SSLSocketFactory

public class SSLSocketFactory
extends Object implements LayeredSocketFactory

This class was deprecated in API level 22.
Please use URL.openConnection() instead. Please visit this webpage for further details.

Layered socket factory for TLS/SSL connections, based on JSSE. .

SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.

SSLSocketFactory will enable server authentication when supplied with a truststore file containg one or several trusted certificates. The client secure socket will reject the connection during the SSL session handshake if the target HTTPS server attempts to authenticate itself with a non-trusted certificate.

Use JDK keytool utility to import a trusted certificate and generate a truststore file:

     keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
    

SSLSocketFactory will enable client authentication when supplied with a keystore file containg a private key/public certificate pair. The client secure socket will use the private key to authenticate itself to the target HTTPS server during the SSL session handshake if requested to do so by the server. The target HTTPS server will in its turn verify the certificate presented by the client in order to establish client's authenticity

Use the following sequence of actions to generate a keystore file

• Use JDK keytool utility to generate a new key

  keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore

  For simplicity use the same password for the key as that of the keystore

• Issue a certificate signing request (CSR)

  keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore

• Send the certificate request to the trusted Certificate Authority for signature. One may choose to act as their own CA and sign the certificate request using a PKI tool, such as OpenSSL.

• Import the trusted CA root certificate

  keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore

• Import the PKCS#7 file containg the complete certificate chain

  keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore

• Verify the content the resultant keystore file

  keytool -list -v -keystore my.keystore

Summary

Constants

public static final String SSL

public static final String SSLV2

public static final String TLS

Fields

public static final X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER

public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER

public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER

Public constructors

public SSLSocketFactory (String algorithm, 
                KeyStore keystore, 
                String keystorePassword, 
                KeyStore truststore, 
                SecureRandom random, 
                HostNameResolver nameResolver)

public SSLSocketFactory (KeyStore keystore, 
                String keystorePassword, 
                KeyStore truststore)

public SSLSocketFactory (KeyStore keystore, 
                String keystorePassword)

public SSLSocketFactory (KeyStore truststore)

Public methods

public Socket connectSocket (Socket sock, 
                String host, 
                int port, 
                InetAddress localAddress, 
                int localPort, 
                HttpParams params)

public Socket createSocket (Socket socket, 
                String host, 
                int port, 
                boolean autoClose)

public Socket createSocket ()

public X509HostnameVerifier getHostnameVerifier ()

public static SSLSocketFactory getSocketFactory ()

public boolean isSecure (Socket sock)

public void setHostnameVerifier (X509HostnameVerifier hostnameVerifier)