Package org.apache.hc.client5.http.ssl
Class SSLConnectionSocketFactory
- java.lang.Object
-
- org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory
-
- All Implemented Interfaces:
ConnectionSocketFactory
,LayeredConnectionSocketFactory
@Contract(threading=STATELESS) public class SSLConnectionSocketFactory extends java.lang.Object implements LayeredConnectionSocketFactory
Layered socket factory for TLS/SSL connections.SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.
- Since:
- 4.3
-
-
Field Summary
Fields Modifier and Type Field Description private javax.net.ssl.HostnameVerifier
hostnameVerifier
private static org.slf4j.Logger
LOG
private javax.net.ssl.SSLSocketFactory
socketFactory
private java.lang.String[]
supportedCipherSuites
private java.lang.String[]
supportedProtocols
private TlsSessionValidator
tlsSessionValidator
private static java.util.List<java.util.regex.Pattern>
WEAK_CIPHER_SUITE_PATTERNS
private static java.lang.String
WEAK_CIPHERS
private static java.lang.String
WEAK_KEY_EXCHANGES
-
Constructor Summary
Constructors Constructor Description SSLConnectionSocketFactory(javax.net.ssl.SSLContext sslContext)
SSLConnectionSocketFactory(javax.net.ssl.SSLContext sslContext, java.lang.String[] supportedProtocols, java.lang.String[] supportedCipherSuites, javax.net.ssl.HostnameVerifier hostnameVerifier)
SSLConnectionSocketFactory(javax.net.ssl.SSLContext sslContext, javax.net.ssl.HostnameVerifier hostnameVerifier)
SSLConnectionSocketFactory(javax.net.ssl.SSLSocketFactory socketFactory, java.lang.String[] supportedProtocols, java.lang.String[] supportedCipherSuites, javax.net.ssl.HostnameVerifier hostnameVerifier)
SSLConnectionSocketFactory(javax.net.ssl.SSLSocketFactory socketFactory, javax.net.ssl.HostnameVerifier hostnameVerifier)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description protected void
connectSocket(java.net.Socket sock, java.net.InetSocketAddress remoteAddress, org.apache.hc.core5.util.Timeout connectTimeout, org.apache.hc.core5.http.protocol.HttpContext context)
Connects the socket to the target host with the given resolved remote address usingSocket.connect(SocketAddress, int)
.java.net.Socket
connectSocket(java.net.Socket socket, org.apache.hc.core5.http.HttpHost host, java.net.InetSocketAddress remoteAddress, java.net.InetSocketAddress localAddress, org.apache.hc.core5.util.Timeout connectTimeout, java.lang.Object attachment, org.apache.hc.core5.http.protocol.HttpContext context)
Connects the socket to the target host with the given resolved remote address.java.net.Socket
connectSocket(org.apache.hc.core5.util.TimeValue connectTimeout, java.net.Socket socket, org.apache.hc.core5.http.HttpHost host, java.net.InetSocketAddress remoteAddress, java.net.InetSocketAddress localAddress, org.apache.hc.core5.http.protocol.HttpContext context)
Connects the socket to the target host with the given resolved remote address.java.net.Socket
createLayeredSocket(java.net.Socket socket, java.lang.String target, int port, java.lang.Object attachment, org.apache.hc.core5.http.protocol.HttpContext context)
Returns a socket connected to the given host that is layered over an existing socket.java.net.Socket
createLayeredSocket(java.net.Socket socket, java.lang.String target, int port, org.apache.hc.core5.http.protocol.HttpContext context)
Returns a socket connected to the given host that is layered over an existing socket.java.net.Socket
createSocket(java.net.Proxy proxy, org.apache.hc.core5.http.protocol.HttpContext context)
Creates new, unconnected socket via a proxy (generally SOCKS is expected).java.net.Socket
createSocket(org.apache.hc.core5.http.protocol.HttpContext context)
Creates new, unconnected socket.private void
executeHandshake(javax.net.ssl.SSLSocket sslsock, java.lang.String target, java.lang.Object attachment, org.apache.hc.core5.http.protocol.HttpContext context)
static SSLConnectionSocketFactory
getSocketFactory()
Obtains default SSL socket factory with an SSL context based on the standard JSSE trust material (cacerts
file in the security properties directory).static SSLConnectionSocketFactory
getSystemSocketFactory()
Obtains default SSL socket factory with an SSL context based on system properties as described in Java™ Secure Socket Extension (JSSE) Reference Guide.(package private) static boolean
isWeakCipherSuite(java.lang.String cipherSuite)
protected void
prepareSocket(javax.net.ssl.SSLSocket socket)
Deprecated.protected void
prepareSocket(javax.net.ssl.SSLSocket socket, org.apache.hc.core5.http.protocol.HttpContext context)
Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens).private void
verifyHostname(javax.net.ssl.SSLSocket sslsock, java.lang.String hostname)
protected void
verifySession(java.lang.String hostname, javax.net.ssl.SSLSession sslSession)
-
-
-
Field Detail
-
WEAK_KEY_EXCHANGES
private static final java.lang.String WEAK_KEY_EXCHANGES
- See Also:
- Constant Field Values
-
WEAK_CIPHERS
private static final java.lang.String WEAK_CIPHERS
- See Also:
- Constant Field Values
-
WEAK_CIPHER_SUITE_PATTERNS
private static final java.util.List<java.util.regex.Pattern> WEAK_CIPHER_SUITE_PATTERNS
-
LOG
private static final org.slf4j.Logger LOG
-
socketFactory
private final javax.net.ssl.SSLSocketFactory socketFactory
-
hostnameVerifier
private final javax.net.ssl.HostnameVerifier hostnameVerifier
-
supportedProtocols
private final java.lang.String[] supportedProtocols
-
supportedCipherSuites
private final java.lang.String[] supportedCipherSuites
-
tlsSessionValidator
private final TlsSessionValidator tlsSessionValidator
-
-
Constructor Detail
-
SSLConnectionSocketFactory
public SSLConnectionSocketFactory(javax.net.ssl.SSLContext sslContext)
-
SSLConnectionSocketFactory
public SSLConnectionSocketFactory(javax.net.ssl.SSLContext sslContext, javax.net.ssl.HostnameVerifier hostnameVerifier)
- Since:
- 4.4
-
SSLConnectionSocketFactory
public SSLConnectionSocketFactory(javax.net.ssl.SSLContext sslContext, java.lang.String[] supportedProtocols, java.lang.String[] supportedCipherSuites, javax.net.ssl.HostnameVerifier hostnameVerifier)
- Since:
- 4.4
-
SSLConnectionSocketFactory
public SSLConnectionSocketFactory(javax.net.ssl.SSLSocketFactory socketFactory, javax.net.ssl.HostnameVerifier hostnameVerifier)
- Since:
- 4.4
-
SSLConnectionSocketFactory
public SSLConnectionSocketFactory(javax.net.ssl.SSLSocketFactory socketFactory, java.lang.String[] supportedProtocols, java.lang.String[] supportedCipherSuites, javax.net.ssl.HostnameVerifier hostnameVerifier)
- Since:
- 4.4
-
-
Method Detail
-
getSocketFactory
public static SSLConnectionSocketFactory getSocketFactory() throws org.apache.hc.core5.ssl.SSLInitializationException
Obtains default SSL socket factory with an SSL context based on the standard JSSE trust material (cacerts
file in the security properties directory). System properties are not taken into consideration.- Returns:
- default SSL socket factory
- Throws:
org.apache.hc.core5.ssl.SSLInitializationException
-
getSystemSocketFactory
public static SSLConnectionSocketFactory getSystemSocketFactory() throws org.apache.hc.core5.ssl.SSLInitializationException
Obtains default SSL socket factory with an SSL context based on system properties as described in Java™ Secure Socket Extension (JSSE) Reference Guide.- Returns:
- default system SSL socket factory
- Throws:
org.apache.hc.core5.ssl.SSLInitializationException
-
isWeakCipherSuite
static boolean isWeakCipherSuite(java.lang.String cipherSuite)
-
prepareSocket
@Deprecated protected void prepareSocket(javax.net.ssl.SSLSocket socket) throws java.io.IOException
Deprecated.- Throws:
java.io.IOException
-
prepareSocket
protected void prepareSocket(javax.net.ssl.SSLSocket socket, org.apache.hc.core5.http.protocol.HttpContext context) throws java.io.IOException
Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens). The default implementation is a no-op, but could be overridden to, e.g., callSSLSocket.setEnabledCipherSuites(String[])
.- Throws:
java.io.IOException
- may be thrown if overridden
-
createSocket
public java.net.Socket createSocket(org.apache.hc.core5.http.protocol.HttpContext context) throws java.io.IOException
Description copied from interface:ConnectionSocketFactory
Creates new, unconnected socket. The socket should subsequently be passed toconnectSocket
method.- Specified by:
createSocket
in interfaceConnectionSocketFactory
- Throws:
java.io.IOException
-
createSocket
public java.net.Socket createSocket(java.net.Proxy proxy, org.apache.hc.core5.http.protocol.HttpContext context) throws java.io.IOException
Description copied from interface:ConnectionSocketFactory
Creates new, unconnected socket via a proxy (generally SOCKS is expected). The socket should subsequently be passed toconnectSocket
method.- Specified by:
createSocket
in interfaceConnectionSocketFactory
- Throws:
java.io.IOException
-
connectSocket
public java.net.Socket connectSocket(org.apache.hc.core5.util.TimeValue connectTimeout, java.net.Socket socket, org.apache.hc.core5.http.HttpHost host, java.net.InetSocketAddress remoteAddress, java.net.InetSocketAddress localAddress, org.apache.hc.core5.http.protocol.HttpContext context) throws java.io.IOException
Description copied from interface:ConnectionSocketFactory
Connects the socket to the target host with the given resolved remote address.- Specified by:
connectSocket
