java.lang.Object | |||
↳ | java.net.URLConnection | ||
↳ | java.net.HttpURLConnection | ||
↳ | javax.net.ssl.HttpsURLConnection |
An
HttpURLConnection
for HTTPS (
RFC 2818
). A
connected
HttpsURLConnection
allows access to the
negotiated cipher suite, the server certificate chain, and the
client certificate chain if any.
X509TrustManager
via a
SSLSocketFactory
set on
the
HttpsURLConnection
. The
X509TrustManager
can be
created based on a
KeyStore
using a
TrustManagerFactory
to supply trusted CA certificates. Note that
self-signed certificates are effectively their own CA and can be
trusted by including them in a
KeyStore
.
For example, to trust a set of certificates specified by a
KeyStore
:
KeyStore keyStore = ...;
String algorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
tmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
URL url = new URL("https://www.example.com/");
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
InputStream in = urlConnection.getInputStream();
It is possible to implement
X509TrustManager
directly
instead of using one created by a
TrustManagerFactory
. While this is straightforward in the insecure
case of allowing all certificate chains to pass verification,
writing a proper implementation will usually want to take advantage
of
CertPathValidator
. In general, it might be better to write a
custom
KeyStore
implementation to pass to the
TrustManagerFactory
than to try and write a custom
X509TrustManager
.
X509KeyManager
can be used to supply a client
certificate and its associated private key to authenticate a
connection to the server. The
X509KeyManager
can be created
based on a
KeyStore
using a
KeyManagerFactory
.
For example, to supply client certificates from a
KeyStore
:
KeyStore keyStore = ...;
String algorithm = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
kmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLS");
context.init(kmf.getKeyManagers(), null, null);
URL url = new URL("https://www.example.com/");
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
InputStream in = urlConnection.getInputStream();
A
X509KeyManager
can also be implemented directly. This
can allow an application to return a certificate and private key
from a non-
KeyStore
source or to specify its own logic for
selecting a specific credential to use when many may be present in
a single
KeyStore
.
[Expand]
Inherited Constants
|
|||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.net.HttpURLConnection
|
Fields | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
hostnameVerifier | The host name verifier used by this connection. |
[Expand]
Inherited Fields
|
|||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.net.HttpURLConnection
|
|||||||||||
From class
java.net.URLConnection
|
Protected Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Creates a new
HttpsURLConnection
with the specified
URL
.
|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Returns the name of the cipher suite negotiated during the SSL handshake.
|
||||||||||
|
Returns the default hostname verifier.
|
||||||||||
|
Returns the default SSL socket factory for new instances.
|
||||||||||
|
Returns the hostname verifier used by this instance.
|
||||||||||
|
Returns the list of local certificates used during the handshake.
|
||||||||||
|
Returns the
Principal
used to identify the local host during the handshake.
|
||||||||||
|
Returns the
Principal
identifying the peer.
|
||||||||||
|
Returns the SSL socket factory used by this instance.
|
||||||||||
|
Return the list of certificates identifying the peer during the
handshake.
|
||||||||||
|
Sets the default hostname verifier to be used by new instances.
|
||||||||||
|
Sets the default SSL socket factory to be used by new instances.
|
||||||||||
|
Sets the hostname verifier for this instance.
|
||||||||||
|
Sets the SSL socket factory for this instance.
|
[Expand]
Inherited Methods
|
|||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.net.HttpURLConnection
|
|||||||||||
From class
java.net.URLConnection
|
|||||||||||
From class
java.lang.Object
|
The host name verifier used by this connection. It is initialized from
the default hostname verifier
setDefaultHostnameVerifier(HostnameVerifier)
or
getDefaultHostnameVerifier()
.
Creates a new
HttpsURLConnection
with the specified
URL
.
url |
the
URL
to connect to.
|
---|
Returns the name of the cipher suite negotiated during the SSL handshake.
IllegalStateException | if no connection has been established yet. |
---|
Returns the default hostname verifier.
Returns the default SSL socket factory for new instances.
Returns the hostname verifier used by this instance.
Returns the list of local certificates used during the handshake. These certificates were sent to the peer.
null
if no certificates were used during the handshake.
IllegalStateException | if no connection has been established yet. |
---|
Returns the
Principal
used to identify the local host during the handshake.
Principal
used to identify the local host during the handshake, or
null
if none was used.
IllegalStateException | if no connection has been established yet. |
---|
Returns the
Principal
identifying the peer.
Principal
identifying the peer.
SSLPeerUnverifiedException | if the identity of the peer has not been verified. |
---|---|
IllegalStateException | if no connection has been established yet. |
Returns the SSL socket factory used by this instance.
Return the list of certificates identifying the peer during the handshake.
SSLPeerUnverifiedException | if the identity of the peer has not been verified.. |
---|---|
IllegalStateException | if no connection has been established yet. |
Sets the default hostname verifier to be used by new instances.
v | the new default hostname verifier |
---|
IllegalArgumentException |
if the specified verifier is
null
.
|
---|
Sets the default SSL socket factory to be used by new instances.
sf | the new default SSL socket factory. |
---|
IllegalArgumentException |
if the specified socket factory is
null
.
|
---|
Sets the hostname verifier for this instance.
v | the hostname verifier for this instance. |
---|
IllegalArgumentException |
if the specified verifier is
null
.
|
---|
Sets the SSL socket factory for this instance.
sf | the SSL socket factory to be used by this instance. |
---|
IllegalArgumentException |
if the specified socket factory is
null
.
|
---|