net.jini.jeri.ssl

Class SslEndpointImpl

java.lang.Object

net.jini.jeri.ssl.Utilities

net.jini.jeri.ssl.SslEndpointImpl

All Implemented Interfaces:

ConnectionEndpoint

Direct Known Subclasses:

HttpsEndpoint.HttpsEndpointImpl

 class SslEndpointImpl
extends Utilities
implements ConnectionEndpoint

Provides the implementation of SslEndpoint so that the implementation can be inherited by HttpsEndpoint without revealing the inheritance in the public API.

Author:

Sun Microsystems, Inc.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
private static class	SslEndpointImpl.ComparableConnectionContext Used for sorting ConnectionContexts by preferences and suite order.
private static class	SslEndpointImpl.ConnectionContextCache Defines a structure to cache a ConnectionContexts for specific constraints and client principals.
private static class	SslEndpointImpl.ConnectionsIterator Defines an iterator over active and idle connections which performs error checking on connections.
private static class	SslEndpointImpl.CopyOnRemoveList A List that supports removing items by making a copy of the underlying list.
private static class	SslEndpointImpl.ExceptionOutboundRequestIterator An outbound request iterator that throws an IOException or a SecurityException.

Nested classes/interfaces inherited from class net.jini.jeri.ssl.Utilities

Utilities.SSLContextInfo

Field Summary

Fields

Modifier and Type	Field and Description
private static int	CACHE_SIZE The size of the connection context cache.
private int	cacheNext Next index for a connectionContextCache miss; counts down, not up.
private SslEndpointImpl.ConnectionContextCache[]	connectionContextCache A cache for recently computed connection contexts.
(package private) ConnManager	connectionManager The connection manager for this endpoint or null if not yet set.
private static ConnManagerFactory	connectionManagerFactory The factory for default connection managers.
private static Map	connectionMgrs Weak key map that maps connection endpoints to weak references to the associated ConnManager.
(package private) boolean	disableSocketConnect Whether to disable calling Socket.connect -- set when used by discovery providers.
(package private) Endpoint	endpoint The associated endpoint.
(package private) static Logger	logger Client logger
(package private) int	port The server port.
(package private) String	serverHost The name of the server host.
(package private) SocketFactory	socketFactory The factory for creating sockets, or null to use default sockets.

Fields inherited from class net.jini.jeri.ssl.Utilities

ANY_KEY_ALGORITHM, clientLogger, DSA_KEY_ALGORITHM, getSubjectPermission, initLogger, INTEGRITY_PREFERRED, INTEGRITY_REQUIRED, RSA_KEY_ALGORITHM, serverLogger, UNKNOWN_PRINCIPAL

Constructor Summary

Constructors

Constructor and Description
SslEndpointImpl(Endpoint endpoint, String serverHost, int port, SocketFactory socketFactory) Creates an instance of this class.

Method Summary

Methods

Modifier and Type	Method and Description
private static List	checkAuthenticationPermissions(List contexts) Removes the contexts for which the client does not have authentication permission.
private void	checkResolvePermission()
private static List	checkSubject(List contexts, Subject clientSubject, boolean constrainedServer, InvocationConstraints constraints) Returns a list of the contexts which are supported by principals and credentials in the Subject.
private static List	computeConnectionContexts(String[] suites, Set clients, Set servers, InvocationConstraints constraints) Computes a list of ConnectionContexts for the specified set of suites, client and server principals, and constraints, sorted by preferences and suite order.
Connection	connect(OutboundRequestHandle handle) Creates a new connection.
Connection	connect(OutboundRequestHandle handle, Collection active, Collection idle) Chooses a connection from existing connections.
private CallContext	createCallContext(List contexts, Subject clientSubject) Convert connection contexts to a call context
boolean	equals(Object object) Two instances of this class are equal if they have the same actual class; have the same values for server host and port; and have socket factories that are either both null, or have the same actual class and are equal.
(package private) String	fieldsToString() Returns a string representation of the fields of this object.
private CallContext	getCallContext(InvocationConstraints constraints) Returns a context for making a remote call with the specified constraints and the current subject.
private List	getConnectionContexts(InvocationConstraints constraints, Set clientPrincipals) Gets an unmodifiable list of the ConnectionContexts for the specified constraints and client principals.
private ConnManager	getConnectionManager() Returns the connection manager for this endpoint.
private static Map	getPublicCredentials(Subject subject) Returns a map that maps each principal in the subject to a set of the associated X.500 public credentials.
private static Boolean	getSubjectPermitted() Checks if the caller has permission to get the current subject, returning Boolean.TRUE or FALSE.
int	hashCode() Returns a hash code value for this object.
(package private) OutboundRequestIterator	newRequest(CallContext callContext) Implements Endpoint.newRequest when the constraints are supported.
(package private) OutboundRequestIterator	newRequest(InvocationConstraints constraints) Implements Endpoint.newRequest
String	toString() Returns a string representation of this object.

Methods inherited from class net.jini.jeri.ssl.Utilities

checkValidity, contains, doesEncryption, doesServerAuthentication, equals, firstX509Cert, getCertFactory, getCipherAlgorithm, getClassName, getClientPrincipals, getClientPrincipals, getClientSSLContextInfo, getKeyAlgorithm, getKeyExchangeAlgorithm, getPermittedKeyAlgorithms, getServerPrincipals, getServerSSLContextInfo, getSupportedCipherSuites, hasStrongCipherAlgorithm, logThrow, maintainsIntegrity, permittedKeyAlgorithm, position, releaseClientSSLContextInfo, safeEquals, subjectString, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

logger

static final Logger logger

Client logger

connectionMgrs

private static final Map connectionMgrs

Weak key map that maps connection endpoints to weak references to the associated ConnManager. The weak values insure that the keys will not be strongly held, since the connection manager has a strong reference to the associated connection endpoint.

CACHE_SIZE

private static final int CACHE_SIZE

The size of the connection context cache.

See Also:

Constant Field Values

connectionManagerFactory

private static final ConnManagerFactory connectionManagerFactory

The factory for default connection managers.

endpoint

final Endpoint endpoint

The associated endpoint.

serverHost

final String serverHost

The name of the server host.

port

final int port

The server port.

socketFactory

final SocketFactory socketFactory

The factory for creating sockets, or null to use default sockets.

disableSocketConnect

boolean disableSocketConnect

Whether to disable calling Socket.connect -- set when used by discovery providers.

connectionContextCache

private SslEndpointImpl.ConnectionContextCache[] connectionContextCache

A cache for recently computed connection contexts.

cacheNext

private int cacheNext

Next index for a connectionContextCache miss; counts down, not up.

connectionManager

ConnManager connectionManager

The connection manager for this endpoint or null if not yet set.

Constructor Detail

SslEndpointImpl

SslEndpointImpl(Endpoint endpoint,
               String serverHost,
               int port,
               SocketFactory socketFactory)

Creates an instance of this class.

Method Detail

toString

public String toString()

Returns a string representation of this object.

Overrides:

toString in class Object

fieldsToString

final String fieldsToString()

Returns a string representation of the fields of this object.

hashCode

public int hashCode()

Returns a hash code value for this object.

Overrides:

hashCode in class Object

equals

public boolean equals(Object object)

Two instances of this class are equal if they have the same actual class; have the same values for server host and port; and have socket factories that are either both null, or have the same actual class and are equal.

Overrides:

equals in class Object

newRequest

final OutboundRequestIterator newRequest(InvocationConstraints constraints)

Implements Endpoint.newRequest

newRequest

OutboundRequestIterator newRequest(CallContext callContext)

Implements Endpoint.newRequest when the constraints are supported.

getConnectionManager

private ConnManager getConnectionManager()

Returns the connection manager for this endpoint.

getCallContext

private CallContext getCallContext(InvocationConstraints constraints)
                            throws UnsupportedConstraintException

Returns a context for making a remote call with the specified constraints and the current subject. This method does not perform communication with the remote server. Throws a SecurityException if lack of authentication permissions needed for requirements prevent the use of all contexts. Throws UnsupportedConstraintException if some requirements cannot be satisfied. Returns a CallContext if throwing an exception or returning null would reveal information about the current subject that the caller does not have permission to know.

Throws:

UnsupportedConstraintException

createCallContext

private CallContext createCallContext(List contexts,
                            Subject clientSubject)

Convert connection contexts to a call context

checkSubject

private static List checkSubject(List contexts,
                Subject clientSubject,
                boolean constrainedServer,
                InvocationConstraints constraints)
                          throws UnsupportedConstraintException

Returns a list of the contexts which are supported by principals and credentials in the Subject. Throws an UnsupportedConstraintException if none of the contexts are supported, otherwise returns a non-empty list.

Throws:

UnsupportedConstraintException

getSubjectPermitted

private static Boolean getSubjectPermitted()

Checks if the caller has permission to get the current subject, returning Boolean.TRUE or FALSE.

checkAuthenticationPermissions

private static List checkAuthenticationPermissions(List contexts)

Removes the contexts for which the client does not have authentication permission. Throws SecurityException if lack of permission prevents any contexts from being used.

getPublicCredentials

private static Map getPublicCredentials(Subject subject)

Returns a map that maps each principal in the subject to a set of the associated X.500 public credentials.

getConnectionContexts

private List getConnectionContexts(InvocationConstraints constraints,
                         Set clientPrincipals)

Gets an unmodifiable list of the ConnectionContexts for the specified constraints and client principals.

computeConnectionContexts

private static List computeConnectionContexts(String[] suites,
                             Set clients,
                             Set servers,
                             InvocationConstraints constraints)

Computes a list of ConnectionContexts for the specified set of suites, client and server principals, and constraints, sorted by preferences and suite order.

connect

public Connection connect(OutboundRequestHandle handle)
                   throws IOException

Creates a new connection.

Specified by:

connect in interface ConnectionEndpoint

Parameters:

handle - the handle for the request

Returns:

a new connection that can be used to send a request for the specified handle

Throws:

IOException - if an I/O exception occurs

connect

public Connection connect(OutboundRequestHandle handle,
                 Collection active,
                 Collection idle)

Chooses a connection from existing connections.

Specified by:

connect in interface ConnectionEndpoint

Parameters:

handle - the handle for the request

active - the connections with requests in progress

idle - the connections with no requests in progress

Returns:

a connection that can be used to send an outbound request for the specified handle, or null

checkResolvePermission

private void checkResolvePermission()