/*
* Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package javax.rmi.ssl;
import java.io.IOException;
import java.net.ServerSocket;
import java.net.Socket;
import java.rmi.server.RMIServerSocketFactory;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
An SslRMIServerSocketFactory
instance is used by the RMI
runtime in order to obtain server sockets for RMI calls via SSL.
This class implements RMIServerSocketFactory
over
the Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
protocols.
This class creates SSL sockets using the default
SSLSocketFactory
(see SSLSocketFactory.getDefault
) or the default SSLServerSocketFactory
(see SSLServerSocketFactory.getDefault
). Therefore, all instances of this class share the same keystore, and the same truststore, when client authentication is required by the server. This behavior can be modified in subclasses by overriding the createServerSocket(int)
method; in that case, equals
and hashCode
may also need to be overridden.
See Also: Since: 1.5
/**
* <p>An <code>SslRMIServerSocketFactory</code> instance is used by the RMI
* runtime in order to obtain server sockets for RMI calls via SSL.</p>
*
* <p>This class implements <code>RMIServerSocketFactory</code> over
* the Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
* protocols.</p>
*
* <p>This class creates SSL sockets using the default
* <code>SSLSocketFactory</code> (see {@link
* SSLSocketFactory#getDefault}) or the default
* <code>SSLServerSocketFactory</code> (see {@link
* SSLServerSocketFactory#getDefault}). Therefore, all instances of
* this class share the same keystore, and the same truststore, when
* client authentication is required by the server. This behavior
* can be modified in subclasses by overriding the {@link
* #createServerSocket(int)} method; in that case, {@link
* #equals(Object) equals} and {@link #hashCode() hashCode} may also
* need to be overridden.</p>
*
* @see javax.net.ssl.SSLSocketFactory
* @see javax.net.ssl.SSLServerSocketFactory
* @see javax.rmi.ssl.SslRMIClientSocketFactory
* @since 1.5
*/
public class SslRMIServerSocketFactory implements RMIServerSocketFactory {
Creates a new SslRMIServerSocketFactory
with
the default SSL socket configuration.
SSL connections accepted by server sockets created by this
factory have the default cipher suites and protocol versions
enabled and do not require client authentication.
/**
* <p>Creates a new <code>SslRMIServerSocketFactory</code> with
* the default SSL socket configuration.</p>
*
* <p>SSL connections accepted by server sockets created by this
* factory have the default cipher suites and protocol versions
* enabled and do not require client authentication.</p>
*/
public SslRMIServerSocketFactory() {
this(null, null, false);
}
Creates a new SslRMIServerSocketFactory
with
the specified SSL socket configuration.
Params: - enabledCipherSuites – names of all the cipher suites to
enable on SSL connections accepted by server sockets created by
this factory, or
null
to use the cipher suites
that are enabled by default - enabledProtocols – names of all the protocol versions to
enable on SSL connections accepted by server sockets created by
this factory, or
null
to use the protocol versions
that are enabled by default - needClientAuth –
true
to require client
authentication on SSL connections accepted by server sockets
created by this factory; false
to not require
client authentication
Throws: - IllegalArgumentException – when one or more of the cipher
suites named by the
enabledCipherSuites
parameter is
not supported, when one or more of the protocols named by the
enabledProtocols
parameter is not supported or when
a problem is encountered while trying to check if the supplied
cipher suites and protocols to be enabled are supported.
See Also:
/**
* <p>Creates a new <code>SslRMIServerSocketFactory</code> with
* the specified SSL socket configuration.</p>
*
* @param enabledCipherSuites names of all the cipher suites to
* enable on SSL connections accepted by server sockets created by
* this factory, or <code>null</code> to use the cipher suites
* that are enabled by default
*
* @param enabledProtocols names of all the protocol versions to
* enable on SSL connections accepted by server sockets created by
* this factory, or <code>null</code> to use the protocol versions
* that are enabled by default
*
* @param needClientAuth <code>true</code> to require client
* authentication on SSL connections accepted by server sockets
* created by this factory; <code>false</code> to not require
* client authentication
*
* @exception IllegalArgumentException when one or more of the cipher
* suites named by the <code>enabledCipherSuites</code> parameter is
* not supported, when one or more of the protocols named by the
* <code>enabledProtocols</code> parameter is not supported or when
* a problem is encountered while trying to check if the supplied
* cipher suites and protocols to be enabled are supported.
*
* @see SSLSocket#setEnabledCipherSuites
* @see SSLSocket#setEnabledProtocols
* @see SSLSocket#setNeedClientAuth
*/
public SslRMIServerSocketFactory(String[] enabledCipherSuites,
String[] enabledProtocols,
boolean needClientAuth)
throws IllegalArgumentException {
// Initialize the configuration parameters.
//
this.enabledCipherSuites = enabledCipherSuites == null ?
null : enabledCipherSuites.clone();
this.enabledProtocols = enabledProtocols == null ?
null : enabledProtocols.clone();
this.needClientAuth = needClientAuth;
// Force the initialization of the default at construction time,
// rather than delaying it to the first time createServerSocket()
// is called.
//
final SSLSocketFactory sslSocketFactory = getDefaultSSLSocketFactory();
SSLSocket sslSocket = null;
if (this.enabledCipherSuites != null || this.enabledProtocols != null) {
try {
sslSocket = (SSLSocket) sslSocketFactory.createSocket();
} catch (Exception e) {
final String msg = "Unable to check if the cipher suites " +
"and protocols to enable are supported";
throw (IllegalArgumentException)
new IllegalArgumentException(msg).initCause(e);
}
}
// Check if all the cipher suites and protocol versions to enable
// are supported by the underlying SSL/TLS implementation and if
// true create lists from arrays.
//
if (this.enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(this.enabledCipherSuites);
enabledCipherSuitesList = Arrays.asList(this.enabledCipherSuites);
}
if (this.enabledProtocols != null) {
sslSocket.setEnabledProtocols(this.enabledProtocols);
enabledProtocolsList = Arrays.asList(this.enabledProtocols);
}
}
Returns the names of the cipher suites enabled on SSL
connections accepted by server sockets created by this factory,
or null
if this factory uses the cipher suites
that are enabled by default.
See Also: Returns: an array of cipher suites enabled, or null
/**
* <p>Returns the names of the cipher suites enabled on SSL
* connections accepted by server sockets created by this factory,
* or <code>null</code> if this factory uses the cipher suites
* that are enabled by default.</p>
*
* @return an array of cipher suites enabled, or <code>null</code>
*
* @see SSLSocket#setEnabledCipherSuites
*/
public final String[] getEnabledCipherSuites() {
return enabledCipherSuites == null ?
null : enabledCipherSuites.clone();
}
Returns the names of the protocol versions enabled on SSL
connections accepted by server sockets created by this factory,
or null
if this factory uses the protocol versions
that are enabled by default.
See Also: Returns: an array of protocol versions enabled, or
null
/**
* <p>Returns the names of the protocol versions enabled on SSL
* connections accepted by server sockets created by this factory,
* or <code>null</code> if this factory uses the protocol versions
* that are enabled by default.</p>
*
* @return an array of protocol versions enabled, or
* <code>null</code>
*
* @see SSLSocket#setEnabledProtocols
*/
public final String[] getEnabledProtocols() {
return enabledProtocols == null ?
null : enabledProtocols.clone();
}
Returns true
if client authentication is
required on SSL connections accepted by server sockets created
by this factory.
See Also: Returns: true
if client authentication is required
/**
* <p>Returns <code>true</code> if client authentication is
* required on SSL connections accepted by server sockets created
* by this factory.</p>
*
* @return <code>true</code> if client authentication is required
*
* @see SSLSocket#setNeedClientAuth
*/
public final boolean getNeedClientAuth() {
return needClientAuth;
}
Creates a server socket that accepts SSL connections
configured according to this factory's SSL socket configuration
parameters.
/**
* <p>Creates a server socket that accepts SSL connections
* configured according to this factory's SSL socket configuration
* parameters.</p>
*/
public ServerSocket createServerSocket(int port) throws IOException {
final SSLSocketFactory sslSocketFactory = getDefaultSSLSocketFactory();
return new ServerSocket(port) {
public Socket accept() throws IOException {
Socket socket = super.accept();
SSLSocket sslSocket = (SSLSocket)
sslSocketFactory.createSocket(
socket, socket.getInetAddress().getHostName(),
socket.getPort(), true);
sslSocket.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols != null) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
sslSocket.setNeedClientAuth(needClientAuth);
return sslSocket;
}
};
// If we do not instantiate the server socket class, but
// instead must layer on top of an arbitrary server socket,
// then this implementation would become uglier, like this
// (given "serverSocket" to layer on top of):
//
// return new ForwardingServerSocket(serverSocket) {
// public Socket accept() throws IOException {
// Socket socket = serverSocket.accept();
// SSLSocket sslSocket =
// (SSLSocket) sslSocketFactory.createSocket(
// socket,
// socket.getInetAddress().getHostName(),
// socket.getPort(),
// true);
// sslSocket.setUseClientMode(false);
// if (enabledProtocols != null) {
// sslSocket.setEnabledProtocols(enabledProtocols);
// }
// if (enabledCipherSuites != null) {
// sslSocket.setEnabledCipherSuites(enabledCipherSuites);
// }
// sslSocket.setNeedClientAuth(needClientAuth);
// return sslSocket;
// }
// public ServerSocketChannel getChannel() {
// return null;
// }
// public String toString() {
// return serverSocket.toString();
// }
// };
}
Indicates whether some other object is "equal to" this one.
Two SslRMIServerSocketFactory
objects are equal
if they have been constructed with the same SSL socket
configuration parameters.
A subclass should override this method (as well as hashCode()
) if it adds instance state that affects equality.
