com.netflix.msl.keyx
Class AsymmetricWrappedExchange

java.lang.Object
  com.netflix.msl.keyx.KeyExchangeFactory
      com.netflix.msl.keyx.AsymmetricWrappedExchange

public class AsymmetricWrappedExchange
extends KeyExchangeFactory

Asymmetric key wrapped key exchange.

Nested Class Summary

private static class	AsymmetricWrappedExchange.JwkRsaCryptoContext A JWK RSA crypto context is unique in that it treats its wrap/unwrap operations as encrypt/decrypt respectively.
static class	AsymmetricWrappedExchange.RequestData Asymmetric key wrapped key request data.
static class	AsymmetricWrappedExchange.ResponseData Asymmetric key wrapped key response data.

Nested classes/interfaces inherited from class com.netflix.msl.keyx.KeyExchangeFactory

KeyExchangeFactory.KeyExchangeData

Field Summary

private AuthenticationUtils	authutils Authentication utilities.
private static Set<JsonWebKey.KeyOp>	ENCRYPT_DECRYPT Encrypt/decrypt key operations.
private static Set<JsonWebKey.KeyOp>	SIGN_VERIFY Sign/verify key operations.

Constructor Summary

AsymmetricWrappedExchange(AuthenticationUtils authutils)
Create a new asymmetric wrapped key exchange factory.

Method Summary

private static ICryptoContext	createCryptoContext(MslContext ctx, String keyPairId, AsymmetricWrappedExchange.RequestData.Mechanism mechanism, PrivateKey privateKey, PublicKey publicKey) Create the crypto context identified by the key ID, mechanism, and provided keys.
(package private) KeyRequestData	createRequestData(MslContext ctx, JSONObject keyRequestJO) Construct a new key request data instance from the provided JSON.
(package private) KeyResponseData	createResponseData(MslContext ctx, MasterToken masterToken, JSONObject keyDataJO) Construct a new key response data instance from the provided JSON.
KeyExchangeFactory.KeyExchangeData	generateResponse(MslContext ctx, KeyRequestData keyRequestData, MasterToken masterToken) Generate a new key response data instance and crypto context in response to the provided key request data.
KeyExchangeFactory.KeyExchangeData	generateResponse(MslContext ctx, KeyRequestData keyRequestData, String identity) Generate a new key response data instance and crypto context in response to the provided key request data and entity identity.
ICryptoContext	getCryptoContext(MslContext ctx, KeyRequestData keyRequestData, KeyResponseData keyResponseData, MasterToken masterToken) Create a crypto context from the provided key request data and key response data.

Methods inherited from class com.netflix.msl.keyx.KeyExchangeFactory

getScheme

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ENCRYPT_DECRYPT

private static final Set<JsonWebKey.KeyOp> ENCRYPT_DECRYPT

Encrypt/decrypt key operations.

SIGN_VERIFY

private static final Set<JsonWebKey.KeyOp> SIGN_VERIFY

Sign/verify key operations.

authutils

private final AuthenticationUtils authutils

Authentication utilities.

Constructor Detail

AsymmetricWrappedExchange

public AsymmetricWrappedExchange(AuthenticationUtils authutils)

Create a new asymmetric wrapped key exchange factory.

Method Detail

createCryptoContext

private static ICryptoContext createCryptoContext(MslContext ctx,
                                                  String keyPairId,
                                                  AsymmetricWrappedExchange.RequestData.Mechanism mechanism,
                                                  PrivateKey privateKey,
                                                  PublicKey publicKey)
                                           throws MslCryptoException

Create the crypto context identified by the key ID, mechanism, and provided keys.

Parameters:

ctx - MSL context.

keyPairId - the key pair ID.

mechanism - the key mechanism.

privateKey - the private key. May be null.

publicKey - the public key. May be null.

Returns:

the crypto context.

Throws:

MslCryptoException - if the key mechanism is unsupported.

createRequestData

KeyRequestData createRequestData(MslContext ctx,
                                 JSONObject keyRequestJO)
                           throws MslEncodingException,
                                  MslCryptoException,
                                  MslKeyExchangeException

Description copied from class: KeyExchangeFactory

Construct a new key request data instance from the provided JSON.

