Class StrictSSLProtocolSocketFactory
java.lang.Object
edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory
- All Implemented Interfaces:
ProtocolSocketFactory
,SecureProtocolSocketFactory
A
SecureProtocolSocketFactory
that uses JSSE to create
SSL sockets. It will also support host name verification to help preventing
man-in-the-middle attacks. Host name verification is turned on by
default but one will be able to turn it off, which might be a useful feature
during development. Host name verification will make sure the SSL sessions
server host name matches with the the host name returned in the
server certificates "Common Name" field of the "SubjectDN" entry.-
Constructor Summary
ConstructorDescriptionConstructor for StrictSSLProtocolSocketFactory.StrictSSLProtocolSocketFactory
(boolean verifyHostname) Constructor for StrictSSLProtocolSocketFactory. -
Method Summary
Modifier and TypeMethodDescriptioncreateSocket
(String host, int port) Gets a new socket connection to the given host.createSocket
(String host, int port, InetAddress clientHost, int clientPort) Gets a new socket connection to the given host.createSocket
(String host, int port, InetAddress localAddress, int localPort, HttpConnectionParams params) Attempts to get a new socket connection to the given host within the given time limit.createSocket
(Socket socket, String host, int port, boolean autoClose) Returns a socket connected to the given host that is layered over an existing socket.boolean
boolean
Gets the status of the host name verification flag.int
hashCode()
void
setHostnameVerification
(boolean verifyHostname) Set the host name verification flag.
-
Constructor Details
-
StrictSSLProtocolSocketFactory
public StrictSSLProtocolSocketFactory(boolean verifyHostname) Constructor for StrictSSLProtocolSocketFactory.- Parameters:
verifyHostname
- The host name verification flag. If set totrue
the SSL sessions server host name will be compared to the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry. If these names do not match a Exception is thrown to indicate this. Enabling host name verification will help to prevent from man-in-the-middle attacks. If set tofalse
host name verification is turned off. Code sample:Protocol stricthttps = new Protocol( "https", new StrictSSLProtocolSocketFactory(true), 443); HttpClient client = new HttpClient(); client.getHostConfiguration().setHost("localhost", 443, stricthttps);
-
StrictSSLProtocolSocketFactory
public StrictSSLProtocolSocketFactory()Constructor for StrictSSLProtocolSocketFactory. Host name verification will be enabled by default.
-
-
Method Details
-
setHostnameVerification
public void setHostnameVerification(boolean verifyHostname) Set the host name verification flag.- Parameters:
verifyHostname
- The host name verification flag. If set totrue
the SSL sessions server host name will be compared to the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry. If these names do not match a Exception is thrown to indicate this. Enabling host name verification will help to prevent from man-in-the-middle attacks. If set tofalse
host name verification is turned off.
-
getHostnameVerification
public boolean getHostnameVerification()Gets the status of the host name verification flag.- Returns:
- Host name verification flag. Either
true
if host name verification is turned on, orfalse
if host name verification is turned off.
-
createSocket
public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort) throws IOException, UnknownHostException Description copied from interface:ProtocolSocketFactory
Gets a new socket connection to the given host.- Specified by:
createSocket
in interfaceProtocolSocketFactory
- Parameters:
host
- the host name/IPport
- the port on the hostclientHost
- the local host name/IP to bind the socket toclientPort
- the port on the local machine- Returns:
- Socket a new socket
- Throws:
IOException
- if an I/O error occurs while creating the socketUnknownHostException
- if the IP address of the host cannot be determined- See Also:
-
createSocket
public Socket createSocket(String host, int port, InetAddress localAddress, int localPort, HttpConnectionParams params) throws IOException, UnknownHostException, ConnectTimeoutException Attempts to get a new socket connection to the given host within the given time limit.This method employs several techniques to circumvent the limitations of older JREs that do not support connect timeout. When running in JRE 1.4 or above reflection is used to call Socket#connect(SocketAddress endpoint, int timeout) method. When executing in older JREs a controller thread is executed. The controller thread attempts to create a new socket within the given limit of time. If socket constructor does not return until the timeout expires, the controller terminates and throws an
ConnectTimeoutException
- Specified by:
createSocket
in interfaceProtocolSocketFactory
- Parameters:
host
- the host name/IPport
- the port on the hostclientHost
- the local host name/IP to bind the socket toclientPort
- the port on the local machineparams
-Http connection parameters
- Returns:
- Socket a new socket
- Throws:
IOException
- if an I/O error occurs while creating the socketUnknownHostException
- if the IP address of the host cannot be determinedConnectTimeoutException
- if socket cannot be connected within the given time limit
-
createSocket
Description copied from interface:ProtocolSocketFactory
Gets a new socket connection to the given host.- Specified by:
createSocket
in interfaceProtocolSocketFactory
- Parameters:
host
- the host name/IPport
- the port on the host- Returns:
- Socket a new socket
- Throws:
IOException
- if an I/O error occurs while creating the socketUnknownHostException
- if the IP address of the host cannot be determined- See Also:
-
createSocket
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException Description copied from interface:SecureProtocolSocketFactory
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.- Specified by:
createSocket
in interfaceSecureProtocolSocketFactory
- Parameters:
socket
- the existing sockethost
- the host name/IPport
- the port on the hostautoClose
- a flag for closing the underling socket when the created socket is closed- Returns:
- Socket a new socket
- Throws:
IOException
- if an I/O error occurs while creating the socketUnknownHostException
- if the IP address of the host cannot be determined- See Also:
-
equals
-
hashCode
public int hashCode()
-