| /* |
| * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Oracle designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Oracle in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| package javax.rmi.ssl; |
| |
| import java.io.IOException; |
| import java.io.Serializable; |
| import java.net.Socket; |
| import java.rmi.server.RMIClientSocketFactory; |
| import java.util.StringTokenizer; |
| import javax.net.SocketFactory; |
| import javax.net.ssl.SSLSocket; |
| import javax.net.ssl.SSLSocketFactory; |
| |
| /** |
| * <p>An <code>SslRMIClientSocketFactory</code> instance is used by the RMI |
| * runtime in order to obtain client sockets for RMI calls via SSL.</p> |
| * |
| * <p>This class implements <code>RMIClientSocketFactory</code> over |
| * the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) |
| * protocols.</p> |
| * |
| * <p>This class creates SSL sockets using the default |
| * <code>SSLSocketFactory</code> (see {@link |
| * SSLSocketFactory#getDefault}). All instances of this class are |
| * functionally equivalent. In particular, they all share the same |
| * truststore, and the same keystore when client authentication is |
| * required by the server. This behavior can be modified in |
| * subclasses by overriding the {@link #createSocket(String,int)} |
| * method; in that case, {@link #equals(Object) equals} and {@link |
| * #hashCode() hashCode} may also need to be overridden.</p> |
| * |
| * <p>If the system property |
| * {@systemProperty javax.rmi.ssl.client.enabledCipherSuites} is specified, |
| * the {@link #createSocket(String,int)} method will call {@link |
| * SSLSocket#setEnabledCipherSuites(String[])} before returning the |
| * socket. The value of this system property is a string that is a |
| * comma-separated list of SSL/TLS cipher suites to enable.</p> |
| * |
| * <p>If the system property |
| * {@systemProperty javax.rmi.ssl.client.enabledProtocols} is specified, |
| * the {@link #createSocket(String,int)} method will call {@link |
| * SSLSocket#setEnabledProtocols(String[])} before returning the |
| * socket. The value of this system property is a string that is a |
| * comma-separated list of SSL/TLS protocol versions to enable.</p> |
| * |
| * @see javax.net.ssl.SSLSocketFactory |
| * @see javax.rmi.ssl.SslRMIServerSocketFactory |
| * @since 1.5 |
| */ |
| public class SslRMIClientSocketFactory |
| implements RMIClientSocketFactory, Serializable { |
| |
| /** |
| * <p>Creates a new <code>SslRMIClientSocketFactory</code>.</p> |
| */ |
| public SslRMIClientSocketFactory() { |
| // We don't force the initialization of the default SSLSocketFactory |
| // at construction time - because the RMI client socket factory is |
| // created on the server side, where that initialization is a priori |
| // meaningless, unless both server and client run in the same JVM. |
| // We could possibly override readObject() to force this initialization, |
| // but it might not be a good idea to actually mix this with possible |
| // deserialization problems. |
| // So contrarily to what we do for the server side, the initialization |
| // of the SSLSocketFactory will be delayed until the first time |
| // createSocket() is called - note that the default SSLSocketFactory |
| // might already have been initialized anyway if someone in the JVM |
| // already called SSLSocketFactory.getDefault(). |
| // |
| } |
| |
| /** |
| * <p>Creates an SSL socket.</p> |
| * |
| * <p>If the system property |
| * {@systemProperty javax.rmi.ssl.client.enabledCipherSuites} is |
| * specified, this method will call {@link |
| * SSLSocket#setEnabledCipherSuites(String[])} before returning |
| * the socket. The value of this system property is a string that |
| * is a comma-separated list of SSL/TLS cipher suites to |
| * enable.</p> |
| * |
| * <p>If the system property |
| * {@systemProperty javax.rmi.ssl.client.enabledProtocols} is |
| * specified, this method will call {@link |
| * SSLSocket#setEnabledProtocols(String[])} before returning the |
| * socket. The value of this system property is a string that is a |
| * comma-separated list of SSL/TLS protocol versions to |
| * enable.</p> |
| */ |
| public Socket createSocket(String host, int port) throws IOException { |
| // Retrieve the SSLSocketFactory |
| // |
| final SocketFactory sslSocketFactory = getDefaultClientSocketFactory(); |
| // Create the SSLSocket |
| // |
| final SSLSocket sslSocket = (SSLSocket) |
| sslSocketFactory.createSocket(host, port); |
| // Set the SSLSocket Enabled Cipher Suites |
| // |
| final String enabledCipherSuites = |
| System.getProperty("javax.rmi.ssl.client.enabledCipherSuites"); |
| if (enabledCipherSuites != null) { |
| StringTokenizer st = new StringTokenizer(enabledCipherSuites, ","); |
| int tokens = st.countTokens(); |
| String enabledCipherSuitesList[] = new String[tokens]; |
| for (int i = 0 ; i < tokens; i++) { |
| enabledCipherSuitesList[i] = st.nextToken(); |
| } |
| try { |
| sslSocket.setEnabledCipherSuites(enabledCipherSuitesList); |
| } catch (IllegalArgumentException e) { |
| throw (IOException) |
| new IOException(e.getMessage()).initCause(e); |
| } |
| } |
| // Set the SSLSocket Enabled Protocols |
| // |
| final String enabledProtocols = |
| System.getProperty("javax.rmi.ssl.client.enabledProtocols"); |
| if (enabledProtocols != null) { |
| StringTokenizer st = new StringTokenizer(enabledProtocols, ","); |
| int tokens = st.countTokens(); |
| String enabledProtocolsList[] = new String[tokens]; |
| for (int i = 0 ; i < tokens; i++) { |
| enabledProtocolsList[i] = st.nextToken(); |
| } |
| try { |
| sslSocket.setEnabledProtocols(enabledProtocolsList); |
| } catch (IllegalArgumentException e) { |
| throw (IOException) |
| new IOException(e.getMessage()).initCause(e); |
| } |
| } |
| // Return the preconfigured SSLSocket |
| // |
| return sslSocket; |
| } |
| |
| /** |
| * <p>Indicates whether some other object is "equal to" this one.</p> |
| * |
| * <p>Because all instances of this class are functionally equivalent |
| * (they all use the default |
| * <code>SSLSocketFactory</code>), this method simply returns |
| * <code>this.getClass().equals(obj.getClass())</code>.</p> |
| * |
| * <p>A subclass should override this method (as well |
| * as {@link #hashCode()}) if its instances are not all |
| * functionally equivalent.</p> |
| */ |
| public boolean equals(Object obj) { |
| if (obj == null) return false; |
| if (obj == this) return true; |
| return this.getClass().equals(obj.getClass()); |
| } |
| |
| /** |
| * <p>Returns a hash code value for this |
| * <code>SslRMIClientSocketFactory</code>.</p> |
| * |
| * @return a hash code value for this |
| * <code>SslRMIClientSocketFactory</code>. |
| */ |
| public int hashCode() { |
| return this.getClass().hashCode(); |
| } |
| |
| // We use a static field because: |
| // |
| // SSLSocketFactory.getDefault() always returns the same object |
| // (at least on Sun's implementation), and we want to make sure |
| // that the Javadoc & the implementation stay in sync. |
| // |
| // If someone needs to have different SslRMIClientSocketFactory factories |
| // with different underlying SSLSocketFactory objects using different key |
| // and trust stores, he can always do so by subclassing this class and |
| // overriding createSocket(String host, int port). |
| // |
| private static SocketFactory defaultSocketFactory = null; |
| |
| private static synchronized SocketFactory getDefaultClientSocketFactory() { |
| if (defaultSocketFactory == null) |
| defaultSocketFactory = SSLSocketFactory.getDefault(); |
| return defaultSocketFactory; |
| } |
| |
| private static final long serialVersionUID = -8310631444933958385L; |
| } |