| 
 | ||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectorg.apache.http.conn.ssl.SSLSocketFactory
SSLConnectionSocketFactory.
@Contract(threading=SAFE_CONDITIONAL) @Deprecated public class SSLSocketFactory
Layered socket factory for TLS/SSL connections.
SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.
 SSLSocketFactory will enable server authentication when supplied with
 a trust-store file containing one or several trusted certificates. The client
 secure socket will reject the connection during the SSL session handshake if the target HTTPS
 server attempts to authenticate itself with a non-trusted certificate.
 
Use JDK keytool utility to import a trusted certificate and generate a trust-store file:
keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
 In special cases the standard trust verification process can be bypassed by using a custom
 TrustStrategy. This interface is primarily intended for allowing self-signed
 certificates to be accepted as trusted without having to add them to the trust-store file.
 
 SSLSocketFactory will enable client authentication when supplied with
 a key-store file containing a private key/public certificate
 pair. The client secure socket will use the private key to authenticate
 itself to the target HTTPS server during the SSL session handshake if
 requested to do so by the server.
 The target HTTPS server will in its turn verify the certificate presented
 by the client in order to establish client's authenticity.
 
Use the following sequence of actions to generate a key-store file
Use JDK keytool utility to generate a new key
keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore
For simplicity use the same password for the key as that of the key-store
Issue a certificate signing request (CSR)
keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore
Send the certificate request to the trusted Certificate Authority for signature. One may choose to act as her own CA and sign the certificate request using a PKI tool, such as OpenSSL.
Import the trusted CA root certificate
keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore
Import the PKCS#7 file containg the complete certificate chain
keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore
Verify the content the resultant keystore file
keytool -list -v -keystore my.keystore
| Field Summary | |
|---|---|
| static X509HostnameVerifier | ALLOW_ALL_HOSTNAME_VERIFIERDeprecated. | 
| static X509HostnameVerifier | BROWSER_COMPATIBLE_HOSTNAME_VERIFIERDeprecated. | 
| static String | SSLDeprecated. | 
| static String | SSLV2Deprecated. | 
| static X509HostnameVerifier | STRICT_HOSTNAME_VERIFIERDeprecated. | 
| static String | TLSDeprecated. | 
| Constructor Summary | |
|---|---|
| SSLSocketFactory(KeyStore truststore)Deprecated. | |
| SSLSocketFactory(KeyStore keystore,
                 String keystorePassword)Deprecated. | |
| SSLSocketFactory(KeyStore keystore,
                 String keystorePassword,
                 KeyStore truststore)Deprecated. | |
| SSLSocketFactory(SSLContext sslContext)Deprecated. | |
| SSLSocketFactory(SSLContext sslContext,
                 HostNameResolver nameResolver)Deprecated. | |
| SSLSocketFactory(SSLContext sslContext,
                 String[] supportedProtocols,
                 String[] supportedCipherSuites,
                 X509HostnameVerifier hostnameVerifier)Deprecated. | |
| SSLSocketFactory(SSLContext sslContext,
                 X509HostnameVerifier hostnameVerifier)Deprecated. | |
| SSLSocketFactory(SSLSocketFactory socketfactory,
                 String[] supportedProtocols,
                 String[] supportedCipherSuites,
                 X509HostnameVerifier hostnameVerifier)Deprecated. | |
| SSLSocketFactory(SSLSocketFactory socketfactory,
                 X509HostnameVerifier hostnameVerifier)Deprecated. | |
| SSLSocketFactory(String algorithm,
                 KeyStore keystore,
                 String keyPassword,
                 KeyStore truststore,
                 SecureRandom random,
                 HostNameResolver nameResolver)Deprecated. | |
| SSLSocketFactory(String algorithm,
                 KeyStore keystore,
                 String keyPassword,
                 KeyStore truststore,
                 SecureRandom random,
                 TrustStrategy trustStrategy,
                 X509HostnameVerifier hostnameVerifier)Deprecated. | |
| SSLSocketFactory(String algorithm,
                 KeyStore keystore,
                 String keyPassword,
                 KeyStore truststore,
                 SecureRandom random,
                 X509HostnameVerifier hostnameVerifier)Deprecated. | |
| SSLSocketFactory(TrustStrategy trustStrategy)Deprecated. | |
| SSLSocketFactory(TrustStrategy trustStrategy,
                 X509HostnameVerifier hostnameVerifier)Deprecated. | |
| Method Summary | |
|---|---|
|  Socket | connectSocket(int connectTimeout,
              Socket socket,
              org.apache.http.HttpHost host,
              InetSocketAddress remoteAddress,
              InetSocketAddress localAddress,
              org.apache.http.protocol.HttpContext context)Deprecated. Connects the socket to the target host with the given resolved remote address. | 
|  Socket | connectSocket(Socket socket,
              InetSocketAddress remoteAddress,
              InetSocketAddress localAddress,
              org.apache.http.params.HttpParams params)Deprecated. Connects a socket to the target host with the given remote address. | 
|  Socket | connectSocket(Socket socket,
              String host,
              int port,
              InetAddress local,
              int localPort,
              org.apache.http.params.HttpParams params)Deprecated. Connects a socket to the given host. | 
|  Socket | createLayeredSocket(Socket socket,
                    String host,
                    int port,
                    boolean autoClose)Deprecated. Returns a socket connected to the given host that is layered over an existing socket. | 
|  Socket | createLayeredSocket(Socket socket,
                    String target,
                    int port,
                    org.apache.http.protocol.HttpContext context)Deprecated. Returns a socket connected to the given host that is layered over an existing socket. | 
|  Socket | createLayeredSocket(Socket socket,
                    String host,
                    int port,
                    org.apache.http.params.HttpParams params)Deprecated. Returns a socket connected to the given host that is layered over an existing socket. | 
|  Socket | createSocket()Deprecated. Creates a new, unconnected socket. | 
|  Socket | createSocket(org.apache.http.protocol.HttpContext context)Deprecated. Creates new, unconnected socket. | 
|  Socket | createSocket(org.apache.http.params.HttpParams params)Deprecated. Creates a new, unconnected socket. | 
|  Socket | createSocket(Socket socket,
             String host,
             int port,
             boolean autoClose)Deprecated. Returns a socket connected to the given host that is layered over an existing socket. | 
|  X509HostnameVerifier | getHostnameVerifier()Deprecated. | 
| static SSLSocketFactory | getSocketFactory()Deprecated. Obtains default SSL socket factory with an SSL context based on the standard JSSE trust material ( cacertsfile in the security properties directory). | 
| static SSLSocketFactory | getSystemSocketFactory()Deprecated. Obtains default SSL socket factory with an SSL context based on system properties as described in "JavaTM Secure Socket Extension (JSSE) Reference Guide for the JavaTM 2 Platform Standard Edition 5 | 
|  boolean | isSecure(Socket sock)Deprecated. Checks whether a socket connection is secure. | 
| protected  void | prepareSocket(SSLSocket socket)Deprecated. Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens). | 
|  void | setHostnameVerifier(X509HostnameVerifier hostnameVerifier)Deprecated. | 
| Methods inherited from class java.lang.Object | 
|---|
| clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait | 
| Field Detail | 
|---|
public static final String TLS
public static final String SSL
public static final String SSLV2
public static final X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER
public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
| Constructor Detail | 
|---|
public SSLSocketFactory(String algorithm,
                        KeyStore keystore,
                        String keyPassword,
                        KeyStore truststore,
                        SecureRandom random,
                        HostNameResolver nameResolver)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException
public SSLSocketFactory(String algorithm,
                        KeyStore keystore,
                        String keyPassword,
                        KeyStore truststore,
                        SecureRandom random,
                        TrustStrategy trustStrategy,
                        X509HostnameVerifier hostnameVerifier)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException
public SSLSocketFactory(String algorithm,
                        KeyStore keystore,
                        String keyPassword,
