Added in API level 1
Deprecated in API level 29

Summary: Ctors | Methods | Inherited Methods

SSLCertificateSocketFactory

Kotlin |Java

public class SSLCertificateSocketFactory
extends SSLSocketFactory

java.lang.Object
↳	javax.net.SocketFactory
	↳	javax.net.ssl.SSLSocketFactory
		↳	android.net.SSLCertificateSocketFactory

This class was deprecated in API level 29.
This class has less error-prone replacements using standard APIs. To create an SSLSocket, obtain an SSLSocketFactory from SSLSocketFactory#getDefault() or SSLContext.getSocketFactory(). To verify hostnames, pass "HTTPS" to SSLParameters.setEndpointIdentificationAlgorithm(String). To enable ALPN, use SSLParameters.setApplicationProtocols(String[]). To enable SNI, use SSLParameters.setServerNames(java.util.List).

SSLSocketFactory implementation with several extra features:

Timeout specification for SSL handshake operations
Hostname verification in most cases (see WARNINGs below)
Optional SSL session caching with SSLSessionCache
Optionally bypass all SSL certificate checks

The handshake timeout does not apply to actual TCP socket connection. If you want a connection timeout as well, use createSocket() and Socket#connect(java.net.SocketAddress, int), after which you must verify the identity of the server you are connected to.

Most SSLSocketFactory implementations do not verify the server's identity, allowing person-in-the-middle attacks. This implementation does check the server's certificate hostname, but only for createSocket variants that specify a hostname. When using methods that use InetAddress or which return an unconnected socket, you MUST verify the server's identity yourself to ensure a secure connection. Refer to Updating Your Security Provider to Protect Against SSL Exploits for further information.

The recommended way to verify the server's identity is to use HttpsURLConnection#getDefaultHostnameVerifier() to get a HostnameVerifier to verify the certificate hostname.

Warning: Some methods on this class return connected sockets and some return unconnected sockets. For the methods that return connected sockets, setting connection- or handshake-related properties on those sockets will have no effect.

On development devices, "setprop socket.relaxsslcheck yes" bypasses all SSL certificate and hostname checks for testing purposes. This setting requires root access.

Summary

Public constructors
`SSLCertificateSocketFactory(int handshakeTimeoutMillis)` This constructor is deprecated. Use `getDefault(int)` instead.

Public methods
`Socket`	`createSocket(String host, int port)` Creates a socket and connects it to the specified remote host at the specified remote port. By default, this method returns a connected socket and verifies the peer's certificate hostname after connecting using the `HostnameVerifier` obtained from `HttpsURLConnection.getDefaultHostnameVerifier()`; if this instance was created with `getInsecure(int, android.net.SSLSessionCache)`, it returns a socket that is not connected instead.
`Socket`	`createSocket(Socket k, String host, int port, boolean close)` Returns a socket layered over an existing socket connected to the named host, at the given port. By default, this method returns a connected socket and verifies the peer's certificate hostname after connecting using the `HostnameVerifier` obtained from `HttpsURLConnection.getDefaultHostnameVerifier()`; if this instance was created with `getInsecure(int, android.net.SSLSessionCache)`, it returns a socket that is not connected instead.
`Socket`	`createSocket()` Creates a new socket which is not connected to any remote host.
`Socket`	`createSocket(InetAddress addr, int port, InetAddress localAddr, int localPort)` Creates a socket and connect it to the specified remote address on the specified remote port. This method returns a socket that is not connected.
`Socket`	`createSocket(InetAddress addr, int port)` Creates a socket and connects it to the specified port number at the specified address. This method returns a socket that is not connected.
`Socket`	`createSocket(String host, int port, InetAddress localAddr, int localPort)` Creates a socket and connects it to the specified remote host on the specified remote port. By default, this method returns a connected socket and verifies the peer's certificate hostname after connecting using the `HostnameVerifier` obtained from `HttpsURLConnection.getDefaultHostnameVerifier()`; if this instance was created with `getInsecure(int, android.net.SSLSessionCache)`, it returns a socket that is not connected instead.
`static SocketFactory`	`getDefault(int handshakeTimeoutMillis)` Returns a new socket factory instance with an optional handshake timeout.
`static SSLSocketFactory`	`getDefault(int handshakeTimeoutMillis, SSLSessionCache cache)` Returns a new socket factory instance with an optional handshake timeout and SSL session cache.
`String[]`	`getDefaultCipherSuites()` Returns the list of cipher suites which are enabled by default.
`static SSLSocketFactory`	`getInsecure(int handshakeTimeoutMillis, SSLSessionCache cache)` Returns a new instance of a socket factory with all SSL security checks disabled, using an optional handshake timeout and SSL session cache.
`byte[]`	`getNpnSelectedProtocol(Socket socket)` Returns the Next Protocol Negotiation (NPN) protocol selected by client and server, or null if no protocol was negotiated.
`String[]`	`getSupportedCipherSuites()` Returns the names of the cipher suites which could be enabled for use on an SSL connection.
`void`	`setHostname(Socket socket, String hostName)` Turns on Server Name Indication (SNI) on a given socket.
`void`	`setKeyManagers(KeyManager[] keyManagers)` Sets the `KeyManager`s to be used for connections made by this factory.
`void`	`setNpnProtocols(byte[][] npnProtocols)` Sets the Next Protocol Negotiation (NPN) protocols that this peer is interested in.
`void`	`setTrustManagers(TrustManager[] trustManager)` Sets the `TrustManager`s to be used for connections made by this factory.
`void`	`setUseSessionTickets(Socket socket, boolean useSessionTickets)` Enables session ticket support on the given socket.

