Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.objectweb.proactive.ext.security
Class ProActiveSecurityManager

java.lang.Object
  extended by org.objectweb.proactive.ext.security.ProActiveSecurityManager
All Implemented Interfaces:
java.io.Serializable, SecurityEntity
Direct Known Subclasses:
DefaultProActiveSecurityManager
public class ProActiveSecurityManager
extends java.lang.Object
implements java.io.Serializable, SecurityEntity

The ProActiveSecurityManager handles all security related actions for a given SecurityEntity.

See Also:
Serialized Form

Field Summary
protected  byte[] encodedKeyStore
           
protected  java.security.KeyStore keyStore
           
protected  UniversalBody myBody
           
protected  SecurityEntity parent
           
protected  PolicyServer policyServer
           
protected  RandomLongGenerator randomLongGenerator
           
protected  java.util.Hashtable<java.lang.Long,Session> sessions
           
protected  int type
           
protected  java.lang.String VNName
           
 
Constructor Summary
ProActiveSecurityManager()
          This a the default constructor to use with the ProActiveSecurityManager
ProActiveSecurityManager(java.security.KeyStore keyStore, PolicyServer policyServer)
           
ProActiveSecurityManager(PolicyServer server)
           
ProActiveSecurityManager(java.lang.String file)
           
 
Method Summary
 byte[] decrypt(long sessionID, byte[][] message, int type)
          Method decrypt.
static java.lang.String displayByte(byte[] tab)
           
 byte[][] encrypt(long sessionID, java.lang.Object object, int type)
          Method encrypt.
protected  void generateEntityCertificate(java.lang.String siblingName)
           
 ProActiveSecurityManager generateSiblingCertificate(java.lang.String siblingName)
           
 java.security.cert.X509Certificate getCertificate()
          entity certificate
 byte[] getCertificateEncoded()
          This method returns the entity certificate as byte array.
 java.util.ArrayList<Entity> getEntities()
          Retrieves all the entity's ID which contain this entity plus this entity ID.
 java.security.cert.X509Certificate[] getMyCertificateChain()
           
 java.util.Hashtable<java.lang.Long,java.lang.String> getOpenedConnexion()
           
 SecurityEntity getParent()
           
 SecurityContext getPolicy(SecurityContext securityContext)
          Method getPolicyTo.
 PolicyServer getPolicyServer()
           
 Communication getPolicyTo(java.lang.String type, java.lang.String from, java.lang.String to)
          Method getPolicyTo.
protected  java.security.PrivateKey getPrivateKey()
           
 ProActiveSecurityManager getProActiveSecurityManager()
           
 java.security.PublicKey getPublicKey()
          Method getPublicKey.
 Session getSession(long id)
           
 long getSessionIDTo(java.security.cert.X509Certificate cert)
           
 java.lang.String getVNName()
           
 void initiateSession(int type, SecurityEntity distantSecurityEntity)
          Method initiateSession.
 ConfidentialityTicket keyNegociationReceiverSide(ConfidentialityTicket confidentialityTicket, long randomID)
           
 boolean keyNegociationSenderSide(SecurityEntity distantSecurityEntity, long sessionID)
          Method keyNegociationSenderSide. starts the challenge to negociate a session key.
 AuthenticationTicket mutualAuthenticationReceiverSide(AuthenticationTicket authenticationTicket, long randomID)
           
 boolean mutualAuthenticationSenderSide(UniversalBody distantBody, java.security.cert.X509Certificate distantBodyCertificate)
           
 byte[][] publicKeyExchange(long sessionID, byte[] pub_key, byte[] cert, byte[] signature)
          exchange entity certificate and/or public key if certificate are not available
 byte[] randomValue(long sessionID, byte[] clientRandomValue)
          Exchange random value between client and server entity
 byte[][] secretKeyExchange(long sessionID, byte[] aesKey, byte[] iv, byte[] macKey, byte[] lockData, byte[] signatur)
          Method secretKeyExchange. exchange secret between objects
 void setBody(UniversalBody body)
           
 void setParent(SecurityEntity parent)
           
 void setPolicyServer(PolicyServer policyServer)
          Set entity policy server
 void setVNName(java.lang.String string)
          allows to set the name of the current virtual node
 long startNewSession(Communication communicationPolicy)
          start an unvalidated empty session
 void terminateSession(long sessionID)
          terminate a given session
 void terminateSession(UniversalBody body, long sessionID)
           
 AuthenticationTicket unilateralAuthenticationReceiverSide(long randomID, long rb, java.lang.String emittor)
           
 boolean unilateralAuthenticationSenderSide(UniversalBody distantBody)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

sessions

protected java.util.Hashtable<java.lang.Long,Session> sessions

randomLongGenerator

protected transient RandomLongGenerator randomLongGenerator

policyServer

protected PolicyServer policyServer

keyStore

protected java.security.KeyStore keyStore

myBody

protected transient UniversalBody myBody

VNName

protected java.lang.String VNName

parent

protected SecurityEntity parent

encodedKeyStore

protected byte[] encodedKeyStore

type

protected int type
Constructor Detail

ProActiveSecurityManager

public ProActiveSecurityManager()
This a the default constructor to use with the ProActiveSecurityManager

ProActiveSecurityManager

public ProActiveSecurityManager(java.lang.String file)
                         throws java.io.IOException,
                                InvalidPolicyFile
Throws:
java.io.IOException
InvalidPolicyFile

ProActiveSecurityManager

public ProActiveSecurityManager(PolicyServer server)
Parameters:
server -

ProActiveSecurityManager

public ProActiveSecurityManager(java.security.KeyStore keyStore,
                                PolicyServer policyServer)
Parameters:
keyStore -
policyServer -
Method Detail

setBody

public void setBody(UniversalBody body)

getPolicy

public SecurityContext getPolicy(SecurityContext securityContext)
                          throws SecurityNotAvailableException
Method getPolicyTo.

Specified by:
getPolicy in interface SecurityEntity
Parameters:
securityContext - the object certificate we want to get the policy from
Returns:
Policy policy attributes
Throws:
SecurityNotAvailableException - thrown the entity doest not support the security

getPolicyTo

public Communication getPolicyTo(java.lang.String type,
                                 java.lang.String from,
                                 java.lang.String to)
                          throws SecurityNotAvailableException
Method getPolicyTo.

Returns:
Policy policy attributes
Throws:
SecurityNotAvailableException

initiateSession

public void initiateSession(int type,
                            SecurityEntity distantSecurityEntity)
                     throws CommunicationForbiddenException,
                            AuthenticationException,
                            RenegotiateSessionException,
                            SecurityNotAvailableException
Method initiateSession. This method is the entry point for an secured communication. We get local and distant policies, compute it, and generate the result policy, then if needed, we start an symmetric key exchange to encrypt the communication.

Parameters:
distantSecurityEntity -
Throws:
CommunicationForbiddenException
AuthenticationException
RenegotiateSessionException
SecurityNotAvailableException

getCertificate

public java.security.cert.X509Certificate getCertificate()
Description copied from interface: SecurityEntity
entity certificate

Specified by:
getCertificate in interface SecurityEntity
Returns:
returns entity certificate

terminateSession

public void terminateSession(UniversalBody body,
                             long sessionID)

terminateSession

public void terminateSession(long sessionID)
Description copied from interface: SecurityEntity
terminate a given session

Specified by:
terminateSession in interface SecurityEntity

startNewSession

public long startNewSession(Communication communicationPolicy)
Description copied from interface: SecurityEntity
start an unvalidated empty session

Specified by:
startNewSession in interface SecurityEntity
Parameters:
communicationPolicy -
Returns:
an identifier for the session

encrypt

public byte[][] encrypt(long sessionID,
                        java.lang.Object object,
                        int type)
                 throws RenegotiateSessionException
Method encrypt.

Parameters:
sessionID - the session we use to encrypt the Object
object - the object to encrypt
Returns:
byte[][] encrypted result
Throws:
RenegotiateSessionException

decrypt

public byte[] decrypt(long sessionID,
                      byte[][] message,
                      int type)
               throws RenegotiateSessionException
Method decrypt.

Parameters:
sessionID - the session we use to decrypt the message
message - the message to decrypt
Returns:
byte[] the decrypted message returns as byte array
Throws:
RenegotiateSessionException

mutualAuthenticationSenderSide

public boolean mutualAuthenticationSenderSide(UniversalBody distantBody,
                                              java.security.cert.X509Certificate distantBodyCertificate)
                                       throws AuthenticationException
Throws:
AuthenticationException

unilateralAuthenticationSenderSide

public boolean unilateralAuthenticationSenderSide(UniversalBody distantBody)
                                           throws AuthenticationException
Throws:
AuthenticationException

keyNegociationSenderSide

public boolean keyNegociationSenderSide(SecurityEntity distantSecurityEntity,
                                        long sessionID)
                                 throws KeyExchangeException
Method keyNegociationSenderSide. starts the challenge to negociate a session key.

