org.mozilla.jss.ssl
public class SSLSocket extends Socket
Nested Class Summary | |
---|---|
static class | SSLSocket.CipherPolicy |
Constructor Summary | |
---|---|
SSLSocket(String host, int port)
Creates an SSL client socket and connects to the specified host and
port.
| |
SSLSocket(InetAddress address, int port)
Creates an SSL client socket and connects to the specified address and
port.
| |
SSLSocket(String host, int port, InetAddress localAddr, int localPort)
Creates an SSL client socket and connects to the specified host and
port. | |
SSLSocket(InetAddress address, int port, InetAddress localAddr, int localPort)
Creates an SSL client socket and connects to the specified address and
port. | |
SSLSocket(String host, int port, InetAddress localAddr, int localPort, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback)
Creates an SSL client socket and connects to the specified host and
port. | |
SSLSocket(InetAddress address, int port, InetAddress localAddr, int localPort, boolean stream, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback)
Creates an SSL client socket and connects to the specified host and
port. | |
SSLSocket(InetAddress address, int port, InetAddress localAddr, int localPort, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback)
Creates an SSL client socket and connects to the specified address and
port. | |
SSLSocket(Socket s, String host, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback)
Creates an SSL client socket using the given Java socket for underlying
I/O. |
Method Summary | |
---|---|
void | addHandshakeCompletedListener(SSLHandshakeCompletedListener l)
Adds a listener to be notified when an SSL handshake completes. |
void | bypassPKCS11(boolean enable)
Enables bypass of PKCS11 on this socket.
|
static void | bypassPKCS11Default(boolean enable)
Sets the default to bypass PKCS11 layer (except for public keys)
for all new sockets. |
void | close()
Closes this socket. |
void | enableFDX(boolean enable)
Enable simultaneous read/write by separate read and write threads
(full duplex) for this socket.
|
void | enableRollbackDetection(boolean enable)
Enable rollback detection for this socket.
|
void | enableSSL2(boolean enable)
Enables SSL v2 on this socket. |
static void | enableSSL2Default(boolean enable)
Sets the default for SSL v2 for all new sockets. |
void | enableSSL3(boolean enable)
Enables SSL v3 on this socket. |
static void | enableSSL3Default(boolean enable)
Sets the default for SSL v3 for all new sockets. |
void | enableStepDown(boolean enable)
This option, enableStepDown, is concerned with the generation
of step-down keys which are used with export suites.
|
void | enableTLS(boolean enable)
Enables TLS on this socket. |
static void | enableTLSDefault(boolean enable)
Sets the default for TLS for all new sockets. |
void | enableV2CompatibleHello(boolean enable)
Enable sending v3 client hello in v2 format for this socket.
|
protected void | finalize() |
void | forceHandshake()
Force an already started SSL handshake to complete.
|
boolean | getCipherPreference(int cipher)
Returns whether this cipher is enabled or disabled on this socket. |
static boolean | getCipherPreferenceDefault(int cipher)
Returns the default for whether this cipher is enabled or disabled. |
static int[] | getImplementedCipherSuites()
Returns a list of cipher suites that are implemented by NSS.
|
InetAddress | getInetAddress() |
InputStream | getInputStream()
Returns the input stream for reading from this socket. |
boolean | getKeepAlive()
Returns the current setting of the SO_KEEPALIVE socket option. |
InetAddress | getLocalAddress() |
int | getLocalPort() |
OutputStream | getOutputStream()
Returns the output stream for writing to this socket. |
int | getPort() |
int | getReceiveBufferSize()
Returnst he size (in bytes) of the receive buffer. |
int | getSendBufferSize()
Returns the size (in bytes) of the send buffer. |
int | getSoLinger()
Returns the current value of the SO_LINGER socket option. |
int | getSoTimeout()
Returns the current value of the SO_TIMEOUT socket option. |
static String | getSSLDefaultOptions() |
String | getSSLOptions() |
SSLSecurityStatus | getStatus()
Returns the security status of this socket. |
boolean | getTcpNoDelay()
Returns the current setting of the TCP_NO_DELAY socket option. |
boolean | getUseClientMode() |
void | invalidateSession()
Removes the current session from the session cache. |
static boolean | isFipsCipherSuite(int ciphersuite)
isFipsCipherSuite
|
void | redoHandshake()
Causes SSL to begin a full, new SSL 3.0 handshake from scratch
on a connection that has already completed one handshake.
|
void | redoHandshake(boolean flushCache)
Causes SSL to begin a full, new SSL 3.0 handshake from scratch
on a connection that has already completed one handshake. |
void | removeHandshakeCompletedListener(SSLHandshakeCompletedListener l)
Removes a previously registered listener for handshake completion. |
void | requestClientAuth(boolean b)
Enables/disables the request of client authentication. |
void | requireClientAuth(boolean require, boolean onRedo)
Sets whether the socket requires client authentication from the remote
peer. |
void | requireClientAuth(int mode)
Sets whether the socket requires client authentication from the remote
peer. |
void | requireClientAuthDefault(boolean require, boolean onRedo)
Sets the default setting for requiring client authorization.
|
static void | requireClientAuthDefault(int mode)
Sets the default setting for requiring client authorization.
|
void | resetHandshake()
Resets the handshake state. |
static void | setCipherPolicy(SSLSocket.CipherPolicy cp)
Sets the SSL cipher policy. |
void | setCipherPreference(int cipher, boolean enable)
Enables/disables the cipher on this socket. |
static void | setCipherPreferenceDefault(int cipher, boolean enable)
Sets the default for whether this cipher is enabled or disabled. |
void | setClientCert(X509Certificate cert)
Sets the certificate to use for client authentication.
|
void | setClientCertNickname(String nick)
Sets the nickname of the certificate to use for client authentication.
|
void | setKeepAlive(boolean on)
Enables or disables the SO_KEEPALIVE socket option. |
void | setNeedClientAuth(boolean b) |
void | setNeedClientAuthNoExpiryCheck(boolean b)
Enables/disables the request of client authentication. |
void | setReceiveBufferSize(int size)
Sets the size (in bytes) of the receive buffer. |
void | setSendBufferSize(int size)
Sets the size (in bytes) of the send buffer. |
void | setSoLinger(boolean on, int linger)
Sets the SO_LINGER socket option.
param linger The time (in seconds) to linger for. |
void | setSoTimeout(int timeout)
Sets the SO_TIMEOUT socket option. |
void | setTcpNoDelay(boolean on)
Enables or disables the TCP_NO_DELAY socket option. |
void | setUseClientMode(boolean b)
Determines whether this end of the socket is the client or the server
for purposes of the SSL protocol. |
void | shutdownInput()
Shuts down the input side of the socket. |
void | shutdownOutput()
Shuts down the output side of the socket. |
String | toString()
Returns the addresses and ports of this socket
or an error message if the socket is not in a valid state. |
void | useCache(boolean b)
Enables/disables the session cache. |
void | useCacheDefault(boolean b)
Sets the default setting for use of the session cache. |
Deprecated: As of NSS 3.11, FORTEZZA is no longer supported. SSL3_FORTEZZA_DMS_WITH_NULL_SHA, SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA and SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA are placeholders for backward compatibility.
Parameters: host The hostname to connect to. port The port to connect to.
Parameters: address The IP address to connect to. port The port to connect to.
Parameters: host The hostname to connect to. port The port to connect to. localAddr The local address to bind to. It can be null, in which case an unspecified local address will be chosen. localPort The local port to bind to. If 0, a random port will be assigned to the socket.
Parameters: address The IP address to connect to. port The port to connect to. localAddr The local address to bind to. It can be null, in which case an unspecified local address will be chosen. localPort The local port to bind to. If 0, a random port will be assigned to the socket.
Parameters: host The hostname to connect to. port The port to connect to. localAddr The local address to bind to. It can be null, in which case an unspecified local address will be chosen. localPort The local port to bind to. If 0, a random port will be assigned to the socket. certApprovalCallback A callback that can be used to override approval of the peer's certificate. clientCertSelectionCallback A callback to select the client certificate to present to the peer.
Deprecated: As of JSS 3.0. The stream parameter is ignored, because only stream sockets are supported.
Creates an SSL client socket and connects to the specified host and port. Binds to the given local address and port. Installs the given callbacks for certificate approval and client certificate selection.Parameters: host The hostname to connect to. port The port to connect to. localAddr The local address to bind to. It can be null, in which case an unspecified local address will be chosen. localPort The local port to bind to. If 0, a random port will be assigned to the socket. stream This parameter is ignored. All SSLSockets are stream sockets. certApprovalCallback A callback that can be used to override approval of the peer's certificate. clientCertSelectionCallback A callback to select the client certificate to present to the peer.
Parameters: address The IP address to connect to. port The port to connect to. localAddr The local address to bind to. It can be null, in which case an unspecified local address will be chosen. localPort The local port to bind to. If 0, a random port will be assigned to the socket. certApprovalCallback A callback that can be used to override approval of the peer's certificate. clientCertSelectionCallback A callback to select the client certificate to present to the peer.
Parameters: s The Java socket to use for underlying I/O. host The hostname of the remote side of the connection. This name is used to verify the server's certificate. certApprovalCallback A callback that can be used to override approval of the peer's certificate. clientCertSelectionCallback A callback to select the client certificate to present to the peer.
bypassPKCS11Default
.enableFDXDefault
.enableRollbackDetectionDefault
.enableSSL2Default
.enableSSL3Default
.SSLSocket.enableStepDownDefault
.enableTLSDefault
.enableV2CompatibleHelloDefault
.Returns: The remote peer's IP address or null if the SSLSocket is closed.
Returns: The local IP address or null if the SSLSocket is closed.
Returns: The local port or -1 if the SSLSocket is closed.
Returns: The remote port.
Returns: The timeout time in milliseconds.
Returns: a String listing the Default SSLOptions for all SSLSockets.
Returns: a String listing the current SSLOptions for this SSLSocket.
Returns: true if this end of the socket is the SSL client, false if it is the SSL server.
Returns: true if the ciphersuite isFIPS, false otherwise
Does not flush the SSL3 cache entry first, so a full handshake will not take place. Instead only the symmetric session keys will be regenerated.
Parameters: flushCache If true, this session will be flushed from the cache. This will force a complete SSL handshake with a private key operation. If false, only the session key will be regenerated.
See Also: SSLSocket
Deprecated: use requireClientAuth(int)
Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it.Parameters: mode One of: SSLSocket.SSL_REQUIRE_NEVER, SSLSocket.SSL_REQUIRE_ALWAYS, SSLSocket.SSL_REQUIRE_FIRST_HANDSHAKE, SSLSocket.SSL_REQUIRE_NO_ERROR
Deprecated: use requireClientAuthDefault(int)
Sets the default setting for requiring client authorization. All subsequently created sockets will use this default setting.Parameters: mode One of: SSLSocket.SSL_REQUIRE_NEVER, SSLSocket.SSL_REQUIRE_ALWAYS, SSLSocket.SSL_REQUIRE_FIRST_HANDSHAKE, SSLSocket.SSL_REQUIRE_NO_ERROR
See Also: SSLClientCertificateSelectionCallback
See Also: SSLClientCertificateSelectionCallback
Deprecated: As of JSS 3.0. This method is misnamed. Use
requestClientAuth
instead.
Deprecated: As of JSS 3.0. This method is misnamed. Use
requestClientAuthNoExpiryCheck
instead.
In addition, the client certificate's expiration will not prevent it from being accepted.
Parameters: timeout The timeout time in milliseconds.
Parameters: b true if this end of the socket is the SSL slient, false if it is the SSL server.