Class Gateway

Package: io.keychain.core

public class Gateway
extends java.lang.Object

Description

Gateway performs application-level cryptographic operations encrypt, decrypt, sign, and verify.

Through the Gateway users create personas and contacts, and execute the cryptographic operations with respect to those entities.

In the Java wrapper, the Gateway takes on the role of blockchain monitor as well, so the only reader and writer to the Keychain database is the single Gateway instance.

Since: v2.0

Public Constructors

Constructor

Gateway(Context context, Refreshable refresher)

Constructs a Gateway using the provided Settings and Refreshable that responds to callbacks when the internal monitor thread detects a new block on the blockchain.

Public Member Functions

Return type Method and Description

void

onPause()

Pause the monitor thread

void

onResume()

Run/resume the monitor thread

void

onStart()

Create the monitor thread if it did not exist

void

onStop()

Stop and destroy the monitor thread if it exists

String

getCommString()

Deprecated

void

updateBlokchainState()

Update the local blockchain state

None

seed()

Seeds the private key pool and generates a mnemonic recovery string.

Persona

createPersona(String name, String subName, SecurityLevel securityLevel)

Creates a persona in the Gateway with the given identity information and security level

void

setActivePersona(Persona persona)

Sets the active persona to the provided Facade

Persona

getActivePersona()

Returns the current active persona, if any

boolean

maturePersonaExists()

Returns true if there is a mature persona in the Gateway

ArrayList<Persona>

getPersonas()

Returns a list of personas in the Gateway

void

replaceCertificate(Persona persona)

Revokes and replaces existing current certificate for given persona on the blockchain

Contact

createContact(String name, String subName, Uri uri)

Creates a contact for the current active persona with the given identity information

ArrayList<Contact>

getContacts()

Returns a list of contacts for the current active persona

void

deletePersona(Persona persona)

Deletes the provided persona

void

deleteContact(Contact contact)

Deletes the provided contact for this persona

void

renamePersona(Persona persona, String name, String subName)

Renames the persona with the new provided name and subname

void

renameContact(Contact contact, String name, String subName)

Renames the contact with the new provided name and subname

byte[]

sign(byte[] data, CharEncoding encoding, boolean isApproval)

Signs a clear text string with the current active persona’s signature

byte[]

addSignature(byte[] signedData, boolean isApproval)

Adds the current persona’s signature to a signed message

String

encrypt(ArrayList<Contact> contactList, byte[] clearText)

Encrypts a clear text byte array so it can be decrypted by the provided contacts

String

signThenEncrypt(ArrayList<Contact> contactList, byte[] clearText)

Signs a clear text string with the current active persona’s signature, then encrypts for the provided contact list

byte[]

decrypt(String cipherText)

Decrypts the cipher text into a byte array with information about how the text was originally encoded

byte[]

decryptThenVerify(String cipherText)

Decrypts the cipher text into a byte array that has also had signatures verified. Use VerificationResult to work with the result.

String

decryptThenVerifyString(String cipherText)

Decrypts the cipher text into a String representation

VerificationResult

verify(byte[] signedText)

Verifies the signed text

void

setRefreshable(Refreshable refreshable])

Change the monitor thread’s Refreshable

Static Member Functions

Return type Method and Description

Context

initializeDb(String configPath, String dbPath, String dropSqlPath, String createSqlPath)

Creates a Keychain Context and validates the license

Public Member Functions Detail

onPause

void onPause()

Pause the monitor thread. Block the monitor thread if it was unblocked and running. The thread will remain blocked until onResume() is called.

onResume

void onResume()

Run/resume the monitor thread. This method starts/unblocks the monitor thread if it was blocked or not running. If the thread does not exist upon calling onResume(), onResume() will call onStart() to create the thread. The thread will remain running until onPause() is called.

onStart

void onStart()

Create the monitor thread if it did not exist. Note that this does not start the thread. Use onResume() to do that

onStop

void onStop()

Stop and destroy the monitor thread if it exists. If the thread is running upon entry in this method, this method will (safely) cause the thread to stop execution before destroying it.

updateBlokchainState

void updateBlokchainState()

Update the local blockchain state. Fetches the relevant blockchain state from the network and updates the local cache for certificates and UTXOs.

seed

void seed()

Seeds the private key pool and generates a mnemonic recovery string. Should be run once a Gateway is created before other operations.

createPersona

Persona createPersona(String name, String subName, SecurityLevel securityLevel)

Creates a new persona in the Gateway with the given identity information and security level. This persona will be returned immediately, regardless of its status on the blockchain. It can only be set as the active persona once its status is CONFIRMED.

Parameters:

name - the persona name, an arbitrary user set value

subName - the persona sub-name, an arbitrary user set value

securityLevel - the cipher strength to use for the persona

Returns:

The newly created persona

setActivePersona

void setActivePersona(Persona persona)

Sets the active persona in the Gateway. Most operations in Gateway require an active persona. Gateway keeps track of the active persona internally as state, rather than passing the target persona in to various methods. Therefore it is necessary to change the active persona before any encrypt, sign, verify, decrypt, or contact-related methods.

Parameters:

persona - the persona to set active. The full list of personas the Gateway is aware of is available through getPersonas().

getActivePersona

void Persona getActivePersona()

Returns the current active persona in the Gateway, if one has been set. When the Gateway is created, if there is at least one mature persona in it, then one of them will be activated even if setActivePersona has not been invoked yet. Users are encouraged to not rely on this mechanic however as the chosen persona is not deterministic from the user point of view.

