/*
* Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package javax.rmi.ssl;
import java.io.IOException;
import java.io.Serializable;
import java.net.Socket;
import java.rmi.server.RMIClientSocketFactory;
import java.util.StringTokenizer;
import javax.net.SocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
An SslRMIClientSocketFactory
instance is used by the RMI
runtime in order to obtain client sockets for RMI calls via SSL.
This class implements RMIClientSocketFactory
over
the Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
protocols.
This class creates SSL sockets using the default
SSLSocketFactory
(see SSLSocketFactory.getDefault
). All instances of this class are functionally equivalent. In particular, they all share the same truststore, and the same keystore when client authentication is required by the server. This behavior can be modified in subclasses by overriding the createSocket(String, int)
method; in that case, equals
and hashCode
may also need to be overridden.
If the system property
javax.rmi.ssl.client.enabledCipherSuites
is specified, the createSocket(String, int)
method will call SSLSocket.setEnabledCipherSuites(String[])
before returning the socket. The value of this system property is a string that is a comma-separated list of SSL/TLS cipher suites to enable.
If the system property
javax.rmi.ssl.client.enabledProtocols
is specified, the createSocket(String, int)
method will call SSLSocket.setEnabledProtocols(String[])
before returning the socket. The value of this system property is a string that is a comma-separated list of SSL/TLS protocol versions to enable.
See Also: Since: 1.5
/**
* <p>An <code>SslRMIClientSocketFactory</code> instance is used by the RMI
* runtime in order to obtain client sockets for RMI calls via SSL.</p>
*
* <p>This class implements <code>RMIClientSocketFactory</code> over
* the Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
* protocols.</p>
*
* <p>This class creates SSL sockets using the default
* <code>SSLSocketFactory</code> (see {@link
* SSLSocketFactory#getDefault}). All instances of this class are
* functionally equivalent. In particular, they all share the same
* truststore, and the same keystore when client authentication is
* required by the server. This behavior can be modified in
* subclasses by overriding the {@link #createSocket(String,int)}
* method; in that case, {@link #equals(Object) equals} and {@link
* #hashCode() hashCode} may also need to be overridden.</p>
*
* <p>If the system property
* <code>javax.rmi.ssl.client.enabledCipherSuites</code> is specified,
* the {@link #createSocket(String,int)} method will call {@link
* SSLSocket#setEnabledCipherSuites(String[])} before returning the
* socket. The value of this system property is a string that is a
* comma-separated list of SSL/TLS cipher suites to enable.</p>
*
* <p>If the system property
* <code>javax.rmi.ssl.client.enabledProtocols</code> is specified,
* the {@link #createSocket(String,int)} method will call {@link
* SSLSocket#setEnabledProtocols(String[])} before returning the
* socket. The value of this system property is a string that is a
* comma-separated list of SSL/TLS protocol versions to enable.</p>
*
* @see javax.net.ssl.SSLSocketFactory
* @see javax.rmi.ssl.SslRMIServerSocketFactory
* @since 1.5
*/
public class SslRMIClientSocketFactory
implements RMIClientSocketFactory, Serializable {
Creates a new SslRMIClientSocketFactory
.
/**
* <p>Creates a new <code>SslRMIClientSocketFactory</code>.</p>
*/
public SslRMIClientSocketFactory() {
// We don't force the initialization of the default SSLSocketFactory
// at construction time - because the RMI client socket factory is
// created on the server side, where that initialization is a priori
// meaningless, unless both server and client run in the same JVM.
// We could possibly override readObject() to force this initialization,
// but it might not be a good idea to actually mix this with possible
// deserialization problems.
// So contrarily to what we do for the server side, the initialization
// of the SSLSocketFactory will be delayed until the first time
// createSocket() is called - note that the default SSLSocketFactory
// might already have been initialized anyway if someone in the JVM
// already called SSLSocketFactory.getDefault().
//
}
Creates an SSL socket.
If the system property
javax.rmi.ssl.client.enabledCipherSuites
is specified, this method will call SSLSocket.setEnabledCipherSuites(String[])
before returning the socket. The value of this system property is a string that is a comma-separated list of SSL/TLS cipher suites to enable.
If the system property
javax.rmi.ssl.client.enabledProtocols
is specified, this method will call SSLSocket.setEnabledProtocols(String[])
before returning the socket. The value of this system property is a string that is a comma-separated list of SSL/TLS protocol versions to enable.
