org.apache.commons.httpclient.contrib.ssl
Class StrictSSLProtocolSocketFactory

java.lang.Object
  extended by javax.net.SocketFactory
      extended by javax.net.ssl.SSLSocketFactory
          extended by org.apache.commons.ssl.SSLClient
              extended by org.apache.commons.ssl.HttpSecureProtocol
                  extended by org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory
All Implemented Interfaces:
org.apache.commons.httpclient.protocol.ProtocolSocketFactory, org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory

public class StrictSSLProtocolSocketFactory
extends HttpSecureProtocol

A SecureProtocolSocketFactory that uses JSSE to create SSL sockets. It will also support host name verification to help preventing man-in-the-middle attacks. Host name verification is turned on by default but one will be able to turn it off, which might be a useful feature during development. Host name verification will make sure the SSL sessions server host name matches with the the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry.

Author:
Sebastian Hauer

DISCLAIMER: HttpClient developers DO NOT actively support this component. The component is provided as a reference material, which may be inappropriate for use without additional customization.


Constructor Summary
StrictSSLProtocolSocketFactory()
          Constructor for StrictSSLProtocolSocketFactory.
StrictSSLProtocolSocketFactory(boolean verifyHostname)
          Constructor for StrictSSLProtocolSocketFactory.
 
Method Summary
 boolean getHostnameVerification()
          Gets the status of the host name verification flag.
 void setHostnameVerification(boolean verifyHostname)
          Set the host name verification flag.
 
Methods inherited from class org.apache.commons.ssl.HttpSecureProtocol
createSocket
 
Methods inherited from class org.apache.commons.ssl.SSLClient
addTrustMaterial, createSocket, createSocket, createSocket, createSocket, createSocket, createSocket, createSocket, getAssociatedCertificateChain, getCheckCRL, getCheckExpiry, getCheckHostname, getConnectTimeout, getCurrentServerChain, getDefaultCipherSuites, getDefaultProtocol, getEnabledCiphers, getEnabledProtocols, getHostnameVerifier, getNeedClientAuth, getSoTimeout, getSSLContext, getSSLWrapperFactory, getSupportedCipherSuites, getTrustChain, getUseClientMode, getWantClientAuth, isSecure, setCheckCRL, setCheckExpiry, setCheckHostname, setConnectTimeout, setDefaultProtocol, setDnsOverride, setEnabledCiphers, setEnabledProtocols, setHostnameVerifier, setIsSecure, setKeyMaterial, setNeedClientAuth, setSoTimeout, setSSLWrapperFactory, setTrustMaterial, setUseClientMode, setWantClientAuth, useDefaultJavaCiphers, useStrongCiphers
 
Methods inherited from class javax.net.ssl.SSLSocketFactory
getDefault
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
createSocket
 
Methods inherited from interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory
createSocket, createSocket
 

Constructor Detail

StrictSSLProtocolSocketFactory

public StrictSSLProtocolSocketFactory(boolean verifyHostname)
                               throws java.security.GeneralSecurityException,
                                      java.io.IOException
Constructor for StrictSSLProtocolSocketFactory.

Parameters:
verifyHostname - The host name verification flag. If set to true the SSL sessions server host name will be compared to the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry. If these names do not match a Exception is thrown to indicate this. Enabling host name verification will help to prevent from man-in-the-middle attacks. If set to false host name verification is turned off.

Code sample:

Protocol stricthttps = new Protocol( "https", new StrictSSLProtocolSocketFactory(true), 443);

HttpClient client = new HttpClient(); client.getHostConfiguration().setHost("localhost", 443, stricthttps);

Throws:
java.security.GeneralSecurityException
java.io.IOException

StrictSSLProtocolSocketFactory

public StrictSSLProtocolSocketFactory()
                               throws java.security.GeneralSecurityException,
                                      java.io.IOException
Constructor for StrictSSLProtocolSocketFactory. Host name verification will be enabled by default.

Throws:
java.security.GeneralSecurityException
java.io.IOException
Method Detail

setHostnameVerification

public void setHostnameVerification(boolean verifyHostname)
Set the host name verification flag.

Parameters:
verifyHostname - The host name verification flag. If set to true the SSL sessions server host name will be compared to the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry. If these names do not match a Exception is thrown to indicate this. Enabling host name verification will help to prevent from man-in-the-middle attacks. If set to false host name verification is turned off.

getHostnameVerification

public boolean getHostnameVerification()
Gets the status of the host name verification flag.

Returns:
Host name verification flag. Either true if host name verification is turned on, or false if host name verification is turned off.