net.jini.jeri.ssl
Class SslConnection

java.lang.Object
  extended by net.jini.jeri.ssl.Utilities
      extended by net.jini.jeri.ssl.SslConnection
All Implemented Interfaces:
Connection
Direct Known Subclasses:
HttpsEndpoint.HttpsConnection

 class SslConnection
extends Utilities
implements Connection

Implementation of Connection used by SslEndpoint.

Author:
Sun Microsystems, Inc.

Nested Class Summary
 
Nested classes/interfaces inherited from class net.jini.jeri.ssl.Utilities
Utilities.SSLContextInfo
 
Field Summary
private  String activeCipherSuite
          The currently active cipher suite
private  ClientAuthManager authManager
          The authentication manager.
(package private)  CallContext callContext
          The call context specified when the connection was made
(package private)  boolean closed
          True if the connection has been closed.
private static Logger logger
          Client logger
private static long maxClientSessionDuration
          The maximum time a client session should be used before expiring -- non-final to facilitate testing.
(package private)  int port
          The server port
(package private)  String serverHost
          The server host
private  SSLSession session
          The current session
(package private)  SocketFactory socketFactory
          The socket factory for creating plain sockets, or null to use default sockets.
private  SSLContext sslContext
          The SSLContext -- only shared by connections with the same host, port, suite, and principals.
(package private)  SSLSocket sslSocket
          The socket
(package private)  SSLSocketFactory sslSocketFactory
          The factory for creating SSL sockets.
 
Fields inherited from class net.jini.jeri.ssl.Utilities
ANY_KEY_ALGORITHM, clientLogger, DSA_KEY_ALGORITHM, getSubjectPermission, initLogger, INTEGRITY_PREFERRED, INTEGRITY_REQUIRED, RSA_KEY_ALGORITHM, serverLogger, UNKNOWN_PRINCIPAL
 
Constructor Summary
SslConnection(CallContext callContext, String serverHost, int port, SocketFactory socketFactory)
          Creates a connection.
 
Method Summary
(package private)  boolean checkConnectPermission()
          Determine whether the caller has "connect" SocketPermission for the connection's underlying socket.
private  boolean checkSessionExpired()
          Checks if the session currently active on the connection has been active for longer than maxClientSessionDuration and, if so, invalidates the session.
 void close()
          Closes this connection.
private  void closeSocket()
          Closes the socket for this connection.
private static int computeTimeout(long connectionTime)
           
private  Socket connectToHost(String host, int port, long connectionTime)
          Returns a socket connected to the specified host and port, according to the specified constraints.
private  Socket connectToSocketAddress(SocketAddress socketAddress, long connectionTime)
          Returns a socket connected to the specified address, with a timeout governed by the specified absolute connection time.
(package private)  Socket createPlainSocket(String host, int port)
          Creates a plain socket to use for communication with the specified host and port.
(package private)  void establishCallContext()
          Establishes a cipher suite on this connection as specified by the call context.
(package private)  void establishNewSocket()
          Attempts to create a new socket for the call context and cipher suites.
(package private)  void establishSuites()
          Attempts to establish the call context and suites on the current socket.
 SocketChannel getChannel()
          Returns a socket channel that performs I/O on this connection, or null if no socket channel is available.
 InputStream getInputStream()
          Returns an input stream that reads data from this connection.
 OutputStream getOutputStream()
          Returns an output stream that writes data to this connection.
protected  String getProxyHost()
          Return HTTP proxy host if present, an empty string otherwise.
 InvocationConstraints getUnfulfilledConstraints(OutboundRequestHandle handle)
          Implements OutboundRequest.getUnfulfilledConstraints for a request with the specified handle.
private  Socket newSocket()
          Returns a new unconnected socket, using this endpoint's socket factory if non-null.
 void populateContext(OutboundRequestHandle handle, Collection context)
          Populates the supplied collection with context information representing a request with the specified handle.
 IOException readResponseData(OutboundRequestHandle handle, InputStream stream)
          Reads from the specified stream any per-response data required by this connection for a request with the specified handle.
 String toString()
          Returns a string representation of this object.
(package private)  boolean useFor(CallContext otherCallContext)
          Returns true if this connection is compatible with the specified call context.
 void writeRequestData(OutboundRequestHandle handle, OutputStream stream)
          Writes to the specified stream any per-request data required by this connection for a request with the specified handle.
 
Methods inherited from class net.jini.jeri.ssl.Utilities
checkValidity, contains, doesEncryption, doesServerAuthentication, equals, firstX509Cert, getCertFactory, getCipherAlgorithm, getClassName, getClientPrincipals, getClientPrincipals, getClientSSLContextInfo, getKeyAlgorithm, getKeyExchangeAlgorithm, getPermittedKeyAlgorithms, getServerPrincipals, getServerSSLContextInfo, getSupportedCipherSuites, hasStrongCipherAlgorithm, logThrow, maintainsIntegrity, permittedKeyAlgorithm, position, releaseClientSSLContextInfo, safeEquals, subjectString, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

maxClientSessionDuration

private static long maxClientSessionDuration
The maximum time a client session should be used before expiring -- non-final to facilitate testing. Use 23.5 hours as the default to allow the client to negotiate a new session before the server timeout, which defaults to 24 hours.


logger

private static final Logger logger
Client logger


serverHost

final String serverHost
The server host


port

final int port
The server port


socketFactory

final SocketFactory socketFactory
The socket factory for creating plain sockets, or null to use default sockets.


callContext

final CallContext callContext
The call context specified when the connection was made


sslContext

private final SSLContext sslContext
The SSLContext -- only shared by connections with the same host, port, suite, and principals.


sslSocketFactory

final SSLSocketFactory sslSocketFactory
The factory for creating SSL sockets.


authManager

private final ClientAuthManager authManager
The authentication manager.


sslSocket

SSLSocket sslSocket
The socket


activeCipherSuite

private String activeCipherSuite
The currently active cipher suite


session

private SSLSession session
The current session


closed

boolean closed
True if the connection has been closed.

Constructor Detail

SslConnection

SslConnection(CallContext callContext,
              String serverHost,
              int port,
              SocketFactory socketFactory)
Creates a connection.

Parameters:
callContext - the call context to establish
serverHost - the server host to connect to
port - the server port to connect to
socketFactory - the socket factory, or null to use default sockets
Method Detail

establishCallContext

final void establishCallContext()
                         throws IOException
Establishes a cipher suite on this connection as specified by the call context.

Throws:
UnsupportedSecurityException - if the requested constraints cannot be supported
IOException - if an I/O failure occurs
SecurityException - if the current access control context does not have the proper AuthenticationPermission

closeSocket

private void closeSocket()
Closes the socket for this connection.


establishNewSocket

void establishNewSocket()
                  throws IOException
Attempts to create a new socket for the call context and cipher suites.

Throws:
SSLException - if the suites cannot be supported
IOException - if an I/O failure occurs

establishSuites

final void establishSuites()
                    throws IOException
Attempts to establish the call context and suites on the current socket.

Throws:
SSLException - if the requested suites cannot be supported
IOException - if an I/O failure occurs

createPlainSocket

final Socket createPlainSocket(String host,
                               int port)
                        throws IOException
Creates a plain socket to use for communication with the specified host and port.

Throws:
IOException

computeTimeout

private static int computeTimeout(long connectionTime)
                           throws IOException
Throws:
IOException

connectToHost

private Socket connectToHost(String host,
                             int port,
                             long connectionTime)
                      throws IOException
Returns a socket connected to the specified host and port, according to the specified constraints. If the host name resolves to multiple addresses, attempts to connect to each of them in order until one succeeds.

Throws:
IOException

connectToSocketAddress

private Socket connectToSocketAddress(SocketAddress socketAddress,
                                      long connectionTime)
                               throws IOException
Returns a socket connected to the specified address, with a timeout governed by the specified absolute connection time.

Throws:
IOException

newSocket

private Socket newSocket()
                  throws IOException
Returns a new unconnected socket, using this endpoint's socket factory if non-null.

Throws:
IOException

toString

public String toString()
Returns a string representation of this object.

Overrides:
toString in class Object

getInputStream

public InputStream getInputStream()
                           throws IOException
Description copied from interface: Connection
Returns an input stream that reads data from this connection.

