Agent System POND 1.2 (28.2.2002)

PkgAgentSystem.Crypto
Class AgentIdentity

java.lang.Object
  |
  +--java.security.cert.Certificate
        |
        +--PkgAgentSystem.Crypto.AgentIdentity
All Implemented Interfaces:
AgentClassification, CertificateClassification, Cloneable, RegularCustomerClassification, Serializable
Direct Known Subclasses:
AgentIdentityExtension

public class AgentIdentity
extends Certificate
implements Cloneable, RegularCustomerClassification, CertificateClassification

The identity of an agent. Contains information about the agent, its owner and the home system. It is signed both by the owner and by the agent itself. In this way it is impossible to change the public key of the agent without knowing the private key of the owner. It is however possible to replace both the key of the agent and the owner.
The identity can be either cryptograpic secure (signed, owner certificate needed) or insecure (unsigned).

Version:
1.0, 1.7.2000
Author:
Michael Sonntag
See Also:
Serialized Form

Inner classes inherited from class java.security.cert.Certificate
Certificate.CertificateRep
 
Field Summary
protected  PublicKey agentPublicKey
          The public key of the agent
protected  String agentPublicKeyName
          Name of the public key of the agent
protected  URL home
          URL of the home system of the agent.
protected  String id
          ID if the agent; should be unique.
protected  String name
          The name of the agent
protected  Certificate ownerCertificate
          Certificate of the owner of the agent
protected  String ownerName
          String representation of the name of the owner
protected  String signAlgorithmAgent
          The signature of the agent
protected  String signAlgorithmOwner
          The algorithm used for signing by the owner
protected  byte[] signatureAgent
          The algorithm used for signing by the agent
protected  byte[] signatureOwner
          The signature of the owner
protected  boolean signed
          true if this is identity is signed
protected  int version
          Version of identity.
 
Fields inherited from interface PkgAgentSystem.Classification.AgentClassification
ACCEPTED, CHECK_CURRENTLY_IMPOSSIBLE, CHECK_IMPOSSIBLE, IGNORE, REJECTED, REQUEST_CHECK, UNKNOWN_CLASSIFICATION
 
Constructor Summary
(package private) AgentIdentity()
           
protected AgentIdentity(String type)
           
  AgentIdentity(String name, String id, URL home, String ownerName)
          Creates a new AgentIdentity which does not include an owner certificate.
  AgentIdentity(String name, String id, URL home, String agentPublicKeyName, PublicKey agentPublicKey, String ownerName, Certificate ownerCertificate)
          Creates a new AgentIdentity which does include an owner certificate and a public key of the agent.
 
Method Summary
 boolean codeDeployed()
          Returns whether the manifest of the code package (including the digests of all the code files) was signed by the owner upon sending it on this job.
 AgentIdentity copy()
          Returns a (shallow) copy of this identity.
protected  void decodeData(byte[] buffer)
          Restores the content of an identity from a buffer.
 void deploy(byte[] agentState, byte[] manifestBytes, PrivateKey privateOwnerKey)
          Deploys the agent by signing the current state (i. e. the initialization parameters) and the code used if applicable (digest over the code signatures)
 boolean equals(Object other)
          Indicates whether some other object is "equal to" this one.
 String getAgentName()
          Returns the name of the agent
 String getAgentPublicKeyName()
          Returns the name of the public key of the agent
 byte[] getAgentSignature()
          Returns the bytes of the signature by the agent (if manual checking is desired)
 String getAgentSignatureAlgorithm()
          Returns the algorithm of the signature by the agent (if manual checking is desired)
 Certificate getCertificate()
          Returns the certificate, which is associated with this classification (which is this object).
 int getClassificationStatus()
          Returns the current status of the classification.
 byte[] getDeployCodeSignature()
          Returns the bytes of the signature of the code signatures
 byte[] getDeployInitializationSignature()
          Returns the bytes of the signature of the intialization state
 byte[] getEncoded()
          Returns the identity in an encoded form in an byte array.
protected  byte[] getEncodedForSigning()
          Returns the identity in an encoded form in an byte array.
 URL getHomeAddress()
          Returns the URL of the home agent-system of the agent
 String getID()
          Returns the unique id of the agent
 Certificate getOwnerCertificate()
          Returns the certificate of the owner of the agent or null if not present
 String getOwnerName()
          Returns the name of the owner of the agent.
 byte[] getOwnerSignature()
          Returns the bytes of the signature by the owner (if manual checking is desired)
 String getOwnerSignatureAlgorithm()
          Returns the algorithm of the signature by the owner (if manual checking is desired)
 PublicKey getPublicKey()
          Returns the public key of the agent
 AgentIdentity getRegularCustomerIdentity()
          Returns the identity of the agent.
 int hashCode()
          Returns a hashcode value for the identity.
 boolean initialStateDeployed()
          Returns whether this agent's state was signed by the owner upon sending them on this job.
 boolean isSigned()
          Returns true if this identity is signed (NO verification!)
 void setClassificationStatus(int newStatus)
          Sets the status of this classification.
 void setDeployCodeSignature(byte[] signature)
          Sets the bytes of the signature of the code signatures
 void setDeployInitializationSignature(byte[] signature)
          Sets the bytes of the signature of the intialization state
 void setSignatures(String ownerSignAlgo, byte[] ownerSignature, String agentSignAlgo, byte[] agentSignature)
          Sets the signatures and their algorithms.
 boolean sign(String signAlgoOwner, PrivateKey privateOwnerKey, String signAlgoAgent, PrivateKey privateAgentKey)
          Sign the identity with the private key of the agent and the private key of the owner
 String toString()
          Returns a String representation of this identity.
 void verify()
          This method allows to verify this identity.
 void verify(PublicKey ownerKey)
          This method allows to verify this identity.
 void verify(PublicKey ownerKey, String sigProvider)
          This method allows to verify this identity.
 void verifyDeployCodeSignature(byte[] manifestBytes)
          Verifys the signature on the code manifest
 
Methods inherited from class java.security.cert.Certificate
getType, writeReplace
 
Methods inherited from class java.lang.Object
, clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

version

protected int version
Version of identity. MUST be changed in subclasses!

signed

protected boolean signed
true if this is identity is signed

signAlgorithmOwner

protected String signAlgorithmOwner
The algorithm used for signing by the owner

signatureOwner

protected byte[] signatureOwner
The signature of the owner

signatureAgent

protected byte[] signatureAgent
The algorithm used for signing by the agent

signAlgorithmAgent

protected String signAlgorithmAgent
The signature of the agent

ownerName

protected String ownerName
String representation of the name of the owner

name

protected String name
The name of the agent

id

protected String id
ID if the agent; should be unique. No two agents with the same ID are allowed on an agent system

home

protected URL home
URL of the home system of the agent. Protocol must be 'amp'

agentPublicKeyName

protected String agentPublicKeyName
Name of the public key of the agent

agentPublicKey

protected transient PublicKey agentPublicKey
The public key of the agent

ownerCertificate

protected transient Certificate ownerCertificate
Certificate of the owner of the agent
Constructor Detail

AgentIdentity

AgentIdentity()

AgentIdentity

protected AgentIdentity(String type)

AgentIdentity

public AgentIdentity(String name,
                     String id,
                     URL home,
                     String ownerName)
Creates a new AgentIdentity which does not include an owner certificate. The owner is identified only through its name. There is also no public key associated with the agent.
This is a very simple identity and should only be used for testing.
Parameters:
name - the name of the agent
id - the unique id of the agent
home - the URL of the home agent-system
ownerName - the name of the owner of the agent

AgentIdentity

public AgentIdentity(String name,
                     String id,
                     URL home,
                     String agentPublicKeyName,
                     PublicKey agentPublicKey,
                     String ownerName,
                     Certificate ownerCertificate)
Creates a new AgentIdentity which does include an owner certificate and a public key of the agent.
Parameters:
name - the name of the agent
id - the unique id of the agent
home - the URL of the home agent-system
agentPublicKeyName - the name of the public key of the agent. Must be identical to the name used for storing the private key in the key-store of the agent.
agentPublicKey - the public key of the agent
ownerName - the name of the owner of the agent (may be null)
ownerCertificate - the certificate of the owner of the agent
Method Detail

decodeData

protected void decodeData(byte[] buffer)
                   throws IOException,
                          CertificateException,
                          NoSuchAlgorithmException
Restores the content of an identity from a buffer. Must be the same data as returned from getEncodedForSigning.
Parameters:
buffer - the array of bytes from which to re-create the identity
cl - the classloader, which should be used to recreate all the objects
Throws:
IOException - if an error occured during deserialization of a field
CertificateException - if the key could not be decoded
NoSuchAlgorithmException - if the algorithm of the key is not available
See Also:
AgentIdentityFactory

getEncodedForSigning

protected byte[] getEncodedForSigning()
                               throws CertificateEncodingException
Returns the identity in an encoded form in an byte array. Does not include the signatures. Used for signing the content (Can't sign the signatures, not created then!).
Returns:
the array of bytes with the encoded identity
Throws:
CertificateEncodingException - if an error occured during encoding

getEncoded

public final byte[] getEncoded()
                        throws CertificateEncodingException
Returns the identity in an encoded form in an byte array. Also includes the signatures and the version.
Overrides:
getEncoded in class Certificate
Returns:
the array of bytes with the encoded identity
Throws:
CertificateEncodingException - if an error occured during encoding

sign

public final boolean sign(String signAlgoOwner,
                          PrivateKey privateOwnerKey,
                          String signAlgoAgent,
                          PrivateKey privateAgentKey)
                   throws CertificateEncodingException,
                          InvalidKeyException,
                          NoSuchAlgorithmException,
                          SignatureException
Sign the identity with the private key of the agent and the private key of the owner
Parameters:
signAlgoOwner - algorithm used for signing with the owners private key (if null, the standard algorithm of the key is used)
privateOwnerKey - private key of the owner
signAlgoAgent - algorithm used for signing with the agents private key (if null, the standard algorithm of the key is used)
privateAgentKey - private key of the agent
Returns:
true if successful
Throws:
CertificateEncodingException - if the identity could not be encoded
InvalidKeyException - if one of the private keys provided is invalid
NoSuchAlgorithmException - if one of the algorithms provided is unknown
SignatureException - if an error occured during signing or the identity is alread signed

getOwnerSignatureAlgorithm

public final String getOwnerSignatureAlgorithm()
Returns the algorithm of the signature by the owner (if manual checking is desired)
Returns:
algorithm of the owners signature

getAgentSignatureAlgorithm

public final String getAgentSignatureAlgorithm()
Returns the algorithm of the signature by the agent (if manual checking is desired)
Returns:
algorithm of the agents signature

getOwnerSignature

public final byte[] getOwnerSignature()
Returns the bytes of the signature by the owner (if manual checking is desired)
Returns:
array of bytes of the owners signature

getAgentSignature

public final byte[] getAgentSignature()
Returns the bytes of the signature by the agent (if manual checking is desired)
Returns:
array of bytes of the agents signature

getDeployInitializationSignature

public final byte[] getDeployInitializationSignature()
Returns the bytes of the signature of the intialization state
Returns:
array of bytes of the signature of the intialization state

getDeployCodeSignature

public final byte[] getDeployCodeSignature()
Returns the bytes of the signature of the code signatures
Returns:
array of bytes of the signature on the code signatures

setSignatures

public final void setSignatures(String ownerSignAlgo,
                                byte[] ownerSignature,
                                String agentSignAlgo,
                                byte[] agentSignature)
                         throws SignatureException,
                                IllegalStateException
Sets the signatures and their algorithms. They are verified afterwards (exception thrown if they do not match!).
Throws:
IllegalStateException - if the identity is already signed
SignatureException - if the verification failed

setDeployInitializationSignature

public final void setDeployInitializationSignature(byte[] signature)
Sets the bytes of the signature of the intialization state
Parameters:
signature - array of bytes of the signature of the intialization state
Throws:
IllegalStateException - if the signature is already set

setDeployCodeSignature

public final void setDeployCodeSignature(byte[] signature)
Sets the bytes of the signature of the code signatures
Parameters:
array - of bytes of the signature on the code signatures
Throws:
IllegalStateException - if the signature is already set

verify

public final void verify(PublicKey ownerKey,
                         String sigProvider)
                  throws CertificateEncodingException,
                         NoSuchAlgorithmException,
                         InvalidKeyException,
                         NoSuchProviderException,
                         SignatureException
This method allows to verify this identity. Both signatures (by the owner and by the agent) are verified. The public key used to verify the agents signature is taken from the identity itself.
Overrides:
verify in class Certificate
Parameters:
ownerKey - public key of the owner used for verification of the signature
sigProvider - name of the security provider which should be used for verification (take care that it is installed). If null, the default provider is used
Throws:
CertificateEncodingException - if the identity could not be encoded
InvalidKeyException - if one of the public keys is invalid
NoSuchAlgorithmException - if one of the algorithms used is unknown
NoSuchProviderException - if the requested provider could not be found
SignatureException - if an error occured during verification or the verification failed

verify

public final void verify(PublicKey ownerKey)
                  throws CertificateEncodingException,
                         NoSuchAlgorithmException,
                         InvalidKeyException,
                         SignatureException
This method allows to verify this identity. Both signatures (by the owner and by the agent) are verified. The public key used to verify the agents signature is taken from the identity itself.
Overrides:
verify in class Certificate
Parameters:
ownerKey - public key of the owner used for verification of the signature
Throws:
CertificateEncodingException - if the identity could not be encoded
InvalidKeyException - if one of the public keys is invalid
NoSuchAlgorithmException - if one of the algorithms used is unknown
SignatureException - if an error occured during verification or the verification failed

verify

public final void verify()
                  throws CertificateEncodingException,
                         NoSuchAlgorithmException,
                         SignatureException
This method allows to verify this identity. Both signatures (by the owner and by the agent) are verified. The public keys used to verify the agents are taken from the identity and the certificate itself.
Throws:
CertificateEncodingException - if the identity could not be encoded
NoSuchAlgorithmException - if one of the algorithms used is unknown
SignatureException - if an error occured during verification or the verification failed

