SSLSocketFactory
public
class
SSLSocketFactory
extends Object
implements
LayeredSocketFactory
java.lang.Object | |
↳ | org.apache.http.conn.ssl.SSLSocketFactory |
This class was deprecated
in API level 22.
Please use URL.openConnection()
instead.
Please visit this webpage
for further details.
Layered socket factory for TLS/SSL connections, based on JSSE. .
SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.
SSLSocketFactory will enable server authentication when supplied with
a truststore
file containg one or several trusted
certificates. The client secure socket will reject the connection during
the SSL session handshake if the target HTTPS server attempts to
authenticate itself with a non-trusted certificate.
Use JDK keytool utility to import a trusted certificate and generate a truststore file:
keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
SSLSocketFactory will enable client authentication when supplied with
a keystore
file containg a private key/public certificate
pair. The client secure socket will use the private key to authenticate
itself to the target HTTPS server during the SSL session handshake if
requested to do so by the server.
The target HTTPS server will in its turn verify the certificate presented
by the client in order to establish client's authenticity
Use the following sequence of actions to generate a keystore file
-
Use JDK keytool utility to generate a new key
For simplicity use the same password for the key as that of the keystorekeytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore
-
Issue a certificate signing request (CSR)
keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore
-
Send the certificate request to the trusted Certificate Authority for signature. One may choose to act as their own CA and sign the certificate request using a PKI tool, such as OpenSSL.
-
Import the trusted CA root certificate
keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore
-
Import the PKCS#7 file containg the complete certificate chain
keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore
-
Verify the content the resultant keystore file
keytool -list -v -keystore my.keystore
Summary
Constants | |
---|---|
String |
SSL
|
String |
SSLV2
|
String |
TLS
|
Fields | |
---|---|
public
static
final
X509HostnameVerifier |
ALLOW_ALL_HOSTNAME_VERIFIER
|
public
static
final
X509HostnameVerifier |
BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
|
public
static
final
X509HostnameVerifier |
STRICT_HOSTNAME_VERIFIER
|
Public constructors | |
---|---|
SSLSocketFactory(String algorithm, KeyStore keystore, String keystorePassword, KeyStore truststore, SecureRandom random, HostNameResolver nameResolver)
|
|
SSLSocketFactory(KeyStore truststore)
|
|
SSLSocketFactory(KeyStore keystore, String keystorePassword)
|
|
SSLSocketFactory(KeyStore keystore, String keystorePassword, KeyStore truststore)
|
Public methods | |
---|---|
Socket
|
connectSocket(Socket sock, String host, int port, InetAddress localAddress, int localPort, HttpParams params)
Connects a socket to the given host. |
Socket
|
createSocket(Socket socket, String host, int port, boolean autoClose)
Returns a socket connected to the given host that is layered over an existing socket. |
Socket
|
createSocket()
Creates a new, unconnected socket. |
X509HostnameVerifier
|
getHostnameVerifier()
|
static
SSLSocketFactory
|
getSocketFactory()
Gets an singleton instance of the SSLProtocolSocketFactory. |
boolean
|
isSecure(Socket sock)
Checks whether a socket connection is secure. |
void
|
setHostnameVerifier(X509HostnameVerifier hostnameVerifier)
|
Inherited methods | |
---|---|
Constants
Fields
ALLOW_ALL_HOSTNAME_VERIFIER
public static final X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER
BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
STRICT_HOSTNAME_VERIFIER
public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
Public constructors
SSLSocketFactory
public SSLSocketFactory (String algorithm, KeyStore keystore, String keystorePassword, KeyStore truststore, SecureRandom random, HostNameResolver nameResolver)
Parameters | |
---|---|
algorithm |
String |
keystore |
KeyStore |
keystorePassword |
String |
truststore |
KeyStore |
random |
SecureRandom |
nameResolver |
HostNameResolver |
Throws | |
---|---|
KeyManagementException |
|
KeyStoreException |
|
NoSuchAlgorithmException |
|
UnrecoverableKeyException |
SSLSocketFactory
public SSLSocketFactory (KeyStore truststore)
Parameters | |
---|---|
truststore |
KeyStore |
Throws | |
---|---|
KeyManagementException |
|
KeyStoreException |
|
NoSuchAlgorithmException |
|
UnrecoverableKeyException |
SSLSocketFactory
public SSLSocketFactory (KeyStore keystore, String keystorePassword)
Parameters | |
---|---|
keystore |
KeyStore |
keystorePassword |
String |
Throws | |
---|---|
KeyManagementException |
|
KeyStoreException |
|
NoSuchAlgorithmException |
|
UnrecoverableKeyException |
SSLSocketFactory
public SSLSocketFactory (KeyStore keystore, String keystorePassword, KeyStore truststore)
Parameters | |
---|---|
keystore |
KeyStore |
keystorePassword |
String |
truststore |
KeyStore |
Throws | |
---|---|
KeyManagementException |
|
KeyStoreException |
|
NoSuchAlgorithmException |
|
UnrecoverableKeyException |
Public methods
connectSocket
public Socket connectSocket (Socket sock, String host, int port, InetAddress localAddress, int localPort, HttpParams params)
Connects a socket to the given host.
Parameters | |
---|---|
sock |
Socket : the socket to connect, as obtained from
createSocket .
null indicates that a new socket
should be created and connected. |
host |
String : the host to connect to |
port |
int : the port to connect to on the host |
localAddress |
InetAddress : the local address to bind the socket to, or
null for any |
localPort |
int : the port on the local machine,
0 or a negative number for any |
params |
HttpParams : additional parameters for connecting |
Returns | |
---|---|
Socket |
the connected socket. The returned object may be different
from the sock argument if this factory supports
a layered protocol. |
Throws | |
---|---|
IOException |
createSocket
public Socket createSocket (Socket socket, String host, int port, boolean autoClose)
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.
Parameters | |
---|---|
socket |
Socket : the existing socket |
host |
String : the host name/IP |
port |
int : the port on the host |
autoClose |
boolean : a flag for closing the underling socket when the created
socket is closed |
Returns | |
---|---|
Socket |
Socket a new socket |
Throws | |
---|---|
IOException |
|
UnknownHostException |
createSocket
public Socket createSocket ()
Creates a new, unconnected socket.
The socket should subsequently be passed to
connectSocket
.
Returns | |
---|---|
Socket |
a new socket |
Throws | |
---|---|
IOException |
getHostnameVerifier
public X509HostnameVerifier getHostnameVerifier ()
Returns | |
---|---|
X509HostnameVerifier |
getSocketFactory
public static SSLSocketFactory getSocketFactory ()
Gets an singleton instance of the SSLProtocolSocketFactory.
Returns | |
---|---|
SSLSocketFactory |
a SSLProtocolSocketFactory |
isSecure
public boolean isSecure (Socket sock)
Checks whether a socket connection is secure.
This factory creates TLS/SSL socket connections
which, by default, are considered secure.
Derived classes may override this method to perform
runtime checks, for example based on the cypher suite.
Parameters | |
---|---|
sock |
Socket : the connected socket |
Returns | |
---|---|
boolean |
true |
Throws | |
---|---|
IllegalArgumentException |
if the argument is invalid |
setHostnameVerifier
public void setHostnameVerifier (X509HostnameVerifier hostnameVerifier)
Parameters | |
---|---|
hostnameVerifier |
X509HostnameVerifier |