Package com.iizix.server.security

Class ServerSecurityManager

    • Field Summary

      Fields 
      Modifier and TypeFieldDescription
      static java.lang.StringDEFAULT_SERVER_KEYS_FILENAME
      The default server keys file name: "iiziServer.keys".

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and TypeMethodDescription
      java.lang.StringdecodeParameter​(java.lang.String data)
      Decodes a sensitive information device parameter using the previously exchanged keys.
      static byte[]digest​(byte[] data)
      Digests the bytes using preferably SHA-512, SHA-384, SHA-256, then SHA-1 and worst case MD5.
      voiddispose()
      Disposes of the instance.
      java.lang.StringencodeParameter​(java.lang.String data)
      Encodes a sensitive information device parameter using the previously exchanged keys.
      static ServerSecurityManagergetInstance()
      Gets the instance of the security manager.
      ServerKeygetServerKey()
      Gets the key to use for encryption.
      voidloadKeys​(java.io.File file)
      Loads the server keys from the specified file.
      voidsetKeyTimeout​(long timeout)
      Assigns the timeout in milliseconds a key is valid.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • DEFAULT_SERVER_KEYS_FILENAME

        public static final java.lang.String DEFAULT_SERVER_KEYS_FILENAME
        The default server keys file name: "iiziServer.keys".
        See Also:
        Constant Field Values

    • Method Detail

      • getInstance

        public static ServerSecurityManager getInstance()
        Gets the instance of the security manager.
        Returns:
        The security manager.

      • digest

        public static byte[] digest​(byte[] data)
        Digests the bytes using preferably SHA-512, SHA-384, SHA-256, then SHA-1 and worst case MD5.
        Parameters:
        data - The data to digest.
        Returns:
        The digested data.

      • setKeyTimeout

        public void setKeyTimeout​(long timeout)
        Assigns the timeout in milliseconds a key is valid.
        Parameters:
        timeout - The timeout for a key in milliseconds, default is 90 days.
        Throws:
        java.lang.IllegalArgumentException - If the timeout is less than 1 hour (3_600_000 ms).

      • loadKeys

        public void loadKeys​(java.io.File file)
              throws java.io.IOException,
                     PropException
        Loads the server keys from the specified file.
        Parameters:
        file - The file.
        Throws:
        java.io.IOException - For I/O errors.
        PropException - For property exceptions.

      • getServerKey

        public ServerKey getServerKey()
        Gets the key to use for encryption. The last server key is used when possible, otherwise a new key is generated. Upon generation, the keys are saved in the server and other clustered server are informed (asynchronously).
        Returns:
        The key.

      • dispose

        public void dispose()
        Disposes of the instance.

      • decodeParameter

        public java.lang.String decodeParameter​(java.lang.String data)
                                 throws java.security.NoSuchAlgorithmException,
                                        javax.crypto.NoSuchPaddingException,
                                        java.security.InvalidKeyException,
                                        java.security.InvalidAlgorithmParameterException,
                                        javax.crypto.IllegalBlockSizeException,
                                        javax.crypto.BadPaddingException,
                                        java.security.DigestException
        Decodes a sensitive information device parameter using the previously exchanged keys.
        Specified by:
        decodeParameter in interface ISensitiveParameterHandler
        Parameters:
        data - The base64 encoded data.
        Returns:
        The decoded string.
        Throws:
        java.lang.IllegalArgumentException - If the data encoding is invalid (not base64).
        javax.crypto.NoSuchPaddingException
        java.security.NoSuchAlgorithmException
        java.security.InvalidAlgorithmParameterException
        java.security.InvalidKeyException
        javax.crypto.BadPaddingException
        javax.crypto.IllegalBlockSizeException
        java.security.DigestException

      • encodeParameter

        public java.lang.String encodeParameter​(java.lang.String data)
                                 throws java.security.NoSuchAlgorithmException,
                                        javax.crypto.NoSuchPaddingException,
                                        java.security.InvalidKeyException,
                                        java.security.InvalidAlgorithmParameterException,
                                        javax.crypto.IllegalBlockSizeException,
                                        javax.crypto.BadPaddingException,
                                        java.io.UnsupportedEncodingException
        Encodes a sensitive information device parameter using the previously exchanged keys.
        Specified by:
        encodeParameter in interface ISensitiveParameterHandler
        Parameters:
        data - The parameter to encode.
        Returns:
        The base64 encoded data.
        Throws:
        java.lang.IllegalArgumentException - If the data encoding is invalid (not base64).
        javax.crypto.NoSuchPaddingException
        java.security.NoSuchAlgorithmException
        java.security.InvalidAlgorithmParameterException
        java.security.InvalidKeyException
        javax.crypto.BadPaddingException
        javax.crypto.IllegalBlockSizeException
        java.io.UnsupportedEncodingException