|
CoherenceTM v3.3 Copyright© 2000-2007 by Oracle Corporation |
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.tangosol.util.Base
com.tangosol.net.security.AbstractEncryptionFilter
com.tangosol.net.security.AsymmetricEncryptionFilter
public class AsymmetricEncryptionFilter
Asymmetric encryption filter implementation.
This filter will encrypt the contents with the originators private key so that it may be validated as trusted by the recipient(s). The filter is configured with a Java KeyStore from which it will retrieve its local certificate and private key. Each incbound message will have its sender's certificate validated via a call to the validate(Certificate) method. The default implementation simply validates that the certificate exists within the configured keystore, and in the case of X509 certificates that it has not expired. This class may be extended in order to provide custom validation logic. As this is a fairly expensive filter as is not intended for use on services with high traffic loads. Additionally as it encrypts with the originators private key, it is not intended for transporting sensitive data. It is generally used only to protect the ClusterService (hence cluster membership) via the ClusterEncryptionFilter. In order to use this filter you must have have configured your JVM with a suitable JCA public key cryptography provider such as the one provided by Bouncy Castle. See the JCA documentation for details on installing and configuring JCA providers.
setConfig(com.tangosol.run.xml.XmlElement)
,
ClusterEncryptionFilter
Nested Class Summary | |
---|---|
class |
AsymmetricEncryptionFilter.IdentityInputStream
Stream which reads an unencrypted identity header followed by an encrypted payload. |
class |
AsymmetricEncryptionFilter.IdentityOutputStream
Stream which writes an unencrypted identity header followed by an encrypted payload. |
Field Summary | |
---|---|
static String |
DEFAULT_TRANSFORMATION
Default transformation |
protected Certificate |
m_certificateLocal
The local Certificate |
protected Key |
m_keyPrivate
The local PrivateKey |
protected KeyStore |
m_keystore
The KeyStore |
protected Map |
m_mapMemberCertificate
Map of Member to their certificates |
Fields inherited from class com.tangosol.net.security.AbstractEncryptionFilter |
---|
DEFAULT_KEYSTORE_PATH, DEFAULT_KEYSTORE_TYPE, m_specCipherParams, m_sTransformation, m_tlsCipher |
Constructor Summary | |
---|---|
AsymmetricEncryptionFilter()
Default constructor |
Method Summary | |
---|---|
byte[] |
decryptPrivate(byte[] abEnc)
Decrypt the supplied data with the local private key. |
byte[] |
encryptPrivate(byte[] abData,
Member member)
Encrypt the supplied data for privacy using the supplied Member's public key. |
protected Certificate |
getCertificate(Member member)
Return the Certificate assocaited with the specified Member. |
protected Certificate |
getCertificateLocal()
Return the filter's certificate. |
InputStream |
getInputStream(InputStream stream)
Requests an InputStream that wraps the passed InputStream. |
protected KeyStore |
getKeyStore()
Return the filter's KeyStore. |
OutputStream |
getOutputStream(OutputStream stream)
Requests an OutputStream that wraps the passed OutputStream. |
protected Key |
getPrivateKey()
Return the filter's private encryption key. |
protected void |
setCertificate(Member member,
Certificate cert)
Specify the Certificate assocaited with a Member. |
protected void |
setCertificateLocal(Certificate cert)
Specify the filter's certificate. |
void |
setConfig(XmlElement xml)
Configures the Encryption filter for asymmetric encryption using a private key and Certification from a KeyStore. |
protected void |
setKeyStore(KeyStore keystore)
Specify the filter's KeyStore. |
protected void |
setPrivateKey(Key key)
Specify the filter's private encryption key. |
protected void |
validate(Certificate cert)
Validate the specified Certificate as trusted. |
Methods inherited from class com.tangosol.net.security.AbstractEncryptionFilter |
---|
ensureSecurityException, ensureSecurityException, getCipher, getCipherParams, getCipherTransformation, getConfig, getKeyStore, makeCipher, setCipherParams, setCipherTransformation |
Field Detail |
---|
protected Key m_keyPrivate
protected Certificate m_certificateLocal
protected KeyStore m_keystore
protected Map m_mapMemberCertificate
public static final String DEFAULT_TRANSFORMATION
Constructor Detail |
---|
public AsymmetricEncryptionFilter()
Method Detail |
---|
public InputStream getInputStream(InputStream stream)
WrapperStreamFactory
stream
- the java.io.InputStream to be wrapped
public OutputStream getOutputStream(OutputStream stream)
WrapperStreamFactory
stream
- the java.io.OutputStream to be wrapped
public void setConfig(XmlElement xml)
xml
- the XML configuration for the objectprotected Certificate getCertificate(Member member)
member
- the Member for which to return the certificate
protected void setCertificate(Member member, Certificate cert)
member
- the Member for which to return the certificateprotected void validate(Certificate cert)
cert
- the certificate to validate
SecurityException
- if certificate is invalid or untrustedpublic byte[] encryptPrivate(byte[] abData, Member member)
abData
- the data to be encryptedmember
- the Member for which the public key will be used
public byte[] decryptPrivate(byte[] abEnc)
abEnc
- the encrypted data
protected void setPrivateKey(Key key)
key
- the filter's private encryption keyprotected Key getPrivateKey()
protected void setCertificateLocal(Certificate cert)
cert
- the filter's certificateprotected Certificate getCertificateLocal()
protected void setKeyStore(KeyStore keystore)
keystore
- the filter's KeyStoreprotected KeyStore getKeyStore()
|
CoherenceTM v3.3 Copyright© 2000-2007 by Oracle Corporation |
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |