org.apache.http.conn.ssl
Class SSLConnectionSocketFactory

java.lang.Object
  extended by org.apache.http.conn.ssl.SSLConnectionSocketFactory
All Implemented Interfaces:
ConnectionSocketFactory, LayeredConnectionSocketFactory

@Contract(threading=SAFE)
public class SSLConnectionSocketFactory
extends Object
implements LayeredConnectionSocketFactory

Layered socket factory for TLS/SSL connections.

SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.

SSLSocketFactory will enable server authentication when supplied with a trust-store file containing one or several trusted certificates. The client secure socket will reject the connection during the SSL session handshake if the target HTTPS server attempts to authenticate itself with a non-trusted certificate.

Use JDK keytool utility to import a trusted certificate and generate a trust-store file:

     keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
    

In special cases the standard trust verification process can be bypassed by using a custom TrustStrategy. This interface is primarily intended for allowing self-signed certificates to be accepted as trusted without having to add them to the trust-store file.

SSLSocketFactory will enable client authentication when supplied with a key-store file containing a private key/public certificate pair. The client secure socket will use the private key to authenticate itself to the target HTTPS server during the SSL session handshake if requested to do so by the server. The target HTTPS server will in its turn verify the certificate presented by the client in order to establish client's authenticity.

Use the following sequence of actions to generate a key-store file

Since:
4.3

Field Summary
static X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER
          Deprecated. Use AllowAllHostnameVerifier.INSTANCE.
static X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
          Deprecated. Use BrowserCompatHostnameVerifier.INSTANCE.
static String SSL
           
static String SSLV2
           
static X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
          Deprecated. Use StrictHostnameVerifier.INSTANCE.
static String TLS
           
 
Constructor Summary
SSLConnectionSocketFactory(SSLContext sslContext)
           
SSLConnectionSocketFactory(SSLContext sslContext, HostnameVerifier hostnameVerifier)
           
SSLConnectionSocketFactory(SSLContext sslContext, String[] supportedProtocols, String[] supportedCipherSuites, HostnameVerifier hostnameVerifier)
           
SSLConnectionSocketFactory(SSLContext sslContext, String[] supportedProtocols, String[] supportedCipherSuites, X509HostnameVerifier hostnameVerifier)
          Deprecated. (4.4) Use SSLConnectionSocketFactory(javax.net.ssl.SSLContext, String[], String[], javax.net.ssl.HostnameVerifier)
SSLConnectionSocketFactory(SSLContext sslContext, X509HostnameVerifier hostnameVerifier)
          Deprecated. (4.4) Use SSLConnectionSocketFactory(javax.net.ssl.SSLContext, javax.net.ssl.HostnameVerifier)
SSLConnectionSocketFactory(SSLSocketFactory socketfactory, HostnameVerifier hostnameVerifier)
           
SSLConnectionSocketFactory(SSLSocketFactory socketfactory, String[] supportedProtocols, String[] supportedCipherSuites, HostnameVerifier hostnameVerifier)
           
SSLConnectionSocketFactory(SSLSocketFactory socketfactory, String[] supportedProtocols, String[] supportedCipherSuites, X509HostnameVerifier hostnameVerifier)
          Deprecated. (4.4) Use SSLConnectionSocketFactory(javax.net.ssl.SSLSocketFactory, String[], String[], javax.net.ssl.HostnameVerifier)
SSLConnectionSocketFactory(SSLSocketFactory socketfactory, X509HostnameVerifier hostnameVerifier)
          Deprecated. (4.4) Use SSLConnectionSocketFactory(javax.net.ssl.SSLSocketFactory, javax.net.ssl.HostnameVerifier)
 
Method Summary
 Socket connectSocket(int connectTimeout, Socket socket, org.apache.http.HttpHost host, InetSocketAddress remoteAddress, InetSocketAddress localAddress, org.apache.http.protocol.HttpContext context)
          Connects the socket to the target host with the given resolved remote address.
 Socket createLayeredSocket(Socket socket, String target, int port, org.apache.http.protocol.HttpContext context)
          Returns a socket connected to the given host that is layered over an existing socket.
 Socket createSocket(org.apache.http.protocol.HttpContext context)
          Creates new, unconnected socket.
static HostnameVerifier getDefaultHostnameVerifier()
           
static SSLConnectionSocketFactory getSocketFactory()
          Obtains default SSL socket factory with an SSL context based on the standard JSSE trust material (cacerts file in the security properties directory).
static SSLConnectionSocketFactory getSystemSocketFactory()
          Obtains default SSL socket factory with an SSL context based on system properties as described in Java™ Secure Socket Extension (JSSE) Reference Guide.
protected  void prepareSocket(SSLSocket socket)
          Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens).
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

TLS

public static final String TLS
See Also:
Constant Field Values

SSL

public static final String SSL
See Also:
Constant Field Values

SSLV2

public static final String SSLV2
See Also:
Constant Field Values

ALLOW_ALL_HOSTNAME_VERIFIER

@Deprecated
public static final X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER
Deprecated. Use AllowAllHostnameVerifier.INSTANCE.

BROWSER_COMPATIBLE_HOSTNAME_VERIFIER

@Deprecated
public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
Deprecated. Use BrowserCompatHostnameVerifier.INSTANCE.

STRICT_HOSTNAME_VERIFIER

@Deprecated
public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
Deprecated. Use StrictHostnameVerifier.INSTANCE.
Constructor Detail

SSLConnectionSocketFactory

public SSLConnectionSocketFactory(SSLContext sslContext)

SSLConnectionSocketFactory

@Deprecated
public SSLConnectionSocketFactory(SSLContext sslContext,
                                             X509HostnameVerifier hostnameVerifier)
Deprecated. (4.4) Use SSLConnectionSocketFactory(javax.net.ssl.SSLContext, javax.net.ssl.HostnameVerifier)


SSLConnectionSocketFactory

@Deprecated
public SSLConnectionSocketFactory(SSLContext sslContext,
                                             String[] supportedProtocols,
                                             String[] supportedCipherSuites,
                                             X509HostnameVerifier hostnameVerifier)
Deprecated. (4.4) Use SSLConnectionSocketFactory(javax.net.ssl.SSLContext, String[], String[], javax.net.ssl.HostnameVerifier)


SSLConnectionSocketFactory

@Deprecated
public SSLConnectionSocketFactory(SSLSocketFactory socketfactory,
                                             X509HostnameVerifier hostnameVerifier)
Deprecated. (4.4) Use SSLConnectionSocketFactory(javax.net.ssl.SSLSocketFactory, javax.net.ssl.HostnameVerifier)


SSLConnectionSocketFactory

@Deprecated
public SSLConnectionSocketFactory(SSLSocketFactory socketfactory,
                                             String[] supportedProtocols,
                                             String[] supportedCipherSuites,
                                             X509HostnameVerifier hostnameVerifier)
Deprecated. (4.4) Use SSLConnectionSocketFactory(javax.net.ssl.SSLSocketFactory, String[], String[], javax.net.ssl.HostnameVerifier)


SSLConnectionSocketFactory

public SSLConnectionSocketFactory(SSLContext sslContext,
                                  HostnameVerifier hostnameVerifier)
Since:
4.4

SSLConnectionSocketFactory

public SSLConnectionSocketFactory(SSLContext sslContext,
                                  String[] supportedProtocols,
                                  String[] supportedCipherSuites,
                                  HostnameVerifier hostnameVerifier)
Since:
4.4

SSLConnectionSocketFactory

public SSLConnectionSocketFactory(SSLSocketFactory socketfactory,
                                  HostnameVerifier hostnameVerifier)
Since:
4.4

SSLConnectionSocketFactory

public SSLConnectionSocketFactory(SSLSocketFactory socketfactory,
                                  String[] supportedProtocols,
                                  String[] supportedCipherSuites,
                                  HostnameVerifier hostnameVerifier)
Since:
4.4
Method Detail

getDefaultHostnameVerifier

public static HostnameVerifier getDefaultHostnameVerifier()
Since:
4.4

getSocketFactory

public static SSLConnectionSocketFactory getSocketFactory()
                                                   throws SSLInitializationException
Obtains default SSL socket factory with an SSL context based on the standard JSSE trust material (cacerts file in the security properties directory). System properties are not taken into consideration.

Returns:
default SSL socket factory
Throws:
SSLInitializationException

getSystemSocketFactory

public static SSLConnectionSocketFactory getSystemSocketFactory()
                                                         throws SSLInitializationException
Obtains default SSL socket factory with an SSL context based on system properties as described in Java™ Secure Socket Extension (JSSE) Reference Guide.

Returns:
default system SSL socket factory
Throws:
SSLInitializationException

prepareSocket

protected void prepareSocket(SSLSocket socket)
                      throws IOException
Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens). The default implementation is a no-op, but could be overridden to, e.g., call SSLSocket.setEnabledCipherSuites(String[]).

Throws:
IOException - may be thrown if overridden

createSocket

public Socket createSocket(org.apache.http.protocol.HttpContext context)
                    throws IOException
Description copied from interface: ConnectionSocketFactory
Creates new, unconnected socket. The socket should subsequently be passed to connectSocket method.

Specified by:
createSocket in interface ConnectionSocketFactory
Returns:
a new socket
Throws:
IOException - if an I/O error occurs while creating the socket

connectSocket

public Socket connectSocket(int connectTimeout,
                            Socket socket,
                            org.apache.http.HttpHost host,
                            InetSocketAddress remoteAddress,
                            InetSocketAddress localAddress,
                            org.apache.http.protocol.HttpContext context)
                     throws IOException
Description copied from interface: ConnectionSocketFactory
Connects the socket to the target host with the given resolved remote address.

Specified by:
connectSocket in interface ConnectionSocketFactory
Parameters:
connectTimeout - connect timeout.
socket - the socket to connect, as obtained from ConnectionSocketFactory.createSocket(HttpContext). null indicates that a new socket should be created and connected.
host - target host as specified by the caller (end user).
remoteAddress - the resolved remote address to connect to.
localAddress - the local address to bind the socket to, or null for any.
context - the actual HTTP context.
Returns:
the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.
Throws:
IOException - if an I/O error occurs

createLayeredSocket

public Socket createLayeredSocket(Socket socket,
                                  String target,
                                  int port,
                                  org.apache.http.protocol.HttpContext context)
                           throws IOException
Description copied from interface: LayeredConnectionSocketFactory
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.

Specified by:
createLayeredSocket in interface LayeredConnectionSocketFactory
Parameters:
socket - the existing socket
target - the name of the target host.
port - the port to connect to on the target host.
context - the actual HTTP context.
Returns:
Socket a new socket
Throws:
IOException - if an I/O error occurs while creating the socket


Copyright © 1999–2019 The Apache Software Foundation. All rights reserved.