Package org.mozilla.jss.ssl.javax
Class JSSServerSocket
java.lang.Object
java.net.ServerSocket
javax.net.ssl.SSLServerSocket
org.mozilla.jss.ssl.javax.JSSServerSocket
- All Implemented Interfaces:
Closeable
,AutoCloseable
SSL-enabled server socket following the javax.net.ssl.SSLServerSocket
interface.
Most users will want to use the JSSServerSocketFactory provided by the Java
Provider interface instead of using this class directly.
This SSLSocket implementation is a wrapped implementation. In particular, we
need to consume an existing ServerSocket (via the consumeSocket(...) call)
which we actually use for the accept() call. When called from a socket
factory, this additional socket will be automatically created for the
caller.
All JSSServerSocket instances have a underlying ServerSocketChannel, of type
JSSServerSocketChannel. Notably lacking from javax.net.ssl is a
javax.net.ssl.SSLServerSocketChannel interface, so JSSSocketChannel includes
no additional SSL-specific options. This purely exists to facilitate
creating JSSSocket instances.
In order to interoperate with JSSEngine, many of the adjacent methods have
been included in this class as well. This results in any accepted sockets
cloning its configuration.
To construct a (useful) new instance, the following calls must be made:
- new JSSServerSocket();
- consumeSocket(inst);
- initSSLEngine(...);
- setKeyManagers(...);
- setTrustManagers(...);
Optionally, setSSLContext(...) could be called to provide the SSLContext
from which the SSLEngine should be constructed. This should be called prior
to initSSLEngine(...) being called.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate JSSServerSocketChannel
Underlying SocketChannel for this socket; always exists.private JSSEngine
JSSEngine instance to utilize for SSLEngine operations.private String
Name of the SSLEngine provider to use.private String
Name of the SSLEngine protocol to use.private SSLContext
SSLContext to use to create the JSSEngine.private ServerSocket
The socket this JSSServerSocket was created over; accept() operations go through this socket and all information exposed via ServerSocket members go through here. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionaccept()
protected JSSSocket
acceptSocket
(Socket child) Helper to upgrade a Socket into a JSSSocket.void
bind
(SocketAddress endpoint) void
bind
(SocketAddress endpoint, int backlog) void
close()
void
consumeSocket
(ServerSocket parent) Consume a parent socket, utilizing it for all accept operations.Get the underlying ServerSocketChannel for this Socket.String[]
Get the set of enabled cipher suites for this SSLSocket.String[]
Get the set of enabled protocol versions for this SSLSocket.boolean
Get whether or not this SSLSocket enables creation of new sessions.Get the underlying JSSEngine instance.protected JSSServerSocketChannel
Get the internal ServerSocketChannel for this Socket.Collection
<? extends EventListener> Gets the current list of event listeners this SSLSocket will fire on certain events.int
boolean
Get whether or not this SSLSocket needs client authentication.<T> T
getOption
(SocketOption<T> name) int
boolean
int
protected SSLContext
Get the SSLContext if one exists or create a new instance.Get the configuration of this SSLSocket as a JSSParameters object.String[]
Get the set of supported cipher suites for this SSLSocket.String[]
Get the set of supported protocol versions for this SSLSocket.boolean
Get whether or not this SSLSocket is handshaking as a client.boolean
Get whether or not this SSLSocket wants client authentication.private void
init()
Initialize the underlying ServerSocketChannel.void
Explicitly initialize the SSLEngine with no session resumption information.void
initEngine
(String host, int port) Explicitly initialize the SSLEngine with information for session resumption, including peer's hostname and port.boolean
isBound()
boolean
isClosed()
void
setCertFromAlias
(String alias) Set the certificate this SSLSocket will utilize from an alias in the NSS DB.void
setEnabledCipherSuites
(String[] suites) Set the list of enabled cipher suites for this SSLSocket.void
setEnabledProtocols
(String[] protocols) Set the list of enabled protocol versions for this SSLSocket.void
setEnableSessionCreation
(boolean enabled) Set whether or not this SSLSocket enables creation of new sessions.void
setHostname
(String name) Set the hostname this client socket is connecting to, for HTTPS TLS certificate validation purposes.void
Set the KeyManager this SSLSocket will utilize to select a key.void
setKeyManagers
(X509KeyManager[] xkms) Set the key managers this SSLSocket will utilize to select a key.void
setKeyMaterials
(PK11Cert our_cert, PK11PrivKey our_key) Set the certificate this SSLSocket will utilize from a certificate and its matching private key.void
