public
class
SSLCertificateSocketFactory
extends SSLSocketFactory
| java.lang.Object | |||
| ↳ | javax.net.SocketFactory | ||
| ↳ | javax.net.ssl.SSLSocketFactory | ||
| ↳ | android.net.SSLCertificateSocketFactory | ||
SSLSocketFactory implementation with several extra features:
Developers
SSLSessionCache
createSocket()
and connect(SocketAddress, int), after which you
must verify the identity of the server you are connected to.
Most SSLSocketFactory implementations do not
verify the server's identity, allowing man-in-the-middle attacks.
This implementation does check the server's certificate hostname, but only
for createSocket variants that specify a hostname. When using methods that
use InetAddress or which return an unconnected socket, you MUST
verify the server's identity yourself to ensure a secure connection.
One way to verify the server's identity is to use
getDefaultHostnameVerifier() to get a
HostnameVerifier to verify the certificate hostname.
On development devices, "setprop socket.relaxsslcheck yes" bypasses all SSL certificate and hostname checks for testing purposes. This setting requires root access.
Public constructors | |
|---|---|
SSLCertificateSocketFactory(int handshakeTimeoutMillis)
This constructor was deprecated
in API level 8.
Use |
|
Public methods | |
|---|---|
Socket
|
createSocket(String host, int port)
Creates a socket and connects it to the specified remote host at the specified remote port. This method verifies the peer's certificate hostname after connecting
(unless created with |
Socket
|
createSocket(Socket k, String host, int port, boolean close)
Returns a socket layered over an existing socket connected to the named host, at the given port. This method verifies the peer's certificate hostname after connecting
(unless created with |
Socket
|
createSocket()
Creates a new socket which is not connected to any remote host. |
Socket
|
createSocket(InetAddress addr, int port, InetAddress localAddr, int localPort)
Creates a socket and connect it to the specified remote address on the specified remote port. Warning: Hostname verification is not performed with this method. |
Socket
|
createSocket(InetAddress addr, int port)
Creates a socket and connects it to the specified port number at the specified address. Warning: Hostname verification is not performed with this method. |
Socket
|
createSocket(String host, int port, InetAddress localAddr, int localPort)
Creates a socket and connects it to the specified remote host on the specified remote port. This method verifies the peer's certificate hostname after connecting
(unless created with |
static
SocketFactory
|
getDefault(int handshakeTimeoutMillis)
Returns a new socket factory instance with an optional handshake timeout. |
static
SSLSocketFactory
|
getDefault(int handshakeTimeoutMillis, SSLSessionCache cache)
Returns a new socket factory instance with an optional handshake timeout and SSL session cache. |
String[]
|
getDefaultCipherSuites()
Returns the list of cipher suites which are enabled by default. |
static
SSLSocketFactory
|
getInsecure(int handshakeTimeoutMillis, SSLSessionCache cache)
Returns a new instance of a socket factory with all SSL security checks disabled, using an optional handshake timeout and SSL session cache. |
byte[]
|
getNpnSelectedProtocol(Socket socket)
Returns the Next Protocol Negotiation (NPN) protocol selected by client and server, or null if no protocol was negotiated. |
String[]
|
getSupportedCipherSuites()
Returns the names of the cipher suites which could be enabled for use on an SSL connection. |
void
|
setHostname(Socket socket, String hostName)
Turns on Server Name Indication (SNI) on a given socket. |
void
|
setKeyManagers(KeyManager[] keyManagers)
Sets the |
void
|
setNpnProtocols(byte[][] npnProtocols)
Sets the Next Protocol Negotiation (NPN) protocols that this peer is interested in. |
void
|
setTrustManagers(TrustManager[] trustManager)
Sets the |
void
|
setUseSessionTickets(Socket socket, boolean useSessionTickets)
Enables session ticket support on the given socket. |
Inherited methods | |
|---|---|
 From
class
javax.net.ssl.SSLSocketFactory
| |
From
class
javax.net.SocketFactory
| |
From
class
java.lang.Object
| |
SSLCertificateSocketFactory (int handshakeTimeoutMillis)
This constructor was deprecated
in API level 8.
Use getDefault(int) instead.
| Parameters | |
|---|---|
handshakeTimeoutMillis |
int
|
Socket createSocket (String host, int port)
Creates a socket and connects it to the specified remote host at the specified remote port. This socket is configured using the socket options established for this factory.
If there is a security manager, its checkConnect
method is called with the host address and port
as its arguments. This could result in a SecurityException.
This method verifies the peer's certificate hostname after connecting
(unless created with getInsecure(int, SSLSessionCache)).
| Parameters | |
|---|---|
host |
String:
the server host name with which to connect, or
null for the loopback address. |
port |
int:
the server port |
| Returns | |
|---|---|
Socket |
the Socket |
| Throws | |
|---|---|
IOException |
|
Socket createSocket (Socket k, String host, int port, boolean close)
Returns a socket layered over an existing socket connected to the named host, at the given port. This constructor can be used when tunneling SSL through a proxy or when negotiating the use of SSL over an existing socket. The host and port refer to the logical peer destination. This socket is configured using the socket options established for this factory.
This method verifies the peer's certificate hostname after connecting
(unless created with getInsecure(int, SSLSessionCache)).
| Parameters | |
|---|---|
k |
Socket:
the existing socket |
host |
String:
the server host |
port |
int:
the server port |
close |
boolean:
close the underlying socket when this socket is closed |
| Returns | |
|---|---|
Socket |
a socket connected to the specified host and port |
| Throws | |
|---|---|
IOException |
|
Socket createSocket ()
Creates a new socket which is not connected to any remote host.
You must use connect(SocketAddress) to connect the socket.
Warning: Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid man-in-the-middle attacks.
| Returns | |
|---|---|
Socket |
the unconnected socket |
| Throws | |
|---|---|
IOException |
|
Socket createSocket (InetAddress addr, int port, InetAddress localAddr, int localPort)
Creates a socket and connect it to the specified remote address on the specified remote port. The socket will also be bound to the local address and port suplied. The socket is configured using the socket options established for this factory.
If there is a security manager, its checkConnect
method is called with the host address and port
as its arguments. This could result in a SecurityException.
Warning: Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid man-in-the-middle attacks.
| Parameters | |
|---|---|
addr |
InetAddress:
the server network address |
port |
int:
the server port |
localAddr |
InetAddress:
the client network address |
localPort |
int:
the client port |
| Returns | |
|---|---|
Socket |
the Socket |
| Throws | |
|---|---|
IOException |
|
Socket createSocket (InetAddress addr, int port)
Creates a socket and connects it to the specified port number at the specified address. This socket is configured using the socket options established for this factory.
If there is a security manager, its checkConnect
method is called with the host address and port
as its arguments. This could result in a SecurityException.
Warning: Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid man-in-the-middle attacks.
| Parameters | |
|---|---|
addr |
InetAddress:
the server host |
port |
int:
the server port |
| Returns | |
|---|---|
Socket |
the Socket |
| Throws | |
|---|---|
IOException |
|
Socket createSocket (String host, int port, InetAddress localAddr, int localPort)
Creates a socket and connects it to the specified remote host on the specified remote port. The socket will also be bound to the local address and port supplied. This socket is configured using the socket options established for this factory.
If there is a security manager, its checkConnect
method is called with the host address and port
as its arguments. This could result in a SecurityException.
This method verifies the peer's certificate hostname after connecting
(unless created with getInsecure(int, SSLSessionCache)).
| Parameters | |
|---|---|
host |
String:
the server host name with which to connect, or
null for the loopback address. |
port |
int:
the server port |
localAddr |
InetAddress:
the local address the socket is bound to |
localPort |
int:
the local port the socket is bound to |
| Returns | |
|---|---|
Socket |
the Socket |
| Throws | |
|---|---|
IOException |
|
SocketFactory getDefault (int handshakeTimeoutMillis)
Returns a new socket factory instance with an optional handshake timeout.
