net.jini.jeri.ssl
Class Utilities

java.lang.Object
  extended by net.jini.jeri.ssl.Utilities
Direct Known Subclasses:
CallContext, ConnectionContext, FilterX509TrustManager, HttpsServerEndpoint.HttpsServerEndpointImpl.HttpsRequestDispatcher, SslConnection, SslEndpoint.SslEndpointInternals, SslEndpointImpl, SslServerEndpointImpl, SslServerEndpointImpl.SslListenEndpoint, SslServerEndpointImpl.SslListenHandle, SslServerEndpointImpl.SslServerConnection, SubjectCredentials

abstract class Utilities
extends Object

Provides miscellaneous utilities for the classes in this package.

Author:
Sun Microsystems, Inc.

Nested Class Summary
private static class Utilities.ClientKey
          WeakKey for looking up a client SSLContext.
private static class Utilities.ServerKey
          WeakKey for looking up a server SSLContext.
(package private) static class Utilities.SSLContextInfo
          Used to pass an SSLContext and AuthManager pair.
private static class Utilities.Value
          Used to store a soft reference to a SSLContext and the associated AuthManager in the SSL context map.
 
Field Summary
private static String[] ANONYMOUS_KEY_EXCHANGE_ALGORITHMS
          The names of JSSE key exchange algorithms used for anonymous communication.
(package private) static int ANY_KEY_ALGORITHM
          Returned by getPermittedKeyAlgorithms when any key algorithm is permitted.
private static CertificateFactory certFactory
          An X.509 certificate factory for creating CertPaths.
(package private) static Logger clientLogger
          Client logger
(package private) static int DSA_KEY_ALGORITHM
          Or'ed into the value returned by getPermittedKeyAlgorithms when DSA keys are permitted.
private static String[] DSA_KEY_EXCHANGE_ALGORITHMS
          The names of JSSE key exchange algorithms that use DSA keys.
(package private) static AuthPermission getSubjectPermission
          Permission needed to access the current subject.
(package private) static Logger initLogger
          Initialization logger
(package private) static InvocationConstraints INTEGRITY_PREFERRED
          Constraints that prefer Integrity.YES.
(package private) static InvocationConstraints INTEGRITY_REQUIRED
          Constraints that require Integrity.YES.
private static String NO_ENCRYPTION_CIPHER_ALGORITHM
          The name of the JSSE cipher algorithm that provides no encryption
private static String NO_INTEGRITY_MIC_ALGORITHM
          The name of the JSSE message integrity code algorithm that does not insure integrity.
private static String[] requestedCipherSuites
          The cipher suites specified by the user, or null if not specified.
(package private) static int RSA_KEY_ALGORITHM
          Or'ed into the value returned by getPermittedKeyAlgorithms when RSA keys are permitted.
private static String[] RSA_KEY_EXCHANGE_ALGORITHMS
          The names of JSSE key exchange algorithms that use RSA keys.
(package private) static Logger serverLogger
          Server logger
private static WeakSoftTable sslContextMap
          Stores SSL contexts and auth managers.
private static String sslProtocol
          The secure socket protocol used with JSSE.
private static String[] STRONG_ENCRYPTION_CIPHERS
          The names of cipher algorithms that do strong encryption
private static String[] SUPPORTED_ENCRYPTION_CIPHERS
          The names of all cipher algorithms supported by this provider.
private static String[] SUPPORTED_KEY_EXCHANGE_ALGORITHMS
          The names of all the JSSE key exchange algorithms supported by this provider.
private static String[] supportedCipherSuitesInternal
          The cipher suites supported by the JSSE implementation, or null if not set yet.
(package private) static Principal UNKNOWN_PRINCIPAL
          Represents a principal whose name is not known.
 
Constructor Summary
Utilities()
           
 
Method Summary
(package private) static void checkValidity(CertPath x509CertPath, X500Principal[] issuers)
          Checks if the X.509 certificates in the CertPath are currently valid.
(package private) static boolean contains(Object[] array, Object element)
          Returns true if the array contains an equal element, which may be null.
(package private) static boolean doesEncryption(String cipherSuite)
          Determines if the cipher suite does encryption
(package private) static boolean doesServerAuthentication(String cipherSuite)
          Determines if the cipher suite authenticates the server
(package private) static boolean equals(Object[] x, Object[] y)
          Checks if the elements of two arrays are equal.
(package private) static X509Certificate firstX509Cert(CertPath certPath)
          Returns the first X509Certificate from a CertPath known to contain them.
(package private) static CertificateFactory getCertFactory()
          Returns a CertificateFactory for generating a CertPath for X.509 certificates.
(package private) static String getCipherAlgorithm(String cipherSuite)
          Returns the cipher algorithm for the specified cipher suite.
(package private) static String getClassName(Object object)
          Returns the class name of an object, without the package or enclosing class prefix.
(package private) static Set getClientPrincipals(InvocationConstraints constraints)
          Returns all client principals referred to by the constraints or null if no client principal constraints are specified.
(package private) static Set getClientPrincipals(Set constraints)
          Returns all client principals referred to by the constraints or null if no client principal constraints are specified.
(package private) static Utilities.SSLContextInfo getClientSSLContextInfo(CallContext callContext)
          Returns the SSLContext and ClientAuthManager to use for creating client socket factories.
(package private) static String getKeyAlgorithm(String cipherSuite)
          Returns the key algorithm for the specified cipher suite, one of "RSA", "DSA", or "NULL".
(package private) static String getKeyExchangeAlgorithm(String cipherSuite)
          Returns the key exchange algorithm for the specified cipher suite.
private static String getMICAlgorithm(String cipherSuite)
          Returns the message integrity code algorithm for the specified cipher suite.
(package private) static int getPermittedKeyAlgorithms(String cipherSuite, boolean client)
          Returns the algorithms permitted for keys used with this cipher suite.
private static Set getPrincipals(InvocationConstraint constraint, boolean client)
          Returns the principals specified by a ClientMinPrincipal, ClientMaxPrincipal, or ServerMinPrincipal constraint, or an alternatives of one of those types.
private static Set getPrincipals(InvocationConstraints constraints, boolean client)
          Implements getClientPrincipals or getServerPrincipals.
private static Set getPrincipals(Set constraints, boolean client)
          Returns the client or server principals referred to by a set of constraints.
(package private) static Set getServerPrincipals(InvocationConstraints constraints)
          Returns all server principals referred to by the constraints or null if no server principal constraints are specified.
(package private) static Utilities.SSLContextInfo getServerSSLContextInfo(Subject serverSubject, Set serverPrincipals)
          Returns the SSLContext and ServerAuthManager to use for creating server socket factories.
(package private) static String[] getSupportedCipherSuites()
          Returns all the cipher suites supported by the JSSE implementation and this provider.
private static String[] getSupportedCipherSuites(SSLSocketFactory factory)
          Returns all the cipher suites supported by the socket factory and this provider.
private static String[] getSupportedCipherSuites(String[] suites)
          Filters out unsupported suites, modifying the argument and maintaining the original order.
(package private) static boolean hasStrongCipherAlgorithm(String cipherSuite)
          Returns true if the cipher algorithm for the specified cipher suite is considered a strong cipher, otherwise false.
private static RuntimeException initializationError(Exception error, String contextString)
          Returns a RuntimeException for a problem initializing JSSE.
(package private) static void logThrow(Logger logger, Level level, Class sourceClass, String sourceMethod, String msg, Object[] params, Throwable e)
          Logs a throw.
(package private) static boolean maintainsIntegrity(String cipherSuite)
          Determines if the cipher suite maintains integrity
(package private) static boolean permittedKeyAlgorithm(String keyAlgorithm, int permittedKeyAlgorithms)
          Returns true if the algorithm is one of the permitted algorithms, otherwise false.
(package private) static int position(String string, String[] list)
          Returns the offset of a string in an array of strings.
(package private) static void releaseClientSSLContextInfo(CallContext callContext, SSLContext sslContext, ClientAuthManager authManager)
          Returns the client's SSLContext and ClientAuthManager to the SSLContextMap for use by another connection.
(package private) static boolean safeEquals(Object x, Object y)
          Same as equals(), but allows either argument to be null
(package private) static String subjectString(Subject subject)
          Returns a String that includes relevant information about a Subject
private static boolean supportedCipherSuite(String cipherSuite)
          Checks if the suite is supported by this provider.
(package private) static String toString(Object[] array)
          Converts the contents of an Object array to a String.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ANONYMOUS_KEY_EXCHANGE_ALGORITHMS

private static final String[] ANONYMOUS_KEY_EXCHANGE_ALGORITHMS
The names of JSSE key exchange algorithms used for anonymous communication.


RSA_KEY_EXCHANGE_ALGORITHMS

private static final String[] RSA_KEY_EXCHANGE_ALGORITHMS
The names of JSSE key exchange algorithms that use RSA keys.


DSA_KEY_EXCHANGE_ALGORITHMS

private static final String[] DSA_KEY_EXCHANGE_ALGORITHMS
The names of JSSE key exchange algorithms that use DSA keys.


SUPPORTED_KEY_EXCHANGE_ALGORITHMS

private static final String[] SUPPORTED_KEY_EXCHANGE_ALGORITHMS
The names of all the JSSE key exchange algorithms supported by this provider.


NO_INTEGRITY_MIC_ALGORITHM

private static final String NO_INTEGRITY_MIC_ALGORITHM
The name of the JSSE message integrity code algorithm that does not insure integrity.

See Also:
Constant Field Values

NO_ENCRYPTION_CIPHER_ALGORITHM

private static final String NO_ENCRYPTION_CIPHER_ALGORITHM
The name of the JSSE cipher algorithm that provides no encryption

See Also:
Constant Field Values

STRONG_ENCRYPTION_CIPHERS

private static final String[] STRONG_ENCRYPTION_CIPHERS
The names of cipher algorithms that do strong encryption


SUPPORTED_ENCRYPTION_CIPHERS

private static final String[] SUPPORTED_ENCRYPTION_CIPHERS
The names of all cipher algorithms supported by this provider.


clientLogger

static final Logger clientLogger
Client logger


serverLogger

static final Logger serverLogger
Server logger


initLogger

static final Logger initLogger
Initialization logger


ANY_KEY_ALGORITHM

static final int ANY_KEY_ALGORITHM
Returned by getPermittedKeyAlgorithms when any key algorithm is permitted.

See Also:
Constant Field Values

DSA_KEY_ALGORITHM

static final int DSA_KEY_ALGORITHM
Or'ed into the value returned by getPermittedKeyAlgorithms when DSA keys are permitted.

See Also:
Constant Field Values

RSA_KEY_ALGORITHM

static final int RSA_KEY_ALGORITHM
Or'ed into the value returned by getPermittedKeyAlgorithms when RSA keys are permitted.

See Also:
Constant Field Values

sslContextMap

private static final WeakSoftTable sslContextMap
Stores SSL contexts and auth managers.


supportedCipherSuitesInternal

private static String[] supportedCipherSuitesInternal
The cipher suites supported by the JSSE implementation, or null if not set yet.


requestedCipherSuites

private static String[] requestedCipherSuites
The cipher suites specified by the user, or null if not specified. The field is not final to aid testing.


certFactory

private static CertificateFactory certFactory
An X.509 certificate factory for creating CertPaths.


UNKNOWN_PRINCIPAL

static final Principal UNKNOWN_PRINCIPAL
Represents a principal whose name is not known. Used, for example, to represent the server principal when the server subject is not available.


INTEGRITY_REQUIRED

static final InvocationConstraints INTEGRITY_REQUIRED
Constraints that require Integrity.YES.


INTEGRITY_PREFERRED

static final InvocationConstraints INTEGRITY_PREFERRED
Constraints that prefer Integrity.YES.


sslProtocol

private static final String sslProtocol
The secure socket protocol used with JSSE.


getSubjectPermission

static final AuthPermission getSubjectPermission
Permission needed to access the current subject.

Constructor Detail

Utilities

Utilities()
Method Detail

getSupportedCipherSuites

static String[] getSupportedCipherSuites()
Returns all the cipher suites supported by the JSSE implementation and this provider.


getSupportedCipherSuites

private static String[] getSupportedCipherSuites(SSLSocketFactory factory)
Returns all the cipher suites supported by the socket factory and this provider. Uses the requested cipher suites, if any.


getSupportedCipherSuites

private static String[] getSupportedCipherSuites(String[] suites)
Filters out unsupported suites, modifying the argument and maintaining the original order.


getClientPrincipals

static Set getClientPrincipals(InvocationConstraints constraints)
Returns all client principals referred to by the constraints or null if no client principal constraints are specified. Returns a new set if the result is non-null.


getClientPrincipals

static Set getClientPrincipals(Set constraints)
Returns all client principals referred to by the constraints or null if no client principal constraints are specified. Returns a new set if the result is non-null.


getServerPrincipals

static Set getServerPrincipals(InvocationConstraints constraints)
Returns all server principals referred to by the constraints or null if no server principal constraints are specified. Returns a new set if the result is non-null.


getPrincipals

private static Set getPrincipals(InvocationConstraints constraints,
                                 boolean client)
Implements getClientPrincipals or getServerPrincipals.


getPrincipals

private static Set getPrincipals(Set constraints,
                                 boolean client)
Returns the client or server principals referred to by a set of constraints.


getPrincipals

private static Set getPrincipals(InvocationConstraint constraint,
                                 boolean client)
Returns the principals specified by a ClientMinPrincipal, ClientMaxPrincipal, or ServerMinPrincipal constraint, or an alternatives of one of those types.


getClientSSLContextInfo

static Utilities.SSLContextInfo getClientSSLContextInfo(CallContext callContext)
Returns the SSLContext and ClientAuthManager to use for creating client socket factories. Each client connection has exclusive access to an SSLContext while the opening an SSL connection and should return the SSLContextInfo by calling releaseClientSSLContextInfo when the connection handshake is done, unless the handshake fails.

Parameters:
callContext - the client call context
Returns:
an SSLContextInfo containing an SSLContext and ClientAuthManager to use for a connection described by the argument
Throws:
RuntimeException - if an error occurs during initialization of JSSE

getServerSSLContextInfo

static Utilities.SSLContextInfo getServerSSLContextInfo(Subject serverSubject,
                                                        Set serverPrincipals)
Returns the SSLContext and ServerAuthManager to use for creating server socket factories. Server connections with the same subject and principals share the same SSLContext.

Parameters:
serverSubject - the subject, or null
serverPrincipals - the permitted principals, or null
Returns:
an SSLContextInfo containing an SSLContext and ServerAuthManager to use for a connection described by the arguments
Throws:
RuntimeException - if an error occurs during initialization of JSSE

releaseClientSSLContextInfo

static void releaseClientSSLContextInfo(CallContext callContext,
                                        SSLContext sslContext,
                                        ClientAuthManager authManager)
Returns the client's SSLContext and ClientAuthManager to the SSLContextMap for use by another connection.


initializationError

private static RuntimeException initializationError(Exception error,
                                                    String contextString)
Returns a RuntimeException for a problem initializing JSSE.

Parameters:
error - an Exception that describes the problem
contextString - describes where the problem occurred
Returns:
a RuntimeException describing the problem

getCertFactory

static CertificateFactory getCertFactory()
Returns a CertificateFactory for generating a CertPath for X.509 certificates.


firstX509Cert

static X509Certificate firstX509Cert(CertPath certPath)
Returns the first X509Certificate from a CertPath known to contain them.


checkValidity

static void checkValidity(CertPath x509CertPath,
                          X500Principal[] issuers)
                   throws CertificateException
Checks if the X.509 certificates in the CertPath are currently valid. If issuers is non-null, insures the path contains one of the issuers.

Throws:
CertificateException

doesServerAuthentication

static boolean doesServerAuthentication(String cipherSuite)
Determines if the cipher suite authenticates the server


doesEncryption

static boolean doesEncryption(String cipherSuite)
Determines if the cipher suite does encryption


maintainsIntegrity

static boolean maintainsIntegrity(String cipherSuite)
Determines if the cipher suite maintains integrity


getKeyExchangeAlgorithm

static String getKeyExchangeAlgorithm(String cipherSuite)
Returns the key exchange algorithm for the specified cipher suite.

The key exchange algorithm is found following the first underscore and up to the first occurrence of "_WITH_".


getKeyAlgorithm

static String getKeyAlgorithm(String cipherSuite)
Returns the key algorithm for the specified cipher suite, one of "RSA", "DSA", or "NULL". Throws an IllegalArgumentException if the algorithm is not recognized.

The key algorithm is specified by the key exchange algorithm.


getPermittedKeyAlgorithms

static int getPermittedKeyAlgorithms(String cipherSuite,
                                     boolean client)
Returns the algorithms permitted for keys used with this cipher suite. Note that the result can be different for client and server sides.

Parameters:
cipherSuite - the cipher suite
client - true to get results for the client side, false for the server side
Returns:
the permitted key algorithms, an OR of some set of the values DSA_KEY_ALGORITHM and RSA_KEY_ALGORITHM
Throws:
IllegalArgumentException - if the key exchange algorithm is not recognized

permittedKeyAlgorithm

static boolean permittedKeyAlgorithm(String keyAlgorithm,
                                     int permittedKeyAlgorithms)
Returns true if the algorithm is one of the permitted algorithms, otherwise false.


getCipherAlgorithm

static String getCipherAlgorithm(String cipherSuite)
Returns the cipher algorithm for the specified cipher suite.

The cipher algorithm is found following the first occurrence of "_WITH_" and up to the last underscore.


hasStrongCipherAlgorithm

static boolean hasStrongCipherAlgorithm(String cipherSuite)
Returns true if the cipher algorithm for the specified cipher suite is considered a strong cipher, otherwise false.


getMICAlgorithm

private static String getMICAlgorithm(String cipherSuite)
Returns the message integrity code algorithm for the specified cipher suite.

The message integrity algorithm is found after the last underscore.


supportedCipherSuite

private static boolean supportedCipherSuite(String cipherSuite)
Checks if the suite is supported by this provider. The suite can only be supported if its security characteristics can be determined, meaning its key exchange and cipher algorithms must be known.


subjectString

static String subjectString(Subject subject)
Returns a String that includes relevant information about a Subject


safeEquals

static boolean safeEquals(Object x,
                          Object y)
Same as equals(), but allows either argument to be null


contains

static boolean contains(Object[] array,
                        Object element)
Returns true if the array contains an equal element, which may be null.


toString

static String toString(Object[] array)
Converts the contents of an Object array to a String.


equals

static boolean equals(Object[] x,
                      Object[] y)
Checks if the elements of two arrays are equal.

Parameters:
x - the first array
y - the second array
Returns:
true if both arguments are null or both are non-null, are the same length, and, for each array index, the elements of each array either both null or both non-null and equal

getClassName

static String getClassName(Object object)
Returns the class name of an object, without the package or enclosing class prefix.


position

static int position(String string,
                    String[] list)
Returns the offset of a string in an array of strings. Returns -1 if the string is not found.


logThrow

static void logThrow(Logger logger,
                     Level level,
                     Class sourceClass,
                     String sourceMethod,
                     String msg,
                     Object[] params,
                     Throwable e)
Logs a throw. Use this method to log a throw when the log message needs parameters.

Parameters:
logger - logger to log to
level - the log level
sourceClass - class where throw occurred
sourceMethod - name of the method where throw occurred
msg - log message
params - log message parameters
e - exception thrown


Copyright 2007-2010, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.