com.waveset.adapter
Class RASecureConnection

java.lang.Object
  extended bycom.waveset.adapter.RASecureConnection

public class RASecureConnection
extends java.lang.Object

This class handles both the "client" and the "server" side of a connection. It does mutual authentication (via the RASecureChallenge class) and has an embedded encryption class (RAEncryptor).


Nested Class Summary
static interface RASecureConnection.RASecureConnectionAccessor
           
 
Field Summary
static int _defaultPort
           
protected static Trace _trace
           
static java.lang.String code_id
           
static int MAX_COMMAND_SIZE
           
 
Constructor Summary
RASecureConnection(java.net.InetAddress addr, int port, byte[] key)
           
RASecureConnection(java.net.Socket socket, byte[] key)
           
RASecureConnection(java.lang.String host, int port, byte[] key)
           
 
Method Summary
 void close()
           
 void Disconnect()
           
 void ExchangeAuth(boolean isInitiator)
          Deprecated. , replaced by ExchangeAuth(boolean,byte[])
 void ExchangeAuth(boolean isInitiator, byte[] resourceName)
          Trade authentication messages with remote side.
 void FailConnection()
           
 java.util.Map getApplicationData()
          Returns a refernce to the actual application data map.
 java.lang.Object getApplicationDataValue(java.lang.Object key)
          The application using the secure connection can get data back that it previously stashed on the connection.
 long getLastUse()
           
 int getProtocolVersion()
           
 boolean inUse()
           
 boolean isOk()
           
 boolean lease(AgentConnectionPool pool)
           
 void putApplicationDataValue(java.lang.Object key, java.lang.Object value)
          The application using the secure connection can stash data about the connection here and get it back later.
 byte[] ReceivePrivate()
          ReceivePrivate The data coming in looks like: int length;// 4 bytes, length of unpadded data, sequence#, flags, + MAC int flags;// 4 bytes, {encrypted, keychange, 30 reserved} int sequenceNumber; // increments 1 per Send() call byte[] user data...
 byte[] ReceivePrivate(int rxFlags)
           
 byte[] ReceivePrivate(int rxFlags, long timeout)
           
 byte[] ReceivePrivate(long timeout)
           
 void ResetEncryption(byte[] key)
           
 void returnConnection(boolean isBogus)
           
 boolean SendConnectionKey(byte[] key)
          SendConnectionKey Send a new encryption key to the remote end.
 void SendPrivate(byte[] buf)
          SendPrivate(byte[] buf) Always make a copy of buf to add sequence number and padding before encryption Send the requested bytes as a block, wrapping them with the length and optionally a MAC (message authentication code, basically a secure checksum to validate that the data has not been messed with).
 void SendPrivate(byte[] buf, int flags)
           
 void SendPrivate(byte[] buf, int flags, long timeout)
           
 void SendPrivate(byte[] buf, long timeout)
           
 void setGatewayKeyView(GenericObject view)
           
 void setLighthouseContext(LighthouseContext ctx)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

code_id

public static final java.lang.String code_id
See Also:
Constant Field Values

_defaultPort

public static int _defaultPort

MAX_COMMAND_SIZE

public static final int MAX_COMMAND_SIZE
See Also:
Constant Field Values

_trace

protected static final Trace _trace
Constructor Detail

RASecureConnection

public RASecureConnection(java.net.Socket socket,
                          byte[] key)
                   throws java.io.IOException

RASecureConnection

public RASecureConnection(java.net.InetAddress addr,
                          int port,
                          byte[] key)
                   throws java.io.IOException

RASecureConnection

public RASecureConnection(java.lang.String host,
                          int port,
                          byte[] key)
                   throws java.io.IOException
Method Detail

putApplicationDataValue

public void putApplicationDataValue(java.lang.Object key,
                                    java.lang.Object value)
The application using the secure connection can stash data about the connection here and get it back later.


getApplicationDataValue

public java.lang.Object getApplicationDataValue(java.lang.Object key)
The application using the secure connection can get data back that it previously stashed on the connection.


getApplicationData

public java.util.Map getApplicationData()
Returns a refernce to the actual application data map. Changes made to the returned Map will be reflected in the secure connection's application data.


SendPrivate

public void SendPrivate(byte[] buf)
                 throws java.io.IOException
SendPrivate(byte[] buf) Always make a copy of buf to add sequence number and padding before encryption Send the requested bytes as a block, wrapping them with the length and optionally a MAC (message authentication code, basically a secure checksum to validate that the data has not been messed with). There are lots of MACs in the world. The one that we use is free but not the strongest. If you want strength, use SHA or MD5. We use the chaining result from the encryption of the block. For non chained cyphers, we just re-encrypt the last block of the data. The final data out looks like: int length;// 4 bytes, length of unpadded user data, flags, sequence# + MAC int flags;// 4 bytes int sequenceNumber; // increments 1 per Send() call byte[] user data... byte[] padding; // make data size up to encryption size byte[] MAC; // Message signature, includes sequence # and padding From sequenceNumber through padding is encrypted. The initial length and MAC are sent in the clear.

Throws:
java.io.IOException

SendPrivate

public void SendPrivate(byte[] buf,
                        int flags)
                 throws java.io.IOException
Throws:
java.io.IOException

SendPrivate

public void SendPrivate(byte[] buf,
                        long timeout)
                 throws java.io.IOException
Throws:
java.io.IOException

SendPrivate

public void SendPrivate(byte[] buf,
                        int flags,
                        long timeout)
                 throws java.io.IOException
Throws:
java.io.IOException

ReceivePrivate

public byte[] ReceivePrivate()
                      throws java.io.IOException,
                             java.net.ProtocolException
ReceivePrivate The data coming in looks like: int length;// 4 bytes, length of unpadded data, sequence#, flags, + MAC int flags;// 4 bytes, {encrypted, keychange, 30 reserved} int sequenceNumber; // increments 1 per Send() call byte[] user data... byte[] padding; // make data size up to encryption size byte[] MAC; // Message signature, includes sequence # and padding From sequenceNumber through padding is encrypted. The initial length and MAC are sent in the clear. Upon return, the byte array will contain the user data - no padding, MAC, or sequence number.

Throws:
java.io.IOException
java.net.ProtocolException

ReceivePrivate

public byte[] ReceivePrivate(int rxFlags)
                      throws java.io.IOException,
                             java.net.ProtocolException
Throws:
java.io.IOException
java.net.ProtocolException

ReceivePrivate

public byte[] ReceivePrivate(long timeout)
                      throws java.io.IOException,
                             java.net.ProtocolException
Throws:
java.io.IOException
java.net.ProtocolException

ReceivePrivate

public byte[] ReceivePrivate(int rxFlags,
                             long timeout)
                      throws java.io.IOException,
                             java.net.ProtocolException
Throws:
java.io.IOException
java.net.ProtocolException

FailConnection

public void FailConnection()
                    throws java.io.IOException
Throws:
java.io.IOException

ResetEncryption

public void ResetEncryption(byte[] key)
                     throws java.security.InvalidKeyException
Throws:
java.security.InvalidKeyException

SendConnectionKey

public boolean SendConnectionKey(byte[] key)
                          throws java.io.IOException,
                                 java.net.ProtocolException,
                                 java.security.InvalidKeyException
SendConnectionKey Send a new encryption key to the remote end. With a successful result, the session key will change to this new key.

Throws:
java.io.IOException
java.net.ProtocolException
java.security.InvalidKeyException

ExchangeAuth

public void ExchangeAuth(boolean isInitiator)
                  throws java.io.IOException,
                         java.security.InvalidKeyException
Deprecated. , replaced by ExchangeAuth(boolean,byte[])

Throws:
java.io.IOException
java.security.InvalidKeyException

ExchangeAuth

public void ExchangeAuth(boolean isInitiator,
                         byte[] resourceName)
                  throws java.lang.SecurityException,
                         java.io.IOException,
                         java.security.InvalidKeyException
Trade authentication messages with remote side. Initial messages are encrypted with the private key. If we are the initiator (we made the connect() call to the remote end), start by sending the challenge. If we are the initiatee, wait a short while for the challenge, then punt. The WPS system is always the initiator (the other code is just for testing and not maintained). There are several keys used in the connection: - the default key which encrypts the first challenge - the resource key which is used by the remote side to encrypt the challenge response - the session key which is derived from the random numbers used in the challenges So the key sequence goes: SetKey(default key) => Send challenge SetKey(resource key) => validate response SetKey(session key) => send response response The rest of the code has no idea about when the keys change. The session key is generated from the default key, the random numbers, and the resource key.

Throws:
java.lang.SecurityException
java.io.IOException
java.security.InvalidKeyException

inUse

public boolean inUse()

isOk

public boolean isOk()

lease

public boolean lease(AgentConnectionPool pool)

getLastUse

public long getLastUse()

close

public void close()

Disconnect

public void Disconnect()
                throws java.io.IOException
Throws:
java.io.IOException

returnConnection

public void returnConnection(boolean isBogus)

setGatewayKeyView

public void setGatewayKeyView(GenericObject view)

setLighthouseContext

public void setLighthouseContext(LighthouseContext ctx)

getProtocolVersion

public int getProtocolVersion()