IT. Expert System.

Android Reference

SSLCertificateSocketFactory


android.net

Class SSLCertificateSocketFactory


  • public class SSLCertificateSocketFactory
extends SSLSocketFactory
    SSLSocketFactory implementation with several extra features:
    • Timeout specification for SSL handshake operations
    • Hostname verification in most cases (see WARNINGs below)
    • Optional SSL session caching with SSLSessionCache
    • Optionally bypass all SSL certificate checks
    The handshake timeout does not apply to actual TCP socket connection. If you want a connection timeout as well, use createSocket() and Socket.connect(SocketAddress, int), after which you must verify the identity of the server you are connected to.

    Most SSLSocketFactory implementations do not verify the server's identity, allowing man-in-the-middle attacks. This implementation does check the server's certificate hostname, but only for createSocket variants that specify a hostname. When using methods that use InetAddress or which return an unconnected socket, you MUST verify the server's identity yourself to ensure a secure connection.

    One way to verify the server's identity is to use HttpsURLConnection.getDefaultHostnameVerifier() to get a HostnameVerifier to verify the certificate hostname.

    On development devices, "setprop socket.relaxsslcheck yes" bypasses all SSL certificate and hostname checks for testing purposes. This setting requires root access.

    • Constructor Detail

      • SSLCertificateSocketFactory

        @Deprecated
public SSLCertificateSocketFactory(int handshakeTimeoutMillis)
        Deprecated. Use getDefault(int) instead.

    • Method Detail

      • getDefault

        public static SocketFactory getDefault(int handshakeTimeoutMillis)
        Returns a new socket factory instance with an optional handshake timeout.
        Parameters:
        handshakeTimeoutMillis - to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake.
        Returns:
        a new SSLSocketFactory with the specified parameters

      • getDefault

        public static SSLSocketFactory getDefault(int handshakeTimeoutMillis,
                          SSLSessionCache cache)
        Returns a new socket factory instance with an optional handshake timeout and SSL session cache.
        Parameters:
        handshakeTimeoutMillis - to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake.
        cache - The SSLSessionCache to use, or null for no cache.
        Returns:
        a new SSLSocketFactory with the specified parameters

      • getInsecure

        public static SSLSocketFactory getInsecure(int handshakeTimeoutMillis,
                           SSLSessionCache cache)
        Returns a new instance of a socket factory with all SSL security checks disabled, using an optional handshake timeout and SSL session cache.

        Warning: Sockets created using this factory are vulnerable to man-in-the-middle attacks!

        Parameters:
        handshakeTimeoutMillis - to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake.
        cache - The SSLSessionCache to use, or null for no cache.
        Returns:
        an insecure SSLSocketFactory with the specified parameters

      • getHttpSocketFactory

        public static org.apache.http.conn.ssl.SSLSocketFactory getHttpSocketFactory(int handshakeTimeoutMillis,
                                                             SSLSessionCache cache)
        Returns a socket factory (also named SSLSocketFactory, but in a different namespace) for use with the Apache HTTP stack.
        Parameters:
        handshakeTimeoutMillis - to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake.
        cache - The SSLSessionCache to use, or null for no cache.
        Returns:
        a new SocketFactory with the specified parameters

      • verifyHostname

        public static void verifyHostname(Socket socket,
                  String hostname)
                           throws IOException
        Verify the hostname of the certificate used by the other end of a connected socket. You MUST call this if you did not supply a hostname to createSocket(). It is harmless to call this method redundantly if the hostname has already been verified.

        Wildcard certificates are allowed to verify any matching hostname, so "foo.bar.example.com" is verified if the peer has a certificate for "*.example.com".

        Parameters:
        socket - An SSL socket which has been connected to a server
        hostname - The expected hostname of the remote server
        Throws:
        IOException - if something goes wrong handshaking with the server
        SSLPeerUnverifiedException - if the server cannot prove its identity

      • setTrustManagers

        public void setTrustManagers(TrustManager[] trustManager)
        Sets the TrustManagers to be used for connections made by this factory.

      • setNpnProtocols

        public void setNpnProtocols(byte[][] npnProtocols)
        Sets the Next Protocol Negotiation (NPN) protocols that this peer is interested in.

        For servers this is the sequence of protocols to advertise as supported, in order of preference. This list is sent unencrypted to all clients that support NPN.

        For clients this is a list of supported protocols to match against the server's list. If there is no protocol supported by both client and server then the first protocol in the client's list will be selected. The order of the client's protocols is otherwise insignificant.

        Parameters:
        npnProtocols - a non-empty list of protocol byte arrays. All arrays must be non-empty and of length less than 256.

      • getNpnSelectedProtocol

        public byte[] getNpnSelectedProtocol(Socket socket)
        Returns the Next Protocol Negotiation (NPN) protocol selected by client and server, or null if no protocol was negotiated.
        Parameters:
        socket - a socket created by this factory.
        Throws:
        IllegalArgumentException - if the socket was not created by this factory.

      • setKeyManagers

        public void setKeyManagers(KeyManager[] keyManagers)
        Sets the KeyManagers to be used for connections made by this factory.

      • setUseSessionTickets

        public void setUseSessionTickets(Socket socket,
                        boolean useSessionTickets)
        Enables session ticket support on the given socket.
        Parameters:
        socket - a socket created by this factory
        useSessionTickets - true to enable session ticket support on this socket.
        Throws:
        IllegalArgumentException - if the socket was not created by this factory.

      • setSoWriteTimeout

        public void setSoWriteTimeout(Socket socket,
                     int writeTimeoutMilliseconds)
                       throws SocketException
        Sets this socket's SO_SNDTIMEO write timeout in milliseconds. Use 0 for no timeout. To take effect, this option must be set before the blocking method was called.
        Parameters:
        socket - a socket created by this factory.
        timeout - the desired write timeout in milliseconds.
        Throws:
        IllegalArgumentException - if the socket was not created by this factory.
        SocketException

      • createSocket

        public Socket createSocket(Socket k,
                  String host,
                  int port,
                  boolean close)
                    throws IOException
        Creates an SSLSocket over the specified socket that is connected to the specified host at the specified port.

        This method verifies the peer's certificate hostname after connecting (unless created with getInsecure(int, SSLSessionCache)).

        Specified by:
        createSocket in class SSLSocketFactory
        Parameters:
        k - the socket.
        host - the host.
        port - the port number.
        close - true if socket s should be closed when the created socket is closed, false if the socket s should be left open.
        Returns:
        the creates ssl socket.
        Throws:
        IOException - if creating the socket fails.
        UnknownHostException - if the host is unknown.

      • createSocket

        public Socket createSocket()
                    throws IOException
        Creates a new socket which is not connected to any remote host. You must use Socket.connect(java.net.SocketAddress) to connect the socket.

        Warning: Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid man-in-the-middle attacks.

        Overrides:
        createSocket in class SocketFactory
        Returns:
        the created unconnected socket.
        Throws:
        IOException - if an error occurs while creating a new socket.

      • createSocket

        public Socket createSocket(InetAddress addr,
                  int port,
                  InetAddress localAddr,
                  int localPort)
                    throws IOException
        Creates a new socket which is connected to the remote host specified by the InetAddress address. The socket is bound to the local network interface specified by the InetAddress localHost on port localPort.

        Warning: Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid man-in-the-middle attacks.

        Specified by:
        createSocket in class SocketFactory
        Parameters:
        addr - the remote host address the socket has to be connected to.
        port - the port number of the remote host at which the socket is connected.
        localAddr - the local host address the socket is bound to.
        localPort - the port number of the local host at which the socket is bound.
        Returns:
        the created connected socket.
        Throws:
        IOException - if an error occurs while creating a new socket.

      • createSocket

        public Socket createSocket(InetAddress addr,
                  int port)
                    throws IOException
        Creates a new socket which is connected to the remote host specified by the InetAddress host. The socket is bound to any available local address and port.

        Warning: Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid man-in-the-middle attacks.

        Specified by:
        createSocket in class SocketFactory
        Parameters:
        addr - the host address the socket has to be connected to.
        port - the port number of the remote host at which the socket is connected.
        Returns:
        the created connected socket.
        Throws:
        IOException - if an error occurs while creating a new socket.

      • createSocket

        public Socket createSocket(String host,
                  int port,
                  InetAddress localAddr,
                  int localPort)
                    throws IOException
        Creates a new socket which is connected to the remote host specified by the parameters host and port. The socket is bound to the local network interface specified by the InetAddress localHost on port localPort.

        This method verifies the peer's certificate hostname after connecting (unless created with getInsecure(int, SSLSessionCache)).

        Specified by:
        createSocket in class SocketFactory
        Parameters:
        host - the remote host address the socket has to be connected to.
        port - the port number of the remote host at which the socket is connected.
        localAddr - the local host address the socket is bound to.
        localPort - the port number of the local host at which the socket is bound.
        Returns:
        the created connected socket.
        Throws:
        IOException - if an error occurs while creating a new socket.
        UnknownHostException - if the specified host is unknown or the IP address could not be resolved.

      • createSocket

        public Socket createSocket(String host,
                  int port)
                    throws IOException
        Creates a new socket which is connected to the remote host specified by the parameters host and port. The socket is bound to any available local address and port.

        This method verifies the peer's certificate hostname after connecting (unless created with getInsecure(int, SSLSessionCache)).

        Specified by:
        createSocket in class SocketFactory
        Parameters:
        host - the remote host address the socket has to be connected to.
        port - the port number of the remote host at which the socket is connected.
        Returns:
        the created connected socket.
        Throws:
        IOException - if an error occurs while creating a new socket.
        UnknownHostException - if the specified host is unknown or the IP address could not be resolved.

      • getDefaultCipherSuites

        public String[] getDefaultCipherSuites()
        Description copied from class: SSLSocketFactory
        Returns the names of the cipher suites that are enabled by default.
        Specified by:
        getDefaultCipherSuites in class SSLSocketFactory
        Returns:
        the names of the cipher suites that are enabled by default.

      • getSupportedCipherSuites

        public String[] getSupportedCipherSuites()
        Description copied from class: SSLSocketFactory
        Returns the names of the cipher suites that are supported and could be enabled for an SSL connection.
        Specified by:
        getSupportedCipherSuites in class SSLSocketFactory
        Returns:
        the names of the cipher suites that are supported.


Content

Android Reference

Java basics

Java Enterprise Edition (EE)

Java Standard Edition (SE)

SQL

HTML

PHP

CSS

Java Script

MYSQL

JQUERY

VBS

REGEX

C

C++

C#

Design patterns

RFC (standard status)

RFC (proposed standard status)

RFC (draft standard status)

RFC (informational status)

RFC (experimental status)

RFC (best current practice status)

RFC (historic status)

RFC (unknown status)

IT dictionary

License.
All information of this service is derived from the free sources and is provided solely in the form of quotations. This service provides information and interfaces solely for the familiarization (not ownership) and under the "as is" condition.
Copyright 2016 © ELTASK.COM. All rights reserved.
Site is optimized for mobile devices.
Downloads: 594 / 159530532. Delta: 0.03415 с