Added in API level 1
Deprecated in API level 22

SSLSocketFactory

open class SSLSocketFactory : LayeredSocketFactory
kotlin.Any
   ↳ org.apache.http.conn.ssl.SSLSocketFactory

Layered socket factory for TLS/SSL connections, based on JSSE. .

SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.

SSLSocketFactory will enable server authentication when supplied with a truststore file containg one or several trusted certificates. The client secure socket will reject the connection during the SSL session handshake if the target HTTPS server attempts to authenticate itself with a non-trusted certificate.

Use JDK keytool utility to import a trusted certificate and generate a truststore file:

keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
     

SSLSocketFactory will enable client authentication when supplied with a keystore file containg a private key/public certificate pair. The client secure socket will use the private key to authenticate itself to the target HTTPS server during the SSL session handshake if requested to do so by the server. The target HTTPS server will in its turn verify the certificate presented by the client in order to establish client's authenticity

Use the following sequence of actions to generate a keystore file

  • Use JDK keytool utility to generate a new key

    keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore
    For simplicity use the same password for the key as that of the keystore

  • Issue a certificate signing request (CSR)

    keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore

  • Send the certificate request to the trusted Certificate Authority for signature. One may choose to act as their own CA and sign the certificate request using a PKI tool, such as OpenSSL.

  • Import the trusted CA root certificate

    keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore

  • Import the PKCS#7 file containg the complete certificate chain

    keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore

  • Verify the content the resultant keystore file

    keytool -list -v -keystore my.keystore

Summary

Constants
static String

static String

static String

Public constructors
SSLSocketFactory(algorithm: String!, keystore: KeyStore!, keystorePassword: String!, truststore: KeyStore!, random: SecureRandom!, nameResolver: HostNameResolver!)

SSLSocketFactory(keystore: KeyStore!, keystorePassword: String!, truststore: KeyStore!)

SSLSocketFactory(keystore: KeyStore!, keystorePassword: String!)

SSLSocketFactory(truststore: KeyStore!)

Public methods
open Socket!
connectSocket(sock: Socket!, host: String!, port: Int, localAddress: InetAddress!, localPort: Int, params: HttpParams!)

open Socket!

open Socket!
createSocket(socket: Socket!, host: String!, port: Int, autoClose: Boolean)

open X509HostnameVerifier!

open static SSLSocketFactory!

Gets an singleton instance of the SSLProtocolSocketFactory.

open Boolean
isSecure(sock: Socket!)

Checks whether a socket connection is secure.

open Unit

Properties
static X509HostnameVerifier!

static X509HostnameVerifier!

static X509HostnameVerifier!

Constants

SSL

Added in API level 1
static val SSL: String

Deprecated: Deprecated in Java.

Value: "SSL"

SSLV2

Added in API level 1
static val SSLV2: String

Deprecated: Deprecated in Java.

Value: "SSLv2"

TLS

Added in API level 1
static val TLS: String

Deprecated: Deprecated in Java.

Value: "TLS"

Public constructors

SSLSocketFactory

Added in API level 1
SSLSocketFactory(
    algorithm: String!,
    keystore: KeyStore!,
    keystorePassword: String!,
    truststore: KeyStore!,
    random: SecureRandom!,
    nameResolver: HostNameResolver!)

SSLSocketFactory

Added in API level 1
SSLSocketFactory(
    keystore: KeyStore!,
    keystorePassword: String!,
    truststore: KeyStore!)

SSLSocketFactory

Added in API level 1
SSLSocketFactory(
    keystore: KeyStore!,
    keystorePassword: String!)

SSLSocketFactory

Added in API level 1
SSLSocketFactory(truststore: KeyStore!)

Public methods

connectSocket

Added in API level 1
open fun connectSocket(
    sock: Socket!,
    host: String!,
    port: Int,
    localAddress: InetAddress!,
    localPort: Int,
    params: HttpParams!
): Socket!

Deprecated: Deprecated in Java.

Parameters
sock Socket!: the socket to connect, as obtained from createSocket. null indicates that a new socket should be created and connected.
host String!: the host to connect to
port Int: the port to connect to on the host
localAddress InetAddress!: the local address to bind the socket to, or null for any
localPort Int: the port on the local machine, 0 or a negative number for any
params HttpParams!: additional parameters for connecting
Return
Socket! the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.
Exceptions
java.io.IOException if an I/O error occurs
java.net.UnknownHostException if the IP address of the target host can not be determined
org.apache.http.conn.ConnectTimeoutException if the socket cannot be connected within the time limit defined in the params

createSocket

Added in API level 1
open fun createSocket(): Socket!

Deprecated: Deprecated in Java.

Return
Socket! a new socket
Exceptions
java.io.IOException if an I/O error occurs while creating the socket

createSocket

Added in API level 1
open fun createSocket(
    socket: Socket!,
    host: String!,
    port: Int,
    autoClose: Boolean
): Socket!

Deprecated: Deprecated in Java.

Parameters
socket Socket!: the existing socket
host String!: the host name/IP
port Int: the port on the host
autoClose Boolean: a flag for closing the underling socket when the created socket is closed
Return
Socket! Socket a new socket
Exceptions
java.io.IOException if an I/O error occurs while creating the socket
java.net.UnknownHostException if the IP address of the host cannot be determined

getHostnameVerifier

Added in API level 1
open fun getHostnameVerifier(): X509HostnameVerifier!

Deprecated: Deprecated in Java.

getSocketFactory

Added in API level 1
open static fun getSocketFactory(): SSLSocketFactory!

Deprecated: Deprecated in Java.

Gets an singleton instance of the SSLProtocolSocketFactory.

Return
SSLSocketFactory! a SSLProtocolSocketFactory

isSecure

Added in API level 1
open fun isSecure(sock: Socket!): Boolean

Deprecated: Deprecated in Java.

Checks whether a socket connection is secure. This factory creates TLS/SSL socket connections which, by default, are considered secure.
Derived classes may override this method to perform runtime checks, for example based on the cypher suite.

Parameters
sock Socket!: the connected socket
Return
Boolean true
Exceptions
java.lang.IllegalArgumentException if the argument is invalid

setHostnameVerifier

Added in API level 1
open fun setHostnameVerifier(hostnameVerifier: X509HostnameVerifier!): Unit

Deprecated: Deprecated in Java.

Properties

ALLOW_ALL_HOSTNAME_VERIFIER

Added in API level 1
static val ALLOW_ALL_HOSTNAME_VERIFIER: X509HostnameVerifier!

Deprecated: Deprecated in Java.

BROWSER_COMPATIBLE_HOSTNAME_VERIFIER

Added in API level 1
static val BROWSER_COMPATIBLE_HOSTNAME_VERIFIER: X509HostnameVerifier!

Deprecated: Deprecated in Java.

STRICT_HOSTNAME_VERIFIER

Added in API level 1
static val STRICT_HOSTNAME_VERIFIER: X509HostnameVerifier!

Deprecated: Deprecated in Java.