1 /*
2  * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.  Oracle designates this
8  * particular file as subject to the "Classpath" exception as provided
9  * by Oracle in the LICENSE file that accompanied this code.
10  *
11  * This code is distributed in the hope that it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14  * version 2 for more details (a copy is included in the LICENSE file that
15  * accompanied this code).
16  *
17  * You should have received a copy of the GNU General Public License version
18  * 2 along with this work; if not, write to the Free Software Foundation,
19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20  *
21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22  * or visit www.oracle.com if you need additional information or have any
23  * questions.
24  */
25 
26 package javax.rmi.ssl;
27 
28 import java.io.IOException;
29 import java.io.Serializable;
30 import java.net.Socket;
31 import java.rmi.server.RMIClientSocketFactory;
32 import java.util.StringTokenizer;
33 import javax.net.SocketFactory;
34 import javax.net.ssl.SSLSocket;
35 import javax.net.ssl.SSLSocketFactory;
36 
37 /**
38  * <p>An <code>SslRMIClientSocketFactory</code> instance is used by the RMI
39  * runtime in order to obtain client sockets for RMI calls via SSL.</p>
40  *
41  * <p>This class implements <code>RMIClientSocketFactory</code> over
42  * the Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
43  * protocols.</p>
44  *
45  * <p>This class creates SSL sockets using the default
46  * <code>SSLSocketFactory</code> (see {@link
47  * SSLSocketFactory#getDefault}).  All instances of this class are
48  * functionally equivalent.  In particular, they all share the same
49  * truststore, and the same keystore when client authentication is
50  * required by the server.  This behavior can be modified in
51  * subclasses by overriding the {@link #createSocket(String,int)}
52  * method; in that case, {@link #equals(Object) equals} and {@link
53  * #hashCode() hashCode} may also need to be overridden.</p>
54  *
55  * <p>If the system property
56  * {@systemProperty javax.rmi.ssl.client.enabledCipherSuites} is specified,
57  * the {@link #createSocket(String,int)} method will call {@link
58  * SSLSocket#setEnabledCipherSuites(String[])} before returning the
59  * socket.  The value of this system property is a string that is a
60  * comma-separated list of SSL/TLS cipher suites to enable.</p>
61  *
62  * <p>If the system property
63  * {@systemProperty javax.rmi.ssl.client.enabledProtocols} is specified,
64  * the {@link #createSocket(String,int)} method will call {@link
65  * SSLSocket#setEnabledProtocols(String[])} before returning the
66  * socket.  The value of this system property is a string that is a
67  * comma-separated list of SSL/TLS protocol versions to enable.</p>
68  *
69  * @see javax.net.ssl.SSLSocketFactory
70  * @see javax.rmi.ssl.SslRMIServerSocketFactory
71  * @since 1.5
72  */
73 public class SslRMIClientSocketFactory
74     implements RMIClientSocketFactory, Serializable {
75 
76     /**
77      * <p>Creates a new <code>SslRMIClientSocketFactory</code>.</p>
78      */
SslRMIClientSocketFactory()79     public SslRMIClientSocketFactory() {
80         // We don't force the initialization of the default SSLSocketFactory
81         // at construction time - because the RMI client socket factory is
82         // created on the server side, where that initialization is a priori
83         // meaningless, unless both server and client run in the same JVM.
84         // We could possibly override readObject() to force this initialization,
85         // but it might not be a good idea to actually mix this with possible
86         // deserialization problems.
87         // So contrarily to what we do for the server side, the initialization
88         // of the SSLSocketFactory will be delayed until the first time
89         // createSocket() is called - note that the default SSLSocketFactory
90         // might already have been initialized anyway if someone in the JVM
91         // already called SSLSocketFactory.getDefault().
92         //
93     }
94 
95     /**
96      * <p>Creates an SSL socket.</p>
97      *
98      * <p>If the system property
99      * {@systemProperty javax.rmi.ssl.client.enabledCipherSuites} is
100      * specified, this method will call {@link
101      * SSLSocket#setEnabledCipherSuites(String[])} before returning
102      * the socket. The value of this system property is a string that
103      * is a comma-separated list of SSL/TLS cipher suites to
104      * enable.</p>
105      *
106      * <p>If the system property
107      * {@systemProperty javax.rmi.ssl.client.enabledProtocols} is
108      * specified, this method will call {@link
109      * SSLSocket#setEnabledProtocols(String[])} before returning the
110      * socket. The value of this system property is a string that is a
111      * comma-separated list of SSL/TLS protocol versions to
112      * enable.</p>
113      */
createSocket(String host, int port)114     public Socket createSocket(String host, int port) throws IOException {
115         // Retrieve the SSLSocketFactory
116         //
117         final SocketFactory sslSocketFactory = getDefaultClientSocketFactory();
118         // Create the SSLSocket
119         //
120         final SSLSocket sslSocket = (SSLSocket)
121             sslSocketFactory.createSocket(host, port);
122         // Set the SSLSocket Enabled Cipher Suites
123         //
124         final String enabledCipherSuites =
125             System.getProperty("javax.rmi.ssl.client.enabledCipherSuites");
126         if (enabledCipherSuites != null) {
127             StringTokenizer st = new StringTokenizer(enabledCipherSuites, ",");
128             int tokens = st.countTokens();
129             String enabledCipherSuitesList[] = new String[tokens];
130             for (int i = 0 ; i < tokens; i++) {
131                 enabledCipherSuitesList[i] = st.nextToken();
132             }
133             try {
134                 sslSocket.setEnabledCipherSuites(enabledCipherSuitesList);
135             } catch (IllegalArgumentException e) {
136                 throw (IOException)
137                     new IOException(e.getMessage()).initCause(e);
138             }
139         }
140         // Set the SSLSocket Enabled Protocols
141         //
142         final String enabledProtocols =
143             System.getProperty("javax.rmi.ssl.client.enabledProtocols");
144         if (enabledProtocols != null) {
145             StringTokenizer st = new StringTokenizer(enabledProtocols, ",");
146             int tokens = st.countTokens();
147             String enabledProtocolsList[] = new String[tokens];
148             for (int i = 0 ; i < tokens; i++) {
149                 enabledProtocolsList[i] = st.nextToken();
150             }
151             try {
152                 sslSocket.setEnabledProtocols(enabledProtocolsList);
153             } catch (IllegalArgumentException e) {
154                 throw (IOException)
155                     new IOException(e.getMessage()).initCause(e);
156             }
157         }
158         // Return the preconfigured SSLSocket
159         //
160         return sslSocket;
161     }
162 
163     /**
164      * <p>Indicates whether some other object is "equal to" this one.</p>
165      *
166      * <p>Because all instances of this class are functionally equivalent
167      * (they all use the default
168      * <code>SSLSocketFactory</code>), this method simply returns
169      * <code>this.getClass().equals(obj.getClass())</code>.</p>
170      *
171      * <p>A subclass should override this method (as well
172      * as {@link #hashCode()}) if its instances are not all
173      * functionally equivalent.</p>
174      */
equals(Object obj)175     public boolean equals(Object obj) {
176         if (obj == null) return false;
177         if (obj == this) return true;
178         return this.getClass().equals(obj.getClass());
179     }
180 
181     /**
182      * <p>Returns a hash code value for this
183      * <code>SslRMIClientSocketFactory</code>.</p>
184      *
185      * @return a hash code value for this
186      * <code>SslRMIClientSocketFactory</code>.
187      */
hashCode()188     public int hashCode() {
189         return this.getClass().hashCode();
190     }
191 
192     // We use a static field because:
193     //
194     //    SSLSocketFactory.getDefault() always returns the same object
195     //    (at least on Sun's implementation), and we want to make sure
196     //    that the Javadoc & the implementation stay in sync.
197     //
198     // If someone needs to have different SslRMIClientSocketFactory factories
199     // with different underlying SSLSocketFactory objects using different key
200     // and trust stores, he can always do so by subclassing this class and
201     // overriding createSocket(String host, int port).
202     //
203     private static SocketFactory defaultSocketFactory = null;
204 
getDefaultClientSocketFactory()205     private static synchronized SocketFactory getDefaultClientSocketFactory() {
206         if (defaultSocketFactory == null)
207             defaultSocketFactory = SSLSocketFactory.getDefault();
208         return defaultSocketFactory;
209     }
210 
211     private static final long serialVersionUID = -8310631444933958385L;
212 }
213