URL.openConnection()
instead.
Please visit this webpage
for further details.@Deprecated public class SSLSocketFactory extends Object implements LayeredSocketFactory
SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.
SSLSocketFactory will enable server authentication when supplied with
a truststore
file containg one or several trusted
certificates. The client secure socket will reject the connection during
the SSL session handshake if the target HTTPS server attempts to
authenticate itself with a non-trusted certificate.
Use JDK keytool utility to import a trusted certificate and generate a truststore file:
keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
SSLSocketFactory will enable client authentication when supplied with
a keystore
file containg a private key/public certificate
pair. The client secure socket will use the private key to authenticate
itself to the target HTTPS server during the SSL session handshake if
requested to do so by the server.
The target HTTPS server will in its turn verify the certificate presented
by the client in order to establish client's authenticity
Use the following sequence of actions to generate a keystore file
Use JDK keytool utility to generate a new key
keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystoreFor simplicity use the same password for the key as that of the keystore
Issue a certificate signing request (CSR)
keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore
Send the certificate request to the trusted Certificate Authority for signature. One may choose to act as her own CA and sign the certificate request using a PKI tool, such as OpenSSL.
Import the trusted CA root certificate
keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore
Import the PKCS#7 file containg the complete certificate chain
keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore
Verify the content the resultant keystore file
keytool -list -v -keystore my.keystore
Modifier and Type | Field and Description |
---|---|
static X509HostnameVerifier |
ALLOW_ALL_HOSTNAME_VERIFIER
Deprecated.
|
static X509HostnameVerifier |
BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
Deprecated.
|
static String |
SSL
Deprecated.
|
static String |
SSLV2
Deprecated.
|
static X509HostnameVerifier |
STRICT_HOSTNAME_VERIFIER
Deprecated.
|
static String |
TLS
Deprecated.
|
Constructor and Description |
---|
SSLSocketFactory(KeyStore truststore)
Deprecated.
|
SSLSocketFactory(KeyStore keystore,
String keystorePassword)
Deprecated.
|
SSLSocketFactory(KeyStore keystore,
String keystorePassword,
KeyStore truststore)
Deprecated.
|
SSLSocketFactory(SSLSocketFactory socketfactory)
Deprecated.
Constructs an HttpClient SSLSocketFactory backed by the given JSSE
SSLSocketFactory.
|
SSLSocketFactory(String algorithm,
KeyStore keystore,
String keystorePassword,
KeyStore truststore,
SecureRandom random,
HostNameResolver nameResolver)
Deprecated.
|
Modifier and Type | Method and Description |
---|---|
Socket |
connectSocket(Socket sock,
String host,
int port,
InetAddress localAddress,
int localPort,
HttpParams params)
Deprecated.
Connects a socket to the given host.
|
Socket |
createSocket()
Deprecated.
Creates a new, unconnected socket.
|
Socket |
createSocket(Socket socket,
String host,
int port,
boolean autoClose)
Deprecated.
Returns a socket connected to the given host that is layered over an
existing socket.
|
X509HostnameVerifier |
getHostnameVerifier()
Deprecated.
|
static SSLSocketFactory |
getSocketFactory()
Deprecated.
Gets an singleton instance of the SSLProtocolSocketFactory.
|
boolean |
isSecure(Socket sock)
Deprecated.
Checks whether a socket connection is secure.
|
void |
setHostnameVerifier(X509HostnameVerifier hostnameVerifier)
Deprecated.
|
public static final String TLS
public static final String SSL
public static final String SSLV2
public static final X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER
public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
public SSLSocketFactory(String algorithm, KeyStore keystore, String keystorePassword, KeyStore truststore, SecureRandom random, HostNameResolver nameResolver) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException
public SSLSocketFactory(KeyStore keystore, String keystorePassword, KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException
public SSLSocketFactory(KeyStore keystore, String keystorePassword) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException
public SSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException
public SSLSocketFactory(SSLSocketFactory socketfactory)
public static SSLSocketFactory getSocketFactory()
public Socket createSocket() throws IOException
SocketFactory
connectSocket
.createSocket
in interface SocketFactory
IOException
- if an I/O error occurs while creating the socketpublic Socket connectSocket(Socket sock, String host, int port, InetAddress localAddress, int localPort, HttpParams params) throws IOException
SocketFactory
connectSocket
in interface SocketFactory
sock
- the socket to connect, as obtained from
createSocket
.
null
indicates that a new socket
should be created and connected.host
- the host to connect toport
- the port to connect to on the hostlocalAddress
- the local address to bind the socket to, or
null
for anylocalPort
- the port on the local machine,
0 or a negative number for anyparams
- additional parameters
for connectingsock
argument if this factory supports
a layered protocol.IOException
- if an I/O error occursUnknownHostException
- if the IP address of the target host
can not be determinedConnectTimeoutException
- if the socket cannot be connected
within the time limit defined in the params
public boolean isSecure(Socket sock) throws IllegalArgumentException
isSecure
in interface SocketFactory
sock
- the connected sockettrue
IllegalArgumentException
- if the argument is invalidpublic Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException
LayeredSocketFactory
createSocket
in interface LayeredSocketFactory
socket
- the existing sockethost
- the host name/IPport
- the port on the hostautoClose
- a flag for closing the underling socket when the created
socket is closedIOException
- if an I/O error occurs while creating the socketUnknownHostException
- if the IP address of the host cannot be
determinedpublic void setHostnameVerifier(X509HostnameVerifier hostnameVerifier)
public X509HostnameVerifier getHostnameVerifier()