Package org.mozilla.jss.ssl

Class SSLServerSocket

  • All Implemented Interfaces:
    java.io.Closeable, java.lang.AutoCloseable
    public class SSLServerSocket
extends java.net.ServerSocket
    SSL server socket.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static int DEFAULT_BACKLOG
      The default size of the listen queue.

    • Constructor Summary

      Constructors 
      Constructor Description
      SSLServerSocket​(int port)
      Creates a server socket listening on the given port.
      SSLServerSocket​(int port, int backlog)
      Creates a server socket listening on the given port.
      SSLServerSocket​(int port, int backlog, java.net.InetAddress bindAddr)
      Creates a server socket listening on the given port.
      SSLServerSocket​(int port, int backlog, java.net.InetAddress bindAddr, SSLCertificateApprovalCallback certApprovalCallback)
      Creates a server socket listening on the given port.
      SSLServerSocket​(int port, int backlog, java.net.InetAddress bindAddr, SSLCertificateApprovalCallback certApprovalCallback, boolean reuseAddr)
      Creates a server socket listening on the given port.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      java.net.Socket accept()
      Accepts a connection.
      static void clearSessionCache()
      Empties the SSL client session ID cache.
      void close()
      Closes this socket.
      static void configServerSessionIDCache​(int maxSidEntries, int ssl2EntryTimeout, int ssl3EntryTimeout, java.lang.String cacheFileDirectory)
      Configures the session ID cache.
      void enableFDX​(boolean enable)
      Enable simultaneous read/write by separate read and write threads (full duplex) for this socket.
      void enableRenegotiation​(int mode)
      Enables the mode of renegotiation that the peer must use.
      void enableRequireSafeNegotiation​(boolean enable)
      For this socket require that the peer must send Signaling Cipher Suite Value (SCSV) or Renegotiation Info (RI) extension in ALL handshakes.
      void enableRollbackDetection​(boolean enable)
      Enable rollback detection for this socket.
      void enableSessionTickets​(boolean enable)
      Enables Session tickets on this socket.
      void enableSSL2​(boolean enable)
      Enables SSL v2 on this socket.
      void enableSSL3​(boolean enable)
      Enables SSL v3 on this socket.
      void enableStepDown​(boolean enable)
      This option, enableStepDown, is concerned with the generation of step-down keys which are used with export suites.
      void enableTLS​(boolean enable)
      Enables TLS on this socket.
      void enableV2CompatibleHello​(boolean enable)
      Enable sending v3 client hello in v2 format for this socket.
      protected void finalize()
      Deprecated.
      finalize() in Object has been deprecated
      java.net.InetAddress getInetAddress()  
      int getLocalPort()  
      boolean getReuseAddress()  
      int getSoTimeout()
      Returns the current value of the SO_TIMEOUT socket option.
      java.lang.String getSSLOptions()  
      void requestClientAuth​(boolean b)
      Enables/disables the request of client authentication.
      void requireClientAuth​(boolean require, boolean onRedo)
      Deprecated.
      use requireClientAuth(int)
      void requireClientAuth​(int mode)
      Sets whether the socket requires client authentication from the remote peer.
      void setClientCert​(X509Certificate cert)
      Sets the certificate to use for client authentication.
      void setClientCertNickname​(java.lang.String nick)
      Sets the nickname of the certificate to use for client authentication.
      void setNeedClientAuth​(boolean b)
      Deprecated.
      As of JSS 3.0.
      void setNeedClientAuthNoExpiryCheck​(boolean b)
      Deprecated.
      As of JSS 3.0.
      void setReuseAddress​(boolean reuse)  
      void setServerCert​(X509Certificate certnickname)
      Sets the certificate to use for server authentication.
      void setServerCertNickname​(java.lang.String nick)
      Sets the certificate to use for server authentication.
      void setSoTimeout​(int timeout)
      Sets the SO_TIMEOUT socket option.
      void setUseClientMode​(boolean b)
      Determines whether this end of the socket is the client or the server for purposes of the SSL protocol.
      java.lang.String toString()
      Returns the addresses and ports of this socket or an error message if the socket is not in a valid state.
      void useCache​(boolean b)
      Enables/disables the session cache.

