01: /*
02: * <copyright>
03: *
04: * Copyright 1997-2004 Networks Associates Technology, Inc
05: * under sponsorship of the Defense Advanced Research Projects
06: * Agency (DARPA).
07: *
08: * You can redistribute this software and/or modify it under the
09: * terms of the Cougaar Open Source License as published on the
10: * Cougaar Open Source Website (www.cougaar.org).
11: *
12: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
13: * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
14: * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
15: * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
16: * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
17: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
18: * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
22: * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23: *
24: * </copyright>
25: *
26: * CHANGE RECORD
27: * -
28: */
29:
30: package org.cougaar.core.service.identity;
31:
32: import org.cougaar.core.component.Service;
33: import org.cougaar.core.mts.MessageAddress;
34:
35: /**
36: * This service is used by agents to obtain a cryptographic
37: * identity and transfer this identity if the agent moves.
38: * <p>
39: * The requestor must implement {@link AgentIdentityClient}.
40: */
41: public interface AgentIdentityService extends Service {
42: /**
43: * Creates a cryptographic identity for an agent.
44: * This method is called by Cougaar core services before
45: * an agent is initialized.
46: * <p>
47: * If the agent already has a cryptographic identity, the
48: * method returns immediately. If the agent does not have
49: * a cryptographic key, or if no key is valid, a new key
50: * is created.
51: * <p>
52: * This service provider will call checkPermission() to
53: * make sure that only known entities will call the service.
54: * <p>
55: * If the 'id' parameter is not null, the cryptographic service
56: * attempts to install keys from an agent that was previously
57: * running on a remote node. The 'id' parameter should be the
58: * TransferableIdentity object that was returned on the original
59: * host when transferTo() was called.
60: * The TransferableIdentity should then have been sent to the
61: * new host when the agent was moved.
62: *
63: * @param id the identity of an agent that was moved from another node.
64: *
65: * @exception PendingRequestException the certificate authority
66: * did not sign the request immediately. The same request
67: * should be sent again later
68: * @exception IdentityDeniedException the certificiate authority
69: * refused to sign the key
70: */
71: void acquire(TransferableIdentity id)
72: throws PendingRequestException, IdentityDeniedException;
73:
74: /**
75: * Notifies the cryptographic service that the cryptographic identity
76: * of the requestor is no longer needed.
77: * This does not mean the key should be revoked or deleted.
78: * The key is not used until the agent is restarted.
79: */
80: void release();
81:
82: /**
83: * Notify the cryptographic service that an agent is about
84: * to move to another node.
85: * Depending on the cryptographic policy:<pre>
86: * - Wrap agent key pair and protect it with remote node public key
87: * - Revoke agent key (remote node must create a new key)
88: * </pre>
89: *
90: * @param targetNode the name of the remote NodeAgentagent where
91: * the agent will be run next.
92: * @return an encrypted object that should be sent to the remote
93: * node agent
94: */
95: TransferableIdentity transferTo(MessageAddress targetNode);
96:
97: }
|