Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.http.conn.ssl
Class SSLSocketFactory

java.lang.Object
  extended by org.apache.http.conn.ssl.SSLSocketFactory
All Implemented Interfaces:
LayeredSchemeSocketFactory, LayeredSocketFactory, SchemeLayeredSocketFactory, SchemeSocketFactory, SocketFactory, ConnectionSocketFactory, LayeredConnectionSocketFactory
Deprecated. (4.3) use SSLConnectionSocketFactory. 

@Contract(threading=SAFE_CONDITIONAL)
@Deprecated
public class SSLSocketFactory
extends Object
implements LayeredConnectionSocketFactory, SchemeLayeredSocketFactory, LayeredSchemeSocketFactory, LayeredSocketFactory

Layered socket factory for TLS/SSL connections.

SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.

SSLSocketFactory will enable server authentication when supplied with a trust-store file containing one or several trusted certificates. The client secure socket will reject the connection during the SSL session handshake if the target HTTPS server attempts to authenticate itself with a non-trusted certificate.

Use JDK keytool utility to import a trusted certificate and generate a trust-store file: 

keytool -import -alias "my server cert" -file server.crt -keystore my.truststore

In special cases the standard trust verification process can be bypassed by using a custom TrustStrategy. This interface is primarily intended for allowing self-signed certificates to be accepted as trusted without having to add them to the trust-store file.

SSLSocketFactory will enable client authentication when supplied with a key-store file containing a private key/public certificate pair. The client secure socket will use the private key to authenticate itself to the target HTTPS server during the SSL session handshake if requested to do so by the server. The target HTTPS server will in its turn verify the certificate presented by the client in order to establish client's authenticity.

Use the following sequence of actions to generate a key-store file

Since:
4.0

Field Summary
static X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER
          Deprecated.  
static X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
          Deprecated.  
static String SSL
          Deprecated.  
static String SSLV2
          Deprecated.  
static X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
          Deprecated.  
static String TLS
          Deprecated.  
 
Constructor Summary
SSLSocketFactory(KeyStore truststore)
          Deprecated.  
SSLSocketFactory(KeyStore keystore, String keystorePassword)
          Deprecated.  
SSLSocketFactory(KeyStore keystore, String keystorePassword, KeyStore truststore)
          Deprecated.  
SSLSocketFactory(SSLContext sslContext)
          Deprecated.  
SSLSocketFactory(SSLContext sslContext, HostNameResolver nameResolver)
          Deprecated.  
SSLSocketFactory(SSLContext sslContext, String[] supportedProtocols, String[] supportedCipherSuites, X509HostnameVerifier hostnameVerifier)
          Deprecated.  
SSLSocketFactory(SSLContext sslContext, X509HostnameVerifier hostnameVerifier)
          Deprecated.  
SSLSocketFactory(SSLSocketFactory socketfactory, String[] supportedProtocols, String[] supportedCipherSuites, X509HostnameVerifier hostnameVerifier)
          Deprecated.  
SSLSocketFactory(SSLSocketFactory socketfactory, X509HostnameVerifier hostnameVerifier)
          Deprecated.  
SSLSocketFactory(String algorithm, KeyStore keystore, String keyPassword, KeyStore truststore, SecureRandom random, HostNameResolver nameResolver)
          Deprecated.  
SSLSocketFactory(String algorithm, KeyStore keystore, String keyPassword, KeyStore truststore, SecureRandom random, TrustStrategy trustStrategy, X509HostnameVerifier hostnameVerifier)
          Deprecated.  
SSLSocketFactory(String algorithm, KeyStore keystore, String keyPassword, KeyStore truststore, SecureRandom random, X509HostnameVerifier hostnameVerifier)
          Deprecated.  
SSLSocketFactory(TrustStrategy trustStrategy)
          Deprecated.  
SSLSocketFactory(TrustStrategy trustStrategy, X509HostnameVerifier hostnameVerifier)
          Deprecated.  
 
Method Summary
 Socket connectSocket(int connectTimeout, Socket socket, org.apache.http.HttpHost host, InetSocketAddress remoteAddress, InetSocketAddress localAddress, org.apache.http.protocol.HttpContext context)
          Deprecated. Connects the socket to the target host with the given resolved remote address.
 Socket connectSocket(Socket socket, InetSocketAddress remoteAddress, InetSocketAddress localAddress, org.apache.http.params.HttpParams params)
          Deprecated. Connects a socket to the target host with the given remote address.
 Socket connectSocket(Socket socket, String host, int port, InetAddress local, int localPort, org.apache.http.params.HttpParams params)
          Deprecated. Connects a socket to the given host.
 Socket createLayeredSocket(Socket socket, String host, int port, boolean autoClose)
          Deprecated. Returns a socket connected to the given host that is layered over an existing socket.
 Socket createLayeredSocket(Socket socket, String target, int port, org.apache.http.protocol.HttpContext context)
          Deprecated. Returns a socket connected to the given host that is layered over an existing socket.
 Socket createLayeredSocket(Socket socket, String host, int port, org.apache.http.params.HttpParams params)
          Deprecated. Returns a socket connected to the given host that is layered over an existing socket.
 Socket createSocket()
          Deprecated. Creates a new, unconnected socket.
 Socket createSocket(org.apache.http.protocol.HttpContext context)
          Deprecated. Creates new, unconnected socket.
 Socket createSocket(org.apache.http.params.HttpParams params)
          Deprecated. Creates a new, unconnected socket.
 Socket createSocket(Socket socket, String host, int port, boolean autoClose)
          Deprecated. Returns a socket connected to the given host that is layered over an existing socket.
 X509HostnameVerifier getHostnameVerifier()
          Deprecated.  
static SSLSocketFactory getSocketFactory()
          Deprecated. Obtains default SSL socket factory with an SSL context based on the standard JSSE trust material (cacerts file in the security properties directory).
static SSLSocketFactory getSystemSocketFactory()
          Deprecated. Obtains default SSL socket factory with an SSL context based on system properties as described in "JavaTM Secure Socket Extension (JSSE) Reference Guide for the JavaTM 2 Platform Standard Edition 5
 boolean isSecure(Socket sock)
          Deprecated. Checks whether a socket connection is secure.
protected  void prepareSocket(SSLSocket socket)
          Deprecated. Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens).
 void setHostnameVerifier(X509HostnameVerifier hostnameVerifier)
          Deprecated.  
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

TLS

public static final String TLS
Deprecated. 
See Also:
Constant Field Values

SSL

public static final String SSL
Deprecated. 
See Also:
Constant Field Values

SSLV2

public static final String SSLV2
Deprecated. 
See Also:
Constant Field Values

ALLOW_ALL_HOSTNAME_VERIFIER

public static final X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER
Deprecated. 

BROWSER_COMPATIBLE_HOSTNAME_VERIFIER

public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
Deprecated. 

STRICT_HOSTNAME_VERIFIER

public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
Deprecated. 
Constructor Detail

SSLSocketFactory

public SSLSocketFactory(String algorithm,
                        KeyStore keystore,
                        String keyPassword,
                        KeyStore truststore,
                        SecureRandom random,
                        HostNameResolver nameResolver)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException
Deprecated. 
Throws:
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException

SSLSocketFactory

public SSLSocketFactory(String algorithm,
                        KeyStore keystore,
                        String keyPassword,
                        KeyStore truststore,
                        SecureRandom random,
                        TrustStrategy trustStrategy,
                        X509HostnameVerifier hostnameVerifier)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException
Deprecated. 
Throws:
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException
Since:
4.1

SSLSocketFactory

public SSLSocketFactory(String algorithm,
                        KeyStore keystore,
                        String keyPassword,
                        KeyStore truststore,
                        SecureRandom random,
                        X509HostnameVerifier hostnameVerifier)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException
Deprecated. 
Throws:
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException
Since:
4.1

SSLSocketFactory

public SSLSocketFactory(KeyStore keystore,
                        String keystorePassword,
                        KeyStore truststore)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException
Deprecated. 
Throws:
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException

SSLSocketFactory

public SSLSocketFactory(KeyStore keystore,
                        String keystorePassword)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException
Deprecated. 
Throws:
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException

SSLSocketFactory

public SSLSocketFactory(KeyStore truststore)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException
Deprecated. 
Throws:
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException

SSLSocketFactory

public SSLSocketFactory(TrustStrategy trustStrategy,
                        X509HostnameVerifier hostnameVerifier)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException
Deprecated. 
Throws:
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException
Since:
4.1

SSLSocketFactory

public SSLSocketFactory(TrustStrategy trustStrategy)
                 throws NoSuchAlgorithmException,
                        KeyManagementException,
                        KeyStoreException,
                        UnrecoverableKeyException
Deprecated. 
Throws:
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException
Since:
4.1

SSLSocketFactory

public SSLSocketFactory(SSLContext sslContext)
Deprecated. 

SSLSocketFactory

public SSLSocketFactory(SSLContext sslContext,
                        HostNameResolver nameResolver)
Deprecated. 

SSLSocketFactory

public SSLSocketFactory(SSLContext sslContext,
                        X509HostnameVerifier hostnameVerifier)
Deprecated. 
Since:
4.1

SSLSocketFactory

public SSLSocketFactory(SSLContext sslContext,
                        String[] supportedProtocols,
                        String[] supportedCipherSuites,
                        X509HostnameVerifier hostnameVerifier)
Deprecated. 
Since:
4.3

SSLSocketFactory

public SSLSocketFactory(SSLSocketFactory socketfactory,
                        X509HostnameVerifier hostnameVerifier)
Deprecated. 
Since:
4.2

SSLSocketFactory

public SSLSocketFactory(SSLSocketFactory socketfactory,
                        String[] supportedProtocols,
                        String[] supportedCipherSuites,
                        X509HostnameVerifier hostnameVerifier)
Deprecated. 
Since:
4.3
Method Detail

getSocketFactory

public static SSLSocketFactory getSocketFactory()
                                         throws SSLInitializationException
Deprecated. 
Obtains default SSL socket factory with an SSL context based on the standard JSSE trust material (cacerts file in the security properties directory). System properties are not taken into consideration.

Returns:
default SSL socket factory
Throws:
SSLInitializationException

getSystemSocketFactory

public static SSLSocketFactory getSystemSocketFactory()
                                               throws SSLInitializationException
Deprecated. 
Obtains default SSL socket factory with an SSL context based on system properties as described in "JavaTM Secure Socket Extension (JSSE) Reference Guide for the JavaTM 2 Platform Standard Edition 5

Returns:
default system SSL socket factory
Throws:
SSLInitializationException

createSocket

public Socket createSocket(org.apache.http.params.HttpParams params)
                    throws IOException
Deprecated. 
Description copied from interface: SchemeSocketFactory
Creates a new, unconnected socket. The socket should subsequently be passed to SchemeSocketFactory.connectSocket(Socket, InetSocketAddress, InetSocketAddress, HttpParams).

Specified by:
createSocket in interface SchemeSocketFactory
Parameters:
params - Optional parameters. Parameters passed to this method will have no effect. This method will create a unconnected instance of Socket class.
Returns:
a new socket
Throws:
IOException - if an I/O error occurs while creating the socket
Since:
4.1

createSocket

public Socket createSocket()
                    throws IOException
Deprecated. 
Description copied from interface: SocketFactory
Creates a new, unconnected socket. The socket should subsequently be passed to connectSocket.

Specified by:
createSocket in interface SocketFactory
Returns:
a new socket
Throws:
IOException - if an I/O error occurs while creating the socket

connectSocket

public Socket connectSocket(Socket socket,
                            InetSocketAddress remoteAddress,
                            InetSocketAddress localAddress,
                            org.apache.http.params.HttpParams params)
                     throws IOException,
                            UnknownHostException,
                            ConnectTimeoutException
Deprecated. 
Description copied from interface: SchemeSocketFactory
Connects a socket to the target host with the given remote address.

Please note that HttpInetSocketAddress class should be used in order to pass the target remote address along with the original HttpHost value used to resolve the address. The use of HttpInetSocketAddress can also ensure that no reverse DNS lookup will be performed if the target remote address was specified as an IP address.

Specified by:
connectSocket in interface SchemeSocketFactory
Parameters:
socket - the socket to connect, as obtained from createSocket. null indicates that a new socket should be created and connected.
remoteAddress - the remote address to connect to.
localAddress - the local address to bind the socket to, or null for any
params - additional parameters for connecting
Returns:
the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.
Throws:
IOException - if an I/O error occurs
UnknownHostException - if the IP address of the target host can not be determined
ConnectTimeoutException - if the socket cannot be connected within the time limit defined in the params
Since:
4.1
See Also:
HttpInetSocketAddress

isSecure

public boolean isSecure(Socket sock)
                 throws IllegalArgumentException
Deprecated. 
Checks whether a socket connection is secure. This factory creates TLS/SSL socket connections which, by default, are considered secure.

Derived classes may override this method to perform runtime checks, for example based on the cypher suite.

Specified by:
isSecure in interface SchemeSocketFactory
Specified by:
isSecure in interface SocketFactory
Parameters:
sock - the connected socket
Returns:
true
Throws:
IllegalArgumentException - if the argument is invalid

createLayeredSocket

public Socket createLayeredSocket(Socket socket,
                                  String host,
                                  int port,
                                  org.apache.http.params.HttpParams params)
                           throws IOException,
                                  UnknownHostException
Deprecated. 
Description copied from interface: SchemeLayeredSocketFactory
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.

Specified by:
createLayeredSocket in interface SchemeLayeredSocketFactory
Parameters:
socket - the existing socket
host - the name of the target host.
port - the port to connect to on the target host
params - HTTP parameters
Returns:
Socket a new socket
Throws:
IOException - if an I/O error occurs while creating the socket
UnknownHostException - if the IP address of the host cannot be determined
Since:
4.2

createLayeredSocket

public Socket createLayeredSocket(Socket socket,
                                  String host,
                                  int port,
                                  boolean autoClose)
                           throws IOException,
                                  UnknownHostException
Deprecated. 
Description copied from interface: LayeredSchemeSocketFactory
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.

Specified by:
createLayeredSocket in interface LayeredSchemeSocketFactory
Parameters:
socket - the existing socket
host - the name of the target host.
port - the port to connect to on the target host
autoClose - a flag for closing the underling socket when the created socket is closed
Returns:
Socket a new socket
Throws:
IOException - if an I/O error occurs while creating the socket
UnknownHostException - if the IP address of the host cannot be determined

setHostnameVerifier

public void setHostnameVerifier(X509HostnameVerifier hostnameVerifier)
Deprecated. 

getHostnameVerifier

public X509HostnameVerifier getHostnameVerifier()
Deprecated. 

connectSocket

public Socket connectSocket(Socket socket,
                            String host,
                            int port,
                            InetAddress local,
                            int localPort,
                            org.apache.http.params.HttpParams params)
                     throws IOException,
                            UnknownHostException,
                            ConnectTimeoutException
Deprecated. 
Description copied from interface: SocketFactory
Connects a socket to the given host.

Specified by:
connectSocket in interface SocketFactory
Parameters:
socket - the socket to connect, as obtained from createSocket. null indicates that a new socket should be created and connected.
host - the host to connect to
port - the port to connect to on the host
local - the local address to bind the socket to, or null for any
localPort - the port on the local machine, 0 or a negative number for any
params - additional parameters for connecting
Returns:
the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.
Throws:
IOException - if an I/O error occurs
UnknownHostException - if the IP address of the target host can not be determined
ConnectTimeoutException - if the socket cannot be connected within the time limit defined in the params

createSocket

public Socket createSocket(Socket socket,
                           String host,
                           int port,
                           boolean autoClose)
                    throws IOException,
                           UnknownHostException
Deprecated. 
Description copied from interface: LayeredSocketFactory
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.

Specified by:
createSocket in interface LayeredSocketFactory
Parameters:
socket - the existing socket
host - the host name/IP
port - the port on the host
autoClose - a flag for closing the underling socket when the created socket is closed
Returns:
Socket a new socket
Throws:
IOException - if an I/O error occurs while creating the socket
UnknownHostException - if the IP address of the host cannot be determined

prepareSocket

protected void prepareSocket(SSLSocket socket)
                      throws IOException
Deprecated. 
Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens). The default implementation is a no-op, but could be overridden to, e.g., call SSLSocket.setEnabledCipherSuites(java.lang.String[]).

Throws:
IOException - (only if overridden)
Since:
4.2

createSocket

public Socket createSocket(org.apache.http.protocol.HttpContext context)
                    throws IOException
Deprecated. 
Description copied from interface: ConnectionSocketFactory
Creates new, unconnected socket. The socket should subsequently be passed to connectSocket method.

Specified by:
createSocket in interface ConnectionSocketFactory
Returns:
a new socket
Throws:
IOException - if an I/O error occurs while creating the socket

connectSocket

public Socket connectSocket(int connectTimeout,
                            Socket socket,
                            org.apache.http.HttpHost host,
                            InetSocketAddress remoteAddress,
                            InetSocketAddress localAddress,
                            org.apache.http.protocol.HttpContext context)
                     throws IOException
Deprecated. 
Description copied from interface: ConnectionSocketFactory
Connects the socket to the target host with the given resolved remote address.

Specified by:
connectSocket in interface ConnectionSocketFactory
Parameters:
connectTimeout - connect timeout.
socket - the socket to connect, as obtained from ConnectionSocketFactory.createSocket(HttpContext). null indicates that a new socket should be created and connected.
host - target host as specified by the caller (end user).
remoteAddress - the resolved remote address to connect to.
localAddress - the local address to bind the socket to, or null for any.
context - the actual HTTP context.
Returns:
the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.
Throws:
IOException - if an I/O error occurs

createLayeredSocket

public Socket createLayeredSocket(Socket socket,
                                  String target,
                                  int port,
                                  org.apache.http.protocol.HttpContext context)
                           throws IOException
Deprecated. 
Description copied from interface: LayeredConnectionSocketFactory
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.

Specified by:
createLayeredSocket in interface LayeredConnectionSocketFactory
Parameters:
socket - the existing socket
target - the name of the target host.
port - the port to connect to on the target host.
context - the actual HTTP context.
Returns:
Socket a new socket
Throws:
IOException - if an I/O error occurs while creating the socket
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 1999–2020 The Apache Software Foundation. All rights reserved.