Skip to content

Most visited

Recently visited

navigation
Added in API level 1

SSLCertificateSocketFactory

public class SSLCertificateSocketFactory
extends SSLSocketFactory

java.lang.Object
   ↳ javax.net.SocketFactory
     ↳ javax.net.ssl.SSLSocketFactory
       ↳ android.net.SSLCertificateSocketFactory


SSLSocketFactory implementation with several extra features:

The handshake timeout does not apply to actual TCP socket connection. If you want a connection timeout as well, use createSocket() and connect(SocketAddress, int), after which you must verify the identity of the server you are connected to.

Most SSLSocketFactory implementations do not verify the server's identity, allowing man-in-the-middle attacks. This implementation does check the server's certificate hostname, but only for createSocket variants that specify a hostname. When using methods that use InetAddress or which return an unconnected socket, you MUST verify the server's identity yourself to ensure a secure connection.

One way to verify the server's identity is to use getDefaultHostnameVerifier() to get a HostnameVerifier to verify the certificate hostname.

On development devices, "setprop socket.relaxsslcheck yes" bypasses all SSL certificate and hostname checks for testing purposes. This setting requires root access.

Summary

Public constructors

SSLCertificateSocketFactory(int handshakeTimeoutMillis)

This constructor was deprecated in API level 8. Use getDefault(int) instead.

Public methods

Socket createSocket(String host, int port)

Creates a new socket which is connected to the remote host specified by the parameters host and port.

This method verifies the peer's certificate hostname after connecting (unless created with getInsecure(int, SSLSessionCache)).

Socket createSocket(String host, int port, InetAddress localAddr, int localPort)

Creates a new socket which is connected to the remote host specified by the parameters host and port.

This method verifies the peer's certificate hostname after connecting (unless created with getInsecure(int, SSLSessionCache)).

Socket createSocket(InetAddress addr, int port, InetAddress localAddr, int localPort)

Creates a new socket which is connected to the remote host specified by the InetAddress address.

Warning: Hostname verification is not performed with this method.

Socket createSocket(InetAddress addr, int port)

Creates a new socket which is connected to the remote host specified by the InetAddress host.

Warning: Hostname verification is not performed with this method.

Socket createSocket(Socket k, String host, int port, boolean close)

Creates an SSLSocket over the specified socket that is connected to the specified host at the specified port.

This method verifies the peer's certificate hostname after connecting (unless created with getInsecure(int, SSLSessionCache)).

Socket createSocket()

Creates a new socket which is not connected to any remote host.

static SocketFactory getDefault(int handshakeTimeoutMillis)

Returns a new socket factory instance with an optional handshake timeout.

static SSLSocketFactory getDefault(int handshakeTimeoutMillis, SSLSessionCache cache)

Returns a new socket factory instance with an optional handshake timeout and SSL session cache.

String[] getDefaultCipherSuites()

Returns the names of the cipher suites that are enabled by default.

static SSLSocketFactory getInsecure(int handshakeTimeoutMillis, SSLSessionCache cache)

Returns a new instance of a socket factory with all SSL security checks disabled, using an optional handshake timeout and SSL session cache.

byte[] getNpnSelectedProtocol(Socket socket)

Returns the Next Protocol Negotiation (NPN) protocol selected by client and server, or null if no protocol was negotiated.

String[] getSupportedCipherSuites()

Returns the names of the cipher suites that are supported and could be enabled for an SSL connection.

void setHostname(Socket socket, String hostName)

Turns on Server Name Indication (SNI) on a given socket.

void setKeyManagers(KeyManager[] keyManagers)

Sets the KeyManagers to be used for connections made by this factory.

void setNpnProtocols(byte[][] npnProtocols)

Sets the Next Protocol Negotiation (NPN) protocols that this peer is interested in.

void setTrustManagers(TrustManager[] trustManager)

Sets the TrustManagers to be used for connections made by this factory.

void setUseSessionTickets(Socket socket, boolean useSessionTickets)

Enables session ticket support on the given socket.

Inherited methods

From class javax.net.ssl.SSLSocketFactory
From class javax.net.SocketFactory
From class java.lang.Object

Public constructors

SSLCertificateSocketFactory

Added in API level 1
SSLCertificateSocketFactory (int handshakeTimeoutMillis)

This constructor was deprecated in API level 8.
Use getDefault(int) instead.

Parameters
handshakeTimeoutMillis int

Public methods

createSocket

Added in API level 1
Socket createSocket (String host, 
                int port)

Creates a new socket which is connected to the remote host specified by the parameters host and port. The socket is bound to any available local address and port.

This method verifies the peer's certificate hostname after connecting (unless created with getInsecure(int, SSLSessionCache)).

Parameters
host String: the remote host address the socket has to be connected to.
port int: the port number of the remote host at which the socket is connected.
Returns
Socket the created connected socket.
Throws
IOException

createSocket

Added in API level 1
Socket createSocket (String host, 
                int port, 
                InetAddress localAddr, 
                int localPort)

Creates a new socket which is connected to the remote host specified by the parameters host and port. The socket is bound to the local network interface specified by the InetAddress localHost on port localPort.

This method verifies the peer's certificate hostname after connecting (unless created with getInsecure(int, SSLSessionCache)).

Parameters
host String: the remote host address the socket has to be connected to.
port int: the port number of the remote host at which the socket is connected.
localAddr InetAddress: the local host address the socket is bound to.
localPort int: the port number of the local host at which the socket is bound.
Returns
Socket the created connected socket.
Throws
IOException

createSocket

Added in API level 1
Socket createSocket (InetAddress addr, 
                int port, 
                InetAddress localAddr, 
                int localPort)

Creates a new socket which is connected to the remote host specified by the InetAddress address. The socket is bound to the local network interface specified by the InetAddress localHost on port localPort.

