java.lang.Object | |||
↳ | javax.net.SocketFactory | ||
↳ | javax.net.ssl.SSLSocketFactory | ||
↳ | android.net.SSLCertificateSocketFactory |
SSLSocketFactory implementation with several extra features:
SSLSessionCache
createSocket()
and
connect(SocketAddress, int)
, after which you
must verify the identity of the server you are connected to.
Most
SSLSocketFactory
implementations do not
verify the server's identity, allowing man-in-the-middle attacks.
This implementation does check the server's certificate hostname, but only
for createSocket variants that specify a hostname. When using methods that
use
InetAddress
or which return an unconnected socket, you MUST
verify the server's identity yourself to ensure a secure connection.
One way to verify the server's identity is to use
getDefaultHostnameVerifier()
to get a
HostnameVerifier
to verify the certificate hostname.
On development devices, "setprop socket.relaxsslcheck yes" bypasses all SSL certificate and hostname checks for testing purposes. This setting requires root access.
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
This constructor was deprecated
in API level 8.
Use
getDefault(int)
instead.
|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Creates a new socket which is connected to the remote host specified by
the parameters
host
and
port
.
This method verifies the peer's certificate hostname after connecting
(unless created with
|
||||||||||
|
Creates a new socket which is connected to the remote host specified by
the parameters
host
and
port
.
This method verifies the peer's certificate hostname after connecting
(unless created with
|
||||||||||
|
Creates a new socket which is connected to the remote host specified by
the InetAddress
address
.
Warning: Hostname verification is not performed with this method. |
||||||||||
|
Creates a new socket which is connected to the remote host specified by
the InetAddress
host
.
Warning: Hostname verification is not performed with this method. |
||||||||||
|
Creates an
SSLSocket
over the specified socket that is connected
to the specified host at the specified port.
This method verifies the peer's certificate hostname after connecting
(unless created with
|
||||||||||
|
Creates a new socket which is not connected to any remote host.
|
||||||||||
|
Returns a new socket factory instance with an optional handshake timeout.
|
||||||||||
|
Returns a new socket factory instance with an optional handshake timeout
and SSL session cache.
|
||||||||||
|
Returns the names of the cipher suites that are enabled by default.
|
||||||||||
|
Returns a socket factory (also named SSLSocketFactory, but in a different
namespace) for use with the Apache HTTP stack.
|
||||||||||
|
Returns a new instance of a socket factory with all SSL security checks
disabled, using an optional handshake timeout and SSL session cache.
|
||||||||||
|
Returns the
Next
Protocol Negotiation (NPN)
protocol selected by client and server, or
null if no protocol was negotiated.
|
||||||||||
|
Returns the names of the cipher suites that are supported and could be
enabled for an SSL connection.
|
||||||||||
|
Turns on
Server
Name Indication (SNI)
on a given socket.
|
||||||||||
|
Sets the
KeyManager
s to be used for connections made by this factory.
|
||||||||||
|
Sets the
Next
Protocol Negotiation (NPN)
protocols that this peer is interested in.
|
||||||||||
|
Sets the
TrustManager
s to be used for connections made by this factory.
|
||||||||||
|
Enables
session ticket
support on the given socket.
|
[Expand]
Inherited Methods
|
|||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
javax.net.ssl.SSLSocketFactory
|
|||||||||||
From class
javax.net.SocketFactory
|
|||||||||||
From class
java.lang.Object
|
Creates a new socket which is connected to the remote host specified by
the parameters
host
and
port
. The socket is bound to any
available local address and port.
This method verifies the peer's certificate hostname after connecting
(unless created with
getInsecure(int, SSLSessionCache)
).
host | the remote host address the socket has to be connected to. |
---|---|
port | the port number of the remote host at which the socket is connected. |
IOException |
---|
Creates a new socket which is connected to the remote host specified by
the parameters
host
and
port
. The socket is bound to the
local network interface specified by the InetAddress
localHost
on
port
localPort
.
