1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196
/* * @(#)file SslRMIClientSocketFactory.java * @(#)author Sun Microsystems, Inc. * @(#)version 1.17 * @(#)date 05/11/17 * * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ package javax.rmi.ssl; import java.io.IOException; import java.io.Serializable; import java.net.Socket; import java.rmi.server.RMIClientSocketFactory; import java.util.StringTokenizer; import javax.net.SocketFactory; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; /** * <p>An <code>SslRMIClientSocketFactory</code> instance is used by the RMI * runtime in order to obtain client sockets for RMI calls via SSL.</p> * * <p>This class implements <code>RMIClientSocketFactory</code> over * the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) * protocols.</p> * * <p>This class creates SSL sockets using the default * <code>SSLSocketFactory</code> (see {@link * SSLSocketFactory#getDefault}). All instances of this class are * functionally equivalent. In particular, they all share the same * truststore, and the same keystore when client authentication is * required by the server. This behavior can be modified in * subclasses by overriding the {@link #createSocket(String,int)} * method; in that case, {@link #equals(Object) equals} and {@link * #hashCode() hashCode} may also need to be overridden.</p> * * <p>If the system property * <code>javax.rmi.ssl.client.enabledCipherSuites</code> is specified, * the {@link #createSocket(String,int)} method will call {@link * SSLSocket#setEnabledCipherSuites(String[])} before returning the * socket. The value of this system property is a string that is a * comma-separated list of SSL/TLS cipher suites to enable.</p> * * <p>If the system property * <code>javax.rmi.ssl.client.enabledProtocols</code> is specified, * the {@link #createSocket(String,int)} method will call {@link * SSLSocket#setEnabledProtocols(String[])} before returning the * socket. The value of this system property is a string that is a * comma-separated list of SSL/TLS protocol versions to enable.</p> * * @see javax.net.ssl.SSLSocketFactory * @see javax.rmi.ssl.SslRMIServerSocketFactory * @since 1.5 */ public class SslRMIClientSocketFactory implements RMIClientSocketFactory, Serializable { /** * <p>Creates a new <code>SslRMIClientSocketFactory</code>.</p> */ public SslRMIClientSocketFactory() { // We don't force the initialization of the default SSLSocketFactory // at construction time - because the RMI client socket factory is // created on the server side, where that initialization is a priori // meaningless, unless both server and client run in the same JVM. // We could possibly override readObject() to force this initialization, // but it might not be a good idea to actually mix this with possible // deserialization problems. // So contrarily to what we do for the server side, the initialization // of the SSLSocketFactory will be delayed until the first time // createSocket() is called - note that the default SSLSocketFactory // might already have been initialized anyway if someone in the JVM // already called SSLSocketFactory.getDefault(). // } /** * <p>Creates an SSL socket.</p> * * <p>If the system property * <code>javax.rmi.ssl.client.enabledCipherSuites</code> is * specified, this method will call {@link * SSLSocket#setEnabledCipherSuites(String[])} before returning * the socket. The value of this system property is a string that * is a comma-separated list of SSL/TLS cipher suites to * enable.</p> * * <p>If the system property * <code>javax.rmi.ssl.client.enabledProtocols</code> is * specified, this method will call {@link * SSLSocket#setEnabledProtocols(String[])} before returning the * socket. The value of this system property is a string that is a * comma-separated list of SSL/TLS protocol versions to * enable.</p> */ public Socket createSocket(String host, int port) throws IOException { // Retrieve the SSLSocketFactory // final SocketFactory sslSocketFactory = getDefaultClientSocketFactory(); // Create the SSLSocket // final SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(host, port); // Set the SSLSocket Enabled Cipher Suites // final String enabledCipherSuites = (String) System.getProperty("javax.rmi.ssl.client.enabledCipherSuites"); if (enabledCipherSuites != null) { StringTokenizer st = new StringTokenizer(enabledCipherSuites, ","); int tokens = st.countTokens(); String enabledCipherSuitesList[] = new String[tokens]; for (int i = 0 ; i < tokens; i++) { enabledCipherSuitesList[i] = st.nextToken(); } try { sslSocket.setEnabledCipherSuites(enabledCipherSuitesList); } catch (IllegalArgumentException e) { throw (IOException) new IOException(e.getMessage()).initCause(e); } } // Set the SSLSocket Enabled Protocols // final String enabledProtocols = (String) System.getProperty("javax.rmi.ssl.client.enabledProtocols"); if (enabledProtocols != null) { StringTokenizer st = new StringTokenizer(enabledProtocols, ","); int tokens = st.countTokens(); String enabledProtocolsList[] = new String[tokens]; for (int i = 0 ; i < tokens; i++) { enabledProtocolsList[i] = st.nextToken(); } try { sslSocket.setEnabledProtocols(enabledProtocolsList); } catch (IllegalArgumentException e) { throw (IOException) new IOException(e.getMessage()).initCause(e); } } // Return the preconfigured SSLSocket // return sslSocket; } /** * <p>Indicates whether some other object is "equal to" this one.</p> * * <p>Because all instances of this class are functionally equivalent * (they all use the default * <code>SSLSocketFactory</code>), this method simply returns * <code>this.getClass().equals(obj.getClass())</code>.</p> * * <p>A subclass should override this method (as well * as {@link #hashCode()}) if its instances are not all * functionally equivalent.</p> */ public boolean equals(Object obj) { if (obj == null) return false; if (obj == this) return true; return this.getClass().equals(obj.getClass()); } /** * <p>Returns a hash code value for this * <code>SslRMIClientSocketFactory</code>.</p> * * @return a hash code value for this * <code>SslRMIClientSocketFactory</code>. */ public int hashCode() { return this.getClass().hashCode(); } // We use a static field because: // // SSLSocketFactory.getDefault() always returns the same object // (at least on Sun's implementation), and we want to make sure // that the Javadoc & the implementation stay in sync. // // If someone needs to have different SslRMIClientSocketFactory factories // with different underlying SSLSocketFactory objects using different key // and trust stores, he can always do so by subclassing this class and // overriding createSocket(String host, int port). // private static SocketFactory defaultSocketFactory = null; private static synchronized SocketFactory getDefaultClientSocketFactory() { if (defaultSocketFactory == null) defaultSocketFactory = SSLSocketFactory.getDefault(); return defaultSocketFactory; } private static final long serialVersionUID = -8310631444933958385L; }