Package org.apache.hc.client5.http.ssl
Class SSLConnectionSocketFactory
java.lang.Object
org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory
- All Implemented Interfaces:
ConnectionSocketFactory
,LayeredConnectionSocketFactory
@Contract(threading=STATELESS)
public class SSLConnectionSocketFactory
extends Object
implements LayeredConnectionSocketFactory
Layered socket factory for TLS/SSL connections.
SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.
- Since:
- 4.3
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final HostnameVerifier
private static final org.slf4j.Logger
private final SSLSocketFactory
private final String[]
private final String[]
private final TlsSessionValidator
private static final String
private static final String
-
Constructor Summary
ConstructorsConstructorDescriptionSSLConnectionSocketFactory
(SSLContext sslContext) SSLConnectionSocketFactory
(SSLContext sslContext, String[] supportedProtocols, String[] supportedCipherSuites, HostnameVerifier hostnameVerifier) SSLConnectionSocketFactory
(SSLContext sslContext, HostnameVerifier hostnameVerifier) SSLConnectionSocketFactory
(SSLSocketFactory socketFactory, String[] supportedProtocols, String[] supportedCipherSuites, HostnameVerifier hostnameVerifier) SSLConnectionSocketFactory
(SSLSocketFactory socketFactory, HostnameVerifier hostnameVerifier) -
Method Summary
Modifier and TypeMethodDescriptionprotected void
connectSocket
(Socket sock, InetSocketAddress remoteAddress, org.apache.hc.core5.util.Timeout connectTimeout, org.apache.hc.core5.http.protocol.HttpContext context) Connects the socket to the target host with the given resolved remote address usingSocket.connect(SocketAddress, int)
.connectSocket
(Socket socket, org.apache.hc.core5.http.HttpHost host, InetSocketAddress remoteAddress, InetSocketAddress localAddress, org.apache.hc.core5.util.Timeout connectTimeout, Object attachment, org.apache.hc.core5.http.protocol.HttpContext context) Connects the socket to the target host with the given resolved remote address.connectSocket
(org.apache.hc.core5.util.TimeValue connectTimeout, Socket socket, org.apache.hc.core5.http.HttpHost host, InetSocketAddress remoteAddress, InetSocketAddress localAddress, org.apache.hc.core5.http.protocol.HttpContext context) Connects the socket to the target host with the given resolved remote address.createLayeredSocket
(Socket socket, String target, int port, Object attachment, org.apache.hc.core5.http.protocol.HttpContext context) Returns a socket connected to the given host that is layered over an existing socket.createLayeredSocket
(Socket socket, String target, int port, org.apache.hc.core5.http.protocol.HttpContext context) Returns a socket connected to the given host that is layered over an existing socket.createSocket
(Proxy proxy, org.apache.hc.core5.http.protocol.HttpContext context) Creates new, unconnected socket via a proxy (generally SOCKS is expected).createSocket
(org.apache.hc.core5.http.protocol.HttpContext context) Creates new, unconnected socket.private void
executeHandshake
(SSLSocket sslsock, String target, Object attachment, org.apache.hc.core5.http.protocol.HttpContext context) static SSLConnectionSocketFactory
Obtains default SSL socket factory with an SSL context based on the standard JSSE trust material (cacerts
file in the security properties directory).static SSLConnectionSocketFactory
Obtains default SSL socket factory with an SSL context based on system properties as described in Java™ Secure Socket Extension (JSSE) Reference Guide.(package private) static boolean
isWeakCipherSuite
(String cipherSuite) protected void
prepareSocket
(SSLSocket socket) Deprecated.protected void
prepareSocket
(SSLSocket socket, org.apache.hc.core5.http.protocol.HttpContext context) Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens).private void
verifyHostname
(SSLSocket sslsock, String hostname) protected void
verifySession
(String hostname, SSLSession sslSession)
-
Field Details
-
WEAK_KEY_EXCHANGES
- See Also:
-
WEAK_CIPHERS
- See Also:
-
WEAK_CIPHER_SUITE_PATTERNS
-
LOG
private static final org.slf4j.Logger LOG -
socketFactory
-
hostnameVerifier
-
supportedProtocols
-
supportedCipherSuites
-
tlsSessionValidator
-
-
Constructor Details
-
SSLConnectionSocketFactory
-
SSLConnectionSocketFactory
- Since:
- 4.4
-
SSLConnectionSocketFactory
public SSLConnectionSocketFactory(SSLContext sslContext, String[] supportedProtocols, String[] supportedCipherSuites, HostnameVerifier hostnameVerifier) - Since:
- 4.4
-
SSLConnectionSocketFactory
public SSLConnectionSocketFactory(SSLSocketFactory socketFactory, HostnameVerifier hostnameVerifier) - Since:
- 4.4
-
SSLConnectionSocketFactory
public SSLConnectionSocketFactory(SSLSocketFactory socketFactory, String[] supportedProtocols, String[] supportedCipherSuites, HostnameVerifier hostnameVerifier) - Since:
- 4.4
-
-
Method Details
-
getSocketFactory
public static SSLConnectionSocketFactory getSocketFactory() throws org.apache.hc.core5.ssl.SSLInitializationExceptionObtains default SSL socket factory with an SSL context based on the standard JSSE trust material (cacerts
file in the security properties directory). System properties are not taken into consideration.- Returns:
- default SSL socket factory
- Throws:
org.apache.hc.core5.ssl.SSLInitializationException
-
getSystemSocketFactory
public static SSLConnectionSocketFactory getSystemSocketFactory() throws org.apache.hc.core5.ssl.SSLInitializationExceptionObtains default SSL socket factory with an SSL context based on system properties as described in Java™ Secure Socket Extension (JSSE) Reference Guide.- Returns:
- default system SSL socket factory
- Throws:
org.apache.hc.core5.ssl.SSLInitializationException
-
isWeakCipherSuite
-
prepareSocket
Deprecated.- Throws:
IOException
-
prepareSocket
