public class X500Server extends BaseProvider implements DelayedMulticastRequestDecoder, MulticastAnnouncementEncoder
Modifier and Type | Field and Description |
---|---|
protected String |
keyAlgorithm
The key algorithm name (for example, "DSA").
|
protected String |
keyAlgorithmOID
The key algorithm OID.
|
protected int |
maxSignatureLength
The maximum length of generated signatures, in bytes.
|
protected String |
signatureAlgorithm
The signature algorithm (for example, "SHA1withDSA").
|
formatName
Modifier | Constructor and Description |
---|---|
protected |
X500Server(String formatName,
String signatureAlgorithm,
int maxSignatureLength,
String keyAlgorithm,
String keyAlgorithmOID)
Creates an instance with the given attributes.
|
Modifier and Type | Method and Description |
---|---|
MulticastRequest |
decodeMulticastRequest(ByteBuffer buf,
InvocationConstraints constraints,
ClientSubjectChecker checker)
Decodes the multicast request data contained in the given buffer in a
manner that satisfies the specified absolute constraints and client
subject checker (if any), returning a
MulticastRequest instance
that contains the decoded data. |
MulticastRequest |
decodeMulticastRequest(ByteBuffer buf,
InvocationConstraints constraints,
ClientSubjectChecker checker,
boolean delayConstraintCheck)
Decodes the multicast request data contained in the given buffer in a
manner that satisfies the specified absolute constraints and client
subject checker (if any), returning a
MulticastRequest instance
that contains the decoded data, with constraint checking optionally
delayed. |
void |
encodeMulticastAnnouncement(MulticastAnnouncement announcement,
DatagramBufferFactory bufs,
InvocationConstraints constraints)
Encodes the given multicast announcement data into byte buffers obtained
from the provided datagram buffer factory, in a manner that satisfies
the specified absolute constraints.
|
protected Certificate |
getCertificate(X500Principal principal)
Returns certificate corresponding to the given principal, or null if no
matching certificate can be found.
|
getFormatName
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getFormatName
protected final String signatureAlgorithm
protected final int maxSignatureLength
protected final String keyAlgorithm
protected final String keyAlgorithmOID
public MulticastRequest decodeMulticastRequest(ByteBuffer buf, InvocationConstraints constraints, ClientSubjectChecker checker, boolean delayConstraintCheck) throws IOException
DelayedMulticastRequestDecoder
MulticastRequest
instance
that contains the decoded data, with constraint checking optionally
delayed.
null
constraints are
considered equivalent to empty constraints. Constraint checking may be
delayed using the delayConstraintCheck
flag.
If the delayConstraintCheck
flag is true
,
the method behaves as follows:
MulticastRequest
's
checkConstraints
method must be invoked to complete checking of all the constraints.
MulticastRequest
can be invoked are always
checked before this method returns.delayConstraintCheck
is false
, all the
specified constraints are checked before this method returns.decodeMulticastRequest
in interface DelayedMulticastRequestDecoder
buf
- a buffer containing the packet data to decode. The contents
of buf
may be used on subsequent invocations of the returned
MulticastRequest
instance's checkConstraints
method. The caller must ensure that the contents of buf
are
not modified before invocation of the checkConstraints
method. Additionally, the multicast request data must begin at position
zero of buf
.constraints
- the constraints to apply when decoding the data, or
null
checker
- the object to use to check the client subject, or
null
delayConstraintCheck
- flag to control delayed constraint checkingIOException
- if an error occurs in interpreting the dataUnsupportedConstraintException
- if unable to satisfy the
specified constraintspublic void encodeMulticastAnnouncement(MulticastAnnouncement announcement, DatagramBufferFactory bufs, InvocationConstraints constraints) throws IOException
MulticastAnnouncementEncoder
null
constraints are
considered equivalent to empty constraints. Multicast announcement data
that is too large to fit in a single datagram buffer is split across
multiple buffers, with the constraints applied to each; this method is
responsible for determining if and when to split the data based on the
available space in the obtained buffers.encodeMulticastAnnouncement
in interface MulticastAnnouncementEncoder
announcement
- the announcement data to encodebufs
- the factory for producing buffers in which to write encoded
dataconstraints
- the constraints to apply when encoding the data, or
null
IOException
- if an error occurs in encoding the data to sendUnsupportedConstraintException
- if unable to satisfy
the specified constraintspublic MulticastRequest decodeMulticastRequest(ByteBuffer buf, InvocationConstraints constraints, ClientSubjectChecker checker) throws IOException
MulticastRequestDecoder
MulticastRequest
instance
that contains the decoded data. null
constraints are
considered equivalent to empty constraints. All the specified
constraints are checked before this method returns.decodeMulticastRequest
in interface MulticastRequestDecoder
buf
- a buffer containing the packet data to decode. The multicast
request data must begin at position zero of buf
.constraints
- the constraints to apply when decoding the data, or
null
checker
- the object to use to check the client subject, or
null
IOException
- if an error occurs in interpreting the dataUnsupportedConstraintException
- if unable to satisfy the
specified constraintsprotected Certificate getCertificate(X500Principal principal) throws IOException, GeneralSecurityException
The default implementation of this method does the following: the first time this method is called on this instance, a keystore containing trust anchors for the certificate to return is loaded. The location of the file to load the keystore from can be specified (in order of precedence) by the com.sun.jini.discovery.x500.trustStore and javax.net.ssl.trustStore system properties; if no location is specified, then the cacerts file in the lib/security subdirectory of the JDK installation directory is used. If specified, the location is treated as a URL. If no protocol is specified in the URL or it is an unknown protocol, then, the location is treated as a file name. Depending on which system property is used to specify the keystore location, the com.sun.jini.discovery.x500.trustStoreType and com.sun.jini.discovery.x500.trustStorePassword or javax.net.ssl.trustStoreType and javax.net.ssl.trustStorePassword system properties can be used to specify the type of the keystore and the password to use when loading it. If no keystore type is specified, then the type returned by KeyStore.getDefaultType() is used; if no password is specified, then no password is used when loading the keystore. Additionally, if the com.sun.jini.discovery.x500.ldapCertStores system property is set, its value is interpreted as a comma-separated list of "host[:port]" elements which are used to obtain references to LDAP-based CertStore instances.
For each call, the default implementation of this method creates a PKIX CertPathBuilder and calls its build method, passing as the argument a PKIXBuilderParameters instance initialized with the aforementioned keystore, CertStores (if any), and a CertSelector based on the provided X.500 principal and the key algorithm OID for this instance. If the build operation succeeds, the resulting certificate is returned.
IOException
GeneralSecurityException
Copyright © GigaSpaces.