Package org.jgroups.protocols
Class SSL_KEY_EXCHANGE
- java.lang.Object
-
- org.jgroups.stack.Protocol
-
- org.jgroups.protocols.KeyExchange
-
- org.jgroups.protocols.SSL_KEY_EXCHANGE
-
public class SSL_KEY_EXCHANGE extends KeyExchange
Key exchange based on SSL sockets. The key server creates anSSLServerSocket
on a given port and members fetch the secret key by creating aSSLSocket
to the key server. The key server authenticates the client (and vice versa) and then sends the secret key over this encrypted channel.
When the key exchange has completed, the secret key requester closes its SSL connection to the key server.
Note that this implementation should prevent man-in-the-middle attacks.- Since:
- 4.0.5
- Author:
- Bela Ban
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static interface
SSL_KEY_EXCHANGE.SessionVerifier
protected static class
SSL_KEY_EXCHANGE.Type
-
Field Summary
Fields Modifier and Type Field Description protected java.net.InetAddress
bind_addr
protected javax.net.ssl.SSLContext
client_ssl_ctx
protected java.security.KeyStore
key_store
protected java.lang.String
keystore_name
protected java.lang.String
keystore_password
protected java.lang.String
keystore_type
protected int
port
protected int
port_range
protected boolean
require_client_authentication
protected java.lang.String
secret_key_algorithm
protected javax.net.ssl.SSLContext
server_ssl_ctx
protected SSL_KEY_EXCHANGE.SessionVerifier
session_verifier
protected java.lang.String
session_verifier_arg
protected java.lang.String
session_verifier_class
protected int
socket_timeout
protected javax.net.ssl.SSLServerSocket
srv_sock
protected Runner
srv_sock_handler
protected java.lang.String
ssl_protocol
protected java.lang.String
ssl_provider
protected View
view
-
Fields inherited from class org.jgroups.protocols.KeyExchange
local_addr
-
Fields inherited from class org.jgroups.stack.Protocol
after_creation_hook, down_prot, ergonomics, id, log, stack, stats, up_prot
-
-
Constructor Summary
Constructors Constructor Description SSL_KEY_EXCHANGE()
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description protected void
accept()
protected void
becomeKeyserver()
protected javax.net.ssl.SSLServerSocket
createServerSocket()
protected javax.net.ssl.SSLSocket
createSocketTo(Address target)
protected javax.net.ssl.SSLSocket
createSocketTo(IpAddress dest, javax.net.ssl.SSLSocketFactory sslSocketFactory)
void
destroy()
This method is called on aJChannel.close()
.void
fetchSecretKeyFrom(Address target)
Needs to fetch the secret key from a given destination (usually the key server).java.net.InetAddress
getBindAddress()
javax.net.ssl.SSLContext
getClientSSLContext()
protected javax.net.ssl.SSLContext
getContext()
java.security.KeyStore
getKeystore()
java.lang.String
getKeystoreName()
java.lang.String
getKeystorePassword()
java.lang.String
getKeystoreType()
int
getPort()
int
getPortRange()
boolean
getRequireClientAuthentication()
java.lang.String
getSecretKeyAlgorithm()
Address
getServerLocation()
Returns the address of the server, e.g.javax.net.ssl.SSLContext
getServerSSLContext()
SSL_KEY_EXCHANGE.SessionVerifier
getSessionVerifier()
java.lang.String
getSessionVerifierArg()
java.lang.String
getSessionVerifierClass()
int
getSocketTimeout()
javax.net.ssl.SSLContext
getSSLContext()
Deprecated.protected void
handleView(View view)
void
init()
Called after instance has been created (null constructor) and before protocol is started.SSL_KEY_EXCHANGE
setBindAddress(java.net.InetAddress a)
SSL_KEY_EXCHANGE
setClientSSLContext(javax.net.ssl.SSLContext client_ssl_ctx)
SSL_KEY_EXCHANGE
setKeystore(java.security.KeyStore ks)
SSL_KEY_EXCHANGE
setKeystoreName(java.lang.String name)
SSL_KEY_EXCHANGE
setKeystorePassword(java.lang.String pwd)
SSL_KEY_EXCHANGE
setKeystoreType(java.lang.String type)
SSL_KEY_EXCHANGE
setPort(int p)
SSL_KEY_EXCHANGE
setPortRange(int r)
SSL_KEY_EXCHANGE
setRequireClientAuthentication(boolean b)
SSL_KEY_EXCHANGE
setSecretKeyAlgorithm(java.lang.String a)
SSL_KEY_EXCHANGE
setServerSSLContext(javax.net.ssl.SSLContext server_ssl_ctx)
SSL_KEY_EXCHANGE
setSessionVerifier(SSL_KEY_EXCHANGE.SessionVerifier s)
SSL_KEY_EXCHANGE
setSessionVerifierArg(java.lang.String arg)
SSL_KEY_EXCHANGE
setSessionVerifierClass(java.lang.String cl)
SSL_KEY_EXCHANGE
setSocketTimeout(int timeout)
SSL_KEY_EXCHANGE
setSSLContext(javax.net.ssl.SSLContext ssl_ctx)
Deprecated.SSL_KEY_EXCHANGE
setSslProtocol(java.lang.String protocol)
void
start()
This method is called on aJChannel.connect(String)
.void
stop()
This method is called on aJChannel.disconnect()
.protected void
stopKeyserver()
java.lang.Object
up(Event evt)
An event was received from the protocol below.-
Methods inherited from class org.jgroups.protocols.KeyExchange
down, findProtocolAbove, getSecretKeyFromAbove, requiredUpServices, setSecretKeyAbove
-
Methods inherited from class org.jgroups.stack.Protocol
accept, afterCreationHook, down, enableStats, getConfigurableObjects, getDownProtocol, getDownServices, getId, getIdsAbove, getLevel, getLog, getName, getProtocolStack, getSocketFactory, getThreadFactory, getTransport, getUpProtocol, getUpServices, getValue, isErgonomics, level, parse, providedDownServices, providedUpServices, requiredDownServices, resetStatistics, resetStats, setDownProtocol, setErgonomics, setId, setLevel, setProtocolStack, setSocketFactory, setUpProtocol, setValue, statsEnabled, up, up
-
-
-
-
Field Detail
-
bind_addr
protected java.net.InetAddress bind_addr
-
port
protected int port
-
port_range
protected int port_range
-
keystore_name
protected java.lang.String keystore_name
-
keystore_type
protected java.lang.String keystore_type
-
keystore_password
protected java.lang.String keystore_password
-
secret_key_algorithm
protected java.lang.String secret_key_algorithm
-
require_client_authentication
protected boolean require_client_authentication
-
ssl_protocol
protected java.lang.String ssl_protocol
-
ssl_provider
protected java.lang.String ssl_provider
-
socket_timeout
protected int socket_timeout
-
session_verifier_class
protected java.lang.String session_verifier_class
-
session_verifier_arg
protected java.lang.String session_verifier_arg
-
client_ssl_ctx
protected javax.net.ssl.SSLContext client_ssl_ctx
-
server_ssl_ctx
protected javax.net.ssl.SSLContext server_ssl_ctx
-
srv_sock
protected javax.net.ssl.SSLServerSocket srv_sock
-
srv_sock_handler
protected Runner srv_sock_handler
-
key_store
protected java.security.KeyStore key_store
-
view
protected View view
-
session_verifier
protected SSL_KEY_EXCHANGE.SessionVerifier session_verifier
-
-
Method Detail
-
getBindAddress
public java.net.InetAddress getBindAddress()
-
setBindAddress
public SSL_KEY_EXCHANGE setBindAddress(java.net.InetAddress a)
-
getPort
public int getPort()
-
setPort
public SSL_KEY_EXCHANGE setPort(int p)
-
getPortRange
public int getPortRange()
-
setPortRange
public SSL_KEY_EXCHANGE setPortRange(int r)
-
getKeystoreName
public java.lang.String getKeystoreName()
-
setKeystoreName
public SSL_KEY_EXCHANGE setKeystoreName(java.lang.String name)
-
getKeystoreType
public java.lang.String getKeystoreType()
-
setKeystoreType
public SSL_KEY_EXCHANGE setKeystoreType(java.lang.String type)
-
getKeystorePassword
public java.lang.String getKeystorePassword()
-
setKeystorePassword
public SSL_KEY_EXCHANGE setKeystorePassword(java.lang.String pwd)
-
getSecretKeyAlgorithm
public java.lang.String getSecretKeyAlgorithm()
-
setSecretKeyAlgorithm
public SSL_KEY_EXCHANGE setSecretKeyAlgorithm(java.lang.String a)
-
getRequireClientAuthentication
public boolean getRequireClientAuthentication()
-
setRequireClientAuthentication
public SSL_KEY_EXCHANGE setRequireClientAuthentication(boolean b)
-
setSslProtocol
public SSL_KEY_EXCHANGE setSslProtocol(java.lang.String protocol)
-
getSocketTimeout
public int getSocketTimeout()
-
setSocketTimeout
public SSL_KEY_EXCHANGE setSocketTimeout(int timeout)
-
getSessionVerifierClass
public java.lang.String getSessionVerifierClass()
-
setSessionVerifierClass
public SSL_KEY_EXCHANGE setSessionVerifierClass(java.lang.String cl)
-
getSessionVerifierArg
public java.lang.String getSessionVerifierArg()
-
setSessionVerifierArg
public SSL_KEY_EXCHANGE setSessionVerifierArg(java.lang.String arg)
-
getKeystore
public java.security.KeyStore getKeystore()
-
setKeystore
public SSL_KEY_EXCHANGE setKeystore(java.security.KeyStore ks)
-
getSessionVerifier
public SSL_KEY_EXCHANGE.SessionVerifier getSessionVerifier()
-
setSessionVerifier
public SSL_KEY_EXCHANGE setSessionVerifier(SSL_KEY_EXCHANGE.SessionVerifier s)
-
getSSLContext
@Deprecated public javax.net.ssl.SSLContext getSSLContext()
Deprecated.
