001 /*
002 * Cumulus4j - Securing your data in the cloud - http://cumulus4j.org
003 * Copyright (C) 2011 NightLabs Consulting GmbH
004 *
005 * This program is free software: you can redistribute it and/or modify
006 * it under the terms of the GNU Affero General Public License as
007 * published by the Free Software Foundation, either version 3 of the
008 * License, or (at your option) any later version.
009 *
010 * This program is distributed in the hope that it will be useful,
011 * but WITHOUT ANY WARRANTY; without even the implied warranty of
012 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
013 * GNU Affero General Public License for more details.
014 *
015 * You should have received a copy of the GNU Affero General Public License
016 * along with this program. If not, see <http://www.gnu.org/licenses/>.
017 */
018 package org.cumulus4j.keymanager.back.shared;
019
020 import java.util.Date;
021
022 import javax.xml.bind.annotation.XmlRootElement;
023
024 import org.cumulus4j.crypto.CryptoRegistry;
025
026 /**
027 * <p>
028 * {@link Request} implementation to get the currently active encryption key.
029 * </p><p>
030 * In order to prevent an attacker dumping an app-server's memory from gaining access to <b>all</b> the data,
031 * Cumulus4j uses many different keys for encryption. Usually, it rotates the encryption key once per day, but
032 * different settings are possible (e.g. once per hour for the very paranoid).
033 * </p>
034 *
035 * @author Marco หงุ่ยตระกูล-Schulze - marco at nightlabs dot de
036 * @see GetActiveEncryptionKeyResponse
037 */
038 @XmlRootElement
039 public class GetActiveEncryptionKeyRequest extends Request
040 {
041 private static final long serialVersionUID = 1L;
042
043 private Date timestamp;
044
045 private String keyEncryptionTransformation;
046
047 private byte[] keyEncryptionPublicKey;
048
049 /**
050 * Create an empty instance of <code>GetActiveEncryptionKeyRequest</code>.
051 * Only used for serialisation/deserialisation.
052 */
053 public GetActiveEncryptionKeyRequest() { }
054
055 /**
056 * Create an instance of <code>GetActiveEncryptionKeyRequest</code> for asking the key-manager about
057 * the currently active encryption key.
058 *
059 * @param cryptoSessionID the identifier of the crypto-session in which the request should be processed.
060 * It must exist and be unlocked for this request to succeed.
061 * @param keyEncryptionTransformation the asymmetric encryption algorithm (with padding) that should be
062 * used by the key-manager to encrypt the symmetric secret key, before sending it to the app-server. For example
063 * "RSA//OAEPWITHSHA1ANDMGF1PADDING".
064 * @param keyEncryptionPublicKey the public key to be used by the key-manager to encrypt the
065 * key when sending it back to the app-server.
066 */
067 public GetActiveEncryptionKeyRequest(String cryptoSessionID, String keyEncryptionTransformation, byte[] keyEncryptionPublicKey) {
068 super(cryptoSessionID);
069 this.keyEncryptionTransformation = keyEncryptionTransformation;
070 this.keyEncryptionPublicKey = keyEncryptionPublicKey;
071 this.timestamp = new Date();
072 }
073
074 /**
075 * Get the timestamp which the active encryption key should be determined for. The main reason for this
076 * is to prevent problems when the key-manager's clock is incorrect by using the app-server's timestamp.
077 * @return the timestamp which the active encryption key should be determined for.
078 */
079 public Date getTimestamp() {
080 return timestamp;
081 }
082
083 /**
084 * Set the timestamp which the active encryption key should be determined for
085 * @param timestamp the timestamp which the active encryption key should be determined for
086 */
087 public void setTimestamp(Date timestamp) {
088 this.timestamp = timestamp;
089 }
090
091 /**
092 * <p>
093 * Get the asymmetric encryption algorithm to be used to encrypt the symmetric secret key.
094 * </p><p>
095 * The key-manager uses this transformation
096 * (which should include a padding, e.g. "RSA//OAEPWITHSHA1ANDMGF1PADDING") to
097 * {@link CryptoRegistry#createCipher(String) obtain a Cipher} for encrypting the secret key
098 * before sending it to the app-server.
099 * </p>
100 * @return the asymmetric encryption algorithm to be used when encrypting the symmetric secret key.
101 * @see #setKeyEncryptionTransformation(String)
102 */
103 public String getKeyEncryptionTransformation() {
104 return keyEncryptionTransformation;
105 }
106 /**
107 * Set the asymmetric encryption algorithm to be used when encrypting the symmetric secret key.
108 * @param keyEncryptionTransformation the asymmetric encryption algorithm to be used when encrypting the symmetric secret key.
109 * @see #getKeyEncryptionTransformation()
110 */
111 public void setKeyEncryptionTransformation(String keyEncryptionTransformation) {
112 this.keyEncryptionTransformation = keyEncryptionTransformation;
113 }
114
115 /**
116 * Get the public key to be used to encrypt the symmetric secret key.
117 * @return the public key to be used to encrypt the symmetric secret key.
118 */
119 public byte[] getKeyEncryptionPublicKey() {
120 return keyEncryptionPublicKey;
121 }
122 /**
123 * Set the public key to be used to encrypt the symmetric secret key.
124 * @param keyEncryptionPublicKey the public key to be used to encrypt the symmetric secret key.
125 */
126 public void setKeyEncryptionPublicKey(byte[] keyEncryptionPublicKey) {
127 this.keyEncryptionPublicKey = keyEncryptionPublicKey;
128 }
129 }