atavism.server.util.SecureTokenManager
|
|||||||||
| Atavism Version 2018.1 | AGIS API | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
public class SecureTokenManager
The SecureTokenManager manages the creation and validation of secure tokens. It keeps track of tokens that have been used, and enforces single-use and expiration. It also manages the keys used for token creation and validation.
To initialize the manager to decode master tokens, you must supply at least one key to registerMasterPublicKey(). To generate master tokens, you must use initMaster() to provide a master private key capable of signing tokens. To process domain tokens, initDomain() must be called with a domain key.
It is possible to call initDomain() to rekey the server. Old keys will still be available for validating tokens, but new tokens will only be created with the new key. There is not currently any mechanism to expire old domain keys while a server is running.
To generate a token, create a SecureTokenSpec object and pass it to generateToken().
To import a token, pass the data to importToken(), then check the valid flag to ensure it is a valid token.
| Nested Class Summary | |
|---|---|
protected class |
SecureTokenManager.IssuerHistory
|
| Field Summary | |
|---|---|
protected long |
domainKeyId
|
protected java.util.Map<java.lang.Long,javax.crypto.SecretKey> |
domainKeys
|
protected static SecureTokenManager |
instance
|
protected java.util.Map<java.lang.String,SecureTokenManager.IssuerHistory> |
issuerHistories
|
protected long |
lastTokenId
|
protected long |
masterKeyId
|
protected java.security.PrivateKey |
masterPrivateKey
|
protected java.util.Map<java.lang.Long,java.security.PublicKey> |
masterPublicKeys
|
| Constructor Summary | |
|---|---|
protected |
SecureTokenManager()
|
| Method Summary | |
|---|---|
protected byte[] |
generateDomainAuthenticator(javax.crypto.SecretKey key,
byte[] data)
|
protected byte[] |
generateMasterAuthenticator(java.security.PrivateKey key,
byte[] data)
|
byte[] |
generateToken(SecureTokenSpec spec)
Generate and encode a new token from the supplied spec. |
byte[] |
getEncodedDomainKey()
|
static SecureTokenManager |
getInstance()
|
boolean |
hasDomainKey()
|
SecureToken |
importToken(AOByteBuffer tokenBuf)
|
SecureToken |
importToken(byte[] encodedToken)
import a serialized token, decoding it into a SecureToken object and checking it for validity. |
void |
initDomain(byte[] domainKey)
Initialize domain key to generate and validate domain tokens. |
void |
initMaster(byte[] encodedPrivKey)
Initialize master private key to generate master tokens, used only by the master server. |
protected void |
issuerAddToken(java.lang.String issuerId,
long tokenId,
long expiry)
|
protected boolean |
issuerAlreadyUsed(java.lang.String issuerId,
long tokenId)
|
protected void |
issuerCleanup(java.lang.String issuerId,
long time)
|
static void |
main(java.lang.String[] args)
|
protected long |
nextTokenId()
|
void |
registerMasterPublicKey(byte[] encodedPubKey)
Register a master public key, for use in validating master tokens. |
protected boolean |
validateDomainAuthenticator(javax.crypto.SecretKey key,
byte[] data,
byte[] authenticator)
|
protected boolean |
validateMasterAuthenticator(java.security.PublicKey key,
byte[] data,
byte[] authenticator)
|
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
protected static SecureTokenManager instance
protected long lastTokenId
protected long domainKeyId
protected java.util.Map<java.lang.Long,javax.crypto.SecretKey> domainKeys
protected java.util.Map<java.lang.Long,java.security.PublicKey> masterPublicKeys
protected java.security.PrivateKey masterPrivateKey
protected long masterKeyId
protected java.util.Map<java.lang.String,SecureTokenManager.IssuerHistory> issuerHistories
| Constructor Detail |
|---|
protected SecureTokenManager()
| Method Detail |
|---|
public static SecureTokenManager getInstance()
public SecureToken importToken(byte[] encodedToken)
The caller must check the valid flag on the generated token before doing anything with it.
A token may only be imported once. Attempting to import the same encodedToken again will return a SecureToken object with the valid flag set to false.
public SecureToken importToken(AOByteBuffer tokenBuf)
public byte[] generateToken(SecureTokenSpec spec)
protected byte[] generateDomainAuthenticator(javax.crypto.SecretKey key,
byte[] data)
protected boolean validateDomainAuthenticator(javax.crypto.SecretKey key,
byte[] data,
byte[] authenticator)
protected byte[] generateMasterAuthenticator(java.security.PrivateKey key,
byte[] data)
protected boolean validateMasterAuthenticator(java.security.PublicKey key,
byte[] data,
byte[] authenticator)
public void registerMasterPublicKey(byte[] encodedPubKey)
public void initMaster(byte[] encodedPrivKey)
public void initDomain(byte[] domainKey)
protected long nextTokenId()
public byte[] getEncodedDomainKey()
public boolean hasDomainKey()
protected boolean issuerAlreadyUsed(java.lang.String issuerId,
long tokenId)
protected void issuerAddToken(java.lang.String issuerId,
long tokenId,
long expiry)
protected void issuerCleanup(java.lang.String issuerId,
long time)
public static void main(java.lang.String[] args)
|
Copyright © 2018 Dragonsan Studios Sp. z o.o. |
||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||