Class SSLConnectionSocketFactory

  • All Implemented Interfaces:
    ConnectionSocketFactory, LayeredConnectionSocketFactory

    @Contract(threading=STATELESS)
    public class SSLConnectionSocketFactory
    extends java.lang.Object
    implements LayeredConnectionSocketFactory
    Layered socket factory for TLS/SSL connections.

    SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.

    Since:
    4.3
    • Constructor Summary

      Constructors 
      Constructor Description
      SSLConnectionSocketFactory​(javax.net.ssl.SSLContext sslContext)  
      SSLConnectionSocketFactory​(javax.net.ssl.SSLContext sslContext, java.lang.String[] supportedProtocols, java.lang.String[] supportedCipherSuites, javax.net.ssl.HostnameVerifier hostnameVerifier)  
      SSLConnectionSocketFactory​(javax.net.ssl.SSLContext sslContext, javax.net.ssl.HostnameVerifier hostnameVerifier)  
      SSLConnectionSocketFactory​(javax.net.ssl.SSLSocketFactory socketFactory, java.lang.String[] supportedProtocols, java.lang.String[] supportedCipherSuites, javax.net.ssl.HostnameVerifier hostnameVerifier)  
      SSLConnectionSocketFactory​(javax.net.ssl.SSLSocketFactory socketFactory, javax.net.ssl.HostnameVerifier hostnameVerifier)  
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      protected void connectSocket​(java.net.Socket sock, java.net.InetSocketAddress remoteAddress, org.apache.hc.core5.util.Timeout connectTimeout, org.apache.hc.core5.http.protocol.HttpContext context)
      Connects the socket to the target host with the given resolved remote address using Socket.connect(SocketAddress, int).
      java.net.Socket connectSocket​(java.net.Socket socket, org.apache.hc.core5.http.HttpHost host, java.net.InetSocketAddress remoteAddress, java.net.InetSocketAddress localAddress, org.apache.hc.core5.util.Timeout connectTimeout, java.lang.Object attachment, org.apache.hc.core5.http.protocol.HttpContext context)
      Connects the socket to the target host with the given resolved remote address.
      java.net.Socket connectSocket​(org.apache.hc.core5.util.TimeValue connectTimeout, java.net.Socket socket, org.apache.hc.core5.http.HttpHost host, java.net.InetSocketAddress remoteAddress, java.net.InetSocketAddress localAddress, org.apache.hc.core5.http.protocol.HttpContext context)
      Connects the socket to the target host with the given resolved remote address.
      java.net.Socket createLayeredSocket​(java.net.Socket socket, java.lang.String target, int port, java.lang.Object attachment, org.apache.hc.core5.http.protocol.HttpContext context)
      Returns a socket connected to the given host that is layered over an existing socket.
      java.net.Socket createLayeredSocket​(java.net.Socket socket, java.lang.String target, int port, org.apache.hc.core5.http.protocol.HttpContext context)
      Returns a socket connected to the given host that is layered over an existing socket.
      java.net.Socket createSocket​(java.net.Proxy proxy, org.apache.hc.core5.http.protocol.HttpContext context)
      Creates new, unconnected socket via a proxy (generally SOCKS is expected).
      java.net.Socket createSocket​(org.apache.hc.core5.http.protocol.HttpContext context)
      Creates new, unconnected socket.
      private void executeHandshake​(javax.net.ssl.SSLSocket sslsock, java.lang.String target, java.lang.Object attachment, org.apache.hc.core5.http.protocol.HttpContext context)  
      static SSLConnectionSocketFactory getSocketFactory()
      Obtains default SSL socket factory with an SSL context based on the standard JSSE trust material (cacerts file in the security properties directory).
      static SSLConnectionSocketFactory getSystemSocketFactory()
      Obtains default SSL socket factory with an SSL context based on system properties as described in Java™ Secure Socket Extension (JSSE) Reference Guide.
      (package private) static boolean isWeakCipherSuite​(java.lang.String cipherSuite)  
      protected void prepareSocket​(javax.net.ssl.SSLSocket socket)
      protected void prepareSocket​(javax.net.ssl.SSLSocket socket, org.apache.hc.core5.http.protocol.HttpContext context)
      Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens).
      private void verifyHostname​(javax.net.ssl.SSLSocket sslsock, java.lang.String hostname)  
      protected void verifySession​(java.lang.String hostname, javax.net.ssl.SSLSession sslSession)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • WEAK_KEY_EXCHANGES

        private static final java.lang.String WEAK_KEY_EXCHANGES
        See Also:
        Constant Field Values
      • WEAK_CIPHER_SUITE_PATTERNS

        private static final java.util.List<java.util.regex.Pattern> WEAK_CIPHER_SUITE_PATTERNS
      • LOG

        private static final org.slf4j.Logger LOG
      • socketFactory

        private final javax.net.ssl.SSLSocketFactory socketFactory
      • hostnameVerifier

        private final javax.net.ssl.HostnameVerifier hostnameVerifier
      • supportedProtocols

        private final java.lang.String[] supportedProtocols
      • supportedCipherSuites

        private final java.lang.String[] supportedCipherSuites
    • Constructor Detail

      • SSLConnectionSocketFactory

        public SSLConnectionSocketFactory​(javax.net.ssl.SSLContext sslContext)
      • SSLConnectionSocketFactory

        public SSLConnectionSocketFactory​(javax.net.ssl.SSLContext sslContext,
                                          javax.net.ssl.HostnameVerifier hostnameVerifier)
        Since:
        4.4
      • SSLConnectionSocketFactory

        public SSLConnectionSocketFactory​(javax.net.ssl.SSLContext sslContext,
                                          java.lang.String[] supportedProtocols,
                                          java.lang.String[] supportedCipherSuites,
                                          javax.net.ssl.HostnameVerifier hostnameVerifier)
        Since:
        4.4
      • SSLConnectionSocketFactory

        public SSLConnectionSocketFactory​(javax.net.ssl.SSLSocketFactory socketFactory,
                                          javax.net.ssl.HostnameVerifier hostnameVerifier)
        Since:
        4.4
      • SSLConnectionSocketFactory

        public SSLConnectionSocketFactory​(javax.net.ssl.SSLSocketFactory socketFactory,
                                          java.lang.String[] supportedProtocols,
                                          java.lang.String[] supportedCipherSuites,
                                          javax.net.ssl.HostnameVerifier hostnameVerifier)
        Since:
        4.4
    • Method Detail

      • getSocketFactory

        public static SSLConnectionSocketFactory getSocketFactory()
                                                           throws org.apache.hc.core5.ssl.SSLInitializationException
        Obtains default SSL socket factory with an SSL context based on the standard JSSE trust material (cacerts file in the security properties directory). System properties are not taken into consideration.
        Returns:
        default SSL socket factory
        Throws:
        org.apache.hc.core5.ssl.SSLInitializationException
      • getSystemSocketFactory

        public static SSLConnectionSocketFactory getSystemSocketFactory()
                                                                 throws org.apache.hc.core5.ssl.SSLInitializationException
        Obtains default SSL socket factory with an SSL context based on system properties as described in Java™ Secure Socket Extension (JSSE) Reference Guide.
        Returns:
        default system SSL socket factory
        Throws:
        org.apache.hc.core5.ssl.SSLInitializationException
      • isWeakCipherSuite

        static boolean isWeakCipherSuite​(java.lang.String cipherSuite)
      • prepareSocket

        @Deprecated
        protected void prepareSocket​(javax.net.ssl.SSLSocket socket)
                              throws java.io.IOException
        Throws:
        java.io.IOException
      • prepareSocket

        protected void prepareSocket​(javax.net.ssl.SSLSocket socket,
                                     org.apache.hc.core5.http.protocol.HttpContext context)
                              throws java.io.IOException
        Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens). The default implementation is a no-op, but could be overridden to, e.g., call SSLSocket.setEnabledCipherSuites(String[]).
        Throws:
        java.io.IOException - may be thrown if overridden
      • createSocket

        public java.net.Socket createSocket​(org.apache.hc.core5.http.protocol.HttpContext context)
                                     throws java.io.IOException
        Description copied from interface: ConnectionSocketFactory
        Creates new, unconnected socket. The socket should subsequently be passed to connectSocket method.
        Specified by:
        createSocket in interface ConnectionSocketFactory
        Throws:
        java.io.IOException
      • createSocket

        public java.net.Socket createSocket​(java.net.Proxy proxy,
                                            org.apache.hc.core5.http.protocol.HttpContext context)
                                     throws java.io.IOException
        Description copied from interface: ConnectionSocketFactory
        Creates new, unconnected socket via a proxy (generally SOCKS is expected). The socket should subsequently be passed to connectSocket method.
        Specified by:
        createSocket in interface ConnectionSocketFactory
        Throws:
        java.io.IOException
      • connectSocket

