Package org.jgroups.protocols

Class SSL_KEY_EXCHANGE

  • All Implemented Interfaces:
    Lifecycle
    public class SSL_KEY_EXCHANGE
extends KeyExchange
    Key exchange based on SSL sockets. The key server creates an SSLServerSocket on a given port and members fetch the secret key by creating a SSLSocket to the key server. The key server authenticates the client (and vice versa) and then sends the secret key over this encrypted channel.
    When the key exchange has completed, the secret key requester closes its SSL connection to the key server.
    Note that this implementation should prevent man-in-the-middle attacks.
    Since:
    4.0.5
    Author:
    Bela Ban

    • Field Detail

      • bind_addr

        protected java.net.InetAddress bind_addr

      • port

        protected int port

      • port_range

        protected int port_range

      • keystore_name

        protected java.lang.String keystore_name

      • keystore_type

        protected java.lang.String keystore_type

      • keystore_password

        protected java.lang.String keystore_password

      • truststore_name

        protected java.lang.String truststore_name

      • truststore_type

        protected java.lang.String truststore_type

      • truststore_password

        protected java.lang.String truststore_password

      • reload_threshold

        protected long reload_threshold

      • secret_key_algorithm

        protected java.lang.String secret_key_algorithm

      • require_client_authentication

        protected boolean require_client_authentication

      • ssl_protocol

        protected java.lang.String ssl_protocol

      • ssl_provider

        protected java.lang.String ssl_provider

      • socket_timeout

        protected int socket_timeout

      • session_verifier_class

        protected java.lang.String session_verifier_class

      • session_verifier_arg

        protected java.lang.String session_verifier_arg

      • client_ssl_ctx

        protected javax.net.ssl.SSLContext client_ssl_ctx

      • server_ssl_ctx

        protected javax.net.ssl.SSLContext server_ssl_ctx

      • srv_sock

        protected javax.net.ssl.SSLServerSocket srv_sock

      • srv_sock_handler

        protected Runner srv_sock_handler

      • key_store

        protected java.security.KeyStore key_store

      • trust_store

        protected java.security.KeyStore trust_store

      • view

        protected View view

    • Constructor Detail

      • SSL_KEY_EXCHANGE

        public SSL_KEY_EXCHANGE()

    • Method Detail

      • getBindAddress

        public java.net.InetAddress getBindAddress()

      • setBindAddress

        public SSL_KEY_EXCHANGE setBindAddress​(java.net.InetAddress a)

      • getPort

        public int getPort()

      • getPortRange

        public int getPortRange()

      • getKeystoreName

        public java.lang.String getKeystoreName()

      • setKeystoreName

        public SSL_KEY_EXCHANGE setKeystoreName​(java.lang.String name)

      • getKeystoreType

        public java.lang.String getKeystoreType()

      • setKeystoreType

        public SSL_KEY_EXCHANGE setKeystoreType​(java.lang.String type)

      • getKeystorePassword

        public java.lang.String getKeystorePassword()

      • setKeystorePassword

        public SSL_KEY_EXCHANGE setKeystorePassword​(java.lang.String pwd)

      • getTruststoreName

        public java.lang.String getTruststoreName()

      • setTruststoreName

        public SSL_KEY_EXCHANGE setTruststoreName​(java.lang.String name)

      • getTruststoreType

        public java.lang.String getTruststoreType()

      • setTruststoreType

        public SSL_KEY_EXCHANGE setTruststoreType​(java.lang.String type)

      • getTruststorePassword

        public java.lang.String getTruststorePassword()

      • setTruststorePassword

        public SSL_KEY_EXCHANGE setTruststorePassword​(java.lang.String pwd)

      • getSecretKeyAlgorithm

        public java.lang.String getSecretKeyAlgorithm()

      • setSecretKeyAlgorithm

        public SSL_KEY_EXCHANGE setSecretKeyAlgorithm​(java.lang.String a)

      • getRequireClientAuthentication

        public boolean getRequireClientAuthentication()

      • setRequireClientAuthentication

        public SSL_KEY_EXCHANGE setRequireClientAuthentication​(boolean b)

      • setSslProtocol

        public SSL_KEY_EXCHANGE setSslProtocol​(java.lang.String protocol)

      • getSocketTimeout

        public int getSocketTimeout()

      • getSessionVerifierClass

        public java.lang.String getSessionVerifierClass()

      • setSessionVerifierClass

        public SSL_KEY_EXCHANGE setSessionVerifierClass​(java.lang.String cl)

      • getSessionVerifierArg

        public java.lang.String getSessionVerifierArg()

      • setSessionVerifierArg

        public SSL_KEY_EXCHANGE setSessionVerifierArg​(java.lang.String arg)

      • getKeystore

        public java.security.KeyStore getKeystore()

      • setKeystore

        public SSL_KEY_EXCHANGE setKeystore​(java.security.KeyStore ks)

      • getTruststore

        public java.security.KeyStore getTruststore()

      • setTruststore

        public SSL_KEY_EXCHANGE setTruststore​(java.security.KeyStore ks)

      • getClientSSLContext

        public javax.net.ssl.SSLContext getClientSSLContext()

      • setClientSSLContext

        public SSL_KEY_EXCHANGE setClientSSLContext​(javax.net.ssl.SSLContext client_ssl_ctx)

      • getServerSSLContext

        public javax.net.ssl.SSLContext getServerSSLContext()

      • setServerSSLContext

        public SSL_KEY_EXCHANGE setServerSSLContext​(javax.net.ssl.SSLContext server_ssl_ctx)

      • init

        public void init()
          throws java.lang.Exception
        Description copied from class: Protocol
        Called after a protocol has been created and before the protocol is started. Attributes are already set. Other protocols are not yet connected and events cannot yet be sent.
        Specified by:
        init in interface Lifecycle
        Overrides:
        init in class Protocol
        Throws:
        java.lang.Exception - Thrown if protocol cannot be initialized successfully. This will cause the ProtocolStack to fail, so the the channel constructor will throw an exception

      • start

        public void start()
           throws java.lang.Exception
        Description copied from class: Protocol
        This method is called on a JChannel.connect(String); starts work. Protocols are connected ready to receive events. Will be called from bottom to top.
        Specified by:
        start in interface Lifecycle
        Overrides:
        start in class Protocol
        Throws:
        java.lang.Exception - Thrown if protocol cannot be started successfully. This will cause the ProtocolStack to fail, so JChannel.connect(String) will throw an exception

      • reloadKeystoreAndTruststore

        public void reloadKeystoreAndTruststore()

      • up

        public java.lang.Object up​(Event evt)
        Description copied from class: Protocol
        An event was received from the protocol below. Usually the current protocol will want to examine the event type and - depending on its type - perform some computation (e.g. removing headers from a MSG event type, or updating the internal membership list when receiving a VIEW_CHANGE event). Finally, the event is either a) discarded, or b) an event is sent down the stack using down_prot.down() or c) the event (or another event) is sent up the stack using up_prot.up().
        Overrides:
        up in class Protocol

      • fetchSecretKeyFrom

        public void fetchSecretKeyFrom​(Address target)
                        throws java.lang.Exception
        Description copied from class: KeyExchange
        Needs to fetch the secret key from a given destination (usually the key server). When received, the secret key (and version) needs to be installed in a protocol above using KeyExchange.setSecretKeyAbove(Tuple).
        Specified by:
        fetchSecretKeyFrom in class KeyExchange
        Parameters:
        target - The member from which to fetch the secret key
        Throws:
        java.lang.Exception

      • accept

        protected void accept()

      • becomeKeyserver

        protected void becomeKeyserver()
                        throws java.lang.Exception
        Throws:
        java.lang.Exception

      • stopKeyserver

        protected void stopKeyserver()

      • createServerSocket

        protected javax.net.ssl.SSLServerSocket createServerSocket()
                                                    throws java.lang.Exception
        Throws:
        java.lang.Exception

      • createSocketTo

        protected javax.net.ssl.SSLSocket createSocketTo​(Address target)
                                          throws java.lang.Exception
        Throws:
        java.lang.Exception

      • createSocketTo

        protected javax.net.ssl.SSLSocket createSocketTo​(IpAddress dest,
                                                 javax.net.ssl.SSLSocketFactory sslSocketFactory)