|
ABLE 2.0.0 07/02/2003 10:25:01 | ||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Defines the behavior of a Verifiable Naming Service. A Naming Service produces Globally Unique IDentifiers (GUIDs) or AgentNames. This interface is the network interface to the service. All traffic is encrypted using JGSS. A proxy, RMIAgentNamingServiceProxy, is the only class which speaks using this interface. This interface is the service side interface. The agent side interface is VerifiableAgentNamingService.
RMIVerifiableNamingSystem
Method Summary | |
---|---|
void |
closeConversation(java.lang.String convId,
AbleSecureKey key)
Cleanup if a request is made to end a conversation. |
VerifiableAgentName |
createAgentName(java.security.PublicKey publicKey,
java.lang.String principal,
java.lang.String vanIdentifier,
AbleSecureKey theSecureKey)
The platform must be running secure for this method to succeed. |
javax.agent.AgentName |
createInsecureName()
Creates a new Globally Unique Identifier, an AgentName. |
java.lang.String |
getExpirationID(VerifiableAgentName van)
Get an expirationID from the VerifiableAgentNamingService that matches this VAN. |
boolean |
isVerified(VerifiableAgentName van,
java.lang.String expirationID)
Verifies that the VerifiableAgentName was created by this VerifiableAgentNamingService, and that it is untampered with and in the same condition as when it was created. |
java.lang.String |
openConversation()
When this VerifiableAgentNamingService is aksed for a VerifiableAgentName,, it must use Kerberos to secure this process. |
byte[] |
pushAndPull(java.lang.String convId,
byte[] tokens)
This method handles the context establishment between this ANS and someone asking for a VAN. |
void |
releaseAgentName(AbleSecureKey key)
This removes the VAN we created from our memory. |
Methods inherited from interface com.ibm.able.platform.RmiAblePlatformService |
---|
terminateService |
Methods inherited from interface com.ibm.able.platform.RmiAblePlatformServiceEventGenerator |
---|
addAblePlatformServiceEventListener, getAblePlatformServiceEventListeners, removeAblePlatformServiceEventListener |
Method Detail |
public java.lang.String openConversation() throws java.rmi.RemoteException, javax.agent.service.naming.NamingException
java.rmi.RemoteException
- On any remote error.
javax.agent.service.naming.NamingException
- If the platform is not secure.
On errors creating the context credentials.
public byte[] pushAndPull(java.lang.String convId, byte[] tokens) throws java.rmi.RemoteException, javax.agent.service.naming.NamingException, javax.agent.service.naming.NamingFailure
It passes GSS-encrypted, Java serialized objects as parameters.
convId
- The Context that is to be use.
token
- Byte array stream holding the secure parameters.
java.rmi.RemoteException
- On any remote error.
javax.agent.service.naming.NamingException
- On any naming error.
If the platform is not secure.
On errors establishing a secure context.
On errors wrapping the return message.
javax.agent.service.naming.NamingFailure
- If the Context that is to be used does not exist.public void closeConversation(java.lang.String convId, AbleSecureKey key) throws java.rmi.RemoteException, javax.agent.service.naming.NamingException
idToClose
- The conversation that is to be closed.
theSecureKey
- AbleSecureKey used to secure communication.
java.rmi.RemoteException
- On any remote error.
javax.agent.service.naming.NamingException
- If the platform is not secure.
If the caller is not authenticated.
If the context that is to be used does not exist.
If the caller is not authorized.
On any GSS error.
public javax.agent.AgentName createInsecureName() throws java.rmi.RemoteException
java.rmi.RemoteException
- On any remote error.public VerifiableAgentName createAgentName(java.security.PublicKey publicKey, java.lang.String principal, java.lang.String vanIdentifier, AbleSecureKey theSecureKey) throws java.rmi.RemoteException, javax.agent.service.naming.NamingException
This will create and return a new VerifiableAgentName based off of the supplied parameters.
If attempting to create a VAN whose new principal does not match the requesting VAN's principal, this will only succeed if the principal of the VAN making the request is a principal of one of the platform pools.
publicKey
- The Public Key that the new VerifiableAgentName is to be
created with.
principal
- The principal that the new VerifiableAgentName is to be
created with. If this is not set, the principal will be the
principal of the VerifiableAgentName making this call.
vanIdentifier
- If the new VerifiableAgentName is to be based off an
existing VerifiableAgentName, this parameter can be set to identify
this existing VerifiableAgentName. This will fail if the principal
does not match the principal of the existing VerifiableAgentName.
javax.agent.service.naming.NamingException
- If the platform is not secure.
If the caller is not authenticated.
If the requesting VAN is does not belong to one of the platform VMs.
On any error creating the VerifiableAgentName.
java.rmi.RemoteException
- On any remote error.public void releaseAgentName(AbleSecureKey key) throws java.rmi.RemoteException, javax.agent.service.naming.NamingException
The VAN that will be released is the one that is signed and stored inside the
theKey
.
This method cannot be delegated using nested VANs inside an AbleSecureKey. The VAN that is to be released must be the one used to make the request.
theSecureKey
- The AbleSecureKey that is used to secure communication. This key
holds the VAN that will be released.
java.rmi.RemoteException
- On any remote error.
javax.agent.service.naming.NamingException
- If the platform is not secure.
If the caller is not authenticated.
public java.lang.String getExpirationID(VerifiableAgentName van) throws java.rmi.RemoteException
When the AbleSecureKey that is using this expirationID is verified, the VerifiableAgentNamingService will make sure that the expiraiton ID matches the VerifiableAgentName it was given to, and that it has not been used yet. This will prevent AbleSecureKeys from being used multiple times.
van
- The VerifiableAgentName that this expirationID must be used with.
java.rmi.RemoteException
- On any remote error.public boolean isVerified(VerifiableAgentName van, java.lang.String expirationID) throws java.rmi.RemoteException
It just makes sure that the VAN and all nested VANs inside it are untampered with since they were created here.
If any of the nested VANs do not verify, then this VAN does not verify.
agentName
- The VerifiableAgentName to be verified.
expirationID
- When verifying a VAN inside an AbleSecureKey, this expiration ID will be included
so the V-ANS will be able to determine if the AbleSecureKey has expired.
java.rmi.RemoteException
- On any remote error.
|
ABLE 2.0.0 07/02/2003 10:25:01 | ||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |