edu.nyu.cs.pdsg.handshake
Class GenericPKISecureChannel

java.lang.Object
  extended byedu.nyu.cs.pdsg.handshake.SecureChannel
      extended byedu.nyu.cs.pdsg.handshake.GenericPKISecureChannel

public class GenericPKISecureChannel
extends SecureChannel

The generic implementation of handshake. Do not instantiate it yourself Instead, use SecureChannelFactory.


Field Summary
private  java.lang.String algorithm
           
(package private)  boolean client
          Set to true if this channel initiated the handshake
(package private)  javax.crypto.Cipher decryptor
           
private static java.lang.String defaultalgorithm
           
private static java.security.Provider defaultprovider
           
(package private)  javax.crypto.Cipher encryptor
           
(package private)  java.util.HashMap generators
           
(package private)  java.security.KeyPair myKey
           
(package private)  java.security.PublicKey otherKey
           
private  java.security.Provider provider
           
(package private)  boolean ready
          Set to true once the connection is ready to transfer information
(package private)  byte[][] setupbuffer
           
 
Fields inherited from class edu.nyu.cs.pdsg.handshake.SecureChannel
 
Constructor Summary
protected GenericPKISecureChannel()
          Initialize a GenericPKISecureChannel with the default provider
protected GenericPKISecureChannel(java.security.Provider _provider)
          Initialize a GenericPKISecureChannel with the selcted provider
 
Method Summary
 boolean client()
          Returns true if the channel was used to initialize the handshake
 byte[] decode(byte[] token)
          Encode a byte array for transmission to the corresponding SecureChannel
private  javax.crypto.SecretKey decodeSecretKey(byte[] encoded)
          An internal utility method to decode a secret key encoded by the corresponding GenericPKISecureChannel
 byte[] encode(byte[] packet)
          Encode a byte array for transmission to the corresponding SecureChannel
private  byte[] encodeSecretKey(javax.crypto.SecretKey key)
          An internal utility method to encode a secret key for transmission over an insecure line using this channel's PKI keys.
private  javax.crypto.SecretKey generateSecretKey()
          Internal utility method to generate a secret key
 java.lang.Object identity()
          Returns the identity of this SecureChannel
private  void initCiphers(javax.crypto.SecretKey key)
          Internal utility method to initialize this channel's ciphers with a given key
 byte[] initClient()
          The first stage in the handshake.
 byte[] initUpdate(byte[] token, int off, int length)
          Handle the handshaking.
 java.lang.Object otherIdentity()
          returns the identity of the corresponding SecureChannel
 boolean otherIdentity(java.lang.Object id)
          Compares the identity of this SecureChannel to the presented object
 boolean ready()
          Returns true if the channel can be used to encode data
 boolean server()
          Returns false if the channel was used to initialize the handshake
 void setExpectedOtherIdentity(java.lang.Object id)
          Declare the identity of the other side of the channel.
 void setMyIdentity(java.lang.Object id, java.lang.Object idProof)
          Provide the channel with an identity and proof of identity (eg: a PublicKey and PrivateKey)
 
Methods inherited from class edu.nyu.cs.pdsg.handshake.SecureChannel
decode, encode, finishClient, finishServer, initClient, initUpdate, minKeyLength, preferredSecurityAlgorithms, requiresAuthentication, requiresSecurity, setMinKeylength, setPreferredSecurityAlgorithms, setRequiresAuthentication, setRequiresSecurity
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ready

boolean ready
Set to true once the connection is ready to transfer information


client

boolean client
Set to true if this channel initiated the handshake


myKey

java.security.KeyPair myKey

otherKey

java.security.PublicKey otherKey

encryptor

javax.crypto.Cipher encryptor

decryptor

javax.crypto.Cipher decryptor

generators

java.util.HashMap generators

setupbuffer

byte[][] setupbuffer

defaultalgorithm

private static final java.lang.String defaultalgorithm
See Also:
Constant Field Values

defaultprovider

private static final java.security.Provider defaultprovider

algorithm

private java.lang.String algorithm

provider

private java.security.Provider provider
Constructor Detail

GenericPKISecureChannel

protected GenericPKISecureChannel()
Initialize a GenericPKISecureChannel with the default provider


GenericPKISecureChannel

protected GenericPKISecureChannel(java.security.Provider _provider)
Initialize a GenericPKISecureChannel with the selcted provider

Parameters:
_provider - The provider to use
Method Detail

generateSecretKey

private javax.crypto.SecretKey generateSecretKey()
                                          throws HandshakeException
Internal utility method to generate a secret key

Returns:
a newly generated key
Throws:
HandshakeException

encodeSecretKey

private byte[] encodeSecretKey(javax.crypto.SecretKey key)
                        throws HandshakeException
An internal utility method to encode a secret key for transmission over an insecure line using this channel's PKI keys.

Parameters:
key - The key to encode
Returns:
The encoded key
Throws:
HandshakeException

decodeSecretKey

private javax.crypto.SecretKey decodeSecretKey(byte[] encoded)
                                        throws HandshakeException
An internal utility method to decode a secret key encoded by the corresponding GenericPKISecureChannel

Parameters:
encoded - The encoded key
Returns:
The unencoded key
Throws:
HandshakeException

initCiphers

private void initCiphers(javax.crypto.SecretKey key)
                  throws HandshakeException
Internal utility method to initialize this channel's ciphers with a given key

Parameters:
key - The key to initialize the ciphers with
Throws:
HandshakeException

setMyIdentity

public void setMyIdentity(java.lang.Object id,
                          java.lang.Object idProof)
Provide the channel with an identity and proof of identity (eg: a PublicKey and PrivateKey)

Specified by:
setMyIdentity in class SecureChannel
Parameters:
id - The identity (eg PublicKey)
idProof - An object which can be used to prove ownership over 'id' (eg PrivateKey)

setExpectedOtherIdentity

public void setExpectedOtherIdentity(java.lang.Object id)
Declare the identity of the other side of the channel. If the identity it authenticates itself as does not match this identity, an exception will be thrown.

Specified by:
setExpectedOtherIdentity in class SecureChannel
Parameters:
id - the expected other identity, or null if no identity is expected.

ready

public boolean ready()
Returns true if the channel can be used to encode data

Specified by:
ready in class SecureChannel
Returns:
ready the status of the channel

client

public boolean client()
Returns true if the channel was used to initialize the handshake

Specified by:
client in class SecureChannel
Returns:
true if the channel was used to initialize the handshake

server

public boolean server()
Returns false if the channel was used to initialize the handshake

Specified by:
server in class SecureChannel
Returns:
false if the channel was used to initialize the handshake

initClient

public byte[] initClient()
                  throws HandshakeException
The first stage in the handshake. The client should call this to get the first token to transmit to the server.

Specified by:
initClient in class SecureChannel
Returns:
the first token
Throws:
HandshakeException

initUpdate

public byte[] initUpdate(byte[] token,
                         int off,
                         int length)
                  throws HandshakeException
Handle the handshaking. Call this method as tokens arrive and it will generate a response token.

Specified by:
initUpdate in class SecureChannel
Returns:
the next token or null to indicate no token is needed
Throws:
HandshakeException

encode

public byte[] encode(byte[] packet)
              throws HandshakeException
Encode a byte array for transmission to the corresponding SecureChannel

Specified by:
encode in class SecureChannel
Parameters:
packet - The byte array to be encoded
Returns:
The encoded byte array
Throws:
HandshakeException

decode

public byte[] decode(byte[] token)
              throws HandshakeException
Encode a byte array for transmission to the corresponding SecureChannel

Specified by:
decode in class SecureChannel
Parameters:
token - The encoded byte array
Returns:
The byte array to be encoded
Throws:
HandshakeException

identity

public java.lang.Object identity()
Returns the identity of this SecureChannel

Specified by:
identity in class SecureChannel
Returns:
the identity of this SecureChannel

otherIdentity

public boolean otherIdentity(java.lang.Object id)
Compares the identity of this SecureChannel to the presented object

Specified by:
otherIdentity in class SecureChannel
Returns:
true if the identity of this SecureChannel matches the presented object

otherIdentity

public java.lang.Object otherIdentity()
returns the identity of the corresponding SecureChannel

Specified by:
otherIdentity in class SecureChannel
Returns:
the identity of the corresponding SecureChannel


Copyright (c) 2002-2003 New York University RLAB