Download Module(DM)

The download offers the necessary functionality in order to give the user the oportunity to download new files
from a SP and to install these files. The main responsibility of the DM is to assure the end user that the downloaded
files will be installed only if the originators of the offered files have the necessary credentials to
modify these files. Furthermore, the DM performs some integrity checking for the downloaded files by checking
the signature of the originator.
In order to met the requirements, the DM is constituted by the following classes:

the CertificateBlock which offers the functionality to handle the security information
which are stored in each VMF. Each VMF contains one or more Certificate Blocks. The Certificate Block is a aggregation
of the associated to the code-issuer credentials and the state of the files contained in the Certificate Block.
the ClientRequest associated with the client's download request. This object is acting as a dispatcher for the request originated by the DcfClientProtocol
the CredentialClient in order to retrieve the trusted key and, in case of a SP, the associated credentials
the Credentials storage class for the offered, by the CRA, credentials
the DcfClientProtocol implements the protocol used, by the client, in order to seek for new/updated
files at the server site and if necessary to download these files
the DcfServerProtocol implements the steps of the server(SP) protocol that has the responsibility
to interact with the protocol implementing in the DcfClientProtocol
the Download main object that starts the DM. The Download acts as a dispatcher
in order to support requests originated from objects which are contained in the download package
the DownloadAdmin offers the DM-services that could be selected from the end user via the
tinguin's application menu
the DownloadConstrains offers the SP the necessary functionality in order to declare parts
of the local stored directories as public, protected or private. The term public directorrry means that all the
clients could download the contents without involving some authentication. Private means that nobody has the right
to download these contents. A directory is declared protected if the SP wishes to offer the contents only for a
well defined group of clients. These clients should be first authenticated and afterthat the offered files will
be sent in a encrypted form. The associated symetric key will be negotiated during the download procedure
the DownloadListener only available for the SPs. This thread object listens a specied
port for incomming download request. Each request will be associated with a DcfServerProtocol.
the DownloadServer acts as a dispatcher for requests originated from the DcfServerProtocol objects.
the NewsClient object that implements the main functionality in order to have the
interaction between the DM and the NewServer
the NewsClientClass storage class for the information offered by the NewsServer
the RootVmfClass this class defines the functionality in order to retrieve the version
information from the RootVMF.
the VmfClass this class defines the functionality in order to retrieve version,security
information stored in the VMFs

The following text provides and explains the basic fuctinality, offered by the DM

A user is able to start the DM from tinguin's application menu or directly from the shell by entering
the following command:

gmake run-DM

NOTE: In order to have DM-messages displayed on the standart output enter the command:

gmake run-Ext-DM

After the installation of the SEMPER software, choose the Download Manager from tinguin's
application menu. A dialog box will be displayed on your screen which contains a list with one item
tagged Setup Download Module. Press the Ok button in order to setup the DM enviroment. If the DM
haven't be setup in the past, a new dialog box appears on your screen. Enter the path in which the DM
will store the necessary data structure. Furthermore the above path is used to incorporate new
files/directories offered by a service provider(SP).
For example suppose your DM path is /home/semper/tmp and a service provider offers
you a new directory named semper/Bapp, the DM will store this new directory under the /home/semper/tmp.
For a SEMPER party that have the ability to offer new files, all the offered file should be stored under
the DM path. From the list contained in the above dialog box choose, the working mode for the DM.
Two working modes are supported:

Client Mode
This mode offers the basic functionallity to a client in order to incorporate new/updated
files from the merchand sites.
Server Mode
These mode is considered to be the working mode at the merchand site. Running the DM
in the server mode offers, not only the basic functionality, but furthermore some
extensions in order to support the provisioning procedure of new/updated components, the
necessary functionality used in the context of retrieving credentials from the CRA host and
more over the ability to offering the new/updated components to a target group of customers.

Choose run DM as a Server if you would like to use the functionality, descripted above.
In case that you want to run the SEMPER tool as a customer of some service providers choose
the Client Mode item. After the successfully termination of the DM setup procedure, choose
Download Manager from the application menu. The DM process will responds with a dialog
box containing a list of choices. The items contained in this list depends from the selected
working mode and from the configuration status of the module which deals with the CRA interaction
procedure. Furtherdown a description of the above list box items will be given:

Configure CRA/News Server Host Address
By selecting this item the DM process will ask you to enter the location of the CRA/News Server.
Connect The CRA/News Server
In case of choosing the above item, a dialog box will appears on the screen that could contains the following
items:
- Update Your Owned Download Credentials
  This item is available only if the DM works in the server mode. Choosing this item, cause the DM process
  to connect the CRA in order to retrieve the (updated)user-credentials.
- Upload New/Updated Files To The News Server
  This item is also available only if the DM works in the server mode. Select this item in order to announce
  changes that have been taken place in your owned files/directories.
- Retrieve CRA/News Server's Trusted Key
  This item is available for both DM working modes and only in the case when the CRA's trusted key hasn't
  be stored in the archive database. By selecting the above item, the DM retieves the CRA's trusted key.
Configure Download Manager
Selecting this item cause the DM process to display a dialog containing the following selections:
- Set Your Down/Upload Path
  Choosing this item, the DM displays a window and waits for the new DM path, the meaning of the DM path is
  explained at the top of this file
- Configure DM Access
  Only available in the server working mode. By selecting the above item the user is able to define groups of
  users that have permissions to download, via the DM, some specified files/directories. This will be arranged
  with a sequence of dialogs in which the user enters/select these attributes used in order to fullfil the
  functionality of restricted rights. These attributes are:
  - The Directory Name where the protected software is located in
  - The Description of the owner of the protected files
  - The certified users which are able to retrieve these files(syntax user-name:CA-name)separated by ";"
Update Owned Directories
This option is only available in case of running the DM in the server mode.By choosing these item, the
DM process searches these directories/files, owned by the user, in order to find changes between the state
stored in the VMFs and the current state of the directories. In case that the DM process recognize some
changes, these will be stored in the associated VMFs.
Incorporate Code From Local Disk
Select these item in order to incorporate, under the DM path, directories which are located in your storage
device. Note the fact that each of the incorporated directories should contain a valid VMF file so directories
which doesn't contains this file are ignored from the DM process. The DM will ask you to enter the path name
where the new directories are located.
Download Files From Remote Host
Selecting these item causes a dialog to be displayed on the tinguin which contains the following listbox items
- Connect Direct To A Host
  By choosing these item and after you enter the host location the DM connects to the specified host and
  downloads the new/updated files.
- Consult News-Server
  Selecting these item causes the DM establish a connection to the News Server and retrieves the changes
  that have been annonced by the mobile code issuers(merchants). In case that the sended changes haven't be
  incorporated, the DM asks you to connect these hosts.
Code Validation Checking
Choosing these item causes the validation of the directories located under the DM path to be checked
according to the VMFs which are nested in each owned or downloaded directory. The DM displays the result
in the tinguin.
Start Listen Client Download Requests
These cause the DM, running in the server mode, to serve client download requests.
Stop Downloading
Only available while the DM process downloads files from a remote host. By choosing these item the
download procedure will be interrupted
Stop Serving Client Download Requests
By choosing these item the DM will interrupt the threads which serves download requests originated by a client
Display Owned Credentials
By choosing these item the DM displays the owned credentials. Only available in the server mode

A Short Example (MEABE NOT)

In order to test the DM you need to run a DM in the server mode on a host(e.g DMserver) and a DM client
on a different host, say DMclient. Furthermore you need to run the CRA in a host named for example
CRAserver. Suppose, on the DMserver mashine, you have a stored certificate where the ca-user-name attribute
is Smith and on the DMclient-mashine a different stored certificate exists with the ca-user-name
equals to Jackson. Both certificates have been offered from the GMDSemperCA authority.
On both client/server mashines create if necessary a tmp directory. Additional On the server mashine copy
some SEMPER directories, e.g semper/comm and semper/SemperClient, under the above tmp path. Start the CRA
server and offer to the user Smith the following credentials (see CRA Server):

