Class SYM_ENCRYPT
- java.lang.Object
-
- org.jgroups.stack.Protocol
-
- org.jgroups.protocols.Encrypt<java.security.KeyStore.SecretKeyEntry>
-
- org.jgroups.protocols.SYM_ENCRYPT
-
public class SYM_ENCRYPT extends Encrypt<java.security.KeyStore.SecretKeyEntry>
Encrypts and decrypts communication in JGroups by using a secret key shared by all cluster members.The secret key is identical for all cluster members and is injected into this protocol at startup, e.g. by reading it from a keystore. Messages are sent by encrypting them with the secret key and received by decrypting them with the secret key. Note that all cluster members must be shipped with the same keystore file
This protocol is typically placed under
NAKACK2
, so that most important headers are encrypted as well, to prevent replay attacks.A possible configuration looks like this:
<SYM_ENCRYPT key_store_name="defaultStore.keystore" store_password="changeit" alias="myKey"/>
In order to use SYM_ENCRYPT layer in this manner, it is necessary to have the secret key already generated in a keystore file. The directory containing the keystore file must be on the application's classpath. You cannot create a secret key keystore file using the keytool application shipped with the JDK. A java file called KeyStoreGenerator is included in the demo package that can be used from the command line (or IDE) to generate a suitable keystore.- Author:
- Bela Ban, Steve Woodcock
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.jgroups.protocols.Encrypt
Encrypt.Decrypter
-
-
Field Summary
Fields Modifier and Type Field Description protected java.lang.String
alias
protected java.lang.String
key_password
protected java.lang.String
keystore_name
protected java.lang.String
keystore_type
protected java.lang.String
store_password
-
Fields inherited from class org.jgroups.protocols.Encrypt
asym_algorithm, asym_keylength, cipher_pool_size, decoding_ciphers, DEFAULT_SYM_ALGO, encoding_ciphers, encrypt_entire_message, key_map, key_map_max_size, local_addr, provider, secret_key, secure_random, sign_msgs, sym_algorithm, sym_iv_length, sym_keylength, sym_version, use_adler, view
-
Fields inherited from class org.jgroups.stack.Protocol
after_creation_hook, down_prot, ergonomics, id, log, stack, stats, up_prot
-
-
Constructor Summary
Constructors Constructor Description SYM_ENCRYPT()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.String
alias()
SYM_ENCRYPT
alias(java.lang.String a)
protected java.io.InputStream
getKeyStoreSource()
void
init()
Called after instance has been created (null constructor) and before protocol is started.java.lang.String
keystoreName()
SYM_ENCRYPT
keystoreName(java.lang.String n)
protected void
readSecretKeyFromKeystore()
Initialisation if a supplied key is defined in the properties.void
setKeyStoreEntry(java.security.KeyStore.SecretKeyEntry entry)
Sets the key store entry used to configure this protocol.void
setSecretKey(javax.crypto.SecretKey key)
java.lang.String
storePassword()
SYM_ENCRYPT
storePassword(java.lang.String pwd)
-
Methods inherited from class org.jgroups.protocols.Encrypt
_decrypt, asymAlgorithm, asymAlgorithm, asymKeylength, asymKeylength, code, createCipher, decryptMessage, down, down, encrypt, encryptAndSend, getAlgorithm, getModeAndPadding, handleEncryptedMessage, handleView, initCipher, initSymCiphers, inView, localAddress, makeIv, printCachedGroupKeys, secretKey, secureRandom, secureRandom, simIvLength, symAlgorithm, symAlgorithm, symIvLength, symKeyAlgorithm, symKeylength, symKeylength, symVersion, up, up, up, version
-
Methods inherited from class org.jgroups.stack.Protocol
accept, afterCreationHook, destroy, enableStats, getConfigurableObjects, getDownProtocol, getDownServices, getId, getIdsAbove, getLevel, getLog, getName, getProtocolStack, getSocketFactory, getThreadFactory, getTransport, getUpProtocol, getUpServices, getValue, isErgonomics, level, parse, providedDownServices, providedUpServices, requiredDownServices, requiredUpServices, resetStatistics, resetStats, setDownProtocol, setErgonomics, setId, setLevel, setProtocolStack, setSocketFactory, setUpProtocol, setValue, start, statsEnabled, stop
-
-
-
-
Method Detail
-
keystoreName
public java.lang.String keystoreName()
-
keystoreName
public SYM_ENCRYPT keystoreName(java.lang.String n)
-
alias
public java.lang.String alias()
-
alias
public SYM_ENCRYPT alias(java.lang.String a)
-
storePassword
public java.lang.String storePassword()
-
storePassword
public SYM_ENCRYPT storePassword(java.lang.String pwd)
-
setKeyStoreEntry
public void setKeyStoreEntry(java.security.KeyStore.SecretKeyEntry entry)
Description copied from class:Encrypt
Sets the key store entry used to configure this protocol.- Specified by:
setKeyStoreEntry
in classEncrypt<java.security.KeyStore.SecretKeyEntry>
- Parameters:
entry
- a key store entry
-
setSecretKey
public void setSecretKey(javax.crypto.SecretKey key)
-
init
public void init() throws java.lang.Exception
Description copied from class:Protocol
Called after instance has been created (null constructor) and before protocol is started. Properties are already set. Other protocols are not yet connected and events cannot yet be sent.
-
readSecretKeyFromKeystore
protected void readSecretKeyFromKeystore() throws java.lang.Exception
Initialisation if a supplied key is defined in the properties. This supplied key must be in a keystore which can be generated using the keystoreGenerator file in demos. The keystore must be on the classpath to find it.- Throws:
java.lang.Exception
-
getKeyStoreSource
protected java.io.InputStream getKeyStoreSource() throws java.io.FileNotFoundException
- Throws:
java.io.FileNotFoundException
-
-