Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.hd.d.pg2k.svrCore.props
Class SecurityProps

java.lang.Object
  extended by org.hd.d.pg2k.svrCore.props.SecurityProps
All Implemented Interfaces:
java.io.Serializable
public final class SecurityProps
extends java.lang.Object
implements java.io.Serializable

This holds some security properties for the server. These data are potentially sensitive, such as authentication keys for slaves, but not massively secret (such as personal data), but we take care not to ship them across any public network. We also make it a little harder to get at some of the security information even when in possession of an instance of this object.

We are prepared to hand out a (read-only) copy of any properties with prefix GENSECPROPS_PREFIX for pluggable security components to examine. This data can be shipped over the network, but should be protected if possible.

FIXME: Should do validation on deserialisation.

See Also:
Serialized Form

Field Summary
private  java.util.Properties gensec
          Internal private copy of GENSECPROPS_PREFIX properties.
static java.lang.String GENSECPROPS_PREFIX
          Prefix of subset of properties we hand out with getGenSecProps.
static java.lang.String PNAME_GENSECPROPS_TIMESTAMP
          Name of the timestamp property (a long; copied from the SecurityProps object) that we insert in the GENSECPROPS_PREFIX properties.
static java.lang.String PNAME_TUNNEL_CLIENT_LIST
          Name of tunnel-client list property.
private static long serialVersionUID
          Unique Serialisation class ID generated by http://random.hd.org/.
 long timestamp
          Timestamp of this properties set.
private  java.lang.String TUNNEL_CLIENT_LIST
          Web server permitted tunnel client list by IP address, space separated, never null.
 
Constructor Summary
SecurityProps()
          Construct a default, zero-timestamp set of generic properties.
SecurityProps(java.util.Properties props, long _timestamp)
          Construct a new, immutable, properties set.
 
Method Summary
 java.util.Properties getGenSecProps()
          Get a private copy of the GENSECPROPS_PREFIX properties.
static SecurityProps getSecurityPropsUncachedFromFilesystem(long oldStamp)
          Get (private) security properties from filesystem.
 boolean tunnelClientIsOK(java.net.InetAddress addr)
          Check if the IP of a given tunnel client is OK.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

timestamp

public final long timestamp
Timestamp of this properties set.

GENSECPROPS_PREFIX

public static final java.lang.String GENSECPROPS_PREFIX
Prefix of subset of properties we hand out with getGenSecProps.

See Also:
Constant Field Values

PNAME_GENSECPROPS_TIMESTAMP

public static final java.lang.String PNAME_GENSECPROPS_TIMESTAMP
Name of the timestamp property (a long; copied from the SecurityProps object) that we insert in the GENSECPROPS_PREFIX properties.

See Also:
Constant Field Values

gensec

private final java.util.Properties gensec
Internal private copy of GENSECPROPS_PREFIX properties.

PNAME_TUNNEL_CLIENT_LIST

public static final java.lang.String PNAME_TUNNEL_CLIENT_LIST
Name of tunnel-client list property.

See Also:
Constant Field Values

TUNNEL_CLIENT_LIST

private final java.lang.String TUNNEL_CLIENT_LIST
Web server permitted tunnel client list by IP address, space separated, never null.

serialVersionUID

private static final long serialVersionUID
Unique Serialisation class ID generated by http://random.hd.org/.

See Also:
Constant Field Values
Constructor Detail

SecurityProps

public SecurityProps()
Construct a default, zero-timestamp set of generic properties.

SecurityProps

public SecurityProps(java.util.Properties props,
                     long _timestamp)
Construct a new, immutable, properties set. The properties must be non-null and the timestamp must be non-negative.

Minor problems with the properties themselves will be silently ignored, and defaults substituted for broken or missing values.

Method Detail

getSecurityPropsUncachedFromFilesystem

public static SecurityProps getSecurityPropsUncachedFromFilesystem(long oldStamp)
                                                            throws java.io.IOException
Get (private) security properties from filesystem. This uses LocalProps to get the root of the file area.

This does not cache its result but will return null if the stamp passed in is the same as the file and not -1.

The properties retrieved this way are not to be transmitted out of this JVM across the network as they may be private/sensitive. The most sensitive items may be marked transient to prevent them being shipped out of a JVM, but that may make them impossible to use throughout a multi-VM J2EE system, for example.

Throws:
java.io.IOException - if security props cannot be read/parsed

getGenSecProps

public java.util.Properties getGenSecProps()
Get a private copy of the GENSECPROPS_PREFIX properties. Wrapping an existing Properties object as the defaults for an otherwise empty new Properties set is assumed to make a private copy with copy-on-write style semantics.

tunnelClientIsOK

public final boolean tunnelClientIsOK(java.net.InetAddress addr)
Check if the IP of a given tunnel client is OK. We do not just disclose the whole list.

We take each listed allowed address in turn by parsing from the source string. We convert it to an InetAddress, skipping any that cause errors. If any of the addresses corresponding to an item on the list match any of the addresses passed (assumed to be a raw IP address with no name), then this returns OK.

TODO: possibly needs optimisation as may be very inefficient/slow.

Overview  Package   Class  Tree  Deprecated  Index  Help 
DHD Multimedia Gallery V1.57.21
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright (c) 1996-2011, Damon Hart-Davis. All rights reserved.