Class ServerSecurityManager

  • All Implemented Interfaces:
    ISensitiveParameterHandler

    public class ServerSecurityManager
    extends java.lang.Object
    implements ISensitiveParameterHandler
    The security manager keeps keys and other security information for the server.
    Author:
    Christopher Mindus
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String DEFAULT_SERVER_KEYS_FILENAME
      The default server keys file name: "iiziServer.keys".
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String decodeParameter​(java.lang.String data)
      Decodes a sensitive information device parameter using the previously exchanged keys.
      static byte[] digest​(byte[] data)
      Digests the bytes using preferably SHA-512, SHA-384, SHA-256, then SHA-1 and worst case MD5.
      void dispose()
      Disposes of the instance.
      java.lang.String encodeParameter​(java.lang.String data)
      Encodes a sensitive information device parameter using the previously exchanged keys.
      static ServerSecurityManager getInstance()
      Gets the instance of the security manager.
      ServerKey getServerKey()
      Gets the key to use for encryption.
      void loadKeys​(java.io.File file)
      Loads the server keys from the specified file.
      void setKeyTimeout​(long timeout)
      Assigns the timeout in milliseconds a key is valid.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • DEFAULT_SERVER_KEYS_FILENAME

        public static final java.lang.String DEFAULT_SERVER_KEYS_FILENAME
        The default server keys file name: "iiziServer.keys".
        See Also:
        Constant Field Values
    • Method Detail

      • getInstance

        public static ServerSecurityManager getInstance()
        Gets the instance of the security manager.
        Returns:
        The security manager.
      • digest

        public static byte[] digest​(byte[] data)
        Digests the bytes using preferably SHA-512, SHA-384, SHA-256, then SHA-1 and worst case MD5.
        Parameters:
        data - The data to digest.
        Returns:
        The digested data.
      • setKeyTimeout

        public void setKeyTimeout​(long timeout)
        Assigns the timeout in milliseconds a key is valid.
        Parameters:
        timeout - The timeout for a key in milliseconds, default is 90 days.
        Throws:
        java.lang.IllegalArgumentException - If the timeout is less than 1 hour (3_600_000 ms).
      • loadKeys

        public void loadKeys​(java.io.File file)
                      throws java.io.IOException,
                             PropException
        Loads the server keys from the specified file.
        Parameters:
        file - The file.
        Throws:
        java.io.IOException - For I/O errors.
        PropException - For property exceptions.
      • getServerKey

        public ServerKey getServerKey()
        Gets the key to use for encryption. The last server key is used when possible, otherwise a new key is generated. Upon generation, the keys are saved in the server and other clustered server are informed (asynchronously).
        Returns:
        The key.
      • dispose

        public void dispose()
        Disposes of the instance.
      • decodeParameter

        public java.lang.String decodeParameter​(java.lang.String data)
                                         throws java.security.NoSuchAlgorithmException,
                                                javax.crypto.NoSuchPaddingException,
                                                java.security.InvalidKeyException,
                                                java.security.InvalidAlgorithmParameterException,
                                                javax.crypto.IllegalBlockSizeException,
                                                javax.crypto.BadPaddingException,
                                                java.security.DigestException
        Decodes a sensitive information device parameter using the previously exchanged keys.
        Specified by:
        decodeParameter in interface ISensitiveParameterHandler
        Parameters:
        data - The base64 encoded data.
        Returns:
        The decoded string.
        Throws:
        java.lang.IllegalArgumentException - If the data encoding is invalid (not base64).
        javax.crypto.NoSuchPaddingException
        java.security.NoSuchAlgorithmException
        java.security.InvalidAlgorithmParameterException
        java.security.InvalidKeyException
        javax.crypto.BadPaddingException
        javax.crypto.IllegalBlockSizeException
        java.security.DigestException
      • encodeParameter

        public java.lang.String encodeParameter​(java.lang.String data)
                                         throws java.security.NoSuchAlgorithmException,
                                                javax.crypto.NoSuchPaddingException,
                                                java.security.InvalidKeyException,
                                                java.security.InvalidAlgorithmParameterException,
                                                javax.crypto.IllegalBlockSizeException,
                                                javax.crypto.BadPaddingException,
                                                java.io.UnsupportedEncodingException
        Encodes a sensitive information device parameter using the previously exchanged keys.
        Specified by:
        encodeParameter in interface ISensitiveParameterHandler
        Parameters:
        data - The parameter to encode.
        Returns:
        The base64 encoded data.
        Throws:
        java.lang.IllegalArgumentException - If the data encoding is invalid (not base64).
        javax.crypto.NoSuchPaddingException
        java.security.NoSuchAlgorithmException
        java.security.InvalidAlgorithmParameterException
        java.security.InvalidKeyException
        javax.crypto.BadPaddingException
        javax.crypto.IllegalBlockSizeException
        java.io.UnsupportedEncodingException