| Parameters | |
|---|---|
handshakeTimeoutMillis |
int:
to use for SSL connection handshake, or 0
for none. The socket timeout is reset to 0 after the handshake. |
| Returns | |
|---|---|
SocketFactory |
a new SSLSocketFactory with the specified parameters |
SSLSocketFactory getDefault (int handshakeTimeoutMillis, SSLSessionCache cache)
Returns a new socket factory instance with an optional handshake timeout and SSL session cache.
| Parameters | |
|---|---|
handshakeTimeoutMillis |
int:
to use for SSL connection handshake, or 0
for none. The socket timeout is reset to 0 after the handshake. |
cache |
SSLSessionCache:
The SSLSessionCache to use, or null for no cache. |
| Returns | |
|---|---|
SSLSocketFactory |
a new SSLSocketFactory with the specified parameters |
String[] getDefaultCipherSuites ()
Returns the list of cipher suites which are enabled by default. Unless a different list is enabled, handshaking on an SSL connection will use one of these cipher suites. The minimum quality of service for these defaults requires confidentiality protection and server authentication (that is, no anonymous cipher suites).
| Returns | |
|---|---|
String[] |
array of the cipher suites enabled by default |
SSLSocketFactory getInsecure (int handshakeTimeoutMillis, SSLSessionCache cache)
Returns a new instance of a socket factory with all SSL security checks disabled, using an optional handshake timeout and SSL session cache.
Warning: Sockets created using this factory are vulnerable to man-in-the-middle attacks!
| Parameters | |
|---|---|
handshakeTimeoutMillis |
int:
to use for SSL connection handshake, or 0
for none. The socket timeout is reset to 0 after the handshake. |
cache |
SSLSessionCache:
The SSLSessionCache to use, or null for no cache. |
| Returns | |
|---|---|
SSLSocketFactory |
an insecure SSLSocketFactory with the specified parameters |
byte[] getNpnSelectedProtocol (Socket socket)
Returns the Next Protocol Negotiation (NPN) protocol selected by client and server, or null if no protocol was negotiated.
| Parameters | |
|---|---|
socket |
Socket:
a socket created by this factory. |
| Returns | |
|---|---|
byte[] |
|
| Throws | |
|---|---|
IllegalArgumentException |
if the socket was not created by this factory. |
String[] getSupportedCipherSuites ()
Returns the names of the cipher suites which could be enabled for use on an SSL connection. Normally, only a subset of these will actually be enabled by default, since this list may include cipher suites which do not meet quality of service requirements for those defaults. Such cipher suites are useful in specialized applications.
| Returns | |
|---|---|
String[] |
an array of cipher suite names |
void setHostname (Socket socket, String hostName)
Turns on Server Name Indication (SNI) on a given socket.
| Parameters | |
|---|---|
socket |
Socket:
a socket created by this factory. |
hostName |
String:
the desired SNI hostname, null to disable. |
| Throws | |
|---|---|
IllegalArgumentException |
if the socket was not created by this factory. |
void setKeyManagers (KeyManager[] keyManagers)
Sets the KeyManagers to be used for connections made by this factory.
| Parameters | |
|---|---|
keyManagers |
KeyManager
|
void setNpnProtocols (byte[][] npnProtocols)
Sets the Next Protocol Negotiation (NPN) protocols that this peer is interested in.
For servers this is the sequence of protocols to advertise as supported, in order of preference. This list is sent unencrypted to all clients that support NPN.
For clients this is a list of supported protocols to match against the server's list. If there is no protocol supported by both client and server then the first protocol in the client's list will be selected. The order of the client's protocols is otherwise insignificant.
| Parameters | |
|---|---|
npnProtocols |
byte:
a non-empty list of protocol byte arrays. All arrays
must be non-empty and of length less than 256.
|
void setTrustManagers (TrustManager[] trustManager)
Sets the TrustManagers to be used for connections made by this factory.
| Parameters | |
|---|---|
trustManager |
TrustManager
|
void setUseSessionTickets (Socket socket, boolean useSessionTickets)
Enables session ticket support on the given socket.
| Parameters | |
|---|---|
socket |
Socket:
a socket created by this factory |
useSessionTickets |
boolean:
true to enable session ticket support on this socket. |
| Throws | |
|---|---|
IllegalArgumentException |
if the socket was not created by this factory. |