< prev index next >
src/java.rmi/share/classes/javax/rmi/ssl/SslRMIServerSocketFactory.java
Print this page
@ rev 12906 : 6425769: jmx remote bind address
| Summary: Allow for binding to a specific address via custom socket factories.
o rev 10469 : 8054834: Modular Source Code
| Reviewed-by: alanb, chegar, ihse, mduigou
| Contributed-by: alan.bateman@oracle.com, alex.buckley@oracle.com, chris.hegarty@oracle.com, erik.joelsson@oracle.com, jonathan.gibbons@oracle.com, karen.kinnear@oracle.com, magnus.ihse.bursie@oracle.com, mandy.chung@oracle.com, mark.reinhold@oracle.com, paul.sandoz@oracle.com
*** 24,35 ****
--- 24,37 ----
*/
package javax.rmi.ssl;
import java.io.IOException;
+ import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
+ import java.net.UnknownHostException;
import java.rmi.server.RMIServerSocketFactory;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
*** 113,123 ****
public SslRMIServerSocketFactory(
String[] enabledCipherSuites,
String[] enabledProtocols,
boolean needClientAuth)
throws IllegalArgumentException {
! this(null, enabledCipherSuites, enabledProtocols, needClientAuth);
}
/**
* <p>Creates a new <code>SslRMIServerSocketFactory</code> with the
* specified <code>SSLContext</code> and SSL socket configuration.</p>
--- 115,168 ----
public SslRMIServerSocketFactory(
String[] enabledCipherSuites,
String[] enabledProtocols,
boolean needClientAuth)
throws IllegalArgumentException {
! this(null, enabledCipherSuites, enabledProtocols, needClientAuth, null);
! }
!
! /**
! * <p>Creates a new <code>SslRMIServerSocketFactory</code> with
! * the specified SSL socket configuration.</p>
! *
! * @param enabledCipherSuites names of all the cipher suites to
! * enable on SSL connections accepted by server sockets created by
! * this factory, or <code>null</code> to use the cipher suites
! * that are enabled by default
! *
! * @param enabledProtocols names of all the protocol versions to
! * enable on SSL connections accepted by server sockets created by
! * this factory, or <code>null</code> to use the protocol versions
! * that are enabled by default
! *
! * @param needClientAuth <code>true</code> to require client
! * authentication on SSL connections accepted by server sockets
! * created by this factory; <code>false</code> to not require
! * client authentication
! *
! * @param bindAddress the address to which to bind the
! * server socket to, or <code>null</code> to bind to the wildcard
! * address.
! *
! * @exception IllegalArgumentException when one or more of the cipher
! * suites named by the <code>enabledCipherSuites</code> parameter is
! * not supported, when one or more of the protocols named by the
! * <code>enabledProtocols</code> parameter is not supported or when
! * a problem is encountered while trying to check if the supplied
! * cipher suites and protocols to be enabled are supported.
! *
! * @see SSLSocket#setEnabledCipherSuites
! * @see SSLSocket#setEnabledProtocols
! * @see SSLSocket#setNeedClientAuth
! */
! public SslRMIServerSocketFactory(
! String[] enabledCipherSuites,
! String[] enabledProtocols,
! boolean needClientAuth,
! String bindAddress)
! throws IllegalArgumentException {
! this(null, enabledCipherSuites, enabledProtocols, needClientAuth, bindAddress);
}
/**
* <p>Creates a new <code>SslRMIServerSocketFactory</code> with the
* specified <code>SSLContext</code> and SSL socket configuration.</p>
*** 160,169 ****
--- 205,265 ----
SSLContext context,
String[] enabledCipherSuites,
String[] enabledProtocols,
boolean needClientAuth)
throws IllegalArgumentException {
+ this(null, enabledCipherSuites, enabledProtocols, needClientAuth, null);
+ }
+
+ /**
+ * <p>Creates a new <code>SslRMIServerSocketFactory</code> with the
+ * specified <code>SSLContext</code> and SSL socket configuration.</p>
+ *
+ * @param context the SSL context to be used for creating SSL sockets.
+ * If <code>context</code> is null the default <code>SSLSocketFactory</code>
+ * or the default <code>SSLServerSocketFactory</code> will be used to
+ * create SSL sockets. Otherwise, the socket factory returned by
+ * <code>SSLContext.getSocketFactory()</code> or
+ * <code>SSLContext.getServerSocketFactory()</code> will be used instead.
+ *
+ * @param enabledCipherSuites names of all the cipher suites to
+ * enable on SSL connections accepted by server sockets created by
+ * this factory, or <code>null</code> to use the cipher suites
+ * that are enabled by default
+ *
+ * @param enabledProtocols names of all the protocol versions to
+ * enable on SSL connections accepted by server sockets created by
+ * this factory, or <code>null</code> to use the protocol versions
+ * that are enabled by default
+ *
+ * @param needClientAuth <code>true</code> to require client
+ * authentication on SSL connections accepted by server sockets
+ * created by this factory; <code>false</code> to not require
+ * client authentication
+ *
+ * @param bindAddress the address to which to bind the
+ * server socket to, or <code>null</code> to bind to the wildcard
+ * address.
+ *
+ * @exception IllegalArgumentException when one or more of the cipher
+ * suites named by the <code>enabledCipherSuites</code> parameter is
+ * not supported, when one or more of the protocols named by the
+ * <code>enabledProtocols</code> parameter is not supported or when
+ * a problem is encountered while trying to check if the supplied
+ * cipher suites and protocols to be enabled are supported.
+ *
+ * @see SSLSocket#setEnabledCipherSuites
+ * @see SSLSocket#setEnabledProtocols
+ * @see SSLSocket#setNeedClientAuth
+ */
+ public SslRMIServerSocketFactory(
+ SSLContext context,
+ String[] enabledCipherSuites,
+ String[] enabledProtocols,
+ boolean needClientAuth,
+ String bindAddress)
+ throws IllegalArgumentException {
// Initialize the configuration parameters.
//
this.enabledCipherSuites = enabledCipherSuites == null ?
null : enabledCipherSuites.clone();
this.enabledProtocols = enabledProtocols == null ?
*** 200,209 ****
--- 296,306 ----
}
if (this.enabledProtocols != null) {
sslSocket.setEnabledProtocols(this.enabledProtocols);
enabledProtocolsList = Arrays.asList(this.enabledProtocols);
}
+ this.bindAddress = bindAddress;
}
/**
* <p>Returns the names of the cipher suites enabled on SSL
* connections accepted by server sockets created by this factory,
*** 252,281 ****
* <p>Creates a server socket that accepts SSL connections
* configured according to this factory's SSL socket configuration
* parameters.</p>
*/
public ServerSocket createServerSocket(int port) throws IOException {
! final SSLSocketFactory sslSocketFactory =
! context == null ?
! getDefaultSSLSocketFactory() : context.getSocketFactory();
! return new ServerSocket(port) {
! public Socket accept() throws IOException {
! Socket socket = super.accept();
! SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
! socket, socket.getInetAddress().getHostName(),
! socket.getPort(), true);
! sslSocket.setUseClientMode(false);
! if (enabledCipherSuites != null) {
! sslSocket.setEnabledCipherSuites(enabledCipherSuites);
! }
! if (enabledProtocols != null) {
! sslSocket.setEnabledProtocols(enabledProtocols);
}
- sslSocket.setNeedClientAuth(needClientAuth);
- return sslSocket;
}
- };
}
/**
* <p>Indicates whether some other object is "equal to" this one.</p>
*
--- 349,368 ----
* <p>Creates a server socket that accepts SSL connections
* configured according to this factory's SSL socket configuration
* parameters.</p>
*/
public ServerSocket createServerSocket(int port) throws IOException {
! if (this.bindAddress == null) {
! return new SslServerSocket(port);
! } else {
! try {
! InetAddress addr = InetAddress.getByName(bindAddress);
! return new SslServerSocket(port, 0, addr);
! } catch (UnknownHostException e) {
! return new SslServerSocket(port);
}
}
}
/**
* <p>Indicates whether some other object is "equal to" this one.</p>
*
*** 373,378 ****
--- 460,497 ----
private final String[] enabledProtocols;
private final boolean needClientAuth;
private List<String> enabledCipherSuitesList;
private List<String> enabledProtocolsList;
private SSLContext context;
+ private final String bindAddress;
+
+ private class SslServerSocket extends ServerSocket {
+
+ private SslServerSocket(int port) throws IOException {
+ super(port);
+ }
+
+ private SslServerSocket(int port, int backlog, InetAddress bindAddr) throws IOException {
+ super(port, backlog, bindAddr);
+ }
+
+ @Override
+ public Socket accept() throws IOException {
+ final SSLSocketFactory sslSocketFactory =
+ context == null ?
+ getDefaultSSLSocketFactory() : context.getSocketFactory();
+ Socket socket = super.accept();
+ SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
+ socket, socket.getInetAddress().getHostName(),
+ socket.getPort(), true);
+ sslSocket.setUseClientMode(false);
+ if (enabledCipherSuites != null) {
+ sslSocket.setEnabledCipherSuites(enabledCipherSuites);
+ }
+ if (enabledProtocols != null) {
+ sslSocket.setEnabledProtocols(enabledProtocols);
+ }
+ sslSocket.setNeedClientAuth(needClientAuth);
+ return sslSocket;
+ }
+ }
}
< prev index next >