SecureTokenManager (Atavism Server API

java.lang.Object
- atavism.server.util.SecureTokenManager

```
public class SecureTokenManager
extends java.lang.Object
```
The SecureTokenManager manages the creation and validation of secure tokens. It keeps track of tokens that have been used, and enforces single-use and expiration. It also manages the keys used for token creation and validation.
To initialize the manager to decode master tokens, you must supply at least one key to registerMasterPublicKey(). To generate master tokens, you must use initMaster() to provide a master private key capable of signing tokens. To process domain tokens, initDomain() must be called with a domain key.
It is possible to call initDomain() to rekey the server. Old keys will still be available for validating tokens, but new tokens will only be created with the new key. There is not currently any mechanism to expire old domain keys while a server is running.
To generate a token, create a SecureTokenSpec object and pass it to generateToken().
To import a token, pass the data to importToken(), then check the valid flag to ensure it is a valid token.

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

protected class SecureTokenManager.IssuerHistory

Nested Classes
Modifier and Type	Class and Description
`protected class`	`SecureTokenManager.IssuerHistory`

Field Summary

Fields
Modifier and Type	Field and Description
`protected long`	`domainKeyId`
`protected java.util.Map<java.lang.Long,javax.crypto.SecretKey>`	`domainKeys`
`protected static SecureTokenManager`	`instance`
`protected java.util.Map<java.lang.String,SecureTokenManager.IssuerHistory>`	`issuerHistories`
`protected long`	`lastTokenId`
`protected long`	`masterKeyId`
`protected java.security.PrivateKey`	`masterPrivateKey`
`protected java.util.Map<java.lang.Long,java.security.PublicKey>`	`masterPublicKeys`

Constructor Summary

Constructors
Modifier Constructor and Description

protected SecureTokenManager()

Constructors
Modifier	Constructor and Description
`protected`	`SecureTokenManager()`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected byte[]`	`generateDomainAuthenticator(javax.crypto.SecretKey key, byte[] data)`
`protected byte[]`	`generateMasterAuthenticator(java.security.PrivateKey key, byte[] data)`
`byte[]`	`generateToken(SecureTokenSpec spec)` Generate and encode a new token from the supplied spec.
`byte[]`	`getEncodedDomainKey()`
`static SecureTokenManager`	`getInstance()`
`boolean`	`hasDomainKey()`
`SecureToken`	`importToken(AOByteBuffer tokenBuf)`
`SecureToken`	`importToken(byte[] encodedToken)` import a serialized token, decoding it into a SecureToken object and checking it for validity.
`void`	`initDomain(byte[] domainKey)` Initialize domain key to generate and validate domain tokens.
`void`	`initMaster(byte[] encodedPrivKey)` Initialize master private key to generate master tokens, used only by the master server.
`protected void`	`issuerAddToken(java.lang.String issuerId, long tokenId, long expiry)`
`protected boolean`	`issuerAlreadyUsed(java.lang.String issuerId, long tokenId)`
`protected void`	`issuerCleanup(java.lang.String issuerId, long time)`
`static void`	`main(java.lang.String[] args)`
`protected long`	`nextTokenId()`
`void`	`registerMasterPublicKey(byte[] encodedPubKey)` Register a master public key, for use in validating master tokens.
`protected boolean`	`validateDomainAuthenticator(javax.crypto.SecretKey key, byte[] data, byte[] authenticator)`
`protected boolean`	`validateMasterAuthenticator(java.security.PublicKey key, byte[] data, byte[] authenticator)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

instance

protected static SecureTokenManager instance

lastTokenId
```
protected long lastTokenId
```

domainKeyId
```
protected long domainKeyId
```

domainKeys

protected java.util.Map<java.lang.Long,javax.crypto.SecretKey> domainKeys

masterPublicKeys

protected java.util.Map<java.lang.Long,java.security.PublicKey> masterPublicKeys

masterPrivateKey

protected java.security.PrivateKey masterPrivateKey

masterKeyId
```
protected long masterKeyId
```

issuerHistories

protected java.util.Map<java.lang.String,SecureTokenManager.IssuerHistory> issuerHistories

Constructor Detail
- SecureTokenManager
```
protected SecureTokenManager()
```

Method Detail

getInstance

public static SecureTokenManager getInstance()

importToken
```
public SecureToken importToken(byte[] encodedToken)
```
import a serialized token, decoding it into a SecureToken object and checking it for validity.
The caller must check the valid flag on the generated token before doing anything with it.
A token may only be imported once. Attempting to import the same encodedToken again will return a SecureToken object with the valid flag set to false.

importToken

public SecureToken importToken(AOByteBuffer tokenBuf)

generateToken
```
public byte[] generateToken(SecureTokenSpec spec)
```
Generate and encode a new token from the supplied spec.

generateDomainAuthenticator

protected byte[] generateDomainAuthenticator(javax.crypto.SecretKey key,
                                             byte[] data)

validateDomainAuthenticator

protected boolean validateDomainAuthenticator(javax.crypto.SecretKey key,
                                              byte[] data,
                                              byte[] authenticator)

generateMasterAuthenticator

protected byte[] generateMasterAuthenticator(java.security.PrivateKey key,
                                             byte[] data)

validateMasterAuthenticator

protected boolean validateMasterAuthenticator(java.security.PublicKey key,
                                              byte[] data,
                                              byte[] authenticator)

registerMasterPublicKey
```
public void registerMasterPublicKey(byte[] encodedPubKey)
```
Register a master public key, for use in validating master tokens.

initMaster
```
public void initMaster(byte[] encodedPrivKey)
```
Initialize master private key to generate master tokens, used only by the master server.

initDomain
```
public void initDomain(byte[] domainKey)
```
Initialize domain key to generate and validate domain tokens. This should be called by every server that will deal with tokens after fetching the domain key from the domain server.

nextTokenId
```
protected long nextTokenId()
```

getEncodedDomainKey
```
public byte[] getEncodedDomainKey()
```

hasDomainKey
```
public boolean hasDomainKey()
```

issuerAlreadyUsed

protected boolean issuerAlreadyUsed(java.lang.String issuerId,
                                    long tokenId)

issuerAddToken

protected void issuerAddToken(java.lang.String issuerId,
                              long tokenId,
                              long expiry)

issuerCleanup

protected void issuerCleanup(java.lang.String issuerId,
                             long time)

main

public static void main(java.lang.String[] args)

Class SecureTokenManager

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

instance

lastTokenId

domainKeyId

domainKeys

masterPublicKeys

masterPrivateKey

masterKeyId

issuerHistories

Constructor Detail

SecureTokenManager

Method Detail

getInstance

importToken

importToken

generateToken

generateDomainAuthenticator

validateDomainAuthenticator

generateMasterAuthenticator

validateMasterAuthenticator

registerMasterPublicKey

initMaster

initDomain

nextTokenId

getEncodedDomainKey

hasDomainKey

issuerAlreadyUsed

issuerAddToken

issuerCleanup

main