Mercurial > hg > blitz_stable
comparison src/org/dancres/blitz/remote/ProxyVerifier.java @ 0:3dc0c5604566
Initial checkin of blitz 2.0 fcs - no installer yet.
| author | Dan Creswell <dan.creswell@gmail.com> |
|---|---|
| date | Sat, 21 Mar 2009 11:00:06 +0000 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:3dc0c5604566 |
|---|---|
| 1 package org.dancres.blitz.remote; | |
| 2 | |
| 3 import java.io.Serializable; | |
| 4 import java.io.IOException; | |
| 5 import java.io.InvalidObjectException; | |
| 6 import java.io.ObjectInputStream; | |
| 7 | |
| 8 import java.rmi.RemoteException; | |
| 9 | |
| 10 import net.jini.security.TrustVerifier; | |
| 11 | |
| 12 import net.jini.security.proxytrust.TrustEquivalence; | |
| 13 | |
| 14 import net.jini.core.constraint.RemoteMethodControl; | |
| 15 import net.jini.core.constraint.MethodConstraints; | |
| 16 | |
| 17 import net.jini.id.Uuid; | |
| 18 | |
| 19 /** | |
| 20 This class is responsible for verifying any of Blitz's proxy implementations | |
| 21 including LeaseImpl, BlitzProxy, AdminProxy and TxnParticipantProxy | |
| 22 */ | |
| 23 class ProxyVerifier implements TrustVerifier, Serializable { | |
| 24 private RemoteMethodControl theOriginalStub; | |
| 25 private Uuid theOriginalUuid; | |
| 26 | |
| 27 /** | |
| 28 Ensures that the passed stub meets the necessary criteria for | |
| 29 TrustVerification. If the stub does not qualify, we throw an | |
| 30 UnsupportedOperationException. This set of tests is necessary due | |
| 31 to the fact that the stub's compliance is determind, in part by | |
| 32 configuration of the appropriate Exporter in the config file. | |
| 33 */ | |
| 34 ProxyVerifier(BlitzServer aServer, Uuid aUuid) { | |
| 35 if (! (aServer instanceof RemoteMethodControl)) | |
| 36 throw new UnsupportedOperationException("Server stub does not support RemoteMethodControl - wrong Exporter?"); | |
| 37 | |
| 38 if (! (aServer instanceof TrustEquivalence)) | |
| 39 throw new UnsupportedOperationException("Server stub does not support TrustEquivalance - wrong Exporter?"); | |
| 40 | |
| 41 theOriginalStub = (RemoteMethodControl) aServer; | |
| 42 theOriginalUuid = aUuid; | |
| 43 } | |
| 44 | |
| 45 public boolean isTrustedObject(Object anObject, | |
| 46 TrustVerifier.Context aContext) | |
| 47 throws RemoteException { | |
| 48 | |
| 49 RemoteMethodControl myOtherServer; | |
| 50 Uuid myOtherUuid; | |
| 51 | |
| 52 /* | |
| 53 One might be tempted to implement all of this by having all proxies | |
| 54 implement a particular interface and obtain the details like that | |
| 55 but it opens the way to a "foreign" proxy implementing the interface | |
| 56 and nothing else such that it passes all our tests but actually isn't | |
| 57 our proxy - thus we test the concrete class. | |
| 58 */ | |
| 59 if (anObject instanceof ConstrainableBlitzProxy) { | |
| 60 ConstrainableBlitzProxy myProxy = (ConstrainableBlitzProxy) | |
| 61 anObject; | |
| 62 | |
| 63 myOtherServer = (RemoteMethodControl) myProxy.theStub; | |
| 64 myOtherUuid = myProxy.theUuid; | |
| 65 } else if (anObject instanceof ConstrainableTxnParticipantProxy) { | |
| 66 ConstrainableTxnParticipantProxy myProxy = | |
| 67 (ConstrainableTxnParticipantProxy) anObject; | |
| 68 | |
| 69 myOtherServer = (RemoteMethodControl) myProxy.theStub; | |
| 70 myOtherUuid = myProxy.theUuid; | |
| 71 } else if (anObject instanceof ConstrainableAdminProxy) { | |
| 72 ConstrainableAdminProxy myProxy = | |
| 73 (ConstrainableAdminProxy) anObject; | |
| 74 | |
| 75 myOtherServer = (RemoteMethodControl) myProxy.theStub; | |
| 76 myOtherUuid = myProxy.theUuid; | |
| 77 } else if (anObject instanceof ConstrainableLeaseImpl) { | |
| 78 ConstrainableLeaseImpl myProxy = | |
| 79 (ConstrainableLeaseImpl) anObject; | |
| 80 | |
| 81 myOtherServer = (RemoteMethodControl) myProxy.theStub; | |
| 82 myOtherUuid = myProxy.theUuid; | |
| 83 } else if ((anObject instanceof BlitzServer) && | |
| 84 (anObject instanceof RemoteMethodControl)) { | |
| 85 // Contributed services have this their code - might this be due | |
| 86 // to Activation? | |
| 87 myOtherServer = (RemoteMethodControl) anObject; | |
| 88 myOtherUuid = theOriginalUuid; | |
| 89 } else { | |
| 90 // It's nothing we know about - fail it. | |
| 91 return false; | |
| 92 } | |
| 93 | |
| 94 if (! theOriginalUuid.equals(myOtherUuid)) | |
| 95 return false; | |
| 96 | |
| 97 // Get client constraints from passed proxy | |
| 98 MethodConstraints myConstraints = myOtherServer.getConstraints(); | |
| 99 | |
| 100 // Create copy of original server stub with constraints applied | |
| 101 TrustEquivalence myConstrainedStub = | |
| 102 (TrustEquivalence) theOriginalStub.setConstraints(myConstraints); | |
| 103 | |
| 104 return myConstrainedStub.checkTrustEquivalence(myOtherServer); | |
| 105 } | |
| 106 | |
| 107 /** | |
| 108 We override this method to check that integrity of the Verifier has | |
| 109 been maintained. There are a number of potential sources of compromise | |
| 110 such as "fiddling" with the serialized steam or a "misbehaving" JVM | |
| 111 implementation. | |
| 112 */ | |
| 113 private void readObject(ObjectInputStream anOIS) | |
| 114 throws IOException, ClassNotFoundException { | |
| 115 | |
| 116 anOIS.defaultReadObject(); | |
| 117 | |
| 118 if ((theOriginalStub == null) || (theOriginalUuid == null)) { | |
| 119 throw new InvalidObjectException("Internal state has been compromised"); | |
| 120 } | |
| 121 | |
| 122 if (! (theOriginalStub instanceof TrustEquivalence)) | |
| 123 throw new InvalidObjectException("Stub doesn't implement TrustEquivalence"); | |
| 124 } | |
| 125 } | |
| 126 | |
| 127 |