Mercurial > hg > blitz_condensed
comparison src/org/dancres/blitz/remote/ProxyVerifier.java @ 0:3dc0c5604566
Initial checkin of blitz 2.0 fcs - no installer yet.
author | Dan Creswell <dan.creswell@gmail.com> |
---|---|
date | Sat, 21 Mar 2009 11:00:06 +0000 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 0:3dc0c5604566 |
---|---|
1 package org.dancres.blitz.remote; | |
2 | |
3 import java.io.Serializable; | |
4 import java.io.IOException; | |
5 import java.io.InvalidObjectException; | |
6 import java.io.ObjectInputStream; | |
7 | |
8 import java.rmi.RemoteException; | |
9 | |
10 import net.jini.security.TrustVerifier; | |
11 | |
12 import net.jini.security.proxytrust.TrustEquivalence; | |
13 | |
14 import net.jini.core.constraint.RemoteMethodControl; | |
15 import net.jini.core.constraint.MethodConstraints; | |
16 | |
17 import net.jini.id.Uuid; | |
18 | |
19 /** | |
20 This class is responsible for verifying any of Blitz's proxy implementations | |
21 including LeaseImpl, BlitzProxy, AdminProxy and TxnParticipantProxy | |
22 */ | |
23 class ProxyVerifier implements TrustVerifier, Serializable { | |
24 private RemoteMethodControl theOriginalStub; | |
25 private Uuid theOriginalUuid; | |
26 | |
27 /** | |
28 Ensures that the passed stub meets the necessary criteria for | |
29 TrustVerification. If the stub does not qualify, we throw an | |
30 UnsupportedOperationException. This set of tests is necessary due | |
31 to the fact that the stub's compliance is determind, in part by | |
32 configuration of the appropriate Exporter in the config file. | |
33 */ | |
34 ProxyVerifier(BlitzServer aServer, Uuid aUuid) { | |
35 if (! (aServer instanceof RemoteMethodControl)) | |
36 throw new UnsupportedOperationException("Server stub does not support RemoteMethodControl - wrong Exporter?"); | |
37 | |
38 if (! (aServer instanceof TrustEquivalence)) | |
39 throw new UnsupportedOperationException("Server stub does not support TrustEquivalance - wrong Exporter?"); | |
40 | |
41 theOriginalStub = (RemoteMethodControl) aServer; | |
42 theOriginalUuid = aUuid; | |
43 } | |
44 | |
45 public boolean isTrustedObject(Object anObject, | |
46 TrustVerifier.Context aContext) | |
47 throws RemoteException { | |
48 | |
49 RemoteMethodControl myOtherServer; | |
50 Uuid myOtherUuid; | |
51 | |
52 /* | |
53 One might be tempted to implement all of this by having all proxies | |
54 implement a particular interface and obtain the details like that | |
55 but it opens the way to a "foreign" proxy implementing the interface | |
56 and nothing else such that it passes all our tests but actually isn't | |
57 our proxy - thus we test the concrete class. | |
58 */ | |
59 if (anObject instanceof ConstrainableBlitzProxy) { | |
60 ConstrainableBlitzProxy myProxy = (ConstrainableBlitzProxy) | |
61 anObject; | |
62 | |
63 myOtherServer = (RemoteMethodControl) myProxy.theStub; | |
64 myOtherUuid = myProxy.theUuid; | |
65 } else if (anObject instanceof ConstrainableTxnParticipantProxy) { | |
66 ConstrainableTxnParticipantProxy myProxy = | |
67 (ConstrainableTxnParticipantProxy) anObject; | |
68 | |
69 myOtherServer = (RemoteMethodControl) myProxy.theStub; | |
70 myOtherUuid = myProxy.theUuid; | |
71 } else if (anObject instanceof ConstrainableAdminProxy) { | |
72 ConstrainableAdminProxy myProxy = | |
73 (ConstrainableAdminProxy) anObject; | |
74 | |
75 myOtherServer = (RemoteMethodControl) myProxy.theStub; | |
76 myOtherUuid = myProxy.theUuid; | |
77 } else if (anObject instanceof ConstrainableLeaseImpl) { | |
78 ConstrainableLeaseImpl myProxy = | |
79 (ConstrainableLeaseImpl) anObject; | |
80 | |
81 myOtherServer = (RemoteMethodControl) myProxy.theStub; | |
82 myOtherUuid = myProxy.theUuid; | |
83 } else if ((anObject instanceof BlitzServer) && | |
84 (anObject instanceof RemoteMethodControl)) { | |
85 // Contributed services have this their code - might this be due | |
86 // to Activation? | |
87 myOtherServer = (RemoteMethodControl) anObject; | |
88 myOtherUuid = theOriginalUuid; | |
89 } else { | |
90 // It's nothing we know about - fail it. | |
91 return false; | |
92 } | |
93 | |
94 if (! theOriginalUuid.equals(myOtherUuid)) | |
95 return false; | |
96 | |
97 // Get client constraints from passed proxy | |
98 MethodConstraints myConstraints = myOtherServer.getConstraints(); | |
99 | |
100 // Create copy of original server stub with constraints applied | |
101 TrustEquivalence myConstrainedStub = | |
102 (TrustEquivalence) theOriginalStub.setConstraints(myConstraints); | |
103 | |
104 return myConstrainedStub.checkTrustEquivalence(myOtherServer); | |
105 } | |
106 | |
107 /** | |
108 We override this method to check that integrity of the Verifier has | |
109 been maintained. There are a number of potential sources of compromise | |
110 such as "fiddling" with the serialized steam or a "misbehaving" JVM | |
111 implementation. | |
112 */ | |
113 private void readObject(ObjectInputStream anOIS) | |
114 throws IOException, ClassNotFoundException { | |
115 | |
116 anOIS.defaultReadObject(); | |
117 | |
118 if ((theOriginalStub == null) || (theOriginalUuid == null)) { | |
119 throw new InvalidObjectException("Internal state has been compromised"); | |
120 } | |
121 | |
122 if (! (theOriginalStub instanceof TrustEquivalence)) | |
123 throw new InvalidObjectException("Stub doesn't implement TrustEquivalence"); | |
124 } | |
125 } | |
126 | |
127 |