Specified by:

createRequestData in class KeyExchangeFactory

Parameters:

ctx - MSL context.

keyRequestJO - the JSON object.

Returns:

the key request data.

Throws:

MslEncodingException - if there is an error parsing the JSON.

MslCryptoException - if the keying material cannot be created.

MslKeyExchangeException - if there is an error creating the key request data.

createResponseData

KeyResponseData createResponseData(MslContext ctx,
                                   MasterToken masterToken,
                                   JSONObject keyDataJO)
                             throws MslEncodingException,
                                    MslKeyExchangeException

Description copied from class: KeyExchangeFactory

Construct a new key response data instance from the provided JSON.

Specified by:

createResponseData in class KeyExchangeFactory

Parameters:

ctx - MSL context.

masterToken - the master token for the new key response data.

keyDataJO - the JSON object.

Returns:

the key response data.

Throws:

MslEncodingException - if there is an error parsing the JSON.

MslKeyExchangeException - if there is an error creating the key response data.

generateResponse

public KeyExchangeFactory.KeyExchangeData generateResponse(MslContext ctx,
                                                           KeyRequestData keyRequestData,
                                                           MasterToken masterToken)
                                                    throws MslKeyExchangeException,
                                                           MslCryptoException,
                                                           MslMasterTokenException,
                                                           MslEncodingException,
                                                           MslException

Description copied from class: KeyExchangeFactory

Generate a new key response data instance and crypto context in response to the provided key request data. The key request data will be from the the remote entity.

The provided master token should be renewed by incrementing its sequence number but maintaining its serial number by using the MSL context's token factory.

Specified by:

generateResponse in class KeyExchangeFactory

Parameters:

ctx - MSL context.

keyRequestData - the key request data.

masterToken - the master token to renew.

Returns:

the key response data and crypto context.

Throws:

MslKeyExchangeException - if there is an error with the key request data or the key response data cannot be created.

MslCryptoException - if the crypto context cannot be created.

MslMasterTokenException - if the master token is not trusted and needs to be.

MslEncodingException - if there is an error parsing or encoding the JSON.

MslEntityAuthException - if there is a problem with the master token identity.

MslException - if there is an error renewing the master token.

generateResponse

public KeyExchangeFactory.KeyExchangeData generateResponse(MslContext ctx,
                                                           KeyRequestData keyRequestData,
                                                           String identity)
                                                    throws MslException

Description copied from class: KeyExchangeFactory

Generate a new key response data instance and crypto context in response to the provided key request data and entity identity. The key request data will be from the the remote entity.

Specified by:

generateResponse in class KeyExchangeFactory

Parameters:

ctx - MSL context.

keyRequestData - the key request data.

identity - the entity identity.

Returns:

the key response data and crypto context.

Throws:

MslKeyExchangeException - if there is an error with the key request data or the key response data cannot be created.

MslCryptoException - if the crypto context cannot be created.

MslEncodingException - if there is an error parsing or encoding the JSON.

MslEntityAuthException - if there is a problem with the entity identity.

MslException - if there is an error creating the master token.

getCryptoContext

public ICryptoContext getCryptoContext(MslContext ctx,
                                       KeyRequestData keyRequestData,
                                       KeyResponseData keyResponseData,
                                       MasterToken masterToken)
                                throws MslKeyExchangeException,
                                       MslCryptoException,
                                       MslEncodingException

Description copied from class: KeyExchangeFactory

Create a crypto context from the provided key request data and key response data. The key request data will be from the local entity and the key response data from the remote entity.

Specified by:

getCryptoContext in class KeyExchangeFactory

Parameters:

ctx - MSL context.

keyRequestData - the key request data.

keyResponseData - the key response data.

masterToken - the current master token (not the one inside the key response data). May be null.

Returns:

the crypto context.

Throws:

MslKeyExchangeException - if there is an error with the key request data or key response data.

MslCryptoException - if the crypto context cannot be created.

MslEncodingException - if there is an error parsing the JSON.