Class SunJCESecurityProviderRegistrar

java.lang.Object

org.apache.sshd.common.util.logging.AbstractLoggingBean

org.apache.sshd.common.util.security.AbstractSecurityProviderRegistrar

org.apache.sshd.common.util.security.SunJCESecurityProviderRegistrar

All Implemented Interfaces:

NamedResource, OptionalFeature, PropertyResolver, SecurityProviderChoice, SecurityProviderRegistrar

public class SunJCESecurityProviderRegistrar
extends AbstractSecurityProviderRegistrar

This is registrar ensures that even if other registrars are active, we still use the Java built-in security provider at least for some security entities.

The problem is that if the Bouncy Castle registrar is present and enabled, we'll end up using the Bouncy Castle implementations for just about anything. But not all Bouncy Castle versions have native implementations of the algorithms. If BC AES is used and is implemented in Java, performance will be very poor. SunJCE's AES uses native code and is much faster.

If no Bouncy Castle is registered, this extra registrar will not have an effect. Like all registrars, this one can be disabled via a system property org.apache.sshd.security.provider.SunJCEWrapper.enabled=false. Note that this does not disable the fallback to the platform provider; it only disables this wrapper which can be used to force the use of the "SunJCE" standard Java provider even if some other registrar also supports an algorithm (and would thus normally be preferred).

The registrar can be configured as usual. By default it has only the AES cipher and the SHA macs enabled, everything else is disabled.

Field Summary

Fields

Modifier and Type	Field	Description
private final Map<String,String>	defaultProperties

Fields inherited from class AbstractSecurityProviderRegistrar

props, providerHolder, supportedEntities

Fields inherited from class AbstractLoggingBean

log

Fields inherited from interface NamedResource

BY_NAME_COMPARATOR, NAME_EXTRACTOR

Fields inherited from interface OptionalFeature

FALSE, TRUE

Fields inherited from interface PropertyResolver

EMPTY

Fields inherited from interface SecurityProviderChoice

EMPTY

Fields inherited from interface SecurityProviderRegistrar

ALL_OPTIONS_VALUE, ALL_OPTIONS_WILDCARD, CONFIG_PROP_BASE, ENABLED_PROPERTY, NAMED_PROVIDER_PROPERTY, NO_OPTIONS_VALUE, SECURITY_ENTITIES

Constructor Summary

Constructors

Constructor	Description
SunJCESecurityProviderRegistrar()

Method Summary

Modifier and Type	Method	Description
String	getDefaultSecurityEntitySupportValue(Class<?> entityType)
String	getProviderName()	Retrieves the underlying Provider's name.
Provider	getSecurityProvider()
String	getString(String name)
boolean	isEnabled()
boolean	isNamedProviderUsed()
boolean	isSupported()

Methods inherited from class AbstractSecurityProviderRegistrar

createProviderInstance, getName, getOrCreateProvider, getProperties, isSecurityEntitySupported, toString

Methods inherited from class AbstractLoggingBean

debug, debug, debug, debug, debug, error, error, error, error, error, getSimplifiedLogger, info, info, warn, warn, warn, warn, warn, warn, warn, warn

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface PropertyResolver

getBoolean, getBooleanProperty, getCharset, getInteger, getIntProperty, getLong, getLongProperty, getObject, getStringProperty, isEmpty

Methods inherited from interface SecurityProviderRegistrar

getBasePropertyName, getConfigurationPropertyName, getEdDSASupport, getParentPropertyResolver, isCertificateFactorySupported, isCipherSupported, isKeyAgreementSupported, isKeyFactorySupported, isKeyPairGeneratorSupported, isMacSupported, isMessageDigestSupported, isSignatureSupported

Field Details

defaultProperties

private final Map<String,String> defaultProperties

Constructor Details

SunJCESecurityProviderRegistrar

public SunJCESecurityProviderRegistrar()

Method Details

isEnabled

public boolean isEnabled()

Returns:

true if the provider is enabled regardless of whether it is supported - default=true. Note: checks if the provider has been programmatically disabled via SecurityUtils.setAPrioriDisabledProvider(String, boolean)

See Also:

• SecurityProviderRegistrar.ENABLED_PROPERTY

getProviderName

public String getProviderName()

Description copied from interface: SecurityProviderChoice

Retrieves the underlying Provider's name.

Returns:

the Provider's name

getDefaultSecurityEntitySupportValue

public String getDefaultSecurityEntitySupportValue(Class<?> entityType)

Parameters:

entityType - The requested entity type - its simple name serves to build the configuration property name.

Returns:

Configuration value to use if no specific configuration provided - default=empty

See Also:

• SecurityProviderRegistrar.isSecurityEntitySupported(Class, String)

getString

public String getString(String name)

isNamedProviderUsed

public boolean isNamedProviderUsed()

Returns:

true if to use the provider's name rather than its Provider instance - default=true

See Also:

• SecurityProviderRegistrar.NAMED_PROVIDER_PROPERTY
• SecurityProviderChoice.getSecurityProvider()
• SecurityProviderRegistrar.registerSecurityProvider(SecurityProviderRegistrar)

getSecurityProvider

public Provider getSecurityProvider()

Returns:

The security Provider to use in case SecurityProviderChoice.isNamedProviderUsed() is false. Can be null if SecurityProviderChoice.isNamedProviderUsed() is true, but not recommended.

isSupported

public boolean isSupported()