|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--javax.net.ServerSocketFactory | +--javax.net.ssl.SSLServerSocketFactory | +--com.dstc.security.ssl.SSLServerSocketFactory
A concrete factory for SSLServerSocket
implementations.
Constructor Summary | |
SSLServerSocketFactory()
Create the default SSL server socket factory. |
Method Summary | |
ServerSocket |
createServerSocket(int port)
Returns a server socket which uses all network interfaces on the host, and is bound to the specified port. |
ServerSocket |
createServerSocket(int port,
int backlog)
Returns a server socket which uses all network interfaces on the host, is bound to a the specified port, and uses the specified connection backlog. |
ServerSocket |
createServerSocket(int port,
int backlog,
InetAddress ifAddress)
Returns a server socket which uses only the specified network interface on the local host, is bound to a the specified port, and uses the specified connection backlog. |
String[] |
getDefaultCipherSuites()
Returns the list of cipher suites which are enabled by default. |
static SSLServerSocketFactory |
getInstance(SecureRandom rand,
PrivateKey priv,
X509Certificate[] certs,
TrustEngine trustEngine,
String[] suites)
Create a new SSLServerSocketFactory. |
static SSLServerSocketFactory |
getInstance(SecureRandom rand,
PrivateKey priv,
X509Certificate[] certs,
TrustEngine trustEngine,
String[] suites,
int cacheLimit,
int lifetime)
Create a new SSLServerSocketFactory, with specific parameters for its session cache. |
String[] |
getSupportedCipherSuites()
Returns the names of all the cipher suites that this SSLServerSocket factory supports. |
void |
setDebugLevel(int level)
Enable or disable SSL debugging output: |
void |
setNeedClientAuth(boolean flag)
Set the state of the "client authentication required" flag. |
void |
setSessionResumptionForbidden(boolean flag)
Set the state of the "session resumption forbidden" flag. |
Methods inherited from class javax.net.ssl.SSLServerSocketFactory |
getDefault |
Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
Constructor Detail |
public SSLServerSocketFactory()
SSLServerSocketFactory.getDefault()
.
Note that, in this release, this constructor cannot produce a usable factory for SSL server-mode applications (because it would need a private-key / public-key (certificate) pair in order to be useful), so instead this constructor always throws a runtime exception.
The getInstance
static methods should be used instead to create a usable
SSLServerSocketFactory.
Method Detail |
public static SSLServerSocketFactory getInstance(SecureRandom rand, PrivateKey priv, X509Certificate[] certs, TrustEngine trustEngine, String[] suites)
This method uses default values for the session cache that is created for this factory. These defaults are subject to change, but indicative values are a maximum lifetime in the session cache of 5 minutes, and a maximum of 10 entries in the cache.
The parameter values for this method are more fully described in
getInstance(SecureRandom,PrivateKey,X509Certificate[],
TrustEngine,String[],int,int)
rand
- a SecureRandom implementation, or null
(in which case a default SecureRandom will be used)priv
- the PrivateKey of this server, or null
certs
- the X509Certificate or certificate path of this server, or
null
.trustEngine
- a TrustEngine, or normally null
suites
- an array of names of cipher suites, or null
public static SSLServerSocketFactory getInstance(SecureRandom rand, PrivateKey priv, X509Certificate[] certs, TrustEngine trustEngine, String[] suites, int cacheLimit, int lifetime)
Each of the reference parameters to this method may be null
;
normally most, but not all, of these parameters will be null
.
By default, an SSL client authenticates a server but not vice versa. Thus this server will generally need a private key and the corresponding certificate (or certificate path); the second and third parameters of this method convey this information. These two parameters must be consistent:
null
or both are non-null
,
certs[0].getPublicKey()
must be a
key pair
certs.length > 1
, the elements must be a cert
path (or an initial subset of a cert path), in the correct order.
null
,
only if
DH_anon
(not supported in this release),
or
setUseClientMode(true)
.
The fourth parameter, a TrustEngine, is only needed if this server
also desires to authenticate the SSL client,
i.e. setNeedClientAuth(true)
, or if some of the server
sockets created by this factory will actually be used in SSL client mode.
The fifth parameter, an array of String names of cipher suites, is used
to set the default set of enabled cipher suites for SSLServerSocket
instances created by this factory, i.e. the value that will be returned by
getDefaultCipherSuites()
.
A null
value for this parameter selects the list
returned by getSupportedCipherSuites()
.
rand
- a SecureRandom implementation, or null
(in which case a default SecureRandom will be used)priv
- the PrivateKey of this server, or null
certs
- the X509Certificate or certificate path of this server, or
null
. This parameter must be consistent with
the priv
parameter; see above for detailstrustEngine
- a TrustEngine, or normally null
suites
- an array of names of cipher suites, or null
cacheLimit
- the integer maximum number of session-cache entrieslifetime
- the integer maximum lifetime (in milliseconds) of entries
in the session cacheTrustEngine
,
BasicTrustEngine
public String[] getDefaultCipherSuites()
public String[] getSupportedCipherSuites()
In the current release this factory supports the suites listed in section A.5 of RFC 2246 except the anonymous Diffie-Hellman suites. That is, it supports the ten TLS_RSA_* suites, six TLS_DH_* suites and six TLS_DHE_* suites, but not the five TLS_DH_anon_* suites.
public ServerSocket createServerSocket(int port) throws IOException
port
- the port to listen topublic ServerSocket createServerSocket(int port, int backlog) throws IOException
port
- the port to listen tobacklog
- how many connections are queuedpublic ServerSocket createServerSocket(int port, int backlog, InetAddress ifAddress) throws IOException
port
- the port to listen tobacklog
- how many connections are queuedifAddress
- the network interface address to usepublic void setDebugLevel(int level)
At startup the debugging level is set from the System property "com.dstc.security.ssl.debug_level"; the value may be changed at run time by calling this method.
The debugging levels are:
level
- the integer debugging level to setpublic void setSessionResumptionForbidden(boolean flag)
false
.
An SSL server or client may use the following session policies:
SSLSocket
and
SSLServerSocket
APIs provide
SSLSocket.setEnableSessionCreation(boolean)
,
where false
selects (2) and true
selects (3).
JCSI adds this method, where true
selects (1).
Note that combining setEnableSessionCreation(false)
and setSessionResumptionForbidden(true)
is not supported.
flag
- a boolean value; if true
, session resumption
is disallowed.public void setNeedClientAuth(boolean flag)
false
.
Note that this flag is only relevant for SSL server mode;
if setUseClientMode(true)
then this flag does not apply.
flag
- a boolean that specifies whether server sockets
should request credentials from SSL clients.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |