net.jini.jeri.ssl
Class ConnectionContext

java.lang.Object
  extended by net.jini.jeri.ssl.Utilities
      extended by net.jini.jeri.ssl.ConnectionContext

final class ConnectionContext
extends Utilities

Records information about a connection used for a remote call and determines whether the connection could support specific constraints.

Does not support heterogeneous constraint alternatives. As a result, callers can be assured that the choice of possible principals or of Integrity.YES is independent of the suites, insuring that those items can be picked before negotiating the cipher suite.

Author:
Sun Microsystems, Inc.

Nested Class Summary
 
Nested classes/interfaces inherited from class net.jini.jeri.ssl.Utilities
Utilities.SSLContextInfo
 
Field Summary
(package private)  String cipherSuite
          The cipher suite
(package private)  Principal client
          The client principal, or null for an anonymous client
private static ClientMinPrincipalType clientMinPrincipalType
          The ClientMinPrincipalType supported by the provider.
private  boolean clientSide
          Whether the connection is being considered on the client side, which does not support relative time constraints.
private  long connectionTime
          The absolute connection time, or Long.MAX_VALUE if not specified
private  boolean integrity
          Whether codebase integrity should be enforced
private static long INTEGRITY
          Constraints supported with codebase integrity
private  boolean integrityPreferred
          Whether the preferences specify Integrity.YES
private  boolean integrityRequired
          Whether the requirements specify Integrity.YES
private static long NOT_SUPPORTED
          Constraints not supported
private  boolean notSupported
          Set to true if the principals and cipher suite conflict
private static long OK
          Constraints supported, without integrity or connection timeout
private  int preferences
          The number of preferences satisfied
(package private)  Principal server
          The server principal, or null for an anonymous server
 
Fields inherited from class net.jini.jeri.ssl.Utilities
ANY_KEY_ALGORITHM, clientLogger, DSA_KEY_ALGORITHM, getSubjectPermission, initLogger, INTEGRITY_PREFERRED, INTEGRITY_REQUIRED, RSA_KEY_ALGORITHM, serverLogger, UNKNOWN_PRINCIPAL
 
Constructor Summary
private ConnectionContext(String cipherSuite, Principal client, Principal server, boolean integrity, boolean clientSide)
          Creates an instance of this class.
 
Method Summary
(package private)  void fieldsToString(StringBuffer sb)
           
(package private)  long getConnectionTime()
          Returns the absolute time when the connection should be completed, or Long.MAX_VALUE for no limit.
(package private) static ConnectionContext getInstance(String cipherSuite, Principal client, Principal server, boolean integrity, boolean clientSide, InvocationConstraints constraints)
          Creates an instance that represents using the specified cipher suite, client and server principals, whether to guarantee codebase integrity, and constraints.
(package private)  boolean getIntegrityPreferred()
          Returns whether integrity is preferred.
(package private)  boolean getIntegrityRequired()
          Returns whether integrity is required.
(package private)  int getPreferences()
          Returns the number of preferences that can be satisfied.
private static long ok(boolean ok)
          Returns OK if the argument is true, else NOT_SUPPORTED.
private  long supported(ConstraintAlternatives constraint)
          Checks if the constraint alternatives are supported, returning NOT_SUPPORTED if the elements have different types or none are supported, INTEGRITY if the elements are instances of Integrity, the largest connection time if the elements are instances of ConnectionAbsoluteTime, and otherwise OK.
private  long supported(InvocationConstraint constraint)
          Checks if the constraint is supported, returning NOT_SUPPORTED if it is not supported, INTEGRITY if the constraint is Integrity.YES or constraint alternatives with elements of type Integrity, the connection time if the constraint is an instance of ConnectionAbsoluteTime or constraint alternatives of them, and otherwise OK.
private  boolean supported(InvocationConstraints constraints)
          Checks if the specified constraints are supported, computing integrityRequired, integrityPreferred, connectionTime and preferences as a side effect.
 String toString()
           
 
Methods inherited from class net.jini.jeri.ssl.Utilities
checkValidity, contains, doesEncryption, doesServerAuthentication, equals, firstX509Cert, getCertFactory, getCipherAlgorithm, getClassName, getClientPrincipals, getClientPrincipals, getClientSSLContextInfo, getKeyAlgorithm, getKeyExchangeAlgorithm, getPermittedKeyAlgorithms, getServerPrincipals, getServerSSLContextInfo, getSupportedCipherSuites, hasStrongCipherAlgorithm, logThrow, maintainsIntegrity, permittedKeyAlgorithm, position, releaseClientSSLContextInfo, safeEquals, subjectString, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

OK

private static final long OK
Constraints supported, without integrity or connection timeout

See Also:
Constant Field Values

INTEGRITY

private static final long INTEGRITY
Constraints supported with codebase integrity

See Also:
Constant Field Values

NOT_SUPPORTED

private static final long NOT_SUPPORTED
Constraints not supported

See Also:
Constant Field Values

clientMinPrincipalType

private static final ClientMinPrincipalType clientMinPrincipalType
The ClientMinPrincipalType supported by the provider.


cipherSuite

final String cipherSuite
The cipher suite


client

final Principal client
The client principal, or null for an anonymous client


server

final Principal server
The server principal, or null for an anonymous server


integrity

private final boolean integrity
Whether codebase integrity should be enforced


clientSide

private final boolean clientSide
Whether the connection is being considered on the client side, which does not support relative time constraints.


notSupported

private boolean notSupported
Set to true if the principals and cipher suite conflict


integrityRequired

private boolean integrityRequired
Whether the requirements specify Integrity.YES


integrityPreferred

private boolean integrityPreferred
Whether the preferences specify Integrity.YES


connectionTime

private long connectionTime
The absolute connection time, or Long.MAX_VALUE if not specified


preferences

private int preferences
The number of preferences satisfied

Constructor Detail

ConnectionContext

private ConnectionContext(String cipherSuite,
                          Principal client,
                          Principal server,
                          boolean integrity,
                          boolean clientSide)
Creates an instance of this class.

Method Detail

getInstance

static ConnectionContext getInstance(String cipherSuite,
                                     Principal client,
                                     Principal server,
                                     boolean integrity,
                                     boolean clientSide,
                                     InvocationConstraints constraints)
Creates an instance that represents using the specified cipher suite, client and server principals, whether to guarantee codebase integrity, and constraints. Null values for the principals mean they are anonymous. Non-X.500 principals are permitted to allow specifying a dummy principal if the principal is unknown. Returns null if the constraints are not supported.


toString

public String toString()
Overrides:
toString in class Object

fieldsToString

void fieldsToString(StringBuffer sb)

getIntegrityRequired

boolean getIntegrityRequired()
Returns whether integrity is required.


getIntegrityPreferred

boolean getIntegrityPreferred()
Returns whether integrity is preferred.


getConnectionTime

long getConnectionTime()
Returns the absolute time when the connection should be completed, or Long.MAX_VALUE for no limit.


getPreferences

int getPreferences()
Returns the number of preferences that can be satisfied.


supported

private boolean supported(InvocationConstraints constraints)
Checks if the specified constraints are supported, computing integrityRequired, integrityPreferred, connectionTime and preferences as a side effect.


supported

private long supported(InvocationConstraint constraint)
Checks if the constraint is supported, returning NOT_SUPPORTED if it is not supported, INTEGRITY if the constraint is Integrity.YES or constraint alternatives with elements of type Integrity, the connection time if the constraint is an instance of ConnectionAbsoluteTime or constraint alternatives of them, and otherwise OK.


ok

private static long ok(boolean ok)
Returns OK if the argument is true, else NOT_SUPPORTED.


supported

private long supported(ConstraintAlternatives constraint)
Checks if the constraint alternatives are supported, returning NOT_SUPPORTED if the elements have different types or none are supported, INTEGRITY if the elements are instances of Integrity, the largest connection time if the elements are instances of ConnectionAbsoluteTime, and otherwise OK.



Copyright 2007-2010, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.