Message Security Layer (MSL)

com.netflix.msl.util
Interface MslStore

All Known Implementing Classes:
NullMslStore, SimpleMslStore

public interface MslStore

The Message Security Layer store manages the local store of master tokens identifying the local entity, user ID tokens identifying local users, and all service tokens issued by the local entity or remote entities. It also provides methods for identifying the tokens that should be included in a message and accessing crypto contexts associated with master tokens.

Applications may wish to ensure the store contains only the newest master token and user ID tokens for the known users at application startup and shutdown.

Implementations must be thread-safe.

See Also:
MslContext

Method Summary
 void addServiceTokens(Set<ServiceToken> tokens)
          Add a set of service tokens to the store.
 void addUserIdToken(String userId, UserIdToken userIdToken)
          Add a user ID token to the store, replacing any existing user ID token of the same user.
 void clearCryptoContexts()
          Removes all master tokens and crypto contexts and bound user ID tokens and their bound service tokens.
 void clearServiceTokens()
          Removes all service tokens.
 void clearUserIdTokens()
          Removes all user ID tokens and user ID token bound service tokens.
 ICryptoContext getCryptoContext(MasterToken masterToken)
          Return the crypto context associated with the provided master token.
 MasterToken getMasterToken()
          Return the newest saved master token in this store.
 long getNonReplayableId(MasterToken masterToken)
          Return the next non-replayable ID of the provided master token.
 Set<ServiceToken> getServiceTokens(MasterToken masterToken, UserIdToken userIdToken)
          Return the set of service tokens that are applicable to the provided pair of master token and user ID token.
 UserIdToken getUserIdToken(String userId)
          Returns the user ID token, if any, for the specified local user ID.
 void removeCryptoContext(MasterToken masterToken)
          Remove a master token and its associated crypto context.
 void removeServiceTokens(String name, MasterToken masterToken, UserIdToken userIdToken)
          Remove all service tokens matching all the specified parameters.
 void removeUserIdToken(UserIdToken userIdToken)
          Remove a user ID token.
 void setCryptoContext(MasterToken masterToken, ICryptoContext cryptoContext)
          Save a master token and its associated crypto context.
 

Method Detail

setCryptoContext

void setCryptoContext(MasterToken masterToken,
                      ICryptoContext cryptoContext)
Save a master token and its associated crypto context. This replaces any existing association. Passing in a null crypto context is the same as calling removeCryptoContext(MasterToken).

Parameters:
masterToken - the master token.
cryptoContext - the crypto context. May be null.

getMasterToken

MasterToken getMasterToken()
Return the newest saved master token in this store.

Returns:
the newest saved master token or null.

getNonReplayableId

long getNonReplayableId(MasterToken masterToken)
Return the next non-replayable ID of the provided master token. Each call to this function should return the next largest number. The next largest number after MslConstants.MAX_LONG_VALUE is zero (0).

Returns:
the next non-replayable ID.

getCryptoContext

ICryptoContext getCryptoContext(MasterToken masterToken)
Return the crypto context associated with the provided master token.

Parameters:
masterToken - the master token.
Returns:
the crypto context for the master token or null if not found.

removeCryptoContext

void removeCryptoContext(MasterToken masterToken)
Remove a master token and its associated crypto context. This also removes any stored user ID tokens and service tokens that are no longer bound to a known master token.

Parameters:
masterToken - the master token.

clearCryptoContexts

void clearCryptoContexts()
Removes all master tokens and crypto contexts and bound user ID tokens and their bound service tokens.


addUserIdToken

void addUserIdToken(String userId,
                    UserIdToken userIdToken)
                    throws MslException
Add a user ID token to the store, replacing any existing user ID token of the same user. The local user ID has no meeting external to the store.

Parameters:
userId - local user ID.
userIdToken - the user ID token.
Throws:
MslException - if the user ID token is not bound to any stored master token.

getUserIdToken

UserIdToken getUserIdToken(String userId)
Returns the user ID token, if any, for the specified local user ID.

Parameters:
userId - local user ID.
Returns:
the user ID token for the local user ID or null.

removeUserIdToken

void removeUserIdToken(UserIdToken userIdToken)
Remove a user ID token. This also removes any service tokens no longer bound to a known user ID token.

Parameters:
userIdToken - the user ID token.

clearUserIdTokens

void clearUserIdTokens()
Removes all user ID tokens and user ID token bound service tokens.


addServiceTokens

void addServiceTokens(Set<ServiceToken> tokens)
                      throws MslException
Add a set of service tokens to the store.

Parameters:
tokens - the service tokens.
Throws:
MslException - if a service token is master token bound to a master token not found in the store or if a service token is user ID token bound to a user ID token not found in the store.

getServiceTokens

Set<ServiceToken> getServiceTokens(MasterToken masterToken,
                                   UserIdToken userIdToken)
                                   throws MslException

Return the set of service tokens that are applicable to the provided pair of master token and user ID token. The base set consists of the service tokens that are not bound to any master token or user ID token.

If a master token is provided, the service tokens that are bound to the master token and not bound to any user ID token are also provided.

If a master token and user ID token is provided, the service tokens that are bound to both the master token and user ID token are also provided.

Parameters:
masterToken - the master token. May be null.
userIdToken - the user ID token. May be null.
Returns:
the set of service tokens applicable to the message.
Throws:
MslException - if the user ID token is not bound to the master token or a user ID token is provided without also providing a master token.

removeServiceTokens

void removeServiceTokens(String name,
                         MasterToken masterToken,
                         UserIdToken userIdToken)
                         throws MslException

Remove all service tokens matching all the specified parameters.

If a name is provided, only tokens with that name are removed. If a master token is provided, only tokens bound to that master token are removed. If a user ID token is provided, only tokens bound to that user ID token are removed.

For example, if a name and master token is provided, only tokens with that name and bound to that master token are removed.

If no parameters are provided, no tokens are removed.

Parameters:
name - service token name. May be null.
masterToken - master token. May be null.
userIdToken - user ID token. May be null.
Throws:
MslException - if the user ID token is not bound to the master token.

clearServiceTokens

void clearServiceTokens()
Removes all service tokens.


Message Security Layer (MSL)

Copyright © 2014 Netflix, Inc. All Rights Reserved.