Skip to content

Most visited

Recently visited

navigation
Added in API level 1
Deprecated since API level 22

SSLSocketFactory

public class SSLSocketFactory
extends Object implements LayeredSocketFactory

java.lang.Object
   ↳ org.apache.http.conn.ssl.SSLSocketFactory


This class was deprecated in API level 22.
Please use openConnection() instead. Please visit this webpage for further details.

Layered socket factory for TLS/SSL connections, based on JSSE. .

SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.

SSLSocketFactory will enable server authentication when supplied with a truststore file containg one or several trusted certificates. The client secure socket will reject the connection during the SSL session handshake if the target HTTPS server attempts to authenticate itself with a non-trusted certificate.

Use JDK keytool utility to import a trusted certificate and generate a truststore file:

     keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
    

SSLSocketFactory will enable client authentication when supplied with a keystore file containg a private key/public certificate pair. The client secure socket will use the private key to authenticate itself to the target HTTPS server during the SSL session handshake if requested to do so by the server. The target HTTPS server will in its turn verify the certificate presented by the client in order to establish client's authenticity

Use the following sequence of actions to generate a keystore file

  • Use JDK keytool utility to generate a new key

    keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore
    For simplicity use the same password for the key as that of the keystore

  • Issue a certificate signing request (CSR)

    keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore

  • Send the certificate request to the trusted Certificate Authority for signature. One may choose to act as her own CA and sign the certificate request using a PKI tool, such as OpenSSL.

  • Import the trusted CA root certificate

    keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore

  • Import the PKCS#7 file containg the complete certificate chain

    keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore

  • Verify the content the resultant keystore file

    keytool -list -v -keystore my.keystore

Summary

Constants

String SSL

String SSLV2

String TLS

Fields

public static final X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER

public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER

public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER

Public constructors

SSLSocketFactory(String algorithm, KeyStore keystore, String keystorePassword, KeyStore truststore, SecureRandom random, HostNameResolver nameResolver)
SSLSocketFactory(KeyStore keystore, String keystorePassword, KeyStore truststore)
SSLSocketFactory(KeyStore keystore, String keystorePassword)
SSLSocketFactory(KeyStore truststore)

Public methods

Socket connectSocket(Socket sock, String host, int port, InetAddress localAddress, int localPort, HttpParams params)

Connects a socket to the given host.

Socket createSocket(Socket socket, String host, int port, boolean autoClose)

Returns a socket connected to the given host that is layered over an existing socket.

Socket createSocket()

Creates a new, unconnected socket.

X509HostnameVerifier getHostnameVerifier()
static SSLSocketFactory getSocketFactory()

Gets an singleton instance of the SSLProtocolSocketFactory.

boolean isSecure(Socket sock)

Checks whether a socket connection is secure.

void setHostnameVerifier(X509HostnameVerifier hostnameVerifier)

Inherited methods

From class java.lang.Object
From interface org.apache.http.conn.scheme.LayeredSocketFactory
From interface org.apache.http.conn.scheme.SocketFactory

Constants

SSL

Added in API level 1
String SSL

Constant Value: "SSL"

SSLV2

Added in API level 1
String SSLV2

Constant Value: "SSLv2"

TLS

Added in API level 1
String TLS

Constant Value: "TLS"

Fields

ALLOW_ALL_HOSTNAME_VERIFIER

Added in API level 1
X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER

BROWSER_COMPATIBLE_HOSTNAME_VERIFIER

Added in API level 1
X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER

STRICT_HOSTNAME_VERIFIER

Added in API level 1
X509HostnameVerifier STRICT_HOSTNAME_VERIFIER

Public constructors

SSLSocketFactory

Added in API level 1
SSLSocketFactory (String algorithm, 
                KeyStore keystore, 
                String keystorePassword, 
                KeyStore truststore, 
                SecureRandom random, 
                HostNameResolver nameResolver)

Parameters
algorithm String
keystore KeyStore
keystorePassword String
truststore KeyStore
random SecureRandom
nameResolver HostNameResolver
Throws
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException

SSLSocketFactory

Added in API level 1
SSLSocketFactory (KeyStore keystore, 
                String keystorePassword, 
                KeyStore truststore)

Parameters
keystore KeyStore
keystorePassword String
truststore KeyStore
Throws
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException

SSLSocketFactory

Added in API level 1
SSLSocketFactory (KeyStore keystore, 
                String keystorePassword)

Parameters
keystore KeyStore
keystorePassword String
Throws
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException

SSLSocketFactory

Added in API level 1
SSLSocketFactory (KeyStore truststore)

Parameters
truststore KeyStore
Throws
NoSuchAlgorithmException
KeyManagementException
KeyStoreException
UnrecoverableKeyException

Public methods

connectSocket

Added in API level 1
Socket connectSocket (Socket sock, 
                String host, 
                int port, 
                InetAddress localAddress, 
                int localPort, 
                HttpParams params)

Connects a socket to the given host.

Parameters
sock Socket: the socket to connect, as obtained from createSocket. null indicates that a new socket should be created and connected.
host String: the host to connect to
port int: the port to connect to on the host
localAddress InetAddress: the local address to bind the socket to, or null for any
localPort int: the port on the local machine, 0 or a negative number for any
params HttpParams: additional parameters for connecting
Returns
Socket the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.
Throws
IOException

createSocket

Added in API level 1
Socket createSocket (Socket socket, 
                String host, 
                int port, 
                boolean autoClose)

Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.

Parameters
socket Socket: the existing socket
host String: the host name/IP
port int: the port on the host
autoClose boolean: a flag for closing the underling socket when the created socket is closed
Returns
Socket Socket a new socket
Throws
IOException
UnknownHostException

createSocket

Added in API level 1
Socket createSocket ()

Creates a new, unconnected socket. The socket should subsequently be passed to connectSocket.

Returns
Socket a new socket
Throws
IOException

getHostnameVerifier

Added in API level 1
X509HostnameVerifier getHostnameVerifier ()

Returns
X509HostnameVerifier

getSocketFactory

Added in API level 1
SSLSocketFactory getSocketFactory ()

Gets an singleton instance of the SSLProtocolSocketFactory.

Returns
SSLSocketFactory a SSLProtocolSocketFactory

isSecure

Added in API level 1
boolean isSecure (Socket sock)

Checks whether a socket connection is secure. This factory creates TLS/SSL socket connections which, by default, are considered secure.
Derived classes may override this method to perform runtime checks, for example based on the cypher suite.

Parameters
sock Socket: the connected socket
Returns
boolean true
Throws
IllegalArgumentException if the argument is invalid

setHostnameVerifier

Added in API level 1
void setHostnameVerifier (X509HostnameVerifier hostnameVerifier)

Parameters
hostnameVerifier X509HostnameVerifier
This site uses cookies to store your preferences for site-specific language and display options.

Hooray!

This class requires API level or higher

This doc is hidden because your selected API level for the documentation is . You can change the documentation API level with the selector above the left navigation.

For more information about specifying the API level your app requires, read Supporting Different Platform Versions.

Take a one-minute survey?
Help us improve Android tools and documentation.