This is a basic implementation of key manager, which reads its keying information from a Java keystore. More...
Public Member Functions | |
BasicKeyManager (String userName, String keyStoreDirectory, String configurationFileName, String keyStoreFileName, String keyStoreType, String defaultAlias, char[] password) throws ConfigurationException, IOException | |
Constructor. | |
BasicKeyManager () throws ConfigurationException, IOException | |
Default constructor, takes all parameters from defaults in UserCOnfiguration. | |
synchronized void | initialize () throws ConfigurationException, IOException |
This initializes and loads the key pair and certificate of the user. | |
synchronized void | initializeKeyServer (CCNHandle handle) throws IOException |
PublicKeyObject | serveKey (ContentName keyName, PublicKey keyToPublish, PublisherPublicKeyDigest signingKeyID, KeyLocator signingKeyLocator) throws IOException |
void | respondToKeyRequests (ContentName keyPrefix) throws IOException |
Right now KeyServers are hidden in our subclasses. | |
boolean | initialized () |
synchronized void | close () |
Close any connections we have to the network. | |
synchronized CCNHandle | handle () throws IOException |
synchronized boolean | loadSavedSecureKeyCache () throws ConfigurationException |
void | saveSecureKeyCache () throws FileNotFoundException, IOException |
As a very initial pass, save key cache as encrypted Java serialization. | |
void | saveConfigurationState () throws FileNotFoundException, IOException |
As a very initial pass, save configuration state as Java serialization. | |
URI | getConfigurationDataURI () |
Return a file URI pointing at our configuration data directory. | |
void | clearSavedConfigurationState () throws FileNotFoundException, IOException |
Need a way to clear this programmatically. | |
KeyStoreInfo | getKeyStoreInfo () |
PublisherPublicKeyDigest | getDefaultKeyID () |
Get default key id. | |
PublicKey | getDefaultPublicKey () |
Get default public key. | |
ContentName | getDefaultKeyNamePrefix () |
Allow subclasses to override default publishing location. | |
ContentName | getDefaultKeyName (PublisherPublicKeyDigest keyID) |
Get the key-manager determined default key name for a key. | |
KeyLocator | getKeyLocator (PublisherPublicKeyDigest keyID) |
Get the key locator to use for a given key. | |
KeyLocator | getStoredKeyLocator (PublisherPublicKeyDigest keyID) |
boolean | haveStoredKeyLocator (PublisherPublicKeyDigest keyID) |
void | clearStoredKeyLocator (PublisherPublicKeyDigest keyID) |
KeyLocator | getKeyLocator (PrivateKey signingKey) |
Helper method to get the key locator for one of our signing keys. | |
void | setKeyLocator (PublisherPublicKeyDigest publisherKeyID, KeyLocator keyLocator) |
Remember the key locator to use for a given key. | |
CCNTime | getKeyVersion (PublisherPublicKeyDigest keyID) |
Get any timestamp associate with this key. | |
PrivateKey | getDefaultSigningKey () |
Get private key. | |
PrivateKey[] | getSigningKeys () |
Get signing keys. | |
PublisherPublicKeyDigest[] | getAvailableIdentities () |
Get the public key digests corresponding to our available signing keys. | |
PrivateKey | getSigningKey (PublisherPublicKeyDigest publisher) |
Get private signing key for a publisher. | |
PublicKey | getPublicKey (PublisherPublicKeyDigest desiredKeyID, KeyLocator keyLocator, long timeout) throws IOException |
Get public key for a publisher, given a key locator. | |
PublicKeyObject | getPublicKeyObject (PublisherPublicKeyDigest desiredKeyID, KeyLocator locator, long timeout) throws IOException |
Get a public key object for this key locator and publisher, if there is one. | |
PublicKey | getPublicKey (PublisherPublicKeyDigest desiredKeyID) |
Attempt to retrieve public key from cache. | |
PublisherPublicKeyDigest | getPublisherKeyID (PrivateKey signingKey) |
Get publisher ID. | |
PublicKeyCache | getPublicKeyCache () |
Get key repository. | |
SecureKeyCache | getSecureKeyCache () |
Access our store of private keys and other secret key material that we have retrieved. | |
PublicKeyObject | publishKey (ContentName keyName, PublicKey keyToPublish, PublisherPublicKeyDigest signingKeyID, KeyLocator signingKeyLocator, boolean learnKeyLocator) throws InvalidKeyException, IOException |
Publish a key at a certain name, signed by our default identity. | |
PublicKeyObject | publishDefaultKey (ContentName keyName) throws IOException, InvalidKeyException |
Allow subclasses to specialize key publication, if any. | |
PublicKeyObject | publishKeyToRepository (ContentName keyName, PublisherPublicKeyDigest keyToPublish, long timeToWaitForPreexisting) throws InvalidKeyException, IOException |
Publish a key at a certain name, ensuring that it is stored in a repository. | |
PublicKeyObject | publishSelfSignedKeyToRepository (ContentName keyName, PublicKey theKey, PublisherPublicKeyDigest keyToPublish, long timeToWaitForPreexisting) throws InvalidKeyException, IOException |
Publish a key at a certain name, ensuring that it is stored in a repository. | |
AccessControlManager | getAccessControlManagerForName (ContentName contentName) |
Handle access control manager cache. | |
void | rememberAccessControlManager (AccessControlManager acm) |
Static Public Member Functions | |
static KeyStore | createKeyStore (OutputStream keystoreWriteStream, String keyStoreType, String keyAlias, char[] password, String userName) throws ConfigurationException, IOException |
Generates a key pair and a certificate, and stores them to the key store using the specified alias, password, and other information. | |
Protected Member Functions | |
BasicKeyManager (String userName, String keyStoreType, String defaultAlias, char[] password) throws ConfigurationException, IOException | |
Subclass constructor that sets store-independent parameters. | |
void | setPassword (char[] password) |
KeyStoreInfo | loadKeyStore () throws ConfigurationException, IOException |
If a key store file exists, reads in the key; otherwise, create a key store file and a key pair. | |
KeyStore | readKeyStore (InputStream in) throws ConfigurationException |
Reads in a user's private/public keys and certificate from a key store Must have set _password. | |
boolean | loadValuesFromKeystore (KeyStoreInfo keyStoreInfo) throws ConfigurationException |
Read data from a newly opened, or newly created keystore. | |
boolean | loadValuesFromConfiguration (KeyStoreInfo keyStoreInfo) throws ConfigurationException |
Load values of relevance to a key manager. | |
synchronized KeyStoreInfo | createKeyStore () throws ConfigurationException, IOException |
Generate our key store if we don't have one. | |
CCNTime | getKeyStoreVersion (OutputStream out) throws IOException |
Tuple< KeyStoreInfo, OutputStream > | createKeyStoreWriteStream () throws ConfigurationException, IOException |
Creates a key store file. | |
KeyStore | createKeyStore (OutputStream keystoreWriteStream) throws ConfigurationException, IOException |
Static Protected Member Functions | |
static Tuple< KeyStoreInfo, OutputStream > | createKeyStoreWriteStream (String keyStoreDirectory, String keyStoreFileName) throws ConfigurationException, IOException |
Creates a key store file. | |
Protected Attributes | |
String | _userName |
ContentName | _userNamespace |
String | _defaultAlias |
String | _keyStoreDirectory |
String | _keyStoreFileName |
String | _keyStoreType |
String | _configurationFileName |
String | _keyCacheFileName |
KeyStoreInfo | _keyStoreInfo |
PublisherPublicKeyDigest | _defaultKeyID |
boolean | _initialized = false |
PublicKeyCache | _publicKeyCache = null |
Cache of public keys, handles key publishing, etc. | |
SecureKeyCache | _privateKeyCache = null |
Cache of private keys, loaded from keystores. | |
KeyServer | _keyServer = null |
Key server, offering up our keys, if we need one. | |
KeyValueSet | _configurationData = null |
Configuration data. | |
CCNHandle | _handle = null |
Handle used by key server and key retrieval. | |
HashMap < PublisherPublicKeyDigest, KeyLocator > | _currentKeyLocators = new HashMap<PublisherPublicKeyDigest, KeyLocator>() |
Registry of key locators to use. | |
Set< AccessControlManager > | _acmList = new HashSet<AccessControlManager>() |
Access control managers containing our state. | |
Static Package Functions | |
static void | generateConfigurationException (String message, Exception e) throws ConfigurationException |
Helper method to turn low-level errors into ConfigurationExceptions. |
This is a basic implementation of key manager, which reads its keying information from a Java keystore.
If no keystore file is specified, it reads keystore information from the default keystore file location in the user's home directory (under ~/.ccnx). BasicKeyManager expects to find at least a default key pair under a know alias and password (change to something more sensible). If the file does not exist, BasicKeyManager generates a public/private key pair and a certificate and stores them to disk at the specified location.
org.ccnx.ccn.impl.security.keys.BasicKeyManager.BasicKeyManager | ( | String | userName, | |
String | keyStoreDirectory, | |||
String | configurationFileName, | |||
String | keyStoreFileName, | |||
String | keyStoreType, | |||
String | defaultAlias, | |||
char[] | password | |||
) | throws ConfigurationException, IOException |
Constructor.
ConfigurationException | ||
IOException |
org.ccnx.ccn.impl.security.keys.BasicKeyManager.BasicKeyManager | ( | ) | throws ConfigurationException, IOException |
Default constructor, takes all parameters from defaults in UserCOnfiguration.
IOException | ||
ConfigurationException |
void org.ccnx.ccn.impl.security.keys.BasicKeyManager.clearSavedConfigurationState | ( | ) | throws FileNotFoundException, IOException [virtual] |
Need a way to clear this programmatically.
Call this before initialize(). This deletes our saved configuration state, key files and stored key cache.
Implements org.ccnx.ccn.KeyManager.
synchronized void org.ccnx.ccn.impl.security.keys.BasicKeyManager.close | ( | ) |
Close any connections we have to the network.
Ideally prepare to reopen them when they are next needed.
Reimplemented from org.ccnx.ccn.KeyManager.
static KeyStore org.ccnx.ccn.impl.security.keys.BasicKeyManager.createKeyStore | ( | OutputStream | keystoreWriteStream, | |
String | keyStoreType, | |||
String | keyAlias, | |||
char[] | password, | |||
String | userName | |||
) | throws ConfigurationException, IOException [static] |
Generates a key pair and a certificate, and stores them to the key store using the specified alias, password, and other information.
keystoreWriteStream | The output stream to write the keystore to (file stream, ccn stream, ...) | |
keyStoreType | The keystore type to use. If null, uses UserConfiguration.defaultKeyStoreType() | |
keyAlias | The key alias to use. If null, uses UserConfiguration.defaultKeyAlias(). Note that toLower is called on the alias before it is used, as OSes vary in their handling of case in keystore aliases (some treat it as significant, some don't). | |
password | The password to use for the key and keystore, if null uses UserConfiguration.keystorePassword() | |
userName | The user name to use. If null, uses UserConfiguration.userName(). |
ConfigurationException | ||
IOException |
synchronized KeyStoreInfo org.ccnx.ccn.impl.security.keys.BasicKeyManager.createKeyStore | ( | ) | throws ConfigurationException, IOException [protected] |
Generate our key store if we don't have one.
Use createKeyStoreWriteStream to determine where to put it.
ConfigurationException |
static Tuple<KeyStoreInfo, OutputStream> org.ccnx.ccn.impl.security.keys.BasicKeyManager.createKeyStoreWriteStream | ( | String | keyStoreDirectory, | |
String | keyStoreFileName | |||
) | throws ConfigurationException, IOException [static, protected] |
Creates a key store file.
ConfigurationException |
Tuple<KeyStoreInfo, OutputStream> org.ccnx.ccn.impl.security.keys.BasicKeyManager.createKeyStoreWriteStream | ( | ) | throws ConfigurationException, IOException [protected] |
Creates a key store file.
ConfigurationException |
Reimplemented in org.ccnx.ccn.impl.security.keys.NetworkKeyManager, and org.ccnx.ccn.impl.security.keys.RepositoryKeyManager.
static void org.ccnx.ccn.impl.security.keys.BasicKeyManager.generateConfigurationException | ( | String | message, | |
Exception | e | |||
) | throws ConfigurationException [static, package] |
Helper method to turn low-level errors into ConfigurationExceptions.
message | explanatory message | |
e | original error |
ConfigurationException |
AccessControlManager org.ccnx.ccn.impl.security.keys.BasicKeyManager.getAccessControlManagerForName | ( | ContentName | contentName | ) | [virtual] |
Handle access control manager cache.
contentName |
Implements org.ccnx.ccn.KeyManager.
PublisherPublicKeyDigest [] org.ccnx.ccn.impl.security.keys.BasicKeyManager.getAvailableIdentities | ( | ) | [virtual] |
Get the public key digests corresponding to our available signing keys.
Implements org.ccnx.ccn.KeyManager.
PublisherPublicKeyDigest org.ccnx.ccn.impl.security.keys.BasicKeyManager.getDefaultKeyID | ( | ) | [virtual] |
ContentName org.ccnx.ccn.impl.security.keys.BasicKeyManager.getDefaultKeyName | ( | PublisherPublicKeyDigest | keyID | ) | [virtual] |
Get the key-manager determined default key name for a key.
Might include a version, might allow caller to save with generated version.
Implements org.ccnx.ccn.KeyManager.
PublicKey org.ccnx.ccn.impl.security.keys.BasicKeyManager.getDefaultPublicKey | ( | ) | [virtual] |
PrivateKey org.ccnx.ccn.impl.security.keys.BasicKeyManager.getDefaultSigningKey | ( | ) | [virtual] |
KeyLocator org.ccnx.ccn.impl.security.keys.BasicKeyManager.getKeyLocator | ( | PublisherPublicKeyDigest | keyID | ) | [virtual] |
Get the key locator to use for a given key.
If a value has been stored by calling setKeyLocator, that value will be used. Such values can also be initialized using command-line properties, environment variables, or configuration files. Usually it refers to content already published. As we don't know where the key might be published, if no value is specified, we return a locator of type KEY. We have deprecated the previous behavior of trying to look at objects we have published containing this key; this does not allow the user enough control over what key locator will be used.
Implements org.ccnx.ccn.KeyManager.
CCNTime org.ccnx.ccn.impl.security.keys.BasicKeyManager.getKeyVersion | ( | PublisherPublicKeyDigest | keyID | ) | [virtual] |
Get any timestamp associate with this key.
keyID |
Implements org.ccnx.ccn.KeyManager.
PublicKey org.ccnx.ccn.impl.security.keys.BasicKeyManager.getPublicKey | ( | PublisherPublicKeyDigest | desiredKeyID | ) | [virtual] |
Attempt to retrieve public key from cache.
IOException |
Implements org.ccnx.ccn.KeyManager.
PublicKey org.ccnx.ccn.impl.security.keys.BasicKeyManager.getPublicKey | ( | PublisherPublicKeyDigest | desiredKeyID, | |
KeyLocator | keyLocator, | |||
long | timeout | |||
) | throws IOException [virtual] |
Get public key for a publisher, given a key locator.
Times out after timeout amount of time elapsed
publisherID | publisher public key digest | |
keyLocator | key locator | |
timeout | timeout value |
Implements org.ccnx.ccn.KeyManager.
PublicKeyCache org.ccnx.ccn.impl.security.keys.BasicKeyManager.getPublicKeyCache | ( | ) | [virtual] |
PublicKeyObject org.ccnx.ccn.impl.security.keys.BasicKeyManager.getPublicKeyObject | ( | PublisherPublicKeyDigest | desiredKeyID, | |
KeyLocator | locator, | |||
long | timeout | |||
) | throws IOException [virtual] |
Get a public key object for this key locator and publisher, if there is one.
This is less general than the method above, which retrieves keys we have cached but which have never been published -- our keys, keys listed explicitly in locators, etc.
desiredKeyID | ||
locator | ||
timeout |
IOException |
Implements org.ccnx.ccn.KeyManager.
PublisherPublicKeyDigest org.ccnx.ccn.impl.security.keys.BasicKeyManager.getPublisherKeyID | ( | PrivateKey | signingKey | ) | [virtual] |
Get publisher ID.
signingKey | private signing key |
Implements org.ccnx.ccn.KeyManager.
SecureKeyCache org.ccnx.ccn.impl.security.keys.BasicKeyManager.getSecureKeyCache | ( | ) | [virtual] |
Access our store of private keys and other secret key material that we have retrieved.
Implements org.ccnx.ccn.KeyManager.
PrivateKey org.ccnx.ccn.impl.security.keys.BasicKeyManager.getSigningKey | ( | PublisherPublicKeyDigest | publisher | ) | [virtual] |
Get private signing key for a publisher.
If I am the publisher, return signing key; otherwise, return null.
publisher | publisher public key digest |
Implements org.ccnx.ccn.KeyManager.
PrivateKey [] org.ccnx.ccn.impl.security.keys.BasicKeyManager.getSigningKeys | ( | ) | [virtual] |
Get signing keys.
Implements org.ccnx.ccn.KeyManager.
synchronized void org.ccnx.ccn.impl.security.keys.BasicKeyManager.initialize | ( | ) | throws ConfigurationException, IOException [virtual] |
This initializes and loads the key pair and certificate of the user.
If a key store file exists, reads in the key; otherwise, create a key store file and a key pair. Separate this for the usual reasons; so subclasses can get set up before it's called. Could make fake base class constructor, and call loadKeyStore in subclass constructors, but this wouldn't work past one level, and this allows subclasses to override initialize behavior.
ConfigurationException |
Implements org.ccnx.ccn.KeyManager.
KeyStoreInfo org.ccnx.ccn.impl.security.keys.BasicKeyManager.loadKeyStore | ( | ) | throws ConfigurationException, IOException [protected] |
If a key store file exists, reads in the key; otherwise, create a key store file and a key pair.
keyStoreFileName | the file containing the keystore, if null uses default in user's home directory. |
ConfigurationException |
Reimplemented in org.ccnx.ccn.impl.security.keys.NetworkKeyManager.
boolean org.ccnx.ccn.impl.security.keys.BasicKeyManager.loadValuesFromConfiguration | ( | KeyStoreInfo | keyStoreInfo | ) | throws ConfigurationException [protected] |
Load values of relevance to a key manager.
Most importantly, loads default key locator information. If the system parameter UserConfiguration.useKeyConfiguration() (settable from an environment variable, a Java property, or programmatically) is false, we do not load our saved key locators/identities, or our saved secret key cache.
ConfigurationException |
boolean org.ccnx.ccn.impl.security.keys.BasicKeyManager.loadValuesFromKeystore | ( | KeyStoreInfo | keyStoreInfo | ) | throws ConfigurationException [protected] |
Read data from a newly opened, or newly created keystore.
keyStore |
ConfigurationException |
PublicKeyObject org.ccnx.ccn.impl.security.keys.BasicKeyManager.publishDefaultKey | ( | ContentName | keyName | ) | throws IOException, InvalidKeyException |
Allow subclasses to specialize key publication, if any.
defaultPrefix | our default namespace, if we know one for this environment. If null, take user defaults. |
ConfigurationException |
Reimplemented from org.ccnx.ccn.KeyManager.
PublicKeyObject org.ccnx.ccn.impl.security.keys.BasicKeyManager.publishKey | ( | ContentName | keyName, | |
PublicKey | keyToPublish, | |||
PublisherPublicKeyDigest | signingKeyID, | |||
KeyLocator | signingKeyLocator, | |||
boolean | learnKeyLocator | |||
) | throws InvalidKeyException, IOException [virtual] |
Publish a key at a certain name, signed by our default identity.
Usually used to publish our own keys, but can specify other keys we have in our cache.
This publishes our key to our own internal key server, from where it can be retrieved as long as this KeyManager is running. It does not put it on the wire until someone requests it. Implementation Note: This code is used in CCNHandle initialization, and as such it cannot use a CCNHandle or any of the standard network operations without introducing a circular dependency. The code is very low-level and should only be modified with great caution.
keyName | the name under which the key should be published. For the moment, keys are unversioned. | |
keyToPublish | can be null, in which case we publish our own default public key | |
signingKeyID | key to sign with, if we wish to override default | |
signingKeyLocator | locator to use, if we wish to override default; if null, one will be computed | |
learnKeyLocator | do we remember the key locator used as the default for this signing key |
InvalidKeyException | ||
IOException | ||
ConfigurationException |
Implements org.ccnx.ccn.KeyManager.
PublicKeyObject org.ccnx.ccn.impl.security.keys.BasicKeyManager.publishKeyToRepository | ( | ContentName | keyName, | |
PublisherPublicKeyDigest | keyToPublish, | |||
long | timeToWaitForPreexisting | |||
) | throws InvalidKeyException, IOException [virtual] |
Publish a key at a certain name, ensuring that it is stored in a repository.
Will throw an exception if no repository available. Usually used to publish our own keys, but can specify any key known to our key cache.
keyName | Name under which to publish the key. Currently added under existing version, or version included in keyName. | |
keyToPublish | can be null, in which case we publish our own default public key. | |
handle | the handle to use for network requests |
InvalidKeyException | ||
IOException |
Implements org.ccnx.ccn.KeyManager.
PublicKeyObject org.ccnx.ccn.impl.security.keys.BasicKeyManager.publishSelfSignedKeyToRepository | ( | ContentName | keyName, | |
PublicKey | theKey, | |||
PublisherPublicKeyDigest | keyToPublish, | |||
long | timeToWaitForPreexisting | |||
) | throws InvalidKeyException, IOException [virtual] |
Publish a key at a certain name, ensuring that it is stored in a repository.
Require that the key be self-signed. Will throw an exception if no repository available. Usually used to publish our own keys, but can specify any key known to our key cache.
keyName | Name under which to publish the key. Currently added under existing version, or version included in keyName. | |
theKey | the public key to publish. Provide both this and keyToPublish to avoid recomputing them if the caller has them already; otherwise they'll be retrieved from cache. | |
keyToPublish | can be null, in which case we publish our own default public key. | |
handle | the handle to use for network requests |
InvalidKeyException | ||
IOException |
Implements org.ccnx.ccn.KeyManager.
KeyStore org.ccnx.ccn.impl.security.keys.BasicKeyManager.readKeyStore | ( | InputStream | in | ) | throws ConfigurationException [protected] |
Reads in a user's private/public keys and certificate from a key store Must have set _password.
in | input stream |
ConfigurationException |
void org.ccnx.ccn.impl.security.keys.BasicKeyManager.respondToKeyRequests | ( | ContentName | keyPrefix | ) | throws IOException |
Right now KeyServers are hidden in our subclasses.
... this makes it hard to expose control of filter registration. This is a bad attempt at an API for that, it should change. Don't make it abstract as subclasses may not need it.
IOException |
Reimplemented from org.ccnx.ccn.KeyManager.
void org.ccnx.ccn.impl.security.keys.BasicKeyManager.saveConfigurationState | ( | ) | throws FileNotFoundException, IOException [virtual] |
As a very initial pass, save configuration state as Java serialization.
Later we'll clean this up...
IOException | ||
FileNotFoundException |
Implements org.ccnx.ccn.KeyManager.
void org.ccnx.ccn.impl.security.keys.BasicKeyManager.saveSecureKeyCache | ( | ) | throws FileNotFoundException, IOException [virtual] |
As a very initial pass, save key cache as encrypted Java serialization.
Later we'll clean this up... (And encryption still needs to be hooked up.)
IOException | ||
FileNotFoundException |
Implements org.ccnx.ccn.KeyManager.
void org.ccnx.ccn.impl.security.keys.BasicKeyManager.setKeyLocator | ( | PublisherPublicKeyDigest | publisherKeyID, | |
KeyLocator | keyLocator | |||
) | [virtual] |
Remember the key locator to use for a given key.
Use this to publish this key in the future if not overridden by method calls. If no key locator stored for this key, and no override given, compute a KEY type key locator if this key has not been published, and the name given to it when published if it has.
publisherKeyID | the key whose locator to set | |
keyLocator | the new key locator for this key; overrides any previous value. If null, erases previous value and defaults will be used. |
Implements org.ccnx.ccn.KeyManager.
HashMap<PublisherPublicKeyDigest, KeyLocator> org.ccnx.ccn.impl.security.keys.BasicKeyManager._currentKeyLocators = new HashMap<PublisherPublicKeyDigest, KeyLocator>() [protected] |
Registry of key locators to use.
In essence, these are pointers to our primary credential for each key. Unless overridden this is what we use for each of our signing keys.
TODO consider adding a second map tracking all the available key locators for a given key, to select from them.
CCNHandle org.ccnx.ccn.impl.security.keys.BasicKeyManager._handle = null [protected] |
Handle used by key server and key retrieval.
This may be null, so always access via handle() if you are going to use it.