Public Member Functions | |
Group (ParameterizedName groupNamespace, String groupFriendlyName, CCNHandle handle, GroupManager manager) throws ContentDecodingException, IOException | |
Group constructor. | |
Group (ContentName groupName, CCNHandle handle, GroupManager manager) throws ContentDecodingException, IOException | |
Constructor. | |
void | addMembers (ArrayList< Link > newUsers) throws InvalidKeyException, ContentDecodingException, IOException, NoSuchAlgorithmException |
Add new users to an existing group. | |
void | removeMembers (ArrayList< Link > removedUsers) throws InvalidKeyException, ContentDecodingException, IOException, NoSuchAlgorithmException |
Remove users from an existing group. | |
boolean | ready () |
Checks whether the group public key has been created. | |
PrincipalKeyDirectory | privateKeyDirectory (GroupAccessControlManager manager) throws IOException |
Returns the KeyDirectory which stores the group private key wrapped in the public keys of the members of the group. | |
void | restartPrivateKeyDirectoryEnumeration (GroupAccessControlManager manager) throws IOException |
Restart the enumeration of the private key directory. | |
String | friendlyName () |
Get the friendly name by which the group is known. | |
ContentName | groupName () |
Get the name of the namespace for the group. | |
MembershipListObject | membershipList () throws ContentDecodingException, IOException |
Returns a list containing all the members of a Group. | |
ContentName | membershipListName () throws ContentDecodingException, IOException |
Get the versioned name of the group membership list. | |
CCNTime | membershipListVersion () throws ContentDecodingException, IOException |
Get the version of the membership list. | |
void | clearCachedMembershipList () |
Clear the cached membership list. | |
PublicKeyObject | publicKeyObject () |
Get the public key of the group. | |
PublicKey | publicKey () throws ContentNotReadyException, ContentGoneException, ErrorStateException |
Get the group public key. | |
ContentName | publicKeyName () |
Get the versioned name of the group public key. | |
CCNTime | publicKeyVersion () throws IOException |
Get the version of the group public key. | |
void | setMembershipList (GroupManager groupManager, java.util.Collection< Link > newMembers) throws ContentDecodingException, IOException, InvalidKeyException, NoSuchAlgorithmException |
Sets the membership list of the group. | |
void | newGroupPublicKey (MembershipListObject ml) throws ContentEncodingException, IOException, InvalidKeyException, NoSuchAlgorithmException |
Generate a new group public key, e.g. | |
Key | createGroupPublicKey (MembershipListObject ml) throws ContentEncodingException, IOException, InvalidKeyException |
Creates a public key for the group, We don't expect there to be an existing key. | |
void | updateGroupPublicKey (Key privateKeyWrappingKey, java.util.Collection< Link > membersToAdd) throws InvalidKeyException, ContentDecodingException, AccessDeniedException, IOException |
Adds members to an existing group. | |
PrivateKey | getPrivateKey () throws IOException, InvalidKeyException, NoSuchAlgorithmException |
You won't actually get the PrivateKey unles you have the rights to decrypt it; otherwise you'll get an AccessDeniedException. | |
String | toString () |
Print useful name and version information. | |
void | modify (java.util.Collection< Link > membersToAdd, java.util.Collection< Link > membersToRemove) throws InvalidKeyException, ContentDecodingException, IOException, NoSuchAlgorithmException |
Modify will add and remove members from a Group. | |
void | delete () throws IOException |
ArrayList< Link > | recursiveAncestorList (ArrayList< Link > ancestorList) throws IOException |
Recursively constructs an ordered list of the ancestors of the group. | |
Protected Member Functions | |
void | stopPrivateKeyDirectoryEnumeration () throws IOException |
Stop enumerating the private key directory. | |
Package Functions | |
Group (ParameterizedName groupNamespace, String groupFriendlyName, MembershipListObject members, CCNHandle handle, GroupManager manager) throws ContentEncodingException, IOException, InvalidKeyException | |
Constructor that creates a new group and generates a first key pair for it. | |
Classes | |
class | CouldNotRetrievePublicKeyException |
A Group is essentially a list of members, and a public/private key pair. The public key is stored in CCN and is used to encrypt node keys (see CCNx Access Control Specification); the private key is stored encrypted under the public keys of the members of the group (which could be users or groups). The private key is represented in a KeyDirectory.
Model for private key access: if you're not allowed to get a key, we throw AccessDeniedException.
Right now dynamically load both public key and membership list. For efficiency might want to only load public key, and pull membership list only when we need to.
org.ccnx.ccn.profiles.security.access.group.Group.Group | ( | ParameterizedName | groupNamespace, | |
String | groupFriendlyName, | |||
CCNHandle | handle, | |||
GroupManager | manager | |||
) | throws ContentDecodingException, IOException |
Group constructor.
namespace | the group namespace | |
groupFriendlyName | the friendly name by which the group is known | |
handle | the CCN handle | |
manager | the group manager |
IOException | ||
ContentDecodingException |
org.ccnx.ccn.profiles.security.access.group.Group.Group | ( | ContentName | groupName, | |
CCNHandle | handle, | |||
GroupManager | manager | |||
) | throws ContentDecodingException, IOException |
Constructor.
groupName | ||
handle | ||
manager |
IOException | ||
ContentDecodingException |
org.ccnx.ccn.profiles.security.access.group.Group.Group | ( | ParameterizedName | groupNamespace, | |
String | groupFriendlyName, | |||
MembershipListObject | members, | |||
CCNHandle | handle, | |||
GroupManager | manager | |||
) | throws ContentEncodingException, IOException, InvalidKeyException [package] |
Constructor that creates a new group and generates a first key pair for it.
namespace | the group namespace | |
groupFriendlyName | the friendly name by which the group is known | |
members | the membership list of the group | |
handle | the CCN handle | |
manager | the group manager |
IOException | ||
ContentEncodingException | ||
ConfigurationException | ||
InvalidKeyException |
void org.ccnx.ccn.profiles.security.access.group.Group.addMembers | ( | ArrayList< Link > | newUsers | ) | throws InvalidKeyException, ContentDecodingException, IOException, NoSuchAlgorithmException |
Add new users to an existing group.
newUsers | the list of new users |
IOException | ||
ConfigurationException | ||
ContentDecodingException | ||
InvalidKeyException | ||
NoSuchAlgorithmException |
void org.ccnx.ccn.profiles.security.access.group.Group.removeMembers | ( | ArrayList< Link > | removedUsers | ) | throws InvalidKeyException, ContentDecodingException, IOException, NoSuchAlgorithmException |
Remove users from an existing group.
removedUsers | the list of users to be removed. |
IOException | ||
ConfigurationException | ||
ContentDecodingException | ||
InvalidKeyException | ||
NoSuchAlgorithmException |
boolean org.ccnx.ccn.profiles.security.access.group.Group.ready | ( | ) |
Checks whether the group public key has been created.
PrincipalKeyDirectory org.ccnx.ccn.profiles.security.access.group.Group.privateKeyDirectory | ( | GroupAccessControlManager | manager | ) | throws IOException |
Returns the KeyDirectory which stores the group private key wrapped in the public keys of the members of the group.
A new private key directory is created if it does not already exist and if the group public key is ready.
manager | the access control manager |
IOException |
void org.ccnx.ccn.profiles.security.access.group.Group.stopPrivateKeyDirectoryEnumeration | ( | ) | throws IOException [protected] |
Stop enumerating the private key directory.
IOException |
void org.ccnx.ccn.profiles.security.access.group.Group.restartPrivateKeyDirectoryEnumeration | ( | GroupAccessControlManager | manager | ) | throws IOException |
Restart the enumeration of the private key directory.
manager | the access control manager. |
IOException |
String org.ccnx.ccn.profiles.security.access.group.Group.friendlyName | ( | ) |
Get the friendly name by which the group is known.
ContentName org.ccnx.ccn.profiles.security.access.group.Group.groupName | ( | ) |
Get the name of the namespace for the group.
MembershipListObject org.ccnx.ccn.profiles.security.access.group.Group.membershipList | ( | ) | throws ContentDecodingException, IOException |
ContentName org.ccnx.ccn.profiles.security.access.group.Group.membershipListName | ( | ) | throws ContentDecodingException, IOException |
Get the versioned name of the group membership list.
IOException | ||
ContentDecodingException |
CCNTime org.ccnx.ccn.profiles.security.access.group.Group.membershipListVersion | ( | ) | throws ContentDecodingException, IOException |
Get the version of the membership list.
IOException | ||
ContentDecodingException |
void org.ccnx.ccn.profiles.security.access.group.Group.clearCachedMembershipList | ( | ) |
Clear the cached membership list.
This does not actually remove any members from the group, it just clears out our in-memory copy of the membership list.
PublicKeyObject org.ccnx.ccn.profiles.security.access.group.Group.publicKeyObject | ( | ) |
Get the public key of the group.
PublicKey org.ccnx.ccn.profiles.security.access.group.Group.publicKey | ( | ) | throws ContentNotReadyException, ContentGoneException, ErrorStateException |
Get the group public key.
ContentNotReadyException | ||
ContentGoneException | ||
ErrorStateException |
ContentName org.ccnx.ccn.profiles.security.access.group.Group.publicKeyName | ( | ) |
Get the versioned name of the group public key.
CCNTime org.ccnx.ccn.profiles.security.access.group.Group.publicKeyVersion | ( | ) | throws IOException |
Get the version of the group public key.
IOException |
void org.ccnx.ccn.profiles.security.access.group.Group.setMembershipList | ( | GroupManager | groupManager, | |
java.util.Collection< Link > | newMembers | |||
) | throws ContentDecodingException, IOException, InvalidKeyException, NoSuchAlgorithmException |
Sets the membership list of the group.
Existing members of the group are removed.
groupManager | the group manager | |
newMembers | the list of new group members |
IOException | ||
ContentDecodingException | ||
ConfigurationException | ||
InvalidKeyException | ||
NoSuchAlgorithmException |
void org.ccnx.ccn.profiles.security.access.group.Group.newGroupPublicKey | ( | MembershipListObject | ml | ) | throws ContentEncodingException, IOException, InvalidKeyException, NoSuchAlgorithmException |
Generate a new group public key, e.g.
after membership update. The caller of this method must have access rights to the existing (soon to be previous) private key of the group. The new key is created with a call to createGroupPublicKey. This method also wraps the new private key under the public keys of all the members of the group. Finally, a superseded block and a link to the previous key are written to the repository.
ml | the new membership list |
IOException | ||
ContentEncodingException | ||
ConfigurationException | ||
InvalidKeyException | ||
NoSuchAlgorithmException |
Key org.ccnx.ccn.profiles.security.access.group.Group.createGroupPublicKey | ( | MembershipListObject | ml | ) | throws ContentEncodingException, IOException, InvalidKeyException |
Creates a public key for the group, We don't expect there to be an existing key.
So we just write a new one. If we're not supposed to be a member, this is tricky... we just live with the fact that we know the private key, and forget it.
ml | the membership list. |
IOException | ||
ContentEncodingException | ||
ConfigurationException | ||
InvalidKeyException |
void org.ccnx.ccn.profiles.security.access.group.Group.updateGroupPublicKey | ( | Key | privateKeyWrappingKey, | |
java.util.Collection< Link > | membersToAdd | |||
) | throws InvalidKeyException, ContentDecodingException, AccessDeniedException, IOException |
Adds members to an existing group.
The caller of this method must have access to the private key of the group. We need to wrap the group public key wrapping key in the latest public keys of the members to add. Since members are only added, there is no need to replace the group key.
privateKeyWrappingKey | the private key wrapping key | |
membersToAdd | the members added to the group |
InvalidKeyException | ||
AccessDeniedException | ||
IOException | ||
ContentDecodingException |
PrivateKey org.ccnx.ccn.profiles.security.access.group.Group.getPrivateKey | ( | ) | throws IOException, InvalidKeyException, NoSuchAlgorithmException |
You won't actually get the PrivateKey unles you have the rights to decrypt it; otherwise you'll get an AccessDeniedException.
IOException | ||
NoSuchAlgorithmException | ||
InvalidKeyException |
void org.ccnx.ccn.profiles.security.access.group.Group.modify | ( | java.util.Collection< Link > | membersToAdd, | |
java.util.Collection< Link > | membersToRemove | |||
) | throws InvalidKeyException, ContentDecodingException, IOException, NoSuchAlgorithmException |
Modify will add and remove members from a Group.
It can be used to only add members, in which case the membersToRemove list is null or it can be used to only remove members, in which case the membersToAdd list is null. If both lists are passed in, then the items in the membersToAdd list are added and the items in the membersToRemove are then removed from the Group members list.
membersToAdd | list of group members to be added | |
membersToRemove | list of group members to be removed |
IOException | ||
ContentDecodingException | ||
InvalidKeyException | ||
ConfigurationException | ||
NoSuchAlgorithmException |
ArrayList<Link> org.ccnx.ccn.profiles.security.access.group.Group.recursiveAncestorList | ( | ArrayList< Link > | ancestorList | ) | throws IOException |
Recursively constructs an ordered list of the ancestors of the group.
The ancestors are the groups of which the group is a member either directly or indirectly via a chain of one or more ancestors. The order ensures that a group is always listed after all its children.
ancestorList | the ancestor list built up to this point |
IOException |