org.cassproject.ebac.identity.remote

Class EcRemoteIdentityManager

java.lang.Object

org.cassproject.ebac.identity.remote.EcRemoteIdentityManager

All Implemented Interfaces:

RemoteIdentityManagerInterface

public class EcRemoteIdentityManager
extends Object
implements RemoteIdentityManagerInterface

Logs into and stores/retrieves credentials from a compatible remote server. Performs anonymization of the user.

Requires initialization with server specific salts. Server specific salts prevent co-occurrence attacks, should credentials on one server be compromised (intercepted in transit).

Transmits hashed username, hashed password, and encrypts credentials using the hashed combination of the username and password. This prevents the system storing the credentials from having any knowledge of the user.

Password recovery is done by, when the password changes, creating a cryptographic pad (or perfect cipher) where one half is stored on the server, and the other half is stored with the user. Should the user lose this pad and forget their password, they are not able to recover or reset their password, and their data should be considered lost.

Author:

fritz.ray@eduworks.com

Field Summary

Fields

Modifier and Type	Field and Description
Boolean	global
protected String	pad
protected String	passwordWithSalt
protected String	secretWithSalt
String	server
protected String	token
protected String	usernameWithSalt

Constructor Summary

Constructors

Constructor and Description
EcRemoteIdentityManager()

Method Summary

Modifier and Type	Method and Description
boolean	changePassword(String username, String oldPassword, String newPassword) Change password of user in memory.
void	clear() Wipes login data.
void	commit(org.stjs.javascript.functions.Callback1<String> success, org.stjs.javascript.functions.Callback1<String> failure) Commits credentials in EcIdentityManager to remote server.
void	configure(String usernameSalt, int usernameIterations, int usernameWidth, String passwordSalt, int passwordIterations, int passwordWidth, String secretSalt, int secretIterations) Configure parameters of the remote login storage.
void	configureFromServer(org.stjs.javascript.functions.Callback1<Object> success, org.stjs.javascript.functions.Callback1<String> failure) Configures parameters of the remote server by accessing configuration details via webservice
void	create(org.stjs.javascript.functions.Callback1<String> success, org.stjs.javascript.functions.Callback1<String> failure) Creates an account.
void	fetch(org.stjs.javascript.functions.Callback1<Object> success, org.stjs.javascript.functions.Callback1<String> failure) Fetch credentials from server, invoking events based on login success or failure.
Boolean	isGlobal() Returns true if the identity manager is global.
void	setDefaultIdentityManagementServer(String server) Configure compatible remote identity management server.
String	splicePasswords(org.stjs.javascript.Array<String> passwords) Splices together passwords (in a fashion more like shuffling a deck of cards, not appending).
void	startLogin(String username, String password) "Log Into" system, generating credentials.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

server

public String server

global

public Boolean global

usernameWithSalt

protected String usernameWithSalt

passwordWithSalt

protected String passwordWithSalt

secretWithSalt

protected String secretWithSalt

pad

protected String pad

token

protected String token

Constructor Detail

EcRemoteIdentityManager

public EcRemoteIdentityManager()

Method Detail

isGlobal

public Boolean isGlobal()

Returns true if the identity manager is global. Returns false if the identity manager is local to the server.

Specified by:

isGlobal in interface RemoteIdentityManagerInterface

Returns:

{Boolean} true if the identity manager is global.

configure

public void configure(String usernameSalt,
                      int usernameIterations,
                      int usernameWidth,
                      String passwordSalt,
                      int passwordIterations,
                      int passwordWidth,
                      String secretSalt,
                      int secretIterations)

Configure parameters of the remote login storage.

Specified by:

configure in interface RemoteIdentityManagerInterface

Parameters:

{String} - usernameSalt Salt used in hashing the username.

{int} - usernameIterations Number of times to hash the username.

{int} - usernameWidth Resultant width of username in bytes.

{String} - passwordSalt Salt used to hash password.

{int} - passwordIterations Number of times to hash password.

{int} - passwordWidth Resultant width of password in bytes.

{String} - secretSalt Salt used to hash secret (composed of username + password)

{int} - secretIterations Number of times to hash secret.

configureFromServer

public void configureFromServer(org.stjs.javascript.functions.Callback1<Object> success,
                                org.stjs.javascript.functions.Callback1<String> failure)

Configures parameters of the remote server by accessing configuration details via webservice

Specified by:

configureFromServer in interface RemoteIdentityManagerInterface

Parameters:

{Callback1