[jboss-jira] [JBoss JIRA] Updated: (JGRP-372) TCP with SSL

Mon Dec 4 12:54:55 EST 2006

     [ http://jira.jboss.com/jira/browse/JGRP-372?page=all ]

Hal Hildebrand updated JGRP-372:
--------------------------------

    Attachment: TCP_SSL_PROPS.java

Attached is a protocol subclass of TCP_SSL which should - in theory - set up the SSL Context from properties of the configuration string for the stack.  I haven't tested this, so be kind ;)  I'm pretty confident it will work, though, modulo any automatic writing that seems to periodically interrupt my coding.  Poltergeists are pesky creatures.

If you are using a JCEKS keystore, use the sunx509 key and trust manager algorithms, and the TLSv1 protocol, all you should have to provide is the filename of the keystore and the password.

> TCP with SSL
> ------------
>
>                 Key: JGRP-372
>                 URL: http://jira.jboss.com/jira/browse/JGRP-372
>             Project: JGroups
>          Issue Type: Feature Request
>    Affects Versions: 2.4
>            Reporter: Bela Ban
>         Assigned To: Bela Ban
>             Fix For: 2.5
>
>         Attachments: tcp_ssl.jar, TCP_SSL_PROPS.java
>
>
> From Hal Hildebrand:
> Here's the straight TCP version, as I am still working on the handshake
> implementation for the TCP_NIO_SSL protocol.  This protocol stack element
> provides security and authentication (using client side authentication) for
> a JGroups TCP stack.
> Like the NIO version, this required four minor modifications in the
> ConnectionTable class.  These modifications allow one to subclass to create
> a connection table which uses SSL for the connections.  Finally, there is a
> new protocol stack element, TCP_SSL, which one can add to a stack to make
> use of it.
> As with my previous request, it would be nice to have the changes to
> ConnectionTable make it into the mainline, as I currently have to overwrite
> the original class to easily implement this.  The mods are simple and
> innocuous (marked with "HSH").
> Right now, the TCP_SSL needs to be configured with an SSLContext.  I didn't
> bother with integrating with the normal JGroups mechanism using properties
> from the configuration because I consider it inherently insecure to ensconce
> my passwords in configuration files, but the changes to enable this are
> straight forward.  Currently, to configure the factory for the protocol
> layer, do something like the following before connecting your channel:
>     // Construct your Jchannel
>     JChannel jchannel = ...
>     //  Access your protocol stack
>     ProtocolStack protocolStack = jchannel.getProtocolStack();
>     // Retrieve the TCP_SSL protocol layer
>     TCP_SSL protocol = (TCP_SSL) protocolStack.findProtocol("TCP_SSL");
>     
>     // Create your SSLContext
>     SSLContext sslContext = ....
>     // Set up the protocol
>     protocol.setSslContext(sslContext);
>     // Connect your channel
>     jchannel.connnect("my-group");
> Cheers.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira