COM.claymoresystems.ptls

Class SSLSocket

public class SSLSocket extends Socket implements SSLSocketXInt

SSLSocket.java Copyright (C) 1999, Claymore Systems, Inc. All Rights Reserved. ekr@rtfm.com Tue May 18 09:30:32 1999 This package is a SSLv3/TLS implementation written by Eric Rescorla and licensed by Claymore Systems, Inc. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by Claymore Systems, Inc. 4. Neither the name of Claymore Systems, Inc. nor the name of Eric Rescorla may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. $Id: SSLSocket.java,v 1.17 2002/03/01 17:10:37 ekr Exp $
Constructor Summary
SSLSocket(SSLContext ctx, String remote_addr, Integer remote_port)
Create an SSLSocket and connect it to the server on the specified host and port, doing the SSLHandshake.
SSLSocket(SSLContext ctx, String remote_addr, int port)
Create an SSLSocket and connect it to the server on the specified host and port, doing the SSLHandshake
SSLSocket(SSLContext ctx, InetAddress addr, int port)
Creates a stream socket and connects it to the specified port number at the specified IP address performing the SSL Handshake
SSLSocket(SSLContext ctx, InetAddress addr, int port, InetAddress localAddr, int localPort)
Creates a stream socket and connects it to the specified port number at the specified IP address performing the SSL Handshake
SSLSocket(SSLContext ctx, String host, int port, InetAddress localAddr, int localPort)
Creates a stream socket and connects it to the specified port number at the specified host, performing the SSL Handshake
SSLSocket(SSLContext ctx, InputStream input, OutputStream output, String host, int port, int how)
Create an SSLSocket and connect it to the server on the using the specified input stream and output stream
SSLSocket(SSLContext ctx, Socket sock, String host, int port, int how)
Create an SSLSocket around the specified socket.
SSLSocket()
Method Summary
voidclose()
close the connection.
VectorgetCertificateChain()
get the certificate chain presented by the peer.
intgetCipherSuite()
Get the cipherSuite in use on this socket, as an integer
InputStreamgetInputStream()
Get the input stream associated with this socket.
OutputStreamgetOutputStream()
Get the input stream associated with this socket.
SSLPolicyIntgetPolicy()
Get the policy associated with this socket
byte[]getSessionID()
Get the SessionID associated with this socket
intgetVersion()
Get the version of SSL negotiated.
voidhandshake()
Handshake.
voidhardClose()
Hard close.
static voidmain(String[] args)
Test code
voidrenegotiate(SSLPolicyInt policy)
Renegotiate the SSL connection using the given policy

This is useful (for instance) for a server to renegotiate using client authentication

voidrenegotiate()
Renegotiate the SSL connection using the same policy

This is mainly useful when a client is responding to a server's request for renegotiation

voidsendClose()
Send our half of the SSL close_notify handshake
StringtoString()
Converts this socket to a string
voidwaitForClose(boolean enforceFinished)
Wait to receive a close_notify from the other side.
void_stompOutputStream(OutputStream out)

Constructor Detail

SSLSocket

public SSLSocket(SSLContext ctx, String remote_addr, Integer remote_port)
Create an SSLSocket and connect it to the server on the specified host and port, doing the SSLHandshake. We need this to support the CSJ interface, which is why it duplicates the "int" version.

Parameters: ctx the SSLContext to use to create this socket remote_addr the hostname of the remote machine to connect to remote_port the port to connect to

Throws: IOException if something goes wrong in the handshake or making the connection

SSLSocket

public SSLSocket(SSLContext ctx, String remote_addr, int port)
Create an SSLSocket and connect it to the server on the specified host and port, doing the SSLHandshake

Parameters: ctx the SSLContext to use to create this socket remote_addr the hostname of the remote machine to connect to port the port to connect to

Throws: IOException if something goes wrong in the handshake or making the connection

SSLSocket

public SSLSocket(SSLContext ctx, InetAddress addr, int port)
Creates a stream socket and connects it to the specified port number at the specified IP address performing the SSL Handshake

Parameters: ctx the SSLContext to use to create this socket addr the address to connect to port the port to connect to

Throws: IOException if something goes wrong in the handshake or making the connection performing the SSL Handshake

SSLSocket

public SSLSocket(SSLContext ctx, InetAddress addr, int port, InetAddress localAddr, int localPort)
Creates a stream socket and connects it to the specified port number at the specified IP address performing the SSL Handshake

Parameters: ctx the SSLContext to use to create this socket addr the address to connect to port the port to connect to localAddr the local address to bind to localPort the local port to bind to

Throws: IOException if something goes wrong in the handshake or making the connection

SSLSocket

public SSLSocket(SSLContext ctx, String host, int port, InetAddress localAddr, int localPort)
Creates a stream socket and connects it to the specified port number at the specified host, performing the SSL Handshake

Parameters: ctx the SSLContext to use to create this socket host the address to connect to port the port to connect to localAddr the local address to bind to localPort the local port to bind to

Throws: IOException if something goes wrong in the handshake or making the connection

SSLSocket

public SSLSocket(SSLContext ctx, InputStream input, OutputStream output, String host, int port, int how)
Create an SSLSocket and connect it to the server on the using the specified input stream and output stream

Parameters: ctx the SSLContext to use to create this socket input where data is read from output where data is written to remote_addr the hostname of the remote machine (used for session resumption) port the port to connect to (used for session resumption: the host/port pair should be unique) how which role to take in handshake SSLSocket.CLIENT or SSLSocket.SERVER

Throws: IOException if something goes wrong in the handshake or making the connection

SSLSocket

public SSLSocket(SSLContext ctx, Socket sock, String host, int port, int how)
Create an SSLSocket around the specified socket. Provided by Ronald Tschalar

Parameters: ctx the SSLContext to use to create this socket socket the underlying socket to wrap around remote_addr the hostname of the remote machine (used for session resumption) port the port to connect to (used for session resumption: the host/port pair should be unique) how which role to take in handshake SSLSocket.CLIENT or SSLSocket.SERVER

Throws: IOException if something goes wrong in the handshake

SSLSocket

public SSLSocket()

Method Detail

close

public void close()
close the connection. This executes the closure procedure and throws an error if the close_notify exchange doesn't succeed.

Throws: IOException if there is a problem with the close_notify

getCertificateChain

public Vector getCertificateChain()
get the certificate chain presented by the peer. This is relevant for clients and servers if Client Authentication is being used.

Returns: the certificate chain as a Vector of X509Certs, null if unavailable The root is at 0 and the user cert is at n-1

getCipherSuite

public int getCipherSuite()
Get the cipherSuite in use on this socket, as an integer

Returns: the ciphersuite in use

getInputStream

public InputStream getInputStream()
Get the input stream associated with this socket. Data read from this input stream is automatically SSL decrypted

getOutputStream

public OutputStream getOutputStream()
Get the input stream associated with this socket. Data read from this input stream is automatically SSL encrypted

getPolicy

public SSLPolicyInt getPolicy()
Get the policy associated with this socket

Returns: the policy

getSessionID

public byte[] getSessionID()
Get the SessionID associated with this socket

Returns: the session ID or null if none

getVersion

public int getVersion()
Get the version of SSL negotiated.

Returns: 768 (0x300) for SSLv3 or 769 (0x301) for TLSv1

handshake

public void handshake()
Handshake. Used when automatic handshaking on connect is turned off

hardClose

public void hardClose()
Hard close. Don't do SSL closure

main

public static void main(String[] args)
Test code

renegotiate

public void renegotiate(SSLPolicyInt policy)
Renegotiate the SSL connection using the given policy

This is useful (for instance) for a server to renegotiate using client authentication

Parameters: policy the policy to use

renegotiate

public void renegotiate()
Renegotiate the SSL connection using the same policy

This is mainly useful when a client is responding to a server's request for renegotiation

sendClose

public void sendClose()
Send our half of the SSL close_notify handshake

Throws: IOException if the close_notify alert can't be sent

toString

public String toString()
Converts this socket to a string

Returns: a string description of this socket

waitForClose

public void waitForClose(boolean enforceFinished)
Wait to receive a close_notify from the other side.

Parameters: enforceFinished insist that no more data be present on the connection before the close_notify is received. This ensures that the application has read all the data that the peer sent

Throws: IOException if the close_notify couldn't be read or if enforceFinished is true and more data was present.

_stompOutputStream

public void _stompOutputStream(OutputStream out)
Copyright (c) 1999-2001 Claymore Systems, Inc., All Rights Reserved.