/**
* <p>Indicates whether some other object is "equal to" this one.</p>
*
* <p>Two <code>SslRMIServerSocketFactory</code> objects are equal
* if they have been constructed with the same SSL socket
* configuration parameters.</p>
*
* <p>A subclass should override this method (as well as
* {@link #hashCode()}) if it adds instance state that affects
* equality.</p>
*/
public boolean equals(Object obj) {
if (obj == null) return false;
if (obj == this) return true;
if (!(obj instanceof SslRMIServerSocketFactory))
return false;
SslRMIServerSocketFactory that = (SslRMIServerSocketFactory) obj;
return (getClass().equals(that.getClass()) && checkParameters(that));
}
private boolean checkParameters(SslRMIServerSocketFactory that) {
// needClientAuth flag
//
if (needClientAuth != that.needClientAuth)
return false;
// enabledCipherSuites
//
if ((enabledCipherSuites == null && that.enabledCipherSuites != null) ||
(enabledCipherSuites != null && that.enabledCipherSuites == null))
return false;
if (enabledCipherSuites != null && that.enabledCipherSuites != null) {
List<String> thatEnabledCipherSuitesList =
Arrays.asList(that.enabledCipherSuites);
if (!enabledCipherSuitesList.equals(thatEnabledCipherSuitesList))
return false;
}
// enabledProtocols
//
if ((enabledProtocols == null && that.enabledProtocols != null) ||
(enabledProtocols != null && that.enabledProtocols == null))
return false;
if (enabledProtocols != null && that.enabledProtocols != null) {
List<String> thatEnabledProtocolsList =
Arrays.asList(that.enabledProtocols);
if (!enabledProtocolsList.equals(thatEnabledProtocolsList))
return false;
}
return true;
}
Returns a hash code value for this
SslRMIServerSocketFactory
.
Returns: a hash code value for this
SslRMIServerSocketFactory
.
/**
* <p>Returns a hash code value for this
* <code>SslRMIServerSocketFactory</code>.</p>
*
* @return a hash code value for this
* <code>SslRMIServerSocketFactory</code>.
*/
public int hashCode() {
return getClass().hashCode() +
(needClientAuth ? Boolean.TRUE.hashCode() : Boolean.FALSE.hashCode()) +
(enabledCipherSuites == null ? 0 : enabledCipherSuitesList.hashCode()) +
(enabledProtocols == null ? 0 : enabledProtocolsList.hashCode());
}
// We use a static field because:
//
// SSLSocketFactory.getDefault() always returns the same object
// (at least on Sun's implementation), and we want to make sure that
// the Javadoc & the implementation stay in sync.
//
// If someone needs to have different SslRMIServerSocketFactory factories
// with different underlying SSLSocketFactory objects using different
// key and trust stores, he can always do so by subclassing this class and
// overriding createServerSocket(int port).
//
private static SSLSocketFactory defaultSSLSocketFactory = null;
private static synchronized SSLSocketFactory getDefaultSSLSocketFactory() {
if (defaultSSLSocketFactory == null)
defaultSSLSocketFactory =
(SSLSocketFactory) SSLSocketFactory.getDefault();
return defaultSSLSocketFactory;
}
private final String[] enabledCipherSuites;
private final String[] enabledProtocols;
private final boolean needClientAuth;
private List<String> enabledCipherSuitesList;
private List<String> enabledProtocolsList;
// private static class ForwardingServerSocket extends ServerSocket {
// private final ServerSocket ss;
// ForwardingServerSocket(ServerSocket ss) throws IOException {
// super();
// this.ss = ss;
// }
// public void bind(SocketAddress endpoint) throws IOException {
// ss.bind(endpoint);
// }
// public void bind(SocketAddress endpoint, int backlog)
// throws IOException
// {
// ss.bind(endpoint, backlog);
// }
// public InetAddress getInetAddress() {
// return ss.getInetAddress();
// }
// public int getLocalPort() {
// return ss.getLocalPort();
// }
// public SocketAddress getLocalSocketAddress() {
// return ss.getLocalSocketAddress();
// }
// public Socket accept() throws IOException {
// return ss.accept();
// }
// public void close() throws IOException {
// ss.close();
// }
// public ServerSocketChannel getChannel() {
// return ss.getChannel();
// }
// public boolean isBound() {
// return ss.isBound();
// }
// public boolean isClosed() {
// return ss.isClosed();
// }
// public void setSoTimeout(int timeout) throws SocketException {
// ss.setSoTimeout(timeout);
// }
// public int getSoTimeout() throws IOException {
// return ss.getSoTimeout();
// }
// public void setReuseAddress(boolean on) throws SocketException {
// ss.setReuseAddress(on);
// }
// public boolean getReuseAddress() throws SocketException {
// return ss.getReuseAddress();
// }
// public String toString() {
// return ss.toString();
// }
// public void setReceiveBufferSize(int size) throws SocketException {
// ss.setReceiveBufferSize(size);
// }
// public int getReceiveBufferSize() throws SocketException {
// return ss.getReceiveBufferSize();
// }
// }
}