net.jini.jeri.ssl

Class Utilities

java.lang.Object

net.jini.jeri.ssl.Utilities

Direct Known Subclasses:

CallContext, ConnectionContext, FilterX509TrustManager, HttpsServerEndpoint.HttpsServerEndpointImpl.HttpsRequestDispatcher, SslConnection, SslEndpoint.SslEndpointInternals, SslEndpointImpl, SslServerEndpointImpl, SslServerEndpointImpl.SslListenEndpoint, SslServerEndpointImpl.SslListenHandle, SslServerEndpointImpl.SslServerConnection, SubjectCredentials

abstract class Utilities
extends Object

Provides miscellaneous utilities for the classes in this package.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
private static class	Utilities.ClientKey WeakKey for looking up a client SSLContext.
private static class	Utilities.ServerKey WeakKey for looking up a server SSLContext.
(package private) static class	Utilities.SSLContextInfo Used to pass an SSLContext and AuthManager pair.
private static class	Utilities.Value Used to store a soft reference to a SSLContext and the associated AuthManager in the SSL context map.

Field Summary

Fields

Modifier and Type	Field and Description
private static String[]	ANONYMOUS_KEY_EXCHANGE_ALGORITHMS The names of JSSE key exchange algorithms used for anonymous communication.
(package private) static int	ANY_KEY_ALGORITHM Returned by getPermittedKeyAlgorithms when any key algorithm is permitted.
private static CertificateFactory	certFactory An X.509 certificate factory for creating CertPaths.
(package private) static Logger	clientLogger Client logger
(package private) static int	DSA_KEY_ALGORITHM Or'ed into the value returned by getPermittedKeyAlgorithms when DSA keys are permitted.
private static String[]	DSA_KEY_EXCHANGE_ALGORITHMS The names of JSSE key exchange algorithms that use DSA keys.
(package private) static AuthPermission	getSubjectPermission Permission needed to access the current subject.
(package private) static Logger	initLogger Initialization logger
(package private) static InvocationConstraints	INTEGRITY_PREFERRED Constraints that prefer Integrity.YES.
(package private) static InvocationConstraints	INTEGRITY_REQUIRED Constraints that require Integrity.YES.
private static String	NO_ENCRYPTION_CIPHER_ALGORITHM The name of the JSSE cipher algorithm that provides no encryption
private static String	NO_INTEGRITY_MIC_ALGORITHM The name of the JSSE message integrity code algorithm that does not insure integrity.
private static String[]	requestedCipherSuites The cipher suites specified by the user, or null if not specified.
(package private) static int	RSA_KEY_ALGORITHM Or'ed into the value returned by getPermittedKeyAlgorithms when RSA keys are permitted.
private static String[]	RSA_KEY_EXCHANGE_ALGORITHMS The names of JSSE key exchange algorithms that use RSA keys.
(package private) static Logger	serverLogger Server logger
private static WeakSoftTable	sslContextMap Stores SSL contexts and auth managers.
private static String	sslProtocol The secure socket protocol used with JSSE.
private static String[]	STRONG_ENCRYPTION_CIPHERS The names of cipher algorithms that do strong encryption
private static String[]	SUPPORTED_ENCRYPTION_CIPHERS The names of all cipher algorithms supported by this provider.
private static String[]	SUPPORTED_KEY_EXCHANGE_ALGORITHMS The names of all the JSSE key exchange algorithms supported by this provider.
private static String[]	supportedCipherSuitesInternal The cipher suites supported by the JSSE implementation, or null if not set yet.
(package private) static Principal	UNKNOWN_PRINCIPAL Represents a principal whose name is not known.

Constructor Summary

Constructors

Constructor and Description
Utilities()

Method Summary

Modifier and Type	Method and Description
(package private) static void	checkValidity(CertPath x509CertPath, X500Principal[] issuers) Checks if the X.509 certificates in the CertPath are currently valid.
(package private) static boolean	contains(Object[] array, Object element) Returns true if the array contains an equal element, which may be null.
(package private) static boolean	doesEncryption(String cipherSuite) Determines if the cipher suite does encryption
(package private) static boolean	doesServerAuthentication(String cipherSuite) Determines if the cipher suite authenticates the server
(package private) static boolean	equals(Object[] x, Object[] y) Checks if the elements of two arrays are equal.
(package private) static X509Certificate	firstX509Cert(CertPath certPath) Returns the first X509Certificate from a CertPath known to contain them.
(package private) static CertificateFactory	getCertFactory() Returns a CertificateFactory for generating a CertPath for X.509 certificates.
(package private) static String	getCipherAlgorithm(String cipherSuite) Returns the cipher algorithm for the specified cipher suite.
(package private) static String	getClassName(Object object) Returns the class name of an object, without the package or enclosing class prefix.
(package private) static Set	getClientPrincipals(InvocationConstraints constraints) Returns all client principals referred to by the constraints or null if no client principal constraints are specified.
(package private) static Set	getClientPrincipals(Set constraints) Returns all client principals referred to by the constraints or null if no client principal constraints are specified.
(package private) static Utilities.SSLContextInfo	getClientSSLContextInfo(CallContext callContext) Returns the SSLContext and ClientAuthManager to use for creating client socket factories.
(package private) static String	getKeyAlgorithm(String cipherSuite) Returns the key algorithm for the specified cipher suite, one of "RSA", "DSA", or "NULL".
(package private) static String	getKeyExchangeAlgorithm(String cipherSuite) Returns the key exchange algorithm for the specified cipher suite.
private static String	getMICAlgorithm(String cipherSuite) Returns the message integrity code algorithm for the specified cipher suite.
(package private) static int	getPermittedKeyAlgorithms(String cipherSuite, boolean client) Returns the algorithms permitted for keys used with this cipher suite.
private static Set	getPrincipals(InvocationConstraint constraint, boolean client) Returns the principals specified by a ClientMinPrincipal, ClientMaxPrincipal, or ServerMinPrincipal constraint, or an alternatives of one of those types.
private static Set	getPrincipals(InvocationConstraints constraints, boolean client) Implements getClientPrincipals or getServerPrincipals.
private static Set	getPrincipals(Set constraints, boolean client) Returns the client or server principals referred to by a set of constraints.
(package private) static Set	getServerPrincipals(InvocationConstraints constraints) Returns all server principals referred to by the constraints or null if no server principal constraints are specified.
(package private) static Utilities.SSLContextInfo	getServerSSLContextInfo(Subject serverSubject, Set serverPrincipals) Returns the SSLContext and ServerAuthManager to use for creating server socket factories.
(package private) static String[]	getSupportedCipherSuites() Returns all the cipher suites supported by the JSSE implementation and this provider.
private static String[]	getSupportedCipherSuites(SSLSocketFactory factory) Returns all the cipher suites supported by the socket factory and this provider.
private static String[]	getSupportedCipherSuites(String[] suites) Filters out unsupported suites, modifying the argument and maintaining the original order.
(package private) static boolean	hasStrongCipherAlgorithm(String cipherSuite) Returns true if the cipher algorithm for the specified cipher suite is considered a strong cipher, otherwise false.
private static RuntimeException	initializationError(Exception error, String contextString) Returns a RuntimeException for a problem initializing JSSE.
(package private) static void	logThrow(Logger logger, Level level, Class sourceClass, String sourceMethod, String msg, Object[] params, Throwable e) Logs a throw.
(package private) static boolean	maintainsIntegrity(String cipherSuite) Determines if the cipher suite maintains integrity
(package private) static boolean	permittedKeyAlgorithm(String keyAlgorithm, int permittedKeyAlgorithms) Returns true if the algorithm is one of the permitted algorithms, otherwise false.
(package private) static int	position(String string, String[] list) Returns the offset of a string in an array of strings.
(package private) static void	releaseClientSSLContextInfo(CallContext callContext, SSLContext sslContext, ClientAuthManager authManager) Returns the client's SSLContext and ClientAuthManager to the SSLContextMap for use by another connection.
(package private) static boolean	safeEquals(Object x, Object y) Same as equals(), but allows either argument to be null
(package private) static String	subjectString(Subject subject) Returns a String that includes relevant information about a Subject
private static boolean	supportedCipherSuite(String cipherSuite) Checks if the suite is supported by this provider.
(package private) static String	toString(Object[] array) Converts the contents of an Object array to a String.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ANONYMOUS_KEY_EXCHANGE_ALGORITHMS

private static final String[] ANONYMOUS_KEY_EXCHANGE_ALGORITHMS

The names of JSSE key exchange algorithms used for anonymous communication.

RSA_KEY_EXCHANGE_ALGORITHMS

private static final String[] RSA_KEY_EXCHANGE_ALGORITHMS

The names of JSSE key exchange algorithms that use RSA keys.

DSA_KEY_EXCHANGE_ALGORITHMS

private static final String[] DSA_KEY_EXCHANGE_ALGORITHMS

The names of JSSE key exchange algorithms that use DSA keys.

SUPPORTED_KEY_EXCHANGE_ALGORITHMS

private static final String[] SUPPORTED_KEY_EXCHANGE_ALGORITHMS

The names of all the JSSE key exchange algorithms supported by this provider.

NO_INTEGRITY_MIC_ALGORITHM

private static final String NO_INTEGRITY_MIC_ALGORITHM

The name of the JSSE message integrity code algorithm that does not insure integrity.

See Also:

Constant Field Values

NO_ENCRYPTION_CIPHER_ALGORITHM

private static final String NO_ENCRYPTION_CIPHER_ALGORITHM

The name of the JSSE cipher algorithm that provides no encryption

See Also:

Constant Field Values

STRONG_ENCRYPTION_CIPHERS

private static final String[] STRONG_ENCRYPTION_CIPHERS

The names of cipher algorithms that do strong encryption

SUPPORTED_ENCRYPTION_CIPHERS

private static final String[] SUPPORTED_ENCRYPTION_CIPHERS

The names of all cipher algorithms supported by this provider.

clientLogger

static final Logger clientLogger

Client logger

serverLogger

static final Logger serverLogger

Server logger

initLogger

static final Logger initLogger

Initialization logger

ANY_KEY_ALGORITHM

static final int ANY_KEY_ALGORITHM

Returned by getPermittedKeyAlgorithms when any key algorithm is permitted.

See Also:

Constant Field Values

DSA_KEY_ALGORITHM

static final int DSA_KEY_ALGORITHM

Or'ed into the value returned by getPermittedKeyAlgorithms when DSA keys are permitted.

See Also:

Constant Field Values

RSA_KEY_ALGORITHM

static final int RSA_KEY_ALGORITHM

Or'ed into the value returned by getPermittedKeyAlgorithms when RSA keys are permitted.

See Also:

Constant Field Values

sslContextMap

private static final WeakSoftTable sslContextMap

Stores SSL contexts and auth managers.

supportedCipherSuitesInternal

private static String[] supportedCipherSuitesInternal

The cipher suites supported by the JSSE implementation, or null if not set yet.

requestedCipherSuites

private static String[] requestedCipherSuites

The cipher suites specified by the user, or null if not specified. The field is not final to aid testing.

certFactory

private static CertificateFactory certFactory

An X.509 certificate factory for creating CertPaths.

UNKNOWN_PRINCIPAL

static final Principal UNKNOWN_PRINCIPAL

Represents a principal whose name is not known. Used, for example, to represent the server principal when the server subject is not available.

INTEGRITY_REQUIRED

static final InvocationConstraints INTEGRITY_REQUIRED

Constraints that require Integrity.YES.

INTEGRITY_PREFERRED

static final InvocationConstraints INTEGRITY_PREFERRED

Constraints that prefer Integrity.YES.

sslProtocol

private static final String sslProtocol

The secure socket protocol used with JSSE.

getSubjectPermission

static final AuthPermission getSubjectPermission

Permission needed to access the current subject.

Constructor Detail

Utilities

Utilities()

Method Detail

getSupportedCipherSuites

static String[] getSupportedCipherSuites()

Returns all the cipher suites supported by the JSSE implementation and this provider.

getSupportedCipherSuites

private static String[] getSupportedCipherSuites(SSLSocketFactory factory)

Returns all the cipher suites supported by the socket factory and this provider. Uses the requested cipher suites, if any.

getSupportedCipherSuites

private static String[] getSupportedCipherSuites(String[] suites)

Filters out unsupported suites, modifying the argument and maintaining the original order.

getClientPrincipals

static Set getClientPrincipals(InvocationConstraints constraints)

Returns all client principals referred to by the constraints or null if no client principal constraints are specified. Returns a new set if the result is non-null.

getClientPrincipals

static Set getClientPrincipals(Set constraints)

Returns all client principals referred to by the constraints or null if no client principal constraints are specified. Returns a new set if the result is non-null.

getServerPrincipals

static Set getServerPrincipals(InvocationConstraints constraints)

Returns all server principals referred to by the constraints or null if no server principal constraints are specified. Returns a new set if the result is non-null.

getPrincipals

private static Set getPrincipals(InvocationConstraints constraints,
                                 boolean client)

Implements getClientPrincipals or getServerPrincipals.

getPrincipals

private static Set getPrincipals(Set constraints,
                                 boolean client)

Returns the client or server principals referred to by a set of constraints.

getPrincipals

private static Set getPrincipals(InvocationConstraint constraint,
                                 boolean client)

Returns the principals specified by a ClientMinPrincipal, ClientMaxPrincipal, or ServerMinPrincipal constraint, or an alternatives of one of those types.

getClientSSLContextInfo

static Utilities.SSLContextInfo getClientSSLContextInfo(CallContext callContext)

Returns the SSLContext and ClientAuthManager to use for creating client socket factories. Each client connection has exclusive access to an SSLContext while the opening an SSL connection and should return the SSLContextInfo by calling releaseClientSSLContextInfo when the connection handshake is done, unless the handshake fails.

Parameters:

callContext - the client call context

Returns:

an SSLContextInfo containing an SSLContext and ClientAuthManager to use for a connection described by the argument

Throws:

RuntimeException - if an error occurs during initialization of JSSE

getServerSSLContextInfo

static Utilities.SSLContextInfo getServerSSLContextInfo(Subject serverSubject,
                                                        Set serverPrincipals)

Returns the SSLContext and ServerAuthManager to use for creating server socket factories. Server connections with the same subject and principals share the same SSLContext.

Parameters:

serverSubject - the subject, or null

serverPrincipals - the permitted principals, or null

Returns:

an SSLContextInfo containing an SSLContext and ServerAuthManager to use for a connection described by the arguments

Throws:

RuntimeException - if an error occurs during initialization of JSSE

releaseClientSSLContextInfo

static void releaseClientSSLContextInfo(CallContext callContext,
                                        SSLContext sslContext,
                                        ClientAuthManager authManager)

Returns the client's SSLContext and ClientAuthManager to the SSLContextMap for use by another connection.

initializationError

private static RuntimeException initializationError(Exception error,
                                                    String contextString)

Returns a RuntimeException for a problem initializing JSSE.

Parameters:

error - an Exception that describes the problem

contextString - describes where the problem occurred

Returns:

a RuntimeException describing the problem

getCertFactory

static CertificateFactory getCertFactory()

Returns a CertificateFactory for generating a CertPath for X.509 certificates.

firstX509Cert

static X509Certificate firstX509Cert(CertPath certPath)

Returns the first X509Certificate from a CertPath known to contain them.

checkValidity

static void checkValidity(CertPath x509CertPath,
                          X500Principal[] issuers)
                   throws CertificateException

Checks if the X.509 certificates in the CertPath are currently valid. If issuers is non-null, insures the path contains one of the issuers.

Throws:

CertificateException

doesServerAuthentication

static boolean doesServerAuthentication(String cipherSuite)

Determines if the cipher suite authenticates the server

doesEncryption

static boolean doesEncryption(String cipherSuite)

Determines if the cipher suite does encryption

maintainsIntegrity

static boolean maintainsIntegrity(String cipherSuite)

Determines if the cipher suite maintains integrity

getKeyExchangeAlgorithm

static String getKeyExchangeAlgorithm(String cipherSuite)

Returns the key exchange algorithm for the specified cipher suite.

The key exchange algorithm is found following the first underscore and up to the first occurrence of "_WITH_".

getKeyAlgorithm

static String getKeyAlgorithm(String cipherSuite)

Returns the key algorithm for the specified cipher suite, one of "RSA", "DSA", or "NULL". Throws an IllegalArgumentException if the algorithm is not recognized.

The key algorithm is specified by the key exchange algorithm.

getPermittedKeyAlgorithms

static int getPermittedKeyAlgorithms(String cipherSuite,
                                     boolean client)

Returns the algorithms permitted for keys used with this cipher suite. Note that the result can be different for client and server sides.

Parameters:

cipherSuite - the cipher suite

client - true to get results for the client side, false for the server side

Returns:

the permitted key algorithms, an OR of some set of the values DSA_KEY_ALGORITHM and RSA_KEY_ALGORITHM

Throws:

IllegalArgumentException - if the key exchange algorithm is not recognized

permittedKeyAlgorithm

static boolean permittedKeyAlgorithm(String keyAlgorithm,
                                     int permittedKeyAlgorithms)

Returns true if the algorithm is one of the permitted algorithms, otherwise false.

getCipherAlgorithm

static String getCipherAlgorithm(String cipherSuite)

Returns the cipher algorithm for the specified cipher suite.

The cipher algorithm is found following the first occurrence of "_WITH_" and up to the last underscore.

hasStrongCipherAlgorithm

static boolean hasStrongCipherAlgorithm(String cipherSuite)

Returns true if the cipher algorithm for the specified cipher suite is considered a strong cipher, otherwise false.

getMICAlgorithm

private static String getMICAlgorithm(String cipherSuite)

Returns the message integrity code algorithm for the specified cipher suite.

The message integrity algorithm is found after the last underscore.

supportedCipherSuite

private static boolean supportedCipherSuite(String cipherSuite)

Checks if the suite is supported by this provider. The suite can only be supported if its security characteristics can be determined, meaning its key exchange and cipher algorithms must be known.

subjectString

static String subjectString(Subject subject)

Returns a String that includes relevant information about a Subject

safeEquals

static boolean safeEquals(Object x,
                          Object y)

Same as equals(), but allows either argument to be null

contains

static boolean contains(Object[] array,
                        Object element)

Returns true if the array contains an equal element, which may be null.

toString

static String toString(Object[] array)

Converts the contents of an Object array to a String.

equals

static boolean equals(Object[] x,
                      Object[] y)

Checks if the elements of two arrays are equal.

Parameters:

x - the first array

y - the second array

Returns:

true if both arguments are null or both are non-null, are the same length, and, for each array index, the elements of each array either both null or both non-null and equal

getClassName

static String getClassName(Object object)

Returns the class name of an object, without the package or enclosing class prefix.

position

static int position(String string,
                    String[] list)

Returns the offset of a string in an array of strings. Returns -1 if the string is not found.

logThrow

static void logThrow(Logger logger,
                     Level level,
                     Class sourceClass,
                     String sourceMethod,
                     String msg,
                     Object[] params,
                     Throwable e)

Logs a throw. Use this method to log a throw when the log message needs parameters.

Parameters:

logger - logger to log to

level - the log level

sourceClass - class where throw occurred

sourceMethod - name of the method where throw occurred

msg - log message

params - log message parameters

e - exception thrown