Package org.jgroups.protocols

Class DH_KEY_EXCHANGE

  • public class DH_KEY_EXCHANGE
extends KeyExchange
    Key exchange based on Diffie-Hellman-Merkle (https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange).
    Diffie-Hellman is used between a member and a key server (the coordinator) to obtain a session key (only known to the key server and the joiner) which is used by the key server to encrypt the shared secret symmetric (group) key and by the requester to decrypt the group key it gets in the response of the key server.
    Note that this implementation is not immune against man-in-the-middle attacks.
    Since:
    4.0.5
    Author:
    Bela Ban

    • Field Detail

      • secret_key_algorithm

        protected java.lang.String secret_key_algorithm

      • secret_key_length

        protected int secret_key_length

      • timeout

        protected long timeout

      • key_agreement

        protected javax.crypto.KeyAgreement key_agreement
        Diffie-Hellman protocol engine

      • dh_key

        protected java.security.PublicKey dh_key
        The public key used for the Diffie-Hellman key exchange to obtain the session key (used to encrypt the keyserver's secret key)

      • last_key_request

        protected long last_key_request
        Time (ms) when the last key request was sent, prevents too many requests

      • key_pair_gen

        protected static final java.security.KeyPairGenerator key_pair_gen

      • dh_key_factory

        protected static final java.security.KeyFactory dh_key_factory

    • Constructor Detail

      • DH_KEY_EXCHANGE

        public DH_KEY_EXCHANGE()

    • Method Detail

      • init

        public void init()
          throws java.lang.Exception
        Description copied from class: Protocol
        Called after instance has been created (null constructor) and before protocol is started. Properties are already set. Other protocols are not yet connected and events cannot yet be sent.
        Overrides:
        init in class Protocol
        Throws:
        java.lang.Exception - Thrown if protocol cannot be initialized successfully. This will cause the ProtocolStack to fail, so the channel constructor will throw an exception

      • fetchSecretKeyFrom

        public void fetchSecretKeyFrom​(Address target)
                        throws java.security.NoSuchAlgorithmException,
                               java.security.InvalidKeyException
        Description copied from class: KeyExchange
        Needs to fetch the secret key from a given destination (usually the key server). When received, the secret key (and version) needs to be installed in a protocol above using KeyExchange.setSecretKeyAbove(Tuple).
        Specified by:
        fetchSecretKeyFrom in class KeyExchange
        Parameters:
        target - The member from which to fetch the secret key
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.InvalidKeyException

      • up

        public java.lang.Object up​(Message msg)
        Description copied from class: Protocol
        A single message was received. Protocols may examine the message and do something (e.g. add a header) with it before passing it up.
        Overrides:
        up in class Protocol

      • up

        public void up​(MessageBatch batch)
        Description copied from class: Protocol
        Sends up a multiple messages in a MessageBatch. The sender of the batch is always the same, and so is the destination (null == multicast messages). Messages in a batch can be OOB messages, regular messages, or mixed messages, although the transport itself will create initial MessageBatches that contain only either OOB or regular messages.

        The default processing below sends messages up the stack individually, based on a matching criteria (calling Protocol.accept(org.jgroups.Message)), and - if true - calls Protocol.up(org.jgroups.Event) for that message and removes the message. If the batch is not empty, it is passed up, or else it is dropped.

        Subclasses should check if there are any messages destined for them (e.g. using MessageBatch.getMatchingMessages(short,boolean)), then possibly remove and process them and finally pass the batch up to the next protocol. Protocols can also modify messages in place, e.g. ENCRYPT could decrypt all encrypted messages in the batch, not remove them, and pass the batch up when done.

        Overrides:
        up in class Protocol
        Parameters:
        batch - The message batch

      • handleSecretKeyRequest

        protected void handleSecretKeyRequest​(java.security.PublicKey dh_public_key,
                                      Address sender)
                               throws java.lang.Exception
        Throws:
        java.lang.Exception

      • handleSecretKeyResponse

        protected void handleSecretKeyResponse​(java.security.PublicKey dh_public_key,
                                       byte[] encrypted_secret_key,
                                       byte[] version,
                                       Address sender)
                                throws java.lang.Exception
        Throws:
        java.lang.Exception

      • hash

        protected javax.crypto.SecretKey hash​(byte[] key)
                               throws java.lang.Exception
        Throws:
        java.lang.Exception

      • print16

        protected static java.lang.String print16​(java.security.PublicKey pub_key)