Package org.apache.commons.httpclient.contrib.ssl

Class StrictSSLProtocolSocketFactory

  • All Implemented Interfaces:
    org.apache.commons.httpclient.protocol.ProtocolSocketFactory, org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
    public class StrictSSLProtocolSocketFactory
extends Object
implements org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
    A SecureProtocolSocketFactory that uses JSSE to create SSL sockets. It will also support host name verification to help preventing man-in-the-middle attacks. Host name verification is turned on by default but one will be able to turn it off, which might be a useful feature during development. Host name verification will make sure the SSL sessions server host name matches with the the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry.
    Author:
    Sebastian Hauer

    DISCLAIMER: HttpClient developers DO NOT actively support this component. The component is provided as a reference material, which may be inappropriate for use without additional customization.

    • Constructor Detail

      • StrictSSLProtocolSocketFactory

        public StrictSSLProtocolSocketFactory​(boolean verifyHostname)
        Constructor for StrictSSLProtocolSocketFactory.
        Parameters:
        verifyHostname - The host name verification flag. If set to true the SSL sessions server host name will be compared to the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry. If these names do not match a Exception is thrown to indicate this. Enabling host name verification will help to prevent from man-in-the-middle attacks. If set to false host name verification is turned off. Code sample:
        Protocol stricthttps = new Protocol( "https", new StrictSSLProtocolSocketFactory(true), 443); HttpClient client = new HttpClient(); client.getHostConfiguration().setHost("localhost", 443, stricthttps);

      • StrictSSLProtocolSocketFactory

        public StrictSSLProtocolSocketFactory()
        Constructor for StrictSSLProtocolSocketFactory. Host name verification will be enabled by default.

    • Method Detail

      • setHostnameVerification

        public void setHostnameVerification​(boolean verifyHostname)
        Set the host name verification flag.
        Parameters:
        verifyHostname - The host name verification flag. If set to true the SSL sessions server host name will be compared to the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry. If these names do not match a Exception is thrown to indicate this. Enabling host name verification will help to prevent from man-in-the-middle attacks. If set to false host name verification is turned off.

      • getHostnameVerification

        public boolean getHostnameVerification()
        Gets the status of the host name verification flag.
        Returns:
        Host name verification flag. Either true if host name verification is turned on, or false if host name verification is turned off.

      • createSocket

        public Socket createSocket​(String host,
                           int port,
                           InetAddress localAddress,
                           int localPort,
                           org.apache.commons.httpclient.params.HttpConnectionParams params)
                    throws IOException,
                           UnknownHostException,
                           org.apache.commons.httpclient.ConnectTimeoutException
        Attempts to get a new socket connection to the given host within the given time limit.

        This method employs several techniques to circumvent the limitations of older JREs that do not support connect timeout. When running in JRE 1.4 or above reflection is used to call Socket#connect(SocketAddress endpoint, int timeout) method. When executing in older JREs a controller thread is executed. The controller thread attempts to create a new socket within the given limit of time. If socket constructor does not return until the timeout expires, the controller terminates and throws an ConnectTimeoutException

        Specified by:
        createSocket in interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory
        Parameters:
        host - the host name/IP
        port - the port on the host
        clientHost - the local host name/IP to bind the socket to
        clientPort - the port on the local machine
        params - Http connection parameters
        Returns:
        Socket a new socket
        Throws:
        IOException - if an I/O error occurs while creating the socket
        UnknownHostException - if the IP address of the host cannot be determined
        org.apache.commons.httpclient.ConnectTimeoutException

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object