Package org.jgroups.protocols

Class SSL_KEY_EXCHANGE

  • public class SSL_KEY_EXCHANGE
extends KeyExchange
    Key exchange based on SSL sockets. The key server creates an SSLServerSocket on a given port and members fetch the secret key by creating a SSLSocket to the key server. The key server authenticates the client (and vice versa) and then sends the secret key over this encrypted channel.
    When the key exchange has completed, the secret key requester closes its SSL connection to the key server.
    Note that this implementation should prevent man-in-the-middle attacks.
    Since:
    4.0.5
    Author:
    Bela Ban

    • Field Detail

      • bind_addr

        protected java.net.InetAddress bind_addr

      • port

        protected int port

      • port_range

        protected int port_range

      • keystore_name

        protected java.lang.String keystore_name

      • keystore_type

        protected java.lang.String keystore_type

      • keystore_password

        protected java.lang.String keystore_password

      • secret_key_algorithm

        protected java.lang.String secret_key_algorithm

      • require_client_authentication

        protected boolean require_client_authentication

      • ssl_protocol

        protected java.lang.String ssl_protocol

      • ssl_provider

        protected java.lang.String ssl_provider

      • socket_timeout

        protected int socket_timeout

      • session_verifier_class

        protected java.lang.String session_verifier_class

      • session_verifier_arg

        protected java.lang.String session_verifier_arg

      • client_ssl_ctx

        protected javax.net.ssl.SSLContext client_ssl_ctx

      • server_ssl_ctx

        protected javax.net.ssl.SSLContext server_ssl_ctx

      • srv_sock

        protected javax.net.ssl.SSLServerSocket srv_sock

      • srv_sock_handler

        protected Runner srv_sock_handler

      • key_store

        protected java.security.KeyStore key_store

      • view

        protected View view

    • Constructor Detail

      • SSL_KEY_EXCHANGE

        public SSL_KEY_EXCHANGE()

    • Method Detail

      • getBindAddress

        public java.net.InetAddress getBindAddress()

      • setBindAddress

        public SSL_KEY_EXCHANGE setBindAddress​(java.net.InetAddress a)

      • getPort

        public int getPort()

      • getPortRange

        public int getPortRange()

      • getKeystoreName

        public java.lang.String getKeystoreName()

      • setKeystoreName

        public SSL_KEY_EXCHANGE setKeystoreName​(java.lang.String name)

      • getKeystoreType

        public java.lang.String getKeystoreType()

      • setKeystoreType

        public SSL_KEY_EXCHANGE setKeystoreType​(java.lang.String type)

      • getKeystorePassword

        public java.lang.String getKeystorePassword()

      • setKeystorePassword

        public SSL_KEY_EXCHANGE setKeystorePassword​(java.lang.String pwd)

      • getSecretKeyAlgorithm

        public java.lang.String getSecretKeyAlgorithm()

      • setSecretKeyAlgorithm

        public SSL_KEY_EXCHANGE setSecretKeyAlgorithm​(java.lang.String a)

      • getRequireClientAuthentication

        public boolean getRequireClientAuthentication()

      • setRequireClientAuthentication

        public SSL_KEY_EXCHANGE setRequireClientAuthentication​(boolean b)

      • setSslProtocol

        public SSL_KEY_EXCHANGE setSslProtocol​(java.lang.String protocol)

      • getSocketTimeout

        public int getSocketTimeout()

      • getSessionVerifierClass

        public java.lang.String getSessionVerifierClass()

      • setSessionVerifierClass

        public SSL_KEY_EXCHANGE setSessionVerifierClass​(java.lang.String cl)

      • getSessionVerifierArg

        public java.lang.String getSessionVerifierArg()

      • setSessionVerifierArg

        public SSL_KEY_EXCHANGE setSessionVerifierArg​(java.lang.String arg)

      • getKeystore

        public java.security.KeyStore getKeystore()

      • setKeystore

        public SSL_KEY_EXCHANGE setKeystore​(java.security.KeyStore ks)

      • getSSLContext

        @Deprecated
public javax.net.ssl.SSLContext getSSLContext()
        Deprecated.

