A meta-class for group management, handling in particular:
Public Member Functions | |
GroupManager (GroupAccessControlManager accessManager, ParameterizedName groupStorage, CCNHandle handle) | |
GroupAccessControlManager | getAccessManager () |
EnumeratedNameList | groupList () throws IOException |
Enumerate groups. | |
Group | getGroup (String groupFriendlyName, long timeout) throws ContentDecodingException, IOException |
Get a group specified by its friendly name. | |
Group | getGroup (Link theGroup, long timeout) throws ContentDecodingException, IOException |
Get the group specified by a link. | |
boolean | groupExists (String groupFriendlyName, long timeout) throws IOException |
Replace enumeration-based test of existence with direct test. | |
void | cacheGroup (Group newGroup) |
Adds the specified group to the cache. | |
Group | createGroup (String groupFriendlyName, ArrayList< Link > newMembers, long timeToWaitForPreexisting) throws InvalidKeyException, ContentEncodingException, IOException, NoSuchAlgorithmException |
Create a new group with a specified friendly name and list of members The creator of the group ends up knowing the private key of the newly created group but is simply assumed to forget it if not a member. | |
void | deleteGroup (String friendlyName) throws ContentDecodingException, IOException |
Delete an existing group specified by its friendly name. | |
boolean | isGroup (Link member) |
Does this member refer to a user or a group. | |
boolean | isGroup (String principal, long timeout) throws IOException |
boolean | isGroup (ContentName publicKeyName) |
boolean | haveKnownGroupMemberships () |
boolean | amKnownGroupMember (String principal) |
boolean | amCurrentGroupMember (String principal) throws ContentDecodingException, IOException |
boolean | amCurrentGroupMember (Group group) throws ContentDecodingException, IOException |
Determine if I am a current group member of a specified group. | |
PrivateKey | getGroupPrivateKey (String groupFriendlyName, CCNTime privateKeyVersion) throws ContentDecodingException, IOException, InvalidKeyException, NoSuchAlgorithmException |
Get the private key of a group specified by its friendly name. | |
void | removeGroupMembership (String principal) |
We might or might not still be a member of this group, or be a member again. | |
String | getGroupKeyAlgorithm () |
Get the algorithm of the group key. | |
ParameterizedName | getGroupStorage () |
Get the parameterized Name used by this group manager. | |
PublicKeyObject | getLatestPublicKeyForGroup (Link principal) throws ContentDecodingException, IOException |
Get the latest public key for a group specified by its principal name. | |
Protected Member Functions | |
Key | getVersionedPrivateKeyForGroup (PrincipalInfo pi) throws InvalidKeyException, ContentNotReadyException, ContentDecodingException, IOException, NoSuchAlgorithmException |
Get the versioned private key for a group. | |
Package Functions | |
GroupManager (GroupAccessControlManager accessManager, CCNHandle handle) throws IOException | |
A "quiet" constructor that doesn't enumerate anything, and in fact does little to be used for non-group based uses of KeyDirectory, really a temporary hack till we refactor KD. |
A meta-class for group management, handling in particular:
There is currently one GroupManager per Group namespace. If you haven't loaded the GroupManager for a given namespace, and attempt to write ACLs naming groups defined in that namespace, you will get errors as the access control code won't recognise those entitites as Groups or be able to find their public keys.
org.ccnx.ccn.profiles.security.access.group.GroupManager.GroupManager | ( | GroupAccessControlManager | accessManager, | |
CCNHandle | handle | |||
) | throws IOException [package] |
A "quiet" constructor that doesn't enumerate anything, and in fact does little to be used for non-group based uses of KeyDirectory, really a temporary hack till we refactor KD.
boolean org.ccnx.ccn.profiles.security.access.group.GroupManager.amCurrentGroupMember | ( | Group | group | ) | throws ContentDecodingException, IOException |
Determine if I am a current group member of a specified group.
The current implementation of this method is slow and simple. It can be optimized later.
group | the group |
IOException | ||
ContentDecodingException |
void org.ccnx.ccn.profiles.security.access.group.GroupManager.cacheGroup | ( | Group | newGroup | ) |
Adds the specified group to the cache.
newGroup | the group |
Group org.ccnx.ccn.profiles.security.access.group.GroupManager.createGroup | ( | String | groupFriendlyName, | |
ArrayList< Link > | newMembers, | |||
long | timeToWaitForPreexisting | |||
) | throws InvalidKeyException, ContentEncodingException, IOException, NoSuchAlgorithmException |
Create a new group with a specified friendly name and list of members The creator of the group ends up knowing the private key of the newly created group but is simply assumed to forget it if not a member.
groupFriendlyName | the friendly name of the group | |
newMembers | the members of the group |
IOException | ||
ConfigurationException | ||
ContentEncodingException | ||
InvalidKeyException | ||
NoSuchAlgorithmException |
void org.ccnx.ccn.profiles.security.access.group.GroupManager.deleteGroup | ( | String | friendlyName | ) | throws ContentDecodingException, IOException |
Delete an existing group specified by its friendly name.
friendlyName | the friendly name of the group |
IOException | ||
ContentDecodingException |
Group org.ccnx.ccn.profiles.security.access.group.GroupManager.getGroup | ( | Link | theGroup, | |
long | timeout | |||
) | throws ContentDecodingException, IOException |
Get the group specified by a link.
theGroup | link to the group |
IOException | ||
ContentDecodingException |
Group org.ccnx.ccn.profiles.security.access.group.GroupManager.getGroup | ( | String | groupFriendlyName, | |
long | timeout | |||
) | throws ContentDecodingException, IOException |
Get a group specified by its friendly name.
groupFriendlyName | the friendly name of the group |
IOException | ||
ContentDecodingException |
String org.ccnx.ccn.profiles.security.access.group.GroupManager.getGroupKeyAlgorithm | ( | ) |
Get the algorithm of the group key.
Eventually let namespace control this.
PrivateKey org.ccnx.ccn.profiles.security.access.group.GroupManager.getGroupPrivateKey | ( | String | groupFriendlyName, | |
CCNTime | privateKeyVersion | |||
) | throws ContentDecodingException, IOException, InvalidKeyException, NoSuchAlgorithmException |
Get the private key of a group specified by its friendly name.
I already believe I should have access to this private key.
groupFriendlyName | the group friendly name | |
privateKeyVersion | the version of the private key |
IOException | ||
ContentDecodingException | ||
InvalidKeyException | ||
NoSuchAlgorithmException |
ParameterizedName org.ccnx.ccn.profiles.security.access.group.GroupManager.getGroupStorage | ( | ) |
Get the parameterized Name used by this group manager.
PublicKeyObject org.ccnx.ccn.profiles.security.access.group.GroupManager.getLatestPublicKeyForGroup | ( | Link | principal | ) | throws ContentDecodingException, IOException |
Get the latest public key for a group specified by its principal name.
principal |
IOException | ||
ContentDecodingException |
Key org.ccnx.ccn.profiles.security.access.group.GroupManager.getVersionedPrivateKeyForGroup | ( | PrincipalInfo | pi | ) | throws InvalidKeyException, ContentNotReadyException, ContentDecodingException, IOException, NoSuchAlgorithmException [protected] |
Get the versioned private key for a group.
keyDirectory | the key directory associated with the group | |
principal | the principal |
IOException | ||
ContentNotReadyException | ||
ContentDecodingException | ||
InvalidKeyException | ||
NoSuchAlgorithmException |
boolean org.ccnx.ccn.profiles.security.access.group.GroupManager.groupExists | ( | String | groupFriendlyName, | |
long | timeout | |||
) | throws IOException |
Replace enumeration-based test of existence with direct test.
IOException |
EnumeratedNameList org.ccnx.ccn.profiles.security.access.group.GroupManager.groupList | ( | ) | throws IOException |
Enumerate groups.
IOException |
boolean org.ccnx.ccn.profiles.security.access.group.GroupManager.isGroup | ( | Link | member | ) |
Does this member refer to a user or a group.
Groups have to be in the group namespace, users can be anywhere.
member |
void org.ccnx.ccn.profiles.security.access.group.GroupManager.removeGroupMembership | ( | String | principal | ) |
We might or might not still be a member of this group, or be a member again.
This merely removes our cached notion that we are a member.
principal |