|
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.ls.lars.security.PKIHandler
This class gives the possibility to handle easily the Public Key Infrastructe (PKI) in a LARS environment. It uses
basically the methods of IPKIUtil
and adds the special requirements of the LARS environment. Beside the
LARS Agents this class is also usable by Applets to communicate with LARS Agents.
Fields inherited from interface com.ls.lars.security.IPKIHandler |
DATA_KEYS, DECRYPT, DECRYPT_VERIFY, ENCRYPT, ENCRYPTED, PKI_TYPES, SIGN, SIGN_ENCRYPT, SIGNATURE, VERIFY, VERIFY_FLAG, VERIFY_FLAG_FAILED, VERIFY_FLAG_SUCCESS, VERIFY_MESSAGE |
Constructor Summary | |
PKIHandler()
standard constructor |
Method Summary | |
void |
checkTheValidityOfCachedCertificate(byte[] oneCachedCertificate)
Takes a byte array representation of a certificate, and checks it agains the current date. |
Map |
decryptMessage(Map contentMap)
Decrypts a Message. |
Message |
decryptMessage(Message currentMessage)
Decrypts a message. |
Message |
doReceivingPKIHandling(Message currentMessage)
Does the PKI handling for incoming messages (decrypting and/or validating signatures of the given message-content). |
Message |
doSendingPKIHandling(Message currentMessage)
Does the PKI handling for incoming messages (signing and/or encrypting of the given message-content). |
Map |
encryptMessage(Map contentHash,
List dataKeys,
byte[] publicKeyCertificate)
encrypts the content or parts of the content of a message |
Map |
encryptMessage(Map contentHash,
List dataKeys,
String keyID)
encrypts a message |
Message |
encryptMessage(Message currentMessage,
List dataKeys)
Encrypts a Message. |
protected byte[] |
getForeignPublicKeyCertificate(String keyID)
Gets a certain public key certificate from the cache. |
ArrayList |
getInvalidPublicKeyCertificates(HashMap publicKeyCertificateCache)
Gets the list of keys whose certificates are no longer valid. |
Date |
getNextCRLUpdateDate()
Returns the date of next CRL update. |
byte[] |
getOwnPublicKeyCertificate()
gets the PublicKey Certificate as byte-array. |
byte[] |
getPKICertificate(Map userData)
Gets a certificate of a user. |
String |
getRegisteredPKIMessages()
Gets all before registered message-services for trace-purposes. |
void |
setForeignPublicKeyCertificate(String keyID,
String certificateFileName,
String directoryName)
Sets a Foreign Public Key Certificate. |
void |
setOwnPublicKeyCertificate(String certificateFileName,
String directoryName)
Sets the Public Key Certificate, Be aware: you cannot reset the own public key certificate after set it once! |
void |
setPKIMessage(String service,
Integer pkiType,
List dataKeys)
Sets a message-service which later have to be signed, verified, encrypted, decrypted, signed and encrypted, and decrypted and verified (controlled by the pkiType). |
void |
setPKIProvider(String className)
Loads the PKI-Provider by the given className. |
void |
setPrivateKey(String privateKeyFileName,
String directoryName,
String password)
Sets the Private Key which is later used to encrypt or to sign data. |
void |
setPublicPKIServer(Map publicPKIServerParameters)
Sets the parameters to get certificates/ public keys from a public PKI Server. |
Map |
signMessage(Map contentHash,
List dataKeys)
signs a message |
Message |
signMessage(Message currentMessage,
List dataKeys)
Signs a Message. |
Map |
verifyMessage(Map contentHash,
byte[] publicKeyCertificate)
Verifies a Message. |
Map |
verifyMessage(Map contentHash,
String keyID)
Verifies a message. |
Message |
verifyMessage(Message currentMessage)
Verifies a Message. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public PKIHandler()
Method Detail |
public void setPKIProvider(String className) throws InvalidArgumentException, BaseRuntimeException
setPKIProvider
in interface IPKIHandler
className
- the class-name of the wanted PKI-Provider (e.g. "com.ls.pki.BaltimorePKIUtil")InvalidArgumentException
- If a uncorrect Argument caused an errorBaseRuntimeException
- If something else goes wrongpublic void setPrivateKey(String privateKeyFileName, String directoryName, String password) throws InvalidArgumentException, PKIBaseException
setPrivateKey
in interface IPKIHandler
privateKeyFileName
- the file name of one's private keydirectoryName
- the directory name where the private key file resides.password
- the password to activate one's private keyInvalidArgumentException
- If an uncorrect argument caused an errorPKIBaseException
- If a PKI error occurspublic void setOwnPublicKeyCertificate(String certificateFileName, String directoryName) throws InvalidArgumentException, PKIBaseException
setOwnPublicKeyCertificate
in interface IPKIHandler
certificateFileName
- the file name of one's certificate (contains the public key)directoryName
- the directory name where the certificate file resides.InvalidArgumentException
- If a uncorrect Argument caused an errorPKIBaseException
- If something else goes wrongpublic byte[] getOwnPublicKeyCertificate() throws PKIBaseException
getOwnPublicKeyCertificate
in interface IPKIHandler
PKIBaseException
- If a PKI error occurs (e.g. PublicKey Certificate wasn't set before)public void setForeignPublicKeyCertificate(String keyID, String certificateFileName, String directoryName) throws InvalidArgumentException, PKIBaseException
setForeignPublicKeyCertificate
in interface IPKIHandler
keyID
- the id to access the public key certificate from the PublicKeyCachecertificateFileName
- the file name of one's certificate (contains the public key)directoryName
- the directory name where the certificate file resides.InvalidArgumentException
- If a uncorrect Argument caused an errorPKIBaseException
- If a PKI error occurspublic void setPKIMessage(String service, Integer pkiType, List dataKeys) throws InvalidArgumentException
