|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--javax.net.SocketFactory | +--javax.net.ssl.SSLSocketFactory | +--com.dstc.security.ssl.SSLSocketFactory
A concrete factory for SSLSocket
implementations.
Constructor Summary | |
SSLSocketFactory()
Create a default SSL socket factory. |
Method Summary | |
Socket |
createSocket(InetAddress host,
int port)
Returns a socket connected to a ServerSocket at the specified network address and port. |
Socket |
createSocket(InetAddress host,
int port,
InetAddress clientHost,
int clientPort)
Returns a socket connected to a ServerSocket at the specified network address and port. |
Socket |
createSocket(Socket s,
String host,
int port,
boolean autoClose)
Returns a socket layered over an existing socket to a ServerSocket on the named host, at the given port. |
Socket |
createSocket(String host,
int port)
Returns a socket connected to a ServerSocket on the named host, at the given port. |
Socket |
createSocket(String host,
int port,
InetAddress clientHost,
int clientPort)
Returns a socket connected to a ServerSocket on the named host, at the given port. |
String[] |
getDefaultCipherSuites()
Returns the list of cipher suites which are enabled by default. |
static SSLSocketFactory |
getInstance(SecureRandom rand,
PrivateKey priv,
X509Certificate[] certs,
TrustEngine trustEngine,
String[] suites)
Create a new SSLSocketFactory. |
static SSLSocketFactory |
getInstance(SecureRandom rand,
PrivateKey priv,
X509Certificate[] certs,
TrustEngine trustEngine,
String[] suites,
int cacheLimit,
int lifetime)
Create a new SSLSocketFactory, with specific parameters for its session cache. |
String[] |
getSupportedCipherSuites()
Returns the names of all the cipher suites that this SSLSocket factory supports. |
void |
setDebugLevel(int level)
Enable or disable SSL debugging output: |
void |
setSessionResumptionForbidden(boolean flag)
Set the state of the "session resumption forbidden" flag. |
Methods inherited from class javax.net.ssl.SSLSocketFactory |
getDefault |
Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
Constructor Detail |
public SSLSocketFactory() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException
SSLSocketFactory.getDefault()
.
This socket factory supports server authentication, using a TrustEngine
from BasicTrustEngine.getDefault()
. It does not support client
authentication, so it does not have a private key or cert path, and it
uses default parameters for SecureRandom, session-cache size and lifetime,
and a default list of cipher suites. In the current release this default
list is
{ "SSL_RSA_WITH_IDEA_CBC_SHA",
"SSL_RSA_WITH_RC4_128_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5" }
If these default parameters are not suitable, use a static
getInstance
method instead.
Method Detail |
public static SSLSocketFactory getInstance(SecureRandom rand, PrivateKey priv, X509Certificate[] certs, TrustEngine trustEngine, String[] suites)
This method uses default values for the session cache that is created for this factory. These defaults are subject to change, but indicative values are a maximum lifetime in the session cache of 5 minutes, and a maximum of 10 entries in the cache.
The parameter values for this method are more fully described in
getInstance(SecureRandom,PrivateKey,X509Certificate[],
TrustEngine,String[],int,int)
rand
- a SecureRandom implementation, or null
(in which case a default SecureRandom will be used)priv
- the PrivateKey of this client, or normally null
certs
- the X509Certificate or certificate path of this client, or
normally null
.trustEngine
- a TrustEngine, or null
suites
- an array of names of cipher suites, or null
public static SSLSocketFactory getInstance(SecureRandom rand, PrivateKey priv, X509Certificate[] certs, TrustEngine trustEngine, String[] suites, int cacheLimit, int lifetime)
Each of the reference parameters to this method may be null
;
normally most, but not all, of these parameters will be null
.
By default, an SSL client authenticates a server but not vice versa.
As a result the second and third parameters of this method may be
null
, but the fourth parameter, the TrustEngine, must
normally be non-null
. The TrustEngine is not needed, and
may be set to null
, only if
DH_anon
(not supported in this release),
or
setUseClientMode(false)
.
null
if
setUseClientMode(false)
.
null
or both are non-null
,
certs[0].getPublicKey()
must be a
key pair
certs.length > 1
, the elements must be a cert
path (or an initial subset of a cert path), in the correct order.
The fifth parameter, an array of String names of cipher suites, is used
to set the default set of enabled cipher suites for SSLSocket
instances created by this factory, i.e. the value that will be returned by
getDefaultCipherSuites()
.
A null
value for this parameter selects the default list
defined in SSLSocketFactory()
.
rand
- a SecureRandom implementation, or null
(in which case a default SecureRandom will be used)priv
- the PrivateKey of this client, or normally null
certs
- the X509Certificate or certificate path of this client, or
normally null
. This parameter must be consistent
with the priv
parameter; see above for detailstrustEngine
- a TrustEngine, or null
suites
- an array of names of cipher suites, or null
cacheLimit
- the integer maximum number of session-cache entrieslifetime
- the integer maximum lifetime (in milliseconds) of entries
in the session cachepublic String[] getDefaultCipherSuites()
public String[] getSupportedCipherSuites()
In the current release this factory supports the suites listed in section A.5 of RFC 2246 except the anonymous Diffie-Hellman suites. That is, it supports the ten TLS_RSA_* suites, six TLS_DH_* suites and six TLS_DHE_* suites, but not the five TLS_DH_anon_* suites.
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException
public Socket createSocket(InetAddress host, int port) throws IOException, UnknownHostException
host
- the server hostport
- the server portpublic Socket createSocket(InetAddress host, int port, InetAddress clientHost, int clientPort) throws IOException, UnknownHostException
address
- the server network addressport
- the server portclientAddress
- the client network addressclientPort
- the client portpublic Socket createSocket(String host, int port) throws IOException
host
- the server hostport
- the server portpublic Socket createSocket(String host, int port, InetAddress clientHost, int clientPort) throws IOException
host
- the server hostport
- the server portclientHost
- the client hostclientPort
- the client portpublic void setDebugLevel(int level)
At startup the debugging level is set from the System property "com.dstc.security.ssl.debug_level"; the value may be changed at run time by calling this method.
The debugging levels are:
level
- the integer debugging level to setpublic void setSessionResumptionForbidden(boolean flag)
false
.
An SSL client or server may use the following session policies:
SSLSocket
API provides
SSLSocket.setEnableSessionCreation(boolean)
,
where false
selects (2) and true
selects (3).
JCSI adds this method, where true
selects (1).
Note that combining setEnableSessionCreation(false)
and setSessionResumptionForbidden(true)
is not supported.
flag
- a boolean value; if true
, session resumption
is disallowed.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |