iaik.security.ssl
Class TicketKeysManager

java.lang.Object
  extended by iaik.security.ssl.TicketKeysManager
All Implemented Interfaces:
java.lang.Cloneable
Direct Known Subclasses:
DefaultTicketKeysManager

public abstract class TicketKeysManager
extends java.lang.Object
implements java.lang.Cloneable

The TicketKeys manager manages the TicketKeyBag cipher and MAC keys to be used for SessionTicket protection.

This class also stores the system's default ticket keys manager. A server application may plug-in its own TicketKeysManager implementation, either by changing the default TicketsKeyManager, or by setting it for a particular SSLServerContext SessionTicket extension.

See Also:
DefaultTicketKeysManager, SessionTicket

Constructor Summary
TicketKeysManager()
           
 
Method Summary
 java.lang.Object clone()
          Gets a clone of this TicketKeyManager.
static TicketKeysManager getDefault()
          Get the current TicketKeysManager.
abstract  TicketKeyBag getTicketKeys(TicketKeyBag.KeyName keyName)
          Gets the ticket keys for en- or decrypting a ticket.
static void setDefault(TicketKeysManager manager)
          Set the default TicketKeysManager to be used.
abstract  void setTicketKeys(TicketKeyBag ticketKeys)
          Sets the (initial) ticket keys for this TicketKeysManager.
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

TicketKeysManager

public TicketKeysManager()
Method Detail

getDefault

public static TicketKeysManager getDefault()
Get the current TicketKeysManager. Initially set to an instance of DefaultTicketKeysManager.

Returns:
the current TicketKeysManager

setDefault

public static void setDefault(TicketKeysManager manager)
Set the default TicketKeysManager to be used.


setTicketKeys

public abstract void setTicketKeys(TicketKeyBag ticketKeys)
Sets the (initial) ticket keys for this TicketKeysManager.
This method is called by iSaSiLk to set the (initial) TicketKeyBag from the SessionTicket extension. The ticket keys will be used by the server for session ticket en/decryption and mac calcualtion/verification when sending a session ticket to the client within a NewSessionTicket handshake message, or receiving one from the client within a SessionTicket extension, respectively.

Parameters:
ticketKeys - the (initial) AES and MAC keys from the SessionTicket extension to be used for ticket en/decryption and mac calculation/verification; maybe null if no TicketKeyBag has been set for the SessionTicket extension

getTicketKeys

public abstract TicketKeyBag getTicketKeys(TicketKeyBag.KeyName keyName)
                                    throws java.security.NoSuchAlgorithmException
Gets the ticket keys for en- or decrypting a ticket.

If keyName is not null this method searches for a TicketKeyBag based on the key name. In this case this method is called when the server has to decrypt a session ticket received from the client within a SessionTicket extension.
If keyName is null this method gets the active TicketKeyBag for encrypting and integrity protecting a session ticket when sending it to the client within a NewSessionTicket handshake message.

Parameters:
keyName - the name of the key bag, if null get the active ticket keys
Returns:
the AES and MAC keys used for ticket en/decryption and MAC verification, respectively; or null if no keys (for the given key name) are available
Throws:
java.security.NoSuchAlgorithmException

clone

public java.lang.Object clone()
Gets a clone of this TicketKeyManager.

Overrides:
clone in class java.lang.Object
Returns:
a clone of this TicketKeyManager

This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

iSaSiLk 5.104, (c) 2002 IAIK, (c) 2003 - 2015 SIC