Package com.github.f4b6a3.uuid.creator.rfc4122

Class DceSecurityUuidCreator

  • All Implemented Interfaces:
    NoArgumentsUuidCreator
    public final class DceSecurityUuidCreator
extends AbstractTimeBasedUuidCreator
    Factory that creates DCE Security UUIDs (version 2). 
     Local domains predefined by DCE 1.1 Authentication and Security Services (Chapter 11):
 
 - LOCAL_DOMAIN_PERSON: 0 (interpreted as POSIX UID domain);
 - LOCAL_DOMAIN_GROUP: 1 (interpreted as POSIX GID domain);
 - LOCAL_DOMAIN_ORG: 2.
    Sources: DCE 1.1: Authentication and Security Services (Chapter 05 - Version 2 UUIDs): https://pubs.opengroup.org/onlinepubs/9696989899/chap5.htm#tagcjh_08_02_01_01 DCE 1.1: Authentication and Security Services (Chapter 11 - domain names): https://pubs.opengroup.org/onlinepubs/9696989899/chap11.htm#tagcjh_14_05_01_01 Distributed Computing Environment (DCE): https://en.wikipedia.org/wiki/Distributed_Computing_Environment Unix User identifier (UID): https://en.wikipedia.org/wiki/User_identifier Unix group identifier (GID): https://en.wikipedia.org/wiki/Group_identifier

    • Constructor Detail

      • DceSecurityUuidCreator

        public DceSecurityUuidCreator()

    • Method Detail

      • create

        public UUID create​(byte localDomain,
                   int localIdentifier)
        Returns a DCE Security UUID. A DCE Security UUID (version 2) is a modified Time-based one (version 1). Steps of creation: (1a) Create a Time-based UUID (version 1); (2a) Replace the least significant 8 bits of the clock sequence with the local domain; (3a) Replace the least significant 32 bits of the timestamp with the local identifier. ### DCE 1.1: Authentication and Security Services Security-Version (Version 2) UUIDs #### Security-Version (Version 2) UUIDs These security-version UUIDs are specified exactly as in Appendix A, except that they have the following special properties and interpretations: (1b) The version number is 2; (2) The clock_seq_low field (which represents an integer in the range [0, 2^8-1]) is interpreted as a local domain (as represented by sec_rgy_domain_t; see sec_rgy_domain_t ); that is, an identifier domain meaningful to the local host. (Note that the data type sec_rgy_domain_t can potentially hold values outside the range [0, 28-1]; however, the only values currently registered are in the range [0, 2], so this type mismatch is not significant.) In the particular case of a POSIX host, the value sec_rgy_domain_person is to be interpreted as the "POSIX UID domain", and the value sec_rgy_domain_group is to be interpreted as the "POSIX GID domain". (3) The time_low field (which represents an integer in the range [0, 2^32-1]) is interpreted as a local-ID; that is, an identifier (within the domain specified by clock_seq_low) meaningful to the local host. In the particular case of a POSIX host, when combined with a POSIX UID or POSIX GID domain in the clock_seq_low field (above), the time_low field represents a POSIX UID or POSIX GID, respectively. #### SEC_RGY_DOMAIN_T: The following values are currently registered (for sec_rgy_domain_t): 1) sec_rgy_domain_person: The principal domain. Its associated stringname is person. 2) sec_rgy_domain_group: The group domain. Its associated stringname is group. 3) sec_rgy_domain_org: The organization domain. Its associated stringname is org. #### Trade off (from Wikipedia) The ability to include a 40-bit domain/identifier in the UUID comes with a tradeoff. On the one hand, 40 bits allow about 1 trillion domain/identifier values per node id. On the other hand, with the clock value truncated to the 28 most significant bits, compared to 60 bits in version 1, the clock in a version 2 UUID will "tick" only once every 429.49 seconds, a little more than 7 minutes, as opposed to every 100 nanoseconds for version 1. And with a clock sequence of only 6 bits, compared to 14 bits in version 1, only 64 unique UUIDs per node/domain/identifier can be generated per 7 minute clock tick, compared to 16,384 clock sequence values for version 1.[12] Thus, Version 2 may not be suitable for cases where UUIDs are required, per node/domain/identifier, at a rate exceeding about 1 per 7 seconds.
        Parameters:
        localDomain - a local domain
        localIdentifier - a local identifier
        Returns:
        a DCE Security UUID

      • create

        public UUID create​(UuidLocalDomain localDomain,
                   int localIdentifier)
        Returns a DCE Security UUID. See create(byte, int)
        Parameters:
        localDomain - a local domain
        localIdentifier - a local identifier
        Returns:
        a DCE Security UUID