SSLSocketFactory (HttpComponents Client 4.2.1 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.http.conn.ssl
Class SSLSocketFactory

java.lang.Object
  org.apache.http.conn.ssl.SSLSocketFactory

All Implemented Interfaces:: LayeredSchemeSocketFactory, LayeredSocketFactory, SchemeLayeredSocketFactory, SchemeSocketFactory, SocketFactory

@ThreadSafe public class SSLSocketFactory
extends Object
implements SchemeLayeredSocketFactory, LayeredSchemeSocketFactory, LayeredSocketFactory
extends Object
implements SchemeLayeredSocketFactory, LayeredSchemeSocketFactory, LayeredSocketFactory

Layered socket factory for TLS/SSL connections.

SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.

SSLSocketFactory will enable server authentication when supplied with a trust-store file containing one or several trusted certificates. The client secure socket will reject the connection during the SSL session handshake if the target HTTPS server attempts to authenticate itself with a non-trusted certificate.

Use JDK keytool utility to import a trusted certificate and generate a trust-store file:

     keytool -import -alias "my server cert" -file server.crt -keystore my.truststore

In special cases the standard trust verification process can be bypassed by using a custom TrustStrategy. This interface is primarily intended for allowing self-signed certificates to be accepted as trusted without having to add them to the trust-store file.

The following parameters can be used to customize the behavior of this class:

SSLSocketFactory will enable client authentication when supplied with a key-store file containing a private key/public certificate pair. The client secure socket will use the private key to authenticate itself to the target HTTPS server during the SSL session handshake if requested to do so by the server. The target HTTPS server will in its turn verify the certificate presented by the client in order to establish client's authenticity

Use the following sequence of actions to generate a key-store file

Use JDK keytool utility to generate a new key
```
keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore
```
For simplicity use the same password for the key as that of the key-store

Issue a certificate signing request (CSR)

keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore

Send the certificate request to the trusted Certificate Authority for signature. One may choose to act as her own CA and sign the certificate request using a PKI tool, such as OpenSSL.

Import the trusted CA root certificate

keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore

Import the PKCS#7 file containg the complete certificate chain

keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore

Verify the content the resultant keystore file
```
keytool -list -v -keystore my.keystore
```

Since:: 4.0

Field Summary
`static X509HostnameVerifier`	`ALLOW_ALL_HOSTNAME_VERIFIER`
`static X509HostnameVerifier`	`BROWSER_COMPATIBLE_HOSTNAME_VERIFIER`
`static String`	`SSL`
`static String`	`SSLV2`
`static X509HostnameVerifier`	`STRICT_HOSTNAME_VERIFIER`
`static String`	`TLS`

Constructor Summary
`SSLSocketFactory(KeyStore truststore)`
`SSLSocketFactory(KeyStore keystore, String keystorePassword)`
`SSLSocketFactory(KeyStore keystore, String keystorePassword, KeyStore truststore)`
`SSLSocketFactory(SSLContext sslContext)`
`SSLSocketFactory(SSLContext sslContext, HostNameResolver nameResolver)` Deprecated. Use `SSLSocketFactory(SSLContext)`
`SSLSocketFactory(SSLContext sslContext, X509HostnameVerifier hostnameVerifier)`
`SSLSocketFactory(SSLSocketFactory socketfactory, X509HostnameVerifier hostnameVerifier)`
`SSLSocketFactory(String algorithm, KeyStore keystore, String keystorePassword, KeyStore truststore, SecureRandom random, HostNameResolver nameResolver)` Deprecated. Use `SSLSocketFactory(String, KeyStore, String, KeyStore, SecureRandom, X509HostnameVerifier)`
`SSLSocketFactory(String algorithm, KeyStore keystore, String keystorePassword, KeyStore truststore, SecureRandom random, TrustStrategy trustStrategy, X509HostnameVerifier hostnameVerifier)`
`SSLSocketFactory(String algorithm, KeyStore keystore, String keystorePassword, KeyStore truststore, SecureRandom random, X509HostnameVerifier hostnameVerifier)`
`SSLSocketFactory(TrustStrategy trustStrategy)`
`SSLSocketFactory(TrustStrategy trustStrategy, X509HostnameVerifier hostnameVerifier)`

Method Summary
`Socket`	`connectSocket(Socket socket, InetSocketAddress remoteAddress, InetSocketAddress localAddress, HttpParams params)` Connects a socket to the target host with the given remote address.
`Socket`	`connectSocket(Socket socket, String host, int port, InetAddress localAddress, int localPort, HttpParams params)` Deprecated. Use `connectSocket(Socket, InetSocketAddress, InetSocketAddress, HttpParams)`
`Socket`	`createLayeredSocket(Socket socket, String host, int port, boolean autoClose)` Deprecated. use `createLayeredSocket(Socket, String, int, HttpParams)`
`Socket`	`createLayeredSocket(Socket socket, String host, int port, HttpParams params)` Returns a socket connected to the given host that is layered over an existing socket.
`Socket`	`createSocket()` Deprecated.
`Socket`	`createSocket(HttpParams params)` Creates a new, unconnected socket.
`Socket`	`createSocket(Socket socket, String host, int port, boolean autoClose)` Deprecated. Use `createLayeredSocket(Socket, String, int, boolean)`
`X509HostnameVerifier`	`getHostnameVerifier()`
`static SSLSocketFactory`	`getSocketFactory()` Gets the default factory, which uses the default JSSE settings for initializing the SSL context.
`static SSLSocketFactory`	`getSystemSocketFactory()` Gets the default factory, which uses system properties for initializing the SSL context as described in "JavaTM Secure Socket Extension (JSSE) Reference Guide for the JavaTM 2 Platform Standard Edition 5
`boolean`	`isSecure(Socket sock)` Checks whether a socket connection is secure.
`protected void`	`prepareSocket(SSLSocket socket)` Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens).
`void`	`setHostnameVerifier(X509HostnameVerifier hostnameVerifier)` Deprecated.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

TLS

public static final String TLS

See Also:: Constant Field Values

SSL

public static final String SSL

See Also:: Constant Field Values

SSLV2

public static final String SSLV2

See Also:: Constant Field Values

ALLOW_ALL_HOSTNAME_VERIFIER

public static final X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER

BROWSER_COMPATIBLE_HOSTNAME_VERIFIER

public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER

STRICT_HOSTNAME_VERIFIER

public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER

Constructor Detail

SSLSocketFactory

@Deprecated
public SSLSocketFactory(String algorithm,
                                   KeyStore keystore,
                                   String keystorePassword,
                                   KeyStore truststore,
                                   SecureRandom random,
                                   HostNameResolver nameResolver)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException

Deprecated. Use SSLSocketFactory(String, KeyStore, String, KeyStore, SecureRandom, X509HostnameVerifier)

Throws:: NoSuchAlgorithmException; KeyManagementException; KeyStoreException; UnrecoverableKeyException

SSLSocketFactory

public SSLSocketFactory(String algorithm,
                        KeyStore keystore,
                        String keystorePassword,
                        KeyStore truststore,
                        SecureRandom random,
                        X509HostnameVerifier hostnameVerifier)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException

Throws:: NoSuchAlgorithmException; KeyManagementException; KeyStoreException; UnrecoverableKeyException
Since:: 4.1

SSLSocketFactory

public SSLSocketFactory(String algorithm,
                        KeyStore keystore,
                        String keystorePassword,
                        KeyStore truststore,
                        SecureRandom random,
                        TrustStrategy trustStrategy,
                        X509HostnameVerifier hostnameVerifier)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException

Throws:: NoSuchAlgorithmException; KeyManagementException; KeyStoreException; UnrecoverableKeyException
Since:: 4.1

SSLSocketFactory

public SSLSocketFactory(KeyStore keystore,
                        String keystorePassword,
                        KeyStore truststore)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException

Throws:: NoSuchAlgorithmException; KeyManagementException; KeyStoreException; UnrecoverableKeyException

SSLSocketFactory

public SSLSocketFactory(KeyStore keystore,
                        String keystorePassword)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException

Throws:: NoSuchAlgorithmException; KeyManagementException; KeyStoreException; UnrecoverableKeyException

SSLSocketFactory

public SSLSocketFactory(KeyStore truststore)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException

Throws:: NoSuchAlgorithmException; KeyManagementException; KeyStoreException; UnrecoverableKeyException

SSLSocketFactory

public SSLSocketFactory(TrustStrategy trustStrategy,
                        X509HostnameVerifier hostnameVerifier)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException

Throws:: NoSuchAlgorithmException; KeyManagementException; KeyStoreException; UnrecoverableKeyException
Since:: 4.1

SSLSocketFactory

public SSLSocketFactory(TrustStrategy trustStrategy)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException

Throws:: NoSuchAlgorithmException; KeyManagementException; KeyStoreException; UnrecoverableKeyException
Since:: 4.1

SSLSocketFactory

public SSLSocketFactory(SSLContext sslContext)

SSLSocketFactory

@Deprecated
public SSLSocketFactory(SSLContext sslContext,
                                   HostNameResolver nameResolver)

Deprecated. Use SSLSocketFactory(SSLContext)

SSLSocketFactory

public SSLSocketFactory(SSLContext sslContext,
                        X509HostnameVerifier hostnameVerifier)

Since:: 4.1

SSLSocketFactory

public SSLSocketFactory(SSLSocketFactory socketfactory,
                        X509HostnameVerifier hostnameVerifier)

Since:: 4.2

Method Detail

getSocketFactory

public static SSLSocketFactory getSocketFactory()
                                         throws SSLInitializationException

Gets the default factory, which uses the default JSSE settings for initializing the SSL context.

Returns:: the default SSL socket factory
Throws:: SSLInitializationException

getSystemSocketFactory

public static SSLSocketFactory getSystemSocketFactory()
                                               throws SSLInitializationException

Gets the default factory, which uses system properties for initializing the SSL context as described in "JavaTM Secure Socket Extension (JSSE) Reference Guide for the JavaTM 2 Platform Standard Edition 5

The following system properties are taken into account by this method:

ssl.TrustManagerFactory.algorithm
javax.net.ssl.trustStoreType
javax.net.ssl.trustStore
javax.net.ssl.trustStoreProvider
javax.net.ssl.trustStorePassword
java.home
ssl.KeyManagerFactory.algorithm
javax.net.ssl.keyStoreType
javax.net.ssl.keyStore
javax.net.ssl.keyStoreProvider
javax.net.ssl.keyStorePassword

Returns:: the system SSL socket factory
Throws:: SSLInitializationException

createSocket

public Socket createSocket(HttpParams params)
                    throws IOException

Description copied from interface: SchemeSocketFactory

Creates a new, unconnected socket. The socket should subsequently be passed to SchemeSocketFactory.connectSocket(Socket, InetSocketAddress, InetSocketAddress, HttpParams).

Specified by:: createSocket in interface SchemeSocketFactory

Parameters:: params - Optional parameters. Parameters passed to this method will have no effect. This method will create a unconnected instance of Socket class.
Returns:: a new socket
Throws:: IOException - if an I/O error occurs while creating the socket
Since:: 4.1

createSocket

@Deprecated
public Socket createSocket()
                    throws IOException

Deprecated.

Description copied from interface: SocketFactory

Creates a new, unconnected socket. The socket should subsequently be passed to connectSocket.

Specified by:: createSocket in interface SocketFactory

Returns:: a new socket
Throws:: IOException - if an I/O error occurs while creating the socket

connectSocket

public Socket connectSocket(Socket socket,
                            InetSocketAddress remoteAddress,
                            InetSocketAddress localAddress,
                            HttpParams params)
                     throws IOException,
                            UnknownHostException,
                            ConnectTimeoutException

Description copied from interface: SchemeSocketFactory

Connects a socket to the target host with the given remote address.

Please note that HttpInetSocketAddress class should be used in order to pass the target remote address along with the original HttpHost value used to resolve the address. The use of HttpInetSocketAddress can also ensure that no reverse DNS lookup will be performed if the target remote address was specified as an IP address.

Specified by:: connectSocket in interface SchemeSocketFactory

Parameters:: socket - the socket to connect, as obtained from createSocket. null indicates that a new socket should be created and connected.; remoteAddress - the remote address to connect to.; localAddress - the local address to bind the socket to, or null for any; params - additional parameters for connecting
Returns:: the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.
Throws:: IOException - if an I/O error occurs; UnknownHostException - if the IP address of the target host can not be determined; ConnectTimeoutException - if the socket cannot be connected within the time limit defined in the params
Since:: 4.1
See Also:: HttpInetSocketAddress

isSecure

public boolean isSecure(Socket sock)
                 throws IllegalArgumentException

Checks whether a socket connection is secure. This factory creates TLS/SSL socket connections which, by default, are considered secure.
Derived classes may override this method to perform runtime checks, for example based on the cypher suite.

