Class semper.statement.StatementMan
All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class semper.statement.StatementMan

java.lang.Object
   |
   +----semper.statement.StatementMan

public class StatementMan
extends Object
implements StatementConstants, ComPointConstants, CryptoConstants, CertificateConstants
Implements the interface for StatementMan. The statement manager is responsible for secure transfer of information. The protection offered is: encryption (symmetric and asymmetric), message authenticaion code (MAC) and digital signatures. Conventional methods require that the two parties share a key. A key exchange functinality is provided by a module. This enables two parties to set up a session (by getting a StatementTransaction object). When setting up this object, security algoritms are negotiated and keys for conventional algorithms are exchanged. See here for more information about this block. the actual cryptographic functions are provided by the crypto manager.
Version:
$Revision: 1.40 $ $Date: 1997/04/18 11:30:07 $
Author:
Jesper Drud Nielsen (drud@cryptomathic.aau.dk), Torben Pryds Pedersen (tpp@cryptomathic.aau.dk)
See Also:
StatementManException, StatementTransaction, CryptoMan

Constructor Index

 o StatementMan()
The services of the statement manager are static.

Method Index

 o choose(Vector, ComPoint, Vector, String)
Based on the input a set of values received from another part is selected.
 o init()
Initialises the StatementMan object.
 o initConstInt()
Initialises the vector of integer codes of the available methods for key exchange
 o initConstString()
Initialises the vector of descriptions of the available methods for key exchange
 o int2Str(int)
Given an integer code describing a method for key exchange this method returns a String describing the method.
 o isInitialised()
Tells whether StatementMan is initialised.
 o openInitiatorStatementSession(String, String, boolean[], Vector, String)
Constructs a StatementTransaction object corresponding to opening a session on the initiator side.
 o openResponderStatementSession(String, String, boolean[], Vector, String)
Constructs a StatementTransaction object corresponding to opening a session on the responder side.
 o openStatementSession(boolean, String, String, boolean[], Vector, String)
Opens a statement session this service provides everything needed by initiator as well as responder in order to create a session between the two parties (thus it is used by openInitiatorStatementSession & openResponderStatementSession).
 o proposeAlgorithms(int)
Makes a list of proposed algorithms for the requested service.
 o requestChoice(Vector, ComPoint, Vector, String)
Sends a list of proposed values to another party and gets back a vector of chosen values.
 o str2Int(String)
Given an string describing a method for key exchange this method returns the corresponding integer code.
 o supportedAlgorithms(int)
Makes a list of supported algorithms for the requested service.
 o whichKeyExchanges()
Tell which methods for key exchange are supported.

Constructors

 o StatementMan
  public StatementMan() throws StatementManException
The services of the statement manager are static. To prevent errors the following method instantiation of objects of this class.
Throws: StatementManException
if this method is called

Methods

 o isInitialised
  public static boolean isInitialised()
Tells whether StatementMan is initialised. The StatementMan is initialised when StatementMan.init() has been executed succesfully
Returns:
true is StatementMan has been called, false otherwise.
 o init
  public static void init() throws StatementManException
Initialises the StatementMan object. This must be done before any other services (except isInitialised) are used. The initialisation uses several items from configuration. The item "semper.configuration.username" should contain user identification. If this is not supplied by the configuration init() reads the username from the system. The item "semper.statement.isServer" is read from Configuration. "0" means initialise the StatementMan for client use, "1" is for servers (a ServicePointThread is started). If the item is not present in Configuration, StatementMan is initialised for server use. Alternatively, one can set this option using "semper.statement.isLIstener". It has the same meaning, but at some point this name will be used for instead of "isServer". Thus it is recommended to set this configuration parameter using "isListener". If both are set, and they differ the value of "semper.statement.isListener" is used. Only one application on a machine can be initialised as a server. Several applications can run simultaneously on the same machine (e.g., as server and a client or several clients). Initialisation also builds the preferences needed for using the security services. Using these the user can select which cryptographic algorithms to use and which method to use for exchange of conventional keys. If a server is being initialised, init() starts up a Channel which clients can use for sending requests to the server. The port used by the server is read from WellKnownPorts. In coming versions init will also dynamically load the module preferred by the user. For the moment a default module supplied as part of SEMPER is used.
Throws: StatementManException
if the preferred Statement module could not be loaded
See Also:
Configuration, WellKnownPorts, Channel, StatementModule
 o proposeAlgorithms
  public static Vector proposeAlgorithms(int secService) throws StatementManException
Makes a list of proposed algorithms for the requested service. Based on the list of supported algorithms, available secret keys (in case of digital signatures and public key decryption) and the preferences set by the user a list of proposed algorithms for the service is given. The following encoding for security services is used. 0: Conventional krypto system 1: MAC algorithm 2: Method for making signatures 3: Method for verifying signatures 4: Method for public key encryption 5: Method for public key decryption 6: Hash functions 7: Method for key exchange
Parameters:
secService - indicates the security service
Returns:
Integer vector of proposed algorithms for the security service
Throws: StatementManException
if the secService is not supported
 o supportedAlgorithms
  public static Vector supportedAlgorithms(int secService)
Makes a list of supported algorithms for the requested service. For security services number 0 through 6 this list is based on the algorithms supported by the crypto manager. For the service numbered 7 (key exchange), this list is based on the methods supported by the moduel of the Statement service block. The following encoding for security services is used. 0: Conventional krypto system 1: MAC algorithm 2: Method for making signatures 3: Method for verifying signatures 4: Method for public key encryption 5: Method for public key decryption 6: Hash functions 7: Method for key exchange
Parameters:
secService - indicates the security service
Returns:
vector of supported algorithms for the requested security service
 o openStatementSession
  public static StatementTransaction openStatementSession(boolean server,
                                                          String partnerId,
                                                          String serveraddress,
                                                          boolean neededAlgs[],
                                                          Vector options,
                                                          String ext_ref) throws StatementManException, ComPointException, NegotiationException
Opens a statement session this service provides everything needed by initiator as well as responder in order to create a session between the two parties (thus it is used by openInitiatorStatementSession & openResponderStatementSession). First a ComPoint is opened between initiator and responder (this is done using the channel, which the server sets up as part of initialisation). A list of proposed algorithms (for the security services to be negotiated) is sent from the initiator to the responder. Similarly the responder makes a list of proposed algorithms. In the current version the responder compares the two lists and selects the first algorithm proposed by the initiator, which is also in his own list (in later version this negotiation will be refined to allow other procedures for this). The two parties can determine as part of input to this service for which security services, algorithms should be negotiated. If key exchange is requested, this service also exchange keys between the two parties using the method already negotiated. Finally this method creates a StatementTransaction object, which contains as part of its state the negotiated keys and certificats. It should be noted, that as part of setting up a session all certificates are verified. Classes of algorithms are 0: Conventional krypto system 1: MAC algorithm 2: Method for making signatures 3: Method for verifying signatures 4: Method for public key encryption 5: Method for public key decryption 6: Hash functions 7: Method for key exchange
Parameters:
server - is a boolean indicating if the service is used by a server (may not be necessary)
partnerId - is the name of the counterpart
serverAddress - the address of the server (responder)
neededAlgs - is an arry of boolean. the i'th element is true if and only if the i'th class of algorithms above should be negotiated
options - is a Vector with parameters needed to open a channel
ext_ref - external reference string sent by the peer
Returns:
An object corresponding to the session
Throws: StatementManException
if the transaction object could not be opened
Throws: ComPointException
in case of communication problems
Throws: NegotiationException
if the negotiation failed
See Also:
openInitiatorStatementSession, openResponderStatementSession, proposeAlgorithms
 o openInitiatorStatementSession
  public static StatementTransaction openInitiatorStatementSession(String partnerId,
                                                                   String serverAddress,
                                                                   boolean neededAlgs[],
                                                                   Vector options,
                                                                   String ext_ref) throws StatementManException, ComPointException, NegotiationException
Constructs a StatementTransaction object corresponding to opening a session on the initiator side. This method presumes that a responder (server) is willing to open a session. It uses openStatementSession, which negotiates algorithms and exchanges keys and certificats between initiator and responder. The caller can use the parameter neededAlgs to determine for which security services it is necessary to agree on an algorithm. Classes of algorithms are 0: Conventional krypto system 1: MAC algorithm 2: Method for making signatures 3: Method for verifying signatures 4: Method for public key encryption 5: Method for public key decryption 6: Hash functions 7: Method for key exchange
Parameters:
partnerId - is the name partner
serverAddress - the address of the server
neededAlgs - is an arry of boolean. the i'th element is true if and only if the i'th class of algorithms above should be negotiated
options - is a placeholder for security options (e.g., for communication)
ext_ref - external reference string sent by the peer
Returns:
A StatementTransaction object corresponding to the session
Throws: StatementManException
if the transaction object could not be opened
Throws: ComPointException
in case of communication problems
Throws: NegotiationException
if the negotiation failed
See Also:
StatementTransaction, openStatementSession
 o openResponderStatementSession
  public static StatementTransaction openResponderStatementSession(String partnerId,
                                                                   String serverAddress,
                                                                   boolean neededAlgs[],
                                                                   Vector options,
                                                                   String ext_ref) throws StatementManException, ComPointException, NegotiationException
Constructs a StatementTransaction object corresponding to opening a session on the responder side. This method uses openStatementSession, which negotiates algorithms and exchanges keys and certificats between initiator and responder. The caller can use the parameter neededAlgs to determine for which security services it is necessary to agree on an algorithm. Classes of algorithms are 0: Conventional krypto system 1: MAC algorithm 2: Method for making signatures 3: Method for verifying signatures 4: Method for public key encryption 5: Method for public key decryption 6: Hash functions 7: Method for key exchange
Parameters:
partnerId - is the name of the counterpart
servicePoint - is the thread on which the server is listening
serverAddress - the address of the server (responder side)
neededAlgs - is an arry of boolean. the i'th element is true if and only if the i'th class of algorithms above should be negotiated
options - is a placeholder for security options (e.g., for communication)
ext_ref - external reference string sent by the peer
Returns:
An object corresponding to the session
Throws: StatementManException
if the transaction object could not be opened
Throws: ComPointException
in case of communication problems
Throws: NegotiationException
if the negotiation failed
See Also:
openInitiatorStatementSession
 o whichKeyExchanges
  public static Vector whichKeyExchanges()
Tell which methods for key exchange are supported.
Returns:
vector of Integer of supported methods
See Also:
whichAlgs
 o requestChoice
  public static Vector requestChoice(Vector array_of_values,
                                     ComPoint com_point,
                                     Vector options,
                                     String ext_ref) throws NegotiationException
Sends a list of proposed values to another party and gets back a vector of chosen values. The caller of this services supplies a vector of possible values (each item corresponds to a security service and contains a list of acceptable algorithms for that service). The counterpart returns vector of chosen algorithms. This list is verified and finally returned.
Parameters:
array_of_values - is an array of messageListHeads containting the proposed algorithms
com_point - is the ComPoint by which the two parties can communicate
options - a Vector (place holder to support security options).
ext_ref - external reference string.
Returns:
Vector of MessageListHead corresponding to the result of the negotiation.
Throws: NegotiationException
if the negotiation fails
See Also:
choose
 o choose
  public static Vector choose(Vector array_of_values,
                              ComPoint com_point,
                              Vector options,
                              String ext_ref) throws NegotiationException
Based on the input a set of values received from another part is selected. The caller of this services supplies a vector of possible values (each item corresponds to a security service and contains a list of acceptable algorithms for that service). the method receives from another party a list of values acceptable for the other party. This method then computes the subset of the two lsts. The resulting vector is send back and returned to the caller.
Parameters:
list_of_values - is a vecotr of MessageLIsthead containing the list of acceptable values.
com_point - is the ComPoint used for communication during negotiation
options - a Vector (place holder to support security options).
ext_ref - a String used for external references - currently not used
Returns:
Vector containing values common to both client and server.
Throws: NegotiationException
if negotiation fails
See Also:
requestChoice
 o initConstString
  public static void initConstString()
Initialises the vector of descriptions of the available methods for key exchange
 o initConstInt
  public static void initConstInt()
Initialises the vector of integer codes of the available methods for key exchange
 o int2Str
  public static String int2Str(int elem)
Given an integer code describing a method for key exchange this method returns a String describing the method. The conversion is based on two vectors which must have been initialised.
Parameters:
elem - is the integer code
Returns:
string describing the method (null if the method is not defined)
See Also:
initConstString, initConstInt
 o str2Int
  public static int str2Int(String str)
Given an string describing a method for key exchange this method returns the corresponding integer code. The conversion is based on two vectors which must have been initialised.
Parameters:
str - is the string describing the key exchange
Returns:
the corresponding integer (0 if the str does not define a constant)
See Also:
initConstString, initConstInt

All Packages  Class Hierarchy  This Package  Previous  Next  Index