- /*
- * @(#)file SslRMIClientSocketFactory.java
- * @(#)author Sun Microsystems, Inc.
- * @(#)version 1.16
- * @(#)date 04/06/01
- *
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
- * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
- */
-
- package javax.rmi.ssl;
-
- import java.io.IOException;
- import java.io.Serializable;
- import java.net.Socket;
- import java.rmi.server.RMIClientSocketFactory;
- import java.util.StringTokenizer;
- import javax.net.SocketFactory;
- import javax.net.ssl.SSLSocket;
- import javax.net.ssl.SSLSocketFactory;
-
- /**
- * <p>An <code>SslRMIClientSocketFactory</code> instance is used by the RMI
- * runtime in order to obtain client sockets for RMI calls via SSL.</p>
- *
- * <p>This class implements <code>RMIClientSocketFactory</code> over
- * the Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
- * protocols.</p>
- *
- * <p>This class creates SSL sockets using the default
- * <code>SSLSocketFactory</code> (see {@link
- * SSLSocketFactory#getDefault}). All instances of this class are
- * functionally equivalent. In particular, they all share the same
- * truststore, and the same keystore when client authentication is
- * required by the server. This behavior can be modified in
- * subclasses by overriding the {@link #createSocket(String,int)}
- * method; in that case, {@link #equals(Object) equals} and {@link
- * #hashCode() hashCode} may also need to be overridden.</p>
- *
- * <p>If the system property
- * <code>javax.rmi.ssl.client.enabledCipherSuites</code> is specified,
- * the {@link #createSocket(String,int)} method will call {@link
- * SSLSocket#setEnabledCipherSuites(String[])} before returning the
- * socket. The value of this system property is a string that is a
- * comma-separated list of SSL/TLS cipher suites to enable.</p>
- *
- * <p>If the system property
- * <code>javax.rmi.ssl.client.enabledProtocols</code> is specified,
- * the {@link #createSocket(String,int)} method will call {@link
- * SSLSocket#setEnabledProtocols(String[])} before returning the
- * socket. The value of this system property is a string that is a
- * comma-separated list of SSL/TLS protocol versions to enable.</p>
- *
- * @see javax.net.ssl.SSLSocketFactory
- * @see javax.rmi.ssl.SslRMIServerSocketFactory
- * @since 1.5
- */
- public class SslRMIClientSocketFactory
- implements RMIClientSocketFactory, Serializable {
-
- /**
- * <p>Creates a new <code>SslRMIClientSocketFactory</code>.</p>
- */
- public SslRMIClientSocketFactory() {
- // We don't force the initialization of the default SSLSocketFactory
- // at construction time - because the RMI client socket factory is
- // created on the server side, where that initialization is a priori
- // meaningless, unless both server and client run in the same JVM.
- // We could possibly override readObject() to force this initialization,
- // but it might not be a good idea to actually mix this with possible
- // deserialization problems.
- // So contrarily to what we do for the server side, the initialization
- // of the SSLSocketFactory will be delayed until the first time
- // createSocket() is called - note that the default SSLSocketFactory
- // might already have been initialized anyway if someone in the JVM
- // already called SSLSocketFactory.getDefault().
- //
- }
-
- /**
- * <p>Creates an SSL socket.</p>
- *
- * <p>If the system property
- * <code>javax.rmi.ssl.client.enabledCipherSuites</code> is
- * specified, this method will call {@link
- * SSLSocket#setEnabledCipherSuites(String[])} before returning
- * the socket. The value of this system property is a string that
- * is a comma-separated list of SSL/TLS cipher suites to
- * enable.</p>
- *
- * <p>If the system property
- * <code>javax.rmi.ssl.client.enabledProtocols</code> is
- * specified, this method will call {@link
- * SSLSocket#setEnabledProtocols(String[])} before returning the
- * socket. The value of this system property is a string that is a
- * comma-separated list of SSL/TLS protocol versions to
- * enable.</p>
- */
- public Socket createSocket(String host, int port) throws IOException {
- // Retrieve the SSLSocketFactory
- //
- final SocketFactory sslSocketFactory = getDefaultClientSocketFactory();
- // Create the SSLSocket
- //
- final SSLSocket sslSocket = (SSLSocket)
- sslSocketFactory.createSocket(host, port);
- // Set the SSLSocket Enabled Cipher Suites
- //
- final String enabledCipherSuites = (String)
- System.getProperty("javax.rmi.ssl.client.enabledCipherSuites");
- if (enabledCipherSuites != null) {
- StringTokenizer st = new StringTokenizer(enabledCipherSuites, ",");
- int tokens = st.countTokens();
- String enabledCipherSuitesList[] = new String[tokens];
- for (int i = 0 ; i < tokens; i++) {
- enabledCipherSuitesList[i] = st.nextToken();
- }
- try {
- sslSocket.setEnabledCipherSuites(enabledCipherSuitesList);
- } catch (IllegalArgumentException e) {
- throw (IOException)
- new IOException(e.getMessage()).initCause(e);
- }
- }
- // Set the SSLSocket Enabled Protocols
- //
- final String enabledProtocols = (String)
- System.getProperty("javax.rmi.ssl.client.enabledProtocols");
- if (enabledProtocols != null) {
- StringTokenizer st = new StringTokenizer(enabledProtocols, ",");
- int tokens = st.countTokens();
- String enabledProtocolsList[] = new String[tokens];
- for (int i = 0 ; i < tokens; i++) {
- enabledProtocolsList[i] = st.nextToken();
- }
- try {
- sslSocket.setEnabledProtocols(enabledProtocolsList);
- } catch (IllegalArgumentException e) {
- throw (IOException)
- new IOException(e.getMessage()).initCause(e);
- }
- }
- // Return the preconfigured SSLSocket
- //
- return sslSocket;
- }
-
- /**
- * <p>Indicates whether some other object is "equal to" this one.</p>
- *
- * <p>Because all instances of this class are functionally equivalent
- * (they all use the default
- * <code>SSLSocketFactory</code>), this method simply returns
- * <code>this.getClass().equals(obj.getClass())</code>.</p>
- *
- * <p>A subclass should override this method (as well
- * as {@link #hashCode()}) if its instances are not all
- * functionally equivalent.</p>
- */
- public boolean equals(Object obj) {
- if (obj == null) return false;
- if (obj == this) return true;
- return this.getClass().equals(obj.getClass());
- }
-
- /**
- * <p>Returns a hash code value for this
- * <code>SslRMIClientSocketFactory</code>.</p>
- *
- * @return a hash code value for this
- * <code>SslRMIClientSocketFactory</code>.
- */
- public int hashCode() {
- return this.getClass().hashCode();
- }
-
- // We use a static field because:
- //
- // SSLSocketFactory.getDefault() always returns the same object
- // (at least on Sun's implementation), and we want to make sure
- // that the Javadoc & the implementation stay in sync.
- //
- // If someone needs to have different SslRMIClientSocketFactory factories
- // with different underlying SSLSocketFactory objects using different key
- // and trust stores, he can always do so by subclassing this class and
- // overriding createSocket(String host, int port).
- //
- private static SocketFactory defaultSocketFactory = null;
-
- private static synchronized SocketFactory getDefaultClientSocketFactory() {
- if (defaultSocketFactory == null)
- defaultSocketFactory = SSLSocketFactory.getDefault();
- return defaultSocketFactory;
- }
-
- private static final long serialVersionUID = -8310631444933958385L;
- }