VaultManager (security 2.6.50 API)

java.lang.Object
- net.e6tech.elements.security.vault.VaultManager

public class VaultManager
extends java.lang.Object

Created by futeh.

Field Summary

Fields
Modifier and Type	Field and Description
`static java.lang.String`	`DATA_VAULT`
`static java.lang.String`	`KEY_VAULT`
`static java.lang.String`	`LOCAL_VAULT`
`static java.lang.String`	`USER_VAULT`

Constructor Summary

Constructors
Constructor and Description

VaultManager()

Constructors
Constructor and Description
`VaultManager()`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected void`	`addKey(ClearText ct)`
`void`	`addKeyPair(DualEntry dualEntry, java.lang.String alias)` Adding a public private key.
`void`	`addSecretData(DualEntry dualEntry, java.lang.String alias, ClearText ct)` Adding secret to the data vault.
`void`	`addUser(Credential newUser, Credential existingUser)`
`void`	`changePassphrase(DualEntry dualEntry)` Change secret password.
`void`	`changePassword(java.lang.String user, char[] oldPwd, char[] newPwd)`
`void`	`close()`
`byte[]`	`decrypt(Credential credential, java.lang.String secret)`
`byte[]`	`decrypt(Credential credential, java.lang.String key, java.lang.String secret, java.lang.String iv)`
`byte[]`	`decryptPrivate(java.lang.String secret)`
`java.lang.String`	`encrypt(Credential credential, java.lang.String key, byte[] data, java.lang.String iv)`
`java.lang.String`	`encryptPublic(byte[] data)`
`static byte[]`	`generateEncodedAsymmetricKey(AsymmetricCipher asymmetricCipher)` Generate an asymmetric key pair, return encoded key components
`java.lang.String`	`generateKey(DualEntry dualEntry)`
`java.lang.String`	`generateKey(DualEntry dualEntry, boolean asymmetricKey)`
`AsymmetricCipher`	`getAsymmetricCipher()`
`ClearText`	`getKey(DualEntry dualEntry, java.lang.String keyAlias, java.lang.String version)`
`protected ClearText`	`getKey(java.lang.String keyAlias, java.lang.String version)`
`VaultStore`	`getKeyDataStore()`
`java.security.spec.RSAPublicKeySpec`	`getPublicKey()`
`ClearText`	`getSecretData(Credential credential, java.lang.String alias)`
`ClearText`	`getSecretData(Credential credential, java.lang.String alias, java.lang.String version)`
`ClearText`	`getSignature()`
`SymmetricCipher`	`getSymmetricCipher()`
`VaultStore`	`getUserLocalStore()`
`java.lang.String`	`importData(DualEntry dualEntry, java.lang.String plainData, java.lang.String iv)`
`java.lang.String`	`importData(DualEntry dualEntry, java.lang.String plainData, java.lang.String iv, java.lang.String version)`
`java.lang.String`	`importKey(DualEntry dualEntry, java.lang.String plainKey, java.lang.String iv)` Imports a plan key.
`java.lang.String`	`importKey(DualEntry dualEntry, java.lang.String plainKey, java.lang.String iv, boolean asymmetricKey)` Imports a plan key.
`java.lang.String`	`importKey(DualEntry dualEntry, java.lang.String plainKey, java.lang.String iv, boolean asymmetricKey, java.lang.String version)` Imports a plan key.
`java.lang.String`	`importKey(DualEntry dualEntry, java.lang.String plainKey, java.lang.String iv, java.lang.String version)` Imports a plan key.
`byte[]`	`internalDecrypt(java.lang.String encoded)`
`java.util.Set<java.lang.String>`	`listUsers()`
`void`	`newMasterKey(DualEntry dualEntry)`
`void`	`open(DualEntry dualEntry)`
`void`	`passphraseLock(DualEntry dualEntry, java.lang.String alias, ClearText ct)`
`ClearText`	`passphraseUnlock(Credential credential, java.lang.String alias)`
`void`	`restore(DualEntry dualEntry, java.lang.String version)`
`void`	`save()`
`void`	`setKeyDataStore(VaultStore keyDataStore)`
`void`	`setUserLocalStore(VaultStore userLocalStore)`
`boolean`	`validateUser(java.lang.String user, char[] password)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

