RMISocketFactoryImpl (Not Yet Commons SSL 0.3.9 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.commons.ssl
Class RMISocketFactoryImpl

java.lang.Object
  java.rmi.server.RMISocketFactory
      org.apache.commons.ssl.RMISocketFactoryImpl

All Implemented Interfaces:: java.rmi.server.RMIClientSocketFactory, java.rmi.server.RMIServerSocketFactory

public class RMISocketFactoryImpl
extends java.rmi.server.RMISocketFactory

An RMISocketFactory ideal for using RMI over SSL. The server secures both the registry and the remote objects. The client assumes that either both the registry and the remote objects will use SSL, or both will use plain-socket. The client is able to auto detect plain-socket registries and downgrades itself to accomodate those.

Unlike most existing RMI over SSL solutions in use (including Java 5's javax.rmi.ssl.SslRMIClientSocketFactory), this one does proper SSL hostname verification. From the client perspective this is straighforward. From the server perspective we introduce a clever trick: we perform an initial "hostname verification" by trying the current value of "java.rmi.server.hostname" against our server certificate. If the "java.rmi.server.hostname" System Property isn't set, we set it ourselves using the CN value we extract from our server certificate! (Some complications arise should a wildcard certificate show up, but we try our best to deal with those).

An SSL server cannot be started without a private key. We have defined some default behaviour for trying to find a private key to use that we believe is convenient and sensible:

If running from inside Tomcat, we try to re-use Tomcat's private key and certificate chain (assuming Tomcat-SSL on port 8443 is enabled). If this isn't available, we look for the "javax.net.ssl.keyStore" System property. Finally, if that isn't available, we look for "~/.keystore" and assume a password of "changeit".

If after all these attempts we still failed to find a private key, the RMISocketFactoryImpl() constructor will throw an SSLException.

Since:: 22-Apr-2005
Author:: Credit Union Central of British Columbia, www.cucbc.com, juliusdavies@cucbc.com

Field Summary
`static java.lang.String`	`RMI_HOSTNAME_KEY`

Constructor Summary
`RMISocketFactoryImpl()`
`RMISocketFactoryImpl(boolean createDefaultServer)`

Method Summary
`java.net.ServerSocket`	`createServerSocket(int port)`
`java.net.Socket`	`createSocket(java.lang.String host, int port)`
`javax.net.SocketFactory`	`getClient(java.lang.String host)`
`javax.net.SocketFactory`	`getDefaultClient()`
`static java.lang.String`	`getMyDefaultIP()`
`static java.util.SortedSet`	`getMyInternetFacingIPs()`
`javax.net.ServerSocketFactory`	`getServer()`
`void`	`removeClient(javax.net.SocketFactory sf)`
`void`	`removeClient(java.lang.String host)`
`void`	`setAnonymousPort(int port)`
`void`	`setClient(java.lang.String host, javax.net.SocketFactory f)`
`void`	`setDefaultClient(javax.net.SocketFactory f)`
`void`	`setLocalBindAddress(java.lang.String localBindAddress)`
`void`	`setServer(javax.net.ServerSocketFactory f)`

Methods inherited from class java.rmi.server.RMISocketFactory

getDefaultSocketFactory, getFailureHandler, getSocketFactory, setFailureHandler, setSocketFactory

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

RMI_HOSTNAME_KEY

public static final java.lang.String RMI_HOSTNAME_KEY

See Also:: Constant Field Values

Constructor Detail