Returns:

The current active persona

Raises:

NoActivePersona - if there is no active persona yet

maturePersonaExists

boolean maturePersonaExists()

Checks to see if the Gateway has a mature persona within it. If any of the personas are mature, it will return true.

Returns:

true if there is at least 1 mature persona in the Gateway

getPersonas

ArrayList<Persona> getPersonas()

Returns all personas in the Gateway

Returns:

an ArrayList of Personas regardless of confirmation state

replaceCertificate

void replaceCertificate()

Revoke and replace existing current certificate for given persona on the blockchain. This method creates a new set of public/private key pairs that will, over time, be used for encryption/decryption and signing/verifying.

It is good practice to replace certificates periodically in order to provide forward security for subsequently encrypted/signed data. Note that the certificate replacement happens asyncronous to this call, however when it happens, it will be reflected locally atomically. That is, suppose you call this method while encrypting a stream of data. Then at some point in the future, the new certificate will be confirmed on the blockchain, and with respect to the data stream encryption, there will be a point at which the old certificate will stop being used and the new will begin to be used. This happens transparently to the developer’s code in the sense that there is otherwise no programmatic differentiation that the developer make in order to start using the new certificate; it happens automatically subject to confirmation on the blockchain.

Note: this method blocks on network operations, so should not be called on the main/UI thread. Call this method in, for example, an AsyncTask.

createContact

Contact createContact(String name, String subName, Uri uri)

Creates a new contact for the current active persona with the given identity information. The contact Uri must be reachable on the blockchain.

Parameters:

name - the contact name, an arbitrary user set value

subName - the contact sub-name, an arbitrary user set value

uri - the contact Uri, a digital identification that in v2.4 is a reference to multiple blockchain transactions holding the contact public key information.

Returns:

The created contact

getContacts

ArrayList<Contact> getContacts()

Returns all contacts for the current active persona.

Returns:

an ArrayList of Contact for the active persona

deletePersona

deletePersona(Persona persona)

Deletes a Persona from the Gateway. It must not be the active one.

Parameters:

persona - the persona to remove.

deleteContact

deleteContact(Contact contact)

Deletes a Contact from the Gateway.

Parameters:

contact - the contact to remove.

renamePersona

renamePersona(Persona persona, String name, String subName)

Renames the Persona name and sub name

Parameters:

persona - the Persona to rename

name - the new name

subName - the new sub name

renameContact

renameContact(Contact contact, String name, String subName)

Renames the Contact name and sub name

Parameters:

contact - the Contact to rename

name - the new name

subName - the new sub name

sign

byte[] sign(byte[] data, CharEncoding encoding, boolean isApproval)

Signs the clear text data

Parameters:

data - a byte array holding the data to sign, in any format

encoding - the character encoding of the data

isApproval - true if this signature is an approval type

Returns:

A signed message

addSignature

byte[] addSignature(byte[] data, boolean isApproval)

Adds the current persona’s signature to an existing signed data. Unlike sign() the encoding information is not passed in to the method, since the message itself is not touched. Only a new signature is appended.

Parameters:

data - a byte array holding a signed message

isApproval - true if this signature is an approval type

Returns:

An updated signed message

encrypt

String encrypt(ArrayList<Contact> contacts, byte[] clearText)

Encrypts the cleartext for the provided contacts, returning an XML string representation.

Parameters:

contacts - the list of contacts for whom to encrypt the text

clearText - the text to encrypt

Returns:

A String representation of the encrypted text. This is an XML serialization format used by Keychain.

signThenEncrypt

String signThenEncrypt(ArrayList<Contact> contacts, byte[] clearText)

Signs the clear text and then encrypts it for the provided contacts

Parameters:

contacts - the list of contacts for whom to encrypt the text

clearText - the text to sign and encrypt

Returns:

A String representation of the signed and encrypted text. This is an XML serialization format used by Keychain.

decrypt

byte[] decrypt(String cipherText)

Decrypts the cipher text into a byte[].

Parameters:

cipherText - the encrypted text

Returns:

The plaintext as a byte[]

decryptThenVerify

byte[] decryptThenVerify(String cipherText)

Decrypts the cipher text into a byte[] that represents the original data passed in to encrypt(). This method will fail and return an empty byte[] if any of the signatures fail to verify, or if the current persona was not either the creator or a target contact for the message.

Parameters:

cipherText - the encrypted text

Returns:

A byte[] representing the cleartext

decryptThenVerifyString

String decryptThenVerifyString(String cipherText)

This method does exactly what decryptThenVerify() does, but then converts the byte[] result to a UTF-8 string and returns it.

Parameters:

cipherText - the encrypted text

Returns:

The decrypted text as a UTF-8 String

verify

VerificationResult verify(byte[] signedData)

Verifies the signed data and returns a VerificationResult with detailed information on all signatures

Parameters:

signedData - the signed data

Returns:

A VerificationResult holding signature verification details

setRefreshable

void setRefreshable(Refreshable refresher)

Sets the Refreshable associated with the internal monitor thread

Parameters:

refresher - the new Refreshable

Static Member Functions Detail

initializeDb

Context initializeDb(String configPath, String dbPath, String dropSqlPath, String createSqlPath)

Creates a Keychain Context and validates the license. The Context is required for Gateway construction, meaning this method must be called before any other operations. Valid paths to config (keychain.cfg) and the Keychain DB must be passed.

Parameters:

configPath - the path to the Keychain configuration file (e.g. keychain.cfg)

dbPath - the path to the Keychain DB

dropSqlPath - the path to an SQL file that drops all Keychain tables in an existing DB

createSqlPath - the path to an SQL file that recreates Keychain tables

Returns:

A Context object holding the configuration and values passed in