org.mozilla.jss.ssl

Class SSLServerSocket

public class SSLServerSocket extends ServerSocket

SSL server socket.
Field Summary
static intDEFAULT_BACKLOG
The default size of the listen queue.
Constructor Summary
SSLServerSocket(int port)
Creates a server socket listening on the given port.
SSLServerSocket(int port, int backlog)
Creates a server socket listening on the given port.
SSLServerSocket(int port, int backlog, InetAddress bindAddr)
Creates a server socket listening on the given port.
SSLServerSocket(int port, int backlog, InetAddress bindAddr, SSLCertificateApprovalCallback certApprovalCallback)
Creates a server socket listening on the given port.
SSLServerSocket(int port, int backlog, InetAddress bindAddr, SSLCertificateApprovalCallback certApprovalCallback, boolean reuseAddr)
Creates a server socket listening on the given port.
Method Summary
Socketaccept()
Accepts a connection.
voidbypassPKCS11(boolean enable)
Enables the bypass of PKCS11 for performance on this socket.
static voidclearSessionCache()
Empties the SSL client session ID cache.
voidclose()
Closes this socket.
static voidconfigServerSessionIDCache(int maxSidEntries, int ssl2EntryTimeout, int ssl3EntryTimeout, String cacheFileDirectory)
Configures the session ID cache.
voidenableFDX(boolean enable)
Enable simultaneous read/write by separate read and write threads (full duplex) for this socket.
voidenableRollbackDetection(boolean enable)
Enable rollback detection for this socket.
voidenableSSL2(boolean enable)
Enables SSL v2 on this socket.
voidenableSSL3(boolean enable)
Enables SSL v3 on this socket.
voidenableStepDown(boolean enable)
This option, enableStepDown, is concerned with the generation of step-down keys which are used with export suites.
voidenableTLS(boolean enable)
Enables TLS on this socket.
voidenableV2CompatibleHello(boolean enable)
Enable sending v3 client hello in v2 format for this socket.
protected voidfinalize()
InetAddressgetInetAddress()
intgetLocalPort()
booleangetReuseAddress()
intgetSoTimeout()
Returns the current value of the SO_TIMEOUT socket option.
StringgetSSLOptions()
voidrequestClientAuth(boolean b)
Enables/disables the request of client authentication.
voidrequireClientAuth(boolean require, boolean onRedo)
Sets whether the socket requires client authentication from the remote peer.
voidrequireClientAuth(int mode)
Sets whether the socket requires client authentication from the remote peer.
voidsetClientCert(X509Certificate cert)
Sets the certificate to use for client authentication.
voidsetClientCertNickname(String nick)
Sets the nickname of the certificate to use for client authentication.
voidsetNeedClientAuth(boolean b)
voidsetNeedClientAuthNoExpiryCheck(boolean b)
Enables/disables the request of client authentication.
voidsetReuseAddress(boolean reuse)
voidsetServerCert(X509Certificate certnickname)
Sets the certificate to use for server authentication.
voidsetServerCertNickname(String nick)
Sets the certificate to use for server authentication.
voidsetSoTimeout(int timeout)
Sets the SO_TIMEOUT socket option.
voidsetUseClientMode(boolean b)
Determines whether this end of the socket is the client or the server for purposes of the SSL protocol.
StringtoString()
Returns the addresses and ports of this socket or an error message if the socket is not in a valid state.
voiduseCache(boolean b)
Enables/disables the session cache.

Field Detail

DEFAULT_BACKLOG

public static final int DEFAULT_BACKLOG
The default size of the listen queue.

Constructor Detail

SSLServerSocket

public SSLServerSocket(int port)
Creates a server socket listening on the given port. The listen queue will be of size DEFAULT_BACKLOG.

SSLServerSocket

public SSLServerSocket(int port, int backlog)
Creates a server socket listening on the given port.

Parameters: backlog The size of the socket's listen queue.

SSLServerSocket

public SSLServerSocket(int port, int backlog, InetAddress bindAddr)
Creates a server socket listening on the given port.

Parameters: backlog The size of the socket's listen queue. bindAddr The local address to which to bind. If null, an unspecified local address will be bound to.

SSLServerSocket

public SSLServerSocket(int port, int backlog, InetAddress bindAddr, SSLCertificateApprovalCallback certApprovalCallback)
Creates a server socket listening on the given port.

Parameters: backlog The size of the socket's listen queue. bindAddr The local address to which to bind. If null, an unspecified local address will be bound to. certApprovalCallback Will get called to approve any certificate presented by the client.

SSLServerSocket

public SSLServerSocket(int port, int backlog, InetAddress bindAddr, SSLCertificateApprovalCallback certApprovalCallback, boolean reuseAddr)
Creates a server socket listening on the given port.

Parameters: backlog The size of the socket's listen queue. bindAddr The local address to which to bind. If null, an unspecified local address will be bound to. certApprovalCallback Will get called to approve any certificate presented by the client. reuseAddr Reuse the local bind port; this parameter sets the SO_REUSEADDR option on the socket before calling bind(). The default is false for backward compatibility.

Method Detail

accept

public Socket accept()
Accepts a connection. This call will block until a connection is made or the timeout is reached.

