org.ow2.proactive.authentication.crypto

Class Credentials

java.lang.Object

org.ow2.proactive.authentication.crypto.Credentials

All Implemented Interfaces:

Serializable

@PublicAPI
public class Credentials
extends Object
implements Serializable

Encapsulates encrypted Scheduler credentials

Stores encapsulated Scheduler credentials as well as metadata used to determine which method should be used for decryption: key generation algorithm, key size, and cipher parameters.

The credentials are encrypted with a symmetric AES key. The AES key is encrypted using an asymmetric public key: the corresponding private key is required to decrypt the secret AES key, and then decrypt the data.

Extensive documentation for these parameters can be found in the Java Cryptography Extension Reference Guide.

Since:

ProActive Scheduling 1.1

See Also:

KeyPairUtil, Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static String	credentialsPathProperty Java properly describing the path to the encrypted credentials on the local drive
static String	pubkeyPathProperty Java property describing the path to the public key on the local drive

Method Summary

Modifier and Type	Method and Description
static Credentials	createCredentials(CredData cc, PublicKey pubKey) Creates new encrypted credentials.
static Credentials	createCredentials(CredData cc, PublicKey pubKey, String cipher) Creates new encrypted credentials
static Credentials	createCredentials(CredData cc, String pubPath) Creates new encrypted credentials.
static Credentials	createCredentials(String login, String password, byte[] datakey, PublicKey pubKey, String cipher) Deprecated.
static Credentials	createCredentials(String login, String password, PublicKey pubKey) Deprecated.
static Credentials	createCredentials(String login, String password, String pubPath) Deprecated.
static Credentials	createCredentials(String login, String password, String pubPath, String cipher) Deprecated.
CredData	decrypt(PrivateKey privKey) Decrypts the encapsulated credentials
CredData	decrypt(String privPath) Decrypts the encapsulated credentials
byte[]	getBase64() Returns a representation of this credentials as a base64 encoded byte array
static Credentials	getCredentials() Retrieves a credentials from disk
static Credentials	getCredentials(InputStream is) Constructs a Credentials given an InputStream
static Credentials	getCredentials(String path) Retrieves a credentials from disk
static Credentials	getCredentialsBase64(byte[] base64enc) Creates a Credentials given its base64 encoded representation
static String	getCredentialsPath()
static PrivateKey	getPrivateKey(String privPath) Retrieves a private key stored in a local file
static PrivateKey	getPrivateKey(String privPath, String[] algorithms) Retrieves a private key stored in a local file
static String	getPubKeyPath()
static PublicKey	getPublicKey(String pubPath) Retrieves a public key stored in a local file
String	toString()
void	writeToDisk(String path) Write the contents of a Credentials object to the disk

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

credentialsPathProperty

public static final String credentialsPathProperty

Java properly describing the path to the encrypted credentials on the local drive

See Also:

Constant Field Values

pubkeyPathProperty

public static final String pubkeyPathProperty

Java property describing the path to the public key on the local drive

See Also:

Constant Field Values

Method Detail

writeToDisk

public void writeToDisk(String path)
                 throws KeyException

Write the contents of a Credentials object to the disk

Use the current value of the credentialsPathProperty property to determine the file to which the data will be written

Credentials are written to disk in base64 encoded form.

See getCredentials() for the inverse operation

Parameters:

path - file path where the credentials will be written on the disk

Throws:

KeyException - Unable to locate or open file, IO error

getPublicKey

public static PublicKey getPublicKey(String pubPath)
                              throws KeyException

Retrieves a public key stored in a local file

Parameters:

pubPath - path to the public key on the local filesystem

Returns:

the key encapsulated in a regular JCE container

Throws:

KeyException - the key could not be retrieved or is malformed

getPrivateKey

public static PrivateKey getPrivateKey(String privPath)
                                throws KeyException

Retrieves a private key stored in a local file

Tries to guess the algorithm used for keypair generation which is not included in the file. According to Java Cryptography Specification, the algorithm can be only one of "RSA" or "DSA", so this method will try using both. If the algorithm used to generate the key is neither RSA or DSA (highly unlikely), this method cannot recreate the private key, but decrypt(String) maybe will.

Parameters:

privPath - path to the private key on the local filesystem

Returns:

the key encapsulated in a regular JCE container

Throws:

KeyException - the key could not be retrieved or is malformed, or the algorithm used for generation is different from the ones used by this method

getPrivateKey

public static PrivateKey getPrivateKey(String privPath,
                                       String[] algorithms)
                                throws KeyException

Retrieves a private key stored in a local file

Tries to guess the algorithm used for keypair generation which is not included in the file. According to Java Cryptography Specification, the algorithm can be only one of "RSA" or "DSA", so we can just try both using the algorithms param. If the algorithm used to generate the key is neither RSA or DSA (highly unlikely), this method cannot recreate the private key, but decrypt(String) maybe will.

Parameters:

privPath - path to the private key on the local filesystem

algorithms - a list of algorithms to try for creating the PK. Recommanded value: {"RSA","DSA"}

Returns:

the key encapsulated in a regular JCE container

Throws:

KeyException - the key could not be retrieved or is malformed, or the algorithm used for generation is not one of algorithms

getCredentials

public static Credentials getCredentials()
                                  throws KeyException

Retrieves a credentials from disk

See writeToDisk(String) for details on how information is stored on disk.

Returns:

the Credentials object represented by the file saved at the file described by the property credentialsPathProperty

Throws:

KeyException - Credentials could not be recovered

getCredentials

public static Credentials getCredentials(String path)
                                  throws KeyException

Retrieves a credentials from disk

See writeToDisk(String) for details on how information is stored on disk.

Parameters:

path - to the file in which credentials are stored

Returns:

the Credentials object represented by the file located at path

Throws:

KeyException - Credentials could not be recovered

getCredentials

public static Credentials getCredentials(InputStream is)
                                  throws KeyException,
                                         IOException

Constructs a Credentials given an InputStream

Parameters:

is - contains the base64 representation of a Credentials upon read

Returns:

the Credentials object contained in the InputStream

Throws:

KeyException - the Credentials data was read but could not be reconstructed

IOException - the Credentials data could not be read from the stream

getCredentialsBase64

public static Credentials getCredentialsBase64(byte[] base64enc)
                                        throws KeyException

Creates a Credentials given its base64 encoded representation

Parameters:

base64enc - the Credentials representation as a base64 encoded byte array, as returned by getBase64()

Returns:

the Credentials object corresponding the base64en representation

Throws:

KeyException

getBase64

public byte[] getBase64()
                 throws KeyException

Returns a representation of this credentials as a base64 encoded byte array

Prior to base64 encoding, format is the following:

• The key generation algorithm, in human readable format, on a single line
• The key size, in human readable format, on a single line
• The cipher parameters, in human readable format, on a single line
• The encrypted AES key, which should be exactly size / 8 bytes
• The encrypted data, which can be of arbitrary length, should occupy the rest of the file

Throws:

KeyException

getCredentialsPath

public static String getCredentialsPath()

Returns:

the path to the Credentials to use in this runtime

getPubKeyPath

public static String getPubKeyPath()

Returns:

the path to the public key to use in this runtime

createCredentials

public static Credentials createCredentials(CredData cc,
                                            String pubPath)
                                     throws KeyException

Creates new encrypted credentials.

See createCredentials(CredData, PublicKey)

Parameters:

cc - the data to be encrypted

pubPath - path to the public key

Returns:

the Credentials object containing the encrypted data

Throws:

KeyException - key generation or encryption failed

createCredentials

public static Credentials createCredentials(CredData cc,
                                            PublicKey pubKey)
                                     throws KeyException

Creates new encrypted credentials.

See createCredentials(CredData, PublicKey, String)

Parameters:

cc - the data to be encrypted

pubKey - the public key

Returns:

the Credentials object containing the encrypted data

Throws:

KeyException - key generation or encryption failed

createCredentials

public static Credentials createCredentials(CredData cc,
                                            PublicKey pubKey,
                                            String cipher)
                                     throws KeyException

Creates new encrypted credentials

Encrypts the message 'credData' using the public key pubKey and cipher and store it in a new Credentials object.

Parameters:

cc, - the class containing the data to be crypted

pubKey - public key used for encryption

cipher - cipher parameters: combination of transformations

Returns:

the Credentials object containing the encrypted data

Throws:

KeyException - key generation or encryption failed

See Also:

KeyPairUtil.encrypt(PublicKey, String, byte[])

decrypt

public CredData decrypt(String privPath)
                 throws KeyException

Decrypts the encapsulated credentials

Parameters:

privPath - path to the private key file

Returns:

the credential data containing the clear data:login, password and key

Throws:

KeyException - decryption failure, malformed data

See Also:

KeyPairUtil.decrypt(PrivateKey, String, byte[])

decrypt

public CredData decrypt(PrivateKey privKey)
                 throws KeyException

Decrypts the encapsulated credentials

Parameters:

privKey - the private key

Returns:

the credential data containing the clear data:login, password and key

Throws:

KeyException - decryption failure, malformed data

See Also:

KeyPairUtil.decrypt(PrivateKey, String, byte[])

toString

public String toString()

Overrides:

toString in class Object

createCredentials

@Deprecated
public static Credentials createCredentials(String login,
                                                        String password,
                                                        String pubPath)
                                                 throws KeyException

Deprecated.

Creates new encrypted credentials

See createCredentials(String, String, String, String)

Parameters:

login - the login to encrypt

password - the corresponding password to encrypt

pubPath - path to the public key

Returns:

the Credentials object containing the encrypted data

Throws:

KeyException - key generation or encryption failed

createCredentials

@Deprecated
public static Credentials createCredentials(String login,
                                                        String password,
                                                        PublicKey pubKey)
                                                 throws KeyException

Deprecated.

Creates new encrypted credentials

See createCredentials(String, String, String, String)

Parameters:

login - the login to encrypt

password - the corresponding password to encrypt

pubKey - the public key

Returns:

the Credentials object containing the encrypted data

Throws:

KeyException - key generation or encryption failed

createCredentials

@Deprecated
public static Credentials createCredentials(String login,
                                                        String password,
                                                        String pubPath,
                                                        String cipher)
                                                 throws KeyException

Deprecated.

Creates new encrypted credentials

Encrypts the message 'login:password' using the public key at pubPath and cipher and store it in a new Credentials object.

Parameters:

login - the login to encrypt

password - the corresponding password to encrypt

pubPath - path to the public key used for encryption

cipher - cipher parameters: combination of transformations

Returns:

the Credentials object containing the encrypted data

Throws:

KeyException - key generation or encryption failed

See Also:

KeyPairUtil.encrypt(PublicKey, String, byte[])

createCredentials

@Deprecated
public static Credentials createCredentials(String login,
                                                        String password,
                                                        byte[] datakey,
                                                        PublicKey pubKey,
                                                        String cipher)
                                                 throws KeyException

Deprecated.

Creates new encrypted credentials

Encrypts the message 'login:password' using the public key pubKey and cipher and store it in a new Credentials object.

Parameters:

login - the login to encrypt

password - the corresponding password to encrypt

pubKey - public key used for encryption

cipher - cipher parameters: combination of transformations

Returns:

the Credentials object containing the encrypted data

Throws:

KeyException - key generation or encryption failed

See Also:

KeyPairUtil.encrypt(PublicKey, String, byte[])