in interfaceConnectionSocketFactory
- Parameters:
connectTimeout
- connect timeout.socket
- the socket to connect, as obtained fromConnectionSocketFactory.createSocket(HttpContext)
.null
indicates that a new socket should be created and connected.host
- target host as specified by the caller (end user).remoteAddress
- the resolved remote address to connect to.localAddress
- the local address to bind the socket to, ornull
for any.context
- the actual HTTP context.- Returns:
- the connected socket. The returned object may be different
from the
sock
argument if this factory supports a layered protocol. - Throws:
java.io.IOException
- if an I/O error occurs
-
connectSocket
public java.net.Socket connectSocket(java.net.Socket socket, org.apache.hc.core5.http.HttpHost host, java.net.InetSocketAddress remoteAddress, java.net.InetSocketAddress localAddress, org.apache.hc.core5.util.Timeout connectTimeout, java.lang.Object attachment, org.apache.hc.core5.http.protocol.HttpContext context) throws java.io.IOException
Description copied from interface:ConnectionSocketFactory
Connects the socket to the target host with the given resolved remote address.- Specified by:
connectSocket
in interfaceConnectionSocketFactory
- Parameters:
socket
- the socket to connect, as obtained fromConnectionSocketFactory.createSocket(HttpContext)
.null
indicates that a new socket should be created and connected.host
- target host as specified by the caller (end user).remoteAddress
- the resolved remote address to connect to.localAddress
- the local address to bind the socket to, ornull
for any.connectTimeout
- connect timeout.attachment
- connect request attachment.context
- the actual HTTP context.- Returns:
- the connected socket. The returned object may be different
from the
sock
argument if this factory supports a layered protocol. - Throws:
java.io.IOException
- if an I/O error occurs
-
connectSocket
protected void connectSocket(java.net.Socket sock, java.net.InetSocketAddress remoteAddress, org.apache.hc.core5.util.Timeout connectTimeout, org.apache.hc.core5.http.protocol.HttpContext context) throws java.io.IOException
Connects the socket to the target host with the given resolved remote address usingSocket.connect(SocketAddress, int)
. This method may be overridden to customize how preciselySocket.connect(SocketAddress, int)
is handled without impacting other connection establishment code withinexecuteHandshake(SSLSocket, String, Object, HttpContext)
, for example.- Parameters:
sock
- the socket to connect.remoteAddress
- the resolved remote address to connect to.connectTimeout
- connect timeout.context
- the actual HTTP context.- Throws:
java.io.IOException
- if an I/O error occurs
-
createLayeredSocket
public java.net.Socket createLayeredSocket(java.net.Socket socket, java.lang.String target, int port, org.apache.hc.core5.http.protocol.HttpContext context) throws java.io.IOException
Description copied from interface:LayeredConnectionSocketFactory
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.- Specified by:
createLayeredSocket
in interfaceLayeredConnectionSocketFactory
- Parameters:
socket
- the existing sockettarget
- the name of the target host.port
- the port to connect to on the target host.context
- the actual HTTP context.- Returns:
- Socket a new socket
- Throws:
java.io.IOException
- if an I/O error occurs while creating the socket
-
createLayeredSocket
public java.net.Socket createLayeredSocket(java.net.Socket socket, java.lang.String target, int port, java.lang.Object attachment, org.apache.hc.core5.http.protocol.HttpContext context) throws java.io.IOException
Description copied from interface:LayeredConnectionSocketFactory
Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.- Specified by:
createLayeredSocket
in interfaceLayeredConnectionSocketFactory
- Parameters:
socket
- the existing sockettarget
- the name of the target host.port
- the port to connect to on the target host.attachment
- connect request attachment.context
- the actual HTTP context.- Returns:
- Socket a new socket
- Throws:
java.io.IOException
- if an I/O error occurs while creating the socket
-
executeHandshake
private void executeHandshake(javax.net.ssl.SSLSocket sslsock, java.lang.String target, java.lang.Object attachment, org.apache.hc.core5.http.protocol.HttpContext context) throws java.io.IOException
- Throws:
java.io.IOException
-
verifyHostname
private void verifyHostname(javax.net.ssl.SSLSocket sslsock, java.lang.String hostname) throws java.io.IOException
- Throws:
java.io.IOException
-
verifySession
protected void verifySession(java.lang.String hostname, javax.net.ssl.SSLSession sslSession) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
-