All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class semper.statement.StatementMan

java.lang.Object
   |
   +----semper.statement.StatementMan

public class StatementMan

extends Object

implements StatementConstants, ComPointConstants, CryptoConstants, CertificateConstants

Version:

$Revision: 1.40 $ $Date: 1997/04/18 11:30:07 $

Author:

Jesper Drud Nielsen ([email protected]), Torben Pryds Pedersen ([email protected])

See Also:

StatementManException, StatementTransaction, CryptoMan

StatementMan()

The services of the statement manager are static.

choose(Vector, ComPoint, Vector, String)

Based on the input a set of values received from another part is selected.

init()

Initialises the StatementMan object.

initConstInt()

Initialises the vector of integer codes of the available methods for key exchange

initConstString()

Initialises the vector of descriptions of the available methods for key exchange

int2Str(int)

Given an integer code describing a method for key exchange this method returns a String describing the method.

isInitialised()

Tells whether StatementMan is initialised.

openInitiatorStatementSession(String, String, boolean[], Vector, String)

Constructs a StatementTransaction object corresponding to opening a session on the initiator side.

openResponderStatementSession(String, String, boolean[], Vector, String)

Constructs a StatementTransaction object corresponding to opening a session on the responder side.

openStatementSession(boolean, String, String, boolean[], Vector, String)

Opens a statement session this service provides everything needed by initiator as well as responder in order to create a session between the two parties (thus it is used by openInitiatorStatementSession & openResponderStatementSession).

proposeAlgorithms(int)

Makes a list of proposed algorithms for the requested service.

requestChoice(Vector, ComPoint, Vector, String)

Sends a list of proposed values to another party and gets back a vector of chosen values.

str2Int(String)

Given an string describing a method for key exchange this method returns the corresponding integer code.

supportedAlgorithms(int)

Makes a list of supported algorithms for the requested service.

whichKeyExchanges()

Tell which methods for key exchange are supported.

  public StatementMan() throws StatementManException

The services of the statement manager are static. To prevent errors the following method instantiation of objects of this class.

Throws: StatementManException

if this method is called

  public static boolean isInitialised()

Tells whether StatementMan is initialised. The StatementMan is initialised when StatementMan.init() has been executed succesfully

Returns:

true is StatementMan has been called, false otherwise.

  public static void init() throws StatementManException

Initialises the StatementMan object. This must be done before any other services (except isInitialised) are used. The initialisation uses several items from configuration. The item "semper.configuration.username" should contain user identification. If this is not supplied by the configuration init() reads the username from the system. The item "semper.statement.isServer" is read from Configuration. "0" means initialise the StatementMan for client use, "1" is for servers (a ServicePointThread is started). If the item is not present in Configuration, StatementMan is initialised for server use. Alternatively, one can set this option using "semper.statement.isLIstener". It has the same meaning, but at some point this name will be used for instead of "isServer". Thus it is recommended to set this configuration parameter using "isListener". If both are set, and they differ the value of "semper.statement.isListener" is used. Only one application on a machine can be initialised as a server. Several applications can run simultaneously on the same machine (e.g., as server and a client or several clients). Initialisation also builds the preferences needed for using the security services. Using these the user can select which cryptographic algorithms to use and which method to use for exchange of conventional keys. If a server is being initialised, init() starts up a Channel which clients can use for sending requests to the server. The port used by the server is read from WellKnownPorts. In coming versions init will also dynamically load the module preferred by the user. For the moment a default module supplied as part of SEMPER is used.

Throws: StatementManException

if the preferred Statement module could not be loaded

See Also:

Configuration, WellKnownPorts, Channel, StatementModule

  public static Vector proposeAlgorithms(int secService) throws StatementManException

Makes a list of proposed algorithms for the requested service. Based on the list of supported algorithms, available secret keys (in case of digital signatures and public key decryption) and the preferences set by the user a list of proposed algorithms for the service is given. The following encoding for security services is used. 0: Conventional krypto system 1: MAC algorithm 2: Method for making signatures 3: Method for verifying signatures 4: Method for public key encryption 5: Method for public key decryption 6: Hash functions 7: Method for key exchange

Parameters:

secService - indicates the security service

Returns:

Integer vector of proposed algorithms for the security service

Throws: StatementManException

if the secService is not supported

  public static Vector supportedAlgorithms(int secService)

Makes a list of supported algorithms for the requested service. For security services number 0 through 6 this list is based on the algorithms supported by the crypto manager. For the service numbered 7 (key exchange), this list is based on the methods supported by the moduel of the Statement service block. The following encoding for security services is used. 0: Conventional krypto system 1: MAC algorithm 2: Method for making signatures 3: Method for verifying signatures 4: Method for public key encryption 5: Method for public key decryption 6: Hash functions 7: Method for key exchange

Parameters:

secService - indicates the security service

Returns:

vector of supported algorithms for the requested security service

  public static StatementTransaction openStatementSession(boolean server,
                                                          String partnerId,
                                                          String serveraddress,
                                                          boolean neededAlgs[],
                                                          Vector options,
                                                          String ext_ref) throws StatementManException, ComPointException, NegotiationException

Opens a statement session this service provides everything needed by initiator as well as responder in order to create a session between the two parties (thus it is used by openInitiatorStatementSession & openResponderStatementSession). First a ComPoint is opened between initiator and responder (this is done using the channel, which the server sets up as part of initialisation). A list of proposed algorithms (for the security services to be negotiated) is sent from the initiator to the responder. Similarly the responder makes a list of proposed algorithms. In the current version the responder compares the two lists and selects the first algorithm proposed by the initiator, which is also in his own list (in later version this negotiation will be refined to allow other procedures for this). The two parties can determine as part of input to this service for which security services, algorithms should be negotiated. If key exchange is requested, this service also exchange keys between the two parties using the method already negotiated. Finally this method creates a StatementTransaction object, which contains as part of its state the negotiated keys and certificats. It should be noted, that as part of setting up a session all certificates are verified. Classes of algorithms are 0: Conventional krypto system 1: MAC algorithm 2: Method for making signatures 3: Method for verifying signatures 4: Method for public key encryption 5: Method for public key decryption 6: Hash functions 7: Method for key exchange

Parameters:

server - is a boolean indicating if the service is used by a server (may not be necessary)

partnerId - is the name of the counterpart

serverAddress - the address of the server (responder)

neededAlgs - is an arry of boolean. the i'th element is true if and only if the i'th class of algorithms above should be negotiated

options - is a Vector with parameters needed to open a channel

ext_ref - external reference string sent by the peer

Returns:

An object corresponding to the session

Throws: StatementManException

if the transaction object could not be opened

Throws: ComPointException

in case of communication problems

Throws: NegotiationException

if the negotiation failed

See Also:

openInitiatorStatementSession, openResponderStatementSession, proposeAlgorithms

  public static StatementTransaction openInitiatorStatementSession(String partnerId,
                                                                   String serverAddress,
                                                                   boolean neededAlgs[],
                                                                   Vector options,
                                                                   String ext_ref) throws StatementManException, ComPointException, NegotiationException

Constructs a StatementTransaction object corresponding to opening a session on the initiator side. This method presumes that a responder (server) is willing to open a session. It uses openStatementSession, which negotiates algorithms and exchanges keys and certificats between initiator and responder. The caller can use the parameter neededAlgs to determine for which security services it is necessary to agree on an algorithm. Classes of algorithms are 0: Conventional krypto system 1: MAC algorithm 2: Method for making signatures 3: Method for verifying signatures 4: Method for public key encryption 5: Method for public key decryption 6: Hash functions 7: Method for key exchange

Parameters:

partnerId - is the name partner

serverAddress - the address of the server

neededAlgs - is an arry of boolean. the i'th element is true if and only if the i'th class of algorithms above should be negotiated

options - is a placeholder for security options (e.g., for communication)

ext_ref - external reference string sent by the peer

Returns:

A StatementTransaction object corresponding to the session

Throws: StatementManException

if the transaction object could not be opened

Throws: ComPointException

in case of communication problems

Throws: NegotiationException

if the negotiation failed

See Also:

StatementTransaction, openStatementSession

  public static StatementTransaction openResponderStatementSession(String partnerId,
                                                                   String serverAddress,
                                                                   boolean neededAlgs[],
                                                                   Vector options,
                                                                   String ext_ref) throws StatementManException, ComPointException, NegotiationException

Constructs a StatementTransaction object corresponding to opening a session on the responder side. This method uses openStatementSession, which negotiates algorithms and exchanges keys and certificats between initiator and responder. The caller can use the parameter neededAlgs to determine for which security services it is necessary to agree on an algorithm. Classes of algorithms are 0: Conventional krypto system 1: MAC algorithm 2: Method for making signatures 3: Method for verifying signatures 4: Method for public key encryption 5: Method for public key decryption 6: Hash functions 7: Method for key exchange

Parameters:

partnerId - is the name of the counterpart

servicePoint - is the thread on which the server is listening

serverAddress - the address of the server (responder side)

neededAlgs - is an arry of boolean. the i'th element is true if and only if the i'th class of algorithms above should be negotiated

options - is a placeholder for security options (e.g., for communication)

ext_ref - external reference string sent by the peer

Returns:

An object corresponding to the session

Throws: StatementManException

if the transaction object could not be opened

Throws: ComPointException

in case of communication problems

Throws: NegotiationException

if the negotiation failed

See Also:

openInitiatorStatementSession

  public static Vector whichKeyExchanges()

Tell which methods for key exchange are supported.

Returns:

vector of Integer of supported methods

See Also:

whichAlgs

  public static Vector requestChoice(Vector array_of_values,
                                     ComPoint com_point,
                                     Vector options,
                                     String ext_ref) throws NegotiationException

Sends a list of proposed values to another party and gets back a vector of chosen values. The caller of this services supplies a vector of possible values (each item corresponds to a security service and contains a list of acceptable algorithms for that service). The counterpart returns vector of chosen algorithms. This list is verified and finally returned.

Parameters:

array_of_values - is an array of messageListHeads containting the proposed algorithms

com_point - is the ComPoint by which the two parties can communicate

options - a Vector (place holder to support security options).

ext_ref - external reference string.

Returns:

Vector of MessageListHead corresponding to the result of the negotiation.

Throws: NegotiationException

if the negotiation fails

See Also:

choose

  public static Vector choose(Vector array_of_values,
                              ComPoint com_point,
                              Vector options,
                              String ext_ref) throws NegotiationException

Based on the input a set of values received from another part is selected. The caller of this services supplies a vector of possible values (each item corresponds to a security service and contains a list of acceptable algorithms for that service). the method receives from another party a list of values acceptable for the other party. This method then computes the subset of the two lsts. The resulting vector is send back and returned to the caller.

Parameters:

list_of_values - is a vecotr of MessageLIsthead containing the list of acceptable values.

com_point - is the ComPoint used for communication during negotiation

options - a Vector (place holder to support security options).

ext_ref - a String used for external references - currently not used

Returns:

Vector containing values common to both client and server.

Throws: NegotiationException

if negotiation fails

See Also:

requestChoice

  public static void initConstString()

Initialises the vector of descriptions of the available methods for key exchange

  public static void initConstInt()

Initialises the vector of integer codes of the available methods for key exchange

  public static String int2Str(int elem)

Given an integer code describing a method for key exchange this method returns a String describing the method. The conversion is based on two vectors which must have been initialised.

Parameters:

elem - is the integer code

Returns:

string describing the method (null if the method is not defined)

See Also:

initConstString, initConstInt

  public static int str2Int(String str)

Given an string describing a method for key exchange this method returns the corresponding integer code. The conversion is based on two vectors which must have been initialised.

Parameters:

str - is the string describing the key exchange

Returns:

the corresponding integer (0 if the str does not define a constant)

See Also:

initConstString, initConstInt

All Packages  Class Hierarchy  This Package  Previous  Next  Index