        public java.net.Socket connectSocket​(org.apache.hc.core5.util.TimeValue connectTimeout,
                                             java.net.Socket socket,
                                             org.apache.hc.core5.http.HttpHost host,
                                             java.net.InetSocketAddress remoteAddress,
                                             java.net.InetSocketAddress localAddress,
                                             org.apache.hc.core5.http.protocol.HttpContext context)
                                      throws java.io.IOException
        Description copied from interface: ConnectionSocketFactory
        Connects the socket to the target host with the given resolved remote address.
        Specified by:
        connectSocket in interface ConnectionSocketFactory
        Parameters:
        connectTimeout - connect timeout.
        socket - the socket to connect, as obtained from ConnectionSocketFactory.createSocket(HttpContext). null indicates that a new socket should be created and connected.
        host - target host as specified by the caller (end user).
        remoteAddress - the resolved remote address to connect to.
        localAddress - the local address to bind the socket to, or null for any.
        context - the actual HTTP context.
        Returns:
        the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.
        Throws:
        java.io.IOException - if an I/O error occurs
      • connectSocket

        public java.net.Socket connectSocket​(java.net.Socket socket,
                                             org.apache.hc.core5.http.HttpHost host,
                                             java.net.InetSocketAddress remoteAddress,
                                             java.net.InetSocketAddress localAddress,
                                             org.apache.hc.core5.util.Timeout connectTimeout,
                                             java.lang.Object attachment,
                                             org.apache.hc.core5.http.protocol.HttpContext context)
                                      throws java.io.IOException
        Description copied from interface: ConnectionSocketFactory
        Connects the socket to the target host with the given resolved remote address.
        Specified by:
        connectSocket in interface ConnectionSocketFactory
        Parameters:
        socket - the socket to connect, as obtained from ConnectionSocketFactory.createSocket(HttpContext). null indicates that a new socket should be created and connected.
        host - target host as specified by the caller (end user).
        remoteAddress - the resolved remote address to connect to.
        localAddress - the local address to bind the socket to, or null for any.
        connectTimeout - connect timeout.
        attachment - connect request attachment.
        context - the actual HTTP context.
        Returns:
        the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.
        Throws:
        java.io.IOException - if an I/O error occurs
      • connectSocket

        protected void connectSocket​(java.net.Socket sock,
                                     java.net.InetSocketAddress remoteAddress,
                                     org.apache.hc.core5.util.Timeout connectTimeout,
                                     org.apache.hc.core5.http.protocol.HttpContext context)
                              throws java.io.IOException
        Connects the socket to the target host with the given resolved remote address using Socket.connect(SocketAddress, int). This method may be overridden to customize how precisely Socket.connect(SocketAddress, int) is handled without impacting other connection establishment code within executeHandshake(SSLSocket, String, Object, HttpContext), for example.
        Parameters:
        sock - the socket to connect.
        remoteAddress - the resolved remote address to connect to.
        connectTimeout - connect timeout.
        context - the actual HTTP context.
        Throws:
        java.io.IOException - if an I/O error occurs
      • createLayeredSocket

        public java.net.Socket createLayeredSocket​(java.net.Socket socket,
                                                   java.lang.String target,
                                                   int port,
                                                   org.apache.hc.core5.http.protocol.HttpContext context)
                                            throws java.io.IOException
        Description copied from interface: LayeredConnectionSocketFactory
        Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.
        Specified by:
        createLayeredSocket in interface LayeredConnectionSocketFactory
        Parameters:
        socket - the existing socket
        target - the name of the target host.
        port - the port to connect to on the target host.
        context - the actual HTTP context.
        Returns:
        Socket a new socket
        Throws:
        java.io.IOException - if an I/O error occurs while creating the socket
      • createLayeredSocket

        public java.net.Socket createLayeredSocket​(java.net.Socket socket,
                                                   java.lang.String target,
                                                   int port,
                                                   java.lang.Object attachment,
                                                   org.apache.hc.core5.http.protocol.HttpContext context)
                                            throws java.io.IOException
        Description copied from interface: LayeredConnectionSocketFactory
        Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.
        Specified by:
        createLayeredSocket in interface LayeredConnectionSocketFactory
        Parameters:
        socket - the existing socket
        target - the name of the target host.
        port - the port to connect to on the target host.
        attachment - connect request attachment.
        context - the actual HTTP context.
        Returns:
        Socket a new socket
        Throws:
        java.io.IOException - if an I/O error occurs while creating the socket
      • executeHandshake

        private void executeHandshake​(javax.net.ssl.SSLSocket sslsock,
                                      java.lang.String target,
                                      java.lang.Object attachment,
                                      org.apache.hc.core5.http.protocol.HttpContext context)
                               throws java.io.IOException
        Throws:
        java.io.IOException
      • verifyHostname

        private void verifyHostname​(javax.net.ssl.SSLSocket sslsock,
                                    java.lang.String hostname)
                             throws java.io.IOException
        Throws:
        java.io.IOException
      • verifySession

        protected void verifySession​(java.lang.String hostname,
                                     javax.net.ssl.SSLSession sslSession)
                              throws javax.net.ssl.SSLException
        Throws:
        javax.net.ssl.SSLException