hypercast
Class KeyVault

java.lang.Object
  |
  +--hypercast.KeyVault

public class KeyVault
extends java.lang.Object

This class manages the personal key of local node and all of the neighborhood keys and certificates.


Constructor Summary
KeyVault(hypercast.HyperCastConfig _config)
          Constructor.
 
Method Summary
 void addCert(hypercast.I_LogicalAddress LA, java.security.cert.X509Certificate cert)
          Add a new certificate corresponding to the node at the given address.
 boolean addEntry(hypercast.I_AddressPair ap, long now)
          Add an entry in the key neighbor table.
 void addKey(hypercast.I_LogicalAddress LA, javax.crypto.spec.SecretKeySpec key, long timestamp)
          Add a new key corresponding to the neighbor at the given address.
 void certReplyReceived(hypercast.I_AddressPair ap)
          Resets the time of last certificate request is sent to zero for a entry in the key neighbor table.
 void certRequestSent(hypercast.I_AddressPair ap, long now)
          Sets the time of last certificate request is sent for a entry in the key neighbor table.
 boolean checkSequenceNum(hypercast.I_LogicalAddress src, int sequenceNum)
          Check if a sequence number is valid for a node.
 void clearExpiredNeighbors(long key_neighbor_timeout, long now)
          Clean up the key neighbor table by removing all entries which are timeout.
 boolean contains(hypercast.I_AddressPair ap)
          Checks (with address pair) if a node is in the key neighbor table.
 boolean contains(hypercast.I_LogicalAddress src)
          Checks (with logical address) if a node is in the neighbor key table.
 hypercast.I_AddressPair getAddressPairByPA(hypercast.I_NetworkAddress pa)
          Get the addresspair according to the physical address
 hypercast.I_AddressPair[] getAllKeyNeighbors()
           
 java.security.cert.X509Certificate getCACertificate()
          Gets the CA certificate.
 java.security.cert.X509Certificate getCertificate(hypercast.I_LogicalAddress LA)
          Gets the certificate of the given node.
 java.lang.String getConfidentialityAlgorithm()
          Gets the algorithm for encryption/decryption.
 hypercast.KeyVaultEntry getEntry(hypercast.I_AddressPair ap)
          Gets an entry (with address pair) from the key neighbor table.
 hypercast.KeyVaultEntry getEntry(hypercast.I_LogicalAddress la)
          Gets an entry (with logical address) from the key neighbor table.
 javax.crypto.spec.SecretKeySpec getGroupKey()
           
 java.lang.String getIntegrityAlgorithm()
          Gets the algorithm for MAC calculation.
 java.security.Key getKey(hypercast.I_LogicalAddress LA)
          Get a neighbor's personal key.
 java.lang.String getKeyMode()
          Determines the key distribution model to be used for the overlay.
 int getKeySize()
          Get the key size.
 long getKeyTimestamp(hypercast.I_LogicalAddress LA)
          Get the creation time of a neighbor's key.
 long getLastTimeSecureMessageRecieved(hypercast.I_AddressPair ap)
          Gets the time of last secure message is received for a entry in the key neighbor table.
 java.security.cert.X509Certificate getMyCertificate()
          Gets the user certificate.
 javax.crypto.spec.SecretKeySpec getMyKeyFor(hypercast.I_AddressPair dst_ap, hypercast.I_AddressPair src_ap)
          get the neigborhood key for this entry
 long getMyKeyTimestamp()
          Get the timestamp of when the personal key was created.
 long getMyKeyTimestampFor(hypercast.I_AddressPair dst_ap, hypercast.I_AddressPair src_ap)
          get the neighborhood key timestamp for
 javax.crypto.spec.SecretKeySpec getMyPersonalKey()
          Get the personal key of this node
 java.security.PrivateKey getMyPrivateKey()
          Gets the user private key.
 java.security.PublicKey getMyPublicKey()
          Gets the public key of this node
 java.lang.String getNeighborKeyMode()
           
