org.eclipse.californium.scandium.dtls.pskstore

Class AdvancedMultiPskStore

java.lang.Object

org.eclipse.californium.scandium.dtls.pskstore.AdvancedMultiPskStore

All Implemented Interfaces:

Destroyable, AdvancedPskStore

public class AdvancedMultiPskStore
extends Object
implements AdvancedPskStore, Destroyable

AdvancedPskStore implementation supporting multiple peers.

If you don't need to initiate handshake/connection, you could just add identity/key with setKey(String, byte[]) or setKey(PskPublicInformation, byte[]). If you need to initiate connection, you should add known peers with addKnownPeer(InetSocketAddress, String, byte[]) or addKnownPeer(InetSocketAddress, PskPublicInformation, byte[]).

If non-compliant encoded identities are used, please provide PskPublicInformation.PskPublicInformation(String, byte[]) identities with the non-compliant encoded bytes and the intended string.

To be used only for testing and evaluation. You are supposed to store your key in a secure way: keeping them in-memory is not a good idea.

Since:

2.5

Constructor Summary

Constructors

Constructor and Description
AdvancedMultiPskStore()

Method Summary

Methods

Modifier and Type	Method and Description
void	addKnownPeer(InetSocketAddress peerAddress, PskPublicInformation identity, byte[] key) Adds a shared key for a peer.
void	addKnownPeer(InetSocketAddress peerAddress, String identity, byte[] key) Adds a shared key for a peer.
void	addKnownPeer(InetSocketAddress peerAddress, String virtualHost, PskPublicInformation identity, byte[] key) Adds a shared key for a virtual host on a peer.
void	addKnownPeer(InetSocketAddress peerAddress, String virtualHost, String identity, byte[] key) Adds a shared key for a virtual host on a peer.
void	destroy()
PskPublicInformation	getIdentity(InetSocketAddress peerAddress, ServerNames virtualHost) Gets the identity to use for a PSK based handshake with a given peer.
boolean	hasEcdhePskSupported() Check, if ECDHE PSK cipher suites are supported.
boolean	isDestroyed()
void	removeKey(PskPublicInformation identity) Removes a key value for a given identity.
void	removeKey(PskPublicInformation identity, ServerName virtualHost) Removes a key for an identity scoped to a virtual host.
void	removeKey(PskPublicInformation identity, String virtualHost) Removes a key for an identity scoped to a virtual host.
void	removeKey(String identity) Removes a key value for a given identity.
void	removeKey(String identity, ServerName virtualHost) Removes a key for an identity scoped to a virtual host.
void	removeKey(String identity, String virtualHost) Removes a key for an identity scoped to a virtual host.
PskSecretResult	requestPskSecretResult(ConnectionId cid, ServerNames serverNames, PskPublicInformation identity, String hmacAlgorithm, SecretKey otherSecret, byte[] seed) Request psk secret result.
void	setKey(PskPublicInformation identity, byte[] key) Sets a key value for a given identity.
void	setKey(PskPublicInformation identity, byte[] key, ServerName virtualHost) Sets a key for an identity scoped to a virtual host.
void	setKey(PskPublicInformation identity, byte[] key, String virtualHost) Sets a key for an identity scoped to a virtual host.
void	setKey(String identity, byte[] key) Sets a key value for a given identity.
void	setKey(String identity, byte[] key, ServerName virtualHost) Sets a key for an identity scoped to a virtual host.
void	setKey(String identity, byte[] key, String virtualHost) Sets a key for an identity scoped to a virtual host.
void	setResultHandler(PskSecretResultHandler resultHandler) Set the handler for asynchronous master secret results.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AdvancedMultiPskStore

public AdvancedMultiPskStore()

Method Detail

hasEcdhePskSupported

public boolean hasEcdhePskSupported()

Description copied from interface: AdvancedPskStore

Check, if ECDHE PSK cipher suites are supported.

