Package org.jgroups.auth
Class X509Token
java.lang.Object
org.jgroups.auth.AuthToken
org.jgroups.auth.X509Token
- All Implemented Interfaces:
Streamable
This is an example of using a preshared token that is encrypted using an X509 certificate for
authentication purposes. All members of the group have to have the same string value in the
JGroups config.
This example uses certificates contained within a specified keystore. Configuration parameters for this example are shown below:
- keystore_type = JKS(default)/PKCS12 - see http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#AppA
- keystore_path (required) = the location of the keystore
- keystore_password (required) = the password of the keystore
- cert_alias (required) = the alias of the certification within the keystore
- cert_password = the password of the certification within the keystore
- auth_value (required) = the string to encrypt
- cipher_type = RSA(default)/AES/Blowfish/DES/DESede/PBEWithMD5AndDES/PBEWithHmacSHA1AndDESede/RC2/RC4/RC5 - see http://java.sun.com/j2se/1.4.2/docs/guide/security/jce/JCERefGuide.html#AppA
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected Stringprotected Stringprivate char[]private X509Certificateprivate PrivateKeyprivate Cipherprotected Stringprivate byte[]private char[]protected Stringprotected Stringprivate boolean -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleanauthenticate(AuthToken token, Message msg) This method should be implemented to perform the actual authentication of joining members.encryptedToken(byte[] buf) To be used for testing onlygetName()Used to return the full package and class name of the implementation.voidRead the state of the current object (including superclasses) from instream Note that the input stream must not be closedvoidUsed during setup to get the certification from the keystore and encrypt the auth_value with the private keyvoidsetCertPassword(String pwd) voidintsize()The size of the marshalled AuthTokenvoidwriteTo(DataOutput out) Write the entire state of the current object (including superclasses) to outstream.
-
Field Details
-
valueSet
private boolean valueSet -
keystore_type
-
cert_alias
-
keystore_path
-
auth_value
-
cipher_type
-
encryptedToken
private byte[] encryptedToken -
cert_password
private char[] cert_password -
keystore_password
private char[] keystore_password -
cipher
-
certPrivateKey
-
certificate
-
-
Constructor Details
-
X509Token
public X509Token()
-
-
Method Details
-
setCertPassword
-
setKeyStorePassword
-
encryptedToken
To be used for testing only -
getName
Description copied from class:AuthTokenUsed to return the full package and class name of the implementation. This is used by the AUTH protocol to create an instance of the implementation. -
authenticate
Description copied from class:AuthTokenThis method should be implemented to perform the actual authentication of joining members.- Specified by:
authenticatein classAuthToken- Parameters:
token- the token sent by the joinermsg- the Message object containing the actual JOIN_REQ- Returns:
- true if authenticaion passed or false if it failed.
-
writeTo
Description copied from interface:StreamableWrite the entire state of the current object (including superclasses) to outstream. Note that the output stream must not be closed- Throws:
IOException
-
readFrom
Description copied from interface:StreamableRead the state of the current object (including superclasses) from instream Note that the input stream must not be closed- Throws:
IOException
-
size
public int size()Description copied from class:AuthTokenThe size of the marshalled AuthToken -
setCertificate
public void setCertificate() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnrecoverableEntryExceptionUsed during setup to get the certification from the keystore and encrypt the auth_value with the private key
-