|
Oracle® Coherence Java API Reference Release 3.6.0.0 E15725-01 |
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
com.tangosol.util.Base
com.tangosol.net.security.AbstractEncryptionFilter
com.tangosol.net.security.AsymmetricEncryptionFilter
public class AsymmetricEncryptionFilter
Asymmetric encryption filter implementation. <p/> This filter will sign messages (encrypt with the originators private key) so that it may be validated as both trusted and authentic by the recipient(s). <p/> The filter is configured with a Java KeyStore from which it will retrieve its local certificate and private key. <p/> Each inbound message will have its sender's certificate validated via a call to the validate(Certificate) method. The default implementation simply validates that the certificate exists within the configured KeyStore, and in the case of X509 certificates that it has not expired. <p/> As this is a fairly expensive filter as is not intended for use on services with high traffic loads. Additionally as it only signs the data it is not intended for transporting secret data. It is generally used only to protect the ClusterService (hence cluster membership) via the ClusterEncryptionFilter. <p/> In order to use this filter you must have have configured your JVM with a suitable JCA public key cryptography provider such as the one provided by Bouncy Castle. See the JCA documentation for details on installing and configuring JCA providers. <p/> This class may be extended in order to provide custom validation logic. A custom version only needs to provide alternate implementations of the setConfig() and validate() methods. See the documentation on these methods for customization details.
setConfig(com.tangosol.run.xml.XmlElement)
, validate(java.security.cert.Certificate)
, ClusterEncryptionFilter
Nested Class Summary | |
---|---|
class |
AsymmetricEncryptionFilter.IdentityInputStream Stream which reads an unencrypted identity header followed by an encrypted payload. |
class |
AsymmetricEncryptionFilter.IdentityOutputStream Stream which writes an unencrypted identity header followed by an encrypted payload. |
Field Summary | |
---|---|
static String |
DEFAULT_TRANSFORMATION Default transformation |
protected int |
m_cbBlockDec The block size used by the cipher for decrypting. |
protected int |
m_cbBlockEnc The block size used by the cipher for encrypting. |
protected Certificate |
m_certificateLocal The local Certificate |
protected Key |
m_keyPrivate The local PrivateKey |
protected KeyStore |
m_keystore The KeyStore |
protected Map |
m_mapMemberCertificate Map of Member to their certificates |
Fields inherited from class com.tangosol.net.security.AbstractEncryptionFilter |
---|
DEFAULT_KEYSTORE_PATH, DEFAULT_KEYSTORE_TYPE, m_specCipherParams, m_sTransformation, m_tlsCipher |
Constructor Summary | |
---|---|
AsymmetricEncryptionFilter() Default constructor |
Method Summary | |
---|---|
byte[] |
decryptPrivate(byte[] abEnc) Decrypt the supplied data with the local private key. |
byte[] |
encryptPrivate(byte[] abData, Member member) Encrypt the supplied data for privacy using the supplied Member's public key. |
protected Certificate |
getCertificate(Member member) Return the Certificate assocaited with the specified Member. |
protected Certificate |
getCertificateLocal() Return the filter's certificate. |
protected int |
getDecryptionBlockSize() Return the filter's decryption block size. |
protected int |
getEncryptionBlockSize() Return the filter's encryption block size. |
InputStream |
getInputStream(InputStream stream) Requests an InputStream that wraps the passed InputStream. |
protected KeyStore |
getKeyStore() Return the filter's KeyStore. |
OutputStream |
getOutputStream(OutputStream stream) Requests an OutputStream that wraps the passed OutputStream. |
protected Key |
getPrivateKey() Return the filter's private encryption key. |
protected void |
setCertificate(Member member, Certificate cert) Specify the Certificate assocaited with a Member. |
protected void |
setCertificateLocal(Certificate cert) Specify the filter's certificate. |
void |
setConfig(XmlElement xml) Configures the Encryption filter for asymmetric encryption using a private key and Certificate from a KeyStore. |
protected void |
setDecryptionBlockSize(int cb) Specify the filter's decryption block size. |
protected void |
setEncryptionBlockSize(int cb) Specify the filter's encryption block size. |
protected void |
setKeyStore(KeyStore keystore) Specify the filter's KeyStore. |
protected void |
setPrivateKey(Key key) Specify the filter's private encryption key. |
protected void |
validate(Certificate cert) Validate the specified Certificate as trusted. |
Methods inherited from class com.tangosol.net.security.AbstractEncryptionFilter |
---|
ensureSecurityException, ensureSecurityException, getCipher, getCipherParams, getCipherTransformation, getConfig, getKeyStore, makeCipher, setCipherParams, setCipherTransformation |
Field Detail |
---|
protected Key m_keyPrivate
protected Certificate m_certificateLocal
protected KeyStore m_keystore
protected Map m_mapMemberCertificate
protected int m_cbBlockEnc
protected int m_cbBlockDec
public static final String DEFAULT_TRANSFORMATION
Constructor Detail |
---|
public AsymmetricEncryptionFilter()
Method Detail |
---|
public InputStream getInputStream(InputStream stream)
WrapperStreamFactory
stream
- the java.io.InputStream to be wrappedpublic OutputStream getOutputStream(OutputStream stream)
WrapperStreamFactory
stream
- the java.io.OutputStream to be wrappedpublic void setConfig(XmlElement xml)
xml
- the XmlElement containing the filter's configuration parameterssetPrivateKey(java.security.Key)
, setCertificateLocal(java.security.cert.Certificate)
, AbstractEncryptionFilter.setCipherTransformation(java.lang.String)
, DEFAULT_TRANSFORMATION
protected Certificate getCertificate(Member member)
member
- the Member for which to return the certificateprotected void setCertificate(Member member, Certificate cert)
member
- the Member for which to return the certificateprotected void validate(Certificate cert)
cert
- the certificate to validateSecurityException
- if certificate is invalid or untrustedpublic byte[] encryptPrivate(byte[] abData, Member member)
abData
- the data to be encryptedmember
- the Member for which the public key will be usedpublic byte[] decryptPrivate(byte[] abEnc)
abEnc
- the encrypted dataprotected void setPrivateKey(Key key)
key
- the filter's private encryption keyprotected Key getPrivateKey()
protected void setCertificateLocal(Certificate cert)
cert
- the filter's certificateprotected Certificate getCertificateLocal()
protected void setKeyStore(KeyStore keystore)
keystore
- the filter's KeyStoreprotected KeyStore getKeyStore()
protected void setDecryptionBlockSize(int cb)
cb
- the filter's decryption block sizeprotected int getDecryptionBlockSize()
protected void setEncryptionBlockSize(int cb)
cb
- the filter's encryption block sizeprotected int getEncryptionBlockSize()
|
Oracle® Coherence Java API Reference Release 3.6.0.0 E15725-01 |
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |