org.ccnx.ccn.profiles.security.access.group.Group Class Reference

This class represents a Group for group-based access control. More...

List of all members.

Classes

class  CouldNotRetrievePublicKeyException

Public Member Functions

 Group (ParameterizedName groupNamespace, String groupFriendlyName, CCNHandle handle, GroupManager manager) throws ContentDecodingException, IOException
 Group constructor.
 Group (ContentName groupName, CCNHandle handle, GroupManager manager) throws ContentDecodingException, IOException
 Constructor.
void addMembers (ArrayList< Link > newUsers) throws InvalidKeyException, ContentDecodingException, IOException, NoSuchAlgorithmException
 Add new users to an existing group.
void removeMembers (ArrayList< Link > removedUsers) throws InvalidKeyException, ContentDecodingException, IOException, NoSuchAlgorithmException
 Remove users from an existing group.
boolean ready ()
 Checks whether the group public key has been created.
PrincipalKeyDirectory privateKeyDirectory (GroupAccessControlManager manager) throws IOException
 Returns the KeyDirectory which stores the group private key wrapped in the public keys of the members of the group.
void restartPrivateKeyDirectoryEnumeration (GroupAccessControlManager manager) throws IOException
 Restart the enumeration of the private key directory.
String friendlyName ()
 Get the friendly name by which the group is known.
ContentName groupName ()
 Get the name of the namespace for the group.
MembershipListObject membershipList () throws ContentDecodingException, IOException
 Returns a list containing all the members of a Group.
ContentName membershipListName () throws ContentDecodingException, IOException
 Get the versioned name of the group membership list.
CCNTime membershipListVersion () throws ContentDecodingException, IOException
 Get the version of the membership list.
void clearCachedMembershipList ()
 Clear the cached membership list.
PublicKeyObject publicKeyObject ()
 Get the public key of the group.
PublicKey publicKey () throws ContentNotReadyException, ContentGoneException, ErrorStateException
 Get the group public key.
ContentName publicKeyName ()
 Get the versioned name of the group public key.
CCNTime publicKeyVersion () throws IOException
 Get the version of the group public key.
void setMembershipList (GroupManager groupManager, java.util.Collection< Link > newMembers) throws ContentDecodingException, IOException, InvalidKeyException, NoSuchAlgorithmException
 Sets the membership list of the group.
void newGroupPublicKey (MembershipListObject ml) throws ContentEncodingException, IOException, InvalidKeyException, NoSuchAlgorithmException
 Generate a new group public key, e.g.
Key createGroupPublicKey (MembershipListObject ml) throws ContentEncodingException, IOException, InvalidKeyException
 Creates a public key for the group, We don't expect there to be an existing key.
void updateGroupPublicKey (Key privateKeyWrappingKey, java.util.Collection< Link > membersToAdd) throws InvalidKeyException, ContentDecodingException, AccessDeniedException, IOException
 Adds members to an existing group.
PrivateKey getPrivateKey () throws IOException, InvalidKeyException, NoSuchAlgorithmException
 You won't actually get the PrivateKey unles you have the rights to decrypt it; otherwise you'll get an AccessDeniedException.
String toString ()
 Print useful name and version information.
void modify (java.util.Collection< Link > membersToAdd, java.util.Collection< Link > membersToRemove) throws InvalidKeyException, ContentDecodingException, IOException, NoSuchAlgorithmException
 Modify will add and remove members from a Group.
void delete () throws IOException
ArrayList< LinkrecursiveAncestorList (ArrayList< Link > ancestorList) throws IOException
 Recursively constructs an ordered list of the ancestors of the group.

Protected Member Functions

void stopPrivateKeyDirectoryEnumeration () throws IOException
 Stop enumerating the private key directory.

Package Functions

 Group (ParameterizedName groupNamespace, String groupFriendlyName, MembershipListObject members, CCNHandle handle, GroupManager manager) throws ContentEncodingException, IOException, InvalidKeyException
 Constructor that creates a new group and generates a first key pair for it.

Detailed Description

This class represents a Group for group-based access control.

A Group is essentially a list of members, and a public/private key pair. The public key is stored in CCN and is used to encrypt node keys (see CCNx Access Control Specification); the private key is stored encrypted under the public keys of the members of the group (which could be users or groups). The private key is represented in a KeyDirectory.

Model for private key access: if you're not allowed to get a key, we throw AccessDeniedException.

Right now dynamically load both public key and membership list. For efficiency might want to only load public key, and pull membership list only when we need to.


Constructor & Destructor Documentation

org.ccnx.ccn.profiles.security.access.group.Group.Group ( ParameterizedName  groupNamespace,
String  groupFriendlyName,
CCNHandle  handle,
GroupManager  manager 
) throws ContentDecodingException, IOException

Group constructor.

Parameters:
namespace the group namespace
groupFriendlyName the friendly name by which the group is known
handle the CCN handle
manager the group manager
Exceptions:
IOException 
ContentDecodingException 
org.ccnx.ccn.profiles.security.access.group.Group.Group ( ContentName  groupName,
CCNHandle  handle,
GroupManager  manager 
) throws ContentDecodingException, IOException

Constructor.

Parameters:
groupName 
handle 
manager 
Exceptions:
IOException 
ContentDecodingException 
org.ccnx.ccn.profiles.security.access.group.Group.Group ( ParameterizedName  groupNamespace,
String  groupFriendlyName,
MembershipListObject  members,
CCNHandle  handle,
GroupManager  manager 
) throws ContentEncodingException, IOException, InvalidKeyException [package]

Constructor that creates a new group and generates a first key pair for it.

Parameters:
namespace the group namespace
groupFriendlyName the friendly name by which the group is known
members the membership list of the group
handle the CCN handle
manager the group manager
Exceptions:
IOException 
ContentEncodingException 
ConfigurationException 
InvalidKeyException 

Member Function Documentation

void org.ccnx.ccn.profiles.security.access.group.Group.addMembers ( ArrayList< Link newUsers  )  throws InvalidKeyException, ContentDecodingException, IOException, NoSuchAlgorithmException

Add new users to an existing group.

Parameters:
newUsers the list of new users
Exceptions:
IOException 
ConfigurationException 
ContentDecodingException 
InvalidKeyException 
NoSuchAlgorithmException 
void org.ccnx.ccn.profiles.security.access.group.Group.clearCachedMembershipList (  ) 

Clear the cached membership list.

This does not actually remove any members from the group, it just clears out our in-memory copy of the membership list.

Key org.ccnx.ccn.profiles.security.access.group.Group.createGroupPublicKey ( MembershipListObject  ml  )  throws ContentEncodingException, IOException, InvalidKeyException

Creates a public key for the group, We don't expect there to be an existing key.

So we just write a new one. If we're not supposed to be a member, this is tricky... we just live with the fact that we know the private key, and forget it.

Parameters:
ml the membership list.
Returns:
the group private key wrapping key.
Exceptions:
IOException 
ContentEncodingException 
ConfigurationException 
InvalidKeyException 
String org.ccnx.ccn.profiles.security.access.group.Group.friendlyName (  ) 

Get the friendly name by which the group is known.

Returns:
the group friendly name.
PrivateKey org.ccnx.ccn.profiles.security.access.group.Group.getPrivateKey (  )  throws IOException, InvalidKeyException, NoSuchAlgorithmException

You won't actually get the PrivateKey unles you have the rights to decrypt it; otherwise you'll get an AccessDeniedException.

Exceptions:
IOException 
NoSuchAlgorithmException 
InvalidKeyException 
ContentName org.ccnx.ccn.profiles.security.access.group.Group.groupName (  ) 

Get the name of the namespace for the group.

Returns:
the group namespace
MembershipListObject org.ccnx.ccn.profiles.security.access.group.Group.membershipList (  )  throws ContentDecodingException, IOException

Returns a list containing all the members of a Group.

Sets up the list to automatically update in the background.

Returns:
MembershipList a list containing all the members of a Group object
Exceptions:
ContentDecodingException 
IOException 
ContentName org.ccnx.ccn.profiles.security.access.group.Group.membershipListName (  )  throws ContentDecodingException, IOException

Get the versioned name of the group membership list.

Returns:
the versioned name of the group membership list
Exceptions:
IOException 
ContentDecodingException 
CCNTime org.ccnx.ccn.profiles.security.access.group.Group.membershipListVersion (  )  throws ContentDecodingException, IOException

Get the version of the membership list.

Returns:
the version of the membership list
Exceptions:
IOException 
ContentDecodingException 
void org.ccnx.ccn.profiles.security.access.group.Group.modify ( java.util.Collection< Link membersToAdd,
java.util.Collection< Link membersToRemove 
) throws InvalidKeyException, ContentDecodingException, IOException, NoSuchAlgorithmException

Modify will add and remove members from a Group.

It can be used to only add members, in which case the membersToRemove list is null or it can be used to only remove members, in which case the membersToAdd list is null. If both lists are passed in, then the items in the membersToAdd list are added and the items in the membersToRemove are then removed from the Group members list.

Parameters:
membersToAdd list of group members to be added
membersToRemove list of group members to be removed
Exceptions:
IOException 
ContentDecodingException 
InvalidKeyException 
ConfigurationException 
NoSuchAlgorithmException 
void org.ccnx.ccn.profiles.security.access.group.Group.newGroupPublicKey ( MembershipListObject  ml  )  throws ContentEncodingException, IOException, InvalidKeyException, NoSuchAlgorithmException

Generate a new group public key, e.g.

after membership update. The caller of this method must have access rights to the existing (soon to be previous) private key of the group. The new key is created with a call to createGroupPublicKey. This method also wraps the new private key under the public keys of all the members of the group. Finally, a superseded block and a link to the previous key are written to the repository.

Parameters:
ml the new membership list
Exceptions:
IOException 
ContentEncodingException 
ConfigurationException 
InvalidKeyException 
NoSuchAlgorithmException 
PrincipalKeyDirectory org.ccnx.ccn.profiles.security.access.group.Group.privateKeyDirectory ( GroupAccessControlManager  manager  )  throws IOException

Returns the KeyDirectory which stores the group private key wrapped in the public keys of the members of the group.

A new private key directory is created if it does not already exist and if the group public key is ready.

Parameters:
manager the access control manager
Returns:
the key directory of the group
Exceptions:
IOException 
PublicKey org.ccnx.ccn.profiles.security.access.group.Group.publicKey (  )  throws ContentNotReadyException, ContentGoneException, ErrorStateException

Get the group public key.

Returns:
the group public key
Exceptions:
ContentNotReadyException 
ContentGoneException 
ErrorStateException 
ContentName org.ccnx.ccn.profiles.security.access.group.Group.publicKeyName (  ) 

Get the versioned name of the group public key.

Returns:
the versioned name of the group public key
PublicKeyObject org.ccnx.ccn.profiles.security.access.group.Group.publicKeyObject (  ) 

Get the public key of the group.

Returns:
the group public key
CCNTime org.ccnx.ccn.profiles.security.access.group.Group.publicKeyVersion (  )  throws IOException

Get the version of the group public key.

Returns:
the version of the group public key
Exceptions:
IOException 
boolean org.ccnx.ccn.profiles.security.access.group.Group.ready (  ) 

Checks whether the group public key has been created.

Returns:
ArrayList<Link> org.ccnx.ccn.profiles.security.access.group.Group.recursiveAncestorList ( ArrayList< Link ancestorList  )  throws IOException

Recursively constructs an ordered list of the ancestors of the group.

The ancestors are the groups of which the group is a member either directly or indirectly via a chain of one or more ancestors. The order ensures that a group is always listed after all its children.

Parameters:
ancestorList the ancestor list built up to this point
Returns:
the recursively updated ancestor list
Exceptions:
IOException 
void org.ccnx.ccn.profiles.security.access.group.Group.removeMembers ( ArrayList< Link removedUsers  )  throws InvalidKeyException, ContentDecodingException, IOException, NoSuchAlgorithmException

Remove users from an existing group.

Parameters:
removedUsers the list of users to be removed.
Exceptions:
IOException 
ConfigurationException 
ContentDecodingException 
InvalidKeyException 
NoSuchAlgorithmException 
void org.ccnx.ccn.profiles.security.access.group.Group.restartPrivateKeyDirectoryEnumeration ( GroupAccessControlManager  manager  )  throws IOException

Restart the enumeration of the private key directory.

Parameters:
manager the access control manager.
Exceptions:
IOException 
void org.ccnx.ccn.profiles.security.access.group.Group.setMembershipList ( GroupManager  groupManager,
java.util.Collection< Link newMembers 
) throws ContentDecodingException, IOException, InvalidKeyException, NoSuchAlgorithmException

Sets the membership list of the group.

Existing members of the group are removed.

Parameters:
groupManager the group manager
newMembers the list of new group members
Exceptions:
IOException 
ContentDecodingException 
ConfigurationException 
InvalidKeyException 
NoSuchAlgorithmException 
void org.ccnx.ccn.profiles.security.access.group.Group.stopPrivateKeyDirectoryEnumeration (  )  throws IOException [protected]

Stop enumerating the private key directory.

Exceptions:
IOException 
void org.ccnx.ccn.profiles.security.access.group.Group.updateGroupPublicKey ( Key  privateKeyWrappingKey,
java.util.Collection< Link membersToAdd 
) throws InvalidKeyException, ContentDecodingException, AccessDeniedException, IOException

Adds members to an existing group.

The caller of this method must have access to the private key of the group. We need to wrap the group public key wrapping key in the latest public keys of the members to add. Since members are only added, there is no need to replace the group key.

Parameters:
privateKeyWrappingKey the private key wrapping key
membersToAdd the members added to the group
Exceptions:
InvalidKeyException 
AccessDeniedException 
IOException 
ContentDecodingException 

The documentation for this class was generated from the following file:
Generated on Fri May 13 16:27:48 2011 for Content-Centric Networking in Java by  doxygen 1.6.3