JXSSLSocketFactory.java
| Index Score | ||
|---|---|---|
 |
 |
com.ca.commons.security |
 |
 |
JXplorer |
View: Reasons, Metrics, Source Code
These are the metrics that contribute to the Enerjy Score for this file, ranked by impact. So the metrics listed at the top influence the score to a greater extent that the metrics listed at the bottom.
| Metric | Description | |
|---|---|---|
| JAVA0034 | JAVA0034 Missing braces in if statement |  |
| COMMENTS | Comment lines | |
| JAVA0081 | JAVA0081 Boolean literal in comparison | |
| EXEC_COMMENTS | Comments in executable code | |
| JAVA0115 | JAVA0115 Incorrect javadoc: no @throws or @exception tag for 'exception' | |
| DOC_COMMENT | Number of javadoc comment lines | |
| BLOCK_COMMENT | Number of block comment lines | |
| DECL_COMMENTS | Comments in declarations | |
| JAVA0160 | JAVA0160 Method does not throw specified exception | |
| SIZE | Size of the file in bytes | |
| JAVA0108 | JAVA0108 Incorrect javadoc: no @param tag for 'parameter' | |
| JAVA0110 | JAVA0110 Incorrect javadoc: no @return tag | |
| RETURNS | Number of return points from functions | |
| INTERFACE_COMPLEXITY | Interface complexity | |
| LINES | Number of lines in the source file | |
| PROGRAM_VOLUME | Halstead program volume | |
| JAVA0126 | JAVA0126 Method declares unchecked exception in throws | |
| LINE_COMMENT | Number of line comments | |
| JAVA0117 | JAVA0117 Missing javadoc: method 'method' | |
| JAVA0029 | JAVA0029 Private method not used | |
| PARAMS | Number of formal parameter declarations | |
| LOOPS | Number of loops | |
| BLOCKS | Number of blocks | |
| LOGICAL_LINES | Number of statements | |
| ELOC | Effective lines of code | |
| JAVA0145 | JAVA0145 Tab character used in source file | |
package com.ca.commons.security;
/**
* JXSSLSocketFactory.java
*/
import java.io.*;
import java.net.*;
import javax.net.SocketFactory;
import javax.net.ssl.SSLSocketFactory;
import java.security.*;
import java.awt.*;
import javax.net.ssl.*; // jdk 1.4 includes ssl in standard distro
/**
* <p>Socket factory for SSL jndi links that returns an SSL socket.
* It incorporates a keystore, which must contain the certs used
* to authenticate the client.</p>
*
* <p>This code is based on sample code made freely available by author
* Spencer W. Thomas on his web site http://hubris.engin.umich.edu/java/
* On Wed 24 May, 2000.</p>
*
* <p><b>Warning</b></p>
*
* <p>This class relies heavily on an internal, single, static SSLSocketFactory.
* multiple objects of this type in fact will use the same internal SSLSocketFactory.
* (This is why a single static init() method sets up everything for the entire
* class.) The reason for this structure is that JndiSocketFactory is dynamically
* invoked by the jndi connection, and we have no other chance to initialise the
* object.</p>
*/
public class JXSSLSocketFactory extends SSLSocketFactory
{
/**
* This is the (static) factory internally shared between
* all JndiSocketFactory objects.
*/
private static SSLSocketFactory factory = null;
/**
* A single default object of this class. It is
* initialised when first called for, and then reused
* whenever called again.
*/
private static JXSSLSocketFactory default_factory = null;
private static KeyStore clientKeystore;
/**
* The sun 'JKS' keystore is the simplest and most commonly
* available keystore type.
*/
private static final String DEFAULT_KEYSTORE_TYPE = "JKS";
/**
* the class loader to use for loading security providers
* 'n stuff. Defaults to the system loader.
*/
private static ClassLoader myClassLoader = null;
/**
* Register a custom class loader to be used by
* the class when getting security providers.
*/
public static void setClassLoader(ClassLoader newLoader)
{
myClassLoader = newLoader;
}
/**
* checks that myClassLoader is initialised, uses the System
* default loader if it isn't, and returns the guaranteed
* initialised loader.
*/
private static ClassLoader getClassLoader()
{
if (myClassLoader == null)
myClassLoader = ClassLoader.getSystemClassLoader();
return myClassLoader;
}
/**
* <p>Enable debugging...</p>
* <P>WARNING - this doesn't seem to be working...??</p>
*/
public static void setDebug(boolean status)
{
/*
all turn on all debugging
ssl turn on ssl debugging
The following can be used with ssl:
record enable per-record tracing
handshake print each handshake message
keygen print key generation data
session print session activity
handshake debugging can be widened with:
data hex dump of each handshake message
verbose verbose handshake message printing
record debugging can be widened with:
plaintext hex dump of record plaintext
*/
if (status == true)
System.setProperty("javax.net.debug", "ssl,handshake,verbose");
else
{
System.setProperty("javax.net.debug", " ");
}
}
/**
* <p>Initialize the socket factory with a particular key store(s) and
* security provider. The minimum requirement is for a keystore
* containing trusted directory servers (the 'castore', or trusted
* certificate authority store, since the servers are usually signed
* by a common CA, whose cert would be held in this file).</p>
*
* <p>Further options include a private key store (the 'clientstore')
* that allows for client-authenticated ssl and SASL).</p>
*
* <p>Finally, it is possible to configure a non-standard keystore
* type and security provider. The keystore type defaults to Sun's
* JKS (at time of writting, the only keystore type that the default
* Sun security provider will handle).</p>
*
* <p>Nb. - it is possible to set a custom class loader (using
* 'registerClassLoader()' ) in which case this loader can be used
* to load the security provider.</p>
*
* @param caKeystoreFile A keystore file name of public certificates (trusted CA signs)
* @param clientKeystoreFile A keystore file name of the client's certificates, containing private keys.
* (may be null if only simple, 'server authenticated' ssl is being used).
* @param caPassphrase A password for the caKeystoreFile certificate.
* (may be null if only simple, 'server authenticated' ssl is being used, and keystore type is 'JKS').
* <b>Calling Program must manually clear passphrase after init() call.</b>
* @param clientPassphrase A password for the clientKeystoreFile certificate.
* (may be null if only simple, 'server authenticated' ssl is being used).
* <b>Calling Program must manually clear passphrase after init() call.</b>
* @param caKeystoreType The type of cakeystore file. (null => 'JKS')
* @param clientKeystoreType The type of clientkeystore file. (null => 'JKS')
* @param owner The owning GUI frame used for possible user interaction.
*/
//
// Implementation note: this may be called repeatedly, with different info,
// as new connections are made. This is unsatisfactory, and dangerous if it
// is being used from multiple threads, but is unavoidable due to the difficulty
// of setting jndi to use a specific SSL socket class (we have to pass it a
// factory). Hence we need to be sure that different calls don't interfere,
// even at the cost of recreating objects unnecessarily...
//
public static void init(String caKeystoreFile, String clientKeystoreFile,
char[] caPassphrase, char[] clientPassphrase,
String caKeystoreType, String clientKeystoreType, Frame owner)
//throws Exception
throws GeneralSecurityException, IOException
{
boolean usingSASL = false; // whether we are using client-authenticated SSL
checkFileSanity(caKeystoreFile, clientKeystoreFile, clientPassphrase);
if ((clientPassphrase!=null) && (clientPassphrase.length>0) && (clientKeystoreFile != null))
usingSASL = true;
// use the client store if there is no caKeystoreFile.
if (caKeystoreFile == null && clientKeystoreFile != null)
caKeystoreFile = clientKeystoreFile;
// set cert authority keystore type to default if required.
if (caKeystoreType == null)
caKeystoreType = DEFAULT_KEYSTORE_TYPE;
// set the ssl protocol - usually "TLS" unless over-ridden
SSLContext sslctx = setSSLContextProtocol();
/*
* The KeyManagerFactory manages the clients certificates *and* private keys,
* which allow the client to authenticate itself to others. It is not required
* for 'simple' SSL, only for SASL.
*/
KeyManagerFactory clientKeyManagerFactory = null;
TrustManagerFactory caTrustManagerFactory = null;
KeyStore caKeystore = null;
KeyManager[] clientKeyManagers = null;
/*
* 'traditional' server-authenticated ssl only requires the use of a trusted server
* keystore. Stronger client-authenticated ssl that requires both parties to authenticate
* (as used in LDAP SASL/External) requires a client keystore with a client private key.
*/
if (usingSASL)
{
/*
* Create a keystore to hold the client certificates and private keys.
*/
if (clientKeystoreType == null)
clientKeystoreType = DEFAULT_KEYSTORE_TYPE;
clientKeystore = KeyStore.getInstance(clientKeystoreType); // key manager key store
/*
* Load the keystore from the client keystore file using the client
* keystore password.
*/
if (clientKeystoreFile != null)
clientKeystore.load(new FileInputStream(clientKeystoreFile), clientPassphrase);
/*
* Create a key manager using the default sun X509 key manager
*/
clientKeyManagerFactory = KeyManagerFactory.getInstance("SunX509");
/*
* Initialise the client keystore manager with the just loaded keystore,
* and the keystore password.
*/
clientKeyManagerFactory.init(clientKeystore, clientPassphrase);
/*
* Initialise the list of key managers
*/
clientKeyManagers = clientKeyManagerFactory.getKeyManagers();
}
else
{
clientKeystore = null;
}
/*
* Initialise the trusted server certificate keystore.
*/
caKeystore = KeyStore.getInstance(caKeystoreType);
/*
* Load the keys from the 'certificate authority' keystore (the trusted server keystore) file.
*/
if (caKeystoreFile != null)
{
// caPassword may be null for some keystores (e.g. a 'JKS' keystore), and it is not an error.
caKeystore.load(new FileInputStream(caKeystoreFile), caPassphrase);
}
/**
* Create a trust manager using the default algorithm
* (can be set using 'ssl.TrustManagerFactory.algorithm=...' in java.security file - default is usually 'SunX509')
* - code suggestion from Vadim Tarassov
*/
String defaultTrustAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
caTrustManagerFactory = TrustManagerFactory.getInstance(defaultTrustAlgorithm);
/*
* Create a trust manager factory using the default java X509 certificate based trust manager.
*/
// caTrustManagerFactory = TrustManagerFactory.getInstance("SunX509");
/*
* Initialise the trust manager with the keystore containing the trusted server certs.
*/
caTrustManagerFactory.init(caKeystore);
/*
* Get the list of trust managers from the trust manager factory, to initialise the
* ssl context with.
*/
TrustManager[] caTrustManagers = caTrustManagerFactory.getTrustManagers();
caTrustManagers = JXTrustManager.convert(caTrustManagers, caKeystore, caKeystoreFile, caPassphrase, caKeystoreType, owner);
TrustManager[] trustedServerAndCAManagers = caTrustManagers;
sslctx.init(clientKeyManagers, trustedServerAndCAManagers, null);
factory = sslctx.getSocketFactory();
// we need to set/reset the default factory to take account of the new initialisation data received
// (this method may be called multiple times in the course of JXplorer's use.
synchronized(JXSSLSocketFactory.class)
{
default_factory = new JXSSLSocketFactory();
}
}
/**
* evil undocumented feature - can change SSL protocol on command line
* (needed for mainframe TOPSECRET folks who have want to use SSLv3).
* ... normally it just returns "TLS".
* @return
* @throws NoSuchAlgorithmException
*/
private static SSLContext setSSLContextProtocol() throws NoSuchAlgorithmException
{
SSLContext sslctx;
String protocol = System.getProperty("sslversion", "TLS"); // TLS for java 1.4
if (!"TLS".equals(protocol))
System.out.println("SECURITY WARNING: Using non-standard ssl version: '" + protocol + "'");
sslctx = SSLContext.getInstance(protocol);
return sslctx;
}
/**
* Checks that the files containing the keystores really exist.
* Throws an exception (that can be bubbled through to the gui)
* if they don't. This is much clearer than relying on the
* Sun ssl stuff to meaningfully report back the error :-).
*
* Also insist that we have at least one viable keystore to work with.
*/
private static void checkFileSanity(String caKeystoreFile, String clientKeystoreFile, char[] clientPassphrase)
throws SSLException
{
if (clientKeystoreFile == null && caKeystoreFile == null)
throw new SSLException("SSL Initialisation error: No valid keystore files available.");
if (caKeystoreFile != null)
if (new File(caKeystoreFile).exists() == false)
throw new SSLException("SSL Initialisation error: file '" + caKeystoreFile + "' does not exist.");
if (clientKeystoreFile != null && clientPassphrase != null)
if (new File(clientKeystoreFile).exists() == false)
throw new SSLException("SSL Initialisation error: file '" + clientKeystoreFile + "' does not exist.");
}
// DEBUG PRINT CODE - don't remove, can be quite usefull...
/*
KeyManager[] myKM = new KeyManager[keyManagers.length];
for (int i=0; i<keyManagers.length; i++)
{
myKM[i] = new MyX509KeyManager((X509KeyManager)keyManagers[i]);
}
TrustManager[] myTM = new TrustManager[trustManagers.length];
for (int i=0; i<trustManagers.length; i++)
{
myTM[i] = new MyX509TrustManager((X509TrustManager)trustManagers[i]);
}
System.out.println("Number of Keymanagers = " + myKM.length);
if (myKM.length >=1)
{
KeyManager bloop = myKM[0];
if (bloop == null) System.out.println("Bloop is Null???!");
System.out.println("bloop is a " + bloop.getClass());
if (bloop instanceof X509KeyManager)
{
System.out.println("bloop is X509KeyManager!");
String[] clients = ((X509KeyManager)bloop).getClientAliases("SunX509", null);
System.out.println("Num clients = " + clients.length);
for (int i=0; i<clients.length; i++)
System.out.println("client: " + i + " = " + clients[i]);
}
}
System.out.println("Number of Trustmanagers = " + myTM.length);
if (myTM.length >=1)
{
TrustManager bloop = myTM[0];
if (bloop == null) System.out.println("Bloop is Null???!");
System.out.println("bloop is a " + bloop.getClass());
if (bloop instanceof X509TrustManager)
{
System.out.println("bloop is X509TrustManager!");
((X509TrustManager)bloop).getAcceptedIssuers();
}
}
*/
/**
* Constructor
*/
public JXSSLSocketFactory()
{
}
/**
* <p>Return an instance of this class.</p>
*
* <p>Each call to 'init()' should reset the default factory.</p>
*
*
* @return An instance of JndiSocketFactory.