 javax.crypto.SecretKey getNewMsgKey()
          Get the message key.
 int getNextSequenceNum()
          Gets the next valid sequence number for protocol messages.
 hypercast.I_Node getNode()
          Gets the reference to the overlay node.
 hypercast.I_PhysicalAddress getPhysicalAddress(hypercast.I_LogicalAddress la)
          Gets the physical address of a node if this node is in the key neighbor table.
 java.lang.String getProtoSecPolicy()
          Gets the security policy applied to protocol messages.
 java.security.PublicKey getPublicKey(hypercast.I_LogicalAddress LA)
          Gets the public key of the given node.
 java.lang.String getSecPolicy()
          Gets the security policy applied to overlay messages.
 int getWrappedKeySize()
          Gets the wrapped message key length.
 boolean haveCert(hypercast.I_LogicalAddress LA)
          Check the certificate store to see if there is an entry for the given node.
 boolean haveKey(hypercast.I_LogicalAddress LA)
          Check the key store to see if there is an entry for the given node.
 boolean isKeyInvalid(hypercast.I_LogicalAddress LA)
          Check the key store to see if the key has been mark as invalid.
 boolean isWaitingCertReply(hypercast.I_AddressPair ap, long cert_request_timeout, long now)
          Check if this node is waiting for the certificate reply from specified node.
 boolean isWaitingKeyUpdate(hypercast.I_AddressPair ap, long key_request_timeout, long now)
          Check if this node is waiting for the key update from specified node.
 void keyRequestSent(hypercast.I_AddressPair ap, long now)
          Sets the time of last key request is sent for a entry in the key neighbor table.
 void keyUpdateReceived(hypercast.I_AddressPair ap)
          Resets the time of last key request is sent to zero for a entry in the key neighbor table.
 void removeCert(hypercast.I_LogicalAddress LA)
          Remove the certificate corresponding to the node at the given address.
 void removeEntry(hypercast.I_LogicalAddress la)
          Remove an entry which has the specified logical address from the key neighbor table.
 void removeKey(hypercast.I_LogicalAddress LA)
          Remove the key corresponding to the neighbor at the given address.
 void secureMessageReceived(hypercast.I_AddressPair ap, long now)
          Updates the time of last secure message is received for a entry in the key neighbor table.
 void setEntryToNeighbor(hypercast.I_LogicalAddress la)
          Set an entry as the overlay neighbor
 void setEntryToNoNeighbor(hypercast.I_LogicalAddress la)
          Set entry as no neighbor
 void setKeyInvalid(hypercast.I_LogicalAddress LA, boolean inValid)
           
 void setLastSecureMessageTime(hypercast.I_LogicalAddress nodeLA)
          Set the time when the last secure message was received from the given node.
 void setMyKeyTimestamp(long timestamp)
          Set the creation time to be associated with my personal key.
 void setMyPrivateKey(java.security.PrivateKey pKey)
          Sets the private key to specified value.
 void setSecurityProcessor(hypercast.SecurityProcessor spObj)
          Sets the security processor reference in the object.
 void setSequenceNum(hypercast.I_LogicalAddress nodeLA, int seqNum)
          Sets the sequence number for the given node in sequence number hashtable.
 void setSequenceNum(int seqNum)
          Sets the sequence number to given value.
 void updateEntry(hypercast.I_AddressPair ap, long now)
          Updates the time for a entry in the key neighbor table when it is modified.
 javax.crypto.spec.SecretKeySpec updateMyPersonalKey()
          Update the personal key to a new value
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

KeyVault

public KeyVault(hypercast.HyperCastConfig _config)
Constructor. Set up the appropriate settings for the algorithm and related parameters.

Parameters:
_config - Overlay socket configuration object.
Throws:
java.lang.IllegalArgumentException - when the seetings for security implementation contains errors.
Method Detail

getKeySize

public int getKeySize()
Get the key size.

Returns:
the key size.

getKeyMode

public java.lang.String getKeyMode()
Determines the key distribution model to be used for the overlay. This can be hop-by-hop or end-to-end.

Returns:
key distribution mode.

getNeighborKeyMode

public java.lang.String getNeighborKeyMode()

getSecPolicy

public java.lang.String getSecPolicy()
Gets the security policy applied to overlay messages.

Returns:
socket security polocy in string.

getProtoSecPolicy

public java.lang.String getProtoSecPolicy()
Gets the security policy applied to protocol messages.