setListeners
(Collection<? extends EventListener> listeners) Set the listeners this SSLSocket will fire on certain events.void
setNeedClientAuth
(boolean need) Set whether or not this SSLSocket needs client authentication.<T> ServerSocket
setOption
(SocketOption<T> name, T value) void
setPerformancePreferences
(int connectionTime, int latency, int bandwidth) void
setReceiveBufferSize
(int size) void
setReuseAddress
(boolean on) void
setSoTimeout
(int timeout) void
setSSLContext
(SSLContext ctx) Explicitly set the SSLContext utilized by this JSSSocket instance.void
setSSLParameters
(SSLParameters params) Set the configuration of this SSLSocket from the given SSLParameters instance.void
Set the trust manager this SSLSocket will utilize to validate a peer's certificate.void
setTrustManagers
(X509TrustManager[] xtms) Set the trust managers this SSLSocket will utilize to validate a peer's certificate.void
setUseClientMode
(boolean client) Set whether or not this SSLSocket is handshaking as a client.void
setWantClientAuth
(boolean want) Set whether or not this SSLSocket wants client authentication.Set
<SocketOption<?>> toString()
Methods inherited from class java.net.ServerSocket
implAccept, setSocketFactory
-
Field Details
-
engineProviderProtocol
Name of the SSLEngine protocol to use. -
engineProvider
Name of the SSLEngine provider to use. -
jssContext
SSLContext to use to create the JSSEngine. Note that JSSSocket will fail if the context doesn't create JSSEngine instances. -
engine
JSSEngine instance to utilize for SSLEngine operations. -
parent
The socket this JSSServerSocket was created over; accept() operations go through this socket and all information exposed via ServerSocket members go through here. -
channel
Underlying SocketChannel for this socket; always exists.
-
-
Constructor Details
-
JSSServerSocket
Start building a new JSSServerSocket. We specifically avoid creating any other constructors as we wish to consume an existing socket rather than creating a new one.- Throws:
IOException
-
-
Method Details
-
consumeSocket
Consume a parent socket, utilizing it for all accept operations. This JSSServerSocket instance will inherit all information about the connection from this underlying socket. When utilized in a JSSServerSocket, callers should refrain from interacting with the underlying socket unless selective protocol upgrade should occur. In that case, it may be more appropriate to use the JSSSocketFactory method that creates server JSSSocket instances. -
getSSLContext
Get the SSLContext if one exists or create a new instance. This is used by initSSLEngine(..) to create the underlying SSLEngine.- Throws:
IOException
-
setSSLContext
Explicitly set the SSLContext utilized by this JSSSocket instance. This enables JSSServerSocket to copy its SSLContext over to the accepted JSSSocket.- Throws:
IOException
-
init
Initialize the underlying ServerSocketChannel.- Throws:
IOException
-
initEngine
Explicitly initialize the SSLEngine with no session resumption information.- Throws:
IOException
-
initEngine
Explicitly initialize the SSLEngine with information for session resumption, including peer's hostname and port.- Throws:
IOException
-
getEngine
Get the underlying JSSEngine instance. Note that, just like accessing the underlying Socket instance while the JSSSocket instance is still open is dangerous, performing other TLS operations directly via JSSEngine is also dangerous. This is mostly exposed to enable advanced configuration of the JSSEngine that isn't otherwise allowed by JSSSocket, and to facilitate the accept() method on JSSServerSocket. -
getChannel
Get the underlying ServerSocketChannel for this Socket.- Overrides:
getChannel
in classServerSocket
- See Also:
-
getInternalChannel
Get the internal ServerSocketChannel for this Socket. -
acceptSocket
Helper to upgrade a Socket into a JSSSocket. Called from accept in JSSServerSocket and JSSServerSocketChannel.- Throws:
IOException
-
setHostname
Set the hostname this client socket is connecting to, for HTTPS TLS certificate validation purposes.- See Also:
-
setCertFromAlias
Set the certificate this SSLSocket will utilize from an alias in the NSS DB.- Throws:
IllegalArgumentException
- See Also:
-
setKeyMaterials
Set the certificate this SSLSocket will utilize from a certificate and its matching private key.- Throws:
IllegalArgumentException
- See Also:
-
setKeyManager
Set the KeyManager this SSLSocket will utilize to select a key.- See Also:
-
setKeyManagers
Set the key managers this SSLSocket will utilize to select a key.- See Also:
-
setTrustManager
Set the trust manager this SSLSocket will utilize to validate a peer's certificate.- See Also:
-
setTrustManagers
Set the trust managers this SSLSocket will utilize to validate a peer's certificate.- See Also:
-
setListeners
Set the listeners this SSLSocket will fire on certain events.- See Also:
-
getListeners
Gets the current list of event listeners this SSLSocket will fire on certain events.- See Also:
-
getEnabledCipherSuites
Get the set of enabled cipher suites for this SSLSocket.- Specified by:
getEnabledCipherSuites
in classSSLServerSocket
- See Also:
-
getSupportedCipherSuites
Get the set of supported cipher suites for this SSLSocket.- Specified by:
getSupportedCipherSuites
in classSSLServerSocket
- See Also:
-
setEnabledCipherSuites
Set the list of enabled cipher suites for this SSLSocket.- Specified by:
setEnabledCipherSuites
in classSSLServerSocket
- See Also:
-
getEnabledProtocols
Get the set of enabled protocol versions for this SSLSocket.- Specified by:
getEnabledProtocols
in classSSLServerSocket
- See Also:
-
getSupportedProtocols
Get the set of supported protocol versions for this SSLSocket.- Specified by:
getSupportedProtocols
in classSSLServerSocket
- See Also:
-
setEnabledProtocols
Set the list of enabled protocol versions for this SSLSocket.- Specified by:
setEnabledProtocols
in classSSLServerSocket
- See Also:
-
getEnableSessionCreation
public boolean getEnableSessionCreation()Get whether or not this SSLSocket enables creation of new sessions.- Specified by:
getEnableSessionCreation
in classSSLServerSocket
- See Also:
-
setEnableSessionCreation
public void setEnableSessionCreation(boolean enabled) Set whether or not this SSLSocket enables creation of new sessions.- Specified by:
setEnableSessionCreation
in classSSLServerSocket
- See Also:
-
getUseClientMode
public boolean getUseClientMode()Get whether or not this SSLSocket is handshaking as a client.- Specified by:
getUseClientMode
in classSSLServerSocket
- See Also:
-
setUseClientMode
public void setUseClientMode(boolean client) Set whether or not this SSLSocket is handshaking as a client.- Specified by:
setUseClientMode
in classSSLServerSocket
- See Also:
-
getWantClientAuth
public boolean getWantClientAuth()Get whether or not this SSLSocket wants client authentication.- Specified by:
getWantClientAuth
in classSSLServerSocket
- See Also:
-
setWantClientAuth
public void setWantClientAuth(boolean want) Set whether or not this SSLSocket wants client authentication.- Specified by:
setWantClientAuth
in classSSLServerSocket
- See Also:
-
getNeedClientAuth
public boolean getNeedClientAuth()Get whether or not this SSLSocket needs client authentication.- Specified by:
getNeedClientAuth
in classSSLServerSocket
- See Also:
-
setNeedClientAuth
public void setNeedClientAuth(boolean need) Set whether or not this SSLSocket needs client authentication.- Specified by:
setNeedClientAuth
in classSSLServerSocket
- See Also:
-
getSSLParameters
Get the configuration of this SSLSocket as a JSSParameters object.- Overrides:
getSSLParameters
in classSSLServerSocket
- See Also:
-
setSSLParameters
Set the configuration of this SSLSocket from the given SSLParameters instance.- Overrides:
setSSLParameters
in classSSLServerSocket
- See Also:
-
accept
- Overrides:
accept
in classServerSocket
- Throws:
IOException
-
bind
- Overrides:
bind
in classServerSocket
- Throws:
IOException
-
bind
- Overrides:
bind
in classServerSocket
- Throws:
IOException
-
close
- Specified by:
close
in interfaceAutoCloseable
- Specified by:
close
in interfaceCloseable
- Overrides:
close
in classServerSocket
- Throws:
IOException
-
getInetAddress
- Overrides:
getInetAddress
in classServerSocket
-
getLocalPort
public int getLocalPort()- Overrides:
getLocalPort
in classServerSocket
-
getLocalSocketAddress
- Overrides:
getLocalSocketAddress
in classServerSocket
-
getSoTimeout
- Overrides:
getSoTimeout
in classServerSocket
- Throws:
IOException
-
setSoTimeout
- Overrides:
setSoTimeout
in classServerSocket
- Throws:
SocketException
-
getReuseAddress
- Overrides:
getReuseAddress
in classServerSocket
- Throws:
SocketException
-
setReuseAddress
- Overrides:
setReuseAddress
in classServerSocket
- Throws:
SocketException
-
getReceiveBufferSize
- Overrides:
getReceiveBufferSize
in classServerSocket
- Throws:
SocketException
-
setReceiveBufferSize
- Overrides:
setReceiveBufferSize
in classServerSocket
- Throws:
SocketException
-
setPerformancePreferences
public void setPerformancePreferences(int connectionTime, int latency, int bandwidth) - Overrides:
setPerformancePreferences
in classServerSocket
-
isBound
public boolean isBound()- Overrides:
isBound
in classServerSocket
-
isClosed
public boolean isClosed()- Overrides:
isClosed
in classServerSocket
-
toString
- Overrides:
toString
in classServerSocket
-
setOption
- Overrides:
setOption
in classServerSocket
- Throws:
IOException
-
getOption
- Overrides:
getOption
in classServerSocket
- Throws:
IOException
-
supportedOptions
- Overrides:
supportedOptions
in classServerSocket
-