com.ibm.able.platform
Class AbleSecureKey
java.lang.Object
|
+--com.ibm.able.platform.AbleSecureKey
- All Implemented Interfaces:
- java.io.Serializable
- public final class AbleSecureKey
- extends java.lang.Object
- implements java.io.Serializable
In a secure platform, VerifiableAgentNames will be used to authenticate the caller when
calling secure methods. When calling a secure method a VAN would be passed along. The
secure method would go the the V-ANS with this VAN and make sure it is a valid untampered
VAN that it can trust. So now the seucre method will know that this VAN is valid, but how
does it know that this call was make by the holder of this VAN? That is where this class
comes into play. When something wants to call a secure method, it will create
an AbleSecureKey to sign the the caller's VAN, and hold an expiration ID. It will wrapper
this signed VAN along with the VAN of the one calling this secure method, and also the
expirationID. When the secure method gets this AbleSecureKey it will first verify the visible
VAN and expirationID of the key. The expiration ID is used to guarantee that this key is only
used once, and only by the VAN that created the key. It will then use this verified VAN to
unsign the signed VAN and expirationID inside the key. If the unsigned VAN and expiraiton ID
matches the verified VAN and expiration ID, then the method continue. The secure method can
then grab the VAN from the key to authorize, or do whatever it wants, knowing that this call
came from the trusted entity that the V-ANS gave this verified VAN to.
- See Also:
- Serialized Form
Constructor Summary |
AbleSecureKey(VerifiableAgentName van,
java.lang.String expirationID,
java.security.PrivateKey privateKey)
This constructor will use the provider and algorithm specified in the preferences file. |
AbleSecureKey(VerifiableAgentName van,
java.lang.String expirationID,
java.security.PrivateKey privateKey,
java.lang.String algorithm,
java.lang.String provider)
This constructor take in the provider and algorithm used for signing Objects.. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
AbleSecureKey
public AbleSecureKey(VerifiableAgentName van,
java.lang.String expirationID,
java.security.PrivateKey privateKey)
throws javax.agent.service.naming.NamingException
- This constructor will use the provider and algorithm specified in the preferences file.
It will also sign and set the VAN that this AbleSecureKey will hold.
- Parameters:
van
- The VerifiableAgentName for this keyexpirationID
- An ID that will be used to guarantee this key expires after being used.privateKey
- The private key used to sign objects in this key- Throws:
javax.agent.service.naming.NamingException
-
AbleSecureKey
public AbleSecureKey(VerifiableAgentName van,
java.lang.String expirationID,
java.security.PrivateKey privateKey,
java.lang.String algorithm,
java.lang.String provider)
throws javax.agent.service.naming.NamingException
- This constructor take in the provider and algorithm used for signing Objects..
It will also sign and set the VAN that this AbleSecureKey will hold.
- Parameters:
van
- The VerifiableAgentName for this keyexpirationID
- An ID that will be used to guarantee this key expires after being used.privateKey
- The private key used to sign objects in this key- Throws:
javax.agent.service.naming.NamingException
-
getVan
public VerifiableAgentName getVan()
- Getter method to return the VAN of this AbleSecureKey
- Returns:
- The VerifiableAgentName of this AbleSecureKey
getExpriationID
public java.lang.String getExpriationID()
- Getter method to return the expirationID of this AbleSecureKey
- Returns:
- The expirationID of this AbleSecureKey
verifyKey
public void verifyKey(VerifiableAgentNamingService ans)
throws javax.agent.service.naming.NamingException
- This method will verify the visible unsigned VAN and make sure that this key has
not already been used. It will then unsign the signed VAN and make sure they match.
- Parameters:
ans
- The VerifiableAgentNamingService that can be used when verifying the VAN. Setting
(C) Copyright IBM Corporation 1999, 2003