de.tu_darmstadt.sp.rmi
Class RMISSLServerSocketFactory

java.lang.Object
  |
  +--javax.net.ServerSocketFactory
        |
        +--javax.net.ssl.SSLServerSocketFactory
              |
              +--de.tu_darmstadt.sp.ssl.SSLeayServerSocketFactory
                    |
                    +--de.tu_darmstadt.sp.rmi.RMISSLServerSocketFactory

public class RMISSLServerSocketFactory
extends SSLeayServerSocketFactory
implements java.rmi.server.RMIServerSocketFactory, java.io.Serializable

Class RMISSLServerSocketFactory provides server sockets for RMI calls. It actually produces SSLRMIServerSocket objects for secure connections. SSLRMIServerSocket extends SSLeayServerSocket. The sockets are configured to require peer (client) authentication. We produce RMIServerSocket because we need some sort of accounting of all accepted connections. The RMIServerSocket provides this additional functionality.

The instantiation of the factory will fail if the necessary security information (e.g. ca-file,certificate,private key) is not provided.

The methods getClient, getClientCertificateChain and getClientCertificate should be called from inside the remote server object to find out the identity of the caller.

Version:
$Revision: 1.4 $
Author:
Andrei Popovici
See Also:
Serialized Form

Fields inherited from class de.tu_darmstadt.sp.ssl.SSLeayServerSocketFactory
context, socketType
 
Fields inherited from class javax.net.ssl.SSLServerSocketFactory
defaultInstance
 
Fields inherited from class javax.net.ServerSocketFactory
defaultInstance
 
Constructor Summary
RMISSLServerSocketFactory()
          Create a new RMISSLServerSocketFactory which produces RMIServerSocket objects.
 
Method Summary
static SSLSocket getClient()
          Return the socket used by the currnt RMI call.
static java.security.cert.X509Certificate getClientCertificate()
          Return the certificate representing the identity of the peer (client,caller) in the current RMI call.
static java.security.cert.X509Certificate[] getClientCertificateChain()
          Return the certificate chain used by the peer(client, caller) in the current RMI call.
protected  void setSSLPolicy(SSLeayServerSocket s)
          We need to re-specify the policy for our server sockets to require peer authentication.
 
Methods inherited from class de.tu_darmstadt.sp.ssl.SSLeayServerSocketFactory
createServerSocket, createServerSocket, createServerSocket, getDefaultCipherSuites, getServerSocketClass, getSupportedCipherSuites, setDefaultCipherSuites, setServerSocketClass
 
Methods inherited from class javax.net.ssl.SSLServerSocketFactory
getDefault, setDefault
 
Methods inherited from class javax.net.ServerSocketFactory
setDefault
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RMISSLServerSocketFactory

public RMISSLServerSocketFactory()
Create a new RMISSLServerSocketFactory which produces RMIServerSocket objects. We produce RMIServerSocket because we need some sort of accounting of all accepted connections. The RMIServerSocket provide this additional functionality.
Method Detail

setSSLPolicy

protected void setSSLPolicy(SSLeayServerSocket s)
We need to re-specify the policy for our server sockets to require peer authentication.

RMIServerSockets are basicly SSLeayServerSockets, which by default do not authentify the peer (in our case, the client, the caller).

Overrides:
setSSLPolicy in class SSLeayServerSocketFactory

getClient

public static SSLSocket getClient()
Return the socket used by the currnt RMI call. It is the socket used for the connection to the client.

getClientCertificateChain

public static java.security.cert.X509Certificate[] getClientCertificateChain()
                                                                      throws SSLPeerUnverifiedException
Return the certificate chain used by the peer(client, caller) in the current RMI call. The first certificate is the identity of the peer.

This method is just "syntactic sugar" since the same information can be obtained from the socket returned by getClient.


getClientCertificate

public static java.security.cert.X509Certificate getClientCertificate()
                                                               throws SSLPeerUnverifiedException
Return the certificate representing the identity of the peer (client,caller) in the current RMI call.

This method is just "syntactic sugar" since the same information can be obtained from the socket returned by getClient.