1/*
2 * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.  Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26package javax.rmi.ssl;
27
28import java.io.IOException;
29import java.io.Serializable;
30import java.net.Socket;
31import java.rmi.server.RMIClientSocketFactory;
32import java.util.StringTokenizer;
33import javax.net.SocketFactory;
34import javax.net.ssl.SSLSocket;
35import javax.net.ssl.SSLSocketFactory;
36
37/**
38 * <p>An <code>SslRMIClientSocketFactory</code> instance is used by the RMI
39 * runtime in order to obtain client sockets for RMI calls via SSL.</p>
40 *
41 * <p>This class implements <code>RMIClientSocketFactory</code> over
42 * the Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
43 * protocols.</p>
44 *
45 * <p>This class creates SSL sockets using the default
46 * <code>SSLSocketFactory</code> (see {@link
47 * SSLSocketFactory#getDefault}).  All instances of this class are
48 * functionally equivalent.  In particular, they all share the same
49 * truststore, and the same keystore when client authentication is
50 * required by the server.  This behavior can be modified in
51 * subclasses by overriding the {@link #createSocket(String,int)}
52 * method; in that case, {@link #equals(Object) equals} and {@link
53 * #hashCode() hashCode} may also need to be overridden.</p>
54 *
55 * <p>If the system property
56 * <code>javax.rmi.ssl.client.enabledCipherSuites</code> is specified,
57 * the {@link #createSocket(String,int)} method will call {@link
58 * SSLSocket#setEnabledCipherSuites(String[])} before returning the
59 * socket.  The value of this system property is a string that is a
60 * comma-separated list of SSL/TLS cipher suites to enable.</p>
61 *
62 * <p>If the system property
63 * <code>javax.rmi.ssl.client.enabledProtocols</code> is specified,
64 * the {@link #createSocket(String,int)} method will call {@link
65 * SSLSocket#setEnabledProtocols(String[])} before returning the
66 * socket.  The value of this system property is a string that is a
67 * comma-separated list of SSL/TLS protocol versions to enable.</p>
68 *
69 * @see javax.net.ssl.SSLSocketFactory
70 * @see javax.rmi.ssl.SslRMIServerSocketFactory
71 * @since 1.5
72 */
73public class SslRMIClientSocketFactory
74    implements RMIClientSocketFactory, Serializable {
75
76    /**
77     * <p>Creates a new <code>SslRMIClientSocketFactory</code>.</p>
78     */
79    public SslRMIClientSocketFactory() {
80        // We don't force the initialization of the default SSLSocketFactory
81        // at construction time - because the RMI client socket factory is
82        // created on the server side, where that initialization is a priori
83        // meaningless, unless both server and client run in the same JVM.
84        // We could possibly override readObject() to force this initialization,
85        // but it might not be a good idea to actually mix this with possible
86        // deserialization problems.
87        // So contrarily to what we do for the server side, the initialization
88        // of the SSLSocketFactory will be delayed until the first time
89        // createSocket() is called - note that the default SSLSocketFactory
90        // might already have been initialized anyway if someone in the JVM
91        // already called SSLSocketFactory.getDefault().
92        //
93    }
94
95    /**
96     * <p>Creates an SSL socket.</p>
97     *
98     * <p>If the system property
99     * <code>javax.rmi.ssl.client.enabledCipherSuites</code> is
100     * specified, this method will call {@link
101     * SSLSocket#setEnabledCipherSuites(String[])} before returning
102     * the socket. The value of this system property is a string that
103     * is a comma-separated list of SSL/TLS cipher suites to
104     * enable.</p>
105     *
106     * <p>If the system property
107     * <code>javax.rmi.ssl.client.enabledProtocols</code> is
108     * specified, this method will call {@link
109     * SSLSocket#setEnabledProtocols(String[])} before returning the
110     * socket. The value of this system property is a string that is a
111     * comma-separated list of SSL/TLS protocol versions to
112     * enable.</p>
113     */
114    public Socket createSocket(String host, int port) throws IOException {
115        // Retrieve the SSLSocketFactory
116        //
117        final SocketFactory sslSocketFactory = getDefaultClientSocketFactory();
118        // Create the SSLSocket
119        //
120        final SSLSocket sslSocket = (SSLSocket)
121            sslSocketFactory.createSocket(host, port);
122        // Set the SSLSocket Enabled Cipher Suites
123        //
124        final String enabledCipherSuites =
125            System.getProperty("javax.rmi.ssl.client.enabledCipherSuites");
126        if (enabledCipherSuites != null) {
127            StringTokenizer st = new StringTokenizer(enabledCipherSuites, ",");
128            int tokens = st.countTokens();
129            String enabledCipherSuitesList[] = new String[tokens];
130            for (int i = 0 ; i < tokens; i++) {
131                enabledCipherSuitesList[i] = st.nextToken();
132            }
133            try {
134                sslSocket.setEnabledCipherSuites(enabledCipherSuitesList);
135            } catch (IllegalArgumentException e) {
136                throw (IOException)
137                    new IOException(e.getMessage()).initCause(e);
138            }
139        }
140        // Set the SSLSocket Enabled Protocols
141        //
142        final String enabledProtocols =
143            System.getProperty("javax.rmi.ssl.client.enabledProtocols");
144        if (enabledProtocols != null) {
145            StringTokenizer st = new StringTokenizer(enabledProtocols, ",");
146            int tokens = st.countTokens();
147            String enabledProtocolsList[] = new String[tokens];
148            for (int i = 0 ; i < tokens; i++) {
149                enabledProtocolsList[i] = st.nextToken();
150            }
151            try {
152                sslSocket.setEnabledProtocols(enabledProtocolsList);
153            } catch (IllegalArgumentException e) {
154                throw (IOException)
155                    new IOException(e.getMessage()).initCause(e);
156            }
157        }
158        // Return the preconfigured SSLSocket
159        //
160        return sslSocket;
161    }
162
163    /**
164     * <p>Indicates whether some other object is "equal to" this one.</p>
165     *
166     * <p>Because all instances of this class are functionally equivalent
167     * (they all use the default
168     * <code>SSLSocketFactory</code>), this method simply returns
169     * <code>this.getClass().equals(obj.getClass())</code>.</p>
170     *
171     * <p>A subclass should override this method (as well
172     * as {@link #hashCode()}) if its instances are not all
173     * functionally equivalent.</p>
174     */
175    public boolean equals(Object obj) {
176        if (obj == null) return false;
177        if (obj == this) return true;
178        return this.getClass().equals(obj.getClass());
179    }
180
181    /**
182     * <p>Returns a hash code value for this
183     * <code>SslRMIClientSocketFactory</code>.</p>
184     *
185     * @return a hash code value for this
186     * <code>SslRMIClientSocketFactory</code>.
187     */
188    public int hashCode() {
189        return this.getClass().hashCode();
190    }
191
192    // We use a static field because:
193    //
194    //    SSLSocketFactory.getDefault() always returns the same object
195    //    (at least on Sun's implementation), and we want to make sure
196    //    that the Javadoc & the implementation stay in sync.
197    //
198    // If someone needs to have different SslRMIClientSocketFactory factories
199    // with different underlying SSLSocketFactory objects using different key
200    // and trust stores, he can always do so by subclassing this class and
201    // overriding createSocket(String host, int port).
202    //
203    private static SocketFactory defaultSocketFactory = null;
204
205    private static synchronized SocketFactory getDefaultClientSocketFactory() {
206        if (defaultSocketFactory == null)
207            defaultSocketFactory = SSLSocketFactory.getDefault();
208        return defaultSocketFactory;
209    }
210
211    private static final long serialVersionUID = -8310631444933958385L;
212}
213