Inherited methods

From class


        
          javax.net.ssl.SSLSocketFactory

`abstract Socket`	`createSocket(Socket s, String host, int port, boolean autoClose)` Returns a socket layered over an existing socket connected to the named host, at the given port.
`static SocketFactory`	`getDefault()` Returns the default SSL socket factory.
`abstract String[]`	`getDefaultCipherSuites()` Returns the list of cipher suites which are enabled by default.
`abstract String[]`	`getSupportedCipherSuites()` Returns the names of the cipher suites which could be enabled for use on an SSL connection.

From class


        
          javax.net.SocketFactory

`abstract Socket`	`createSocket(String host, int port)` Creates a socket and connects it to the specified remote host at the specified remote port.
`abstract Socket`	`createSocket(InetAddress host, int port)` Creates a socket and connects it to the specified port number at the specified address.
`abstract Socket`	`createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)` Creates a socket and connect it to the specified remote address on the specified remote port.
`abstract Socket`	`createSocket(String host, int port, InetAddress localHost, int localPort)` Creates a socket and connects it to the specified remote host on the specified remote port.
`Socket`	`createSocket()` Creates an unconnected socket.
`static SocketFactory`	`getDefault()` Returns a copy of the environment's default socket factory.

From class


        
          java.lang.Object

`Object`	`clone()` Creates and returns a copy of this object.
`boolean`	`equals(Object obj)` Indicates whether some other object is "equal to" this one.
`void`	`finalize()` Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.
`final Class<?>`	`getClass()` Returns the runtime class of this `Object`.
`int`	`hashCode()` Returns a hash code value for the object.
`final void`	`notify()` Wakes up a single thread that is waiting on this object's monitor.
`final void`	`notifyAll()` Wakes up all threads that are waiting on this object's monitor.
`String`	`toString()` Returns a string representation of the object.
`final void`	`wait(long timeoutMillis, int nanos)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait(long timeoutMillis)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait()` Causes the current thread to wait until it is awakened, typically by being notified or interrupted.

Public constructors

SSLCertificateSocketFactory

Added in API level 1

public SSLCertificateSocketFactory (int handshakeTimeoutMillis)

This constructor is deprecated.
Use getDefault(int) instead.

Parameters
`handshakeTimeoutMillis`	`int`

Public methods

createSocket

Added in API level 1

public Socket createSocket (String host, 
                int port)

Creates a socket and connects it to the specified remote host at the specified remote port. This socket is configured using the socket options established for this factory.

If there is a security manager, its checkConnect method is called with the host address and port as its arguments. This could result in a SecurityException.

By default, this method returns a connected socket and verifies the peer's certificate hostname after connecting using the HostnameVerifier obtained from HttpsURLConnection.getDefaultHostnameVerifier(); if this instance was created with getInsecure(int, android.net.SSLSessionCache), it returns a socket that is not connected instead.

Parameters
`host`	`String`: the server host name with which to connect, or `null` for the loopback address.
`port`	`int`: the server port

Returns
`Socket`	the `Socket`

Throws
`IOException`

createSocket

Added in API level 1

public Socket createSocket (Socket k, 
                String host, 
                int port, 
                boolean close)

Returns a socket layered over an existing socket connected to the named host, at the given port. This constructor can be used when tunneling SSL through a proxy or when negotiating the use of SSL over an existing socket. The host and port refer to the logical peer destination. This socket is configured using the socket options established for this factory.

Parameters
`k`	`Socket`: the existing socket
`host`	`String`: the server host
`port`	`int`: the server port
`close`	`boolean`: close the underlying socket when this socket is closed

Returns
`Socket`	a socket connected to the specified host and port

Throws
`IOException`

createSocket

Added in API level 1

public Socket createSocket ()

Creates a new socket which is not connected to any remote host. You must use Socket#connect to connect the socket.

Warning: Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid person-in-the-middle attacks.

Returns
`Socket`	the unconnected socket

Throws
`IOException`

createSocket

Added in API level 1

public Socket createSocket (InetAddress addr, 
                int port, 
                InetAddress localAddr, 
                int localPort)

Creates a socket and connect it to the specified remote address on the specified remote port. The socket will also be bound to the local address and port suplied. The socket is configured using the socket options established for this factory.

If there is a security manager, its checkConnect method is called with the host address and port as its arguments. This could result in a SecurityException.

This method returns a socket that is not connected.

Warning: Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid person-in-the-middle attacks.

Parameters
`addr`	`InetAddress`: the server network address
`port`	`int`: the server port
`localAddr`	`InetAddress`: the client network address
`localPort`	`int`: the client port

Returns
`Socket`	the `Socket`

Throws
`IOException`

createSocket

Added in API level 1

public Socket createSocket (InetAddress addr, 
                int port)

Creates a socket and connects it to the specified port number at the specified address. This socket is configured using the socket options established for this factory.

If there is a security manager, its checkConnect method is called with the host address and port as its arguments. This could result in a SecurityException.

This method returns a socket that is not connected.

Warning: Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid person-in-the-middle attacks.

Parameters
`addr`	`InetAddress`: the server host
`port`	`int`: the server port

Returns
`Socket`	the `Socket`

Throws
`IOException`

createSocket

Added in API level 1

public Socket createSocket (String host, 
                int port, 
                InetAddress localAddr, 
                int localPort)

Creates a socket and connects it to the specified remote host on the specified remote port. The socket will also be bound to the local address and port supplied. This socket is configured using the socket options established for this factory.

If there is a security manager, its checkConnect method is called with the host address and port as its arguments. This could result in a SecurityException.

Parameters
`host`	`String`: the server host name with which to connect, or `null` for the loopback address.
`port`	`int`: the server port
`localAddr`	`InetAddress`: the local address the socket is bound to
`localPort`	`int`: the local port the socket is bound to

Returns
`Socket`	the `Socket`

Throws
`IOException`

getDefault

Added in API level 1

public static SocketFactory getDefault (int handshakeTimeoutMillis)

Returns a new socket factory instance with an optional handshake timeout.

Parameters
`handshakeTimeoutMillis`	`int`: to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake.

Returns
`SocketFactory`	a new SSLSocketFactory with the specified parameters

getDefault

Added in API level 8
Deprecated in API level 29

public static SSLSocketFactory getDefault (int handshakeTimeoutMillis, 
                SSLSessionCache cache)

Returns a new socket factory instance with an optional handshake timeout and SSL session cache.

Parameters
`handshakeTimeoutMillis`	`int`: to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake.
`cache`	`SSLSessionCache`: The `SSLSessionCache` to use, or null for no cache.

Returns
`SSLSocketFactory`	a new SSLSocketFactory with the specified parameters

getDefaultCipherSuites

Added in API level 1

public String[] getDefaultCipherSuites ()

Returns the list of cipher suites which are enabled by default. Unless a different list is enabled, handshaking on an SSL connection will use one of these cipher suites. The minimum quality of service for these defaults requires confidentiality protection and server authentication (that is, no anonymous cipher suites).

Returns
`String[]`	array of the cipher suites enabled by default

getInsecure

Added in API level 8
Deprecated in API level 29

public static SSLSocketFactory getInsecure (int handshakeTimeoutMillis, 
                SSLSessionCache cache)

Returns a new instance of a socket factory with all SSL security checks disabled, using an optional handshake timeout and SSL session cache.

Warning: Sockets created using this factory are vulnerable to person-in-the-middle attacks!

Parameters
`handshakeTimeoutMillis`	`int`: to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake.
`cache`	`SSLSessionCache`: The `SSLSessionCache` to use, or null for no cache.

Returns
`SSLSocketFactory`	an insecure SSLSocketFactory with the specified parameters

getNpnSelectedProtocol

Added in API level 16
Deprecated in API level 29

public byte[] getNpnSelectedProtocol (Socket socket)

Returns the Next Protocol Negotiation (NPN) protocol selected by client and server, or null if no protocol was negotiated.

Parameters
`socket`	`Socket`: a socket created by this factory.

Returns
`byte[]`

Throws
`IllegalArgumentException`	if the socket was not created by this factory.

getSupportedCipherSuites

Added in API level 1

public String[] getSupportedCipherSuites ()

Returns the names of the cipher suites which could be enabled for use on an SSL connection. Normally, only a subset of these will actually be enabled by default, since this list may include cipher suites which do not meet quality of service requirements for those defaults. Such cipher suites are useful in specialized applications.

Applications should not blindly enable all supported cipher suites. The supported cipher suites can include signaling cipher suite values that can cause connection problems if enabled inappropriately.

The proper way to use this method is to either check if a specific cipher suite is supported via Arrays.asList(getSupportedCipherSuites()).contains(...) or to filter a desired list of cipher suites to only the supported ones via desiredSuiteSet.retainAll(Arrays.asList(getSupportedCipherSuites())).

Returns
`String[]`	an array of cipher suite names

setHostname

Added in API level 17
Deprecated in API level 29

public void setHostname (Socket socket, 
                String hostName)

Turns on Server Name Indication (SNI) on a given socket.

Parameters
`socket`	`Socket`: a socket created by this factory.
`hostName`	`String`: the desired SNI hostname, null to disable.

Throws
`IllegalArgumentException`	if the socket was not created by this factory.

setKeyManagers

Added in API level 14
Deprecated in API level 29

public void setKeyManagers (KeyManager[] keyManagers)

Sets the KeyManagers to be used for connections made by this factory.

Parameters
`keyManagers`	`KeyManager`

setNpnProtocols

Added in API level 16
Deprecated in API level 29

public void setNpnProtocols (byte[][] npnProtocols)

Sets the Next Protocol Negotiation (NPN) protocols that this peer is interested in.

For servers this is the sequence of protocols to advertise as supported, in order of preference. This list is sent unencrypted to all clients that support NPN.

For clients this is a list of supported protocols to match against the server's list. If there is no protocol supported by both client and server then the first protocol in the client's list will be selected. The order of the client's protocols is otherwise insignificant.

Parameters
`npnProtocols`	`byte`: a non-empty list of protocol byte arrays. All arrays must be non-empty and of length less than 256.

setTrustManagers

Added in API level 14
Deprecated in API level 29

public void setTrustManagers (TrustManager[] trustManager)

Sets the TrustManagers to be used for connections made by this factory.

Parameters
`trustManager`	`TrustManager`

setUseSessionTickets

Added in API level 17
Deprecated in API level 29

public void setUseSessionTickets (Socket socket, 
                boolean useSessionTickets)

Enables session ticket support on the given socket.

Parameters
`socket`	`Socket`: a socket created by this factory
`useSessionTickets`	`boolean`: `true` to enable session ticket support on this socket.

Throws
`IllegalArgumentException`	if the socket was not created by this factory.