KMIPStates). It sets the Activation Date (KMIPAttributeNames.ActivationDate) to the current date and time and returns the Unique Identifier of the activated object, such as a java.lang.String.

When applied to keys on a KMIPSession, activate() transitions the state to Active. The activate() method is functionally equivalent for all of the managed object types. Currently Key Manager only support transitioning an object from Pre-Active to Active state.

On this page