*/
public static SocketFactory getDefault()
{
synchronized(JXSSLSocketFactory.class)
{
if (default_factory == null)
default_factory = new JXSSLSocketFactory();
}
return default_factory;
}
public static KeyStore getClientKeyStore() {
return clientKeystore;
}
/**
* Return an SSLSocket (upcast to Socket) given host and port.
*
* @param host Name of the host to which the socket will be opened.
* @param port Port to connect to.
* @return An SSLSocket instance (as a Socket).
* @throws IOException If the connection can't be established.
* @throws UnknownHostException If the host is not known.
*/
public Socket createSocket(String host, int port)
throws IOException, UnknownHostException
{
return factory.createSocket(host, port);
}
/**
* Return an SSLSocket (upcast to Socket) given host and port.
*
* @param host Address of the server host.
* @param port Port to connect to.
* @return An SSLSocket instance (as a Socket).
* @throws IOException If the connection can't be established.
* @throws UnknownHostException If the host is not known.
*/
public Socket createSocket(InetAddress host, int port)
throws IOException, UnknownHostException
{
return factory.createSocket(host, port);
}
/**
* Return an SSLSocket (upcast to Socket) given host and port.
* The client is bound to the specified network address and port.
*
* @param host Address of the server host.
* @param port Port to connect to.
* @param client_host Address of this (client) host.
* @param port Port to connect from.
* @return An SSLSocket instance (as a Socket).
* @throws IOException If the connection can't be established.
* @throws UnknownHostException If the host is not known.
*/
public Socket createSocket(InetAddress host, int port,
InetAddress client_host, int client_port)
throws IOException, UnknownHostException
{
return factory.createSocket(host, port, client_host, client_port);
}
/**
* Return an SSLSocket (upcast to Socket) given host and port.
* The client is bound to the specified network address and port.
*
* @param host Address of the server host.
* @param port Port to connect to.
* @param client_host Address of this (client) host.
* @param port Port to connect from.
* @return An SSLSocket instance (as a Socket).
* @throws IOException If the connection can't be established.
* @throws UnknownHostException If the host is not known.
*/
public Socket createSocket(String host, int port,
InetAddress client_host, int client_port)
throws IOException, UnknownHostException
{
return factory.createSocket(host, port, client_host, client_port);
}
/**
* Return an SSLSocket layered on top of the given Socket.
*/
public Socket createSocket(Socket socket, String host, int port, boolean autoclose)
throws IOException, UnknownHostException
{
return factory.createSocket(socket, host, port, autoclose);
}
/**
* Return default cipher suites.
*/
public String[] getDefaultCipherSuites()
{
return factory.getDefaultCipherSuites();
}
/**
* Return supported cipher suites.
*/
public String[] getSupportedCipherSuites()
{
return factory.getSupportedCipherSuites();
}
}
The table below shows all metrics for JXSSLSocketFactory.java.
| Metric | Value | Description | |
|---|---|---|---|
| BLOCKS | 22.00 | Number of blocks | |
| BLOCK_COMMENT | 104.00 | Number of block comment lines | |
| COMMENTS | 286.00 | Comment lines | |
| COMMENT_DENSITY | 2.53 | Comment density | |
| COMPARISONS | 20.00 | Number of comparison operators | |
| CYCLOMATIC | 36.00 | Cyclomatic complexity | |
| DECL_COMMENTS | 25.00 | Comments in declarations | |
| DOC_COMMENT | 165.00 | Number of javadoc comment lines | |
| ELOC | 113.00 | Effective lines of code | |
| EXEC_COMMENTS | 20.00 | Comments in executable code | |
| EXITS | 28.00 | Procedure exits | |
| FUNCTIONS | 16.00 | Number of function declarations | |
| HALSTEAD_DIFFICULTY | 45.45 | Halstead difficulty | |
| HALSTEAD_EFFORT | 0.00 | Halstead effort | |
