You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
213 lines
7.8 KiB
213 lines
7.8 KiB
/*
|
|
* Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
|
|
* ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*/
|
|
|
|
package javax.rmi.ssl;
|
|
|
|
import java.io.IOException;
|
|
import java.io.Serializable;
|
|
import java.net.Socket;
|
|
import java.rmi.server.RMIClientSocketFactory;
|
|
import java.util.StringTokenizer;
|
|
import javax.net.SocketFactory;
|
|
import javax.net.ssl.SSLSocket;
|
|
import javax.net.ssl.SSLSocketFactory;
|
|
|
|
/**
|
|
* <p>An <code>SslRMIClientSocketFactory</code> instance is used by the RMI
|
|
* runtime in order to obtain client sockets for RMI calls via SSL.</p>
|
|
*
|
|
* <p>This class implements <code>RMIClientSocketFactory</code> over
|
|
* the Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
|
|
* protocols.</p>
|
|
*
|
|
* <p>This class creates SSL sockets using the default
|
|
* <code>SSLSocketFactory</code> (see {@link
|
|
* SSLSocketFactory#getDefault}). All instances of this class are
|
|
* functionally equivalent. In particular, they all share the same
|
|
* truststore, and the same keystore when client authentication is
|
|
* required by the server. This behavior can be modified in
|
|
* subclasses by overriding the {@link #createSocket(String,int)}
|
|
* method; in that case, {@link #equals(Object) equals} and {@link
|
|
* #hashCode() hashCode} may also need to be overridden.</p>
|
|
*
|
|
* <p>If the system property
|
|
* <code>javax.rmi.ssl.client.enabledCipherSuites</code> is specified,
|
|
* the {@link #createSocket(String,int)} method will call {@link
|
|
* SSLSocket#setEnabledCipherSuites(String[])} before returning the
|
|
* socket. The value of this system property is a string that is a
|
|
* comma-separated list of SSL/TLS cipher suites to enable.</p>
|
|
*
|
|
* <p>If the system property
|
|
* <code>javax.rmi.ssl.client.enabledProtocols</code> is specified,
|
|
* the {@link #createSocket(String,int)} method will call {@link
|
|
* SSLSocket#setEnabledProtocols(String[])} before returning the
|
|
* socket. The value of this system property is a string that is a
|
|
* comma-separated list of SSL/TLS protocol versions to enable.</p>
|
|
*
|
|
* @see javax.net.ssl.SSLSocketFactory
|
|
* @see javax.rmi.ssl.SslRMIServerSocketFactory
|
|
* @since 1.5
|
|
*/
|
|
public class SslRMIClientSocketFactory
|
|
implements RMIClientSocketFactory, Serializable {
|
|
|
|
/**
|
|
* <p>Creates a new <code>SslRMIClientSocketFactory</code>.</p>
|
|
*/
|
|
public SslRMIClientSocketFactory() {
|
|
// We don't force the initialization of the default SSLSocketFactory
|
|
// at construction time - because the RMI client socket factory is
|
|
// created on the server side, where that initialization is a priori
|
|
// meaningless, unless both server and client run in the same JVM.
|
|
// We could possibly override readObject() to force this initialization,
|
|
// but it might not be a good idea to actually mix this with possible
|
|
// deserialization problems.
|
|
// So contrarily to what we do for the server side, the initialization
|
|
// of the SSLSocketFactory will be delayed until the first time
|
|
// createSocket() is called - note that the default SSLSocketFactory
|
|
// might already have been initialized anyway if someone in the JVM
|
|
// already called SSLSocketFactory.getDefault().
|
|
//
|
|
}
|
|
|
|
/**
|
|
* <p>Creates an SSL socket.</p>
|
|
*
|
|
* <p>If the system property
|
|
* <code>javax.rmi.ssl.client.enabledCipherSuites</code> is
|
|
* specified, this method will call {@link
|
|
* SSLSocket#setEnabledCipherSuites(String[])} before returning
|
|
* the socket. The value of this system property is a string that
|
|
* is a comma-separated list of SSL/TLS cipher suites to
|
|
* enable.</p>
|
|
*
|
|
* <p>If the system property
|
|
* <code>javax.rmi.ssl.client.enabledProtocols</code> is
|
|
* specified, this method will call {@link
|
|
* SSLSocket#setEnabledProtocols(String[])} before returning the
|
|
* socket. The value of this system property is a string that is a
|
|
* comma-separated list of SSL/TLS protocol versions to
|
|
* enable.</p>
|
|
*/
|
|
public Socket createSocket(String host, int port) throws IOException {
|
|
// Retrieve the SSLSocketFactory
|
|
//
|
|
final SocketFactory sslSocketFactory = getDefaultClientSocketFactory();
|
|
// Create the SSLSocket
|
|
//
|
|
final SSLSocket sslSocket = (SSLSocket)
|
|
sslSocketFactory.createSocket(host, port);
|
|
// Set the SSLSocket Enabled Cipher Suites
|
|
//
|
|
final String enabledCipherSuites =
|
|
System.getProperty("javax.rmi.ssl.client.enabledCipherSuites");
|
|
if (enabledCipherSuites != null) {
|
|
StringTokenizer st = new StringTokenizer(enabledCipherSuites, ",");
|
|
int tokens = st.countTokens();
|
|
String enabledCipherSuitesList[] = new String[tokens];
|
|
for (int i = 0 ; i < tokens; i++) {
|
|
enabledCipherSuitesList[i] = st.nextToken();
|
|
}
|
|
try {
|
|
sslSocket.setEnabledCipherSuites(enabledCipherSuitesList);
|
|
} catch (IllegalArgumentException e) {
|
|
throw (IOException)
|
|
new IOException(e.getMessage()).initCause(e);
|
|
}
|
|
}
|
|
// Set the SSLSocket Enabled Protocols
|
|
//
|
|
final String enabledProtocols =
|
|
System.getProperty("javax.rmi.ssl.client.enabledProtocols");
|
|
if (enabledProtocols != null) {
|
|
StringTokenizer st = new StringTokenizer(enabledProtocols, ",");
|
|
int tokens = st.countTokens();
|
|
String enabledProtocolsList[] = new String[tokens];
|
|
for (int i = 0 ; i < tokens; i++) {
|
|
enabledProtocolsList[i] = st.nextToken();
|
|
}
|
|
try {
|
|
sslSocket.setEnabledProtocols(enabledProtocolsList);
|
|
} catch (IllegalArgumentException e) {
|
|
throw (IOException)
|
|
new IOException(e.getMessage()).initCause(e);
|
|
}
|
|
}
|
|
// Return the preconfigured SSLSocket
|
|
//
|
|
return sslSocket;
|
|
}
|
|
|
|
/**
|
|
* <p>Indicates whether some other object is "equal to" this one.</p>
|
|
*
|
|
* <p>Because all instances of this class are functionally equivalent
|
|
* (they all use the default
|
|
* <code>SSLSocketFactory</code>), this method simply returns
|
|
* <code>this.getClass().equals(obj.getClass())</code>.</p>
|
|
*
|
|
* <p>A subclass should override this method (as well
|
|
* as {@link #hashCode()}) if its instances are not all
|
|
* functionally equivalent.</p>
|
|
*/
|
|
public boolean equals(Object obj) {
|
|
if (obj == null) return false;
|
|
if (obj == this) return true;
|
|
return this.getClass().equals(obj.getClass());
|
|
}
|
|
|
|
/**
|
|
* <p>Returns a hash code value for this
|
|
* <code>SslRMIClientSocketFactory</code>.</p>
|
|
*
|
|
* @return a hash code value for this
|
|
* <code>SslRMIClientSocketFactory</code>.
|
|
*/
|
|
public int hashCode() {
|
|
return this.getClass().hashCode();
|
|
}
|
|
|
|
// We use a static field because:
|
|
//
|
|
// SSLSocketFactory.getDefault() always returns the same object
|
|
// (at least on Sun's implementation), and we want to make sure
|
|
// that the Javadoc & the implementation stay in sync.
|
|
//
|
|
// If someone needs to have different SslRMIClientSocketFactory factories
|
|
// with different underlying SSLSocketFactory objects using different key
|
|
// and trust stores, he can always do so by subclassing this class and
|
|
// overriding createSocket(String host, int port).
|
|
//
|
|
private static SocketFactory defaultSocketFactory = null;
|
|
|
|
private static synchronized SocketFactory getDefaultClientSocketFactory() {
|
|
if (defaultSocketFactory == null)
|
|
defaultSocketFactory = SSLSocketFactory.getDefault();
|
|
return defaultSocketFactory;
|
|
}
|
|
|
|
private static final long serialVersionUID = -8310631444933958385L;
|
|
}
|