Class SSLSocketFactory
- java.lang.Object
-
- org.apache.http.conn.ssl.SSLSocketFactory
-
- All Implemented Interfaces:
LayeredSchemeSocketFactory
,LayeredSocketFactory
,SchemeLayeredSocketFactory
,SchemeSocketFactory
,SocketFactory
,ConnectionSocketFactory
,LayeredConnectionSocketFactory
@Contract(threading=SAFE_CONDITIONAL) @Deprecated public class SSLSocketFactory extends java.lang.Object implements LayeredConnectionSocketFactory, SchemeLayeredSocketFactory, LayeredSchemeSocketFactory, LayeredSocketFactory
Deprecated.(4.3) useSSLConnectionSocketFactory
.Layered socket factory for TLS/SSL connections.SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.
SSLSocketFactory will enable server authentication when supplied with a
trust-store
file containing one or several trusted certificates. The client secure socket will reject the connection during the SSL session handshake if the target HTTPS server attempts to authenticate itself with a non-trusted certificate.Use JDK keytool utility to import a trusted certificate and generate a trust-store file:
keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
In special cases the standard trust verification process can be bypassed by using a custom
TrustStrategy
. This interface is primarily intended for allowing self-signed certificates to be accepted as trusted without having to add them to the trust-store file.SSLSocketFactory will enable client authentication when supplied with a
key-store
file containing a private key/public certificate pair. The client secure socket will use the private key to authenticate itself to the target HTTPS server during the SSL session handshake if requested to do so by the server. The target HTTPS server will in its turn verify the certificate presented by the client in order to establish client's authenticity.Use the following sequence of actions to generate a key-store file
-
Use JDK keytool utility to generate a new key
keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore
For simplicity use the same password for the key as that of the key-store
-
Issue a certificate signing request (CSR)
keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore
-
Send the certificate request to the trusted Certificate Authority for signature. One may choose to act as her own CA and sign the certificate request using a PKI tool, such as OpenSSL.
-
Import the trusted CA root certificate
keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore
-
Import the PKCS#7 file containg the complete certificate chain
keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore
-
Verify the content the resultant keystore file
keytool -list -v -keystore my.keystore
- Since:
- 4.0
-
-
Field Summary
Fields Modifier and Type Field Description static X509HostnameVerifier
ALLOW_ALL_HOSTNAME_VERIFIER
Deprecated.static X509HostnameVerifier
BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
Deprecated.static java.lang.String
SSL
Deprecated.static java.lang.String
SSLV2
Deprecated.static X509HostnameVerifier
STRICT_HOSTNAME_VERIFIER
Deprecated.static java.lang.String
TLS
Deprecated.
-
Constructor Summary
Constructors Constructor Description SSLSocketFactory(java.lang.String algorithm, java.security.KeyStore keystore, java.lang.String keyPassword, java.security.KeyStore truststore, java.security.SecureRandom random, HostNameResolver nameResolver)
Deprecated.SSLSocketFactory(java.lang.String algorithm, java.security.KeyStore keystore, java.lang.String keyPassword, java.security.KeyStore truststore, java.security.SecureRandom random, TrustStrategy trustStrategy, X509HostnameVerifier hostnameVerifier)
Deprecated.SSLSocketFactory(java.lang.String algorithm, java.security.KeyStore keystore, java.lang.String keyPassword, java.security.KeyStore truststore, java.security.SecureRandom random, X509HostnameVerifier hostnameVerifier)
Deprecated.SSLSocketFactory(java.security.KeyStore truststore)
Deprecated.SSLSocketFactory(java.security.KeyStore keystore, java.lang.String keystorePassword)
Deprecated.SSLSocketFactory(java.security.KeyStore keystore, java.lang.String keystorePassword, java.security.KeyStore truststore)
Deprecated.SSLSocketFactory(javax.net.ssl.SSLContext sslContext)
Deprecated.SSLSocketFactory(javax.net.ssl.SSLContext sslContext, java.lang.String[] supportedProtocols, java.lang.String[] supportedCipherSuites, X509HostnameVerifier hostnameVerifier)
Deprecated.SSLSocketFactory(javax.net.ssl.SSLContext sslContext, HostNameResolver nameResolver)
Deprecated.SSLSocketFactory(javax.net.ssl.SSLContext sslContext, X509HostnameVerifier hostnameVerifier)
Deprecated.SSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory, java.lang.String[] supportedProtocols, java.lang.String[] supportedCipherSuites, X509HostnameVerifier hostnameVerifier)
Deprecated.SSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory, X509HostnameVerifier hostnameVerifier)
Deprecated.SSLSocketFactory(TrustStrategy trustStrategy)
Deprecated.SSLSocketFactory(TrustStrategy trustStrategy, X509HostnameVerifier hostnameVerifier)
Deprecated.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description java.net.Socket
connectSocket(int connectTimeout, java.net.Socket socket, HttpHost host, java.net.InetSocketAddress remoteAddress, java.net.InetSocketAddress localAddress, HttpContext context)
Deprecated.Connects the socket to the target host with the given resolved remote address.java.net.Socket
connectSocket(java.net.Socket socket, java.lang.String host, int port, java.net.InetAddress local, int localPort, HttpParams params)
Deprecated.Connects a socket to the given host.java.net.Socket
connectSocket(java.net.Socket socket, java.net.InetSocketAddress remoteAddress, java.net.InetSocketAddress localAddress, HttpParams params)
Deprecated.Connects a socket to the target host with the given remote address.java.net.Socket
createLayeredSocket(java.net.Socket socket, java.lang.String host, int port, boolean autoClose)
Deprecated.Returns a socket connected to the given host that is layered over an existing socket.java.net.Socket
createLayeredSocket(java.net.Socket socket, java.lang.String host, int port, HttpParams params)
Deprecated.Returns a socket connected to the given host that is layered over an existing socket.java.net.Socket
createLayeredSocket(java.net.Socket socket, java.lang.String target, int port, HttpContext context)
Deprecated.Returns a socket connected to the given host that is layered over an existing socket.java.net.Socket
createSocket()
Deprecated.Creates a new, unconnected socket.java.net.Socket
createSocket(java.net.Socket socket, java.lang.String host, int port, boolean autoClose)
Deprecated.Returns a socket connected to the given host that is layered over an existing socket.java.net.Socket
createSocket(HttpParams params)
Deprecated.Creates a new, unconnected socket.java.net.Socket
createSocket(HttpContext context)
Deprecated.Creates new, unconnected socket.X509HostnameVerifier
getHostnameVerifier()
Deprecated.static SSLSocketFactory
getSocketFactory()
Deprecated.Obtains default SSL socket factory with an SSL context based on the standard JSSE trust material (cacerts
file in the security properties directory).static SSLSocketFactory
getSystemSocketFactory()
Deprecated.Obtains default SSL socket factory with an SSL context based on system properties as described in "JavaTM Secure Socket Extension (JSSE) Reference Guide for the JavaTM 2 Platform Standard Edition 5boolean
isSecure(java.net.Socket sock)
Deprecated.Checks whether a socket connection is secure.void
setHostnameVerifier(X509HostnameVerifier hostnameVerifier)
Deprecated.
-
-
-
Field Detail
-
TLS
public static final java.lang.String TLS
Deprecated.- See Also:
- Constant Field Values
-
SSL
public static final java.lang.String SSL
Deprecated.- See Also:
- Constant Field Values
-
SSLV2
public static final java.lang.String SSLV2
Deprecated.- See Also:
- Constant Field Values
-
ALLOW_ALL_HOSTNAME_VERIFIER
public static final X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER
Deprecated.
-
BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
Deprecated.
-
STRICT_HOSTNAME_VERIFIER
public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
Deprecated.
