StrictSSLProtocolSocketFactory

java.lang.Object
- javax.net.SocketFactory
- - javax.net.ssl.SSLSocketFactory
  - - org.apache.commons.ssl.SSLClient
    - - org.apache.commons.ssl.HttpSecureProtocol
      - org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory

All Implemented Interfaces:

ProtocolSocketFactory, SecureProtocolSocketFactory
```
public class StrictSSLProtocolSocketFactory
extends HttpSecureProtocol
```
A SecureProtocolSocketFactory that uses JSSE to create SSL sockets. It will also support host name verification to help preventing man-in-the-middle attacks. Host name verification is turned on by default but one will be able to turn it off, which might be a useful feature during development. Host name verification will make sure the SSL sessions server host name matches with the the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry.

Author:

Sebastian Hauer
DISCLAIMER: HttpClient developers DO NOT actively support this component. The component is provided as a reference material, which may be inappropriate for use without additional customization.

Constructor Summary

Constructors
Constructor and Description
`StrictSSLProtocolSocketFactory()` Constructor for StrictSSLProtocolSocketFactory.
`StrictSSLProtocolSocketFactory(boolean verifyHostname)` Constructor for StrictSSLProtocolSocketFactory.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`getHostnameVerification()` Gets the status of the host name verification flag.
`void`	`setHostnameVerification(boolean verifyHostname)` Set the host name verification flag.

Methods inherited from class org.apache.commons.ssl.HttpSecureProtocol
createSocket

Methods inherited from class org.apache.commons.ssl.SSLClient
addTrustMaterial, createSocket, createSocket, createSocket, createSocket, createSocket, createSocket, createSocket, getAssociatedCertificateChain, getCheckCRL, getCheckExpiry, getCheckHostname, getConnectTimeout, getCurrentServerChain, getDefaultCipherSuites, getDefaultProtocol, getEnabledCiphers, getEnabledProtocols, getHostnameVerifier, getNeedClientAuth, getSoTimeout, getSSLContext, getSSLWrapperFactory, getSupportedCipherSuites, getTrustChain, getUseClientMode, getWantClientAuth, isSecure, setCheckCRL, setCheckExpiry, setCheckHostname, setConnectTimeout, setDefaultProtocol, setDnsOverride, setEnabledCiphers, setEnabledProtocols, setHostnameVerifier, setIsSecure, setKeyMaterial, setNeedClientAuth, setSoTimeout, setSSLWrapperFactory, setTrustMaterial, setUseClientMode, setWantClientAuth

Methods inherited from class javax.net.ssl.SSLSocketFactory
createSocket, getDefault

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
createSocket

Methods inherited from interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory
createSocket, createSocket

- Constructor Detail
  - StrictSSLProtocolSocketFactory
```
public StrictSSLProtocolSocketFactory(boolean verifyHostname)
                               throws GeneralSecurityException,
                                      IOException
```
    Constructor for StrictSSLProtocolSocketFactory.
    
    Parameters:
    
    verifyHostname - The host name verification flag. If set to true the SSL sessions server host name will be compared to the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry. If these names do not match a Exception is thrown to indicate this. Enabling host name verification will help to prevent from man-in-the-middle attacks. If set to false host name verification is turned off.
    Code sample:
    
    Protocol stricthttps = new Protocol( "https", new StrictSSLProtocolSocketFactory(true), 443);
    HttpClient client = new HttpClient(); client.getHostConfiguration().setHost("localhost", 443, stricthttps);
    
    Throws:
    
    GeneralSecurityException
    
    IOException
  - StrictSSLProtocolSocketFactory
```
public StrictSSLProtocolSocketFactory()
                               throws GeneralSecurityException,
                                      IOException
```
    Constructor for StrictSSLProtocolSocketFactory. Host name verification will be enabled by default.
    
    Throws:
    
    GeneralSecurityException
    
    IOException
- Method Detail
  - setHostnameVerification
```
public void setHostnameVerification(boolean verifyHostname)
```
    Set the host name verification flag.
    
    Parameters:
    
    verifyHostname - The host name verification flag. If set to true the SSL sessions server host name will be compared to the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry. If these names do not match a Exception is thrown to indicate this. Enabling host name verification will help to prevent from man-in-the-middle attacks. If set to false host name verification is turned off.
  - getHostnameVerification
```
public boolean getHostnameVerification()
```
    Gets the status of the host name verification flag.
    
    Returns:
    
    Host name verification flag. Either true if host name verification is turned on, or false if host name verification is turned off.

Class StrictSSLProtocolSocketFactory

Constructor Summary

Method Summary

Methods inherited from class org.apache.commons.ssl.HttpSecureProtocol

Methods inherited from class org.apache.commons.ssl.SSLClient

Methods inherited from class javax.net.ssl.SSLSocketFactory

Methods inherited from class java.lang.Object

Methods inherited from interface org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory

Methods inherited from interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory

Constructor Detail

StrictSSLProtocolSocketFactory

StrictSSLProtocolSocketFactory

Method Detail

setHostnameVerification

getHostnameVerification