com.ls.lars.security
Interface IPKIHandler

All Known Implementing Classes:
PKIHandler

public interface IPKIHandler

IPKIHandler is a interface to handle easily the Public Key Infrastructe (PKI) in a LARS environment.

Version:
$Revision: 1.4 $
Author:
Last modified by $Author: MFehrenbach $

Field Summary
static String DATA_KEYS
          the Map key to store the data-keys list
static Integer DECRYPT
          PKI-Handling type to decrypt messages
static Integer DECRYPT_VERIFY
          PKI-Handling type to decrypt and verify signatures in messages
static Integer ENCRYPT
          PKI-Handling type to encrypt messages
static String ENCRYPTED
          the Map key to store the encrypted data
static String[] PKI_TYPES
          contains the pkyType-names of the run levels
static Integer SIGN
          PKI-Handling type to sign messages
static Integer SIGN_ENCRYPT
          PKI-Handling type to sign and encrypt messages
static String SIGNATURE
          the Map key to store the signature
static Integer VERIFY
          PKI-Handling type to verify signatures in messages
static String VERIFY_FLAG
          the Map key to store the verify flag
static Integer VERIFY_FLAG_FAILED
          a value of the VERIFY_FLAG which means, that the signature verification failed
static Integer VERIFY_FLAG_SUCCESS
          a value of the VERIFY_FLAG which means, that the signature verification was successful
static String VERIFY_MESSAGE
          the Map key to store the verify message
 
Method Summary
 void checkTheValidityOfCachedCertificate(byte[] oneCachedCertificate)
          This method takes a byte array representation of a certificate, and checks it agains the current date. if OK, nothing is returned, if not, exception will be thrown.
 Message doReceivingPKIHandling(Message currentMessage)
          does the PKI handling for incoming messages (decrypting and/or validating signatures of the given message-content) PKI handling means: - Check whether the current service has to be handled - Doing the PKI-handling if necessary - Returning of the modified message (which is actually the reference on the given message)
 Message doSendingPKIHandling(Message currentMessage)
          Does the PKI handling for incoming messages (signing and/or encrypting of the given message-content) PKI handling means: - Check whether the current service has to be handled - Doing the PKI-handling if necessary - Returning of the modified message (which is actually the reference on the given message)
 ArrayList getInvalidPublicKeyCertificates(HashMap thePublicKeyCertificateCache)
          Get the list of keys whose certificates are no longer valid.
 Date getNextCRLUpdateDate()
          This method returns the date of next CRL update.
 byte[] getOwnPublicKeyCertificate()
          Gets the PublicKey Certificate as byte-array.
 byte[] getPKICertificate(Map userData)
          Get a certificate of a user.
 String getRegisteredPKIMessages()
          Gets all before registered message-subjects for trace-purposes.
 void setForeignPublicKeyCertificate(String keyID, String certificateFileName, String directoryName)
          Sets a Foreign Public Key Certificate.
 void setOwnPublicKeyCertificate(String certificateFileName, String directoryName)
          Sets the own Public Key Certificate
 void setPKIMessage(String subject, Integer pkiType, List dataKeys)
          Sets a message-subject which later have to be signed, verified, encrypted, decrypted, signed and encrypted, and decrypted and verified (controlled by the pkiType).
 void setPKIProvider(String className)
          Loads the PKI-Provider by the given className.
 void setPrivateKey(String privateKeyFileName, String directoryName, String password)
          Sets the Private Key which is later used to encrypt or to sign data.
 void setPublicPKIServer(Map publicPKIServerParameters)
          Set the parameters to get certificates/ public keys from a public PKI Server.
 

Field Detail

SIGN

public static final Integer SIGN
PKI-Handling type to sign messages

ENCRYPT

public static final Integer ENCRYPT
PKI-Handling type to encrypt messages

SIGN_ENCRYPT

public static final Integer SIGN_ENCRYPT
PKI-Handling type to sign and encrypt messages

DECRYPT

public static final Integer DECRYPT
PKI-Handling type to decrypt messages

VERIFY

public static final Integer VERIFY
PKI-Handling type to verify signatures in messages

DECRYPT_VERIFY

public static final Integer DECRYPT_VERIFY
PKI-Handling type to decrypt and verify signatures in messages

PKI_TYPES

public static final String[] PKI_TYPES
contains the pkyType-names of the run levels

DATA_KEYS

public static final String DATA_KEYS
the Map key to store the data-keys list

SIGNATURE

public static final String SIGNATURE
the Map key to store the signature

ENCRYPTED

public static final String ENCRYPTED
the Map key to store the encrypted data

VERIFY_MESSAGE

public static final String VERIFY_MESSAGE
the Map key to store the verify message

VERIFY_FLAG

public static final String VERIFY_FLAG
the Map key to store the verify flag

VERIFY_FLAG_SUCCESS

public static final Integer VERIFY_FLAG_SUCCESS
a value of the VERIFY_FLAG which means, that the signature verification was successful

VERIFY_FLAG_FAILED

public static final Integer VERIFY_FLAG_FAILED
a value of the VERIFY_FLAG which means, that the signature verification failed
Method Detail

setPKIProvider

public void setPKIProvider(String className)
                    throws IllegalArgumentException
Loads the PKI-Provider by the given className. The class must be accessible through the classpath.
Parameters:
className - the class-name of the wanted PKI-Provider (e.g. "com.ls.pki.BaltimorePKIUtils")
Throws:
IllegalArgumentException - If a uncorrect Argument caused an error

setPrivateKey

public void setPrivateKey(String privateKeyFileName,
                          String directoryName,
                          String password)
                   throws IllegalArgumentException,
                          PKIBaseException
Sets the Private Key which is later used to encrypt or to sign data.
Parameters:
privateKeyFileName - the file name of one's private key
directoryName - the directory name where the private key file resides.
password - the password to activate one's private key
Throws:
IllegalArgumentException - If a uncorrect Argument caused an error
PKIBaseException - If a PKI error occurs

setOwnPublicKeyCertificate

public void setOwnPublicKeyCertificate(String certificateFileName,
                                       String directoryName)
                                throws IllegalArgumentException,
                                       PKIBaseException
Sets the own Public Key Certificate
Parameters:
certificateFileName - the file name of one's certificate (contains the public key)
directoryName - the directory name where the certificate file resides.
Throws:
IllegalArgumentException - if a uncorrect Argument caused an error
PKIBaseException - If a PKI error occurs

getOwnPublicKeyCertificate

public byte[] getOwnPublicKeyCertificate()
                                  throws PKIBaseException
Gets the PublicKey Certificate as byte-array. Before using this mehtod the public has to be set by method "setOwnPublicKeyCertificate".
Returns:
directoryName the own PublicKey Certificate as byte-array
Throws:
PKIBaseException - If a PKI error occurs -> PublicKey Certificate wasn't set before

setForeignPublicKeyCertificate

public void setForeignPublicKeyCertificate(String keyID,
                                           String certificateFileName,
                                           String directoryName)
                                    throws IllegalArgumentException,
                                           PKIBaseException
Sets a Foreign Public Key Certificate. Loads it from the File-System and put it into the PublicKeyCache.
Parameters:
keyID - the id to access the public key certificate from the PublicKeyCache
certificateFileName - the file name of one's certificate (contains the public key)
directoryName - the directory name where the certificate file resides.
Throws:
IllegalArgumentException - If a uncorrect Argument caused an error
PKIBaseException - If a PKI error occurs

setPKIMessage

public void setPKIMessage(String subject,
                          Integer pkiType,
                          List dataKeys)
                   throws IllegalArgumentException
Sets a message-subject which later have to be signed, verified, encrypted, decrypted, signed and encrypted, and decrypted and verified (controlled by the pkiType).
Parameters:
subject - the message-subject
pkiType - controls what happens later with the corresponding subject.
dataKeys - contains the data keys that have to be processed for a certain sending action.
Throws:
IllegalArgumentException - If a uncorrect Argument caused an error (pkiType doesn't exist or subject already set)

getRegisteredPKIMessages

public String getRegisteredPKIMessages()
Gets all before registered message-subjects for trace-purposes.
Returns:
String which contains the already set pki-subjects

doReceivingPKIHandling

public Message doReceivingPKIHandling(Message currentMessage)
                               throws PKIBaseException
does the PKI handling for incoming messages (decrypting and/or validating signatures of the given message-content)
 PKI handling means:
 - Check whether the current service has to be handled
 - Doing the PKI-handling if necessary
 - Returning of the modified message (which is actually the reference on the given message)
 
Parameters:
currentMessage - the current message
Returns:
Message the current message
Throws:
PKIBaseException - If a PKI error occurs

doSendingPKIHandling

public Message doSendingPKIHandling(Message currentMessage)
                             throws PKIBaseException
Does the PKI handling for incoming messages (signing and/or encrypting of the given message-content)
 PKI handling means:
 - Check whether the current service has to be handled
 - Doing the PKI-handling if necessary
 - Returning of the modified message (which is actually the reference on the given message)
 
Parameters:
currentMessage - the current message
Returns:
Message the current message
Throws:
PKIBaseException - If a PKI error occurs

setPublicPKIServer

public void setPublicPKIServer(Map publicPKIServerParameters)
                        throws PKIBaseException,
                               IllegalArgumentException
Set the parameters to get certificates/ public keys from a public PKI Server. Wrapper for the corresponding method in IPKIUtils.
Parameters:
publicPKIServerParameters - Map which contains the needed Parameters (needed parameters for Baltimore: String hostName, String port, String userNamePKIServer, String passwordPKIServer, String CACertificateFileName, String directoryName)
Throws:
PKIBaseException - If a PKI-error occurs
IllegalArgumentException - If the publicPKIServerParameters isn't correctly filled

getPKICertificate

public byte[] getPKICertificate(Map userData)
                         throws PKIBaseException,
                                IllegalArgumentException
Get a certificate of a user. The user is specified within the given userData-HashMap. Before the method setPublicPKIServer(...) has to be called. Wrapper for the corresponding method in IPKIUtils.
Parameters:
userData - contains the needed userData to specify the user. For instance CN=John Smith,OU=Development,O=Living Systems,C=DE.
Returns:
the certificate for the specified user
Throws:
PKIBaseException - If a PKI-error occurs
IllegalArgumentException - If an illegal argument exception occurs

checkTheValidityOfCachedCertificate

public void checkTheValidityOfCachedCertificate(byte[] oneCachedCertificate)
                                         throws PKIBaseException
This method takes a byte array representation of a certificate, and checks it agains the current date. if OK, nothing is returned, if not, exception will be thrown. Wrapper for the corresponding method in IPKIUtils.
Parameters:
oneCachedCertificate - a byte array representation of a certificate
Throws:
PKIBaseException - If the certificate's validity has expired or it will be valid in future, not now

getInvalidPublicKeyCertificates

public ArrayList getInvalidPublicKeyCertificates(HashMap thePublicKeyCertificateCache)
                                          throws PKIBaseException
Get the list of keys whose certificates are no longer valid. This method can only be called after the LDAP server parameters have been set. Wrapper for the corresponding method in IPKIUtils.
Parameters:
thePublicKeyCertificateCache - the cache of public key certificate
Returns:
ArrayList a list of keys whose certificates are no longer valid.
Throws:
PKIBaseException - If a PKI-error occurs

getNextCRLUpdateDate

public Date getNextCRLUpdateDate()
                          throws PKIBaseException
This method returns the date of next CRL update. Wrapper for the corresponding method in IPKIUtils.
Returns:
the date of the next CRL update
Throws:
PKIBaseException - If LDAP exception happens.