public interface TrustedAssetsManager
extends java.io.Closeable
TrustedAssetsManager
interface defines methods for handling trust
material used for activation and authentication to the IoT CS. Depending on
the capability of the client or device as well as on the security
requirements implementations of this interface may simply store sensitive
trust material in a plain persistent store, in some keystore or in a secure
token.
Modifier and Type | Interface and Description |
---|---|
static class |
TrustedAssetsManager.Factory |
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
DISABLE_LONG_POLLING_PROPERTY |
Modifier and Type | Method and Description |
---|---|
void |
generateKeyPair(java.lang.String algorithm,
int keySize)
Generates the key pair to be used for assertion-based client
authentication with the IoT CS.
|
java.lang.String |
getClientId()
Retrieves the ID of this client.
|
byte[] |
getEncryptedSharedSecret()
Deprecated.
This method is not called by the client library
|
byte[] |
getEndpointCertificate()
Retrieves the assigned endpoint certificate.
|
java.lang.String |
getEndpointId()
Retrieves the assigned endpoint ID.
|
java.security.PublicKey |
getPublicKey()
Retrieves the public key to be used for certificate request.
|
java.lang.String |
getServerHost()
Retrieves the IoT CS server host name.
|
int |
getServerPort()
Retrieves the IoT CS server port.
|
java.lang.String |
getServerScheme()
Retrieves the protocol scheme that should be used to talk to the IoT CS.
|
java.util.Vector<byte[]> |
getTrustAnchorCertificates()
Retrieves the trust anchor or most-trusted Certification Authority (CA)
certificates to be used to validate the IoT CS server certificate chain.
|
boolean |
isActivated()
Returns whether the client is activated.
|
void |
reset()
Resets the trust material back to its provisioning state; in particular,
the key pair is erased.
|
void |
setEndPointCredentials(java.lang.String endpointId,
byte[] certificate)
Sets the assigned endpoint ID and certificate as returned by the
activation procedure.
|
byte[] |
signWithPrivateKey(byte[] data,
java.lang.String algorithm)
Signs the provided data using the specified algorithm and the private
key.
|
byte[] |
signWithSharedSecret(byte[] data,
java.lang.String algorithm,
java.lang.String hardwareId)
Signs the provided data using the specified algorithm and the shared
secret of the device indicated by the given hardware id.
|
static final java.lang.String DISABLE_LONG_POLLING_PROPERTY
java.lang.String getServerHost()
java.lang.IllegalStateException
- if this method is called prior to the
TrustedAssetsManager
is fully initialized.int getServerPort()
java.lang.IllegalStateException
- if this method is called prior to the
TrustedAssetsManager
is fully initialized.java.lang.String getServerScheme()
"https"
.java.lang.IllegalStateException
- if this method is called prior to the
TrustedAssetsManager
is fully initialized.java.lang.String getClientId()
java.lang.IllegalStateException
- if this method is called prior to the
TrustedAssetsManager
is fully initialized.java.security.PublicKey getPublicKey()
Note: on ME platform SATSA is required.
java.lang.IllegalStateException
- if this method is called prior to the key pair is generated.java.util.Vector<byte[]> getTrustAnchorCertificates()
Vector
of DER-encoded trust anchor certificates (byte
arrays).void setEndPointCredentials(java.lang.String endpointId, byte[] certificate) throws TrustException
TrustedAssetsManager
interface must ensure
the persistence of the provided endpoint credentials. This method can
only be called once; unless the TrustedAssetsManager
has been
reset.
If the client is a pre-activated enterprise application, the endpoint ID
has already been provisioned and calling this method MUST fail with an
IllegalStateException
.
endpointId
- the assigned endpoint ID.certificate
- the DER-encoded certificate issued by the server or an empty array if no certificate was provided
by the server.java.lang.IllegalStateException
- if this method is called prior to the
TrustedAssetsManager
is fully initialized. or if this
method is called while endpoint credentials have already been
assigned.java.lang.NullPointerException
- if endpointId
or certificate
is null
.TrustException
- if any error occurs performing the operation.java.lang.String getEndpointId()
java.lang.IllegalStateException
- if this method is called prior to the
TrustedAssetsManager
is fully initialized, in
particular if this method is called before the client is
successfully activated and the endpoint ID set.byte[] getEndpointCertificate()
java.lang.IllegalStateException
- if this method is called prior to the
TrustedAssetsManager
is fully initialized, in
particular if this method is called before the device is
successfully activated and the endpoint certificate set.void generateKeyPair(java.lang.String algorithm, int keySize) throws TrustException
algorithm
- the key algorithm.keySize
- the key size.TrustException
- if any error occurs performing the operation.java.lang.IllegalStateException
- if this method is called after the client has been activated.java.lang.NullPointerException
- if algorithm
is null
.java.lang.IllegalArgumentException
- if size
is negative or zero or otherwise unsupported.byte[] signWithPrivateKey(byte[] data, java.lang.String algorithm) throws TrustException
data
- the data to sign.algorithm
- the signature algorithm to use.TrustException
- if any error occurs retrieving the necessary key material or
performing the operation.java.lang.NullPointerException
- if algorithm
or data
is null
.@Deprecated byte[] getEncryptedSharedSecret() throws TrustException
java.lang.IllegalStateException
- if this method is called prior to the
TrustedAssetsManager
is fully initialized.TrustException
- if this operation is not supported or if any error occurs
performing the operation.byte[] signWithSharedSecret(byte[] data, java.lang.String algorithm, java.lang.String hardwareId) throws TrustException
TrustException
is thrown.
Passing null
for hardwareId
is identical to passing
getClientId()
.data
- the data to be hashed.algorithm
- the hash algorithm to use.hardwareId
- the hardware id of the device whose shared secret is to be used for signing.TrustException
- if any error occurs retrieving the necessary key material or
performing the operation.java.lang.NullPointerException
- if algorithm
or data
is null
.boolean isActivated()
java.lang.IllegalStateException
- if this method is called prior to the
TrustedAssetsManager
is fully initialized.void reset() throws TrustException
TrustException
- if any exception occurs.