protected void prepareSocket(SSLSocket socket, org.apache.hc.core5.http.protocol.HttpContext context) throws IOException Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens). The default implementation is a no-op, but could be overridden to, e.g., callSSLSocket.setEnabledCipherSuites(String[])
.- Throws:
IOException
- may be thrown if overridden
-
createSocket
public Socket createSocket(org.apache.hc.core5.http.protocol.HttpContext context) throws IOException Description copied from interface:ConnectionSocketFactory
Creates new, unconnected socket. The socket should subsequently be passed toconnectSocket
method.- Specified by:
createSocket
in interfaceConnectionSocketFactory
- Throws:
IOException
-
createSocket
public Socket createSocket(Proxy proxy, org.apache.hc.core5.http.protocol.HttpContext context) throws IOException Description copied from interface:ConnectionSocketFactory
Creates new, unconnected socket via a proxy (generally SOCKS is expected). The socket should subsequently be passed toconnectSocket
method.- Specified by:
createSocket
in interfaceConnectionSocketFactory
- Throws:
IOException
-
connectSocket
public Socket connectSocket(org.apache.hc.core5.util.TimeValue connectTimeout, Socket socket, org.apache.hc.core5.http.HttpHost host, InetSocketAddress remoteAddress, InetSocketAddress localAddress, org.apache.hc.core5.http.protocol.HttpContext context) throws IOException Description copied from interface:ConnectionSocketFactory
Connects the socket to the target host with the given resolved remote address.- Specified by:
connectSocket
in interfaceConnectionSocketFactory
- Parameters:
connectTimeout
- connect timeout.socket
- the socket to connect, as obtained fromConnectionSocketFactory.createSocket(HttpContext)
.null
indicates that a new socket should be created and connected.host
- target host as specified by the caller (end user).remoteAddress
- the resolved remote address to connect to.localAddress
- the local address to bind the socket to, ornull
for any.context
- the actual HTTP context.- Returns:
- the connected socket. The returned object may be different
from the
sock
argument if this factory supports a layered protocol. - Throws:
IOException
- if an I/O error occurs
-
connectSocket
public Socket connectSocket(Socket socket, org.apache.hc.core5.http.HttpHost host, InetSocketAddress remoteAddress, InetSocketAddress localAddress, org.apache.hc.core5.util.Timeout connectTimeout, Object attachment, org.apache.hc.core5.http.protocol.HttpContext context) throws IOException Description copied from interface:ConnectionSocketFactory
Connects the socket to the target host with the given resolved remote address.- Specified by:
connectSocket
in interfaceConnectionSocketFactory
- Parameters:
socket
- the socket to connect, as obtained fromConnectionSocketFactory.createSocket(HttpContext)
.null
indicates that a new socket should be created and connected.host
- target host as specified by the caller (end user).remoteAddress
- the resolved remote address to connect to.localAddress
- the local address to bind the socket to, ornull
for any.connectTimeout
- connect timeout.attachment
- connect request attachment.context
- the actual HTTP context.- Returns:
- the connected socket. The returned object may be different
from the
sock
argument if this factory supports a layered protocol. - Throws:
IOException
- if an I/O error occurs
-
connectSocket
protected void connectSocket(Socket sock, InetSocketAddress remoteAddress, org.apache.hc.core5.util.Timeout connectTimeout, org.apache.hc.core5.http.protocol.HttpContext context) throws IOException Connects the socket to the target host with the given resolved remote address usingSocket.connect(SocketAddress, int)
. This method may be overridden to customize how preciselySocket.connect(SocketAddress, int)
is handled without impacting other connection establishment code withinexecuteHandshake(SSLSocket, String, Object, HttpContext)
, for example.- Parameters:
sock
- the socket to connect.remoteAddress
- the resolved remote address to connect to.connectTimeout
- connect timeout.context
- the actual HTTP context.- Throws:
IOException
- if an I/O error occurs
-
createLayeredSocket
public Socket createLayeredSocket(Socket socket, String target, int port, org.apache.hc.core5.http.protocol.HttpContext context) throws IOException Description copied from interface:LayeredConnectionSocketFactory
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.- Specified by:
createLayeredSocket
in interfaceLayeredConnectionSocketFactory
- Parameters:
socket
- the existing sockettarget
- the name of the target host.port
- the port to connect to on the target host.context
- the actual HTTP context.- Returns:
- Socket a new socket
- Throws:
IOException
- if an I/O error occurs while creating the socket
-
createLayeredSocket
public Socket createLayeredSocket(Socket socket, String target, int port, Object attachment, org.apache.hc.core5.http.protocol.HttpContext context) throws IOException Description copied from interface:LayeredConnectionSocketFactory
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.- Specified by:
createLayeredSocket
in interfaceLayeredConnectionSocketFactory
- Parameters:
socket
- the existing sockettarget
- the name of the target host.port
- the port to connect to on the target host.attachment
- connect request attachment.context
- the actual HTTP context.- Returns:
- Socket a new socket
- Throws:
IOException
- if an I/O error occurs while creating the socket
-
executeHandshake
private void executeHandshake(SSLSocket sslsock, String target, Object attachment, org.apache.hc.core5.http.protocol.HttpContext context) throws IOException - Throws:
IOException
-
verifyHostname
- Throws:
IOException
-
verifySession
- Throws:
SSLException
-
prepareSocket(SSLSocket, HttpContext)