Parameters:
distantSecurityEntity - distant active object we want to communicate to.
sessionID - the id of the session we will use
Returns:
boolean returns true if the negociation has succeed.
Throws:
KeyExchangeException

getPrivateKey

protected java.security.PrivateKey getPrivateKey()

mutualAuthenticationReceiverSide

public AuthenticationTicket mutualAuthenticationReceiverSide(AuthenticationTicket authenticationTicket,
                                                             long randomID)
                                                      throws AuthenticationException
Throws:
AuthenticationException

unilateralAuthenticationReceiverSide

public AuthenticationTicket unilateralAuthenticationReceiverSide(long randomID,
                                                                 long rb,
                                                                 java.lang.String emittor)
                                                          throws AuthenticationException
Throws:
AuthenticationException

keyNegociationReceiverSide

public ConfidentialityTicket keyNegociationReceiverSide(ConfidentialityTicket confidentialityTicket,
                                                        long randomID)
                                                 throws KeyExchangeException
Throws:
KeyExchangeException

randomValue

public byte[] randomValue(long sessionID,
                          byte[] clientRandomValue)
                   throws SecurityNotAvailableException,
                          RenegotiateSessionException
Description copied from interface: SecurityEntity
Exchange random value between client and server entity

Specified by:
randomValue in interface SecurityEntity
Parameters:
sessionID - the session ID
clientRandomValue - client random value
Returns:
server random value
Throws:
SecurityNotAvailableException - if the security is not available
RenegotiateSessionException - if the session has expired

publicKeyExchange

public byte[][] publicKeyExchange(long sessionID,
                                  byte[] pub_key,
                                  byte[] cert,
                                  byte[] signature)
                           throws SecurityNotAvailableException,
                                  RenegotiateSessionException,
                                  KeyExchangeException
Description copied from interface: SecurityEntity
exchange entity certificate and/or public key if certificate are not available

Specified by:
publicKeyExchange in interface SecurityEntity
Parameters:
sessionID - the session ID
pub_key - encoded public key
cert - encoded certificate
signature - encoded signature of previous paramaters
Returns:
an array containing : - server certificate and/or server public key - encoded signature of these parameters
Throws:
SecurityNotAvailableException - if the security is not available
RenegotiateSessionException - if the session has expired
KeyExchangeException - if a key data/length/algorithm is not supported

displayByte

public static java.lang.String displayByte(byte[] tab)

secretKeyExchange

public byte[][] secretKeyExchange(long sessionID,
                                  byte[] aesKey,
                                  byte[] iv,
                                  byte[] macKey,
                                  byte[] lockData,
                                  byte[] signatur)
Method secretKeyExchange. exchange secret between objects

Specified by:
secretKeyExchange in interface SecurityEntity
Parameters:
sessionID - the session
aesKey - the private key
iv -
macKey - the MAC key
lockData -
signatur - signature of aesKey,iv, macKey and lockData
Returns:
byte[][]

getSessionIDTo

public long getSessionIDTo(java.security.cert.X509Certificate cert)

getPublicKey

public java.security.PublicKey getPublicKey()
Method getPublicKey.

Specified by:
getPublicKey in interface SecurityEntity
Returns:
PublicKey the public key of the active object

getOpenedConnexion

public java.util.Hashtable<java.lang.Long,java.lang.String> getOpenedConnexion()

setVNName

public void setVNName(java.lang.String string)
allows to set the name of the current virtual node

Parameters:
string - the name of the current Virtual Node if any

getVNName

public java.lang.String getVNName()
Returns:
virtual node name where object has been created

getPolicyServer

public PolicyServer getPolicyServer()
Returns:
policy server

getCertificateEncoded

public byte[] getCertificateEncoded()
This method returns the entity certificate as byte array. It should be used when the certificate will be serialized. Indeed, certificates like others java.security.* objects are not serializabled object

Specified by:
getCertificateEncoded in interface SecurityEntity
Returns:
certificate as byte array

setPolicyServer

public void setPolicyServer(PolicyServer policyServer)
Set entity policy server

Parameters:
policyServer -

getEntities

public java.util.ArrayList<Entity> getEntities()
Description copied from interface: SecurityEntity
Retrieves all the entity's ID which contain this entity plus this entity ID.

Specified by:
getEntities in interface SecurityEntity
Returns:
entities that inforces security policy on the object

getSession

public Session getSession(long id)

getMyCertificateChain

public java.security.cert.X509Certificate[] getMyCertificateChain()

getParent

public SecurityEntity getParent()

setParent

public void setParent(SecurityEntity parent)

generateSiblingCertificate

public ProActiveSecurityManager generateSiblingCertificate(java.lang.String siblingName)

generateEntityCertificate

protected void generateEntityCertificate(java.lang.String siblingName)

getProActiveSecurityManager

public ProActiveSecurityManager getProActiveSecurityManager()
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright 2001-2007 INRIA All Rights Reserved.