|
Cumulus4j API (1.2.0-SNAPSHOT) |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.cumulus4j.keymanager.front.webapp.AbstractService org.cumulus4j.keymanager.front.webapp.CryptoSessionService
public class CryptoSessionService
REST service for session management.
Whenever the app-server wants to read or write data, it requires access to keys. The keys are sent to the app-server, held in memory temporarily, and forgotten after a while.
In order to make it impossible to ask a key-server for keys without being authorised to do so, the key-server manages crypto-sessions. Only someone knowing a valid crypto-session's ID can query keys. This should already exclude everyone except for the app-server who is told the crypto-session-ID (originating from the client).
But to make things even more secure, each crypto-session can additionally be locked and unlocked. Most of the time, a session is locked and thus prevents keys from being read. Only in those moments when the client delegates work to the app-server (and the app-server thus requires key-access to fulfill the client's command), the corresponding crypto-session is unlocked.
Field Summary |
---|
Fields inherited from class org.cumulus4j.keymanager.front.webapp.AbstractService |
---|
keyStoreManager, request |
Constructor Summary | |
---|---|
CryptoSessionService()
|
Method Summary | |
---|---|
AcquireCryptoSessionResponse |
acquire(String keyStoreID,
String appServerID)
Acquire a session. |
void |
delete(String keyStoreID,
String appServerID,
String cryptoSessionID)
Destroy a crypto-session. |
AcquireCryptoSessionResponse |
reacquire(String keyStoreID,
String appServerID,
String cryptoSessionID)
Refresh (reacquire) an already acquired crypto-session. |
void |
release(String keyStoreID,
String appServerID,
String cryptoSessionID)
Release a crypto-session (prevent further access to keys). |
Methods inherited from class org.cumulus4j.keymanager.front.webapp.AbstractService |
---|
authenticate, getAuth |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public CryptoSessionService()
Method Detail |
---|
public AcquireCryptoSessionResponse acquire(String keyStoreID, String appServerID)
Acquire a session.
Even if there exists already a session for the combination of keyStoreID
and
appServerID
, a new session might be created. Old sessions are only re-used and refreshed,
if they are currently in the 'released' state.
The session can be explicitely #delete(String, String, String)deleted
or automatically disappears
after a certain time
. Thus, refreshing it is necessary to keep
it "alive".
keyStoreID
- identifier of the KeyStore
to work with.appServerID
- identifier of the (logical) app-server (who will access the key-store on behalf of the client).public AcquireCryptoSessionResponse reacquire(String keyStoreID, String appServerID, String cryptoSessionID)
keyStoreID
- identifier of the KeyStore
to work with.appServerID
- identifier of the (logical) app-server (who will access the key-store on behalf of the client).cryptoSessionID
- identifier of the crypto-session to refresh (generated by acquire(String, String)
).public void release(String keyStoreID, String appServerID, String cryptoSessionID)
keyStoreID
- identifier of the KeyStore
to work with.appServerID
- identifier of the (logical) app-server (who will access the key-store on behalf of the client).cryptoSessionID
- identifier of the crypto-session to lock (generated by acquire(String, String)
).public void delete(String keyStoreID, String appServerID, String cryptoSessionID)
release(String, String, String)
, but
instead of only locking the session (setting a boolean state), it removes the session completely
and thus releases any memory and other resources allocated.
keyStoreID
- identifier of the KeyStore
to work with.appServerID
- identifier of the (logical) app-server (who will access the key-store on behalf of the client).cryptoSessionID
- identifier of the crypto-session to be closed (generated by acquire(String, String)
).
|
Cumulus4j API (1.2.0-SNAPSHOT) |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |