ajanta.agent
Class AppendOnlyContainer

java.lang.Object
  |
  +--ajanta.agent.AppendOnlyContainer
Direct Known Subclasses:
ModAppendOnlyContainer

public class AppendOnlyContainer
extends java.lang.Object

The read-only container mechanism is limited in utility to those parts of the state that remain constant throughout the agent's travels. In some situations, the agent needs to collect data from the sites it visits, but also needs to prevent any subsequent modification of the data. This could be termed as write-once data, although more generally, it could be modified any number of times until the agent decides that it should not be modifiable any further. More generally, agents may need append-only logs as part of their state. An append-only log, as the name implies, can only be appended to, i.e., entries in the log cannot be deleted or modified. When a data object needs to be "frozen", it can be inserted into such an append-only log. If secrecy is also needed the item can be encrypted with the agent's public key before it is stored in the log.

See Also:
ReadOnlyContainer

Field Summary
 java.util.Stack objs
           
 java.util.Stack signers
           
 java.util.Stack signs
           
 java.util.Vector verifiedObjects
           
 
Constructor Summary
AppendOnlyContainer(ajanta.crypto.EGPublicKey key, int random)
          Constructor requires the agent's creator to supply the Elgamal public key of the agent which will be used to sign the random number ( nonce) for initialization.
 
Method Summary
 void checkIn(java.lang.Object X, byte[] sig, ajanta.naming.URN server)
          checkIn method is used to insert an object "X" (of any type) into an AppendOnlyContainer.
protected  java.lang.Object deserialize(byte[] b)
           
 java.lang.Object[] getObjects()
           
 java.lang.Object[] getVerifiedObjects()
           
protected  byte[] serialize(java.lang.Object X)
           
 int verify(ajanta.crypto.EGPrivateKey privkey, java.util.Stack signingObjects)
          When the agent returns home, the owner can use the verify method to ensure that the AppendOnlyContainer has not been tampered with.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

objs

public java.util.Stack objs

signs

public java.util.Stack signs

signers

public java.util.Stack signers

verifiedObjects

public java.util.Vector verifiedObjects
Constructor Detail

AppendOnlyContainer

public AppendOnlyContainer(ajanta.crypto.EGPublicKey key,
                           int random)
Constructor requires the agent's creator to supply the Elgamal public key of the agent which will be used to sign the random number ( nonce) for initialization. This nonce is not known to any server other than the agent's home site, and must be kept secret.

Parameters:
key - Agent's Elgamal public key to be used for signing
random - any random integer number
Method Detail

getObjects

public java.lang.Object[] getObjects()

getVerifiedObjects

public java.lang.Object[] getVerifiedObjects()

checkIn

public void checkIn(java.lang.Object X,
                    byte[] sig,
                    ajanta.naming.URN server)
checkIn method is used to insert an object "X" (of any type) into an AppendOnlyContainer. The check-in procedure requests the current server to sign the object using its own private key.

Parameters:
X - object to be inserted
sig - signed byte array
server - URN of the current server

verify

public int verify(ajanta.crypto.EGPrivateKey privkey,
                  java.util.Stack signingObjects)
           throws java.lang.SecurityException,
                  java.lang.ClassNotFoundException,
                  java.io.IOException
When the agent returns home, the owner can use the verify method to ensure that the AppendOnlyContainer has not been tampered with.

Returns:
It returns a number and this number should be compared with the original random number passed to the constructor (which must therefore,be stored by the agent's creator for later verification). If it does not match, a security exception can be thrown. One limitation of this scheme is that the verification process requires the agent's private key, and can thus only be done by the agent's home site (or some other site trusted by its owner).
java.lang.SecurityException
java.lang.ClassNotFoundException
java.io.IOException

serialize

protected byte[] serialize(java.lang.Object X)

deserialize

protected java.lang.Object deserialize(byte[] b)
                                throws java.lang.SecurityException
java.lang.SecurityException