Specified by:
getInputStream in interface Connection
Returns:
an input stream that reads data from this connection
Throws:
IOException - if an I/O exception occurs

getOutputStream

public OutputStream getOutputStream()
                             throws IOException
Description copied from interface: Connection
Returns an output stream that writes data to this connection.

Specified by:
getOutputStream in interface Connection
Returns:
an output stream that writes data to this connection
Throws:
IOException - if an I/O exception occurs

getChannel

public SocketChannel getChannel()
Description copied from interface: Connection
Returns a socket channel that performs I/O on this connection, or null if no socket channel is available. If a non-null socket channel is returned, it is connected.

Specified by:
getChannel in interface Connection
Returns:
a socket channel that performs I/O on this connection, or null

populateContext

public void populateContext(OutboundRequestHandle handle,
                            Collection context)
Description copied from interface: Connection
Populates the supplied collection with context information representing a request with the specified handle. This method is used to implement OutboundRequest.populateContext for such requests; the context may also be populated by the connection manager.

Specified by:
populateContext in interface Connection
Parameters:
handle - the handle for the request
context - the context collection to populate

getUnfulfilledConstraints

public InvocationConstraints getUnfulfilledConstraints(OutboundRequestHandle handle)
Description copied from interface: Connection
Implements OutboundRequest.getUnfulfilledConstraints for a request with the specified handle.

Specified by:
getUnfulfilledConstraints in interface Connection
Parameters:
handle - the handle for the request
Returns:
the constraints for the request that must be partially or fully implemented by higher layers

writeRequestData

public void writeRequestData(OutboundRequestHandle handle,
                             OutputStream stream)
Description copied from interface: Connection
Writes to the specified stream any per-request data required by this connection for a request with the specified handle.

This method is invoked by ConnectionManager with the request output stream of the OutboundRequest that it creates for the request. This method can be used, for example, to convey per-request information about delegation, client authentication, or client privileges.

There may be multiple requests in progress concurrently over this connection, and data written to the specified stream may be buffered and multiplexed with data from other requests before being written to this connection's underlying output stream. Therefore, this method should only write data to the specified stream and must not read any data from this connection's underlying input stream; data can, however, be subsequently read with readResponseData.

Specified by:
writeRequestData in interface Connection
Parameters:
handle - the handle for the request
stream - the request output stream of the request

readResponseData

public IOException readResponseData(OutboundRequestHandle handle,
                                    InputStream stream)
Description copied from interface: Connection
Reads from the specified stream any per-response data required by this connection for a request with the specified handle.

This method returns null if the information read (if any) indicates that the constraints are satisfied, and it returns an exception if the constraints could not be satisfied. If an exception is returned rather than thrown, the delivery status of a corresponding OutboundRequest will be false.

This method is invoked by ConnectionManager with the response input stream of the OutboundRequest that it creates for the request and the same handle that was passed to writeRequestData. This method can be used to read information produced by ServerConnection.processRequestData in response to the information sent by writeRequestData.

There may be multiple requests in progress concurrently over this connection, and data read from the specified stream may have been buffered and multiplexed with data from other requests being read from this connection's underlying input stream. Therefore, this method should only read data from the specified stream and must not write any data to this connection's underlying output stream.

Specified by:
readResponseData in interface Connection
Parameters:
handle - the handle for the request
stream - the response input stream of the request
Returns:
null if the constraints are satisfied, or an exception if the constraints could not be satisfied

close

public void close()
           throws IOException
Description copied from interface: Connection
Closes this connection.

Specified by:
close in interface Connection
Throws:
IOException - if an I/O exception occurs

useFor

final boolean useFor(CallContext otherCallContext)
Returns true if this connection is compatible with the specified call context.


checkSessionExpired

private boolean checkSessionExpired()
Checks if the session currently active on the connection has been active for longer than maxClientSessionDuration and, if so, invalidates the session.


getProxyHost

protected String getProxyHost()
Return HTTP proxy host if present, an empty string otherwise.


checkConnectPermission

boolean checkConnectPermission()
Determine whether the caller has "connect" SocketPermission for the connection's underlying socket.

Returns:
true if there is an underlying socket and the caller has permission to use it, or false if there is no underlying socket.
Throws:
SecurityException - if the underlying socket exists but the caller does not have permission to use it.


Copyright 2007-2010, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.