Returns:
node security policy in string.

getConfidentialityAlgorithm

public java.lang.String getConfidentialityAlgorithm()
Gets the algorithm for encryption/decryption.

Returns:
encryption/decryption algorithm in string.

getIntegrityAlgorithm

public java.lang.String getIntegrityAlgorithm()
Gets the algorithm for MAC calculation.

Returns:
MAC algorithm in string.

getMyCertificate

public java.security.cert.X509Certificate getMyCertificate()
Gets the user certificate.

Returns:
the user certificate.

getCACertificate

public java.security.cert.X509Certificate getCACertificate()
Gets the CA certificate.

Returns:
the CA certificate.

getMyPublicKey

public java.security.PublicKey getMyPublicKey()
Gets the public key of this node

Returns:
the public key

getMyPrivateKey

public java.security.PrivateKey getMyPrivateKey()
Gets the user private key.

Returns:
the private key.

getMyPersonalKey

public javax.crypto.spec.SecretKeySpec getMyPersonalKey()
Get the personal key of this node

Returns:
this node's personal key

setMyKeyTimestamp

public void setMyKeyTimestamp(long timestamp)
Set the creation time to be associated with my personal key.

Parameters:
timestamp - the creation time of the key

getMyKeyTimestamp

public long getMyKeyTimestamp()
Get the timestamp of when the personal key was created.

Returns:
the key timestamp

setMyPrivateKey

public void setMyPrivateKey(java.security.PrivateKey pKey)
Sets the private key to specified value.

Parameters:
pKey - a private key.

updateMyPersonalKey

public javax.crypto.spec.SecretKeySpec updateMyPersonalKey()
Update the personal key to a new value

Returns:
the new personal key.
Throws:
java.lang.IllegalArgumentException - if the algorithm specified does not exist

addKey

public void addKey(hypercast.I_LogicalAddress LA,
                   javax.crypto.spec.SecretKeySpec key,
                   long timestamp)
Add a new key corresponding to the neighbor at the given address.

Parameters:
LA - The address of the neighbor whose key is being added
key - The neighbor's key
timestamp - The creation time of the neighbor's key

removeKey

public void removeKey(hypercast.I_LogicalAddress LA)
Remove the key corresponding to the neighbor at the given address.

Parameters:
LA - The address of the neighbor whose key is being removed.

haveKey

public boolean haveKey(hypercast.I_LogicalAddress LA)
Check the key store to see if there is an entry for the given node.

Parameters:
LA - the Logical address of the node.
Returns:
true if the node has an entry in the key store.

isKeyInvalid

public boolean isKeyInvalid(hypercast.I_LogicalAddress LA)
Check the key store to see if the key has been mark as invalid.

Parameters:
LA - the Logical address of the node.
Returns:
true if the node has an entry in the key store.

setKeyInvalid

public void setKeyInvalid(hypercast.I_LogicalAddress LA,
                          boolean inValid)

getKey

public java.security.Key getKey(hypercast.I_LogicalAddress LA)
Get a neighbor's personal key.

Parameters:
LA - Logical Address of the neighbor whose key is requested.
Returns:
The neigbhor's personal key.

getGroupKey

public javax.crypto.spec.SecretKeySpec getGroupKey()

getKeyTimestamp

public long getKeyTimestamp(hypercast.I_LogicalAddress LA)
Get the creation time of a neighbor's key.

Parameters:
LA - Logical Address of the neighbor whose key timestamp is requested
Returns:
The neighbor's key timestamp

addCert

public void addCert(hypercast.I_LogicalAddress LA,
                    java.security.cert.X509Certificate cert)
Add a new certificate corresponding to the node at the given address.

Parameters:
LA - The address of the node whose certificate is being added.
cert - a certificate.

removeCert

public void removeCert(hypercast.I_LogicalAddress LA)
Remove the certificate corresponding to the node at the given address.

Parameters:
LA - The address of the node whose certificate is being removed.

haveCert

public boolean haveCert(hypercast.I_LogicalAddress LA)
Check the certificate store to see if there is an entry for the given node.

Parameters:
LA - the Logical address of the node.
Returns:
true if the node has an entry in the certificate store.

getCertificate

public java.security.cert.X509Certificate getCertificate(hypercast.I_LogicalAddress LA)
Gets the certificate of the given node.

