User: starksm Date: 01/11/09 02:18:14 Modified: src/main/org/jboss/security/ssl Tag: Branch_2_4 DomainServerSocketFactory.java Added: src/main/org/jboss/security/ssl Tag: Branch_2_4 RMISSLClientSocketFactory.java RMISSLServerSocketFactory.java Log: Update the SSL support for the RMI socket factories and add support for binding to a specific interface. Revision Changes Path No revision No revision 1.1.2.2 +46 -7 jbosssx/src/main/org/jboss/security/ssl/Attic/DomainServerSocketFactory.java Index: DomainServerSocketFactory.java =================================================================== RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/ssl/Attic/DomainServerSocketFactory.java,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- DomainServerSocketFactory.java 2001/09/26 06:14:46 1.1.2.1 +++ DomainServerSocketFactory.java 2001/11/09 10:18:14 1.1.2.2 @@ -4,6 +4,7 @@ import java.io.IOException; import java.net.InetAddress; import java.net.ServerSocket; +import java.net.UnknownHostException; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; @@ -11,8 +12,6 @@ import javax.net.ServerSocketFactory; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLSocket; -import javax.net.ssl.HandshakeCompletedListener; -import javax.net.ssl.HandshakeCompletedEvent; import com.sun.net.ssl.KeyManager; import com.sun.net.ssl.KeyManagerFactory; @@ -21,6 +20,7 @@ import com.sun.net.ssl.TrustManagerFactory; import org.apache.log4j.Category; + import org.jboss.security.SecurityDomain; /** An implementation of ServerSocketFactory that creates SSL server sockets @@ -33,14 +33,24 @@ @see org.jboss.security.SecurityDomain @author [EMAIL PROTECTED] -@version $Revision: 1.1.2.1 $ +@version $Revision: 1.1.2.2 $ */ public class DomainServerSocketFactory extends ServerSocketFactory { private static Category log = Category.getInstance(DomainServerSocketFactory.class); - private SecurityDomain securityDomain; + private transient SecurityDomain securityDomain; + private transient InetAddress bindAddress; - /** Creates new DomainSocketFactory */ + /** A default constructor for use when created by Class.newInstance. The + factory is not usable until its SecurityDomain has been established. + */ + public DomainServerSocketFactory() + { + System.out.println("DomainServerSocketFactory, this="+this); + } + /** Create a sockate factory instance that uses the given SecurityDomain + as the source for the SSL KeyManagerFactory and TrustManagerFactory. + */ public DomainServerSocketFactory(SecurityDomain securityDomain) throws IOException { if( securityDomain == null ) @@ -48,14 +58,36 @@ this.securityDomain = securityDomain; } + public String getBindAddress() + { + String address = null; + if( bindAddress != null ) + address = bindAddress.getHostAddress(); + return address; + } + public void setBindAddress(String host) throws UnknownHostException + { + bindAddress = InetAddress.getByName(host); + } + + public SecurityDomain getSecurityDomain() + { + return securityDomain; + } + public void setSecurityDomain(SecurityDomain securityDomain) + { + this.securityDomain = securityDomain; + } + +// --- Begin ServerSocketFactory interface methods public ServerSocket createServerSocket(int port) throws IOException { - return createServerSocket(port, 50, null); + return createServerSocket(port, 50, bindAddress); } public ServerSocket createServerSocket(int port, int backlog) throws IOException { - return createServerSocket(port, backlog, null); + return createServerSocket(port, backlog, bindAddress); } /** * Returns a server socket which uses only the specified network @@ -107,6 +139,9 @@ return socket; } + /** The default ServerSocketFactory which looks to the java:/jaas/other + security domain configuration. + */ public static ServerSocketFactory getDefault() { DomainServerSocketFactory ssf = null; @@ -118,7 +153,11 @@ } catch(Exception e) { + log.error("Failed to create default ServerSocketFactory", e); } return ssf; } + +// --- End ServerSocketFactory interface methods + } No revision No revision 1.2.2.1 +57 -6 jbosssx/src/main/org/jboss/security/ssl/RMISSLClientSocketFactory.java Index: RMISSLClientSocketFactory.java =================================================================== RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/ssl/RMISSLClientSocketFactory.java,v retrieving revision 1.2 retrieving revision 1.2.2.1 diff -u -r1.2 -r1.2.2.1 --- RMISSLClientSocketFactory.java 2001/10/15 04:32:53 1.2 +++ RMISSLClientSocketFactory.java 2001/11/09 10:18:14 1.2.2.1 @@ -10,14 +10,65 @@ import java.io.Serializable; import java.net.Socket; import java.rmi.server.RMIClientSocketFactory; +import javax.net.ssl.HandshakeCompletedEvent; +import javax.net.ssl.HandshakeCompletedListener; +import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.SSLSocket; -public class RMISSLClientSocketFactory implements RMIClientSocketFactory, Serializable { +import org.apache.log4j.Category; - public Socket createSocket(String host, int port) throws IOException { - SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); - SSLSocket socket = (SSLSocket) factory.createSocket(host, port); - return socket; - } +/** An implementation of RMIClientSocketFactory that uses the JSSE + default SSLSocketFactory to create a