Mercurial > hg > blitz_stable

diff src/org/dancres/blitz/remote/ProxyVerifier.java @ 0:3dc0c5604566

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial checkin of blitz 2.0 fcs - no installer yet.
author Dan Creswell <dan.creswell@gmail.com>
date Sat, 21 Mar 2009 11:00:06 +0000
parents
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/org/dancres/blitz/remote/ProxyVerifier.java	Sat Mar 21 11:00:06 2009 +0000
@@ -0,0 +1,127 @@
+package org.dancres.blitz.remote;
+
+import java.io.Serializable;
+import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
+
+import java.rmi.RemoteException;
+
+import net.jini.security.TrustVerifier;
+
+import net.jini.security.proxytrust.TrustEquivalence;
+
+import net.jini.core.constraint.RemoteMethodControl;
+import net.jini.core.constraint.MethodConstraints;
+
+import net.jini.id.Uuid;
+
+/**
+   This class is responsible for verifying any of Blitz's proxy implementations
+   including LeaseImpl, BlitzProxy, AdminProxy and TxnParticipantProxy
+ */
+class ProxyVerifier implements TrustVerifier, Serializable {
+    private RemoteMethodControl theOriginalStub;
+    private Uuid theOriginalUuid;
+
+    /**
+       Ensures that the passed stub meets the necessary criteria for
+       TrustVerification.  If the stub does not qualify, we throw an
+       UnsupportedOperationException.  This set of tests is necessary due
+       to the fact that the stub's compliance is determind, in part by
+       configuration of the appropriate Exporter in the config file.
+     */
+    ProxyVerifier(BlitzServer aServer, Uuid aUuid) {
+        if (! (aServer instanceof RemoteMethodControl))
+            throw new UnsupportedOperationException("Server stub does not support RemoteMethodControl - wrong Exporter?");
+
+        if (! (aServer instanceof TrustEquivalence))
+            throw new UnsupportedOperationException("Server stub does not support TrustEquivalance - wrong Exporter?");
+
+        theOriginalStub = (RemoteMethodControl) aServer;
+        theOriginalUuid = aUuid;
+    }
+
+    public boolean isTrustedObject(Object anObject,
+                                   TrustVerifier.Context aContext)
+        throws RemoteException {
+
+        RemoteMethodControl myOtherServer;
+        Uuid myOtherUuid;
+
+        /*
+          One might be tempted to implement all of this by having all proxies
+          implement a particular interface and obtain the details like that
+          but it opens the way to a "foreign" proxy implementing the interface
+          and nothing else such that it passes all our tests but actually isn't
+          our proxy - thus we test the concrete class.
+         */
+        if (anObject instanceof ConstrainableBlitzProxy) {
+            ConstrainableBlitzProxy myProxy = (ConstrainableBlitzProxy)
+                anObject;
+
+            myOtherServer = (RemoteMethodControl) myProxy.theStub;
+            myOtherUuid = myProxy.theUuid;
+        } else if (anObject instanceof ConstrainableTxnParticipantProxy) {
+            ConstrainableTxnParticipantProxy myProxy = 
+                (ConstrainableTxnParticipantProxy) anObject;
+
+            myOtherServer = (RemoteMethodControl) myProxy.theStub;
+            myOtherUuid = myProxy.theUuid;
+        } else if (anObject instanceof ConstrainableAdminProxy) {
+            ConstrainableAdminProxy myProxy =
+                (ConstrainableAdminProxy) anObject;
+
+            myOtherServer = (RemoteMethodControl) myProxy.theStub;
+            myOtherUuid = myProxy.theUuid;
+        } else if (anObject instanceof ConstrainableLeaseImpl) {
+            ConstrainableLeaseImpl myProxy =
+                (ConstrainableLeaseImpl) anObject;
+
+            myOtherServer = (RemoteMethodControl) myProxy.theStub;
+            myOtherUuid = myProxy.theUuid;
+        } else if ((anObject instanceof BlitzServer) &&
+                   (anObject instanceof RemoteMethodControl)) {
+            // Contributed services have this their code - might this be due
+            // to Activation?
+            myOtherServer = (RemoteMethodControl) anObject;
+            myOtherUuid = theOriginalUuid;
+        } else {
+            // It's nothing we know about - fail it.
+            return false;
+        }
+
+        if (! theOriginalUuid.equals(myOtherUuid))
+            return false;
+
+        // Get client constraints from passed proxy
+        MethodConstraints myConstraints = myOtherServer.getConstraints();
+
+        // Create copy of original server stub with constraints applied
+        TrustEquivalence myConstrainedStub =
+            (TrustEquivalence) theOriginalStub.setConstraints(myConstraints);
+
+        return myConstrainedStub.checkTrustEquivalence(myOtherServer);
+    }
+
+    /**
+       We override this method to check that integrity of the Verifier has
+       been maintained.  There are a number of potential sources of compromise
+       such as "fiddling" with the serialized steam or a "misbehaving" JVM
+       implementation.
+     */
+    private void readObject(ObjectInputStream anOIS) 
+        throws IOException, ClassNotFoundException {
+
+        anOIS.defaultReadObject();
+
+        if ((theOriginalStub == null) || (theOriginalUuid == null)) {
+            throw new InvalidObjectException("Internal state has been compromised");
+        }
+
+        if (! (theOriginalStub instanceof TrustEquivalence))
+            throw new InvalidObjectException("Stub doesn't implement TrustEquivalence");
+    }
+}
+
+