-
setSSLContext
@Deprecated public SSL_KEY_EXCHANGE setSSLContext(javax.net.ssl.SSLContext ssl_ctx)
Deprecated.
-
getClientSSLContext
public javax.net.ssl.SSLContext getClientSSLContext()
-
setClientSSLContext
public SSL_KEY_EXCHANGE setClientSSLContext(javax.net.ssl.SSLContext client_ssl_ctx)
-
getServerSSLContext
public javax.net.ssl.SSLContext getServerSSLContext()
-
setServerSSLContext
public SSL_KEY_EXCHANGE setServerSSLContext(javax.net.ssl.SSLContext server_ssl_ctx)
-
getServerLocation
public Address getServerLocation()
Description copied from class:KeyExchange
Returns the address of the server, e.g. server socket (if any)- Specified by:
getServerLocation
in classKeyExchange
-
init
public void init() throws java.lang.Exception
Description copied from class:Protocol
Called after instance has been created (null constructor) and before protocol is started. Properties are already set. Other protocols are not yet connected and events cannot yet be sent.
-
start
public void start() throws java.lang.Exception
Description copied from class:Protocol
This method is called on aJChannel.connect(String)
. Starts work. Protocols are connected and queues are ready to receive events. Will be called from bottom to top. This call will replace the START and START_OK events.- Overrides:
start
in classProtocol
- Throws:
java.lang.Exception
- Thrown if protocol cannot be started successfully. This will cause the ProtocolStack to fail, soJChannel.connect(String)
will throw an exception
-
stop
public void stop()
Description copied from class:Protocol
This method is called on aJChannel.disconnect()
. Stops work (e.g. by closing multicast socket). Will be called from top to bottom. This means that at the time of the method invocation the neighbor protocol below is still working. This method will replace the STOP, STOP_OK, CLEANUP and CLEANUP_OK events. The ProtocolStack guarantees that when this method is called all messages in the down queue will have been flushed
-
destroy
public void destroy()
Description copied from class:Protocol
This method is called on aJChannel.close()
. Does some cleanup; after the call the VM will terminate
-
up
public java.lang.Object up(Event evt)
Description copied from class:Protocol
An event was received from the protocol below. Usually the current protocol will want to examine the event type and - depending on its type - perform some computation (e.g. removing headers from a MSG event type, or updating the internal membership list when receiving a VIEW_CHANGE event). Finally the event is either a) discarded, or b) an event is sent down the stack usingdown_prot.down()
or c) the event (or another event) is sent up the stack usingup_prot.up()
.
-
fetchSecretKeyFrom
public void fetchSecretKeyFrom(Address target) throws java.lang.Exception
Description copied from class:KeyExchange
Needs to fetch the secret key from a given destination (usually the key server). When received, the secret key (and version) needs to be installed in a protocol above usingKeyExchange.setSecretKeyAbove(Tuple)
.- Specified by:
fetchSecretKeyFrom
in classKeyExchange
- Parameters:
target
- The member from which to fetch the secret key- Throws:
java.lang.Exception
-
accept
protected void accept()
-
handleView
protected void handleView(View view)
- Overrides:
handleView
in classKeyExchange
-
becomeKeyserver
protected void becomeKeyserver() throws java.lang.Exception
- Throws:
java.lang.Exception
-
stopKeyserver
protected void stopKeyserver()
-
createServerSocket
protected javax.net.ssl.SSLServerSocket createServerSocket() throws java.lang.Exception
- Throws:
java.lang.Exception
-
createSocketTo
protected javax.net.ssl.SSLSocket createSocketTo(Address target) throws java.lang.Exception
- Throws:
java.lang.Exception
-
createSocketTo
protected javax.net.ssl.SSLSocket createSocketTo(IpAddress dest, javax.net.ssl.SSLSocketFactory sslSocketFactory)
-
getContext
protected javax.net.ssl.SSLContext getContext() throws java.lang.Exception
- Throws:
java.lang.Exception
-
-