Package org.jgroups.protocols

Class SSL_KEY_EXCHANGE

java.lang.Object
org.jgroups.stack.Protocol
org.jgroups.protocols.KeyExchange
org.jgroups.protocols.SSL_KEY_EXCHANGE
All Implemented Interfaces:
Lifecycle
public class SSL_KEY_EXCHANGE extends KeyExchange
Key exchange based on SSL sockets. The key server creates an SSLServerSocket on a given port and members fetch the secret key by creating a SSLSocket to the key server. The key server authenticates the client (and vice versa) and then sends the secret key over this encrypted channel.

When the key exchange has completed, the secret key requester closes its SSL connection to the key server.

Note that this implementation should prevent man-in-the-middle attacks.

Since:
4.0.5

  • Field Details

    • bind_addr

      protected InetAddress bind_addr

    • port

      protected int port

    • port_range

      protected int port_range

    • keystore_name

      protected String keystore_name

    • keystore_type

      protected String keystore_type

    • keystore_password

      protected String keystore_password

    • truststore_name

      protected String truststore_name

    • truststore_type

      protected String truststore_type

    • truststore_password

      protected String truststore_password

    • reload_threshold

      protected long reload_threshold

    • secret_key_algorithm

      protected String secret_key_algorithm

    • require_client_authentication

      protected boolean require_client_authentication

    • ssl_protocol

      protected String ssl_protocol

    • ssl_provider

      protected String ssl_provider

    • socket_timeout

      protected int socket_timeout

    • session_verifier_class

      protected String session_verifier_class

    • session_verifier_arg

      protected String session_verifier_arg

    • client_ssl_ctx

      protected SSLContext client_ssl_ctx

    • server_ssl_ctx

      protected SSLContext server_ssl_ctx

    • client_ssl_ctx_reloader

      protected SSL_KEY_EXCHANGE.SSLContextReloader client_ssl_ctx_reloader

    • server_ssl_ctx_reloader

      protected SSL_KEY_EXCHANGE.SSLContextReloader server_ssl_ctx_reloader

    • srv_sock

      protected SSLServerSocket srv_sock

    • srv_sock_handler

      protected Runner srv_sock_handler

    • key_store

      protected KeyStore key_store

    • trust_store

      protected KeyStore trust_store

    • view

      protected View view

    • session_verifier

      protected SSL_KEY_EXCHANGE.SessionVerifier session_verifier

  • Constructor Details

    • SSL_KEY_EXCHANGE

      public SSL_KEY_EXCHANGE()

  • Method Details

    • getBindAddress

      public InetAddress getBindAddress()

    • setBindAddress

      public SSL_KEY_EXCHANGE setBindAddress(InetAddress a)

    • getPort

      public int getPort()

    • setPort

      public SSL_KEY_EXCHANGE setPort(int p)

    • getPortRange

      public int getPortRange()

    • setPortRange

      public SSL_KEY_EXCHANGE setPortRange(int r)

    • getKeystoreName

      public String getKeystoreName()

    • setKeystoreName

      public SSL_KEY_EXCHANGE setKeystoreName(String name)

    • getKeystoreType

      public String getKeystoreType()

    • setKeystoreType

      public SSL_KEY_EXCHANGE setKeystoreType(String type)

    • getKeystorePassword

      public String getKeystorePassword()

    • setKeystorePassword

      public SSL_KEY_EXCHANGE setKeystorePassword(String pwd)

    • getTruststoreName

      public String getTruststoreName()

    • setTruststoreName

      public SSL_KEY_EXCHANGE setTruststoreName(String name)

    • getTruststoreType

      public String getTruststoreType()

    • setTruststoreType

      public SSL_KEY_EXCHANGE setTruststoreType(String type)

    • getTruststorePassword

      public String getTruststorePassword()

    • setTruststorePassword

      public SSL_KEY_EXCHANGE setTruststorePassword(String pwd)

    • getSecretKeyAlgorithm

      public String getSecretKeyAlgorithm()

    • setSecretKeyAlgorithm

      public SSL_KEY_EXCHANGE setSecretKeyAlgorithm(String a)

    • getRequireClientAuthentication

      public boolean getRequireClientAuthentication()

    • setRequireClientAuthentication

      public SSL_KEY_EXCHANGE setRequireClientAuthentication(boolean b)

    • setSslProtocol

      public SSL_KEY_EXCHANGE setSslProtocol(String protocol)

    • getSocketTimeout

      public int getSocketTimeout()

    • setSocketTimeout

      public SSL_KEY_EXCHANGE setSocketTimeout(int timeout)

    • getSessionVerifierClass

      public String getSessionVerifierClass()

