|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object iaik.security.ssl.TicketKeyBag
public class TicketKeyBag
This class represents a bag for cipher and MAC keys to be used for SessionTicket protection.
The session_ticket
extension
(RFC 4507, and its successor RFC 5077) may be used
to relieve the server from storing session related information
that is required for session resuming. Instead of storing
session information the server packs it into a session ticket
and sends it to the client.
When wishing to resume a session the client sends back the
session ticket. The server unpacks the ticket to get all
required information for being able to resume the particular
session.
To protect the confidential session information the server
(AES) encrypts the session ticket before sending it to the client.
Additionally a HMAC (with SHA256) protects the integrity of the
data (RFC 5077):
struct { opaque key_name[16]; opaque iv[16]; opaque encrypted_state<0..2^16-1>; opaque mac[32]; } ticket;This class can be used to specify the symmetric encryption key and the mac key to be used for ticket protection:
byte[] keyName = ...; SecretKey cipherKey = ...; SecretKey macKey = ...; TicketKeyBag ticketKey = new TicketKeyBag(cipherKey, macKey, keyName);
Nested Class Summary | |
---|---|
static class |
TicketKeyBag.KeyName
This class represents the key name of a TicketKeyBag. |
Constructor Summary | |
---|---|
TicketKeyBag()
Creates a ticket key bag where cipher and mac keys are generated automatically. |
|
TicketKeyBag(javax.crypto.SecretKey cipherKey,
javax.crypto.SecretKey macKey,
byte[] keyName)
Creates a ticket key bag for the given cipher key and mac key. |
Method Summary | |
---|---|
java.lang.Object |
clone()
Gets a clone of this Object. |
long |
getActivationTime()
Sets the activation time of this key bag. |
javax.crypto.SecretKey |
getCipherKey()
Gets the cipher key. |
TicketKeyBag.KeyName |
getKeyName()
Gets the key name. |
javax.crypto.SecretKey |
getMacKey()
Gets the cipher key. |
long |
getValidityPeriod()
Gets how long cipher and mac key of this key bag shall be used. |
void |
setActivationTime(long time)
Sets the activation time of this key bag. |
void |
setValidityPeriod(long time)
Specifies how long cipher and mac key of this key bag shall be used. |
java.lang.String |
toString()
Returns a String representation of this TicketKeyBag. |
Methods inherited from class java.lang.Object |
---|
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Constructor Detail |
---|
public TicketKeyBag(javax.crypto.SecretKey cipherKey, javax.crypto.SecretKey macKey, byte[] keyName)
cipherKey
- the cipher keymacKey
- the mac keykeyName
- the key id namepublic TicketKeyBag() throws java.security.NoSuchAlgorithmException
java.security.NoSuchAlgorithmException
- if the keys could not be
createdMethod Detail |
---|
public java.lang.Object clone()
clone
in class java.lang.Object
public java.lang.String toString()
toString
in class java.lang.Object
public javax.crypto.SecretKey getCipherKey()
public javax.crypto.SecretKey getMacKey()
public TicketKeyBag.KeyName getKeyName()
public void setValidityPeriod(long time)
-1
meaning that the ticket keys are used as long as the
iSaSiLk server is running. If you specify a positive
value when calling this method new keys will be
generated after the given time period has expired.
To guarantee a smooth key transition, the old keys
are still valid for the period of one ticket lifetime
(or session manager resume period) after new keys have
been activated (i.e. the actual validity period is
validity_period + ticket_lifetime).
time
- the time (in seconds) how long the current ticket
keys shall be used; if time <= 0
the
keys are used forever (as long as the server is
running; default)public long getValidityPeriod()
-1
meaning that the ticket keys are used as long as the
iSaSiLk server is running. If you have specified
a positive validity period new keys will be
generated after the given time period has expired.
To guarantee a smooth key transition, the old keys
are still valid for the period of one ticket lifetime
after new keys have been activated.
time <= 0
the
keys are used forever (as long as the server is
running; default)public void setActivationTime(long time)
time
- the time (in seconds) at which this key bag is activatedpublic long getActivationTime()
|
This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note). | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |