public class StrictSSLProtocolSocketFactory extends HttpSecureProtocol
SecureProtocolSocketFactory
that uses JSSE to create
SSL sockets. It will also support host name verification to help preventing
man-in-the-middle attacks. Host name verification is turned on by
default but one will be able to turn it off, which might be a useful feature
during development. Host name verification will make sure the SSL sessions
server host name matches with the the host name returned in the
server certificates "Common Name" field of the "SubjectDN" entry.Constructor and Description |
---|
StrictSSLProtocolSocketFactory()
Constructor for StrictSSLProtocolSocketFactory.
|
StrictSSLProtocolSocketFactory(boolean verifyHostname)
Constructor for StrictSSLProtocolSocketFactory.
|
Modifier and Type | Method and Description |
---|---|
boolean |
getHostnameVerification()
Gets the status of the host name verification flag.
|
void |
setHostnameVerification(boolean verifyHostname)
Set the host name verification flag.
|
createSocket
addTrustMaterial, createSocket, createSocket, createSocket, createSocket, createSocket, createSocket, createSocket, getAssociatedCertificateChain, getCheckCRL, getCheckExpiry, getCheckHostname, getConnectTimeout, getCurrentServerChain, getDefaultCipherSuites, getDefaultProtocol, getEnabledCiphers, getEnabledProtocols, getHostnameVerifier, getNeedClientAuth, getSoTimeout, getSSLContext, getSSLWrapperFactory, getSupportedCipherSuites, getTrustChain, getUseClientMode, getWantClientAuth, isSecure, setCheckCRL, setCheckExpiry, setCheckHostname, setConnectTimeout, setDefaultProtocol, setDnsOverride, setEnabledCiphers, setEnabledProtocols, setHostnameVerifier, setIsSecure, setKeyMaterial, setNeedClientAuth, setSoTimeout, setSSLWrapperFactory, setTrustMaterial, setUseClientMode, setWantClientAuth
createSocket, getDefault
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
createSocket
createSocket, createSocket
public StrictSSLProtocolSocketFactory(boolean verifyHostname) throws GeneralSecurityException, IOException
verifyHostname
- The host name verification flag. If set to
true
the SSL sessions server host name will be compared
to the host name returned in the server certificates "Common Name"
field of the "SubjectDN" entry. If these names do not match a
Exception is thrown to indicate this. Enabling host name verification
will help to prevent from man-in-the-middle attacks. If set to
false
host name verification is turned off.
Code sample:
Protocol stricthttps = new Protocol( "https", new StrictSSLProtocolSocketFactory(true), 443); HttpClient client = new HttpClient(); client.getHostConfiguration().setHost("localhost", 443, stricthttps);
GeneralSecurityException
IOException
public StrictSSLProtocolSocketFactory() throws GeneralSecurityException, IOException
GeneralSecurityException
IOException
public void setHostnameVerification(boolean verifyHostname)
verifyHostname
- The host name verification flag. If set to
true
the SSL sessions server host name will be compared
to the host name returned in the server certificates "Common Name"
field of the "SubjectDN" entry. If these names do not match a
Exception is thrown to indicate this. Enabling host name verification
will help to prevent from man-in-the-middle attacks. If set to
false
host name verification is turned off.public boolean getHostnameVerification()
true
if host
name verification is turned on, or false
if host name
verification is turned off.