                        KeyStore truststore,
                        SecureRandom random,
                        X509HostnameVerifier hostnameVerifier)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException
public SSLSocketFactory(KeyStore keystore,
                        String keystorePassword,
                        KeyStore truststore)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException
public SSLSocketFactory(KeyStore keystore,
                        String keystorePassword)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException
public SSLSocketFactory(KeyStore truststore)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException
public SSLSocketFactory(TrustStrategy trustStrategy,
                        X509HostnameVerifier hostnameVerifier)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException
public SSLSocketFactory(TrustStrategy trustStrategy)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyExceptionpublic SSLSocketFactory(SSLContext sslContext)
public SSLSocketFactory(SSLContext sslContext,
                        HostNameResolver nameResolver)
public SSLSocketFactory(SSLContext sslContext,
                        X509HostnameVerifier hostnameVerifier)
public SSLSocketFactory(SSLContext sslContext,
                        String[] supportedProtocols,
                        String[] supportedCipherSuites,
                        X509HostnameVerifier hostnameVerifier)
public SSLSocketFactory(SSLSocketFactory socketfactory,
                        X509HostnameVerifier hostnameVerifier)
public SSLSocketFactory(SSLSocketFactory socketfactory,
                        String[] supportedProtocols,
                        String[] supportedCipherSuites,
                        X509HostnameVerifier hostnameVerifier)
| Method Detail | 
|---|
public static SSLSocketFactory getSocketFactory()
                                         throws SSLInitializationException
cacerts file in the security properties directory).
 System properties are not taken into consideration.
SSLInitializationException
public static SSLSocketFactory getSystemSocketFactory()
                                               throws SSLInitializationException
SSLInitializationException
public Socket createSocket(org.apache.http.params.HttpParams params)
                    throws IOException
SchemeSocketFactorySchemeSocketFactory.connectSocket(Socket, InetSocketAddress, InetSocketAddress, HttpParams).
createSocket in interface SchemeSocketFactoryparams - Optional parameters. Parameters passed to this method will have no effect.
               This method will create a unconnected instance of Socket class.
IOException - if an I/O error occurs while creating the socket
public Socket createSocket()
                    throws IOException
SocketFactoryconnectSocket.
createSocket in interface SocketFactoryIOException - if an I/O error occurs while creating the socket
public Socket connectSocket(Socket socket,
                            InetSocketAddress remoteAddress,
                            InetSocketAddress localAddress,
                            org.apache.http.params.HttpParams params)
                     throws IOException,
                            UnknownHostException,
                            ConnectTimeoutException
SchemeSocketFactory
 Please note that HttpInetSocketAddress class should
 be used in order to pass the target remote address along with the original
 HttpHost value used to resolve the address. The use of
 HttpInetSocketAddress can also ensure that no reverse
 DNS lookup will be performed if the target remote address was specified
 as an IP address.
 
connectSocket in interface SchemeSocketFactorysocket - the socket to connect, as obtained from
                  createSocket.
                  null indicates that a new socket
                  should be created and connected.remoteAddress - the remote address to connect to.localAddress - the local address to bind the socket to, or
                  null for anyparams - additional parameters for connecting
sock argument if this factory supports
          a layered protocol.
IOException - if an I/O error occurs
UnknownHostException - if the IP address of the target host
          can not be determined
ConnectTimeoutException - if the socket cannot be connected
          within the time limit defined in the paramsHttpInetSocketAddress
public boolean isSecure(Socket sock)
                 throws IllegalArgumentException
Derived classes may override this method to perform runtime checks, for example based on the cypher suite.
