|
Oracle® Coherence Java API Reference Release 3.7.1.0 E22843-01 |
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
com.tangosol.util.Base
com.tangosol.net.security.AbstractEncryptionFilter
com.tangosol.net.security.AsymmetricEncryptionFilter
Deprecated. As of Coherence 3.7, deprecated replaced by SSL.
@Deprecated
public class AsymmetricEncryptionFilter
Asymmetric encryption filter implementation.
This filter will sign messages (encrypt with the originators private key) so that it may be validated as both trusted and authentic by the recipient(s).
The filter is configured with a Java KeyStore from which it will retrieve its local certificate and private key.
Each inbound message will have its sender's certificate validated via a call to the validate(Certificate) method. The default implementation simply validates that the certificate exists within the configured KeyStore, and in the case of X509 certificates that it has not expired.
As this is a fairly expensive filter as is not intended for use on services with high traffic loads. Additionally as it only signs the data it is not intended for transporting secret data. It is generally used only to protect the ClusterService (hence cluster membership) via the ClusterEncryptionFilter.
In order to use this filter you must have have configured your JVM with a suitable JCA public key cryptography provider such as the one provided by Bouncy Castle. See the JCA documentation for details on installing and configuring JCA providers.
This class may be extended in order to provide custom validation logic. A custom version only needs to provide alternate implementations of the setConfig() and validate() methods. See the documentation on these methods for customization details.
setConfig(com.tangosol.run.xml.XmlElement)
, validate(java.security.cert.Certificate)
, ClusterEncryptionFilter
Nested Class Summary | |
---|---|
class |
AsymmetricEncryptionFilter.IdentityInputStream Deprecated. Stream which reads an unencrypted identity header followed by an encrypted payload. |
class |
AsymmetricEncryptionFilter.IdentityOutputStream Deprecated. Stream which writes an unencrypted identity header followed by an encrypted payload. |
Field Summary | |
---|---|
static java.lang.String |
DEFAULT_TRANSFORMATION Deprecated. Default transformation |
protected int |
m_cbBlockDec Deprecated. The block size used by the cipher for decrypting. |
protected int |
m_cbBlockEnc Deprecated. The block size used by the cipher for encrypting. |
protected java.security.cert.Certificate |
m_certificateLocal Deprecated. The local Certificate |
protected java.security.Key |
m_keyPrivate Deprecated. The local PrivateKey |
protected java.security.KeyStore |
m_keystore Deprecated. The KeyStore |
protected java.util.Map |
m_mapMemberCertificate Deprecated. Map of Member to their certificates |
Fields inherited from class com.tangosol.net.security.AbstractEncryptionFilter |
---|
DEFAULT_KEYSTORE_PATH, DEFAULT_KEYSTORE_TYPE, m_specCipherParams, m_sTransformation, m_tlsCipher |
Constructor Summary | |
---|---|
AsymmetricEncryptionFilter() Deprecated. Default constructor |
Method Summary | |
---|---|
byte[] |
decryptPrivate(byte[] abEnc) Deprecated. Decrypt the supplied data with the local private key. |
byte[] |
encryptPrivate(byte[] abData, Member member) Deprecated. Encrypt the supplied data for privacy using the supplied Member's public key. |
protected java.security.cert.Certificate |
getCertificate(Member member) Deprecated. Return the Certificate assocaited with the specified Member. |
protected java.security.cert.Certificate |
getCertificateLocal() Deprecated. Return the filter's certificate. |
protected int |
getDecryptionBlockSize() Deprecated. Return the filter's decryption block size. |
protected int |
getEncryptionBlockSize() Deprecated. Return the filter's encryption block size. |
java.io.InputStream |
getInputStream(java.io.InputStream stream) Deprecated. Requests an InputStream that wraps the passed InputStream. |
protected java.security.KeyStore |
getKeyStore() Deprecated. Return the filter's KeyStore. |
java.io.OutputStream |
getOutputStream(java.io.OutputStream stream) Deprecated. Requests an OutputStream that wraps the passed OutputStream. |
protected java.security.Key |
getPrivateKey() Deprecated. Return the filter's private encryption key. |
protected void |