KEY_VAULT

public static final java.lang.String KEY_VAULT

See Also:: Constant Field Values

USER_VAULT

public static final java.lang.String USER_VAULT

See Also:: Constant Field Values

DATA_VAULT

public static final java.lang.String DATA_VAULT

See Also:: Constant Field Values

LOCAL_VAULT

public static final java.lang.String LOCAL_VAULT

See Also:: Constant Field Values

Constructor Detail
- VaultManager
```
public VaultManager()
```

Method Detail

getKeyDataStore
```
public VaultStore getKeyDataStore()
```

setKeyDataStore

public void setKeyDataStore(VaultStore keyDataStore)

getUserLocalStore
```
public VaultStore getUserLocalStore()
```

setUserLocalStore

public void setUserLocalStore(VaultStore userLocalStore)

getSymmetricCipher

public SymmetricCipher getSymmetricCipher()

getAsymmetricCipher

public AsymmetricCipher getAsymmetricCipher()

getPublicKey

public java.security.spec.RSAPublicKeySpec getPublicKey()
                                                 throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

validateUser

public boolean validateUser(java.lang.String user,
                            char[] password)

addKeyPair
```
public void addKeyPair(DualEntry dualEntry,
                       java.lang.String alias)
                throws java.security.GeneralSecurityException
```
Adding a public private key. The key is treated as if it is regular data and store in the data vault. As always, data vault items are encrypted with m-key

Parameters:

dualEntry - dual entry containing authentication info for two users.

alias - alias of the key

Throws:

java.security.GeneralSecurityException - general exception

addSecretData
```
public void addSecretData(DualEntry dualEntry,
                          java.lang.String alias,
                          ClearText ct)
                   throws java.security.GeneralSecurityException
```
Adding secret to the data vault. It will be encrypted by m-key when stored.

Parameters:

dualEntry - dual entry containing authentication info for two users.

alias - alias of the secret data

ct - clear text of the secret

Throws:

java.security.GeneralSecurityException - general exception

getSecretData

public ClearText getSecretData(Credential credential,
                               java.lang.String alias)
                        throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

getSecretData

public ClearText getSecretData(Credential credential,
                               java.lang.String alias,
                               java.lang.String version)
                        throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

generateKey

public java.lang.String generateKey(DualEntry dualEntry)
                             throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

generateKey

public java.lang.String generateKey(DualEntry dualEntry,
                                    boolean asymmetricKey)
                             throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

generateEncodedAsymmetricKey
```
public static byte[] generateEncodedAsymmetricKey(AsymmetricCipher asymmetricCipher)
                                           throws java.security.GeneralSecurityException
```
Generate an asymmetric key pair, return encoded key components

Parameters:

asymmetricCipher - the AsymmetricCipher

Returns:

the generated encoded key pair

Throws:

java.security.GeneralSecurityException - general exception

importKey

public java.lang.String importKey(DualEntry dualEntry,
                                  java.lang.String plainKey,
                                  java.lang.String iv)
                           throws java.security.GeneralSecurityException

Imports a plan key. It's stored encrypted by latest master ky.

Parameters:: dualEntry - dual entry; plainKey - plain key; iv - initialization vector. If null, randomly generated
Returns:: encrypted key
Throws:: java.security.GeneralSecurityException

importKey

public java.lang.String importKey(DualEntry dualEntry,
                                  java.lang.String plainKey,
                                  java.lang.String iv,
                                  java.lang.String version)
                           throws java.security.GeneralSecurityException

Imports a plan key. It's stored encrypted by latest master ky.

Parameters:: dualEntry - dual entry; plainKey - plain key; iv - initialization vector. If null, randomly generated; version - key version. If null, randomly generated
Returns:: encrypted key
Throws:: java.security.GeneralSecurityException

importKey

public java.lang.String importKey(DualEntry dualEntry,
                                  java.lang.String plainKey,
                                  java.lang.String iv,
                                  boolean asymmetricKey)
                           throws java.security.GeneralSecurityException

Imports a plan key. It's stored encrypted by latest master ky.

Parameters:: dualEntry - dual entry; plainKey - plain key; iv - initialization vector. If null, randomly generated; asymmetricKey - whether the key is asymmetric key
Returns:: encrypted key
Throws:: java.security.GeneralSecurityException

importKey

public java.lang.String importKey(DualEntry dualEntry,
                                  java.lang.String plainKey,
                                  java.lang.String iv,
                                  boolean asymmetricKey,
                                  java.lang.String version)
                           throws java.security.GeneralSecurityException

Imports a plan key. It's stored encrypted by latest master ky.

Parameters:: dualEntry - dual entry; plainKey - plain key; iv - initialization vector. If null, randomly generated; asymmetricKey - whether the key is asymmetric key; version - key version. If null, randomly generated
Returns:: encrypted key
Throws:: java.security.GeneralSecurityException

importData

public java.lang.String importData(DualEntry dualEntry,
                                   java.lang.String plainData,
                                   java.lang.String iv)
                            throws java.security.GeneralSecurityException

Parameters:: dualEntry - dual entry; plainData - the plain data to be imported; iv - initialization vector. If null, randomly generated
Returns:: encrypted data
Throws:: java.security.GeneralSecurityException

importData

public java.lang.String importData(DualEntry dualEntry,
                                   java.lang.String plainData,
                                   java.lang.String iv,
                                   java.lang.String version)
                            throws java.security.GeneralSecurityException

Parameters:: dualEntry - dual entry; version - version of the master key. If null, use the latest version.; plainData - the plain data to be imported; iv - initialization vector. If null, randomly generated
Returns:: encrypted data
Throws:: java.security.GeneralSecurityException

encrypt

public java.lang.String encrypt(Credential credential,
                                java.lang.String key,
                                byte[] data,
                                java.lang.String iv)
                         throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

decrypt

public byte[] decrypt(Credential credential,
                      java.lang.String key,
                      java.lang.String secret,
                      java.lang.String iv)
               throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

decrypt

public byte[] decrypt(Credential credential,
                      java.lang.String secret)
               throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

encryptPublic

public java.lang.String encryptPublic(byte[] data)
                               throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

decryptPrivate

public byte[] decryptPrivate(java.lang.String secret)
                      throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

addUser

public void addUser(Credential newUser,
                    Credential existingUser)
             throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

changePassword

public void changePassword(java.lang.String user,
                           char[] oldPwd,
                           char[] newPwd)
                    throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

passphraseLock

public void passphraseLock(DualEntry dualEntry,
                           java.lang.String alias,
                           ClearText ct)
                    throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

passphraseUnlock

public ClearText passphraseUnlock(Credential credential,
                                  java.lang.String alias)
                           throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

newMasterKey

public void newMasterKey(DualEntry dualEntry)
                  throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

getSignature
```
public ClearText getSignature()
```

changePassphrase
```
public void changePassphrase(DualEntry dualEntry)
                      throws java.security.GeneralSecurityException
```
Change secret password. We need to take the following steps: 1. check user access. 2. generate new components for user 1 and 2. 3. remove all other users 4. re-encrypt everything in local vault 5. re-encrypt keys in the database. We need to iterate through all version for each alias.

Parameters:

dualEntry - dual entry containing authentication info for two users.

Throws:

java.security.GeneralSecurityException - general security exception

restore

public void restore(DualEntry dualEntry,
                    java.lang.String version)
             throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

internalDecrypt

public byte[] internalDecrypt(java.lang.String encoded)
                       throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

save

public void save()
          throws java.io.IOException

Throws:: java.io.IOException

close

public void close()
           throws java.io.IOException

Throws:: java.io.IOException

open

public void open(DualEntry dualEntry)
          throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

getKey

public ClearText getKey(DualEntry dualEntry,
                        java.lang.String keyAlias,
                        java.lang.String version)
                 throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

getKey

protected ClearText getKey(java.lang.String keyAlias,
                           java.lang.String version)
                    throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

addKey

protected void addKey(ClearText ct)
               throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

listUsers

public java.util.Set<java.lang.String> listUsers()
                                          throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

Class VaultManager

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

KEY_VAULT

USER_VAULT

DATA_VAULT

LOCAL_VAULT

Constructor Detail

VaultManager

Method Detail

getKeyDataStore

setKeyDataStore

getUserLocalStore

setUserLocalStore

getSymmetricCipher

getAsymmetricCipher

getPublicKey

validateUser

addKeyPair

addSecretData

getSecretData

getSecretData

generateKey

generateKey

generateEncodedAsymmetricKey

importKey

importKey

importKey

importKey

importData

importData

encrypt

decrypt

decrypt

encryptPublic

decryptPrivate

addUser

changePassword

passphraseLock

passphraseUnlock

newMasterKey

getSignature

changePassphrase

restore

internalDecrypt

save

close

open

getKey

getKey

addKey

listUsers