I am writing a prototype of cryptographic system using RMI.
I have a problem, because when I launch two clients, they got a response from one object in the server from OneTimePad class.
So client A recives key that was reserved for client b, because of specific algorithm, this situation could not happen.
Server send to the clients only E and N variable (like in RSA) so i can't serialize OneTimePad object and send it through the network (because it will have all keys in it).
How can I make for each client one object of OneTimePad class?
I called this the Remote Session pattern in my 2001 book. The remote object in the Registry is a kind of login server exporting only a login() method. The login() method, if successful, returns a new remote object per call, which is basically a per-client remote session object. This session object can export a logout() method, which unexports itself, and it can also implement Unreferenced, such that the unreferenced() method also unexports itself (or you can rely on DGC which des the same thing anyway: using Unreferenced gives you a chance to log it). This remote session object exports all the remote methods that a logged in client should have access to, and because it is per-client it can hold client state, hence it is a session.
public interface RemoteLogin extends Remote
{
RemoteSession login() throws RemoteException;
}
public interface RemoteSession extends Remote
{
void logout() throws RemoteException;
void myMethod(...) throws RemoteException; // whatever you need
}
public class RemoteLoginImpl extends UnicastRemoteObject implements RemoteLogin
{
// ...
public RemoteSession login()
{
// ...
return new RemoteSessionImpl(); // whatever arguments you need
}
}
public class RemoteSessionImpl extends UnicastRemoteObject implements RemoteSession, Unreferenced
{
// ...
}