setCertificate(Member member, java.security.cert.Certificate cert) Deprecated. Specify the Certificate assocaited with a Member. |
protected void |
setCertificateLocal(java.security.cert.Certificate cert) Deprecated. Specify the filter's certificate. |
void |
setConfig(XmlElement xml) Deprecated. Configures the Encryption filter for asymmetric encryption using a private key and Certificate from a KeyStore. |
protected void |
setDecryptionBlockSize(int cb) Deprecated. Specify the filter's decryption block size. |
protected void |
setEncryptionBlockSize(int cb) Deprecated. Specify the filter's encryption block size. |
protected void |
setKeyStore(java.security.KeyStore keystore) Deprecated. Specify the filter's KeyStore. |
protected void |
setPrivateKey(java.security.Key key) Deprecated. Specify the filter's private encryption key. |
protected void |
validate(java.security.cert.Certificate cert) Deprecated. Validate the specified Certificate as trusted. |
Methods inherited from class com.tangosol.net.security.AbstractEncryptionFilter |
---|
ensureSecurityException, ensureSecurityException, getCipher, getCipherParams, getCipherTransformation, getConfig, getKeyStore, makeCipher, setCipherParams, setCipherTransformation |
Field Detail |
---|
protected java.security.Key m_keyPrivate
protected java.security.cert.Certificate m_certificateLocal
protected java.security.KeyStore m_keystore
protected java.util.Map m_mapMemberCertificate
protected int m_cbBlockEnc
protected int m_cbBlockDec
public static final java.lang.String DEFAULT_TRANSFORMATION
Constructor Detail |
---|
public AsymmetricEncryptionFilter()
Method Detail |
---|
public java.io.InputStream getInputStream(java.io.InputStream stream)
WrapperStreamFactory
stream
- the java.io.InputStream to be wrappedpublic java.io.OutputStream getOutputStream(java.io.OutputStream stream)
WrapperStreamFactory
stream
- the java.io.OutputStream to be wrappedpublic void setConfig(XmlElement xml)
If customizing this filter to provide alternate Certificate loading and validation logic this method may be overridden to load any necessary custom configuration parameters. The custom implementation is not required to utilize the above configuration parameters, or to call the default implementation of setConfig. Any custom implementation which does not make a call to the default implementation must at least call the following methods:
xml
- the XmlElement containing the filter's configuration parameterssetPrivateKey(java.security.Key)
, setCertificateLocal(java.security.cert.Certificate)
, AbstractEncryptionFilter.setCipherTransformation(java.lang.String)
, DEFAULT_TRANSFORMATION
protected java.security.cert.Certificate getCertificate(Member member)
member
- the Member for which to return the certificateprotected void setCertificate(Member member, java.security.cert.Certificate cert)
member
- the Member for which to return the certificateprotected void validate(java.security.cert.Certificate cert)
The default implementation validates that they supplied Certificate exists within the local KeyStore, and in the case of X509 Certs, that it has not expired. Custom implementation of this class may override this method to provide an alternate means of validating the Certificate.
cert
- the certificate to validatejava.lang.SecurityException
- if certificate is invalid or untrustedpublic byte[] encryptPrivate(byte[] abData, Member member)
abData
- the data to be encryptedmember
- the Member for which the public key will be usedpublic byte[] decryptPrivate(byte[] abEnc)
abEnc
- the encrypted dataprotected void setPrivateKey(java.security.Key key)
key
- the filter's private encryption keyprotected java.security.Key getPrivateKey()
protected void setCertificateLocal(java.security.cert.Certificate cert)
cert
- the filter's certificateprotected java.security.cert.Certificate getCertificateLocal()
protected void setKeyStore(java.security.KeyStore keystore)
keystore
- the filter's KeyStoreprotected java.security.KeyStore getKeyStore()
protected void setDecryptionBlockSize(int cb)
cb
- the filter's decryption block sizeprotected int getDecryptionBlockSize()
protected void setEncryptionBlockSize(int cb)
cb
- the filter's encryption block sizeprotected int getEncryptionBlockSize()
|
Oracle® Coherence Java API Reference Release 3.7.1.0 E22843-01 |
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |