Class SunJCESecurityProviderRegistrar
- java.lang.Object
-
- org.apache.sshd.common.util.logging.AbstractLoggingBean
-
- org.apache.sshd.common.util.security.AbstractSecurityProviderRegistrar
-
- org.apache.sshd.common.util.security.SunJCESecurityProviderRegistrar
-
- All Implemented Interfaces:
NamedResource
,OptionalFeature
,PropertyResolver
,SecurityProviderChoice
,SecurityProviderRegistrar
public class SunJCESecurityProviderRegistrar extends AbstractSecurityProviderRegistrar
This is registrar ensures that even if other registrars are active, we still use the Java built-in security provider at least for some security entities.The problem is that if the Bouncy Castle registrar is present and enabled, we'll end up using the Bouncy Castle implementations for just about anything. But not all Bouncy Castle versions have native implementations of the algorithms. If BC AES is used and is implemented in Java, performance will be very poor. SunJCE's AES uses native code and is much faster.
If no Bouncy Castle is registered, this extra registrar will not have an effect. Like all registrars, this one can be disabled via a system property
org.apache.sshd.security.provider.SunJCEWrapper.enabled=false
. Note that this does not disable the fallback to the platform provider; it only disables this wrapper which can be used to force the use of the "SunJCE" standard Java provider even if some other registrar also supports an algorithm (and would thus normally be preferred).The registrar can be configured as usual. By default it has only the AES cipher and the SHA macs enabled, everything else is disabled.
-
-
Field Summary
Fields Modifier and Type Field Description private java.util.Map<java.lang.String,java.lang.String>
defaultProperties
-
Fields inherited from class org.apache.sshd.common.util.security.AbstractSecurityProviderRegistrar
props, providerHolder, supportedEntities
-
Fields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
log
-
Fields inherited from interface org.apache.sshd.common.NamedResource
BY_NAME_COMPARATOR, NAME_EXTRACTOR
-
Fields inherited from interface org.apache.sshd.common.OptionalFeature
FALSE, TRUE
-
Fields inherited from interface org.apache.sshd.common.PropertyResolver
EMPTY
-
Fields inherited from interface org.apache.sshd.common.util.security.SecurityProviderChoice
EMPTY
-
Fields inherited from interface org.apache.sshd.common.util.security.SecurityProviderRegistrar
ALL_OPTIONS_VALUE, ALL_OPTIONS_WILDCARD, CONFIG_PROP_BASE, ENABLED_PROPERTY, NAMED_PROVIDER_PROPERTY, NO_OPTIONS_VALUE, SECURITY_ENTITIES
-
-
Constructor Summary
Constructors Constructor Description SunJCESecurityProviderRegistrar()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.String
getDefaultSecurityEntitySupportValue(java.lang.Class<?> entityType)
java.lang.String
getProviderName()
Retrieves the underlyingProvider
's name.java.security.Provider
getSecurityProvider()
java.lang.String
getString(java.lang.String name)
boolean
isEnabled()
boolean
isNamedProviderUsed()
boolean
isSupported()
-
Methods inherited from class org.apache.sshd.common.util.security.AbstractSecurityProviderRegistrar
createProviderInstance, getName, getOrCreateProvider, getProperties, isSecurityEntitySupported, toString
-
Methods inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
debug, debug, debug, debug, debug, error, error, error, error, error, getSimplifiedLogger, info, info, warn, warn, warn, warn, warn, warn, warn, warn
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
-
Methods inherited from interface org.apache.sshd.common.PropertyResolver
getBoolean, getBooleanProperty, getCharset, getInteger, getIntProperty, getLong, getLongProperty, getObject, getStringProperty, isEmpty
-
Methods inherited from interface org.apache.sshd.common.util.security.SecurityProviderRegistrar
getBasePropertyName, getConfigurationPropertyName, getParentPropertyResolver, isCertificateFactorySupported, isCipherSupported, isKeyAgreementSupported, isKeyFactorySupported, isKeyPairGeneratorSupported, isMacSupported, isMessageDigestSupported, isSignatureSupported
-
-
-
-
Method Detail
-
isEnabled
public boolean isEnabled()
- Returns:
true
if the provider is enabled regardless of whether it is supported - default=true
. Note: checks if the provider has been programmatically disabled viaSecurityUtils.setAPrioriDisabledProvider(String, boolean)
- See Also:
SecurityProviderRegistrar.ENABLED_PROPERTY
-
getProviderName
public java.lang.String getProviderName()
Description copied from interface:SecurityProviderChoice
Retrieves the underlyingProvider
's name.- Returns:
- the
Provider
's name
-
getDefaultSecurityEntitySupportValue
public java.lang.String getDefaultSecurityEntitySupportValue(java.lang.Class<?> entityType)
- Parameters:
entityType
- The requested entity type - its simple name serves to build the configuration property name.- Returns:
- Configuration value to use if no specific configuration provided - default=empty
- See Also:
SecurityProviderRegistrar.isSecurityEntitySupported(Class, String)
-
getString
public java.lang.String getString(java.lang.String name)
-
isNamedProviderUsed
public boolean isNamedProviderUsed()
- Returns:
true
if to use the provider's name rather than itsProvider
instance - default=true
- See Also:
SecurityProviderRegistrar.NAMED_PROVIDER_PROPERTY
,SecurityProviderChoice.getSecurityProvider()
,SecurityProviderRegistrar.registerSecurityProvider(SecurityProviderRegistrar)
-
getSecurityProvider
public java.security.Provider getSecurityProvider()
- Returns:
- The security
Provider
to use in caseSecurityProviderChoice.isNamedProviderUsed()
isfalse
. Can benull
ifSecurityProviderChoice.isNamedProviderUsed()
istrue
, but not recommended.
-
isSupported
public boolean isSupported()
-
-