      • Methods inherited from class java.net.ServerSocket

        bind, bind, getChannel, getLocalSocketAddress, getOption, getReceiveBufferSize, implAccept, isBound, isClosed, setOption, setPerformancePreferences, setReceiveBufferSize, setSocketFactory, supportedOptions

      • Methods inherited from class java.lang.Object

        clone, equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

    • Field Detail

      • DEFAULT_BACKLOG

        public static final int DEFAULT_BACKLOG
        The default size of the listen queue.
        See Also:
        Constant Field Values

    • Constructor Detail

      • SSLServerSocket

        public SSLServerSocket​(int port)
                throws java.io.IOException
        Creates a server socket listening on the given port. The listen queue will be of size DEFAULT_BACKLOG.
        Throws:
        java.io.IOException

      • SSLServerSocket

        public SSLServerSocket​(int port,
                       int backlog)
                throws java.io.IOException
        Creates a server socket listening on the given port.
        Parameters:
        backlog - The size of the socket's listen queue.
        Throws:
        java.io.IOException

      • SSLServerSocket

        public SSLServerSocket​(int port,
                       int backlog,
                       java.net.InetAddress bindAddr)
                throws java.io.IOException
        Creates a server socket listening on the given port.
        Parameters:
        backlog - The size of the socket's listen queue.
        bindAddr - The local address to which to bind. If null, an unspecified local address will be bound to.
        Throws:
        java.io.IOException

      • SSLServerSocket

        public SSLServerSocket​(int port,
                       int backlog,
                       java.net.InetAddress bindAddr,
                       SSLCertificateApprovalCallback certApprovalCallback)
                throws java.io.IOException
        Creates a server socket listening on the given port.
        Parameters:
        backlog - The size of the socket's listen queue.
        bindAddr - The local address to which to bind. If null, an unspecified local address will be bound to.
        certApprovalCallback - Will get called to approve any certificate presented by the client.
        Throws:
        java.io.IOException

      • SSLServerSocket

        public SSLServerSocket​(int port,
                       int backlog,
                       java.net.InetAddress bindAddr,
                       SSLCertificateApprovalCallback certApprovalCallback,
                       boolean reuseAddr)
                throws java.io.IOException
        Creates a server socket listening on the given port.
        Parameters:
        backlog - The size of the socket's listen queue.
        bindAddr - The local address to which to bind. If null, an unspecified local address will be bound to.
        certApprovalCallback - Will get called to approve any certificate presented by the client.
        reuseAddr - Reuse the local bind port; this parameter sets the SO_REUSEADDR option on the socket before calling bind(). The default is false for backward compatibility.
        Throws:
        java.io.IOException

    • Method Detail

      • accept

        public java.net.Socket accept()
                       throws java.io.IOException
        Accepts a connection. This call will block until a connection is made or the timeout is reached.
        Overrides:
        accept in class java.net.ServerSocket
        Returns:
        java.net.Socket Local socket for client communication
        Throws:
        java.io.IOException - If an input or output exception occurred
        java.net.SocketTimeoutException - If the socket times out trying to connect
        SSLSocketException - JSS subclass of java.net.SocketException

      • setSoTimeout

        public void setSoTimeout​(int timeout)
        Sets the SO_TIMEOUT socket option.
        Overrides:
        setSoTimeout in class java.net.ServerSocket
        Parameters:
        timeout - The timeout time in milliseconds.

      • getSoTimeout

        public int getSoTimeout()
        Returns the current value of the SO_TIMEOUT socket option.
        Overrides:
        getSoTimeout in class java.net.ServerSocket
        Returns:
        The timeout time in milliseconds.

      • setReuseAddress

        public void setReuseAddress​(boolean reuse)
                     throws java.net.SocketException
        Overrides:
        setReuseAddress in class java.net.ServerSocket
        Throws:
        java.net.SocketException

      • getReuseAddress

        public boolean getReuseAddress()
                        throws java.net.SocketException
        Overrides:
        getReuseAddress in class java.net.ServerSocket
        Throws:
        java.net.SocketException

      • clearSessionCache

        public static void clearSessionCache()
        Empties the SSL client session ID cache.

      • finalize

        @Deprecated
protected void finalize()
                 throws java.lang.Throwable
        Deprecated.
        finalize() in Object has been deprecated
        Overrides:
        finalize in class java.lang.Object
        Throws:
        java.lang.Throwable

      • getLocalPort

        public int getLocalPort()
        Overrides:
        getLocalPort in class java.net.ServerSocket
        Returns:
        The local port.

      • close

        public void close()
           throws java.io.IOException
        Closes this socket.
        Specified by:
        close in interface java.lang.AutoCloseable
        Specified by:
        close in interface java.io.Closeable
        Overrides:
        close in class java.net.ServerSocket
        Throws:
        java.io.IOException

      • configServerSessionIDCache

        public static void configServerSessionIDCache​(int maxSidEntries,
                                              int ssl2EntryTimeout,
                                              int ssl3EntryTimeout,
                                              java.lang.String cacheFileDirectory)
                                       throws java.net.SocketException
        Configures the session ID cache.
        Parameters:
        maxSidEntries - The maximum number of entries in the cache. If 0 is passed, the default of 10,000 is used.
        ssl2EntryTimeout - The lifetime in seconds of an SSL2 session. The minimum timeout value is 5 seconds and the maximum is 24 hours. Values outside this range are replaced by the server default value of 100 seconds.
        ssl3EntryTimeout - The lifetime in seconds of an SSL3 session. The minimum timeout value is 5 seconds and the maximum is 24 hours. Values outside this range are replaced by the server default value of 100 seconds.
        cacheFileDirectory - The pathname of the directory that will contain the session cache. If null is passed, the server default is used: /tmp on Unix and \\temp on Windows.
        Throws:
        java.net.SocketException

      • setServerCertNickname

        public void setServerCertNickname​(java.lang.String nick)
                           throws java.net.SocketException
        Sets the certificate to use for server authentication.
        Throws:
        java.net.SocketException

      • setServerCert

        public void setServerCert​(X509Certificate certnickname)
                   throws java.net.SocketException
        Sets the certificate to use for server authentication.
        Throws:
        java.net.SocketException

      • requestClientAuth

        public void requestClientAuth​(boolean b)
                       throws java.net.SocketException
        Enables/disables the request of client authentication. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself.
        Throws:
        java.net.SocketException
        See Also:
        requireClientAuth(boolean, boolean)

      • setNeedClientAuth

        @Deprecated
public void setNeedClientAuth​(boolean b)
                       throws java.net.SocketException
        Deprecated.
        As of JSS 3.0. This method is misnamed. Use requestClientAuth instead.
        Throws:
        java.net.SocketException

      • setNeedClientAuthNoExpiryCheck

        @Deprecated
public void setNeedClientAuthNoExpiryCheck​(boolean b)
                                    throws java.net.SocketException
        Deprecated.
        As of JSS 3.0. This method is misnamed. Use requestClientAuthNoExpiryCheck instead.
        Enables/disables the request of client authentication. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself.

        In addition, the client certificate's expiration will not prevent it from being accepted.

        Throws:
        java.net.SocketException
        See Also:
        public void requestClientAuthNoExpiryCheck(boolean b) throws SocketException { base.requestClientAuthNoExpiryCheck(b); } /**

      • enableSSL2

        public void enableSSL2​(boolean enable)
                throws java.net.SocketException
        Enables SSL v2 on this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableSSL2Default.
        Throws:
        java.net.SocketException

      • enableSSL3

        public void enableSSL3​(boolean enable)
                throws java.net.SocketException
        Enables SSL v3 on this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableSSL3Default.
        Throws:
        java.net.SocketException

      • enableTLS

        public void enableTLS​(boolean enable)
               throws java.net.SocketException
        Enables TLS on this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableTLSDefault.
        Throws:
        java.net.SocketException

      • enableSessionTickets

        public void enableSessionTickets​(boolean enable)
                          throws java.net.SocketException
        Enables Session tickets on this socket. It is disabled by default, unless the default has been changed with SSLSocket.enableSessionTicketsDefault.
        Throws:
        java.net.SocketException

      • enableRenegotiation

        public void enableRenegotiation​(int mode)
                         throws java.net.SocketException
        Enables the mode of renegotiation that the peer must use. The default is never renegotiate at all unless the default has been changed with SSLSocket.enableRenegotiationDefault.
        Parameters:
        mode - One of: SSLSocket.SSL_RENEGOTIATE_NEVER - Never renegotiate at all. SSLSocket.SSL_RENEGOTIATE_UNRESTRICTED - Renegotiate without restriction, whether or not the peer's hello bears the TLS renegotiation info extension. Vulnerable, as in the past. SSLSocket.SSL_RENEGOTIATE_REQUIRES_XTN - Only renegotiate if the peer's hello bears the TLS renegotiation_info extension. This is safe renegotiation. SSLSocket.SSL_RENEGOTIATE_TRANSITIONAL - Disallow unsafe renegotiation in server sockets only, but allow clients to continue to renegotiate with vulnerable servers. This value should only be used during the transition period when few servers have been upgraded.
        Throws:
        java.net.SocketException

      • enableRequireSafeNegotiation

        public void enableRequireSafeNegotiation​(boolean enable)
                                  throws java.net.SocketException
        For this socket require that the peer must send Signaling Cipher Suite Value (SCSV) or Renegotiation Info (RI) extension in ALL handshakes. It is disabled by default, unless the default has been changed with SSLSocket.enableRequireSafeNegotiationDefault.
        Throws:
        java.net.SocketException

      • enableRollbackDetection

        public void enableRollbackDetection​(boolean enable)
                             throws java.net.SocketException
        Enable rollback detection for this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableRollbackDetectionDefault.
        Throws:
        java.net.SocketException

      • enableStepDown

        public void enableStepDown​(boolean enable)
                    throws java.net.SocketException
        This option, enableStepDown, is concerned with the generation of step-down keys which are used with export suites. If the server cert's public key is 512 bits or less, this option is ignored because step-down keys don't need to be generated. If the server cert's public key is more than 512 bits, this option has the following effect: enable=true: generate step-down keys enable=false: don't generate step-down keys; disable export cipher suites This option is enabled by default; unless the default has been changed with SSLSocket.enableStepDownDefault.
        Throws:
        java.net.SocketException

      • enableFDX

        public void enableFDX​(boolean enable)
               throws java.net.SocketException
        Enable simultaneous read/write by separate read and write threads (full duplex) for this socket. It is disabled by default, unless the default has been changed with SSLSocket.enableFDXDefault.
        Throws:
        java.net.SocketException

      • enableV2CompatibleHello

        public void enableV2CompatibleHello​(boolean enable)
                             throws java.net.SocketException
        Enable sending v3 client hello in v2 format for this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableV2CompatibleHelloDefault.
        Throws:
        java.net.SocketException

      • getSSLOptions

        public java.lang.String getSSLOptions()
        Returns:
        a String listing the current SSLOptions for this socket.

      • getInetAddress

        public java.net.InetAddress getInetAddress()
        Overrides:
        getInetAddress in class java.net.ServerSocket
        Returns:
        the local address of this server socket.

      • requireClientAuth

        @Deprecated
public void requireClientAuth​(boolean require,
                              boolean onRedo)
                       throws java.net.SocketException
        Deprecated.
        use requireClientAuth(int)
        Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it.
        Throws:
        java.net.SocketException

      • requireClientAuth

        public void requireClientAuth​(int mode)
                       throws java.net.SocketException
        Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it.
        Parameters:
        mode - One of: SSLSocket.SSL_REQUIRE_NEVER, SSLSocket.SSL_REQUIRE_ALWAYS, SSLSocket.SSL_REQUIRE_FIRST_HANDSHAKE, SSLSocket.SSL_REQUIRE_NO_ERROR
        Throws:
        java.net.SocketException

      • setClientCertNickname

        public void setClientCertNickname​(java.lang.String nick)
                           throws java.net.SocketException
        Sets the nickname of the certificate to use for client authentication.
        Throws:
        java.net.SocketException

      • setClientCert

        public void setClientCert​(X509Certificate cert)
                   throws java.net.SocketException
        Sets the certificate to use for client authentication.
        Throws:
        java.net.SocketException

      • setUseClientMode

        public void setUseClientMode​(boolean b)
        Determines whether this end of the socket is the client or the server for purposes of the SSL protocol. By default, it is the server.
        Parameters:
        b - true if this end of the socket is the SSL slient, false if it is the SSL server.

      • useCache

        public void useCache​(boolean b)
              throws java.net.SocketException
        Enables/disables the session cache. By default, the session cache is enabled.
        Throws:
        java.net.SocketException

      • toString

        public java.lang.String toString()
        Returns the addresses and ports of this socket or an error message if the socket is not in a valid state.
        Overrides:
        toString in class java.net.ServerSocket