Package org.jgroups.protocols
Class DH_KEY_EXCHANGE
- java.lang.Object
-
- org.jgroups.stack.Protocol
-
- org.jgroups.protocols.KeyExchange
-
- org.jgroups.protocols.DH_KEY_EXCHANGE
-
public class DH_KEY_EXCHANGE extends KeyExchange
Key exchange based on Diffie-Hellman-Merkle (https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange).
Diffie-Hellman is used between a member and a key server (the coordinator) to obtain a session key (only known to the key server and the joiner) which is used by the key server to encrypt the shared secret symmetric (group) key and by the requester to decrypt the group key it gets in the response of the key server.
Note that this implementation is not immune against man-in-the-middle attacks.- Since:
- 4.0.5
- Author:
- Bela Ban
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
DH_KEY_EXCHANGE.DhHeader
protected static class
DH_KEY_EXCHANGE.Type
-
Field Summary
Fields Modifier and Type Field Description protected java.security.PublicKey
dh_key
The public key used for the Diffie-Hellman key exchange to obtain the session key (used to encrypt the keyserver's secret key)protected static java.security.KeyFactory
dh_key_factory
protected javax.crypto.KeyAgreement
key_agreement
Diffie-Hellman protocol engineprotected static java.security.KeyPairGenerator
key_pair_gen
protected long
last_key_request
Time (ms) when the last key request was sent, prevents too many requestsprotected java.lang.String
secret_key_algorithm
protected int
secret_key_length
protected long
timeout
-
Fields inherited from class org.jgroups.protocols.KeyExchange
local_addr
-
Fields inherited from class org.jgroups.stack.Protocol
after_creation_hook, down_prot, ergonomics, id, log, stack, stats, up_prot
-
-
Constructor Summary
Constructors Constructor Description DH_KEY_EXCHANGE()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
fetchSecretKeyFrom(Address target)
Needs to fetch the secret key from a given destination (usually the key server).Address
getServerLocation()
Returns the address of the server, e.g.protected void
handle(DH_KEY_EXCHANGE.DhHeader hdr, Address sender)
protected void
handleSecretKeyRequest(java.security.PublicKey dh_public_key, Address sender)
protected void
handleSecretKeyResponse(java.security.PublicKey dh_public_key, byte[] encrypted_secret_key, byte[] version, Address sender)
protected javax.crypto.SecretKey
hash(byte[] key)
void
init()
Called after instance has been created (null constructor) and before protocol is started.protected static java.lang.String
print16(java.security.PublicKey pub_key)
java.lang.Object
up(Message msg)
A single message was received.void
up(MessageBatch batch)
Sends up a multiple messages in aMessageBatch
.-
Methods inherited from class org.jgroups.protocols.KeyExchange
down, findProtocolAbove, getSecretKeyFromAbove, handleView, requiredUpServices, setSecretKeyAbove
-
Methods inherited from class org.jgroups.stack.Protocol
accept, afterCreationHook, destroy, down, enableStats, getConfigurableObjects, getDownProtocol, getDownServices, getId, getIdsAbove, getLevel, getLog, getName, getProtocolStack, getSocketFactory, getThreadFactory, getTransport, getUpProtocol, getUpServices, getValue, isErgonomics, level, parse, providedDownServices, providedUpServices, requiredDownServices, resetStatistics, resetStats, setDownProtocol, setErgonomics, setId, setLevel, setProtocolStack, setSocketFactory, setUpProtocol, setValue, start, statsEnabled, stop, up
-
-
-
-
Field Detail
-
secret_key_algorithm
protected java.lang.String secret_key_algorithm
-
secret_key_length
protected int secret_key_length
-
timeout
protected long timeout
-
key_agreement
protected javax.crypto.KeyAgreement key_agreement
Diffie-Hellman protocol engine
-
dh_key
protected java.security.PublicKey dh_key
The public key used for the Diffie-Hellman key exchange to obtain the session key (used to encrypt the keyserver's secret key)
-
last_key_request
protected long last_key_request
Time (ms) when the last key request was sent, prevents too many requests
-
key_pair_gen
protected static final java.security.KeyPairGenerator key_pair_gen
-
dh_key_factory
protected static final java.security.KeyFactory dh_key_factory
-
-
Method Detail
-
init
public void init() throws java.lang.Exception
Description copied from class:Protocol
Called after instance has been created (null constructor) and before protocol is started. Properties are already set. Other protocols are not yet connected and events cannot yet be sent.
-
fetchSecretKeyFrom
public void fetchSecretKeyFrom(Address target) throws java.security.NoSuchAlgorithmException, java.security.InvalidKeyException
Description copied from class:KeyExchange
Needs to fetch the secret key from a given destination (usually the key server). When received, the secret key (and version) needs to be installed in a protocol above usingKeyExchange.setSecretKeyAbove(Tuple)
.- Specified by:
fetchSecretKeyFrom
in classKeyExchange
- Parameters:
target
- The member from which to fetch the secret key- Throws:
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
-
getServerLocation
public Address getServerLocation()
Description copied from class:KeyExchange
Returns the address of the server, e.g. server socket (if any)- Specified by:
getServerLocation
in classKeyExchange
-
up
public java.lang.Object up(Message msg)
Description copied from class:Protocol
A single message was received. Protocols may examine the message and do something (e.g. add a header) with it before passing it up.
-
up
public void up(MessageBatch batch)
Description copied from class:Protocol
Sends up a multiple messages in aMessageBatch
. The sender of the batch is always the same, and so is the destination (null == multicast messages). Messages in a batch can be OOB messages, regular messages, or mixed messages, although the transport itself will create initial MessageBatches that contain only either OOB or regular messages. The default processing below sends messages up the stack individually, based on a matching criteria (callingProtocol.accept(org.jgroups.Message)
), and - if true - callsProtocol.up(org.jgroups.Event)
for that message and removes the message. If the batch is not empty, it is passed up, or else it is dropped. Subclasses should check if there are any messages destined for them (e.g. usingMessageBatch.getMatchingMessages(short,boolean)
), then possibly remove and process them and finally pass the batch up to the next protocol. Protocols can also modify messages in place, e.g. ENCRYPT could decrypt all encrypted messages in the batch, not remove them, and pass the batch up when done.
-
handle
protected void handle(DH_KEY_EXCHANGE.DhHeader hdr, Address sender)
-
handleSecretKeyRequest
protected void handleSecretKeyRequest(java.security.PublicKey dh_public_key, Address sender) throws java.lang.Exception
- Throws:
java.lang.Exception
-
handleSecretKeyResponse
protected void handleSecretKeyResponse(java.security.PublicKey dh_public_key, byte[] encrypted_secret_key, byte[] version, Address sender) throws java.lang.Exception
- Throws:
java.lang.Exception
-
hash
protected javax.crypto.SecretKey hash(byte[] key) throws java.lang.Exception
- Throws:
java.lang.Exception
-
print16
protected static java.lang.String print16(java.security.PublicKey pub_key)
-
-