JnlpProtocol4Handler@Deprecated public class JnlpProtocol3Handler extends JnlpProtocolHandler<STATE>
This protocol aims to provide a basic level of security for JNLP based
slaves. Both the master and the slave securely authenticate each other and
then setup an encrypted Channel.
The slave secret is never exchanged, but instead used as a shared secret
to generate matching symmetric key Ciphers by both
sides which are used to perform a secure handshake. During the handshake
both the slave and the master send each other challenge phrases which can
only be decrypted with the matching cipher created with the slave secret.
Once decrypted the SHA-256 hash of the challenge is computed and sent back
to authenticate.
Once the handshake is successful another pair of symmetric key ciphers are created by the slave using random keys. These are then shared with the master. These ciphers are used to create an encrypted channel by both sides.
The following goes over the handshake in more detail:
Client Master
handshake ciphers = createFrom(slave name, slave secret)
| |
| initiate(slave name, encrypt(challenge), encrypt(cookie)) |
| -------------------------------------------------------------->>> |
| |
| encrypt(hash(challenge)) |
| <<<-------------------------------------------------------------- |
| |
| GREETING_SUCCESS |
| -------------------------------------------------------------->>> |
| |
| encrypt(challenge) |
| <<<-------------------------------------------------------------- |
| |
| encrypt(hash(challenge)) |
| -------------------------------------------------------------->>> |
| |
| GREETING_SUCCESS |
| <<<-------------------------------------------------------------- |
| |
| encrypt(cookie) |
| <<<-------------------------------------------------------------- |
| |
| encrypt(AES key) + encrypt(IvSpec) |
| -------------------------------------------------------------->>> |
| |
channel ciphers = createFrom(AES key, IvSpec)
channel = channelBuilder.createWith(channel ciphers)
The entire process assumes the slave secret has not been leaked beforehand and the slave obtains it in a secure manner.
The key sizes are only 128bit since it cannot be assumed everyone has the Java Cryptography Extension available. In the future maybe the key size could be made a parameter or the implementation can check to see if 256bit sizes are supported.
JnlpProtocol4Handler| Modifier and Type | Field and Description |
|---|---|
static String |
CHALLENGE_KEY
Deprecated.
|
static String |
GREETING_SUCCESS
The expected response from the master on successful completion of the
handshake.
|
| Constructor and Description |
|---|
JnlpProtocol3Handler(JnlpClientDatabase clientDatabase,
ExecutorService threadPool,
NioChannelHub hub,
boolean preferNio)
Deprecated.
|
| Modifier and Type | Method and Description |
|---|---|
Future<Channel> |
connect(Socket socket,
Map<String,String> headers,
List<? extends JnlpConnectionStateListener> listeners)
Handles an outgoing connection to the server on the supplied socket.
|
Jnlp3ConnectionState |
createConnectionState(Socket socket,
List<? extends JnlpConnectionStateListener> listeners)
Deprecated.
Creates the
JnlpConnectionState instance for this JnlpProtocolHandler. |
String |
getName()
Deprecated.
Get the name of the protocol.
|
Future<Channel> |
handle(Socket socket,
Map<String,String> headers,
List<? extends JnlpConnectionStateListener> listeners)
Handles an incoming client connection on the supplied socket.
|
connect, getClientDatabase, handle, isEnabled, isPreferNiopublic static final String CHALLENGE_KEY
public static final String GREETING_SUCCESS
public JnlpProtocol3Handler(@Nullable JnlpClientDatabase clientDatabase, @Nonnull ExecutorService threadPool, @Nullable NioChannelHub hub, boolean preferNio)
public String getName()
getName in class JnlpProtocolHandler<Jnlp3ConnectionState>@Nonnull public Jnlp3ConnectionState createConnectionState(@Nonnull Socket socket, @Nonnull List<? extends JnlpConnectionStateListener> listeners) throws IOException
JnlpConnectionState instance for this JnlpProtocolHandler.socket - the Socketlisteners - the initial JnlpConnectionStateListener instances.JnlpConnectionState for this connection.IOException - if something goes wrong.@Nonnull public Future<Channel> handle(@Nonnull Socket socket, @Nonnull Map<String,String> headers, @Nonnull List<? extends JnlpConnectionStateListener> listeners) throws IOException
handle in class JnlpProtocolHandler<STATE extends LegacyJnlpConnectionState>socket - the socket.headers - the headers to send.listeners - the listeners to approve and receive the connection.Future for the Channel to the server.IOException - if the protocol cannot be initiated.@Nonnull public Future<Channel> connect(@Nonnull Socket socket, @Nonnull Map<String,String> headers, @Nonnull List<? extends JnlpConnectionStateListener> listeners) throws IOException
connect in class JnlpProtocolHandler<STATE extends LegacyJnlpConnectionState>socket - the socket.headers - the headers to send.listeners - the listeners to approve and receive the connection.Future for the Channel to the server.IOException - if the protocol cannot be initiated.Copyright © 2004–2018. All rights reserved.