001    /*
002     * Cumulus4j - Securing your data in the cloud - http://cumulus4j.org
003     * Copyright (C) 2011 NightLabs Consulting GmbH
004     *
005     * This program is free software: you can redistribute it and/or modify
006     * it under the terms of the GNU Affero General Public License as
007     * published by the Free Software Foundation, either version 3 of the
008     * License, or (at your option) any later version.
009     *
010     * This program is distributed in the hope that it will be useful,
011     * but WITHOUT ANY WARRANTY; without even the implied warranty of
012     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
013     * GNU Affero General Public License for more details.
014     *
015     * You should have received a copy of the GNU Affero General Public License
016     * along with this program.  If not, see <http://www.gnu.org/licenses/>.
017     */
018    package org.cumulus4j.keymanager.back.shared;
019    
020    import java.util.Date;
021    
022    import javax.xml.bind.annotation.XmlRootElement;
023    
024    import org.cumulus4j.crypto.CryptoRegistry;
025    
026    /**
027     * <p>
028     * {@link Request} implementation to get the currently active encryption key.
029     * </p><p>
030     * In order to prevent an attacker dumping an app-server's memory from gaining access to <b>all</b> the data,
031     * Cumulus4j uses many different keys for encryption. Usually, it rotates the encryption key once per day, but
032     * different settings are possible (e.g. once per hour for the very paranoid).
033     * </p>
034     *
035     * @author Marco หงุ่ยตระกูล-Schulze - marco at nightlabs dot de
036     * @see GetActiveEncryptionKeyResponse
037     */
038    @XmlRootElement
039    public class GetActiveEncryptionKeyRequest extends Request
040    {
041            private static final long serialVersionUID = 1L;
042    
043            private Date timestamp;
044    
045            private String keyEncryptionTransformation;
046    
047            private byte[] keyEncryptionPublicKey;
048    
049            /**
050             * Create an empty instance of <code>GetActiveEncryptionKeyRequest</code>.
051             * Only used for serialisation/deserialisation.
052             */
053            public GetActiveEncryptionKeyRequest() { }
054    
055            /**
056             * Create an instance of <code>GetActiveEncryptionKeyRequest</code> for asking the key-manager about
057             * the currently active encryption key.
058             *
059             * @param cryptoSessionID the identifier of the crypto-session in which the request should be processed.
060             * It must exist and be unlocked for this request to succeed.
061             * @param keyEncryptionTransformation the asymmetric encryption algorithm (with padding) that should be
062             * used by the key-manager to encrypt the symmetric secret key, before sending it to the app-server. For example
063             * "RSA//OAEPWITHSHA1ANDMGF1PADDING".
064             * @param keyEncryptionPublicKey the public key to be used by the key-manager to encrypt the
065             * key when sending it back to the app-server.
066             */
067            public GetActiveEncryptionKeyRequest(String cryptoSessionID, String keyEncryptionTransformation, byte[] keyEncryptionPublicKey) {
068                    super(cryptoSessionID);
069                    this.keyEncryptionTransformation = keyEncryptionTransformation;
070                    this.keyEncryptionPublicKey = keyEncryptionPublicKey;
071                    this.timestamp = new Date();
072            }
073    
074            /**
075             * Get the timestamp which the active encryption key should be determined for. The main reason for this
076             * is to prevent problems when the key-manager's clock is incorrect by using the app-server's timestamp.
077             * @return the timestamp which the active encryption key should be determined for.
078             */
079            public Date getTimestamp() {
080                    return timestamp;
081            }
082    
083            /**
084             * Set the timestamp which the active encryption key should be determined for
085             * @param timestamp the timestamp which the active encryption key should be determined for
086             */
087            public void setTimestamp(Date timestamp) {
088                    this.timestamp = timestamp;
089            }
090    
091            /**
092             * <p>
093             * Get the asymmetric encryption algorithm to be used to encrypt the symmetric secret key.
094             * </p><p>
095             * The key-manager uses this transformation
096             * (which should include a padding, e.g. "RSA//OAEPWITHSHA1ANDMGF1PADDING") to
097             * {@link CryptoRegistry#createCipher(String) obtain a Cipher} for encrypting the secret key
098             * before sending it to the app-server.
099             * </p>
100             * @return the asymmetric encryption algorithm to be used when encrypting the symmetric secret key.
101             * @see #setKeyEncryptionTransformation(String)
102             */
103            public String getKeyEncryptionTransformation() {
104                    return keyEncryptionTransformation;
105            }
106            /**
107             * Set the asymmetric encryption algorithm to be used when encrypting the symmetric secret key.
108             * @param keyEncryptionTransformation the asymmetric encryption algorithm to be used when encrypting the symmetric secret key.
109             * @see #getKeyEncryptionTransformation()
110             */
111            public void setKeyEncryptionTransformation(String keyEncryptionTransformation) {
112                    this.keyEncryptionTransformation = keyEncryptionTransformation;
113            }
114    
115            /**
116             * Get the public key to be used to encrypt the symmetric secret key.
117             * @return the public key to be used to encrypt the symmetric secret key.
118             */
119            public byte[] getKeyEncryptionPublicKey() {
120                    return keyEncryptionPublicKey;
121            }
122            /**
123             * Set the public key to be used to encrypt the symmetric secret key.
124             * @param keyEncryptionPublicKey the public key to be used to encrypt the symmetric secret key.
125             */
126            public void setKeyEncryptionPublicKey(byte[] keyEncryptionPublicKey) {
127                    this.keyEncryptionPublicKey = keyEncryptionPublicKey;
128            }
129    }