Package io.token.security
Interface CryptoEngine
-
- All Known Implementing Classes:
KeyStoreCryptoEngine
,TokenCryptoEngine
public interface CryptoEngine
Provides cryptographic support for secret management.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description io.token.security.Signer
createSigner(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel)
Creates a new signer that uses a key of specified level.
Note, that if there are several same-level keys, a random one is used to create a signer.io.token.security.Signer
createSigner(java.lang.String keyId)
Creates a new signer using a key with a specified id.default io.token.security.Signer
createSignerForLevelAtLeast(io.token.proto.common.security.SecurityProtos.Key.Level minKeyLevel)
Creates a new signer that uses a key of specified level or higher (if no key of the specified level can be found).
Note, that if there are several same-level keys, a random one is used to create a signer.io.token.security.Verifier
createVerifier(java.lang.String keyId)
Verifies the payload signature.void
deleteKeys()
Deletes all the keys of this CryptoEngine.io.token.proto.common.security.SecurityProtos.Key
generateKey(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel)
Generates keys of the specified level.io.token.proto.common.security.SecurityProtos.Key
generateKey(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel, long expiresAtMs)
Generates a key of the specified level with the provided expiration date.java.util.List<io.token.proto.common.security.SecurityProtos.Key>
getPublicKeys()
Returns public keys that the CryptoEngine can use to sign.
-
-
-
Method Detail
-
generateKey
io.token.proto.common.security.SecurityProtos.Key generateKey(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel)
Generates keys of the specified level. If the key with the specified level already exists, it is replaced. Old key is still kept around because it could be used for signature verification later.- Parameters:
keyLevel
- key privilege level- Returns:
- newly generated key information
-
generateKey
io.token.proto.common.security.SecurityProtos.Key generateKey(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel, long expiresAtMs)
Generates a key of the specified level with the provided expiration date. If the key with the specified level already exists, they both are maintained in the crypto engine.- Parameters:
keyLevel
- key privilege levelexpiresAtMs
- expiration date in milliseconds- Returns:
- newly generated key information
-
createSignerForLevelAtLeast
default io.token.security.Signer createSignerForLevelAtLeast(io.token.proto.common.security.SecurityProtos.Key.Level minKeyLevel)
Creates a new signer that uses a key of specified level or higher (if no key of the specified level can be found).
Note, that if there are several same-level keys, a random one is used to create a signer. If you need to create a signer for a specific key, create a signer using the key id.- Parameters:
minKeyLevel
- minimum level of the key to use- Returns:
- signer that is used to generate digital signatures
-
createSigner
io.token.security.Signer createSigner(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel)
Creates a new signer that uses a key of specified level.
Note, that if there are several same-level keys, a random one is used to create a signer. If you need to create a signer for a specific key, create a signer using the key id.- Parameters:
keyLevel
- level of the key to use- Returns:
- signer that is used to generate digital signatures
-
createSigner
io.token.security.Signer createSigner(java.lang.String keyId)
Creates a new signer using a key with a specified id.- Parameters:
keyId
- key id- Returns:
- signer that is used to generate digital signatures
-
createVerifier
io.token.security.Verifier createVerifier(java.lang.String keyId)
Verifies the payload signature.- Parameters:
keyId
- key id- Returns:
- signature verifier
-
getPublicKeys
java.util.List<io.token.proto.common.security.SecurityProtos.Key> getPublicKeys()
Returns public keys that the CryptoEngine can use to sign.- Returns:
- list of public keys
-
deleteKeys
void deleteKeys()
Deletes all the keys of this CryptoEngine.
-
-