Package org.jgroups.auth

Class X509Token

  • All Implemented Interfaces:
    Streamable
    public class X509Token
extends AuthToken

    This is an example of using a preshared token that is encrypted using an X509 certificate for authentication purposes. All members of the group have to have the same string value in the JGroups config.

    This example uses certificates contained within a specified keystore. Configuration parameters for this example are shown below:

    • keystore_type = JKS(default)/PKCS12 - see http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#AppA
    • keystore_path (required) = the location of the keystore
    • keystore_password (required) = the password of the keystore
    • cert_alias (required) = the alias of the certification within the keystore
    • cert_password = the password of the certification within the keystore
    • auth_value (required) = the string to encrypt
    • cipher_type = RSA(default)/AES/Blowfish/DES/DESede/PBEWithMD5AndDES/PBEWithHmacSHA1AndDESede/RC2/RC4/RC5 - see http://java.sun.com/j2se/1.4.2/docs/guide/security/jce/JCERefGuide.html#AppA
    See Also:
    AuthToken

    • Constructor Summary

      Constructors 
      Constructor Description
      X509Token()  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean authenticate​(AuthToken token, Message msg)
      This method should be implemented to perform the actual authentication of joining members.
      X509Token encryptedToken​(byte[] buf)
      To be used for testing only
      java.lang.String getName()
      Used to return the full package and class name of the implementation.
      void readFrom​(java.io.DataInput in)
      Read the state of the current object (including superclasses) from instream Note that the input stream must not be closed
      void setCertificate()
      Used during setup to get the certification from the keystore and encrypt the auth_value with the private key
      void setCertPassword​(java.lang.String pwd)  
      void setKeyStorePassword​(java.lang.String pwd)  
      int size()
      The size of the marshalled AuthToken
      void writeTo​(java.io.DataOutput out)
      Write the entire state of the current object (including superclasses) to outstream.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • valueSet

        private boolean valueSet

      • keystore_type

        protected java.lang.String keystore_type

      • cert_alias

        protected java.lang.String cert_alias

      • keystore_path

        protected java.lang.String keystore_path

      • auth_value

        protected java.lang.String auth_value

      • cipher_type

        protected java.lang.String cipher_type

      • encryptedToken

        private byte[] encryptedToken

      • cert_password

        private char[] cert_password

      • keystore_password

        private char[] keystore_password

      • cipher

        private javax.crypto.Cipher cipher

      • certPrivateKey

        private java.security.PrivateKey certPrivateKey

      • certificate

        private java.security.cert.X509Certificate certificate

    • Constructor Detail

      • X509Token

        public X509Token()

    • Method Detail

      • setCertPassword

        public void setCertPassword​(java.lang.String pwd)

      • setKeyStorePassword

        public void setKeyStorePassword​(java.lang.String pwd)

      • encryptedToken

        public X509Token encryptedToken​(byte[] buf)
        To be used for testing only

      • getName

        public java.lang.String getName()
        Description copied from class: AuthToken
        Used to return the full package and class name of the implementation. This is used by the AUTH protocol to create an instance of the implementation.
        Specified by:
        getName in class AuthToken
        Returns:
        a java.lang.String object of the package and class name

      • authenticate

        public boolean authenticate​(AuthToken token,
                            Message msg)
        Description copied from class: AuthToken
        This method should be implemented to perform the actual authentication of joining members.
        Specified by:
        authenticate in class AuthToken
        Parameters:
        token - the token sent by the joiner
        msg - the Message object containing the actual JOIN_REQ
        Returns:
        true if authenticaion passed or false if it failed.

      • writeTo

        public void writeTo​(java.io.DataOutput out)
             throws java.io.IOException
        Description copied from interface: Streamable
        Write the entire state of the current object (including superclasses) to outstream. Note that the output stream must not be closed
        Throws:
        java.io.IOException

      • readFrom

        public void readFrom​(java.io.DataInput in)
              throws java.io.IOException
        Description copied from interface: Streamable
        Read the state of the current object (including superclasses) from instream Note that the input stream must not be closed
        Throws:
        java.io.IOException

      • size

        public int size()
        Description copied from class: AuthToken
        The size of the marshalled AuthToken
        Specified by:
        size in class AuthToken

      • setCertificate

        public void setCertificate()
                    throws java.security.KeyStoreException,
                           java.io.IOException,
                           java.security.NoSuchAlgorithmException,
                           java.security.cert.CertificateException,
                           javax.crypto.NoSuchPaddingException,
                           java.security.InvalidKeyException,
                           javax.crypto.IllegalBlockSizeException,
                           javax.crypto.BadPaddingException,
                           java.security.UnrecoverableEntryException
        Used during setup to get the certification from the keystore and encrypt the auth_value with the private key
        Throws:
        java.security.KeyStoreException
        java.io.IOException
        java.security.NoSuchAlgorithmException
        java.security.cert.CertificateException
        javax.crypto.NoSuchPaddingException
        java.security.InvalidKeyException
        javax.crypto.IllegalBlockSizeException
        javax.crypto.BadPaddingException
        java.security.UnrecoverableEntryException