AndroidSSLSocketFactory (Ektorp 1.2.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.ektorp.http
Class AndroidSSLSocketFactory

java.lang.Object
  org.ektorp.http.AndroidSSLSocketFactory

All Implemented Interfaces:: org.apache.http.conn.scheme.LayeredSocketFactory, org.apache.http.conn.scheme.SocketFactory

public class AndroidSSLSocketFactory
extends Object
implements org.apache.http.conn.scheme.LayeredSocketFactory, org.apache.http.conn.scheme.SocketFactory
extends Object
implements org.apache.http.conn.scheme.LayeredSocketFactory, org.apache.http.conn.scheme.SocketFactory

Layered socket factory for TLS/SSL connections, based on JSSE. .

SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.

SSLSocketFactory will enable server authentication when supplied with a truststore file containg one or several trusted certificates. The client secure socket will reject the connection during the SSL session handshake if the target HTTPS server attempts to authenticate itself with a non-trusted certificate.

Use JDK keytool utility to import a trusted certificate and generate a truststore file:

     keytool -import -alias "my server cert" -file server.crt -keystore my.truststore

SSLSocketFactory will enable client authentication when supplied with a keystore file containg a private key/public certificate pair. The client secure socket will use the private key to authenticate itself to the target HTTPS server during the SSL session handshake if requested to do so by the server. The target HTTPS server will in its turn verify the certificate presented by the client in order to establish client's authenticity

Use the following sequence of actions to generate a keystore file

Use JDK keytool utility to generate a new key
```
keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore
```
For simplicity use the same password for the key as that of the keystore

Issue a certificate signing request (CSR)

keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore

Send the certificate request to the trusted Certificate Authority for signature. One may choose to act as her own CA and sign the certificate request using a PKI tool, such as OpenSSL.

Import the trusted CA root certificate

keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore

Import the PKCS#7 file containg the complete certificate chain

keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore

Verify the content the resultant keystore file
```
keytool -list -v -keystore my.keystore
```

Author:: Oleg Kalnichevski, Julius Davies

Field Summary
`static org.apache.http.conn.ssl.X509HostnameVerifier`	`ALLOW_ALL_HOSTNAME_VERIFIER`
`static org.apache.http.conn.ssl.X509HostnameVerifier`	`BROWSER_COMPATIBLE_HOSTNAME_VERIFIER`
`static String`	`SSL`
`static String`	`SSLV2`
`static org.apache.http.conn.ssl.X509HostnameVerifier`	`STRICT_HOSTNAME_VERIFIER`
`static String`	`TLS`
`static TrustManager`	`TRUST_EVEYONE_MANAGER`

Constructor Summary
`AndroidSSLSocketFactory(KeyStore truststore)`
`AndroidSSLSocketFactory(KeyStore keystore, String keystorePassword)`
`AndroidSSLSocketFactory(KeyStore keystore, String keystorePassword, KeyStore truststore)`
`AndroidSSLSocketFactory(SSLSocketFactory socketfactory)` Constructs an HttpClient SSLSocketFactory backed by the given JSSE SSLSocketFactory.
`AndroidSSLSocketFactory(String algorithm, KeyStore keystore, String keystorePassword, KeyStore truststore, SecureRandom random, org.apache.http.conn.scheme.HostNameResolver nameResolver)`

Method Summary
`Socket`	`connectSocket(Socket sock, String host, int port, InetAddress localAddress, int localPort, org.apache.http.params.HttpParams params)`
`Socket`	`createSocket()`
`Socket`	`createSocket(Socket socket, String host, int port, boolean autoClose)`
`org.apache.http.conn.ssl.X509HostnameVerifier`	`getHostnameVerifier()`
`static AndroidSSLSocketFactory`	`getSocketFactory()` Gets an singleton instance of the SSLProtocolSocketFactory.
`boolean`	`isSecure(Socket sock)` Checks whether a socket connection is secure.
`void`	`setHostnameVerifier(org.apache.http.conn.ssl.X509HostnameVerifier hostnameVerifier)`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

TLS

public static final String TLS

See Also:: Constant Field Values

SSL

public static final String SSL

See Also:: Constant Field Values

SSLV2

public static final String SSLV2

See Also:: Constant Field Values

ALLOW_ALL_HOSTNAME_VERIFIER

public static final org.apache.http.conn.ssl.X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER

BROWSER_COMPATIBLE_HOSTNAME_VERIFIER

public static final org.apache.http.conn.ssl.X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER

STRICT_HOSTNAME_VERIFIER

public static final org.apache.http.conn.ssl.X509HostnameVerifier STRICT_HOSTNAME_VERIFIER

TRUST_EVEYONE_MANAGER

public static final TrustManager TRUST_EVEYONE_MANAGER

Constructor Detail