|
JXTA | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectnet.jxta.impl.membership.pse.PSECredential
public final class PSECredential
This class provides the sub-class of Credential which is associated with the PSE membership service.
There are two varients of the credential:
<xs:element name="PSECred" type="jxta:PSECred" />
<xs:complexType name="PSECred">
<xs:sequence>
<xs:element name="PeerGroupID" type="jxta:JXTAID" />
<xs:element name="PeerID" type="jxta:JXTAID" />
<!-- An X.509 Certificate -->
<xs:element name="Certificate" type="xs:string" minOccurs="1" maxOccurs="unbounded" />
<!-- A SHA1WithRSA Signature -->
<xs:element name="Signature" type="xs:string" />
</xs:sequence>
</xs:complexType>
</code>
FIXME 20050625 bondolo If the certificate chain for a credential is
updated in the PSE keystore after a credential is created then the
credential instance will not reflect those changes. This can be a problem if
the issuer chain changes or expiries are updated. Even though it's going to
be hit on performance PSECredential needs to changed to be backed by the PSE
keystore directly rather than containing the certs. Either that or some kind
of notification systems. It's probably best to assume that our simple cm
based keystore is the easiest and least dynamic case. Every other key store
is going to be more dynamic and difficult. The work around for now is to
force a membership resign everytime the keystore contents are changed.
Credential
,
PSEMembershipService
Field Summary |
---|
Fields inherited from interface net.jxta.credential.CredentialPCLSupport |
---|
EXPIRED_CREDENTIAL_PROPERTY, VALID_CREDENTIAL_PROPERTY |
Constructor Summary | |
---|---|
|
PSECredential(Element root)
Create a new remote credential. |
|
PSECredential(PSEMembershipService source,
Element root)
Create a new remote credential. |
protected |
PSECredential(PSEMembershipService source,
ID keyID,
CertPath certChain,
PrivateKey privateKey)
Create a new local credential. |
Method Summary | |
---|---|
void |
addPropertyChangeListener(PropertyChangeListener listener)
Add a listener |
void |
addPropertyChangeListener(String propertyName,
PropertyChangeListener listener)
Add a listener |
boolean |
equals(Object target)
|
protected void |
finalize()
|
X509Certificate[] |
generateServiceCertificate(ID assignedID)
|
X509Certificate |
getCertificate()
Returns the certificate associated with this credential. |
X509Certificate[] |
getCertificateChain()
Returns the certificate chain associated with this credential. |
StructuredDocument |
getDocument(MimeMediaType encodeAs)
Write credential into a document. |
ID |
getKeyID()
Returns the key id associated with this credential, if any. |
ID |
getPeerGroupID()
Returns the peerGroupID associated with this credential. |
ID |
getPeerID()
Returns the peerID associated with this credential. |
PrivateKey |
getPrivateKey()
Deprecated. Use <@link #getSigner(String)> or <@link #getSignatureVerifier(String)> instead. |
PSECredential |
getServiceCredential(ID assignedID)
|
Signature |
getSignatureVerifier(String algorithm)
/** Get a Signature verifier object based upon the certificate associated with this credential. |
Signature |
getSigner(String algorithm)
Get a Signature object based upon the private key associated with this credential. |
Service |
getSourceService()
Returns the service which generated this credential. |
Object |
getSubject()
Returns the subject of this credential. |
protected boolean |
handleElement(XMLElement elem)
Process an individual element from the document. |
int |
hashCode()
|
protected void |
initialize(Element root)
Intialize from a portion of a structured document. |
boolean |
isExpired()
Returns true if this credential is expired. |
boolean |
isValid()
Returns true if this credential is currently valid. |
void |
removePropertyChangeListener(PropertyChangeListener listener)
Remove a listener |
void |
removePropertyChangeListener(String propertyName,
PropertyChangeListener listener)
Remove a listener |
(package private) void |
setValid(boolean valid)
A PSE Credential is valid as long as the associated certificate is valid. |
String |
toString()
|
Methods inherited from class java.lang.Object |
---|
clone, getClass, notify, notifyAll, wait, wait, wait |
Constructor Detail |
---|
protected PSECredential(PSEMembershipService source, ID keyID, CertPath certChain, PrivateKey privateKey) throws IOException
IOException
public PSECredential(Element root)
public PSECredential(PSEMembershipService source, Element root)
Method Detail |
---|
public boolean equals(Object target)
equals
in class Object
protected void finalize() throws Throwable
finalize
in class Object
Throwable
public int hashCode()
hashCode
in class Object
public String toString()
toString
in class Object
public void addPropertyChangeListener(PropertyChangeListener listener)
addPropertyChangeListener
in interface CredentialPCLSupport
listener
- the listenerpublic void addPropertyChangeListener(String propertyName, PropertyChangeListener listener)
addPropertyChangeListener
in interface CredentialPCLSupport
propertyName
- the property to watchlistener
- the listenerpublic void removePropertyChangeListener(PropertyChangeListener listener)
removePropertyChangeListener
in interface CredentialPCLSupport
listener
- the listenerpublic void removePropertyChangeListener(String propertyName, PropertyChangeListener listener)
removePropertyChangeListener
in interface CredentialPCLSupport
propertyName
- the property which was watchedlistener
- the listenerpublic ID getPeerGroupID()
getPeerGroupID
in interface Credential
public ID getPeerID()
getPeerID
in interface Credential
public boolean isExpired()
true
if this credential is expired. Some credential
implementations may never expire.
A PSE Credential is valid as long as the associated certificate is
valid.
isExpired
in interface Credential
true
if this credential is expired, otherwise
false
.public boolean isValid()
true
if this credential is currently valid.
A PSE Credential is valid as long as the associated certificate is
valid and as long as the membership service still has the credential.
isValid
in interface Credential
true
if the credential is currently valid, otherwise
false
.void setValid(boolean valid)
public Object getSubject()
Object.equals(Object)
and Object.hashCode()
.
getSubject
in interface Credential
public Service getSourceService()
getSourceService
in interface Credential
public StructuredDocument getDocument(MimeMediaType encodeAs) throws Exception
asMimeType
is a mime
media-type specification and provides the form of the document which is
being requested. Two standard document forms are defined.
"text/plain
" encodes the document in a "pretty-print" format
for human viewing and "text/xml
" which provides an XML format.
Depending on the credential format this document may be
cryptographically signed to prevent alteration.
getDocument
in interface Credential
encodeAs
- MimeMediaType format representation requested
Exception
- if an error occurspublic X509Certificate getCertificate()
public X509Certificate[] getCertificateChain()
@Deprecated public PrivateKey getPrivateKey()
public ID getKeyID()
public Signature getSigner(String algorithm) throws NoSuchAlgorithmException
algorithm
- the signing algorithm to use.
NoSuchAlgorithmException
public Signature getSignatureVerifier(String algorithm) throws NoSuchAlgorithmException
algorithm
- the signing algorithm to use.
NoSuchAlgorithmException
protected boolean handleElement(XMLElement elem)
elem
- the element to be processed.
protected void initialize(Element root)
public X509Certificate[] generateServiceCertificate(ID assignedID) throws IOException, KeyStoreException, InvalidKeyException, SignatureException
IOException
KeyStoreException
InvalidKeyException
SignatureException
public PSECredential getServiceCredential(ID assignedID) throws IOException, PeerGroupException, InvalidKeyException, SignatureException
IOException
PeerGroupException
InvalidKeyException
SignatureException
|
JXSE | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |