/*

 * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.  Oracle designates this

 * particular file as subject to the "Classpath" exception as provided

 * by Oracle in the LICENSE file that accompanied this code.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

 * or visit www.oracle.com if you need additional information or have any

 * questions.

 */

package javax.rmi.ssl;

import java.io.IOException;

import java.io.Serializable;

import java.net.Socket;

import java.rmi.server.RMIClientSocketFactory;

import java.util.StringTokenizer;

import javax.net.SocketFactory;

import javax.net.ssl.SSLSocket;

import javax.net.ssl.SSLSocketFactory;

/**

 * <p>An <code>SslRMIClientSocketFactory</code> instance is used by the RMI

 * runtime in order to obtain client sockets for RMI calls via SSL.</p>

 *

 * <p>This class implements <code>RMIClientSocketFactory</code> over

 * the Secure Sockets Layer (SSL) or Transport Layer Security (TLS)

 * protocols.</p>

 *

 * <p>This class creates SSL sockets using the default

 * <code>SSLSocketFactory</code> (see {@link

 * SSLSocketFactory#getDefault}).  All instances of this class are

 * functionally equivalent.  In particular, they all share the same

 * truststore, and the same keystore when client authentication is

 * required by the server.  This behavior can be modified in

 * subclasses by overriding the {@link #createSocket(String,int)}

 * method; in that case, {@link #equals(Object) equals} and {@link

 * #hashCode() hashCode} may also need to be overridden.</p>

 *

 * <p>If the system property

 * <code>javax.rmi.ssl.client.enabledCipherSuites</code> is specified,

 * the {@link #createSocket(String,int)} method will call {@link

 * SSLSocket#setEnabledCipherSuites(String[])} before returning the

 * socket.  The value of this system property is a string that is a

 * comma-separated list of SSL/TLS cipher suites to enable.</p>

 *

 * <p>If the system property

 * <code>javax.rmi.ssl.client.enabledProtocols</code> is specified,

 * the {@link #createSocket(String,int)} method will call {@link

 * SSLSocket#setEnabledProtocols(String[])} before returning the

 * socket.  The value of this system property is a string that is a

 * comma-separated list of SSL/TLS protocol versions to enable.</p>

 *

 * @see javax.net.ssl.SSLSocketFactory

 * @see javax.rmi.ssl.SslRMIServerSocketFactory

 * @since 1.5

 */

public class SslRMIClientSocketFactory

    implements RMIClientSocketFactory, Serializable {

    /**

     * <p>Creates a new <code>SslRMIClientSocketFactory</code>.</p>

     */

    public SslRMIClientSocketFactory() {

        // We don't force the initialization of the default SSLSocketFactory

        // at construction time - because the RMI client socket factory is

        // created on the server side, where that initialization is a priori

        // meaningless, unless both server and client run in the same JVM.

        // We could possibly override readObject() to force this initialization,

        // but it might not be a good idea to actually mix this with possible

        // deserialization problems.

        // So contrarily to what we do for the server side, the initialization

        // of the SSLSocketFactory will be delayed until the first time

        // createSocket() is called - note that the default SSLSocketFactory

        // might already have been initialized anyway if someone in the JVM

        // already called SSLSocketFactory.getDefault().

        //

    }

    /**

     * <p>Creates an SSL socket.</p>

     *

     * <p>If the system property

     * <code>javax.rmi.ssl.client.enabledCipherSuites</code> is

     * specified, this method will call {@link

     * SSLSocket#setEnabledCipherSuites(String[])} before returning

     * the socket. The value of this system property is a string that

     * is a comma-separated list of SSL/TLS cipher suites to

     * enable.</p>

     *

     * <p>If the system property

     * <code>javax.rmi.ssl.client.enabledProtocols</code> is

     * specified, this method will call {@link

     * SSLSocket#setEnabledProtocols(String[])} before returning the

     * socket. The value of this system property is a string that is a

     * comma-separated list of SSL/TLS protocol versions to

     * enable.</p>

     */

    public Socket createSocket(String host, int port) throws IOException {

        // Retrieve the SSLSocketFactory

        //

        final SocketFactory sslSocketFactory = getDefaultClientSocketFactory();

        // Create the SSLSocket

        //

        final SSLSocket sslSocket = (SSLSocket)

            sslSocketFactory.createSocket(host, port);

        // Set the SSLSocket Enabled Cipher Suites

        //

        final String enabledCipherSuites =

            System.getProperty("javax.rmi.ssl.client.enabledCipherSuites");

        if (enabledCipherSuites != null) {

            StringTokenizer st = new StringTokenizer(enabledCipherSuites, ",");

            int tokens = st.countTokens();

            String enabledCipherSuitesList[] = new String[tokens];

            for (int i = 0 ; i < tokens; i++) {

                enabledCipherSuitesList[i] = st.nextToken();

            }

            try {

                sslSocket.setEnabledCipherSuites(enabledCipherSuitesList);

            } catch (IllegalArgumentException e) {

                throw (IOException)

                    new IOException(e.getMessage()).initCause(e);

            }

        }

        // Set the SSLSocket Enabled Protocols

        //

        final String enabledProtocols =

            System.getProperty("javax.rmi.ssl.client.enabledProtocols");

        if (enabledProtocols != null) {

            StringTokenizer st = new StringTokenizer(enabledProtocols, ",");

            int tokens = st.countTokens();

            String enabledProtocolsList[] = new String[tokens];

            for (int i = 0 ; i < tokens; i++) {

                enabledProtocolsList[i] = st.nextToken();

            }

            try {

                sslSocket.setEnabledProtocols(enabledProtocolsList);

            } catch (IllegalArgumentException e) {

                throw (IOException)

                    new IOException(e.getMessage()).initCause(e);

            }

        }

        // Return the preconfigured SSLSocket

        //

        return sslSocket;

    }

    /**

     * <p>Indicates whether some other object is "equal to" this one.</p>

     *

     * <p>Because all instances of this class are functionally equivalent

     * (they all use the default

     * <code>SSLSocketFactory</code>), this method simply returns

     * <code>this.getClass().equals(obj.getClass())</code>.</p>

     *

     * <p>A subclass should override this method (as well

     * as {@link #hashCode()}) if its instances are not all

     * functionally equivalent.</p>

     */

    public boolean equals(Object obj) {

        if (obj == null) return false;

        if (obj == this) return true;

        return this.getClass().equals(obj.getClass());

    }

    /**

     * <p>Returns a hash code value for this

     * <code>SslRMIClientSocketFactory</code>.</p>

     *

     * @return a hash code value for this

     * <code>SslRMIClientSocketFactory</code>.

     */

    public int hashCode() {

        return this.getClass().hashCode();

    }

    // We use a static field because:

    //

    //    SSLSocketFactory.getDefault() always returns the same object

    //    (at least on Sun's implementation), and we want to make sure

    //    that the Javadoc & the implementation stay in sync.

    //

    // If someone needs to have different SslRMIClientSocketFactory factories

    // with different underlying SSLSocketFactory objects using different key

    // and trust stores, he can always do so by subclassing this class and

    // overriding createSocket(String host, int port).

    //

    private static SocketFactory defaultSocketFactory = null;

    private static synchronized SocketFactory getDefaultClientSocketFactory() {

        if (defaultSocketFactory == null)

            defaultSocketFactory = SSLSocketFactory.getDefault();

        return defaultSocketFactory;

    }

    private static final long serialVersionUID = -8310631444933958385L;

}