| INTERFACE_COMPLEXITY | 73.00 | Interface complexity | |
| JAVA0001 | 0.00 | JAVA0001 Package name does not contain only lower case letters | |
| JAVA0002 | 0.00 | JAVA0002 Package name does not begin with a top level domain name or country code | |
| JAVA0003 | 0.00 | JAVA0003 Minimize use of on-demand (.*) imports | |
| JAVA0004 | 0.00 | JAVA0004 Unnecessary import from java.lang | |
| JAVA0005 | 1.00 | JAVA0005 Imports not in specified order | |
| JAVA0006 | 0.00 | JAVA0006 Empty finally block | |
| JAVA0007 | 0.00 | JAVA0007 Should not declare public field | |
| JAVA0008 | 0.00 | JAVA0008 Empty catch block | |
| JAVA0009 | 0.00 | JAVA0009 Protected member in final class | |
| JAVA0010 | 0.00 | JAVA0010 Non-instantiable class does not contain a non-private static member | |
| JAVA0011 | 0.00 | JAVA0011 Abstract class does not contain an abstract method | |
| JAVA0012 | 0.00 | JAVA0012 Non-constructor method with same name as declaring class | |
| JAVA0013 | 0.00 | JAVA0013 Non-blank final field is not static | |
| JAVA0014 | 0.00 | JAVA0014 Class with only static members has non-private constructor | |
| JAVA0015 | 0.00 | JAVA0015 Package class contains public nested type | |
| JAVA0016 | 0.00 | JAVA0016 Abstract class contains public constructor | |
| JAVA0017 | 0.00 | JAVA0017 Class name does not have required form | |
| JAVA0018 | 0.00 | JAVA0018 Method name does not have required form | |
| JAVA0019 | 0.00 | JAVA0019 Interface name does not have required form | |
| JAVA0020 | 0.00 | JAVA0020 Field name does not have required form | |
| JAVA0021 | 0.00 | JAVA0021 Interface method name does not have required form | |
| JAVA0022 | 0.00 | JAVA0022 Static final field name does not have required form | |
| JAVA0023 | 0.00 | JAVA0023 Empty finalize method | |
| JAVA0024 | 0.00 | JAVA0024 Empty class | |
| JAVA0025 | 0.00 | JAVA0025 Method override is empty | |
| JAVA0026 | 0.00 | JAVA0026 Finalize method with parameters | |
| JAVA0029 | 1.00 | JAVA0029 Private method not used | |
| JAVA0030 | 0.00 | JAVA0030 Private field not used | |
| JAVA0031 | 0.00 | JAVA0031 Case statement not properly closed | |
| JAVA0032 | 0.00 | JAVA0032 Switch statement missing default | |
| JAVA0033 | 0.00 | JAVA0033 default: not last case in switch statement | |
| JAVA0034 | 14.00 | JAVA0034 Missing braces in if statement | |
| JAVA0035 | 0.00 | JAVA0035 Missing braces in for statement | |
| JAVA0036 | 0.00 | JAVA0036 Missing braces in while statement | |
| JAVA0038 | 0.00 | JAVA0038 Non-case label in switch statement | |
| JAVA0039 | 0.00 | JAVA0039 Break statement with label | |
| JAVA0040 | 0.00 | JAVA0040 Switch statement contains N cases (maximum: M) | |
| JAVA0041 | 0.00 | JAVA0041 Nested synchronized block | |
| JAVA0042 | 0.00 | JAVA0042 Empty synchronized statement | |
| JAVA0043 | 0.00 | JAVA0043 Inner class does not use outer class | |
| JAVA0044 | 0.00 | JAVA0044 Serializable class with no instance variables | |
| JAVA0045 | 0.00 | JAVA0045 Serializable class with only transient fields | |
| JAVA0046 | 0.00 | JAVA0046 Name of class not derived from Exception ends with 'Exception' | |
| JAVA0047 | 0.00 | JAVA0047 Serializable class derives from invalid base class | |
| JAVA0048 | 0.00 | JAVA0048 Name of class derived from Exception does not end with 'Exception' | |
| JAVA0049 | 0.00 | JAVA0049 Nested block at depth N (maximum: M) | |
| JAVA0050 | 0.00 | JAVA0050 Class derives from java.lang.Error | |
| JAVA0051 | 0.00 | JAVA0051 Class derives from java.lang.RuntimeException | |
| JAVA0052 | 0.00 | JAVA0052 Class derives from java.lang.Throwable | |
| JAVA0053 | 0.00 | JAVA0053 Unused label | |
| JAVA0054 | 0.00 | JAVA0054 Inheritance depth N exceeds maximum M | |
| JAVA0055 | 0.00 | JAVA0055 Class should be interface | |
| JAVA0056 | 0.00 | JAVA0056 Unnecessary abstract modifier for interface or annotation | |
