MslContext (Message Security Layer Public API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Message Security Layer (MSL)

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.netflix.msl.util
Interface MslContext

public interface MslContext

The context provides access to all factories, builders, and containers that are needed by the MSL library. There is expected to be one global context per trusted services network or peer-to-peer network. By extension, the MSL store instance returned by the context is expected to be specific to the owning context.

See Also:: MslStore

Nested Class Summary
`static class`	`MslContext.ReauthCode` Re-authentication reason codes.

Method Summary
`EntityAuthenticationData`	`getEntityAuthenticationData(MslContext.ReauthCode reauthCode)` Returns the entity authentication data for this entity.
`EntityAuthenticationFactory`	`getEntityAuthenticationFactory(EntityAuthenticationScheme scheme)` Returns the entity authentication factory for the specified scheme.
`SortedSet<KeyExchangeFactory>`	`getKeyExchangeFactories()` Returns the supported key exchange factories in order of preferred use.
`KeyExchangeFactory`	`getKeyExchangeFactory(KeyExchangeScheme scheme)` Returns the key exchange factory for the specified scheme.
`MessageCapabilities`	`getMessageCapabilities()` Returns the message capabilities for this entity.
`ICryptoContext`	`getMslCryptoContext()` Returns the primary crypto context used for MSL-level crypto operations.
`MslStore`	`getMslStore()` Returns the MSL store specific to this MSL context.
`Random`	`getRandom()` Returns a random number generator.
`long`	`getTime()` Returns the local entity time.
`TokenFactory`	`getTokenFactory()` Returns the token factory.
`UserAuthenticationFactory`	`getUserAuthenticationFactory(UserAuthenticationScheme scheme)` Returns the user authentication factory for the specified scheme.
`boolean`	`isPeerToPeer()` Returns true if the context is operating in a peer-to-peer network.

Method Detail

getTime

long getTime()

Returns the local entity time. This is assumed to be the real time.

Returns:: {number} the local entity time in milliseconds since the epoch.

getRandom

Random getRandom()

Returns a random number generator.

It is extremely important to provide a secure (pseudo-)random number generator with a good source of entropy. Many random number generators, including those found in the Java Runtime Environment, JavaScript, and operating systems do not provide sufficient randomness.

If in doubt, performing an XOR on the output of two or more independent random sources can be used to provide better random values.

Returns:: a random number generator.

isPeerToPeer

boolean isPeerToPeer()

Returns true if the context is operating in a peer-to-peer network. The message processing logic is slightly different in peer-to-peer networks.

Returns:: true if in peer-to-peer mode.

getMessageCapabilities

MessageCapabilities getMessageCapabilities()

Returns the message capabilities for this entity.

Returns:: this entity's message capabilities.

getEntityAuthenticationData

EntityAuthenticationData getEntityAuthenticationData(MslContext.ReauthCode reauthCode)

Returns the entity authentication data for this entity. This is used to authenticate messages prior to generation of a master token.

This method should never return null but may do so in the one situation when the reauthCode parameter is provided and the application knows that the request being sent can no longer succeed because the existing master token, user ID token, or service tokens are no longer valid. This will abort the request.

If the reauthCode parameter is equal to MslContext.ReauthCode.ENTITY_REAUTH then the existing master token has been rejected, along with its bound user ID tokens and service tokens.

If the reauthCode parameter is equal to MslContext.ReauthCode.ENTITYDATA_REAUTH then new entity re-authentication data should be returned for this and all subsequent calls.

The entity authentication scheme must never change.

This method will be called multiple times.

Parameters:: reauthCode - non-null if the master token or entity authentication data was rejected. If the entity authentication data was rejected then new entity authentication data is required.
Returns:: this entity's entity authentication data or null.

getMslCryptoContext

ICryptoContext getMslCryptoContext()
                                   throws MslCryptoException

Returns the primary crypto context used for MSL-level crypto operations. This is used for the master tokens and user ID tokens.

Trusted network clients should return a crypto context that always returns false for verification. The other crypto context methods will not be used by trusted network clients.

Returns:: the primary MSL crypto context.
Throws:: MslCryptoException - if there is an error creating the crypto context.

getEntityAuthenticationFactory

EntityAuthenticationFactory getEntityAuthenticationFactory(EntityAuthenticationScheme scheme)

Returns the entity authentication factory for the specified scheme.

Parameters:: scheme - the entity authentication scheme.
Returns:: the entity authentication factory, or null if no factory is available.

getUserAuthenticationFactory

UserAuthenticationFactory getUserAuthenticationFactory(UserAuthenticationScheme scheme)

Returns the user authentication factory for the specified scheme. Trusted network clients should always return null.

Parameters:: scheme - the user authentication scheme.
Returns:: the user authentication factory, or null if no factory is available.

getTokenFactory

TokenFactory getTokenFactory()

Returns the token factory. This method will not be called by trusted network clients.

Returns:: the token factory.

getKeyExchangeFactory

KeyExchangeFactory getKeyExchangeFactory(KeyExchangeScheme scheme)

Returns the key exchange factory for the specified scheme.

Parameters:: scheme - the key exchange scheme.
Returns:: the key exchange factory, or null if no factory is available.

getKeyExchangeFactories

SortedSet<KeyExchangeFactory> getKeyExchangeFactories()

Returns the supported key exchange factories in order of preferred use. This should return an immutable collection.

Returns:: the key exchange factories, or the empty set.

getMslStore

MslStore getMslStore()

Returns the MSL store specific to this MSL context.

Returns:: the MSL store.