|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectnet.handle.hdllib.SecureResolver
public class SecureResolver
Class that resolves handles while verifying digital signatures on those values. This provides a higher level of security because handle values can be signed by private keys that are kept offline instead of on a handle server. This also allows the verification of keys based on third party signatures from key pairs that are referenced outside of the handle system and not dependent on any "root" keys associated with the handle system or any particular namespace.
Nested Class Summary | |
---|---|
class |
SecureResolver.HDLSignature
|
Field Summary | |
---|---|
static java.lang.String |
DEFAULT_ALGORITHM
|
boolean |
ignoreInvalidSignatures
|
boolean |
ignoreUnsignedValues
|
static byte[] |
METADATA_TYPE
|
boolean |
reportMissingValues
|
static java.lang.String |
SIG_ALG_TAGNAME
|
static java.lang.String |
SIG_HANDLE_ATTRIBUTE
|
static java.lang.String |
SIG_TAGNAME
|
static byte[] |
SIGNATURE_TYPE
|
static java.lang.String |
SIGNED_INDEX_TAGNAME
|
static java.lang.String |
SIGNER_HANDLE_ATTRIBUTE
|
static int |
VALUE_DIGEST_OFFSET
|
static java.lang.String |
VALUE_HASH_ELEMENT_NAME
|
static java.lang.String |
VALUE_INDEX_ATTRIBUTE
|
static java.lang.String |
VALUE_MD5HASH_ATTRIBUTE
|
static java.lang.String |
VALUE_SHA1HASH_ATTRIBUTE
|
Constructor Summary | |
---|---|
SecureResolver()
Construct a SecureResolver using a new instance of the default HandleResolver to process resolution requests. |
|
SecureResolver(HandleResolver resolver)
Construct a SecureResolver using the given HandleResolver to process resolution requests. |
Method Summary | |
---|---|
static java.lang.String |
createDigestOfValues(java.lang.String handle,
HandleValue[] values)
Generate an XML string containing the metadata (including digests) for the given set of handle values |
static void |
main(java.lang.String[] argv)
|
void |
printState()
|
HandleValue[] |
resolveHandle(byte[] handle,
byte[][] types,
int[] indexes)
Resolve the given handle retrieving only the given types and indexes, if any. |
HandleValue[] |
resolveHandle(ResolutionRequest req)
Process the given ResolutionRequest while verifying that any values returned are signed according to the policy of this object. |
HandleValue[] |
secureHandleValues(byte[] handle,
HandleValue[] values)
|
HandleValue[] |
secureHandleValues(byte[] handle,
HandleValue[] aValues,
java.util.Map<java.lang.String,java.util.ArrayList<java.security.PublicKey>> keys)
|
void |
setRootKeysAsTrusted()
|
void |
setTrustedKeys(java.util.Map<java.lang.String,java.util.List<java.security.PublicKey>> keyIDsMap)
Specify the set of identities that are trusted to verify handle values. |
void |
setTrustNamespaceKeys(boolean trustThem)
Sets whether or not the resolver should trust keys that are provided by higher level namespaces (ie contained in naming authority handles). |
static java.lang.String |
signValue(java.lang.String signerHDL,
java.security.PrivateKey privKey,
java.lang.String signedHDL,
HandleValue valueToBeSigned)
Sign some handle value data (usually a table of handle value digests) with the given signer's public key. |
HandleValue[] |
verifyValuesByMajority(byte[] handle,
HandleValue[] aValues)
Verify the given handle values and return only those which have been signed by a majority of the public keys in the given key map. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String SIGNED_INDEX_TAGNAME
public static final java.lang.String SIG_ALG_TAGNAME
public static final java.lang.String SIG_TAGNAME
public static final java.lang.String DEFAULT_ALGORITHM
public static final java.lang.String VALUE_HASH_ELEMENT_NAME
public static final java.lang.String VALUE_INDEX_ATTRIBUTE
public static final java.lang.String SIG_HANDLE_ATTRIBUTE
public static final java.lang.String SIGNER_HANDLE_ATTRIBUTE
public static final java.lang.String VALUE_MD5HASH_ATTRIBUTE
public static final java.lang.String VALUE_SHA1HASH_ATTRIBUTE
public static final int VALUE_DIGEST_OFFSET
public static final byte[] METADATA_TYPE
public static final byte[] SIGNATURE_TYPE
public boolean ignoreUnsignedValues
public boolean reportMissingValues
public boolean ignoreInvalidSignatures
Constructor Detail |
---|
public SecureResolver()
public SecureResolver(HandleResolver resolver)
Method Detail |
---|
public void printState()
public void setRootKeysAsTrusted()
public void setTrustedKeys(java.util.Map<java.lang.String,java.util.List<java.security.PublicKey>> keyIDsMap)
public void setTrustNamespaceKeys(boolean trustThem)
public HandleValue[] resolveHandle(byte[] handle, byte[][] types, int[] indexes) throws HandleException
HandleException
public HandleValue[] resolveHandle(ResolutionRequest req) throws HandleException
HandleException
public HandleValue[] secureHandleValues(byte[] handle, HandleValue[] values) throws java.lang.Exception
java.lang.Exception
public HandleValue[] secureHandleValues(byte[] handle, HandleValue[] aValues, java.util.Map<java.lang.String,java.util.ArrayList<java.security.PublicKey>> keys) throws java.lang.Exception
java.lang.Exception
public static final java.lang.String createDigestOfValues(java.lang.String handle, HandleValue[] values) throws HandleException, java.security.NoSuchAlgorithmException
HandleException
java.security.NoSuchAlgorithmException
public static final java.lang.String signValue(java.lang.String signerHDL, java.security.PrivateKey privKey, java.lang.String signedHDL, HandleValue valueToBeSigned) throws HandleException, java.security.NoSuchAlgorithmException, java.security.SignatureException, java.security.InvalidKeyException
HandleException
java.security.NoSuchAlgorithmException
java.security.SignatureException
java.security.InvalidKeyException
public static void main(java.lang.String[] argv) throws java.lang.Exception
java.lang.Exception
public HandleValue[] verifyValuesByMajority(byte[] handle, HandleValue[] aValues) throws java.lang.Exception
java.lang.Exception
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |