Class SSLSocketFactory
SSLSocketFactory
s create SSLSocket
s.- Since:
- 1.4
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptioncreateSocket
(Socket s, InputStream consumed, boolean autoClose) Creates a server modeSocket
layered over an existing connected socket, and is able to read data which has already been consumed/removed from theSocket
's underlyingInputStream
.abstract Socket
createSocket
(Socket s, String host, int port, boolean autoClose) Returns a socket layered over an existing socket connected to the named host, at the given port.static SocketFactory
Returns the default SSL socket factory.abstract String[]
Returns the list of cipher suites which are enabled by default.abstract String[]
Returns the names of the cipher suites which could be enabled for use on an SSL connection.Methods declared in class javax.net.SocketFactory
createSocket, createSocket, createSocket, createSocket, createSocket
-
Constructor Details
-
SSLSocketFactory
public SSLSocketFactory()Constructor is used only by subclasses.
-
-
Method Details
-
getDefault
Returns the default SSL socket factory.The first time this method is called, the security property "ssl.SocketFactory.provider" is examined. If it is non-null, a class by that name is loaded and instantiated. If that is successful and the object is an instance of SSLSocketFactory, it is made the default SSL socket factory.
Otherwise, this method returns
SSLContext.getDefault().getSocketFactory()
. If that call fails, an inoperative factory is returned.- Returns:
- the default
SocketFactory
- See Also:
-
getDefaultCipherSuites
Returns the list of cipher suites which are enabled by default. Unless a different list is enabled, handshaking on an SSL connection will use one of these cipher suites. The minimum quality of service for these defaults requires confidentiality protection and server authentication (that is, no anonymous cipher suites).The returned array includes cipher suites from the list of standard cipher suite names in the JSSE Cipher Suite Names section of the Java Security Standard Algorithm Names Specification, and may also include other cipher suites that the provider supports.
- Returns:
- array of the cipher suites enabled by default
- See Also:
-
getSupportedCipherSuites
Returns the names of the cipher suites which could be enabled for use on an SSL connection. Normally, only a subset of these will actually be enabled by default, since this list may include cipher suites which do not meet quality of service requirements for those defaults. Such cipher suites are useful in specialized applications.The returned array includes cipher suites from the list of standard cipher suite names in the JSSE Cipher Suite Names section of the Java Security Standard Algorithm Names Specification, and may also include other cipher suites that the provider supports.
- Returns:
- an array of cipher suite names
- See Also:
-
createSocket
public abstract Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException Returns a socket layered over an existing socket connected to the named host, at the given port. This constructor can be used when tunneling SSL through a proxy or when negotiating the use of SSL over an existing socket. The host and port refer to the logical peer destination. This socket is configured using the socket options established for this factory.- Parameters:
s
- the existing sockethost
- the server hostport
- the server portautoClose
- close the underlying socket when this socket is closed- Returns:
- a socket connected to the specified host and port
- Throws:
IOException
- if an I/O error occurs when creating the socketNullPointerException
- if the parameter s is null
-
createSocket
Creates a server modeSocket
layered over an existing connected socket, and is able to read data which has already been consumed/removed from theSocket
's underlyingInputStream
.This method can be used by a server application that needs to observe the inbound data but still create valid SSL/TLS connections: for example, inspection of Server Name Indication (SNI) extensions (See section 3 of TLS Extensions (RFC6066)). Data that has been already removed from the underlying
InputStream
should be loaded into theconsumed
stream before this method is called, perhaps using aByteArrayInputStream
. When thisSocket
begins handshaking, it will read all the data inconsumed
until it reachesEOF
, then all further data is read from the underlyingInputStream
as usual.The returned socket is configured using the socket options established for this factory, and is set to use server mode when handshaking (see
SSLSocket.setUseClientMode(boolean)
).- Parameters:
s
- the existing socketconsumed
- the consumed inbound network data that has already been removed from the existingSocket
InputStream
. This parameter may benull
if no data has been removed.autoClose
- close the underlying socket when this socket is closed.- Returns:
- the
Socket
compliant with the socket options established for this factory - Throws:
IOException
- if an I/O error occurs when creating the socketUnsupportedOperationException
- if the underlying provider does not implement the operationNullPointerException
- ifs
isnull
- Since:
- 1.8
- External Specifications
-