Parameters:
LA - logical address of a node.
Returns:
certificate of the given node.

getPublicKey

public java.security.PublicKey getPublicKey(hypercast.I_LogicalAddress LA)
Gets the public key of the given node.

Parameters:
LA - logical address of a node.
Returns:
public of the given node.

getNewMsgKey

public javax.crypto.SecretKey getNewMsgKey()
Get the message key.

Returns:
a new message key if key distribution mode is set to hop-by-hop; the group key otherwise.
Throws:
java.lang.IllegalArgumentException - if the encryption/decryption algorithm is not supported.

getWrappedKeySize

public int getWrappedKeySize()
Gets the wrapped message key length.

Returns:
the wrapped message key length.

checkSequenceNum

public boolean checkSequenceNum(hypercast.I_LogicalAddress src,
                                int sequenceNum)
Check if a sequence number is valid for a node. In the following two cases, the sequence number is considered valid: 1. a node, from which the sequence number is obtained, is not in the sequence number hashtable. In this case, the node and its sequence number is added to the table. 2. a node is in the sequence number hashtable and the received sequence number is greater than the sequence number currently stored in the table. In this case, the newly received sequence number replaces the currently stored one.

Parameters:
src - logical address of the node from which the sequence number is obtained.
sequenceNum - the received sequence number.
Returns:
true if the received sequence number is valid; false otherwise.

getNextSequenceNum

public int getNextSequenceNum()
Gets the next valid sequence number for protocol messages.

Returns:
the next valid sequence number.

setSequenceNum

public void setSequenceNum(hypercast.I_LogicalAddress nodeLA,
                           int seqNum)
Sets the sequence number for the given node in sequence number hashtable.

Parameters:
nodeLA - the logical address of the node to which the sequence number is bound.
seqNum - the sequence number.

setSequenceNum

public void setSequenceNum(int seqNum)
Sets the sequence number to given value.

Parameters:
seqNum - the sequence number.

setSecurityProcessor

public void setSecurityProcessor(hypercast.SecurityProcessor spObj)
Sets the security processor reference in the object.

Parameters:
spObj - the security processor.

getNode

public hypercast.I_Node getNode()
Gets the reference to the overlay node.

Returns:
overlay node.

setLastSecureMessageTime

public void setLastSecureMessageTime(hypercast.I_LogicalAddress nodeLA)
Set the time when the last secure message was received from the given node. It calls the method with same name in SecurityProcessor.

Parameters:
nodeLA - the logical address of the node from which the secure message is received.

setEntryToNeighbor

public void setEntryToNeighbor(hypercast.I_LogicalAddress la)
Set an entry as the overlay neighbor

Parameters:
la -

getAddressPairByPA

public hypercast.I_AddressPair getAddressPairByPA(hypercast.I_NetworkAddress pa)
Get the addresspair according to the physical address


setEntryToNoNeighbor

public void setEntryToNoNeighbor(hypercast.I_LogicalAddress la)
Set entry as no neighbor

Parameters:
la -

getMyKeyFor

public javax.crypto.spec.SecretKeySpec getMyKeyFor(hypercast.I_AddressPair dst_ap,
                                                   hypercast.I_AddressPair src_ap)
get the neigborhood key for this entry


getMyKeyTimestampFor

public long getMyKeyTimestampFor(hypercast.I_AddressPair dst_ap,
                                 hypercast.I_AddressPair src_ap)
get the neighborhood key timestamp for


getPhysicalAddress

public hypercast.I_PhysicalAddress getPhysicalAddress(hypercast.I_LogicalAddress la)
Gets the physical address of a node if this node is in the key neighbor table.

Parameters:
la - the logical address of a neighbor.
Returns:
the physical address of the node if it is in the key neighbor table. Null otherwise.

addEntry

public boolean addEntry(hypercast.I_AddressPair ap,
                        long now)
Add an entry in the key neighbor table.

Parameters:
ap - the address pair of a node.
now - the time that this entry is added to the key neighbor table.

contains

public boolean contains(hypercast.I_LogicalAddress src)
Checks (with logical address) if a node is in the neighbor key table.

