Package org.mozilla.jss.ssl.javax

Class JSSSocket

java.lang.Object

java.net.Socket

javax.net.ssl.SSLSocket

org.mozilla.jss.ssl.SSLSocket

org.mozilla.jss.ssl.javax.JSSSocket

All Implemented Interfaces:

Closeable, AutoCloseable

public class JSSSocket
extends SSLSocket

SSL-enabled socket following the javax.net.ssl.SSLSocket interface. Most users will want to use the JSSSocketFactory provided by the Java Provider interface instead of using this class directly. This SSLSocket implementation is a wrapped implementation. In particular, we need to consume an existing Socket (via the consumeSocket(...) call) which we actually send data over. When called from a socket factory, this additional socket will be automatically created for the caller. This is necessary because SSLSocketFactory includes a mode which wraps an existing socket. All JSSSocket instances have a underlying SocketChannel, of type JSSSocketChannel. Notably lacking is a javax.net.ssl.SSLSocketChannel type, so JSSSocketChannel includes no additional SSL-specific options. However, the core of the SSLEngine wrapping logic exists there. In order to interoperate with JSSEngine, many of the adjacent methods have been included in this class as well. This socket can either be a client or a server, depending on how it was created. For more information, see the javax.net.ssl.SSLSocket documentation. To construct a (useful) new instance, the following calls must be made: - new JSSSocket(); - consumeSocket(inst); - initSSLEngine(...); - setKeyManagers(...); - setTrustManagers(...); Optionally, setSSLContext(...) could be called to provide the SSLContext from which the SSLEngine should be constructed. This should be called prior to initSSLEngine(...) being called.

Field Summary

Fields

Modifier and Type	Field	Description
private boolean	autoClose	Whether or not to automatically close the underlying Socket when this socket has been closed; defaults to true.
private JSSSocketChannel	channel	Underlying SocketChannel for this socket; always exists.
private boolean	closed	Whether or not this socket has been closed.
private InputStream	consumedData	Previously consumed data, if any; utilized for certain SSLSocketFactory calls.
private JSSEngine	engine	JSSEngine instance to utilize for SSLEngine operations.
private String	engineProvider	Name of the SSLEngine provider to use.
private String	engineProviderProtocol	Name of the SSLEngine protocol to use.
private ArrayList<HandshakeCompletedListener>	handshakeCallbacks	All registered handshake callbacks.
private SSLContext	jssContext	SSLContext to use to create the JSSEngine.
private Socket	parent	The socket this JSSSocket was created over; all read/write operations go through this socket and all information exposed via Socket members go through here.

Fields inherited from class org.mozilla.jss.ssl.SSLSocket

SSL_RENEGOTIATE_NEVER, SSL_RENEGOTIATE_REQUIRES_XTN, SSL_RENEGOTIATE_TRANSITIONAL, SSL_RENEGOTIATE_UNRESTRICTED, SSL_REQUIRE_ALWAYS, SSL_REQUIRE_FIRST_HANDSHAKE, SSL_REQUIRE_NEVER, SSL_REQUIRE_NO_ERROR, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL2_DES_192_EDE3_CBC_WITH_MD5, SSL2_DES_64_CBC_WITH_MD5, SSL2_IDEA_128_CBC_WITH_MD5, SSL2_RC2_128_CBC_EXPORT40_WITH_MD5, SSL2_RC2_128_CBC_WITH_MD5, SSL2_RC4_128_EXPORT40_WITH_MD5, SSL2_RC4_128_WITH_MD5, SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5, SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA, SSL3_DH_ANON_WITH_DES_CBC_SHA, SSL3_DH_ANON_WITH_RC4_128_MD5, SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA, SSL3_DH_DSS_WITH_DES_CBC_SHA, SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA, SSL3_DH_RSA_WITH_DES_CBC_SHA, SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL3_DHE_DSS_WITH_DES_CBC_SHA, SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL3_DHE_RSA_WITH_DES_CBC_SHA, SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, SSL3_FORTEZZA_DMS_WITH_NULL_SHA, SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA, SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL3_RSA_EXPORT_WITH_RC4_40_MD5, SSL3_RSA_WITH_3DES_EDE_CBC_SHA, SSL3_RSA_WITH_DES_CBC_SHA, SSL3_RSA_WITH_IDEA_CBC_SHA, SSL3_RSA_WITH_NULL_MD5, SSL3_RSA_WITH_NULL_SHA, SSL3_RSA_WITH_RC4_128_MD5, SSL3_RSA_WITH_RC4_128_SHA, TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_anon_EXPORT_WITH_RC4_40_MD5, TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_DH_ANON_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_ANON_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_anon_WITH_DES_CBC_SHA, TLS_DH_anon_WITH_RC4_128_MD5, TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_DSS_WITH_DES_CBC_SHA, TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_RSA_WITH_DES_CBC_SHA, TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_RC4_128_SHA, TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_DES_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_AES_256_CBC_SHA, TLS_ECDH_anon_WITH_NULL_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384, TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_FALLBACK_SCSV, TLS_NULL_WITH_NULL_NULL, TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_RSA_EXPORT_WITH_RC4_40_MD5, TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_IDEA_CBC_SHA, TLS_RSA_WITH_NULL_MD5, TLS_RSA_WITH_NULL_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_SEED_CBC_SHA