      • setSSLContext

        @Deprecated
public SSL_KEY_EXCHANGE setSSLContext​(javax.net.ssl.SSLContext ssl_ctx)
        Deprecated.

      • getClientSSLContext

        public javax.net.ssl.SSLContext getClientSSLContext()

      • setClientSSLContext

        public SSL_KEY_EXCHANGE setClientSSLContext​(javax.net.ssl.SSLContext client_ssl_ctx)

      • getServerSSLContext

        public javax.net.ssl.SSLContext getServerSSLContext()

      • setServerSSLContext

        public SSL_KEY_EXCHANGE setServerSSLContext​(javax.net.ssl.SSLContext server_ssl_ctx)

      • init

        public void init()
          throws java.lang.Exception
        Description copied from class: Protocol
        Called after instance has been created (null constructor) and before protocol is started. Properties are already set. Other protocols are not yet connected and events cannot yet be sent.
        Overrides:
        init in class Protocol
        Throws:
        java.lang.Exception - Thrown if protocol cannot be initialized successfully. This will cause the ProtocolStack to fail, so the channel constructor will throw an exception

      • start

        public void start()
           throws java.lang.Exception
        Description copied from class: Protocol
        This method is called on a JChannel.connect(String). Starts work. Protocols are connected and queues are ready to receive events. Will be called from bottom to top. This call will replace the START and START_OK events.
        Overrides:
        start in class Protocol
        Throws:
        java.lang.Exception - Thrown if protocol cannot be started successfully. This will cause the ProtocolStack to fail, so JChannel.connect(String) will throw an exception

      • stop

        public void stop()
        Description copied from class: Protocol
        This method is called on a JChannel.disconnect(). Stops work (e.g. by closing multicast socket). Will be called from top to bottom. This means that at the time of the method invocation the neighbor protocol below is still working. This method will replace the STOP, STOP_OK, CLEANUP and CLEANUP_OK events. The ProtocolStack guarantees that when this method is called all messages in the down queue will have been flushed
        Overrides:
        stop in class Protocol

      • destroy

        public void destroy()
        Description copied from class: Protocol
        This method is called on a JChannel.close(). Does some cleanup; after the call the VM will terminate
        Overrides:
        destroy in class Protocol

      • up

        public java.lang.Object up​(Event evt)
        Description copied from class: Protocol
        An event was received from the protocol below. Usually the current protocol will want to examine the event type and - depending on its type - perform some computation (e.g. removing headers from a MSG event type, or updating the internal membership list when receiving a VIEW_CHANGE event). Finally the event is either a) discarded, or b) an event is sent down the stack using down_prot.down() or c) the event (or another event) is sent up the stack using up_prot.up().
        Overrides:
        up in class Protocol

      • fetchSecretKeyFrom

        public void fetchSecretKeyFrom​(Address target)
                        throws java.lang.Exception
        Description copied from class: KeyExchange
        Needs to fetch the secret key from a given destination (usually the key server). When received, the secret key (and version) needs to be installed in a protocol above using KeyExchange.setSecretKeyAbove(Tuple).
        Specified by:
        fetchSecretKeyFrom in class KeyExchange
        Parameters:
        target - The member from which to fetch the secret key
        Throws:
        java.lang.Exception

      • accept

        protected void accept()

      • becomeKeyserver

        protected void becomeKeyserver()
                        throws java.lang.Exception
        Throws:
        java.lang.Exception

      • stopKeyserver

        protected void stopKeyserver()

      • createServerSocket

        protected javax.net.ssl.SSLServerSocket createServerSocket()
                                                    throws java.lang.Exception
        Throws:
        java.lang.Exception

      • createSocketTo

        protected javax.net.ssl.SSLSocket createSocketTo​(Address target)
                                          throws java.lang.Exception
        Throws:
        java.lang.Exception

      • createSocketTo

        protected javax.net.ssl.SSLSocket createSocketTo​(IpAddress dest,
                                                 javax.net.ssl.SSLSocketFactory sslSocketFactory)

      • getContext

        protected javax.net.ssl.SSLContext getContext()
                                       throws java.lang.Exception
        Throws:
        java.lang.Exception