Warning: Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid man-in-the-middle attacks.

Parameters
addr InetAddress: the remote host address the socket has to be connected to.
port int: the port number of the remote host at which the socket is connected.
localAddr InetAddress: the local host address the socket is bound to.
localPort int: the port number of the local host at which the socket is bound.
Returns
Socket the created connected socket.
Throws
IOException

createSocket

Added in API level 1
Socket createSocket (InetAddress addr, 
                int port)

Creates a new socket which is connected to the remote host specified by the InetAddress host. The socket is bound to any available local address and port.

Warning: Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid man-in-the-middle attacks.

Parameters
addr InetAddress: the host address the socket has to be connected to.
port int: the port number of the remote host at which the socket is connected.
Returns
Socket the created connected socket.
Throws
IOException

createSocket

Added in API level 1
Socket createSocket (Socket k, 
                String host, 
                int port, 
                boolean close)

Creates an SSLSocket over the specified socket that is connected to the specified host at the specified port.

This method verifies the peer's certificate hostname after connecting (unless created with getInsecure(int, SSLSessionCache)).

Parameters
k Socket: the socket.
host String: the host.
port int: the port number.
close boolean: true if socket s should be closed when the created socket is closed, false if the socket s should be left open.
Returns
Socket the creates ssl socket.
Throws
IOException

createSocket

Added in API level 1
Socket createSocket ()

Creates a new socket which is not connected to any remote host. You must use connect(SocketAddress) to connect the socket.

Warning: Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid man-in-the-middle attacks.

Returns
Socket the created unconnected socket.
Throws
IOException

getDefault

Added in API level 1
SocketFactory getDefault (int handshakeTimeoutMillis)

Returns a new socket factory instance with an optional handshake timeout.

Parameters
handshakeTimeoutMillis int: to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake.
Returns
SocketFactory a new SSLSocketFactory with the specified parameters

getDefault

Added in API level 8
SSLSocketFactory getDefault (int handshakeTimeoutMillis, 
                SSLSessionCache cache)

Returns a new socket factory instance with an optional handshake timeout and SSL session cache.

Parameters
handshakeTimeoutMillis int: to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake.
cache SSLSessionCache: The SSLSessionCache to use, or null for no cache.
Returns
SSLSocketFactory a new SSLSocketFactory with the specified parameters

getDefaultCipherSuites

Added in API level 1
String[] getDefaultCipherSuites ()

Returns the names of the cipher suites that are enabled by default.

Returns
String[] the names of the cipher suites that are enabled by default.

getInsecure

Added in API level 8
SSLSocketFactory getInsecure (int handshakeTimeoutMillis, 
                SSLSessionCache cache)

Returns a new instance of a socket factory with all SSL security checks disabled, using an optional handshake timeout and SSL session cache.

Warning: Sockets created using this factory are vulnerable to man-in-the-middle attacks!

Parameters
handshakeTimeoutMillis int: to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake.
cache SSLSessionCache: The SSLSessionCache to use, or null for no cache.
Returns
SSLSocketFactory an insecure SSLSocketFactory with the specified parameters

getNpnSelectedProtocol

Added in API level 16
byte[] getNpnSelectedProtocol (Socket socket)

Returns the Next Protocol Negotiation (NPN) protocol selected by client and server, or null if no protocol was negotiated.

Parameters
socket Socket: a socket created by this factory.
Returns
byte[]
Throws
IllegalArgumentException if the socket was not created by this factory.

getSupportedCipherSuites

Added in API level 1
String[] getSupportedCipherSuites ()

Returns the names of the cipher suites that are supported and could be enabled for an SSL connection.

Returns
String[] the names of the cipher suites that are supported.

setHostname

Added in API level 17
void setHostname (Socket socket, 
                String hostName)

Turns on Server Name Indication (SNI) on a given socket.

Parameters
socket Socket: a socket created by this factory.
hostName String: the desired SNI hostname, null to disable.
Throws
IllegalArgumentException if the socket was not created by this factory.

setKeyManagers

Added in API level 14
void setKeyManagers (KeyManager[] keyManagers)

Sets the KeyManagers to be used for connections made by this factory.

Parameters
keyManagers KeyManager

setNpnProtocols

Added in API level 16
void setNpnProtocols (byte[][] npnProtocols)

Sets the Next Protocol Negotiation (NPN) protocols that this peer is interested in.

For servers this is the sequence of protocols to advertise as supported, in order of preference. This list is sent unencrypted to all clients that support NPN.

For clients this is a list of supported protocols to match against the server's list. If there is no protocol supported by both client and server then the first protocol in the client's list will be selected. The order of the client's protocols is otherwise insignificant.

Parameters
npnProtocols byte: a non-empty list of protocol byte arrays. All arrays must be non-empty and of length less than 256.

setTrustManagers

Added in API level 14
void setTrustManagers (TrustManager[] trustManager)

Sets the TrustManagers to be used for connections made by this factory.

Parameters
trustManager TrustManager

setUseSessionTickets

Added in API level 17
void setUseSessionTickets (Socket socket, 
                boolean useSessionTickets)

Enables session ticket support on the given socket.

Parameters
socket Socket: a socket created by this factory
useSessionTickets boolean: true to enable session ticket support on this socket.
Throws
IllegalArgumentException if the socket was not created by this factory.
This site uses cookies to store your preferences for site-specific language and display options.

Hooray!

This class requires API level or higher

This doc is hidden because your selected API level for the documentation is . You can change the documentation API level with the selector above the left navigation.

For more information about specifying the API level your app requires, read Supporting Different Platform Versions.