Parameters:
src - the logical address of a node.
Returns:
true if the node is in the key neighbor table; false otherwise.

contains

public boolean contains(hypercast.I_AddressPair ap)
Checks (with address pair) if a node is in the key neighbor table.

Parameters:
ap - the logical address of a node.
Returns:
true if the node is in the key neighbor table; false otherwise.

getEntry

public hypercast.KeyVaultEntry getEntry(hypercast.I_LogicalAddress la)
Gets an entry (with logical address) from the key neighbor table.

Parameters:
la - logical address of a node.
Returns:
the KeyVaultEntry object which has the specified logical address; null if no entry contains the specified logical address.

getEntry

public hypercast.KeyVaultEntry getEntry(hypercast.I_AddressPair ap)
Gets an entry (with address pair) from the key neighbor table.

Parameters:
ap - address pair of a node.
Returns:
the KeyVaultEntry object which has the logical address in the specified address pair; null if no entry is found.

removeEntry

public void removeEntry(hypercast.I_LogicalAddress la)
Remove an entry which has the specified logical address from the key neighbor table.

Parameters:
la - the logical address of a node.

clearExpiredNeighbors

public void clearExpiredNeighbors(long key_neighbor_timeout,
                                  long now)
Clean up the key neighbor table by removing all entries which are timeout.

Parameters:
key_neighbor_timeout - timeout time of an entry in the key neighbor table.
now - current time.

getAllKeyNeighbors

public hypercast.I_AddressPair[] getAllKeyNeighbors()
Returns:
the address pairs of all nodes in the key neighbor table.

isWaitingCertReply

public boolean isWaitingCertReply(hypercast.I_AddressPair ap,
                                  long cert_request_timeout,
                                  long now)
Check if this node is waiting for the certificate reply from specified node.

Parameters:
ap - address pair of the node to be checked.
cert_request_timeout - the timeout time of waiting for certificate reply.
now - current time.
Returns:
true if timeout happens; false otherwise.

isWaitingKeyUpdate

public boolean isWaitingKeyUpdate(hypercast.I_AddressPair ap,
                                  long key_request_timeout,
                                  long now)
Check if this node is waiting for the key update from specified node.

Parameters:
ap - address pair of the node to be checked.
key_request_timeout - the timeout time of waiting for key update reply.
now - current time.
Returns:
true if timeout happens; false otherwise.

certRequestSent

public void certRequestSent(hypercast.I_AddressPair ap,
                            long now)
Sets the time of last certificate request is sent for a entry in the key neighbor table.

Parameters:
ap - address pair of the node to which the certificate request is sent.
now - the time when the certificate request is sent.

certReplyReceived

public void certReplyReceived(hypercast.I_AddressPair ap)
Resets the time of last certificate request is sent to zero for a entry in the key neighbor table.

Parameters:
ap - address pair of the node from which the certificate reply is received.

keyRequestSent

public void keyRequestSent(hypercast.I_AddressPair ap,
                           long now)
Sets the time of last key request is sent for a entry in the key neighbor table.

Parameters:
ap - address pair of the node to which the key request is sent.
now - the time when the key request is sent.

keyUpdateReceived

public void keyUpdateReceived(hypercast.I_AddressPair ap)
Resets the time of last key request is sent to zero for a entry in the key neighbor table.

Parameters:
ap - address pair of the node from which the key update is received.

updateEntry

public void updateEntry(hypercast.I_AddressPair ap,
                        long now)
Updates the time for a entry in the key neighbor table when it is modified.

Parameters:
ap - address pair of a node.
now - the time when the entry corresponding to the address pair is modified.

secureMessageReceived

public void secureMessageReceived(hypercast.I_AddressPair ap,
                                  long now)
Updates the time of last secure message is received for a entry in the key neighbor table.

Parameters:
ap - address pair of the node from which the secure message is received.
now - the time when secure message is received.

getLastTimeSecureMessageRecieved

public long getLastTimeSecureMessageRecieved(hypercast.I_AddressPair ap)
Gets the time of last secure message is received for a entry in the key neighbor table.

Parameters:
ap - address pair of a node.
Returns:
the time of last secure message is received. 0 if no entry is found.