net.named_data.jndn.encrypt

Class GroupManager

java.lang.Object

net.named_data.jndn.encrypt.GroupManager

public class GroupManager
extends Object

A GroupManager manages keys and schedules for group members in a particular namespace.

Note:

This class is an experimental feature. The API may change.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	GroupManager.Friend A class implements Friend if it has a method setGroupManagerFriendAccess which setFriendAccess calls to set the FriendAccess object.
static class	GroupManager.FriendAccess A friend class can call the methods of FriendAccess to access private methods.

Constructor Summary

Constructors

Constructor and Description
GroupManager(Name prefix, Name dataType, GroupManagerDb database, int keySize, int freshnessHours, KeyChain keyChain) Create a group manager with the given values.

Method Summary

Modifier and Type	Method and Description
void	addMember(String scheduleName, Data memberCertificate) Add a new member with the given memberCertificate into a schedule named scheduleName.
void	addSchedule(String scheduleName, Schedule schedule) Add a schedule with the given scheduleName.
void	cleanEKeys() Delete all the EKeys in the database.
void	deleteSchedule(String scheduleName) Delete the schedule with the given scheduleName.
List	getGroupKey(double timeSlot) Call the main getGroupKey where needRegenerate is default true.
List	getGroupKey(double timeSlot, boolean needRegenerate) Create a group key for the interval into which timeSlot falls.
void	removeMember(Name identity) Remove a member with the given identity name.
static void	setFriendAccess(GroupManager.Friend friend) Call friend.setGroupManagerFriendAccess to pass an instance of a FriendAccess class to allow a friend class to call private methods.
void	updateMemberSchedule(Name identity, String scheduleName) Change the name of the schedule for the given member's identity name.
void	updateSchedule(String scheduleName, Schedule schedule) Update the schedule with scheduleName and replace the old object with the given schedule.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

GroupManager

public GroupManager(Name prefix,
                    Name dataType,
                    GroupManagerDb database,
                    int keySize,
                    int freshnessHours,
                    KeyChain keyChain)
             throws SecurityException

Create a group manager with the given values. The group manager namespace is /{prefix}/read/{dataType} .

Parameters:

prefix - The prefix for the group manager namespace.

dataType - The data type for the group manager namespace.

database - The GroupManagerDb for storing the group management information (including user public keys and schedules).

keySize - The group key will be an RSA key with keySize bits.

freshnessHours - The number of hours of the freshness period of data packets carrying the keys.

keyChain - The KeyChain to use for signing data packets. This signs with the default identity.

Throws:

SecurityException

Method Detail

getGroupKey

public final List getGroupKey(double timeSlot,
                              boolean needRegenerate)
                       throws GroupManagerDb.Error,
                              SecurityException,
                              TpmBackEnd.Error,
                              PibImpl.Error,
                              KeyChain.Error

Create a group key for the interval into which timeSlot falls. This creates a group key if it doesn't exist, and encrypts the key using the public key of each eligible member.

Parameters:

timeSlot - The time slot to cover as milliseconds since Jan 1, 1970 UTC.

needRegenerate - needRegenerate should be true if this is the first time this method is called, or a member was removed. needRegenerate can be false if this is not the first time this method is called, or a member was added.

Returns:

A List of Data packets where the first is the E-KEY data packet with the group's public key and the rest are the D-KEY data packets with the group's private key encrypted with the public key of each eligible member. (Use List without generics so it works with older Java compilers.)

Throws:

GroupManagerDb.Error - for a database error.

SecurityException - for an error using the security KeyChain.

TpmBackEnd.Error

PibImpl.Error

KeyChain.Error

getGroupKey

public final List getGroupKey(double timeSlot)
                       throws GroupManagerDb.Error,
                              SecurityException,
                              TpmBackEnd.Error,
                              PibImpl.Error,
                              KeyChain.Error

Call the main getGroupKey where needRegenerate is default true.

Throws:

GroupManagerDb.Error

SecurityException

TpmBackEnd.Error

PibImpl.Error

KeyChain.Error

addSchedule

public final void addSchedule(String scheduleName,
                              Schedule schedule)
                       throws GroupManagerDb.Error

Add a schedule with the given scheduleName.

Parameters:

scheduleName - The name of the schedule. The name cannot be empty.

schedule - The Schedule to add.

Throws:

GroupManagerDb.Error - if a schedule with the same name already exists, if the name is empty, or other database error.

deleteSchedule

public final void deleteSchedule(String scheduleName)
                          throws GroupManagerDb.Error

Delete the schedule with the given scheduleName. Also delete members which use this schedule. If there is no schedule with the name, then do nothing.

Parameters:

scheduleName - The name of the schedule.

Throws:

GroupManagerDb.Error - for a database error.

updateSchedule

public final void updateSchedule(String scheduleName,
                                 Schedule schedule)
                          throws GroupManagerDb.Error

Update the schedule with scheduleName and replace the old object with the given schedule. Otherwise, if no schedule with name exists, a new schedule with name and the given schedule will be added to database.

Parameters:

scheduleName - The name of the schedule. The name cannot be empty.

schedule - The Schedule to update or add.

Throws:

GroupManagerDb.Error - if the name is empty, or other database error.

addMember

public final void addMember(String scheduleName,
                            Data memberCertificate)
                     throws GroupManagerDb.Error,
                            DerDecodingException

Add a new member with the given memberCertificate into a schedule named scheduleName. If cert is an IdentityCertificate made from memberCertificate, then the member's identity name is cert.getPublicKeyName().getPrefix(-1).

Parameters:

scheduleName - The schedule name.

memberCertificate - The member's certificate.

Throws:

GroupManagerDb.Error - If there's no schedule named scheduleName, if the member's identity name already exists, or other database error.

DerDecodingException - for error decoding memberCertificate as a certificate.

removeMember

public final void removeMember(Name identity)
                        throws GroupManagerDb.Error

Remove a member with the given identity name. If there is no member with the identity name, then do nothing.

Parameters:

identity - The member's identity name.

Throws:

GroupManagerDb.Error - for a database error.

updateMemberSchedule

public final void updateMemberSchedule(Name identity,
                                       String scheduleName)
                                throws GroupManagerDb.Error

Change the name of the schedule for the given member's identity name.

Parameters:

identity - The member's identity name.

scheduleName - The new schedule name.

Throws:

GroupManagerDb.Error - if there's no member with the given identity name in the database, or there's no schedule named scheduleName.

cleanEKeys

public void cleanEKeys()
                throws GroupManagerDb.Error

Delete all the EKeys in the database. The database will keep growing because EKeys will keep being added, so this method should be called periodically.

Throws:

GroupManagerDb.Error - for a database error.

setFriendAccess

public static void setFriendAccess(GroupManager.Friend friend)

Call friend.setGroupManagerFriendAccess to pass an instance of a FriendAccess class to allow a friend class to call private methods.

Parameters:

friend - The friend class for calling setGroupManagerFriendAccess. This uses friend.getClass() to make sure that it is a friend class. Therefore, only a friend class gets an implementation of FriendAccess.