-
-
Constructor Detail
-
SSLSocketFactory
public SSLSocketFactory(java.lang.String algorithm, java.security.KeyStore keystore, java.lang.String keyPassword, java.security.KeyStore truststore, java.security.SecureRandom random, HostNameResolver nameResolver) throws java.security.NoSuchAlgorithmException, java.security.KeyManagementException, java.security.KeyStoreException, java.security.UnrecoverableKeyException
Deprecated.- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
-
SSLSocketFactory
public SSLSocketFactory(java.lang.String algorithm, java.security.KeyStore keystore, java.lang.String keyPassword, java.security.KeyStore truststore, java.security.SecureRandom random, TrustStrategy trustStrategy, X509HostnameVerifier hostnameVerifier) throws java.security.NoSuchAlgorithmException, java.security.KeyManagementException, java.security.KeyStoreException, java.security.UnrecoverableKeyException
Deprecated.- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
- Since:
- 4.1
-
SSLSocketFactory
public SSLSocketFactory(java.lang.String algorithm, java.security.KeyStore keystore, java.lang.String keyPassword, java.security.KeyStore truststore, java.security.SecureRandom random, X509HostnameVerifier hostnameVerifier) throws java.security.NoSuchAlgorithmException, java.security.KeyManagementException, java.security.KeyStoreException, java.security.UnrecoverableKeyException
Deprecated.- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
- Since:
- 4.1
-
SSLSocketFactory
public SSLSocketFactory(java.security.KeyStore keystore, java.lang.String keystorePassword, java.security.KeyStore truststore) throws java.security.NoSuchAlgorithmException, java.security.KeyManagementException, java.security.KeyStoreException, java.security.UnrecoverableKeyException
Deprecated.- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
-
SSLSocketFactory
public SSLSocketFactory(java.security.KeyStore keystore, java.lang.String keystorePassword) throws java.security.NoSuchAlgorithmException, java.security.KeyManagementException, java.security.KeyStoreException, java.security.UnrecoverableKeyException
Deprecated.- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
-
SSLSocketFactory
public SSLSocketFactory(java.security.KeyStore truststore) throws java.security.NoSuchAlgorithmException, java.security.KeyManagementException, java.security.KeyStoreException, java.security.UnrecoverableKeyException
Deprecated.- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
-
SSLSocketFactory
public SSLSocketFactory(TrustStrategy trustStrategy, X509HostnameVerifier hostnameVerifier) throws java.security.NoSuchAlgorithmException, java.security.KeyManagementException, java.security.KeyStoreException, java.security.UnrecoverableKeyException
Deprecated.- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
- Since:
- 4.1
-
SSLSocketFactory
public SSLSocketFactory(TrustStrategy trustStrategy) throws java.security.NoSuchAlgorithmException, java.security.KeyManagementException, java.security.KeyStoreException, java.security.UnrecoverableKeyException
Deprecated.- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
- Since:
- 4.1
-
SSLSocketFactory
public SSLSocketFactory(javax.net.ssl.SSLContext sslContext)
Deprecated.
-
SSLSocketFactory
public SSLSocketFactory(javax.net.ssl.SSLContext sslContext, HostNameResolver nameResolver)
Deprecated.
-
SSLSocketFactory
public SSLSocketFactory(javax.net.ssl.SSLContext sslContext, X509HostnameVerifier hostnameVerifier)
Deprecated.- Since:
- 4.1
-
SSLSocketFactory
public SSLSocketFactory(javax.net.ssl.SSLContext sslContext, java.lang.String[] supportedProtocols, java.lang.String[] supportedCipherSuites, X509HostnameVerifier hostnameVerifier)
Deprecated.- Since:
- 4.3
-
SSLSocketFactory
public SSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory, X509HostnameVerifier hostnameVerifier)
Deprecated.- Since:
- 4.2
-
SSLSocketFactory
public SSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory, java.lang.String[] supportedProtocols, java.lang.String[] supportedCipherSuites, X509HostnameVerifier hostnameVerifier)
Deprecated.- Since:
- 4.3
-
-
Method Detail
-
getSocketFactory
public static SSLSocketFactory getSocketFactory() throws SSLInitializationException
Deprecated.Obtains default SSL socket factory with an SSL context based on the standard JSSE trust material (cacerts
file in the security properties directory). System properties are not taken into consideration.- Returns:
- default SSL socket factory
- Throws:
SSLInitializationException
-
getSystemSocketFactory
public static SSLSocketFactory getSystemSocketFactory() throws SSLInitializationException
Deprecated.Obtains default SSL socket factory with an SSL context based on system properties as described in "JavaTM Secure Socket Extension (JSSE) Reference Guide for the JavaTM 2 Platform Standard Edition 5- Returns:
- default system SSL socket factory
