Package org.apache.http.conn.ssl

Class SSLSocketFactory

  • All Implemented Interfaces:
    LayeredSchemeSocketFactory, LayeredSocketFactory, SchemeLayeredSocketFactory, SchemeSocketFactory, SocketFactory, ConnectionSocketFactory, LayeredConnectionSocketFactory
    @Contract(threading=SAFE_CONDITIONAL)
@Deprecated
public class SSLSocketFactory
extends java.lang.Object
implements LayeredConnectionSocketFactory, SchemeLayeredSocketFactory, LayeredSchemeSocketFactory, LayeredSocketFactory
    Deprecated.
    (4.3) use SSLConnectionSocketFactory.
    Layered socket factory for TLS/SSL connections.

    SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.

    SSLSocketFactory will enable server authentication when supplied with a trust-store file containing one or several trusted certificates. The client secure socket will reject the connection during the SSL session handshake if the target HTTPS server attempts to authenticate itself with a non-trusted certificate.

    Use JDK keytool utility to import a trusted certificate and generate a trust-store file: 

    keytool -import -alias "my server cert" -file server.crt -keystore my.truststore

    In special cases the standard trust verification process can be bypassed by using a custom TrustStrategy. This interface is primarily intended for allowing self-signed certificates to be accepted as trusted without having to add them to the trust-store file.

    SSLSocketFactory will enable client authentication when supplied with a key-store file containing a private key/public certificate pair. The client secure socket will use the private key to authenticate itself to the target HTTPS server during the SSL session handshake if requested to do so by the server. The target HTTPS server will in its turn verify the certificate presented by the client in order to establish client's authenticity.

    Use the following sequence of actions to generate a key-store file

    • Use JDK keytool utility to generate a new key 

      keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore

      For simplicity use the same password for the key as that of the key-store

    • Issue a certificate signing request (CSR) 

      keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore

    • Send the certificate request to the trusted Certificate Authority for signature. One may choose to act as her own CA and sign the certificate request using a PKI tool, such as OpenSSL.

    • Import the trusted CA root certificate 

      keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore

    • Import the PKCS#7 file containg the complete certificate chain 

      keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore

    • Verify the content the resultant keystore file 

      keytool -list -v -keystore my.keystore
    Since:
    4.0

    • Constructor Detail

      • SSLSocketFactory

        public SSLSocketFactory​(java.lang.String algorithm,
                        java.security.KeyStore keystore,
                        java.lang.String keyPassword,
                        java.security.KeyStore truststore,
                        java.security.SecureRandom random,
                        HostNameResolver nameResolver)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException
        Deprecated.
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.KeyManagementException
        java.security.KeyStoreException
        java.security.UnrecoverableKeyException

      • SSLSocketFactory

        public SSLSocketFactory​(java.lang.String algorithm,
                        java.security.KeyStore keystore,
                        java.lang.String keyPassword,
                        java.security.KeyStore truststore,
                        java.security.SecureRandom random,
                        TrustStrategy trustStrategy,
                        X509HostnameVerifier hostnameVerifier)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException
        Deprecated.
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.KeyManagementException
        java.security.KeyStoreException
        java.security.UnrecoverableKeyException
        Since:
        4.1

      • SSLSocketFactory

        public SSLSocketFactory​(java.lang.String algorithm,
                        java.security.KeyStore keystore,
                        java.lang.String keyPassword,
                        java.security.KeyStore truststore,
                        java.security.SecureRandom random,
                        X509HostnameVerifier hostnameVerifier)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException
        Deprecated.
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.KeyManagementException
        java.security.KeyStoreException
        java.security.UnrecoverableKeyException
        Since:
        4.1

      • SSLSocketFactory

        public SSLSocketFactory​(java.security.KeyStore keystore,
                        java.lang.String keystorePassword,
                        java.security.KeyStore truststore)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException
        Deprecated.
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.KeyManagementException
        java.security.KeyStoreException
        java.security.UnrecoverableKeyException

      • SSLSocketFactory

        public SSLSocketFactory​(java.security.KeyStore keystore,
                        java.lang.String keystorePassword)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException
        Deprecated.
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.KeyManagementException
        java.security.KeyStoreException
        java.security.UnrecoverableKeyException

      • SSLSocketFactory

        public SSLSocketFactory​(java.security.KeyStore truststore)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException
        Deprecated.
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.KeyManagementException
        java.security.KeyStoreException
        java.security.UnrecoverableKeyException

      • SSLSocketFactory

        public SSLSocketFactory​(TrustStrategy trustStrategy,
                        X509HostnameVerifier hostnameVerifier)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException
        Deprecated.
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.KeyManagementException
        java.security.KeyStoreException
        java.security.UnrecoverableKeyException
        Since:
        4.1

      • SSLSocketFactory

        public SSLSocketFactory​(TrustStrategy trustStrategy)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException
        Deprecated.
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.KeyManagementException
        java.security.KeyStoreException
        java.security.UnrecoverableKeyException
        Since:
        4.1

      • SSLSocketFactory

        public SSLSocketFactory​(javax.net.ssl.SSLContext sslContext)
        Deprecated.

      • SSLSocketFactory

        public SSLSocketFactory​(javax.net.ssl.SSLContext sslContext,
                        HostNameResolver nameResolver)
        Deprecated.

      • SSLSocketFactory

        public SSLSocketFactory​(javax.net.ssl.SSLContext sslContext,
                        X509HostnameVerifier hostnameVerifier)
        Deprecated.
        Since:
        4.1

      • SSLSocketFactory

        public SSLSocketFactory​(javax.net.ssl.SSLContext sslContext,
                        java.lang.String[] supportedProtocols,
                        java.lang.String[] supportedCipherSuites,
                        X509HostnameVerifier hostnameVerifier)
        Deprecated.
        Since:
        4.3

      • SSLSocketFactory

        public SSLSocketFactory​(javax.net.ssl.SSLSocketFactory socketfactory,
                        X509HostnameVerifier hostnameVerifier)
        Deprecated.
        Since:
        4.2

      • SSLSocketFactory

        public SSLSocketFactory​(javax.net.ssl.SSLSocketFactory socketfactory,
                        java.lang.String[] supportedProtocols,
                        java.lang.String[] supportedCipherSuites,
                        X509HostnameVerifier hostnameVerifier)
        Deprecated.
        Since:
        4.3

    • Method Detail

      • getSocketFactory

        public static SSLSocketFactory getSocketFactory()
                                         throws SSLInitializationException
        Deprecated.
        Obtains default SSL socket factory with an SSL context based on the standard JSSE trust material (cacerts file in the security properties directory). System properties are not taken into consideration.
        Returns:
        default SSL socket factory
        Throws:
        SSLInitializationException

      • createSocket

        public java.net.Socket createSocket()
                             throws java.io.IOException
        Deprecated.
        Description copied from interface: SocketFactory
        Creates a new, unconnected socket. The socket should subsequently be passed to connectSocket.
        Specified by:
        createSocket in interface SocketFactory
        Returns:
        a new socket
        Throws:
        java.io.IOException - if an I/O error occurs while creating the socket

      • connectSocket

        public java.net.Socket connectSocket​(java.net.Socket socket,
                                     java.net.InetSocketAddress remoteAddress,
                                     java.net.InetSocketAddress localAddress,
                                     HttpParams params)
                              throws java.io.IOException,
                                     java.net.UnknownHostException,
                                     ConnectTimeoutException
        Deprecated.
        Description copied from interface: SchemeSocketFactory
        Connects a socket to the target host with the given remote address.

        Please note that HttpInetSocketAddress class should be used in order to pass the target remote address along with the original HttpHost value used to resolve the address. The use of HttpInetSocketAddress can also ensure that no reverse DNS lookup will be performed if the target remote address was specified as an IP address.

        Specified by:
        connectSocket in interface SchemeSocketFactory
        Parameters:
        socket - the socket to connect, as obtained from createSocket. null indicates that a new socket should be created and connected.
        remoteAddress - the remote address to connect to.
        localAddress - the local address to bind the socket to, or null for any
        params - additional parameters for connecting
        Returns:
        the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.
        Throws:
        java.io.IOException - if an I/O error occurs
        java.net.UnknownHostException - if the IP address of the target host can not be determined
        ConnectTimeoutException - if the socket cannot be connected within the time limit defined in the params
        Since:
        4.1
        See Also:
        HttpInetSocketAddress

      • isSecure

        public boolean isSecure​(java.net.Socket sock)
                 throws java.lang.IllegalArgumentException
        Deprecated.
        Checks whether a socket connection is secure. This factory creates TLS/SSL socket connections which, by default, are considered secure.

        Derived classes may override this method to perform runtime checks, for example based on the cypher suite.

        Specified by:
        isSecure in interface SchemeSocketFactory
        Specified by:
        isSecure in interface SocketFactory
        Parameters:
        sock - the connected socket
        Returns:
        true
        Throws:
        java.lang.IllegalArgumentException - if the argument is invalid

      • createLayeredSocket

        public java.net.Socket createLayeredSocket​(java.net.Socket socket,
                                           java.lang.String host,
                                           int port,
                                           HttpParams params)
                                    throws java.io.IOException,
                                           java.net.UnknownHostException
        Deprecated.
        Description copied from interface: SchemeLayeredSocketFactory
        Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.
        Specified by:
        createLayeredSocket in interface SchemeLayeredSocketFactory
        Parameters:
        socket - the existing socket
        host - the name of the target host.
        port - the port to connect to on the target host
        params - HTTP parameters
        Returns:
        Socket a new socket
        Throws:
        java.io.IOException - if an I/O error occurs while creating the socket
        java.net.UnknownHostException - if the IP address of the host cannot be determined
        Since:
        4.2

      • createLayeredSocket

        public java.net.Socket createLayeredSocket​(java.net.Socket socket,
                                           java.lang.String host,
                                           int port,
                                           boolean autoClose)
                                    throws java.io.IOException,
                                           java.net.UnknownHostException
        Deprecated.
        Description copied from interface: LayeredSchemeSocketFactory
        Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.
        Specified by:
        createLayeredSocket in interface LayeredSchemeSocketFactory
        Parameters:
        socket - the existing socket
        host - the name of the target host.
        port - the port to connect to on the target host
        autoClose - a flag for closing the underling socket when the created socket is closed
        Returns:
        Socket a new socket
        Throws:
        java.io.IOException - if an I/O error occurs while creating the socket
        java.net.UnknownHostException - if the IP address of the host cannot be determined

      • setHostnameVerifier

        public void setHostnameVerifier​(X509HostnameVerifier hostnameVerifier)
        Deprecated.

      • connectSocket

        public java.net.Socket connectSocket​(java.net.Socket socket,
                                     java.lang.String host,
                                     int port,
                                     java.net.InetAddress local,
                                     int localPort,
                                     HttpParams params)
                              throws java.io.IOException,
                                     java.net.UnknownHostException,
                                     ConnectTimeoutException
        Deprecated.
        Description copied from interface: SocketFactory
        Connects a socket to the given host.
        Specified by:
        connectSocket in interface SocketFactory
        Parameters:
        socket - the socket to connect, as obtained from createSocket. null indicates that a new socket should be created and connected.
        host - the host to connect to
        port - the port to connect to on the host
        local - the local address to bind the socket to, or null for any
        localPort - the port on the local machine, 0 or a negative number for any
        params - additional parameters for connecting
        Returns:
        the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.
        Throws:
        java.io.IOException - if an I/O error occurs
        java.net.UnknownHostException - if the IP address of the target host can not be determined
        ConnectTimeoutException - if the socket cannot be connected within the time limit defined in the params

      • createSocket

        public java.net.Socket createSocket​(java.net.Socket socket,
                                    java.lang.String host,
                                    int port,
                                    boolean autoClose)
                             throws java.io.IOException,
                                    java.net.UnknownHostException
        Deprecated.
        Description copied from interface: LayeredSocketFactory
        Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.
        Specified by:
        createSocket in interface LayeredSocketFactory
        Parameters:
        socket - the existing socket
        host - the host name/IP
        port - the port on the host
        autoClose - a flag for closing the underling socket when the created socket is closed
        Returns:
        Socket a new socket
        Throws:
        java.io.IOException - if an I/O error occurs while creating the socket
        java.net.UnknownHostException - if the IP address of the host cannot be determined

      • createSocket

        public java.net.Socket createSocket​(HttpContext context)
                             throws java.io.IOException
        Deprecated.
        Description copied from interface: ConnectionSocketFactory
        Creates new, unconnected socket. The socket should subsequently be passed to connectSocket method.
        Specified by:
        createSocket in interface ConnectionSocketFactory
        Returns:
        a new socket
        Throws:
        java.io.IOException - if an I/O error occurs while creating the socket

      • connectSocket

        public java.net.Socket connectSocket​(int connectTimeout,
                                     java.net.Socket socket,
                                     HttpHost host,
                                     java.net.InetSocketAddress remoteAddress,
                                     java.net.InetSocketAddress localAddress,
                                     HttpContext context)
                              throws java.io.IOException
        Deprecated.
        Description copied from interface: ConnectionSocketFactory
        Connects the socket to the target host with the given resolved remote address.
        Specified by:
        connectSocket in interface ConnectionSocketFactory
        Parameters:
        connectTimeout - connect timeout.
        socket - the socket to connect, as obtained from ConnectionSocketFactory.createSocket(HttpContext). null indicates that a new socket should be created and connected.
        host - target host as specified by the caller (end user).
        remoteAddress - the resolved remote address to connect to.
        localAddress - the local address to bind the socket to, or null for any.
        context - the actual HTTP context.
        Returns:
        the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.
        Throws:
        java.io.IOException - if an I/O error occurs

      • createLayeredSocket

        public java.net.Socket createLayeredSocket​(java.net.Socket socket,
                                           java.lang.String target,
                                           int port,
                                           HttpContext context)
                                    throws java.io.IOException
        Deprecated.
        Description copied from interface: LayeredConnectionSocketFactory
        Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.
        Specified by:
        createLayeredSocket in interface LayeredConnectionSocketFactory
        Parameters:
        socket - the existing socket
        target - the name of the target host.
        port - the port to connect to on the target host.
        context - the actual HTTP context.
        Returns:
        Socket a new socket
        Throws:
        java.io.IOException - if an I/O error occurs while creating the socket