CryptoSessionService (org.cumulus4j.aggregator 1.1.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Cumulus4j API
(1.1.0)

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.cumulus4j.keymanager.front.webapp
Class CryptoSessionService

java.lang.Object
  org.cumulus4j.keymanager.front.webapp.AbstractService
      org.cumulus4j.keymanager.front.webapp.CryptoSessionService

public class CryptoSessionService
extends AbstractService
extends AbstractService

REST service for session management.

Whenever the app-server wants to read or write data, it requires access to keys. The keys are sent to the app-server, held in memory temporarily, and forgotten after a while.

In order to make it impossible to ask a key-server for keys without being authorised to do so, the key-server manages crypto-sessions. Only someone knowing a valid crypto-session's ID can query keys. This should already exclude everyone except for the app-server who is told the crypto-session-ID (originating from the client).

But to make things even more secure, each crypto-session can additionally be locked and unlocked. Most of the time, a session is locked and thus prevents keys from being read. Only in those moments when the client delegates work to the app-server (and the app-server thus requires key-access to fulfill the client's command), the corresponding crypto-session is unlocked.

Author:: Marco หงุ่ยตระกูล-Schulze - marco at nightlabs dot de

Field Summary

Fields inherited from class org.cumulus4j.keymanager.front.webapp.AbstractService
`keyStoreManager, request`

Constructor Summary
`CryptoSessionService()`

Method Summary
`AcquireCryptoSessionResponse`	`acquire(String keyStoreID, String appServerID)` Acquire a session.
`void`	`delete(String keyStoreID, String appServerID, String cryptoSessionID)` Destroy a crypto-session.
`AcquireCryptoSessionResponse`	`reacquire(String keyStoreID, String appServerID, String cryptoSessionID)` Refresh (reacquire) an already acquired crypto-session.
`void`	`release(String keyStoreID, String appServerID, String cryptoSessionID)` Release a crypto-session (prevent further access to keys).

Methods inherited from class org.cumulus4j.keymanager.front.webapp.AbstractService
`authenticate, getAuth`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

CryptoSessionService

public CryptoSessionService()

Method Detail

acquire

public AcquireCryptoSessionResponse acquire(String keyStoreID,
                                            String appServerID)

Acquire a session.

Even if there exists already a session for the combination of keyStoreID and appServerID, a new session might be created. Old sessions are only re-used and refreshed, if they are currently in the 'released' state.

The session can be explicitely #delete(String, String, String)deleted or automatically disappears after a certain time. Thus, refreshing it is necessary to keep it "alive".

Parameters:: keyStoreID - identifier of the KeyStore to work with.; appServerID - identifier of the (logical) app-server (who will access the key-store on behalf of the client).

reacquire

public AcquireCryptoSessionResponse reacquire(String keyStoreID,
                                              String appServerID,
                                              String cryptoSessionID)

Refresh (reacquire) an already acquired crypto-session. Prevent it from being automatically released+deleted due to timeout.

Parameters:: keyStoreID - identifier of the KeyStore to work with.; appServerID - identifier of the (logical) app-server (who will access the key-store on behalf of the client).; cryptoSessionID - identifier of the crypto-session to refresh (generated by acquire(String, String)).

release

public void release(String keyStoreID,
                    String appServerID,
                    String cryptoSessionID)

Release a crypto-session (prevent further access to keys).

Parameters:: keyStoreID - identifier of the KeyStore to work with.; appServerID - identifier of the (logical) app-server (who will access the key-store on behalf of the client).; cryptoSessionID - identifier of the crypto-session to lock (generated by acquire(String, String)).

delete

public void delete(String keyStoreID,
                   String appServerID,
                   String cryptoSessionID)

Destroy a crypto-session. No further key-exchange will be possible within the scope of this session. This is similar to release(String, String, String), but instead of only locking the session (setting a boolean state), it removes the session completely and thus releases any memory and other resources allocated.

Parameters:: keyStoreID - identifier of the KeyStore to work with.; appServerID - identifier of the (logical) app-server (who will access the key-store on behalf of the client).; cryptoSessionID - identifier of the crypto-session to be closed (generated by acquire(String, String)).