Package org.jgroups.protocols
Class SSL_KEY_EXCHANGE
- java.lang.Object
-
- org.jgroups.stack.Protocol
-
- org.jgroups.protocols.KeyExchange
-
- org.jgroups.protocols.SSL_KEY_EXCHANGE
-
- All Implemented Interfaces:
Lifecycle
public class SSL_KEY_EXCHANGE extends KeyExchange
Key exchange based on SSL sockets. The key server creates anSSLServerSocket
on a given port and members fetch the secret key by creating aSSLSocket
to the key server. The key server authenticates the client (and vice versa) and then sends the secret key over this encrypted channel.
When the key exchange has completed, the secret key requester closes its SSL connection to the key server.
Note that this implementation should prevent man-in-the-middle attacks.- Since:
- 4.0.5
- Author:
- Bela Ban
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static interface
SSL_KEY_EXCHANGE.SessionVerifier
protected class
SSL_KEY_EXCHANGE.SSLContextReloader
Helper class that knows how and when to reload the SSLContext.protected static class
SSL_KEY_EXCHANGE.Type
-
Field Summary
Fields Modifier and Type Field Description protected java.net.InetAddress
bind_addr
protected javax.net.ssl.SSLContext
client_ssl_ctx
protected SSL_KEY_EXCHANGE.SSLContextReloader
client_ssl_ctx_reloader
protected java.security.KeyStore
key_store
protected java.lang.String
keystore_name
protected java.lang.String
keystore_password
protected java.lang.String
keystore_type
protected int
port
protected int
port_range
protected long
reload_threshold
protected boolean
require_client_authentication
protected java.lang.String
secret_key_algorithm
protected javax.net.ssl.SSLContext
server_ssl_ctx
protected SSL_KEY_EXCHANGE.SSLContextReloader
server_ssl_ctx_reloader
protected SSL_KEY_EXCHANGE.SessionVerifier
session_verifier
protected java.lang.String
session_verifier_arg
protected java.lang.String
session_verifier_class
protected int
socket_timeout
protected javax.net.ssl.SSLServerSocket
srv_sock
protected Runner
srv_sock_handler
protected java.lang.String
ssl_protocol
protected java.lang.String
ssl_provider
protected java.security.KeyStore
trust_store
protected java.lang.String
truststore_name
protected java.lang.String
truststore_password
protected java.lang.String
truststore_type
protected View
view
-
Fields inherited from class org.jgroups.stack.Protocol
after_creation_hook, down_prot, ergonomics, id, local_addr, log, policies, stack, stats, up_prot
-
-
Constructor Summary
Constructors Constructor Description SSL_KEY_EXCHANGE()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
accept()
protected void
becomeKeyserver()
protected javax.net.ssl.SSLServerSocket
createServerSocket()
protected javax.net.ssl.SSLSocket
createSocketTo(Address target)
protected javax.net.ssl.SSLSocket
createSocketTo(IpAddress dest, javax.net.ssl.SSLSocketFactory sslSocketFactory)
void
destroy()
This method is called on aJChannel.close()
.void
fetchSecretKeyFrom(Address target)
Needs to fetch the secret key from a given destination (usually the key server).java.net.InetAddress
getBindAddress()
javax.net.ssl.SSLContext
getClientSSLContext()
java.security.KeyStore
getKeystore()
java.lang.String
getKeystoreName()
java.lang.String
getKeystorePassword()
java.lang.String
getKeystoreType()
int
getPort()
int
getPortRange()
boolean
getRequireClientAuthentication()
java.lang.String
getSecretKeyAlgorithm()
Address
getServerLocation()
Returns the address of the server, e.g.javax.net.ssl.SSLContext
getServerSSLContext()
SSL_KEY_EXCHANGE.SessionVerifier
getSessionVerifier()
java.lang.String
getSessionVerifierArg()
java.lang.String
getSessionVerifierClass()
int
getSocketTimeout()
java.security.KeyStore
getTruststore()
java.lang.String
getTruststoreName()
java.lang.String
getTruststorePassword()
java.lang.String
getTruststoreType()
protected void
handleView(View view)
void
init()
Called after a protocol has been created and before the protocol is started.void
reloadKeystoreAndTruststore()
SSL_KEY_EXCHANGE
setBindAddress(java.net.InetAddress a)
SSL_KEY_EXCHANGE
setClientSSLContext(javax.net.ssl.SSLContext client_ssl_ctx)
SSL_KEY_EXCHANGE
setKeystore(java.security.KeyStore ks)
SSL_KEY_EXCHANGE
setKeystoreName(java.lang.String name)
SSL_KEY_EXCHANGE
setKeystorePassword(java.lang.String pwd)
SSL_KEY_EXCHANGE
setKeystoreType(java.lang.String type)
SSL_KEY_EXCHANGE
setPort(int p)
SSL_KEY_EXCHANGE
setPortRange(int r)
SSL_KEY_EXCHANGE
setReloadThreshold(long d)
SSL_KEY_EXCHANGE
setRequireClientAuthentication(boolean b)
SSL_KEY_EXCHANGE
setSecretKeyAlgorithm(java.lang.String a)
SSL_KEY_EXCHANGE
setServerSSLContext(javax.net.ssl.SSLContext server_ssl_ctx)
SSL_KEY_EXCHANGE
setSessionVerifier(SSL_KEY_EXCHANGE.SessionVerifier s)
SSL_KEY_EXCHANGE
setSessionVerifierArg(java.lang.String arg)
SSL_KEY_EXCHANGE
setSessionVerifierClass(java.lang.String cl)
SSL_KEY_EXCHANGE
setSocketTimeout(int timeout)
SSL_KEY_EXCHANGE
setSslProtocol(java.lang.String protocol)
SSL_KEY_EXCHANGE
setTruststore(java.security.KeyStore ks)
SSL_KEY_EXCHANGE
setTruststoreName(java.lang.String name)
SSL_KEY_EXCHANGE
setTruststorePassword(java.lang.String pwd)
SSL_KEY_EXCHANGE
setTruststoreType(java.lang.String type)
void
start()
This method is called on aJChannel.connect(String)
; starts work.void
stop()
Called on aJChannel.disconnect()
; stops work (e.g.protected void
stopKeyserver()
java.lang.Object
up(Event evt)
An event was received from the protocol below.-
Methods inherited from class org.jgroups.protocols.KeyExchange
down, findProtocolAbove, getSecretKeyFromAbove, requiredUpServices, setSecretKeyAbove
-
Methods inherited from class org.jgroups.stack.Protocol
accept, addPolicy, addr, addr, afterCreationHook, down, down, enableStats, getAddress, getComponents, getDownProtocol, getDownServices, getId, getIdsAbove, getLevel, getLog, getName, getPolicies, getProtocolStack, getSocketFactory, getThreadFactory, getTransport, getUpProtocol, getUpServices, getValue, isErgonomics, level, parse, policies, providedDownServices, providedUpServices, removePolicy, requiredDownServices, resetStatistics, resetStats, setAddress, setDownProtocol, setErgonomics, setId, setLevel, setPolicies, setProtocolStack, setSocketFactory, setUpProtocol, setValue, statsEnabled, toString, up, up
-
-
-
-
Field Detail
-
bind_addr
protected java.net.InetAddress bind_addr
-
port
protected int port
-
port_range
protected int port_range
-
keystore_name
protected java.lang.String keystore_name
-
keystore_type
protected java.lang.String keystore_type
-
keystore_password
protected java.lang.String keystore_password
-
truststore_name
protected java.lang.String truststore_name
-
truststore_type
protected java.lang.String truststore_type
-
truststore_password
protected java.lang.String truststore_password
-
reload_threshold
protected long reload_threshold
-
secret_key_algorithm
protected java.lang.String secret_key_algorithm
-
require_client_authentication
protected boolean require_client_authentication
-
ssl_protocol
protected java.lang.String ssl_protocol
-
ssl_provider
protected java.lang.String ssl_provider
