Class JNDISocketFactory
Socket factory for SSL jndi links that returns an SSL socket. It incorporates a keystore, which must contain the certs used to authenticate the client.
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioncreateSocket(String host, int port) Return an SSLSocket (upcast to Socket) given host and port.createSocket(String host, int port, InetAddress client_host, int client_port) Return an SSLSocket (upcast to Socket) given host and port.createSocket(InetAddress host, int port) Return an SSLSocket (upcast to Socket) given host and port.createSocket(InetAddress host, int port, InetAddress client_host, int client_port) Return an SSLSocket (upcast to Socket) given host and port.createSocket(Socket socket, String host, int port, boolean autoclose) Return an SSLSocket layered on top of the given Socket.static KeyStorestatic SocketFactoryReturn an instance of this class.String[]Return default cipher suites.String[]Return supported cipher suites.static voidinit(String caKeystoreFile, String clientKeystoreFile, char[] caPassphrase, char[] clientPassphrase, String caKeystoreType, String clientKeystoreType) Initialize the socket factory with a particular key store(s) and security provider.static voidsetClassLoader(ClassLoader newLoader) Register a custom class loader to be used by the class when getting security providers.static voidEnable debugging...Methods inherited from class javax.net.ssl.SSLSocketFactory
createSocket
-
Constructor Details
-
JNDISocketFactory
public JNDISocketFactory()
-
-
Method Details
-
setClassLoader
Register a custom class loader to be used by the class when getting security providers. -
setDebugOn
public static void setDebugOn()Enable debugging... -
init
public static void init(String caKeystoreFile, String clientKeystoreFile, char[] caPassphrase, char[] clientPassphrase, String caKeystoreType, String clientKeystoreType) throws NamingException Initialize the socket factory with a particular key store(s) and security provider. The minimum requirement is for a keystore containing trusted directory servers (the 'castore', or trusted certificate authority store, since the servers are usually signed by a common CA, whose cert would be held in this file).
Further options include a private key store (the 'clientstore') that allows for client-authenticated ssl and SASL).
Finally, it is possible to configure a non-standard keystore type and security provider. The keystore type defaults to Sun's JKS (at time of writting, the only keystore type that the default Sun security provider will handle).
Nb. - it is possible to set a custom class loader (using 'registerClassLoader()' ) in which case this loader can be used to load the security provider.
- Parameters:
caKeystoreFile- A keystore file name of public certificates (trusted CA signs)clientKeystoreFile- A keystore file name of the client's certificates, containing private keys. (may be null if only simple, 'server authenticated' ssl is being used).caPassphrase- A password for the caKeystoreFile certificate. (may be null if only simple, 'server authenticated' ssl is being used, and keystore type is 'JKS'). Calling Program must manually clear passphrase after init() call.clientPassphrase- A password for the clientKeystoreFile certificate. (may be null if only simple, 'server authenticated' ssl is being used). Calling Program must manually clear passphrase after init() call.caKeystoreType- The type of cakeystore file. (null => 'JKS')clientKeystoreType- The type of clientkeystore file. (null => 'JKS')- Throws:
NamingException
-
getDefault
Return an instance of this class.- Returns:
- An instance of JNDISocketFactory.
-
getClientKeyStore
-
createSocket
- Overrides:
createSocketin classSocketFactory- Throws:
IOExceptionUnknownHostException
-
createSocket
Return an SSLSocket (upcast to Socket) given host and port.- Specified by:
createSocketin classSocketFactory- Parameters:
host- Name of the host to which the socket will be opened.port- Port to connect to.- Returns:
- An SSLSocket instance (as a Socket).
- Throws:
IOException- If the connection can't be established.UnknownHostException- If the host is not known.
-
createSocket
Return an SSLSocket (upcast to Socket) given host and port.- Specified by:
createSocketin classSocketFactory- Parameters:
host- Address of the server host.port- Port to connect to.- Returns:
- An SSLSocket instance (as a Socket).
- Throws:
IOException- If the connection can't be established.UnknownHostException- If the host is not known.
-
createSocket
public Socket createSocket(InetAddress host, int port, InetAddress client_host, int client_port) throws IOException, UnknownHostException Return an SSLSocket (upcast to Socket) given host and port. The client is bound to the specified network address and port.- Specified by:
createSocketin classSocketFactory- Parameters:
host- Address of the server host.port- Port to connect to.client_host- Address of this (client) host.client_port- Port to connect from.- Returns:
- An SSLSocket instance (as a Socket).
- Throws:
IOException- If the connection can't be established.UnknownHostException- If the host is not known.
-
createSocket
public Socket createSocket(String host, int port, InetAddress client_host, int client_port) throws IOException, UnknownHostException Return an SSLSocket (upcast to Socket) given host and port. The client is bound to the specified network address and port.- Specified by:
createSocketin classSocketFactory- Parameters:
host- Address of the server host.port- Port to connect to.client_host- Address of this (client) host.client_port- Port to connect from.- Returns:
- An SSLSocket instance (as a Socket).
- Throws:
IOException- If the connection can't be established.UnknownHostException- If the host is not known.
-
createSocket
public Socket createSocket(Socket socket, String host, int port, boolean autoclose) throws IOException, UnknownHostException Return an SSLSocket layered on top of the given Socket.- Specified by:
createSocketin classSSLSocketFactory- Throws:
IOExceptionUnknownHostException
-
getDefaultCipherSuites
Return default cipher suites.- Specified by:
getDefaultCipherSuitesin classSSLSocketFactory
-
getSupportedCipherSuites
Return supported cipher suites.- Specified by:
getSupportedCipherSuitesin classSSLSocketFactory
-