| JAVA0057 | 1.00 | JAVA0057 Unnecessary default constructor | |
| JAVA0058 | 0.00 | JAVA0058 Constructor calls super() | |
| JAVA0059 | 0.00 | JAVA0059 Method override only calls super() | |
| JAVA0061 | 0.00 | JAVA0061 Inaccessible member in anonymous class | |
| JAVA0062 | 0.00 | JAVA0062 Public class missing public member or protected constructor | |
| JAVA0063 | 0.00 | JAVA0063 Identifier name should not contain '$' | |
| JAVA0064 | 0.00 | JAVA0064 N variations of identifier name (maximum: M) | |
| JAVA0065 | 0.00 | JAVA0065 Unnecessary final modifier for method in final class | |
| JAVA0066 | 0.00 | JAVA0066 Unnecessary modifier for interface nested type | |
| JAVA0067 | 0.00 | JAVA0067 Array descriptor on identifier name | |
| JAVA0068 | 0.00 | JAVA0068 Modifiers not declared in recommended order | |
| JAVA0071 | 0.00 | JAVA0071 Strings compared with == | |
| JAVA0073 | 0.00 | JAVA0073 Integer division in floating-point context | |
| JAVA0074 | 0.00 | JAVA0074 Use of Object.notify() | |
| JAVA0075 | 0.00 | JAVA0075 Method parameter hides field | |
| JAVA0076 | 0.00 | JAVA0076 Use of magic number | |
| JAVA0077 | 0.00 | JAVA0077 Private field not used in declaring class | |
| JAVA0078 | 0.00 | JAVA0078 Floating point values compared with == | |
| JAVA0079 | 0.00 | JAVA0079 Use of instance to reference static member | |
| JAVA0080 | 0.00 | JAVA0080 Import declaration not used | |
| JAVA0081 | 3.00 | JAVA0081 Boolean literal in comparison | |
| JAVA0082 | 0.00 | JAVA0082 Unnecessary widening cast | |
| JAVA0083 | 0.00 | JAVA0083 Unnecessary instanceof test | |
| JAVA0084 | 0.00 | JAVA0084 Should use compound assignment operator | |
| JAVA0085 | 0.00 | JAVA0085 Use of sun.* class | |
| JAVA0087 | 0.00 | JAVA0087 Use of Thread.sleep() | |
| JAVA0089 | 0.00 | JAVA0089 Use of restricted package | |
| JAVA0092 | 0.00 | JAVA0092 Use of restricted type | |
| JAVA0093 | 0.00 | JAVA0093 Redundant assignment | |
| JAVA0094 | 0.00 | JAVA0094 Field hides a superclass field | |
| JAVA0095 | 0.00 | JAVA0095 Uninitialized private field | |
| JAVA0096 | 0.00 | JAVA0096 Field in nested class hides outer field | |
| JAVA0098 | 0.00 | JAVA0098 Minimize use of implicit field initializers | |
| JAVA0100 | 0.00 | JAVA0100 Class contains N non-final fields (maximum: M) | |
| JAVA0101 | 0.00 | JAVA0101 Unnecessary modifier for field in interface | |
| JAVA0102 | 0.00 | JAVA0102 Last statement in finalize() not super.finalize() | |
| JAVA0103 | 0.00 | JAVA0103 Explicit call to finalize() | |
| JAVA0104 | 0.00 | JAVA0104 finalize() only calls super.finalize() | |
| JAVA0105 | 0.00 | JAVA0105 Duplicate import declaration | |
| JAVA0106 | 0.00 | JAVA0106 Unnecessary import from current package | |
| JAVA0108 | 5.00 | JAVA0108 Incorrect javadoc: no @param tag for 'parameter' | |
| JAVA0109 | 0.00 | JAVA0109 Incorrect javadoc: no parameter 'parameter' | |
| JAVA0110 | 4.00 | JAVA0110 Incorrect javadoc: no @return tag | |
| JAVA0111 | 0.00 | JAVA0111 Incorrect javadoc: @return tag for void method | |
| JAVA0112 | 0.00 | JAVA0112 Incorrect javadoc: no exception 'exception' in throws | |
| JAVA0113 | 1.00 | JAVA0113 Incorrect javadoc: no @author tag | |
| JAVA0114 | 1.00 | JAVA0114 Incorrect javadoc: no @version tag | |
| JAVA0115 | 5.00 | JAVA0115 Incorrect javadoc: no @throws or @exception tag for 'exception' | |
| JAVA0116 | 0.00 | JAVA0116 Missing javadoc: field 'field' | |
| JAVA0117 | 1.00 | JAVA0117 Missing javadoc: method 'method' | |
| JAVA0118 | 0.00 | JAVA0118 Missing javadoc: type 'type' | |
| JAVA0119 | 0.00 | JAVA0119 Control variable changed within body of for loop | |
| JAVA0123 | 0.00 | JAVA0123 Use all three components of for loop | |
| JAVA0125 | 0.00 | JAVA0125 Continue statement with label | |
| JAVA0126 | 0.00 | JAVA0126 Method declares unchecked exception in throws | |
| JAVA0128 | 0.00 | JAVA0128 Public constructor in non-public class | |
| JAVA0130 | 0.00 | JAVA0130 Non-static method does not use instance fields | |
| JAVA0131 | 0.00 | JAVA0131 Compatible method does not override base | |
| JAVA0132 | 0.00 | JAVA0132 Method overload with compatible signature | |
| JAVA0133 | 0.00 | JAVA0133 Non-synchronized method overrides synchronized method | |
| JAVA0135 | 0.00 | JAVA0135 Only one of Object.equals and Object.hashCode defined: missing 'method' | |
| JAVA0136 | 0.00 | JAVA0136 N methods defined in class (maximum: M) | |
| JAVA0137 | 0.00 | JAVA0137 Non-abstract class missing constructor | |
| JAVA0138 | 1.00 | JAVA0138 N parameters defined for method (maximum: M) | |
| JAVA0139 | 0.00 | JAVA0139 Definition of main other than public static void main(java.lang.String[]) | |
| JAVA0141 | 0.00 | JAVA0141 Unnecessary modifier for method in interface | |
| JAVA0143 | 0.00 | JAVA0143 Synchronized method | |
| JAVA0144 | 1.00 | JAVA0144 Line exceeds maximum M characters | |
| JAVA0145 | 51.00 | JAVA0145 Tab character used in source file | |
| JAVA0150 | 0.00 | JAVA0150 java.lang.Error (or subclass) thrown | |
| JAVA0153 | 0.00 | JAVA0153 Inefficient conversion of integer to string | |
| JAVA0159 | 0.00 | JAVA0159 Inefficient conversion of string to integer | |
| JAVA0160 | 3.00 | JAVA0160 Method does not throw specified exception | |
| JAVA0161 | 0.00 | JAVA0161 Conditional wait() not in loop | |
| JAVA0163 | 0.00 | JAVA0163 Empty statement | |
| JAVA0165 | 0.00 | JAVA0165 Conflicting return statement in finally block | |
| JAVA0166 | 0.00 | JAVA0166 Generic exception caught | |
| JAVA0167 | 0.00 | JAVA0167 ThreadDeath not rethrown | |
| JAVA0169 | 0.00 | JAVA0169 Unnecessary catch block: exception 'exception' | |
| JAVA0170 | 0.00 | JAVA0170 Caught exception not derived from java.lang.Exception | |
| JAVA0171 | 0.00 | JAVA0171 Unused local variable | |
| JAVA0173 | 0.00 | JAVA0173 Unused method parameter | |
| JAVA0174 | 0.00 | JAVA0174 Assigned local variable never used | |
| JAVA0175 | 0.00 | JAVA0175 Successive assignment to variable | |
| JAVA0176 | 0.00 | JAVA0176 Local variable name does not have required form | |
| JAVA0177 | 1.00 | JAVA0177 Variable declaration missing initializer | |
| JAVA0179 | 0.00 | JAVA0179 Local variable hides visible field | |
| JAVA0233 | 0.00 | JAVA0233 Definition of serialVersionUID other than 'private static final long serialVersionUID' | |
| JAVA0234 | 0.00 | JAVA0234 Class is Serializable but does not define serialVersionUID | |
| JAVA0235 | 0.00 | JAVA0235 Class defines serialVersionUID but does not implement Serializable | |
| JAVA0236 | 0.00 | JAVA0236 Attempt to clone an object which does not implement Cloneable | |
| JAVA0237 | 0.00 | JAVA0237 Class implements Cloneable but does not have public clone method | |
| JAVA0238 | 0.00 | JAVA0238 Clone method does not call super.clone() | |
| JAVA0239 | 0.00 | JAVA0239 Class declares 'readObject' or 'writeObject' but does not implement Serializable | |
| JAVA0240 | 0.00 | JAVA0240 Serializable class which declares readObject or writeObject but not both | |
| JAVA0241 | 0.00 | JAVA0241 'readObject' or 'writeObject' should be declared private in Serializable class | |
| JAVA0242 | 0.00 | JAVA0242 Transient field in non-Serializable class | |
| JAVA0243 | 0.00 | JAVA0243 'readResolve' or 'writeReplace' should be declared private or protected | |
| JAVA0244 | 0.00 | JAVA0244 Field or method name in subclass differs only by case from inherited field or method | |
| JAVA0245 | 0.00 | JAVA0245 JUnit TestCase with non-trivial constructor | |
| JAVA0246 | 0.00 | JAVA0246 JUnit assertXXX statement missing message parameter | |
| JAVA0247 | 0.00 | JAVA0247 JUnit 'setUp()' and 'tearDown()' should call super method | |
| JAVA0248 | 0.00 | JAVA0248 JUnit method 'setUp' or 'tearDown' with incorrect signature | |