-
socket_timeout
protected int socket_timeout
-
session_verifier_class
protected java.lang.String session_verifier_class
-
session_verifier_arg
protected java.lang.String session_verifier_arg
-
client_ssl_ctx
protected javax.net.ssl.SSLContext client_ssl_ctx
-
server_ssl_ctx
protected javax.net.ssl.SSLContext server_ssl_ctx
-
client_ssl_ctx_reloader
protected SSL_KEY_EXCHANGE.SSLContextReloader client_ssl_ctx_reloader
-
server_ssl_ctx_reloader
protected SSL_KEY_EXCHANGE.SSLContextReloader server_ssl_ctx_reloader
-
srv_sock
protected javax.net.ssl.SSLServerSocket srv_sock
-
srv_sock_handler
protected Runner srv_sock_handler
-
key_store
protected java.security.KeyStore key_store
-
trust_store
protected java.security.KeyStore trust_store
-
view
protected View view
-
session_verifier
protected SSL_KEY_EXCHANGE.SessionVerifier session_verifier
-
-
Method Detail
-
getBindAddress
public java.net.InetAddress getBindAddress()
-
setBindAddress
public SSL_KEY_EXCHANGE setBindAddress(java.net.InetAddress a)
-
getPort
public int getPort()
-
setPort
public SSL_KEY_EXCHANGE setPort(int p)
-
getPortRange
public int getPortRange()
-
setPortRange
public SSL_KEY_EXCHANGE setPortRange(int r)
-
getKeystoreName
public java.lang.String getKeystoreName()
-
setKeystoreName
public SSL_KEY_EXCHANGE setKeystoreName(java.lang.String name)
-
getKeystoreType
public java.lang.String getKeystoreType()
-
setKeystoreType
public SSL_KEY_EXCHANGE setKeystoreType(java.lang.String type)
-
getKeystorePassword
public java.lang.String getKeystorePassword()
-
setKeystorePassword
public SSL_KEY_EXCHANGE setKeystorePassword(java.lang.String pwd)
-
getTruststoreName
public java.lang.String getTruststoreName()
-
setTruststoreName
public SSL_KEY_EXCHANGE setTruststoreName(java.lang.String name)
-
getTruststoreType
public java.lang.String getTruststoreType()
-
setTruststoreType
public SSL_KEY_EXCHANGE setTruststoreType(java.lang.String type)
-
getTruststorePassword
public java.lang.String getTruststorePassword()
-
setTruststorePassword
public SSL_KEY_EXCHANGE setTruststorePassword(java.lang.String pwd)
-
getSecretKeyAlgorithm
public java.lang.String getSecretKeyAlgorithm()
-
setSecretKeyAlgorithm
public SSL_KEY_EXCHANGE setSecretKeyAlgorithm(java.lang.String a)
-
getRequireClientAuthentication
public boolean getRequireClientAuthentication()
-
setRequireClientAuthentication
public SSL_KEY_EXCHANGE setRequireClientAuthentication(boolean b)
-
setSslProtocol
public SSL_KEY_EXCHANGE setSslProtocol(java.lang.String protocol)
-
getSocketTimeout
public int getSocketTimeout()
-
setSocketTimeout
public SSL_KEY_EXCHANGE setSocketTimeout(int timeout)
-
getSessionVerifierClass
public java.lang.String getSessionVerifierClass()
-
setSessionVerifierClass
public SSL_KEY_EXCHANGE setSessionVerifierClass(java.lang.String cl)
-
getSessionVerifierArg
public java.lang.String getSessionVerifierArg()
-
setSessionVerifierArg
public SSL_KEY_EXCHANGE setSessionVerifierArg(java.lang.String arg)
-
getKeystore
public java.security.KeyStore getKeystore()
-
setKeystore
public SSL_KEY_EXCHANGE setKeystore(java.security.KeyStore ks)
-
getTruststore
public java.security.KeyStore getTruststore()
-
setTruststore
public SSL_KEY_EXCHANGE setTruststore(java.security.KeyStore ks)
-
getSessionVerifier
public SSL_KEY_EXCHANGE.SessionVerifier getSessionVerifier()
-
setSessionVerifier
public SSL_KEY_EXCHANGE setSessionVerifier(SSL_KEY_EXCHANGE.SessionVerifier s)
-
getClientSSLContext
public javax.net.ssl.SSLContext getClientSSLContext()
