/*
* Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package javax.rmi.ssl;
import java.io.IOException;
import java.net.ServerSocket;
import java.net.Socket;
import java.rmi.server.RMIServerSocketFactory;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
An SslRMIServerSocketFactory
instance is used by the RMI
runtime in order to obtain server sockets for RMI calls via SSL.
This class implements RMIServerSocketFactory
over
the Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
protocols.
This class creates SSL sockets using the default
SSLSocketFactory
(see SSLSocketFactory.getDefault
) or the default SSLServerSocketFactory
(see SSLServerSocketFactory.getDefault
) unless the constructor taking an SSLContext
is
used in which case the SSL sockets are created using
the SSLSocketFactory
returned by SSLContext.getSocketFactory
or the SSLServerSocketFactory
returned by SSLContext.getServerSocketFactory
. When an SSLContext
is not supplied all the instances of this
class share the same keystore, and the same truststore (when client
authentication is required by the server). This behavior can be modified
by supplying an already initialized SSLContext
instance.
See Also: Since: 1.5
/**
* <p>An <code>SslRMIServerSocketFactory</code> instance is used by the RMI
* runtime in order to obtain server sockets for RMI calls via SSL.</p>
*
* <p>This class implements <code>RMIServerSocketFactory</code> over
* the Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
* protocols.</p>
*
* <p>This class creates SSL sockets using the default
* <code>SSLSocketFactory</code> (see {@link
* SSLSocketFactory#getDefault}) or the default
* <code>SSLServerSocketFactory</code> (see {@link
* SSLServerSocketFactory#getDefault}) unless the
* constructor taking an <code>SSLContext</code> is
* used in which case the SSL sockets are created using
* the <code>SSLSocketFactory</code> returned by
* {@link SSLContext#getSocketFactory} or the
* <code>SSLServerSocketFactory</code> returned by
* {@link SSLContext#getServerSocketFactory}.
*
* When an <code>SSLContext</code> is not supplied all the instances of this
* class share the same keystore, and the same truststore (when client
* authentication is required by the server). This behavior can be modified
* by supplying an already initialized <code>SSLContext</code> instance.
*
* @see javax.net.ssl.SSLSocketFactory
* @see javax.net.ssl.SSLServerSocketFactory
* @see javax.rmi.ssl.SslRMIClientSocketFactory
* @since 1.5
*/
public class SslRMIServerSocketFactory implements RMIServerSocketFactory {
Creates a new SslRMIServerSocketFactory
with
the default SSL socket configuration.
SSL connections accepted by server sockets created by this
factory have the default cipher suites and protocol versions
enabled and do not require client authentication.
/**
* <p>Creates a new <code>SslRMIServerSocketFactory</code> with
* the default SSL socket configuration.</p>
*
* <p>SSL connections accepted by server sockets created by this
* factory have the default cipher suites and protocol versions
* enabled and do not require client authentication.</p>
*/
public SslRMIServerSocketFactory() {
this(null, null, false);
}
Creates a new SslRMIServerSocketFactory
with
the specified SSL socket configuration.
Params: - enabledCipherSuites – names of all the cipher suites to
enable on SSL connections accepted by server sockets created by
this factory, or
null
to use the cipher suites
that are enabled by default - enabledProtocols – names of all the protocol versions to
enable on SSL connections accepted by server sockets created by
this factory, or
null
to use the protocol versions
that are enabled by default - needClientAuth –
true
to require client
authentication on SSL connections accepted by server sockets
created by this factory; false
to not require
client authentication
Throws: - IllegalArgumentException – when one or more of the cipher
suites named by the
enabledCipherSuites
parameter is
not supported, when one or more of the protocols named by the
enabledProtocols
parameter is not supported or when
a problem is encountered while trying to check if the supplied
cipher suites and protocols to be enabled are supported.
See Also:
/**
* <p>Creates a new <code>SslRMIServerSocketFactory</code> with
* the specified SSL socket configuration.</p>
*
* @param enabledCipherSuites names of all the cipher suites to
* enable on SSL connections accepted by server sockets created by
* this factory, or <code>null</code> to use the cipher suites
* that are enabled by default
*
* @param enabledProtocols names of all the protocol versions to
* enable on SSL connections accepted by server sockets created by
* this factory, or <code>null</code> to use the protocol versions
* that are enabled by default
*
* @param needClientAuth <code>true</code> to require client
* authentication on SSL connections accepted by server sockets
* created by this factory; <code>false</code> to not require
* client authentication
*
* @exception IllegalArgumentException when one or more of the cipher
* suites named by the <code>enabledCipherSuites</code> parameter is
* not supported, when one or more of the protocols named by the
* <code>enabledProtocols</code> parameter is not supported or when
* a problem is encountered while trying to check if the supplied
* cipher suites and protocols to be enabled are supported.
*
* @see SSLSocket#setEnabledCipherSuites
* @see SSLSocket#setEnabledProtocols
* @see SSLSocket#setNeedClientAuth
*/
public SslRMIServerSocketFactory(
String[] enabledCipherSuites,
String[] enabledProtocols,
boolean needClientAuth)
throws IllegalArgumentException {
this(null, enabledCipherSuites, enabledProtocols, needClientAuth);
}
Creates a new SslRMIServerSocketFactory
with the
specified SSLContext
and SSL socket configuration.
Params: - context – the SSL context to be used for creating SSL sockets.
If
context
is null the default SSLSocketFactory
or the default SSLServerSocketFactory
will be used to
create SSL sockets. Otherwise, the socket factory returned by
SSLContext.getSocketFactory()
or
SSLContext.getServerSocketFactory()
will be used instead. - enabledCipherSuites – names of all the cipher suites to
enable on SSL connections accepted by server sockets created by
this factory, or
null
to use the cipher suites
that are enabled by default - enabledProtocols – names of all the protocol versions to
enable on SSL connections accepted by server sockets created by
this factory, or
null
to use the protocol versions
that are enabled by default - needClientAuth –
true
to require client
authentication on SSL connections accepted by server sockets
created by this factory; false
to not require
client authentication
Throws: - IllegalArgumentException – when one or more of the cipher
suites named by the
enabledCipherSuites
parameter is
not supported, when one or more of the protocols named by the
enabledProtocols
parameter is not supported or when
a problem is encountered while trying to check if the supplied
cipher suites and protocols to be enabled are supported.
See Also: Since: 1.7
/**
* <p>Creates a new <code>SslRMIServerSocketFactory</code> with the
* specified <code>SSLContext</code> and SSL socket configuration.</p>
*
* @param context the SSL context to be used for creating SSL sockets.
* If <code>context</code> is null the default <code>SSLSocketFactory</code>
* or the default <code>SSLServerSocketFactory</code> will be used to
* create SSL sockets. Otherwise, the socket factory returned by
* <code>SSLContext.getSocketFactory()</code> or
* <code>SSLContext.getServerSocketFactory()</code> will be used instead.
*
* @param enabledCipherSuites names of all the cipher suites to
* enable on SSL connections accepted by server sockets created by
* this factory, or <code>null</code> to use the cipher suites
* that are enabled by default
*
* @param enabledProtocols names of all the protocol versions to
* enable on SSL connections accepted by server sockets created by
* this factory, or <code>null</code> to use the protocol versions
* that are enabled by default
*
* @param needClientAuth <code>true</code> to require client
* authentication on SSL connections accepted by server sockets
* created by this factory; <code>false</code> to not require
* client authentication
*
* @exception IllegalArgumentException when one or more of the cipher
* suites named by the <code>enabledCipherSuites</code> parameter is
* not supported, when one or more of the protocols named by the
* <code>enabledProtocols</code> parameter is not supported or when
* a problem is encountered while trying to check if the supplied
* cipher suites and protocols to be enabled are supported.
*
* @see SSLSocket#setEnabledCipherSuites
* @see SSLSocket#setEnabledProtocols
* @see SSLSocket#setNeedClientAuth
* @since 1.7
*/
public SslRMIServerSocketFactory(
SSLContext context,
String[] enabledCipherSuites,
String[] enabledProtocols,
boolean needClientAuth)
throws IllegalArgumentException {
// Initialize the configuration parameters.
//
this.enabledCipherSuites = enabledCipherSuites == null ?
null : enabledCipherSuites.clone();
this.enabledProtocols = enabledProtocols == null ?
null : enabledProtocols.clone();
this.needClientAuth = needClientAuth;
// Force the initialization of the default at construction time,
// rather than delaying it to the first time createServerSocket()
// is called.
//
this.context = context;
final SSLSocketFactory sslSocketFactory =
context == null ?
getDefaultSSLSocketFactory() : context.getSocketFactory();
SSLSocket sslSocket = null;
if (this.enabledCipherSuites != null || this.enabledProtocols != null) {
try {
sslSocket = (SSLSocket) sslSocketFactory.createSocket();
} catch (Exception e) {
final String msg = "Unable to check if the cipher suites " +
"and protocols to enable are supported";
throw (IllegalArgumentException)
new IllegalArgumentException(msg).initCause(e);
}
}
// Check if all the cipher suites and protocol versions to enable
// are supported by the underlying SSL/TLS implementation and if
// true create lists from arrays.
//
if (this.enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(this.enabledCipherSuites);
enabledCipherSuitesList = Arrays.asList(this.enabledCipherSuites);
}
if (this.enabledProtocols != null) {
sslSocket.setEnabledProtocols(this.enabledProtocols);
enabledProtocolsList = Arrays.asList(this.enabledProtocols);
}
}
Returns the names of the cipher suites enabled on SSL
connections accepted by server sockets created by this factory,
or null
if this factory uses the cipher suites
that are enabled by default.
See Also: Returns: an array of cipher suites enabled, or null
/**
* <p>Returns the names of the cipher suites enabled on SSL
* connections accepted by server sockets created by this factory,
* or <code>null</code> if this factory uses the cipher suites
* that are enabled by default.</p>
*
* @return an array of cipher suites enabled, or <code>null</code>
*
* @see SSLSocket#setEnabledCipherSuites
*/
public final String[] getEnabledCipherSuites() {
return enabledCipherSuites == null ?
null : enabledCipherSuites.clone();
}
Returns the names of the protocol versions enabled on SSL
connections accepted by server sockets created by this factory,
or null
if this factory uses the protocol versions
that are enabled by default.
See Also: Returns: an array of protocol versions enabled, or
null
/**
* <p>Returns the names of the protocol versions enabled on SSL
* connections accepted by server sockets created by this factory,
* or <code>null</code> if this factory uses the protocol versions
* that are enabled by default.</p>
*
* @return an array of protocol versions enabled, or
* <code>null</code>
*
* @see SSLSocket#setEnabledProtocols
*/
public final String[] getEnabledProtocols() {
return enabledProtocols == null ?
null : enabledProtocols.clone();
}
Returns true
if client authentication is
required on SSL connections accepted by server sockets created
by this factory.
See Also: Returns: true
if client authentication is required
/**
* <p>Returns <code>true</code> if client authentication is
* required on SSL connections accepted by server sockets created
* by this factory.</p>
*
* @return <code>true</code> if client authentication is required
*
* @see SSLSocket#setNeedClientAuth
*/
public final boolean getNeedClientAuth() {
return needClientAuth;
}
Creates a server socket that accepts SSL connections
configured according to this factory's SSL socket configuration
parameters.
/**
* <p>Creates a server socket that accepts SSL connections
* configured according to this factory's SSL socket configuration
* parameters.</p>
*/
public ServerSocket createServerSocket(int port) throws IOException {
final SSLSocketFactory sslSocketFactory =
context == null ?
getDefaultSSLSocketFactory() : context.getSocketFactory();
return new ServerSocket(port) {
public Socket accept() throws IOException {
Socket socket = super.accept();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
socket, socket.getInetAddress().getHostName(),
socket.getPort(), true);
sslSocket.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols != null) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
sslSocket.setNeedClientAuth(needClientAuth);
return sslSocket;
}
};
}
Indicates whether some other object is "equal to" this one.
Two SslRMIServerSocketFactory
objects are equal
if they have been constructed with the same SSL context and
SSL socket configuration parameters.
A subclass should override this method (as well as hashCode()
) if it adds instance state that affects equality.
/**
* <p>Indicates whether some other object is "equal to" this one.</p>
*
* <p>Two <code>SslRMIServerSocketFactory</code> objects are equal
* if they have been constructed with the same SSL context and
* SSL socket configuration parameters.</p>
*
* <p>A subclass should override this method (as well as
* {@link #hashCode()}) if it adds instance state that affects
* equality.</p>
*/
public boolean equals(Object obj) {
if (obj == null) return false;
if (obj == this) return true;
if (!(obj instanceof SslRMIServerSocketFactory))
return false;
SslRMIServerSocketFactory that = (SslRMIServerSocketFactory) obj;
return (getClass().equals(that.getClass()) && checkParameters(that));
}
private boolean checkParameters(SslRMIServerSocketFactory that) {
// SSL context
//
if (context == null ? that.context != null : !context.equals(that.context))
return false;
// needClientAuth flag
//
if (needClientAuth != that.needClientAuth)
return false;
// enabledCipherSuites
//
if ((enabledCipherSuites == null && that.enabledCipherSuites != null) ||
(enabledCipherSuites != null && that.enabledCipherSuites == null))
return false;
if (enabledCipherSuites != null && that.enabledCipherSuites != null) {
List<String> thatEnabledCipherSuitesList =
Arrays.asList(that.enabledCipherSuites);
if (!enabledCipherSuitesList.equals(thatEnabledCipherSuitesList))
return false;
}
// enabledProtocols
//
if ((enabledProtocols == null && that.enabledProtocols != null) ||
(enabledProtocols != null && that.enabledProtocols == null))
return false;
if (enabledProtocols != null && that.enabledProtocols != null) {
List<String> thatEnabledProtocolsList =
Arrays.asList(that.enabledProtocols);
if (!enabledProtocolsList.equals(thatEnabledProtocolsList))
return false;
}
return true;
}
Returns a hash code value for this
SslRMIServerSocketFactory
.
Returns: a hash code value for this
SslRMIServerSocketFactory
.
/**
* <p>Returns a hash code value for this
* <code>SslRMIServerSocketFactory</code>.</p>
*
* @return a hash code value for this
* <code>SslRMIServerSocketFactory</code>.
*/
public int hashCode() {
return getClass().hashCode() +
(context == null ? 0 : context.hashCode()) +
(needClientAuth ? Boolean.TRUE.hashCode() : Boolean.FALSE.hashCode()) +
(enabledCipherSuites == null ? 0 : enabledCipherSuitesList.hashCode()) +
(enabledProtocols == null ? 0 : enabledProtocolsList.hashCode());
}
// We use a static field because:
//
// SSLSocketFactory.getDefault() always returns the same object
// (at least on Sun's implementation), and we want to make sure
// that the Javadoc & the implementation stay in sync.
//
// If someone needs to have different SslRMIServerSocketFactory
// factories with different underlying SSLSocketFactory objects
// using different keystores and truststores, he/she can always
// use the constructor that takes an SSLContext as input.
//
private static SSLSocketFactory defaultSSLSocketFactory = null;
private static synchronized SSLSocketFactory getDefaultSSLSocketFactory() {
if (defaultSSLSocketFactory == null)
defaultSSLSocketFactory =
(SSLSocketFactory) SSLSocketFactory.getDefault();
return defaultSSLSocketFactory;
}
private final String[] enabledCipherSuites;
private final String[] enabledProtocols;
private final boolean needClientAuth;
private List<String> enabledCipherSuitesList;
private List<String> enabledProtocolsList;
private SSLContext context;
}