Package org.jgroups.protocols

Class DH_KEY_EXCHANGE

java.lang.Object
org.jgroups.stack.Protocol
org.jgroups.protocols.KeyExchange
org.jgroups.protocols.DH_KEY_EXCHANGE
All Implemented Interfaces:
Lifecycle
public class DH_KEY_EXCHANGE extends KeyExchange
Key exchange based on Diffie-Hellman-Merkle (https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange).

Diffie-Hellman is used between a member and a key server (the coordinator) to obtain a session key (only known to the key server and the joiner) which is used by the key server to encrypt the shared secret symmetric (group) key and by the requester to decrypt the group key it gets in the response of the key server.

Note that this implementation is not immune against man-in-the-middle attacks.

Since:
4.0.5

  • Field Details

    • secret_key_algorithm

      protected String secret_key_algorithm

    • secret_key_length

      protected int secret_key_length

    • timeout

      protected long timeout

    • key_agreement

      protected KeyAgreement key_agreement
      Diffie-Hellman protocol engine

    • dh_key

      protected PublicKey dh_key
      The public key used for the Diffie-Hellman key exchange to obtain the session key (used to encrypt the keyserver's secret key)

    • last_key_request

      protected long last_key_request
      Time (ms) when the last key request was sent, prevents too many requests

    • key_pair_gen

      protected static final KeyPairGenerator key_pair_gen

    • dh_key_factory

      protected static final KeyFactory dh_key_factory

  • Constructor Details

    • DH_KEY_EXCHANGE

      public DH_KEY_EXCHANGE()

  • Method Details

    • init

      public void init() throws Exception
      Description copied from class: Protocol
      Called after a protocol has been created and before the protocol is started. Attributes are already set. Other protocols are not yet connected and events cannot yet be sent.
      Specified by:
      init in interface Lifecycle
      Overrides:
      init in class Protocol
      Throws:
      Exception - Thrown if protocol cannot be initialized successfully. This will cause the ProtocolStack to fail, so the the channel constructor will throw an exception

    • fetchSecretKeyFrom

      public void fetchSecretKeyFrom(Address target) throws NoSuchAlgorithmException, InvalidKeyException
      Description copied from class: KeyExchange
      Needs to fetch the secret key from a given destination (usually the key server). When received, the secret key (and version) needs to be installed in a protocol above using KeyExchange.setSecretKeyAbove(Tuple).
      Specified by:
      fetchSecretKeyFrom in class KeyExchange
      Parameters:
      target - The member from which to fetch the secret key
      Throws:
      NoSuchAlgorithmException
      InvalidKeyException

    • getServerLocation

      public Address getServerLocation()
      Description copied from class: KeyExchange
      Returns the address of the server, e.g. server socket (if any)
      Specified by:
      getServerLocation in class KeyExchange

    • up

      public Object up(Message msg)
      Description copied from class: Protocol
      A single message was received. Protocols may examine the message and do something (e.g. add a header) with it before passing it up.
      Overrides:
      up in class Protocol

    • up

      public void up(MessageBatch batch)
      Description copied from class: Protocol
      Sends up a multiple messages in a MessageBatch. The sender of the batch is always the same, and so is the destination (null == multicast messages). Messages in a batch can be OOB messages, regular messages, or mixed messages, although the transport itself will create initial MessageBatches that contain only either OOB or regular messages.

      The default processing below sends messages up the stack individually, based on a matching criteria (calling Protocol.accept(Message)), and - if true - calls Protocol.up(org.jgroups.Event) for that message and removes the message. If the batch is not empty, it is passed up, or else it is dropped.

      Subclasses should check if there are any messages destined for them (e.g. using MessageBatch.iterator(Predicate)), then possibly remove and process them and finally pass the batch up to the next protocol. Protocols can also modify messages in place, e.g. ENCRYPT could decrypt all encrypted messages in the batch, not remove them, and pass the batch up when done.

      Overrides:
      up in class Protocol
      Parameters:
      batch - The message batch

    • handle

      protected void handle(DH_KEY_EXCHANGE.DhHeader hdr, Address sender)

    • handleSecretKeyRequest

      protected void handleSecretKeyRequest(PublicKey dh_public_key, Address sender) throws Exception
      Throws:
      Exception

    • handleSecretKeyResponse

      protected void handleSecretKeyResponse(PublicKey dh_public_key, byte[] encrypted_secret_key, byte[] version, Address sender) throws Exception
      Throws:
      Exception

    • hash

      protected SecretKey hash(byte[] key) throws Exception
      Throws:
      Exception

    • print16

      protected static String print16(PublicKey pub_key)