You must create a Java class that implements the interface com.triversity.security.keymanagement.IKeySource
to implement central key management for Java-based POS applications (Return Authorization and Centralized Electronic File Transfer (CEFT)). This interface
encapsulates the interface between the POS application and the third party key management system. The interface is available in the Java archive tw-security.jar
.
Note
For proper handling by TWSecurity
for all methods, you should package any errors during initialization as instances of CentralizedKeyManagementException
.
The following is a list of the methods in the interface:
public void initialize(String initializationData) throws com.triversity.security.keymanagement.CentralizedKeyManagementException
The system calls this method once before the first interaction between TWSecurity
and
the central key management system. It allows the central key management system interface to perform any necessary initialization. The parameter initializationData
contains the decrypted value of the secure property named CENTRAL_KEY_MANAGEMENT_INIT
from
the key container.
This string should contain any specific data necessary to allow the system to connect to the central key source (for example, passwords or configuration options). It is your responsibility to determine the contents and format of this initialization string to implement proper parsing and use of the value.
The system passes an empty string into this method if it does not find a secure property named CENTRAL_KEY_MANAGEMENT_INIT
in the key container.
public com.triversity.security.keymanagement.CentralizedKeyInfo getKey(String keyIdentifier) throws com.triversity.security.keymanagement.CentralizedKeyManagementException
The system calls this method to retrieve updated information
about the key indicated by keyIdentifier
. It is your responsibility to determine how to map the unique key identifier known to the third-party key management system to a string that can be used by TWSecurity
.
This method performs the following actions:
Fetches the requested key from the central system
Creates a new instance of com.triversity.security.keymanagement.CentralizedKeyInfo
Using the information from the central system, it fills in the members of this object and returns it
public com.triversity.security.keymanagement.CentralizedKeyInfo getActiveKey(String channel) throws com.triversity.security.keymanagement.CentralizedKeyManagementException
The system calls this method to retrieve the currently active key in the given channel. The currently active key is the key you want to use to encrypt new data for this channel.
The channel parameter contains the name of the group of keys as known to the third-party key management system. You can configure the mapping between TWSecurity
channel names and names known to the central system in the trvsec.conf
file.
If no such mapping exists, TWSecurity
assumes that the names are identical and simply passes the TWSecurity
channel name directly to this method.
This method performs the following actions:
Fetches the requested key from the central system
Creates a new instance of com.triversity.security.keymanagement.CentralizedKeyInfo
Using the information from the central system, it fills in the members of this object and returns it
boolean hasUpdate() throws com.triversity.security.keymanagement.CentralizedKeyManagementException
You call this method to determine if the central key source has outstanding changes that must be reflected in the local key container. This method returns:
TRUE
if there are changes
FALSE
if there are no changes. If this method returns FALSE
, the system simple polls the central key management system periodically as configured by the TWSecurity
configuration file (trvsec.conf
).
If the central key system is either not capable of actively broadcasting updates, or you have not configured it to do so, this method returns false in all cases.