Class SYM_ENCRYPT

  • All Implemented Interfaces:
    Lifecycle

    public class SYM_ENCRYPT
    extends Encrypt<java.security.KeyStore.SecretKeyEntry>
    Encrypts and decrypts communication in JGroups by using a secret key shared by all cluster members.

    The secret key is identical for all cluster members and is injected into this protocol at startup, e.g. by reading it from a keystore. Messages are sent by encrypting them with the secret key and received by decrypting them with the secret key. Note that all cluster members must be shipped with the same keystore file

    This protocol is typically placed under NAKACK2, so that most important headers are encrypted as well, to prevent replay attacks.

    A possible configuration looks like this:

    <SYM_ENCRYPT key_store_name="defaultStore.keystore" store_password="changeit" alias="myKey"/>

    In order to use SYM_ENCRYPT layer in this manner, it is necessary to have the secret key already generated in a keystore file. The directory containing the keystore file must be on the application's classpath. You cannot create a secret key keystore file using the keytool application shipped with the JDK. A java file called KeyStoreGenerator is included in the demo package that can be used from the command line (or IDE) to generate a suitable keystore.

    Author:
    Bela Ban, Steve Woodcock
    • Field Detail

      • keystore_name

        protected java.lang.String keystore_name
      • keystore_type

        protected java.lang.String keystore_type
      • store_password

        protected java.lang.String store_password
      • key_password

        protected java.lang.String key_password
      • alias

        protected java.lang.String alias
    • Constructor Detail

      • SYM_ENCRYPT

        public SYM_ENCRYPT()
    • Method Detail

      • keystoreName

        public java.lang.String keystoreName()
      • keystoreName

        public SYM_ENCRYPT keystoreName​(java.lang.String n)
      • alias

        public java.lang.String alias()
      • alias

        public SYM_ENCRYPT alias​(java.lang.String a)
      • storePassword

        public java.lang.String storePassword()
      • storePassword

        public SYM_ENCRYPT storePassword​(java.lang.String pwd)
      • setKeyStoreEntry

        public SYM_ENCRYPT setKeyStoreEntry​(java.security.KeyStore.SecretKeyEntry entry)
        Description copied from class: Encrypt
        Sets the key store entry used to configure this protocol.
        Specified by:
        setKeyStoreEntry in class Encrypt<java.security.KeyStore.SecretKeyEntry>
        Parameters:
        entry - a key store entry
      • setSecretKey

        public SYM_ENCRYPT setSecretKey​(javax.crypto.SecretKey key)
      • init

        public void init()
                  throws java.lang.Exception
        Description copied from class: Protocol
        Called after a protocol has been created and before the protocol is started. Attributes are already set. Other protocols are not yet connected and events cannot yet be sent.
        Specified by:
        init in interface Lifecycle
        Overrides:
        init in class Encrypt<java.security.KeyStore.SecretKeyEntry>
        Throws:
        java.lang.Exception - Thrown if protocol cannot be initialized successfully. This will cause the ProtocolStack to fail, so the the channel constructor will throw an exception
      • readSecretKeyFromKeystore

        protected void readSecretKeyFromKeystore()
                                          throws java.lang.Exception
        Initialisation if a supplied key is defined in the properties. This supplied key must be in a keystore which can be generated using the keystoreGenerator file in demos. The keystore must be on the classpath to find it.
        Throws:
        java.lang.Exception
      • getKeyStoreSource

        protected java.io.InputStream getKeyStoreSource()
                                                 throws java.io.FileNotFoundException
        Throws:
        java.io.FileNotFoundException