/**
* <p>Creates an SSL socket.</p>
*
* <p>If the system property
* <code>javax.rmi.ssl.client.enabledCipherSuites</code> is
* specified, this method will call {@link
* SSLSocket#setEnabledCipherSuites(String[])} before returning
* the socket. The value of this system property is a string that
* is a comma-separated list of SSL/TLS cipher suites to
* enable.</p>
*
* <p>If the system property
* <code>javax.rmi.ssl.client.enabledProtocols</code> is
* specified, this method will call {@link
* SSLSocket#setEnabledProtocols(String[])} before returning the
* socket. The value of this system property is a string that is a
* comma-separated list of SSL/TLS protocol versions to
* enable.</p>
*/
public Socket createSocket(String host, int port) throws IOException {
// Retrieve the SSLSocketFactory
//
final SocketFactory sslSocketFactory = getDefaultClientSocketFactory();
// Create the SSLSocket
//
final SSLSocket sslSocket = (SSLSocket)
sslSocketFactory.createSocket(host, port);
// Set the SSLSocket Enabled Cipher Suites
//
final String enabledCipherSuites =
System.getProperty("javax.rmi.ssl.client.enabledCipherSuites");
if (enabledCipherSuites != null) {
StringTokenizer st = new StringTokenizer(enabledCipherSuites, ",");
int tokens = st.countTokens();
String enabledCipherSuitesList[] = new String[tokens];
for (int i = 0 ; i < tokens; i++) {
enabledCipherSuitesList[i] = st.nextToken();
}
try {
sslSocket.setEnabledCipherSuites(enabledCipherSuitesList);
} catch (IllegalArgumentException e) {
throw (IOException)
new IOException(e.getMessage()).initCause(e);
}
}
// Set the SSLSocket Enabled Protocols
//
final String enabledProtocols =
System.getProperty("javax.rmi.ssl.client.enabledProtocols");
if (enabledProtocols != null) {
StringTokenizer st = new StringTokenizer(enabledProtocols, ",");
int tokens = st.countTokens();
String enabledProtocolsList[] = new String[tokens];
for (int i = 0 ; i < tokens; i++) {
enabledProtocolsList[i] = st.nextToken();
}
try {
sslSocket.setEnabledProtocols(enabledProtocolsList);
} catch (IllegalArgumentException e) {
throw (IOException)
new IOException(e.getMessage()).initCause(e);
}
}
// Return the preconfigured SSLSocket
//
return sslSocket;
}
Indicates whether some other object is "equal to" this one.
Because all instances of this class are functionally equivalent
(they all use the default
SSLSocketFactory
), this method simply returns
this.getClass().equals(obj.getClass())
.
A subclass should override this method (as well as hashCode()
) if its instances are not all functionally equivalent.
/**
* <p>Indicates whether some other object is "equal to" this one.</p>
*
* <p>Because all instances of this class are functionally equivalent
* (they all use the default
* <code>SSLSocketFactory</code>), this method simply returns
* <code>this.getClass().equals(obj.getClass())</code>.</p>
*
* <p>A subclass should override this method (as well
* as {@link #hashCode()}) if its instances are not all
* functionally equivalent.</p>
*/
public boolean equals(Object obj) {
if (obj == null) return false;
if (obj == this) return true;
return this.getClass().equals(obj.getClass());
}
Returns a hash code value for this
SslRMIClientSocketFactory
.
Returns: a hash code value for this
SslRMIClientSocketFactory
.
/**
* <p>Returns a hash code value for this
* <code>SslRMIClientSocketFactory</code>.</p>
*
* @return a hash code value for this
* <code>SslRMIClientSocketFactory</code>.
*/
public int hashCode() {
return this.getClass().hashCode();
}
// We use a static field because:
//
// SSLSocketFactory.getDefault() always returns the same object
// (at least on Sun's implementation), and we want to make sure
// that the Javadoc & the implementation stay in sync.
//
// If someone needs to have different SslRMIClientSocketFactory factories
// with different underlying SSLSocketFactory objects using different key
// and trust stores, he can always do so by subclassing this class and
// overriding createSocket(String host, int port).
//
private static SocketFactory defaultSocketFactory = null;
private static synchronized SocketFactory getDefaultClientSocketFactory() {
if (defaultSocketFactory == null)
defaultSocketFactory = SSLSocketFactory.getDefault();
return defaultSocketFactory;
}
private static final long serialVersionUID = -8310631444933958385L;
}