Specified by:

hasEcdhePskSupported in interface AdvancedPskStore

Returns:

true, if ECDHE PSK cipher suites are supported, false, if not.

requestPskSecretResult

public PskSecretResult requestPskSecretResult(ConnectionId cid,
                                     ServerNames serverNames,
                                     PskPublicInformation identity,
                                     String hmacAlgorithm,
                                     SecretKey otherSecret,
                                     byte[] seed)

Description copied from interface: AdvancedPskStore

Request psk secret result. Either return the result, or null and process the request asynchronously. The PskSecretResult must contain the CID, the normalized identity and master secret or PSK secret key, if available. If the result is not returned, it is passed asynchronously to the result handler, provided during DTLSConnector initialization by AdvancedPskStore.setResultHandler(PskSecretResultHandler).

Specified by:

requestPskSecretResult in interface AdvancedPskStore

Parameters:

cid - connection id for stateless asynchronous implementations.

serverNames - server names. Maybe null, if SNI is not enabled or not used by the client.

identity - psk identity. Maybe normalized, if identity is available in the store.

hmacAlgorithm - HMAC algorithm name for PRF.

otherSecret - other secret from ECDHE, or null. Must be cloned for asynchronous use. See RFC 5489, other secret

seed - seed for PRF.

Returns:

psk secret result, or null, if result is provided asynchronous.

getIdentity

public PskPublicInformation getIdentity(InetSocketAddress peerAddress,
                               ServerNames virtualHost)

Description copied from interface: AdvancedPskStore

Gets the identity to use for a PSK based handshake with a given peer.

A DTLS client uses this method to determine the identity to include in its CLIENT_KEY_EXCHANGE message during a PSK based DTLS handshake with the peer.

Specified by:

getIdentity in interface AdvancedPskStore

Parameters:

peerAddress - The IP address and port of the peer to perform the handshake with.

virtualHost - The virtual host at the peer to connect to. If null, the identity will be looked up in the global scope.

Returns:

The identity to use or null if no peer with the given address and virtual host is registered.

setResultHandler

public void setResultHandler(PskSecretResultHandler resultHandler)

Description copied from interface: AdvancedPskStore

Set the handler for asynchronous master secret results. Called during initialization of the DTLSConnector. Synchronous implementations may just ignore this using an empty implementation. Note: the type of the handler will change to HandshakeResultHandler with 3.0.

Specified by:

setResultHandler in interface AdvancedPskStore

Parameters:

resultHandler - handler for asynchronous master secret results. This handler MUST NOT be called from the thread calling AdvancedPskStore.requestPskSecretResult(ConnectionId, ServerNames, PskPublicInformation, String, SecretKey, byte[]), instead just return the result there.

destroy

public void destroy()
             throws DestroyFailedException

Specified by:

destroy in interface Destroyable

Throws:

DestroyFailedException

isDestroyed

public boolean isDestroyed()

Specified by:

isDestroyed in interface Destroyable

setKey

public void setKey(String identity,
          byte[] key)

Sets a key value for a given identity.

If the key already exists, it will be replaced.

Parameters:

identity - the identity associated with the key

key - the key used to authenticate the identity

See Also:

setKey(PskPublicInformation, byte[], ServerName)

setKey

public void setKey(PskPublicInformation identity,
          byte[] key)

Sets a key value for a given identity.

If the key already exists, it will be replaced.

Parameters:

identity - the identity associated with the key

key - the key used to authenticate the identity

See Also:

setKey(PskPublicInformation, byte[], ServerName)

setKey

public void setKey(String identity,
          byte[] key,
          String virtualHost)

Sets a key for an identity scoped to a virtual host.

If the key already exists, it will be replaced.

Parameters:

identity - The identity to set the key for.

key - The key to set for the identity.

virtualHost - The virtual host to associate the identity and key with.

See Also:

setKey(PskPublicInformation, byte[], ServerName)

setKey

public void setKey(PskPublicInformation identity,
          byte[] key,
          String virtualHost)

Sets a key for an identity scoped to a virtual host.

If the key already exists, it will be replaced.

Parameters:

identity - The identity to set the key for.

key - The key to set for the identity.

virtualHost - The virtual host to associate the identity and key with.

See Also:

setKey(PskPublicInformation, byte[], ServerName)

setKey

public void setKey(String identity,
          byte[] key,
          ServerName virtualHost)

Sets a key for an identity scoped to a virtual host.

