AsymmetricEncryptionFilter (Oracle\u00AE Coherence Java API Reference)

Overview

Package

Class

Tree

Index

Help

Oracle® Coherence Java API Reference
Release 3.6.0.0
E15725-01

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.tangosol.net.security
Class AsymmetricEncryptionFilter

java.lang.Object com.tangosol.util.Base com.tangosol.net.security.AbstractEncryptionFilter com.tangosol.net.security.AsymmetricEncryptionFilter

All Implemented Interfaces:: WrapperStreamFactory, XmlConfigurable

public class AsymmetricEncryptionFilter

extends AbstractEncryptionFilter

Asymmetric encryption filter implementation. This filter will sign messages (encrypt with the originators private key) so that it may be validated as both trusted and authentic by the recipient(s). The filter is configured with a Java KeyStore from which it will retrieve its local certificate and private key. Each inbound message will have its sender's certificate validated via a call to the validate(Certificate) method. The default implementation simply validates that the certificate exists within the configured KeyStore, and in the case of X509 certificates that it has not expired. As this is a fairly expensive filter as is not intended for use on services with high traffic loads. Additionally as it only signs the data it is not intended for transporting secret data. It is generally used only to protect the ClusterService (hence cluster membership) via the ClusterEncryptionFilter. In order to use this filter you must have have configured your JVM with a suitable JCA public key cryptography provider such as the one provided by Bouncy Castle. See the JCA documentation for details on installing and configuring JCA providers. This class may be extended in order to provide custom validation logic. A custom version only needs to provide alternate implementations of the setConfig() and validate() methods. See the documentation on these methods for customization details.

Author:: mf 2006.08.01
See Also:: setConfig(com.tangosol.run.xml.XmlElement), validate(java.security.cert.Certificate), ClusterEncryptionFilter

Nested Class Summary
`class`	`AsymmetricEncryptionFilter.IdentityInputStream` Stream which reads an unencrypted identity header followed by an encrypted payload.
`class`	`AsymmetricEncryptionFilter.IdentityOutputStream` Stream which writes an unencrypted identity header followed by an encrypted payload.

Field Summary
`static String`	`DEFAULT_TRANSFORMATION` Default transformation
`protected int`	`m_cbBlockDec` The block size used by the cipher for decrypting.
`protected int`	`m_cbBlockEnc` The block size used by the cipher for encrypting.
`protected Certificate`	`m_certificateLocal` The local Certificate
`protected Key`	`m_keyPrivate` The local PrivateKey
`protected KeyStore`	`m_keystore` The KeyStore
`protected Map`	`m_mapMemberCertificate` Map of Member to their certificates

Fields inherited from class com.tangosol.net.security.AbstractEncryptionFilter
`DEFAULT_KEYSTORE_PATH, DEFAULT_KEYSTORE_TYPE, m_specCipherParams, m_sTransformation, m_tlsCipher`

Constructor Summary
`AsymmetricEncryptionFilter()` Default constructor

Method Summary
`byte[]`	`decryptPrivate(byte[] abEnc)` Decrypt the supplied data with the local private key.
`byte[]`	`encryptPrivate(byte[] abData, Member member)` Encrypt the supplied data for privacy using the supplied Member's public key.
`protected Certificate`	`getCertificate(Member member)` Return the Certificate assocaited with the specified Member.
`protected Certificate`	`getCertificateLocal()` Return the filter's certificate.
`protected int`	`getDecryptionBlockSize()` Return the filter's decryption block size.
`protected int`	`getEncryptionBlockSize()` Return the filter's encryption block size.
`InputStream`	`getInputStream(InputStream stream)` Requests an InputStream that wraps the passed InputStream.
`protected KeyStore`	`getKeyStore()` Return the filter's KeyStore.
`OutputStream`	`getOutputStream(OutputStream stream)` Requests an OutputStream that wraps the passed OutputStream.
`protected Key`	`getPrivateKey()` Return the filter's private encryption key.
`protected void`	`setCertificate(Member member, Certificate cert)` Specify the Certificate assocaited with a Member.
`protected void`	`setCertificateLocal(Certificate cert)` Specify the filter's certificate.
`void`	`setConfig(XmlElement xml)` Configures the Encryption filter for asymmetric encryption using a private key and Certificate from a KeyStore.
`protected void`	`setDecryptionBlockSize(int cb)` Specify the filter's decryption block size.
`protected void`	`setEncryptionBlockSize(int cb)` Specify the filter's encryption block size.
`protected void`	`setKeyStore(KeyStore keystore)` Specify the filter's KeyStore.
`protected void`	`setPrivateKey(Key key)` Specify the filter's private encryption key.
`protected void`	`validate(Certificate cert)` Validate the specified Certificate as trusted.

Methods inherited from class com.tangosol.net.security.AbstractEncryptionFilter
`ensureSecurityException, ensureSecurityException, getCipher, getCipherParams, getCipherTransformation, getConfig, getKeyStore, makeCipher, setCipherParams, setCipherTransformation`

Field Detail

m_keyPrivate

protected Key m_keyPrivate

The local PrivateKey

m_certificateLocal

protected Certificate m_certificateLocal

The local Certificate

m_keystore

protected KeyStore m_keystore

The KeyStore

m_mapMemberCertificate

protected Map m_mapMemberCertificate

Map of Member to their certificates

m_cbBlockEnc

protected int m_cbBlockEnc

The block size used by the cipher for encrypting.

m_cbBlockDec

protected int m_cbBlockDec

The block size used by the cipher for decrypting.

