JXTA

net.jxta.impl.membership.pse
Class PSECredential

java.lang.Object
  extended by net.jxta.impl.membership.pse.PSECredential
All Implemented Interfaces:
Credential, CredentialPCLSupport

public final class PSECredential
extends Object
implements Credential, CredentialPCLSupport

This class provides the sub-class of Credential which is associated with the PSE membership service.

There are two varients of the credential:

The schema for this credential format:


  <xs:element name="PSECred" type="jxta:PSECred" />
 

<xs:complexType name="PSECred"> <xs:sequence> <xs:element name="PeerGroupID" type="jxta:JXTAID" /> <xs:element name="PeerID" type="jxta:JXTAID" /> <!-- An X.509 Certificate --> <xs:element name="Certificate" type="xs:string" minOccurs="1" maxOccurs="unbounded" /> <!-- A SHA1WithRSA Signature --> <xs:element name="Signature" type="xs:string" /> </xs:sequence> </xs:complexType> </code>

FIXME 20050625 bondolo If the certificate chain for a credential is updated in the PSE keystore after a credential is created then the credential instance will not reflect those changes. This can be a problem if the issuer chain changes or expiries are updated. Even though it's going to be hit on performance PSECredential needs to changed to be backed by the PSE keystore directly rather than containing the certs. Either that or some kind of notification systems. It's probably best to assume that our simple cm based keystore is the easiest and least dynamic case. Every other key store is going to be more dynamic and difficult. The work around for now is to force a membership resign everytime the keystore contents are changed.

See Also:
Credential, PSEMembershipService

Field Summary
 
Fields inherited from interface net.jxta.credential.CredentialPCLSupport
EXPIRED_CREDENTIAL_PROPERTY, VALID_CREDENTIAL_PROPERTY
 
Constructor Summary
  PSECredential(Element root)
          Create a new remote credential.
  PSECredential(PSEMembershipService source, Element root)
          Create a new remote credential.
protected PSECredential(PSEMembershipService source, ID keyID, CertPath certChain, PrivateKey privateKey)
          Create a new local credential.
 
Method Summary
 void addPropertyChangeListener(PropertyChangeListener listener)
          Add a listener
 void addPropertyChangeListener(String propertyName, PropertyChangeListener listener)
          Add a listener
 boolean equals(Object target)
          
protected  void finalize()
          
 X509Certificate[] generateServiceCertificate(ID assignedID)
           
 X509Certificate getCertificate()
          Returns the certificate associated with this credential.
 X509Certificate[] getCertificateChain()
          Returns the certificate chain associated with this credential.
 StructuredDocument getDocument(MimeMediaType encodeAs)
          Write credential into a document.
 ID getKeyID()
          Returns the key id associated with this credential, if any.
 ID getPeerGroupID()
          Returns the peerGroupID associated with this credential.
 ID getPeerID()
          Returns the peerID associated with this credential.
 PrivateKey getPrivateKey()
          Deprecated. Use <@link #getSigner(String)> or <@link #getSignatureVerifier(String)> instead.
 PSECredential getServiceCredential(ID assignedID)
           
 Signature getSignatureVerifier(String algorithm)
          /** Get a Signature verifier object based upon the certificate associated with this credential.
 Signature getSigner(String algorithm)
          Get a Signature object based upon the private key associated with this credential.
 Service getSourceService()
          Returns the service which generated this credential.
 Object getSubject()
          Returns the subject of this credential.
protected  boolean handleElement(XMLElement elem)
          Process an individual element from the document.
 int hashCode()
          
protected  void initialize(Element root)
          Intialize from a portion of a structured document.
 boolean isExpired()
          Returns true if this credential is expired.
 boolean isValid()
          Returns true if this credential is currently valid.
 void removePropertyChangeListener(PropertyChangeListener listener)
          Remove a listener
 void removePropertyChangeListener(String propertyName, PropertyChangeListener listener)
          Remove a listener
(package private)  void setValid(boolean valid)
          

A PSE Credential is valid as long as the associated certificate is valid.

 String toString()
          
 
Methods inherited from class java.lang.Object
clone, getClass, notify, notifyAll, wait, wait, wait
 

Constructor Detail

PSECredential

protected PSECredential(PSEMembershipService source,
                        ID keyID,
                        CertPath certChain,
                        PrivateKey privateKey)
                 throws IOException
Create a new local credential. This credential can be used for signing and can be serialized.

Throws:
IOException

PSECredential

public PSECredential(Element root)
Create a new remote credential. This credential cannot be used for signing and cannot be re-serialized.


PSECredential

public PSECredential(PSEMembershipService source,
                     Element root)
Create a new remote credential. This credential cannot be used for signing and cannot be re-serialized.

Method Detail

equals

public boolean equals(Object target)

Overrides:
equals in class Object

finalize

protected void finalize()
                 throws Throwable

Overrides:
finalize in class Object
Throws:
Throwable

hashCode

public int hashCode()

Overrides:
hashCode in class Object

toString

public String toString()

Overrides:
toString in class Object

addPropertyChangeListener

public void addPropertyChangeListener(PropertyChangeListener listener)
Add a listener

Specified by:
addPropertyChangeListener in interface CredentialPCLSupport
Parameters:
listener - the listener

addPropertyChangeListener

public void addPropertyChangeListener(String propertyName,
                                      PropertyChangeListener listener)
Add a listener

Specified by:
addPropertyChangeListener in interface CredentialPCLSupport
Parameters:
propertyName - the property to watch
listener - the listener

removePropertyChangeListener

public void removePropertyChangeListener(PropertyChangeListener listener)
Remove a listener

Specified by:
removePropertyChangeListener in interface CredentialPCLSupport
Parameters:
listener - the listener

removePropertyChangeListener

public void removePropertyChangeListener(String propertyName,
                                         PropertyChangeListener listener)
Remove a listener

Specified by:
removePropertyChangeListener in interface CredentialPCLSupport
Parameters:
propertyName - the property which was watched
listener - the listener

getPeerGroupID

public ID getPeerGroupID()
Returns the peerGroupID associated with this credential.

Specified by:
getPeerGroupID in interface Credential
Returns:
The peerGroupID associated with this credential.

getPeerID

public ID getPeerID()
Returns the peerID associated with this credential.

Specified by:
getPeerID in interface Credential
Returns:
The peerID associated with this credential.

isExpired

public boolean isExpired()
Returns true if this credential is expired. Some credential implementations may never expire.

A PSE Credential is valid as long as the associated certificate is valid.

Specified by:
isExpired in interface Credential
Returns:
true if this credential is expired, otherwise false.

isValid

public boolean isValid()
Returns true if this credential is currently valid.

A PSE Credential is valid as long as the associated certificate is valid and as long as the membership service still has the credential.

Specified by:
isValid in interface Credential
Returns:
true if the credential is currently valid, otherwise false.

setValid

void setValid(boolean valid)

A PSE Credential is valid as long as the associated certificate is valid.


getSubject

public Object getSubject()
Returns the subject of this credential. The Objects returned must support Object.equals(Object) and Object.hashCode().

Specified by:
getSubject in interface Credential
Returns:
The subject of the credential as an abstract object.

getSourceService

public Service getSourceService()
Returns the service which generated this credential.

Specified by:
getSourceService in interface Credential
Returns:
The service which generated this credential.

getDocument

public StructuredDocument getDocument(MimeMediaType encodeAs)
                               throws Exception
Write credential into a document. asMimeType is a mime media-type specification and provides the form of the document which is being requested. Two standard document forms are defined. "text/plain" encodes the document in a "pretty-print" format for human viewing and "text/xml" which provides an XML format.

Depending on the credential format this document may be cryptographically signed to prevent alteration.

Specified by:
getDocument in interface Credential
Parameters:
encodeAs - MimeMediaType format representation requested
Returns:
The credential serialized to a Document.
Throws:
Exception - if an error occurs

getCertificate

public X509Certificate getCertificate()
Returns the certificate associated with this credential.

Returns:
the certificate associated with this credential.

getCertificateChain

public X509Certificate[] getCertificateChain()
Returns the certificate chain associated with this credential.

Returns:
the certificate chain associated with this credential.

getPrivateKey

@Deprecated
public PrivateKey getPrivateKey()
Deprecated. Use <@link #getSigner(String)> or <@link #getSignatureVerifier(String)> instead.

Returns the private key associated with this credential. Only valid for locally generated credentials.

Returns:
the private key associated with this credential.

getKeyID

public ID getKeyID()
Returns the key id associated with this credential, if any. Only locally generated credentials have a key ID.

Returns:
Returns the key id associated with this credential, if any.

getSigner

public Signature getSigner(String algorithm)
                    throws NoSuchAlgorithmException
Get a Signature object based upon the private key associated with this credential.

Parameters:
algorithm - the signing algorithm to use.
Returns:
Signature.
Throws:
NoSuchAlgorithmException

getSignatureVerifier

public Signature getSignatureVerifier(String algorithm)
                               throws NoSuchAlgorithmException
/** Get a Signature verifier object based upon the certificate associated with this credential.

Parameters:
algorithm - the signing algorithm to use.
Returns:
Signature.
Throws:
NoSuchAlgorithmException

handleElement

protected boolean handleElement(XMLElement elem)
Process an individual element from the document.

Parameters:
elem - the element to be processed.
Returns:
true if the element was recognized, otherwise false.

initialize

protected void initialize(Element root)
Intialize from a portion of a structured document.


generateServiceCertificate

public X509Certificate[] generateServiceCertificate(ID assignedID)
                                             throws IOException,
                                                    KeyStoreException,
                                                    InvalidKeyException,
                                                    SignatureException
Throws:
IOException
KeyStoreException
InvalidKeyException
SignatureException

getServiceCredential

public PSECredential getServiceCredential(ID assignedID)
                                   throws IOException,
                                          PeerGroupException,
                                          InvalidKeyException,
                                          SignatureException
Throws:
IOException
PeerGroupException
InvalidKeyException
SignatureException

JXSE