1 /* 2 * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package javax.rmi.ssl; 27 28 import java.io.IOException; 29 import java.io.Serializable; 30 import java.net.Socket; 31 import java.rmi.server.RMIClientSocketFactory; 32 import java.util.StringTokenizer; 33 import javax.net.SocketFactory; 34 import javax.net.ssl.SSLSocket; 35 import javax.net.ssl.SSLSocketFactory; 36 37 /** 38 * <p>An <code>SslRMIClientSocketFactory</code> instance is used by the RMI 39 * runtime in order to obtain client sockets for RMI calls via SSL.</p> 40 * 41 * <p>This class implements <code>RMIClientSocketFactory</code> over 42 * the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) 43 * protocols.</p> 44 * 45 * <p>This class creates SSL sockets using the default 46 * <code>SSLSocketFactory</code> (see {@link 47 * SSLSocketFactory#getDefault}). All instances of this class are 48 * functionally equivalent. In particular, they all share the same 49 * truststore, and the same keystore when client authentication is 50 * required by the server. This behavior can be modified in 51 * subclasses by overriding the {@link #createSocket(String,int)} 52 * method; in that case, {@link #equals(Object) equals} and {@link 53 * #hashCode() hashCode} may also need to be overridden.</p> 54 * 55 * <p>If the system property 56 * {@systemProperty javax.rmi.ssl.client.enabledCipherSuites} is specified, 57 * the {@link #createSocket(String,int)} method will call {@link 58 * SSLSocket#setEnabledCipherSuites(String[])} before returning the 59 * socket. The value of this system property is a string that is a 60 * comma-separated list of SSL/TLS cipher suites to enable.</p> 61 * 62 * <p>If the system property 63 * {@systemProperty javax.rmi.ssl.client.enabledProtocols} is specified, 64 * the {@link #createSocket(String,int)} method will call {@link 65 * SSLSocket#setEnabledProtocols(String[])} before returning the 66 * socket. The value of this system property is a string that is a 67 * comma-separated list of SSL/TLS protocol versions to enable.</p> 68 * 69 * @see javax.net.ssl.SSLSocketFactory 70 * @see javax.rmi.ssl.SslRMIServerSocketFactory 71 * @since 1.5 72 */ 73 public class SslRMIClientSocketFactory 74 implements RMIClientSocketFactory, Serializable { 75 76 /** 77 * <p>Creates a new <code>SslRMIClientSocketFactory</code>.</p> 78 */ SslRMIClientSocketFactory()79 public SslRMIClientSocketFactory() { 80 // We don't force the initialization of the default SSLSocketFactory 81 // at construction time - because the RMI client socket factory is 82 // created on the server side, where that initialization is a priori 83 // meaningless, unless both server and client run in the same JVM. 84 // We could possibly override readObject() to force this initialization, 85 // but it might not be a good idea to actually mix this with possible 86 // deserialization problems. 87 // So contrarily to what we do for the server side, the initialization 88 // of the SSLSocketFactory will be delayed until the first time 89 // createSocket() is called - note that the default SSLSocketFactory 90 // might already have been initialized anyway if someone in the JVM 91 // already called SSLSocketFactory.getDefault(). 92 // 93 } 94 95 /** 96 * <p>Creates an SSL socket.</p> 97 * 98 * <p>If the system property 99 * {@systemProperty javax.rmi.ssl.client.enabledCipherSuites} is 100 * specified, this method will call {@link 101 * SSLSocket#setEnabledCipherSuites(String[])} before returning 102 * the socket. The value of this system property is a string that 103 * is a comma-separated list of SSL/TLS cipher suites to 104 * enable.</p> 105 * 106 * <p>If the system property 107 * {@systemProperty javax.rmi.ssl.client.enabledProtocols} is 108 * specified, this method will call {@link 109 * SSLSocket#setEnabledProtocols(String[])} before returning the 110 * socket. The value of this system property is a string that is a 111 * comma-separated list of SSL/TLS protocol versions to 112 * enable.</p> 113 */ createSocket(String host, int port)114 public Socket createSocket(String host, int port) throws IOException { 115 // Retrieve the SSLSocketFactory 116 // 117 final SocketFactory sslSocketFactory = getDefaultClientSocketFactory(); 118 // Create the SSLSocket 119 // 120 final SSLSocket sslSocket = (SSLSocket) 121 sslSocketFactory.createSocket(host, port); 122 // Set the SSLSocket Enabled Cipher Suites 123 // 124 final String enabledCipherSuites = 125 System.getProperty("javax.rmi.ssl.client.enabledCipherSuites"); 126 if (enabledCipherSuites != null) { 127 StringTokenizer st = new StringTokenizer(enabledCipherSuites, ","); 128 int tokens = st.countTokens(); 129 String enabledCipherSuitesList[] = new String[tokens]; 130 for (int i = 0 ; i < tokens; i++) { 131 enabledCipherSuitesList[i] = st.nextToken(); 132 } 133 try { 134 sslSocket.setEnabledCipherSuites(enabledCipherSuitesList); 135 } catch (IllegalArgumentException e) { 136 throw (IOException) 137 new IOException(e.getMessage()).initCause(e); 138 } 139 } 140 // Set the SSLSocket Enabled Protocols 141 // 142 final String enabledProtocols = 143 System.getProperty("javax.rmi.ssl.client.enabledProtocols"); 144 if (enabledProtocols != null) { 145 StringTokenizer st = new StringTokenizer(enabledProtocols, ","); 146 int tokens = st.countTokens(); 147 String enabledProtocolsList[] = new String[tokens]; 148 for (int i = 0 ; i < tokens; i++) { 149 enabledProtocolsList[i] = st.nextToken(); 150 } 151 try { 152 sslSocket.setEnabledProtocols(enabledProtocolsList); 153 } catch (IllegalArgumentException e) { 154 throw (IOException) 155 new IOException(e.getMessage()).initCause(e); 156 } 157 } 158 // Return the preconfigured SSLSocket 159 // 160 return sslSocket; 161 } 162 163 /** 164 * <p>Indicates whether some other object is "equal to" this one.</p> 165 * 166 * <p>Because all instances of this class are functionally equivalent 167 * (they all use the default 168 * <code>SSLSocketFactory</code>), this method simply returns 169 * <code>this.getClass().equals(obj.getClass())</code>.</p> 170 * 171 * <p>A subclass should override this method (as well 172 * as {@link #hashCode()}) if its instances are not all 173 * functionally equivalent.</p> 174 */ equals(Object obj)175 public boolean equals(Object obj) { 176 if (obj == null) return false; 177 if (obj == this) return true; 178 return this.getClass().equals(obj.getClass()); 179 } 180 181 /** 182 * <p>Returns a hash code value for this 183 * <code>SslRMIClientSocketFactory</code>.</p> 184 * 185 * @return a hash code value for this 186 * <code>SslRMIClientSocketFactory</code>. 187 */ hashCode()188 public int hashCode() { 189 return this.getClass().hashCode(); 190 } 191 192 // We use a static field because: 193 // 194 // SSLSocketFactory.getDefault() always returns the same object 195 // (at least on Sun's implementation), and we want to make sure 196 // that the Javadoc & the implementation stay in sync. 197 // 198 // If someone needs to have different SslRMIClientSocketFactory factories 199 // with different underlying SSLSocketFactory objects using different key 200 // and trust stores, he can always do so by subclassing this class and 201 // overriding createSocket(String host, int port). 202 // 203 private static SocketFactory defaultSocketFactory = null; 204 getDefaultClientSocketFactory()205 private static synchronized SocketFactory getDefaultClientSocketFactory() { 206 if (defaultSocketFactory == null) 207 defaultSocketFactory = SSLSocketFactory.getDefault(); 208 return defaultSocketFactory; 209 } 210 211 private static final long serialVersionUID = -8310631444933958385L; 212 } 213