semper/SemperClient;semper/comm

semper/SemperClient/Test/TestSC.java

Now, start the DM server and on the setup dialog enter the location of your tmp directory and choose
the run as a Server item. Afterthat select Configure CRA/News Server Host Address from the
DM dialog and enter the host name of the CRAserver. The next step consists to retrieve the credentials
for the user Smith, from the CRA server. In order to do this, choose Connect The CRA/News Server
and in case that the displayed listbox contains only the item Retrieve CRA/News Server's Trusted Key
press the Ok button in order to store the CRA key in your database. Afterthat, visiting the same dialog,
and select Update Owned Download Credentials. The credentials will be stored in your archive.
After that select, from the main DM dialog, the Update Owned Directories item. The above command
causes the creation of VMFs under the tmp/semper/SemperClient,tmp/semper/comm and
tmp/semper/SemperClient/Test/TestSC.java directories. Now select, from the main DM dialog, the item
Start Listen Client Download Requests.

Start the client and setup the DM by entering the location of your tmp directory and choose
run as a Client from the setup list box. Setup the CRA location and obtain the CRA-key
in the same way as the DM server does. After that choose Download Files From Remote Host
from the DM main dialog and on the displayed window choose the item Connect Direct To A Host.
Enter the host name, e.g the hostname of the DMserver. On success, the directories semper/SemperClient,
semper/comm and the file semper/SemperClient/Test/TestSC.java will be stored under your tmp directory.

In order to test the News Server update some files, located under the DM-server's tmp path, choose
Update Owned Directories. After that choose Connect The CRA/News Server, from the
server's DM main dialog, and on the displayed dialog choose the item Upload New/Updated Files To
The News Server. Now go to your client mashine and select Download Files From Remote Host
On the displayed window select the Consult News-Server item. A list of server will be displayed
and you will be prompted to connect these servers in order to download the changes, in case that the
obtained changes haven't been incorporated previously.

In order to change the DM working path, select Configure Download Manager from the DM dialog
and at the displayed window select the Set Your Down/Upload Path. If you wish to have a
different DM path( the current DM path is the tmp), enter the new DM path. After pressing the
Ok button all the recognizable directories(i.e all the directories that contains a valid VMF file)
located under the tmp path and the associated to the DM structure files will be replicated to the new
location(e.g under tmp1).

If you need to declare a user group, that only parts of this, are abled to download directory contents
from a specific path first you should interrupt the server. Choose Stop Serving Client Download Requests.
Select Configure Download Manager from the DM main dialog and after that, choose Configure
DM Access from the dispayed window. Select on of the displayed paths from the item list and press
the Ok button. On the displayed dialog select the owner of the directory contents which should be
protected(keep in mind that a code-issuer could have modification rights only for some files contained
in a directory, for example semper/SemperClient/Test/TestSC.java). Click the Ok button. The new
displayed dialog contains a list of owned files(owned by the previously selected code-issuer) and a
edit box. In the edit box enter the name of the user which could download the above displayed files
following by a colon ":" and the associated CA domain name. In our example enter Jackson:GMDSemperCA.
If you need to define more than one user(e.g Steiner) the string contained in the edit should have the
form Jackson:GMDSemperCA;Steiner:GMDSemperCA. In case that you wish to declare the above files as
private(noone is able to download these files) enter the string NOONE to the above edit field.
The default setting for the above edit field is the ALL identifier, which means that the above
files could be download from every node in the internet, no identity verification will be performed and
furthermore the files will be sent unencrypted. In our example we suppose that the selected
path is semper/SemperClient and the edit box contents is Jackson:GMDSemperCA. Change at least one
file located under the semper/SemperClient. Choose Update Owned Directories from the DM
main dialog. After that, start again the server thread by choosing Start Listen Client Download
Requests from the DM main dialog. Go to your client mashine and connect direct to the server
host. Before the server sends the files contained under the semper/SemperClient directory using DES
encryption, the client should prove that he/she is the owner of Jackson's certificate.

In order to incorporate directories from your local storage device, modify the
semper/SemperClient/Test/TestSC.java in the server site. Choose Update Owned Directories
from the DM main dialog. Store, at the client site, the updated semper/SemperClient/Test(not under
the tmp directory) e.g under tmp2. Choose, on the client, the Incorporate Code From Local Disk
item and on the displayed window enter the location(i.e tmp2). Only the updated file TestSC.java will be
incorporated under client's tmp path and furthermore the VMF located under the
tmp/semper/SemperClient/Test will be updated.