Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.http.conn.ssl
Class SSLSocketFactory

java.lang.Object
  extended by org.apache.http.conn.ssl.SSLSocketFactory
All Implemented Interfaces:
LayeredSchemeSocketFactory, LayeredSocketFactory, SchemeSocketFactory, SocketFactory
@ThreadSafe
public class SSLSocketFactory
extends java.lang.Object
implements LayeredSchemeSocketFactory, LayeredSocketFactory

Layered socket factory for TLS/SSL connections.

SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.

SSLSocketFactory will enable server authentication when supplied with a trust-store file containing one or several trusted certificates. The client secure socket will reject the connection during the SSL session handshake if the target HTTPS server attempts to authenticate itself with a non-trusted certificate.

Use JDK keytool utility to import a trusted certificate and generate a trust-store file: 

     keytool -import -alias "my server cert" -file server.crt -keystore my.truststore

In special cases the standard trust verification process can be bypassed by using a custom TrustStrategy. This interface is primarily intended for allowing self-signed certificates to be accepted as trusted without having to add them to the trust-store file.

The following parameters can be used to customize the behavior of this class:

SSLSocketFactory will enable client authentication when supplied with a key-store file containing a private key/public certificate pair. The client secure socket will use the private key to authenticate itself to the target HTTPS server during the SSL session handshake if requested to do so by the server. The target HTTPS server will in its turn verify the certificate presented by the client in order to establish client's authenticity

Use the following sequence of actions to generate a key-store file

Since:
4.0

Field Summary
static X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER
           
static X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
           
static java.lang.String SSL
           
static java.lang.String SSLV2
           
static X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
           
static java.lang.String TLS
           
 
Constructor Summary
SSLSocketFactory(java.security.KeyStore truststore)
           
SSLSocketFactory(java.security.KeyStore keystore, java.lang.String keystorePassword)
           
SSLSocketFactory(java.security.KeyStore keystore, java.lang.String keystorePassword, java.security.KeyStore truststore)
           
SSLSocketFactory(javax.net.ssl.SSLContext sslContext)
           
SSLSocketFactory(javax.net.ssl.SSLContext sslContext, HostNameResolver nameResolver)
          Deprecated. Use SSLSocketFactory(SSLContext)
SSLSocketFactory(javax.net.ssl.SSLContext sslContext, X509HostnameVerifier hostnameVerifier)
           
SSLSocketFactory(java.lang.String algorithm, java.security.KeyStore keystore, java.lang.String keystorePassword, java.security.KeyStore truststore, java.security.SecureRandom random, HostNameResolver nameResolver)
          Deprecated. Use SSLSocketFactory(String, KeyStore, String, KeyStore, SecureRandom, X509HostnameVerifier)
SSLSocketFactory(java.lang.String algorithm, java.security.KeyStore keystore, java.lang.String keystorePassword, java.security.KeyStore truststore, java.security.SecureRandom random, TrustStrategy trustStrategy, X509HostnameVerifier hostnameVerifier)
           
SSLSocketFactory(java.lang.String algorithm, java.security.KeyStore keystore, java.lang.String keystorePassword, java.security.KeyStore truststore, java.security.SecureRandom random, X509HostnameVerifier hostnameVerifier)
           
SSLSocketFactory(TrustStrategy trustStrategy)
           
SSLSocketFactory(TrustStrategy trustStrategy, X509HostnameVerifier hostnameVerifier)
           
 
Method Summary
 java.net.Socket connectSocket(java.net.Socket socket, java.net.InetSocketAddress remoteAddress, java.net.InetSocketAddress localAddress, org.apache.http.params.HttpParams params)
          Connects a socket to the target host with the given remote address.
 java.net.Socket connectSocket(java.net.Socket socket, java.lang.String host, int port, java.net.InetAddress localAddress, int localPort, org.apache.http.params.HttpParams params)
          Deprecated. Use connectSocket(Socket, InetSocketAddress, InetSocketAddress, HttpParams)
 java.net.Socket createLayeredSocket(java.net.Socket socket, java.lang.String host, int port, boolean autoClose)
          Returns a socket connected to the given host that is layered over an existing socket.
 java.net.Socket createSocket()
          Deprecated. 
 java.net.Socket createSocket(org.apache.http.params.HttpParams params)
          Creates a new, unconnected socket.
 java.net.Socket createSocket(java.net.Socket socket, java.lang.String host, int port, boolean autoClose)
          Deprecated. Use createLayeredSocket(Socket, String, int, boolean)
 X509HostnameVerifier getHostnameVerifier()
           
static SSLSocketFactory getSocketFactory()
          Gets the default factory, which uses the default JVM settings for secure connections.
 boolean isSecure(java.net.Socket sock)
          Checks whether a socket connection is secure.
 void setHostnameVerifier(X509HostnameVerifier hostnameVerifier)
          Deprecated. 
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

TLS

public static final java.lang.String TLS
See Also:
Constant Field Values

SSL

public static final java.lang.String SSL
See Also:
Constant Field Values

SSLV2

public static final java.lang.String SSLV2
See Also:
Constant Field Values

ALLOW_ALL_HOSTNAME_VERIFIER

public static final X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER

BROWSER_COMPATIBLE_HOSTNAME_VERIFIER

public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER

STRICT_HOSTNAME_VERIFIER

public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
Constructor Detail

SSLSocketFactory

@Deprecated
public SSLSocketFactory(java.lang.String algorithm,
                                   java.security.KeyStore keystore,
                                   java.lang.String keystorePassword,
                                   java.security.KeyStore truststore,
                                   java.security.SecureRandom random,
                                   HostNameResolver nameResolver)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException
Deprecated. Use SSLSocketFactory(String, KeyStore, String, KeyStore, SecureRandom, X509HostnameVerifier)

Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.KeyStoreException
java.security.UnrecoverableKeyException

SSLSocketFactory

public SSLSocketFactory(java.lang.String algorithm,
                        java.security.KeyStore keystore,
                        java.lang.String keystorePassword,
                        java.security.KeyStore truststore,
                        java.security.SecureRandom random,
                        X509HostnameVerifier hostnameVerifier)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException
Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
Since:
4.1

SSLSocketFactory

public SSLSocketFactory(java.lang.String algorithm,
                        java.security.KeyStore keystore,
                        java.lang.String keystorePassword,
                        java.security.KeyStore truststore,
                        java.security.SecureRandom random,
                        TrustStrategy trustStrategy,
                        X509HostnameVerifier hostnameVerifier)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException
Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
Since:
4.1

SSLSocketFactory

public SSLSocketFactory(java.security.KeyStore keystore,
                        java.lang.String keystorePassword,
                        java.security.KeyStore truststore)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException
Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.KeyStoreException
java.security.UnrecoverableKeyException

SSLSocketFactory

public SSLSocketFactory(java.security.KeyStore keystore,
                        java.lang.String keystorePassword)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException
Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.KeyStoreException
java.security.UnrecoverableKeyException

SSLSocketFactory

public SSLSocketFactory(java.security.KeyStore truststore)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException
Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.KeyStoreException
java.security.UnrecoverableKeyException

SSLSocketFactory

public SSLSocketFactory(TrustStrategy trustStrategy,
                        X509HostnameVerifier hostnameVerifier)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException
Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
Since:
4.1

SSLSocketFactory

public SSLSocketFactory(TrustStrategy trustStrategy)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException
Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
Since:
4.1

SSLSocketFactory

public SSLSocketFactory(javax.net.ssl.SSLContext sslContext)

SSLSocketFactory

@Deprecated
public SSLSocketFactory(javax.net.ssl.SSLContext sslContext,
                                   HostNameResolver nameResolver)
Deprecated. Use SSLSocketFactory(SSLContext)

SSLSocketFactory

public SSLSocketFactory(javax.net.ssl.SSLContext sslContext,
                        X509HostnameVerifier hostnameVerifier)
Since:
4.1
Method Detail

getSocketFactory

public static SSLSocketFactory getSocketFactory()
Gets the default factory, which uses the default JVM settings for secure connections.

Returns:
the default factory

createSocket

public java.net.Socket createSocket(org.apache.http.params.HttpParams params)
                             throws java.io.IOException
Description copied from interface: SchemeSocketFactory
Creates a new, unconnected socket. The socket should subsequently be passed to SchemeSocketFactory.connectSocket(Socket, InetSocketAddress, InetSocketAddress, HttpParams).

Specified by:
createSocket in interface SchemeSocketFactory
Parameters:
params - Optional parameters. Parameters passed to this method will have no effect. This method will create a unconnected instance of Socket class.
Returns:
a new socket
Throws:
java.io.IOException - if an I/O error occurs while creating the socket
Since:
4.1

createSocket

@Deprecated
public java.net.Socket createSocket()
                             throws java.io.IOException
Deprecated. 

Description copied from interface: SocketFactory
Creates a new, unconnected socket. The socket should subsequently be passed to connectSocket.

Specified by:
createSocket in interface SocketFactory
Returns:
a new socket
Throws:
java.io.IOException - if an I/O error occurs while creating the socket

connectSocket

public java.net.Socket connectSocket(java.net.Socket socket,
                                     java.net.InetSocketAddress remoteAddress,
                                     java.net.InetSocketAddress localAddress,
                                     org.apache.http.params.HttpParams params)
                              throws java.io.IOException,
                                     java.net.UnknownHostException,
                                     ConnectTimeoutException
Description copied from interface: SchemeSocketFactory
Connects a socket to the target host with the given remote address.

Specified by:
connectSocket in interface SchemeSocketFactory
Parameters:
socket - the socket to connect, as obtained from createSocket. null indicates that a new socket should be created and connected.
remoteAddress - the remote address to connect to
localAddress - the local address to bind the socket to, or null for any
params - additional parameters for connecting
Returns:
the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.
Throws:
java.io.IOException - if an I/O error occurs
java.net.UnknownHostException - if the IP address of the target host can not be determined
ConnectTimeoutException - if the socket cannot be connected within the time limit defined in the params
Since:
4.1

isSecure

public boolean isSecure(java.net.Socket sock)
                 throws java.lang.IllegalArgumentException
Checks whether a socket connection is secure. This factory creates TLS/SSL socket connections which, by default, are considered secure.
Derived classes may override this method to perform runtime checks, for example based on the cypher suite.

Specified by:
isSecure in interface SchemeSocketFactory
Specified by:
isSecure in interface SocketFactory
Parameters:
sock - the connected socket
Returns:
true
Throws:
java.lang.IllegalArgumentException - if the argument is invalid

createLayeredSocket

public java.net.Socket createLayeredSocket(java.net.Socket socket,
                                           java.lang.String host,
                                           int port,
                                           boolean autoClose)
                                    throws java.io.IOException,
                                           java.net.UnknownHostException
Description copied from interface: LayeredSchemeSocketFactory
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.

Specified by:
createLayeredSocket in interface LayeredSchemeSocketFactory
Parameters:
socket - the existing socket
host - the name of the target host.
port - the port to connect to on the target host
autoClose - a flag for closing the underling socket when the created socket is closed
Returns:
Socket a new socket
Throws:
java.io.IOException - if an I/O error occurs while creating the socket
java.net.UnknownHostException - if the IP address of the host cannot be determined
Since:
4.1

setHostnameVerifier

@Deprecated
public void setHostnameVerifier(X509HostnameVerifier hostnameVerifier)
Deprecated. 

getHostnameVerifier

public X509HostnameVerifier getHostnameVerifier()

connectSocket

@Deprecated
public java.net.Socket connectSocket(java.net.Socket socket,
                                                java.lang.String host,
                                                int port,
                                                java.net.InetAddress localAddress,
                                                int localPort,
                                                org.apache.http.params.HttpParams params)
                              throws java.io.IOException,
                                     java.net.UnknownHostException,
                                     ConnectTimeoutException
Deprecated. Use connectSocket(Socket, InetSocketAddress, InetSocketAddress, HttpParams)

Description copied from interface: SocketFactory
Connects a socket to the given host.

Specified by:
connectSocket in interface SocketFactory
Parameters:
socket - the socket to connect, as obtained from createSocket. null indicates that a new socket should be created and connected.
host - the host to connect to
port - the port to connect to on the host
localAddress - the local address to bind the socket to, or null for any
localPort - the port on the local machine, 0 or a negative number for any
params - additional parameters for connecting
Returns:
the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.
Throws:
java.io.IOException - if an I/O error occurs
java.net.UnknownHostException - if the IP address of the target host can not be determined
ConnectTimeoutException - if the socket cannot be connected within the time limit defined in the params

createSocket

@Deprecated
public java.net.Socket createSocket(java.net.Socket socket,
                                               java.lang.String host,
                                               int port,
                                               boolean autoClose)
                             throws java.io.IOException,
                                    java.net.UnknownHostException
Deprecated. Use createLayeredSocket(Socket, String, int, boolean)

Description copied from interface: LayeredSocketFactory
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.

Specified by:
createSocket in interface LayeredSocketFactory
Parameters:
socket - the existing socket
host - the host name/IP
port - the port on the host
autoClose - a flag for closing the underling socket when the created socket is closed
Returns:
Socket a new socket
Throws:
java.io.IOException - if an I/O error occurs while creating the socket
java.net.UnknownHostException - if the IP address of the host cannot be determined
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 1999-2011 The Apache Software Foundation. All Rights Reserved.