Cumulus4j API
(1.2.0-SNAPSHOT)

org.cumulus4j.keymanager.front.webapp
Class CryptoSessionService

java.lang.Object
  extended by org.cumulus4j.keymanager.front.webapp.AbstractService
      extended by org.cumulus4j.keymanager.front.webapp.CryptoSessionService

public class CryptoSessionService
extends AbstractService

REST service for session management.

Whenever the app-server wants to read or write data, it requires access to keys. The keys are sent to the app-server, held in memory temporarily, and forgotten after a while.

In order to make it impossible to ask a key-server for keys without being authorised to do so, the key-server manages crypto-sessions. Only someone knowing a valid crypto-session's ID can query keys. This should already exclude everyone except for the app-server who is told the crypto-session-ID (originating from the client).

But to make things even more secure, each crypto-session can additionally be locked and unlocked. Most of the time, a session is locked and thus prevents keys from being read. Only in those moments when the client delegates work to the app-server (and the app-server thus requires key-access to fulfill the client's command), the corresponding crypto-session is unlocked.

Author:
Marco หงุ่ยตระกูล-Schulze - marco at nightlabs dot de

Field Summary
 
Fields inherited from class org.cumulus4j.keymanager.front.webapp.AbstractService
keyStoreManager, request
 
Constructor Summary
CryptoSessionService()
           
 
Method Summary
 AcquireCryptoSessionResponse acquire(String keyStoreID, String appServerID)
           Acquire a session.
 void delete(String keyStoreID, String appServerID, String cryptoSessionID)
          Destroy a crypto-session.
 AcquireCryptoSessionResponse reacquire(String keyStoreID, String appServerID, String cryptoSessionID)
          Refresh (reacquire) an already acquired crypto-session.
 void release(String keyStoreID, String appServerID, String cryptoSessionID)
          Release a crypto-session (prevent further access to keys).
 
Methods inherited from class org.cumulus4j.keymanager.front.webapp.AbstractService
authenticate, getAuth
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CryptoSessionService

public CryptoSessionService()
Method Detail

acquire

public AcquireCryptoSessionResponse acquire(String keyStoreID,
                                            String appServerID)

Acquire a session.

Even if there exists already a session for the combination of keyStoreID and appServerID, a new session might be created. Old sessions are only re-used and refreshed, if they are currently in the 'released' state.

The session can be explicitely #delete(String, String, String)deleted or automatically disappears after a certain time. Thus, refreshing it is necessary to keep it "alive".

Parameters:
keyStoreID - identifier of the KeyStore to work with.
appServerID - identifier of the (logical) app-server (who will access the key-store on behalf of the client).

reacquire

public AcquireCryptoSessionResponse reacquire(String keyStoreID,
                                              String appServerID,
                                              String cryptoSessionID)
Refresh (reacquire) an already acquired crypto-session. Prevent it from being automatically released+deleted due to timeout.

Parameters:
keyStoreID - identifier of the KeyStore to work with.
appServerID - identifier of the (logical) app-server (who will access the key-store on behalf of the client).
cryptoSessionID - identifier of the crypto-session to refresh (generated by acquire(String, String)).

release

public void release(String keyStoreID,
                    String appServerID,
                    String cryptoSessionID)
Release a crypto-session (prevent further access to keys).

Parameters:
keyStoreID - identifier of the KeyStore to work with.
appServerID - identifier of the (logical) app-server (who will access the key-store on behalf of the client).
cryptoSessionID - identifier of the crypto-session to lock (generated by acquire(String, String)).

delete

public void delete(String keyStoreID,
                   String appServerID,
                   String cryptoSessionID)
Destroy a crypto-session. No further key-exchange will be possible within the scope of this session. This is similar to release(String, String, String), but instead of only locking the session (setting a boolean state), it removes the session completely and thus releases any memory and other resources allocated.

Parameters:
keyStoreID - identifier of the KeyStore to work with.
appServerID - identifier of the (logical) app-server (who will access the key-store on behalf of the client).
cryptoSessionID - identifier of the crypto-session to be closed (generated by acquire(String, String)).

Cumulus4j API
(1.2.0-SNAPSHOT)

Copyright © 2013 NightLabs Consulting GmbH. All Rights Reserved.