public class ENCRYPT extends Protocol
This class can be used in two ways:
Each message is identified as encrypted with a specific encryption header which identifies the type of encrypt header and an MD5 digest that identifies the version of the key being used to encrypt/decrypt the messages.
Note: the current version does not support the concept of perfect forward
encryption (PFE) which means that if a peer leaves the group the keys are
re-generated preventing the departed peer from decrypting future messages if
it chooses to listen in on the group. This is not included as it really
requires a suitable authentication scheme as well to make this feature useful
as there is nothing to stop the peer rejoining and receiving the new key. A
future release will address this issue.
限定符和类型 | 类和说明 |
---|---|
protected class |
ENCRYPT.Decrypter
Decrypts all messages in a batch, replacing encrypted messages in-place with their decrypted versions
|
static class |
ENCRYPT.EncryptHeader |
限定符和类型 | 字段和说明 |
---|---|
protected java.lang.String |
asymAlgorithm |
protected java.util.concurrent.atomic.AtomicInteger |
cipher_index |
protected int |
cipher_pool_size |
protected javax.crypto.Cipher[] |
decoding_ciphers |
protected java.util.concurrent.locks.Lock[] |
decoding_locks |
protected javax.crypto.Cipher[] |
encoding_ciphers |
protected java.util.concurrent.locks.Lock[] |
encoding_locks |
protected javax.crypto.SecretKey |
secretKey |
protected byte[] |
symVersion |
构造器和说明 |
---|
ENCRYPT() |
限定符和类型 | 方法和说明 |
---|---|
java.lang.Object |
down(Event evt)
An event is to be sent down the stack.
|
java.lang.String |
getAsymAlgorithm() |
javax.crypto.Cipher |
getAsymCipher() |
int |
getAsymInit() |
javax.crypto.SecretKey |
getDesKey() |
Address |
getKeyServerAddr() |
java.security.KeyPair |
getKpair() |
protected int |
getNextIndex() |
javax.crypto.SecretKey |
getSecretKey() |
java.lang.String |
getSymAlgorithm() |
javax.crypto.Cipher |
getSymDecodingCipher() |
javax.crypto.Cipher |
getSymEncodingCipher() |
int |
getSymInit() |
byte[] |
getSymVersion() |
protected java.lang.Object |
handleEncryptedMessage(Message msg,
Event evt,
ENCRYPT.EncryptHeader hdr) |
protected void |
handleUpEvent(Message msg,
ENCRYPT.EncryptHeader hdr) |
void |
init()
Called after instance has been created (null constructor) and before protocol is started.
|
void |
initKeyPair()
Generates the public/private key pair from the init params
|
void |
initSymKey()
Used to initialise the symmetric key if none is supplied in a keystore.
|
protected void |
setKeyServerAddr(Address keyServerAddr) |
protected void |
setLocalAddress(Address local_addr) |
java.lang.Object |
up(Event evt)
An event was received from the layer below.
|
void |
up(MessageBatch batch)
Sends up a multiple messages in a
MessageBatch . |
accept, destroy, dumpStats, enableStats, getConfigurableObjects, getDownProtocol, getDownServices, getId, getIdsAbove, getLevel, getName, getProtocolStack, getSocketFactory, getThreadFactory, getTransport, getUpProtocol, getUpServices, getValue, isErgonomics, level, parse, printStats, providedDownServices, providedUpServices, requiredDownServices, requiredUpServices, resetStatistics, resetStats, setDownProtocol, setErgonomics, setId, setLevel, setProtocolStack, setSocketFactory, setUpProtocol, setValue, setValues, start, statsEnabled, stop
protected java.lang.String asymAlgorithm
protected int cipher_pool_size
protected javax.crypto.Cipher[] encoding_ciphers
protected javax.crypto.Cipher[] decoding_ciphers
protected java.util.concurrent.locks.Lock[] encoding_locks
protected java.util.concurrent.locks.Lock[] decoding_locks
protected final java.util.concurrent.atomic.AtomicInteger cipher_index
protected byte[] symVersion
protected javax.crypto.SecretKey secretKey
protected int getNextIndex()
public int getAsymInit()
public javax.crypto.SecretKey getDesKey()
public java.security.KeyPair getKpair()
public javax.crypto.Cipher getAsymCipher()
public java.lang.String getSymAlgorithm()
public int getSymInit()
public java.lang.String getAsymAlgorithm()
public byte[] getSymVersion()
public javax.crypto.SecretKey getSecretKey()
public javax.crypto.Cipher getSymDecodingCipher()
public javax.crypto.Cipher getSymEncodingCipher()
public Address getKeyServerAddr()
protected void setLocalAddress(Address local_addr)
protected void setKeyServerAddr(Address keyServerAddr)
public void init() throws java.lang.Exception
Protocol
public void initSymKey() throws java.lang.Exception
java.lang.Exception
public void initKeyPair() throws java.lang.Exception
java.lang.Exception
public java.lang.Object up(Event evt)
Protocol
down_prot.down()
or c) the event (or another event) is sent up
the stack using up_prot.up()
.public void up(MessageBatch batch)
Protocol
MessageBatch
. The sender of the batch is always the same, and so is the
destination (null == multicast messages). Messages in a batch can be OOB messages, regular messages, or mixed
messages, although the transport itself will create initial MessageBatches that contain only either OOB or
regular messages.
The default processing below sends messages up the stack individually, based on a matching criteria
(calling Protocol.accept(Message)
), and - if true - calls Protocol.up(Event)
for that message and removes the message. If the batch is not empty, it is passed up, or else it is dropped.
Subclasses should check if there are any messages destined for them (e.g. using
MessageBatch.getMatchingMessages(short, boolean)
), then possibly remove and process them and finally pass
the batch up to the next protocol. Protocols can also modify messages in place, e.g. ENCRYPT could decrypt all
encrypted messages in the batch, not remove them, and pass the batch up when done.protected java.lang.Object handleEncryptedMessage(Message msg, Event evt, ENCRYPT.EncryptHeader hdr) throws java.lang.Exception
java.lang.Exception
protected void handleUpEvent(Message msg, ENCRYPT.EncryptHeader hdr)
public java.lang.Object down(Event evt)
Protocol
down_prot.down()
. In case of a GET_ADDRESS event (which tries to
retrieve the stack's address from one of the bottom layers), the layer may need to send
a new response event back up the stack using up_prot.up()
.