isSigned

public final boolean isSigned()
Returns true if this identity is signed (NO verification!)
Returns:
true if signatures are present

getOwnerName

public final String getOwnerName()
Returns the name of the owner of the agent. If an owner certificate is present and the name is null, the subject of the certificate or the certificate itself encoded as a String is returned.
Returns:
the name if the owner

getAgentName

public final String getAgentName()
Returns the name of the agent
Returns:
the name of the agent

getID

public final String getID()
Returns the unique id of the agent
Returns:
the id of the agent

getHomeAddress

public final URL getHomeAddress()
Returns the URL of the home agent-system of the agent
Returns:
the URL of the agents home system

getAgentPublicKeyName

public final String getAgentPublicKeyName()
Returns the name of the public key of the agent
Returns:
the name of the public key of the agent

getPublicKey

public final PublicKey getPublicKey()
Returns the public key of the agent
Overrides:
getPublicKey in class Certificate
Returns:
the public key of the agent

getOwnerCertificate

public final Certificate getOwnerCertificate()
Returns the certificate of the owner of the agent or null if not present
Returns:
the certificate of the owner or null

toString

public String toString()
Returns a String representation of this identity. Included is the agents and the owners name, the home location and the ID.
Overrides:
toString in class Certificate
Returns:
String representation of the identity

hashCode

public int hashCode()
Returns a hashcode value for the identity.
Overrides:
hashCode in class Certificate
Returns:
a hashcode of the identity
See Also:
Object.hashCode()

equals

public boolean equals(Object other)
Indicates whether some other object is "equal to" this one.
Overrides:
equals in class Certificate
Parameters:
other - the object to compare with
Returns:
true if the objects are equal
See Also:
Object.equals(Object)

getClassificationStatus

public final int getClassificationStatus()
Returns the current status of the classification. Applies to both the regular customer and the certificate classification.
Specified by:
getClassificationStatus in interface AgentClassification
Returns:
the status of the classification
See Also:
AgentClassification

setClassificationStatus

public final void setClassificationStatus(int newStatus)
Sets the status of this classification. Must be one of the constants defined in this interface.
Specified by:
setClassificationStatus in interface AgentClassification
Parameters:
newStatus - the new status
Throws:
SecurityException - if the caller may not modify the status of the classification
See Also:
AgentClassification

getRegularCustomerIdentity

public final AgentIdentity getRegularCustomerIdentity()
Returns the identity of the agent. Implementation of the interface RegularCustomerClassification
Specified by:
getRegularCustomerIdentity in interface RegularCustomerClassification
Returns:
the identity of the agent
See Also:
RegularCustomerClassification

getCertificate

public final Certificate getCertificate()
Returns the certificate, which is associated with this classification (which is this object). Implementation of the interface CertificateClassification
Specified by:
getCertificate in interface CertificateClassification
Returns:
the certificate associated with this classification (=this)
See Also:
CertificateClassification

deploy

public void deploy(byte[] agentState,
                   byte[] manifestBytes,
                   PrivateKey privateOwnerKey)
            throws InvalidKeyException,
                   NoSuchAlgorithmException,
                   SignatureException
Deploys the agent by signing the current state (i. e. the initialization parameters) and the code used if applicable (digest over the code signatures)
Parameters:
agentState - the state of the agent (serialized)
manifestBytes - the manifest of the agent (including the code signatures, if any)
privateOwnerKey - private key of the owner
Throws:
InvalidKeyException - if one of the private keys provided is invalid
NoSuchAlgorithmException - if one of the algorithms provided is unknown
SignatureException - if an error occured during signing or the agent is alread deployed

verifyDeployCodeSignature

public void verifyDeployCodeSignature(byte[] manifestBytes)
                               throws NoSuchAlgorithmException,
                                      InvalidKeyException,
                                      SignatureException
Verifys the signature on the code manifest
Parameters:
manifestBytes - the manifest of the agent (including the code signatures, if any)
Throws:
InvalidKeyException - if one of the private keys provided is invalid
NoSuchAlgorithmException - if one of the algorithms provided is unknown
SignatureException - if an error occured during verification or the verification failed

codeDeployed

public boolean codeDeployed()
Returns whether the manifest of the code package (including the digests of all the code files) was signed by the owner upon sending it on this job.
Returns:
true if the code was deployed by the owner

initialStateDeployed

public boolean initialStateDeployed()
Returns whether this agent's state was signed by the owner upon sending them on this job.
Returns:
true if the initialization state was deployed by the owner

copy

public AgentIdentity copy()
Returns a (shallow) copy of this identity.
Returns:
copy of this object

Agent System POND 1.2 (28.2.2002)

Submit a bug

Copyright 2001,2002 Michael Sonntag & Institute for Information Processing and Microprocessor Technology (FIM), Johannes-Kepler-University Linz, Altenbergerstr. 69, A-4040 Linz, Austria.