Interface com.triversity.security.keymanagement.IKeySource Methods

You must create a Java class that implements the interface com.triversity.security.keymanagement.IKeySource to implement central key management for Java-based POS applications (Return Authorization and Centralized Electronic File Transfer (CEFT)). This interface encapsulates the interface between the POS application and the third party key management system. The interface is available in the Java archive tw-security.jar.

Note Note

For proper handling by TWSecurity for all methods, you should package any errors during initialization as instances of CentralizedKeyManagementException.

End of the note.

The following is a list of the methods in the interface:

public void initialize(String initializationData) throws com.triversity.security.keymanagement.CentralizedKeyManagementException
The system calls this method once before the first interaction between TWSecurity and the central key management system. It allows the central key management system interface to perform any necessary initialization. The parameter initializationData contains the decrypted value of the secure property named CENTRAL_KEY_MANAGEMENT_INIT from the key container.

This string should contain any specific data necessary to allow the system to connect to the central key source (for example, passwords or configuration options). It is your responsibility to determine the contents and format of this initialization string to implement proper parsing and use of the value.

The system passes an empty string into this method if it does not find a secure property named CENTRAL_KEY_MANAGEMENT_INIT in the key container.
public com.triversity.security.keymanagement.CentralizedKeyInfo getKey(String keyIdentifier) throws com.triversity.security.keymanagement.CentralizedKeyManagementException
The system calls this method to retrieve updated information about the key indicated by keyIdentifier. It is your responsibility to determine how to map the unique key identifier known to the third-party key management system to a string that can be used by TWSecurity.

This method performs the following actions:
- Fetches the requested key from the central system
- Creates a new instance of com.triversity.security.keymanagement.CentralizedKeyInfo
- Using the information from the central system, it fills in the members of this object and returns it
public com.triversity.security.keymanagement.CentralizedKeyInfo getActiveKey(String channel) throws com.triversity.security.keymanagement.CentralizedKeyManagementException
The system calls this method to retrieve the currently active key in the given channel. The currently active key is the key you want to use to encrypt new data for this channel.

The channel parameter contains the name of the group of keys as known to the third-party key management system. You can configure the mapping between TWSecurity channel names and names known to the central system in the trvsec.conf file. If no such mapping exists, TWSecurity assumes that the names are identical and simply passes the TWSecurity channel name directly to this method.

This method performs the following actions:
- Fetches the requested key from the central system
- Creates a new instance of com.triversity.security.keymanagement.CentralizedKeyInfo
- Using the information from the central system, it fills in the members of this object and returns it
boolean hasUpdate() throws com.triversity.security.keymanagement.CentralizedKeyManagementException
You call this method to determine if the central key source has outstanding changes that must be reflected in the local key container. This method returns:
- TRUE if there are changes
- FALSE if there are no changes. If this method returns FALSE, the system simple polls the central key management system periodically as configured by the TWSecurity configuration file (trvsec.conf).
If the central key system is either not capable of actively broadcasting updates, or you have not configured it to do so, this method returns false in all cases.