| JAVA0249 | 0.00 | JAVA0249 JUnit TestCase 'suite()' should be declared static | |
| JAVA0250 | 0.00 | JAVA0250 JUnit TestCase declares testXXX method with incorrect signature | |
| JAVA0251 | 0.00 | JAVA0251 Use '%n' for line breaks in printf/format for platform independence | |
| JAVA0252 | 0.00 | JAVA0252 'enum' is a Java 1.5 reserved word | |
| JAVA0253 | 0.00 | JAVA0253 Not all enum constants consumed in switch statement | |
| JAVA0254 | 0.00 | JAVA0254 Use enhanced for loop construct instead of Iterator | |
| JAVA0255 | 0.00 | JAVA0255 Result of method invocation not used | |
| JAVA0256 | 0.00 | JAVA0256 Assignment of external collection/array to field | |
| JAVA0257 | 0.00 | JAVA0257 Use of 'Constant Interface' anti-pattern | |
| JAVA0258 | 0.00 | JAVA0258 Implement Iterable for foreach compatibility | |
| JAVA0259 | 0.00 | JAVA0259 Return of collection/array field | |
| JAVA0260 | 0.00 | JAVA0260 Use 'enum' instead of Enumerated Type pattern | |
| JAVA0261 | 0.00 | JAVA0261 Use specialized Enum collection types | |
| JAVA0262 | 0.00 | JAVA0262 Use of char in integer context | |
| JAVA0263 | 0.00 | JAVA0263 Long literal ends with 'l' instead of 'L' | |
| JAVA0264 | 0.00 | JAVA0264 Integer math in long context - check for overflow | |
| JAVA0265 | 0.00 | JAVA0265 Use of Throwable.printStackTrace() | |
| JAVA0266 | 1.00 | JAVA0266 Use of System.out | |
| JAVA0267 | 0.00 | JAVA0267 Use of System.err | |
| JAVA0269 | 0.00 | JAVA0269 Contents of StringBuffer never used | |
| JAVA0270 | 0.00 | JAVA0270 Use Java 5.0 enhanced for loop construct to iterate over all elements in an array | |
| JAVA0271 | 0.00 | JAVA0271 Minimize use of on-demand (.*) static imports | |
| JAVA0272 | 0.00 | JAVA0272 Thread.run() called | |
| JAVA0273 | 0.00 | JAVA0273 Non-final derivative of Thread calls start() in constructor | |
| JAVA0274 | 0.00 | JAVA0274 Serializable class has a synchronized readObject() | |
| JAVA0275 | 0.00 | JAVA0275 Serializable class has a synchronized writeObject() and no other synchronized methods | |
| JAVA0276 | 0.00 | JAVA0276 Unnecessary use of String constructor | |
| JAVA0277 | 0.00 | JAVA0277 Iterator.next() implementation does not throw NoSuchElementException | |
| JAVA0278 | 0.00 | JAVA0278 Unnecessary use of Boolean constructor | |
| JAVA0279 | 0.00 | JAVA0279 Serialization method readObject or readObjectNoData calls an overridable method | |
| JAVA0280 | 0.00 | JAVA0280 IllegalMonitorStateException caught | |
| JAVA0281 | 0.00 | JAVA0281 Iterator.next() not called in loop | |
| JAVA0282 | 0.00 | JAVA0282 Call to Iterator.next() in loop which does not test Iterator.hasNext() | |
| JAVA0283 | 0.00 | JAVA0283 Control variable not updated in loop body | |
| JAVA0284 | 0.00 | JAVA0284 Explicit garbage collection | |
| JAVA0285 | 0.00 | JAVA0285 Dereference of potentially null variable | |
| JAVA0286 | 0.00 | JAVA0286 Dereference of null variable | |
| JAVA0287 | 0.00 | JAVA0287 Unnecessary null check | |
| JAVA0288 | 0.00 | JAVA0288 Inconsistent null check | |
| LINES | 538.00 | Number of lines in the source file | |
| LINE_COMMENT | 17.00 | Number of line comments | |
| LOC | 157.00 | Lines of code | |
| LOGICAL_LINES | 64.00 | Number of statements | |
| LOOPS | 0.00 | Number of loops | |
| NEST_DEPTH | 2.00 | Maximum nesting depth | |
| OPERANDS | 317.00 | Number of operands | |
| OPERATORS | 598.00 | Number of operators | |
| PARAMS | 28.00 | Number of formal parameter declarations | |
| PROGRAM_LENGTH | 915.00 | Halstead program length | |
| PROGRAM_VOCAB | 175.00 | Halstead program vocabulary | |
| PROGRAM_VOLUME | 0.00 | Halstead program volume | |
| RETURNS | 45.00 | Number of return points from functions | |
| SIZE | 19136.00 | Size of the file in bytes | |
| UNIQUE_OPERANDS | 136.00 | Number of unique operands | |
| UNIQUE_OPERATORS | 39.00 | Number of unique operators | |
| WHITESPACE | 95.00 | Number of whitespace lines | |