SSLSocketFactory
open classSSLSocketFactory: LayeredSocketFactory
kotlin.Any | |
↳ | org.apache.http.conn.ssl.SSLSocketFactory |
Layered socket factory for TLS/SSL connections, based on JSSE. .
SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.
SSLSocketFactory will enable server authentication when supplied with a truststore
file containg one or several trusted certificates. The client secure socket will reject the connection during the SSL session handshake if the target HTTPS server attempts to authenticate itself with a non-trusted certificate.
Use JDK keytool utility to import a trusted certificate and generate a truststore file:
keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
SSLSocketFactory will enable client authentication when supplied with a keystore
file containg a private key/public certificate pair. The client secure socket will use the private key to authenticate itself to the target HTTPS server during the SSL session handshake if requested to do so by the server. The target HTTPS server will in its turn verify the certificate presented by the client in order to establish client's authenticity
Use the following sequence of actions to generate a keystore file
-
Use JDK keytool utility to generate a new key
For simplicity use the same password for the key as that of the keystorekeytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore
-
Issue a certificate signing request (CSR)
keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore
-
Send the certificate request to the trusted Certificate Authority for signature. One may choose to act as their own CA and sign the certificate request using a PKI tool, such as OpenSSL.
-
Import the trusted CA root certificate
keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore
-
Import the PKCS#7 file containg the complete certificate chain
keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore
-
Verify the content the resultant keystore file
keytool -list -v -keystore my.keystore
Summary
Constants | |
---|---|
static String | |
static String | |
static String |
Public constructors | |
---|---|
SSLSocketFactory(algorithm: String!, keystore: KeyStore!, keystorePassword: String!, truststore: KeyStore!, random: SecureRandom!, nameResolver: HostNameResolver!) |
|
SSLSocketFactory(keystore: KeyStore!, keystorePassword: String!, truststore: KeyStore!) |
|
SSLSocketFactory(keystore: KeyStore!, keystorePassword: String!) |
|
SSLSocketFactory(truststore: KeyStore!) |
Public methods | |
---|---|
open Socket! |
connectSocket(sock: Socket!, host: String!, port: Int, localAddress: InetAddress!, localPort: Int, params: HttpParams!) |
open Socket! | |
open Socket! |
createSocket(socket: Socket!, host: String!, port: Int, autoClose: Boolean) |
open X509HostnameVerifier! | |
open static SSLSocketFactory! |
Gets an singleton instance of the SSLProtocolSocketFactory. |
open Boolean |
Checks whether a socket connection is secure. |
open Unit |
setHostnameVerifier(hostnameVerifier: X509HostnameVerifier!) |
Properties | |
---|---|
static X509HostnameVerifier! | |
static X509HostnameVerifier! | |
static X509HostnameVerifier! |
Constants
Public constructors
SSLSocketFactory
SSLSocketFactory(
algorithm: String!,
keystore: KeyStore!,
keystorePassword: String!,
truststore: KeyStore!,
random: SecureRandom!,
nameResolver: HostNameResolver!)
SSLSocketFactory
SSLSocketFactory(
keystore: KeyStore!,
keystorePassword: String!,
truststore: KeyStore!)
SSLSocketFactory
SSLSocketFactory(
keystore: KeyStore!,
keystorePassword: String!)
Public methods
connectSocket
open funconnectSocket(
sock: Socket!,
host: String!,
port: Int,
localAddress: InetAddress!,
localPort: Int,
params: HttpParams!
): Socket!
Deprecated: Deprecated in Java.
Parameters | |
---|---|
sock |
Socket!: the socket to connect, as obtained from createSocket . null indicates that a new socket should be created and connected. |
host |
String!: the host to connect to |
port |
Int: the port to connect to on the host |
localAddress |
InetAddress!: the local address to bind the socket to, or null for any |
localPort |
Int: the port on the local machine, 0 or a negative number for any |
params |
HttpParams!: additional parameters for connecting |
Return | |
---|---|
Socket! |
the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol. |
Exceptions | |
---|---|
java.io.IOException |
if an I/O error occurs |
java.net.UnknownHostException |
if the IP address of the target host can not be determined |
org.apache.http.conn.ConnectTimeoutException |
if the socket cannot be connected within the time limit defined in the params |
createSocket
open funcreateSocket(): Socket!
Deprecated: Deprecated in Java.
Return | |
---|---|
Socket! |
a new socket |
Exceptions | |
---|---|
java.io.IOException |
if an I/O error occurs while creating the socket |
createSocket
open funcreateSocket(
socket: Socket!,
host: String!,
port: Int,
autoClose: Boolean
): Socket!
Deprecated: Deprecated in Java.
Parameters | |
---|---|
socket |
Socket!: the existing socket |
host |
String!: the host name/IP |
port |
Int: the port on the host |
autoClose |
Boolean: a flag for closing the underling socket when the created socket is closed |
Return | |
---|---|
Socket! |
Socket a new socket |
Exceptions | |
---|---|
java.io.IOException |
if an I/O error occurs while creating the socket |
java.net.UnknownHostException |
if the IP address of the host cannot be determined |
getHostnameVerifier
open fungetHostnameVerifier(): X509HostnameVerifier!
Deprecated: Deprecated in Java.
getSocketFactory
open static fungetSocketFactory(): SSLSocketFactory!
Deprecated: Deprecated in Java.
Gets an singleton instance of the SSLProtocolSocketFactory.
Return | |
---|---|
SSLSocketFactory! |
a SSLProtocolSocketFactory |
isSecure
open funisSecure(sock: Socket!): Boolean
Deprecated: Deprecated in Java.
Checks whether a socket connection is secure. This factory creates TLS/SSL socket connections which, by default, are considered secure.
Derived classes may override this method to perform runtime checks, for example based on the cypher suite.
Parameters | |
---|---|
sock |
Socket!: the connected socket |
Return | |
---|---|
Boolean |
true |
Exceptions | |
---|---|
java.lang.IllegalArgumentException |
if the argument is invalid |
setHostnameVerifier
open funsetHostnameVerifier(hostnameVerifier: X509HostnameVerifier!): Unit
Deprecated: Deprecated in Java.
Properties
ALLOW_ALL_HOSTNAME_VERIFIER
static valALLOW_ALL_HOSTNAME_VERIFIER: X509HostnameVerifier!
Deprecated: Deprecated in Java.
BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
static valBROWSER_COMPATIBLE_HOSTNAME_VERIFIER: X509HostnameVerifier!
Deprecated: Deprecated in Java.
STRICT_HOSTNAME_VERIFIER
static valSTRICT_HOSTNAME_VERIFIER: X509HostnameVerifier!
Deprecated: Deprecated in Java.