edu.nyu.cs.pdsg.drbac
Class Wallet

java.lang.Object
  extended byedu.nyu.cs.pdsg.drbac.Wallet

public class Wallet
extends java.lang.Object

The core of dRBAC. The wallet is instantiated on a one per JVM basis. Each wallet controls a repository of delegations which can be added to or queried by applications running on the local host. Each wallet also runs a server which responds to queries from remote wallets. This wallet in turn is capable of querying remote wallets for aid in proving relations.

A wallet must be init()ed before use. After this, it may be accessed at any time by calling Wallet.[remoteP|p]ublish(), and Wallet.revoke().

You may get a proof by instantiating a LocalProver and calling myLocalProver.prove(), myLocalProver.subjectProve() and myLocalProver.objectProve().

Alternatively, if you wish to get a proof that will query remote Wallets as part of the search, you may instantiate a class that extends the abstract class SearchEngine and call the mySearchEngine.prove() method.

A sample prove() method has been included in Wallet. However, its implementation is arbitrary and may not suit application-specific needs.


Field Summary
private static java.util.HashSet allAttributeRoles
           
private static java.util.HashSet allDelegations
          This list contains instances of DelegationWrapper
private static java.util.HashSet allRoles
          These indicies contain instances of Role
private static java.util.HashSet allSubjectObjectIssuerRoles
           
static java.lang.String containerRoleName
           
private static boolean dirty
           
private static boolean ignoreSignatures
          THE FOLLOWING LINE IS A SERIOUS SECURITY THREAT AND SHOULD BE MADE FALSE BEFORE SERIOUS DISTRIBUTION OF DRBAC
private static boolean initialized
           
static int listenPort
           
private static java.util.HashMap objIndex
           
private static java.util.HashSet pendingXmlIndex
           
private static java.util.Properties properties
           
(package private) static SbServerSocket serversocket
           
private static java.util.HashMap subjIndex
           
private static DelegationWrapper testDeleg
           
private static java.util.HashSet walletIPs
           
protected static java.security.KeyPair walletKeyPair
           
protected static java.security.PrivateKey walletPrivateKey
           
static java.security.PublicKey walletPublicKey
           
static java.lang.String walletRoleName
           
protected static java.util.HashMap xmlIndex
           
 
Constructor Summary
Wallet()
           
 
Method Summary
static void add(DelegationWrapper deleg)
          Add the delegation to the wallet
static void addDelegationToSystem(Delegation d)
          Generate the XML representation of a delegation and publish it
private static void addRolesOfDelegationToRoleSets(Delegation deleg)
           
private static void addRolesOfDelegationToRoleSets(DelegationWrapper deleg)
           
static void addRoleToSystem(Role r)
          Internal: Recognize a new entity in the system
private static void addToAllAttributeRoles(Role r)
           
private static void addToAllDelegations(DelegationWrapper deleg)
           
static void addToAllRoles(Role r)
           
private static void addToAllSubjectObjectIssuerRoles(Role r)
           
private static void addToObjIndex(DelegationWrapper deleg)
           
private static void addToSubjIndex(DelegationWrapper deleg)
           
static java.lang.String allRolesString()
           
static Role containsRoleEqualTo(Role candidate)
          Checks if a given candidate Role (usually constructed out of an xml representation) already exists in the Wallet.
static DelegationWrapper delegToDelegWrapper(Delegation d)
          Use the subject map to efficiently find a DelegationWrapper given a Delegation.
static void enterCredentialsIntoSystem(ProofCredentials proofCreds)
           
static java.util.Iterator getAllAttributeRolesIterator()
          Internal: get all the attribute roles recognized by the system
static java.util.Iterator getAllDelegationsIterator()
          Internal: get all the delegations this wallet is aware of
static java.util.Iterator getAllSubjectObjectIssuerRolesIterator()
          Internal: get all the non-attribute roles recognized by the system
private static boolean getDirty()
           
static Role getEntityByPublicKey(java.security.PublicKey pubKey)
          SORELY NEEDED METHOD, CURRENTLY DOES NOTHING.
private static java.util.HashSet getObjSet(Role obj)
          Internal: Get the set of delegations from a given object, or create one if none exists
static Role getRoleByName(java.lang.String roleName)
          String->Role conversion
private static java.util.HashSet getSubjSet(Role subj)
          Internal: Get the set of delegations from a given subject, or create one if none exists
static DelegationWrapper getTestDeleg()
          Internal: get a test delegation
static void init(java.lang.String propertiesPath)
          Initialize a Wallet for use on this system
static boolean isHome(Delegation d)
          Check to see if this is the home server of the given delegation
static boolean isHome(Role r)
          Check to see if this is the home server of the given role
static void loadRolesXML(java.io.File path)
           
static void loadRolesXML(java.lang.String pathString)
           
static void loadXML(java.io.File path)
           
static void loadXML(java.lang.String pathString)
           
(package private) static java.util.Iterator objectIterator(Role obj)
          Get valid delegations with a given object.
static ProofMonitor prove(Role subject, Role object, AttributeSet constraints, ProofChangedListener caller)
          Method used by a client application to determine if a trust relationship holds.
static DelegationWrapper publish(Delegation delegation, DelegationXML dxml)
          Insert a credential into the repository, validates 3rd-party support and subscribes to the credential's home wallet
private static void remotePublish(Delegation d, DelegationXML dxml)
          Publish a delegation to the server the delegation belongs to
static void revoke(DelegationWrapper deleg, java.security.PublicKey revokerPublicKey)
          Revoke an existing delegation
static void saveXML(java.io.File path)
           
static void sendDelegation(java.net.InetAddress ip, int port, DelegationWrapper dw)
          Send a delegation to a given remote host for publication
private static void setDirty(boolean _dirty)
           
(package private) static java.util.Iterator subjectIterator(Role subj)
          Get valid delegations with a given subject.
static java.lang.String subjIndexString()
           
(package private) static int subTopSort(DelegationWrapper dw, int counter)
          Internal: component of the topological sort
static DelegationWrapper syncPublish(Delegation delegation, DelegationXML dxml)
           
static void topologicalSort()
          Internal: Sort all delegations in the wallet in terms of support chains
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

containerRoleName

public static java.lang.String containerRoleName

walletRoleName

public static java.lang.String walletRoleName

walletPublicKey

public static java.security.PublicKey walletPublicKey

walletPrivateKey

protected static java.security.PrivateKey walletPrivateKey

walletKeyPair

protected static java.security.KeyPair walletKeyPair

listenPort

public static int listenPort

allDelegations

private static java.util.HashSet allDelegations
This list contains instances of DelegationWrapper


subjIndex

private static java.util.HashMap subjIndex

objIndex

private static java.util.HashMap objIndex

xmlIndex

protected static java.util.HashMap xmlIndex

pendingXmlIndex

private static java.util.HashSet pendingXmlIndex

testDeleg

private static DelegationWrapper testDeleg

allRoles

private static java.util.HashSet allRoles
These indicies contain instances of Role


allSubjectObjectIssuerRoles

private static java.util.HashSet allSubjectObjectIssuerRoles

allAttributeRoles

private static java.util.HashSet allAttributeRoles

serversocket

static SbServerSocket serversocket

walletIPs

private static java.util.HashSet walletIPs

dirty

private static boolean dirty

properties

private static java.util.Properties properties

initialized

private static boolean initialized

ignoreSignatures

private static boolean ignoreSignatures
THE FOLLOWING LINE IS A SERIOUS SECURITY THREAT AND SHOULD BE MADE FALSE BEFORE SERIOUS DISTRIBUTION OF DRBAC

Constructor Detail

Wallet

public Wallet()
Method Detail

init

public static void init(java.lang.String propertiesPath)
Initialize a Wallet for use on this system

Parameters:
propertiesPath - path to a properly formatted preferences file

delegToDelegWrapper

public static DelegationWrapper delegToDelegWrapper(Delegation d)
Use the subject map to efficiently find a DelegationWrapper given a Delegation. public static DelegationWrapper delegToDelegWrapper(Delegation d) {


addRoleToSystem

public static void addRoleToSystem(Role r)
Internal: Recognize a new entity in the system

Parameters:
r - the role to recognize

getTestDeleg

public static DelegationWrapper getTestDeleg()
Internal: get a test delegation

Returns:
a test delegation

getAllDelegationsIterator

public static java.util.Iterator getAllDelegationsIterator()
Internal: get all the delegations this wallet is aware of

Returns:
an iterator over all delegations this wallet is aware of

getAllSubjectObjectIssuerRolesIterator

public static java.util.Iterator getAllSubjectObjectIssuerRolesIterator()
Internal: get all the non-attribute roles recognized by the system

Returns:
an iterator over all of the non-attribute roles

getAllAttributeRolesIterator

public static java.util.Iterator getAllAttributeRolesIterator()
Internal: get all the attribute roles recognized by the system

Returns:
an iterator over all of the attribute roles

subjectIterator

static java.util.Iterator subjectIterator(Role subj)
Get valid delegations with a given subject. Logically deleted delegations are not part of the iterator.

Returns:
an iterator over valid delegations

objectIterator

static java.util.Iterator objectIterator(Role obj)
Get valid delegations with a given object. Logically deleted delegations are not part of the iterator.

Returns:
an iterator over valid delegations

isHome

public static boolean isHome(Delegation d)
Check to see if this is the home server of the given delegation

Parameters:
d - the delegation to check
Returns:
true if this is the home of the given delegation

isHome

public static boolean isHome(Role r)
Check to see if this is the home server of the given role

Parameters:
r - the role to check
Returns:
true if this is the home of the given role

publish

public static DelegationWrapper publish(Delegation delegation,
                                        DelegationXML dxml)
                                 throws CredentialException
Insert a credential into the repository, validates 3rd-party support and subscribes to the credential's home wallet

Parameters:
delegation - the delegation to publish
dxml - the delegation's XML representation
Throws:
CredentialException - thrown if the delegation is invalid or can not be validated

syncPublish

public static DelegationWrapper syncPublish(Delegation delegation,
                                            DelegationXML dxml)
                                     throws CredentialException
Throws:
CredentialException

remotePublish

private static void remotePublish(Delegation d,
                                  DelegationXML dxml)
                           throws java.io.IOException
Publish a delegation to the server the delegation belongs to

Parameters:
d - the delegation to be published
dxml - the xml representation of the delegation in question
Throws:
java.io.IOException - thrown if there is a problem publishing the delegation

sendDelegation

public static void sendDelegation(java.net.InetAddress ip,
                                  int port,
                                  DelegationWrapper dw)
                           throws java.io.IOException
Send a delegation to a given remote host for publication

Throws:
java.io.IOException

addDelegationToSystem

public static void addDelegationToSystem(Delegation d)
Generate the XML representation of a delegation and publish it

Parameters:
d - the delegation to publish

getSubjSet

private static java.util.HashSet getSubjSet(Role subj)
Internal: Get the set of delegations from a given subject, or create one if none exists

Parameters:
subj - the subject in question
Returns:
a hash set containing all known delegations with the subject in question

getObjSet

private static java.util.HashSet getObjSet(Role obj)
Internal: Get the set of delegations from a given object, or create one if none exists

Parameters:
obj - the object in question
Returns:
a hash set containing all known delegations with the object in question

addToAllRoles

public static void addToAllRoles(Role r)

getRoleByName

public static Role getRoleByName(java.lang.String roleName)
String->Role conversion

Parameters:
roleName - the name of the role
Returns:
the role corresponding to the name

getEntityByPublicKey

public static Role getEntityByPublicKey(java.security.PublicKey pubKey)
SORELY NEEDED METHOD, CURRENTLY DOES NOTHING.

Returns:
null

addToAllSubjectObjectIssuerRoles

private static void addToAllSubjectObjectIssuerRoles(Role r)

addToAllAttributeRoles

private static void addToAllAttributeRoles(Role r)

addToAllDelegations

private static void addToAllDelegations(DelegationWrapper deleg)

addToSubjIndex

private static void addToSubjIndex(DelegationWrapper deleg)

addToObjIndex

private static void addToObjIndex(DelegationWrapper deleg)

addRolesOfDelegationToRoleSets

private static void addRolesOfDelegationToRoleSets(DelegationWrapper deleg)

add

public static void add(DelegationWrapper deleg)
Add the delegation to the wallet

Parameters:
deleg - the delegation to add

setDirty

private static void setDirty(boolean _dirty)

getDirty

private static boolean getDirty()

allRolesString

public static java.lang.String allRolesString()
Returns:
string containing all known roles

subjIndexString

public static java.lang.String subjIndexString()
Returns:
string containing all known subjects

containsRoleEqualTo

public static Role containsRoleEqualTo(Role candidate)
Checks if a given candidate Role (usually constructed out of an xml representation) already exists in the Wallet. Tests if the wallet contains a Role that has the same data (using .equals()) as the candidate Role, then the function returns a pointer to the Role already in the wallet. Otherwise, if no match is found, the function returns null.

Parameters:
candidate - the role in question
Returns:
the role already in the wallet or null

topologicalSort

public static void topologicalSort()
Internal: Sort all delegations in the wallet in terms of support chains


subTopSort

static int subTopSort(DelegationWrapper dw,
                      int counter)
Internal: component of the topological sort


revoke

public static void revoke(DelegationWrapper deleg,
                          java.security.PublicKey revokerPublicKey)
                   throws java.security.InvalidKeyException
Revoke an existing delegation

Parameters:
deleg - the delegation to be revoked
revokerPublicKey - the public key of the revoker
Throws:
java.security.InvalidKeyException - thrown if the key presented is not valid

prove

public static ProofMonitor prove(Role subject,
                                 Role object,
                                 AttributeSet constraints,
                                 ProofChangedListener caller)
Method used by a client application to determine if a trust relationship holds. Constructs a ProofMonitor and returns it to a calling application on the local machine. The proof will have valid or invalid status, which the application will need to check.

Parameters:
subject - the role of the thing requesting authentication
object - the role with the rights that the application wants to authenticate
constraints - the minimum attributes the subject must have in order to be authenticated
caller - the object which will be informed if the proof changes validity
Returns:
a ProofMonitor containing information about the proof, as well as current validity; or null if the proof was unsuccessful

saveXML

public static void saveXML(java.io.File path)

loadXML

public static void loadXML(java.lang.String pathString)

loadXML

public static void loadXML(java.io.File path)

loadRolesXML

public static void loadRolesXML(java.lang.String pathString)

loadRolesXML

public static void loadRolesXML(java.io.File path)

addRolesOfDelegationToRoleSets

private static void addRolesOfDelegationToRoleSets(Delegation deleg)

enterCredentialsIntoSystem

public static void enterCredentialsIntoSystem(ProofCredentials proofCreds)


Copyright (c) 2002-2003 New York University RLAB