Constructor Summary

Constructors

Constructor	Description
JSSSocket()	Start building a new JSSSocket.

Method Summary

Modifier and Type	Method	Description
void	addHandshakeCompletedListener(HandshakeCompletedListener callback)	Add a callback to fire on handshake completion.
void	bind(SocketAddress bindpoint)
void	close()	Closes this socket.
void	connect(SocketAddress endpoint)
void	connect(SocketAddress endpoint, int timeout)
void	consumeSocket(Socket parent)	Consume a parent socket, utilizing it for all read/write operations.
private void	doHandshake()	Internal helper to perform the handshake operation, blocking.
boolean	getAutoClose()	Get the autoClose status of this socket, that is, whether or not its parent socket will be automatically closed.
JSSSocketChannel	getChannel()	Get the underlying SocketChannel for this Socket.
String[]	getEnabledCipherSuites()	Get the set of enabled cipher suites for this SSLSocket.
String[]	getEnabledProtocols()	Get the set of enabled protocol versions for this SSLSocket.
boolean	getEnableSessionCreation()	Get whether or not this SSLSocket enables creation of new sessions.
JSSEngine	getEngine()	Get the underlying JSSEngine instance.
SSLSession	getHandshakeSession()	Get the initial session constructed during handshaking.
InetAddress	getInetAddress()
InputStream	getInputStream()	Get a copy of an input stream for this Socket.
protected JSSSocketChannel	getInternalChannel()	Helper to always return the channel for this socket, initializing it if it isn't yet created.
boolean	getKeepAlive()	Returns the current setting of the SO_KEEPALIVE socket option.
Collection<? extends EventListener>	getListeners()	Gets the current list of event listeners this SSLSocket will fire on certain events.
InetAddress	getLocalAddress()
int	getLocalPort()
SocketAddress	getLocalSocketAddress()
boolean	getNeedClientAuth()	Get whether or not this SSLSocket needs client authentication.
boolean	getOOBInline()
<T> T	getOption(SocketOption<T> name)
OutputStream	getOutputStream()	Get a copy of an output stream for this Socket.
int	getPort()
int	getReceiveBufferSize()	Returns the size (in bytes) of the receive buffer.
SocketAddress	getRemoteSocketAddress()
boolean	getReuseAddress()
int	getSendBufferSize()	Returns the size (in bytes) of the send buffer.
SSLSession	getSession()	Get the established session for this SSLSocket.
int	getSoLinger()	Returns the current value of the SO_LINGER socket option.
int	getSoTimeout()	Returns the current value of the SO_TIMEOUT socket option.
protected SSLContext	getSSLContext()	Get the SSLContext if one exists or create a new instance.
JSSParameters	getSSLParameters()	Get the configuration of this SSLSocket as a JSSParameters object.
String[]	getSupportedCipherSuites()	Get the set of supported cipher suites for this SSLSocket.
String[]	getSupportedProtocols()	Get the set of supported protocol versions for this SSLSocket.
boolean	getTcpNoDelay()	Returns the current setting of the TCP_NO_DELAY socket option.
int	getTrafficClass()
boolean	getUseClientMode()	Get whether or not this SSLSocket is handshaking as a client.
boolean	getWantClientAuth()	Get whether or not this SSLSocket wants client authentication.
private void	init()	Initialize the underlying SocketChannel.
void	initEngine()	Explicitly initialize the SSLEngine with no session resumption information.
void	initEngine(String host, int port)	Explicitly initialize the SSLEngine with information for session resumption, including peer's hostname and port.
boolean	isBound()
boolean	isClosed()
boolean	isConnected()