-
setClientSSLContext
public SSL_KEY_EXCHANGE setClientSSLContext(javax.net.ssl.SSLContext client_ssl_ctx)
-
getServerSSLContext
public javax.net.ssl.SSLContext getServerSSLContext()
-
setServerSSLContext
public SSL_KEY_EXCHANGE setServerSSLContext(javax.net.ssl.SSLContext server_ssl_ctx)
-
setReloadThreshold
public SSL_KEY_EXCHANGE setReloadThreshold(long d)
-
getServerLocation
public Address getServerLocation()
Description copied from class:KeyExchange
Returns the address of the server, e.g. server socket (if any)- Specified by:
getServerLocation
in classKeyExchange
-
init
public void init() throws java.lang.Exception
Description copied from class:Protocol
Called after a protocol has been created and before the protocol is started. Attributes are already set. Other protocols are not yet connected and events cannot yet be sent.
-
start
public void start() throws java.lang.Exception
Description copied from class:Protocol
This method is called on aJChannel.connect(String)
; starts work. Protocols are connected ready to receive events. Will be called from bottom to top.- Specified by:
start
in interfaceLifecycle
- Overrides:
start
in classProtocol
- Throws:
java.lang.Exception
- Thrown if protocol cannot be started successfully. This will cause the ProtocolStack to fail, soJChannel.connect(String)
will throw an exception
-
stop
public void stop()
Description copied from class:Protocol
Called on aJChannel.disconnect()
; stops work (e.g. by closing multicast socket). Will be called from top to bottom.
-
reloadKeystoreAndTruststore
public void reloadKeystoreAndTruststore()
-
destroy
public void destroy()
Description copied from class:Protocol
This method is called on aJChannel.close()
. Does some cleanup; after the call, the VM will terminate
-
up
public java.lang.Object up(Event evt)
Description copied from class:Protocol
An event was received from the protocol below. Usually the current protocol will want to examine the event type and - depending on its type - perform some computation (e.g. removing headers from a MSG event type, or updating the internal membership list when receiving a VIEW_CHANGE event). Finally, the event is either a) discarded, or b) an event is sent down the stack usingdown_prot.down()
or c) the event (or another event) is sent up the stack usingup_prot.up()
.
-
fetchSecretKeyFrom
public void fetchSecretKeyFrom(Address target) throws java.lang.Exception
Description copied from class:KeyExchange
Needs to fetch the secret key from a given destination (usually the key server). When received, the secret key (and version) needs to be installed in a protocol above usingKeyExchange.setSecretKeyAbove(Tuple)
.- Specified by:
fetchSecretKeyFrom
in classKeyExchange
- Parameters:
target
- The member from which to fetch the secret key- Throws:
java.lang.Exception
-
accept
protected void accept()
-
handleView
protected void handleView(View view)
- Overrides:
handleView
in classKeyExchange
-
becomeKeyserver
protected void becomeKeyserver() throws java.lang.Exception
- Throws:
java.lang.Exception
-
stopKeyserver
protected void stopKeyserver()
-
createServerSocket
protected javax.net.ssl.SSLServerSocket createServerSocket() throws java.lang.Exception
- Throws:
java.lang.Exception
-
createSocketTo
protected javax.net.ssl.SSLSocket createSocketTo(Address target) throws java.lang.Exception
- Throws:
java.lang.Exception
-
createSocketTo
protected javax.net.ssl.SSLSocket createSocketTo(IpAddress dest, javax.net.ssl.SSLSocketFactory sslSocketFactory)
-
-