Package de.tu_darmstadt.sp.rmi

provides the means for secure RMI calls.

See:
          Description

Class Summary
RegistryImpl Class RegistryImpl implements the Registry interface using an implementation object obtained from LocateRegistry.
RMISecureSocketFactory Class RMISecureSocketFactory creates secures sockets for RMI connections.
RMISSLServerSocket Class RMISSLServerSocket extends SSLeayServerSocket by creating a
RMISSLServerSocketFactory Class RMISSLServerSocketFactory provides server sockets for RMI calls.
RMISSLSocket Class RMISSLSocket extends the SSLeaySocket and provides an acoounting for all communications thorugh the created sockets: the most recent thread which used a socket is associated to it.
RMISSLSocketFactory Class RMISSLSocketFactory provides RMISSLSockets for RMI calls.
SecureRMIRegistry Class SecureRMIRegistry starts an RMI registry using secure sockets.
 

Package de.tu_darmstadt.sp.rmi Description

provides the means for secure RMI calls. In this context, secure means:

Additionally it provides methods which enable the caller (issuer of a remote call) to find out the identity of the called sever object, as well as every sever object to find out the identity of the current caller/client.

Package Specification

The package uses the de.tu_darmstadt.sp.ssl package for the SSL functionality. It is a nice example how to extend the de.tu_darmstadt.sp.ssl package.

In order to have "secure" RMI calls, we need socket factories which produce secure sockets. This is achieved by extending the SSLeayServerSocketFactory by RMISSLServerSocketFactory and SSLeaySocketFactory by RMISSLSocketFactory. We have to extend the default factories of the de.tu_darmstadt.sp.ssl package since a different policy for the created sockets is needed (full authentication for client and server). Finally, instances of the two mentioned factories are used in the RMISecureSocketFactory to create sockets and server sockets.

Every created socket is recorded. This information is needed at runtime by the RMI client or server to find out the peer's identity. This is the reason to extend the SSLeaySocket class, which does not perform any accounting of the connections it has participated into. The new socket class is RMISSLSocket. Wee need also to extend SSLeayServerSocket in order to produce RMISSLSockets. The new server socket class is RMISSLServerSocket.

Overview of the de.tu_darmstadt.sp.rmi classes

Using the de.tu_darmstadt.sp.rmi package

The following code example shows the actions to include in the static initialization or the main method of a RMI client/server:

// Specify the security information -- otherwise factory creation
// will fail
System.setProperty("iti.ssl.ca_file","/etc/CA/<thefile>");
System.setProperty("iti.ssl.cert_file","~/<thecert>");
System.setPropertu("iti.ssl.key_file","~/private/<thekey>");

// Set the new factory into the system
// (Specify a security manager..)
RMISocketFactory.setSocketFactory(new RMISecureSocketFactory());
System.setSecurityManager(new RMISecurityManager());


There is another posibility to create a secure connection, using the new RMI features of Java 2. You should use this alternative if you do not whish to have the secure sockets for all RMI calls. For a detailed description on how to use custom sockets, read the RMI documentation.



// Specify the security information -- otherwise factory creation
// will fail
System.setProperty("iti.ssl.ca_file","/etc/CA/<thefile>");
System.setProperty("iti.ssl.cert_file","~/<thecert>");
System.setPropertu("iti.ssl.key_file","~/private/<thekey>");

// create Unicast remote object..
clientFact = new RMISSLClientSocketFactory();
serverFact = new RMISSLServerSocketFactory();
rmiServerObject = new RMIServerWithCustomSockets(clientFact,serverFact);


Extending the de.tu_darmstadt.sp.rmi package

Extending the de.tu_darmstadt.sp.rmi package is straightforward. The only class which is subject of subclassing is RMISecureSocketFactory. This factory contains two other factory objects from which it gets the sockets and sever sockets. The two objects are declared as protected variables (serverFactory and clientFactory). Subclasses of RMISecureSocketFactory are encouraged to change in their constructor the default initialization for this variables.

Utilities of the de.tu_darmstadt.sp.rmi package

The de.tu_darmstadt.sp.rmi package contains also the srmiregistry programm, which is the secure rmiregistry counterpart (uses SSL sockets). The srmiregistry registers itslelf at the normal rmiregistry after creation. Therefore, its usage is:

srmiregistry registry_name
Note that rmiregistry has to be started before srmiregistry. Inside Java applications, the reference to the newly started registy service may be obtained using the following code:
 my_secure_registry=Naming.lookup(); 
 my_secure_registry.lookup(...)

Related Documentation