ch.epfl.dedis.ocs

Class OnchainSecrets

java.lang.Object

ch.epfl.dedis.ocs.OnchainSecretsRPC

ch.epfl.dedis.ocs.OnchainSecrets

Direct Known Subclasses:

OnchainSecrets

public class OnchainSecrets
extends OnchainSecretsRPC

OnchainSecrets interfaces the OnchainSecretsRPC class and offers convenience methods for easier handling.

Version:

0.3 17/11/07

Field Summary

Fields inherited from class ch.epfl.dedis.ocs.OnchainSecretsRPC

adminDarc, ocsID, roster, X

Constructor Summary

Constructors

Constructor and Description
OnchainSecrets(Roster roster, Darc admin) Creates a new OnchainSecrets class and creates a new skipchain.
OnchainSecrets(Roster roster, SkipblockId ocsID) Creates a new OnchainSecrets class that attaches to an existing skipchain.

Method Summary

Modifier and Type	Method and Description
Darc	addIdentityToDarc(Darc darc, Identity identity, Signer signer, int role) Adds a new identity to an existing darc under the given role.
Darc	addIdentityToDarc(DarcId id, Signer identity, Signer signer, int role) Instead of giving a darc, this method will search for an existing darc given its id on the skipchain.
Darc	addIdentityToDarc(Darc darc, Signer identity, Signer signer, int role) Overloaded method for convenience in case the identity is only available as a signer.
SignaturePath	getDarcPath(DarcId base, Signer identity, int role) Convenience method to pass a signer as identity and get the darc-path used in signatures.
Document	getDocument(WriteRequestId wrId, Signer reader) Creates a read-request, if successful fetches the document from the skipchain and decodes the keymaterial.
Document	getDocumentEphemeral(WriteRequestId wrId, Signer reader) Requests the re-encryption symmetricKey from the skipchain, but uses an ephemeral key for it.
WriteRequest	publishDocument(Document doc, Signer writer) Publishes a document given the Document and the writer with write-authorization.
Darc	removeIdentityFromDarc(Darc darc, Identity identity, Signer signer, int role) Remove identity from an existing darc under the given role.

Methods inherited from class ch.epfl.dedis.ocs.OnchainSecretsRPC

createReadRequest, createSkipchains, createWriteRequest, getAdminDarc, getDarcPath, getDecryptionKey, getDecryptionKeyEphemeral, getGenesis, getID, getLatestDarc, getRead, getRoster, getSharedPublicKey, getSkipblock, getTransaction, getWrite, getX, updateDarc, verify

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OnchainSecrets

public OnchainSecrets(Roster roster,
                      SkipblockId ocsID)
               throws CothorityCommunicationException,
                      CothorityCryptoException

Creates a new OnchainSecrets class that attaches to an existing skipchain.

Parameters:

roster -

ocsID -

Throws:

CothorityCommunicationException

CothorityCryptoException

OnchainSecrets

public OnchainSecrets(Roster roster,
                      Darc admin)
               throws CothorityCommunicationException,
                      CothorityCryptoException

Creates a new OnchainSecrets class and creates a new skipchain.

Parameters:

roster -

admin -

Throws:

CothorityCommunicationException

CothorityCryptoException

Method Detail

getDarcPath

public SignaturePath getDarcPath(DarcId base,
                                 Signer identity,
                                 int role)
                          throws CothorityCommunicationException,
                                 CothorityCryptoException

Convenience method to pass a signer as identity and get the darc-path used in signatures.

Parameters:

base - the darc that should be taken as reference to build the darc path.

identity - which identity wants to sign using that darc. The search algorithm does a breadth-first search of this identity in the darc.

role - the role to search for. An identity might be stored as user AND as an owner, so we cannot rely on the first occurrence but need to indicate which role the identity should have.

Returns:

if the darc is stored in the skipchain, the list of all darcs leading up to the identity is returned.

Throws:

CothorityCommunicationException

CothorityCryptoException

addIdentityToDarc

public Darc addIdentityToDarc(Darc darc,
                              Identity identity,
                              Signer signer,
                              int role)
                       throws CothorityCommunicationException,
                              CothorityCryptoException

Adds a new identity to an existing darc under the given role. The darc must already be in its latest version. After the new darc is created, the darc is stored on the skipchain and returned as a value.