This method verifies the peer's certificate hostname after connecting
(unless created with
getInsecure(int, SSLSessionCache)
).
host | the remote host address the socket has to be connected to. |
---|---|
port | the port number of the remote host at which the socket is connected. |
localAddr | the local host address the socket is bound to. |
localPort | the port number of the local host at which the socket is bound. |
IOException |
---|
Creates a new socket which is connected to the remote host specified by
the InetAddress
address
. The socket is bound to the local network
interface specified by the InetAddress
localHost
on port
localPort
.
Warning: Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid man-in-the-middle attacks.
addr | the remote host address the socket has to be connected to. |
---|---|
port | the port number of the remote host at which the socket is connected. |
localAddr | the local host address the socket is bound to. |
localPort | the port number of the local host at which the socket is bound. |
IOException |
---|
Creates a new socket which is connected to the remote host specified by
the InetAddress
host
. The socket is bound to any available local
address and port.
Warning: Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid man-in-the-middle attacks.
addr | the host address the socket has to be connected to. |
---|---|
port | the port number of the remote host at which the socket is connected. |
IOException |
---|
Creates an
SSLSocket
over the specified socket that is connected
to the specified host at the specified port.
This method verifies the peer's certificate hostname after connecting
(unless created with
getInsecure(int, SSLSessionCache)
).
k | the socket. |
---|---|
host | the host. |
port | the port number. |
close |
true
if socket
s
should be closed when the
created socket is closed,
false
if the socket
s
should be left open.
|
IOException |
---|
Creates a new socket which is not connected to any remote host.
You must use
connect(SocketAddress)
to connect the socket.
Warning: Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid man-in-the-middle attacks.
IOException |
---|
Returns a new socket factory instance with an optional handshake timeout.
handshakeTimeoutMillis | to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake. |
---|
Returns a new socket factory instance with an optional handshake timeout and SSL session cache.
handshakeTimeoutMillis | to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake. |
---|---|
cache |
The
SSLSessionCache
to use, or null for no cache.
|
Returns the names of the cipher suites that are enabled by default.
Returns a socket factory (also named SSLSocketFactory, but in a different namespace) for use with the Apache HTTP stack.
handshakeTimeoutMillis | to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake. |
---|---|
cache |
The
SSLSessionCache
to use, or null for no cache.
|
Returns a new instance of a socket factory with all SSL security checks disabled, using an optional handshake timeout and SSL session cache.
Warning: Sockets created using this factory are vulnerable to man-in-the-middle attacks!
handshakeTimeoutMillis | to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake. |
---|---|
cache |
The
SSLSessionCache
to use, or null for no cache.
|
Returns the Next Protocol Negotiation (NPN) protocol selected by client and server, or null if no protocol was negotiated.
socket | a socket created by this factory. |
---|
IllegalArgumentException | if the socket was not created by this factory. |
---|
Returns the names of the cipher suites that are supported and could be enabled for an SSL connection.
Turns on Server Name Indication (SNI) on a given socket.
socket | a socket created by this factory. |
---|---|
hostName | the desired SNI hostname, null to disable. |
IllegalArgumentException | if the socket was not created by this factory. |
---|
Sets the
KeyManager
s to be used for connections made by this factory.
Sets the Next Protocol Negotiation (NPN) protocols that this peer is interested in.
For servers this is the sequence of protocols to advertise as supported, in order of preference. This list is sent unencrypted to all clients that support NPN.
For clients this is a list of supported protocols to match against the server's list. If there is no protocol supported by both client and server then the first protocol in the client's list will be selected. The order of the client's protocols is otherwise insignificant.
npnProtocols | a non-empty list of protocol byte arrays. All arrays must be non-empty and of length less than 256. |
---|
Sets the
TrustManager
s to be used for connections made by this factory.
Enables session ticket support on the given socket.
socket | a socket created by this factory |
---|---|
useSessionTickets |
true
to enable session ticket support on this socket.
|
IllegalArgumentException | if the socket was not created by this factory. |
---|