boolean	isInputShutdown()
boolean	isOutputShutdown()
protected void	notifyHandshakeCompletedListeners()	Internal helper to fire callbacks on handshake completion.
void	removeHandshakeCompletedListener(HandshakeCompletedListener callback)	Remove a callback from firing on handshake completion.
void	sendUrgentData(int data)
void	setAutoClose(boolean on)	Set the autoClose status of this socket, that is, whether or not its parent socket will be automatically closed.
void	setCertFromAlias(String alias)	Set the certificate this SSLSocket will utilize from an alias in the NSS DB.
void	setConsumedData(InputStream consumed)	Helper to inform this socket of data already consumed from the wrapped socket.
void	setEnabledCipherSuites(String[] suites)	Set the list of enabled cipher suites for this SSLSocket.
void	setEnabledProtocols(String[] protocols)	Set the list of enabled protocol versions for this SSLSocket.
void	setEnableSessionCreation(boolean enabled)	Set whether or not this SSLSocket enables creation of new sessions.
void	setHostname(String name)	Set the hostname this client socket is connecting to, for HTTPS TLS certificate validation purposes.
void	setKeepAlive(boolean on)	Enables or disables the SO_KEEPALIVE socket option.
void	setKeyManager(X509KeyManager km)	Set the KeyManager this SSLSocket will utilize to select a key.
void	setKeyManagers(X509KeyManager[] xkms)	Set the key managers this SSLSocket will utilize to select a key.
void	setKeyMaterials(PK11Cert ourCert, PK11PrivKey ourKey)	Set the certificate this SSLSocket will utilize from a certificate and its matching private key.
void	setListeners(Collection<? extends EventListener> listeners)	Set the listeners this SSLSocket will fire on certain events.
void	setNeedClientAuth(boolean need)	Set whether or not this SSLSocket needs client authentication.
void	setOOBInline(boolean on)
<T> Socket	setOption(SocketOption<T> name, T value)
void	setPerformancePreferences(int connectionTime, int latency, int bandwidth)
void	setReceiveBufferSize(int size)	Sets the size (in bytes) of the receive buffer.
void	setReuseAddress(boolean on)
void	setSendBufferSize(int size)	Sets the size (in bytes) of the send buffer.
void	setSoLinger(boolean on, int linger)	Sets the SO_LINGER socket option.
void	setSoTimeout(int timeout)	Sets the SO_TIMEOUT socket option.
void	setSSLContext(SSLContext ctx)	Explicitly set the SSLContext utilized by this JSSSocket instance.
void	setSSLParameters(SSLParameters params)	Set the configuration of this SSLSocket from the given SSLParameters instance.
void	setTcpNoDelay(boolean on)	Enables or disables the TCP_NO_DELAY socket option.
void	setTrafficClass(int tc)
void	setTrustManager(JSSTrustManager tm)	Set the trust manager this SSLSocket will utilize to validate a peer's certificate.
void	setTrustManagers(X509TrustManager[] xtms)	Set the trust managers this SSLSocket will utilize to validate a peer's certificate.
void	setUseClientMode(boolean client)	Set whether or not this SSLSocket is handshaking as a client.
void	setWantClientAuth(boolean want)	Set whether or not this SSLSocket wants client authentication.
void	shutdownInput()	Shuts down the input side of the socket.
void	shutdownOutput()	Shuts down the output side of the socket.
void	startHandshake()	Begin a handshake, blocking to completion; this will begin a new handshake when one has already been issued.
Set<SocketOption<?>>	supportedOptions()
String	toString()	Returns the addresses and ports of this socket or an error message if the socket is not in a valid state.

Methods inherited from class org.mozilla.jss.ssl.SSLSocket

addHandshakeCompletedListener, addSocketListener, boundSSLVersionRange, enableFDX, enablePostHandshakeAuth, enablePostHandshakeAuthDefault, enableRenegotiation, enableRenegotiationDefault, enableRequireSafeNegotiation, enableRequireSafeNegotiationDefault, enableRollbackDetection, enableSessionTickets, enableSessionTicketsDefault, enableSSL2, enableSSL2Default, enableSSL3, enableSSL3Default, enableStepDown, enableTLS, enableTLSDefault, enableV2CompatibleHello, finalize, forceHandshake, getCipherPreference, getCipherPreferenceDefault, getImplementedCipherSuites, getSSLDefaultOptions, getSSLOptions, getStatus, invalidateSession, isFipsCipherSuite, redoHandshake, redoHandshake, removeHandshakeCompletedListener, removeSocketListener, requestClientAuth, requireClientAuth, requireClientAuth, requireClientAuthDefault, requireClientAuthDefault, resetHandshake, setCipherPolicy, setCipherPreference, setCipherPreferenceDefault, setClientCert, setClientCertNickname, setNeedClientAuthNoExpiryCheck, setSSLVersionRangeDefault, useCache, useCacheDefault

Methods inherited from class javax.net.ssl.SSLSocket

getApplicationProtocol, getHandshakeApplicationProtocol, getHandshakeApplicationProtocolSelector, setHandshakeApplicationProtocolSelector

Methods inherited from class java.net.Socket

setSocketImplFactory

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

engineProviderProtocol

private String engineProviderProtocol

Name of the SSLEngine protocol to use.

engineProvider

private String engineProvider

Name of the SSLEngine provider to use.

jssContext

private SSLContext jssContext

SSLContext to use to create the JSSEngine. Note that JSSSocket will fail if the context doesn't create JSSEngine instances.

engine

private JSSEngine engine

JSSEngine instance to utilize for SSLEngine operations.

handshakeCallbacks

private ArrayList<HandshakeCompletedListener> handshakeCallbacks

All registered handshake callbacks.

parent

private Socket parent

The socket this JSSSocket was created over; all read/write operations go through this socket and all information exposed via Socket members go through here.

consumedData

private InputStream consumedData

Previously consumed data, if any; utilized for certain SSLSocketFactory calls.

channel

private JSSSocketChannel channel

Underlying SocketChannel for this socket; always exists.

autoClose

private boolean autoClose

Whether or not to automatically close the underlying Socket when this socket has been closed; defaults to true.

closed

private boolean closed

Whether or not this socket has been closed.

Constructor Details

JSSSocket

public JSSSocket()

Start building a new JSSSocket. We specifically avoid creating any other constructors as we wish to consume an existing socket rather than creating a new one.

Method Details

consumeSocket

public void consumeSocket(Socket parent)
                   throws IOException

Consume a parent socket, utilizing it for all read/write operations. This JSSSocket instance will inherit all information about the connection from this underlying socket. When utilized in a JSSSocket, callers should refrain from interacting with the underlying socket directly until the TLS connection is closed. Otherwise, messages may get dropped.

Throws:

IOException

getSSLContext

protected SSLContext getSSLContext()
                            throws IOException

Get the SSLContext if one exists or create a new instance. This is used by initSSLEngine(..) to create the underlying SSLEngine.

Throws:

IOException

setSSLContext

public void setSSLContext(SSLContext ctx)

Explicitly set the SSLContext utilized by this JSSSocket instance. This enables JSSServerSocket to copy its SSLContext over to the accepted JSSSocket.

init

private void init()
           throws IOException

Initialize the underlying SocketChannel.

Throws:

IOException

initEngine

public void initEngine()
                throws IOException

Explicitly initialize the SSLEngine with no session resumption information.

Throws:

IOException

initEngine

public void initEngine(String host,
 int port)
                throws IOException

Explicitly initialize the SSLEngine with information for session resumption, including peer's hostname and port.

Throws:

IOException

getEngine

public JSSEngine getEngine()

Get the underlying JSSEngine instance. Note that, just like accessing the underlying Socket instance while the JSSSocket instance is still open is dangerous, performing other TLS operations directly via JSSEngine is also dangerous. This is mostly exposed to enable advanced configuration of the JSSEngine that isn't otherwise allowed by JSSSocket, and to facilitate the accept() method on JSSServerSocket.

getChannel

public JSSSocketChannel getChannel()

Get the underlying SocketChannel for this Socket.

Overrides:

getChannel in class Socket

See Also:

• Socket.getChannel()

getInternalChannel

protected JSSSocketChannel getInternalChannel()

Helper to always return the channel for this socket, initializing it if it isn't yet created.

getInputStream

public InputStream getInputStream()
                           throws IOException

Get a copy of an input stream for this Socket.

Overrides:

getInputStream in class SSLSocket

Throws:

IOException

See Also:

• Socket.getInputStream()

getOutputStream

public OutputStream getOutputStream()
                             throws IOException

Get a copy of an output stream for this Socket.

Overrides:

getOutputStream in class SSLSocket

Throws:

IOException

See Also:

• Socket.getOutputStream()

doHandshake

private void doHandshake()
                  throws IOException

Internal helper to perform the handshake operation, blocking. Note that JSSSocket doesn't invoke JSSEngine.wrap/unwrap directly; instead everything is contained within JSSSocketChannel.

Throws:

IOException

setConsumedData

public void setConsumedData(InputStream consumed)

Helper to inform this socket of data already consumed from the wrapped socket. This is provided to facilitate a SSLSocketFactory call which allows construction of SSLSocket instances from a non-SSL ServerSocket, allowing the application to check SNI information directly.

getAutoClose

public boolean getAutoClose()

Get the autoClose status of this socket, that is, whether or not its parent socket will be automatically closed.

setAutoClose

public void setAutoClose(boolean on)

Set the autoClose status of this socket, that is, whether or not its parent socket will be automatically closed.

setHostname

public void setHostname(String name)

Set the hostname this client socket is connecting to, for HTTPS TLS certificate validation purposes.

See Also:

• JSSEngine.setHostname(String)

setCertFromAlias

public void setCertFromAlias(String alias)
                      throws IllegalArgumentException

Set the certificate this SSLSocket will utilize from an alias in the NSS DB.

Throws:

IllegalArgumentException

See Also:

• JSSEngine.setCertFromAlias(String)

setKeyMaterials

public void setKeyMaterials(PK11Cert ourCert,
 PK11PrivKey ourKey)
                     throws IllegalArgumentException

Set the certificate this SSLSocket will utilize from a certificate and its matching private key.

Throws:

IllegalArgumentException

See Also:

• JSSEngine.setKeyMaterials(PK11Cert, PK11PrivKey)

setKeyManager

public void setKeyManager(X509KeyManager km)

Set the KeyManager this SSLSocket will utilize to select a key.

See Also:

• JSSEngine.setKeyManager(X509KeyManager)

setKeyManagers

public void setKeyManagers(X509KeyManager[] xkms)

Set the key managers this SSLSocket will utilize to select a key.

See Also:

• JSSEngine.setKeyManagers(X509KeyManager[])

setTrustManager

public void setTrustManager(JSSTrustManager tm)

Set the trust manager this SSLSocket will utilize to validate a peer's certificate.

See Also:

• JSSEngine.setTrustManager(JSSTrustManager)

setTrustManagers

public void setTrustManagers(X509TrustManager[] xtms)

Set the trust managers this SSLSocket will utilize to validate a peer's certificate.

See Also:

• JSSEngine.setTrustManagers(X509TrustManager[])

setListeners

public void setListeners(Collection<? extends EventListener> listeners)

Set the listeners this SSLSocket will fire on certain events.

See Also:

• JSSEngine.setListeners(Collection)

getListeners

public Collection<? extends EventListener> getListeners()

Gets the current list of event listeners this SSLSocket will fire on certain events.

See Also:

• JSSEngine.getListeners()

startHandshake

public void startHandshake()
                    throws IOException

Begin a handshake, blocking to completion; this will begin a new handshake when one has already been issued.

Overrides:

startHandshake in class SSLSocket

Throws:

IOException

See Also:

• SSLEngine.beginHandshake()
• SSLSocket.startHandshake()

addHandshakeCompletedListener

public void addHandshakeCompletedListener(HandshakeCompletedListener callback)
                                   throws IllegalArgumentException

Add a callback to fire on handshake completion.

Overrides:

addHandshakeCompletedListener in class SSLSocket

Throws:

IllegalArgumentException

See Also:

• SSLSocket.addHandshakeCompletedListener(HandshakeCompletedListener)

notifyHandshakeCompletedListeners

protected void notifyHandshakeCompletedListeners()

Internal helper to fire callbacks on handshake completion.

removeHandshakeCompletedListener

public void removeHandshakeCompletedListener(HandshakeCompletedListener callback)
                                      throws IllegalArgumentException

Remove a callback from firing on handshake completion.