    • setSessionVerifierClass

      public SSL_KEY_EXCHANGE setSessionVerifierClass(String cl)

    • getSessionVerifierArg

      public String getSessionVerifierArg()

    • setSessionVerifierArg

      public SSL_KEY_EXCHANGE setSessionVerifierArg(String arg)

    • getKeystore

      public KeyStore getKeystore()

    • setKeystore

      public SSL_KEY_EXCHANGE setKeystore(KeyStore ks)

    • getTruststore

      public KeyStore getTruststore()

    • setTruststore

      public SSL_KEY_EXCHANGE setTruststore(KeyStore ks)

    • getSessionVerifier

      public SSL_KEY_EXCHANGE.SessionVerifier getSessionVerifier()

    • setSessionVerifier

      public SSL_KEY_EXCHANGE setSessionVerifier(SSL_KEY_EXCHANGE.SessionVerifier s)

    • getClientSSLContext

      public SSLContext getClientSSLContext()

    • setClientSSLContext

      public SSL_KEY_EXCHANGE setClientSSLContext(SSLContext client_ssl_ctx)

    • getServerSSLContext

      public SSLContext getServerSSLContext()

    • setServerSSLContext

      public SSL_KEY_EXCHANGE setServerSSLContext(SSLContext server_ssl_ctx)

    • setReloadThreshold

      public SSL_KEY_EXCHANGE setReloadThreshold(long d)

    • getServerLocation

      public Address getServerLocation()
      Description copied from class: KeyExchange
      Returns the address of the server, e.g. server socket (if any)
      Specified by:
      getServerLocation in class KeyExchange

    • init

      public void init() throws Exception
      Description copied from class: Protocol
      Called after a protocol has been created and before the protocol is started. Attributes are already set. Other protocols are not yet connected and events cannot yet be sent.
      Specified by:
      init in interface Lifecycle
      Overrides:
      init in class Protocol
      Throws:
      Exception - Thrown if protocol cannot be initialized successfully. This will cause the ProtocolStack to fail, so the the channel constructor will throw an exception

    • start

      public void start() throws Exception
      Description copied from class: Protocol
      This method is called on a JChannel.connect(String); starts work. Protocols are connected ready to receive events. Will be called from bottom to top.
      Specified by:
      start in interface Lifecycle
      Overrides:
      start in class Protocol
      Throws:
      Exception - Thrown if protocol cannot be started successfully. This will cause the ProtocolStack to fail, so JChannel.connect(String) will throw an exception

    • stop

      public void stop()
      Description copied from class: Protocol
      Called on a JChannel.disconnect(); stops work (e.g. by closing multicast socket). Will be called from top to bottom.
      Specified by:
      stop in interface Lifecycle
      Overrides:
      stop in class Protocol

    • reloadKeystoreAndTruststore

      public void reloadKeystoreAndTruststore()

    • destroy

      public void destroy()
      Description copied from class: Protocol
      This method is called on a JChannel.close(). Does some cleanup; after the call, the VM will terminate
      Specified by:
      destroy in interface Lifecycle
      Overrides:
      destroy in class Protocol

    • up

      public Object up(Event evt)
      Description copied from class: Protocol
      An event was received from the protocol below. Usually the current protocol will want to examine the event type and - depending on its type - perform some computation (e.g. removing headers from a MSG event type, or updating the internal membership list when receiving a VIEW_CHANGE event). Finally, the event is either a) discarded, or b) an event is sent down the stack using down_prot.down() or c) the event (or another event) is sent up the stack using up_prot.up().
      Overrides:
      up in class Protocol

    • fetchSecretKeyFrom

      public void fetchSecretKeyFrom(Address target) throws Exception
      Description copied from class: KeyExchange
      Needs to fetch the secret key from a given destination (usually the key server). When received, the secret key (and version) needs to be installed in a protocol above using KeyExchange.setSecretKeyAbove(Tuple).
      Specified by:
      fetchSecretKeyFrom in class KeyExchange
      Parameters:
      target - The member from which to fetch the secret key
      Throws:
      Exception

    • accept

      protected void accept()

    • handleView

      protected void handleView(View view)
      Overrides:
      handleView in class KeyExchange

    • becomeKeyserver

      protected void becomeKeyserver() throws Exception
      Throws:
      Exception

    • stopKeyserver

      protected void stopKeyserver()

    • createServerSocket

      protected SSLServerSocket createServerSocket() throws Exception
      Throws:
      Exception

    • createSocketTo

      protected SSLSocket createSocketTo(Address target) throws Exception
      Throws:
      Exception

    • createSocketTo

      protected SSLSocket createSocketTo(IpAddress dest, SSLSocketFactory sslSocketFactory)