Package org.jgroups.protocols

Class SYM_ENCRYPT

java.lang.Object
org.jgroups.stack.Protocol
org.jgroups.protocols.Encrypt<KeyStore.SecretKeyEntry>
org.jgroups.protocols.SYM_ENCRYPT
All Implemented Interfaces:
Lifecycle
public class SYM_ENCRYPT extends Encrypt<KeyStore.SecretKeyEntry>
Encrypts and decrypts communication in JGroups by using a secret key shared by all cluster members.

The secret key is identical for all cluster members and is injected into this protocol at startup, e.g. by reading it from a keystore. Messages are sent by encrypting them with the secret key and received by decrypting them with the secret key. Note that all cluster members must be shipped with the same keystore file

This protocol is typically placed under NAKACK2, so that most important headers are encrypted as well, to prevent replay attacks.

A possible configuration looks like this:

<SYM_ENCRYPT key_store_name="defaultStore.keystore" store_password="changeit" alias="myKey"/>

In order to use SYM_ENCRYPT layer in this manner, it is necessary to have the secret key already generated in a keystore file. The directory containing the keystore file must be on the application's classpath. You cannot create a secret key keystore file using the keytool application shipped with the JDK. A java file called KeyStoreGenerator is included in the demo package that can be used from the command line (or IDE) to generate a suitable keystore.

  • Field Details

    • keystore_name

      protected String keystore_name

    • keystore_type

      protected String keystore_type

    • store_password

      protected String store_password

    • key_password

      protected String key_password

    • alias

      protected String alias

  • Constructor Details

    • SYM_ENCRYPT

      public SYM_ENCRYPT()

  • Method Details

    • keystoreName

      public String keystoreName()

    • keystoreName

      public SYM_ENCRYPT keystoreName(String n)

    • alias

      public String alias()

    • alias

      public SYM_ENCRYPT alias(String a)

    • storePassword

      public String storePassword()

    • storePassword

      public SYM_ENCRYPT storePassword(String pwd)

    • setKeyStoreEntry

      public SYM_ENCRYPT setKeyStoreEntry(KeyStore.SecretKeyEntry entry)
      Description copied from class: Encrypt
      Sets the key store entry used to configure this protocol.
      Specified by:
      setKeyStoreEntry in class Encrypt<KeyStore.SecretKeyEntry>
      Parameters:
      entry - a key store entry

    • setSecretKey

      public SYM_ENCRYPT setSecretKey(SecretKey key)

    • init

      public void init() throws Exception
      Description copied from class: Protocol
      Called after a protocol has been created and before the protocol is started. Attributes are already set. Other protocols are not yet connected and events cannot yet be sent.
      Specified by:
      init in interface Lifecycle
      Overrides:
      init in class Encrypt<KeyStore.SecretKeyEntry>
      Throws:
      Exception - Thrown if protocol cannot be initialized successfully. This will cause the ProtocolStack to fail, so the the channel constructor will throw an exception

    • readSecretKeyFromKeystore

      protected void readSecretKeyFromKeystore() throws Exception
      Initialisation if a supplied key is defined in the properties. This supplied key must be in a keystore which can be generated using the keystoreGenerator file in demos. The keystore must be on the classpath to find it.
      Throws:
      Exception

    • getKeyStoreSource

      protected InputStream getKeyStoreSource() throws FileNotFoundException
      Throws:
      FileNotFoundException