isSecure in interface SchemeSocketFactoryisSecure in interface SocketFactorysock - the connected socket
true
IllegalArgumentException - if the argument is invalid
public Socket createLayeredSocket(Socket socket,
                                  String host,
                                  int port,
                                  org.apache.http.params.HttpParams params)
                           throws IOException,
                                  UnknownHostException
SchemeLayeredSocketFactory
createLayeredSocket in interface SchemeLayeredSocketFactorysocket - the existing sockethost - the name of the target host.port - the port to connect to on the target hostparams - HTTP parameters
IOException - if an I/O error occurs while creating the socket
UnknownHostException - if the IP address of the host cannot be
 determined
public Socket createLayeredSocket(Socket socket,
                                  String host,
                                  int port,
                                  boolean autoClose)
                           throws IOException,
                                  UnknownHostException
LayeredSchemeSocketFactory
createLayeredSocket in interface LayeredSchemeSocketFactorysocket - the existing sockethost - the name of the target host.port - the port to connect to on the target hostautoClose - a flag for closing the underling socket when the created
 socket is closed
IOException - if an I/O error occurs while creating the socket
UnknownHostException - if the IP address of the host cannot be
 determinedpublic void setHostnameVerifier(X509HostnameVerifier hostnameVerifier)
public X509HostnameVerifier getHostnameVerifier()
public Socket connectSocket(Socket socket,
                            String host,
                            int port,
                            InetAddress local,
                            int localPort,
                            org.apache.http.params.HttpParams params)
                     throws IOException,
                            UnknownHostException,
                            ConnectTimeoutException
SocketFactory
connectSocket in interface SocketFactorysocket - the socket to connect, as obtained from
                  createSocket.
                  null indicates that a new socket
                  should be created and connected.host - the host to connect toport - the port to connect to on the hostlocal - the local address to bind the socket to, or
                  null for anylocalPort - the port on the local machine,
                  0 or a negative number for anyparams - additional parameters for connecting
sock argument if this factory supports
          a layered protocol.
IOException - if an I/O error occurs
UnknownHostException - if the IP address of the target host
          can not be determined
ConnectTimeoutException - if the socket cannot be connected
          within the time limit defined in the params
public Socket createSocket(Socket socket,
                           String host,
                           int port,
                           boolean autoClose)
                    throws IOException,
                           UnknownHostException
LayeredSocketFactory
createSocket in interface LayeredSocketFactorysocket - the existing sockethost - the host name/IPport - the port on the hostautoClose - a flag for closing the underling socket when the created
 socket is closed
IOException - if an I/O error occurs while creating the socket
UnknownHostException - if the IP address of the host cannot be
 determined
protected void prepareSocket(SSLSocket socket)
                      throws IOException
SSLSocket.setEnabledCipherSuites(java.lang.String[]).
IOException - (only if overridden)
public Socket createSocket(org.apache.http.protocol.HttpContext context)
                    throws IOException
ConnectionSocketFactoryconnectSocket method.
createSocket in interface ConnectionSocketFactoryIOException - if an I/O error occurs while creating the socket
public Socket connectSocket(int connectTimeout,
                            Socket socket,
                            org.apache.http.HttpHost host,
                            InetSocketAddress remoteAddress,
                            InetSocketAddress localAddress,
                            org.apache.http.protocol.HttpContext context)
                     throws IOException
ConnectionSocketFactory
connectSocket in interface ConnectionSocketFactoryconnectTimeout - connect timeout.socket - the socket to connect, as obtained from ConnectionSocketFactory.createSocket(HttpContext).
 null indicates that a new socket should be created and connected.host - target host as specified by the caller (end user).remoteAddress - the resolved remote address to connect to.localAddress - the local address to bind the socket to, or null for any.context - the actual HTTP context.
sock argument if this factory supports
          a layered protocol.
IOException - if an I/O error occurs
public Socket createLayeredSocket(Socket socket,
                                  String target,
                                  int port,
                                  org.apache.http.protocol.HttpContext context)
                           throws IOException
LayeredConnectionSocketFactory
createLayeredSocket in interface LayeredConnectionSocketFactorysocket - the existing sockettarget - the name of the target host.port - the port to connect to on the target host.context - the actual HTTP context.
IOException - if an I/O error occurs while creating the socket| 
 | ||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||