Package org.jgroups.protocols

Class SYM_ENCRYPT

  • public class SYM_ENCRYPT
extends Encrypt<java.security.KeyStore.SecretKeyEntry>
    Encrypts and decrypts communication in JGroups by using a secret key shared by all cluster members.

    The secret key is identical for all cluster members and is injected into this protocol at startup, e.g. by reading it from a keystore. Messages are sent by encrypting them with the secret key and received by decrypting them with the secret key. Note that all cluster members must be shipped with the same keystore file

    This protocol is typically placed under NAKACK2, so that most important headers are encrypted as well, to prevent replay attacks.

    A possible configuration looks like this:

    <SYM_ENCRYPT key_store_name="defaultStore.keystore" store_password="changeit" alias="myKey"/>

    In order to use SYM_ENCRYPT layer in this manner, it is necessary to have the secret key already generated in a keystore file. The directory containing the keystore file must be on the application's classpath. You cannot create a secret key keystore file using the keytool application shipped with the JDK. A java file called KeyStoreGenerator is included in the demo package that can be used from the command line (or IDE) to generate a suitable keystore.

    Author:
    Bela Ban, Steve Woodcock

    • Field Detail

      • keystore_name

        protected java.lang.String keystore_name

      • keystore_type

        protected java.lang.String keystore_type

      • store_password

        protected java.lang.String store_password

      • key_password

        protected java.lang.String key_password

      • alias

        protected java.lang.String alias

    • Constructor Detail

      • SYM_ENCRYPT

        public SYM_ENCRYPT()

    • Method Detail

      • keystoreName

        public java.lang.String keystoreName()

      • keystoreName

        public SYM_ENCRYPT keystoreName​(java.lang.String n)

      • alias

        public java.lang.String alias()

      • alias

        public SYM_ENCRYPT alias​(java.lang.String a)

      • storePassword

        public java.lang.String storePassword()

      • storePassword

        public SYM_ENCRYPT storePassword​(java.lang.String pwd)

      • setKeyStoreEntry

        public void setKeyStoreEntry​(java.security.KeyStore.SecretKeyEntry entry)
        Description copied from class: Encrypt
        Sets the key store entry used to configure this protocol.
        Specified by:
        setKeyStoreEntry in class Encrypt<java.security.KeyStore.SecretKeyEntry>
        Parameters:
        entry - a key store entry

      • setSecretKey

        public void setSecretKey​(javax.crypto.SecretKey key)

      • init

        public void init()
          throws java.lang.Exception
        Description copied from class: Protocol
        Called after instance has been created (null constructor) and before protocol is started. Properties are already set. Other protocols are not yet connected and events cannot yet be sent.
        Overrides:
        init in class Encrypt<java.security.KeyStore.SecretKeyEntry>
        Throws:
        java.lang.Exception - Thrown if protocol cannot be initialized successfully. This will cause the ProtocolStack to fail, so the channel constructor will throw an exception

      • readSecretKeyFromKeystore

        protected void readSecretKeyFromKeystore()
                                  throws java.lang.Exception
        Initialisation if a supplied key is defined in the properties. This supplied key must be in a keystore which can be generated using the keystoreGenerator file in demos. The keystore must be on the classpath to find it.
        Throws:
        java.lang.Exception

      • getKeyStoreSource

        protected java.io.InputStream getKeyStoreSource()
                                         throws java.io.FileNotFoundException
        Throws:
        java.io.FileNotFoundException