Overrides:

removeHandshakeCompletedListener in class SSLSocket

Throws:

IllegalArgumentException

See Also:

• SSLSocket.removeHandshakeCompletedListener(HandshakeCompletedListener)

getEnabledCipherSuites

public String[] getEnabledCipherSuites()

Get the set of enabled cipher suites for this SSLSocket.

Overrides:

getEnabledCipherSuites in class SSLSocket

See Also:

• JSSEngine.getEnabledCipherSuites()
• SSLSocket.getEnabledCipherSuites()

getSupportedCipherSuites

public String[] getSupportedCipherSuites()

Get the set of supported cipher suites for this SSLSocket.

Overrides:

getSupportedCipherSuites in class SSLSocket

See Also:

• JSSEngine.getSupportedCipherSuites()
• SSLSocket.getSupportedCipherSuites()

setEnabledCipherSuites

public void setEnabledCipherSuites(String[] suites)

Set the list of enabled cipher suites for this SSLSocket.

Overrides:

setEnabledCipherSuites in class SSLSocket

See Also:

• JSSEngine.setEnabledCipherSuites(String[])
• SSLSocket.setEnabledCipherSuites(String[])

getEnabledProtocols

public String[] getEnabledProtocols()

Get the set of enabled protocol versions for this SSLSocket.

Overrides:

getEnabledProtocols in class SSLSocket

See Also:

• JSSEngine.getEnabledProtocols()
• SSLSocket.getEnabledProtocols()

getSupportedProtocols

public String[] getSupportedProtocols()

Get the set of supported protocol versions for this SSLSocket.

Overrides:

getSupportedProtocols in class SSLSocket

See Also:

• JSSEngine.getSupportedProtocols()
• SSLSocket.getSupportedProtocols()

setEnabledProtocols

public void setEnabledProtocols(String[] protocols)

Set the list of enabled protocol versions for this SSLSocket.

Overrides:

setEnabledProtocols in class SSLSocket

See Also:

• JSSEngine.setEnabledProtocols(String[])
• SSLSocket.setEnabledProtocols(String[])

getEnableSessionCreation

public boolean getEnableSessionCreation()

Get whether or not this SSLSocket enables creation of new sessions.

Overrides:

getEnableSessionCreation in class SSLSocket

See Also:

• JSSEngine.getEnableSessionCreation()
• SSLSocket.getEnableSessionCreation()

setEnableSessionCreation

public void setEnableSessionCreation(boolean enabled)

Set whether or not this SSLSocket enables creation of new sessions.

Overrides:

setEnableSessionCreation in class SSLSocket

See Also:

• JSSEngine.setEnableSessionCreation(boolean)
• SSLSocket.setEnableSessionCreation(boolean)

getHandshakeSession

public SSLSession getHandshakeSession()

Get the initial session constructed during handshaking.

Overrides:

getHandshakeSession in class SSLSocket

See Also:

• SSLEngine.getHandshakeSession()
• SSLSocket.getHandshakeSession()

getSession

public SSLSession getSession()

Get the established session for this SSLSocket.

Overrides:

getSession in class SSLSocket

See Also:

• JSSEngine.getSession()
• SSLSocket.getSession()

getUseClientMode

public boolean getUseClientMode()

Get whether or not this SSLSocket is handshaking as a client.

Overrides:

getUseClientMode in class SSLSocket

Returns:

true if this end of the socket is the SSL client, false if it is the SSL server.

See Also:

• JSSEngine.getUseClientMode()
• SSLSocket.getUseClientMode()

setUseClientMode

public void setUseClientMode(boolean client)

Set whether or not this SSLSocket is handshaking as a client.

Overrides:

setUseClientMode in class SSLSocket

Parameters:

client - true if this end of the socket is the SSL slient, false if it is the SSL server.

See Also:

• JSSEngine.setUseClientMode(boolean)
• SSLSocket.setUseClientMode(boolean)

getWantClientAuth

public boolean getWantClientAuth()

Get whether or not this SSLSocket wants client authentication.

Overrides:

getWantClientAuth in class SSLSocket

See Also:

• JSSEngine.getWantClientAuth()
• SSLSocket.getWantClientAuth()

setWantClientAuth

public void setWantClientAuth(boolean want)

Set whether or not this SSLSocket wants client authentication.

Overrides:

setWantClientAuth in class SSLSocket

See Also:

• JSSEngine.setWantClientAuth(boolean)
• SSLSocket.setWantClientAuth(boolean)

getNeedClientAuth

public boolean getNeedClientAuth()

Get whether or not this SSLSocket needs client authentication.

Overrides:

getNeedClientAuth in class SSLSocket

See Also:

• JSSEngine.getNeedClientAuth()
• SSLSocket.getNeedClientAuth()

setNeedClientAuth

public void setNeedClientAuth(boolean need)

Set whether or not this SSLSocket needs client authentication.

Overrides:

setNeedClientAuth in class SSLSocket

See Also:

• JSSEngine.setNeedClientAuth(boolean)
• SSLSocket.setNeedClientAuth(boolean)

getSSLParameters

public JSSParameters getSSLParameters()

Get the configuration of this SSLSocket as a JSSParameters object.

Overrides:

getSSLParameters in class SSLSocket

See Also:

• JSSEngine.getSSLParameters()
• SSLSocket.getSSLParameters()

setSSLParameters

public void setSSLParameters(SSLParameters params)

Set the configuration of this SSLSocket from the given SSLParameters instance.

Overrides:

setSSLParameters in class SSLSocket

See Also:

• JSSEngine.setSSLParameters(SSLParameters)
• SSLSocket.setSSLParameters(SSLParameters)

connect

public void connect(SocketAddress endpoint)
             throws IOException

Overrides:

connect in class Socket

Throws:

IOException

connect

public void connect(SocketAddress endpoint,
 int timeout)
             throws IOException

Overrides:

connect in class Socket

Throws:

IOException

bind

public void bind(SocketAddress bindpoint)
          throws IOException

Overrides:

bind in class Socket

Throws:

IOException

close

public void close()
           throws IOException

Description copied from class: SSLSocket

Closes this socket.

Specified by:

close in interface AutoCloseable

Specified by:

close in interface Closeable

Overrides:

close in class SSLSocket

Throws:

IOException

shutdownInput

public void shutdownInput()
                   throws IOException

Description copied from class: SSLSocket

Shuts down the input side of the socket.

Overrides:

shutdownInput in class SSLSocket

Throws:

IOException

shutdownOutput

public void shutdownOutput()
                    throws IOException

Description copied from class: SSLSocket

Shuts down the output side of the socket.

Overrides:

shutdownOutput in class SSLSocket

Throws:

IOException

getInetAddress

public InetAddress getInetAddress()

Overrides:

getInetAddress in class SSLSocket

Returns:

The remote peer's IP address or null if the SSLSocket is closed.

getLocalAddress

public InetAddress getLocalAddress()

Overrides:

getLocalAddress in class SSLSocket

Returns:

The local IP address or null if the SSLSocket is closed.

getPort

public int getPort()

Overrides:

getPort in class SSLSocket

Returns:

The remote port.

getLocalPort

public int getLocalPort()

Overrides:

getLocalPort in class SSLSocket

Returns:

The local port or -1 if the SSLSocket is closed.

getLocalSocketAddress

public SocketAddress getLocalSocketAddress()

Overrides:

getLocalSocketAddress in class Socket

getRemoteSocketAddress

public SocketAddress getRemoteSocketAddress()

Overrides:

getRemoteSocketAddress in class Socket

getTcpNoDelay

public boolean getTcpNoDelay()
                      throws SocketException

Description copied from class: SSLSocket

Returns the current setting of the TCP_NO_DELAY socket option.

Overrides:

getTcpNoDelay in class SSLSocket

Throws:

SocketException

setTcpNoDelay

public void setTcpNoDelay(boolean on)
                   throws SocketException

Description copied from class: SSLSocket

Enables or disables the TCP_NO_DELAY socket option. Enabling this option will disable the Nagle algorithm.

Overrides:

setTcpNoDelay in class SSLSocket

Throws:

SocketException

getSoLinger

public int getSoLinger()
                throws SocketException

Description copied from class: SSLSocket

Returns the current value of the SO_LINGER socket option.

Overrides:

getSoLinger in class SSLSocket

Throws:

SocketException

setSoLinger

public void setSoLinger(boolean on,
 int linger)
                 throws SocketException

Description copied from class: SSLSocket

Sets the SO_LINGER socket option. param linger The time (in seconds) to linger for.

Overrides:

setSoLinger in class SSLSocket

Throws:

SocketException

getSoTimeout

public int getSoTimeout()
                 throws SocketException

Description copied from class: SSLSocket

Returns the current value of the SO_TIMEOUT socket option.

Overrides:

getSoTimeout in class SSLSocket

Returns:

The timeout time in milliseconds.

Throws:

SocketException

setSoTimeout

public void setSoTimeout(int timeout)
                  throws SocketException

Description copied from class: SSLSocket

Sets the SO_TIMEOUT socket option.

Overrides:

setSoTimeout in class SSLSocket

Parameters:

timeout - The timeout time in milliseconds.

Throws:

SocketException

getOOBInline

public boolean getOOBInline()
                     throws SocketException

Overrides:

getOOBInline in class Socket

Throws:

SocketException

setOOBInline

public void setOOBInline(boolean on)
                  throws SocketException

Overrides:

setOOBInline in class Socket

Throws:

SocketException

sendUrgentData

public void sendUrgentData(int data)
                    throws IOException

Overrides:

sendUrgentData in class Socket

Throws:

IOException

getSendBufferSize

public int getSendBufferSize()
                      throws SocketException

Description copied from class: SSLSocket

Returns the size (in bytes) of the send buffer.

Overrides:

getSendBufferSize in class SSLSocket

Throws:

SocketException

setSendBufferSize

public void setSendBufferSize(int size)
                       throws SocketException

Description copied from class: SSLSocket

Sets the size (in bytes) of the send buffer.

Overrides:

setSendBufferSize in class SSLSocket

Throws:

SocketException

getReceiveBufferSize

public int getReceiveBufferSize()
                         throws SocketException

Description copied from class: SSLSocket

Returns the size (in bytes) of the receive buffer.

Overrides:

getReceiveBufferSize in class SSLSocket

Throws:

SocketException

setReceiveBufferSize

public void setReceiveBufferSize(int size)
                          throws SocketException

Description copied from class: SSLSocket

Sets the size (in bytes) of the receive buffer.

Overrides:

setReceiveBufferSize in class SSLSocket

Throws:

SocketException

getKeepAlive

public boolean getKeepAlive()
                     throws SocketException

Description copied from class: SSLSocket

Returns the current setting of the SO_KEEPALIVE socket option.

Overrides:

getKeepAlive in class SSLSocket

Throws:

SocketException

setKeepAlive

public void setKeepAlive(boolean on)
                  throws SocketException

Description copied from class: SSLSocket

Enables or disables the SO_KEEPALIVE socket option.

Overrides:

setKeepAlive in class SSLSocket

Throws:

SocketException

getTrafficClass

public int getTrafficClass()
                    throws SocketException

Overrides:

getTrafficClass in class Socket

Throws:

SocketException

setTrafficClass

public void setTrafficClass(int tc)
                     throws SocketException

Overrides:

setTrafficClass in class Socket

Throws:

SocketException

getReuseAddress

public boolean getReuseAddress()
                        throws SocketException

Overrides:

getReuseAddress in class Socket

Throws:

SocketException

setReuseAddress

public void setReuseAddress(boolean on)
                     throws SocketException

Overrides:

setReuseAddress in class Socket

Throws:

SocketException

isConnected

public boolean isConnected()

Overrides:

isConnected in class Socket

isBound

public boolean isBound()

Overrides:

isBound in class Socket

isClosed

public boolean isClosed()

Overrides:

isClosed in class Socket

isInputShutdown

public boolean isInputShutdown()

Overrides:

isInputShutdown in class Socket

isOutputShutdown

public boolean isOutputShutdown()

Overrides:

isOutputShutdown in class Socket

setPerformancePreferences

public void setPerformancePreferences(int connectionTime,
 int latency,
 int bandwidth)

Overrides:

setPerformancePreferences in class Socket

toString

public String toString()

Description copied from class: SSLSocket

Returns the addresses and ports of this socket or an error message if the socket is not in a valid state.

Overrides:

toString in class SSLSocket

setOption

public <T> Socket setOption(SocketOption<T> name,
 T value)
                     throws IOException

Overrides:

setOption in class Socket

Throws:

IOException

getOption

public <T> T getOption(SocketOption<T> name)
                throws IOException

Overrides:

getOption in class Socket

Throws:

IOException

supportedOptions

public Set<SocketOption<?>> supportedOptions()

Overrides:

supportedOptions in class Socket