Skip navigation links

com.tangosol.net.security
Class AsymmetricEncryptionFilter

java.lang.Object
com.tangosol.util.Base
com.tangosol.net.security.AbstractEncryptionFilter
com.tangosol.net.security.AsymmetricEncryptionFilter

All Implemented Interfaces:

WrapperStreamFactory, XmlConfigurable

Deprecated. As of Coherence 3.7, deprecated replaced by SSL.

@Deprecated
public class AsymmetricEncryptionFilter

extends AbstractEncryptionFilter

Asymmetric encryption filter implementation.

This filter will sign messages (encrypt with the originators private key) so that it may be validated as both trusted and authentic by the recipient(s).

The filter is configured with a Java KeyStore from which it will retrieve its local certificate and private key.

Each inbound message will have its sender's certificate validated via a call to the validate(Certificate) method. The default implementation simply validates that the certificate exists within the configured KeyStore, and in the case of X509 certificates that it has not expired.

As this is a fairly expensive filter as is not intended for use on services with high traffic loads. Additionally as it only signs the data it is not intended for transporting secret data. It is generally used only to protect the ClusterService (hence cluster membership) via the ClusterEncryptionFilter.

In order to use this filter you must have have configured your JVM with a suitable JCA public key cryptography provider such as the one provided by Bouncy Castle. See the JCA documentation for details on installing and configuring JCA providers.

This class may be extended in order to provide custom validation logic. A custom version only needs to provide alternate implementations of the setConfig() and validate() methods. See the documentation on these methods for customization details.

Author:

mf 2006.08.01

See Also:

setConfig(com.tangosol.run.xml.XmlElement), validate(java.security.cert.Certificate), ClusterEncryptionFilter

Nested Class Summary

class	AsymmetricEncryptionFilter.IdentityInputStream Deprecated. Stream which reads an unencrypted identity header followed by an encrypted payload.
class	AsymmetricEncryptionFilter.IdentityOutputStream Deprecated. Stream which writes an unencrypted identity header followed by an encrypted payload.

Field Summary

static java.lang.String	DEFAULT_TRANSFORMATION Deprecated. Default transformation
protected int	m_cbBlockDec Deprecated. The block size used by the cipher for decrypting.
protected int	m_cbBlockEnc Deprecated. The block size used by the cipher for encrypting.
protected java.security.cert.Certificate	m_certificateLocal Deprecated. The local Certificate
protected java.security.Key	m_keyPrivate Deprecated. The local PrivateKey
protected java.security.KeyStore	m_keystore Deprecated. The KeyStore
protected java.util.Map	m_mapMemberCertificate Deprecated. Map of Member to their certificates

Fields inherited from class com.tangosol.net.security.AbstractEncryptionFilter

DEFAULT_KEYSTORE_PATH, DEFAULT_KEYSTORE_TYPE, m_specCipherParams, m_sTransformation, m_tlsCipher

Constructor Summary

AsymmetricEncryptionFilter()
Deprecated. Default constructor

Method Summary

byte[]	decryptPrivate(byte[] abEnc) Deprecated. Decrypt the supplied data with the local private key.
byte[]	encryptPrivate(byte[] abData, Member member) Deprecated. Encrypt the supplied data for privacy using the supplied Member's public key.
protected java.security.cert.Certificate	getCertificate(Member member) Deprecated. Return the Certificate assocaited with the specified Member.
protected java.security.cert.Certificate	getCertificateLocal() Deprecated. Return the filter's certificate.
protected int	getDecryptionBlockSize() Deprecated. Return the filter's decryption block size.
protected int	getEncryptionBlockSize() Deprecated. Return the filter's encryption block size.
java.io.InputStream	getInputStream(java.io.InputStream stream) Deprecated. Requests an InputStream that wraps the passed InputStream.
protected java.security.KeyStore	getKeyStore() Deprecated. Return the filter's KeyStore.
java.io.OutputStream	getOutputStream(java.io.OutputStream stream) Deprecated. Requests an OutputStream that wraps the passed OutputStream.
protected java.security.Key	getPrivateKey() Deprecated. Return the filter's private encryption key.
protected void	setCertificate(Member member, java.security.cert.Certificate cert) Deprecated. Specify the Certificate assocaited with a Member.
protected void	setCertificateLocal(java.security.cert.Certificate cert) Deprecated. Specify the filter's certificate.
void	setConfig(XmlElement xml) Deprecated. Configures the Encryption filter for asymmetric encryption using a private key and Certificate from a KeyStore.
protected void	setDecryptionBlockSize(int cb) Deprecated. Specify the filter's decryption block size.
protected void	setEncryptionBlockSize(int cb) Deprecated. Specify the filter's encryption block size.
protected void	setKeyStore(java.security.KeyStore keystore) Deprecated. Specify the filter's KeyStore.
protected void	setPrivateKey(java.security.Key key) Deprecated. Specify the filter's private encryption key.
protected void	validate(java.security.cert.Certificate cert) Deprecated. Validate the specified Certificate as trusted.

Methods inherited from class com.tangosol.net.security.AbstractEncryptionFilter

ensureSecurityException, ensureSecurityException, getCipher, getCipherParams, getCipherTransformation, getConfig, getKeyStore, makeCipher, setCipherParams, setCipherTransformation

Field Detail

m_keyPrivate

protected java.security.Key m_keyPrivate

Deprecated.

The local PrivateKey

m_certificateLocal

protected java.security.cert.Certificate m_certificateLocal

Deprecated.

The local Certificate

m_keystore

protected java.security.KeyStore m_keystore

Deprecated.

The KeyStore

m_mapMemberCertificate

protected java.util.Map m_mapMemberCertificate

Deprecated.

Map of Member to their certificates

m_cbBlockEnc

protected int m_cbBlockEnc

Deprecated.

The block size used by the cipher for encrypting.

m_cbBlockDec

protected int m_cbBlockDec

Deprecated.

The block size used by the cipher for decrypting.

DEFAULT_TRANSFORMATION

public static final java.lang.String DEFAULT_TRANSFORMATION

Deprecated.

Default transformation

See Also:

Constant Field Values

Constructor Detail

AsymmetricEncryptionFilter

public AsymmetricEncryptionFilter()

Deprecated.

Default constructor

Method Detail

getInputStream

public java.io.InputStream getInputStream(java.io.InputStream stream)

Deprecated.

Description copied from interface: WrapperStreamFactory

Requests an InputStream that wraps the passed InputStream.

Parameters:

stream - the java.io.InputStream to be wrapped

Returns:

an InputStream that delegates to ("wraps") the passed InputStream

getOutputStream

public java.io.OutputStream getOutputStream(java.io.OutputStream stream)

Deprecated.

Description copied from interface: WrapperStreamFactory

Requests an OutputStream that wraps the passed OutputStream.

Parameters:

stream - the java.io.OutputStream to be wrapped

Returns:

an OutputStream that delegates to ("wraps") the passed OutputStream

setConfig

public void setConfig(XmlElement xml)

Deprecated.

Configures the Encryption filter for asymmetric encryption using a private key and Certificate from a KeyStore. Supported configuration parameters include:

<li/> keyAlias - (required) the alias to use in reading the key from the keystore <li/> keyPassword - (required) the password to use in reading the key <li/> storeType - the type of KeyStore, defaults to JKS <li/> store - the path to the KeyStore, defaults to .keystore <li/> storePassword - the password to use to access the store, defaults to keyPassword <li/> transformation - the transformation to use, defaults to RSA/NONE/PKCS1Padding

If customizing this filter to provide alternate Certificate loading and validation logic this method may be overridden to load any necessary custom configuration parameters. The custom implementation is not required to utilize the above configuration parameters, or to call the default implementation of setConfig. Any custom implementation which does not make a call to the default implementation must at least call the following methods:

<li/> setPrivateKey - specifying the local member's private key <li/> setCertificateLocal - specifying the local member's certificate <li/> setCipherTransformation - specifying either a custom encryption transform or DEFAULT_TRANSFORMATION

Parameters:

xml - the XmlElement containing the filter's configuration parameters

See Also:

setPrivateKey(java.security.Key), setCertificateLocal(java.security.cert.Certificate), AbstractEncryptionFilter.setCipherTransformation(java.lang.String), DEFAULT_TRANSFORMATION

getCertificate

protected java.security.cert.Certificate getCertificate(Member member)

Deprecated.

Return the Certificate assocaited with the specified Member.

Parameters:

member - the Member for which to return the certificate

Returns:

the Member's certificate or null if unknown

setCertificate

protected void setCertificate(Member member,
                              java.security.cert.Certificate cert)

Deprecated.

Specify the Certificate assocaited with a Member.

Parameters:

member - the Member for which to return the certificate

validate

protected void validate(java.security.cert.Certificate cert)

Deprecated.

Validate the specified Certificate as trusted.

The default implementation validates that they supplied Certificate exists within the local KeyStore, and in the case of X509 Certs, that it has not expired. Custom implementation of this class may override this method to provide an alternate means of validating the Certificate.

Parameters:

cert - the certificate to validate

Throws:

java.lang.SecurityException - if certificate is invalid or untrusted

encryptPrivate

public byte[] encryptPrivate(byte[] abData,
                             Member member)

Deprecated.

Encrypt the supplied data for privacy using the supplied Member's public key.

Parameters:

abData - the data to be encrypted

member - the Member for which the public key will be used

Returns:

the encrypted data

decryptPrivate

public byte[] decryptPrivate(byte[] abEnc)

Deprecated.

Decrypt the supplied data with the local private key.

Parameters:

abEnc - the encrypted data

Returns:

the decrypted data

setPrivateKey

protected void setPrivateKey(java.security.Key key)

Deprecated.

Specify the filter's private encryption key.

Parameters:

key - the filter's private encryption key

getPrivateKey

protected java.security.Key getPrivateKey()

Deprecated.

Return the filter's private encryption key.

Returns:

the filter's private encryption key

setCertificateLocal

protected void setCertificateLocal(java.security.cert.Certificate cert)

Deprecated.

Specify the filter's certificate.

Parameters:

cert - the filter's certificate

getCertificateLocal

protected java.security.cert.Certificate getCertificateLocal()

Deprecated.

Return the filter's certificate.

Returns:

the filter's certificate

setKeyStore

protected void setKeyStore(java.security.KeyStore keystore)

Deprecated.

Specify the filter's KeyStore.

Parameters:

keystore - the filter's KeyStore

getKeyStore

protected java.security.KeyStore getKeyStore()

Deprecated.

Return the filter's KeyStore.

Returns:

the filter's KeyStore

setDecryptionBlockSize

protected void setDecryptionBlockSize(int cb)

Deprecated.

Specify the filter's decryption block size.

Parameters:

cb - the filter's decryption block size

getDecryptionBlockSize

protected int getDecryptionBlockSize()

Deprecated.

Return the filter's decryption block size.

Returns:

the filter's decryption block size

setEncryptionBlockSize

protected void setEncryptionBlockSize(int cb)

Deprecated.

Specify the filter's encryption block size.

Parameters:

cb - the filter's encryption block size

getEncryptionBlockSize

protected int getEncryptionBlockSize()

Deprecated.

Return the filter's encryption block size.

Returns:

the filter's encryption block size

Skip navigation links