com.tangosol.net.security
Class ClusterEncryptionFilter

java.lang.Object
  com.tangosol.util.Base
      com.tangosol.net.security.ClusterEncryptionFilter

All Implemented Interfaces:

WrapperStreamFactory, XmlConfigurable

public class ClusterEncryptionFilter
extends Base
implements WrapperStreamFactory, XmlConfigurable

Encryption filter implementation which switches between asymmetric and symmetric encryption based upon the type of data being filtered.

Asymmetric encryption is applied to the cluster service data to protect against untrusted entities joining the cluster. Data for other services is encrypted using a random shared symmetric key which is generated by the cluster's senior member and securely provided to other members via the cluster service. Unlike most cluster service traffic the shared secret is encrypted with both the originator's public key and the recipient's private key.

Custom certificate validation may be provided by extending the AsymmetricEncryptionFilter class, and supplying the alternate implementation as part of this filter's configuration.

Author:

mf 2006.08.08

See Also:

setConfig(com.tangosol.run.xml.XmlElement), AsymmetricEncryptionFilter, SymmetricEncryptionFilter

Nested Class Summary

class	ClusterEncryptionFilter.DemultiplexingInputStream WrapperInputStram which chooses the appropriate wrapper based on the protocol context.
class	ClusterEncryptionFilter.MultiplexingOutputStream WrapperOutputStram which chooses the appropriate wrapper based on the protocol context.

Field Summary

protected int	m_nSharedKeySize Shared key length.
protected String	m_sSharedKeyAlgorithm Shared key algorithm.
protected AsymmetricEncryptionFilter	m_wrapperAsymmetric The AsymmetricEncryptionFilter
protected SymmetricEncryptionFilter	m_wrapperSymmetric The SymmetricEncryptionFilter

Constructor Summary

ClusterEncryptionFilter()

Method Summary

XmlElement	getConfig() Determine the current configuration of the object.
InputStream	getInputStream(InputStream stream) Requests an InputStream that wraps the passed InputStream.
OutputStream	getOutputStream(OutputStream stream) Requests an OutputStream that wraps the passed OutputStream.
SecretKey	getSharedKey() Return the shared key, or generate one if none exists.
protected void	readSharedKey(DataInputStream stream) Read the shared key from the InputStream.
protected WrapperStreamFactory	selectWrapper(ProtocolContext context) Select a Filter based on the supplied protocol information.
void	setConfig(XmlElement xml) Configures the ClusterEncryptionfilter.
void	setSharedKey(SecretKey key) Set the shared key.
protected void	writeSharedKey(DataOutputStream stream, Member memberTo) Write the shared cluster secret to the supplied OutputStream.

Field Detail

m_sSharedKeyAlgorithm

protected String m_sSharedKeyAlgorithm

Shared key algorithm.

m_nSharedKeySize

protected int m_nSharedKeySize

Shared key length.

m_wrapperSymmetric

protected SymmetricEncryptionFilter m_wrapperSymmetric

The SymmetricEncryptionFilter

m_wrapperAsymmetric

protected AsymmetricEncryptionFilter m_wrapperAsymmetric

The AsymmetricEncryptionFilter

Constructor Detail

ClusterEncryptionFilter

public ClusterEncryptionFilter()

Method Detail

selectWrapper

protected WrapperStreamFactory selectWrapper(ProtocolContext context)

Select a Filter based on the supplied protocol information.

Parameters:

context - the protocol context

Returns:

the WrapperStreamFactory to use

readSharedKey

protected void readSharedKey(DataInputStream stream)

Read the shared key from the InputStream.

Parameters:

stream - the stream to read the secret from

writeSharedKey

protected void writeSharedKey(DataOutputStream stream,
                              Member memberTo)

Write the shared cluster secret to the supplied OutputStream. The key will be encrypted using the target members public key.

Parameters:

stream - the stream to write the secret to

memberTo - the member to which the key will be sent

getSharedKey

public SecretKey getSharedKey()

Return the shared key, or generate one if none exists.

Returns:

the shared key

setSharedKey

public void setSharedKey(SecretKey key)

Set the shared key.

Parameters:

key - the shared key

getInputStream

public InputStream getInputStream(InputStream stream)

Requests an InputStream that wraps the passed InputStream.

Specified by:

getInputStream in interface WrapperStreamFactory

Parameters:

stream - the java.io.InputStream to be wrapped

Returns:

an InputStream that delegates to ("wraps") the passed InputStream

getOutputStream

public OutputStream getOutputStream(OutputStream stream)

Requests an OutputStream that wraps the passed OutputStream.

Specified by:

getOutputStream in interface WrapperStreamFactory

Parameters:

stream - the java.io.OutputStream to be wrapped

Returns:

an OutputStream that delegates to ("wraps") the passed OutputStream

getConfig

public XmlElement getConfig()

Determine the current configuration of the object.

Specified by:

getConfig in interface XmlConfigurable

Returns:

the XML configuration or null

setConfig

public void setConfig(XmlElement xml)

Configures the ClusterEncryptionfilter. This supports the same configuraiton elements as the AsymmetricEncryptionFilter as well as:

• sharedKeyType - the type of shared key, default to DESede
• sharedKeySize - the size of shared key, default to 112
• asymmetricFilterClassName - an alternate implementation of AsymmetricEncryptionFilter

Specified by:

setConfig in interface XmlConfigurable

Parameters:

xml - the XML configuration for the object

See Also:

AsymmetricEncryptionFilter.setConfig(com.tangosol.run.xml.XmlElement)