DEFAULT_TRANSFORMATION

public static final String DEFAULT_TRANSFORMATION

Default transformation

See Also:: Constant Field Values

Constructor Detail

AsymmetricEncryptionFilter

public AsymmetricEncryptionFilter()

Default constructor

Method Detail

getInputStream

public InputStream getInputStream(InputStream stream)

Description copied from interface: WrapperStreamFactory

Requests an InputStream that wraps the passed InputStream.

Parameters:: stream - the java.io.InputStream to be wrapped
Returns:: an InputStream that delegates to ("wraps") the passed InputStream

getOutputStream

public OutputStream getOutputStream(OutputStream stream)

Description copied from interface: WrapperStreamFactory

Requests an OutputStream that wraps the passed OutputStream.

Parameters:: stream - the java.io.OutputStream to be wrapped
Returns:: an OutputStream that delegates to ("wraps") the passed OutputStream

setConfig

public void setConfig(XmlElement xml)

Configures the Encryption filter for asymmetric encryption using a private key and Certificate from a KeyStore. Supported configuration parameters include:

<li/> keyAlias - (required) the alias to use in reading the key from the keystore <li/> keyPassword - (required) the password to use in reading the key <li/> storeType - the type of KeyStore, defaults to JKS <li/> store - the path to the KeyStore, defaults to .keystore <li/> storePassword - the password to use to access the store, defaults to keyPassword <li/> transformation - the transformation to use, defaults to RSA/NONE/PKCS1Padding

If customizing this filter to provide alternate Certificate loading and validation logic this method may be overridden to load any necessary custom configuration parameters. The custom implementation is not required to utilize the above configuration parameters, or to call the default implementation of setConfig. Any custom implementation which does not make a call to the default implementation must at least call the following methods:

<li/> setPrivateKey - specifying the local member's private key <li/> setCertificateLocal - specifying the local member's certificate <li/> setCipherTransformation - specifying either a custom encryption transform or DEFAULT_TRANSFORMATION

Parameters:: xml - the XmlElement containing the filter's configuration parameters
See Also:: setPrivateKey(java.security.Key), setCertificateLocal(java.security.cert.Certificate), AbstractEncryptionFilter.setCipherTransformation(java.lang.String), DEFAULT_TRANSFORMATION

getCertificate

protected Certificate getCertificate(Member member)

Return the Certificate assocaited with the specified Member.

Parameters:: member - the Member for which to return the certificate
Returns:: the Member's certificate or null if unknown

setCertificate

protected void setCertificate(Member member,
                              Certificate cert)

Specify the Certificate assocaited with a Member.

Parameters:: member - the Member for which to return the certificate

validate

protected void validate(Certificate cert)

Validate the specified Certificate as trusted. The default implementation validates that they supplied Certificate exists within the local KeyStore, and in the case of X509 Certs, that it has not expired. Custom implementation of this class may override this method to provide an alternate means of validating the Certificate.

Parameters:: cert - the certificate to validate
Throws:: SecurityException - if certificate is invalid or untrusted

encryptPrivate

public byte[] encryptPrivate(byte[] abData,
                             Member member)

Encrypt the supplied data for privacy using the supplied Member's public key.

Parameters:: abData - the data to be encrypted; member - the Member for which the public key will be used
Returns:: the encrypted data

decryptPrivate

public byte[] decryptPrivate(byte[] abEnc)

Decrypt the supplied data with the local private key.

Parameters:: abEnc - the encrypted data
Returns:: the decrypted data

setPrivateKey

protected void setPrivateKey(Key key)

Specify the filter's private encryption key.

Parameters:: key - the filter's private encryption key

getPrivateKey

protected Key getPrivateKey()

Return the filter's private encryption key.

Returns:: the filter's private encryption key

setCertificateLocal

protected void setCertificateLocal(Certificate cert)

Specify the filter's certificate.

Parameters:: cert - the filter's certificate

getCertificateLocal

protected Certificate getCertificateLocal()

Return the filter's certificate.

Returns:: the filter's certificate

setKeyStore

protected void setKeyStore(KeyStore keystore)

Specify the filter's KeyStore.

Parameters:: keystore - the filter's KeyStore

getKeyStore

protected KeyStore getKeyStore()

Return the filter's KeyStore.

Returns:: the filter's KeyStore

setDecryptionBlockSize

protected void setDecryptionBlockSize(int cb)

Specify the filter's decryption block size.

Parameters:: cb - the filter's decryption block size

getDecryptionBlockSize

protected int getDecryptionBlockSize()

Return the filter's decryption block size.

Returns:: the filter's decryption block size

setEncryptionBlockSize

protected void setEncryptionBlockSize(int cb)

Specify the filter's encryption block size.

Parameters:: cb - the filter's encryption block size

getEncryptionBlockSize

protected int getEncryptionBlockSize()

Return the filter's encryption block size.

Returns:: the filter's encryption block size