ePOST API

rice.post.security.pknoi
Class PKnoISecurityModule

java.lang.Object
  extended by java.util.Observable
      extended by rice.post.PostClient
          extended by rice.post.security.pknoi.PKnoISecurityModule
All Implemented Interfaces:
SecurityModule

public class PKnoISecurityModule
extends PostClient
implements SecurityModule

This class is the security module which implements the PKnoI (web of trust) based security system.

Version:
$Id: PKnoISecurityModule.java 2047 2004-09-04 05:32:02Z amislove $
Author:
amislove

Field Summary
static java.lang.String MODULE_NAME
          The name of the module
 
Constructor Summary
PKnoISecurityModule(Post post)
          Constructor for PKnoISecurityModule.
 
Method Summary
 void addPrivate(PKnoIPostCertificate cert, Continuation command)
          This method should be called when this user wishes to record a non-verified certificate for later use.
 void addPublic(PKnoIPostCertificate cert, Continuation command)
          This method should be called when this user wishes to "vouch" for the user with the provided certificate.
 boolean canVerify(PostCertificate certificate)
          This method returns whether or not this module is able to verify the given certificate.
 void findChains(PKnoIPostCertificate source, PKnoIPostCertificate destination, int len, Continuation command)
          This method will attempt to find all chains of length up to len, and return a PKnoIChain[] to the continuation once all chains have been completed.
static PKnoIPostCertificate generate(PostUserAddress address, java.security.PublicKey key)
          Static method for generating a ceritificate from a user and public key
 void getContentHashReferences(Continuation command)
          This method is periodically invoked by Post in order to get a list of all handles under which the application has live objects.
 void getLogs(Continuation command)
          This method is periodically invoked by Post in order to get a list of all mutable data which the application is interested in.
 java.lang.String getName()
          Gets the unique name of the SecurityModule object
 void notificationReceived(NotificationMessage nm, Continuation command)
          This method is how the Post object informs the clients that there is an incoming notification.
 void verify(PostCertificate certificate, Continuation command)
          This method verifies the provided ceritifcate, and returns the result to the continuation (either True or False).
 
Methods inherited from class rice.post.PostClient
getAddress
 
Methods inherited from class java.util.Observable
addObserver, clearChanged, countObservers, deleteObserver, deleteObservers, hasChanged, notifyObservers, notifyObservers, setChanged
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

MODULE_NAME

public static java.lang.String MODULE_NAME
The name of the module

Constructor Detail

PKnoISecurityModule

public PKnoISecurityModule(Post post)
Constructor for PKnoISecurityModule.

Parameters:
post - The local post service
Method Detail

generate

public static PKnoIPostCertificate generate(PostUserAddress address,
                                            java.security.PublicKey key)
Static method for generating a ceritificate from a user and public key

Parameters:
address - The address of the user
key - The public key of the user
Returns:
A certificate for the user
Throws:
java.lang.SecurityException - If the certificate generation has a problem

getName

public java.lang.String getName()
Gets the unique name of the SecurityModule object

Specified by:
getName in interface SecurityModule
Returns:
The Name value

canVerify

public boolean canVerify(PostCertificate certificate)
This method returns whether or not this module is able to verify the given certificate.

Specified by:
canVerify in interface SecurityModule
Parameters:
certificate - The certificate in question
Returns:
Whether or not this module can verify the certificate

verify

public void verify(PostCertificate certificate,
                   Continuation command)
            throws java.lang.SecurityException
This method verifies the provided ceritifcate, and returns the result to the continuation (either True or False).

Specified by:
verify in interface SecurityModule
Parameters:
certificate - The certificate to verify
command - The command to run once the result is available
Throws:
java.lang.SecurityException - If the certificate verification has a problem

notificationReceived

public void notificationReceived(NotificationMessage nm,
                                 Continuation command)
This method is how the Post object informs the clients that there is an incoming notification. This should never be called on the PKnoI client.

Specified by:
notificationReceived in class PostClient
Parameters:
nm - The incoming notification.
command - THe command to return whether or not the notification should be accepted (Boolean true or false)

getContentHashReferences

public void getContentHashReferences(Continuation command)
This method is periodically invoked by Post in order to get a list of all handles under which the application has live objects. This used to implement the garbage collection service, thus, the application must ensure that all data which it is still interested in is returned. The applications should return a PastContentHandle[] containing all of the handles The application is still interested in to the provided continatuion.

Specified by:
getContentHashReferences in class PostClient

getLogs

public void getLogs(Continuation command)
This method is periodically invoked by Post in order to get a list of all mutable data which the application is interested in. The applications should return a Log[] containing all of the data The application is still interested in to the provided continatuion.

Specified by:
getLogs in class PostClient

findChains

public void findChains(PKnoIPostCertificate source,
                       PKnoIPostCertificate destination,
                       int len,
                       Continuation command)
This method will attempt to find all chains of length up to len, and return a PKnoIChain[] to the continuation once all chains have been completed. Note that performing this method for length longer than 3 or 4 is not recommended, as the algorithm is DFS and is of O(e^len).

Parameters:
destination - the certificate to look for
source - The starting user
len - The maximum chains length to find
command - The command to return the result o

addPublic

public void addPublic(PKnoIPostCertificate cert,
                      Continuation command)
This method should be called when this user wishes to "vouch" for the user with the provided certificate. This should *ONLY* be called if the user has estabilished this user's identity through out-of-band means. Note that other users added this way will be visible to the world, and is considered an affirmation of the user.

Parameters:
cert - The certificate to vouch for
command - The command to run with the success/failure

addPrivate

public void addPrivate(PKnoIPostCertificate cert,
                       Continuation command)
This method should be called when this user wishes to record a non-verified certificate for later use. This users are hidden from the rest of the world.

Parameters:
cert - The certificate to add
command - The command to run with the success/failure

ePOST API

Copyright © 2001-2005 - Rice Pastry.