--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/javax/rmi/ssl/SslRMIClientSocketFactory.java Sat Dec 01 00:00:00 2007 +0000
@@ -0,0 +1,212 @@
+/*
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package javax.rmi.ssl;
+
+import java.io.IOException;
+import java.io.Serializable;
+import java.net.Socket;
+import java.rmi.server.RMIClientSocketFactory;
+import java.util.StringTokenizer;
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+/**
+ * <p>An <code>SslRMIClientSocketFactory</code> instance is used by the RMI
+ * runtime in order to obtain client sockets for RMI calls via SSL.</p>
+ *
+ * <p>This class implements <code>RMIClientSocketFactory</code> over
+ * the Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
+ * protocols.</p>
+ *
+ * <p>This class creates SSL sockets using the default
+ * <code>SSLSocketFactory</code> (see {@link
+ * SSLSocketFactory#getDefault}). All instances of this class are
+ * functionally equivalent. In particular, they all share the same
+ * truststore, and the same keystore when client authentication is
+ * required by the server. This behavior can be modified in
+ * subclasses by overriding the {@link #createSocket(String,int)}
+ * method; in that case, {@link #equals(Object) equals} and {@link
+ * #hashCode() hashCode} may also need to be overridden.</p>
+ *
+ * <p>If the system property
+ * <code>javax.rmi.ssl.client.enabledCipherSuites</code> is specified,
+ * the {@link #createSocket(String,int)} method will call {@link
+ * SSLSocket#setEnabledCipherSuites(String[])} before returning the
+ * socket. The value of this system property is a string that is a
+ * comma-separated list of SSL/TLS cipher suites to enable.</p>
+ *
+ * <p>If the system property
+ * <code>javax.rmi.ssl.client.enabledProtocols</code> is specified,
+ * the {@link #createSocket(String,int)} method will call {@link
+ * SSLSocket#setEnabledProtocols(String[])} before returning the
+ * socket. The value of this system property is a string that is a
+ * comma-separated list of SSL/TLS protocol versions to enable.</p>
+ *
+ * @see javax.net.ssl.SSLSocketFactory
+ * @see javax.rmi.ssl.SslRMIServerSocketFactory
+ * @since 1.5
+ */
+public class SslRMIClientSocketFactory
+ implements RMIClientSocketFactory, Serializable {
+
+ /**
+ * <p>Creates a new <code>SslRMIClientSocketFactory</code>.</p>
+ */
+ public SslRMIClientSocketFactory() {
+ // We don't force the initialization of the default SSLSocketFactory
+ // at construction time - because the RMI client socket factory is
+ // created on the server side, where that initialization is a priori
+ // meaningless, unless both server and client run in the same JVM.
+ // We could possibly override readObject() to force this initialization,
+ // but it might not be a good idea to actually mix this with possible
+ // deserialization problems.
+ // So contrarily to what we do for the server side, the initialization
+ // of the SSLSocketFactory will be delayed until the first time
+ // createSocket() is called - note that the default SSLSocketFactory
+ // might already have been initialized anyway if someone in the JVM
+ // already called SSLSocketFactory.getDefault().
+ //
+ }
+
+ /**
+ * <p>Creates an SSL socket.</p>
+ *
+ * <p>If the system property
+ * <code>javax.rmi.ssl.client.enabledCipherSuites</code> is
+ * specified, this method will call {@link
+ * SSLSocket#setEnabledCipherSuites(String[])} before returning
+ * the socket. The value of this system property is a string that
+ * is a comma-separated list of SSL/TLS cipher suites to
+ * enable.</p>
+ *
+ * <p>If the system property
+ * <code>javax.rmi.ssl.client.enabledProtocols</code> is
+ * specified, this method will call {@link
+ * SSLSocket#setEnabledProtocols(String[])} before returning the
+ * socket. The value of this system property is a string that is a
+ * comma-separated list of SSL/TLS protocol versions to
+ * enable.</p>
+ */
+ public Socket createSocket(String host, int port) throws IOException {
+ // Retrieve the SSLSocketFactory
+ //
+ final SocketFactory sslSocketFactory = getDefaultClientSocketFactory();
+ // Create the SSLSocket
+ //
+ final SSLSocket sslSocket = (SSLSocket)
+ sslSocketFactory.createSocket(host, port);
+ // Set the SSLSocket Enabled Cipher Suites
+ //
+ final String enabledCipherSuites = (String)
+ System.getProperty("javax.rmi.ssl.client.enabledCipherSuites");
+ if (enabledCipherSuites != null) {
+ StringTokenizer st = new StringTokenizer(enabledCipherSuites, ",");
+ int tokens = st.countTokens();
+ String enabledCipherSuitesList[] = new String[tokens];
+ for (int i = 0 ; i < tokens; i++) {
+ enabledCipherSuitesList[i] = st.nextToken();
+ }
+ try {
+ sslSocket.setEnabledCipherSuites(enabledCipherSuitesList);
+ } catch (IllegalArgumentException e) {
+ throw (IOException)
+ new IOException(e.getMessage()).initCause(e);
+ }
+ }
+ // Set the SSLSocket Enabled Protocols
+ //
+ final String enabledProtocols = (String)
+ System.getProperty("javax.rmi.ssl.client.enabledProtocols");
+ if (enabledProtocols != null) {
+ StringTokenizer st = new StringTokenizer(enabledProtocols, ",");
+ int tokens = st.countTokens();
+ String enabledProtocolsList[] = new String[tokens];
+ for (int i = 0 ; i < tokens; i++) {
+ enabledProtocolsList[i] = st.nextToken();
+ }
+ try {
+ sslSocket.setEnabledProtocols(enabledProtocolsList);
+ } catch (IllegalArgumentException e) {
+ throw (IOException)
+ new IOException(e.getMessage()).initCause(e);
+ }
+ }
+ // Return the preconfigured SSLSocket
+ //
+ return sslSocket;
+ }
+
+ /**
+ * <p>Indicates whether some other object is "equal to" this one.</p>
+ *
+ * <p>Because all instances of this class are functionally equivalent
+ * (they all use the default
+ * <code>SSLSocketFactory</code>), this method simply returns
+ * <code>this.getClass().equals(obj.getClass())</code>.</p>
+ *
+ * <p>A subclass should override this method (as well
+ * as {@link #hashCode()}) if its instances are not all
+ * functionally equivalent.</p>
+ */
+ public boolean equals(Object obj) {
+ if (obj == null) return false;
+ if (obj == this) return true;
+ return this.getClass().equals(obj.getClass());
+ }
+
+ /**
+ * <p>Returns a hash code value for this
+ * <code>SslRMIClientSocketFactory</code>.</p>
+ *
+ * @return a hash code value for this
+ * <code>SslRMIClientSocketFactory</code>.
+ */
+ public int hashCode() {
+ return this.getClass().hashCode();
+ }
+
+ // We use a static field because:
+ //
+ // SSLSocketFactory.getDefault() always returns the same object
+ // (at least on Sun's implementation), and we want to make sure
+ // that the Javadoc & the implementation stay in sync.
+ //
+ // If someone needs to have different SslRMIClientSocketFactory factories
+ // with different underlying SSLSocketFactory objects using different key
+ // and trust stores, he can always do so by subclassing this class and
+ // overriding createSocket(String host, int port).
+ //
+ private static SocketFactory defaultSocketFactory = null;
+
+ private static synchronized SocketFactory getDefaultClientSocketFactory() {
+ if (defaultSocketFactory == null)
+ defaultSocketFactory = SSLSocketFactory.getDefault();
+ return defaultSocketFactory;
+ }
+
+ private static final long serialVersionUID = -8310631444933958385L;
+}