|
JavaTM 2 Platform Std. Ed. v1.4.1 |
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--java.net.Socket | +--javax.net.ssl.SSLSocket
This class extends Socket
s and provides secure
socket using protocols such as the "Secure
Sockets Layer" (SSL) or IETF "Transport Layer Security" (TLS) protocols.
Such sockets are normal stream sockets, but they add a layer of security protections over the underlying network transport protocol, such as TCP. Those protections include:
These kinds of protection are specified by a "cipher suite", which is a combination of cryptographic algorithms used by a given SSL connection. During the negotiation process, the two endpoints must agree on a ciphersuite that is available in both environments. If there is no such suite in common, no SSL connection can be established, and no data can be exchanged.
The cipher suite used is established by a negotiation process called "handshaking". The goal of this process is to create or rejoin a "session", which may protect many connections over time. After handshaking has completed, you can access session attributes by using the getSession method. The initial handshake on this connection can be initiated in one of three ways:
startHandshake
which explicitly
begins handshakes, or
getSession
tries to set up a session
if there is no currently valid session, and
an implicit handshake is done.
If handshaking fails for any reason, the SSLSocket
is closed, and no futher communications can be done.
There are two groups of cipher suites which you will need to know about when managing cipher suites:
Implementation defaults require that only cipher suites which authenticate servers and provide confidentiality be enabled by default. Only if both sides explicitly agree to unauthenticated and/or non-private (unencrypted) communications will such a ciphersuite be selected.
When SSLSocket
s are first created, no handshaking
is done so that applications may first set their communication
preferences: what cipher suites to use, whether the socket should be
in client or server mode, etc.
However, security is always provided by the time that application data
is sent over the connection.
You may register to receive event notification of handshake
completion. This involves
the use of two additional classes. HandshakeCompletedEvent
objects are passed to HandshakeCompletedListener instances,
which are registered by users of this API.
SSLSocket
s are created by SSLSocketFactory
s,
or by accept
ing a connection from a
SSLServerSocket
.
A SSL socket may choose to operate in the client or server mode. This will determine who begins the handshaking process, as well as which messages should be sent by each party. However, each connection must have one client and one server, or handshaking will not progress properly.
Socket
,
SSLServerSocket
,
SSLSocketFactory
Constructor Summary | |
protected |
SSLSocket()
Used only by subclasses. |
protected |
SSLSocket(InetAddress address,
int port)
Used only by subclasses. |
protected |
SSLSocket(InetAddress address,
int port,
InetAddress clientAddress,
int clientPort)
Used only by subclasses. |
protected |
SSLSocket(String host,
int port)
Used only by subclasses. |
protected |
SSLSocket(String host,
int port,
InetAddress clientAddress,
int clientPort)
Used only by subclasses. |
Method Summary | |
abstract void |
addHandshakeCompletedListener(HandshakeCompletedListener listener)
Registers an event listener to receive notifications that an SSL handshake has completed on this connection. |
abstract String[] |
getEnabledCipherSuites()
Returns the names of the SSL cipher suites which are currently enabled for use on this connection. |
abstract String[] |
getEnabledProtocols()
Returns the names of the protocol versions which are currently enabled for use on this connection. |
abstract boolean |
getEnableSessionCreation()
Returns true if new SSL sessions may be established by this socket. |
abstract boolean |
getNeedClientAuth()
Returns true if the socket will require client authentication. |
abstract SSLSession |
getSession()
Returns the SSL Session in use by this connection. |
abstract String[] |
getSupportedCipherSuites()
Returns the names of the cipher suites which could be enabled for use on this connection. |
abstract String[] |
getSupportedProtocols()
Returns the names of the protocols which could be enabled for use on an SSL connection. |
abstract boolean |
getUseClientMode()
Returns true if the socket is set to use client mode in its first handshake. |
abstract boolean |
getWantClientAuth()
Returns true if the socket will request client authentication. |
abstract void |
removeHandshakeCompletedListener(HandshakeCompletedListener listener)
Removes a previously registered handshake completion listener. |
abstract void |
setEnabledCipherSuites(String[] suites)
Controls which particular cipher suites are enabled for use on this connection. |
abstract void |
setEnabledProtocols(String[] protocols)
Controls which particular protocol versions are enabled for use on this connection. |
abstract void |
setEnableSessionCreation(boolean flag)
Controls whether new SSL sessions may be established by this socket. |
abstract void |
setNeedClientAuth(boolean need)
Configures the socket to require client authentication. |
abstract void |
setUseClientMode(boolean mode)
Configures the socket to use client (or server) mode in its first handshake. |
abstract void |
setWantClientAuth(boolean want)
Configures the socket to request client authentication, but only if such a request is appropriate to the cipher suite negotiated. |
abstract void |
startHandshake()
Starts an SSL handshake on this connection. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Constructor Detail |
protected SSLSocket()
protected SSLSocket(String host, int port) throws IOException, UnknownHostException
host
- name of the host with which to connectport
- number of the server's port
IOException
- if an I/O error occurs when creating the socket
UnknownHostException
- if the host is not knownprotected SSLSocket(InetAddress address, int port) throws IOException, UnknownHostException
address
- the server's hostport
- its port
IOException
- if an I/O error occurs when creating the socket
UnknownHostException
- if the host is not knownprotected SSLSocket(String host, int port, InetAddress clientAddress, int clientPort) throws IOException, UnknownHostException
host
- name of the host with which to connectport
- number of the server's portclientAddress
- the client's hostclientPort
- number of the client's port
IOException
- if an I/O error occurs when creating the socket
UnknownHostException
- if the host is not knownprotected SSLSocket(InetAddress address, int port, InetAddress clientAddress, int clientPort) throws IOException, UnknownHostException
address
- the server's hostport
- its portclientAddress
- the client's hostclientPort
- number of the client's port
IOException
- if an I/O error occurs when creating the socket
UnknownHostException
- if the host is not knownMethod Detail |
public abstract String[] getSupportedCipherSuites()
getEnabledCipherSuites()
,
setEnabledCipherSuites(String [])
public abstract String[] getEnabledCipherSuites()
There are several reasons why an enabled cipher suite might not actually be used. For example: the server socket might not have appropriate private keys available to it or the cipher suite might be anonymous, precluding the use of client authentication, while the server socket has been told to require that sort of authentication.
getSupportedCipherSuites()
,
setEnabledCipherSuites(String [])
public abstract void setEnabledCipherSuites(String[] suites)
suites
- Names of all the cipher suites to enable
IllegalArgumentException
- when one or more of the ciphers
named by the parameter is not supported, or when the
parameter is null.getSupportedCipherSuites()
,
getEnabledCipherSuites()
public abstract String[] getSupportedProtocols()
public abstract String[] getEnabledProtocols()
setEnabledProtocols(java.lang.String[])
public abstract void setEnabledProtocols(String[] protocols)
protocols
- Names of all the protocols to enable.
IllegalArgumentException
- when one or more of
the protocols named by the parameter is not supported or
when the protocols parameter is null.getEnabledProtocols()
public abstract SSLSession getSession()
This method will initiate the initial handshake if necessary and then block until the handshake has been established.
If an error occurs during the initial handshake, this method returns an invalid session object which reports an invalid cipher suite of "SSL_NULL_WITH_NULL_NULL".
SSLSession
public abstract void addHandshakeCompletedListener(HandshakeCompletedListener listener)
listener
- the HandShake Completed event listener
IllegalArgumentException
- if the argument is null.startHandshake()
,
removeHandshakeCompletedListener(HandshakeCompletedListener)
public abstract void removeHandshakeCompletedListener(HandshakeCompletedListener listener)
listener
- the HandShake Completed event listener
IllegalArgumentException
- if the listener is not registered,
or the argument is null.addHandshakeCompletedListener(HandshakeCompletedListener)
public abstract void startHandshake() throws IOException
If data has already been sent on the connection, it continues to flow during this handshake. When the handshake completes, this will be signaled with an event. This method is synchronous for the initial handshake on a connection and returns when the negotiated handshake is complete. Some protocols may not support multiple handshakes on an existing socket and may throw an IOException.
IOException
- on a network level erroraddHandshakeCompletedListener(HandshakeCompletedListener)
public abstract void setUseClientMode(boolean mode)
mode
- true if the socket should start its first handshake
in "client" mode
IllegalArgumentException
- if a mode change is attempted
after handshaking has begun.getUseClientMode()
public abstract boolean getUseClientMode()
setUseClientMode(boolean)
public abstract void setNeedClientAuth(boolean need)
Unlike setWantClientAuth(boolean)
,
if the client chooses not to provide authentication information
about itself, the negotiations will stop and the connection
will be dropped.
need
- should be set to true if the clients must
authenticate themselves.
Setting this parameter to true overrides the current
setting of setWantClientAuth(boolean)
.getNeedClientAuth()
,
setWantClientAuth(boolean)
,
getWantClientAuth()
,
setUseClientMode(boolean)
public abstract boolean getNeedClientAuth()
setNeedClientAuth(boolean)
,
setWantClientAuth(boolean)
,
getWantClientAuth()
,
setUseClientMode(boolean)
public abstract void setWantClientAuth(boolean want)
setNeedClientAuth(boolean)
,
if the client chooses not to provide authentication information
about itself, the negotiations will continue.
The socket must be a server mode socket.
want
- should be set to true if the clients should
try to authenticate themselves.
Setting this parameter to true overrides the current
setting of setNeedClientAuth(boolean)
.getWantClientAuth()
,
setNeedClientAuth(boolean)
,
getNeedClientAuth()
,
setUseClientMode(boolean)
public abstract boolean getWantClientAuth()
setNeedClientAuth(boolean)
,
getNeedClientAuth()
,
setWantClientAuth(boolean)
,
setUseClientMode(boolean)
public abstract void setEnableSessionCreation(boolean flag)
flag
- true indicates that sessions may be created; this
is the default. false indicates that an existing session
must be resumedgetEnableSessionCreation()
public abstract boolean getEnableSessionCreation()
setEnableSessionCreation(boolean)
|
JavaTM 2 Platform Std. Ed. v1.4.1 |
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Copyright 2002 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.