Returns: java.net.Socket Local socket for client communication

Throws: IOException If an input or output exception occurred SocketTimeoutException If the socket timesout trying to connect InterruptedIOException If an input or output is interrupted SSLSocketException JSS subclass of java.net.SocketException

bypassPKCS11

public void bypassPKCS11(boolean enable)
Enables the bypass of PKCS11 for performance on this socket. It is disabled by default, unless the default has been changed with SSLSocket.bypassPKCS11Default.

clearSessionCache

public static void clearSessionCache()
Empties the SSL client session ID cache.

close

public void close()
Closes this socket.

configServerSessionIDCache

public static void configServerSessionIDCache(int maxSidEntries, int ssl2EntryTimeout, int ssl3EntryTimeout, String cacheFileDirectory)
Configures the session ID cache.

Parameters: maxSidEntries The maximum number of entries in the cache. If 0 is passed, the default of 10,000 is used. ssl2EntryTimeout The lifetime in seconds of an SSL2 session. The minimum timeout value is 5 seconds and the maximum is 24 hours. Values outside this range are replaced by the server default value of 100 seconds. ssl3EntryTimeout The lifetime in seconds of an SSL3 session. The minimum timeout value is 5 seconds and the maximum is 24 hours. Values outside this range are replaced by the server default value of 100 seconds. cacheFileDirectory The pathname of the directory that will contain the session cache. If null is passed, the server default is used: /tmp on Unix and \\temp on Windows.

enableFDX

public void enableFDX(boolean enable)
Enable simultaneous read/write by separate read and write threads (full duplex) for this socket. It is disabled by default, unless the default has been changed with SSLSocket.enableFDXDefault.

enableRollbackDetection

public void enableRollbackDetection(boolean enable)
Enable rollback detection for this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableRollbackDetectionDefault.

enableSSL2

public void enableSSL2(boolean enable)
Enables SSL v2 on this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableSSL2Default.

enableSSL3

public void enableSSL3(boolean enable)
Enables SSL v3 on this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableSSL3Default.

enableStepDown

public void enableStepDown(boolean enable)
This option, enableStepDown, is concerned with the generation of step-down keys which are used with export suites. If the server cert's public key is 512 bits or less, this option is ignored because step-down keys don't need to be generated. If the server cert's public key is more than 512 bits, this option has the following effect: enable=true: generate step-down keys enable=false: don't generate step-down keys; disable export cipher suites This option is enabled by default; unless the default has been changed with SSLSocket.enableStepDownDefault.

enableTLS

public void enableTLS(boolean enable)
Enables TLS on this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableTLSDefault.

enableV2CompatibleHello

public void enableV2CompatibleHello(boolean enable)
Enable sending v3 client hello in v2 format for this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableV2CompatibleHelloDefault.

finalize

protected void finalize()

getInetAddress

public InetAddress getInetAddress()

Returns: the local address of this server socket.

getLocalPort

public int getLocalPort()

Returns: The local port.

getReuseAddress

public boolean getReuseAddress()

getSoTimeout

public int getSoTimeout()
Returns the current value of the SO_TIMEOUT socket option.

Returns: The timeout time in milliseconds.

getSSLOptions

public String getSSLOptions()

Returns: a String listing the current SSLOptions for this socket.

requestClientAuth

public void requestClientAuth(boolean b)
Enables/disables the request of client authentication. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself.

See Also: SSLServerSocket

requireClientAuth

public void requireClientAuth(boolean require, boolean onRedo)

Deprecated: use requireClientAuth(int)

Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it.

requireClientAuth

public void requireClientAuth(int mode)
Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it.

Parameters: mode One of: SSLSocket.SSL_REQUIRE_NEVER, SSLSocket.SSL_REQUIRE_ALWAYS, SSLSocket.SSL_REQUIRE_FIRST_HANDSHAKE, SSLSocket.SSL_REQUIRE_NO_ERROR

setClientCert

public void setClientCert(X509Certificate cert)
Sets the certificate to use for client authentication.

setClientCertNickname

public void setClientCertNickname(String nick)
Sets the nickname of the certificate to use for client authentication.

setNeedClientAuth

public void setNeedClientAuth(boolean b)

Deprecated: As of JSS 3.0. This method is misnamed. Use requestClientAuth instead.

setNeedClientAuthNoExpiryCheck

public void setNeedClientAuthNoExpiryCheck(boolean b)

Deprecated: As of JSS 3.0. This method is misnamed. Use requestClientAuthNoExpiryCheck instead.

Enables/disables the request of client authentication. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself.

In addition, the client certificate's expiration will not prevent it from being accepted.

See Also: public void requestClientAuthNoExpiryCheck(boolean b) throws SocketException { base.requestClientAuthNoExpiryCheck(b); } /**

setReuseAddress

public void setReuseAddress(boolean reuse)

setServerCert

public void setServerCert(X509Certificate certnickname)
Sets the certificate to use for server authentication.

setServerCertNickname

public void setServerCertNickname(String nick)
Sets the certificate to use for server authentication.

setSoTimeout

public void setSoTimeout(int timeout)
Sets the SO_TIMEOUT socket option.

Parameters: timeout The timeout time in milliseconds.

setUseClientMode

public void setUseClientMode(boolean b)
Determines whether this end of the socket is the client or the server for purposes of the SSL protocol. By default, it is the server.

Parameters: b true if this end of the socket is the SSL slient, false if it is the SSL server.

toString

public String toString()
Returns the addresses and ports of this socket or an error message if the socket is not in a valid state.

useCache

public void useCache(boolean b)
Enables/disables the session cache. By default, the session cache is enabled.