org.apache.avalon.cornerstone.blocks.sockets
Class TLSSocketFactory

java.lang.Object
  extended byorg.apache.avalon.framework.logger.AbstractLogEnabled
      extended byorg.apache.avalon.cornerstone.blocks.sockets.AbstractTLSSocketFactory
          extended byorg.apache.avalon.cornerstone.blocks.sockets.TLSSocketFactory
All Implemented Interfaces:
Configurable, Contextualizable, Initializable, LogEnabled, SocketFactory

public class TLSSocketFactory
extends AbstractTLSSocketFactory
implements SocketFactory, Contextualizable, Configurable, Initializable

Manufactures TLS client sockets. Configuration element inside a SocketManager would look like:

  <factory name="secure"
            class="org.apache.avalon.cornerstone.blocks.sockets.TLSSocketFactory" >
   <ssl-factory /> <!-- see SSLFactoryBuilder -->
   <timeout> 0 </timeout>
   <!-- if the value is greater than zero, a read() call on the
           InputStream associated with this Socket will block for only this
           amount of time in milliseconds. Default value is 0. -->
   <verify-server-identity>true|false</verify-server-identity>
   <!-- whether or not the server identity should be verified.
           Defaults to false. -->
 </factory>
 

Server identity verification currently includes only comparing the certificate Common Name received with the host name in the passed address. Identity verification requires that SSL handshake is completed for the socket, so it takes longer to get a verified socket (and won't play well with non-blocking application like SEDA).

Another thing to keep in mind when using identity verification is that InetAddress objects for the remote hosts should be built using InetAddress.getByName(java.lang.String) with the host name (matching the certificate CN) as the argument. Failure to do so may cause relatively costly DNS lookups and false rejections caused by inconsistencies between forward and reverse resolution.

Author:
Peter Donald, Federico Barbieri, Charles Benett, Harish Prabandham, Costin Manolache, Craig McClanahan, Andrei Ivanov, Greg Steuck

Field Summary
 
Fields inherited from class org.apache.avalon.cornerstone.blocks.sockets.AbstractTLSSocketFactory
m_socketTimeOut
 
Constructor Summary
TLSSocketFactory()
           
 
Method Summary
 void configure(Configuration configuration)
          Configures the factory.
 java.net.Socket createSocket(java.net.InetAddress address, int port)
          Creates a socket connected to the specified remote address.
 java.net.Socket createSocket(java.net.InetAddress address, int port, java.net.InetAddress localAddress, int localPort)
          Creates a socket and connected to the specified remote address originating from specified local address.
protected  void visitBuilder(SSLFactoryBuilder builder)
          The child factories have to use an instance of SSLFactoryBuilder to obtain their factories.
 
Methods inherited from class org.apache.avalon.cornerstone.blocks.sockets.AbstractTLSSocketFactory
contextualize, initialize
 
Methods inherited from class org.apache.avalon.framework.logger.AbstractLogEnabled
enableLogging, getLogger, setupLogger, setupLogger, setupLogger
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.apache.avalon.framework.context.Contextualizable
contextualize
 
Methods inherited from interface org.apache.avalon.framework.activity.Initializable
initialize
 

Constructor Detail

TLSSocketFactory

public TLSSocketFactory()
Method Detail

configure

public void configure(Configuration configuration)
               throws ConfigurationException
Configures the factory.

Specified by:
configure in interface Configurable
Overrides:
configure in class AbstractTLSSocketFactory
Parameters:
configuration - the Configuration
Throws:
ConfigurationException - if an error occurs

visitBuilder

protected void visitBuilder(SSLFactoryBuilder builder)
Description copied from class: AbstractTLSSocketFactory
The child factories have to use an instance of SSLFactoryBuilder to obtain their factories. So they are given an instance when it's ready. Another alternative was to have the SSLFactoryBuilder export buildContext method, but that would mean SSLContext which is deep in Sun guts will be aired in 3-4 classes instead of 1.

Specified by:
visitBuilder in class AbstractTLSSocketFactory

createSocket

public java.net.Socket createSocket(java.net.InetAddress address,
                                    int port)
                             throws java.io.IOException
Creates a socket connected to the specified remote address.

Specified by:
createSocket in interface SocketFactory
Parameters:
address - the remote address
port - the remote port
Returns:
the socket
Throws:
java.io.IOException - if an error occurs

createSocket

public java.net.Socket createSocket(java.net.InetAddress address,
                                    int port,
                                    java.net.InetAddress localAddress,
                                    int localPort)
                             throws java.io.IOException
Creates a socket and connected to the specified remote address originating from specified local address.

Specified by:
createSocket in interface SocketFactory
Parameters:
address - the remote address
port - the remote port
localAddress - the local address
localPort - the local port
Returns:
the socket
Throws:
java.io.IOException - if an error occurs


Copyright © 1997-2005 The Apache Software Foundation. All Rights Reserved.