org.apache.commons.httpclient.contrib.ssl
Class StrictSSLProtocolSocketFactory
java.lang.Object
javax.net.SocketFactory
javax.net.ssl.SSLSocketFactory
org.apache.commons.ssl.SSLClient
org.apache.commons.ssl.HttpSecureProtocol
org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory
- All Implemented Interfaces:
- org.apache.commons.httpclient.protocol.ProtocolSocketFactory, org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
public class StrictSSLProtocolSocketFactory
- extends HttpSecureProtocol
A SecureProtocolSocketFactory
that uses JSSE to create
SSL sockets. It will also support host name verification to help preventing
man-in-the-middle attacks. Host name verification is turned on by
default but one will be able to turn it off, which might be a useful feature
during development. Host name verification will make sure the SSL sessions
server host name matches with the the host name returned in the
server certificates "Common Name" field of the "SubjectDN" entry.
- Author:
- Sebastian Hauer
DISCLAIMER: HttpClient developers DO NOT actively support this component.
The component is provided as a reference material, which may be inappropriate
for use without additional customization.
Methods inherited from class org.apache.commons.ssl.SSLClient |
addTrustMaterial, createSocket, createSocket, createSocket, createSocket, createSocket, createSocket, createSocket, getAssociatedCertificateChain, getCheckCRL, getCheckExpiry, getCheckHostname, getConnectTimeout, getCurrentServerChain, getDefaultCipherSuites, getDefaultProtocol, getEnabledCiphers, getEnabledProtocols, getHostnameVerifier, getNeedClientAuth, getSoTimeout, getSSLContext, getSSLWrapperFactory, getSupportedCipherSuites, getTrustChain, getUseClientMode, getWantClientAuth, isSecure, setCheckCRL, setCheckExpiry, setCheckHostname, setConnectTimeout, setDefaultProtocol, setDnsOverride, setEnabledCiphers, setEnabledProtocols, setHostnameVerifier, setIsSecure, setKeyMaterial, setNeedClientAuth, setSoTimeout, setSSLWrapperFactory, setTrustMaterial, setUseClientMode, setWantClientAuth, useDefaultJavaCiphers, useStrongCiphers |
Methods inherited from class javax.net.ssl.SSLSocketFactory |
getDefault |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory |
createSocket |
Methods inherited from interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory |
createSocket, createSocket |
StrictSSLProtocolSocketFactory
public StrictSSLProtocolSocketFactory(boolean verifyHostname)
throws java.security.GeneralSecurityException,
java.io.IOException
- Constructor for StrictSSLProtocolSocketFactory.
- Parameters:
verifyHostname
- The host name verification flag. If set to
true
the SSL sessions server host name will be compared
to the host name returned in the server certificates "Common Name"
field of the "SubjectDN" entry. If these names do not match a
Exception is thrown to indicate this. Enabling host name verification
will help to prevent from man-in-the-middle attacks. If set to
false
host name verification is turned off.
Code sample:
Protocol stricthttps = new Protocol(
"https", new StrictSSLProtocolSocketFactory(true), 443);
HttpClient client = new HttpClient();
client.getHostConfiguration().setHost("localhost", 443, stricthttps);
- Throws:
java.security.GeneralSecurityException
java.io.IOException
StrictSSLProtocolSocketFactory
public StrictSSLProtocolSocketFactory()
throws java.security.GeneralSecurityException,
java.io.IOException
- Constructor for StrictSSLProtocolSocketFactory.
Host name verification will be enabled by default.
- Throws:
java.security.GeneralSecurityException
java.io.IOException
setHostnameVerification
public void setHostnameVerification(boolean verifyHostname)
- Set the host name verification flag.
- Parameters:
verifyHostname
- The host name verification flag. If set to
true
the SSL sessions server host name will be compared
to the host name returned in the server certificates "Common Name"
field of the "SubjectDN" entry. If these names do not match a
Exception is thrown to indicate this. Enabling host name verification
will help to prevent from man-in-the-middle attacks. If set to
false
host name verification is turned off.
getHostnameVerification
public boolean getHostnameVerification()
- Gets the status of the host name verification flag.
- Returns:
- Host name verification flag. Either
true
if host
name verification is turned on, or false
if host name
verification is turned off.