client SSLSocket. + * + * @author [EMAIL PROTECTED] + * @version $Revision: 1.2.2.1 $ + */ +public class RMISSLClientSocketFactory implements HandshakeCompletedListener, + RMIClientSocketFactory, Serializable +{ + private static final long serialVersionUID = -6412485012870705607L; + + /** Creates new RMISSLClientSocketFactory */ + public RMISSLClientSocketFactory() + { + } + + /** Create a client socket connected to the specified host and port. + * @param host - the host name + * @param port - the port number + * @return a socket connected to the specified host and port. + * @exception IOException if an I/O error occurs during socket creation. + */ + public java.net.Socket createSocket(String host, int port) + throws IOException + { + SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); + SSLSocket socket = (SSLSocket) factory.createSocket(host, port); + socket.addHandshakeCompletedListener(this); + return socket; + } + + public boolean equals(Object obj) + { + return obj instanceof RMISSLClientSocketFactory; + } + public int hashCode() + { + return getClass().getName().hashCode(); + } + + public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) + { + Category log = Category.getInstance(RMISSLClientSocketFactory.class); + if( log.isDebugEnabled() ) + { + String cipher = handshakeCompletedEvent.getCipherSuite(); + SSLSession session = handshakeCompletedEvent.getSession(); + String peerHost = session.getPeerHost(); + log.debug("SSL handshakeCompleted, cipher="+cipher + +", peerHost="+peerHost); + } + } + } 1.2.2.1 +66 -39 jbosssx/src/main/org/jboss/security/ssl/RMISSLServerSocketFactory.java Index: RMISSLServerSocketFactory.java =================================================================== RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/ssl/RMISSLServerSocketFactory.java,v retrieving revision 1.2 retrieving revision 1.2.2.1 diff -u -r1.2 -r1.2.2.1 --- RMISSLServerSocketFactory.java 2001/10/15 04:32:53 1.2 +++ RMISSLServerSocketFactory.java 2001/11/09 10:18:14 1.2.2.1 @@ -6,47 +6,74 @@ */ package org.jboss.security.ssl; -import java.io.FileInputStream; import java.io.IOException; import java.io.Serializable; import java.net.ServerSocket; +import java.net.UnknownHostException; import java.rmi.server.RMIServerSocketFactory; -import javax.net.ssl.SSLServerSocketFactory; -import java.security.KeyStore; -import java.security.Security; -import com.sun.net.ssl.KeyManagerFactory; -import com.sun.net.ssl.SSLContext; - - -public class RMISSLServerSocketFactory implements RMIServerSocketFactory, Serializable { - - static { - // Security provider for JSSE 1.0.2 - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - } - - - public ServerSocket createServerSocket(int port) throws IOException { - SSLServerSocketFactory ssf = null; - try { - // set up key manager to do server authentication - SSLContext ctx; - KeyManagerFactory kmf; - KeyStore ks; - char[] passphrase = "passphrase".toCharArray(); - - ctx = SSLContext.getInstance("TLS"); - kmf = KeyManagerFactory.getInstance("SunX509"); - ks = KeyStore.getInstance("JKS"); - - ks.load(new FileInputStream("privatekeys"), passphrase); - kmf.init(ks, passphrase); - ctx.init(kmf.getKeyManagers(), null, null); - - ssf = ctx.getServerSocketFactory(); - } catch (Exception e) { - e.printStackTrace(); - } - return ssf.createServerSocket(port); - } + +import org.jboss.security.SecurityDomain; + +/** An implementation of RMIServerSocketFactory that uses a + DomainServerSocketFactory for its implementation. This class is just an + adaptor from the RMIServerSocketFactory to the DomainServerSocketFactory. + + This class is not suitable for RMI object that require a Serializable socket + factory like activatable services. The reason for this limitation is that + a SecurityDomain is not serializable due to its association with a local + KeyStore. + +@author [EMAIL PROTECTED] +@version $Revision: 1.2.2.1 $ +*/ +public class RMISSLServerSocketFactory implements RMIServerSocketFactory +{ + private DomainServerSocketFactory domainFactory; + + /** Creates new RMISSLServerSocketFactory */ + public RMISSLServerSocketFactory() + { + domainFactory = new DomainServerSocketFactory(); + } + + public String getBindAddress() + { + return domainFactory.getBindAddress(); + } + public void setBindAddress(String host) throws UnknownHostException + { + domainFactory.setBindAddress(host); + } + + public SecurityDomain getSecurityDomain() + { + return domainFactory.getSecurityDomain(); + } + public void setSecurityDomain(SecurityDomain securityDomain) + { + domainFactory.setSecurityDomain(securityDomain); + } + + /** + * Create a server socket on the specified port (port 0 indicates + * an anonymous port). + * @param port the port number + * @return the server socket on the specified port + * @exception IOException if an I/O error occurs during server socket + * creation + */ + public ServerSocket createServerSocket(int port) + throws IOException + { + return domainFactory.createServerSocket(port); + } + + public boolean equals(Object obj) + { + return obj instanceof RMISSLServerSocketFactory; + } + public int hashCode() + { + return getClass().getName().hashCode(); + } }
_______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development