Specified by:: isSecure in interface SchemeSocketFactory
Specified by:: isSecure in interface SocketFactory

Parameters:: sock - the connected socket
Returns:: true
Throws:: IllegalArgumentException - if the argument is invalid

createLayeredSocket

public Socket createLayeredSocket(Socket socket,
                                  String host,
                                  int port,
                                  HttpParams params)
                           throws IOException,
                                  UnknownHostException

Description copied from interface: SchemeLayeredSocketFactory

Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.

Specified by:: createLayeredSocket in interface SchemeLayeredSocketFactory

Parameters:: socket - the existing socket; host - the name of the target host.; port - the port to connect to on the target host; params - HTTP parameters
Returns:: Socket a new socket
Throws:: IOException - if an I/O error occurs while creating the socket; UnknownHostException - if the IP address of the host cannot be determined
Since:: 4.2

createLayeredSocket

public Socket createLayeredSocket(Socket socket,
                                  String host,
                                  int port,
                                  boolean autoClose)
                           throws IOException,
                                  UnknownHostException

Deprecated. use createLayeredSocket(Socket, String, int, HttpParams)

Description copied from interface: LayeredSchemeSocketFactory

Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.

Specified by:: createLayeredSocket in interface LayeredSchemeSocketFactory

Parameters:: socket - the existing socket; host - the name of the target host.; port - the port to connect to on the target host; autoClose - a flag for closing the underling socket when the created socket is closed
Returns:: Socket a new socket
Throws:: IOException - if an I/O error occurs while creating the socket; UnknownHostException - if the IP address of the host cannot be determined

setHostnameVerifier

@Deprecated
public void setHostnameVerifier(X509HostnameVerifier hostnameVerifier)

Deprecated.

getHostnameVerifier

public X509HostnameVerifier getHostnameVerifier()

connectSocket

@Deprecated
public Socket connectSocket(Socket socket,
                                       String host,
                                       int port,
                                       InetAddress localAddress,
                                       int localPort,
                                       HttpParams params)
                     throws IOException,
                            UnknownHostException,
                            ConnectTimeoutException

Deprecated. Use connectSocket(Socket, InetSocketAddress, InetSocketAddress, HttpParams)

Description copied from interface: SocketFactory

Connects a socket to the given host.

Specified by:: connectSocket in interface SocketFactory

Parameters:: socket - the socket to connect, as obtained from createSocket. null indicates that a new socket should be created and connected.; host - the host to connect to; port - the port to connect to on the host; localAddress - the local address to bind the socket to, or null for any; localPort - the port on the local machine, 0 or a negative number for any; params - additional parameters for connecting
Returns:: the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.
Throws:: IOException - if an I/O error occurs; UnknownHostException - if the IP address of the target host can not be determined; ConnectTimeoutException - if the socket cannot be connected within the time limit defined in the params

createSocket

@Deprecated
public Socket createSocket(Socket socket,
                                      String host,
                                      int port,
                                      boolean autoClose)
                    throws IOException,
                           UnknownHostException

Deprecated. Use createLayeredSocket(Socket, String, int, boolean)

Description copied from interface: LayeredSocketFactory

Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.

Specified by:: createSocket in interface LayeredSocketFactory

Parameters:: socket - the existing socket; host - the host name/IP; port - the port on the host; autoClose - a flag for closing the underling socket when the created socket is closed
Returns:: Socket a new socket
Throws:: IOException - if an I/O error occurs while creating the socket; UnknownHostException - if the IP address of the host cannot be determined

prepareSocket

protected void prepareSocket(SSLSocket socket)
                      throws IOException

Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens). The default implementation is a no-op, but could be overriden to, e.g., call SSLSocket.setEnabledCipherSuites(java.lang.String[]).

Throws:: IOException
Since:: 4.2

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.http.conn.ssl Class SSLSocketFactory

TLS

SSL

SSLV2

ALLOW_ALL_HOSTNAME_VERIFIER

BROWSER_COMPATIBLE_HOSTNAME_VERIFIER

STRICT_HOSTNAME_VERIFIER

SSLSocketFactory

SSLSocketFactory

SSLSocketFactory

SSLSocketFactory

SSLSocketFactory

SSLSocketFactory

SSLSocketFactory

SSLSocketFactory

SSLSocketFactory

SSLSocketFactory

SSLSocketFactory

SSLSocketFactory

getSocketFactory

getSystemSocketFactory

createSocket

createSocket

connectSocket

isSecure

createLayeredSocket

createLayeredSocket

setHostnameVerifier

getHostnameVerifier

connectSocket

createSocket

prepareSocket

org.apache.http.conn.ssl
Class SSLSocketFactory