Interface CryptoEngine

  • All Known Implementing Classes:
    TokenCryptoEngine

    public interface CryptoEngine
    Provides cryptographic support for secret management.
    • Method Summary

      All Methods Instance Methods Abstract Methods Default Methods 
      Modifier and Type Method Description
      io.token.security.Signer createSigner​(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel)
      Creates a new signer that uses a key of specified level.
      Note, that if there are several same-level keys, a random one is used to create a signer.
      io.token.security.Signer createSigner​(java.lang.String keyId)
      Creates a new signer using a key with a specified id.
      default io.token.security.Signer createSignerForLevelAtLeast​(io.token.proto.common.security.SecurityProtos.Key.Level minKeyLevel)
      Creates a new signer that uses a key of specified level or higher (if no key of the specified level can be found).
      Note, that if there are several same-level keys, a random one is used to create a signer.
      io.token.security.Verifier createVerifier​(java.lang.String keyId)
      Verifies the payload signature.
      void deleteKeys()
      Deletes all the keys of this CryptoEngine.
      io.token.proto.common.security.SecurityProtos.Key generateKey​(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel)
      Generates keys of the specified level.
      io.token.proto.common.security.SecurityProtos.Key generateKey​(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel, long expiresAtMs)
      Generates a key of the specified level with the provided expiration date.
      java.util.List<io.token.proto.common.security.SecurityProtos.Key> getPublicKeys()
      Returns public keys that the CryptoEngine can use to sign.
    • Method Detail

      • generateKey

        io.token.proto.common.security.SecurityProtos.Key generateKey​(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel)
        Generates keys of the specified level. If the key with the specified level already exists, it is replaced. Old key is still kept around because it could be used for signature verification later.
        Parameters:
        keyLevel - key privilege level
        Returns:
        newly generated key information
      • generateKey

        io.token.proto.common.security.SecurityProtos.Key generateKey​(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel,
                                                                      long expiresAtMs)
        Generates a key of the specified level with the provided expiration date. If the key with the specified level already exists, they both are maintained in the crypto engine.
        Parameters:
        keyLevel - key privilege level
        expiresAtMs - expiration date in milliseconds
        Returns:
        newly generated key information
      • createSignerForLevelAtLeast

        default io.token.security.Signer createSignerForLevelAtLeast​(io.token.proto.common.security.SecurityProtos.Key.Level minKeyLevel)
        Creates a new signer that uses a key of specified level or higher (if no key of the specified level can be found).
        Note, that if there are several same-level keys, a random one is used to create a signer. If you need to create a signer for a specific key, create a signer using the key id.
        Parameters:
        minKeyLevel - minimum level of the key to use
        Returns:
        signer that is used to generate digital signatures
      • createSigner

        io.token.security.Signer createSigner​(io.token.proto.common.security.SecurityProtos.Key.Level keyLevel)
        Creates a new signer that uses a key of specified level.
        Note, that if there are several same-level keys, a random one is used to create a signer. If you need to create a signer for a specific key, create a signer using the key id.
        Parameters:
        keyLevel - level of the key to use
        Returns:
        signer that is used to generate digital signatures
      • createSigner

        io.token.security.Signer createSigner​(java.lang.String keyId)
        Creates a new signer using a key with a specified id.
        Parameters:
        keyId - key id
        Returns:
        signer that is used to generate digital signatures
      • createVerifier

        io.token.security.Verifier createVerifier​(java.lang.String keyId)
        Verifies the payload signature.
        Parameters:
        keyId - key id
        Returns:
        signature verifier
      • getPublicKeys

        java.util.List<io.token.proto.common.security.SecurityProtos.Key> getPublicKeys()
        Returns public keys that the CryptoEngine can use to sign.
        Returns:
        list of public keys
      • deleteKeys

        void deleteKeys()
        Deletes all the keys of this CryptoEngine.