net.jini.jeri.ssl

Class SslConnection

java.lang.Object

net.jini.jeri.ssl.Utilities

net.jini.jeri.ssl.SslConnection

All Implemented Interfaces:

Connection

Direct Known Subclasses:

HttpsEndpoint.HttpsConnection

class SslConnection
extends Utilities
implements Connection

Implementation of Connection used by SslEndpoint.

Nested Class Summary

Nested classes/interfaces inherited from class net.jini.jeri.ssl.Utilities

Utilities.SSLContextInfo

Field Summary

Fields

Modifier and Type	Field and Description
private String	activeCipherSuite The currently active cipher suite
private ClientAuthManager	authManager The authentication manager.
(package private) CallContext	callContext The call context specified when the connection was made
(package private) boolean	closed True if the connection has been closed.
private static Logger	logger Client logger
private long	maxClientSessionDuration The maximum time a client session should be used before expiring -- non-final to facilitate testing.
(package private) int	port The server port
(package private) String	serverHost The server host
private SSLSession	session The current session
(package private) SocketFactory	socketFactory The socket factory for creating plain sockets, or null to use default sockets.
private SSLContext	sslContext The SSLContext -- only shared by connections with the same host, port, suite, and principals.
(package private) SSLSocket	sslSocket The socket
(package private) SSLSocketFactory	sslSocketFactory The factory for creating SSL sockets.

Fields inherited from class net.jini.jeri.ssl.Utilities

ANY_KEY_ALGORITHM, clientLogger, DSA_KEY_ALGORITHM, getSubjectPermission, initLogger, INTEGRITY_PREFERRED, INTEGRITY_REQUIRED, RSA_KEY_ALGORITHM, serverLogger, UNKNOWN_PRINCIPAL

Constructor Summary

Constructors

Constructor and Description
SslConnection(CallContext callContext, String serverHost, int port, SocketFactory socketFactory) Creates a connection.

Method Summary

Modifier and Type	Method and Description
(package private) boolean	checkConnectPermission() Determine whether the caller has "connect" SocketPermission for the connection's underlying socket.
private boolean	checkSessionExpired() Checks if the session currently active on the connection has been active for longer than maxClientSessionDuration and, if so, invalidates the session.
void	close() Closes this connection.
private void	closeSocket() Closes the socket for this connection.
private static int	computeTimeout(long connectionTime)
private Socket	connectToHost(String host, int port, long connectionTime) Returns a socket connected to the specified host and port, according to the specified constraints.
private Socket	connectToSocketAddress(SocketAddress socketAddress, long connectionTime) Returns a socket connected to the specified address, with a timeout governed by the specified absolute connection time.
(package private) Socket	createPlainSocket(String host, int port) Creates a plain socket to use for communication with the specified host and port.
(package private) void	establishCallContext() Establishes a cipher suite on this connection as specified by the call context.
(package private) void	establishNewSocket() Attempts to create a new socket for the call context and cipher suites.
(package private) void	establishSuites() Attempts to establish the call context and suites on the current socket.
SocketChannel	getChannel() Returns a socket channel that performs I/O on this connection, or null if no socket channel is available.
InputStream	getInputStream() Returns an input stream that reads data from this connection.
OutputStream	getOutputStream() Returns an output stream that writes data to this connection.
protected String	getProxyHost() Return HTTP proxy host if present, an empty string otherwise.
InvocationConstraints	getUnfulfilledConstraints(OutboundRequestHandle handle) Implements OutboundRequest.getUnfulfilledConstraints for a request with the specified handle.
private Socket	newSocket() Returns a new unconnected socket, using this endpoint's socket factory if non-null.
void	populateContext(OutboundRequestHandle handle, Collection context) Populates the supplied collection with context information representing a request with the specified handle.
IOException	readResponseData(OutboundRequestHandle handle, InputStream stream) Reads from the specified stream any per-response data required by this connection for a request with the specified handle.
String	toString() Returns a string representation of this object.
(package private) boolean	useFor(CallContext otherCallContext) Returns true if this connection is compatible with the specified call context.
void	writeRequestData(OutboundRequestHandle handle, OutputStream stream) Writes to the specified stream any per-request data required by this connection for a request with the specified handle.

Methods inherited from class net.jini.jeri.ssl.Utilities

checkValidity, contains, doesEncryption, doesServerAuthentication, equals, firstX509Cert, getCertFactory, getCipherAlgorithm, getClassName, getClientPrincipals, getClientPrincipals, getClientSSLContextInfo, getKeyAlgorithm, getKeyExchangeAlgorithm, getPermittedKeyAlgorithms, getServerPrincipals, getServerSSLContextInfo, getSupportedCipherSuites, hasStrongCipherAlgorithm, logThrow, maintainsIntegrity, permittedKeyAlgorithm, position, releaseClientSSLContextInfo, safeEquals, subjectString, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

maxClientSessionDuration

private final long maxClientSessionDuration

The maximum time a client session should be used before expiring -- non-final to facilitate testing. Use 23.5 hours as the default to allow the client to negotiate a new session before the server timeout, which defaults to 24 hours.

logger

private static final Logger logger

Client logger

serverHost

final String serverHost

The server host

port

final int port

The server port

socketFactory

final SocketFactory socketFactory

The socket factory for creating plain sockets, or null to use default sockets.

callContext

final CallContext callContext

The call context specified when the connection was made

sslContext

private final SSLContext sslContext

The SSLContext -- only shared by connections with the same host, port, suite, and principals.

sslSocketFactory

final SSLSocketFactory sslSocketFactory

The factory for creating SSL sockets.

authManager

private final ClientAuthManager authManager

The authentication manager.

sslSocket

volatile SSLSocket sslSocket

The socket

activeCipherSuite

private volatile String activeCipherSuite

The currently active cipher suite

session

private volatile SSLSession session

The current session

closed

volatile boolean closed

True if the connection has been closed.

Constructor Detail

SslConnection

SslConnection(CallContext callContext,
              String serverHost,
              int port,
              SocketFactory socketFactory)

Creates a connection.

Parameters:

callContext - the call context to establish

serverHost - the server host to connect to

port - the server port to connect to

socketFactory - the socket factory, or null to use default sockets

Method Detail

establishCallContext

final void establishCallContext()
                         throws IOException

Establishes a cipher suite on this connection as specified by the call context.

Throws:

UnsupportedSecurityException - if the requested constraints cannot be supported

IOException - if an I/O failure occurs

SecurityException - if the current access control context does not have the proper AuthenticationPermission

closeSocket

private void closeSocket()

Closes the socket for this connection.

establishNewSocket

void establishNewSocket()
                 throws IOException

Attempts to create a new socket for the call context and cipher suites.

Throws:

SSLException - if the suites cannot be supported

IOException - if an I/O failure occurs

establishSuites

final void establishSuites()
                    throws IOException

Attempts to establish the call context and suites on the current socket.

Throws:

SSLException - if the requested suites cannot be supported

IOException - if an I/O failure occurs

createPlainSocket

final Socket createPlainSocket(String host,
                               int port)
                        throws IOException

Creates a plain socket to use for communication with the specified host and port.

Throws:

IOException

computeTimeout

private static int computeTimeout(long connectionTime)
                           throws IOException

Throws:

IOException

connectToHost

private Socket connectToHost(String host,
                             int port,
                             long connectionTime)
                      throws IOException

Returns a socket connected to the specified host and port, according to the specified constraints. If the host name resolves to multiple addresses, attempts to connect to each of them in order until one succeeds.

Throws:

IOException

connectToSocketAddress

private Socket connectToSocketAddress(SocketAddress socketAddress,
                                      long connectionTime)
                               throws IOException

Returns a socket connected to the specified address, with a timeout governed by the specified absolute connection time.

Throws:

IOException

newSocket

private Socket newSocket()
                  throws IOException

Returns a new unconnected socket, using this endpoint's socket factory if non-null.

Throws:

IOException

toString

public String toString()

Returns a string representation of this object.

Overrides:

toString in class Object

getInputStream

public InputStream getInputStream()
                           throws IOException

Description copied from interface: Connection

Returns an input stream that reads data from this connection.

Specified by:

getInputStream in interface Connection

Returns:

an input stream that reads data from this connection

Throws:

IOException - if an I/O exception occurs

getOutputStream

public OutputStream getOutputStream()
                             throws IOException

Description copied from interface: Connection

Returns an output stream that writes data to this connection.

Specified by:

getOutputStream in interface Connection

Returns:

an output stream that writes data to this connection

Throws:

IOException - if an I/O exception occurs

getChannel

public SocketChannel getChannel()

Description copied from interface: Connection

Returns a socket channel that performs I/O on this connection, or null if no socket channel is available. If a non-null socket channel is returned, it is connected.

Specified by:

getChannel in interface Connection

Returns:

a socket channel that performs I/O on this connection, or null

populateContext

public void populateContext(OutboundRequestHandle handle,
                            Collection context)

Description copied from interface: Connection

Populates the supplied collection with context information representing a request with the specified handle. This method is used to implement OutboundRequest.populateContext for such requests; the context may also be populated by the connection manager.

Specified by:

populateContext in interface Connection

Parameters:

handle - the handle for the request

context - the context collection to populate

getUnfulfilledConstraints

public InvocationConstraints getUnfulfilledConstraints(OutboundRequestHandle handle)

Description copied from interface: Connection

Implements OutboundRequest.getUnfulfilledConstraints for a request with the specified handle.

Specified by:

getUnfulfilledConstraints in interface Connection

Parameters:

handle - the handle for the request

Returns:

the constraints for the request that must be partially or fully implemented by higher layers

writeRequestData

public void writeRequestData(OutboundRequestHandle handle,
                             OutputStream stream)

Description copied from interface: Connection

Writes to the specified stream any per-request data required by this connection for a request with the specified handle.

This method is invoked by ConnectionManager with the request output stream of the OutboundRequest that it creates for the request. This method can be used, for example, to convey per-request information about delegation, client authentication, or client privileges.

There may be multiple requests in progress concurrently over this connection, and data written to the specified stream may be buffered and multiplexed with data from other requests before being written to this connection's underlying output stream. Therefore, this method should only write data to the specified stream and must not read any data from this connection's underlying input stream; data can, however, be subsequently read with readResponseData.

Specified by:

writeRequestData in interface Connection

Parameters:

handle - the handle for the request

stream - the request output stream of the request

readResponseData

public IOException readResponseData(OutboundRequestHandle handle,
                                    InputStream stream)

Description copied from interface: Connection

Reads from the specified stream any per-response data required by this connection for a request with the specified handle.

This method returns null if the information read (if any) indicates that the constraints are satisfied, and it returns an exception if the constraints could not be satisfied. If an exception is returned rather than thrown, the delivery status of a corresponding OutboundRequest will be false.

This method is invoked by ConnectionManager with the response input stream of the OutboundRequest that it creates for the request and the same handle that was passed to writeRequestData. This method can be used to read information produced by ServerConnection.processRequestData in response to the information sent by writeRequestData.

There may be multiple requests in progress concurrently over this connection, and data read from the specified stream may have been buffered and multiplexed with data from other requests being read from this connection's underlying input stream. Therefore, this method should only read data from the specified stream and must not write any data to this connection's underlying output stream.

Specified by:

readResponseData in interface Connection

Parameters:

handle - the handle for the request

stream - the response input stream of the request

Returns:

null if the constraints are satisfied, or an exception if the constraints could not be satisfied

close

public void close()
           throws IOException

Description copied from interface: Connection

Closes this connection.

Specified by:

close in interface Connection

Throws:

IOException - if an I/O exception occurs

useFor

final boolean useFor(CallContext otherCallContext)

Returns true if this connection is compatible with the specified call context.

checkSessionExpired

private boolean checkSessionExpired()

Checks if the session currently active on the connection has been active for longer than maxClientSessionDuration and, if so, invalidates the session.

getProxyHost

protected String getProxyHost()

Return HTTP proxy host if present, an empty string otherwise.

checkConnectPermission

boolean checkConnectPermission()

Determine whether the caller has "connect" SocketPermission for the connection's underlying socket.

Returns:

true if there is an underlying socket and the caller has permission to use it, or false if there is no underlying socket.

Throws:

SecurityException - if the underlying socket exists but the caller does not have permission to use it.