Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.commons.httpclient.contrib.ssl
Class StrictSSLProtocolSocketFactory

java.lang.Object
  extended byjavax.net.SocketFactory
      extended byjavax.net.ssl.SSLSocketFactory
          extended byorg.apache.commons.ssl.SSLClient
              extended byorg.apache.commons.ssl.HttpSecureProtocol
                  extended byorg.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory
All Implemented Interfaces:
org.apache.commons.httpclient.protocol.ProtocolSocketFactory, org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
public class StrictSSLProtocolSocketFactory
extends HttpSecureProtocol

A SecureProtocolSocketFactory that uses JSSE to create SSL sockets. It will also support host name verification to help preventing man-in-the-middle attacks. Host name verification is turned on by default but one will be able to turn it off, which might be a useful feature during development. Host name verification will make sure the SSL sessions server host name matches with the the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry.

Author:
Sebastian Hauer

DISCLAIMER: HttpClient developers DO NOT actively support this component. The component is provided as a reference material, which may be inappropriate for use without additional customization.

Constructor Summary
StrictSSLProtocolSocketFactory()
          Constructor for StrictSSLProtocolSocketFactory.
StrictSSLProtocolSocketFactory(boolean verifyHostname)
          Constructor for StrictSSLProtocolSocketFactory.
 
Method Summary
 boolean getHostnameVerification()
          Gets the status of the host name verification flag.
 void setHostnameVerification(boolean verifyHostname)
          Set the host name verification flag.
 
Methods inherited from class org.apache.commons.ssl.HttpSecureProtocol
createSocket
 
Methods inherited from class org.apache.commons.ssl.SSLClient
addAllowedName, addAllowedNames, addTrustMaterial, clearAllowedNames, createSocket, createSocket, createSocket, createSocket, createSocket, createSocket, createSocket, getAllowedNames, getAssociatedCertificateChain, getCheckCRL, getCheckExpiry, getCheckHostname, getConnectTimeout, getCurrentServerChain, getDefaultCipherSuites, getDefaultProtocol, getEnabledCiphers, getEnabledProtocols, getHostnameVerifier, getNeedClientAuth, getSoTimeout, getSSLContext, getSSLWrapperFactory, getSupportedCipherSuites, getTrustChain, getUseClientMode, getWantClientAuth, setCheckCRL, setCheckExpiry, setCheckHostname, setConnectTimeout, setDefaultProtocol, setEnabledCiphers, setEnabledProtocols, setHostnameVerifier, setKeyMaterial, setNeedClientAuth, setSoTimeout, setSSLWrapperFactory, setTrustMaterial, setUseClientMode, setWantClientAuth, useDefaultJavaCiphers, useStrongCiphers
 
Methods inherited from class javax.net.ssl.SSLSocketFactory
getDefault
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
createSocket
 
Methods inherited from interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory
createSocket, createSocket
 

Constructor Detail

StrictSSLProtocolSocketFactory

public StrictSSLProtocolSocketFactory(boolean verifyHostname)
                               throws java.security.GeneralSecurityException,
                                      java.io.IOException
Constructor for StrictSSLProtocolSocketFactory.

Parameters:
verifyHostname - The host name verification flag. If set to true the SSL sessions server host name will be compared to the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry. If these names do not match a Exception is thrown to indicate this. Enabling host name verification will help to prevent from man-in-the-middle attacks. If set to false host name verification is turned off.

Code sample:

Protocol stricthttps = new Protocol( "https", new StrictSSLProtocolSocketFactory(true), 443);

HttpClient client = new HttpClient(); client.getHostConfiguration().setHost("localhost", 443, stricthttps);

StrictSSLProtocolSocketFactory

public StrictSSLProtocolSocketFactory()
                               throws java.security.GeneralSecurityException,
                                      java.io.IOException
Constructor for StrictSSLProtocolSocketFactory. Host name verification will be enabled by default.

Method Detail

setHostnameVerification

public void setHostnameVerification(boolean verifyHostname)
Set the host name verification flag.

Parameters:
verifyHostname - The host name verification flag. If set to true the SSL sessions server host name will be compared to the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry. If these names do not match a Exception is thrown to indicate this. Enabling host name verification will help to prevent from man-in-the-middle attacks. If set to false host name verification is turned off.

getHostnameVerification

public boolean getHostnameVerification()
Gets the status of the host name verification flag.

Returns:
Host name verification flag. Either true if host name verification is turned on, or false if host name verification is turned off.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2011. All Rights Reserved.