setPKIMessage
in interface IPKIHandler
service
- the message-servicepkiType
- controls what happens later with the corresponding service.dataKeys
- to specify which keys must be handled by the PKI-handler (only necessary for enryption and
signing, if not specified (null) all contentHash-keys will be handled)InvalidArgumentException
- If a uncorrect Argument caused an error -> pkiType doesn't
exist or service already setpublic String getRegisteredPKIMessages()
getRegisteredPKIMessages
in interface IPKIHandler
public Message doSendingPKIHandling(Message currentMessage) throws PKIBaseException
PKI handling means:
doSendingPKIHandling
in interface IPKIHandler
currentMessage
- the original current messagePKIBaseException
- If a PKI error occurspublic Message signMessage(Message currentMessage, List dataKeys) throws PKIBaseException
currentMessage
- the original current messagedataKeys
- the List of data-keys which have to be signedPKIBaseException
- If a PKI error occurs or the given message does not contain a Map as contentpublic Map signMessage(Map contentHash, List dataKeys) throws PKIBaseException
contentHash
- the original contentHashdataKeys
- The List of data-keys which have to be signed. If it is null, all keys in the
contentHash are signed.PKIBaseException
- If a PKI error occurspublic Message encryptMessage(Message currentMessage, List dataKeys) throws PKIBaseException
currentMessage
- the original current messagedataKeys
- the list of data-keys which have to be signedPKIBaseException
- If a PKI-error occurs or the given message does not contain a Map as contentpublic Map encryptMessage(Map contentHash, List dataKeys, String keyID) throws PKIBaseException
contentHash
- the original contentHashdataKeys
- the list of data-keys which have to be signedkeyID
- the id to access the public key certificate from the PublicKeyCachePKIBaseException
- If a PKI-error occurspublic Map encryptMessage(Map contentHash, List dataKeys, byte[] publicKeyCertificate) throws PKIBaseException
contentHash
- the original contentHashdataKeys
- the list of data-keys which have to be signedpublicKeyCertificate
- the needed publicKeyCertificate as byte-arrayPKIBaseException
- If a PKI-error occurspublic Message doReceivingPKIHandling(Message currentMessage) throws PKIBaseException
PKI handling means:
doReceivingPKIHandling
in interface IPKIHandler
currentMessage
- the original current messagePKIBaseException
- If a PKI error occurspublic Message decryptMessage(Message currentMessage) throws PKIBaseException
currentMessage
- the current messagePKIBaseException
- If a PKI-error occurspublic Map decryptMessage(Map contentMap) throws PKIBaseException
contentMap
- contains the data to decryptPKIBaseException
- If a PKI-error occurspublic Message verifyMessage(Message currentMessage) throws PKIBaseException
Be aware: if the signature verification fails, the message's service is changed to 'signature_not_valid_service'
currentMessage
- the original current messagePKIBaseException
- If a PKI-error occurspublic Map verifyMessage(Map contentHash, String keyID) throws PKIBaseException
contentHash
- the original contentHashkeyID
- the id to access the public key certificate from the PublicKeyCachePKIBaseException
- If a PKI-error occurspublic Map verifyMessage(Map contentHash, byte[] publicKeyCertificate) throws PKIBaseException
contentHash
- the original contentHashpublicKeyCertificate
- the needed publicKeyCertificate as byte-arrayPKIBaseException
- If a PKI-error occursprotected byte[] getForeignPublicKeyCertificate(String keyID) throws PKIBaseException, InvalidArgumentException
keyID
- to get the corresponding public key certificate from cachePKIBaseException
- if ... never thrown by this implementationInvalidArgumentException
- If the cache hasn't got an entry for the specified keyIDpublic void checkTheValidityOfCachedCertificate(byte[] oneCachedCertificate) throws PKIBaseException
checkTheValidityOfCachedCertificate
in interface IPKIHandler
oneCachedCertificate
- a byte array representation of a certificatePKIBaseException
- If the certificate's validity has expired
or if it will be valid in future, but not nowpublic void setPublicPKIServer(Map publicPKIServerParameters) throws PKIBaseException, InvalidArgumentException
setPublicPKIServer
in interface IPKIHandler
publicPKIServerParameters
- Map which contains the needed Parameters (needed parameters
for Baltimore: String hostName, String port,
String userNamePKIServer, String passwordPKIServer,
String CACertificateFileName, String directoryName)PKIBaseException
- If a PKI-error occursInvalidArgumentException
- If publicPKIServerParameters isn't correctly filledpublic byte[] getPKICertificate(Map userData) throws PKIBaseException, InvalidArgumentException
getPKICertificate
in interface IPKIHandler
userData
- contains the needed userData to specify the user.
For instance CN=John Smith,OU=Development,O=Living Systems,C=DE.IPKIUtil.getPKICertificate(Map)
PKIBaseException
- If a PKI-error occursInvalidArgumentException
- If thrown by this.pkiUtil.getPKICertificate(userData)setPKIProvider(java.lang.String)
public ArrayList getInvalidPublicKeyCertificates(HashMap publicKeyCertificateCache) throws PKIBaseException
getInvalidPublicKeyCertificates
in interface IPKIHandler
publicKeyCertificateCache
- the cache of public key certificateIPKIUtil.getInvalidPublicKeyCertificates(java.util.HashMap)
PKIBaseException
- If a PKI-error occurssetPKIProvider(java.lang.String)
public Date getNextCRLUpdateDate() throws PKIBaseException
getNextCRLUpdateDate
in interface IPKIHandler
IPKIUtil.getNextCRLUpdateDate()
PKIBaseException
- If LDAP exception happenssetPKIProvider(java.lang.String)
|
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |