com.sun.jini.discovery.internal

Class X500Server

java.lang.Object

com.sun.jini.discovery.internal.BaseProvider

com.sun.jini.discovery.internal.X500Server

All Implemented Interfaces:

DelayedMulticastRequestDecoder, DiscoveryFormatProvider, MulticastAnnouncementEncoder, MulticastRequestDecoder

public class X500Server
extends BaseProvider
implements DelayedMulticastRequestDecoder, MulticastAnnouncementEncoder

Superclass for server-side providers for the net.jini.discovery.x500.* discovery formats.

Field Summary

Fields

Modifier and Type	Field and Description
protected String	keyAlgorithm The key algorithm name (for example, "DSA").
protected String	keyAlgorithmOID The key algorithm OID.
protected int	maxSignatureLength The maximum length of generated signatures, in bytes.
protected String	signatureAlgorithm The signature algorithm (for example, "SHA1withDSA").

Fields inherited from class com.sun.jini.discovery.internal.BaseProvider

formatName

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	X500Server(String formatName, String signatureAlgorithm, int maxSignatureLength, String keyAlgorithm, String keyAlgorithmOID) Creates an instance with the given attributes.

Method Summary

Modifier and Type	Method and Description
MulticastRequest	decodeMulticastRequest(ByteBuffer buf, InvocationConstraints constraints, ClientSubjectChecker checker) Decodes the multicast request data contained in the given buffer in a manner that satisfies the specified absolute constraints and client subject checker (if any), returning a MulticastRequest instance that contains the decoded data.
MulticastRequest	decodeMulticastRequest(ByteBuffer buf, InvocationConstraints constraints, ClientSubjectChecker checker, boolean delayConstraintCheck) Decodes the multicast request data contained in the given buffer in a manner that satisfies the specified absolute constraints and client subject checker (if any), returning a MulticastRequest instance that contains the decoded data, with constraint checking optionally delayed.
void	encodeMulticastAnnouncement(MulticastAnnouncement announcement, DatagramBufferFactory bufs, InvocationConstraints constraints) Encodes the given multicast announcement data into byte buffers obtained from the provided datagram buffer factory, in a manner that satisfies the specified absolute constraints.
protected Certificate	getCertificate(X500Principal principal) Returns certificate corresponding to the given principal, or null if no matching certificate can be found.

Methods inherited from class com.sun.jini.discovery.internal.BaseProvider

getFormatName

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.sun.jini.discovery.DiscoveryFormatProvider

getFormatName

Field Detail

signatureAlgorithm

protected final String signatureAlgorithm

The signature algorithm (for example, "SHA1withDSA").

maxSignatureLength

protected final int maxSignatureLength

The maximum length of generated signatures, in bytes.

keyAlgorithm

protected final String keyAlgorithm

The key algorithm name (for example, "DSA").

keyAlgorithmOID

protected final String keyAlgorithmOID

The key algorithm OID.

Constructor Detail

X500Server

protected X500Server(String formatName,
                     String signatureAlgorithm,
                     int maxSignatureLength,
                     String keyAlgorithm,
                     String keyAlgorithmOID)

Creates an instance with the given attributes.

Method Detail

decodeMulticastRequest

public MulticastRequest decodeMulticastRequest(ByteBuffer buf,
                                               InvocationConstraints constraints,
                                               ClientSubjectChecker checker,
                                               boolean delayConstraintCheck)
                                        throws IOException

Description copied from interface: DelayedMulticastRequestDecoder

Decodes the multicast request data contained in the given buffer in a manner that satisfies the specified absolute constraints and client subject checker (if any), returning a MulticastRequest instance that contains the decoded data, with constraint checking optionally delayed. null constraints are considered equivalent to empty constraints. Constraint checking may be delayed using the delayConstraintCheck flag.

If the delayConstraintCheck flag is true, the method behaves as follows:

• Some of the specified constraints may not be checked before this method returns; the returned MulticastRequest's checkConstraints method must be invoked to complete checking of all the constraints.
• Constraints which must be checked before accessor methods of the returned MulticastRequest can be invoked are always checked before this method returns.

If delayConstraintCheck is false, all the specified constraints are checked before this method returns.

Specified by:

decodeMulticastRequest in interface DelayedMulticastRequestDecoder

Parameters:

buf - a buffer containing the packet data to decode. The contents of buf may be used on subsequent invocations of the returned MulticastRequest instance's checkConstraints method. The caller must ensure that the contents of buf are not modified before invocation of the checkConstraints method. Additionally, the multicast request data must begin at position zero of buf.

constraints - the constraints to apply when decoding the data, or null

checker - the object to use to check the client subject, or null

delayConstraintCheck - flag to control delayed constraint checking

Returns:

the decoded multicast request data

Throws:

IOException - if an error occurs in interpreting the data

UnsupportedConstraintException - if unable to satisfy the specified constraints

encodeMulticastAnnouncement

public void encodeMulticastAnnouncement(MulticastAnnouncement announcement,
                                        DatagramBufferFactory bufs,
                                        InvocationConstraints constraints)
                                 throws IOException

Description copied from interface: MulticastAnnouncementEncoder

Encodes the given multicast announcement data into byte buffers obtained from the provided datagram buffer factory, in a manner that satisfies the specified absolute constraints. null constraints are considered equivalent to empty constraints. Multicast announcement data that is too large to fit in a single datagram buffer is split across multiple buffers, with the constraints applied to each; this method is responsible for determining if and when to split the data based on the available space in the obtained buffers.

Specified by:

encodeMulticastAnnouncement in interface MulticastAnnouncementEncoder

Parameters:

announcement - the announcement data to encode

bufs - the factory for producing buffers in which to write encoded data

constraints - the constraints to apply when encoding the data, or null

Throws:

IOException - if an error occurs in encoding the data to send

UnsupportedConstraintException - if unable to satisfy the specified constraints

decodeMulticastRequest

public MulticastRequest decodeMulticastRequest(ByteBuffer buf,
                                               InvocationConstraints constraints,
                                               ClientSubjectChecker checker)
                                        throws IOException

Description copied from interface: MulticastRequestDecoder

Decodes the multicast request data contained in the given buffer in a manner that satisfies the specified absolute constraints and client subject checker (if any), returning a MulticastRequest instance that contains the decoded data. null constraints are considered equivalent to empty constraints. All the specified constraints are checked before this method returns.

Specified by:

decodeMulticastRequest in interface MulticastRequestDecoder

Parameters:

buf - a buffer containing the packet data to decode. The multicast request data must begin at position zero of buf.

constraints - the constraints to apply when decoding the data, or null

checker - the object to use to check the client subject, or null

Returns:

the decoded multicast request data

Throws:

IOException - if an error occurs in interpreting the data

UnsupportedConstraintException - if unable to satisfy the specified constraints

getCertificate

protected Certificate getCertificate(X500Principal principal)
                              throws IOException,
                                     GeneralSecurityException

Returns certificate corresponding to the given principal, or null if no matching certificate can be found. Subclasses can override this method to customize the certificate search mechanism.

The default implementation of this method does the following: the first time this method is called on this instance, a keystore containing trust anchors for the certificate to return is loaded. The location of the file to load the keystore from can be specified (in order of precedence) by the com.sun.jini.discovery.x500.trustStore and javax.net.ssl.trustStore system properties; if no location is specified, then the cacerts file in the lib/security subdirectory of the JDK installation directory is used. If specified, the location is treated as a URL. If no protocol is specified in the URL or it is an unknown protocol, then, the location is treated as a file name. Depending on which system property is used to specify the keystore location, the com.sun.jini.discovery.x500.trustStoreType and com.sun.jini.discovery.x500.trustStorePassword or javax.net.ssl.trustStoreType and javax.net.ssl.trustStorePassword system properties can be used to specify the type of the keystore and the password to use when loading it. If no keystore type is specified, then the type returned by KeyStore.getDefaultType() is used; if no password is specified, then no password is used when loading the keystore. Additionally, if the com.sun.jini.discovery.x500.ldapCertStores system property is set, its value is interpreted as a comma-separated list of "host[:port]" elements which are used to obtain references to LDAP-based CertStore instances.

For each call, the default implementation of this method creates a PKIX CertPathBuilder and calls its build method, passing as the argument a PKIXBuilderParameters instance initialized with the aforementioned keystore, CertStores (if any), and a CertSelector based on the provided X.500 principal and the key algorithm OID for this instance. If the build operation succeeds, the resulting certificate is returned.

Throws:

IOException

GeneralSecurityException