org.opensaml.ws.soap.client.http
Class TLSProtocolSocketFactory

java.lang.Object
  extended by org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory
All Implemented Interfaces:
org.apache.commons.httpclient.protocol.ProtocolSocketFactory, org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory

@ThreadSafe
public class TLSProtocolSocketFactory
extends Object
implements org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory

An SSL/TLS socket factory that uses KeyStoreFactory's to get its key and trust material.


Field Summary
private  HostnameVerifier hostnameVerifier
          Hostname verifier used to validate the peer's certificate against the hostname.
private  X509KeyManager[] keyManagers
          Managers used to retrieve client-cert authentication keys for a given host.
private  SecureRandom secureRandom
          The randomness generator to use when creating SSL sockets.
private  SSLContext sslContext
          Currently active SSL context.
private  X509TrustManager[] trustManagers
          Managers used to validate the X.509 credentials of a given host.
 
Constructor Summary
TLSProtocolSocketFactory(X509KeyManager[] keyMgrs, X509TrustManager[] trustMgrs, HostnameVerifier verifier, SecureRandom random)
          Constructor.
TLSProtocolSocketFactory(X509KeyManager keyMgr, X509TrustManager trustMgr)
          Constructor.
TLSProtocolSocketFactory(X509KeyManager keyMgr, X509TrustManager trustMgr, HostnameVerifier verifier)
          Constructor.
 
Method Summary
protected  void cleanUpFailedSocket(SSLSocket sslSocket)
          Do any cleanup necessary due to socket creation failure (e.g.
 Socket createSocket(Socket socket, String host, int port, boolean autoClose)
          
 Socket createSocket(String host, int port)
          
 Socket createSocket(String host, int port, InetAddress localHost, int clientPort)
          
 Socket createSocket(String host, int port, InetAddress localHost, int localPort, org.apache.commons.httpclient.params.HttpConnectionParams connParams)
          
 boolean equals(Object obj)
          
 int hashCode()
          
protected  void init()
          Do initialization that is common across constructors.
protected  void verifyHostname(Socket socket)
          Verifies the peer's hostname using the configured HostnameVerifier.
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

keyManagers

private X509KeyManager[] keyManagers
Managers used to retrieve client-cert authentication keys for a given host.


trustManagers

private X509TrustManager[] trustManagers
Managers used to validate the X.509 credentials of a given host.


secureRandom

private SecureRandom secureRandom
The randomness generator to use when creating SSL sockets.


hostnameVerifier

private HostnameVerifier hostnameVerifier
Hostname verifier used to validate the peer's certificate against the hostname.


sslContext

private SSLContext sslContext
Currently active SSL context.

Constructor Detail

TLSProtocolSocketFactory

public TLSProtocolSocketFactory(X509KeyManager keyMgr,
                                X509TrustManager trustMgr)
                         throws IllegalArgumentException
Constructor.

Parameters:
keyMgr - manager used to retrieve client-cert authentication keys for a given host
trustMgr - manager used to validate the X.509 credentials of a given host. May be null, in which case the JSSE default trust manager lookup mechanism is used.
Throws:
IllegalArgumentException - thrown if the given key or trust manager can not be used to create the SSLContext used to create new sockets

TLSProtocolSocketFactory

public TLSProtocolSocketFactory(X509KeyManager keyMgr,
                                X509TrustManager trustMgr,
                                HostnameVerifier verifier)
                         throws IllegalArgumentException
Constructor.

Parameters:
keyMgr - manager used to retrieve client-cert authentication keys for a given host.
trustMgr - manager used to validate the X.509 credentials of a given host. May be null, in which case the JSSE default trust manager lookup mechanism is used.
verifier - the hostname verifier used to verify the SSL/TLS's peer's hostname. May be null, in which case no hostname verification is performed.
Throws:
IllegalArgumentException - thrown if the given key or trust manager can not be used to create the SSLContext used to create new sockets

TLSProtocolSocketFactory

public TLSProtocolSocketFactory(X509KeyManager[] keyMgrs,
                                X509TrustManager[] trustMgrs,
                                HostnameVerifier verifier,
                                SecureRandom random)
                         throws IllegalArgumentException
Constructor.

Parameters:
keyMgrs - managers used to retrieve client-cert authentication keys for a given host. May be null, in which case the JSSE default key manager lookup mechanism is used.
trustMgrs - manager used to validate the X.509 credentials of a given host. May be null, in which case the JSSE default trust manager lookup mechanism is used.
verifier - the hostname verifier used to verify the SSL/TLS's peer's hostname. May be null, in which case no hostname verification is performed.
random - the secure random instance used to create SSL sessions. May be null, in which case the JSSE default secure random impl is used.
Throws:
IllegalArgumentException - thrown if the given key or trust manager can not be used to create the SSLContext used to create new sockets
Method Detail

init

protected void init()
             throws IllegalArgumentException
Do initialization that is common across constructors.

Throws:
IllegalArgumentException - thrown if the given key or trust manager can not be used to create the SSLContext used to create new sockets

createSocket

public Socket createSocket(String host,
                           int port)
                    throws IOException

Specified by:
createSocket in interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory
Throws:
IOException

createSocket

public Socket createSocket(String host,
                           int port,
                           InetAddress localHost,
                           int clientPort)
                    throws IOException

Specified by:
createSocket in interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory
Throws:
IOException

createSocket

public Socket createSocket(Socket socket,
                           String host,
                           int port,
                           boolean autoClose)
                    throws IOException

Specified by:
createSocket in interface org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
Throws:
IOException

createSocket

public Socket createSocket(String host,
                           int port,
                           InetAddress localHost,
                           int localPort,
                           org.apache.commons.httpclient.params.HttpConnectionParams connParams)
                    throws IOException

Specified by:
createSocket in interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory
Throws:
IOException

equals

public boolean equals(Object obj)

Overrides:
equals in class Object

hashCode

public int hashCode()

Overrides:
hashCode in class Object

verifyHostname

protected void verifyHostname(Socket socket)
                       throws SSLException
Verifies the peer's hostname using the configured HostnameVerifier.

Parameters:
socket - the socket connected to the peer whose hostname is to be verified.
Throws:
SSLException - if the hostname does not verify against the peer's certificate, or if there is an error in performing the evaluation

cleanUpFailedSocket

protected void cleanUpFailedSocket(SSLSocket sslSocket)
Do any cleanup necessary due to socket creation failure (e.g. due to hostname validation failure).

Parameters:
sslSocket - the SSLSocket to cleanup


Copyright © 1999-2013. All Rights Reserved.