Package io.token.security
Class TokenCryptoEngine
- java.lang.Object
-
- io.token.security.TokenCryptoEngine
-
- All Implemented Interfaces:
CryptoEngine
public final class TokenCryptoEngine extends java.lang.Object implements CryptoEngine
Token implementation of theCryptoEngine
. The keys are persisted in the provided storage.
-
-
Field Summary
Fields Modifier and Type Field Description static io.token.security.crypto.CryptoType
DEFAULT_CRYPTO_TYPE
-
Constructor Summary
Constructors Constructor Description TokenCryptoEngine(java.lang.String memberId, KeyStore keyStore)
Creates an instance of a crypto engine for the default crypto type (EDDSA).TokenCryptoEngine(java.lang.String memberId, KeyStore keyStore, io.token.security.crypto.CryptoType cryptoType)
Creates an instance.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description io.token.security.Signer
createSigner(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel)
Creates a new signer that uses a key of specified level.
Note, that if there are several same-level keys, a random one is used to create a signer.io.token.security.Signer
createSigner(java.lang.String keyId)
Creates a new signer using a key with a specified id.io.token.security.Verifier
createVerifier(java.lang.String keyId)
Verifies the payload signature.void
deleteKeys()
Deletes all the keys of this CryptoEngine.io.token.proto.common.security.SecurityProtos.Key
generateKey(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel)
Generates keys of the specified level.io.token.proto.common.security.SecurityProtos.Key
generateKey(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel, long expiresAtMs)
Generates a key of the specified level with the provided expiration date.java.util.List<io.token.proto.common.security.SecurityProtos.Key>
getPublicKeys()
Returns public keys that the CryptoEngine can use to sign.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface io.token.security.CryptoEngine
createSignerForLevelAtLeast
-
-
-
-
Constructor Detail
-
TokenCryptoEngine
public TokenCryptoEngine(java.lang.String memberId, KeyStore keyStore)
Creates an instance of a crypto engine for the default crypto type (EDDSA).- Parameters:
memberId
- member IDkeyStore
- key store
-
TokenCryptoEngine
public TokenCryptoEngine(java.lang.String memberId, KeyStore keyStore, io.token.security.crypto.CryptoType cryptoType)
Creates an instance.- Parameters:
memberId
- member IDkeyStore
- key storecryptoType
- crypto type
-
-
Method Detail
-
generateKey
public io.token.proto.common.security.SecurityProtos.Key generateKey(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel)
Description copied from interface:CryptoEngine
Generates keys of the specified level. If the key with the specified level already exists, it is replaced. Old key is still kept around because it could be used for signature verification later.- Specified by:
generateKey
in interfaceCryptoEngine
- Parameters:
keyLevel
- key privilege level- Returns:
- newly generated key information
-
generateKey
public io.token.proto.common.security.SecurityProtos.Key generateKey(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel, long expiresAtMs)
Description copied from interface:CryptoEngine
Generates a key of the specified level with the provided expiration date. If the key with the specified level already exists, they both are maintained in the crypto engine.- Specified by:
generateKey
in interfaceCryptoEngine
- Parameters:
keyLevel
- key privilege levelexpiresAtMs
- expiration date in milliseconds- Returns:
- newly generated key information
-
createSigner
public io.token.security.Signer createSigner(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel)
Description copied from interface:CryptoEngine
Creates a new signer that uses a key of specified level.
Note, that if there are several same-level keys, a random one is used to create a signer. If you need to create a signer for a specific key, create a signer using the key id.- Specified by:
createSigner
in interfaceCryptoEngine
- Parameters:
keyLevel
- level of the key to use- Returns:
- signer that is used to generate digital signatures
-
createSigner
public io.token.security.Signer createSigner(java.lang.String keyId)
Description copied from interface:CryptoEngine
Creates a new signer using a key with a specified id.- Specified by:
createSigner
in interfaceCryptoEngine
- Parameters:
keyId
- key id- Returns:
- signer that is used to generate digital signatures
-
createVerifier
public io.token.security.Verifier createVerifier(java.lang.String keyId)
Description copied from interface:CryptoEngine
Verifies the payload signature.- Specified by:
createVerifier
in interfaceCryptoEngine
- Parameters:
keyId
- key id- Returns:
- signature verifier
-
getPublicKeys
public java.util.List<io.token.proto.common.security.SecurityProtos.Key> getPublicKeys()
Description copied from interface:CryptoEngine
Returns public keys that the CryptoEngine can use to sign.- Specified by:
getPublicKeys
in interfaceCryptoEngine
- Returns:
- list of public keys
-
deleteKeys
public void deleteKeys()
Description copied from interface:CryptoEngine
Deletes all the keys of this CryptoEngine.- Specified by:
deleteKeys
in interfaceCryptoEngine
-
-