If the key already exists, it will be replaced.

Parameters:

identity - The identity to set the key for.

key - The key to set for the identity.

virtualHost - The virtual host to associate the identity and key with.

See Also:

setKey(PskPublicInformation, byte[], ServerName)

setKey

public void setKey(PskPublicInformation identity,
          byte[] key,
          ServerName virtualHost)

Sets a key for an identity scoped to a virtual host.

If the key already exists, it will be replaced.

Parameters:

identity - The identity to set the key for.

key - The key to set for the identity.

virtualHost - The virtual host to associate the identity and key with.

See Also:

setKey(String, byte[], ServerName)

addKnownPeer

public void addKnownPeer(InetSocketAddress peerAddress,
                String identity,
                byte[] key)

Adds a shared key for a peer.

If the key already exists, it will be replaced.

Parameters:

peerAddress - the IP address and port to use the key for

identity - the PSK identity

key - the shared key

Throws:

NullPointerException - if any of the parameters are null.

See Also:

addKnownPeer(InetSocketAddress, PskPublicInformation, byte[])

addKnownPeer

public void addKnownPeer(InetSocketAddress peerAddress,
                PskPublicInformation identity,
                byte[] key)

Adds a shared key for a peer.

If the key already exists, it will be replaced.

Parameters:

peerAddress - the IP address and port to use the key for

identity - the PSK identity

key - the shared key

Throws:

NullPointerException - if any of the parameters are null.

See Also:

addKnownPeer(InetSocketAddress, String, byte[])

addKnownPeer

public void addKnownPeer(InetSocketAddress peerAddress,
                String virtualHost,
                String identity,
                byte[] key)

Adds a shared key for a virtual host on a peer.

If the key already exists, it will be replaced. serverNames

Parameters:

peerAddress - the IP address and port to use the key for

virtualHost - the virtual host to use the key for

identity - the PSK identity

key - the shared key

Throws:

NullPointerException - if any of the parameters are null.

See Also:

addKnownPeer(InetSocketAddress, String, PskPublicInformation, byte[])

addKnownPeer

public void addKnownPeer(InetSocketAddress peerAddress,
                String virtualHost,
                PskPublicInformation identity,
                byte[] key)

Adds a shared key for a virtual host on a peer.

If the key already exists, it will be replaced. serverNames

Parameters:

peerAddress - the IP address and port to use the key for

virtualHost - the virtual host to use the key for

identity - the PSK identity

key - the shared key

Throws:

NullPointerException - if any of the parameters are null.

See Also:

addKnownPeer(InetSocketAddress, String, String, byte[])

removeKey

public void removeKey(String identity)

Removes a key value for a given identity.

Parameters:

identity - The identity to remove the key for.

See Also:

removeKey(PskPublicInformation, ServerName)

removeKey

public void removeKey(PskPublicInformation identity)

Removes a key value for a given identity.

Parameters:

identity - The identity to remove the key for.

See Also:

removeKey(PskPublicInformation, ServerName)

removeKey

public void removeKey(String identity,
             String virtualHost)

Removes a key for an identity scoped to a virtual host.

Parameters:

identity - The identity to remove the key for.

virtualHost - The virtual host to associate the identity and key with.

See Also:

removeKey(PskPublicInformation, ServerName)

removeKey

public void removeKey(PskPublicInformation identity,
             String virtualHost)

Removes a key for an identity scoped to a virtual host.

Parameters:

identity - The identity to remove the key for.

virtualHost - The virtual host to associate the identity and key with.

See Also:

removeKey(PskPublicInformation, ServerName)

removeKey

public void removeKey(String identity,
             ServerName virtualHost)

Removes a key for an identity scoped to a virtual host.

Parameters:

identity - The identity to remove the key for.

virtualHost - The virtual host to associate the identity with.

See Also:

removeKey(PskPublicInformation, ServerName)

removeKey

public void removeKey(PskPublicInformation identity,
             ServerName virtualHost)

Removes a key for an identity scoped to a virtual host.

Parameters:

identity - The identity to remove the key for.

virtualHost - The virtual host to associate the identity with.