- Throws:
SSLInitializationException
-
createSocket
public java.net.Socket createSocket(HttpParams params) throws java.io.IOException
Deprecated.Description copied from interface:SchemeSocketFactory
Creates a new, unconnected socket. The socket should subsequently be passed toSchemeSocketFactory.connectSocket(Socket, InetSocketAddress, InetSocketAddress, HttpParams)
.- Specified by:
createSocket
in interfaceSchemeSocketFactory
- Parameters:
params
- Optional parameters. Parameters passed to this method will have no effect. This method will create a unconnected instance ofSocket
class.- Returns:
- a new socket
- Throws:
java.io.IOException
- if an I/O error occurs while creating the socket- Since:
- 4.1
-
createSocket
public java.net.Socket createSocket() throws java.io.IOException
Deprecated.Description copied from interface:SocketFactory
Creates a new, unconnected socket. The socket should subsequently be passed toconnectSocket
.- Specified by:
createSocket
in interfaceSocketFactory
- Returns:
- a new socket
- Throws:
java.io.IOException
- if an I/O error occurs while creating the socket
-
connectSocket
public java.net.Socket connectSocket(java.net.Socket socket, java.net.InetSocketAddress remoteAddress, java.net.InetSocketAddress localAddress, HttpParams params) throws java.io.IOException, java.net.UnknownHostException, ConnectTimeoutException
Deprecated.Description copied from interface:SchemeSocketFactory
Connects a socket to the target host with the given remote address.Please note that
HttpInetSocketAddress
class should be used in order to pass the target remote address along with the originalHttpHost
value used to resolve the address. The use ofHttpInetSocketAddress
can also ensure that no reverse DNS lookup will be performed if the target remote address was specified as an IP address.- Specified by:
connectSocket
in interfaceSchemeSocketFactory
- Parameters:
socket
- the socket to connect, as obtained fromcreateSocket
.null
indicates that a new socket should be created and connected.remoteAddress
- the remote address to connect to.localAddress
- the local address to bind the socket to, ornull
for anyparams
- additionalparameters
for connecting- Returns:
- the connected socket. The returned object may be different
from the
sock
argument if this factory supports a layered protocol. - Throws:
java.io.IOException
- if an I/O error occursjava.net.UnknownHostException
- if the IP address of the target host can not be determinedConnectTimeoutException
- if the socket cannot be connected within the time limit defined in theparams
- Since:
- 4.1
- See Also:
HttpInetSocketAddress
-
isSecure
public boolean isSecure(java.net.Socket sock) throws java.lang.IllegalArgumentException
Deprecated.Checks whether a socket connection is secure. This factory creates TLS/SSL socket connections which, by default, are considered secure.Derived classes may override this method to perform runtime checks, for example based on the cypher suite.
- Specified by:
isSecure
in interfaceSchemeSocketFactory
- Specified by:
isSecure
in interfaceSocketFactory
- Parameters:
sock
- the connected socket- Returns:
true
- Throws:
java.lang.IllegalArgumentException
- if the argument is invalid
-
createLayeredSocket
public java.net.Socket createLayeredSocket(java.net.Socket socket, java.lang.String host, int port, HttpParams params) throws java.io.IOException, java.net.UnknownHostException
Deprecated.Description copied from interface:SchemeLayeredSocketFactory
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.- Specified by:
createLayeredSocket
in interfaceSchemeLayeredSocketFactory
- Parameters:
socket
- the existing sockethost
- the name of the target host.port
- the port to connect to on the target hostparams
- HTTP parameters- Returns:
- Socket a new socket
- Throws:
java.io.IOException
- if an I/O error occurs while creating the socketjava.net.UnknownHostException
- if the IP address of the host cannot be determined- Since:
- 4.2
-
createLayeredSocket
public java.net.Socket createLayeredSocket(java.net.Socket socket, java.lang.String host, int port, boolean autoClose) throws java.io.IOException, java.net.UnknownHostException
Deprecated.Description copied from interface:LayeredSchemeSocketFactory
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.- Specified by:
createLayeredSocket
in interfaceLayeredSchemeSocketFactory
- Parameters:
socket
- the existing sockethost
- the name of the target host.port
- the port to connect to on the target hostautoClose
- a flag for closing the underling socket when the created socket is closed- Returns:
- Socket a new socket
- Throws:
java.io.IOException
- if an I/O error occurs while creating the socketjava.net.UnknownHostException
- if the IP address of the host cannot be determined
-
setHostnameVerifier
public void setHostnameVerifier(X509HostnameVerifier hostnameVerifier)
Deprecated.
-
getHostnameVerifier
public X509HostnameVerifier getHostnameVerifier()
Deprecated.
-
connectSocket
public java.net.Socket connectSocket(java.net.Socket socket, java.lang.String host, int port, java.net.InetAddress local, int localPort, HttpParams params) throws java.io.IOException, java.net.UnknownHostException, ConnectTimeoutException
Deprecated.Description copied from interface:SocketFactory
Connects a socket to the given host.- Specified by:
connectSocket
in interfaceSocketFactory
- Parameters:
socket
- the socket to connect, as obtained fromcreateSocket
.null
indicates that a new socket should be created and connected.host
- the host to connect toport
- the port to connect to on the hostlocal
- the local address to bind the socket to, ornull
for anylocalPort
- the port on the local machine, 0 or a negative number for anyparams
- additionalparameters
for connecting- Returns:
- the connected socket. The returned object may be different
from the
sock
argument if this factory supports a layered protocol. - Throws:
java.io.IOException
- if an I/O error occursjava.net.UnknownHostException
- if the IP address of the target host can not be determinedConnectTimeoutException
- if the socket cannot be connected within the time limit defined in theparams
-
createSocket
public java.net.Socket createSocket(java.net.Socket socket, java.lang.String host, int port, boolean autoClose) throws java.io.IOException, java.net.UnknownHostException
Deprecated.Description copied from interface:LayeredSocketFactory
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.- Specified by:
createSocket
in interfaceLayeredSocketFactory
- Parameters:
socket
- the existing sockethost
- the host name/IPport
- the port on the hostautoClose
- a flag for closing the underling socket when the created socket is closed- Returns:
- Socket a new socket
- Throws:
java.io.IOException
- if an I/O error occurs while creating the socketjava.net.UnknownHostException
- if the IP address of the host cannot be determined
-
createSocket
public java.net.Socket createSocket(HttpContext context) throws java.io.IOException
Deprecated.Description copied from interface:ConnectionSocketFactory
Creates new, unconnected socket. The socket should subsequently be passed toconnectSocket
method.- Specified by:
createSocket
in interfaceConnectionSocketFactory
- Returns:
- a new socket
- Throws:
java.io.IOException
- if an I/O error occurs while creating the socket
-
connectSocket
public java.net.Socket connectSocket(int connectTimeout, java.net.Socket socket, HttpHost host, java.net.InetSocketAddress remoteAddress, java.net.InetSocketAddress localAddress, HttpContext context) throws java.io.IOException
Deprecated.Description copied from interface:ConnectionSocketFactory
Connects the socket to the target host with the given resolved remote address.- Specified by:
connectSocket
in interfaceConnectionSocketFactory
- Parameters:
connectTimeout
- connect timeout.socket
- the socket to connect, as obtained fromConnectionSocketFactory.createSocket(HttpContext)
.null
indicates that a new socket should be created and connected.host
- target host as specified by the caller (end user).remoteAddress
- the resolved remote address to connect to.localAddress
- the local address to bind the socket to, ornull
for any.context
- the actual HTTP context.- Returns:
- the connected socket. The returned object may be different
from the
sock
argument if this factory supports a layered protocol. - Throws:
java.io.IOException
- if an I/O error occurs
-
createLayeredSocket
public java.net.Socket createLayeredSocket(java.net.Socket socket, java.lang.String target, int port, HttpContext context) throws java.io.IOException
Deprecated.Description copied from interface:LayeredConnectionSocketFactory
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.- Specified by:
createLayeredSocket
in interfaceLayeredConnectionSocketFactory
- Parameters:
socket
- the existing sockettarget
- the name of the target host.port
- the port to connect to on the target host.context
- the actual HTTP context.- Returns:
- Socket a new socket
- Throws:
java.io.IOException
- if an I/O error occurs while creating the socket
-
-