edu.internet2.middleware.shibboleth.common.util
Class DataSealer

java.lang.Object
  extended by edu.internet2.middleware.shibboleth.common.util.DataSealer

public class DataSealer
extends Object

Applies a MAC to time-limited information and encrypts with a symmetric key.

Author:
Scott Cantor, Walter Hoehn, Derek Morr

Constructor Summary
DataSealer()
           
 
Method Summary
 String getCipherAlgorithm()
          Returns the encryption algorithm.
 SecretKey getCipherKey()
          Returns the encryption key.
 String getCipherKeyAlias()
          Returns the encryption key alias.
 String getCipherKeyPassword()
          Returns the encryption key password.
 String getKeystorePassword()
          Returns the keystore password.
 String getKeystorePath()
          Returns the keystore path.
 String getKeystoreType()
          Returns the keystore type.
 String getMacAlgorithm()
          Returns the MAC algorithm.
 SecretKey getMacKey()
          Returns the MAC key, if different from the encryption key.
 String getMacKeyAlias()
          Returns the MAC key alias.
 String getMacKeyPassword()
          Returns the MAC key password.
 SecureRandom getRandom()
          Returns the pseudorandom generator.
 void init()
          Initialization method used after setting all relevant bean properties.
 void setCipherAlgorithm(String alg)
          Sets the encryption algorithm.
 void setCipherKey(SecretKey key)
          Sets the encryption key.
 void setCipherKeyAlias(String alias)
          Sets the encryption key alias.
 void setCipherKeyPassword(String password)
          Sets the encryption key password.
 void setKeystorePassword(String password)
          Sets the keystore password.
 void setKeystorePath(String path)
          Sets the keystore path.
 void setKeystoreType(String type)
          Sets the keystore type.
 void setMacAlgorithm(String alg)
          Sets the MAC key algorithm.
 void setMacKey(SecretKey key)
          Sets the MAC key.
 void setMacKeyAlias(String alias)
          Sets the MAC key alias.
 void setMacKeyPassword(String password)
          Sets the MAC key password.
 void setRandom(SecureRandom r)
          Sets the pseudorandom generator.
 String unwrap(String wrapped)
          Decrypts and verifies an encrypted bundle of MAC'd data, and returns it.
 String wrap(String data, long exp)
          Encodes data into a cryptographic blob: [IV][HMAC][exp][data] where: [IV] = the Initialization Vector; byte-array [HMAC] = the HMAC; byte array [exp] = expiration time of the data; 8 bytes; Big-endian [data] = the principal; a UTF-8-encoded string The bytes are then GZIP'd.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DataSealer

public DataSealer()
Method Detail

init

public void init()
          throws DataSealerException
Initialization method used after setting all relevant bean properties.

Throws:
DataSealerException - if initialization fails

getCipherKey

public SecretKey getCipherKey()
Returns the encryption key.

Returns:
the encryption key

getMacKey

public SecretKey getMacKey()
Returns the MAC key, if different from the encryption key.

Returns:
the MAC key

getRandom

public SecureRandom getRandom()
Returns the pseudorandom generator.

Returns:
the pseudorandom generator

getKeystoreType

public String getKeystoreType()
Returns the keystore type.

Returns:
the keystore type.

getKeystorePath

public String getKeystorePath()
Returns the keystore path.

Returns:
the keystore path

getKeystorePassword

public String getKeystorePassword()
Returns the keystore password.

Returns:
the keystore password

getCipherKeyAlias

public String getCipherKeyAlias()
Returns the encryption key alias.

Returns:
the encryption key alias

getCipherKeyPassword

public String getCipherKeyPassword()
Returns the encryption key password.

Returns:
the encryption key password

getCipherAlgorithm

public String getCipherAlgorithm()
Returns the encryption algorithm.

Returns:
the encryption algorithm

getMacKeyAlias

public String getMacKeyAlias()
Returns the MAC key alias.

Returns:
the MAC key alias

getMacKeyPassword

public String getMacKeyPassword()
Returns the MAC key password.

Returns:
the MAC key password

getMacAlgorithm

public String getMacAlgorithm()
Returns the MAC algorithm.

Returns:
the MAC algorithm

setCipherKey

public void setCipherKey(SecretKey key)
Sets the encryption key.

Parameters:
key - the encryption key to set

setMacKey

public void setMacKey(SecretKey key)
Sets the MAC key.

Parameters:
key - the MAC key to set

setRandom

public void setRandom(SecureRandom r)
Sets the pseudorandom generator.

Parameters:
r - the pseudorandom generator to set

setKeystoreType

public void setKeystoreType(String type)
Sets the keystore type.

Parameters:
type - the keystore type to set

setKeystorePath

public void setKeystorePath(String path)
Sets the keystore path.

Parameters:
path - the keystore path to set

setKeystorePassword

public void setKeystorePassword(String password)
Sets the keystore password.

Parameters:
password - the keystore password to set

setCipherKeyAlias

public void setCipherKeyAlias(String alias)
Sets the encryption key alias.

Parameters:
alias - the encryption key alias to set

setCipherKeyPassword

public void setCipherKeyPassword(String password)
Sets the encryption key password.

Parameters:
password - the encryption key password to set

setCipherAlgorithm

public void setCipherAlgorithm(String alg)
Sets the encryption algorithm.

Parameters:
alg - the encryption algorithm to set

setMacKeyAlias

public void setMacKeyAlias(String alias)
Sets the MAC key alias.

Parameters:
alias - the MAC key alias to set

setMacKeyPassword

public void setMacKeyPassword(String password)
Sets the MAC key password.

Parameters:
password - the the MAC key password to set

setMacAlgorithm

public void setMacAlgorithm(String alg)
Sets the MAC key algorithm.

Parameters:
alg - the MAC algorithm to set

unwrap

public String unwrap(String wrapped)
              throws DataSealerException
Decrypts and verifies an encrypted bundle of MAC'd data, and returns it.

Parameters:
wrapped - the encoded blob
Returns:
the decrypted data, if it's unexpired
Throws:
DataSealerException - if the data cannot be unwrapped and verified

wrap

public String wrap(String data,
                   long exp)
            throws DataSealerException
Encodes data into a cryptographic blob: [IV][HMAC][exp][data] where: [IV] = the Initialization Vector; byte-array [HMAC] = the HMAC; byte array [exp] = expiration time of the data; 8 bytes; Big-endian [data] = the principal; a UTF-8-encoded string The bytes are then GZIP'd. The IV is pre-pended to this byte stream, and the result is Base32-encoded. We don't need to encode the IV or MAC's lengths. They can be obtained from Cipher.getBlockSize() and Mac.getMacLength(), respectively.

Parameters:
data - the data to wrap
exp - expiration time
Returns:
the encoded blob
Throws:
DataSealerException - if the wrapping operation fails


Copyright © 2006-2011 Internet2. All Rights Reserved.