|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--java.net.Socket | +--javax.net.ssl.SSLSocket
SSLSocket is a class extended by sockets which support the "Secure Sockets Layer" (SSL) or IETF "Transport Layer Security" (TLS) protocols. Such sockets are normal stream sockets (java.net.Socket), but they add a layer of security protections over the underlying network transport protocol, such as TCP. Those protections include:
These kinds of protection are specified by a "cipher suite", which is a combination of cryptographic algorithms used by a given SSL connection. For example, how is integrity protection provided (what kind of message digest is used), how and whether the traffic is privacy-protected, and how authentication keys are exchanged.
The cipher suite used is established by a negotiation process, between SSL clients and servers, which is called "handshaking". The goal of this process is to create or rejoin a "session", which may protect many connections over time. After handshaking has completed, you can get access to session attributes using the getSession method. Handshaking is fully transparent in most cases, but may be explicitly initiated.
You may register to receive event notification of handshake completion, using the standard Java Beans event model. This involves the use of two additional classes. HandshakeCompletedEvent objects are passed to HandshakeCompletedListener instances, which are implemented by users of this API.
Implementation defaults are required to enable use only of cipher suites which authenticate servers, and which provide confidentiality. The client and server must both agree on a common cipher suite in order to communicate. Only if both explicitly agree to unauthenticated or nonprivate communications will those security protections not exist.
There are two groups of cipher suites which you will need to know about when managing cipher suites, in addition to the default list and the active suite associated with the connection's session:
Socket
,
SSLServerSocket
,
SSLSocketFactory
Constructor Summary | |
protected |
SSLSocket()
Used only by subclasses. |
protected |
SSLSocket(InetAddress address,
int port)
Used only by subclasses. |
protected |
SSLSocket(InetAddress address,
int port,
InetAddress clientAddress,
int clientPort)
Used only by subclasses. |
protected |
SSLSocket(String host,
int port)
Used only by subclasses. |
protected |
SSLSocket(String host,
int port,
InetAddress clientAddress,
int clientPort)
Used only by subclasses. |
Method Summary | |
abstract void |
addHandshakeCompletedListener(HandshakeCompletedListener listener)
Registers an event listener to receive notifications that an SSL handshake has completed on this connection. |
abstract String[] |
getEnabledCipherSuites()
Returns the names of the SSL cipher suites which are currently enabled for use on this connection. |
abstract boolean |
getEnableSessionCreation()
Returns true if new SSL sessions may be established by this socket. |
abstract boolean |
getNeedClientAuth()
Returns true if the socket will require client authentication. |
abstract SSLSession |
getSession()
Returns the the SSL Session in use by this connection. |
abstract String[] |
getSupportedCipherSuites()
Returns the names of the cipher suites which could be enabled for use on an SSL connection. |
abstract boolean |
getUseClientMode()
Returns true if the socket is set to use client mode in its first handshake. |
abstract void |
removeHandshakeCompletedListener(HandshakeCompletedListener listener)
Removes a previously registered handshake completion listener. |
abstract void |
setEnabledCipherSuites(String[] suites)
Controls which particular cipher suites are enabled for use on this connection. |
abstract void |
setEnableSessionCreation(boolean flag)
Controls whether new SSL sessions may be established by this socket. |
abstract void |
setNeedClientAuth(boolean need)
Configures the socket to require client authentication. |
abstract void |
setUseClientMode(boolean mode)
Configures the socket to use client (or server) mode in its first handshake. |
abstract void |
startHandshake()
Starts an SSL handshake on this connection. |
Methods inherited from class java.net.Socket |
close,
getInetAddress,
getInputStream,
getLocalAddress,
getLocalPort,
getOutputStream,
getPort,
getReceiveBufferSize,
getSendBufferSize,
getSoLinger,
getSoTimeout,
getTcpNoDelay,
setReceiveBufferSize,
setSendBufferSize,
setSocketImplFactory,
setSoLinger,
setSoTimeout,
setTcpNoDelay,
toString |
Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
wait,
wait,
wait |
Constructor Detail |
protected SSLSocket()
protected SSLSocket(String host, int port) throws IOException, UnknownHostException
host
- name of the host with which to connectport
- number of the server's portprotected SSLSocket(InetAddress address, int port) throws IOException, UnknownHostException
address
- the server's hostport
- its portprotected SSLSocket(String host, int port, InetAddress clientAddress, int clientPort) throws IOException, UnknownHostException
host
- name of the host with which to connectport
- number of the server's portprotected SSLSocket(InetAddress address, int port, InetAddress clientAddress, int clientPort) throws IOException, UnknownHostException
address
- the server's hostport
- its portMethod Detail |
public abstract String[] getSupportedCipherSuites()
public abstract String[] getEnabledCipherSuites()
setEnabledCipherSuites(java.lang.String[])
public abstract void setEnabledCipherSuites(String[] suites)
suites
- Names of all the cipher suites to enable.getEnabledCipherSuites()
public abstract SSLSession getSession()
public abstract void addHandshakeCompletedListener(HandshakeCompletedListener listener)
startHandshake()
,
removeHandshakeCompletedListener(javax.net.ssl.HandshakeCompletedListener)
public abstract void removeHandshakeCompletedListener(HandshakeCompletedListener listener)
addHandshakeCompletedListener(javax.net.ssl.HandshakeCompletedListener)
public abstract void startHandshake() throws IOException
If data has already been sent on the connection, it continues to flow during this handshake. When the handshake completes, this will be signaled with an event. This method is synchronous for the initial handshake on a connection and returns when the negotiated handshake is complete. Some protocols may not support multiple handshakes on an existing socket and may throw an IOException.
addHandshakeCompletedListener(javax.net.ssl.HandshakeCompletedListener)
public abstract void setUseClientMode(boolean mode)
mode
- true iff the socket should start its first handshake
in "client" modepublic abstract boolean getUseClientMode()
setUseClientMode(boolean)
public abstract void setNeedClientAuth(boolean need)
need
- true iff the server mode socket should request that
the client authenticate itself.public abstract boolean getNeedClientAuth()
setNeedClientAuth(boolean)
public abstract void setEnableSessionCreation(boolean flag)
flag
- true indicates that sessions may be created; this
is the default. false indicates that an existing session
must be resumed.public abstract boolean getEnableSessionCreation()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |