Package org.mozilla.jss.ssl.javax

Class JSSServerSocket

java.lang.Object

java.net.ServerSocket

javax.net.ssl.SSLServerSocket

org.mozilla.jss.ssl.javax.JSSServerSocket

All Implemented Interfaces:

Closeable, AutoCloseable

public class JSSServerSocket
extends SSLServerSocket

SSL-enabled server socket following the javax.net.ssl.SSLServerSocket interface. Most users will want to use the JSSServerSocketFactory provided by the Java Provider interface instead of using this class directly. This SSLSocket implementation is a wrapped implementation. In particular, we need to consume an existing ServerSocket (via the consumeSocket(...) call) which we actually use for the accept() call. When called from a socket factory, this additional socket will be automatically created for the caller. All JSSServerSocket instances have a underlying ServerSocketChannel, of type JSSServerSocketChannel. Notably lacking from javax.net.ssl is a javax.net.ssl.SSLServerSocketChannel interface, so JSSSocketChannel includes no additional SSL-specific options. This purely exists to facilitate creating JSSSocket instances. In order to interoperate with JSSEngine, many of the adjacent methods have been included in this class as well. This results in any accepted sockets cloning its configuration. To construct a (useful) new instance, the following calls must be made: - new JSSServerSocket(); - consumeSocket(inst); - initSSLEngine(...); - setKeyManagers(...); - setTrustManagers(...); Optionally, setSSLContext(...) could be called to provide the SSLContext from which the SSLEngine should be constructed. This should be called prior to initSSLEngine(...) being called.

Field Summary

Fields

Modifier and Type	Field	Description
private JSSServerSocketChannel	channel	Underlying SocketChannel for this socket; always exists.
private JSSEngine	engine	JSSEngine instance to utilize for SSLEngine operations.
private String	engineProvider	Name of the SSLEngine provider to use.
private String	engineProviderProtocol	Name of the SSLEngine protocol to use.
private SSLContext	jssContext	SSLContext to use to create the JSSEngine.
private ServerSocket	parent	The socket this JSSServerSocket was created over; accept() operations go through this socket and all information exposed via ServerSocket members go through here.

Constructor Summary

Constructors

Constructor	Description
JSSServerSocket()	Start building a new JSSServerSocket.

Method Summary

Modifier and Type	Method	Description
JSSSocket	accept()
protected JSSSocket	acceptSocket(Socket child)	Helper to upgrade a Socket into a JSSSocket.
void	bind(SocketAddress endpoint)
void	bind(SocketAddress endpoint, int backlog)
void	close()
void	consumeSocket(ServerSocket parent)	Consume a parent socket, utilizing it for all accept operations.
JSSServerSocketChannel	getChannel()	Get the underlying ServerSocketChannel for this Socket.
String[]	getEnabledCipherSuites()	Get the set of enabled cipher suites for this SSLSocket.
String[]	getEnabledProtocols()	Get the set of enabled protocol versions for this SSLSocket.
boolean	getEnableSessionCreation()	Get whether or not this SSLSocket enables creation of new sessions.
JSSEngine	getEngine()	Get the underlying JSSEngine instance.
InetAddress	getInetAddress()
protected JSSServerSocketChannel	getInternalChannel()	Get the internal ServerSocketChannel for this Socket.
Collection<? extends EventListener>	getListeners()	Gets the current list of event listeners this SSLSocket will fire on certain events.
int	getLocalPort()
SocketAddress	getLocalSocketAddress()
boolean	getNeedClientAuth()	Get whether or not this SSLSocket needs client authentication.
<T> T	getOption(SocketOption<T> name)
int	getReceiveBufferSize()
boolean	getReuseAddress()
int	getSoTimeout()
protected SSLContext	getSSLContext()	Get the SSLContext if one exists or create a new instance.
JSSParameters	getSSLParameters()	Get the configuration of this SSLSocket as a JSSParameters object.
String[]	getSupportedCipherSuites()	Get the set of supported cipher suites for this SSLSocket.
String[]	getSupportedProtocols()	Get the set of supported protocol versions for this SSLSocket.
boolean	getUseClientMode()	Get whether or not this SSLSocket is handshaking as a client.
boolean	getWantClientAuth()	Get whether or not this SSLSocket wants client authentication.
private void	init()	Initialize the underlying ServerSocketChannel.
void	initEngine()	Explicitly initialize the SSLEngine with no session resumption information.
void	initEngine(String host, int port)	Explicitly initialize the SSLEngine with information for session resumption, including peer's hostname and port.
boolean	isBound()
boolean	isClosed()
void	setCertFromAlias(String alias)	Set the certificate this SSLSocket will utilize from an alias in the NSS DB.
void	setEnabledCipherSuites(String[] suites)	Set the list of enabled cipher suites for this SSLSocket.
void	setEnabledProtocols(String[] protocols)	Set the list of enabled protocol versions for this SSLSocket.
void	setEnableSessionCreation(boolean enabled)	Set whether or not this SSLSocket enables creation of new sessions.
void	setHostname(String name)	Set the hostname this client socket is connecting to, for HTTPS TLS certificate validation purposes.
void	setKeyManager(X509KeyManager km)	Set the KeyManager this SSLSocket will utilize to select a key.
void	setKeyManagers(X509KeyManager[] xkms)	Set the key managers this SSLSocket will utilize to select a key.
void	setKeyMaterials(PK11Cert our_cert, PK11PrivKey our_key)	Set the certificate this SSLSocket will utilize from a certificate and its matching private key.
void	setListeners(Collection<? extends EventListener> listeners)	Set the listeners this SSLSocket will fire on certain events.
void	setNeedClientAuth(boolean need)	Set whether or not this SSLSocket needs client authentication.
<T> ServerSocket	setOption(SocketOption<T> name, T value)
void	setPerformancePreferences(int connectionTime, int latency, int bandwidth)
void	setReceiveBufferSize(int size)
void	setReuseAddress(boolean on)
void	setSoTimeout(int timeout)
void	setSSLContext(SSLContext ctx)	Explicitly set the SSLContext utilized by this JSSSocket instance.
void	setSSLParameters(SSLParameters params)	Set the configuration of this SSLSocket from the given SSLParameters instance.
void	setTrustManager(JSSTrustManager tm)	Set the trust manager this SSLSocket will utilize to validate a peer's certificate.
void	setTrustManagers(X509TrustManager[] xtms)	Set the trust managers this SSLSocket will utilize to validate a peer's certificate.
void	setUseClientMode(boolean client)	Set whether or not this SSLSocket is handshaking as a client.
void	setWantClientAuth(boolean want)	Set whether or not this SSLSocket wants client authentication.
Set<SocketOption<?>>	supportedOptions()
String	toString()

Methods inherited from class java.net.ServerSocket

implAccept, setSocketFactory

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

engineProviderProtocol

private String engineProviderProtocol

Name of the SSLEngine protocol to use.

engineProvider

private String engineProvider

Name of the SSLEngine provider to use.

jssContext

private SSLContext jssContext

SSLContext to use to create the JSSEngine. Note that JSSSocket will fail if the context doesn't create JSSEngine instances.

engine

private JSSEngine engine

JSSEngine instance to utilize for SSLEngine operations.

parent

private ServerSocket parent

The socket this JSSServerSocket was created over; accept() operations go through this socket and all information exposed via ServerSocket members go through here.

channel

private JSSServerSocketChannel channel

Underlying SocketChannel for this socket; always exists.

Constructor Details

JSSServerSocket

public JSSServerSocket()
                throws IOException

Start building a new JSSServerSocket. We specifically avoid creating any other constructors as we wish to consume an existing socket rather than creating a new one.

Throws:

IOException

Method Details

consumeSocket

public void consumeSocket(ServerSocket parent)

Consume a parent socket, utilizing it for all accept operations. This JSSServerSocket instance will inherit all information about the connection from this underlying socket. When utilized in a JSSServerSocket, callers should refrain from interacting with the underlying socket unless selective protocol upgrade should occur. In that case, it may be more appropriate to use the JSSSocketFactory method that creates server JSSSocket instances.

getSSLContext

protected SSLContext getSSLContext()
                            throws IOException

Get the SSLContext if one exists or create a new instance. This is used by initSSLEngine(..) to create the underlying SSLEngine.

Throws:

IOException

setSSLContext

public void setSSLContext(SSLContext ctx)
                   throws IOException

Explicitly set the SSLContext utilized by this JSSSocket instance. This enables JSSServerSocket to copy its SSLContext over to the accepted JSSSocket.

Throws:

IOException

init

private void init()
           throws IOException

Initialize the underlying ServerSocketChannel.

Throws:

IOException

initEngine

public void initEngine()
                throws IOException

Explicitly initialize the SSLEngine with no session resumption information.

Throws:

IOException

initEngine

public void initEngine(String host,
 int port)
                throws IOException

Explicitly initialize the SSLEngine with information for session resumption, including peer's hostname and port.

Throws:

IOException

getEngine

public JSSEngine getEngine()

Get the underlying JSSEngine instance. Note that, just like accessing the underlying Socket instance while the JSSSocket instance is still open is dangerous, performing other TLS operations directly via JSSEngine is also dangerous. This is mostly exposed to enable advanced configuration of the JSSEngine that isn't otherwise allowed by JSSSocket, and to facilitate the accept() method on JSSServerSocket.

getChannel

public JSSServerSocketChannel getChannel()

Get the underlying ServerSocketChannel for this Socket.

Overrides:

getChannel in class ServerSocket

See Also:

• ServerSocket.getChannel()

getInternalChannel

protected JSSServerSocketChannel getInternalChannel()

Get the internal ServerSocketChannel for this Socket.

acceptSocket

protected JSSSocket acceptSocket(Socket child)
                          throws IOException

Helper to upgrade a Socket into a JSSSocket. Called from accept in JSSServerSocket and JSSServerSocketChannel.

Throws:

IOException

setHostname

public void setHostname(String name)

Set the hostname this client socket is connecting to, for HTTPS TLS certificate validation purposes.

See Also:

• JSSEngine.setHostname(String)

setCertFromAlias

public void setCertFromAlias(String alias)
                      throws IllegalArgumentException

Set the certificate this SSLSocket will utilize from an alias in the NSS DB.

Throws:

IllegalArgumentException

See Also:

• JSSEngine.setCertFromAlias(String)

setKeyMaterials

public void setKeyMaterials(PK11Cert our_cert,
 PK11PrivKey our_key)
                     throws IllegalArgumentException

Set the certificate this SSLSocket will utilize from a certificate and its matching private key.

Throws:

IllegalArgumentException

See Also:

• JSSEngine.setKeyMaterials(PK11Cert, PK11PrivKey)

setKeyManager

public void setKeyManager(X509KeyManager km)

Set the KeyManager this SSLSocket will utilize to select a key.

See Also:

• JSSEngine.setKeyManager(X509KeyManager)

setKeyManagers

public void setKeyManagers(X509KeyManager[] xkms)

Set the key managers this SSLSocket will utilize to select a key.

See Also:

• JSSEngine.setKeyManagers(X509KeyManager[])

setTrustManager

public void setTrustManager(JSSTrustManager tm)

Set the trust manager this SSLSocket will utilize to validate a peer's certificate.

See Also:

• JSSEngine.setTrustManager(JSSTrustManager)

setTrustManagers

public void setTrustManagers(X509TrustManager[] xtms)

Set the trust managers this SSLSocket will utilize to validate a peer's certificate.

See Also:

• JSSEngine.setTrustManagers(X509TrustManager[])

setListeners

public void setListeners(Collection<? extends EventListener> listeners)

Set the listeners this SSLSocket will fire on certain events.

See Also:

• JSSEngine.setListeners(Collection)

getListeners

public Collection<? extends EventListener> getListeners()

Gets the current list of event listeners this SSLSocket will fire on certain events.

See Also:

• JSSEngine.getListeners()

getEnabledCipherSuites

public String[] getEnabledCipherSuites()

Get the set of enabled cipher suites for this SSLSocket.

Specified by:

getEnabledCipherSuites in class SSLServerSocket

See Also:

• JSSEngine.getEnabledCipherSuites()
• SSLSocket.getEnabledCipherSuites()

getSupportedCipherSuites

public String[] getSupportedCipherSuites()

Get the set of supported cipher suites for this SSLSocket.

Specified by:

getSupportedCipherSuites in class SSLServerSocket

See Also:

• JSSEngine.getSupportedCipherSuites()
• SSLSocket.getSupportedCipherSuites()

setEnabledCipherSuites

public void setEnabledCipherSuites(String[] suites)

Set the list of enabled cipher suites for this SSLSocket.

Specified by:

setEnabledCipherSuites in class SSLServerSocket

See Also:

• JSSEngine.setEnabledCipherSuites(String[])
• SSLSocket.setEnabledCipherSuites(String[])

getEnabledProtocols

public String[] getEnabledProtocols()

Get the set of enabled protocol versions for this SSLSocket.

Specified by:

getEnabledProtocols in class SSLServerSocket

See Also:

• JSSEngine.getEnabledProtocols()
• SSLSocket.getEnabledProtocols()

getSupportedProtocols

public String[] getSupportedProtocols()

Get the set of supported protocol versions for this SSLSocket.

Specified by:

getSupportedProtocols in class SSLServerSocket

See Also:

• JSSEngine.getSupportedProtocols()
• SSLSocket.getSupportedProtocols()

setEnabledProtocols

public void setEnabledProtocols(String[] protocols)

Set the list of enabled protocol versions for this SSLSocket.

Specified by:

setEnabledProtocols in class SSLServerSocket

See Also:

• JSSEngine.setEnabledProtocols(String[])
• SSLSocket.setEnabledProtocols(String[])

getEnableSessionCreation

public boolean getEnableSessionCreation()

Get whether or not this SSLSocket enables creation of new sessions.

Specified by:

getEnableSessionCreation in class SSLServerSocket

See Also:

• JSSEngine.getEnableSessionCreation()
• SSLSocket.getEnableSessionCreation()

setEnableSessionCreation

public void setEnableSessionCreation(boolean enabled)

Set whether or not this SSLSocket enables creation of new sessions.

Specified by:

setEnableSessionCreation in class SSLServerSocket

See Also:

• JSSEngine.setEnableSessionCreation(boolean)
• SSLSocket.setEnableSessionCreation(boolean)

getUseClientMode

public boolean getUseClientMode()

Get whether or not this SSLSocket is handshaking as a client.

Specified by:

getUseClientMode in class SSLServerSocket

See Also:

• JSSEngine.getUseClientMode()
• SSLSocket.getUseClientMode()

setUseClientMode

public void setUseClientMode(boolean client)

Set whether or not this SSLSocket is handshaking as a client.

Specified by:

setUseClientMode in class SSLServerSocket

See Also:

• JSSEngine.setUseClientMode(boolean)
• SSLSocket.setUseClientMode(boolean)

getWantClientAuth

public boolean getWantClientAuth()

Get whether or not this SSLSocket wants client authentication.

Specified by:

getWantClientAuth in class SSLServerSocket

See Also:

• JSSEngine.getWantClientAuth()
• SSLSocket.getWantClientAuth()

setWantClientAuth

public void setWantClientAuth(boolean want)

Set whether or not this SSLSocket wants client authentication.

Specified by:

setWantClientAuth in class SSLServerSocket

See Also:

• JSSEngine.setWantClientAuth(boolean)
• SSLSocket.setWantClientAuth(boolean)

getNeedClientAuth

public boolean getNeedClientAuth()

Get whether or not this SSLSocket needs client authentication.

Specified by:

getNeedClientAuth in class SSLServerSocket

See Also:

• JSSEngine.getNeedClientAuth()
• SSLSocket.getNeedClientAuth()

setNeedClientAuth

public void setNeedClientAuth(boolean need)

Set whether or not this SSLSocket needs client authentication.

Specified by:

setNeedClientAuth in class SSLServerSocket

See Also:

• JSSEngine.setNeedClientAuth(boolean)
• SSLSocket.setNeedClientAuth(boolean)

getSSLParameters

public JSSParameters getSSLParameters()

Get the configuration of this SSLSocket as a JSSParameters object.

Overrides:

getSSLParameters in class SSLServerSocket

See Also:

• JSSEngine.getSSLParameters()
• SSLSocket.getSSLParameters()

setSSLParameters

public void setSSLParameters(SSLParameters params)

Set the configuration of this SSLSocket from the given SSLParameters instance.

Overrides:

setSSLParameters in class SSLServerSocket

See Also:

• JSSEngine.setSSLParameters(SSLParameters)
• SSLSocket.setSSLParameters(SSLParameters)

accept

public JSSSocket accept()
                 throws IOException

Overrides:

accept in class ServerSocket

Throws:

IOException

bind

public void bind(SocketAddress endpoint)
          throws IOException

Overrides:

bind in class ServerSocket

Throws:

IOException

bind

public void bind(SocketAddress endpoint,
 int backlog)
          throws IOException

Overrides:

bind in class ServerSocket

Throws:

IOException

close

public void close()
           throws IOException

Specified by:

close in interface AutoCloseable

Specified by:

close in interface Closeable

Overrides:

close in class ServerSocket

Throws:

IOException

getInetAddress

public InetAddress getInetAddress()

Overrides:

getInetAddress in class ServerSocket

getLocalPort

public int getLocalPort()

Overrides:

getLocalPort in class ServerSocket

getLocalSocketAddress

public SocketAddress getLocalSocketAddress()

Overrides:

getLocalSocketAddress in class ServerSocket

getSoTimeout

public int getSoTimeout()
                 throws IOException

Overrides:

getSoTimeout in class ServerSocket

Throws:

IOException

setSoTimeout

public void setSoTimeout(int timeout)
                  throws SocketException

Overrides:

setSoTimeout in class ServerSocket

Throws:

SocketException

getReuseAddress

public boolean getReuseAddress()
                        throws SocketException

Overrides:

getReuseAddress in class ServerSocket

Throws:

SocketException

setReuseAddress

public void setReuseAddress(boolean on)
                     throws SocketException

Overrides:

setReuseAddress in class ServerSocket

Throws:

SocketException

getReceiveBufferSize

public int getReceiveBufferSize()
                         throws SocketException

Overrides:

getReceiveBufferSize in class ServerSocket

Throws:

SocketException

setReceiveBufferSize

public void setReceiveBufferSize(int size)
                          throws SocketException

Overrides:

setReceiveBufferSize in class ServerSocket

Throws:

SocketException

setPerformancePreferences

public void setPerformancePreferences(int connectionTime,
 int latency,
 int bandwidth)

Overrides:

setPerformancePreferences in class ServerSocket

isBound

public boolean isBound()

Overrides:

isBound in class ServerSocket

isClosed

public boolean isClosed()

Overrides:

isClosed in class ServerSocket

toString

public String toString()

Overrides:

toString in class ServerSocket

setOption

public <T> ServerSocket setOption(SocketOption<T> name,
 T value)
                           throws IOException

Overrides:

setOption in class ServerSocket

Throws:

IOException

getOption

public <T> T getOption(SocketOption<T> name)
                throws IOException

Overrides:

getOption in class ServerSocket

Throws:

IOException

supportedOptions

public Set<SocketOption<?>> supportedOptions()

Overrides:

supportedOptions in class ServerSocket