Package com.iizix.server.security
Class ServerSecurityManager
java.lang.Object
com.iizix.server.security.ServerSecurityManager
- All Implemented Interfaces:
ISensitiveParameterHandler
The security manager keeps keys and other security information for the server.
- Author:
- Christopher Mindus
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThe default server keys file name: "iiziServer.keys".Method Summary
Modifier and TypeMethodDescriptiondecodeParameter(String data) Decodes a sensitive information device parameter using the previously exchanged keys.static byte[]digest(byte[] data) Digests the bytes using preferably SHA-512, SHA-384, SHA-256, then SHA-1 and worst case MD5.voiddispose()Disposes of the instance.encodeParameter(String data) Encodes a sensitive information device parameter using the previously exchanged keys.static ServerSecurityManagerGets the instance of the security manager.Gets the key to use for encryption.voidLoads the server keys from the specified file.voidsetKeyTimeout(long timeout) Assigns the timeout in milliseconds a key is valid.
Field Details
DEFAULT_SERVER_KEYS_FILENAME
The default server keys file name: "iiziServer.keys".- See Also:
Method Details
getInstance
Gets the instance of the security manager.- Returns:
- The security manager.
digest
public static byte[] digest(byte[] data) Digests the bytes using preferably SHA-512, SHA-384, SHA-256, then SHA-1 and worst case MD5.- Parameters:
data- The data to digest.- Returns:
- The digested data.
setKeyTimeout
public void setKeyTimeout(long timeout) Assigns the timeout in milliseconds a key is valid.- Parameters:
timeout- The timeout for a key in milliseconds, default is 90 days.- Throws:
IllegalArgumentException- If the timeout is less than 1 hour (3_600_000 ms).
loadKeys
Loads the server keys from the specified file.- Parameters:
file- The file.- Throws:
IOException- For I/O errors.PropException- For property exceptions.
getServerKey
Gets the key to use for encryption. The last server key is used when possible, otherwise a new key is generated. Upon generation, the keys are saved in the server and other clustered server are informed (asynchronously).- Returns:
- The key.
dispose
public void dispose()Disposes of the instance.decodeParameter
public String decodeParameter(String data) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, DigestException Decodes a sensitive information device parameter using the previously exchanged keys.- Specified by:
decodeParameterin interfaceISensitiveParameterHandler- Parameters:
data- The base64 encoded data.- Returns:
- The decoded string.
- Throws:
IllegalArgumentException- If the data encoding is invalid (not base64).NoSuchPaddingExceptionNoSuchAlgorithmExceptionInvalidAlgorithmParameterExceptionInvalidKeyExceptionBadPaddingExceptionIllegalBlockSizeExceptionDigestException
encodeParameter
public String encodeParameter(String data) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException Encodes a sensitive information device parameter using the previously exchanged keys.- Specified by:
encodeParameterin interfaceISensitiveParameterHandler- Parameters:
data- The parameter to encode.- Returns:
- The base64 encoded data.
- Throws:
IllegalArgumentException- If the data encoding is invalid (not base64).NoSuchPaddingExceptionNoSuchAlgorithmExceptionInvalidAlgorithmParameterExceptionInvalidKeyExceptionBadPaddingExceptionIllegalBlockSizeExceptionUnsupportedEncodingException