Parameters:

darc - the latest version of the darc where an identity should be added to.

identity - the identity to be added to the darc.

signer - must be an owner of the darc.

role - the role the new identity should have in the darc.

Returns:

the new darc

Throws:

CothorityCommunicationException - if the new darc could not be stored on the skipchain

CothorityCryptoException - if the signer could not sign the darc.

addIdentityToDarc

public Darc addIdentityToDarc(Darc darc,
                              Signer identity,
                              Signer signer,
                              int role)
                       throws CothorityCommunicationException,
                              CothorityCryptoException

Overloaded method for convenience in case the identity is only available as a signer.

Parameters:

darc - the latest version of the darc where an identity should be added to.

identity - the identity to be added to the darc.

signer - must be an owner of the darc.

role - the role the new identity should have in the darc.

Returns:

the new darc

Throws:

CothorityCommunicationException - if the new darc could not be stored on the skipchain

CothorityCryptoException - if the signer could not sign the darc.

addIdentityToDarc

public Darc addIdentityToDarc(DarcId id,
                              Signer identity,
                              Signer signer,
                              int role)
                       throws CothorityCommunicationException,
                              CothorityCryptoException

Instead of giving a darc, this method will search for an existing darc given its id on the skipchain.

Parameters:

id - the id of the latest version of the darc where an identity should be added to.

identity - the identity to be added to the darc.

signer - must be an owner of the darc.

role - the role the new identity should have in the darc.

Returns:

the new darc

Throws:

CothorityCommunicationException - if the new darc could not be stored on the skipchain

CothorityCryptoException - if the signer could not sign the darc.

publishDocument

public WriteRequest publishDocument(Document doc,
                                    Signer writer)
                             throws CothorityCryptoException,
                                    CothorityCommunicationException

Publishes a document given the Document and the writer with write-authorization. The document already needs to be prepared with encrypted data and the keymaterial set up correctly.

Parameters:

doc - a prepared document to be stored on the skipchain

writer - one of the authorized writers to the skipchain

Returns:

WriteRequest with the given getId

Throws:

CothorityCryptoException - if the writer could not sign the request

CothorityCommunicationException - if the request could not be stored on the skipchain

getDocument

public Document getDocument(WriteRequestId wrId,
                            Signer reader)
                     throws CothorityCryptoException,
                            CothorityCommunicationException

Creates a read-request, if successful fetches the document from the skipchain and decodes the keymaterial.

Parameters:

wrId - the id of the writerequest on the skipchain

reader - a reader with access to the document

Returns:

the document with decrypted keymaterial. The data-part still needs to be encrypted by the user.

Throws:

CothorityCryptoException - if the signer could not sign the request

CothorityCommunicationException - if the request could not be stored on the skipchain

getDocumentEphemeral

public Document getDocumentEphemeral(WriteRequestId wrId,
                                     Signer reader)
                              throws CothorityCommunicationException,
                                     CothorityCryptoException

Requests the re-encryption symmetricKey from the skipchain, but uses an ephemeral key for it.

Parameters:

wrId - the id of the write request

Returns:

an array of bytes with the decrypted keymaterial

Throws:

CothorityCommunicationException - in case of communication difficulties

CothorityCryptoException

removeIdentityFromDarc

public Darc removeIdentityFromDarc(Darc darc,
                                   Identity identity,
                                   Signer signer,
                                   int role)
                            throws CothorityCommunicationException,
                                   CothorityCryptoException

Remove identity from an existing darc under the given role. The darc must already be in its latest version, else it will be refused server-side by `updateDarc`. After the new darc is created, the darc is stored on the skipchain and returned as a value.

Parameters:

darc - the latest version of the darc where an identity should be added to.

identity - the identity to be removed from the darc.

signer - must be an owner of the darc.

role - the role the new identity should have in the darc.

Returns:

the new darc

Throws:

CothorityCommunicationException - if the new darc could not be stored on the skipchain

CothorityCryptoException - if the signer could not sign the darc.